[Secure-testing-commits] r42234 - data/DLA
Author: apo Date: 2016-06-02 05:59:33 + (Thu, 02 Jun 2016) New Revision: 42234 Modified: data/DLA/list Log: Reserve DLA-501-1 for gdk-pixbuf Modified: data/DLA/list === --- data/DLA/list 2016-06-02 05:11:25 UTC (rev 42233) +++ data/DLA/list 2016-06-02 05:59:33 UTC (rev 42234) @@ -1,3 +1,6 @@ +[02 Jun 2016] DLA-501-1 gdk-pixbuf - security update + {CVE-2015-7552} + [wheezy] - gdk-pixbuf 2.26.1-1+deb7u5 [01 Jun 2016] DLA-500-1 imagemagick - security update {CVE-2016-5118} [wheezy] - imagemagick 8:6.7.7.10-5+deb7u6 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42233 - data/CVE
Author: fgeek-guest Date: 2016-06-02 05:11:25 + (Thu, 02 Jun 2016) New Revision: 42233 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2016-06-02 04:34:06 UTC (rev 42232) +++ data/CVE/list 2016-06-02 05:11:25 UTC (rev 42233) @@ -856,6 +856,7 @@ RESERVED CVE-2016-4945 RESERVED + NOT-FOR-US: Citrix NetScaler Gateway CVE-2015-8880 (Double free vulnerability in the format printer in PHP 7.x before ...) - php7.0 7.0.1-1 NOTE: Fixed in PHP 7.0.1 @@ -1180,6 +1181,7 @@ RESERVED CVE-2016-4810 RESERVED + NOT-FOR-US: Citrix CVE-2016-4913 (The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux ...) - linux 4.5.4-1 NOTE: Fixed by: https://git.kernel.org/linus/99d825822eade8d827a1817357cbf3f889a552d6 (v4.6) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42232 - data/CVE
Author: carnil Date: 2016-06-02 04:34:06 + (Thu, 02 Jun 2016) New Revision: 42232 Modified: data/CVE/list Log: CVE-2016-5118/imagemagick fixed in unstable Modified: data/CVE/list === --- data/CVE/list 2016-06-02 04:26:00 UTC (rev 42231) +++ data/CVE/list 2016-06-02 04:34:06 UTC (rev 42232) @@ -343,7 +343,7 @@ CVE-2016-5118 [popen() shell vulnerability via filename] RESERVED {DSA-3591-1 DLA-500-1} - - imagemagick (bug #825799) + - imagemagick 8:6.8.9.9-7.1 (bug #825799) - graphicsmagick 1.3.24-1 (bug #825800) NOTE: fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ae3928faa858 CVE-2016-5116 [xbm: avoid stack overflow (read) with large names] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42231 - data/CVE
Author: carnil Date: 2016-06-02 04:26:00 + (Thu, 02 Jun 2016) New Revision: 42231 Modified: data/CVE/list Log: Add fixed version information for libxml2 in unstable upload Modified: data/CVE/list === --- data/CVE/list 2016-06-02 04:20:20 UTC (rev 42230) +++ data/CVE/list 2016-06-02 04:26:00 UTC (rev 42231) @@ -2200,7 +2200,7 @@ [wheezy] - nginx (Introduced in 1.3.9) CVE-2016-4449 RESERVED - - libxml2 + - libxml2 2.9.3+dfsg1-1.1 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=761430 NOTE: https://git.gnome.org/browse/libxml2/commit/?id=b1d34de46a11323fccffa9fadeb33be670d602f5 (v2.9.4) CVE-2016-4448 @@ -2214,7 +2214,7 @@ TODO: check versions, applying the two commits quite intrusive CVE-2016-4447 RESERVED - - libxml2 + - libxml2 2.9.3+dfsg1-1.1 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759573 NOTE: https://git.gnome.org/browse/libxml2/commit/?id=00906759053986b8079985644172085f74331f83 (v2.9.4) CVE-2016-4446 @@ -2320,7 +2320,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2016/05/04/2 CVE-2016-4483 RESERVED - - libxml2 (bug #823405) + - libxml2 2.9.3+dfsg1-1.1 (bug #823405) [jessie] - libxml2 (Minor issue, only when using libxml2 using recovery mode) [wheezy] - libxml2 (Minor issue, only when using libxml2 using recovery mode) NOTE: https://git.gnome.org/browse/libxml2/commit/?id=c97750d11bb8b6f3303e7131fe526a61ac65bcfd (v2.9.4) @@ -4263,7 +4263,7 @@ - eglibc NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20010 CVE-2016-3705 (The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions ...) - - libxml2 (bug #823414) + - libxml2 2.9.3+dfsg1-1.1 (bug #823414) NOTE: https://git.gnome.org/browse/libxml2/commit/?id=8f30bdff69edac9075f4663ce3b56b0c52d48ce6 (v2.9.4) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=765207 CVE-2016-3704 @@ -4571,7 +4571,7 @@ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1319661 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1318509 CVE-2016-3627 (The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and ...) - - libxml2 (bug #819006) + - libxml2 2.9.3+dfsg1-1.1 (bug #819006) NOTE: https://git.gnome.org/browse/libxml2/commit/?id=bdd66182ef53fe1f7209ab6535fda56366bd7ac9 (v2.9.4) NOTE: http://www.openwall.com/lists/oss-security/2016/03/21/3 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=762100 @@ -9030,7 +9030,7 @@ CVE-2016-2093 RESERVED CVE-2015-8806 (dict.c in libxml2 allows remote attackers to cause a denial of service ...) - - libxml2 (bug #813613) + - libxml2 2.9.3+dfsg1-1.1 (bug #813613) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=749115 NOTE: Same fix as CVE-2016-1839 seems to resolve the issue CVE-2015-8805 (The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not ...) @@ -9279,7 +9279,7 @@ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/26/5 NOTE: http://sourceforge.net/p/giflib/code/ci/4cc68b315ff9a378aef6664e1be6b2144ad4a5e6/ CVE-2016-2073 (The htmlParseNameComplex function in HTMLparser.c in libxml2 allows ...) - - libxml2 (bug #812807) + - libxml2 2.9.3+dfsg1-1.1 (bug #812807) NOTE: http://www.openwall.com/lists/oss-security/2016/01/25/6 NOTE: http://www.openwall.com/lists/oss-security/2016/01/26/8 has details NOTE: Same fix as CVE-2016-1839 and CVE-2015-8806 @@ -10155,40 +10155,40 @@ - libxslt TODO: check, most likely *not* only Apple specific CVE-2016-1840 (libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...) - - libxml2 + - libxml2 2.9.3+dfsg1-1.1 NOTE: https://git.gnome.org/browse/libxml2/commit/?id=cbb271655cadeb8dbb258a64701d9a3a0c4835b4 (v2.9.4) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=757711 CVE-2016-1839 (libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...) - - libxml2 + - libxml2 2.9.3+dfsg1-1.1 NOTE: https://git.gnome.org/browse/libxml2/commit/?id=a820dbeac29d330bae4be05d9ecd939ad6b4aa33 (v2.9.4) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758605 NOTE: https://code.google.com/p/google-security-research/issues/detail?id=637 CVE-2016-1838 (libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...) - - libxml2 + - libxml2 2.9.3+dfsg1-1.1 NOTE: https://git.gnome.org/browse/libxml2/commit/?id=db07dd613e461df93dde7902c6505629bf0734e9 (v2.9.4) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758588 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=639 CVE-2016-1837 (libxml2, as used in Apple iOS before 9.3.2, OS X before
[Secure-testing-commits] r42230 - data/CVE
Author: carnil Date: 2016-06-02 04:20:20 + (Thu, 02 Jun 2016) New Revision: 42230 Modified: data/CVE/list Log: Reference comit for CVE-2016-2177 Modified: data/CVE/list === --- data/CVE/list 2016-06-01 22:28:05 UTC (rev 42229) +++ data/CVE/list 2016-06-02 04:20:20 UTC (rev 42230) @@ -8768,7 +8768,7 @@ CVE-2016-2177 RESERVED - openssl - NOTE: Fixed in 1.0.2 branch in a004e72b95835136d3f1ea90517f706c24c03da7 + NOTE: Fixed in 1.0.2 branch in https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7 CVE-2016-2176 (The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL ...) - openssl (Only applies to EBCDIC systems) NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ea96ad5a206b7b5f25dad230333e8ff032df3219 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42228 - data/CVE
Author: sectracker Date: 2016-06-01 21:10:08 + (Wed, 01 Jun 2016) New Revision: 42228 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2016-06-01 21:05:01 UTC (rev 42227) +++ data/CVE/list 2016-06-01 21:10:08 UTC (rev 42228) @@ -1,3 +1,285 @@ +CVE-2016-5234 + RESERVED +CVE-2016-5233 + RESERVED +CVE-2016-5232 + RESERVED +CVE-2016-5231 + RESERVED +CVE-2016-5230 + RESERVED +CVE-2016-5229 + RESERVED +CVE-2016-5228 + RESERVED +CVE-2016-5227 + RESERVED +CVE-2016-5226 + RESERVED +CVE-2016-5225 + RESERVED +CVE-2016-5224 + RESERVED +CVE-2016-5223 + RESERVED +CVE-2016-5222 + RESERVED +CVE-2016-5221 + RESERVED +CVE-2016-5220 + RESERVED +CVE-2016-5219 + RESERVED +CVE-2016-5218 + RESERVED +CVE-2016-5217 + RESERVED +CVE-2016-5216 + RESERVED +CVE-2016-5215 + RESERVED +CVE-2016-5214 + RESERVED +CVE-2016-5213 + RESERVED +CVE-2016-5212 + RESERVED +CVE-2016-5211 + RESERVED +CVE-2016-5210 + RESERVED +CVE-2016-5209 + RESERVED +CVE-2016-5208 + RESERVED +CVE-2016-5207 + RESERVED +CVE-2016-5206 + RESERVED +CVE-2016-5205 + RESERVED +CVE-2016-5204 + RESERVED +CVE-2016-5203 + RESERVED +CVE-2016-5202 + RESERVED +CVE-2016-5201 + RESERVED +CVE-2016-5200 + RESERVED +CVE-2016-5199 + RESERVED +CVE-2016-5198 + RESERVED +CVE-2016-5197 + RESERVED +CVE-2016-5196 + RESERVED +CVE-2016-5195 + RESERVED +CVE-2016-5194 + RESERVED +CVE-2016-5193 + RESERVED +CVE-2016-5192 + RESERVED +CVE-2016-5191 + RESERVED +CVE-2016-5190 + RESERVED +CVE-2016-5189 + RESERVED +CVE-2016-5188 + RESERVED +CVE-2016-5187 + RESERVED +CVE-2016-5186 + RESERVED +CVE-2016-5185 + RESERVED +CVE-2016-5184 + RESERVED +CVE-2016-5183 + RESERVED +CVE-2016-5182 + RESERVED +CVE-2016-5181 + RESERVED +CVE-2016-5180 + RESERVED +CVE-2016-5179 + RESERVED +CVE-2016-5178 + RESERVED +CVE-2016-5177 + RESERVED +CVE-2016-5176 + RESERVED +CVE-2016-5175 + RESERVED +CVE-2016-5174 + RESERVED +CVE-2016-5173 + RESERVED +CVE-2016-5172 + RESERVED +CVE-2016-5171 + RESERVED +CVE-2016-5170 + RESERVED +CVE-2016-5169 + RESERVED +CVE-2016-5168 + RESERVED +CVE-2016-5167 + RESERVED +CVE-2016-5166 + RESERVED +CVE-2016-5165 + RESERVED +CVE-2016-5164 + RESERVED +CVE-2016-5163 + RESERVED +CVE-2016-5162 + RESERVED +CVE-2016-5161 + RESERVED +CVE-2016-5160 + RESERVED +CVE-2016-5159 + RESERVED +CVE-2016-5158 + RESERVED +CVE-2016-5157 + RESERVED +CVE-2016-5156 + RESERVED +CVE-2016-5155 + RESERVED +CVE-2016-5154 + RESERVED +CVE-2016-5153 + RESERVED +CVE-2016-5152 + RESERVED +CVE-2016-5151 + RESERVED +CVE-2016-5150 + RESERVED +CVE-2016-5149 + RESERVED +CVE-2016-5148 + RESERVED +CVE-2016-5147 + RESERVED +CVE-2016-5146 + RESERVED +CVE-2016-5145 + RESERVED +CVE-2016-5144 + RESERVED +CVE-2016-5143 + RESERVED +CVE-2016-5142 + RESERVED +CVE-2016-5141 + RESERVED +CVE-2016-5140 + RESERVED +CVE-2016-5139 + RESERVED +CVE-2016-5138 + RESERVED +CVE-2016-5137 + RESERVED +CVE-2016-5136 + RESERVED +CVE-2016-5135 + RESERVED +CVE-2016-5134 + RESERVED +CVE-2016-5133 + RESERVED +CVE-2016-5132 + RESERVED +CVE-2016-5131 + RESERVED +CVE-2016-5130 + RESERVED +CVE-2016-5129 + RESERVED +CVE-2016-5128 + RESERVED +CVE-2016-5127 + RESERVED +CVE-2015-8893 + RESERVED +CVE-2015-8892 + RESERVED +CVE-2015-8891 + RESERVED +CVE-2015-8890 + RESERVED +CVE-2015-8889 + RESERVED +CVE-2015- + RESERVED +CVE-2014-9802 + RESERVED +CVE-2014-9801 + RESERVED +CVE-2014-9800 + RESERVED +CVE-2014-9799 + RESERVED +CVE-2014-9798 + RESERVED +CVE-2014-9797 + RESERVED +CVE-2014-9796 + RESERVED +CVE-2014-9795 + RESERVED +CVE-2014-9794 + RESERVED +CVE-2014-9793 + RESERVED +CVE-2014-9792 + RESERVED +CVE-2014-9791 + RESERVED +CVE-2014-9790 + RESERVED +CVE-2014-9789 + RESERVED +CVE-2014-9788 + RESERVED +CVE-2014-9787 + RESERVED +CVE-2014-9786 + RESERVED +CVE-2014-9785 + RESERVED +CVE-2014-9784 + RESERVED +CVE-2014-9783 + RESERVED +CVE-2014-9782 + RESERVED +CVE-2014-9781 + RESERVED +CVE-2014-9780 + RESERVED +CVE-2014-9779 + RESERVED +CVE-2014-9778 + RESERVED +CVE-2014-9777 + RESERVED +CVE-2013-7457 + RESERVED CVE-2016-5125 RESERVED CVE-2016-5124 @@ -60,6 +342,7 @@ NOTE: Fixed by:
[Secure-testing-commits] r42227 - data
Author: opal Date: 2016-06-01 21:05:01 + (Wed, 01 Jun 2016) New Revision: 42227 Modified: data/dla-needed.txt Log: Claim dhcpcd5. Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-01 21:03:00 UTC (rev 42226) +++ data/dla-needed.txt 2016-06-01 21:05:01 UTC (rev 42227) @@ -18,7 +18,7 @@ cakephp NOTE: CVE-2015-8379 No official solution is currently available, 20160425 -- -dhcpcd5 +dhcpcd5 (Ola Lundqvist) -- extplorer NOTE: 20160529, no fix yet ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42226 - data
Author: opal Date: 2016-06-01 21:03:00 + (Wed, 01 Jun 2016) New Revision: 42226 Modified: data/dla-needed.txt Log: Question security support of squid package. Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-01 18:37:37 UTC (rev 42225) +++ data/dla-needed.txt 2016-06-01 21:03:00 UTC (rev 42226) @@ -87,6 +87,7 @@ NOTE: regression update required for #821811, patches available -- squid + Q: Should we give security support when there is a squid3 package in wheezy? -- tardiff fw asked maintainer for preparing debdiffs for wheezy- and jessie-security ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42225 - data/CVE
Author: jmm Date: 2016-06-01 18:37:37 + (Wed, 01 Jun 2016) New Revision: 42225 Modified: data/CVE/list Log: new openssl issue Modified: data/CVE/list === --- data/CVE/list 2016-06-01 18:29:06 UTC (rev 42224) +++ data/CVE/list 2016-06-01 18:37:37 UTC (rev 42225) @@ -8483,6 +8483,8 @@ RESERVED CVE-2016-2177 RESERVED + - openssl + NOTE: Fixed in 1.0.2 branch in a004e72b95835136d3f1ea90517f706c24c03da7 CVE-2016-2176 (The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL ...) - openssl (Only applies to EBCDIC systems) NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ea96ad5a206b7b5f25dad230333e8ff032df3219 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42224 - in data: . DSA
Author: jmm Date: 2016-06-01 18:29:06 + (Wed, 01 Jun 2016) New Revision: 42224 Modified: data/DSA/list data/dsa-needed.txt Log: nginx DSA Modified: data/DSA/list === --- data/DSA/list 2016-06-01 17:46:55 UTC (rev 42223) +++ data/DSA/list 2016-06-01 18:29:06 UTC (rev 42224) @@ -1,3 +1,6 @@ +[01 Jun 2016] DSA-3592-1 nginx - security update + {CVE-2016-4450} + [jessie] - nginx 1.6.2-5+deb8u2 [01 Jun 2016] DSA-3591-1 imagemagick - security update {CVE-2016-5118} [jessie] - imagemagick 8:6.8.9.9-5+deb8u3 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-06-01 17:46:55 UTC (rev 42223) +++ data/dsa-needed.txt 2016-06-01 18:29:06 UTC (rev 42224) @@ -33,8 +33,6 @@ minissdpd NOTE: debdiff sent by Thorsten Alteholz to the Security Team on 2016-03-28 -- -nginx (jmm) --- nss -- ntp ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42223 - in data: . DLA
Author: pochu Date: 2016-06-01 17:46:55 + (Wed, 01 Jun 2016) New Revision: 42223 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-500-1 for imagemagick Modified: data/DLA/list === --- data/DLA/list 2016-06-01 15:35:24 UTC (rev 4) +++ data/DLA/list 2016-06-01 17:46:55 UTC (rev 42223) @@ -1,3 +1,6 @@ +[01 Jun 2016] DLA-500-1 imagemagick - security update + {CVE-2016-5118} + [wheezy] - imagemagick 8:6.7.7.10-5+deb7u6 [31 May 2016] DLA-499-1 php5 - security update {CVE-2015-8865 CVE-2015-8866 CVE-2015-8878 CVE-2015-8879 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 CVE-2016-4343 CVE-2016-4537 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544} [wheezy] - php5 5.4.45-0+deb7u3 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-01 15:35:24 UTC (rev 4) +++ data/dla-needed.txt 2016-06-01 17:46:55 UTC (rev 42223) @@ -32,8 +32,6 @@ icu (Roberto C. Sánchez) NOTE: check comments on CVE-2016-0494 as well -- -imagemagick (Emilio Pozuelo) --- libjackson-json-java -- libpdfbox-java ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42222 - data
Author: carnil Date: 2016-06-01 15:35:24 + (Wed, 01 Jun 2016) New Revision: 4 Modified: data/dsa-needed.txt Log: Add libpdfbox-java to dsa-needed list, but not urgent Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-06-01 15:12:17 UTC (rev 42221) +++ data/dsa-needed.txt 2016-06-01 15:35:24 UTC (rev 4) @@ -18,6 +18,10 @@ -- icu -- +libpdfbox-java + Maintainer proposed debdiff, but first wait a bit for the upload + in unstable to be tested/exposed for possible regressions. +-- libxml2 (carnil) NOTE: https://people.debian.org/~carnil/tmp/libxml2/jessie/ -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42221 - data/CVE
Author: carnil Date: 2016-06-01 15:12:17 + (Wed, 01 Jun 2016) New Revision: 42221 Modified: data/CVE/list Log: Mark CVE-2016-2174 as NFU Modified: data/CVE/list === --- data/CVE/list 2016-06-01 14:29:39 UTC (rev 42220) +++ data/CVE/list 2016-06-01 15:12:17 UTC (rev 42221) @@ -8494,6 +8494,7 @@ NOTE: Fixed on upstream 2.0 branch in https://svn.apache.org/viewvc?view=revision=1739565 CVE-2016-2174 RESERVED + NOT-FOR-US: Apache Ranger CVE-2016-2173 RESERVED NOT-FOR-US: Spring AMQP ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42220 - data
Author: jmm Date: 2016-06-01 14:29:39 + (Wed, 01 Jun 2016) New Revision: 42220 Modified: data/dsa-needed.txt Log: take vlc Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-06-01 14:26:10 UTC (rev 42219) +++ data/dsa-needed.txt 2016-06-01 14:29:39 UTC (rev 42220) @@ -55,5 +55,5 @@ -- tomcat8 (Markus Koschany) -- -vlc +vlc (jmm) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42219 - data/CVE
Author: carnil Date: 2016-06-01 14:26:10 + (Wed, 01 Jun 2016) New Revision: 42219 Modified: data/CVE/list Log: Add fixed version for CVE-2016-2175/libpdfbox-java Modified: data/CVE/list === --- data/CVE/list 2016-06-01 14:18:27 UTC (rev 42218) +++ data/CVE/list 2016-06-01 14:26:10 UTC (rev 42219) @@ -8489,7 +8489,7 @@ NOTE: https://www.openssl.org/news/secadv/20160503.txt CVE-2016-2175 RESERVED - - libpdfbox-java + - libpdfbox-java 1:1.8.12-1 NOTE: Fixed on upstream 1.8 branch in https://svn.apache.org/viewvc?view=revision=1739564 NOTE: Fixed on upstream 2.0 branch in https://svn.apache.org/viewvc?view=revision=1739565 CVE-2016-2174 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42217 - data/DSA
Author: carnil Date: 2016-06-01 14:13:23 + (Wed, 01 Jun 2016) New Revision: 42217 Modified: data/DSA/list Log: Add missing epoch for DSA-3591-1/imagemagick Modified: data/DSA/list === --- data/DSA/list 2016-06-01 12:54:09 UTC (rev 42216) +++ data/DSA/list 2016-06-01 14:13:23 UTC (rev 42217) @@ -1,6 +1,6 @@ [01 Jun 2016] DSA-3591-1 imagemagick - security update {CVE-2016-5118} - [jessie] - imagemagick 6.8.9.9-5+deb8u3 + [jessie] - imagemagick 8:6.8.9.9-5+deb8u3 [01 Jun 2016] DSA-3590-1 chromium-browser - security update {CVE-2016-1667 CVE-2016-1668 CVE-2016-1669 CVE-2016-1670 CVE-2016-1672 CVE-2016-1673 CVE-2016-1674 CVE-2016-1675 CVE-2016-1676 CVE-2016-1677 CVE-2016-1678 CVE-2016-1679 CVE-2016-1680 CVE-2016-1681 CVE-2016-1682 CVE-2016-1683 CVE-2016-1684 CVE-2016-1685 CVE-2016-1686 CVE-2016-1687 CVE-2016-1688 CVE-2016-1689 CVE-2016-1690 CVE-2016-1691 CVE-2016-1692 CVE-2016-1693 CVE-2016-1694 CVE-2016-1695} [jessie] - chromium-browser 51.0.2704.63-1~deb8u1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42218 - data
Author: carnil Date: 2016-06-01 14:18:27 + (Wed, 01 Jun 2016) New Revision: 42218 Modified: data/dsa-needed.txt Log: Take samba for regression update Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-06-01 14:13:23 UTC (rev 42217) +++ data/dsa-needed.txt 2016-06-01 14:18:27 UTC (rev 42218) @@ -47,7 +47,7 @@ -- salt -- -samba +samba (carnil) Samba maintainers are preparing updates for regressions -- squid3 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42216 - data
Author: hertzog Date: 2016-06-01 12:54:09 + (Wed, 01 Jun 2016) New Revision: 42216 Modified: data/dla-needed.txt Log: Add link to credativ's work Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-01 11:20:45 UTC (rev 42215) +++ data/dla-needed.txt 2016-06-01 12:54:09 UTC (rev 42216) @@ -105,4 +105,6 @@ wordpress -- xen + Update prepared by credativ ready here: https://people.debian.org/~zobel/xen-lts/ + Just need review, upload and DLA. -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42215 - data/CVE
Author: aurel32 Date: 2016-06-01 11:20:45 + (Wed, 01 Jun 2016) New Revision: 42215 Modified: data/CVE/list Log: CVE-2016-4429 is fixed in glibc 2.22-10 Modified: data/CVE/list === --- data/CVE/list 2016-06-01 10:20:49 UTC (rev 42214) +++ data/CVE/list 2016-06-01 11:20:45 UTC (rev 42215) @@ -1990,7 +1990,7 @@ RESERVED CVE-2016-4429 [stack (frame) overflow in Sun RPC clntudp_call()] RESERVED - - glibc + - glibc 2.22-10 [jessie] - glibc (Minor issue) - eglibc [wheezy] - eglibc (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42214 - data/CVE
Author: jmm Date: 2016-06-01 10:20:49 + (Wed, 01 Jun 2016) New Revision: 42214 Modified: data/CVE/list Log: bacula fixed Modified: data/CVE/list === --- data/CVE/list 2016-06-01 10:08:04 UTC (rev 42213) +++ data/CVE/list 2016-06-01 10:20:49 UTC (rev 42214) @@ -164389,10 +164389,11 @@ CVE-2007-5627 (PHP remote file inclusion vulnerability in content/fnc-readmail3.php ...) NOT-FOR-US: Socketmail CVE-2007-5626 (make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a ...) - - bacula (unimportant; bug #446809) + - bacula 5.0.0-1 (unimportant; bug #446809) NOTE: this script needs the default database password and name needs to be set which NOTE: would be a bigger problem in a non-trusted environment. Apart from NOTE: this is documented in the bacula documentation + NOTE: Since bacula 5.0.0 "make_catalog_backup.pl" is used by default, which is not affected CVE-2007-5625 (Cross-site scripting (XSS) vulnerability in filename.asp in ASP Site ...) NOT-FOR-US: Site Search SearchSimon Lite CVE-2007-5624 (Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42213 - data
Author: pochu Date: 2016-06-01 10:08:04 + (Wed, 01 Jun 2016) New Revision: 42213 Modified: data/dla-needed.txt Log: Claim libxslt in data/dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-01 09:54:21 UTC (rev 42212) +++ data/dla-needed.txt 2016-06-01 10:08:04 UTC (rev 42213) @@ -47,7 +47,7 @@ NOTE: carnil is looking in partially triaging the libxml2 issues as well for wheezy NOTE: and publish preliminary work on https://people.debian.org/~carnil/tmp/libxml2/wheezy -- -libxslt +libxslt (Emilio Pozuelo) -- libxstream-java (jmm) Emmanuel Bourg proposed debdiff for both wheezy- and jessie-security ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42212 - in data: . DSA
Author: luciano Date: 2016-06-01 09:54:21 + (Wed, 01 Jun 2016) New Revision: 42212 Modified: data/DSA/list data/dsa-needed.txt Log: DSA-3591-1 imagemagick Modified: data/DSA/list === --- data/DSA/list 2016-06-01 09:17:16 UTC (rev 42211) +++ data/DSA/list 2016-06-01 09:54:21 UTC (rev 42212) @@ -1,3 +1,6 @@ +[01 Jun 2016] DSA-3591-1 imagemagick - security update + {CVE-2016-5118} + [jessie] - imagemagick 6.8.9.9-5+deb8u3 [01 Jun 2016] DSA-3590-1 chromium-browser - security update {CVE-2016-1667 CVE-2016-1668 CVE-2016-1669 CVE-2016-1670 CVE-2016-1672 CVE-2016-1673 CVE-2016-1674 CVE-2016-1675 CVE-2016-1676 CVE-2016-1677 CVE-2016-1678 CVE-2016-1679 CVE-2016-1680 CVE-2016-1681 CVE-2016-1682 CVE-2016-1683 CVE-2016-1684 CVE-2016-1685 CVE-2016-1686 CVE-2016-1687 CVE-2016-1688 CVE-2016-1689 CVE-2016-1690 CVE-2016-1691 CVE-2016-1692 CVE-2016-1693 CVE-2016-1694 CVE-2016-1695} [jessie] - chromium-browser 51.0.2704.63-1~deb8u1 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-06-01 09:17:16 UTC (rev 42211) +++ data/dsa-needed.txt 2016-06-01 09:54:21 UTC (rev 42212) @@ -18,8 +18,6 @@ -- icu -- -imagemagick (luciano) --- libxml2 (carnil) NOTE: https://people.debian.org/~carnil/tmp/libxml2/jessie/ -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42211 - data
Author: jmm Date: 2016-06-01 09:17:16 + (Wed, 01 Jun 2016) New Revision: 42211 Modified: data/dsa-needed.txt Log: add and take nginx Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-06-01 09:10:09 UTC (rev 42210) +++ data/dsa-needed.txt 2016-06-01 09:17:16 UTC (rev 42211) @@ -31,6 +31,8 @@ minissdpd NOTE: debdiff sent by Thorsten Alteholz to the Security Team on 2016-03-28 -- +nginx (jmm) +-- nss -- ntp ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42210 - data/CVE
Author: sectracker Date: 2016-06-01 09:10:09 + (Wed, 01 Jun 2016) New Revision: 42210 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2016-06-01 06:40:50 UTC (rev 42209) +++ data/CVE/list 2016-06-01 09:10:09 UTC (rev 42210) @@ -10253,125 +10253,153 @@ RESERVED CVE-2016-1695 RESERVED + {DSA-3590-1} - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2016-1694 RESERVED + {DSA-3590-1} - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2016-1693 RESERVED + {DSA-3590-1} - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2016-1692 RESERVED + {DSA-3590-1} - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2016-1691 RESERVED + {DSA-3590-1} - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2016-1690 RESERVED + {DSA-3590-1} - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2016-1689 RESERVED + {DSA-3590-1} - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2016-1688 RESERVED + {DSA-3590-1} - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not supported in Wheezy) - libv8 (unimportant) NOTE: libv8 not covered by security support CVE-2016-1687 RESERVED + {DSA-3590-1} - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2016-1686 RESERVED + {DSA-3590-1} - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2016-1685 RESERVED + {DSA-3590-1} - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2016-1684 RESERVED + {DSA-3590-1} - libxslt - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not supported in Wheezy) NOTE: Chromium bug report: https://code.google.com/p/chromium/issues/detail?id=583171 CVE-2016-1683 RESERVED + {DSA-3590-1} - libxslt - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not supported in Wheezy) NOTE: Chromium bug report: https://code.google.com/p/chromium/issues/detail?id=583156 CVE-2016-1682 RESERVED + {DSA-3590-1} - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2016-1681 RESERVED + {DSA-3590-1} - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2016-1680 RESERVED + {DSA-3590-1} - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2016-1679 RESERVED + {DSA-3590-1} - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2016-1678 RESERVED + {DSA-3590-1} - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not supported in Wheezy) - libv8 (unimportant) NOTE: libv8 not covered by security support CVE-2016-1677 RESERVED + {DSA-3590-1} - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not supported in Wheezy) - libv8 (unimportant) NOTE: libv8 not covered by security support CVE-2016-1676 RESERVED + {DSA-3590-1} - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2016-1675 RESERVED + {DSA-3590-1} - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2016-1674 RESERVED + {DSA-3590-1} - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2016-1673 RESERVED + {DSA-3590-1} - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2016-1672 RESERVED + {DSA-3590-1} - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2016-1671 (Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and ...) - chromium-browser (Android-specific) CVE-2016-1670 (Race condition in the ResourceDispatcherHostImpl::BeginRequest ...) + {DSA-3590-1} - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not
[Secure-testing-commits] r42209 - bin
Author: agx Date: 2016-06-01 06:40:50 + (Wed, 01 Jun 2016) New Revision: 42209 Modified: bin/support-ended.py Log: bin/support-ended.py: properly format error message Modified: bin/support-ended.py === --- bin/support-ended.py2016-06-01 06:12:23 UTC (rev 42208) +++ bin/support-ended.py2016-06-01 06:40:50 UTC (rev 42209) @@ -59,7 +59,7 @@ pattern = "security-support-ended.deb*" lists = glob.glob(os.path.join(dir, pattern)) if not lists: -raise Exception("No lists matching %s found in %s", (pattern, dir)) +raise Exception("No lists matching %s found in %s" % (pattern, dir)) end = datetime.datetime.today() + datetime.timedelta(days=days) if days else None ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42208 - data/CVE
Author: carnil Date: 2016-06-01 06:12:23 + (Wed, 01 Jun 2016) New Revision: 42208 Modified: data/CVE/list Log: Add CVE-2016-4457 Modified: data/CVE/list === --- data/CVE/list 2016-06-01 03:59:54 UTC (rev 42207) +++ data/CVE/list 2016-06-01 06:12:23 UTC (rev 42208) @@ -1881,6 +1881,7 @@ RESERVED CVE-2016-4457 RESERVED + NOT-FOR-US: Red Hat CloudForms CVE-2016-4456 RESERVED CVE-2016-4455 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits