[Secure-testing-commits] r38561 - in data: . DLA
Author: alteholz Date: 2015-12-27 21:01:16 + (Sun, 27 Dec 2015) New Revision: 38561 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-375-1 for libpng Modified: data/DLA/list === --- data/DLA/list 2015-12-27 19:35:23 UTC (rev 38560) +++ data/DLA/list 2015-12-27 21:01:16 UTC (rev 38561) @@ -1,3 +1,6 @@ +[27 Dec 2015] DLA-375-1 libpng - security update + {CVE-2012-3425 CVE-2015-8472 CVE-2015-8540} + [squeeze] - libpng 1.2.44-1+squeeze6 [26 Dec 2015] DLA-374-1 cacti - security update {CVE-2015-8369 CVE-2015-8377} [squeeze] - cacti 0.8.7g-1+squeeze9+deb6u11 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-12-27 19:35:23 UTC (rev 38560) +++ data/dla-needed.txt 2015-12-27 21:01:16 UTC (rev 38561) @@ -14,8 +14,6 @@ dbconfig-common NOTE: maintainer should take care of this, cf https://lists.debian.org/565626bf.2010...@debian.org -- -libpng (Thorsten Alteholz) --- libraw -- libvncserver (Mike Gabriel) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38563 - data
Author: alteholz Date: 2015-12-27 21:14:08 + (Sun, 27 Dec 2015) New Revision: 38563 Modified: data/dla-needed.txt Log: take srtp and passenger Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-12-27 21:10:11 UTC (rev 38562) +++ data/dla-needed.txt 2015-12-27 21:14:08 UTC (rev 38563) @@ -28,7 +28,7 @@ NOTE: Trying to sync the solution for CVE-2015-4000 with security team first NOTE: see https://lists.debian.org/debian-lts/2015/12/msg00025.html -- -passenger +passenger (Thorsten Alteholz) NOTE: code is in ext/apache2/Hooks.cpp:sendHeaders() -- php5 (Thorsten Alteholz) @@ -43,7 +43,7 @@ -- samba (Santiago R.R.) -- -srtp +srtp (Thorsten Alteholz) -- sudo (Ben Hutchings) NOTE: Maintainer want to review the updated package: ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r27834 - in data: . CVE
Author: alteholz Date: 2014-07-19 14:51:30 + (Sat, 19 Jul 2014) New Revision: 27834 Modified: data/CVE/list data/lts-needed.txt Log: libxml2 for LTS done Modified: data/CVE/list === --- data/CVE/list 2014-07-19 14:26:07 UTC (rev 27833) +++ data/CVE/list 2014-07-19 14:51:30 UTC (rev 27834) @@ -12684,6 +12684,7 @@ RESERVED {DSA-2978-1} - libxml2 2.9.1+dfsg1-4 (bug #747309) + [squeeze] - libxml2 2.7.8.dfsg-2+squeeze9 NOTE: patch: https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df CVE-2014-0190 (The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to ...) - qt4-x11 4:4.8.6+dfsg-1 (low) Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-07-19 14:26:07 UTC (rev 27833) +++ data/lts-needed.txt 2014-07-19 14:51:30 UTC (rev 27834) @@ -46,8 +46,6 @@ -- libwpd -- -libxml2 (Thorsten Alteholz) --- libxml-security-java -- libxstream-java ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r27835 - data/DLA
Author: alteholz Date: 2014-07-19 14:54:37 + (Sat, 19 Jul 2014) New Revision: 27835 Modified: data/DLA/list Log: libxml2 uploaded Modified: data/DLA/list === --- data/DLA/list 2014-07-19 14:51:30 UTC (rev 27834) +++ data/DLA/list 2014-07-19 14:54:37 UTC (rev 27835) @@ -2,7 +2,7 @@ {CVE-2014-3515 CVE-2014-0207 CVE-2014-3480 CVE-2014-4721} [squeeze] - php5 5.3.3-7+squeeze20 reserved DLA-0017-1 tor - new upstream version -reserved DLA-0016-1 libxml2 - security update +[19 Jul 2014] DLA-0016-1 libxml2 - security update {CVE-2014-0191} [squeeze] - libxml2 2.7.8.dfsg-2+squeeze [12 Jul 2014] DLA-0015-1 linux-2.6 - security update ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r27836 - data
