[Secure-testing-commits] r41327 - data/CVE
Author: carnil Date: 2016-05-01 06:35:13 + (Sun, 01 May 2016) New Revision: 41327 Modified: data/CVE/list Log: CVEs for wireshark assigned for older advisories Modified: data/CVE/list === --- data/CVE/list 2016-05-01 05:45:16 UTC (rev 41326) +++ data/CVE/list 2016-05-01 06:35:13 UTC (rev 41327) @@ -4905,49 +4905,49 @@ RESERVED CVE-2016-2534 RESERVED -CVE-2016- [another ASN.1 BER dissector crash] +CVE-2016-4421 [another ASN.1 BER dissector crash] - wireshark 2.0.2+ga16e22e-1 [jessie] - wireshark 1.12.1+g01b65bf-4+deb8u5 [wheezy] - wireshark 1.8.2-5wheezy18 NOTE: https://www.wireshark.org/security/wnpa-sec-2016-18.html NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9 NOTE: Fixed versions: 2.0.2, 1.12.10 -CVE-2016- [NFS dissector crash] +CVE-2016-4420 [NFS dissector crash] - wireshark 2.0.2+ga16e22e-1 [jessie] - wireshark (Vulnerable code not present) [wheezy] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2016-17.html NOTE: Affected versions: 2.0.0 to 2.0.1 NOTE: Fixed versions: 2.0.2 -CVE-2016- [SPICE dissector large loop] +CVE-2016-4419 [SPICE dissector large loop] - wireshark 2.0.2+ga16e22e-1 [jessie] - wireshark (Vulnerable code not present) [wheezy] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2016-16.html NOTE: Affected versions: 2.0.0 to 2.0.1 NOTE: Fixed versions: 2.0.2 -CVE-2016- [ASN.1 BER dissector crash] +CVE-2016-4418 [ASN.1 BER dissector crash] [jessie] - wireshark 1.12.1+g01b65bf-4+deb8u5 [wheezy] - wireshark 1.8.2-5wheezy18 - wireshark 2.0.2+ga16e22e-1 NOTE: https://www.wireshark.org/security/wnpa-sec-2016-15.html NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9 NOTE: Fixed versions: 2.0.2, 1.12.10 -CVE-2016- [GSM A-bis OML dissector crash] +CVE-2016-4417 [GSM A-bis OML dissector crash] [jessie] - wireshark 1.12.1+g01b65bf-4+deb8u5 [wheezy] - wireshark 1.8.2-5wheezy18 - wireshark 2.0.2+ga16e22e-1 NOTE: https://www.wireshark.org/security/wnpa-sec-2016-14.html NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9 NOTE: Fixed versions: 2.0.2, 1.12.10 -CVE-2016- [IEEE 802.11 dissector crash] +CVE-2016-4416 [IEEE 802.11 dissector crash] - wireshark 2.0.2+ga16e22e-1 [jessie] - wireshark (Vulnerable code not present) [wheezy] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2016-13.html NOTE: Affected versions: 2.0.0 to 2.0.1 NOTE: Fixed versions: 2.0.2 -CVE-2016- [Ixia IxVeriWave file parser crash] +CVE-2016-4415 [Ixia IxVeriWave file parser crash] - wireshark 2.0.2+ga16e22e-1 [jessie] - wireshark (Vulnerable code not present) [wheezy] - wireshark (Vulnerable code not present) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41326 - data/CVE
Author: carnil Date: 2016-05-01 05:45:16 + (Sun, 01 May 2016) New Revision: 41326 Modified: data/CVE/list Log: CVE-2016-4414/quassel assigned Modified: data/CVE/list === --- data/CVE/list 2016-05-01 05:44:04 UTC (rev 41325) +++ data/CVE/list 2016-05-01 05:45:16 UTC (rev 41326) @@ -3,12 +3,12 @@ NOTE: Introduced in: https://bazaar.launchpad.net/~ltsp-upstream/ltsp/libpam-sshauth/revision/93/src/pam_sshauth.c NOTE: Fixed in: https://bazaar.launchpad.net/~ltsp-upstream/ltsp/libpam-sshauth/revision/114 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/05/01/2 -CVE-2016- [denial of service] +CVE-2016-4414 [denial of service] - quassel 1:0.12.4-2 NOTE: https://github.com/quassel/quassel/blob/f64ac93/src/core/coreauthhandler.cpp#L100 NOTE: Introduced by: https://github.com/quassel/quassel/commit/d1bf207 (0.10.0) - NOTE: Fixed by: https://github.com/quassel/quassel/commit/e678873 (0.12.4) - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/30/2 + NOTE: Fixed by: https://github.com/quassel/quassel/commit/e67887343c433cc35bc26ad6a9392588f427e746 (0.12.4) + NOTE: http://www.openwall.com/lists/oss-security/2016/04/30/2 CVE-2016-4349 (Untrusted search path vulnerability in Cisco WebEx Productivity Tools ...) NOT-FOR-US: Cisco CVE-2016-4352 [Mplayer/Mencoder integer overflow parsing gif files] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41325 - data/CVE
Author: carnil Date: 2016-05-01 05:44:04 + (Sun, 01 May 2016) New Revision: 41325 Modified: data/CVE/list Log: Update information for libpam-sshauth Modified: data/CVE/list === --- data/CVE/list 2016-05-01 05:30:22 UTC (rev 41324) +++ data/CVE/list 2016-05-01 05:44:04 UTC (rev 41325) @@ -1,5 +1,8 @@ CVE-2016- [local root privilege escalation] - libpam-sshauth 0.4.1-2 + NOTE: Introduced in: https://bazaar.launchpad.net/~ltsp-upstream/ltsp/libpam-sshauth/revision/93/src/pam_sshauth.c + NOTE: Fixed in: https://bazaar.launchpad.net/~ltsp-upstream/ltsp/libpam-sshauth/revision/114 + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/05/01/2 CVE-2016- [denial of service] - quassel 1:0.12.4-2 NOTE: https://github.com/quassel/quassel/blob/f64ac93/src/core/coreauthhandler.cpp#L100 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41324 - data/CVE
Author: carnil Date: 2016-05-01 05:30:22 + (Sun, 01 May 2016) New Revision: 41324 Modified: data/CVE/list Log: Add temporary item for libpam-sshauth Modified: data/CVE/list === --- data/CVE/list 2016-04-30 21:10:16 UTC (rev 41323) +++ data/CVE/list 2016-05-01 05:30:22 UTC (rev 41324) @@ -1,3 +1,5 @@ +CVE-2016- [local root privilege escalation] + - libpam-sshauth 0.4.1-2 CVE-2016- [denial of service] - quassel 1:0.12.4-2 NOTE: https://github.com/quassel/quassel/blob/f64ac93/src/core/coreauthhandler.cpp#L100 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41323 - data/CVE
Author: sectracker
Date: 2016-04-30 21:10:16 + (Sat, 30 Apr 2016)
New Revision: 41323
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2016-04-30 20:54:58 UTC (rev 41322)
+++ data/CVE/list 2016-04-30 21:10:16 UTC (rev 41323)
@@ -3773,6 +3773,7 @@
NOTE: Introduced in 1.11.0, fixed in 1.11.29
CVE-2016-2849 [ECDSA side channel attack]
RESERVED
+ {DLA-449-1}
- botan1.10 (bug #822698)
NOTE: http://botan.randombit.net/security.html
NOTE: Introduced in 1.7.15, fixed in 1.11.29
@@ -6090,11 +6091,13 @@
NOTE: http://botan.randombit.net/security.html
CVE-2016-2195 [Heap overflow on invalid ECC point]
RESERVED
+ {DLA-449-1}
- botan1.10 1.10.12-1
NOTE: Introduced in 1.9.18, fixed in 1.11.27 and 1.10.11
NOTE: http://botan.randombit.net/security.html
CVE-2016-2194 [Infinite loop in modulur square root algorithm]
RESERVED
+ {DLA-449-1}
- botan1.10 1.10.12-1
NOTE: Introduced in 1.7.15, fixed in 1.11.27 and 1.10.11
NOTE: http://botan.randombit.net/security.html
@@ -15322,6 +15325,7 @@
NOT-FOR-US: SAP HANA
CVE-2015-7827 [PKCS #1 v1.5 decoding was not constant time]
RESERVED
+ {DLA-449-1}
- botan1.10 (bug #817932)
NOTE: Fixed in 1.11.22. Affected all previous versions
NOTE: http://botan.randombit.net/security.html
@@ -16032,7 +16036,7 @@
NOTE:
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6ddca835100107e6b5841ce9d56074f6d98c387e
NOTE: gtk+2.0 2.21.5-1 removed the embedded copy of gdk-pixbuf and
build-depends on external gdk-pixbuf
CVE-2015-7674 (Integer overflow in the pixops_scale_nearest function in ...)
- {DSA-3378-1 DLA-434-1}
+ {DSA-3378-1 DLA-450-1 DLA-434-1}
- gdk-pixbuf 2.32.1-1
- gtk+2.0 2.21.5-1
NOTE: http://www.openwall.com/lists/oss-security/2015/10/01/4
@@ -16248,6 +16252,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1288934
NOTE: Related to an incomplete RHEL backport of
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8ac2bde2a4a05c38e2bd733bea94507cb1461e06
CVE-2015-7552 (Heap-based buffer overflow in the gdk_pixbuf_flip function in
...)
+ {DLA-450-1}
- gdk-pixbuf 2.32.0-1
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=958963
NOTE: This was fixed by one of the commits between 2.31.6 and 2.32.0.
@@ -20858,11 +20863,13 @@
RESERVED
CVE-2015-5727 [Excess memory allocation in BER decoder]
RESERVED
+ {DLA-449-1}
- botan1.10 1.10.10-1
NOTE: Fixed in 1.11.19 and 1.10.10, affected all previous versions of
1.10 and 1.11
NOTE: http://botan.randombit.net/security.html
CVE-2015-5726 [Crash in BER decoder]
RESERVED
+ {DLA-449-1}
- botan1.10 1.10.10-1
NOTE: Fixed in 1.11.19 and 1.10.10, affected all previous versions of
1.10 and 1.11
NOTE: http://botan.randombit.net/security.html
@@ -20870,6 +20877,7 @@
RESERVED
CVE-2014-9742 [Insufficient randomness in Miller-Rabin primality check]
RESERVED
+ {DLA-449-1}
- botan1.10 1.10.8-1
NOTE: Introduced in 1.8.3, fixed in 1.10.8 and 1.11.9
NOTE: http://botan.randombit.net/security.html
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41322 - data
Author: benh Date: 2016-04-30 20:54:58 + (Sat, 30 Apr 2016) New Revision: 41322 Modified: data/dla-needed.txt Log: Link to cacti maintainer's message Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-04-30 20:20:43 UTC (rev 41321) +++ data/dla-needed.txt 2016-04-30 20:54:58 UTC (rev 41322) @@ -13,6 +13,7 @@ -- cacti NOTE: CVE-2016-3659 doesn't have a fix yet, 20160425 + NOTE: Maintainer wants to review changes; see https://lists.debian.org/<5724f47d.6090...@debian.org> -- cakephp NOTE: CVE-2015-8379 No official solution is currently available, 20160425 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41321 - data/CVE
Author: micha Date: 2016-04-30 20:20:43 + (Sat, 30 Apr 2016) New Revision: 41321 Modified: data/CVE/list Log: Update information for CVE-2015-7542 Modified: data/CVE/list === --- data/CVE/list 2016-04-30 19:38:35 UTC (rev 41320) +++ data/CVE/list 2016-04-30 20:20:43 UTC (rev 41321) @@ -16314,7 +16314,7 @@ - libgwenhywfar 4.12.0beta-3 (bug #748955; medium) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1272503 NOTE: Debian packaging fix: http://source.lenk.info/git/pkg-libgwenhywfar.git/commitdiff/86dacaae3a233f6ca3b420e0bfdb12eb5ef40b91 - TODO: cherry-pick for wheezy + TODO: The fix should be easy to cherry-picked for a fix in wheezy CVE-2015-7541 (The initialize method in the Histogram class in ...) NOT-FOR-US: colorscore gem for Ruby CVE-2015-7540 (The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41320 - data/CVE
Author: micha Date: 2016-04-30 19:38:35 + (Sat, 30 Apr 2016) New Revision: 41320 Modified: data/CVE/list Log: Update information for CVE-2015-7642 Modified: data/CVE/list === --- data/CVE/list 2016-04-30 19:25:16 UTC (rev 41319) +++ data/CVE/list 2016-04-30 19:38:35 UTC (rev 41320) @@ -16309,10 +16309,12 @@ - kdelibs - arts NOTE: https://quickgit.kde.org/?p=kdelibs.git&a=blobdiff&h=8c0f6401271c495c68e340e06b09239eb755ce5e&hp=45b72f0d5c3421b571e9515497352a0a9942a075&hb=cc5515ed7ce8884c9b18169158ba29ab2f7a3db7&f=kinit%2Flnusertemp.c -CVE-2015-7542 +CVE-2015-7542 [Uses outdated bundled CA certificates] RESERVED - libgwenhywfar 4.12.0beta-3 (bug #748955; medium) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1272503 + NOTE: Debian packaging fix: http://source.lenk.info/git/pkg-libgwenhywfar.git/commitdiff/86dacaae3a233f6ca3b420e0bfdb12eb5ef40b91 + TODO: cherry-pick for wheezy CVE-2015-7541 (The initialize method in the Histogram class in ...) NOT-FOR-US: colorscore gem for Ruby CVE-2015-7540 (The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41318 - data/CVE
Author: micha Date: 2016-04-30 19:23:22 + (Sat, 30 Apr 2016) New Revision: 41318 Modified: data/CVE/list Log: Update information for CVE-2015-7542 Modified: data/CVE/list === --- data/CVE/list 2016-04-30 17:40:59 UTC (rev 41317) +++ data/CVE/list 2016-04-30 19:23:22 UTC (rev 41318) @@ -16311,8 +16311,8 @@ NOTE: https://quickgit.kde.org/?p=kdelibs.git&a=blobdiff&h=8c0f6401271c495c68e340e06b09239eb755ce5e&hp=45b72f0d5c3421b571e9515497352a0a9942a075&hb=cc5515ed7ce8884c9b18169158ba29ab2f7a3db7&f=kinit%2Flnusertemp.c CVE-2015-7542 RESERVED - - libgwenhywfar - TODO: check, possibly Red Hat specific + - libgwenhywfar 4.12.0beta-3 (bug #748955; medium) +NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1272503 CVE-2015-7541 (The initialize method in the Histogram class in ...) NOT-FOR-US: colorscore gem for Ruby CVE-2015-7540 (The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41319 - data/CVE
Author: micha Date: 2016-04-30 19:25:16 + (Sat, 30 Apr 2016) New Revision: 41319 Modified: data/CVE/list Log: Whitespace fixes Modified: data/CVE/list === --- data/CVE/list 2016-04-30 19:23:22 UTC (rev 41318) +++ data/CVE/list 2016-04-30 19:25:16 UTC (rev 41319) @@ -16312,7 +16312,7 @@ CVE-2015-7542 RESERVED - libgwenhywfar 4.12.0beta-3 (bug #748955; medium) -NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1272503 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1272503 CVE-2015-7541 (The initialize method in the Histogram class in ...) NOT-FOR-US: colorscore gem for Ruby CVE-2015-7540 (The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41317 - in data: . DLA
Author: apo
Date: 2016-04-30 17:40:59 + (Sat, 30 Apr 2016)
New Revision: 41317
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-450-1 for gdk-pixbuf
Modified: data/DLA/list
===
--- data/DLA/list 2016-04-30 17:39:11 UTC (rev 41316)
+++ data/DLA/list 2016-04-30 17:40:59 UTC (rev 41317)
@@ -1,3 +1,6 @@
+[30 Apr 2016] DLA-450-1 gdk-pixbuf - security update
+ {CVE-2015-7552 CVE-2015-7674}
+ [wheezy] - gdk-pixbuf 2.26.1-1+deb7u4
[30 Apr 2016] DLA-449-1 botan1.10 - security update
{CVE-2014-9742 CVE-2015-5726 CVE-2015-5727 CVE-2015-7827 CVE-2016-2194
CVE-2016-2195 CVE-2016-2849}
[wheezy] - botan1.10 1.10.5-1+deb7u1
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-30 17:39:11 UTC (rev 41316)
+++ data/dla-needed.txt 2016-04-30 17:40:59 UTC (rev 41317)
@@ -19,8 +19,6 @@
--
extplorer (Thorsten Alteholz)
--
-gdk-pixbuf (Markus Koschany)
---
gosa (Mike Gabriel)
NOTE: .debdiff sent to the Security Team, waiting for feedback
NOTE: asked about jessie status (seb)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41316 - data/CVE
Author: benh Date: 2016-04-30 17:39:11 + (Sat, 30 Apr 2016) New Revision: 41316 Modified: data/CVE/list Log: Mark some linux issues for wheezy due to lack of user namespaces Modified: data/CVE/list === --- data/CVE/list 2016-04-30 16:17:43 UTC (rev 41315) +++ data/CVE/list 2016-04-30 17:39:11 UTC (rev 41316) @@ -2990,6 +2990,7 @@ RESERVED CVE-2016-3156 (The IPv4 implementation in the Linux kernel before 4.5.2 mishandles ...) - linux 4.5.1-1 + [wheezy] - linux (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2016/03/15/3 CVE-2016-3133 RESERVED @@ -3713,6 +3714,7 @@ NOTE: Upstream fix: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&sortby=date&f=h CVE-2016-3134 (The netfilter subsystem in the Linux kernel through 4.5.2 does not ...) - linux 4.5.1-1 + [wheezy] - linux (Minor issue) NOTE: https://code.google.com/p/google-security-research/issues/detail?id=758 NOTE: https://patchwork.ozlabs.org/patch/595575/ NOTE: http://marc.info/?l=netfilter-devel&m=145757134822741&w=2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41315 - data
Author: agx Date: 2016-04-30 16:17:43 + (Sat, 30 Apr 2016) New Revision: 41315 Modified: data/dla-needed.txt Log: Claim pdns Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-04-30 15:51:28 UTC (rev 41314) +++ data/dla-needed.txt 2016-04-30 16:17:43 UTC (rev 41315) @@ -65,7 +65,7 @@ -- openssl -- -pdns +pdns (Guido Günther) -- php5 -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41314 - data
Author: agx Date: 2016-04-30 15:51:28 + (Sat, 30 Apr 2016) New Revision: 41314 Modified: data/dla-needed.txt Log: Claim nss Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-04-30 15:41:19 UTC (rev 41313) +++ data/dla-needed.txt 2016-04-30 15:51:28 UTC (rev 41314) @@ -53,7 +53,7 @@ minissdpd NOTE: debdiff sent by Thorsten Alteholz to the Security Team on 2016-03-28 -- -nss +nss (Guido Günther) -- ntp NOTE: maintainer wants to upload package (as done before) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41313 - data
Author: santiago Date: 2016-04-30 15:41:19 + (Sat, 30 Apr 2016) New Revision: 41313 Modified: data/dla-needed.txt Log: add quagga to dla-needed Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-04-30 15:29:28 UTC (rev 41312) +++ data/dla-needed.txt 2016-04-30 15:41:19 UTC (rev 41313) @@ -75,6 +75,9 @@ policykit-1 NOTE: CVE-2016-2568 doesn't have a fix yet, 20160425 -- +quagga + NOTE: see dsa-needed's notes. +-- samba Samba maintainers are preparing updates for regressions -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41312 - data
Author: santiago Date: 2016-04-30 15:29:28 + (Sat, 30 Apr 2016) New Revision: 41312 Modified: data/dla-needed.txt Log: openafs needs a DLA Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-04-30 14:34:34 UTC (rev 41311) +++ data/dla-needed.txt 2016-04-30 15:29:28 UTC (rev 41312) @@ -59,6 +59,8 @@ NOTE: maintainer wants to upload package (as done before) NOTE: <20160213161710.ga9...@roeckx.be> -- +openafs +-- openjdk-7 (Markus Koschany) -- openssl ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41311 - data/CVE
Author: benh Date: 2016-04-30 14:34:34 + (Sat, 30 Apr 2016) New Revision: 41311 Modified: data/CVE/list Log: Mark CVE-2015-7515 as since it is a minor issue Modified: data/CVE/list === --- data/CVE/list 2016-04-30 14:24:05 UTC (rev 41310) +++ data/CVE/list 2016-04-30 14:34:34 UTC (rev 41311) @@ -16375,6 +16375,8 @@ NOT-FOR-US: Onos CVE-2015-7515 (The aiptek_probe function in drivers/input/tablet/aiptek.c in the ...) - linux 4.4.2-1 + [jessie] - linux (Minor issue) + [wheezy] - linux (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1285326 NOTE: https://os-s.net/advisories/OSS-2016-05_aiptek.pdf NOTE: Upstream commit: https://git.kernel.org/linus/8e20cf2bce122ce9262d6034ee5d5b76fbb92f96 (v4.4-rc6) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41310 - data/CVE
Author: carnil Date: 2016-04-30 14:24:05 + (Sat, 30 Apr 2016) New Revision: 41310 Modified: data/CVE/list Log: Add quassel issue Modified: data/CVE/list === --- data/CVE/list 2016-04-30 14:21:33 UTC (rev 41309) +++ data/CVE/list 2016-04-30 14:24:05 UTC (rev 41310) @@ -1,3 +1,9 @@ +CVE-2016- [denial of service] + - quassel 1:0.12.4-2 + NOTE: https://github.com/quassel/quassel/blob/f64ac93/src/core/coreauthhandler.cpp#L100 + NOTE: Introduced by: https://github.com/quassel/quassel/commit/d1bf207 (0.10.0) + NOTE: Fixed by: https://github.com/quassel/quassel/commit/e678873 (0.12.4) + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/30/2 CVE-2016-4349 (Untrusted search path vulnerability in Cisco WebEx Productivity Tools ...) NOT-FOR-US: Cisco CVE-2016-4352 [Mplayer/Mencoder integer overflow parsing gif files] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41309 - data/CVE
Author: carnil Date: 2016-04-30 14:21:33 + (Sat, 30 Apr 2016) New Revision: 41309 Modified: data/CVE/list Log: CVE-2016-4349 NFU Modified: data/CVE/list === --- data/CVE/list 2016-04-30 14:00:17 UTC (rev 41308) +++ data/CVE/list 2016-04-30 14:21:33 UTC (rev 41309) @@ -1,5 +1,5 @@ CVE-2016-4349 (Untrusted search path vulnerability in Cisco WebEx Productivity Tools ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-4352 [Mplayer/Mencoder integer overflow parsing gif files] - mplayer NOTE: https://trac.mplayerhq.hu/ticket/2295 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41308 - data/CVE
Author: carnil
Date: 2016-04-30 14:00:17 + (Sat, 30 Apr 2016)
New Revision: 41308
Modified:
data/CVE/list
Log:
CVEs for chromium-browser fixed in unstable
Modified: data/CVE/list
===
--- data/CVE/list 2016-04-30 09:56:00 UTC (rev 41307)
+++ data/CVE/list 2016-04-30 14:00:17 UTC (rev 41308)
@@ -7936,33 +7936,33 @@
RESERVED
CVE-2016-1666
RESERVED
- - chromium-browser
+ - chromium-browser 50.0.2661.94-1
[wheezy] - chromium-browser (Not supported in Wheezy)
CVE-2016-1665
RESERVED
- - chromium-browser
+ - chromium-browser 50.0.2661.94-1
[wheezy] - chromium-browser (Not supported in Wheezy)
- libv8 (unimportant)
NOTE: libv8 not covered by security support
CVE-2016-1664
RESERVED
- - chromium-browser
+ - chromium-browser 50.0.2661.94-1
[wheezy] - chromium-browser (Not supported in Wheezy)
CVE-2016-1663
RESERVED
- - chromium-browser
+ - chromium-browser 50.0.2661.94-1
[wheezy] - chromium-browser (Not supported in Wheezy)
CVE-2016-1662
RESERVED
- - chromium-browser
+ - chromium-browser 50.0.2661.94-1
[wheezy] - chromium-browser (Not supported in Wheezy)
CVE-2016-1661
RESERVED
- - chromium-browser
+ - chromium-browser 50.0.2661.94-1
[wheezy] - chromium-browser (Not supported in Wheezy)
CVE-2016-1660
RESERVED
- - chromium-browser
+ - chromium-browser 50.0.2661.94-1
[wheezy] - chromium-browser (Not supported in Wheezy)
CVE-2016-1659 (Multiple unspecified vulnerabilities in Google Chrome before
...)
{DSA-3549-1}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41307 - data/CVE
Author: carnil Date: 2016-04-30 09:56:00 + (Sat, 30 Apr 2016) New Revision: 41307 Modified: data/CVE/list Log: Remove vtun item for now from data/CVE/list Modified: data/CVE/list === --- data/CVE/list 2016-04-30 09:33:56 UTC (rev 41306) +++ data/CVE/list 2016-04-30 09:56:00 UTC (rev 41307) @@ -530,11 +530,6 @@ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2016-04/msg02711.html NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/27/2 TODO: check -CVE-2016- [denial-of-service: high CPU usage after SIGHUP] - - vtun (bug #818489) - [jessie] - vtun (Minor issue) - [wheezy] - vtun (Minor issue) - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/26/1 CVE-2016-4075 RESERVED CVE-2016-4067 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41306 - in data: . DLA
Author: apo
Date: 2016-04-30 09:33:56 + (Sat, 30 Apr 2016)
New Revision: 41306
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-449-1 for botan1.10
Modified: data/DLA/list
===
--- data/DLA/list 2016-04-30 09:10:12 UTC (rev 41305)
+++ data/DLA/list 2016-04-30 09:33:56 UTC (rev 41306)
@@ -1,3 +1,6 @@
+[30 Apr 2016] DLA-449-1 botan1.10 - security update
+ {CVE-2014-9742 CVE-2015-5726 CVE-2015-5727 CVE-2015-7827 CVE-2016-2194
CVE-2016-2195 CVE-2016-2849}
+ [wheezy] - botan1.10 1.10.5-1+deb7u1
[29 Apr 2016] DLA-448-1 subversion - security update
{CVE-2016-2167 CVE-2016-2168}
[wheezy] - subversion 1.6.17dfsg-4+deb7u11
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-30 09:10:12 UTC (rev 41305)
+++ data/dla-needed.txt 2016-04-30 09:33:56 UTC (rev 41306)
@@ -11,8 +11,6 @@
--
asterisk (Thorsten Alteholz)
--
-botan1.10 (Markus Koschany)
---
cacti
NOTE: CVE-2016-3659 doesn't have a fix yet, 20160425
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41305 - data/CVE
Author: sectracker
Date: 2016-04-30 09:10:12 + (Sat, 30 Apr 2016)
New Revision: 41305
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2016-04-30 08:03:40 UTC (rev 41304)
+++ data/CVE/list 2016-04-30 09:10:12 UTC (rev 41305)
@@ -6185,12 +6185,12 @@
RESERVED
CVE-2016-2168
RESERVED
- {DSA-3561-1}
+ {DSA-3561-1 DLA-448-1}
- subversion 1.9.4-1
NOTE: https://subversion.apache.org/security/CVE-2016-2168-advisory.txt
CVE-2016-2167
RESERVED
- {DSA-3561-1}
+ {DSA-3561-1 DLA-448-1}
- subversion 1.9.4-1
NOTE: https://subversion.apache.org/security/CVE-2016-2167-advisory.txt
CVE-2016-2166 (The (1) proton.reactor.Connector, (2) proton.reactor.Container,
and ...)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41304 - data/CVE
Author: carnil Date: 2016-04-30 08:03:40 + (Sat, 30 Apr 2016) New Revision: 41304 Modified: data/CVE/list Log: Add CVE-2016-3711, concludes external check Modified: data/CVE/list === --- data/CVE/list 2016-04-30 03:52:25 UTC (rev 41303) +++ data/CVE/list 2016-04-30 08:03:40 UTC (rev 41304) @@ -1687,8 +1687,11 @@ RESERVED CVE-2016-3712 RESERVED -CVE-2016-3711 +CVE-2016-3711 [Setting cookie containing internal IP address of a pod] RESERVED + - haproxy + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1318796 + TODO: check CVE-2016-3710 RESERVED CVE-2016-3709 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
