[Secure-testing-commits] r43191 - data/CVE
Author: carnil Date: 2016-07-14 06:43:54 + (Thu, 14 Jul 2016) New Revision: 43191 Modified: data/CVE/list Log: Add CVE-2016-113/node-marked Modified: data/CVE/list === --- data/CVE/list 2016-07-14 06:42:27 UTC (rev 43190) +++ data/CVE/list 2016-07-14 06:43:54 UTC (rev 43191) @@ -65,6 +65,9 @@ RESERVED CVE-2016-113 RESERVED + - node-marked (unimportant) + NOTE: https://nodesecurity.io/advisories/101 + NOTE: nodejs not covered by security support CVE-2016-112 RESERVED CVE-2016-111 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43190 - data/CVE
Author: carnil Date: 2016-07-14 06:42:27 + (Thu, 14 Jul 2016) New Revision: 43190 Modified: data/CVE/list Log: Add CVE-2016-121 Modified: data/CVE/list === --- data/CVE/list 2016-07-14 06:42:17 UTC (rev 43189) +++ data/CVE/list 2016-07-14 06:42:27 UTC (rev 43190) @@ -46,6 +46,9 @@ NOTE: nodejs not covered by security support CVE-2016-121 RESERVED + - node-cli (unimportant) + NOTE: https://nodesecurity.io/advisories/95 + NOTE: nodejs not covered by security support CVE-2016-120 RESERVED CVE-2016-119 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43189 - data/CVE
Author: carnil Date: 2016-07-14 06:42:17 + (Thu, 14 Jul 2016) New Revision: 43189 Modified: data/CVE/list Log: Add missing note/explanation Modified: data/CVE/list === --- data/CVE/list 2016-07-14 06:39:21 UTC (rev 43188) +++ data/CVE/list 2016-07-14 06:42:17 UTC (rev 43189) @@ -43,6 +43,7 @@ - node-negotiator (unimportant) NOTE: https://nodesecurity.io/advisories/106 NOTE: https://github.com/distributedweaknessfiling/DWF-Database/commit/5e607a0cad2769db2be5aafc4d9b1ec49bd7bbbc + NOTE: nodejs not covered by security support CVE-2016-121 RESERVED CVE-2016-120 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43188 - data/CVE
Author: carnil Date: 2016-07-14 06:39:21 + (Thu, 14 Jul 2016) New Revision: 43188 Modified: data/CVE/list Log: Add CVE-2016-122 Modified: data/CVE/list === --- data/CVE/list 2016-07-14 06:36:37 UTC (rev 43187) +++ data/CVE/list 2016-07-14 06:39:21 UTC (rev 43188) @@ -40,6 +40,9 @@ RESERVED CVE-2016-122 RESERVED + - node-negotiator (unimportant) + NOTE: https://nodesecurity.io/advisories/106 + NOTE: https://github.com/distributedweaknessfiling/DWF-Database/commit/5e607a0cad2769db2be5aafc4d9b1ec49bd7bbbc CVE-2016-121 RESERVED CVE-2016-120 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43187 - data/CVE
Author: carnil Date: 2016-07-14 06:36:37 + (Thu, 14 Jul 2016) New Revision: 43187 Modified: data/CVE/list Log: Add CVE-2016-125/node-ws Modified: data/CVE/list === --- data/CVE/list 2016-07-14 06:34:03 UTC (rev 43186) +++ data/CVE/list 2016-07-14 06:36:37 UTC (rev 43187) @@ -32,6 +32,10 @@ RESERVED CVE-2016-125 RESERVED + - node-ws (unimportant) + NOTE: https://nodesecurity.io/advisories/120 + NOTE: https://github.com/nodejs/node/issues/7388 + NOTE: nodejs not covered by security support CVE-2016-124 RESERVED CVE-2016-122 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43186 - data/CVE
Author: carnil Date: 2016-07-14 06:34:03 + (Thu, 14 Jul 2016) New Revision: 43186 Modified: data/CVE/list Log: Correct CVE id Modified: data/CVE/list === --- data/CVE/list 2016-07-14 06:32:53 UTC (rev 43185) +++ data/CVE/list 2016-07-14 06:34:03 UTC (rev 43186) @@ -1,4 +1,4 @@ -CVE-2016-6208 [Reflected XSS vulnerability and possible phishing vector] +CVE-2016-6209 [Reflected XSS vulnerability and possible phishing vector] - nagios3 NOTE: http://seclists.org/fulldisclosure/2016/Jun/20 TODO: check, and check icinga as well ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43185 - data/CVE
Author: carnil Date: 2016-07-14 06:32:53 + (Thu, 14 Jul 2016) New Revision: 43185 Modified: data/CVE/list Log: Add CVE-2016-6208 Modified: data/CVE/list === --- data/CVE/list 2016-07-14 04:33:44 UTC (rev 43184) +++ data/CVE/list 2016-07-14 06:32:53 UTC (rev 43185) @@ -1,3 +1,7 @@ +CVE-2016-6208 [Reflected XSS vulnerability and possible phishing vector] + - nagios3 + NOTE: http://seclists.org/fulldisclosure/2016/Jun/20 + TODO: check, and check icinga as well CVE-2016-6206 RESERVED CVE-2016-6205 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43184 - data/CVE
Author: carnil Date: 2016-07-14 04:33:44 + (Thu, 14 Jul 2016) New Revision: 43184 Modified: data/CVE/list Log: Mark several NFUs Modified: data/CVE/list === --- data/CVE/list 2016-07-13 21:10:14 UTC (rev 43183) +++ data/CVE/list 2016-07-14 04:33:44 UTC (rev 43184) @@ -4254,9 +4254,9 @@ CVE-2016-4828 (The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress ...) TODO: check CVE-2016-4827 (Cross-site scripting (XSS) vulnerability in the Collne Welcart ...) - TODO: check + NOT-FOR-US: Collne Welcart e-Commerce plugin for WordPress CVE-2016-4826 (Cross-site scripting (XSS) vulnerability in the Collne Welcart ...) - TODO: check + NOT-FOR-US: Collne Welcart e-Commerce plugin for WordPress CVE-2016-4825 (The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows ...) TODO: check CVE-2016-4824 (The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV ...) @@ -4284,7 +4284,7 @@ CVE-2016-4813 (NetCommons 2.4.2.1 and earlier allows remote authenticated secretariat ...) TODO: check CVE-2016-4812 (Cross-site scripting (XSS) vulnerability in the Markdown on Save ...) - TODO: check + NOT-FOR-US: Markdown on Save Improved plugin for WordPress CVE-2016-4811 (The NTT Broadband Platform Japan Connected-free Wi-Fi application ...) TODO: check CVE-2016-4810 (Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR ...) @@ -5956,17 +5956,17 @@ CVE-2016-4256 RESERVED CVE-2016-4255 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...) - TODO: check + NOT-FOR-US: Adobe CVE-2016-4254 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...) - TODO: check + NOT-FOR-US: Adobe CVE-2016-4253 RESERVED CVE-2016-4252 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...) - TODO: check + NOT-FOR-US: Adobe CVE-2016-4251 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...) - TODO: check + NOT-FOR-US: Adobe CVE-2016-4250 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...) - TODO: check + NOT-FOR-US: Adobe CVE-2016-4249 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.366 and ...) TODO: check CVE-2016-4248 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 ...) @@ -6036,55 +6036,55 @@ CVE-2016-4216 (XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote ...) TODO: check CVE-2016-4215 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...) - TODO: check + NOT-FOR-US: Adobe CVE-2016-4214 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...) - TODO: check + NOT-FOR-US: Adobe CVE-2016-4213 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...) - TODO: check + NOT-FOR-US: Adobe CVE-2016-4212 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...) - TODO: check + NOT-FOR-US: Adobe CVE-2016-4211 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...) - TODO: check + NOT-FOR-US: Adobe CVE-2016-4210 (Integer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat ...) - TODO: check + NOT-FOR-US: Adobe CVE-2016-4209 (Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.17, ...) - TODO: check + NOT-FOR-US: Adobe CVE-2016-4208 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...) - TODO: check + NOT-FOR-US: Adobe CVE-2016-4207 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...) - TODO: check + NOT-FOR-US: Adobe CVE-2016-4206 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...) - TODO: check + NOT-FOR-US: Adobe CVE-2016-4205 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...) - TODO: check + NOT-FOR-US: Adobe CVE-2016-4204 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...) - TODO: check + NOT-FOR-US: Adobe CVE-2016-4203 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...) - TODO: check + NOT-FOR-US: Adobe CVE-2016-4202 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...) - TODO: check + NOT-FOR-US: Adobe CVE-2016-4201 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...) - TODO: check + NOT-FOR-US: Adobe CVE-2016-4200 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...) - TODO: check + NOT-FOR-US: Adobe CVE-2016-4199 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...) - TODO: check + NOT-FOR-US
[Secure-testing-commits] r43183 - data/CVE
Author: sectracker
Date: 2016-07-13 21:10:14 + (Wed, 13 Jul 2016)
New Revision: 43183
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2016-07-13 19:59:53 UTC (rev 43182)
+++ data/CVE/list 2016-07-13 21:10:14 UTC (rev 43183)
@@ -1,3 +1,61 @@
+CVE-2016-6206
+ RESERVED
+CVE-2016-6205
+ RESERVED
+CVE-2016-6204
+ RESERVED
+CVE-2016-6203
+ RESERVED
+CVE-2016-6202
+ RESERVED
+CVE-2016-6201
+ RESERVED
+CVE-2016-6200
+ RESERVED
+CVE-2016-6199
+ RESERVED
+CVE-2016-6196
+ RESERVED
+CVE-2016-6195
+ RESERVED
+CVE-2016-6194
+ RESERVED
+CVE-2016-6193
+ RESERVED
+CVE-2016-6192
+ RESERVED
+CVE-2016-126
+ RESERVED
+CVE-2016-125
+ RESERVED
+CVE-2016-124
+ RESERVED
+CVE-2016-122
+ RESERVED
+CVE-2016-121
+ RESERVED
+CVE-2016-120
+ RESERVED
+CVE-2016-119
+ RESERVED
+CVE-2016-118
+ RESERVED
+CVE-2016-117
+ RESERVED
+CVE-2016-116
+ RESERVED
+CVE-2016-115
+ RESERVED
+CVE-2016-114
+ RESERVED
+CVE-2016-113
+ RESERVED
+CVE-2016-112
+ RESERVED
+CVE-2016-111
+ RESERVED
+CVE-2016-110
+ RESERVED
CVE-2016- [Out-Of-Bounds Read in function read_image_tga of gd_tga.c]
- libgd2
NOTE: https://github.com/libgd/libgd/issues/248
@@ -27,6 +85,7 @@
- tiff3
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/07/13/3
CVE-2016-123
+ RESERVED
- node-minimatch (unimportant)
NOTE: https://nodesecurity.io/advisories/118
NOTE:
https://github.com/isaacs/minimatch/commit/6944abf9e0694bd22fd9dad293faa40c2bc8a955
@@ -42,10 +101,12 @@
[jessie] - leptonlib (Minor issue)
NOTE: Not exploitable with kernel hardening since jessie
CVE-2016-6198
+ RESERVED
- linux 4.5.5-1
NOTE:
https://git.kernel.org/linus/54d5ca871e72f2bb172ec9323497f01cd5091ec7 (v4.6)
NOTE:
https://git.kernel.org/linus/9409e22acdfc9153f88d9b1ed2bd2a5b34d2d3ca (v4.6)
CVE-2016-6197
+ RESERVED
- linux 4.6.1-1
[jessie] - linux (Vulnerable code not present)
[wheezy] - linux (Vulnerable code not present)
@@ -119,8 +180,8 @@
[wheezy] - perl (Will be fixed in future DLA)
CVE-2016-6175
RESERVED
-CVE-2016-6174
- RESERVED
+CVE-2016-6174 (applications/core/modules/front/system/content.php in Invision
Power ...)
+ TODO: check
CVE-2016-6169
RESERVED
CVE-2016-6168
@@ -861,8 +922,8 @@
RESERVED
CVE-2016-5852
RESERVED
-CVE-2016-5850
- RESERVED
+CVE-2016-5850 (Cross-site scripting (XSS) vulnerability in the volume backup
service ...)
+ TODO: check
CVE-2016-5873
RESERVED
- php-pecl-http 3.0.1-0.1
@@ -973,8 +1034,8 @@
RESERVED
CVE-2016-5782
RESERVED
-CVE-2016-5781
- RESERVED
+CVE-2016-5781 (Stack-based buffer overflow in WECON LeviStudio allows remote
...)
+ TODO: check
CVE-2016-5780
RESERVED
CVE-2016-5779
@@ -987,8 +1048,8 @@
RESERVED
CVE-2016-5775
RESERVED
-CVE-2016-5774
- RESERVED
+CVE-2016-5774 (The HTTPS server in Blue Coat PacketShaper S-Series 11.5.x
before ...)
+ TODO: check
CVE-2016-5765
RESERVED
CVE-2016-5764
@@ -1959,6 +2020,7 @@
CVE-2016-5435 (Memory leak in Huawei IPS Module, NGFW Module, NIP6300,
NIP6600, and ...)
TODO: check
CVE-2016-6211 [SA-CORE-2016-002 -- User module -- Saving user accounts can
sometimes grant the user all roles]
+ {DSA-3604-1}
- drupal7 7.44-1
[jessie] - drupal7 7.32-1+deb8u7
NOTE: https://www.drupal.org/SA-CORE-2016-002
@@ -2355,8 +2417,8 @@
RESERVED
CVE-2016-5309
RESERVED
-CVE-2016-5308
- RESERVED
+CVE-2016-5308 (The Client Intrusion Detection System (CIDS) driver before
15.0.6 in ...)
+ TODO: check
CVE-2016-5307 (Directory traversal vulnerability in Symantec Endpoint
Protection ...)
TODO: check
CVE-2016-5306 (Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5
does ...)
@@ -3205,7 +3267,7 @@
TODO: check
CVE-2014-9789 (The (1) alloc and (2) free APIs in ...)
TODO: check
-CVE-2014-9788 (Multiple buffer overflow in the voice drivers in the Qualcomm
...)
+CVE-2014-9788 (Multiple buffer overflows in the voice drivers in the Qualcomm
...)
TODO: check
CVE-2014-9787 (Integer overflow in drivers/misc/qseecom.c in the Qualcomm
components ...)
TODO: check
@@ -3474,8 +3536,7 @@
NOTE:
https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=50d1594c2e6142a3b51d2143c74027480df082e0
CVE-2016-5010
RESERVED
-CVE-2016-5009 [Ceph monitor crash: mon_command crashes ceph monitors on
receiving empty prefix]
- RESERVED
+CVE-2016-5009 (The
[Secure-testing-commits] r43182 - data/CVE
Author: carnil
Date: 2016-07-13 19:59:53 + (Wed, 13 Jul 2016)
New Revision: 43182
Modified:
data/CVE/list
Log:
Move reproducer note for CVE-2016-5841 to CVE-2016-5841 ID
Modified: data/CVE/list
===
--- data/CVE/list 2016-07-13 19:59:44 UTC (rev 43181)
+++ data/CVE/list 2016-07-13 19:59:53 UTC (rev 43182)
@@ -1153,7 +1153,6 @@
- libarchive 3.2.1-1
NOTE:
https://github.com/libarchive/libarchive/issues/717#event-697151157
NOTE:
https://github.com/libarchive/libarchive/commit/3ad08e01b4d253c66ae56414886089684155af22
- NOTE: Reproducer http://bugs.fi/media/afl/imagemagick/CVE-2016-5841.jpg
CVE-2016-5842
RESERVED
- imagemagick (bug #831034)
@@ -1165,6 +1164,7 @@
- imagemagick (bug #831034)
NOTE: Details: http://www.openwall.com/lists/oss-security/2016/06/23/1
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b
+ NOTE: Reproducer http://bugs.fi/media/afl/imagemagick/CVE-2016-5841.jpg
CVE-2016-5829 (Multiple heap-based buffer overflows in the hiddev_ioctl_usage
...)
{DSA-3616-1}
- linux 4.6.3-1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43181 - data/CVE
Author: carnil
Date: 2016-07-13 19:59:44 + (Wed, 13 Jul 2016)
New Revision: 43181
Modified:
data/CVE/list
Log:
Add bug number for CVE-2016-584{1,2}/imagemagick, #831034
Modified: data/CVE/list
===
--- data/CVE/list 2016-07-13 19:56:13 UTC (rev 43180)
+++ data/CVE/list 2016-07-13 19:59:44 UTC (rev 43181)
@@ -1156,13 +1156,13 @@
NOTE: Reproducer http://bugs.fi/media/afl/imagemagick/CVE-2016-5841.jpg
CVE-2016-5842
RESERVED
- - imagemagick
+ - imagemagick (bug #831034)
NOTE: Details: http://www.openwall.com/lists/oss-security/2016/06/23/1
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b
NOTE: Reproducer http://bugs.fi/media/afl/imagemagick/CVE-2016-5842.jpg
CVE-2016-5841
RESERVED
- - imagemagick
+ - imagemagick (bug #831034)
NOTE: Details: http://www.openwall.com/lists/oss-security/2016/06/23/1
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b
CVE-2016-5829 (Multiple heap-based buffer overflows in the hiddev_ioctl_usage
...)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43180 - data/DLA
Author: carnil
Date: 2016-07-13 19:56:13 + (Wed, 13 Jul 2016)
New Revision: 43180
Modified:
data/DLA/list
Log:
DLA-546-1: fix released version
Modified: data/DLA/list
===
--- data/DLA/list 2016-07-13 18:40:44 UTC (rev 43179)
+++ data/DLA/list 2016-07-13 19:56:13 UTC (rev 43180)
@@ -7,7 +7,7 @@
{CVE-2016-5240 CVE-2016-5241}
[wheezy] - graphicsmagick 1.3.16-1.1+deb7u3
[07 Jul 2016] DLA-546-1 clamav - security update
- [wheezy] - clamav 0.99.2+dfsg-0+deb7u1
+ [wheezy] - clamav 0.99.2+dfsg-0+deb7u2
[07 Jul 2016] DLA-545-1 icu - security update
{CVE-2015-2632 CVE-2015-4844 CVE-2016-0494}
[wheezy] - icu 4.8.1.1-12+deb7u4
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43179 - data/CVE
Author: carnil Date: 2016-07-13 18:40:44 + (Wed, 13 Jul 2016) New Revision: 43179 Modified: data/CVE/list Log: Add CVE requested libgd2 issue Modified: data/CVE/list === --- data/CVE/list 2016-07-13 18:25:18 UTC (rev 43178) +++ data/CVE/list 2016-07-13 18:40:44 UTC (rev 43179) @@ -1,3 +1,8 @@ +CVE-2016- [Out-Of-Bounds Read in function read_image_tga of gd_tga.c] + - libgd2 + NOTE: https://github.com/libgd/libgd/issues/248 + NOTE: https://github.com/libgd/libgd/pull/251 + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/07/12/4 CVE-2016- [Write out-of-bounds] - gdk-pixbuf NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/07/13/11 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43178 - data/CVE
Author: carnil
Date: 2016-07-13 18:25:18 + (Wed, 13 Jul 2016)
New Revision: 43178
Modified:
data/CVE/list
Log:
Add workaround entry for DLA-549-1/ruby-eventmachine
Modified: data/CVE/list
===
--- data/CVE/list 2016-07-13 18:20:35 UTC (rev 43177)
+++ data/CVE/list 2016-07-13 18:25:18 UTC (rev 43178)
@@ -17660,6 +17660,8 @@
CVE-2015- [remotely triggerable crash]
- ruby-eventmachine 1.0.7-1 (bug #678512; bug #696015)
[jessie] - ruby-eventmachine (Issue can be fixed in point
release)
+ [wheezy] - ruby-eventmachine 0.12.10-3+deb7u1
+ NOTE: Workaround entry for DLA-549-1 until CVE assigned
NOTE:
https://github.com/eventmachine/eventmachine/issues/501#issuecomment-37307556
CVE-2015-8560 (Incomplete blacklist vulnerability in util.c in foomatic-rip in
...)
{DSA-3429-1 DSA-3419-1 DLA-371-1}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43177 - in data: . DLA
Author: rbalint
Date: 2016-07-13 18:20:35 + (Wed, 13 Jul 2016)
New Revision: 43177
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-549-1 for ruby-eventmachine
Modified: data/DLA/list
===
--- data/DLA/list 2016-07-13 18:15:30 UTC (rev 43176)
+++ data/DLA/list 2016-07-13 18:20:35 UTC (rev 43177)
@@ -1,3 +1,5 @@
+[13 Jul 2016] DLA-549-1 ruby-eventmachine - security update
+ [wheezy] - ruby-eventmachine 0.12.10-3+deb7u1
[11 Jul 2016] DLA-548-1 drupal7 - security update
{CVE-2015-7943}
[wheezy] - drupal7 7.14-2+deb7u13
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-07-13 18:15:30 UTC (rev 43176)
+++ data/dla-needed.txt 2016-07-13 18:20:35 UTC (rev 43177)
@@ -91,11 +91,6 @@
ruby-activesupport-3.2 (Guido Günther)
NOTE: help appreciated from s.b. knowing active{record,model}
--
-ruby-eventmachine (Balint Reczey)
- NOTE: 20160711 fix for Jessie is waiting for being accepted in #829650
- NOTE: 20160711 fix for Wheezy has been uploaded to security-master
- NOTE: discussion: https://lists.debian.org/debian-lts/2016/06/msg00141.html
---
squid (Santiago R.R.)
--
squid3 (Santiago R.R.)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43176 - data/CVE
Author: carnil Date: 2016-07-13 18:15:30 + (Wed, 13 Jul 2016) New Revision: 43176 Modified: data/CVE/list Log: CVE-2016-6214/libgd2 assinged Modified: data/CVE/list === --- data/CVE/list 2016-07-13 18:07:21 UTC (rev 43175) +++ data/CVE/list 2016-07-13 18:15:30 UTC (rev 43176) @@ -12,11 +12,11 @@ NOTE: https://launchpad.net/bugs/1447282 NOTE: Fixed by: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/857 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/07/13/2 -CVE-2016- [read out-of-bounds issue] +CVE-2016-6214 [read out-of-bounds issue] - libgd2 NOTE: https://github.com/libgd/libgd/issues/247#issuecomment-232084241 NOTE: Different issue than CVE-2016-6132 - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/07/13/5 + NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/5 CVE-2016- [tiff: information leak in libtiff/tif_read.c] - tiff - tiff3 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43175 - data/CVE
Author: carnil Date: 2016-07-13 18:07:21 + (Wed, 13 Jul 2016) New Revision: 43175 Modified: data/CVE/list Log: Add new issue in gdk-pixbuf Modified: data/CVE/list === --- data/CVE/list 2016-07-13 18:04:50 UTC (rev 43174) +++ data/CVE/list 2016-07-13 18:07:21 UTC (rev 43175) @@ -1,3 +1,6 @@ +CVE-2016- [Write out-of-bounds] + - gdk-pixbuf + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/07/13/11 CVE-2016- [ecryptfs-setup-swap improperly configures encrypted swap when using GPT partitioning on a NVMe or MMC drive] - ecryptfs-utils NOTE: Actually due to an incomplete fix of LP#1447282 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43174 - data/CVE
Author: carnil Date: 2016-07-13 18:04:50 + (Wed, 13 Jul 2016) New Revision: 43174 Modified: data/CVE/list Log: Add CVE-2015-8945 Modified: data/CVE/list === --- data/CVE/list 2016-07-13 18:01:46 UTC (rev 43173) +++ data/CVE/list 2016-07-13 18:04:50 UTC (rev 43174) @@ -1023,6 +1023,8 @@ RESERVED CVE-2016-5745 RESERVED +CVE-2015-8945 + NOT-FOR-US: OpenShift CVE-2015-8944 RESERVED CVE-2015-8943 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43173 - data/CVE
Author: carnil Date: 2016-07-13 18:01:46 + (Wed, 13 Jul 2016) New Revision: 43173 Modified: data/CVE/list Log: Add CVE-2016-6213/linux Modified: data/CVE/list === --- data/CVE/list 2016-07-13 17:54:42 UTC (rev 43172) +++ data/CVE/list 2016-07-13 18:01:46 UTC (rev 43173) @@ -23,6 +23,8 @@ NOTE: https://nodesecurity.io/advisories/118 NOTE: https://github.com/isaacs/minimatch/commit/6944abf9e0694bd22fd9dad293faa40c2bc8a955 NOTE: libv8 is not covered by security support +CVE-2016-6213 + - linux CVE-2016-6186 RESERVED CVE-2016-109 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43171 - data/CVE
Author: carnil
Date: 2016-07-13 17:54:38 + (Wed, 13 Jul 2016)
New Revision: 43171
Modified:
data/CVE/list
Log:
CVE-2016-6211/drupal7 assigned
Modified: data/CVE/list
===
--- data/CVE/list 2016-07-13 16:11:40 UTC (rev 43170)
+++ data/CVE/list 2016-07-13 17:54:38 UTC (rev 43171)
@@ -1950,8 +1950,7 @@
- drupal7 7.44-1
[jessie] - drupal7 7.32-1+deb8u7
NOTE: https://www.drupal.org/SA-CORE-2016-002
- NOTE: workaround for DSA-3604-1
- NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/07/13/4
+ NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/4
CVE-2016-5636 [heap overflow in Python zipimport module]
RESERVED
{DLA-522-1}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43172 - data/DSA
Author: carnil
Date: 2016-07-13 17:54:42 + (Wed, 13 Jul 2016)
New Revision: 43172
Modified:
data/DSA/list
Log:
Add CVE-2016-6211 for DSA-3604-1
Modified: data/DSA/list
===
--- data/DSA/list 2016-07-13 17:54:38 UTC (rev 43171)
+++ data/DSA/list 2016-07-13 17:54:42 UTC (rev 43172)
@@ -38,6 +38,7 @@
{CVE-2015-7995 CVE-2016-1683 CVE-2016-1684}
[jessie] - libxslt 1.1.28-2+deb8u1
[16 Jun 2016] DSA-3604-1 drupal7 - security update
+ {CVE-2016-6211}
[jessie] - drupal7 7.32-1+deb8u7
[14 Jun 2016] DSA-3603-1 libav - security update
{CVE-2016-3062}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43170 - data/CVE
Author: nluedtke-guest Date: 2016-07-13 16:11:40 + (Wed, 13 Jul 2016) New Revision: 43170 Modified: data/CVE/list Log: Add assigned CVE number to drupal7 Modified: data/CVE/list === --- data/CVE/list 2016-07-13 15:07:13 UTC (rev 43169) +++ data/CVE/list 2016-07-13 16:11:40 UTC (rev 43170) @@ -1946,7 +1946,7 @@ RESERVED CVE-2016-5435 (Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and ...) TODO: check -CVE-2016- [SA-CORE-2016-002 -- User module -- Saving user accounts can sometimes grant the user all roles] +CVE-2016-6211 [SA-CORE-2016-002 -- User module -- Saving user accounts can sometimes grant the user all roles] - drupal7 7.44-1 [jessie] - drupal7 7.32-1+deb8u7 NOTE: https://www.drupal.org/SA-CORE-2016-002 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43169 - data/CVE
Author: jmm Date: 2016-07-13 15:07:13 + (Wed, 13 Jul 2016) New Revision: 43169 Modified: data/CVE/list Log: NFUs update systemd entries Modified: data/CVE/list === --- data/CVE/list 2016-07-13 14:50:46 UTC (rev 43168) +++ data/CVE/list 2016-07-13 15:07:13 UTC (rev 43169) @@ -2709,7 +2709,7 @@ CVE-2016-5235 RESERVED CVE-2014-9803 (arch/arm64/include/asm/pgtable.h in the Linux kernel before ...) - - linux + - linux (Vulnerable code never present, introduced and fixed in 3.16 development cycle) NOTE: Introduced by: https://git.kernel.org/linus/bc07c2c6e9ed125d362af0214b6313dca180cb08 (v3.16-rc1) NOTE: Fixed by (revert of commit): https://git.kernel.org/linus/5a0fdfada3a2aa50d7b947a2e958bf00cbe0d830 (v3.16-rc1) CVE-2014-9804 [Avoid a DOS in vision.c due to an infinite loop] @@ -6791,19 +6791,19 @@ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1324774 NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/3 CVE-2014-9770 (tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions ...) - - systemd 215-4 + - systemd 215-1 [wheezy] - systemd (Vulnerable code not present) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=972612 NOTE: Introduced by: https://github.com/systemd/systemd/commit/a606871da508995f5ede113a8fc6538afd98966c (v213) NOTE: Fixed by (for volatile journals): https://github.com/systemd/systemd/commit/176f2acf8dee45fee832fd2ab07243f63783a238 (v214) CVE-2015-8842 (tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions ...) - - systemd 229-1 (bug #825059) - [jessie] - systemd (Minor issue, persistent journal not enabled by default, README.Debian documents Debian way under Jessie) + - systemd 215-1 (bug #825059) [wheezy] - systemd (Vulnerable code not present) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=972612 NOTE: Introduced by: https://github.com/systemd/systemd/commit/a606871da508995f5ede113a8fc6538afd98966c (v213) - NOTE: Fixed by (for current persistent journal): https://github.com/systemd/systemd/commit/afae249efa4774c6676738ac5de6aeb4daf4889f (v229) - NOTE: For jessie this is not an issue in practice, see discussion in #825059 +NOTE: Starting with 215 Debian no longer ships tmpfiles.d/systemd.conf, so the fixup upstream added as +NOTE: https://github.com/systemd/systemd/commit/afae249efa4774c6676738ac5de6aeb4daf4889f for persistent journals + NOTE: is not needed for the packaged version. Anyone using a custom config needs to ensure proper permissions CVE-2016-7921 REJECTED CVE-2016-3982 (Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43168 - data/CVE
Author: carnil Date: 2016-07-13 14:50:46 + (Wed, 13 Jul 2016) New Revision: 43168 Modified: data/CVE/list Log: Add two new ecryptfs-utils issues Modified: data/CVE/list === --- data/CVE/list 2016-07-13 12:49:29 UTC (rev 43167) +++ data/CVE/list 2016-07-13 14:50:46 UTC (rev 43168) @@ -1,3 +1,14 @@ +CVE-2016- [ecryptfs-setup-swap improperly configures encrypted swap when using GPT partitioning on a NVMe or MMC drive] + - ecryptfs-utils + NOTE: Actually due to an incomplete fix of LP#1447282 + NOTE: https://launchpad.net/bugs/1597154 + NOTE: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/882 + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/07/13/2 +CVE-2016- [ecryptfs-setup-swap improperly configures encrypted swap when using GPT partitioning] + - ecryptfs-utils + NOTE: https://launchpad.net/bugs/1447282 + NOTE: Fixed by: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/857 + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/07/13/2 CVE-2016- [read out-of-bounds issue] - libgd2 NOTE: https://github.com/libgd/libgd/issues/247#issuecomment-232084241 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43167 - data/CVE
Author: carnil Date: 2016-07-13 12:49:29 + (Wed, 13 Jul 2016) New Revision: 43167 Modified: data/CVE/list Log: add another libgd2 issue Modified: data/CVE/list === --- data/CVE/list 2016-07-13 11:08:06 UTC (rev 43166) +++ data/CVE/list 2016-07-13 12:49:29 UTC (rev 43167) @@ -1,3 +1,8 @@ +CVE-2016- [read out-of-bounds issue] + - libgd2 + NOTE: https://github.com/libgd/libgd/issues/247#issuecomment-232084241 + NOTE: Different issue than CVE-2016-6132 + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/07/13/5 CVE-2016- [tiff: information leak in libtiff/tif_read.c] - tiff - tiff3 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43166 - data/CVE
Author: carnil
Date: 2016-07-13 11:08:06 + (Wed, 13 Jul 2016)
New Revision: 43166
Modified:
data/CVE/list
Log:
Add CVE request for drupal7
Modified: data/CVE/list
===
--- data/CVE/list 2016-07-13 11:07:58 UTC (rev 43165)
+++ data/CVE/list 2016-07-13 11:08:06 UTC (rev 43166)
@@ -1935,6 +1935,7 @@
[jessie] - drupal7 7.32-1+deb8u7
NOTE: https://www.drupal.org/SA-CORE-2016-002
NOTE: workaround for DSA-3604-1
+ NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/07/13/4
CVE-2016-5636 [heap overflow in Python zipimport module]
RESERVED
{DLA-522-1}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43165 - data/CVE
Author: carnil Date: 2016-07-13 11:07:58 + (Wed, 13 Jul 2016) New Revision: 43165 Modified: data/CVE/list Log: Mark CVE request Modified: data/CVE/list === --- data/CVE/list 2016-07-13 10:51:57 UTC (rev 43164) +++ data/CVE/list 2016-07-13 11:07:58 UTC (rev 43165) @@ -1,7 +1,7 @@ CVE-2016- [tiff: information leak in libtiff/tif_read.c] - tiff - tiff3 - NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/3 + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/07/13/3 CVE-2016-123 - node-minimatch (unimportant) NOTE: https://nodesecurity.io/advisories/118 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43164 - data/CVE
Author: fgeek-guest Date: 2016-07-13 10:51:57 + (Wed, 13 Jul 2016) New Revision: 43164 Modified: data/CVE/list Log: add new tiff information leak issue Modified: data/CVE/list === --- data/CVE/list 2016-07-13 08:24:26 UTC (rev 43163) +++ data/CVE/list 2016-07-13 10:51:57 UTC (rev 43164) @@ -1,3 +1,7 @@ +CVE-2016- [tiff: information leak in libtiff/tif_read.c] + - tiff + - tiff3 + NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/3 CVE-2016-123 - node-minimatch (unimportant) NOTE: https://nodesecurity.io/advisories/118 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43163 - data/CVE
Author: santiago
Date: 2016-07-13 08:24:26 + (Wed, 13 Jul 2016)
New Revision: 43163
Modified:
data/CVE/list
Log:
CVE-2016-4051/squid in wheezy, not-affected
Modified: data/CVE/list
===
--- data/CVE/list 2016-07-13 06:31:35 UTC (rev 43162)
+++ data/CVE/list 2016-07-13 08:24:26 UTC (rev 43163)
@@ -6433,6 +6433,7 @@
{DLA-478-1}
- squid3 3.5.17-1
- squid
+ [wheezy] - squid (cachemgr.cgi not installed. squid-cgi
binary package built from squid3)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_5.txt
NOTE:
http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_5.patch (Squid
3.2)
NOTE:
http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_5.patch (Squid
3.3)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
