[Secure-testing-commits] r57273 - data/CVE
Author: carnil Date: 2017-11-03 06:17:15 + (Fri, 03 Nov 2017) New Revision: 57273 Modified: data/CVE/list Log: Add source package information for CVE-2017-15100 Modified: data/CVE/list === --- data/CVE/list 2017-11-02 23:55:38 UTC (rev 57272) +++ data/CVE/list 2017-11-03 06:17:15 UTC (rev 57273) @@ -3679,6 +3679,7 @@ RESERVED CVE-2017-15100 RESERVED + - foreman (bug #663101) CVE-2017-15099 RESERVED CVE-2017-15098 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57272 - data/CVE
Author: luciano Date: 2017-11-02 23:55:38 + (Thu, 02 Nov 2017) New Revision: 57272 Modified: data/CVE/list Log: CVE-2015-7686: #868170 Modified: data/CVE/list === --- data/CVE/list 2017-11-02 22:55:17 UTC (rev 57271) +++ data/CVE/list 2017-11-02 23:55:38 UTC (rev 57272) @@ -81257,7 +81257,7 @@ CVE-2015-7687 (Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote ...) - opensmtpd 5.7.3p1-1 (bug #800787) CVE-2015-7686 (Algorithmic complexity vulnerability in Address.pm in the ...) - - libemail-address-perl (unimportant) + - libemail-address-perl (bug #868170; unimportant) [jessie] - libemail-address-perl (Minor issue) [wheezy] - libemail-address-perl (Minor issue) [squeeze] - libemail-address-perl (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57271 - data
Author: apo Date: 2017-11-02 22:55:17 + (Thu, 02 Nov 2017) New Revision: 57271 Modified: data/dla-needed.txt Log: Add openssl to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-11-02 22:53:26 UTC (rev 57270) +++ data/dla-needed.txt 2017-11-02 22:55:17 UTC (rev 57271) @@ -74,6 +74,9 @@ -- openjdk-7 (Emilio Pozuelo) -- +openssl + NOTE: I assume Kurt Roeckx will take care of it again. +-- pngcrush NOTE: CVE-2015-7700: the problematic call to png_free_data() is present NOTE: in wheezy but it's not clear to me where the other call to free() is. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57270 - data
Author: apo Date: 2017-11-02 22:53:26 + (Thu, 02 Nov 2017) New Revision: 57270 Modified: data/dla-needed.txt Log: Add wordpress to dla-needed.txt and claim it. Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-11-02 22:52:48 UTC (rev 57269) +++ data/dla-needed.txt 2017-11-02 22:53:26 UTC (rev 57270) @@ -128,6 +128,8 @@ NOTE: 2017-08-28: Contacted maintainer since most NOTE: issues affect Jessie/Stretch as well -- +wordpress (Markus Koschany) +-- xen -- xorg-server (Emilio Pozuelo) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57269 - data
Author: apo Date: 2017-11-02 22:52:48 + (Thu, 02 Nov 2017) New Revision: 57269 Modified: data/dla-needed.txt Log: Remove liblouis from dla-needed.txt Most of the previous issues which were marked no-dsa don't affect Wheezy. The rest is rather minor. Let's follow Jessie and Co. Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-11-02 22:12:02 UTC (rev 57268) +++ data/dla-needed.txt 2017-11-02 22:52:48 UTC (rev 57269) @@ -31,8 +31,6 @@ libextractor NOTE: not all patches available, so didn't bothered maintainer yet -- -liblouis (Markus Koschany) --- libofx (Thorsten Alteholz) -- libreoffice (Emilio Pozuelo) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57268 - in data: . DLA
Author: apo
Date: 2017-11-02 22:12:02 + (Thu, 02 Nov 2017)
New Revision: 57268
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-1158-1 for bchunk
Modified: data/DLA/list
===
--- data/DLA/list 2017-11-02 21:38:13 UTC (rev 57267)
+++ data/DLA/list 2017-11-02 22:12:02 UTC (rev 57268)
@@ -1,3 +1,6 @@
+[02 Nov 2017] DLA-1158-1 bchunk - security update
+ {CVE-2017-15953 CVE-2017-15954 CVE-2017-15955}
+ [wheezy] - bchunk 1.2.0-12+deb7u1
[02 Nov 2017] DLA-1157-1 openssl - security update
{CVE-2017-3735}
[wheezy] - openssl 1.0.1t-1+deb7u3
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-11-02 21:38:13 UTC (rev 57267)
+++ data/dla-needed.txt 2017-11-02 22:12:02 UTC (rev 57268)
@@ -14,8 +14,6 @@
NOTE: 20170719: maintainer will handle the upload, see
https://lists.debian.org/d0b9674a-ac5b-5cc9-1982-fb6f36155...@pbandjelly.org
NOTE: 20171013: anarcat pinged maintainer:
https://lists.debian.org/87efpuc95w@curie.anarc.at
--
-bchunk (Markus Koschany)
---
graphicsmagick (Markus Koschany)
--
irssi (Rhonda D'Vine)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57267 - in data: . DSA
Author: jmm
Date: 2017-11-02 21:38:13 + (Thu, 02 Nov 2017)
New Revision: 57267
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
openjdk-8 DSA
Modified: data/DSA/list
===
--- data/DSA/list 2017-11-02 21:37:16 UTC (rev 57266)
+++ data/DSA/list 2017-11-02 21:38:13 UTC (rev 57267)
@@ -1,3 +1,6 @@
+[02 Nov 2017] DSA-4015-1 openjdk-8 - security update
+ {CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10295
CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349
CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388}
+ [stretch] - openjdk-8 8u151-b12-1~deb9u1
[01 Nov 2017] DSA-4014-1 thunderbird - security update
{CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818
CVE-2017-7819 CVE-2017-7823 CVE-2017-7824}
[jessie] - thunderbird 1:52.4.0-1~deb8u1
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2017-11-02 21:37:16 UTC (rev 57266)
+++ data/dsa-needed.txt 2017-11-02 21:38:13 UTC (rev 57267)
@@ -39,8 +39,6 @@
--
openjdk-7/oldstable (jmm)
--
-openjdk-8/stable (jmm)
---
openssl
--
openssl1.0/stable
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57266 - data/CVE
Author: carnil Date: 2017-11-02 21:37:16 + (Thu, 02 Nov 2017) New Revision: 57266 Modified: data/CVE/list Log: Process some Cisco-specific NFUs Modified: data/CVE/list === --- data/CVE/list 2017-11-02 21:29:03 UTC (rev 57265) +++ data/CVE/list 2017-11-02 21:37:16 UTC (rev 57266) @@ -11919,9 +11919,9 @@ CVE-2017-12296 (A vulnerability in Cisco WebEx Meetings Server could allow an ...) NOT-FOR-US: Cisco CVE-2017-12295 (A vulnerability in Cisco WebEx Meetings Server could allow an ...) - TODO: check + NOT-FOR-US: Cisco CVE-2017-12294 (A vulnerability in Cisco WebEx Meetings Server could allow an ...) - TODO: check + NOT-FOR-US: Cisco CVE-2017-12293 (A vulnerability in Cisco WebEx Meetings Server could allow an ...) NOT-FOR-US: Cisco CVE-2017-12292 @@ -11943,27 +11943,27 @@ CVE-2017-12284 (A vulnerability in the web interface of Cisco Jabber for Windows Client ...) NOT-FOR-US: Cisco CVE-2017-12283 (A vulnerability in the handling of 802.11w Protected Management Frames ...) - TODO: check + NOT-FOR-US: Cisco CVE-2017-12282 (A vulnerability in the Access Network Query Protocol (ANQP) ingress ...) - TODO: check + NOT-FOR-US: Cisco CVE-2017-12281 (A