Author: alteholz Date: 2014-07-19 15:10:15 + (Sat, 19 Jul 2014) New Revision: 27836 Modified: data/lts-needed.txt Log: take fail2ban Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-07-19 14:54:37 UTC (rev 27835) +++ data/lts-needed.txt 2014-07-19 15:10:15 UTC (rev 27836) @@ -14,7 +14,7 @@ evince CVE-2011-0433 -- -fail2ban +fail2ban (Thorsten Alteholz) CVE-2009-5023 (#544232) was already solved in fail2ban (0.8.4-3+squeeze1) CVE-2013-7176, CVE-2013-7177 -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r27918 - in data: . CVE DLA
Author: alteholz Date: 2014-07-23 19:12:09 + (Wed, 23 Jul 2014) New Revision: 27918 Modified: data/CVE/list data/DLA/list data/lts-needed.txt Log: php5 for LTS done Modified: data/CVE/list === --- data/CVE/list 2014-07-23 17:44:56 UTC (rev 27917) +++ data/CVE/list 2014-07-23 19:12:09 UTC (rev 27918) @@ -830,6 +830,7 @@ CVE-2014-4721 (The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 ...) {DSA-2974-1} - php5 5.6.0~rc1+dfsg-2 (low) +[squeeze] - php5 5.3.3-7+squeeze20 NOTE: https://bugs.php.net/bug.php?id=67498 NOTE: https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html CVE-2014-4668 (The cherokee_validator_ldap_check function in validator_ldap.c in ...) @@ -3459,6 +3460,7 @@ CVE-2014-3515 (The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 ...) {DSA-2974-1} - php5 5.6.0~rc2+dfsg-1 +[squeeze] - php5 5.3.3-7+squeeze20 NOTE: https://bugs.php.net/bug.php?id=67492 CVE-2014-3514 RESERVED @@ -3568,6 +3570,7 @@ - file 1:5.19-1 NOTE: https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382 - php5 5.6.0~rc1+dfsg-1 +[squeeze] - php5 5.3.3-7+squeeze20 NOTE: http://bugs.php.net/bug.php?id=67412 CVE-2014-3479 (The cdf_check_stream_offset function in cdf.c in file before 5.19, as ...) {DSA-2974-1} @@ -12805,6 +12808,7 @@ - file 1:5.19-1 NOTE: fixed as part of https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391#diff-0 - php5 5.6.0~beta4+dfsg-1 +[squeeze] - php5 5.3.3-7+squeeze20 NOTE: https://bugs.php.net/bug.php?id=67326 CVE-2014-0206 (Array index error in the aio_read_events_ring function in fs/aio.c in ...) - linux 3.14.10-1 Modified: data/DLA/list === --- data/DLA/list 2014-07-23 17:44:56 UTC (rev 27917) +++ data/DLA/list 2014-07-23 19:12:09 UTC (rev 27918) @@ -1,7 +1,7 @@ reserved DLA-0020-1 munin #679897 CVE-2013-6048 munin#1397 CVE-2012-3512 reserved DLA-0019-1 postgresql-8.4 - new upstream minor release [squeeze] - postgresql-8.4 8.4.22-0squeeze1 -reserved DLA-0018-1 php5 - security update +[23 Jul 2014] DLA-0018-1 php5 - security update {CVE-2014-3515 CVE-2014-0207 CVE-2014-3480 CVE-2014-4721} [squeeze] - php5 5.3.3-7+squeeze20 reserved DLA-0017-1 tor - new upstream version Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-07-23 17:44:56 UTC (rev 27917) +++ data/lts-needed.txt 2014-07-23 19:12:09 UTC (rev 27918) @@ -66,9 +66,6 @@ -- openssl -- -php5 (Thorsten Alteholz) - just a reminder, only: CVE-2014-3515, CVE-2014-4721, CVE-2014-0207, CVE-2014-3480 --- polarssl NOTE: will need additional fix for #738854 -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r27937 - in data: CVE DLA
