[Secure-testing-commits] r58857 - data/CVE
Author: carnil Date: 2017-12-23 07:33:21 + (Sat, 23 Dec 2017) New Revision: 58857 Modified: data/CVE/list Log: Add linux issues Modified: data/CVE/list === --- data/CVE/list 2017-12-23 07:01:28 UTC (rev 58856) +++ data/CVE/list 2017-12-23 07:33:21 UTC (rev 58857) @@ -1,3 +1,39 @@ +CVE-2017-17857 [bpf: fix missing error return in check_stack_boundary()] + - linux 4.14.7-1 + [stretch] - linux (Vulnerable code introdued later) + [jessie] - linux (Vulnerable code introdued later) + [wheezy] - linux (Vulnerable code introdued later) + NOTE: Fixed by: https://git.kernel.org/linus/ea25f914dc164c8d56b36147ecc86bc65f83c469 +CVE-2017-17856 [bpf: force strict alignment checks for stack pointers] + - linux 4.14.7-1 + [stretch] - linux (Vulnerable code introdued later) + [jessie] - linux (Vulnerable code introdued later) + [wheezy] - linux (Vulnerable code introdued later) + NOTE: Fixed by: https://git.kernel.org/linus/a5ec6ae161d72f01411169a938fa5f8baea16e8f +CVE-2017-17855 [bpf: don't prune branches when a scalar is replaced with a pointer] + - linux 4.14.7-1 + [stretch] - linux (Vulnerable code introdued later) + [jessie] - linux (Vulnerable code introdued later) + [wheezy] - linux (Vulnerable code introdued later) + NOTE: Fixed by: https://git.kernel.org/linus/179d1c5602997fef5a940c6ddcf31212cbfebd14 +CVE-2017-17854 [bpf: fix integer overflows] + - linux 4.14.7-1 + [stretch] - linux (Vulnerable code introdued later) + [jessie] - linux (Vulnerable code introdued later) + [wheezy] - linux (Vulnerable code introdued later) + NOTE: Fixed by: https://git.kernel.org/linus/bb7f0f989ca7de1153bd128a40a71709e339fa03 +CVE-2017-17853 [bpf/verifier: fix bounds calculation on BPF_RSH] + - linux 4.14.7-1 + [stretch] - linux (Vulnerable code introdued later) + [jessie] - linux (Vulnerable code introdued later) + [wheezy] - linux (Vulnerable code introdued later) + NOTE: Fixed by: https://git.kernel.org/linus/4374f256ce8182019353c0c639bb8d0695b4c941 +CVE-2017-17852 [bpf: fix 32-bit ALU op verification] + - linux 4.14.7-1 + [stretch] - linux (Vulnerable code introdued later) + [jessie] - linux (Vulnerable code introdued later) + [wheezy] - linux (Vulnerable code introdued later) + NOTE: Fixed by: https://git.kernel.org/linus/468f6eafa6c44cb2c5d8aad35e12f06c240a812a CVE-2017-17842 RESERVED CVE-2017-17841 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58856 - data/CVE
Author: carnil Date: 2017-12-23 07:01:28 + (Sat, 23 Dec 2017) New Revision: 58856 Modified: data/CVE/list Log: Add CVE-2017-17485 Modified: data/CVE/list === --- data/CVE/list 2017-12-22 23:09:22 UTC (rev 58855) +++ data/CVE/list 2017-12-23 07:01:28 UTC (rev 58856) @@ -5479,6 +5479,8 @@ RESERVED CVE-2017-17485 RESERVED + - jackson-databind (Specific incomplete fixes for some Red Hat packages) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1528565#c0 CVE-2017-17484 (The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International ...) [experimental] - icu 60.2-1 - icu ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58855 - in data: . DLA
Author: alteholz Date: 2017-12-22 23:09:22 + (Fri, 22 Dec 2017) New Revision: 58855 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-1218-1 for rsync Modified: data/DLA/list === --- data/DLA/list 2017-12-22 22:43:17 UTC (rev 58854) +++ data/DLA/list 2017-12-22 23:09:22 UTC (rev 58855) @@ -1,3 +1,6 @@ +[23 Dec 2017] DLA-1218-1 rsync - security update + {CVE-2017-16548 CVE-2017-17433 CVE-2017-17434} + [wheezy] - rsync 3.0.9-4+deb7u1 [21 Dec 2017] DLA-1217-1 irssi - security update {CVE-2017-5193 CVE-2017-5194 CVE-2017-5356 CVE-2017-15227 CVE-2017-15228 CVE-2017-15721 CVE-2017-15722} [wheezy] - irssi 0.8.15-5+deb7u4 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-12-22 22:43:17 UTC (rev 58854) +++ data/dla-needed.txt 2017-12-22 23:09:22 UTC (rev 58855) @@ -67,8 +67,6 @@ python3.2 (Emilio Pozuelo) NOTE: webbrowser.py as binary is hard to exploit, but when using it as an import then it may be possible to trigger something. Should be fixed to be on the safe side even though it is not an urgent problem. -- -rsync (Thorsten Alteholz) --- rtpproxy NOTE: it's not clear to me if a fix is even possible. -- Raphaël Hertzog -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58853 - data/CVE
Author: carnil Date: 2017-12-22 22:43:13 + (Fri, 22 Dec 2017) New Revision: 58853 Modified: data/CVE/list Log: Add bug reference for CVE-2017-17840 Modified: data/CVE/list === --- data/CVE/list 2017-12-22 22:33:44 UTC (rev 58852) +++ data/CVE/list 2017-12-22 22:43:13 UTC (rev 58853) @@ -3,7 +3,7 @@ CVE-2017-17841 RESERVED CVE-2017-17840 (An issue was discovered in Open-iSCSI through 2.0.875. A local attacker ...) - - open-iscsi + - open-iscsi (bug #885021) [stretch] - open-iscsi (Minor issue) [jessie] - open-iscsi (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2017/12/13/2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58854 - data
Author: carnil Date: 2017-12-22 22:43:17 + (Fri, 22 Dec 2017) New Revision: 58854 Modified: data/dsa-needed.txt Log: Take linux from dsa-needed list Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-12-22 22:43:13 UTC (rev 58853) +++ data/dsa-needed.txt 2017-12-22 22:43:17 UTC (rev 58854) @@ -29,7 +29,7 @@ -- libxml2 (carnil) -- -linux +linux (benh, carnil) Wait until more issues have piled up -- openjpeg2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58852 - data/CVE
Author: carnil Date: 2017-12-22 22:33:44 + (Fri, 22 Dec 2017) New Revision: 58852 Modified: data/CVE/list Log: Update information for CVE-2017-17840/open-iscsi Modified: data/CVE/list === --- data/CVE/list 2017-12-22 22:25:18 UTC (rev 58851) +++ data/CVE/list 2017-12-22 22:33:44 UTC (rev 58852) @@ -4,8 +4,13 @@ RESERVED CVE-2017-17840 (An issue was discovered in Open-iSCSI through 2.0.875. A local attacker ...) - open-iscsi + [stretch] - open-iscsi (Minor issue) + [jessie] - open-iscsi (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2017/12/13/2 NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=1072312 + NOTE: Specfic CVE fixed by https://github.com/open-iscsi/open-iscsi/pull/72/commits/b9c33683bdc0aed28ffe31c3f3d50bf5cdf519ea + NOTE: But all of the commits in https://github.com/open-iscsi/open-iscsi/pull/72 + NOTE: should be applied. CVE-2017-17839 RESERVED CVE-2017-17838 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58851 - data/CVE
Author: carnil Date: 2017-12-22 22:25:18 + (Fri, 22 Dec 2017) New Revision: 58851 Modified: data/CVE/list Log: Add CVE-2017-17840/open-iscsi Modified: data/CVE/list === --- data/CVE/list 2017-12-22 21:10:13 UTC (rev 58850) +++ data/CVE/list 2017-12-22 22:25:18 UTC (rev 58851) @@ -3,7 +3,9 @@ CVE-2017-17841 RESERVED CVE-2017-17840 (An issue was discovered in Open-iSCSI through 2.0.875. A local attacker ...) - TODO: check + - open-iscsi + NOTE: http://www.openwall.com/lists/oss-security/2017/12/13/2 + NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=1072312 CVE-2017-17839 RESERVED CVE-2017-17838 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58850 - data/CVE
Author: sectracker Date: 2017-12-22 21:10:13 + (Fri, 22 Dec 2017) New Revision: 58850 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-22 20:17:24 UTC (rev 58849) +++ data/CVE/list 2017-12-22 21:10:13 UTC (rev 58850) @@ -1,5 +1,25 @@ -CVE-2017-17832 +CVE-2017-17842 RESERVED +CVE-2017-17841 + RESERVED +CVE-2017-17840 (An issue was discovered in Open-iSCSI through 2.0.875. A local attacker ...) + TODO: check +CVE-2017-17839 + RESERVED +CVE-2017-17838 + RESERVED +CVE-2017-17837 + RESERVED +CVE-2017-17836 + RESERVED +CVE-2017-17835 + RESERVED +CVE-2017-17834 + RESERVED +CVE-2017-17833 + RESERVED +CVE-2017-17832 (ServersCheck Monitoring Software before 14.2.3 is prone to a ...) + TODO: check CVE-2017- [Multiple Enigmail issues] - enigmail 2:1.9.9-1 [stretch] - enigmail 2:1.9.9-1~deb9u1 @@ -8325,8 +8345,8 @@ RESERVED CVE-2017-17011 RESERVED -CVE-2017-17010 - RESERVED +CVE-2017-17010 (Untrusted search path vulnerability in Content Manager Assistant for ...) + TODO: check CVE-2017-17009 RESERVED CVE-2017-17008 @@ -8359,15 +8379,13 @@ [wheezy] - eglibc (Minor issue) NOTE: Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=22625 NOTE: Proposed patch: https://sourceware.org/ml/libc-alpha/2017-12/msg00528.html -CVE-2017-16996 - RESERVED +CVE-2017-16996 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local ...) - linux 4.14.7-1 [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) [wheezy] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/0c17d1d2c61936401f4702e1846e2c19b200f958 -CVE-2017-16995 - RESERVED +CVE-2017-16995 (The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel ...) - linux 4.14.7-1 [jessie] - linux (Vulnerable code introduced later) [wheezy] - linux (Vulnerable code introduced later) @@ -10307,8 +10325,8 @@ RESERVED CVE-2017-16767 RESERVED -CVE-2017-16766 - RESERVED +CVE-2017-16766 (An improper access control vulnerability in synodsmnotify in Synology ...) + TODO: check CVE-2017-16765 (XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi. ...) NOT-FOR-US: D-Link CVE-2017-16764 (An exploitable vulnerability exists in the YAML parsing functionality ...) @@ -14306,50 +14324,50 @@ RESERVED CVE-2017-15329 RESERVED -CVE-2017-15328 - RESERVED +CVE-2017-15328 (Huawei HG8245H version earlier than V300R018C00SPC110 has an ...) + TODO: check CVE-2017-15327 RESERVED CVE-2017-15326 RESERVED CVE-2017-15325 RESERVED -CVE-2017-15324 - RESERVED +CVE-2017-15324 (Huawei S12700 V200R006C00, V200R007C00, V200R007C01, V200R007C20, ...) + TODO: check CVE-2017-15323 RESERVED -CVE-2017-15322 - RESERVED -CVE-2017-15321 - RESERVED -CVE-2017-15320 - RESERVED -CVE-2017-15319 - RESERVED -CVE-2017-15318 - RESERVED -CVE-2017-15317 - RESERVED -CVE-2017-15316 - RESERVED +CVE-2017-15322 (Some Huawei smartphones with software of BGO-L03C158B003CUSTC158D001 ...) + TODO: check +CVE-2017-15321 (Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an ...) + TODO: check +CVE-2017-15320 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, ...) + TODO: check +CVE-2017-15319 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, ...) + TODO: check +CVE-2017-15318 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, ...) + TODO: check +CVE-2017-15317 (AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR1200 ...) + TODO: check +CVE-2017-15316 (The GPU driver of Mate 9 Huawei smart phones with software before ...) + TODO: check CVE-2017-15315 RESERVED CVE-2017-15314 RESERVED -CVE-2017-15313 - RESERVED -CVE-2017-15312 - RESERVED -CVE-2017-15311 - RESERVED -CVE-2017-15310 - RESERVED -CVE-2017-15309 - RESERVED -CVE-2017-15308 - RESERVED -CVE-2017-15307 - RESERVED +CVE-2017-15313 (Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An ...) + TODO: check +CVE-2017-15312 (Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) ...) + TODO: check +CVE-2017-15311 (The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro ...) + TODO: check +CVE-2017-15310 (Huawei iReader app before 8.0.2.301 has an arbitrary file deletion ...) + TODO: check +CVE-2017-15309 (Huawei iReader app before 8.0.2.301 has a path traversal vulnerability ...) + TODO: check +CVE-2017-15308 (Huawei iR
[Secure-testing-commits] r58849 - data/CVE
Author: carnil Date: 2017-12-22 20:17:24 + (Fri, 22 Dec 2017) New Revision: 58849 Modified: data/CVE/list Log: Add bug reference for CVE-2017-17511 Modified: data/CVE/list === --- data/CVE/list 2017-12-22 19:50:23 UTC (rev 58848) +++ data/CVE/list 2017-12-22 20:17:24 UTC (rev 58849) @@ -5361,7 +5361,7 @@ NOTE: https://anonscm.debian.org/git/collab-maint/sensible-utils.git/commit/?id=e16c937c43126df7f08d355277f99dd94cc21ce5 CVE-2017-17511 (KildClient 3.1.0 does not validate strings before launching the program ...) {DLA-1210-1} - - kildclient + - kildclient (bug #885007) [stretch] - kildclient (Minor issue) [jessie] - kildclient (Minor issue) NOTE: https://sources.debian.org/src/kildclient/3.1.0-1/src/worldgui.c/?hl=1159#L1159 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58848 - data/CVE
Author: carnil Date: 2017-12-22 19:50:23 + (Fri, 22 Dec 2017) New Revision: 58848 Modified: data/CVE/list Log: Various linux CVEs fixed in unstable Modified: data/CVE/list === --- data/CVE/list 2017-12-22 17:32:05 UTC (rev 58847) +++ data/CVE/list 2017-12-22 19:50:23 UTC (rev 58848) @@ -158,13 +158,13 @@ CVE-2018-3560 RESERVED CVE-2017-17807 (The KEYS subsystem in the Linux kernel before 4.14.6 omitted an ...) - - linux + - linux 4.14.7-1 NOTE: Fixed by: https://git.kernel.org/linus/4dca6ea1d9432052afb06baf2e3ae78188a4410b (v4.15-rc3) CVE-2017-17806 (The HMAC implementation (crypto/hmac.c) in the Linux kernel before ...) - - linux + - linux 4.14.7-1 NOTE: Fixed by: https://git.kernel.org/linus/af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1 (v4.15-rc4) CVE-2017-17805 (The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does ...) - - linux + - linux 4.14.7-1 NOTE: Fixed by: https://git.kernel.org/linus/ecaaab5649781c5a0effdaf298a925063020500e (4.15-rc4) CVE-2017-17804 (In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows ...) NOT-FOR-US: IKARUS anti.virus @@ -340,7 +340,7 @@ CVE-2017-17742 RESERVED CVE-2017-17741 (The KVM implementation in the Linux kernel through 4.14.7 allows ...) - - linux + - linux 4.14.7-1 NOTE: https://www.spinics.net/lists/kvm/msg160796.html CVE-2017-17740 (contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both ...) - openldap (unimportant) @@ -408,7 +408,7 @@ CVE-2017-17713 (Trape before 2017-11-05 has SQL injection via the /nr red parameter, ...) NOT-FOR-US: Trape CVE-2017-17712 (The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel ...) - - linux + - linux 4.14.7-1 [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/8f659a03a0ba9289b9aeb9b4470e6fb263d6f483 @@ -5147,7 +5147,7 @@ - xen NOTE: https://xenbits.xen.org/xsa/advisory-248.html CVE-2017-17558 (The usb_destroy_configuration function in drivers/usb/core/config.c in ...) - - linux + - linux 4.14.7-1 NOTE: https://www.spinics.net/lists/linux-usb/msg163644.html NOTE: Fixed by: https://git.kernel.org/linus/48a4ff1c7bb5a32d2e396b03132d20d552c0eca7 CVE-2017-17557 @@ -5671,15 +5671,15 @@ CVE-2017-17451 (The WP Mailster plugin before 1.5.5 for WordPress has XSS in the ...) NOT-FOR-US: Wordpress plugin CVE-2017-17450 (net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not ...) - - linux + - linux 4.14.7-1 [wheezy] - linux (User namespaces not supported) NOTE: https://lkml.org/lkml/2017/12/5/982 CVE-2017-17449 (The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in ...) - - linux + - linux 4.14.7-1 [wheezy] - linux (Vulnerable code not present) NOTE: https://lkml.org/lkml/2017/12/5/950 CVE-2017-17448 (net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 ...) - - linux + - linux 4.14.7-1 [wheezy] - linux (User namespaces not supported) NOTE: https://patchwork.kernel.org/patch/10089373/ CVE-2018-1280 @@ -5956,7 +5956,7 @@ NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=34697694e8a93b325b18f25f7dcded55d6baeaf6 NOTE: The upload of 2.26-0experimental2 to experimental fixed the issue (cf. #883729). CVE-2017-1000410 (The Linux kernel version 3.3-rc1 and later is affected by a ...) - - linux + - linux 4.14.7-1 [wheezy] - linux (Vulnerable code introduced in 3.3) NOTE: http://www.openwall.com/lists/oss-security/2017/12/06/3 CVE-2017-1000409 [buffer overflow] @@ -8361,14 +8361,14 @@ NOTE: Proposed patch: https://sourceware.org/ml/libc-alpha/2017-12/msg00528.html CVE-2017-16996 RESERVED - - linux + - linux 4.14.7-1 [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) [wheezy] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/0c17d1d2c61936401f4702e1846e2c19b200f958 CVE-2017-16995 RESERVED - - linux + - linux 4.14.7-1 [jessie] - linux (Vulnerable code introduced later) [wheezy] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/95a762e2c8c942780948091f8f2a4f32fce1ac6f @@ -9503,7 +9503,7 @@ RESERVED CVE-2017-1000407 (The Linux Kernel 2.6.32 and later are affected by a denial of service, ...) {DLA-1200-1} - - linux + - linux 4.14.7-1 NOTE: https://www.spinics.net/lists/kvm/msg159809.html CVE-2017-1000406 (OpenDaylight Kara
[Secure-testing-commits] r58847 - data
Author: pochu Date: 2017-12-22 17:32:05 + (Fri, 22 Dec 2017) New Revision: 58847 Modified: data/dla-needed.txt Log: dla: claim enigmail Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-12-22 16:11:11 UTC (rev 58846) +++ data/dla-needed.txt 2017-12-22 17:32:05 UTC (rev 58847) @@ -19,7 +19,7 @@ couchdb NOTE: Only in wheezy, we are on our own. -- -enigmail +enigmail (Emilio Pozuelo) NOTE: we should backport 2:1.9.9-1 just like in jessie/stretch. -- gimp (Emilio Pozuelo) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58846 - data/CVE
Author: carnil Date: 2017-12-22 16:11:11 + (Fri, 22 Dec 2017) New Revision: 58846 Modified: data/CVE/list Log: Fix for CVE-2017-17405 for ruby2.3 is inclueed in new upstream version 2.3.6 Modified: data/CVE/list === --- data/CVE/list 2017-12-22 13:53:30 UTC (rev 58845) +++ data/CVE/list 2017-12-22 16:11:11 UTC (rev 58846) @@ -6101,7 +6101,7 @@ RESERVED CVE-2017-17405 (Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, ...) - ruby2.5 (bug #884437) - - ruby2.3 (bug #884438) + - ruby2.3 2.3.6-1 (bug #884438) [stretch] - ruby2.3 (Minor issue, can be fixed along in a future update) - ruby2.1 - ruby1.9.1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58845 - data/CVE
Author: carnil Date: 2017-12-22 13:53:30 + (Fri, 22 Dec 2017) New Revision: 58845 Modified: data/CVE/list Log: Add fixes for CVE-2017-17785/gimp Modified: data/CVE/list === --- data/CVE/list 2017-12-22 12:27:38 UTC (rev 58844) +++ data/CVE/list 2017-12-22 13:53:30 UTC (rev 58845) @@ -266,6 +266,8 @@ CVE-2017-17785 (In GIMP 2.8.22, there is a heap-based buffer overflow in the ...) - gimp (bug #884836) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=739133 + NOTE: https://git.gnome.org/browse/gimp/commit/?id=edb251a7ef1602d20a5afcbf23f24afb163de63b (master) + NOTE: https://git.gnome.org/browse/gimp/commit/?id=1882bac996a20ab5c15c42b0c5e8f49033a1af54 (gimp-2-8) NOTE: Can be reproduced (at least in wheezy) with "valgrind --trace-children=yes gimp " CVE-2017-17786 (In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in ...) - gimp (unimportant; bug #884862) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58844 - data/CVE
Author: carnil Date: 2017-12-22 12:27:38 + (Fri, 22 Dec 2017) New Revision: 58844 Modified: data/CVE/list Log: Add tag information for CVE-2017-17819 Modified: data/CVE/list === --- data/CVE/list 2017-12-22 12:26:36 UTC (rev 58843) +++ data/CVE/list 2017-12-22 12:27:38 UTC (rev 58844) @@ -36,8 +36,7 @@ CVE-2017-17819 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access ...) - nasm 2.13.02-0.1 NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392435 - NOTE: http://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af - TODO: check + NOTE: http://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af (nasm-2.13.02rc3) CVE-2017-17818 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer ...) - nasm 2.13.02-0.1 NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392428 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58843 - data/CVE
Author: carnil Date: 2017-12-22 12:26:36 + (Fri, 22 Dec 2017) New Revision: 58843 Modified: data/CVE/list Log: Add tag information for CVE-2017-17815 Modified: data/CVE/list === --- data/CVE/list 2017-12-22 12:25:34 UTC (rev 58842) +++ data/CVE/list 2017-12-22 12:26:36 UTC (rev 58843) @@ -52,9 +52,8 @@ TODO: check CVE-2017-17815 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access ...) - nasm 2.13.02-0.1 - NOTE: http://repo.or.cz/nasm.git/commit/c9244eaadd05b27637cde06021bac3fa1d920aa3 + NOTE: http://repo.or.cz/nasm.git/commit/c9244eaadd05b27637cde06021bac3fa1d920aa3 (nasm-2.13.02rc3) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392436 - TODO: check CVE-2017-17814 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in ...) - nasm 2.13.02-0.1 NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392430 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58842 - data/CVE
Author: carnil Date: 2017-12-22 12:25:34 + (Fri, 22 Dec 2017) New Revision: 58842 Modified: data/CVE/list Log: CVE-2017-17812: update tag information Modified: data/CVE/list === --- data/CVE/list 2017-12-22 12:24:19 UTC (rev 58841) +++ data/CVE/list 2017-12-22 12:25:34 UTC (rev 58842) @@ -65,9 +65,8 @@ TODO: check CVE-2017-17812 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer ...) - nasm 2.13.02-0.1 - NOTE: http://repo.or.cz/nasm.git/commit/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9 + NOTE: http://repo.or.cz/nasm.git/commit/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9 (nasm-2.13.02rc3) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392424 - TODO: check CVE-2017-17811 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer ...) - nasm 2.13.02-0.1 NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392432 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58841 - data/CVE
Author: carnil Date: 2017-12-22 12:24:19 + (Fri, 22 Dec 2017) New Revision: 58841 Modified: data/CVE/list Log: CVE-2017-17810 checked Modified: data/CVE/list === --- data/CVE/list 2017-12-22 12:02:23 UTC (rev 58840) +++ data/CVE/list 2017-12-22 12:24:19 UTC (rev 58841) @@ -74,9 +74,8 @@ TODO: check CVE-2017-17810 (In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown ...) - nasm 2.13.02-0.1 - NOTE: http://repo.or.cz/nasm.git/commit/59ce1c67b16967c652765e62aa130b7e43f21dd4 + NOTE: http://repo.or.cz/nasm.git/commit/59ce1c67b16967c652765e62aa130b7e43f21dd4 (nasm-2.13.02rc3) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392431 - TODO: check CVE-2017-17809 (In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice ...) NOT-FOR-US: Golden Frog VyprVPN CVE-2017-17808 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58840 - data/CVE
Author: hertzog Date: 2017-12-22 12:02:23 + (Fri, 22 Dec 2017) New Revision: 58840 Modified: data/CVE/list Log: All nasm issues are fixed in the last upstream release The 2.14rc0 release tested by the researcher is a tag roughly matching the state of 2.13, lacking fixes made later in the nasm-2.13.xx branch but including a few changes from the "elf" branch that have been merged in the master branch too. There's a slight chance that the commits from the elf branch are responsible for some of the issues reported and closed with ?\194?\171 No longer triggers with upcoming 2.13.02 (will be released soon) ?\194?\187, thus I mailed Cyrill Gorcunov to double check this with him. Modified: data/CVE/list === --- data/CVE/list 2017-12-22 11:51:50 UTC (rev 58839) +++ data/CVE/list 2017-12-22 12:02:23 UTC (rev 58840) @@ -30,50 +30,50 @@ CVE-2017-17821 (WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology ...) TODO: check CVE-2017-17820 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in ...) - - nasm + - nasm 2.13.02-0.1 NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392433 TODO: check CVE-2017-17819 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access ...) - - nasm + - nasm 2.13.02-0.1 NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392435 NOTE: http://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af TODO: check CVE-2017-17818 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer ...) - - nasm + - nasm 2.13.02-0.1 NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392428 TODO: check CVE-2017-17817 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in ...) - - nasm + - nasm 2.13.02-0.1 NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392427 TODO: check CVE-2017-17816 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in ...) - - nasm + - nasm 2.13.02-0.1 NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392426 TODO: check CVE-2017-17815 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access ...) - - nasm + - nasm 2.13.02-0.1 NOTE: http://repo.or.cz/nasm.git/commit/c9244eaadd05b27637cde06021bac3fa1d920aa3 NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392436 TODO: check CVE-2017-17814 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in ...) - - nasm + - nasm 2.13.02-0.1 NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392430 TODO: check CVE-2017-17813 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the ...) - - nasm + - nasm 2.13.02-0.1 NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392429 TODO: check CVE-2017-17812 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer ...) - - nasm + - nasm 2.13.02-0.1 NOTE: http://repo.or.cz/nasm.git/commit/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9 NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392424 TODO: check CVE-2017-17811 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer ...) - - nasm + - nasm 2.13.02-0.1 NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392432 TODO: check CVE-2017-17810 (In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown ...) - - nasm + - nasm 2.13.02-0.1 NOTE: http://repo.or.cz/nasm.git/commit/59ce1c67b16967c652765e62aa130b7e43f21dd4 NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392431 TODO: check ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58839 - in data: . DLA
Author: pochu Date: 2017-12-22 11:51:50 + (Fri, 22 Dec 2017) New Revision: 58839 Modified: data/DLA/list data/dla-needed.txt Log: irssi wheezy update fixed CVE-2017-5356, not CVE-2017-5196 which is 0.8.18+ Modified: data/DLA/list === --- data/DLA/list 2017-12-22 11:06:00 UTC (rev 58838) +++ data/DLA/list 2017-12-22 11:51:50 UTC (rev 58839) @@ -1,5 +1,5 @@ [21 Dec 2017] DLA-1217-1 irssi - security update - {CVE-2017-5193 CVE-2017-5194 CVE-2017-5196 CVE-2017-15227 CVE-2017-15228 CVE-2017-15721 CVE-2017-15722} + {CVE-2017-5193 CVE-2017-5194 CVE-2017-5356 CVE-2017-15227 CVE-2017-15228 CVE-2017-15721 CVE-2017-15722} [wheezy] - irssi 0.8.15-5+deb7u4 [21 Dec 2017] DLA-1216-1 wordpress - security update {CVE-2017-17091 CVE-2017-17092 CVE-2017-17093 CVE-2017-17094} Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-12-22 11:06:00 UTC (rev 58838) +++ data/dla-needed.txt 2017-12-22 11:51:50 UTC (rev 58839) @@ -30,8 +30,6 @@ -- imagemagick (Markus Koschany) -- -irssi --- lame (Hugo Lefeuvre) NOTE: Couldn't reproduce CVE-2017-{69-72}, but successfully reproduced CVE-2017-150{18,45,46} NOTE: 20171120: Backporting 3.100 is not conceivable, diff >40k lines. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58838 - data
Author: hertzog Date: 2017-12-22 11:06:00 + (Fri, 22 Dec 2017) New Revision: 58838 Modified: data/dla-needed.txt Log: Add enigmail to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-12-22 10:16:06 UTC (rev 58837) +++ data/dla-needed.txt 2017-12-22 11:06:00 UTC (rev 58838) @@ -19,6 +19,9 @@ couchdb NOTE: Only in wheezy, we are on our own. -- +enigmail + NOTE: we should backport 2:1.9.9-1 just like in jessie/stretch. +-- gimp (Emilio Pozuelo) -- graphicsmagick (Markus Koschany) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58837 - data
Author: pochu Date: 2017-12-22 10:16:06 + (Fri, 22 Dec 2017) New Revision: 58837 Modified: data/dla-needed.txt Log: dla: claim python probably no-dsa Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-12-22 09:43:23 UTC (rev 58836) +++ data/dla-needed.txt 2017-12-22 10:16:06 UTC (rev 58837) @@ -57,13 +57,13 @@ -- ohcount -- -python2.6 +python2.6 (Emilio Pozuelo) NOTE: webbrowser.py as binary is hard to exploit, but when using it as an import then it may be possible to trigger something. Should be fixed to be on the safe side even though it is not an urgent problem. -- -python2.7 +python2.7 (Emilio Pozuelo) NOTE: webbrowser.py as binary is hard to exploit, but when using it as an import then it may be possible to trigger something. Should be fixed to be on the safe side even though it is not an urgent problem. -- -python3.2 +python3.2 (Emilio Pozuelo) NOTE: webbrowser.py as binary is hard to exploit, but when using it as an import then it may be possible to trigger something. Should be fixed to be on the safe side even though it is not an urgent problem. -- rsync (Thorsten Alteholz) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58836 - data/CVE
Author: carnil Date: 2017-12-22 09:43:23 + (Fri, 22 Dec 2017) New Revision: 58836 Modified: data/CVE/list Log: Process NFUs Modified: data/CVE/list === --- data/CVE/list 2017-12-22 09:43:12 UTC (rev 58835) +++ data/CVE/list 2017-12-22 09:43:23 UTC (rev 58836) @@ -10388,7 +10388,7 @@ CVE-2017-16728 RESERVED CVE-2017-16727 (A Credentials Management issue was discovered in Moxa NPort W2150A ...) - TODO: check + NOT-FOR-US: Moxa CVE-2017-16726 RESERVED CVE-2017-16725 (A Stack-based Buffer Overflow issue was discovered in Xiongmai ...) @@ -17344,7 +17344,7 @@ CVE-2017-14364 RESERVED CVE-2017-14363 (Cross-Site Scripting (XSS) vulnerability has been identified in Micro ...) - TODO: check + NOT-FOR-US: Micro Focus Operations Manager CVE-2017-14362 (Cross-Site Request Forgery vulnerability in Micro Focus Project and ...) NOT-FOR-US: Micro Focus Project and Portfolio Management Center CVE-2017-14361 (Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58835 - data/CVE
Author: carnil Date: 2017-12-22 09:43:12 + (Fri, 22 Dec 2017) New Revision: 58835 Modified: data/CVE/list Log: Sort top-down entries Modified: data/CVE/list === --- data/CVE/list 2017-12-22 09:10:16 UTC (rev 58834) +++ data/CVE/list 2017-12-22 09:43:12 UTC (rev 58835) @@ -2,8 +2,8 @@ RESERVED CVE-2017- [Multiple Enigmail issues] - enigmail 2:1.9.9-1 + [stretch] - enigmail 2:1.9.9-1~deb9u1 [jessie] - enigmail 2:1.9.9-1~deb8u1 - [stretch] - enigmail 2:1.9.9-1~deb9u1 NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf CVE-2017-17831 (GitHub Git LFS before 2.1.1 allows remote attackers to execute ...) - git-lfs (Fixed before initial upload to Debian) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58834 - data/CVE
Author: sectracker Date: 2017-12-22 09:10:16 + (Fri, 22 Dec 2017) New Revision: 58834 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-12-22 08:55:48 UTC (rev 58833) +++ data/CVE/list 2017-12-22 09:10:16 UTC (rev 58834) @@ -10387,8 +10387,8 @@ RESERVED CVE-2017-16728 RESERVED -CVE-2017-16727 - RESERVED +CVE-2017-16727 (A Credentials Management issue was discovered in Moxa NPort W2150A ...) + TODO: check CVE-2017-16726 RESERVED CVE-2017-16725 (A Stack-based Buffer Overflow issue was discovered in Xiongmai ...) @@ -17343,8 +17343,8 @@ RESERVED CVE-2017-14364 RESERVED -CVE-2017-14363 - RESERVED +CVE-2017-14363 (Cross-Site Scripting (XSS) vulnerability has been identified in Micro ...) + TODO: check CVE-2017-14362 (Cross-Site Request Forgery vulnerability in Micro Focus Project and ...) NOT-FOR-US: Micro Focus Project and Portfolio Management Center CVE-2017-14361 (Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio ...) @@ -20624,6 +20624,7 @@ NOTE: https://github.com/wolfSSL/wolfssl/pull/1229 NOTE: https://robotattack.org/ CVE-2017-13098 (BouncyCastle TLS prior to version 1.0.3, when configured to use the ...) + {DSA-4072-1} - bouncycastle 1.58-1 (bug #884241) [jessie] - bouncycastle (Vulnerable code introduced in 1.56 with tls API addition) [wheezy] - bouncycastle (Vulnerable code not present) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58831 - data
Author: lamby Date: 2017-12-22 08:55:37 + (Fri, 22 Dec 2017) New Revision: 58831 Modified: data/dla-needed.txt Log: Triage irssi for LTS Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-12-22 06:37:32 UTC (rev 58830) +++ data/dla-needed.txt 2017-12-22 08:55:37 UTC (rev 58831) @@ -27,6 +27,8 @@ -- imagemagick (Markus Koschany) -- +irssi +-- lame (Hugo Lefeuvre) NOTE: Couldn't reproduce CVE-2017-{69-72}, but successfully reproduced CVE-2017-150{18,45,46} NOTE: 20171120: Backporting 3.100 is not conceivable, diff >40k lines. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58833 - data/CVE
Author: lamby Date: 2017-12-22 08:55:48 + (Fri, 22 Dec 2017) New Revision: 58833 Modified: data/CVE/list Log: Add link to https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf for recent enigmail issue. Modified: data/CVE/list === --- data/CVE/list 2017-12-22 08:55:38 UTC (rev 58832) +++ data/CVE/list 2017-12-22 08:55:48 UTC (rev 58833) @@ -4,6 +4,7 @@ - enigmail 2:1.9.9-1 [jessie] - enigmail 2:1.9.9-1~deb8u1 [stretch] - enigmail 2:1.9.9-1~deb9u1 + NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf CVE-2017-17831 (GitHub Git LFS before 2.1.1 allows remote attackers to execute ...) - git-lfs (Fixed before initial upload to Debian) NOTE: https://github.com/git-lfs/git-lfs/pull/2242 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58832 - data
Author: lamby Date: 2017-12-22 08:55:38 + (Fri, 22 Dec 2017) New Revision: 58832 Modified: data/dla-needed.txt Log: Re-order rtpproxy in data/dla-needed.txt.. u > t in my locale! Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-12-22 08:55:37 UTC (rev 58831) +++ data/dla-needed.txt 2017-12-22 08:55:38 UTC (rev 58832) @@ -68,13 +68,13 @@ -- rsync (Thorsten Alteholz) -- +rtpproxy + NOTE: it's not clear to me if a fix is even possible. -- Raphaël Hertzog +-- ruby1.8 (Guido Günther) -- ruby1.9.1 (Guido Günther) -- -rtpproxy - NOTE: it's not clear to me if a fix is even possible. -- Raphaël Hertzog --- swftools (Guido Günther) NOTE: 20171118: At least CVE-2017-16797 is present. (lamby) NOTE: 20171210: likely to be turned into a pkg with limited sec support ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits