[Secure-testing-commits] r41195 - data/CVE
Author: jmm
Date: 2016-04-26 06:44:09 + (Tue, 26 Apr 2016)
New Revision: 41195
Modified:
data/CVE/list
Log:
new qtwebkit issue
Modified: data/CVE/list
===
--- data/CVE/list 2016-04-26 06:34:40 UTC (rev 41194)
+++ data/CVE/list 2016-04-26 06:44:09 UTC (rev 41195)
@@ -13814,6 +13814,8 @@
TODO: double-check this CVE assignment, since it has been said earlier
on oss-security that it would not get a CVE
CVE-2015-8079
RESERVED
+ - qtwebkit (unimportant)
+ NOTE: qtwebkit not covered by security support
CVE-2015-8080 (Integer overflow in the getnum function in lua_struct.c in
Redis 2.8.x ...)
{DSA-3412-1}
- redis 2:3.0.5-4 (bug #804419)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41194 - data/CVE
Author: jmm Date: 2016-04-26 06:34:40 + (Tue, 26 Apr 2016) New Revision: 41194 Modified: data/CVE/list Log: mark wireshark as fixed Modified: data/CVE/list === --- data/CVE/list 2016-04-26 06:16:39 UTC (rev 41193) +++ data/CVE/list 2016-04-26 06:34:40 UTC (rev 41194) @@ -50,11 +50,11 @@ NOTE: https://github.com/roundcube/roundcubemail/commit/7bbefdb63b12e2344cf1cb87aeb6e3933b4063e0 (release-1.1) NOTE: http://www.openwall.com/lists/oss-security/2016/04/23/3 CVE-2016-4085 - - wireshark + - wireshark 2.0.0~rc2+g74e5b56-1 NOTE: https://www.wireshark.org/security/wnpa-sec-2016-28.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12293 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12293 - TODO: check + NOTE: Doesn't affect 2.x series CVE-2016-4084 - wireshark 2.0.3+geed34f0-1 (low) [jessie] - wireshark (Only affects 2.x) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41193 - data/CVE
Author: carnil Date: 2016-04-26 06:16:39 + (Tue, 26 Apr 2016) New Revision: 41193 Modified: data/CVE/list Log: Add two CVEs as NFU from external check Modified: data/CVE/list === --- data/CVE/list 2016-04-26 05:38:20 UTC (rev 41192) +++ data/CVE/list 2016-04-26 06:16:39 UTC (rev 41193) @@ -1169,10 +1169,12 @@ RESERVED CVE-2016-3704 RESERVED + NOT-FOR-US: Pulp (Red Hat) CVE-2016-3703 RESERVED CVE-2016-3702 RESERVED + NOT-FOR-US: Red Hat CloudForms Management Engine CVE-2016-3701 RESERVED CVE-2016-3700 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41192 - data/CVE
Author: carnil Date: 2016-04-26 05:38:20 + (Tue, 26 Apr 2016) New Revision: 41192 Modified: data/CVE/list Log: Mark vtun issue as no-dsa Modified: data/CVE/list === --- data/CVE/list 2016-04-26 05:21:48 UTC (rev 41191) +++ data/CVE/list 2016-04-26 05:38:20 UTC (rev 41192) @@ -1,5 +1,7 @@ CVE-2016- [denial-of-service: high CPU usage after SIGHUP] - vtun (bug #818489) + [jessie] - vtun (Minor issue) + [wheezy] - vtun (Minor issue) NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/26/1 CVE-2016-4075 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41191 - data/CVE
Author: carnil Date: 2016-04-26 05:21:48 + (Tue, 26 Apr 2016) New Revision: 41191 Modified: data/CVE/list Log: Add vtun issue, #818489 Modified: data/CVE/list === --- data/CVE/list 2016-04-26 05:10:20 UTC (rev 41190) +++ data/CVE/list 2016-04-26 05:21:48 UTC (rev 41191) @@ -1,3 +1,6 @@ +CVE-2016- [denial-of-service: high CPU usage after SIGHUP] + - vtun (bug #818489) + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/26/1 CVE-2016-4075 RESERVED CVE-2016-4067 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41190 - data/CVE
Author: carnil Date: 2016-04-26 05:10:20 + (Tue, 26 Apr 2016) New Revision: 41190 Modified: data/CVE/list Log: Add CVE-2016-4085/wireshark Modified: data/CVE/list === --- data/CVE/list 2016-04-26 05:08:23 UTC (rev 41189) +++ data/CVE/list 2016-04-26 05:10:20 UTC (rev 41190) @@ -1,5 +1,3 @@ -CVE-2016-4085 (Stack-based buffer overflow in epan/dissectors/packet-ncp.inc in ...) - TODO: check CVE-2016-4075 RESERVED CVE-2016-4067 @@ -46,6 +44,12 @@ NOTE: https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18 NOTE: https://github.com/roundcube/roundcubemail/commit/7bbefdb63b12e2344cf1cb87aeb6e3933b4063e0 (release-1.1) NOTE: http://www.openwall.com/lists/oss-security/2016/04/23/3 +CVE-2016-4085 + - wireshark + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-28.html + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12293 + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12293 + TODO: check CVE-2016-4084 - wireshark 2.0.3+geed34f0-1 (low) [jessie] - wireshark (Only affects 2.x) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41189 - data/CVE
Author: carnil
Date: 2016-04-26 05:08:23 + (Tue, 26 Apr 2016)
New Revision: 41189
Modified:
data/CVE/list
Log:
CVE-2016-408{3,4}/wireshark assigned
Modified: data/CVE/list
===
--- data/CVE/list 2016-04-26 05:04:23 UTC (rev 41188)
+++ data/CVE/list 2016-04-26 05:08:23 UTC (rev 41189)
@@ -1,9 +1,5 @@
CVE-2016-4085 (Stack-based buffer overflow in
epan/dissectors/packet-ncp.inc in ...)
TODO: check
-CVE-2016-4084 (Integer signedness error in epan/dissectors/packet-mswsp.c in
the ...)
- TODO: check
-CVE-2016-4083 (epan/dissectors/packet-mswsp.c in the MS-WSP dissector in
Wireshark ...)
- TODO: check
CVE-2016-4075
RESERVED
CVE-2016-4067
@@ -50,11 +46,16 @@
NOTE:
https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18
NOTE:
https://github.com/roundcube/roundcubemail/commit/7bbefdb63b12e2344cf1cb87aeb6e3933b4063e0
(release-1.1)
NOTE: http://www.openwall.com/lists/oss-security/2016/04/23/3
-CVE-2016- [MS-WSP dissector crash]
+CVE-2016-4084
- wireshark 2.0.3+geed34f0-1 (low)
[jessie] - wireshark (Only affects 2.x)
[wheezy] - wireshark (Only affects 2.x)
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-27.html
+CVE-2016-4083 [MS-WSP dissector crash]
+ - wireshark 2.0.3+geed34f0-1 (low)
+ [jessie] - wireshark (Only affects 2.x)
+ [wheezy] - wireshark (Only affects 2.x)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2016-27.html
CVE-2016-4082 [GSM CBCH dissector crash]
- wireshark 2.0.3+geed34f0-1 (low)
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-26.html
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41188 - data/CVE
Author: carnil Date: 2016-04-26 05:04:23 + (Tue, 26 Apr 2016) New Revision: 41188 Modified: data/CVE/list Log: CVE-2016-4082/wireshark assigned Modified: data/CVE/list === --- data/CVE/list 2016-04-26 05:04:13 UTC (rev 41187) +++ data/CVE/list 2016-04-26 05:04:23 UTC (rev 41188) @@ -4,8 +4,6 @@ TODO: check CVE-2016-4083 (epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark ...) TODO: check -CVE-2016-4082 (epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in ...) - TODO: check CVE-2016-4075 RESERVED CVE-2016-4067 @@ -57,7 +55,7 @@ [jessie] - wireshark (Only affects 2.x) [wheezy] - wireshark (Only affects 2.x) NOTE: https://www.wireshark.org/security/wnpa-sec-2016-27.html -CVE-2016- [GSM CBCH dissector crash] +CVE-2016-4082 [GSM CBCH dissector crash] - wireshark 2.0.3+geed34f0-1 (low) NOTE: https://www.wireshark.org/security/wnpa-sec-2016-26.html CVE-2016-4006 [Wireshark and TShark crash] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41187 - data/CVE
Author: carnil Date: 2016-04-26 05:04:13 + (Tue, 26 Apr 2016) New Revision: 41187 Modified: data/CVE/list Log: CVE-2016-4006/wireshark assigned Modified: data/CVE/list === --- data/CVE/list 2016-04-26 05:04:05 UTC (rev 41186) +++ data/CVE/list 2016-04-26 05:04:13 UTC (rev 41187) @@ -60,7 +60,7 @@ CVE-2016- [GSM CBCH dissector crash] - wireshark 2.0.3+geed34f0-1 (low) NOTE: https://www.wireshark.org/security/wnpa-sec-2016-26.html -CVE-2016- [Wireshark and TShark crash] +CVE-2016-4006 [Wireshark and TShark crash] - wireshark 2.0.3+geed34f0-1 (low) NOTE: https://www.wireshark.org/security/wnpa-sec-2016-25.html CVE-2016-4081 [IAX2 infinite loop] @@ -325,8 +325,6 @@ RESERVED CVE-2016-4007 (Multiple unspecified vulnerabilities in the obs-service-extract_file ...) NOT-FOR-US: obs-service-extract_file -CVE-2016-4006 (epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 ...) - TODO: check CVE-2015-8850 RESERVED CVE-2015-8849 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41186 - data/CVE
Author: carnil Date: 2016-04-26 05:04:05 + (Tue, 26 Apr 2016) New Revision: 41186 Modified: data/CVE/list Log: CVE-2016-4081/wireshark assigned Modified: data/CVE/list === --- data/CVE/list 2016-04-26 04:59:12 UTC (rev 41185) +++ data/CVE/list 2016-04-26 05:04:05 UTC (rev 41186) @@ -6,8 +6,6 @@ TODO: check CVE-2016-4082 (epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in ...) TODO: check -CVE-2016-4081 (epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark ...) - TODO: check CVE-2016-4075 RESERVED CVE-2016-4067 @@ -65,7 +63,7 @@ CVE-2016- [Wireshark and TShark crash] - wireshark 2.0.3+geed34f0-1 (low) NOTE: https://www.wireshark.org/security/wnpa-sec-2016-25.html -CVE-2016- [IAX2 infinite loop] +CVE-2016-4081 [IAX2 infinite loop] - wireshark 2.0.3+geed34f0-1 (low) NOTE: https://www.wireshark.org/security/wnpa-sec-2016-24.html CVE-2016-4080 [PKTC dissector crash] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41184 - data/CVE
Author: carnil Date: 2016-04-26 04:59:03 + (Tue, 26 Apr 2016) New Revision: 41184 Modified: data/CVE/list Log: CVE-2016-4078/wireshark assigned Modified: data/CVE/list === --- data/CVE/list 2016-04-26 04:44:12 UTC (rev 41183) +++ data/CVE/list 2016-04-26 04:59:03 UTC (rev 41184) @@ -12,8 +12,6 @@ TODO: check CVE-2016-4079 (epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark ...) TODO: check -CVE-2016-4078 (The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x ...) - TODO: check CVE-2016-4075 RESERVED CVE-2016-4067 @@ -78,7 +76,7 @@ - wireshark 2.0.3+geed34f0-1 (low) NOTE: https://www.wireshark.org/security/wnpa-sec-2016-23.html NOTE: https://www.wireshark.org/security/wnpa-sec-2016-22.html -CVE-2016- [IEEE 802.11 dissector crash #2] +CVE-2016-4078 [IEEE 802.11 dissector crash #2] - wireshark 2.0.3+geed34f0-1 (low) NOTE: https://www.wireshark.org/security/wnpa-sec-2016-21.html CVE-2016-4077 [TShark reassembly crash] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41185 - data/CVE
Author: carnil
Date: 2016-04-26 04:59:12 + (Tue, 26 Apr 2016)
New Revision: 41185
Modified:
data/CVE/list
Log:
CVE-2016-40{79,80}/wireshark assigned
Modified: data/CVE/list
===
--- data/CVE/list 2016-04-26 04:59:03 UTC (rev 41184)
+++ data/CVE/list 2016-04-26 04:59:12 UTC (rev 41185)
@@ -8,10 +8,6 @@
TODO: check
CVE-2016-4081 (epan/dissectors/packet-iax2.c in the IAX2 dissector in
Wireshark ...)
TODO: check
-CVE-2016-4080 (epan/dissectors/packet-pktc.c in the PKTC dissector in
Wireshark ...)
- TODO: check
-CVE-2016-4079 (epan/dissectors/packet-pktc.c in the PKTC dissector in
Wireshark ...)
- TODO: check
CVE-2016-4075
RESERVED
CVE-2016-4067
@@ -72,9 +68,11 @@
CVE-2016- [IAX2 infinite loop]
- wireshark 2.0.3+geed34f0-1 (low)
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-24.html
-CVE-2016- [PKTC dissector crash]
+CVE-2016-4080 [PKTC dissector crash]
- wireshark 2.0.3+geed34f0-1 (low)
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-23.html
+CVE-2016-4079 [PKTC dissector crash]
+ - wireshark 2.0.3+geed34f0-1 (low)
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-22.html
CVE-2016-4078 [IEEE 802.11 dissector crash #2]
- wireshark 2.0.3+geed34f0-1 (low)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41183 - data/CVE
Author: carnil Date: 2016-04-26 04:44:12 + (Tue, 26 Apr 2016) New Revision: 41183 Modified: data/CVE/list Log: CVE-2016-4077/wireshark assigned Modified: data/CVE/list === --- data/CVE/list 2016-04-26 04:40:10 UTC (rev 41182) +++ data/CVE/list 2016-04-26 04:44:12 UTC (rev 41183) @@ -14,8 +14,6 @@ TODO: check CVE-2016-4078 (The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x ...) TODO: check -CVE-2016-4077 (epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on ...) - TODO: check CVE-2016-4075 RESERVED CVE-2016-4067 @@ -83,7 +81,7 @@ CVE-2016- [IEEE 802.11 dissector crash #2] - wireshark 2.0.3+geed34f0-1 (low) NOTE: https://www.wireshark.org/security/wnpa-sec-2016-21.html -CVE-2016- [TShark reassembly crash] +CVE-2016-4077 [TShark reassembly crash] - wireshark 2.0.3+geed34f0-1 (low) [jessie] - wireshark (Only affects 2.x) [wheezy] - wireshark (Only affects 2.x) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41182 - data/CVE
Author: carnil Date: 2016-04-26 04:40:10 + (Tue, 26 Apr 2016) New Revision: 41182 Modified: data/CVE/list Log: CVE-2016-4076/wireshark assigned Modified: data/CVE/list === --- data/CVE/list 2016-04-26 02:14:44 UTC (rev 41181) +++ data/CVE/list 2016-04-26 04:40:10 UTC (rev 41182) @@ -16,8 +16,6 @@ TODO: check CVE-2016-4077 (epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on ...) TODO: check -CVE-2016-4076 (epan/dissectors/packet-ncp.inc in the NCP dissector in Wireshark ...) - TODO: check CVE-2016-4075 RESERVED CVE-2016-4067 @@ -90,7 +88,7 @@ [jessie] - wireshark (Only affects 2.x) [wheezy] - wireshark (Only affects 2.x) NOTE: https://www.wireshark.org/security/wnpa-sec-2016-20.html -CVE-2016- [NCP dissector crash] +CVE-2016-4076 [NCP dissector crash] - wireshark 2.0.3+geed34f0-1 (low) [jessie] - wireshark (Only affects 2.x) [wheezy] - wireshark (Only affects 2.x) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41181 - data
Author: sunweaver Date: 2016-04-26 02:14:44 + (Tue, 26 Apr 2016) New Revision: 41181 Modified: data/dla-needed.txt Log: data/dla-needed.txt: remove my name from pdns Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-04-25 21:10:11 UTC (rev 41180) +++ data/dla-needed.txt 2016-04-26 02:14:44 UTC (rev 41181) @@ -68,7 +68,7 @@ -- openssl -- -pdns (Mike Gabriel) +pdns -- php5 -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41180 - data/CVE
Author: sectracker Date: 2016-04-25 21:10:11 + (Mon, 25 Apr 2016) New Revision: 41180 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2016-04-25 18:59:13 UTC (rev 41179) +++ data/CVE/list 2016-04-25 21:10:11 UTC (rev 41180) @@ -1,8 +1,50 @@ +CVE-2016-4085 (Stack-based buffer overflow in epan/dissectors/packet-ncp.inc in ...) + TODO: check +CVE-2016-4084 (Integer signedness error in epan/dissectors/packet-mswsp.c in the ...) + TODO: check +CVE-2016-4083 (epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark ...) + TODO: check +CVE-2016-4082 (epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in ...) + TODO: check +CVE-2016-4081 (epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark ...) + TODO: check +CVE-2016-4080 (epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark ...) + TODO: check +CVE-2016-4079 (epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark ...) + TODO: check +CVE-2016-4078 (The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x ...) + TODO: check +CVE-2016-4077 (epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on ...) + TODO: check +CVE-2016-4076 (epan/dissectors/packet-ncp.inc in the NCP dissector in Wireshark ...) + TODO: check +CVE-2016-4075 + RESERVED +CVE-2016-4067 + RESERVED +CVE-2016-4066 + RESERVED +CVE-2016-4065 (The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on ...) + TODO: check +CVE-2016-4064 (Use-after-free vulnerability in the XFA forms handling functionality ...) + TODO: check +CVE-2016-4063 (Use-after-free vulnerability in Foxit Reader and PhantomPDF before ...) + TODO: check +CVE-2016-4062 (Foxit Reader and PhantomPDF before 7.3.4 on Windows improperly report ...) + TODO: check +CVE-2016-4061 (Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote ...) + TODO: check +CVE-2016-4060 (Use-after-free vulnerability in Foxit Reader and PhantomPDF before ...) + TODO: check +CVE-2016-4059 (Use-after-free vulnerability in Foxit Reader and PhantomPDF before ...) + TODO: check CVE-2016-4074 [Stack exhaustion parsing a JSON file] + RESERVED - jq (bug #822456) NOTE: https://github.com/stedolan/jq/issues/1136 NOTE: http://www.openwall.com/lists/oss-security/2016/04/24/3 CVE-2016-4069 [Protect download urls against CSRF using unique request tokens] + RESERVED - roundcube (bug #822333) NOTE: https://github.com/roundcube/roundcubemail/issues/4957 NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115 @@ -10,10 +52,12 @@ NOTE: https://github.com/roundcube/roundcubemail/commit/699af1e5206ed9114322adaa3c25c1c969640a53 (release-1.1) NOTE: http://www.openwall.com/lists/oss-security/2016/04/23/3 CVE-2016-4068 ["for the remaining SVG XSS issues additional to CVE-2015-8864"] + RESERVED - roundcube NOTE: https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18#commitcomment-15294218 NOTE: These remain unfixed in versions 1.0.9, 1.1.5 and 1.2-rc CVE-2015-8864 [XSS issue in SVG images handling] + RESERVED - roundcube (bug #822333) NOTE: https://github.com/roundcube/roundcubemail/issues/4949 NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115 @@ -120,6 +164,7 @@ NOTE: upstream fixed in 2.1 NOTE: https://bugs.gentoo.org/show_bug.cgi?id=564400 CVE-2015-8866 [libxml_disable_entity_loader setting is shared between threads] + RESERVED - php5 5.6.6+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=64938 NOTE: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1509817 @@ -128,6 +173,7 @@ NOTE: Fixed in 5.6.6, 5.5.22 NOTE: http://www.openwall.com/lists/oss-security/2016/04/21/8 CVE-2015-8867 [openssl_random_pseudo_bytes() is not cryptographically secure] + RESERVED - php7.0 7.0.0-1 - php5 5.6.12+dfsg-1 [jessie] - php5 5.6.12+dfsg-0+deb8u1 @@ -200,6 +246,7 @@ NOTE: http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5 NOTE: http://www.openwall.com/lists/oss-security/2016/04/20/5 CVE-2015-8863 [off-by-one error that leads to a heap-based buffer overflow] + RESERVED - jq (bug #802231) NOTE: https://github.com/stedolan/jq/issues/995 NOTE: https://github.com/stedolan/jq/commit/8eb1367ca44e772963e704a700ef72ae2e12babd @@ -288,8 +335,8 @@ RESERVED CVE-2016-4007 (Multiple unspecified vulnerabilities in the obs-service-extract_file ...) NOT-FOR-US: obs-service-extract_file -CVE-2016-4006 - RESERVED +CVE-2016-4006 (
[Secure-testing-commits] r41179 - data/CVE
Author: carnil Date: 2016-04-25 18:59:13 + (Mon, 25 Apr 2016) New Revision: 41179 Modified: data/CVE/list Log: Two issues in giflib fixed in unstable Modified: data/CVE/list === --- data/CVE/list 2016-04-25 18:50:25 UTC (rev 41178) +++ data/CVE/list 2016-04-25 18:59:13 UTC (rev 41179) @@ -536,7 +536,7 @@ - optipng 0.7.6-1 NOTE: https://sourceforge.net/p/optipng/bugs/56/ CVE-2016-3977 (Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib ...) - - giflib (bug #820526) + - giflib 5.1.4-0.1 (bug #820526) [jessie] - giflib (Minor issue) [wheezy] - giflib (minor issue) NOTE: https://sourceforge.net/p/giflib/bugs/87/ @@ -5980,7 +5980,7 @@ CVE-2015-8786 RESERVED CVE-2016- [out of bound read and write issues] - - giflib (bug #820594) + - giflib 5.1.4-0.1 (bug #820594) [jessie] - giflib (Minor issue) [wheezy] - giflib (Minor issue) [squeeze] - giflib (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41178 - org
Author: anarcat Date: 2016-04-25 18:50:25 + (Mon, 25 Apr 2016) New Revision: 41178 Modified: org/lts-frontdesk.2016.txt Log: Summary: not available in june for FD Modified: org/lts-frontdesk.2016.txt === --- org/lts-frontdesk.2016.txt 2016-04-25 18:47:31 UTC (rev 41177) +++ org/lts-frontdesk.2016.txt 2016-04-25 18:50:25 UTC (rev 41178) @@ -34,7 +34,7 @@ From 23-05 to 29-05:Thorsten Alteholz From 30-05 to 05-06:Ben Hutchings From 06-06 to 12-06:Chris Lamb -From 13-06 to 19-06:Antoine Beaupré +From 13-06 to 19-06: From 20-06 to 26-06:Thorsten Alteholz From 27-06 to 03-07: From 04-07 to 10-07:Chris Lamb ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41177 - data/CVE
Author: carnil
Date: 2016-04-25 18:47:31 + (Mon, 25 Apr 2016)
New Revision: 41177
Modified:
data/CVE/list
Log:
roundup removed from unstable
Modified: data/CVE/list
===
--- data/CVE/list 2016-04-25 18:46:32 UTC (rev 41176)
+++ data/CVE/list 2016-04-25 18:47:31 UTC (rev 41177)
@@ -46674,7 +46674,7 @@
NOTE: environment.
CVE-2014-6276 (schema.py in Roundup before 1.5.1 does not properly limit
attributes ...)
{DSA-3502-1}
- - roundup (bug #816780)
+ - roundup (bug #816780)
NOTE: http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9
CVE-2014-6275
RESERVED
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41176 - in data: . CVE
Author: carnil Date: 2016-04-25 18:46:32 + (Mon, 25 Apr 2016) New Revision: 41176 Modified: data/CVE/list data/next-point-update.txt Log: CVE-2015-8868/poppler requested via jessie-pu already Modified: data/CVE/list === --- data/CVE/list 2016-04-25 18:44:05 UTC (rev 41175) +++ data/CVE/list 2016-04-25 18:46:32 UTC (rev 41176) @@ -366,6 +366,7 @@ NOTE: Fixed by: https://github.com/brltty/brltty/commit/74affe7d1401f2b43ad32e18cb78704d22604ad7 CVE-2015-8868 [heap overflow] - poppler 0.38.0-3 (bug #822578) + [jessie] - poppler (Minor issue; will be fixed via jessie-pu) NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=b3425dd3261679958cd56c0f71995c15d2124433 NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=93476 NOTE: http://www.openwall.com/lists/oss-security/2016/04/12/1 Modified: data/next-point-update.txt === --- data/next-point-update.txt 2016-04-25 18:44:05 UTC (rev 41175) +++ data/next-point-update.txt 2016-04-25 18:46:32 UTC (rev 41176) @@ -21,3 +21,5 @@ [jessie] - zendframework 1.12.9+dfsg-2+deb8u6 CVE-2016-3995 [jessie] - libcrypto++ 5.6.1-6+deb8u2 +CVE-2015-8868 + [jessie] - poppler 0.26.5-2+deb8u1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41175 - data/CVE
Author: carnil Date: 2016-04-25 18:44:05 + (Mon, 25 Apr 2016) New Revision: 41175 Modified: data/CVE/list Log: libcsoap remove from unstable Modified: data/CVE/list === --- data/CVE/list 2016-04-25 18:42:40 UTC (rev 41174) +++ data/CVE/list 2016-04-25 18:44:05 UTC (rev 41175) @@ -32623,7 +32623,7 @@ NOTE: encodings CVE-2015-2297 [Remote null pointer dereference] RESERVED - - libcsoap (bug #778599) + - libcsoap (bug #778599) [squeeze] - libcsoap (Minor issue) [wheezy] - libcsoap (Minor issue) NOTE: CVE assigned only for the null pointer dereference, not all issues in ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41174 - data/CVE
Author: carnil Date: 2016-04-25 18:42:40 + (Mon, 25 Apr 2016) New Revision: 41174 Modified: data/CVE/list Log: CVE-2015-8868/poppler, #822578, fixed in unstable Modified: data/CVE/list === --- data/CVE/list 2016-04-25 18:38:07 UTC (rev 41173) +++ data/CVE/list 2016-04-25 18:42:40 UTC (rev 41174) @@ -365,7 +365,7 @@ NOTE: Introduced in: https://github.com/brltty/brltty/commit/e62b3c925d03239a372d425fb87b2cac65d8ef19 NOTE: Fixed by: https://github.com/brltty/brltty/commit/74affe7d1401f2b43ad32e18cb78704d22604ad7 CVE-2015-8868 [heap overflow] - - poppler (bug #822578) + - poppler 0.38.0-3 (bug #822578) NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=b3425dd3261679958cd56c0f71995c15d2124433 NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=93476 NOTE: http://www.openwall.com/lists/oss-security/2016/04/12/1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41173 - data/CVE
Author: carnil Date: 2016-04-25 18:38:07 + (Mon, 25 Apr 2016) New Revision: 41173 Modified: data/CVE/list Log: ha removed from unstable Modified: data/CVE/list === --- data/CVE/list 2016-04-25 15:10:56 UTC (rev 41172) +++ data/CVE/list 2016-04-25 18:38:07 UTC (rev 41173) @@ -36545,7 +36545,7 @@ [wheezy] - libapache-poi-java (Minor issue) CVE-2015-1198 [directory traversal vulnerabilities] RESERVED - - ha (low; bug #774954) + - ha (low; bug #774954) [squeeze] - ha (Minor issue) [wheezy] - ha (Minor issue) CVE-2015-1352 (The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41172 - data/CVE
Author: carnil Date: 2016-04-25 15:10:56 + (Mon, 25 Apr 2016) New Revision: 41172 Modified: data/CVE/list Log: Update CVE-2016-2187 information Modified: data/CVE/list === --- data/CVE/list 2016-04-25 14:50:28 UTC (rev 41171) +++ data/CVE/list 2016-04-25 15:10:56 UTC (rev 41172) @@ -5441,8 +5441,8 @@ CVE-2016-2187 [Kernel panic on invalid USB device descriptor (gtco driver)] RESERVED - linux + NOTE: Upstream commit: https://git.kernel.org/linus/162f98dea487206d9ab79fc12ed64700667a894d (v4.6-rc5) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1317017 - TODO: check CVE-2016-2186 [Kernel panic on invalid USB device descriptor (powermate driver)] RESERVED - linux 4.5.1-1 (low) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41171 - data/CVE
Author: carnil
Date: 2016-04-25 14:50:28 + (Mon, 25 Apr 2016)
New Revision: 41171
Modified:
data/CVE/list
Log:
Update two ancient file CVEs
Modified: data/CVE/list
===
--- data/CVE/list 2016-04-25 14:46:31 UTC (rev 41170)
+++ data/CVE/list 2016-04-25 14:50:28 UTC (rev 41171)
@@ -140079,12 +140079,10 @@
- cups 1.3.10-1
CVE-2009-0948
RESERVED
- - file
- TODO: check, should be fixed in 5.01
+ - file 5.02-1
CVE-2009-0947
RESERVED
- - file
- TODO: check, should be fixed in 5.01
+ - file 5.02-1
CVE-2009-0946 (Multiple integer overflows in FreeType 2.3.9 and earlier allow
remote ...)
{DSA-1784-1}
- freetype 2.3.9-4.1 (medium; bug #524925)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41169 - data
Author: carnil Date: 2016-04-25 14:46:30 + (Mon, 25 Apr 2016) New Revision: 41169 Modified: data/dsa-needed.txt Log: dsa-needed: remove entries which are only relevant for oldstable Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-04-25 14:46:28 UTC (rev 41168) +++ data/dsa-needed.txt 2016-04-25 14:46:30 UTC (rev 41169) @@ -19,14 +19,10 @@ -- botan1.10 (Markus Koschany) -- -gosa/oldstable (Mike Gabriel) +gosa (Mike Gabriel) NOTE: .debdiff sent to the Security Team, waiting for feedback NOTE: asked about jessie status (seb) -- -imagemagick/oldstable - no-dsa bugs CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 - should be fixed along --- libidn Working debdiff for wheezy-security at https://people.debian.org/~ghedo/libidn_1.25-2+deb7u1.diff @@ -42,8 +38,6 @@ -- mariadb-10.0 (carnil) -- -mediawiki/oldstable --- minissdpd NOTE: debdiff sent by Thorsten Alteholz to the Security Team on 2016-03-28 -- @@ -53,30 +47,18 @@ -- ntp -- -openjdk-6/oldstable (jmm) --- openjdk-7 (jmm) -- openjpeg2 (jmm) -- -pdns/oldstable (Mike Gabriel) --- php5 Maintainer proposed update to 5.6.20 for jessie, needs check/ack -- samba Samba maintainers are preparing updates for regressions -- -smarty3/oldstable - NOTE: https://lists.debian.org/debian-lts/2016/03/msg0.html - Version bump to package version in jessie recommended. --- -squid/oldstable --- tardiff fw asked maintainer for preparing debdiffs for wheezy- and jessie-security -- -tiff3 --- tomcat8 -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41170 - doc
Author: carnil Date: 2016-04-25 14:46:31 + (Mon, 25 Apr 2016) New Revision: 41170 Modified: doc/DSA.template Log: Drop oldstable from the DSA template Modified: doc/DSA.template === --- doc/DSA.template2016-04-25 14:46:30 UTC (rev 41169) +++ doc/DSA.template2016-04-25 14:46:31 UTC (rev 41170) @@ -14,9 +14,6 @@ $TEXT -For the oldstable distribution ($OLDSTABLE), this problem has been fixed -in version $$OLDSTABLE_VERSION. - For the stable distribution ($STABLE), this problem has been fixed in version $$STABLE_VERSION. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41168 - bin
Author: carnil Date: 2016-04-25 14:46:28 + (Mon, 25 Apr 2016) New Revision: 41168 Modified: bin/add-dsa-needed.sh Log: Only list packages from stable for dsa-needed list Modified: bin/add-dsa-needed.sh === --- bin/add-dsa-needed.sh 2016-04-25 14:20:09 UTC (rev 41167) +++ bin/add-dsa-needed.sh 2016-04-25 14:46:28 UTC (rev 41168) @@ -52,7 +52,8 @@ ;; esac -for release in oldstable stable; do +#for release in oldstable stable; do +for release in stable; do HOME=$tmpd w3m $turl/$release > $tmpd/$release.txt touch $tmpd/toadd-$release.txt seen_marker=false @@ -81,16 +82,18 @@ done < $tmpd/$release.txt done -cat $tmpd/toadd-stable.txt $tmpd/toadd-oldstable.txt | sort | uniq -d | +#cat $tmpd/toadd-stable.txt $tmpd/toadd-oldstable.txt | sort | uniq -d | +cat $tmpd/toadd-stable.txt | sort | uniq -d | while read pkg; do printf "%s\n--\n" "$pkg" >> $output sed -ri "/^$pkg\$/d" $tmpd/toadd-stable.txt -sed -ri "/^$pkg\$/d" $tmpd/toadd-oldstable.txt +#sed -ri "/^$pkg\$/d" $tmpd/toadd-oldstable.txt done # Skip oldoldstable for now as it is an LTS release, tracked with # dla-needed: -for release in oldstable stable; do +#for release in oldstable stable; do +for release in stable; do while read pkg; do printf "%s/%s\n--\n" "$pkg" "$release" >> $output done < $tmpd/toadd-$release.txt ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41167 - data/CVE
Author: carnil Date: 2016-04-25 14:20:09 + (Mon, 25 Apr 2016) New Revision: 41167 Modified: data/CVE/list Log: Add bug reference for CVE-2015-8868/poppler, #822578 Modified: data/CVE/list === --- data/CVE/list 2016-04-25 14:13:39 UTC (rev 41166) +++ data/CVE/list 2016-04-25 14:20:09 UTC (rev 41167) @@ -365,7 +365,7 @@ NOTE: Introduced in: https://github.com/brltty/brltty/commit/e62b3c925d03239a372d425fb87b2cac65d8ef19 NOTE: Fixed by: https://github.com/brltty/brltty/commit/74affe7d1401f2b43ad32e18cb78704d22604ad7 CVE-2015-8868 [heap overflow] - - poppler + - poppler (bug #822578) NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=b3425dd3261679958cd56c0f71995c15d2124433 NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=93476 NOTE: http://www.openwall.com/lists/oss-security/2016/04/12/1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41164 - data
Author: santiago Date: 2016-04-25 14:13:37 + (Mon, 25 Apr 2016) New Revision: 41164 Modified: data/dla-needed.txt Log: add tardiff to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-04-25 14:13:35 UTC (rev 41163) +++ data/dla-needed.txt 2016-04-25 14:13:37 UTC (rev 41164) @@ -80,6 +80,9 @@ -- squid -- +tardiff + fw asked maintainer for preparing debdiffs for wheezy- and jessie-security +-- tiff NOTE: 20160226, no fix available yet -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41166 - bin
Author: santiago Date: 2016-04-25 14:13:39 + (Mon, 25 Apr 2016) New Revision: 41166 Modified: bin/tracker_data.py Log: update bin/tracker_data.py lts->wheezy, next_lts->jessie Modified: bin/tracker_data.py === --- bin/tracker_data.py 2016-04-25 14:13:38 UTC (rev 41165) +++ bin/tracker_data.py 2016-04-25 14:13:39 UTC (rev 41166) @@ -29,8 +29,8 @@ 'unstable': 'sid', 'experimental': 'experimental', # LTS specific aliases -'lts': 'squeeze', -'next_lts': 'wheezy', +'lts': 'wheezy', +'next_lts': 'jessie', } ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41165 - data
Author: santiago Date: 2016-04-25 14:13:38 + (Mon, 25 Apr 2016) New Revision: 41165 Modified: data/dla-needed.txt Log: add tiff3 to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-04-25 14:13:37 UTC (rev 41164) +++ data/dla-needed.txt 2016-04-25 14:13:38 UTC (rev 41165) @@ -86,5 +86,7 @@ tiff NOTE: 20160226, no fix available yet -- +tiff3 +-- xymon (Chris Lamb) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41163 - data
Author: santiago Date: 2016-04-25 14:13:35 + (Mon, 25 Apr 2016) New Revision: 41163 Modified: data/dla-needed.txt Log: add samba to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-04-25 14:13:34 UTC (rev 41162) +++ data/dla-needed.txt 2016-04-25 14:13:35 UTC (rev 41163) @@ -75,6 +75,9 @@ policykit-1 NOTE: CVE-2016-2568 doesn't have a fix yet, 20160425 -- +samba + Samba maintainers are preparing updates for regressions +-- squid -- tiff ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41162 - data
Author: santiago Date: 2016-04-25 14:13:34 + (Mon, 25 Apr 2016) New Revision: 41162 Modified: data/dla-needed.txt Log: dla-needed.txt: policykit-1 add note about CVE-2016-2568 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-04-25 14:13:33 UTC (rev 41161) +++ data/dla-needed.txt 2016-04-25 14:13:34 UTC (rev 41162) @@ -73,6 +73,7 @@ php5 -- policykit-1 + NOTE: CVE-2016-2568 doesn't have a fix yet, 20160425 -- squid -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41161 - data
Author: santiago Date: 2016-04-25 14:13:33 + (Mon, 25 Apr 2016) New Revision: 41161 Modified: data/dla-needed.txt Log: remove mediawiki from dla-needed.txt, not supported in LTS Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-04-25 14:13:28 UTC (rev 41160) +++ data/dla-needed.txt 2016-04-25 14:13:33 UTC (rev 41161) @@ -52,8 +52,6 @@ -- linux -- -mediawiki --- minissdpd NOTE: debdiff sent by Thorsten Alteholz to the Security Team on 2016-03-28 -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41160 - data
Author: santiago Date: 2016-04-25 14:13:28 + (Mon, 25 Apr 2016) New Revision: 41160 Modified: data/dla-needed.txt Log: add openjdk-7, pdns and php5 to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-04-25 14:01:34 UTC (rev 41159) +++ data/dla-needed.txt 2016-04-25 14:13:28 UTC (rev 41160) @@ -66,8 +66,14 @@ NOTE: maintainer wants to upload package (as done before) NOTE: <20160213161710.ga9...@roeckx.be> -- +openjdk-7 +-- openssl -- +pdns (Mike Gabriel) +-- +php5 +-- policykit-1 -- squid ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41159 - data/packages
Author: jmm Date: 2016-04-25 14:01:34 + (Mon, 25 Apr 2016) New Revision: 41159 Modified: data/packages/removed-packages Log: add ruby2.2 to removed packages Modified: data/packages/removed-packages === --- data/packages/removed-packages 2016-04-25 13:57:32 UTC (rev 41158) +++ data/packages/removed-packages 2016-04-25 14:01:34 UTC (rev 41159) @@ -581,3 +581,4 @@ xmcd hobix oprofile +ruby2.2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41158 - data/CVE
Author: carnil Date: 2016-04-25 13:57:32 + (Mon, 25 Apr 2016) New Revision: 41158 Modified: data/CVE/list Log: Fix source package name: node-mustache -> mustache.js Modified: data/CVE/list === --- data/CVE/list 2016-04-25 13:56:31 UTC (rev 41157) +++ data/CVE/list 2016-04-25 13:57:32 UTC (rev 41158) @@ -75,12 +75,12 @@ RESERVED CVE-2015-8862 RESERVED - - node-mustache (unimportant) + - mustache.js (unimportant) NOTE: node-handlebars only in experimental for now, fixed in 4.0.0 NOTE: libv8 is not covered by security support CVE-2015-8861 RESERVED - - node-mustache (unimportant) + - mustache.js (unimportant) NOTE: node-handlebars only in experimental for now, fixed in 4.0.0 NOTE: libv8 is not covered by security support CVE-2015-8860 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41157 - data/CVE
Author: carnil Date: 2016-04-25 13:56:31 + (Mon, 25 Apr 2016) New Revision: 41157 Modified: data/CVE/list Log: Fix source package name: node-uglify -> uglifyjs Modified: data/CVE/list === --- data/CVE/list 2016-04-25 13:28:16 UTC (rev 41156) +++ data/CVE/list 2016-04-25 13:56:31 UTC (rev 41157) @@ -91,7 +91,7 @@ RESERVED CVE-2015-8858 RESERVED - - node-uglify (unimportant) + - uglifyjs (unimportant) NOTE: libv8 is not covered by security support CVE-2015-8857 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41154 - data
Author: santiago Date: 2016-04-25 13:28:13 + (Mon, 25 Apr 2016) New Revision: 41154 Modified: data/dla-needed.txt Log: data/dla-needed.txt: add libidn and libxstream-java, fixs for both already proposed Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-04-25 13:06:57 UTC (rev 41153) +++ data/dla-needed.txt 2016-04-25 13:28:13 UTC (rev 41154) @@ -36,9 +36,20 @@ imagemagick NOTE: only minor issues -- +libidn + Working debdiff for wheezy-security at + https://people.debian.org/~ghedo/libidn_1.25-2+deb7u1.diff + Work-in-progress debdiff for jessie-security at + https://people.debian.org/~ghedo/libidn_1.29-1+deb8u1.diff + Help is needed to fix it so that it doesn't FTBFS +-- libxml2 NOTE: 20160226, no fix available yet -- +libxstream-java (jmm) + Emmanuel Bourg proposed debdiff for both wheezy- and jessie-security + waiting an additional to solicit regression feedback from change in sid +-- linux -- ntp ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41155 - data
Author: santiago Date: 2016-04-25 13:28:14 + (Mon, 25 Apr 2016) New Revision: 41155 Modified: data/dla-needed.txt Log: add mediawiki to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-04-25 13:28:13 UTC (rev 41154) +++ data/dla-needed.txt 2016-04-25 13:28:14 UTC (rev 41155) @@ -52,6 +52,8 @@ -- linux -- +mediawiki +-- ntp NOTE: maintainer wants to upload package (as done before) NOTE: <20160213161710.ga9...@roeckx.be> ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41156 - data
Author: santiago Date: 2016-04-25 13:28:16 + (Mon, 25 Apr 2016) New Revision: 41156 Modified: data/dla-needed.txt Log: add minissdpd, mysql-5.5 and nss to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-04-25 13:28:14 UTC (rev 41155) +++ data/dla-needed.txt 2016-04-25 13:28:16 UTC (rev 41156) @@ -54,6 +54,14 @@ -- mediawiki -- +minissdpd + NOTE: debdiff sent by Thorsten Alteholz to the Security Team on 2016-03-28 +-- +mysql-5.5 + NOTE: carnil already claimed in dsa-needed.txt +-- +nss +-- ntp NOTE: maintainer wants to upload package (as done before) NOTE: <20160213161710.ga9...@roeckx.be> ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41149 - data
Author: santiago Date: 2016-04-25 13:06:50 + (Mon, 25 Apr 2016) New Revision: 41149 Modified: data/dla-needed.txt Log: remove dwarfutils, currently only no-dsa issues Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-04-25 12:46:01 UTC (rev 41148) +++ data/dla-needed.txt 2016-04-25 13:06:50 UTC (rev 41149) @@ -17,9 +17,6 @@ cakephp NOTE: CVE-2015-8379 No official solution is currently available, 20160425 -- -dwarfutils - NOTE: 20160123, no CVE assigned yet, no fix availabe yet --- extplorer (Thorsten Alteholz) -- graphicsmagick ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41150 - data
Author: santiago Date: 2016-04-25 13:06:53 + (Mon, 25 Apr 2016) New Revision: 41150 Modified: data/dla-needed.txt Log: add 389-ds-base to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-04-25 13:06:50 UTC (rev 41149) +++ data/dla-needed.txt 2016-04-25 13:06:53 UTC (rev 41150) @@ -9,6 +9,8 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues -- +389-ds-base +-- asterisk (Thorsten Alteholz) -- cacti ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41152 - data
Author: santiago
Date: 2016-04-25 13:06:56 + (Mon, 25 Apr 2016)
New Revision: 41152
Modified:
data/dla-needed.txt
Log:
add gosa to dla-needed.txt, already claimed by Mike Gabriel
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-25 13:06:54 UTC (rev 41151)
+++ data/dla-needed.txt 2016-04-25 13:06:56 UTC (rev 41152)
@@ -23,6 +23,10 @@
--
extplorer (Thorsten Alteholz)
--
+gosa (Mike Gabriel)
+ NOTE: .debdiff sent to the Security Team, waiting for feedback
+ NOTE: asked about jessie status (seb)
+--
graphicsmagick
NOTE: CVE-2016-231{8,9} don't have upstream fixes but we crash on the
exploits
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41153 - data
Author: santiago Date: 2016-04-25 13:06:57 + (Mon, 25 Apr 2016) New Revision: 41153 Modified: data/dla-needed.txt Log: remove note about test icu packages for squeeze-lts Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-04-25 13:06:56 UTC (rev 41152) +++ data/dla-needed.txt 2016-04-25 13:06:57 UTC (rev 41153) @@ -32,7 +32,6 @@ -- icu NOTE: check comments on CVE-2016-0494 as well - NOTE: tentative package for icu https://lists.debian.org/debian-lts/2016/01/msg00133.html -- imagemagick NOTE: only minor issues ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41151 - data
Author: santiago Date: 2016-04-25 13:06:54 + (Mon, 25 Apr 2016) New Revision: 41151 Modified: data/dla-needed.txt Log: add botan1.10 to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-04-25 13:06:53 UTC (rev 41150) +++ data/dla-needed.txt 2016-04-25 13:06:54 UTC (rev 41151) @@ -13,6 +13,8 @@ -- asterisk (Thorsten Alteholz) -- +botan1.10 (Markus Koschany) +-- cacti NOTE: CVE-2016-3659 doesn't have a fix yet, 20160425 -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41148 - data/CVE
Author: jmm Date: 2016-04-25 12:46:01 + (Mon, 25 Apr 2016) New Revision: 41148 Modified: data/CVE/list Log: add references to upstream fixes for harfbuzz Modified: data/CVE/list === --- data/CVE/list 2016-04-25 12:13:36 UTC (rev 41147) +++ data/CVE/list 2016-04-25 12:46:01 UTC (rev 41148) @@ -6042,6 +6042,8 @@ - harfbuzz 1.2.6-1 - chromium-browser 48.0.2564.82-1 NOTE: https://code.google.com/p/chromium/issues/detail?id=544270 + NOTE: https://cgit.freedesktop.org/harfbuzz/commit/?id=63ef0b41dc48d6112d1918c1b1de9de8ea90adb5 + NOTE: https://cgit.freedesktop.org/harfbuzz/commit/?id=613e630617074eb9b62b794cc37c9b42a7fb079b TODO: check stable/oldstable CVE-2016-2051 (Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, ...) - libv8 (unimportant) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41147 - data
Author: santiago Date: 2016-04-25 12:13:36 + (Mon, 25 Apr 2016) New Revision: 41147 Modified: data/dla-needed.txt Log: remove curl, currently only no-dsa issues Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-04-25 12:13:34 UTC (rev 41146) +++ data/dla-needed.txt 2016-04-25 12:13:36 UTC (rev 41147) @@ -17,9 +17,6 @@ cakephp NOTE: CVE-2015-8379 No official solution is currently available, 20160425 -- -curl - NOTE: marked as no-dsa as fixes may be too intrusive to backport --- dwarfutils NOTE: 20160123, no CVE assigned yet, no fix availabe yet -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41146 - data
Author: santiago Date: 2016-04-25 12:13:34 + (Mon, 25 Apr 2016) New Revision: 41146 Modified: data/dla-needed.txt Log: Note about CVE-2015-8379/cakephp Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-04-25 12:13:33 UTC (rev 41145) +++ data/dla-needed.txt 2016-04-25 12:13:34 UTC (rev 41146) @@ -12,10 +12,10 @@ asterisk (Thorsten Alteholz) -- cacti - NOTE: CVE-2016-3659 doesn't have a fix yet, 20160425 (santiago) + NOTE: CVE-2016-3659 doesn't have a fix yet, 20160425 -- cakephp - NOTE: 20160123, No official solution is currently available. + NOTE: CVE-2015-8379 No official solution is currently available, 20160425 -- curl NOTE: marked as no-dsa as fixes may be too intrusive to backport ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41145 - data
Author: santiago Date: 2016-04-25 12:13:33 + (Mon, 25 Apr 2016) New Revision: 41145 Modified: data/dla-needed.txt Log: dla-needed: note about CVE-2016-3659/cacti Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-04-25 11:37:38 UTC (rev 41144) +++ data/dla-needed.txt 2016-04-25 12:13:33 UTC (rev 41145) @@ -12,7 +12,7 @@ asterisk (Thorsten Alteholz) -- cacti - NOTE: Issue being disputed, check https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814353#10 + NOTE: CVE-2016-3659 doesn't have a fix yet, 20160425 (santiago) -- cakephp NOTE: 20160123, No official solution is currently available. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41144 - data
Author: alteholz
Date: 2016-04-25 11:37:38 + (Mon, 25 Apr 2016)
New Revision: 41144
Modified:
data/dla-needed.txt
data/dsa-needed.txt
Log:
move some packages to dla-needed
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-25 10:37:02 UTC (rev 41143)
+++ data/dla-needed.txt 2016-04-25 11:37:38 UTC (rev 41144)
@@ -9,6 +9,8 @@
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
+asterisk (Thorsten Alteholz)
+--
cacti
NOTE: Issue being disputed, check
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814353#10
--
@@ -21,6 +23,8 @@
dwarfutils
NOTE: 20160123, no CVE assigned yet, no fix availabe yet
--
+extplorer (Thorsten Alteholz)
+--
graphicsmagick
NOTE: CVE-2016-231{8,9} don't have upstream fixes but we crash on the
exploits
--
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-04-25 10:37:02 UTC (rev 41143)
+++ data/dsa-needed.txt 2016-04-25 11:37:38 UTC (rev 41144)
@@ -19,9 +19,6 @@
--
botan1.10 (Markus Koschany)
--
-extplorer/oldstable (Thorsten Alteholz)
- NOTE: .debdiff sent to the Security Team, waiting for feedback
---
gosa/oldstable (Mike Gabriel)
NOTE: .debdiff sent to the Security Team, waiting for feedback
NOTE: asked about jessie status (seb)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41143 - data/CVE
Author: carnil Date: 2016-04-25 10:37:02 + (Mon, 25 Apr 2016) New Revision: 41143 Modified: data/CVE/list Log: Update status for CVE-2015-7510/systemd Modified: data/CVE/list === --- data/CVE/list 2016-04-25 10:32:00 UTC (rev 41142) +++ data/CVE/list 2016-04-25 10:37:02 UTC (rev 41143) @@ -15669,10 +15669,11 @@ NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=88e1358962e902ff1cbec8d53ba3eee46407851a (master) CVE-2015-7510 [Stack overflow in nss-mymachines] RESERVED - - systemd - NOTE: https://github.com/keszybz/systemd/commit/cb31827d62066a04b02111df3052949fda4b6888 + - systemd 229-1 + [jessie] - systemd (Vulnerable code introduced later, v223) + [wheezy] - systemd (Vulnerable code introduced later, v223) + NOTE: https://github.com/systemd/systemd/commit/cb31827d62066a04b02111df3052949fda4b6888 (v229) NOTE: https://github.com/systemd/systemd/issues/2002 - TODO: check CVE-2015-7509 (fs/ext4/namei.c in the Linux kernel before 3.7 allows physically ...) - linux 3.8-1~experimental.1 [wheezy] - linux 3.2.68-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41142 - data/CVE
Author: carnil Date: 2016-04-25 10:32:00 + (Mon, 25 Apr 2016) New Revision: 41142 Modified: data/CVE/list Log: CVE-2016-0721/pcs fixed Modified: data/CVE/list === --- data/CVE/list 2016-04-25 10:30:05 UTC (rev 41141) +++ data/CVE/list 2016-04-25 10:32:00 UTC (rev 41142) @@ -10448,11 +10448,10 @@ REJECTED CVE-2016-0721 [cookies are not invalidated upon logout] RESERVED - - pcs - NOTE: https://github.com/feist/pcs/commit/bc6ad9086857559db57f4e3e6de66762291c0774 - NOTE: https://github.com/feist/pcs/commit/e9b28833d54a47ec441f6dbad0db96e1fc662a5b - NOTE: https://github.com/feist/pcs/commit/acdbbe8307e6f4a36b2c7754765e732e43fe8d17 - TODO: check + - pcs 0.9.149-1 + NOTE: https://github.com/feist/pcs/commit/bc6ad9086857559db57f4e3e6de66762291c0774 (0.9.149) + NOTE: https://github.com/feist/pcs/commit/e9b28833d54a47ec441f6dbad0db96e1fc662a5b (0.9.149) + NOTE: https://github.com/feist/pcs/commit/acdbbe8307e6f4a36b2c7754765e732e43fe8d17 (0.9.149) CVE-2016-0720 [Cross-Site Request Forgery in web UI] RESERVED - pcs 0.9.149-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41141 - data/CVE
Author: carnil Date: 2016-04-25 10:30:05 + (Mon, 25 Apr 2016) New Revision: 41141 Modified: data/CVE/list Log: CVE-2016-0720 fixed with 0.9.149 Modified: data/CVE/list === --- data/CVE/list 2016-04-25 09:38:02 UTC (rev 41140) +++ data/CVE/list 2016-04-25 10:30:05 UTC (rev 41141) @@ -10455,11 +10455,10 @@ TODO: check CVE-2016-0720 [Cross-Site Request Forgery in web UI] RESERVED - - pcs - NOTE: https://github.com/feist/pcs/commit/3360ecd318f7631bf5826d99a20bf4b29d86dc9c - NOTE: https://github.com/feist/pcs/commit/d49435de20f71bd0816c42b445ed484dd21fbe96 - NOTE: https://github.com/feist/pcs/commit/b9e7f061788c3b86a0c67d2d4158f067ec5eb625 - TODO: check + - pcs 0.9.149-1 + NOTE: https://github.com/feist/pcs/commit/3360ecd318f7631bf5826d99a20bf4b29d86dc9c (0.9.149) + NOTE: https://github.com/feist/pcs/commit/d49435de20f71bd0816c42b445ed484dd21fbe96 (0.9.149) + NOTE: https://github.com/feist/pcs/commit/b9e7f061788c3b86a0c67d2d4158f067ec5eb625 (0.9.149) CVE-2016-0719 RESERVED CVE-2016-0718 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41140 - data/CVE
Author: jmm Date: 2016-04-25 09:38:02 + (Mon, 25 Apr 2016) New Revision: 41140 Modified: data/CVE/list Log: harfbuzz fixed Modified: data/CVE/list === --- data/CVE/list 2016-04-25 09:34:20 UTC (rev 41139) +++ data/CVE/list 2016-04-25 09:38:02 UTC (rev 41140) @@ -6039,10 +6039,10 @@ - xymon 4.3.25-1 NOTE: http://lists.xymon.com/pipermail/xymon/2016-February/042986.html CVE-2016-2052 (Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used ...) - - harfbuzz - - chromium-browser + - harfbuzz 1.2.6-1 + - chromium-browser 48.0.2564.82-1 NOTE: https://code.google.com/p/chromium/issues/detail?id=544270 - TODO: check + TODO: check stable/oldstable CVE-2016-2051 (Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, ...) - libv8 (unimportant) NOTE: libv8 not covered by security support ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41139 - data/DSA
Author: jmm
Date: 2016-04-25 09:34:20 + (Mon, 25 Apr 2016)
New Revision: 41139
Modified:
data/DSA/list
Log:
additional CVE ID for graphite DSA
Modified: data/DSA/list
===
--- data/DSA/list 2016-04-25 09:32:57 UTC (rev 41138)
+++ data/DSA/list 2016-04-25 09:34:20 UTC (rev 41139)
@@ -149,7 +149,7 @@
[wheezy] - wireshark 1.8.2-5wheezy18
[jessie] - wireshark 1.12.1+g01b65bf-4+deb8u5
[13 Mar 2016] DSA-3515-1 graphite2 - security update
- {CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793
CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798
CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802}
+ {CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793
CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798
CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 CVE-2016-1969}
[wheezy] - graphite2 1.3.6-1~deb7u1
[jessie] - graphite2 1.3.6-1~deb8u1
[12 Mar 2016] DSA-3514-1 samba - security update
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41138 - in data: CVE DSA
Author: jmm
Date: 2016-04-25 09:32:57 + (Mon, 25 Apr 2016)
New Revision: 41138
Modified:
data/CVE/list
data/DSA/list
Log:
add CVE ID to older DSA
Modified: data/CVE/list
===
--- data/CVE/list 2016-04-25 08:43:19 UTC (rev 41137)
+++ data/CVE/list 2016-04-25 09:32:57 UTC (rev 41138)
@@ -5698,8 +5698,7 @@
NOT-FOR-US: Red Hat Satellite
CVE-2016-2102
RESERVED
- - tripleo-image-elements
- TODO: check, possibly Red Hat specific
+ - tripleo-image-elements (Configuration not found in
Debian's version)
CVE-2016-2101
RESERVED
CVE-2016-2100
@@ -6320,12 +6319,11 @@
CVE-2016-1970 (Integer underflow in the srtp_unprotect function in the WebRTC
...)
- iceweasel (Windows-specific)
CVE-2016-1969 (The setAttr function in Graphite 2 before 1.3.6, as used in
Mozilla ...)
- - graphite2
+ - graphite2 1.3.6-1
- iceweasel
- firefox 45.0-1
- firefox-esr 45.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-38/
- TODO: check
CVE-2016-1968 (Integer underflow in Brotli, as used in Mozilla Firefox before
45.0, ...)
- iceweasel
- firefox-esr 45.0esr-1
Modified: data/DSA/list
===
--- data/DSA/list 2016-04-25 08:43:19 UTC (rev 41137)
+++ data/DSA/list 2016-04-25 09:32:57 UTC (rev 41138)
@@ -294,7 +294,7 @@
{CVE-2015-7511}
[wheezy] - libgcrypt11 1.5.0-5+deb7u4
[14 Feb 2016] DSA-3477-1 iceweasel - security update
- {CVE-2016-1523 CVE-2016-1526}
+ {CVE-2016-1523 CVE-2016-1526 CVE-2016-1969}
[wheezy] - iceweasel 38.6.1esr-1~deb7u1
[jessie] - iceweasel 38.6.1esr-1~deb8u1
[13 Feb 2016] DSA-3476-1 postgresql-9.4 - security update
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41137 - data/CVE
Author: jmm Date: 2016-04-25 08:43:19 + (Mon, 25 Apr 2016) New Revision: 41137 Modified: data/CVE/list Log: two java issues not in icedtea nvidia-graphics-drivers fixed Modified: data/CVE/list === --- data/CVE/list 2016-04-25 06:09:17 UTC (rev 41136) +++ data/CVE/list 2016-04-25 08:43:19 UTC (rev 41137) @@ -1759,9 +1759,9 @@ CVE-2016-3444 RESERVED CVE-2016-3443 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 ...) - - openjdk-8 - - openjdk-7 - - openjdk-6 + - openjdk-6 (Specific to Oracle Java, not present in IcedTea) + - openjdk-7 (Specific to Oracle Java, not present in IcedTea) + - openjdk-8 (Specific to Oracle Java, not present in IcedTea) CVE-2016-3442 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) TODO: check CVE-2016-3441 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows ...) @@ -1810,9 +1810,9 @@ CVE-2016-3423 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) TODO: check CVE-2016-3422 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 ...) - - openjdk-8 - - openjdk-7 - - openjdk-6 + - openjdk-6 (Specific to Oracle Java, not present in IcedTea) + - openjdk-7 (Specific to Oracle Java, not present in IcedTea) + - openjdk-8 (Specific to Oracle Java, not present in IcedTea) CVE-2016-3421 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) TODO: check CVE-2016-3420 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...) @@ -14427,8 +14427,7 @@ CVE-2015-7870 RESERVED CVE-2015-7869 (Multiple integer overflows in the kernel mode driver for the NVIDIA ...) - [experimental] - nvidia-graphics-drivers 352.63-1 - - nvidia-graphics-drivers (bug #805917) + - nvidia-graphics-drivers 352.63-1 (bug #805917) [jessie] - nvidia-graphics-drivers 340.96-1 [wheezy] - nvidia-graphics-drivers 304.131-1 [squeeze] - nvidia-graphics-drivers (Non-free not supported) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
