date:20170430

[Secure-testing-commits] r51217 - data/CVE

2017-04-30 Thread Salvatore Bonaccorso

Author: carnil
Date: 2017-05-01 06:49:53 + (Mon, 01 May 2017)
New Revision: 51217

Modified:
   data/CVE/list
Log:
Add bug reference for mediawiki issue

Modified: data/CVE/list
===
--- data/CVE/list   2017-05-01 04:47:37 UTC (rev 51216)
+++ data/CVE/list   2017-05-01 06:49:53 UTC (rev 51217)
@@ -21430,7 +21430,7 @@
RESERVED
 CVE-2017-0372
RESERVED
-   - mediawiki 
+   - mediawiki  (bug #861585)
NOTE: https://phabricator.wikimedia.org/T158689
NOTE: 
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
NOTE: 
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r51216 - data/CVE

2017-04-30 Thread Salvatore Bonaccorso

Author: carnil
Date: 2017-05-01 04:47:37 + (Mon, 01 May 2017)
New Revision: 51216

Modified:
   data/CVE/list
Log:
Mark CVE-2017-0372 as unfixed, needs check

Modified: data/CVE/list
===
--- data/CVE/list   2017-04-30 21:38:17 UTC (rev 51215)
+++ data/CVE/list   2017-05-01 04:47:37 UTC (rev 51216)
@@ -21430,9 +21430,10 @@
RESERVED
 CVE-2017-0372
RESERVED
-   - mediawiki 1:1.27.2-1
+   - mediawiki 
NOTE: https://phabricator.wikimedia.org/T158689
NOTE: 
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
+   NOTE: 
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html
 CVE-2017-0371
RESERVED
- mediawiki 1:1.27.2-1


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r51215 - data/CVE

2017-04-30 Thread Henri Salo

Author: fgeek-guest
Date: 2017-04-30 21:38:17 + (Sun, 30 Apr 2017)
New Revision: 51215

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===
--- data/CVE/list   2017-04-30 19:23:55 UTC (rev 51214)
+++ data/CVE/list   2017-04-30 21:38:17 UTC (rev 51215)
@@ -7110,10 +7110,13 @@
RESERVED
 CVE-2017-5806
RESERVED
+   NOT-FOR-US: HPE Intelligent Management Center
 CVE-2017-5805
RESERVED
+   NOT-FOR-US: HPE Intelligent Management Center
 CVE-2017-5804
RESERVED
+   NOT-FOR-US: HPE Intelligent Management Center
 CVE-2017-5803
RESERVED
 CVE-2017-5802


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r51214 - data

2017-04-30 Thread Chris Lamb

Author: lamby
Date: 2017-04-30 19:23:55 + (Sun, 30 Apr 2017)
New Revision: 51214

Modified:
   data/dla-needed.txt
Log:
libxstream-java has been slightly refactored.

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-04-30 19:23:54 UTC (rev 51213)
+++ data/dla-needed.txt 2017-04-30 19:23:55 UTC (rev 51214)
@@ -56,6 +56,7 @@
 --
 libxstream-java (Chris Lamb)
   NOTE: maintainer contacted 20170430
+  NOTE: https://github.com/x-stream/xstream/commit/b3570be should be applied 
to 
xstream/src/java/com/thoughtworks/xstream/converters/reflection/Sun14ReflectionProvider.java
 instead
 --
 linux
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r51213 - data

2017-04-30 Thread Chris Lamb

Author: lamby
Date: 2017-04-30 19:23:54 + (Sun, 30 Apr 2017)
New Revision: 51213

Modified:
   data/dla-needed.txt
Log:
Claim libxstream-java in data/dla-needed.txt

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-04-30 19:08:35 UTC (rev 51212)
+++ data/dla-needed.txt 2017-04-30 19:23:54 UTC (rev 51213)
@@ -54,7 +54,7 @@
 libpodofo
   NOTE: maintainer asked for a review
 --
-libxstream-java
+libxstream-java (Chris Lamb)
   NOTE: maintainer contacted 20170430
 --
 linux


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r51212 - data

2017-04-30 Thread Salvatore Bonaccorso

Author: carnil
Date: 2017-04-30 19:08:35 + (Sun, 30 Apr 2017)
New Revision: 51212

Modified:
   data/dsa-needed.txt
Log:
Fix typo in note

Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2017-04-30 18:21:53 UTC (rev 51211)
+++ data/dsa-needed.txt 2017-04-30 19:08:35 UTC (rev 51212)
@@ -15,7 +15,7 @@
 389-ds-base (fw)
 --
 bind9
-  Possibly a rebase-is needed and will take more time
+  Possibly a rebase is needed and will take more time
 --
 chromium-browser
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r51211 - data/CVE

2017-04-30 Thread Salvatore Bonaccorso

Author: carnil
Date: 2017-04-30 18:21:53 + (Sun, 30 Apr 2017)
New Revision: 51211

Modified:
   data/CVE/list
Log:
CVE-2017-8342 assigned for radicale issue, #861514

Modified: data/CVE/list
===
--- data/CVE/list   2017-04-30 18:00:26 UTC (rev 51210)
+++ data/CVE/list   2017-04-30 18:21:53 UTC (rev 51211)
@@ -1,4 +1,4 @@
-CVE-2017- [prone to timing oracles and simple bruteforce attacks]
+CVE-2017-8342 [prone to timing oracles and simple bruteforce attacks]
- radicale 1.1.1+20160115-4 (bug #861514)
NOTE: 
https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b
 (1.1.x)
NOTE: 
https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d
 (master)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r51210 - data

2017-04-30 Thread Thorsten Alteholz

Author: alteholz
Date: 2017-04-30 18:00:26 + (Sun, 30 Apr 2017)
New Revision: 51210

Modified:
   data/dla-needed.txt
Log:
add note

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-04-30 17:59:25 UTC (rev 51209)
+++ data/dla-needed.txt 2017-04-30 18:00:26 UTC (rev 51210)
@@ -55,6 +55,7 @@
   NOTE: maintainer asked for a review
 --
 libxstream-java
+  NOTE: maintainer contacted 20170430
 --
 linux
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r51209 - data

2017-04-30 Thread Thorsten Alteholz

Author: alteholz
Date: 2017-04-30 17:59:25 + (Sun, 30 Apr 2017)
New Revision: 51209

Modified:
   data/dla-needed.txt
Log:
add note

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-04-30 17:58:32 UTC (rev 51208)
+++ data/dla-needed.txt 2017-04-30 17:59:25 UTC (rev 51209)
@@ -37,6 +37,7 @@
 icu (Thorsten Alteholz)
 --
 jasper (Thorsten Alteholz)
+  NOTE: 20170430, not patch for the remaining CVEs yet
 --
 jbig2dec
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r51208 - data

2017-04-30 Thread Thorsten Alteholz

Author: alteholz
Date: 2017-04-30 17:58:32 + (Sun, 30 Apr 2017)
New Revision: 51208

Modified:
   data/dla-needed.txt
Log:
add libxstream-java

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-04-30 17:54:41 UTC (rev 51207)
+++ data/dla-needed.txt 2017-04-30 17:58:32 UTC (rev 51208)
@@ -53,6 +53,8 @@
 libpodofo
   NOTE: maintainer asked for a review
 --
+libxstream-java
+--
 linux
 --
 mcollective


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r51207 - data

2017-04-30 Thread Thorsten Alteholz

Author: alteholz
Date: 2017-04-30 17:54:41 + (Sun, 30 Apr 2017)
New Revision: 51207

Modified:
   data/dla-needed.txt
Log:
add radicale, see also lts-do-not-call

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-04-30 12:30:45 UTC (rev 51206)
+++ data/dla-needed.txt 2017-04-30 17:54:41 UTC (rev 51207)
@@ -96,6 +96,8 @@
 --
 qemu-kvm (Guido Günther)
 --
+radicale (Thorsten Alteholz)
+--
 sane-backends (Jörg Frings-Fürst)
   NOTE: 2017-04-21 update: 
https://lists.debian.org/1492754083.10406.1.ca...@jff-webhosting.net
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r51206 - data/CVE

2017-04-30 Thread Salvatore Bonaccorso

Author: carnil
Date: 2017-04-30 12:30:45 + (Sun, 30 Apr 2017)
New Revision: 51206

Modified:
   data/CVE/list
Log:
Mark CVE-2016-7815 as NFU

Modified: data/CVE/list
===
--- data/CVE/list   2017-04-30 09:46:44 UTC (rev 51205)
+++ data/CVE/list   2017-04-30 12:30:45 UTC (rev 51206)
@@ -28098,7 +28098,7 @@
 CVE-2016-7816
RESERVED
 CVE-2016-7815 (Remote Service Manager 3.0.0 to 3.1.4 fails to verify client 
...)
-   TODO: check
+   NOT-FOR-US: Remote Service Manager provided by Cybozu
 CVE-2016-7814
RESERVED
 CVE-2016-7813


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r51205 - data/CVE

2017-04-30 Thread Salvatore Bonaccorso

Author: carnil
Date: 2017-04-30 09:46:44 + (Sun, 30 Apr 2017)
New Revision: 51205

Modified:
   data/CVE/list
Log:
Add fixing commit for libxstream-java

Modified: data/CVE/list
===
--- data/CVE/list   2017-04-30 08:40:10 UTC (rev 51204)
+++ data/CVE/list   2017-04-30 09:46:44 UTC (rev 51205)
@@ -881,6 +881,7 @@
 CVE-2017-7957 (XStream through 1.4.9, when a certain denyTypes workaround is 
not used, ...)
- libxstream-java  (bug #861521)
NOTE: https://x-stream.github.io/CVE-2017-7957.html
+   NOTE: Fixed by: https://github.com/x-stream/xstream/commit/b3570be
 CVE-2017-7956
RESERVED
 CVE-2017-7955


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r51204 - data/CVE

2017-04-30 Thread Salvatore Bonaccorso

Author: carnil
Date: 2017-04-30 08:40:10 + (Sun, 30 Apr 2017)
New Revision: 51204

Modified:
   data/CVE/list
Log:
Add fixing version for #861514 in radicale with unstable upload

Modified: data/CVE/list
===
--- data/CVE/list   2017-04-30 06:01:25 UTC (rev 51203)
+++ data/CVE/list   2017-04-30 08:40:10 UTC (rev 51204)
@@ -1,5 +1,5 @@
 CVE-2017- [prone to timing oracles and simple bruteforce attacks]
-   - radicale  (bug #861514)
+   - radicale 1.1.1+20160115-4 (bug #861514)
NOTE: 
https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b
 (1.1.x)
NOTE: 
https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d
 (master)
 CVE-2017-8327 (The bmpr_read_uncompressed function in imagew-bmp.c in ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r51217 - data/CVE

[Secure-testing-commits] r51216 - data/CVE

[Secure-testing-commits] r51215 - data/CVE

[Secure-testing-commits] r51214 - data

[Secure-testing-commits] r51213 - data

[Secure-testing-commits] r51212 - data

[Secure-testing-commits] r51211 - data/CVE

[Secure-testing-commits] r51210 - data

[Secure-testing-commits] r51209 - data

[Secure-testing-commits] r51208 - data

[Secure-testing-commits] r51207 - data

[Secure-testing-commits] r51206 - data/CVE

[Secure-testing-commits] r51205 - data/CVE

[Secure-testing-commits] r51204 - data/CVE

14 matches

Site Navigation

Mail list logo

Footer information