[Secure-testing-commits] r51217 - data/CVE
Author: carnil Date: 2017-05-01 06:49:53 + (Mon, 01 May 2017) New Revision: 51217 Modified: data/CVE/list Log: Add bug reference for mediawiki issue Modified: data/CVE/list === --- data/CVE/list 2017-05-01 04:47:37 UTC (rev 51216) +++ data/CVE/list 2017-05-01 06:49:53 UTC (rev 51217) @@ -21430,7 +21430,7 @@ RESERVED CVE-2017-0372 RESERVED - - mediawiki + - mediawiki (bug #861585) NOTE: https://phabricator.wikimedia.org/T158689 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r51216 - data/CVE
Author: carnil Date: 2017-05-01 04:47:37 + (Mon, 01 May 2017) New Revision: 51216 Modified: data/CVE/list Log: Mark CVE-2017-0372 as unfixed, needs check Modified: data/CVE/list === --- data/CVE/list 2017-04-30 21:38:17 UTC (rev 51215) +++ data/CVE/list 2017-05-01 04:47:37 UTC (rev 51216) @@ -21430,9 +21430,10 @@ RESERVED CVE-2017-0372 RESERVED - - mediawiki 1:1.27.2-1 + - mediawiki NOTE: https://phabricator.wikimedia.org/T158689 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html + NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html CVE-2017-0371 RESERVED - mediawiki 1:1.27.2-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r51215 - data/CVE
Author: fgeek-guest Date: 2017-04-30 21:38:17 + (Sun, 30 Apr 2017) New Revision: 51215 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2017-04-30 19:23:55 UTC (rev 51214) +++ data/CVE/list 2017-04-30 21:38:17 UTC (rev 51215) @@ -7110,10 +7110,13 @@ RESERVED CVE-2017-5806 RESERVED + NOT-FOR-US: HPE Intelligent Management Center CVE-2017-5805 RESERVED + NOT-FOR-US: HPE Intelligent Management Center CVE-2017-5804 RESERVED + NOT-FOR-US: HPE Intelligent Management Center CVE-2017-5803 RESERVED CVE-2017-5802 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r51214 - data
Author: lamby Date: 2017-04-30 19:23:55 + (Sun, 30 Apr 2017) New Revision: 51214 Modified: data/dla-needed.txt Log: libxstream-java has been slightly refactored. Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-04-30 19:23:54 UTC (rev 51213) +++ data/dla-needed.txt 2017-04-30 19:23:55 UTC (rev 51214) @@ -56,6 +56,7 @@ -- libxstream-java (Chris Lamb) NOTE: maintainer contacted 20170430 + NOTE: https://github.com/x-stream/xstream/commit/b3570be should be applied to xstream/src/java/com/thoughtworks/xstream/converters/reflection/Sun14ReflectionProvider.java instead -- linux -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r51213 - data
Author: lamby Date: 2017-04-30 19:23:54 + (Sun, 30 Apr 2017) New Revision: 51213 Modified: data/dla-needed.txt Log: Claim libxstream-java in data/dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-04-30 19:08:35 UTC (rev 51212) +++ data/dla-needed.txt 2017-04-30 19:23:54 UTC (rev 51213) @@ -54,7 +54,7 @@ libpodofo NOTE: maintainer asked for a review -- -libxstream-java +libxstream-java (Chris Lamb) NOTE: maintainer contacted 20170430 -- linux ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r51212 - data
Author: carnil Date: 2017-04-30 19:08:35 + (Sun, 30 Apr 2017) New Revision: 51212 Modified: data/dsa-needed.txt Log: Fix typo in note Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-04-30 18:21:53 UTC (rev 51211) +++ data/dsa-needed.txt 2017-04-30 19:08:35 UTC (rev 51212) @@ -15,7 +15,7 @@ 389-ds-base (fw) -- bind9 - Possibly a rebase-is needed and will take more time + Possibly a rebase is needed and will take more time -- chromium-browser -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r51211 - data/CVE
Author: carnil Date: 2017-04-30 18:21:53 + (Sun, 30 Apr 2017) New Revision: 51211 Modified: data/CVE/list Log: CVE-2017-8342 assigned for radicale issue, #861514 Modified: data/CVE/list === --- data/CVE/list 2017-04-30 18:00:26 UTC (rev 51210) +++ data/CVE/list 2017-04-30 18:21:53 UTC (rev 51211) @@ -1,4 +1,4 @@ -CVE-2017- [prone to timing oracles and simple bruteforce attacks] +CVE-2017-8342 [prone to timing oracles and simple bruteforce attacks] - radicale 1.1.1+20160115-4 (bug #861514) NOTE: https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b (1.1.x) NOTE: https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d (master) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r51210 - data
Author: alteholz Date: 2017-04-30 18:00:26 + (Sun, 30 Apr 2017) New Revision: 51210 Modified: data/dla-needed.txt Log: add note Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-04-30 17:59:25 UTC (rev 51209) +++ data/dla-needed.txt 2017-04-30 18:00:26 UTC (rev 51210) @@ -55,6 +55,7 @@ NOTE: maintainer asked for a review -- libxstream-java + NOTE: maintainer contacted 20170430 -- linux -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r51209 - data
Author: alteholz Date: 2017-04-30 17:59:25 + (Sun, 30 Apr 2017) New Revision: 51209 Modified: data/dla-needed.txt Log: add note Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-04-30 17:58:32 UTC (rev 51208) +++ data/dla-needed.txt 2017-04-30 17:59:25 UTC (rev 51209) @@ -37,6 +37,7 @@ icu (Thorsten Alteholz) -- jasper (Thorsten Alteholz) + NOTE: 20170430, not patch for the remaining CVEs yet -- jbig2dec -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r51208 - data
Author: alteholz Date: 2017-04-30 17:58:32 + (Sun, 30 Apr 2017) New Revision: 51208 Modified: data/dla-needed.txt Log: add libxstream-java Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-04-30 17:54:41 UTC (rev 51207) +++ data/dla-needed.txt 2017-04-30 17:58:32 UTC (rev 51208) @@ -53,6 +53,8 @@ libpodofo NOTE: maintainer asked for a review -- +libxstream-java +-- linux -- mcollective ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r51207 - data
Author: alteholz Date: 2017-04-30 17:54:41 + (Sun, 30 Apr 2017) New Revision: 51207 Modified: data/dla-needed.txt Log: add radicale, see also lts-do-not-call Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-04-30 12:30:45 UTC (rev 51206) +++ data/dla-needed.txt 2017-04-30 17:54:41 UTC (rev 51207) @@ -96,6 +96,8 @@ -- qemu-kvm (Guido Günther) -- +radicale (Thorsten Alteholz) +-- sane-backends (Jörg Frings-Fürst) NOTE: 2017-04-21 update: https://lists.debian.org/1492754083.10406.1.ca...@jff-webhosting.net -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r51206 - data/CVE
Author: carnil Date: 2017-04-30 12:30:45 + (Sun, 30 Apr 2017) New Revision: 51206 Modified: data/CVE/list Log: Mark CVE-2016-7815 as NFU Modified: data/CVE/list === --- data/CVE/list 2017-04-30 09:46:44 UTC (rev 51205) +++ data/CVE/list 2017-04-30 12:30:45 UTC (rev 51206) @@ -28098,7 +28098,7 @@ CVE-2016-7816 RESERVED CVE-2016-7815 (Remote Service Manager 3.0.0 to 3.1.4 fails to verify client ...) - TODO: check + NOT-FOR-US: Remote Service Manager provided by Cybozu CVE-2016-7814 RESERVED CVE-2016-7813 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r51205 - data/CVE
Author: carnil Date: 2017-04-30 09:46:44 + (Sun, 30 Apr 2017) New Revision: 51205 Modified: data/CVE/list Log: Add fixing commit for libxstream-java Modified: data/CVE/list === --- data/CVE/list 2017-04-30 08:40:10 UTC (rev 51204) +++ data/CVE/list 2017-04-30 09:46:44 UTC (rev 51205) @@ -881,6 +881,7 @@ CVE-2017-7957 (XStream through 1.4.9, when a certain denyTypes workaround is not used, ...) - libxstream-java (bug #861521) NOTE: https://x-stream.github.io/CVE-2017-7957.html + NOTE: Fixed by: https://github.com/x-stream/xstream/commit/b3570be CVE-2017-7956 RESERVED CVE-2017-7955 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r51204 - data/CVE
Author: carnil Date: 2017-04-30 08:40:10 + (Sun, 30 Apr 2017) New Revision: 51204 Modified: data/CVE/list Log: Add fixing version for #861514 in radicale with unstable upload Modified: data/CVE/list === --- data/CVE/list 2017-04-30 06:01:25 UTC (rev 51203) +++ data/CVE/list 2017-04-30 08:40:10 UTC (rev 51204) @@ -1,5 +1,5 @@ CVE-2017- [prone to timing oracles and simple bruteforce attacks] - - radicale (bug #861514) + - radicale 1.1.1+20160115-4 (bug #861514) NOTE: https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b (1.1.x) NOTE: https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d (master) CVE-2017-8327 (The bmpr_read_uncompressed function in imagew-bmp.c in ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits