[Secure-testing-commits] r42209 - bin
Author: agx Date: 2016-06-01 06:40:50 + (Wed, 01 Jun 2016) New Revision: 42209 Modified: bin/support-ended.py Log: bin/support-ended.py: properly format error message Modified: bin/support-ended.py === --- bin/support-ended.py2016-06-01 06:12:23 UTC (rev 42208) +++ bin/support-ended.py2016-06-01 06:40:50 UTC (rev 42209) @@ -59,7 +59,7 @@ pattern = "security-support-ended.deb*" lists = glob.glob(os.path.join(dir, pattern)) if not lists: -raise Exception("No lists matching %s found in %s", (pattern, dir)) +raise Exception("No lists matching %s found in %s" % (pattern, dir)) end = datetime.datetime.today() + datetime.timedelta(days=days) if days else None ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42208 - data/CVE
Author: carnil Date: 2016-06-01 06:12:23 + (Wed, 01 Jun 2016) New Revision: 42208 Modified: data/CVE/list Log: Add CVE-2016-4457 Modified: data/CVE/list === --- data/CVE/list 2016-06-01 03:59:54 UTC (rev 42207) +++ data/CVE/list 2016-06-01 06:12:23 UTC (rev 42208) @@ -1881,6 +1881,7 @@ RESERVED CVE-2016-4457 RESERVED + NOT-FOR-US: Red Hat CloudForms CVE-2016-4456 RESERVED CVE-2016-4455 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42207 - data/CVE
Author: mgilbert Date: 2016-06-01 03:59:54 + (Wed, 01 Jun 2016) New Revision: 42207 Modified: data/CVE/list Log: nfus Modified: data/CVE/list === --- data/CVE/list 2016-06-01 02:57:12 UTC (rev 42206) +++ data/CVE/list 2016-06-01 03:59:54 UTC (rev 42207) @@ -989,9 +989,9 @@ CVE-2010-5326 (The Invoker Servlet on SAP NetWeaver Application Server Java ...) NOT-FOR-US: SAP CVE-2016-4785 (The integrated web server in the EN100 Ethernet module before 4.27 on ...) - TODO: check + NOT-FOR-US: Siemens CVE-2016-4784 (The integrated web server in the EN100 Ethernet module before 4.27 on ...) - TODO: check + NOT-FOR-US: Siemens CVE-2016-4783 (Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before ...) NOT-FOR-US: Lenovo CVE-2016-4782 (Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote ...) @@ -1590,7 +1590,7 @@ CVE-2016-4522 RESERVED CVE-2016-4521 (Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before ...) - TODO: check + NOT-FOR-US: Sixnet CVE-2016-4520 RESERVED CVE-2016-4519 @@ -1620,17 +1620,17 @@ CVE-2016-4507 RESERVED CVE-2016-4506 (Cross-site request forgery (CSRF) vulnerability on Resource Data ...) - TODO: check + NOT-FOR-US: Resource Data Management CVE-2016-4505 (Resource Data Management (RDM) Intuitive 650 TDB Controller devices ...) - TODO: check + NOT-FOR-US: Resource Data Management CVE-2016-4504 RESERVED CVE-2016-4503 RESERVED CVE-2016-4502 (Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and ...) - TODO: check + NOT-FOR-US: Environmental Systems Corporation CVE-2016-4501 (Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and ...) - TODO: check + NOT-FOR-US: Environmental Systems Corporation CVE-2016-4500 RESERVED CVE-2016-4499 (Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x ...) @@ -2673,7 +2673,7 @@ CVE-2016-4119 RESERVED CVE-2016-4118 (Untrusted search path vulnerability in the add-in installer in Adobe ...) - TODO: check + NOT-FOR-US: Adobe CVE-2016-4117 (Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to ...) NOT-FOR-US: Adobe Flash Player CVE-2016-4116 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and ...) @@ -2739,7 +2739,7 @@ - gitlab (bug #823290) NOTE: https://about.gitlab.com/2016/05/02/cve-2016-4340-patches/ CVE-2016-4087 (Huawei S12700 switches with software before V200R008C00SPC500 and ...) - TODO: check + NOT-FOR-US: Huawei CVE-2016-4086 RESERVED CVE-2016-4075 @@ -4050,9 +4050,9 @@ CVE-2016-3682 RESERVED CVE-2016-3681 (Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before ...) - TODO: check + NOT-FOR-US: Huawei CVE-2016-3680 (Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before ...) - TODO: check + NOT-FOR-US: Huawei CVE-2016-3679 (Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, ...) - libv8 (unimportant) NOTE: libv8 not covered by security support @@ -4096,7 +4096,7 @@ CVE-2016-3665 RESERVED CVE-2016-3664 (Trend Micro Mobile Security for iOS before 3.2.1188 does not verify ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2016-3663 RESERVED CVE-2016-3662 @@ -4219,7 +4219,7 @@ CVE-2016-3629 RESERVED CVE-2016-3628 (Buffer overflow in tibemsd in the server in TIBCO Enterprise Message ...) - TODO: check + NOT-FOR-US: TIBCO CVE-2016-3626 RESERVED CVE-2016-3625 [Out-of-bounds Read occurred in tif_read.c:545 or tif_read.c:402 or tif_read.c:560 in tiff2bw] @@ -4669,7 +4669,7 @@ CVE-2016-3429 (Unspecified vulnerability in the Oracle Retail Xstore Point of Service ...) NOT-FOR-US: Oracle Retail CVE-2016-3428 (Unspecified vulnerability in the Oracle Agile Engineering Data ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-3427 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; ...) {DSA-3558-1 DLA-451-1} - openjdk-8 8u91-b14-1 @@ -5166,9 +5166,9 @@ CVE-2016-3189 RESERVED CVE-2016-3188 (The _prepopulate_request_walk function in the Prepopulate module ...) - TODO: check + NOT-FOR-US: Prepopulate module for Drupal CVE-2016-3187 (The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote ...) - TODO: check + NOT-FOR-US: Prepopulate module for Drupal CVE-2016-3186 (Buffer overflow in the readextension function in gif2tiff.c in LibTIFF ...) - tiff (bug #819972) [jessie] - tiff (Minor issue) @@ -5299,7 +5299,7 @@ CVE-2016-3127 RESERVED CVE-2016-3126 (Cross-site scripting (XSS) vulnerability in the Management Console in ...) - TODO: check +
[Secure-testing-commits] r42206 - in data: . DSA
Author: mgilbert Date: 2016-06-01 02:57:12 + (Wed, 01 Jun 2016) New Revision: 42206 Modified: data/DSA/list data/dsa-needed.txt Log: chromium dsa Modified: data/DSA/list === --- data/DSA/list 2016-06-01 00:57:08 UTC (rev 42205) +++ data/DSA/list 2016-06-01 02:57:12 UTC (rev 42206) @@ -1,3 +1,6 @@ +[01 Jun 2016] DSA-3590-1 chromium-browser - security update + {CVE-2016-1667 CVE-2016-1668 CVE-2016-1669 CVE-2016-1670 CVE-2016-1672 CVE-2016-1673 CVE-2016-1674 CVE-2016-1675 CVE-2016-1676 CVE-2016-1677 CVE-2016-1678 CVE-2016-1679 CVE-2016-1680 CVE-2016-1681 CVE-2016-1682 CVE-2016-1683 CVE-2016-1684 CVE-2016-1685 CVE-2016-1686 CVE-2016-1687 CVE-2016-1688 CVE-2016-1689 CVE-2016-1690 CVE-2016-1691 CVE-2016-1692 CVE-2016-1693 CVE-2016-1694 CVE-2016-1695} + [jessie] - chromium-browser 51.0.2704.63-1~deb8u1 [30 May 2016] DSA-3589-1 gdk-pixbuf - security update {CVE-2015-7552 CVE-2015-8875} [jessie] - gdk-pixbuf 2.31.1-2+deb8u5 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-06-01 00:57:08 UTC (rev 42205) +++ data/dsa-needed.txt 2016-06-01 02:57:12 UTC (rev 42206) @@ -14,8 +14,6 @@ -- 389-ds-base -- -chromium-browser --- graphicsmagick -- icu ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42205 - in data: . CVE
Author: benh Date: 2016-06-01 00:57:08 + (Wed, 01 Jun 2016) New Revision: 42205 Modified: data/CVE/list data/dla-needed.txt Log: Triage new issues for wheezy; add links to bug reports and fixes where available Modified: data/CVE/list === --- data/CVE/list 2016-06-01 00:06:26 UTC (rev 42204) +++ data/CVE/list 2016-06-01 00:57:08 UTC (rev 42205) @@ -39,7 +39,9 @@ CVE-2016-5126 [block: iscsi: buffer overflow in iscsi_aio_ioctl] RESERVED - qemu + [wheezy] - qemu (Vulnerable code not present) - qemu-kvm + [wheezy] - qemu-kvm (Vulnerable code not present) NOTE: https://lists.gnu.org/archive/html/qemu-block/2016-05/msg00779.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1340924 NOTE: http://www.openwall.com/lists/oss-security/2016/05/30/6 @@ -1910,6 +1912,7 @@ CVE-2016-4450 RESERVED - nginx 1.10.1-1 (bug #825960) + [wheezy] - nginx (Introduced in 1.3.9) CVE-2016-4449 RESERVED - libxml2 @@ -8486,6 +8489,8 @@ CVE-2016-2175 RESERVED - libpdfbox-java + NOTE: Fixed on upstream 1.8 branch in https://svn.apache.org/viewvc?view=revision&revision=1739564 + NOTE: Fixed on upstream 2.0 branch in https://svn.apache.org/viewvc?view=revision&revision=1739565 CVE-2016-2174 RESERVED CVE-2016-2173 @@ -10296,11 +10301,13 @@ - libxslt - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not supported in Wheezy) + NOTE: Chromium bug report: https://code.google.com/p/chromium/issues/detail?id=583171 CVE-2016-1683 RESERVED - libxslt - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not supported in Wheezy) + NOTE: Chromium bug report: https://code.google.com/p/chromium/issues/detail?id=583156 CVE-2016-1682 RESERVED - chromium-browser 51.0.2704.63-1 @@ -46047,12 +46054,12 @@ RESERVED CVE-2014-7913 (The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as ...) - dhcpcd5 - NOTE: android's dhcpd is a fork of dhcpcd5, and code very similar to the vulnerable section exists in dhcpcd5, but i didn't have time to check whether it too is vulnerable to the problem - TODO: check + NOTE: Fixed for Android in https://android.googlesource.com/platform/external/dhcpcd/+/73c09dd8067250734511d955d8f792b41c7213f0%5E!/ + NOTE: Fixed on upstream trunk in http://roy.marples.name/projects/dhcpcd/ci/528541c4c619520e?sbs=0 CVE-2014-7912 (The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in ...) - dhcpcd5 - NOTE: android's dhcpd is a fork of dhcpcd5, and code very similar to the vulnerable section exists in dhcpcd5, but i didn't have time to check whether it too is vulnerable to the problem - TODO: check + NOTE: Fixed for Android in https://android.googlesource.com/platform/external/dhcpcd/+/73c09dd8067250734511d955d8f792b41c7213f0%5E!/ + NOTE: Fixed on upstream trunk in http://roy.marples.name/projects/dhcpcd/ci/d71cfd8aa203bffe?sbs=0 CVE-2014-7911 (luni/src/main/java/java/io/ObjectInputStream.java in the ...) NOT-FOR-US: Android CVE-2014-7910 (Multiple unspecified vulnerabilities in Google Chrome before ...) Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-01 00:06:26 UTC (rev 42204) +++ data/dla-needed.txt 2016-06-01 00:57:08 UTC (rev 42205) @@ -18,6 +18,8 @@ cakephp NOTE: CVE-2015-8379 No official solution is currently available, 20160425 -- +dhcpcd5 +-- extplorer NOTE: 20160529, no fix yet -- @@ -34,6 +36,8 @@ -- libjackson-json-java -- +libpdfbox-java +-- libspring-java The JSON/JaF doesn't appear to be present in wheezy but the content-disposition stuff might be. @@ -43,6 +47,8 @@ NOTE: carnil is looking in partially triaging the libxml2 issues as well for wheezy NOTE: and publish preliminary work on https://people.debian.org/~carnil/tmp/libxml2/wheezy -- +libxslt +-- libxstream-java (jmm) Emmanuel Bourg proposed debdiff for both wheezy- and jessie-security waiting an additional to solicit regression feedback from change in sid ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42204 - data/CVE
Author: benh Date: 2016-06-01 00:06:26 + (Wed, 01 Jun 2016) New Revision: 42204 Modified: data/CVE/list Log: Mark various issues affecting wheezy as , matching jessie's status Modified: data/CVE/list === --- data/CVE/list 2016-05-31 23:56:34 UTC (rev 42203) +++ data/CVE/list 2016-06-01 00:06:26 UTC (rev 42204) @@ -52,6 +52,7 @@ CVE-2016- [CSRF protection for POST requests] - postfixadmin (bug #825151) [jessie] - postfixadmin (Minor issue) + [wheezy] - postfixadmin (Minor issue) NOTE: http://seclists.org/fulldisclosure/2016/May/59 NOTE: https://sourceforge.net/p/postfixadmin/bugs/372/ NOTE: Fixed by: https://sourceforge.net/p/postfixadmin/code/1842 @@ -86,6 +87,7 @@ RESERVED - phpmyadmin 4:4.6.2-1 [jessie] - phpmyadmin (Minor issue) + [wheezy] - phpmyadmin (Minor issue) NOTE: https://www.phpmyadmin.net/security/PMASA-2016-16/ CVE-2016-5098 RESERVED @@ -96,6 +98,7 @@ RESERVED - phpmyadmin 4:4.6.2-1 [jessie] - phpmyadmin (Minor issue) + [wheezy] - phpmyadmin (Minor issue) NOTE: https://www.phpmyadmin.net/security/PMASA-2016-14/ CVE-2016-5092 RESERVED @@ -1885,14 +1888,18 @@ RESERVED - qemu [jessie] - qemu (Minor issue) + [wheezy] - qemu (Minor issue) - qemu-kvm + [wheezy] - qemu-kvm (Minor issue) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05271.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336429 CVE-2016-4453 [display: vmsvga: infinite loop in vmsvga_fifo_run()] RESERVED - qemu [jessie] - qemu (Minor issue) + [wheezy] - qemu (Minor issue) - qemu-kvm + [wheezy] - qemu-kvm (Minor issue) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05270.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336650 CVE-2016-4452 @@ -1937,6 +1944,7 @@ [jessie] - qemu (Minor issue; can be fixed along with a future DSA) [wheezy] - qemu (Minor issue; can be fixed along with a future DSA) - qemu-kvm + [wheezy] - qemu-kvm (Minor issue; can be fixed along with a future DSA) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03274.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337505 CVE-2016-4440 [kvm: vmx: incorrect state update leading to MSR access] @@ -1952,6 +1960,7 @@ [jessie] - qemu (Minor issue; can be fixed along with a future DSA) [wheezy] - qemu (Minor issue; can be fixed along with a future DSA) - qemu-kvm + [wheezy] - qemu-kvm (Minor issue; can be fixed along with a future DSA) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03273.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337502 CVE-2016-4438 @@ -56171,6 +56180,7 @@ [jessie] - qemu (Minor issue) [wheezy] - qemu (Minor issue) - qemu-kvm + [wheezy] - qemu-kvm (Minor issue) - xen 4.4.0-1 NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: http://xenbits.xen.org/xsa/advisory-180.html ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42203 - data/CVE
Author: benh Date: 2016-05-31 23:56:34 + (Tue, 31 May 2016) New Revision: 42203 Modified: data/CVE/list Log: Mark typo3-src issue affecting wheezy as Modified: data/CVE/list === --- data/CVE/list 2016-05-31 23:54:00 UTC (rev 42202) +++ data/CVE/list 2016-05-31 23:56:34 UTC (rev 42203) @@ -405,6 +405,7 @@ CVE-2016-5091 RESERVED - typo3-src + [wheezy] - typo3-src (Not supported in Wheezy LTS) CVE-2016-5044 RESERVED - dwarfutils 20160507-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42202 - data
Author: benh Date: 2016-05-31 23:54:00 + (Tue, 31 May 2016) New Revision: 42202 Modified: data/dla-needed.txt Log: Fix package name order in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-31 23:53:08 UTC (rev 42201) +++ data/dla-needed.txt 2016-05-31 23:54:00 UTC (rev 42202) @@ -57,11 +57,11 @@ NOTE: maintainer would like help working on the updates but will handle the updates himself NOTE: 20160518175636.ga29...@roeckx.be -- -php5 (Thorsten Alteholz) --- p7zip NOTE: CPP/7zip/Archive/Udf/UdfIn.cpp line 261? -- +php5 (Thorsten Alteholz) +-- quagga NOTE: see dsa-needed's notes. NOTE: Maintainer's answer: https://lists.debian.org/msgid-search/878tzv6pru@mid.deneb.enyo.de ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42201 - data/CVE
Author: benh Date: 2016-05-31 23:53:08 + (Tue, 31 May 2016) New Revision: 42201 Modified: data/CVE/list Log: Mark un-numbered mediawiki issues affecting wheezy and jessie as Modified: data/CVE/list === --- data/CVE/list 2016-05-31 23:50:03 UTC (rev 42200) +++ data/CVE/list 2016-05-31 23:53:08 UTC (rev 42201) @@ -605,6 +605,8 @@ NOTE: PHP bug: https://bugs.php.net/bug.php?id=70121 CVE-2016- [mediawiki issues from 1.26.3, 1.25.6 and 1.23.14] - mediawiki + [jessie] - mediawiki (Not supported after April 2016) + [wheezy] - mediawiki (Not supported in Wheezy LTS) NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-May/000188.html CVE-2016-4952 [scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines] RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42200 - data
Author: benh Date: 2016-05-31 23:50:03 + (Tue, 31 May 2016) New Revision: 42200 Modified: data/dla-needed.txt Log: Remove ruby-activesupport-2.3 from dla-needed.txt; it is end-of-life Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-31 23:47:11 UTC (rev 42199) +++ data/dla-needed.txt 2016-05-31 23:50:03 UTC (rev 42200) @@ -75,8 +75,6 @@ -- ruby-activerecord-3.2 (Guido Günther) -- -ruby-activesupport-2.3 --- ruby-activesupport-3.2 (Guido Günther) -- ruby-eventmachine ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42199 - data/CVE
Author: benh Date: 2016-05-31 23:47:11 + (Tue, 31 May 2016) New Revision: 42199 Modified: data/CVE/list Log: Mark mediawiki issues affecting wheezy as Modified: data/CVE/list === --- data/CVE/list 2016-05-31 22:25:18 UTC (rev 42198) +++ data/CVE/list 2016-05-31 23:47:11 UTC (rev 42199) @@ -32209,51 +32209,61 @@ [wheezy] - xdeb (Minor issue) CVE-2015-2931 (Incomplete blacklist vulnerability in includes/upload/UploadBase.php ...) - mediawiki 1:1.19.20+dfsg-2.3 + [wheezy] - mediawiki (Not supported in Wheezy LTS) [squeeze] - mediawiki (Not supported in Squeeze LTS) NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 CVE-2015-2932 (Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x ...) - mediawiki 1:1.19.20+dfsg-2.3 + [wheezy] - mediawiki (Not supported in Wheezy LTS) [squeeze] - mediawiki (Not supported in Squeeze LTS) NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 CVE-2015-2933 (Cross-site scripting (XSS) vulnerability in the Html class in ...) - mediawiki 1:1.19.20+dfsg-2.3 + [wheezy] - mediawiki (Not supported in Wheezy LTS) [squeeze] - mediawiki (Not supported in Squeeze LTS) NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 CVE-2015-2934 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 ...) - mediawiki 1:1.19.20+dfsg-2.3 + [wheezy] - mediawiki (Not supported in Wheezy LTS) [squeeze] - mediawiki (Not supported in Squeeze LTS) NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 CVE-2015-2935 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 ...) - mediawiki 1:1.19.20+dfsg-2.3 + [wheezy] - mediawiki (Not supported in Wheezy LTS) [squeeze] - mediawiki (Not supported in Squeeze LTS) NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 CVE-2015-2936 (MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password ...) - mediawiki 1:1.19.20+dfsg-2.3 + [wheezy] - mediawiki (Not supported in Wheezy LTS) [squeeze] - mediawiki (Not supported in Squeeze LTS) NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 CVE-2015-2937 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before ...) - mediawiki 1:1.19.20+dfsg-2.3 + [wheezy] - mediawiki (Not supported in Wheezy LTS) [squeeze] - mediawiki (Not supported in Squeeze LTS) NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 CVE-2015-2938 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, ...) - mediawiki 1:1.19.20+dfsg-2.3 + [wheezy] - mediawiki (Not supported in Wheezy LTS) [squeeze] - mediawiki (Not supported in Squeeze LTS) NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 CVE-2015-2939 (Cross-site scripting (XSS) vulnerability in the Scribunto extension ...) - mediawiki 1:1.19.20+dfsg-2.3 + [wheezy] - mediawiki (Not supported in Wheezy LTS) [squeeze] - mediawiki (Not supported in Squeeze LTS) NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 CVE-2015-2940 (Cross-site request forgery (CSRF) vulnerability in the CheckUser ...) - mediawiki 1:1.19.20+dfsg-2.3 + [wheezy] - mediawiki (Not supported in Wheezy LTS) [squeeze] - mediawiki (Not supported in Squeeze LTS) NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42198 - data
Author: pochu Date: 2016-05-31 22:25:18 + (Tue, 31 May 2016) New Revision: 42198 Modified: data/dla-needed.txt Log: Claim imagemagick in data/dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-31 21:10:09 UTC (rev 42197) +++ data/dla-needed.txt 2016-05-31 22:25:18 UTC (rev 42198) @@ -30,7 +30,7 @@ icu (Roberto C. Sánchez) NOTE: check comments on CVE-2016-0494 as well -- -imagemagick +imagemagick (Emilio Pozuelo) -- libjackson-json-java -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42197 - data/CVE
Author: sectracker Date: 2016-05-31 21:10:09 + (Tue, 31 May 2016) New Revision: 42197 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2016-05-31 21:05:07 UTC (rev 42196) +++ data/CVE/list 2016-05-31 21:10:09 UTC (rev 42197) @@ -1,4 +1,43 @@ +CVE-2016-5125 + RESERVED +CVE-2016-5124 + RESERVED +CVE-2016-5123 + RESERVED +CVE-2016-5122 + RESERVED +CVE-2016-5121 + RESERVED +CVE-2016-5120 + RESERVED +CVE-2016-5119 + RESERVED +CVE-2016-5113 + RESERVED +CVE-2016-5112 + RESERVED +CVE-2016-5111 + RESERVED +CVE-2016-5110 + RESERVED +CVE-2016-5109 + RESERVED +CVE-2015-8887 + RESERVED +CVE-2015-8886 + RESERVED +CVE-2015-8885 + RESERVED +CVE-2015-8884 + RESERVED +CVE-2015-8883 + RESERVED +CVE-2015-8882 + RESERVED +CVE-2015-8881 + RESERVED CVE-2016-5126 [block: iscsi: buffer overflow in iscsi_aio_ioctl] + RESERVED - qemu - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-block/2016-05/msg00779.html @@ -17,10 +56,12 @@ NOTE: https://sourceforge.net/p/postfixadmin/bugs/372/ NOTE: Fixed by: https://sourceforge.net/p/postfixadmin/code/1842 CVE-2016-5118 [popen() shell vulnerability via filename] + RESERVED - imagemagick (bug #825799) - graphicsmagick 1.3.24-1 (bug #825800) NOTE: fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ae3928faa858 CVE-2016-5116 [xbm: avoid stack overflow (read) with large names] + RESERVED - libgd2 2.2.1-1 [wheezy] - libgd2 (Vulnerable code not present) NOTE: Fixed by: https://github.com/libgd/libgd/commit/4dc1a2d7931017d3625f2d7cff70a17ce58b53b4 (gd-2.2.0) @@ -31,6 +72,7 @@ NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd NOTE: http://www.openwall.com/lists/oss-security/2016/05/29/3 CVE-2016-5115 + RESERVED - mplayer NOTE: https://trac.mplayerhq.hu/ticket/2298 TODO: probably not affected since orig.tar.gz of src:mplayer does not include libavcodec, ffmpeg/libav affected? @@ -58,6 +100,7 @@ CVE-2016-5092 RESERVED CVE-2016-5108 [crash and potential code execution when processing QuickTime IMA files] + RESERVED - vlc 2.2.3-2 (bug #825728) NOTE: Details: http://www.openwall.com/lists/oss-security/2016/05/27/3 NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=458ed62bbeb9d1bddf7b8df104e14936408a3db9 @@ -498,6 +541,7 @@ CVE-2016-4953 RESERVED CVE-2016-5117 [OpenNTPD not verifying CN during HTTPS constraints request] + RESERVED - openntpd (bug #825856) [jessie] - openntpd (Vulnerable code introduced later) [wheezy] - openntpd (Vulnerable code introduced later) @@ -528,12 +572,14 @@ NOTE: Fixed in PHP 7.0.1 TODO: check, probably only PHP 7.x CVE-2015-8879 (The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 ...) + {DLA-499-1} - php5 5.6.12+dfsg-1 [jessie] - php5 5.6.12+dfsg-0+deb8u1 - php7.0 7.0.0-1 NOTE: Fixed in PHP 5.6.12, 7.0.0 NOTE: PHP bug: https://bugs.php.net/bug.php?id=69975 CVE-2015-8878 (main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before ...) + {DLA-499-1} - php5 5.6.12+dfsg-1 [jessie] - php5 5.6.12+dfsg-0+deb8u1 NOTE: Fixed in PHP 5.6.12, 5.5.28 @@ -934,10 +980,10 @@ RESERVED CVE-2010-5326 (The Invoker Servlet on SAP NetWeaver Application Server Java ...) NOT-FOR-US: SAP -CVE-2016-4785 - RESERVED -CVE-2016-4784 - RESERVED +CVE-2016-4785 (The integrated web server in the EN100 Ethernet module before 4.27 on ...) + TODO: check +CVE-2016-4784 (The integrated web server in the EN100 Ethernet module before 4.27 on ...) + TODO: check CVE-2016-4783 (Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before ...) NOT-FOR-US: Lenovo CVE-2016-4782 (Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote ...) @@ -1535,8 +1581,8 @@ RESERVED CVE-2016-4522 RESERVED -CVE-2016-4521 - RESERVED +CVE-2016-4521 (Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before ...) + TODO: check CVE-2016-4520 RESERVED CVE-2016-4519 @@ -1565,18 +1611,18 @@ RESERVED CVE-2016-4507 RESERVED -CVE-2016-4506 - RESERVED -CVE-2016-4505 - RESERVED +CVE-2016-4506 (Cross-site request forgery (CSRF) vulnerability on Resource Data ...) + TODO: check +CVE-2016-4505 (Resource Data Management (RDM) Intuitive 650 TDB Controller devices ...) + TODO: check CVE-2016-4504 RESERVED CVE-2016-4503 RESERVED -CVE-2016-4502 - RESERVED -CVE-2016-4501 - RESERVED +CVE-2016-4502 (Environmental Systems Corpo
[Secure-testing-commits] r42196 - data/CVE
Author: jmm Date: 2016-05-31 21:05:07 + (Tue, 31 May 2016) New Revision: 42196 Modified: data/CVE/list Log: activemq n/a for stable Modified: data/CVE/list === --- data/CVE/list 2016-05-31 20:36:00 UTC (rev 42195) +++ data/CVE/list 2016-05-31 21:05:07 UTC (rev 42196) @@ -5324,9 +5324,10 @@ RESERVED CVE-2016-3088 [Fileserver web application vulnerability allowing RCE] RESERVED - - activemq + - activemq + [jessie] - activemq (file server was only enabled in 5.13.2+dfsg-2) + [wheezy] - activemq (file server was only enabled in 5.13.2+dfsg-2) NOTE: http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt - TODO: check CVE-2016-3087 RESERVED CVE-2016-3086 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42195 - data/CVE
Author: jmm Date: 2016-05-31 20:36:00 + (Tue, 31 May 2016) New Revision: 42195 Modified: data/CVE/list Log: postfixadmin no-dsa Modified: data/CVE/list === --- data/CVE/list 2016-05-31 19:53:10 UTC (rev 42194) +++ data/CVE/list 2016-05-31 20:36:00 UTC (rev 42195) @@ -12,6 +12,7 @@ NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2552 CVE-2016- [CSRF protection for POST requests] - postfixadmin (bug #825151) + [jessie] - postfixadmin (Minor issue) NOTE: http://seclists.org/fulldisclosure/2016/May/59 NOTE: https://sourceforge.net/p/postfixadmin/bugs/372/ NOTE: Fixed by: https://sourceforge.net/p/postfixadmin/code/1842 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42194 - data/CVE
Author: carnil Date: 2016-05-31 19:53:10 + (Tue, 31 May 2016) New Revision: 42194 Modified: data/CVE/list Log: Add fixed version for CVE-2016-4450/nginx, #825960 Modified: data/CVE/list === --- data/CVE/list 2016-05-31 19:04:55 UTC (rev 42193) +++ data/CVE/list 2016-05-31 19:53:10 UTC (rev 42194) @@ -1845,7 +1845,7 @@ - foreman (bug #663101) CVE-2016-4450 RESERVED - - nginx (bug #825960) + - nginx 1.10.1-1 (bug #825960) CVE-2016-4449 RESERVED - libxml2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42193 - data/CVE
Author: carnil Date: 2016-05-31 19:04:55 + (Tue, 31 May 2016) New Revision: 42193 Modified: data/CVE/list Log: Add new nginx issue Modified: data/CVE/list === --- data/CVE/list 2016-05-31 18:43:10 UTC (rev 42192) +++ data/CVE/list 2016-05-31 19:04:55 UTC (rev 42193) @@ -1845,6 +1845,7 @@ - foreman (bug #663101) CVE-2016-4450 RESERVED + - nginx (bug #825960) CVE-2016-4449 RESERVED - libxml2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42192 - data/CVE
Author: carnil Date: 2016-05-31 18:43:10 + (Tue, 31 May 2016) New Revision: 42192 Modified: data/CVE/list Log: Add CVE-2016-158{1,2}/lxd Modified: data/CVE/list === --- data/CVE/list 2016-05-31 17:22:24 UTC (rev 42191) +++ data/CVE/list 2016-05-31 18:43:10 UTC (rev 42192) @@ -10615,8 +10615,10 @@ RESERVED CVE-2016-1582 RESERVED + - lxd (bug #768073) CVE-2016-1581 RESERVED + - lxd (bug #768073) CVE-2016-1580 (The setup_snappy_os_mounts function in the ubuntu-core-launcher ...) TODO: check CVE-2016-1579 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42191 - data
Author: alteholz Date: 2016-05-31 17:22:24 + (Tue, 31 May 2016) New Revision: 42191 Modified: data/dla-needed.txt Log: still some issue open Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-31 17:21:48 UTC (rev 42190) +++ data/dla-needed.txt 2016-05-31 17:22:24 UTC (rev 42191) @@ -57,6 +57,8 @@ NOTE: maintainer would like help working on the updates but will handle the updates himself NOTE: 20160518175636.ga29...@roeckx.be -- +php5 (Thorsten Alteholz) +-- p7zip NOTE: CPP/7zip/Archive/Udf/UdfIn.cpp line 261? -- @@ -76,7 +78,6 @@ ruby-activesupport-2.3 -- ruby-activesupport-3.2 (Guido Günther) - -- ruby-eventmachine -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42190 - in data: . DLA
Author: alteholz Date: 2016-05-31 17:21:48 + (Tue, 31 May 2016) New Revision: 42190 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-499-1 for php5 Modified: data/DLA/list === --- data/DLA/list 2016-05-31 17:20:03 UTC (rev 42189) +++ data/DLA/list 2016-05-31 17:21:48 UTC (rev 42190) @@ -1,3 +1,6 @@ +[31 May 2016] DLA-499-1 php5 - security update + {CVE-2015-8865 CVE-2015-8866 CVE-2015-8878 CVE-2015-8879 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 CVE-2016-4343 CVE-2016-4537 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544} + [wheezy] - php5 5.4.45-0+deb7u3 [31 May 2016] DLA-498-1 ruby-activemodel-3.2 - security update {CVE-2016-0753} [wheezy] - ruby-activemodel-3.2 3.2.6-3+deb7u1 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-31 17:20:03 UTC (rev 42189) +++ data/dla-needed.txt 2016-05-31 17:21:48 UTC (rev 42190) @@ -60,9 +60,6 @@ p7zip NOTE: CPP/7zip/Archive/Udf/UdfIn.cpp line 261? -- -php5 (Thorsten Alteholz) - NOTE: package for testing uploaded --- quagga NOTE: see dsa-needed's notes. NOTE: Maintainer's answer: https://lists.debian.org/msgid-search/878tzv6pru@mid.deneb.enyo.de ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42189 - data/DLA
Author: carnil Date: 2016-05-31 17:20:03 + (Tue, 31 May 2016) New Revision: 42189 Modified: data/DLA/list Log: Fix version string for ruby-activemodel-3.2 Modified: data/DLA/list === --- data/DLA/list 2016-05-31 17:06:27 UTC (rev 42188) +++ data/DLA/list 2016-05-31 17:20:03 UTC (rev 42189) @@ -1,6 +1,6 @@ [31 May 2016] DLA-498-1 ruby-activemodel-3.2 - security update {CVE-2016-0753} - [wheezy] - ruby-activemodel-3.2 3.2_3.2.6-3+deb7u1 + [wheezy] - ruby-activemodel-3.2 3.2.6-3+deb7u1 [31 May 2016] DLA-497-1 wireshark - security update {CVE-2012-6052 CVE-2012-6053 CVE-2012-6054 CVE-2012-6055 CVE-2012-6056 CVE-2012-6057 CVE-2012-6058 CVE-2012-6059 CVE-2012-6060 CVE-2012-6061 CVE-2012-6062 CVE-2013-1572 CVE-2013-1573 CVE-2013-1574 CVE-2013-1575 CVE-2013-1576 CVE-2013-1577 CVE-2013-1578 CVE-2013-1579 CVE-2013-1580 CVE-2013-1581 CVE-2013-2476 CVE-2013-2479 CVE-2013-2482 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-4079 CVE-2013-4080 CVE-2013-4927 CVE-2013-4929 CVE-2013-4931 CVE-2013-5719 CVE-2013-5721 CVE-2013-6339 CVE-2013-7112 CVE-2015-6243 CVE-2015-6246 CVE-2015-6248 CVE-2016-4006 CVE-2016-4079 CVE-2016-4080 CVE-2016-4081 CVE-2016-4082 CVE-2016-4085} [wheezy] - wireshark 1.12.1+g01b65bf-4+deb8u6~deb7u1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r42188 failed
The error message was: data/DLA/list:3: expected package entry, got: '[wheezy] - ruby-activemodel-3.2 3.2_3.2.6-3+deb7u1' Makefile:22: recipe for target 'all' failed make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42188 - data
Author: agx Date: 2016-05-31 17:06:27 + (Tue, 31 May 2016) New Revision: 42188 Modified: data/dla-needed.txt Log: Grab ruby-active*-3.2 components they suffer from similar CVEs Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-31 17:02:53 UTC (rev 42187) +++ data/dla-needed.txt 2016-05-31 17:06:27 UTC (rev 42188) @@ -72,13 +72,14 @@ NOTE: One maintainer suggests to update to the stable 1.0.x branch NOTE: https://lists.debian.org/debian-lts/2016/05/msg00016.html -- -ruby-actionpack-3.2 +ruby-actionpack-3.2 (Guido Günther) -- -ruby-activerecord-3.2 +ruby-activerecord-3.2 (Guido Günther) -- ruby-activesupport-2.3 -- -ruby-activesupport-3.2 +ruby-activesupport-3.2 (Guido Günther) + -- ruby-eventmachine -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r42187 failed
The error message was: data/DLA/list:3: expected package entry, got: '[wheezy] - ruby-activemodel-3.2 3.2_3.2.6-3+deb7u1' Makefile:22: recipe for target 'all' failed make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42187 - in data: . DLA
Author: agx Date: 2016-05-31 17:02:53 + (Tue, 31 May 2016) New Revision: 42187 Modified: data/DLA/list data/dla-needed.txt Log: Grab LA-498-1 for ruby-activemodel-3.2 Modified: data/DLA/list === --- data/DLA/list 2016-05-31 12:37:47 UTC (rev 42186) +++ data/DLA/list 2016-05-31 17:02:53 UTC (rev 42187) @@ -1,3 +1,6 @@ +[31 May 2016] DLA-498-1 ruby-activemodel-3.2 - security update + {CVE-2016-0753} + [wheezy] - ruby-activemodel-3.2 3.2_3.2.6-3+deb7u1 [31 May 2016] DLA-497-1 wireshark - security update {CVE-2012-6052 CVE-2012-6053 CVE-2012-6054 CVE-2012-6055 CVE-2012-6056 CVE-2012-6057 CVE-2012-6058 CVE-2012-6059 CVE-2012-6060 CVE-2012-6061 CVE-2012-6062 CVE-2013-1572 CVE-2013-1573 CVE-2013-1574 CVE-2013-1575 CVE-2013-1576 CVE-2013-1577 CVE-2013-1578 CVE-2013-1579 CVE-2013-1580 CVE-2013-1581 CVE-2013-2476 CVE-2013-2479 CVE-2013-2482 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-4079 CVE-2013-4080 CVE-2013-4927 CVE-2013-4929 CVE-2013-4931 CVE-2013-5719 CVE-2013-5721 CVE-2013-6339 CVE-2013-7112 CVE-2015-6243 CVE-2015-6246 CVE-2015-6248 CVE-2016-4006 CVE-2016-4079 CVE-2016-4080 CVE-2016-4081 CVE-2016-4082 CVE-2016-4085} [wheezy] - wireshark 1.12.1+g01b65bf-4+deb8u6~deb7u1 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-31 12:37:47 UTC (rev 42186) +++ data/dla-needed.txt 2016-05-31 17:02:53 UTC (rev 42187) @@ -74,8 +74,6 @@ -- ruby-actionpack-3.2 -- -ruby-activemodel-3.2 (Guido Günther) --- ruby-activerecord-3.2 -- ruby-activesupport-2.3 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42186 - data/CVE
Author: carnil Date: 2016-05-31 12:37:47 + (Tue, 31 May 2016) New Revision: 42186 Modified: data/CVE/list Log: Add fixed version for onionshare issue Modified: data/CVE/list === --- data/CVE/list 2016-05-31 10:10:51 UTC (rev 42185) +++ data/CVE/list 2016-05-31 12:37:47 UTC (rev 42186) @@ -471,7 +471,7 @@ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1330237 CVE-2016-5026 [unsafe handling of temporary directory] RESERVED - - onionshare (unimportant) + - onionshare 0.8.1-2 (unimportant) [jessie] - onionshare (Vulnerable code not present) NOTE: Neutralised by kernel hardening (also contrib and non-free not supported) CVE-2016-4963 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42185 - in data: . DLA
Author: rbalint Date: 2016-05-31 10:10:51 + (Tue, 31 May 2016) New Revision: 42185 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-497-1 for wireshark Modified: data/DLA/list === --- data/DLA/list 2016-05-31 09:10:09 UTC (rev 42184) +++ data/DLA/list 2016-05-31 10:10:51 UTC (rev 42185) @@ -1,3 +1,6 @@ +[31 May 2016] DLA-497-1 wireshark - security update + {CVE-2012-6052 CVE-2012-6053 CVE-2012-6054 CVE-2012-6055 CVE-2012-6056 CVE-2012-6057 CVE-2012-6058 CVE-2012-6059 CVE-2012-6060 CVE-2012-6061 CVE-2012-6062 CVE-2013-1572 CVE-2013-1573 CVE-2013-1574 CVE-2013-1575 CVE-2013-1576 CVE-2013-1577 CVE-2013-1578 CVE-2013-1579 CVE-2013-1580 CVE-2013-1581 CVE-2013-2476 CVE-2013-2479 CVE-2013-2482 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-4079 CVE-2013-4080 CVE-2013-4927 CVE-2013-4929 CVE-2013-4931 CVE-2013-5719 CVE-2013-5721 CVE-2013-6339 CVE-2013-7112 CVE-2015-6243 CVE-2015-6246 CVE-2015-6248 CVE-2016-4006 CVE-2016-4079 CVE-2016-4080 CVE-2016-4081 CVE-2016-4082 CVE-2016-4085} + [wheezy] - wireshark 1.12.1+g01b65bf-4+deb8u6~deb7u1 [30 May 2016] DLA-496-1 ruby-activerecord-3.2 - security update {CVE-2015-7577} [wheezy] - ruby-activerecord-3.2 3.2.6-5+deb7u2 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-31 09:10:09 UTC (rev 42184) +++ data/dla-needed.txt 2016-05-31 10:10:51 UTC (rev 42185) @@ -101,8 +101,6 @@ -- vlc (Thorsten Alteholz) -- -wireshark (rbalint) --- wordpress -- xen ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42184 - data/CVE
Author: sectracker Date: 2016-05-31 09:10:09 + (Tue, 31 May 2016) New Revision: 42184 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2016-05-31 08:52:35 UTC (rev 42183) +++ data/CVE/list 2016-05-31 09:10:09 UTC (rev 42184) @@ -18509,7 +18509,7 @@ CVE-2015-7578 (Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer ...) - ruby-rails-html-sanitizer 1.0.3-1 (bug #812814) CVE-2015-7577 (activerecord/lib/active_record/nested_attributes.rb in Active Record ...) - {DSA-3464-1} + {DSA-3464-1 DLA-496-1} - rails 2:4.2.5.1-1 [wheezy] - rails (Vulnerable code not present, is only a transitional package) [squeeze] - rails (Not supported in Squeeze LTS) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42183 - data
Author: santiago Date: 2016-05-31 08:52:35 + (Tue, 31 May 2016) New Revision: 42183 Modified: data/dla-needed.txt Log: remove mediawiki from dla-needed.txt, not supported in wheezy Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-31 07:13:30 UTC (rev 42182) +++ data/dla-needed.txt 2016-05-31 08:52:35 UTC (rev 42183) @@ -49,9 +49,6 @@ -- linux -- -mediawiki - NOTE: question raised about backporting jessie version: 87y478d6no@angela.anarcat.ath.cx --- mxml -- nss ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42182 - data/CVE
Author: carnil Date: 2016-05-31 07:13:30 + (Tue, 31 May 2016) New Revision: 42182 Modified: data/CVE/list Log: mariadb-10.0 fixed in unstable Modified: data/CVE/list === --- data/CVE/list 2016-05-31 07:11:03 UTC (rev 42181) +++ data/CVE/list 2016-05-31 07:13:30 UTC (rev 42182) @@ -13941,7 +13941,7 @@ {DSA-3557-1 DLA-447-1} - mysql-5.6 5.6.30-1 (bug #821094) - mysql-5.5 (bug #821100) - - mariadb-10.0 (bug #823325) + - mariadb-10.0 10.0.25-1 (bug #823325) NOTE: Fixed in MariaDB 10.0.25 NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html @@ -13984,7 +13984,7 @@ CVE-2016-0655 (Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and ...) - mysql-5.6 5.6.30-1 (bug #821094) - mysql-5.5 (Only affects MySQL 5.6 and MySQL 5.7) - - mariadb-10.0 (bug #823325) + - mariadb-10.0 10.0.25-1 (bug #823325) NOTE: Fixed in MariaDB 10.0.25 NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html @@ -14023,7 +14023,7 @@ {DSA-3557-1 DLA-447-1} - mysql-5.6 5.6.30-1 (bug #821094) - mysql-5.5 (bug #821100) - - mariadb-10.0 (bug #823325) + - mariadb-10.0 10.0.25-1 (bug #823325) NOTE: Fixed in MariaDB 10.0.25 NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html @@ -14031,7 +14031,7 @@ {DSA-3557-1 DLA-447-1} - mysql-5.6 5.6.30-1 (bug #821094) - mysql-5.5 (bug #821100) - - mariadb-10.0 (bug #823325) + - mariadb-10.0 10.0.25-1 (bug #823325) NOTE: Fixed in MariaDB 10.0.25 NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html @@ -14053,7 +14053,7 @@ {DSA-3557-1 DLA-447-1} - mysql-5.6 5.6.30-1 (bug #821094) - mysql-5.5 (bug #821100) - - mariadb-10.0 (bug #823325) + - mariadb-10.0 10.0.25-1 (bug #823325) NOTE: Fixed in MariaDB 10.0.25 NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42181 - data/CVE
Author: carnil Date: 2016-05-31 07:11:03 + (Tue, 31 May 2016) New Revision: 42181 Modified: data/CVE/list Log: Add fixed version for CVE-2015-3192/libspring-java Modified: data/CVE/list === --- data/CVE/list 2016-05-31 04:50:59 UTC (rev 42180) +++ data/CVE/list 2016-05-31 07:11:03 UTC (rev 42181) @@ -30984,7 +30984,7 @@ NOTE: https://www.openssl.org/news/secadv/20151203.txt CVE-2015-3192 RESERVED - - libspring-java (low; bug #796137) + - libspring-java 4.1.9-1 (low; bug #796137) [wheezy] - libspring-java (Minor issue) [jessie] - libspring-java (Minor issue) NOTE: https://pivotal.io/security/cve-2015-3192 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits