[Secure-testing-commits] r39767 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2016-02-19 06:34:15 + (Fri, 19 Feb 2016)
New Revision: 39767

Modified:
   data/CVE/list
Log:
Add bug reference for didiwiki issue, #815111

Modified: data/CVE/list
===
--- data/CVE/list   2016-02-19 06:28:44 UTC (rev 39766)
+++ data/CVE/list   2016-02-19 06:34:15 UTC (rev 39767)
@@ -1,5 +1,5 @@
 CVE-2016- [path traversal vulnerability]
-   - didiwiki 0.5-12
+   - didiwiki 0.5-12 (bug #815111)
NOTE: https://github.com/OpenedHand/didiwiki/pull/1/files
 CVE-2016-2402
RESERVED


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39764 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2016-02-19 06:01:48 + (Fri, 19 Feb 2016)
New Revision: 39764

Modified:
   data/CVE/list
Log:
macopix fixed in unstable

Modified: data/CVE/list
===
--- data/CVE/list   2016-02-18 21:15:17 UTC (rev 39763)
+++ data/CVE/list   2016-02-19 06:01:48 UTC (rev 39764)
@@ -4607,7 +4607,7 @@
RESERVED
{DSA-3452-1 DLA-383-1}
- claws-mail 3.13.1-1
-   - macopix 
+   - macopix 1.7.4-6
[jessie] - macopix  (Minor issue)
[wheezy] - macopix  (Minor issue)
NOTE: 
http://git.claws-mail.org/?p=claws.git;a=commit;h=d390fa07f5548f3173dd9cc13b233db5ce934c82
 (3.13.1)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39763 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2016-02-18 21:15:17 + (Thu, 18 Feb 2016)
New Revision: 39763

Modified:
   data/CVE/list
Log:
Manually fix cross references to not wait next automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2016-02-18 21:13:46 UTC (rev 39762)
+++ data/CVE/list   2016-02-18 21:15:17 UTC (rev 39763)
@@ -561,7 +561,7 @@
RESERVED
 CVE-2014-9765 [Buffer overflow]
RESERVED
-   {DLA-420-1 DLA-417-1}
+   {DLA-417-1}
- xdelta3 3.0.8-dfsg-1.1 (bug #814067)
NOTE: 
https://github.com/jmacd/xdelta-devel/commit/ef93ff74203e030073b898c05e8b4860b5d09ef2
NOTE: http://www.openwall.com/lists/oss-security/2016/02/08/1
@@ -1062,6 +1062,7 @@
NOTE: libv8 is not covered by security support
NOTE: 
https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/
 CVE-2015-8792 (The KaxInternalBlock::ReadData function in libMatroska before 
1.4.4 ...)
+   {DLA-420-1}
- libmatroska 1.4.4-1
NOTE: 
http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html
NOTE: 
https://github.com/Matroska-Org/libmatroska/commit/0a2d3e3644a7453b6513db2f9bc270f77943573f


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39762 - data/DLA

[Salvatore Bonaccorso]

Author: carnil
Date: 2016-02-18 21:13:46 + (Thu, 18 Feb 2016)
New Revision: 39762

Modified:
   data/DLA/list
Log:
DLA-420-1 referenced a CVE for xdelta3, adjust to CVE-2015-8792

Modified: data/DLA/list
===
--- data/DLA/list   2016-02-18 21:10:13 UTC (rev 39761)
+++ data/DLA/list   2016-02-18 21:13:46 UTC (rev 39762)
@@ -1,5 +1,5 @@
 [18 Feb 2016] DLA-420-1 libmatroska - security update
-   {CVE-2014-9765}
+   {CVE-2015-8792}
[squeeze] - libmatroska 0.8.1-1.1+deb6u1
 [17 Feb 2016] DLA-419-1 gtk+2.0 - security update
{CVE-2013-7447}


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39761 - data/CVE

[security tracker role]

Author: sectracker
Date: 2016-02-18 21:10:13 + (Thu, 18 Feb 2016)
New Revision: 39761

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2016-02-18 20:20:17 UTC (rev 39760)
+++ data/CVE/list   2016-02-18 21:10:13 UTC (rev 39761)
@@ -1,3 +1,17 @@
+CVE-2016-2402
+   RESERVED
+CVE-2016-2401
+   RESERVED
+CVE-2016-2400
+   RESERVED
+CVE-2016-2399
+   RESERVED
+CVE-2016-2398 (Comcast XFINITY Home Security System does not properly maintain 
...)
+   TODO: check
+CVE-2016-2397 (The cliserver implementation in Dell SonicWALL GMS, Analyzer, 
and UMA ...)
+   TODO: check
+CVE-2016-2396 (The GMS ViewPoint (GMSVP) web application in Dell SonicWALL 
GMS, ...)
+   TODO: check
 CVE-2016-2395
RESERVED
 CVE-2016-2394
@@ -547,7 +561,7 @@
RESERVED
 CVE-2014-9765 [Buffer overflow]
RESERVED
-   {DLA-417-1}
+   {DLA-420-1 DLA-417-1}
- xdelta3 3.0.8-dfsg-1.1 (bug #814067)
NOTE: 
https://github.com/jmacd/xdelta-devel/commit/ef93ff74203e030073b898c05e8b4860b5d09ef2
NOTE: http://www.openwall.com/lists/oss-security/2016/02/08/1
@@ -1108,10 +1122,10 @@
RESERVED
 CVE-2016-2074
RESERVED
-CVE-2016-2072
-   RESERVED
-CVE-2016-2071
-   RESERVED
+CVE-2016-2072 (The Administrative Web Interface in Citrix NetScaler 
Application ...)
+   TODO: check
+CVE-2016-2071 (Citrix NetScaler Application Delivery Controller (ADC) and 
NetScaler ...)
+   TODO: check
 CVE-2015-8787 (The nf_nat_redirect_ipv4 function in 
net/netfilter/nf_nat_redirect.c ...)
- linux 4.3.5-1
[jessie] - linux  (Vulnerable code introduced in 
v3.19-rc1)
@@ -1194,8 +1208,8 @@
[wheezy] - python-django  (Only affects 1.9)
[squeeze] - python-django  (Only affects 1.9)
NOTE: 
https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189/
-CVE-2016-2046
-   RESERVED
+CVE-2016-2046 (Cross-site scripting (XSS) vulnerability in the Nessus Web UI 
in ...)
+   TODO: check
 CVE-2016-2045
RESERVED
- phpmyadmin 4:4.5.4-1
@@ -3111,10 +3125,10 @@
RESERVED
 CVE-2016-1335
RESERVED
-CVE-2016-1334
-   RESERVED
-CVE-2016-1333
-   RESERVED
+CVE-2016-1334 (Cisco Small Business 500 Wireless Access Point devices with 
firmware ...)
+   TODO: check
+CVE-2016-1333 (Cisco IOS 15.5(3)M and 15.6(1)T0a on Cisco 1000 Connected Grid 
routers ...)
+   TODO: check
 CVE-2016-1332
RESERVED
 CVE-2016-1331 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco 
Emergency ...)
@@ -4460,9 +4474,9 @@
TODO: check
 CVE-2016-0951 (Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 
...)
TODO: check
-CVE-2016-0950 (Adobe Connect before 95.2 allows remote attackers to spoof the 
user ...)
+CVE-2016-0950 (Adobe Connect before 9.5.2 allows remote attackers to spoof the 
user ...)
TODO: check
-CVE-2016-0949 (Adobe Connect before 95.2 allows remote attackers to have an 
...)
+CVE-2016-0949 (Adobe Connect before 9.5.2 allows remote attackers to have an 
...)
TODO: check
 CVE-2016-0948 (Cross-site request forgery (CSRF) vulnerability in Adobe 
Connect ...)
TODO: check
@@ -5044,8 +5058,7 @@
- linux-2.6 
NOTE: https://rhn.redhat.com/errata/RHSA-2016-0103.html
NOTE: The upstream fix for 3.16 was correct, but wheezy had a 
incomplete backport
-CVE-2016-0773
-   RESERVED
+CVE-2016-0773 (PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 
9.3.11, ...)
{DSA-3476-1 DSA-3475-1}
- postgresql-9.5 9.5.1-1
- postgresql-9.4 
@@ -5064,8 +5077,7 @@
RESERVED
 CVE-2016-0767
RESERVED
-CVE-2016-0766
-   RESERVED
+CVE-2016-0766 (PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 
9.3.11, ...)
{DSA-3476-1 DSA-3475-1}
- postgresql-9.5 9.5.1
- postgresql-9.4 
@@ -7793,10 +7805,10 @@
RESERVED
 CVE-2015-8288
RESERVED
-CVE-2015-8287
-   RESERVED
-CVE-2015-8286
-   RESERVED
+CVE-2015-8287 (Swann SRNVW-470LCD devices with firmware through 0114 and 
SWNVW-470CAM ...)
+   TODO: check
+CVE-2015-8286 (Zhuhai RaySharp firmware has a hardcoded root password, which 
makes it ...)
+   TODO: check
 CVE-2015-8285
RESERVED
 CVE-2015-8284
@@ -8186,8 +8198,7 @@
RESERVED
 CVE-2015-8127
RESERVED
-CVE-2013-7447
-   RESERVED
+CVE-2013-7447 (Integer overflow in the gdk_cairo_set_source_pixbuf function in 
...)
{DLA-419-1}
- gtk+2.0  (bug #799275)
- gtk+3.0 3.10.7-1


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39760 - data/DSA

[Adam D. Barratt]

Author: adsb
Date: 2016-02-18 20:20:17 + (Thu, 18 Feb 2016)
New Revision: 39760

Modified:
   data/DSA/list
Log:
Add missing epochs for libreoffice / DSA-3482-1

Modified: data/DSA/list
===
--- data/DSA/list   2016-02-18 20:19:11 UTC (rev 39759)
+++ data/DSA/list   2016-02-18 20:20:17 UTC (rev 39760)
@@ -1,7 +1,7 @@
 [17 Feb 2016] DSA-3482-1 libreoffice - security update
{CVE-2016-0794 CVE-2016-0795}
-   [wheezy] - libreoffice 3.5.4+dfsg2-0+deb7u6
-   [jessie] - libreoffice 4.3.3-2+deb8u3
+   [wheezy] - libreoffice 1:3.5.4+dfsg2-0+deb7u6
+   [jessie] - libreoffice 1:4.3.3-2+deb8u3
 [16 Feb 2016] DSA-3481-1 glibc - security update
{CVE-2015-7547 CVE-2015-8776 CVE-2015-8778 CVE-2015-8779}
[jessie] - glibc 2.19-18+deb8u3


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39758 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2016-02-18 20:18:25 + (Thu, 18 Feb 2016)
New Revision: 39758

Modified:
   data/CVE/list
Log:
Add icedove source package name for four CVEs

Modified: data/CVE/list
===
--- data/CVE/list   2016-02-18 19:35:03 UTC (rev 39757)
+++ data/CVE/list   2016-02-18 20:18:25 UTC (rev 39758)
@@ -1553,6 +1553,8 @@
{DSA-3457-1}
- iceweasel 44.0-1
[squeeze] - iceweasel 
+   - icedove 38.6.0-1
+   [squeeze] - icedove 
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-03/
 CVE-2016-1934
RESERVED
@@ -1569,6 +1571,8 @@
[jessie] - iceweasel  (Only affects Firefox 43.x)
[wheezy] - iceweasel  (Only affects Firefox 43.x)
[squeeze] - iceweasel  (Only affects Firefox 43.x)
+   - icedove 38.6.0-1
+   [squeeze] - icedove 
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
 CVE-2016-1930 (Multiple unspecified vulnerabilities in the browser engine in 
Mozilla ...)
{DSA-3457-1}
@@ -2678,6 +2682,8 @@
NOTE: 
http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
- iceweasel 44.0-1
[squeeze] - iceweasel 
+   - icedove 38.6.0-1
+   [squeeze] - icedove 
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-14/
 CVE-2016-1522 (Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla 
...)
{DSA-3479-1}
@@ -9986,6 +9992,8 @@
{DSA-3465-1 DSA-3458-1 DSA-3457-1 DSA-3437-1 DSA-3436-1 DLA-410-1}
- iceweasel 43.0.2-1
[squeeze] - iceweasel 
+   - icedove 38.6.0-1
+   [squeeze] - icedove 
- nss 2:3.21-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-150/
NOTE: Patch in SuSE Bugzilla: 
https://bugzilla.novell.com/attachment.cgi?id=660286


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39759 - data

[Salvatore Bonaccorso]

Author: carnil
Date: 2016-02-18 20:19:11 + (Thu, 18 Feb 2016)
New Revision: 39759

Modified:
   data/dsa-needed.txt
Log:
Add icedove to dsa-needed list

Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-02-18 20:18:25 UTC (rev 39758)
+++ data/dsa-needed.txt 2016-02-18 20:19:11 UTC (rev 39759)
@@ -24,6 +24,8 @@
 --
 cpio (carnil)
 --
+icedove
+--
 icedtea-web
 --
 imagemagick/oldstable


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39757 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2016-02-18 19:35:03 + (Thu, 18 Feb 2016)
New Revision: 39757

Modified:
   data/CVE/list
Log:
Add brotli for CVE-2016-1624

Modified: data/CVE/list
===
--- data/CVE/list   2016-02-18 15:53:56 UTC (rev 39756)
+++ data/CVE/list   2016-02-18 19:35:03 UTC (rev 39757)
@@ -2356,6 +2356,7 @@
- chromium-browser 
[wheezy] - chromium-browser  (Not supported in Wheezy)
[squeeze] - chromium-browser  (Not supported in Squeeze 
LTS)
+   - brotli 
 CVE-2016-1623 (The DOM implementation in Google Chrome before 48.0.2564.109 
does not ...)
- chromium-browser 
[wheezy] - chromium-browser  (Not supported in Wheezy)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39756 - in data: . DLA

[Chris Lamb]

Author: lamby
Date: 2016-02-18 15:53:56 + (Thu, 18 Feb 2016)
New Revision: 39756

Modified:
   data/DLA/list
   data/dla-needed.txt
Log:
Reserve DLA-420-1 for libmatroska

Modified: data/DLA/list
===
--- data/DLA/list   2016-02-18 13:35:42 UTC (rev 39755)
+++ data/DLA/list   2016-02-18 15:53:56 UTC (rev 39756)
@@ -1,3 +1,6 @@
+[18 Feb 2016] DLA-420-1 libmatroska - security update
+   {CVE-2014-9765}
+   [squeeze] - libmatroska 0.8.1-1.1+deb6u1
 [17 Feb 2016] DLA-419-1 gtk+2.0 - security update
{CVE-2013-7447}
[squeeze] - gtk+2.0 2.20.1-2+deb6u1

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-02-18 13:35:42 UTC (rev 39755)
+++ data/dla-needed.txt 2016-02-18 15:53:56 UTC (rev 39756)
@@ -38,8 +38,6 @@
 --
 libebml (Damyan Ivanov)
 --
-libmatroska (Chris Lamb)
---
 libxml2
 --
 linux-2.6 (Ben Hutchings)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39755 - data

[Markus Koschany]

Author: apo-guest
Date: 2016-02-18 13:35:42 + (Thu, 18 Feb 2016)
New Revision: 39755

Modified:
   data/dla-needed.txt
Log:
Claim python-imaging in dla-needed.txt

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-02-18 08:16:31 UTC (rev 39754)
+++ data/dla-needed.txt 2016-02-18 13:35:42 UTC (rev 39755)
@@ -60,7 +60,7 @@
 php5 (Thorsten Alteholz)
   NOTE: next upload end of December
 --
-python-imaging
+python-imaging (Markus Koschany)
 --
 tiff
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39754 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2016-02-18 08:16:31 + (Thu, 18 Feb 2016)
New Revision: 39754

Modified:
   data/CVE/list
Log:
Mark four CVEs for linux as fixed in unstable

Modified: data/CVE/list
===
--- data/CVE/list   2016-02-18 06:07:49 UTC (rev 39753)
+++ data/CVE/list   2016-02-18 08:16:31 UTC (rev 39754)
@@ -160,13 +160,13 @@
TODO: check
 CVE-2016-2384 [Double-free in snd-usbmidi-lib triggered by invalid USB 
descriptor]
RESERVED
-   - linux 
+   - linux 4.4.2-1
- linux-2.6 
NOTE: Fixed by: 
https://git.kernel.org/linus/07d86ca93db7e5cdf4743564d98292042ec21af7 (v4.5-rc4)
NOTE: http://www.openwall.com/lists/oss-security/2016/02/14/2
 CVE-2016-2383 [Incorrect branch fixups for eBPF allow arbitrary read]
RESERVED
-   - linux 
+   - linux 4.4.2-1
[jessie] - linux  (Vulnerable code not present)
[wheezy] - linux  (Vulnerable code not present)
- linux-2.6  (Vulnerable code not present)
@@ -469,7 +469,7 @@
NOT-FOR-US: Umbraco
 CVE-2015-8812 [Flaw in CXGB3 driver]
RESERVED
-   - linux 
+   - linux 4.4.2-1
- linux-2.6 
NOTE: http://www.openwall.com/lists/oss-security/2016/02/11/1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1303532
@@ -5681,7 +5681,7 @@
NOT-FOR-US: Oracle Sun Solaris
 CVE-2016-0617 [hugetlbfs: fix bugs in hugetlb_vmtruncate_list()]
RESERVED
-   - linux 
+   - linux 4.4.2-1
[jessie] - linux  (Vulnerable code introduced later)
[wheezy] - linux  (Vulnerable code introduced later)
- linux-2.6  (Vulnerable code introduced later)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits