[Secure-testing-commits] r41550 - data
Author: carnil Date: 2016-05-09 06:56:58 + (Mon, 09 May 2016) New Revision: 41550 Modified: data/next-point-update.txt Log: Add file for next jessie-pu Modified: data/next-point-update.txt === --- data/next-point-update.txt 2016-05-09 05:41:51 UTC (rev 41549) +++ data/next-point-update.txt 2016-05-09 06:56:58 UTC (rev 41550) @@ -18,3 +18,5 @@ [jessie] - zendframework 1.12.9+dfsg-2+deb8u6 CVE-2016-3995 [jessie] - libcrypto++ 5.6.1-6+deb8u2 +CVE-2015-8865 + [jessie] - file 1:5.22+15-2+deb8u2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41549 - data/CVE
Author: pabs Date: 2016-05-09 05:41:51 + (Mon, 09 May 2016) New Revision: 41549 Modified: data/CVE/list Log: Update status for CVE-2012-5564 Modified: data/CVE/list === --- data/CVE/list 2016-05-09 05:06:13 UTC (rev 41548) +++ data/CVE/list 2016-05-09 05:41:51 UTC (rev 41549) @@ -86905,7 +86905,7 @@ CVE-2012-5564 (android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users ...) - android-tools (bug #688280) [jessie] - android-tools (Minor issue) - - android-platform-system-core + - android-platform-system-core (bug #823792) CVE-2012-5563 (OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not ...) - keystone (Folsom branch not packaged yet) CVE-2012-5562 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41548 - data/CVE
Author: pabs Date: 2016-05-09 05:06:13 + (Mon, 09 May 2016) New Revision: 41548 Modified: data/CVE/list Log: Update info for CVE-2014-1909 Modified: data/CVE/list === --- data/CVE/list 2016-05-09 04:27:32 UTC (rev 41547) +++ data/CVE/list 2016-05-09 05:06:13 UTC (rev 41548) @@ -59626,7 +59626,8 @@ - parcimonie 0.8.1-1 (bug #738134) CVE-2014-1909 (Integer signedness error in system/core/adb/adb_client.c in Android ...) - android-tools 4.2.2+git20130529-5.1 (bug #770513) - - android-platform-system-core + - android-platform-system-core 1:6.0.0+r26-1~stage1 + NOTE: http://www.droidsec.org/advisories/2014/02/04/two-security-issues-found-in-the-android-sdk-tools.html CVE-2014-1896 (The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen ...) - xen 4.4.0-1 [squeeze] - xen (Only affects 4.2 and later) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41547 - data/CVE
Author: carnil
Date: 2016-05-09 04:27:32 + (Mon, 09 May 2016)
New Revision: 41547
Modified:
data/CVE/list
Log:
Add graphicsmagick as affected source package for CVE-2016-371{4,5,6,7,8}
Modified: data/CVE/list
===
--- data/CVE/list 2016-05-09 04:04:40 UTC (rev 41546)
+++ data/CVE/list 2016-05-09 04:27:32 UTC (rev 41547)
@@ -2344,12 +2344,20 @@
RESERVED
CVE-2016-3718 (The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10
and 7.x ...)
- imagemagick
+ - graphicsmagick
+ NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
CVE-2016-3717 (The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before
7.0.1-1 ...)
- imagemagick
+ - graphicsmagick
+ NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
CVE-2016-3716 (The MSL coder in ImageMagick before 6.9.3-10 and 7.x before
7.0.1-1 ...)
- imagemagick
+ - graphicsmagick
+ NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
CVE-2016-3715 (The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x
before ...)
- imagemagick
+ - graphicsmagick
+ NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
CVE-2016-3714 (The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6)
SHOW, ...)
- imagemagick
NOTE: Workaround: https://bugzilla.redhat.com/show_bug.cgi?id=1332492#c3
@@ -2357,6 +2365,8 @@
NOTE: Original upstream applied patches are incomplete and still to be
finished
NOTE: https://imagetragick.com/
NOTE: notice how the workaround differs between the three refs above
+ - graphicsmagick
+ NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
TODO: check if other packages are affected
CVE-2016-3713
RESERVED
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41546 - in data: . CVE
Author: pabs Date: 2016-05-09 04:04:40 + (Mon, 09 May 2016) New Revision: 41546 Modified: data/CVE/list data/embedded-code-copies Log: adb got moved from android-tools to android-platform-system-core Modified: data/CVE/list === --- data/CVE/list 2016-05-08 21:10:12 UTC (rev 41545) +++ data/CVE/list 2016-05-09 04:04:40 UTC (rev 41546) @@ -59616,6 +59616,7 @@ - parcimonie 0.8.1-1 (bug #738134) CVE-2014-1909 (Integer signedness error in system/core/adb/adb_client.c in Android ...) - android-tools 4.2.2+git20130529-5.1 (bug #770513) + - android-platform-system-core CVE-2014-1896 (The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen ...) - xen 4.4.0-1 [squeeze] - xen (Only affects 4.2 and later) @@ -86893,6 +86894,7 @@ CVE-2012-5564 (android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users ...) - android-tools (bug #688280) [jessie] - android-tools (Minor issue) + - android-platform-system-core CVE-2012-5563 (OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not ...) - keystone (Folsom branch not packaged yet) CVE-2012-5562 Modified: data/embedded-code-copies === --- data/embedded-code-copies 2016-05-08 21:10:12 UTC (rev 41545) +++ data/embedded-code-copies 2016-05-09 04:04:40 UTC (rev 41546) @@ -3021,3 +3021,6 @@ lua5.3 - freedroidrpg (embed) + +android-platform-system-core + - android-tools (old-version) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41545 - data/CVE
Author: sectracker
Date: 2016-05-08 21:10:12 + (Sun, 08 May 2016)
New Revision: 41545
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2016-05-08 18:27:54 UTC (rev 41544)
+++ data/CVE/list 2016-05-08 21:10:12 UTC (rev 41545)
@@ -35,6 +35,7 @@
CVE-2016-4545
RESERVED
CVE-2016-4561 [HTML-escape error messages, in one case avoiding potential
cross-site scripting]
+ {DSA-3571-1}
- ikiwiki 3.20160506
NOTE:
http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=32ef584dc5abb6ddb9f794f94ea0b2934967bba7
NOTE: http://www.openwall.com/lists/oss-security/2016/05/06/8
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41544 - data
Author: carnil Date: 2016-05-08 18:27:54 + (Sun, 08 May 2016) New Revision: 41544 Modified: data/dla-needed.txt data/dsa-needed.txt Log: Take websvn Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-08 15:32:02 UTC (rev 41543) +++ data/dla-needed.txt 2016-05-08 18:27:54 UTC (rev 41544) @@ -106,7 +106,7 @@ -- tiff3 -- -websvn +websvn (carnil) carnil> Testpackages: https://people.debian.org/~carnil/tmp/websvn/wheezy/ -- xymon (Chris Lamb) Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-05-08 15:32:02 UTC (rev 41543) +++ data/dsa-needed.txt 2016-05-08 18:27:54 UTC (rev 41544) @@ -66,6 +66,6 @@ -- tomcat8 (Markus Koschany) -- -websvn +websvn (carnil) carnil> Testpackages: https://people.debian.org/~carnil/tmp/websvn/jessie/ -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41543 - data/CVE
Author: carnil Date: 2016-05-08 15:32:02 + (Sun, 08 May 2016) New Revision: 41543 Modified: data/CVE/list Log: Add tmeporary item to follow #823750, but should be split up Modified: data/CVE/list === --- data/CVE/list 2016-05-08 14:45:35 UTC (rev 41542) +++ data/CVE/list 2016-05-08 15:32:02 UTC (rev 41543) @@ -1,3 +1,6 @@ +CVE-2016- [Multiple security problems] + - imagemagick (bug #823750) + NOTE: This really should be split up in individual cases otherwise hard to act on CVE-2016-4567 [XSS] - mediaelement (unimportant; bug #823649) NOTE: https://core.trac.wordpress.org/changeset/37370 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41542 - data
Author: smcv Date: 2016-05-08 14:45:35 + (Sun, 08 May 2016) New Revision: 41542 Modified: data/dla-needed.txt Log: claim ikiwiki Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-08 11:51:32 UTC (rev 41541) +++ data/dla-needed.txt 2016-05-08 14:45:35 UTC (rev 41542) @@ -28,7 +28,7 @@ icu (Roberto C. Sánchez) NOTE: check comments on CVE-2016-0494 as well -- -ikiwiki +ikiwiki (smcv) -- imagemagick NOTE: only minor issues ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41540 - data
Author: carnil Date: 2016-05-08 11:51:30 + (Sun, 08 May 2016) New Revision: 41540 Modified: data/dsa-needed.txt Log: Add test packages for websvn (jessie) Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-05-08 11:27:01 UTC (rev 41539) +++ data/dsa-needed.txt 2016-05-08 11:51:30 UTC (rev 41540) @@ -67,4 +67,5 @@ tomcat8 (Markus Koschany) -- websvn + carnil> Testpackages: https://people.debian.org/~carnil/tmp/websvn/jessie/ -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41541 - data
Author: carnil Date: 2016-05-08 11:51:32 + (Sun, 08 May 2016) New Revision: 41541 Modified: data/dla-needed.txt Log: Add testpackages for websvn for wheezy Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-08 11:51:30 UTC (rev 41540) +++ data/dla-needed.txt 2016-05-08 11:51:32 UTC (rev 41541) @@ -107,6 +107,7 @@ tiff3 -- websvn + carnil> Testpackages: https://people.debian.org/~carnil/tmp/websvn/wheezy/ -- xymon (Chris Lamb) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41539 - in data: . DSA
Author: jmm
Date: 2016-05-08 11:27:01 + (Sun, 08 May 2016)
New Revision: 41539
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
ikiwiki DSA
Modified: data/DSA/list
===
--- data/DSA/list 2016-05-08 05:05:41 UTC (rev 41538)
+++ data/DSA/list 2016-05-08 11:27:01 UTC (rev 41539)
@@ -1,3 +1,6 @@
+[08 May 2016] DSA-3571-1 ikiwiki - security update
+ {CVE-2016-4561}
+ [jessie] - ikiwiki 3.20141016.3
[05 May 2016] DSA-3570-1 mercurial - security update
{CVE-2016-3105}
[jessie] - mercurial 3.1.2-2+deb8u3
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-05-08 05:05:41 UTC (rev 41538)
+++ data/dsa-needed.txt 2016-05-08 11:27:01 UTC (rev 41539)
@@ -25,8 +25,6 @@
--
icu
--
-ikiwiki
---
libidn
Working debdiff for wheezy-security at
https://people.debian.org/~ghedo/libidn_1.25-2+deb7u1.diff
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
