date:20160726

[Secure-testing-commits] r43517 - data/CVE

2016-07-26 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-07-27 05:20:28 + (Wed, 27 Jul 2016)
New Revision: 43517

Modified:
   data/CVE/list
Log:
lighttpd: add bug reference, #832571

Modified: data/CVE/list
===
--- data/CVE/list   2016-07-27 05:16:07 UTC (rev 43516)
+++ data/CVE/list   2016-07-27 05:20:28 UTC (rev 43517)
@@ -145,7 +145,7 @@
RESERVED
 CVE-2016-1000212 [Mitigation for HTTPoxy vulnerability]
RESERVED
-   - lighttpd 
+   - lighttpd  (bug #832571)
NOTE: 
https://redmine.lighttpd.net/projects/lighttpd/repository/revisions/779c133c16f9af168b004dce7a2a64f16c1cb3a4/diff
NOTE: CVE assigned for the mitigation to identify the fix. But it is 
not a vulnerability in lighttpd itself.
 CVE-2016-1000211


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43516 - data/CVE

2016-07-26 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-07-27 05:16:07 + (Wed, 27 Jul 2016)
New Revision: 43516

Modified:
   data/CVE/list
Log:
Remove some no-dsa tagged entries for src:xen

Modified: data/CVE/list
===
--- data/CVE/list   2016-07-27 05:13:45 UTC (rev 43515)
+++ data/CVE/list   2016-07-27 05:16:07 UTC (rev 43516)
@@ -3499,7 +3499,6 @@
NOTE: https://patchwork.ozlabs.org/patch/629100/
 CVE-2016-5242 (The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x 
through 4.6.x ...)
- xen 
-   [jessie] - xen  (Minor issue, can be fixed along in a future 
DSA)
NOTE: http://xenbits.xen.org/xsa/advisory-181.html
 CVE-2016-5241
RESERVED
@@ -4659,7 +4658,6 @@
NOTE: http://xenbits.xen.org/xsa/advisory-178.html
 CVE-2016-4962 (The libxl device-handling in Xen 4.6.x and earlier allows local 
OS ...)
- xen 
-   [jessie] - xen  (Minor issue, can be fixed along in a future 
DSA)
NOTE: http://xenbits.xen.org/xsa/advisory-175.html
 CVE-2016-4961
RESERVED
@@ -6117,7 +6115,6 @@
RESERVED
 CVE-2016-4480 (The guest_walk_tables function in arch/x86/mm/guest_walk.c in 
Xen ...)
- xen 
-   [jessie] - xen  (Minor issue, can be fixed along in a future 
DSA)
NOTE: http://xenbits.xen.org/xsa/advisory-176.html
 CVE-2016-4479
RESERVED
@@ -20832,7 +20829,6 @@
NOTE: http://xenbits.xen.org/xsa/advisory-159.html
 CVE-2015-8338 (Xen 4.6.x and earlier does not properly enforce limits on page 
order ...)
- xen  (bug #823620)
-   [jessie] - xen  (Minor issue)
[wheezy] - xen  (Only affects Xen on arm)
[squeeze] - xen  (Only affects Xen on arm)
NOTE: http://xenbits.xen.org/xsa/advisory-158.html


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43515 - data/CVE

2016-07-26 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-07-27 05:13:45 + (Wed, 27 Jul 2016)
New Revision: 43515

Modified:
   data/CVE/list
Log:
Add CVE-2015-8949/libdbd-mysql-perl

Modified: data/CVE/list
===
--- data/CVE/list   2016-07-27 05:08:55 UTC (rev 43514)
+++ data/CVE/list   2016-07-27 05:13:45 UTC (rev 43515)
@@ -367,6 +367,10 @@
NOTE: 
https://lists.gnu.org/archive/html/help-libidn/2016-07/msg9.html
NOTE: Test / Fix: 
http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f42
 (libidn-1-33)
NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/6
+CVE-2015-8949 [Use after free in my_login() function of DBD::mysql]
+   - libdbd-mysql-perl 4.035-1
+   NOTE: https://github.com/perl5-dbi/DBD-mysql/pull/45
+   NOTE: 
https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156
 CVE-2015-8948 [Solve out-of-bounds-read when reading one zero byte as input]
RESERVED
- libidn 1.33-1


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43513 - data/CVE

2016-07-26 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-07-27 04:59:37 + (Wed, 27 Jul 2016)
New Revision: 43513

Modified:
   data/CVE/list
Log:
CVE-2016-6352/gdk-pixbuf assigned

Modified: data/CVE/list
===
--- data/CVE/list   2016-07-27 04:43:43 UTC (rev 43512)
+++ data/CVE/list   2016-07-27 04:59:37 UTC (rev 43513)
@@ -660,10 +660,10 @@
NOTE: https://github.com/libgd/libgd/pull/251
NOTE: 
https://github.com/libgd/libgd/commit/5a3f19e962b507560c9206965087db4dc0ad107f
NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/07/12/4
-CVE-2016- [Write out-of-bounds]
+CVE-2016-6352 [Write out-of-bounds]
- gdk-pixbuf  (bug #832496)
[wheezy] - gdk-pixbuf  (Fails with ENOMEM, no crash)
-   NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/07/13/11
+   NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/11
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=769170
 CVE-2016-6224 (ecryptfs-setup-swap in eCryptfs does not prevent the 
unencrypted swap ...)
- ecryptfs-utils  (Broken code not present; incomplete 
fix for CVE-2015-8946 not applied)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43511 - data/CVE

2016-07-26 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-07-27 04:41:20 + (Wed, 27 Jul 2016)
New Revision: 43511

Modified:
   data/CVE/list
Log:
Add CVE-2016-1000212/lighttpd

Modified: data/CVE/list
===
--- data/CVE/list   2016-07-27 04:27:12 UTC (rev 43510)
+++ data/CVE/list   2016-07-27 04:41:20 UTC (rev 43511)
@@ -137,6 +137,10 @@
RESERVED
 CVE-2016-6253
RESERVED
+CVE-2016-1000212
+   RESERVED
+   - lighttpd 
+   NOTE: 
https://redmine.lighttpd.net/projects/lighttpd/repository/revisions/779c133c16f9af168b004dce7a2a64f16c1cb3a4/diff
 CVE-2016-1000211
RESERVED
 CVE-2016-1000210


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43510 - data/CVE

2016-07-26 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-07-27 04:27:12 + (Wed, 27 Jul 2016)
New Revision: 43510

Modified:
   data/CVE/list
Log:
Add entry for CVE-2016-6207 for php5 as well

It was not in the DSA list explicitly since it just affects the source
code, but since php5 uses system lib of libgd2 is not worth mentioning
in the DSA advisory.

Modified: data/CVE/list
===
--- data/CVE/list   2016-07-26 21:30:49 UTC (rev 43509)
+++ data/CVE/list   2016-07-27 04:27:12 UTC (rev 43510)
@@ -563,6 +563,7 @@
NOTE: 
https://github.com/libgd/libgd/commit/7a28c235890c95e6010e7b0d0f7c7369367168ef
- php7.0 7.0.9-1 (unimportant)
- php5 5.6.24+dfsg-1 (unimportant)
+   [jessie] - php5 5.6.24+dfsg-0+deb8u1
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72558
NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43509 - data

2016-07-26 Thread Moritz Muehlenhoff

Author: jmm
Date: 2016-07-26 21:30:49 + (Tue, 26 Jul 2016)
New Revision: 43509

Modified:
   data/dsa-needed.txt
Log:
add and take xen


Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-07-26 21:10:11 UTC (rev 43508)
+++ data/dsa-needed.txt 2016-07-26 21:30:49 UTC (rev 43509)
@@ -53,3 +53,5 @@
   Maintainer proposed debdiff for CVE-2016-5832 to CVE-2016-5839
   NOTE: should include as well CVE-2015-8834?
 --
+xen (jmm)
+--


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43508 - data/CVE

2016-07-26 Thread security tracker role

Author: sectracker
Date: 2016-07-26 21:10:11 + (Tue, 26 Jul 2016)
New Revision: 43508

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2016-07-26 21:02:12 UTC (rev 43507)
+++ data/CVE/list   2016-07-26 21:10:11 UTC (rev 43508)
@@ -46,61 +46,60 @@
- tiff 
- tiff3 
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2573
-CVE-2016-6297 [Stack-based buffer overflow vulnerability in 
php_stream_zip_opener]
-   RESERVED
+CVE-2016-6297 (Integer overflow in the php_stream_zip_opener function in ...)
+   {DSA-3631-1}
- php7.0 7.0.9-1
- php5 5.6.24+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/72520
NOTE: 
http://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
-CVE-2016-6296 [heap-buffer-overflow (write) simplestring_addn simplestring.c]
-   RESERVED
+CVE-2016-6296 (Integer signedness error in the simplestring_addn function in 
...)
+   {DSA-3631-1}
- php7.0 7.0.9-1
- php5 5.6.24+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/72606
NOTE: 
http://git.php.net/?p=php-src.git;a=commit;h=e6c48213c22ed50b2b987b479fcc1ac709394caa
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
- xmlrpc-epi 
-CVE-2016-6295 [Use After Free Vulnerability in SNMP with GC and unserialize()]
-   RESERVED
+CVE-2016-6295 (ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 
7.x ...)
+   {DSA-3631-1}
- php7.0 7.0.9-1
- php5 5.6.24+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/72479
NOTE: 
http://git.php.net/?p=php-src.git;a=commit;h=cab1c3b3708eead315e033359d07049b23b147a3
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
-CVE-2016-6294 [locale_accept_from_http out-of-bounds access]
-   RESERVED
+CVE-2016-6294 (The locale_accept_from_http function in ...)
+   {DSA-3631-1}
- php7.0 7.0.9-1
- php5 5.6.24+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/72533
NOTE: 
http://git.php.net/?p=php-src.git;a=commit;h=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
-CVE-2016-6293 [locale_accept_from_http out-of-bounds access]
-   RESERVED
+CVE-2016-6293 (The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in 
...)
- icu 
-CVE-2016-6292 [NULL Pointer Dereference in exif_process_user_comment]
-   RESERVED
+CVE-2016-6292 (The exif_process_user_comment function in ext/exif/exif.c in 
PHP ...)
+   {DSA-3631-1}
- php7.0 7.0.9-1
- php5 5.6.24+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/72618
NOTE: 
http://git.php.net/?p=php-src.git;a=commit;h=41131cd41d2fd2e0c2f332a27988df75659c42e4
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
-CVE-2016-6291 [Out of bound read in exif_process_IFD_in_MAKERNOTE]
-   RESERVED
+CVE-2016-6291 (The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c 
in PHP ...)
+   {DSA-3631-1}
- php7.0 7.0.9-1
- php5 5.6.24+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/72603
NOTE: 
http://git.php.net/?p=php-src.git;a=commit;h=eebcbd5de38a0f1c2876035402cb770e37476519
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
-CVE-2016-6290 [Use After Free in unserialize() with Unexpected Session 
Deserialization]
-   RESERVED
+CVE-2016-6290 (ext/session/session.c in PHP before 5.5.38, 5.6.x before 
5.6.24, and ...)
+   {DSA-3631-1}
- php7.0 7.0.9-1
- php5 5.6.24+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/72562
NOTE: 
http://git.php.net/?p=php-src.git;a=commit;h=3798eb6fd5dddb211b01d41495072fd9858d4e32
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
-CVE-2016-6289 [Stack-based buffer overflow vulnerability in virtual_file_ex]
-   RESERVED
+CVE-2016-6289 (Integer overflow in the virtual_file_ex function in ...)
+   {DSA-3631-1}
- php7.0 7.0.9-1
- php5 5.6.24+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/72513
@@ -344,6 +343,7 @@
NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696941
 CVE-2016-6264
RESERVED
+   {DLA-561-1}
- uclibc-ng  (bug #811275)
- uclibc  (unimportant)
NOTE: Just for cross-compiling, not used for actual packages
@@ -553,6 +553,7 @@
RESERVED
 CVE-2016-6207
RESERVED
+   {DSA-3630-1}
- libgd2 2.2.2-43-g22cba39-1
[wheezy] - libgd2  (Vulnerable code not present)
NOTE: 
https://github.com/libgd/libgd/commit/0dd40abd6d5b3e53a6b745dd4d6cf94b70010989
@@ -850,7 +851,7 @@
- linux  (Vulnerable code introduced in 4.7-rc1)
 CVE-2016-6161
RESERVED
-   {DSA-3619-1}
+   {DSA-3619-1 DLA-563-1}
- libgd2 2.2.1-1
NOTE: https://github.com/libgd/libgd/issues/209
NOTE: 
https://github.com/libgd/libgd/commit/82b80dcb70a7ca8986125ff412bceddafc896842 
(gd-2.2.0)
@@

[Secure-testing-commits] r43507 - data/CVE

2016-07-26 Thread Moritz Muehlenhoff

Author: jmm
Date: 2016-07-26 21:02:12 + (Tue, 26 Jul 2016)
New Revision: 43507

Modified:
   data/CVE/list
Log:
one xen issue n/a in stable and oldstable


Modified: data/CVE/list
===
--- data/CVE/list   2016-07-26 20:42:50 UTC (rev 43506)
+++ data/CVE/list   2016-07-26 21:02:12 UTC (rev 43507)
@@ -123,6 +123,8 @@
 CVE-2016-6259 [x86: Missing SMAP whitelisting in 32-bit exception / event 
delivery]
RESERVED
- xen 
+   [jessie] - xen  (Only affects 4.5 and later)
+   [wheezy] - xen  (Only affects 4.5 and later)
NOTE: http://xenbits.xen.org/xsa/advisory-183.html
 CVE-2016-6258 [x86: Privilege escalation in PV guests]
RESERVED


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43504 - org

2016-07-26 Thread Balint Reczey

Author: rbalint
Date: 2016-07-26 20:33:32 + (Tue, 26 Jul 2016)
New Revision: 43504

Modified:
   org/lts-frontdesk.2016.txt
Log:
Add myself to LTS front desk duties for Sept. and Oct

Modified: org/lts-frontdesk.2016.txt
===
--- org/lts-frontdesk.2016.txt  2016-07-26 19:44:47 UTC (rev 43503)
+++ org/lts-frontdesk.2016.txt  2016-07-26 20:33:32 UTC (rev 43504)
@@ -46,11 +46,11 @@
 From 15-08 to 21-08:Chris Lamb 
 From 22-08 to 28-08:Ben Hutchings 
 From 29-08 to 04-09:Thorsten Alteholz 
-From 05-09 to 11-09:
+From 05-09 to 11-09:Balint Reczey 
 From 12-09 to 18-09:Markus Koschany 
 From 19-09 to 25-09:Chris Lamb 
 From 26-09 to 02-10:
-From 03-10 to 09-10:
+From 03-10 to 09-10:Balint Reczey 
 From 10-10 to 16-10:Markus Koschany 
 From 17-10 to 23-10:Chris Lamb 
 From 24-10 to 30-10:


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43502 - data/CVE

2016-07-26 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-07-26 19:31:21 + (Tue, 26 Jul 2016)
New Revision: 43502

Modified:
   data/CVE/list
Log:
Add CVE-2016-6349/systemd

Modified: data/CVE/list
===
--- data/CVE/list   2016-07-26 19:29:40 UTC (rev 43501)
+++ data/CVE/list   2016-07-26 19:31:21 UTC (rev 43502)
@@ -7,6 +7,9 @@
TODO: check versions
 CVE-2016-6350
NOT-FOR-US: OpenBSD
+CVE-2016-6349 [information exposure for docker containers]
+   - systemd 
+   NOTE: http://www.openwall.com/lists/oss-security/2016/07/26/5
 CVE-2016-6287
RESERVED
 CVE-2016-6286


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43501 - data/CVE

2016-07-26 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-07-26 19:29:40 + (Tue, 26 Jul 2016)
New Revision: 43501

Modified:
   data/CVE/list
Log:
Add CVE-2016-6350 and mark as NFU

Modified: data/CVE/list
===
--- data/CVE/list   2016-07-26 19:28:11 UTC (rev 43500)
+++ data/CVE/list   2016-07-26 19:29:40 UTC (rev 43501)
@@ -5,6 +5,8 @@
NOTE: Fixed by: 
http://git.qemu.org/?p=qemu.git;a=commit;h=cc96677469388bad3d66479379735cf75db069e3
 (v2.7.0-rc0)
NOTE: http://www.openwall.com/lists/oss-security/2016/07/25/14
TODO: check versions
+CVE-2016-6350
+   NOT-FOR-US: OpenBSD
 CVE-2016-6287
RESERVED
 CVE-2016-6286


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43500 - data/CVE

2016-07-26 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-07-26 19:28:11 + (Tue, 26 Jul 2016)
New Revision: 43500

Modified:
   data/CVE/list
Log:
CVE-2016-6351/qemu assigned

Modified: data/CVE/list
===
--- data/CVE/list   2016-07-26 18:34:54 UTC (rev 43499)
+++ data/CVE/list   2016-07-26 19:28:11 UTC (rev 43500)
@@ -1,9 +1,9 @@
-CVE-2016- [scsi: esp: oob write access while reading ESP command]
+CVE-2016-6351 [scsi: esp: oob write access while reading ESP command]
- qemu 
- qemu-kvm 
NOTE: Fixed by: 
http://git.qemu.org/?p=qemu.git;a=commit;h=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11
 (v2.7.0-rc0)
NOTE: Fixed by: 
http://git.qemu.org/?p=qemu.git;a=commit;h=cc96677469388bad3d66479379735cf75db069e3
 (v2.7.0-rc0)
-   NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/07/25/14
+   NOTE: http://www.openwall.com/lists/oss-security/2016/07/25/14
TODO: check versions
 CVE-2016-6287
RESERVED


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43498 - data/CVE

2016-07-26 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-07-26 18:32:28 + (Tue, 26 Jul 2016)
New Revision: 43498

Modified:
   data/CVE/list
Log:
php7.0 fixed in unstable

Modified: data/CVE/list
===
--- data/CVE/list   2016-07-26 18:15:37 UTC (rev 43497)
+++ data/CVE/list   2016-07-26 18:32:28 UTC (rev 43498)
@@ -43,14 +43,14 @@
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2573
 CVE-2016-6297 [Stack-based buffer overflow vulnerability in 
php_stream_zip_opener]
RESERVED
-   - php7.0 
+   - php7.0 7.0.9-1
- php5 
NOTE: PHP Bug: https://bugs.php.net/72520
NOTE: 
http://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
 CVE-2016-6296 [heap-buffer-overflow (write) simplestring_addn simplestring.c]
RESERVED
-   - php7.0 
+   - php7.0 7.0.9-1
- php5 
NOTE: PHP Bug: https://bugs.php.net/72606
NOTE: 
http://git.php.net/?p=php-src.git;a=commit;h=e6c48213c22ed50b2b987b479fcc1ac709394caa
@@ -58,14 +58,14 @@
- xmlrpc-epi 
 CVE-2016-6295 [Use After Free Vulnerability in SNMP with GC and unserialize()]
RESERVED
-   - php7.0 
+   - php7.0 7.0.9-1
- php5 
NOTE: PHP Bug: https://bugs.php.net/72479
NOTE: 
http://git.php.net/?p=php-src.git;a=commit;h=cab1c3b3708eead315e033359d07049b23b147a3
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
 CVE-2016-6294 [locale_accept_from_http out-of-bounds access]
RESERVED
-   - php7.0 
+   - php7.0 7.0.9-1
- php5 
NOTE: PHP Bug: https://bugs.php.net/72533
NOTE: 
http://git.php.net/?p=php-src.git;a=commit;h=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4
@@ -75,28 +75,28 @@
- icu 
 CVE-2016-6292 [NULL Pointer Dereference in exif_process_user_comment]
RESERVED
-   - php7.0 
+   - php7.0 7.0.9-1
- php5 
NOTE: PHP Bug: https://bugs.php.net/72618
NOTE: 
http://git.php.net/?p=php-src.git;a=commit;h=41131cd41d2fd2e0c2f332a27988df75659c42e4
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
 CVE-2016-6291 [Out of bound read in exif_process_IFD_in_MAKERNOTE]
RESERVED
-   - php7.0 
+   - php7.0 7.0.9-1
- php5 
NOTE: PHP Bug: https://bugs.php.net/72603
NOTE: 
http://git.php.net/?p=php-src.git;a=commit;h=eebcbd5de38a0f1c2876035402cb770e37476519
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
 CVE-2016-6290 [Use After Free in unserialize() with Unexpected Session 
Deserialization]
RESERVED
-   - php7.0 
+   - php7.0 7.0.9-1
- php5 
NOTE: PHP Bug: https://bugs.php.net/72562
NOTE: 
http://git.php.net/?p=php-src.git;a=commit;h=3798eb6fd5dddb211b01d41495072fd9858d4e32
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
 CVE-2016-6289 [Stack-based buffer overflow vulnerability in virtual_file_ex]
RESERVED
-   - php7.0 
+   - php7.0 7.0.9-1
- php5 
NOTE: PHP Bug: https://bugs.php.net/72513
NOTE: 
http://git.php.net/?p=php-src.git;a=commit;h=0218acb7e756a469099c4ccfb22bce6c2bd1ef87
@@ -553,7 +553,7 @@
NOTE: 
https://github.com/libgd/libgd/commit/ff9113c80a32205d45205d3ea30965b25480e0fb
NOTE: 
https://github.com/libgd/libgd/commit/f60ec7a546499f9446063a4dbe755be9523d8232
NOTE: 
https://github.com/libgd/libgd/commit/7a28c235890c95e6010e7b0d0f7c7369367168ef
-   - php7.0  (unimportant)
+   - php7.0 7.0.9-1 (unimportant)
- php5  (unimportant)
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72558
@@ -2769,7 +2769,7 @@
- linux 
 CVE-2016-5399 [Improper error handling in bzread()]
RESERVED
-   - php7.0 
+   - php7.0 7.0.9-1
- php5 
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72613
NOTE: Partial fixes in 7.0.9, 5.6.24, 5.5.38
@@ -2827,7 +2827,7 @@
 CVE-2016-5386 (The net/http package in Go through 1.6 does not attempt to 
address RFC ...)
- golang 
 CVE-2016-5385 (PHP through 7.0.8 does not attempt to address RFC 3875 section 
4.1.18 ...)
-   - php7.0 
+   - php7.0 7.0.9-1
- php5 
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72573
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43494 - data/CVE

2016-07-26 Thread Moritz Muehlenhoff

Author: jmm
Date: 2016-07-26 17:08:46 + (Tue, 26 Jul 2016)
New Revision: 43494

Modified:
   data/CVE/list
Log:
new moodle issue (fixed)
mark python changes for "httpoxy" as unimportant


Modified: data/CVE/list
===
--- data/CVE/list   2016-07-26 13:36:24 UTC (rev 43493)
+++ data/CVE/list   2016-07-26 17:08:46 UTC (rev 43494)
@@ -479,12 +479,15 @@
RESERVED
 CVE-2016-1000110
RESERVED
-   - python3.5 
-   - python3.4 
-   - python3.2 
-   - python2.7 
-   - python2.6 
+   - python3.5  (unimportant)
+   - python3.4  (unimportant)
+   - python3.2  (unimportant)
+   - python2.7  (unimportant)
+   - python2.6  (unimportant)
NOTE: https://bugs.python.org/issue27568
+   NOTE: No part of Python does set HTTP_PROXY based on a Proxy: header, 
the Python bug
+   NOTE: just provides a hardening to discard HTTP_PROXY if it thinks a 
Python script is
+   NOTE: running as a CGI script
 CVE-2016-1000109
RESERVED
 CVE-2016-1000107
@@ -4248,6 +4251,7 @@
RESERVED
 CVE-2016-5013
RESERVED
+   - moodle 2.7.15+dfsg-1
 CVE-2016-5012
RESERVED
 CVE-2016-5011 [Extended partition loop in MBR partition  table leads to DoS]


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43493 - in data: . DLA

2016-07-26 Thread Markus Koschany

Author: apo
Date: 2016-07-26 13:36:24 + (Tue, 26 Jul 2016)
New Revision: 43493

Modified:
   data/DLA/list
   data/dla-needed.txt
Log:
Reserve DLA-562-1 for gosa

Modified: data/DLA/list
===
--- data/DLA/list   2016-07-26 13:30:38 UTC (rev 43492)
+++ data/DLA/list   2016-07-26 13:36:24 UTC (rev 43493)
@@ -1,3 +1,6 @@
+[26 Jul 2016] DLA-562-1 gosa - security update
+   {CVE-2015-8771}
+   [wheezy] - gosa 2.7.4-4.3~deb7u3
 [26 Jul 2016] DLA-561-1 uclibc - security update
{CVE-2016-2224 CVE-2016-2225 CVE-2016-6264}
[wheezy] - uclibc 0.9.32-1+deb7u1

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-07-26 13:30:38 UTC (rev 43492)
+++ data/dla-needed.txt 2016-07-26 13:36:24 UTC (rev 43493)
@@ -22,9 +22,6 @@
   NOTE: 20160529, no fix yet
   NOTE: 20160618, still no fix
 --
-gosa (Markus Koschany)
-  NOTE: Take gosa and get the upload done because Mike hasn't responded to my 
last e-mail.
---
 icedove (Guido Günther)
 --
 icu (Roberto C. Sánchez)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43492 - data/CVE

2016-07-26 Thread Markus Koschany

Author: apo
Date: 2016-07-26 13:30:38 + (Tue, 26 Jul 2016)
New Revision: 43492

Modified:
   data/CVE/list
Log:
CVE-2014-9760 is fixed in Gosa (Wheezy)

0003_xss-vulnerability-on-login-screen.patch has been applied since 2014


Modified: data/CVE/list
===
--- data/CVE/list   2016-07-26 12:13:11 UTC (rev 43491)
+++ data/CVE/list   2016-07-26 13:30:38 UTC (rev 43492)
@@ -16482,6 +16482,7 @@
 CVE-2014-9760 [XSS vulnerability during session log on]
RESERVED
- gosa 2.7.4+reloaded1-5
+   [wheezy] - gosa 2.7.4-4.3~deb7u2
[squeeze] - gosa 2.6.11-3+squeeze4
NOTE: Fixed in 2.7.4+reloaded1-3 with follow-up fix in 2.7.4+reloaded1-5
NOTE: 
https://github.com/gosa-project/gosa-core/commit/e35b990464a2c2cf64d6833a217ed944876e7732


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43491 - data/CVE

2016-07-26 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-07-26 12:13:11 + (Tue, 26 Jul 2016)
New Revision: 43491

Modified:
   data/CVE/list
Log:
Add two new xen issues

Modified: data/CVE/list
===
--- data/CVE/list   2016-07-26 11:39:46 UTC (rev 43490)
+++ data/CVE/list   2016-07-26 12:13:11 UTC (rev 43491)
@@ -115,10 +115,14 @@
RESERVED
 CVE-2016-6260
RESERVED
-CVE-2016-6259
+CVE-2016-6259 [x86: Missing SMAP whitelisting in 32-bit exception / event 
delivery]
RESERVED
-CVE-2016-6258
+   - xen 
+   NOTE: http://xenbits.xen.org/xsa/advisory-183.html
+CVE-2016-6258 [x86: Privilege escalation in PV guests]
RESERVED
+   - xen 
+   NOTE: http://xenbits.xen.org/xsa/advisory-182.html
 CVE-2016-6257
RESERVED
 CVE-2016-6256


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43490 - in data: CVE DLA

2016-07-26 Thread Santiago Ruano Rincón

Author: santiago
Date: 2016-07-26 11:39:46 + (Tue, 26 Jul 2016)
New Revision: 43490

Modified:
   data/CVE/list
   data/DLA/list
Log:
CVE-2016-5408/squid3 fixed by DLA-556-1. Fix references

Modified: data/CVE/list
===
--- data/CVE/list   2016-07-26 11:37:31 UTC (rev 43489)
+++ data/CVE/list   2016-07-26 11:39:46 UTC (rev 43490)
@@ -2736,11 +2736,11 @@
 CVE-2016-5409
RESERVED
 CVE-2016-5408
+   {DLA-556-1}
RESERVED
- squid3  (Incomplete fix for CVE-2016-4051 not applied)
NOTE: CVE is specific for the incomplete fix of CVE-2016-4051 as applied
-   NOTE: by some vendors. Possibly wheezy was as well, but covered with
-   NOTE: DLA-556-1.
+   NOTE: by some vendors.
 CVE-2016-5407
RESERVED
 CVE-2016-5406
@@ -7251,7 +7251,7 @@
NOTE: 
http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch 
(Squid 3.4)
NOTE: 
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch 
(Squid 3.5)
 CVE-2016-4051 (Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 
3.5.17, and ...)
-   {DSA-3625-1 DLA-556-1 DLA-478-1}
+   {DSA-3625-1 DLA-478-1}
- squid3 3.5.17-1
- squid 
[wheezy] - squid  (cachemgr.cgi not installed. squid-cgi 
binary package built from squid3)
@@ -7260,6 +7260,7 @@
NOTE: 
http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_5.patch (Squid 
3.3)
NOTE: 
http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_5.patch (Squid 
3.4)
NOTE: 
http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_5.patch (Squid 
3.5)
+   NOTE: Fixed in wheezy by DLA-556-1, c.f. CVE-2016-5408
 CVE-2016-4044
RESERVED
 CVE-2016-4043

Modified: data/DLA/list
===
--- data/DLA/list   2016-07-26 11:37:31 UTC (rev 43489)
+++ data/DLA/list   2016-07-26 11:39:46 UTC (rev 43490)
@@ -13,7 +13,7 @@
 [23 Jul 2016] DLA-557-1 dietlibc - security update
[wheezy] - dietlibc 0.33~cvs20120325-4+deb7u1
 [22 Jul 2016] DLA-556-1 squid3 - security update
-   {CVE-2016-4051}
+   {CVE-2016-5408}
[wheezy] - squid3 3.1.20-2.2+deb7u6
 [21 Jul 2016] DLA-555-1 python-django - security update
{CVE-2016-6186}


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43486 - data

2016-07-26 Thread Markus Koschany

Author: apo
Date: 2016-07-26 09:37:55 + (Tue, 26 Jul 2016)
New Revision: 43486

Modified:
   data/dla-needed.txt
Log:
Claim gosa in dla-needed.txt


Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-07-26 09:30:46 UTC (rev 43485)
+++ data/dla-needed.txt 2016-07-26 09:37:55 UTC (rev 43486)
@@ -22,9 +22,8 @@
   NOTE: 20160529, no fix yet
   NOTE: 20160618, still no fix
 --
-gosa (Mike Gabriel)
-  NOTE: .debdiff sent to the Security Team, waiting for feedback
-  NOTE: asked about jessie status (seb)
+gosa (Markus Koschany)
+  NOTE: Take gosa and get the upload done because Mike hasn't responded to my 
last e-mail.
 --
 icedove (Guido Günther)
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43485 - in data: . DLA

2016-07-26 Thread Markus Koschany

Author: apo
Date: 2016-07-26 09:30:46 + (Tue, 26 Jul 2016)
New Revision: 43485

Modified:
   data/DLA/list
   data/dla-needed.txt
Log:
Reserve DLA-561-1 for uclibc

Modified: data/DLA/list
===
--- data/DLA/list   2016-07-26 09:10:11 UTC (rev 43484)
+++ data/DLA/list   2016-07-26 09:30:46 UTC (rev 43485)
@@ -1,3 +1,6 @@
+[26 Jul 2016] DLA-561-1 uclibc - security update
+   {CVE-2016-2224 CVE-2016-2225 CVE-2016-6264}
+   [wheezy] - uclibc 0.9.32-1+deb7u1
 [26 Jul 2016] DLA-560-1 cacti - security update
{CVE-2016-2313 CVE-2016-3172 CVE-2016-3659}
[wheezy] - cacti 0.8.8a+dfsg-5+deb7u9

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-07-26 09:10:11 UTC (rev 43484)
+++ data/dla-needed.txt 2016-07-26 09:30:46 UTC (rev 43485)
@@ -119,8 +119,6 @@
 --
 tiff3
 --
-uclibc (Markus Koschany)
---
 wordpress (Markus Koschany)
 --
 xen (Brian May)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43484 - data/CVE

2016-07-26 Thread security tracker role

Author: sectracker
Date: 2016-07-26 09:10:11 + (Tue, 26 Jul 2016)
New Revision: 43484

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2016-07-26 09:02:45 UTC (rev 43483)
+++ data/CVE/list   2016-07-26 09:10:11 UTC (rev 43484)
@@ -8424,6 +8424,7 @@
 CVE-2016-3660
RESERVED
 CVE-2016-3659 (SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g 
allows ...)
+   {DLA-560-1}
- cacti 0.8.8h+ds1-1 (bug #820521)
[jessie] - cacti  (Minor issue)
NOTE: http://bugs.cacti.net/view.php?id=2673
@@ -10389,6 +10390,7 @@
NOTE: 
https://git.zx2c4.com/cgit/commit/filters/html-converters/txt2html?id=13c2d3df0440ce04273de3149631a9bd97490c6e
NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/03/05/8
 CVE-2016-3172 (SQL injection vulnerability in tree.php in Cacti 0.8.8g and 
earlier ...)
+   {DLA-560-1}
- cacti 0.8.8g+ds1-2 (bug #818647)
[jessie] - cacti  (Minor issue)
NOTE: http://bugs.cacti.net/view.php?id=2667
@@ -11760,7 +11762,7 @@
NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
 CVE-2016-2518 [Crafted addpeer with hmode > 7 causes out-of-bounds reference]
RESERVED
-   {DSA-3629-1}
+   {DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1
NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
 CVE-2016-2517 [Remote configuration trustedkey/requestkey/controlkey values 
are not properly validated]
@@ -11771,7 +11773,7 @@
NOTE: cause trouble anyway
 CVE-2016-2516 [Duplicate IPs on unconfig directives will cause an assertion 
failure]
RESERVED
-   {DSA-3629-1}
+   {DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1
NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
 CVE-2016-2514
@@ -12702,6 +12704,7 @@
NOTE: Fixed by: 
https://git.kernel.org/linus/67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3 (v4.5-rc1)
NOTE: Introduced by: 
https://git.kernel.org/linus/04b5d028f50ff05a8f9ae049ee71f8fdfcf1f5de 
(v2.6.30-rc2)
 CVE-2016-2313 (auth_login.php in Cacti before 0.8.8g allows remote 
authenticated ...)
+   {DLA-560-1}
- cacti 0.8.8g+ds1-1 (bug #814353)
[jessie] - cacti  (Minor issue)
NOTE: 
http://svn.cacti.net/viewvc/cacti/tags/0.8.8g/docs/CHANGELOG?revision=7788=markup
@@ -15447,7 +15450,7 @@
NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
 CVE-2016-1550 [Timing attack for authenticated packets]
RESERVED
-   {DSA-3629-1}
+   {DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1
NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
TODO: check
@@ -15459,13 +15462,13 @@
NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
 CVE-2016-1548 [Change the time of an ntpd client or deny service to an ntpd 
client by forcing it to change from basic client/server mode to interleaved 
symmetric mode.]
RESERVED
-   {DSA-3629-1}
+   {DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1
NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
TODO: check
 CVE-2016-1547 [Validate crypto-NAKs]
RESERVED
-   {DSA-3629-1}
+   {DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1
NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
TODO: check
@@ -21320,7 +21323,7 @@
RESERVED
 CVE-2015-8158 [Potential Infinite Loop in ntpq]
RESERVED
-   {DSA-3629-1}
+   {DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1
NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
NOTE: http://support.ntp.org/bin/view/Main/NtpBug2948
@@ -21372,7 +21375,7 @@
NOTE: Mitigated in 4.2.8p6
 CVE-2015-8138 [ntp: missing check for zero originate timestamp]
RESERVED
-   {DSA-3629-1}
+   {DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1
NOTE: http://www.talosintel.com/reports/TALOS-2016-0077/
NOTE: 
https://github.com/ntp-project/ntp/commit/880191b72409a1965712999d248d70e6f7163af8
@@ -21898,21 +21901,21 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/10/27/5
 CVE-2015-7979 [Off-path Denial of Service (DoS) attack on authenticated 
broadcast mode]
RESERVED
-   {DSA-3629-1}
+   {DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1
NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
NOTE: http://support.ntp.org/bin/view/Main/NtpBug2942
NOTE: 
https://github.com/ntp-project/ntp/commit/fe46889f7baa75fc8e6c0fcde87706d396ce1461

[Secure-testing-commits] r43482 - data/CVE

2016-07-26 Thread Brian May

Author: bam
Date: 2016-07-26 08:57:04 + (Tue, 26 Jul 2016)
New Revision: 43482

Modified:
   data/CVE/list
Log:
Temp CVE was fixed in wheezy LTS


Modified: data/CVE/list
===
--- data/CVE/list   2016-07-26 06:29:30 UTC (rev 43481)
+++ data/CVE/list   2016-07-26 08:57:04 UTC (rev 43482)
@@ -28205,7 +28205,7 @@
 CVE-2015- [Stack buffer overflow when printing bad bytes in Intel Hex 
objects]
- binutils 2.25.90.20151125-1
[jessie] - binutils  (Minor issue)
-   [wheezy] - binutils  (Minor issue)
+   [wheezy] - binutils 2.22-8+deb7u3
[squeeze] - binutils 2.20.1-16+deb6u2
NOTE: workaround entry for DLA 324-1-1 until/if CVE assigned
- gdb 


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43517 - data/CVE

[Secure-testing-commits] r43516 - data/CVE

[Secure-testing-commits] r43515 - data/CVE

[Secure-testing-commits] r43513 - data/CVE

[Secure-testing-commits] r43511 - data/CVE

[Secure-testing-commits] r43510 - data/CVE

[Secure-testing-commits] r43509 - data

[Secure-testing-commits] r43508 - data/CVE

[Secure-testing-commits] r43507 - data/CVE

[Secure-testing-commits] r43504 - org

[Secure-testing-commits] r43502 - data/CVE

[Secure-testing-commits] r43501 - data/CVE

[Secure-testing-commits] r43500 - data/CVE

[Secure-testing-commits] r43498 - data/CVE

[Secure-testing-commits] r43494 - data/CVE

[Secure-testing-commits] r43493 - in data: . DLA

[Secure-testing-commits] r43492 - data/CVE

[Secure-testing-commits] r43491 - data/CVE

[Secure-testing-commits] r43490 - in data: CVE DLA

[Secure-testing-commits] r43486 - data

[Secure-testing-commits] r43485 - in data: . DLA

[Secure-testing-commits] r43484 - data/CVE

[Secure-testing-commits] r43482 - data/CVE

23 matches

Site Navigation

Mail list logo

Footer information