[Secure-testing-commits] r58448 - data/CVE
Author: carnil Date: 2017-12-11 06:45:47 + (Mon, 11 Dec 2017) New Revision: 58448 Modified: data/CVE/list Log: Mark CVE-2017-15365 as undetermined for now It's for the percona DB, although file is present in percona-xtrabackup needs further investigation. Modified: data/CVE/list === --- data/CVE/list 2017-12-11 06:27:07 UTC (rev 58447) +++ data/CVE/list 2017-12-11 06:45:47 UTC (rev 58448) @@ -8665,7 +8665,7 @@ - mariadb-10.2 (bug #884065) - mariadb-10.1 - mariadb-10.0 - - percona-xtrabackup + - percona-xtrabackup - mysql-5.7 - mysql-5.5 NOTE: MariaDB: Fixed in 10.2.10 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58444 - data/CVE
Author: carnil Date: 2017-12-11 06:14:45 + (Mon, 11 Dec 2017) New Revision: 58444 Modified: data/CVE/list Log: Add CVE-2017-15365/mariadb Modified: data/CVE/list === --- data/CVE/list 2017-12-10 21:38:33 UTC (rev 58443) +++ data/CVE/list 2017-12-11 06:14:45 UTC (rev 58444) @@ -8660,8 +8660,18 @@ RESERVED CVE-2017-15366 (Before Thornberry NDoc version 8.0, laptop clients and the server have ...) NOT-FOR-US: Thornberry NDoc -CVE-2017-15365 +CVE-2017-15365 [Replication in sql/event_data_objects.cc occurs before ACL checks] RESERVED + - mariadb-10.2 + - mariadb-10.1 + - mariadb-10.0 + - percona-xtrabackup + - mysql-5.7 + - mysql-5.5 + NOTE: MariaDB: Fixed in 10.2.10 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1524234 + NOTE: https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html + NOTE: Likely (unconfirmed) fix: https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e?diff=unified CVE-2017-15364 (The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote ...) NOT-FOR-US: ccsv CVE-2017-15363 (Directory traversal vulnerability in ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58445 - data/CVE
Author: carnil
Date: 2017-12-11 06:17:16 + (Mon, 11 Dec 2017)
New Revision: 58445
Modified:
data/CVE/list
Log:
Add two more CVEs for mariadb-10.2
Modified: data/CVE/list
===
--- data/CVE/list 2017-12-11 06:14:45 UTC (rev 58444)
+++ data/CVE/list 2017-12-11 06:17:16 UTC (rev 58445)
@@ -23851,6 +23851,7 @@
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10378 (Vulnerability in the MySQL Server component of Oracle MySQL
...)
{DSA-4002-1 DLA-1141-1}
+ - mariadb-10.2
- mariadb-10.1 10.1.29-1
[stretch] - mariadb-10.1 (Minor issue)
- mariadb-10.0
@@ -24186,6 +24187,7 @@
NOT-FOR-US: Oracle
CVE-2017-10268 (Vulnerability in the MySQL Server component of Oracle MySQL
...)
{DSA-4002-1 DLA-1141-1}
+ - mariadb-10.2
- mariadb-10.1 10.1.29-1
[stretch] - mariadb-10.1 (Minor issue)
- mariadb-10.0
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58447 - data/CVE
Author: carnil
Date: 2017-12-11 06:27:07 + (Mon, 11 Dec 2017)
New Revision: 58447
Modified:
data/CVE/list
Log:
Add bug reference for mariadb-10.2
Modified: data/CVE/list
===
--- data/CVE/list 2017-12-11 06:22:18 UTC (rev 58446)
+++ data/CVE/list 2017-12-11 06:27:07 UTC (rev 58447)
@@ -8662,7 +8662,7 @@
NOT-FOR-US: Thornberry NDoc
CVE-2017-15365 [Replication in sql/event_data_objects.cc occurs before ACL
checks]
RESERVED
- - mariadb-10.2
+ - mariadb-10.2 (bug #884065)
- mariadb-10.1
- mariadb-10.0
- percona-xtrabackup
@@ -23833,7 +23833,7 @@
- glassfish (Vulnerable code not included, see bug
#853998)
CVE-2017-10384 (Vulnerability in the MySQL Server component of Oracle MySQL
...)
{DSA-4002-1 DLA-1141-1}
- - mariadb-10.2
+ - mariadb-10.2 (bug #884065)
- mysql-5.7 5.7.20-1 (bug #878398)
- mysql-5.5 (bug #878402)
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
@@ -23847,13 +23847,13 @@
NOT-FOR-US: Java Advanced Management Console
CVE-2017-10379 (Vulnerability in the MySQL Server component of Oracle MySQL
...)
{DSA-4002-1 DLA-1141-1}
- - mariadb-10.2
+ - mariadb-10.2 (bug #884065)
- mysql-5.7 5.7.20-1 (bug #878398)
- mysql-5.5 (bug #878402)
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10378 (Vulnerability in the MySQL Server component of Oracle MySQL
...)
{DSA-4002-1 DLA-1141-1}
- - mariadb-10.2
+ - mariadb-10.2 (bug #884065)
- mariadb-10.1 10.1.29-1
[stretch] - mariadb-10.1 (Minor issue)
- mariadb-10.0
@@ -23888,7 +23888,7 @@
CVE-2017-10366 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools
component of ...)
NOT-FOR-US: Oracle
CVE-2017-10365 (Vulnerability in the MySQL Server component of Oracle MySQL
...)
