[Secure-testing-commits] r57981 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2017-11-23 21:47:29 + (Thu, 23 Nov 2017)
New Revision: 57981

Modified:
   data/dsa-needed.txt
Log:
dsa-needed.txt: santiago takes a look at poppler

Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2017-11-23 21:20:03 UTC (rev 57980)
+++ data/dsa-needed.txt 2017-11-23 21:47:29 UTC (rev 57981)
@@ -42,6 +42,7 @@
 phpmyadmin/oldstable
 --
 poppler
+  2017-11-23: santiago will prepare a debdiff
 --
 qemu/oldstable
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57618 - data/CVE

[Santiago Ruano Rincón]

Author: santiago
Date: 2017-11-14 10:08:47 + (Tue, 14 Nov 2017)
New Revision: 57618

Modified:
   data/CVE/list
Log:
CVE-2017-15565/poppler: add fix url

Signed-off-by: Santiago R.R 

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-14 09:48:40 UTC (rev 57617)
+++ data/CVE/list   2017-11-14 10:08:47 UTC (rev 57618)
@@ -3227,6 +3227,7 @@
 CVE-2017-15565 (In Poppler 0.59.0, a NULL Pointer Dereference exists in the 
...)
- poppler  (bug #879066)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103016
+   NOTE: Fixed by: 
https://cgit.freedesktop.org/poppler/poppler/commit/?id=19ebd40547186a8ea6da08c8d8e2a6d6b7e84f5d
 CVE-2017-15564
RESERVED
 CVE-2017-15563


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57456 - data/CVE

[Santiago Ruano Rincón]

Author: santiago
Date: 2017-11-08 15:16:34 + (Wed, 08 Nov 2017)
New Revision: 57456

Modified:
   data/CVE/list
Log:
sqlite3/CVE-2017-2513 wheezy and jessie not vulnerable

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-08 14:40:16 UTC (rev 57455)
+++ data/CVE/list   2017-11-08 15:16:34 UTC (rev 57456)
@@ -42209,6 +42209,8 @@
NOTE: Not covered by security support
 CVE-2017-2513 (An issue was discovered in certain Apple products. iOS before 
10.3.2 ...)
- sqlite3 3.15.2-1
+   [jessie] - sqlite3  (Vulnerable code not present)
+   [wheezy] - sqlite3  (Vulnerable code not present)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=171
NOTE: 
https://clusterfuzz-external.appspot.com/testcase?key=5770842466156544
NOTE: Fixed by: https://www.sqlite.org/src/info/c5dbc599b910c02a


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57449 - data/CVE

[Santiago Ruano Rincón]

Author: santiago
Date: 2017-11-08 10:34:40 + (Wed, 08 Nov 2017)
New Revision: 57449

Modified:
   data/CVE/list
Log:
sqlite3/CVE-2017-2513,CVE-2017-2518,CVE-2017-2519,CVE-2017-2520: include fix 
urls

Modified: data/CVE/list
===
--- data/CVE/list   2017-11-08 09:56:57 UTC (rev 57448)
+++ data/CVE/list   2017-11-08 10:34:40 UTC (rev 57449)
@@ -42186,14 +42186,17 @@
- sqlite3 
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=384
NOTE: 
https://clusterfuzz-external.appspot.com/testcase?key=5694101458518016
+   NOTE: Fixed by: https://www.sqlite.org/src/info/2dc7eeb5b4d2eaf1
 CVE-2017-2519 (An issue was discovered in certain Apple products. iOS before 
10.3.2 ...)
- sqlite3 
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=288
NOTE: 
https://clusterfuzz-external.appspot.com/testcase?key=6739028850245632
+   NOTE: Fixed by: https://www.sqlite.org/src/info/d08b72c38ff6fae6
 CVE-2017-2518 (An issue was discovered in certain Apple products. iOS before 
10.3.2 ...)
- sqlite3 
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=199
NOTE: 
https://clusterfuzz-external.appspot.com/testcase?key=4603622180519936
+   NOTE: Fixed by: https://www.sqlite.org/src/info/0a98c8d76ac86412
 CVE-2017-2517 (An issue was discovered in certain Apple products. iOS before 
10.3.3 ...)
NOT-FOR-US: Apple Safari
 CVE-2017-2516 (An issue was discovered in certain Apple products. macOS before 
...)
@@ -42208,6 +42211,7 @@
- sqlite3 
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=171
NOTE: 
https://clusterfuzz-external.appspot.com/testcase?key=5770842466156544
+   NOTE: Fixed by: https://www.sqlite.org/src/info/c5dbc599b910c02a
 CVE-2017-2512 (An issue was discovered in certain Apple products. macOS before 
...)
NOT-FOR-US: Apple
 CVE-2017-2511 (An issue was discovered in certain Apple products. Safari 
before ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r53665 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2017-07-19 12:05:57 + (Wed, 19 Jul 2017)
New Revision: 53665

Modified:
   data/dsa-needed.txt
Log:
preparing debdiff for atril

Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2017-07-19 11:34:59 UTC (rev 53664)
+++ data/dsa-needed.txt 2017-07-19 12:05:57 UTC (rev 53665)
@@ -15,6 +15,7 @@
 389-ds-base (fw)
 --
 atril
+  santiago sent a patch, and is preparing a debdiff for jessie and stretch
 --
 chromium-browser
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r44170 - in data: . DLA

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-08-27 08:25:32 + (Sat, 27 Aug 2016)
New Revision: 44170

Modified:
   data/DLA/list
   data/dla-needed.txt
Log:
Reserve DLA-602-1 for gnupg

Modified: data/DLA/list
===
--- data/DLA/list   2016-08-27 05:34:03 UTC (rev 44169)
+++ data/DLA/list   2016-08-27 08:25:32 UTC (rev 44170)
@@ -1,3 +1,6 @@
+[27 Aug 2016] DLA-602-1 gnupg - security update
+   {CVE-2016-6313}
+   [wheezy] - gnupg 1.4.12-7+deb7u8
 [26 Aug 2016] DLA-601-1 quagga - security update
{CVE-2016-4036 CVE-2016-4049}
[wheezy] - quagga 0.99.22.4-1+wheezy3

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-08-27 05:34:03 UTC (rev 44169)
+++ data/dla-needed.txt 2016-08-27 08:25:32 UTC (rev 44170)
@@ -15,8 +15,6 @@
 --
 eog
 --
-gnupg (Santiago R.R.)
---
 icu (Roberto C. Sánchez)
   NOTE:  lamby: I suggest to wait a bit with icu, see the CVE 
assignment note from MITRE on CVE-2016-6293
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43789 - in data: . DLA

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-08-05 08:00:03 + (Fri, 05 Aug 2016)
New Revision: 43789

Modified:
   data/DLA/list
   data/dla-needed.txt
Log:
Reserve DLA-567-2 for mysql-5.5

Modified: data/DLA/list
===
--- data/DLA/list   2016-08-05 04:29:27 UTC (rev 43788)
+++ data/DLA/list   2016-08-05 08:00:03 UTC (rev 43789)
@@ -1,3 +1,5 @@
+[05 Aug 2016] DLA-567-2 mysql-5.5 - regression update
+   [wheezy] - mysql-5.5 5.5.50-0+deb7u2
 [04 Aug 2016] DLA-586-1 curl - security update
{CVE-2016-5419 CVE-2016-5420}
[wheezy] - curl 7.26.0-1+wheezy14

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-08-05 04:29:27 UTC (rev 43788)
+++ data/dla-needed.txt 2016-08-05 08:00:03 UTC (rev 43789)
@@ -42,9 +42,6 @@
 --
 mongodb (Ola Lundqvist)
 --
-mysql-5.5 (Santiago R.R)
-  NOTE: Security update is currently stuck in NEW
---
 nettle (Ola Lundqvist)
   NOTE: Original patch had some unintended side effects: 
https://lists.lysator.liu.se/pipermail/nettle-bugs/2016/003104.html
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43715 - in data: . DLA

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-08-02 17:30:38 + (Tue, 02 Aug 2016)
New Revision: 43715

Modified:
   data/DLA/list
   data/dla-needed.txt
Log:
Reserve DLA-583-1 for lighttpd

Modified: data/DLA/list
===
--- data/DLA/list   2016-08-02 16:26:02 UTC (rev 43714)
+++ data/DLA/list   2016-08-02 17:30:38 UTC (rev 43715)
@@ -1,3 +1,6 @@
+[02 Aug 2016] DLA-583-1 lighttpd - security update
+   {CVE-2016-1000212}
+   [wheezy] - lighttpd 1.4.31-4+deb7u5
 [02 Aug 2016] DLA-582-1 libidn - security update
{CVE-2015-8948 CVE-2016-6261 CVE-2016-6263}
[wheezy] - libidn 1.25-2+deb7u2

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-08-02 16:26:02 UTC (rev 43714)
+++ data/dla-needed.txt 2016-08-02 17:30:38 UTC (rev 43715)
@@ -36,8 +36,6 @@
 --
 libupnp (Balint Reczey)
 --
-lighttpd (Santiago R.R.)
---
 linux (Ben Hutchings)
 --
 mat


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43599 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-07-29 09:10:52 + (Fri, 29 Jul 2016)
New Revision: 43599

Modified:
   data/dla-needed.txt
Log:
Claim lighttpd in dla-needed.txt

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-07-29 09:10:11 UTC (rev 43598)
+++ data/dla-needed.txt 2016-07-29 09:10:52 UTC (rev 43599)
@@ -54,7 +54,7 @@
 --
 libupnp (Balint Reczey)
 --
-lighttpd
+lighttpd (Santiago R.R.)
 --
 linux (Ben Hutchings)
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43595 - in data: . DLA

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-07-29 08:33:52 + (Fri, 29 Jul 2016)
New Revision: 43595

Modified:
   data/DLA/list
   data/dla-needed.txt
Log:
Reserve DLA-567-1 for mysql-5.5

Modified: data/DLA/list
===
--- data/DLA/list   2016-07-29 08:31:11 UTC (rev 43594)
+++ data/DLA/list   2016-07-29 08:33:52 UTC (rev 43595)
@@ -1,3 +1,6 @@
+[29 Jul 2016] DLA-567-1 mysql-5.5 - security update
+   {CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440}
+   [wheezy] - mysql-5.5 5.5.50-0+deb7u1
 [28 Jul 2016] DLA-566-1 cakephp - security update
[wheezy] - cakephp 1.3.15-1+deb7u1
 [28 Jul 2016] DLA-565-1 perl - security update

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-07-29 08:31:11 UTC (rev 43594)
+++ data/dla-needed.txt 2016-07-29 08:33:52 UTC (rev 43595)
@@ -66,8 +66,6 @@
 mupdf (Thorsten Alteholz)
   NOTE: Can reproduce in wheezy chroot.
 --
-mysql-5.5 (Santiago R.R.)
---
 ntp
   NOTE: up to now maintainer did the LTS uploads
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43557 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-07-28 13:37:28 + (Thu, 28 Jul 2016)
New Revision: 43557

Modified:
   data/dla-needed.txt
Log:
gnupg needs a DLA

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-07-28 13:22:42 UTC (rev 43556)
+++ data/dla-needed.txt 2016-07-28 13:37:28 UTC (rev 43557)
@@ -22,6 +22,8 @@
   NOTE: 20160529, no fix yet
   NOTE: 20160618, still no fix
 --
+gnupg (Santiago R.R.)
+--
 icedove (Guido Günther)
 --
 icu (Roberto C. Sánchez)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43490 - in data: CVE DLA

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-07-26 11:39:46 + (Tue, 26 Jul 2016)
New Revision: 43490

Modified:
   data/CVE/list
   data/DLA/list
Log:
CVE-2016-5408/squid3 fixed by DLA-556-1. Fix references

Modified: data/CVE/list
===
--- data/CVE/list   2016-07-26 11:37:31 UTC (rev 43489)
+++ data/CVE/list   2016-07-26 11:39:46 UTC (rev 43490)
@@ -2736,11 +2736,11 @@
 CVE-2016-5409
RESERVED
 CVE-2016-5408
+   {DLA-556-1}
RESERVED
- squid3  (Incomplete fix for CVE-2016-4051 not applied)
NOTE: CVE is specific for the incomplete fix of CVE-2016-4051 as applied
-   NOTE: by some vendors. Possibly wheezy was as well, but covered with
-   NOTE: DLA-556-1.
+   NOTE: by some vendors.
 CVE-2016-5407
RESERVED
 CVE-2016-5406
@@ -7251,7 +7251,7 @@
NOTE: 
http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch 
(Squid 3.4)
NOTE: 
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch 
(Squid 3.5)
 CVE-2016-4051 (Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 
3.5.17, and ...)
-   {DSA-3625-1 DLA-556-1 DLA-478-1}
+   {DSA-3625-1 DLA-478-1}
- squid3 3.5.17-1
- squid 
[wheezy] - squid  (cachemgr.cgi not installed. squid-cgi 
binary package built from squid3)
@@ -7260,6 +7260,7 @@
NOTE: 
http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_5.patch (Squid 
3.3)
NOTE: 
http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_5.patch (Squid 
3.4)
NOTE: 
http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_5.patch (Squid 
3.5)
+   NOTE: Fixed in wheezy by DLA-556-1, c.f. CVE-2016-5408
 CVE-2016-4044
RESERVED
 CVE-2016-4043

Modified: data/DLA/list
===
--- data/DLA/list   2016-07-26 11:37:31 UTC (rev 43489)
+++ data/DLA/list   2016-07-26 11:39:46 UTC (rev 43490)
@@ -13,7 +13,7 @@
 [23 Jul 2016] DLA-557-1 dietlibc - security update
[wheezy] - dietlibc 0.33~cvs20120325-4+deb7u1
 [22 Jul 2016] DLA-556-1 squid3 - security update
-   {CVE-2016-4051}
+   {CVE-2016-5408}
[wheezy] - squid3 3.1.20-2.2+deb7u6
 [21 Jul 2016] DLA-555-1 python-django - security update
{CVE-2016-6186}


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43471 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-07-25 21:49:19 + (Mon, 25 Jul 2016)
New Revision: 43471

Modified:
   data/dla-needed.txt
Log:
Claim mysql-5.5 in dla-needed.txt

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-07-25 21:34:28 UTC (rev 43470)
+++ data/dla-needed.txt 2016-07-25 21:49:19 UTC (rev 43471)
@@ -71,7 +71,7 @@
 mupdf
   NOTE: Can reproduce in wheezy chroot.
 --
-mysql-5.5
+mysql-5.5 (Santiago R.R.)
 --
 openssh (Ola Lundqvist)
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43465 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-07-25 19:05:15 + (Mon, 25 Jul 2016)
New Revision: 43465

Modified:
   data/dla-needed.txt
Log:
perl needs a dla

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-07-25 18:59:58 UTC (rev 43464)
+++ data/dla-needed.txt 2016-07-25 19:05:15 UTC (rev 43465)
@@ -94,6 +94,9 @@
   NOTE: but as I discussed with the maintainer 
(https://lists.debian.org/debian-lts/2016/07/msg00117.html)
   NOTE: we will wait upstream release it as an official solution.
 --
+perl
+  NOTE: Ben and Thorsten have the patches.
+--
 php5 (Thorsten Alteholz)
   NOTE: At least CVE-2016-4538 of the outstanding CVEs are vulnerable
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43464 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-07-25 18:59:58 + (Mon, 25 Jul 2016)
New Revision: 43464

Modified:
   data/dla-needed.txt
Log:
data/dla-needed.txt maintainer wants to handle ntp upload announce

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-07-25 18:57:24 UTC (rev 43463)
+++ data/dla-needed.txt 2016-07-25 18:59:58 UTC (rev 43464)
@@ -76,9 +76,8 @@
 --
 mysql-5.5
 --
-ntp (Santiago R.R.)
-  NOTE: maintainer would like help working on the updates but will handle the 
updates himself
-  NOTE: 20160518175636.ga29...@roeckx.be
+ntp
+  NOTE: maintainer uploaded and wants to handle the announce too.
 --
 openssh (Ola Lundqvist)
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43163 - data/CVE

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-07-13 08:24:26 + (Wed, 13 Jul 2016)
New Revision: 43163

Modified:
   data/CVE/list
Log:
CVE-2016-4051/squid in wheezy, not-affected

Modified: data/CVE/list
===
--- data/CVE/list   2016-07-13 06:31:35 UTC (rev 43162)
+++ data/CVE/list   2016-07-13 08:24:26 UTC (rev 43163)
@@ -6433,6 +6433,7 @@
{DLA-478-1}
- squid3 3.5.17-1
- squid 
+   [wheezy] - squid  (cachemgr.cgi not installed. squid-cgi 
binary package built from squid3)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_5.txt
NOTE: 
http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_5.patch (Squid 
3.2)
NOTE: 
http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_5.patch (Squid 
3.3)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r43053 - data/CVE

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-07-07 15:29:47 + (Thu, 07 Jul 2016)
New Revision: 43053

Modified:
   data/CVE/list
Log:
CVE-2016-2119/samba: wheezy not-affected

Modified: data/CVE/list
===
--- data/CVE/list   2016-07-07 14:31:41 UTC (rev 43052)
+++ data/CVE/list   2016-07-07 15:29:47 UTC (rev 43053)
@@ -12088,6 +12088,7 @@
 CVE-2016-2119 [Client side SMB2/3 required signing can be downgraded]
RESERVED
- samba  (bug #830195)
+   [wheezy] - samba  (Affects Samba 4.0.0 to 4.4.0)
NOTE: https://www.samba.org/samba/security/CVE-2016-2119.html
NOTE: Affects Samba 4.0.0 to 4.4.4
 CVE-2016-2118 (The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x 
and 4.x ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r42989 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-07-03 09:30:21 + (Sun, 03 Jul 2016)
New Revision: 42989

Modified:
   data/dla-needed.txt
Log:
dla-needed: note on squid3

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-07-03 09:16:45 UTC (rev 42988)
+++ data/dla-needed.txt 2016-07-03 09:30:21 UTC (rev 42989)
@@ -105,7 +105,8 @@
 squid (Santiago R.R.)
 --
 squid3 (Santiago R.R.)
-  NOTE: Fix for CVE-2016-4051 backported from RedHat is incomplete. Upstream 
noticed.
+  NOTE: Fix for CVE-2016-4051 backported from RedHat is incomplete.
+  NOTE: Waiting for feedback from upstream.
 --
 tardiff
   fw asked maintainer for preparing debdiffs for wheezy- and jessie-security


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r42947 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-07-01 08:38:06 + (Fri, 01 Jul 2016)
New Revision: 42947

Modified:
   data/dla-needed.txt
Log:
Add squid3 to dla-needed. Current fix for CVE-2016-4051 is incomplete

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-07-01 08:02:57 UTC (rev 42946)
+++ data/dla-needed.txt 2016-07-01 08:38:06 UTC (rev 42947)
@@ -101,6 +101,9 @@
 --
 squid (Santiago R.R.)
 --
+squid3 (Santiago R.R.)
+  NOTE: Fix for CVE-2016-4051 backported from RedHat is incomplete. Upstream 
noticed.
+--
 tardiff
   fw asked maintainer for preparing debdiffs for wheezy- and jessie-security
   https://anonscm.debian.org/cgit/collab-maint/tardiff.git/log/?h=wheezy


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r42690 - data/CVE

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-06-22 14:25:39 + (Wed, 22 Jun 2016)
New Revision: 42690

Modified:
   data/CVE/list
Log:
CVE-2016-3948/squid no-dsa

Modified: data/CVE/list
===
--- data/CVE/list   2016-06-22 10:59:36 UTC (rev 42689)
+++ data/CVE/list   2016-06-22 14:25:39 UTC (rev 42690)
@@ -5386,6 +5386,7 @@
[jessie] - squid3  (Minor issue; needs substantial backporting; 
too intrusive to backport)
[wheezy] - squid3  (Minor issue; needs substantial backporting; 
too intrusive to backport)
- squid 
+   [wheezy] - squid  (Minor issue; needs substantial backporting; 
too intrusive to backport)
NOTE: 
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_4.txt
 CVE-2016-3947 (Heap-based buffer overflow in the Icmp6::Recv function in ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r42684 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-06-22 07:41:46 + (Wed, 22 Jun 2016)
New Revision: 42684

Modified:
   data/dla-needed.txt
Log:
Take squid in dla-needed.txt

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-06-22 07:39:41 UTC (rev 42683)
+++ data/dla-needed.txt 2016-06-22 07:41:46 UTC (rev 42684)
@@ -81,7 +81,7 @@
 --
 spice (Santiago R.R.)
 --
-squid
+squid (Santiago R.R.)
 --
 tardiff
   fw asked maintainer for preparing debdiffs for wheezy- and jessie-security


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r42424 - in data: . DLA

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-06-09 18:29:46 + (Thu, 09 Jun 2016)
New Revision: 42424

Modified:
   data/DLA/list
   data/dla-needed.txt
Log:
Reserve DLA-509-1 for samba

Modified: data/DLA/list
===
--- data/DLA/list   2016-06-09 16:41:26 UTC (rev 42423)
+++ data/DLA/list   2016-06-09 18:29:46 UTC (rev 42424)
@@ -1,3 +1,5 @@
+[09 Jun 2016] DLA-509-1 samba - security update
+   [wheezy] - samba 2:3.6.6-6+deb7u10
 [08 Jun 2016] DLA-508-1 expat - security update
{CVE-2012-6702 CVE-2016-5300}
[wheezy] - expat 2.1.0-1+deb7u4

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-06-09 16:41:26 UTC (rev 42423)
+++ data/dla-needed.txt 2016-06-09 18:29:46 UTC (rev 42424)
@@ -87,9 +87,6 @@
 --
 ruby-eventmachine
 --
-samba (Santiago R.R.)
-  NOTE: regression update required for #821811, patches available
---
 spice (Santiago R.R.)
 --
 squid


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r42401 - data/CVE

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-06-08 13:39:04 + (Wed, 08 Jun 2016)
New Revision: 42401

Modified:
   data/CVE/list
Log:
CVE-2016-0749/spice: wheezy not-affected

Modified: data/CVE/list
===
--- data/CVE/list   2016-06-08 12:07:08 UTC (rev 42400)
+++ data/CVE/list   2016-06-08 13:39:04 UTC (rev 42401)
@@ -14426,6 +14426,7 @@
RESERVED
{DSA-3596-1}
- spice  (bug #826585)
+   [wheezy] - spice  (Vulnerable code not present. 
Configured with --disable-smartcard)
 CVE-2016-0748
RESERVED
 CVE-2016-0747 (The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does 
not ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r42381 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-06-07 14:36:51 + (Tue, 07 Jun 2016)
New Revision: 42381

Modified:
   data/dla-needed.txt
Log:
Take spice in data/dla-needed.txt

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-06-07 14:35:55 UTC (rev 42380)
+++ data/dla-needed.txt 2016-06-07 14:36:51 UTC (rev 42381)
@@ -93,7 +93,7 @@
 samba (Santiago R.R.)
   NOTE: regression update required for #821811, patches available
 --
-spice
+spice (Santiago R.R.)
 --
 squid
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r42183 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-05-31 08:52:35 + (Tue, 31 May 2016)
New Revision: 42183

Modified:
   data/dla-needed.txt
Log:
remove mediawiki from dla-needed.txt, not supported in wheezy

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-31 07:13:30 UTC (rev 42182)
+++ data/dla-needed.txt 2016-05-31 08:52:35 UTC (rev 42183)
@@ -49,9 +49,6 @@
 --
 linux
 --
-mediawiki
-  NOTE: question raised about backporting jessie version: 
87y478d6no@angela.anarcat.ath.cx
---
 mxml
 --
 nss


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r42129 - in data: . DLA

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-05-29 19:45:47 + (Sun, 29 May 2016)
New Revision: 42129

Modified:
   data/DLA/list
   data/dla-needed.txt
Log:
Reserve DLA-494-1 for eglibc

Modified: data/DLA/list
===
--- data/DLA/list   2016-05-29 19:41:35 UTC (rev 42128)
+++ data/DLA/list   2016-05-29 19:45:47 UTC (rev 42129)
@@ -1,3 +1,6 @@
+[29 May 2016] DLA-494-1 eglibc - security update
+   {CVE-2016-1234 CVE-2016-3075 CVE-2016-3706}
+   [wheezy] - eglibc 2.13-38+deb7u11
 [29 May 2016] DLA-493-1 openafs - security update
{CVE-2015-8312 CVE-2016-2860 CVE-2016-4536}
[wheezy] - openafs 1.6.1-3+deb7u6

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-29 19:41:35 UTC (rev 42128)
+++ data/dla-needed.txt 2016-05-29 19:45:47 UTC (rev 42129)
@@ -18,8 +18,6 @@
 cakephp
   NOTE: CVE-2015-8379 No official solution is currently available, 20160425
 --
-eglibc (Santiago R.R.)
---
 extplorer
   NOTE: 20160529, no fix yet
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r42102 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-05-28 22:58:56 + (Sat, 28 May 2016)
New Revision: 42102

Modified:
   data/dla-needed.txt
Log:
Claim ntp in dla-needed.txt

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-28 17:44:40 UTC (rev 42101)
+++ data/dla-needed.txt 2016-05-28 22:58:56 UTC (rev 42102)
@@ -51,7 +51,7 @@
 --
 mxml
 --
-ntp
+ntp (Santiago R.R.)
   NOTE: maintainer would like help working on the updates but will handle the 
updates himself
   NOTE: 20160518175636.ga29...@roeckx.be
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r42007 - data/DLA

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-05-25 08:04:30 + (Wed, 25 May 2016)
New Revision: 42007

Modified:
   data/DLA/list
Log:
reserve DLA-487-1 for debian-security-support

Modified: data/DLA/list
===
--- data/DLA/list   2016-05-25 07:14:26 UTC (rev 42006)
+++ data/DLA/list   2016-05-25 08:04:30 UTC (rev 42007)
@@ -1,3 +1,5 @@
+[25 May 2016] DLA-487-1 debian-security-support - Long term security support 
update
+   [wheezy] - debian-security-support 2016.05.24~deb7u1
 [23 May 2016] DLA-486-1 imagemagick - security update
{CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718}
[wheezy] - imagemagick 8:6.7.7.10-5+deb7u5


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41990 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-05-24 13:47:57 + (Tue, 24 May 2016)
New Revision: 41990

Modified:
   data/dla-needed.txt
Log:
claim samba on dla-needed

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-24 10:27:45 UTC (rev 41989)
+++ data/dla-needed.txt 2016-05-24 13:47:57 UTC (rev 41990)
@@ -97,7 +97,7 @@
 --
 ruby-rest-client (Ola Lundqvist)
 --
-samba
+samba (Santiago R.R.)
   NOTE: regression update required for #821811, patches available
 --
 squid


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41801 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-05-17 13:22:59 + (Tue, 17 May 2016)
New Revision: 41801

Modified:
   data/dla-needed.txt
Log:
claim eglibc in data/dla-needed.txt

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-17 13:06:13 UTC (rev 41800)
+++ data/dla-needed.txt 2016-05-17 13:22:59 UTC (rev 41801)
@@ -22,7 +22,7 @@
 --
 dhcpcd5
 --
-eglibc
+eglibc (Santiago R.R.)
 --
 extplorer (Thorsten Alteholz)
   NOTE: package for testing uploaded


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41766 - in data: . DLA

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-05-16 10:26:07 + (Mon, 16 May 2016)
New Revision: 41766

Modified:
   data/DLA/list
   data/dla-needed.txt
Log:
Reserve DLA-478-1 for squid3

Modified: data/DLA/list
===
--- data/DLA/list   2016-05-16 10:03:00 UTC (rev 41765)
+++ data/DLA/list   2016-05-16 10:26:07 UTC (rev 41766)
@@ -1,3 +1,6 @@
+[16 May 2016] DLA-478-1 squid3 - security update
+   {CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4554 
CVE-2016-4555 CVE-2016-4556}
+   [wheezy] - squid3 3.1.20-2.2+deb7u5
 [16 May 2016] DLA-477-1 librsvg - security update
{CVE-2015-7558 CVE-2016-4347 CVE-2016-4348}
[wheezy] - librsvg 2.36.1-2+deb7u2

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-16 10:03:00 UTC (rev 41765)
+++ data/dla-needed.txt 2016-05-16 10:26:07 UTC (rev 41766)
@@ -110,8 +110,6 @@
 --
 squid
 --
-squid3 (Santiago R.R.)
---
 tardiff
   fw asked maintainer for preparing debdiffs for wheezy- and jessie-security
   https://anonscm.debian.org/cgit/collab-maint/tardiff.git/log/?h=wheezy


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41651 - data/CVE

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-05-11 20:32:34 + (Wed, 11 May 2016)
New Revision: 41651

Modified:
   data/CVE/list
Log:
CVE-2016-4553/squid3 wheezy not affected

Modified: data/CVE/list
===
--- data/CVE/list   2016-05-11 20:14:50 UTC (rev 41650)
+++ data/CVE/list   2016-05-11 20:32:34 UTC (rev 41651)
@@ -144,6 +144,7 @@
 CVE-2016-4553 [Cache Poisoning issue in HTTP Request handling]
RESERVED
- squid3 3.5.19-1 (bug #823968)
+   [wheezy] - squid3  (issue introduced by CVE-2009-0801 
fix, not applied in wheezy)
- squid  (Does not affect 2.x)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_7.txt
NOTE: 
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41623 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-05-10 21:41:22 + (Tue, 10 May 2016)
New Revision: 41623

Modified:
   data/dsa-needed.txt
Log:
squid3: santiago started to prepare a debdiff

Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-05-10 21:10:11 UTC (rev 41622)
+++ data/dsa-needed.txt 2016-05-10 21:41:22 UTC (rev 41623)
@@ -66,6 +66,7 @@
   Samba maintainers are preparing updates for regressions
 --
 squid3
+  Santiago is preparing a debdiff.
 --
 tomcat8 (Markus Koschany)
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41610 - data/CVE

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-05-10 15:14:22 + (Tue, 10 May 2016)
New Revision: 41610

Modified:
   data/CVE/list
Log:
CVE-2016-4553/squid3: add note

Modified: data/CVE/list
===
--- data/CVE/list   2016-05-10 15:02:17 UTC (rev 41609)
+++ data/CVE/list   2016-05-10 15:14:22 UTC (rev 41610)
@@ -122,6 +122,7 @@
- squid  (Does not affect 2.x)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_7.txt
NOTE: 
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch
+   NOTE: Fix relies on SBuf, not present in jessie nor wheezy. Maybe too 
intrusive
 CVE-2016-4535 (Integer signedness error in the AV engine before DAT 8145, as 
used in ...)
NOT-FOR-US: McAfee / AV engine
 CVE-2016-4534 (The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan 
...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41601 - data/CVE

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-05-10 11:12:55 + (Tue, 10 May 2016)
New Revision: 41601

Modified:
   data/CVE/list
Log:
CVE-2016-4554/squid3 add note about regression and fix

Modified: data/CVE/list
===
--- data/CVE/list   2016-05-10 11:03:20 UTC (rev 41600)
+++ data/CVE/list   2016-05-10 11:12:55 UTC (rev 41601)
@@ -115,6 +115,7 @@
NOTE: 
http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12698.patch
NOTE: 
http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13236.patch
NOTE: 
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14038.patch
+   NOTE: Regression and fix: 
http://bugs.squid-cache.org/show_bug.cgi?id=4515
 CVE-2016-4553 [Cache Poisoning issue in HTTP Request handling]
RESERVED
- squid3 


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41556 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-05-09 09:22:41 + (Mon, 09 May 2016)
New Revision: 41556

Modified:
   data/dla-needed.txt
Log:
Claim squid3 in dla-needed.txt

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-09 09:15:42 UTC (rev 41555)
+++ data/dla-needed.txt 2016-05-09 09:22:41 UTC (rev 41556)
@@ -93,7 +93,7 @@
 --
 squid
 --
-squid3
+squid3 (Santiago R.R.)
 --
 tardiff
   fw asked maintainer for preparing debdiffs for wheezy- and jessie-security


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41340 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-05-01 17:52:41 + (Sun, 01 May 2016)
New Revision: 41340

Modified:
   data/dla-needed.txt
Log:
dla-needed.txt add note on quagga

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-01 15:37:28 UTC (rev 41339)
+++ data/dla-needed.txt 2016-05-01 17:52:41 UTC (rev 41340)
@@ -76,6 +76,7 @@
 --
 quagga
   NOTE: see dsa-needed's notes.
+  NOTE: Maintainer's answer: 
https://lists.debian.org/msgid-search/878tzv6pru@mid.deneb.enyo.de
 --
 samba
   Samba maintainers are preparing updates for regressions


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41313 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-04-30 15:41:19 + (Sat, 30 Apr 2016)
New Revision: 41313

Modified:
   data/dla-needed.txt
Log:
add quagga to dla-needed

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-30 15:29:28 UTC (rev 41312)
+++ data/dla-needed.txt 2016-04-30 15:41:19 UTC (rev 41313)
@@ -75,6 +75,9 @@
 policykit-1
   NOTE: CVE-2016-2568 doesn't have a fix yet, 20160425
 --
+quagga
+  NOTE: see dsa-needed's notes.
+--
 samba
   Samba maintainers are preparing updates for regressions
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41312 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-04-30 15:29:28 + (Sat, 30 Apr 2016)
New Revision: 41312

Modified:
   data/dla-needed.txt
Log:
openafs needs a DLA

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-30 14:34:34 UTC (rev 41311)
+++ data/dla-needed.txt 2016-04-30 15:29:28 UTC (rev 41312)
@@ -59,6 +59,8 @@
   NOTE: maintainer wants to upload package (as done before)
   NOTE: <20160213161710.ga9...@roeckx.be>
 --
+openafs
+--
 openjdk-7 (Markus Koschany)
 --
 openssl


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41294 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-04-29 14:39:01 + (Fri, 29 Apr 2016)
New Revision: 41294

Modified:
   data/dla-needed.txt
Log:
phpmyadmin needs a dla

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-29 14:34:37 UTC (rev 41293)
+++ data/dla-needed.txt 2016-04-29 14:39:01 UTC (rev 41294)
@@ -69,6 +69,9 @@
 --
 php5
 --
+phpmyadmin
+  NOTE: anarcat already prepared a package: 
https://lists.debian.org/debian-lts/2016/04/msg00086.html
+--
 policykit-1
   NOTE: CVE-2016-2568 doesn't have a fix yet, 20160425
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41291 - templates

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-04-29 14:21:28 + (Fri, 29 Apr 2016)
New Revision: 41291

Modified:
   templates/lts-no-dsa.txt
Log:
update templates/lts-no-dsa.txt for Wheezy

Modified: templates/lts-no-dsa.txt
===
--- templates/lts-no-dsa.txt2016-04-29 14:18:57 UTC (rev 41290)
+++ templates/lts-no-dsa.txt2016-04-29 14:21:28 UTC (rev 41291)
@@ -1,11 +1,11 @@
 To: {{ to }}
 Cc: {{ cc }}
-Subject: About the security issues affecting {{ package }} in Squeeze
+Subject: About the security issues affecting {{ package }} in Wheezy
 
 Hello dear maintainer(s),
 
 the Debian LTS team recently reviewed the security issue(s) affecting your
-package in Squeeze:
+package in Wheezy:
 {%- if cve -%}
 {% for entry in cve %}
 https://security-tracker.debian.org/tracker/{{ entry }}
@@ -14,10 +14,10 @@
 https://security-tracker.debian.org/tracker/source-package/{{ package }}
 {%- endif %}
 
-We decided that we would not prepare a squeeze security update (usually
+We decided that we would not prepare a wheezy security update (usually
 because the security impact is low and that we concentrate our limited
 resources on higher severity issues and on the most widely used packages).
-That said the squeeze users would most certainly benefit from a fixed
+That said the wheezy users would most certainly benefit from a fixed
 package.
 
 If you want to work on such an update, you're welcome to do so. Please
@@ -25,11 +25,11 @@
 https://wiki.debian.org/LTS/Development
 
 If that workflow is a burden to you, feel free to just prepare an
-updated source package and send it to debian-...@lists.debian.org
-(via a debdiff, or with an URL pointing to the the source package,
-or even with a pointer to your packaging repository), and the members
-of the LTS team will take care of the rest. However please make sure to
-submit a tested package.
+updated source package and send it to debian-...@lists.debian.org (via a
+debdiff, or with an URL pointing to the source package, or even with a
+pointer to your packaging repository), and the members of the LTS team
+will take care of the rest. However please make sure to submit a tested
+package.
 
 Thank you very much.
 


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41290 - data/CVE

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-04-29 14:18:57 + (Fri, 29 Apr 2016)
New Revision: 41290

Modified:
   data/CVE/list
Log:
CVE-2015-8076/cyrus-imapd-2.4 no-dsa in wheezy

Modified: data/CVE/list
===
--- data/CVE/list   2016-04-29 13:25:59 UTC (rev 41289)
+++ data/CVE/list   2016-04-29 14:18:57 UTC (rev 41290)
@@ -16709,6 +16709,7 @@
 CVE-2015-8076 (The index_urlfetch function in index.c in Cyrus IMAP 2.3.x 
before ...)
- cyrus-imapd-2.4 2.4.17+nocaldav-2
[jessie] - cyrus-imapd-2.4  (Will be fixed via a jessie-pu)
+   [wheezy] - cyrus-imapd-2.4  (Minor issue; can be fixed alone in 
a future DLA)
NOTE: http://www.openwall.com/lists/oss-security/2015/09/29/2
NOTE: 
https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921
NOTE: 
https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41274 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-04-29 09:26:19 + (Fri, 29 Apr 2016)
New Revision: 41274

Modified:
   data/dla-needed.txt
Log:
add squid3 to dla-needed

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-29 09:10:12 UTC (rev 41273)
+++ data/dla-needed.txt 2016-04-29 09:26:19 UTC (rev 41274)
@@ -79,6 +79,8 @@
 --
 squid
 --
+squid3
+--
 subversion
 --
 tardiff


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41272 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-04-29 08:29:34 + (Fri, 29 Apr 2016)
New Revision: 41272

Modified:
   data/dla-needed.txt
Log:
add subversion to dla-needed.txt

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-29 07:03:53 UTC (rev 41271)
+++ data/dla-needed.txt 2016-04-29 08:29:34 UTC (rev 41272)
@@ -79,6 +79,8 @@
 --
 squid
 --
+subversion
+--
 tardiff
   fw asked maintainer for preparing debdiffs for wheezy- and jessie-security
   https://anonscm.debian.org/cgit/collab-maint/tardiff.git/log/?h=wheezy


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41266 - in data: . DLA

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-04-28 21:06:59 + (Thu, 28 Apr 2016)
New Revision: 41266

Modified:
   data/DLA/list
   data/dla-needed.txt
Log:
reserve DLA-447-1 for mysql-5.5

Modified: data/DLA/list
===
--- data/DLA/list   2016-04-28 20:24:26 UTC (rev 41265)
+++ data/DLA/list   2016-04-28 21:06:59 UTC (rev 41266)
@@ -1,3 +1,6 @@
+[28 Apr 2016] DLA-447-1 mysql-5.5 - security update
+   {CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 
CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 
CVE-2016-0666 CVE-2016-2047}
+   [wheezy] - mysql-5.5 5.5.49-0+deb7u1
 [28 Apr 2016] DLA-446-1 poppler - security update
{CVE-2015-8868}
[wheezy] - poppler 0.18.4-6+deb7u1

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-28 20:24:26 UTC (rev 41265)
+++ data/dla-needed.txt 2016-04-28 21:06:59 UTC (rev 41266)
@@ -55,10 +55,6 @@
 minissdpd
   NOTE: debdiff sent by Thorsten Alteholz to the Security Team on 2016-03-28
 --
-mysql-5.5 (Santiago R.R.)
-  NOTE: carnil already claimed in dsa-needed.txt
-  NOTE: Robie Basak prepared also a wheezy package 
http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/2016-April/008959.html
---
 nss
 --
 ntp


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41256 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-04-28 10:02:31 + (Thu, 28 Apr 2016)
New Revision: 41256

Modified:
   data/dla-needed.txt
Log:
take mysql-5.5 in dla-needed

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-28 09:32:55 UTC (rev 41255)
+++ data/dla-needed.txt 2016-04-28 10:02:31 UTC (rev 41256)
@@ -53,8 +53,9 @@
 minissdpd
   NOTE: debdiff sent by Thorsten Alteholz to the Security Team on 2016-03-28
 --
-mysql-5.5
+mysql-5.5 (Santiago R.R.)
   NOTE: carnil already claimed in dsa-needed.txt
+  NOTE: Robie Basak prepared also a wheezy package 
http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/2016-April/008959.html
 --
 nss
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41200 - templates

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-04-26 09:58:11 + (Tue, 26 Apr 2016)
New Revision: 41200

Modified:
   templates/lts-update-planned.txt
Log:
templates/lts-update-planned.txt: squeeze->wheezy

Modified: templates/lts-update-planned.txt
===
--- templates/lts-update-planned.txt2016-04-26 09:30:40 UTC (rev 41199)
+++ templates/lts-update-planned.txt2016-04-26 09:58:11 UTC (rev 41200)
@@ -1,11 +1,11 @@
 To: {{ to }}
 Cc: {{ cc }}
-Subject: squeeze update of {{ package }}?
+Subject: Wheezy update of {{ package }}?
 
 Hello dear maintainer(s),
 
 the Debian LTS team would like to fix the security issues which are
-currently open in the Squeeze version of {{ package }}:
+currently open in the Wheezy version of {{ package }}:
 {%- if cve -%}
 {% for entry in cve %}
 https://security-tracker.debian.org/tracker/{{ entry }}


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41197 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-04-26 09:00:08 + (Tue, 26 Apr 2016)
New Revision: 41197

Modified:
   data/dla-needed.txt
Log:
add poppler to dla-needed.txt

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-26 07:49:19 UTC (rev 41196)
+++ data/dla-needed.txt 2016-04-26 09:00:08 UTC (rev 41197)
@@ -75,6 +75,8 @@
 policykit-1
   NOTE: CVE-2016-2568 doesn't have a fix yet, 20160425
 --
+poppler
+--
 samba
   Samba maintainers are preparing updates for regressions
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41166 - bin

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-04-25 14:13:39 + (Mon, 25 Apr 2016)
New Revision: 41166

Modified:
   bin/tracker_data.py
Log:
update bin/tracker_data.py lts->wheezy, next_lts->jessie

Modified: bin/tracker_data.py
===
--- bin/tracker_data.py 2016-04-25 14:13:38 UTC (rev 41165)
+++ bin/tracker_data.py 2016-04-25 14:13:39 UTC (rev 41166)
@@ -29,8 +29,8 @@
 'unstable': 'sid',
 'experimental': 'experimental',
 # LTS specific aliases
-'lts': 'squeeze',
-'next_lts': 'wheezy',
+'lts': 'wheezy',
+'next_lts': 'jessie',
 }
 
 


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41164 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-04-25 14:13:37 + (Mon, 25 Apr 2016)
New Revision: 41164

Modified:
   data/dla-needed.txt
Log:
add tardiff to dla-needed.txt

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-25 14:13:35 UTC (rev 41163)
+++ data/dla-needed.txt 2016-04-25 14:13:37 UTC (rev 41164)
@@ -80,6 +80,9 @@
 --
 squid
 --
+tardiff
+  fw asked maintainer for preparing debdiffs for wheezy- and jessie-security
+--
 tiff
   NOTE: 20160226, no fix available yet
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41165 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-04-25 14:13:38 + (Mon, 25 Apr 2016)
New Revision: 41165

Modified:
   data/dla-needed.txt
Log:
add tiff3 to dla-needed.txt

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-25 14:13:37 UTC (rev 41164)
+++ data/dla-needed.txt 2016-04-25 14:13:38 UTC (rev 41165)
@@ -86,5 +86,7 @@
 tiff
   NOTE: 20160226, no fix available yet
 --
+tiff3
+--
 xymon (Chris Lamb)
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41163 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-04-25 14:13:35 + (Mon, 25 Apr 2016)
New Revision: 41163

Modified:
   data/dla-needed.txt
Log:
add samba to dla-needed.txt

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-25 14:13:34 UTC (rev 41162)
+++ data/dla-needed.txt 2016-04-25 14:13:35 UTC (rev 41163)
@@ -75,6 +75,9 @@
 policykit-1
   NOTE: CVE-2016-2568 doesn't have a fix yet, 20160425
 --
+samba
+  Samba maintainers are preparing updates for regressions
+--
 squid
 --
 tiff


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41162 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-04-25 14:13:34 + (Mon, 25 Apr 2016)
New Revision: 41162

Modified:
   data/dla-needed.txt
Log:
dla-needed.txt: policykit-1 add note about CVE-2016-2568

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-25 14:13:33 UTC (rev 41161)
+++ data/dla-needed.txt 2016-04-25 14:13:34 UTC (rev 41162)
@@ -73,6 +73,7 @@
 php5
 --
 policykit-1
+  NOTE: CVE-2016-2568 doesn't have a fix yet, 20160425
 --
 squid
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41161 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-04-25 14:13:33 + (Mon, 25 Apr 2016)
New Revision: 41161

Modified:
   data/dla-needed.txt
Log:
remove mediawiki from dla-needed.txt, not supported in LTS

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-25 14:13:28 UTC (rev 41160)
+++ data/dla-needed.txt 2016-04-25 14:13:33 UTC (rev 41161)
@@ -52,8 +52,6 @@
 --
 linux
 --
-mediawiki
---
 minissdpd
   NOTE: debdiff sent by Thorsten Alteholz to the Security Team on 2016-03-28
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41160 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-04-25 14:13:28 + (Mon, 25 Apr 2016)
New Revision: 41160

Modified:
   data/dla-needed.txt
Log:
add openjdk-7, pdns and php5 to dla-needed.txt

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-25 14:01:34 UTC (rev 41159)
+++ data/dla-needed.txt 2016-04-25 14:13:28 UTC (rev 41160)
@@ -66,8 +66,14 @@
   NOTE: maintainer wants to upload package (as done before)
   NOTE: <20160213161710.ga9...@roeckx.be>
 --
+openjdk-7
+--
 openssl
 --
+pdns (Mike Gabriel)
+--
+php5
+--
 policykit-1
 --
 squid


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41154 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-04-25 13:28:13 + (Mon, 25 Apr 2016)
New Revision: 41154

Modified:
   data/dla-needed.txt
Log:
data/dla-needed.txt: add libidn and libxstream-java, fixs for both already 
proposed

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-25 13:06:57 UTC (rev 41153)
+++ data/dla-needed.txt 2016-04-25 13:28:13 UTC (rev 41154)
@@ -36,9 +36,20 @@
 imagemagick
   NOTE: only minor issues
 --
+libidn
+  Working debdiff for wheezy-security at
+  https://people.debian.org/~ghedo/libidn_1.25-2+deb7u1.diff
+  Work-in-progress debdiff for jessie-security at
+  https://people.debian.org/~ghedo/libidn_1.29-1+deb8u1.diff
+  Help is needed to fix it so that it doesn't FTBFS
+--
 libxml2
   NOTE: 20160226, no fix available yet
 --
+libxstream-java (jmm)
+  Emmanuel Bourg proposed debdiff for both wheezy- and jessie-security
+  waiting an additional to solicit regression feedback from change in sid
+--
 linux
 --
 ntp


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41155 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-04-25 13:28:14 + (Mon, 25 Apr 2016)
New Revision: 41155

Modified:
   data/dla-needed.txt
Log:
add mediawiki to dla-needed.txt

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-25 13:28:13 UTC (rev 41154)
+++ data/dla-needed.txt 2016-04-25 13:28:14 UTC (rev 41155)
@@ -52,6 +52,8 @@
 --
 linux
 --
+mediawiki
+--
 ntp
   NOTE: maintainer wants to upload package (as done before)
   NOTE: <20160213161710.ga9...@roeckx.be>


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41156 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-04-25 13:28:16 + (Mon, 25 Apr 2016)
New Revision: 41156

Modified:
   data/dla-needed.txt
Log:
add minissdpd, mysql-5.5 and nss to dla-needed.txt

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-25 13:28:14 UTC (rev 41155)
+++ data/dla-needed.txt 2016-04-25 13:28:16 UTC (rev 41156)
@@ -54,6 +54,14 @@
 --
 mediawiki
 --
+minissdpd
+  NOTE: debdiff sent by Thorsten Alteholz to the Security Team on 2016-03-28
+--
+mysql-5.5
+  NOTE: carnil already claimed in dsa-needed.txt
+--
+nss
+--
 ntp
   NOTE: maintainer wants to upload package (as done before)
   NOTE: <20160213161710.ga9...@roeckx.be>


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41149 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-04-25 13:06:50 + (Mon, 25 Apr 2016)
New Revision: 41149

Modified:
   data/dla-needed.txt
Log:
remove dwarfutils, currently only no-dsa issues

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-25 12:46:01 UTC (rev 41148)
+++ data/dla-needed.txt 2016-04-25 13:06:50 UTC (rev 41149)
@@ -17,9 +17,6 @@
 cakephp
   NOTE: CVE-2015-8379 No official solution is currently available, 20160425
 --
-dwarfutils
-  NOTE: 20160123, no CVE assigned yet, no fix availabe yet
---
 extplorer (Thorsten Alteholz)
 --
 graphicsmagick


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41150 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-04-25 13:06:53 + (Mon, 25 Apr 2016)
New Revision: 41150

Modified:
   data/dla-needed.txt
Log:
add 389-ds-base to dla-needed.txt

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-25 13:06:50 UTC (rev 41149)
+++ data/dla-needed.txt 2016-04-25 13:06:53 UTC (rev 41150)
@@ -9,6 +9,8 @@
 https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 
 --
+389-ds-base
+--
 asterisk (Thorsten Alteholz)
 --
 cacti


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41152 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-04-25 13:06:56 + (Mon, 25 Apr 2016)
New Revision: 41152

Modified:
   data/dla-needed.txt
Log:
add gosa to dla-needed.txt, already claimed by Mike Gabriel

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-25 13:06:54 UTC (rev 41151)
+++ data/dla-needed.txt 2016-04-25 13:06:56 UTC (rev 41152)
@@ -23,6 +23,10 @@
 --
 extplorer (Thorsten Alteholz)
 --
+gosa (Mike Gabriel)
+  NOTE: .debdiff sent to the Security Team, waiting for feedback
+  NOTE: asked about jessie status (seb)
+--
 graphicsmagick
   NOTE: CVE-2016-231{8,9} don't have upstream fixes but we crash on the 
exploits
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41153 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-04-25 13:06:57 + (Mon, 25 Apr 2016)
New Revision: 41153

Modified:
   data/dla-needed.txt
Log:
remove note about test icu packages for squeeze-lts

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-25 13:06:56 UTC (rev 41152)
+++ data/dla-needed.txt 2016-04-25 13:06:57 UTC (rev 41153)
@@ -32,7 +32,6 @@
 --
 icu
   NOTE: check comments on CVE-2016-0494 as well
-  NOTE: tentative package for icu 
https://lists.debian.org/debian-lts/2016/01/msg00133.html
 --
 imagemagick
   NOTE: only minor issues


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41151 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-04-25 13:06:54 + (Mon, 25 Apr 2016)
New Revision: 41151

Modified:
   data/dla-needed.txt
Log:
add botan1.10 to dla-needed.txt

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-25 13:06:53 UTC (rev 41150)
+++ data/dla-needed.txt 2016-04-25 13:06:54 UTC (rev 41151)
@@ -13,6 +13,8 @@
 --
 asterisk (Thorsten Alteholz)
 --
+botan1.10 (Markus Koschany)
+--
 cacti
   NOTE: CVE-2016-3659 doesn't have a fix yet, 20160425
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41147 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-04-25 12:13:36 + (Mon, 25 Apr 2016)
New Revision: 41147

Modified:
   data/dla-needed.txt
Log:
remove curl, currently only no-dsa issues

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-25 12:13:34 UTC (rev 41146)
+++ data/dla-needed.txt 2016-04-25 12:13:36 UTC (rev 41147)
@@ -17,9 +17,6 @@
 cakephp
   NOTE: CVE-2015-8379 No official solution is currently available, 20160425
 --
-curl
-  NOTE: marked as no-dsa as fixes may be too intrusive to backport
---
 dwarfutils
   NOTE: 20160123, no CVE assigned yet, no fix availabe yet
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41146 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-04-25 12:13:34 + (Mon, 25 Apr 2016)
New Revision: 41146

Modified:
   data/dla-needed.txt
Log:
Note about CVE-2015-8379/cakephp

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-25 12:13:33 UTC (rev 41145)
+++ data/dla-needed.txt 2016-04-25 12:13:34 UTC (rev 41146)
@@ -12,10 +12,10 @@
 asterisk (Thorsten Alteholz)
 --
 cacti
-  NOTE: CVE-2016-3659 doesn't have a fix yet, 20160425 (santiago)
+  NOTE: CVE-2016-3659 doesn't have a fix yet, 20160425
 --
 cakephp
-  NOTE: 20160123, No official solution is currently available.
+  NOTE: CVE-2015-8379 No official solution is currently available, 20160425
 --
 curl
   NOTE: marked as no-dsa as fixes may be too intrusive to backport


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41145 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-04-25 12:13:33 + (Mon, 25 Apr 2016)
New Revision: 41145

Modified:
   data/dla-needed.txt
Log:
dla-needed: note about CVE-2016-3659/cacti

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-25 11:37:38 UTC (rev 41144)
+++ data/dla-needed.txt 2016-04-25 12:13:33 UTC (rev 41145)
@@ -12,7 +12,7 @@
 asterisk (Thorsten Alteholz)
 --
 cacti
-  NOTE: Issue being disputed, check 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814353#10
+  NOTE: CVE-2016-3659 doesn't have a fix yet, 20160425 (santiago)
 --
 cakephp
   NOTE: 20160123, No official solution is currently available.


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41033 - org

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-04-21 07:15:06 + (Thu, 21 Apr 2016)
New Revision: 41033

Modified:
   org/lts-frontdesk.2016.txt
Log:
LTS frontdesk: add myself for next week

Modified: org/lts-frontdesk.2016.txt
===
--- org/lts-frontdesk.2016.txt  2016-04-21 06:42:04 UTC (rev 41032)
+++ org/lts-frontdesk.2016.txt  2016-04-21 07:15:06 UTC (rev 41033)
@@ -27,7 +27,7 @@
 From 04-04 to 10-04:
 From 11-04 to 17-04:Markus Koschany <a...@debian.org>
 From 18-04 to 24-04:
-From 25-04 to 01-05:
+From 25-04 to 01-05:Santiago Ruano Rincón <santiag...@riseup.net>
 From 02-05 to 08-05:Markus Koschany <a...@debian.org>
 From 09-05 to 15-05:
 From 16-05 to 22-05:


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40181 - data/CVE

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-03-05 16:43:27 + (Sat, 05 Mar 2016)
New Revision: 40181

Modified:
   data/CVE/list
Log:
CVE-2016-2569/squid3 add notes on needed additional patches

Modified: data/CVE/list
===
--- data/CVE/list   2016-03-05 14:24:22 UTC (rev 40180)
+++ data/CVE/list   2016-03-05 16:43:27 UTC (rev 40181)
@@ -738,6 +738,8 @@
- squid  (Vulnerable code not present)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
NOTE: 
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patch
+   NOTE: 
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13998.patch
+   NOTE: 
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13999.patch
NOTE: 
http://www.squid-cache.org/Versions/v4/changesets/squid-4-14552.patch
NOTE: Upstream confirmed it does not affect squid 2.7.x
 CVE-2016-2568 [Program run via pkexec as unprivileged user can escape to 
parent session via TIOCSTI ioctl]


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40154 - data/DLA

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-03-03 21:55:53 + (Thu, 03 Mar 2016)
New Revision: 40154

Modified:
   data/DLA/list
Log:
DLA-445-2/squid3 regression update

Modified: data/DLA/list
===
--- data/DLA/list   2016-03-03 21:15:54 UTC (rev 40153)
+++ data/DLA/list   2016-03-03 21:55:53 UTC (rev 40154)
@@ -1,3 +1,6 @@
+[03 Mar 2016] DLA-445-2 squid3 - regression update
+   {CVE-2016-2569}
+   [squeeze] - squid3 3.1.6-1.2+squeeze7
 [29 Feb 2016] DLA-445-1 squid3 - security update
{CVE-2016-2569 CVE-2016-2571}
[squeeze] - squid3 3.1.6-1.2+squeeze6


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40068 - in data: . DLA

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-02-29 19:00:55 + (Mon, 29 Feb 2016)
New Revision: 40068

Modified:
   data/DLA/list
   data/dla-needed.txt
Log:
Reserve DLA 445-1 for squid3

Modified: data/DLA/list
===
--- data/DLA/list   2016-02-29 18:57:56 UTC (rev 40067)
+++ data/DLA/list   2016-02-29 19:00:55 UTC (rev 40068)
@@ -1,3 +1,6 @@
+[29 Feb 2016] DLA-445-1 squid3 - security update
+   {CVE-2016-2569 CVE-2016-2571}
+   [squeeze] - squid3 3.1.6-1.2+squeeze6
 [29 Feb 2016] DLA-444-1 php5 - security update
{CVE-2015-2305 CVE-2015-2348}
[squeeze] - php5 5.3.3.1-7+squeeze29

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-02-29 18:57:56 UTC (rev 40067)
+++ data/dla-needed.txt 2016-02-29 19:00:55 UTC (rev 40068)
@@ -53,8 +53,6 @@
 --
 squid
 --
-squid3 (Santiago R.R.)
---
 tiff
   NOTE: 20160226, no fix available yet
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40066 - data/CVE

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-02-29 18:51:51 + (Mon, 29 Feb 2016)
New Revision: 40066

Modified:
   data/CVE/list
Log:
add note about CVE-2016-2570/squid3

Modified: data/CVE/list
===
--- data/CVE/list   2016-02-29 18:45:48 UTC (rev 40065)
+++ data/CVE/list   2016-02-29 18:51:51 UTC (rev 40066)
@@ -91,6 +91,7 @@
NOTE: 
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13993.patch
NOTE: 
http://www.squid-cache.org/Versions/v4/changesets/squid-4-14549.patch
NOTE: Upstream confirmed it does not affect squid 2.7.x
+   NOTE: It's maybe too instrusive to fix in 3.1 (squeeze and wheezy).
 CVE-2016-2569
RESERVED
- squid3  (bug #816011)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40053 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-02-29 08:43:34 + (Mon, 29 Feb 2016)
New Revision: 40053

Modified:
   data/dla-needed.txt
Log:
Take squid3 in dla-needed.txt

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-02-29 08:32:27 UTC (rev 40052)
+++ data/dla-needed.txt 2016-02-29 08:43:34 UTC (rev 40053)
@@ -65,7 +65,7 @@
 --
 squid
 --
-squid3
+squid3 (Santiago R.R.)
 --
 tiff
   NOTE: 20160226, no fix available yet


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40052 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-02-29 08:32:27 + (Mon, 29 Feb 2016)
New Revision: 40052

Modified:
   data/dla-needed.txt
Log:
sort data/dla-needed.txt alphabetically

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-02-29 07:44:39 UTC (rev 40051)
+++ data/dla-needed.txt 2016-02-29 08:32:27 UTC (rev 40052)
@@ -17,6 +17,8 @@
 cakephp
   NOTE: 20160123, No official solution is currently available.
 --
+coreutils
+--
 curl
   NOTE: marked as no-dsa in wheezy as too intrusive to backport
   NOTE: should we have the resources to handle it we should fix wheezy too.
@@ -36,9 +38,13 @@
 --
 jasper (Ben Hutchings)
 --
+libebml
+--
 libxml2
   NOTE: 20160226, no fix available yet
 --
+linux-2.6
+--
 lxc (Mike Gabriel)
   NOTE: waiting for upstream feedback: 
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662/comments/77
 --
@@ -48,27 +54,21 @@
   NOTE: maintainer wants to upload package (as done before)
   NOTE: <20160213161710.ga9...@roeckx.be>
 --
+openssl
+--
+pcre3 (Markus Koschany)
+--
 php5 (Thorsten Alteholz)
   NOTE: next upload end of December
 --
-tiff
-  NOTE: 20160226, no fix available yet
---
-xymon (Chris Lamb)
---
-pcre3 (Markus Koschany)
---
 policykit-1
 --
 squid
 --
 squid3
 --
-openssl
+tiff
+  NOTE: 20160226, no fix available yet
 --
-libebml
+xymon (Chris Lamb)
 --
-coreutils
---
-linux-2.6
---


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39978 - in data: . DLA

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-02-27 09:51:13 + (Sat, 27 Feb 2016)
New Revision: 39978

Modified:
   data/DLA/list
   data/dla-needed.txt
Log:
Reserve DLA-434-1 for gtk+2.0

Modified: data/DLA/list
===
--- data/DLA/list   2016-02-27 08:25:23 UTC (rev 39977)
+++ data/DLA/list   2016-02-27 09:51:13 UTC (rev 39978)
@@ -1,3 +1,6 @@
+[27 Feb 2016] DLA-434-1 gtk+2.0 - security update
+   {CVE-2015-4491 CVE-2015-7673 CVE-2015-7674}
+   [squeeze] - gtk+2.0 2.20.1-2+deb6u2
 [25 Feb 2016] DLA-433-1 xerces-c - security update
{CVE-2016-0729}
[squeeze] - xerces-c 3.1.1-1+deb6u2

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-02-27 08:25:23 UTC (rev 39977)
+++ data/dla-needed.txt 2016-02-27 09:51:13 UTC (rev 39978)
@@ -27,8 +27,6 @@
 graphicsmagick
   NOTE: CVE-2016-231{8,9} don't have upstream fixes but we crash on the 
exploits
 --
-gtk+2.0 (Santiago R.R.)
---
 icu
   NOTE: check comments on CVE-2016-0494 as well
   NOTE: tentative package for icu 
https://lists.debian.org/debian-lts/2016/01/msg00133.html


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39809 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-02-22 14:06:38 + (Mon, 22 Feb 2016)
New Revision: 39809

Modified:
   data/dla-needed.txt
Log:
Add gtk+2.0 to dla-needed and claim it

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-02-22 14:03:33 UTC (rev 39808)
+++ data/dla-needed.txt 2016-02-22 14:06:38 UTC (rev 39809)
@@ -29,6 +29,8 @@
 graphicsmagick
   NOTE: CVE-2016-231{8,9} don't have upstream fixes but we crash on the 
exploits
 --
+gtk+2.0 (Santiago R.R.)
+--
 icu
   NOTE: check comments on CVE-2016-0494 as well
   NOTE: tentative package for icu 
https://lists.debian.org/debian-lts/2016/01/msg00133.html


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39808 - data/CVE

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-02-22 14:03:33 + (Mon, 22 Feb 2016)
New Revision: 39808

Modified:
   data/CVE/list
Log:
CVE-2015-4491, CVE-2015-7673, CVE-2015-7674: gdk-pixbuf code was part of 
gtk+2.0 in squeeze

Modified: data/CVE/list
===
--- data/CVE/list   2016-02-22 13:50:15 UTC (rev 39807)
+++ data/CVE/list   2016-02-22 14:03:33 UTC (rev 39808)
@@ -10148,6 +10148,7 @@
 CVE-2015-7673 (io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its 
...)
{DSA-3378-1}
- gdk-pixbuf 2.32.0-1
+   [squeeze] - gtk+2.0 
NOTE: http://www.openwall.com/lists/oss-security/2015/10/01/3
NOTE: 
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=19f9685dbff7d1f929c61cf99188df917a18811d
NOTE: 
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=edf6fb8d856574bc3bb3a703037f56533229267c
@@ -10155,6 +10156,7 @@
 CVE-2015-7674 (Integer overflow in the pixops_scale_nearest function in ...)
{DSA-3378-1}
- gdk-pixbuf 2.32.1-1
+   [squeeze] - gtk+2.0 
NOTE: http://www.openwall.com/lists/oss-security/2015/10/01/4
NOTE: 
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa
 CVE-2015- [trivial hash complexity DoS attack]
@@ -18793,6 +18795,7 @@
 CVE-2015-4491 (Integer overflow in the make_filter_table function in 
pixops/pixops.c ...)
{DSA-3337-2 DSA-3337-1}
- gdk-pixbuf 2.31.7-1
+   [squeeze] - gtk+2.0 
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=752297
NOTE: 
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199
NOTE: 
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=8dba67cb4f38d62a47757741ad41e3f245b4a32a


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39738 - in data: . DLA

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-02-17 09:52:58 + (Wed, 17 Feb 2016)
New Revision: 39738

Modified:
   data/DLA/list
   data/dla-needed.txt
Log:
Reserve DLA-419-1 for gtk+2.0

Modified: data/DLA/list
===
--- data/DLA/list   2016-02-17 06:12:58 UTC (rev 39737)
+++ data/DLA/list   2016-02-17 09:52:58 UTC (rev 39738)
@@ -1,3 +1,6 @@
+[17 Feb 2016] DLA-419-1 gtk+2.0 - security update
+   {CVE-2013-7447}
+   [squeeze] - gtk+2.0 2.20.1-2+deb6u1
 [16 Feb 2016] DLA-418-1 wordpress - security update
{CVE-2016-2221 CVE-2016-}
[squeeze] - wordpress 3.6.1+dfsg-1~deb6u9

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-02-17 06:12:58 UTC (rev 39737)
+++ data/dla-needed.txt 2016-02-17 09:52:58 UTC (rev 39738)
@@ -25,8 +25,6 @@
 graphicsmagick
   NOTE: CVE-2016-231{8,9} don't have upstream fixes but we crash on the 
exploits
 --
-gtk+2.0 (Santiago R.R.)
---
 icu
   NOTE: check comments on CVE-2016-0494 as well
   NOTE: tentative package for icu 
https://lists.debian.org/debian-lts/2016/01/msg00133.html


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39711 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-02-16 09:12:54 + (Tue, 16 Feb 2016)
New Revision: 39711

Modified:
   data/dla-needed.txt
Log:
take gtk+2.0 in dla-needed.txt

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-02-16 09:10:15 UTC (rev 39710)
+++ data/dla-needed.txt 2016-02-16 09:12:54 UTC (rev 39711)
@@ -24,7 +24,7 @@
 --
 eglibc (Aurelien Jarno)
 --
-gtk+2.0
+gtk+2.0 (Santiago R.R.)
 --
 icu
   NOTE: check comments on CVE-2016-0494 as well


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39686 - in data: . DLA

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-02-15 09:01:02 + (Mon, 15 Feb 2016)
New Revision: 39686

Modified:
   data/DLA/list
   data/dla-needed.txt
Log:
Reserve DLA-415-1 for cpio

Modified: data/DLA/list
===
--- data/DLA/list   2016-02-14 21:10:12 UTC (rev 39685)
+++ data/DLA/list   2016-02-15 09:01:02 UTC (rev 39686)
@@ -1,3 +1,6 @@
+[15 Feb 2016] DLA-415-1 cpio - security update
+   {CVE-2016-2037}
+   [squeeze] - cpio 2.11-4+deb6u2
 [12 Feb 2016] DLA-414-1 chrony - security update
{CVE-2016-1567}
[squeeze] - chrony 1.24-3+squeeze3

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-02-14 21:10:12 UTC (rev 39685)
+++ data/dla-needed.txt 2016-02-15 09:01:02 UTC (rev 39686)
@@ -12,8 +12,6 @@
 cakephp
   NOTE: 20160123, No official solution is currently available.
 --
-cpio (Santiago R.R.)
---
 curl
   NOTE: marked as no-dsa in wheezy as too intrusive to backport
   NOTE: should we have the resources to handle it we should fix wheezy too.


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39651 - data/CVE

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-02-13 18:12:33 + (Sat, 13 Feb 2016)
New Revision: 39651

Modified:
   data/CVE/list
Log:
CVE-2015-7511/libgcrypt11 squeeze not-affected

Modified: data/CVE/list
===
--- data/CVE/list   2016-02-13 14:36:36 UTC (rev 39650)
+++ data/CVE/list   2016-02-13 18:12:33 UTC (rev 39651)
@@ -9932,6 +9932,7 @@
{DSA-3474-1}
- libgcrypt20 1.6.5-2
- libgcrypt11 
+   [squeeze] - libgcrypt11  (Vulnerable code not present)
NOTE: http://www.cs.tau.ac.IL/~tromer/ecdh/
NOTE: 
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=fcbb9fcc2e6983ea61bf565b6ee2e29816b8cd57
 (LIBGCRYPT-1-5-BRANCH)
NOTE: 
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=de7db12fa04016e12dffb2b678632f45eba15ec4
 (libgcrypt-1.6.5)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39634 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-02-12 15:59:20 + (Fri, 12 Feb 2016)
New Revision: 39634

Modified:
   data/dla-needed.txt
Log:
claim cpio in dla-needed.txt

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-02-12 15:53:31 UTC (rev 39633)
+++ data/dla-needed.txt 2016-02-12 15:59:20 UTC (rev 39634)
@@ -16,8 +16,7 @@
   NOTE: maintainer applied patch in git, but package couldn't be built
   NOTE: follow thread: 
https://lists.debian.org/debian-lts/2016/01/msg00115.html
 --
-cpio
-  NOTE: 20160123, no fix available yet
+cpio (Santiago R.R.)
 --
 curl
   NOTE: marked as no-dsa in wheezy as too intrusive to backport


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39597 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-02-11 10:07:27 + (Thu, 11 Feb 2016)
New Revision: 39597

Modified:
   data/dla-needed.txt
Log:
wordpress needs a DLA

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-02-11 08:14:32 UTC (rev 39596)
+++ data/dla-needed.txt 2016-02-11 10:07:27 UTC (rev 39597)
@@ -59,3 +59,5 @@
 --
 xymon (Chris Lamb)
 --
+wordpress
+--


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39617 - data/DLA

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-02-11 22:13:40 + (Thu, 11 Feb 2016)
New Revision: 39617

Modified:
   data/DLA/list
Log:
reserve DLA-411-2 for eglibc

Modified: data/DLA/list
===
--- data/DLA/list   2016-02-11 21:10:14 UTC (rev 39616)
+++ data/DLA/list   2016-02-11 22:13:40 UTC (rev 39617)
@@ -1,3 +1,5 @@
+[11 Feb 2016] DLA-411-2 eglibc - regression update
+   [squeeze] - eglibc 2.11.3-4+deb6u10
 [09 Feb 2016] DLA-413-1 gajim - security update
{CVE-2015-8688}
[squeeze] - gajim 0.13.4-3+squeeze4


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39562 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-02-09 14:56:12 + (Tue, 09 Feb 2016)
New Revision: 39562

Modified:
   data/dla-needed.txt
Log:
add xymon to dla-needed

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-02-09 13:38:26 UTC (rev 39561)
+++ data/dla-needed.txt 2016-02-09 14:56:12 UTC (rev 39562)
@@ -57,3 +57,5 @@
 --
 tiff
 --
+xymon
+--


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39474 - in data: . DLA

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-02-05 11:45:03 + (Fri, 05 Feb 2016)
New Revision: 39474

Modified:
   data/DLA/list
   data/dla-needed.txt
Log:
Reserve DLA-411-1 for eglibc

Modified: data/DLA/list
===
--- data/DLA/list   2016-02-05 11:08:57 UTC (rev 39473)
+++ data/DLA/list   2016-02-05 11:45:03 UTC (rev 39474)
@@ -1,3 +1,6 @@
+[05 Feb 2016] DLA-411-1 eglibc - security update
+   {CVE-2014-9761 CVE-2015-8776 CVE-2015-8778 CVE-2015-8779}
+   [squeeze] - eglibc eglibc_2.11.3-4+deb6u9
 [04 Feb 2016] DLA-410-1 openjdk-6 - security update
{CVE-2015-7575 CVE-2015-8126 CVE-2015-8472 CVE-2016-0402 CVE-2016-0448 
CVE-2016-0466 CVE-2016-0483 CVE-2016-0494}
[squeeze] - openjdk-6 6b38-1.13.10-1~deb6u1

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-02-05 11:08:57 UTC (rev 39473)
+++ data/dla-needed.txt 2016-02-05 11:45:03 UTC (rev 39474)
@@ -26,8 +26,6 @@
 dwarfutils
   NOTE: 20160123, no CVE assigned yet, no fix availabe yet
 --
-eglibc (Santiago R.R.)
---
 gajim (Brian May)
   NOTE: _rosterSetCB in src/common/connection_handlers.py ?
   NOTE: I believe the referenced patch should fix this:


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39388 - in data: . DLA

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-01-31 21:30:33 + (Sun, 31 Jan 2016)
New Revision: 39388

Modified:
   data/DLA/list
   data/dla-needed.txt
Log:
Reserve DLA-409-1 for mysql-5.5

Modified: data/DLA/list
===
--- data/DLA/list   2016-01-31 21:10:11 UTC (rev 39387)
+++ data/DLA/list   2016-01-31 21:30:33 UTC (rev 39388)
@@ -1,3 +1,6 @@
+[31 Jan 2016] DLA-409-1 mysql-5.5 - security update
+   {CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 
CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616}
+   [squeeze] - mysql-5.5 5.5.47-0+deb6u1
 [31 Jan 2016] DLA-408-1 gosa - security update
{CVE-2015-8771}
[squeeze] - gosa 2.6.11-3+squeeze5

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-01-31 21:10:11 UTC (rev 39387)
+++ data/dla-needed.txt 2016-01-31 21:30:33 UTC (rev 39388)
@@ -56,9 +56,6 @@
 --
 macopix (Paul Liu)
 --
-mysql-5.5 (Santiago R.R.)
-  NOTE: test packages available: 
https://lists.debian.org/debian-lts/2016/01/msg00092.html
---
 nss (Guido Günther)
   NOTE: Trying to sync the solution for CVE-2015-4000 with security team first
   NOTE: see https://lists.debian.org/debian-lts/2015/12/msg00025.html


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39359 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-01-30 22:48:49 + (Sat, 30 Jan 2016)
New Revision: 39359

Modified:
   data/dla-needed.txt
Log:
Claim eglibc in dla-needed.txt

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-01-30 21:10:12 UTC (rev 39358)
+++ data/dla-needed.txt 2016-01-30 22:48:49 UTC (rev 39359)
@@ -28,7 +28,7 @@
 dwarfutils
   NOTE: 20160123, no CVE assigned yet, no fix availabe yet
 --
-eglibc
+eglibc (Santiago R.R.)
 --
 gajim
   NOTE: _rosterSetCB in src/common/connection_handlers.py ?


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39286 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-01-29 09:17:08 + (Fri, 29 Jan 2016)
New Revision: 39286

Modified:
   data/dla-needed.txt
Log:
add note on mysql-5.5.47 for squeeze

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-01-29 09:15:31 UTC (rev 39285)
+++ data/dla-needed.txt 2016-01-29 09:17:08 UTC (rev 39286)
@@ -51,6 +51,7 @@
 macopix (Paul Liu)
 --
 mysql-5.5 (Santiago R.R.)
+  NOTE: test packages available: 
https://lists.debian.org/debian-lts/2016/01/msg00092.html
 --
 nss (Guido Günther)
   NOTE: Trying to sync the solution for CVE-2015-4000 with security team first


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39187 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-01-26 09:08:09 + (Tue, 26 Jan 2016)
New Revision: 39187

Modified:
   data/dla-needed.txt
Log:
add back tiff to dla-needed.txt

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-01-26 08:08:34 UTC (rev 39186)
+++ data/dla-needed.txt 2016-01-26 09:08:09 UTC (rev 39187)
@@ -58,3 +58,5 @@
 --
 radicale (Markus Koschany)
 --
+tiff
+--


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39176 - in data: . DLA

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-01-25 23:25:31 + (Mon, 25 Jan 2016)
New Revision: 39176

Modified:
   data/DLA/list
   data/dla-needed.txt
Log:
reserve DLA-402-1 for tiff

Modified: data/DLA/list
===
--- data/DLA/list   2016-01-25 21:32:26 UTC (rev 39175)
+++ data/DLA/list   2016-01-25 23:25:31 UTC (rev 39176)
@@ -1,3 +1,6 @@
+[26 Jan 2016] DLA-402-1 tiff - security update
+   {CVE-2015-8665 CVE-2015-8683}
+   [squeeze] - tiff 3.9.4-5+squeeze13
 [24 Jan 2016] DLA-401-1 imlib2 - security update
{CVE-2014-9762 CVE-2014-9763 CVE-2014-9764}
[squeeze] - imlib2 1.4.2-8+deb6u1

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-01-25 21:32:26 UTC (rev 39175)
+++ data/dla-needed.txt 2016-01-25 23:25:31 UTC (rev 39176)
@@ -58,5 +58,3 @@
 --
 radicale (Markus Koschany)
 --
-tiff (Santiago R.R.)
---


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39061 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-01-21 18:51:03 + (Thu, 21 Jan 2016)
New Revision: 39061

Modified:
   data/dla-needed.txt
Log:
Add mysql-5.5 in dla-needed.txt, and claim it

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-01-21 17:36:41 UTC (rev 39060)
+++ data/dla-needed.txt 2016-01-21 18:51:03 UTC (rev 39061)
@@ -28,6 +28,8 @@
 --
 macopix (Paul Liu)
 --
+mysql-5.5 (Santiago R.R.)
+--
 nss (Guido Günther)
   NOTE: Trying to sync the solution for CVE-2015-4000 with security team first
   NOTE: see https://lists.debian.org/debian-lts/2015/12/msg00025.html


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39044 - data/CVE

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-01-20 14:02:26 + (Wed, 20 Jan 2016)
New Revision: 39044

Modified:
   data/CVE/list
Log:
CVE-2015-7744 also fixed in squeeze

Modified: data/CVE/list
===
--- data/CVE/list   2016-01-20 13:40:46 UTC (rev 39043)
+++ data/CVE/list   2016-01-20 14:02:26 UTC (rev 39044)
@@ -7464,6 +7464,7 @@
- mysql-5.5 5.5.46-0+deb8u1
[jessie] - mysql-5.5 5.5.46-0+deb8u1
[wheezy] - mysql-5.5 5.5.46-0+deb7u1
+   [squeeze] - mysql-5.5 5.5.46-0+deb6u1
- mariadb-10.0 
NOTE: 
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
 CVE-2015-7743


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39015 - data/CVE

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-01-19 15:13:14 + (Tue, 19 Jan 2016)
New Revision: 39015

Modified:
   data/CVE/list
Log:
CVE-2015-7558/librsvg in squeeze:  (Too intrusive to backport)

Modified: data/CVE/list
===
--- data/CVE/list   2016-01-19 15:11:13 UTC (rev 39014)
+++ data/CVE/list   2016-01-19 15:13:14 UTC (rev 39015)
@@ -7912,6 +7912,7 @@
- librsvg 2.40.12-1
[jessie] - librsvg  (Too intrusive to backport)
[wheezy] - librsvg  (Too intrusive to backport)
+   [squeeze] - librsvg  (Too intrusive to backport)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1268243
NOTE: 
https://git.gnome.org/browse/librsvg/commit/?id=a51919f7e1ca9c535390a746fbf6e28c8402dc61
 (2.40.12)
 CVE-2015-7557 [Out-of-bounds heap read in librsvg2 was found when parsing SVG 
file]


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39014 - in data: . DLA

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-01-19 15:11:13 + (Tue, 19 Jan 2016)
New Revision: 39014

Modified:
   data/DLA/list
   data/dla-needed.txt
Log:
Reserve DLA-395-1 for librsvg

Modified: data/DLA/list
===
--- data/DLA/list   2016-01-19 14:55:10 UTC (rev 39013)
+++ data/DLA/list   2016-01-19 15:11:13 UTC (rev 39014)
@@ -1,3 +1,6 @@
+[19 Jan 2016] DLA-395-1 librsvg - security update
+   {CVE-2015-7557}
+   [squeeze] - librsvg 2.26.3-1+deb6u3
 [19 Jan 2016] DLA-385-2 isc-dhcp - regression update
{CVE-2015-8605}
[squeeze] - isc-dhcp 4.1.1-P1-15+squeeze10

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-01-19 14:55:10 UTC (rev 39013)
+++ data/dla-needed.txt 2016-01-19 15:11:13 UTC (rev 39014)
@@ -20,8 +20,6 @@
 --
 libraw
 --
-librsvg (Santiago R.R.)
---
 linux-2.6 (Ben Hutchings)
 --
 lxc (Mike Gabriel)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r39017 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-01-19 16:54:39 + (Tue, 19 Jan 2016)
New Revision: 39017

Modified:
   data/dla-needed.txt
Log:
Claim tiff in dla-needed.txt

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-01-19 15:57:54 UTC (rev 39016)
+++ data/dla-needed.txt 2016-01-19 16:54:39 UTC (rev 39017)
@@ -41,5 +41,5 @@
 --
 radicale (Markus Koschany)
 --
-tiff
+tiff (Santiago R.R.)
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r38818 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-01-10 12:23:02 + (Sun, 10 Jan 2016)
New Revision: 38818

Modified:
   data/dla-needed.txt
Log:
Claim icu in dla-needed.txt

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-01-10 10:28:58 UTC (rev 38817)
+++ data/dla-needed.txt 2016-01-10 12:23:02 UTC (rev 38818)
@@ -18,7 +18,7 @@
 --
 giflib (Guido Günther)
 --
-icu
+icu (Santiago R.R.)
 --
 inspircd (Ben Hutchings)
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r38832 - in data: . DLA

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-01-10 21:18:18 + (Sun, 10 Jan 2016)
New Revision: 38832

Modified:
   data/DLA/list
   data/dla-needed.txt
Log:
Reserve DLA-381-1 for icu

Modified: data/DLA/list
===
--- data/DLA/list   2016-01-10 21:10:10 UTC (rev 38831)
+++ data/DLA/list   2016-01-10 21:18:18 UTC (rev 38832)
@@ -1,3 +1,6 @@
+[10 Jan 2016] DLA-381-1 icu - security update
+   {CVE-2015-2632}
+   [squeeze] - icu 4.4.1-8+squeeze5
 [04 Jan 2016] DLA-374-3 cacti - regression update
[squeeze] - cacti 0.8.7g-1+squeeze9+deb6u13
 [04 Jan 2016] DLA-380-1 libvncserver - security update

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-01-10 21:10:10 UTC (rev 38831)
+++ data/dla-needed.txt 2016-01-10 21:18:18 UTC (rev 38832)
@@ -18,8 +18,6 @@
 --
 giflib (Guido Günther)
 --
-icu (Santiago R.R.)
---
 inspircd (Ben Hutchings)
 --
 libraw


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r38645 - data

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-01-02 15:50:07 + (Sat, 02 Jan 2016)
New Revision: 38645

Modified:
   data/dla-needed.txt
Log:
Take librsvg in dla-needed

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-01-02 09:27:14 UTC (rev 38644)
+++ data/dla-needed.txt 2016-01-02 15:50:07 UTC (rev 38645)
@@ -22,7 +22,7 @@
 --
 libraw
 --
-librsvg
+librsvg (Santiago R.R.)
 --
 libvncserver (Mike Gabriel)
   NOTE: a fix is probably not trivial, as thread safety has to be backported 
to 0.9.7


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r38649 - in data: . DLA

[Santiago Ruano Rincón]

Author: santiago
Date: 2016-01-02 19:01:30 + (Sat, 02 Jan 2016)
New Revision: 38649

Modified:
   data/DLA/list
   data/dla-needed.txt
Log:
Reserve DLA-379-1 for samba

Modified: data/DLA/list
===
--- data/DLA/list   2016-01-02 17:39:14 UTC (rev 38648)
+++ data/DLA/list   2016-01-02 19:01:30 UTC (rev 38649)
@@ -1,3 +1,6 @@
+[02 Jan 2016] DLA-379-1 samba - security update
+   {CVE-2015-5252 CVE-2015-5296 CVE-2015-5299}
+   [squeeze] - samba 2:3.5.6~dfsg-3squeeze13
 [02 Jan 2016] DLA-378-1 linux-2.6 - security update
{CVE-2015-7550 CVE-2015-8543 CVE-2015-8575}
[squeeze] - linux-2.6 2.6.32-48squeeze18

Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-01-02 17:39:14 UTC (rev 38648)
+++ data/dla-needed.txt 2016-01-02 19:01:30 UTC (rev 38649)
@@ -47,8 +47,6 @@
 --
 quassel (Scott K)
 --
-samba (Santiago R.R.)
---
 srtp (Thorsten Alteholz)
 --
 sudo (Ben Hutchings)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r38554 - data/CVE

[Santiago Ruano Rincón]

Author: santiago
Date: 2015-12-27 11:57:07 + (Sun, 27 Dec 2015)
New Revision: 38554

Modified:
   data/CVE/list
Log:
CVE-2015-8669/phpmyadmin squeeze not affected

Modified: data/CVE/list
===
--- data/CVE/list   2015-12-27 11:34:50 UTC (rev 38553)
+++ data/CVE/list   2015-12-27 11:57:07 UTC (rev 38554)
@@ -1,5 +1,6 @@
 CVE-2015-8669 [Full path disclosure vulnerability]
- phpmyadmin 4:4.5.3.1-1 (unimportant)
+   [squeeze] - phpmyadmin  (Vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2015-6/
NOTE: non-issue for Debian-packaged version
 CVE-2015-8683 [out-of-bounds read in CIE Lab image format]


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits