[Secure-testing-commits] r46036 - data/CVE
Author: carnil Date: 2016-11-07 07:38:58 + (Mon, 07 Nov 2016) New Revision: 46036 Modified: data/CVE/list Log: CVE-2015-7827/botan1.10, #817932, fixed in unstable Modified: data/CVE/list === --- data/CVE/list 2016-11-07 07:38:49 UTC (rev 46035) +++ data/CVE/list 2016-11-07 07:38:58 UTC (rev 46036) @@ -32080,8 +32080,8 @@ NOT-FOR-US: SAP HANA CVE-2015-7827 (Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for ...) {DSA-3565-1 DLA-449-1} - - botan1.10 (bug #817932) - NOTE: Fixed in 1.11.22. Affected all previous versions + - botan1.10 1.10.13-1 (bug #817932) + NOTE: Fixed in 1.11.22 and 1.10.13. Affected all previous versions. NOTE: http://botan.randombit.net/security.html CVE-2015-7826 [Acceptance of invalid certificate names] RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46035 - data/CVE
Author: carnil Date: 2016-11-07 07:38:49 + (Mon, 07 Nov 2016) New Revision: 46035 Modified: data/CVE/list Log: CVE-2016-2849/botan1.10, #822698, fixed in unstable Modified: data/CVE/list === --- data/CVE/list 2016-11-07 07:33:07 UTC (rev 46034) +++ data/CVE/list 2016-11-07 07:38:49 UTC (rev 46035) @@ -20015,9 +20015,9 @@ NOTE: Introduced in 1.11.0, fixed in 1.11.29 CVE-2016-2849 (Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a ...) {DSA-3565-1 DLA-449-1} - - botan1.10 (bug #822698) + - botan1.10 1.10.13-1 (bug #822698) NOTE: http://botan.randombit.net/security.html - NOTE: Introduced in 1.7.15, fixed in 1.11.29 + NOTE: Introduced in 1.7.15, fixed in 1.10.13 and 1.11.29 NOTE: FIX https://github.com/randombit/botan/commit/bcf13fa153a11b3e0ad54e2af6962441cea3adf1 CVE-2016-2848 (ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows ...) {DLA-672-1} ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46034 - data/CVE
Author: carnil Date: 2016-11-07 07:33:07 + (Mon, 07 Nov 2016) New Revision: 46034 Modified: data/CVE/list Log: CVE-2016-6911/libgd2 fixed in unstable Modified: data/CVE/list === --- data/CVE/list 2016-11-07 07:18:18 UTC (rev 46033) +++ data/CVE/list 2016-11-07 07:33:07 UTC (rev 46034) @@ -1283,7 +1283,7 @@ CVE-2016-6911 [invalid read in gdImageCreateFromTiffPtr()] RESERVED {DSA-3693-1 DLA-665-1} - - libgd2 (bug #840806) + - libgd2 2.2.3-87-gd0fec80-2 (bug #840806) NOTE: Corresponds to the 0020-Fix-invalid-read-in-gdImageCreateFromTiffPtr.patch patch CVE-2016-8703 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46033 - data/CVE
Author: fgeek-guest Date: 2016-11-07 07:18:18 + (Mon, 07 Nov 2016) New Revision: 46033 Modified: data/CVE/list Log: CVE-2016-8858/openssh note Modified: data/CVE/list === --- data/CVE/list 2016-11-07 06:32:20 UTC (rev 46032) +++ data/CVE/list 2016-11-07 07:18:18 UTC (rev 46033) @@ -1235,6 +1235,7 @@ [jessie] - openssh (Minor issue) [wheezy] - openssh (Minor issue) NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c?rev=1.127=text/x-cvsweb-markup + NOTE: Only thing the attacker could do here is self-dos own connection CVE-2016-8862 [imagemagick: memory allocation failure in AcquireMagickMemory (memory.c)] RESERVED - imagemagick ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46032 - data/CVE
Author: carnil Date: 2016-11-07 06:32:20 + (Mon, 07 Nov 2016) New Revision: 46032 Modified: data/CVE/list Log: CVE-2015-8971/terminology assigned Modified: data/CVE/list === --- data/CVE/list 2016-11-07 05:49:36 UTC (rev 46031) +++ data/CVE/list 2016-11-07 06:32:20 UTC (rev 46032) @@ -1,7 +1,7 @@ -CVE-2016- [Escape Sequence Command Execution vulnerability] +CVE-2015-8971 [Escape Sequence Command Execution vulnerability] - terminology (bug #843434) NOTE: https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5 - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/11/04/12 + NOTE: http://www.openwall.com/lists/oss-security/2016/11/04/12 CVE-2016-9191 [local DoS with cgroup offline code] - linux CVE-2016-9190 (Pillow before 3.3.2 allows context-dependent attackers to execute ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46031 - in data: . DSA
Author: carnil Date: 2016-11-07 05:49:36 + (Mon, 07 Nov 2016) New Revision: 46031 Modified: data/DSA/list data/dsa-needed.txt Log: Reserve DSA number for mysql-5.5 update Modified: data/DSA/list === --- data/DSA/list 2016-11-07 05:37:55 UTC (rev 46030) +++ data/DSA/list 2016-11-07 05:49:36 UTC (rev 46031) @@ -1,3 +1,6 @@ +[07 Nov 2016] DSA-3706-1 mysql-5.5 - security update + {CVE-2016-5584 CVE-2016-7440} + [jessie] - mysql-5.5 5.5.53-0+deb8u1 [03 Nov 2016] DSA-3705-1 curl - security update {CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624} [jessie] - curl 7.38.0-4+deb8u5 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-11-07 05:37:55 UTC (rev 46030) +++ data/dsa-needed.txt 2016-11-07 05:49:36 UTC (rev 46031) @@ -38,10 +38,6 @@ -- mat (jmm) -- -mysql-5.5 - Lars Tangvald prepared an update and the src:mysql-5.5 will be uploaded with -sa - build for jessie-security. --- openjdk-7 (jmm) -- openjpeg2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46030 - data/CVE
Author: carnil Date: 2016-11-07 05:37:55 + (Mon, 07 Nov 2016) New Revision: 46030 Modified: data/CVE/list Log: Add CVE-2016-8632/linux Modified: data/CVE/list === --- data/CVE/list 2016-11-06 23:14:09 UTC (rev 46029) +++ data/CVE/list 2016-11-07 05:37:55 UTC (rev 46030) @@ -1527,6 +1527,8 @@ NOTE: https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/ CVE-2016-8632 RESERVED + - linux + NOTE: https://www.mail-archive.com/netdev@vger.kernel.org/msg133205.html CVE-2016-8631 RESERVED NOT-FOR-US: OpenShift Enterprise ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46029 - in data: . DLA
Author: pochu Date: 2016-11-06 23:14:09 + (Sun, 06 Nov 2016) New Revision: 46029 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-704-1 for openjdk-7 Modified: data/DLA/list === --- data/DLA/list 2016-11-06 21:46:25 UTC (rev 46028) +++ data/DLA/list 2016-11-06 23:14:09 UTC (rev 46029) @@ -1,3 +1,6 @@ +[07 Nov 2016] DLA-704-1 openjdk-7 - security update + {CVE-2016-5542 CVE-2016-5554 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597} + [wheezy] - openjdk-7 7u111-2.6.7-2~deb7u1 [06 Nov 2016] DLA-703-1 libdatetime-timezone-perl - new upstream version [wheezy] - libdatetime-timezone-perl 1:1.58-1+2016i [06 Nov 2016] DLA-702-1 tzdata - new upstream version Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-11-06 21:46:25 UTC (rev 46028) +++ data/dla-needed.txt 2016-11-06 23:14:09 UTC (rev 46029) @@ -76,9 +76,6 @@ mysql-connector-python NOTE: see http://bugs.debian.org/841677 for current discussion -- -openjdk-7 (Emilio Pozuelo) - NOTE: An updated package is available in experimental (7u111-2.6.7-2) --- openssl NOTE: Kurt Roeckx is working on an update -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46028 - data/CVE
Author: hle Date: 2016-11-06 21:46:25 + (Sun, 06 Nov 2016) New Revision: 46028 Modified: data/CVE/list Log: CVE triage for Xen in wheezy. Modified: data/CVE/list === --- data/CVE/list 2016-11-06 20:57:49 UTC (rev 46027) +++ data/CVE/list 2016-11-06 21:46:25 UTC (rev 46028) @@ -12145,6 +12145,8 @@ [wheezy] - qemu (Minor issue) - qemu-kvm [wheezy] - qemu-kvm (Minor issue) + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1343323 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec @@ -13010,6 +13012,8 @@ [wheezy] - qemu (Minor issue) - qemu-kvm [wheezy] - qemu-kvm (Minor issue) + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1341931 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg00150.html CVE-2016-5234 (Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint ...) @@ -14204,6 +14208,9 @@ [jessie] - qemu (LSI SAS1068 (mptsas) device support added later) [wheezy] - qemu (LSI SAS1068 (mptsas) device support added later) - qemu-kvm (LSI SAS1068 (mptsas) device support added later) + - xen 4.4.0-1 + [wheezy] - xen (Vulnerable code introduced later) + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04027.html NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=e351b82611293683c4cabe4b69b7552bde5d4e2a (v2.6.0-rc0) CVE-2016-4950 @@ -14261,6 +14268,9 @@ [jessie] - qemu (Minor issue) [wheezy] - qemu (VMWare PVSCSI paravirtual device implementation introduced later) - qemu-kvm (VMWare PVSCSI paravirtual device implementation introduced later) + - xen 4.4.0-1 + [wheezy] - xen (Vulnerable code introduced later) + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03774.html NOTE: Introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=881d588a98bf0dce98ddb65c15aa0854c0ac41ed (v1.5.0-rc0) CVE-2016-4951 (The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux ...) @@ -15618,6 +15628,8 @@ [wheezy] - qemu (Minor issue) - qemu-kvm [wheezy] - qemu-kvm (Minor issue) + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05271.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336429 CVE-2016-4453 (The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows ...) @@ -15626,6 +15638,8 @@ [wheezy] - qemu (Minor issue) - qemu-kvm [wheezy] - qemu-kvm (Minor issue) + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05270.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336650 CVE-2016-4452 @@ -15673,6 +15687,8 @@ [wheezy] - qemu (Minor issue; can be fixed along with a future DSA) - qemu-kvm [wheezy] - qemu-kvm (Minor issue; can be fixed along with a future DSA) + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03274.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337505 CVE-2016-4440 (arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the ...) @@ -15687,6 +15703,8 @@ - qemu 1:2.6+dfsg-2 (bug #824856) [jessie] - qemu (Minor issue; can be fixed along with a future DSA) - qemu-kvm + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03273.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337502 CVE-2016-4438 (The REST plugin in Apache Struts 2 2.3.20 through 2.3.28.1 allows ...) @@ -16782,6 +16800,9 @@ [wheezy] - qemu (Minor issue) - qemu-kvm [wheezy] - qemu-kvm (Minor issue) + - xen 4.4.0-1 + [wheezy] - xen (Vulnerable code introduced after 0.14.50, embedded version is 0.10.2) + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02691.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1325129 NOTE: http://www.openwall.com/lists/oss-security/2016/04/18/3 @@ -16872,6 +16893,9 @@ - qemu 1:2.6+dfsg-2 (bug #821062) [jessie] - qemu (Minor issue) - qemu-kvm + - xen 4.4.0-1 +
[Secure-testing-commits] r46026 - data/CVE
Author: carnil Date: 2016-11-06 20:35:27 + (Sun, 06 Nov 2016) New Revision: 46026 Modified: data/CVE/list Log: Add information for CVE-2016-1841 Modified: data/CVE/list === --- data/CVE/list 2016-11-06 20:14:27 UTC (rev 46025) +++ data/CVE/list 2016-11-06 20:35:27 UTC (rev 46026) @@ -23926,10 +23926,12 @@ CVE-2016-1842 (MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS ...) TODO: check CVE-2016-1841 (libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...) - - libxslt - NOTE: (possible) upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=758291 - NOTE: (possible) upstream commit: https://git.gnome.org/browse/libxslt/commit/?id=fc1ff481fd01e9a65a921c542fed68d8c965e8a3 - TODO: check, most likely *not* only Apple specific, clarifying with upstream + - libxslt 1.1.29-1 + [jessie] - libxslt 1.1.28-2+deb8u1 + [wheezy] - libxslt 1.1.26-14.1+deb7u1 + NOTE: upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=758291 + NOTE: upstream commit: https://git.gnome.org/browse/libxslt/commit/?id=fc1ff481fd01e9a65a921c542fed68d8c965e8a3 + TODO: checking with MITRE if association to the CVE is correct, bu seems the only valid one CVE-2016-1840 (Heap-based buffer overflow in the xmlFAParsePosCharGroup function in ...) {DSA-3593-1 DLA-503-1} - libxml2 2.9.3+dfsg1-1.1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46025 - data/CVE
Author: carnil Date: 2016-11-06 20:14:27 + (Sun, 06 Nov 2016) New Revision: 46025 Modified: data/CVE/list Log: Add reference for CVE-2016-8633 Modified: data/CVE/list === --- data/CVE/list 2016-11-06 17:21:47 UTC (rev 46024) +++ data/CVE/list 2016-11-06 20:14:27 UTC (rev 46025) @@ -1524,6 +1524,7 @@ RESERVED - linux NOTE: https://git.kernel.org/linus/667121ace9dbafb368618dbabcf07901c962ddac + NOTE: https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/ CVE-2016-8632 RESERVED CVE-2016-8631 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46023 - data/CVE
Author: carnil Date: 2016-11-06 16:35:20 + (Sun, 06 Nov 2016) New Revision: 46023 Modified: data/CVE/list Log: Update information for CVE-2016-8630 Modified: data/CVE/list === --- data/CVE/list 2016-11-06 16:29:29 UTC (rev 46022) +++ data/CVE/list 2016-11-06 16:35:20 UTC (rev 46023) @@ -1532,6 +1532,8 @@ CVE-2016-8630 RESERVED - linux + [jessie] - linux (Vulnerable code introduced later) + [wheezy] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/d9092f52d7e61dd1557f2db2400ddb430e85937e (v4.9-rc4) NOTE: Introduced by: https://git.kernel.org/linus/41061cdb98a0bec464278b4db8e894a3121671f5 (v3.17-rc1) CVE-2016-8629 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46022 - data/CVE
Author: carnil Date: 2016-11-06 16:29:29 + (Sun, 06 Nov 2016) New Revision: 46022 Modified: data/CVE/list Log: Add CVE-2016-8630/linux Modified: data/CVE/list === --- data/CVE/list 2016-11-06 16:26:36 UTC (rev 46021) +++ data/CVE/list 2016-11-06 16:29:29 UTC (rev 46022) @@ -1531,6 +1531,9 @@ NOT-FOR-US: OpenShift Enterprise CVE-2016-8630 RESERVED + - linux + NOTE: Fixed by: https://git.kernel.org/linus/d9092f52d7e61dd1557f2db2400ddb430e85937e (v4.9-rc4) + NOTE: Introduced by: https://git.kernel.org/linus/41061cdb98a0bec464278b4db8e894a3121671f5 (v3.17-rc1) CVE-2016-8629 RESERVED CVE-2016-8628 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46021 - data/CVE
Author: carnil Date: 2016-11-06 16:26:36 + (Sun, 06 Nov 2016) New Revision: 46021 Modified: data/CVE/list Log: Add CVE-2016-8633/linux Modified: data/CVE/list === --- data/CVE/list 2016-11-06 15:08:45 UTC (rev 46020) +++ data/CVE/list 2016-11-06 16:26:36 UTC (rev 46021) @@ -1522,6 +1522,8 @@ NOTE: http://projects.theforeman.org/issues/17195 CVE-2016-8633 RESERVED + - linux + NOTE: https://git.kernel.org/linus/667121ace9dbafb368618dbabcf07901c962ddac CVE-2016-8632 RESERVED CVE-2016-8631 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46020 - in data: . CVE
Author: agx Date: 2016-11-06 15:08:45 + (Sun, 06 Nov 2016) New Revision: 46020 Modified: data/CVE/list data/dla-needed.txt Log: lts: triage dokuwiki Modified: data/CVE/list === --- data/CVE/list 2016-11-06 10:44:15 UTC (rev 46019) +++ data/CVE/list 2016-11-06 15:08:45 UTC (rev 46020) @@ -3996,6 +3996,7 @@ TODO: check CVE-2016-7964 (The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php ...) - dokuwiki + [wheezy] - dokuwiki (Minor issue) NOTE: https://github.com/splitbrain/dokuwiki/issues/1708 TODO: check CVE-2016-7963 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-11-06 10:44:15 UTC (rev 46019) +++ data/dla-needed.txt 2016-11-06 15:08:45 UTC (rev 46020) @@ -14,6 +14,9 @@ curl (Thorsten Alteholz) NOTE: not all patches seem to be in the final state -- +dokuwiki + NOTE: upstream marked CVE-2016-7965 as WONTFIX +-- dwarfutils NOTE: New round of CVEs not seemingly covered by DLA 669-1. -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46019 - data
Author: lamby Date: 2016-11-06 10:44:15 + (Sun, 06 Nov 2016) New Revision: 46019 Modified: data/dla-needed.txt Log: Claim python-imaging in data/dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-11-06 10:38:56 UTC (rev 46018) +++ data/dla-needed.txt 2016-11-06 10:44:15 UTC (rev 46019) @@ -90,7 +90,7 @@ -- python-django (Brian May) -- -python-imaging +python-imaging (Chris Lamb) -- sendmail -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46017 - in data: . DLA
Author: pochu Date: 2016-11-06 10:36:49 + (Sun, 06 Nov 2016) New Revision: 46017 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-702-1 for tzdata Modified: data/DLA/list === --- data/DLA/list 2016-11-06 08:40:09 UTC (rev 46016) +++ data/DLA/list 2016-11-06 10:36:49 UTC (rev 46017) @@ -1,3 +1,5 @@ +[06 Nov 2016] DLA-702-1 tzdata - security update + [wheezy] - tzdata 2016i-0+deb7u1 [05 Nov 2016] DLA-701-1 memcached - security update {CVE-2013-7291 CVE-2016-8704 CVE-2016-8705 CVE-2016-8706} [wheezy] - memcached 1.4.13-0.2+deb7u2 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-11-06 08:40:09 UTC (rev 46016) +++ data/dla-needed.txt 2016-11-06 10:36:49 UTC (rev 46017) @@ -102,5 +102,3 @@ -- tomcat7 (Markus Koschany) -- -tzdata (Emilio Pozuelo) --- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46018 - in data: . DLA
Author: pochu Date: 2016-11-06 10:38:56 + (Sun, 06 Nov 2016) New Revision: 46018 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-703-1 for libdatetime-timezone-perl Modified: data/DLA/list === --- data/DLA/list 2016-11-06 10:36:49 UTC (rev 46017) +++ data/DLA/list 2016-11-06 10:38:56 UTC (rev 46018) @@ -1,4 +1,6 @@ -[06 Nov 2016] DLA-702-1 tzdata - security update +[06 Nov 2016] DLA-703-1 libdatetime-timezone-perl - new upstream version + [wheezy] - libdatetime-timezone-perl 1:1.58-1+2016i +[06 Nov 2016] DLA-702-1 tzdata - new upstream version [wheezy] - tzdata 2016i-0+deb7u1 [05 Nov 2016] DLA-701-1 memcached - security update {CVE-2013-7291 CVE-2016-8704 CVE-2016-8705 CVE-2016-8706} Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-11-06 10:36:49 UTC (rev 46017) +++ data/dla-needed.txt 2016-11-06 10:38:56 UTC (rev 46018) @@ -44,8 +44,6 @@ NOTE: Upstream should provide new point-releases fixing open security issues in the next months. NOTE: Lots of CVEs are open, this is going to take some time. (See debian-lts ML) -- -libdatetime-timezone-perl (Emilio Pozuelo) --- libical NOTE: issues are currently not public, but https://marc.info/?l=oss-security=146685931517961=2 claims ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46016 - data/packages
Author: sectracker Date: 2016-11-06 08:40:09 + (Sun, 06 Nov 2016) New Revision: 46016 Modified: data/packages/removed-packages Log: These packages have been removed Modified: data/packages/removed-packages === --- data/packages/removed-packages 2016-11-06 00:28:12 UTC (rev 46015) +++ data/packages/removed-packages 2016-11-06 08:40:09 UTC (rev 46016) @@ -585,3 +585,4 @@ php-zend-xml php-smb webgui +llvm-toolchain-3.6 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits