[Secure-testing-commits] r42761 - data/CVE
Author: jmm Date: 2016-06-24 04:45:11 + (Fri, 24 Jun 2016) New Revision: 42761 Modified: data/CVE/list Log: new nodejs issues Modified: data/CVE/list === --- data/CVE/list 2016-06-23 19:01:59 UTC (rev 42760) +++ data/CVE/list 2016-06-24 04:45:11 UTC (rev 42761) @@ -12735,6 +12735,7 @@ - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not supported in Wheezy) - libv8 (unimportant) + - nodejs 4.4.6~dfsg-1 NOTE: libv8 not covered by security support CVE-2016-1668 (The forEachForBinding function in ...) {DSA-3590-1} @@ -20694,6 +20695,9 @@ NOTE: http://bazaar.launchpad.net/~squid/squid/3.5/revision/13735 (Squid 3.5) CVE-2014-9748 RESERVED + - libuv 1.7.4-1 (unimportant) + - nodejs 4.0.0~dfsg-1 (unimportant) + NOTE: Only affects Windows CVE-2015-7713 (OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before ...) - nova 1:12.0.0-2 [jessie] - nova (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42760 - data/CVE
Author: carnil Date: 2016-06-23 19:01:59 + (Thu, 23 Jun 2016) New Revision: 42760 Modified: data/CVE/list Log: Add new wordpress issues Modified: data/CVE/list === --- data/CVE/list 2016-06-23 18:56:52 UTC (rev 42759) +++ data/CVE/list 2016-06-23 19:01:59 UTC (rev 42760) @@ -1,3 +1,27 @@ +CVE-2016-5839 [... some less secure sanitize_file_name edge cases] + - wordpress 4.5.3+dfsg-1 + NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/ +CVE-2016-5838 [password change via stolen cookie] + - wordpress 4.5.3+dfsg-1 + NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/ +CVE-2016-5837 [unauthorized category removal from a post] + - wordpress 4.5.3+dfsg-1 + NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/ +CVE-2016-5836 [oEmbed denial of service] + - wordpress 4.5.3+dfsg-1 + NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/ +CVE-2016-5835 [revision history information disclosure] + - wordpress 4.5.3+dfsg-1 + NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/ +CVE-2016-5834 [XSS problem via attachment name] + - wordpress 4.5.3+dfsg-1 + NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/ +CVE-2016-5833 [XSS problem via attachment name] + - wordpress 4.5.3+dfsg-1 + NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/ +CVE-2016-5832 [redirect bypass in the customizer] + - wordpress 4.5.3+dfsg-1 + NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/ CVE-2016-5773 [ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize] - php7.0 - php5 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42759 - data/CVE
Author: carnil Date: 2016-06-23 18:56:52 + (Thu, 23 Jun 2016) New Revision: 42759 Modified: data/CVE/list Log: Add CVE-2016-4972 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 17:48:39 UTC (rev 42758) +++ data/CVE/list 2016-06-23 18:56:52 UTC (rev 42759) @@ -2258,8 +2258,14 @@ RESERVED CVE-2016-4973 RESERVED -CVE-2016-4972 +CVE-2016-4972 [RCE vulnerability in Openstack Murano using insecure YAML tags] RESERVED + - murano + NOTE: Affects: Murano: <=2015.1.1; <=1.0.2; ==2.0.0 + - murano-dashboard + NOTE: Affects: Murano-dashboard: <=2015.1.1; <=1.0.2; ==2.0.0 + - python-muranoclient + NOTE: Affects: Python-muranoclient: <=0.7.2; >=0.8.0<=0.8.4 CVE-2016-4971 RESERVED - wget 1.18-1 (bug #827003) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42758 - data/CVE
Author: carnil Date: 2016-06-23 17:48:39 + (Thu, 23 Jun 2016) New Revision: 42758 Modified: data/CVE/list Log: libgd2 issue already fixed in 2.0.34RC1 upstream Modified: data/CVE/list === --- data/CVE/list 2016-06-23 17:44:46 UTC (rev 42757) +++ data/CVE/list 2016-06-23 17:48:39 UTC (rev 42758) @@ -42,8 +42,8 @@ NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72446 NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=c395c6e5d7e8df37a21265ff76e48fe75ceb5ae6 NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8 - - libgd2 2.1.0~alpha1-2 - NOTE: Fixed by: https://github.com/libgd/libgd/commit/cfee163a5e848fc3e3fb1d05a30d7557cdd36457 (gd-2.1.0-alpha1) + - libgd2 2.0.34~rc1-1 + NOTE: Fixed by: https://github.com/libgd/libgd/commit/cfee163a5e848fc3e3fb1d05a30d7557cdd36457 (GD_2_0_34RC1) CVE-2016-5766 [Integer Overflow in _gd2GetHeader() resulting in heap overflow] - php7.0 (unimportant) - php5 (unimportant) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42757 - data/CVE
Author: carnil Date: 2016-06-23 17:44:46 + (Thu, 23 Jun 2016) New Revision: 42757 Modified: data/CVE/list Log: Remove one TODO item Modified: data/CVE/list === --- data/CVE/list 2016-06-23 17:41:41 UTC (rev 42756) +++ data/CVE/list 2016-06-23 17:44:46 UTC (rev 42757) @@ -44,7 +44,6 @@ NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8 - libgd2 2.1.0~alpha1-2 NOTE: Fixed by: https://github.com/libgd/libgd/commit/cfee163a5e848fc3e3fb1d05a30d7557cdd36457 (gd-2.1.0-alpha1) - TODO: double-check libgd CVE-2016-5766 [Integer Overflow in _gd2GetHeader() resulting in heap overflow] - php7.0 (unimportant) - php5 (unimportant) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42756 - data/CVE
Author: carnil Date: 2016-06-23 17:41:41 + (Thu, 23 Jun 2016) New Revision: 42756 Modified: data/CVE/list Log: Update CVE-2016-5767/libgd2 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 17:25:42 UTC (rev 42755) +++ data/CVE/list 2016-06-23 17:41:41 UTC (rev 42756) @@ -42,7 +42,9 @@ NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72446 NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=c395c6e5d7e8df37a21265ff76e48fe75ceb5ae6 NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8 - - libgd2 + - libgd2 2.1.0~alpha1-2 + NOTE: Fixed by: https://github.com/libgd/libgd/commit/cfee163a5e848fc3e3fb1d05a30d7557cdd36457 (gd-2.1.0-alpha1) + TODO: double-check libgd CVE-2016-5766 [Integer Overflow in _gd2GetHeader() resulting in heap overflow] - php7.0 (unimportant) - php5 (unimportant) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42755 - data
Author: apo Date: 2016-06-23 17:25:42 + (Thu, 23 Jun 2016) New Revision: 42755 Modified: data/dla-needed.txt Log: Add phpmyadmin to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-23 16:59:44 UTC (rev 42754) +++ data/dla-needed.txt 2016-06-23 17:25:42 UTC (rev 42755) @@ -66,6 +66,8 @@ -- php5 (Thorsten Alteholz) -- +phpmyadmin +-- qemu -- qemu-kvm ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42754 - data/CVE
Author: carnil Date: 2016-06-23 16:59:44 + (Thu, 23 Jun 2016) New Revision: 42754 Modified: data/CVE/list Log: Add CVEs for phpmyadmin Modified: data/CVE/list === --- data/CVE/list 2016-06-23 16:32:46 UTC (rev 42753) +++ data/CVE/list 2016-06-23 16:59:44 UTC (rev 42754) @@ -55,24 +55,30 @@ RESERVED CVE-2016-5740 RESERVED -CVE-2016-5739 +CVE-2016-5739 [PMASA-2016-28: Referrer leak in transformations] RESERVED + - phpmyadmin 4:4.6.3-1 CVE-2016-5738 RESERVED CVE-2016-5736 RESERVED CVE-2016-5735 RESERVED -CVE-2016-5734 +CVE-2016-5734 [PMASA-2016-27: Unsafe handling of preg_replace parameters] RESERVED -CVE-2016-5733 + - phpmyadmin 4:4.6.3-1 +CVE-2016-5733 [PMASA-2016-26: Multiple XSS vulnerabilities] RESERVED -CVE-2016-5732 + - phpmyadmin 4:4.6.3-1 +CVE-2016-5732 [PMASA-2016-25: XSS in partition range functionality] RESERVED -CVE-2016-5731 + - phpmyadmin 4:4.6.3-1 +CVE-2016-5731 [PMASA-2016-24: XSS through FPD] RESERVED -CVE-2016-5730 + - phpmyadmin 4:4.6.3-1 +CVE-2016-5730 [PMASA-2016-23: Multiple full path disclosure vulnerabilities] RESERVED + - phpmyadmin 4:4.6.3-1 CVE-2016-5742 [SQL injection in MovableType xml-rpc interface] - movabletype-opensource NOTE: https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html @@ -128,18 +134,24 @@ RESERVED CVE-2016-5707 RESERVED -CVE-2016-5706 +CVE-2016-5706 [PMASA-2016-22: DOS attack] RESERVED -CVE-2016-5705 + - phpmyadmin 4:4.6.3-1 +CVE-2016-5705 [PMASA-2016-21: Multiple XSS vulnerabilities] RESERVED -CVE-2016-5704 + - phpmyadmin 4:4.6.3-1 +CVE-2016-5704 [PMASA-2016-20: XSS on table structure page] RESERVED -CVE-2016-5703 + - phpmyadmin 4:4.6.3-1 +CVE-2016-5703 [PMASA-2016-19: SQL injection attack] RESERVED -CVE-2016-5702 + - phpmyadmin 4:4.6.3-1 +CVE-2016-5702 [PMASA-2016-18: Cookie attribute injection attack] RESERVED -CVE-2016-5701 + - phpmyadmin 4:4.6.3-1 +CVE-2016-5701 [PMASA-2016-17: BBCode injection vulnerability] RESERVED + - phpmyadmin 4:4.6.3-1 CVE-2016-5700 RESERVED CVE-2016-5698 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42753 - data/CVE
Author: carnil Date: 2016-06-23 16:32:46 + (Thu, 23 Jun 2016) New Revision: 42753 Modified: data/CVE/list Log: Add CVE-2016-5773 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 16:32:37 UTC (rev 42752) +++ data/CVE/list 2016-06-23 16:32:46 UTC (rev 42753) @@ -1,3 +1,9 @@ +CVE-2016-5773 [ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize] + - php7.0 + - php5 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72434 + NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=f6aef68089221c5ea047d4a74224ee3deead99a6 + NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8 CVE-2016-5772 [Double Free Courruption in wddx_deserialize] - php7.0 - php5 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42752 - data/CVE
Author: carnil Date: 2016-06-23 16:32:37 + (Thu, 23 Jun 2016) New Revision: 42752 Modified: data/CVE/list Log: Add CVE-2016-5772 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 16:32:28 UTC (rev 42751) +++ data/CVE/list 2016-06-23 16:32:37 UTC (rev 42752) @@ -1,3 +1,9 @@ +CVE-2016-5772 [Double Free Courruption in wddx_deserialize] + - php7.0 + - php5 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72340 + NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c + NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8 CVE-2016-5771 [Use After Free Vulnerability in PHP's GC algorithm and unserialize] - php7.0 - php5 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42751 - data/CVE
Author: carnil Date: 2016-06-23 16:32:28 + (Thu, 23 Jun 2016) New Revision: 42751 Modified: data/CVE/list Log: Add CVE-2016-5771 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 16:26:32 UTC (rev 42750) +++ data/CVE/list 2016-06-23 16:32:28 UTC (rev 42751) @@ -1,3 +1,10 @@ +CVE-2016-5771 [Use After Free Vulnerability in PHP's GC algorithm and unserialize] + - php7.0 + - php5 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72433 + NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c + NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8 + TODO: check if really affects 7.x, CVE assignment claims not CVE-2016-5770 [int/size_t confusion in SplFileObject::fread] - php7.0 - php5 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42747 - data/CVE
Author: carnil Date: 2016-06-23 16:21:58 + (Thu, 23 Jun 2016) New Revision: 42747 Modified: data/CVE/list Log: Add indication for fixed version upstream for CVE-2016-5767 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 16:21:09 UTC (rev 42746) +++ data/CVE/list 2016-06-23 16:21:58 UTC (rev 42747) @@ -10,8 +10,8 @@ NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72446 NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=c395c6e5d7e8df37a21265ff76e48fe75ceb5ae6 + NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8 - libgd2 - TODO: check CVE-2016-5766 [Integer Overflow in _gd2GetHeader() resulting in heap overflow] - php7.0 (unimportant) - php5 (unimportant) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42750 - data/CVE
Author: carnil Date: 2016-06-23 16:26:32 + (Thu, 23 Jun 2016) New Revision: 42750 Modified: data/CVE/list Log: Add CVE-2016-5770 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 16:26:23 UTC (rev 42749) +++ data/CVE/list 2016-06-23 16:26:32 UTC (rev 42750) @@ -1,3 +1,9 @@ +CVE-2016-5770 [int/size_t confusion in SplFileObject::fread] + - php7.0 + - php5 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72262 + NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=7245bff300d3fa8bacbef7897ff080a6f1c23eba + NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8 CVE-2016-5769 [Heap Overflow due to integer overflows] - php7.0 - php5 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42749 - data/CVE
Author: carnil Date: 2016-06-23 16:26:23 + (Thu, 23 Jun 2016) New Revision: 42749 Modified: data/CVE/list Log: Add CVE-2016-5769 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 16:22:53 UTC (rev 42748) +++ data/CVE/list 2016-06-23 16:26:23 UTC (rev 42749) @@ -1,3 +1,9 @@ +CVE-2016-5769 [Heap Overflow due to integer overflows] + - php7.0 + - php5 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72455 + NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=6c5211a0cef0cc2854eaa387e0eb036e012904d0 + NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8 CVE-2016-5768 [_php_mb_regex_ereg_replace_exec - double free] - php7 - php5 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42748 - data/CVE
Author: carnil Date: 2016-06-23 16:22:53 + (Thu, 23 Jun 2016) New Revision: 42748 Modified: data/CVE/list Log: Expand list of fixing versions upstream for CVE-2016-5766 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 16:21:58 UTC (rev 42747) +++ data/CVE/list 2016-06-23 16:22:53 UTC (rev 42748) @@ -18,9 +18,8 @@ NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72339 NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=7722455726bec8c53458a32851d2a87982cf0eac - NOTE: Fixed in 7.0.8 + NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8 - libgd2 - TODO: check CVE-2016-5741 RESERVED CVE-2016-5740 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42746 - data/CVE
Author: carnil Date: 2016-06-23 16:21:09 + (Thu, 23 Jun 2016) New Revision: 42746 Modified: data/CVE/list Log: Add CVE-2016-5768 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 16:13:45 UTC (rev 42745) +++ data/CVE/list 2016-06-23 16:21:09 UTC (rev 42746) @@ -1,3 +1,9 @@ +CVE-2016-5768 [_php_mb_regex_ereg_replace_exec - double free] + - php7 + - php5 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72402 + NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=5b597a2e5b28e2d5a52fc1be13f425f08f47cb62 + NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8 CVE-2016-5767 [Integer Overflow in gdImagePaletteToTrueColor() resulting heap overflow] - php7.0 (unimportant) - php5 (unimportant) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42745 - data/CVE
Author: carnil Date: 2016-06-23 16:13:45 + (Thu, 23 Jun 2016) New Revision: 42745 Modified: data/CVE/list Log: Add CVE-2016-5767 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 16:13:36 UTC (rev 42744) +++ data/CVE/list 2016-06-23 16:13:45 UTC (rev 42745) @@ -1,3 +1,11 @@ +CVE-2016-5767 [Integer Overflow in gdImagePaletteToTrueColor() resulting heap overflow] + - php7.0 (unimportant) + - php5 (unimportant) + NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72446 + NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=c395c6e5d7e8df37a21265ff76e48fe75ceb5ae6 + - libgd2 + TODO: check CVE-2016-5766 [Integer Overflow in _gd2GetHeader() resulting in heap overflow] - php7.0 (unimportant) - php5 (unimportant) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42744 - data/CVE
Author: carnil Date: 2016-06-23 16:13:36 + (Thu, 23 Jun 2016) New Revision: 42744 Modified: data/CVE/list Log: add todo item Modified: data/CVE/list === --- data/CVE/list 2016-06-23 16:06:38 UTC (rev 42743) +++ data/CVE/list 2016-06-23 16:13:36 UTC (rev 42744) @@ -6,6 +6,7 @@ NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=7722455726bec8c53458a32851d2a87982cf0eac NOTE: Fixed in 7.0.8 - libgd2 + TODO: check CVE-2016-5741 RESERVED CVE-2016-5740 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42743 - data/CVE
Author: carnil Date: 2016-06-23 16:06:38 + (Thu, 23 Jun 2016) New Revision: 42743 Modified: data/CVE/list Log: Add CVE-2016-7566 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 14:10:38 UTC (rev 42742) +++ data/CVE/list 2016-06-23 16:06:38 UTC (rev 42743) @@ -1,3 +1,11 @@ +CVE-2016-5766 [Integer Overflow in _gd2GetHeader() resulting in heap overflow] + - php7.0 (unimportant) + - php5 (unimportant) + NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72339 + NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=7722455726bec8c53458a32851d2a87982cf0eac + NOTE: Fixed in 7.0.8 + - libgd2 CVE-2016-5741 RESERVED CVE-2016-5740 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42742 - data
Author: carnil Date: 2016-06-23 14:10:38 + (Thu, 23 Jun 2016) New Revision: 42742 Modified: data/dsa-needed.txt Log: Add pidgin to dsa-needed list Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-06-23 13:43:35 UTC (rev 42741) +++ data/dsa-needed.txt 2016-06-23 14:10:38 UTC (rev 42742) @@ -45,6 +45,8 @@ -- phpmyadmin (thijs) -- +pidgin +-- quagga Waiting for upstream-blessed patch before going forward Triggering circumstances not common ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42741 - data
Author: apo Date: 2016-06-23 13:43:35 + (Thu, 23 Jun 2016) New Revision: 42741 Modified: data/dla-needed.txt Log: Add pidgin to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-23 08:21:22 UTC (rev 42740) +++ data/dla-needed.txt 2016-06-23 13:43:35 UTC (rev 42741) @@ -62,6 +62,8 @@ NOTE: Kurt Roeckx considers CVE-2016-2177 and CVE-2016-2178 to be low NOTE: priority issues and will fix them after the next release of OpenSSL. -- +pidgin +-- php5 (Thorsten Alteholz) -- qemu ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42740 - data/CVE
Author: carnil Date: 2016-06-23 08:21:22 + (Thu, 23 Jun 2016) New Revision: 42740 Modified: data/CVE/list Log: pidgin fixed in unstable already Modified: data/CVE/list === --- data/CVE/list 2016-06-23 07:55:08 UTC (rev 42739) +++ data/CVE/list 2016-06-23 08:21:22 UTC (rev 42740) @@ -4324,10 +4324,9 @@ RESERVED CVE-2016-4323 [MXIT Splash Image Arbitrary File Overwrite Vulnerability] RESERVED - - pidgin + - pidgin 2.11.0-1 NOTE: http://www.talosintel.com/reports/TALOS-2016-0128/ NOTE: http://www.pidgin.im/news/security/?id=97 - TODO: check CVE-2016-4322 RESERVED CVE-2016-4321 @@ -9865,117 +9864,103 @@ NOTE: http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076 CVE-2016-2380 [MXIT mxit_convert_markup_tx Information Leak Vulnerability] RESERVED - - pidgin + - pidgin 2.11.0-1 NOTE: http://www.talosintel.com/reports/TALOS-2016-0123/ NOTE: http://www.pidgin.im/news/security/?id=96 NOTE: https://bitbucket.org/pidgin/main/commits/8172584fd640 - TODO: check CVE-2016-2379 RESERVED CVE-2016-2378 [MXIT get_utf8_string Code Execution Vulnerability] RESERVED - - pidgin + - pidgin 2.11.0-1 NOTE: http://www.talosintel.com/reports/TALOS-2016-0120/ NOTE: http://www.pidgin.im/news/security/?id=94 NOTE: https://bitbucket.org/pidgin/main/commits/06278419c703 - TODO: check CVE-2016-2377 [MXIT HTTP Content-Length Buffer Overflow Vulnerability] RESERVED - - pidgin + - pidgin 2.11.0-1 NOTE: http://www.talosintel.com/reports/TALOS-2016-0119/ NOTE: http://www.pidgin.im/news/security/?id=93 NOTE: https://bitbucket.org/pidgin/main/commits/0f94ef13ab37 - TODO: check CVE-2016-2376 [MXIT read stage 0x3 Code Execution Vulnerability] RESERVED - - pidgin + - pidgin 2.11.0-1 NOTE: http://www.talosintel.com/reports/TALOS-2016-0118/ NOTE: http://www.pidgin.im/news/security/?id=92 NOTE: https://bitbucket.org/pidgin/main/commits/19f89eda8587 - TODO: check CVE-2016-2375 [MXIT Suggested Contacts Memory Disclosure Vulnerability] RESERVED - - pidgin + - pidgin 2.11.0-1 NOTE: http://www.talosintel.com/reports/TALOS-2016-0143/ NOTE: http://www.pidgin.im/news/security/?id=108 NOTE: https://bitbucket.org/pidgin/main/commits/b786e9814536 - TODO: check CVE-2016-2374 [MXIT MultiMX Message Code Execution Vulnerability] RESERVED - - pidgin + - pidgin 2.11.0-1 NOTE: http://www.talosintel.com/reports/TALOS-2016-0142/ NOTE: http://www.pidgin.im/news/security/?id=107 NOTE: https://bitbucket.org/pidgin/main/commits/f6c08d962618 - TODO: check CVE-2016-2373 [MXIT Contact Mood Denial of Service Vulnerability] RESERVED - - pidgin + - pidgin 2.11.0-1 NOTE: http://www.talosintel.com/reports/TALOS-2016-0141/ NOTE: http://www.pidgin.im/news/security/?id=106 NOTE: https://bitbucket.org/pidgin/main/commits/e6159ad42c4c - TODO: check CVE-2016-2372 [MXIT File Transfer Length Memory Disclosure Vulnerability] RESERVED - - pidgin + - pidgin 2.11.0-1 NOTE: http://www.talosintel.com/reports/TALOS-2016-0140/ NOTE: http://www.pidgin.im/news/security/?id=105 NOTE: https://bitbucket.org/pidgin/main/commits/5e3601f8bde4 NOTE: https://bitbucket.org/pidgin/main/commits/1c5197a66760 NOTE: https://bitbucket.org/pidgin/main/commits/648f667a679c - TODO: check CVE-2016-2371 [MXIT Extended Profiles Code Execution Vulnerability] RESERVED - - pidgin + - pidgin 2.11.0-1 NOTE: http://www.talosintel.com/reports/TALOS-2016-0139/ NOTE: http://www.pidgin.im/news/security/?id=104 NOTE: https://bitbucket.org/pidgin/main/commits/7b52ca213832 TODO: check CVE-2016-2370 [MXIT Custom Resource Denial of Service Vulnerability] RESERVED - - pidgin + - pidgin 2.11.0-1 NOTE: http://www.talosintel.com/reports/TALOS-2016-0138/ NOTE: http://www.pidgin.im/news/security/?id=103 NOTE: https://bitbucket.org/pidgin/main/commits/5e3601f8bde4 NOTE: https://bitbucket.org/pidgin/main/commits/1c5197a66760 NOTE: https://bitbucket.org/pidgin/main/commits/648f667a679c - TODO: check CVE-2016-2369 [MXIT CP_SOCK_REC_TERM Denial of Service Vulnerability] RESERVED - - pidgin + - pidgin 2.11.0-1 NOTE: http://www.talosintel.com/reports/TALOS-2016-0137/ NOTE: http://www.pidgin.im/news/security/?id=102 - TODO: check CVE-2016-2368 [MXIT g_snprintf Multiple Buffer Overflow Vulnerabilities] RESERVED - - pidgin + - pidgin 2.11.0-1
[Secure-testing-commits] r42739 - data
Author: bam Date: 2016-06-23 07:55:08 + (Thu, 23 Jun 2016) New Revision: 42739 Modified: data/dla-needed.txt Log: Unclaim openssl Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-23 06:51:44 UTC (rev 42738) +++ data/dla-needed.txt 2016-06-23 07:55:08 UTC (rev 42739) @@ -54,12 +54,13 @@ NOTE: maintainer would like help working on the updates but will handle the updates himself NOTE: 20160518175636.ga29...@roeckx.be -- -openssl (Brian May) +openssl NOTE: For CVE-2016-2177, some parts of the upstream patch do not apply NOTE: because the wheezy version is completely missing the checks being NOTE: fixed! Those checks should probably be added by cherry-picking NOTE: additional upstream changes. - NOTE: Feel free to offer Brian assistance or take-over if desired. + NOTE: Kurt Roeckx considers CVE-2016-2177 and CVE-2016-2178 to be low + NOTE: priority issues and will fix them after the next release of OpenSSL. -- php5 (Thorsten Alteholz) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42737 - data/CVE
Author: carnil Date: 2016-06-23 06:51:36 + (Thu, 23 Jun 2016) New Revision: 42737 Modified: data/CVE/list Log: Add CVE-2016-4996 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 06:51:27 UTC (rev 42736) +++ data/CVE/list 2016-06-23 06:51:36 UTC (rev 42737) @@ -2124,6 +2124,7 @@ RESERVED CVE-2016-4996 RESERVED + - foreman (bug #663101) CVE-2016-4995 RESERVED - foreman (bug #663101) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42738 - data/CVE
Author: carnil Date: 2016-06-23 06:51:44 + (Thu, 23 Jun 2016) New Revision: 42738 Modified: data/CVE/list Log: Correct wrong commit about nodejs, it is fixed only in 4.5.0, thanks jmm Modified: data/CVE/list === --- data/CVE/list 2016-06-23 06:51:36 UTC (rev 42737) +++ data/CVE/list 2016-06-23 06:51:44 UTC (rev 42738) @@ -887,7 +887,7 @@ RESERVED CVE-2016-5325 RESERVED - - nodejs 4.4.5~dfsg-1 (unimportant) + - nodejs (unimportant) NOTE: libv8 is not covered by security support NOTE: https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/ CVE-2016-5359 [wnpa-sec-2016-38] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42736 - data/CVE
Author: carnil Date: 2016-06-23 06:51:27 + (Thu, 23 Jun 2016) New Revision: 42736 Modified: data/CVE/list Log: Add CVE-2016-4995 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 06:48:33 UTC (rev 42735) +++ data/CVE/list 2016-06-23 06:51:27 UTC (rev 42736) @@ -2126,6 +2126,7 @@ RESERVED CVE-2016-4995 RESERVED + - foreman (bug #663101) CVE-2016-4994 [Use-after-free vulnerabilities in the channel and layer properties parsing process] RESERVED - gimp ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42734 - data/CVE
Author: carnil Date: 2016-06-23 06:48:25 + (Thu, 23 Jun 2016) New Revision: 42734 Modified: data/CVE/list Log: Add CVE-2016-4323 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 06:48:16 UTC (rev 42733) +++ data/CVE/list 2016-06-23 06:48:25 UTC (rev 42734) @@ -4317,8 +4317,12 @@ NOT-FOR-US: Lantronix xPrintServer CVE-2016-4324 RESERVED -CVE-2016-4323 +CVE-2016-4323 [MXIT Splash Image Arbitrary File Overwrite Vulnerability] RESERVED + - pidgin + NOTE: http://www.talosintel.com/reports/TALOS-2016-0128/ + NOTE: http://www.pidgin.im/news/security/?id=97 + TODO: check CVE-2016-4322 RESERVED CVE-2016-4321 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42735 - data/CVE
Author: carnil Date: 2016-06-23 06:48:33 + (Thu, 23 Jun 2016) New Revision: 42735 Modified: data/CVE/list Log: Add CVE-2016-4994 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 06:48:25 UTC (rev 42734) +++ data/CVE/list 2016-06-23 06:48:33 UTC (rev 42735) @@ -2126,8 +2126,11 @@ RESERVED CVE-2016-4995 RESERVED -CVE-2016-4994 +CVE-2016-4994 [Use-after-free vulnerabilities in the channel and layer properties parsing process] RESERVED + - gimp + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=767873 + TODO: check CVE-2016-4993 RESERVED CVE-2016-4992 [Information disclosure via repeated use of LDAP ADD operation] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42732 - data/CVE
Author: carnil Date: 2016-06-23 06:48:06 + (Thu, 23 Jun 2016) New Revision: 42732 Modified: data/CVE/list Log: Add CVE-2016-2378 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 06:47:57 UTC (rev 42731) +++ data/CVE/list 2016-06-23 06:48:06 UTC (rev 42732) @@ -9858,8 +9858,13 @@ RESERVED CVE-2016-2379 RESERVED -CVE-2016-2378 +CVE-2016-2378 [MXIT get_utf8_string Code Execution Vulnerability] RESERVED + - pidgin + NOTE: http://www.talosintel.com/reports/TALOS-2016-0120/ + NOTE: http://www.pidgin.im/news/security/?id=94 + NOTE: https://bitbucket.org/pidgin/main/commits/06278419c703 + TODO: check CVE-2016-2377 [MXIT HTTP Content-Length Buffer Overflow Vulnerability] RESERVED - pidgin ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42733 - data/CVE
Author: carnil Date: 2016-06-23 06:48:16 + (Thu, 23 Jun 2016) New Revision: 42733 Modified: data/CVE/list Log: Add CVE-2016-2380 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 06:48:06 UTC (rev 42732) +++ data/CVE/list 2016-06-23 06:48:16 UTC (rev 42733) @@ -9854,8 +9854,13 @@ {DSA-3501-1} - perl 5.22.1-8 NOTE: http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076 -CVE-2016-2380 +CVE-2016-2380 [MXIT mxit_convert_markup_tx Information Leak Vulnerability] RESERVED + - pidgin + NOTE: http://www.talosintel.com/reports/TALOS-2016-0123/ + NOTE: http://www.pidgin.im/news/security/?id=96 + NOTE: https://bitbucket.org/pidgin/main/commits/8172584fd640 + TODO: check CVE-2016-2379 RESERVED CVE-2016-2378 [MXIT get_utf8_string Code Execution Vulnerability] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42731 - data/CVE
Author: carnil Date: 2016-06-23 06:47:57 + (Thu, 23 Jun 2016) New Revision: 42731 Modified: data/CVE/list Log: Add CVE-2016-2377 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 06:47:18 UTC (rev 42730) +++ data/CVE/list 2016-06-23 06:47:57 UTC (rev 42731) @@ -9860,8 +9860,13 @@ RESERVED CVE-2016-2378 RESERVED -CVE-2016-2377 +CVE-2016-2377 [MXIT HTTP Content-Length Buffer Overflow Vulnerability] RESERVED + - pidgin + NOTE: http://www.talosintel.com/reports/TALOS-2016-0119/ + NOTE: http://www.pidgin.im/news/security/?id=93 + NOTE: https://bitbucket.org/pidgin/main/commits/0f94ef13ab37 + TODO: check CVE-2016-2376 [MXIT read stage 0x3 Code Execution Vulnerability] RESERVED - pidgin ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42730 - data/CVE
Author: fgeek-guest Date: 2016-06-23 06:47:18 + (Thu, 23 Jun 2016) New Revision: 42730 Modified: data/CVE/list Log: NFU ESA-2016-069 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 06:41:49 UTC (rev 42729) +++ data/CVE/list 2016-06-23 06:47:18 UTC (rev 42730) @@ -15286,6 +15286,7 @@ RESERVED CVE-2016-0914 RESERVED + NOT-FOR-US: EMC Documentum WebTop and WebTop Clients CVE-2016-0913 RESERVED CVE-2016-0912 (EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 allows remote ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42728 - data/CVE
Author: carnil Date: 2016-06-23 06:41:39 + (Thu, 23 Jun 2016) New Revision: 42728 Modified: data/CVE/list Log: Add CVE-2016-2375 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 06:41:31 UTC (rev 42727) +++ data/CVE/list 2016-06-23 06:41:39 UTC (rev 42728) @@ -9864,8 +9864,13 @@ RESERVED CVE-2016-2376 RESERVED -CVE-2016-2375 +CVE-2016-2375 [MXIT Suggested Contacts Memory Disclosure Vulnerability] RESERVED + - pidgin + NOTE: http://www.talosintel.com/reports/TALOS-2016-0143/ + NOTE: http://www.pidgin.im/news/security/?id=108 + NOTE: https://bitbucket.org/pidgin/main/commits/b786e9814536 + TODO: check CVE-2016-2374 [MXIT MultiMX Message Code Execution Vulnerability] RESERVED - pidgin ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42729 - data/CVE
Author: carnil Date: 2016-06-23 06:41:49 + (Thu, 23 Jun 2016) New Revision: 42729 Modified: data/CVE/list Log: Add CVE-2016-2376 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 06:41:39 UTC (rev 42728) +++ data/CVE/list 2016-06-23 06:41:49 UTC (rev 42729) @@ -9862,8 +9862,13 @@ RESERVED CVE-2016-2377 RESERVED -CVE-2016-2376 +CVE-2016-2376 [MXIT read stage 0x3 Code Execution Vulnerability] RESERVED + - pidgin + NOTE: http://www.talosintel.com/reports/TALOS-2016-0118/ + NOTE: http://www.pidgin.im/news/security/?id=92 + NOTE: https://bitbucket.org/pidgin/main/commits/19f89eda8587 + TODO: check CVE-2016-2375 [MXIT Suggested Contacts Memory Disclosure Vulnerability] RESERVED - pidgin ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42727 - data/CVE
Author: carnil Date: 2016-06-23 06:41:31 + (Thu, 23 Jun 2016) New Revision: 42727 Modified: data/CVE/list Log: Add CVE-2016-2374 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 06:41:22 UTC (rev 42726) +++ data/CVE/list 2016-06-23 06:41:31 UTC (rev 42727) @@ -9866,8 +9866,13 @@ RESERVED CVE-2016-2375 RESERVED -CVE-2016-2374 +CVE-2016-2374 [MXIT MultiMX Message Code Execution Vulnerability] RESERVED + - pidgin + NOTE: http://www.talosintel.com/reports/TALOS-2016-0142/ + NOTE: http://www.pidgin.im/news/security/?id=107 + NOTE: https://bitbucket.org/pidgin/main/commits/f6c08d962618 + TODO: check CVE-2016-2373 [MXIT Contact Mood Denial of Service Vulnerability] RESERVED - pidgin ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42726 - data/CVE
Author: carnil Date: 2016-06-23 06:41:22 + (Thu, 23 Jun 2016) New Revision: 42726 Modified: data/CVE/list Log: Add CVE-2016-2373 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 06:41:14 UTC (rev 42725) +++ data/CVE/list 2016-06-23 06:41:22 UTC (rev 42726) @@ -9868,8 +9868,13 @@ RESERVED CVE-2016-2374 RESERVED -CVE-2016-2373 +CVE-2016-2373 [MXIT Contact Mood Denial of Service Vulnerability] RESERVED + - pidgin + NOTE: http://www.talosintel.com/reports/TALOS-2016-0141/ + NOTE: http://www.pidgin.im/news/security/?id=106 + NOTE: https://bitbucket.org/pidgin/main/commits/e6159ad42c4c + TODO: check CVE-2016-2372 [MXIT File Transfer Length Memory Disclosure Vulnerability] RESERVED - pidgin ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42724 - data/CVE
Author: carnil Date: 2016-06-23 06:41:05 + (Thu, 23 Jun 2016) New Revision: 42724 Modified: data/CVE/list Log: Add CVE-2016-2371 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 06:30:10 UTC (rev 42723) +++ data/CVE/list 2016-06-23 06:41:05 UTC (rev 42724) @@ -9872,8 +9872,13 @@ RESERVED CVE-2016-2372 RESERVED -CVE-2016-2371 +CVE-2016-2371 [MXIT Extended Profiles Code Execution Vulnerability] RESERVED + - pidgin + NOTE: http://www.talosintel.com/reports/TALOS-2016-0139/ + NOTE: http://www.pidgin.im/news/security/?id=104 + NOTE: https://bitbucket.org/pidgin/main/commits/7b52ca213832 + TODO: check CVE-2016-2370 [MXIT Custom Resource Denial of Service Vulnerability] RESERVED - pidgin ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42725 - data/CVE
Author: carnil Date: 2016-06-23 06:41:14 + (Thu, 23 Jun 2016) New Revision: 42725 Modified: data/CVE/list Log: Add CVE-2016-2372 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 06:41:05 UTC (rev 42724) +++ data/CVE/list 2016-06-23 06:41:14 UTC (rev 42725) @@ -9870,8 +9870,15 @@ RESERVED CVE-2016-2373 RESERVED -CVE-2016-2372 +CVE-2016-2372 [MXIT File Transfer Length Memory Disclosure Vulnerability] RESERVED + - pidgin + NOTE: http://www.talosintel.com/reports/TALOS-2016-0140/ + NOTE: http://www.pidgin.im/news/security/?id=105 + NOTE: https://bitbucket.org/pidgin/main/commits/5e3601f8bde4 + NOTE: https://bitbucket.org/pidgin/main/commits/1c5197a66760 + NOTE: https://bitbucket.org/pidgin/main/commits/648f667a679c + TODO: check CVE-2016-2371 [MXIT Extended Profiles Code Execution Vulnerability] RESERVED - pidgin ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42723 - data/CVE
Author: carnil Date: 2016-06-23 06:30:10 + (Thu, 23 Jun 2016) New Revision: 42723 Modified: data/CVE/list Log: Add CVE-2016-2370 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 06:29:59 UTC (rev 42722) +++ data/CVE/list 2016-06-23 06:30:10 UTC (rev 42723) @@ -9874,8 +9874,15 @@ RESERVED CVE-2016-2371 RESERVED -CVE-2016-2370 +CVE-2016-2370 [MXIT Custom Resource Denial of Service Vulnerability] RESERVED + - pidgin + NOTE: http://www.talosintel.com/reports/TALOS-2016-0138/ + NOTE: http://www.pidgin.im/news/security/?id=103 + NOTE: https://bitbucket.org/pidgin/main/commits/5e3601f8bde4 + NOTE: https://bitbucket.org/pidgin/main/commits/1c5197a66760 + NOTE: https://bitbucket.org/pidgin/main/commits/648f667a679c + TODO: check CVE-2016-2369 [MXIT CP_SOCK_REC_TERM Denial of Service Vulnerability] RESERVED - pidgin ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42722 - data/CVE
Author: carnil Date: 2016-06-23 06:29:59 + (Thu, 23 Jun 2016) New Revision: 42722 Modified: data/CVE/list Log: Add CVE-2016-2369 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 06:29:51 UTC (rev 42721) +++ data/CVE/list 2016-06-23 06:29:59 UTC (rev 42722) @@ -9876,8 +9876,12 @@ RESERVED CVE-2016-2370 RESERVED -CVE-2016-2369 +CVE-2016-2369 [MXIT CP_SOCK_REC_TERM Denial of Service Vulnerability] RESERVED + - pidgin + NOTE: http://www.talosintel.com/reports/TALOS-2016-0137/ + NOTE: http://www.pidgin.im/news/security/?id=102 + TODO: check CVE-2016-2368 [MXIT g_snprintf Multiple Buffer Overflow Vulnerabilities] RESERVED - pidgin ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42720 - data/CVE
Author: carnil Date: 2016-06-23 06:29:42 + (Thu, 23 Jun 2016) New Revision: 42720 Modified: data/CVE/list Log: Add CVE-2016-2367 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 06:24:14 UTC (rev 42719) +++ data/CVE/list 2016-06-23 06:29:42 UTC (rev 42720) @@ -9880,8 +9880,15 @@ RESERVED CVE-2016-2368 RESERVED -CVE-2016-2367 +CVE-2016-2367 [MXIT Avatar Length Memory Disclosure Vulnerability] RESERVED + - pidgin + NOTE: http://www.talosintel.com/reports/TALOS-2016-0135/ + NOTE: http://www.pidgin.im/news/security/?id=100 + NOTE: https://bitbucket.org/pidgin/main/commits/5e3601f8bde4 + NOTE: https://bitbucket.org/pidgin/main/commits/1c5197a66760 + NOTE: https://bitbucket.org/pidgin/main/commits/648f667a679c + TODO: check CVE-2016-2366 [MXIT Table Command Denial of Service Vulnerability] RESERVED - pidgin ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42721 - data/CVE
Author: carnil Date: 2016-06-23 06:29:51 + (Thu, 23 Jun 2016) New Revision: 42721 Modified: data/CVE/list Log: Add CVE-2016-2368 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 06:29:42 UTC (rev 42720) +++ data/CVE/list 2016-06-23 06:29:51 UTC (rev 42721) @@ -9878,8 +9878,14 @@ RESERVED CVE-2016-2369 RESERVED -CVE-2016-2368 +CVE-2016-2368 [MXIT g_snprintf Multiple Buffer Overflow Vulnerabilities] RESERVED + - pidgin + NOTE: http://www.talosintel.com/reports/TALOS-2016-0136/ + NOTE: http://www.pidgin.im/news/security/?id=101 + NOTE: https://bitbucket.org/pidgin/main/commits/f6efc254e947 + NOTE: https://bitbucket.org/pidgin/main/commits/60f95045db42 + TODO: check CVE-2016-2367 [MXIT Avatar Length Memory Disclosure Vulnerability] RESERVED - pidgin ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42719 - data/CVE
Author: carnil Date: 2016-06-23 06:24:14 + (Thu, 23 Jun 2016) New Revision: 42719 Modified: data/CVE/list Log: Add CVE-2016-2366 Modified: data/CVE/list === --- data/CVE/list 2016-06-23 06:24:05 UTC (rev 42718) +++ data/CVE/list 2016-06-23 06:24:14 UTC (rev 42719) @@ -9882,8 +9882,13 @@ RESERVED CVE-2016-2367 RESERVED -CVE-2016-2366 +CVE-2016-2366 [MXIT Table Command Denial of Service Vulnerability] RESERVED + - pidgin + NOTE: http://www.talosintel.com/reports/TALOS-2016-0134/ + NOTE: http://www.pidgin.im/news/security/?id=99 + NOTE: https://bitbucket.org/pidgin/main/commits/abdc3025f6b8 + TODO: check CVE-2016-2365 [MXIT Markup Command Denial of Service Vulnerability] RESERVED - pidgin ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42718 - data/CVE
Author: carnil Date: 2016-06-23 06:24:05 + (Thu, 23 Jun 2016) New Revision: 42718 Modified: data/CVE/list Log: Add CVE-2016-2365/pidgin Modified: data/CVE/list === --- data/CVE/list 2016-06-23 04:56:16 UTC (rev 42717) +++ data/CVE/list 2016-06-23 06:24:05 UTC (rev 42718) @@ -9884,8 +9884,13 @@ RESERVED CVE-2016-2366 RESERVED -CVE-2016-2365 +CVE-2016-2365 [MXIT Markup Command Denial of Service Vulnerability] RESERVED + - pidgin + NOTE: http://www.talosintel.com/reports/TALOS-2016-0133/ + NOTE: http://www.pidgin.im/news/security/?id=98 + NOTE: https://bitbucket.org/pidgin/main/commits/5fa3f2bc69d7 + TODO: check CVE-2016-2364 (The Chrome HUDweb plugin before 2016-05-05 for Fonality (previously ...) TODO: check CVE-2016-2363 (Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits