[Secure-testing-commits] r41105 - data/CVE
Author: carnil Date: 2016-04-24 05:23:25 + (Sun, 24 Apr 2016) New Revision: 41105 Modified: data/CVE/list Log: CVE-2015-8867/php assigned Modified: data/CVE/list === --- data/CVE/list 2016-04-24 05:22:15 UTC (rev 41104) +++ data/CVE/list 2016-04-24 05:23:25 UTC (rev 41105) @@ -111,7 +111,7 @@ NOTE: http://git.php.net/?p=php-src.git;a=commit;h=de31324c221c1791b26350ba106cc26bad23ace9 NOTE: Fixed in 5.6.6, 5.5.22 NOTE: http://www.openwall.com/lists/oss-security/2016/04/21/8 -CVE-2016- [openssl_random_pseudo_bytes() is not cryptographically secure] +CVE-2015-8867 [openssl_random_pseudo_bytes() is not cryptographically secure] - php7.0 7.0.0-1 - php5 5.6.12+dfsg-1 [jessie] - php5 5.6.12+dfsg-0+deb8u1 @@ -120,7 +120,7 @@ NOTE: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1534203 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=16023f3e3b9c06cf677c3c980e8d574e4c162827 NOTE: Fixed in 7.0.0, 5.6.12, 5.5.28, 5.5.44 - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/21/8 + NOTE: http://www.openwall.com/lists/oss-security/2016/04/21/8 CVE-2016-4056 RESERVED - typo3-src ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41104 - data/CVE
Author: carnil Date: 2016-04-24 05:22:15 + (Sun, 24 Apr 2016) New Revision: 41104 Modified: data/CVE/list Log: CVE-2015-8866/php assigned Modified: data/CVE/list === --- data/CVE/list 2016-04-24 05:16:36 UTC (rev 41103) +++ data/CVE/list 2016-04-24 05:22:15 UTC (rev 41104) @@ -103,14 +103,14 @@ NOTE: upstream commit: https://github.com/tmux/tmux/commit/2ffbd5b5f05dded1564ba32a6a00b0b417439b2f (2.1) NOTE: upstream fixed in 2.1 NOTE: https://bugs.gentoo.org/show_bug.cgi?id=564400 -CVE-2016- [libxml_disable_entity_loader setting is shared between threads] +CVE-2015-8866 [libxml_disable_entity_loader setting is shared between threads] - php5 5.6.6+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=64938 NOTE: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1509817 NOTE: http://framework.zend.com/security/advisory/ZF2015-06 -> Relation to CVE-2015-5161 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=de31324c221c1791b26350ba106cc26bad23ace9 NOTE: Fixed in 5.6.6, 5.5.22 - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/21/8 + NOTE: http://www.openwall.com/lists/oss-security/2016/04/21/8 CVE-2016- [openssl_random_pseudo_bytes() is not cryptographically secure] - php7.0 7.0.0-1 - php5 5.6.12+dfsg-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41103 - data/CVE
Author: carnil Date: 2016-04-24 05:16:36 + (Sun, 24 Apr 2016) New Revision: 41103 Modified: data/CVE/list Log: CVE-2016-4073/php assigned Modified: data/CVE/list === --- data/CVE/list 2016-04-24 05:15:08 UTC (rev 41102) +++ data/CVE/list 2016-04-24 05:16:36 UTC (rev 41103) @@ -460,13 +460,14 @@ NOTE: https://gist.github.com/smalyshev/80b5c2909832872f2ba2 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=1e9b175204e3286d64dfd6c9f09151c31b5e099a NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7 -CVE-2016- [Negative size parameter in memcpy] +CVE-2016-4073 [Negative size parameter in memcpy] - php7.0 7.0.5-1 - php5 5.6.20+dfsg-1 NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34 NOTE: https://bugs.php.net/bug.php?id=71906 NOTE: https://gist.github.com/smalyshev/d8355c96a657cc5dba70 - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/11/7 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=64f42c73efc58e88671ad76b6b6bc8e2b62713e1 + NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7 CVE-2016-3976 (Directory traversal vulnerability in SAP NetWeaver AS Java 7.4 allows ...) NOT-FOR-US: SAP CVE-2016-3975 (Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.4 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41100 - data/CVE
Author: carnil Date: 2016-04-24 05:13:12 + (Sun, 24 Apr 2016) New Revision: 41100 Modified: data/CVE/list Log: CVE-2016-4070/php5 assigned Modified: data/CVE/list === --- data/CVE/list 2016-04-24 05:11:42 UTC (rev 41099) +++ data/CVE/list 2016-04-24 05:13:12 UTC (rev 41100) @@ -438,13 +438,13 @@ - imlib2 1.4.8-1 (bug #785369) NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8 NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/6 -CVE-2016- [Integer overflow in php_raw_url_encode] +CVE-2016-4070 [Integer overflow in php_raw_url_encode] - php7.0 7.0.5-1 - php5 5.6.20+dfsg-1 NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34 NOTE: https://bugs.php.net/bug.php?id=71798 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=95433e8e339dbb6b5d5541473c1661db6ba2c451 - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/11/7 + NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7 CVE-2016- [Format string vulnerability in php_snmp_error()] - php7.0 7.0.5-1 - php5 5.6.20+dfsg-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41101 - data/CVE
Author: carnil Date: 2016-04-24 05:14:04 + (Sun, 24 Apr 2016) New Revision: 41101 Modified: data/CVE/list Log: CVE-2016-4071/php assigned Modified: data/CVE/list === --- data/CVE/list 2016-04-24 05:13:12 UTC (rev 41100) +++ data/CVE/list 2016-04-24 05:14:04 UTC (rev 41101) @@ -445,13 +445,13 @@ NOTE: https://bugs.php.net/bug.php?id=71798 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=95433e8e339dbb6b5d5541473c1661db6ba2c451 NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7 -CVE-2016- [Format string vulnerability in php_snmp_error()] +CVE-2016-4071 [Format string vulnerability in php_snmp_error()] - php7.0 7.0.5-1 - php5 5.6.20+dfsg-1 NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34 NOTE: https://bugs.php.net/bug.php?id=71704 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=6e25966544fb1d2f3d7596e060ce9c9269bbdcf8 - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/11/7 + NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7 CVE-2016- [Invalid memory write in phar on filename containing \0 inside name] - php7.0 7.0.5-1 - php5 5.6.20+dfsg-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41099 - data/CVE
Author: carnil Date: 2016-04-24 05:11:42 + (Sun, 24 Apr 2016) New Revision: 41099 Modified: data/CVE/list Log: CVE-2015-8865/{php,file} assigned Modified: data/CVE/list === --- data/CVE/list 2016-04-24 05:09:37 UTC (rev 41098) +++ data/CVE/list 2016-04-24 05:11:42 UTC (rev 41099) @@ -580,14 +580,16 @@ - tiff - tiff3 TODO: check -CVE-2016- [Buffer over-write in finfo_open with malformed magic file] +CVE-2015-8865 [Buffer over-write in finfo_open with malformed magic file] - php7.0 7.0.5-1 - php5 5.6.20+dfsg-1 - file 1:5.24-1 NOTE: http://bugs.gw.com/view.php?id=522 + NOTE: https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36 NOTE: https://bugs.php.net/bug.php?id=71527 + NOTE: http://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e NOTE: PHP fixed in 7.0.5, 5.6.20, 5.5.34 - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/11/7 + NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7 TODO: recheck versions CVE-2016-3993 [off-by-one OOB read in __imlib_MergeUpdate] RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41098 - data/CVE
Author: carnil Date: 2016-04-24 05:09:37 + (Sun, 24 Apr 2016) New Revision: 41098 Modified: data/CVE/list Log: CVE-2015-8868/poppler assigned Modified: data/CVE/list === --- data/CVE/list 2016-04-24 05:08:38 UTC (rev 41097) +++ data/CVE/list 2016-04-24 05:09:37 UTC (rev 41098) @@ -345,11 +345,11 @@ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/12/4 NOTE: Introduced in: https://github.com/brltty/brltty/commit/e62b3c925d03239a372d425fb87b2cac65d8ef19 NOTE: Fixed by: https://github.com/brltty/brltty/commit/74affe7d1401f2b43ad32e18cb78704d22604ad7 -CVE-2016- [heap overflow] +CVE-2015-8868 [heap overflow] - poppler NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=b3425dd3261679958cd56c0f71995c15d2124433 NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=93476 - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/12/1 + NOTE: http://www.openwall.com/lists/oss-security/2016/04/12/1 CVE-2016-3996 RESERVED CVE-2016-3991 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41097 - data/CVE
Author: carnil Date: 2016-04-24 05:08:38 + (Sun, 24 Apr 2016) New Revision: 41097 Modified: data/CVE/list Log: CVE-2016-4069/roundcube assigned Modified: data/CVE/list === --- data/CVE/list 2016-04-24 05:05:56 UTC (rev 41096) +++ data/CVE/list 2016-04-24 05:08:38 UTC (rev 41097) @@ -1,10 +1,10 @@ -CVE-2016- [Protect download urls against CSRF using unique request tokens] +CVE-2016-4069 [Protect download urls against CSRF using unique request tokens] - roundcube (bug #822333) NOTE: https://github.com/roundcube/roundcubemail/issues/4957 NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115 NOTE: https://github.com/roundcube/roundcubemail/commit/4a408843b0ef816daf70a472a02b78cd6073a4d5 NOTE: https://github.com/roundcube/roundcubemail/commit/699af1e5206ed9114322adaa3c25c1c969640a53 (release-1.1) - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/23/3 + NOTE: http://www.openwall.com/lists/oss-security/2016/04/23/3 CVE-2016-4068 ["for the remaining SVG XSS issues additional to CVE-2015-8864"] - roundcube NOTE: https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18#commitcomment-15294218 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41096 - data/CVE
Author: carnil Date: 2016-04-24 05:05:56 + (Sun, 24 Apr 2016) New Revision: 41096 Modified: data/CVE/list Log: Two CVEs for roundcube assigned for XSS issues Modified: data/CVE/list === --- data/CVE/list 2016-04-23 22:13:46 UTC (rev 41095) +++ data/CVE/list 2016-04-24 05:05:56 UTC (rev 41096) @@ -5,13 +5,17 @@ NOTE: https://github.com/roundcube/roundcubemail/commit/4a408843b0ef816daf70a472a02b78cd6073a4d5 NOTE: https://github.com/roundcube/roundcubemail/commit/699af1e5206ed9114322adaa3c25c1c969640a53 (release-1.1) NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/23/3 -CVE-2016- [XSS issue in SVG images handling] +CVE-2016-4068 ["for the remaining SVG XSS issues additional to CVE-2015-8864"] + - roundcube + NOTE: https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18#commitcomment-15294218 + NOTE: These remain unfixed in versions 1.0.9, 1.1.5 and 1.2-rc +CVE-2015-8864 [XSS issue in SVG images handling] - roundcube (bug #822333) NOTE: https://github.com/roundcube/roundcubemail/issues/4949 NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115 NOTE: https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18 NOTE: https://github.com/roundcube/roundcubemail/commit/7bbefdb63b12e2344cf1cb87aeb6e3933b4063e0 (release-1.1) - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/23/3 + NOTE: http://www.openwall.com/lists/oss-security/2016/04/23/3 CVE-2016- [MS-WSP dissector crash] - wireshark 2.0.3+geed34f0-1 (low) [jessie] - wireshark (Only affects 2.x) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41095 - in data: . DSA
Author: ghedo Date: 2016-04-23 22:13:46 + (Sat, 23 Apr 2016) New Revision: 41095 Modified: data/DSA/list data/dsa-needed.txt Log: Reserve DSA for imlib2 Modified: data/DSA/list === --- data/DSA/list 2016-04-23 17:55:09 UTC (rev 41094) +++ data/DSA/list 2016-04-23 22:13:46 UTC (rev 41095) @@ -1,3 +1,7 @@ +[23 Apr 2016] DSA-3555-1 imlib2 - security update + {CVE-2011-5326 CVE-2014-9771 CVE-2016-3993 CVE-2016-3994 CVE-2016-4024} + [wheezy] - imlib2 1.4.5-1+deb7u2 + [jessie] - imlib2 1.4.6-2+deb8u2 [21 Apr 2016] DSA-3554-1 xen - security update {CVE-2016-3158 CVE-2016-3159 CVE-2016-3960} [jessie] - xen 4.4.1-9+deb8u5 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-04-23 17:55:09 UTC (rev 41094) +++ data/dsa-needed.txt 2016-04-23 22:13:46 UTC (rev 41095) @@ -30,8 +30,6 @@ no-dsa bugs CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 should be fixed along -- -imlib2 (ghedo) --- libgd2 carnil> Test packages: https://people.debian.org/~carnil/tmp/libgd2/ -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41094 - data/CVE
Author: carnil Date: 2016-04-23 17:55:09 + (Sat, 23 Apr 2016) New Revision: 41094 Modified: data/CVE/list Log: Add fixed version for #822242 Modified: data/CVE/list === --- data/CVE/list 2016-04-23 17:40:02 UTC (rev 41093) +++ data/CVE/list 2016-04-23 17:55:09 UTC (rev 41094) @@ -2508,7 +2508,7 @@ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=19879 CVE-2016-3074 [Signedness vulnerability causing heap overflow] RESERVED - - libgd2 (bug #822242) + - libgd2 2.1.1-4.1 (bug #822242) - php5 (unimportant) - php7.0 (unimportant) NOTE: PoC: https://github.com/dyntopia/exploits/tree/master/CVE-2016-3074 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41093 - data/CVE
Author: carnil Date: 2016-04-23 17:40:02 + (Sat, 23 Apr 2016) New Revision: 41093 Modified: data/CVE/list Log: Add runc for CVE-2016-3697, add commit references for upstream fixes Modified: data/CVE/list === --- data/CVE/list 2016-04-23 17:29:40 UTC (rev 41092) +++ data/CVE/list 2016-04-23 17:40:02 UTC (rev 41093) @@ -1103,6 +1103,9 @@ CVE-2016-3697 [privilege escalation via confusion of usernames and UIDs] RESERVED - docker.io + - runc + NOTE: https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091 (runc) + NOTE: https://github.com/docker/docker/commit/da38ac6c79fe902ed0687afc73d731c95c6d491a (docker) TODO: check CVE-2016-3696 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41092 - data/CVE
Author: carnil Date: 2016-04-23 17:29:40 + (Sat, 23 Apr 2016) New Revision: 41092 Modified: data/CVE/list Log: Add bug reference for qemu issue, #822344 Modified: data/CVE/list === --- data/CVE/list 2016-04-23 17:13:01 UTC (rev 41091) +++ data/CVE/list 2016-04-23 17:29:40 UTC (rev 41092) @@ -208,7 +208,7 @@ RESERVED CVE-2016-4037 [usb: Infinite loop vulnerability in usb_ehci using siTD process] RESERVED - - qemu + - qemu (bug #822344) [jessie] - qemu (Minor issue) [wheezy] - qemu (Minor issue) - qemu-kvm ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41091 - data/CVE
Author: carnil Date: 2016-04-23 17:13:01 + (Sat, 23 Apr 2016) New Revision: 41091 Modified: data/CVE/list Log: Reference upstream commits for CVE-2016-4037/qemu Modified: data/CVE/list === --- data/CVE/list 2016-04-23 17:03:15 UTC (rev 41090) +++ data/CVE/list 2016-04-23 17:13:01 UTC (rev 41091) @@ -216,7 +216,8 @@ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02691.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1325129 NOTE: http://www.openwall.com/lists/oss-security/2016/04/18/3 - TODO: check affected versions + NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=1ae3f2f178087711f9591350abad133525ba93f2 (v2.6.0-rc3) + NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=a49923d2837d20510d645d3758f1ad87c32d0730 (v2.6.0-rc3) CVE-2016-4030 RESERVED CVE-2016-4029 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41090 - data/CVE
Author: alteholz Date: 2016-04-23 17:03:15 + (Sat, 23 Apr 2016) New Revision: 41090 Modified: data/CVE/list Log: only version 11.x, 12.x, 13.x affected Modified: data/CVE/list === --- data/CVE/list 2016-04-23 16:54:46 UTC (rev 41089) +++ data/CVE/list 2016-04-23 17:03:15 UTC (rev 41090) @@ -41190,6 +41190,7 @@ CVE-2014-8417 (ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and ...) - asterisk 1:13.1.0~dfsg-1 (bug #771463) [jessie] - asterisk 1:11.13.1~dfsg-2 + [wheezy] - asterisk (Only affects 11.x, 12.x and 13.x) [squeeze] - asterisk (Unsupported in squeeze-lts) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24490 NOTE: http://downloads.digium.com/pub/security/AST-2014-017.html ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41089 - data/CVE
Author: ghedo Date: 2016-04-23 16:54:46 + (Sat, 23 Apr 2016) New Revision: 41089 Modified: data/CVE/list Log: Remove no-dsa tag from imlib2 issues (might as well fix them while I'm at it) Modified: data/CVE/list === --- data/CVE/list 2016-04-23 15:22:54 UTC (rev 41088) +++ data/CVE/list 2016-04-23 16:54:46 UTC (rev 41089) @@ -412,8 +412,6 @@ CVE-2011-5326 [divide-by-zero on 2x1 ellipse] RESERVED - imlib2 1.4.8-1 (bug #639414) - [jessie] - imlib2 (Minor issue) - [wheezy] - imlib2 (Minor issue) NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c94d83ccab15d5ef02f88d42dce38ed3f0892882 NOTE: http://www.openwall.com/lists/oss-security/2016/04/10/5 CVE-2016-3995 [Timing Attack Counter Measure AES] @@ -589,8 +587,6 @@ CVE-2016-3993 [off-by-one OOB read in __imlib_MergeUpdate] RESERVED - imlib2 1.4.8-1 (bug #819818) - [jessie] - imlib2 (Minor issue) - [wheezy] - imlib2 (Minor issue) NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=ce94edca1ccfbe314cb7cd9453433fad404ec7ef NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/5 CVE-2012- [Option -localhost seems to fail to restrict ipv6 access] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41088 - data/CVE
Author: alteholz Date: 2016-04-23 15:22:54 + (Sat, 23 Apr 2016) New Revision: 41088 Modified: data/CVE/list Log: only version 11.x affected Modified: data/CVE/list === --- data/CVE/list 2016-04-23 15:13:35 UTC (rev 41087) +++ data/CVE/list 2016-04-23 15:22:54 UTC (rev 41088) @@ -41214,6 +41214,7 @@ CVE-2014-8414 (ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 ...) - asterisk 1:13.1.0~dfsg-1 (bug #771463) [jessie] - asterisk 1:11.13.1~dfsg-2 + [wheezy] - asterisk (Only affects 11.x) [squeeze] - asterisk (Unsupported in squeeze-lts) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24440 NOTE: http://downloads.digium.com/pub/security/AST-2014-014.html ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41087 - data/CVE
Author: carnil Date: 2016-04-23 15:13:35 + (Sat, 23 Apr 2016) New Revision: 41087 Modified: data/CVE/list Log: Add bug reference for roundcube issues, #822333 Modified: data/CVE/list === --- data/CVE/list 2016-04-23 15:04:55 UTC (rev 41086) +++ data/CVE/list 2016-04-23 15:13:35 UTC (rev 41087) @@ -1,12 +1,12 @@ CVE-2016- [Protect download urls against CSRF using unique request tokens] - - roundcube + - roundcube (bug #822333) NOTE: https://github.com/roundcube/roundcubemail/issues/4957 NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115 NOTE: https://github.com/roundcube/roundcubemail/commit/4a408843b0ef816daf70a472a02b78cd6073a4d5 NOTE: https://github.com/roundcube/roundcubemail/commit/699af1e5206ed9114322adaa3c25c1c969640a53 (release-1.1) NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/23/3 CVE-2016- [XSS issue in SVG images handling] - - roundcube + - roundcube (bug #822333) NOTE: https://github.com/roundcube/roundcubemail/issues/4949 NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115 NOTE: https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41086 - data/CVE
Author: carnil Date: 2016-04-23 15:04:55 + (Sat, 23 Apr 2016) New Revision: 41086 Modified: data/CVE/list Log: Add CVE request references for roundcube Modified: data/CVE/list === --- data/CVE/list 2016-04-23 14:56:31 UTC (rev 41085) +++ data/CVE/list 2016-04-23 15:04:55 UTC (rev 41086) @@ -4,12 +4,14 @@ NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115 NOTE: https://github.com/roundcube/roundcubemail/commit/4a408843b0ef816daf70a472a02b78cd6073a4d5 NOTE: https://github.com/roundcube/roundcubemail/commit/699af1e5206ed9114322adaa3c25c1c969640a53 (release-1.1) + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/23/3 CVE-2016- [XSS issue in SVG images handling] - roundcube NOTE: https://github.com/roundcube/roundcubemail/issues/4949 NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115 NOTE: https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18 NOTE: https://github.com/roundcube/roundcubemail/commit/7bbefdb63b12e2344cf1cb87aeb6e3933b4063e0 (release-1.1) + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/23/3 CVE-2016- [MS-WSP dissector crash] - wireshark 2.0.3+geed34f0-1 (low) [jessie] - wireshark (Only affects 2.x) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41085 - data/CVE
Author: carnil Date: 2016-04-23 14:56:31 + (Sat, 23 Apr 2016) New Revision: 41085 Modified: data/CVE/list Log: Add upstream commit references for XSS issue in roundcube Modified: data/CVE/list === --- data/CVE/list 2016-04-23 14:52:45 UTC (rev 41084) +++ data/CVE/list 2016-04-23 14:56:31 UTC (rev 41085) @@ -5,10 +5,11 @@ NOTE: https://github.com/roundcube/roundcubemail/commit/4a408843b0ef816daf70a472a02b78cd6073a4d5 NOTE: https://github.com/roundcube/roundcubemail/commit/699af1e5206ed9114322adaa3c25c1c969640a53 (release-1.1) CVE-2016- [XSS issue in SVG images handling] - - roundcube + - roundcube NOTE: https://github.com/roundcube/roundcubemail/issues/4949 NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115 - TODO: check + NOTE: https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18 + NOTE: https://github.com/roundcube/roundcubemail/commit/7bbefdb63b12e2344cf1cb87aeb6e3933b4063e0 (release-1.1) CVE-2016- [MS-WSP dissector crash] - wireshark 2.0.3+geed34f0-1 (low) [jessie] - wireshark (Only affects 2.x) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41083 - data/CVE
Author: carnil Date: 2016-04-23 14:39:19 + (Sat, 23 Apr 2016) New Revision: 41083 Modified: data/CVE/list Log: Add two roundcube issues from latest release Modified: data/CVE/list === --- data/CVE/list 2016-04-23 14:14:31 UTC (rev 41082) +++ data/CVE/list 2016-04-23 14:39:19 UTC (rev 41083) @@ -1,3 +1,13 @@ +CVE-2016- [Protect download urls against CSRF using unique request tokens] + - roundcube + NOTE: https://github.com/roundcube/roundcubemail/issues/4957 + NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115 + TODO: check +CVE-2016- [XSS issue in SVG images handling] + - roundcube + NOTE: https://github.com/roundcube/roundcubemail/issues/4949 + NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115 + TODO: check CVE-2016- [MS-WSP dissector crash] - wireshark 2.0.3+geed34f0-1 (low) [jessie] - wireshark (Only affects 2.x) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41082 - data/CVE
Author: jmm Date: 2016-04-23 14:14:31 + (Sat, 23 Apr 2016) New Revision: 41082 Modified: data/CVE/list Log: new wireshark issues Modified: data/CVE/list === --- data/CVE/list 2016-04-23 13:58:23 UTC (rev 41081) +++ data/CVE/list 2016-04-23 14:14:31 UTC (rev 41082) @@ -1,3 +1,34 @@ +CVE-2016- [MS-WSP dissector crash] + - wireshark 2.0.3+geed34f0-1 (low) + [jessie] - wireshark (Only affects 2.x) + [wheezy] - wireshark (Only affects 2.x) + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-27.html +CVE-2016- [GSM CBCH dissector crash] + - wireshark 2.0.3+geed34f0-1 (low) + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-26.html +CVE-2016- [Wireshark and TShark crash] + - wireshark 2.0.3+geed34f0-1 (low) + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-25.html +CVE-2016- [IAX2 infinite loop] + - wireshark 2.0.3+geed34f0-1 (low) + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-24.html +CVE-2016- [PKTC dissector crash] + - wireshark 2.0.3+geed34f0-1 (low) + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-23.html + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-22.html +CVE-2016- [IEEE 802.11 dissector crash #2] + - wireshark 2.0.3+geed34f0-1 (low) + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-21.html +CVE-2016- [TShark reassembly crash] + - wireshark 2.0.3+geed34f0-1 (low) + [jessie] - wireshark (Only affects 2.x) + [wheezy] - wireshark (Only affects 2.x) + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-20.html +CVE-2016- [NCP dissector crash] + - wireshark 2.0.3+geed34f0-1 (low) + [jessie] - wireshark (Only affects 2.x) + [wheezy] - wireshark (Only affects 2.x) + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-19.html CVE-2016-4058 RESERVED CVE-2016-4057 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41081 - data
Author: carnil Date: 2016-04-23 13:58:23 + (Sat, 23 Apr 2016) New Revision: 41081 Modified: data/dsa-needed.txt Log: Add php5 to dsa-needed Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-04-23 13:57:28 UTC (rev 41080) +++ data/dsa-needed.txt 2016-04-23 13:58:23 UTC (rev 41081) @@ -69,6 +69,9 @@ -- pdns/oldstable (Mike Gabriel) -- +php5 + Maintainer proposed update to 5.6.20 for jessie, needs check/ack +-- samba Samba maintainers are preparing updates for regressions -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41080 - data/CVE
Author: carnil Date: 2016-04-23 13:57:28 + (Sat, 23 Apr 2016) New Revision: 41080 Modified: data/CVE/list Log: CVE-2015-8863/jq assigned Modified: data/CVE/list === --- data/CVE/list 2016-04-23 12:43:42 UTC (rev 41079) +++ data/CVE/list 2016-04-23 13:57:28 UTC (rev 41080) @@ -134,11 +134,11 @@ NOTE: https://rt.perl.org/Public/Bug/Display.html?id=123562 NOTE: http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5 NOTE: http://www.openwall.com/lists/oss-security/2016/04/20/5 -CVE-2015- [Heap-based buffer overflow in check_literal()] +CVE-2015-8863 [off-by-one error that leads to a heap-based buffer overflow] - jq (bug #802231) NOTE: https://github.com/stedolan/jq/issues/995 NOTE: https://github.com/stedolan/jq/commit/8eb1367ca44e772963e704a700ef72ae2e12babd - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/23/1 + NOTE: http://www.openwall.com/lists/oss-security/2016/04/23/1 CVE-2016-4039 RESERVED CVE-2016-4036 (openSUSE and SUSE Linux Enterprise Server 11 SP 1 use weak permissions ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41079 - data/CVE
Author: ghedo Date: 2016-04-23 12:43:42 + (Sat, 23 Apr 2016) New Revision: 41079 Modified: data/CVE/list Log: imlib2 issues fixed in sid Modified: data/CVE/list === --- data/CVE/list 2016-04-23 12:43:33 UTC (rev 41078) +++ data/CVE/list 2016-04-23 12:43:42 UTC (rev 41079) @@ -238,7 +238,7 @@ NOT-FOR-US: Foxit Reader CVE-2016-4024 [integer overflow resulting in insufficient heap allocation] RESERVED - - imlib2 (bug #821732) + - imlib2 1.4.8-1 (bug #821732) NOTE: Upstream fix: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=7eba2e4c8ac0e20838947f10f29d0efe1add8227 NOTE: http://www.openwall.com/lists/oss-security/2016/04/14/5 CVE-2016-4005 @@ -366,7 +366,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/3 CVE-2011-5326 [divide-by-zero on 2x1 ellipse] RESERVED - - imlib2 (bug #639414) + - imlib2 1.4.8-1 (bug #639414) [jessie] - imlib2 (Minor issue) [wheezy] - imlib2 (Minor issue) NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c94d83ccab15d5ef02f88d42dce38ed3f0892882 @@ -387,7 +387,7 @@ TODO: vtk6, paraview, opencollada, xdmf, gettext appear to include the affected code CVE-2016-3994 [GIF loader: out-of-bounds read] RESERVED - - imlib2 (bug #785369) + - imlib2 1.4.8-1 (bug #785369) NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8 NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/6 CVE-2016- [Integer overflow in php_raw_url_encode] @@ -543,7 +543,7 @@ TODO: recheck versions CVE-2016-3993 [off-by-one OOB read in __imlib_MergeUpdate] RESERVED - - imlib2 (bug #819818) + - imlib2 1.4.8-1 (bug #819818) [jessie] - imlib2 (Minor issue) [wheezy] - imlib2 (Minor issue) NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=ce94edca1ccfbe314cb7cd9453433fad404ec7ef ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41078 - data
Author: ghedo Date: 2016-04-23 12:43:33 + (Sat, 23 Apr 2016) New Revision: 41078 Modified: data/dsa-needed.txt Log: Take imlib2 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-04-23 12:27:16 UTC (rev 41077) +++ data/dsa-needed.txt 2016-04-23 12:43:33 UTC (rev 41078) @@ -30,7 +30,7 @@ no-dsa bugs CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 should be fixed along -- -imlib2 (carnil) +imlib2 (ghedo) -- libgd2 carnil> Test packages: https://people.debian.org/~carnil/tmp/libgd2/ ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41077 - org
Author: alteholz Date: 2016-04-23 12:27:16 + (Sat, 23 Apr 2016) New Revision: 41077 Modified: org/lts-frontdesk.2016.txt Log: take some frontend weeks Modified: org/lts-frontdesk.2016.txt === --- org/lts-frontdesk.2016.txt 2016-04-23 11:40:48 UTC (rev 41076) +++ org/lts-frontdesk.2016.txt 2016-04-23 12:27:16 UTC (rev 41077) @@ -26,16 +26,16 @@ From 28-03 to 03-04:Santiago Ruano RincónFrom 04-04 to 10-04: From 11-04 to 17-04:Markus Koschany -From 18-04 to 24-04: +From 18-04 to 24-04:Thorsten Alteholz From 25-04 to 01-05:Santiago Ruano Rincón From 02-05 to 08-05:Markus Koschany From 09-05 to 15-05:Chris Lamb From 16-05 to 22-05:Antoine Beaupré -From 23-05 to 29-05: +From 23-05 to 29-05:Thorsten Alteholz From 30-05 to 05-06: From 06-06 to 12-06:Chris Lamb From 13-06 to 19-06:Antoine Beaupré -From 20-06 to 26-06: +From 20-06 to 26-06:Thorsten Alteholz From 27-06 to 03-07: From 04-07 to 10-07:Chris Lamb From 11-07 to 17-07: ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41076 - data/CVE
Author: jmm Date: 2016-04-23 11:40:48 + (Sat, 23 Apr 2016) New Revision: 41076 Modified: data/CVE/list Log: new openssl issue Modified: data/CVE/list === --- data/CVE/list 2016-04-23 09:58:08 UTC (rev 41075) +++ data/CVE/list 2016-04-23 11:40:48 UTC (rev 41076) @@ -5585,6 +5585,8 @@ NOTE: https://www.samba.org/samba/security/CVE-2016-2110.html CVE-2016-2109 RESERVED + - openssl (low) + NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807 CVE-2016-2108 RESERVED CVE-2016-2107 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41075 - data
Author: carnil Date: 2016-04-23 09:58:08 + (Sat, 23 Apr 2016) New Revision: 41075 Modified: data/dsa-needed.txt Log: Add libgd2 to dsa-needed list Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-04-23 06:28:19 UTC (rev 41074) +++ data/dsa-needed.txt 2016-04-23 09:58:08 UTC (rev 41075) @@ -32,6 +32,9 @@ -- imlib2 (carnil) -- +libgd2 + carnil> Test packages: https://people.debian.org/~carnil/tmp/libgd2/ +-- libidn Working debdiff for wheezy-security at https://people.debian.org/~ghedo/libidn_1.25-2+deb7u1.diff ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41074 - data/CVE
Author: carnil Date: 2016-04-23 06:28:19 + (Sat, 23 Apr 2016) New Revision: 41074 Modified: data/CVE/list Log: Add CVE request reference for jq issue, #802231 Modified: data/CVE/list === --- data/CVE/list 2016-04-23 06:17:32 UTC (rev 41073) +++ data/CVE/list 2016-04-23 06:28:19 UTC (rev 41074) @@ -138,6 +138,7 @@ - jq (bug #802231) NOTE: https://github.com/stedolan/jq/issues/995 NOTE: https://github.com/stedolan/jq/commit/8eb1367ca44e772963e704a700ef72ae2e12babd + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/23/1 CVE-2016-4039 RESERVED CVE-2016-4036 (openSUSE and SUSE Linux Enterprise Server 11 SP 1 use weak permissions ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41073 - data/CVE
Author: carnil Date: 2016-04-23 06:17:32 + (Sat, 23 Apr 2016) New Revision: 41073 Modified: data/CVE/list Log: Update some NFUs Modified: data/CVE/list === --- data/CVE/list 2016-04-23 06:07:08 UTC (rev 41072) +++ data/CVE/list 2016-04-23 06:17:32 UTC (rev 41073) @@ -2312,7 +2312,7 @@ CVE-2016-3146 RESERVED CVE-2016-3145 (Lexmark printers with firmware ATL before ATL.021.063, CB before ...) - TODO: check + NOT-FOR-US: Lexmark printers CVE-2016-3144 (Cross-site scripting (XSS) vulnerability in the Block Class module ...) TODO: check CVE-2016-3143 @@ -4725,7 +4725,7 @@ CVE-2016-2355 RESERVED CVE-2016-2354 (The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver ...) - TODO: check + NOT-FOR-US: Lemur Vehicle Monitors BlueDriver CVE-2016-2353 RESERVED CVE-2016-2352 @@ -4960,21 +4960,21 @@ CVE-2016-2307 RESERVED CVE-2016-2306 (The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows ...) - TODO: check + NOT-FOR-US: Ecava IntegraXor CVE-2016-2305 (Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before ...) - TODO: check + NOT-FOR-US: Ecava IntegraXor CVE-2016-2304 (Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly ...) - TODO: check + NOT-FOR-US: Ecava IntegraXor CVE-2016-2303 (CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 ...) - TODO: check + NOT-FOR-US: Ecava IntegraXor CVE-2016-2302 (Ecava IntegraXor before 5.0 build 4522 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Ecava IntegraXor CVE-2016-2301 (SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 ...) - TODO: check + NOT-FOR-US: Ecava IntegraXor CVE-2016-2300 (Ecava IntegraXor before 5.0 build 4522 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Ecava IntegraXor CVE-2016-2299 (SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 ...) - TODO: check + NOT-FOR-US: Ecava IntegraXor CVE-2016-2298 RESERVED CVE-2016-2297 @@ -5397,6 +5397,7 @@ RESERVED CVE-2016-2173 RESERVED + NOT-FOR-US: Spring AMQP CVE-2016-2172 RESERVED CVE-2016-2171 (The User Manager service in Apache Jetspeed before 2.3.1 does not ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41072 - data/CVE
Author: carnil Date: 2016-04-23 06:07:08 + (Sat, 23 Apr 2016) New Revision: 41072 Modified: data/CVE/list Log: Update information for CVE-2016-4051/squid3 Modified: data/CVE/list === --- data/CVE/list 2016-04-23 06:03:07 UTC (rev 41071) +++ data/CVE/list 2016-04-23 06:07:08 UTC (rev 41072) @@ -111,7 +111,11 @@ RESERVED - squid3 3.5.17-1 - squid - TODO: check + NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_5.txt + NOTE: http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_5.patch (Squid 3.2) + NOTE: http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_5.patch (Squid 3.3) + NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_5.patch (Squid 3.4) + NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_5.patch (Squid 3.5) CVE-2016-4044 RESERVED CVE-2016-4043 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41071 - data/CVE
Author: carnil Date: 2016-04-23 06:03:07 + (Sat, 23 Apr 2016) New Revision: 41071 Modified: data/CVE/list Log: Update ifnormation for squid3/CVE-2016-405{2,3,4} Modified: data/CVE/list === --- data/CVE/list 2016-04-23 05:54:56 UTC (rev 41070) +++ data/CVE/list 2016-04-23 06:03:07 UTC (rev 41071) @@ -79,17 +79,33 @@ CVE-2016-4054 RESERVED - squid3 3.5.17-1 - - squid + - squid (Squid 2.x are not vulnerable) + NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_6.txt + NOTE: http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11841.patch (Squid 3.2) + NOTE: http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12697.patch (Squid 3.3) + NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4) + NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5) TODO: check CVE-2016-4053 RESERVED - squid3 3.5.17-1 - squid + - squid (Squid 2.x are not vulnerable) + NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_6.txt + NOTE: http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11841.patch (Squid 3.2) + NOTE: http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12697.patch (Squid 3.3) + NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4) + NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5) TODO: check CVE-2016-4052 RESERVED - squid3 3.5.17-1 - - squid + - squid (Squid 2.x are not vulnerable) + NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_6.txt + NOTE: http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11841.patch (Squid 3.2) + NOTE: http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12697.patch (Squid 3.3) + NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4) + NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5) TODO: check CVE-2016-4051 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits