[Secure-testing-commits] r42393 - data/CVE
Author: carnil Date: 2016-06-08 06:24:49 + (Wed, 08 Jun 2016) New Revision: 42393 Modified: data/CVE/list Log: Add CVE-2016-1182 Modified: data/CVE/list === --- data/CVE/list 2016-06-08 06:20:59 UTC (rev 42392) +++ data/CVE/list 2016-06-08 06:24:49 UTC (rev 42393) @@ -13003,8 +13003,11 @@ RESERVED CVE-2016-1183 RESERVED -CVE-2016-1182 +CVE-2016-1182 [Improper input validation in Validator] RESERVED + - libstruts1.2-java + NOTE: https://jvn.jp/en/jp/JVN65044642/ + NOTE: Probably a duplicate of CVE-2015-0899 CVE-2016-1181 [Vulnerability in ActionForm allows unintended remote operations against components on server memory] RESERVED - libstruts1.2-java ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42392 - data/CVE
Author: carnil Date: 2016-06-08 06:20:59 + (Wed, 08 Jun 2016) New Revision: 42392 Modified: data/CVE/list Log: Update CVE-2016-1181 Modified: data/CVE/list === --- data/CVE/list 2016-06-08 06:10:25 UTC (rev 42391) +++ data/CVE/list 2016-06-08 06:20:59 UTC (rev 42392) @@ -13007,8 +13007,9 @@ RESERVED CVE-2016-1181 [Vulnerability in ActionForm allows unintended remote operations against components on server memory] RESERVED + - libstruts1.2-java NOTE: https://jvn.jp/en/jp/JVN03188560/ - TODO: check + NOTE: Probably a duplicate of CVE-2015-0899 CVE-2016-1180 (Cross-site scripting (XSS) vulnerability in the Cyber-Will ...) TODO: check CVE-2016-1179 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42391 - data/CVE
Author: jmm
Date: 2016-06-08 06:10:25 + (Wed, 08 Jun 2016)
New Revision: 42391
Modified:
data/CVE/list
Log:
new firefox issues
drop pycurl entry, no evidence of being exploitable
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-08 06:04:14 UTC (rev 42390)
+++ data/CVE/list 2016-06-08 06:10:25 UTC (rev 42391)
@@ -7006,32 +7006,55 @@
RESERVED
CVE-2016-2834
RESERVED
+ - nss
+ - firefox-esr (Doesn't apply to Firefox ESR)
+ - firefox
CVE-2016-2833
RESERVED
+ - firefox-esr (Doesn't apply to Firefox ESR)
+ - firefox
CVE-2016-2832
RESERVED
+ - firefox-esr (Doesn't apply to Firefox ESR)
+ - firefox
CVE-2016-2831
RESERVED
+ - firefox-esr
+ - firefox
CVE-2016-2830
RESERVED
CVE-2016-2829
RESERVED
+ - firefox-esr (Doesn't apply to Firefox ESR)
+ - firefox
CVE-2016-2828
RESERVED
+ - firefox-esr
+ - firefox
CVE-2016-2827
RESERVED
CVE-2016-2826
RESERVED
+ - firefox-esr (Only affects Windows)
+ - firefox (Only affects Windows)
CVE-2016-2825
RESERVED
+ - firefox-esr (Doesn't apply to Firefox ESR)
+ - firefox
CVE-2016-2824
RESERVED
+ - firefox-esr (Only affects Windows)
+ - firefox (Only affects Windows)
CVE-2016-2823
RESERVED
CVE-2016-2822
RESERVED
+ - firefox-esr
+ - firefox
CVE-2016-2821
RESERVED
+ - firefox-esr
+ - firefox
CVE-2016-2820 (The Firefox Health Reports (aka FHR or about:healthreport)
feature in ...)
- iceweasel (Only Firefox 46)
- firefox-esr (Only Firefox 46)
@@ -7039,8 +7062,12 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-48/
CVE-2016-2819
RESERVED
+ - firefox-esr
+ - firefox
CVE-2016-2818
RESERVED
+ - firefox-esr
+ - firefox
CVE-2016-2817 (The WebExtension sandbox feature in ...)
- iceweasel (Only Firefox 46)
- firefox-esr (Only Firefox 46)
@@ -7053,6 +7080,8 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-45/
CVE-2016-2815
RESERVED
+ - firefox-esr (Doesn't apply to Firefox ESR)
+ - firefox
CVE-2016-2814 (Heap-based buffer overflow in the ...)
{DSA-3559-1}
- iceweasel
@@ -17933,13 +17962,6 @@
RESERVED
CVE-2014-9754
RESERVED
-CVE-2015- [use afer free]
- - pycurl
- [wheezy] - pycurl (Vulnerable code introduced later)
- [squeeze] - pycurl (Vulnerable code introduced later)
- NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/11/03/4
- NOTE: Upstream commit:
https://github.com/pycurl/pycurl/commit/602f8e364634d386524f0396e962c2c9de0536a9
- NOTE: support for BUFFER and BUFFERPTR form parameters added with
https://github.com/clintclayton/pycurl/commit/642f87afc14fc79c202c3b10b95ad35e97aa8615
CVE-2015-8075
REJECTED
CVE-2015-8033
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42390 - data/CVE
Author: fgeek-guest Date: 2016-06-08 06:04:14 + (Wed, 08 Jun 2016) New Revision: 42390 Modified: data/CVE/list Log: CVE-2016-1181 Modified: data/CVE/list === --- data/CVE/list 2016-06-08 05:01:10 UTC (rev 42389) +++ data/CVE/list 2016-06-08 06:04:14 UTC (rev 42390) @@ -12976,8 +12976,10 @@ RESERVED CVE-2016-1182 RESERVED -CVE-2016-1181 +CVE-2016-1181 [Vulnerability in ActionForm allows unintended remote operations against components on server memory] RESERVED + NOTE: https://jvn.jp/en/jp/JVN03188560/ + TODO: check CVE-2016-1180 (Cross-site scripting (XSS) vulnerability in the Cyber-Will ...) TODO: check CVE-2016-1179 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42389 - data/CVE
Author: carnil Date: 2016-06-08 05:01:10 + (Wed, 08 Jun 2016) New Revision: 42389 Modified: data/CVE/list Log: ntp fixed in unstable Modified: data/CVE/list === --- data/CVE/list 2016-06-08 04:49:12 UTC (rev 42388) +++ data/CVE/list 2016-06-08 05:01:10 UTC (rev 42389) @@ -1326,27 +1326,27 @@ RESERVED CVE-2016-4957 RESERVED - - ntp + - ntp 1:4.2.8p8+dfsg-1 NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi NOTE: http://support.ntp.org/bin/view/Main/NtpBug3046 CVE-2016-4956 RESERVED - - ntp + - ntp 1:4.2.8p8+dfsg-1 NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi NOTE: http://support.ntp.org/bin/view/Main/NtpBug3042 CVE-2016-4955 RESERVED - - ntp + - ntp 1:4.2.8p8+dfsg-1 NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi NOTE: http://support.ntp.org/bin/view/Main/NtpBug3043 CVE-2016-4954 RESERVED - - ntp + - ntp 1:4.2.8p8+dfsg-1 NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi NOTE: http://support.ntp.org/bin/view/Main/NtpBug3044 CVE-2016-4953 RESERVED - - ntp + - ntp 1:4.2.8p8+dfsg-1 NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi NOTE: http://support.ntp.org/bin/view/Main/NtpBug3045 CVE-2016-5117 [OpenNTPD not verifying CN during HTTPS constraints request] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42388 - data/CVE
Author: carnil Date: 2016-06-08 04:49:12 + (Wed, 08 Jun 2016) New Revision: 42388 Modified: data/CVE/list Log: CVE-2016-4347 is now rejected Modified: data/CVE/list === --- data/CVE/list 2016-06-08 04:33:12 UTC (rev 42387) +++ data/CVE/list 2016-06-08 04:49:12 UTC (rev 42388) @@ -8703,7 +8703,6 @@ NOTE: https://git.gnome.org/browse/librsvg/commit/?id=d1c9191949747f6dcfd207831d15dd4ba00e31f2 (2.40.12) CVE-2016-4347 REJECTED - NOTE: Will be rejected CVE-2016-4346 (Integer overflow in the str_pad function in ext/standard/string.c in ...) - php7.0 7.0.4-1 - php5 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42387 - data
Author: jmm Date: 2016-06-08 04:33:12 + (Wed, 08 Jun 2016) New Revision: 42387 Modified: data/next-point-update.txt Log: another spu fix for glibc Modified: data/next-point-update.txt === --- data/next-point-update.txt 2016-06-07 22:15:23 UTC (rev 42386) +++ data/next-point-update.txt 2016-06-08 04:33:12 UTC (rev 42387) @@ -6,6 +6,8 @@ [jessie] - glibc 2.19-18+deb8u5 CVE-2016-3706 [jessie] - glibc 2.19-18+deb8u5 +CVE-2016-4429 + [jessie] - glibc 2.19-18+deb8u5 CVE-2009-5147 [jessie] - ruby2.1 2.1.5-2+deb8u3 CVE-2015-7551 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42386 - data
Author: bam Date: 2016-06-07 22:15:23 + (Tue, 07 Jun 2016) New Revision: 42386 Modified: data/dla-needed.txt Log: Claim imagemagick Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-07 21:10:12 UTC (rev 42385) +++ data/dla-needed.txt 2016-06-07 22:15:23 UTC (rev 42386) @@ -30,7 +30,7 @@ icu (Roberto C. Sánchez) NOTE: check comments on CVE-2016-0494 as well -- -imagemagick +imagemagick (Brian May) -- libjackson-json-java -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42385 - data/CVE
Author: sectracker
Date: 2016-06-07 21:10:12 + (Tue, 07 Jun 2016)
New Revision: 42385
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-07 20:33:42 UTC (rev 42384)
+++ data/CVE/list 2016-06-07 21:10:12 UTC (rev 42385)
@@ -1,3 +1,93 @@
+CVE-2016-5324
+ RESERVED
+CVE-2016-5323
+ RESERVED
+CVE-2016-5322
+ RESERVED
+CVE-2016-5321
+ RESERVED
+CVE-2016-5320
+ RESERVED
+CVE-2016-5317
+ RESERVED
+CVE-2016-5316
+ RESERVED
+CVE-2016-5315
+ RESERVED
+CVE-2016-5314
+ RESERVED
+CVE-2016-5313
+ RESERVED
+CVE-2016-5312
+ RESERVED
+CVE-2016-5311
+ RESERVED
+CVE-2016-5310
+ RESERVED
+CVE-2016-5309
+ RESERVED
+CVE-2016-5308
+ RESERVED
+CVE-2016-5307
+ RESERVED
+CVE-2016-5306
+ RESERVED
+CVE-2016-5305
+ RESERVED
+CVE-2016-5304
+ RESERVED
+CVE-2016-5303
+ RESERVED
+CVE-2016-5302
+ RESERVED
+CVE-2015-8913
+ RESERVED
+CVE-2015-8912
+ RESERVED
+CVE-2015-8911
+ RESERVED
+CVE-2015-8910
+ RESERVED
+CVE-2015-8909
+ RESERVED
+CVE-2015-8908
+ RESERVED
+CVE-2015-8907
+ RESERVED
+CVE-2015-8906
+ RESERVED
+CVE-2015-8905
+ RESERVED
+CVE-2015-8904
+ RESERVED
+CVE-2015-113
+ RESERVED
+CVE-2015-112
+ RESERVED
+CVE-2015-111
+ RESERVED
+CVE-2015-110
+ RESERVED
+CVE-2015-109
+ RESERVED
+CVE-2015-108
+ RESERVED
+CVE-2015-107
+ RESERVED
+CVE-2015-106
+ RESERVED
+CVE-2015-105
+ RESERVED
+CVE-2015-104
+ RESERVED
+CVE-2015-103
+ RESERVED
+CVE-2015-102
+ RESERVED
+CVE-2015-101
+ RESERVED
+CVE-2015-100
+ RESERVED
CVE-2016-5299
RESERVED
CVE-2016-5298
@@ -109,6 +199,7 @@
CVE-2016-5245
RESERVED
CVE-2016-4456 [GNUTLS-SA-2016-1]
+ RESERVED
- gnutls28 3.4.13-1
[jessie] - gnutls28 (Introduced in 3.4.12)
NOTE: http://gnutls.org/security.html#GNUTLS-SA-2016-1
@@ -130,9 +221,11 @@
CVE-2014-9855
RESERVED
CVE-2016-5319 [bmp2tiff: PackBitsEncode heap buffer overflow]
+ RESERVED
- tiff
- tiff3
CVE-2016-5318 [thumbnail: stack buffer overflow in _TIFFVGetField function]
+ RESERVED
- tiff
- tiff3
NOTE: Upstream will remove thumbnail from 4.0.7 release
@@ -143,6 +236,7 @@
NOTE: https://github.com/arvidn/libtorrent/pull/782
CVE-2016-5300 [use of too little entropy]
RESERVED
+ {DSA-3597-1}
- expat 2.1.1-3
CVE-2016-5244 [rds: fix an infoleak in rds_inc_info_copy]
RESERVED
@@ -152,8 +246,7 @@
RESERVED
- linux
NOTE: https://patchwork.ozlabs.org/patch/629100/
-CVE-2016-5242 [arm: Host crash caused by VMID exhaustion]
- RESERVED
+CVE-2016-5242 (The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x
through 4.6.x ...)
- xen
[jessie] - xen (Minor issue, can be fixed along in a future
DSA)
NOTE: http://xenbits.xen.org/xsa/advisory-181.html
@@ -795,6 +888,7 @@
RESERVED
CVE-2016-5108 [crash and potential code execution when processing QuickTime
IMA files]
RESERVED
+ {DSA-3598-1}
- vlc 2.2.3-2 (bug #825728)
[wheezy] - vlc (Unsupported in wheezy-lts)
NOTE: Details: http://www.openwall.com/lists/oss-security/2016/05/27/3
@@ -1214,13 +1308,11 @@
- onionshare 0.8.1-2 (unimportant)
[jessie] - onionshare (Vulnerable code not present)
NOTE: Neutralised by kernel hardening (also contrib and non-free not
supported)
-CVE-2016-4963 [Unsanitised driver domain input in libxl device handling]
- RESERVED
+CVE-2016-4963 (The libxl device-handling in Xen through 4.6.x allows local OS
guest ...)
- xen
[jessie] - xen (Minor issue, too intrusive to backport)
NOTE: http://xenbits.xen.org/xsa/advisory-178.html
-CVE-2016-4962 [Unsanitised guest input in libxl device handling code]
- RESERVED
+CVE-2016-4962 (The libxl device-handling in Xen 4.6.x and earlier allows local
OS ...)
- xen
[jessie] - xen (Minor issue, can be fixed along in a future
DSA)
NOTE: http://xenbits.xen.org/xsa/advisory-175.html
@@ -2619,8 +2711,7 @@
CVE-2016-4451
RESERVED
- foreman (bug #663101)
-CVE-2016-4450
- RESERVED
+CVE-2016-4450 (os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before
1.11.1 ...)
{DSA-3592-1}
- nginx 1.10.1-1 (bug #825960)
[wheezy] - nginx (Introduced in 1.3.9)
@@ -2680,8 +2771,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337502
CVE-2016-4438
RESERVED
-CVE-2016-4437 [information disclosure]
- RESERVED
+CVE-2016-4437 (Apache Shiro before 1.2.5, when a cipher key has not been
configured ...)
- shiro (bug #8266
[Secure-testing-commits] r42384 - data/CVE
Author: jmm Date: 2016-06-07 20:33:42 + (Tue, 07 Jun 2016) New Revision: 42384 Modified: data/CVE/list Log: line up two xen issues for future DSA Modified: data/CVE/list === --- data/CVE/list 2016-06-07 20:27:09 UTC (rev 42383) +++ data/CVE/list 2016-06-07 20:33:42 UTC (rev 42384) @@ -155,6 +155,7 @@ CVE-2016-5242 [arm: Host crash caused by VMID exhaustion] RESERVED - xen + [jessie] - xen (Minor issue, can be fixed along in a future DSA) NOTE: http://xenbits.xen.org/xsa/advisory-181.html CVE-2016-5241 RESERVED @@ -1221,6 +1222,7 @@ CVE-2016-4962 [Unsanitised guest input in libxl device handling code] RESERVED - xen + [jessie] - xen (Minor issue, can be fixed along in a future DSA) NOTE: http://xenbits.xen.org/xsa/advisory-175.html CVE-2016-4961 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42383 - in data: . DSA
Author: jmm
Date: 2016-06-07 20:27:09 + (Tue, 07 Jun 2016)
New Revision: 42383
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
vlc DSA
Modified: data/DSA/list
===
--- data/DSA/list 2016-06-07 16:21:14 UTC (rev 42382)
+++ data/DSA/list 2016-06-07 20:27:09 UTC (rev 42383)
@@ -1,3 +1,6 @@
+[07 Jun 2016] DSA-3598-1 vlc - security update
+ {CVE-2016-5108}
+ [jessie] - vlc 2.2.4-1~deb8u1
[07 Jun 2016] DSA-3597-1 expat - security update
{CVE-2012-6702 CVE-2016-5300}
[jessie] - expat 2.1.0-6+deb8u3
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-06-07 16:21:14 UTC (rev 42382)
+++ data/dsa-needed.txt 2016-06-07 20:27:09 UTC (rev 42383)
@@ -51,5 +51,3 @@
--
tomcat8 (Markus Koschany)
--
-vlc (jmm)
---
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42382 - in data: . DSA
Author: luciano
Date: 2016-06-07 16:21:14 + (Tue, 07 Jun 2016)
New Revision: 42382
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
DSA-3597-1: expat
Modified: data/DSA/list
===
--- data/DSA/list 2016-06-07 14:36:51 UTC (rev 42381)
+++ data/DSA/list 2016-06-07 16:21:14 UTC (rev 42382)
@@ -1,3 +1,6 @@
+[07 Jun 2016] DSA-3597-1 expat - security update
+ {CVE-2012-6702 CVE-2016-5300}
+ [jessie] - expat 2.1.0-6+deb8u3
[06 Jun 2016] DSA-3596-1 spice - security update
{CVE-2016-0749 CVE-2016-2150}
[jessie] - spice 0.12.5-1+deb8u3
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-06-07 14:36:51 UTC (rev 42381)
+++ data/dsa-needed.txt 2016-06-07 16:21:14 UTC (rev 42382)
@@ -14,8 +14,6 @@
--
389-ds-base
--
-expat (luciano)
---
graphicsmagick (luciano)
--
icu
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42381 - data
Author: santiago Date: 2016-06-07 14:36:51 + (Tue, 07 Jun 2016) New Revision: 42381 Modified: data/dla-needed.txt Log: Take spice in data/dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-07 14:35:55 UTC (rev 42380) +++ data/dla-needed.txt 2016-06-07 14:36:51 UTC (rev 42381) @@ -93,7 +93,7 @@ samba (Santiago R.R.) NOTE: regression update required for #821811, patches available -- -spice +spice (Santiago R.R.) -- squid -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42380 - in data: . CVE
Author: jmm
Date: 2016-06-07 14:35:55 + (Tue, 07 Jun 2016)
New Revision: 42380
Modified:
data/CVE/list
data/dsa-needed.txt
Log:
new hhvm issues (related to PHP bugs)
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-07 13:59:05 UTC (rev 42379)
+++ data/CVE/list 2016-06-07 14:35:55 UTC (rev 42380)
@@ -2471,10 +2471,12 @@
{DLA-499-1}
- php7.0 7.0.6-1
- php5 5.6.21+dfsg-1
+ - hhvm
NOTE: https://bugs.php.net/bug.php?id=72099
NOTE:
https://git.php.net/?p=php-src.git;a=commit;h=dccda88f27a084bcbbb30198ace12b4e7ae961cc
NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
+ NOTE: HHVM fix:
https://github.com/facebook/hhvm/commit/7290b3bbcaa1e10a8d807fab3242204e9ec3a015
CVE-2016-4537 (The bcpowmod function in ext/bcmath/bcmath.c in PHP before
5.5.35, ...)
{DLA-499-1}
- php7.0 7.0.6-1
@@ -3945,10 +3947,12 @@
{DSA-3560-1 DLA-499-1}
- php7.0 7.0.5-1
- php5 5.6.20+dfsg-1
+ - hhvm
NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
NOTE: https://bugs.php.net/bug.php?id=71798
NOTE:
https://git.php.net/?p=php-src.git;a=commit;h=95433e8e339dbb6b5d5541473c1661db6ba2c451
NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
+ NOTE: Fix in HHVM:
https://github.com/facebook/hhvm/commit/ea6ff01f6c31f1615a935ef96622d623a6277d37
CVE-2016-4071 (Format string vulnerability in the php_snmp_error function in
...)
{DSA-3560-1 DLA-499-1}
- php7.0 7.0.5-1
@@ -4095,6 +4099,7 @@
- php7.0 7.0.5-1
- php5 5.6.20+dfsg-1
- file 1:5.24-1
+ - hhvm
[jessie] - file (Minor issue, magic file needs to be under
attacker control)
NOTE: http://bugs.gw.com/view.php?id=522
NOTE:
https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36
@@ -4102,6 +4107,7 @@
NOTE:
http://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e
NOTE: PHP fixed in 7.0.5, 5.6.20, 5.5.34
NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
+ NOTE: Fix in HHVM:
https://github.com/facebook/hhvm/commit/4e614ba041e24af8351afbb49c92444c0850f23b
CVE-2016-3993 (Off-by-one error in the __imlib_MergeUpdate function in
lib/updates.c ...)
{DSA-3555-1}
- imlib2 1.4.8-1 (bug #819818)
@@ -6155,11 +6161,13 @@
- libgd2 2.1.1-4.1 (bug #822242)
- php5 5.6.21+dfsg-1 (unimportant)
- php7.0 7.0.6-1 (unimportant)
- - hhvm (Implements additional sanity checks)
+ - hhvm (unimportant)
+ NOTE: HHVM implements additional sanity checks, not directly epxloitable
NOTE: PoC:
https://github.com/dyntopia/exploits/tree/master/CVE-2016-3074
NOTE: Upstream fix:
https://github.com/libgd/libgd/commit/2bb97f407c1145c850416a3bfbcc8cf124e68a19
NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
NOTE: PHP bug: https://bugs.php.net/bug.php?id=71912
+ NOTE: HHVM fix:
https://github.com/facebook/hhvm/commit/29a6487d648d1593e1e2fa615d9b3a844756ddc3
TODO: check (texlive, libwmf)
CVE-2016-3073
RESERVED
@@ -8597,7 +8605,7 @@
NOTE:
http://git.php.net/?p=php-src.git;a=commit;h=54c210d2ea9b8539edcde1888b1104b96b38e886
NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
- hhvm 3.12.1+dfsg-1
- NOTE:
https://github.com/facebook/hhvm/commit/eae73029336e4d577707cb8a0527f22cb8a4588a
+ NOTE:
https://github.com/facebook/hhvm/commit/381702ffbfdae170ba3fff97d6cc1b9c69666854
CVE-2016-4348 (The _rsvg_css_normalize_font_size function in librsvg 2.40.2
allows ...)
{DSA-3584-1 DLA-477-1}
- librsvg 2.40.12-1
@@ -10435,8 +10443,10 @@
[squeeze] - php5 (Vulnerable code not present, check in
gdImageRotate() already available)
- php5.6 5.6.17+dfsg-1
- php7.0 7.0.2-1
+ - hhvm
NOTE: https://bugs.php.net/bug.php?id=70976
NOTE:
https://git.php.net/?p=php-src.git;a=commit;h=4b8394dd78571826ac66a69dc240c623f31d78f8
+ NOTE: Fix in HHVM:
https://github.com/facebook/hhvm/commit/f91abcc3b156823688c54158fc4fa36d87570afe
CVE-2016-1901 (Integer overflow in the authenticate_post function in CGit
before 0.12 ...)
{DSA-3545-1}
- cgit 0.11.2.git2.3.2-1.1 (bug #812411)
@@ -34616,12 +34626,14 @@
{DSA-3215-1 DLA-189-1}
- libgd2 2.1.0-5
- php5 5.6.5+dfsg-1 (unimportant)
+ - hhvm
NOTE: https://bugs.php.net/bug.php?id=68601
NOTE: Fix in libgd2:
https://bitbucket.org/libgd/gd-libgd/commits/47eb44b2e90ca88a08dca9f9a1aa9041e9587f43
NOTE: Also related:
https://bitbucket.org/libgd/gd-libgd/commits/81e9a993f2893d651d225646378e3fd1b7465467
NOTE:
http://git.php.net/?p=php-src.git;a=commitdiff;h=07b5896a1389c3e865cbd2fb353806b2
[Secure-testing-commits] r42379 - data/CVE
Author: jmm Date: 2016-06-07 13:59:05 + (Tue, 07 Jun 2016) New Revision: 42379 Modified: data/CVE/list Log: bug filed for shiro, no-dsa Modified: data/CVE/list === --- data/CVE/list 2016-06-07 12:59:53 UTC (rev 42378) +++ data/CVE/list 2016-06-07 13:59:05 UTC (rev 42379) @@ -2678,7 +2678,8 @@ RESERVED CVE-2016-4437 [information disclosure] RESERVED - - shiro + - shiro (bug #826653) + [jessie] - shiro (Minor issue) CVE-2016-4436 RESERVED CVE-2016-4435 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42378 - data
Author: jmm Date: 2016-06-07 12:59:53 + (Tue, 07 Jun 2016) New Revision: 42378 Modified: data/next-point-update.txt Log: two more spu uploads Modified: data/next-point-update.txt === --- data/next-point-update.txt 2016-06-07 11:47:22 UTC (rev 42377) +++ data/next-point-update.txt 2016-06-07 12:59:53 UTC (rev 42378) @@ -16,3 +16,7 @@ [jessie] - policykit-1 0.105-15~deb8u1 CVE-2015-3218 [jessie] - policykit-1 0.105-15~deb8u1 +CVE-2016-4414 + [jessie] - quassel 1:0.10.0-2.3+deb8u3 +CVE-2016-4338 + [jessie] - zabbix 1:2.2.7+dfsg-2+deb8u1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42377 - in data: . CVE
Author: carnil Date: 2016-06-07 11:47:22 + (Tue, 07 Jun 2016) New Revision: 42377 Modified: data/CVE/list data/next-point-update.txt Log: Fix policykit-1 entries, were not included in jessie point release Modified: data/CVE/list === --- data/CVE/list 2016-06-07 11:43:45 UTC (rev 42376) +++ data/CVE/list 2016-06-07 11:47:22 UTC (rev 42377) @@ -28684,7 +28684,7 @@ CVE-2015-4625 (Integer overflow in the authentication_agent_new_cookie function in ...) [experimental] - policykit-1 0.113-1 - policykit-1 0.105-12 (low; bug #796134) - [jessie] - policykit-1 0.105-15~deb8u1 + [jessie] - policykit-1 (Minor issue) [wheezy] - policykit-1 (Minor issue) [squeeze] - policykit-1 (Minor issue) NOTE: http://lists.freedesktop.org/archives/polkit-devel/2015-May/000419.html @@ -31441,7 +31441,7 @@ CVE-2015-3255 (The polkit_backend_action_pool_init function in ...) [experimental] - policykit-1 0.113-1 - policykit-1 0.105-12 (bug #796134) - [jessie] - policykit-1 0.105-15~deb8u1 + [jessie] - policykit-1 (Minor issue) [wheezy] - policykit-1 (Minor issue) [squeeze] - policykit-1 (Minor issue) NOTE: http://cgit.freedesktop.org/polkit/commit/?id=9f5e0c731784003bd4d6fc75ab739ff8b2ea269f @@ -31628,7 +31628,7 @@ CVE-2015-3218 (The authentication_agent_new function in ...) [experimental] - policykit-1 0.113-1 - policykit-1 0.105-11 (bug #787932) - [jessie] - policykit-1 0.105-15~deb8u1 + [jessie] - policykit-1 (Minor issue) [wheezy] - policykit-1 (Minor issue) [squeeze] - policykit-1 (Vulnerable code introduced later) NOTE: http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html Modified: data/next-point-update.txt === --- data/next-point-update.txt 2016-06-07 11:43:45 UTC (rev 42376) +++ data/next-point-update.txt 2016-06-07 11:47:22 UTC (rev 42377) @@ -10,3 +10,9 @@ [jessie] - ruby2.1 2.1.5-2+deb8u3 CVE-2015-7551 [jessie] - ruby2.1 2.1.5-2+deb8u3 +CVE-2015-3255 + [jessie] - policykit-1 0.105-15~deb8u1 +CVE-2015-4625 + [jessie] - policykit-1 0.105-15~deb8u1 +CVE-2015-3218 + [jessie] - policykit-1 0.105-15~deb8u1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42376 - data
Author: carnil Date: 2016-06-07 11:43:45 + (Tue, 07 Jun 2016) New Revision: 42376 Modified: data/next-point-update.txt Log: Add pending updates for ruby2.1 Modified: data/next-point-update.txt === --- data/next-point-update.txt 2016-06-07 11:18:25 UTC (rev 42375) +++ data/next-point-update.txt 2016-06-07 11:43:45 UTC (rev 42376) @@ -6,3 +6,7 @@ [jessie] - glibc 2.19-18+deb8u5 CVE-2016-3706 [jessie] - glibc 2.19-18+deb8u5 +CVE-2009-5147 + [jessie] - ruby2.1 2.1.5-2+deb8u3 +CVE-2015-7551 + [jessie] - ruby2.1 2.1.5-2+deb8u3 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42375 - data/CVE
Author: fgeek-guest Date: 2016-06-07 11:18:25 + (Tue, 07 Jun 2016) New Revision: 42375 Modified: data/CVE/list Log: CVE-2016-5318/tiff update Modified: data/CVE/list === --- data/CVE/list 2016-06-07 11:16:49 UTC (rev 42374) +++ data/CVE/list 2016-06-07 11:18:25 UTC (rev 42375) @@ -132,10 +132,10 @@ CVE-2016-5319 [bmp2tiff: PackBitsEncode heap buffer overflow] - tiff - tiff3 -CVE-2016-5318 +CVE-2016-5318 [thumbnail: stack buffer overflow in _TIFFVGetField function] - tiff - tiff3 - TODO: check + NOTE: Upstream will remove thumbnail from 4.0.7 release CVE-2016-5301 [denial of service] RESERVED - libtorrent-rasterbar (bug #826380) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42374 - data/CVE
Author: fgeek-guest Date: 2016-06-07 11:16:49 + (Tue, 07 Jun 2016) New Revision: 42374 Modified: data/CVE/list Log: CVE-2016-5319/tiff update Modified: data/CVE/list === --- data/CVE/list 2016-06-07 11:16:14 UTC (rev 42373) +++ data/CVE/list 2016-06-07 11:16:49 UTC (rev 42374) @@ -129,10 +129,9 @@ RESERVED CVE-2014-9855 RESERVED -CVE-2016-5319 +CVE-2016-5319 [bmp2tiff: PackBitsEncode heap buffer overflow] - tiff - tiff3 - TODO: check CVE-2016-5318 - tiff - tiff3 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42373 - data/CVE
Author: carnil Date: 2016-06-07 11:16:14 + (Tue, 07 Jun 2016) New Revision: 42373 Modified: data/CVE/list Log: CVE-2016-4456 already assigned by Red Hat Modified: data/CVE/list === --- data/CVE/list 2016-06-07 10:50:46 UTC (rev 42372) +++ data/CVE/list 2016-06-07 11:16:14 UTC (rev 42373) @@ -108,11 +108,11 @@ RESERVED CVE-2016-5245 RESERVED -CVE-2016- [GNUTLS-SA-2016-1] +CVE-2016-4456 [GNUTLS-SA-2016-1] - gnutls28 3.4.13-1 [jessie] - gnutls28 (Introduced in 3.4.12) NOTE: http://gnutls.org/security.html#GNUTLS-SA-2016-1 - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/06/07/2 + NOTE: http://www.openwall.com/lists/oss-security/2016/06/07/2 CVE-2016-102 RESERVED CVE-2014-9861 @@ -2592,8 +2592,6 @@ CVE-2016-4457 RESERVED NOT-FOR-US: Red Hat CloudForms -CVE-2016-4456 - RESERVED CVE-2016-4455 RESERVED NOT-FOR-US: Red Hat Subscription Manager ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42372 - data
Author: lamby Date: 2016-06-07 10:50:46 + (Tue, 07 Jun 2016) New Revision: 42372 Modified: data/dla-needed.txt Log: Re-add libpdfbox-java and libxstream-java; they have not been uploaded Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-07 09:54:45 UTC (rev 42371) +++ data/dla-needed.txt 2016-06-07 10:50:46 UTC (rev 42372) @@ -34,6 +34,8 @@ -- libjackson-json-java -- +libpdfbox-java (Markus Koschany) +-- libspring-java The JSON/JaF doesn't appear to be present in wheezy but the content-disposition stuff might be. @@ -42,6 +44,8 @@ -- libxslt (Emilio Pozuelo) -- +libxstream-java (Markus Koschany) +-- linux -- mat ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42371 - in data: . DLA
Author: opal
Date: 2016-06-07 09:54:45 + (Tue, 07 Jun 2016)
New Revision: 42371
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-507-1 for nss
Modified: data/DLA/list
===
--- data/DLA/list 2016-06-07 09:10:15 UTC (rev 42370)
+++ data/DLA/list 2016-06-07 09:54:45 UTC (rev 42371)
@@ -1,3 +1,6 @@
+[07 Jun 2016] DLA-507-1 nss - security update
+ {CVE-2015-4000}
+ [wheezy] - nss 2:3.14.5-1+deb7u7
[06 Jun 2016] DLA-506-1 dhcpcd5 - security update
{CVE-2014-7912 CVE-2014-7913}
[wheezy] - dhcpcd5 5.5.6-1+deb7u2
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-06-07 09:10:15 UTC (rev 42370)
+++ data/dla-needed.txt 2016-06-07 09:54:45 UTC (rev 42371)
@@ -50,8 +50,6 @@
--
mysql-connector-java
--
-nss (Ola Lundqvist)
---
ntp (Santiago R.R.)
NOTE: maintainer would like help working on the updates but will handle the
updates himself
NOTE: 20160518175636.ga29...@roeckx.be
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42370 - data/CVE
Author: sectracker
Date: 2016-06-07 09:10:15 + (Tue, 07 Jun 2016)
New Revision: 42370
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-07 06:46:24 UTC (rev 42369)
+++ data/CVE/list 2016-06-07 09:10:15 UTC (rev 42370)
@@ -46766,10 +46766,12 @@
CVE-2014-7914
RESERVED
CVE-2014-7913 (The print_option function in dhcp-common.c in dhcpcd through
6.9.1, as ...)
+ {DLA-506-1}
- dhcpcd5
NOTE: Fixed for Android in
https://android.googlesource.com/platform/external/dhcpcd/+/73c09dd8067250734511d955d8f792b41c7213f0%5E!/
NOTE: Fixed on upstream trunk in
http://roy.marples.name/projects/dhcpcd/ci/528541c4c619520e?sbs=0
CVE-2014-7912 (The get_option function in dhcp.c in dhcpcd before 6.2.0, as
used in ...)
+ {DLA-506-1}
- dhcpcd5 6.9.1-1
NOTE: Fixed for Android in
https://android.googlesource.com/platform/external/dhcpcd/+/73c09dd8067250734511d955d8f792b41c7213f0%5E!/
NOTE: Fixed on upstream trunk in
http://roy.marples.name/projects/dhcpcd/ci/d71cfd8aa203bffe?sbs=0
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
