date:20160209

[Secure-testing-commits] r39576 - data

2016-02-09 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-02-09 20:32:09 + (Tue, 09 Feb 2016)
New Revision: 39576

Modified:
   data/next-point-update.txt
Log:
Add CVEs for nettle, fixes proposed via jessie-pu

Modified: data/next-point-update.txt
===
--- data/next-point-update.txt  2016-02-09 19:36:15 UTC (rev 39575)
+++ data/next-point-update.txt  2016-02-09 20:32:09 UTC (rev 39576)
@@ -16,3 +16,9 @@
[jessie] - giflib 4.1.6-11+deb8u1
 CVE-2015-8076
[jessie] - cyrus-imapd-2.4 2.4.17+nocaldav-0~deb8u1
+CVE-2015-8803
+   [jessie] - nettle 2.7.1-5+deb8u1
+CVE-2015-8804
+   [jessie] - nettle 2.7.1-5+deb8u1
+CVE-2015-8805
+   [jessie] - nettle 2.7.1-5+deb8u1


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39557 - data/CVE

2016-02-09 Thread security tracker role

Author: sectracker
Date: 2016-02-09 09:10:16 + (Tue, 09 Feb 2016)
New Revision: 39557

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2016-02-09 06:19:58 UTC (rev 39556)
+++ data/CVE/list   2016-02-09 09:10:16 UTC (rev 39557)
@@ -3387,6 +3387,7 @@
 CVE-2015-8689
RESERVED
 CVE-2015-8688 (Gajim before 0.16.5 allows remote attackers to modify the 
roster and ...)
+   {DLA-413-1}
- gajim 0.16.5-0.1 (bug #809900)
NOTE: http://gultsch.de/gajim_roster_push_and_message_interception.html
NOTE: 
https://trac.gajim.org/changeset/af78b7c068904d78c5dfb802826aae99f26a8947/


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39558 - data/CVE

2016-02-09 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-02-09 10:03:27 + (Tue, 09 Feb 2016)
New Revision: 39558

Modified:
   data/CVE/list
Log:
Two CVEs for dolibarr addressed in unstable

Modified: data/CVE/list
===
--- data/CVE/list   2016-02-09 09:10:16 UTC (rev 39557)
+++ data/CVE/list   2016-02-09 10:03:27 UTC (rev 39558)
@@ -1108,7 +1108,7 @@
 CVE-2016-1913 (Multiple cross-site scripting (XSS) vulnerabilities in the 
Redhen ...)
TODO: check
 CVE-2016-1912 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 
...)
-   - dolibarr  (bug #812496)
+   - dolibarr 3.5.8+dfsg1-1 (bug #812496)
NOTE: https://github.com/Dolibarr/dolibarr/issues/4341
 CVE-2016-1911 (Multiple cross-site scripting (XSS) vulnerabilities in SAP 
NetWeaver ...)
TODO: check
@@ -3396,7 +3396,7 @@
 CVE-2015-8686
RESERVED
 CVE-2015-8685 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 
...)
-   - dolibarr  (bug #812449)
+   - dolibarr 3.5.8+dfsg1-1 (bug #812449)
NOTE: https://github.com/Dolibarr/dolibarr/issues/4291
NOTE: 
https://github.com/GPCsolutions/dolibarr/commit/0d3181324c816bdf664ca5e1548dfe8eb05c54f8
 CVE-2015-8684


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39562 - data

2016-02-09 Thread Santiago Ruano Rincón

Author: santiago
Date: 2016-02-09 14:56:12 + (Tue, 09 Feb 2016)
New Revision: 39562

Modified:
   data/dla-needed.txt
Log:
add xymon to dla-needed

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-02-09 13:38:26 UTC (rev 39561)
+++ data/dla-needed.txt 2016-02-09 14:56:12 UTC (rev 39562)
@@ -57,3 +57,5 @@
 --
 tiff
 --
+xymon
+--


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39559 - data/CVE

2016-02-09 Thread Markus Koschany

Author: apo-guest
Date: 2016-02-09 13:07:20 + (Tue, 09 Feb 2016)
New Revision: 39559

Modified:
   data/CVE/list
Log:
CVE-2014-3566 is fixed in wheezy for lighttpd 1.4.31-4+deb7u3


Modified: data/CVE/list
===
--- data/CVE/list   2016-02-09 10:03:27 UTC (rev 39558)
+++ data/CVE/list   2016-02-09 13:07:20 UTC (rev 39559)
@@ -47263,7 +47263,7 @@
- erlang 1:17.3-dfsg-3 (bug #771359)
[squeeze] - erlang  (Minor issue)
[wheezy] - erlang  (Minor issue)
-   - lighttpd 1.4.35-4 (bug #765702)
+   [wheezy] - lighttpd 1.4.31-4+deb7u3 (bug #765702; medium)
NOTE: https://www.openssl.org/~bodo/ssl-poodle.pdf
NOTE: 
http://googleonlinesecurity.blogspot.fr/2014/10/this-poodle-bites-exploiting-ssl-30.html
NOTE: This is only about the SSLv3 CBC padding, not about any downgrade 
attack or support for the fallback SCSV


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39561 - data/CVE

2016-02-09 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-02-09 13:38:26 + (Tue, 09 Feb 2016)
New Revision: 39561

Modified:
   data/CVE/list
Log:
Revert wheezy version mark for now

Modified: data/CVE/list
===
--- data/CVE/list   2016-02-09 13:20:53 UTC (rev 39560)
+++ data/CVE/list   2016-02-09 13:38:26 UTC (rev 39561)
@@ -47264,7 +47264,6 @@
[squeeze] - erlang  (Minor issue)
[wheezy] - erlang  (Minor issue)
- lighttpd 1.4.35-4 (bug #765702)
-   [wheezy] - lighttpd 1.4.31-4+deb7u3
NOTE: https://www.openssl.org/~bodo/ssl-poodle.pdf
NOTE: 
http://googleonlinesecurity.blogspot.fr/2014/10/this-poodle-bites-exploiting-ssl-30.html
NOTE: This is only about the SSLv3 CBC padding, not about any downgrade 
attack or support for the fallback SCSV


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39560 - data/CVE

2016-02-09 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-02-09 13:20:53 + (Tue, 09 Feb 2016)
New Revision: 39560

Modified:
   data/CVE/list
Log:
Add back version information for lighttpd

Modified: data/CVE/list
===
--- data/CVE/list   2016-02-09 13:07:20 UTC (rev 39559)
+++ data/CVE/list   2016-02-09 13:20:53 UTC (rev 39560)
@@ -47263,7 +47263,8 @@
- erlang 1:17.3-dfsg-3 (bug #771359)
[squeeze] - erlang  (Minor issue)
[wheezy] - erlang  (Minor issue)
-   [wheezy] - lighttpd 1.4.31-4+deb7u3 (bug #765702; medium)
+   - lighttpd 1.4.35-4 (bug #765702)
+   [wheezy] - lighttpd 1.4.31-4+deb7u3
NOTE: https://www.openssl.org/~bodo/ssl-poodle.pdf
NOTE: 
http://googleonlinesecurity.blogspot.fr/2014/10/this-poodle-bites-exploiting-ssl-30.html
NOTE: This is only about the SSLv3 CBC padding, not about any downgrade 
attack or support for the fallback SCSV


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39563 - data/CVE

2016-02-09 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-02-09 16:41:32 + (Tue, 09 Feb 2016)
New Revision: 39563

Modified:
   data/CVE/list
Log:
Mark CVE-2015-8550 as well not affecting qemu-kvm

Modified: data/CVE/list
===
--- data/CVE/list   2016-02-09 14:56:12 UTC (rev 39562)
+++ data/CVE/list   2016-02-09 16:41:32 UTC (rev 39563)
@@ -4842,10 +4842,11 @@
- linux-2.6 
[squeeze] - linux-2.6  (Xen not supported in Squeeze LTS)
- qemu 1:2.5+dfsg-2 (bug #809229)
-   [squeeze] - qemu  (Unsupported in Squeeze LTS)
[wheezy] - qemu  (vulnerable code not present)
+   [squeeze] - qemu  (vulnerable code not present)
- qemu-kvm 
-   [squeeze] - qemu-kvm  (Not supported in Squeeze LTS)
+   [wheezy] - qemu-kvm  (vulnerable code not present)
+   [squeeze] - qemu-kvm  (vulnerable code not present)
- xen 
[squeeze] - xen  (Unsupported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-155.html


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39564 - data/CVE

2016-02-09 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-02-09 16:41:40 + (Tue, 09 Feb 2016)
New Revision: 39564

Modified:
   data/CVE/list
Log:
Remove TODO item for CVE-2015-8666, affects wheezy and jessie according to 
maintainer

Modified: data/CVE/list
===
--- data/CVE/list   2016-02-09 16:41:32 UTC (rev 39563)
+++ data/CVE/list   2016-02-09 16:41:40 UTC (rev 39564)
@@ -3556,7 +3556,6 @@
NOTE: Upstream commit: 
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d9a3b33d2c9f996537b7f1d0246dee2d0120cefb
 (v2.5.0-rc1)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283722
NOTE: http://www.openwall.com/lists/oss-security/2015/12/24/1
-   TODO: check affected versions
 CVE-2016-1130
RESERVED
 CVE-2016-1129


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39565 - in data: CVE DSA

2016-02-09 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-02-09 16:41:49 + (Tue, 09 Feb 2016)
New Revision: 39565

Modified:
   data/CVE/list
   data/DSA/list
Log:
CVE-2016-1981 fixed in DSA-3469-1 and DSA-3470-1

Modified: data/CVE/list
===
--- data/CVE/list   2016-02-09 16:41:40 UTC (rev 39564)
+++ data/CVE/list   2016-02-09 16:41:49 UTC (rev 39565)
@@ -1126,7 +1126,7 @@
TODO: check
 CVE-2016-1981 [net: e1000 infinite loop in start_xmit and e1000_receive_iov 
routines]
RESERVED
-   {DSA-3471-1}
+   {DSA-3471-1 DSA-3470-1 DSA-3469-1}
- qemu 1:2.5+dfsg-5 (bug #812307)
[squeeze] - qemu  (Not supported in Squeeze LTS)
- qemu-kvm 

Modified: data/DSA/list
===
--- data/DSA/list   2016-02-09 16:41:40 UTC (rev 39564)
+++ data/DSA/list   2016-02-09 16:41:49 UTC (rev 39565)
@@ -6,10 +6,10 @@
{CVE-2015-7295 CVE-2015-7504 CVE-2015-7512 CVE-2015-7549 CVE-2015-8345 
CVE-2015-8504 CVE-2015-8550 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 
CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 
CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981}
[jessie] - qemu 1:2.1+dfsg-12+deb8u5
 [08 Feb 2016] DSA-3470-1 qemu-kvm - security update
-   {CVE-2015-7295 CVE-2015-7504 CVE-2015-7512 CVE-2015-8345 CVE-2015-8504 
CVE-2015-8558 CVE-2015-8743 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922}
+   {CVE-2015-7295 CVE-2015-7504 CVE-2015-7512 CVE-2015-8345 CVE-2015-8504 
CVE-2015-8558 CVE-2015-8743 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 
CVE-2016-1981}
[wheezy] - qemu-kvm 1.1.2+dfsg-6+deb7u12
 [08 Feb 2016] DSA-3469-1 qemu - security update
-   {CVE-2015-7295 CVE-2015-7504 CVE-2015-7512 CVE-2015-8345 CVE-2015-8504 
CVE-2015-8558 CVE-2015-8743 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922}
+   {CVE-2015-7295 CVE-2015-7504 CVE-2015-7512 CVE-2015-8345 CVE-2015-8504 
CVE-2015-8558 CVE-2015-8743 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 
CVE-2016-1981}
[wheezy] - qemu 1.1.2+dfsg-6a+deb7u12
 [06 Feb 2016] DSA-3468-1 polarssl - security update
{CVE-2015-5291 CVE-2015-8036}


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39567 - data

2016-02-09 Thread Chris Lamb

Author: lamby
Date: 2016-02-09 16:51:19 + (Tue, 09 Feb 2016)
New Revision: 39567

Modified:
   data/dla-needed.txt
Log:
Claim xymon in data/dla-needed.txt

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-02-09 16:48:27 UTC (rev 39566)
+++ data/dla-needed.txt 2016-02-09 16:51:19 UTC (rev 39567)
@@ -57,5 +57,5 @@
 --
 tiff
 --
-xymon
+xymon (Chris Lamb)
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39566 - data/DSA

2016-02-09 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-02-09 16:48:27 + (Tue, 09 Feb 2016)
New Revision: 39566

Modified:
   data/DSA/list
Log:
Use final version used for qemu update in jessie-security

Modified: data/DSA/list
===
--- data/DSA/list   2016-02-09 16:41:49 UTC (rev 39565)
+++ data/DSA/list   2016-02-09 16:48:27 UTC (rev 39566)
@@ -4,7 +4,7 @@
[jessie] - wordpress 4.1+dfsg-1+deb8u8
 [08 Feb 2016] DSA-3471-1 qemu - security update
{CVE-2015-7295 CVE-2015-7504 CVE-2015-7512 CVE-2015-7549 CVE-2015-8345 
CVE-2015-8504 CVE-2015-8550 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 
CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 
CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981}
-   [jessie] - qemu 1:2.1+dfsg-12+deb8u5
+   [jessie] - qemu 1:2.1+dfsg-12+deb8u5a
 [08 Feb 2016] DSA-3470-1 qemu-kvm - security update
{CVE-2015-7295 CVE-2015-7504 CVE-2015-7512 CVE-2015-8345 CVE-2015-8504 
CVE-2015-8558 CVE-2015-8743 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 
CVE-2016-1981}
[wheezy] - qemu-kvm 1.1.2+dfsg-6+deb7u12


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39568 - data/CVE

2016-02-09 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-02-09 16:57:16 + (Tue, 09 Feb 2016)
New Revision: 39568

Modified:
   data/CVE/list
Log:
Add CVE-2015-7511/libgcrypt

Modified: data/CVE/list
===
--- data/CVE/list   2016-02-09 16:51:19 UTC (rev 39567)
+++ data/CVE/list   2016-02-09 16:57:16 UTC (rev 39568)
@@ -9638,6 +9638,11 @@
NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06341.html
 CVE-2015-7511
RESERVED
+   - libgcrypt20 
+   - libgcrypt11 
+   NOTE: http://www.cs.tau.ac.IL/~tromer/ecdh/
+   NOTE: 
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=de7db12fa04016e12dffb2b678632f45eba15ec4
 (libgcrypt-1.6.5)
+   NOTE: 
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=88e1358962e902ff1cbec8d53ba3eee46407851a
 (master)
 CVE-2015-7510
RESERVED
 CVE-2015-7509 (fs/ext4/namei.c in the Linux kernel before 3.7 allows 
physically ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39574 - data/CVE

2016-02-09 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-02-09 19:24:22 + (Tue, 09 Feb 2016)
New Revision: 39574

Modified:
   data/CVE/list
Log:
Add fixed version for CVE-2015-7511 in experimental

Modified: data/CVE/list
===
--- data/CVE/list   2016-02-09 19:02:28 UTC (rev 39573)
+++ data/CVE/list   2016-02-09 19:24:22 UTC (rev 39574)
@@ -9650,6 +9650,7 @@
NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06341.html
 CVE-2015-7511
RESERVED
+   [experimental] - libgcrypt20 1.6.5-1
- libgcrypt20 
- libgcrypt11 
NOTE: http://www.cs.tau.ac.IL/~tromer/ecdh/


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39575 - data

2016-02-09 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-02-09 19:36:15 + (Tue, 09 Feb 2016)
New Revision: 39575

Modified:
   data/dsa-needed.txt
Log:
Add note for nginx in dsa-needed list

Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-02-09 19:24:22 UTC (rev 39574)
+++ data/dsa-needed.txt 2016-02-09 19:36:15 UTC (rev 39575)
@@ -44,6 +44,7 @@
 --
 nginx
   Maintainer proposed debdiff for jessie-security, wheezy-security needed.
+  carnil> changes for jessie-security look good in first review round
 --
 nss
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39573 - data/CVE

2016-02-09 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-02-09 19:02:28 + (Tue, 09 Feb 2016)
New Revision: 39573

Modified:
   data/CVE/list
Log:
Add new cacti issue

Modified: data/CVE/list
===
--- data/CVE/list   2016-02-09 18:32:35 UTC (rev 39572)
+++ data/CVE/list   2016-02-09 19:02:28 UTC (rev 39573)
@@ -1,3 +1,10 @@
+CVE-2016- [Authentication using web authentication as a user not in the 
cacti database allows complete access]
+   - cacti 
+   NOTE: 
http://svn.cacti.net/viewvc/cacti/tags/0.8.8g/docs/CHANGELOG?revision=7788=markup
+   NOTE: http://bugs.cacti.net/view.php?id=2656
+   NOTE: Upstream fix: http://svn.cacti.net/viewvc?view=rev=7770
+   NOTE: https://bugzilla.suse.com/show_bug.cgi?id=965930
+   NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/02/09/3
 CVE-2016- [Stack corruption from crafted pattern]
- pcre3 
[wheezy] - pcre3  (Vulnerable code not present)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39570 - data/CVE

2016-02-09 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-02-09 18:05:13 + (Tue, 09 Feb 2016)
New Revision: 39570

Modified:
   data/CVE/list
Log:
Update CVE-2016-2089/jasper

Modified: data/CVE/list
===
--- data/CVE/list   2016-02-09 17:31:15 UTC (rev 39569)
+++ data/CVE/list   2016-02-09 18:05:13 UTC (rev 39570)
@@ -569,9 +569,12 @@
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=93881
NOTE: Fixed by: 
http://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7
 (0.8.2)
NOTE: Introduced by: 
http://cgit.freedesktop.org/libbsd/commit/?id=a97ce513e031b29a47965b740be14fb9a84277fc
 (0.5.0)
-CVE-2016-2089 [invalid read in the JasPer's jas_matrix_clip() function]
+CVE-2016-2089 [matrix rows_ NULL pointer dereference in jas_matrix_clip()]
RESERVED
- jasper  (bug #812978)
+   [jessie] - jasper  (Minor issue)
+   [wheezy] - jasper  (Minor issue)
+   [squeeze] - jasper  (Minor issue)
 CVE-2016-2085
RESERVED
 CVE-2016-2084


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39571 - data/CVE

2016-02-09 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-02-09 18:25:46 + (Tue, 09 Feb 2016)
New Revision: 39571

Modified:
   data/CVE/list
Log:
Update CVE-2016-1526/graphite2

Modified: data/CVE/list
===
--- data/CVE/list   2016-02-09 18:05:13 UTC (rev 39570)
+++ data/CVE/list   2016-02-09 18:25:46 UTC (rev 39571)
@@ -2131,12 +2131,13 @@
RESERVED
 CVE-2016-1527
RESERVED
-CVE-2016-1526
+CVE-2016-1526 [denial-of-service]
RESERVED
-   - graphite2 
+   - graphite2 
NOTE: 
http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
-   NOTE: Talos Blog mentions this CVE, but it is not listed in 
http://talosintel.com/vulnerability-reports/
-   NOTE: so needs to be double checked
+   NOTE: Talos Blog mentions this CVE, but it is not listed in
+   NOTE: http://talosintel.com/vulnerability-reports/
+   TODO: check
 CVE-2016-1525
RESERVED
 CVE-2016-1524


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39572 - data/CVE

2016-02-09 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-02-09 18:32:35 + (Tue, 09 Feb 2016)
New Revision: 39572

Modified:
   data/CVE/list
Log:
Update information for CVE-2016-2198/qemu

Modified: data/CVE/list
===
--- data/CVE/list   2016-02-09 18:25:46 UTC (rev 39571)
+++ data/CVE/list   2016-02-09 18:32:35 UTC (rev 39572)
@@ -518,12 +518,11 @@
 CVE-2016-2198 [usb: ehci null pointer dereference in ehci_caps_write]
RESERVED
- qemu  (bug #813193)
-   [squeeze] - qemu  (Not supported in Squeeze LTS)
-   - qemu-kvm 
-   [squeeze] - qemu-kvm  (Not supported in Squeeze LTS)
+   [wheezy] - qemu  (Introduced after v1.2.0)
+   [squeeze] - qemu  (Introduced after v1.2.0)
+   - qemu-kvm  (Introduced after v1.2.0)
NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg05899.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1301643
-   TODO: check versions
 CVE-2016-2197 [ide: ahci null pointer dereference when using FIS CLB engines]
RESERVED
- qemu  (bug #813194)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39578 - data/CVE

2016-02-09 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-02-10 05:27:52 + (Wed, 10 Feb 2016)
New Revision: 39578

Modified:
   data/CVE/list
Log:
Reference additional needed commit for CVE-2015-7511 and libgcrypt20

Modified: data/CVE/list
===
--- data/CVE/list   2016-02-10 05:05:35 UTC (rev 39577)
+++ data/CVE/list   2016-02-10 05:27:52 UTC (rev 39578)
@@ -9655,6 +9655,7 @@
- libgcrypt11 
NOTE: http://www.cs.tau.ac.IL/~tromer/ecdh/
NOTE: 
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=de7db12fa04016e12dffb2b678632f45eba15ec4
 (libgcrypt-1.6.5)
+   NOTE: 
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=28eb424e4427b320ec1c9c4ce56af25d495230bd
 (libgcrypt-1.6.5)
NOTE: 
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=88e1358962e902ff1cbec8d53ba3eee46407851a
 (master)
 CVE-2015-7510
RESERVED


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39577 - data

2016-02-09 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-02-10 05:05:35 + (Wed, 10 Feb 2016)
New Revision: 39577

Modified:
   data/dsa-needed.txt
Log:
Add libgcrypt20 to dsa-needed list

Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-02-09 20:32:09 UTC (rev 39576)
+++ data/dsa-needed.txt 2016-02-10 05:05:35 UTC (rev 39577)
@@ -30,6 +30,9 @@
 --
 libav/oldstable
 --
+libgcrypt20 (carnil)
+  NOTE: still need to check libgcrypt11 as well
+--
 libidn
   Working debdiff for wheezy-security at
   https://people.debian.org/~ghedo/libidn_1.25-2+deb7u1.diff


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39569 - data/CVE

2016-02-09 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-02-09 17:31:15 + (Tue, 09 Feb 2016)
New Revision: 39569

Modified:
   data/CVE/list
Log:
Update one pcre3 issue, mark as no-dsa

Modified: data/CVE/list
===
--- data/CVE/list   2016-02-09 16:57:16 UTC (rev 39568)
+++ data/CVE/list   2016-02-09 17:31:15 UTC (rev 39569)
@@ -6,10 +6,12 @@
NOTE: https://bugs.exim.org/show_bug.cgi?id=1780
NOTE: Possibly introduced after 
http://vcs.pcre.org/pcre?view=revision=1266
 CVE-2016- [Heap buffer overflow in main function of pcretest.c]
-   - pcre3 
-   - pcre2 
+   - pcre3 
+   [jessie] - pcre3  (Minor issue)
+   [wheezy] - pcre3  (Minor issue)
+   [squeeze] - pcre3  (Minor issue)
+   - pcre2  (Vulnerable code not present)
NOTE: https://bugs.exim.org/show_bug.cgi?id=1777
-   TODO: check
 CVE-2016-2242
RESERVED
 CVE-2016-2241


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39576 - data

[Secure-testing-commits] r39557 - data/CVE

[Secure-testing-commits] r39558 - data/CVE

[Secure-testing-commits] r39562 - data

[Secure-testing-commits] r39559 - data/CVE

[Secure-testing-commits] r39561 - data/CVE

[Secure-testing-commits] r39560 - data/CVE

[Secure-testing-commits] r39563 - data/CVE

[Secure-testing-commits] r39564 - data/CVE

[Secure-testing-commits] r39565 - in data: CVE DSA

[Secure-testing-commits] r39567 - data

[Secure-testing-commits] r39566 - data/DSA

[Secure-testing-commits] r39568 - data/CVE

[Secure-testing-commits] r39574 - data/CVE

[Secure-testing-commits] r39575 - data

[Secure-testing-commits] r39573 - data/CVE

[Secure-testing-commits] r39570 - data/CVE

[Secure-testing-commits] r39571 - data/CVE

[Secure-testing-commits] r39572 - data/CVE

[Secure-testing-commits] r39578 - data/CVE

[Secure-testing-commits] r39577 - data

[Secure-testing-commits] r39569 - data/CVE

22 matches

Site Navigation

Mail list logo

Footer information