[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] chromium not-affected by VP9 issues
Michael Gilbert pushed to branch master at Debian Security Tracker / security-tracker Commits: 7c868a63 by Michael Gilbert at 2018-02-11T03:43:35+00:00 chromium not-affected by VP9 issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -944,10 +944,7 @@ CVE-2017-18121 (The consentAdmin module in SimpleSAMLphp through 1.14.15 is vuln CVE-2018-6549 RESERVED CVE-2018-6548 (A use-after-free issue was discovered in libwebm through 2018-02-02. If ...) - - chromium-browser - [stretch] - chromium-browser (Wait until this lands in a Chromium release) - [jessie] - chromium-browser (End of life, see DSA 4020) - [wheezy] - chromium-browser (Not supported in wheezy LTS) + - chromium-browser (chromium is built with support for VP9 disabled in debian) NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1493 NOTE: https://github.com/dwfault/PoCs/blob/master/libwebm%20Vp9HeaderParser%20UAF%20by%20PrintVP9Info/libwebm%20Vp9HeaderParser%20UAF%20by%20PrintVP9Info.md CVE-2018-6547 @@ -1380,10 +1377,7 @@ CVE-2018-6408 (An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 CVE-2018-6407 (An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 ...) NOT-FOR-US: CIPCAMPTIWL devices CVE-2018-6406 (The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in ...) - - chromium-browser - [stretch] - chromium-browser (Wait until this lands in a Chromium release) - [jessie] - chromium-browser (End of life, see DSA 4020) - [wheezy] - chromium-browser (Not supported in wheezy LTS) + - chromium-browser (chromium is built with support for VP9 disabled in debian) NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1492 NOTE: https://github.com/dwfault/PoCs/blob/master/libwebm%20ParseVP9SuperFrameIndex%20memory%20corruption/libwebm%20ParseVP9SuperFrameIndex%20OOB%20read.md CVE-2018-6405 (In the ReadDCMImage function in coders/dcm.c in ImageMagick before ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7c868a631dc8768eab552ca5010afe9bb5638dd5 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7c868a631dc8768eab552ca5010afe9bb5638dd5 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r58487 - in data: . DSA
Author: mgilbert
Date: 2017-12-12 11:14:40 + (Tue, 12 Dec 2017)
New Revision: 58487
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
chromium dsa
Modified: data/DSA/list
===
--- data/DSA/list 2017-12-12 10:18:26 UTC (rev 58486)
+++ data/DSA/list 2017-12-12 11:14:40 UTC (rev 58487)
@@ -1,3 +1,6 @@
+[12 Dec 2017] DSA-4064-1 chromium-browser - security update
+ {CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410
CVE-2017-15411 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417
CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15423 CVE-2017-15424
CVE-2017-15425 CVE-2017-15426 CVE-2017-15427}
+ [stretch] - chromium-browser 63.0.3239.84-1~deb9u1
[11 Dec 2017] DSA-4063-1 pdns-recursor - security update
{CVE-2017-15120}
[stretch] - pdns-recursor 4.0.4-1+deb9u3
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2017-12-12 10:18:26 UTC (rev 58486)
+++ data/dsa-needed.txt 2017-12-12 11:14:40 UTC (rev 58487)
@@ -16,8 +16,6 @@
--
asterisk
--
-chromium-browser
---
graphicsmagick
--
libav/oldstable
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57450 - data/DSA
Author: mgilbert
Date: 2017-11-08 12:12:17 + (Wed, 08 Nov 2017)
New Revision: 57450
Modified:
data/DSA/list
Log:
chromium dsa
Modified: data/DSA/list
===
--- data/DSA/list 2017-11-08 10:34:40 UTC (rev 57449)
+++ data/DSA/list 2017-11-08 12:12:17 UTC (rev 57450)
@@ -1,3 +1,6 @@
+[08 Nov 2017] DSA-4024-1 chromium-browser - security update
+ {CVE-2017-15398 CVE-2017-15399}
+ [stretch] - chromium-browser 62.0.3202.89-1~deb9u1
[07 Nov 2017] DSA-4023-1 slurm-llnl - security update
{CVE-2017-15566}
[stretch] - slurm-llnl 16.05.9-1+deb9u1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57428 - data/CVE
Author: mgilbert Date: 2017-11-08 01:46:06 + (Wed, 08 Nov 2017) New Revision: 57428 Modified: data/CVE/list Log: nfus Modified: data/CVE/list === --- data/CVE/list 2017-11-08 00:15:45 UTC (rev 57427) +++ data/CVE/list 2017-11-08 01:46:06 UTC (rev 57428) @@ -17,9 +17,9 @@ CVE-2017-16637 (In Vectura Perfect Privacy VPN Manager v1.10.10 and v1.10.11, when ...) NOT-FOR-US: Vectura Perfect Privacy VPN Manager CVE-2017-16636 (In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new ...) - TODO: check + NOT-FOR-US: Bludit CVE-2017-16635 (In TinyWebGallery v2.4, an XSS vulnerability is located in the ...) - TODO: check + NOT-FOR-US: TinyWebGallery CVE-2017-16634 RESERVED CVE-2017-16633 @@ -7342,7 +7342,7 @@ CVE-2017-14017 (An Uncontrolled Search Path Element issue was discovered in Progea ...) NOT-FOR-US: Progea Movicon CVE-2017-14016 (A Stack-based Buffer Overflow issue was discovered in Advantech ...) - TODO: check + NOT-FOR-US: Advantech CVE-2017-14015 RESERVED CVE-2017-14014 @@ -11185,7 +11185,7 @@ CVE-2017-12720 RESERVED CVE-2017-12719 (An Untrusted Pointer Dereference issue was discovered in Advantech ...) - TODO: check + NOT-FOR-US: Advantech CVE-2017-12718 RESERVED CVE-2017-12717 (An Uncontrolled Search Path Element issue was discovered in Advantech ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57389 - data/CVE
Author: mgilbert
Date: 2017-11-07 02:36:56 + (Tue, 07 Nov 2017)
New Revision: 57389
Modified:
data/CVE/list
Log:
nfus
Modified: data/CVE/list
===
--- data/CVE/list 2017-11-06 22:07:48 UTC (rev 57388)
+++ data/CVE/list 2017-11-07 02:36:56 UTC (rev 57389)
@@ -133,11 +133,11 @@
CVE-2017-16566
RESERVED
CVE-2017-16565 (Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage
...)
- TODO: check
+ NOT-FOR-US: Vonage
CVE-2017-16564 (Stored Cross-site scripting (XSS) vulnerability in
/cgi-bin/config2 on ...)
- TODO: check
+ NOT-FOR-US: Vonage
CVE-2017-16563 (Cross-Site Request Forgery (CSRF) in the Basic Settings screen
on ...)
- TODO: check
+ NOT-FOR-US: Vonage
CVE-2017-16562
RESERVED
CVE-2017-16561
@@ -1417,7 +1417,7 @@
CVE-2017-16002
RESERVED
CVE-2017-16001 (In HashiCorp Vagrant VMware Fusion plugin (aka
vagrant-vmware-fusion) ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2017-16000 (SQL injection vulnerability in the EyesOfNetwork web interface
(aka ...)
NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-15999 (In the "NQ Contacts Backup & Restore"
application 1.1 for Android, no ...)
@@ -15392,7 +15392,7 @@
CVE-2017-11178 (In FineCMS through 2017-07-11,
application/core/controller/style.php ...)
NOT-FOR-US: FineCMS
CVE-2017-11177 (TRITON AP-EMAIL 8.2 before 8.2 IB does not properly restrict
file ...)
- TODO: check
+ NOT-FOR-US: TRITON
CVE-2017-11176 (The mq_notify function in the Linux kernel through 4.11.9 does
not set ...)
{DSA-3945-1 DSA-3927-1 DLA-1099-1}
- linux 4.11.11-1
@@ -15757,11 +15757,11 @@
CVE-2017-11123
RESERVED
CVE-2017-11122 (On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an
attacker can ...)
- TODO: check
+ NOT-FOR-US: Broadcom
CVE-2017-11121 (On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other
chips, ...)
- TODO: check
+ NOT-FOR-US: Broadcom
CVE-2017-11120 (On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other
chips, ...)
- TODO: check
+ NOT-FOR-US: Broadcom
CVE-2017-9 (The chk_mem_access function in cpu/nes6502/nes6502.c in
libnosefart.a ...)
- xine-lib-1.2 (it is built with --disable-nosefart)
- xine-lib (it is built with --disable-nosefart)
@@ -26909,7 +26909,7 @@
CVE-2017-7426
RESERVED
CVE-2017-7425 (Multiple potential reflected XSS issues exist in NetIQ iManager
...)
- TODO: check
+ NOT-FOR-US: NetIQ
CVE-2017-7424 (A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro
Focus ...)
NOT-FOR-US: Micro Focus
CVE-2017-7423 (A Cross-Site Request Forgery (CWE-352) vulnerability in
esfadmingui in ...)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r57354 - in data: . CVE DSA
Author: mgilbert
Date: 2017-11-05 21:57:41 + (Sun, 05 Nov 2017)
New Revision: 57354
Modified:
data/CVE/list
data/DSA/list
data/dsa-needed.txt
Log:
chromium dsa
Modified: data/CVE/list
===
--- data/CVE/list 2017-11-05 21:45:13 UTC (rev 57353)
+++ data/CVE/list 2017-11-05 21:57:41 UTC (rev 57354)
@@ -34344,8 +34344,7 @@
CVE-2017-5130
RESERVED
- libxml2 (bug #88)
- - chromium-browser 62.0.3202.75-1
- [wheezy] - chromium-browser (Not supported in Wheezy)
+ - chromium-browser (uses system libxml2)
NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=722079 (not
public)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=783026 (not public)
NOTE: Fixed by:
https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51ed
Modified: data/DSA/list
===
--- data/DSA/list 2017-11-05 21:45:13 UTC (rev 57353)
+++ data/DSA/list 2017-11-05 21:57:41 UTC (rev 57354)
@@ -1,3 +1,6 @@
+[05 Nov 2017] DSA-4020-1 chromium-browser - security update
+ {CVE-2017-5124 CVE-2017-5125 CVE-2017-5126 CVE-2017-5127 CVE-2017-5128
CVE-2017-5129 CVE-2017-5131 CVE-2017-5132 CVE-2017-5133 CVE-2017-15386
CVE-2017-15387 CVE-2017-15388 CVE-2017-15389 CVE-2017-15390 CVE-2017-15391
CVE-2017-15392 CVE-2017-15393 CVE-2017-15394 CVE-2017-15395 CVE-2017-15396}
+ [stretch] - chromium-browser 62.0.3202.75-1~deb9u1
[05 Nov 2017] DSA-4019-1 imagemagick - security update
{CVE-2017-9500 CVE-2017-11446 CVE-2017-11523 CVE-2017-11533
CVE-2017-11535 CVE-2017-11537 CVE-2017-11639 CVE-2017-11640 CVE-2017-12428
CVE-2017-12431 CVE-2017-12432 CVE-2017-12434 CVE-2017-12587 CVE-2017-12640
CVE-2017-12671 CVE-2017-13139 CVE-2017-13140 CVE-2017-13141 CVE-2017-13142
CVE-2017-13143 CVE-2017-13144 CVE-2017-13145}
[stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u2
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2017-11-05 21:45:13 UTC (rev 57353)
+++ data/dsa-needed.txt 2017-11-05 21:57:41 UTC (rev 57354)
@@ -14,8 +14,6 @@
--
389-ds-base (fw)
--
-chromium-browser
---
graphicsmagick
--
jackson-databind
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r56222 - in data: . DSA
Author: mgilbert
Date: 2017-09-28 12:40:46 + (Thu, 28 Sep 2017)
New Revision: 56222
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
chromium dsa
Modified: data/DSA/list
===
--- data/DSA/list 2017-09-28 12:00:34 UTC (rev 56221)
+++ data/DSA/list 2017-09-28 12:40:46 UTC (rev 56222)
@@ -1,3 +1,6 @@
+[28 Sep 2017] DSA-3985-1 chromium-browser - security update
+ {CVE-2017-5111 CVE-2017-5112 CVE-2017-5113 CVE-2017-5114 CVE-2017-5115
CVE-2017-5116 CVE-2017-5117 CVE-2017-5118 CVE-2017-5119 CVE-2017-5120
CVE-2017-5121 CVE-2017-5122}
+ [stretch] - chromium-browser 61.0.3163.100-1~deb9u1
[26 Sep 2017] DSA-3984-1 git - security update
[jessie] - git 1:2.1.4-2.1+deb8u5
[stretch] - git 1:2.11.0-3+deb9u2
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2017-09-28 12:00:34 UTC (rev 56221)
+++ data/dsa-needed.txt 2017-09-28 12:40:46 UTC (rev 56222)
@@ -17,8 +17,6 @@
asterisk
Maintainer proposed update, needs review and ack for upload
--
-chromium-browser
---
curl (ghedo)
--
ghostscript (carnil)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r49702 - in data: . DSA
Author: mgilbert
Date: 2017-03-15 12:17:38 + (Wed, 15 Mar 2017)
New Revision: 49702
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
chromium dsa
Modified: data/DSA/list
===
--- data/DSA/list 2017-03-15 09:10:13 UTC (rev 49701)
+++ data/DSA/list 2017-03-15 12:17:38 UTC (rev 49702)
@@ -1,3 +1,6 @@
+[15 Mar 2017] DSA-3810-1 chromium-browser - security update
+ {CVE-2017-5029 CVE-2017-5030 CVE-2017-5031 CVE-2017-5032 CVE-2017-5033
CVE-2017-5034 CVE-2017-5035 CVE-2017-5036 CVE-2017-5037 CVE-2017-5038
CVE-2017-5039 CVE-2017-5040 CVE-2017-5041 CVE-2017-5042 CVE-2017-5043
CVE-2017-5044 CVE-2017-5045 CVE-2017-5046}
+ [jessie] - chromium-browser 57.0.2987.98-1~deb8u1
[14 Mar 2017] DSA-3809-1 mariadb-10.0 - security update
{CVE-2017-3302 CVE-2017-3313}
[jessie] - mariadb-10.0 10.0.30-0+deb8u1
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2017-03-15 09:10:13 UTC (rev 49701)
+++ data/dsa-needed.txt 2017-03-15 12:17:38 UTC (rev 49702)
@@ -16,8 +16,6 @@
--
389-ds-base (fw)
--
-chromium-browser
---
graphicsmagick
--
icedove
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r49228 - data/CVE
Author: mgilbert Date: 2017-02-26 04:41:10 + (Sun, 26 Feb 2017) New Revision: 49228 Modified: data/CVE/list Log: stretch no-dsa for policykit, busybox issues Modified: data/CVE/list === --- data/CVE/list 2017-02-26 04:18:42 UTC (rev 49227) +++ data/CVE/list 2017-02-26 04:41:10 UTC (rev 49228) @@ -38441,6 +38441,7 @@ NOTE: Upstream confirmed it does not affect squid 2.7.x CVE-2016-2568 (pkexec, when used with --user nonpriv, allows local users to escape to ...) - policykit-1 (bug #816062; bug #812512) + [stretch] - policykit-1 (Minor issue) [jessie] - policykit-1 (Minor issue) [wheezy] - policykit-1 (Minor issue) NOTE: Restricting ioctl on the kernel side seems the better approach @@ -40064,11 +40065,13 @@ NOT-FOR-US: OpenShift CVE-2016-2148 (Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox ...) - busybox (bug #818497) + [stretch] - busybox (Minor issue) [jessie] - busybox (Minor issue) [wheezy] - busybox (Minor issue) NOTE: https://git.busybox.net/busybox/commit/?id=352f79acbd759c14399e39baef21fc4ffe180ac2 CVE-2016-2147 (Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 ...) - busybox (bug #818499) + [stretch] - busybox (Minor issue) [jessie] - busybox (Minor issue) [wheezy] - busybox (Minor issue) NOTE: https://git.busybox.net/busybox/commit/?id=d474ffc68290e0a83651c4432eeabfa62cd51e87 @@ -49087,6 +49090,7 @@ NOTE: http://git.ganeti.org/?p=ganeti.git;a=commit;h=201fcb916b8164c78f4ed8e0c9cfc0227a78684c CVE-2015- [busybox: pointer misuse unziping files] - busybox (bug #803097) + [stretch] - busybox (Minor issue) [jessie] - busybox (Minor issue) [wheezy] - busybox (Minor issue) [squeeze] - busybox 1:1.17.1-8+deb6u11 @@ -56146,6 +56150,7 @@ CVE-2011-5325 [Directory traversal via crafted tar file which contains a symlink pointing outside of the current directory] RESERVED - busybox (bug #802702) + [stretch] - busybox (Minor issue) [jessie] - busybox (Minor issue) [wheezy] - busybox (Minor issue) [squeeze] - busybox (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r49226 - in data: . CVE DSA
Author: mgilbert
Date: 2017-02-26 02:15:40 + (Sun, 26 Feb 2017)
New Revision: 49226
Modified:
data/CVE/list
data/DSA/list
data/dsa-needed.txt
Log:
bind dsa
Modified: data/CVE/list
===
--- data/CVE/list 2017-02-26 00:58:23 UTC (rev 49225)
+++ data/CVE/list 2017-02-26 02:15:40 UTC (rev 49226)
@@ -27138,6 +27138,7 @@
NOTE: https://gitlab.labs.nic.cz/labs/knot/issues/464
CVE-2016-6170 (ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x
...)
- bind9 (bug #830810)
+ [stretch] - bind9 (Minor issue)
[jessie] - bind9 (Minor issue)
[wheezy] - bind9 (Minor issue)
NOTE: Fixed by
https://github.com/sischkg/xfer-limit/blob/master/bind-9.10.3-xfer-limit-0.0.1.patch
Modified: data/DSA/list
===
--- data/DSA/list 2017-02-26 00:58:23 UTC (rev 49225)
+++ data/DSA/list 2017-02-26 02:15:40 UTC (rev 49226)
@@ -1,3 +1,6 @@
+[26 Feb 2017] DSA-3795-1 bind9 - security update
+ {CVE-2017-3135}
+ [jessie] - bind9 1:9.9.5.dfsg-9+deb8u10
[25 Feb 2017] DSA-3794-1 munin - security update
{CVE-2017-6188}
[jessie] - munin 2.0.25-1+deb8u1
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2017-02-26 00:58:23 UTC (rev 49225)
+++ data/dsa-needed.txt 2017-02-26 02:15:40 UTC (rev 49226)
@@ -18,10 +18,6 @@
sf is working on an update, but needs extra testing due to invasive changes
upload ack'ed
--
-bind9
- carnil: prepared tentative update, sent to mgilbert and team
- Testpackages: https://people.debian.org/~carnil/tmp/bind9/
---
graphicsmagick
--
icedove
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r49065 - data/CVE
Author: mgilbert Date: 2017-02-20 01:11:59 + (Mon, 20 Feb 2017) New Revision: 49065 Modified: data/CVE/list Log: bind fixed Modified: data/CVE/list === --- data/CVE/list 2017-02-19 21:10:12 UTC (rev 49064) +++ data/CVE/list 2017-02-20 01:11:59 UTC (rev 49065) @@ -8271,7 +8271,7 @@ RESERVED CVE-2017-3135 [Assertion failure when using DNS64 and RPZ can lead to crash] RESERVED - - bind9 (bug #855520) + - bind9 1:9.10.3.dfsg.P4-12 (bug #855520) NOTE: https://kb.isc.org/article/AA-01453 NOTE: Fixed by https://bugzilla.redhat.com/attachment.cgi?id=1248550 (diff between bind-9.9.9-P5 and bind-9.9.9-P6) CVE-2017-3134 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r48728 - data/CVE
Author: mgilbert Date: 2017-02-05 21:37:52 + (Sun, 05 Feb 2017) New Revision: 48728 Modified: data/CVE/list Log: new irssi issues, one also present in jessie Modified: data/CVE/list === --- data/CVE/list 2017-02-05 21:28:56 UTC (rev 48727) +++ data/CVE/list 2017-02-05 21:37:52 UTC (rev 48728) @@ -1,3 +1,10 @@ +CVE-2017- [irssi memory leak] + - irssi + [jessie] - irssi (support for sasl not present) + NOTE: http://www.openwall.com/lists/oss-security/2017/02/05/8 +CVE-2017- [irssi missing null terminator] + - irssi + NOTE: http://www.openwall.com/lists/oss-security/2017/02/05/8 CVE-2016-10206 - zoneminder (bug #854272) [jessie] - zoneminder (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r48583 - data/CVE
Author: mgilbert Date: 2017-01-31 01:27:58 + (Tue, 31 Jan 2017) New Revision: 48583 Modified: data/CVE/list Log: chromium linked to ffmpeg Modified: data/CVE/list === --- data/CVE/list 2017-01-31 01:17:35 UTC (rev 48582) +++ data/CVE/list 2017-01-31 01:27:58 UTC (rev 48583) @@ -2076,12 +2076,12 @@ [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5025 RESERVED - - chromium-browser + - chromium-browser 44.0.2403.157-1 [wheezy] - chromium-browser (Not supported in Wheezy) - ffmpeg CVE-2017-5024 RESERVED - - chromium-browser + - chromium-browser 44.0.2403.157-1 [wheezy] - chromium-browser (Not supported in Wheezy) - ffmpeg CVE-2017-5023 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r48582 - data/DSA
Author: mgilbert
Date: 2017-01-31 01:17:35 + (Tue, 31 Jan 2017)
New Revision: 48582
Modified:
data/DSA/list
Log:
add missing chromium cve
Modified: data/DSA/list
===
--- data/DSA/list 2017-01-31 00:56:47 UTC (rev 48581)
+++ data/DSA/list 2017-01-31 01:17:35 UTC (rev 48582)
@@ -1,5 +1,5 @@
[31 Jan 2017] DSA-3776-1 chromium-browser - security update
- {CVE-2017-5006 CVE-2017-5007 CVE-2017-5008 CVE-2017-5009 CVE-2017-5010
CVE-2017-5012 CVE-2017-5013 CVE-2017-5014 CVE-2017-5015 CVE-2017-5016
CVE-2017-5017 CVE-2017-5018 CVE-2017-5019 CVE-2017-5020 CVE-2017-5021
CVE-2017-5022 CVE-2017-5023 CVE-2017-5024 CVE-2017-5025 CVE-2017-5026}
+ {CVE-2017-5006 CVE-2017-5007 CVE-2017-5008 CVE-2017-5009 CVE-2017-5010
CVE-2017-5011 CVE-2017-5012 CVE-2017-5013 CVE-2017-5014 CVE-2017-5015
CVE-2017-5016 CVE-2017-5017 CVE-2017-5018 CVE-2017-5019 CVE-2017-5020
CVE-2017-5021 CVE-2017-5022 CVE-2017-5023 CVE-2017-5024 CVE-2017-5025
CVE-2017-5026}
[jessie] - chromium-browser 56.0.2924.76-1~deb8u1
[29 Jan 2017] DSA-3775-1 tcpdump - security update
{CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925 CVE-2016-7926
CVE-2016-7927 CVE-2016-7928 CVE-2016-7929 CVE-2016-7930 CVE-2016-7931
CVE-2016-7932 CVE-2016-7933 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936
CVE-2016-7937 CVE-2016-7938 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973
CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984 CVE-2016-7985
CVE-2016-7986 CVE-2016-7992 CVE-2016-7993 CVE-2016-8574 CVE-2016-8575
CVE-2017-5202 CVE-2017-5203 CVE-2017-5204 CVE-2017-5205 CVE-2017-5341
CVE-2017-5342 CVE-2017-5482 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485
CVE-2017-5486}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r48581 - in data: . DSA
Author: mgilbert
Date: 2017-01-31 00:56:47 + (Tue, 31 Jan 2017)
New Revision: 48581
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
chromium dsa
Modified: data/DSA/list
===
--- data/DSA/list 2017-01-30 23:55:28 UTC (rev 48580)
+++ data/DSA/list 2017-01-31 00:56:47 UTC (rev 48581)
@@ -1,3 +1,6 @@
+[31 Jan 2017] DSA-3776-1 chromium-browser - security update
+ {CVE-2017-5006 CVE-2017-5007 CVE-2017-5008 CVE-2017-5009 CVE-2017-5010
CVE-2017-5012 CVE-2017-5013 CVE-2017-5014 CVE-2017-5015 CVE-2017-5016
CVE-2017-5017 CVE-2017-5018 CVE-2017-5019 CVE-2017-5020 CVE-2017-5021
CVE-2017-5022 CVE-2017-5023 CVE-2017-5024 CVE-2017-5025 CVE-2017-5026}
+ [jessie] - chromium-browser 56.0.2924.76-1~deb8u1
[29 Jan 2017] DSA-3775-1 tcpdump - security update
{CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925 CVE-2016-7926
CVE-2016-7927 CVE-2016-7928 CVE-2016-7929 CVE-2016-7930 CVE-2016-7931
CVE-2016-7932 CVE-2016-7933 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936
CVE-2016-7937 CVE-2016-7938 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973
CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984 CVE-2016-7985
CVE-2016-7986 CVE-2016-7992 CVE-2016-7993 CVE-2016-8574 CVE-2016-8575
CVE-2017-5202 CVE-2017-5203 CVE-2017-5204 CVE-2017-5205 CVE-2017-5341
CVE-2017-5342 CVE-2017-5482 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485
CVE-2017-5486}
[jessie] - tcpdump 4.9.0-1~deb8u1
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2017-01-30 23:55:28 UTC (rev 48580)
+++ data/dsa-needed.txt 2017-01-31 00:56:47 UTC (rev 48581)
@@ -21,8 +21,6 @@
John Lightsey from cPanel provided patches for 4 vulnerabilities.
CVEs asked on oss-sec.
--
-chromium-browser
---
graphicsmagick
--
icedove
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r48268 - data/CVE
Author: mgilbert Date: 2017-01-22 06:55:59 + (Sun, 22 Jan 2017) New Revision: 48268 Modified: data/CVE/list Log: bind issue not fixed in experimental Modified: data/CVE/list === --- data/CVE/list 2017-01-21 21:10:12 UTC (rev 48267) +++ data/CVE/list 2017-01-22 06:55:59 UTC (rev 48268) @@ -24551,7 +24551,6 @@ NOTE: https://gitlab.labs.nic.cz/labs/knot/merge_requests/541 NOTE: https://gitlab.labs.nic.cz/labs/knot/issues/464 CVE-2016-6170 (ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x ...) - [experimental] - bind9 1:9.10.4-P5-1 - bind9 (bug #830810) [jessie] - bind9 (Minor issue) [wheezy] - bind9 (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r47660 - data
Author: mgilbert Date: 2017-01-02 00:46:13 + (Mon, 02 Jan 2017) New Revision: 47660 Modified: data/embedded-code-copies Log: qtwebengine embeds chromium (its third party too) Modified: data/embedded-code-copies === --- data/embedded-code-copies 2017-01-01 23:56:04 UTC (rev 47659) +++ data/embedded-code-copies 2017-01-02 00:46:13 UTC (rev 47660) @@ -3232,3 +3232,6 @@ glm - warzone2100 (embed) + +chromium-browser + - qtwebengine-opensource-src ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46977 - in data: . CVE DSA
Author: mgilbert
Date: 2016-12-11 20:53:33 + (Sun, 11 Dec 2016)
New Revision: 46977
Modified:
data/CVE/list
data/DSA/list
data/embedded-code-copies
Log:
clarify chromium ffmpeg issue (package in unstable now uses system ffmpeg)
Modified: data/CVE/list
===
--- data/CVE/list 2016-12-11 20:53:15 UTC (rev 46976)
+++ data/CVE/list 2016-12-11 20:53:33 UTC (rev 46977)
@@ -22901,7 +22901,7 @@
NOTE: libv8 not covered by security support
CVE-2016-5199 [heap corruption in ffmpeg]
RESERVED
- - chromium-browser
+ - chromium-browser 44.0.2403.157-1
[wheezy] - chromium-browser (Not supported in Wheezy)
- ffmpeg 7:3.2-1
- libav
Modified: data/DSA/list
===
--- data/DSA/list 2016-12-11 20:53:15 UTC (rev 46976)
+++ data/DSA/list 2016-12-11 20:53:33 UTC (rev 46977)
@@ -1,5 +1,5 @@
[11 Dec 2016] DSA-3731-1 chromium-browser - security update
- {CVE-2016-5181 CVE-2016-5182 CVE-2016-5183 CVE-2016-5184 CVE-2016-5185
CVE-2016-5186 CVE-2016-5187 CVE-2016-5188 CVE-2016-5189 CVE-2016-5190
CVE-2016-5191 CVE-2016-5192 CVE-2016-5193 CVE-2016-5194 CVE-2016-5198
CVE-2016-5200 CVE-2016-5201 CVE-2016-5202 CVE-2016-5203 CVE-2016-5204
CVE-2016-5205 CVE-2016-5206 CVE-2016-5207 CVE-2016-5208 CVE-2016-5209
CVE-2016-5210 CVE-2016-5211 CVE-2016-5212 CVE-2016-5213 CVE-2016-5214
CVE-2016-5215 CVE-2016-5216 CVE-2016-5217 CVE-2016-5218 CVE-2016-5219
CVE-2016-5220 CVE-2016-5221 CVE-2016-5222 CVE-2016-5223 CVE-2016-5224
CVE-2016-5225 CVE-2016-5226 CVE-2016-9650 CVE-2016-9651 CVE-2016-9652}
+ {CVE-2016-5181 CVE-2016-5182 CVE-2016-5183 CVE-2016-5184 CVE-2016-5185
CVE-2016-5186 CVE-2016-5187 CVE-2016-5188 CVE-2016-5189 CVE-2016-5190
CVE-2016-5191 CVE-2016-5192 CVE-2016-5193 CVE-2016-5194 CVE-2016-5198
CVE-2016-5199 CVE-2016-5200 CVE-2016-5201 CVE-2016-5202 CVE-2016-5203
CVE-2016-5204 CVE-2016-5205 CVE-2016-5206 CVE-2016-5207 CVE-2016-5208
CVE-2016-5209 CVE-2016-5210 CVE-2016-5211 CVE-2016-5212 CVE-2016-5213
CVE-2016-5214 CVE-2016-5215 CVE-2016-5216 CVE-2016-5217 CVE-2016-5218
CVE-2016-5219 CVE-2016-5220 CVE-2016-5221 CVE-2016-5222 CVE-2016-5223
CVE-2016-5224 CVE-2016-5225 CVE-2016-5226 CVE-2016-9650 CVE-2016-9651
CVE-2016-9652}
[jessie] - chromium-browser 55.0.2883.75-1~deb8u1
[11 Dec 2016] DSA-3730-1 icedove - security update
{CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 CVE-2016-9066
CVE-2016-9074 CVE-2016-9079}
Modified: data/embedded-code-copies
===
--- data/embedded-code-copies 2016-12-11 20:53:15 UTC (rev 46976)
+++ data/embedded-code-copies 2016-12-11 20:53:33 UTC (rev 46977)
@@ -373,7 +373,7 @@
TODO: gimp-gap (potentially using ffmpeg code as well)
- avifile 1:0.7.48~20090503.ds-1 (embed; bug #538750)
- audacity 1.3.7-2 (embed; bug #512278)
- - chromium-browser (fork; bug #763632)
+ - chromium-browser 44.0.2403.157-1 (fork; bug #763632)
- libav
faad2
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46976 - in data: . DSA
Author: mgilbert
Date: 2016-12-11 20:53:15 + (Sun, 11 Dec 2016)
New Revision: 46976
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
chromium dsa
Modified: data/DSA/list
===
--- data/DSA/list 2016-12-11 19:21:31 UTC (rev 46975)
+++ data/DSA/list 2016-12-11 20:53:15 UTC (rev 46976)
@@ -1,3 +1,6 @@
+[11 Dec 2016] DSA-3731-1 chromium-browser - security update
+ {CVE-2016-5181 CVE-2016-5182 CVE-2016-5183 CVE-2016-5184 CVE-2016-5185
CVE-2016-5186 CVE-2016-5187 CVE-2016-5188 CVE-2016-5189 CVE-2016-5190
CVE-2016-5191 CVE-2016-5192 CVE-2016-5193 CVE-2016-5194 CVE-2016-5198
CVE-2016-5200 CVE-2016-5201 CVE-2016-5202 CVE-2016-5203 CVE-2016-5204
CVE-2016-5205 CVE-2016-5206 CVE-2016-5207 CVE-2016-5208 CVE-2016-5209
CVE-2016-5210 CVE-2016-5211 CVE-2016-5212 CVE-2016-5213 CVE-2016-5214
CVE-2016-5215 CVE-2016-5216 CVE-2016-5217 CVE-2016-5218 CVE-2016-5219
CVE-2016-5220 CVE-2016-5221 CVE-2016-5222 CVE-2016-5223 CVE-2016-5224
CVE-2016-5225 CVE-2016-5226 CVE-2016-9650 CVE-2016-9651 CVE-2016-9652}
+ [jessie] - chromium-browser 55.0.2883.75-1~deb8u1
[11 Dec 2016] DSA-3730-1 icedove - security update
{CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 CVE-2016-9066
CVE-2016-9074 CVE-2016-9079}
[jessie] - icedove 1:45.5.1-1~deb8u1
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-12-11 19:21:31 UTC (rev 46975)
+++ data/dsa-needed.txt 2016-12-11 20:53:15 UTC (rev 46976)
@@ -14,8 +14,6 @@
--
389-ds-base (fw)
--
-chromium-browser
---
graphicsmagick (luciano)
--
jasper (jmm)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46296 - data/CVE
Author: mgilbert Date: 2016-11-18 02:22:54 + (Fri, 18 Nov 2016) New Revision: 46296 Modified: data/CVE/list Log: nfus Modified: data/CVE/list === --- data/CVE/list 2016-11-18 02:22:36 UTC (rev 46295) +++ data/CVE/list 2016-11-18 02:22:54 UTC (rev 46296) @@ -8125,7 +8125,7 @@ CVE-2016-6653 (The MariaDB audit_plugin component in Pivotal Cloud Foundry (PCF) ...) TODO: check CVE-2016-6652 (SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 ...) - TODO: check + NOT-FOR-US: Pivotal Spring Data CVE-2016-6651 (The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before ...) NOT-FOR-US: Pivotal CVE-2016-6650 @@ -8137,9 +8137,9 @@ CVE-2016-6647 (Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 ...) NOT-FOR-US: EMC CVE-2016-6646 (The vApp Managers web application in EMC Unisphere for VMAX Virtual ...) - TODO: check + NOT-FOR-US: VMAX CVE-2016-6645 (The vApp Managers web application in EMC Unisphere for VMAX Virtual ...) - TODO: check + NOT-FOR-US: VMAX CVE-2016-6644 (EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows ...) NOT-FOR-US: EMC CVE-2016-6643 (Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 ...) @@ -8151,7 +8151,7 @@ CVE-2016-6640 RESERVED CVE-2016-6639 (Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP ...) - TODO: check + NOT-FOR-US: Pivotal CVE-2016-6638 RESERVED CVE-2016-6637 (Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal ...) @@ -8732,7 +8732,7 @@ CVE-2016-6551 RESERVED CVE-2016-6550 (The U by BB&T app 1.5.4 and earlier for iOS does not properly verify ...) - TODO: check + NOT-FOR-US: BB&T CVE-2016-6549 RESERVED CVE-2016-6548 @@ -9066,43 +9066,43 @@ CVE-2016-6456 RESERVED CVE-2016-6455 (A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-6454 (A cross-site request forgery (CSRF) vulnerability in the web interface ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-6453 (A vulnerability in the web framework code of Cisco Identity Services ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-6452 (A vulnerability in the web-based graphical user interface (GUI) of ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-6451 (Multiple vulnerabilities in the web framework code of the Cisco Prime ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-6450 RESERVED CVE-2016-6449 RESERVED CVE-2016-6448 (A vulnerability in the Session Description Protocol (SDP) parser of ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-6447 (A vulnerability in Cisco Meeting Server and Meeting App could allow an ...) NOT-FOR-US: Cisco Meeting Server and Meeting App CVE-2016-6446 (A vulnerability in Web Bridge for Cisco Meeting Server could allow an ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-6445 (A vulnerability in the Extensible Messaging and Presence Protocol ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-6444 (A vulnerability in Cisco Meeting Server could allow an unauthenticated, ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-6443 (A vulnerability in the Cisco Prime Infrastructure and Evolved ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-6442 (A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-6441 (A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR ...) NOT-FOR-US: Cisco ASR 900 Series Aggregation Services Routers CVE-2016-6440 (The Cisco Unified Communications Manager (CUCM) may be vulnerable to ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-6439 (A vulnerability in the detection engine reassembly of HTTP packets for ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-6438 (A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-6437 (A vulnerability in the SSL session cache management of Cisco Wide Area ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-6436 (Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 ...) NOT-FOR-US: Cisco CVE-2016-6435 (The web console in Cisco Firepower Management Center 6.0.1 allows ...) @@ -9112,39 +9112,39 @@ CVE-2016-6433 (The Threat Management Console in Cisco Firepower Management Center ...) NOT-FOR-US: Cisco CVE-2016-6432 (A vulnerability in the Identity Firewall feature of Cisco ASA Software ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-6431 (A vulnerability in the local Certificate Authority (CA) feature of ...) - TODO: check +
[Secure-testing-commits] r46295 - data/CVE
Author: mgilbert Date: 2016-11-18 02:22:36 + (Fri, 18 Nov 2016) New Revision: 46295 Modified: data/CVE/list Log: new android issues Modified: data/CVE/list === --- data/CVE/list 2016-11-17 21:42:00 UTC (rev 46294) +++ data/CVE/list 2016-11-18 02:22:36 UTC (rev 46295) @@ -7938,55 +7938,55 @@ CVE-2016-6697 RESERVED CVE-2016-6696 (sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 ...) - TODO: check + - android (bug #459219) CVE-2016-6695 (sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 ...) - TODO: check + - android (bug #459219) CVE-2016-6694 (sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 ...) - TODO: check + - android (bug #459219) CVE-2016-6693 (sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 ...) - TODO: check + - android (bug #459219) CVE-2016-6692 (drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm MDSS driver in ...) - TODO: check + - android (bug #459219) CVE-2016-6691 (service/jni/com_android_server_wifi_Gbk2Utf.cpp in the Qualcomm Wi-Fi ...) - TODO: check + - android (bug #459219) CVE-2016-6690 (The sound driver in the kernel in Android before 2016-10-05 on Nexus ...) - TODO: check + - android (bug #459219) CVE-2016-6689 (Binder in the kernel in Android before 2016-10-05 on Nexus devices ...) - TODO: check + - android (bug #459219) CVE-2016-6688 (The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices ...) - TODO: check + - android (bug #459219) CVE-2016-6687 (The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices ...) - TODO: check + - android (bug #459219) CVE-2016-6686 (The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices ...) - TODO: check + - android (bug #459219) CVE-2016-6685 (The kernel in Android before 2016-10-05 on Nexus 6P devices allows ...) - TODO: check + - android (bug #459219) CVE-2016-6684 (The kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, ...) - TODO: check + - android (bug #459219) CVE-2016-6683 (The kernel in Android before 2016-10-05 on Nexus devices allows ...) - TODO: check + - android (bug #459219) CVE-2016-6682 (drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 driver ...) - TODO: check + - android (bug #459219) CVE-2016-6681 (drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 driver ...) - TODO: check + - android (bug #459219) CVE-2016-6680 (CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android ...) - TODO: check + - android (bug #459219) CVE-2016-6679 (CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in ...) - TODO: check + - android (bug #459219) CVE-2016-6678 (The Motorola USBNet driver in Android before 2016-10-05 on Nexus 6 ...) - TODO: check + - android (bug #459219) CVE-2016-6677 (The NVIDIA GPU driver in Android before 2016-10-05 on Nexus 9 devices ...) - TODO: check + - android (bug #459219) CVE-2016-6676 (Off-by-one error in CORE/HDD/src/wlan_hdd_cfg.c in the Qualcomm Wi-Fi ...) - TODO: check + - android (bug #459219) CVE-2016-6675 (Off-by-one error in CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm ...) - TODO: check + - android (bug #459219) CVE-2016-6674 (system_server in Android before 2016-10-05 on Nexus devices allows ...) - TODO: check + - android (bug #459219) CVE-2016-6673 (The NVIDIA camera driver in Android before 2016-10-05 on Nexus 9 ...) - TODO: check + - android (bug #459219) CVE-2016-6672 (The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus ...) - TODO: check + - android (bug #459219) CVE-2015-8950 (arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used ...) - linux 4.0.4-1 [jessie] - linux 3.16.7-ckt17-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r46257 - data/CVE
Author: mgilbert
Date: 2016-11-17 01:39:04 + (Thu, 17 Nov 2016)
New Revision: 46257
Modified:
data/CVE/list
Log:
nfus
Modified: data/CVE/list
===
--- data/CVE/list 2016-11-16 21:21:15 UTC (rev 46256)
+++ data/CVE/list 2016-11-17 01:39:04 UTC (rev 46257)
@@ -1887,7 +1887,7 @@
CVE-2016-8662
RESERVED
CVE-2016-8661 (Little Snitch version 3.0 through 3.6.1 suffer from a buffer
overflow ...)
- TODO: check
+ NOT-FOR-US: Little Snitch
CVE-2016-8657
RESERVED
CVE-2016-8656
@@ -2182,13 +2182,13 @@
CVE-2016-8584
RESERVED
CVE-2016-8583 (Multiple GET parameters in the vulnerability scan scheduler of
...)
- TODO: check
+ NOT-FOR-US: AlienVault
CVE-2016-8582 (A vulnerability exists in gauge.php of AlienVault OSSIM and USM
before ...)
- TODO: check
+ NOT-FOR-US: AlienVault
CVE-2016-8581 (A persistent XSS vulnerability exists in the User-Agent header
of the ...)
- TODO: check
+ NOT-FOR-US: AlienVault
CVE-2016-8580 (PHP object injection vulnerabilities exist in multiple widget
files in ...)
- TODO: check
+ NOT-FOR-US: AlienVault
CVE-2016-8579 (docker2aci <= 0.12.3 has an infinite loop when handling
local images ...)
- golang-github-appc-docker2aci 0.12.3+dfsg-2 (bug #840711)
NOTE: https://github.com/appc/docker2aci/issues/203
@@ -2968,7 +2968,7 @@
- mysql-5.6 (Only affects MySQL 5.7)
- mysql-5.5 (Only affects MySQL 5.7)
CVE-2016-8285 (Unspecified vulnerability in the PeopleSoft Enterprise HCM
component ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-8284 (Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier
and ...)
- mysql-5.7 5.7.15-1
- mysql-5.6 5.6.34-1 (bug #841049)
@@ -2985,7 +2985,7 @@
CVE-2016-8282
RESERVED
CVE-2016-8281 (Unspecified vulnerability in the Oracle Platform Security for
Java ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-1000244
RESERVED
CVE-2016-1000243
@@ -3261,7 +3261,7 @@
CVE-2016-8204
RESERVED
CVE-2016-8203 (A memory corruption in the IPsec code path of Brocade NetIron
OS on ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2016-8202
RESERVED
CVE-2016-8201
@@ -4075,7 +4075,7 @@
CVE-2016-8101 (The updater subsystem in Intel SSD Toolbox before 3.3.7 allows
local ...)
NOT-FOR-US: Intel SSD Toolbox
CVE-2016-8100 (Intel Integrated Performance Primitives (aka IPP) Cryptography
before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2016-8099
RESERVED
CVE-2016-8098
@@ -4460,9 +4460,9 @@
CVE-2016-7961
RESERVED
CVE-2016-7960 (Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper
format ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2016-7959 (Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores
...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2016-7958
RESERVED
CVE-2016-7957
@@ -4764,7 +4764,7 @@
CVE-2016-7852 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat
Reader DC ...)
NOT-FOR-US: Adobe
CVE-2016-7851 (Adobe Connect version 9.5.6 and earlier does not adequately
validate ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-7850
RESERVED
CVE-2016-7849
@@ -5681,11 +5681,11 @@
CVE-2016-7438
RESERVED
CVE-2016-7437 (SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events
in the ...)
- TODO: check
+ NOT-FOR-US: SAP Netweaver
CVE-2016-7436
RESERVED
CVE-2016-7435 (The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2)
SCTC_REFRESH_CHECK_ENV, and ...)
- TODO: check
+ NOT-FOR-US: SAP Netweaver
CVE-2016-7434
RESERVED
CVE-2016-7433
@@ -5828,7 +5828,7 @@
CVE-2016-7403
RESERVED
CVE-2016-7402 (SAP ASE 16.0 SP02 PL03 and prior versions allow attackers who
own ...)
- TODO: check
+ NOT-FOR-US: SAP ASE
CVE-2016-7401 (The cookie parsing code in Django before 1.8.15 and 1.9.x
before ...)
{DSA-3678-1 DLA-649-1}
- python-django 1:1.10-1 (low)
@@ -6134,155 +6134,155 @@
CVE-2016-7257
RESERVED
CVE-2016-7256 (atmfd.dll in the Windows font library in Microsoft Windows
Vista SP2, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-7255 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows
Server ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-7254 (Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly
perform a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-7253 (The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1,
2014 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-7252 (Microsoft SQL Server 2016 mishandles the FILESTREAM path, which
allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-7251 (Cross-site scripting (XSS) vulnerability in the MDS API in
Microsoft ...)
-
[Secure-testing-commits] r44966 - in data: CVE DSA
Author: mgilbert
Date: 2016-10-02 15:27:58 + (Sun, 02 Oct 2016)
New Revision: 44966
Modified:
data/CVE/list
data/DSA/list
Log:
chromium dsa
Modified: data/CVE/list
===
--- data/CVE/list 2016-10-02 00:43:33 UTC (rev 44965)
+++ data/CVE/list 2016-10-02 15:27:58 UTC (rev 44966)
@@ -10247,14 +10247,15 @@
RESERVED
CVE-2016-5178
RESERVED
- - chromium-browser
+ - chromium-browser 53.0.2785.143-1
[wheezy] - chromium-browser (Not supported in Wheezy)
CVE-2016-5177
RESERVED
- - chromium-browser
+ - chromium-browser 53.0.2785.143-1
[wheezy] - chromium-browser (Not supported in Wheezy)
CVE-2016-5176 (Google Chrome before 53.0.2785.113 allows remote attackers to
bypass ...)
- TODO: check
+ - chromium-browser 53.0.2785.113-1
+ [wheezy] - chromium-browser (Not supported in Wheezy)
CVE-2016-5175 (Multiple unspecified vulnerabilities in Google Chrome before
...)
{DSA-3667-1}
- chromium-browser 53.0.2785.113-1
Modified: data/DSA/list
===
--- data/DSA/list 2016-10-02 00:43:33 UTC (rev 44965)
+++ data/DSA/list 2016-10-02 15:27:58 UTC (rev 44966)
@@ -1,3 +1,6 @@
+[02 Oct 2016] DSA-3683-1 chromium-browser - security update
+ {CVE-2016-5177 CVE-2016-5178}
+ [jessie] - chromium-browser 53.0.2785.143-1~deb8u1
[01 Oct 2016] DSA-3681-2 wordpress - regression update
[jessie] - wordpress 4.1+dfsg-1+deb8u11
[30 Sep 2016] DSA-3682-1 c-ares - security update
@@ -47,7 +50,7 @@
{CVE-2016-6893}
[jessie] - mailman 1:2.1.18-2+deb8u1
[15 Sep 2016] DSA-3667-1 chromium-browser - security update
- {CVE-2016-5170 CVE-2016-5171 CVE-2016-5172 CVE-2016-5173 CVE-2016-5174
CVE-2016-5175 CVE-2016-7395}
+ {CVE-2016-5170 CVE-2016-5171 CVE-2016-5172 CVE-2016-5173 CVE-2016-5174
CVE-2016-5175 CVE-2016-5176 CVE-2016-7395 CVE-2016-7549}
[jessie] - chromium-browser 53.0.2785.113-1~deb8u1
[14 Sep 2016] DSA-3666-1 mysql-5.5 - security update
{CVE-2016-6662}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r44596 - in data: . DSA
Author: mgilbert
Date: 2016-09-15 04:41:01 + (Thu, 15 Sep 2016)
New Revision: 44596
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
chromium dsa
Modified: data/DSA/list
===
--- data/DSA/list 2016-09-15 03:12:45 UTC (rev 44595)
+++ data/DSA/list 2016-09-15 04:41:01 UTC (rev 44596)
@@ -1,3 +1,6 @@
+[15 Sep 2016] DSA-3667-1 chromium-browser - security update
+ {CVE-2016-5170 CVE-2016-5171 CVE-2016-5172 CVE-2016-5173 CVE-2016-5174
CVE-2016-5175 CVE-2016-7395}
+ [jessie] - chromium-browser 53.0.2785.113-1~deb8u1
[14 Sep 2016] DSA-3666-1 mysql-5.5 - security update
{CVE-2016-6662}
[jessie] - mysql-5.5 5.5.52-0+deb8u1
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-09-15 03:12:45 UTC (rev 44595)
+++ data/dsa-needed.txt 2016-09-15 04:41:01 UTC (rev 44596)
@@ -14,8 +14,6 @@
--
389-ds-base
--
-chromium-browser
---
graphicsmagick (luciano)
--
icu
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r44352 - in data: . DSA
Author: mgilbert
Date: 2016-09-05 23:17:19 + (Mon, 05 Sep 2016)
New Revision: 44352
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
chromium dsa
Modified: data/DSA/list
===
--- data/DSA/list 2016-09-05 21:10:14 UTC (rev 44351)
+++ data/DSA/list 2016-09-05 23:17:19 UTC (rev 44352)
@@ -1,3 +1,6 @@
+[05 Sep 2016] DSA-3660-1 chromium-browser - security update
+ {CVE-2016-5147 CVE-2016-5148 CVE-2016-5149 CVE-2016-5150 CVE-2016-5151
CVE-2016-5152 CVE-2016-5153 CVE-2016-5154 CVE-2016-5155 CVE-2016-5156
CVE-2016-5157 CVE-2016-5158 CVE-2016-5159 CVE-2016-5160 CVE-2016-5161
CVE-2016-5162 CVE-2016-5163 CVE-2016-5164 CVE-2016-5165 CVE-2016-5166
CVE-2016-5167}
+ [jessie] - chromium-browser 53.0.2785.89-1~deb8u1
[04 Sep 2016] DSA-3659-1 linux - security update
{CVE-2016-5696 CVE-2016-6136 CVE-2016-6480 CVE-2016-6828}
[jessie] - linux 3.16.36-1+deb8u1
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-09-05 21:10:14 UTC (rev 44351)
+++ data/dsa-needed.txt 2016-09-05 23:17:19 UTC (rev 44352)
@@ -17,8 +17,6 @@
bogofilter
Needs to have updated lexer_v3.c after the flex update
--
-chromium-browser
---
graphicsmagick (luciano)
--
icu
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r44189 - data/CVE
Author: mgilbert Date: 2016-08-27 21:11:35 + (Sat, 27 Aug 2016) New Revision: 44189 Modified: data/CVE/list Log: nfus Modified: data/CVE/list === --- data/CVE/list 2016-08-27 21:10:12 UTC (rev 44188) +++ data/CVE/list 2016-08-27 21:11:35 UTC (rev 44189) @@ -21,7 +21,7 @@ NOTE: fault outcomes. NOTE: Debian does not include INPUTRC by default in /etc/sudoers CVE-2016-7089 (WatchGuard RapidStream appliances allow local users to gain privileges ...) - TODO: check + NOT-FOR-US: WatchGuard CVE-2016-7088 RESERVED CVE-2016-7087 @@ -379,7 +379,7 @@ CVE-2016-6910 RESERVED CVE-2016-6909 (Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before ...) - TODO: check + NOT-FOR-US: Fortinet CVE-2016-6908 RESERVED CVE-2016-6907 @@ -2017,7 +2017,7 @@ CVE-2016-6370 RESERVED CVE-2016-6369 (Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-6368 RESERVED CVE-2016-6367 (Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA ...) @@ -2736,7 +2736,7 @@ RESERVED - lepton 1.2.1-1 (bug #831814) CVE-2016-6231 (Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 ...) - TODO: check + NOT-FOR-US: Kaspersky CVE-2016-6230 RESERVED CVE-2016-6229 @@ -4430,7 +4430,7 @@ CVE-2016-5682 RESERVED CVE-2016-5681 (Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 ...) - TODO: check + NOT-FOR-US: D-Link CVE-2016-5680 RESERVED CVE-2016-5679 @@ -4446,7 +4446,7 @@ CVE-2016-5674 RESERVED CVE-2016-5673 (UltraVNC Repeater before 1300 does not restrict destination IP ...) - TODO: check + NOT-FOR-US: UltraVNC CVE-2016-5672 (Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x ...) - crosswalk (bug #775876) CVE-2016-5671 (Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron ...) @@ -4886,29 +4886,29 @@ CVE-2016-5477 (Unspecified vulnerability in the Oracle GlassFish Server component in ...) - glassfish (Full application server not packaged) CVE-2016-5476 (Unspecified vulnerability in the Oracle Retail Integration Bus ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-5475 (Unspecified vulnerability in the Oracle Retail Service Backbone ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-5474 (Unspecified vulnerability in the Oracle Retail Service Backbone ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-5473 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-5472 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-5471 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...) - TODO: check + NOT-FOR-US: Solaris CVE-2016-5470 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-5469 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-5468 (Unspecified vulnerability in the Siebel UI Framework component in ...) NOT-FOR-US: Oracle Siebel CRM CVE-2016-5467 (Unspecified vulnerability in the PeopleSoft Enterprise FSCM component ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-5466 (Unspecified vulnerability in the Siebel Core - Server Framework ...) NOT-FOR-US: Oracle Siebel CRM CVE-2016-5465 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-5464 (Unspecified vulnerability in the Siebel UI Framework component in ...) NOT-FOR-US: Oracle Siebel CRM CVE-2016-5463 (Unspecified vulnerability in the Siebel UI Framework component in ...) @@ -4922,33 +4922,33 @@ CVE-2016-5459 (Unspecified vulnerability in the Siebel Core - Common Components ...) NOT-FOR-US: Oracle Siebel CRM CVE-2016-5458 (Unspecified vulnerability in the Oracle Communications EAGLE ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-5457 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-5456 (Unspecified vulnerability in the Siebel Core - Server Framework ...) NOT-FOR-US: Oracle Siebel CRM CVE-2016-5455 (Unspecified vulnerability in the Oracle Communications Messaging ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-5454 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...) - TODO: check + NOT-FOR-US: Oracle CVE-2016-5453 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems ...
[Secure-testing-commits] r44123 - data/CVE
Author: mgilbert Date: 2016-08-24 23:57:31 + (Wed, 24 Aug 2016) New Revision: 44123 Modified: data/CVE/list Log: nfus Modified: data/CVE/list === --- data/CVE/list 2016-08-24 21:10:14 UTC (rev 44122) +++ data/CVE/list 2016-08-24 23:57:31 UTC (rev 44123) @@ -1541,7 +1541,7 @@ CVE-2016-6495 RESERVED CVE-2016-6493 (Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix ...) - TODO: check + NOT-FOR-US: Citrix CVE-2016- [bruteforcable challenge responses in unprotected logfile] - mongodb 1:2.6.12-1 (bug #833087) [wheezy] - mongodb 1:2.0.6-1.1+deb7u1 @@ -1917,23 +1917,23 @@ CVE-2016-6368 RESERVED CVE-2016-6367 (Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-6366 (Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-6365 (Cross-site scripting (XSS) vulnerability in Cisco Firepower Management ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-6364 (The User Data Services (UDS) API implementation in Cisco Unified ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-6363 (The rate-limit feature in the 802.11 protocol implementation on Cisco ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-6362 (Cisco Aironet 1800, 2800, and 3800 devices with software before ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-6361 (The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-6360 RESERVED CVE-2016-6359 (Cross-site scripting (XSS) vulnerability in Cisco Transport Gateway ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-6358 RESERVED CVE-2016-6357 @@ -1941,7 +1941,7 @@ CVE-2016-6356 RESERVED CVE-2016-6355 (Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-6353 RESERVED CVE-2016-6348 @@ -2255,7 +2255,7 @@ - xen NOTE: http://xenbits.xen.org/xsa/advisory-182.html CVE-2016-6257 (The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2016-6256 RESERVED CVE-2016-6254 (Heap-based buffer overflow in the parse_packet function in network.c ...) @@ -2735,7 +2735,7 @@ CVE-2016-6205 RESERVED CVE-2016-6204 (Cross-site scripting (XSS) vulnerability in the integrated web server ...) - TODO: check + NOT-FOR-US: Siemens CVE-2016-6203 RESERVED CVE-2016-6202 @@ -2753,9 +2753,9 @@ CVE-2016-6194 RESERVED CVE-2016-6193 (Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with ...) - TODO: check + NOT-FOR-US: Huawei CVE-2016-6192 (Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with ...) - TODO: check + NOT-FOR-US: Huawei CVE-2016-126 RESERVED CVE-2016-125 @@ -2936,7 +2936,7 @@ CVE-2016-6179 RESERVED CVE-2016-6178 (Huawei NE40E and CX600 devices with software before V800R007SPH017; ...) - TODO: check + NOT-FOR-US: Huawei CVE-2016-6177 RESERVED CVE-2016-6176 @@ -2951,7 +2951,7 @@ CVE-2016-6175 RESERVED CVE-2016-6174 (applications/core/modules/front/system/content.php in Invision Power ...) - TODO: check + NOT-FOR-US: Inivision CVE-2016-6169 RESERVED CVE-2016-6168 @@ -3031,23 +3031,23 @@ CVE-2016-6154 RESERVED CVE-2016-6152 (CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated ...) - TODO: check + NOT-FOR-US: eHealth CVE-2016-6151 (CA eHealth 6.2.x allows remote authenticated users to cause a denial ...) - TODO: check + NOT-FOR-US: eHealth CVE-2016-6150 (The multi-tenant database container feature in SAP HANA does not ...) - TODO: check + NOT-FOR-US: SAP HANA CVE-2016-6149 (SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain ...) - TODO: check + NOT-FOR-US: SAP HANA CVE-2016-6148 (SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: SAP HANA CVE-2016-6147 (An unspecified interface in SAP TREX 7.10 Revision 63 allows remote ...) - TODO: check + NOT-FOR-US: SAP TREX CVE-2016-6146 RESERVED CVE-2016-6145 (The SQL interface in SAP HANA provides different error messages for ...) - TODO: check + NOT-FOR-US: SAP HANA CVE-2016-6144 (The SQL interface in SAP HANA before Revision 102 does not limit the ...) - TODO: check + NOT-FOR-US: SAP HANA CVE-2016-6143 RESERVED CVE-2016-6142 @@ -3055,11 +3055,11 @@ CVE-2016-6141 RESERVED CVE-2016-6140 (SAP TREX 7.10 Revision 63 allows remote attackers to write to ...) - T
[Secure-testing-commits] r43874 - in data: . DSA
Author: mgilbert
Date: 2016-08-09 01:03:56 + (Tue, 09 Aug 2016)
New Revision: 43874
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
chromium dsa
Modified: data/DSA/list
===
--- data/DSA/list 2016-08-08 21:10:14 UTC (rev 43873)
+++ data/DSA/list 2016-08-09 01:03:56 UTC (rev 43874)
@@ -1,3 +1,6 @@
+[09 Aug 2016] DSA-3645-1 chromium-browser - security update
+ {CVE-2016-5139 CVE-2016-5140 CVE-2016-5141 CVE-2016-5142 CVE-2016-5143
CVE-2016-5144 CVE-2016-5146}
+ [jessie] - chromium-browser 52.0.2743.116-1~deb8u1
[08 Aug 2016] DSA-3644-1 fontconfig - security update
{CVE-2016-5384}
[jessie] - fontconfig 2.11.0-6.3+deb8u1
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-08-08 21:10:14 UTC (rev 43873)
+++ data/dsa-needed.txt 2016-08-09 01:03:56 UTC (rev 43874)
@@ -14,8 +14,6 @@
--
389-ds-base
--
-chromium-browser
---
flex
let this settle a bit to assess need of further possible fixes
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43682 - in data: . DSA
Author: mgilbert
Date: 2016-07-31 20:48:42 + (Sun, 31 Jul 2016)
New Revision: 43682
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
chromium dsa
Modified: data/DSA/list
===
--- data/DSA/list 2016-07-31 20:31:46 UTC (rev 43681)
+++ data/DSA/list 2016-07-31 20:48:42 UTC (rev 43682)
@@ -1,3 +1,6 @@
+[31 Jul 2016] DSA-3637-1 chromium-browser - security update
+ {CVE-2016-1704 CVE-2016-1705 CVE-2016-1706 CVE-2016-1707 CVE-2016-1708
CVE-2016-1709 CVE-2016-1710 CVE-2016-1711 CVE-2016-5127 CVE-2016-5128
CVE-2016-5129 CVE-2016-5130 CVE-2016-5131 CVE-2016-5132 CVE-2016-5133
CVE-2016-5134 CVE-2016-5135 CVE-2016-5136 CVE-2016-5137}
+ [jessie] - chromium-browser 52.0.2743.82-1~deb8u1
[30 Jul 2016] DSA-3636-1 collectd - security update
{CVE-2016-6254}
[jessie] - collectd 5.4.1-6+deb8u1
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-07-31 20:31:46 UTC (rev 43681)
+++ data/dsa-needed.txt 2016-07-31 20:48:42 UTC (rev 43682)
@@ -14,8 +14,6 @@
--
389-ds-base
--
-chromium-browser
---
flex
let this settle a bit to assess need of further possible fixes
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42313 - data/DSA
Author: mgilbert
Date: 2016-06-04 19:29:44 + (Sat, 04 Jun 2016)
New Revision: 42313
Modified:
data/DSA/list
Log:
add missing chromium CVE
Modified: data/DSA/list
===
--- data/DSA/list 2016-06-04 19:29:33 UTC (rev 42312)
+++ data/DSA/list 2016-06-04 19:29:44 UTC (rev 42313)
@@ -1,5 +1,5 @@
[04 Jun 2016] DSA-3594-1 chromium-browser - security update
- {CVE-2016-1696 CVE-2016-1697 CVE-2016-1698 CVE-2016-1699 CVE-2016-1700
CVE-2016-1701 CVE-2016-1702}
+ {CVE-2016-1696 CVE-2016-1697 CVE-2016-1698 CVE-2016-1699 CVE-2016-1700
CVE-2016-1701 CVE-2016-1702 CVE-2016-1703}
[jessie] - chromium-browser 51.0.2704.79-1~deb8u1
[02 Jun 2016] DSA-3593-1 libxml2 - security update
{CVE-2015-8806 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835
CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840
CVE-2016-2073 CVE-2016-3627 CVE-2016-3705 CVE-2016-4447 CVE-2016-4449
CVE-2016-4483}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42312 - data/CVE
Author: mgilbert
Date: 2016-06-04 19:29:33 + (Sat, 04 Jun 2016)
New Revision: 42312
Modified:
data/CVE/list
Log:
nfus
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-04 17:54:52 UTC (rev 42311)
+++ data/CVE/list 2016-06-04 19:29:33 UTC (rev 42312)
@@ -2197,7 +2197,7 @@
CVE-2016-4501 (Environmental Systems Corporation (ESC) 8832 Data Controller
3.02 and ...)
NOT-FOR-US: Environmental Systems Corporation
CVE-2016-4500 (Moxa UC-7408 LX-Plus devices allow remote authenticated users
to write ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2016-4499 (Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through
7.x ...)
NOT-FOR-US: Panasonic FPWIN Pro
CVE-2016-4498 (Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an
...)
@@ -8341,13 +8341,13 @@
CVE-2016-2354 (The Bluetooth functionality in Lemur Vehicle Monitors
BlueDriver ...)
NOT-FOR-US: Lemur Vehicle Monitors BlueDriver
CVE-2016-2353 (The Accellion File Transfer Appliance (FTA) before FTA_9_12_40
allows ...)
- TODO: check
+ NOT-FOR-US: Accellion
CVE-2016-2352 (The Accellion File Transfer Appliance (FTA) before FTA_9_12_40
allows ...)
- TODO: check
+ NOT-FOR-US: Accellion
CVE-2016-2351 (SQL injection vulnerability in
home/seos/courier/security_key2.api on ...)
- TODO: check
+ NOT-FOR-US: Accellion
CVE-2016-2350 (Multiple cross-site scripting (XSS) vulnerabilities on the
Accellion ...)
- TODO: check
+ NOT-FOR-US: Accellion
CVE-2016-2349
RESERVED
CVE-2016-2348
@@ -8358,7 +8358,7 @@
- lhasa 0.3.1-1
NOTE: http://www.talosintel.com/reports/TALOS-2016-0095/
CVE-2016-2346 (Allround Automations PL/SQL Developer 11 before 11.0.6 relies
on ...)
- TODO: check
+ NOT-FOR-US: Allround Automations
CVE-2016-2345 (Stack-based buffer overflow in dwrcs.exe in the dwmrcs daemon
in ...)
NOT-FOR-US: SolarWinds DameWare Mini Remote Control
CVE-2016-2344 (Stack-based buffer overflow in manager.exe in Backburner
Manager in ...)
@@ -8373,7 +8373,7 @@
CVE-2016-2341
RESERVED
CVE-2016-2340 (The AMF framework in Granite Data Services 3.1.1-SNAPSHOT
allows ...)
- TODO: check
+ NOT-FOR-US: Granite
CVE-2016-2339
RESERVED
CVE-2016-2338
@@ -8391,11 +8391,11 @@
- p7zip 15.14.1+dfsg-2 (bug #824160)
NOTE: http://www.talosintel.com/reports/TALOS-2016-0093/
CVE-2016-2333 (SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway
devices with ...)
- TODO: check
+ NOT-FOR-US: SysLINK
CVE-2016-2332 (flu.cgi in the web interface on SysLINK SL-1000
Machine-to-Machine ...)
- TODO: check
+ NOT-FOR-US: SysLINK
CVE-2016-2331 (The web interface on SysLINK SL-1000 Machine-to-Machine (M2M)
Modular ...)
- TODO: check
+ NOT-FOR-US: SysLINK
CVE-2016-2385 (Heap-based buffer overflow in the encode_msg function in
encode_msg.c ...)
{DSA-3535-1}
- kamailio 4.3.4-2 (bug #815178)
@@ -8599,11 +8599,11 @@
NOTE: FIX
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ed8318ba6a
TODO: check other versions (newest 1.3.23 is vulnerable according to
reporter)
CVE-2016-2311 (Black Box AlertWerks ServSensor with firmware before SP473,
AlertWerks ...)
- TODO: check
+ NOT-FOR-US: AlertWerks
CVE-2016-2310
RESERVED
CVE-2016-2309 (iRZ RUH2 before 2b does not validate firmware patches, which
allows ...)
- TODO: check
+ NOT-FOR-US: iRZ RUH2
CVE-2016-2308
RESERVED
CVE-2016-2307
@@ -8625,17 +8625,17 @@
CVE-2016-2299 (SQL injection vulnerability in Ecava IntegraXor before 5.0
build 4522 ...)
NOT-FOR-US: Ecava IntegraXor
CVE-2016-2298 (Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited
allows ...)
- TODO: check
+ NOT-FOR-US: Meteocontrol
CVE-2016-2297 (Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited
allows ...)
- TODO: check
+ NOT-FOR-US: Meteocontrol
CVE-2016-2296 (Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited
does not ...)
- TODO: check
+ NOT-FOR-US: Meteocontrol
CVE-2016-2295 (Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build
09120714, ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2016-2294 (The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08
and ...)
- TODO: check
+ NOT-FOR-US: Acuvim
CVE-2016-2293 (The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08
and ...)
- TODO: check
+ NOT-FOR-US: Acuvim
CVE-2016-2292 (Stack-based buffer overflow in Pro-face GP-Pro EX EX-ED before
...)
NOT-FOR-US: Pro-face
CVE-2016-2291 (Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before
4.05.000, ...)
@@ -8644,15 +8644,15 @@
NOT-FOR-US: Pro-face
CVE-2016-2289 (Directory traversal vulnerability in ICONICS WebHMI 9 and
earlier ...)
NOT-FOR-US: ICONICS WebHMI
[Secure-testing-commits] r42311 - data/DSA
Author: mgilbert
Date: 2016-06-04 17:54:52 + (Sat, 04 Jun 2016)
New Revision: 42311
Modified:
data/DSA/list
Log:
chromium dsa
Modified: data/DSA/list
===
--- data/DSA/list 2016-06-04 15:27:11 UTC (rev 42310)
+++ data/DSA/list 2016-06-04 17:54:52 UTC (rev 42311)
@@ -1,3 +1,6 @@
+[04 Jun 2016] DSA-3594-1 chromium-browser - security update
+ {CVE-2016-1696 CVE-2016-1697 CVE-2016-1698 CVE-2016-1699 CVE-2016-1700
CVE-2016-1701 CVE-2016-1702}
+ [jessie] - chromium-browser 51.0.2704.79-1~deb8u1
[02 Jun 2016] DSA-3593-1 libxml2 - security update
{CVE-2015-8806 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835
CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840
CVE-2016-2073 CVE-2016-3627 CVE-2016-3705 CVE-2016-4447 CVE-2016-4449
CVE-2016-4483}
[jessie] - libxml2 2.9.1+dfsg1-5+deb8u2
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42207 - data/CVE
Author: mgilbert
Date: 2016-06-01 03:59:54 + (Wed, 01 Jun 2016)
New Revision: 42207
Modified:
data/CVE/list
Log:
nfus
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-01 02:57:12 UTC (rev 42206)
+++ data/CVE/list 2016-06-01 03:59:54 UTC (rev 42207)
@@ -989,9 +989,9 @@
CVE-2010-5326 (The Invoker Servlet on SAP NetWeaver Application Server Java
...)
NOT-FOR-US: SAP
CVE-2016-4785 (The integrated web server in the EN100 Ethernet module before
4.27 on ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2016-4784 (The integrated web server in the EN100 Ethernet module before
4.27 on ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2016-4783 (Cross-site scripting (XSS) vulnerability in Lenovo SHAREit
before ...)
NOT-FOR-US: Lenovo
CVE-2016-4782 (Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows
remote ...)
@@ -1590,7 +1590,7 @@
CVE-2016-4522
RESERVED
CVE-2016-4521 (Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x
before ...)
- TODO: check
+ NOT-FOR-US: Sixnet
CVE-2016-4520
RESERVED
CVE-2016-4519
@@ -1620,17 +1620,17 @@
CVE-2016-4507
RESERVED
CVE-2016-4506 (Cross-site request forgery (CSRF) vulnerability on Resource
Data ...)
- TODO: check
+ NOT-FOR-US: Resource Data Management
CVE-2016-4505 (Resource Data Management (RDM) Intuitive 650 TDB Controller
devices ...)
- TODO: check
+ NOT-FOR-US: Resource Data Management
CVE-2016-4504
RESERVED
CVE-2016-4503
RESERVED
CVE-2016-4502 (Environmental Systems Corporation (ESC) 8832 Data Controller
3.02 and ...)
- TODO: check
+ NOT-FOR-US: Environmental Systems Corporation
CVE-2016-4501 (Environmental Systems Corporation (ESC) 8832 Data Controller
3.02 and ...)
- TODO: check
+ NOT-FOR-US: Environmental Systems Corporation
CVE-2016-4500
RESERVED
CVE-2016-4499 (Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through
7.x ...)
@@ -2673,7 +2673,7 @@
CVE-2016-4119
RESERVED
CVE-2016-4118 (Untrusted search path vulnerability in the add-in installer in
Adobe ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-4117 (Adobe Flash Player 21.0.0.226 and earlier allows remote
attackers to ...)
NOT-FOR-US: Adobe Flash Player
CVE-2016-4116 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and
...)
@@ -2739,7 +2739,7 @@
- gitlab (bug #823290)
NOTE: https://about.gitlab.com/2016/05/02/cve-2016-4340-patches/
CVE-2016-4087 (Huawei S12700 switches with software before V200R008C00SPC500
and ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2016-4086
RESERVED
CVE-2016-4075
@@ -4050,9 +4050,9 @@
CVE-2016-3682
RESERVED
CVE-2016-3681 (Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL
before ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2016-3680 (Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL
before ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2016-3679 (Multiple unspecified vulnerabilities in Google V8 before
4.9.385.33, ...)
- libv8 (unimportant)
NOTE: libv8 not covered by security support
@@ -4096,7 +4096,7 @@
CVE-2016-3665
RESERVED
CVE-2016-3664 (Trend Micro Mobile Security for iOS before 3.2.1188 does not
verify ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2016-3663
RESERVED
CVE-2016-3662
@@ -4219,7 +4219,7 @@
CVE-2016-3629
RESERVED
CVE-2016-3628 (Buffer overflow in tibemsd in the server in TIBCO Enterprise
Message ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2016-3626
RESERVED
CVE-2016-3625 [Out-of-bounds Read occurred in tif_read.c:545 or tif_read.c:402
or tif_read.c:560 in tiff2bw]
@@ -4669,7 +4669,7 @@
CVE-2016-3429 (Unspecified vulnerability in the Oracle Retail Xstore Point of
Service ...)
NOT-FOR-US: Oracle Retail
CVE-2016-3428 (Unspecified vulnerability in the Oracle Agile Engineering Data
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-3427 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and
8u77; ...)
{DSA-3558-1 DLA-451-1}
- openjdk-8 8u91-b14-1
@@ -5166,9 +5166,9 @@
CVE-2016-3189
RESERVED
CVE-2016-3188 (The _prepopulate_request_walk function in the Prepopulate
module ...)
- TODO: check
+ NOT-FOR-US: Prepopulate module for Drupal
CVE-2016-3187 (The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows
remote ...)
- TODO: check
+ NOT-FOR-US: Prepopulate module for Drupal
CVE-2016-3186 (Buffer overflow in the readextension function in gif2tiff.c in
LibTIFF ...)
- tiff (bug #819972)
[jessie] - tiff (Minor issue)
@@ -5299,7 +5299,7 @@
CVE-2016-3127
RESERVED
CVE-2016-3126 (Cross-site scripting (XSS) vulnerability in the Management
Console in ...)
- TODO: check
+
[Secure-testing-commits] r42206 - in data: . DSA
Author: mgilbert
Date: 2016-06-01 02:57:12 + (Wed, 01 Jun 2016)
New Revision: 42206
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
chromium dsa
Modified: data/DSA/list
===
--- data/DSA/list 2016-06-01 00:57:08 UTC (rev 42205)
+++ data/DSA/list 2016-06-01 02:57:12 UTC (rev 42206)
@@ -1,3 +1,6 @@
+[01 Jun 2016] DSA-3590-1 chromium-browser - security update
+ {CVE-2016-1667 CVE-2016-1668 CVE-2016-1669 CVE-2016-1670 CVE-2016-1672
CVE-2016-1673 CVE-2016-1674 CVE-2016-1675 CVE-2016-1676 CVE-2016-1677
CVE-2016-1678 CVE-2016-1679 CVE-2016-1680 CVE-2016-1681 CVE-2016-1682
CVE-2016-1683 CVE-2016-1684 CVE-2016-1685 CVE-2016-1686 CVE-2016-1687
CVE-2016-1688 CVE-2016-1689 CVE-2016-1690 CVE-2016-1691 CVE-2016-1692
CVE-2016-1693 CVE-2016-1694 CVE-2016-1695}
+ [jessie] - chromium-browser 51.0.2704.63-1~deb8u1
[30 May 2016] DSA-3589-1 gdk-pixbuf - security update
{CVE-2015-7552 CVE-2015-8875}
[jessie] - gdk-pixbuf 2.31.1-2+deb8u5
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-06-01 00:57:08 UTC (rev 42205)
+++ data/dsa-needed.txt 2016-06-01 02:57:12 UTC (rev 42206)
@@ -14,8 +14,6 @@
--
389-ds-base
--
-chromium-browser
---
graphicsmagick
--
icu
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41347 - data/DSA
Author: mgilbert
Date: 2016-05-02 12:25:13 + (Mon, 02 May 2016)
New Revision: 41347
Modified:
data/DSA/list
Log:
chromium dsa
Modified: data/DSA/list
===
--- data/DSA/list 2016-05-02 05:37:26 UTC (rev 41346)
+++ data/DSA/list 2016-05-02 12:25:13 UTC (rev 41347)
@@ -1,3 +1,5 @@
+[02 May 2016] DSA-3564-1 chromium-browser - security update
+ {CVE-2016-1660 CVE-2016-1661 CVE-2016-1662 CVE-2016-1663 CVE-2016-1664
CVE-2016-1665 CVE-2016-1666}
[01 May 2016] DSA-3563-1 poppler - security update
{CVE-2015-8868}
[jessie] - poppler 0.26.5-2+deb8u1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40952 - in data: . DSA
Author: mgilbert
Date: 2016-04-15 11:58:41 + (Fri, 15 Apr 2016)
New Revision: 40952
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
chromium dsa
Modified: data/DSA/list
===
--- data/DSA/list 2016-04-15 09:10:16 UTC (rev 40951)
+++ data/DSA/list 2016-04-15 11:58:41 UTC (rev 40952)
@@ -1,3 +1,6 @@
+[15 Apr 2016] DSA-3549-1 chromium-browser - security update
+ {CVE-2016-1651 CVE-2016-1652 CVE-2016-1653 CVE-2016-1654 CVE-2016-1655
CVE-2016-1657 CVE-2016-1658 CVE-2016-1659}
+ [jessie] - chromium-browser 50.0.2661.75-1~deb8u1
[14 Apr 2016] DSA-3548-2 samba - regression update
[jessie] - samba 2:4.2.10+dfsg-0+deb8u2
[13 Apr 2016] DSA-3548-1 samba - security update
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-04-15 09:10:16 UTC (rev 40951)
+++ data/dsa-needed.txt 2016-04-15 11:58:41 UTC (rev 40952)
@@ -19,8 +19,6 @@
--
botan1.10
--
-chromium-browser
---
extplorer/oldstable (Thorsten Alteholz)
NOTE: .debdiff sent to the Security Team, waiting for feedback
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40583 - data/DSA
Author: mgilbert
Date: 2016-03-26 04:17:56 + (Sat, 26 Mar 2016)
New Revision: 40583
Modified:
data/DSA/list
Log:
fix typo
Modified: data/DSA/list
===
--- data/DSA/list 2016-03-26 03:26:21 UTC (rev 40582)
+++ data/DSA/list 2016-03-26 04:17:56 UTC (rev 40583)
@@ -1,6 +1,6 @@
-[25 Mar 2016] DSA-3531-1 chromum-browser - security update
+[25 Mar 2016] DSA-3531-1 chromium-browser - security update
{CVE-2016-1646 CVE-2016-1647 CVE-2016-1648 CVE-2016-1649 CVE-2016-1650}
- [jessie] - chromum-browser 49.0.2623.108-1~deb8u1
+ [jessie] - chromium-browser 49.0.2623.108-1~deb8u1
[25 Mar 2016] DSA-3530-1 tomcat6 - security update
{CVE-2013-4286 CVE-2013-4322 CVE-2013-4590 CVE-2014-0033 CVE-2014-0075
CVE-2014-0096 CVE-2014-0099 CVE-2014-0119 CVE-2014-0227 CVE-2014-0230
CVE-2014-7810 CVE-2015-5174 CVE-2015-5345 CVE-2015-5346 CVE-2015-5351
CVE-2016-0706 CVE-2016-0714 CVE-2016-0763}
[wheezy] - tomcat6 6.0.45+dfsg-1~deb7u1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40582 - data/DSA
Author: mgilbert
Date: 2016-03-26 03:26:21 + (Sat, 26 Mar 2016)
New Revision: 40582
Modified:
data/DSA/list
Log:
chromium dsa
Modified: data/DSA/list
===
--- data/DSA/list 2016-03-25 21:10:11 UTC (rev 40581)
+++ data/DSA/list 2016-03-26 03:26:21 UTC (rev 40582)
@@ -1,3 +1,6 @@
+[25 Mar 2016] DSA-3531-1 chromum-browser - security update
+ {CVE-2016-1646 CVE-2016-1647 CVE-2016-1648 CVE-2016-1649 CVE-2016-1650}
+ [jessie] - chromum-browser 49.0.2623.108-1~deb8u1
[25 Mar 2016] DSA-3530-1 tomcat6 - security update
{CVE-2013-4286 CVE-2013-4322 CVE-2013-4590 CVE-2014-0033 CVE-2014-0075
CVE-2014-0096 CVE-2014-0099 CVE-2014-0119 CVE-2014-0227 CVE-2014-0230
CVE-2014-7810 CVE-2015-5174 CVE-2015-5345 CVE-2015-5346 CVE-2015-5351
CVE-2016-0706 CVE-2016-0714 CVE-2016-0763}
[wheezy] - tomcat6 6.0.45+dfsg-1~deb7u1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40316 - data/CVE
Author: mgilbert Date: 2016-03-11 02:39:38 + (Fri, 11 Mar 2016) New Revision: 40316 Modified: data/CVE/list Log: nfus Modified: data/CVE/list === --- data/CVE/list 2016-03-10 22:38:47 UTC (rev 40315) +++ data/CVE/list 2016-03-11 02:39:38 UTC (rev 40316) @@ -8803,17 +8803,17 @@ CVE-2016-0135 RESERVED CVE-2016-0134 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0133 (The USB Mass Storage Class driver in Microsoft Windows Vista SP2, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0132 (Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0131 RESERVED CVE-2016-0130 (Microsoft Edge allows remote attackers to execute arbitrary code or ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0129 (Microsoft Edge allows remote attackers to execute arbitrary code or ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0128 RESERVED CVE-2016-0127 @@ -8821,75 +8821,75 @@ CVE-2016-0126 RESERVED CVE-2016-0125 (Microsoft Edge mishandles the Referer policy, which allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0124 (Microsoft Edge allows remote attackers to execute arbitrary code or ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0123 (Microsoft Edge allows remote attackers to execute arbitrary code or ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0122 RESERVED CVE-2016-0121 (The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0120 (The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0119 RESERVED CVE-2016-0118 (The PDF library in Microsoft Windows 10 Gold and 1511 allows remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0117 (The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0116 (Microsoft Edge allows remote attackers to execute arbitrary code or ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0115 RESERVED CVE-2016-0114 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0113 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0112 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0111 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0110 (Microsoft Internet Explorer 10 through 11 and Microsoft Edge allow ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0109 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0108 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0107 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0106 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0105 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0104 (Microsoft Internet Explorer 10 allows remote attackers to execute ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0103 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0102 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0101 (Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0100 (Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle library ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0099 (The Secondary Logon Service in Microsoft Windows Vista SP2, Windows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0098 (Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0097 RESERVED CVE-2016-0096 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0095 (The ker
[Secure-testing-commits] r40299 - in data: . DSA
Author: mgilbert
Date: 2016-03-10 13:42:31 + (Thu, 10 Mar 2016)
New Revision: 40299
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
chromium dsa
Modified: data/DSA/list
===
--- data/DSA/list 2016-03-10 13:33:01 UTC (rev 40298)
+++ data/DSA/list 2016-03-10 13:42:31 UTC (rev 40299)
@@ -1,3 +1,6 @@
+[10 Mar 2016] DSA-3513-1 chromium-browser - security update
+ {CVE-2016-1643 CVE-2016-1644 CVE-2016-1645}
+ [jessie] - chromium-browser 49.0.2623.87-1~deb8u1
[09 Mar 2016] DSA-3512-1 libotr - security update
{CVE-2016-2851}
[wheezy] - libotr 3.2.1-1+deb7u2
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-03-10 13:33:01 UTC (rev 40298)
+++ data/dsa-needed.txt 2016-03-10 13:42:31 UTC (rev 40299)
@@ -21,8 +21,6 @@
--
botan1.10
--
-chromium-browser
---
exim4
NOTE: maintainer and upstream pinged about possible issues in original patch
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40276 - in data: CVE DSA
Author: mgilbert
Date: 2016-03-09 20:36:50 + (Wed, 09 Mar 2016)
New Revision: 40276
Modified:
data/CVE/list
data/DSA/list
Log:
bind dsa
Modified: data/CVE/list
===
--- data/CVE/list 2016-03-09 18:58:03 UTC (rev 40275)
+++ data/CVE/list 2016-03-09 20:36:50 UTC (rev 40276)
@@ -2569,6 +2569,9 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/01/29/2
NOTE: Introduced by:
http://git.qemu.org/?p=qemu.git;a=commit;h=fc3d8e1138cd0c843d6fd75272633a31be6554ef
(v2.3.0-rc2)
CVE-2016-2088
+ - bind9
+ [wheezy] - bind9 (introduced in bind 9.10)
+ [jessie] - bind9 (introduced in bind 9.10)
RESERVED
CVE-2016-2087
RESERVED
@@ -4905,8 +4908,10 @@
CVE-2016-1287 (Buffer overflow in the IKEv1 and IKEv2 implementations in Cisco
ASA ...)
NOT-FOR-US: Cisco ASA
CVE-2016-1286
+ - bind9
RESERVED
CVE-2016-1285
+ - bind9
RESERVED
CVE-2016-1284 (rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S
before ...)
- bind9 (Only Supported Preview Edition/Subscription
Edition)
Modified: data/DSA/list
===
--- data/DSA/list 2016-03-09 18:58:03 UTC (rev 40275)
+++ data/DSA/list 2016-03-09 20:36:50 UTC (rev 40276)
@@ -1,3 +1,7 @@
+[09 Mar 2016] DSA-3511-1 bind9 - security update
+ {CVE-2016-1285 CVE-2016-1286}
+ [wheezy] - bind9 9.8.4.dfsg.P1-6+nmu2+deb7u10
+ [jessie] - bind9 9.9.5.dfsg-9+deb8u6
[09 Mar 2016] DSA-3510-1 iceweasel - security update
{CVE-2016-1950 CVE-2016-1952 CVE-2016-1954 CVE-2016-1957 CVE-2016-1958
CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1964 CVE-2016-1965
CVE-2016-1966 CVE-2016-1974 CVE-2016-1977 CVE-2016-2790 CVE-2016-2791
CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796
CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801
CVE-2016-2802}
[wheezy] - iceweasel 38.7.0esr-1~deb7u1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40219 - data/CVE
Author: mgilbert Date: 2016-03-08 05:26:32 + (Tue, 08 Mar 2016) New Revision: 40219 Modified: data/CVE/list Log: nfus Modified: data/CVE/list === --- data/CVE/list 2016-03-08 05:24:05 UTC (rev 40218) +++ data/CVE/list 2016-03-08 05:26:32 UTC (rev 40219) @@ -1335,7 +1335,7 @@ CVE-2016-2399 RESERVED CVE-2016-2398 (Comcast XFINITY Home Security System does not properly maintain ...) - TODO: check + NOT-FOR-US: XFINITY CVE-2016-2397 (The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA ...) NOT-FOR-US: Dell CVE-2016-2396 (The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, ...) @@ -1791,9 +1791,9 @@ CVE-2016-2280 RESERVED CVE-2016-2279 (Cross-site scripting (XSS) vulnerability in the web server in Rockwell ...) - TODO: check + NOT-FOR-US: CompactLogix CVE-2016-2278 (Schneider Electric Struxureware Building Operations Automation Server ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2016-2277 RESERVED CVE-2016-2276 @@ -2005,7 +2005,7 @@ CVE-2016-2215 RESERVED CVE-2016-2214 (Cross-site scripting (XSS) vulnerability in an unspecified portal ...) - TODO: check + NOT-FOR-US: Huawei CVE-2016-2212 RESERVED CVE-2016-2211 @@ -2643,7 +2643,7 @@ [squeeze] - python-django (Only affects 1.9) NOTE: https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189/ CVE-2016-2046 (Cross-site scripting (XSS) vulnerability in the UserPortal page in ...) - TODO: check + NOT-FOR-US: SOPHOS CVE-2016-2045 (Cross-site scripting (XSS) vulnerability in the SQL editor in ...) - phpmyadmin 4:4.5.4-1 [squeeze] - phpmyadmin (vulnerable code not present) @@ -3051,7 +3051,7 @@ NOTE: https://bugs.linuxfoundation.org/show_bug.cgi?id=1336 NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7431 CVE-2016-1926 (Cross-site scripting (XSS) vulnerability in the charts module in ...) - TODO: check + NOT-FOR-US: Greenbone Security Assistant CVE-2016-1921 RESERVED CVE-2016-1918 @@ -3065,7 +3065,7 @@ CVE-2016-1914 RESERVED CVE-2016-1913 (Multiple cross-site scripting (XSS) vulnerabilities in the Redhen ...) - TODO: check + NOT-FOR-US: Redhen module for Drupal CVE-2016-1912 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ...) - dolibarr 3.5.8+dfsg1-1 (bug #812496) [jessie] - dolibarr (Minor issue) @@ -3075,7 +3075,7 @@ CVE-2016-1910 (The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers ...) NOT-FOR-US: SAP CVE-2016-1909 (FortiOS 4.x before 4.3.17 and 5.0.x before 5.0.8 has a hardcoded ...) - TODO: check + NOT-FOR-US: FortiOS CVE-2015-8775 RESERVED CVE-2015-8774 @@ -4042,7 +4042,7 @@ CVE-2016-1566 RESERVED CVE-2016-1565 (Cross-site scripting (XSS) vulnerability in the Field Group module ...) - TODO: check + NOT-FOR-US: Field Group module for Drupal CVE-2015-8768 RESERVED NOT-FOR-US: Click package manager @@ -4050,9 +4050,9 @@ CVE-2015-8766 (Multiple cross-site scripting (XSS) vulnerabilities in ...) TODO: check CVE-2015-8765 (Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, ...) - TODO: check + NOT-FOR-US: McAfee CVE-2015-8761 (The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly ...) - TODO: check + NOT-FOR-US: Values module for Drupal CVE-2015-8760 (The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote ...) TODO: check CVE-2015-8759 (Cross-site scripting (XSS) vulnerability in the typoLink function in ...) @@ -4066,9 +4066,9 @@ CVE-2015-8755 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified ...) TODO: check CVE-2015-8754 (The Mollom module 6.x-2.7 before 6.x-2.15 for Drupal allows remote ...) - TODO: check + NOT-FOR-US: Mollom module for Drupal CVE-2015-8753 (SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization ...) - TODO: check + NOT-FOR-US: SAP Afaria CVE-2015-8752 RESERVED CVE-2016-1714 [nvram: OOB r/w access in processing firmware configurations] @@ -4324,17 +4324,17 @@ [jessie] - owncloud 7.0.4+dfsg-4~deb8u4 NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-001 CVE-2016-1493 (Intel Driver Update Utility before 2.4 retrieves driver updates in ...) - TODO: check + NOT-FOR-US: Intel Driver Update Utility CVE-2016-1492 (The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2016-1491 (The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2016-1490 (The Wifi hotspot in Lenovo SHAREit befor
[Secure-testing-commits] r40183 - in data: . DSA
Author: mgilbert
Date: 2016-03-05 20:58:57 + (Sat, 05 Mar 2016)
New Revision: 40183
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
chromium dsa
Modified: data/DSA/list
===
--- data/DSA/list 2016-03-05 20:53:13 UTC (rev 40182)
+++ data/DSA/list 2016-03-05 20:58:57 UTC (rev 40183)
@@ -1,3 +1,6 @@
+[05 Mar 2016] DSA-3507-1 chromium-browser - security update
+ {CVE-2015-8126 CVE-2016-1630 CVE-2016-1631 CVE-2016-1632 CVE-2016-1633
CVE-2016-1634 CVE-2016-1635 CVE-2016-1636 CVE-2016-1637 CVE-2016-1638
CVE-2016-1639 CVE-2016-1640 CVE-2016-1641 CVE-2016-1642}
+ [jessie] - chromium-browser 49.0.2623.75-1~deb8u1
[04 Mar 2016] DSA-3506-1 libav - security update
{CVE-2016-1897 CVE-2016-1898 CVE-2016-2326}
[wheezy] - libav 6:0.8.17-2
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-03-05 20:53:13 UTC (rev 40182)
+++ data/dsa-needed.txt 2016-03-05 20:58:57 UTC (rev 40183)
@@ -21,8 +21,6 @@
--
botan1.10
--
-chromium-browser
---
exim4
--
gosa/oldstable (Mike Gabriel)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40039 - data/CVE
Author: mgilbert
Date: 2016-02-28 23:43:04 + (Sun, 28 Feb 2016)
New Revision: 40039
Modified:
data/CVE/list
Log:
openjpeg issues in chromium
Modified: data/CVE/list
===
--- data/CVE/list 2016-02-28 23:42:55 UTC (rev 40038)
+++ data/CVE/list 2016-02-28 23:43:04 UTC (rev 40039)
@@ -2954,6 +2954,7 @@
[squeeze] - chromium-browser (Not supported in Squeeze
LTS)
CVE-2016-1628 (pi.c in OpenJPEG, as used in PDFium in Google Chrome before ...)
{DSA-3486-1}
+ - openjpeg
- chromium-browser 48.0.2564.116-1
[wheezy] - chromium-browser (Not supported in Wheezy)
[squeeze] - chromium-browser (Not supported in Squeeze
LTS)
@@ -2964,6 +2965,7 @@
[squeeze] - chromium-browser (Not supported in Squeeze
LTS)
CVE-2016-1626 (The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as
used in ...)
{DSA-3486-1}
+ - openjpeg
- chromium-browser 48.0.2564.116-1
[wheezy] - chromium-browser (Not supported in Wheezy)
[squeeze] - chromium-browser (Not supported in Squeeze
LTS)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40038 - data/CVE
Author: mgilbert Date: 2016-02-28 23:42:55 + (Sun, 28 Feb 2016) New Revision: 40038 Modified: data/CVE/list Log: wine issue Modified: data/CVE/list === --- data/CVE/list 2016-02-28 22:32:11 UTC (rev 40037) +++ data/CVE/list 2016-02-28 23:42:55 UTC (rev 40038) @@ -1,3 +1,9 @@ +CVE-2016- [unsafe use of /tmp] + - wine (low; bug #816034) + - wine-development (low; bug #816034) + [wheezy] - wine (Minor issue) + [jessie] - wine (Minor issue) + [jessie] - wine-development (Minor issue) CVE-2016- [remote memory disclosure] - node-ws 1.0.1+ds1.e6ddaae4-1 (unimportant) NOTE: fixed in 1.0.1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39801 - data/DSA
Author: mgilbert
Date: 2016-02-21 21:45:04 + (Sun, 21 Feb 2016)
New Revision: 39801
Modified:
data/DSA/list
Log:
chromium dsa
Modified: data/DSA/list
===
--- data/DSA/list 2016-02-21 21:10:12 UTC (rev 39800)
+++ data/DSA/list 2016-02-21 21:45:04 UTC (rev 39801)
@@ -1,3 +1,6 @@
+[21 Feb 2016] DSA-3486-1 chromium-browser - security update
+ {CVE-2016-1622 CVE-2016-1623 CVE-2016-1624 CVE-2016-1625 CVE-2016-1626
CVE-2016-1627 CVE-2016-1628 CVE-2016-1629}
+ [jessie] - chromium-browser 48.0.2564.116-1~deb8u1
[20 Feb 2016] DSA-3485-1 didiwiki - security update
{CVE-2013-7448}
[wheezy] - didiwiki 0.5-11+deb7u1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39231 - in data: . DSA
Author: mgilbert
Date: 2016-01-27 12:57:35 + (Wed, 27 Jan 2016)
New Revision: 39231
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
chromium dsa
Modified: data/DSA/list
===
--- data/DSA/list 2016-01-27 12:00:07 UTC (rev 39230)
+++ data/DSA/list 2016-01-27 12:57:35 UTC (rev 39231)
@@ -1,3 +1,6 @@
+[27 Jan 2016] DSA-3456-1 chromium-browser - security update
+ {CVE-2015-6792 CVE-2016-1612 CVE-2016-1613 CVE-2016-1614 CVE-2016-1615
CVE-2016-1616 CVE-2016-1617 CVE-2016-1618 CVE-2016-1619 CVE-2016-1620}
+ [jessie] - chromium-browser 48.0.2564.82-1~deb8u1
[27 Jan 2016] DSA-3455-1 curl - security update
{CVE-2016-0755}
[jessie] - curl 7.38.0-4+deb8u3
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-01-27 12:00:07 UTC (rev 39230)
+++ data/dsa-needed.txt 2016-01-27 12:57:35 UTC (rev 39231)
@@ -22,8 +22,6 @@
cacti
Maintainer proposed debdiffs, needs review and ack
--
-chromium-browser
---
icedtea-web
--
iceweasel (jmm)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39006 - data/CVE
Author: mgilbert Date: 2016-01-18 22:47:24 + (Mon, 18 Jan 2016) New Revision: 39006 Modified: data/CVE/list Log: chromium issue fixed Modified: data/CVE/list === --- data/CVE/list 2016-01-18 21:10:17 UTC (rev 39005) +++ data/CVE/list 2016-01-18 22:47:24 UTC (rev 39006) @@ -9944,7 +9944,7 @@ CVE-2015-6793 RESERVED CVE-2015-6792 (The MIDI subsystem in Google Chrome before 47.0.2526.106 does not ...) - - chromium-browser + - chromium-browser 47.0.2526.111-1 [wheezy] - chromium-browser [squeeze] - chromium-browser NOTE: http://googlechromereleases.blogspot.de/2015/12/stable-channel-update_15.html ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38810 - in data: . DSA
Author: mgilbert
Date: 2016-01-10 03:19:48 + (Sun, 10 Jan 2016)
New Revision: 38810
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
xscreensaver dsa
Modified: data/DSA/list
===
--- data/DSA/list 2016-01-09 21:10:12 UTC (rev 38809)
+++ data/DSA/list 2016-01-10 03:19:48 UTC (rev 38810)
@@ -1,3 +1,7 @@
+[09 Jan 2016] DSA-3438-1 xscreensaver - security update
+ {CVE-2015-8025}
+ [wheezy] - xscreensaver 5.15-3+deb7u1
+ [jessie] - xscreensaver 5.30-1+deb8u1
[09 Jan 2016] DSA-3437-1 gnutls26 - security update
{CVE-2015-7575}
[wheezy] - gnutls26 2.12.20-8+deb7u5
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-01-09 21:10:12 UTC (rev 38809)
+++ data/dsa-needed.txt 2016-01-10 03:19:48 UTC (rev 38810)
@@ -88,5 +88,3 @@
wordpress
Maintainer sent debdiffs for wheezy- and jessie-security pending for review
and ack
--
-xscreensaver (anarcat)
- mgilbert mentioned in bug report to take care of the DSA
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38437 - data/CVE
Author: mgilbert Date: 2015-12-19 21:43:52 + (Sat, 19 Dec 2015) New Revision: 38437 Modified: data/CVE/list Log: nfus Modified: data/CVE/list === --- data/CVE/list 2015-12-19 21:38:58 UTC (rev 38436) +++ data/CVE/list 2015-12-19 21:43:52 UTC (rev 38437) @@ -127,11 +127,11 @@ CVE-2015-8603 RESERVED CVE-2015-8602 (The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does ...) - TODO: check + NOT-FOR-US: Token Insert Entity module for Drupal CVE-2015-8601 (The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not ...) - TODO: check + NOT-FOR-US: Chat Room module for Drupal CVE-2015-8600 (The SysAdminWebTool servlets in SAP Mobile Platform allow remote ...) - TODO: check + NOT-FOR-US: SAP CVE-2015-8599 RESERVED CVE-2015-8598 @@ -4231,7 +4231,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2015/10/13/6 NOTE: (unreplied so far) CVE-2015-7808 (The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 ...) - TODO: check + NOT-FOR-US: vBulletin CVE-2015-7807 RESERVED CVE-2015-7806 @@ -5327,7 +5327,7 @@ CVE-2015-7395 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 ...) NOT-FOR-US: IBM CVE-2015-7394 (The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link ...) - TODO: check + NOT-FOR-US: BIG-IQ CVE-2015-7393 RESERVED CVE-2015-7392 (Heap-based buffer overflow in the parse_string function in ...) @@ -5440,7 +5440,7 @@ CVE-2015-7349 RESERVED CVE-2015-7348 (Cross-site scripting (XSS) vulnerability in zTree 3.5.19.1 and ...) - TODO: check + NOT-FOR-US: zTree CVE-2015-7347 RESERVED CVE-2015-7346 @@ -5491,9 +5491,9 @@ CVE-2015-7324 RESERVED CVE-2015-7323 (The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure ...) - TODO: check + NOT-FOR-US: Pulse Connect Secure CVE-2015-7322 (The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure ...) - TODO: check + NOT-FOR-US: Pulse Connect Secure CVE-2015-7321 RESERVED CVE-2015-7320 (Multiple cross-site scripting (XSS) vulnerabilities in ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38422 - data/CVE
Author: mgilbert Date: 2015-12-18 23:28:25 + (Fri, 18 Dec 2015) New Revision: 38422 Modified: data/CVE/list Log: nfus Modified: data/CVE/list === --- data/CVE/list 2015-12-18 21:55:08 UTC (rev 38421) +++ data/CVE/list 2015-12-18 23:28:25 UTC (rev 38422) @@ -393,15 +393,15 @@ CVE-2015-8582 RESERVED CVE-2015-8581 (The EjbObjectInputStream class in Apache TomEE allows remote attackers ...) - TODO: check + NOT-FOR-US: Apache TomEE CVE-2015-8580 (Multiple use-after-free vulnerabilities in the (1) Print method and ...) - TODO: check + NOT-FOR-US: Foxit CVE-2015-8579 (Kaspersky Total Security 2015 15.0.2.361 allocates memory with Read, ...) - TODO: check + NOT-FOR-US: Kaspersky CVE-2015-8578 (AVG Internet Security 2015 allocates memory with Read, Write, Execute ...) - TODO: check + NOT-FOR-US: AVG CVE-2015-8577 (The Buffer Overflow Protection (BOP) feature in McAfee VirusScan ...) - TODO: check + NOT-FOR-US: McAfee CVE-2015-8576 RESERVED CVE-2015-8574 @@ -413,28 +413,28 @@ [squeeze] - xen (Unsupported in Squeeze LTS) NOTE: http://xenbits.xen.org/xsa/advisory-166.html CVE-2015-8572 (Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2015-8571 (Integer overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2 ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2015-8570 (The password reset functionality in Lepide Active Directory Self ...) - TODO: check + NOT-FOR-US: Lepide CVE-2015-8575 [sco_sock_bind issue] RESERVED - linux - linux-2.6 NOTE: pstream commit (not yet in Linus tree): http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=5233252fce714053f0151680933571a2da9cbfb4 CVE-2015-8566 (The Session package 1.x before 1.3.1 for Joomla! Framework allows ...) - TODO: check + NOT-FOR-US: Session package for Joomla CVE-2015-8565 (Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and ...) - TODO: check + NOT-FOR-US: Joomla CVE-2015-8564 (Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows ...) - TODO: check + NOT-FOR-US: Joomla CVE-2015-8563 (Cross-site request forgery (CSRF) vulnerability in the com_templates ...) - TODO: check + NOT-FOR-US: Joomla CVE-2015-8562 (Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to ...) - TODO: check + NOT-FOR-US: Joomla CVE-2015-8561 (The F1BookView ActiveX control in F1 Bookview in Schneider Electric ...) - TODO: check + NOT-FOR-US: F1BookView CVE-2015-8555 [information leak in legacy x86 FPU/XMM initialization] RESERVED - xen @@ -2279,7 +2279,7 @@ CVE-2015-8421 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...) NOT-FOR-US: Adobe Flash CVE-2015-8420 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2015-8419 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...) NOT-FOR-US: Adobe Flash CVE-2015-8418 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...) @@ -2295,7 +2295,7 @@ CVE-2015-8413 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...) NOT-FOR-US: Adobe Flash CVE-2015-8412 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2015-8411 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...) NOT-FOR-US: Adobe Flash CVE-2015-8410 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...) @@ -2424,9 +2424,9 @@ CVE-2015-8359 RESERVED CVE-2015-8358 (Directory traversal vulnerability in the bitrix.mpbuilder module ...) - TODO: check + NOT-FOR-US: Bitrix CVE-2015-8357 (Directory traversal vulnerability in the bitrix.xscan module before ...) - TODO: check + NOT-FOR-US: Bitrix CVE-2015-8356 RESERVED CVE-2015-8355 @@ -2756,7 +2756,7 @@ CVE-2015-8248 RESERVED CVE-2015-8247 (Cross-site scripting (XSS) vulnerability in synnefoclient in Synnefo ...) - TODO: check + NOT-FOR-US: Synnefo CVE-2015-8246 RESERVED CVE-2015-8245 @@ -3716,7 +3716,7 @@ CVE-2015-7919 RESERVED CVE-2015-7918 (Multiple buffer overflows in the F1BookView ActiveX control in F1 ...) - TODO: check + NOT-FOR-US: F1BookView CVE-2015-7917 RESERVED CVE-2015-7916 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38341 - data/DSA
Author: mgilbert
Date: 2015-12-16 03:04:55 + (Wed, 16 Dec 2015)
New Revision: 38341
Modified:
data/DSA/list
Log:
new libv8 issue was fixed in chromium dsa
Modified: data/DSA/list
===
--- data/DSA/list 2015-12-15 22:33:39 UTC (rev 38340)
+++ data/DSA/list 2015-12-16 03:04:55 UTC (rev 38341)
@@ -6,7 +6,7 @@
{CVE-2015-8560}
[jessie] - cups-filters 1.0.61-5+deb8u3
[14 Dec 2015] DSA-3418-1 chromium-browser - security update
- {CVE-2015-6788 CVE-2015-6789 CVE-2015-6790 CVE-2015-6791}
+ {CVE-2015-6788 CVE-2015-6789 CVE-2015-6790 CVE-2015-6791 CVE-2015-8548}
[jessie] - chromium-browser 47.0.2526.80-1~deb8u1
[14 Dec 2015] DSA-3417-1 bouncycastle - security update
{CVE-2015-7940}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38291 - data/CVE
Author: mgilbert Date: 2015-12-15 03:25:08 + (Tue, 15 Dec 2015) New Revision: 38291 Modified: data/CVE/list Log: chromium issue fixed Modified: data/CVE/list === --- data/CVE/list 2015-12-15 03:05:47 UTC (rev 38290) +++ data/CVE/list 2015-12-15 03:25:08 UTC (rev 38291) @@ -9206,7 +9206,7 @@ NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b6878d9e03043695dbf3fa1caa6dfc09db225b16 (v4.2-rc6) NOTE: http://www.openwall.com/lists/oss-security/2015/07/28/2 CVE-2015- [chromium url spoofing issue] - - chromium-browser (low) + - chromium-browser 47.0.2526.73-1 (low) [jessie] - chromium-browser (minor issue) [wheezy] - chromium-browser [squeeze] - chromium-browser ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38290 - data/CVE
Author: mgilbert Date: 2015-12-15 03:05:47 + (Tue, 15 Dec 2015) New Revision: 38290 Modified: data/CVE/list Log: nfus Modified: data/CVE/list === --- data/CVE/list 2015-12-15 02:11:56 UTC (rev 38289) +++ data/CVE/list 2015-12-15 03:05:47 UTC (rev 38290) @@ -16,7 +16,7 @@ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/12/14/6 TODO: check CVE-2015-8548 (Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as ...) - TODO: check + - chromium-browser 47.0.2526.80-1 CVE-2015-8546 RESERVED CVE-2015-8545 @@ -1146,11 +1146,11 @@ CVE-2015-8508 RESERVED CVE-2015-8507 (mediaserver in Android 6.0 before 2015-12-01 allows remote attackers ...) - TODO: check + - android (bug #459219) CVE-2015-8506 (mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 ...) - TODO: check + - android (bug #459219) CVE-2015-8505 (mediaserver in Android before 5.1.1 LMY48Z allows remote attackers to ...) - TODO: check + - android (bug #459219) CVE-2015-8503 RESERVED CVE-2015-8502 @@ -1194,7 +1194,7 @@ CVE-2015-8483 RESERVED CVE-2015-8482 (Blue Coat Unified Agent before 4.6.2 does not prevent modification of ...) - TODO: check + NOT-FOR-US: Blue Coat Unified Agent CVE-2015-8481 RESERVED CVE-2015-8504 [vnc: avoid floating point exception] @@ -1608,11 +1608,12 @@ CVE-2016-0001 RESERVED CVE-2015-8480 (The VideoFramePool::PoolImpl::CreateFrame function in ...) - TODO: check + - chromium-browser 47.0.2526.73-1 CVE-2015-8479 (Use-after-free vulnerability in the ...) - TODO: check + - chromium-browser 47.0.2526.73-1 CVE-2015-8478 (Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as ...) - TODO: check + - chromium-browser 47.0.2526-73-1 +- libv8 CVE-2015-8475 RESERVED CVE-2015-8471 @@ -1685,119 +1686,119 @@ CVE-2015-8458 RESERVED CVE-2015-8457 (Stack-based buffer overflow in Adobe Flash Player before 18.0.0.268 ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2015-8456 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2015-8455 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2015-8454 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2015-8453 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2015-8452 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2015-8451 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2015-8450 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2015-8449 (Use-after-free vulnerability in the MovieClip object implementation in ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2015-8448 (Use-after-free vulnerability in the DisplacementMapFilter object ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2015-8447 (Use-after-free vulnerability in the Color object implementation in ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2015-8446 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2015-8445 (Integer overflow in the Shader filter implementation in Adobe Flash ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2015-8444 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2015-8443 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2015-8442 (Use-after-free vulnerability in the MovieClip object implementation in ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2015-8441 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2015-8440 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2015-8439 (The SharedObject object implementation in Adobe Flash Player before ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2015-8438 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2015-8437 (Use-after-free vulnerability in the Selection object implementation in ...) - TODO
[Secure-testing-commits] r38289 - data/DSA
Author: mgilbert
Date: 2015-12-15 02:11:56 + (Tue, 15 Dec 2015)
New Revision: 38289
Modified:
data/DSA/list
Log:
chromium dsa
Modified: data/DSA/list
===
--- data/DSA/list 2015-12-14 21:18:47 UTC (rev 38288)
+++ data/DSA/list 2015-12-15 02:11:56 UTC (rev 38289)
@@ -1,3 +1,6 @@
+[14 Dec 2015] DSA-3418-1 chromium-browser - security update
+ {CVE-2015-6788 CVE-2015-6789 CVE-2015-6790 CVE-2015-6791}
+ [jessie] - chromium-browser 47.0.2526.80-1~deb8u1
[14 Dec 2015] DSA-3417-1 bouncycastle - security update
{CVE-2015-7940}
[wheezy] - bouncycastle 1.44+dfsg-3.1+deb7u1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38197 - in data: . CVE DSA
Author: mgilbert
Date: 2015-12-10 01:59:58 + (Thu, 10 Dec 2015)
New Revision: 38197
Modified:
data/CVE/list
data/DSA/list
data/dsa-needed.txt
Log:
chromium dsa
Modified: data/CVE/list
===
--- data/CVE/list 2015-12-09 21:45:33 UTC (rev 38196)
+++ data/CVE/list 2015-12-10 01:59:58 UTC (rev 38197)
@@ -5501,9 +5501,7 @@
[wheezy] - chromium-browser
[squeeze] - chromium-browser
CVE-2015-6783 (The FindStartOffsetOfFileInZipFile function in
crazy_linker_zip.cpp in ...)
- - chromium-browser 47.0.2526.73-1
- [wheezy] - chromium-browser
- [squeeze] - chromium-browser
+ - chromium-browser (android only)
CVE-2015-6782 (The Document::open function in
WebKit/Source/core/dom/Document.cpp in ...)
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser
Modified: data/DSA/list
===
--- data/DSA/list 2015-12-09 21:45:33 UTC (rev 38196)
+++ data/DSA/list 2015-12-10 01:59:58 UTC (rev 38197)
@@ -1,3 +1,6 @@
+[09 Dec 2015] DSA-3415-1 chromium-browser - security update
+ {CVE-2015-1302 CVE-2015-6764 CVE-2015-6765 CVE-2015-6766 CVE-2015-6767
CVE-2015-6768 CVE-2015-6769 CVE-2015-6770 CVE-2015-6771 CVE-2015-6772
CVE-2015-6773 CVE-2015-6774 CVE-2015-6775 CVE-2015-6776 CVE-2015-6777
CVE-2015-6778 CVE-2015-6779 CVE-2015-6780 CVE-2015-6781 CVE-2015-6782
CVE-2015-6784 CVE-2015-6785 CVE-2015-6786}
+ [jessie] - chromium-browser 47.0.2526.73-1~deb8u1
[09 Dec 2015] DSA-3414-1 xen - security update
{CVE-2015-3259 CVE-2015-3340 CVE-2015-5307 CVE-2015-6654 CVE-2015-7311
CVE-2015-7812 CVE-2015-7813 CVE-2015-7814 CVE-2015-7969 CVE-2015-7970
CVE-2015-7971 CVE-2015-7972 CVE-2015-8104}
[jessie] - xen 4.4.1-9+deb8u3
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2015-12-09 21:45:33 UTC (rev 38196)
+++ data/dsa-needed.txt 2015-12-10 01:59:58 UTC (rev 38197)
@@ -19,8 +19,6 @@
aptdaemon
For jessie-security compat layer for PackageKit needs to be dropped
--
-chromium-browser
---
icedtea-web
--
imagemagick/oldstable
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r37206 - in data: . DSA
Author: mgilbert
Date: 2015-10-21 03:18:48 + (Wed, 21 Oct 2015)
New Revision: 37206
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
chromium dsa
Modified: data/DSA/list
===
--- data/DSA/list 2015-10-20 21:10:11 UTC (rev 37205)
+++ data/DSA/list 2015-10-21 03:18:48 UTC (rev 37206)
@@ -1,3 +1,6 @@
+[20 Oct 2015] DSA-3376-1 chromium-browser - security update
+ {CVE-2015-1303 CVE-2015-1304 CVE-2015-6755 CVE-2015-6756 CVE-2015-6757
CVE-2015-6758 CVE-2015-6759 CVE-2015-6760 CVE-2015-6761 CVE-2015-6762
CVE-2015-6763}
+ [jessie] - chromium-browser 46.0.2490.71-1~deb8u1
[19 Oct 2015] DSA-3375-1 wordpress - security update
{CVE-2015-5714 CVE-2015-5715}
[jessie] - wordpress 4.1+dfsg-1+deb8u5
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2015-10-20 21:10:11 UTC (rev 37205)
+++ data/dsa-needed.txt 2015-10-21 03:18:48 UTC (rev 37206)
@@ -19,8 +19,6 @@
aptdaemon
For jessie-security compat layer for PackageKit needs to be dropped
--
-chromium-browser/stable (mgilbert)
---
elasticsearch
--
freeimage
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r36869 - data/CVE
Author: mgilbert Date: 2015-09-27 18:28:41 + (Sun, 27 Sep 2015) New Revision: 36869 Modified: data/CVE/list Log: mark chromium SOP issues as no-dsa Modified: data/CVE/list === --- data/CVE/list 2015-09-27 18:21:44 UTC (rev 36868) +++ data/CVE/list 2015-09-27 18:28:41 UTC (rev 36869) @@ -16935,6 +16935,7 @@ CVE-2015-1304 RESERVED - chromium-browser 45.0.2454.101-1 + [jessie] - chromium-browser (minor issue) [wheezy] - chromium-browser [squeeze] - chromium-browser - libv8-3.14 (unimportant) @@ -16942,6 +16943,7 @@ CVE-2015-1303 RESERVED - chromium-browser 45.0.2454.101-1 + [jessie] - chromium-browser (minor issue) [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2015-1302 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r36868 - data/CVE
Author: mgilbert Date: 2015-09-27 18:21:44 + (Sun, 27 Sep 2015) New Revision: 36868 Modified: data/CVE/list Log: nfus Modified: data/CVE/list === --- data/CVE/list 2015-09-27 17:20:12 UTC (rev 36867) +++ data/CVE/list 2015-09-27 18:21:44 UTC (rev 36868) @@ -1873,9 +1873,9 @@ CVE-2015-6549 RESERVED CVE-2015-6548 (Multiple SQL injection vulnerabilities in a PHP script in the ...) - TODO: check + NOT-FOR-US: Symantec Web Gateway CVE-2015-6547 (The management console on Symantec Web Gateway (SWG) appliances with ...) - TODO: check + NOT-FOR-US: Semantec Web Gateway CVE-2015-6546 RESERVED CVE-2015-6545 (Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb ...) @@ -2100,9 +2100,9 @@ CVE-2015-6476 RESERVED CVE-2015-6475 (Multiple cross-site scripting (XSS) vulnerabilities in IBC Solar ...) - TODO: check + NOT-FOR-US: ServeMaster CVE-2015-6474 (IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers ...) - TODO: check + NOT-FOR-US: ServeMaster CVE-2015-6473 RESERVED CVE-2015-6472 @@ -2110,11 +2110,11 @@ CVE-2015-6471 RESERVED CVE-2015-6470 (Resource Data Management Data Manager before 2.2 allows remote ...) - TODO: check + NOT-FOR-US: Resource Data Manager CVE-2015-6469 (The interpreter in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ ...) - TODO: check + NOT-FOR-US: ServerMaster CVE-2015-6468 (Cross-site request forgery (CSRF) vulnerability in Resource Data ...) - TODO: check + NOT-FOR-US: Resource Data Manager CVE-2015-6467 RESERVED CVE-2015-6466 (Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature ...) @@ -2130,19 +2130,19 @@ CVE-2015-6461 RESERVED CVE-2015-6460 (Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway ...) - TODO: check + NOT-FOR-US: CODESYS Gateway Server CVE-2015-6459 (Absolute path traversal vulnerability in the download feature in ...) - TODO: check + NOT-FOR-US: FileDownloadServlet CVE-2015-6458 RESERVED CVE-2015-6457 RESERVED CVE-2015-6456 (GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before ...) - TODO: check + NOT-FOR-US: PulseNET CVE-2015-6455 RESERVED CVE-2015-6454 (Everest PeakHMI before 8.7.0.2, when the video server is used, allows ...) - TODO: check + NOT-FOR-US: PeakHMI CVE-2015-6453 RESERVED CVE-2015-6452 @@ -2438,31 +2438,31 @@ CVE-2015-6307 RESERVED CVE-2015-6306 (Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-6305 (Untrusted search path vulnerability in the ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-6304 (Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-6303 (The Cisco Spark application 2015-07-04 for mobile operating systems ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-6302 (The RADIUS functionality on Cisco Wireless LAN Controller (WLC) ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-6301 (The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-6300 (Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-6299 (SQL injection vulnerability in the web interface in Cisco Unity ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-6298 RESERVED CVE-2015-6297 (The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-6296 (Cisco Prime Network Registrar (CPNR) 8.1(3.3), 8.2(3), and 8.3(2) has ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-6295 (Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-6294 (Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-6293 RESERVED CVE-2015-6292 @@ -2549,7 +2549,8 @@ CVE-2015-6253 RESERVED CVE-2014-9743 (Cross-site scripting (XSS) vulnerability in the httpd_HtmlError ...) - TODO: check + - vlc 2.2.1-4 + NOTE: might be fixed earlier, but this was the version checked CVE-2015-6526 (The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c ...) - linux 4.1.3-1 [jessie] - linux 3.16.7-ckt11-1 @@ -2569,7 +2570,7 @@ CVE-2015-6239 RESERVED CVE-2015-6238 (Multiple cross-site scripting (XSS) vulnerabilities in the Google ...) - TODO: check + NOT-FOR-US: Google Analyticator plugin for WordPress CVE-2015-6237 RESERVED CV
[Secure-testing-commits] r36838 - data/CVE
Author: mgilbert
Date: 2015-09-25 20:45:45 + (Fri, 25 Sep 2015)
New Revision: 36838
Modified:
data/CVE/list
Log:
nfus and a few already fixed chromium issues
Modified: data/CVE/list
===
--- data/CVE/list 2015-09-25 16:27:12 UTC (rev 36837)
+++ data/CVE/list 2015-09-25 20:45:45 UTC (rev 36838)
@@ -44,7 +44,7 @@
CVE-2015-7315
RESERVED
CVE-2015-7310 (McAfee Enterprise Security Manager (ESM), Enterprise Security
...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2015-7309 (The theme editor in Bolt before 2.2.5 does not check the file
...)
TODO: check
CVE-2015-7314
@@ -194,7 +194,7 @@
CVE-2015-7244
RESERVED
CVE-2015-7243 (Buffer overflow in Boxoft WAV to MP3 Converter allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: Boxoft
CVE-2015-7242
RESERVED
CVE-2015-7241
@@ -202,11 +202,11 @@
CVE-2015-7240
RESERVED
CVE-2015-7239 (SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM
function ...)
- TODO: check
+ NOT-FOR-US: J2EE
CVE-2015-7238 (The Secondary server in Threat Intelligence Exchange (TIE)
before ...)
- TODO: check
+ NOT-FOR-US: TIE
CVE-2015-7237 (Directory traversal vulnerability in the remote log viewing ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2015-7235 (Multiple SQL injection vulnerabilities in dex_reservations.php
in the ...)
NOT-FOR-US: CP Reservation Calendar plugin for WordPress
CVE-2015-7234 (The OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF
...)
@@ -760,29 +760,29 @@
CVE-2015-6974
RESERVED
CVE-2015-6973 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Ignite ...)
- TODO: check
+ NOT-FOR-US: Openfire
CVE-2015-6972 (Multiple cross-site scripting (XSS) vulnerabilities in Ignite
Realtime ...)
- TODO: check
+ NOT-FOR-US: Openfire
CVE-2015-6971
RESERVED
CVE-2015-6970
RESERVED
CVE-2015-6969 (Cross-site scripting (XSS) vulnerability in js/2k11.min.js in
the 2k11 ...)
- TODO: check
+ NOT-FOR-US: Serendipity
CVE-2015-6968 (Multiple incomplete blacklist vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: Serendipity
CVE-2015-6967 (Unrestricted file upload vulnerability in the My Image plugin
in ...)
- TODO: check
+ NOT-FOR-US: Nibbleblog
CVE-2015-6966 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
- TODO: check
+ NOT-FOR-US: Nibbleblog
CVE-2015-6965 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
- TODO: check
+ NOT-FOR-US: Contact Form Generator plugin for WordPress
CVE-2015-6964
RESERVED
CVE-2015-6963
RESERVED
CVE-2015-6962 (SQL injection vulnerability in the web application in Farol
allows ...)
- TODO: check
+ NOT-FOR-US: Farol
CVE-2015-7236 [remote triggerable use-after-free in rpcbind]
RESERVED
{DSA-3366-1 DLA-311-1}
@@ -834,7 +834,7 @@
CVE-2015-6941
RESERVED
CVE-2015-6940 (The GetResource servlet in Pentaho Business Analytics (BA)
Suite ...)
- TODO: check
+ NOT-FOR-US: Pentaho
CVE-2015- [ross-site scripting vulnerability in the user list table]
- wordpress 4.3.1+dfsg-1 (bug #799140)
NOTE:
https://github.com/WordPress/WordPress/commit/f91a5fd10ea7245e5b41e288624819a37adf290a
@@ -847,7 +847,7 @@
[experimental] - bouncycastle 1.51-1
NOTE:
http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html
CVE-2015-6939 (Cross-site scripting (XSS) vulnerability in the login module in
...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2015-6936
RESERVED
CVE-2015-6935
@@ -857,7 +857,7 @@
CVE-2015-6933
RESERVED
CVE-2015-6932 (VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not
verify ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2015-6931
RESERVED
CVE-2014-9745 (The parse_encoding function in type1/t1load.c in FreeType
before 2.5.3 ...)
@@ -871,7 +871,7 @@
CVE-2015-6930
RESERVED
CVE-2015-6929 (Multiple cross-site scripting (XSS) vulnerabilities in Nokia
Networks ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2015-6928
RESERVED
CVE-2015-6926
@@ -1102,7 +1102,7 @@
CVE-2015-6829 (Multiple SQL injection vulnerabilities in the getip function in
...)
NOT-FOR-US: getip function in wp-limit-login-attempts.php in the WP
Limit Login Attempts plugin for WordPress
CVE-2015-6828 (The tweet_info function in class/__functions.php in the
SecureMoz ...)
- TODO: check
+ NOT-FOR-US: SecureMoz plugin
CVE-2015-6827 (Cross-site request forgery (CSRF) vulnerability in
Auto-Exchanger ...)
NOT-FOR-US: Auto-Exchanger
CVE-2015-6826 (The ff_rv34_decode_init_thread_copy function in
libavcodec/rv34.c in ...)
@@ -1154,9 +1154,9 @@
CVE-2015-6809 (Multiple cross-site scripting (XSS)
[Secure-testing-commits] r36458 - data/CVE
Author: mgilbert
Date: 2015-09-03 22:48:27 + (Thu, 03 Sep 2015)
New Revision: 36458
Modified:
data/CVE/list
Log:
chromium fixed
Modified: data/CVE/list
===
--- data/CVE/list 2015-09-03 19:19:12 UTC (rev 36457)
+++ data/CVE/list 2015-09-03 22:48:27 UTC (rev 36458)
@@ -15424,67 +15424,67 @@
CVE-2015-1301
RESERVED
{DSA-3351-1}
- - chromium-browser (low)
+ - chromium-browser 45.0.2454.85-1 (low)
[wheezy] - chromium-browser
[squeeze] - chromium-browser
CVE-2015-1300
RESERVED
{DSA-3351-1}
- - chromium-browser (low)
+ - chromium-browser 45.0.2454.85-1 (low)
[wheezy] - chromium-browser
[squeeze] - chromium-browser
CVE-2015-1299
RESERVED
{DSA-3351-1}
- - chromium-browser (low)
+ - chromium-browser 45.0.2454.85-1 (low)
[wheezy] - chromium-browser
[squeeze] - chromium-browser
CVE-2015-1298
RESERVED
{DSA-3351-1}
- - chromium-browser (low)
+ - chromium-browser 45.0.2454.85-1 (low)
[wheezy] - chromium-browser
[squeeze] - chromium-browser
CVE-2015-1297
RESERVED
{DSA-3351-1}
- - chromium-browser (low)
+ - chromium-browser 45.0.2454.85-1 (low)
[wheezy] - chromium-browser
[squeeze] - chromium-browser
CVE-2015-1296
RESERVED
{DSA-3351-1}
- - chromium-browser (low)
+ - chromium-browser 45.0.2454.85-1 (low)
[wheezy] - chromium-browser
[squeeze] - chromium-browser
CVE-2015-1295
RESERVED
{DSA-3351-1}
- - chromium-browser (low)
+ - chromium-browser 45.0.2454.85-1 (low)
[wheezy] - chromium-browser
[squeeze] - chromium-browser
CVE-2015-1294
RESERVED
{DSA-3351-1}
- - chromium-browser (low)
+ - chromium-browser 45.0.2454.85-1 (low)
[wheezy] - chromium-browser
[squeeze] - chromium-browser
CVE-2015-1293
RESERVED
{DSA-3351-1}
- - chromium-browser (low)
+ - chromium-browser 45.0.2454.85-1 (low)
[wheezy] - chromium-browser
[squeeze] - chromium-browser
CVE-2015-1292
RESERVED
{DSA-3351-1}
- - chromium-browser (low)
+ - chromium-browser 45.0.2454.85-1 (low)
[wheezy] - chromium-browser
[squeeze] - chromium-browser
CVE-2015-1291
RESERVED
{DSA-3351-1}
- - chromium-browser (low)
+ - chromium-browser 45.0.2454.85-1 (low)
[wheezy] - chromium-browser
[squeeze] - chromium-browser
CVE-2015-1290
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r36431 - in data: . DSA
Author: mgilbert
Date: 2015-09-03 03:04:02 + (Thu, 03 Sep 2015)
New Revision: 36431
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
chromium dsa
Modified: data/DSA/list
===
--- data/DSA/list 2015-09-02 21:23:49 UTC (rev 36430)
+++ data/DSA/list 2015-09-03 03:04:02 UTC (rev 36431)
@@ -1,3 +1,6 @@
+[02 Sep 2015] DSA-3350-1 chromium-browser - security update
+ {CVE-2015-1291 CVE-2015-1292 CVE-2015-1293 CVE-2015-1294 CVE-2015-1295
CVE-2015-1296 CVE-2015-1297 CVE-2015-1298 CVE-2015-1299 CVE-2015-1300
CVE-2015-1301}
+ [jessie] - chromium-browser 45.0.2454.85-1~deb8u1
[02 Sep 2015] DSA-3349-1 qemu-kvm - security update
{CVE-2015-5165 CVE-2015-5745}
[wheezy] - qemu-kvm 1.1.2+dfsg-6+deb7u9
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2015-09-02 21:23:49 UTC (rev 36430)
+++ data/dsa-needed.txt 2015-09-03 03:04:02 UTC (rev 36431)
@@ -19,8 +19,6 @@
aptdaemon
For jessie-security compat layer for PackageKit needs to be dropped
--
-chromium-browser
---
eglibc (aurel32)
some of the other no-dsa bugs could be fixed along
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r35943 - data
Author: mgilbert Date: 2015-08-09 02:57:38 + (Sun, 09 Aug 2015) New Revision: 35943 Modified: data/embedded-code-copies Log: chromium will be switching back to embedded srtp Modified: data/embedded-code-copies === --- data/embedded-code-copies 2015-08-08 14:11:44 UTC (rev 35942) +++ data/embedded-code-copies 2015-08-09 02:57:38 UTC (rev 35943) @@ -2791,8 +2791,8 @@ NOTE: upstream scrypt does not provide a shared library/API srtp - - chromium-browser (modified-embed) - NOTE: discussed in #770659 + - chromium-browser (embed) + NOTE: http://crbug.com/501318 - qutecom - asterisk (embed) - gst-plugins-bad1.0 (embed) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r35715 - data/CVE
Author: mgilbert Date: 2015-07-26 03:29:57 + (Sun, 26 Jul 2015) New Revision: 35715 Modified: data/CVE/list Log: add an unfixed chromium issue Modified: data/CVE/list === --- data/CVE/list 2015-07-25 22:36:14 UTC (rev 35714) +++ data/CVE/list 2015-07-26 03:29:57 UTC (rev 35715) @@ -1,3 +1,9 @@ +CVE-2015- [chromium url spoofing issue] + - chromium-browser (low) + [jessie] - chromium-browser (minor issue) + [wheezy] - chromium-browser + [squeeze] - chromium-browser + NOTE: http://crbug.com/497588 CVE-2015- [Shibboleth SP software crashes on well-formed but invalid XML] - xmltooling NOTE: http://shibboleth.net/community/advisories/secadv_20150721.txt ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r35714 - data/CVE
Author: mgilbert Date: 2015-07-25 22:36:14 + (Sat, 25 Jul 2015) New Revision: 35714 Modified: data/CVE/list Log: more nfus Modified: data/CVE/list === --- data/CVE/list 2015-07-25 21:37:10 UTC (rev 35713) +++ data/CVE/list 2015-07-25 22:36:14 UTC (rev 35714) @@ -466,19 +466,19 @@ CVE-2015-5458 (Session fixation vulnerability in fileupload.php in PivotX before ...) NOT-FOR-US: PivotX CVE-2015-5457 (PivotX before 2.3.11 does not validate the new file extension when ...) - TODO: check + NOT-FOR-US: PivotX CVE-2015-5456 (Cross-site scripting (XSS) vulnerability in the form method in ...) - TODO: check + NOT-FOR-US: PivotX CVE-2015-5455 (Cross-site scripting (XSS) vulnerability in X-Cart 4.5.0 and earlier ...) - TODO: check + NOT-FOR-US: X-cart CVE-2015-5454 (Cross-site scripting (XSS) vulnerability in Nucleus CMS 3.65 allows ...) - TODO: check + NOT-FOR-US: Nucleus CMS CVE-2015-5453 (Watchguard XCS 9.2 and 10.0 before build 150522 allow remote ...) - TODO: check + NOT-FOR-US: Watchguard XCS CVE-2015-5452 (SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before ...) - TODO: check + NOT-FOR-US: Watchguard XCS CVE-2014-9741 (Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for ...) - TODO: check + NOT-FOR-US: ArcGIS CVE-2015-5451 RESERVED CVE-2015-5450 @@ -606,7 +606,7 @@ CVE-2015-5387 RESERVED CVE-2015-5386 (Siemens SICAM MIC devices with firmware before 2404 allow remote ...) - TODO: check + NOT-FOR-US: Siemens CVE-2015-5385 RESERVED CVE-2015-5384 @@ -626,13 +626,13 @@ CVE-2015-5375 RESERVED CVE-2015-5374 (The EN100 module with firmware before 4.25 for Siemens SIPROTEC 4 and ...) - TODO: check + NOT-FOR-US: Siemens CVE-2015-5373 RESERVED CVE-2015-5372 RESERVED CVE-2015-5371 (The AuthenticationFilter class in SolarWinds Storage Manager allows ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2015-5370 RESERVED CVE-2015-5369 @@ -642,13 +642,13 @@ CVE-2015-5367 RESERVED CVE-2014-9740 (Cross-site scripting (XSS) vulnerability in the Rules Link module ...) - TODO: check + NOT-FOR-US: Rules Link module for Drupal CVE-2014-9739 (Cross-site scripting (XSS) vulnerability in the Node Field module ...) - TODO: check + NOT-FOR-US: Node Field module for Drupal CVE-2014-9738 (Multiple cross-site scripting (XSS) vulnerabilities in the Tournament ...) - TODO: check + NOT-FOR-US: Tournament module for Drupal CVE-2014-9737 (Open redirect vulnerability in the Language Switcher Dropdown module ...) - TODO: check + NOT-FOR-US: Language Switcher Dropdown module for Drupal CVE-2014-9736 RESERVED CVE-2013-7442 @@ -731,19 +731,19 @@ CVE-2015-5365 (Cross-site scripting (XSS) vulnerability in Zurmo CRM 3.0.2 allows ...) NOT-FOR-US: Zurmo CRM CVE-2015-5363 (The SRX Network Security Daemon (nsd) in Juniper SRX Series services ...) - TODO: check + NOT-FOR-US: Juniper CVE-2015-5362 (The BFD daemon in Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 ...) - TODO: check + NOT-FOR-US: Juniper CVE-2015-5361 RESERVED CVE-2015-5360 (IPv6 sendd in Juniper Junos 12.1X44 before 12.1X44-D51, 12.1X46 before ...) - TODO: check + NOT-FOR-US: Juniper CVE-2015-5359 (Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before ...) - TODO: check + NOT-FOR-US: Juniper CVE-2015-5358 (Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before ...) - TODO: check + NOT-FOR-US: Juniper CVE-2015-5357 (The Juniper EX4600, QFX3500, QFX3600, and QFX5100 switches with Junos ...) - TODO: check + NOT-FOR-US: Juniper CVE-2015-5356 (Cross-site scripting (XSS) vulnerability in admin/filebrowser.php in ...) NOT-FOR-US: GetSimple CMS CVE-2015-5355 (Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS ...) @@ -1232,9 +1232,9 @@ CVE-2015-5122 (Use-after-free vulnerability in the DisplayObject class in the ...) NOT-FOR-US: Adobe Flash Player CVE-2015-5121 (Adobe Shockwave Player before 12.1.9.159 allows attackers to execute ...) - TODO: check + NOT-FOR-US: Shockwave CVE-2015-5120 (Adobe Shockwave Player before 12.1.9.159 allows attackers to execute ...) - TODO: check + NOT-FOR-US: Shockwave CVE-2015-5119 (Use-after-free vulnerability in the ByteArray class in the ...) NOT-FOR-US: Adobe Flash Player CVE-2015-5118 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and ...) @@ -1312,7 +1312,7 @@ CVE-2015-5082 RESERVED CVE-2015-5080 (The Management Interface in Citrix NetScaler Application Delivery ...) - TODO: check + NOT-FOR-US: Citrix CVE-2015-5079 RESERVED
[Secure-testing-commits] r35713 - data/DSA
Author: mgilbert
Date: 2015-07-25 21:37:10 + (Sat, 25 Jul 2015)
New Revision: 35713
Modified:
data/DSA/list
Log:
fix missing fixed chromium CVEs
Modified: data/DSA/list
===
--- data/DSA/list 2015-07-25 21:10:15 UTC (rev 35712)
+++ data/DSA/list 2015-07-25 21:37:10 UTC (rev 35713)
@@ -6,7 +6,7 @@
[wheezy] - openjdk-7 7u79-2.5.6-1~deb7u1
[jessie] - openjdk-7 7u79-2.5.6-1~deb8u1
[23 Jul 2015] DSA-3315-1 chromium-browser - security update
- {CVE-2015-1270 CVE-2015-1271 CVE-2015-1272 CVE-2015-1273 CVE-2015-1274
CVE-2015-1276 CVE-2015-1277 CVE-2015-1278 CVE-2015-1279 CVE-2015-1280
CVE-2015-1281 CVE-2015-1282 CVE-2015-1283 CVE-2015-1284 CVE-2015-1285
CVE-2015-1286 CVE-2015-1287 CVE-2015-1288 CVE-2015-1289}
+ {CVE-2015-1266 CVE-2015-1267 CVE-2015-1268 CVE-2015-1269 CVE-2015-1270
CVE-2015-1271 CVE-2015-1272 CVE-2015-1273 CVE-2015-1274 CVE-2015-1276
CVE-2015-1277 CVE-2015-1278 CVE-2015-1279 CVE-2015-1280 CVE-2015-1281
CVE-2015-1282 CVE-2015-1283 CVE-2015-1284 CVE-2015-1285 CVE-2015-1286
CVE-2015-1287 CVE-2015-1288 CVE-2015-1289}
[jessie] - chromium-browser 44.0.2403.89-1~deb8u1
[23 Jul 2015] DSA-3314-1 typo3-sec - end of life
[wheezy] - typo3-src
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r35711 - data/CVE
Author: mgilbert Date: 2015-07-25 20:49:45 + (Sat, 25 Jul 2015) New Revision: 35711 Modified: data/CVE/list Log: some nfus Modified: data/CVE/list === --- data/CVE/list 2015-07-25 15:34:55 UTC (rev 35710) +++ data/CVE/list 2015-07-25 20:49:45 UTC (rev 35711) @@ -34,9 +34,9 @@ NOTE: https://core.trac.wordpress.org/changeset/33359 TODO: check affected versions CVE-2015-5611 (Unspecified vulnerability in Uconnect 15.26.1, as used in certain Fiat ...) - TODO: check + NOT-FOR-US: Uconnect CVE-2015-5610 (The RSM (aka RSMWinService) service in SolarWinds N-Able N-Central ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2015-5609 RESERVED CVE-2015-5608 @@ -275,9 +275,9 @@ RESERVED NOT-FOR-US: WordPress plugin paid-memberships-pro CVE-2015-5530 (Multiple cross-site request forgery (CSRF) vulnerabilities in Free ...) - TODO: check + NOT-FOR-US: Free Reprintables CVE-2015-5529 (Multiple cross-site scripting (XSS) vulnerabilities in Free ...) - TODO: check + NOT-FOR-US: Free Reprintables CVE-2015-5528 (Cross-site scripting (XSS) vulnerability in the save_order function in ...) NOT-FOR-US: save_order function in class-floating-social-bar.php in the Floating Social Bar plugin for WordPress CVE-2015- [d-i uses preseed data from DHCP when installing from DVD] @@ -303,11 +303,11 @@ - elasticsearch 1.6.1+dfsg-1 (bug #792617) NOTE: https://www.elastic.co/blog/elasticsearch-1-7-0-and-1-6-1-released#security CVE-2015-5521 (Cross-site scripting (XSS) vulnerability in BlackCat CMS 1.1.2 allows ...) - TODO: check + NOT-FOR-US: BlackCat CMS CVE-2015-5520 (Cross-site scripting (XSS) vulnerability in the Users module in ...) - TODO: check + NOT-FOR-US: BlackCat CMS CVE-2015-5519 (Cross-site scripting (XSS) vulnerability in the applyConvolution demo ...) - TODO: check + NOT-FOR-US: WideImage CVE-2015-5518 RESERVED CVE-2015-5517 @@ -425,7 +425,7 @@ CVE-2015-5465 RESERVED CVE-2015-5464 (Unspecified vulnerability on the Gemalto SafeNet Luna HSM has unknown ...) - TODO: check + NOT-FOR-US: Gemalto CVE-2015-5463 RESERVED CVE-2015-5462 @@ -460,11 +460,11 @@ CVE-2015-5461 (Open redirect vulnerability in the Redirect function in ...) NOT-FOR-US: Redirect function in stageshow_redirect.php in the StageShow plugin for WordPress CVE-2015-5460 (Cross-site scripting (XSS) vulnerability in ...) - TODO: check + NOT-FOR-US: Snorby CVE-2015-5459 (SQL injection vulnerability in the AdvanceSearch.class in ...) - TODO: check + NOT-FOR-US: Password Manager Pro CVE-2015-5458 (Session fixation vulnerability in fileupload.php in PivotX before ...) - TODO: check + NOT-FOR-US: PivotX CVE-2015-5457 (PivotX before 2.3.11 does not validate the new file extension when ...) TODO: check CVE-2015-5456 (Cross-site scripting (XSS) vulnerability in the form method in ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r35662 - in data: CVE DSA
Author: mgilbert
Date: 2015-07-23 22:53:34 + (Thu, 23 Jul 2015)
New Revision: 35662
Modified:
data/CVE/list
data/DSA/list
Log:
chromium dsa
Modified: data/CVE/list
===
--- data/CVE/list 2015-07-23 21:10:14 UTC (rev 35661)
+++ data/CVE/list 2015-07-23 22:53:34 UTC (rev 35662)
@@ -12353,7 +12353,6 @@
[squeeze] - chromium-browser
CVE-2015-1276 (Use-after-free vulnerability in ...)
- chromium-browser 44.0.2403.89-1
- - chromium-browser
[wheezy] - chromium-browser
[squeeze] - chromium-browser
CVE-2015-1275 (Cross-site scripting (XSS) vulnerability in ...)
@@ -12380,22 +12379,18 @@
[squeeze] - chromium-browser
CVE-2015-1269 (The DecodeHSTSPreloadRaw function in ...)
- chromium-browser 43.0.2357.130-1
- [jessie] - chromium-browser (minor issue)
[wheezy] - chromium-browser
[squeeze] - chromium-browser
CVE-2015-1268 (bindings/scripts/v8_types.py in Blink, as used in Google Chrome
before ...)
- chromium-browser 43.0.2357.130-1
- [jessie] - chromium-browser (minor issue)
[wheezy] - chromium-browser
[squeeze] - chromium-browser
CVE-2015-1267 (Blink, as used in Google Chrome before 43.0.2357.130, does not
...)
- chromium-browser 43.0.2357.130-1
- [jessie] - chromium-browser (minor issue)
[wheezy] - chromium-browser
[squeeze] - chromium-browser
CVE-2015-1266 (content/browser/webui/content_web_ui_controller_factory.cc in
Google ...)
- chromium-browser 43.0.2357.130-1
- [jessie] - chromium-browser (minor issue)
[wheezy] - chromium-browser
[squeeze] - chromium-browser
CVE-2015-1265 (Multiple unspecified vulnerabilities in Google Chrome before
...)
Modified: data/DSA/list
===
--- data/DSA/list 2015-07-23 21:10:14 UTC (rev 35661)
+++ data/DSA/list 2015-07-23 22:53:34 UTC (rev 35662)
@@ -1,3 +1,6 @@
+[23 Jul 2015] DSA-3315-1 chromium-browser - security update
+ {CVE-2015-1270 CVE-2015-1271 CVE-2015-1272 CVE-2015-1273 CVE-2015-1274
CVE-2015-1276 CVE-2015-1277 CVE-2015-1278 CVE-2015-1279 CVE-2015-1280
CVE-2015-1281 CVE-2015-1282 CVE-2015-1283 CVE-2015-1284 CVE-2015-1285
CVE-2015-1286 CVE-2015-1287 CVE-2015-1288 CVE-2015-1289}
+ [jessie] - chromium-browser 44.0.2403.89-1~deb8u1
[23 Jul 2015] DSA-3314-1 typo3-sec - end of life
[wheezy] - typo3-src
[23 Jul 2015] DSA-3313-1 linux - security update
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r35177 - in data: . CVE
Author: mgilbert Date: 2015-06-26 22:24:02 + (Fri, 26 Jun 2015) New Revision: 35177 Modified: data/CVE/list data/dsa-needed.txt Log: new chromium issues are all minor Modified: data/CVE/list === --- data/CVE/list 2015-06-26 18:35:07 UTC (rev 35176) +++ data/CVE/list 2015-06-26 22:24:02 UTC (rev 35177) @@ -10536,21 +10536,25 @@ CVE-2015-1269 RESERVED - chromium-browser 43.0.2357.130-1 + [jessie] - chromium-browser (minor issue) [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2015-1268 RESERVED - chromium-browser 43.0.2357.130-1 + [jessie] - chromium-browser (minor issue) [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2015-1267 RESERVED - chromium-browser 43.0.2357.130-1 + [jessie] - chromium-browser (minor issue) [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2015-1266 RESERVED - chromium-browser 43.0.2357.130-1 + [jessie] - chromium-browser (minor issue) [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2015-1265 (Multiple unspecified vulnerabilities in Google Chrome before ...) Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2015-06-26 18:35:07 UTC (rev 35176) +++ data/dsa-needed.txt 2015-06-26 22:24:02 UTC (rev 35177) @@ -19,8 +19,6 @@ aptdaemon For jessie-security compat layer for PackageKit needs to be dropped -- -chromium-browser --- eglibc (aurel32) some of the other no-dsa bugs could be fixed along -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r35027 - data/CVE
Author: mgilbert Date: 2015-06-19 04:56:27 + (Fri, 19 Jun 2015) New Revision: 35027 Modified: data/CVE/list Log: add bug number Modified: data/CVE/list === --- data/CVE/list 2015-06-18 23:29:08 UTC (rev 35026) +++ data/CVE/list 2015-06-19 04:56:27 UTC (rev 35027) @@ -1,5 +1,5 @@ CVE-2015- [chromium hotword nacl blob downloading] - - chromium-browser 43.0.2357.124-1 + - chromium-browser 43.0.2357.124-1 (bug #786909) [jessie] - chromium-browser (a non-issue for incredibly so many reasons, see my comments at https://lwn.net/Articles/648392) [wheezy] - chromium-browser (introduced in chromium 43) NOTE: I plan to fix it during the dsa for the next round of chromium issues ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r35026 - data/CVE
Author: mgilbert Date: 2015-06-18 23:29:08 + (Thu, 18 Jun 2015) New Revision: 35026 Modified: data/CVE/list Log: chromium blob issue Modified: data/CVE/list === --- data/CVE/list 2015-06-18 21:10:16 UTC (rev 35025) +++ data/CVE/list 2015-06-18 23:29:08 UTC (rev 35026) @@ -1,3 +1,8 @@ +CVE-2015- [chromium hotword nacl blob downloading] + - chromium-browser 43.0.2357.124-1 + [jessie] - chromium-browser (a non-issue for incredibly so many reasons, see my comments at https://lwn.net/Articles/648392) + [wheezy] - chromium-browser (introduced in chromium 43) + NOTE: I plan to fix it during the dsa for the next round of chromium issues CVE-2015- [denial of service in glob_()] - pure-ftpd NOTE: https://github.com/jedisct1/pure-ftpd/commit/0627004e23a24108785dc1506c5767392b90f807 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r34404 - in data: . DSA
Author: mgilbert
Date: 2015-05-22 04:15:45 + (Fri, 22 May 2015)
New Revision: 34404
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
chromium dsa
Modified: data/DSA/list
===
--- data/DSA/list 2015-05-22 03:39:37 UTC (rev 34403)
+++ data/DSA/list 2015-05-22 04:15:45 UTC (rev 34404)
@@ -1,3 +1,6 @@
+[22 May 2015] DSA-3267-1 chromium-browser - security update
+ {CVE-2015-1251 CVE-2015-1252 CVE-2015-1253 CVE-2015-1254 CVE-2015-1255
CVE-2015-1256 CVE-2015-1257 CVE-2015-1258 CVE-2015-1259 CVE-2015-1260
CVE-2015-1261 CVE-2015-1262 CVE-2015-1263 CVE-2015-1264 CVE-2015-1265}
+ [jessie] - chromium-browser 43.0.2357.65-1~deb8u1
[21 May 2015] DSA-3266-1 fuse - security update
{CVE-2015-3202}
[wheezy] - fuse 2.9.0-2+deb7u2
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2015-05-22 03:39:37 UTC (rev 34403)
+++ data/dsa-needed.txt 2015-05-22 04:15:45 UTC (rev 34404)
@@ -14,8 +14,6 @@
--
asterisk
--
-chromium-browser/stable
---
eglibc (aurel32)
some of the other no-dsa bugs could be fixed along
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33990 - in data: . DSA
Author: mgilbert
Date: 2015-05-01 02:31:16 + (Fri, 01 May 2015)
New Revision: 33990
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
chromium dsa
Modified: data/DSA/list
===
--- data/DSA/list 2015-04-30 22:49:53 UTC (rev 33989)
+++ data/DSA/list 2015-05-01 02:31:16 UTC (rev 33990)
@@ -1,3 +1,6 @@
+[30 Apr 2015] DSA-3242-1 chromium-browser - security update
+ {CVE-2015-1243 CVE-2015-1250}
+ [jessie] - chromium-browser 42.0.2311.135-1~deb8u1
[29 Apr 2015] DSA-3241-1 elasticsearch - security update
{CVE-2015-3337}
[jessie] - elasticsearch 1.0.3+dfsg-5+deb8u1
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2015-04-30 22:49:53 UTC (rev 33989)
+++ data/dsa-needed.txt 2015-05-01 02:31:16 UTC (rev 33990)
@@ -14,8 +14,6 @@
--
asterisk
--
-chromium-browser/stable
---
eglibc (aurel32)
some of the other no-dsa bugs could be fixed along
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33875 - in data: CVE DSA
Author: mgilbert
Date: 2015-04-27 01:28:09 + (Mon, 27 Apr 2015)
New Revision: 33875
Modified:
data/CVE/list
data/DSA/list
Log:
allocate chromium dsa
Modified: data/CVE/list
===
--- data/CVE/list 2015-04-27 00:58:50 UTC (rev 33874)
+++ data/CVE/list 2015-04-27 01:28:09 UTC (rev 33875)
@@ -161,9 +161,7 @@
- libv8-3.14 (unimportant)
NOTE: libv8 not covered by security support
CVE-2015-3335 (The NaClSandbox::InitializeLayerTwoSandbox function in ...)
- - chromium-browser 42.0.2311.90-1
- [wheezy] - chromium-browser
- [squeeze] - chromium-browser
+ - chromium-browser (native client support not built)
CVE-2015-3334 (browser/ui/website_settings/website_settings.cc in Google
Chrome ...)
- chromium-browser 42.0.2311.90-1
[wheezy] - chromium-browser
Modified: data/DSA/list
===
--- data/DSA/list 2015-04-27 00:58:50 UTC (rev 33874)
+++ data/DSA/list 2015-04-27 01:28:09 UTC (rev 33875)
@@ -1,3 +1,6 @@
+[26 Apr 2015] DSA-3238-1 chromium-browser - security update
+ {CVE-2015-1235 CVE-2015-1236 CVE-2015-1237 CVE-2015-1238 CVE-2015-1240
CVE-2015-1241 CVE-2015-1242 CVE-2015-1244 CVE-2015-1245 CVE-2015-1246
CVE-2015-1247 CVE-2015-1248 CVE-2015-1249 CVE-2015- CVE-2015-3334
CVE-2015-3336}
+ [jessie] - chromium-browser 42.0.2311.90-1~deb8u1
[26 Apr 2015] DSA-3237-1 linux - security update
{CVE-2014-8159 CVE-2014-9715 CVE-2015-2041 CVE-2015-2042 CVE-2015-2150
CVE-2015-2830 CVE-2015-2922 CVE-2015-3331 CVE-2015-3339}
[wheezy] - linux 3.2.68-1+deb7u1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32874 - in data: . DSA
Author: mgilbert
Date: 2015-03-15 04:38:30 + (Sun, 15 Mar 2015)
New Revision: 32874
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
icu dsa
Modified: data/DSA/list
===
--- data/DSA/list 2015-03-14 21:58:32 UTC (rev 32873)
+++ data/DSA/list 2015-03-15 04:38:30 UTC (rev 32874)
@@ -1,3 +1,6 @@
+[15 Mar 2015] DSA-3187-1 icu - security update
+ {CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2419 CVE-2014-6585
CVE-2014-6591 CVE-2014-7923 CVE-2014-7926 CVE-2014-7940 CVE-2014-9654}
+ [wheezy] - icu 4.8.1.1-12+deb7u2
[13 Mar 2015] DSA-3186-1 nss - security update
{CVE-2014-1569}
[wheezy] - nss 2:3.14.5-1+deb7u4
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2015-03-14 21:58:32 UTC (rev 32873)
+++ data/dsa-needed.txt 2015-03-15 04:38:30 UTC (rev 32874)
@@ -21,8 +21,6 @@
--
gnutls26 (carnil)
--
-icu (mgilbert)
---
imagemagick
no-dsa bugs CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716
should be fixed along
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32681 - data/CVE
Author: mgilbert Date: 2015-03-07 05:07:12 + (Sat, 07 Mar 2015) New Revision: 32681 Modified: data/CVE/list Log: nfus Modified: data/CVE/list === --- data/CVE/list 2015-03-06 21:10:16 UTC (rev 32680) +++ data/CVE/list 2015-03-07 05:07:12 UTC (rev 32681) @@ -7,7 +7,7 @@ CVE-2015-2210 RESERVED CVE-2015-2209 (DLGuard 4.5 allows remote attackers to obtain the installation path ...) - TODO: check + NOT-FOR-US: DLGuard CVE-2015-2208 RESERVED CVE-2015-2207 @@ -351,7 +351,7 @@ CVE-2015-2081 RESERVED CVE-2014-9685 (Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums ...) - TODO: check + NOT-FOR-US: Vanilla Forums CVE-2015- [potential application crash due to overread in fnmatch] - glibc (bug #779587) - eglibc @@ -3993,11 +3993,11 @@ CVE-2015-0894 RESERVED CVE-2015-0893 (Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka ...) - TODO: check + NOT-FOR-US: Maroyaka CVE-2015-0892 (Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka ...) - TODO: check + NOT-FOR-US: Maroyaka CVE-2015-0891 (Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka ...) - TODO: check + NOT-FOR-US: Maroyaka CVE-2015-0890 (The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for ...) NOT-FOR-US: BestWebSoft plugin for WordPress CVE-2015-0889 (KENT-WEB Joyful Note before 5.3 allows remote attackers to delete ...) @@ -6249,9 +6249,9 @@ CVE-2014-9284 RESERVED CVE-2014-9283 (The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows ...) - TODO: check + NOT-FOR-US: BestWebSoft plugin for WordPress CVE-2014-9282 (Directory traversal vulnerability in the Speed Root Explorer ...) - TODO: check + NOT-FOR-US: Speed Root Explorer CVE-2014-9268 (The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) ...) NOT-FOR-US: Autodesk Design Review CVE-2014-9267 (Heap-based buffer overflow in the PTC IsoView ActiveX control allows ...) @@ -7636,7 +7636,7 @@ CVE-2015-0168 RESERVED CVE-2015-0167 (Cross-site scripting (XSS) vulnerability in textAngular-sanitize.js in ...) - TODO: check + NOT-FOR-US: textAngular CVE-2015-0166 RESERVED CVE-2015-0165 @@ -8135,7 +8135,7 @@ CVE-2014-8922 RESERVED CVE-2014-8921 (The IBM Notes Traveler Companion application 1.0 and 1.1 before ...) - TODO: check + NOT-FOR-US: IBM Notes Traveler Companion CVE-2014-8920 (Buffer overflow in the Data Transfer Program in IBM i Access 5770-XE1 ...) NOT-FOR-US: IBM CVE-2014-8919 @@ -8734,7 +8734,7 @@ CVE-2014-8618 RESERVED CVE-2014-8617 (Cross-site scripting (XSS) vulnerability in the Web Action Quarantine ...) - TODO: check + NOT-FOR-US: FortiMail CVE-2014-8616 RESERVED CVE-2014-8615 @@ -9275,7 +9275,7 @@ CVE-2014-8488 (Cross-site scripting (XSS) vulnerability in the administrator panel in ...) NOT-FOR-US: yourls CVE-2014-8487 (Kony Management (aka Enterprise Mobile Management or EMM) 1.2 and ...) - TODO: check + NOT-FOR-US: Kony Management CVE-2014-8486 RESERVED CVE-2014-8482 @@ -10873,7 +10873,7 @@ [squeeze] - chromium-browser - icu 52.1-7.1 (bug #776265) CVE-2014-7922 (The GoogleAuthUtil.getToken method in the Google Play services SDK ...) - TODO: check + NOT-FOR-US: Google Play CVE-2014-7921 RESERVED CVE-2014-7920 @@ -10958,7 +10958,7 @@ CVE-2014-7897 RESERVED CVE-2014-7896 (Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 ...) - TODO: check + NOT-FOR-US: HP CVE-2014-7895 RESERVED CVE-2014-7894 @@ -10984,7 +10984,7 @@ CVE-2014-7884 RESERVED CVE-2014-7883 (HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the ...) - TODO: check + NOT-FOR-US: HP CVE-2014-7882 (Unspecified vulnerability in HP SiteScope 11.1x and 11.2x allows ...) NOT-FOR-US: HP SiteScope CVE-2014-7881 (Cross-site scripting (XSS) vulnerability in the server in HP Insight ...) @@ -14670,13 +14670,13 @@ CVE-2014-6305 RESERVED CVE-2014-6304 (The Form Controls CSS file in PNMsoft Sequence Kinetics before 7.7 ...) - TODO: check + NOT-FOR-US: PNMsoft CVE-2014-6303 (The Monitoring Administration pages in PNMsoft Sequence Kinetics ...) - TODO: check + NOT-FOR-US: PNMsoft CVE-2014-6302 (The Monitoring Administration pages in PNMsoft Sequence Kinetics ...) - TODO: check + NOT-FOR-US: PNMsoft CVE-2014-6301 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) - TODO: check + NOT-FOR-US: PNMsoft CVE-2014-6300 (Cross-site scripting (XSS) vulnerability in the micro history ...) - phpmyadmin 4:4.2.8.1-1 NOTE: http://www.phpmya
[Secure-testing-commits] r32393 - in data: CVE DSA
Author: mgilbert
Date: 2015-02-22 05:18:33 + (Sun, 22 Feb 2015)
New Revision: 32393
Modified:
data/CVE/list
data/DSA/list
Log:
allocate dsa for e2fsprogs
Modified: data/CVE/list
===
--- data/CVE/list 2015-02-22 05:01:07 UTC (rev 32392)
+++ data/CVE/list 2015-02-22 05:18:33 UTC (rev 32393)
@@ -1014,7 +1014,6 @@
CVE-2015-1572 [potential buffer overflow in closefs()]
RESERVED
- e2fsprogs (bug #778948)
- [wheezy] - e2fsprogs (Minor issue)
NOTE:
https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73
CVE-2015-1571 (The CAPWAP DTLS protocol implementation in Fortinet FortiOS 5.0
Patch ...)
NOT-FOR-US: Fortinet FortiOS
@@ -6723,7 +6722,6 @@
CVE-2015-0247 (Heap-based buffer overflow in openfs.c in the libext2fs library
in ...)
{DLA-153-1}
- e2fsprogs 1.42.12-1
- [wheezy] - e2fsprogs (Minor issue)
NOTE:
https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4
CVE-2015-0246
REJECTED
Modified: data/DSA/list
===
--- data/DSA/list 2015-02-22 05:01:07 UTC (rev 32392)
+++ data/DSA/list 2015-02-22 05:18:33 UTC (rev 32393)
@@ -1,3 +1,6 @@
+[22 Feb 2015] DSA-3166-1 e2fsprogs - security update
+ {CVE-2015-0247 CVE-2015-1572}
+ [wheezy] - e2fsprogs 1.42.5-1.1+deb7u1
[21 Feb 2015] DSA-3165-1 xdg-utils - security update
{CVE-2015-1877}
[wheezy] - xdg-utils 1.1.0~rc1+git20111210-6+deb7u3
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32392 - in data: . DSA
Author: mgilbert
Date: 2015-02-22 05:01:07 + (Sun, 22 Feb 2015)
New Revision: 32392
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
xdg-utils dsa
Modified: data/DSA/list
===
--- data/DSA/list 2015-02-22 03:02:04 UTC (rev 32391)
+++ data/DSA/list 2015-02-22 05:01:07 UTC (rev 32392)
@@ -1,3 +1,6 @@
+[21 Feb 2015] DSA-3165-1 xdg-utils - security update
+ {CVE-2015-1877}
+ [wheezy] - xdg-utils 1.1.0~rc1+git20111210-6+deb7u3
[21 Feb 2015] DSA-3164-1 typo3-src - security update
[wheezy] - typo3-src 4.5.19+dfsg1-5+wheezy4
[19 Feb 2015] DSA-3163-1 libreoffice - security update
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2015-02-22 03:02:04 UTC (rev 32391)
+++ data/dsa-needed.txt 2015-02-22 05:01:07 UTC (rev 32392)
@@ -81,6 +81,4 @@
--
unace
--
-xdg-utils (carnil)
---
zendframework
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32391 - data/CVE
Author: mgilbert Date: 2015-02-22 03:02:04 + (Sun, 22 Feb 2015) New Revision: 32391 Modified: data/CVE/list Log: document the fact that there is still ongoing work for CVE-2005-4890 Modified: data/CVE/list === --- data/CVE/list 2015-02-22 02:43:31 UTC (rev 32390) +++ data/CVE/list 2015-02-22 03:02:04 UTC (rev 32391) @@ -1,3 +1,6 @@ +CVE-2005- [more related to CVE-2005-4890] + - shadow (unimportant; bug #628843) + NOTE: only affects the su executable, so if you use sudo you're not affected CVE-2015- [TYPO3-CORE-SA-2015-001: Authentication Bypass] - typo3-src 4.5.40+dfsg1-1 (bug #778870) [squeeze] - typo3-src (Unsupported in squeeze-lts) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32390 - data/CVE
Author: mgilbert
Date: 2015-02-22 02:43:31 + (Sun, 22 Feb 2015)
New Revision: 32390
Modified:
data/CVE/list
Log:
mark shadow issue as unimportant
Modified: data/CVE/list
===
--- data/CVE/list 2015-02-22 02:04:01 UTC (rev 32389)
+++ data/CVE/list 2015-02-22 02:43:31 UTC (rev 32390)
@@ -38530,10 +38530,7 @@
NOTE: for incomplete fix for CVE-2013-0167
CVE-2013-4235 [TOCTOU race conditions by copying and removing directory trees]
RESERVED
- - shadow
- [jessie] - shadow (Minor issue)
- [wheezy] - shadow (Minor issue)
- [squeeze] - shadow (Minor issue)
+ - shadow (unimportant; bug #778950)
CVE-2013-4234 (Multiple heap-based buffer overflows in the (1) abc_MIDI_drum
and (2) ...)
{DSA-2751-1}
- libmodplug 1:0.8.8.4-4 (bug #719462)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32389 - data/CVE
Author: mgilbert Date: 2015-02-22 02:04:01 + (Sun, 22 Feb 2015) New Revision: 32389 Modified: data/CVE/list Log: e2fsprogs bug Modified: data/CVE/list === --- data/CVE/list 2015-02-21 21:25:12 UTC (rev 32388) +++ data/CVE/list 2015-02-22 02:04:01 UTC (rev 32389) @@ -1010,7 +1010,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/2 CVE-2015-1572 [potential buffer overflow in closefs()] RESERVED - - e2fsprogs + - e2fsprogs (bug #778948) [wheezy] - e2fsprogs (Minor issue) NOTE: https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73 CVE-2015-1571 (The CAPWAP DTLS protocol implementation in Fortinet FortiOS 5.0 Patch ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32253 - in data: . CVE
Author: mgilbert Date: 2015-02-16 02:57:06 + (Mon, 16 Feb 2015) New Revision: 32253 Modified: data/CVE/list data/dsa-needed.txt Log: take icu dsa Modified: data/CVE/list === --- data/CVE/list 2015-02-15 22:02:16 UTC (rev 32252) +++ data/CVE/list 2015-02-16 02:57:06 UTC (rev 32253) @@ -1,3 +1,5 @@ +CVE-2014- [more to CVE-2014-6585] + - icu (low; bug #778511) CVE-2015-1607 [memcpy with overlapping ranges, resulting from incorrect bitwise left shifts] [experimental] - gnupg2 2.1.2-1 - gnupg2 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2015-02-15 22:02:16 UTC (rev 32252) +++ data/dsa-needed.txt 2015-02-16 02:57:06 UTC (rev 32253) @@ -21,7 +21,7 @@ -- freetype -- -icu +icu (mgilbert) -- imagemagick no-dsa bugs CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32225 - data/CVE
Author: mgilbert Date: 2015-02-14 04:14:44 + (Sat, 14 Feb 2015) New Revision: 32225 Modified: data/CVE/list Log: bug submitted for kfreebsd Modified: data/CVE/list === --- data/CVE/list 2015-02-13 23:56:41 UTC (rev 32224) +++ data/CVE/list 2015-02-14 04:14:44 UTC (rev 32225) @@ -10674,7 +10674,7 @@ CVE-2014-7250 (The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly ...) - kfreebsd-8 - kfreebsd-9 - - kfreebsd-10 + - kfreebsd-10 (bug #778367) CVE-2014-7249 (Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, ...) NOT-FOR-US: Allied Telesis CVE-2014-7248 (Cross-site scripting (XSS) vulnerability in IPA iLogScanner 4.0 allows ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31882 - data/CVE
Author: mgilbert Date: 2015-01-31 23:18:24 + (Sat, 31 Jan 2015) New Revision: 31882 Modified: data/CVE/list Log: end-of-life tags for chromium in wheezy Modified: data/CVE/list === --- data/CVE/list 2015-01-31 22:08:46 UTC (rev 31881) +++ data/CVE/list 2015-01-31 23:18:24 UTC (rev 31882) @@ -709,6 +709,7 @@ TODO: check in which version the issue was introduced exactly CVE-2015-1346 (Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, ...) - chromium-browser 40.0.2214.91-1 + [wheezy] - chromium-browser [squeeze] - chromium-browser - libv8-3.14 (unimportant; bug #773671) NOTE: libv8 not covered by security support @@ -956,6 +957,7 @@ RESERVED CVE-2015-1205 (Multiple unspecified vulnerabilities in Google Chrome before ...) - chromium-browser 40.0.2214.91-1 + [wheezy] - chromium-browser [squeeze] - chromium-browser - icu (bug #776719) CVE-2015-1203 [stack allocation with an attacker-controlled size -- modules/access/ftp.c] @@ -8286,42 +8288,54 @@ RESERVED CVE-2014-7948 (The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in ...) - chromium-browser 40.0.2214.91-1 + [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7947 (OpenJPEG before r2944, as used in PDFium in Google Chrome before ...) - chromium-browser 40.0.2214.91-1 + [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7946 (The RenderTable::simplifiedNormalFlowLayout function in ...) - chromium-browser 40.0.2214.91-1 + [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7945 (OpenJPEG before r2908, as used in PDFium in Google Chrome before ...) - chromium-browser 40.0.2214.91-1 + [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7944 (The sycc422_to_rgb function in fxcodec/codec/fx_codec_jpx_opj.cpp in ...) - chromium-browser 40.0.2214.91-1 + [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7943 (Skia, as used in Google Chrome before 40.0.2214.91, allows remote ...) - chromium-browser 40.0.2214.91-1 + [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7942 (The Fonts implementation in Google Chrome before 40.0.2214.91 does not ...) - chromium-browser 40.0.2214.91-1 + [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7941 (The SelectionOwner::ProcessTarget function in ...) - chromium-browser 40.0.2214.91-1 + [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7940 (The collator implementation in i18n/ucol.cpp in International ...) - chromium-browser 40.0.2214.91-1 + [wheezy] - chromium-browser [squeeze] - chromium-browser - icu (bug #776265) CVE-2014-7939 (Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 ...) - chromium-browser 40.0.2214.91-1 + [wheezy] - chromium-browser [squeeze] - chromium-browser - libv8-3.14 (unimportant; bug #773671) NOTE: libv8 not covered by security support CVE-2014-7938 (The Fonts implementation in Google Chrome before 40.0.2214.91 allows ...) - chromium-browser 40.0.2214.91-1 + [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7937 (Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before ...) - chromium-browser 40.0.2214.91-1 + [wheezy] - chromium-browser [squeeze] - chromium-browser - ffmpeg 7:2.4.2-1 [squeeze] - ffmpeg @@ -8330,15 +8344,19 @@ NOTE: libav: needed CVE-2014-7936 (Use-after-free vulnerability in the ZoomBubbleView::Close function in ...) - chromium-browser 40.0.2214.91-1 + [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7935 (Use-after-free vulnerability in browser/speech/tts_message_filter.cc ...) - chromium-browser 40.0.2214.91-1 + [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7934 (Use-after-free vulnerability in the DOM implementation in Blink, as ...) - chromium-browser 40.0.2214.91-1 + [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7933 (Use-after-free vulnerability in the matroska_read_seek function in ...) - chromium-browser 40.0.2214.91-1 + [wheezy] - chromium-browser [squeeze] - chromium-browser - ffmpeg 7:2.5.1-1 [squeeze] - ffmpeg @@ -8348,40 +8366,50 @@ NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=490a3ebf36821b81f73e34ad3f554cb523dd2682 CVE-2014-7932 (Use-after-free vulnerability in the Element::detach function in ...) - chromium-browser 40.0.2214.91-1 +
[Secure-testing-commits] r31881 - in data: . DSA
Author: mgilbert
Date: 2015-01-31 22:08:46 + (Sat, 31 Jan 2015)
New Revision: 31881
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
chromium end of life
Modified: data/DSA/list
===
--- data/DSA/list 2015-01-31 21:38:13 UTC (rev 31880)
+++ data/DSA/list 2015-01-31 22:08:46 UTC (rev 31881)
@@ -1,3 +1,5 @@
+[31 Jan 2015] DSA-3148-1 chromium-browser - end of life
+ [wheezy] - chromium-browser
[30 Jan 2015] DSA-3147-1 openjdk-6 - security update
{CVE-2014-3566 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593
CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0407 CVE-2015-0408
CVE-2015-0410 CVE-2015-0412}
[wheezy] - openjdk-6 6b34-1.13.6-1~deb7u1
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2015-01-31 21:38:13 UTC (rev 31880)
+++ data/dsa-needed.txt 2015-01-31 22:08:46 UTC (rev 31881)
@@ -14,9 +14,6 @@
--
asterisk
--
-chromium-browser (mgilbert)
- to be EOLed
---
condor
--
imagemagick
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31880 - data/CVE
Author: mgilbert Date: 2015-01-31 21:38:13 + (Sat, 31 Jan 2015) New Revision: 31880 Modified: data/CVE/list Log: wpa info Modified: data/CVE/list === --- data/CVE/list 2015-01-31 21:10:16 UTC (rev 31879) +++ data/CVE/list 2015-01-31 21:38:13 UTC (rev 31880) @@ -5127,7 +5127,8 @@ RESERVED - wpa - wpasupplicant - TODO: check + NOTE: likely to be REJECTed + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0210 CVE-2015-0209 RESERVED CVE-2015-0208 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31875 - data/CVE
Author: mgilbert Date: 2015-01-31 17:01:40 + (Sat, 31 Jan 2015) New Revision: 31875 Modified: data/CVE/list Log: another icu issue Modified: data/CVE/list === --- data/CVE/list 2015-01-31 16:20:57 UTC (rev 31874) +++ data/CVE/list 2015-01-31 17:01:40 UTC (rev 31875) @@ -953,6 +953,7 @@ CVE-2015-1205 (Multiple unspecified vulnerabilities in Google Chrome before ...) - chromium-browser 40.0.2214.91-1 [squeeze] - chromium-browser + - icu (bug #776719) CVE-2015-1203 [stack allocation with an attacker-controlled size -- modules/access/ftp.c] RESERVED NOTE: VLC issue disputed by upstream, see bug #775866 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31874 - data/DSA
Author: mgilbert
Date: 2015-01-31 16:20:57 + (Sat, 31 Jan 2015)
New Revision: 31874
Modified:
data/DSA/list
Log:
add missing cve ids to requests dsa
Modified: data/DSA/list
===
--- data/DSA/list 2015-01-31 16:10:37 UTC (rev 31873)
+++ data/DSA/list 2015-01-31 16:20:57 UTC (rev 31874)
@@ -2,6 +2,7 @@
{CVE-2014-3566 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593
CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0407 CVE-2015-0408
CVE-2015-0410 CVE-2015-0412}
[wheezy] - openjdk-6 6b34-1.13.6-1~deb7u1
[30 Jan 2015] DSA-3146-1 requests - security update
+ {CVE-2014-1829 CVE-2014-1830}
[wheezy] - requests 0.12.1-1+deb7u1
[30 Jan 2015] DSA-3145-1 privoxy - security update
{CVE-2015-1381 CVE-2015-1382}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31676 - data/CVE
Author: mgilbert
Date: 2015-01-26 04:03:54 + (Mon, 26 Jan 2015)
New Revision: 31676
Modified:
data/CVE/list
Log:
some perl triage
Modified: data/CVE/list
===
--- data/CVE/list 2015-01-26 02:54:03 UTC (rev 31675)
+++ data/CVE/list 2015-01-26 04:03:54 UTC (rev 31676)
@@ -2674,10 +2674,7 @@
[squeeze] - libsndfile (Minor issue)
[wheezy] - libsndfile (Minor issue)
CVE-2014- [a2p: buffer overflow]
- - perl (low; bug #769606)
- [jessie] - perl (Minor issue)
- [squeeze] - perl (Minor issue)
- [wheezy] - perl (Minor issue)
+ - perl (unimportant; bug #769606)
CVE-2014-9486
REJECTED
CVE-2014-9497 [Buffer overflow]
@@ -55031,7 +55028,7 @@
RESERVED
CVE-2012-3878 [Perl require Directive Path Subversion Arbitrary Module / File
Loading Weakness]
RESERVED
- - perl
+ - perl (unimportant; bug #776270)
NOTE: http://osvdb.org/show/osvdb/106565
CVE-2012-3877
RESERVED
@@ -67479,7 +67476,7 @@
NOT-FOR-US: perl Batch::BatchRun CPAN module
CVE-2011-4116
RESERVED
- - perl (unimportant)
+ - perl (unimportant; bug #776268)
NOTE:
http://thread.gmane.org/gmane.comp.security.oss.general/6174/focus=6177
CVE-2011-4115
RESERVED
@@ -75261,8 +75258,9 @@
{DSA-2223-1}
- doctrine 1.2.4-1 (bug #622674)
CVE-2010-4777 (The Perl_reg_numbered_buff_fetch function in Perl 5.10.0,
5.12.0, ...)
- - perl (unimportant; bug #628836)
+ - perl 5.20.1-1 (unimportant; bug #628836)
NOTE: Only affects Perl builds with enabled assertions, i.e. the
debugperl binary from perl-debug
+ NOTE: likely fixed sometime around 5.18, but 5.20 was the version
checked
CVE-2009-5063 (Memory leak in the embedded_profile_len function in pngwutil.c
in ...)
- libpng 1.2.39-1 (unimportant)
CVE-2006-7244 (Memory leak in pngwutil.c in libpng 1.2.13beta1, and other
versions ...)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31675 - data/CVE
Author: mgilbert Date: 2015-01-26 02:54:03 + (Mon, 26 Jan 2015) New Revision: 31675 Modified: data/CVE/list Log: more icu issues Modified: data/CVE/list === --- data/CVE/list 2015-01-26 02:30:42 UTC (rev 31674) +++ data/CVE/list 2015-01-26 02:54:03 UTC (rev 31675) @@ -7887,6 +7887,7 @@ RESERVED - chromium-browser 40.0.2214.91-1 [squeeze] - chromium-browser + - icu (bug #776265) CVE-2014-7939 RESERVED - chromium-browser 40.0.2214.91-1 @@ -7943,6 +7944,7 @@ RESERVED - chromium-browser 40.0.2214.91-1 [squeeze] - chromium-browser + - icu (bug #776265) CVE-2014-7925 RESERVED - chromium-browser 40.0.2214.91-1 @@ -7955,6 +7957,7 @@ RESERVED - chromium-browser 40.0.2214.91-1 [squeeze] - chromium-browser + - icu (bug #776265) CVE-2014-7922 RESERVED CVE-2014-7921 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31674 - data/CVE
Author: mgilbert Date: 2015-01-26 02:30:42 + (Mon, 26 Jan 2015) New Revision: 31674 Modified: data/CVE/list Log: new icu bug number Modified: data/CVE/list === --- data/CVE/list 2015-01-26 02:27:38 UTC (rev 31673) +++ data/CVE/list 2015-01-26 02:30:42 UTC (rev 31674) @@ -10955,7 +10955,7 @@ - openjdk-6 - openjdk-7 7u75-2.5.4-1 - openjdk-8 - - icu (bug #775884) + - icu (bug #776264) CVE-2014-6584 (Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) ...) TODO: check CVE-2014-6583 (Unspecified vulnerability in the Oracle Marketing component in Oracle ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31673 - data/CVE
Author: mgilbert Date: 2015-01-26 02:27:38 + (Mon, 26 Jan 2015) New Revision: 31673 Modified: data/CVE/list Log: one icu issue not yet fixed Modified: data/CVE/list === --- data/CVE/list 2015-01-26 01:38:15 UTC (rev 31672) +++ data/CVE/list 2015-01-26 02:27:38 UTC (rev 31673) @@ -10955,7 +10955,7 @@ - openjdk-6 - openjdk-7 7u75-2.5.4-1 - openjdk-8 - - icu 52.1-7 (bug #775884) + - icu (bug #775884) CVE-2014-6584 (Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) ...) TODO: check CVE-2014-6583 (Unspecified vulnerability in the Oracle Marketing component in Oracle ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31672 - data/CVE
Author: mgilbert Date: 2015-01-26 01:38:15 + (Mon, 26 Jan 2015) New Revision: 31672 Modified: data/CVE/list Log: minizip uploaded Modified: data/CVE/list === --- data/CVE/list 2015-01-25 22:57:15 UTC (rev 31671) +++ data/CVE/list 2015-01-26 01:38:15 UTC (rev 31672) @@ -2607,7 +2607,7 @@ NOTE: CVE request: http://seclists.org/oss-sec/2014/q4/1035 CVE-2014-9485 [miniunzip directory traversal] RESERVED - - minizip (low; bug #774321) + - minizip 1.1-5 (low; bug #774321) CVE-2014-9426 (** DISPUTED ** The apprentice_load function in libmagic/apprentice.c ...) - file (PHP specific modification in libmagic/apprentice.c) - php5 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31545 - data/CVE
Author: mgilbert
Date: 2015-01-19 21:54:40 + (Mon, 19 Jan 2015)
New Revision: 31545
Modified:
data/CVE/list
Log:
ruby-devise issue fixed prior to initial upload
Modified: data/CVE/list
===
--- data/CVE/list 2015-01-19 21:10:15 UTC (rev 31544)
+++ data/CVE/list 2015-01-19 21:54:40 UTC (rev 31545)
@@ -46995,7 +46995,7 @@
CVE-2013-0234 (Cross-site scripting (XSS) vulnerability in the Twitter widget
in Elgg ...)
- elgg (bug #526197)
CVE-2013-0233 (Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before
2.0.5, ...)
- - ruby-devise (bug #691525)
+ - ruby-devise 3.4.1-1
CVE-2013-0232 (includes/functions.php in ZoneMinder Video Server 1.24.0,
1.25.0, and ...)
{DSA-2640-1}
- zoneminder 1.25.0-4 (bug #698910)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31522 - in data: . DSA
Author: mgilbert
Date: 2015-01-19 04:02:13 + (Mon, 19 Jan 2015)
New Revision: 31522
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
xdg-utils dsa
Modified: data/DSA/list
===
--- data/DSA/list 2015-01-18 21:10:16 UTC (rev 31521)
+++ data/DSA/list 2015-01-19 04:02:13 UTC (rev 31522)
@@ -1,3 +1,6 @@
+[18 Jan 2015] DSA-3131-1 xdg-utils - security update
+ {CVE-2014-9622}
+ [wheezy] - xdg-utils 1.1.0~rc1+git20111210-6+deb7u2
[16 Jan 2015] DSA-3130-1 lsyncd - security update
{CVE-2014-8990}
[wheezy] - lsyncd 2.0.7-3+deb7u1
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2015-01-18 21:10:16 UTC (rev 31521)
+++ data/dsa-needed.txt 2015-01-19 04:02:13 UTC (rev 31522)
@@ -81,8 +81,6 @@
--
wireshark
--
-xdg-utils
---
xen
--
zendframework
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31507 - data/CVE
Author: mgilbert Date: 2015-01-18 18:59:14 + (Sun, 18 Jan 2015) New Revision: 31507 Modified: data/CVE/list Log: matplotlib issue Modified: data/CVE/list === --- data/CVE/list 2015-01-18 16:43:35 UTC (rev 31506) +++ data/CVE/list 2015-01-18 18:59:14 UTC (rev 31507) @@ -1,3 +1,5 @@ +CVE-2013- [matplotlib buffer overrun] + - matplotlib (low; bug #775691) CVE-2015-1160 RESERVED CVE-2015-1159 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31189 - data/CVE
Author: mgilbert Date: 2015-01-08 00:40:53 + (Thu, 08 Jan 2015) New Revision: 31189 Modified: data/CVE/list Log: cpio issue Modified: data/CVE/list === --- data/CVE/list 2015-01-07 21:14:25 UTC (rev 31188) +++ data/CVE/list 2015-01-08 00:40:53 UTC (rev 31189) @@ -1,3 +1,5 @@ +CVE-2015- [cpio directory traversal] + - cpio (low; bug #774669) CVE-2015- [CHM decompression: pointer arithmetic overflow] - libmspack (bug #774726) CVE-2015- [CHM decompression: division by zero] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31131 - data/CVE
Author: mgilbert Date: 2015-01-04 20:26:19 + (Sun, 04 Jan 2015) New Revision: 31131 Modified: data/CVE/list Log: old libsndfile issue fixed a while ago Modified: data/CVE/list === --- data/CVE/list 2015-01-04 18:55:11 UTC (rev 31130) +++ data/CVE/list 2015-01-04 20:26:19 UTC (rev 31131) @@ -85020,7 +85020,7 @@ CVE-2009-4836 (Eval injection vulnerability in system/services/init.php in Movie PHP ...) NOT-FOR-US: Movie PHP Script CVE-2009-4835 (The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, ...) - - libsndfile (unimportant; bug #530831) + - libsndfile 1.0.21-3 (unimportant; bug #530831) NOTE: application crash only, so not security-relevant CVE-2010-1723 (Directory traversal vulnerability in the iNetLanka Contact Us Draw ...) NOT-FOR-US: com_drawroot component for joomla! ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31130 - data
Author: mgilbert Date: 2015-01-04 18:55:11 + (Sun, 04 Jan 2015) New Revision: 31130 Modified: data/embedded-code-copies Log: remove wine-unstable Modified: data/embedded-code-copies === --- data/embedded-code-copies 2015-01-04 17:26:07 UTC (rev 31129) +++ data/embedded-code-copies 2015-01-04 18:55:11 UTC (rev 31130) @@ -2893,10 +2893,7 @@ - wine (bug #675559) NOTE: wine: has a lot of source files that share the same names as the files NOTE: in libmspack, but they are entirely different implementations. - - wine-unstable (bug #675561) + - wine-development (bug #675561) NOTE: wine: has a lot of source files that share the same names as the files NOTE: in libmspack, but they are entirely different implementations. - - wine-development - NOTE: wine: has a lot of source files that share the same names as the files - NOTE: in libmspack, but they are entirely different implementations. - calibre (embed; bug #675562) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31094 - data/CVE
Author: mgilbert Date: 2015-01-02 19:18:19 + (Fri, 02 Jan 2015) New Revision: 31094 Modified: data/CVE/list Log: xdg-utils fixed Modified: data/CVE/list === --- data/CVE/list 2015-01-02 18:56:51 UTC (rev 31093) +++ data/CVE/list 2015-01-02 19:18:19 UTC (rev 31094) @@ -2874,7 +2874,7 @@ NOTE: http://github.com/mantisbt/mantisbt/commit/5f0b150b NOTE: http://www.mantisbt.org/bugs/view.php?id=17742 CVE-2013- [xdg-open RCE] - - xdg-utils (bug #773085) + - xdg-utils 1.1.0~rc1+git20111210-7.2 (bug #773085) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=66670 CVE-2014-8991 (pip 1.3 through 1.5.6 allows local users to cause a denial of service ...) - python-pip 1.5.6-4 (bug #725847) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
