[Secure-testing-commits] r39753 - data/CVE
Author: carnil
Date: 2016-02-18 06:07:49 + (Thu, 18 Feb 2016)
New Revision: 39753
Modified:
data/CVE/list
Log:
Adjust fixing version for libreoffice, thanks Rene Engelhard
Modified: data/CVE/list
===
--- data/CVE/list 2016-02-18 05:42:42 UTC (rev 39752)
+++ data/CVE/list 2016-02-18 06:07:49 UTC (rev 39753)
@@ -4979,12 +4979,12 @@
CVE-2016-0795
RESERVED
{DSA-3482-1}
- - libreoffice 1:5.1.0~rc1-1
+ - libreoffice 1:5.0.5~rc1-1
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2016-0795/
CVE-2016-0794
RESERVED
{DSA-3482-1}
- - libreoffice 1:5.1.0~rc1-1
+ - libreoffice 1:5.0.5~rc1-1
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2016-0794/
CVE-2016-0793
RESERVED
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39752 - data/CVE
Author: carnil Date: 2016-02-18 05:42:42 + (Thu, 18 Feb 2016) New Revision: 39752 Modified: data/CVE/list Log: Mark some NFUs Modified: data/CVE/list === --- data/CVE/list 2016-02-17 21:10:13 UTC (rev 39751) +++ data/CVE/list 2016-02-18 05:42:42 UTC (rev 39752) @@ -3861,15 +3861,15 @@ CVE-2016-1154 RESERVED CVE-2016-1153 (customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote ...) - TODO: check + NOT-FOR-US: Cybozu Office CVE-2016-1152 (Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users ...) - TODO: check + NOT-FOR-US: Cybozu Office CVE-2016-1151 (Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu ...) - TODO: check + NOT-FOR-US: Cybozu Office CVE-2016-1150 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 ...) - TODO: check + NOT-FOR-US: Cybozu Office CVE-2016-1149 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 ...) - TODO: check + NOT-FOR-US: Cybozu Office CVE-2016-1148 RESERVED CVE-2016-1147 @@ -6741,19 +6741,19 @@ CVE-2015-8490 RESERVED CVE-2015-8489 (customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote ...) - TODO: check + NOT-FOR-US: Cybozu Office CVE-2015-8488 (Cybozu Office 10.3.0 allows remote attackers to read image files via a ...) - TODO: check + NOT-FOR-US: Cybozu Office CVE-2015-8487 (Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover ...) - TODO: check + NOT-FOR-US: Cybozu Office CVE-2015-8486 (Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users ...) - TODO: check + NOT-FOR-US: Cybozu Office CVE-2015-8485 (Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users ...) - TODO: check + NOT-FOR-US: Cybozu Office CVE-2015-8484 (Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users ...) - TODO: check + NOT-FOR-US: Cybozu Office CVE-2015-8483 (Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 ...) - TODO: check + NOT-FOR-US: Cybozu Office CVE-2015-8482 (Blue Coat Unified Agent before 4.6.2 does not prevent modification of ...) NOT-FOR-US: Blue Coat Unified Agent CVE-2015-8481 (Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA ...) @@ -9309,13 +9309,13 @@ NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0baa57d8dc32db78369d8b5176ef56c5e2e18ab3 NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ab42d78e37a294ac7bc56901d563c642e03c4ae CVE-2015-7798 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 ...) - TODO: check + NOT-FOR-US: Cybozu Office CVE-2015-7797 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 ...) - TODO: check + NOT-FOR-US: Cybozu Office CVE-2015-7796 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 ...) - TODO: check + NOT-FOR-US: Cybozu Office CVE-2015-7795 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 ...) - TODO: check + NOT-FOR-US: Cybozu Office CVE-2015-7794 (Corega CG-WLNCM4G devices provide an open DNS resolver, which allows ...) TODO: check CVE-2015-7793 (Corega CG-WLBARAGM devices provide an open proxy service, which allows ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39751 - data/CVE
Author: sectracker
Date: 2016-02-17 21:10:13 + (Wed, 17 Feb 2016)
New Revision: 39751
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2016-02-17 19:11:30 UTC (rev 39750)
+++ data/CVE/list 2016-02-17 21:10:13 UTC (rev 39751)
@@ -1,3 +1,21 @@
+CVE-2016-2395
+ RESERVED
+CVE-2016-2394
+ RESERVED
+CVE-2016-2393
+ RESERVED
+CVE-2016-2389 (Directory traversal vulnerability in the Manufacturing
Integration and ...)
+ TODO: check
+CVE-2016-2388 (The Universal Worklist Configuration in SAP NetWeaver 7.4
allows ...)
+ TODO: check
+CVE-2016-2387 (Cross-site scripting (XSS) vulnerability in the Java Proxy
Runtime ...)
+ TODO: check
+CVE-2016-2386 (SQL injection vulnerability in the UDDI server in SAP NetWeaver
J2EE ...)
+ TODO: check
+CVE-2015-8815
+ RESERVED
+CVE-2015-8814
+ RESERVED
CVE-2016- [open redirect]
- graphite-web
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/02/17/7
@@ -3,4 +21,5 @@
NOTE: https://github.com/graphite-project/graphite-web/issues/1441
CVE-2016-2392 [usb: null pointer dereference in remote NDIS control message
handling]
+ RESERVED
- qemu (bug #815008)
[jessie] - qemu (Minor issue)
@@ -13,6 +32,7 @@
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg02553.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1302299
CVE-2016-2391 [usb: multiple eof_timers in ohci leads to null pointer
dereference]
+ RESERVED
- qemu (bug #815009)
[jessie] - qemu (Minor issue)
[wheezy] - qemu (Minor issue)
@@ -24,6 +44,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1304794
NOTE: http://www.openwall.com/lists/oss-security/2016/02/16/2
CVE-2016-2390 [Segfault on Certain SSL Handshake Errors]
+ RESERVED
- squid (unimportant)
- squid3 3.5.14-1 (unimportant)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_1.txt
@@ -133,6 +154,7 @@
CVE-2016-2331
RESERVED
CVE-2016-2385 [SEAS Module Heap overflow]
+ RESERVED
- kamailio
NOTE:
https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643
TODO: check
@@ -443,6 +465,7 @@
CVE-2016-2243
RESERVED
CVE-2015-8813
+ RESERVED
NOT-FOR-US: Umbraco
CVE-2015-8812 [Flaw in CXGB3 driver]
RESERVED
@@ -3087,10 +3110,10 @@
RESERVED
CVE-2016-1332
RESERVED
-CVE-2016-1331
- RESERVED
-CVE-2016-1330
- RESERVED
+CVE-2016-1331 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco
Emergency ...)
+ TODO: check
+CVE-2016-1330 (Cisco IOS 15.2(4)E on Industrial Ethernet 2000 devices allows
remote ...)
+ TODO: check
CVE-2016-1329
RESERVED
CVE-2016-1328
@@ -3107,8 +3130,8 @@
TODO: check
CVE-2016-1322 (The REST interface in Cisco Spark 2015-07-04 allows remote
attackers ...)
TODO: check
-CVE-2016-1321
- RESERVED
+CVE-2016-1321 (Cisco Universal Small Cell devices with firmware R2.12 through
R3.5 ...)
+ TODO: check
CVE-2016-1320 (The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local
users ...)
TODO: check
CVE-2016-1319 (Cisco Unified Communications Manager (aka CallManager) ...)
@@ -3837,16 +3860,16 @@
RESERVED
CVE-2016-1154
RESERVED
-CVE-2016-1153
- RESERVED
-CVE-2016-1152
- RESERVED
-CVE-2016-1151
- RESERVED
-CVE-2016-1150
- RESERVED
-CVE-2016-1149
- RESERVED
+CVE-2016-1153 (customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote
...)
+ TODO: check
+CVE-2016-1152 (Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated
users ...)
+ TODO: check
+CVE-2016-1151 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Cybozu ...)
+ TODO: check
+CVE-2016-1150 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0
...)
+ TODO: check
+CVE-2016-1149 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0
...)
+ TODO: check
CVE-2016-1148
RESERVED
CVE-2016-1147
@@ -4955,10 +4978,12 @@
RESERVED
CVE-2016-0795
RESERVED
+ {DSA-3482-1}
- libreoffice 1:5.1.0~rc1-1
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2016-0795/
CVE-2016-0794
RESERVED
+ {DSA-3482-1}
- libreoffice 1:5.1.0~rc1-1
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2016-0794/
CVE-2016-0793
@@ -5075,8 +5100,7 @@
CVE-2016-0754 (cURL before 7.47.0 on Windows allows attackers to write to
arbitrary ...)
- curl (Windows only)
NOTE: http://curl.haxx.se/docs/adv_20160127B.html
-CVE-2016-0753 [Possible Input Validation Circumvention in Active Model]
- RESERVED
+CVE-2016-0753 (Active Model in Ruby on Rails 4.1.
[Secure-testing-commits] r39750 - in data: . CVE
Author: benh Date: 2016-02-17 19:11:30 + (Wed, 17 Feb 2016) New Revision: 39750 Modified: data/CVE/list data/dla-needed.txt Log: Triage new issues for squeeze CVE-2015-8806, CVE-2016-2073 are reproducible in xmllint. linux-2.6 still has issues to be fixed and will get another update. Modified: data/CVE/list === --- data/CVE/list 2016-02-17 18:00:48 UTC (rev 39749) +++ data/CVE/list 2016-02-17 19:11:30 UTC (rev 39750) @@ -878,7 +878,6 @@ RESERVED - libxml2 (bug #813613) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=749115 - TODO: confirm if squeeze is affected as well CVE-2015-8805 [miscomputation bugs in secp-256r1 modulo functions] RESERVED - nettle 3.2-1 (bug #813679) @@ -1114,7 +1113,6 @@ - libxml2 (bug #812807) NOTE: http://www.openwall.com/lists/oss-security/2016/01/25/6 NOTE: http://www.openwall.com/lists/oss-security/2016/01/26/8 has details - TODO: confirm if squeeze is affected as well CVE-2016-2070 [division by zero in TCP code] RESERVED - linux 4.3.5-1 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-02-17 18:00:48 UTC (rev 39749) +++ data/dla-needed.txt 2016-02-17 19:11:30 UTC (rev 39750) @@ -40,6 +40,10 @@ -- libmatroska (Chris Lamb) -- +libxml2 +-- +linux-2.6 (Ben Hutchings) +-- lxc (Mike Gabriel) NOTE: waiting for upstream feedback: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662/comments/77 -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39749 - data/CVE
Author: carnil Date: 2016-02-17 18:00:48 + (Wed, 17 Feb 2016) New Revision: 39749 Modified: data/CVE/list Log: Add temporary item for graphite-web Modified: data/CVE/list === --- data/CVE/list 2016-02-17 17:00:01 UTC (rev 39748) +++ data/CVE/list 2016-02-17 18:00:48 UTC (rev 39749) @@ -1,3 +1,7 @@ +CVE-2016- [open redirect] + - graphite-web + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/17/7 + NOTE: https://github.com/graphite-project/graphite-web/issues/1441 CVE-2016-2392 [usb: null pointer dereference in remote NDIS control message handling] - qemu (bug #815008) [jessie] - qemu (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39748 - data/CVE
Author: carnil Date: 2016-02-17 17:00:01 + (Wed, 17 Feb 2016) New Revision: 39748 Modified: data/CVE/list Log: Add bug references for qemu, #815008, #815009 Modified: data/CVE/list === --- data/CVE/list 2016-02-17 16:36:00 UTC (rev 39747) +++ data/CVE/list 2016-02-17 17:00:01 UTC (rev 39748) @@ -1,5 +1,5 @@ CVE-2016-2392 [usb: null pointer dereference in remote NDIS control message handling] - - qemu + - qemu (bug #815008) [jessie] - qemu (Minor issue) [wheezy] - qemu (Minor issue) [squeeze] - qemu (Not supported in Squeeze LTS) @@ -9,7 +9,7 @@ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg02553.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1302299 CVE-2016-2391 [usb: multiple eof_timers in ohci leads to null pointer dereference] - - qemu + - qemu (bug #815009) [jessie] - qemu (Minor issue) [wheezy] - qemu (Minor issue) [squeeze] - qemu (Not supported in Squeeze LTS) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39747 - data/CVE
Author: carnil Date: 2016-02-17 16:36:00 + (Wed, 17 Feb 2016) New Revision: 39747 Modified: data/CVE/list Log: Mark CVE-2016-2391/qemu as no-dsa Modified: data/CVE/list === --- data/CVE/list 2016-02-17 16:33:51 UTC (rev 39746) +++ data/CVE/list 2016-02-17 16:36:00 UTC (rev 39747) @@ -10,13 +10,15 @@ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1302299 CVE-2016-2391 [usb: multiple eof_timers in ohci leads to null pointer dereference] - qemu + [jessie] - qemu (Minor issue) + [wheezy] - qemu (Minor issue) [squeeze] - qemu (Not supported in Squeeze LTS) - qemu-kvm + [wheezy] - qemu-kvm (Minor issue) [squeeze] - qemu-kvm (Not supported in Squeeze LTS) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03374.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1304794 NOTE: http://www.openwall.com/lists/oss-security/2016/02/16/2 - TODO: check affected versions CVE-2016-2390 [Segfault on Certain SSL Handshake Errors] - squid (unimportant) - squid3 3.5.14-1 (unimportant) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39746 - data/CVE
Author: carnil Date: 2016-02-17 16:33:51 + (Wed, 17 Feb 2016) New Revision: 39746 Modified: data/CVE/list Log: Mark CVE-2016-2392 as no-dsa Modified: data/CVE/list === --- data/CVE/list 2016-02-17 16:23:00 UTC (rev 39745) +++ data/CVE/list 2016-02-17 16:33:51 UTC (rev 39746) @@ -1,11 +1,13 @@ CVE-2016-2392 [usb: null pointer dereference in remote NDIS control message handling] - qemu + [jessie] - qemu (Minor issue) + [wheezy] - qemu (Minor issue) [squeeze] - qemu (Not supported in Squeeze LTS) - qemu-kvm + [wheezy] - qemu-kvm (Minor issue) [squeeze] - qemu-kvm (Not supported in Squeeze LTS) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg02553.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1302299 - TODO: check affected versions CVE-2016-2391 [usb: multiple eof_timers in ohci leads to null pointer dereference] - qemu [squeeze] - qemu (Not supported in Squeeze LTS) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39745 - data/CVE
Author: agx Date: 2016-02-17 16:23:00 + (Wed, 17 Feb 2016) New Revision: 39745 Modified: data/CVE/list Log: Xen unsupported in squeeze-lts Modified: data/CVE/list === --- data/CVE/list 2016-02-17 16:10:28 UTC (rev 39744) +++ data/CVE/list 2016-02-17 16:23:00 UTC (rev 39745) @@ -371,11 +371,13 @@ CVE-2016-2271 [XSA-170: VMX: guest user mode may crash guest with non-canonical RIP] RESERVED - xen + [squeeze] - xen (Unsupported in Squeeze LTS) NOTE: http://xenbits.xen.org/xsa/advisory-170.html TODO: check CVE-2016-2270 [XSA-154: x86: inconsistent cachability flags on guest mappings] RESERVED - xen + [squeeze] - xen (Unsupported in Squeeze LTS) NOTE: http://xenbits.xen.org/xsa/advisory-154.html TODO: check CVE-2016-2269 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39744 - data/CVE
Author: agx
Date: 2016-02-17 16:10:28 + (Wed, 17 Feb 2016)
New Revision: 39744
Modified:
data/CVE/list
Log:
qemu-{,kvm} not supported in squeeze-lts
Modified: data/CVE/list
===
--- data/CVE/list 2016-02-17 15:52:28 UTC (rev 39743)
+++ data/CVE/list 2016-02-17 16:10:28 UTC (rev 39744)
@@ -1,6 +1,8 @@
CVE-2016-2392 [usb: null pointer dereference in remote NDIS control message
handling]
- qemu
+ [squeeze] - qemu (Not supported in Squeeze LTS)
- qemu-kvm
+ [squeeze] - qemu-kvm (Not supported in Squeeze LTS)
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg02553.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1302299
TODO: check affected versions
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39743 - data/CVE
Author: carnil Date: 2016-02-17 15:52:28 + (Wed, 17 Feb 2016) New Revision: 39743 Modified: data/CVE/list Log: Add references for libreoffice issues Modified: data/CVE/list === --- data/CVE/list 2016-02-17 15:28:31 UTC (rev 39742) +++ data/CVE/list 2016-02-17 15:52:28 UTC (rev 39743) @@ -4946,9 +4946,11 @@ CVE-2016-0795 RESERVED - libreoffice 1:5.1.0~rc1-1 + NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2016-0795/ CVE-2016-0794 RESERVED - libreoffice 1:5.1.0~rc1-1 + NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2016-0794/ CVE-2016-0793 RESERVED CVE-2016-0792 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39742 - data/CVE
Author: carnil Date: 2016-02-17 15:28:31 + (Wed, 17 Feb 2016) New Revision: 39742 Modified: data/CVE/list Log: Add CVE-2016-2271/xen Modified: data/CVE/list === --- data/CVE/list 2016-02-17 15:27:37 UTC (rev 39741) +++ data/CVE/list 2016-02-17 15:28:31 UTC (rev 39742) @@ -366,8 +366,11 @@ RESERVED CVE-2016-2272 RESERVED -CVE-2016-2271 +CVE-2016-2271 [XSA-170: VMX: guest user mode may crash guest with non-canonical RIP] RESERVED + - xen + NOTE: http://xenbits.xen.org/xsa/advisory-170.html + TODO: check CVE-2016-2270 [XSA-154: x86: inconsistent cachability flags on guest mappings] RESERVED - xen ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39741 - data/CVE
Author: carnil Date: 2016-02-17 15:27:37 + (Wed, 17 Feb 2016) New Revision: 39741 Modified: data/CVE/list Log: Add CVE-2016-2270/xen Modified: data/CVE/list === --- data/CVE/list 2016-02-17 11:41:10 UTC (rev 39740) +++ data/CVE/list 2016-02-17 15:27:37 UTC (rev 39741) @@ -368,8 +368,11 @@ RESERVED CVE-2016-2271 RESERVED -CVE-2016-2270 +CVE-2016-2270 [XSA-154: x86: inconsistent cachability flags on guest mappings] RESERVED + - xen + NOTE: http://xenbits.xen.org/xsa/advisory-154.html + TODO: check CVE-2016-2269 RESERVED CVE-2016-2268 (Dell SecureWorks app before 2.1 for iOS does not validate SSL ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39740 - data/CVE
Author: carnil Date: 2016-02-17 11:41:10 + (Wed, 17 Feb 2016) New Revision: 39740 Modified: data/CVE/list Log: CVE-2016-1494/python-rsa, #809980 fixed in unstable Modified: data/CVE/list === --- data/CVE/list 2016-02-17 10:48:05 UTC (rev 39739) +++ data/CVE/list 2016-02-17 11:41:10 UTC (rev 39740) @@ -3217,7 +3217,7 @@ NOTE: Fixed as well in v3.16.7-ckt18 (commit: 6a64d8c4c07c176abee384803f28fa1507963369) NOTE: Introduced by: https://git.kernel.org/linus/ec011fe847347b40c60fdb5085f65227762e2e08 (v3.13-rc1) CVE-2016-1494 (The verify function in the RSA package for Python (Python-RSA) before ...) - - python-rsa (bug #809980) + - python-rsa 3.2.3-1.1 (bug #809980) NOTE: proposed fix: https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by/diff NOTE: https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/ CVE-2015-8604 [SQL Injection in graphs_new.php] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39739 - in data: . DSA
Author: seb
Date: 2016-02-17 10:48:05 + (Wed, 17 Feb 2016)
New Revision: 39739
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
Reserve DSA-3482-1 for CVE-2016-0794 and CVE-2016-0795 (libreoffice)
Modified: data/DSA/list
===
--- data/DSA/list 2016-02-17 09:52:58 UTC (rev 39738)
+++ data/DSA/list 2016-02-17 10:48:05 UTC (rev 39739)
@@ -1,3 +1,7 @@
+[17 Feb 2016] DSA-3482-1 libreoffice - security update
+ {CVE-2016-0794 CVE-2016-0795}
+ [wheezy] - libreoffice 3.5.4+dfsg2-0+deb7u6
+ [jessie] - libreoffice 4.3.3-2+deb8u3
[16 Feb 2016] DSA-3481-1 glibc - security update
{CVE-2015-7547 CVE-2015-8776 CVE-2015-8778 CVE-2015-8779}
[jessie] - glibc 2.19-18+deb8u3
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-02-17 09:52:58 UTC (rev 39738)
+++ data/dsa-needed.txt 2016-02-17 10:48:05 UTC (rev 39739)
@@ -39,8 +39,6 @@
https://people.debian.org/~ghedo/libidn_1.29-1+deb8u1.diff
Help is needed to fix it so that it doesn't FTBFS
--
-libreoffice (seb)
---
linux
Wait until more severe issues have accumulated
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39738 - in data: . DLA
Author: santiago
Date: 2016-02-17 09:52:58 + (Wed, 17 Feb 2016)
New Revision: 39738
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-419-1 for gtk+2.0
Modified: data/DLA/list
===
--- data/DLA/list 2016-02-17 06:12:58 UTC (rev 39737)
+++ data/DLA/list 2016-02-17 09:52:58 UTC (rev 39738)
@@ -1,3 +1,6 @@
+[17 Feb 2016] DLA-419-1 gtk+2.0 - security update
+ {CVE-2013-7447}
+ [squeeze] - gtk+2.0 2.20.1-2+deb6u1
[16 Feb 2016] DLA-418-1 wordpress - security update
{CVE-2016-2221 CVE-2016-}
[squeeze] - wordpress 3.6.1+dfsg-1~deb6u9
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-02-17 06:12:58 UTC (rev 39737)
+++ data/dla-needed.txt 2016-02-17 09:52:58 UTC (rev 39738)
@@ -25,8 +25,6 @@
graphicsmagick
NOTE: CVE-2016-231{8,9} don't have upstream fixes but we crash on the
exploits
--
-gtk+2.0 (Santiago R.R.)
---
icu
NOTE: check comments on CVE-2016-0494 as well
NOTE: tentative package for icu
https://lists.debian.org/debian-lts/2016/01/msg00133.html
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