vulnerability in the implementation of Protected Extensible ...) - TODO: check + NOT-FOR-US: Cisco CVE-2017-12280 (A vulnerability in the Control and Provisioning of Wireless Access ...) - TODO: check + NOT-FOR-US: Cisco CVE-2017-12279 (A vulnerability in the packet processing code of Cisco IOS Software for ...) - TODO: check + NOT-FOR-US: Cisco CVE-2017-12278 (A vulnerability in the Simple Network Management Protocol (SNMP) ...) - TODO: check + NOT-FOR-US: Cisco CVE-2017-12277 (A vulnerability in the Smart Licensing Manager service of the Cisco ...) - TODO: check + NOT-FOR-US: Cisco CVE-2017-12276 (A vulnerability in the web framework code for the SQL database ...) - TODO: check + NOT-FOR-US: Cisco CVE-2017-12275 (A vulnerability in the implementation of 802.11v Basic Service Set ...) - TODO: check + NOT-FOR-US: Cisco CVE-2017-12274 (A vulnerability in Extensible Authentication Protocol (EAP) ingress ...) - TODO: check + NOT-FOR-US: Cisco CVE-2017-12273 (A vulnerability in 802.11 association request frame processing for the ...) - TODO: check + NOT-FOR-US: Cisco CVE-2017-12272 (A vulnerability in the web framework code of Cisco IOS XE Software ...) NOT-FOR-US: Cisco CVE-2017-12271 (A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow ...) @@ -11985,9 +11985,9 @@ CVE-2017-12263 (A vulnerability in the web interface of Cisco License Manager software ...) NOT-FOR-US: Cisco CVE-2017-12262 (A vulnerability within the firewall configuration of the Cisco ...) - TODO: check + NOT-FOR-US: Cisco CVE-2017-12261 (A vulnerability in the restricted shell of the Cisco Identity Services ...) - TODO: check + NOT-FOR-US: Cisco CVE-2017-12260 (A vulnerability in the implementation of Session Initiation Protocol ...) NOT-FOR-US: Cisco CVE-2017-12259 (A vulnerability in the implementation of Session Initiation Protocol ...) @@ -12023,7 +12023,7 @@ CVE-2017-12244 (A vulnerability in the detection engine parsing of IPv6 packets for ...) NOT-FOR-US: Cisco CVE-2017-12243 (A vulnerability in the Cisco Unified Computing System (UCS) Manager, ...) - TODO: check + NOT-FOR-US: Cisco CVE-2017-12242 RESERVED CVE-2017-12241 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57265 - data/CVE
Author: carnil Date: 2017-11-02 21:29:03 + (Thu, 02 Nov 2017) New Revision: 57265 Modified: data/CVE/list Log: Mark CVE-2014-8184/liblouis as no-dsa Modified: data/CVE/list === --- data/CVE/list 2017-11-02 21:25:17 UTC (rev 57264) +++ data/CVE/list 2017-11-02 21:29:03 UTC (rev 57265) @@ -107787,6 +107787,7 @@ CVE-2014-8184 [stack-based buffer overflow in findTable()] RESERVED - liblouis 2.6.2-1 (bug #880621) + [jessie] - liblouis (Minor issue) [wheezy] - liblouis (Vulnerable code introduced in 2.5.0) NOTE: https://github.com/liblouis/liblouis/issues/425 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1492701 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57264 - data/CVE
Author: carnil Date: 2017-11-02 21:25:17 + (Thu, 02 Nov 2017) New Revision: 57264 Modified: data/CVE/list Log: Add bug reference for tracking for liblouis issue, #880621 Modified: data/CVE/list === --- data/CVE/list 2017-11-02 21:17:13 UTC (rev 57263) +++ data/CVE/list 2017-11-02 21:25:17 UTC (rev 57264) @@ -107786,7 +107786,7 @@ REJECTED CVE-2014-8184 [stack-based buffer overflow in findTable()] RESERVED - - liblouis 2.6.2-1 + - liblouis 2.6.2-1 (bug #880621) [wheezy] - liblouis (Vulnerable code introduced in 2.5.0) NOTE: https://github.com/liblouis/liblouis/issues/425 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1492701 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57263 - data/CVE
Author: carnil Date: 2017-11-02 21:17:13 + (Thu, 02 Nov 2017) New Revision: 57263 Modified: data/CVE/list Log: Two CVEs were rejected after further investigation of the assigning CNA Modified: data/CVE/list === --- data/CVE/list 2017-11-02 21:13:30 UTC (rev 57262) +++ data/CVE/list 2017-11-02 21:17:13 UTC (rev 57263) @@ -2066,10 +2066,8 @@ NOT-FOR-US: XnView CVE-2017-15771 REJECTED - NOT-FOR-US: Foxit Reader CVE-2017-15770 REJECTED - NOT-FOR-US: Foxit Reader CVE-2017-15769 (IrfanView 4.50 - 64bit allows attackers to cause a denial of service or ...) NOT-FOR-US: IrfanView CVE-2017-15768 (IrfanView version 4.50 - 64bit allows attackers to cause a denial of ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57262 - data/CVE
Author: carnil Date: 2017-11-02 21:13:30 + (Thu, 02 Nov 2017) New Revision: 57262 Modified: data/CVE/list Log: CVE-2017-16510/wordpress assigned Modified: data/CVE/list === --- data/CVE/list 2017-11-02 21:10:12 UTC (rev 57261) +++ data/CVE/list 2017-11-02 21:13:30 UTC (rev 57262) @@ -1,5 +1,3 @@ -CVE-2017-16510 (WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() ...) - TODO: check CVE-2017-1000171 RESERVED CVE-2017-1000157 @@ -56,7 +54,7 @@ RESERVED CVE-2017-1000131 RESERVED -CVE-2017- [Unsafe queries with wpdb->prepare] +CVE-2017-16510 [Unsafe queries with wpdb->prepare] - wordpress 4.8.3+dfsg-1 (bug #880528) NOTE: https://wpvulndb.com/vulnerabilities/8941 NOTE: https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57261 - data/CVE
Author: sectracker Date: 2017-11-02 21:10:12 + (Thu, 02 Nov 2017) New Revision: 57261 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-02 21:07:55 UTC (rev 57260) +++ data/CVE/list 2017-11-02 21:10:12 UTC (rev 57261) @@ -1,3 +1,61 @@ +CVE-2017-16510 (WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() ...) + TODO: check +CVE-2017-1000171 + RESERVED +CVE-2017-1000157 + RESERVED +CVE-2017-1000156 + RESERVED +CVE-2017-1000155 + RESERVED +CVE-2017-1000154 + RESERVED +CVE-2017-1000153 + RESERVED +CVE-2017-1000152 + RESERVED +CVE-2017-1000151 + RESERVED +CVE-2017-1000150 + RESERVED +CVE-2017-1000149 + RESERVED +CVE-2017-1000148 + RESERVED +CVE-2017-1000147 + RESERVED +CVE-2017-1000146 + RESERVED +CVE-2017-1000145 + RESERVED +CVE-2017-1000144 + RESERVED +CVE-2017-1000143 + RESERVED +CVE-2017-1000142 + RESERVED +CVE-2017-1000141 + RESERVED +CVE-2017-1000140 + RESERVED +CVE-2017-1000139 + RESERVED +CVE-2017-1000138 + RESERVED +CVE-2017-1000137 + RESERVED +CVE-2017-1000136 + RESERVED +CVE-2017-1000135 + RESERVED +CVE-2017-1000134 + RESERVED +CVE-2017-1000133 + RESERVED +CVE-2017-1000132 + RESERVED +CVE-2017-1000131 + RESERVED CVE-2017- [Unsafe queries with wpdb->prepare] - wordpress 4.8.3+dfsg-1 (bug #880528) NOTE: https://wpvulndb.com/vulnerabilities/8941 @@ -2008,9 +2066,11 @@ NOT-FOR-US: XnView CVE-2017-15772 (XnView Classic for Windows Version 2.43 allows attackers to cause a ...) NOT-FOR-US: XnView -CVE-2017-15771 (Foxit Reader 8.3.2.25013 allows attackers to execute arbitrary code or ...) +CVE-2017-15771 + REJECTED NOT-FOR-US: Foxit Reader -CVE-2017-15770 (Foxit Reader 8.3.2.25013 allows attackers to execute arbitrary code or ...) +CVE-2017-15770 + REJECTED NOT-FOR-US: Foxit Reader CVE-2017-15769 (IrfanView 4.50 - 64bit allows attackers to cause a denial of service or ...) NOT-FOR-US: IrfanView @@ -11862,10 +11922,10 @@ RESERVED CVE-2017-12296 (A vulnerability in Cisco WebEx Meetings Server could allow an ...) NOT-FOR-US: Cisco -CVE-2017-12295 - RESERVED -CVE-2017-12294 - RESERVED +CVE-2017-12295 (A vulnerability in Cisco WebEx Meetings Server could allow an ...) + TODO: check +CVE-2017-12294 (A vulnerability in Cisco WebEx Meetings Server could allow an ...) + TODO: check CVE-2017-12293 (A vulnerability in Cisco WebEx Meetings Server could allow an ...) NOT-FOR-US: Cisco CVE-2017-12292 @@ -11886,28 +11946,28 @@ NOT-FOR-US: Cisco CVE-2017-12284 (A vulnerability in the web interface of Cisco Jabber for Windows Client ...) NOT-FOR-US: Cisco -CVE-2017-12283 - RESERVED -CVE-2017-12282 - RESERVED -CVE-2017-12281 - RESERVED -CVE-2017-12280 - RESERVED -CVE-2017-12279 - RESERVED -CVE-2017-12278 - RESERVED -CVE-2017-12277 - RESERVED -CVE-2017-12276 - RESERVED -CVE-2017-12275 - RESERVED -CVE-2017-12274 - RESERVED -CVE-2017-12273 - RESERVED +CVE-2017-12283 (A vulnerability in the handling of 802.11w Protected Management Frames ...) + TODO: check +CVE-2017-12282 (A vulnerability in the Access Network Query Protocol (ANQP) ingress ...) + TODO: check +CVE-2017-12281 (A vulnerability in the implementation of Protected Extensible ...) + TODO: check +CVE-2017-12280 (A vulnerability in the Control and Provisioning of Wireless Access ...) + TODO: check +CVE-2017-12279 (A vulnerability in the packet processing code of Cisco IOS Software for ...) + TODO: check +CVE-2017-12278 (A vulnerability in the Simple Network Management Protocol (SNMP) ...) + TODO: check +CVE-2017-12277 (A vulnerability in the Smart Licensing Manager service of the Cisco ...) + TODO: check +CVE-2017-12276 (A vulnerability in the web framework code for the SQL database ...) + TODO: check +CVE-2017-12275 (A vulnerability in the implementation of 802.11v Basic Service Set ...) + TODO: check +CVE-2017-12274 (A vulnerability in Extensible Authentication Protocol (EAP) ingress ...) + TODO: check +CVE-2017-12273 (A vulnerability in 802.11 association request frame processing for the ...) + TODO: check CVE-2017-12272 (A vulnerability in the web framework code of Cisco IOS XE Software ...) NOT-FOR-US: Cisco CVE-2017-12271 (A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow ...) @@ -11928,10 +11988,10 @@ NOT-FOR-US: Cisco CVE-2017-12263 (A vulnerability in the web interface of Cisco License Manager software ...) NOT-FOR-US: Cisco -CVE-2017-12262 - RESERVED -CVE-2017-12261 - RESERVED +CVE-2017-12
[Secure-testing-commits] r57260 - data/CVE
Author: carnil Date: 2017-11-02 21:07:55 + (Thu, 02 Nov 2017) New Revision: 57260 Modified: data/CVE/list Log: Fix typo in explanation Modified: data/CVE/list === --- data/CVE/list 2017-11-02 21:04:24 UTC (rev 57259) +++ data/CVE/list 2017-11-02 21:07:55 UTC (rev 57260) @@ -107730,7 +107730,7 @@ CVE-2014-8184 [stack-based buffer overflow in findTable()] RESERVED - liblouis 2.6.2-1 - [wheezy] - liblouis (Vulnerable code introducedi in 2.5.0) + [wheezy] - liblouis (Vulnerable code introduced in 2.5.0) NOTE: https://github.com/liblouis/liblouis/issues/425 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1492701 NOTE: Introduced by: https://github.com/liblouis/liblouis/commit/26ca8619a29951d6b4acf8b7a732a8b35e4e7bd3 (liblouis_2_5_0) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57259 - data/CVE
Author: carnil Date: 2017-11-02 21:04:24 + (Thu, 02 Nov 2017) New Revision: 57259 Modified: data/CVE/list Log: Lower bound information for CVE-2014-8184 Modified: data/CVE/list === --- data/CVE/list 2017-11-02 20:57:40 UTC (rev 57258) +++ data/CVE/list 2017-11-02 21:04:24 UTC (rev 57259) @@ -107730,6 +107730,7 @@ CVE-2014-8184 [stack-based buffer overflow in findTable()] RESERVED - liblouis 2.6.2-1 + [wheezy] - liblouis (Vulnerable code introducedi in 2.5.0) NOTE: https://github.com/liblouis/liblouis/issues/425 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1492701 NOTE: Introduced by: https://github.com/liblouis/liblouis/commit/26ca8619a29951d6b4acf8b7a732a8b35e4e7bd3 (liblouis_2_5_0) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57258 - data/CVE
Author: carnil Date: 2017-11-02 20:57:40 + (Thu, 02 Nov 2017) New Revision: 57258 Modified: data/CVE/list Log: Update information for CVE-2014-8184 Modified: data/CVE/list === --- data/CVE/list 2017-11-02 20:38:23 UTC (rev 57257) +++ data/CVE/list 2017-11-02 20:57:40 UTC (rev 57258) @@ -107729,9 +107729,13 @@ REJECTED CVE-2014-8184 [stack-based buffer overflow in findTable()] RESERVED - - liblouis + - liblouis 2.6.2-1 NOTE: https://github.com/liblouis/liblouis/issues/425 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1492701 + NOTE: Introduced by: https://github.com/liblouis/liblouis/commit/26ca8619a29951d6b4acf8b7a732a8b35e4e7bd3 (liblouis_2_5_0) + NOTE: Fixed in merge: https://github.com/liblouis/liblouis/commit/dc97ef791a4fae9da11592c79f9f79e010596e0c#diff-7ade83431f79d2120c82012aee3b05c9L4524 + NOTE: CVE is for several buffer overflows in the findTable function, cf. + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1492701#c7 CVE-2014-8183 RESERVED NOT-FOR-US: Red Hat Satellite ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57257 - data
Author: carnil Date: 2017-11-02 20:38:23 + (Thu, 02 Nov 2017) New Revision: 57257 Modified: data/dsa-needed.txt Log: Add openssl and openssl1.0 for dsa-needed list Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-11-02 20:25:32 UTC (rev 57256) +++ data/dsa-needed.txt 2017-11-02 20:38:23 UTC (rev 57257) @@ -41,6 +41,10 @@ -- openjdk-8/stable (jmm) -- +openssl +-- +openssl1.0/stable +-- php-horde-image -- php5 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57256 - data/CVE
Author: carnil
Date: 2017-11-02 20:25:32 + (Thu, 02 Nov 2017)
New Revision: 57256
Modified:
data/CVE/list
Log:
Mark CVE-2017-1593{1,2}/radare2 as no-dsa
Modified: data/CVE/list
===
--- data/CVE/list 2017-11-02 20:20:55 UTC (rev 57255)
+++ data/CVE/list 2017-11-02 20:25:32 UTC (rev 57256)
@@ -1637,12 +1637,14 @@
NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-15932 (In radare2 2.0.1, an integer exception (negative number
leading to an ...)
- radare2 (bug #880024)
+ [stretch] - radare2 (Minor issue)
[jessie] - radare2 (Vulnerable code introduced in 0.10.2)
[wheezy] - radare2 (Vulnerable code introduced in 0.10.2)
NOTE:
https://github.com/radare/radare2/commit/44ded3ff35b8264f54b5a900cab32ec489d9e5b9
NOTE: https://github.com/radare/radare2/issues/8743
CVE-2017-15931 (In radare2 2.0.1, an integer exception (negative number
leading to an ...)
- radare2 (bug #880025)
+ [stretch] - radare2 (Minor issue)
[jessie] - radare2 (Vulnerable code introduced in 0.10.2)
[wheezy] - radare2 (Vulnerable code introduced in 0.10.2)
NOTE:
https://github.com/radare/radare2/commit/c6d0076c924891ad9948a62d89d0bcdaf965f0cd
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57255 - data/CVE
Author: carnil Date: 2017-11-02 20:20:55 + (Thu, 02 Nov 2017) New Revision: 57255 Modified: data/CVE/list Log: Update information for CVE-2017-16357 Modified: data/CVE/list === --- data/CVE/list 2017-11-02 20:08:46 UTC (rev 57254) +++ data/CVE/list 2017-11-02 20:20:55 UTC (rev 57255) @@ -321,6 +321,9 @@ NOTE: https://github.com/radare/radare2/issues/8748 CVE-2017-16357 (In radare 2.0.1, a memory corruption vulnerability exists in ...) - radare2 + [stretch] - radare2 (Minor issue) + [jessie] - radare2 (Vulnerable code introduced later) + [wheezy] - radare2 (Vulnerable code introduced later) NOTE: https://github.com/radare/radare2/commit/0b973e28166636e0ff1fad80baa0385c9c09c53a NOTE: https://github.com/radare/radare2/issues/8742 CVE-2017-16356 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57254 - data/CVE
Author: carnil Date: 2017-11-02 20:08:46 + (Thu, 02 Nov 2017) New Revision: 57254 Modified: data/CVE/list Log: Add bug reference for CVE-2017-16358 Modified: data/CVE/list === --- data/CVE/list 2017-11-02 20:01:40 UTC (rev 57253) +++ data/CVE/list 2017-11-02 20:08:46 UTC (rev 57254) @@ -313,7 +313,7 @@ NOTE: https://github.com/radare/radare2/commit/fbaf24bce7ea4211e4608b3ab6c1b45702cb243d NOTE: https://github.com/radare/radare2/issues/8764 CVE-2017-16358 (In radare 2.0.1, an out-of-bounds read vulnerability exists in ...) - - radare2 + - radare2 (bug #880619) [stretch] - radare2 (Vulnerable code introduced later) [jessie] - radare2 (Vulnerable code introduced later) [wheezy] - radare2 (Vulnerable code introduced later) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57253 - data/CVE
Author: carnil Date: 2017-11-02 20:01:40 + (Thu, 02 Nov 2017) New Revision: 57253 Modified: data/CVE/list Log: Update information for CVE-2017-16358/radare2 Modified: data/CVE/list === --- data/CVE/list 2017-11-02 19:57:10 UTC (rev 57252) +++ data/CVE/list 2017-11-02 20:01:40 UTC (rev 57253) @@ -314,6 +314,9 @@ NOTE: https://github.com/radare/radare2/issues/8764 CVE-2017-16358 (In radare 2.0.1, an out-of-bounds read vulnerability exists in ...) - radare2 + [stretch] - radare2 (Vulnerable code introduced later) + [jessie] - radare2 (Vulnerable code introduced later) + [wheezy] - radare2 (Vulnerable code introduced later) NOTE: https://github.com/radare/radare2/commit/d31c4d3cbdbe01ea3ded16a584de94149ecd31d9 NOTE: https://github.com/radare/radare2/issues/8748 CVE-2017-16357 (In radare 2.0.1, a memory corruption vulnerability exists in ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57252 - data/CVE
Author: carnil Date: 2017-11-02 19:57:10 + (Thu, 02 Nov 2017) New Revision: 57252 Modified: data/CVE/list Log: Mark CVE-2017-16359 as no-dsa Modified: data/CVE/list === --- data/CVE/list 2017-11-02 19:55:54 UTC (rev 57251) +++ data/CVE/list 2017-11-02 19:57:10 UTC (rev 57252) @@ -305,6 +305,7 @@ RESERVED CVE-2017-16359 (In radare 2.0.1, a pointer wraparound vulnerability exists in ...) - radare2 (bug #880616) + [stretch] - radare2 (Minor issue) [jessie] - radare2 (Vulnerable code introduced later) [wheezy] - radare2 (Vulnerable code introduced later) NOTE: https://github.com/radare/radare2/commit/62e39f34b2705131a2d08aff0c2e542c6a52cf0e ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57251 - data/CVE
Author: carnil Date: 2017-11-02 19:55:54 + (Thu, 02 Nov 2017) New Revision: 57251 Modified: data/CVE/list Log: Add bug for CVE-2017-16359, mark versions earlier than 0.10.5+dfsg-1 as not affected Modified: data/CVE/list === --- data/CVE/list 2017-11-02 16:09:31 UTC (rev 57250) +++ data/CVE/list 2017-11-02 19:55:54 UTC (rev 57251) @@ -304,7 +304,9 @@ CVE-2017-16360 RESERVED CVE-2017-16359 (In radare 2.0.1, a pointer wraparound vulnerability exists in ...) - - radare2 + - radare2 (bug #880616) + [jessie] - radare2 (Vulnerable code introduced later) + [wheezy] - radare2 (Vulnerable code introduced later) NOTE: https://github.com/radare/radare2/commit/62e39f34b2705131a2d08aff0c2e542c6a52cf0e NOTE: https://github.com/radare/radare2/commit/d21e91f075a7a7a8ed23baa5c1bb1fac48313882 NOTE: https://github.com/radare/radare2/commit/fbaf24bce7ea4211e4608b3ab6c1b45702cb243d ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57250 - data/CVE
Author: carnil Date: 2017-11-02 16:09:31 + (Thu, 02 Nov 2017) New Revision: 57250 Modified: data/CVE/list Log: Remove postponed/no-dsa entries for openssl CVEs Modified: data/CVE/list === --- data/CVE/list 2017-11-02 15:49:36 UTC (rev 57249) +++ data/CVE/list 2017-11-02 16:09:31 UTC (rev 57250) @@ -37469,10 +37469,7 @@ NOTE: Fix for 1.1.0: https://git.openssl.org/?p=openssl.git;a=commit;h=4443cf7aa0099e5ce615c18cee249fff77fb0871 CVE-2017-3735 (While parsing an IPAddressFamily extension in an X.509 certificate, it ...) - openssl 1.1.0g-1 - [stretch] - openssl (Can be fixed with the next openssl security release) - [jessie] - openssl (Can be fixed with the next openssl security release) - openssl1.0 1.0.2m-1 - [stretch] - openssl1.0 (Can be fixed with the next openssl security release) NOTE: Fix for 1.0.2: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=31c8b265591a0aaa462a1f3eb5770661aaac67db NOTE: Fix for 1.1.0: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=068b963bb7afc57f5bdd723de0dd15e7795d5822 CVE-2017-3734 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57249 - data/DLA
Author: kroeckx
Date: 2017-11-02 15:49:36 + (Thu, 02 Nov 2017)
New Revision: 57249
Modified:
data/DLA/list
Log:
Fix version number
Modified: data/DLA/list
===
--- data/DLA/list 2017-11-02 15:38:47 UTC (rev 57248)
+++ data/DLA/list 2017-11-02 15:49:36 UTC (rev 57249)
@@ -1,6 +1,6 @@
[02 Nov 2017] DLA-1157-1 openssl - security update
{CVE-2017-3735}
- [wheezy] - openssl 1.0.1t-1+deb7u2
+ [wheezy] - openssl 1.0.1t-1+deb7u3
[31 Oct 2017] DLA-1156-1 libdatetime-timezone-perl - new upstream version
[wheezy] - libdatetime-timezone-perl 1:1.58-1+2017c
[31 Oct 2017] DLA-1155-1 tzdata - new upstream version
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57248 - data/CVE
Author: jmm Date: 2017-11-02 15:38:47 + (Thu, 02 Nov 2017) New Revision: 57248 Modified: data/CVE/list Log: remove since DLA is scheduled Modified: data/CVE/list === --- data/CVE/list 2017-11-02 15:30:24 UTC (rev 57247) +++ data/CVE/list 2017-11-02 15:38:47 UTC (rev 57248) @@ -37471,7 +37471,6 @@ - openssl 1.1.0g-1 [stretch] - openssl (Can be fixed with the next openssl security release) [jessie] - openssl (Can be fixed with the next openssl security release) - [wheezy] - openssl (Can be fixed with the next openssl security release) - openssl1.0 1.0.2m-1 [stretch] - openssl1.0 (Can be fixed with the next openssl security release) NOTE: Fix for 1.0.2: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=31c8b265591a0aaa462a1f3eb5770661aaac67db ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57247 - in data: CVE DLA
Author: kroeckx
Date: 2017-11-02 15:30:24 + (Thu, 02 Nov 2017)
New Revision: 57247
Modified:
data/CVE/list
data/DLA/list
Log:
OpenSSL security issues
Modified: data/CVE/list
===
--- data/CVE/list 2017-11-02 15:16:11 UTC (rev 57246)
+++ data/CVE/list 2017-11-02 15:30:24 UTC (rev 57247)
@@ -37460,18 +37460,19 @@
CVE-2017-3737
RESERVED
CVE-2017-3736 [bn_sqrx8x_internal carry bug on x86_64]
- RESERVED
- - openssl
- - openssl1.0
+ - openssl 1.1.0g-1
+ [jessie] - openssl (Vulnerable code not present)
+ [wheezy] - openssl (Vulnerable code not present)
+ - openssl1.0 1.0.2m-1
NOTE: https://www.openssl.org/news/secadv/20171102.txt
NOTE: Fix for 1.0.2:
https://git.openssl.org/?p=openssl.git;a=commit;h=38d600147331d36e74174ebbd4008b63188b321b
NOTE: Fix for 1.1.0:
https://git.openssl.org/?p=openssl.git;a=commit;h=4443cf7aa0099e5ce615c18cee249fff77fb0871
CVE-2017-3735 (While parsing an IPAddressFamily extension in an X.509
certificate, it ...)
- - openssl
+ - openssl 1.1.0g-1
[stretch] - openssl (Can be fixed with the next openssl
security release)
[jessie] - openssl (Can be fixed with the next openssl
security release)
[wheezy] - openssl (Can be fixed with the next openssl
security release)
- - openssl1.0
+ - openssl1.0 1.0.2m-1
[stretch] - openssl1.0 (Can be fixed with the next openssl
security release)
NOTE: Fix for 1.0.2:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=31c8b265591a0aaa462a1f3eb5770661aaac67db
NOTE: Fix for 1.1.0:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=068b963bb7afc57f5bdd723de0dd15e7795d5822
Modified: data/DLA/list
===
--- data/DLA/list 2017-11-02 15:16:11 UTC (rev 57246)
+++ data/DLA/list 2017-11-02 15:30:24 UTC (rev 57247)
@@ -1,4 +1,5 @@
[02 Nov 2017] DLA-1157-1 openssl - security update
+ {CVE-2017-3735}
[wheezy] - openssl 1.0.1t-1+deb7u2
[31 Oct 2017] DLA-1156-1 libdatetime-timezone-perl - new upstream version
[wheezy] - libdatetime-timezone-perl 1:1.58-1+2017c
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57246 - data/CVE
Author: jmm Date: 2017-11-02 15:16:11 + (Thu, 02 Nov 2017) New Revision: 57246 Modified: data/CVE/list Log: openssl fixes Modified: data/CVE/list === --- data/CVE/list 2017-11-02 15:08:15 UTC (rev 57245) +++ data/CVE/list 2017-11-02 15:16:11 UTC (rev 57246) @@ -37464,6 +37464,8 @@ - openssl - openssl1.0 NOTE: https://www.openssl.org/news/secadv/20171102.txt + NOTE: Fix for 1.0.2: https://git.openssl.org/?p=openssl.git;a=commit;h=38d600147331d36e74174ebbd4008b63188b321b + NOTE: Fix for 1.1.0: https://git.openssl.org/?p=openssl.git;a=commit;h=4443cf7aa0099e5ce615c18cee249fff77fb0871 CVE-2017-3735 (While parsing an IPAddressFamily extension in an X.509 certificate, it ...) - openssl [stretch] - openssl (Can be fixed with the next openssl security release) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57245 - data/CVE
Author: jmm
Date: 2017-11-02 15:08:15 + (Thu, 02 Nov 2017)
New Revision: 57245
Modified:
data/CVE/list
Log:
various im unimportant
Modified: data/CVE/list
===
--- data/CVE/list 2017-11-02 15:06:41 UTC (rev 57244)
+++ data/CVE/list 2017-11-02 15:08:15 UTC (rev 57245)
@@ -13407,8 +13407,6 @@
NOTE: http://dev.exiv2.org/issues/1307
NOTE: https://github.com/Exiv2/exiv2/issues/57
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1475124
- NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1).
- NOTE: Reproducible in experimental(0.26-1).
NOTE: Problematic assert() exists in all versions in Debian.
CVE-2017-11682 (Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0
allows ...)
NOT-FOR-US: Hashtopussy
@@ -13541,7 +13539,7 @@
NOT-FOR-US: NetComm Wireless 4GT101W routers
CVE-2017-11644 (When ImageMagick 7.0.6-1 processes a crafted file in convert,
it can ...)
{DLA-1081-1}
- - imagemagick 8:6.9.7.4+dfsg-14 (bug #870016)
+ - imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870016)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/587
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/a6802e21d824e786d1e2a8440cf749a6e1a8d95f
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/418f88dd18af34b6cb64f709567c81b89865d7bc
@@ -13950,7 +13948,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/581
CVE-2017-11539 (When ImageMagick 7.0.6-1 processes a crafted file in convert,
it can ...)
{DLA-1081-1}
- - imagemagick 8:6.9.7.4+dfsg-15 (bug #870120)
+ - imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870120)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/582
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/4e81160d66f02bf7b4f569669ca7dd80d416ba6e
NOTE: ImageMagick-7:
https://github.com/ImageMagick/ImageMagick/commit/36aad912d1f405a28a9a1204120b569e7da5898e
@@ -13966,7 +13964,7 @@
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/2bbc1b96f0d9371df675fdf7b8fc9bd4a42ae9cd
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/bac384563f557d1ac7413d2eaec00dd59c3cc29b
CVE-2017-11536 (When ImageMagick 7.0.6-1 processes a crafted file in convert,
it can ...)
- - imagemagick 8:6.9.7.4+dfsg-13 (bug #869831)
+ - imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869831)
[wheezy] - imagemagick (vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/567
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/167e1538ae9818d46c9462a4273082871e35a480
@@ -13979,7 +13977,7 @@
NOTE: Imagemagick-6:
https://github.com/ImageMagick/ImageMagick/commit/bba95cfcc19fa8a261e12692f31279148ad42441
CVE-2017-11534 (When ImageMagick 7.0.6-1 processes a crafted file in convert,
it can ...)
{DLA-1081-1}
- - imagemagick 8:6.9.7.4+dfsg-13 (bug #869711)
+ - imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869711)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/564
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/3f21b17f06eacb40dab08738e0abf68fb0d58c90
CVE-2017-11533 (When ImageMagick 7.0.6-1 processes a crafted file in convert,
it can ...)
@@ -13990,12 +13988,12 @@
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/ed1fd69231ab21dc540167c63bc3b0fa3282ec59
CVE-2017-11532 (When ImageMagick 7.0.6-1 processes a crafted file in convert,
it can ...)
{DLA-1081-1}
- - imagemagick 8:6.9.7.4+dfsg-13 (bug #869726)
+ - imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869726)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/563
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/d60d705cddac7fa5d0e6596c183bbb9b46a57161
CVE-2017-11531 (When ImageMagick 7.0.6-1 processes a crafted file in convert,
it can ...)
{DLA-1081-1}
- - imagemagick 8:6.9.7.4+dfsg-13 (bug #869725)
+ - imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869725)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/566
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/c81594c6ee93581b97e8f8c743200b1366d83989
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/1885ab1231e82f90d3f0e839555ee3e1a441bbf8
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57244 - data/CVE
Author: carnil Date: 2017-11-02 15:06:41 + (Thu, 02 Nov 2017) New Revision: 57244 Modified: data/CVE/list Log: Add description for CVE-2017-3736 Modified: data/CVE/list === --- data/CVE/list 2017-11-02 15:05:47 UTC (rev 57243) +++ data/CVE/list 2017-11-02 15:06:41 UTC (rev 57244) @@ -37461,7 +37461,7 @@ RESERVED CVE-2017-3737 RESERVED -CVE-2017-3736 +CVE-2017-3736 [bn_sqrx8x_internal carry bug on x86_64] RESERVED - openssl - openssl1.0 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57243 - data/CVE
Author: carnil Date: 2017-11-02 15:05:47 + (Thu, 02 Nov 2017) New Revision: 57243 Modified: data/CVE/list Log: Add CVE-2017-3736/openssl Modified: data/CVE/list === --- data/CVE/list 2017-11-02 14:40:38 UTC (rev 57242) +++ data/CVE/list 2017-11-02 15:05:47 UTC (rev 57243) @@ -37463,6 +37463,9 @@ RESERVED CVE-2017-3736 RESERVED + - openssl + - openssl1.0 + NOTE: https://www.openssl.org/news/secadv/20171102.txt CVE-2017-3735 (While parsing an IPAddressFamily extension in an X.509 certificate, it ...) - openssl [stretch] - openssl (Can be fixed with the next openssl security release) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57242 - data
Author: apo Date: 2017-11-02 14:40:38 + (Thu, 02 Nov 2017) New Revision: 57242 Modified: data/dla-needed.txt Log: Add bchunk to dla-needed.txt and claim it. Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-11-02 14:22:21 UTC (rev 57241) +++ data/dla-needed.txt 2017-11-02 14:40:38 UTC (rev 57242) @@ -14,6 +14,8 @@ NOTE: 20170719: maintainer will handle the upload, see https://lists.debian.org/d0b9674a-ac5b-5cc9-1982-fb6f36155...@pbandjelly.org NOTE: 20171013: anarcat pinged maintainer: https://lists.debian.org/87efpuc95w@curie.anarc.at -- +bchunk (Markus Koschany) +-- graphicsmagick (Markus Koschany) -- irssi (Rhonda D'Vine) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57241 - data/CVE
Author: carnil Date: 2017-11-02 14:22:21 + (Thu, 02 Nov 2017) New Revision: 57241 Modified: data/CVE/list Log: Adjust source package name: emacs24 -> emacs23 for wheezy Modified: data/CVE/list === --- data/CVE/list 2017-11-02 13:49:44 UTC (rev 57240) +++ data/CVE/list 2017-11-02 14:22:21 UTC (rev 57241) @@ -565,8 +565,8 @@ - emacs24 [stretch] - emacs24 (Minor issue) [jessie] - emacs24 (Minor issue) - [wheezy] - emacs24 (Minor issue) - emacs23 + [wheezy] - emacs23 (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2017/10/31/15 CVE-2017-1000382 (VIM version 8.0.1187 (and other versions most likely) ignores umask ...) - vim ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57240 - data/CVE
Author: apo Date: 2017-11-02 13:49:44 + (Thu, 02 Nov 2017) New Revision: 57240 Modified: data/CVE/list Log: CVE-2017-1000383,emacs23: no-dsa for Wheezy Same reasoning as for vim. Modified: data/CVE/list === --- data/CVE/list 2017-11-02 13:48:07 UTC (rev 57239) +++ data/CVE/list 2017-11-02 13:49:44 UTC (rev 57240) @@ -565,6 +565,7 @@ - emacs24 [stretch] - emacs24 (Minor issue) [jessie] - emacs24 (Minor issue) + [wheezy] - emacs24 (Minor issue) - emacs23 NOTE: http://www.openwall.com/lists/oss-security/2017/10/31/15 CVE-2017-1000382 (VIM version 8.0.1187 (and other versions most likely) ignores umask ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57239 - data
Author: apo Date: 2017-11-02 13:48:07 + (Thu, 02 Nov 2017) New Revision: 57239 Modified: data/dla-needed.txt Log: Add graphicsmagick to dla-needed.txt and claim it. Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-11-02 13:15:06 UTC (rev 57238) +++ data/dla-needed.txt 2017-11-02 13:48:07 UTC (rev 57239) @@ -14,6 +14,8 @@ NOTE: 20170719: maintainer will handle the upload, see https://lists.debian.org/d0b9674a-ac5b-5cc9-1982-fb6f36155...@pbandjelly.org NOTE: 20171013: anarcat pinged maintainer: https://lists.debian.org/87efpuc95w@curie.anarc.at -- +graphicsmagick (Markus Koschany) +-- irssi (Rhonda D'Vine) -- jasperreports ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57238 - data/DLA
Author: kroeckx Date: 2017-11-02 13:15:06 + (Thu, 02 Nov 2017) New Revision: 57238 Modified: data/DLA/list Log: Reserve DLA-1157-1 for openssl Modified: data/DLA/list === --- data/DLA/list 2017-11-02 11:39:15 UTC (rev 57237) +++ data/DLA/list 2017-11-02 13:15:06 UTC (rev 57238) @@ -1,3 +1,5 @@ +[02 Nov 2017] DLA-1157-1 openssl - security update + [wheezy] - openssl 1.0.1t-1+deb7u2 [31 Oct 2017] DLA-1156-1 libdatetime-timezone-perl - new upstream version [wheezy] - libdatetime-timezone-perl 1:1.58-1+2017c [31 Oct 2017] DLA-1155-1 tzdata - new upstream version ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57237 - data/CVE
Author: carnil Date: 2017-11-02 11:39:15 + (Thu, 02 Nov 2017) New Revision: 57237 Modified: data/CVE/list Log: Add wordpress issue, #880528 Modified: data/CVE/list === --- data/CVE/list 2017-11-02 09:48:45 UTC (rev 57236) +++ data/CVE/list 2017-11-02 11:39:15 UTC (rev 57237) @@ -1,3 +1,8 @@ +CVE-2017- [Unsafe queries with wpdb->prepare] + - wordpress 4.8.3+dfsg-1 (bug #880528) + NOTE: https://wpvulndb.com/vulnerabilities/8941 + NOTE: https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d + NOTE: https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html CVE-2017-16509 RESERVED CVE-2017-16508 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57236 - data/CVE
Author: carnil Date: 2017-11-02 09:48:45 + (Thu, 02 Nov 2017) New Revision: 57236 Modified: data/CVE/list Log: Expand more note on CVE-2017-15095 Modified: data/CVE/list === --- data/CVE/list 2017-11-02 09:46:36 UTC (rev 57235) +++ data/CVE/list 2017-11-02 09:48:45 UTC (rev 57236) @@ -3634,6 +3634,9 @@ NOTE: https://github.com/FasterXML/jackson-databind/issues/1737 NOTE: https://github.com/FasterXML/jackson-databind/commit/e8f043d1 NOTE: https://github.com/FasterXML/jackson-databind/commit/ddfddfba + NOTE: This CVE-2017-15095 should be considered to include everything in + NOTE: NO_DESER_CLASS_NAMES as of: + NOTE: https://github.com/FasterXML/jackson-databind/blob/7093008aa2afe8068e120df850189ae072dfa1b2/src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java#L43 NOTE: Details: http://www.openwall.com/lists/oss-security/2017/11/02/3 CVE-2017-15094 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57235 - data
Author: carnil Date: 2017-11-02 09:46:36 + (Thu, 02 Nov 2017) New Revision: 57235 Modified: data/dsa-needed.txt Log: Add jackson-databind Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-11-02 09:36:10 UTC (rev 57234) +++ data/dsa-needed.txt 2017-11-02 09:46:36 UTC (rev 57235) @@ -23,6 +23,9 @@ -- irssi -- +jackson-databind + For CVE-2017-15095 (see notes for missing commits) +-- libreoffice/oldstable -- libvpx/oldstable ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57234 - data/CVE
Author: jmm Date: 2017-11-02 09:36:10 + (Thu, 02 Nov 2017) New Revision: 57234 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list === --- data/CVE/list 2017-11-02 09:10:13 UTC (rev 57233) +++ data/CVE/list 2017-11-02 09:36:10 UTC (rev 57234) @@ -43491,11 +43491,11 @@ CVE-2017-1555 (IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated ...) NOT-FOR-US: IBM CVE-2017-1554 (IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1553 (IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1552 (IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1551 (IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker ...) NOT-FOR-US: IBM CVE-2017-1550 @@ -43919,7 +43919,7 @@ CVE-2017-1341 RESERVED CVE-2017-1340 (IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1339 (IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) ...) NOT-FOR-US: IBM CVE-2017-1338 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...) @@ -43933,7 +43933,7 @@ CVE-2017-1334 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2017-1333 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1332 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2017-1331 (IBM Content Navigator 2.0.3 and 3.0.0 is vulnerable to cross-site ...) @@ -43999,7 +43999,7 @@ CVE-2017-1301 (IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to ...) NOT-FOR-US: IBM CVE-2017-1300 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1299 RESERVED CVE-2017-1298 @@ -44019,7 +44019,7 @@ CVE-2017-1291 (IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response ...) NOT-FOR-US: IBM CVE-2017-1290 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1289 (IBM SDK, Java Technology Edition is vulnerable XML External Entity ...) NOT-FOR-US: IBM JDK CVE-2017-1288 @@ -44303,9 +44303,9 @@ CVE-2017-1149 (IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial ...) NOT-FOR-US: IBM CVE-2017-1148 (IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1147 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to ...) - TODO: check + NOT-FOR-US: IBM CVE-2017-1146 (IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site ...) NOT-FOR-US: IBM CVE-2017-1145 (IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents ...) @@ -68183,7 +68183,7 @@ CVE-2016-3049 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML ...) NOT-FOR-US: IBM CVE-2016-3048 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to ...) - TODO: check + NOT-FOR-US: IBM CVE-2016-3047 (Open redirect vulnerability in IBM FileNet Workplace 4.0.2 through ...) NOT-FOR-US: IBM CVE-2016-3046 (IBM Security Access Manager for Web is vulnerable to SQL injection. A ...) @@ -205129,9 +205129,9 @@ CVE-2009-1199 RESERVED CVE-2009-1198 (Cross-site scripting (XSS) vulnerability in Apache jUDDI before 2.0 ...) - TODO: check + NOT-FOR-US: Apache jUDDI CVE-2009-1197 (Apache jUDDI before 2.0 allows attackers to spoof entries in log files ...) - TODO: check + NOT-FOR-US: Apache jUDDI CVE-2009-1196 (The directory-services functionality in the scheduler in CUPS 1.1.17 ...) - cups 1.1.99.b1.r4748-1 - cupsys ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57233 - data/CVE
Author: sectracker
Date: 2017-11-02 09:10:13 + (Thu, 02 Nov 2017)
New Revision: 57233
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2017-11-02 08:15:40 UTC (rev 57232)
+++ data/CVE/list 2017-11-02 09:10:13 UTC (rev 57233)
@@ -7776,11 +7776,11 @@
NOT-FOR-US: FineCMS
CVE-2017-13696
RESERVED
-CVE-2017-1000122
+CVE-2017-1000122 (The UNIX IPC layer in WebKit, including WebKitGTK+ prior to
2.16.3, ...)
- webkit2gtk 2.16.3-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2017-0007.html
NOTE: Not covered by security support
-CVE-2017-1000121
+CVE-2017-1000121 (The UNIX IPC layer in WebKit, including WebKitGTK+ prior to
2.16.3, ...)
- webkit2gtk 2.16.3-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2017-0007.html
NOTE: Not covered by security support
@@ -24777,7 +24777,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7825
CVE-2017-7824
RESERVED
- {DSA-3987-1 DLA-1153-1 DLA-1118-1}
+ {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
- thunderbird 1:52.4.0-1
@@ -24786,7 +24786,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7824
CVE-2017-7823
RESERVED
- {DSA-3987-1 DLA-1153-1 DLA-1118-1}
+ {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
- thunderbird 1:52.4.0-1
@@ -24807,7 +24807,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7820
CVE-2017-7819
RESERVED
- {DSA-3987-1 DLA-1153-1 DLA-1118-1}
+ {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
- thunderbird 1:52.4.0-1
@@ -24816,7 +24816,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7819
CVE-2017-7818
RESERVED
- {DSA-3987-1 DLA-1153-1 DLA-1118-1}
+ {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
- thunderbird 1:52.4.0-1
@@ -24837,7 +24837,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7815
CVE-2017-7814
RESERVED
- {DSA-3987-1 DLA-1153-1 DLA-1118-1}
+ {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
- thunderbird 1:52.4.0-1
@@ -24858,7 +24858,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7811
CVE-2017-7810
RESERVED
- {DSA-3987-1 DLA-1153-1 DLA-1118-1}
+ {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
- thunderbird 1:52.4.0-1
@@ -24885,7 +24885,7 @@
- firefox 55.0-1
CVE-2017-7805
RESERVED
- {DSA-3998-1 DSA-3987-1 DLA-1153-1 DLA-1138-1 DLA-1118-1}
+ {DSA-4014-1 DSA-3998-1 DSA-3987-1 DLA-1153-1 DLA-1138-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
- thunderbird 1:52.4.0-1
@@ -24945,7 +24945,7 @@
- firefox 55.0-1
CVE-2017-7793
RESERVED
- {DSA-3987-1 DLA-1153-1 DLA-1118-1}
+ {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
- firefox 56.0-1
- firefox-esr 52.4.0esr-2
- thunderbird 1:52.4.0-1
@@ -43490,12 +43490,12 @@
NOT-FOR-US: IBM
CVE-2017-1555 (IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an
authenticated ...)
NOT-FOR-US: IBM
-CVE-2017-1554
- RESERVED
-CVE-2017-1553
- RESERVED
-CVE-2017-1552
- RESERVED
+CVE-2017-1554 (IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote
...)
+ TODO: check
+CVE-2017-1553 (IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to
cross-site ...)
+ TODO: check
+CVE-2017-1552 (IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to
link ...)
+ TODO: check
CVE-2017-1551 (IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote
attacker ...)
NOT-FOR-US: IBM
CVE-2017-1550
@@ -43918,8 +43918,8 @@
RESERVED
CVE-2017-1341
RESERVED
-CVE-2017-1340
- RESERVED
+CVE-2017-1340 (IBM Jazz Reporting Service (JRS) 6.0.4 could allow an
authenticated ...)
+ TODO: check
CVE-2017-1339 (IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage
Manager) ...)
NOT-FOR-US: IBM
CVE-2017-1338 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is
vulnerable to ...)
@@ -43932,8 +43932,8 @@
NOT-FOR-US: IBM
CVE-2017-1334 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site
scripting. This ...)
NOT-FOR-US: IBM
-CVE-2017-1333
- RESERVED
+CVE-2017-1333 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an ...)
+
[Secure-testing-commits] r57232 - data/CVE
Author: carnil Date: 2017-11-02 08:15:40 + (Thu, 02 Nov 2017) New Revision: 57232 Modified: data/CVE/list Log: Sync status for CVE-2017-12193 with kernel-sec Modified: data/CVE/list === --- data/CVE/list 2017-11-02 07:46:32 UTC (rev 57231) +++ data/CVE/list 2017-11-02 08:15:40 UTC (rev 57232) @@ -12060,7 +12060,9 @@ CVE-2017-12193 RESERVED - linux + [wheezy] - linux (Vulnerable code introduced in 3.13-rc1) NOTE: Fixed by: https://git.kernel.org/linus/ea6789980fdaa610d7eb63602c746bf6ec70cd2b (4.14-rc7) + NOTE: Introduced by: https://git.kernel.org/linus/3cb989501c2688cacbb7dc4b0d353faf838f53a1 (3.13-rc1) CVE-2017-12192 (The keyctl_read_key function in security/keys/keyctl.c in the Key ...) - linux 4.13.4-2 [wheezy] - linux (Vulnerable code introduced later) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57231 - data/CVE
Author: carnil Date: 2017-11-02 07:46:32 + (Thu, 02 Nov 2017) New Revision: 57231 Modified: data/CVE/list Log: CVE-2017-14731 addressed in unstable Modified: data/CVE/list === --- data/CVE/list 2017-11-02 07:45:01 UTC (rev 57230) +++ data/CVE/list 2017-11-02 07:46:32 UTC (rev 57231) @@ -4758,7 +4758,7 @@ CVE-2017-14732 RESERVED CVE-2017-14731 (ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote ...) - - libofx (bug #877442) + - libofx 1:0.9.11-5 (bug #877442) NOTE: https://github.com/libofx/libofx/issues/10 NOTE: https://github.com/libofx/libofx/commit/fad8418f34094de42e1307113598e0e8bee0a2bd CVE-2017-14730 (The init script in the Gentoo app-admin/logstash-bin package before ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57230 - data/CVE
Author: carnil Date: 2017-11-02 07:45:01 + (Thu, 02 Nov 2017) New Revision: 57230 Modified: data/CVE/list Log: Two graphicsmagick issues addressed in unstable Modified: data/CVE/list === --- data/CVE/list 2017-11-02 07:06:37 UTC (rev 57229) +++ data/CVE/list 2017-11-02 07:45:01 UTC (rev 57230) @@ -319,11 +319,11 @@ CVE-2017-16354 RESERVED CVE-2017-16353 (GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure ...) - - graphicsmagick + - graphicsmagick 1.3.26-17 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=e4e1c2a581d8 NOTE: https://blogs.securiteam.com/index.php/archives/3494 CVE-2017-16352 (GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow ...) - - graphicsmagick + - graphicsmagick 1.3.26-17 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=7292230dd185 NOTE: https://blogs.securiteam.com/index.php/archives/3494 CVE-2017-1001001 (PluXml version 5.6 is vulnerable to stored cross-site scripting ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57229 - data/CVE
Author: carnil Date: 2017-11-02 07:06:37 + (Thu, 02 Nov 2017) New Revision: 57229 Modified: data/CVE/list Log: Mark emacs issues as no-dsa Modified: data/CVE/list === --- data/CVE/list 2017-11-02 06:59:16 UTC (rev 57228) +++ data/CVE/list 2017-11-02 07:06:37 UTC (rev 57229) @@ -556,7 +556,10 @@ RESERVED CVE-2017-1000383 (GNU Emacs version 25.3.1 (and other versions most likely) ignores ...) - emacs25 + [stretch] - emacs25 (Minor issue) - emacs24 + [stretch] - emacs24 (Minor issue) + [jessie] - emacs24 (Minor issue) - emacs23 NOTE: http://www.openwall.com/lists/oss-security/2017/10/31/15 CVE-2017-1000382 (VIM version 8.0.1187 (and other versions most likely) ignores umask ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
