[Secure-testing-commits] r42813 - data/CVE
Author: opal Date: 2016-06-26 21:46:33 + (Sun, 26 Jun 2016) New Revision: 42813 Modified: data/CVE/list Log: Marked minor issues as no-dsa. Modified: data/CVE/list === --- data/CVE/list 2016-06-26 21:10:15 UTC (rev 42812) +++ data/CVE/list 2016-06-26 21:46:33 UTC (rev 42813) @@ -147,6 +147,7 @@ CVE-2016-5730 [PMASA-2016-23: Multiple full path disclosure vulnerabilities] RESERVED - phpmyadmin 4:4.6.3-1 + [wheezy] - phpmyadmin (Minor issue) CVE-2016-5742 [SQL injection in MovableType xml-rpc interface] RESERVED - movabletype-opensource @@ -218,9 +219,11 @@ CVE-2016-5702 [PMASA-2016-18: Cookie attribute injection attack] RESERVED - phpmyadmin 4:4.6.3-1 + [wheezy] - phpmyadmin (Minor issue) CVE-2016-5701 [PMASA-2016-17: BBCode injection vulnerability] RESERVED - phpmyadmin 4:4.6.3-1 + [wheezy] - phpmyadmin (Minor issue) CVE-2016-5700 RESERVED CVE-2016-5698 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42812 - data/CVE
Author: sectracker
Date: 2016-06-26 21:10:15 + (Sun, 26 Jun 2016)
New Revision: 42812
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-26 21:07:50 UTC (rev 42811)
+++ data/CVE/list 2016-06-26 21:10:15 UTC (rev 42812)
@@ -7635,6 +7635,7 @@
NOTE: https://struts.apache.org/docs/s2-034.html
CVE-2016-3092
RESERVED
+ {DLA-529-1 DLA-528-1}
- libcommons-fileupload-java 1.3.2-1
- tomcat7 7.0.70-1
- tomcat8 8.0.36-1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42811 - data
Author: opal Date: 2016-06-26 21:07:50 + (Sun, 26 Jun 2016) New Revision: 42811 Modified: data/dla-needed.txt Log: Claiming phpmyadmin. Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-26 19:22:55 UTC (rev 42810) +++ data/dla-needed.txt 2016-06-26 21:07:50 UTC (rev 42811) @@ -64,7 +64,7 @@ -- php5 (Thorsten Alteholz) -- -phpmyadmin +phpmyadmin (Ola Lundqvist) -- pidgin (Brian May) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42810 - data/DLA
Author: apo
Date: 2016-06-26 19:22:55 + (Sun, 26 Jun 2016)
New Revision: 42810
Modified:
data/DLA/list
Log:
Reserve DLA-530-1 for java-common
Modified: data/DLA/list
===
--- data/DLA/list 2016-06-26 18:05:39 UTC (rev 42809)
+++ data/DLA/list 2016-06-26 19:22:55 UTC (rev 42810)
@@ -1,3 +1,5 @@
+[26 Jun 2016] DLA-530-1 java-common - security update
+ [wheezy] - java-common 0.47+deb7u2
[26 Jun 2016] DLA-529-1 tomcat7 - security update
{CVE-2016-3092}
[wheezy] - tomcat7 7.0.28-4+deb7u5
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42809 - in data: . DLA
Author: apo
Date: 2016-06-26 18:05:39 + (Sun, 26 Jun 2016)
New Revision: 42809
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-529-1 for tomcat7
Modified: data/DLA/list
===
--- data/DLA/list 2016-06-26 18:03:09 UTC (rev 42808)
+++ data/DLA/list 2016-06-26 18:05:39 UTC (rev 42809)
@@ -1,3 +1,6 @@
+[26 Jun 2016] DLA-529-1 tomcat7 - security update
+ {CVE-2016-3092}
+ [wheezy] - tomcat7 7.0.28-4+deb7u5
[26 Jun 2016] DLA-528-1 libcommons-fileupload-java - security update
{CVE-2016-3092}
[wheezy] - libcommons-fileupload-java 1.2.2-1+deb7u3
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-06-26 18:03:09 UTC (rev 42808)
+++ data/dla-needed.txt 2016-06-26 18:05:39 UTC (rev 42809)
@@ -101,8 +101,6 @@
--
tiff3
--
-tomcat7 (Markus Koschany)
---
wget (Thorsten Alteholz)
--
wireshark (Balint Reczey)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42808 - in data: . DLA
Author: apo
Date: 2016-06-26 18:03:09 + (Sun, 26 Jun 2016)
New Revision: 42808
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-528-1 for libcommons-fileupload-java
Modified: data/DLA/list
===
--- data/DLA/list 2016-06-26 18:01:41 UTC (rev 42807)
+++ data/DLA/list 2016-06-26 18:03:09 UTC (rev 42808)
@@ -1,3 +1,6 @@
+[26 Jun 2016] DLA-528-1 libcommons-fileupload-java - security update
+ {CVE-2016-3092}
+ [wheezy] - libcommons-fileupload-java 1.2.2-1+deb7u3
[25 Jun 2016] DLA-527-1 nss - security update
{CVE-2016-2834}
[wheezy] - nss 2:3.14.5-1+deb7u8
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-06-26 18:01:41 UTC (rev 42807)
+++ data/dla-needed.txt 2016-06-26 18:03:09 UTC (rev 42808)
@@ -36,8 +36,6 @@
--
libarchive (Markus Koschany)
--
-libcommons-fileupload-java (Markus Koschany)
---
libgd2 (Thorsten Alteholz)
--
libjackson-json-java
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42807 - data
Author: apo Date: 2016-06-26 18:01:41 + (Sun, 26 Jun 2016) New Revision: 42807 Modified: data/dla-needed.txt Log: Remove Tomcat 6 from dla-needed.txt. It is not affected by CVE-2016-3092 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-26 18:00:14 UTC (rev 42806) +++ data/dla-needed.txt 2016-06-26 18:01:41 UTC (rev 42807) @@ -103,8 +103,6 @@ -- tiff3 -- -tomcat6 (Markus Koschany) --- tomcat7 (Markus Koschany) -- wget (Thorsten Alteholz) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42806 - data/CVE
Author: apo Date: 2016-06-26 18:00:14 + (Sun, 26 Jun 2016) New Revision: 42806 Modified: data/CVE/list Log: CVE-2016-3092: Tomcat 6 is not affected Modified: data/CVE/list === --- data/CVE/list 2016-06-26 14:01:44 UTC (rev 42805) +++ data/CVE/list 2016-06-26 18:00:14 UTC (rev 42806) @@ -7636,12 +7636,12 @@ CVE-2016-3092 RESERVED - libcommons-fileupload-java 1.3.2-1 - - tomcat6 - tomcat7 7.0.70-1 - tomcat8 8.0.36-1 - tomcat9 (bug #802312) NOTE: Fixed by https://svn.apache.org/r1743480 NOTE: Upstream advisory http://markmail.org/message/oyxfv73jb2g7rjg3 + NOTE: https://mail-archives.us.apache.org/mod_mbox/www-announce/201606.mbox/%3c6223ece6-2b41-ef4f-22f9-d3481e492...@apache.org%3E CVE-2016-3091 RESERVED CVE-2016-3090 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42805 - data/CVE
Author: carnil Date: 2016-06-26 14:01:44 + (Sun, 26 Jun 2016) New Revision: 42805 Modified: data/CVE/list Log: Add CVE-2016-5829/linux Modified: data/CVE/list === --- data/CVE/list 2016-06-26 13:58:47 UTC (rev 42804) +++ data/CVE/list 2016-06-26 14:01:44 UTC (rev 42805) @@ -10,6 +10,9 @@ - imagemagick NOTE: Details: http://www.openwall.com/lists/oss-security/2016/06/23/1 NOTE: https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b +CVE-2016-5829 [HID: hiddev buffer overflows] + - linux + NOTE: Fixed by: https://git.kernel.org/linus/93a2001bdfd5376c3dc2158653034c20392d15c5 CVE-2016-5828 [powerpc/tm: Always reclaim in start_thread() for exec() class syscalls] - linux [wheezy] - linux (Introduced in v3.10-rc1) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42804 - data/CVE
Author: carnil Date: 2016-06-26 13:58:47 + (Sun, 26 Jun 2016) New Revision: 42804 Modified: data/CVE/list Log: Add five libical CVEs, but all with unclear details Modified: data/CVE/list === --- data/CVE/list 2016-06-26 13:55:50 UTC (rev 42803) +++ data/CVE/list 2016-06-26 13:58:47 UTC (rev 42804) @@ -15,6 +15,25 @@ [wheezy] - linux (Introduced in v3.10-rc1) NOTE: https://patchwork.ozlabs.org/patch/636776/ NOTE: Introduced in https://git.kernel.org/linus/bc2a9408fa65195288b41751016c36fd00a75a85 (v3.10-rc1) +CVE-2016-5827 + - libical + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1281043 + TODO: check +CVE-2016-5826 + - libical + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1281041 + TODO: check +CVE-2016-5825 + - libical + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1280832 + TODO: check +CVE-2016-5824 + - libical + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1275400 + TODO: check +CVE-2016-5823 + - libical + TODO: check CVE-2016-5744 RESERVED CVE-2016-5743 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42803 - data
Author: rbalint Date: 2016-06-26 13:55:50 + (Sun, 26 Jun 2016) New Revision: 42803 Modified: data/dla-needed.txt Log: pochu forwarded tiff CVE-s upstream Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-25 22:46:14 UTC (rev 42802) +++ data/dla-needed.txt 2016-06-26 13:55:50 UTC (rev 42803) @@ -99,6 +99,7 @@ -- tiff NOTE: 20160226, no fix available yet + NOTE: 20160626, there are new vulnerabilities, Emilio Pozuelo Monfort forwarded them upstream -- tiff3 -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
