date:20160322

[Secure-testing-commits] r40531 - data/CVE

2016-03-22 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-03-23 05:23:12 + (Wed, 23 Mar 2016)
New Revision: 40531

Modified:
   data/CVE/list
Log:
CVE-2016-1283/pcre3, #809706, fixed in unstable

Modified: data/CVE/list
===
--- data/CVE/list   2016-03-23 05:22:16 UTC (rev 40530)
+++ data/CVE/list   2016-03-23 05:23:12 UTC (rev 40531)
@@ -7133,7 +7133,7 @@
NOTE: https://mantisbt.org/bugs/view.php?id=20277
NOTE: http://www.openwall.com/lists/oss-security/2016/01/02/1
 CVE-2016-1283 (The pcre_compile2 function in pcre_compile.c in PCRE 8.38 
mishandles ...)
-   - pcre3  (bug #809706)
+   - pcre3 2:8.38-3.1 (bug #809706)
[jessie] - pcre3  (Minor issue)
[wheezy] - pcre3  (Vulnerable code not present)
[squeeze] - pcre3  (Vulnerable code not present)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40530 - data/CVE

2016-03-22 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-03-23 05:22:16 + (Wed, 23 Mar 2016)
New Revision: 40530

Modified:
   data/CVE/list
Log:
libmaxminddb fixed in unstable, #805657

Modified: data/CVE/list
===
--- data/CVE/list   2016-03-23 00:06:25 UTC (rev 40529)
+++ data/CVE/list   2016-03-23 05:22:16 UTC (rev 40530)
@@ -11574,7 +11574,7 @@
 CVE-2009-5149 (Arris DG860A, TG862A, and TG862G devices with firmware ...)
NOT-FOR-US: Arris hardware
 CVE-2015- [Missing bounds checking and verification of data type causes 
segfault]
-   - libmaxminddb  (bug #805657)
+   - libmaxminddb 1.1.5-1 (bug #805657)
NOTE: 
https://github.com/maxmind/libmaxminddb/commit/51255f113fe3c7b63ffe957636a7656a3ff9d1ff
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283919
 CVE-2015-8308 [X server started without -auth, exposing it to connections form 
any local user]


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40529 - data

2016-03-22 Thread Markus Koschany

Author: apo-guest
Date: 2016-03-23 00:06:25 + (Wed, 23 Mar 2016)
New Revision: 40529

Modified:
   data/dsa-needed.txt
Log:
Claim libebml in dsa-needed.txt

Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-03-22 21:10:14 UTC (rev 40528)
+++ data/dsa-needed.txt 2016-03-23 00:06:25 UTC (rev 40529)
@@ -42,6 +42,8 @@
   NOTE: OK Thorsten's upload (seb)
   NOTE: .debdiff sent to the Security Team, waiting for feedback
 --
+libebml (Markus Koschany)
+--
 libidn
   Working debdiff for wheezy-security at
   https://people.debian.org/~ghedo/libidn_1.25-2+deb7u1.diff


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40526 - data/CVE

2016-03-22 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-03-22 19:44:33 + (Tue, 22 Mar 2016)
New Revision: 40526

Modified:
   data/CVE/list
Log:
Reference upstream change to address CVE-2016-1283

Modified: data/CVE/list
===
--- data/CVE/list   2016-03-22 19:11:07 UTC (rev 40525)
+++ data/CVE/list   2016-03-22 19:44:33 UTC (rev 40526)
@@ -7121,6 +7121,7 @@
NOTE: Introduced after 
http://vcs.pcre.org/pcre?view=revision&revision=1361
- pcre2  (Vulnerable code not present)
NOTE: https://bugs.exim.org/show_bug.cgi?id=1767
+   NOTE: Upstream fix: http://vcs.pcre.org/pcre?view=revision&revision=1636
 CVE-2016-1280
RESERVED
 CVE-2016-1279


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40523 - data

2016-03-22 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-03-22 16:13:50 + (Tue, 22 Mar 2016)
New Revision: 40523

Modified:
   data/dsa-needed.txt
Log:
Drop squid3 from dsa-needed list

Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-03-22 16:13:41 UTC (rev 40522)
+++ data/dsa-needed.txt 2016-03-22 16:13:50 UTC (rev 40523)
@@ -87,9 +87,6 @@
 --
 squid/oldstable
 --
-squid3
-  CVE-2016-2569 should be fixed if backportable
---
 tardiff
   fw asked maintainer for preparing debdiffs for wheezy- and jessie-security
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40520 - in data: . DSA

2016-03-22 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-03-22 15:31:29 + (Tue, 22 Mar 2016)
New Revision: 40520

Modified:
   data/DSA/list
   data/dsa-needed.txt
Log:
Reserve DSA number for pixman

Modified: data/DSA/list
===
--- data/DSA/list   2016-03-22 12:02:19 UTC (rev 40519)
+++ data/DSA/list   2016-03-22 15:31:29 UTC (rev 40520)
@@ -1,3 +1,6 @@
+[22 Mar 2016] DSA-3525-1 pixman - security update
+   {CVE-2014-9766}
+   [wheezy] - pixman 0.26.0-4+deb7u2
 [20 Mar 2016] DSA-3524-1 activemq - security update
{CVE-2015-5254}
[wheezy] - activemq 5.6.0+dfsg-1+deb7u2

Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-03-22 12:02:19 UTC (rev 40519)
+++ data/dsa-needed.txt 2016-03-22 15:31:29 UTC (rev 40520)
@@ -67,8 +67,6 @@
 pidgin-otr (seb)
   NOTE: Felix Geyer proposes to work on the update
 --
-pixman/oldstable (carnil)
---
 python-django (carnil)
   NOTE: Ubuntu released regression updates, make sure fix is included if needed
   NOTE: http://www.ubuntu.com/usn/usn-2915-2/


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40519 - data/CVE

2016-03-22 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-03-22 12:02:19 + (Tue, 22 Mar 2016)
New Revision: 40519

Modified:
   data/CVE/list
Log:
For CVE-2016-1885 record fixed version in experimental

Modified: data/CVE/list
===
--- data/CVE/list   2016-03-22 12:00:50 UTC (rev 40518)
+++ data/CVE/list   2016-03-22 12:02:19 UTC (rev 40519)
@@ -5150,6 +5150,7 @@
RESERVED
 CVE-2016-1885 [SA-16:15: Fix incorrect argument validation in sysarch]
RESERVED
+   [experimental] - kfreebsd-10 10.3~svn296998-1
- kfreebsd-10  (unimportant; bug #818426)
NOTE: kfreebsd not covered by security support in Jessie
- kfreebsd-9 


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40517 - data

2016-03-22 Thread Sebastien Delafond

Author: seb
Date: 2016-03-22 09:26:42 + (Tue, 22 Mar 2016)
New Revision: 40517

Modified:
   data/dsa-needed.txt
Log:
Add pidgin-otr to dsa-needed, and take it

Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-03-22 09:20:21 UTC (rev 40516)
+++ data/dsa-needed.txt 2016-03-22 09:26:42 UTC (rev 40517)
@@ -64,6 +64,9 @@
 --
 pdns/oldstable (Mike Gabriel)
 --
+pidgin-otr (seb)
+  NOTE: Felix Geyer proposes to work on the update
+--
 pixman/oldstable (carnil)
 --
 python-django (carnil)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40531 - data/CVE

[Secure-testing-commits] r40530 - data/CVE

[Secure-testing-commits] r40529 - data

[Secure-testing-commits] r40526 - data/CVE

[Secure-testing-commits] r40523 - data

[Secure-testing-commits] r40520 - in data: . DSA

[Secure-testing-commits] r40519 - data/CVE

[Secure-testing-commits] r40517 - data

8 matches

Site Navigation

Mail list logo

Footer information