date:20161206

[Secure-testing-commits] r46846 - data/CVE

2016-12-06 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-12-07 07:57:24 + (Wed, 07 Dec 2016)
New Revision: 46846

Modified:
   data/CVE/list
Log:
Update more allocated CVEs for phpmyadmin

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-07 07:53:27 UTC (rev 46845)
+++ data/CVE/list   2016-12-07 07:57:24 UTC (rev 46846)
@@ -163,28 +163,6 @@
NOTE: 
https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
NOTE: Fixed by: 
https://github.com/roundcube/roundcubemail/commit/f84233785ddeed01445fc855f3ae1e8a62f167e1
NOTE: CVE has been already requested by discoverer of the issue and 
will be published "shortly"
-CVE-2016-9857
-   RESERVED
-CVE-2016-9856
-   RESERVED
-CVE-2016-9855
-   RESERVED
-CVE-2016-9854
-   RESERVED
-CVE-2016-9853
-   RESERVED
-CVE-2016-9852
-   RESERVED
-CVE-2016-9851
-   RESERVED
-CVE-2016-9850
-   RESERVED
-CVE-2016-9849
-   RESERVED
-CVE-2016-9848
-   RESERVED
-CVE-2016-9847
-   RESERVED
 CVE-2016- [cross-site scripting vulnerability]
- html5lib 0.9-1
[jessie] - html5lib  (Minor issue)
@@ -6712,32 +6690,47 @@
- phpmyadmin 4:4.1.7-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-57/
NOTE: may affect wheezy only.
-CVE-2016- [phpMyAdmin PMASA-2016-58]
+CVE-2016-9847 [phpMyAdmin PMASA-2016-58]
- phpmyadmin 4:4.6.5.1-1 (unimportant)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-58/
NOTE: Debian packaging generates blowfish secret
-CVE-2016- [phpMyAdmin PMASA-2016-59]
+CVE-2016-9848 [phpMyAdmin PMASA-2016-59]
- phpmyadmin 4:4.6.5.1-1 (unimportant)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-59/
NOTE: disabled by default, debugging setting required
-CVE-2016- [phpMyAdmin PMASA-2016-60]
+CVE-2016-9849 [phpMyAdmin PMASA-2016-60]
- phpmyadmin 4:4.6.5.1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-60/
-CVE-2016- [phpMyAdmin PMASA-2016-61]
+CVE-2016-9850 [phpMyAdmin PMASA-2016-61]
- phpmyadmin 4:4.6.5.1-1 (low)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-61/
-CVE-2016- [phpMyAdmin PMASA-2016-62]
+CVE-2016-9851 [phpMyAdmin PMASA-2016-62]
- phpmyadmin 4:4.6.5.1-1 (unimportant)
[jessie] - phpmyadmin  (Vulnerable code not present)
[wheezy] - phpmyadmin  (Vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-62/
-CVE-2016- [phpMyAdmin PMASA-2016-63]
+CVE-2016-9852 [phpMyAdmin PMASA-2016-63]
- phpmyadmin 4:4.6.5.1-1 (unimportant)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/
NOTE: path disclosure not relevant in Debian
-CVE-2016- [phpMyAdmin PMASA-2016-64]
+CVE-2016-9853 [phpMyAdmin PMASA-2016-63]
- phpmyadmin 4:4.6.5.1-1 (unimportant)
+   NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/
+   NOTE: path disclosure not relevant in Debian
+CVE-2016-9854 [phpMyAdmin PMASA-2016-63]
+   - phpmyadmin 4:4.6.5.1-1 (unimportant)
+   NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/
+   NOTE: path disclosure not relevant in Debian
+CVE-2016-9855 [phpMyAdmin PMASA-2016-63]
+   - phpmyadmin 4:4.6.5.1-1 (unimportant)
+   NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/
+   NOTE: path disclosure not relevant in Debian
+CVE-2016-9856 [phpMyAdmin PMASA-2016-64]
+   - phpmyadmin 4:4.6.5.1-1 (unimportant)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-64/
+CVE-2016-9857 [phpMyAdmin PMASA-2016-64]
+   - phpmyadmin 4:4.6.5.1-1 (unimportant)
+   NOTE: https://www.phpmyadmin.net/security/PMASA-2016-64/
 CVE-2016-9858 [phpMyAdmin PMASA-2016-65]
- phpmyadmin 4:4.6.5.1-1 (unimportant)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46845 - data/CVE

2016-12-06 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-12-07 07:53:27 + (Wed, 07 Dec 2016)
New Revision: 46845

Modified:
   data/CVE/list
Log:
Three CVEs allocated for three commits in PMASA-2016-65

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-07 07:51:39 UTC (rev 46844)
+++ data/CVE/list   2016-12-07 07:53:27 UTC (rev 46845)
@@ -163,12 +163,6 @@
NOTE: 
https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
NOTE: Fixed by: 
https://github.com/roundcube/roundcubemail/commit/f84233785ddeed01445fc855f3ae1e8a62f167e1
NOTE: CVE has been already requested by discoverer of the issue and 
will be published "shortly"
-CVE-2016-9860
-   RESERVED
-CVE-2016-9859
-   RESERVED
-CVE-2016-9858
-   RESERVED
 CVE-2016-9857
RESERVED
 CVE-2016-9856
@@ -6744,9 +6738,15 @@
 CVE-2016- [phpMyAdmin PMASA-2016-64]
- phpmyadmin 4:4.6.5.1-1 (unimportant)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-64/
-CVE-2016- [phpMyAdmin PMASA-2016-65]
+CVE-2016-9858 [phpMyAdmin PMASA-2016-65]
- phpmyadmin 4:4.6.5.1-1 (unimportant)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/
+CVE-2016-9859 [phpMyAdmin PMASA-2016-65]
+   - phpmyadmin 4:4.6.5.1-1 (unimportant)
+   NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/
+CVE-2016-9860 [phpMyAdmin PMASA-2016-65]
+   - phpmyadmin 4:4.6.5.1-1 (unimportant)
+   NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/
 CVE-2016-9861 [phpMyAdmin PMASA-2016-66]
- phpmyadmin 4:4.6.5.1-1 (low)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-66/


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46844 - data/CVE

2016-12-06 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-12-07 07:51:39 + (Wed, 07 Dec 2016)
New Revision: 46844

Modified:
   data/CVE/list
Log:
Update first round for phpmyadmin CVEs

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-07 07:47:09 UTC (rev 46843)
+++ data/CVE/list   2016-12-07 07:51:39 UTC (rev 46844)
@@ -163,18 +163,6 @@
NOTE: 
https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
NOTE: Fixed by: 
https://github.com/roundcube/roundcubemail/commit/f84233785ddeed01445fc855f3ae1e8a62f167e1
NOTE: CVE has been already requested by discoverer of the issue and 
will be published "shortly"
-CVE-2016-9866
-   RESERVED
-CVE-2016-9865
-   RESERVED
-CVE-2016-9864
-   RESERVED
-CVE-2016-9863
-   RESERVED
-CVE-2016-9862
-   RESERVED
-CVE-2016-9861
-   RESERVED
 CVE-2016-9860
RESERVED
 CVE-2016-9859
@@ -6759,26 +6747,26 @@
 CVE-2016- [phpMyAdmin PMASA-2016-65]
- phpmyadmin 4:4.6.5.1-1 (unimportant)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/
-CVE-2016- [phpMyAdmin PMASA-2016-66]
+CVE-2016-9861 [phpMyAdmin PMASA-2016-66]
- phpmyadmin 4:4.6.5.1-1 (low)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-66/
-CVE-2016- [phpMyAdmin PMASA-2016-67]
+CVE-2016-9862 [phpMyAdmin PMASA-2016-67]
- phpmyadmin 4:4.6.5.1-1
[jessie] - phpmyadmin  (Vulnerable code not present)
[wheezy] - phpmyadmin  (Vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-67/
-CVE-2016- [phpMyAdmin PMASA-2016-68]
+CVE-2016-9863 [phpMyAdmin PMASA-2016-68]
- phpmyadmin 4:4.6.5.1-1 (unimportant)
[jessie] - phpmyadmin  (Vulnerable code not present)
[wheezy] - phpmyadmin  (Vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-68/
-CVE-2016- [phpMyAdmin PMASA-2016-69]
+CVE-2016-9864 [phpMyAdmin PMASA-2016-69]
- phpmyadmin 4:4.6.5.1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-69/
-CVE-2016- [phpMyAdmin PMASA-2016-70]
+CVE-2016-9865 [phpMyAdmin PMASA-2016-70]
- phpmyadmin 4:4.6.5.1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-70/
-CVE-2016- [phpMyAdmin PMASA-2016-71]
+CVE-2016-9866 [phpMyAdmin PMASA-2016-71]
- phpmyadmin 4:4.6.5.1-1 (unimportant)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-71/
NOTE: unlikely PHP configuration required, unclear impact


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46843 - data/CVE

2016-12-06 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-12-07 07:47:09 + (Wed, 07 Dec 2016)
New Revision: 46843

Modified:
   data/CVE/list
Log:
Add fixed version for CVE-2016-794{7,8}/libxrandr

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-07 06:06:54 UTC (rev 46842)
+++ data/CVE/list   2016-12-07 07:47:09 UTC (rev 46843)
@@ -12335,13 +12335,13 @@
 CVE-2016-7948 [for all of the other mishandling of the reply data]
RESERVED
{DLA-660-1}
-   - libxrandr  (low; bug #840441)
+   - libxrandr 2:1.5.1-1 (low; bug #840441)
[jessie] - libxrandr  (Minor issue, will be fixed in a point 
release)
NOTE: 
https://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=a0df3e1c7728205e5c7650b2e6dce684139254a6
 CVE-2016-7947 [for all of the integer overflows]
RESERVED
{DLA-660-1}
-   - libxrandr  (low; bug #840441)
+   - libxrandr 2:1.5.1-1 (low; bug #840441)
[jessie] - libxrandr  (Minor issue, will be fixed in a point 
release)
NOTE: 
https://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=a0df3e1c7728205e5c7650b2e6dce684139254a6
 CVE-2016-7946 [for all of the other mishandling of the reply data]


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46842 - data

2016-12-06 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-12-07 06:06:54 + (Wed, 07 Dec 2016)
New Revision: 46842

Modified:
   data/dsa-needed.txt
Log:
Add php5 with note to dsa-needed list

Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-12-07 05:41:35 UTC (rev 46841)
+++ data/dsa-needed.txt 2016-12-07 06:06:54 UTC (rev 46842)
@@ -35,6 +35,9 @@
 --
 openjpeg2
 --
+php5
+  Maintainer proposed to update src:php5 for jessie, needs check
+--
 phpmyadmin
 --
 qemu


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46841 - data/CVE

2016-12-06 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-12-07 05:41:35 + (Wed, 07 Dec 2016)
New Revision: 46841

Modified:
   data/CVE/list
Log:
Mark xen issues as no-dsa

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-07 05:41:26 UTC (rev 46840)
+++ data/CVE/list   2016-12-07 05:41:35 UTC (rev 46841)
@@ -858,12 +858,14 @@
 CVE-2016-9818
RESERVED
- xen 
+   [jessie] - xen  (Minor issue)
[wheezy] - xen  (ARM support introduced in 4.4)
NOTE: https://xenbits.xen.org/xsa/advisory-201.html
NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-4.patch
 CVE-2016-9817
RESERVED
- xen 
+   [jessie] - xen  (Minor issue)
[wheezy] - xen  (ARM support introduced in 4.4)
NOTE: https://xenbits.xen.org/xsa/advisory-201.html
NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-3.patch
@@ -871,12 +873,14 @@
 CVE-2016-9816
RESERVED
- xen 
+   [jessie] - xen  (Minor issue)
[wheezy] - xen  (ARM support introduced in 4.4)
NOTE: https://xenbits.xen.org/xsa/advisory-201.html
NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-2.patch
 CVE-2016-9815
RESERVED
- xen 
+   [jessie] - xen  (Minor issue)
[wheezy] - xen  (ARM support introduced in 4.4)
NOTE: https://xenbits.xen.org/xsa/advisory-201.html
NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-1.patch


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46840 - data/CVE

2016-12-06 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-12-07 05:41:26 + (Wed, 07 Dec 2016)
New Revision: 46840

Modified:
   data/CVE/list
Log:
Add fixing commit for roundcube

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-07 05:27:25 UTC (rev 46839)
+++ data/CVE/list   2016-12-07 05:41:26 UTC (rev 46840)
@@ -161,6 +161,7 @@
 CVE-2016- [Command Execution via Email]
- roundcube  (bug #847287)
NOTE: 
https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
+   NOTE: Fixed by: 
https://github.com/roundcube/roundcubemail/commit/f84233785ddeed01445fc855f3ae1e8a62f167e1
NOTE: CVE has been already requested by discoverer of the issue and 
will be published "shortly"
 CVE-2016-9866
RESERVED


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46839 - data/CVE

2016-12-06 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-12-07 05:27:25 + (Wed, 07 Dec 2016)
New Revision: 46839

Modified:
   data/CVE/list
Log:
Add note for roundcube

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-07 05:24:17 UTC (rev 46838)
+++ data/CVE/list   2016-12-07 05:27:25 UTC (rev 46839)
@@ -161,6 +161,7 @@
 CVE-2016- [Command Execution via Email]
- roundcube  (bug #847287)
NOTE: 
https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
+   NOTE: CVE has been already requested by discoverer of the issue and 
will be published "shortly"
 CVE-2016-9866
RESERVED
 CVE-2016-9865


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46838 - data/CVE

2016-12-06 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-12-07 05:24:17 + (Wed, 07 Dec 2016)
New Revision: 46838

Modified:
   data/CVE/list
Log:
Add bugreport reference for roundcube

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-06 22:27:22 UTC (rev 46837)
+++ data/CVE/list   2016-12-07 05:24:17 UTC (rev 46838)
@@ -159,7 +159,7 @@
 CVE-2017-3150
RESERVED
 CVE-2016- [Command Execution via Email]
-   - roundcube 
+   - roundcube  (bug #847287)
NOTE: 
https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
 CVE-2016-9866
RESERVED


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46837 - data

2016-12-06 Thread Chris Lamb

Author: lamby
Date: 2016-12-06 22:27:22 + (Tue, 06 Dec 2016)
New Revision: 46837

Modified:
   data/dla-needed.txt
Log:
Triage html5lib for LTS

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-12-06 22:25:20 UTC (rev 46836)
+++ data/dla-needed.txt 2016-12-06 22:27:22 UTC (rev 46837)
@@ -23,6 +23,8 @@
 --
 hdf5 (Thorsten Alteholz)
 --
+html5lib
+--
 icedove (Guido Günther)
 --
 icu (Roberto C. Sánchez)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46836 - data/CVE

2016-12-06 Thread Paul Wise

Author: pabs
Date: 2016-12-06 22:25:20 + (Tue, 06 Dec 2016)
New Revision: 46836

Modified:
   data/CVE/list
Log:
roundcube: Command Execution via Email

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-06 21:19:53 UTC (rev 46835)
+++ data/CVE/list   2016-12-06 22:25:20 UTC (rev 46836)
@@ -158,6 +158,9 @@
RESERVED
 CVE-2017-3150
RESERVED
+CVE-2016- [Command Execution via Email]
+   - roundcube 
+   NOTE: 
https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
 CVE-2016-9866
RESERVED
 CVE-2016-9865


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46835 - data/CVE

2016-12-06 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-12-06 21:19:53 + (Tue, 06 Dec 2016)
New Revision: 46835

Modified:
   data/CVE/list
Log:
Add CVE-2016-9843/zlib

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-06 21:10:11 UTC (rev 46834)
+++ data/CVE/list   2016-12-06 21:19:53 UTC (rev 46835)
@@ -759,7 +759,7 @@
TODO: check affected versions
 CVE-2016-9843
RESERVED
-   - zlib 
+   - zlib  (bug #847275)
NOTE: 
https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811
 CVE-2016-9842
RESERVED


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46834 - data/CVE

2016-12-06 Thread security tracker role

Author: sectracker
Date: 2016-12-06 21:10:11 + (Tue, 06 Dec 2016)
New Revision: 46834

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-06 21:06:21 UTC (rev 46833)
+++ data/CVE/list   2016-12-06 21:10:11 UTC (rev 46834)
@@ -1,3 +1,203 @@
+CVE-2017-3229
+   RESERVED
+CVE-2017-3228
+   RESERVED
+CVE-2017-3227
+   RESERVED
+CVE-2017-3226
+   RESERVED
+CVE-2017-3225
+   RESERVED
+CVE-2017-3224
+   RESERVED
+CVE-2017-3223
+   RESERVED
+CVE-2017-3222
+   RESERVED
+CVE-2017-3221
+   RESERVED
+CVE-2017-3220
+   RESERVED
+CVE-2017-3219
+   RESERVED
+CVE-2017-3218
+   RESERVED
+CVE-2017-3217
+   RESERVED
+CVE-2017-3216
+   RESERVED
+CVE-2017-3215
+   RESERVED
+CVE-2017-3214
+   RESERVED
+CVE-2017-3213
+   RESERVED
+CVE-2017-3212
+   RESERVED
+CVE-2017-3211
+   RESERVED
+CVE-2017-3210
+   RESERVED
+CVE-2017-3209
+   RESERVED
+CVE-2017-3208
+   RESERVED
+CVE-2017-3207
+   RESERVED
+CVE-2017-3206
+   RESERVED
+CVE-2017-3205
+   RESERVED
+CVE-2017-3204
+   RESERVED
+CVE-2017-3203
+   RESERVED
+CVE-2017-3202
+   RESERVED
+CVE-2017-3201
+   RESERVED
+CVE-2017-3200
+   RESERVED
+CVE-2017-3199
+   RESERVED
+CVE-2017-3198
+   RESERVED
+CVE-2017-3197
+   RESERVED
+CVE-2017-3196
+   RESERVED
+CVE-2017-3195
+   RESERVED
+CVE-2017-3194
+   RESERVED
+CVE-2017-3193
+   RESERVED
+CVE-2017-3192
+   RESERVED
+CVE-2017-3191
+   RESERVED
+CVE-2017-3190
+   RESERVED
+CVE-2017-3189
+   RESERVED
+CVE-2017-3188
+   RESERVED
+CVE-2017-3187
+   RESERVED
+CVE-2017-3186
+   RESERVED
+CVE-2017-3185
+   RESERVED
+CVE-2017-3184
+   RESERVED
+CVE-2017-3183
+   RESERVED
+CVE-2017-3182
+   RESERVED
+CVE-2017-3181
+   RESERVED
+CVE-2017-3180
+   RESERVED
+CVE-2017-3179
+   RESERVED
+CVE-2017-3178
+   RESERVED
+CVE-2017-3177
+   RESERVED
+CVE-2017-3176
+   RESERVED
+CVE-2017-3175
+   RESERVED
+CVE-2017-3174
+   RESERVED
+CVE-2017-3173
+   RESERVED
+CVE-2017-3172
+   RESERVED
+CVE-2017-3171
+   RESERVED
+CVE-2017-3170
+   RESERVED
+CVE-2017-3169
+   RESERVED
+CVE-2017-3168
+   RESERVED
+CVE-2017-3167
+   RESERVED
+CVE-2017-3166
+   RESERVED
+CVE-2017-3165
+   RESERVED
+CVE-2017-3164
+   RESERVED
+CVE-2017-3163
+   RESERVED
+CVE-2017-3162
+   RESERVED
+CVE-2017-3161
+   RESERVED
+CVE-2017-3160
+   RESERVED
+CVE-2017-3159
+   RESERVED
+CVE-2017-3158
+   RESERVED
+CVE-2017-3157
+   RESERVED
+CVE-2017-3156
+   RESERVED
+CVE-2017-3155
+   RESERVED
+CVE-2017-3154
+   RESERVED
+CVE-2017-3153
+   RESERVED
+CVE-2017-3152
+   RESERVED
+CVE-2017-3151
+   RESERVED
+CVE-2017-3150
+   RESERVED
+CVE-2016-9866
+   RESERVED
+CVE-2016-9865
+   RESERVED
+CVE-2016-9864
+   RESERVED
+CVE-2016-9863
+   RESERVED
+CVE-2016-9862
+   RESERVED
+CVE-2016-9861
+   RESERVED
+CVE-2016-9860
+   RESERVED
+CVE-2016-9859
+   RESERVED
+CVE-2016-9858
+   RESERVED
+CVE-2016-9857
+   RESERVED
+CVE-2016-9856
+   RESERVED
+CVE-2016-9855
+   RESERVED
+CVE-2016-9854
+   RESERVED
+CVE-2016-9853
+   RESERVED
+CVE-2016-9852
+   RESERVED
+CVE-2016-9851
+   RESERVED
+CVE-2016-9850
+   RESERVED
+CVE-2016-9849
+   RESERVED
+CVE-2016-9848
+   RESERVED
+CVE-2016-9847
+   RESERVED
 CVE-2016- [cross-site scripting vulnerability]
- html5lib 0.9-1
[jessie] - html5lib  (Minor issue)
@@ -455,6 +655,7 @@
 CVE-2017-2925
RESERVED
 CVE-2016-9839
+   RESERVED
- mapserver 7.0.3-1
[jessie] - mapserver  (Minor issue)
NOTE: 
https://lists.osgeo.org/pipermail/mapserver-dev/2016-December/014979.html
@@ -464,8 +665,8 @@
RESERVED
 CVE-2016-9837
RESERVED
-CVE-2016-9836
-   RESERVED
+CVE-2016-9836 (The file scanning mechanism of JFilterInput::isFileSafe() in 
Joomla! ...)
+   TODO: check
 CVE-2016-9835 (Directory traversal vulnerability in file "jcss.php" 
in Zikula 1.3.x ...)
TODO: check
 CVE-2016-9834
@@ -541,6 +742,7 @@
 CVE-2016-9757
RESERVED
 CVE-2016-9846 [display: virtio-gpu: memory leakage while updating cursor]
+   RESERVED
- qemu 
[wheezy] - qemu  (Vulnerable code not present)
- qemu-kvm 
@@ -548,6 +750,7 @@
NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00029.html
TODO: check affected versions
 CVE-2016-9845 [display: virtio-gpu-3d: information leakage in 
virgl_cmd_get_capset_info]
+   RESERVED
- qemu 
[wheezy] - qemu  (Vulnerable code not present)
- qemu-kvm 
@@ -555,23 +758,29 @@
NOTE: 
https://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00019.html
TODO: check affected versi

[Secure-testing-commits] r46833 - data

2016-12-06 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-12-06 21:06:21 + (Tue, 06 Dec 2016)
New Revision: 46833

Modified:
   data/next-point-update.txt
Log:
Add CVE-2016-9839/mapserver to be fixed via point release

Modified: data/next-point-update.txt
===
--- data/next-point-update.txt  2016-12-06 21:04:55 UTC (rev 46832)
+++ data/next-point-update.txt  2016-12-06 21:06:21 UTC (rev 46833)
@@ -74,3 +74,5 @@
[jessie] - sniffit 0.3.7.beta-17+deb8u1
 CVE-2016-8649
[jessie] - lxc 1:1.0.6-6+deb8u5
+CVE-2016-9839
+   [jessie] - mapserver 6.4.1-5+deb8u1


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46832 - data/CVE

2016-12-06 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-12-06 21:04:55 + (Tue, 06 Dec 2016)
New Revision: 46832

Modified:
   data/CVE/list
Log:
Add bug reference for CVE-2016-9842

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-06 20:53:09 UTC (rev 46831)
+++ data/CVE/list   2016-12-06 21:04:55 UTC (rev 46832)
@@ -558,7 +558,7 @@
- zlib 
NOTE: 
https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811
 CVE-2016-9842
-   - zlib 
+   - zlib  (bug #847274)
NOTE: 
https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
 CVE-2016-9841
- zlib  (bug #847270)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46831 - data/CVE

2016-12-06 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-12-06 20:53:09 + (Tue, 06 Dec 2016)
New Revision: 46831

Modified:
   data/CVE/list
Log:
Add bug reference for CVE-2016-984{0,1}

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-06 20:33:19 UTC (rev 46830)
+++ data/CVE/list   2016-12-06 20:53:09 UTC (rev 46831)
@@ -561,10 +561,10 @@
- zlib 
NOTE: 
https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
 CVE-2016-9841
-   - zlib 
+   - zlib  (bug #847270)
NOTE: 
https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb
 CVE-2016-9840
-   - zlib 
+   - zlib  (bug #847270)
NOTE: 
https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0
 CVE-2016-9844 [zipinfo buffer overflow]
- unzip 


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46830 - data/CVE

2016-12-06 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-12-06 20:33:19 + (Tue, 06 Dec 2016)
New Revision: 46830

Modified:
   data/CVE/list
Log:
Mark html5lib as no-dsa for jessie

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-06 15:55:16 UTC (rev 46829)
+++ data/CVE/list   2016-12-06 20:33:19 UTC (rev 46830)
@@ -1,5 +1,6 @@
 CVE-2016- [cross-site scripting vulnerability]
- html5lib 0.9-1
+   [jessie] - html5lib  (Minor issue)
NOTE: Fixed by: 
https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7
NOTE: 
https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068
NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/12/06/5


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46829 - data/CVE

2016-12-06 Thread Nicholas Luedtke

Author: nluedtke-guest
Date: 2016-12-06 15:55:16 + (Tue, 06 Dec 2016)
New Revision: 46829

Modified:
   data/CVE/list
Log:
Add CVE-2016-8707/imagemagick

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-06 15:19:25 UTC (rev 46828)
+++ data/CVE/list   2016-12-06 15:55:16 UTC (rev 46829)
@@ -9070,8 +9070,11 @@
RESERVED
 CVE-2016-8708
RESERVED
-CVE-2016-8707
+CVE-2016-8707 [ImageMagick Convert Tiff Adobe Deflate Code Execution 
Vulnerability]
RESERVED
+   - imagemagick 
+   NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0216/
+   NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/e5fd9ab1b70b2edd06de8efb606e04482cb9a2f0
 (7.0.3-9)
 CVE-2016-8706
RESERVED
{DSA-3704-1 DLA-701-1}


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46828 - data/DLA

2016-12-06 Thread Jonas Meurer

Author: mejo
Date: 2016-12-06 15:19:25 + (Tue, 06 Dec 2016)
New Revision: 46828

Modified:
   data/DLA/list
Log:
data/DLA/list: Remove CVE-2016-7067 from DLA-732-2 entry

Modified: data/DLA/list
===
--- data/DLA/list   2016-12-06 14:31:36 UTC (rev 46827)
+++ data/DLA/list   2016-12-06 15:19:25 UTC (rev 46828)
@@ -1,5 +1,4 @@
 [06 Dec 2016] DLA-732-2 monit - regression update
-   {CVE-2016-7067}
[wheezy] - monit 1:5.4-2+deb7u2
 [03 Dec 2016] DLA-733-1 openafs - security update
{CVE-2016-9772}


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46827 - data/CVE

2016-12-06 Thread Jonas Meurer

Author: mejo
Date: 2016-12-06 14:31:36 + (Tue, 06 Dec 2016)
New Revision: 46827

Modified:
   data/CVE/list
Log:
CVE-2016-4484/cryptsetup: mark as no-dsa for wheezy

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-06 13:57:33 UTC (rev 46826)
+++ data/CVE/list   2016-12-06 14:31:36 UTC (rev 46827)
@@ -23898,6 +23898,7 @@
 CVE-2016-4484
RESERVED
- cryptsetup 2:1.7.3-2 (unimportant)
+   [wheezy] - cryptsetup  (Minor issue)
NOTE: 
http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html
NOTE: Negligable security impact
 CVE-2016-4481


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46826 - data/DLA

2016-12-06 Thread Jonas Meurer

Author: mejo
Date: 2016-12-06 13:57:33 + (Tue, 06 Dec 2016)
New Revision: 46826

Modified:
   data/DLA/list
Log:
Reserve DLA-732-2 for monit regression update

Modified: data/DLA/list
===
--- data/DLA/list   2016-12-06 12:57:24 UTC (rev 46825)
+++ data/DLA/list   2016-12-06 13:57:33 UTC (rev 46826)
@@ -1,3 +1,6 @@
+[06 Dec 2016] DLA-732-2 monit - regression update
+   {CVE-2016-7067}
+   [wheezy] - monit 1:5.4-2+deb7u2
 [03 Dec 2016] DLA-733-1 openafs - security update
{CVE-2016-9772}
[wheezy] - openafs 1.6.1-3+deb7u7


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46825 - data/CVE

2016-12-06 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-12-06 12:57:24 + (Tue, 06 Dec 2016)
New Revision: 46825

Modified:
   data/CVE/list
Log:
Add CVE request reference for html5lib

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-06 12:49:52 UTC (rev 46824)
+++ data/CVE/list   2016-12-06 12:57:24 UTC (rev 46825)
@@ -2,6 +2,7 @@
- html5lib 0.9-1
NOTE: Fixed by: 
https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7
NOTE: 
https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068
+   NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/12/06/5
 CVE-2017-3149
RESERVED
 CVE-2017-3148


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46824 - data/CVE

2016-12-06 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-12-06 12:49:52 + (Tue, 06 Dec 2016)
New Revision: 46824

Modified:
   data/CVE/list
Log:
Add additional reference for html5lib

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-06 12:49:11 UTC (rev 46823)
+++ data/CVE/list   2016-12-06 12:49:52 UTC (rev 46824)
@@ -1,6 +1,7 @@
 CVE-2016- [cross-site scripting vulnerability]
- html5lib 0.9-1
NOTE: Fixed by: 
https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7
+   NOTE: 
https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068
 CVE-2017-3149
RESERVED
 CVE-2017-3148


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46823 - data/CVE

2016-12-06 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-12-06 12:49:11 + (Tue, 06 Dec 2016)
New Revision: 46823

Modified:
   data/CVE/list
Log:
Add html5lib issue

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-06 12:21:16 UTC (rev 46822)
+++ data/CVE/list   2016-12-06 12:49:11 UTC (rev 46823)
@@ -1,3 +1,6 @@
+CVE-2016- [cross-site scripting vulnerability]
+   - html5lib 0.9-1
+   NOTE: Fixed by: 
https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7
 CVE-2017-3149
RESERVED
 CVE-2017-3148


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46822 - data/CVE

2016-12-06 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-12-06 12:21:16 + (Tue, 06 Dec 2016)
New Revision: 46822

Modified:
   data/CVE/list
Log:
Add new xen issue

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-06 09:19:24 UTC (rev 46821)
+++ data/CVE/list   2016-12-06 12:21:16 UTC (rev 46822)
@@ -6236,8 +6236,13 @@
RESERVED
 CVE-2016-9638 (In BMC Patrol before 9.13.10.02, the binary 
"listguests64" is ...)
TODO: check
-CVE-2016-9637
+CVE-2016-9637 [qemu ioport array overflow]
RESERVED
+   - qemu  (Vulnerability specific to Xen)
+   - qemu-kvm  (Vulnerability specific to Xen)
+   - xen 4.4.0-1
+NOTE: Xen switched to qemu-system in 4.4.0-1
+   NOTE: https://xenbits.xen.org/xsa/advisory-199.html
 CVE-2016-9620
RESERVED
 CVE-2016-9619


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46821 - data

2016-12-06 Thread Chris Lamb

Author: lamby
Date: 2016-12-06 09:19:24 + (Tue, 06 Dec 2016)
New Revision: 46821

Modified:
   data/dla-needed.txt
Log:
Triage mapserver for LTS

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-12-06 09:19:16 UTC (rev 46820)
+++ data/dla-needed.txt 2016-12-06 09:19:24 UTC (rev 46821)
@@ -60,6 +60,8 @@
 lxc
   NOTE: A privilege escalation of this should be seen as a problem.
 --
+mapserver
+--
 maradns
   NOTE: Dariusz Dwornikowski  asked for help in
   NOTE: 
https://lists.debian.org/cagnkuncsq+fkzm892yqvf1qyrawzytq3hyak17vmu0kicpi...@mail.gmail.com


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46820 - data/CVE

2016-12-06 Thread Chris Lamb

Author: lamby
Date: 2016-12-06 09:19:16 + (Tue, 06 Dec 2016)
New Revision: 46820

Modified:
   data/CVE/list
Log:
Mark CVE-2016-9845/CVE-2016-9846 as not-affected in wheezy for kvm-qemu too.

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-06 09:15:45 UTC (rev 46819)
+++ data/CVE/list   2016-12-06 09:19:16 UTC (rev 46820)
@@ -538,12 +538,14 @@
- qemu 
[wheezy] - qemu  (Vulnerable code not present)
- qemu-kvm 
+   [wheezy] - qemu-kvm  (Vulnerable code not present)
NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00029.html
TODO: check affected versions
 CVE-2016-9845 [display: virtio-gpu-3d: information leakage in 
virgl_cmd_get_capset_info]
- qemu 
[wheezy] - qemu  (Vulnerable code not present)
- qemu-kvm 
+   [wheezy] - qemu-kvm  (Vulnerable code not present)
NOTE: 
https://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00019.html
TODO: check affected versions
 CVE-2016-9843


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46819 - data/CVE

2016-12-06 Thread Chris Lamb

Author: lamby
Date: 2016-12-06 09:15:45 + (Tue, 06 Dec 2016)
New Revision: 46819

Modified:
   data/CVE/list
Log:
Mark CVE-2016-9845/CVE-2016-9846 as not-affected in wheezy

Modified: data/CVE/list
===
--- data/CVE/list   2016-12-06 07:37:44 UTC (rev 46818)
+++ data/CVE/list   2016-12-06 09:15:45 UTC (rev 46819)
@@ -536,11 +536,13 @@
RESERVED
 CVE-2016-9846 [display: virtio-gpu: memory leakage while updating cursor]
- qemu 
+   [wheezy] - qemu  (Vulnerable code not present)
- qemu-kvm 
NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00029.html
TODO: check affected versions
 CVE-2016-9845 [display: virtio-gpu-3d: information leakage in 
virgl_cmd_get_capset_info]
- qemu 
+   [wheezy] - qemu  (Vulnerable code not present)
- qemu-kvm 
NOTE: 
https://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00019.html
TODO: check affected versions


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46846 - data/CVE

[Secure-testing-commits] r46845 - data/CVE

[Secure-testing-commits] r46844 - data/CVE

[Secure-testing-commits] r46843 - data/CVE

[Secure-testing-commits] r46842 - data

[Secure-testing-commits] r46841 - data/CVE

[Secure-testing-commits] r46840 - data/CVE

[Secure-testing-commits] r46839 - data/CVE

[Secure-testing-commits] r46838 - data/CVE

[Secure-testing-commits] r46837 - data

[Secure-testing-commits] r46836 - data/CVE

[Secure-testing-commits] r46835 - data/CVE

[Secure-testing-commits] r46834 - data/CVE

[Secure-testing-commits] r46833 - data

[Secure-testing-commits] r46832 - data/CVE

[Secure-testing-commits] r46831 - data/CVE

[Secure-testing-commits] r46830 - data/CVE

[Secure-testing-commits] r46829 - data/CVE

[Secure-testing-commits] r46828 - data/DLA

[Secure-testing-commits] r46827 - data/CVE

[Secure-testing-commits] r46826 - data/DLA

[Secure-testing-commits] r46825 - data/CVE

[Secure-testing-commits] r46824 - data/CVE

[Secure-testing-commits] r46823 - data/CVE

[Secure-testing-commits] r46822 - data/CVE

[Secure-testing-commits] r46821 - data

[Secure-testing-commits] r46820 - data/CVE

[Secure-testing-commits] r46819 - data/CVE

28 matches

Site Navigation

Mail list logo

Footer information