date:20160517

[Secure-testing-commits] r41833 - data/CVE

2016-05-17 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-05-18 06:26:14 + (Wed, 18 May 2016)
New Revision: 41833

Modified:
   data/CVE/list
Log:
Add bug reference for CVE-2015-8874

Modified: data/CVE/list
===
--- data/CVE/list   2016-05-18 06:24:57 UTC (rev 41832)
+++ data/CVE/list   2016-05-18 06:26:14 UTC (rev 41833)
@@ -18,7 +18,7 @@
 CVE-2016-4800
RESERVED
 CVE-2015-8874 (Stack consumption vulnerability in GD in PHP before 5.6.12 
allows ...)
-   - libgd2 
+   - libgd2  (bug #824627)
- php5 5.6.12+dfsg-1 (unimportant)
[jessie] - php5 5.6.12+dfsg-0+deb8u1
- php7.0 7.0.0-1 (unimportant)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41832 - data/CVE

2016-05-17 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-05-18 06:24:57 + (Wed, 18 May 2016)
New Revision: 41832

Modified:
   data/CVE/list
Log:
Add CVE-2016-3739

Modified: data/CVE/list
===
--- data/CVE/list   2016-05-18 06:18:14 UTC (rev 41831)
+++ data/CVE/list   2016-05-18 06:24:57 UTC (rev 41832)
@@ -2869,6 +2869,9 @@
RESERVED
 CVE-2016-3739
RESERVED
+   - curl  (unimportant)
+   NOTE: only relevant when built with mbedTLS/PolarSSL
+   NOTE: Source-wise fixed in 7.49.0
 CVE-2016-3738
RESERVED
 CVE-2016-3737


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41831 - data/CVE

2016-05-17 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-05-18 06:18:14 + (Wed, 18 May 2016)
New Revision: 41831

Modified:
   data/CVE/list
Log:
Add CVE-2016-2803

Modified: data/CVE/list
===
--- data/CVE/list   2016-05-18 06:16:01 UTC (rev 41830)
+++ data/CVE/list   2016-05-18 06:18:14 UTC (rev 41831)
@@ -5336,6 +5336,8 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/
 CVE-2016-2803
RESERVED
+   - bugzilla4  (bug #669643)
+   - bugzilla 
 CVE-2016-2802 (The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in 
...)
{DSA-3520-1 DSA-3515-1 DSA-3510-1}
- iceweasel 


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41830 - data/CVE

2016-05-17 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-05-18 06:16:01 + (Wed, 18 May 2016)
New Revision: 41830

Modified:
   data/CVE/list
Log:
Update CVE-2015-4116/php5

Modified: data/CVE/list
===
--- data/CVE/list   2016-05-18 05:45:35 UTC (rev 41829)
+++ data/CVE/list   2016-05-18 06:16:01 UTC (rev 41830)
@@ -27166,7 +27166,10 @@
 CVE-2015-4117
RESERVED
 CVE-2015-4116 (Use-after-free vulnerability in the spl_ptr_heap_insert 
function in ...)
-   TODO: check
+   - php5 5.6.11+dfsg-1
+   [jessie] - php5 5.6.12+dfsg-0+deb8u1
+   NOTE: https://bugs.php.net/bug.php?id=69737
+   NOTE: Fixed in 5.6.11, 5.5.27
 CVE-2015-4115
RESERVED
 CVE-2015-4114


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41829 - data/CVE

2016-05-17 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-05-18 05:45:35 + (Wed, 18 May 2016)
New Revision: 41829

Modified:
   data/CVE/list
Log:
Update CVE-2015-8874/libgd2

Modified: data/CVE/list
===
--- data/CVE/list   2016-05-18 05:07:20 UTC (rev 41828)
+++ data/CVE/list   2016-05-18 05:45:35 UTC (rev 41829)
@@ -18,14 +18,13 @@
 CVE-2016-4800
RESERVED
 CVE-2015-8874 (Stack consumption vulnerability in GD in PHP before 5.6.12 
allows ...)
-   - libgd2 
+   - libgd2 
- php5 5.6.12+dfsg-1 (unimportant)
[jessie] - php5 5.6.12+dfsg-0+deb8u1
- php7.0 7.0.0-1 (unimportant)
NOTE: PHP bug: https://bugs.php.net/bug.php?id=66387
NOTE: Fixed in 5.6.12, 7.0.0
NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
-   TODO: check libgd2
 CVE-2015-8873 (Stack consumption vulnerability in Zend/zend_exceptions.c in 
PHP ...)
- php5 5.6.12+dfsg-1
[jessie] - php5 5.6.12+dfsg-0+deb8u1


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41828 - data/CVE

2016-05-17 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-05-18 05:07:20 + (Wed, 18 May 2016)
New Revision: 41828

Modified:
   data/CVE/list
Log:
Add CVE-2016-4313

Modified: data/CVE/list
===
--- data/CVE/list   2016-05-18 04:32:47 UTC (rev 41827)
+++ data/CVE/list   2016-05-18 05:07:20 UTC (rev 41828)
@@ -1320,6 +1320,7 @@
RESERVED
 CVE-2016-4313
RESERVED
+   - extplorer 
 CVE-2016-4312
RESERVED
 CVE-2016-4311


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41827 - in data: . DSA

2016-05-17 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-05-18 04:32:47 + (Wed, 18 May 2016)
New Revision: 41827

Modified:
   data/DSA/list
   data/dsa-needed.txt
Log:
Reserve DSA number for expat update

