date:20160911

[Secure-testing-commits] r44519 - data/CVE

2016-09-11 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-09-12 05:29:27 + (Mon, 12 Sep 2016)
New Revision: 44519

Modified:
   data/CVE/list
Log:
Two quagga issues fixed in unstable, #822787, #835223

Modified: data/CVE/list
===
--- data/CVE/list   2016-09-12 04:33:49 UTC (rev 44518)
+++ data/CVE/list   2016-09-12 05:29:27 UTC (rev 44519)
@@ -10240,7 +10240,7 @@
RESERVED
 CVE-2016-4049 (The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga 
does ...)
{DSA-3654-1 DLA-601-1}
-   - quagga  (bug #822787)
+   - quagga 1.0.20160315-2 (bug #822787)
NOTE: 
https://lists.quagga.net/pipermail/quagga-dev/2016-January/014699.html
NOTE: 
https://lists.quagga.net/pipermail/quagga-dev/2016-April/015241.html
 CVE-2016-4048
@@ -10378,7 +10378,7 @@
RESERVED
 CVE-2016-4036 (The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE 
Linux ...)
{DSA-3654-1 DLA-601-1}
-   - quagga  (bug #835223)
+   - quagga 1.0.20160315-2 (bug #835223)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=770619
NOTE: World readable files in /etc/quagga as well in Debian
 CVE-2016-3955 (The usbip_recv_xbuff function in 
drivers/usb/usbip/usbip_common.c in ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r44518 - data/CVE

2016-09-11 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-09-12 04:33:49 + (Mon, 12 Sep 2016)
New Revision: 44518

Modified:
   data/CVE/list
Log:
Add CVE-2016-4993, NFU, from (old) external check

Modified: data/CVE/list
===
--- data/CVE/list   2016-09-12 04:33:26 UTC (rev 44517)
+++ data/CVE/list   2016-09-12 04:33:49 UTC (rev 44518)
@@ -7396,6 +7396,7 @@
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=767873
 CVE-2016-4993
RESERVED
+   NOT-FOR-US:  JBoss Enterprise Application Platform
 CVE-2016-4992 [Information disclosure via repeated use of LDAP ADD operation]
RESERVED
- 389-ds-base 


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r44517 - data/CVE

2016-09-11 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-09-12 04:33:26 + (Mon, 12 Sep 2016)
New Revision: 44517

Modified:
   data/CVE/list
Log:
Add source package name

Modified: data/CVE/list
===
--- data/CVE/list   2016-09-11 22:21:15 UTC (rev 44516)
+++ data/CVE/list   2016-09-12 04:33:26 UTC (rev 44517)
@@ -1628,8 +1628,11 @@
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-45/
 CVE-2016-6621
RESERVED
+   - phpmyadmin 
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-44/
NOTE: https://github.com/phpmyadmin/phpmyadmin/issues/12481
+   NOTE: The issue seems not public yet, and original changelog entry was 
wrong
+   TODO: wait for details and mark as undetermined for now
 CVE-2016-6620
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r44516 - data

2016-09-11 Thread Chris Lamb

Author: lamby
Date: 2016-09-11 22:21:15 + (Sun, 11 Sep 2016)
New Revision: 44516

Modified:
   data/dla-needed.txt
Log:
dla-needed.tx: Note activity on LTS mailing list re libphp-adodb

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-09-11 22:18:10 UTC (rev 44515)
+++ data/dla-needed.txt 2016-09-11 22:21:15 UTC (rev 44516)
@@ -34,6 +34,7 @@
   that 0.47 & 1.0 are affected and wheezy has 0.48.
 --
 libphp-adodb (Chris Lamb)
+  NOTE: Activity on LTS mailing list - probably being handled.
 --
 linux (Ben Hutchings)
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r44515 - data

2016-09-11 Thread Brian May

Author: bam
Date: 2016-09-11 22:18:10 + (Sun, 11 Sep 2016)
New Revision: 44515

Modified:
   data/dla-needed.txt
Log:
Claim autotrace


Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-09-11 21:43:00 UTC (rev 44514)
+++ data/dla-needed.txt 2016-09-11 22:18:10 UTC (rev 44515)
@@ -11,7 +11,7 @@
 --
 asterisk (Thorsten Alteholz)
 --
-autotrace
+autotrace (Brian May)
  NOTE: Reproducible with valgrind on Wheezy
 --
 chicken


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r44514 - in data: . CVE

2016-09-11 Thread Balint Reczey

Author: rbalint
Date: 2016-09-11 21:43:00 + (Sun, 11 Sep 2016)
New Revision: 44514

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
add autotrace for DLA

Modified: data/CVE/list
===
--- data/CVE/list   2016-09-11 21:19:34 UTC (rev 44513)
+++ data/CVE/list   2016-09-11 21:43:00 UTC (rev 44514)
@@ -7,6 +7,7 @@
 CVE-2016-7392 [heap-based buffer overflow in pstoedit_suffix_table_init 
(output-pstoedit.c)]
- autotrace 
NOTE: 
https://blogs.gentoo.org/ago/2016/09/10/autotrace-heap-based-buffer-overflow-in-pstoedit_suffix_table_init-output-pstoedit-c/
+NOTE: Also reproducible with valgrind
 CVE-2016-7180 (epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector 
in ...)
- wireshark 2.2.0~rc1+g438c022-1
NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5213496250aceff086404c568e3718ebc0060934

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-09-11 21:19:34 UTC (rev 44513)
+++ data/dla-needed.txt 2016-09-11 21:43:00 UTC (rev 44514)
@@ -11,6 +11,9 @@
 --
 asterisk (Thorsten Alteholz)
 --
+autotrace
+ NOTE: Reproducible with valgrind on Wheezy
+--
 chicken
 --
 gcc-mingw-w64 (Stephen Kitt)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r44513 - data/CVE

2016-09-11 Thread Ola Lundqvist

Author: opal
Date: 2016-09-11 21:19:34 + (Sun, 11 Sep 2016)
New Revision: 44513

Modified:
   data/CVE/list
Log:
Documented some conclusions regarding phpmyadmin.

Modified: data/CVE/list
===
--- data/CVE/list   2016-09-11 21:10:12 UTC (rev 44512)
+++ data/CVE/list   2016-09-11 21:19:34 UTC (rev 44513)
@@ -1627,7 +1627,8 @@
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-45/
 CVE-2016-6621
RESERVED
-   - phpmyadmin 4:4.6.4+dfsg1-1
+   NOTE: https://www.phpmyadmin.net/security/PMASA-2016-44/
+   NOTE: https://github.com/phpmyadmin/phpmyadmin/issues/12481
 CVE-2016-6620
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1
@@ -1654,6 +1655,7 @@
 CVE-2016-6615
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1
+   [wheezy] - phpmyadmin  (Vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-38/
 CVE-2016-6614
RESERVED


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r44512 - data/CVE

2016-09-11 Thread security tracker role

Author: sectracker
Date: 2016-09-11 21:10:12 + (Sun, 11 Sep 2016)
New Revision: 44512

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2016-09-11 20:53:14 UTC (rev 44511)
+++ data/CVE/list   2016-09-11 21:10:12 UTC (rev 44512)
@@ -166,6 +166,7 @@
NOTE: Fixed upstream in 1.1.1.
 CVE-2016-7163
RESERVED
+   {DSA-3665-1}
- openjpeg2 
NOTE: 
https://github.com/uclouvain/openjpeg/commit/c16bc057ba3f125051c9966cf1f5b68a05681de4
NOTE: 
https://github.com/uclouvain/openjpeg/commit/ef01f18dfc6780b776d0674ed3e7415c6ef54d24
@@ -404,6 +405,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/08/31/1
 CVE-2016-7116 [9p: directory traversal flaw in 9p virtio backend]
RESERVED
+   {DLA-619-1 DLA-618-1}
- qemu  (bug #836502)
[jessie] - qemu  (Minor issue)
- qemu-kvm 
@@ -17382,6 +17384,7 @@
- lha  (unimportant)
NOTE: Non-free not supported
 CVE-2016-1924 (The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote 
...)
+   {DSA-3665-1}
- openjpeg2 2.1.1-1 (bug #818399)
NOTE: 
https://github.com/uclouvain/openjpeg/commit/1a8318f6c24623189ecb65e049267c6f2e005c0e
 CVE-2016-1923 (Heap-based buffer overflow in the opj_j2k_update_image_data 
function ...)
@@ -28131,6 +28134,7 @@
TODO: check
 CVE-2015-8871 [Use-after-free in opj_j2k_write_mco]
RESERVED
+   {DSA-3665-1}
- openjpeg2 2.1.1-1 (bug #800149)
- openjpeg  (Vulnerable code not present; 
opj_j2k_write_mco function)
NOTE: 
https://github.com/uclouvain/openjpeg/commit/940100c28ae28931722290794889cf84a92c5f6f
@@ -29155,6 +29159,7 @@
[wheezy] - chromium-browser 
[squeeze] - chromium-browser 
 CVE-2015-6581 (Double free vulnerability in the ...)
+   {DSA-3665-1}
- openjpeg  (Vulnerable code not present, function 
opj_j2k_copy_default_tcp_and_create_tcd)
- openjpeg2 2.1.1-1 (bug #800453)
NOTE: Openjpeg2 fix: 
https://github.com/uclouvain/openjpeg/commit/0fa5a17c98c4b8f9ee2286f4f0a50cf52a5fccb0


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r44511 - data

2016-09-11 Thread Moritz Muehlenhoff

Author: jmm
Date: 2016-09-11 20:53:14 + (Sun, 11 Sep 2016)
New Revision: 44511

Modified:
   data/next-point-update.txt
Log:
mactelnet spu


Modified: data/next-point-update.txt
===
--- data/next-point-update.txt  2016-09-11 20:52:58 UTC (rev 44510)
+++ data/next-point-update.txt  2016-09-11 20:53:14 UTC (rev 44511)
@@ -99,3 +99,5 @@
[jessie] - gdcm 2.4.4-3+deb8u1
 CVE-2015-8397
[jessie] - gdcm 2.4.4-3+deb8u1
+CVE-2016-7115
+   [jessie] - mactelnet 0.4.0-2


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r44509 - in data: . DSA

2016-09-11 Thread Moritz Muehlenhoff

Author: jmm
Date: 2016-09-11 20:52:36 + (Sun, 11 Sep 2016)
New Revision: 44509

Modified:
   data/DSA/list
   data/dsa-needed.txt
Log:
openjpeg DSA entry


Modified: data/DSA/list
===
--- data/DSA/list   2016-09-11 20:28:23 UTC (rev 44508)
+++ data/DSA/list   2016-09-11 20:52:36 UTC (rev 44509)
@@ -1,3 +1,6 @@
+[11 Sep 2016] DSA-3665-1 openjpeg2 - security update
+   {CVE-2015-6581 CVE-2015-8871 CVE-2016-1924 CVE-2016-7163}
+   [jessie] - openjpeg2 2.1.0-2+deb8u1
 [10 Sep 2016] DSA-3664-1 pdns - security update
{CVE-2016-5426 CVE-2016-5427 CVE-2016-6172}
[jessie] - pdns 3.4.1-4+deb8u6

Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-09-11 20:28:23 UTC (rev 44508)
+++ data/dsa-needed.txt 2016-09-11 20:52:36 UTC (rev 44509)
@@ -30,8 +30,6 @@
 --
 nss
 --
-openjpeg2 (jmm)
---
 openssl
   wait for next openssl update round  
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r44510 - data

2016-09-11 Thread Balint Reczey

Author: rbalint
Date: 2016-09-11 20:52:58 + (Sun, 11 Sep 2016)
New Revision: 44510

Modified:
   data/dla-needed.txt
Log:
add libav for DLA

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-09-11 20:52:36 UTC (rev 44509)
+++ data/dla-needed.txt 2016-09-11 20:52:58 UTC (rev 44510)
@@ -20,6 +20,9 @@
 inspircd (Chris Lamb)
  NOTE: Looking at the code wheezy is affected
 --
+libav
+ NOTE: Latest issue is CVE-2016-7393, it would be a good time to release 
accumulated fixes
+--
 libgd2 (Thorsten Alteholz)
 --
 libical (Ola Lundqvist)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r44508 - in data: CVE DSA

2016-09-11 Thread Moritz Muehlenhoff

Author: jmm
Date: 2016-09-11 20:28:23 + (Sun, 11 Sep 2016)
New Revision: 44508

Modified:
   data/CVE/list
   data/DSA/list
Log:
remove DSA reference for CVE-2016-7393, 
this was only fixed in the bugfix released used in jessie, but not in wheezy


Modified: data/CVE/list
===
--- data/CVE/list   2016-09-11 20:26:48 UTC (rev 44507)
+++ data/CVE/list   2016-09-11 20:28:23 UTC (rev 44508)
@@ -1,5 +1,5 @@
 CVE-2016-7393 [stack-based buffer overflow in aac_sync (aac_parser.c)]
-   {DSA-3506-1}
+   [jessie] - libav 6:11.6-1~deb8u1
- ffmpeg 7:2.4-1
- libav 
NOTE: 
https://blogs.gentoo.org/ago/2016/08/20/libav-stack-based-buffer-overflow-in-aac_sync-aac_parser-c/

Modified: data/DSA/list
===
--- data/DSA/list   2016-09-11 20:26:48 UTC (rev 44507)
+++ data/DSA/list   2016-09-11 20:28:23 UTC (rev 44508)
@@ -512,7 +512,7 @@
{CVE-2015-8126 CVE-2016-1630 CVE-2016-1631 CVE-2016-1632 CVE-2016-1633 
CVE-2016-1634 CVE-2016-1635 CVE-2016-1636 CVE-2016-1637 CVE-2016-1638 
CVE-2016-1639 CVE-2016-1640 CVE-2016-1641 CVE-2016-1642 CVE-2016-2845 
CVE-2016-2844 CVE-2016-2843}
[jessie] - chromium-browser 49.0.2623.75-1~deb8u1
 [04 Mar 2016] DSA-3506-1 libav - security update
-   {CVE-2016-1897 CVE-2016-1898 CVE-2016-2326 CVE-2016-7393}
+   {CVE-2016-1897 CVE-2016-1898 CVE-2016-2326}
[wheezy] - libav 6:0.8.17-2
[jessie] - libav 6:11.6-1~deb8u1
 [04 Mar 2016] DSA-3505-1 wireshark - security update


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r44507 - data

2016-09-11 Thread Jonas Smedegaard

Author: js
Date: 2016-09-11 20:26:48 + (Sun, 11 Sep 2016)
New Revision: 44507

Modified:
   data/embedded-code-copies
Log:
Add more embedded javascript libraries in Ruby.

Modified: data/embedded-code-copies
===
--- data/embedded-code-copies   2016-09-11 19:15:17 UTC (rev 44506)
+++ data/embedded-code-copies   2016-09-11 20:26:48 UTC (rev 44507)
@@ -3171,3 +3171,12 @@
 
 Autoprefixer (not packaged, no ITP as per 2016-09-11)
- ruby-autoprefixer-rails  (embed; bug #837463)
+
+libjs-json
+   - ruby-execjs  (embed; bug #837466)
+
+split.js (not packaged, no ITP as per 2016-09-11)
+   - ruby-uglifier  (embed; bug #837470)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r44506 - data

2016-09-11 Thread Jonas Smedegaard

Author: js
Date: 2016-09-11 19:15:17 + (Sun, 11 Sep 2016)
New Revision: 44506

Modified:
   data/embedded-code-copies
Log:
ruby-autoprefixer-rails embeds Autoprefixer.

Modified: data/embedded-code-copies
===
--- data/embedded-code-copies   2016-09-11 16:42:33 UTC (rev 44505)
+++ data/embedded-code-copies   2016-09-11 19:15:17 UTC (rev 44506)
@@ -3168,3 +3168,6 @@
 
 tcsh
- gridengine  (embed)
+
+Autoprefixer (not packaged, no ITP as per 2016-09-11)
+   - ruby-autoprefixer-rails  (embed; bug #837463)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r44505 - in data: CVE DSA

2016-09-11 Thread Moritz Muehlenhoff

Author: jmm
Date: 2016-09-11 16:42:33 + (Sun, 11 Sep 2016)
New Revision: 44505

Modified:
   data/CVE/list
   data/DSA/list
Log:
updates for libav/ffmpeg


Modified: data/CVE/list
===
--- data/CVE/list   2016-09-11 16:13:52 UTC (rev 44504)
+++ data/CVE/list   2016-09-11 16:42:33 UTC (rev 44505)
@@ -1,9 +1,9 @@
 CVE-2016-7393 [stack-based buffer overflow in aac_sync (aac_parser.c)]
-   - ffmpeg 
+   {DSA-3506-1}
+   - ffmpeg 7:2.4-1
- libav 
NOTE: 
https://blogs.gentoo.org/ago/2016/08/20/libav-stack-based-buffer-overflow-in-aac_sync-aac_parser-c/
NOTE: 
https://git.libav.org/?p=libav.git;a=commit;h=fb1473080223a634b8ac2cca48a632d037a0a69d
-   TODO: check
 CVE-2016-7392 [heap-based buffer overflow in pstoedit_suffix_table_init 
(output-pstoedit.c)]
- autotrace 
NOTE: 
https://blogs.gentoo.org/ago/2016/09/10/autotrace-heap-based-buffer-overflow-in-pstoedit_suffix_table_init-output-pstoedit-c/
@@ -829,8 +829,8 @@
RESERVED
 CVE-2016-6920 [exr file Heap Overflow]
RESERVED
-   - ffmpeg 
-   TODO: check
+   - ffmpeg 7:3.1.3-1
+   - libav 
 CVE-2016-6919
RESERVED
 CVE-2016-6918

Modified: data/DSA/list
===
--- data/DSA/list   2016-09-11 16:13:52 UTC (rev 44504)
+++ data/DSA/list   2016-09-11 16:42:33 UTC (rev 44505)
@@ -512,7 +512,7 @@
{CVE-2015-8126 CVE-2016-1630 CVE-2016-1631 CVE-2016-1632 CVE-2016-1633 
CVE-2016-1634 CVE-2016-1635 CVE-2016-1636 CVE-2016-1637 CVE-2016-1638 
CVE-2016-1639 CVE-2016-1640 CVE-2016-1641 CVE-2016-1642 CVE-2016-2845 
CVE-2016-2844 CVE-2016-2843}
[jessie] - chromium-browser 49.0.2623.75-1~deb8u1
 [04 Mar 2016] DSA-3506-1 libav - security update
-   {CVE-2016-1897 CVE-2016-1898 CVE-2016-2326}
+   {CVE-2016-1897 CVE-2016-1898 CVE-2016-2326 CVE-2016-7393}
[wheezy] - libav 6:0.8.17-2
[jessie] - libav 6:11.6-1~deb8u1
 [04 Mar 2016] DSA-3505-1 wireshark - security update


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r44504 - data/DLA

2016-09-11 Thread Hugo Lefeuvre

Author: hle
Date: 2016-09-11 16:13:52 + (Sun, 11 Sep 2016)
New Revision: 44504

Modified:
   data/DLA/list
Log:
Reserve DLA number 619-1 for qemu-kvm.

Modified: data/DLA/list
===
--- data/DLA/list   2016-09-11 16:12:19 UTC (rev 44503)
+++ data/DLA/list   2016-09-11 16:13:52 UTC (rev 44504)
@@ -1,3 +1,6 @@
+[11 Sep 2016] DLA-619-1 qemu-kvm - security update
+   {CVE-2016-7116}
+   [wheezy] - qemu-kvm 1.1.2+dfsg-6+deb7u15
 [11 Sep 2016] DLA-618-1 qemu - security update
{CVE-2016-7116}
[wheezy] - qemu 1.1.2+dfsg-6+deb7u15


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r44503 - data/DLA

2016-09-11 Thread Hugo Lefeuvre

Author: hle
Date: 2016-09-11 16:12:19 + (Sun, 11 Sep 2016)
New Revision: 44503

Modified:
   data/DLA/list
Log:
Reserve DLA number 618-1 for qemu.

Modified: data/DLA/list
===
--- data/DLA/list   2016-09-11 14:30:54 UTC (rev 44502)
+++ data/DLA/list   2016-09-11 16:12:19 UTC (rev 44503)
@@ -1,3 +1,6 @@
+[11 Sep 2016] DLA-618-1 qemu - security update
+   {CVE-2016-7116}
+   [wheezy] - qemu 1.1.2+dfsg-6+deb7u15
 [10 Sep 2016] DLA-617-1 libarchive - security update
{CVE-2015-8915 CVE-2016-7166}
[wheezy] - libarchive 3.0.4-3+wheezy3


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r44502 - data/CVE

2016-09-11 Thread Jean-Michel Vourgère

Author: nirgal
Date: 2016-09-11 14:30:54 + (Sun, 11 Sep 2016)
New Revision: 44502

Modified:
   data/CVE/list
Log:
Add bug number for CVE-2016-4855


Modified: data/CVE/list
===
--- data/CVE/list   2016-09-11 09:10:15 UTC (rev 44501)
+++ data/CVE/list   2016-09-11 14:30:54 UTC (rev 44502)
@@ -7988,7 +7988,7 @@
RESERVED
 CVE-2016-4855
RESERVED
-   - libphp-adodb 5.20.6-1 (unimportant)
+   - libphp-adodb 5.20.6-1 (unimportant; bug #837418)
NOTE: https://github.com/ADOdb/ADOdb/issues/274
NOTE: https://jvn.jp/en/jp/JVN48237713/
NOTE: https://github.com/ADOdb/ADOdb/commit/ecb93d8c1


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r44501 - data/CVE

2016-09-11 Thread security tracker role

Author: sectracker
Date: 2016-09-11 09:10:15 + (Sun, 11 Sep 2016)
New Revision: 44501

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2016-09-11 07:13:30 UTC (rev 44500)
+++ data/CVE/list   2016-09-11 09:10:15 UTC (rev 44501)
@@ -2889,7 +2889,7 @@
 CVE-2016-6253
RESERVED
 CVE-2016-1000218
-- kibana  (bug #700337)
+   - kibana  (bug #700337)
 CVE-2016-1000212 [Mitigation for HTTPoxy vulnerability]
{DSA-3642-1 DLA-583-1}
- lighttpd  (bug #832571)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r44500 - data

2016-09-11 Thread Paul Wise

Author: pabs
Date: 2016-09-11 07:13:30 + (Sun, 11 Sep 2016)
New Revision: 44500

Modified:
   data/embedded-code-copies
Log:
gridengine embeds tcsh (see #833995)

Modified: data/embedded-code-copies
===
--- data/embedded-code-copies   2016-09-11 03:44:06 UTC (rev 44499)
+++ data/embedded-code-copies   2016-09-11 07:13:30 UTC (rev 44500)
@@ -3165,3 +3165,6 @@
 
 libgetopt++
- libsass  (embed)
+
+tcsh
+   - gridengine  (embed)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r44519 - data/CVE

[Secure-testing-commits] r44518 - data/CVE

[Secure-testing-commits] r44517 - data/CVE

[Secure-testing-commits] r44516 - data

[Secure-testing-commits] r44515 - data

[Secure-testing-commits] r44514 - in data: . CVE

[Secure-testing-commits] r44513 - data/CVE

[Secure-testing-commits] r44512 - data/CVE

[Secure-testing-commits] r44511 - data

[Secure-testing-commits] r44509 - in data: . DSA

[Secure-testing-commits] r44510 - data

[Secure-testing-commits] r44508 - in data: CVE DSA

[Secure-testing-commits] r44507 - data

[Secure-testing-commits] r44506 - data

[Secure-testing-commits] r44505 - in data: CVE DSA

[Secure-testing-commits] r44504 - data/DLA

[Secure-testing-commits] r44503 - data/DLA

[Secure-testing-commits] r44502 - data/CVE

[Secure-testing-commits] r44501 - data/CVE

[Secure-testing-commits] r44500 - data

20 matches

Site Navigation

Mail list logo

Footer information