[Secure-testing-commits] r43067 - data/CVE
Author: carnil Date: 2016-07-08 06:44:27 + (Fri, 08 Jul 2016) New Revision: 43067 Modified: data/CVE/list Log: Update information for CVE-2016-6156 Modified: data/CVE/list === --- data/CVE/list 2016-07-08 06:37:55 UTC (rev 43066) +++ data/CVE/list 2016-07-08 06:44:27 UTC (rev 43067) @@ -70,7 +70,8 @@ CVE-2016-6156 RESERVED - linux - NOTE: https://git.kernel.org/linus/096cdc6f52225835ff503f987a0d68ef770bb78e + NOTE: Fixed by: https://git.kernel.org/linus/096cdc6f52225835ff503f987a0d68ef770bb78e + NOTE: Introduced by: https://git.kernel.org/linus/a841178445bb72a3d566b4e6ab9d19e9b002eb47 (v4.2-rc1) CVE-2016-6155 RESERVED CVE-2016-6154 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43066 - data/CVE
Author: carnil Date: 2016-07-08 06:37:55 + (Fri, 08 Jul 2016) New Revision: 43066 Modified: data/CVE/list Log: Add CVE-2016-6156 information Modified: data/CVE/list === --- data/CVE/list 2016-07-08 06:22:11 UTC (rev 43065) +++ data/CVE/list 2016-07-08 06:37:55 UTC (rev 43066) @@ -69,6 +69,8 @@ RESERVED CVE-2016-6156 RESERVED + - linux + NOTE: https://git.kernel.org/linus/096cdc6f52225835ff503f987a0d68ef770bb78e CVE-2016-6155 RESERVED CVE-2016-6154 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43065 - data/CVE
Author: carnil Date: 2016-07-08 06:22:11 + (Fri, 08 Jul 2016) New Revision: 43065 Modified: data/CVE/list Log: Fix typos in CVE ids when adding the DNS entries Modified: data/CVE/list === --- data/CVE/list 2016-07-07 23:52:41 UTC (rev 43064) +++ data/CVE/list 2016-07-08 06:22:11 UTC (rev 43065) @@ -2,10 +2,6 @@ RESERVED CVE-2016-6174 RESERVED -CVE-2016-6173 - RESERVED -CVE-2016-6172 - RESERVED CVE-2016-6169 RESERVED CVE-2016-6168 @@ -30,11 +26,11 @@ RESERVED CVE-2016-104 RESERVED -CVE-2016-6713 +CVE-2016-6173 - nsd [jessie] - nsd (Minor issue) NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790 -CVE-2016-6712 +CVE-2016-6172 - pdns [jessie] - pdns (Minor issue) NOTE: https://github.com/PowerDNS/pdns/issues/4128 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43064 - in data: . DLA
Author: kitterman
Date: 2016-07-07 23:52:41 + (Thu, 07 Jul 2016)
New Revision: 43064
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-546-1 for clamav
Modified: data/DLA/list
===
--- data/DLA/list 2016-07-07 21:10:11 UTC (rev 43063)
+++ data/DLA/list 2016-07-07 23:52:41 UTC (rev 43064)
@@ -1,3 +1,5 @@
+[07 Jul 2016] DLA-546-1 clamav - security update
+ [wheezy] - clamav 0.99.2+dfsg-0+deb7u1
[07 Jul 2016] DLA-545-1 icu - security update
{CVE-2015-2632 CVE-2015-4844 CVE-2016-0494}
[wheezy] - icu 4.8.1.1-12+deb7u4
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-07-07 21:10:11 UTC (rev 43063)
+++ data/dla-needed.txt 2016-07-07 23:52:41 UTC (rev 43064)
@@ -24,11 +24,6 @@
cakephp
NOTE: CVE-2015-8379 No official solution is currently available, 20160425
--
-clamav (Emilio Pozuelo)
- NOTE: Should be updated to the latest stable release 0.99.2 in line with the
-approach for Jessie.
- NOTE: Maintainer will upload after #826607 is fixed in jessie.
---
extplorer
NOTE: 20160529, no fix yet
NOTE: 20160618, still no fix
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43063 - data/CVE
Author: sectracker
Date: 2016-07-07 21:10:11 + (Thu, 07 Jul 2016)
New Revision: 43063
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2016-07-07 20:24:59 UTC (rev 43062)
+++ data/CVE/list 2016-07-07 21:10:11 UTC (rev 43063)
@@ -1,3 +1,35 @@
+CVE-2016-6175
+ RESERVED
+CVE-2016-6174
+ RESERVED
+CVE-2016-6173
+ RESERVED
+CVE-2016-6172
+ RESERVED
+CVE-2016-6169
+ RESERVED
+CVE-2016-6168
+ RESERVED
+CVE-2016-6167
+ RESERVED
+CVE-2016-6166
+ RESERVED
+CVE-2016-6165
+ RESERVED
+CVE-2016-6164
+ RESERVED
+CVE-2016-1000101
+ RESERVED
+CVE-2016-1000100
+ RESERVED
+CVE-2016-108
+ RESERVED
+CVE-2016-106
+ RESERVED
+CVE-2016-105
+ RESERVED
+CVE-2016-104
+ RESERVED
CVE-2016-6713
- nsd
[jessie] - nsd (Minor issue)
@@ -9,23 +41,27 @@
NOTE: Master: https://github.com/PowerDNS/pdns/pull/4133
NOTE: 3.4.x: https://github.com/PowerDNS/pdns/pull/4134
CVE-2016-6171
+ RESERVED
- knot
[jessie] - knot (Minor issue)
NOTE: https://gitlab.labs.nic.cz/labs/knot/merge_requests/541
-CVE-2016-6170
+CVE-2016-6170 (ISC BIND through 9.10.4-P1 allows primary DNS servers to cause
a ...)
- bind9
[jessie] - bind9 (Minor issue)
NOTE: Fixed by
https://github.com/sischkg/xfer-limit/blob/master/bind-9.10.3-xfer-limit-0.0.1.patch
NOTE: Fixed by
https://github.com/sischkg/xfer-limit/blob/master/bind-9.9.9-P1-xfer-limit-0.0.1.patch
CVE-2016-6163 [read out-of-bounds in librsvg2 (a dependency of gdk-pixbuf used
to render svg images).]
+ RESERVED
- librsvg 2.40.9-2
[jessie] - librsvg (Minor issue)
[wheezy] - librsvg (vulnerable code not present, no
segfault)
NOTE: Fixed by:
https://git.gnome.org/browse/librsvg/commit/?id=0035e95118a60c0cd3949c2300472d805e16a022
(2.40.7)
NOTE: Reproducer attached in http://seclists.org/oss-sec/2016/q3/7
CVE-2016-6162 [BUG_ON crash in linux 4.7-rc6/master skbuff.c]
+ RESERVED
- linux (Vulnerable code introduced in 4.7-rc1)
CVE-2016-6161
+ RESERVED
- libgd2 2.2.1-1
NOTE: https://github.com/libgd/libgd/issues/209
NOTE:
https://github.com/libgd/libgd/commit/82b80dcb70a7ca8986125ff412bceddafc896842
(gd-2.2.0)
@@ -88,6 +124,8 @@
NOTE:
https://pagure.io/pagure/c/070d63983fe5daef92005ea33d3b8c693c224c77
TODO: check if this CVE is correct
CVE-2016-6160 [segfault upon huge frames, missing size check]
+ RESERVED
+ {DLA-544-1}
- tcpreplay 3.4.4-3 (bug #829350)
[jessie] - tcpreplay (Minor issue; will be addressed via point
release)
CVE-2016-6133
@@ -3375,8 +3413,7 @@
CVE-2016-4980
RESERVED
NOT-FOR-US: Red Hat xguest kiosk mode
-CVE-2016-4979
- RESERVED
+CVE-2016-4979 (The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2
and ...)
- apache2 2.4.23-1
[jessie] - apache2 (Vulnerable code not present)
[wheezy] - apache2 (Vulnerable code not present)
@@ -4760,10 +4797,10 @@
TODO: check
CVE-2016-4509 (Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft
2.4.01 and ...)
TODO: check
-CVE-2016-4508
- RESERVED
-CVE-2016-4507
- RESERVED
+CVE-2016-4508 (Cross-site scripting (XSS) vulnerability in Rexroth Bosch ...)
+ TODO: check
+CVE-2016-4507 (SQL injection vulnerability in Rexroth Bosch
BLADEcontrol-WebVIS 3.0.2 ...)
+ TODO: check
CVE-2016-4506 (Cross-site request forgery (CSRF) vulnerability on Resource
Data ...)
NOT-FOR-US: Resource Data Management
CVE-2016-4505 (Resource Data Management (RDM) Intuitive 650 TDB Controller
devices ...)
@@ -5477,7 +5514,7 @@
NOTE: https://trac.mplayerhq.hu/ticket/2295
NOTE: Fixed in Revision r37857 upstream
NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/3
-CVE-2015-8869 (OCamel before 4.03.0 does not properly handle sign extensions,
which ...)
+CVE-2015-8869 (OCaml before 4.03.0 does not properly handle sign extensions,
which ...)
{DLA-466-1}
- ocaml (bug #824139)
[jessie] - ocaml (Minor issue; can be fixed via point release
and sheduling binNMUs there)
@@ -14387,8 +14424,7 @@
- ntp 1:4.2.8p7+dfsg-1
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
TODO: check
-CVE-2016-1546
- RESERVED
+CVE-2016-1546 (The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is
enabled, ...)
- apache2 2.4.20-1
[jessie] - apache2 (Vulnerable code not present)
[wheezy] - apache2 (Vulnerable code not present)
@@ -16555,8 +16591,7 @@
NOT-FOR-US: EMC Isilon
CVE-2016-0907 (EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x
before ...)
NOT-FOR-US: EM
[Secure-testing-commits] r43062 - data/CVE
Author: jmm Date: 2016-07-07 20:24:59 + (Thu, 07 Jul 2016) New Revision: 43062 Modified: data/CVE/list Log: various no-dsa Modified: data/CVE/list === --- data/CVE/list 2016-07-07 19:23:14 UTC (rev 43061) +++ data/CVE/list 2016-07-07 20:24:59 UTC (rev 43062) @@ -1,16 +1,20 @@ CVE-2016-6713 - nsd + [jessie] - nsd (Minor issue) NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790 CVE-2016-6712 - pdns + [jessie] - pdns (Minor issue) NOTE: https://github.com/PowerDNS/pdns/issues/4128 NOTE: Master: https://github.com/PowerDNS/pdns/pull/4133 NOTE: 3.4.x: https://github.com/PowerDNS/pdns/pull/4134 CVE-2016-6171 - knot + [jessie] - knot (Minor issue) NOTE: https://gitlab.labs.nic.cz/labs/knot/merge_requests/541 CVE-2016-6170 - bind9 + [jessie] - bind9 (Minor issue) NOTE: Fixed by https://github.com/sischkg/xfer-limit/blob/master/bind-9.10.3-xfer-limit-0.0.1.patch NOTE: Fixed by https://github.com/sischkg/xfer-limit/blob/master/bind-9.9.9-P1-xfer-limit-0.0.1.patch CVE-2016-6163 [read out-of-bounds in librsvg2 (a dependency of gdk-pixbuf used to render svg images).] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43061 - data/CVE
Author: carnil Date: 2016-07-07 19:23:14 + (Thu, 07 Jul 2016) New Revision: 43061 Modified: data/CVE/list Log: Update information for CVE-2016-6162 Modified: data/CVE/list === --- data/CVE/list 2016-07-07 17:30:28 UTC (rev 43060) +++ data/CVE/list 2016-07-07 19:23:14 UTC (rev 43061) @@ -20,7 +20,7 @@ NOTE: Fixed by: https://git.gnome.org/browse/librsvg/commit/?id=0035e95118a60c0cd3949c2300472d805e16a022 (2.40.7) NOTE: Reproducer attached in http://seclists.org/oss-sec/2016/q3/7 CVE-2016-6162 [BUG_ON crash in linux 4.7-rc6/master skbuff.c] - - linux + - linux (Vulnerable code introduced in 4.7-rc1) CVE-2016-6161 - libgd2 2.2.1-1 NOTE: https://github.com/libgd/libgd/issues/209 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43060 - in data: . DLA
Author: roberto
Date: 2016-07-07 17:30:28 + (Thu, 07 Jul 2016)
New Revision: 43060
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-545-1 for icu
Modified: data/DLA/list
===
--- data/DLA/list 2016-07-07 17:28:03 UTC (rev 43059)
+++ data/DLA/list 2016-07-07 17:30:28 UTC (rev 43060)
@@ -1,3 +1,6 @@
+[07 Jul 2016] DLA-545-1 icu - security update
+ {CVE-2015-2632 CVE-2015-4844 CVE-2016-0494}
+ [wheezy] - icu 4.8.1.1-12+deb7u4
[07 Jul 2016] DLA-544-1 tcpreplay - security update
{CVE-2016-6160}
[wheezy] - tcpreplay 3.4.3-2+wheezy2
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-07-07 17:28:03 UTC (rev 43059)
+++ data/dla-needed.txt 2016-07-07 17:30:28 UTC (rev 43060)
@@ -43,10 +43,6 @@
--
ht
--
-icu (Roberto C. Sánchez)
- NOTE: check comments on CVE-2016-0494 as well
- NOTE: Upload is ready, waiting on upstream feedback on the patches:
http://bugs.icu-project.org/trac/ticket/12276
---
imagemagick (Ben Hutchings)
--
libarchive (Markus Koschany)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43059 - data
Author: carnil Date: 2016-07-07 17:28:03 + (Thu, 07 Jul 2016) New Revision: 43059 Modified: data/next-point-update.txt Log: tcpreplay scheduled for next jessie point release Modified: data/next-point-update.txt === --- data/next-point-update.txt 2016-07-07 17:17:01 UTC (rev 43058) +++ data/next-point-update.txt 2016-07-07 17:28:03 UTC (rev 43059) @@ -56,3 +56,5 @@ CVE-2015- [remotely triggerable crash] [jessie] - ruby-eventmachine 1.0.3-6+deb8u1 NOTE: Cf. #829650 +CVE-2016-6160 + [jessie] - tcpreplay 3.4.4-2+deb8u1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43058 - in data: . DLA
Author: cbiedl-guest
Date: 2016-07-07 17:17:01 + (Thu, 07 Jul 2016)
New Revision: 43058
Modified:
data/DLA/list
data/dla-needed.txt
Log:
tcpreplay done
Modified: data/DLA/list
===
--- data/DLA/list 2016-07-07 17:12:57 UTC (rev 43057)
+++ data/DLA/list 2016-07-07 17:17:01 UTC (rev 43058)
@@ -1,3 +1,6 @@
+[07 Jul 2016] DLA-544-1 tcpreplay - security update
+ {CVE-2016-6160}
+ [wheezy] - tcpreplay 3.4.3-2+wheezy2
[05 Jul 2016] DLA-543-1 sqlite3 - security update
{CVE-2016-6153}
[wheezy] - sqlite3 3.7.13-1+deb7u3
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-07-07 17:12:57 UTC (rev 43057)
+++ data/dla-needed.txt 2016-07-07 17:17:01 UTC (rev 43058)
@@ -113,8 +113,6 @@
https://anonscm.debian.org/cgit/collab-maint/tardiff.git/log/?h=wheezy
NOTE: maintainer showed interest to do the LTS upload on his own
--
-tcpreplay (Christoph Biedl)
---
tiff
NOTE: 20160226, no fix available yet
NOTE: 20160626, there are new vulnerabilities, Emilio Pozuelo Monfort
forwarded them upstream
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43057 - data/CVE
Author: apo Date: 2016-07-07 17:12:57 + (Thu, 07 Jul 2016) New Revision: 43057 Modified: data/CVE/list Log: CVE-2016-6170: Add links to proposed patches Modified: data/CVE/list === --- data/CVE/list 2016-07-07 17:11:22 UTC (rev 43056) +++ data/CVE/list 2016-07-07 17:12:57 UTC (rev 43057) @@ -11,6 +11,8 @@ NOTE: https://gitlab.labs.nic.cz/labs/knot/merge_requests/541 CVE-2016-6170 - bind9 + NOTE: Fixed by https://github.com/sischkg/xfer-limit/blob/master/bind-9.10.3-xfer-limit-0.0.1.patch + NOTE: Fixed by https://github.com/sischkg/xfer-limit/blob/master/bind-9.9.9-P1-xfer-limit-0.0.1.patch CVE-2016-6163 [read out-of-bounds in librsvg2 (a dependency of gdk-pixbuf used to render svg images).] - librsvg 2.40.9-2 [jessie] - librsvg (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43056 - data
Author: apo Date: 2016-07-07 17:11:22 + (Thu, 07 Jul 2016) New Revision: 43056 Modified: data/dla-needed.txt Log: Add pdns to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-07 17:08:59 UTC (rev 43055) +++ data/dla-needed.txt 2016-07-07 17:11:22 UTC (rev 43056) @@ -78,6 +78,8 @@ NOTE: Kurt Roeckx considers CVE-2016-2177 and CVE-2016-2178 to be low NOTE: priority issues and will fix them after the next release of OpenSSL. -- +pdns +-- php5 (Thorsten Alteholz) NOTE: At least CVE-2016-4538 of the outstanding CVEs are vulnerable -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43055 - data
Author: apo Date: 2016-07-07 17:08:59 + (Thu, 07 Jul 2016) New Revision: 43055 Modified: data/dla-needed.txt Log: Add bind9 to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-07 16:35:40 UTC (rev 43054) +++ data/dla-needed.txt 2016-07-07 17:08:59 UTC (rev 43055) @@ -11,6 +11,8 @@ -- asterisk (Thorsten Alteholz) -- +bind9 +-- binutils (Brian May) -- binutils-h8300-hms ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43054 - data/CVE
Author: apo Date: 2016-07-07 16:35:40 + (Thu, 07 Jul 2016) New Revision: 43054 Modified: data/CVE/list Log: Mark CVE-2016-6163 as not-affected in Wheezy Unreproducible, vulnerable fallback functions not present. Modified: data/CVE/list === --- data/CVE/list 2016-07-07 15:29:47 UTC (rev 43053) +++ data/CVE/list 2016-07-07 16:35:40 UTC (rev 43054) @@ -14,6 +14,7 @@ CVE-2016-6163 [read out-of-bounds in librsvg2 (a dependency of gdk-pixbuf used to render svg images).] - librsvg 2.40.9-2 [jessie] - librsvg (Minor issue) + [wheezy] - librsvg (vulnerable code not present, no segfault) NOTE: Fixed by: https://git.gnome.org/browse/librsvg/commit/?id=0035e95118a60c0cd3949c2300472d805e16a022 (2.40.7) NOTE: Reproducer attached in http://seclists.org/oss-sec/2016/q3/7 CVE-2016-6162 [BUG_ON crash in linux 4.7-rc6/master skbuff.c] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43053 - data/CVE
Author: santiago Date: 2016-07-07 15:29:47 + (Thu, 07 Jul 2016) New Revision: 43053 Modified: data/CVE/list Log: CVE-2016-2119/samba: wheezy not-affected Modified: data/CVE/list === --- data/CVE/list 2016-07-07 14:31:41 UTC (rev 43052) +++ data/CVE/list 2016-07-07 15:29:47 UTC (rev 43053) @@ -12088,6 +12088,7 @@ CVE-2016-2119 [Client side SMB2/3 required signing can be downgraded] RESERVED - samba (bug #830195) + [wheezy] - samba (Affects Samba 4.0.0 to 4.4.0) NOTE: https://www.samba.org/samba/security/CVE-2016-2119.html NOTE: Affects Samba 4.0.0 to 4.4.4 CVE-2016-2118 (The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43052 - data/CVE
Author: carnil Date: 2016-07-07 14:31:41 + (Thu, 07 Jul 2016) New Revision: 43052 Modified: data/CVE/list Log: Reference commits for pnds issue Modified: data/CVE/list === --- data/CVE/list 2016-07-07 14:06:15 UTC (rev 43051) +++ data/CVE/list 2016-07-07 14:31:41 UTC (rev 43052) @@ -4,6 +4,8 @@ CVE-2016-6712 - pdns NOTE: https://github.com/PowerDNS/pdns/issues/4128 + NOTE: Master: https://github.com/PowerDNS/pdns/pull/4133 + NOTE: 3.4.x: https://github.com/PowerDNS/pdns/pull/4134 CVE-2016-6171 - knot NOTE: https://gitlab.labs.nic.cz/labs/knot/merge_requests/541 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43051 - data/CVE
Author: carnil
Date: 2016-07-07 14:06:15 + (Thu, 07 Jul 2016)
New Revision: 43051
Modified:
data/CVE/list
Log:
midgard2-core removed from the archive
Modified: data/CVE/list
===
--- data/CVE/list 2016-07-07 09:52:18 UTC (rev 43050)
+++ data/CVE/list 2016-07-07 14:06:15 UTC (rev 43051)
@@ -48799,7 +48799,7 @@
CVE-2014-8149
RESERVED
CVE-2014-8148 (The default D-Bus access control rule in Midgard2 10.05.7.1
allows ...)
- - midgard2-core (bug #774630)
+ - midgard2-core (bug #774630)
CVE-2014-8147 (The resolveImplicitLevels function in common/ubidi.c in the
Unicode ...)
{DSA-3323-1}
- icu 52.1-9 (bug #784773)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43050 - data/CVE
Author: carnil Date: 2016-07-07 09:52:18 + (Thu, 07 Jul 2016) New Revision: 43050 Modified: data/CVE/list Log: Add reference for CVE-2016-6712 Modified: data/CVE/list === --- data/CVE/list 2016-07-07 09:40:57 UTC (rev 43049) +++ data/CVE/list 2016-07-07 09:52:18 UTC (rev 43050) @@ -3,6 +3,7 @@ NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790 CVE-2016-6712 - pdns + NOTE: https://github.com/PowerDNS/pdns/issues/4128 CVE-2016-6171 - knot NOTE: https://gitlab.labs.nic.cz/labs/knot/merge_requests/541 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43049 - data/CVE
Author: carnil Date: 2016-07-07 09:40:57 + (Thu, 07 Jul 2016) New Revision: 43049 Modified: data/CVE/list Log: Report bug for samba issue, #830195 Modified: data/CVE/list === --- data/CVE/list 2016-07-07 09:31:37 UTC (rev 43048) +++ data/CVE/list 2016-07-07 09:40:57 UTC (rev 43049) @@ -12084,7 +12084,7 @@ RESERVED CVE-2016-2119 [Client side SMB2/3 required signing can be downgraded] RESERVED - - samba + - samba (bug #830195) NOTE: https://www.samba.org/samba/security/CVE-2016-2119.html NOTE: Affects Samba 4.0.0 to 4.4.4 CVE-2016-2118 (The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43048 - data/CVE
Author: carnil
Date: 2016-07-07 09:31:37 + (Thu, 07 Jul 2016)
New Revision: 43048
Modified:
data/CVE/list
Log:
Add new samba issue
Modified: data/CVE/list
===
--- data/CVE/list 2016-07-07 08:42:03 UTC (rev 43047)
+++ data/CVE/list 2016-07-07 09:31:37 UTC (rev 43048)
@@ -12082,8 +12082,11 @@
RESERVED
CVE-2016-2120
RESERVED
-CVE-2016-2119
+CVE-2016-2119 [Client side SMB2/3 required signing can be downgraded]
RESERVED
+ - samba
+ NOTE: https://www.samba.org/samba/security/CVE-2016-2119.html
+ NOTE: Affects Samba 4.0.0 to 4.4.4
CVE-2016-2118 (The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x
and 4.x ...)
{DSA-3548-1}
- samba 2:4.3.7+dfsg-1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43047 - data/CVE
Author: fgeek-guest Date: 2016-07-07 08:42:03 + (Thu, 07 Jul 2016) New Revision: 43047 Modified: data/CVE/list Log: NFU ESA-2016-054 Modified: data/CVE/list === --- data/CVE/list 2016-07-07 08:11:42 UTC (rev 43046) +++ data/CVE/list 2016-07-07 08:42:03 UTC (rev 43047) @@ -16543,6 +16543,7 @@ NOT-FOR-US: EMC Isilon CVE-2016-0906 RESERVED + NOT-FOR-US: EMC Avamar CVE-2016-0905 RESERVED CVE-2016-0904 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43046 - data/CVE
Author: carnil Date: 2016-07-07 08:11:42 + (Thu, 07 Jul 2016) New Revision: 43046 Modified: data/CVE/list Log: Add CVE-2016-6136/linux Modified: data/CVE/list === --- data/CVE/list 2016-07-07 06:27:58 UTC (rev 43045) +++ data/CVE/list 2016-07-07 08:11:42 UTC (rev 43046) @@ -63,8 +63,11 @@ RESERVED CVE-2016-6137 RESERVED -CVE-2016-6136 +CVE-2016-6136 [Double-Fetch Vulnerability in Linux-4.6/kernel/auditsc.c] RESERVED + - linux + NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=120681 + NOTE: https://github.com/linux-audit/audit-kernel/issues/18 CVE-2016-6135 RESERVED CVE-2016-6134 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
