[Secure-testing-commits] r55806 - data
Author: lamby Date: 2017-09-16 06:18:25 + (Sat, 16 Sep 2017) New Revision: 55806 Modified: data/dla-needed.txt Log: Triage ruby1.8 for LTS Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-09-15 21:50:08 UTC (rev 55805) +++ data/dla-needed.txt 2017-09-16 06:18:25 UTC (rev 55806) @@ -166,6 +166,8 @@ ruby-passenger NOTE: 20170812: I think this is ext/nginx/ContentHandler.c in create_request. (lamby) -- +ruby1.8 +-- ruby1.9.1 NOTE: FTBFS, see https://lists.debian.org/87h8wkzyos@curie.anarc.at -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r55805 - data/CVE
Author: carnil Date: 2017-09-15 21:50:08 + (Fri, 15 Sep 2017) New Revision: 55805 Modified: data/CVE/list Log: Process more NFUs Modified: data/CVE/list === --- data/CVE/list 2017-09-15 21:33:06 UTC (rev 55804) +++ data/CVE/list 2017-09-15 21:50:08 UTC (rev 55805) @@ -10250,7 +10250,7 @@ CVE-2017-10857 RESERVED CVE-2017-10856 (SEIL/X 4.60 to 5.72, SEIL/B1 4.60 to 5.72, SEIL/x86 3.20 to 5.72, ...) - TODO: check + NOT-FOR-US: SEIL CVE-2017-10855 (Untrusted search path vulnerability in FENCE-Explorer for Windows ...) NOT-FOR-US: FENCE-Explorer for Windows CVE-2017-10854 @@ -14323,7 +14323,7 @@ CVE-2017-9329 RESERVED CVE-2017-9328 (Shell metacharacter injection vulnerability in ...) - TODO: check + NOT-FOR-US: TerraMaster TOS CVE-2017-9327 RESERVED CVE-2017-9326 @@ -96449,7 +96449,7 @@ CVE-2014-9464 (SQL injection vulnerability in Category.php in Microweber CMS 0.95 ...) NOT-FOR-US: Microweber CMS CVE-2014-9463 (functions_vbseo_hook.php in the VBSEO module for vBulletin allows ...) - TODO: check + NOT-FOR-US: vBulletin CVE-2014-9462 (The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows ...) {DSA-3257-1 DLA-237-1} - mercurial 3.4-1 (bug #783237) @@ -102865,7 +102865,7 @@ CVE-2014-7809 (Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable ...) - libstruts1.2-java (Struts 2.0.0 through to Struts 2.3.16.3) CVE-2014-7808 (Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before ...) - TODO: check + NOT-FOR-US: Apache Wicket CVE-2014-7807 (Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows ...) NOT-FOR-US: Apache CloudStack CVE-2014-7806 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r55804 - data/CVE
Author: carnil Date: 2017-09-15 21:33:06 + (Fri, 15 Sep 2017) New Revision: 55804 Modified: data/CVE/list Log: Add CVE-2017-0898/ruby issue Modified: data/CVE/list === --- data/CVE/list 2017-09-15 21:29:25 UTC (rev 55803) +++ data/CVE/list 2017-09-15 21:33:06 UTC (rev 55804) @@ -38675,7 +38675,12 @@ NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch NOTE: Not considered a vulnerability per se, if this affects a terminal emulator it's a bug there CVE-2017-0898 (Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a leakage of its ...) - TODO: check + - ruby2.3 + - ruby2.1 + - ruby1.9.1 + - ruby1.8 + NOTE: https://github.com/mruby/mruby/issues/3722 + NOTE: https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/ CVE-2017-0897 (ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create ...) NOT-FOR-US: ExpressionEngine CVE-2017-0896 (Zulip Server 1.5.1 and below suffer from an error in the ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r55803 - data/CVE
Author: carnil Date: 2017-09-15 21:29:25 + (Fri, 15 Sep 2017) New Revision: 55803 Modified: data/CVE/list Log: Process some NFUs Modified: data/CVE/list === --- data/CVE/list 2017-09-15 21:25:34 UTC (rev 55802) +++ data/CVE/list 2017-09-15 21:29:25 UTC (rev 55803) @@ -1,7 +1,7 @@ CVE-2017-14499 RESERVED CVE-2017-14498 (SilverStripe CMS before 3.6.1 has XSS via an SVG document that is ...) - TODO: check + NOT-FOR-US: SilverStripe CMS CVE-2017-14497 (The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel ...) - linux [jessie] - linux (Vulnerable code not present) @@ -10242,17 +10242,17 @@ CVE-2017-10861 RESERVED CVE-2017-10860 (Untrusted search path vulnerability in "i-filter 6.0 installer" ...) - TODO: check + NOT-FOR-US: i-filter 6.0 installer CVE-2017-10859 (Untrusted search path vulnerability in "i-filter 6.0 installer" ...) - TODO: check + NOT-FOR-US: i-filter 6.0 installer CVE-2017-10858 (Untrusted search path vulnerability in "i-filter 6.0 install program" ...) - TODO: check + NOT-FOR-US: i-filter 6.0 install program CVE-2017-10857 RESERVED CVE-2017-10856 (SEIL/X 4.60 to 5.72, SEIL/B1 4.60 to 5.72, SEIL/x86 3.20 to 5.72, ...) TODO: check CVE-2017-10855 (Untrusted search path vulnerability in FENCE-Explorer for Windows ...) - TODO: check + NOT-FOR-US: FENCE-Explorer for Windows CVE-2017-10854 RESERVED CVE-2017-10853 @@ -10270,9 +10270,9 @@ CVE-2017-10847 RESERVED CVE-2017-10846 (Wi-Fi STATION L-02F Software version V10b and earlier allows remote ...) - TODO: check + NOT-FOR-US: Wi-Fi STATION L-02F Software CVE-2017-10845 (Wi-Fi STATION L-02F Software version V10g and earlier allows remote ...) - TODO: check + NOT-FOR-US: Wi-Fi STATION L-02F Software CVE-2017-10844 (baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to ...) NOT-FOR-US: baserCMS CVE-2017-10843 (baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote ...) @@ -10334,9 +10334,9 @@ CVE-2017-10815 (MaLion for Windows 5.2.1 and earlier (only when "Remote Control" is ...) NOT-FOR-US: MaLion CVE-2017-10814 (Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier ...) - TODO: check + NOT-FOR-US: CG-WLR300NM Firmware CVE-2017-10813 (CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to ...) - TODO: check + NOT-FOR-US: CG-WLR300NM Firmware CVE-2017-10812 (Untrusted search path vulnerability in Photo Collection PC Software ...) NOT-FOR-US: Photo Collection PC Software CVE-2017-10811 (Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an ...) @@ -28799,11 +28799,11 @@ CVE-2017-4927 RESERVED CVE-2017-4926 (VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability ...) - TODO: check + NOT-FOR-US: VMware CVE-2017-4925 (VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without ...) - TODO: check + NOT-FOR-US: VMware CVE-2017-4924 (VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation ...) - TODO: check + NOT-FOR-US: VMware CVE-2017-4923 (VMware vCenter Server (6.5 prior to 6.5 U1) contains an information ...) NOT-FOR-US: VMware CVE-2017-4922 (VMware vCenter Server (6.5 prior to 6.5 U1) contains an information ...) @@ -99276,7 +99276,7 @@ CVE-2015-0111 RESERVED CVE-2015-0110 (IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and ...) - TODO: check + NOT-FOR-US: IBM CVE-2015-0109 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...) NOT-FOR-US: IBM CVE-2015-0108 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r55802 - data/CVE
Author: carnil Date: 2017-09-15 21:25:34 + (Fri, 15 Sep 2017) New Revision: 55802 Modified: data/CVE/list Log: Sync status for CVE-2017-14497 Modified: data/CVE/list === --- data/CVE/list 2017-09-15 21:24:17 UTC (rev 55801) +++ data/CVE/list 2017-09-15 21:25:34 UTC (rev 55802) @@ -4,6 +4,8 @@ TODO: check CVE-2017-14497 (The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel ...) - linux + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/edbd58be15a957f6a760c4a514cd475217eb97fd (v4.13) CVE-2017-14496 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r55801 - data/CVE
Author: jmm Date: 2017-09-15 21:24:17 + (Fri, 15 Sep 2017) New Revision: 55801 Modified: data/CVE/list Log: ledger no-dsa Modified: data/CVE/list === --- data/CVE/list 2017-09-15 21:19:39 UTC (rev 55800) +++ data/CVE/list 2017-09-15 21:24:17 UTC (rev 55801) @@ -34510,10 +34510,14 @@ CVE-2017-2809 (An exploitable vulnerability exists in the yaml loading functionality ...) NOT-FOR-US: Ansible Vault CVE-2017-2808 (An exploitable use-after-free vulnerability exists in the account ...) - - ledger + - ledger (low) + [stretch] - ledger (Minor issue) + [jessie] - ledger (Minor issue) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0304 CVE-2017-2807 (An exploitable buffer overflow vulnerability exists in the tag parsing ...) - - ledger + - ledger (low) + [stretch] - ledger (Minor issue) + [jessie] - ledger (Minor issue) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0303 CVE-2017-2806 (An exploitable arbitrary read exists in the XLS parsing of the Lexmark ...) NOT-FOR-US: Lexmark Perspective Document Filters conversion functionality ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r55800 - in data: . DSA
Author: jmm Date: 2017-09-15 21:19:39 + (Fri, 15 Sep 2017) New Revision: 55800 Modified: data/DSA/list data/dsa-needed.txt Log: emacs25 DSA Modified: data/DSA/list === --- data/DSA/list 2017-09-15 21:17:20 UTC (rev 55799) +++ data/DSA/list 2017-09-15 21:19:39 UTC (rev 55800) @@ -1,3 +1,6 @@ +[15 Sep 2017] DSA-3975-1 emacs25 - security update + {CVE-2017-14482} + [stretch] - emacs25 25.1+1-4+deb9u1 [15 Sep 2017] DSA-3974-1 tomcat8 - security update {CVE-2017-7674} [jessie] - tomcat8 8.0.14-1+deb8u11 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-09-15 21:17:20 UTC (rev 55799) +++ data/dsa-needed.txt 2017-09-15 21:19:39 UTC (rev 55800) @@ -34,8 +34,6 @@ As per 2017-09-12 no obvious regressions were reported, maybe still go via a point release. -- -emacs25/stable (jmm) --- ghostscript (carnil) -- graphicsmagick ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r55799 - data/CVE
Author: carnil Date: 2017-09-15 21:17:20 + (Fri, 15 Sep 2017) New Revision: 55799 Modified: data/CVE/list Log: Add CVE-2017-14497/linux Modified: data/CVE/list === --- data/CVE/list 2017-09-15 21:13:58 UTC (rev 55798) +++ data/CVE/list 2017-09-15 21:17:20 UTC (rev 55799) @@ -3,7 +3,8 @@ CVE-2017-14498 (SilverStripe CMS before 3.6.1 has XSS via an SVG document that is ...) TODO: check CVE-2017-14497 (The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel ...) - TODO: check + - linux + NOTE: Fixed by: https://git.kernel.org/linus/edbd58be15a957f6a760c4a514cd475217eb97fd (v4.13) CVE-2017-14496 RESERVED CVE-2017-14495 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r55798 - data/CVE
Author: carnil Date: 2017-09-15 21:13:58 + (Fri, 15 Sep 2017) New Revision: 55798 Modified: data/CVE/list Log: Add CVE-2017-14489/linux Modified: data/CVE/list === --- data/CVE/list 2017-09-15 21:11:02 UTC (rev 55797) +++ data/CVE/list 2017-09-15 21:13:58 UTC (rev 55798) @@ -19,7 +19,8 @@ CVE-2017-14490 RESERVED CVE-2017-14489 (The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the ...) - TODO: check + - linux + NOTE: https://patchwork.kernel.org/patch/9923803/ CVE-2017-14488 RESERVED CVE-2017-14487 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r55797 - data/CVE
Author: carnil Date: 2017-09-15 21:11:02 + (Fri, 15 Sep 2017) New Revision: 55797 Modified: data/CVE/list Log: freexl fixed in unstable Modified: data/CVE/list === --- data/CVE/list 2017-09-15 21:10:15 UTC (rev 55796) +++ data/CVE/list 2017-09-15 21:11:02 UTC (rev 55797) @@ -34208,12 +34208,12 @@ NOTE: http://www.openwall.com/lists/oss-security/2016/12/03/5 CVE-2017-2924 [Heap-based buffer overflow in the read_legacy_biff function] RESERVED - - freexl (bug #875691) + - freexl 1.0.4-1 (bug #875691) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0431 NOTE: https://www.gaia-gis.it/fossil/freexl/ci/40c17539ea56f0d8 CVE-2017-2923 [Heap-based buffer overflow in the read_biff_next_record function] RESERVED - - freexl (bug #875690) + - freexl 1.0.4-1 (bug #875690) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0430 NOTE: https://www.gaia-gis.it/fossil/freexl/ci/40c17539ea56f0d8 CVE-2017-2922 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r55796 - data/CVE
Author: sectracker Date: 2017-09-15 21:10:15 + (Fri, 15 Sep 2017) New Revision: 55796 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-09-15 20:54:15 UTC (rev 55795) +++ data/CVE/list 2017-09-15 21:10:15 UTC (rev 55796) @@ -1,3 +1,37 @@ +CVE-2017-14499 + RESERVED +CVE-2017-14498 (SilverStripe CMS before 3.6.1 has XSS via an SVG document that is ...) + TODO: check +CVE-2017-14497 (The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel ...) + TODO: check +CVE-2017-14496 + RESERVED +CVE-2017-14495 + RESERVED +CVE-2017-14494 + RESERVED +CVE-2017-14493 + RESERVED +CVE-2017-14492 + RESERVED +CVE-2017-14491 + RESERVED +CVE-2017-14490 + RESERVED +CVE-2017-14489 (The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the ...) + TODO: check +CVE-2017-14488 + RESERVED +CVE-2017-14487 + RESERVED +CVE-2017-14486 + RESERVED +CVE-2017-14485 + RESERVED +CVE-2017-14484 (The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great ...) + TODO: check +CVE-2017-14483 (flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 ...) + TODO: check CVE-2017-1002100 (Default access permissions for Persistent Volumes (PVs) created by the ...) - kubernetes (Vulnerable code not yet present) CVE-2017-1002028 (Vulnerability in wordpress plugin wordpress-gallery-transformation ...) @@ -352,8 +386,7 @@ - libraw NOTE: https://github.com/LibRaw/LibRaw/issues/100 NOTE: https://github.com/LibRaw/LibRaw/commit/8303e74b0567806dd5f16fc39aab70fe928de1a2 -CVE-2017-14340 - RESERVED +CVE-2017-14340 (The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux ...) - linux NOTE: Fixed by: https://git.kernel.org/linus/b31ff3cdf540110da4572e3e29bd172087af65cc CVE-2017-14339 @@ -2025,7 +2058,7 @@ NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2727 NOTE: Fixed by: https://github.com/vadz/libtiff/commit/f91ca83a21a6a583050e5a5755ce1441b2bf1d7e CVE-2017-13725 (The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13724 (On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site ...) NOT-FOR-US: Axesstel MU553S MU55XS-V1.14 @@ -2162,16 +2195,16 @@ CVE-2017-13691 RESERVED CVE-2017-13690 (The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13689 (The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13688 (The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13687 (The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13686 (net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too ...) - linux (Vulnerable code not present) @@ -3473,217 +3506,217 @@ CVE-2017-13056 RESERVED CVE-2017-13055 (The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13054 (The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13053 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13052 (The CFM parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13051 (The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13050 (The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13049 (The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13048 (The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13047 (The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...) - {DSA-3971-1} + {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13046 (The BGP
[Secure-testing-commits] r55795 - data/CVE
Author: carnil Date: 2017-09-15 20:54:15 + (Fri, 15 Sep 2017) New Revision: 55795 Modified: data/CVE/list Log: CVE-2017-14348: mark for now again as unfixed Note for reviewers: The problematic code is at least present 0.18.2-2. Needs double-check. Modified: data/CVE/list === --- data/CVE/list 2017-09-15 20:53:58 UTC (rev 55794) +++ data/CVE/list 2017-09-15 20:54:15 UTC (rev 55795) @@ -349,7 +349,7 @@ NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d63315a64267c565d1f34b9cb523a14616fed24 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4eae304e773bad8a876c3c26fdffac24d4253ae4 CVE-2017-14348 (LibRaw before 0.18.4 has a heap-based Buffer Overflow in the ...) - - libraw (Vulnerable code introduced later) + - libraw NOTE: https://github.com/LibRaw/LibRaw/issues/100 NOTE: https://github.com/LibRaw/LibRaw/commit/8303e74b0567806dd5f16fc39aab70fe928de1a2 CVE-2017-14340 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r55794 - data/CVE
Author: carnil Date: 2017-09-15 20:53:58 + (Fri, 15 Sep 2017) New Revision: 55794 Modified: data/CVE/list Log: Add reference for CVE-2017-14265 Modified: data/CVE/list === --- data/CVE/list 2017-09-15 18:51:09 UTC (rev 55793) +++ data/CVE/list 2017-09-15 20:53:58 UTC (rev 55794) @@ -551,6 +551,7 @@ CVE-2017-14265 (A Stack-based Buffer Overflow was discovered in xtrans_interpolate in ...) - libraw NOTE: https://github.com/LibRaw/LibRaw/issues/99 + NOTE: https://github.com/LibRaw/LibRaw/commit/82616eff4c7f7437e96bdeeed238c3ef3dc12d60 CVE-2017-14264 RESERVED CVE-2017-14263 (Honeywell NVR devices allow remote attackers to create a user account ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r55793 - data/CVE
Author: carnil Date: 2017-09-15 18:51:09 + (Fri, 15 Sep 2017) New Revision: 55793 Modified: data/CVE/list Log: Add fixing commit for CVE-2017-14348 Modified: data/CVE/list === --- data/CVE/list 2017-09-15 18:21:49 UTC (rev 55792) +++ data/CVE/list 2017-09-15 18:51:09 UTC (rev 55793) @@ -351,6 +351,7 @@ CVE-2017-14348 (LibRaw before 0.18.4 has a heap-based Buffer Overflow in the ...) - libraw (Vulnerable code introduced later) NOTE: https://github.com/LibRaw/LibRaw/issues/100 + NOTE: https://github.com/LibRaw/LibRaw/commit/8303e74b0567806dd5f16fc39aab70fe928de1a2 CVE-2017-14340 RESERVED - linux ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r55792 - data/CVE
Author: carnil Date: 2017-09-15 18:21:49 + (Fri, 15 Sep 2017) New Revision: 55792 Modified: data/CVE/list Log: Add CVE-2017-1000252/linux Modified: data/CVE/list === --- data/CVE/list 2017-09-15 15:09:26 UTC (rev 55791) +++ data/CVE/list 2017-09-15 18:21:49 UTC (rev 55792) @@ -873,6 +873,10 @@ NOTE: https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_mqc_flush-mqc-c/ NOTE: https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9 NOTE: https://github.com/uclouvain/openjpeg/issues/982 +CVE-2017-1000252 [KVM denial of service with posted interrupts on Intel systems] + - linux + NOTE: https://marc.info/?l=kvm&m=15054914575&w=2 + NOTE: https://marc.info/?l=kvm&m=15054914637&w=2 CVE-2017-1000251 (The native Bluetooth stack in the Linux Kernel (BlueZ), starting at ...) - linux (bug #875881) NOTE: Fixed by: https://git.kernel.org/linus/e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r55791 - data/CVE
Author: jmm Date: 2017-09-15 15:09:26 + (Fri, 15 Sep 2017) New Revision: 55791 Modified: data/CVE/list Log: binutils fixed two unrar issues unimportant Modified: data/CVE/list === --- data/CVE/list 2017-09-15 14:55:25 UTC (rev 55790) +++ data/CVE/list 2017-09-15 15:09:26 UTC (rev 55791) @@ -952,7 +952,7 @@ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22058 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2a143b99fc4a5094a9cf128f3184d8e6818c8229 CVE-2017-14129 (The read_section function in dwarf2.c in the Binary File Descriptor ...) - - binutils (low) + - binutils 2.29-10 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) @@ -976,13 +976,13 @@ CVE-2017-14123 (Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File ...) NOT-FOR-US: Zoho ManageEngine CVE-2017-14122 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based ...) - - unrar-free (bug #874060) - [wheezy] - unrar-free (Minor issue) + - unrar-free (unimportant; bug #874060) NOTE: http://www.openwall.com/lists/oss-security/2017/08/20/1 + NOTE: Crash in CLI tool, no security impact CVE-2017-14121 (The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free ...) - - unrar-free (bug #874061) - [wheezy] - unrar-free (Minor issue) + - unrar-free (unimportant; bug #874061) NOTE: http://www.openwall.com/lists/oss-security/2017/08/20/1 + NOTE: Crash in CLI tool, no security impact CVE-2017-14120 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory ...) {DLA-1091-1} - unrar-free 1:0.0.1+cvs20140707-2 (bug #874059) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r55790 - data/CVE
Author: carnil Date: 2017-09-15 14:55:25 + (Fri, 15 Sep 2017) New Revision: 55790 Modified: data/CVE/list Log: Add bug reference for CVE-2017-1000251 Modified: data/CVE/list === --- data/CVE/list 2017-09-15 14:55:12 UTC (rev 55789) +++ data/CVE/list 2017-09-15 14:55:25 UTC (rev 55790) @@ -874,7 +874,7 @@ NOTE: https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9 NOTE: https://github.com/uclouvain/openjpeg/issues/982 CVE-2017-1000251 (The native Bluetooth stack in the Linux Kernel (BlueZ), starting at ...) - - linux + - linux (bug #875881) NOTE: Fixed by: https://git.kernel.org/linus/e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3 NOTE: https://www.armis.com/blueborne/ NOTE: https://access.redhat.com/security/vulnerabilities/blueborne ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r55789 - data/CVE
Author: carnil Date: 2017-09-15 14:55:12 + (Fri, 15 Sep 2017) New Revision: 55789 Modified: data/CVE/list Log: Sort entries Modified: data/CVE/list === --- data/CVE/list 2017-09-15 11:58:23 UTC (rev 55788) +++ data/CVE/list 2017-09-15 14:55:12 UTC (rev 55789) @@ -19364,8 +19364,8 @@ CVE-2017-7675 (The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and ...) - tomcat9 (bug #802312) - tomcat8 8.5.16-1 + [stretch] - tomcat8 8.5.14-1+deb9u2 [jessie] - tomcat8 (Only affects 8.5.0 to 8.5.15) - [stretch] - tomcat8 8.5.14-1+deb9u2 - tomcat7 (Only affects Tomcat 8.5.x and 9.x series; vulnerable code not present) - tomcat6 (Only affects Tomcat 8.5.x and 9.x series; vulnerable code not present) NOTE: Fixed by: http://svn.apache.org/r1796091 (8.5.x) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r55788 - in data: CVE DSA
Author: seb Date: 2017-09-15 11:58:23 + (Fri, 15 Sep 2017) New Revision: 55788 Modified: data/CVE/list data/DSA/list Log: Record that CVE-2017-7675 (tomcat8) only affected stretch Modified: data/CVE/list === --- data/CVE/list 2017-09-15 11:40:00 UTC (rev 55787) +++ data/CVE/list 2017-09-15 11:58:23 UTC (rev 55788) @@ -19365,6 +19365,7 @@ - tomcat9 (bug #802312) - tomcat8 8.5.16-1 [jessie] - tomcat8 (Only affects 8.5.0 to 8.5.15) + [stretch] - tomcat8 8.5.14-1+deb9u2 - tomcat7 (Only affects Tomcat 8.5.x and 9.x series; vulnerable code not present) - tomcat6 (Only affects Tomcat 8.5.x and 9.x series; vulnerable code not present) NOTE: Fixed by: http://svn.apache.org/r1796091 (8.5.x) Modified: data/DSA/list === --- data/DSA/list 2017-09-15 11:40:00 UTC (rev 55787) +++ data/DSA/list 2017-09-15 11:58:23 UTC (rev 55788) @@ -1,5 +1,5 @@ [15 Sep 2017] DSA-3974-1 tomcat8 - security update - {CVE-2017-7674 CVE-2017-7675} + {CVE-2017-7674} [jessie] - tomcat8 8.0.14-1+deb8u11 [stretch] - tomcat8 8.5.14-1+deb9u2 [14 Sep 2017] DSA-3973-1 wordpress-shibboleth - security update ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r55787 - in data: . DSA
Author: seb Date: 2017-09-15 11:40:00 + (Fri, 15 Sep 2017) New Revision: 55787 Modified: data/DSA/list data/dsa-needed.txt Log: Reserve DSA-3974-1 for tomcat8 (CVE-2017-7674, CVE-2017-7675) Modified: data/DSA/list === --- data/DSA/list 2017-09-15 09:59:09 UTC (rev 55786) +++ data/DSA/list 2017-09-15 11:40:00 UTC (rev 55787) @@ -1,3 +1,7 @@ +[15 Sep 2017] DSA-3974-1 tomcat8 - security update + {CVE-2017-7674 CVE-2017-7675} + [jessie] - tomcat8 8.0.14-1+deb8u11 + [stretch] - tomcat8 8.5.14-1+deb9u2 [14 Sep 2017] DSA-3973-1 wordpress-shibboleth - security update {CVE-2017-14313} [jessie] - wordpress-shibboleth 1.4-2+deb8u1 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-09-15 09:59:09 UTC (rev 55786) +++ data/dsa-needed.txt 2017-09-15 11:40:00 UTC (rev 55787) @@ -85,11 +85,6 @@ tiff wait until more issues are around -- -tomcat8 (seb) - Maintainer proposed update for stretch-security - Message-ID: <2e56b0df-96c2-e216-e1e1-91b3f78b6...@debian.org> - Update for jessie-security pending/missing --- vlc wait until 2.2.7 release -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r55786 - data/CVE
Author: fgeek-guest Date: 2017-09-15 09:59:09 + (Fri, 15 Sep 2017) New Revision: 55786 Modified: data/CVE/list Log: CVE-2017-14348/libraw Modified: data/CVE/list === --- data/CVE/list 2017-09-15 09:55:37 UTC (rev 55785) +++ data/CVE/list 2017-09-15 09:59:09 UTC (rev 55786) @@ -349,7 +349,7 @@ NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d63315a64267c565d1f34b9cb523a14616fed24 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4eae304e773bad8a876c3c26fdffac24d4253ae4 CVE-2017-14348 (LibRaw before 0.18.4 has a heap-based Buffer Overflow in the ...) - - libraw + - libraw (Vulnerable code introduced later) NOTE: https://github.com/LibRaw/LibRaw/issues/100 CVE-2017-14340 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r55785 - data/DLA
Author: agx Date: 2017-09-15 09:55:37 + (Fri, 15 Sep 2017) New Revision: 55785 Modified: data/DLA/list Log: lts: tcpdump: remove CVEs that were fixed in DLA-1090-1 already Modified: data/DLA/list === --- data/DLA/list 2017-09-15 09:50:54 UTC (rev 55784) +++ data/DLA/list 2017-09-15 09:55:37 UTC (rev 55785) @@ -1,5 +1,5 @@ [15 Sep 2017] DLA-1097-1 tcpdump - security update - {CVE-2017-11541 CVE-2017-11542 CVE-2017-11543 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995 CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2 017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725} + {CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995 CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2 017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725} [wheezy] - tcpdump 4.9.2-1~deb7u1 [13 Sep 2017] DLA-1096-1 wordpress-shibboleth - security update {CVE-2017-14313} ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r55784 - data/CVE
Author: fgeek-guest Date: 2017-09-15 09:50:54 + (Fri, 15 Sep 2017) New Revision: 55784 Modified: data/CVE/list Log: CVE-2017-2816/libofx Modified: data/CVE/list === --- data/CVE/list 2017-09-15 09:49:15 UTC (rev 55783) +++ data/CVE/list 2017-09-15 09:50:54 UTC (rev 55784) @@ -34446,6 +34446,7 @@ CVE-2017-2816 (An exploitable buffer overflow vulnerability exists in the tag parsing ...) - libofx (bug #875801) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0317 + NOTE: https://github.com/libofx/libofx/issues/9 CVE-2017-2815 RESERVED CVE-2017-2814 (An exploitable heap overflow vulnerability exists in the image ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r55783 - data/DLA
Author: agx Date: 2017-09-15 09:49:15 + (Fri, 15 Sep 2017) New Revision: 55783 Modified: data/DLA/list Log: lts: grab DLA for tcpdump Modified: data/DLA/list === --- data/DLA/list 2017-09-15 09:43:14 UTC (rev 55782) +++ data/DLA/list 2017-09-15 09:49:15 UTC (rev 55783) @@ -1,3 +1,6 @@ +[15 Sep 2017] DLA-1097-1 tcpdump - security update + {CVE-2017-11541 CVE-2017-11542 CVE-2017-11543 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995 CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2 017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725} + [wheezy] - tcpdump 4.9.2-1~deb7u1 [13 Sep 2017] DLA-1096-1 wordpress-shibboleth - security update {CVE-2017-14313} [wheezy] - wordpress-shibboleth 1.4-2+deb7u1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r55782 - data/CVE
Author: fgeek-guest Date: 2017-09-15 09:43:14 + (Fri, 15 Sep 2017) New Revision: 55782 Modified: data/CVE/list Log: typofix Modified: data/CVE/list === --- data/CVE/list 2017-09-15 08:50:22 UTC (rev 55781) +++ data/CVE/list 2017-09-15 09:43:14 UTC (rev 55782) @@ -1819,7 +1819,7 @@ CVE-2017-13762 (ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS. ...) NOT-FOR-US: ONOS CVE-2017-13761 (The Fastly CDN module before 1.2.26 for Magneto2, when used with a ...) - NOT-FOR-US: Fastly CDN module for Magneto2 + NOT-FOR-US: Fastly CDN module for Magento2 CVE-2017-13760 (In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in ...) - sleuthkit (unimportant; bug #873724) NOTE: https://github.com/sleuthkit/sleuthkit/issues/906 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r55781 - data
Author: jmm Date: 2017-09-15 08:50:22 + (Fri, 15 Sep 2017) New Revision: 55781 Modified: data/dsa-needed.txt Log: take emacs25 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-09-15 07:54:55 UTC (rev 55780) +++ data/dsa-needed.txt 2017-09-15 08:50:22 UTC (rev 55781) @@ -34,7 +34,7 @@ As per 2017-09-12 no obvious regressions were reported, maybe still go via a point release. -- -emacs25/stable +emacs25/stable (jmm) -- ghostscript (carnil) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r55780 - data
Author: seb Date: 2017-09-15 07:54:55 + (Fri, 15 Sep 2017) New Revision: 55780 Modified: data/dsa-needed.txt Log: Take tomcat8 (CVE-2017-7674, CVE-2017-7675) Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-09-15 07:26:59 UTC (rev 55779) +++ data/dsa-needed.txt 2017-09-15 07:54:55 UTC (rev 55780) @@ -85,7 +85,7 @@ tiff wait until more issues are around -- -tomcat8 +tomcat8 (seb) Maintainer proposed update for stretch-security Message-ID: <2e56b0df-96c2-e216-e1e1-91b3f78b6...@debian.org> Update for jessie-security pending/missing ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r55779 - data/CVE
Author: carnil Date: 2017-09-15 07:26:59 + (Fri, 15 Sep 2017) New Revision: 55779 Modified: data/CVE/list Log: Add todo for CVE-2017-12167 Modified: data/CVE/list === --- data/CVE/list 2017-09-15 06:59:54 UTC (rev 55778) +++ data/CVE/list 2017-09-15 07:26:59 UTC (rev 55779) @@ -6362,6 +6362,7 @@ RESERVED CVE-2017-12167 RESERVED + TODO: check, possibly Red Hat specific issue CVE-2017-12166 RESERVED CVE-2017-12165 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r55778 - data
Author: lamby Date: 2017-09-15 06:59:54 + (Fri, 15 Sep 2017) New Revision: 55778 Modified: data/dla-needed.txt Log: Triage emacs23 for LTS Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-09-15 06:41:17 UTC (rev 55777) +++ data/dla-needed.txt 2017-09-15 06:59:54 UTC (rev 55778) @@ -46,6 +46,8 @@ NOTE: 20170510, patch available, however not yet applied upstream. NOTE: 20170706: no change upstream, patch disputed. -- +emacs23 +-- exiv2 (Raphaƫl Hertzog) NOTE: 20170702, no upstream fix yet, so no need to bother maintainer yet, sent email later -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits