[Secure-testing-commits] r46818 - data/CVE
Author: carnil Date: 2016-12-06 07:37:44 + (Tue, 06 Dec 2016) New Revision: 46818 Modified: data/CVE/list Log: Reference the proposed patch for CVE-2016-9844 Modified: data/CVE/list === --- data/CVE/list 2016-12-06 06:33:14 UTC (rev 46817) +++ data/CVE/list 2016-12-06 07:37:44 UTC (rev 46818) @@ -560,6 +560,7 @@ - unzip NOTE: https://launchpad.net/bugs/1643750 NOTE: http://www.openwall.com/lists/oss-security/2016/12/05/13 + NOTE: Proposed patch in http://www.openwall.com/lists/oss-security/2016/12/05/19 CVE-2014-9913 - unzip NOTE: http://www.openwall.com/lists/oss-security/2014/11/03/5 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46817 - data/CVE
Author: carnil Date: 2016-12-06 06:33:14 + (Tue, 06 Dec 2016) New Revision: 46817 Modified: data/CVE/list Log: Add bug reference for gitlab issue Modified: data/CVE/list === --- data/CVE/list 2016-12-06 06:33:04 UTC (rev 46816) +++ data/CVE/list 2016-12-06 06:33:14 UTC (rev 46817) @@ -6774,7 +6774,7 @@ RESERVED CVE-2016-9469 [Denial-of-Service and Data Corruption Vulnerability in Issue and Merge Request Trackers] RESERVED - - gitlab + - gitlab (bug #847157) NOTE: https://about.gitlab.com/2016/12/05/cve-2016-9469/ NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/25064 CVE-2016-9468 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46816 - data/CVE
Author: carnil Date: 2016-12-06 06:33:04 + (Tue, 06 Dec 2016) New Revision: 46816 Modified: data/CVE/list Log: Add bug reference for spip issue Modified: data/CVE/list === --- data/CVE/list 2016-12-06 06:19:40 UTC (rev 46815) +++ data/CVE/list 2016-12-06 06:33:04 UTC (rev 46816) @@ -7927,7 +7927,7 @@ RESERVED CVE-2016-9152 [cross-site scripting] RESERVED - - spip + - spip (bug #847156) NOTE: https://core.spip.net/projects/spip/repository/revisions/23290 CVE-2016-9151 (Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x ...) NOT-FOR-US: PAN-OS ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46815 - data/CVE
Author: carnil Date: 2016-12-06 06:19:40 + (Tue, 06 Dec 2016) New Revision: 46815 Modified: data/CVE/list Log: Add CVE-2016-9469 Modified: data/CVE/list === --- data/CVE/list 2016-12-06 06:11:41 UTC (rev 46814) +++ data/CVE/list 2016-12-06 06:19:40 UTC (rev 46815) @@ -6772,8 +6772,11 @@ RESERVED CVE-2016-9470 RESERVED -CVE-2016-9469 +CVE-2016-9469 [Denial-of-Service and Data Corruption Vulnerability in Issue and Merge Request Trackers] RESERVED + - gitlab + NOTE: https://about.gitlab.com/2016/12/05/cve-2016-9469/ + NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/25064 CVE-2016-9468 RESERVED CVE-2016-9467 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46814 - data/CVE
Author: carnil Date: 2016-12-06 06:11:41 + (Tue, 06 Dec 2016) New Revision: 46814 Modified: data/CVE/list Log: Add CVE-2016-9152 Modified: data/CVE/list === --- data/CVE/list 2016-12-06 06:05:10 UTC (rev 46813) +++ data/CVE/list 2016-12-06 06:11:41 UTC (rev 46814) @@ -7922,8 +7922,10 @@ RESERVED CVE-2016-9153 RESERVED -CVE-2016-9152 +CVE-2016-9152 [cross-site scripting] RESERVED + - spip + NOTE: https://core.spip.net/projects/spip/repository/revisions/23290 CVE-2016-9151 (Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x ...) NOT-FOR-US: PAN-OS CVE-2016-9150 (Buffer overflow in the management web interface in Palo Alto Networks ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46813 - data/CVE
Author: carnil
Date: 2016-12-06 06:05:10 + (Tue, 06 Dec 2016)
New Revision: 46813
Modified:
data/CVE/list
Log:
CVE-2016-795{1,2}/libxtst fixed in unstable
Modified: data/CVE/list
===
--- data/CVE/list 2016-12-06 06:03:35 UTC (rev 46812)
+++ data/CVE/list 2016-12-06 06:05:10 UTC (rev 46813)
@@ -12071,13 +12071,13 @@
CVE-2016-7952 [for all of the other mishandling of the reply data]
RESERVED
{DLA-686-1}
- - libxtst (low; bug #840444)
+ - libxtst 2:1.2.3-1 (low; bug #840444)
[jessie] - libxtst (Minor issue, will be fixed in a point
release)
NOTE:
https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af3129ec4a7a4f4b54a0d59701beeae3
CVE-2016-7951 [for all of the integer overflows]
RESERVED
{DLA-686-1}
- - libxtst (low; bug #840444)
+ - libxtst 2:1.2.3-1 (low; bug #840444)
[jessie] - libxtst (Minor issue, will be fixed in a point
release)
NOTE:
https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af3129ec4a7a4f4b54a0d59701beeae3
CVE-2016-7950
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46812 - data/CVE
Author: carnil
Date: 2016-12-06 06:03:35 + (Tue, 06 Dec 2016)
New Revision: 46812
Modified:
data/CVE/list
Log:
CVE-2016-794{2,3}/libx11 fixed in unstable
Modified: data/CVE/list
===
--- data/CVE/list 2016-12-06 06:01:56 UTC (rev 46811)
+++ data/CVE/list 2016-12-06 06:03:35 UTC (rev 46812)
@@ -12127,13 +12127,13 @@
CVE-2016-7943
RESERVED
{DLA-684-1}
- - libx11 (low; bug #840439)
+ - libx11 2:1.6.4-1 (low; bug #840439)
[jessie] - libx11 (Minor issue, will be fixed in a point
release)
NOTE:
https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9
CVE-2016-7942
RESERVED
{DLA-684-1}
- - libx11 (low; bug #840439)
+ - libx11 2:1.6.4-1 (low; bug #840439)
[jessie] - libx11 (Minor issue, will be fixed in a point
release)
NOTE:
https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8ea762f94f4c942d898fdeb590a1630c83235c17
CVE-2016-7941
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46811 - data/CVE
Author: carnil
Date: 2016-12-06 06:01:56 + (Tue, 06 Dec 2016)
New Revision: 46811
Modified:
data/CVE/list
Log:
CVE-2016-974{5,6}/libxi fixed in unstable
Modified: data/CVE/list
===
--- data/CVE/list 2016-12-06 05:59:18 UTC (rev 46810)
+++ data/CVE/list 2016-12-06 06:01:56 UTC (rev 46811)
@@ -12107,14 +12107,14 @@
CVE-2016-7946 [for all of the other mishandling of the reply data]
RESERVED
{DLA-685-1}
- - libxi (low; bug #840440)
+ - libxi 2:1.7.8-1 (low; bug #840440)
[jessie] - libxi (Minor issue, will be fixed in a point
release)
NOTE:
https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5
NOTE: Regression: https://bugs.freedesktop.org/98204
CVE-2016-7945 [or all of the integer overflows]
RESERVED
{DLA-685-1}
- - libxi (low; bug #840440)
+ - libxi 2:1.7.8-1 (low; bug #840440)
[jessie] - libxi (Minor issue, will be fixed in a point
release)
NOTE:
https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5
NOTE: Regression: https://bugs.freedesktop.org/98204
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46809 - data/CVE
Author: carnil Date: 2016-12-06 05:51:33 + (Tue, 06 Dec 2016) New Revision: 46809 Modified: data/CVE/list Log: Add CVE-2016-9846 Modified: data/CVE/list === --- data/CVE/list 2016-12-06 05:43:03 UTC (rev 46808) +++ data/CVE/list 2016-12-06 05:51:33 UTC (rev 46809) @@ -534,6 +534,11 @@ RESERVED CVE-2016-9757 RESERVED +CVE-2016-9846 [display: virtio-gpu: memory leakage while updating cursor] + - qemu + - qemu-kvm + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00029.html + TODO: check affected versions CVE-2016-9843 - zlib NOTE: https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46808 - data/CVE
Author: carnil Date: 2016-12-06 05:43:03 + (Tue, 06 Dec 2016) New Revision: 46808 Modified: data/CVE/list Log: Add four new zlib CVEs, probably no-dsa Modified: data/CVE/list === --- data/CVE/list 2016-12-06 05:38:00 UTC (rev 46807) +++ data/CVE/list 2016-12-06 05:43:03 UTC (rev 46808) @@ -534,6 +534,18 @@ RESERVED CVE-2016-9757 RESERVED +CVE-2016-9843 + - zlib + NOTE: https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811 +CVE-2016-9842 + - zlib + NOTE: https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958 +CVE-2016-9841 + - zlib + NOTE: https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb +CVE-2016-9840 + - zlib + NOTE: https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0 CVE-2016-9844 [zipinfo buffer overflow] - unzip NOTE: https://launchpad.net/bugs/1643750 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46807 - data/CVE
Author: carnil Date: 2016-12-06 05:38:00 + (Tue, 06 Dec 2016) New Revision: 46807 Modified: data/CVE/list Log: Two CVEs for unzip allocated Modified: data/CVE/list === --- data/CVE/list 2016-12-06 05:36:24 UTC (rev 46806) +++ data/CVE/list 2016-12-06 05:38:00 UTC (rev 46807) @@ -534,10 +534,13 @@ RESERVED CVE-2016-9757 RESERVED -CVE-2016- [zipinfo buffer overflow] +CVE-2016-9844 [zipinfo buffer overflow] - unzip NOTE: https://launchpad.net/bugs/1643750 - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/05/13 + NOTE: http://www.openwall.com/lists/oss-security/2016/12/05/13 +CVE-2014-9913 + - unzip + NOTE: http://www.openwall.com/lists/oss-security/2014/11/03/5 CVE-2016- [heap-based buffer overflow in TIFFFillStrip (tif_read.c)] - tiff (bug #846837) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2608 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46806 - data/CVE
Author: carnil Date: 2016-12-06 05:36:24 + (Tue, 06 Dec 2016) New Revision: 46806 Modified: data/CVE/list Log: Add note why CVE-216-8655 is not critical for Debian Modified: data/CVE/list === --- data/CVE/list 2016-12-06 05:33:36 UTC (rev 46805) +++ data/CVE/list 2016-12-06 05:36:24 UTC (rev 46806) @@ -9407,6 +9407,7 @@ NOTE: http://seclists.org/oss-sec/2016/q4/607 NOTE: Introduced by: https://git.kernel.org/linus/f6fb8f100b807378fda19e83e5ac6828b638603a (v3.2-rc1) NOTE: Fixed by: https://git.kernel.org/linus/84ac7260236a49c79eede91617700174c2c19b0c (v4.9-rc8) + NOTE: Non-privileged user namespaces disabled by default, only vulnerable with sysctl kernel.unprivileged_userns_clone=1 CVE-2016-8654 [Heap-based buffer overflow in QMFB code in JPC codec] RESERVED - jasper ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46805 - data/CVE
Author: carnil Date: 2016-12-06 05:33:36 + (Tue, 06 Dec 2016) New Revision: 46805 Modified: data/CVE/list Log: Add CVE-2016-8655 (merged with pabs commit) Modified: data/CVE/list === --- data/CVE/list 2016-12-06 05:26:16 UTC (rev 46804) +++ data/CVE/list 2016-12-06 05:33:36 UTC (rev 46805) @@ -9405,7 +9405,8 @@ RESERVED - linux NOTE: http://seclists.org/oss-sec/2016/q4/607 - NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c + NOTE: Introduced by: https://git.kernel.org/linus/f6fb8f100b807378fda19e83e5ac6828b638603a (v3.2-rc1) + NOTE: Fixed by: https://git.kernel.org/linus/84ac7260236a49c79eede91617700174c2c19b0c (v4.9-rc8) CVE-2016-8654 [Heap-based buffer overflow in QMFB code in JPC codec] RESERVED - jasper ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46804 - data/CVE
Author: pabs Date: 2016-12-06 05:26:16 + (Tue, 06 Dec 2016) New Revision: 46804 Modified: data/CVE/list Log: New Linux local root exploit Modified: data/CVE/list === --- data/CVE/list 2016-12-06 05:19:45 UTC (rev 46803) +++ data/CVE/list 2016-12-06 05:26:16 UTC (rev 46804) @@ -9401,8 +9401,11 @@ CVE-2016-8656 RESERVED NOT-FOR-US: Red Hat JBoss; jbossas init script -CVE-2016-8655 +CVE-2016-8655 [af_packet.c race condition (local root)] RESERVED + - linux + NOTE: http://seclists.org/oss-sec/2016/q4/607 + NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c CVE-2016-8654 [Heap-based buffer overflow in QMFB code in JPC codec] RESERVED - jasper ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46803 - data/CVE
Author: carnil Date: 2016-12-06 05:19:45 + (Tue, 06 Dec 2016) New Revision: 46803 Modified: data/CVE/list Log: Add CVE-2016-9839/mapserver Modified: data/CVE/list === --- data/CVE/list 2016-12-05 21:17:46 UTC (rev 46802) +++ data/CVE/list 2016-12-06 05:19:45 UTC (rev 46803) @@ -448,6 +448,12 @@ RESERVED CVE-2017-2925 RESERVED +CVE-2016-9839 + - mapserver 7.0.3-1 + [jessie] - mapserver (Minor issue) + NOTE: https://lists.osgeo.org/pipermail/mapserver-dev/2016-December/014979.html + NOTE: https://github.com/mapserver/mapserver/pull/4928 + NOTE: https://github.com/mapserver/mapserver/pull/5356 CVE-2016-9838 RESERVED CVE-2016-9837 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46802 - data
Author: bam Date: 2016-12-05 21:17:46 + (Mon, 05 Dec 2016) New Revision: 46802 Modified: data/dla-needed.txt Log: Take phpmyadmin Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-12-05 21:10:13 UTC (rev 46801) +++ data/dla-needed.txt 2016-12-05 21:17:46 UTC (rev 46802) @@ -92,7 +92,7 @@ -- php5 (Thorsten Alteholz) -- -phpmyadmin +phpmyadmin (Brian May) -- potrace -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46801 - data/CVE
Author: sectracker Date: 2016-12-05 21:10:13 + (Mon, 05 Dec 2016) New Revision: 46801 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2016-12-05 20:57:41 UTC (rev 46800) +++ data/CVE/list 2016-12-05 21:10:13 UTC (rev 46801) @@ -1,3 +1,533 @@ +CVE-2017-3149 + RESERVED +CVE-2017-3148 + RESERVED +CVE-2017-3147 + RESERVED +CVE-2017-3146 + RESERVED +CVE-2017-3145 + RESERVED +CVE-2017-3144 + RESERVED +CVE-2017-3143 + RESERVED +CVE-2017-3142 + RESERVED +CVE-2017-3141 + RESERVED +CVE-2017-3140 + RESERVED +CVE-2017-3139 + RESERVED +CVE-2017-3138 + RESERVED +CVE-2017-3137 + RESERVED +CVE-2017-3136 + RESERVED +CVE-2017-3135 + RESERVED +CVE-2017-3134 + RESERVED +CVE-2017-3133 + RESERVED +CVE-2017-3132 + RESERVED +CVE-2017-3131 + RESERVED +CVE-2017-3130 + RESERVED +CVE-2017-3129 + RESERVED +CVE-2017-3128 + RESERVED +CVE-2017-3127 + RESERVED +CVE-2017-3126 + RESERVED +CVE-2017-3125 + RESERVED +CVE-2017-3124 + RESERVED +CVE-2017-3123 + RESERVED +CVE-2017-3122 + RESERVED +CVE-2017-3121 + RESERVED +CVE-2017-3120 + RESERVED +CVE-2017-3119 + RESERVED +CVE-2017-3118 + RESERVED +CVE-2017-3117 + RESERVED +CVE-2017-3116 + RESERVED +CVE-2017-3115 + RESERVED +CVE-2017-3114 + RESERVED +CVE-2017-3113 + RESERVED +CVE-2017-3112 + RESERVED +CVE-2017-3111 + RESERVED +CVE-2017-3110 + RESERVED +CVE-2017-3109 + RESERVED +CVE-2017-3108 + RESERVED +CVE-2017-3107 + RESERVED +CVE-2017-3106 + RESERVED +CVE-2017-3105 + RESERVED +CVE-2017-3104 + RESERVED +CVE-2017-3103 + RESERVED +CVE-2017-3102 + RESERVED +CVE-2017-3101 + RESERVED +CVE-2017-3100 + RESERVED +CVE-2017-3099 + RESERVED +CVE-2017-3098 + RESERVED +CVE-2017-3097 + RESERVED +CVE-2017-3096 + RESERVED +CVE-2017-3095 + RESERVED +CVE-2017-3094 + RESERVED +CVE-2017-3093 + RESERVED +CVE-2017-3092 + RESERVED +CVE-2017-3091 + RESERVED +CVE-2017-3090 + RESERVED +CVE-2017-3089 + RESERVED +CVE-2017-3088 + RESERVED +CVE-2017-3087 + RESERVED +CVE-2017-3086 + RESERVED +CVE-2017-3085 + RESERVED +CVE-2017-3084 + RESERVED +CVE-2017-3083 + RESERVED +CVE-2017-3082 + RESERVED +CVE-2017-3081 + RESERVED +CVE-2017-3080 + RESERVED +CVE-2017-3079 + RESERVED +CVE-2017-3078 + RESERVED +CVE-2017-3077 + RESERVED +CVE-2017-3076 + RESERVED +CVE-2017-3075 + RESERVED +CVE-2017-3074 + RESERVED +CVE-2017-3073 + RESERVED +CVE-2017-3072 + RESERVED +CVE-2017-3071 + RESERVED +CVE-2017-3070 + RESERVED +CVE-2017-3069 + RESERVED +CVE-2017-3068 + RESERVED +CVE-2017-3067 + RESERVED +CVE-2017-3066 + RESERVED +CVE-2017-3065 + RESERVED +CVE-2017-3064 + RESERVED +CVE-2017-3063 + RESERVED +CVE-2017-3062 + RESERVED +CVE-2017-3061 + RESERVED +CVE-2017-3060 + RESERVED +CVE-2017-3059 + RESERVED +CVE-2017-3058 + RESERVED +CVE-2017-3057 + RESERVED +CVE-2017-3056 + RESERVED +CVE-2017-3055 + RESERVED +CVE-2017-3054 + RESERVED +CVE-2017-3053 + RESERVED +CVE-2017-3052 + RESERVED +CVE-2017-3051 + RESERVED +CVE-2017-3050 + RESERVED +CVE-2017-3049 + RESERVED +CVE-2017-3048 + RESERVED +CVE-2017-3047 + RESERVED +CVE-2017-3046 + RESERVED +CVE-2017-3045 + RESERVED +CVE-2017-3044 + RESERVED +CVE-2017-3043 + RESERVED +CVE-2017-3042 + RESERVED +CVE-2017-3041 + RESERVED +CVE-2017-3040 + RESERVED +CVE-2017-3039 + RESERVED +CVE-2017-3038 + RESERVED +CVE-2017-3037 + RESERVED +CVE-2017-3036 + RESERVED +CVE-2017-3035 + RESERVED +CVE-2017-3034 + RESERVED +CVE-2017-3033 + RESERVED +CVE-2017-3032 + RESERVED +CVE-2017-3031 + RESERVED +CVE-2017-3030 + RESERVED +CVE-2017-3029 + RESERVED +CVE-2017-3028 + RESERVED +CVE-2017-3027 + RESERVED +CVE-2017-3026 + RESERVED +CVE-2017-3025 + RESERVED +CVE-2017-3024 + RESERVED +CVE-2017-3023 + RESERVED +CVE-2017-3022 + RESERVED +CVE-2017-3021 + RESERVED +CVE-2017-3020 + RESERVED +CVE-2017-3019 + RESERVED +CVE-2017-3018 + RESERVED +CVE-2017-3017 + RESERVED +CVE-2017-3016 + RESERVED +CVE-2017-3015 + RESERVED +CVE-2017-3014 + RESERVED +CVE-2017-3013 + RESERVED +CVE-2017-3012 + RESERVED +CVE-2017-3011 + RESERVED +CVE-2017-3010 + RESERVED +CVE-2017-3009 + RESERVED +CVE-2017-3008 + RESERVED +CVE-2017-3007 + RESERVED +CVE-2017-3006 + RESERVED +CVE-2017-3005 +
[Secure-testing-commits] r46800 - data/CVE
Author: carnil Date: 2016-12-05 20:57:41 + (Mon, 05 Dec 2016) New Revision: 46800 Modified: data/CVE/list Log: Add bug reference for apache2 Modified: data/CVE/list === --- data/CVE/list 2016-12-05 19:39:46 UTC (rev 46799) +++ data/CVE/list 2016-12-05 20:57:41 UTC (rev 46800) @@ -8369,7 +8369,7 @@ RESERVED CVE-2016-8740 RESERVED - - apache2 + - apache2 (bug #847124) [jessie] - apache2 (Vulnerable code not present) [wheezy] - apache2 (Vulnerable code not present) NOTE: HTTP/2 support introduced in 2.4.17 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46799 - data/CVE
Author: carnil
Date: 2016-12-05 19:39:46 + (Mon, 05 Dec 2016)
New Revision: 46799
Modified:
data/CVE/list
Log:
CVE-2016-7953 fixed in unstable
Modified: data/CVE/list
===
--- data/CVE/list 2016-12-05 19:39:00 UTC (rev 46798)
+++ data/CVE/list 2016-12-05 19:39:46 UTC (rev 46799)
@@ -11465,7 +11465,7 @@
CVE-2016-7953
RESERVED
{DLA-671-1}
- - libxvmc (low; bug #840445)
+ - libxvmc 2:1.0.10-1 (low; bug #840445)
[jessie] - libxvmc (Minor issue, will be fixed in a point
release)
NOTE:
https://cgit.freedesktop.org/xorg/lib/libXvMC/commit/?id=2cd95e7da8367cccdcdd5c9b160012d1dec5cbdb
CVE-2016-7952 [for all of the other mishandling of the reply data]
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46798 - data/CVE
Author: carnil
Date: 2016-12-05 19:39:00 + (Mon, 05 Dec 2016)
New Revision: 46798
Modified:
data/CVE/list
Log:
CVE-2016-5407 fixed in unstable
Modified: data/CVE/list
===
--- data/CVE/list 2016-12-05 19:38:19 UTC (rev 46797)
+++ data/CVE/list 2016-12-05 19:39:00 UTC (rev 46798)
@@ -19511,7 +19511,7 @@
CVE-2016-5407 [Insufficient validation of server responses results in out-of
bounds accesses]
RESERVED
{DLA-667-1}
- - libxv (low; bug #840438)
+ - libxv 2:1.0.11-1 (low; bug #840438)
[jessie] - libxv (Minor issue, will be fixed in a point
release)
NOTE:
https://cgit.freedesktop.org/xorg/lib/libXv/commit/?id=d9da580b46a28ab497de2e94fdc7b9ff953dab17
CVE-2016-5406 (The domain controller in Red Hat JBoss Enterprise Application
Platform ...)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46797 - data/CVE
Author: carnil
Date: 2016-12-05 19:38:19 + (Mon, 05 Dec 2016)
New Revision: 46797
Modified:
data/CVE/list
Log:
Mark CVE-2016-7949 and CVE-2016-7950 as fixed with unstable upload
Modified: data/CVE/list
===
--- data/CVE/list 2016-12-05 19:37:04 UTC (rev 46796)
+++ data/CVE/list 2016-12-05 19:38:19 UTC (rev 46797)
@@ -11483,13 +11483,13 @@
CVE-2016-7950
RESERVED
{DLA-664-1}
- - libxrender (low; bug #840443)
+ - libxrender 1:0.9.10-1 (low; bug #840443)
[jessie] - libxrender (Minor issue, will be fixed in a point
release)
NOTE:
https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=8fad00b0b647ee662ce4737ca15be033b7a21714
CVE-2016-7949
RESERVED
{DLA-664-1}
- - libxrender (low; bug #840443)
+ - libxrender 1:0.9.10-1 (low; bug #840443)
[jessie] - libxrender (Minor issue, will be fixed in a point
release)
NOTE:
https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=9362c7ddd1af3b168953d0737877bc52d79c94f4
CVE-2016-7948 [for all of the other mishandling of the reply data]
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46796 - data/CVE
Author: carnil
Date: 2016-12-05 19:37:04 + (Mon, 05 Dec 2016)
New Revision: 46796
Modified:
data/CVE/list
Log:
Add fixing version for CVE-2016-7944
Modified: data/CVE/list
===
--- data/CVE/list 2016-12-05 19:36:01 UTC (rev 46795)
+++ data/CVE/list 2016-12-05 19:37:04 UTC (rev 46796)
@@ -11521,7 +11521,7 @@
CVE-2016-7944
RESERVED
{DLA-654-1}
- - libxfixes (low; bug #840442)
+ - libxfixes 1:5.0.3-1 (low; bug #840442)
[jessie] - libxfixes (Minor issue, will be fixed in a point
release)
NOTE:
https://cgit.freedesktop.org/xorg/lib/libXfixes/commit/?id=61c1039ee23a2d1de712843bed3480654d7ef42e
CVE-2016-7943
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46795 - data/CVE
Author: carnil Date: 2016-12-05 19:36:01 + (Mon, 05 Dec 2016) New Revision: 46795 Modified: data/CVE/list Log: CVE-2015-6925/wolfssl fixed in unstable Modified: data/CVE/list === --- data/CVE/list 2016-12-05 17:56:35 UTC (rev 46794) +++ data/CVE/list 2016-12-05 19:36:01 UTC (rev 46795) @@ -42448,7 +42448,7 @@ CVE-2015-6926 RESERVED CVE-2015-6925 (wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to ...) - - wolfssl (bug #801120) + - wolfssl 3.9.10+dfsg-1 (bug #801120) CVE-2015-6924 RESERVED CVE-2015-6923 (The ndvbs module in VBox Communications Satellite Express Protocol ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46794 - data/CVE
Author: luciano Date: 2016-12-05 17:56:35 + (Mon, 05 Dec 2016) New Revision: 46794 Modified: data/CVE/list Log: easy TODOs Modified: data/CVE/list === --- data/CVE/list 2016-12-05 17:29:37 UTC (rev 46793) +++ data/CVE/list 2016-12-05 17:56:35 UTC (rev 46794) @@ -7322,7 +7322,7 @@ CVE-2016-9156 RESERVED CVE-2016-9155 (The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, ...) - TODO: check + NOT-FOR-US: Siemens CVE-2016-9154 RESERVED CVE-2016-9153 @@ -8085,7 +8085,7 @@ CVE-2016-8890 RESERVED CVE-2016-8889 (In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 ...) - TODO: check + NOT-FOR-US: Bitcoin Knots CVE-2016- RESERVED CVE-2016-8879 (The thumbnail shell extension plugin (FoxitThumbnailHndlr_x86.dll) in ...) @@ -8224,21 +8224,21 @@ CVE-2016-8813 RESERVED CVE-2016-8812 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce ...) - TODO: check + NOT-FOR-US: Nvidia Windows driver CVE-2016-8811 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU ...) - TODO: check + NOT-FOR-US: Nvidia Windows driver CVE-2016-8810 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU ...) - TODO: check + NOT-FOR-US: Nvidia Windows driver CVE-2016-8809 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU ...) - TODO: check + NOT-FOR-US: Nvidia Windows driver CVE-2016-8808 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU ...) - TODO: check + NOT-FOR-US: Nvidia Windows driver CVE-2016-8807 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU ...) - TODO: check + NOT-FOR-US: Nvidia Windows driver CVE-2016-8806 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU ...) - TODO: check + NOT-FOR-US: Nvidia Windows driver CVE-2016-8805 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU ...) - TODO: check + NOT-FOR-US: Nvidia Windows driver CVE-2016-8804 RESERVED CVE-2016-8803 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46793 - data/CVE
Author: luciano Date: 2016-12-05 17:29:37 + (Mon, 05 Dec 2016) New Revision: 46793 Modified: data/CVE/list Log: easy TODOs Modified: data/CVE/list === --- data/CVE/list 2016-12-05 17:14:48 UTC (rev 46792) +++ data/CVE/list 2016-12-05 17:29:37 UTC (rev 46793) @@ -5754,17 +5754,18 @@ CVE-2016-9568 RESERVED CVE-2016-9567 (The mDNIe system service on Samsung Mobile S7 devices with M(6.0) ...) - TODO: check + NOT-FOR-US: Samsung CVE-2016-9566 RESERVED CVE-2016-9565 RESERVED CVE-2016-9564 (Buffer overflow in send_redirect() in Boa Webserver 0.92r allows ...) - TODO: check + - boa (the vuln was removed in 0.93.14) + NOTE: http://www.ljcusack.io/cve-2016-9564-stack-based-buffer-overflow-in-boa-0-dot-92r CVE-2016-9563 (BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated ...) - TODO: check + NOT-FOR-US: SAP CVE-2016-9562 (SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of ...) - TODO: check + NOT-FOR-US: SAP CVE-2016-9561 RESERVED CVE-2016-9554 @@ -6146,7 +6147,7 @@ - linux 4.8.11-1 NOTE: Fixed by: https://git.kernel.org/linus/bf911e985d6bbaa328c20c3e05f4eb03de11fdd6 (4.9-rc4) CVE-2016-9481 (In framework/modules/core/controllers/expCommentController.php of ...) - TODO: check + NOT-FOR-US: Exponent CMS CVE-2016-9480 (libdwarf 2016-10-21 allows context-dependent attackers to obtain ...) - dwarfutils 20161124-1 [jessie] - dwarfutils (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46792 - data/CVE
Author: luciano Date: 2016-12-05 17:14:48 + (Mon, 05 Dec 2016) New Revision: 46792 Modified: data/CVE/list Log: CVE-2016-9752 and CVE-2016-9751 Modified: data/CVE/list === --- data/CVE/list 2016-12-05 16:45:42 UTC (rev 46791) +++ data/CVE/list 2016-12-05 17:14:48 UTC (rev 46792) @@ -4179,9 +4179,11 @@ CVE-2016-9753 RESERVED CVE-2016-9752 (In Serendipity before 2.0.5, an attacker can bypass SSRF protection by ...) - TODO: check + NOT-FOR-US: Serendipity CVE-2016-9751 (Cross-site scripting (XSS) vulnerability in the search results front ...) - TODO: check + - piwigo + [squeeze] - piwigo (Unsupported in squeeze-lts) + NOTE: Request to mark the package as unsupported in #779104 CVE-2016-9750 RESERVED CVE-2016-9749 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46791 - data/CVE
Author: carnil Date: 2016-12-05 16:45:42 + (Mon, 05 Dec 2016) New Revision: 46791 Modified: data/CVE/list Log: Add bluez issues Modified: data/CVE/list === --- data/CVE/list 2016-12-05 16:36:05 UTC (rev 46790) +++ data/CVE/list 2016-12-05 16:45:42 UTC (rev 46791) @@ -5312,6 +5312,30 @@ RESERVED CVE-2017-0381 RESERVED +CVE-2016-9804 [buffer overflow in commands_dump()] + - bluez + NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html +CVE-2016-9803 [out-of-bounds read in le_meta_ev_dump()] + - bluez + NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html +CVE-2016-9802 [buffer over-read in l2cap_packet()] + - bluez + NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68898.html +CVE-2016-9801 [buffer overflow in set_ext_ctrl()] + - bluez + NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html +CVE-2016-9800 [buffer overflow in pin_code_reply_dump()] + - bluez + NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html +CVE-2016-9799 [buffer overflow in pklg_read_hci()] + - bluez + NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68898.html +CVE-2016-9798 [use-after-free in conf_opt()] + - bluez + NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html +CVE-2016-9797 [bluez: buffer over-read in l2cap_dump()] + - bluez + NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html CVE-2016-9794 [Linux kernel: ALSA: use-after-free in,kill_fasync] - linux 4.7.2-1 NOTE: https://patchwork.kernel.org/patch/8752621/ ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46787 - data/CVE
Author: carnil
Date: 2016-12-05 16:02:52 + (Mon, 05 Dec 2016)
New Revision: 46787
Modified:
data/CVE/list
Log:
Add information for CVE-2016-9806
Modified: data/CVE/list
===
--- data/CVE/list 2016-12-05 15:57:46 UTC (rev 46786)
+++ data/CVE/list 2016-12-05 16:02:52 UTC (rev 46787)
@@ -5980,8 +5980,8 @@
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774859
NOTE:
https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
CVE-2016-9806 [double free in netlink_dump]
- - linux
- NOTE: Fixed by:
https://git.kernel.org/linus/92964c79b357efd980812c4de5c1fd2ec8bb5520
+ - linux 4.6.3-1
+ NOTE: Fixed by:
https://git.kernel.org/linus/92964c79b357efd980812c4de5c1fd2ec8bb5520 (v4.7-rc1)
CVE-2016-9636
RESERVED
{DSA-3724-1 DSA-3723-1 DLA-727-1}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46785 - data/CVE
Author: carnil
Date: 2016-12-05 15:53:23 + (Mon, 05 Dec 2016)
New Revision: 46785
Modified:
data/CVE/list
Log:
CVE-2016-930{0,1,2} should be rejected, notified MITRE
Modified: data/CVE/list
===
--- data/CVE/list 2016-12-05 14:04:23 UTC (rev 46784)
+++ data/CVE/list 2016-12-05 15:53:23 UTC (rev 46785)
@@ -6915,16 +6915,19 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/11/13/1
CVE-2016-9300 [maradns: remote crash bug in MaraDNS 2.0.13 js_readuint16]
RESERVED
- - maradns (bug #844121)
+ - maradns (bug #844121; unimportant)
NOTE: http://www.openwall.com/lists/oss-security/2016/11/12/3
+ NOTE: To be rejected, until then marked unimportant as not affecting
maradns binary packages, only "patched" maradns
CVE-2016-9301 [maradns: remote crash bug in MaraDNS 2.0.13 js_substr]
RESERVED
- - maradns (bug #844121)
+ - maradns (bug #844121; unimportant)
NOTE: http://www.openwall.com/lists/oss-security/2016/11/12/3
+ NOTE: To be rejected, until then marked unimportant as not affecting
maradns binary packages, only "patched" maradns
CVE-2016-9302 [maradns: remote crash bug in MaraDNS 2.0.13 process_query]
RESERVED
- - maradns (bug #844121)
+ - maradns (bug #844121; unimportant)
NOTE: http://www.openwall.com/lists/oss-security/2016/11/12/3
+ NOTE: To be rejected, until then marked unimportant as not affecting
maradns binary packages, only "patched" maradns
CVE-2016-9297 [libtiff/tif_dirread.c read outside buffer in _TIFFPrintField()]
RESERVED
{DLA-716-1}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46789 - data/CVE
Author: carnil Date: 2016-12-05 16:13:12 + (Mon, 05 Dec 2016) New Revision: 46789 Modified: data/CVE/list Log: Correct a version string for dovecot Modified: data/CVE/list === --- data/CVE/list 2016-12-05 16:11:55 UTC (rev 46788) +++ data/CVE/list 2016-12-05 16:13:12 UTC (rev 46789) @@ -8814,8 +8814,8 @@ CVE-2016-8652 RESERVED - dovecot (bug #846605) - [jessie] - dovecot (Only affects 2.2.25.1 up and including 2.2.26.1) - [wheezy] - dovecot (Only affects 2.2.25.1 up and including 2.2.26.1) + [jessie] - dovecot (Only affects 2.2.25 up and including 2.2.26.1) + [wheezy] - dovecot (Only affects 2.2.25 up and including 2.2.26.1) CVE-2016-8651 RESERVED CVE-2016-8650 (The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46788 - data/CVE
Author: carnil
Date: 2016-12-05 16:11:55 + (Mon, 05 Dec 2016)
New Revision: 46788
Modified:
data/CVE/list
Log:
Updates for CVE-2016-981{5,6,7,8}/xen
Modified: data/CVE/list
===
--- data/CVE/list 2016-12-05 16:02:52 UTC (rev 46787)
+++ data/CVE/list 2016-12-05 16:11:55 UTC (rev 46788)
@@ -54,19 +54,23 @@
NOTE:
https://github.com/asarubbo/poc/blob/master/00036-libav-leftshift-mpegvideo
CVE-2016-9818
- xen
+ [wheezy] - xen (ARM support introduced in 4.4)
NOTE: https://xenbits.xen.org/xsa/advisory-201.html
NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-4.patch
CVE-2016-9817
- xen
+ [wheezy] - xen (ARM support introduced in 4.4)
NOTE: https://xenbits.xen.org/xsa/advisory-201.html
NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-3.patch
NOTE: or https://xenbits.xen.org/xsa/xsa201-3-4.7.patch
CVE-2016-9816
- xen
+ [wheezy] - xen (ARM support introduced in 4.4)
NOTE: https://xenbits.xen.org/xsa/advisory-201.html
NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-2.patch
CVE-2016-9815
- xen
+ [wheezy] - xen (ARM support introduced in 4.4)
NOTE: https://xenbits.xen.org/xsa/advisory-201.html
NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-1.patch
CVE-2016-9814 [simplesamlphp signature validation SSPSA 201612-01]
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46784 - data/CVE
Author: carnil Date: 2016-12-05 14:04:23 + (Mon, 05 Dec 2016) New Revision: 46784 Modified: data/CVE/list Log: Add CVE-2016-8740 Modified: data/CVE/list === --- data/CVE/list 2016-12-05 11:59:13 UTC (rev 46783) +++ data/CVE/list 2016-12-05 14:04:23 UTC (rev 46784) @@ -8328,6 +8328,10 @@ RESERVED CVE-2016-8740 RESERVED + - apache2 +[jessie] - apache2 (Vulnerable code not present) +[wheezy] - apache2 (Vulnerable code not present) +NOTE: HTTP/2 support introduced in 2.4.17 CVE-2016-8739 RESERVED CVE-2016-8738 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46783 - data/CVE
Author: lamby Date: 2016-12-05 11:59:13 + (Mon, 05 Dec 2016) New Revision: 46783 Modified: data/CVE/list Log: Add bug for CVE-2016-9830/graphicsmagick. Modified: data/CVE/list === --- data/CVE/list 2016-12-05 09:33:00 UTC (rev 46782) +++ data/CVE/list 2016-12-05 11:59:13 UTC (rev 46783) @@ -9,7 +9,7 @@ - ming NOTE: https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_rgba-parser-c CVE-2016-9830 [memory allocation failure in MagickRealloc] - - graphicsmagick + - graphicsmagick (bug #847055) NOTE: https://blogs.gentoo.org/ago/2016/12/01/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c CVE-2016-9829 [listswf: heap-based buffer overflow in parseSWF_DEFINEFONT (parser.c)] - ming ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46782 - data
Author: seb Date: 2016-12-05 09:33:00 + (Mon, 05 Dec 2016) New Revision: 46782 Modified: data/dsa-needed.txt Log: Take tomcat8 from dsa-needed.txt Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-12-05 09:08:49 UTC (rev 46781) +++ data/dsa-needed.txt 2016-12-05 09:33:00 UTC (rev 46782) @@ -45,7 +45,9 @@ -- tomcat7 -- -tomcat8 +tomcat8 (seb) + Emmanuel Bourg provided updated patch, need to review and ack for + upload. -- xen Test packages: https://people.debian.org/~carnil/tmp/xen/ ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46781 - data
Author: lamby Date: 2016-12-05 09:08:49 + (Mon, 05 Dec 2016) New Revision: 46781 Modified: data/dla-needed.txt Log: Triage graphicsmagick for LTS Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-12-05 08:56:28 UTC (rev 46780) +++ data/dla-needed.txt 2016-12-05 09:08:49 UTC (rev 46781) @@ -15,10 +15,12 @@ botan1.10 NOTE: Jessie has almost identical code. Looks hard to exploit but worth fixing. -- -gst-plugins-base0.10 (Emilio Pozuelo) +graphicsmagick -- gst-plugins-bad0.10 (Emilio Pozuelo) -- +gst-plugins-base0.10 (Emilio Pozuelo) +-- hdf5 (Thorsten Alteholz) -- icedove (Guido Günther) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46780 - data
Author: pochu Date: 2016-12-05 08:56:28 + (Mon, 05 Dec 2016) New Revision: 46780 Modified: data/dla-needed.txt Log: add gst-plugins-base0.10 and gst-plugins-bad0.10 to dla-needed Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-12-05 06:34:29 UTC (rev 46779) +++ data/dla-needed.txt 2016-12-05 08:56:28 UTC (rev 46780) @@ -15,6 +15,10 @@ botan1.10 NOTE: Jessie has almost identical code. Looks hard to exploit but worth fixing. -- +gst-plugins-base0.10 (Emilio Pozuelo) +-- +gst-plugins-bad0.10 (Emilio Pozuelo) +-- hdf5 (Thorsten Alteholz) -- icedove (Guido Günther) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
