[Secure-testing-commits] r42543 - data/CVE
Author: pere Date: 2016-06-15 06:55:39 + (Wed, 15 Jun 2016) New Revision: 42543 Modified: data/CVE/list Log: Reported CVE-2010-5321 to BTS as bug #827340. Modified: data/CVE/list === --- data/CVE/list 2016-06-15 06:48:25 UTC (rev 42542) +++ data/CVE/list 2016-06-15 06:55:39 UTC (rev 42543) @@ -41337,7 +41337,7 @@ NOT-FOR-US: Smoothwall CVE-2010-5321 [v4l: videobuf: hotfix a bug on multiple calls to mmap()] RESERVED - - linux + - linux (bug #827340) - linux-2.6 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=620629#c0 CVE-2010-5320 (Multiple cross-site request forgery (CSRF) vulnerabilities in MemHT ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42542 - data/CVE
Author: carnil Date: 2016-06-15 06:48:25 + (Wed, 15 Jun 2016) New Revision: 42542 Modified: data/CVE/list Log: Add fixed version for CVE-2016-5238 Modified: data/CVE/list === --- data/CVE/list 2016-06-15 06:43:50 UTC (rev 42541) +++ data/CVE/list 2016-06-15 06:48:25 UTC (rev 42542) @@ -763,7 +763,7 @@ NOTE: http://git.imagemagick.org/repos/ImageMagick/commit/70a2cf326ed32bedee144b961005c63846541a16 CVE-2016-5238 [scsi: esp: OOB write when using non-DMA mode in get_cmd] RESERVED - - qemu (bug #826152) + - qemu 1:2.6+dfsg-3 (bug #826152) [jessie] - qemu (Minor issue) [wheezy] - qemu (Minor issue) - qemu-kvm ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42541 - data/CVE
Author: carnil Date: 2016-06-15 06:43:50 + (Wed, 15 Jun 2016) New Revision: 42541 Modified: data/CVE/list Log: Add CVE-2016-4470 Modified: data/CVE/list === --- data/CVE/list 2016-06-15 06:36:42 UTC (rev 42540) +++ data/CVE/list 2016-06-15 06:43:50 UTC (rev 42541) @@ -3015,6 +3015,8 @@ RESERVED CVE-2016-4470 RESERVED + - linux + NOTE: https://www.spinics.net/lists/linux-kernel-janitors/msg26069.html CVE-2016-4469 RESERVED CVE-2016-4468 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42540 - data/CVE
Author: jmm Date: 2016-06-15 06:36:42 + (Wed, 15 Jun 2016) New Revision: 42540 Modified: data/CVE/list Log: re-add dovecot entry, seems to have been typoed earlier Modified: data/CVE/list === --- data/CVE/list 2016-06-15 04:41:39 UTC (rev 42539) +++ data/CVE/list 2016-06-15 06:36:42 UTC (rev 42540) @@ -1404,6 +1404,8 @@ TODO: Most likely Red Hat-specific CVE-2016-4983 RESERVED + - dovecot + TODO: Most likely Red Hat-specific CVE-2016-4982 RESERVED NOT-FOR-US: authd ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42539 - data/CVE
Author: carnil
Date: 2016-06-15 04:41:39 + (Wed, 15 Jun 2016)
New Revision: 42539
Modified:
data/CVE/list
Log:
Update CVE-2016-498{1,2}
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-15 04:29:35 UTC (rev 42538)
+++ data/CVE/list 2016-06-15 04:41:39 UTC (rev 42539)
@@ -1406,11 +1406,11 @@
RESERVED
CVE-2016-4982
RESERVED
- - dovecot
- TODO: Most likely Red Hat-specific
+ NOT-FOR-US: authd
CVE-2016-4981
RESERVED
NOT-FOR-US: authd
+ TODO: possibly a typo in the CVE ID alias?
CVE-2016-4980
RESERVED
NOT-FOR-US: Red Hat xguest kiosk mode
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42538 - data/CVE
Author: carnil Date: 2016-06-15 04:29:35 + (Wed, 15 Jun 2016) New Revision: 42538 Modified: data/CVE/list Log: Add new tiff issues, left TODO item, needs marking as no-dsa were appropriate Modified: data/CVE/list === --- data/CVE/list 2016-06-15 04:14:54 UTC (rev 42537) +++ data/CVE/list 2016-06-15 04:29:35 UTC (rev 42538) @@ -300,22 +300,46 @@ NOTE: https://github.com/wireshark/wireshark/commit/b4d16b4495b732888e12baf5b8a7e9bf2665e22b CVE-2016-5324 RESERVED -CVE-2016-5323 +CVE-2016-5323 [tiffcrop _TIFFFax3fillruns(): divide by zero] RESERVED -CVE-2016-5322 + - tiff + - tiff3 + TODO: check +CVE-2016-5322 [extractContigSamplesBytes: out-of-bounds read] RESERVED -CVE-2016-5321 + - tiff + - tiff3 + TODO: check +CVE-2016-5321 [DumpModeDecode(): Ddos] RESERVED -CVE-2016-5320 + - tiff + - tiff3 + TODO: check +CVE-2016-5320 [rgb2ycbcr: command excution] RESERVED -CVE-2016-5317 + - tiff + - tiff3 + TODO: check +CVE-2016-5317 [GNOME nautilus: crash occurs when generating a thumbnail for a crafted TIFF image] RESERVED -CVE-2016-5316 + - tiff + - tiff3 + TODO: check, disputable that this actually would be as well a nautilus issue +CVE-2016-5316 [tif_pixarlog.c: PixarLogCleanup() Segmentation fault] RESERVED -CVE-2016-5315 + - tiff + - tiff3 + TODO: check +CVE-2016-5315 [tif_dir.c: setByteArray() Read access violation] RESERVED -CVE-2016-5314 + - tiff + - tiff3 + TODO: check +CVE-2016-5314 [PixarLogDecode() out-of-bound writes] RESERVED + - tiff + - tiff3 + TODO: check CVE-2016-5313 RESERVED CVE-2016-5312 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42537 - data/CVE
Author: carnil Date: 2016-06-15 04:14:54 + (Wed, 15 Jun 2016) New Revision: 42537 Modified: data/CVE/list Log: Mark CVE-2016-1951/nspr as no-dsa Modified: data/CVE/list === --- data/CVE/list 2016-06-14 21:10:09 UTC (rev 42536) +++ data/CVE/list 2016-06-15 04:14:54 UTC (rev 42537) @@ -10627,6 +10627,7 @@ - firefox-esr 45.0esr-1 - firefox 45.0-1 - nspr 2:4.12-1 + [jessie] - nspr (Minor issue) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1174015 NOTE: https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/dV4MyMsg6jw NOTE: Upstream commit: https://hg.mozilla.org/projects/nspr/rev/96381e3aaae2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42536 - data/CVE
Author: sectracker
Date: 2016-06-14 21:10:09 + (Tue, 14 Jun 2016)
New Revision: 42536
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-14 20:57:07 UTC (rev 42535)
+++ data/CVE/list 2016-06-14 21:10:09 UTC (rev 42536)
@@ -338,8 +338,8 @@
RESERVED
CVE-2016-5303
RESERVED
-CVE-2016-5302
- RESERVED
+CVE-2016-5302 (Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment
has ...)
+ TODO: check
CVE-2015-8914
RESERVED
- neutron
@@ -746,8 +746,8 @@
[wheezy] - qemu-kvm (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1341931
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg00150.html
-CVE-2016-5234
- RESERVED
+CVE-2016-5234 (Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint
...)
+ TODO: check
CVE-2016-5233 (Huawei Mate 8 smartphones with software NXT-AL10 before ...)
TODO: check
CVE-2016-5232
@@ -1455,8 +1455,7 @@
NOTE: Introduced after:
http://git.qemu.org/?p=qemu.git;a=commit;h=e8f943c3bcc2a578bfd30b825f2ebaf345c63a09
(v1.2.0-rc0)
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04419.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1339583
-CVE-2016-5104
- RESERVED
+CVE-2016-5104 (The socket_create function in common/socket.c in
libimobiledevice and ...)
- libimobiledevice 1.2.0+dfsg-3 (bug #825553)
[jessie] - libimobiledevice (Minor issue)
[wheezy] - libimobiledevice (Vulnerable code not present)
@@ -1473,12 +1472,14 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/8
CVE-2016-5096 [int/size_t confusion in fread]
RESERVED
+ {DSA-3602-1}
- php5 5.6.22+dfsg-1
NOTE: PHP bug: https://bugs.php.net/bug.php?id=72114
NOTE: Fixed in 5.6.22, 5.5.36
NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
CVE-2016-5095 [don't create strings with lengths outside int range]
RESERVED
+ {DSA-3602-1}
- php5 5.6.22+dfsg-1
NOTE: PHP bug: https://bugs.php.net/bug.php?id=72135
NOTE: Fixed in 5.6.22, 5.5.36
@@ -1486,12 +1487,14 @@
NOTE: For the additional issue reported in the "[2016-05-17 12:55 UTC]"
comment
CVE-2016-5094 [don't create strings with lengths outside int range]
RESERVED
+ {DSA-3602-1}
- php5 5.6.22+dfsg-1
NOTE: PHP bug: https://bugs.php.net/bug.php?id=72135
NOTE: Fixed in 5.6.22, 5.5.36
NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
CVE-2016-5093 [get_icu_value_internal out-of-bounds read]
RESERVED
+ {DSA-3602-1}
- php7.0 7.0.7-1
- php5 5.6.22+dfsg-1
NOTE: PHP bug: https://bugs.php.net/bug.php?id=72241
@@ -1499,7 +1502,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
CVE-2013-7456 [Fixed memory overrun bug in gdImageScaleTwoPass]
RESERVED
- {DSA-3587-1}
+ {DSA-3602-1 DSA-3587-1}
- libgd2 2.1.1-1
[wheezy] - libgd2 (Vulnerable code not present)
NOTE:
https://github.com/libgd/libgd/commit/4f65a3e4eedaffa1efcf9ee1eb08f0b504fbc31a
(gd-2.1.1)
@@ -2022,8 +2025,7 @@
RESERVED
- openslp-dfsg (Vulnerable code not present)
NOTE: Issue present only in OpenSLP 2.x where the return from malloc
isn't checked.
-CVE-2016-4911 [Incorrect Audit IDs in Keystone Fernet Tokens can result in
revocation bypass]
- RESERVED
+CVE-2016-4911 (The Fernet Token Provider in OpenStack Identity (Keystone)
9.0.x ...)
- keystone 2:9.0.0-2 (bug #824683)
[jessie] - keystone (affects only 9.0.0)
[wheezy] - keystone (affects only 9.0.0)
@@ -2545,16 +2547,14 @@
[wheezy] - linux (Vulnerable code introduced later)
NOTE: Fixed by:
https://git.kernel.org/linus/5ec0811d30378ae104f250bfc9b3640242d81e3f (v4.6-rc7)
NOTE: Introduced by:
https://git.kernel.org/linus/f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68
(v3.15-rc1)
-CVE-2016-4579
- RESERVED
+CVE-2016-4579 (Libksba before 1.3.4 allows remote attackers to cause a denial
of ...)
{DLA-470-1}
- libksba 1.3.4-3
[jessie] - libksba 1.3.2-1+deb8u1
NOTE:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=a7eed17a0b2a1c09ef986f3b4b323cd31cea2b64
CVE-2016-4572
RESERVED
-CVE-2016-4574 [incomplete fix for CVE-2016-4356]
- RESERVED
+CVE-2016-4574 (Off-by-one error in the append_utf8_value function in the DN
decoder ...)
- libksba 1.3.4-3
[jessie] - libksba (Incomplete fix not applied)
[wheezy] - libksba (Incomplete fix not applied)
@@ -2886,7 +2886,7 @@
NOTE: https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html
TODO: check
CVE-2016-4539 (The xml_parse_into_struct function in ext/xml/x
[Secure-testing-commits] r42535 - data/CVE
Author: jmm
Date: 2016-06-14 20:57:07 + (Tue, 14 Jun 2016)
New Revision: 42535
Modified:
data/CVE/list
Log:
swift N/a
clarify two tiff issues as affecting the lib
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-14 20:40:14 UTC (rev 42534)
+++ data/CVE/list 2016-06-14 20:57:07 UTC (rev 42535)
@@ -525,11 +525,11 @@
RESERVED
CVE-2014-9855
RESERVED
-CVE-2016-5319 [bmp2tiff: PackBitsEncode heap buffer overflow]
+CVE-2016-5319 [libtiff: PackBitsEncode heap buffer overflow]
RESERVED
- tiff
- tiff3
-CVE-2016-5318 [thumbnail: stack buffer overflow in _TIFFVGetField function]
+CVE-2016-5318 [libtiff: stack buffer overflow in _TIFFVGetField function]
RESERVED
- tiff
- tiff3
@@ -13614,7 +13614,6 @@
NOTE: http://seclists.org/bugtraq/2015/Dec/138
NOTE: no fix published yet
NOTE: Red Hat say it's only OOB read:
https://bugzilla.redhat.com/show_bug.cgi?id=1294425#c1
- TODO: check
CVE-2015-8683 (The putcontig8bitCIELab function in tif_getimage.c in LibTIFF
4.0.6 ...)
{DSA-3467-1 DLA-402-1}
- tiff 4.0.6-1 (bug #809021)
@@ -14780,14 +14779,14 @@
NOTE: Upstream fix:
https://git.libssh.org/projects/libssh.git/commit/?h=v0-7&id=f8d0026c65fc8a55748ae481758e2cf376c26c86
CVE-2016-0738 (OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x,
and 2.5.x ...)
- swift 2.5.0-3 (bug #812984)
+ [jessie] - swift (Vulnerable code not present)
[wheezy] - swift (Vulnerable code not present)
NOTE: Swift: >=2.2.1 <= 2.3.0, >= 2.4.0 <= 2.5.0
- TODO: check
CVE-2016-0737 (OpenStack Object Storage (Swift) before 2.4.0 does not properly
close ...)
- swift 2.4.0-1
+ [jessie] - swift (Vulnerable code not present)
[wheezy] - swift (Vulnerable code not present)
NOTE: Swift: >=2.2.1 <= 2.3.0
- TODO: check, not exaclty clear if it really only was introduced in 2.2.1
CVE-2016-0736
RESERVED
CVE-2016-0735 (Apache Ranger 0.5.x before 0.5.2 allows remote authenticated
users to ...)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42534 - in data: . DSA
Author: jmm
Date: 2016-06-14 20:40:14 + (Tue, 14 Jun 2016)
New Revision: 42534
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
libav DSA
Modified: data/DSA/list
===
--- data/DSA/list 2016-06-14 20:19:40 UTC (rev 42533)
+++ data/DSA/list 2016-06-14 20:40:14 UTC (rev 42534)
@@ -1,3 +1,6 @@
+[14 Jun 2016] DSA-3603-1 libav - security update
+ {CVE-2016-3062}
+ [jessie] - libav 6:11.7-1~deb8u1
[14 Jun 2016] DSA-3602-1 php5 - security update
{CVE-2013-7456 CVE-2016-3074 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539
CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544
CVE-2016-5093 CVE-2016-5094 CVE-2016-5095 CVE-2016-5096}
[jessie] - php5 5.6.22+dfsg-0+deb8u1
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-06-14 20:19:40 UTC (rev 42533)
+++ data/dsa-needed.txt 2016-06-14 20:40:14 UTC (rev 42534)
@@ -18,9 +18,6 @@
--
icu
--
-libav (jmm)
- Maintainer proposed debdiff
---
libpdfbox-java
Maintainer proposed debdiff, but first wait a bit for the upload
in unstable to be tested/exposed for possible regressions.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42533 - data/CVE
Author: carnil Date: 2016-06-14 20:19:40 + (Tue, 14 Jun 2016) New Revision: 42533 Modified: data/CVE/list Log: Update CVE-2016-1405 Modified: data/CVE/list === --- data/CVE/list 2016-06-14 20:18:00 UTC (rev 42532) +++ data/CVE/list 2016-06-14 20:19:40 UTC (rev 42533) @@ -12446,7 +12446,8 @@ CVE-2016-1406 (The API web interface in Cisco Prime Infrastructure before 3.1 and ...) NOT-FOR-US: Cisco CVE-2016-1405 (libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware ...) - TODO: check + - clamav + TODO: check if Cisco usage specific CVE-2016-1404 (Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and ...) NOT-FOR-US: Cisco CVE-2016-1403 (CISCO IP 8800 phones with software 11.0.1 and earlier allow local ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42532 - data/CVE
Author: carnil
Date: 2016-06-14 20:18:00 + (Tue, 14 Jun 2016)
New Revision: 42532
Modified:
data/CVE/list
Log:
Add CVE-2016-137{1,2}/clamav
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-14 19:54:42 UTC (rev 42531)
+++ data/CVE/list 2016-06-14 20:18:00 UTC (rev 42532)
@@ -12513,8 +12513,14 @@
TODO: check
CVE-2016-1372
RESERVED
+ - clamav 0.99.2+dfsg-1
+ NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11514
+ NOTE:
https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/
CVE-2016-1371
RESERVED
+ - clamav 0.99.2+dfsg-1
+ NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11514
+ NOTE:
https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/
CVE-2016-1370 (Cisco Prime Network Analysis Module (NAM) before 6.2(1-b) ...)
TODO: check
CVE-2016-1369 (The Adaptive Security Appliance (ASA) 5585-X FirePOWER Security
...)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42531 - data/CVE
Author: carnil Date: 2016-06-14 19:54:42 + (Tue, 14 Jun 2016) New Revision: 42531 Modified: data/CVE/list Log: Update CVE-2016-0772 information Modified: data/CVE/list === --- data/CVE/list 2016-06-14 17:18:35 UTC (rev 42530) +++ data/CVE/list 2016-06-14 19:54:42 UTC (rev 42531) @@ -14615,6 +14615,8 @@ NOTE: http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=3bb3f42f3749d40b8d4de65871e8d828b18d4a45 CVE-2016-0772 [TLS stripping vulnerability in smtplib] RESERVED + - python3.5 3.5.2~rc1-1 + - python3.4 - python2.7 2.7.12~rc1-1 NOTE: 3.4 branch: https://hg.python.org/cpython/rev/d590114c2394 NOTE: 2.7 branch: https://hg.python.org/cpython/rev/b3ce713fb9be ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42530 - data/CVE
Author: jmm Date: 2016-06-14 17:18:35 + (Tue, 14 Jun 2016) New Revision: 42530 Modified: data/CVE/list Log: audiofile fixed Modified: data/CVE/list === --- data/CVE/list 2016-06-14 15:52:44 UTC (rev 42529) +++ data/CVE/list 2016-06-14 17:18:35 UTC (rev 42530) @@ -19384,7 +19384,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2015/10/06/1 CVE-2015-7747 [When changing both sample format and number of channels, data gets corrupted; if new sample format smaller than old, possible buffer overflow] RESERVED - - audiofile (bug #801102) + - audiofile 0.3.6-3 (bug #801102) [wheezy] - audiofile (Minor issue) [jessie] - audiofile (Minor issue) [squeeze] - audiofile (Vulnerable code introduced later) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42529 - data/CVE
Author: carnil
Date: 2016-06-14 15:52:44 + (Tue, 14 Jun 2016)
New Revision: 42529
Modified:
data/CVE/list
Log:
Add additional references for CVE-2016-0772/python.*
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-14 15:22:10 UTC (rev 42528)
+++ data/CVE/list 2016-06-14 15:52:44 UTC (rev 42529)
@@ -14616,6 +14616,8 @@
CVE-2016-0772 [TLS stripping vulnerability in smtplib]
RESERVED
- python2.7 2.7.12~rc1-1
+ NOTE: 3.4 branch: https://hg.python.org/cpython/rev/d590114c2394
+ NOTE: 2.7 branch: https://hg.python.org/cpython/rev/b3ce713fb9be
TODO: check other versions
CVE-2016-0771 (The internal DNS server in Samba 4.x before 4.1.23, 4.2.x
before ...)
{DSA-3514-1}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42528 - in data: . DSA
Author: carnil
Date: 2016-06-14 15:22:10 + (Tue, 14 Jun 2016)
New Revision: 42528
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
Reserve DSA number for php5 update
Modified: data/DSA/list
===
--- data/DSA/list 2016-06-14 15:05:13 UTC (rev 42527)
+++ data/DSA/list 2016-06-14 15:22:10 UTC (rev 42528)
@@ -1,3 +1,6 @@
+[14 Jun 2016] DSA-3602-1 php5 - security update
+ {CVE-2013-7456 CVE-2016-3074 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539
CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544
CVE-2016-5093 CVE-2016-5094 CVE-2016-5095 CVE-2016-5096}
+ [jessie] - php5 5.6.22+dfsg-0+deb8u1
[13 Jun 2016] DSA-3601-1 icedove - security update
{CVE-2016-2806}
[jessie] - icedove 1:45.1.0-1~deb8u1
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-06-14 15:05:13 UTC (rev 42527)
+++ data/dsa-needed.txt 2016-06-14 15:22:10 UTC (rev 42528)
@@ -39,8 +39,6 @@
openssl
wait for next openssl update round
--
-php5 (carnil)
---
phpmyadmin (thijs)
--
quagga
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42527 - data/CVE
Author: carnil Date: 2016-06-14 15:05:13 + (Tue, 14 Jun 2016) New Revision: 42527 Modified: data/CVE/list Log: Add CVE-2016-5434 Modified: data/CVE/list === --- data/CVE/list 2016-06-14 12:32:59 UTC (rev 42526) +++ data/CVE/list 2016-06-14 15:05:13 UTC (rev 42527) @@ -1,3 +1,5 @@ +CVE-2016-5434 + NOT-FOR-US: libalpm (Arch Linux Package Management (ALPM) library) CVE-2016-5432 RESERVED CVE-2016-5431 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42526 - in data: . DLA
Author: lamby
Date: 2016-06-14 12:32:59 + (Tue, 14 Jun 2016)
New Revision: 42526
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-515-1 for libav.
Modified: data/DLA/list
===
--- data/DLA/list 2016-06-14 12:16:13 UTC (rev 42525)
+++ data/DLA/list 2016-06-14 12:32:59 UTC (rev 42526)
@@ -1,3 +1,6 @@
+[14 Jun 2016] DLA-515-1 libav - security update
+ {CVE-2016-3062}
+ [wheezy] - libav 6:0.8.17-2+deb7u2
[12 Jun 2016] DLA-514-1 libxslt - security update
{CVE-2015-7995 CVE-2016-1683 CVE-2016-1684}
[wheezy] - libxslt 1.1.26-14.1+deb7u1
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-06-14 12:16:13 UTC (rev 42525)
+++ data/dla-needed.txt 2016-06-14 12:32:59 UTC (rev 42526)
@@ -32,8 +32,6 @@
--
imagemagick (Brian May)
--
-libav (Chris Lamb)
---
libjackson-json-java
--
libspring-java
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42525 - data/CVE
Author: pabs Date: 2016-06-14 12:16:13 + (Tue, 14 Jun 2016) New Revision: 42525 Modified: data/CVE/list Log: CVE-2016-4010 is NFU (Magento) Thanks-to: Sander Bos Modified: data/CVE/list === --- data/CVE/list 2016-06-14 12:12:46 UTC (rev 42524) +++ data/CVE/list 2016-06-14 12:16:13 UTC (rev 42525) @@ -4198,6 +4198,9 @@ RESERVED CVE-2016-4010 RESERVED + NOT-FOR-US: Magento + NOTE: https://magento.com/security/patches/magento-206-security-update + NOTE: http://www.netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/ CVE-2016-4007 (Multiple unspecified vulnerabilities in the obs-service-extract_file ...) NOT-FOR-US: obs-service-extract_file CVE-2015-8850 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42524 - data/CVE
Author: carnil Date: 2016-06-14 12:12:46 + (Tue, 14 Jun 2016) New Revision: 42524 Modified: data/CVE/list Log: Update CVE-2016-4794 Modified: data/CVE/list === --- data/CVE/list 2016-06-14 12:08:24 UTC (rev 42523) +++ data/CVE/list 2016-06-14 12:12:46 UTC (rev 42524) @@ -2532,6 +2532,8 @@ NOTE: CVE-2016-4797 exists because of an incorrect fix for CVE-2014-7947 CVE-2016-4794 (Use-after-free vulnerability in mm/percpu.c in the Linux kernel ...) - linux + [jessie] - linux (Introduced in v3.18-rc1) + [wheezy] - linux (Introduced in v3.18-rc1) NOTE: https://git.kernel.org/linus/4f996e234dad488e5d9ba0858bc1bae12eff82c3 NOTE: https://git.kernel.org/linus/6710e594f71ccaad8101bc64321152af7cd9ea28 CVE-2016-4573 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42523 - data
Author: pabs Date: 2016-06-14 12:08:24 + (Tue, 14 Jun 2016) New Revision: 42523 Modified: data/embedded-code-copies Log: edk2 copy of openssl is apparently modified Reported-by: vorlon on #debian-devel Modified: data/embedded-code-copies === --- data/embedded-code-copies 2016-06-14 11:54:39 UTC (rev 42522) +++ data/embedded-code-copies 2016-06-14 12:08:24 UTC (rev 42523) @@ -2555,7 +2555,7 @@ openssl - ia32-libs (embed) - - edk2 (embed) + - edk2 (modified-embed) pam - ia32-libs (embed) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42522 - data/CVE
Author: carnil Date: 2016-06-14 11:54:39 + (Tue, 14 Jun 2016) New Revision: 42522 Modified: data/CVE/list Log: Add commit references for CVE-2016-4794 Modified: data/CVE/list === --- data/CVE/list 2016-06-14 09:46:12 UTC (rev 42521) +++ data/CVE/list 2016-06-14 11:54:39 UTC (rev 42522) @@ -2532,6 +2532,8 @@ NOTE: CVE-2016-4797 exists because of an incorrect fix for CVE-2014-7947 CVE-2016-4794 (Use-after-free vulnerability in mm/percpu.c in the Linux kernel ...) - linux + NOTE: https://git.kernel.org/linus/4f996e234dad488e5d9ba0858bc1bae12eff82c3 + NOTE: https://git.kernel.org/linus/6710e594f71ccaad8101bc64321152af7cd9ea28 CVE-2016-4573 RESERVED CVE-2016-4581 (fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42521 - data
Author: pabs Date: 2016-06-14 09:46:12 + (Tue, 14 Jun 2016) New Revision: 42521 Modified: data/embedded-code-copies Log: edk2 embeds openssl Reported-by: sarnold on #debian-security See-also: https://sources.debian.net/src/edk2/unstable/CryptoPkg/Library/OpensslLib/openssl-1.0.2g/ Modified: data/embedded-code-copies === --- data/embedded-code-copies 2016-06-14 09:10:11 UTC (rev 42520) +++ data/embedded-code-copies 2016-06-14 09:46:12 UTC (rev 42521) @@ -2555,6 +2555,7 @@ openssl - ia32-libs (embed) + - edk2 (embed) pam - ia32-libs (embed) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42520 - data/CVE
Author: sectracker
Date: 2016-06-14 09:10:11 + (Tue, 14 Jun 2016)
New Revision: 42520
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-14 06:20:56 UTC (rev 42519)
+++ data/CVE/list 2016-06-14 09:10:11 UTC (rev 42520)
@@ -7447,6 +7447,7 @@
- icedove
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/
CVE-2016-2806 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
+ {DSA-3601-1}
- iceweasel (Only Firefox 45.x)
- firefox-esr 45.1.0esr-1
- firefox 46.0-1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
