[Secure-testing-commits] r58047 - data/CVE
Author: sectracker Date: 2017-11-27 09:10:15 + (Mon, 27 Nov 2017) New Revision: 58047 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-27 06:38:47 UTC (rev 58046) +++ data/CVE/list 2017-11-27 09:10:15 UTC (rev 58047) @@ -1,3 +1,895 @@ +CVE-2018-0485 + RESERVED +CVE-2018-0484 + RESERVED +CVE-2018-0483 + RESERVED +CVE-2018-0482 + RESERVED +CVE-2018-0481 + RESERVED +CVE-2018-0480 + RESERVED +CVE-2018-0479 + RESERVED +CVE-2018-0478 + RESERVED +CVE-2018-0477 + RESERVED +CVE-2018-0476 + RESERVED +CVE-2018-0475 + RESERVED +CVE-2018-0474 + RESERVED +CVE-2018-0473 + RESERVED +CVE-2018-0472 + RESERVED +CVE-2018-0471 + RESERVED +CVE-2018-0470 + RESERVED +CVE-2018-0469 + RESERVED +CVE-2018-0468 + RESERVED +CVE-2018-0467 + RESERVED +CVE-2018-0466 + RESERVED +CVE-2018-0465 + RESERVED +CVE-2018-0464 + RESERVED +CVE-2018-0463 + RESERVED +CVE-2018-0462 + RESERVED +CVE-2018-0461 + RESERVED +CVE-2018-0460 + RESERVED +CVE-2018-0459 + RESERVED +CVE-2018-0458 + RESERVED +CVE-2018-0457 + RESERVED +CVE-2018-0456 + RESERVED +CVE-2018-0455 + RESERVED +CVE-2018-0454 + RESERVED +CVE-2018-0453 + RESERVED +CVE-2018-0452 + RESERVED +CVE-2018-0451 + RESERVED +CVE-2018-0450 + RESERVED +CVE-2018-0449 + RESERVED +CVE-2018-0448 + RESERVED +CVE-2018-0447 + RESERVED +CVE-2018-0446 + RESERVED +CVE-2018-0445 + RESERVED +CVE-2018-0444 + RESERVED +CVE-2018-0443 + RESERVED +CVE-2018-0442 + RESERVED +CVE-2018-0441 + RESERVED +CVE-2018-0440 + RESERVED +CVE-2018-0439 + RESERVED +CVE-2018-0438 + RESERVED +CVE-2018-0437 + RESERVED +CVE-2018-0436 + RESERVED +CVE-2018-0435 + RESERVED +CVE-2018-0434 + RESERVED +CVE-2018-0433 + RESERVED +CVE-2018-0432 + RESERVED +CVE-2018-0431 + RESERVED +CVE-2018-0430 + RESERVED +CVE-2018-0429 + RESERVED +CVE-2018-0428 + RESERVED +CVE-2018-0427 + RESERVED +CVE-2018-0426 + RESERVED +CVE-2018-0425 + RESERVED +CVE-2018-0424 + RESERVED +CVE-2018-0423 + RESERVED +CVE-2018-0422 + RESERVED +CVE-2018-0421 + RESERVED +CVE-2018-0420 + RESERVED +CVE-2018-0419 + RESERVED +CVE-2018-0418 + RESERVED +CVE-2018-0417 + RESERVED +CVE-2018-0416 + RESERVED +CVE-2018-0415 + RESERVED +CVE-2018-0414 + RESERVED +CVE-2018-0413 + RESERVED +CVE-2018-0412 + RESERVED +CVE-2018-0411 + RESERVED +CVE-2018-0410 + RESERVED +CVE-2018-0409 + RESERVED +CVE-2018-0408 + RESERVED +CVE-2018-0407 + RESERVED +CVE-2018-0406 + RESERVED +CVE-2018-0405 + RESERVED +CVE-2018-0404 + RESERVED +CVE-2018-0403 + RESERVED +CVE-2018-0402 + RESERVED +CVE-2018-0401 + RESERVED +CVE-2018-0400 + RESERVED +CVE-2018-0399 + RESERVED +CVE-2018-0398 + RESERVED +CVE-2018-0397 + RESERVED +CVE-2018-0396 + RESERVED +CVE-2018-0395 + RESERVED +CVE-2018-0394 + RESERVED +CVE-2018-0393 + RESERVED +CVE-2018-0392 + RESERVED +CVE-2018-0391 + RESERVED +CVE-2018-0390 + RESERVED +CVE-2018-0389 + RESERVED +CVE-2018-0388 + RESERVED +CVE-2018-0387 + RESERVED +CVE-2018-0386 + RESERVED +CVE-2018-0385 + RESERVED +CVE-2018-0384 + RESERVED +CVE-2018-0383 + RESERVED +CVE-2018-0382 + RESERVED +CVE-2018-0381 + RESERVED +CVE-2018-0380 + RESERVED +CVE-2018-0379 + RESERVED +CVE-2018-0378 + RESERVED +CVE-2018-0377 + RESERVED +CVE-2018-0376 + RESERVED +CVE-2018-0375 + RESERVED +CVE-2018-0374 + RESERVED +CVE-2018-0373 + RESERVED +CVE-2018-0372 + RESERVED +CVE-2018-0371 + RESERVED +CVE-2018-0370 + RESERVED +CVE-2018-0369 + RESERVED +CVE-2018-0368 + RESERVED +CVE-2018-0367 + RESERVED +CVE-2018-0366 + RESERVED +CVE-2018-0365 + RESERVED +CVE-2018-0364 + RESERVED +CVE-2018-0363 + RESERVED +CVE-2018-0362 + RESERVED +CVE-2018-0361 + RESERVED +CVE-2018-0360 + RESERVED +CVE-2018-0359 + RESERVED +CVE-2018-0358 + RESERVED +CVE-2018-0357 + RESERVED +CVE-2018-0356 + RESERVED +CVE-2018-0355 + RESERVED +CVE-2018-0354 + RESERVED +CVE-2018-0353 + RESERVED +CVE-2018-0352 + RESERVED +CVE-2018-0351 + RESERVED +CVE-2018-0350 + RESERVED +CVE-2018-0349 + RESERVED +CVE-2018-0348 + RESERVED +CVE-2018-0347 + RESERVED +CVE-2018-0346 + RESERVED +CVE-2018-0345 + RESERVED +CVE-2018-0344 + RESERVED +CVE-2018-0343 + RESERVED +CVE-2018-0342 + RESERVED +CVE-2018-0341 +
[Secure-testing-commits] r58048 - data/CVE
Author: jmm Date: 2017-11-27 17:31:35 + (Mon, 27 Nov 2017) New Revision: 58048 Modified: data/CVE/list Log: remove postponed entries for ffmpeg, next DSA will fix those Modified: data/CVE/list === --- data/CVE/list 2017-11-27 09:10:15 UTC (rev 58047) +++ data/CVE/list 2017-11-27 17:31:35 UTC (rev 58048) @@ -1575,7 +1575,6 @@ NOT-FOR-US: LanSweeper CVE-2017-16840 (The VC-2 Video Compression encoder in FFmpeg 3.4 allows remote ...) - ffmpeg - [stretch] - ffmpeg (Can be fixed with next 3.2.x release) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a94cb36ab2ad99d3a1331c9f91831ef593d94f74 CVE-2017-16839 RESERVED @@ -4759,7 +4758,6 @@ RESERVED CVE-2017-15672 (The read_header function in libavcodec/ffv1dec.c in FFmpeg 3.3.4 and ...) - ffmpeg 7:3.4-1 - [stretch] - ffmpeg (Wait until next round of security releases) - libav NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c20f4fcb74da2d0432c7b54499bb98f48236b904 CVE-2017-15671 (The glob function in glob.c in the GNU C Library (aka glibc or libc6) ...) @@ -6054,7 +6052,6 @@ NOTE: https://github.com/Cacti/cacti/commit/4f87256e63859117f81d2a2bd40c9c730e39b65d CVE-2017-15186 (Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote ...) - ffmpeg 7:3.4-1 - [stretch] - ffmpeg (Wait until next round of security releases) - libav NOTE: http://www.openwall.com/lists/oss-security/2017/10/20/4 NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/df62b70de8aaa285168e72fe8f6e740843ca91fa ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58049 - data/CVE
Author: jmm Date: 2017-11-27 17:34:28 + (Mon, 27 Nov 2017) New Revision: 58049 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list === --- data/CVE/list 2017-11-27 17:31:35 UTC (rev 58048) +++ data/CVE/list 2017-11-27 17:34:28 UTC (rev 58049) @@ -889,7 +889,7 @@ CVE-2017-16949 RESERVED CVE-2017-16948 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...) - TODO: check + NOT-FOR-US: TG Soft Vir.IT eXplorer Lite CVE-2017-16947 RESERVED CVE-2017-16946 (The admin_edit function in app/Controller/UsersController.php in MISP ...) @@ -13249,7 +13249,7 @@ CVE-2017-12801 (The UpdateDataSize function in ebmlmaster.c in libebml2 through ...) NOT-FOR-US: libembl2 (different codebase than src:libebml) CVE-2017-12800 (The EBML_FindNextElement function in ebmlmain.c in libebml2 through ...) - TODO: check + NOT-FOR-US: libembl2 (different codebase than src:libebml) CVE-2016-10405 (Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) ...) NOT-FOR-US: D-Link CVE-2017-12836 (CVS 1.12.x, when configured to use SSH for remote repositories, might ...) @@ -13308,15 +13308,15 @@ CVE-2017-12784 (In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted ...) NOT-FOR-US: Youngzsoft CCFile CVE-2017-12783 (The ReadDataFloat function in ebmlnumber.c in libebml2 through ...) - TODO: check + NOT-FOR-US: libembl2 (different codebase than src:libebml) CVE-2017-12782 (The ReadData function in ebmlmaster.c in libebml2 through 2012-08-26 ...) - TODO: check + NOT-FOR-US: libembl2 (different codebase than src:libebml) CVE-2017-12781 (The EBML_BufferToID function in ebmlelement.c in libebml2 through ...) - TODO: check + NOT-FOR-US: libembl2 (different codebase than src:libebml) CVE-2017-12780 (The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 ...) - TODO: check + NOT-FOR-US: libembl2 (different codebase than src:libebml) CVE-2017-12779 (The Node_GetData function in corec/corec/node/node.c in mkvalidator ...) - TODO: check + NOT-FOR-US: libembl2 (different codebase than src:libebml) CVE-2017-12778 RESERVED CVE-2017-1000112 (Linux kernel: Exploitable memory corruption due to UFO to non-UFO path ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58050 - data/CVE
Author: carnil Date: 2017-11-27 17:54:20 + (Mon, 27 Nov 2017) New Revision: 58050 Modified: data/CVE/list Log: Add CVE-2017-15094/pdns-recursor Modified: data/CVE/list === --- data/CVE/list 2017-11-27 17:34:28 UTC (rev 58049) +++ data/CVE/list 2017-11-27 17:54:20 UTC (rev 58050) @@ -6293,8 +6293,13 @@ NOTE: NO_DESER_CLASS_NAMES as of: NOTE: https://github.com/FasterXML/jackson-databind/blob/7093008aa2afe8068e120df850189ae072dfa1b2/src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java#L43 NOTE: Details: http://www.openwall.com/lists/oss-security/2017/11/02/3 -CVE-2017-15094 +CVE-2017-15094 [Memory leak in DNSSEC parsing] RESERVED + - pdns-recursor + [stretch] - pdns-recursor (Minor issue) + [jessie] - pdns-recursor (Issue introduced in 4.0.0) + [wheezy] - pdns-recursor (Issue introduced in 4.0.0) + NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-07.html CVE-2017-15093 RESERVED CVE-2017-15092 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58051 - data/CVE
Author: carnil Date: 2017-11-27 17:56:16 + (Mon, 27 Nov 2017) New Revision: 58051 Modified: data/CVE/list Log: Add CVE-2017-15093/pdns-recursor Modified: data/CVE/list === --- data/CVE/list 2017-11-27 17:54:20 UTC (rev 58050) +++ data/CVE/list 2017-11-27 17:56:16 UTC (rev 58051) @@ -6300,8 +6300,12 @@ [jessie] - pdns-recursor (Issue introduced in 4.0.0) [wheezy] - pdns-recursor (Issue introduced in 4.0.0) NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-07.html -CVE-2017-15093 +CVE-2017-15093 [Configuration file injection in the API] RESERVED + - pdns-recursor + [stretch] - pdns-recursor (Minor issue) + [jessie] - pdns-recursor (Minor issue) + NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html CVE-2017-15092 RESERVED CVE-2017-15091 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58052 - data/CVE
Author: carnil Date: 2017-11-27 17:58:30 + (Mon, 27 Nov 2017) New Revision: 58052 Modified: data/CVE/list Log: Add CVE-2017-15092/pdns-recursor Modified: data/CVE/list === --- data/CVE/list 2017-11-27 17:56:16 UTC (rev 58051) +++ data/CVE/list 2017-11-27 17:58:30 UTC (rev 58052) @@ -6306,8 +6306,13 @@ [stretch] - pdns-recursor (Minor issue) [jessie] - pdns-recursor (Minor issue) NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html -CVE-2017-15092 +CVE-2017-15092 [Cross-Site Scripting in the web interface] RESERVED + - pdns-recursor + [stretch] - pdns-recursor (Minor issue) + [jessie] - pdns-recursor (Issue introduced in 4.0.0) + [wheezy] - pdns-recursor (Issue introduced in 4.0.0) + NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.html CVE-2017-15091 RESERVED CVE-2017-15090 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58053 - data/CVE
Author: carnil Date: 2017-11-27 18:02:01 + (Mon, 27 Nov 2017) New Revision: 58053 Modified: data/CVE/list Log: Add CVE-2017-15090/pdns-recursor Modified: data/CVE/list === --- data/CVE/list 2017-11-27 17:58:30 UTC (rev 58052) +++ data/CVE/list 2017-11-27 18:02:01 UTC (rev 58053) @@ -6315,8 +6315,13 @@ NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.html CVE-2017-15091 RESERVED -CVE-2017-15090 +CVE-2017-15090 [Insufficient validation of DNSSEC signatures] RESERVED + - pdns-recursor + [stretch] - pdns-recursor (Minor issue) + [jessie] - pdns-recursor (Issue introduced in 4.0.0) + [wheezy] - pdns-recursor (Issue introduced in 4.0.0) + NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html CVE-2017-15089 RESERVED CVE-2017-15088 (plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58054 - data/CVE
Author: carnil Date: 2017-11-27 18:04:16 + (Mon, 27 Nov 2017) New Revision: 58054 Modified: data/CVE/list Log: Add CVE-2017-15091/pdns Modified: data/CVE/list === --- data/CVE/list 2017-11-27 18:02:01 UTC (rev 58053) +++ data/CVE/list 2017-11-27 18:04:16 UTC (rev 58054) @@ -6313,8 +6313,12 @@ [jessie] - pdns-recursor (Issue introduced in 4.0.0) [wheezy] - pdns-recursor (Issue introduced in 4.0.0) NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.html -CVE-2017-15091 +CVE-2017-15091 [Missing check on API operations] RESERVED + - pdns + [stretch] - pdns (Minor issue) + [jessie] - pdns (Minor issue) + NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html CVE-2017-15090 [Insufficient validation of DNSSEC signatures] RESERVED - pdns-recursor ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58055 - data/CVE
Author: carnil Date: 2017-11-27 18:06:10 + (Mon, 27 Nov 2017) New Revision: 58055 Modified: data/CVE/list Log: Add additional references for pdns/pdns-recursor issues Modified: data/CVE/list === --- data/CVE/list 2017-11-27 18:04:16 UTC (rev 58054) +++ data/CVE/list 2017-11-27 18:06:10 UTC (rev 58055) @@ -6300,12 +6300,14 @@ [jessie] - pdns-recursor (Issue introduced in 4.0.0) [wheezy] - pdns-recursor (Issue introduced in 4.0.0) NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-07.html + NOTE: https://downloads.powerdns.com/patches/2017-07/ CVE-2017-15093 [Configuration file injection in the API] RESERVED - pdns-recursor [stretch] - pdns-recursor (Minor issue) [jessie] - pdns-recursor (Minor issue) NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html + NOTE: https://downloads.powerdns.com/patches/2017-06/ CVE-2017-15092 [Cross-Site Scripting in the web interface] RESERVED - pdns-recursor @@ -6313,12 +6315,14 @@ [jessie] - pdns-recursor (Issue introduced in 4.0.0) [wheezy] - pdns-recursor (Issue introduced in 4.0.0) NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.html + NOTE: https://downloads.powerdns.com/patches/2017-05/ CVE-2017-15091 [Missing check on API operations] RESERVED - pdns [stretch] - pdns (Minor issue) [jessie] - pdns (Minor issue) NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html + NOTE: https://downloads.powerdns.com/patches/2017-04/ CVE-2017-15090 [Insufficient validation of DNSSEC signatures] RESERVED - pdns-recursor @@ -6326,6 +6330,7 @@ [jessie] - pdns-recursor (Issue introduced in 4.0.0) [wheezy] - pdns-recursor (Issue introduced in 4.0.0) NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html + NOTE: https://downloads.powerdns.com/patches/2017-03/ CVE-2017-15089 RESERVED CVE-2017-15088 (plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58056 - data
Author: kanashiro Date: 2017-11-27 19:05:09 + (Mon, 27 Nov 2017) New Revision: 58056 Modified: data/dla-needed.txt Log: claim xrdp in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-11-27 18:06:10 UTC (rev 58055) +++ data/dla-needed.txt 2017-11-27 19:05:09 UTC (rev 58056) @@ -123,7 +123,7 @@ -- xen -- -xrdp +xrdp (Lucas Kanashiro) NOTE: Please wait until pull request has been merged or confirmed to fix the NOTE: problem. See https://groups.google.com/forum/#!topic/xrdp-devel/PmVfMuy_xBA -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58057 - data
Author: carnil Date: 2017-11-27 19:58:34 + (Mon, 27 Nov 2017) New Revision: 58057 Modified: data/next-oldstable-point-update.txt Log: Add proposed fixes for mariadb-10.0 via jessie-pu Modified: data/next-oldstable-point-update.txt === --- data/next-oldstable-point-update.txt2017-11-27 19:05:09 UTC (rev 58056) +++ data/next-oldstable-point-update.txt2017-11-27 19:58:34 UTC (rev 58057) @@ -124,3 +124,7 @@ [jessie] - sam2p 0.49.2-3+deb8u1 CVE-2017-15928 [jessie] - ruby-ox 2.1.1-2+deb8u1 +CVE-2017-10378 + [jessie] - mariadb-10.0 10.0.33-0+deb8u1 +CVE-2017-10268 + [jessie] - mariadb-10.0 10.0.33-0+deb8u1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58058 - data/CVE
Author: carnil Date: 2017-11-27 20:37:03 + (Mon, 27 Nov 2017) New Revision: 58058 Modified: data/CVE/list Log: Add CVE-2017-16994/linux Modified: data/CVE/list === --- data/CVE/list 2017-11-27 19:58:34 UTC (rev 58057) +++ data/CVE/list 2017-11-27 20:37:03 UTC (rev 58058) @@ -798,6 +798,9 @@ RESERVED CVE-2018-0086 RESERVED +CVE-2017-16994 + - linux + NOTE: Fixed by: https://git.kernel.org/linus/373c4557d2aa362702c4c2d41288fb1e54990b7c (4.15-rc1) CVE-2017-16993 RESERVED CVE-2017-16992 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58059 - data/CVE
Author: sectracker
Date: 2017-11-27 21:10:20 + (Mon, 27 Nov 2017)
New Revision: 58059
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2017-11-27 20:37:03 UTC (rev 58058)
+++ data/CVE/list 2017-11-27 21:10:20 UTC (rev 58059)
@@ -1,3 +1,15 @@
+CVE-2017-1001004 (typed-function before 0.10.6 had an arbitrary code execution
in the ...)
+ TODO: check
+CVE-2017-1001003 (math.js before 3.17.0 had an issue where private properties
such as a ...)
+ TODO: check
+CVE-2017-1001002 (math.js before 3.17.0 had an arbitrary code execution in the
...)
+ TODO: check
+CVE-2017-1000214 (GitPHP by xiphux is vulnerable to OS Command Injections ...)
+ TODO: check
+CVE-2017-1000207 (A vulnerability in Swagger-Parser's version <= 1.0.30 and
Swagger ...)
+ TODO: check
+CVE-2017-1000159 (Command injection in evince 3.24.8 via filename when
printing to PDF ...)
+ TODO: check
CVE-2018-0485
RESERVED
CVE-2018-0484
@@ -798,7 +810,7 @@
RESERVED
CVE-2018-0086
RESERVED
-CVE-2017-16994
+CVE-2017-16994 (The walk_hugetlb_range function in mm/pagewalk.c in the Linux
kernel ...)
- linux
NOTE: Fixed by:
https://git.kernel.org/linus/373c4557d2aa362702c4c2d41288fb1e54990b7c (4.15-rc1)
CVE-2017-16993
@@ -863,22 +875,22 @@
RESERVED
CVE-2017-16963
RESERVED
-CVE-2017-16962
- RESERVED
-CVE-2017-16961
- RESERVED
-CVE-2017-16960
- RESERVED
-CVE-2017-16959
- RESERVED
-CVE-2017-16958
- RESERVED
-CVE-2017-16957
- RESERVED
-CVE-2017-16956
- RESERVED
-CVE-2017-16955
- RESERVED
+CVE-2017-16962 (The WebMail components (Crystal, pronto, and pronto4) in
CommuniGate ...)
+ TODO: check
+CVE-2017-16961 (A SQL injection vulnerability in core/inc/auto-modules.php in
BigTree ...)
+ TODO: check
+CVE-2017-16960 (TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote
...)
+ TODO: check
+CVE-2017-16959 (The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR,
TL-ER, ...)
+ TODO: check
+CVE-2017-16958 (TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote
...)
+ TODO: check
+CVE-2017-16957 (TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote
...)
+ TODO: check
+CVE-2017-16956 (b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending
a ...)
+ TODO: check
+CVE-2017-16955 (SQL injection vulnerability in the InLinks plugin through 1.1
for ...)
+ TODO: check
CVE-2017-16954
RESERVED
CVE-2017-16953
@@ -6202,14 +6214,13 @@
CVE-2017-15118
RESERVED
CVE-2017-15117
- RESERVED
+ REJECTED
CVE-2017-15116
RESERVED
CVE-2017-15115 (The sctp_do_peeloff function in net/sctp/socket.c in the Linux
kernel ...)
- linux 4.13.13-1
NOTE:
https://git.kernel.org/linus/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74
(v4.14-rc6)
-CVE-2017-15114 [Passwordless access for non-libvirt related services when
using shared certificate authority]
- RESERVED
+CVE-2017-15114 (When libvirtd is configured by OSP director
(tripleo-heat-templates) ...)
- tripleo-heat-templates (Vulnerability introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1510015
NOTE: Bug: https://bugs.launchpad.net/tripleo/+bug/1730370
@@ -6250,8 +6261,7 @@
- liblouis (Incomplete fix not applied in Debian)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1492701#c12
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1511023
-CVE-2017-15100
- RESERVED
+CVE-2017-15100 (An attacker submitting facts to the Foreman server containing
HTML can ...)
- foreman (bug #663101)
CVE-2017-15099 (INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x
before ...)
{DSA-4028-1}
@@ -6435,16 +6445,16 @@
NOTE: https://github.com/upx/upx/issues/128
NOTE:
https://github.com/upx/upx/commit/ef336dbcc6dc8344482f8cf6c909ae96c3286317
NOTE: crash in CLI tool, no security impact
-CVE-2017-15055
- RESERVED
-CVE-2017-15054
- RESERVED
-CVE-2017-15053
- RESERVED
-CVE-2017-15052
- RESERVED
-CVE-2017-15051
- RESERVED
+CVE-2017-15055 (TeamPass before 2.1.27.9 does not properly enforce item access
control ...)
+ TODO: check
+CVE-2017-15054 (An arbitrary file upload vulnerability, present in TeamPass
before ...)
+ TODO: check
+CVE-2017-15053 (TeamPass before 2.1.27.9 does not properly enforce manager
access ...)
+ TODO: check
+CVE-2017-15052 (TeamPass before 2.1.27.9 does not properly enforce manager
access ...)
+ TODO: check
+CVE-2017-15051 (Multiple stored cross-site scripting (XSS) vulnerabilities in
TeamPass ...)
+ TODO: check
CVE-2017-15050
RESERVED
CVE-2017-15049
@@ -7932,10 +7942,10 @@
NOT-FOR-US: Atlassian
CVE-2017-14587 (The administration user deleti
[Secure-testing-commits] r58060 - data
Author: carnil Date: 2017-11-27 21:14:22 + (Mon, 27 Nov 2017) New Revision: 58060 Modified: data/dsa-needed.txt Log: Add bzr to dsa-needed list Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-11-27 21:10:20 UTC (rev 58059) +++ data/dsa-needed.txt 2017-11-27 21:14:22 UTC (rev 58060) @@ -14,6 +14,8 @@ -- 389-ds-base (fw) -- +bzr (carnil) +-- exim4/stable -- graphicsmagick ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58061 - data/CVE
Author: carnil Date: 2017-11-27 21:22:10 + (Mon, 27 Nov 2017) New Revision: 58061 Modified: data/CVE/list Log: Process NFUs Modified: data/CVE/list === --- data/CVE/list 2017-11-27 21:14:22 UTC (rev 58060) +++ data/CVE/list 2017-11-27 21:22:10 UTC (rev 58061) @@ -878,19 +878,19 @@ CVE-2017-16962 (The WebMail components (Crystal, pronto, and pronto4) in CommuniGate ...) TODO: check CVE-2017-16961 (A SQL injection vulnerability in core/inc/auto-modules.php in BigTree ...) - TODO: check + NOT-FOR-US: BigTree CMS CVE-2017-16960 (TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2017-16959 (The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2017-16958 (TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2017-16957 (TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2017-16956 (b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a ...) - TODO: check + NOT-FOR-US: b3log Symphony CVE-2017-16955 (SQL injection vulnerability in the InLinks plugin through 1.1 for ...) - TODO: check + NOT-FOR-US: InLinks plugin for WordPress CVE-2017-16954 RESERVED CVE-2017-16953 @@ -23244,7 +23244,7 @@ CVE-2017-9317 RESERVED CVE-2017-9316 (Firmware upgrade authentication bypass vulnerability was found in ...) - TODO: check + NOT-FOR-US: Dahua CVE-2017-9315 RESERVED CVE-2017-9314 (Authentication vulnerability found in Dahua NVR models NVR50XX, ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58062 - data/CVE
Author: carnil Date: 2017-11-27 21:22:23 + (Mon, 27 Nov 2017) New Revision: 58062 Modified: data/CVE/list Log: Add teampass entries, itp'ed, #730180 Modified: data/CVE/list === --- data/CVE/list 2017-11-27 21:22:10 UTC (rev 58061) +++ data/CVE/list 2017-11-27 21:22:23 UTC (rev 58062) @@ -6446,15 +6446,15 @@ NOTE: https://github.com/upx/upx/commit/ef336dbcc6dc8344482f8cf6c909ae96c3286317 NOTE: crash in CLI tool, no security impact CVE-2017-15055 (TeamPass before 2.1.27.9 does not properly enforce item access control ...) - TODO: check + - teampass (bug #730180) CVE-2017-15054 (An arbitrary file upload vulnerability, present in TeamPass before ...) - TODO: check + - teampass (bug #730180) CVE-2017-15053 (TeamPass before 2.1.27.9 does not properly enforce manager access ...) - TODO: check + - teampass (bug #730180) CVE-2017-15052 (TeamPass before 2.1.27.9 does not properly enforce manager access ...) - TODO: check + - teampass (bug #730180) CVE-2017-15051 (Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass ...) - TODO: check + - teampass (bug #730180) CVE-2017-15050 RESERVED CVE-2017-15049 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58063 - data/CVE
Author: carnil Date: 2017-11-27 21:25:56 + (Mon, 27 Nov 2017) New Revision: 58063 Modified: data/CVE/list Log: Add CVE-2017-1000159/evince Modified: data/CVE/list === --- data/CVE/list 2017-11-27 21:22:23 UTC (rev 58062) +++ data/CVE/list 2017-11-27 21:25:56 UTC (rev 58063) @@ -9,7 +9,8 @@ CVE-2017-1000207 (A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger ...) TODO: check CVE-2017-1000159 (Command injection in evince 3.24.8 via filename when printing to PDF ...) - TODO: check + - evince 3.25.92-1 + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784947 CVE-2018-0485 RESERVED CVE-2018-0484 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58064 - data/CVE
Author: carnil Date: 2017-11-27 21:27:29 + (Mon, 27 Nov 2017) New Revision: 58064 Modified: data/CVE/list Log: Record fixed version for pdns-recursor upload to unstable Modified: data/CVE/list === --- data/CVE/list 2017-11-27 21:25:56 UTC (rev 58063) +++ data/CVE/list 2017-11-27 21:27:29 UTC (rev 58064) @@ -6309,7 +6309,7 @@ NOTE: Details: http://www.openwall.com/lists/oss-security/2017/11/02/3 CVE-2017-15094 [Memory leak in DNSSEC parsing] RESERVED - - pdns-recursor + - pdns-recursor 4.0.7-1 [stretch] - pdns-recursor (Minor issue) [jessie] - pdns-recursor (Issue introduced in 4.0.0) [wheezy] - pdns-recursor (Issue introduced in 4.0.0) @@ -6317,14 +6317,14 @@ NOTE: https://downloads.powerdns.com/patches/2017-07/ CVE-2017-15093 [Configuration file injection in the API] RESERVED - - pdns-recursor + - pdns-recursor 4.0.7-1 [stretch] - pdns-recursor (Minor issue) [jessie] - pdns-recursor (Minor issue) NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html NOTE: https://downloads.powerdns.com/patches/2017-06/ CVE-2017-15092 [Cross-Site Scripting in the web interface] RESERVED - - pdns-recursor + - pdns-recursor 4.0.7-1 [stretch] - pdns-recursor (Minor issue) [jessie] - pdns-recursor (Issue introduced in 4.0.0) [wheezy] - pdns-recursor (Issue introduced in 4.0.0) @@ -6339,7 +6339,7 @@ NOTE: https://downloads.powerdns.com/patches/2017-04/ CVE-2017-15090 [Insufficient validation of DNSSEC signatures] RESERVED - - pdns-recursor + - pdns-recursor 4.0.7-1 [stretch] - pdns-recursor (Minor issue) [jessie] - pdns-recursor (Issue introduced in 4.0.0) [wheezy] - pdns-recursor (Issue introduced in 4.0.0) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58065 - data/CVE
Author: carnil Date: 2017-11-27 21:30:53 + (Mon, 27 Nov 2017) New Revision: 58065 Modified: data/CVE/list Log: Add fixing version for CVE-2017-16879 for upload to unstable Modified: data/CVE/list === --- data/CVE/list 2017-11-27 21:27:29 UTC (rev 58064) +++ data/CVE/list 2017-11-27 21:30:53 UTC (rev 58065) @@ -1169,7 +1169,7 @@ NOTE: https://github.com/Exiv2/exiv2/issues/175 NOTE: Can't seem to reproduce this in wheezy. CVE-2017-16879 (Stack-based buffer overflow in the _nc_write_entry function in ...) - - ncurses (bug #882620) + - ncurses 6.0+20171125-1 (bug #882620) [stretch] - ncurses (Minor issue) [jessie] - ncurses (Minor issue) [wheezy] - ncurses (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58066 - data/DSA
Author: jmm
Date: 2017-11-27 21:45:25 + (Mon, 27 Nov 2017)
New Revision: 58066
Modified:
data/DSA/list
Log:
ffmpeg DSA
Modified: data/DSA/list
===
--- data/DSA/list 2017-11-27 21:30:53 UTC (rev 58065)
+++ data/DSA/list 2017-11-27 21:45:25 UTC (rev 58066)
@@ -1,3 +1,6 @@
+[27 Nov 2017] DSA-4049-1 ffmpeg - security update
+ {CVE-2017-15186 CVE-2017-15672 CVE-2017-16840}
+ [stretch] - ffmpeg 7:3.2.9-1~deb9u1
[23 Nov 2017] DSA-4048-1 openjdk-7 - security update
{CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10295
CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349
CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388}
[jessie] - openjdk-7 7u151-2.6.11-2~deb8u1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58067 - data
Author: lamby Date: 2017-11-27 23:30:25 + (Mon, 27 Nov 2017) New Revision: 58067 Modified: data/dla-needed.txt Log: data/dla-needed.txt: Correct grammar. Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-11-27 21:45:25 UTC (rev 58066) +++ data/dla-needed.txt 2017-11-27 23:30:25 UTC (rev 58067) @@ -36,7 +36,7 @@ NOTE: 20171116: Diego Biurrun (from the libav team) is working on patches. -- libextractor - NOTE: not all patches available, so didn't bothered maintainer yet + NOTE: not all patches available, so didn't bother maintainer yet -- libnet-ping-external-perl NOTE: The solution for jessie is to remove the package from the archieve. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58068 - data/CVE
Author: lamby Date: 2017-11-27 23:30:48 + (Mon, 27 Nov 2017) New Revision: 58068 Modified: data/CVE/list Log: Follow jessie/stretch for CVE-2017-15091/pdns and CVE-2017-15093/pdns-resolver in wheezy/LTS. Modified: data/CVE/list === --- data/CVE/list 2017-11-27 23:30:25 UTC (rev 58067) +++ data/CVE/list 2017-11-27 23:30:48 UTC (rev 58068) @@ -6320,6 +6320,7 @@ - pdns-recursor 4.0.7-1 [stretch] - pdns-recursor (Minor issue) [jessie] - pdns-recursor (Minor issue) + [wheezy] - pdns (Minor issue) NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html NOTE: https://downloads.powerdns.com/patches/2017-06/ CVE-2017-15092 [Cross-Site Scripting in the web interface] @@ -6335,6 +6336,7 @@ - pdns [stretch] - pdns (Minor issue) [jessie] - pdns (Minor issue) + [wheezy] - pdns (Minor issue) NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html NOTE: https://downloads.powerdns.com/patches/2017-04/ CVE-2017-15090 [Insufficient validation of DNSSEC signatures] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58069 - in data: . DLA
Author: roberto
Date: 2017-11-28 00:17:58 + (Tue, 28 Nov 2017)
New Revision: 58069
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-1193-1 for roundcube
Modified: data/DLA/list
===
--- data/DLA/list 2017-11-27 23:30:48 UTC (rev 58068)
+++ data/DLA/list 2017-11-28 00:17:58 UTC (rev 58069)
@@ -1,3 +1,6 @@
+[27 Nov 2017] DLA-1193-1 roundcube - security update
+ {CVE-2017-16651}
+ [wheezy] - roundcube 0.7.2-9+deb7u9
[26 Nov 2017] DLA-1192-1 libofx - security update
{CVE-2017-2816 CVE-2017-14731}
[wheezy] - libofx 1:0.9.4-2.1+deb7u1
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-11-27 23:30:48 UTC (rev 58068)
+++ data/dla-needed.txt 2017-11-28 00:17:58 UTC (rev 58069)
@@ -80,9 +80,6 @@
--
otrs2 (Emilio Pozuelo)
--
-roundcube (Roberto C. Sánchez)
- NOTE: 20171124: Patch updated/tested based on upstream guidance, packages
prepared, call for testing sent out
---
rsync (Thorsten Alteholz)
--
rtpproxy
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58070 - data
Author: roberto Date: 2017-11-28 01:40:43 + (Tue, 28 Nov 2017) New Revision: 58070 Modified: data/dla-needed.txt Log: Update status of exiv2 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-11-28 00:17:58 UTC (rev 58069) +++ data/dla-needed.txt 2017-11-28 01:40:43 UTC (rev 58070) @@ -18,8 +18,7 @@ NOTE: Only in wheezy, we are on our own. -- exiv2 - NOTE: can't reproduce using valgrind, can't build with ASAN, no-dsa - NOTE: or not-affected? https://lists.debian.org/87shd4u61v@curie.anarc.at + NOTE: confirmed that vulnerabilities cannot be reproduced with ASAN: https://lists.debian.org/debian-lts/2017/11/msg00124.html -- irssi (Rhonda D'Vine) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58071 - data/CVE
Author: carnil Date: 2017-11-28 05:24:54 + (Tue, 28 Nov 2017) New Revision: 58071 Modified: data/CVE/list Log: Fix source package name used in CVE-2017-15093 Modified: data/CVE/list === --- data/CVE/list 2017-11-28 01:40:43 UTC (rev 58070) +++ data/CVE/list 2017-11-28 05:24:54 UTC (rev 58071) @@ -6320,7 +6320,7 @@ - pdns-recursor 4.0.7-1 [stretch] - pdns-recursor (Minor issue) [jessie] - pdns-recursor (Minor issue) - [wheezy] - pdns (Minor issue) + [wheezy] - pdns-recursor (Minor issue) NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html NOTE: https://downloads.powerdns.com/patches/2017-06/ CVE-2017-15092 [Cross-Site Scripting in the web interface] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58072 - data/CVE
Author: carnil Date: 2017-11-28 05:25:18 + (Tue, 28 Nov 2017) New Revision: 58072 Modified: data/CVE/list Log: CVE-2017-15093 and CVE-2017-15091 do not affect wheezy version, API code introduced later Modified: data/CVE/list === --- data/CVE/list 2017-11-28 05:24:54 UTC (rev 58071) +++ data/CVE/list 2017-11-28 05:25:18 UTC (rev 58072) @@ -6320,7 +6320,7 @@ - pdns-recursor 4.0.7-1 [stretch] - pdns-recursor (Minor issue) [jessie] - pdns-recursor (Minor issue) - [wheezy] - pdns-recursor (Minor issue) + [wheezy] - pdns-recursor (Vulnerable code introduced later) NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html NOTE: https://downloads.powerdns.com/patches/2017-06/ CVE-2017-15092 [Cross-Site Scripting in the web interface] @@ -6336,7 +6336,7 @@ - pdns [stretch] - pdns (Minor issue) [jessie] - pdns (Minor issue) - [wheezy] - pdns (Minor issue) + [wheezy] - pdns (Vulnerable code not present) NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html NOTE: https://downloads.powerdns.com/patches/2017-04/ CVE-2017-15090 [Insufficient validation of DNSSEC signatures] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58073 - data/CVE
Author: carnil Date: 2017-11-28 05:27:26 + (Tue, 28 Nov 2017) New Revision: 58073 Modified: data/CVE/list Log: CVE-2017-15091/pdns fixed in unstable Modified: data/CVE/list === --- data/CVE/list 2017-11-28 05:25:18 UTC (rev 58072) +++ data/CVE/list 2017-11-28 05:27:26 UTC (rev 58073) @@ -6333,7 +6333,7 @@ NOTE: https://downloads.powerdns.com/patches/2017-05/ CVE-2017-15091 [Missing check on API operations] RESERVED - - pdns + - pdns 4.0.5-1 [stretch] - pdns (Minor issue) [jessie] - pdns (Minor issue) [wheezy] - pdns (Vulnerable code not present) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58074 - data
Author: carnil Date: 2017-11-28 05:35:21 + (Tue, 28 Nov 2017) New Revision: 58074 Modified: data/next-oldstable-point-update.txt data/next-point-update.txt Log: Record proposed fixes for pdns and pdns-recursor via point update Modified: data/next-oldstable-point-update.txt === --- data/next-oldstable-point-update.txt2017-11-28 05:27:26 UTC (rev 58073) +++ data/next-oldstable-point-update.txt2017-11-28 05:35:21 UTC (rev 58074) @@ -128,3 +128,7 @@ [jessie] - mariadb-10.0 10.0.33-0+deb8u1 CVE-2017-10268 [jessie] - mariadb-10.0 10.0.33-0+deb8u1 +CVE-2017-15091 + [jessie] - pdns 3.4.1-4+deb8u8 +CVE-2017-15093 + [jessie] - pdns-recursor 3.6.2-2+deb8u4 Modified: data/next-point-update.txt === --- data/next-point-update.txt 2017-11-28 05:27:26 UTC (rev 58073) +++ data/next-point-update.txt 2017-11-28 05:35:21 UTC (rev 58074) @@ -45,3 +45,13 @@ [stretch] - ruby-ox 2.1.1-2+deb9u1 CVE-2017-12133 [stretch] - glibc 2.24-11+deb9u2 +CVE-2017-15090 + [stretch] - pdns-recursor 4.0.4-1+deb9u2 +CVE-2017-15091 + [stretch] - pdns 4.0.3-1+deb9u2 +CVE-2017-15092 + [stretch] - pdns-recursor 4.0.4-1+deb9u2 +CVE-2017-15093 + [stretch] - pdns-recursor 4.0.4-1+deb9u2 +CVE-2017-15094 + [stretch] - pdns-recursor 4.0.4-1+deb9u2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
