[Secure-testing-commits] r43480 - data
Author: carnil Date: 2016-07-26 04:57:31 + (Tue, 26 Jul 2016) New Revision: 43480 Modified: data/next-point-update.txt Log: Add reference to release.d.o bug, since no CVE assigned Modified: data/next-point-update.txt === --- data/next-point-update.txt 2016-07-26 04:38:48 UTC (rev 43479) +++ data/next-point-update.txt 2016-07-26 04:57:31 UTC (rev 43480) @@ -70,3 +70,4 @@ [jessie] - wpa 2.3-1+deb8u4 CVE-2016- [insecure default PATH] [jessie] - dietlibc 0.33~cvs20120325-6+deb8u1 + NOTE: for #832169, cf. #832171 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43479 - data/CVE
Author: carnil Date: 2016-07-26 04:38:48 + (Tue, 26 Jul 2016) New Revision: 43479 Modified: data/CVE/list Log: Add bug number for gdk-pixbuf, #832496 Modified: data/CVE/list === --- data/CVE/list 2016-07-26 04:33:02 UTC (rev 43478) +++ data/CVE/list 2016-07-26 04:38:48 UTC (rev 43479) @@ -632,7 +632,7 @@ NOTE: https://github.com/libgd/libgd/commit/5a3f19e962b507560c9206965087db4dc0ad107f NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/07/12/4 CVE-2016- [Write out-of-bounds] - - gdk-pixbuf + - gdk-pixbuf (bug #832496) [wheezy] - gdk-pixbuf (Fails with ENOMEM, no crash) NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/07/13/11 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=769170 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43478 - data/CVE
Author: carnil Date: 2016-07-26 04:33:02 + (Tue, 26 Jul 2016) New Revision: 43478 Modified: data/CVE/list Log: Add more information for yaws, upstream commit, mark as no-dsa Modified: data/CVE/list === --- data/CVE/list 2016-07-26 04:24:27 UTC (rev 43477) +++ data/CVE/list 2016-07-26 04:33:02 UTC (rev 43478) @@ -2800,6 +2800,8 @@ CVE-2016-1000108 RESERVED - yaws (bug #832433) + [jessie] - yaws (Minor issue, can be fixed via point release) + NOTE: https://github.com/klacke/yaws/commit/9d8fb070e782c95821c90d0ca7372fc6d7316c78#diff-54053c47eb173a90c26ed19bd9d106c1 CVE-2016-1000104 RESERVED - libapache2-mod-fcgid ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43477 - data/CVE
Author: carnil Date: 2016-07-26 04:24:27 + (Tue, 26 Jul 2016) New Revision: 43477 Modified: data/CVE/list Log: Adjust gdk-pixbuf entry Modified: data/CVE/list === --- data/CVE/list 2016-07-26 00:26:56 UTC (rev 43476) +++ data/CVE/list 2016-07-26 04:24:27 UTC (rev 43477) @@ -633,9 +633,9 @@ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/07/12/4 CVE-2016- [Write out-of-bounds] - gdk-pixbuf + [wheezy] - gdk-pixbuf (Fails with ENOMEM, no crash) NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/07/13/11 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=769170 - [wheezy] - gdk-pixbuf (Fails with ENOMEM, no crash) CVE-2016-6224 (ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap ...) - ecryptfs-utils (Broken code not present; incomplete fix for CVE-2015-8946 not applied) NOTE: Actually due to an incomplete fix of LP#1447282 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43476 - data
Author: apo Date: 2016-07-26 00:26:56 + (Tue, 26 Jul 2016) New Revision: 43476 Modified: data/dla-needed.txt Log: Claim uclibc in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-25 23:57:37 UTC (rev 43475) +++ data/dla-needed.txt 2016-07-26 00:26:56 UTC (rev 43476) @@ -119,7 +119,7 @@ -- tiff3 -- -uclibc +uclibc (Markus Koschany) -- wordpress (Markus Koschany) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43475 - data/CVE
Author: apo Date: 2016-07-25 23:57:37 + (Mon, 25 Jul 2016) New Revision: 43475 Modified: data/CVE/list Log: Wheezy is not affected by CVE-2016-5833 column_title function not present Modified: data/CVE/list === --- data/CVE/list 2016-07-25 23:35:50 UTC (rev 43474) +++ data/CVE/list 2016-07-25 23:57:37 UTC (rev 43475) @@ -1882,6 +1882,7 @@ NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/ CVE-2016-5833 (Cross-site scripting (XSS) vulnerability in the column_title function ...) - wordpress 4.5.3+dfsg-1 + [wheezy] - wordpress (vulnerable code not present) NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/ CVE-2016-5832 (The customizer in WordPress before 4.5.3 allows remote attackers to ...) - wordpress 4.5.3+dfsg-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43473 - data/CVE
Author: pochu Date: 2016-07-25 23:34:58 + (Mon, 25 Jul 2016) New Revision: 43473 Modified: data/CVE/list Log: add upstream bug and wheezy note to gdk-pixbuf vulnerability Modified: data/CVE/list === --- data/CVE/list 2016-07-25 22:15:59 UTC (rev 43472) +++ data/CVE/list 2016-07-25 23:34:58 UTC (rev 43473) @@ -634,6 +634,8 @@ CVE-2016- [Write out-of-bounds] - gdk-pixbuf NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/07/13/11 + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=769170 + [wheezy] - gdk-pixbuf (Fails with ENOMEM, no crash) CVE-2016-6224 (ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap ...) - ecryptfs-utils (Broken code not present; incomplete fix for CVE-2015-8946 not applied) NOTE: Actually due to an incomplete fix of LP#1447282 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43474 - data
Author: pochu Date: 2016-07-25 23:35:50 + (Mon, 25 Jul 2016) New Revision: 43474 Modified: data/dla-needed.txt Log: gdk-pixbuf isn't affected in wheezy Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-25 23:34:58 UTC (rev 43473) +++ data/dla-needed.txt 2016-07-25 23:35:50 UTC (rev 43474) @@ -22,8 +22,6 @@ NOTE: 20160529, no fix yet NOTE: 20160618, still no fix -- -gdk-pixbuf (Emilio Pozuelo) --- gosa (Mike Gabriel) NOTE: .debdiff sent to the Security Team, waiting for feedback NOTE: asked about jessie status (seb) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43472 - in data: . DLA
Author: pochu Date: 2016-07-25 22:15:59 + (Mon, 25 Jul 2016) New Revision: 43472 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-560-1 for cacti Modified: data/DLA/list === --- data/DLA/list 2016-07-25 21:49:19 UTC (rev 43471) +++ data/DLA/list 2016-07-25 22:15:59 UTC (rev 43472) @@ -1,3 +1,6 @@ +[26 Jul 2016] DLA-560-1 cacti - security update + {CVE-2016-2313 CVE-2016-3172 CVE-2016-3659} + [wheezy] - cacti 0.8.8a+dfsg-5+deb7u9 [25 Jul 2016] DLA-559-1 ntp - security update {CVE-2015-7974 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8138 CVE-2015-8158 CVE-2016-1547 CVE-2016-1548 CVE-2016-1550 CVE-2016-2516 CVE-2016-2518} [wheezy] - ntp 1:4.2.6.p5+dfsg-2+deb7u7 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-25 21:49:19 UTC (rev 43471) +++ data/dla-needed.txt 2016-07-25 22:15:59 UTC (rev 43472) @@ -11,10 +11,6 @@ -- asterisk (Thorsten Alteholz) -- -cacti (Emilio Pozuelo) - NOTE: Maintainer wants to review changes; see https://lists.debian.org/<5724f47d.6090...@debian.org> - NOTE: debdiff sent to maintainer: https://lists.debian.org/debian-lts/2016/06/msg00127.html --- cakephp (Balint Reczey) NOTE: CVE-2015-8379 No official solution is currently available, 20160425 NOTE: CVE-2015-8379 20160723 Official soution is tightening CSRF token validations in commit 3.1.6-163-ge0f42ab ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43471 - data
Author: santiago Date: 2016-07-25 21:49:19 + (Mon, 25 Jul 2016) New Revision: 43471 Modified: data/dla-needed.txt Log: Claim mysql-5.5 in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-25 21:34:28 UTC (rev 43470) +++ data/dla-needed.txt 2016-07-25 21:49:19 UTC (rev 43471) @@ -71,7 +71,7 @@ mupdf NOTE: Can reproduce in wheezy chroot. -- -mysql-5.5 +mysql-5.5 (Santiago R.R.) -- openssh (Ola Lundqvist) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43469 - in data: . DLA
Author: kroeckx Date: 2016-07-25 21:32:51 + (Mon, 25 Jul 2016) New Revision: 43469 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-559-1 for ntp Modified: data/DLA/list === --- data/DLA/list 2016-07-25 21:10:10 UTC (rev 43468) +++ data/DLA/list 2016-07-25 21:32:51 UTC (rev 43469) @@ -1,3 +1,6 @@ +[25 Jul 2016] DLA-559-1 ntp - security update + {CVE-2015-7974 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8138 CVE-2015-8158 CVE-2016-1547 CVE-2016-1548 CVE-2016-1550 CVE-2016-2516 CVE-2016-2518} + [wheezy] - ntp 1:4.2.6.p5+dfsg-2+deb7u6 [24 Jul 2016] DLA-558-1 squid - security update {CVE-2016-4554} [wheezy] - squid 2.7.STABLE9-4.1+deb7u2 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-25 21:10:10 UTC (rev 43468) +++ data/dla-needed.txt 2016-07-25 21:32:51 UTC (rev 43469) @@ -73,9 +73,6 @@ -- mysql-5.5 -- -ntp - NOTE: maintainer uploaded and wants to handle the announce too. --- openssh (Ola Lundqvist) -- openssl ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43468 - data/CVE
Author: sectracker Date: 2016-07-25 21:10:10 + (Mon, 25 Jul 2016) New Revision: 43468 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2016-07-25 21:03:45 UTC (rev 43467) +++ data/CVE/list 2016-07-25 21:10:10 UTC (rev 43468) @@ -1,3 +1,35 @@ +CVE-2016-6287 + RESERVED +CVE-2016-6286 + RESERVED +CVE-2016-6285 + RESERVED +CVE-2016-6284 + RESERVED +CVE-2016-6283 + RESERVED +CVE-2016-6282 + RESERVED +CVE-2016-6281 + RESERVED +CVE-2016-6280 + RESERVED +CVE-2016-6279 + RESERVED +CVE-2016-6278 + RESERVED +CVE-2016-6277 + RESERVED +CVE-2016-6276 + RESERVED +CVE-2016-6275 + RESERVED +CVE-2016-6274 + RESERVED +CVE-2016-6273 + RESERVED +CVE-2016-6272 + RESERVED CVE-2016- [tiffcrop overflow] - tiff - tiff3 @@ -3,4 +35,5 @@ NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2573 CVE-2016-6297 [Stack-based buffer overflow vulnerability in php_stream_zip_opener] + RESERVED - php7.0 - php5 @@ -9,6 +42,7 @@ NOTE: http://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 CVE-2016-6296 [heap-buffer-overflow (write) simplestring_addn simplestring.c] + RESERVED - php7.0 - php5 NOTE: PHP Bug: https://bugs.php.net/72606 @@ -16,38 +50,45 @@ NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 - xmlrpc-epi CVE-2016-6295 [Use After Free Vulnerability in SNMP with GC and unserialize()] + RESERVED - php7.0 - php5 NOTE: PHP Bug: https://bugs.php.net/72479 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=cab1c3b3708eead315e033359d07049b23b147a3 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 CVE-2016-6294 [locale_accept_from_http out-of-bounds access] + RESERVED - php7.0 - php5 NOTE: PHP Bug: https://bugs.php.net/72533 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 CVE-2016-6293 [locale_accept_from_http out-of-bounds access] + RESERVED - icu CVE-2016-6292 [NULL Pointer Dereference in exif_process_user_comment] + RESERVED - php7.0 - php5 NOTE: PHP Bug: https://bugs.php.net/72618 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=41131cd41d2fd2e0c2f332a27988df75659c42e4 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 CVE-2016-6291 [Out of bound read in exif_process_IFD_in_MAKERNOTE] + RESERVED - php7.0 - php5 NOTE: PHP Bug: https://bugs.php.net/72603 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=eebcbd5de38a0f1c2876035402cb770e37476519 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 CVE-2016-6290 [Use After Free in unserialize() with Unexpected Session Deserialization] + RESERVED - php7.0 - php5 NOTE: PHP Bug: https://bugs.php.net/72562 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=3798eb6fd5dddb211b01d41495072fd9858d4e32 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 CVE-2016-6289 [Stack-based buffer overflow vulnerability in virtual_file_ex] + RESERVED - php7.0 - php5 NOTE: PHP Bug: https://bugs.php.net/72513 @@ -513,8 +554,8 @@ RESERVED CVE-2016-6205 RESERVED -CVE-2016-6204 - RESERVED +CVE-2016-6204 (Cross-site scripting (XSS) vulnerability in the integrated web server ...) + TODO: check CVE-2016-6203 RESERVED CVE-2016-6202 @@ -593,8 +634,7 @@ CVE-2016- [Write out-of-bounds] - gdk-pixbuf NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/07/13/11 -CVE-2016-6224 [ecryptfs-setup-swap improperly configures encrypted swap when using GPT partitioning on a NVMe or MMC drive] - RESERVED +CVE-2016-6224 (ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap ...) - ecryptfs-utils (Broken code not present; incomplete fix for CVE-2015-8946 not applied) NOTE: Actually due to an incomplete fix of LP#1447282 NOTE: https://launchpad.net/bugs/1597154 @@ -604,8 +644,7 @@ - harfbuzz 1.2.6-1 [jessie] - harfbuzz (Minor issue, can be fixed via a DSA) NOTE: https://cgit.freedesktop.org/harfbuzz/commit/?id=f96664974774bfeb237a7274f512f64aaafb201e (1.0.5) -CVE-2015-8946 [ecryptfs-setup-swap improperly configures encrypted swap when using GPT partitioning] - RESERVED +CVE-2015-8946 (ecryptfs-setup-swap in eCryptfs before 111 does not prevent the ...) - ecryptfs-utils 111-1 [wheezy] - ecryptfs-utils (Only happens if using systemd v207 onward) NOTE: https://launchpad.net/bugs/1447282 @@ -721,6 +760,7 @@ [wheezy] - trn (non-free not su
[Secure-testing-commits] r43467 - in data: . DSA
Author: jmm Date: 2016-07-25 21:03:45 + (Mon, 25 Jul 2016) New Revision: 43467 Modified: data/DSA/list data/dsa-needed.txt Log: ntp DSA Modified: data/DSA/list === --- data/DSA/list 2016-07-25 19:19:09 UTC (rev 43466) +++ data/DSA/list 2016-07-25 21:03:45 UTC (rev 43467) @@ -1,3 +1,6 @@ +[25 Jul 2016] DSA-3629-1 ntp - security update + {CVE-2015-7974 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8138 CVE-2015-8158 CVE-2016-1547 CVE-2016-1548 CVE-2016-1550 CVE-2016-2516 CVE-2016-2518} + [jessie] - ntp 1:4.2.6.p5+dfsg-7+deb8u2 [25 Jul 2016] DSA-3628-1 perl - security update {CVE-2016-1238 CVE-2016-6185} [jessie] - perl 5.20.2-3+deb8u6 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-07-25 19:19:09 UTC (rev 43466) +++ data/dsa-needed.txt 2016-07-25 21:03:45 UTC (rev 43467) @@ -40,9 +40,6 @@ -- nss -- -ntp (jmm) - Maintainer prepared an update --- openjdk-7 -- openjpeg2 (jmm) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43466 - data
Author: lamby Date: 2016-07-25 19:19:09 + (Mon, 25 Jul 2016) New Revision: 43466 Modified: data/dla-needed.txt Log: dietlibc in LTS now uploaded and announced. Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-25 19:05:15 UTC (rev 43465) +++ data/dla-needed.txt 2016-07-25 19:19:09 UTC (rev 43466) @@ -22,9 +22,6 @@ NOTE: Wheezy's version is very different from 3.2.0 in which release the issue has been partially fixed. NOTE: TEMP-000-698CF7 20160723 forward ported Squeeze's fix to Wheezy -- -dietlibc (Chris Lamb) - NOTE: Waiting for builds to complete to schedule NMUs and sourceful uploads, then then issuing 557-1. --- extplorer NOTE: 20160529, no fix yet NOTE: 20160618, still no fix ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43465 - data
Author: santiago Date: 2016-07-25 19:05:15 + (Mon, 25 Jul 2016) New Revision: 43465 Modified: data/dla-needed.txt Log: perl needs a dla Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-25 18:59:58 UTC (rev 43464) +++ data/dla-needed.txt 2016-07-25 19:05:15 UTC (rev 43465) @@ -94,6 +94,9 @@ NOTE: but as I discussed with the maintainer (https://lists.debian.org/debian-lts/2016/07/msg00117.html) NOTE: we will wait upstream release it as an official solution. -- +perl + NOTE: Ben and Thorsten have the patches. +-- php5 (Thorsten Alteholz) NOTE: At least CVE-2016-4538 of the outstanding CVEs are vulnerable -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43464 - data
Author: santiago Date: 2016-07-25 18:59:58 + (Mon, 25 Jul 2016) New Revision: 43464 Modified: data/dla-needed.txt Log: data/dla-needed.txt maintainer wants to handle ntp upload announce Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-25 18:57:24 UTC (rev 43463) +++ data/dla-needed.txt 2016-07-25 18:59:58 UTC (rev 43464) @@ -76,9 +76,8 @@ -- mysql-5.5 -- -ntp (Santiago R.R.) - NOTE: maintainer would like help working on the updates but will handle the updates himself - NOTE: 20160518175636.ga29...@roeckx.be +ntp + NOTE: maintainer uploaded and wants to handle the announce too. -- openssh (Ola Lundqvist) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43463 - data/CVE
Author: carnil Date: 2016-07-25 18:57:24 + (Mon, 25 Jul 2016) New Revision: 43463 Modified: data/CVE/list Log: CVE-2016-1238/perl fixed in unstable Modified: data/CVE/list === --- data/CVE/list 2016-07-25 18:54:53 UTC (rev 43462) +++ data/CVE/list 2016-07-25 18:57:24 UTC (rev 43463) @@ -16569,7 +16569,7 @@ NOTE: https://anonscm.debian.org/cgit/collab-maint/duck.git/commit/?id=b43b5bbf07973c54b8f1c581a941f4facc97177a (0.10) CVE-2016-1238 [unsafe module load path flaw] RESERVED - - perl + - perl 5.22.2-3 - libsys-syslog-perl [jessie] - libsys-syslog-perl 0.33-1+deb8u1 NOTE: http://article.gmane.org/gmane.comp.lang.perl.perl5.porters/160507 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43462 - data/CVE
Author: carnil Date: 2016-07-25 18:54:53 + (Mon, 25 Jul 2016) New Revision: 43462 Modified: data/CVE/list Log: openjdk-8 fixed in unstable Modified: data/CVE/list === --- data/CVE/list 2016-07-25 16:21:45 UTC (rev 43461) +++ data/CVE/list 2016-07-25 18:54:53 UTC (rev 43462) @@ -8578,7 +8578,7 @@ CVE-2016-3611 (Unspecified vulnerability in the Oracle Retail Order Broker component ...) TODO: check CVE-2016-3610 (Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded ...) - - openjdk-8 + - openjdk-8 8u102-b14-1 CVE-2016-3609 (Unspecified vulnerability in the OJVM component in Oracle Database ...) NOT-FOR-US: Oracle Database CVE-2016-3608 (Unspecified vulnerability in the Oracle GlassFish Server component in ...) @@ -8586,7 +8586,7 @@ CVE-2016-3607 (Unspecified vulnerability in the Oracle GlassFish Server component in ...) - glassfish (Full application server not packaged) CVE-2016-3606 (Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE ...) - - openjdk-8 + - openjdk-8 8u102-b14-1 - openjdk-7 CVE-2016-3605 RESERVED @@ -8603,7 +8603,7 @@ CVE-2016-3599 RESERVED CVE-2016-3598 (Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded ...) - - openjdk-8 + - openjdk-8 8u102-b14-1 CVE-2016-3597 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...) TODO: check CVE-2016-3596 (Unspecified vulnerability in the Outside In Technology component in ...) @@ -8627,7 +8627,7 @@ - mysql-5.5 (Only affects MySQL 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL CVE-2016-3587 (Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded ...) - - openjdk-8 + - openjdk-8 8u102-b14-1 CVE-2016-3586 (Unspecified vulnerability in the Oracle WebLogic Server component in ...) TODO: check CVE-2016-3585 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems ...) @@ -8701,7 +8701,7 @@ CVE-2016-3551 RESERVED CVE-2016-3550 (Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and ...) - - openjdk-8 + - openjdk-8 8u102-b14-1 - openjdk-7 - openjdk-6 CVE-2016-3549 (Unspecified vulnerability in the Oracle E-Business Suite Secure ...) @@ -8795,7 +8795,7 @@ CVE-2016-3509 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...) TODO: check CVE-2016-3508 (Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; ...) - - openjdk-8 + - openjdk-8 8u102-b14-1 - openjdk-7 - openjdk-6 CVE-2016-3507 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...) @@ -8817,7 +8817,7 @@ - mysql-5.5 (Only affects MySQL 5.6 and 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL CVE-2016-3500 (Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; ...) - - openjdk-8 + - openjdk-8 8u102-b14-1 - openjdk-7 - openjdk-6 CVE-2016-3499 (Unspecified vulnerability in the Oracle WebLogic Server component in ...) @@ -8921,7 +8921,7 @@ - mysql-5.5 (Only affects MySQL 5.6 and 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL CVE-2016-3458 (Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; ...) - - openjdk-8 + - openjdk-8 8u102-b14-1 - openjdk-7 - openjdk-6 CVE-2016-3457 (Unspecified vulnerability in the PeopleSoft Enterprise HCM ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43461 - data/CVE
Author: carnil Date: 2016-07-25 16:21:45 + (Mon, 25 Jul 2016) New Revision: 43461 Modified: data/CVE/list Log: Update CVE-2015-8379/cakephp according to maintainer Maintainer investigated and found the issue fixed in 2.7.9 upstream, and thus 2.8.0-1. Modified: data/CVE/list === --- data/CVE/list 2016-07-25 16:13:32 UTC (rev 43460) +++ data/CVE/list 2016-07-25 16:21:45 UTC (rev 43461) @@ -20564,10 +20564,9 @@ NOTE: https://launchpadlibrarian.net/228152582/dhcp.c.patch NOTE: original ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226 CVE-2015-8379 (CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to ...) - - cakephp (bug #832316) + - cakephp 2.8.0-1 (bug #832316) NOTE: http://karmainsecurity.com/KIS-2016-01 NOTE: https://github.com/cakephp/cakephp/commit/0f818a23a876c01429196bf7623e1e94a50230f0 - TODO: double-check, upload of 2.8.5-1 to unstable claims this is fixed but not clear from looking at debdiff from 2.8.3-1 to 2.8.5-1 CVE-2015-8400 (The HTTPS fallback implementation in Shell In A Box (aka shellinabox) ...) - shellinabox 2.19 [jessie] - shellinabox (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43460 - data/CVE
Author: carnil Date: 2016-07-25 16:13:32 + (Mon, 25 Jul 2016) New Revision: 43460 Modified: data/CVE/list Log: Remove more no-dsa tag entry for ntp, for wheezy since included in 1:4.2.6.p5+dfsg-2+deb7u7 Modified: data/CVE/list === --- data/CVE/list 2016-07-25 14:57:48 UTC (rev 43459) +++ data/CVE/list 2016-07-25 16:13:32 UTC (rev 43460) @@ -21281,7 +21281,6 @@ CVE-2015-8158 [Potential Infinite Loop in ntpq] RESERVED - ntp 1:4.2.8p7+dfsg-1 - [wheezy] - ntp (minor issue) NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit NOTE: http://support.ntp.org/bin/view/Main/NtpBug2948 CVE-2015-8157 (SQL injection vulnerability in the Management Server in Symantec ...) @@ -21858,21 +21857,18 @@ CVE-2015-7979 [Off-path Denial of Service (DoS) attack on authenticated broadcast mode] RESERVED - ntp 1:4.2.8p7+dfsg-1 - [wheezy] - ntp (Minor issue, can be fixed along in a future update) NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit NOTE: http://support.ntp.org/bin/view/Main/NtpBug2942 NOTE: https://github.com/ntp-project/ntp/commit/fe46889f7baa75fc8e6c0fcde87706d396ce1461 CVE-2015-7978 [Stack exhaustion in recursive traversal of restriction list] RESERVED - ntp 1:4.2.8p7+dfsg-1 - [wheezy] - ntp (Minor issue, can be fixed along in a future update) NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit NOTE: http://support.ntp.org/bin/view/Main/NtpBug2940 NOTE: https://github.com/ntp-project/ntp/commit/8a0c765f3c47633fa262356b0818788d1cf249b1 CVE-2015-7977 [reslist NULL pointer dereference] RESERVED - ntp 1:4.2.8p7+dfsg-1 - [wheezy] - ntp (Minor issue, can be fixed along in a future update) NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit NOTE: http://support.ntp.org/bin/view/Main/NtpBug2939 NOTE: https://github.com/ntp-project/ntp/commit/8a0c765f3c47633fa262356b0818788d1cf249b1 @@ -21894,7 +21890,6 @@ NOTE: http://support.ntp.org/bin/view/Main/NtpBug2937 CVE-2015-7974 (NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer ...) - ntp 1:4.2.8p7+dfsg-1 (low) - [wheezy] - ntp (Minor issue, can be fixed along in a future update) NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit NOTE: http://support.ntp.org/bin/view/Main/NtpBug2936 CVE-2015-7973 [Deja Vu: Replay attack on authenticated broadcast mode] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43459 - data/CVE
Author: jmm Date: 2016-07-25 14:57:48 + (Mon, 25 Jul 2016) New Revision: 43459 Modified: data/CVE/list Log: remove some no-dsa tags for issues which are fixed along in upcoming update Modified: data/CVE/list === --- data/CVE/list 2016-07-25 14:17:40 UTC (rev 43458) +++ data/CVE/list 2016-07-25 14:57:48 UTC (rev 43459) @@ -11719,7 +11719,6 @@ CVE-2016-2518 [Crafted addpeer with hmode > 7 causes out-of-bounds reference] RESERVED - ntp 1:4.2.8p7+dfsg-1 - [jessie] - ntp (Minor issue) NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security CVE-2016-2517 [Remote configuration trustedkey/requestkey/controlkey values are not properly validated] RESERVED @@ -11730,7 +11729,6 @@ CVE-2016-2516 [Duplicate IPs on unconfig directives will cause an assertion failure] RESERVED - ntp 1:4.2.8p7+dfsg-1 - [jessie] - ntp (Minor issue) NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security CVE-2016-2514 RESERVED @@ -21283,7 +21281,6 @@ CVE-2015-8158 [Potential Infinite Loop in ntpq] RESERVED - ntp 1:4.2.8p7+dfsg-1 - [jessie] - ntp (Minor issue) [wheezy] - ntp (minor issue) NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit NOTE: http://support.ntp.org/bin/view/Main/NtpBug2948 @@ -21861,7 +21858,6 @@ CVE-2015-7979 [Off-path Denial of Service (DoS) attack on authenticated broadcast mode] RESERVED - ntp 1:4.2.8p7+dfsg-1 - [jessie] - ntp (Minor issue, can be fixed along in a future update) [wheezy] - ntp (Minor issue, can be fixed along in a future update) NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit NOTE: http://support.ntp.org/bin/view/Main/NtpBug2942 @@ -21869,7 +21865,6 @@ CVE-2015-7978 [Stack exhaustion in recursive traversal of restriction list] RESERVED - ntp 1:4.2.8p7+dfsg-1 - [jessie] - ntp (Minor issue, can be fixed along in a future update) [wheezy] - ntp (Minor issue, can be fixed along in a future update) NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit NOTE: http://support.ntp.org/bin/view/Main/NtpBug2940 @@ -21877,7 +21872,6 @@ CVE-2015-7977 [reslist NULL pointer dereference] RESERVED - ntp 1:4.2.8p7+dfsg-1 - [jessie] - ntp (Minor issue, can be fixed along in a future update) [wheezy] - ntp (Minor issue, can be fixed along in a future update) NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit NOTE: http://support.ntp.org/bin/view/Main/NtpBug2939 @@ -21900,7 +21894,6 @@ NOTE: http://support.ntp.org/bin/view/Main/NtpBug2937 CVE-2015-7974 (NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer ...) - ntp 1:4.2.8p7+dfsg-1 (low) - [jessie] - ntp (Minor issue, can be fixed along in a future update) [wheezy] - ntp (Minor issue, can be fixed along in a future update) NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit NOTE: http://support.ntp.org/bin/view/Main/NtpBug2936 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43457 - in data: CVE DSA
Author: carnil Date: 2016-07-25 14:17:06 + (Mon, 25 Jul 2016) New Revision: 43457 Modified: data/CVE/list data/DSA/list Log: Move libsys-syslog-perl entry to only CVE-2016-1238, since obviously CVE-2016-6185 does not affect it Modified: data/CVE/list === --- data/CVE/list 2016-07-25 13:54:05 UTC (rev 43456) +++ data/CVE/list 2016-07-25 14:17:06 UTC (rev 43457) @@ -16573,6 +16573,7 @@ RESERVED - perl - libsys-syslog-perl + [jessie] - libsys-syslog-perl 0.33-1+deb8u1 NOTE: http://article.gmane.org/gmane.comp.lang.perl.perl5.porters/160507 NOTE: Although more modules and scripts are affected by similar issue and mentioned NOTE: in the DSA/DLA, the CVE is for src:perl (and libsys-syslog-perl beeing dual-lived) Modified: data/DSA/list === --- data/DSA/list 2016-07-25 13:54:05 UTC (rev 43456) +++ data/DSA/list 2016-07-25 14:17:06 UTC (rev 43457) @@ -1,7 +1,6 @@ [25 Jul 2016] DSA-3628-1 perl - security update {CVE-2016-1238 CVE-2016-6185} [jessie] - perl 5.20.2-3+deb8u6 - [jessie] - libsys-syslog-perl 0.33-1+deb8u1 [24 Jul 2016] DSA-3627-1 phpmyadmin - security update {CVE-2016-1927 CVE-2016-2039 CVE-2016-2040 CVE-2016-2041 CVE-2016-2560 CVE-2016-2561 CVE-2016-5099 CVE-2016-5701 CVE-2016-5705 CVE-2016-5706 CVE-2016-5731 CVE-2016-5733 CVE-2016-5739} [jessie] - phpmyadmin 4:4.2.12-2+deb8u2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43458 - data/CVE
Author: jmm Date: 2016-07-25 14:17:40 + (Mon, 25 Jul 2016) New Revision: 43458 Modified: data/CVE/list Log: yaws bugnum Modified: data/CVE/list === --- data/CVE/list 2016-07-25 14:17:06 UTC (rev 43457) +++ data/CVE/list 2016-07-25 14:17:40 UTC (rev 43458) @@ -2756,7 +2756,7 @@ - twisted CVE-2016-1000108 RESERVED - - yaws + - yaws (bug #832433) CVE-2016-1000104 RESERVED - libapache2-mod-fcgid ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43456 - data/CVE
Author: jmm Date: 2016-07-25 13:54:05 + (Mon, 25 Jul 2016) New Revision: 43456 Modified: data/CVE/list Log: update link, current one is unaccessible Modified: data/CVE/list === --- data/CVE/list 2016-07-25 13:39:24 UTC (rev 43455) +++ data/CVE/list 2016-07-25 13:54:05 UTC (rev 43456) @@ -16573,7 +16573,7 @@ RESERVED - perl - libsys-syslog-perl - NOTE: http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html + NOTE: http://article.gmane.org/gmane.comp.lang.perl.perl5.porters/160507 NOTE: Although more modules and scripts are affected by similar issue and mentioned NOTE: in the DSA/DLA, the CVE is for src:perl (and libsys-syslog-perl beeing dual-lived) NOTE: and thus not adding more source packages here. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43455 - data/DSA
Author: carnil Date: 2016-07-25 13:39:24 + (Mon, 25 Jul 2016) New Revision: 43455 Modified: data/DSA/list Log: Reserve DSA number for perl update Modified: data/DSA/list === --- data/DSA/list 2016-07-25 13:36:47 UTC (rev 43454) +++ data/DSA/list 2016-07-25 13:39:24 UTC (rev 43455) @@ -1,3 +1,7 @@ +[25 Jul 2016] DSA-3628-1 perl - security update + {CVE-2016-1238 CVE-2016-6185} + [jessie] - perl 5.20.2-3+deb8u6 + [jessie] - libsys-syslog-perl 0.33-1+deb8u1 [24 Jul 2016] DSA-3627-1 phpmyadmin - security update {CVE-2016-1927 CVE-2016-2039 CVE-2016-2040 CVE-2016-2041 CVE-2016-2560 CVE-2016-2561 CVE-2016-5099 CVE-2016-5701 CVE-2016-5705 CVE-2016-5706 CVE-2016-5731 CVE-2016-5733 CVE-2016-5739} [jessie] - phpmyadmin 4:4.2.12-2+deb8u2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43452 - data/CVE
Author: carnil Date: 2016-07-25 13:36:03 + (Mon, 25 Jul 2016) New Revision: 43452 Modified: data/CVE/list Log: Remove no-dsa tagged entries for CVE-2016-6185 Modified: data/CVE/list === --- data/CVE/list 2016-07-25 13:33:35 UTC (rev 43451) +++ data/CVE/list 2016-07-25 13:36:03 UTC (rev 43452) @@ -720,8 +720,6 @@ CVE-2016-6185 RESERVED - perl 5.22.2-2 (bug #829578) - [jessie] - perl (Will be fixed in future DSA) - [wheezy] - perl (Will be fixed in future DLA) CVE-2016-6175 RESERVED CVE-2016-6174 (applications/core/modules/front/system/content.php in Invision Power ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43453 - data/CVE
Author: carnil Date: 2016-07-25 13:36:12 + (Mon, 25 Jul 2016) New Revision: 43453 Modified: data/CVE/list Log: Add CVE-2016-1238/perl Modified: data/CVE/list === --- data/CVE/list 2016-07-25 13:36:03 UTC (rev 43452) +++ data/CVE/list 2016-07-25 13:36:12 UTC (rev 43453) @@ -16566,8 +16566,14 @@ - duck 0.10 [jessie] - duck (Will be fixed via point release) NOTE: https://anonscm.debian.org/cgit/collab-maint/duck.git/commit/?id=b43b5bbf07973c54b8f1c581a941f4facc97177a (0.10) -CVE-2016-1238 +CVE-2016-1238 [unsafe module load path flaw] RESERVED + - perl + - libsys-syslog-perl + NOTE: http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html + NOTE: Although more modules and scripts are affected by similar issue and mentioned + NOTE: in the DSA/DLA, the CVE is for src:perl (and libsys-syslog-perl beeing dual-lived) + NOTE: and thus not adding more source packages here. CVE-2016-1237 (nfsd in the Linux kernel through 4.6.3 allows local users to bypass ...) {DSA-3607-1} - linux 4.6.2-2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43449 - data/CVE
Author: alteholz Date: 2016-07-25 12:37:34 + (Mon, 25 Jul 2016) New Revision: 43449 Modified: data/CVE/list Log: mark CVE-2016-6209 as no-dsa in Wheezy like in Jessie Modified: data/CVE/list === --- data/CVE/list 2016-07-25 12:36:17 UTC (rev 43448) +++ data/CVE/list 2016-07-25 12:37:34 UTC (rev 43449) @@ -504,6 +504,7 @@ RESERVED - nagios3 (bug #831698) [jessie] - nagios3 (Minor issue) + [wheezy] - nagios3 (Minor issue) - icinga (Vulnerable code not present) NOTE: http://seclists.org/fulldisclosure/2016/Jun/20 CVE-2016-6206 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43447 - data
Author: rbalint Date: 2016-07-25 11:18:00 + (Mon, 25 Jul 2016) New Revision: 43447 Modified: data/dla-needed.txt Log: take shadow DLA Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-25 11:02:07 UTC (rev 43446) +++ data/dla-needed.txt 2016-07-25 11:18:00 UTC (rev 43447) @@ -112,7 +112,10 @@ ruby-activesupport-3.2 (Guido Günther) NOTE: help appreciated from s.b. knowing active{record,model} -- -shadow +shadow (Balint Reczey) + NOTE: Waiting for upstream's decision on proposed fixes + NOTE: https://github.com/shadow-maint/shadow/issues/27 + NOTE: https://github.com/shadow-maint/shadow/issues/28 -- tardiff fw asked maintainer for preparing debdiffs for wheezy- and jessie-security ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43446 - data/CVE
Author: jmm Date: 2016-07-25 11:02:07 + (Mon, 25 Jul 2016) New Revision: 43446 Modified: data/CVE/list Log: openjfx bugnum Modified: data/CVE/list === --- data/CVE/list 2016-07-25 11:00:18 UTC (rev 43445) +++ data/CVE/list 2016-07-25 11:02:07 UTC (rev 43446) @@ -8819,7 +8819,7 @@ CVE-2016-3499 (Unspecified vulnerability in the Oracle WebLogic Server component in ...) TODO: check CVE-2016-3498 (Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows ...) - - openjfx + - openjfx (bug #832419) CVE-2016-3497 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...) TODO: check CVE-2016-3496 (Unspecified vulnerability in the Enterprise Manager for Fusion ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43442 - data/CVE
Author: sectracker Date: 2016-07-25 09:10:16 + (Mon, 25 Jul 2016) New Revision: 43442 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2016-07-25 08:21:36 UTC (rev 43441) +++ data/CVE/list 2016-07-25 09:10:16 UTC (rev 43442) @@ -5632,7 +5632,7 @@ NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch CVE-2016-4554 (mime_header.cc in Squid before 3.5.18 allows remote attackers to ...) - {DSA-3625-1 DLA-478-1} + {DSA-3625-1 DLA-558-1 DLA-478-1} - squid3 3.5.19-1 (bug #823968) - squid NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_8.txt ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43441 - data
Author: jmm Date: 2016-07-25 08:21:36 + (Mon, 25 Jul 2016) New Revision: 43441 Modified: data/dsa-needed.txt Log: take ntp Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-07-25 08:14:35 UTC (rev 43440) +++ data/dsa-needed.txt 2016-07-25 08:21:36 UTC (rev 43441) @@ -40,7 +40,7 @@ -- nss -- -ntp +ntp (jmm) Maintainer prepared an update -- openjdk-7 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits