date:20160301

[Secure-testing-commits] r40123 - data/CVE

2016-03-01 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-03-02 06:01:13 + (Wed, 02 Mar 2016)
New Revision: 40123

Modified:
   data/CVE/list
Log:
dovecot bug #803223 addressed in unstable

Modified: data/CVE/list
===
--- data/CVE/list   2016-03-02 05:59:49 UTC (rev 40122)
+++ data/CVE/list   2016-03-02 06:01:13 UTC (rev 40123)
@@ -9988,7 +9988,7 @@
 CVE-2015-7985 (Valve Steam 2.10.91.91 uses weak permissions (Users: read and 
write) ...)
- steam  (specific to the steam installor on windows)
 CVE-2015- [buffer overflow with handling pop3_deleted_flag setting]
-   - dovecot  (bug #803223)
+   - dovecot 1:2.2.21-1 (bug #803223)
[jessie] - dovecot  (Affected functionality unusable)
[wheezy] - dovecot  (Bug with pop3_deleted_flag 
introduced in 2.2.10)
[squeeze] - dovecot  (Bug with pop3_deleted_flag 
introduced in 2.2.10)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40122 - data

2016-03-01 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-03-02 05:59:49 + (Wed, 02 Mar 2016)
New Revision: 40122

Modified:
   data/dsa-needed.txt
Log:
Add note for squid3

Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-03-02 05:59:10 UTC (rev 40121)
+++ data/dsa-needed.txt 2016-03-02 05:59:49 UTC (rev 40122)
@@ -75,6 +75,7 @@
 squid/oldstable
 --
 squid3
+  Maintainers contacted for wheezy- and jessie-security
 --
 tardiff
   fw asked maintainer for preparing debdiffs for wheezy- and jessie-security


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40121 - data/CVE

2016-03-01 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-03-02 05:59:10 + (Wed, 02 Mar 2016)
New Revision: 40121

Modified:
   data/CVE/list
Log:
squid3 issues fixed in unstable, #816011

Modified: data/CVE/list
===
--- data/CVE/list   2016-03-01 22:00:51 UTC (rev 40120)
+++ data/CVE/list   2016-03-02 05:59:10 UTC (rev 40121)
@@ -534,14 +534,14 @@
NOTE: 
http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch
 CVE-2016-2571 (http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 
proceeds with ...)
{DLA-445-1}
-   - squid3  (bug #816011)
+   - squid3 3.5.15-1 (bug #816011)
- squid  (Vulnerable code not present)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
NOTE: 
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13990.patch
NOTE: 
http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch
NOTE: Upstream confirmed it does not affect squid 2.7.x
 CVE-2016-2570 (The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 
and 4.x ...)
-   - squid3  (bug #816011)
+   - squid3 3.5.15-1 (bug #816011)
- squid  (Vulnerable code not present)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
NOTE: 
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13993.patch
@@ -550,7 +550,7 @@
NOTE: It's maybe too instrusive to fix in 3.1 (squeeze and wheezy).
 CVE-2016-2569 (Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly 
append ...)
{DLA-445-1}
-   - squid3  (bug #816011)
+   - squid3 3.5.15-1 (bug #816011)
- squid  (Vulnerable code not present)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
NOTE: 
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patch


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40120 - data

2016-03-01 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-03-01 22:00:51 + (Tue, 01 Mar 2016)
New Revision: 40120

Modified:
   data/dsa-needed.txt
Log:
python-django added to dsa-needed list

Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-03-01 21:14:04 UTC (rev 40119)
+++ data/dsa-needed.txt 2016-03-01 22:00:51 UTC (rev 40120)
@@ -64,6 +64,8 @@
 --
 pdns/oldstable (Mike Gabriel)
 --
+python-django
+--
 samba (carnil)
 --
 smarty3/oldstable


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40119 - data/CVE

2016-03-01 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-03-01 21:14:04 + (Tue, 01 Mar 2016)
New Revision: 40119

Modified:
   data/CVE/list
Log:
Mark CVE-2016-1353 as NFU

Modified: data/CVE/list
===
--- data/CVE/list   2016-03-01 21:10:34 UTC (rev 40118)
+++ data/CVE/list   2016-03-01 21:14:04 UTC (rev 40119)
@@ -4313,7 +4313,7 @@
 CVE-2016-1354
RESERVED
 CVE-2016-1353 (The TCP implementation in Cisco Videoscape Distribution Suite 
for ...)
-   TODO: check
+   NOT-FOR-US: Cisco Videoscape Distribution Suite
 CVE-2016-1352
RESERVED
 CVE-2016-1351


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40118 - data/CVE

2016-03-01 Thread security tracker role

Author: sectracker
Date: 2016-03-01 21:10:34 + (Tue, 01 Mar 2016)
New Revision: 40118

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2016-03-01 20:28:10 UTC (rev 40117)
+++ data/CVE/list   2016-03-01 21:10:34 UTC (rev 40118)
@@ -1,3 +1,13 @@
+CVE-2016-2788
+   RESERVED
+CVE-2016-2787
+   RESERVED
+CVE-2016-2786
+   RESERVED
+CVE-2016-2785
+   RESERVED
+CVE-2016-2784
+   RESERVED
 CVE-2016- [Type registration should be required]
- libkryo-java 
NOTE: https://github.com/EsotericSoftware/kryo/issues/398
@@ -496,21 +506,17 @@
RESERVED
 CVE-2016-2563
RESERVED
-CVE-2016-2562 [PMASA-2016-13 Vulnerability allowing man-in-the-middle attack 
on API call to GitHub]
-   RESERVED
+CVE-2016-2562 (The checkHTTP function in libraries/Config.class.php in 
phpMyAdmin ...)
- phpmyadmin 4:4.5.5.1-1 (unimportant)
[wheezy] - phpmyadmin 
[jessie] - phpmyadmin 
NOTE: vulnerabilty is only in the test suite
-CVE-2016-2561 [PMASA-2016-12 phpMyAdmin Multiple XSS vulnerabilities]
-   RESERVED
+CVE-2016-2561 (Multiple cross-site scripting (XSS) vulnerabilities in 
phpMyAdmin ...)
- phpmyadmin 4:4.5.5.1-1
[wheezy] - phpmyadmin 
-CVE-2016-2560 [PMASA-2016-11 phpMyAdmin Multiple XSS vulnerabilities]
-   RESERVED
+CVE-2016-2560 (Multiple cross-site scripting (XSS) vulnerabilities in 
phpMyAdmin ...)
- phpmyadmin 4:4.5.5.1-1 (low)
-CVE-2016-2559 [PMASA-2016-10 phpMyAdmin XSS vulnerability in SQL parser]
-   RESERVED
+CVE-2016-2559 (Cross-site scripting (XSS) vulnerability in the format function 
in ...)
- phpmyadmin 4:4.5.5.1-1 (low)
[wheezy] - phpmyadmin 
[jessie] - phpmyadmin 
@@ -1210,6 +1216,7 @@
RESERVED
 CVE-2016-2381
RESERVED
+   {DSA-3501-1}
- perl 5.22.1-8
NOTE: 
http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076
 CVE-2016-2380
@@ -4305,8 +4312,8 @@
RESERVED
 CVE-2016-1354
RESERVED
-CVE-2016-1353
-   RESERVED
+CVE-2016-1353 (The TCP implementation in Cisco Videoscape Distribution Suite 
for ...)
+   TODO: check
 CVE-2016-1352
RESERVED
 CVE-2016-1351
@@ -6229,17 +6236,20 @@
NOTE: 
http://blog.cryptographyengineering.com/2016/03/attack-of-week-drown.html
 CVE-2016-0799 [Memory issues in BIO_*printf functions]
RESERVED
+   {DSA-3500-1}
- openssl 1.0.2g-1
NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: Fixed in master in 
https://git.openssl.org/?p=openssl.git;a=commit;h=a801bf263849a2ef773e5bc0c86438cbba720835
NOTE: 
https://guidovranken.wordpress.com/2016/02/27/openssl-cve-2016-0799-heap-corruption-via-bio_printf/
 CVE-2016-0798 [Memory leak in SRP database lookups]
RESERVED
+   {DSA-3500-1}
- openssl 1.0.2g-1
NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: Fixed in master in 
https://git.openssl.org/?p=openssl.git;a=commit;h=59a908f1e8380412a81392c468b83bf6071beb2a
 CVE-2016-0797 [BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption]
RESERVED
+   {DSA-3500-1}
- openssl 1.0.2g-1
NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: Fixed in master in 
https://git.openssl.org/?p=openssl.git;a=commit;h=99ba9fd02fd481eb971023a3a0a251a37eb87e4c
@@ -6568,6 +6578,7 @@
NOTE: Fixed in 6.0.45, 7.0.68, 8.0.32, 9.0.0.M3
 CVE-2016-0705 [Double-free in DSA code]
RESERVED
+   {DSA-3500-1}
- openssl 1.0.2g-1
[squeeze] - openssl  (vulnerable code not present)
NOTE: Fixed in master in 
https://git.openssl.org/?p=openssl.git;a=commit;h=ab4a81f69ec88d06c9d8de15326b9296d7f498ed
@@ -6584,6 +6595,7 @@
NOTE: https://www.openssl.org/news/secadv/20160301.txt
 CVE-2016-0702 [Side channel attack on modular exponentiation]
RESERVED
+   {DSA-3500-1}
- openssl 1.0.2g-1
NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: https://cachebleed.info


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40117 - data/CVE

2016-03-01 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-03-01 20:28:10 + (Tue, 01 Mar 2016)
New Revision: 40117

Modified:
   data/CVE/list
Log:
Add issue for libryo-java

Modified: data/CVE/list
===
--- data/CVE/list   2016-03-01 20:14:54 UTC (rev 40116)
+++ data/CVE/list   2016-03-01 20:28:10 UTC (rev 40117)
@@ -1,3 +1,9 @@
+CVE-2016- [Type registration should be required]
+   - libkryo-java 
+   NOTE: https://github.com/EsotericSoftware/kryo/issues/398
+   NOTE: 
https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-1-kryo
+   NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/03/01/16
+   TODO: check
 CVE-2016-8818
- qemu 1:2.4+dfsg-1a
[jessie] - qemu  (Minor issue; can be fixed along with a future 
DSA)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40116 - data/CVE

2016-03-01 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-03-01 20:14:54 + (Tue, 01 Mar 2016)
New Revision: 40116

Modified:
   data/CVE/list
Log:
Add two CVEs for python-django

Modified: data/CVE/list
===
--- data/CVE/list   2016-03-01 19:34:44 UTC (rev 40115)
+++ data/CVE/list   2016-03-01 20:14:54 UTC (rev 40116)
@@ -840,10 +840,14 @@
RESERVED
 CVE-2016-2514
RESERVED
-CVE-2016-2513
+CVE-2016-2513 [User enumeration through timing difference on password hasher 
work factor upgrade]
RESERVED
-CVE-2016-2512
+   - python-django  (bug #816434)
+   NOTE: 
https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
+CVE-2016-2512 [Malicious redirect and possible XSS attack via user-supplied 
redirect URLs containing basic auth]
RESERVED
+   - python-django  (bug #816434)
+   NOTE: 
https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
 CVE-2016-2538 [usb: integer overflow in remote NDIS control message handling]
RESERVED
- qemu  (bug #815680)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40115 - data/CVE

2016-03-01 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-03-01 19:34:44 + (Tue, 01 Mar 2016)
New Revision: 40115

Modified:
   data/CVE/list
Log:
Add fixed version for unstable and add back tags from upstream repo

Modified: data/CVE/list
===
--- data/CVE/list   2016-03-01 19:31:12 UTC (rev 40114)
+++ data/CVE/list   2016-03-01 19:34:44 UTC (rev 40115)
@@ -1,22 +1,22 @@
 CVE-2016-8818
-   - qemu 
+   - qemu 1:2.4+dfsg-1a
[jessie] - qemu  (Minor issue; can be fixed along with a future 
DSA)
[wheezy] - qemu  (Affects Qemu versions >= 1.6.0 and <= 
2.3.1)
[squeeze] - qemu  (Affects Qemu versions >= 1.6.0 and <= 
2.3.1)
- qemu-kvm  (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
NOTE: http://www.openwall.com/lists/oss-security/2016/03/01/10
-   NOTE: 
http://git.qemu.org/?p=qemu.git;a=commit;h=b242e0e0e2969c044a318e56f7988bbd84de1f63
+   NOTE: 
http://git.qemu.org/?p=qemu.git;a=commit;h=b242e0e0e2969c044a318e56f7988bbd84de1f63
 (v2.4.0-rc0)
TODO: check again after the CVE id split
 CVE-2016-8817
-   - qemu 
+   - qemu 1:2.4+dfsg-1a
[jessie] - qemu  (Minor issue; can be fixed along with a future 
DSA)
[wheezy] - qemu  (Affects Qemu versions >= 1.6.0 and <= 
2.3.1)
[squeeze] - qemu  (Affects Qemu versions >= 1.6.0 and <= 
2.3.1)
- qemu-kvm  (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
NOTE: http://www.openwall.com/lists/oss-security/2016/03/01/10
-   NOTE: 
http://git.qemu.org/?p=qemu.git;a=commit;h=c3c1bb99d1c11978d9ce94d1bdcf0705378c1459
+   NOTE: 
http://git.qemu.org/?p=qemu.git;a=commit;h=c3c1bb99d1c11978d9ce94d1bdcf0705378c1459
 (v2.3.0-rc1)
NOTE: 
https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.html
-   NOTE: 
http://git.qemu.org/?p=qemu.git;a=commit;h=23820dbfc79d1c9dce090b4c555994f2bb6a69b3
+   NOTE: 
http://git.qemu.org/?p=qemu.git;a=commit;h=23820dbfc79d1c9dce090b4c555994f2bb6a69b3
 (v2.4.0-rc0)
TODO: check again after the CVE id split
 CVE-2016-2783
RESERVED


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40114 - data/CVE

2016-03-01 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-03-01 19:31:12 + (Tue, 01 Mar 2016)
New Revision: 40114

Modified:
   data/CVE/list
Log:
Two CVEs assigned for qemu

Modified: data/CVE/list
===
--- data/CVE/list   2016-03-01 19:14:23 UTC (rev 40113)
+++ data/CVE/list   2016-03-01 19:31:12 UTC (rev 40114)
@@ -1,16 +1,23 @@
-CVE-2016- [OOB access in address_space_rw leads to segmentation fault]
+CVE-2016-8818
- qemu 
[jessie] - qemu  (Minor issue; can be fixed along with a future 
DSA)
[wheezy] - qemu  (Affects Qemu versions >= 1.6.0 and <= 
2.3.1)
[squeeze] - qemu  (Affects Qemu versions >= 1.6.0 and <= 
2.3.1)
- qemu-kvm  (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
-   NOTE: 
http://git.qemu.org/?p=qemu.git;a=commit;h=c3c1bb99d1c11978d9ce94d1bd 
(v2.3.0-rc1)
-   NOTE: 
http://git.qemu.org/?p=qemu.git;a=commit;h=e4a511f8cc6f4a46d409fb5c9f 
(v2.4.0-rc0)
-   NOTE: 
http://git.qemu.org/?p=qemu.git;a=commit;h=965eb2fcdfe919ecced6c34803 
(v2.4.0-rc0)
-   NOTE: 
http://git.qemu.org/?p=qemu.git;a=commit;h=b242e0e0e2969c044a318e56f7 
(v2.4.0-rc0)
+   NOTE: http://www.openwall.com/lists/oss-security/2016/03/01/10
+   NOTE: 
http://git.qemu.org/?p=qemu.git;a=commit;h=b242e0e0e2969c044a318e56f7988bbd84de1f63
+   TODO: check again after the CVE id split
+CVE-2016-8817
+   - qemu 
+   [jessie] - qemu  (Minor issue; can be fixed along with a future 
DSA)
+   [wheezy] - qemu  (Affects Qemu versions >= 1.6.0 and <= 
2.3.1)
+   [squeeze] - qemu  (Affects Qemu versions >= 1.6.0 and <= 
2.3.1)
+   - qemu-kvm  (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
+   NOTE: http://www.openwall.com/lists/oss-security/2016/03/01/10
+   NOTE: 
http://git.qemu.org/?p=qemu.git;a=commit;h=c3c1bb99d1c11978d9ce94d1bdcf0705378c1459
NOTE: 
https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.html
-   NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1300771
-   NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/03/01/1
+   NOTE: 
http://git.qemu.org/?p=qemu.git;a=commit;h=23820dbfc79d1c9dce090b4c555994f2bb6a69b3
+   TODO: check again after the CVE id split
 CVE-2016-2783
RESERVED
 CVE-2016-2780


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40113 - data/CVE

2016-03-01 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-03-01 19:14:23 + (Tue, 01 Mar 2016)
New Revision: 40113

Modified:
   data/CVE/list
Log:
perl fixed in unstable, CVE-2016-2381

Modified: data/CVE/list
===
--- data/CVE/list   2016-03-01 18:30:40 UTC (rev 40112)
+++ data/CVE/list   2016-03-01 19:14:23 UTC (rev 40113)
@@ -1193,7 +1193,7 @@
RESERVED
 CVE-2016-2381
RESERVED
-   - perl 
+   - perl 5.22.1-8
NOTE: 
http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076
 CVE-2016-2380
RESERVED


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40112 - data/CVE

2016-03-01 Thread Kurt Roeckx

Author: kroeckx
Date: 2016-03-01 18:30:40 + (Tue, 01 Mar 2016)
New Revision: 40112

Modified:
   data/CVE/list
Log:
Add comment for NSS


Modified: data/CVE/list
===
--- data/CVE/list   2016-03-01 18:28:59 UTC (rev 40111)
+++ data/CVE/list   2016-03-01 18:30:40 UTC (rev 40112)
@@ -6205,6 +6205,7 @@
- openssl 1.0.0c-2
- nss 3.13
NOTE: openssl 1.0.0c-2 dropped SSLv2 support
+   NOTE: NSS disabled SSLv2 by default in 3.13
NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: https://www.drownattack.com/
NOTE: GNUTLS never implemented SSLv2


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40111 - data/CVE

2016-03-01 Thread Kurt Roeckx

Author: kroeckx
Date: 2016-03-01 18:28:59 + (Tue, 01 Mar 2016)
New Revision: 40111

Modified:
   data/CVE/list
Log:
openssl fixed version


Modified: data/CVE/list
===
--- data/CVE/list   2016-03-01 18:23:12 UTC (rev 40110)
+++ data/CVE/list   2016-03-01 18:28:59 UTC (rev 40111)
@@ -6211,18 +6211,18 @@
NOTE: 
http://blog.cryptographyengineering.com/2016/03/attack-of-week-drown.html
 CVE-2016-0799 [Memory issues in BIO_*printf functions]
RESERVED
-   - openssl 
+   - openssl 1.0.2g-1
NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: Fixed in master in 
https://git.openssl.org/?p=openssl.git;a=commit;h=a801bf263849a2ef773e5bc0c86438cbba720835
NOTE: 
https://guidovranken.wordpress.com/2016/02/27/openssl-cve-2016-0799-heap-corruption-via-bio_printf/
 CVE-2016-0798 [Memory leak in SRP database lookups]
RESERVED
-   - openssl 
+   - openssl 1.0.2g-1
NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: Fixed in master in 
https://git.openssl.org/?p=openssl.git;a=commit;h=59a908f1e8380412a81392c468b83bf6071beb2a
 CVE-2016-0797 [BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption]
RESERVED
-   - openssl 
+   - openssl 1.0.2g-1
NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: Fixed in master in 
https://git.openssl.org/?p=openssl.git;a=commit;h=99ba9fd02fd481eb971023a3a0a251a37eb87e4c
 CVE-2016-0796
@@ -6550,7 +6550,7 @@
NOTE: Fixed in 6.0.45, 7.0.68, 8.0.32, 9.0.0.M3
 CVE-2016-0705 [Double-free in DSA code]
RESERVED
-   - openssl 
+   - openssl 1.0.2g-1
[squeeze] - openssl  (vulnerable code not present)
NOTE: Fixed in master in 
https://git.openssl.org/?p=openssl.git;a=commit;h=ab4a81f69ec88d06c9d8de15326b9296d7f498ed
NOTE: https://www.openssl.org/news/secadv/20160301.txt
@@ -6566,7 +6566,7 @@
NOTE: https://www.openssl.org/news/secadv/20160301.txt
 CVE-2016-0702 [Side channel attack on modular exponentiation]
RESERVED
-   - openssl 
+   - openssl 1.0.2g-1
NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: https://cachebleed.info
 CVE-2016-0701 (The DH_check_pub_key function in crypto/dh/dh_check.c in 
OpenSSL 1.0.2 ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40110 - data/CVE

2016-03-01 Thread Kurt Roeckx

Author: kroeckx
Date: 2016-03-01 18:23:12 + (Tue, 01 Mar 2016)
New Revision: 40110

Modified:
   data/CVE/list
Log:
NSS dropped SSLv2 support in 3.13


Modified: data/CVE/list
===
--- data/CVE/list   2016-03-01 17:55:43 UTC (rev 40109)
+++ data/CVE/list   2016-03-01 18:23:12 UTC (rev 40110)
@@ -6203,7 +6203,8 @@
 CVE-2016-0800 [Cross-protocol attack on TLS using SSLv2 (DROWN)]
RESERVED
- openssl 1.0.0c-2
-   NOTE: 1.0.0c-2 dropped SSLv2 support
+   - nss 3.13
+   NOTE: openssl 1.0.0c-2 dropped SSLv2 support
NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: https://www.drownattack.com/
NOTE: GNUTLS never implemented SSLv2


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40109 - data/CVE

2016-03-01 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-03-01 17:55:43 + (Tue, 01 Mar 2016)
New Revision: 40109

Modified:
   data/CVE/list
Log:
Revert change for unixed status for CVE-2016-2560 and CVE-2016-2561

Note: this is implicitly given. Thus just mark the previous versions
which are not-affected due to vulnerable code not present.

Modified: data/CVE/list
===
--- data/CVE/list   2016-03-01 17:00:49 UTC (rev 40108)
+++ data/CVE/list   2016-03-01 17:55:43 UTC (rev 40109)
@@ -493,11 +493,9 @@
RESERVED
- phpmyadmin 4:4.5.5.1-1
[wheezy] - phpmyadmin 
-   [jessie] - phpmyadmin 
 CVE-2016-2560 [PMASA-2016-11 phpMyAdmin Multiple XSS vulnerabilities]
RESERVED
- phpmyadmin 4:4.5.5.1-1 (low)
-   [jessie] - phpmyadmin 
 CVE-2016-2559 [PMASA-2016-10 phpMyAdmin XSS vulnerability in SQL parser]
RESERVED
- phpmyadmin 4:4.5.5.1-1 (low)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40108 - data/CVE

2016-03-01 Thread Henri Salo

Author: fgeek-guest
Date: 2016-03-01 17:00:49 + (Tue, 01 Mar 2016)
New Revision: 40108

Modified:
   data/CVE/list
Log:
phpmyadmin jessie affected of CVE-2016-2560 and CVE-2016-2561

Modified: data/CVE/list
===
--- data/CVE/list   2016-03-01 16:17:03 UTC (rev 40107)
+++ data/CVE/list   2016-03-01 17:00:49 UTC (rev 40108)
@@ -493,9 +493,11 @@
RESERVED
- phpmyadmin 4:4.5.5.1-1
[wheezy] - phpmyadmin 
+   [jessie] - phpmyadmin 
 CVE-2016-2560 [PMASA-2016-11 phpMyAdmin Multiple XSS vulnerabilities]
RESERVED
- phpmyadmin 4:4.5.5.1-1 (low)
+   [jessie] - phpmyadmin 
 CVE-2016-2559 [PMASA-2016-10 phpMyAdmin XSS vulnerability in SQL parser]
RESERVED
- phpmyadmin 4:4.5.5.1-1 (low)
@@ -2057,8 +2059,8 @@
- ruby-actionpack-3.2 
- ruby-actionpack-2.3 
[wheezy] - ruby-actionpack-2.3 
-   NOTE: Versions Affected:  3.2.x, 4.0.x, 4.1.x, 4.2.x
-   NOTE: Fixed Versions: 3.2.22.2, 4.1.14.2, 4.2.5.2
+   NOTE: Versions Affected: 3.2.x, 4.0.x, 4.1.x, 4.2.x
+   NOTE: Fixed Versions: 3.2.22.2, 4.1.14.2, 4.2.5.2
TODO: check
 CVE-2016-2097
RESERVED
@@ -2069,8 +2071,8 @@
- ruby-actionpack-2.3 
[wheezy] - ruby-actionpack-2.3 
NOTE: Versions Affected:  3.2.x, 4.0.x, 4.1.x
-   NOTE: Not affected:   4.2+
-   NOTE: Fixed Versions: 3.2.22.2, 4.1.14.2
+   NOTE: Not affected: 4.2+
+   NOTE: Fixed Versions: 3.2.22.2, 4.1.14.2
TODO: check, for src:rails should actually not be affected since 
original patch complete
 CVE-2016-2096
RESERVED


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40107 - data/CVE

2016-03-01 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-03-01 16:17:03 + (Tue, 01 Mar 2016)
New Revision: 40107

Modified:
   data/CVE/list
Log:
Mark qemu issue as no-dsa

Modified: data/CVE/list
===
--- data/CVE/list   2016-03-01 16:00:49 UTC (rev 40106)
+++ data/CVE/list   2016-03-01 16:17:03 UTC (rev 40107)
@@ -1,5 +1,6 @@
 CVE-2016- [OOB access in address_space_rw leads to segmentation fault]
- qemu 
+   [jessie] - qemu  (Minor issue; can be fixed along with a future 
DSA)
[wheezy] - qemu  (Affects Qemu versions >= 1.6.0 and <= 
2.3.1)
[squeeze] - qemu  (Affects Qemu versions >= 1.6.0 and <= 
2.3.1)
- qemu-kvm  (Affects Qemu versions >= 1.6.0 and <= 2.3.1)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40106 - data/CVE

2016-03-01 Thread Thijs Kinkhorst

Author: thijs
Date: 2016-03-01 16:00:49 + (Tue, 01 Mar 2016)
New Revision: 40106

Modified:
   data/CVE/list
Log:
triage phpmyadmin issues


Modified: data/CVE/list
===
--- data/CVE/list   2016-03-01 15:42:38 UTC (rev 40105)
+++ data/CVE/list   2016-03-01 16:00:49 UTC (rev 40106)
@@ -484,16 +484,22 @@
RESERVED
 CVE-2016-2562 [PMASA-2016-13 Vulnerability allowing man-in-the-middle attack 
on API call to GitHub]
RESERVED
-   - phpmyadmin 4:4.5.5.1-1
+   - phpmyadmin 4:4.5.5.1-1 (unimportant)
+   [wheezy] - phpmyadmin 
+   [jessie] - phpmyadmin 
+   NOTE: vulnerabilty is only in the test suite
 CVE-2016-2561 [PMASA-2016-12 phpMyAdmin Multiple XSS vulnerabilities]
RESERVED
- phpmyadmin 4:4.5.5.1-1
+   [wheezy] - phpmyadmin 
 CVE-2016-2560 [PMASA-2016-11 phpMyAdmin Multiple XSS vulnerabilities]
RESERVED
-   - phpmyadmin 4:4.5.5.1-1
+   - phpmyadmin 4:4.5.5.1-1 (low)
 CVE-2016-2559 [PMASA-2016-10 phpMyAdmin XSS vulnerability in SQL parser]
RESERVED
-   - phpmyadmin 4:4.5.5.1-1
+   - phpmyadmin 4:4.5.5.1-1 (low)
+   [wheezy] - phpmyadmin 
+   [jessie] - phpmyadmin 
 CVE-2016- [out-of-bounds reads]
- cpio  (low; bug #815965)
[jessie] - cpio  (Minor issue)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40105 - data/CVE

2016-03-01 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-03-01 15:42:38 + (Tue, 01 Mar 2016)
New Revision: 40105

Modified:
   data/CVE/list
Log:
Add new qemu issue, CVE assignment pending

Modified: data/CVE/list
===
--- data/CVE/list   2016-03-01 15:40:34 UTC (rev 40104)
+++ data/CVE/list   2016-03-01 15:42:38 UTC (rev 40105)
@@ -1,3 +1,15 @@
+CVE-2016- [OOB access in address_space_rw leads to segmentation fault]
+   - qemu 
+   [wheezy] - qemu  (Affects Qemu versions >= 1.6.0 and <= 
2.3.1)
+   [squeeze] - qemu  (Affects Qemu versions >= 1.6.0 and <= 
2.3.1)
+   - qemu-kvm  (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
+   NOTE: 
http://git.qemu.org/?p=qemu.git;a=commit;h=c3c1bb99d1c11978d9ce94d1bd 
(v2.3.0-rc1)
+   NOTE: 
http://git.qemu.org/?p=qemu.git;a=commit;h=e4a511f8cc6f4a46d409fb5c9f 
(v2.4.0-rc0)
+   NOTE: 
http://git.qemu.org/?p=qemu.git;a=commit;h=965eb2fcdfe919ecced6c34803 
(v2.4.0-rc0)
+   NOTE: 
http://git.qemu.org/?p=qemu.git;a=commit;h=b242e0e0e2969c044a318e56f7 
(v2.4.0-rc0)
+   NOTE: 
https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.html
+   NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1300771
+   NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/03/01/1
 CVE-2016-2783
RESERVED
 CVE-2016-2780


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40104 - data/CVE

2016-03-01 Thread Thijs Kinkhorst

Author: thijs
Date: 2016-03-01 15:40:34 + (Tue, 01 Mar 2016)
New Revision: 40104

Modified:
   data/CVE/list
Log:
4 phpMyAdmin CVE's fixed in sid


Modified: data/CVE/list
===
--- data/CVE/list   2016-03-01 15:37:22 UTC (rev 40103)
+++ data/CVE/list   2016-03-01 15:40:34 UTC (rev 40104)
@@ -470,14 +470,18 @@
RESERVED
 CVE-2016-2563
RESERVED
-CVE-2016-2562
+CVE-2016-2562 [PMASA-2016-13 Vulnerability allowing man-in-the-middle attack 
on API call to GitHub]
RESERVED
-CVE-2016-2561
+   - phpmyadmin 4:4.5.5.1-1
+CVE-2016-2561 [PMASA-2016-12 phpMyAdmin Multiple XSS vulnerabilities]
RESERVED
-CVE-2016-2560
+   - phpmyadmin 4:4.5.5.1-1
+CVE-2016-2560 [PMASA-2016-11 phpMyAdmin Multiple XSS vulnerabilities]
RESERVED
-CVE-2016-2559
+   - phpmyadmin 4:4.5.5.1-1
+CVE-2016-2559 [PMASA-2016-10 phpMyAdmin XSS vulnerability in SQL parser]
RESERVED
+   - phpmyadmin 4:4.5.5.1-1
 CVE-2016- [out-of-bounds reads]
- cpio  (low; bug #815965)
[jessie] - cpio  (Minor issue)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40103 - data/CVE

2016-03-01 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-03-01 15:37:22 + (Tue, 01 Mar 2016)
New Revision: 40103

Modified:
   data/CVE/list
Log:
Remove todo item for rejected item

Modified: data/CVE/list
===
--- data/CVE/list   2016-03-01 15:03:06 UTC (rev 40102)
+++ data/CVE/list   2016-03-01 15:37:22 UTC (rev 40103)
@@ -6,7 +6,6 @@
RESERVED
 CVE-2016-2777
REJECTED
-   TODO: check
 CVE-2016-2776
RESERVED
 CVE-2016-2775


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40102 - in data: . DSA

2016-03-01 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-03-01 15:03:06 + (Tue, 01 Mar 2016)
New Revision: 40102

Modified:
   data/DSA/list
   data/dsa-needed.txt
Log:
Reserve DSA number for perl

Modified: data/DSA/list
===
--- data/DSA/list   2016-03-01 14:30:15 UTC (rev 40101)
+++ data/DSA/list   2016-03-01 15:03:06 UTC (rev 40102)
@@ -1,3 +1,7 @@
+[01 Mar 2016] DSA-3501-1 perl - security update
+   {CVE-2016-2381}
+   [wheezy] - perl 5.14.2-21+deb7u3
+   [jessie] - perl 5.20.2-3+deb8u4
 [01 Mar 2016] DSA-3500-1 openssl - security update
{CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0799}
[wheezy] - openssl 1.0.1e-2+deb7u20

Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-03-01 14:30:15 UTC (rev 40101)
+++ data/dsa-needed.txt 2016-03-01 15:03:06 UTC (rev 40102)
@@ -64,8 +64,6 @@
 --
 pdns/oldstable (Mike Gabriel)
 --
-perl (carnil)
---
 samba (carnil)
 --
 smarty3/oldstable


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40100 - bin check-external

2016-03-01 Thread Paul Wise

Author: pabs
Date: 2016-03-01 14:30:06 + (Tue, 01 Mar 2016)
New Revision: 40100

Modified:
   bin/add-dsa-needed.sh
   bin/embedded-cleanup
   bin/gen-DSA
   bin/inject-embedded-code-copies
   bin/reserved-but-public
   bin/split-by-year
   check-external/lookup.sh
   check-external/update.sh
Log:
https for links to the GNU license list.

Modified: bin/add-dsa-needed.sh
===
--- bin/add-dsa-needed.sh   2016-03-01 14:25:57 UTC (rev 40099)
+++ bin/add-dsa-needed.sh   2016-03-01 14:30:06 UTC (rev 40100)
@@ -15,7 +15,7 @@
 #GNU General Public License for more details.
 #
 #You should have received a copy of the GNU General Public License
-#along with this file.  If not, see .
+#along with this file.  If not, see .
 
 
 set -eu

Modified: bin/embedded-cleanup
===
--- bin/embedded-cleanup2016-03-01 14:25:57 UTC (rev 40099)
+++ bin/embedded-cleanup2016-03-01 14:30:06 UTC (rev 40100)
@@ -15,7 +15,7 @@
 #GNU General Public License for more details.
 #
 #You should have received a copy of the GNU General Public License
-#along with this file.  If not, see .
+#along with this file.  If not, see .
 
 
 set -e

Modified: bin/gen-DSA
===
--- bin/gen-DSA 2016-03-01 14:25:57 UTC (rev 40099)
+++ bin/gen-DSA 2016-03-01 14:30:06 UTC (rev 40100)
@@ -15,7 +15,7 @@
 #GNU General Public License for more details.
 #
 #You should have received a copy of the GNU General Public License
-#along with this file.  If not, see .
+#along with this file.  If not, see .
 
 
 set -e

Modified: bin/inject-embedded-code-copies
===
--- bin/inject-embedded-code-copies 2016-03-01 14:25:57 UTC (rev 40099)
+++ bin/inject-embedded-code-copies 2016-03-01 14:30:06 UTC (rev 40100)
@@ -14,7 +14,7 @@
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
-# along with this program.  If not, see .
+# along with this program.  If not, see .
 
 import os
 import sys

Modified: bin/reserved-but-public
===
--- bin/reserved-but-public 2016-03-01 14:25:57 UTC (rev 40099)
+++ bin/reserved-but-public 2016-03-01 14:30:06 UTC (rev 40100)
@@ -15,7 +15,7 @@
 #GNU General Public License for more details.
 #
 #You should have received a copy of the GNU General Public License
-#along with this file.  If not, see .
+#along with this file.  If not, see .
 
 
 set -eu

Modified: bin/split-by-year
===
--- bin/split-by-year   2016-03-01 14:25:57 UTC (rev 40099)
+++ bin/split-by-year   2016-03-01 14:30:06 UTC (rev 40100)
@@ -15,7 +15,7 @@
 #GNU General Public License for more details.
 #
 #You should have received a copy of the GNU General Public License
-#along with this file.  If not, see .
+#along with this file.  If not, see .
 
 
 set -eu

Modified: check-external/lookup.sh
===
--- check-external/lookup.sh2016-03-01 14:25:57 UTC (rev 40099)
+++ check-external/lookup.sh2016-03-01 14:30:06 UTC (rev 40100)
@@ -15,7 +15,7 @@
 #GNU General Public License for more details.
 #
 #You should have received a copy of the GNU General Public License
-#along with this file.  If not, see .
+#along with this file.  If not, see .
 
 
 set -e

Modified: check-external/update.sh
===
--- check-external/update.sh2016-03-01 14:25:57 UTC (rev 40099)
+++ check-external/update.sh2016-03-01 14:30:06 UTC (rev 40100)
@@ -15,7 +15,7 @@
 #GNU General Public License for more details.
 #
 #You should have received a copy of the GNU General Public License
-#along with this file.  If not, see .
+#along with this file.  If not, see .
 
 
 set -e


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40101 - templates

2016-03-01 Thread Paul Wise

Author: pabs
Date: 2016-03-01 14:30:15 + (Tue, 01 Mar 2016)
New Revision: 40101

Modified:
   templates/lts-no-dsa.txt
   templates/lts-update-planned.txt
Log:
https for links to the LTS development page

Modified: templates/lts-no-dsa.txt
===
--- templates/lts-no-dsa.txt2016-03-01 14:30:06 UTC (rev 40100)
+++ templates/lts-no-dsa.txt2016-03-01 14:30:15 UTC (rev 40101)
@@ -22,7 +22,7 @@
 
 If you want to work on such an update, you're welcome to do so. Please
 try to follow the workflow we have defined here:
-http://wiki.debian.org/LTS/Development
+https://wiki.debian.org/LTS/Development
 
 If that workflow is a burden to you, feel free to just prepare an
 updated source package and send it to debian-...@lists.debian.org

Modified: templates/lts-update-planned.txt
===
--- templates/lts-update-planned.txt2016-03-01 14:30:06 UTC (rev 40100)
+++ templates/lts-update-planned.txt2016-03-01 14:30:15 UTC (rev 40101)
@@ -17,7 +17,7 @@
 Would you like to take care of this yourself?
 
 If yes, please follow the workflow we have defined here:
-http://wiki.debian.org/LTS/Development
+https://wiki.debian.org/LTS/Development
 
 If that workflow is a burden to you, feel free to just prepare an
 updated source package and send it to debian-...@lists.debian.org


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40099 - /

2016-03-01 Thread Paul Wise

Author: pabs
Date: 2016-03-01 14:25:57 + (Tue, 01 Mar 2016)
New Revision: 40099

Modified:
   TODO.gitmigration
Log:
git migration: cgit webinterface works now

Modified: TODO.gitmigration
===
--- TODO.gitmigration   2016-03-01 14:20:52 UTC (rev 40098)
+++ TODO.gitmigration   2016-03-01 14:25:57 UTC (rev 40099)
@@ -40,8 +40,6 @@
 - migrate (active) users (maybe based on only the ones which commited
 to the svn repository in recent years?)
 - get the DD acl applied (then point above only applies to -guest users)
-- cgit webinterface does not yet show the repository at
-  http://anonscm.debian.org/cgit/debian-security/debian-security.git [works]
 
 team-security.debian.org website
 


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40098 - data/DSA

2016-03-01 Thread Alessandro Ghedini

Author: ghedo
Date: 2016-03-01 14:20:52 + (Tue, 01 Mar 2016)
New Revision: 40098

Modified:
   data/DSA/list
Log:
Fix openssl version in jessie

Modified: data/DSA/list
===
--- data/DSA/list   2016-03-01 14:13:51 UTC (rev 40097)
+++ data/DSA/list   2016-03-01 14:20:52 UTC (rev 40098)
@@ -1,7 +1,7 @@
 [01 Mar 2016] DSA-3500-1 openssl - security update
{CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0799}
[wheezy] - openssl 1.0.1e-2+deb7u20
-   [jessie] - openssl 1.0.1k-3+deb8u3
+   [jessie] - openssl 1.0.1k-3+deb8u4
 [28 Feb 2016] DSA-3499-1 pillow - security update
{CVE-2016-0740 CVE-2016-0775 CVE-2016-2533}
[jessie] - pillow 2.6.1-2+deb8u2


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40096 - data/DSA

2016-03-01 Thread Alessandro Ghedini

Author: ghedo
Date: 2016-03-01 14:13:43 + (Tue, 01 Mar 2016)
New Revision: 40096

Modified:
   data/DSA/list
Log:
Reserve DSA for openssl

Modified: data/DSA/list
===
--- data/DSA/list   2016-03-01 14:07:06 UTC (rev 40095)
+++ data/DSA/list   2016-03-01 14:13:43 UTC (rev 40096)
@@ -1,3 +1,7 @@
+[01 Mar 2016] DSA-3500-1 openssl - security update
+   {CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0799}
+   [wheezy] - openssl 1.0.1e-2+deb7u20
+   [jessie] - openssl 1.0.1k-3+deb8u3
 [28 Feb 2016] DSA-3499-1 pillow - security update
{CVE-2016-0740 CVE-2016-0775 CVE-2016-2533}
[jessie] - pillow 2.6.1-2+deb8u2


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40097 - data/CVE

2016-03-01 Thread Alessandro Ghedini

Author: ghedo
Date: 2016-03-01 14:13:51 + (Tue, 01 Mar 2016)
New Revision: 40097

Modified:
   data/CVE/list
Log:
Update openssl issues

Modified: data/CVE/list
===
--- data/CVE/list   2016-03-01 14:13:43 UTC (rev 40096)
+++ data/CVE/list   2016-03-01 14:13:51 UTC (rev 40097)
@@ -6178,7 +6178,7 @@
TODO: check
 CVE-2016-0801 (The Broadcom Wi-Fi driver in the kernel in Android 4.x before 
4.4.4, ...)
TODO: check
-CVE-2016-0800
+CVE-2016-0800 [Cross-protocol attack on TLS using SSLv2 (DROWN)]
RESERVED
- openssl 1.0.0c-2
NOTE: 1.0.0c-2 dropped SSLv2 support
@@ -6186,18 +6186,18 @@
NOTE: https://www.drownattack.com/
NOTE: GNUTLS never implemented SSLv2
NOTE: 
http://blog.cryptographyengineering.com/2016/03/attack-of-week-drown.html
-CVE-2016-0799
+CVE-2016-0799 [Memory issues in BIO_*printf functions]
RESERVED
- openssl 
NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: Fixed in master in 
https://git.openssl.org/?p=openssl.git;a=commit;h=a801bf263849a2ef773e5bc0c86438cbba720835
NOTE: 
https://guidovranken.wordpress.com/2016/02/27/openssl-cve-2016-0799-heap-corruption-via-bio_printf/
-CVE-2016-0798
+CVE-2016-0798 [Memory leak in SRP database lookups]
RESERVED
- openssl 
NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: Fixed in master in 
https://git.openssl.org/?p=openssl.git;a=commit;h=59a908f1e8380412a81392c468b83bf6071beb2a
-CVE-2016-0797
+CVE-2016-0797 [BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption]
RESERVED
- openssl 
NOTE: https://www.openssl.org/news/secadv/20160301.txt
@@ -6525,26 +6525,27 @@
- tomcat6 6.0.41-3
NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
NOTE: Fixed in 6.0.45, 7.0.68, 8.0.32, 9.0.0.M3
-CVE-2016-0705
+CVE-2016-0705 [Double-free in DSA code]
RESERVED
- openssl 
[squeeze] - openssl  (vulnerable code not present)
NOTE: Fixed in master in 
https://git.openssl.org/?p=openssl.git;a=commit;h=ab4a81f69ec88d06c9d8de15326b9296d7f498ed
NOTE: https://www.openssl.org/news/secadv/20160301.txt
-CVE-2016-0704
+CVE-2016-0704 [Bleichenbacher oracle in SSLv2]
RESERVED
- openssl 1.0.0c-2
NOTE: 1.0.0c-2 dropped SSLv2 support
NOTE: https://www.openssl.org/news/secadv/20160301.txt
-CVE-2016-0703
+CVE-2016-0703 [Divide-and-conquer session key recovery in SSLv2]
RESERVED
- openssl 1.0.0c-2
NOTE: 1.0.0c-2 dropped SSLv2 support
NOTE: https://www.openssl.org/news/secadv/20160301.txt
-CVE-2016-0702
+CVE-2016-0702 [Side channel attack on modular exponentiation]
RESERVED
- openssl 
NOTE: https://www.openssl.org/news/secadv/20160301.txt
+   NOTE: https://cachebleed.info
 CVE-2016-0701 (The DH_check_pub_key function in crypto/dh/dh_check.c in 
OpenSSL 1.0.2 ...)
- openssl 1.0.2f-2
[jessie] - openssl  (Only affects 1.0.2)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40095 - data/CVE

2016-03-01 Thread Moritz Muehlenhoff

Author: jmm
Date: 2016-03-01 14:07:06 + (Tue, 01 Mar 2016)
New Revision: 40095

Modified:
   data/CVE/list
Log:
two further openssl issues limited to sslv2


Modified: data/CVE/list
===
--- data/CVE/list   2016-03-01 14:06:23 UTC (rev 40094)
+++ data/CVE/list   2016-03-01 14:07:06 UTC (rev 40095)
@@ -6181,6 +6181,7 @@
 CVE-2016-0800
RESERVED
- openssl 1.0.0c-2
+   NOTE: 1.0.0c-2 dropped SSLv2 support
NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: https://www.drownattack.com/
NOTE: GNUTLS never implemented SSLv2
@@ -6532,11 +6533,13 @@
NOTE: https://www.openssl.org/news/secadv/20160301.txt
 CVE-2016-0704
RESERVED
-   - openssl 
+   - openssl 1.0.0c-2
+   NOTE: 1.0.0c-2 dropped SSLv2 support
NOTE: https://www.openssl.org/news/secadv/20160301.txt
 CVE-2016-0703
RESERVED
-   - openssl 
+   - openssl 1.0.0c-2
+   NOTE: 1.0.0c-2 dropped SSLv2 support
NOTE: https://www.openssl.org/news/secadv/20160301.txt
 CVE-2016-0702
RESERVED


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40094 - data/CVE

2016-03-01 Thread Paul Wise

Author: pabs
Date: 2016-03-01 14:06:23 + (Tue, 01 Mar 2016)
New Revision: 40094

Modified:
   data/CVE/list
Log:
A blog post about CVE-2016-0800

Modified: data/CVE/list
===
--- data/CVE/list   2016-03-01 14:03:58 UTC (rev 40093)
+++ data/CVE/list   2016-03-01 14:06:23 UTC (rev 40094)
@@ -6184,6 +6184,7 @@
NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: https://www.drownattack.com/
NOTE: GNUTLS never implemented SSLv2
+   NOTE: 
http://blog.cryptographyengineering.com/2016/03/attack-of-week-drown.html
 CVE-2016-0799
RESERVED
- openssl 


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40093 - data/CVE

2016-03-01 Thread Moritz Muehlenhoff

Author: jmm
Date: 2016-03-01 14:03:58 + (Tue, 01 Mar 2016)
New Revision: 40093

Modified:
   data/CVE/list
Log:
two additional openssl issues


Modified: data/CVE/list
===
--- data/CVE/list   2016-03-01 13:38:49 UTC (rev 40092)
+++ data/CVE/list   2016-03-01 14:03:58 UTC (rev 40093)
@@ -6181,19 +6181,24 @@
 CVE-2016-0800
RESERVED
- openssl 1.0.0c-2
+   NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: https://www.drownattack.com/
+   NOTE: GNUTLS never implemented SSLv2
 CVE-2016-0799
RESERVED
- openssl 
+   NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: Fixed in master in 
https://git.openssl.org/?p=openssl.git;a=commit;h=a801bf263849a2ef773e5bc0c86438cbba720835
NOTE: 
https://guidovranken.wordpress.com/2016/02/27/openssl-cve-2016-0799-heap-corruption-via-bio_printf/
 CVE-2016-0798
RESERVED
- openssl 
+   NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: Fixed in master in 
https://git.openssl.org/?p=openssl.git;a=commit;h=59a908f1e8380412a81392c468b83bf6071beb2a
 CVE-2016-0797
RESERVED
- openssl 
+   NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: Fixed in master in 
https://git.openssl.org/?p=openssl.git;a=commit;h=99ba9fd02fd481eb971023a3a0a251a37eb87e4c
 CVE-2016-0796
RESERVED
@@ -6523,13 +6528,19 @@
- openssl 
[squeeze] - openssl  (vulnerable code not present)
NOTE: Fixed in master in 
https://git.openssl.org/?p=openssl.git;a=commit;h=ab4a81f69ec88d06c9d8de15326b9296d7f498ed
+   NOTE: https://www.openssl.org/news/secadv/20160301.txt
 CVE-2016-0704
RESERVED
+   - openssl 
+   NOTE: https://www.openssl.org/news/secadv/20160301.txt
 CVE-2016-0703
RESERVED
- openssl 
+   NOTE: https://www.openssl.org/news/secadv/20160301.txt
 CVE-2016-0702
RESERVED
+   - openssl 
+   NOTE: https://www.openssl.org/news/secadv/20160301.txt
 CVE-2016-0701 (The DH_check_pub_key function in crypto/dh/dh_check.c in 
OpenSSL 1.0.2 ...)
- openssl 1.0.2f-2
[jessie] - openssl  (Only affects 1.0.2)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40092 - data/CVE

2016-03-01 Thread Moritz Muehlenhoff

Author: jmm
Date: 2016-03-01 13:38:49 + (Tue, 01 Mar 2016)
New Revision: 40092

Modified:
   data/CVE/list
Log:
sslv2 disabled since wheezy


Modified: data/CVE/list
===
--- data/CVE/list   2016-03-01 13:36:40 UTC (rev 40091)
+++ data/CVE/list   2016-03-01 13:38:49 UTC (rev 40092)
@@ -6180,7 +6180,7 @@
TODO: check
 CVE-2016-0800
RESERVED
-   - openssl 
+   - openssl 1.0.0c-2
NOTE: https://www.drownattack.com/
 CVE-2016-0799
RESERVED
@@ -9223,6 +9223,7 @@
 CVE-2015-8239 [race condition checking digests/checksums in sudoers]
RESERVED
- sudo  (bug #805563)
+   [jessie] - sudo  (Minor issue)
[wheezy] - sudo  (Command digests are only supported by 
version 1.8.7 or higher)
[squeeze] - sudo  (Command digests are only supported by 
version 1.8.7 or higher)
NOTE: http://www.openwall.com/lists/oss-security/2015/11/10/2


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40091 - data

2016-03-01 Thread Sebastien Delafond

Author: seb
Date: 2016-03-01 13:36:40 + (Tue, 01 Mar 2016)
New Revision: 40091

Modified:
   data/dsa-needed.txt
Log:
Add a note about gosa status

Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-03-01 13:31:29 UTC (rev 40090)
+++ data/dsa-needed.txt 2016-03-01 13:36:40 UTC (rev 40091)
@@ -30,6 +30,7 @@
 --
 gosa/oldstable (Mike Gabriel)
   NOTE: .debdiff sent to the Security Team, waiting for feedback
+  NOTE: asked about jessie status (seb)
 --
 icedtea-web
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40090 - data

2016-03-01 Thread Sebastien Delafond

Author: seb
Date: 2016-03-01 13:31:29 + (Tue, 01 Mar 2016)
New Revision: 40090

Modified:
   data/dsa-needed.txt
Log:
Take bsh (CVE-2016-2510) from dsa-needed

Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-03-01 13:28:55 UTC (rev 40089)
+++ data/dsa-needed.txt 2016-03-01 13:31:29 UTC (rev 40090)
@@ -21,6 +21,10 @@
 --
 botan1.10
 --
+bsh (seb)
+  Markus Koschany proposed a debdiff for wheezy. Sent him an email to
+  see if a jessie-based debdiff is planned as well.
+--
 ctdb
   TODO: check, possible regression update proposed by maintainer
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40089 - data/CVE

2016-03-01 Thread Paul Wise

Author: pabs
Date: 2016-03-01 13:28:55 + (Tue, 01 Mar 2016)
New Revision: 40089

Modified:
   data/CVE/list
Log:
DROWN web page mentions CVE-2016-0703 applies to openssl

Modified: data/CVE/list
===
--- data/CVE/list   2016-03-01 13:24:05 UTC (rev 40088)
+++ data/CVE/list   2016-03-01 13:28:55 UTC (rev 40089)
@@ -6527,6 +6527,7 @@
RESERVED
 CVE-2016-0703
RESERVED
+   - openssl 
 CVE-2016-0702
RESERVED
 CVE-2016-0701 (The DH_check_pub_key function in crypto/dh/dh_check.c in 
OpenSSL 1.0.2 ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40088 - data/CVE

2016-03-01 Thread Paul Wise

Author: pabs
Date: 2016-03-01 13:24:05 + (Tue, 01 Mar 2016)
New Revision: 40088

Modified:
   data/CVE/list
Log:
CVE-2016-0800: DROWN attack

Modified: data/CVE/list
===
--- data/CVE/list   2016-03-01 12:51:17 UTC (rev 40087)
+++ data/CVE/list   2016-03-01 13:24:05 UTC (rev 40088)
@@ -6180,6 +6180,8 @@
TODO: check
 CVE-2016-0800
RESERVED
+   - openssl 
+   NOTE: https://www.drownattack.com/
 CVE-2016-0799
RESERVED
- openssl 


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40087 - data

2016-03-01 Thread Markus Koschany

Author: apo-guest
Date: 2016-03-01 12:51:17 + (Tue, 01 Mar 2016)
New Revision: 40087

Modified:
   data/dsa-needed.txt
Log:
Claim Tomcat 6 in dsa-needed.txt

I sent my last e-mail to t...@security.debian.org on 2016-02-27. Waiting for a
response now.


Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-03-01 12:37:25 UTC (rev 40086)
+++ data/dsa-needed.txt 2016-03-01 12:51:17 UTC (rev 40087)
@@ -76,7 +76,7 @@
 --
 tiff3
 --
-tomcat6
+tomcat6 (Markus Koschany)
 --
 tomcat7
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40086 - data

2016-03-01 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-03-01 12:37:25 + (Tue, 01 Mar 2016)
New Revision: 40086

Modified:
   data/dsa-needed.txt
Log:
Add perl to dsa-needed list

Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-03-01 12:37:17 UTC (rev 40085)
+++ data/dsa-needed.txt 2016-03-01 12:37:25 UTC (rev 40086)
@@ -59,6 +59,8 @@
 --
 pdns/oldstable (Mike Gabriel)
 --
+perl (carnil)
+--
 samba (carnil)
 --
 smarty3/oldstable


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40085 - data/CVE

2016-03-01 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-03-01 12:37:17 + (Tue, 01 Mar 2016)
New Revision: 40085

Modified:
   data/CVE/list
Log:
Add CVE-2016-2381/perl

Modified: data/CVE/list
===
--- data/CVE/list   2016-03-01 09:15:15 UTC (rev 40084)
+++ data/CVE/list   2016-03-01 12:37:17 UTC (rev 40085)
@@ -1171,6 +1171,8 @@
RESERVED
 CVE-2016-2381
RESERVED
+   - perl 
+   NOTE: 
http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076
 CVE-2016-2380
RESERVED
 CVE-2016-2379


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40083 - data

2016-03-01 Thread Mike Gabriel

Author: sunweaver
Date: 2016-03-01 09:12:50 + (Tue, 01 Mar 2016)
New Revision: 40083

Modified:
   data/dsa-needed.txt
Log:
add gosa/oldstable, take it, add note about submitted .debdiff

Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-03-01 09:11:25 UTC (rev 40082)
+++ data/dsa-needed.txt 2016-03-01 09:12:50 UTC (rev 40083)
@@ -24,6 +24,9 @@
 ctdb
   TODO: check, possible regression update proposed by maintainer
 --
+gosa/oldstable (Mike Gabriel)
+  NOTE: .debdiff sent to the Security Team, waiting for feedback
+--
 icedtea-web
 --
 imagemagick/oldstable


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40084 - data

2016-03-01 Thread Mike Gabriel

Author: sunweaver
Date: 2016-03-01 09:15:15 + (Tue, 01 Mar 2016)
New Revision: 40084

Modified:
   data/dsa-needed.txt
Log:
smarty3 -> smarty3/oldstable: version bump to 3.1.21 recommended to get 
CVE-2014-8350 resolved in wheezy

Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-03-01 09:12:50 UTC (rev 40083)
+++ data/dsa-needed.txt 2016-03-01 09:15:15 UTC (rev 40084)
@@ -61,7 +61,9 @@
 --
 samba (carnil)
 --
-smarty3
+smarty3/oldstable
+  NOTE: https://lists.debian.org/debian-lts/2016/03/msg0.html
+  Version bump to package version in jessie recommended.
 --
 squid/oldstable
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40082 - data

2016-03-01 Thread Mike Gabriel

Author: sunweaver
Date: 2016-03-01 09:11:25 + (Tue, 01 Mar 2016)
New Revision: 40082

Modified:
   data/dsa-needed.txt
Log:
pick pdns/oldstable for investigation

Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-03-01 09:10:18 UTC (rev 40081)
+++ data/dsa-needed.txt 2016-03-01 09:11:25 UTC (rev 40082)
@@ -54,7 +54,7 @@
   NOTE: regression fix needed for CVE-2013-2053 (#743332) and CVE-2013-6466
   (#744717)
 --
-pdns/oldstable
+pdns/oldstable (Mike Gabriel)
 --
 samba (carnil)
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40081 - data/CVE

2016-03-01 Thread security tracker role

Author: sectracker
Date: 2016-03-01 09:10:18 + (Tue, 01 Mar 2016)
New Revision: 40081

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2016-03-01 07:19:20 UTC (rev 40080)
+++ data/CVE/list   2016-03-01 09:10:18 UTC (rev 40081)
@@ -1,3 +1,418 @@
+CVE-2016-2783
+   RESERVED
+CVE-2016-2780
+   RESERVED
+CVE-2016-2778
+   RESERVED
+CVE-2016-2777
+   REJECTED
+   TODO: check
+CVE-2016-2776
+   RESERVED
+CVE-2016-2775
+   RESERVED
+CVE-2016-2774
+   RESERVED
+CVE-2016-2773
+   RESERVED
+CVE-2016-2772
+   RESERVED
+CVE-2016-2771
+   RESERVED
+CVE-2016-2770
+   RESERVED
+CVE-2016-2769
+   RESERVED
+CVE-2016-2768
+   RESERVED
+CVE-2016-2767
+   RESERVED
+CVE-2016-2766
+   RESERVED
+CVE-2016-2765
+   RESERVED
+CVE-2016-2764
+   RESERVED
+CVE-2016-2763
+   RESERVED
+CVE-2016-2762
+   RESERVED
+CVE-2016-2761
+   RESERVED
+CVE-2016-2760
+   RESERVED
+CVE-2016-2759
+   RESERVED
+CVE-2016-2758
+   RESERVED
+CVE-2016-2757
+   RESERVED
+CVE-2016-2756
+   RESERVED
+CVE-2016-2755
+   RESERVED
+CVE-2016-2754
+   RESERVED
+CVE-2016-2753
+   RESERVED
+CVE-2016-2752
+   RESERVED
+CVE-2016-2751
+   RESERVED
+CVE-2016-2750
+   RESERVED
+CVE-2016-2749
+   RESERVED
+CVE-2016-2748
+   RESERVED
+CVE-2016-2747
+   RESERVED
+CVE-2016-2746
+   RESERVED
+CVE-2016-2745
+   RESERVED
+CVE-2016-2744
+   RESERVED
+CVE-2016-2743
+   RESERVED
+CVE-2016-2742
+   RESERVED
+CVE-2016-2741
+   RESERVED
+CVE-2016-2740
+   RESERVED
+CVE-2016-2739
+   RESERVED
+CVE-2016-2738
+   RESERVED
+CVE-2016-2737
+   RESERVED
+CVE-2016-2736
+   RESERVED
+CVE-2016-2735
+   RESERVED
+CVE-2016-2734
+   RESERVED
+CVE-2016-2733
+   RESERVED
+CVE-2016-2732
+   RESERVED
+CVE-2016-2731
+   RESERVED
+CVE-2016-2730
+   RESERVED
+CVE-2016-2729
+   RESERVED
+CVE-2016-2728
+   RESERVED
+CVE-2016-2727
+   RESERVED
+CVE-2016-2726
+   RESERVED
+CVE-2016-2725
+   RESERVED
+CVE-2016-2724
+   RESERVED
+CVE-2016-2723
+   RESERVED
+CVE-2016-2722
+   RESERVED
+CVE-2016-2721
+   RESERVED
+CVE-2016-2720
+   RESERVED
+CVE-2016-2719
+   RESERVED
+CVE-2016-2718
+   RESERVED
+CVE-2016-2717
+   RESERVED
+CVE-2016-2716
+   RESERVED
+CVE-2016-2715
+   RESERVED
+CVE-2016-2714
+   RESERVED
+CVE-2016-2713
+   RESERVED
+CVE-2016-2712
+   RESERVED
+CVE-2016-2711
+   RESERVED
+CVE-2016-2710
+   RESERVED
+CVE-2016-2709
+   RESERVED
+CVE-2016-2708
+   RESERVED
+CVE-2016-2707
+   RESERVED
+CVE-2016-2706
+   RESERVED
+CVE-2016-2705
+   RESERVED
+CVE-2016-2704
+   RESERVED
+CVE-2016-2703
+   RESERVED
+CVE-2016-2702
+   RESERVED
+CVE-2016-2701
+   RESERVED
+CVE-2016-2700
+   RESERVED
+CVE-2016-2699
+   RESERVED
+CVE-2016-2698
+   RESERVED
+CVE-2016-2697
+   RESERVED
+CVE-2016-2696
+   RESERVED
+CVE-2016-2695
+   RESERVED
+CVE-2016-2694
+   RESERVED
+CVE-2016-2693
+   RESERVED
+CVE-2016-2692
+   RESERVED
+CVE-2016-2691
+   RESERVED
+CVE-2016-2690
+   RESERVED
+CVE-2016-2689
+   RESERVED
+CVE-2016-2688
+   RESERVED
+CVE-2016-2687
+   RESERVED
+CVE-2016-2686
+   RESERVED
+CVE-2016-2685
+   RESERVED
+CVE-2016-2684
+   RESERVED
+CVE-2016-2683
+   RESERVED
+CVE-2016-2682
+   RESERVED
+CVE-2016-2681
+   RESERVED
+CVE-2016-2680
+   RESERVED
+CVE-2016-2679
+   RESERVED
+CVE-2016-2678
+   RESERVED
+CVE-2016-2677
+   RESERVED
+CVE-2016-2676
+   RESERVED
+CVE-2016-2675
+   RESERVED
+CVE-2016-2674
+   RESERVED
+CVE-2016-2673
+   RESERVED
+CVE-2016-2672
+   RESERVED
+CVE-2016-2671
+   RESERVED
+CVE-2016-2670
+   RESERVED
+CVE-2016-2669
+   RESERVED
+CVE-2016-2668
+   RESERVED
+CVE-2016-2667
+   RESERVED
+CVE-2016-2666
+   RESERVED
+CVE-2016-2665
+   RESERVED
+CVE-2016-2664
+   RESERVED
+CVE-2016-2663
+   RESERVED
+CVE-2016-2662
+   RESERVED
+CVE-2016-2661
+   RESERVED
+CVE-2016-2660
+   RESERVED
+CVE-2016-2659
+   RESERVED
+CVE-2016-2658
+   RESERVED
+CVE-2016-2657
+   RESERVED
+CVE-2016-2656
+   RESERVED
+CVE-2016-2655
+   RESERVED
+CVE-2016-2654
+   RESERVED
+CVE-2016-2653
+   RESERVED
+CVE-2016-2652
+   RESERVED
+CVE-2016-2651
+   RESERVED
+CVE-2016-2650
+   RESERVED
+CVE-2016-2649
+   RESERVED
+CVE-2016-2648
+   RESERVED
+CVE-2016-2647
+   RESERVED
+CVE-2016-2646
+   RESERVED
+CVE-2016-2645
+   RESERVED
+CVE-2016-2644
+   RESERVED
+CVE-2016-2643
+   RESERVED
+CVE-2016-2642
+   RESERVED
+CVE-2016-2641
+   RESERVED
+CVE-2016-2640
+   RESERVED
+CVE-2016-2639
+   RESERVED
+CVE-2016-2638
+   RESERVED
+CVE-2016-2637
+   RESERVED

43 matches

Mail list logo