[Secure-testing-commits] r39576 - data
Author: carnil Date: 2016-02-09 20:32:09 + (Tue, 09 Feb 2016) New Revision: 39576 Modified: data/next-point-update.txt Log: Add CVEs for nettle, fixes proposed via jessie-pu Modified: data/next-point-update.txt === --- data/next-point-update.txt 2016-02-09 19:36:15 UTC (rev 39575) +++ data/next-point-update.txt 2016-02-09 20:32:09 UTC (rev 39576) @@ -16,3 +16,9 @@ [jessie] - giflib 4.1.6-11+deb8u1 CVE-2015-8076 [jessie] - cyrus-imapd-2.4 2.4.17+nocaldav-0~deb8u1 +CVE-2015-8803 + [jessie] - nettle 2.7.1-5+deb8u1 +CVE-2015-8804 + [jessie] - nettle 2.7.1-5+deb8u1 +CVE-2015-8805 + [jessie] - nettle 2.7.1-5+deb8u1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39557 - data/CVE
Author: sectracker Date: 2016-02-09 09:10:16 + (Tue, 09 Feb 2016) New Revision: 39557 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2016-02-09 06:19:58 UTC (rev 39556) +++ data/CVE/list 2016-02-09 09:10:16 UTC (rev 39557) @@ -3387,6 +3387,7 @@ CVE-2015-8689 RESERVED CVE-2015-8688 (Gajim before 0.16.5 allows remote attackers to modify the roster and ...) + {DLA-413-1} - gajim 0.16.5-0.1 (bug #809900) NOTE: http://gultsch.de/gajim_roster_push_and_message_interception.html NOTE: https://trac.gajim.org/changeset/af78b7c068904d78c5dfb802826aae99f26a8947/ ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39558 - data/CVE
Author: carnil Date: 2016-02-09 10:03:27 + (Tue, 09 Feb 2016) New Revision: 39558 Modified: data/CVE/list Log: Two CVEs for dolibarr addressed in unstable Modified: data/CVE/list === --- data/CVE/list 2016-02-09 09:10:16 UTC (rev 39557) +++ data/CVE/list 2016-02-09 10:03:27 UTC (rev 39558) @@ -1108,7 +1108,7 @@ CVE-2016-1913 (Multiple cross-site scripting (XSS) vulnerabilities in the Redhen ...) TODO: check CVE-2016-1912 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ...) - - dolibarr (bug #812496) + - dolibarr 3.5.8+dfsg1-1 (bug #812496) NOTE: https://github.com/Dolibarr/dolibarr/issues/4341 CVE-2016-1911 (Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver ...) TODO: check @@ -3396,7 +3396,7 @@ CVE-2015-8686 RESERVED CVE-2015-8685 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ...) - - dolibarr (bug #812449) + - dolibarr 3.5.8+dfsg1-1 (bug #812449) NOTE: https://github.com/Dolibarr/dolibarr/issues/4291 NOTE: https://github.com/GPCsolutions/dolibarr/commit/0d3181324c816bdf664ca5e1548dfe8eb05c54f8 CVE-2015-8684 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39562 - data
Author: santiago Date: 2016-02-09 14:56:12 + (Tue, 09 Feb 2016) New Revision: 39562 Modified: data/dla-needed.txt Log: add xymon to dla-needed Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-02-09 13:38:26 UTC (rev 39561) +++ data/dla-needed.txt 2016-02-09 14:56:12 UTC (rev 39562) @@ -57,3 +57,5 @@ -- tiff -- +xymon +-- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39559 - data/CVE
Author: apo-guest Date: 2016-02-09 13:07:20 + (Tue, 09 Feb 2016) New Revision: 39559 Modified: data/CVE/list Log: CVE-2014-3566 is fixed in wheezy for lighttpd 1.4.31-4+deb7u3 Modified: data/CVE/list === --- data/CVE/list 2016-02-09 10:03:27 UTC (rev 39558) +++ data/CVE/list 2016-02-09 13:07:20 UTC (rev 39559) @@ -47263,7 +47263,7 @@ - erlang 1:17.3-dfsg-3 (bug #771359) [squeeze] - erlang (Minor issue) [wheezy] - erlang (Minor issue) - - lighttpd 1.4.35-4 (bug #765702) + [wheezy] - lighttpd 1.4.31-4+deb7u3 (bug #765702; medium) NOTE: https://www.openssl.org/~bodo/ssl-poodle.pdf NOTE: http://googleonlinesecurity.blogspot.fr/2014/10/this-poodle-bites-exploiting-ssl-30.html NOTE: This is only about the SSLv3 CBC padding, not about any downgrade attack or support for the fallback SCSV ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39561 - data/CVE
Author: carnil Date: 2016-02-09 13:38:26 + (Tue, 09 Feb 2016) New Revision: 39561 Modified: data/CVE/list Log: Revert wheezy version mark for now Modified: data/CVE/list === --- data/CVE/list 2016-02-09 13:20:53 UTC (rev 39560) +++ data/CVE/list 2016-02-09 13:38:26 UTC (rev 39561) @@ -47264,7 +47264,6 @@ [squeeze] - erlang (Minor issue) [wheezy] - erlang (Minor issue) - lighttpd 1.4.35-4 (bug #765702) - [wheezy] - lighttpd 1.4.31-4+deb7u3 NOTE: https://www.openssl.org/~bodo/ssl-poodle.pdf NOTE: http://googleonlinesecurity.blogspot.fr/2014/10/this-poodle-bites-exploiting-ssl-30.html NOTE: This is only about the SSLv3 CBC padding, not about any downgrade attack or support for the fallback SCSV ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39560 - data/CVE
Author: carnil Date: 2016-02-09 13:20:53 + (Tue, 09 Feb 2016) New Revision: 39560 Modified: data/CVE/list Log: Add back version information for lighttpd Modified: data/CVE/list === --- data/CVE/list 2016-02-09 13:07:20 UTC (rev 39559) +++ data/CVE/list 2016-02-09 13:20:53 UTC (rev 39560) @@ -47263,7 +47263,8 @@ - erlang 1:17.3-dfsg-3 (bug #771359) [squeeze] - erlang (Minor issue) [wheezy] - erlang (Minor issue) - [wheezy] - lighttpd 1.4.31-4+deb7u3 (bug #765702; medium) + - lighttpd 1.4.35-4 (bug #765702) + [wheezy] - lighttpd 1.4.31-4+deb7u3 NOTE: https://www.openssl.org/~bodo/ssl-poodle.pdf NOTE: http://googleonlinesecurity.blogspot.fr/2014/10/this-poodle-bites-exploiting-ssl-30.html NOTE: This is only about the SSLv3 CBC padding, not about any downgrade attack or support for the fallback SCSV ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39563 - data/CVE
Author: carnil Date: 2016-02-09 16:41:32 + (Tue, 09 Feb 2016) New Revision: 39563 Modified: data/CVE/list Log: Mark CVE-2015-8550 as well not affecting qemu-kvm Modified: data/CVE/list === --- data/CVE/list 2016-02-09 14:56:12 UTC (rev 39562) +++ data/CVE/list 2016-02-09 16:41:32 UTC (rev 39563) @@ -4842,10 +4842,11 @@ - linux-2.6 [squeeze] - linux-2.6 (Xen not supported in Squeeze LTS) - qemu 1:2.5+dfsg-2 (bug #809229) - [squeeze] - qemu (Unsupported in Squeeze LTS) [wheezy] - qemu (vulnerable code not present) + [squeeze] - qemu (vulnerable code not present) - qemu-kvm - [squeeze] - qemu-kvm (Not supported in Squeeze LTS) + [wheezy] - qemu-kvm (vulnerable code not present) + [squeeze] - qemu-kvm (vulnerable code not present) - xen [squeeze] - xen (Unsupported in Squeeze LTS) NOTE: http://xenbits.xen.org/xsa/advisory-155.html ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39564 - data/CVE
Author: carnil Date: 2016-02-09 16:41:40 + (Tue, 09 Feb 2016) New Revision: 39564 Modified: data/CVE/list Log: Remove TODO item for CVE-2015-8666, affects wheezy and jessie according to maintainer Modified: data/CVE/list === --- data/CVE/list 2016-02-09 16:41:32 UTC (rev 39563) +++ data/CVE/list 2016-02-09 16:41:40 UTC (rev 39564) @@ -3556,7 +3556,6 @@ NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d9a3b33d2c9f996537b7f1d0246dee2d0120cefb (v2.5.0-rc1) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283722 NOTE: http://www.openwall.com/lists/oss-security/2015/12/24/1 - TODO: check affected versions CVE-2016-1130 RESERVED CVE-2016-1129 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39565 - in data: CVE DSA
Author: carnil Date: 2016-02-09 16:41:49 + (Tue, 09 Feb 2016) New Revision: 39565 Modified: data/CVE/list data/DSA/list Log: CVE-2016-1981 fixed in DSA-3469-1 and DSA-3470-1 Modified: data/CVE/list === --- data/CVE/list 2016-02-09 16:41:40 UTC (rev 39564) +++ data/CVE/list 2016-02-09 16:41:49 UTC (rev 39565) @@ -1126,7 +1126,7 @@ TODO: check CVE-2016-1981 [net: e1000 infinite loop in start_xmit and e1000_receive_iov routines] RESERVED - {DSA-3471-1} + {DSA-3471-1 DSA-3470-1 DSA-3469-1} - qemu 1:2.5+dfsg-5 (bug #812307) [squeeze] - qemu (Not supported in Squeeze LTS) - qemu-kvm Modified: data/DSA/list === --- data/DSA/list 2016-02-09 16:41:40 UTC (rev 39564) +++ data/DSA/list 2016-02-09 16:41:49 UTC (rev 39565) @@ -6,10 +6,10 @@ {CVE-2015-7295 CVE-2015-7504 CVE-2015-7512 CVE-2015-7549 CVE-2015-8345 CVE-2015-8504 CVE-2015-8550 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981} [jessie] - qemu 1:2.1+dfsg-12+deb8u5 [08 Feb 2016] DSA-3470-1 qemu-kvm - security update - {CVE-2015-7295 CVE-2015-7504 CVE-2015-7512 CVE-2015-8345 CVE-2015-8504 CVE-2015-8558 CVE-2015-8743 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922} + {CVE-2015-7295 CVE-2015-7504 CVE-2015-7512 CVE-2015-8345 CVE-2015-8504 CVE-2015-8558 CVE-2015-8743 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981} [wheezy] - qemu-kvm 1.1.2+dfsg-6+deb7u12 [08 Feb 2016] DSA-3469-1 qemu - security update - {CVE-2015-7295 CVE-2015-7504 CVE-2015-7512 CVE-2015-8345 CVE-2015-8504 CVE-2015-8558 CVE-2015-8743 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922} + {CVE-2015-7295 CVE-2015-7504 CVE-2015-7512 CVE-2015-8345 CVE-2015-8504 CVE-2015-8558 CVE-2015-8743 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981} [wheezy] - qemu 1.1.2+dfsg-6a+deb7u12 [06 Feb 2016] DSA-3468-1 polarssl - security update {CVE-2015-5291 CVE-2015-8036} ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39567 - data
Author: lamby Date: 2016-02-09 16:51:19 + (Tue, 09 Feb 2016) New Revision: 39567 Modified: data/dla-needed.txt Log: Claim xymon in data/dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-02-09 16:48:27 UTC (rev 39566) +++ data/dla-needed.txt 2016-02-09 16:51:19 UTC (rev 39567) @@ -57,5 +57,5 @@ -- tiff -- -xymon +xymon (Chris Lamb) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39566 - data/DSA
Author: carnil Date: 2016-02-09 16:48:27 + (Tue, 09 Feb 2016) New Revision: 39566 Modified: data/DSA/list Log: Use final version used for qemu update in jessie-security Modified: data/DSA/list === --- data/DSA/list 2016-02-09 16:41:49 UTC (rev 39565) +++ data/DSA/list 2016-02-09 16:48:27 UTC (rev 39566) @@ -4,7 +4,7 @@ [jessie] - wordpress 4.1+dfsg-1+deb8u8 [08 Feb 2016] DSA-3471-1 qemu - security update {CVE-2015-7295 CVE-2015-7504 CVE-2015-7512 CVE-2015-7549 CVE-2015-8345 CVE-2015-8504 CVE-2015-8550 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981} - [jessie] - qemu 1:2.1+dfsg-12+deb8u5 + [jessie] - qemu 1:2.1+dfsg-12+deb8u5a [08 Feb 2016] DSA-3470-1 qemu-kvm - security update {CVE-2015-7295 CVE-2015-7504 CVE-2015-7512 CVE-2015-8345 CVE-2015-8504 CVE-2015-8558 CVE-2015-8743 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981} [wheezy] - qemu-kvm 1.1.2+dfsg-6+deb7u12 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39568 - data/CVE
Author: carnil Date: 2016-02-09 16:57:16 + (Tue, 09 Feb 2016) New Revision: 39568 Modified: data/CVE/list Log: Add CVE-2015-7511/libgcrypt Modified: data/CVE/list === --- data/CVE/list 2016-02-09 16:51:19 UTC (rev 39567) +++ data/CVE/list 2016-02-09 16:57:16 UTC (rev 39568) @@ -9638,6 +9638,11 @@ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06341.html CVE-2015-7511 RESERVED + - libgcrypt20 + - libgcrypt11 + NOTE: http://www.cs.tau.ac.IL/~tromer/ecdh/ + NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=de7db12fa04016e12dffb2b678632f45eba15ec4 (libgcrypt-1.6.5) + NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=88e1358962e902ff1cbec8d53ba3eee46407851a (master) CVE-2015-7510 RESERVED CVE-2015-7509 (fs/ext4/namei.c in the Linux kernel before 3.7 allows physically ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39574 - data/CVE
Author: carnil Date: 2016-02-09 19:24:22 + (Tue, 09 Feb 2016) New Revision: 39574 Modified: data/CVE/list Log: Add fixed version for CVE-2015-7511 in experimental Modified: data/CVE/list === --- data/CVE/list 2016-02-09 19:02:28 UTC (rev 39573) +++ data/CVE/list 2016-02-09 19:24:22 UTC (rev 39574) @@ -9650,6 +9650,7 @@ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06341.html CVE-2015-7511 RESERVED + [experimental] - libgcrypt20 1.6.5-1 - libgcrypt20 - libgcrypt11 NOTE: http://www.cs.tau.ac.IL/~tromer/ecdh/ ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39575 - data
Author: carnil Date: 2016-02-09 19:36:15 + (Tue, 09 Feb 2016) New Revision: 39575 Modified: data/dsa-needed.txt Log: Add note for nginx in dsa-needed list Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-02-09 19:24:22 UTC (rev 39574) +++ data/dsa-needed.txt 2016-02-09 19:36:15 UTC (rev 39575) @@ -44,6 +44,7 @@ -- nginx Maintainer proposed debdiff for jessie-security, wheezy-security needed. + carnil> changes for jessie-security look good in first review round -- nss -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39573 - data/CVE
Author: carnil Date: 2016-02-09 19:02:28 + (Tue, 09 Feb 2016) New Revision: 39573 Modified: data/CVE/list Log: Add new cacti issue Modified: data/CVE/list === --- data/CVE/list 2016-02-09 18:32:35 UTC (rev 39572) +++ data/CVE/list 2016-02-09 19:02:28 UTC (rev 39573) @@ -1,3 +1,10 @@ +CVE-2016- [Authentication using web authentication as a user not in the cacti database allows complete access] + - cacti + NOTE: http://svn.cacti.net/viewvc/cacti/tags/0.8.8g/docs/CHANGELOG?revision=7788=markup + NOTE: http://bugs.cacti.net/view.php?id=2656 + NOTE: Upstream fix: http://svn.cacti.net/viewvc?view=rev=7770 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=965930 + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/09/3 CVE-2016- [Stack corruption from crafted pattern] - pcre3 [wheezy] - pcre3 (Vulnerable code not present) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39570 - data/CVE
Author: carnil Date: 2016-02-09 18:05:13 + (Tue, 09 Feb 2016) New Revision: 39570 Modified: data/CVE/list Log: Update CVE-2016-2089/jasper Modified: data/CVE/list === --- data/CVE/list 2016-02-09 17:31:15 UTC (rev 39569) +++ data/CVE/list 2016-02-09 18:05:13 UTC (rev 39570) @@ -569,9 +569,12 @@ NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=93881 NOTE: Fixed by: http://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7 (0.8.2) NOTE: Introduced by: http://cgit.freedesktop.org/libbsd/commit/?id=a97ce513e031b29a47965b740be14fb9a84277fc (0.5.0) -CVE-2016-2089 [invalid read in the JasPer's jas_matrix_clip() function] +CVE-2016-2089 [matrix rows_ NULL pointer dereference in jas_matrix_clip()] RESERVED - jasper (bug #812978) + [jessie] - jasper (Minor issue) + [wheezy] - jasper (Minor issue) + [squeeze] - jasper (Minor issue) CVE-2016-2085 RESERVED CVE-2016-2084 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39571 - data/CVE
Author: carnil Date: 2016-02-09 18:25:46 + (Tue, 09 Feb 2016) New Revision: 39571 Modified: data/CVE/list Log: Update CVE-2016-1526/graphite2 Modified: data/CVE/list === --- data/CVE/list 2016-02-09 18:05:13 UTC (rev 39570) +++ data/CVE/list 2016-02-09 18:25:46 UTC (rev 39571) @@ -2131,12 +2131,13 @@ RESERVED CVE-2016-1527 RESERVED -CVE-2016-1526 +CVE-2016-1526 [denial-of-service] RESERVED - - graphite2 + - graphite2 NOTE: http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html - NOTE: Talos Blog mentions this CVE, but it is not listed in http://talosintel.com/vulnerability-reports/ - NOTE: so needs to be double checked + NOTE: Talos Blog mentions this CVE, but it is not listed in + NOTE: http://talosintel.com/vulnerability-reports/ + TODO: check CVE-2016-1525 RESERVED CVE-2016-1524 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39572 - data/CVE
Author: carnil Date: 2016-02-09 18:32:35 + (Tue, 09 Feb 2016) New Revision: 39572 Modified: data/CVE/list Log: Update information for CVE-2016-2198/qemu Modified: data/CVE/list === --- data/CVE/list 2016-02-09 18:25:46 UTC (rev 39571) +++ data/CVE/list 2016-02-09 18:32:35 UTC (rev 39572) @@ -518,12 +518,11 @@ CVE-2016-2198 [usb: ehci null pointer dereference in ehci_caps_write] RESERVED - qemu (bug #813193) - [squeeze] - qemu (Not supported in Squeeze LTS) - - qemu-kvm - [squeeze] - qemu-kvm (Not supported in Squeeze LTS) + [wheezy] - qemu (Introduced after v1.2.0) + [squeeze] - qemu (Introduced after v1.2.0) + - qemu-kvm (Introduced after v1.2.0) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg05899.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1301643 - TODO: check versions CVE-2016-2197 [ide: ahci null pointer dereference when using FIS CLB engines] RESERVED - qemu (bug #813194) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39578 - data/CVE
Author: carnil Date: 2016-02-10 05:27:52 + (Wed, 10 Feb 2016) New Revision: 39578 Modified: data/CVE/list Log: Reference additional needed commit for CVE-2015-7511 and libgcrypt20 Modified: data/CVE/list === --- data/CVE/list 2016-02-10 05:05:35 UTC (rev 39577) +++ data/CVE/list 2016-02-10 05:27:52 UTC (rev 39578) @@ -9655,6 +9655,7 @@ - libgcrypt11 NOTE: http://www.cs.tau.ac.IL/~tromer/ecdh/ NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=de7db12fa04016e12dffb2b678632f45eba15ec4 (libgcrypt-1.6.5) + NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=28eb424e4427b320ec1c9c4ce56af25d495230bd (libgcrypt-1.6.5) NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=88e1358962e902ff1cbec8d53ba3eee46407851a (master) CVE-2015-7510 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39577 - data
Author: carnil Date: 2016-02-10 05:05:35 + (Wed, 10 Feb 2016) New Revision: 39577 Modified: data/dsa-needed.txt Log: Add libgcrypt20 to dsa-needed list Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-02-09 20:32:09 UTC (rev 39576) +++ data/dsa-needed.txt 2016-02-10 05:05:35 UTC (rev 39577) @@ -30,6 +30,9 @@ -- libav/oldstable -- +libgcrypt20 (carnil) + NOTE: still need to check libgcrypt11 as well +-- libidn Working debdiff for wheezy-security at https://people.debian.org/~ghedo/libidn_1.25-2+deb7u1.diff ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39569 - data/CVE
Author: carnil Date: 2016-02-09 17:31:15 + (Tue, 09 Feb 2016) New Revision: 39569 Modified: data/CVE/list Log: Update one pcre3 issue, mark as no-dsa Modified: data/CVE/list === --- data/CVE/list 2016-02-09 16:57:16 UTC (rev 39568) +++ data/CVE/list 2016-02-09 17:31:15 UTC (rev 39569) @@ -6,10 +6,12 @@ NOTE: https://bugs.exim.org/show_bug.cgi?id=1780 NOTE: Possibly introduced after http://vcs.pcre.org/pcre?view=revision=1266 CVE-2016- [Heap buffer overflow in main function of pcretest.c] - - pcre3 - - pcre2 + - pcre3 + [jessie] - pcre3 (Minor issue) + [wheezy] - pcre3 (Minor issue) + [squeeze] - pcre3 (Minor issue) + - pcre2 (Vulnerable code not present) NOTE: https://bugs.exim.org/show_bug.cgi?id=1777 - TODO: check CVE-2016-2242 RESERVED CVE-2016-2241 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits