[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] LTS: Claim apache2 in dla-needed.txt
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: df6be470 by Roberto C. Sánchez at 2018-04-01T08:27:03-04:00 LTS: Claim apache2 in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -10,7 +10,7 @@ this list is updated have a look at https://wiki.debian.org/LTS/Development#Triage_new_security_issues -- -apache2 +apache2 (Roberto C. Sánchez) -- calibre NOTE: 20180321: Instead of replacing pickle with json, maybe disable bookmarking View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/df6be4708b11580d73ed94eed76a7a5ac2dc602a --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/df6be4708b11580d73ed94eed76a7a5ac2dc602a You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DLA-1285-1 for bind9
Roberto C. Sánchez pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
20f9e904 by Roberto C. Sánchez at 2018-02-16T16:26:41-05:00
Reserve DLA-1285-1 for bind9
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[16 Feb 2018] DLA-1285-1 bind9 - security update
+ {CVE-2018-5735}
+ [wheezy] - bind9 9.8.4.dfsg.P1-6+nmu2+deb7u20
[15 Feb 2018] DLA-1284-1 leptonlib - security update
{CVE-2018-3836}
[wheezy] - leptonlib 1.69-3.1+deb7u1
=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -10,9 +10,6 @@ this list is updated have a look at
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
-bind9
- NOTE: roberto was working on this on feb 7th: #889285
---
dovecot (Thorsten Alteholz)
NOTE: after applying the patch, login segfaults
NOTE: maintainer and security team are looking into this
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/20f9e9047858236ebd9debb6b811092c1bff1c1b
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/20f9e9047858236ebd9debb6b811092c1bff1c1b
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] LTS: Claim gcc-4.6/gcc-4.6 in dla-needed.txt
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: b0534d8f by Roberto C. Sánchez at 2018-02-15T06:49:19-05:00 LTS: Claim gcc-4.6/gcc-4.6 in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -15,13 +15,13 @@ dovecot (Thorsten Alteholz) NOTE: maintainer and security team are looking into this NOTE: probably no-dsa -- -gcc-4.6 +gcc-4.6 (Roberto C. Sánchez) NOTE: Backport the retpoline support for spectre mitigation. NOTE: Coordinate with jmm who started the work for gcc-4.9 in jessie. NOTE: This gcc version is used by the kernel build. Its update is NOTE: thus more important than the one of gcc-4.7. -- -gcc-4.7 +gcc-4.7 (Roberto C. Sánchez) NOTE: Backport the retpoline support for spectre mitigation. NOTE: Do we want/need it on this gcc version as well? -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b0534d8f964766df5b642756264faee8d1e36783 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b0534d8f964766df5b642756264faee8d1e36783 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DLA-1282-1 for graphicsmagick
Roberto C. Sánchez pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5ada38fc by Roberto C. Sánchez at 2018-02-13T23:35:04-05:00
Reserve DLA-1282-1 for graphicsmagick
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[13 Feb 2018] DLA-1282-1 graphicsmagick - security update
+ {CVE-2018-6799}
+ [wheezy] - graphicsmagick 1.3.16-1.1+deb7u18
[13 Feb 2018] DLA-1281-1 advancecomp - security update
{CVE-2018-1056}
[wheezy] - advancecomp 1.15-1+deb7u1
=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -15,8 +15,6 @@ dovecot (Thorsten Alteholz)
NOTE: maintainer and security team are looking into this
NOTE: probably no-dsa
--
-graphicsmagick (Roberto C. Sánchez)
---
icu (Thorsten Alteholz)
NOTE: 20171229: CVE-2017-15422 was reported via Google Code issue report in
Chromium project; report is not visible to the public
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5ada38fc4be719c6b15dc457c63354b01ecb686d
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5ada38fc4be719c6b15dc457c63354b01ecb686d
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Additional commit link for CVE-2018-6799/graphicsmagick
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 242039e2 by Roberto C. Sánchez at 2018-02-12T23:20:49-05:00 Additional commit link for CVE-2018-6799/graphicsmagick - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -303,6 +303,7 @@ CVE-2018-6800 CVE-2018-6799 (The AcquireCacheNexus function in magick/pixel_cache.c in ...) - graphicsmagick 1.3.28-1 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/b41e2efce6d3 + NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d30ed06e9b87 CVE-2018-6798 RESERVED CVE-2018-6797 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/242039e2405a7cdf812ee31f92cc6383541b7ef3 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/242039e2405a7cdf812ee31f92cc6383541b7ef3 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DLA-1277-1 for audacity
Roberto C. Sánchez pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1c0d00ff by Roberto C. Sánchez at 2018-02-11T23:08:34-05:00
Reserve DLA-1277-1 for audacity
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[11 Feb 2018] DLA-1277-1 audacity - security update
+ {CVE-2016-2540}
+ [wheezy] - audacity 2.0.1-1+deb7u1
[11 Feb 2018] DLA-1276-1 tomcat-native - security update
{CVE-2017-15698}
[wheezy] - tomcat-native 1.1.24-1+deb7u1
=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -10,8 +10,6 @@ this list is updated have a look at
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
-audacity (Roberto C. Sánchez)
---
clamav (Thorsten Alteholz)
--
dovecot (Thorsten Alteholz)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1c0d00ff1cf1dc586619ff2b1c685e80c098433e
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1c0d00ff1cf1dc586619ff2b1c685e80c098433e
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Remove additional questionable commit (that also doesn't apply) from CVE-2016-2540/audacity.
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 6f54fba4 by Roberto C. Sánchez at 2018-02-11T22:35:41-05:00 Remove additional questionable commit (that also doesnt apply) from CVE-2016-2540/audacity. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -91375,7 +91375,6 @@ CVE-2016-2540 (Audacity before 2.1.2 allows remote attackers to cause a denial o NOTE: http://wiki.audacityteam.org/wiki/Release_Notes_2.1.2 NOTE: https://github.com/audacity/audacity/commit/407c1dc4b209111e4dbb3eec88f333aa8f69094c NOTE: https://github.com/audacity/audacity/commit/b5f2046286b266b10f87b764faa1586aee9c23ea - NOTE: https://github.com/audacity/audacity/commit/0e43079d061a4fde133aa4682a6c552552821ff0 CVE-2016-2539 (Cross-site request forgery (CSRF) vulnerability in install_modules.php ...) NOT-FOR-US: ATutor CVE-2016-2550 (The Linux kernel before 4.5 allows local users to bypass ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f54fba4feaba8be2fa4b7daacdbdb61552ff8d9 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f54fba4feaba8be2fa4b7daacdbdb61552ff8d9 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Annotate another commit related to CVE-2016-2540/audacity
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 935a7fef by Roberto C. Sánchez at 2018-02-11T21:18:00-05:00 Annotate another commit related to CVE-2016-2540/audacity - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -91375,6 +91375,7 @@ CVE-2016-2540 (Audacity before 2.1.2 allows remote attackers to cause a denial o NOTE: http://wiki.audacityteam.org/wiki/Release_Notes_2.1.2 NOTE: https://github.com/audacity/audacity/commit/407c1dc4b209111e4dbb3eec88f333aa8f69094c NOTE: https://github.com/audacity/audacity/commit/b5f2046286b266b10f87b764faa1586aee9c23ea + NOTE: https://github.com/audacity/audacity/commit/0e43079d061a4fde133aa4682a6c552552821ff0 CVE-2016-2539 (Cross-site request forgery (CSRF) vulnerability in install_modules.php ...) NOT-FOR-US: ATutor CVE-2016-2550 (The Linux kernel before 4.5 allows local users to bypass ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/935a7fef8c6b438a689c1a94ec41dc2e1c312b84 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/935a7fef8c6b438a689c1a94ec41dc2e1c312b84 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] LTS: claim audacity in dla-needed.txt
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 037dca18 by Roberto C. Sánchez at 2018-02-10T19:45:10-05:00 LTS: claim audacity in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -10,7 +10,7 @@ this list is updated have a look at https://wiki.debian.org/LTS/Development#Triage_new_security_issues -- -audacity +audacity (Roberto C. Sánchez) -- clamav (Thorsten Alteholz) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/037dca1869450b4baba5ffdd2c4eec93d8caf4a6 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/037dca1869450b4baba5ffdd2c4eec93d8caf4a6 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] LTS: claim graphicsmagick in dla-needed.txt
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: f9db8690 by Roberto C. Sánchez at 2018-02-07T13:19:35-05:00 LTS: claim graphicsmagick in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -17,7 +17,7 @@ dovecot (Thorsten Alteholz) NOTE: maintainer and security team are looking into this NOTE: probably no-dsa -- -graphicsmagick +graphicsmagick (Roberto C. Sánchez) -- icu NOTE: 20171229: CVE-2017-15422 was reported via Google Code issue report in Chromium project; report is not visible to the public View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f9db8690121b49175717fee7d07a313792e16c31 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f9db8690121b49175717fee7d07a313792e16c31 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] LTS: adjust status of binutils/CVE-2018-6543
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: a7c17400 by Roberto C. Sánchez at 2018-02-02T21:33:56-05:00 LTS: adjust status of binutils/CVE-2018-6543 - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -104,6 +104,7 @@ CVE-2018-6543 (In GNU Binutils 2.30, there's an integer overflow in the function - binutils [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22769 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f2023ce7e8d70b0155cc6206c901e185260918f0 CVE-2018-6542 (In ZZIPlib 0.13.67, there is a bus error (when handling a ...) = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -10,8 +10,6 @@ this list is updated have a look at https://wiki.debian.org/LTS/Development#Triage_new_security_issues -- -binutils --- dovecot (Thorsten Alteholz) NOTE: after applying the patch, login segfaults NOTE: maintainer and security team are looking into this View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a7c174004bf5c50a8d59ff8a78c24bbc376fc740 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a7c174004bf5c50a8d59ff8a78c24bbc376fc740 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DLA-1266-1 for squid3
Roberto C. Sánchez pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
872a4bc8 by Roberto C. Sánchez at 2018-02-02T08:54:59-05:00
Reserve DLA-1266-1 for squid3
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[02 Feb 2018] DLA-1266-1 squid3 - security update
+ {CVE-2018-124 CVE-2018-127}
+ [wheezy] - squid3 3.1.20-2.2+deb7u8
[01 Feb 2018] DLA-1249-2 smarty3 - regression update
[wheezy] - smarty3 3.1.10-2+deb7u3
[31 Jan 2018] DLA-1265-1 krb5 - security update
=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -68,8 +68,6 @@ squid (Roberto C. Sánchez)
NOTE: that the code is actually not vulnerable.
NOTE: 20180201: Similar code pattern exists in src/client_side.c (Abhijith)
--
-squid3 (Roberto C. Sánchez)
---
xen
NOTE: mention mitigation for CVE-2017-15590 in next DLA
NOTE: https://xenbits.xen.org/xsa/advisory-237.html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/872a4bc8810f7f9f255ac9ae2e901df1a5ab0656
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/872a4bc8810f7f9f255ac9ae2e901df1a5ab0656
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] LTS: claim squid3 in dla-needed.txt
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 453e65ae by Roberto C. Sánchez at 2018-01-30T14:41:32-05:00 LTS: claim squid3 in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -61,7 +61,7 @@ openjdk-7 (Emilio Pozuelo) -- p7zip -- -squid3 +squid3 (Roberto C. Sánchez) -- xen -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/453e65aec799d006877caf4de844bb576fa36b2d --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/453e65aec799d006877caf4de844bb576fa36b2d You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DLA-1261-1 for clamav
Roberto C. Sánchez pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8bbf9793 by Roberto C. Sánchez at 2018-01-27T21:21:36-05:00
Reserve DLA-1261-1 for clamav
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[27 Jan 2018] DLA-1261-1 clamav - security update
+ {CVE-2017-6418 CVE-2017-6420 CVE-2017-12374 CVE-2017-12375
CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380}
+ [wheezy] - clamav 0.99.2+dfsg-0+deb7u4
[27 Jan 2018] DLA-1260-1 tiff3 - security update
{CVE-2017-18013}
[wheezy] - tiff3 3.9.6-11+deb7u9
=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -10,9 +10,6 @@ this list is updated have a look at
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
-clamav (Roberto C. Sánchez)
- NOTE: jessie and stretch got update via -update
---
curl (Thorsten Alteholz)
--
dovecot (Thorsten Alteholz)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8bbf9793342470b926382b1f35352d6e364fb04d
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8bbf9793342470b926382b1f35352d6e364fb04d
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] LTS: claim clamav in dla-needed.txt
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 65efe53e by Roberto C. Sánchez at 2018-01-27T15:33:52-05:00 LTS: claim clamav in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -10,7 +10,7 @@ this list is updated have a look at https://wiki.debian.org/LTS/Development#Triage_new_security_issues -- -clamav +clamav (Roberto C. Sánchez) NOTE: jessie and stretch got update via -update -- curl (Thorsten Alteholz) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/65efe53efad650fb1f28ca08bc43ec2edee13886 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/65efe53efad650fb1f28ca08bc43ec2edee13886 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DLA-1260-1 for tiff3
Roberto C. Sánchez pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
861c10d6 by Roberto C. Sánchez at 2018-01-27T14:51:40-05:00
Reserve DLA-1260-1 for tiff3
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[27 Jan 2018] DLA-1260-1 tiff3 - security update
+ {CVE-2017-18013}
+ [wheezy] - tiff3 3.9.6-11+deb7u9
[27 Jan 2018] DLA-1259-1 tiff - security update
{CVE-2017-18013}
[wheezy] - tiff 4.0.2-6+deb7u18
=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -72,8 +72,6 @@ swftools (Guido Günther)
--
thunderbird (Guido Günther)
--
-tiff3 (Roberto C. Sánchez)
---
unbound (Markus Koschany)
--
wordpress
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/861c10d694b3eb98d89678abfe09e9093075c316
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/861c10d694b3eb98d89678abfe09e9093075c316
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DLA-1259-1 for tiff
Roberto C. Sánchez pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
edd93c28 by Roberto C. Sánchez at 2018-01-27T14:51:16-05:00
Reserve DLA-1259-1 for tiff
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[27 Jan 2018] DLA-1259-1 tiff - security update
+ {CVE-2017-18013}
+ [wheezy] - tiff 4.0.2-6+deb7u18
[26 Jan 2018] DLA-1258-1 wireshark - security update
{CVE-2018-5334 CVE-2018-5335 CVE-2018-5336}
[wheezy] - wireshark 1.12.1+g01b65bf-4+deb8u6~deb7u9
=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -72,8 +72,6 @@ swftools (Guido Günther)
--
thunderbird (Guido Günther)
--
-tiff (Roberto C. Sánchez)
---
tiff3 (Roberto C. Sánchez)
--
unbound (Markus Koschany)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/edd93c2853d15b86cdbf5e0f81488a69676ca9d3
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/edd93c2853d15b86cdbf5e0f81488a69676ca9d3
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] LTS: tiff/tiff3 CVE triage
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 1a4b562d by Roberto C. Sánchez at 2018-01-27T14:22:26-05:00 LTS: tiff/tiff3 CVE triage - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1388,7 +1388,9 @@ CVE-2018-5784 (In LibTIFF 4.0.9, there is an uncontrolled resource consumption i - tiff [stretch] - tiff (Minor issue, revisit once fixed upstream) [jessie] - tiff (Minor issue, revisit once fixed upstream) + [wheezy] - tiff (Minor issue, revisit once fixed upstream) - tiff3 + [wheezy] - tiff3 (Minor issue, revisit once fixed upstream) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2772 CVE-2018-5783 (In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the ...) - libpodofo @@ -2427,7 +2429,9 @@ CVE-2018-5360 (LibTIFF before 4.0.6 mishandles the reading of TIFF files, as ... - tiff [stretch] - tiff (Minor issue, revisit once fixed upstream) [jessie] - tiff (Minor issue, revisit once fixed upstream) + [wheezy] - tiff (Minor issue, revisit once fixed upstream) - tiff3 + [wheezy] - tiff3 (Minor issue, revisit once fixed upstream) NOTE: Issue demostrated in tiff via a vector through graphicsmagick, cf. NOTE: https://sourceforge.net/p/graphicsmagick/bugs/540/ TODO: claimed to be fixed in latest libtiff, but no idication yet which changes adresses the issue @@ -6621,7 +6625,9 @@ CVE-2017-17942 (In LibTIFF 4.0.9, there is a heap-based buffer over-read in the - tiff (bug #885579) [stretch] - tiff (Minor issue, revisit once fixed upstream) [jessie] - tiff (Minor issue, revisit once fixed upstream) + [wheezy] - tiff (Minor issue, revisit once fixed upstream) - tiff3 + [wheezy] - tiff3 (Minor issue, revisit once fixed upstream) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2767 CVE-2017-17941 (PHP Scripts Mall Single Theater Booking has SQL Injection via the ...) NOT-FOR-US: PHP Scripts Mall Single Theater Booking @@ -32731,7 +32737,9 @@ CVE-2017-11613 (In LibTIFF 4.0.8, there is a denial of service vulnerability in - tiff (low; bug #869823) [stretch] - tiff (Minor issue, revisit once fixed upstream) [jessie] - tiff (Minor issue, revisit once fixed upstream) + [wheezy] - tiff (Minor issue, revisit once fixed upstream) - tiff3 + [wheezy] - tiff3 (Minor issue, revisit once fixed upstream) NOTE: https://gist.github.com/dazhouzhou/1a3b7400547f23fe316db303ab9b604f NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2724 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1475530 @@ -36272,9 +36280,9 @@ CVE-2017-9816 (Cross-site scripting (XSS) vulnerability in Paessler PRTG Network CVE-2017-9815 (In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in ...) - tiff 4.0.8-1 [jessie] - tiff (Minor issue) - [wheezy] - tiff (Minor issue) + [wheezy] - tiff (Minor issue) - tiff3 - [wheezy] - tiff3 (Minor issue) + [wheezy] - tiff3 (Minor issue) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2682 NOTE: Fixed by: https://github.com/vadz/libtiff/commit/fb3dc46a2fcf6197ff3b93fc76f0c37fddc0333b NOTE: The issue is addressed with the same commit as for CVE-2017-9403 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1a4b562d322879e33b760d7fa018bed4fad7570c --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1a4b562d322879e33b760d7fa018bed4fad7570c You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DLA-1245-1 for graphicsmagick
Roberto C. Sánchez pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6e42cd16 by Roberto C. Sánchez at 2018-01-15T23:12:47-05:00
Reserve DLA-1245-1 for graphicsmagick
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[15 Jan 2018] DLA-1245-1 graphicsmagick - security update
+ {CVE-2018-5685}
+ [wheezy] - graphicsmagick 1.3.16-1.1+deb7u17
[16 Jan 2018] DLA-1244-1 ca-certificates - security update
[wheezy] - ca-certificates 20130119+deb7u2
[15 Jan 2018] DLA-1243-1 xbmc - security update
=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -16,8 +16,6 @@ couchdb (Thorsten Alteholz)
exiv2 (Brian May)
NOTE: 20180101: built wheezy version with ASAN in jessie and confirmed that
CVE-2017-17669 applies to wheezy version
--
-graphicsmagick (Roberto C. Sánchez)
---
icu
NOTE: 20171229: CVE-2017-15422 was reported via Google Code issue report in
Chromium project; report is not visible to the public
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6e42cd16f5636613aa1e1a0fda3185de0e8ab53b
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6e42cd16f5636613aa1e1a0fda3185de0e8ab53b
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Note that CVE-2018-5685/graphicsmagick only affects 32-bit arch << 1.3.27
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 699ef605 by Roberto C. Sánchez at 2018-01-15T20:44:45-05:00 Note that CVE-2018-5685/graphicsmagick only affects 32-bit arch 1.3.27 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -41,6 +41,7 @@ CVE-2018-5685 (In GraphicsMagick 1.3.27, there is an infinite loop and applicati - graphicsmagick 1.3.27-4 (bug #887158) NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/52a91ddb1aa6 NOTE: https://sourceforge.net/p/graphicsmagick/bugs/541/ + NOTE: Before 1.3.27, the problem only affects 32-bit architectures (i.e., 4-byte long) it expanded to 64-bit architectures with upstream commit be5e89e6032d CVE-2018-5684 (In Libav through 12.2, there is an invalid memcpy call in the ...) - libav NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1110 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/699ef605c758669ef0ec2cb148664c600f219069 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/699ef605c758669ef0ec2cb148664c600f219069 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Claim graphicsmagick in dla-needed.txt
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 1326c3ba by Roberto C. Sánchez at 2018-01-14T12:40:53-05:00 Claim graphicsmagick in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -20,7 +20,7 @@ couchdb (Thorsten Alteholz) exiv2 (Brian May) NOTE: 20180101: built wheezy version with ASAN in jessie and confirmed that CVE-2017-17669 applies to wheezy version -- -graphicsmagick +graphicsmagick (Roberto C. Sánchez) -- icu NOTE: 20171229: CVE-2017-15422 was reported via Google Code issue report in Chromium project; report is not visible to the public View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1326c3ba3dd436ccac526fe6764383d02359ea43 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1326c3ba3dd436ccac526fe6764383d02359ea43 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] LTS: annotate CVE-2018-4868/exiv2 does not affect wheezy
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 3f55e61a by Roberto C. Sánchez at 2018-01-10T22:45:23-05:00 LTS: annotate CVE-2018-4868/exiv2 does not affect wheezy - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1011,6 +1011,7 @@ CVE-2018-4868 (The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exi - exiv2 [stretch] - exiv2 (Minor issue) [jessie] - exiv2 (Minor issue) + [wheezy] - exiv2 (Reproducer does not cause failure; vulnerable code not present) NOTE: https://github.com/Exiv2/exiv2/issues/202 CVE-2017-1000500 (Keycloak SSO versions prior to 2.x are vulnerable to Host Header ...) NOT-FOR-US: Keycloak View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3f55e61a695b8d87ddc232438e3cfff3515a0e51 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3f55e61a695b8d87ddc232438e3cfff3515a0e51 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] LTS: remove imagemagick from dla-needed.txt, it has no issues outstanding
Roberto C. Sánchez pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f91d5b76 by Roberto C. Sánchez at 2018-01-07T23:29:24-05:00
LTS: remove imagemagick from dla-needed.txt, it has no issues outstanding
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -29,8 +29,6 @@ gifsicle (Chris Lamb)
icu
NOTE: 20171229: CVE-2017-15422 was reported via Google Code issue report in
Chromium project; report is not visible to the public
--
-imagemagick (Roberto C. Sánchez)
---
lame (Hugo Lefeuvre)
NOTE: Couldn't reproduce CVE-2017-{69-72}, but successfully reproduced
CVE-2017-150{18,45,46}
NOTE: 20171120: Backporting 3.100 is not conceivable, diff >40k lines.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f91d5b7681e36fa77d218008db6d80ca20e60721
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f91d5b7681e36fa77d218008db6d80ca20e60721
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] LTS: annotate CVE-2018-5248/imagemagick as not affecting wheezy
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: f9ccd47e by Roberto C. Sánchez at 2018-01-07T23:27:19-05:00 LTS: annotate CVE-2018-5248/imagemagick as not affecting wheezy - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -17,6 +17,7 @@ CVE-2018-5249 (Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 - shaarli (bug #864559) CVE-2018-5248 (In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in ...) - imagemagick (bug #886588) + [wheezy] - imagemagick (Vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/927 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/c76434c16b5ac8861ee0c5d5c3ab8974fae3d624 NOTE: https://github.com/ImageMagick/ImageMagick/commit/0272305f91763b5ce119a2c7a0e0084d8241a58d View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f9ccd47e586260863b1945290620ff208144d677 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f9ccd47e586260863b1945290620ff208144d677 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Claim imagemagick in dla-needed.txt
Roberto C. Sánchez pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e82c4353 by Roberto C. Sánchez at 2018-01-07T08:11:58-05:00
Claim imagemagick in dla-needed.txt
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -31,7 +31,7 @@ graphicsmagick (Markus Koschany)
icu
NOTE: 20171229: CVE-2017-15422 was reported via Google Code issue report in
Chromium project; report is not visible to the public
--
-imagemagick
+imagemagick (Roberto C. Sánchez)
--
lame (Hugo Lefeuvre)
NOTE: Couldn't reproduce CVE-2017-{69-72}, but successfully reproduced
CVE-2017-150{18,45,46}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e82c435398837210657157ae6a584bac715496ed
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e82c435398837210657157ae6a584bac715496ed
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] LTS: note CVE-2017-18013 affects tiff3
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 50bc4c89 by Roberto C. Sánchez at 2018-01-01T12:31:12-05:00 LTS: note CVE-2017-18013 affects tiff3 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -4,6 +4,7 @@ CVE-2018-3810 (Authentication Bypass vulnerability in the Oturia Smart Google Co NOT-FOR-US: Oturia Smart Google Code Inserter plugin for WordPress CVE-2017-18013 (In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the ...) - tiff (bug #885985) + - tiff3 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2770 NOTE: https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01 CVE-2017-18012 (The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/50bc4c891d146f4f21d699204e0430ddba0b2b2d --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/50bc4c891d146f4f21d699204e0430ddba0b2b2d You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] LTS: add exiv2 along with note that CVE-2017-17669 applies
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: ec5d6fda by Roberto C. Sánchez at 2018-01-01T12:00:02-05:00 LTS: add exiv2 along with note that CVE-2017-17669 applies - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -17,6 +17,9 @@ ca-certificates couchdb NOTE: Only in wheezy, we are on our own. -- +exiv2 + NOTE: 20180101: built wheezy version with ASAN in jessie and confirmed that CVE-2017-17669 applies to wheezy version +-- graphicsmagick (Markus Koschany) -- icu View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ec5d6fdaf5a18e7549ea74f82a18544aa1cdae66 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ec5d6fdaf5a18e7549ea74f82a18544aa1cdae66 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] LTS: mark CVE-2017-17973/tiff no-dsa, same as for jessie and stretch
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: ea419ad2 by Roberto C. Sánchez at 2017-12-30T20:41:46-05:00 LTS: mark CVE-2017-17973/tiff no-dsa, same as for jessie and stretch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -62,6 +62,7 @@ CVE-2017-17973 (In LibTIFF 4.0.8, there is a heap-based use-after-free in the .. - tiff [stretch] - tiff (Minor issue) [jessie] - tiff (Minor issue) + [wheezy] - tiff (Minor issue) - tiff3 (unimportant) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2769 CVE-2017-1000447 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ea419ad2916fb986bd1855a8e37d0a3f59b243be --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ea419ad2916fb986bd1855a8e37d0a3f59b243be You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] LTS: claim tiff/tiff3 in dla-needed.txt
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 171b745a by Roberto C. Sánchez at 2017-12-30T13:59:54-05:00 LTS: claim tiff/tiff3 in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -54,9 +54,9 @@ swftools (Guido Günther) NOTE: 20171118: At least CVE-2017-16797 is present. (lamby) NOTE: 20171210: likely to be turned into a pkg with limited sec support -- -tiff +tiff (Roberto C. Sánchez) -- -tiff3 +tiff3 (Roberto C. Sánchez) -- wireshark (Thorsten Alteholz) NOTE: 2017-08-28: Contacted maintainer since most issues affect Jessie/Stretch as well View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/171b745acf2fd5ece217f4c38bdf6cb2e8216415 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/171b745acf2fd5ece217f4c38bdf6cb2e8216415 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Reserve DLA-1225-1 for asterisk
Roberto C. Sánchez pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4c3d3298 by Roberto C. Sánchez at 2017-12-30T12:37:34-05:00
Reserve DLA-1225-1 for asterisk
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[30 Dec 2017] DLA-1225-1 asterisk - security update
+ {CVE-2017-17090}
+ [wheezy] - asterisk 1:1.8.13.1~dfsg1-3+deb7u8
[28 Dec 2017] DLA-1224-1 mercurial - security update
{CVE-2017-17458}
[wheezy] - mercurial 2.2.2-4+deb7u6
=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -10,8 +10,6 @@ this list is updated have a look at
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
-asterisk (Roberto C. Sánchez)
---
ca-certificates
NOTE: 20170719: maintainer will handle the upload, see
https://lists.debian.org/d0b9674a-ac5b-5cc9-1982-fb6f36155...@pbandjelly.org
NOTE: 20171013: pinged maintainer:
https://lists.debian.org/87efpuc95w@curie.anarc.at (anarcat)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4c3d32980c63238cc6b3c63524ed890f9bc6e64a
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4c3d32980c63238cc6b3c63524ed890f9bc6e64a
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] LTS: claim asterisk in dla-needed.txt
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 7d95fe64 by Roberto C. Sánchez at 2017-12-30T11:23:22-05:00 LTS: claim asterisk in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -10,7 +10,7 @@ this list is updated have a look at https://wiki.debian.org/LTS/Development#Triage_new_security_issues -- -asterisk +asterisk (Roberto C. Sánchez) -- ca-certificates NOTE: 20170719: maintainer will handle the upload, see https://lists.debian.org/d0b9674a-ac5b-5cc9-1982-fb6f36155...@pbandjelly.org View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7d95fe64d4fcc33c91f8281ac111fd7931ec56fd --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7d95fe64d4fcc33c91f8281ac111fd7931ec56fd You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] LTS: update status of ICU
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: c0f1f95b by Roberto C. Sánchez at 2017-12-29T18:09:43-05:00 LTS: update status of ICU - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -21,7 +21,8 @@ couchdb -- graphicsmagick (Markus Koschany) -- -icu (Roberto C. Sánchez) +icu + NOTE: 20171229: CVE-2017-15422 was reported via Google Code issue report in Chromium project; report is not visible to the public -- imagemagick (Markus Koschany) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c0f1f95beb143950412499da286ccb51f9b9a1d4 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c0f1f95beb143950412499da286ccb51f9b9a1d4 You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] LTS: annotate CVE-2017-17484/icu as not affecting wheezy
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 0961d114 by Roberto C. Sánchez at 2017-12-29T17:56:55-05:00 LTS: annotate CVE-2017-17484/icu as not affecting wheezy - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -6345,6 +6345,7 @@ CVE-2017-17485 CVE-2017-17484 (The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International ...) [experimental] - icu 60.2-1 - icu + [wheezy] - icu (Vulnerable code not present) NOTE: https://ssl.icu-project.org/trac/ticket/13510 NOTE: https://ssl.icu-project.org/trac/ticket/13490 NOTE: Fixed by: https://ssl.icu-project.org/trac/changeset/40714 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0961d114e204018cc0e088f12f1830c508665c5e --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0961d114e204018cc0e088f12f1830c508665c5e You're receiving this email because of your account on salsa.debian.org. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
