[Secure-testing-commits] r39975 - data/CVE
Author: carnil Date: 2016-02-27 07:41:17 + (Sat, 27 Feb 2016) New Revision: 39975 Modified: data/CVE/list Log: Fix icedove entry for msfsa2016-01 Modified: data/CVE/list === --- data/CVE/list 2016-02-27 07:37:55 UTC (rev 39974) +++ data/CVE/list 2016-02-27 07:41:17 UTC (rev 39975) @@ -2095,13 +2095,13 @@ [jessie] - iceweasel (Only affects Firefox 43.x) [wheezy] - iceweasel (Only affects Firefox 43.x) [squeeze] - iceweasel (Only affects Firefox 43.x) - - icedove 38.6.0-1 - [squeeze] - icedove NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/ CVE-2016-1930 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-3491-1 DSA-3457-1} - iceweasel 44.0-1 [squeeze] - iceweasel + - icedove 38.6.0-1 + [squeeze] - icedove NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/ CVE-2016-1929 (The XS engine in SAP HANA allows remote attackers to spoof log entries ...) TODO: check ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39974 - data
Author: carnil Date: 2016-02-27 07:37:55 + (Sat, 27 Feb 2016) New Revision: 39974 Modified: data/dsa-needed.txt Log: Remove icedove, was released Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-02-27 07:36:51 UTC (rev 39973) +++ data/dsa-needed.txt 2016-02-27 07:37:55 UTC (rev 39974) @@ -33,8 +33,6 @@ -- php-horde-core -- -icedove (jmm) --- icedtea-web -- imagemagick/oldstable ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39973 - data
Author: carnil Date: 2016-02-27 07:36:51 + (Sat, 27 Feb 2016) New Revision: 39973 Modified: data/dsa-needed.txt Log: Maintainer (sathieu) prepared updates for php-horde and php-horde-core Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-02-27 07:23:20 UTC (rev 39972) +++ data/dsa-needed.txt 2016-02-27 07:36:51 UTC (rev 39973) @@ -30,10 +30,8 @@ drupal7 -- php-horde - TODO: check if warrants DSA, maintainer proposing debdiffs -- php-horde-core - TODO: check if warrants DSA, maintainer proposing debdiffs -- icedove (jmm) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39972 - data
Author: jmm Date: 2016-02-27 07:23:20 + (Sat, 27 Feb 2016) New Revision: 39972 Modified: data/dsa-needed.txt Log: add botan to dsa-needed Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-02-27 07:01:08 UTC (rev 39971) +++ data/dsa-needed.txt 2016-02-27 07:23:20 UTC (rev 39972) @@ -19,6 +19,8 @@ aptdaemon For jessie-security compat layer for PackageKit needs to be dropped -- +botan1.10 +-- cacti Maintainer proposed debdiffs, needs review and ack -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39970 - data/CVE
Author: carnil Date: 2016-02-27 07:00:50 + (Sat, 27 Feb 2016) New Revision: 39970 Modified: data/CVE/list Log: Reference CVE request (although not formally one) Modified: data/CVE/list === --- data/CVE/list 2016-02-27 06:28:03 UTC (rev 39969) +++ data/CVE/list 2016-02-27 07:00:50 UTC (rev 39970) @@ -4,6 +4,7 @@ - linux-2.6 (Introduced in 3.10) NOTE: Introduced by: https://git.kernel.org/linus/63bcff2a307b9bcc712a8251eb27df8b2e117967 (v3.10-rc1) NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?h=x86/urgent=3d44d51bd339766f0178f0cf2e8d048b4a4872aa (not yet merged into Linus tree) + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/26/6 TODO: check CVE-2016-7575 REJECTED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39971 - data/CVE
Author: carnil Date: 2016-02-27 07:01:08 + (Sat, 27 Feb 2016) New Revision: 39971 Modified: data/CVE/list Log: Add temporary entry for util-linux Modified: data/CVE/list === --- data/CVE/list 2016-02-27 07:00:50 UTC (rev 39970) +++ data/CVE/list 2016-02-27 07:01:08 UTC (rev 39971) @@ -1,3 +1,8 @@ +CVE-2016- [runuser tty hijacking via TIOCSTI ioctl] + - util-linux (bug #815922) + [wheezy] - util-linux (runuser[.c] not yet present) + [squeeze] - util-linux (runuser[.c] not yet present) + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/27/1 CVE-2016- [Partial SMAP bypass on 64-bit Linux kernels] - linux [wheezy] - linux (Introduced in 3.10) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39969 - data/CVE
Author: carnil Date: 2016-02-27 06:28:03 + (Sat, 27 Feb 2016) New Revision: 39969 Modified: data/CVE/list Log: Add new linux issue Modified: data/CVE/list === --- data/CVE/list 2016-02-27 05:38:10 UTC (rev 39968) +++ data/CVE/list 2016-02-27 06:28:03 UTC (rev 39969) @@ -1,3 +1,10 @@ +CVE-2016- [Partial SMAP bypass on 64-bit Linux kernels] + - linux + [wheezy] - linux (Introduced in 3.10) + - linux-2.6 (Introduced in 3.10) + NOTE: Introduced by: https://git.kernel.org/linus/63bcff2a307b9bcc712a8251eb27df8b2e117967 (v3.10-rc1) + NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?h=x86/urgent=3d44d51bd339766f0178f0cf2e8d048b4a4872aa (not yet merged into Linus tree) + TODO: check CVE-2016-7575 REJECTED CVE-2016-2573 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39968 - data/CVE
Author: carnil Date: 2016-02-27 05:38:10 + (Sat, 27 Feb 2016) New Revision: 39968 Modified: data/CVE/list Log: Add bug reference for policykit-1, CVE-2016-2568, #816062 Modified: data/CVE/list === --- data/CVE/list 2016-02-27 05:00:11 UTC (rev 39967) +++ data/CVE/list 2016-02-27 05:38:10 UTC (rev 39968) @@ -59,9 +59,8 @@ NOTE: Upstream confirmed it does not affect squid 2.7.x CVE-2016-2568 [Program run via pkexec as unprivileged user can escape to parent session via TIOCSTI ioctl] RESERVED - - policykit-1 + - policykit-1 (bug #816062) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1300746 - TODO: check CVE-2016-2558 RESERVED CVE-2016-2557 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39966 - data/CVE
Author: jmm Date: 2016-02-26 23:12:10 + (Fri, 26 Feb 2016) New Revision: 39966 Modified: data/CVE/list Log: NFUs one java issue n/a Modified: data/CVE/list === --- data/CVE/list 2016-02-26 22:49:52 UTC (rev 39965) +++ data/CVE/list 2016-02-26 23:12:10 UTC (rev 39966) @@ -5925,7 +5925,6 @@ - xen [squeeze] - xen (Unsupported in Squeeze LTS) NOTE: http://xenbits.xen.org/xsa/advisory-164.html - TODO: check CVE-2015-8553 [Incomplete patches in XSA-120] RESERVED - linux @@ -6067,7 +6066,6 @@ CVE-2015- [remotely triggerable crash] - ruby-eventmachine (bug #678512; bug #696015) NOTE: https://github.com/eventmachine/eventmachine/issues/501#issuecomment-37307556 - TODO: check CVE-2015-8560 [code execution via improper escaping of ; in foomatic-rip] RESERVED {DSA-3429-1 DSA-3419-1 DLA-371-1} @@ -6275,7 +6273,7 @@ CVE-2016-0615 RESERVED CVE-2016-0614 (Unspecified vulnerability in the Oracle BI Publisher component in ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-0613 RESERVED CVE-2016-0612 @@ -6319,7 +6317,9 @@ CVE-2016-0604 RESERVED CVE-2016-0603 (Unspecified vulnerability in the Java SE component in Oracle Java SE ...) - TODO: check + - openjdk-8 (Java on Windows) + - openjdk-7 (Java on Windows) + - openjdk-6 (Java on Windows) CVE-2016-0602 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...) - virtualbox (VirtualBox Windows Installer component) NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR @@ -6371,95 +6371,95 @@ [wheezy] - virtualbox (DSA 3454) NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR CVE-2016-0591 (Unspecified vulnerability in the PeopleSoft Enterprise SCM Purchasing ...) - TODO: check + NOT-FOR-US: PeopleSoft CVE-2016-0590 (Unspecified vulnerability in the PeopleSoft Enterprise SCM Order ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-0589 (Unspecified vulnerability in the Oracle Application Object Library ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-0588 (Unspecified vulnerability in the Oracle General Ledger component in ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-0587 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) - TODO: check + NOT-FOR-US: PeopleSoft CVE-2016-0586 (Unspecified vulnerability in the Oracle Application Object Library ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-0585 (Unspecified vulnerability in the Oracle Application Object Library ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-0584 (Unspecified vulnerability in the Oracle CRM Technology Foundation ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-0583 (Unspecified vulnerability in the Oracle CRM Technology Foundation ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-0582 (Unspecified vulnerability in the Oracle CRM Technology Foundation ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-0581 (Unspecified vulnerability in the Oracle Approvals Management component ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-0580 (Unspecified vulnerability in the Oracle Report Manager component in ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-0579 (Unspecified vulnerability in the Oracle CRM Technology Foundation ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-0578 (Unspecified vulnerability in the Oracle CRM Technology Foundation ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-0577 (Unspecified vulnerability in the Oracle WebLogic Server component in ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-0576 (Unspecified vulnerability in the Oracle Application Object Library ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-0575 (Unspecified vulnerability in the Oracle Learning Management component ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-0574 (Unspecified vulnerability in the Oracle WebLogic Server component in ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-0573 (Unspecified vulnerability in the Oracle WebLogic Server component in ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-0572 (Unspecified vulnerability in the Oracle WebLogic Server component in ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-0571 (Unspecified vulnerability in the Oracle Balanced Scorecard component ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-0570 (Unspecified vulnerability in the Oracle HCM Configuration Workbench ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-0569 (Unspecified vulnerability in the Oracle E-Business
[Secure-testing-commits] r39965 - data/CVE
Author: jmm Date: 2016-02-26 22:49:52 + (Fri, 26 Feb 2016) New Revision: 39965 Modified: data/CVE/list Log: cacti fixed Modified: data/CVE/list === --- data/CVE/list 2016-02-26 22:45:38 UTC (rev 39964) +++ data/CVE/list 2016-02-26 22:49:52 UTC (rev 39965) @@ -989,7 +989,7 @@ NOTE: Introduced by: https://git.kernel.org/linus/04b5d028f50ff05a8f9ae049ee71f8fdfcf1f5de (v2.6.30-rc2) CVE-2016-2313 [Authentication using web authentication as a user not in the cacti database allows complete access] RESERVED - - cacti (bug #814353) + - cacti 0.8.8g+ds1-1 (bug #814353) [jessie] - cacti (Might cause regressions for some setups, to risky, not fully right approach; disputed) [wheezy] - cacti (Might cause regressions for some setups, to risky, not fully right approach; disputed) NOTE: http://svn.cacti.net/viewvc/cacti/tags/0.8.8g/docs/CHANGELOG?revision=7788=markup ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39964 - data/CVE
Author: jmm Date: 2016-02-26 22:45:38 + (Fri, 26 Feb 2016) New Revision: 39964 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list === --- data/CVE/list 2016-02-26 21:24:23 UTC (rev 39963) +++ data/CVE/list 2016-02-26 22:45:38 UTC (rev 39964) @@ -169,49 +169,42 @@ - linux 4.4.2-1 - linux-2.6 NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2ba1fe7a06d3624f9a7586d672b55f08f7c670f3 (v4.5-rc1) - TODO: check versions CVE-2016-2548 RESERVED - linux 4.4.2-1 - linux-2.6 NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d (v4.5-rc1) - TODO: check versions CVE-2016-2547 RESERVED - linux 4.4.2-1 - linux-2.6 NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d (v4.5-rc1) - TODO: check versions CVE-2016-2546 [ALSA: timer: Fix race among timer ioctls] RESERVED - linux 4.4.2-1 - linux-2.6 NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af368027a49a751d6ff4ee9e3f9961f35bb4fede (v4.5-rc1) - TODO: check versions CVE-2016-2545 [ALSA: timer: Fix double unlink of active_list] RESERVED - linux 4.4.2-1 - linux-2.6 NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee8413b01045c74340aa13ad5bdf905de32be736 (v4.5-rc1) - TODO: check versions CVE-2016-2544 [ALSA: seq: Fix race at timer setup and close] RESERVED - linux 4.4.2-1 - linux-2.6 NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3567eb6af614dac436c4b16a8d426f9faed639b3 (v4.5-rc1) - TODO: check versions CVE-2016-2543 [ALSA: seq: Fix missing NULL check at remove_events ioctl] RESERVED - linux 4.4.2-1 - linux-2.6 NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=030e2c78d3a91dd0d27fef37e91950dde333eba1 (v4.5-rc1) - TODO: check versions CVE-2016-2542 (Untrusted search path vulnerability in Flexera InstallShield through ...) NOT-FOR-US: Flexera InstallShield CVE-2016-2537 (The is-my-json-valid package before 2.12.4 for Node.js has an ...) TODO: check CVE-2016-2536 (Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise ...) - TODO: check + NOT-FOR-US: SAP CVE-2016-2535 RESERVED CVE-2016-2534 @@ -513,9 +506,9 @@ CVE-2016-2398 (Comcast XFINITY Home Security System does not properly maintain ...) TODO: check CVE-2016-2397 (The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA ...) - TODO: check + NOT-FOR-US: Dell CVE-2016-2396 (The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, ...) - TODO: check + NOT-FOR-US: Dell CVE-2016-2395 RESERVED CVE-2016-2394 @@ -523,19 +516,18 @@ CVE-2016-2393 RESERVED CVE-2016-2389 (Directory traversal vulnerability in the Manufacturing Integration and ...) - TODO: check + NOT-FOR-US: SAP CVE-2016-2388 (The Universal Worklist Configuration in SAP NetWeaver 7.4 allows ...) - TODO: check + NOT-FOR-US: SAP CVE-2016-2387 (Cross-site scripting (XSS) vulnerability in the Java Proxy Runtime ...) - TODO: check + NOT-FOR-US: SAP CVE-2016-2386 (SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE ...) - TODO: check + NOT-FOR-US: SAP CVE-2015-8816 [USB hub invalid memory access in hub_activate()] RESERVED - linux 4.4.2-1 - linux-2.6 NOTE: Fixed by: https://git.kernel.org/linus/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea (v4.4-rc6) - TODO: check other versions CVE-2015-8815 RESERVED CVE-2015-8814 @@ -833,7 +825,7 @@ CVE-2016-2315 RESERVED CVE-2016-2314 (GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices ...) - TODO: check + NOT-FOR-US: Huawei CVE-2016-2318 RESERVED - graphicsmagick (bug #814732) @@ -915,7 +907,7 @@ CVE-2016-2276 RESERVED CVE-2016-2275 (The web interface on Advantech/B+B SmartWorx VESP211-EU devices with ...) - TODO: check + NOT-FOR-US: SmartWorx CVE-2016-2274 RESERVED CVE-2016-2273 @@ -926,16 +918,14 @@ - xen [squeeze] - xen (Unsupported in Squeeze LTS) NOTE: http://xenbits.xen.org/xsa/advisory-170.html - TODO: check CVE-2016-2270 (Xen 4.6.x and earlier allows local guest administrators to cause a ...) - xen [squeeze] - xen (Unsupported in Squeeze LTS) NOTE:
[Secure-testing-commits] r39963 - data/CVE
Author: jmm Date: 2016-02-26 21:24:23 + (Fri, 26 Feb 2016) New Revision: 39963 Modified: data/CVE/list Log: rails 2.3 is EOLed in wheezy Modified: data/CVE/list === --- data/CVE/list 2016-02-26 21:22:10 UTC (rev 39962) +++ data/CVE/list 2016-02-26 21:24:23 UTC (rev 39963) @@ -5693,7 +5693,7 @@ [squeeze] - rails (Not supported in Squeeze LTS) - ruby-actionpack-3.2 - ruby-actionpack-2.3 - TODO: check + [wheezy] - ruby-actionpack-2.3 CVE-2016-0751 (actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in ...) {DSA-3464-1} - rails 2:4.2.5.1-1 @@ -5701,7 +5701,7 @@ [squeeze] - rails (Not supported in Squeeze LTS) - ruby-actionpack-3.2 - ruby-actionpack-2.3 - TODO: check + [wheezy] - ruby-actionpack-2.3 CVE-2016-0750 RESERVED CVE-2016-0749 @@ -10573,7 +10573,7 @@ [squeeze] - rails (Not supported in Squeeze LTS) - ruby-actionpack-3.2 - ruby-actionpack-2.3 - TODO: check + [wheezy] - ruby-actionpack-2.3 CVE-2015-7580 (Cross-site scripting (XSS) vulnerability in ...) - ruby-rails-html-sanitizer 1.0.3-1 (bug #812814) CVE-2015-7579 (Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer ...) @@ -10587,7 +10587,7 @@ [squeeze] - rails (Not supported in Squeeze LTS) - ruby-activerecord-3.2 - ruby-activerecord-2.3 - TODO: check + [wheezy] - ruby-activerecord-2.3 CVE-2015-7576 (The http_basic_authenticate_with method in ...) {DSA-3464-1} - rails 2:4.2.5.1-1 @@ -10595,9 +10595,10 @@ [squeeze] - rails (Not supported in Squeeze LTS) - ruby-actionpack-3.2 - ruby-actionpack-2.3 + [wheezy] - ruby-actionpack-2.3 - ruby-activesupport-3.2 - ruby-activesupport-2.3 - TODO: check + [wheezy] - ruby-activesupport-2.3 CVE-2015-7575 (Mozilla Network Security Services (NSS) before 3.20.2, as used in ...) {DSA-3491-1 DSA-3465-1 DSA-3458-1 DSA-3457-1 DSA-3437-1 DSA-3436-1 DLA-410-1} - iceweasel 43.0.2-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39962 - data/CVE
Author: jmm Date: 2016-02-26 21:22:10 + (Fri, 26 Feb 2016) New Revision: 39962 Modified: data/CVE/list Log: two libav issues n/a two libav issues undetermined, code varies from ffmpeg so needs test with actual reproducer Modified: data/CVE/list === --- data/CVE/list 2016-02-26 21:10:11 UTC (rev 39961) +++ data/CVE/list 2016-02-26 21:22:10 UTC (rev 39962) @@ -1,6 +1,5 @@ CVE-2016-7575 REJECTED - TODO: check CVE-2016-2573 RESERVED CVE-2016-2567 @@ -797,20 +796,20 @@ NOTE: Fixed in 5.6.18, 7.0.3 CVE-2016-2330 (libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a ...) - ffmpeg 2.8.6-1 - - libav + - libav NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=03d83ba34b2070878909eae18dfac0f519503777 CVE-2016-2329 (libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate ...) - ffmpeg 2.8.6-1 - - libav + - libav NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=89f464e9c229006e16f6bb5403c5529fdd0a9edd CVE-2016-2328 (libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate ...) - ffmpeg 2.8.6-1 - - libav + - libav (Vulnerable code not present) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ad3b6fa7d83db7de951ed891649af93a47e74be5 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=757248ea3cd917a7755cb15f817a9b1f15578718 CVE-2016-2327 (libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes ...) - ffmpeg 2.8.5-1 - - libav + - libav (Vulnerable code not present) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f4c3e4b92212d98f5b9ca2dee13e076effe9589 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ec9c5ce8a753175244da971fed9f1e25aef7971 CVE-2016-2326 (Integer overflow in the asf_write_packet function in ...) @@ -1208,8 +1207,8 @@ NOT-FOR-US: Enterprise Manager in McAfee Vulnerability Manager CVE-2016-2213 (The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in ...) - ffmpeg 7:2.8.6-1 - - libav [squeeze] - ffmpeg (Not supported in Squeeze LTS) + - libav (Vulnerable code not present) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0aada30510d809bccfd539a90ea37b61188f2cb4 CVE-2016-2196 [Overwrite in P-521 reduction] RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39960 - data/CVE
Author: jmm Date: 2016-02-26 20:43:31 + (Fri, 26 Feb 2016) New Revision: 39960 Modified: data/CVE/list Log: fix syntax Modified: data/CVE/list === --- data/CVE/list 2016-02-26 19:59:55 UTC (rev 39959) +++ data/CVE/list 2016-02-26 20:43:31 UTC (rev 39960) @@ -16535,7 +16535,7 @@ - tomcat9 (bug #802312) - tomcat8 8.0.30-1 - tomcat7 7.0.68-1 - - tomcat6 + - tomcat6 [squeeze] - tomcat6 (Minor issue, very unlikely to exploit) [wheezy] - tomcat6 (Minor issue, very unlikely to exploit) [jessie] - tomcat6 (Minor issue, very unlikely to exploit) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39959 - data/CVE
Author: apo-guest Date: 2016-02-26 19:59:55 + (Fri, 26 Feb 2016) New Revision: 39959 Modified: data/CVE/list Log: CVE-2015-5346 Remove fixed version for Tomcat 6 Modified: data/CVE/list === --- data/CVE/list 2016-02-26 19:39:16 UTC (rev 39958) +++ data/CVE/list 2016-02-26 19:59:55 UTC (rev 39959) @@ -16535,7 +16535,7 @@ - tomcat9 (bug #802312) - tomcat8 8.0.30-1 - tomcat7 7.0.68-1 - - tomcat6 6.0.35-1+squeeze4 + - tomcat6 [squeeze] - tomcat6 (Minor issue, very unlikely to exploit) [wheezy] - tomcat6 (Minor issue, very unlikely to exploit) [jessie] - tomcat6 (Minor issue, very unlikely to exploit) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39958 - data/CVE
Author: apo-guest Date: 2016-02-26 19:39:16 + (Fri, 26 Feb 2016) New Revision: 39958 Modified: data/CVE/list Log: Triage CVE-2015-5346. Mark as minor issue and no-dsa for Tomcat 6 Modified: data/CVE/list === --- data/CVE/list 2016-02-26 18:43:10 UTC (rev 39957) +++ data/CVE/list 2016-02-26 19:39:16 UTC (rev 39958) @@ -16535,8 +16535,15 @@ - tomcat9 (bug #802312) - tomcat8 8.0.30-1 - tomcat7 7.0.68-1 - - tomcat6 + - tomcat6 6.0.35-1+squeeze4 + [squeeze] - tomcat6 (Minor issue, very unlikely to exploit) + [wheezy] - tomcat6 (Minor issue, very unlikely to exploit) + [jessie] - tomcat6 (Minor issue, very unlikely to exploit) NOTE: Fixed in 7.0.67, 8.0.30, 9.0.0.M3 + NOTE: Not fixed for Tomcat 6. Request.java is affected. + NOTE: https://svn.apache.org/viewvc?view=revision=1713187 + NOTE: http://svn.apache.org/viewvc?view=revision=1713185 + NOTE: http://svn.apache.org/viewvc?view=revision=1723506 CVE-2015-5345 (The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before ...) - tomcat9 (bug #802312) - tomcat8 8.0.30-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39957 - data
Author: carnil Date: 2016-02-26 18:43:10 + (Fri, 26 Feb 2016) New Revision: 39957 Modified: data/next-point-update.txt Log: Add CVE-2013-2207/glibc proposed for next jessie point release (note: not yet accepted by SRM) Modified: data/next-point-update.txt === --- data/next-point-update.txt 2016-02-26 18:38:02 UTC (rev 39956) +++ data/next-point-update.txt 2016-02-26 18:43:10 UTC (rev 39957) @@ -24,3 +24,5 @@ [jessie] - nettle 2.7.1-5+deb8u1 CVE-2015-8366 [jessie] - exactimage 0.8.9-7+deb8u2 +CVE-2013-2207 + [jessie] - glibc 2.19-18+deb8u4 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39956 - data/CVE
Author: carnil Date: 2016-02-26 18:38:02 + (Fri, 26 Feb 2016) New Revision: 39956 Modified: data/CVE/list Log: Update information for src:squid and CVE-2016-25{69,70,71} Modified: data/CVE/list === --- data/CVE/list 2016-02-26 16:39:06 UTC (rev 39955) +++ data/CVE/list 2016-02-26 18:38:02 UTC (rev 39956) @@ -12,24 +12,25 @@ NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch CVE-2016-2571 - squid3 (bug #816011) - - squid + - squid (Vulnerable code not present) NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13990.patch NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch - TODO: check versions + NOTE: Upstream confirmed it does not affect squid 2.7.x CVE-2016-2570 - squid3 (bug #816011) - - squid + - squid (Vulnerable code not present) NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13993.patch NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14549.patch + NOTE: Upstream confirmed it does not affect squid 2.7.x CVE-2016-2569 - squid3 (bug #816011) - - squid + - squid (Vulnerable code not present) NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patch NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14552.patch - TODO: check versions + NOTE: Upstream confirmed it does not affect squid 2.7.x CVE-2016-2568 [Program run via pkexec as unprivileged user can escape to parent session via TIOCSTI ioctl] - policykit-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1300746 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39955 - data/CVE
Author: carnil Date: 2016-02-26 16:39:06 + (Fri, 26 Feb 2016) New Revision: 39955 Modified: data/CVE/list Log: Add bug reference for squid3 issues, #816011 Modified: data/CVE/list === --- data/CVE/list 2016-02-26 16:33:31 UTC (rev 39954) +++ data/CVE/list 2016-02-26 16:39:06 UTC (rev 39955) @@ -11,20 +11,20 @@ NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch CVE-2016-2571 - - squid3 + - squid3 (bug #816011) - squid NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13990.patch NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch TODO: check versions CVE-2016-2570 - - squid3 + - squid3 (bug #816011) - squid NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13993.patch NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14549.patch CVE-2016-2569 - - squid3 + - squid3 (bug #816011) - squid NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patch ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39954 - data/CVE
Author: carnil Date: 2016-02-26 16:33:31 + (Fri, 26 Feb 2016) New Revision: 39954 Modified: data/CVE/list Log: Add note for cpio Modified: data/CVE/list === --- data/CVE/list 2016-02-26 14:25:29 UTC (rev 39953) +++ data/CVE/list 2016-02-26 16:33:31 UTC (rev 39954) @@ -4,6 +4,7 @@ [wheezy] - cpio (Minor issue) [squeeze] - cpio (Minor issue) NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/25/8 + NOTE: Disputed if it will recieve a CVE CVE-2016-2572 - squid3 (Only affects 4.x) - squid (Only affects 4.x) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39953 - data
Author: apo-guest Date: 2016-02-26 14:25:29 + (Fri, 26 Feb 2016) New Revision: 39953 Modified: data/dla-needed.txt Log: Claim tomcat6 in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-02-26 09:51:31 UTC (rev 39952) +++ data/dla-needed.txt 2016-02-26 14:25:29 UTC (rev 39953) @@ -62,7 +62,7 @@ -- xymon (Chris Lamb) -- -tomcat6 +tomcat6 (Markus Koschany) -- pcre3 -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39952 - data
Author: carnil Date: 2016-02-26 09:51:31 + (Fri, 26 Feb 2016) New Revision: 39952 Modified: data/dsa-needed.txt Log: Add squid3 to dsa-needed list Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-02-26 09:19:57 UTC (rev 39951) +++ data/dsa-needed.txt 2016-02-26 09:51:31 UTC (rev 39952) @@ -73,6 +73,8 @@ -- squid/oldstable -- +squid3 +-- tardiff fw asked maintainer for preparing debdiffs for wheezy- and jessie-security -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39951 - data
Author: lamby Date: 2016-02-26 09:19:57 + (Fri, 26 Feb 2016) New Revision: 39951 Modified: data/dla-needed.txt Log: Triage openssl for LTS (CVE-2016-0799) Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-02-26 09:18:34 UTC (rev 39950) +++ data/dla-needed.txt 2016-02-26 09:19:57 UTC (rev 39951) @@ -72,3 +72,5 @@ -- squid3 -- +openssl +-- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39950 - data/CVE
Author: lamby Date: 2016-02-26 09:18:34 + (Fri, 26 Feb 2016) New Revision: 39950 Modified: data/CVE/list Log: correct location of added incorrectly in r39942 Modified: data/CVE/list === --- data/CVE/list 2016-02-26 09:17:43 UTC (rev 39949) +++ data/CVE/list 2016-02-26 09:18:34 UTC (rev 39950) @@ -5496,6 +5496,7 @@ CVE-2016-0799 RESERVED - openssl + [squeeze] - openssl (vulnerable code not present) NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=a801bf263849a2ef773e5bc0c86438cbba720835 CVE-2016-0798 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39949 - data/CVE
Author: carnil Date: 2016-02-26 09:17:43 + (Fri, 26 Feb 2016) New Revision: 39949 Modified: data/CVE/list Log: Revert "triage openssl for lts" I have informed lamby to recheck this entry since the CVE was for openssh, but the added entry for openssl. This reverts commit 162da96933a60488b774e0599f2e552d795c653c. Modified: data/CVE/list === --- data/CVE/list 2016-02-26 09:16:23 UTC (rev 39948) +++ data/CVE/list 2016-02-26 09:17:43 UTC (rev 39949) @@ -17544,7 +17544,6 @@ CVE-2015-5352 (The x11_open_helper function in channels.c in ssh in OpenSSH before ...) {DLA-288-1} - openssh 1:6.9p1-1 (bug #790798) - [squeeze] - openssl (vulnerable code not present) [jessie] - openssh (Minor issue) [wheezy] - openssh (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2015/07/01/7 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39948 - data/CVE
Author: carnil Date: 2016-02-26 09:16:23 + (Fri, 26 Feb 2016) New Revision: 39948 Modified: data/CVE/list Log: Mark pcre3 issue as no-dsa Modified: data/CVE/list === --- data/CVE/list 2016-02-26 08:58:49 UTC (rev 39947) +++ data/CVE/list 2016-02-26 09:16:23 UTC (rev 39948) @@ -49,10 +49,13 @@ RESERVED CVE-2016- [workspace overflow for (*ACCEPT) with deeply nested parentheses -- ZDI-CAN-3542] - pcre3 (bug #815921) + [jessie] - pcre3 (Minor issue) + [wheezy] - pcre3 (Minor issue) - pcre2 (bug #815920) NOTE: pcre3: http://vcs.pcre.org/pcre?view=revision=1631 NOTE: pcre2: http://vcs.pcre.org/pcre2?view=revision=489 NOTE: https://bugs.exim.org/show_bug.cgi?id=1791 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1311503 CVE-2016- [ftpbackup: disables opportunistic TLS] - ftpbackup (bug #815879) CVE-2016- [ftpbackup: creates backup folders world readable] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39947 - data/CVE
Author: jmm Date: 2016-02-26 08:58:49 + (Fri, 26 Feb 2016) New Revision: 39947 Modified: data/CVE/list Log: cpio no-dsa Modified: data/CVE/list === --- data/CVE/list 2016-02-26 08:53:41 UTC (rev 39946) +++ data/CVE/list 2016-02-26 08:58:49 UTC (rev 39947) @@ -1,5 +1,8 @@ CVE-2016- [out-of-bounds reads] - - cpio (bug #815965) + - cpio (low; bug #815965) + [jessie] - cpio (Minor issue) + [wheezy] - cpio (Minor issue) + [squeeze] - cpio (Minor issue) NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/25/8 CVE-2016-2572 - squid3 (Only affects 4.x) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39942 - data/CVE
Author: lamby Date: 2016-02-26 08:53:36 + (Fri, 26 Feb 2016) New Revision: 39942 Modified: data/CVE/list Log: triage openssl for lts Modified: data/CVE/list === --- data/CVE/list 2016-02-26 08:28:17 UTC (rev 39941) +++ data/CVE/list 2016-02-26 08:53:36 UTC (rev 39942) @@ -17538,6 +17538,7 @@ CVE-2015-5352 (The x11_open_helper function in channels.c in ssh in OpenSSH before ...) {DLA-288-1} - openssh 1:6.9p1-1 (bug #790798) + [squeeze] - openssl (vulnerable code not present) [jessie] - openssh (Minor issue) [wheezy] - openssh (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2015/07/01/7 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39943 - data
Author: lamby Date: 2016-02-26 08:53:38 + (Fri, 26 Feb 2016) New Revision: 39943 Modified: data/dla-needed.txt Log: triage pcre3 for lts Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-02-26 08:53:36 UTC (rev 39942) +++ data/dla-needed.txt 2016-02-26 08:53:38 UTC (rev 39943) @@ -64,3 +64,5 @@ -- tomcat6 -- +pcre3 +-- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39946 - data
Author: lamby Date: 2016-02-26 08:53:41 + (Fri, 26 Feb 2016) New Revision: 39946 Modified: data/dla-needed.txt Log: Triage squid3 for LTS Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-02-26 08:53:40 UTC (rev 39945) +++ data/dla-needed.txt 2016-02-26 08:53:41 UTC (rev 39946) @@ -70,3 +70,5 @@ -- squid -- +squid3 +-- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39945 - data
Author: lamby Date: 2016-02-26 08:53:40 + (Fri, 26 Feb 2016) New Revision: 39945 Modified: data/dla-needed.txt Log: Triage squid for LTS Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-02-26 08:53:39 UTC (rev 39944) +++ data/dla-needed.txt 2016-02-26 08:53:40 UTC (rev 39945) @@ -68,3 +68,5 @@ -- policykit-1 -- +squid +-- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39944 - data
Author: lamby Date: 2016-02-26 08:53:39 + (Fri, 26 Feb 2016) New Revision: 39944 Modified: data/dla-needed.txt Log: Triage policykit-1 for lts Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-02-26 08:53:38 UTC (rev 39943) +++ data/dla-needed.txt 2016-02-26 08:53:39 UTC (rev 39944) @@ -66,3 +66,5 @@ -- pcre3 -- +policykit-1 +-- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39941 - in data: . CVE
Author: jmm Date: 2016-02-26 08:28:17 + (Fri, 26 Feb 2016) New Revision: 39941 Modified: data/CVE/list data/dsa-needed.txt Log: new openssl issue add tomcat7/8 and xen to dsa-needed Modified: data/CVE/list === --- data/CVE/list 2016-02-26 08:03:31 UTC (rev 39940) +++ data/CVE/list 2016-02-26 08:28:17 UTC (rev 39941) @@ -5489,6 +5489,8 @@ RESERVED CVE-2016-0799 RESERVED + - openssl + NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=a801bf263849a2ef773e5bc0c86438cbba720835 CVE-2016-0798 RESERVED - openssl Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-02-26 08:03:31 UTC (rev 39940) +++ data/dsa-needed.txt 2016-02-26 08:28:17 UTC (rev 39941) @@ -84,7 +84,13 @@ -- tomcat6 -- +tomcat7 +-- +tomcat8 +-- wireshark -- +xen +-- xymon (seb) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39940 - data
Author: carnil Date: 2016-02-26 08:03:31 + (Fri, 26 Feb 2016) New Revision: 39940 Modified: data/dsa-needed.txt Log: Add drupal7 to dsa-needed list Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-02-26 07:54:51 UTC (rev 39939) +++ data/dsa-needed.txt 2016-02-26 08:03:31 UTC (rev 39940) @@ -25,6 +25,8 @@ ctdb TODO: check, possible regression update proposed by maintainer -- +drupal7 +-- php-horde TODO: check if warrants DSA, maintainer proposing debdiffs -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits