[Secure-testing-commits] r57842 - data/CVE
Author: carnil Date: 2017-11-20 05:59:51 + (Mon, 20 Nov 2017) New Revision: 57842 Modified: data/CVE/list Log: Record fixing version in experimental for CVE-2017-15371 Modified: data/CVE/list === --- data/CVE/list 2017-11-19 21:45:54 UTC (rev 57841) +++ data/CVE/list 2017-11-20 05:59:51 UTC (rev 57842) @@ -4387,11 +4387,11 @@ [jessie] - sox (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500553 CVE-2017-15371 (There is a reachable assertion abort in the function ...) + [experimental] - sox 14.4.2-1 - sox (bug #878809) [stretch] - sox (Minor issue) [jessie] - sox (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500570 - TODO: check with maintainer, 14.4.2-1 with 0005-CVE-2017-15371.patch was meant to address the issue, but assertion still reached, cf #878809 CVE-2017-15370 (There is a heap-based buffer overflow in the ImaExpandS function of ...) [experimental] - sox 14.4.2-1 - sox (bug #878810) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57841 - data/CVE
Author: jmm Date: 2017-11-19 21:45:54 + (Sun, 19 Nov 2017) New Revision: 57841 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list === --- data/CVE/list 2017-11-19 21:10:15 UTC (rev 57840) +++ data/CVE/list 2017-11-19 21:45:54 UTC (rev 57841) @@ -70,16 +70,16 @@ CVE-2017-1000230 (The Snap7 Server version 1.4.1 can be crashed when the ItemCount field ...) NOT-FOR-US: Snap7 Server CVE-2017-1000227 (Stored XSS in Salutation Responsive WordPress + BuddyPress Theme ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2017-1000221 (In Opencast 2.2.3 and older if user names overlap, the Opencast search ...) - TODO: check + NOT-FOR-US: Opencast CVE-2017-1000217 (Opencast 2.3.2 and older versions are vulnerable to script injections ...) - TODO: check + NOT-FOR-US: Opencast CVE-2017-1000190 (SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability ...) - simple-xml NOTE: https://github.com/ngallagher/simplexml/issues/18 CVE-2017-1000163 (The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through ...) - TODO: check + NOT-FOR-US: Phoenix Framework CVE-2017-1000128 (Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser ...) - exiv2 NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1 @@ -95,7 +95,7 @@ CVE-2017-16878 RESERVED CVE-2017-16877 (ZEIT Next.js before 2.4.1 has directory traversal under the /_next and ...) - TODO: check + NOT-FOR-US: ZEIT Next.js CVE-2017-16876 RESERVED CVE-2017-16875 (An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in ...) @@ -127,13 +127,13 @@ - root-system NOTE: https://github.com/root-project/root/commit/88ccff152604e0f1012653a596d802ff7ede3145#diff-6cd6f6c31bac70116b7ca7abdc8e517e CVE-2017-1000192 (Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File ...) - TODO: check + NOT-FOR-US: Cygnux sysPass CVE-2017-1000191 (Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting ...) - TODO: check + NOT-FOR-US: Jool CVE-2017-1000170 (jqueryFileTree 2.1.5 and older Directory Traversal ...) TODO: check CVE-2017-1000169 (QuickerBB version = 0.7.2 is vulnerable to arbitrary file writes ...) - TODO: check + NOT-FOR-US: QuickerBB CVE-2017-1000168 (sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate ...) TODO: check CVE-2017-1000161 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57840 - data/CVE
Author: sectracker Date: 2017-11-19 21:10:15 + (Sun, 19 Nov 2017) New Revision: 57840 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-19 20:13:56 UTC (rev 57839) +++ data/CVE/list 2017-11-19 21:10:15 UTC (rev 57840) @@ -1,3 +1,21 @@ +CVE-2017-16893 + RESERVED +CVE-2017-16892 (In Bftpd before 4.7, there is a memory leak in the file rename ...) + TODO: check +CVE-2017-16891 + RESERVED +CVE-2017-16890 + RESERVED +CVE-2017-16889 + RESERVED +CVE-2017-16888 + RESERVED +CVE-2017-16887 + RESERVED +CVE-2017-16886 + RESERVED +CVE-2017-16885 + RESERVED CVE-2017-1000404 NOT-FOR-US: Jenkins plugin CVE-2017-1000403 @@ -18169,7 +18187,7 @@ CVE-2017-10673 (admin/profile.php in GetSimple CMS 3.x has XSS in a name field. ...) NOT-FOR-US: GetSimple CMS CVE-2017-10672 (Use-after-free in the XML-LibXML module through 2.0129 for Perl allows ...) - {DLA-1171-1} + {DSA-4042-1 DLA-1171-1} - libxml-libxml-perl 2.0128+dfsg-5 (bug #866676) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=122246 NOTE: Pull request: https://github.com/shlomif/perl-XML-LibXML/pull/8 @@ -25802,6 +25820,7 @@ RESERVED CVE-2017-8028 RESERVED + {DLA-1180-1} - libspring-ldap-java NOTE: https://pivotal.io/security/cve-2017-8028 NOTE: https://github.com/spring-projects/spring-ldap/issues/430 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57839 - data/CVE
Author: carnil Date: 2017-11-19 20:13:56 + (Sun, 19 Nov 2017) New Revision: 57839 Modified: data/CVE/list Log: Add todo for CVE-2017-15371 Modified: data/CVE/list === --- data/CVE/list 2017-11-19 20:04:24 UTC (rev 57838) +++ data/CVE/list 2017-11-19 20:13:56 UTC (rev 57839) @@ -4373,6 +4373,7 @@ [stretch] - sox (Minor issue) [jessie] - sox (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500570 + TODO: check with maintainer, 14.4.2-1 with 0005-CVE-2017-15371.patch was meant to address the issue, but assertion still reached, cf #878809 CVE-2017-15370 (There is a heap-based buffer overflow in the ImaExpandS function of ...) [experimental] - sox 14.4.2-1 - sox (bug #878810) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57838 - data/CVE
Author: carnil Date: 2017-11-19 20:04:24 + (Sun, 19 Nov 2017) New Revision: 57838 Modified: data/CVE/list Log: Add fixing version for CVE-2017-15370 in experimental Modified: data/CVE/list === --- data/CVE/list 2017-11-19 20:02:54 UTC (rev 57837) +++ data/CVE/list 2017-11-19 20:04:24 UTC (rev 57838) @@ -4374,6 +4374,7 @@ [jessie] - sox (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500570 CVE-2017-15370 (There is a heap-based buffer overflow in the ImaExpandS function of ...) + [experimental] - sox 14.4.2-1 - sox (bug #878810) [stretch] - sox (Minor issue) [jessie] - sox (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57837 - data/CVE
Author: carnil Date: 2017-11-19 20:02:54 + (Sun, 19 Nov 2017) New Revision: 57837 Modified: data/CVE/list Log: Three CVEs verified to be fixed for sox in experimental Modified: data/CVE/list === --- data/CVE/list 2017-11-19 19:30:34 UTC (rev 57836) +++ data/CVE/list 2017-11-19 20:02:54 UTC (rev 57837) @@ -16099,12 +16099,14 @@ NOTE: https://github.com/ImageMagick/ImageMagick/issues/518 NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/224bc946b24824a77e8e8c52ee07e9bc65796e30 CVE-2017-11359 (The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows ...) + [experimental] - sox 14.4.2-1 - sox (bug #870328) [stretch] - sox (Minor issue) [jessie] - sox (Minor issue) NOTE: http://seclists.org/fulldisclosure/2017/Jul/81 NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/ CVE-2017-11358 (The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 ...) + [experimental] - sox 14.4.2-1 - sox (bug #870328) [stretch] - sox (Minor issue) [jessie] - sox (Minor issue) @@ -16237,6 +16239,7 @@ NOTE: http://seclists.org/fulldisclosure/2017/Jul/82 NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2332 CVE-2017-11332 (The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows ...) + [experimental] - sox 14.4.2-1 - sox (bug #870328) [stretch] - sox (Minor issue) [jessie] - sox (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57835 - data/CVE
Author: carnil Date: 2017-11-19 19:24:14 + (Sun, 19 Nov 2017) New Revision: 57835 Modified: data/CVE/list Log: Mark CVE-2017-15994 as not-affected As argued in previous commit message follow Thorsten Alteholz analysis. Modified: data/CVE/list === --- data/CVE/list 2017-11-19 19:22:54 UTC (rev 57834) +++ data/CVE/list 2017-11-19 19:24:14 UTC (rev 57835) @@ -2872,11 +2872,7 @@ CVE-2014-10064 RESERVED CVE-2017-15994 (rsync 3.1.3-development before 2017-10-24, as used in the xlucas svfs ...) - - rsync - [buster] - rsync (vulnerable code only in development version, but not released) - [stretch] - rsync (vulnerable code only in development version, but not released) - [jessie] - rsync (vulnerable code only in development version, but not released) - [wheezy] - rsync (vulnerable code only in development version, but not released) + - rsync (Problematic code to allow checksum choice only introduced after 3.1.2 release) NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=7b8a4ecd6ff9cdf4e5d3850ebf822f1e989255b3 NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=9a480deec4d20277d8e20bc55515ef0640ca1e55 NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=c252546ceeb0925eb8a4061315e3ff0a8c55b48b ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57834 - data/CVE
Author: carnil Date: 2017-11-19 19:22:54 + (Sun, 19 Nov 2017) New Revision: 57834 Modified: data/CVE/list Log: Add note on commit introducing the --checksum-choice option Note for reviewers: Possibly only after that commit the archaic checksums are not properly handled. Before that there was not the coice of the checksum and arguably. Follow the triage from Thorsten Alteholz in the next commit and mark all versions in Debian as not-affected. Modified: data/CVE/list === --- data/CVE/list 2017-11-19 19:12:05 UTC (rev 57833) +++ data/CVE/list 2017-11-19 19:22:54 UTC (rev 57834) @@ -2881,8 +2881,11 @@ NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=9a480deec4d20277d8e20bc55515ef0640ca1e55 NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=c252546ceeb0925eb8a4061315e3ff0a8c55b48b NOTE: And possibly the following two commits on top: - NOTE: https://git.samba.org/?p=rsync.git;a=commith=bc112b0e7feece62ce98708092306639a8a53cce + NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=bc112b0e7feece62ce98708092306639a8a53cce NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=416e719bea4f5466c8dd2b34cac0059b6ff84ff3 + NOTE: The following commit introduced special handling of archaic versions / handling of + NOTE: --checksum-choice option to choose the checksum algorithms: + NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=a5a7d3a297b836387b0ac677383bdddaf2ac3598 CVE-2017-15993 (Zomato Clone Script allows SQL Injection via the restaurant-menu.php ...) NOT-FOR-US: Zomato Clone Script CVE-2017-15992 (Website Broker Script allows SQL Injection via the 'status_id' ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57836 - data/CVE
Author: pochu Date: 2017-11-19 19:30:34 + (Sun, 19 Nov 2017) New Revision: 57836 Modified: data/CVE/list Log: some xorg-server CVEs n/a on wheezy Modified: data/CVE/list === --- data/CVE/list 2017-11-19 19:24:14 UTC (rev 57835) +++ data/CVE/list 2017-11-19 19:30:34 UTC (rev 57836) @@ -9240,8 +9240,8 @@ CVE-2017-13721 (In X.Org Server (aka xserver and xorg-server) before 1.19.4, an ...) {DSA-4000-1} - xorg-server 2:1.19.4-1 + [wheezy] - xorg-server (Vulnerable code introduced later) NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=b95f25af141d33a65f6f821ea9c003f66a01e1f1 - NOTE: In wheezy this is possibly libxext, src/XShm.c? CVE-2017-13720 (In the PatternMatch function in fontfile/fontdir.c in libXfont through ...) {DSA-3995-1 DLA-1126-1} - libxfont 1:2.0.1-4 @@ -13713,6 +13713,7 @@ RESERVED {DSA-4000-1} - xorg-server 2:1.19.5-1 + [wheezy] - xorg-server (Vulnerable code introduced later) NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e CVE-2017-12185 RESERVED @@ -13738,6 +13739,7 @@ RESERVED {DSA-4000-1} - xorg-server 2:1.19.5-1 + [wheezy] - xorg-server (Vulnerable code introduced later) NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b CVE-2017-12180 [hw/xfree86: unvalidated lengths] RESERVED @@ -13748,6 +13750,7 @@ RESERVED {DSA-4000-1} - xorg-server 2:1.19.5-1 + [wheezy] - xorg-server (Vulnerable code introduced later) CVE-2017-12178 [Xi: fix wrong extra length check in ProcXIChangeHierarchy] RESERVED {DSA-4000-1} ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57833 - data/CVE
Author: carnil Date: 2017-11-19 19:12:05 + (Sun, 19 Nov 2017) New Revision: 57833 Modified: data/CVE/list Log: Add two more commits for CVE-2017-15994/rsync Modified: data/CVE/list === --- data/CVE/list 2017-11-19 16:57:16 UTC (rev 57832) +++ data/CVE/list 2017-11-19 19:12:05 UTC (rev 57833) @@ -2880,6 +2880,9 @@ NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=7b8a4ecd6ff9cdf4e5d3850ebf822f1e989255b3 NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=9a480deec4d20277d8e20bc55515ef0640ca1e55 NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=c252546ceeb0925eb8a4061315e3ff0a8c55b48b + NOTE: And possibly the following two commits on top: + NOTE: https://git.samba.org/?p=rsync.git;a=commith=bc112b0e7feece62ce98708092306639a8a53cce + NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=416e719bea4f5466c8dd2b34cac0059b6ff84ff3 CVE-2017-15993 (Zomato Clone Script allows SQL Injection via the restaurant-menu.php ...) NOT-FOR-US: Zomato Clone Script CVE-2017-15992 (Website Broker Script allows SQL Injection via the 'status_id' ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57832 - in data: . DLA
Author: apo Date: 2017-11-19 16:57:16 + (Sun, 19 Nov 2017) New Revision: 57832 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-1180-1 for libspring-ldap-java Modified: data/DLA/list === --- data/DLA/list 2017-11-19 16:20:14 UTC (rev 57831) +++ data/DLA/list 2017-11-19 16:57:16 UTC (rev 57832) @@ -1,3 +1,6 @@ +[19 Nov 2017] DLA-1180-1 libspring-ldap-java - security update + {CVE-2017-8028} + [wheezy] - libspring-ldap-java 1.3.1.RELEASE-4+deb7u1 [18 Nov 2017] DLA-1179-1 shibboleth-sp2 - security update {CVE-2017-16852} [wheezy] - shibboleth-sp2 2.4.3+dfsg-5+deb7u2 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-11-19 16:20:14 UTC (rev 57831) +++ data/dla-needed.txt 2017-11-19 16:57:16 UTC (rev 57832) @@ -48,8 +48,6 @@ NOTE: https://lists.debian.org/debian-lts/2017/05/msg00012.html NOTE: there are some new CVEs now as well -- -libspring-ldap-java (Markus Koschany) --- libvorbis (Guido Günther) NOTE: 20170829: no fix available yet NOTE: asked for reproducers for CVE-2017-14160 and CVE-2017-14633 on ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57831 - data/CVE
Author: alteholz Date: 2017-11-19 16:20:14 + (Sun, 19 Nov 2017) New Revision: 57831 Modified: data/CVE/list Log: CVE does not affect Debian Modified: data/CVE/list === --- data/CVE/list 2017-11-19 16:14:33 UTC (rev 57830) +++ data/CVE/list 2017-11-19 16:20:14 UTC (rev 57831) @@ -2873,6 +2873,10 @@ RESERVED CVE-2017-15994 (rsync 3.1.3-development before 2017-10-24, as used in the xlucas svfs ...) - rsync + [buster] - rsync (vulnerable code only in development version, but not released) + [stretch] - rsync (vulnerable code only in development version, but not released) + [jessie] - rsync (vulnerable code only in development version, but not released) + [wheezy] - rsync (vulnerable code only in development version, but not released) NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=7b8a4ecd6ff9cdf4e5d3850ebf822f1e989255b3 NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=9a480deec4d20277d8e20bc55515ef0640ca1e55 NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=c252546ceeb0925eb8a4061315e3ff0a8c55b48b ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57829 - data/CVE
Author: carnil Date: 2017-11-19 16:14:22 + (Sun, 19 Nov 2017) New Revision: 57829 Modified: data/CVE/list Log: CVE-2017-1000229: Reference proposed patch Modified: data/CVE/list === --- data/CVE/list 2017-11-19 16:11:10 UTC (rev 57828) +++ data/CVE/list 2017-11-19 16:14:22 UTC (rev 57829) @@ -174,6 +174,7 @@ CVE-2017-1000229 (Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 ...) - optipng (bug #882032) NOTE: https://sourceforge.net/p/optipng/bugs/65/ + NOTE: Proposed patch: https://sourceforge.net/p/optipng/bugs/_discuss/thread/2a56b3aa/f6bb/attachment/0001-Prevent-integer-overflow-bug-65-CVE-2017-1000229.patch CVE-2017-1000228 (nodejs ejs versions older than 2.5.3 is vulnerable to remote code ...) NOT-FOR-US: nodejs ejs CVE-2017-1000226 (Stop User Enumeration 1.3.8 allows user enumeration via the REST API ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57830 - data/CVE
Author: carnil Date: 2017-11-19 16:14:33 + (Sun, 19 Nov 2017) New Revision: 57830 Modified: data/CVE/list Log: Add bug reference for CVE-2017-15642/sox, #882144 Modified: data/CVE/list === --- data/CVE/list 2017-11-19 16:14:22 UTC (rev 57829) +++ data/CVE/list 2017-11-19 16:14:33 UTC (rev 57830) @@ -3696,7 +3696,7 @@ [jessie] - musl (Minor issue) NOTE: https://git.musl-libc.org/cgit/musl/patch/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395 CVE-2017-15642 (In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is ...) - - sox + - sox (bug #882144) [stretch] - sox (Minor issue) [jessie] - sox (Minor issue) NOTE: https://sourceforge.net/p/sox/bugs/298/ ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57828 - data/CVE
Author: carnil Date: 2017-11-19 16:11:10 + (Sun, 19 Nov 2017) New Revision: 57828 Modified: data/CVE/list Log: CVE-2017-15642/sox no-dsa for stretch and jessie Modified: data/CVE/list === --- data/CVE/list 2017-11-19 16:08:56 UTC (rev 57827) +++ data/CVE/list 2017-11-19 16:11:10 UTC (rev 57828) @@ -3696,6 +3696,8 @@ NOTE: https://git.musl-libc.org/cgit/musl/patch/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395 CVE-2017-15642 (In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is ...) - sox + [stretch] - sox (Minor issue) + [jessie] - sox (Minor issue) NOTE: https://sourceforge.net/p/sox/bugs/298/ CVE-2017-15641 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57827 - data
Author: apo Date: 2017-11-19 16:08:56 + (Sun, 19 Nov 2017) New Revision: 57827 Modified: data/dla-needed.txt Log: Claim optipng in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-11-19 15:49:15 UTC (rev 57826) +++ data/dla-needed.txt 2017-11-19 16:08:56 UTC (rev 57827) @@ -77,7 +77,7 @@ -- openjdk-7 (Emilio Pozuelo) -- -optipng +optipng (Markus Koschany) NOTE: 20171118: pinged upstream (Markus Koschany) -- python-werkzeug (Thorsten Alteholz) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57826 - data/CVE
Author: carnil Date: 2017-11-19 15:49:15 + (Sun, 19 Nov 2017) New Revision: 57826 Modified: data/CVE/list Log: Expand todo note for CVE-2017-15864 Modified: data/CVE/list === --- data/CVE/list 2017-11-19 14:24:53 UTC (rev 57825) +++ data/CVE/list 2017-11-19 15:49:15 UTC (rev 57826) @@ -3195,7 +3195,7 @@ CVE-2017-15864 (In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x ...) - otrs2 NOTE: https://www.otrs.com/security-advisory-2017-06-security-update-otrs-3-3/ - TODO: check, upstream claims affects only 3.3.x series + TODO: check, upstream claims affects only 3.3.x series, contacted OTRS security team CVE-2016-10517 (networking.c in Redis before 3.2.7 allows Cross Protocol Scripting ...) {DLA-1161-1} - redis 3:3.2.7-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57825 - data/CVE
Author: carnil Date: 2017-11-19 14:24:53 + (Sun, 19 Nov 2017) New Revision: 57825 Modified: data/CVE/list Log: Add bug reference for CVE-2017-16845, #882136, mark as no-dsa Modified: data/CVE/list === --- data/CVE/list 2017-11-19 14:15:31 UTC (rev 57824) +++ data/CVE/list 2017-11-19 14:24:53 UTC (rev 57825) @@ -457,7 +457,9 @@ CVE-2017-16846 (Zoho ManageEngine Applications Manager 13 allows SQL injection via the ...) NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2017-16845 (hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values ...) - - qemu + - qemu (bug #882136) + [stretch] - qemu (Minor issue) + [jessie] - qemu (Minor issue) - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02982.html CVE-2017-16844 (Heap-based buffer overflow in the loadbuf function in formisc.c in ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57824 - data/CVE
Author: carnil Date: 2017-11-19 14:15:31 + (Sun, 19 Nov 2017) New Revision: 57824 Modified: data/CVE/list Log: Add bug reference for CVE-2017-16805 and mark as no-dsa Modified: data/CVE/list === --- data/CVE/list 2017-11-19 13:39:21 UTC (rev 57823) +++ data/CVE/list 2017-11-19 14:15:31 UTC (rev 57824) @@ -595,7 +595,9 @@ CVE-2017-16806 (The Process function in RemoteTaskServer/WebServer/HttpServer.cs in ...) NOT-FOR-US: Ulterius CVE-2017-16805 (In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a ...) - - radare2 + - radare2 (bug #882134) + [stretch] - radare2 (Minor issue) + [jessie] - radare2 (Minor issue) [wheezy] - radare2 (Vulnerable code does not exist; no dwarf support) NOTE: https://github.com/radare/radare2/commit/2ca9ab45891b6ae8e32b6c28c81eebca059cbe5d NOTE: https://github.com/radare/radare2/issues/8813 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57823 - data/CVE
Author: carnil Date: 2017-11-19 13:39:21 + (Sun, 19 Nov 2017) New Revision: 57823 Modified: data/CVE/list Log: Add bug report for CVE-2017-16808 Modified: data/CVE/list === --- data/CVE/list 2017-11-19 13:15:45 UTC (rev 57822) +++ data/CVE/list 2017-11-19 13:39:21 UTC (rev 57823) @@ -585,7 +585,7 @@ CVE-2017-16809 RESERVED CVE-2017-16808 (tcpdump 4.9.2 has a heap-based buffer over-read related to aoe_print in ...) - - tcpdump (low) + - tcpdump (low; bug #881862) [stretch] - tcpdump (Can be fixed along in a future update) [jessie] - tcpdump (Can be fixed along in a future update) [wheezy] - tcpdump (Can be fixed along in a future update) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57822 - data
Author: carnil Date: 2017-11-19 13:15:45 + (Sun, 19 Nov 2017) New Revision: 57822 Modified: data/next-oldstable-point-update.txt Log: Remove two CVEs which we addressed in DSA Modified: data/next-oldstable-point-update.txt === --- data/next-oldstable-point-update.txt2017-11-19 12:40:58 UTC (rev 57821) +++ data/next-oldstable-point-update.txt2017-11-19 13:15:45 UTC (rev 57822) @@ -76,10 +76,6 @@ [jessie] - krb5 1.12.1+dfsg-19+deb8u3 CVE-2017-13709 [jessie] - flightgear 3.0.0-5+deb8u3 -CVE-2017-10965 - [jessie] - irssi 0.8.17-1+deb8u5 -CVE-2017-10966 - [jessie] - irssi 0.8.17-1+deb8u5 CVE-2017-14226 [jessie] - libwpd 0.10.0-2+deb8u1 CVE-2017-10140 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57821 - data/CVE
Author: carnil Date: 2017-11-19 12:40:58 + (Sun, 19 Nov 2017) New Revision: 57821 Modified: data/CVE/list Log: Record fix in experimental for two glibc issues Modified: data/CVE/list === --- data/CVE/list 2017-11-19 12:39:48 UTC (rev 57820) +++ data/CVE/list 2017-11-19 12:40:58 UTC (rev 57821) @@ -3613,6 +3613,7 @@ - libav NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c20f4fcb74da2d0432c7b54499bb98f48236b904 CVE-2017-15671 (The glob function in glob.c in the GNU C Library (aka glibc or libc6) ...) + [experimental] - glibc 2.26-0experimental0 - glibc (low; bug #879500) [stretch] - glibc (Minor issue) [jessie] - glibc (Minor issue) @@ -3621,6 +3622,7 @@ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22325 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c66c908230169c1bab1f83b071eb585baa214b9f CVE-2017-15670 (The GNU C Library (aka glibc or libc6) before 2.27 contains an ...) + [experimental] - glibc 2.26-0experimental0 - glibc (low; bug #879501) [stretch] - glibc (Minor issue) [jessie] - glibc (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57820 - data/CVE
Author: carnil Date: 2017-11-19 12:39:48 + (Sun, 19 Nov 2017) New Revision: 57820 Modified: data/CVE/list Log: Change CVE-2012-5855 to still record the source package but align for/to similar cases Modified: data/CVE/list === --- data/CVE/list 2017-11-19 12:30:09 UTC (rev 57819) +++ data/CVE/list 2017-11-19 12:39:48 UTC (rev 57820) @@ -152338,7 +152338,7 @@ CVE-2012-5856 (Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka ...) NOT-FOR-US: Wordpress plugin (uk cookie) CVE-2012-5855 (The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and ...) - NOT-FOR-US: vlc on Windows only issue + - vlc (Windows only issue) NOTE: Harmless crasher without security relevance CVE-2012-5853 (SQL injection vulnerability in the the_search_function function in ...) NOT-FOR-US: "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin for WordPress ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57819 - data/CVE
Author: sramacher Date: 2017-11-19 12:30:09 + (Sun, 19 Nov 2017) New Revision: 57819 Modified: data/CVE/list Log: CVE-2012-5855 is Windows only Modified: data/CVE/list === --- data/CVE/list 2017-11-19 12:04:11 UTC (rev 57818) +++ data/CVE/list 2017-11-19 12:30:09 UTC (rev 57819) @@ -152338,7 +152338,7 @@ CVE-2012-5856 (Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka ...) NOT-FOR-US: Wordpress plugin (uk cookie) CVE-2012-5855 (The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and ...) - - vlc (unimportant) + NOT-FOR-US: vlc on Windows only issue NOTE: Harmless crasher without security relevance CVE-2012-5853 (SQL injection vulnerability in the the_search_function function in ...) NOT-FOR-US: "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin for WordPress ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57818 - data/CVE
Author: jmm Date: 2017-11-19 12:04:11 + (Sun, 19 Nov 2017) New Revision: 57818 Modified: data/CVE/list Log: jenkins NFUs Modified: data/CVE/list === --- data/CVE/list 2017-11-19 10:17:07 UTC (rev 57817) +++ data/CVE/list 2017-11-19 12:04:11 UTC (rev 57818) @@ -1,3 +1,39 @@ +CVE-2017-1000404 + NOT-FOR-US: Jenkins plugin +CVE-2017-1000403 + NOT-FOR-US: Jenkins plugin +CVE-2017-1000402 + NOT-FOR-US: Jenkins plugin +CVE-2017-1000401 + NOT-FOR-US: Jenkins +CVE-2017-1000400 + NOT-FOR-US: Jenkins +CVE-2017-1000399 + NOT-FOR-US: Jenkins +CVE-2017-1000398 + NOT-FOR-US: Jenkins +CVE-2017-1000397 + NOT-FOR-US: Jenkins plugin +CVE-2017-1000396 + NOT-FOR-US: Jenkins +CVE-2017-1000395 + NOT-FOR-US: Jenkins +CVE-2017-1000393 + NOT-FOR-US: Jenkins +CVE-2017-1000392 + NOT-FOR-US: Jenkins +CVE-2017-1000391 + NOT-FOR-US: Jenkins +CVE-2017-1000390 + NOT-FOR-US: Jenkins plugin +CVE-2017-1000389 + NOT-FOR-US: Jenkins plugin +CVE-2017-1000388 + NOT-FOR-US: Jenkins plugin +CVE-2017-1000387 + NOT-FOR-US: Jenkins plugin +CVE-2017-1000386 + NOT-FOR-US: Jenkins plugin CVE-2017-16884 RESERVED CVE-2017-16883 (The outputSWF_TEXT_RECORD function in util/outputscript.c in libming = ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57817 - in data: . DSA
Author: carnil Date: 2017-11-19 10:17:07 + (Sun, 19 Nov 2017) New Revision: 57817 Modified: data/DSA/list data/dsa-needed.txt Log: Reserve DSA number for libxml-libxml-perl update Modified: data/DSA/list === --- data/DSA/list 2017-11-19 09:10:16 UTC (rev 57816) +++ data/DSA/list 2017-11-19 10:17:07 UTC (rev 57817) @@ -1,3 +1,7 @@ +[19 Nov 2017] DSA-4042-1 libxml-libxml-perl - security update + {CVE-2017-10672} + [jessie] - libxml-libxml-perl 2.0116+dfsg-1+deb8u2 + [stretch] - libxml-libxml-perl 2.0128+dfsg-1+deb9u1 [19 Nov 2017] DSA-4041-1 procmail - security update {CVE-2017-16844} [jessie] - procmail 3.22-24+deb8u1 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-11-19 09:10:16 UTC (rev 57816) +++ data/dsa-needed.txt 2017-11-19 10:17:07 UTC (rev 57817) @@ -21,8 +21,6 @@ -- libvpx/oldstable -- -libxml-libxml-perl (carnil) --- linux Wait until more issues have piled up -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57816 - data/CVE
Author: sectracker Date: 2017-11-19 09:10:16 + (Sun, 19 Nov 2017) New Revision: 57816 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-19 08:45:39 UTC (rev 57815) +++ data/CVE/list 2017-11-19 09:10:16 UTC (rev 57816) @@ -1,3 +1,5 @@ +CVE-2017-16884 + RESERVED CVE-2017-16883 (The outputSWF_TEXT_RECORD function in util/outputscript.c in libming = ...) - ming NOTE: https://github.com/libming/libming/issues/77 @@ -423,7 +425,7 @@ - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02982.html CVE-2017-16844 (Heap-based buffer overflow in the loadbuf function in formisc.c in ...) - {DLA-1173-1} + {DSA-4041-1 DLA-1173-1} - procmail 3.22-26 (bug #876511) CVE-2017-16843 (Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the ...) NOT-FOR-US: Vonage VDV-23 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57815 - in data: . DSA
Author: carnil Date: 2017-11-19 08:45:39 + (Sun, 19 Nov 2017) New Revision: 57815 Modified: data/DSA/list data/dsa-needed.txt Log: Reserve DSA number for procmail Modified: data/DSA/list === --- data/DSA/list 2017-11-19 08:12:23 UTC (rev 57814) +++ data/DSA/list 2017-11-19 08:45:39 UTC (rev 57815) @@ -1,3 +1,7 @@ +[19 Nov 2017] DSA-4041-1 procmail - security update + {CVE-2017-16844} + [jessie] - procmail 3.22-24+deb8u1 + [stretch] - procmail 3.22-25+deb9u1 [17 Nov 2017] DSA-4040-1 imagemagick - security update {CVE-2017-11352 CVE-2017-11640 CVE-2017-12431 CVE-2017-12640 CVE-2017-12877 CVE-2017-12983 CVE-2017-13134 CVE-2017-13139 CVE-2017-13144 CVE-2017-13758 CVE-2017-13769 CVE-2017-14224 CVE-2017-14607 CVE-2017-14682 CVE-2017-14989 CVE-2017-15277 CVE-2017-16546} [jessie] - imagemagick 8:6.8.9.9-5+deb8u11 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-11-19 08:12:23 UTC (rev 57814) +++ data/dsa-needed.txt 2017-11-19 08:45:39 UTC (rev 57815) @@ -38,9 +38,6 @@ -- poppler -- -procmail (carnil) - Maintainer proposed update, will upload --- qemu/oldstable -- salt ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57814 - data/CVE
Author: carnil Date: 2017-11-19 08:12:23 + (Sun, 19 Nov 2017) New Revision: 57814 Modified: data/CVE/list Log: p3scan removed from the archive Modified: data/CVE/list === --- data/CVE/list 2017-11-19 08:12:11 UTC (rev 57813) +++ data/CVE/list 2017-11-19 08:12:23 UTC (rev 57814) @@ -6389,7 +6389,7 @@ NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3=32726 NOTE: https://github.com/ImageMagick/ImageMagick/commit/3bee958ee63eb6ec62834d0c7b28b4b6835e6a00 CVE-2017-14681 (The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file ...) - - p3scan (bug #876674) + - p3scan (bug #876674) [stretch] - p3scan (Minor issue) [jessie] - p3scan (Minor issue) [wheezy] - p3scan (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57813 - data/CVE
Author: carnil Date: 2017-11-19 08:12:11 + (Sun, 19 Nov 2017) New Revision: 57813 Modified: data/CVE/list Log: Remove reference to issues/1248 for exiv2 Reason: http://www.openwall.com/lists/oss-security/2017/06/30/1 . The three assigned CVEs are different issues. Hanno Boeck stated in the oss-security post: > I have not reported thoses issues upstream. When I previously tried to > report bugs in exiv2 found via fuzzing the upstream author made it > clear to me that he has little interest in fixing those issues and > doesn't consider his software suitable to parse defect files (which > basically means it's unsuitable for untrusted input). The discussion > can be read here [1]. (the page is sometimes not available, searching > for it in the google cache usually works though) > [...] > [1] http://dev.exiv2.org/issues/1248 Modified: data/CVE/list === --- data/CVE/list 2017-11-19 08:11:51 UTC (rev 57812) +++ data/CVE/list 2017-11-19 08:12:11 UTC (rev 57813) @@ -33,7 +33,6 @@ CVE-2017-1000126 (exiv2 0.26 contains a Stack out of bounds read in webp parser ...) - exiv2 NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1 - NOTE: http://dev.exiv2.org/issues/1248 NOTE: Can't seem to reproduce this in wheezy. CVE-2017-16879 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57812 - data/CVE
Author: carnil Date: 2017-11-19 08:11:51 + (Sun, 19 Nov 2017) New Revision: 57812 Modified: data/CVE/list Log: php5 is removed, correct status Since 5.4.4.-1 php5 used system libzip although the ext file might be compiled. Mark issue as unimportant. Modified: data/CVE/list === --- data/CVE/list 2017-11-19 04:42:54 UTC (rev 57811) +++ data/CVE/list 2017-11-19 08:11:51 UTC (rev 57812) @@ -8125,11 +8125,11 @@ [stretch] - libzip (Minor issue) [jessie] - libzip (Minor issue) [wheezy] - libzip (Minor issue) - - php5 - [wheezy] - php5 (Minor issue) + - php5 (unimportant) NOTE: https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/ NOTE: https://github.com/nih-at/libzip/commit/9b46957ec98d85a572e9ef98301247f39338a3b5 - NOTE: https://github.com/php/php-src/commit/f6e8ce812174343b5c9fd1860f9e2e2864428567 + NOTE: PHP commit: https://github.com/php/php-src/commit/f6e8ce812174343b5c9fd1860f9e2e2864428567 + NOTE: Marked as unimportant, php5 uses system libzip since 5.4.5-1 CVE-2017-14105 (HiveManager Classic through 8.1r1 allows arbitrary JSP code execution ...) NOT-FOR-US: HiveManager CVE-2017-14104 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits