[Secure-testing-commits] r40790 - data/CVE
Author: carnil Date: 2016-04-07 05:51:12 + (Thu, 07 Apr 2016) New Revision: 40790 Modified: data/CVE/list Log: Add (hopefully) clarifying note for CVE-2014-1949, thanks pabs and sarnold Modified: data/CVE/list === --- data/CVE/list 2016-04-07 05:45:28 UTC (rev 40789) +++ data/CVE/list 2016-04-07 05:51:12 UTC (rev 40790) @@ -57155,6 +57155,8 @@ - cinnamon 2.2.14-1 (bug #738828) NOTE: http://www.openwall.com/lists/oss-security/2014/02/12/7 NOTE: https://git.gnome.org/browse/gtk+/commit/?id=1691bb741d50c90ee938f0b73fe81b0ca9bfd6d4 + NOTE: The CVE was originally assigned specifically for cinnamon-screensaver, but the underlying fix lies in gtk+3.0 + NOTE: and later MITRE assigned the CVE to GTK+ 3.10.9 and later, see official MITRE CVE description. CVE-2014-1948 (OpenStack Image Registry and Delivery Service (Glance) 2013.2 through ...) - glance 2013.2.2-1 (bug #738924) [wheezy] - glance (Only affects Havana) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40788 - data/CVE
Author: carnil Date: 2016-04-07 05:37:05 + (Thu, 07 Apr 2016) New Revision: 40788 Modified: data/CVE/list Log: Add CVE-2016-3951/linux Modified: data/CVE/list === --- data/CVE/list 2016-04-07 05:24:28 UTC (rev 40787) +++ data/CVE/list 2016-04-07 05:37:05 UTC (rev 40788) @@ -16,8 +16,12 @@ RESERVED CVE-2016-3952 RESERVED -CVE-2016-3951 +CVE-2016-3951 [usbnet: memory corruption triggered by invalid USB descriptor] RESERVED + - linux + NOTE: https://git.kernel.org/linus/4d06dd537f95683aba3651098ae288b7cbff8274 (v4.5) + NOTE: https://git.kernel.org/linus/1666984c8625b3db19a9abc298931d35ab7bc64b (v4.5) + NOTE: https://www.spinics.net/lists/netdev/msg367669.html CVE-2016-3950 RESERVED CVE-2016-3949 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40785 - data/CVE
Author: sectracker Date: 2016-04-06 21:10:13 + (Wed, 06 Apr 2016) New Revision: 40785 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2016-04-06 20:34:06 UTC (rev 40784) +++ data/CVE/list 2016-04-06 21:10:13 UTC (rev 40785) @@ -1,7 +1,33 @@ +CVE-2016-3962 + RESERVED +CVE-2016-3961 + RESERVED +CVE-2016-3960 + RESERVED +CVE-2016-3957 + RESERVED +CVE-2016-3956 + RESERVED +CVE-2016-3955 + RESERVED +CVE-2016-3954 + RESERVED +CVE-2016-3953 + RESERVED +CVE-2016-3952 + RESERVED +CVE-2016-3951 + RESERVED +CVE-2016-3950 + RESERVED +CVE-2016-3949 + RESERVED CVE-2016-3959 + RESERVED - golang NOTE: https://golang.org/cl/21533 CVE-2016-3958 + RESERVED - golang (Only affects Go on Windows) NOTE: https://golang.org/cl/21428 CVE-2016-3946 @@ -1760,8 +1786,8 @@ [jessie] - krb5 (Minor issue; can be fixed along with a future DSA) [wheezy] - krb5 (Minor issue; can be fixed along with a future DSA) NOTE: https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99 -CVE-2016-3118 - RESERVED +CVE-2016-3118 (CRLF injection vulnerability in CA API Gateway (formerly Layer7 API ...) + TODO: check CVE-2016-3117 RESERVED CVE-2016-3114 @@ -1969,8 +1995,7 @@ [wheezy] - linux (Minor issue) NOTE: http://seclists.org/bugtraq/2016/Mar/57 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283370 -CVE-2016-3125 [TLSDHParamFile directive ignored] - RESERVED +CVE-2016-3125 (The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 ...) - proftpd-dfsg (bug #818492) [jessie] - proftpd-dfsg (Minor issue; can be fixed in point release) [wheezy] - proftpd-dfsg (Minor issue; can be fixed in point release) @@ -6210,8 +6235,8 @@ RESERVED CVE-2016-1790 RESERVED -CVE-2016-1789 - RESERVED +CVE-2016-1789 (Apple iBooks Author before 2.4.1 allows remote attackers to read ...) + TODO: check CVE-2016-1788 (Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS ...) TODO: check CVE-2016-1787 (Wiki Server in Apple OS X Server before 5.1 allows remote attackers to ...) @@ -8235,10 +8260,10 @@ RESERVED CVE-2016-1177 (The management screen in Falcon WisePoint 4.3.1 and earlier and ...) TODO: check -CVE-2016-1176 - RESERVED -CVE-2016-1175 - RESERVED +CVE-2016-1176 (Buffer overflow in the ActiveX control in Sharp EVA Animeter allows ...) + TODO: check +CVE-2016-1175 (Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player ...) + TODO: check CVE-2016-1174 RESERVED CVE-2016-1173 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40784 - in data: . CVE
Author: jmm Date: 2016-04-06 20:34:06 + (Wed, 06 Apr 2016) New Revision: 40784 Modified: data/CVE/list data/dsa-needed.txt Log: add and take optipng Modified: data/CVE/list === --- data/CVE/list 2016-04-06 20:11:11 UTC (rev 40783) +++ data/CVE/list 2016-04-06 20:34:06 UTC (rev 40784) @@ -4581,10 +4581,9 @@ NOTE: https://github.com/jmacd/xdelta-devel/commit/ef93ff74203e030073b898c05e8b4860b5d09ef2 NOTE: http://www.openwall.com/lists/oss-security/2016/02/08/1 CVE-2014- [LFI posting internal files externally abusing default parameter] - - tcpdf 6.2.12+dfsg-1 (bug #814030) + - tcpdf (bug #814030) NOTE: https://sourceforge.net/p/tcpdf/bugs/1005/ (not public) NOTE: According to upstream fixed in 6.2.0, but not details available - TODO: check CVE-2015-8808 [out-of-bound read in the parsing of gif files] RESERVED - graphicsmagick 1.3.21-2 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-04-06 20:11:11 UTC (rev 40783) +++ data/dsa-needed.txt 2016-04-06 20:34:06 UTC (rev 40784) @@ -57,6 +57,8 @@ -- ntp -- +optipng (jmm) +-- openjpeg2 (jmm) -- pdns/oldstable (Mike Gabriel) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40782 - data/CVE
Author: carnil Date: 2016-04-06 14:47:39 + (Wed, 06 Apr 2016) New Revision: 40782 Modified: data/CVE/list Log: Add CVE-2016-3672/linux Modified: data/CVE/list === --- data/CVE/list 2016-04-06 14:46:25 UTC (rev 40781) +++ data/CVE/list 2016-04-06 14:47:39 UTC (rev 40782) @@ -594,8 +594,10 @@ RESERVED CVE-2016-3673 RESERVED -CVE-2016-3672 +CVE-2016-3672 [Unlimiting the stack not longer disables ASLR] RESERVED + - linux + NOTE: http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html CVE-2014-9769 (pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to ...) - pcre3 2:8.38-1 (bug #819050) [jessie] - pcre3 2:8.35-3.3+deb8u4 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40781 - data/CVE
Author: carnil Date: 2016-04-06 14:46:25 + (Wed, 06 Apr 2016) New Revision: 40781 Modified: data/CVE/list Log: Add second reference for CVE request on xchat/hexchat issue Modified: data/CVE/list === --- data/CVE/list 2016-04-06 09:47:34 UTC (rev 40780) +++ data/CVE/list 2016-04-06 14:46:25 UTC (rev 40781) @@ -32801,6 +32801,7 @@ NOTE: https://github.com/hexchat/hexchat/commit/c9b63f7f9be01692b03fa15275135a4910a7e02d (v2.12.0) NOTE: https://github.com/hexchat/hexchat/commit/c99f2ba645d1f4d01d6d2bb0cc1238825e15c604 (v2.10.2) NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/01/29/23 + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/05/4 CVE-2013-7426 [insecure default fifo path /tmp/kamailio_fifo] RESERVED - kamailio 4.0.2-1 (bug #712083) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40780 - bin
Author: pabs
Date: 2016-04-06 09:47:34 + (Wed, 06 Apr 2016)
New Revision: 40780
Modified:
bin/tracker_service.py
Log:
Drop links to OSVDB
OSVDB is now closed officially:
https://blog.osvdb.org/2016/04/05/osvdb-fin/
Modified: bin/tracker_service.py
===
--- bin/tracker_service.py 2016-04-06 09:36:04 UTC (rev 40779)
+++ bin/tracker_service.py 2016-04-06 09:47:34 UTC (rev 40780)
@@ -365,8 +365,6 @@
", ",
self.make_bugtraq_bug_ref(url, bug.name,
'bugtraq'),
", ",
- self.make_osvdb_bug_ref(url, bug.name,
'OSVDB'),
- ", ",
self.make_edb_bug_ref(url, bug.name,
'EDB'),
", ",
self.make_metasploit_bug_ref(url,
bug.name, 'Metasploit'),
@@ -1483,8 +1481,6 @@
return url.absolute("https://marc.info/";, l="full-disclosure", s=name)
def url_bugtraq_bug(self, url, name):
return url.absolute("https://marc.info/";, l="bugtraq", s=name)
-def url_osvdb_bug(self, url, name):
-return url.absoluteDict("https://osvdb.org/search/search";,
{"search[refid]": name})
def url_edb_bug(self, url, name):
name = name[len('CVE-'):] if name.startswith('CVE-') else name
return url.absolute("https://www.exploit-db.com/search/";,
action="search", cve=name)
@@ -1576,11 +1572,6 @@
name = cve
return A(self.url_bugtraq_bug(url, cve), name)
-def make_osvdb_bug_ref(self, url, cve, name=None):
-if name is None:
-name = cve
-return A(self.url_osvdb_bug(url, cve), name)
-
def make_edb_bug_ref(self, url, cve, name=None):
if name is None:
name = cve
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40779 - data/CVE
Author: fgeek-guest
Date: 2016-04-06 09:36:04 + (Wed, 06 Apr 2016)
New Revision: 40779
Modified:
data/CVE/list
Log:
OSVDB is now closed officially
Modified: data/CVE/list
===
--- data/CVE/list 2016-04-05 21:10:11 UTC (rev 40778)
+++ data/CVE/list 2016-04-06 09:36:04 UTC (rev 40779)
@@ -47574,7 +47574,6 @@
{DSA-3101-1}
- c-icap 1:0.3.1-1
NOTE: http://sourceforge.net/p/c-icap/bugs/59/
- NOTE: http://osvdb.org/ref/89/c-icap.txt
NOTE: http://sourceforge.net/p/c-icap/code/1018/
CVE-2014-6070 (Multiple cross-site scripting (XSS) vulnerabilities in Adiscon
...)
- loganalyzer 3.6.6+dfsg-1 (bug #760372)
@@ -89306,7 +89305,6 @@
CVE-2012-3878 [Perl require Directive Path Subversion Arbitrary Module / File
Loading Weakness]
RESERVED
- perl (unimportant; bug #776270)
- NOTE: http://osvdb.org/106565
NOTE:
http://www.nntp.perl.org/group/perl.perl5.porters/2012/07/msg189909.html
NOTE: https://rt.perl.org/Public/Bug/Display.html?id=125833
NOTE: (possibly) to be rejected, see also
http://www.openwall.com/lists/oss-security/2015/01/26/3
@@ -93323,7 +93321,6 @@
- php5 5.4.3-1 (bug #671880)
NOTE: This CVE ID is for the initial incomplete fix for CVE-2012-1823
NOTE: http://www.kb.cert.org/vuls/id/520827
- NOTE: http://osvdb.org/81633
CVE-2012-2310 (Cross-site scripting (XSS) vulnerability in the cctags module
for ...)
NOT-FOR-US: Drupal addon not packaged
CVE-2012-2309 (Cross-site scripting (XSS) vulnerability in the Glossify
Internal ...)
@@ -100485,7 +100482,6 @@
CVE-2011-4558
RESERVED
- tikiwiki
- NOTE: http://osvdb.org/78013
NOTE: http://dev.tiki.org/item4059
NOTE:
http://info.tiki.org/article185-Tiki-Security-Patches-Available-for-8-3-and-6-6-LTS
CVE-2011-4557
@@ -100754,12 +100750,10 @@
CVE-2011-4455
RESERVED
- tikiwiki
- NOTE: http://osvdb.org/77156
NOTE: http://secunia.com/advisories/46740/
CVE-2011-4454
RESERVED
- tikiwiki
- NOTE: http://osvdb.org/77155
NOTE: http://secunia.com/advisories/46740/
CVE-2011-4453 (The PageListSort function in scripts/pagelist.php in PmWiki 2.x
before ...)
- pmwiki (bug #330117)
@@ -125395,7 +125389,6 @@
- gtk+2.0 2.18.5-1
[lenny] - gtk+2.0 (issue only exposed by
gnome-screensaver 2.28)
[etch] - gtk+2.0 (issue only exposed by
gnome-screensaver 2.28)
- NOTE: http://osvdb.org/61203
NOTE: http://www.openwall.com/lists/oss-security/2010/02/12/1
CVE-2010-0731 (The gnutls_x509_crt_get_serial function in the GnuTLS library
before ...)
- gnutls26 (Fixed before initial release)
@@ -172083,7 +172076,6 @@
- mediawiki 1.7.1-9 (bug #406238; medium)
CVE-2007-1054 (Cross-site scripting (XSS) vulnerability in the AJAX features
in ...)
- mediawiki 1.7.1-9 (bug #406238; medium)
- NOTE: http://osvdb.org/32078
CVE-2007-1053 (** DISPUTED ** ...)
NOT-FOR-US: phpXmms
CVE-2007-1052 (** DISPUTED ** ...)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
