[Secure-testing-commits] r40565 - data/CVE
Author: jmm Date: 2016-03-24 23:48:50 + (Thu, 24 Mar 2016) New Revision: 40565 Modified: data/CVE/list Log: new chromium issues Modified: data/CVE/list === --- data/CVE/list 2016-03-24 23:01:02 UTC (rev 40564) +++ data/CVE/list 2016-03-24 23:48:50 UTC (rev 40565) @@ -5815,14 +5815,26 @@ RESERVED CVE-2016-1650 RESERVED + - chromium-browser + [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2016-1649 RESERVED + - chromium-browser + [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2016-1648 RESERVED + - chromium-browser + [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2016-1647 RESERVED + - chromium-browser + [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2016-1646 RESERVED + - chromium-browser + [wheezy] - chromium-browser (Not supported in Wheezy) + - libv8 (unimportant) + NOTE: libv8 not covered by security support CVE-2016-1645 (Multiple integer signedness errors in the opj_j2k_update_image_data ...) {DSA-3513-1} - chromium-browser 49.0.2623.87-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40564 - data/CVE
Author: jmm Date: 2016-03-24 23:01:02 + (Thu, 24 Mar 2016) New Revision: 40564 Modified: data/CVE/list Log: cyrus-imapd-2.4 fixed Modified: data/CVE/list === --- data/CVE/list 2016-03-24 21:10:12 UTC (rev 40563) +++ data/CVE/list 2016-03-24 23:01:02 UTC (rev 40564) @@ -12182,12 +12182,12 @@ [squeeze] - redis (Vulnerable code not present) NOTE: https://github.com/antirez/redis/issues/2855 CVE-2015-8078 (Integer overflow in the index_urlfetch function in imap/index.c in ...) - - cyrus-imapd-2.4 (bug #804182) + - cyrus-imapd-2.4 2.4.18-4 (bug #804182) [jessie] - cyrus-imapd-2.4 (Incomplete patch for CVE-2015-8076 not applied) [wheezy] - cyrus-imapd-2.4 (Incomplete patch for CVE-2015-8076 not applied) NOTE: https://cyrus.foundation/cyrus-imapd/commit/?id=6fb6a272171f49c79ba6ab7c6403eb25b39ec1b2 CVE-2015-8077 (Integer overflow in the index_urlfetch function in imap/index.c in ...) - - cyrus-imapd-2.4 (bug #804182) + - cyrus-imapd-2.4 2.4.18-4 (bug #804182) [jessie] - cyrus-imapd-2.4 (Incomplete patch for CVE-2015-8076 not applied) [wheezy] - cyrus-imapd-2.4 (Incomplete patch for CVE-2015-8076 not applied) NOTE: https://cyrus.foundation/cyrus-imapd/commit/?id=745e161c834f1eb6d62fc14477f51dae799e1e08 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40563 - data/CVE
Author: sectracker Date: 2016-03-24 21:10:12 + (Thu, 24 Mar 2016) New Revision: 40563 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2016-03-24 20:24:17 UTC (rev 40562) +++ data/CVE/list 2016-03-24 21:10:12 UTC (rev 40563) @@ -1,3 +1,39 @@ +CVE-2016-3661 + RESERVED +CVE-2016-3660 + RESERVED +CVE-2016-3659 + RESERVED +CVE-2016-3658 + RESERVED +CVE-2016-3657 + RESERVED +CVE-2016-3656 + RESERVED +CVE-2016-3655 + RESERVED +CVE-2016-3654 + RESERVED +CVE-2016-3653 + RESERVED +CVE-2016-3652 + RESERVED +CVE-2016-3651 + RESERVED +CVE-2016-3650 + RESERVED +CVE-2016-3649 + RESERVED +CVE-2016-3648 + RESERVED +CVE-2016-3647 + RESERVED +CVE-2016-3646 + RESERVED +CVE-2016-3645 + RESERVED +CVE-2016-3644 + RESERVED CVE-2016-3643 RESERVED CVE-2016-3642 @@ -5431,120 +5467,120 @@ RESERVED CVE-2016-1789 RESERVED -CVE-2016-1788 - RESERVED -CVE-2016-1787 - RESERVED -CVE-2016-1786 - RESERVED -CVE-2016-1785 - RESERVED -CVE-2016-1784 - RESERVED -CVE-2016-1783 - RESERVED -CVE-2016-1782 - RESERVED -CVE-2016-1781 - RESERVED -CVE-2016-1780 - RESERVED -CVE-2016-1779 - RESERVED -CVE-2016-1778 - RESERVED -CVE-2016-1777 - RESERVED -CVE-2016-1776 - RESERVED -CVE-2016-1775 - RESERVED -CVE-2016-1774 - RESERVED -CVE-2016-1773 - RESERVED -CVE-2016-1772 - RESERVED -CVE-2016-1771 - RESERVED -CVE-2016-1770 - RESERVED -CVE-2016-1769 - RESERVED -CVE-2016-1768 - RESERVED -CVE-2016-1767 - RESERVED -CVE-2016-1766 - RESERVED -CVE-2016-1765 - RESERVED -CVE-2016-1764 - RESERVED -CVE-2016-1763 - RESERVED -CVE-2016-1762 - RESERVED -CVE-2016-1761 - RESERVED +CVE-2016-1788 (Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS ...) + TODO: check +CVE-2016-1787 (Wiki Server in Apple OS X Server before 5.1 allows remote attackers to ...) + TODO: check +CVE-2016-1786 (The Page Loading implementation in WebKit in Apple iOS before 9.3 and ...) + TODO: check +CVE-2016-1785 (The Page Loading implementation in WebKit in Apple iOS before 9.3 and ...) + TODO: check +CVE-2016-1784 (The History implementation in WebKit in Apple iOS before 9.3, Safari ...) + TODO: check +CVE-2016-1783 (WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 ...) + TODO: check +CVE-2016-1782 (WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly ...) + TODO: check +CVE-2016-1781 (WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles ...) + TODO: check +CVE-2016-1780 (WebKit in Apple iOS before 9.3 does not prevent hidden web views from ...) + TODO: check +CVE-2016-1779 (WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote ...) + TODO: check +CVE-2016-1778 (WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote ...) + TODO: check +CVE-2016-1777 (Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, ...) + TODO: check +CVE-2016-1776 (Web Server in Apple OS X Server before 5.1 does not properly restrict ...) + TODO: check +CVE-2016-1775 (TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS ...) + TODO: check +CVE-2016-1774 (The Time Machine server in Server App in Apple OS X Server before 5.1 ...) + TODO: check +CVE-2016-1773 (The code-signing subsystem in Apple OS X before 10.11.4 does not ...) + TODO: check +CVE-2016-1772 (The Top Sites feature in Apple Safari before 9.1 mishandles cookie ...) + TODO: check +CVE-2016-1771 (The Downloads feature in Apple Safari before 9.1 mishandles file ...) + TODO: check +CVE-2016-1770 (The Reminders component in Apple OS X before 10.11.4 allows attackers ...) + TODO: check +CVE-2016-1769 (QuickTime in Apple OS X before 10.11.4 allows remote attackers to ...) + TODO: check +CVE-2016-1768 (QuickTime in Apple OS X before 10.11.4 allows remote attackers to ...) + TODO: check +CVE-2016-1767 (QuickTime in Apple OS X before 10.11.4 allows remote attackers to ...) + TODO: check +CVE-2016-1766 (The Profiles component in Apple iOS before 9.3 does not properly ...) + TODO: check +CVE-2016-1765 (otool in Apple Xcode before 7.3 allows local users to gain privileges ...) + TODO: check +CVE-2016-1764 (The Content Security Policy (CSP) implementation in Messages in Apple ...) + TODO: check +CVE-2016-1763 (Messages in Apple iOS before 9.3 does not ensure that an auto-fill ...) + TODO: check +CVE-2016-1762 (libxml2 in Apple iOS before 9.3, OS X before 10.11.4, Safari before ...) + TODO: check +CVE-2016-1761 (libxml2 in Apple iOS before 9.3, OS X before
[Secure-testing-commits] r40561 - data
Author: apo-guest Date: 2016-03-24 17:02:13 + (Thu, 24 Mar 2016) New Revision: 40561 Modified: data/dsa-needed.txt Log: dsa-needed.txt: Update status of libebml Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-03-24 16:33:35 UTC (rev 40560) +++ data/dsa-needed.txt 2016-03-24 17:02:13 UTC (rev 40561) @@ -41,6 +41,7 @@ NOTE: debdiff sent to the Security Team on 2016-03-21 -- libebml (Markus Koschany) + NOTE: debdiff sent to the Security Team on 2016-03-24 -- libidn Working debdiff for wheezy-security at ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40558 - data/CVE
Author: carnil Date: 2016-03-24 16:28:07 + (Thu, 24 Mar 2016) New Revision: 40558 Modified: data/CVE/list Log: Another hhvm issue fixed in unstable Modified: data/CVE/list === --- data/CVE/list 2016-03-24 16:24:50 UTC (rev 40557) +++ data/CVE/list 2016-03-24 16:28:07 UTC (rev 40558) @@ -967,7 +967,7 @@ - hhvm NOTE: https://github.com/facebook/hhvm/commit/fd456ffad5d164c1563dc8bd97bcc2f200ff6f69 CVE-2016- [heap overflows in iptcembed] - - hhvm + - hhvm 3.12.1+dfsg-1 NOTE: https://github.com/facebook/hhvm/commit/eae73029336e4d577707cb8a0527f22cb8a4588a CVE-2015- [php_url_parse_ex() buffer overflow read] - hhvm 3.12.1+dfsg-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40556 - data/CVE
Author: carnil Date: 2016-03-24 16:20:09 + (Thu, 24 Mar 2016) New Revision: 40556 Modified: data/CVE/list Log: Add bug reference for CVE-2016-3176/salt Modified: data/CVE/list === --- data/CVE/list 2016-03-24 16:16:27 UTC (rev 40555) +++ data/CVE/list 2016-03-24 16:20:09 UTC (rev 40556) @@ -939,7 +939,7 @@ NOTE: Issue only in gifcolor utility, not installed into giflib-tools CVE-2016-3176 [insecure configuration of PAM external authentication service] RESERVED - - salt + - salt (bug #819184) NOTE: https://docs.saltstack.com/en/latest/topics/releases/2015.8.8.html NOTE: https://docs.saltstack.com/en/latest/topics/releases/2015.5.10.html NOTE: Fixed in 2015.5.10/2015.8.8 upstream ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40554 - data/CVE
Author: carnil Date: 2016-03-24 16:15:25 + (Thu, 24 Mar 2016) New Revision: 40554 Modified: data/CVE/list Log: Add CVE-2016-2166/qpid-proton Modified: data/CVE/list === --- data/CVE/list 2016-03-24 16:09:57 UTC (rev 40553) +++ data/CVE/list 2016-03-24 16:15:25 UTC (rev 40554) @@ -4042,8 +4042,12 @@ RESERVED CVE-2016-2167 RESERVED -CVE-2016-2166 +CVE-2016-2166 [reactor sends messages in clear if ssl is requested but not available] RESERVED + - qpid-proton + NOTE: https://issues.apache.org/jira/browse/PROTON-1157 + NOTE: http://qpid.apache.org/releases/qpid-proton-0.12.1/ + TODO: check CVE-2016-2165 RESERVED CVE-2016-2164 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40555 - data/CVE
Author: carnil Date: 2016-03-24 16:16:27 + (Thu, 24 Mar 2016) New Revision: 40555 Modified: data/CVE/list Log: Mark CVE-2015-4981 as NFU Modified: data/CVE/list === --- data/CVE/list 2016-03-24 16:15:25 UTC (rev 40554) +++ data/CVE/list 2016-03-24 16:16:27 UTC (rev 40555) @@ -20991,7 +20991,7 @@ CVE-2015-4982 RESERVED CVE-2015-4981 (IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and ...) - TODO: check + NOT-FOR-US: IBM General Parallel File System CVE-2015-4980 (Unspecified vulnerability in IBM WebSphere Commerce 7.0.0.6 through ...) NOT-FOR-US: IBM WebSphere CVE-2015-4979 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40551 - data/CVE
Author: carnil Date: 2016-03-24 14:58:56 + (Thu, 24 Mar 2016) New Revision: 40551 Modified: data/CVE/list Log: Add bug reference for CVE-2016-2342, #819179 Modified: data/CVE/list === --- data/CVE/list 2016-03-24 14:55:47 UTC (rev 40550) +++ data/CVE/list 2016-03-24 14:58:56 UTC (rev 40551) @@ -3380,7 +3380,7 @@ CVE-2016-2343 RESERVED CVE-2016-2342 (The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI ...) - - quagga + - quagga (bug #819179) NOTE: http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442 CVE-2016-2341 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40549 - data/CVE
Author: carnil Date: 2016-03-24 14:51:00 + (Thu, 24 Mar 2016) New Revision: 40549 Modified: data/CVE/list Log: Update CVE-2016-2342/quagga Modified: data/CVE/list === --- data/CVE/list 2016-03-24 14:30:26 UTC (rev 40548) +++ data/CVE/list 2016-03-24 14:51:00 UTC (rev 40549) @@ -3380,7 +3380,8 @@ CVE-2016-2343 RESERVED CVE-2016-2342 (The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI ...) - TODO: check + - quagga + NOTE: http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442 CVE-2016-2341 RESERVED CVE-2016-2340 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40547 - data/CVE
Author: sectracker Date: 2016-03-24 09:10:13 + (Thu, 24 Mar 2016) New Revision: 40547 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2016-03-23 23:45:13 UTC (rev 40546) +++ data/CVE/list 2016-03-24 09:10:13 UTC (rev 40547) @@ -1,3 +1,29 @@ +CVE-2016-3643 + RESERVED +CVE-2016-3642 + RESERVED +CVE-2016-3641 + RESERVED +CVE-2016-3640 + RESERVED +CVE-2016-3639 + RESERVED +CVE-2016-3638 + RESERVED +CVE-2016-3637 + RESERVED +CVE-2016-3636 + RESERVED +CVE-2016-3635 + RESERVED +CVE-2016-3634 + RESERVED +CVE-2016-3633 + RESERVED +CVE-2016-3632 + RESERVED +CVE-2016-3631 + RESERVED CVE-2016-3630 RESERVED CVE-2016-3629 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits