[Secure-testing-commits] r39225 - data
Author: lamby Date: 2016-01-27 07:30:40 + (Wed, 27 Jan 2016) New Revision: 39225 Modified: data/dla-needed.txt Log: Claim nginx in data/dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-01-27 05:25:38 UTC (rev 39224) +++ data/dla-needed.txt 2016-01-27 07:30:40 UTC (rev 39225) @@ -44,7 +44,7 @@ -- mysql-5.5 (Santiago R.R.) -- -nginx +nginx (Chris Lamb) -- nss (Guido Günther) NOTE: Trying to sync the solution for CVE-2015-4000 with security team first ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39224 - data/CVE
Author: carnil
Date: 2016-01-27 05:25:38 + (Wed, 27 Jan 2016)
New Revision: 39224
Modified:
data/CVE/list
Log:
CVE-2015-523{4,5}/icedtea-web fixed in unstable, #798467
Modified: data/CVE/list
===
--- data/CVE/list 2016-01-27 04:32:20 UTC (rev 39223)
+++ data/CVE/list 2016-01-27 05:25:38 UTC (rev 39224)
@@ -15029,9 +15029,9 @@
CVE-2015-5236
RESERVED
CVE-2015-5235 (IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not
properly ...)
- - icedtea-web (bug #798467)
+ - icedtea-web 1.6.1-1 (bug #798467)
CVE-2015-5234 (IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not
properly ...)
- - icedtea-web (bug #798467)
+ - icedtea-web 1.6.1-1 (bug #798467)
CVE-2015-5233
RESERVED
- foreman (bug #663101)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39223 - data/CVE
Author: taffit Date: 2016-01-27 04:32:20 + (Wed, 27 Jan 2016) New Revision: 39223 Modified: data/CVE/list Log: Document CVE-2016-1902/symfony fixed in 2.7.9+dfsg-1 Modified: data/CVE/list === --- data/CVE/list 2016-01-27 04:26:56 UTC (rev 39222) +++ data/CVE/list 2016-01-27 04:32:20 UTC (rev 39223) @@ -513,8 +513,11 @@ CVE-2016-1919 [Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3] RESERVED NOT-FOR-US: KNOX 1.0 / Android 4.3 -CVE-2016-1902 +CVE-2016-1902 [SecureRandom's fallback not secure when OpenSSL fails] RESERVED + - symfony 2.7.9+dfsg-1 + NOTE: http://symfony.com/blog/cve-2016-1902-securerandom-s-fallback-not-secure-when-openssl-fails + NOTE: https://github.com/symfony/symfony/pull/17359 CVE-2016-1906 [Kubernetes api server: build config to a strategy that isn't allowed by policy] RESERVED - kubernetes (bug #795652) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39222 - data/CVE
Author: taffit Date: 2016-01-27 04:26:56 + (Wed, 27 Jan 2016) New Revision: 39222 Modified: data/CVE/list Log: CVE-2016-2069: tfix in URL Thanks: Seth Arnold Modified: data/CVE/list === --- data/CVE/list 2016-01-26 23:28:02 UTC (rev 39221) +++ data/CVE/list 2016-01-27 04:26:56 UTC (rev 39222) @@ -92,7 +92,7 @@ - linux-2.6 NOTE: http://www.openwall.com/lists/oss-security/2016/01/25/1 NOTE: https://git.kernel.org/linus/71b3c126e61177eb693423f2e18a1914205b165e (v4.5-rc1) - NOTE: https://git.kernel.org/linux/4eaffdd5a5fe6ff9f95e1ab4de1ac904d5e0fa8b (v4.5-rc1) + NOTE: https://git.kernel.org/linus/4eaffdd5a5fe6ff9f95e1ab4de1ac904d5e0fa8b (v4.5-rc1) CVE-2016-2053 [Denial of service with specially crafted key file] RESERVED - linux ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39221 - data/CVE
Author: jmm Date: 2016-01-26 23:28:02 + (Tue, 26 Jan 2016) New Revision: 39221 Modified: data/CVE/list Log: vbox EOL in wheezy Modified: data/CVE/list === --- data/CVE/list 2016-01-26 23:18:29 UTC (rev 39220) +++ data/CVE/list 2016-01-26 23:28:02 UTC (rev 39221) @@ -4480,7 +4480,7 @@ RESERVED CVE-2016-0592 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...) - virtualbox 5.0.14-dfsg-1 - [wheezy] - virtualbox (Only affects 4.3.x and 5.0.x) + [wheezy] - virtualbox (DSA 3454) NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR CVE-2016-0591 (Unspecified vulnerability in the PeopleSoft Enterprise SCM Purchasing ...) TODO: check @@ -4691,7 +4691,7 @@ TODO: check CVE-2016-0495 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...) - virtualbox 5.0.14-dfsg-1 - [wheezy] - virtualbox (Only affects 4.3.x and 5.0.x) + [wheezy] - virtualbox (DSA 3454) NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR CVE-2016-0494 (Unspecified vulnerability in the Java SE and Java SE Embedded ...) - openjdk-8 8u72-b15-1 @@ -6980,6 +6980,7 @@ NOTE: Upstream patch: https://lkml.org/lkml/2015/11/10/218 NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbdb967af3d54993f5814f1cee0ed311a055377d - virtualbox 5.0.10-dfsg-1 + [wheezy] - virtualbox (DSA 3454) NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR CVE-2015-8100 (The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for ...) - net-snmp (Specific to packaging in OpenBSD) @@ -14716,6 +14717,7 @@ [squeeze] - xen (Not supported in Squeeze LTS) NOTE: http://xenbits.xen.org/xsa/advisory-156.html - virtualbox 5.0.10-dfsg-1 + [wheezy] - virtualbox (DSA 3454) NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR CVE-2015-5306 (OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), ...) TODO: check ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39220 - data/DSA
Author: jmm
Date: 2016-01-26 23:18:29 + (Tue, 26 Jan 2016)
New Revision: 39220
Modified:
data/DSA/list
Log:
vbox DSA
Modified: data/DSA/list
===
--- data/DSA/list 2016-01-26 22:51:33 UTC (rev 39219)
+++ data/DSA/list 2016-01-26 23:18:29 UTC (rev 39220)
@@ -1,3 +1,6 @@
+[27 Jan 2016] DSA-3454-1 virtualbox - security update
+ {CVE-2015-5307 CVE-2015-8104 CVE-2016-0495 CVE-2016-0592}
+ [jessie] - virtualbox 4.3.36-dfsg-1+deb8u1
[25 Jan 2016] DSA-3453-1 mariadb-10.0 - security update
{CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598
CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616
CVE-2016-2047}
[jessie] - mariadb-10.0 10.0.23-0+deb8u1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39219 - data/CVE
Author: jmm Date: 2016-01-26 22:51:33 + (Tue, 26 Jan 2016) New Revision: 39219 Modified: data/CVE/list Log: ruby-rails-html-sanitizer fixed Modified: data/CVE/list === --- data/CVE/list 2016-01-26 21:35:45 UTC (rev 39218) +++ data/CVE/list 2016-01-26 22:51:33 UTC (rev 39219) @@ -8596,13 +8596,13 @@ TODO: check CVE-2015-7580 [Possible XSS vulnerability in rails-html-sanitizer] RESERVED - - ruby-rails-html-sanitizer (bug #812814) + - ruby-rails-html-sanitizer 1.0.3-1 (bug #812814) CVE-2015-7579 [XSS vulnerability in rails-html-sanitizer] RESERVED - - ruby-rails-html-sanitizer (bug #812814) + - ruby-rails-html-sanitizer 1.0.3-1 (bug #812814) CVE-2015-7578 [Possible XSS vulnerability in rails-html-sanitizer] RESERVED - - ruby-rails-html-sanitizer (bug #812814) + - ruby-rails-html-sanitizer 1.0.3-1 (bug #812814) CVE-2015-7577 [Nested attributes rejection proc bypass in Active Record] RESERVED - rails ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39218 - data/CVE
Author: carnil Date: 2016-01-26 21:35:45 + (Tue, 26 Jan 2016) New Revision: 39218 Modified: data/CVE/list Log: Add one linux issue without CVE Modified: data/CVE/list === --- data/CVE/list 2016-01-26 21:18:56 UTC (rev 39217) +++ data/CVE/list 2016-01-26 21:35:45 UTC (rev 39218) @@ -1,3 +1,12 @@ +CVE-2016- [Missing NULL pointer check in nf_nat_redirect_ipv4] + - linux + [jessie] - linux (Vulnerable code introduced in v3.19-rc1) + [wheezy] - linux (Vulnerable code introduced in v3.19-rc1) + - linux-2.6 (Vulnerable code introduced in v3.19-rc1) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1300731 + NOTE: https://lkml.org/lkml/2015/12/2/618 + NOTE: Introduced by: https://git.kernel.org/linus/8b13eddfdf04cbfa561725cfc42d6868fe896f56 (v3.19-rc1) + NOTE: Fixed by: https://git.kernel.org/linus/94f9cd81436c85d8c3a318ba92e236ede73752fc (v4.4-rc1) CVE-2015-8786 RESERVED CVE-2016- [out of bound read and write issues] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39217 - data/CVE
Author: agx Date: 2016-01-26 21:18:56 + (Tue, 26 Jan 2016) New Revision: 39217 Modified: data/CVE/list Log: Rails not supported in squeeze-lts Modified: data/CVE/list === --- data/CVE/list 2016-01-26 21:10:26 UTC (rev 39216) +++ data/CVE/list 2016-01-26 21:18:56 UTC (rev 39217) @@ -3806,6 +3806,7 @@ RESERVED - rails [wheezy] - rails (Vulnerable code not present, is only a transitional package) + [squeeze] - rails (Not supported in Squeeze LTS) - ruby-activerecord-3.2 - ruby-activerecord-2.3 - ruby-activesupport-3.2 @@ -3816,6 +3817,7 @@ RESERVED - rails [wheezy] - rails (Vulnerable code not present, is only a transitional package) + [squeeze] - rails (Not supported in Squeeze LTS) - ruby-actionpack-3.2 - ruby-actionpack-2.3 TODO: check @@ -3823,6 +3825,7 @@ RESERVED - rails [wheezy] - rails (Vulnerable code not present, is only a transitional package) + [squeeze] - rails (Not supported in Squeeze LTS) - ruby-actionpack-3.2 - ruby-actionpack-2.3 TODO: check @@ -8578,6 +8581,7 @@ RESERVED - rails [wheezy] - rails (Vulnerable code not present, is only a transitional package) + [squeeze] - rails (Not supported in Squeeze LTS) - ruby-actionpack-3.2 - ruby-actionpack-2.3 TODO: check @@ -8594,6 +8598,7 @@ RESERVED - rails [wheezy] - rails (Vulnerable code not present, is only a transitional package) + [squeeze] - rails (Not supported in Squeeze LTS) - ruby-activerecord-3.2 - ruby-activerecord-2.3 TODO: check @@ -8601,6 +8606,7 @@ RESERVED - rails [wheezy] - rails (Vulnerable code not present, is only a transitional package) + [squeeze] - rails (Not supported in Squeeze LTS) - ruby-actionpack-3.2 - ruby-actionpack-2.3 - ruby-activesupport-3.2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39216 - data/CVE
Author: sectracker
Date: 2016-01-26 21:10:26 + (Tue, 26 Jan 2016)
New Revision: 39216
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2016-01-26 21:06:28 UTC (rev 39215)
+++ data/CVE/list 2016-01-26 21:10:26 UTC (rev 39216)
@@ -1,3 +1,5 @@
+CVE-2015-8786
+ RESERVED
CVE-2016- [out of bound read and write issues]
- giflib
[jessie] - giflib (Minor issue)
@@ -10,6 +12,7 @@
- libxml2 (bug #812807)
NOTE: http://www.openwall.com/lists/oss-security/2016/01/25/6
CVE-2016-2070 [division by zero in TCP code]
+ RESERVED
- linux
[jessie] - linux (Vulnerable code introduced later)
[wheezy] - linux (Vulnerable code introduced later)
@@ -75,6 +78,7 @@
CVE-2015-8780
RESERVED
CVE-2016-2069 [x86 Linux TLB flush bug]
+ RESERVED
- linux
- linux-2.6
NOTE: http://www.openwall.com/lists/oss-security/2016/01/25/1
@@ -1928,8 +1932,8 @@
RESERVED
CVE-2016-1299
RESERVED
-CVE-2016-1298
- RESERVED
+CVE-2016-1298 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco
Unified ...)
+ TODO: check
CVE-2016-1297
RESERVED
CVE-2016-1296 (The proxy engine on Cisco Web Security Appliance (WSA) devices
with ...)
@@ -1992,9 +1996,11 @@
NOTE: Affects: >= 2014.2 <= 2015.1.2, ==12.0.0
CVE-2015-8748 [Prevent regex injection in rights management]
RESERVED
+ {DLA-403-1}
- radicale 1.1.1-1 (bug #809920)
CVE-2015-8747 [The multifilesystem backend allows access to arbitrary files on
all platforms]
RESERVED
+ {DLA-403-1}
- radicale 1.1.1-1 (bug #809920)
CVE-2015-8746 [when NFSv4 migration is executed, kernel oops occurs at NFS
client]
RESERVED
@@ -11848,8 +11854,8 @@
RESERVED
CVE-2015-6338
RESERVED
-CVE-2015-6337
- RESERVED
+CVE-2015-6337 (Cross-site scripting (XSS) vulnerability in Cisco Application
Policy ...)
+ TODO: check
CVE-2015-6336 (Cisco Aironet 1800 devices with software 7.2, 7.3, 7.4,
8.1(112.3), ...)
TODO: check
CVE-2015-6335 (The policy implementation in Cisco FireSIGHT Management Center
...)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39215 - data/CVE
Author: jmm Date: 2016-01-26 21:06:28 + (Tue, 26 Jan 2016) New Revision: 39215 Modified: data/CVE/list Log: ruby-rails-html-sanitizer bug Modified: data/CVE/list === --- data/CVE/list 2016-01-26 21:03:45 UTC (rev 39214) +++ data/CVE/list 2016-01-26 21:06:28 UTC (rev 39215) @@ -8577,14 +8577,13 @@ TODO: check CVE-2015-7580 [Possible XSS vulnerability in rails-html-sanitizer] RESERVED - - ruby-rails-html-sanitizer + - ruby-rails-html-sanitizer (bug #812814) CVE-2015-7579 [XSS vulnerability in rails-html-sanitizer] RESERVED - - ruby-rails-html-sanitizer + - ruby-rails-html-sanitizer (bug #812814) CVE-2015-7578 [Possible XSS vulnerability in rails-html-sanitizer] RESERVED - - ruby-rails-html-sanitizer - TODO: check + - ruby-rails-html-sanitizer (bug #812814) CVE-2015-7577 [Nested attributes rejection proc bypass in Active Record] RESERVED - rails ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39214 - data/CVE
Author: carnil
Date: 2016-01-26 21:03:45 + (Tue, 26 Jan 2016)
New Revision: 39214
Modified:
data/CVE/list
Log:
Add mysql-5.{5,6} source packages for CVE-2016-2047
Modified: data/CVE/list
===
--- data/CVE/list 2016-01-26 20:51:41 UTC (rev 39213)
+++ data/CVE/list 2016-01-26 21:03:45 UTC (rev 39214)
@@ -126,6 +126,8 @@
- mariadb-10.0 10.0.23-1
NOTE: https://mariadb.atlassian.net/browse/MDEV-9212
NOTE:
https://github.com/MariaDB/server/commit/f0d774d48416bb06063184380b684380ca005a41
+ - mysql-5.6
+ - mysql-5.5
CVE-2016-2035
RESERVED
CVE-2016-2034
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39213 - in data: . CVE
Author: agx Date: 2016-01-26 20:51:41 + (Tue, 26 Jan 2016) New Revision: 39213 Modified: data/CVE/list data/dla-needed.txt Log: nginx in squeeze affected Modified: data/CVE/list === --- data/CVE/list 2016-01-26 20:51:32 UTC (rev 39212) +++ data/CVE/list 2016-01-26 20:51:41 UTC (rev 39213) @@ -3824,24 +3824,29 @@ RESERVED CVE-2016-0748 RESERVED -CVE-2016-0747 +CVE-2016-0747 [CNAME resolution was insufficiently limited] RESERVED - nginx 1.9.10-1 (bug #812806) NOTE: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html -CVE-2016-0746 + NOTE: https://github.com/nginx/nginx/commit/fe89d99796d42b86816e17d9c87ab16964768024 + NOTE: https://github.com/nginx/nginx/commit/4016e6b1da4fbf9c45963211791be124cd7ffb8f +CVE-2016-0746 [Use-after-free condition might occur during CNAME response processing] RESERVED - nginx 1.9.10-1 (bug #812806) NOTE: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html + NOTE: https://github.com/nginx/nginx/commit/a3d42258d97ebd0b638c20976654d3edfbaf943f + NOTE: https://github.com/nginx/nginx/commit/4b581a7c21e4328d059bf400a059c0458fc9f806 CVE-2016-0745 RESERVED CVE-2016-0744 RESERVED CVE-2016-0743 RESERVED -CVE-2016-0742 +CVE-2016-0742 [Invalid pointer dereference might occur during DNS server response processing] RESERVED - nginx 1.9.10-1 (bug #812806) NOTE: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html + NOTE: https://github.com/nginx/nginx/commit/c44fd4e837f979912749a5a19490ccb9b46398d3 CVE-2016-0741 RESERVED CVE-2016-0740 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-01-26 20:51:32 UTC (rev 39212) +++ data/dla-needed.txt 2016-01-26 20:51:41 UTC (rev 39213) @@ -44,6 +44,8 @@ -- mysql-5.5 (Santiago R.R.) -- +nginx +-- nss (Guido Günther) NOTE: Trying to sync the solution for CVE-2015-4000 with security team first NOTE: see https://lists.debian.org/debian-lts/2015/12/msg00025.html ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39212 - data/CVE
Author: agx Date: 2016-01-26 20:51:32 + (Tue, 26 Jan 2016) New Revision: 39212 Modified: data/CVE/list Log: giflib: mark as nodsa since it doesn't affect the lib itself Modified: data/CVE/list === --- data/CVE/list 2016-01-26 20:32:07 UTC (rev 39211) +++ data/CVE/list 2016-01-26 20:51:32 UTC (rev 39212) @@ -2,6 +2,7 @@ - giflib [jessie] - giflib (Minor issue) [wheezy] - giflib (Minor issue) + [squeeze] - giflib (Minor issue) NOTE: http://sourceforge.net/p/giflib/bugs/82/ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/26/5 NOTE: http://sourceforge.net/p/giflib/code/ci/4cc68b315ff9a378aef6664e1be6b2144ad4a5e6/ ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39211 - in data: . CVE
Author: jmm Date: 2016-01-26 20:32:07 + (Tue, 26 Jan 2016) New Revision: 39211 Modified: data/CVE/list data/dsa-needed.txt Log: new nss issue take iceweasel Modified: data/CVE/list === --- data/CVE/list 2016-01-26 19:36:57 UTC (rev 39210) +++ data/CVE/list 2016-01-26 20:32:07 UTC (rev 39211) @@ -356,6 +356,12 @@ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-04/ CVE-2016-1938 RESERVED + - iceweasel + [jessie] - iceweasel (Only affects Firefox 43.x) + [wheezy] - iceweasel (Only affects Firefox 43.x) + [squeeze] - iceweasel (Only affects Firefox 43.x) + - nss + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/ CVE-2016-1937 RESERVED - iceweasel Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-01-26 19:36:57 UTC (rev 39210) +++ data/dsa-needed.txt 2016-01-26 20:32:07 UTC (rev 39211) @@ -26,7 +26,7 @@ -- icedtea-web -- -iceweasel +iceweasel (jmm) -- imagemagick/oldstable no-dsa bugs CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39210 - data/DLA
Author: apo-guest
Date: 2016-01-26 19:36:57 + (Tue, 26 Jan 2016)
New Revision: 39210
Modified:
data/DLA/list
Log:
Fix version number of DLA-403
Modified: data/DLA/list
===
--- data/DLA/list 2016-01-26 19:27:36 UTC (rev 39209)
+++ data/DLA/list 2016-01-26 19:36:57 UTC (rev 39210)
@@ -1,6 +1,6 @@
[26 Jan 2016] DLA-403-1 radicale - security update
{CVE-2015-8747 CVE-2015-8748}
- [squeeze] - radicale 0.3-2
+ [squeeze] - radicale 0.3-2+deb6u1
[26 Jan 2016] DLA-402-1 tiff - security update
{CVE-2015-8665 CVE-2015-8683}
[squeeze] - tiff 3.9.4-5+squeeze13
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39209 - data/CVE
Author: carnil Date: 2016-01-26 19:27:36 + (Tue, 26 Jan 2016) New Revision: 39209 Modified: data/CVE/list Log: Add bug reference for CVE-2016-2073/libxml2, #812807 Modified: data/CVE/list === --- data/CVE/list 2016-01-26 19:16:01 UTC (rev 39208) +++ data/CVE/list 2016-01-26 19:27:36 UTC (rev 39209) @@ -6,7 +6,7 @@ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/26/5 NOTE: http://sourceforge.net/p/giflib/code/ci/4cc68b315ff9a378aef6664e1be6b2144ad4a5e6/ CVE-2016-2073 [Out-of-bounds Read in the libxml2's htmlParseNameComplex() function] - - libxml2 + - libxml2 (bug #812807) NOTE: http://www.openwall.com/lists/oss-security/2016/01/25/6 CVE-2016-2070 [division by zero in TCP code] - linux ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39208 - in data: . DLA
Author: apo-guest
Date: 2016-01-26 19:16:01 + (Tue, 26 Jan 2016)
New Revision: 39208
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-403-1 for radicale
Modified: data/DLA/list
===
--- data/DLA/list 2016-01-26 19:14:41 UTC (rev 39207)
+++ data/DLA/list 2016-01-26 19:16:01 UTC (rev 39208)
@@ -1,3 +1,6 @@
+[26 Jan 2016] DLA-403-1 radicale - security update
+ {CVE-2015-8747 CVE-2015-8748}
+ [squeeze] - radicale 0.3-2
[26 Jan 2016] DLA-402-1 tiff - security update
{CVE-2015-8665 CVE-2015-8683}
[squeeze] - tiff 3.9.4-5+squeeze13
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-01-26 19:14:41 UTC (rev 39207)
+++ data/dla-needed.txt 2016-01-26 19:16:01 UTC (rev 39208)
@@ -56,7 +56,5 @@
php5 (Thorsten Alteholz)
NOTE: next upload end of December
--
-radicale (Markus Koschany)
---
tiff
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39207 - data
Author: carnil Date: 2016-01-26 19:14:41 + (Tue, 26 Jan 2016) New Revision: 39207 Modified: data/dsa-needed.txt Log: Add iceweasel to dsa needed list Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-01-26 19:12:20 UTC (rev 39206) +++ data/dsa-needed.txt 2016-01-26 19:14:41 UTC (rev 39207) @@ -26,6 +26,8 @@ -- icedtea-web -- +iceweasel +-- imagemagick/oldstable no-dsa bugs CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 should be fixed along ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39206 - data/CVE
Author: carnil Date: 2016-01-26 19:12:20 + (Tue, 26 Jan 2016) New Revision: 39206 Modified: data/CVE/list Log: Add CVE-2016-1948 Modified: data/CVE/list === --- data/CVE/list 2016-01-26 19:11:01 UTC (rev 39205) +++ data/CVE/list 2016-01-26 19:12:20 UTC (rev 39206) @@ -293,8 +293,10 @@ RESERVED CVE-2016-1949 RESERVED -CVE-2016-1948 +CVE-2016-1948 [Lightweight themes on Firefox for Android do not verify a secure connection] RESERVED + - iceweasel (Only affects Firefox for Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-12/ CVE-2016-1947 [Application Reputation service disabled in Firefox 43] RESERVED - iceweasel ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39205 - data/CVE
Author: carnil Date: 2016-01-26 19:11:01 + (Tue, 26 Jan 2016) New Revision: 39205 Modified: data/CVE/list Log: Add CVE-2016-1947/iceweasel Modified: data/CVE/list === --- data/CVE/list 2016-01-26 19:09:53 UTC (rev 39204) +++ data/CVE/list 2016-01-26 19:11:01 UTC (rev 39205) @@ -295,8 +295,13 @@ RESERVED CVE-2016-1948 RESERVED -CVE-2016-1947 +CVE-2016-1947 [Application Reputation service disabled in Firefox 43] RESERVED + - iceweasel + [jessie] - iceweasel (Only affects Firefox 43.x) + [wheezy] - iceweasel (Only affects Firefox 43.x) + [squeeze] - iceweasel (Only affects Firefox 43.x) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-11/ CVE-2016-1946 [Unsafe memory manipulation found through code inspection] RESERVED - iceweasel ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39204 - data/CVE
Author: carnil
Date: 2016-01-26 19:09:53 + (Tue, 26 Jan 2016)
New Revision: 39204
Modified:
data/CVE/list
Log:
Add CVE-2016-194{4,5,6}/iceweasel
Modified: data/CVE/list
===
--- data/CVE/list 2016-01-26 19:08:27 UTC (rev 39203)
+++ data/CVE/list 2016-01-26 19:09:53 UTC (rev 39204)
@@ -297,12 +297,27 @@
RESERVED
CVE-2016-1947
RESERVED
-CVE-2016-1946
+CVE-2016-1946 [Unsafe memory manipulation found through code inspection]
RESERVED
-CVE-2016-1945
+ - iceweasel
+ [jessie] - iceweasel (Only affects Firefox 43.x)
+ [wheezy] - iceweasel (Only affects Firefox 43.x)
+ [squeeze] - iceweasel (Only affects Firefox 43.x)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-10/
+CVE-2016-1945 [Unsafe memory manipulation found through code inspection]
RESERVED
-CVE-2016-1944
+ - iceweasel
+ [jessie] - iceweasel (Only affects Firefox 43.x)
+ [wheezy] - iceweasel (Only affects Firefox 43.x)
+ [squeeze] - iceweasel (Only affects Firefox 43.x)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-10/
+CVE-2016-1944 [Unsafe memory manipulation found through code inspection]
RESERVED
+ - iceweasel
+ [jessie] - iceweasel (Only affects Firefox 43.x)
+ [wheezy] - iceweasel (Only affects Firefox 43.x)
+ [squeeze] - iceweasel (Only affects Firefox 43.x)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-10/
CVE-2016-1943 [Addressbar spoofing attacks]
RESERVED
- iceweasel
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39203 - data/CVE
Author: carnil
Date: 2016-01-26 19:08:27 + (Tue, 26 Jan 2016)
New Revision: 39203
Modified:
data/CVE/list
Log:
Add CVE-2016-194{2,3}/iceweasel
Modified: data/CVE/list
===
--- data/CVE/list 2016-01-26 19:07:02 UTC (rev 39202)
+++ data/CVE/list 2016-01-26 19:08:27 UTC (rev 39203)
@@ -303,10 +303,20 @@
RESERVED
CVE-2016-1944
RESERVED
-CVE-2016-1943
+CVE-2016-1943 [Addressbar spoofing attacks]
RESERVED
-CVE-2016-1942
+ - iceweasel
+ [jessie] - iceweasel (Only affects Firefox 43.x)
+ [wheezy] - iceweasel (Only affects Firefox 43.x)
+ [squeeze] - iceweasel (Only affects Firefox 43.x)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-09/
+CVE-2016-1942 [Addressbar spoofing attacks]
RESERVED
+ - iceweasel
+ [jessie] - iceweasel (Only affects Firefox 43.x)
+ [wheezy] - iceweasel (Only affects Firefox 43.x)
+ [squeeze] - iceweasel (Only affects Firefox 43.x)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-09/
CVE-2016-1941 [Delay following click events in file download dialog too short
on OS X]
RESERVED
- iceweasel (Affects only Firefox on OS X)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39202 - data/CVE
Author: carnil Date: 2016-01-26 19:07:02 + (Tue, 26 Jan 2016) New Revision: 39202 Modified: data/CVE/list Log: Add CVE-2016-1941/iceweasel Modified: data/CVE/list === --- data/CVE/list 2016-01-26 19:05:37 UTC (rev 39201) +++ data/CVE/list 2016-01-26 19:07:02 UTC (rev 39202) @@ -307,8 +307,10 @@ RESERVED CVE-2016-1942 RESERVED -CVE-2016-1941 +CVE-2016-1941 [Delay following click events in file download dialog too short on OS X] RESERVED + - iceweasel (Affects only Firefox on OS X) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-08/ CVE-2016-1940 [Addressbar spoofing through stored data url shortcuts on Firefox for Android] RESERVED - iceweasel (Affects Firefox for Android only) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39201 - data/CVE
Author: carnil Date: 2016-01-26 19:05:37 + (Tue, 26 Jan 2016) New Revision: 39201 Modified: data/CVE/list Log: Add CVE-2016-1937/iceweasel Modified: data/CVE/list === --- data/CVE/list 2016-01-26 19:04:44 UTC (rev 39200) +++ data/CVE/list 2016-01-26 19:05:37 UTC (rev 39201) @@ -324,6 +324,11 @@ RESERVED CVE-2016-1937 RESERVED + - iceweasel + [jessie] - iceweasel (Only affects Firefox 43.x) + [wheezy] - iceweasel (Only affects Firefox 43.x) + [squeeze] - iceweasel (Only affects Firefox 43.x) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-06/ CVE-2016-1936 RESERVED CVE-2016-1935 [Buffer overflow in WebGL after out of memory allocation] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39200 - data/CVE
Author: carnil Date: 2016-01-26 19:04:44 + (Tue, 26 Jan 2016) New Revision: 39200 Modified: data/CVE/list Log: Add CVE-2016-1940/iceweasel, not affected, only Firefox for Android Modified: data/CVE/list === --- data/CVE/list 2016-01-26 19:02:30 UTC (rev 39199) +++ data/CVE/list 2016-01-26 19:04:44 UTC (rev 39200) @@ -309,8 +309,10 @@ RESERVED CVE-2016-1941 RESERVED -CVE-2016-1940 +CVE-2016-1940 [Addressbar spoofing through stored data url shortcuts on Firefox for Android] RESERVED + - iceweasel (Affects Firefox for Android only) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-05/ CVE-2016-1939 RESERVED - iceweasel ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39199 - data/CVE
Author: carnil Date: 2016-01-26 19:02:30 + (Tue, 26 Jan 2016) New Revision: 39199 Modified: data/CVE/list Log: Add CVE-2016-1939 and update CVE-2015-7208 Modified: data/CVE/list === --- data/CVE/list 2016-01-26 18:59:51 UTC (rev 39198) +++ data/CVE/list 2016-01-26 19:02:30 UTC (rev 39199) @@ -313,6 +313,11 @@ RESERVED CVE-2016-1939 RESERVED + - iceweasel + [jessie] - iceweasel (Only affects Firefox 43.x) + [wheezy] - iceweasel (Only affects Firefox 43.x) + [squeeze] - iceweasel (Only affects Firefox 43.x) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-04/ CVE-2016-1938 RESERVED CVE-2016-1937 @@ -9507,7 +9512,11 @@ CVE-2015-7209 RESERVED CVE-2015-7208 (Mozilla Firefox before 43.0 stores cookies containing vertical tab ...) - - iceweasel (ESR38 series not affected) + - iceweasel + [jessie] - iceweasel (Only affects Firefox 43.x) + [wheezy] - iceweasel (Only affects Firefox 43.x) + [squeeze] - iceweasel (Only affects Firefox 43.x) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-04/ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-137/ CVE-2015-7207 (Mozilla Firefox before 43.0 does not properly restrict the ...) - iceweasel (ESR38 series not affected) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39195 - data/CVE
Author: carnil Date: 2016-01-26 18:44:57 + (Tue, 26 Jan 2016) New Revision: 39195 Modified: data/CVE/list Log: CVE-2016-2073/libxml2 assigned Modified: data/CVE/list === --- data/CVE/list 2016-01-26 18:43:06 UTC (rev 39194) +++ data/CVE/list 2016-01-26 18:44:57 UTC (rev 39195) @@ -5,9 +5,9 @@ NOTE: http://sourceforge.net/p/giflib/bugs/82/ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/26/5 NOTE: http://sourceforge.net/p/giflib/code/ci/4cc68b315ff9a378aef6664e1be6b2144ad4a5e6/ -CVE-2016- [Out-of-bounds Read in the libxml2's htmlParseNameComplex() function] +CVE-2016-2073 [Out-of-bounds Read in the libxml2's htmlParseNameComplex() function] - libxml2 - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/25/6 + NOTE: http://www.openwall.com/lists/oss-security/2016/01/25/6 CVE-2016-2070 [division by zero in TCP code] - linux [jessie] - linux (Vulnerable code introduced later) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39198 - data/CVE
Author: carnil Date: 2016-01-26 18:59:51 + (Tue, 26 Jan 2016) New Revision: 39198 Modified: data/CVE/list Log: Add CVE-2016-1935/iceweasel Modified: data/CVE/list === --- data/CVE/list 2016-01-26 18:58:30 UTC (rev 39197) +++ data/CVE/list 2016-01-26 18:59:51 UTC (rev 39198) @@ -319,8 +319,11 @@ RESERVED CVE-2016-1936 RESERVED -CVE-2016-1935 +CVE-2016-1935 [Buffer overflow in WebGL after out of memory allocation] RESERVED + - iceweasel + [squeeze] - iceweasel + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-03/ CVE-2016-1934 RESERVED CVE-2016-1933 [Out of Memory crash when parsing GIF format images] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39197 - data/CVE
Author: carnil Date: 2016-01-26 18:58:30 + (Tue, 26 Jan 2016) New Revision: 39197 Modified: data/CVE/list Log: Add CVE-2016-1933 Modified: data/CVE/list === --- data/CVE/list 2016-01-26 18:57:14 UTC (rev 39196) +++ data/CVE/list 2016-01-26 18:58:30 UTC (rev 39197) @@ -323,8 +323,13 @@ RESERVED CVE-2016-1934 RESERVED -CVE-2016-1933 +CVE-2016-1933 [Out of Memory crash when parsing GIF format images] RESERVED + - iceweasel + [jessie] - iceweasel (Only affects Firefox 43.x) + [wheezy] - iceweasel (Only affects Firefox 43.x) + [squeeze] - iceweasel (Only affects Firefox 43.x) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-02/ CVE-2016-1932 RESERVED CVE-2016-1931 [Memory safety bugs] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39196 - data/CVE
Author: carnil
Date: 2016-01-26 18:57:14 + (Tue, 26 Jan 2016)
New Revision: 39196
Modified:
data/CVE/list
Log:
Add CVE-2016-193{0,1}
Modified: data/CVE/list
===
--- data/CVE/list 2016-01-26 18:44:57 UTC (rev 39195)
+++ data/CVE/list 2016-01-26 18:57:14 UTC (rev 39196)
@@ -327,10 +327,18 @@
RESERVED
CVE-2016-1932
RESERVED
-CVE-2016-1931
+CVE-2016-1931 [Memory safety bugs]
RESERVED
-CVE-2016-1930
+ - iceweasel
+ [jessie] - iceweasel (Only affects Firefox 43.x)
+ [wheezy] - iceweasel (Only affects Firefox 43.x)
+ [squeeze] - iceweasel (Only affects Firefox 43.x)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
+CVE-2016-1930 [Miscellaneous memory safety hazards]
RESERVED
+ - iceweasel
+ [squeeze] - iceweasel
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
CVE-2016-1929 (The XS engine in SAP HANA allows remote attackers to spoof log
entries ...)
TODO: check
CVE-2016-1928 (Buffer overflow in the XS engine (hdbxsengine) in SAP HANA
allows ...)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39194 - data/CVE
Author: carnil Date: 2016-01-26 18:43:06 + (Tue, 26 Jan 2016) New Revision: 39194 Modified: data/CVE/list Log: Add fixing version for #812806, nginx issues Modified: data/CVE/list === --- data/CVE/list 2016-01-26 18:32:22 UTC (rev 39193) +++ data/CVE/list 2016-01-26 18:43:06 UTC (rev 39194) @@ -3757,11 +3757,11 @@ RESERVED CVE-2016-0747 RESERVED - - nginx (bug #812806) + - nginx 1.9.10-1 (bug #812806) NOTE: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html CVE-2016-0746 RESERVED - - nginx (bug #812806) + - nginx 1.9.10-1 (bug #812806) NOTE: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html CVE-2016-0745 RESERVED @@ -3771,7 +3771,7 @@ RESERVED CVE-2016-0742 RESERVED - - nginx (bug #812806) + - nginx 1.9.10-1 (bug #812806) NOTE: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html CVE-2016-0741 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39193 - data/CVE
Author: carnil Date: 2016-01-26 18:32:22 + (Tue, 26 Jan 2016) New Revision: 39193 Modified: data/CVE/list Log: New nginx issues Modified: data/CVE/list === --- data/CVE/list 2016-01-26 15:32:15 UTC (rev 39192) +++ data/CVE/list 2016-01-26 18:32:22 UTC (rev 39193) @@ -3757,8 +3757,12 @@ RESERVED CVE-2016-0747 RESERVED + - nginx (bug #812806) + NOTE: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html CVE-2016-0746 RESERVED + - nginx (bug #812806) + NOTE: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html CVE-2016-0745 RESERVED CVE-2016-0744 @@ -3767,6 +3771,8 @@ RESERVED CVE-2016-0742 RESERVED + - nginx (bug #812806) + NOTE: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html CVE-2016-0741 RESERVED CVE-2016-0740 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39192 - data/CVE
Author: carnil
Date: 2016-01-26 15:32:15 + (Tue, 26 Jan 2016)
New Revision: 39192
Modified:
data/CVE/list
Log:
Add commit references for CVE-2015-866{3,5}/tiff
Modified: data/CVE/list
===
--- data/CVE/list 2016-01-26 15:15:03 UTC (rev 39191)
+++ data/CVE/list 2016-01-26 15:32:15 UTC (rev 39192)
@@ -2738,12 +2738,14 @@
- tiff 4.0.6-1 (bug #809021)
- tiff3
NOTE: http://www.openwall.com/lists/oss-security/2015/12/25/1
+ NOTE:
https://github.com/vadz/libtiff/commit/f94a29a822f5528d2334592760fbb7938f15eb55
CVE-2015-8665 [Out-of-bounds Read]
RESERVED
{DLA-402-1}
- tiff 4.0.6-1 (bug #808968)
- tiff3
NOTE: http://www.openwall.com/lists/oss-security/2015/12/24/2
+ NOTE:
https://github.com/vadz/libtiff/commit/f94a29a822f5528d2334592760fbb7938f15eb55
CVE-2015-8666 [acpi: heap based buffer overrun during VM migration]
RESERVED
- qemu 1:2.5+dfsg-1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39191 - data/CVE
Author: carnil Date: 2016-01-26 15:15:03 + (Tue, 26 Jan 2016) New Revision: 39191 Modified: data/CVE/list Log: Add new issue in giflib Modified: data/CVE/list === --- data/CVE/list 2016-01-26 13:08:11 UTC (rev 39190) +++ data/CVE/list 2016-01-26 15:15:03 UTC (rev 39191) @@ -1,3 +1,10 @@ +CVE-2016- [out of bound read and write issues] + - giflib + [jessie] - giflib (Minor issue) + [wheezy] - giflib (Minor issue) + NOTE: http://sourceforge.net/p/giflib/bugs/82/ + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/26/5 + NOTE: http://sourceforge.net/p/giflib/code/ci/4cc68b315ff9a378aef6664e1be6b2144ad4a5e6/ CVE-2016- [Out-of-bounds Read in the libxml2's htmlParseNameComplex() function] - libxml2 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/25/6 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39190 - data/CVE
Author: carnil Date: 2016-01-26 13:08:11 + (Tue, 26 Jan 2016) New Revision: 39190 Modified: data/CVE/list Log: Remove todo item for libxml2 Modified: data/CVE/list === --- data/CVE/list 2016-01-26 12:21:32 UTC (rev 39189) +++ data/CVE/list 2016-01-26 13:08:11 UTC (rev 39190) @@ -1,7 +1,6 @@ CVE-2016- [Out-of-bounds Read in the libxml2's htmlParseNameComplex() function] - libxml2 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/25/6 - TODO: check versions CVE-2016-2070 [division by zero in TCP code] - linux [jessie] - linux (Vulnerable code introduced later) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39189 - data
Author: carnil Date: 2016-01-26 12:21:32 + (Tue, 26 Jan 2016) New Revision: 39189 Modified: data/dsa-needed.txt Log: Take mysql-5.5 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-01-26 09:10:20 UTC (rev 39188) +++ data/dsa-needed.txt 2016-01-26 12:21:32 UTC (rev 39189) @@ -44,7 +44,7 @@ -- mediawiki -- -mysql-5.5 +mysql-5.5 (carnil) -- nss -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39188 - data/CVE
Author: sectracker
Date: 2016-01-26 09:10:20 + (Tue, 26 Jan 2016)
New Revision: 39188
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2016-01-26 09:08:09 UTC (rev 39187)
+++ data/CVE/list 2016-01-26 09:10:20 UTC (rev 39188)
@@ -2728,11 +2728,13 @@
TODO: check
CVE-2015-8683 [out-of-bounds read in CIE Lab image format]
RESERVED
+ {DLA-402-1}
- tiff 4.0.6-1 (bug #809021)
- tiff3
NOTE: http://www.openwall.com/lists/oss-security/2015/12/25/1
CVE-2015-8665 [Out-of-bounds Read]
RESERVED
+ {DLA-402-1}
- tiff 4.0.6-1 (bug #808968)
- tiff3
NOTE: http://www.openwall.com/lists/oss-security/2015/12/24/2
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39187 - data
Author: santiago Date: 2016-01-26 09:08:09 + (Tue, 26 Jan 2016) New Revision: 39187 Modified: data/dla-needed.txt Log: add back tiff to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-01-26 08:08:34 UTC (rev 39186) +++ data/dla-needed.txt 2016-01-26 09:08:09 UTC (rev 39187) @@ -58,3 +58,5 @@ -- radicale (Markus Koschany) -- +tiff +-- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39186 - data/CVE
Author: carnil Date: 2016-01-26 08:08:34 + (Tue, 26 Jan 2016) New Revision: 39186 Modified: data/CVE/list Log: Correct upstream tag containing fix for CVE-2016-2070 Modified: data/CVE/list === --- data/CVE/list 2016-01-26 07:31:28 UTC (rev 39185) +++ data/CVE/list 2016-01-26 08:08:34 UTC (rev 39186) @@ -7,7 +7,7 @@ [jessie] - linux (Vulnerable code introduced later) [wheezy] - linux (Vulnerable code introduced later) - linux-2.6 (Vulnerable code introduced later) - NOTE: Upstream commit: https://git.kernel.org/linus/8b8a321ff72c785ed5e8b4cf6eda20b35d427390 (v4.5-rc1) + NOTE: Upstream commit: https://git.kernel.org/linus/8b8a321ff72c785ed5e8b4cf6eda20b35d427390 (v4.4) NOTE: Introduced by: https://git.kernel.org/linus/3759824da87b30ce7a35b4873b62b0ba38905ef5 (v4.3-rc1) CVE-2016-2068 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