- - mariadb-10.2
+ - mariadb-10.2 (bug #884065)
- mysql-5.7 5.7.20-1 (bug #878398)
- mysql-5.5 (Only affects MySQL 5.7)
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
@@ -24033,7 +24033,7 @@
CVE-2017-10321 (Vulnerability in the Core RDBMS component of Oracle Database
Server. ...)
NOT-FOR-US: Oracle
CVE-2017-10320 (Vulnerability in the MySQL Server component of Oracle MySQL
...)
- - mariadb-10.2
+ - mariadb-10.2 (bug #884065)
- mysql-5.7 5.7.20-1 (bug #878398)
- mysql-5.5 (Only affects MySQL 5.7)
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
@@ -24123,7 +24123,7 @@
CVE-2017-10287 (Vulnerability in the PeopleSoft Enterprise FSCM component of
Oracle ...)
NOT-FOR-US: Oracle
CVE-2017-10286 (Vulnerability in the MySQL Server component of Oracle MySQL
...)
- - mariadb-10.2
+ - mariadb-10.2 (bug #884065)
- mysql-5.7 5.7.20-1 (bug #878398)
- mysql-5.5 (Only affects MySQL 5.6 and 5.7)
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
@@ -24192,7 +24192,7 @@
NOT-FOR-US: Oracle
CVE-2017-10268 (Vulnerability in the MySQL Server component of Oracle MySQL
...)
{DSA-4002-1 DLA-1141-1}
- - mariadb-10.2
+ - mariadb-10.2 (bug #884065)
- mariadb-10.1 10.1.29-1
[stretch] - mariadb-10.1 (Minor issue)
- mariadb-10.0
@@ -44538,7 +44538,7 @@
RESERVED
CVE-2017-3653 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-3955-1 DSA-3944-1 DSA-3922-1 DLA-1043-1}
- - mariadb-10.2
+ - mariadb-10.2 (bug #884065)
- mariadb-10.1 10.1.26-1
- mariadb-10.0
- mysql-5.7 (bug #868798)
@@ -44581,7 +44581,7 @@
- mysql-5.5 (Only affects MySQL 5.7)
CVE-2017-3641 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-3955-1 DSA-3944-1 DSA-3922-1 DLA-1043-1}
- - mariadb-10.2
+ - mariadb-10.2 (bug #884065)
- mariadb-10.1 10.1.26-1
- mariadb-10.0
- mysql-5.7 (bug #868798)
@@ -44600,7 +44600,7 @@
- mysql-5.5 (Only affects MySQL 5.7)
CVE-2017-3636 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-3955-1 DSA-3944-1 DSA-3922-1 DLA-1043-1}
- - mariadb-10.2
+ - mariadb-10.2 (bug #884065)
- mariadb-10.1 10.1.26-1
- mariadb-10.0
- mysql-5.7 (Only affects MySQL 5.5 and 5.6)
@@ -45560,7 +45560,7 @@
- mysql-5.5 (bug #851233)
CVE-2017-3257 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-3770-1}
- - mariadb-10.2
+ - mariadb-10.2 (bug #884065)
- mariadb-10.1 10.1.21-1 (bug #851759)
- mariadb-10.0 (bug #851755)
[Secure-testing-commits] r58446 - data/CVE
Author: carnil
Date: 2017-12-11 06:22:18 + (Mon, 11 Dec 2017)
New Revision: 58446
Modified:
data/CVE/list
Log:
Add more mariadb-10.2 entries
Modified: data/CVE/list
===
--- data/CVE/list 2017-12-11 06:17:16 UTC (rev 58445)
+++ data/CVE/list 2017-12-11 06:22:18 UTC (rev 58446)
@@ -23833,6 +23833,7 @@
- glassfish (Vulnerable code not included, see bug
#853998)
CVE-2017-10384 (Vulnerability in the MySQL Server component of Oracle MySQL
...)
{DSA-4002-1 DLA-1141-1}
+ - mariadb-10.2
- mysql-5.7 5.7.20-1 (bug #878398)
- mysql-5.5 (bug #878402)
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
@@ -23846,6 +23847,7 @@
NOT-FOR-US: Java Advanced Management Console
CVE-2017-10379 (Vulnerability in the MySQL Server component of Oracle MySQL
...)
{DSA-4002-1 DLA-1141-1}
+ - mariadb-10.2
- mysql-5.7 5.7.20-1 (bug #878398)
- mysql-5.5 (bug #878402)
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
@@ -23886,6 +23888,7 @@
CVE-2017-10366 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools
component of ...)
NOT-FOR-US: Oracle
CVE-2017-10365 (Vulnerability in the MySQL Server component of Oracle MySQL
...)
+ - mariadb-10.2
- mysql-5.7 5.7.20-1 (bug #878398)
- mysql-5.5 (Only affects MySQL 5.7)
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
@@ -24030,6 +24033,7 @@
CVE-2017-10321 (Vulnerability in the Core RDBMS component of Oracle Database
Server. ...)
NOT-FOR-US: Oracle
CVE-2017-10320 (Vulnerability in the MySQL Server component of Oracle MySQL
...)
+ - mariadb-10.2
- mysql-5.7 5.7.20-1 (bug #878398)
- mysql-5.5 (Only affects MySQL 5.7)
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
@@ -24119,6 +24123,7 @@
CVE-2017-10287 (Vulnerability in the PeopleSoft Enterprise FSCM component of
Oracle ...)
NOT-FOR-US: Oracle
CVE-2017-10286 (Vulnerability in the MySQL Server component of Oracle MySQL
...)
+ - mariadb-10.2
- mysql-5.7 5.7.20-1 (bug #878398)
- mysql-5.5 (Only affects MySQL 5.6 and 5.7)
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
@@ -44533,6 +44538,7 @@
RESERVED
CVE-2017-3653 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-3955-1 DSA-3944-1 DSA-3922-1 DLA-1043-1}
+ - mariadb-10.2
- mariadb-10.1 10.1.26-1
- mariadb-10.0
- mysql-5.7 (bug #868798)
@@ -44575,6 +44581,7 @@
- mysql-5.5 (Only affects MySQL 5.7)
CVE-2017-3641 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-3955-1 DSA-3944-1 DSA-3922-1 DLA-1043-1}
+ - mariadb-10.2
- mariadb-10.1 10.1.26-1
- mariadb-10.0
- mysql-5.7 (bug #868798)
@@ -44593,6 +44600,7 @@
- mysql-5.5 (Only affects MySQL 5.7)
CVE-2017-3636 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-3955-1 DSA-3944-1 DSA-3922-1 DLA-1043-1}
+ - mariadb-10.2
- mariadb-10.1 10.1.26-1
- mariadb-10.0
- mysql-5.7 (Only affects MySQL 5.5 and 5.6)
@@ -45552,6 +45560,7 @@
- mysql-5.5 (bug #851233)
CVE-2017-3257 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-3770-1}
+ - mariadb-10.2
- mariadb-10.1 10.1.21-1 (bug #851759)
- mariadb-10.0 (bug #851755)
- mysql-5.7 5.7.17-1 (bug #851235)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58443 - in data: . DSA
Author: jmm
Date: 2017-12-10 21:38:33 + (Sun, 10 Dec 2017)
New Revision: 58443
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
thunderbird, firefox DSA
Modified: data/DSA/list
===
--- data/DSA/list 2017-12-10 21:10:17 UTC (rev 58442)
+++ data/DSA/list 2017-12-10 21:38:33 UTC (rev 58443)
@@ -1,3 +1,11 @@
+[10 Dec 2017] DSA-4062-1 firefox-esr - security update
+ {CVE-2017-7843}
+ [jessie] - firefox-esr 52.5.2esr-1~deb8u1
+ [stretch] - firefox-esr 52.5.2esr-1~deb9u1
+[10 Dec 2017] DSA-4061-1 thunderbird - security update
+ {CVE-2017-7826 CVE-2017-7828 CVE-2017-7830}
+ [jessie] - thunderbird 1:52.5.0-1~deb8u1
+ [stretch] - thunderbird 1:52.5.0-1~deb9u1
[09 Dec 2017] DSA-4060-1 wireshark - security update
{CVE-2017-11408 CVE-2017-17083 CVE-2017-17084 CVE-2017-17085}
[jessie] - wireshark 1.12.1+g01b65bf-4+deb8u12
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2017-12-10 21:10:17 UTC (rev 58442)
+++ data/dsa-needed.txt 2017-12-10 21:38:33 UTC (rev 58443)
@@ -18,8 +18,6 @@
--
chromium-browser
--
-firefox-esr (jmm)
---
graphicsmagick
--
libav/oldstable
@@ -80,8 +78,6 @@
tiff
wait until more issues are around
--
-thunderbird (jmm)
---
wordpress
--
xen/oldstable
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58442 - data/CVE
Author: sectracker
Date: 2017-12-10 21:10:17 + (Sun, 10 Dec 2017)
New Revision: 58442
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2017-12-10 20:35:06 UTC (rev 58441)
+++ data/CVE/list 2017-12-10 21:10:17 UTC (rev 58442)
@@ -1,4 +1,4 @@
-CVE-2017-17484 [ucnv_convertEx() UTF-8->UTF-8 buffer overflow]
+CVE-2017-17484 (The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International
...)
[experimental] - icu 60.2-1
- icu
NOTE: https://ssl.icu-project.org/trac/ticket/13510
@@ -5169,7 +5169,7 @@
- swauth 1.2.0-4 (bug #882314)
NOTE: https://bugs.launchpad.net/swift/+bug/1655781
CVE-2017-16612 (libXcursor before 1.1.15 has various integer overflows that
could lead ...)
- {DSA-4059-1}
+ {DSA-4059-1 DLA-1201-1}
- libxcursor (bug #883792)
NOTE: http://www.openwall.com/lists/oss-security/2017/11/28/6
NOTE:
https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8
@@ -30958,6 +30958,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-27/#CVE-2017-7844
CVE-2017-7843
RESERVED
+ {DLA-1202-1}
- firefox 57.0.1-1
- firefox-esr 52.5.2esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-27/#CVE-2017-7843
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58441 - data
Author: lamby Date: 2017-12-10 20:35:06 + (Sun, 10 Dec 2017) New Revision: 58441 Modified: data/dla-needed.txt Log: Claim evince in data/dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-12-10 20:19:22 UTC (rev 58440) +++ data/dla-needed.txt 2017-12-10 20:35:06 UTC (rev 58441) @@ -22,7 +22,7 @@ erlang NOTE: 20171210, email send to maintainers -- -evince +evince (Chris Lamb) NOTE: 20171210, email send to maintainers -- icu (Roberto C. Sánchez) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58440 - data
Author: roberto Date: 2017-12-10 20:19:22 + (Sun, 10 Dec 2017) New Revision: 58440 Modified: data/dla-needed.txt Log: Claim icu and mercurial in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-12-10 19:58:28 UTC (rev 58439) +++ data/dla-needed.txt 2017-12-10 20:19:22 UTC (rev 58440) @@ -25,7 +25,7 @@ evince NOTE: 20171210, email send to maintainers -- -icu +icu (Roberto C. Sánchez) -- irssi (Rhonda D'Vine) -- @@ -63,7 +63,7 @@ -- linux -- -mercurial +mercurial (Roberto C. Sánchez) -- ming (Hugo Lefeuvre) NOTE: 20171120: wip, currently working on it with upstream, might take a while ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58439 - data/CVE
Author: carnil Date: 2017-12-10 19:58:28 + (Sun, 10 Dec 2017) New Revision: 58439 Modified: data/CVE/list Log: Add CVE-2017-17484/icu Modified: data/CVE/list === --- data/CVE/list 2017-12-10 19:47:31 UTC (rev 58438) +++ data/CVE/list 2017-12-10 19:58:28 UTC (rev 58439) @@ -1,3 +1,11 @@ +CVE-2017-17484 [ucnv_convertEx() UTF-8->UTF-8 buffer overflow] + [experimental] - icu 60.2-1 + - icu + NOTE: https://ssl.icu-project.org/trac/ticket/13510 + NOTE: https://ssl.icu-project.org/trac/ticket/13490 + NOTE: Fixed by: https://ssl.icu-project.org/trac/changeset/40714 + NOTE: Testcase: https://ssl.icu-project.org/trac/changeset/40715 + NOTE: POC: https://ssl.icu-project.org/trac/attachment/ticket/13490/poc.cpp CVE-2017-17483 RESERVED CVE-2017-17482 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58438 - doc
Author: carnil Date: 2017-12-10 19:47:31 + (Sun, 10 Dec 2017) New Revision: 58438 Modified: doc/README.releases Log: distributions.json: Document fact to update information on release time Modified: doc/README.releases === --- doc/README.releases 2017-12-10 19:47:29 UTC (rev 58437) +++ doc/README.releases 2017-12-10 19:47:31 UTC (rev 58438) @@ -8,6 +8,7 @@ [ ] bin/add-dsa-needed.sh [ ] bin/tracker_data.py [ ] Update security-team.debian.org pages +[ ] Update support information in static/distributions.json Security Tracker code - ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58437 - bin
Author: carnil
Date: 2017-12-10 19:47:29 + (Sun, 10 Dec 2017)
New Revision: 58437
Modified:
bin/tracker_service.py
Log:
Register distributions.json static file
Modified: bin/tracker_service.py
===
--- bin/tracker_service.py 2017-12-10 19:47:28 UTC (rev 58436)
+++ bin/tracker_service.py 2017-12-10 19:47:29 UTC (rev 58437)
@@ -180,6 +180,7 @@
self.register('data/report', self.page_report)
self.register('style.css', self.page_style_css)
self.register('logo.png', self.page_logo_png)
+self.register('distributions.json', self.page_distributions_json)
self.register('script.js', self.page_script_js)
def page_style_css(self, path, params, url):
@@ -194,6 +195,12 @@
f.close()
return BinaryResult(content,'image/png')
+def page_distributions_json(self, path, params, url):
+f=open('../static/distributions.json', 'r')
+content=f.read()
+f.close()
+return BinaryResult(content,'application/json')
+
def page_script_js(self, path, params, url):
f=open('../static/script.js', 'r')
content=f.read()
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58436 - static
Author: carnil
Date: 2017-12-10 19:47:28 + (Sun, 10 Dec 2017)
New Revision: 58436
Added:
static/distributions.json
Log:
Add distributions.json static file with mapping from codename to support and
versions
Cf. #878088
Added: static/distributions.json
===
--- static/distributions.json (rev 0)
+++ static/distributions.json 2017-12-10 19:47:28 UTC (rev 58436)
@@ -0,0 +1,22 @@
+{
+ "wheezy": {
+"major-version": "7",
+"support": "lts"
+ },
+ "jessie": {
+"major-version": "8",
+"support": "security"
+ },
+ "stretch": {
+"major-version": "9",
+"support": "security"
+ },
+ "buster": {
+"major-version": "10",
+"support": "none"
+ },
+ "bullseye": {
+"major-version": "11",
+"support": "none"
+ }
+}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58435 - data/CVE
Author: carnil Date: 2017-12-10 19:43:02 + (Sun, 10 Dec 2017) New Revision: 58435 Modified: data/CVE/list Log: Add fixing version for CVE-2016-6170/bind9 Modified: data/CVE/list === --- data/CVE/list 2017-12-10 19:00:18 UTC (rev 58434) +++ data/CVE/list 2017-12-10 19:43:02 UTC (rev 58435) @@ -64876,7 +64876,7 @@ NOTE: https://gitlab.labs.nic.cz/labs/knot/merge_requests/541 NOTE: https://gitlab.labs.nic.cz/labs/knot/issues/464 CVE-2016-6170 (ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x ...) - - bind9 (unimportant; bug #830810) + - bind9 1:9.10.6+dfsg-1 (unimportant; bug #830810) NOTE: Not fixed upstream, proposed patches below are unofficial: NOTE: Fixed by https://github.com/sischkg/xfer-limit/blob/master/bind-9.10.3-xfer-limit-0.0.1.patch NOTE: Fixed by https://github.com/sischkg/xfer-limit/blob/master/bind-9.9.9-P1-xfer-limit-0.0.1.patch ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58434 - data
Author: alteholz Date: 2017-12-10 19:00:18 + (Sun, 10 Dec 2017) New Revision: 58434 Modified: data/dla-needed.txt Log: add evince Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-12-10 18:58:36 UTC (rev 58433) +++ data/dla-needed.txt 2017-12-10 19:00:18 UTC (rev 58434) @@ -22,6 +22,9 @@ erlang NOTE: 20171210, email send to maintainers -- +evince + NOTE: 20171210, email send to maintainers +-- icu -- irssi (Rhonda D'Vine) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58433 - data
Author: alteholz Date: 2017-12-10 18:58:36 + (Sun, 10 Dec 2017) New Revision: 58433 Modified: data/dla-needed.txt Log: add icu Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-12-10 18:58:07 UTC (rev 58432) +++ data/dla-needed.txt 2017-12-10 18:58:36 UTC (rev 58433) @@ -22,6 +22,8 @@ erlang NOTE: 20171210, email send to maintainers -- +icu +-- irssi (Rhonda D'Vine) -- jasperreports ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58432 - data
Author: alteholz Date: 2017-12-10 18:58:07 + (Sun, 10 Dec 2017) New Revision: 58432 Modified: data/dla-needed.txt Log: add mercurial Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-12-10 18:55:51 UTC (rev 58431) +++ data/dla-needed.txt 2017-12-10 18:58:07 UTC (rev 58432) @@ -58,6 +58,8 @@ -- linux -- +mercurial +-- ming (Hugo Lefeuvre) NOTE: 20171120: wip, currently working on it with upstream, might take a while NOTE: Some issues currently in upstream's bug tracker are missing a CVE number, so number of issues might increase in the next weeks ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58431 - data
Author: alteholz Date: 2017-12-10 18:55:51 + (Sun, 10 Dec 2017) New Revision: 58431 Modified: data/dla-needed.txt Log: add openssl Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-12-10 18:52:28 UTC (rev 58430) +++ data/dla-needed.txt 2017-12-10 18:55:51 UTC (rev 58431) @@ -76,6 +76,8 @@ openafs NOTE: 20171210, email send to maintainers -- +openssl (Kurt Roeckx) +-- otrs2 (Emilio Pozuelo) -- qemu (Guido Günther) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58430 - data
Author: alteholz Date: 2017-12-10 18:52:28 + (Sun, 10 Dec 2017) New Revision: 58430 Modified: data/dla-needed.txt Log: add erlang Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-12-10 18:50:28 UTC (rev 58429) +++ data/dla-needed.txt 2017-12-10 18:52:28 UTC (rev 58430) @@ -19,6 +19,9 @@ couchdb NOTE: Only in wheezy, we are on our own. -- +erlang + NOTE: 20171210, email send to maintainers +-- irssi (Rhonda D'Vine) -- jasperreports ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58429 - data
Author: alteholz Date: 2017-12-10 18:50:28 + (Sun, 10 Dec 2017) New Revision: 58429 Modified: data/dla-needed.txt Log: add openafs Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-12-10 18:42:16 UTC (rev 58428) +++ data/dla-needed.txt 2017-12-10 18:50:28 UTC (rev 58429) @@ -70,6 +70,9 @@ NOTE: github). Pinged sourceforge project owner with sourceforge's NOTE: integrated messaging feature. -- Raphaël Hertzog -- +openafs + NOTE: 20171210, email send to maintainers +-- otrs2 (Emilio Pozuelo) -- qemu (Guido Günther) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58428 - data
Author: alteholz Date: 2017-12-10 18:42:16 + (Sun, 10 Dec 2017) New Revision: 58428 Modified: data/dla-needed.txt Log: add asterisk Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-12-10 16:35:22 UTC (rev 58427) +++ data/dla-needed.txt 2017-12-10 18:42:16 UTC (rev 58428) @@ -10,6 +10,8 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues -- +asterisk +-- ca-certificates NOTE: 20170719: maintainer will handle the upload, see https://lists.debian.org/d0b9674a-ac5b-5cc9-1982-fb6f36155...@pbandjelly.org NOTE: 20171013: anarcat pinged maintainer: https://lists.debian.org/87efpuc95w@curie.anarc.at ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58427 - data/CVE
Author: carnil Date: 2017-12-10 16:35:22 + (Sun, 10 Dec 2017) New Revision: 58427 Modified: data/CVE/list Log: Add commits for CVE-2017-17458/mercurial Modified: data/CVE/list === --- data/CVE/list 2017-12-10 16:24:13 UTC (rev 58426) +++ data/CVE/list 2017-12-10 16:35:22 UTC (rev 58427) @@ -181,6 +181,8 @@ NOTE: https://bz.mercurial-scm.org/show_bug.cgi?id=5730 NOTE: https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-November/107333.html NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.4.1_.282017-11-07.29 + NOTE: Fixed by: https://mercurial-scm.org/repo/hg/rev/071cbeba4212 + NOTE: Alternative workaround: https://mercurial-scm.org/repo/hg/rev/5e27afeddaee CVE-2017-1002102 RESERVED CVE-2017-1002101 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58426 - data/CVE
Author: carnil Date: 2017-12-10 16:24:13 + (Sun, 10 Dec 2017) New Revision: 58426 Modified: data/CVE/list Log: Mark CVE-2017-15708 as NFU Modified: data/CVE/list === --- data/CVE/list 2017-12-10 15:14:26 UTC (rev 58425) +++ data/CVE/list 2017-12-10 16:24:13 UTC (rev 58426) @@ -7715,6 +7715,7 @@ RESERVED CVE-2017-15708 RESERVED + NOT-FOR-US: Apache Synapse CVE-2017-15707 (In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated ...) - libstruts1.2-java (Specific to 2.x) CVE-2017-15706 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58425 - data/CVE
Author: alteholz Date: 2017-12-10 15:14:26 + (Sun, 10 Dec 2017) New Revision: 58425 Modified: data/CVE/list Log: follow security team with CVE-2017-17042 Modified: data/CVE/list === --- data/CVE/list 2017-12-10 15:13:55 UTC (rev 58424) +++ data/CVE/list 2017-12-10 15:14:26 UTC (rev 58425) @@ -2301,6 +2301,7 @@ - yard 0.9.12-1 [stretch] - yard (Minor issue) [jessie] - yard (Minor issue) + [wheezy] - yard (Minor issue) NOTE: Fixed by: https://github.com/lsegal/yard/commit/b0217b3e30dc53d057b168250635975e62b4 (0.9.11) CVE-2017-17041 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58424 - data/CVE
Author: alteholz Date: 2017-12-10 15:13:55 + (Sun, 10 Dec 2017) New Revision: 58424 Modified: data/CVE/list Log: follow security team with CVE-2017-17459 Modified: data/CVE/list === --- data/CVE/list 2017-12-10 15:13:16 UTC (rev 58423) +++ data/CVE/list 2017-12-10 15:13:55 UTC (rev 58424) @@ -174,6 +174,7 @@ - fossil 1:2.4-1 [stretch] - fossil (Minor issue) [jessie] - fossil (Minor issue) + [wheezy] - fossil (Minor issue) NOTE: https://www.fossil-scm.org/xfer/info/1f63db591c77108c CVE-2017-17458 (In Mercurial before 4.4.1, it is possible that a specially malformed ...) - mercurial 4.4.1-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58423 - data/CVE
Author: alteholz Date: 2017-12-10 15:13:16 + (Sun, 10 Dec 2017) New Revision: 58423 Modified: data/CVE/list Log: follow security team with CVE-2017-16816 Modified: data/CVE/list === --- data/CVE/list 2017-12-10 15:12:10 UTC (rev 58422) +++ data/CVE/list 2017-12-10 15:13:16 UTC (rev 58423) @@ -4621,6 +4621,7 @@ - condor 8.6.8~dfsg.1-1 [stretch] - condor (VOMS support disabled) [jessie] - condor (Minor issue) + [wheezy] - condor (Minor issue) NOTE: http://research.cs.wisc.edu/htcondor//security/vulnerabilities/HTCONDOR-2017-0001.html CVE-2017-16815 (installer.php in the Snap Creek Duplicator (WordPress Site Migration & ...) NOT-FOR-US: Snap Creek Duplicator (WordPress Site Migration & Backup) plugin for WordPress ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58422 - data
Author: alteholz Date: 2017-12-10 15:12:10 + (Sun, 10 Dec 2017) New Revision: 58422 Modified: data/dla-needed.txt Log: add linux again Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-12-10 13:20:25 UTC (rev 58421) +++ data/dla-needed.txt 2017-12-10 15:12:10 UTC (rev 58422) @@ -51,6 +51,8 @@ -- libxml2 (Thorsten Alteholz) -- +linux +-- ming (Hugo Lefeuvre) NOTE: 20171120: wip, currently working on it with upstream, might take a while NOTE: Some issues currently in upstream's bug tracker are missing a CVE number, so number of issues might increase in the next weeks ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58421 - data/CVE
Author: carnil Date: 2017-12-10 13:20:25 + (Sun, 10 Dec 2017) New Revision: 58421 Modified: data/CVE/list Log: Remove no-dsa entries for CVE-2017-16548 Modified: data/CVE/list === --- data/CVE/list 2017-12-10 13:08:14 UTC (rev 58420) +++ data/CVE/list 2017-12-10 13:20:25 UTC (rev 58421) @@ -5297,8 +5297,6 @@ RESERVED CVE-2017-16548 (The receive_xattr function in xattrs.c in rsync 3.1.2 and ...) - rsync (bug #880954) - [stretch] - rsync (Minor issue) - [jessie] - rsync (Minor issue) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13112 NOTE: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1 CVE-2017-16547 (The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58420 - data
Author: agx
Date: 2017-12-10 13:08:14 + (Sun, 10 Dec 2017)
New Revision: 58420
Modified:
data/dla-needed.txt
Log:
lts: Grab qemu{,-kvm}
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-12-10 13:05:23 UTC (rev 58419)
+++ data/dla-needed.txt 2017-12-10 13:08:14 UTC (rev 58420)
@@ -68,9 +68,9 @@
--
otrs2 (Emilio Pozuelo)
--
-qemu
+qemu (Guido Günther)
--
-qemu-kvm
+qemu-kvm (Guido Günther)
--
rsync (Thorsten Alteholz)
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58419 - data
Author: agx Date: 2017-12-10 13:05:23 + (Sun, 10 Dec 2017) New Revision: 58419 Modified: data/dla-needed.txt Log: lts: update swftools status Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-12-10 13:05:19 UTC (rev 58418) +++ data/dla-needed.txt 2017-12-10 13:05:23 UTC (rev 58419) @@ -86,6 +86,7 @@ -- swftools (Guido Günther) NOTE: 20171118: At least CVE-2017-16797 is present. (lamby) + NOTE: 20171210: likely to be turned into a pkg with limited sec support -- tiff (Brian May) NOTE: CVE-2017-9935: no upstream fix -- Brian May 2017-11-06 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58418 - data/CVE
Author: agx
Date: 2017-12-10 13:05:19 + (Sun, 10 Dec 2017)
New Revision: 58418
Modified:
data/CVE/list
Log:
Add PR to CVE-2017-14632
Modified: data/CVE/list
===
--- data/CVE/list 2017-12-10 13:05:07 UTC (rev 58417)
+++ data/CVE/list 2017-12-10 13:05:19 UTC (rev 58418)
@@ -10937,6 +10937,7 @@
[wheezy] - libvorbis (Vulnerable code not present)
NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2328
NOTE: https://github.com/xiph/vorbis/issues/29
+ NOTE: https://github.com/xiph/vorbis/pull/34
CVE-2017-14631 (In sam2p 0.49.3, the pcxLoadRaster function in in_pcx.cpp has
an ...)
{DLA-1127-1}
- sam2p (bug #876744)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58417 - data
Author: agx Date: 2017-12-10 13:05:07 + (Sun, 10 Dec 2017) New Revision: 58417 Modified: data/dla-needed.txt Log: lts: thunderbird released Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-12-10 12:08:42 UTC (rev 58416) +++ data/dla-needed.txt 2017-12-10 13:05:07 UTC (rev 58417) @@ -87,8 +87,6 @@ swftools (Guido Günther) NOTE: 20171118: At least CVE-2017-16797 is present. (lamby) -- -thunderbird (Guido Günther) --- tiff (Brian May) NOTE: CVE-2017-9935: no upstream fix -- Brian May 2017-11-06 NOTE: CVE-2017-11613: no upstream fix, "not a bug" according to RH -- anarcat 2017-10-24 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58416 - data
Author: sramacher Date: 2017-12-10 12:08:42 + (Sun, 10 Dec 2017) New Revision: 58416 Modified: data/embedded-code-copies Log: vlc 3.0.0~rc1~20171206-1 no longer uses embedded copy of ffmpeg Modified: data/embedded-code-copies === --- data/embedded-code-copies 2017-12-10 12:06:00 UTC (rev 58415) +++ data/embedded-code-copies 2017-12-10 12:08:42 UTC (rev 58416) @@ -366,7 +366,7 @@ ffmpeg (libavcodec/libavformat) - mplayer 1.0~rc2-14 (embed; bug #395252) - kino 1.0.0-1 - - vlc (embed; since 2.2.2-6 vlc uses ffmpeg 2.8.6, explanation in #803868) + - vlc 3.0.0~rc1~20171206-1 (embed; since 2.2.2-6 vlc uses ffmpeg 2.8.6, explanation in #803868) - smilutils 0.3.0-10 NOTE: smilutils likely fixed earlier, marking Etch's version as fixed - motion 3.1.19-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58415 - data/CVE
Author: jmm Date: 2017-12-10 12:06:00 + (Sun, 10 Dec 2017) New Revision: 58415 Modified: data/CVE/list Log: chromium fixed Modified: data/CVE/list === --- data/CVE/list 2017-12-10 11:16:14 UTC (rev 58414) +++ data/CVE/list 2017-12-10 12:06:00 UTC (rev 58415) @@ -8384,27 +8384,27 @@ RESERVED CVE-2017-15427 RESERVED - - chromium-browser + - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15426 RESERVED - - chromium-browser + - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15425 RESERVED - - chromium-browser + - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15424 RESERVED - - chromium-browser + - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15423 RESERVED - - chromium-browser + - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15422 [integer overflow in icu] @@ -8415,39 +8415,39 @@ RESERVED CVE-2017-15420 RESERVED - - chromium-browser + - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15419 RESERVED - - chromium-browser + - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15418 RESERVED - - chromium-browser + - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15417 RESERVED - - chromium-browser + - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15416 RESERVED - - chromium-browser + - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15415 RESERVED - - chromium-browser + - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15414 RESERVED CVE-2017-15413 RESERVED - - chromium-browser + - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15412 [use after free] @@ -8458,27 +8458,27 @@ NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=0f3b843b3534784ef57a4f9b874238aa1fda5a73 CVE-2017-15411 RESERVED - - chromium-browser + - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15410 RESERVED - - chromium-browser + - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15409 RESERVED - - chromium-browser + - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15408 RESERVED - - chromium-browser + - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15407 RESERVED - - chromium-browser + - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15406 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58414 - in data: . CVE
Author: jmm Date: 2017-12-10 11:16:14 + (Sun, 10 Dec 2017) New Revision: 58414 Modified: data/CVE/list data/dsa-needed.txt Log: further stable triage Modified: data/CVE/list === --- data/CVE/list 2017-12-10 11:14:57 UTC (rev 58413) +++ data/CVE/list 2017-12-10 11:16:14 UTC (rev 58414) @@ -4619,7 +4619,7 @@ CVE-2017-16816 [A user can cause the condor_schedd to crash by submitting a job designed for that purpose] RESERVED - condor 8.6.8~dfsg.1-1 - [stretch] - condor (Minor issue) + [stretch] - condor (VOMS support disabled) [jessie] - condor (Minor issue) NOTE: http://research.cs.wisc.edu/htcondor//security/vulnerabilities/HTCONDOR-2017-0001.html CVE-2017-16815 (installer.php in the Snap Creek Duplicator (WordPress Site Migration & ...) @@ -9023,6 +9023,8 @@ NOT-FOR-US: Tiandy IP cameras CVE-2017-15235 (The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 ...) - php-horde-gollem 3.0.12-1 + [stretch] - php-horde-gollem (Minor issue) + [jessie] - php-horde-gollem (Minor issue) NOTE: https://blogs.securiteam.com/index.php/archives/3454 NOTE: https://lists.horde.org/archives/announce/2017/001260.html NOTE: https://github.com/horde/gollem/commit/416249efa0fb9e98b596783565258806542a2c51 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-12-10 11:14:57 UTC (rev 58413) +++ data/dsa-needed.txt 2017-12-10 11:16:14 UTC (rev 58414) @@ -25,6 +25,8 @@ libav/oldstable We can ship the next libav 11.x point release when available -- +libidn +-- libvpx/oldstable -- linux ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58413 - in data: . DLA
Author: pochu
Date: 2017-12-10 11:14:57 + (Sun, 10 Dec 2017)
New Revision: 58413
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-1202-1 for firefox-esr
Modified: data/DLA/list
===
--- data/DLA/list 2017-12-10 11:05:36 UTC (rev 58412)
+++ data/DLA/list 2017-12-10 11:14:57 UTC (rev 58413)
@@ -1,3 +1,6 @@
+[10 Dec 2017] DLA-1202-1 firefox-esr - security update
+ {CVE-2017-7843}
+ [wheezy] - firefox-esr 52.5.2esr-1~deb7u1
[10 Dec 2017] DLA-1201-1 libxcursor - security update
{CVE-2017-16612}
[wheezy] - libxcursor 1:1.1.13-1+deb7u2
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-12-10 11:05:36 UTC (rev 58412)
+++ data/dla-needed.txt 2017-12-10 11:14:57 UTC (rev 58413)
@@ -17,8 +17,6 @@
couchdb
NOTE: Only in wheezy, we are on our own.
--
-firefox-esr (Emilio Pozuelo)
---
irssi (Rhonda D'Vine)
--
jasperreports
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58412 - in data: . DLA
Author: pochu
Date: 2017-12-10 11:05:36 + (Sun, 10 Dec 2017)
New Revision: 58412
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-1201-1 for libxcursor
Modified: data/DLA/list
===
--- data/DLA/list 2017-12-10 09:28:13 UTC (rev 58411)
+++ data/DLA/list 2017-12-10 11:05:36 UTC (rev 58412)
@@ -1,3 +1,6 @@
+[10 Dec 2017] DLA-1201-1 libxcursor - security update
+ {CVE-2017-16612}
+ [wheezy] - libxcursor 1:1.1.13-1+deb7u2
[09 Dec 2017] DLA-1200-1 linux - security update
{CVE-2016-10208 CVE-2017-8824 CVE-2017-8831 CVE-2017-12190
CVE-2017-13080 CVE-2017-14051 CVE-2017-15115 CVE-2017-15265 CVE-2017-15299
CVE-2017-15649 CVE-2017-15868 CVE-2017-16525 CVE-2017-16527 CVE-2017-16529
CVE-2017-16531 CVE-2017-16532 CVE-2017-16533 CVE-2017-16535 CVE-2017-16536
CVE-2017-16537 CVE-2017-16643 CVE-2017-16649 CVE-2017-16939 CVE-2017-1000407}
[wheezy] - linux 3.2.96-1
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-12-10 09:28:13 UTC (rev 58411)
+++ data/dla-needed.txt 2017-12-10 11:05:36 UTC (rev 58412)
@@ -49,8 +49,6 @@
NOTE: theora and sox. Awaiting feedback. Underlying reason for CVE-2017-14160
NOTE: unclear.
--
-libxcursor (Emilio Pozuelo)
---
libxfont (Emilio Pozuelo)
--
libxml2 (Thorsten Alteholz)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58411 - data/CVE
Author: carnil Date: 2017-12-10 09:28:13 + (Sun, 10 Dec 2017) New Revision: 58411 Modified: data/CVE/list Log: Mark CVE-2017-16241 as NFU Modified: data/CVE/list === --- data/CVE/list 2017-12-10 09:10:18 UTC (rev 58410) +++ data/CVE/list 2017-12-10 09:28:13 UTC (rev 58411) @@ -6109,7 +6109,7 @@ [jessie] - libcatalyst-plugin-static-simple-perl (Minor issue) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=120558 CVE-2017-16241 (Incorrect access control in AMAG Symmetry Door Edge Network Controllers ...) - TODO: check + NOT-FOR-US: AMAG Symmetry Door Edge Network Controllers CVE-2017-16240 RESERVED CVE-2017-17051 (An issue was discovered in the default FilterScheduler in OpenStack ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58410 - data/CVE
Author: sectracker Date: 2017-12-10 09:10:18 + (Sun, 10 Dec 2017) New Revision: 58410 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-10 07:19:30 UTC (rev 58409) +++ data/CVE/list 2017-12-10 09:10:18 UTC (rev 58410) @@ -1,3 +1,5 @@ +CVE-2017-17483 + RESERVED CVE-2017-17482 RESERVED CVE-2017-17481 @@ -6106,8 +6108,8 @@ [stretch] - libcatalyst-plugin-static-simple-perl (Minor issue) [jessie] - libcatalyst-plugin-static-simple-perl (Minor issue) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=120558 -CVE-2017-16241 - RESERVED +CVE-2017-16241 (Incorrect access control in AMAG Symmetry Door Edge Network Controllers ...) + TODO: check CVE-2017-16240 RESERVED CVE-2017-17051 (An issue was discovered in the default FilterScheduler in OpenStack ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
