[Secure-testing-commits] r42209 - bin
Author: agx
Date: 2016-06-01 06:40:50 + (Wed, 01 Jun 2016)
New Revision: 42209
Modified:
bin/support-ended.py
Log:
bin/support-ended.py: properly format error message
Modified: bin/support-ended.py
===
--- bin/support-ended.py2016-06-01 06:12:23 UTC (rev 42208)
+++ bin/support-ended.py2016-06-01 06:40:50 UTC (rev 42209)
@@ -59,7 +59,7 @@
pattern = "security-support-ended.deb*"
lists = glob.glob(os.path.join(dir, pattern))
if not lists:
-raise Exception("No lists matching %s found in %s", (pattern, dir))
+raise Exception("No lists matching %s found in %s" % (pattern, dir))
end = datetime.datetime.today() + datetime.timedelta(days=days) if days
else None
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42208 - data/CVE
Author: carnil Date: 2016-06-01 06:12:23 + (Wed, 01 Jun 2016) New Revision: 42208 Modified: data/CVE/list Log: Add CVE-2016-4457 Modified: data/CVE/list === --- data/CVE/list 2016-06-01 03:59:54 UTC (rev 42207) +++ data/CVE/list 2016-06-01 06:12:23 UTC (rev 42208) @@ -1881,6 +1881,7 @@ RESERVED CVE-2016-4457 RESERVED + NOT-FOR-US: Red Hat CloudForms CVE-2016-4456 RESERVED CVE-2016-4455 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42207 - data/CVE
Author: mgilbert
Date: 2016-06-01 03:59:54 + (Wed, 01 Jun 2016)
New Revision: 42207
Modified:
data/CVE/list
Log:
nfus
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-01 02:57:12 UTC (rev 42206)
+++ data/CVE/list 2016-06-01 03:59:54 UTC (rev 42207)
@@ -989,9 +989,9 @@
CVE-2010-5326 (The Invoker Servlet on SAP NetWeaver Application Server Java
...)
NOT-FOR-US: SAP
CVE-2016-4785 (The integrated web server in the EN100 Ethernet module before
4.27 on ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2016-4784 (The integrated web server in the EN100 Ethernet module before
4.27 on ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2016-4783 (Cross-site scripting (XSS) vulnerability in Lenovo SHAREit
before ...)
NOT-FOR-US: Lenovo
CVE-2016-4782 (Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows
remote ...)
@@ -1590,7 +1590,7 @@
CVE-2016-4522
RESERVED
CVE-2016-4521 (Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x
before ...)
- TODO: check
+ NOT-FOR-US: Sixnet
CVE-2016-4520
RESERVED
CVE-2016-4519
@@ -1620,17 +1620,17 @@
CVE-2016-4507
RESERVED
CVE-2016-4506 (Cross-site request forgery (CSRF) vulnerability on Resource
Data ...)
- TODO: check
+ NOT-FOR-US: Resource Data Management
CVE-2016-4505 (Resource Data Management (RDM) Intuitive 650 TDB Controller
devices ...)
- TODO: check
+ NOT-FOR-US: Resource Data Management
CVE-2016-4504
RESERVED
CVE-2016-4503
RESERVED
CVE-2016-4502 (Environmental Systems Corporation (ESC) 8832 Data Controller
3.02 and ...)
- TODO: check
+ NOT-FOR-US: Environmental Systems Corporation
CVE-2016-4501 (Environmental Systems Corporation (ESC) 8832 Data Controller
3.02 and ...)
- TODO: check
+ NOT-FOR-US: Environmental Systems Corporation
CVE-2016-4500
RESERVED
CVE-2016-4499 (Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through
7.x ...)
@@ -2673,7 +2673,7 @@
CVE-2016-4119
RESERVED
CVE-2016-4118 (Untrusted search path vulnerability in the add-in installer in
Adobe ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-4117 (Adobe Flash Player 21.0.0.226 and earlier allows remote
attackers to ...)
NOT-FOR-US: Adobe Flash Player
CVE-2016-4116 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and
...)
@@ -2739,7 +2739,7 @@
- gitlab (bug #823290)
NOTE: https://about.gitlab.com/2016/05/02/cve-2016-4340-patches/
CVE-2016-4087 (Huawei S12700 switches with software before V200R008C00SPC500
and ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2016-4086
RESERVED
CVE-2016-4075
@@ -4050,9 +4050,9 @@
CVE-2016-3682
RESERVED
CVE-2016-3681 (Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL
before ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2016-3680 (Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL
before ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2016-3679 (Multiple unspecified vulnerabilities in Google V8 before
4.9.385.33, ...)
- libv8 (unimportant)
NOTE: libv8 not covered by security support
@@ -4096,7 +4096,7 @@
CVE-2016-3665
RESERVED
CVE-2016-3664 (Trend Micro Mobile Security for iOS before 3.2.1188 does not
verify ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2016-3663
RESERVED
CVE-2016-3662
@@ -4219,7 +4219,7 @@
CVE-2016-3629
RESERVED
CVE-2016-3628 (Buffer overflow in tibemsd in the server in TIBCO Enterprise
Message ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2016-3626
RESERVED
CVE-2016-3625 [Out-of-bounds Read occurred in tif_read.c:545 or tif_read.c:402
or tif_read.c:560 in tiff2bw]
@@ -4669,7 +4669,7 @@
CVE-2016-3429 (Unspecified vulnerability in the Oracle Retail Xstore Point of
Service ...)
NOT-FOR-US: Oracle Retail
CVE-2016-3428 (Unspecified vulnerability in the Oracle Agile Engineering Data
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-3427 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and
8u77; ...)
{DSA-3558-1 DLA-451-1}
- openjdk-8 8u91-b14-1
@@ -5166,9 +5166,9 @@
CVE-2016-3189
RESERVED
CVE-2016-3188 (The _prepopulate_request_walk function in the Prepopulate
module ...)
- TODO: check
+ NOT-FOR-US: Prepopulate module for Drupal
CVE-2016-3187 (The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows
remote ...)
- TODO: check
+ NOT-FOR-US: Prepopulate module for Drupal
CVE-2016-3186 (Buffer overflow in the readextension function in gif2tiff.c in
LibTIFF ...)
- tiff (bug #819972)
[jessie] - tiff (Minor issue)
@@ -5299,7 +5299,7 @@
CVE-2016-3127
RESERVED
CVE-2016-3126 (Cross-site scripting (XSS) vulnerability in the Management
Console in ...)
- TODO: check
+
[Secure-testing-commits] r42206 - in data: . DSA
Author: mgilbert
Date: 2016-06-01 02:57:12 + (Wed, 01 Jun 2016)
New Revision: 42206
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
chromium dsa
Modified: data/DSA/list
===
--- data/DSA/list 2016-06-01 00:57:08 UTC (rev 42205)
+++ data/DSA/list 2016-06-01 02:57:12 UTC (rev 42206)
@@ -1,3 +1,6 @@
+[01 Jun 2016] DSA-3590-1 chromium-browser - security update
+ {CVE-2016-1667 CVE-2016-1668 CVE-2016-1669 CVE-2016-1670 CVE-2016-1672
CVE-2016-1673 CVE-2016-1674 CVE-2016-1675 CVE-2016-1676 CVE-2016-1677
CVE-2016-1678 CVE-2016-1679 CVE-2016-1680 CVE-2016-1681 CVE-2016-1682
CVE-2016-1683 CVE-2016-1684 CVE-2016-1685 CVE-2016-1686 CVE-2016-1687
CVE-2016-1688 CVE-2016-1689 CVE-2016-1690 CVE-2016-1691 CVE-2016-1692
CVE-2016-1693 CVE-2016-1694 CVE-2016-1695}
+ [jessie] - chromium-browser 51.0.2704.63-1~deb8u1
[30 May 2016] DSA-3589-1 gdk-pixbuf - security update
{CVE-2015-7552 CVE-2015-8875}
[jessie] - gdk-pixbuf 2.31.1-2+deb8u5
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-06-01 00:57:08 UTC (rev 42205)
+++ data/dsa-needed.txt 2016-06-01 02:57:12 UTC (rev 42206)
@@ -14,8 +14,6 @@
--
389-ds-base
--
-chromium-browser
---
graphicsmagick
--
icu
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42205 - in data: . CVE
Author: benh Date: 2016-06-01 00:57:08 + (Wed, 01 Jun 2016) New Revision: 42205 Modified: data/CVE/list data/dla-needed.txt Log: Triage new issues for wheezy; add links to bug reports and fixes where available Modified: data/CVE/list === --- data/CVE/list 2016-06-01 00:06:26 UTC (rev 42204) +++ data/CVE/list 2016-06-01 00:57:08 UTC (rev 42205) @@ -39,7 +39,9 @@ CVE-2016-5126 [block: iscsi: buffer overflow in iscsi_aio_ioctl] RESERVED - qemu + [wheezy] - qemu (Vulnerable code not present) - qemu-kvm + [wheezy] - qemu-kvm (Vulnerable code not present) NOTE: https://lists.gnu.org/archive/html/qemu-block/2016-05/msg00779.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1340924 NOTE: http://www.openwall.com/lists/oss-security/2016/05/30/6 @@ -1910,6 +1912,7 @@ CVE-2016-4450 RESERVED - nginx 1.10.1-1 (bug #825960) + [wheezy] - nginx (Introduced in 1.3.9) CVE-2016-4449 RESERVED - libxml2 @@ -8486,6 +8489,8 @@ CVE-2016-2175 RESERVED - libpdfbox-java + NOTE: Fixed on upstream 1.8 branch in https://svn.apache.org/viewvc?view=revision&revision=1739564 + NOTE: Fixed on upstream 2.0 branch in https://svn.apache.org/viewvc?view=revision&revision=1739565 CVE-2016-2174 RESERVED CVE-2016-2173 @@ -10296,11 +10301,13 @@ - libxslt - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not supported in Wheezy) + NOTE: Chromium bug report: https://code.google.com/p/chromium/issues/detail?id=583171 CVE-2016-1683 RESERVED - libxslt - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not supported in Wheezy) + NOTE: Chromium bug report: https://code.google.com/p/chromium/issues/detail?id=583156 CVE-2016-1682 RESERVED - chromium-browser 51.0.2704.63-1 @@ -46047,12 +46054,12 @@ RESERVED CVE-2014-7913 (The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as ...) - dhcpcd5 - NOTE: android's dhcpd is a fork of dhcpcd5, and code very similar to the vulnerable section exists in dhcpcd5, but i didn't have time to check whether it too is vulnerable to the problem - TODO: check + NOTE: Fixed for Android in https://android.googlesource.com/platform/external/dhcpcd/+/73c09dd8067250734511d955d8f792b41c7213f0%5E!/ + NOTE: Fixed on upstream trunk in http://roy.marples.name/projects/dhcpcd/ci/528541c4c619520e?sbs=0 CVE-2014-7912 (The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in ...) - dhcpcd5 - NOTE: android's dhcpd is a fork of dhcpcd5, and code very similar to the vulnerable section exists in dhcpcd5, but i didn't have time to check whether it too is vulnerable to the problem - TODO: check + NOTE: Fixed for Android in https://android.googlesource.com/platform/external/dhcpcd/+/73c09dd8067250734511d955d8f792b41c7213f0%5E!/ + NOTE: Fixed on upstream trunk in http://roy.marples.name/projects/dhcpcd/ci/d71cfd8aa203bffe?sbs=0 CVE-2014-7911 (luni/src/main/java/java/io/ObjectInputStream.java in the ...) NOT-FOR-US: Android CVE-2014-7910 (Multiple unspecified vulnerabilities in Google Chrome before ...) Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-01 00:06:26 UTC (rev 42204) +++ data/dla-needed.txt 2016-06-01 00:57:08 UTC (rev 42205) @@ -18,6 +18,8 @@ cakephp NOTE: CVE-2015-8379 No official solution is currently available, 20160425 -- +dhcpcd5 +-- extplorer NOTE: 20160529, no fix yet -- @@ -34,6 +36,8 @@ -- libjackson-json-java -- +libpdfbox-java +-- libspring-java The JSON/JaF doesn't appear to be present in wheezy but the content-disposition stuff might be. @@ -43,6 +47,8 @@ NOTE: carnil is looking in partially triaging the libxml2 issues as well for wheezy NOTE: and publish preliminary work on https://people.debian.org/~carnil/tmp/libxml2/wheezy -- +libxslt +-- libxstream-java (jmm) Emmanuel Bourg proposed debdiff for both wheezy- and jessie-security waiting an additional to solicit regression feedback from change in sid ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42204 - data/CVE
Author: benh Date: 2016-06-01 00:06:26 + (Wed, 01 Jun 2016) New Revision: 42204 Modified: data/CVE/list Log: Mark various issues affecting wheezy as , matching jessie's status Modified: data/CVE/list === --- data/CVE/list 2016-05-31 23:56:34 UTC (rev 42203) +++ data/CVE/list 2016-06-01 00:06:26 UTC (rev 42204) @@ -52,6 +52,7 @@ CVE-2016- [CSRF protection for POST requests] - postfixadmin (bug #825151) [jessie] - postfixadmin (Minor issue) + [wheezy] - postfixadmin (Minor issue) NOTE: http://seclists.org/fulldisclosure/2016/May/59 NOTE: https://sourceforge.net/p/postfixadmin/bugs/372/ NOTE: Fixed by: https://sourceforge.net/p/postfixadmin/code/1842 @@ -86,6 +87,7 @@ RESERVED - phpmyadmin 4:4.6.2-1 [jessie] - phpmyadmin (Minor issue) + [wheezy] - phpmyadmin (Minor issue) NOTE: https://www.phpmyadmin.net/security/PMASA-2016-16/ CVE-2016-5098 RESERVED @@ -96,6 +98,7 @@ RESERVED - phpmyadmin 4:4.6.2-1 [jessie] - phpmyadmin (Minor issue) + [wheezy] - phpmyadmin (Minor issue) NOTE: https://www.phpmyadmin.net/security/PMASA-2016-14/ CVE-2016-5092 RESERVED @@ -1885,14 +1888,18 @@ RESERVED - qemu [jessie] - qemu (Minor issue) + [wheezy] - qemu (Minor issue) - qemu-kvm + [wheezy] - qemu-kvm (Minor issue) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05271.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336429 CVE-2016-4453 [display: vmsvga: infinite loop in vmsvga_fifo_run()] RESERVED - qemu [jessie] - qemu (Minor issue) + [wheezy] - qemu (Minor issue) - qemu-kvm + [wheezy] - qemu-kvm (Minor issue) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05270.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336650 CVE-2016-4452 @@ -1937,6 +1944,7 @@ [jessie] - qemu (Minor issue; can be fixed along with a future DSA) [wheezy] - qemu (Minor issue; can be fixed along with a future DSA) - qemu-kvm + [wheezy] - qemu-kvm (Minor issue; can be fixed along with a future DSA) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03274.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337505 CVE-2016-4440 [kvm: vmx: incorrect state update leading to MSR access] @@ -1952,6 +1960,7 @@ [jessie] - qemu (Minor issue; can be fixed along with a future DSA) [wheezy] - qemu (Minor issue; can be fixed along with a future DSA) - qemu-kvm + [wheezy] - qemu-kvm (Minor issue; can be fixed along with a future DSA) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03273.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337502 CVE-2016-4438 @@ -56171,6 +56180,7 @@ [jessie] - qemu (Minor issue) [wheezy] - qemu (Minor issue) - qemu-kvm + [wheezy] - qemu-kvm (Minor issue) - xen 4.4.0-1 NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: http://xenbits.xen.org/xsa/advisory-180.html ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42203 - data/CVE
Author: benh Date: 2016-05-31 23:56:34 + (Tue, 31 May 2016) New Revision: 42203 Modified: data/CVE/list Log: Mark typo3-src issue affecting wheezy as Modified: data/CVE/list === --- data/CVE/list 2016-05-31 23:54:00 UTC (rev 42202) +++ data/CVE/list 2016-05-31 23:56:34 UTC (rev 42203) @@ -405,6 +405,7 @@ CVE-2016-5091 RESERVED - typo3-src + [wheezy] - typo3-src (Not supported in Wheezy LTS) CVE-2016-5044 RESERVED - dwarfutils 20160507-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42202 - data
Author: benh Date: 2016-05-31 23:54:00 + (Tue, 31 May 2016) New Revision: 42202 Modified: data/dla-needed.txt Log: Fix package name order in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-31 23:53:08 UTC (rev 42201) +++ data/dla-needed.txt 2016-05-31 23:54:00 UTC (rev 42202) @@ -57,11 +57,11 @@ NOTE: maintainer would like help working on the updates but will handle the updates himself NOTE: 20160518175636.ga29...@roeckx.be -- -php5 (Thorsten Alteholz) --- p7zip NOTE: CPP/7zip/Archive/Udf/UdfIn.cpp line 261? -- +php5 (Thorsten Alteholz) +-- quagga NOTE: see dsa-needed's notes. NOTE: Maintainer's answer: https://lists.debian.org/msgid-search/878tzv6pru@mid.deneb.enyo.de ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42201 - data/CVE
Author: benh Date: 2016-05-31 23:53:08 + (Tue, 31 May 2016) New Revision: 42201 Modified: data/CVE/list Log: Mark un-numbered mediawiki issues affecting wheezy and jessie as Modified: data/CVE/list === --- data/CVE/list 2016-05-31 23:50:03 UTC (rev 42200) +++ data/CVE/list 2016-05-31 23:53:08 UTC (rev 42201) @@ -605,6 +605,8 @@ NOTE: PHP bug: https://bugs.php.net/bug.php?id=70121 CVE-2016- [mediawiki issues from 1.26.3, 1.25.6 and 1.23.14] - mediawiki + [jessie] - mediawiki (Not supported after April 2016) + [wheezy] - mediawiki (Not supported in Wheezy LTS) NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-May/000188.html CVE-2016-4952 [scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines] RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42200 - data
Author: benh Date: 2016-05-31 23:50:03 + (Tue, 31 May 2016) New Revision: 42200 Modified: data/dla-needed.txt Log: Remove ruby-activesupport-2.3 from dla-needed.txt; it is end-of-life Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-31 23:47:11 UTC (rev 42199) +++ data/dla-needed.txt 2016-05-31 23:50:03 UTC (rev 42200) @@ -75,8 +75,6 @@ -- ruby-activerecord-3.2 (Guido Günther) -- -ruby-activesupport-2.3 --- ruby-activesupport-3.2 (Guido Günther) -- ruby-eventmachine ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42199 - data/CVE
Author: benh Date: 2016-05-31 23:47:11 + (Tue, 31 May 2016) New Revision: 42199 Modified: data/CVE/list Log: Mark mediawiki issues affecting wheezy as Modified: data/CVE/list === --- data/CVE/list 2016-05-31 22:25:18 UTC (rev 42198) +++ data/CVE/list 2016-05-31 23:47:11 UTC (rev 42199) @@ -32209,51 +32209,61 @@ [wheezy] - xdeb (Minor issue) CVE-2015-2931 (Incomplete blacklist vulnerability in includes/upload/UploadBase.php ...) - mediawiki 1:1.19.20+dfsg-2.3 + [wheezy] - mediawiki (Not supported in Wheezy LTS) [squeeze] - mediawiki (Not supported in Squeeze LTS) NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 CVE-2015-2932 (Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x ...) - mediawiki 1:1.19.20+dfsg-2.3 + [wheezy] - mediawiki (Not supported in Wheezy LTS) [squeeze] - mediawiki (Not supported in Squeeze LTS) NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 CVE-2015-2933 (Cross-site scripting (XSS) vulnerability in the Html class in ...) - mediawiki 1:1.19.20+dfsg-2.3 + [wheezy] - mediawiki (Not supported in Wheezy LTS) [squeeze] - mediawiki (Not supported in Squeeze LTS) NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 CVE-2015-2934 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 ...) - mediawiki 1:1.19.20+dfsg-2.3 + [wheezy] - mediawiki (Not supported in Wheezy LTS) [squeeze] - mediawiki (Not supported in Squeeze LTS) NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 CVE-2015-2935 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 ...) - mediawiki 1:1.19.20+dfsg-2.3 + [wheezy] - mediawiki (Not supported in Wheezy LTS) [squeeze] - mediawiki (Not supported in Squeeze LTS) NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 CVE-2015-2936 (MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password ...) - mediawiki 1:1.19.20+dfsg-2.3 + [wheezy] - mediawiki (Not supported in Wheezy LTS) [squeeze] - mediawiki (Not supported in Squeeze LTS) NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 CVE-2015-2937 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before ...) - mediawiki 1:1.19.20+dfsg-2.3 + [wheezy] - mediawiki (Not supported in Wheezy LTS) [squeeze] - mediawiki (Not supported in Squeeze LTS) NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 CVE-2015-2938 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, ...) - mediawiki 1:1.19.20+dfsg-2.3 + [wheezy] - mediawiki (Not supported in Wheezy LTS) [squeeze] - mediawiki (Not supported in Squeeze LTS) NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 CVE-2015-2939 (Cross-site scripting (XSS) vulnerability in the Scribunto extension ...) - mediawiki 1:1.19.20+dfsg-2.3 + [wheezy] - mediawiki (Not supported in Wheezy LTS) [squeeze] - mediawiki (Not supported in Squeeze LTS) NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 CVE-2015-2940 (Cross-site request forgery (CSRF) vulnerability in the CheckUser ...) - mediawiki 1:1.19.20+dfsg-2.3 + [wheezy] - mediawiki (Not supported in Wheezy LTS) [squeeze] - mediawiki (Not supported in Squeeze LTS) NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42198 - data
Author: pochu Date: 2016-05-31 22:25:18 + (Tue, 31 May 2016) New Revision: 42198 Modified: data/dla-needed.txt Log: Claim imagemagick in data/dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-31 21:10:09 UTC (rev 42197) +++ data/dla-needed.txt 2016-05-31 22:25:18 UTC (rev 42198) @@ -30,7 +30,7 @@ icu (Roberto C. Sánchez) NOTE: check comments on CVE-2016-0494 as well -- -imagemagick +imagemagick (Emilio Pozuelo) -- libjackson-json-java -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42197 - data/CVE
Author: sectracker
Date: 2016-05-31 21:10:09 + (Tue, 31 May 2016)
New Revision: 42197
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2016-05-31 21:05:07 UTC (rev 42196)
+++ data/CVE/list 2016-05-31 21:10:09 UTC (rev 42197)
@@ -1,4 +1,43 @@
+CVE-2016-5125
+ RESERVED
+CVE-2016-5124
+ RESERVED
+CVE-2016-5123
+ RESERVED
+CVE-2016-5122
+ RESERVED
+CVE-2016-5121
+ RESERVED
+CVE-2016-5120
+ RESERVED
+CVE-2016-5119
+ RESERVED
+CVE-2016-5113
+ RESERVED
+CVE-2016-5112
+ RESERVED
+CVE-2016-5111
+ RESERVED
+CVE-2016-5110
+ RESERVED
+CVE-2016-5109
+ RESERVED
+CVE-2015-8887
+ RESERVED
+CVE-2015-8886
+ RESERVED
+CVE-2015-8885
+ RESERVED
+CVE-2015-8884
+ RESERVED
+CVE-2015-8883
+ RESERVED
+CVE-2015-8882
+ RESERVED
+CVE-2015-8881
+ RESERVED
CVE-2016-5126 [block: iscsi: buffer overflow in iscsi_aio_ioctl]
+ RESERVED
- qemu
- qemu-kvm
NOTE:
https://lists.gnu.org/archive/html/qemu-block/2016-05/msg00779.html
@@ -17,10 +56,12 @@
NOTE: https://sourceforge.net/p/postfixadmin/bugs/372/
NOTE: Fixed by: https://sourceforge.net/p/postfixadmin/code/1842
CVE-2016-5118 [popen() shell vulnerability via filename]
+ RESERVED
- imagemagick (bug #825799)
- graphicsmagick 1.3.24-1 (bug #825800)
NOTE: fixed by
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ae3928faa858
CVE-2016-5116 [xbm: avoid stack overflow (read) with large names]
+ RESERVED
- libgd2 2.2.1-1
[wheezy] - libgd2 (Vulnerable code not present)
NOTE: Fixed by:
https://github.com/libgd/libgd/commit/4dc1a2d7931017d3625f2d7cff70a17ce58b53b4
(gd-2.2.0)
@@ -31,6 +72,7 @@
NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
NOTE: http://www.openwall.com/lists/oss-security/2016/05/29/3
CVE-2016-5115
+ RESERVED
- mplayer
NOTE: https://trac.mplayerhq.hu/ticket/2298
TODO: probably not affected since orig.tar.gz of src:mplayer does not
include libavcodec, ffmpeg/libav affected?
@@ -58,6 +100,7 @@
CVE-2016-5092
RESERVED
CVE-2016-5108 [crash and potential code execution when processing QuickTime
IMA files]
+ RESERVED
- vlc 2.2.3-2 (bug #825728)
NOTE: Details: http://www.openwall.com/lists/oss-security/2016/05/27/3
NOTE:
https://git.videolan.org/?p=vlc.git;a=commit;h=458ed62bbeb9d1bddf7b8df104e14936408a3db9
@@ -498,6 +541,7 @@
CVE-2016-4953
RESERVED
CVE-2016-5117 [OpenNTPD not verifying CN during HTTPS constraints request]
+ RESERVED
- openntpd (bug #825856)
[jessie] - openntpd (Vulnerable code introduced later)
[wheezy] - openntpd (Vulnerable code introduced later)
@@ -528,12 +572,14 @@
NOTE: Fixed in PHP 7.0.1
TODO: check, probably only PHP 7.x
CVE-2015-8879 (The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before
5.6.12 ...)
+ {DLA-499-1}
- php5 5.6.12+dfsg-1
[jessie] - php5 5.6.12+dfsg-0+deb8u1
- php7.0 7.0.0-1
NOTE: Fixed in PHP 5.6.12, 7.0.0
NOTE: PHP bug: https://bugs.php.net/bug.php?id=69975
CVE-2015-8878 (main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x
before ...)
+ {DLA-499-1}
- php5 5.6.12+dfsg-1
[jessie] - php5 5.6.12+dfsg-0+deb8u1
NOTE: Fixed in PHP 5.6.12, 5.5.28
@@ -934,10 +980,10 @@
RESERVED
CVE-2010-5326 (The Invoker Servlet on SAP NetWeaver Application Server Java
...)
NOT-FOR-US: SAP
-CVE-2016-4785
- RESERVED
-CVE-2016-4784
- RESERVED
+CVE-2016-4785 (The integrated web server in the EN100 Ethernet module before
4.27 on ...)
+ TODO: check
+CVE-2016-4784 (The integrated web server in the EN100 Ethernet module before
4.27 on ...)
+ TODO: check
CVE-2016-4783 (Cross-site scripting (XSS) vulnerability in Lenovo SHAREit
before ...)
NOT-FOR-US: Lenovo
CVE-2016-4782 (Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows
remote ...)
@@ -1535,8 +1581,8 @@
RESERVED
CVE-2016-4522
RESERVED
-CVE-2016-4521
- RESERVED
+CVE-2016-4521 (Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x
before ...)
+ TODO: check
CVE-2016-4520
RESERVED
CVE-2016-4519
@@ -1565,18 +1611,18 @@
RESERVED
CVE-2016-4507
RESERVED
-CVE-2016-4506
- RESERVED
-CVE-2016-4505
- RESERVED
+CVE-2016-4506 (Cross-site request forgery (CSRF) vulnerability on Resource
Data ...)
+ TODO: check
+CVE-2016-4505 (Resource Data Management (RDM) Intuitive 650 TDB Controller
devices ...)
+ TODO: check
CVE-2016-4504
RESERVED
CVE-2016-4503
RESERVED
-CVE-2016-4502
- RESERVED
-CVE-2016-4501
- RESERVED
+CVE-2016-4502 (Environmental Systems Corpo
[Secure-testing-commits] r42196 - data/CVE
Author: jmm Date: 2016-05-31 21:05:07 + (Tue, 31 May 2016) New Revision: 42196 Modified: data/CVE/list Log: activemq n/a for stable Modified: data/CVE/list === --- data/CVE/list 2016-05-31 20:36:00 UTC (rev 42195) +++ data/CVE/list 2016-05-31 21:05:07 UTC (rev 42196) @@ -5324,9 +5324,10 @@ RESERVED CVE-2016-3088 [Fileserver web application vulnerability allowing RCE] RESERVED - - activemq + - activemq + [jessie] - activemq (file server was only enabled in 5.13.2+dfsg-2) + [wheezy] - activemq (file server was only enabled in 5.13.2+dfsg-2) NOTE: http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt - TODO: check CVE-2016-3087 RESERVED CVE-2016-3086 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42195 - data/CVE
Author: jmm Date: 2016-05-31 20:36:00 + (Tue, 31 May 2016) New Revision: 42195 Modified: data/CVE/list Log: postfixadmin no-dsa Modified: data/CVE/list === --- data/CVE/list 2016-05-31 19:53:10 UTC (rev 42194) +++ data/CVE/list 2016-05-31 20:36:00 UTC (rev 42195) @@ -12,6 +12,7 @@ NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2552 CVE-2016- [CSRF protection for POST requests] - postfixadmin (bug #825151) + [jessie] - postfixadmin (Minor issue) NOTE: http://seclists.org/fulldisclosure/2016/May/59 NOTE: https://sourceforge.net/p/postfixadmin/bugs/372/ NOTE: Fixed by: https://sourceforge.net/p/postfixadmin/code/1842 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42194 - data/CVE
Author: carnil Date: 2016-05-31 19:53:10 + (Tue, 31 May 2016) New Revision: 42194 Modified: data/CVE/list Log: Add fixed version for CVE-2016-4450/nginx, #825960 Modified: data/CVE/list === --- data/CVE/list 2016-05-31 19:04:55 UTC (rev 42193) +++ data/CVE/list 2016-05-31 19:53:10 UTC (rev 42194) @@ -1845,7 +1845,7 @@ - foreman (bug #663101) CVE-2016-4450 RESERVED - - nginx (bug #825960) + - nginx 1.10.1-1 (bug #825960) CVE-2016-4449 RESERVED - libxml2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42193 - data/CVE
Author: carnil Date: 2016-05-31 19:04:55 + (Tue, 31 May 2016) New Revision: 42193 Modified: data/CVE/list Log: Add new nginx issue Modified: data/CVE/list === --- data/CVE/list 2016-05-31 18:43:10 UTC (rev 42192) +++ data/CVE/list 2016-05-31 19:04:55 UTC (rev 42193) @@ -1845,6 +1845,7 @@ - foreman (bug #663101) CVE-2016-4450 RESERVED + - nginx (bug #825960) CVE-2016-4449 RESERVED - libxml2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42192 - data/CVE
Author: carnil
Date: 2016-05-31 18:43:10 + (Tue, 31 May 2016)
New Revision: 42192
Modified:
data/CVE/list
Log:
Add CVE-2016-158{1,2}/lxd
Modified: data/CVE/list
===
--- data/CVE/list 2016-05-31 17:22:24 UTC (rev 42191)
+++ data/CVE/list 2016-05-31 18:43:10 UTC (rev 42192)
@@ -10615,8 +10615,10 @@
RESERVED
CVE-2016-1582
RESERVED
+ - lxd (bug #768073)
CVE-2016-1581
RESERVED
+ - lxd (bug #768073)
CVE-2016-1580 (The setup_snappy_os_mounts function in the ubuntu-core-launcher
...)
TODO: check
CVE-2016-1579
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42191 - data
Author: alteholz Date: 2016-05-31 17:22:24 + (Tue, 31 May 2016) New Revision: 42191 Modified: data/dla-needed.txt Log: still some issue open Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-31 17:21:48 UTC (rev 42190) +++ data/dla-needed.txt 2016-05-31 17:22:24 UTC (rev 42191) @@ -57,6 +57,8 @@ NOTE: maintainer would like help working on the updates but will handle the updates himself NOTE: 20160518175636.ga29...@roeckx.be -- +php5 (Thorsten Alteholz) +-- p7zip NOTE: CPP/7zip/Archive/Udf/UdfIn.cpp line 261? -- @@ -76,7 +78,6 @@ ruby-activesupport-2.3 -- ruby-activesupport-3.2 (Guido Günther) - -- ruby-eventmachine -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42190 - in data: . DLA
Author: alteholz
Date: 2016-05-31 17:21:48 + (Tue, 31 May 2016)
New Revision: 42190
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-499-1 for php5
Modified: data/DLA/list
===
--- data/DLA/list 2016-05-31 17:20:03 UTC (rev 42189)
+++ data/DLA/list 2016-05-31 17:21:48 UTC (rev 42190)
@@ -1,3 +1,6 @@
+[31 May 2016] DLA-499-1 php5 - security update
+ {CVE-2015-8865 CVE-2015-8866 CVE-2015-8878 CVE-2015-8879 CVE-2016-4070
CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 CVE-2016-4343 CVE-2016-4537
CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543
CVE-2016-4544}
+ [wheezy] - php5 5.4.45-0+deb7u3
[31 May 2016] DLA-498-1 ruby-activemodel-3.2 - security update
{CVE-2016-0753}
[wheezy] - ruby-activemodel-3.2 3.2.6-3+deb7u1
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-31 17:20:03 UTC (rev 42189)
+++ data/dla-needed.txt 2016-05-31 17:21:48 UTC (rev 42190)
@@ -60,9 +60,6 @@
p7zip
NOTE: CPP/7zip/Archive/Udf/UdfIn.cpp line 261?
--
-php5 (Thorsten Alteholz)
- NOTE: package for testing uploaded
---
quagga
NOTE: see dsa-needed's notes.
NOTE: Maintainer's answer:
https://lists.debian.org/msgid-search/878tzv6pru@mid.deneb.enyo.de
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42189 - data/DLA
Author: carnil
Date: 2016-05-31 17:20:03 + (Tue, 31 May 2016)
New Revision: 42189
Modified:
data/DLA/list
Log:
Fix version string for ruby-activemodel-3.2
Modified: data/DLA/list
===
--- data/DLA/list 2016-05-31 17:06:27 UTC (rev 42188)
+++ data/DLA/list 2016-05-31 17:20:03 UTC (rev 42189)
@@ -1,6 +1,6 @@
[31 May 2016] DLA-498-1 ruby-activemodel-3.2 - security update
{CVE-2016-0753}
- [wheezy] - ruby-activemodel-3.2 3.2_3.2.6-3+deb7u1
+ [wheezy] - ruby-activemodel-3.2 3.2.6-3+deb7u1
[31 May 2016] DLA-497-1 wireshark - security update
{CVE-2012-6052 CVE-2012-6053 CVE-2012-6054 CVE-2012-6055 CVE-2012-6056
CVE-2012-6057 CVE-2012-6058 CVE-2012-6059 CVE-2012-6060 CVE-2012-6061
CVE-2012-6062 CVE-2013-1572 CVE-2013-1573 CVE-2013-1574 CVE-2013-1575
CVE-2013-1576 CVE-2013-1577 CVE-2013-1578 CVE-2013-1579 CVE-2013-1580
CVE-2013-1581 CVE-2013-2476 CVE-2013-2479 CVE-2013-2482 CVE-2013-2485
CVE-2013-2486 CVE-2013-2487 CVE-2013-4079 CVE-2013-4080 CVE-2013-4927
CVE-2013-4929 CVE-2013-4931 CVE-2013-5719 CVE-2013-5721 CVE-2013-6339
CVE-2013-7112 CVE-2015-6243 CVE-2015-6246 CVE-2015-6248 CVE-2016-4006
CVE-2016-4079 CVE-2016-4080 CVE-2016-4081 CVE-2016-4082 CVE-2016-4085}
[wheezy] - wireshark 1.12.1+g01b65bf-4+deb8u6~deb7u1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r42188 failed
The error message was: data/DLA/list:3: expected package entry, got: '[wheezy] - ruby-activemodel-3.2 3.2_3.2.6-3+deb7u1' Makefile:22: recipe for target 'all' failed make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42188 - data
Author: agx Date: 2016-05-31 17:06:27 + (Tue, 31 May 2016) New Revision: 42188 Modified: data/dla-needed.txt Log: Grab ruby-active*-3.2 components they suffer from similar CVEs Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-31 17:02:53 UTC (rev 42187) +++ data/dla-needed.txt 2016-05-31 17:06:27 UTC (rev 42188) @@ -72,13 +72,14 @@ NOTE: One maintainer suggests to update to the stable 1.0.x branch NOTE: https://lists.debian.org/debian-lts/2016/05/msg00016.html -- -ruby-actionpack-3.2 +ruby-actionpack-3.2 (Guido Günther) -- -ruby-activerecord-3.2 +ruby-activerecord-3.2 (Guido Günther) -- ruby-activesupport-2.3 -- -ruby-activesupport-3.2 +ruby-activesupport-3.2 (Guido Günther) + -- ruby-eventmachine -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r42187 failed
The error message was: data/DLA/list:3: expected package entry, got: '[wheezy] - ruby-activemodel-3.2 3.2_3.2.6-3+deb7u1' Makefile:22: recipe for target 'all' failed make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42187 - in data: . DLA
Author: agx
Date: 2016-05-31 17:02:53 + (Tue, 31 May 2016)
New Revision: 42187
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Grab LA-498-1 for ruby-activemodel-3.2
Modified: data/DLA/list
===
--- data/DLA/list 2016-05-31 12:37:47 UTC (rev 42186)
+++ data/DLA/list 2016-05-31 17:02:53 UTC (rev 42187)
@@ -1,3 +1,6 @@
+[31 May 2016] DLA-498-1 ruby-activemodel-3.2 - security update
+ {CVE-2016-0753}
+ [wheezy] - ruby-activemodel-3.2 3.2_3.2.6-3+deb7u1
[31 May 2016] DLA-497-1 wireshark - security update
{CVE-2012-6052 CVE-2012-6053 CVE-2012-6054 CVE-2012-6055 CVE-2012-6056
CVE-2012-6057 CVE-2012-6058 CVE-2012-6059 CVE-2012-6060 CVE-2012-6061
CVE-2012-6062 CVE-2013-1572 CVE-2013-1573 CVE-2013-1574 CVE-2013-1575
CVE-2013-1576 CVE-2013-1577 CVE-2013-1578 CVE-2013-1579 CVE-2013-1580
CVE-2013-1581 CVE-2013-2476 CVE-2013-2479 CVE-2013-2482 CVE-2013-2485
CVE-2013-2486 CVE-2013-2487 CVE-2013-4079 CVE-2013-4080 CVE-2013-4927
CVE-2013-4929 CVE-2013-4931 CVE-2013-5719 CVE-2013-5721 CVE-2013-6339
CVE-2013-7112 CVE-2015-6243 CVE-2015-6246 CVE-2015-6248 CVE-2016-4006
CVE-2016-4079 CVE-2016-4080 CVE-2016-4081 CVE-2016-4082 CVE-2016-4085}
[wheezy] - wireshark 1.12.1+g01b65bf-4+deb8u6~deb7u1
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-31 12:37:47 UTC (rev 42186)
+++ data/dla-needed.txt 2016-05-31 17:02:53 UTC (rev 42187)
@@ -74,8 +74,6 @@
--
ruby-actionpack-3.2
--
-ruby-activemodel-3.2 (Guido Günther)
---
ruby-activerecord-3.2
--
ruby-activesupport-2.3
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42186 - data/CVE
Author: carnil Date: 2016-05-31 12:37:47 + (Tue, 31 May 2016) New Revision: 42186 Modified: data/CVE/list Log: Add fixed version for onionshare issue Modified: data/CVE/list === --- data/CVE/list 2016-05-31 10:10:51 UTC (rev 42185) +++ data/CVE/list 2016-05-31 12:37:47 UTC (rev 42186) @@ -471,7 +471,7 @@ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1330237 CVE-2016-5026 [unsafe handling of temporary directory] RESERVED - - onionshare (unimportant) + - onionshare 0.8.1-2 (unimportant) [jessie] - onionshare (Vulnerable code not present) NOTE: Neutralised by kernel hardening (also contrib and non-free not supported) CVE-2016-4963 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42185 - in data: . DLA
Author: rbalint
Date: 2016-05-31 10:10:51 + (Tue, 31 May 2016)
New Revision: 42185
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-497-1 for wireshark
Modified: data/DLA/list
===
--- data/DLA/list 2016-05-31 09:10:09 UTC (rev 42184)
+++ data/DLA/list 2016-05-31 10:10:51 UTC (rev 42185)
@@ -1,3 +1,6 @@
+[31 May 2016] DLA-497-1 wireshark - security update
+ {CVE-2012-6052 CVE-2012-6053 CVE-2012-6054 CVE-2012-6055 CVE-2012-6056
CVE-2012-6057 CVE-2012-6058 CVE-2012-6059 CVE-2012-6060 CVE-2012-6061
CVE-2012-6062 CVE-2013-1572 CVE-2013-1573 CVE-2013-1574 CVE-2013-1575
CVE-2013-1576 CVE-2013-1577 CVE-2013-1578 CVE-2013-1579 CVE-2013-1580
CVE-2013-1581 CVE-2013-2476 CVE-2013-2479 CVE-2013-2482 CVE-2013-2485
CVE-2013-2486 CVE-2013-2487 CVE-2013-4079 CVE-2013-4080 CVE-2013-4927
CVE-2013-4929 CVE-2013-4931 CVE-2013-5719 CVE-2013-5721 CVE-2013-6339
CVE-2013-7112 CVE-2015-6243 CVE-2015-6246 CVE-2015-6248 CVE-2016-4006
CVE-2016-4079 CVE-2016-4080 CVE-2016-4081 CVE-2016-4082 CVE-2016-4085}
+ [wheezy] - wireshark 1.12.1+g01b65bf-4+deb8u6~deb7u1
[30 May 2016] DLA-496-1 ruby-activerecord-3.2 - security update
{CVE-2015-7577}
[wheezy] - ruby-activerecord-3.2 3.2.6-5+deb7u2
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-31 09:10:09 UTC (rev 42184)
+++ data/dla-needed.txt 2016-05-31 10:10:51 UTC (rev 42185)
@@ -101,8 +101,6 @@
--
vlc (Thorsten Alteholz)
--
-wireshark (rbalint)
---
wordpress
--
xen
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42184 - data/CVE
Author: sectracker
Date: 2016-05-31 09:10:09 + (Tue, 31 May 2016)
New Revision: 42184
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2016-05-31 08:52:35 UTC (rev 42183)
+++ data/CVE/list 2016-05-31 09:10:09 UTC (rev 42184)
@@ -18509,7 +18509,7 @@
CVE-2015-7578 (Cross-site scripting (XSS) vulnerability in the
rails-html-sanitizer ...)
- ruby-rails-html-sanitizer 1.0.3-1 (bug #812814)
CVE-2015-7577 (activerecord/lib/active_record/nested_attributes.rb in Active
Record ...)
- {DSA-3464-1}
+ {DSA-3464-1 DLA-496-1}
- rails 2:4.2.5.1-1
[wheezy] - rails (Vulnerable code not present, is only a
transitional package)
[squeeze] - rails (Not supported in Squeeze LTS)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42183 - data
Author: santiago Date: 2016-05-31 08:52:35 + (Tue, 31 May 2016) New Revision: 42183 Modified: data/dla-needed.txt Log: remove mediawiki from dla-needed.txt, not supported in wheezy Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-31 07:13:30 UTC (rev 42182) +++ data/dla-needed.txt 2016-05-31 08:52:35 UTC (rev 42183) @@ -49,9 +49,6 @@ -- linux -- -mediawiki - NOTE: question raised about backporting jessie version: 87y478d6no@angela.anarcat.ath.cx --- mxml -- nss ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42182 - data/CVE
Author: carnil
Date: 2016-05-31 07:13:30 + (Tue, 31 May 2016)
New Revision: 42182
Modified:
data/CVE/list
Log:
mariadb-10.0 fixed in unstable
Modified: data/CVE/list
===
--- data/CVE/list 2016-05-31 07:11:03 UTC (rev 42181)
+++ data/CVE/list 2016-05-31 07:13:30 UTC (rev 42182)
@@ -13941,7 +13941,7 @@
{DSA-3557-1 DLA-447-1}
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 (bug #821100)
- - mariadb-10.0 (bug #823325)
+ - mariadb-10.0 10.0.25-1 (bug #823325)
NOTE: Fixed in MariaDB 10.0.25
NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/
NOTE:
http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
@@ -13984,7 +13984,7 @@
CVE-2016-0655 (Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier
and ...)
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 (Only affects MySQL 5.6 and MySQL 5.7)
- - mariadb-10.0 (bug #823325)
+ - mariadb-10.0 10.0.25-1 (bug #823325)
NOTE: Fixed in MariaDB 10.0.25
NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/
NOTE:
http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
@@ -14023,7 +14023,7 @@
{DSA-3557-1 DLA-447-1}
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 (bug #821100)
- - mariadb-10.0 (bug #823325)
+ - mariadb-10.0 10.0.25-1 (bug #823325)
NOTE: Fixed in MariaDB 10.0.25
NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/
NOTE:
http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
@@ -14031,7 +14031,7 @@
{DSA-3557-1 DLA-447-1}
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 (bug #821100)
- - mariadb-10.0 (bug #823325)
+ - mariadb-10.0 10.0.25-1 (bug #823325)
NOTE: Fixed in MariaDB 10.0.25
NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/
NOTE:
http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
@@ -14053,7 +14053,7 @@
{DSA-3557-1 DLA-447-1}
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 (bug #821100)
- - mariadb-10.0 (bug #823325)
+ - mariadb-10.0 10.0.25-1 (bug #823325)
NOTE: Fixed in MariaDB 10.0.25
NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/
NOTE:
http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42181 - data/CVE
Author: carnil Date: 2016-05-31 07:11:03 + (Tue, 31 May 2016) New Revision: 42181 Modified: data/CVE/list Log: Add fixed version for CVE-2015-3192/libspring-java Modified: data/CVE/list === --- data/CVE/list 2016-05-31 04:50:59 UTC (rev 42180) +++ data/CVE/list 2016-05-31 07:11:03 UTC (rev 42181) @@ -30984,7 +30984,7 @@ NOTE: https://www.openssl.org/news/secadv/20151203.txt CVE-2015-3192 RESERVED - - libspring-java (low; bug #796137) + - libspring-java 4.1.9-1 (low; bug #796137) [wheezy] - libspring-java (Minor issue) [jessie] - libspring-java (Minor issue) NOTE: https://pivotal.io/security/cve-2015-3192 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