Modified: data/DSA/list
===
--- data/DSA/list   2016-05-18 04:31:52 UTC (rev 41826)
+++ data/DSA/list   2016-05-18 04:32:47 UTC (rev 41827)
@@ -1,3 +1,6 @@
+[18 May 2016] DSA-3582-1 expat - security update
+   {CVE-2016-0718}
+   [jessie] - expat 2.1.0-6+deb8u2
 [17 May 2016] DSA-3581-1 libndp - security update
{CVE-2016-3698}
[jessie] - libndp 1.4-2+deb8u1

Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-05-18 04:31:52 UTC (rev 41826)
+++ data/dsa-needed.txt 2016-05-18 04:32:47 UTC (rev 41827)
@@ -18,8 +18,6 @@
 --
 chromium-browser
 --
-expat (carnil)
---
 gdk-pixbuf (carnil)
   NOTE: Markus Koschany shared information about the same he prepared for 
wheezy
   NOTE: Waiting for http://www.openwall.com/lists/oss-security/2016/05/12/3


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41826 - data

2016-05-17 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-05-18 04:31:52 + (Wed, 18 May 2016)
New Revision: 41826

Modified:
   data/dsa-needed.txt
Log:
Take expat

Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-05-18 04:16:28 UTC (rev 41825)
+++ data/dsa-needed.txt 2016-05-18 04:31:52 UTC (rev 41826)
@@ -18,7 +18,7 @@
 --
 chromium-browser
 --
-expat
+expat (carnil)
 --
 gdk-pixbuf (carnil)
   NOTE: Markus Koschany shared information about the same he prepared for 
wheezy


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41825 - data/CVE

2016-05-17 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-05-18 04:16:28 + (Wed, 18 May 2016)
New Revision: 41825

Modified:
   data/CVE/list
Log:
Add CVE-2016-4911

Modified: data/CVE/list
===
--- data/CVE/list   2016-05-18 04:09:42 UTC (rev 41824)
+++ data/CVE/list   2016-05-18 04:16:28 UTC (rev 41825)
@@ -1,3 +1,6 @@
+CVE-2016-4911
+   - keystone 
+   NOTE: https://launchpad.net/bugs/1577558
 CVE-2016-4809
RESERVED
 CVE-2016-4808


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41824 - data

2016-05-17 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-05-18 04:09:42 + (Wed, 18 May 2016)
New Revision: 41824

Modified:
   data/dsa-needed.txt
Log:
Add expat to dsa-needed list

Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-05-18 04:09:36 UTC (rev 41823)
+++ data/dsa-needed.txt 2016-05-18 04:09:42 UTC (rev 41824)
@@ -18,6 +18,8 @@
 --
 chromium-browser
 --
+expat
+--
 gdk-pixbuf (carnil)
   NOTE: Markus Koschany shared information about the same he prepared for 
wheezy
   NOTE: Waiting for http://www.openwall.com/lists/oss-security/2016/05/12/3


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41823 - data/CVE

2016-05-17 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-05-18 04:09:36 + (Wed, 18 May 2016)
New Revision: 41823

Modified:
   data/CVE/list
Log:
Add CVE-2016-0718/expat

Modified: data/CVE/list
===
--- data/CVE/list   2016-05-17 23:31:52 UTC (rev 41822)
+++ data/CVE/list   2016-05-18 04:09:36 UTC (rev 41823)
@@ -12564,6 +12564,7 @@
RESERVED
 CVE-2016-0718
RESERVED
+   - expat 
 CVE-2016-0717
REJECTED
 CVE-2016-0716


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41822 - data

2016-05-17 Thread Brian May

Author: bam
Date: 2016-05-17 23:31:52 + (Tue, 17 May 2016)
New Revision: 41822

Modified:
   data/dla-needed.txt
Log:
Claim imagemagick


Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-17 22:37:22 UTC (rev 41821)
+++ data/dla-needed.txt 2016-05-17 23:31:52 UTC (rev 41822)
@@ -36,7 +36,7 @@
 icu (Roberto C. Sánchez)
   NOTE: check comments on CVE-2016-0494 as well
 --
-imagemagick
+imagemagick (Brian May)
   NOTE: several high profile vulnerabilities
 --
 libjackson-json-java


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41821 - data/DLA

2016-05-17 Thread Brian May

Author: bam
Date: 2016-05-17 22:37:22 + (Tue, 17 May 2016)
New Revision: 41821

Modified:
   data/DLA/list
Log:
Reserve DLA-479-1 for xen

Modified: data/DLA/list
===
--- data/DLA/list   2016-05-17 21:27:26 UTC (rev 41820)
+++ data/DLA/list   2016-05-17 22:37:22 UTC (rev 41821)
@@ -1,3 +1,6 @@
+[18 May 2016] DLA-479-1 xen - security update
+   {CVE-2015-2752 CVE-2015-2756 CVE-2015-5165 CVE-2015-5307 CVE-2015-7969 
CVE-2015-7970 CVE-2015-7971 CVE-2015-7972 CVE-2015-8104 CVE-2015-8339 
CVE-2015-8340 CVE-2015-8550 CVE-2015-8554 CVE-2015-8555 CVE-2015-8615 
CVE-2016-1570 CVE-2016-1571 CVE-2016-2270 CVE-2016-2271}
+   [wheezy] - xen 4.1.6.1-1+deb7u1
 [16 May 2016] DLA-478-1 squid3 - security update
{CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4554 
CVE-2016-4555 CVE-2016-4556}
[wheezy] - squid3 3.1.20-2.2+deb7u5


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41820 - data

2016-05-17 Thread Ola Lundqvist

Author: opal
Date: 2016-05-17 21:27:26 + (Tue, 17 May 2016)
New Revision: 41820

Modified:
   data/dla-needed.txt
Log:
Added a note for sogo.

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-17 21:10:12 UTC (rev 41819)
+++ data/dla-needed.txt 2016-05-17 21:27:26 UTC (rev 41820)
@@ -109,6 +109,7 @@
   Samba maintainers are preparing updates for regressions
 --
 sogo
+  NOTE: Solved in 3.1.0 according to upstream. Sid has 2.2.17 so far.
 --
 squid
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41819 - data/CVE

2016-05-17 Thread security tracker role

Author: sectracker
Date: 2016-05-17 21:10:12 + (Tue, 17 May 2016)
New Revision: 41819

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2016-05-17 20:31:34 UTC (rev 41818)
+++ data/CVE/list   2016-05-17 21:10:12 UTC (rev 41819)
@@ -1,3 +1,5 @@
+CVE-2016-4809
+   RESERVED
 CVE-2016-4808
RESERVED
 CVE-2016-4807
@@ -3031,6 +3033,7 @@
RESERVED
 CVE-2016-3698 [denial of service due to insufficient validation of source of 
NDP messages]
RESERVED
+   {DSA-3581-1}
- libndp 1.6-1 (bug #824545)
NOTE: 
https://github.com/jpirko/libndp/commit/a4892df306e0532487f1634ba6d4c6d4bb381c7f
NOTE: 
https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d4029115839
@@ -32522,7 +32525,7 @@
NOTE: https://bugs.php.net/bug.php?id=69207
 CVE-2015-2347 (Cross-site scripting (XSS) vulnerability in Huawei SEQ Analyst 
before ...)
NOT-FOR-US: Huawei SEQ Analyst
-CVE-2015-2346 (XML external entity (XXE) in Huawei SEQ Analyst before ...)
+CVE-2015-2346 (XML external entity (XXE) vulnerability in Huawei SEQ Analyst 
before ...)
NOT-FOR-US: Huawei
 CVE-2015-2345
RESERVED


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41818 - data/CVE

2016-05-17 Thread Antoine Beaupré

Author: anarcat
Date: 2016-05-17 20:31:34 + (Tue, 17 May 2016)
New Revision: 41818

Modified:
   data/CVE/list
Log:
Summary: mark openjdk-6 issues as EOL


Modified: data/CVE/list
===
--- data/CVE/list   2016-05-17 20:05:23 UTC (rev 41817)
+++ data/CVE/list   2016-05-17 20:31:34 UTC (rev 41818)
@@ -3701,16 +3701,19 @@
- openjdk-8 8u91-b14-1
- openjdk-7 
- openjdk-6 
+   [wheezy] - openjdk-6  (Not supported in Wheezy LTS)
 CVE-2016-3426 (Unspecified vulnerability in Oracle Java SE 8u77 and Java SE 
Embedded ...)
{DSA-3558-1 DLA-451-1}
- openjdk-8 8u91-b14-1
- openjdk-7 
- openjdk-6 
+   [wheezy] - openjdk-6  (Not supported in Wheezy LTS)
 CVE-2016-3425 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 
8u77; ...)
{DSA-3558-1 DLA-451-1}
- openjdk-8 8u91-b14-1
- openjdk-7 
- openjdk-6 
+   [wheezy] - openjdk-6  (Not supported in Wheezy LTS)
 CVE-2016-3424
RESERVED
 CVE-2016-3423 (Unspecified vulnerability in the PeopleSoft Enterprise 
PeopleTools ...)
@@ -12867,6 +12870,7 @@
- openjdk-8 8u91-b14-1
- openjdk-7 
- openjdk-6 
+   [wheezy] - openjdk-6  (Not supported in Wheezy LTS)
 CVE-2016-0694 (Unspecified vulnerability in the DataStore component in Oracle 
...)
NOT-FOR-US: Oracle Berkeley DB (later closed source releases)
 CVE-2016-0693 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 
allows ...)
@@ -12886,11 +12890,13 @@
- openjdk-8 8u91-b14-1
- openjdk-7 
- openjdk-6 
+   [wheezy] - openjdk-6  (Not supported in Wheezy LTS)
 CVE-2016-0686 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 
8u77 and ...)
{DSA-3558-1 DLA-451-1}
- openjdk-8 8u91-b14-1
- openjdk-7 
- openjdk-6 
+   [wheezy] - openjdk-6  (Not supported in Wheezy LTS)
 CVE-2016-0685 (Unspecified vulnerability in the PeopleSoft Enterprise 
PeopleTools ...)
TODO: check
 CVE-2016-0684 (Unspecified vulnerability in the Oracle Retail MICROS ARS POS 
...)
@@ -13087,6 +13093,7 @@
[experimental] - openjdk-7 7u95-2.6.4-3
- openjdk-7 
- openjdk-6 
+   [wheezy] - openjdk-6  (Not supported in Wheezy LTS)
NOTE: 
http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html
NOTE: 
https://blogs.oracle.com/security/entry/security_alert_cve_2016_0636
NOTE: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/c44179bce874


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41817 - data/CVE

2016-05-17 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-05-17 20:05:23 + (Tue, 17 May 2016)
New Revision: 41817

Modified:
   data/CVE/list
Log:
libndp fixed in unstable

Modified: data/CVE/list
===
--- data/CVE/list   2016-05-17 19:36:58 UTC (rev 41816)
+++ data/CVE/list   2016-05-17 20:05:23 UTC (rev 41817)
@@ -3031,7 +3031,7 @@
RESERVED
 CVE-2016-3698 [denial of service due to insufficient validation of source of 
NDP messages]
RESERVED
-   - libndp  (bug #824545)
+   - libndp 1.6-1 (bug #824545)
NOTE: 
https://github.com/jpirko/libndp/commit/a4892df306e0532487f1634ba6d4c6d4bb381c7f
NOTE: 
https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d4029115839
 CVE-2016-3697 [privilege escalation via confusion of usernames and UIDs]


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41816 - data/CVE

2016-05-17 Thread Markus Koschany

Author: apo
Date: 2016-05-17 19:36:58 + (Tue, 17 May 2016)
New Revision: 41816

Modified:
   data/CVE/list
Log:
Mark xymon CVE-2016-2057 as not-affected


Modified: data/CVE/list
===
--- data/CVE/list   2016-05-17 19:21:36 UTC (rev 41815)
+++ data/CVE/list   2016-05-17 19:36:58 UTC (rev 41816)
@@ -8047,6 +8047,7 @@
 CVE-2016-2057 (lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 
use ...)
{DSA-3495-1}
- xymon 4.3.25-1
+   [wheezy] - xymon  (vulnerable code not present)
NOTE: http://lists.xymon.com/pipermail/xymon/2016-February/042986.html
 CVE-2016-2056 (xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow 
remote ...)
{DSA-3495-1}


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41815 - data/CVE

2016-05-17 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-05-17 19:21:36 + (Tue, 17 May 2016)
New Revision: 41815

Modified:
   data/CVE/list
Log:
Mark remaining dotclear issue as no-dsa

Modified: data/CVE/list
===
--- data/CVE/list   2016-05-17 19:18:03 UTC (rev 41814)
+++ data/CVE/list   2016-05-17 19:21:36 UTC (rev 41815)
@@ -1064,6 +1064,7 @@
NOTE: 
https://github.com/mm2/Little-CMS/commit/fefaaa43c382eee632ea3ad0cfa915335140e1db#diff-189a94f0a7a47efdd43f5567e27a973b
 CVE-2016- [XSS]
- dotclear 
+   [jessie] - dotclear  (Minor issue)
NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/05/04/9
 CVE-2016-4482 [information leak in devio]
RESERVED


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41814 - data

2016-05-17 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-05-17 19:18:03 + (Tue, 17 May 2016)
New Revision: 41814

Modified:
   data/next-point-update.txt
Log:
Add some CVEs for libksba update

Modified: data/next-point-update.txt
===
--- data/next-point-update.txt  2016-05-17 19:16:20 UTC (rev 41813)
+++ data/next-point-update.txt  2016-05-17 19:18:03 UTC (rev 41814)
@@ -20,3 +20,13 @@
[jessie] - libcrypto++ 5.6.1-6+deb8u2
 CVE-2015-8865
[jessie] - file 1:5.22+15-2+deb8u2
+CVE-2016-4353
+   [jessie] - libksba 1.3.2-1+deb8u1
+CVE-2016-4354
+   [jessie] - libksba 1.3.2-1+deb8u1
+CVE-2016-4355
+   [jessie] - libksba 1.3.2-1+deb8u1
+CVE-2016-4356
+   [jessie] - libksba 1.3.2-1+deb8u1
+CVE-2016-4579
+   [jessie] - libksba 1.3.2-1+deb8u1


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41813 - org

2016-05-17 Thread Guido Guenther

Author: agx
Date: 2016-05-17 19:16:20 + (Tue, 17 May 2016)
New Revision: 41813

Modified:
   org/lts-frontdesk.2016.txt
Log:
Add myself to front desk duties for August

Modified: org/lts-frontdesk.2016.txt
===
--- org/lts-frontdesk.2016.txt  2016-05-17 18:01:52 UTC (rev 41812)
+++ org/lts-frontdesk.2016.txt  2016-05-17 19:16:20 UTC (rev 41813)
@@ -42,7 +42,7 @@
 From 18-07 to 24-07:
 From 25-07 to 31-07:
 From 01-08 to 07-08:
-From 08-08 to 14-08:
+From 08-08 to 14-08:Guido Günther 
 From 15-08 to 21-08:
 From 22-08 to 28-08:Ben Hutchings 
 From 29-08 to 04-09:


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41812 - data

2016-05-17 Thread Thorsten Alteholz

Author: alteholz
Date: 2016-05-17 18:01:52 + (Tue, 17 May 2016)
New Revision: 41812

Modified:
   data/dla-needed.txt
Log:
no need to mention CVEs here

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-17 17:11:39 UTC (rev 41811)
+++ data/dla-needed.txt 2016-05-17 18:01:52 UTC (rev 41812)
@@ -10,7 +10,6 @@
 
 --
 asterisk (Thorsten Alteholz)
- NOTE: CVE-2014-2287 and CVE-2014-2287 still pending?
 --
 bozohttpd
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41811 - data/CVE

2016-05-17 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-05-17 17:11:39 + (Tue, 17 May 2016)
New Revision: 41811

Modified:
   data/CVE/list
Log:
Remove todo item for CVE-2015-7552

Modified: data/CVE/list
===
--- data/CVE/list   2016-05-17 17:06:53 UTC (rev 41810)
+++ data/CVE/list   2016-05-17 17:11:39 UTC (rev 41811)
@@ -17636,7 +17636,6 @@
- gdk-pixbuf 2.32.0-1
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=958963
NOTE: This was fixed by one of the commits between 2.31.6 and 2.32.0.
-   TODO: check versions, confirmed on jessie
 CVE-2015-7551 (The Fiddle::Handle implementation in ext/fiddle/handle.c in 
Ruby ...)
- ruby1.9.1 
[wheezy] - ruby1.9.1  (Minor issue)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41810 - in data: CVE DLA

2016-05-17 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-05-17 17:06:53 + (Tue, 17 May 2016)
New Revision: 41810

Modified:
   data/CVE/list
   data/DLA/list
Log:
Add CVE-2015-8875 for DLA-450-1/gdk-pixbuf

Modified: data/CVE/list
===
--- data/CVE/list   2016-05-17 17:04:35 UTC (rev 41809)
+++ data/CVE/list   2016-05-17 17:06:53 UTC (rev 41810)
@@ -17407,8 +17407,8 @@
NOTE: 
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6ddca835100107e6b5841ce9d56074f6d98c387e
NOTE: gtk+2.0 2.21.5-1 removed the embedded copy of gdk-pixbuf and 
build-depends on external gdk-pixbuf
 CVE-2015-8875 [Integer overlows in pixops_* functions]
+   {DLA-450-1}
- gdk-pixbuf 2.34.0-1
-   [wheezy] - gdk-pixbuf 2.26.1-1+deb7u4
NOTE: Fixed by: 
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=dbfe8f70471864818bf458a39c8a99640895bd22
 (2.33.1)
NOTE: http://www.openwall.com/lists/oss-security/2016/05/12/3
 CVE-2015-7674 (Integer overflow in the pixops_scale_nearest function in ...)

Modified: data/DLA/list
===
--- data/DLA/list   2016-05-17 17:04:35 UTC (rev 41809)
+++ data/DLA/list   2016-05-17 17:06:53 UTC (rev 41810)
@@ -83,7 +83,7 @@
{CVE-2016-0636 CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425 
CVE-2016-3426 CVE-2016-3427}
[wheezy] - openjdk-7 7u101-2.6.6-2~deb7u1
 [30 Apr 2016] DLA-450-1 gdk-pixbuf - security update
-   {CVE-2015-7552 CVE-2015-7674}
+   {CVE-2015-7552 CVE-2015-8875 CVE-2015-7674}
[wheezy] - gdk-pixbuf 2.26.1-1+deb7u4
 [30 Apr 2016] DLA-449-1 botan1.10 - security update
{CVE-2014-9742 CVE-2015-5726 CVE-2015-5727 CVE-2015-7827 CVE-2016-2194 
CVE-2016-2195 CVE-2016-2849}


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41809 - data/CVE

2016-05-17 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-05-17 17:04:35 + (Tue, 17 May 2016)
New Revision: 41809

Modified:
   data/CVE/list
Log:
CVE-2015-8875/gdk-pixbuf assigned

Modified: data/CVE/list
===
--- data/CVE/list   2016-05-17 17:03:08 UTC (rev 41808)
+++ data/CVE/list   2016-05-17 17:04:35 UTC (rev 41809)
@@ -17406,11 +17406,11 @@
NOTE: 
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=edf6fb8d856574bc3bb3a703037f56533229267c
NOTE: 
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6ddca835100107e6b5841ce9d56074f6d98c387e
NOTE: gtk+2.0 2.21.5-1 removed the embedded copy of gdk-pixbuf and 
build-depends on external gdk-pixbuf
-CVE-2015- [Integer overlows in pixops_* functions]
+CVE-2015-8875 [Integer overlows in pixops_* functions]
- gdk-pixbuf 2.34.0-1
[wheezy] - gdk-pixbuf 2.26.1-1+deb7u4
NOTE: Fixed by: 
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=dbfe8f70471864818bf458a39c8a99640895bd22
 (2.33.1)
-   NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/05/12/3
+   NOTE: http://www.openwall.com/lists/oss-security/2016/05/12/3
 CVE-2015-7674 (Integer overflow in the pixops_scale_nearest function in ...)
{DSA-3378-1 DLA-450-1 DLA-434-1}
- gdk-pixbuf 2.32.1-1


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41808 - data/CVE

2016-05-17 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-05-17 17:03:08 + (Tue, 17 May 2016)
New Revision: 41808

Modified:
   data/CVE/list
Log:
Adjust entries for xen

Modified: data/CVE/list
===
--- data/CVE/list   2016-05-17 16:13:46 UTC (rev 41807)
+++ data/CVE/list   2016-05-17 17:03:08 UTC (rev 41808)
@@ -2976,9 +2976,9 @@
[wheezy] - qemu  (Not supported in Wheezy LTS)
- qemu-kvm 
[wheezy] - qemu-kvm  (Not supported in Wheezy LTS)
-   - xen 
-   [jessie] - xen  (default configuration not vulnerable)
+   - xen 4.4.0-1
[wheezy] - xen  (default configuration not vulnerable)
+   NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://xenbits.xen.org/xsa/advisory-179.html
NOTE: mitigation: run HVM in stubdomains, PV, default video card not 
vulnerable, i386-only
 CVE-2016-3711 [Setting cookie containing internal IP address of a pod]
@@ -2990,9 +2990,9 @@
[wheezy] - qemu  (Not supported in Wheezy LTS)
- qemu-kvm 
[wheezy] - qemu-kvm  (Not supported in Wheezy LTS)
-   - xen 
-   [jessie] - xen  (default configuration not vulnerable)
+   - xen 4.4.0-1
[wheezy] - xen  (default configuration not vulnerable)
+   NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://xenbits.xen.org/xsa/advisory-179.html
NOTE: mitigation: run HVM in stubdomains, PV, default video card not 
vulnerable, i386-only
 CVE-2016-3709


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41807 - data/CVE

2016-05-17 Thread Antoine Beaupré

Author: anarcat
Date: 2016-05-17 16:13:46 + (Tue, 17 May 2016)
New Revision: 41807

Modified:
   data/CVE/list
Log:
xen was affected by two more CVEs, but mark no-dsa because it's
non-default config


Modified: data/CVE/list
===
--- data/CVE/list   2016-05-17 15:46:23 UTC (rev 41806)
+++ data/CVE/list   2016-05-17 16:13:46 UTC (rev 41807)
@@ -2976,7 +2976,11 @@
[wheezy] - qemu  (Not supported in Wheezy LTS)
- qemu-kvm 
[wheezy] - qemu-kvm  (Not supported in Wheezy LTS)
+   - xen 
+   [jessie] - xen  (default configuration not vulnerable)
+   [wheezy] - xen  (default configuration not vulnerable)
NOTE: http://xenbits.xen.org/xsa/advisory-179.html
+   NOTE: mitigation: run HVM in stubdomains, PV, default video card not 
vulnerable, i386-only
 CVE-2016-3711 [Setting cookie containing internal IP address of a pod]
RESERVED
NOT-FOR-US: OpenShift
@@ -2986,7 +2990,11 @@
[wheezy] - qemu  (Not supported in Wheezy LTS)
- qemu-kvm 
[wheezy] - qemu-kvm  (Not supported in Wheezy LTS)
+   - xen 
+   [jessie] - xen  (default configuration not vulnerable)
+   [wheezy] - xen  (default configuration not vulnerable)
NOTE: http://xenbits.xen.org/xsa/advisory-179.html
+   NOTE: mitigation: run HVM in stubdomains, PV, default video card not 
vulnerable, i386-only
 CVE-2016-3709
RESERVED
 CVE-2016-3708


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41806 - data

2016-05-17 Thread Antoine Beaupré

Author: anarcat
Date: 2016-05-17 15:46:23 + (Tue, 17 May 2016)
New Revision: 41806

Modified:
   data/dla-needed.txt
Log:
Summary: add mediawiki to DLA-needed


Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-17 15:43:51 UTC (rev 41805)
+++ data/dla-needed.txt 2016-05-17 15:46:23 UTC (rev 41806)
@@ -57,6 +57,8 @@
 --
 linux
 --
+mediawiki
+--
 mxml
 --
 nss (Guido Günther)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41805 - data/CVE

2016-05-17 Thread Antoine Beaupré

Author: anarcat
Date: 2016-05-17 15:43:51 + (Tue, 17 May 2016)
New Revision: 41805

Modified:
   data/CVE/list
Log:
revert r41743: mediawiki *is* supported in wheezy

Modified: data/CVE/list
===
--- data/CVE/list   2016-05-17 15:36:44 UTC (rev 41804)
+++ data/CVE/list   2016-05-17 15:43:51 UTC (rev 41805)
@@ -31131,61 +31131,51 @@
 CVE-2015-2931 (Incomplete blacklist vulnerability in 
includes/upload/UploadBase.php ...)
- mediawiki 1:1.19.20+dfsg-2.3
[squeeze] - mediawiki  (Not supported in Squeeze LTS)
-   [wheezy] - mediawiki  (Not supported in Wheezy LTS)
NOTE: 
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
 CVE-2015-2932 (Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 
1.2x ...)
- mediawiki 1:1.19.20+dfsg-2.3
[squeeze] - mediawiki  (Not supported in Squeeze LTS)
-   [wheezy] - mediawiki  (Not supported in Wheezy LTS)
NOTE: 
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
 CVE-2015-2933 (Cross-site scripting (XSS) vulnerability in the Html class in 
...)
- mediawiki 1:1.19.20+dfsg-2.3
[squeeze] - mediawiki  (Not supported in Squeeze LTS)
-   [wheezy] - mediawiki  (Not supported in Wheezy LTS)
NOTE: 
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
 CVE-2015-2934 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 
1.24.2 ...)
- mediawiki 1:1.19.20+dfsg-2.3
[squeeze] - mediawiki  (Not supported in Squeeze LTS)
-   [wheezy] - mediawiki  (Not supported in Wheezy LTS)
NOTE: 
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
 CVE-2015-2935 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 
1.24.2 ...)
- mediawiki 1:1.19.20+dfsg-2.3
[squeeze] - mediawiki  (Not supported in Squeeze LTS)
-   [wheezy] - mediawiki  (Not supported in Wheezy LTS)
NOTE: 
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
 CVE-2015-2936 (MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password 
...)
- mediawiki 1:1.19.20+dfsg-2.3
[squeeze] - mediawiki  (Not supported in Squeeze LTS)
-   [wheezy] - mediawiki  (Not supported in Wheezy LTS)
NOTE: 
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
 CVE-2015-2937 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 
...)
- mediawiki 1:1.19.20+dfsg-2.3
[squeeze] - mediawiki  (Not supported in Squeeze LTS)
-   [wheezy] - mediawiki  (Not supported in Wheezy LTS)
NOTE: 
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
 CVE-2015-2938 (Cross-site scripting (XSS) vulnerability in MediaWiki before 
1.19.24, ...)
- mediawiki 1:1.19.20+dfsg-2.3
[squeeze] - mediawiki  (Not supported in Squeeze LTS)
-   [wheezy] - mediawiki  (Not supported in Wheezy LTS)
NOTE: 
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
 CVE-2015-2939 (Cross-site scripting (XSS) vulnerability in the Scribunto 
extension ...)
- mediawiki 1:1.19.20+dfsg-2.3
[squeeze] - mediawiki  (Not supported in Squeeze LTS)
-   [wheezy] - mediawiki  (Not supported in Wheezy LTS)
NOTE: 
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
 CVE-2015-2940 (Cross-site request forgery (CSRF) vulnerability in the 
CheckUser ...)
- mediawiki 1:1.19.20+dfsg-2.3
[squeeze] - mediawiki  (Not supported in Squeeze LTS)
-   [wheezy] - mediawiki  (Not supported in Wheezy LTS)
NOTE: 
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
 CVE-2015-2941 (Cross-site scripting (XSS) vulnerability in MediaWiki before 
1.19.24, ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41804 - data

2016-05-17 Thread Antoine Beaupré

Author: anarcat
Date: 2016-05-17 15:36:44 + (Tue, 17 May 2016)
New Revision: 41804

Modified:
   data/dla-needed.txt
Log:
try to clarify situation with asterisk


Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-17 14:30:44 UTC (rev 41803)
+++ data/dla-needed.txt 2016-05-17 15:36:44 UTC (rev 41804)
@@ -10,6 +10,7 @@
 
 --
 asterisk (Thorsten Alteholz)
+ NOTE: CVE-2014-2287 and CVE-2014-2287 still pending?
 --
 bozohttpd
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41803 - data

2016-05-17 Thread Steffen Möller

Author: moeller
Date: 2016-05-17 14:30:44 + (Tue, 17 May 2016)
New Revision: 41803

Modified:
   data/dla-needed.txt
Log:
Claim wireshark in dla-needed.txt

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-17 14:18:09 UTC (rev 41802)
+++ data/dla-needed.txt 2016-05-17 14:30:44 UTC (rev 41803)
@@ -120,7 +120,7 @@
 --
 tiff3
 --
-wireshark
+wireshark (moeller)
 --
 x11vnc
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41802 - data/CVE

2016-05-17 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-05-17 14:18:09 + (Tue, 17 May 2016)
New Revision: 41802

Modified:
   data/CVE/list
Log:
Add CVE-2016-4480/xen

Modified: data/CVE/list
===
--- data/CVE/list   2016-05-17 13:22:59 UTC (rev 41801)
+++ data/CVE/list   2016-05-17 14:18:09 UTC (rev 41802)
@@ -935,8 +935,10 @@
RESERVED
 CVE-2016-4481
RESERVED
-CVE-2016-4480
+CVE-2016-4480 [x86 software guest page walk PS bit handling flaw]
RESERVED
+   - xen 
+   NOTE: http://xenbits.xen.org/xsa/advisory-176.html
 CVE-2016-4479
RESERVED
 CVE-2016-4475


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41801 - data

2016-05-17 Thread Santiago Ruano Rincón

Author: santiago
Date: 2016-05-17 13:22:59 + (Tue, 17 May 2016)
New Revision: 41801

Modified:
   data/dla-needed.txt
Log:
claim eglibc in data/dla-needed.txt

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-17 13:06:13 UTC (rev 41800)
+++ data/dla-needed.txt 2016-05-17 13:22:59 UTC (rev 41801)
@@ -22,7 +22,7 @@
 --
 dhcpcd5
 --
-eglibc
+eglibc (Santiago R.R.)
 --
 extplorer (Thorsten Alteholz)
   NOTE: package for testing uploaded


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41800 - data

2016-05-17 Thread Paul Wise

Author: pabs
Date: 2016-05-17 13:06:13 + (Tue, 17 May 2016)
New Revision: 41800

Modified:
   data/embedded-code-copies
Log:
icdiff is a fork of the Python difflib

Suggested-by: Sascha Steinbiss 
Suggested-in: <0631beae-19fc-455c-b555-4cead4627...@steinbiss.name>

Modified: data/embedded-code-copies
===
--- data/embedded-code-copies   2016-05-17 13:05:58 UTC (rev 41799)
+++ data/embedded-code-copies   2016-05-17 13:06:13 UTC (rev 41800)
@@ -1600,6 +1600,8 @@
- sphinx  (embed; bug #609485)
NOTE: embeds only lib2to3.pgen2 in sphinx.pycode.pygen2
- vegastrike-data  (embed; bug #555630)
+   - icdiff  (fork)
+NOTE: core functionality based on Python difflib code with changed 
output format
 
 argparse
- twill  (embed; bug #555347)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41799 - data

2016-05-17 Thread Paul Wise

Author: pabs
Date: 2016-05-17 13:05:58 + (Tue, 17 May 2016)
New Revision: 41799

Modified:
   data/embedded-code-copies
Log:
Update python versions

Modified: data/embedded-code-copies
===
--- data/embedded-code-copies   2016-05-17 12:33:43 UTC (rev 41798)
+++ data/embedded-code-copies   2016-05-17 13:05:58 UTC (rev 41799)
@@ -1493,8 +1493,10 @@
- sphinx  (embed)
- python-nltk  (embed)
 
-python2.5
-   - python2.4  (old-version)
+python2.7
+   - python2.4  (old-version)
+   - python2.5  (old-version)
+   - python2.6  (old-version)
- jython  (embed)
NOTE: embeds many stdlib modules
- python-django  (embed; bug #555419)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41798 - data/DSA

2016-05-17 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-05-17 12:33:43 + (Tue, 17 May 2016)
New Revision: 41798

Modified:
   data/DSA/list
Log:
Reserve DSA number for libndp

Modified: data/DSA/list
===
--- data/DSA/list   2016-05-17 12:09:43 UTC (rev 41797)
+++ data/DSA/list   2016-05-17 12:33:43 UTC (rev 41798)
@@ -1,3 +1,6 @@
+[17 May 2016] DSA-3581-1 libndp - security update
+   {CVE-2016-3698}
+   [jessie] - libndp 1.4-2+deb8u1
 [16 May 2016] DSA-3580-1 imagemagick - security update
{CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718}
[jessie] - imagemagick 8:6.8.9.9-5+deb8u2


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41797 - data/CVE

2016-05-17 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-05-17 12:09:43 + (Tue, 17 May 2016)
New Revision: 41797

Modified:
   data/CVE/list
Log:
Add note for CVE-2016-2189

Modified: data/CVE/list
===
--- data/CVE/list   2016-05-17 11:11:24 UTC (rev 41796)
+++ data/CVE/list   2016-05-17 12:09:43 UTC (rev 41797)
@@ -7435,6 +7435,7 @@
- moodle 2.7.13+dfsg-1
 CVE-2016-2189
RESERVED
+   NOTE: Will be rejected, duplicate of CVE-2016-4565
 CVE-2016-2188 (The iowarrior_probe function in drivers/usb/misc/iowarrior.c in 
the ...)
- linux 
[jessie] - linux  (Minor issue)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41796 - data/CVE

2016-05-17 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-05-17 11:11:24 + (Tue, 17 May 2016)
New Revision: 41796

Modified:
   data/CVE/list
Log:
Add bug reference for libndp issue, #824545

Modified: data/CVE/list
===
--- data/CVE/list   2016-05-17 10:48:35 UTC (rev 41795)
+++ data/CVE/list   2016-05-17 11:11:24 UTC (rev 41796)
@@ -3018,9 +3018,9 @@
RESERVED
 CVE-2016-3699
RESERVED
-CVE-2016-3698
+CVE-2016-3698 [denial of service due to insufficient validation of source of 
NDP messages]
RESERVED
-   - libndp 
+   - libndp  (bug #824545)
NOTE: 
https://github.com/jpirko/libndp/commit/a4892df306e0532487f1634ba6d4c6d4bb381c7f
NOTE: 
https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d4029115839
 CVE-2016-3697 [privilege escalation via confusion of usernames and UIDs]


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41795 - data/CVE

2016-05-17 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-05-17 10:48:35 + (Tue, 17 May 2016)
New Revision: 41795

Modified:
   data/CVE/list
Log:
Add libndp issue

Modified: data/CVE/list
===
--- data/CVE/list   2016-05-17 10:46:43 UTC (rev 41794)
+++ data/CVE/list   2016-05-17 10:48:35 UTC (rev 41795)
@@ -3020,6 +3020,9 @@
RESERVED
 CVE-2016-3698
RESERVED
+   - libndp 
+   NOTE: 
https://github.com/jpirko/libndp/commit/a4892df306e0532487f1634ba6d4c6d4bb381c7f
+   NOTE: 
https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d4029115839
 CVE-2016-3697 [privilege escalation via confusion of usernames and UIDs]
RESERVED
- docker.io 


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41794 - data

2016-05-17 Thread Paul Wise

Author: pabs
Date: 2016-05-17 10:46:43 + (Tue, 17 May 2016)
New Revision: 41794

Modified:
   data/embedded-code-copies
Log:
The copy of zlib in rsync is modified

Modified: data/embedded-code-copies
===
--- data/embedded-code-copies   2016-05-17 09:21:28 UTC (rev 41793)
+++ data/embedded-code-copies   2016-05-17 10:46:43 UTC (rev 41794)
@@ -117,7 +117,7 @@
 zlib (lots of apps embed a copy, but link dynamically, but there are a few 
exceptions)
- dpkg 1.15.6 (static)
NOTE: see 18196.48620.491996.624...@davenant.relativity.greenend.org.uk 
on debian-devel for discussion
-   - rsync  (embed)
+   - rsync  (modified-embed)
- cherokee  (embed)
NOTE: somehow derived code base
- mono  (embed)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41793 - data/CVE

2016-05-17 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-05-17 09:21:28 + (Tue, 17 May 2016)
New Revision: 41793

Modified:
   data/CVE/list
Log:
Update moodle entries for new assigned CVEs

Modified: data/CVE/list
===
--- data/CVE/list   2016-05-17 06:20:19 UTC (rev 41792)
+++ data/CVE/list   2016-05-17 09:21:28 UTC (rev 41793)
@@ -27,8 +27,6 @@
[wheezy] - php5 5.4.44-0+deb7u1
NOTE: Fixed in 5.6.12, 5.5.28, 5.4.44
NOTE: PHP bug: https://bugs.php.net/bug.php?id=69793
-CVE-2016- [moodle issues fixed in 2.7.14]
-   - moodle 2.7.14+dfsg-1
 CVE-2016-4805 [ppp: take reference on channels netns]
RESERVED
- linux 4.5.2-1
@@ -2874,16 +2872,26 @@
RESERVED
 CVE-2016-3734
RESERVED
+   - moodle 2.7.14+dfsg-1
+   NOTE: 
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755
 CVE-2016-3733
RESERVED
+   - moodle 2.7.14+dfsg-1
+   NOTE: 
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369
 CVE-2016-3732
RESERVED
+   - moodle  (Does only affect 2.8 and newer)
+   NOTE: 
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53589
 CVE-2016-3731
RESERVED
+   - moodle  (Does only affect 2.8 and newer)
+   NOTE: 
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53696
 CVE-2016-3730
RESERVED
 CVE-2016-3729
RESERVED
+   - moodle 2.7.14+dfsg-1
+   NOTE: 
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53954
 CVE-2016-3728
RESERVED
- foreman  (bug #663101)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

41 matches

Mail list logo