[Secure-testing-commits] r41922 - data/CVE
Author: carnil Date: 2016-05-21 05:39:51 + (Sat, 21 May 2016) New Revision: 41922 Modified: data/CVE/list Log: Add fixed version for CVE-2016-4338/zabbix Modified: data/CVE/list === --- data/CVE/list 2016-05-21 05:27:27 UTC (rev 41921) +++ data/CVE/list 2016-05-21 05:39:51 UTC (rev 41922) @@ -1569,7 +1569,7 @@ RESERVED CVE-2016-4338 [zabbix-agent: mysql.size shell command injection] RESERVED - - zabbix (bug #823329) + - zabbix 1:3.0.3+dfsg-1 (bug #823329) [jessie] - zabbix (Minor issue) NOTE: http://seclists.org/bugtraq/2016/May/11 NOTE: https://support.zabbix.com/browse/ZBX-10741 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41921 - data
Author: carnil Date: 2016-05-21 05:27:27 + (Sat, 21 May 2016) New Revision: 41921 Modified: data/embedded-code-copies Log: suricata embedds libhtp Modified: data/embedded-code-copies === --- data/embedded-code-copies 2016-05-21 04:59:10 UTC (rev 41920) +++ data/embedded-code-copies 2016-05-21 05:27:27 UTC (rev 41921) @@ -3028,3 +3028,7 @@ android-platform-system-core - android-tools (old-version) + +libhtp + - suricata (embed) + NOTE: See #772551 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41920 - data/CVE
Author: carnil Date: 2016-05-21 04:59:10 + (Sat, 21 May 2016) New Revision: 41920 Modified: data/CVE/list Log: libhtp removed from the archive Modified: data/CVE/list === --- data/CVE/list 2016-05-20 21:10:11 UTC (rev 41919) +++ data/CVE/list 2016-05-21 04:59:10 UTC (rev 41920) @@ -33748,7 +33748,7 @@ [squeeze] - suricata (Minor issue) NOTE: https://github.com/inliniac/suricata/commit/89017d0b03bf715a3f4e11b612c6c7a23549304a CVE-2015- [http uri parsing issue] - - libhtp (bug #783007) + - libhtp (bug #783007) [squeeze] - libhtp (Minor issue) NOTE: if libhtp gets updated to 0.5.17 in sid, it will conflict with suricata which ships the library too (see #783005) [wheezy] - libhtp (Unusable in wheezy, planned for removal) @@ -35600,7 +35600,7 @@ [squeeze] - lame (Minor issue) NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/12/8 CVE-2015- [denial of service under memory stress] - - libhtp (bug #777522) + - libhtp (bug #777522) [squeeze] - libhtp (Minor issue) [wheezy] - libhtp (Minor issue) NOTE: https://github.com/inliniac/libhtp/commit/c7c03843cd6b1cbf44eb435d160ba53aec948828 @@ -39490,7 +39490,7 @@ CVE-2014-9432 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Serendipity CVE-2014- [denial of service with specific packets] - - libhtp (bug #774897) + - libhtp (bug #774897) [wheezy] - libhtp (Minor issue) [squeeze] - libhtp (Minor issue) NOTE: https://redmine.openinfosecfoundation.org/issues/1272 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41919 - data/CVE
Author: sectracker Date: 2016-05-20 21:10:11 + (Fri, 20 May 2016) New Revision: 41919 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2016-05-20 21:03:37 UTC (rev 41918) +++ data/CVE/list 2016-05-20 21:10:11 UTC (rev 41919) @@ -2574,8 +2574,7 @@ - imlib2 1.4.8-1 (bug #785369) NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8 NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/6 -CVE-2016-4070 [Integer overflow in php_raw_url_encode] - RESERVED +CVE-2016-4070 (** DISPUTED ** Integer overflow in the php_raw_url_encode function in ...) {DSA-3560-1} - php7.0 7.0.5-1 - php5 5.6.20+dfsg-1 @@ -2583,8 +2582,7 @@ NOTE: https://bugs.php.net/bug.php?id=71798 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=95433e8e339dbb6b5d5541473c1661db6ba2c451 NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7 -CVE-2016-4071 [Format string vulnerability in php_snmp_error()] - RESERVED +CVE-2016-4071 (Format string vulnerability in the php_snmp_error function in ...) {DSA-3560-1} - php7.0 7.0.5-1 - php5 5.6.20+dfsg-1 @@ -2592,8 +2590,7 @@ NOTE: https://bugs.php.net/bug.php?id=71704 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=6e25966544fb1d2f3d7596e060ce9c9269bbdcf8 NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7 -CVE-2016-4072 [Invalid memory write in phar on filename containing \0 inside name] - RESERVED +CVE-2016-4072 (The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x ...) {DSA-3560-1} - php7.0 7.0.5-1 - php5 5.6.20+dfsg-1 @@ -2602,8 +2599,7 @@ NOTE: https://gist.github.com/smalyshev/80b5c2909832872f2ba2 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=1e9b175204e3286d64dfd6c9f09151c31b5e099a NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7 -CVE-2016-4073 [Negative size parameter in memcpy] - RESERVED +CVE-2016-4073 (Multiple integer overflows in the mbfl_strcut function in ...) {DSA-3560-1} - php7.0 7.0.5-1 - php5 5.6.20+dfsg-1 @@ -2729,8 +2725,7 @@ - tiff3 (unimportant) NOTE: src:tiff3: built binary packages do not contain the TIFF tools NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2545 -CVE-2015-8865 [Buffer over-write in finfo_open with malformed magic file] - RESERVED +CVE-2015-8865 (The file_check_mem function in funcs.c in file before 5.23, as used in ...) {DSA-3560-1 DLA-460-1} - php7.0 7.0.5-1 - php5 5.6.20+dfsg-1 @@ -9156,146 +9151,146 @@ RESERVED CVE-2016-1860 RESERVED -CVE-2016-1859 - RESERVED -CVE-2016-1858 - RESERVED -CVE-2016-1857 - RESERVED -CVE-2016-1856 - RESERVED -CVE-2016-1855 - RESERVED -CVE-2016-1854 - RESERVED -CVE-2016-1853 - RESERVED -CVE-2016-1852 - RESERVED -CVE-2016-1851 - RESERVED -CVE-2016-1850 - RESERVED -CVE-2016-1849 - RESERVED -CVE-2016-1848 - RESERVED -CVE-2016-1847 - RESERVED -CVE-2016-1846 - RESERVED +CVE-2016-1859 (The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari ...) + TODO: check +CVE-2016-1858 (WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and ...) + TODO: check +CVE-2016-1857 (WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and ...) + TODO: check +CVE-2016-1856 (WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and ...) + TODO: check +CVE-2016-1855 (WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and ...) + TODO: check +CVE-2016-1854 (WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and ...) + TODO: check +CVE-2016-1853 (Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain ...) + TODO: check +CVE-2016-1852 (Siri in Apple iOS before 9.3.2 does not block data detectors within ...) + TODO: check +CVE-2016-1851 (The Screen Lock feature in Apple OS X before 10.11.5 mishandles ...) + TODO: check +CVE-2016-1850 (SceneKit in Apple OS X before 10.11.5 allows remote attackers to ...) + TODO: check +CVE-2016-1849 (The Clear History and Website Data feature in Apple Safari before ...) + TODO: check +CVE-2016-1848 (QuickTime in Apple OS X before 10.11.5 allows remote attackers to ...) + TODO: check +CVE-2016-1847 (OpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...) + TODO: check +CVE-2016-1846 (The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 ...) + TODO: check CVE-2016-1845 RESERVED -CVE-2016-1844 - RESERVED -CVE-2016-1843 - RESERVED -CVE-2016-1842 - RESERVED -CVE-2016-1841 -
[Secure-testing-commits] r41918 - data/CVE
Author: apo Date: 2016-05-20 21:03:37 + (Fri, 20 May 2016) New Revision: 41918 Modified: data/CVE/list Log: Add FIX for CVE-2016-2317 Modified: data/CVE/list === --- data/CVE/list 2016-05-20 20:31:52 UTC (rev 41917) +++ data/CVE/list 2016-05-20 21:03:37 UTC (rev 41918) @@ -7357,6 +7357,7 @@ CVE-2016-2317 RESERVED - graphicsmagick (bug #814732) + NOTE: FIX http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/98394eb235a6 TODO: check other versions (newest 1.3.23 is vulnerable according to reporter) CVE-2016-2311 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41916 - data/CVE
Author: carnil Date: 2016-05-20 15:54:35 + (Fri, 20 May 2016) New Revision: 41916 Modified: data/CVE/list Log: Mark CVE-2016-4338 as no-dsa Note for reviewers: decided to mark this as no-dsa, since hopefully in usual zabbix agent configurations only the Zabbix server is configured in the Server variable, and thus the issue exploitable only from server or by spoofing that ip. Modified: data/CVE/list === --- data/CVE/list 2016-05-20 15:53:51 UTC (rev 41915) +++ data/CVE/list 2016-05-20 15:54:35 UTC (rev 41916) @@ -1568,6 +1568,7 @@ CVE-2016-4338 [zabbix-agent: mysql.size shell command injection] RESERVED - zabbix (bug #823329) + [jessie] - zabbix (Minor issue) NOTE: http://seclists.org/bugtraq/2016/May/11 NOTE: https://support.zabbix.com/browse/ZBX-10741 CVE-2016-4337 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41914 - data/CVE
Author: carnil Date: 2016-05-20 14:54:08 + (Fri, 20 May 2016) New Revision: 41914 Modified: data/CVE/list Log: Mark CVE-2015-8366/ufraw as well as no-dsa Modified: data/CVE/list === --- data/CVE/list 2016-05-20 14:44:48 UTC (rev 41913) +++ data/CVE/list 2016-05-20 14:54:08 UTC (rev 41914) @@ -15286,6 +15286,7 @@ [wheezy] - darktable (Vulnerable code not present) [squeeze] - darktable (Vulnerable code not present) - ufraw 0.20-4 (bug #818882) + [jessie] - ufraw (Minor issue) [wheezy] - ufraw (Vulnerable code not present) [squeeze] - ufraw (Vulnerable code not present) - rawtherapee ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41913 - data/CVE
Author: carnil Date: 2016-05-20 14:44:48 + (Fri, 20 May 2016) New Revision: 41913 Modified: data/CVE/list Log: Mark sogo as no-dsa for CVE-2015-5395 Modified: data/CVE/list === --- data/CVE/list 2016-05-20 13:24:27 UTC (rev 41912) +++ data/CVE/list 2016-05-20 14:44:48 UTC (rev 41913) @@ -23760,6 +23760,7 @@ CVE-2015-5395 [CSRF] RESERVED - sogo (bug #796197) + [jessie] - sogo (Fix unfeasable to backport to 2.x) [wheezy] - sogo (not supported in Wheezy LTS) NOTE: https://lists.debian.org/debian-lts/2016/05/msg00197.html NOTE: http://www.openwall.com/lists/oss-security/2015/07/07/10 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41912 - data/CVE
Author: carnil Date: 2016-05-20 13:24:27 + (Fri, 20 May 2016) New Revision: 41912 Modified: data/CVE/list Log: Add bug reference for qemu issues Modified: data/CVE/list === --- data/CVE/list 2016-05-20 10:03:16 UTC (rev 41911) +++ data/CVE/list 2016-05-20 13:24:27 UTC (rev 41912) @@ -1303,13 +1303,13 @@ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337505 CVE-2016-4440 [kvm: vmx: incorrect state update leading to MSR access] RESERVED - - linux + - linux (bug #824856) NOTE: Upstream patch: http://permalink.gmane.org/gmane.comp.emulators.kvm.devel/152191 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337806 NOTE: http://comments.gmane.org/gmane.comp.emulators.kvm.devel/152100 CVE-2016-4439 [scsi: esp: OOB write while writing to 's->cmdbuf' in esp_reg_write] RESERVED - - qemu + - qemu (bug #824856) [jessie] - qemu (Minor issue; can be fixed along with a future DSA) - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03273.html ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41911 - data/CVE
Author: carnil Date: 2016-05-20 10:03:16 + (Fri, 20 May 2016) New Revision: 41911 Modified: data/CVE/list Log: Add upstream commit for CVE-2015-8874 Modified: data/CVE/list === --- data/CVE/list 2016-05-20 09:58:44 UTC (rev 41910) +++ data/CVE/list 2016-05-20 10:03:16 UTC (rev 41911) @@ -299,6 +299,7 @@ CVE-2015-8874 (Stack consumption vulnerability in GD in PHP before 5.6.12 allows ...) {DLA-482-1} - libgd2 (bug #824627) + NOTE: https://github.com/libgd/libgd/commit/38241013cc048af7c03daf6e9a75b4f42bffb200 - php5 5.6.12+dfsg-1 (unimportant) [jessie] - php5 5.6.12+dfsg-0+deb8u1 - php7.0 7.0.0-1 (unimportant) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41910 - data
Author: carnil Date: 2016-05-20 09:58:44 + (Fri, 20 May 2016) New Revision: 41910 Modified: data/dsa-needed.txt Log: Add libgd2 to dsa-needed list Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-05-20 06:52:50 UTC (rev 41909) +++ data/dsa-needed.txt 2016-05-20 09:58:44 UTC (rev 41910) @@ -32,6 +32,9 @@ -- imagemagick (luciano) -- +libgd2 + Maintainer prepared update +-- libxml2 (carnil) NOTE: waiting for libxml2 upstream's blessed patches -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41909 - data/CVE
Author: carnil Date: 2016-05-20 06:52:50 + (Fri, 20 May 2016) New Revision: 41909 Modified: data/CVE/list Log: Add CVE-2016-4440 Modified: data/CVE/list === --- data/CVE/list 2016-05-20 06:10:31 UTC (rev 41908) +++ data/CVE/list 2016-05-20 06:52:50 UTC (rev 41909) @@ -1300,8 +1300,12 @@ - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03274.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337505 -CVE-2016-4440 +CVE-2016-4440 [kvm: vmx: incorrect state update leading to MSR access] RESERVED + - linux + NOTE: Upstream patch: http://permalink.gmane.org/gmane.comp.emulators.kvm.devel/152191 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337806 + NOTE: http://comments.gmane.org/gmane.comp.emulators.kvm.devel/152100 CVE-2016-4439 [scsi: esp: OOB write while writing to 's->cmdbuf' in esp_reg_write] RESERVED - qemu ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41908 - data/CVE
Author: carnil Date: 2016-05-20 06:10:31 + (Fri, 20 May 2016) New Revision: 41908 Modified: data/CVE/list Log: Mark CVE-2016-3738 as NFU Modified: data/CVE/list === --- data/CVE/list 2016-05-20 06:09:28 UTC (rev 41907) +++ data/CVE/list 2016-05-20 06:10:31 UTC (rev 41908) @@ -3172,6 +3172,7 @@ NOTE: Source-wise fixed in 7.49.0 CVE-2016-3738 RESERVED + NOT-FOR-US: OpenShift Enterprise CVE-2016-3737 RESERVED NOT-FOR-US: Red Hat / JBoss Operations Network server ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41907 - data/CVE
Author: carnil Date: 2016-05-20 06:09:28 + (Fri, 20 May 2016) New Revision: 41907 Modified: data/CVE/list Log: CVE-2016-3703, NFU Modified: data/CVE/list === --- data/CVE/list 2016-05-20 06:02:04 UTC (rev 41906) +++ data/CVE/list 2016-05-20 06:09:28 UTC (rev 41907) @@ -3318,6 +3318,7 @@ NOT-FOR-US: Pulp (Red Hat) CVE-2016-3703 RESERVED + NOT-FOR-US: OpenShift CVE-2016-3702 RESERVED NOT-FOR-US: Red Hat CloudForms Management Engine ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41906 - data/CVE
Author: carnil Date: 2016-05-20 06:02:04 + (Fri, 20 May 2016) New Revision: 41906 Modified: data/CVE/list Log: Remove one older entry without CVE assignment for ruby-omniauth Modified: data/CVE/list === --- data/CVE/list 2016-05-20 06:00:22 UTC (rev 41905) +++ data/CVE/list 2016-05-20 06:02:04 UTC (rev 41906) @@ -27627,10 +27627,6 @@ NOTE: hwclock is not installed suid in Debian NOTE: https://github.com/karelzak/util-linux/commit/687cc5d58942b24a9f4013c68876d8cbea907ab1 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/26/10 -CVE-2015- [Cross-Site Request Forgery] - - ruby-omniauth - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/26/11 - NOTE: Discussion in https://github.com/intridea/omniauth/pull/809 CVE-2015-4082 [encrypted backups attack] RESERVED - attic (bug #787435) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41905 - data/CVE
Author: jmm Date: 2016-05-20 06:00:22 + (Fri, 20 May 2016) New Revision: 41905 Modified: data/CVE/list Log: owncloud n/a Modified: data/CVE/list === --- data/CVE/list 2016-05-20 05:56:01 UTC (rev 41904) +++ data/CVE/list 2016-05-20 06:00:22 UTC (rev 41905) @@ -27878,9 +27878,8 @@ CVE-2015-3997 RESERVED CVE-2015-3996 (The default AFSecurityPolicy.validatesDomainName configuration for ...) - - owncloud + - owncloud (iOS-specific) NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-012 - TODO: check CVE-2015-3995 (SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote ...) NOT-FOR-US: SAP HANA DB CVE-2015-3994 (The grant.xsfunc application in testApps/grantAccess/ in the XS Engine ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits