[Secure-testing-commits] r46036 - data/CVE
Author: carnil
Date: 2016-11-07 07:38:58 + (Mon, 07 Nov 2016)
New Revision: 46036
Modified:
data/CVE/list
Log:
CVE-2015-7827/botan1.10, #817932, fixed in unstable
Modified: data/CVE/list
===
--- data/CVE/list 2016-11-07 07:38:49 UTC (rev 46035)
+++ data/CVE/list 2016-11-07 07:38:58 UTC (rev 46036)
@@ -32080,8 +32080,8 @@
NOT-FOR-US: SAP HANA
CVE-2015-7827 (Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier
for ...)
{DSA-3565-1 DLA-449-1}
- - botan1.10 (bug #817932)
- NOTE: Fixed in 1.11.22. Affected all previous versions
+ - botan1.10 1.10.13-1 (bug #817932)
+ NOTE: Fixed in 1.11.22 and 1.10.13. Affected all previous versions.
NOTE: http://botan.randombit.net/security.html
CVE-2015-7826 [Acceptance of invalid certificate names]
RESERVED
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46035 - data/CVE
Author: carnil
Date: 2016-11-07 07:38:49 + (Mon, 07 Nov 2016)
New Revision: 46035
Modified:
data/CVE/list
Log:
CVE-2016-2849/botan1.10, #822698, fixed in unstable
Modified: data/CVE/list
===
--- data/CVE/list 2016-11-07 07:33:07 UTC (rev 46034)
+++ data/CVE/list 2016-11-07 07:38:49 UTC (rev 46035)
@@ -20015,9 +20015,9 @@
NOTE: Introduced in 1.11.0, fixed in 1.11.29
CVE-2016-2849 (Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a ...)
{DSA-3565-1 DLA-449-1}
- - botan1.10 (bug #822698)
+ - botan1.10 1.10.13-1 (bug #822698)
NOTE: http://botan.randombit.net/security.html
- NOTE: Introduced in 1.7.15, fixed in 1.11.29
+ NOTE: Introduced in 1.7.15, fixed in 1.10.13 and 1.11.29
NOTE: FIX
https://github.com/randombit/botan/commit/bcf13fa153a11b3e0ad54e2af6962441cea3adf1
CVE-2016-2848 (ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2
allows ...)
{DLA-672-1}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46034 - data/CVE
Author: carnil
Date: 2016-11-07 07:33:07 + (Mon, 07 Nov 2016)
New Revision: 46034
Modified:
data/CVE/list
Log:
CVE-2016-6911/libgd2 fixed in unstable
Modified: data/CVE/list
===
--- data/CVE/list 2016-11-07 07:18:18 UTC (rev 46033)
+++ data/CVE/list 2016-11-07 07:33:07 UTC (rev 46034)
@@ -1283,7 +1283,7 @@
CVE-2016-6911 [invalid read in gdImageCreateFromTiffPtr()]
RESERVED
{DSA-3693-1 DLA-665-1}
- - libgd2 (bug #840806)
+ - libgd2 2.2.3-87-gd0fec80-2 (bug #840806)
NOTE: Corresponds to the
0020-Fix-invalid-read-in-gdImageCreateFromTiffPtr.patch patch
CVE-2016-8703
RESERVED
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46033 - data/CVE
Author: fgeek-guest Date: 2016-11-07 07:18:18 + (Mon, 07 Nov 2016) New Revision: 46033 Modified: data/CVE/list Log: CVE-2016-8858/openssh note Modified: data/CVE/list === --- data/CVE/list 2016-11-07 06:32:20 UTC (rev 46032) +++ data/CVE/list 2016-11-07 07:18:18 UTC (rev 46033) @@ -1235,6 +1235,7 @@ [jessie] - openssh (Minor issue) [wheezy] - openssh (Minor issue) NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c?rev=1.127=text/x-cvsweb-markup + NOTE: Only thing the attacker could do here is self-dos own connection CVE-2016-8862 [imagemagick: memory allocation failure in AcquireMagickMemory (memory.c)] RESERVED - imagemagick ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46032 - data/CVE
Author: carnil Date: 2016-11-07 06:32:20 + (Mon, 07 Nov 2016) New Revision: 46032 Modified: data/CVE/list Log: CVE-2015-8971/terminology assigned Modified: data/CVE/list === --- data/CVE/list 2016-11-07 05:49:36 UTC (rev 46031) +++ data/CVE/list 2016-11-07 06:32:20 UTC (rev 46032) @@ -1,7 +1,7 @@ -CVE-2016- [Escape Sequence Command Execution vulnerability] +CVE-2015-8971 [Escape Sequence Command Execution vulnerability] - terminology (bug #843434) NOTE: https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5 - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/11/04/12 + NOTE: http://www.openwall.com/lists/oss-security/2016/11/04/12 CVE-2016-9191 [local DoS with cgroup offline code] - linux CVE-2016-9190 (Pillow before 3.3.2 allows context-dependent attackers to execute ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46031 - in data: . DSA
Author: carnil
Date: 2016-11-07 05:49:36 + (Mon, 07 Nov 2016)
New Revision: 46031
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
Reserve DSA number for mysql-5.5 update
Modified: data/DSA/list
===
--- data/DSA/list 2016-11-07 05:37:55 UTC (rev 46030)
+++ data/DSA/list 2016-11-07 05:49:36 UTC (rev 46031)
@@ -1,3 +1,6 @@
+[07 Nov 2016] DSA-3706-1 mysql-5.5 - security update
+ {CVE-2016-5584 CVE-2016-7440}
+ [jessie] - mysql-5.5 5.5.53-0+deb8u1
[03 Nov 2016] DSA-3705-1 curl - security update
{CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619
CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624}
[jessie] - curl 7.38.0-4+deb8u5
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-11-07 05:37:55 UTC (rev 46030)
+++ data/dsa-needed.txt 2016-11-07 05:49:36 UTC (rev 46031)
@@ -38,10 +38,6 @@
--
mat (jmm)
--
-mysql-5.5
- Lars Tangvald prepared an update and the src:mysql-5.5 will be uploaded with
-sa
- build for jessie-security.
---
openjdk-7 (jmm)
--
openjpeg2
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46030 - data/CVE
Author: carnil Date: 2016-11-07 05:37:55 + (Mon, 07 Nov 2016) New Revision: 46030 Modified: data/CVE/list Log: Add CVE-2016-8632/linux Modified: data/CVE/list === --- data/CVE/list 2016-11-06 23:14:09 UTC (rev 46029) +++ data/CVE/list 2016-11-07 05:37:55 UTC (rev 46030) @@ -1527,6 +1527,8 @@ NOTE: https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/ CVE-2016-8632 RESERVED + - linux + NOTE: https://www.mail-archive.com/netdev@vger.kernel.org/msg133205.html CVE-2016-8631 RESERVED NOT-FOR-US: OpenShift Enterprise ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46029 - in data: . DLA
Author: pochu
Date: 2016-11-06 23:14:09 + (Sun, 06 Nov 2016)
New Revision: 46029
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-704-1 for openjdk-7
Modified: data/DLA/list
===
--- data/DLA/list 2016-11-06 21:46:25 UTC (rev 46028)
+++ data/DLA/list 2016-11-06 23:14:09 UTC (rev 46029)
@@ -1,3 +1,6 @@
+[07 Nov 2016] DLA-704-1 openjdk-7 - security update
+ {CVE-2016-5542 CVE-2016-5554 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597}
+ [wheezy] - openjdk-7 7u111-2.6.7-2~deb7u1
[06 Nov 2016] DLA-703-1 libdatetime-timezone-perl - new upstream version
[wheezy] - libdatetime-timezone-perl 1:1.58-1+2016i
[06 Nov 2016] DLA-702-1 tzdata - new upstream version
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-11-06 21:46:25 UTC (rev 46028)
+++ data/dla-needed.txt 2016-11-06 23:14:09 UTC (rev 46029)
@@ -76,9 +76,6 @@
mysql-connector-python
NOTE: see http://bugs.debian.org/841677 for current discussion
--
-openjdk-7 (Emilio Pozuelo)
- NOTE: An updated package is available in experimental (7u111-2.6.7-2)
---
openssl
NOTE: Kurt Roeckx is working on an update
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46028 - data/CVE
Author: hle Date: 2016-11-06 21:46:25 + (Sun, 06 Nov 2016) New Revision: 46028 Modified: data/CVE/list Log: CVE triage for Xen in wheezy. Modified: data/CVE/list === --- data/CVE/list 2016-11-06 20:57:49 UTC (rev 46027) +++ data/CVE/list 2016-11-06 21:46:25 UTC (rev 46028) @@ -12145,6 +12145,8 @@ [wheezy] - qemu (Minor issue) - qemu-kvm [wheezy] - qemu-kvm (Minor issue) + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1343323 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec @@ -13010,6 +13012,8 @@ [wheezy] - qemu (Minor issue) - qemu-kvm [wheezy] - qemu-kvm (Minor issue) + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1341931 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg00150.html CVE-2016-5234 (Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint ...) @@ -14204,6 +14208,9 @@ [jessie] - qemu (LSI SAS1068 (mptsas) device support added later) [wheezy] - qemu (LSI SAS1068 (mptsas) device support added later) - qemu-kvm (LSI SAS1068 (mptsas) device support added later) + - xen 4.4.0-1 + [wheezy] - xen (Vulnerable code introduced later) + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04027.html NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=e351b82611293683c4cabe4b69b7552bde5d4e2a (v2.6.0-rc0) CVE-2016-4950 @@ -14261,6 +14268,9 @@ [jessie] - qemu (Minor issue) [wheezy] - qemu (VMWare PVSCSI paravirtual device implementation introduced later) - qemu-kvm (VMWare PVSCSI paravirtual device implementation introduced later) + - xen 4.4.0-1 + [wheezy] - xen (Vulnerable code introduced later) + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03774.html NOTE: Introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=881d588a98bf0dce98ddb65c15aa0854c0ac41ed (v1.5.0-rc0) CVE-2016-4951 (The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux ...) @@ -15618,6 +15628,8 @@ [wheezy] - qemu (Minor issue) - qemu-kvm [wheezy] - qemu-kvm (Minor issue) + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05271.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336429 CVE-2016-4453 (The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows ...) @@ -15626,6 +15638,8 @@ [wheezy] - qemu (Minor issue) - qemu-kvm [wheezy] - qemu-kvm (Minor issue) + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05270.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336650 CVE-2016-4452 @@ -15673,6 +15687,8 @@ [wheezy] - qemu (Minor issue; can be fixed along with a future DSA) - qemu-kvm [wheezy] - qemu-kvm (Minor issue; can be fixed along with a future DSA) + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03274.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337505 CVE-2016-4440 (arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the ...) @@ -15687,6 +15703,8 @@ - qemu 1:2.6+dfsg-2 (bug #824856) [jessie] - qemu (Minor issue; can be fixed along with a future DSA) - qemu-kvm + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03273.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337502 CVE-2016-4438 (The REST plugin in Apache Struts 2 2.3.20 through 2.3.28.1 allows ...) @@ -16782,6 +16800,9 @@ [wheezy] - qemu (Minor issue) - qemu-kvm [wheezy] - qemu-kvm (Minor issue) + - xen 4.4.0-1 + [wheezy] - xen (Vulnerable code introduced after 0.14.50, embedded version is 0.10.2) + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02691.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1325129 NOTE: http://www.openwall.com/lists/oss-security/2016/04/18/3 @@ -16872,6 +16893,9 @@ - qemu 1:2.6+dfsg-2 (bug #821062) [jessie] - qemu (Minor issue) - qemu-kvm + - xen 4.4.0-1 +
[Secure-testing-commits] r46026 - data/CVE
Author: carnil
Date: 2016-11-06 20:35:27 + (Sun, 06 Nov 2016)
New Revision: 46026
Modified:
data/CVE/list
Log:
Add information for CVE-2016-1841
Modified: data/CVE/list
===
--- data/CVE/list 2016-11-06 20:14:27 UTC (rev 46025)
+++ data/CVE/list 2016-11-06 20:35:27 UTC (rev 46026)
@@ -23926,10 +23926,12 @@
CVE-2016-1842 (MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and
watchOS ...)
TODO: check
CVE-2016-1841 (libxslt, as used in Apple iOS before 9.3.2, OS X before
10.11.5, tvOS ...)
- - libxslt
- NOTE: (possible) upstream bug:
https://bugzilla.gnome.org/show_bug.cgi?id=758291
- NOTE: (possible) upstream commit:
https://git.gnome.org/browse/libxslt/commit/?id=fc1ff481fd01e9a65a921c542fed68d8c965e8a3
- TODO: check, most likely *not* only Apple specific, clarifying with
upstream
+ - libxslt 1.1.29-1
+ [jessie] - libxslt 1.1.28-2+deb8u1
+ [wheezy] - libxslt 1.1.26-14.1+deb7u1
+ NOTE: upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=758291
+ NOTE: upstream commit:
https://git.gnome.org/browse/libxslt/commit/?id=fc1ff481fd01e9a65a921c542fed68d8c965e8a3
+ TODO: checking with MITRE if association to the CVE is correct, bu
seems the only valid one
CVE-2016-1840 (Heap-based buffer overflow in the xmlFAParsePosCharGroup
function in ...)
{DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46025 - data/CVE
Author: carnil Date: 2016-11-06 20:14:27 + (Sun, 06 Nov 2016) New Revision: 46025 Modified: data/CVE/list Log: Add reference for CVE-2016-8633 Modified: data/CVE/list === --- data/CVE/list 2016-11-06 17:21:47 UTC (rev 46024) +++ data/CVE/list 2016-11-06 20:14:27 UTC (rev 46025) @@ -1524,6 +1524,7 @@ RESERVED - linux NOTE: https://git.kernel.org/linus/667121ace9dbafb368618dbabcf07901c962ddac + NOTE: https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/ CVE-2016-8632 RESERVED CVE-2016-8631 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46023 - data/CVE
Author: carnil Date: 2016-11-06 16:35:20 + (Sun, 06 Nov 2016) New Revision: 46023 Modified: data/CVE/list Log: Update information for CVE-2016-8630 Modified: data/CVE/list === --- data/CVE/list 2016-11-06 16:29:29 UTC (rev 46022) +++ data/CVE/list 2016-11-06 16:35:20 UTC (rev 46023) @@ -1532,6 +1532,8 @@ CVE-2016-8630 RESERVED - linux + [jessie] - linux (Vulnerable code introduced later) + [wheezy] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/d9092f52d7e61dd1557f2db2400ddb430e85937e (v4.9-rc4) NOTE: Introduced by: https://git.kernel.org/linus/41061cdb98a0bec464278b4db8e894a3121671f5 (v3.17-rc1) CVE-2016-8629 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46022 - data/CVE
Author: carnil Date: 2016-11-06 16:29:29 + (Sun, 06 Nov 2016) New Revision: 46022 Modified: data/CVE/list Log: Add CVE-2016-8630/linux Modified: data/CVE/list === --- data/CVE/list 2016-11-06 16:26:36 UTC (rev 46021) +++ data/CVE/list 2016-11-06 16:29:29 UTC (rev 46022) @@ -1531,6 +1531,9 @@ NOT-FOR-US: OpenShift Enterprise CVE-2016-8630 RESERVED + - linux + NOTE: Fixed by: https://git.kernel.org/linus/d9092f52d7e61dd1557f2db2400ddb430e85937e (v4.9-rc4) + NOTE: Introduced by: https://git.kernel.org/linus/41061cdb98a0bec464278b4db8e894a3121671f5 (v3.17-rc1) CVE-2016-8629 RESERVED CVE-2016-8628 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46021 - data/CVE
Author: carnil Date: 2016-11-06 16:26:36 + (Sun, 06 Nov 2016) New Revision: 46021 Modified: data/CVE/list Log: Add CVE-2016-8633/linux Modified: data/CVE/list === --- data/CVE/list 2016-11-06 15:08:45 UTC (rev 46020) +++ data/CVE/list 2016-11-06 16:26:36 UTC (rev 46021) @@ -1522,6 +1522,8 @@ NOTE: http://projects.theforeman.org/issues/17195 CVE-2016-8633 RESERVED + - linux + NOTE: https://git.kernel.org/linus/667121ace9dbafb368618dbabcf07901c962ddac CVE-2016-8632 RESERVED CVE-2016-8631 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46020 - in data: . CVE
Author: agx Date: 2016-11-06 15:08:45 + (Sun, 06 Nov 2016) New Revision: 46020 Modified: data/CVE/list data/dla-needed.txt Log: lts: triage dokuwiki Modified: data/CVE/list === --- data/CVE/list 2016-11-06 10:44:15 UTC (rev 46019) +++ data/CVE/list 2016-11-06 15:08:45 UTC (rev 46020) @@ -3996,6 +3996,7 @@ TODO: check CVE-2016-7964 (The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php ...) - dokuwiki + [wheezy] - dokuwiki (Minor issue) NOTE: https://github.com/splitbrain/dokuwiki/issues/1708 TODO: check CVE-2016-7963 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-11-06 10:44:15 UTC (rev 46019) +++ data/dla-needed.txt 2016-11-06 15:08:45 UTC (rev 46020) @@ -14,6 +14,9 @@ curl (Thorsten Alteholz) NOTE: not all patches seem to be in the final state -- +dokuwiki + NOTE: upstream marked CVE-2016-7965 as WONTFIX +-- dwarfutils NOTE: New round of CVEs not seemingly covered by DLA 669-1. -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46019 - data
Author: lamby Date: 2016-11-06 10:44:15 + (Sun, 06 Nov 2016) New Revision: 46019 Modified: data/dla-needed.txt Log: Claim python-imaging in data/dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-11-06 10:38:56 UTC (rev 46018) +++ data/dla-needed.txt 2016-11-06 10:44:15 UTC (rev 46019) @@ -90,7 +90,7 @@ -- python-django (Brian May) -- -python-imaging +python-imaging (Chris Lamb) -- sendmail -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46017 - in data: . DLA
Author: pochu
Date: 2016-11-06 10:36:49 + (Sun, 06 Nov 2016)
New Revision: 46017
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-702-1 for tzdata
Modified: data/DLA/list
===
--- data/DLA/list 2016-11-06 08:40:09 UTC (rev 46016)
+++ data/DLA/list 2016-11-06 10:36:49 UTC (rev 46017)
@@ -1,3 +1,5 @@
+[06 Nov 2016] DLA-702-1 tzdata - security update
+ [wheezy] - tzdata 2016i-0+deb7u1
[05 Nov 2016] DLA-701-1 memcached - security update
{CVE-2013-7291 CVE-2016-8704 CVE-2016-8705 CVE-2016-8706}
[wheezy] - memcached 1.4.13-0.2+deb7u2
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-11-06 08:40:09 UTC (rev 46016)
+++ data/dla-needed.txt 2016-11-06 10:36:49 UTC (rev 46017)
@@ -102,5 +102,3 @@
--
tomcat7 (Markus Koschany)
--
-tzdata (Emilio Pozuelo)
---
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46018 - in data: . DLA
Author: pochu
Date: 2016-11-06 10:38:56 + (Sun, 06 Nov 2016)
New Revision: 46018
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-703-1 for libdatetime-timezone-perl
Modified: data/DLA/list
===
--- data/DLA/list 2016-11-06 10:36:49 UTC (rev 46017)
+++ data/DLA/list 2016-11-06 10:38:56 UTC (rev 46018)
@@ -1,4 +1,6 @@
-[06 Nov 2016] DLA-702-1 tzdata - security update
+[06 Nov 2016] DLA-703-1 libdatetime-timezone-perl - new upstream version
+ [wheezy] - libdatetime-timezone-perl 1:1.58-1+2016i
+[06 Nov 2016] DLA-702-1 tzdata - new upstream version
[wheezy] - tzdata 2016i-0+deb7u1
[05 Nov 2016] DLA-701-1 memcached - security update
{CVE-2013-7291 CVE-2016-8704 CVE-2016-8705 CVE-2016-8706}
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-11-06 10:36:49 UTC (rev 46017)
+++ data/dla-needed.txt 2016-11-06 10:38:56 UTC (rev 46018)
@@ -44,8 +44,6 @@
NOTE: Upstream should provide new point-releases fixing open security issues
in the next months.
NOTE: Lots of CVEs are open, this is going to take some time. (See
debian-lts ML)
--
-libdatetime-timezone-perl (Emilio Pozuelo)
---
libical
NOTE: issues are currently not public, but
https://marc.info/?l=oss-security=146685931517961=2 claims
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46016 - data/packages
Author: sectracker Date: 2016-11-06 08:40:09 + (Sun, 06 Nov 2016) New Revision: 46016 Modified: data/packages/removed-packages Log: These packages have been removed Modified: data/packages/removed-packages === --- data/packages/removed-packages 2016-11-06 00:28:12 UTC (rev 46015) +++ data/packages/removed-packages 2016-11-06 08:40:09 UTC (rev 46016) @@ -585,3 +585,4 @@ php-zend-xml php-smb webgui +llvm-toolchain-3.6 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
