[Secure-testing-commits] r39767 - data/CVE
Author: carnil Date: 2016-02-19 06:34:15 + (Fri, 19 Feb 2016) New Revision: 39767 Modified: data/CVE/list Log: Add bug reference for didiwiki issue, #815111 Modified: data/CVE/list === --- data/CVE/list 2016-02-19 06:28:44 UTC (rev 39766) +++ data/CVE/list 2016-02-19 06:34:15 UTC (rev 39767) @@ -1,5 +1,5 @@ CVE-2016- [path traversal vulnerability] - - didiwiki 0.5-12 + - didiwiki 0.5-12 (bug #815111) NOTE: https://github.com/OpenedHand/didiwiki/pull/1/files CVE-2016-2402 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39764 - data/CVE
Author: carnil Date: 2016-02-19 06:01:48 + (Fri, 19 Feb 2016) New Revision: 39764 Modified: data/CVE/list Log: macopix fixed in unstable Modified: data/CVE/list === --- data/CVE/list 2016-02-18 21:15:17 UTC (rev 39763) +++ data/CVE/list 2016-02-19 06:01:48 UTC (rev 39764) @@ -4607,7 +4607,7 @@ RESERVED {DSA-3452-1 DLA-383-1} - claws-mail 3.13.1-1 - - macopix + - macopix 1.7.4-6 [jessie] - macopix (Minor issue) [wheezy] - macopix (Minor issue) NOTE: http://git.claws-mail.org/?p=claws.git;a=commit;h=d390fa07f5548f3173dd9cc13b233db5ce934c82 (3.13.1) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39763 - data/CVE
Author: carnil Date: 2016-02-18 21:15:17 + (Thu, 18 Feb 2016) New Revision: 39763 Modified: data/CVE/list Log: Manually fix cross references to not wait next automatic update Modified: data/CVE/list === --- data/CVE/list 2016-02-18 21:13:46 UTC (rev 39762) +++ data/CVE/list 2016-02-18 21:15:17 UTC (rev 39763) @@ -561,7 +561,7 @@ RESERVED CVE-2014-9765 [Buffer overflow] RESERVED - {DLA-420-1 DLA-417-1} + {DLA-417-1} - xdelta3 3.0.8-dfsg-1.1 (bug #814067) NOTE: https://github.com/jmacd/xdelta-devel/commit/ef93ff74203e030073b898c05e8b4860b5d09ef2 NOTE: http://www.openwall.com/lists/oss-security/2016/02/08/1 @@ -1062,6 +1062,7 @@ NOTE: libv8 is not covered by security support NOTE: https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/ CVE-2015-8792 (The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 ...) + {DLA-420-1} - libmatroska 1.4.4-1 NOTE: http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html NOTE: https://github.com/Matroska-Org/libmatroska/commit/0a2d3e3644a7453b6513db2f9bc270f77943573f ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39762 - data/DLA
Author: carnil Date: 2016-02-18 21:13:46 + (Thu, 18 Feb 2016) New Revision: 39762 Modified: data/DLA/list Log: DLA-420-1 referenced a CVE for xdelta3, adjust to CVE-2015-8792 Modified: data/DLA/list === --- data/DLA/list 2016-02-18 21:10:13 UTC (rev 39761) +++ data/DLA/list 2016-02-18 21:13:46 UTC (rev 39762) @@ -1,5 +1,5 @@ [18 Feb 2016] DLA-420-1 libmatroska - security update - {CVE-2014-9765} + {CVE-2015-8792} [squeeze] - libmatroska 0.8.1-1.1+deb6u1 [17 Feb 2016] DLA-419-1 gtk+2.0 - security update {CVE-2013-7447} ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39761 - data/CVE
Author: sectracker Date: 2016-02-18 21:10:13 + (Thu, 18 Feb 2016) New Revision: 39761 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2016-02-18 20:20:17 UTC (rev 39760) +++ data/CVE/list 2016-02-18 21:10:13 UTC (rev 39761) @@ -1,3 +1,17 @@ +CVE-2016-2402 + RESERVED +CVE-2016-2401 + RESERVED +CVE-2016-2400 + RESERVED +CVE-2016-2399 + RESERVED +CVE-2016-2398 (Comcast XFINITY Home Security System does not properly maintain ...) + TODO: check +CVE-2016-2397 (The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA ...) + TODO: check +CVE-2016-2396 (The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, ...) + TODO: check CVE-2016-2395 RESERVED CVE-2016-2394 @@ -547,7 +561,7 @@ RESERVED CVE-2014-9765 [Buffer overflow] RESERVED - {DLA-417-1} + {DLA-420-1 DLA-417-1} - xdelta3 3.0.8-dfsg-1.1 (bug #814067) NOTE: https://github.com/jmacd/xdelta-devel/commit/ef93ff74203e030073b898c05e8b4860b5d09ef2 NOTE: http://www.openwall.com/lists/oss-security/2016/02/08/1 @@ -1108,10 +1122,10 @@ RESERVED CVE-2016-2074 RESERVED -CVE-2016-2072 - RESERVED -CVE-2016-2071 - RESERVED +CVE-2016-2072 (The Administrative Web Interface in Citrix NetScaler Application ...) + TODO: check +CVE-2016-2071 (Citrix NetScaler Application Delivery Controller (ADC) and NetScaler ...) + TODO: check CVE-2015-8787 (The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c ...) - linux 4.3.5-1 [jessie] - linux (Vulnerable code introduced in v3.19-rc1) @@ -1194,8 +1208,8 @@ [wheezy] - python-django (Only affects 1.9) [squeeze] - python-django (Only affects 1.9) NOTE: https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189/ -CVE-2016-2046 - RESERVED +CVE-2016-2046 (Cross-site scripting (XSS) vulnerability in the Nessus Web UI in ...) + TODO: check CVE-2016-2045 RESERVED - phpmyadmin 4:4.5.4-1 @@ -3111,10 +3125,10 @@ RESERVED CVE-2016-1335 RESERVED -CVE-2016-1334 - RESERVED -CVE-2016-1333 - RESERVED +CVE-2016-1334 (Cisco Small Business 500 Wireless Access Point devices with firmware ...) + TODO: check +CVE-2016-1333 (Cisco IOS 15.5(3)M and 15.6(1)T0a on Cisco 1000 Connected Grid routers ...) + TODO: check CVE-2016-1332 RESERVED CVE-2016-1331 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency ...) @@ -4460,9 +4474,9 @@ TODO: check CVE-2016-0951 (Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before ...) TODO: check -CVE-2016-0950 (Adobe Connect before 95.2 allows remote attackers to spoof the user ...) +CVE-2016-0950 (Adobe Connect before 9.5.2 allows remote attackers to spoof the user ...) TODO: check -CVE-2016-0949 (Adobe Connect before 95.2 allows remote attackers to have an ...) +CVE-2016-0949 (Adobe Connect before 9.5.2 allows remote attackers to have an ...) TODO: check CVE-2016-0948 (Cross-site request forgery (CSRF) vulnerability in Adobe Connect ...) TODO: check @@ -5044,8 +5058,7 @@ - linux-2.6 NOTE: https://rhn.redhat.com/errata/RHSA-2016-0103.html NOTE: The upstream fix for 3.16 was correct, but wheezy had a incomplete backport -CVE-2016-0773 - RESERVED +CVE-2016-0773 (PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, ...) {DSA-3476-1 DSA-3475-1} - postgresql-9.5 9.5.1-1 - postgresql-9.4 @@ -5064,8 +5077,7 @@ RESERVED CVE-2016-0767 RESERVED -CVE-2016-0766 - RESERVED +CVE-2016-0766 (PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, ...) {DSA-3476-1 DSA-3475-1} - postgresql-9.5 9.5.1 - postgresql-9.4 @@ -7793,10 +7805,10 @@ RESERVED CVE-2015-8288 RESERVED -CVE-2015-8287 - RESERVED -CVE-2015-8286 - RESERVED +CVE-2015-8287 (Swann SRNVW-470LCD devices with firmware through 0114 and SWNVW-470CAM ...) + TODO: check +CVE-2015-8286 (Zhuhai RaySharp firmware has a hardcoded root password, which makes it ...) + TODO: check CVE-2015-8285 RESERVED CVE-2015-8284 @@ -8186,8 +8198,7 @@ RESERVED CVE-2015-8127 RESERVED -CVE-2013-7447 - RESERVED +CVE-2013-7447 (Integer overflow in the gdk_cairo_set_source_pixbuf function in ...) {DLA-419-1} - gtk+2.0 (bug #799275) - gtk+3.0 3.10.7-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39760 - data/DSA
Author: adsb Date: 2016-02-18 20:20:17 + (Thu, 18 Feb 2016) New Revision: 39760 Modified: data/DSA/list Log: Add missing epochs for libreoffice / DSA-3482-1 Modified: data/DSA/list === --- data/DSA/list 2016-02-18 20:19:11 UTC (rev 39759) +++ data/DSA/list 2016-02-18 20:20:17 UTC (rev 39760) @@ -1,7 +1,7 @@ [17 Feb 2016] DSA-3482-1 libreoffice - security update {CVE-2016-0794 CVE-2016-0795} - [wheezy] - libreoffice 3.5.4+dfsg2-0+deb7u6 - [jessie] - libreoffice 4.3.3-2+deb8u3 + [wheezy] - libreoffice 1:3.5.4+dfsg2-0+deb7u6 + [jessie] - libreoffice 1:4.3.3-2+deb8u3 [16 Feb 2016] DSA-3481-1 glibc - security update {CVE-2015-7547 CVE-2015-8776 CVE-2015-8778 CVE-2015-8779} [jessie] - glibc 2.19-18+deb8u3 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39758 - data/CVE
Author: carnil Date: 2016-02-18 20:18:25 + (Thu, 18 Feb 2016) New Revision: 39758 Modified: data/CVE/list Log: Add icedove source package name for four CVEs Modified: data/CVE/list === --- data/CVE/list 2016-02-18 19:35:03 UTC (rev 39757) +++ data/CVE/list 2016-02-18 20:18:25 UTC (rev 39758) @@ -1553,6 +1553,8 @@ {DSA-3457-1} - iceweasel 44.0-1 [squeeze] - iceweasel + - icedove 38.6.0-1 + [squeeze] - icedove NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-03/ CVE-2016-1934 RESERVED @@ -1569,6 +1571,8 @@ [jessie] - iceweasel (Only affects Firefox 43.x) [wheezy] - iceweasel (Only affects Firefox 43.x) [squeeze] - iceweasel (Only affects Firefox 43.x) + - icedove 38.6.0-1 + [squeeze] - icedove NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/ CVE-2016-1930 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-3457-1} @@ -2678,6 +2682,8 @@ NOTE: http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html - iceweasel 44.0-1 [squeeze] - iceweasel + - icedove 38.6.0-1 + [squeeze] - icedove NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-14/ CVE-2016-1522 (Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla ...) {DSA-3479-1} @@ -9986,6 +9992,8 @@ {DSA-3465-1 DSA-3458-1 DSA-3457-1 DSA-3437-1 DSA-3436-1 DLA-410-1} - iceweasel 43.0.2-1 [squeeze] - iceweasel + - icedove 38.6.0-1 + [squeeze] - icedove - nss 2:3.21-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-150/ NOTE: Patch in SuSE Bugzilla: https://bugzilla.novell.com/attachment.cgi?id=660286 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39759 - data
Author: carnil Date: 2016-02-18 20:19:11 + (Thu, 18 Feb 2016) New Revision: 39759 Modified: data/dsa-needed.txt Log: Add icedove to dsa-needed list Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-02-18 20:18:25 UTC (rev 39758) +++ data/dsa-needed.txt 2016-02-18 20:19:11 UTC (rev 39759) @@ -24,6 +24,8 @@ -- cpio (carnil) -- +icedove +-- icedtea-web -- imagemagick/oldstable ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39757 - data/CVE
Author: carnil Date: 2016-02-18 19:35:03 + (Thu, 18 Feb 2016) New Revision: 39757 Modified: data/CVE/list Log: Add brotli for CVE-2016-1624 Modified: data/CVE/list === --- data/CVE/list 2016-02-18 15:53:56 UTC (rev 39756) +++ data/CVE/list 2016-02-18 19:35:03 UTC (rev 39757) @@ -2356,6 +2356,7 @@ - chromium-browser [wheezy] - chromium-browser (Not supported in Wheezy) [squeeze] - chromium-browser (Not supported in Squeeze LTS) + - brotli CVE-2016-1623 (The DOM implementation in Google Chrome before 48.0.2564.109 does not ...) - chromium-browser [wheezy] - chromium-browser (Not supported in Wheezy) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39756 - in data: . DLA
Author: lamby Date: 2016-02-18 15:53:56 + (Thu, 18 Feb 2016) New Revision: 39756 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-420-1 for libmatroska Modified: data/DLA/list === --- data/DLA/list 2016-02-18 13:35:42 UTC (rev 39755) +++ data/DLA/list 2016-02-18 15:53:56 UTC (rev 39756) @@ -1,3 +1,6 @@ +[18 Feb 2016] DLA-420-1 libmatroska - security update + {CVE-2014-9765} + [squeeze] - libmatroska 0.8.1-1.1+deb6u1 [17 Feb 2016] DLA-419-1 gtk+2.0 - security update {CVE-2013-7447} [squeeze] - gtk+2.0 2.20.1-2+deb6u1 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-02-18 13:35:42 UTC (rev 39755) +++ data/dla-needed.txt 2016-02-18 15:53:56 UTC (rev 39756) @@ -38,8 +38,6 @@ -- libebml (Damyan Ivanov) -- -libmatroska (Chris Lamb) --- libxml2 -- linux-2.6 (Ben Hutchings) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39755 - data
Author: apo-guest Date: 2016-02-18 13:35:42 + (Thu, 18 Feb 2016) New Revision: 39755 Modified: data/dla-needed.txt Log: Claim python-imaging in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-02-18 08:16:31 UTC (rev 39754) +++ data/dla-needed.txt 2016-02-18 13:35:42 UTC (rev 39755) @@ -60,7 +60,7 @@ php5 (Thorsten Alteholz) NOTE: next upload end of December -- -python-imaging +python-imaging (Markus Koschany) -- tiff -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39754 - data/CVE
Author: carnil Date: 2016-02-18 08:16:31 + (Thu, 18 Feb 2016) New Revision: 39754 Modified: data/CVE/list Log: Mark four CVEs for linux as fixed in unstable Modified: data/CVE/list === --- data/CVE/list 2016-02-18 06:07:49 UTC (rev 39753) +++ data/CVE/list 2016-02-18 08:16:31 UTC (rev 39754) @@ -160,13 +160,13 @@ TODO: check CVE-2016-2384 [Double-free in snd-usbmidi-lib triggered by invalid USB descriptor] RESERVED - - linux + - linux 4.4.2-1 - linux-2.6 NOTE: Fixed by: https://git.kernel.org/linus/07d86ca93db7e5cdf4743564d98292042ec21af7 (v4.5-rc4) NOTE: http://www.openwall.com/lists/oss-security/2016/02/14/2 CVE-2016-2383 [Incorrect branch fixups for eBPF allow arbitrary read] RESERVED - - linux + - linux 4.4.2-1 [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) - linux-2.6 (Vulnerable code not present) @@ -469,7 +469,7 @@ NOT-FOR-US: Umbraco CVE-2015-8812 [Flaw in CXGB3 driver] RESERVED - - linux + - linux 4.4.2-1 - linux-2.6 NOTE: http://www.openwall.com/lists/oss-security/2016/02/11/1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1303532 @@ -5681,7 +5681,7 @@ NOT-FOR-US: Oracle Sun Solaris CVE-2016-0617 [hugetlbfs: fix bugs in hugetlb_vmtruncate_list()] RESERVED - - linux + - linux 4.4.2-1 [jessie] - linux (Vulnerable code introduced later) [wheezy] - linux (Vulnerable code introduced later) - linux-2.6 (Vulnerable code introduced later) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits