[Secure-testing-commits] r40080 - doc
Author: lamby Date: 2016-03-01 07:19:20 + (Tue, 01 Mar 2016) New Revision: 40080 Modified: doc/DLA.template Log: Prompt for wheezy's version, not squeeze Modified: doc/DLA.template === --- doc/DLA.template2016-03-01 07:19:19 UTC (rev 40079) +++ doc/DLA.template2016-03-01 07:19:20 UTC (rev 40080) @@ -3,7 +3,7 @@ Subject: [SECURITY] [DLA $DLAID] $PACKAGE security update Package: $PACKAGE -Version: $squeeze_VERSION +Version: $wheezy_VERSION CVE ID : $CVE Debian Bug : $BUGNUM ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40079 - data
Author: lamby Date: 2016-03-01 07:19:19 + (Tue, 01 Mar 2016) New Revision: 40079 Modified: data/dla-needed.txt Log: Update dla-needed.txt to refer to wheezy now. Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-03-01 05:11:16 UTC (rev 40078) +++ data/dla-needed.txt 2016-03-01 07:19:19 UTC (rev 40079) @@ -1,4 +1,4 @@ -A squeeze-lts security update is needed for the following source packages. +A wheezy-lts security update is needed for the following source packages. The specific CVE IDs do not need to be listed, they can be gathered in an up-to-date manner from https://security-tracker.debian.org/tracker/source-package/SOURCEPACKAGE ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40078 - data/CVE
Author: sunweaver Date: 2016-03-01 05:11:16 + (Tue, 01 Mar 2016) New Revision: 40078 Modified: data/CVE/list Log: CVE-2014-8350 (smarty3): Provide upstream commit resolving the issue. Modified: data/CVE/list === --- data/CVE/list 2016-02-29 21:38:24 UTC (rev 40077) +++ data/CVE/list 2016-03-01 05:11:16 UTC (rev 40078) @@ -36961,6 +36961,7 @@ - smarty3 3.1.21-1 (bug #765920) - smarty (Only affects 3.x series) [squeeze] - smarty3 (Unsupported in squeeze-lts) + NOTE: https://github.com/smarty-php/smarty/commit/279bdbd3521cd717cae6a3ba48f1c3c6823f439d.patch CVE-2014-8399 (The default configuration in systemd-shim 8 enables the Abandon ...) - systemd-shim 8-4 NOTE: Fixed by: https://github.com/desrt/systemd-shim/commit/d2e91c118f6128875274a638007702d1cc665893 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40077 - data/CVE
Author: carnil Date: 2016-02-29 21:38:24 + (Mon, 29 Feb 2016) New Revision: 40077 Modified: data/CVE/list Log: Sync not-affected status with wheezy Modified: data/CVE/list === --- data/CVE/list 2016-02-29 21:36:48 UTC (rev 40076) +++ data/CVE/list 2016-02-29 21:38:24 UTC (rev 40077) @@ -4144,7 +4144,7 @@ CVE-2015-8732 (The dissect_zcl_pwr_prof_pwrprofstatersp function in ...) - wireshark 2.0.1+g59ea380-1 [wheezy] - wireshark (Vulnerable code not present) - [squeeze] - wireshark (Not supported in Squeeze LTS) + [squeeze] - wireshark (Vulnerable code not present) NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=eb0c034f6e4cdbf5ae36dd9ba8e2743630b7bd38 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9352616ec9742f2ed3d2802d0c8c100d51ca410b NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11830 @@ -4159,7 +4159,7 @@ CVE-2015-8730 (epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark ...) - wireshark 2.0.1+g59ea380-1 [wheezy] - wireshark (Vulnerable code not present) - [squeeze] - wireshark (Not supported in Squeeze LTS) + [squeeze] - wireshark (Vulnerable code not present) NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d2644aef369af0667220b5bd69996915b29d753d NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11815 NOTE: http://www.wireshark.org/security/wnpa-sec-2015-48.html @@ -4184,7 +4184,7 @@ CVE-2015-8726 (wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before ...) - wireshark 2.0.1+g59ea380-1 [wheezy] - wireshark (Vulnerable code not present) - [squeeze] - wireshark (Not supported in Squeeze LTS) + [squeeze] - wireshark (Vulnerable code not present) NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b8fa3d463c1bdd9b84c897441e7a5c8ad1f0f292 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=185911de7d337246044c8e99da2f5b4bac74c0d5 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11791 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40076 - data/CVE
Author: carnil Date: 2016-02-29 21:36:48 + (Mon, 29 Feb 2016) New Revision: 40076 Modified: data/CVE/list Log: Mark CVE-2016-1544/nghttp2 as no-dsa Modified: data/CVE/list === --- data/CVE/list 2016-02-29 21:34:21 UTC (rev 40075) +++ data/CVE/list 2016-02-29 21:36:48 UTC (rev 40076) @@ -3408,6 +3408,7 @@ CVE-2016-1544 [out of memory error due to unlimited incoming HTTP header fields] RESERVED - nghttp2 1.7.1-1 + [jessie] - nghttp2 (Minor issue) NOTE: Fix spread across multiple commits: https://github.com/tatsuhiro-t/nghttp2/compare/v1.7.0...v1.7.1 NOTE: Commits between 1.7.0 and 1.7.1 seem almost limited to this issue, cf. NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1308461#c3 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40075 - data/CVE
Author: rbalint Date: 2016-02-29 21:34:21 + (Mon, 29 Feb 2016) New Revision: 40075 Modified: data/CVE/list Log: wireshark CVEs not affecting wheezy Modified: data/CVE/list === --- data/CVE/list 2016-02-29 20:47:36 UTC (rev 40074) +++ data/CVE/list 2016-02-29 21:34:21 UTC (rev 40075) @@ -4142,6 +4142,7 @@ NOTE: http://www.wireshark.org/security/wnpa-sec-2015-51.html CVE-2015-8732 (The dissect_zcl_pwr_prof_pwrprofstatersp function in ...) - wireshark 2.0.1+g59ea380-1 + [wheezy] - wireshark (Vulnerable code not present) [squeeze] - wireshark (Not supported in Squeeze LTS) NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=eb0c034f6e4cdbf5ae36dd9ba8e2743630b7bd38 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9352616ec9742f2ed3d2802d0c8c100d51ca410b @@ -4156,6 +4157,7 @@ NOTE: fix released in 2.0.1 is incomplete CVE-2015-8730 (epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark ...) - wireshark 2.0.1+g59ea380-1 + [wheezy] - wireshark (Vulnerable code not present) [squeeze] - wireshark (Not supported in Squeeze LTS) NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d2644aef369af0667220b5bd69996915b29d753d NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11815 @@ -4180,6 +4182,7 @@ NOTE: http://www.wireshark.org/security/wnpa-sec-2015-45.html CVE-2015-8726 (wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before ...) - wireshark 2.0.1+g59ea380-1 + [wheezy] - wireshark (Vulnerable code not present) [squeeze] - wireshark (Not supported in Squeeze LTS) NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b8fa3d463c1bdd9b84c897441e7a5c8ad1f0f292 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=185911de7d337246044c8e99da2f5b4bac74c0d5 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40074 - data
Author: agx Date: 2016-02-29 20:47:36 + (Mon, 29 Feb 2016) New Revision: 40074 Modified: data/dsa-needed.txt Log: Grab libsndfile Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-02-29 20:46:47 UTC (rev 40073) +++ data/dsa-needed.txt 2016-02-29 20:47:36 UTC (rev 40074) @@ -39,6 +39,8 @@ https://people.debian.org/~ghedo/libidn_1.29-1+deb8u1.diff Help is needed to fix it so that it doesn't FTBFS -- +libsndfile (Guido Günther) +-- linux (carnil) Wait until more severe issues have accumulated -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40073 - data/CVE
Author: carnil Date: 2016-02-29 20:46:47 + (Mon, 29 Feb 2016) New Revision: 40073 Modified: data/CVE/list Log: Add another issue for src:rails which need to be checked Modified: data/CVE/list === --- data/CVE/list 2016-02-29 20:42:16 UTC (rev 40072) +++ data/CVE/list 2016-02-29 20:46:47 UTC (rev 40073) @@ -1633,6 +1633,16 @@ TODO: check CVE-2016-2097 RESERVED + - rails + [wheezy] - rails (Vulnerable code not present, is only a transitional package) + [squeeze] - rails (Not supported in Squeeze LTS) + - ruby-actionpack-3.2 + - ruby-actionpack-2.3 + [wheezy] - ruby-actionpack-2.3 + NOTE: Versions Affected: 3.2.x, 4.0.x, 4.1.x + NOTE: Not affected: 4.2+ + NOTE: Fixed Versions: 3.2.22.2, 4.1.14.2 + TODO: check, for src:rails should actually not be affected since original patch complete CVE-2016-2096 RESERVED CVE-2016-2095 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40072 - data/CVE
Author: carnil Date: 2016-02-29 20:42:16 + (Mon, 29 Feb 2016) New Revision: 40072 Modified: data/CVE/list Log: Add CVE-2016-2098/rails, needs check Note for reviewers: This is only added as additional template. Verifying the affected versions and source packages needs to be done properly. Modified: data/CVE/list === --- data/CVE/list 2016-02-29 20:21:26 UTC (rev 40071) +++ data/CVE/list 2016-02-29 20:42:16 UTC (rev 40072) @@ -1620,8 +1620,17 @@ RESERVED CVE-2016-2099 RESERVED -CVE-2016-2098 +CVE-2016-2098 [Possible remote code execution vulnerability in Action Pack] RESERVED + - rails + [wheezy] - rails (Vulnerable code not present, is only a transitional package) + [squeeze] - rails (Not supported in Squeeze LTS) + - ruby-actionpack-3.2 + - ruby-actionpack-2.3 + [wheezy] - ruby-actionpack-2.3 + NOTE: Versions Affected: 3.2.x, 4.0.x, 4.1.x, 4.2.x + NOTE: Fixed Versions: 3.2.22.2, 4.1.14.2, 4.2.5.2 + TODO: check CVE-2016-2097 RESERVED CVE-2016-2096 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40071 - data/CVE
Author: rbalint Date: 2016-02-29 20:21:26 + (Mon, 29 Feb 2016) New Revision: 40071 Modified: data/CVE/list Log: Update some wireshark CVE-s not affecting wheezy Modified: data/CVE/list === --- data/CVE/list 2016-02-29 20:01:55 UTC (rev 40070) +++ data/CVE/list 2016-02-29 20:21:26 UTC (rev 40071) @@ -4187,6 +4187,7 @@ NOTE: http://www.wireshark.org/security/wnpa-sec-2015-42.html CVE-2015-8722 (epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark ...) - wireshark 2.0.1+g59ea380-1 + [wheezy] - wireshark (Vulnerable code not present) [squeeze] - wireshark (Not supported in Squeeze LTS) NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2259bf8a827088081bef101f98e4983de8aa8099 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1b32d505a59475d51d9b2bed5f0869d2d154e8b6 @@ -4194,6 +4195,7 @@ NOTE: http://www.wireshark.org/security/wnpa-sec-2015-41.html CVE-2015-8721 (Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c ...) - wireshark 2.0.1+g59ea380-1 + [wheezy] - wireshark (Vulnerable code not present) [squeeze] - wireshark (Not supported in Squeeze LTS) NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cec0593ae6c3bca65eff65741c2a10f3de3e0afe NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11548 @@ -4205,6 +4207,7 @@ NOTE: http://www.wireshark.org/security/wnpa-sec-2015-39.html CVE-2015-8719 (The dissect_dns_answer function in epan/dissectors/packet-dns.c in the ...) - wireshark 2.0.1+g59ea380-1 + [wheezy] - wireshark (Vulnerable code not present) [squeeze] - wireshark (Not supported in Squeeze LTS) NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=30651ab18b42e666f57ea239e58f3ff3a5e9c4ad NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10988 @@ -4216,6 +4219,7 @@ NOTE: http://www.wireshark.org/security/wnpa-sec-2015-37.html CVE-2015-8717 (The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP ...) - wireshark 2.0.1+g59ea380-1 + [wheezy] - wireshark (Vulnerable code not present) [squeeze] - wireshark (Not supported in Squeeze LTS) NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2ddd92b6f8f587325b9e14598658626f3a007c5c NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9887 @@ -4228,6 +4232,7 @@ NOTE: http://www.wireshark.org/security/wnpa-sec-2015-35.html CVE-2015-8715 (epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark ...) - wireshark 2.0.1+g59ea380-1 + [wheezy] - wireshark (Vulnerable code not present) [squeeze] - wireshark (Not supported in Squeeze LTS) NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=40caff2d1fb08262c848ac584baa8866dd7c NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11607 @@ -4241,18 +4246,21 @@ TODO: check if actually fixed earlier CVE-2015-8713 (epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark ...) - wireshark 2.0.1+g59ea380-1 + [wheezy] - wireshark (Vulnerable code not present) [squeeze] - wireshark (Not supported in Squeeze LTS) NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=67b6d4f7e6f2117b40957fd51518aa2a3e659002 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11606 NOTE: http://www.wireshark.org/security/wnpa-sec-2015-32.html CVE-2015-8712 (The dissect_hsdsch_channel_info function in ...) - wireshark 2.0.1+g59ea380-1 + [wheezy] - wireshark (Vulnerable code not present) [squeeze] - wireshark (Not supported in Squeeze LTS) NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2ae329a47b7f0ac94089c23e79c6b8bc18ba80ea NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11602 NOTE: http://www.wireshark.org/security/wnpa-sec-2015-32.html CVE-2015-8711 (epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark ...) - wireshark 2.0.1+g59ea380-1 + [wheezy] - wireshark (Vulnerable code not present) [squeeze] - wireshark (Not supported in Squeeze LTS) NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5bf565690ad9f0771196d8fa237aa37fae3bb7cc NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5b4ada17723ed8af7e85cb48d537437ed614e417 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40069 - data/CVE
Author: carnil Date: 2016-02-29 20:01:46 + (Mon, 29 Feb 2016) New Revision: 40069 Modified: data/CVE/list Log: Remove TODO item for CVE-2016-2781 Modified: data/CVE/list === --- data/CVE/list 2016-02-29 19:00:55 UTC (rev 40068) +++ data/CVE/list 2016-02-29 20:01:46 UTC (rev 40069) @@ -26,7 +26,6 @@ NOTE: Upstream commit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0 (v4.5-rc2) CVE-2016-2781 [nonpriv session can escape to the parent session by using the TIOCSTI ioctl] - coreutils - TODO: check CVE-2016-2779 [runuser tty hijacking via TIOCSTI ioctl] - util-linux (bug #815922) [wheezy] - util-linux (runuser[.c] not yet present) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40070 - data/CVE
Author: carnil Date: 2016-02-29 20:01:55 + (Mon, 29 Feb 2016) New Revision: 40070 Modified: data/CVE/list Log: Add bug reference for CVE-2016-2781/coreutils, #816320 Modified: data/CVE/list === --- data/CVE/list 2016-02-29 20:01:46 UTC (rev 40069) +++ data/CVE/list 2016-02-29 20:01:55 UTC (rev 40070) @@ -25,7 +25,7 @@ - linux-2.6 NOTE: Upstream commit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0 (v4.5-rc2) CVE-2016-2781 [nonpriv session can escape to the parent session by using the TIOCSTI ioctl] - - coreutils + - coreutils (bug #816320) CVE-2016-2779 [runuser tty hijacking via TIOCSTI ioctl] - util-linux (bug #815922) [wheezy] - util-linux (runuser[.c] not yet present) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40068 - in data: . DLA
Author: santiago Date: 2016-02-29 19:00:55 + (Mon, 29 Feb 2016) New Revision: 40068 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA 445-1 for squid3 Modified: data/DLA/list === --- data/DLA/list 2016-02-29 18:57:56 UTC (rev 40067) +++ data/DLA/list 2016-02-29 19:00:55 UTC (rev 40068) @@ -1,3 +1,6 @@ +[29 Feb 2016] DLA-445-1 squid3 - security update + {CVE-2016-2569 CVE-2016-2571} + [squeeze] - squid3 3.1.6-1.2+squeeze6 [29 Feb 2016] DLA-444-1 php5 - security update {CVE-2015-2305 CVE-2015-2348} [squeeze] - php5 5.3.3.1-7+squeeze29 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-02-29 18:57:56 UTC (rev 40067) +++ data/dla-needed.txt 2016-02-29 19:00:55 UTC (rev 40068) @@ -53,8 +53,6 @@ -- squid -- -squid3 (Santiago R.R.) --- tiff NOTE: 20160226, no fix available yet -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40067 - data
Author: alteholz Date: 2016-02-29 18:57:56 + (Mon, 29 Feb 2016) New Revision: 40067 Modified: data/dla-needed.txt Log: libebml has been uploaded Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-02-29 18:51:51 UTC (rev 40066) +++ data/dla-needed.txt 2016-02-29 18:57:56 UTC (rev 40067) @@ -36,8 +36,6 @@ -- jasper (Ben Hutchings) -- -libebml --- libxml2 NOTE: 20160226, no fix available yet -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40066 - data/CVE
Author: santiago Date: 2016-02-29 18:51:51 + (Mon, 29 Feb 2016) New Revision: 40066 Modified: data/CVE/list Log: add note about CVE-2016-2570/squid3 Modified: data/CVE/list === --- data/CVE/list 2016-02-29 18:45:48 UTC (rev 40065) +++ data/CVE/list 2016-02-29 18:51:51 UTC (rev 40066) @@ -91,6 +91,7 @@ NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13993.patch NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14549.patch NOTE: Upstream confirmed it does not affect squid 2.7.x + NOTE: It's maybe too instrusive to fix in 3.1 (squeeze and wheezy). CVE-2016-2569 RESERVED - squid3 (bug #816011) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40065 - data/CVE
Author: alteholz Date: 2016-02-29 18:45:48 + (Mon, 29 Feb 2016) New Revision: 40065 Modified: data/CVE/list Log: temporary tags for Squeeze Modified: data/CVE/list === --- data/CVE/list 2016-02-29 18:25:18 UTC (rev 40064) +++ data/CVE/list 2016-02-29 18:45:48 UTC (rev 40065) @@ -891,6 +891,8 @@ - php5 5.6.18+dfsg-1 - php5.6 5.6.18+dfsg-1 - php7.0 7.0.3-1 +[squeeze] - php5 5.3.3.1-7+squeeze29 +NOTE: temporary workaround until CVE assigned to explitly tag for squeeze NOTE: https://bugs.php.net/bug.php?id=71039 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305494 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=c527549e899bf211aac7d8ab5ceb1bdfedf07f14 @@ -899,12 +901,16 @@ - php5 5.6.18+dfsg-1 - php5.6 5.6.18+dfsg-1 - php7.0 7.0.3-1 +[squeeze] - php5 5.3.3.1-7+squeeze29 +NOTE: temporary workaround until CVE assigned to explitly tag for squeeze NOTE: https://bugs.php.net/bug.php?id=71089 NOTE: Fixed in 5.6.18, 7.0.3 CVE-2016- [round() segfault on 64-bit builds] - php5 5.6.18+dfsg-1 - php5.6 5.6.18+dfsg-1 - php7.0 7.0.3-1 +[squeeze] - php5 5.3.3.1-7+squeeze29 +NOTE: temporary workaround until CVE assigned to explitly tag for squeeze NOTE: https://bugs.php.net/bug.php?id=71201 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305504 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=0d822f6df946764f3f0348b82efae2e1eaa83aa0 @@ -922,6 +928,8 @@ - php5 5.6.18+dfsg-1 - php5.6 5.6.18+dfsg-1 - php7.0 7.0.3-1 +[squeeze] - php5 5.3.3.1-7+squeeze29 +NOTE: temporary workaround until CVE assigned to explitly tag for squeeze NOTE: https://bugs.php.net/bug.php?id=71459 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305518 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=54c210d2ea9b8539edcde1888b1104b96b38e886 @@ -930,6 +938,8 @@ - php5 5.6.18+dfsg-1 - php5.6 5.6.18+dfsg-1 - php7.0 7.0.3-1 +[squeeze] - php5 5.3.3.1-7+squeeze29 +NOTE: temporary workaround until CVE assigned to explitly tag for squeeze NOTE: https://bugs.php.net/bug.php?id=71354 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305536 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=13ad4d3e971807f9a58ab5933182907dc2958539 @@ -938,6 +948,8 @@ - php5 5.6.18+dfsg-1 - php5.6 5.6.18+dfsg-1 - php7.0 7.0.3-1 +[squeeze] - php5 5.3.3.1-7+squeeze29 +NOTE: temporary workaround until CVE assigned to explitly tag for squeeze NOTE: https://bugs.php.net/bug.php?id=71391 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305540 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=1c1b8b69982375700d4b011eb89ea48b66dbd5aa @@ -973,6 +985,8 @@ - php5 5.6.18+dfsg-1 - php5.6 5.6.18+dfsg-1 - php7.0 7.0.3-1 +[squeeze] - php5 5.3.3.1-7+squeeze29 +NOTE: temporary workaround until CVE assigned to explitly tag for squeeze NOTE: https://bugs.php.net/bug.php?id=70979 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305551 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=4308c868f94df1f2b99e80038ba5ea1076d919a7 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40064 - in data: . DLA
Author: alteholz Date: 2016-02-29 18:25:18 + (Mon, 29 Feb 2016) New Revision: 40064 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-444-1 for php5 Modified: data/DLA/list === --- data/DLA/list 2016-02-29 17:47:12 UTC (rev 40063) +++ data/DLA/list 2016-02-29 18:25:18 UTC (rev 40064) @@ -1,3 +1,6 @@ +[29 Feb 2016] DLA-444-1 php5 - security update + {CVE-2015-2305 CVE-2015-2348} + [squeeze] - php5 5.3.3.1-7+squeeze29 [29 Feb 2016] DLA-443-1 bsh - security update {CVE-2016-2510} [squeeze] - bsh 2.0b4-12+deb6u1 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-02-29 17:47:12 UTC (rev 40063) +++ data/dla-needed.txt 2016-02-29 18:25:18 UTC (rev 40064) @@ -51,9 +51,6 @@ -- openssl -- -php5 (Thorsten Alteholz) - NOTE: next upload end of December --- policykit-1 -- squid ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40063 - data/CVE
Author: jmm Date: 2016-02-29 17:47:12 + (Mon, 29 Feb 2016) New Revision: 40063 Modified: data/CVE/list Log: wireshark fixed Modified: data/CVE/list === --- data/CVE/list 2016-02-29 17:23:47 UTC (rev 40062) +++ data/CVE/list 2016-02-29 17:47:12 UTC (rev 40063) @@ -267,106 +267,106 @@ CVE-2016-2534 RESERVED CVE-2016- [another ASN.1 BER dissector crash] - - wireshark + - wireshark 2.0.2+ga16e22e-1 NOTE: https://www.wireshark.org/security/wnpa-sec-2016-18.html NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9 NOTE: Fixed versions: 2.0.2, 1.12.10 TODO: check CVE-2016- [NFS dissector crash] - - wireshark + - wireshark 2.0.2+ga16e22e-1 NOTE: https://www.wireshark.org/security/wnpa-sec-2016-17.html NOTE: Affected versions: 2.0.0 to 2.0.1 NOTE: Fixed versions: 2.0.2 TODO: check CVE-2016- [SPICE dissector large loop] - - wireshark + - wireshark 2.0.2+ga16e22e-1 NOTE: https://www.wireshark.org/security/wnpa-sec-2016-16.html NOTE: Affected versions: 2.0.0 to 2.0.1 NOTE: Fixed versions: 2.0.2 TODO: check CVE-2016- [ASN.1 BER dissector crash] - - wireshark + - wireshark 2.0.2+ga16e22e-1 NOTE: https://www.wireshark.org/security/wnpa-sec-2016-15.html NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9 NOTE: Fixed versions: 2.0.2, 1.12.10 TODO: check CVE-2016- [GSM A-bis OML dissector crash] - - wireshark + - wireshark 2.0.2+ga16e22e-1 NOTE: https://www.wireshark.org/security/wnpa-sec-2016-14.html NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9 NOTE: Fixed versions: 2.0.2, 1.12.10 TODO: check CVE-2016- [IEEE 802.11 dissector crash] - - wireshark + - wireshark 2.0.2+ga16e22e-1 NOTE: https://www.wireshark.org/security/wnpa-sec-2016-13.html NOTE: Affected versions: 2.0.0 to 2.0.1 NOTE: Fixed versions: 2.0.2 TODO: check CVE-2016- [Ixia IxVeriWave file parser crash] - - wireshark + - wireshark 2.0.2+ga16e22e-1 NOTE: https://www.wireshark.org/security/wnpa-sec-2016-12.html NOTE: Affected versions: 2.0.0 to 2.0.1 NOTE: Fixed versions: 2.0.2 TODO: check CVE-2016-2532 RESERVED - - wireshark + - wireshark 2.0.2+ga16e22e-1 NOTE: https://www.wireshark.org/security/wnpa-sec-2016-11.html NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9 NOTE: Fixed versions: 2.0.2, 1.12.10 TODO: check CVE-2016-2531 RESERVED - - wireshark + - wireshark 2.0.2+ga16e22e-1 NOTE: https://www.wireshark.org/security/wnpa-sec-2016-10.html NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9 NOTE: Fixed versions: 2.0.2, 1.12.10 TODO: check CVE-2016-2530 RESERVED - - wireshark + - wireshark 2.0.2+ga16e22e-1 NOTE: https://www.wireshark.org/security/wnpa-sec-2016-10.html NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9 NOTE: Fixed versions: 2.0.2, 1.12.10 TODO: check CVE-2016-2529 RESERVED - - wireshark + - wireshark 2.0.2+ga16e22e-1 NOTE: https://www.wireshark.org/security/wnpa-sec-2016-09.html NOTE: Affected versions: 2.0.0 to 2.0.1 NOTE: Fixed versions: 2.0.2 TODO: check CVE-2016-2528 RESERVED - - wireshark + - wireshark 2.0.2+ga16e22e-1 NOTE: https://www.wireshark.org/security/wnpa-sec-2016-08.html NOTE: Affected versions: 2.0.0 to 2.0.1 NOTE: Fixed versions: 2.0.2 TODO: check CVE-2016-2527 RESERVED - - wireshark + - wireshark 2.0.2+ga16e22e-1 NOTE: https://www.wireshark.org/security/wnpa-sec-2016-07.html NOTE: Affected versions: 2.0.0 to 2.0.1 NOTE: Fixed versions: 2.0.2 TODO: check CVE-2016-2526 RESERVED - - wireshark + - wireshark 2.0.2+ga16e22e-1 NOTE: https://www.wireshark.org/security/wnpa-sec-2016-06.html NOTE: Affected versions: 2.0.0 to 2.0.1 NOTE: Fixed versions: 2.0.2 TODO: check CVE-2016-2525 RESERVED - - wireshark + - wireshark 2.0.2+ga16e22e-1 NOTE: https://www.wireshark.org/security/wnpa-sec-2016-05.html NOTE: Affected versions: 2.0.0 to 2.0.1 NOTE: Fixed versions: 2.0.2 TODO: check CVE-2016-2524 RESERVED - - wireshark + - wireshark 2.0.2+ga16e22e-1 [jessie] - wireshark (Only affects 2.0.x) [wheezy] - wireshark (Only affects 2.0.x) [squeeze] - wireshark (Only affects 2.0.x) @@ -375,14 +375,14 @@ NOTE: Fixed versions: 2.0.2 CVE-2016-2523 RESERVED - - wireshark + -
[Secure-testing-commits] r40062 - data/CVE
Author: jmm Date: 2016-02-29 17:23:47 + (Mon, 29 Feb 2016) New Revision: 40062 Modified: data/CVE/list Log: new openssl issue Modified: data/CVE/list === --- data/CVE/list 2016-02-29 16:12:13 UTC (rev 40061) +++ data/CVE/list 2016-02-29 17:23:47 UTC (rev 40062) @@ -5739,6 +5739,8 @@ NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=59a908f1e8380412a81392c468b83bf6071beb2a CVE-2016-0797 RESERVED + - openssl + NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=99ba9fd02fd481eb971023a3a0a251a37eb87e4c CVE-2016-0796 RESERVED CVE-2016-0795 (LibreOffice before 5.0.5 allows remote attackers to cause a denial of ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40061 - data/CVE
Author: carnil Date: 2016-02-29 16:12:13 + (Mon, 29 Feb 2016) New Revision: 40061 Modified: data/CVE/list Log: Remove ftpbackup entries, it is removed from the archive Modified: data/CVE/list === --- data/CVE/list 2016-02-29 14:06:49 UTC (rev 40060) +++ data/CVE/list 2016-02-29 16:12:13 UTC (rev 40061) @@ -128,10 +128,6 @@ NOTE: pcre2: http://vcs.pcre.org/pcre2?view=revision=489 NOTE: https://bugs.exim.org/show_bug.cgi?id=1791 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1311503 -CVE-2016- [ftpbackup: disables opportunistic TLS] - - ftpbackup (bug #815879) -CVE-2016- [ftpbackup: creates backup folders world readable] - - ftpbackup (bug #815878) CVE-2016- [File upload access bypass and denial of service] - drupal8 (bug #756305) - drupal7 7.43-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40060 - data/CVE
Author: carnil Date: 2016-02-29 14:06:49 + (Mon, 29 Feb 2016) New Revision: 40060 Modified: data/CVE/list Log: Add workaround entry for pcre3 issue Modified: data/CVE/list === --- data/CVE/list 2016-02-29 13:01:10 UTC (rev 40059) +++ data/CVE/list 2016-02-29 14:06:49 UTC (rev 40060) @@ -121,6 +121,8 @@ - pcre3 2:8.38-2 (bug #815921) [jessie] - pcre3 (Minor issue) [wheezy] - pcre3 (Minor issue) + [squeeze] - pcre3 8.02-1.1+deb6u1 + NOTE: workaround entry for DLA-441-1 until/if CVE assigned - pcre2 10.21-1 (bug #815920) NOTE: pcre3: http://vcs.pcre.org/pcre?view=revision=1631 NOTE: pcre2: http://vcs.pcre.org/pcre2?view=revision=489 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40059 - in data: . DLA
Author: apo-guest Date: 2016-02-29 13:01:10 + (Mon, 29 Feb 2016) New Revision: 40059 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-443-1 for bsh Modified: data/DLA/list === --- data/DLA/list 2016-02-29 12:56:49 UTC (rev 40058) +++ data/DLA/list 2016-02-29 13:01:10 UTC (rev 40059) @@ -1,3 +1,6 @@ +[29 Feb 2016] DLA-443-1 bsh - security update + {CVE-2016-2510} + [squeeze] - bsh 2.0b4-12+deb6u1 [29 Feb 2016] DLA-442-1 lxc - security update {CVE-2013-6441 CVE-2015-1335} [squeeze] - lxc 0.7.2-1+deb6u1 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-02-29 12:56:49 UTC (rev 40058) +++ data/dla-needed.txt 2016-02-29 13:01:10 UTC (rev 40059) @@ -9,8 +9,6 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues -- -bsh (Markus Koschany) --- cacti NOTE: Issue being disputed, check https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814353#10 -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40058 - in data: . DLA
Author: sunweaver Date: 2016-02-29 12:56:49 + (Mon, 29 Feb 2016) New Revision: 40058 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-442-1 for lxc Modified: data/DLA/list === --- data/DLA/list 2016-02-29 11:20:18 UTC (rev 40057) +++ data/DLA/list 2016-02-29 12:56:49 UTC (rev 40058) @@ -1,3 +1,6 @@ +[29 Feb 2016] DLA-442-1 lxc - security update + {CVE-2013-6441 CVE-2015-1335} + [squeeze] - lxc 0.7.2-1+deb6u1 [29 Feb 2016] DLA-441-1 pcre3 - security update [squeeze] - pcre3 8.02-1.1+deb6u1 [28 Feb 2016] DLA-440-1 dansguardian - security update Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-02-29 11:20:18 UTC (rev 40057) +++ data/dla-needed.txt 2016-02-29 12:56:49 UTC (rev 40058) @@ -45,9 +45,6 @@ -- linux-2.6 -- -lxc (Mike Gabriel) - NOTE: waiting for upstream feedback: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662/comments/77 --- macopix (Paul Liu) -- ntp ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40057 - in data: . DLA
Author: apo-guest Date: 2016-02-29 11:20:18 + (Mon, 29 Feb 2016) New Revision: 40057 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-441-1 for pcre3 Modified: data/DLA/list === --- data/DLA/list 2016-02-29 09:24:27 UTC (rev 40056) +++ data/DLA/list 2016-02-29 11:20:18 UTC (rev 40057) @@ -1,3 +1,5 @@ +[29 Feb 2016] DLA-441-1 pcre3 - security update + [squeeze] - pcre3 8.02-1.1+deb6u1 [28 Feb 2016] DLA-440-1 dansguardian - security update [squeeze] - dansguardian 2.10.1.1-3+deb6u1 [28 Feb 2016] DLA-439-1 linux-2.6 - security update Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-02-29 09:24:27 UTC (rev 40056) +++ data/dla-needed.txt 2016-02-29 11:20:18 UTC (rev 40057) @@ -56,8 +56,6 @@ -- openssl -- -pcre3 (Markus Koschany) --- php5 (Thorsten Alteholz) NOTE: next upload end of December -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40056 - data/CVE
Author: carnil Date: 2016-02-29 09:24:27 + (Mon, 29 Feb 2016) New Revision: 40056 Modified: data/CVE/list Log: Reference CVE request for pcre3 issue Modified: data/CVE/list === --- data/CVE/list 2016-02-29 09:16:04 UTC (rev 40055) +++ data/CVE/list 2016-02-29 09:24:27 UTC (rev 40056) @@ -1221,6 +1221,7 @@ [squeeze] - pcre3 (Minor issue) - pcre2 (Vulnerable code not present) NOTE: https://bugs.exim.org/show_bug.cgi?id=1777 + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/29/1 CVE-2016-2242 RESERVED CVE-2016-2241 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40055 - data/CVE
Author: jmm Date: 2016-02-29 09:16:04 + (Mon, 29 Feb 2016) New Revision: 40055 Modified: data/CVE/list Log: triaged some issues Modified: data/CVE/list === --- data/CVE/list 2016-02-29 09:10:13 UTC (rev 40054) +++ data/CVE/list 2016-02-29 09:16:04 UTC (rev 40055) @@ -368,32 +368,35 @@ TODO: check CVE-2016-2524 RESERVED - - wireshark + - wireshark + [jessie] - wireshark (Only affects 2.0.x) + [wheezy] - wireshark (Only affects 2.0.x) + [squeeze] - wireshark (Only affects 2.0.x) NOTE: https://www.wireshark.org/security/wnpa-sec-2016-04.html NOTE: Affected versions: 2.0.0 to 2.0.1 NOTE: Fixed versions: 2.0.2 - TODO: check CVE-2016-2523 RESERVED - - wireshark + - wireshark NOTE: https://www.wireshark.org/security/wnpa-sec-2016-03.html NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9 NOTE: Fixed versions: 2.0.2, 1.12.10 TODO: check CVE-2016-2522 RESERVED - - wireshark + - wireshark + [jessie] - wireshark (Only affects 2.0.x) + [wheezy] - wireshark (Only affects 2.0.x) + [squeeze] - wireshark (Only affects 2.0.x) NOTE: https://www.wireshark.org/security/wnpa-sec-2016-02.html NOTE: Affected versions: 2.0.0 to 2.0.1 NOTE: Fixed versions: 2.0.2 - TODO: check CVE-2016-2521 RESERVED - - wireshark + - wireshark NOTE: https://www.wireshark.org/security/wnpa-sec-2016-01.html NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9 NOTE: Fixed versions: 2.0.2, 1.12.10 - TODO: check CVE-2016-2520 RESERVED CVE-2016-2519 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40053 - data
Author: santiago Date: 2016-02-29 08:43:34 + (Mon, 29 Feb 2016) New Revision: 40053 Modified: data/dla-needed.txt Log: Take squid3 in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-02-29 08:32:27 UTC (rev 40052) +++ data/dla-needed.txt 2016-02-29 08:43:34 UTC (rev 40053) @@ -65,7 +65,7 @@ -- squid -- -squid3 +squid3 (Santiago R.R.) -- tiff NOTE: 20160226, no fix available yet ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40052 - data
Author: santiago Date: 2016-02-29 08:32:27 + (Mon, 29 Feb 2016) New Revision: 40052 Modified: data/dla-needed.txt Log: sort data/dla-needed.txt alphabetically Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-02-29 07:44:39 UTC (rev 40051) +++ data/dla-needed.txt 2016-02-29 08:32:27 UTC (rev 40052) @@ -17,6 +17,8 @@ cakephp NOTE: 20160123, No official solution is currently available. -- +coreutils +-- curl NOTE: marked as no-dsa in wheezy as too intrusive to backport NOTE: should we have the resources to handle it we should fix wheezy too. @@ -36,9 +38,13 @@ -- jasper (Ben Hutchings) -- +libebml +-- libxml2 NOTE: 20160226, no fix available yet -- +linux-2.6 +-- lxc (Mike Gabriel) NOTE: waiting for upstream feedback: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662/comments/77 -- @@ -48,27 +54,21 @@ NOTE: maintainer wants to upload package (as done before) NOTE: <20160213161710.ga9...@roeckx.be> -- +openssl +-- +pcre3 (Markus Koschany) +-- php5 (Thorsten Alteholz) NOTE: next upload end of December -- -tiff - NOTE: 20160226, no fix available yet --- -xymon (Chris Lamb) --- -pcre3 (Markus Koschany) --- policykit-1 -- squid -- squid3 -- -openssl +tiff + NOTE: 20160226, no fix available yet -- -libebml +xymon (Chris Lamb) -- -coreutils --- -linux-2.6 --- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits