[Secure-testing-commits] r42813 - data/CVE
Author: opal Date: 2016-06-26 21:46:33 + (Sun, 26 Jun 2016) New Revision: 42813 Modified: data/CVE/list Log: Marked minor issues as no-dsa. Modified: data/CVE/list === --- data/CVE/list 2016-06-26 21:10:15 UTC (rev 42812) +++ data/CVE/list 2016-06-26 21:46:33 UTC (rev 42813) @@ -147,6 +147,7 @@ CVE-2016-5730 [PMASA-2016-23: Multiple full path disclosure vulnerabilities] RESERVED - phpmyadmin 4:4.6.3-1 + [wheezy] - phpmyadmin (Minor issue) CVE-2016-5742 [SQL injection in MovableType xml-rpc interface] RESERVED - movabletype-opensource @@ -218,9 +219,11 @@ CVE-2016-5702 [PMASA-2016-18: Cookie attribute injection attack] RESERVED - phpmyadmin 4:4.6.3-1 + [wheezy] - phpmyadmin (Minor issue) CVE-2016-5701 [PMASA-2016-17: BBCode injection vulnerability] RESERVED - phpmyadmin 4:4.6.3-1 + [wheezy] - phpmyadmin (Minor issue) CVE-2016-5700 RESERVED CVE-2016-5698 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42812 - data/CVE
Author: sectracker Date: 2016-06-26 21:10:15 + (Sun, 26 Jun 2016) New Revision: 42812 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2016-06-26 21:07:50 UTC (rev 42811) +++ data/CVE/list 2016-06-26 21:10:15 UTC (rev 42812) @@ -7635,6 +7635,7 @@ NOTE: https://struts.apache.org/docs/s2-034.html CVE-2016-3092 RESERVED + {DLA-529-1 DLA-528-1} - libcommons-fileupload-java 1.3.2-1 - tomcat7 7.0.70-1 - tomcat8 8.0.36-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42811 - data
Author: opal Date: 2016-06-26 21:07:50 + (Sun, 26 Jun 2016) New Revision: 42811 Modified: data/dla-needed.txt Log: Claiming phpmyadmin. Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-26 19:22:55 UTC (rev 42810) +++ data/dla-needed.txt 2016-06-26 21:07:50 UTC (rev 42811) @@ -64,7 +64,7 @@ -- php5 (Thorsten Alteholz) -- -phpmyadmin +phpmyadmin (Ola Lundqvist) -- pidgin (Brian May) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42810 - data/DLA
Author: apo Date: 2016-06-26 19:22:55 + (Sun, 26 Jun 2016) New Revision: 42810 Modified: data/DLA/list Log: Reserve DLA-530-1 for java-common Modified: data/DLA/list === --- data/DLA/list 2016-06-26 18:05:39 UTC (rev 42809) +++ data/DLA/list 2016-06-26 19:22:55 UTC (rev 42810) @@ -1,3 +1,5 @@ +[26 Jun 2016] DLA-530-1 java-common - security update + [wheezy] - java-common 0.47+deb7u2 [26 Jun 2016] DLA-529-1 tomcat7 - security update {CVE-2016-3092} [wheezy] - tomcat7 7.0.28-4+deb7u5 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42809 - in data: . DLA
Author: apo Date: 2016-06-26 18:05:39 + (Sun, 26 Jun 2016) New Revision: 42809 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-529-1 for tomcat7 Modified: data/DLA/list === --- data/DLA/list 2016-06-26 18:03:09 UTC (rev 42808) +++ data/DLA/list 2016-06-26 18:05:39 UTC (rev 42809) @@ -1,3 +1,6 @@ +[26 Jun 2016] DLA-529-1 tomcat7 - security update + {CVE-2016-3092} + [wheezy] - tomcat7 7.0.28-4+deb7u5 [26 Jun 2016] DLA-528-1 libcommons-fileupload-java - security update {CVE-2016-3092} [wheezy] - libcommons-fileupload-java 1.2.2-1+deb7u3 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-26 18:03:09 UTC (rev 42808) +++ data/dla-needed.txt 2016-06-26 18:05:39 UTC (rev 42809) @@ -101,8 +101,6 @@ -- tiff3 -- -tomcat7 (Markus Koschany) --- wget (Thorsten Alteholz) -- wireshark (Balint Reczey) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42808 - in data: . DLA
Author: apo Date: 2016-06-26 18:03:09 + (Sun, 26 Jun 2016) New Revision: 42808 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-528-1 for libcommons-fileupload-java Modified: data/DLA/list === --- data/DLA/list 2016-06-26 18:01:41 UTC (rev 42807) +++ data/DLA/list 2016-06-26 18:03:09 UTC (rev 42808) @@ -1,3 +1,6 @@ +[26 Jun 2016] DLA-528-1 libcommons-fileupload-java - security update + {CVE-2016-3092} + [wheezy] - libcommons-fileupload-java 1.2.2-1+deb7u3 [25 Jun 2016] DLA-527-1 nss - security update {CVE-2016-2834} [wheezy] - nss 2:3.14.5-1+deb7u8 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-26 18:01:41 UTC (rev 42807) +++ data/dla-needed.txt 2016-06-26 18:03:09 UTC (rev 42808) @@ -36,8 +36,6 @@ -- libarchive (Markus Koschany) -- -libcommons-fileupload-java (Markus Koschany) --- libgd2 (Thorsten Alteholz) -- libjackson-json-java ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42807 - data
Author: apo Date: 2016-06-26 18:01:41 + (Sun, 26 Jun 2016) New Revision: 42807 Modified: data/dla-needed.txt Log: Remove Tomcat 6 from dla-needed.txt. It is not affected by CVE-2016-3092 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-26 18:00:14 UTC (rev 42806) +++ data/dla-needed.txt 2016-06-26 18:01:41 UTC (rev 42807) @@ -103,8 +103,6 @@ -- tiff3 -- -tomcat6 (Markus Koschany) --- tomcat7 (Markus Koschany) -- wget (Thorsten Alteholz) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42806 - data/CVE
Author: apo Date: 2016-06-26 18:00:14 + (Sun, 26 Jun 2016) New Revision: 42806 Modified: data/CVE/list Log: CVE-2016-3092: Tomcat 6 is not affected Modified: data/CVE/list === --- data/CVE/list 2016-06-26 14:01:44 UTC (rev 42805) +++ data/CVE/list 2016-06-26 18:00:14 UTC (rev 42806) @@ -7636,12 +7636,12 @@ CVE-2016-3092 RESERVED - libcommons-fileupload-java 1.3.2-1 - - tomcat6 - tomcat7 7.0.70-1 - tomcat8 8.0.36-1 - tomcat9 (bug #802312) NOTE: Fixed by https://svn.apache.org/r1743480 NOTE: Upstream advisory http://markmail.org/message/oyxfv73jb2g7rjg3 + NOTE: https://mail-archives.us.apache.org/mod_mbox/www-announce/201606.mbox/%3c6223ece6-2b41-ef4f-22f9-d3481e492...@apache.org%3E CVE-2016-3091 RESERVED CVE-2016-3090 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42805 - data/CVE
Author: carnil Date: 2016-06-26 14:01:44 + (Sun, 26 Jun 2016) New Revision: 42805 Modified: data/CVE/list Log: Add CVE-2016-5829/linux Modified: data/CVE/list === --- data/CVE/list 2016-06-26 13:58:47 UTC (rev 42804) +++ data/CVE/list 2016-06-26 14:01:44 UTC (rev 42805) @@ -10,6 +10,9 @@ - imagemagick NOTE: Details: http://www.openwall.com/lists/oss-security/2016/06/23/1 NOTE: https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b +CVE-2016-5829 [HID: hiddev buffer overflows] + - linux + NOTE: Fixed by: https://git.kernel.org/linus/93a2001bdfd5376c3dc2158653034c20392d15c5 CVE-2016-5828 [powerpc/tm: Always reclaim in start_thread() for exec() class syscalls] - linux [wheezy] - linux (Introduced in v3.10-rc1) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42804 - data/CVE
Author: carnil Date: 2016-06-26 13:58:47 + (Sun, 26 Jun 2016) New Revision: 42804 Modified: data/CVE/list Log: Add five libical CVEs, but all with unclear details Modified: data/CVE/list === --- data/CVE/list 2016-06-26 13:55:50 UTC (rev 42803) +++ data/CVE/list 2016-06-26 13:58:47 UTC (rev 42804) @@ -15,6 +15,25 @@ [wheezy] - linux (Introduced in v3.10-rc1) NOTE: https://patchwork.ozlabs.org/patch/636776/ NOTE: Introduced in https://git.kernel.org/linus/bc2a9408fa65195288b41751016c36fd00a75a85 (v3.10-rc1) +CVE-2016-5827 + - libical + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1281043 + TODO: check +CVE-2016-5826 + - libical + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1281041 + TODO: check +CVE-2016-5825 + - libical + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1280832 + TODO: check +CVE-2016-5824 + - libical + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1275400 + TODO: check +CVE-2016-5823 + - libical + TODO: check CVE-2016-5744 RESERVED CVE-2016-5743 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42803 - data
Author: rbalint Date: 2016-06-26 13:55:50 + (Sun, 26 Jun 2016) New Revision: 42803 Modified: data/dla-needed.txt Log: pochu forwarded tiff CVE-s upstream Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-25 22:46:14 UTC (rev 42802) +++ data/dla-needed.txt 2016-06-26 13:55:50 UTC (rev 42803) @@ -99,6 +99,7 @@ -- tiff NOTE: 20160226, no fix available yet + NOTE: 20160626, there are new vulnerabilities, Emilio Pozuelo Monfort forwarded them upstream -- tiff3 -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits