[Secure-testing-commits] r43517 - data/CVE
Author: carnil Date: 2016-07-27 05:20:28 + (Wed, 27 Jul 2016) New Revision: 43517 Modified: data/CVE/list Log: lighttpd: add bug reference, #832571 Modified: data/CVE/list === --- data/CVE/list 2016-07-27 05:16:07 UTC (rev 43516) +++ data/CVE/list 2016-07-27 05:20:28 UTC (rev 43517) @@ -145,7 +145,7 @@ RESERVED CVE-2016-1000212 [Mitigation for HTTPoxy vulnerability] RESERVED - - lighttpd + - lighttpd (bug #832571) NOTE: https://redmine.lighttpd.net/projects/lighttpd/repository/revisions/779c133c16f9af168b004dce7a2a64f16c1cb3a4/diff NOTE: CVE assigned for the mitigation to identify the fix. But it is not a vulnerability in lighttpd itself. CVE-2016-1000211 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43516 - data/CVE
Author: carnil Date: 2016-07-27 05:16:07 + (Wed, 27 Jul 2016) New Revision: 43516 Modified: data/CVE/list Log: Remove some no-dsa tagged entries for src:xen Modified: data/CVE/list === --- data/CVE/list 2016-07-27 05:13:45 UTC (rev 43515) +++ data/CVE/list 2016-07-27 05:16:07 UTC (rev 43516) @@ -3499,7 +3499,6 @@ NOTE: https://patchwork.ozlabs.org/patch/629100/ CVE-2016-5242 (The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x ...) - xen - [jessie] - xen (Minor issue, can be fixed along in a future DSA) NOTE: http://xenbits.xen.org/xsa/advisory-181.html CVE-2016-5241 RESERVED @@ -4659,7 +4658,6 @@ NOTE: http://xenbits.xen.org/xsa/advisory-178.html CVE-2016-4962 (The libxl device-handling in Xen 4.6.x and earlier allows local OS ...) - xen - [jessie] - xen (Minor issue, can be fixed along in a future DSA) NOTE: http://xenbits.xen.org/xsa/advisory-175.html CVE-2016-4961 RESERVED @@ -6117,7 +6115,6 @@ RESERVED CVE-2016-4480 (The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen ...) - xen - [jessie] - xen (Minor issue, can be fixed along in a future DSA) NOTE: http://xenbits.xen.org/xsa/advisory-176.html CVE-2016-4479 RESERVED @@ -20832,7 +20829,6 @@ NOTE: http://xenbits.xen.org/xsa/advisory-159.html CVE-2015-8338 (Xen 4.6.x and earlier does not properly enforce limits on page order ...) - xen (bug #823620) - [jessie] - xen (Minor issue) [wheezy] - xen (Only affects Xen on arm) [squeeze] - xen (Only affects Xen on arm) NOTE: http://xenbits.xen.org/xsa/advisory-158.html ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43515 - data/CVE
Author: carnil Date: 2016-07-27 05:13:45 + (Wed, 27 Jul 2016) New Revision: 43515 Modified: data/CVE/list Log: Add CVE-2015-8949/libdbd-mysql-perl Modified: data/CVE/list === --- data/CVE/list 2016-07-27 05:08:55 UTC (rev 43514) +++ data/CVE/list 2016-07-27 05:13:45 UTC (rev 43515) @@ -367,6 +367,10 @@ NOTE: https://lists.gnu.org/archive/html/help-libidn/2016-07/msg9.html NOTE: Test / Fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f42 (libidn-1-33) NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/6 +CVE-2015-8949 [Use after free in my_login() function of DBD::mysql] + - libdbd-mysql-perl 4.035-1 + NOTE: https://github.com/perl5-dbi/DBD-mysql/pull/45 + NOTE: https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156 CVE-2015-8948 [Solve out-of-bounds-read when reading one zero byte as input] RESERVED - libidn 1.33-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43513 - data/CVE
Author: carnil Date: 2016-07-27 04:59:37 + (Wed, 27 Jul 2016) New Revision: 43513 Modified: data/CVE/list Log: CVE-2016-6352/gdk-pixbuf assigned Modified: data/CVE/list === --- data/CVE/list 2016-07-27 04:43:43 UTC (rev 43512) +++ data/CVE/list 2016-07-27 04:59:37 UTC (rev 43513) @@ -660,10 +660,10 @@ NOTE: https://github.com/libgd/libgd/pull/251 NOTE: https://github.com/libgd/libgd/commit/5a3f19e962b507560c9206965087db4dc0ad107f NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/07/12/4 -CVE-2016- [Write out-of-bounds] +CVE-2016-6352 [Write out-of-bounds] - gdk-pixbuf (bug #832496) [wheezy] - gdk-pixbuf (Fails with ENOMEM, no crash) - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/07/13/11 + NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/11 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=769170 CVE-2016-6224 (ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap ...) - ecryptfs-utils (Broken code not present; incomplete fix for CVE-2015-8946 not applied) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43511 - data/CVE
Author: carnil Date: 2016-07-27 04:41:20 + (Wed, 27 Jul 2016) New Revision: 43511 Modified: data/CVE/list Log: Add CVE-2016-1000212/lighttpd Modified: data/CVE/list === --- data/CVE/list 2016-07-27 04:27:12 UTC (rev 43510) +++ data/CVE/list 2016-07-27 04:41:20 UTC (rev 43511) @@ -137,6 +137,10 @@ RESERVED CVE-2016-6253 RESERVED +CVE-2016-1000212 + RESERVED + - lighttpd + NOTE: https://redmine.lighttpd.net/projects/lighttpd/repository/revisions/779c133c16f9af168b004dce7a2a64f16c1cb3a4/diff CVE-2016-1000211 RESERVED CVE-2016-1000210 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43510 - data/CVE
Author: carnil Date: 2016-07-27 04:27:12 + (Wed, 27 Jul 2016) New Revision: 43510 Modified: data/CVE/list Log: Add entry for CVE-2016-6207 for php5 as well It was not in the DSA list explicitly since it just affects the source code, but since php5 uses system lib of libgd2 is not worth mentioning in the DSA advisory. Modified: data/CVE/list === --- data/CVE/list 2016-07-26 21:30:49 UTC (rev 43509) +++ data/CVE/list 2016-07-27 04:27:12 UTC (rev 43510) @@ -563,6 +563,7 @@ NOTE: https://github.com/libgd/libgd/commit/7a28c235890c95e6010e7b0d0f7c7369367168ef - php7.0 7.0.9-1 (unimportant) - php5 5.6.24+dfsg-1 (unimportant) + [jessie] - php5 5.6.24+dfsg-0+deb8u1 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72558 NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43509 - data
Author: jmm Date: 2016-07-26 21:30:49 + (Tue, 26 Jul 2016) New Revision: 43509 Modified: data/dsa-needed.txt Log: add and take xen Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-07-26 21:10:11 UTC (rev 43508) +++ data/dsa-needed.txt 2016-07-26 21:30:49 UTC (rev 43509) @@ -53,3 +53,5 @@ Maintainer proposed debdiff for CVE-2016-5832 to CVE-2016-5839 NOTE: should include as well CVE-2015-8834? -- +xen (jmm) +-- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43508 - data/CVE
Author: sectracker Date: 2016-07-26 21:10:11 + (Tue, 26 Jul 2016) New Revision: 43508 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2016-07-26 21:02:12 UTC (rev 43507) +++ data/CVE/list 2016-07-26 21:10:11 UTC (rev 43508) @@ -46,61 +46,60 @@ - tiff - tiff3 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2573 -CVE-2016-6297 [Stack-based buffer overflow vulnerability in php_stream_zip_opener] - RESERVED +CVE-2016-6297 (Integer overflow in the php_stream_zip_opener function in ...) + {DSA-3631-1} - php7.0 7.0.9-1 - php5 5.6.24+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/72520 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 -CVE-2016-6296 [heap-buffer-overflow (write) simplestring_addn simplestring.c] - RESERVED +CVE-2016-6296 (Integer signedness error in the simplestring_addn function in ...) + {DSA-3631-1} - php7.0 7.0.9-1 - php5 5.6.24+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/72606 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=e6c48213c22ed50b2b987b479fcc1ac709394caa NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 - xmlrpc-epi -CVE-2016-6295 [Use After Free Vulnerability in SNMP with GC and unserialize()] - RESERVED +CVE-2016-6295 (ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x ...) + {DSA-3631-1} - php7.0 7.0.9-1 - php5 5.6.24+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/72479 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=cab1c3b3708eead315e033359d07049b23b147a3 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 -CVE-2016-6294 [locale_accept_from_http out-of-bounds access] - RESERVED +CVE-2016-6294 (The locale_accept_from_http function in ...) + {DSA-3631-1} - php7.0 7.0.9-1 - php5 5.6.24+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/72533 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 -CVE-2016-6293 [locale_accept_from_http out-of-bounds access] - RESERVED +CVE-2016-6293 (The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in ...) - icu -CVE-2016-6292 [NULL Pointer Dereference in exif_process_user_comment] - RESERVED +CVE-2016-6292 (The exif_process_user_comment function in ext/exif/exif.c in PHP ...) + {DSA-3631-1} - php7.0 7.0.9-1 - php5 5.6.24+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/72618 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=41131cd41d2fd2e0c2f332a27988df75659c42e4 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 -CVE-2016-6291 [Out of bound read in exif_process_IFD_in_MAKERNOTE] - RESERVED +CVE-2016-6291 (The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP ...) + {DSA-3631-1} - php7.0 7.0.9-1 - php5 5.6.24+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/72603 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=eebcbd5de38a0f1c2876035402cb770e37476519 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 -CVE-2016-6290 [Use After Free in unserialize() with Unexpected Session Deserialization] - RESERVED +CVE-2016-6290 (ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and ...) + {DSA-3631-1} - php7.0 7.0.9-1 - php5 5.6.24+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/72562 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=3798eb6fd5dddb211b01d41495072fd9858d4e32 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 -CVE-2016-6289 [Stack-based buffer overflow vulnerability in virtual_file_ex] - RESERVED +CVE-2016-6289 (Integer overflow in the virtual_file_ex function in ...) + {DSA-3631-1} - php7.0 7.0.9-1 - php5 5.6.24+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/72513 @@ -344,6 +343,7 @@ NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696941 CVE-2016-6264 RESERVED + {DLA-561-1} - uclibc-ng (bug #811275) - uclibc (unimportant) NOTE: Just for cross-compiling, not used for actual packages @@ -553,6 +553,7 @@ RESERVED CVE-2016-6207 RESERVED + {DSA-3630-1} - libgd2 2.2.2-43-g22cba39-1 [wheezy] - libgd2 (Vulnerable code not present) NOTE: https://github.com/libgd/libgd/commit/0dd40abd6d5b3e53a6b745dd4d6cf94b70010989 @@ -850,7 +851,7 @@ - linux (Vulnerable code introduced in 4.7-rc1) CVE-2016-6161 RESERVED - {DSA-3619-1} + {DSA-3619-1 DLA-563-1} - libgd2 2.2.1-1 NOTE: https://github.com/libgd/libgd/issues/209 NOTE: https://github.com/libgd/libgd/commit/82b80dcb70a7ca8986125ff412bceddafc896842 (gd-2.2.0) @@
[Secure-testing-commits] r43507 - data/CVE
Author: jmm Date: 2016-07-26 21:02:12 + (Tue, 26 Jul 2016) New Revision: 43507 Modified: data/CVE/list Log: one xen issue n/a in stable and oldstable Modified: data/CVE/list === --- data/CVE/list 2016-07-26 20:42:50 UTC (rev 43506) +++ data/CVE/list 2016-07-26 21:02:12 UTC (rev 43507) @@ -123,6 +123,8 @@ CVE-2016-6259 [x86: Missing SMAP whitelisting in 32-bit exception / event delivery] RESERVED - xen + [jessie] - xen (Only affects 4.5 and later) + [wheezy] - xen (Only affects 4.5 and later) NOTE: http://xenbits.xen.org/xsa/advisory-183.html CVE-2016-6258 [x86: Privilege escalation in PV guests] RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43504 - org
Author: rbalint Date: 2016-07-26 20:33:32 + (Tue, 26 Jul 2016) New Revision: 43504 Modified: org/lts-frontdesk.2016.txt Log: Add myself to LTS front desk duties for Sept. and Oct Modified: org/lts-frontdesk.2016.txt === --- org/lts-frontdesk.2016.txt 2016-07-26 19:44:47 UTC (rev 43503) +++ org/lts-frontdesk.2016.txt 2016-07-26 20:33:32 UTC (rev 43504) @@ -46,11 +46,11 @@ From 15-08 to 21-08:Chris LambFrom 22-08 to 28-08:Ben Hutchings From 29-08 to 04-09:Thorsten Alteholz -From 05-09 to 11-09: +From 05-09 to 11-09:Balint Reczey From 12-09 to 18-09:Markus Koschany From 19-09 to 25-09:Chris Lamb From 26-09 to 02-10: -From 03-10 to 09-10: +From 03-10 to 09-10:Balint Reczey From 10-10 to 16-10:Markus Koschany From 17-10 to 23-10:Chris Lamb From 24-10 to 30-10: ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43502 - data/CVE
Author: carnil Date: 2016-07-26 19:31:21 + (Tue, 26 Jul 2016) New Revision: 43502 Modified: data/CVE/list Log: Add CVE-2016-6349/systemd Modified: data/CVE/list === --- data/CVE/list 2016-07-26 19:29:40 UTC (rev 43501) +++ data/CVE/list 2016-07-26 19:31:21 UTC (rev 43502) @@ -7,6 +7,9 @@ TODO: check versions CVE-2016-6350 NOT-FOR-US: OpenBSD +CVE-2016-6349 [information exposure for docker containers] + - systemd + NOTE: http://www.openwall.com/lists/oss-security/2016/07/26/5 CVE-2016-6287 RESERVED CVE-2016-6286 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43501 - data/CVE
Author: carnil Date: 2016-07-26 19:29:40 + (Tue, 26 Jul 2016) New Revision: 43501 Modified: data/CVE/list Log: Add CVE-2016-6350 and mark as NFU Modified: data/CVE/list === --- data/CVE/list 2016-07-26 19:28:11 UTC (rev 43500) +++ data/CVE/list 2016-07-26 19:29:40 UTC (rev 43501) @@ -5,6 +5,8 @@ NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=cc96677469388bad3d66479379735cf75db069e3 (v2.7.0-rc0) NOTE: http://www.openwall.com/lists/oss-security/2016/07/25/14 TODO: check versions +CVE-2016-6350 + NOT-FOR-US: OpenBSD CVE-2016-6287 RESERVED CVE-2016-6286 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43500 - data/CVE
Author: carnil Date: 2016-07-26 19:28:11 + (Tue, 26 Jul 2016) New Revision: 43500 Modified: data/CVE/list Log: CVE-2016-6351/qemu assigned Modified: data/CVE/list === --- data/CVE/list 2016-07-26 18:34:54 UTC (rev 43499) +++ data/CVE/list 2016-07-26 19:28:11 UTC (rev 43500) @@ -1,9 +1,9 @@ -CVE-2016- [scsi: esp: oob write access while reading ESP command] +CVE-2016-6351 [scsi: esp: oob write access while reading ESP command] - qemu - qemu-kvm NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11 (v2.7.0-rc0) NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=cc96677469388bad3d66479379735cf75db069e3 (v2.7.0-rc0) - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/07/25/14 + NOTE: http://www.openwall.com/lists/oss-security/2016/07/25/14 TODO: check versions CVE-2016-6287 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43498 - data/CVE
Author: carnil Date: 2016-07-26 18:32:28 + (Tue, 26 Jul 2016) New Revision: 43498 Modified: data/CVE/list Log: php7.0 fixed in unstable Modified: data/CVE/list === --- data/CVE/list 2016-07-26 18:15:37 UTC (rev 43497) +++ data/CVE/list 2016-07-26 18:32:28 UTC (rev 43498) @@ -43,14 +43,14 @@ NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2573 CVE-2016-6297 [Stack-based buffer overflow vulnerability in php_stream_zip_opener] RESERVED - - php7.0 + - php7.0 7.0.9-1 - php5 NOTE: PHP Bug: https://bugs.php.net/72520 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 CVE-2016-6296 [heap-buffer-overflow (write) simplestring_addn simplestring.c] RESERVED - - php7.0 + - php7.0 7.0.9-1 - php5 NOTE: PHP Bug: https://bugs.php.net/72606 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=e6c48213c22ed50b2b987b479fcc1ac709394caa @@ -58,14 +58,14 @@ - xmlrpc-epi CVE-2016-6295 [Use After Free Vulnerability in SNMP with GC and unserialize()] RESERVED - - php7.0 + - php7.0 7.0.9-1 - php5 NOTE: PHP Bug: https://bugs.php.net/72479 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=cab1c3b3708eead315e033359d07049b23b147a3 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 CVE-2016-6294 [locale_accept_from_http out-of-bounds access] RESERVED - - php7.0 + - php7.0 7.0.9-1 - php5 NOTE: PHP Bug: https://bugs.php.net/72533 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4 @@ -75,28 +75,28 @@ - icu CVE-2016-6292 [NULL Pointer Dereference in exif_process_user_comment] RESERVED - - php7.0 + - php7.0 7.0.9-1 - php5 NOTE: PHP Bug: https://bugs.php.net/72618 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=41131cd41d2fd2e0c2f332a27988df75659c42e4 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 CVE-2016-6291 [Out of bound read in exif_process_IFD_in_MAKERNOTE] RESERVED - - php7.0 + - php7.0 7.0.9-1 - php5 NOTE: PHP Bug: https://bugs.php.net/72603 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=eebcbd5de38a0f1c2876035402cb770e37476519 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 CVE-2016-6290 [Use After Free in unserialize() with Unexpected Session Deserialization] RESERVED - - php7.0 + - php7.0 7.0.9-1 - php5 NOTE: PHP Bug: https://bugs.php.net/72562 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=3798eb6fd5dddb211b01d41495072fd9858d4e32 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 CVE-2016-6289 [Stack-based buffer overflow vulnerability in virtual_file_ex] RESERVED - - php7.0 + - php7.0 7.0.9-1 - php5 NOTE: PHP Bug: https://bugs.php.net/72513 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=0218acb7e756a469099c4ccfb22bce6c2bd1ef87 @@ -553,7 +553,7 @@ NOTE: https://github.com/libgd/libgd/commit/ff9113c80a32205d45205d3ea30965b25480e0fb NOTE: https://github.com/libgd/libgd/commit/f60ec7a546499f9446063a4dbe755be9523d8232 NOTE: https://github.com/libgd/libgd/commit/7a28c235890c95e6010e7b0d0f7c7369367168ef - - php7.0 (unimportant) + - php7.0 7.0.9-1 (unimportant) - php5 (unimportant) NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72558 @@ -2769,7 +2769,7 @@ - linux CVE-2016-5399 [Improper error handling in bzread()] RESERVED - - php7.0 + - php7.0 7.0.9-1 - php5 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72613 NOTE: Partial fixes in 7.0.9, 5.6.24, 5.5.38 @@ -2827,7 +2827,7 @@ CVE-2016-5386 (The net/http package in Go through 1.6 does not attempt to address RFC ...) - golang CVE-2016-5385 (PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 ...) - - php7.0 + - php7.0 7.0.9-1 - php5 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72573 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43494 - data/CVE
Author: jmm Date: 2016-07-26 17:08:46 + (Tue, 26 Jul 2016) New Revision: 43494 Modified: data/CVE/list Log: new moodle issue (fixed) mark python changes for "httpoxy" as unimportant Modified: data/CVE/list === --- data/CVE/list 2016-07-26 13:36:24 UTC (rev 43493) +++ data/CVE/list 2016-07-26 17:08:46 UTC (rev 43494) @@ -479,12 +479,15 @@ RESERVED CVE-2016-1000110 RESERVED - - python3.5 - - python3.4 - - python3.2 - - python2.7 - - python2.6 + - python3.5 (unimportant) + - python3.4 (unimportant) + - python3.2 (unimportant) + - python2.7 (unimportant) + - python2.6 (unimportant) NOTE: https://bugs.python.org/issue27568 + NOTE: No part of Python does set HTTP_PROXY based on a Proxy: header, the Python bug + NOTE: just provides a hardening to discard HTTP_PROXY if it thinks a Python script is + NOTE: running as a CGI script CVE-2016-1000109 RESERVED CVE-2016-1000107 @@ -4248,6 +4251,7 @@ RESERVED CVE-2016-5013 RESERVED + - moodle 2.7.15+dfsg-1 CVE-2016-5012 RESERVED CVE-2016-5011 [Extended partition loop in MBR partition table leads to DoS] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43493 - in data: . DLA
Author: apo Date: 2016-07-26 13:36:24 + (Tue, 26 Jul 2016) New Revision: 43493 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-562-1 for gosa Modified: data/DLA/list === --- data/DLA/list 2016-07-26 13:30:38 UTC (rev 43492) +++ data/DLA/list 2016-07-26 13:36:24 UTC (rev 43493) @@ -1,3 +1,6 @@ +[26 Jul 2016] DLA-562-1 gosa - security update + {CVE-2015-8771} + [wheezy] - gosa 2.7.4-4.3~deb7u3 [26 Jul 2016] DLA-561-1 uclibc - security update {CVE-2016-2224 CVE-2016-2225 CVE-2016-6264} [wheezy] - uclibc 0.9.32-1+deb7u1 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-26 13:30:38 UTC (rev 43492) +++ data/dla-needed.txt 2016-07-26 13:36:24 UTC (rev 43493) @@ -22,9 +22,6 @@ NOTE: 20160529, no fix yet NOTE: 20160618, still no fix -- -gosa (Markus Koschany) - NOTE: Take gosa and get the upload done because Mike hasn't responded to my last e-mail. --- icedove (Guido Günther) -- icu (Roberto C. Sánchez) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43492 - data/CVE
Author: apo Date: 2016-07-26 13:30:38 + (Tue, 26 Jul 2016) New Revision: 43492 Modified: data/CVE/list Log: CVE-2014-9760 is fixed in Gosa (Wheezy) 0003_xss-vulnerability-on-login-screen.patch has been applied since 2014 Modified: data/CVE/list === --- data/CVE/list 2016-07-26 12:13:11 UTC (rev 43491) +++ data/CVE/list 2016-07-26 13:30:38 UTC (rev 43492) @@ -16482,6 +16482,7 @@ CVE-2014-9760 [XSS vulnerability during session log on] RESERVED - gosa 2.7.4+reloaded1-5 + [wheezy] - gosa 2.7.4-4.3~deb7u2 [squeeze] - gosa 2.6.11-3+squeeze4 NOTE: Fixed in 2.7.4+reloaded1-3 with follow-up fix in 2.7.4+reloaded1-5 NOTE: https://github.com/gosa-project/gosa-core/commit/e35b990464a2c2cf64d6833a217ed944876e7732 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43491 - data/CVE
Author: carnil Date: 2016-07-26 12:13:11 + (Tue, 26 Jul 2016) New Revision: 43491 Modified: data/CVE/list Log: Add two new xen issues Modified: data/CVE/list === --- data/CVE/list 2016-07-26 11:39:46 UTC (rev 43490) +++ data/CVE/list 2016-07-26 12:13:11 UTC (rev 43491) @@ -115,10 +115,14 @@ RESERVED CVE-2016-6260 RESERVED -CVE-2016-6259 +CVE-2016-6259 [x86: Missing SMAP whitelisting in 32-bit exception / event delivery] RESERVED -CVE-2016-6258 + - xen + NOTE: http://xenbits.xen.org/xsa/advisory-183.html +CVE-2016-6258 [x86: Privilege escalation in PV guests] RESERVED + - xen + NOTE: http://xenbits.xen.org/xsa/advisory-182.html CVE-2016-6257 RESERVED CVE-2016-6256 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43490 - in data: CVE DLA
Author: santiago Date: 2016-07-26 11:39:46 + (Tue, 26 Jul 2016) New Revision: 43490 Modified: data/CVE/list data/DLA/list Log: CVE-2016-5408/squid3 fixed by DLA-556-1. Fix references Modified: data/CVE/list === --- data/CVE/list 2016-07-26 11:37:31 UTC (rev 43489) +++ data/CVE/list 2016-07-26 11:39:46 UTC (rev 43490) @@ -2736,11 +2736,11 @@ CVE-2016-5409 RESERVED CVE-2016-5408 + {DLA-556-1} RESERVED - squid3 (Incomplete fix for CVE-2016-4051 not applied) NOTE: CVE is specific for the incomplete fix of CVE-2016-4051 as applied - NOTE: by some vendors. Possibly wheezy was as well, but covered with - NOTE: DLA-556-1. + NOTE: by some vendors. CVE-2016-5407 RESERVED CVE-2016-5406 @@ -7251,7 +7251,7 @@ NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4) NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5) CVE-2016-4051 (Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and ...) - {DSA-3625-1 DLA-556-1 DLA-478-1} + {DSA-3625-1 DLA-478-1} - squid3 3.5.17-1 - squid [wheezy] - squid (cachemgr.cgi not installed. squid-cgi binary package built from squid3) @@ -7260,6 +7260,7 @@ NOTE: http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_5.patch (Squid 3.3) NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_5.patch (Squid 3.4) NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_5.patch (Squid 3.5) + NOTE: Fixed in wheezy by DLA-556-1, c.f. CVE-2016-5408 CVE-2016-4044 RESERVED CVE-2016-4043 Modified: data/DLA/list === --- data/DLA/list 2016-07-26 11:37:31 UTC (rev 43489) +++ data/DLA/list 2016-07-26 11:39:46 UTC (rev 43490) @@ -13,7 +13,7 @@ [23 Jul 2016] DLA-557-1 dietlibc - security update [wheezy] - dietlibc 0.33~cvs20120325-4+deb7u1 [22 Jul 2016] DLA-556-1 squid3 - security update - {CVE-2016-4051} + {CVE-2016-5408} [wheezy] - squid3 3.1.20-2.2+deb7u6 [21 Jul 2016] DLA-555-1 python-django - security update {CVE-2016-6186} ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43486 - data
Author: apo Date: 2016-07-26 09:37:55 + (Tue, 26 Jul 2016) New Revision: 43486 Modified: data/dla-needed.txt Log: Claim gosa in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-26 09:30:46 UTC (rev 43485) +++ data/dla-needed.txt 2016-07-26 09:37:55 UTC (rev 43486) @@ -22,9 +22,8 @@ NOTE: 20160529, no fix yet NOTE: 20160618, still no fix -- -gosa (Mike Gabriel) - NOTE: .debdiff sent to the Security Team, waiting for feedback - NOTE: asked about jessie status (seb) +gosa (Markus Koschany) + NOTE: Take gosa and get the upload done because Mike hasn't responded to my last e-mail. -- icedove (Guido Günther) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43485 - in data: . DLA
Author: apo Date: 2016-07-26 09:30:46 + (Tue, 26 Jul 2016) New Revision: 43485 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-561-1 for uclibc Modified: data/DLA/list === --- data/DLA/list 2016-07-26 09:10:11 UTC (rev 43484) +++ data/DLA/list 2016-07-26 09:30:46 UTC (rev 43485) @@ -1,3 +1,6 @@ +[26 Jul 2016] DLA-561-1 uclibc - security update + {CVE-2016-2224 CVE-2016-2225 CVE-2016-6264} + [wheezy] - uclibc 0.9.32-1+deb7u1 [26 Jul 2016] DLA-560-1 cacti - security update {CVE-2016-2313 CVE-2016-3172 CVE-2016-3659} [wheezy] - cacti 0.8.8a+dfsg-5+deb7u9 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-26 09:10:11 UTC (rev 43484) +++ data/dla-needed.txt 2016-07-26 09:30:46 UTC (rev 43485) @@ -119,8 +119,6 @@ -- tiff3 -- -uclibc (Markus Koschany) --- wordpress (Markus Koschany) -- xen (Brian May) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43484 - data/CVE
Author: sectracker Date: 2016-07-26 09:10:11 + (Tue, 26 Jul 2016) New Revision: 43484 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2016-07-26 09:02:45 UTC (rev 43483) +++ data/CVE/list 2016-07-26 09:10:11 UTC (rev 43484) @@ -8424,6 +8424,7 @@ CVE-2016-3660 RESERVED CVE-2016-3659 (SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows ...) + {DLA-560-1} - cacti 0.8.8h+ds1-1 (bug #820521) [jessie] - cacti (Minor issue) NOTE: http://bugs.cacti.net/view.php?id=2673 @@ -10389,6 +10390,7 @@ NOTE: https://git.zx2c4.com/cgit/commit/filters/html-converters/txt2html?id=13c2d3df0440ce04273de3149631a9bd97490c6e NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/05/8 CVE-2016-3172 (SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier ...) + {DLA-560-1} - cacti 0.8.8g+ds1-2 (bug #818647) [jessie] - cacti (Minor issue) NOTE: http://bugs.cacti.net/view.php?id=2667 @@ -11760,7 +11762,7 @@ NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security CVE-2016-2518 [Crafted addpeer with hmode > 7 causes out-of-bounds reference] RESERVED - {DSA-3629-1} + {DSA-3629-1 DLA-559-1} - ntp 1:4.2.8p7+dfsg-1 NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security CVE-2016-2517 [Remote configuration trustedkey/requestkey/controlkey values are not properly validated] @@ -11771,7 +11773,7 @@ NOTE: cause trouble anyway CVE-2016-2516 [Duplicate IPs on unconfig directives will cause an assertion failure] RESERVED - {DSA-3629-1} + {DSA-3629-1 DLA-559-1} - ntp 1:4.2.8p7+dfsg-1 NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security CVE-2016-2514 @@ -12702,6 +12704,7 @@ NOTE: Fixed by: https://git.kernel.org/linus/67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3 (v4.5-rc1) NOTE: Introduced by: https://git.kernel.org/linus/04b5d028f50ff05a8f9ae049ee71f8fdfcf1f5de (v2.6.30-rc2) CVE-2016-2313 (auth_login.php in Cacti before 0.8.8g allows remote authenticated ...) + {DLA-560-1} - cacti 0.8.8g+ds1-1 (bug #814353) [jessie] - cacti (Minor issue) NOTE: http://svn.cacti.net/viewvc/cacti/tags/0.8.8g/docs/CHANGELOG?revision=7788=markup @@ -15447,7 +15450,7 @@ NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security CVE-2016-1550 [Timing attack for authenticated packets] RESERVED - {DSA-3629-1} + {DSA-3629-1 DLA-559-1} - ntp 1:4.2.8p7+dfsg-1 NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security TODO: check @@ -15459,13 +15462,13 @@ NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security CVE-2016-1548 [Change the time of an ntpd client or deny service to an ntpd client by forcing it to change from basic client/server mode to interleaved symmetric mode.] RESERVED - {DSA-3629-1} + {DSA-3629-1 DLA-559-1} - ntp 1:4.2.8p7+dfsg-1 NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security TODO: check CVE-2016-1547 [Validate crypto-NAKs] RESERVED - {DSA-3629-1} + {DSA-3629-1 DLA-559-1} - ntp 1:4.2.8p7+dfsg-1 NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security TODO: check @@ -21320,7 +21323,7 @@ RESERVED CVE-2015-8158 [Potential Infinite Loop in ntpq] RESERVED - {DSA-3629-1} + {DSA-3629-1 DLA-559-1} - ntp 1:4.2.8p7+dfsg-1 NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit NOTE: http://support.ntp.org/bin/view/Main/NtpBug2948 @@ -21372,7 +21375,7 @@ NOTE: Mitigated in 4.2.8p6 CVE-2015-8138 [ntp: missing check for zero originate timestamp] RESERVED - {DSA-3629-1} + {DSA-3629-1 DLA-559-1} - ntp 1:4.2.8p7+dfsg-1 NOTE: http://www.talosintel.com/reports/TALOS-2016-0077/ NOTE: https://github.com/ntp-project/ntp/commit/880191b72409a1965712999d248d70e6f7163af8 @@ -21898,21 +21901,21 @@ NOTE: http://www.openwall.com/lists/oss-security/2015/10/27/5 CVE-2015-7979 [Off-path Denial of Service (DoS) attack on authenticated broadcast mode] RESERVED - {DSA-3629-1} + {DSA-3629-1 DLA-559-1} - ntp 1:4.2.8p7+dfsg-1 NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit NOTE: http://support.ntp.org/bin/view/Main/NtpBug2942 NOTE: https://github.com/ntp-project/ntp/commit/fe46889f7baa75fc8e6c0fcde87706d396ce1461
[Secure-testing-commits] r43482 - data/CVE
Author: bam Date: 2016-07-26 08:57:04 + (Tue, 26 Jul 2016) New Revision: 43482 Modified: data/CVE/list Log: Temp CVE was fixed in wheezy LTS Modified: data/CVE/list === --- data/CVE/list 2016-07-26 06:29:30 UTC (rev 43481) +++ data/CVE/list 2016-07-26 08:57:04 UTC (rev 43482) @@ -28205,7 +28205,7 @@ CVE-2015- [Stack buffer overflow when printing bad bytes in Intel Hex objects] - binutils 2.25.90.20151125-1 [jessie] - binutils (Minor issue) - [wheezy] - binutils (Minor issue) + [wheezy] - binutils 2.22-8+deb7u3 [squeeze] - binutils 2.20.1-16+deb6u2 NOTE: workaround entry for DLA 324-1-1 until/if CVE assigned - gdb ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits