date:20160118

[Secure-testing-commits] r38998 - data/CVE

2016-01-18 Thread security tracker role

Author: sectracker
Date: 2016-01-18 09:10:20 + (Mon, 18 Jan 2016)
New Revision: 38998

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2016-01-18 07:57:08 UTC (rev 38997)
+++ data/CVE/list   2016-01-18 09:10:20 UTC (rev 38998)
@@ -11020,6 +11020,7 @@
TODO: check
 CVE-2015-6360
RESERVED
+   {DLA-393-1}
[experimental] - srtp 1.5.3~dfsg-1
- srtp  (bug #807698)
NOTE: Fix:   
https://github.com/cisco/libsrtp/commit/704a31774db0dd941094fd2b47c21638b8dc3de2


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r38999 - data/CVE

2016-01-18 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-01-18 10:13:20 + (Mon, 18 Jan 2016)
New Revision: 38999

Modified:
   data/CVE/list
Log:
CVE-2016-0724/moodle fixed in unstable

Modified: data/CVE/list
===
--- data/CVE/list   2016-01-18 09:10:20 UTC (rev 38998)
+++ data/CVE/list   2016-01-18 10:13:20 UTC (rev 38999)
@@ -3304,7 +3304,7 @@
NOTE: 
http://git.moodle.org/gw?p=moodle.git=search=HEAD=commit=MDL-52552
 CVE-2016-0724 [Two enrolment-related web services don't check course 
visibility]
RESERVED
-   - moodle  (bug #811344)
+   - moodle 2.7.12+dfsg-1 (bug #811344)
NOTE: 
http://git.moodle.org/gw?p=moodle.git=search=HEAD=commit=MDL-52072
 CVE-2016-0723 [use-after-free in TIOCGETD ioctl]
RESERVED


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39000 - data

2016-01-18 Thread Markus Koschany

Author: apo-guest
Date: 2016-01-18 17:19:22 + (Mon, 18 Jan 2016)
New Revision: 39000

Modified:
   data/dla-needed.txt
Log:
Claim radicale in dla-needed.txt

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-01-18 10:13:20 UTC (rev 38999)
+++ data/dla-needed.txt 2016-01-18 17:19:22 UTC (rev 39000)
@@ -44,7 +44,7 @@
 pound
   NOTE: updating to the wheezy option might be less error prone
 --
-radicale
+radicale (Markus Koschany)
 --
 tiff
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39001 - in data: . DLA

2016-01-18 Thread Thorsten Alteholz

Author: alteholz
Date: 2016-01-18 18:45:34 + (Mon, 18 Jan 2016)
New Revision: 39001

Modified:
   data/DLA/list
   data/dla-needed.txt
Log:
passenger done

Modified: data/DLA/list
===
--- data/DLA/list   2016-01-18 17:19:22 UTC (rev 39000)
+++ data/DLA/list   2016-01-18 18:45:34 UTC (rev 39001)
@@ -1,3 +1,6 @@
+[18 Jan 2016] DLA-394-1 passenger - security update
+   {CVE-2015-7519}
+   [squeeze] - passenger 2.2.11debian-2+deb6u1
 [17 Jan 2016] DLA-393-1 srtp - security update
{CVE-2015-6360}
[squeeze] - srtp 1.4.4~dfsg-6+deb6u2

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-01-18 17:19:22 UTC (rev 39000)
+++ data/dla-needed.txt 2016-01-18 18:45:34 UTC (rev 39001)
@@ -35,9 +35,6 @@
 --
 openssh (Guido Günther)
 --
-passenger (Thorsten Alteholz)
-  NOTE: code is in ext/apache2/Hooks.cpp:sendHeaders()
---
 php5 (Thorsten Alteholz)
   NOTE: next upload end of December  
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39002 - data/CVE

2016-01-18 Thread Thorsten Alteholz

Author: alteholz
Date: 2016-01-18 18:47:27 + (Mon, 18 Jan 2016)
New Revision: 39002

Modified:
   data/CVE/list
Log:
moodle not supported in Squeeze

Modified: data/CVE/list
===
--- data/CVE/list   2016-01-18 18:45:34 UTC (rev 39001)
+++ data/CVE/list   2016-01-18 18:47:27 UTC (rev 39002)
@@ -3301,10 +3301,12 @@
 CVE-2016-0725 [XSS Vulnerability in course management search]
RESERVED
- moodle  (Only affects 3.0 to 3.0.1, 2.9 to 2.9.3 and 
2.8 to 2.8.9)
+   [squeeze] - moodle  (Unsupported in squeeze-lts)
NOTE: 
http://git.moodle.org/gw?p=moodle.git=search=HEAD=commit=MDL-52552
 CVE-2016-0724 [Two enrolment-related web services don't check course 
visibility]
RESERVED
- moodle 2.7.12+dfsg-1 (bug #811344)
+   [squeeze] - moodle  (Unsupported in squeeze-lts)
NOTE: 
http://git.moodle.org/gw?p=moodle.git=search=HEAD=commit=MDL-52072
 CVE-2016-0723 [use-after-free in TIOCGETD ioctl]
RESERVED


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39003 - data/CVE

2016-01-18 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-01-18 19:06:22 + (Mon, 18 Jan 2016)
New Revision: 39003

Modified:
   data/CVE/list
Log:
Add two new CVEs for openjpeg2

Modified: data/CVE/list
===
--- data/CVE/list   2016-01-18 18:47:27 UTC (rev 39002)
+++ data/CVE/list   2016-01-18 19:06:22 UTC (rev 39003)
@@ -1,6 +1,12 @@
 CVE-2016- [Multiple minor security issues]
- imagemagick 8:6.8.9.9-7 (bug #811308)
TODO: check, needs possibly CVEs
+CVE-2016-1924 [opj_tgt_reset: AddressSanitizer: SEGV on unknown address]
+   - openjpeg2 
+   TODO: check
+CVE-2016-1923 [opj_j2k_update_image_data: AddressSanitizer: 
heap-buffer-overflow READ of size 4]
+   - openjpeg2 
+   TODO: check
 CVE-2016-1920 [VPN Man-in-the-Middle due to shared certificate store on KNOX 
1.0 / Android 4.3]
NOT-FOR-US: KNOX 1.0 / Android 4.3
 CVE-2016-1919 [Weak eCryptFS Key generation from user password on KNOX 1.0 / 
Android 4.3]


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39004 - data/CVE

2016-01-18 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-01-18 19:11:00 + (Mon, 18 Jan 2016)
New Revision: 39004

Modified:
   data/CVE/list
Log:
Add CVE-2016-1925/lha, non-free

Modified: data/CVE/list
===
--- data/CVE/list   2016-01-18 19:06:22 UTC (rev 39003)
+++ data/CVE/list   2016-01-18 19:11:00 UTC (rev 39004)
@@ -1,6 +1,9 @@
 CVE-2016- [Multiple minor security issues]
- imagemagick 8:6.8.9.9-7 (bug #811308)
TODO: check, needs possibly CVEs
+CVE-2016-1925 [Improper handling of length parameter inconsitency]
+   - lha  (unimportant)
+   NOTE: Non-free not supported
 CVE-2016-1924 [opj_tgt_reset: AddressSanitizer: SEGV on unknown address]
- openjpeg2 
TODO: check


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39007 - data/DLA

2016-01-18 Thread Mike Gabriel

Author: sunweaver
Date: 2016-01-19 02:44:46 + (Tue, 19 Jan 2016)
New Revision: 39007

Modified:
   data/DLA/list
Log:
Reserve DLA-385-2 for isc-dhcp

Modified: data/DLA/list
===
--- data/DLA/list   2016-01-18 22:47:24 UTC (rev 39006)
+++ data/DLA/list   2016-01-19 02:44:46 UTC (rev 39007)
@@ -1,3 +1,6 @@
+[19 Jan 2016] DLA-385-2 isc-dhcp - regression update
+   {CVE-2015-8605}
+   [squeeze] - isc-dhcp 4.1.1-P1-15+squeeze10
 [18 Jan 2016] DLA-394-1 passenger - security update
{CVE-2015-7519}
[squeeze] - passenger 2.2.11debian-2+deb6u1


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39006 - data/CVE

2016-01-18 Thread Michael Gilbert

Author: mgilbert
Date: 2016-01-18 22:47:24 + (Mon, 18 Jan 2016)
New Revision: 39006

Modified:
   data/CVE/list
Log:
chromium issue fixed

Modified: data/CVE/list
===
--- data/CVE/list   2016-01-18 21:10:17 UTC (rev 39005)
+++ data/CVE/list   2016-01-18 22:47:24 UTC (rev 39006)
@@ -9944,7 +9944,7 @@
 CVE-2015-6793
RESERVED
 CVE-2015-6792 (The MIDI subsystem in Google Chrome before 47.0.2526.106 does 
not ...)
-   - chromium-browser 
+   - chromium-browser 47.0.2526.111-1
[wheezy] - chromium-browser 
[squeeze] - chromium-browser 
NOTE: 
http://googlechromereleases.blogspot.de/2015/12/stable-channel-update_15.html


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39005 - data/CVE

2016-01-18 Thread security tracker role

Author: sectracker
Date: 2016-01-18 21:10:17 + (Mon, 18 Jan 2016)
New Revision: 39005

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2016-01-18 19:11:00 UTC (rev 39004)
+++ data/CVE/list   2016-01-18 21:10:17 UTC (rev 39005)
@@ -8031,6 +8031,7 @@
 CVE-2015-7520
RESERVED
 CVE-2015-7519 (agent/Core/Controller/SendRequest.cpp in Phusion Passenger 
before ...)
+   {DLA-394-1}
- passenger 5.0.22-1 (bug #807354)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=956281
NOTE: 
https://github.com/phusion/passenger/commit/ddb8ecc4ebf260e4967f57f271d4f5761abeac3e


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r38998 - data/CVE

[Secure-testing-commits] r38999 - data/CVE

[Secure-testing-commits] r39000 - data

[Secure-testing-commits] r39001 - in data: . DLA

[Secure-testing-commits] r39002 - data/CVE

[Secure-testing-commits] r39003 - data/CVE

[Secure-testing-commits] r39004 - data/CVE

[Secure-testing-commits] r39007 - data/DLA

[Secure-testing-commits] r39006 - data/CVE

[Secure-testing-commits] r39005 - data/CVE

10 matches

Site Navigation

Mail list logo

Footer information