Author: alteholz Date: 2014-07-24 10:12:32 + (Thu, 24 Jul 2014) New Revision: 27937 Modified: data/CVE/list data/DLA/list Log: oops, it is 21 and not 20 ... Modified: data/CVE/list === --- data/CVE/list 2014-07-24 09:21:33 UTC (rev 27936) +++ data/CVE/list 2014-07-24 10:12:32 UTC (rev 27937) @@ -913,7 +913,7 @@ CVE-2014-4721 (The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 ...) {DSA-2974-1} - php5 5.6.0~rc1+dfsg-2 (low) - [squeeze] - php5 5.3.3-7+squeeze20 + [squeeze] - php5 5.3.3-7+squeeze21 NOTE: https://bugs.php.net/bug.php?id=67498 NOTE: https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html CVE-2014-4668 (The cherokee_validator_ldap_check function in validator_ldap.c in ...) @@ -3540,7 +3540,7 @@ CVE-2014-3515 (The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 ...) {DSA-2974-1} - php5 5.6.0~rc2+dfsg-1 - [squeeze] - php5 5.3.3-7+squeeze20 + [squeeze] - php5 5.3.3-7+squeeze21 NOTE: https://bugs.php.net/bug.php?id=67492 CVE-2014-3514 RESERVED @@ -3651,7 +3651,7 @@ - file 1:5.19-1 NOTE: https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382 - php5 5.6.0~rc1+dfsg-1 - [squeeze] - php5 5.3.3-7+squeeze20 + [squeeze] - php5 5.3.3-7+squeeze21 NOTE: http://bugs.php.net/bug.php?id=67412 CVE-2014-3479 (The cdf_check_stream_offset function in cdf.c in file before 5.19, as ...) {DSA-2974-1} @@ -12878,7 +12878,7 @@ - file 1:5.19-1 NOTE: fixed as part of https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391#diff-0 - php5 5.6.0~beta4+dfsg-1 - [squeeze] - php5 5.3.3-7+squeeze20 + [squeeze] - php5 5.3.3-7+squeeze21 NOTE: https://bugs.php.net/bug.php?id=67326 CVE-2014-0206 (Array index error in the aio_read_events_ring function in fs/aio.c in ...) - linux 3.14.10-1 Modified: data/DLA/list === --- data/DLA/list 2014-07-24 09:21:33 UTC (rev 27936) +++ data/DLA/list 2014-07-24 10:12:32 UTC (rev 27937) @@ -3,7 +3,7 @@ [squeeze] - postgresql-8.4 8.4.22-0squeeze1 [23 Jul 2014] DLA-0018-1 php5 - security update {CVE-2014-3515 CVE-2014-0207 CVE-2014-3480 CVE-2014-4721} - [squeeze] - php5 5.3.3-7+squeeze20 + [squeeze] - php5 5.3.3-7+squeeze21 reserved DLA-0017-1 tor - new upstream version [19 Jul 2014] DLA-0016-1 libxml2 - security update {CVE-2014-0191} ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r27969 - in data: . CVE DLA
Author: alteholz Date: 2014-07-26 10:37:06 + (Sat, 26 Jul 2014) New Revision: 27969 Modified: data/CVE/list data/DLA/list data/lts-needed.txt Log: fail2ban done Modified: data/CVE/list === --- data/CVE/list 2014-07-26 05:23:56 UTC (rev 27968) +++ data/CVE/list 2014-07-26 10:37:06 UTC (rev 27969) @@ -11418,10 +11418,12 @@ CVE-2013-7177 (config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban ...) {DSA-2979-1} - fail2ban 0.8.11-1 + [squeeze] - fail2ban 0.8.4-3+squeeze3 NOTE: https://github.com/fail2ban/fail2ban/commit/bd175f026737d66e7110868fb50b3760ff75e087 CVE-2013-7176 (config/filter.d/postfix.conf in the postfix filter in Fail2ban before ...) {DSA-2979-1} - fail2ban 0.8.11-1 + [squeeze] - fail2ban 0.8.4-3+squeeze3 CVE-2013-7175 (Multiple SQL injection vulnerabilities in Avanset Visual CertExam ...) NOT-FOR-US: Avanset Visual CertExam Manager CVE-2013-7174 (Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS ...) Modified: data/DLA/list === --- data/DLA/list 2014-07-26 05:23:56 UTC (rev 27968) +++ data/DLA/list 2014-07-26 10:37:06 UTC (rev 27969) @@ -1,3 +1,6 @@ +[26 Jul 2014] DLA-0021-1 fail2ban - security update + {CVE-2013-7176 CVE-2013-7177} + [squeeze] - fail2ban 0.8.4-3+squeeze3 reserved DLA-0020-1 munin #679897 CVE-2013-6048 munin#1397 CVE-2012-3512 reserved DLA-0019-1 postgresql-8.4 - new upstream minor release [squeeze] - postgresql-8.4 8.4.22-0squeeze1 Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-07-26 05:23:56 UTC (rev 27968) +++ data/lts-needed.txt 2014-07-26 10:37:06 UTC (rev 27969) @@ -16,10 +16,6 @@ evince CVE-2011-0433 -- -fail2ban (Thorsten Alteholz) - CVE-2009-5023 (#544232) was already solved in fail2ban (0.8.4-3+squeeze1) - CVE-2013-7176, CVE-2013-7177 --- fex (non-free) -- file ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28045 - data
Author: alteholz Date: 2014-08-01 10:00:09 + (Fri, 01 Aug 2014) New Revision: 28045 Modified: data/lts-needed.txt Log: only a minor issue for sendmail and no DSA, so I remove it from lts-needed as well Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-08-01 09:46:41 UTC (rev 28044) +++ data/lts-needed.txt 2014-08-01 10:00:09 UTC (rev 28045) @@ -71,9 +71,6 @@ -- ruby (several versions) -- -sendmail (Thorsten Alteholz) - CVE-2014-3956 (minor issue) --- tomcat6 -- xlhtml ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28050 - data
Author: alteholz Date: 2014-08-01 11:25:52 + (Fri, 01 Aug 2014) New Revision: 28050 Modified: data/lts-needed.txt Log: take transmission, nspr and libapache-mod-security Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-08-01 10:15:32 UTC (rev 28049) +++ data/lts-needed.txt 2014-08-01 11:25:52 UTC (rev 28050) @@ -24,7 +24,7 @@ -- icinga -- -libapache-mod-security +libapache-mod-security (Thorsten Alteholz) -- libextlib-ruby -- @@ -50,6 +50,8 @@ -- nfs-utils -- +nspr (Thorsten Alteholz) +-- nss -- openjdk-6 @@ -67,6 +69,8 @@ -- tomcat6 -- +transmission (Thorsten Alteholz) +-- xlhtml -- zendframework ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28127 - in data: . CVE
Author: alteholz Date: 2014-08-07 10:11:08 + (Thu, 07 Aug 2014) New Revision: 28127 Modified: data/CVE/list data/lts-needed.txt Log: no need for transmission DLA Modified: data/CVE/list === --- data/CVE/list 2014-08-07 09:20:30 UTC (rev 28126) +++ data/CVE/list 2014-08-07 10:11:08 UTC (rev 28127) @@ -1076,6 +1076,7 @@ CVE-2014-4909 (Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in ...) {DSA-2988-1} - transmission (bug #755985) + [squeeze] - transmission (Vulnerable code not present) NOTE: http://trac.transmissionbt.com/wiki/Changes#version-2.84 NOTE: PoC: http://inertiawar.com/submission.go CVE-2013-7389 (Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 ...) Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-08-07 09:20:30 UTC (rev 28126) +++ data/lts-needed.txt 2014-08-07 10:11:08 UTC (rev 28127) @@ -71,8 +71,6 @@ -- tomcat6 -- -transmission (Thorsten Alteholz) --- xlhtml -- zendframework ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28133 - in data: . CVE DLA
Author: alteholz Date: 2014-08-07 18:03:39 + (Thu, 07 Aug 2014) New Revision: 28133 Modified: data/CVE/list data/DLA/list data/lts-needed.txt Log: nspr done Modified: data/CVE/list === --- data/CVE/list 2014-08-07 17:44:21 UTC (rev 28132) +++ data/CVE/list 2014-08-07 18:03:39 UTC (rev 28133) @@ -9346,6 +9346,7 @@ - icedove 31.0~b1-1 [squeeze] - iceweasel [squeeze] - icedove + [squeeze] - nspr 4.8.6-1+squeeze2 NOTE: Only the Wheezy builds use the bundled nspr CVE-2014-1544 (Use-after-free vulnerability in the CERT_DestroyCertificate function ...) {DSA-2996-1 DSA-2986-1} Modified: data/DLA/list === --- data/DLA/list 2014-08-07 17:44:21 UTC (rev 28132) +++ data/DLA/list 2014-08-07 18:03:39 UTC (rev 28133) @@ -1,3 +1,6 @@ +[07 Aug 2014] DLA-32-1 nspr - security update + {CVE-2014-1545} + [squeeze] - nspr 4.8.6-1+squeeze2 [07 Aug 2014] DLA-31-1 reportbug - security update {CVE-2014-0479} [squeeze] - reportbug 4.12.6+deb6u1 Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-08-07 17:44:21 UTC (rev 28132) +++ data/lts-needed.txt 2014-08-07 18:03:39 UTC (rev 28133) @@ -48,8 +48,6 @@ -- nfs-utils -- -nspr (Thorsten Alteholz) --- nss -- openjdk-6 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28158 - in data: . CVE DLA
Author: alteholz Date: 2014-08-09 13:55:21 + (Sat, 09 Aug 2014) New Revision: 28158 Modified: data/CVE/list data/DLA/list data/lts-needed.txt Log: libapache-mod-security done Modified: data/CVE/list === --- data/CVE/list 2014-08-09 13:35:54 UTC (rev 28157) +++ data/CVE/list 2014-08-09 13:55:21 UTC (rev 28158) @@ -17154,6 +17154,7 @@ {DSA-2991-1} - modsecurity-apache 2.7.7-1 - libapache-mod-security + [squeeze] - libapache-mod-security 2.5.12-1+squeeze4 NOTE: Upstream commit: https://github.com/SpiderLabs/ModSecurity/commit/f8d441cd25172fdfe5b613442fedfc0da3cc333d NOTE: http://martin.swende.se/blog/HTTPChunked.html CVE-2013-5704 (The mod_headers module in the Apache HTTP Server 2.2.22 allows remote ...) Modified: data/DLA/list === --- data/DLA/list 2014-08-09 13:35:54 UTC (rev 28157) +++ data/DLA/list 2014-08-09 13:55:21 UTC (rev 28158) @@ -1,3 +1,5 @@ +[09 Aug 2014] DLA-34-1 libapache-mod-security - security update + [squeeze] - libapache-mod-security 2.5.12-1+squeeze4 [07 Aug 2014] DLA-33-1 openssl - security update {CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3510} [squeeze] - openssl 0.9.8o-4squeeze17 Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-08-09 13:35:54 UTC (rev 28157) +++ data/lts-needed.txt 2014-08-09 13:55:21 UTC (rev 28158) @@ -22,8 +22,6 @@ -- icinga -- -libapache-mod-security (Thorsten Alteholz) --- libextlib-ruby -- libjson-ruby ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28160 - data
Author: alteholz Date: 2014-08-09 21:39:27 + (Sat, 09 Aug 2014) New Revision: 28160 Modified: data/lts-needed.txt Log: take krb5 and polarssl Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-08-09 20:04:39 UTC (rev 28159) +++ data/lts-needed.txt 2014-08-09 21:39:27 UTC (rev 28160) @@ -22,6 +22,8 @@ -- icinga -- +krb5 (Thorsten Alteholz) +-- libextlib-ruby -- libjson-ruby @@ -50,7 +52,7 @@ -- openjdk-6 -- -polarssl +polarssl (Thorsten Alteholz) Needs additional fix for #738854 -- qt4-x11 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28212 - in data: . CVE DLA DSA
Author: alteholz Date: 2014-08-11 17:19:44 + (Mon, 11 Aug 2014) New Revision: 28212 Modified: data/CVE/list data/DLA/list data/DSA/list data/lts-needed.txt Log: polarssl done Modified: data/CVE/list === --- data/CVE/list 2014-08-11 16:40:52 UTC (rev 28211) +++ data/CVE/list 2014-08-11 17:19:44 UTC (rev 28212) @@ -1113,6 +1113,7 @@ CVE-2014-4911 (The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before ...) {DSA-2981-1} - polarssl 1.3.7-2.1 (bug #754655) + [squeeze] - polarssl 1.2.9-1~deb6u2 NOTE: https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-02 NOTE: commit for 1.3.x branch: https://github.com/polarssl/polarssl/commit/0bcc4e1df78fff6d15c3ecb521e3bd0bbee86e1c NOTE: commit for 1.2.x branch: https://github.com/polarssl/polarssl/commit/5bad6afd8c72b2c3a6574dff01ca5f8f2f04800a Modified: data/DLA/list === --- data/DLA/list 2014-08-11 16:40:52 UTC (rev 28211) +++ data/DLA/list 2014-08-11 17:19:44 UTC (rev 28212) @@ -1,3 +1,5 @@ +[11 Aug 2014] DLA-36-1 polarssl - security update + [squeeze] - polarssl 1.2.9-1~deb6u2 [11 Aug 2014] DLA-35-1 lzo2 - security update {CVE-2014-4607} [squeeze] - lzo2 2.03-2+deb6u1 Modified: data/DSA/list === --- data/DSA/list 2014-08-11 16:40:52 UTC (rev 28211) +++ data/DSA/list 2014-08-11 17:19:44 UTC (rev 28212) @@ -70,6 +70,7 @@ [18 Jul 2014] DSA-2981-1 polarssl - security update {CVE-2014-4911} [wheezy] - polarssl 1.2.9-1~deb7u3 + [squeeze] - polarssl 1.2.9-1~deb6u2 [17 Jul 2014] DSA-2980-1 openjdk-6 - security update {CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266 CVE-2014-4268} [wheezy] - openjdk-6 6b32-1.13.4-1~deb7u1 Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-08-11 16:40:52 UTC (rev 28211) +++ data/lts-needed.txt 2014-08-11 17:19:44 UTC (rev 28212) @@ -50,9 +50,6 @@ -- openjdk-6 -- -polarssl (Thorsten Alteholz) - Needs additional fix for #738854 --- qt4-x11 -- roundup ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28329 - data
Author: alteholz Date: 2014-08-18 11:03:18 + (Mon, 18 Aug 2014) New Revision: 28329 Modified: data/lts-needed.txt Log: add and take wireshark and gpgme1.0 Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-08-18 10:54:53 UTC (rev 28328) +++ data/lts-needed.txt 2014-08-18 11:03:18 UTC (rev 28329) @@ -18,6 +18,8 @@ gnupg2 Please talk to the maintainer Eric, as he most likely would do the upload himself -- +gpgme1.0 (Thorsten Alteholz) +-- graphicsmagick -- icinga @@ -58,6 +60,8 @@ -- tomcat6 -- +wireshark (Thorsten Alteholz) +-- xlhtml -- zendframework ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28338 - in data: . CVE DLA
Author: alteholz Date: 2014-08-18 17:37:50 + (Mon, 18 Aug 2014) New Revision: 28338 Modified: data/CVE/list data/DLA/list data/lts-needed.txt Log: krb5 done Modified: data/CVE/list === --- data/CVE/list 2014-08-18 16:31:48 UTC (rev 28337) +++ data/CVE/list 2014-08-18 17:37:50 UTC (rev 28338) @@ -2236,25 +2236,30 @@ RESERVED {DSA-3000-1} - krb5 1.12.1+dfsg-7 (bug #757416) + [squeeze] - krb5 1.8.3+dfsg-4squeeze8 NOTE: https://github.com/krb5/krb5/commit/81c332e29f10887c6b9deb065f81ba259f4c7e03 NOTE: http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2014-001.txt CVE-2014-4344 [NULL dereference in GSSAPI servers] RESERVED {DSA-3000-1} - krb5 1.12.1+dfsg-5 (bug #755521) + [squeeze] - krb5 1.8.3+dfsg-4squeeze8 NOTE: https://github.com/krb5/krb5/commit/524688ce87a15fc75f87efc8c039ba4c7d5c197b CVE-2014-4343 [double-free in SPNEGO initiators] RESERVED {DSA-3000-1} - krb5 1.12.1+dfsg-5 (bug #755520) + [squeeze] - krb5 1.8.3+dfsg-4squeeze8 NOTE: https://github.com/krb5/krb5/commit/f18ddf5d82de0ab7591a36e465bc24225776940f CVE-2014-4342 (MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows ...) {DSA-3000-1} - krb5 1.12.1+dfsg-4 (bug #753625) + [squeeze] - krb5 1.8.3+dfsg-4squeeze8 NOTE: https://github.com/krb5/krb5/commit/fb99962cbd063ac04c9a9d2cc7c75eab73f3533d CVE-2014-4341 (MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to ...) {DSA-3000-1} - krb5 1.12.1+dfsg-4 (bug #753624) + [squeeze] - krb5 1.8.3+dfsg-4squeeze8 NOTE: https://github.com/krb5/krb5/commit/fb99962cbd063ac04c9a9d2cc7c75eab73f3533d CVE-2014-4340 RESERVED Modified: data/DLA/list === --- data/DLA/list 2014-08-18 16:31:48 UTC (rev 28337) +++ data/DLA/list 2014-08-18 17:37:50 UTC (rev 28338) @@ -1,3 +1,5 @@ +[18 Aug 2014] DLA-37-1 krb5 - security update + [squeeze] - krb5 1.8.3+dfsg-4squeeze8 [12 Aug 2014] DLA-25-3 python2.6 - regression update [squeeze] - python2.6 2.6.6-8+deb6u3 [11 Aug 2014] DLA-36-1 polarssl - security update Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-08-18 16:31:48 UTC (rev 28337) +++ data/lts-needed.txt 2014-08-18 17:37:50 UTC (rev 28338) @@ -24,8 +24,6 @@ -- icinga -- -krb5 (Thorsten Alteholz) --- libextlib-ruby -- libjson-ruby ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28358 - data
Author: alteholz Date: 2014-08-19 11:03:58 + (Tue, 19 Aug 2014) New Revision: 28358 Modified: data/lts-needed.txt Log: wireshark will be done by maintainer Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-08-19 10:41:06 UTC (rev 28357) +++ data/lts-needed.txt 2014-08-19 11:03:58 UTC (rev 28358) @@ -58,7 +58,7 @@ -- tomcat6 -- -wireshark (Thorsten Alteholz) +wireshark (Balint Reczey) -- xlhtml -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28359 - data
Author: alteholz Date: 2014-08-19 11:04:50 + (Tue, 19 Aug 2014) New Revision: 28359 Modified: data/lts-needed.txt Log: take libxml-security-java Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-08-19 11:03:58 UTC (rev 28358) +++ data/lts-needed.txt 2014-08-19 11:04:50 UTC (rev 28359) @@ -38,7 +38,7 @@ -- libwpd (Holger Levsen) -- -libxml-security-java +libxml-security-java (Thorsten Alteholz) -- libxstream-java (Holger Levsen, help welcome) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28388 - in data: . CVE DLA
Author: alteholz Date: 2014-08-20 18:15:14 + (Wed, 20 Aug 2014) New Revision: 28388 Modified: data/CVE/list data/DLA/list data/lts-needed.txt Log: gpgme1.0 done Modified: data/CVE/list === --- data/CVE/list 2014-08-20 17:59:15 UTC (rev 28387) +++ data/CVE/list 2014-08-20 18:15:14 UTC (rev 28388) @@ -4164,6 +4164,7 @@ RESERVED {DSA-3005-1} - gpgme1.0 1.5.1-1 (bug #756651) + [squeeze] - gpgme1.0 1.2.0-1.2+deb6u1 NOTE: patch: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77 CVE-2014-3563 RESERVED Modified: data/DLA/list === --- data/DLA/list 2014-08-20 17:59:15 UTC (rev 28387) +++ data/DLA/list 2014-08-20 18:15:14 UTC (rev 28388) @@ -1,3 +1,6 @@ +[20 Aug 2014] DLA-39-1 gpgme1.0 - security update + {CVE-2014-3564} + [squeeze] - gpgme1.0 1.2.0-1.2+deb6u1 [20 Aug 2014] DLA-38-1 wireshark - security update {CVE-2014-5161 CVE-2014-5162 CVE-2014-5163} [squeeze] - wireshark 1.2.11-6+squeeze15 Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-08-20 17:59:15 UTC (rev 28387) +++ data/lts-needed.txt 2014-08-20 18:15:14 UTC (rev 28388) @@ -18,8 +18,6 @@ gnupg2 Please talk to the maintainer Eric, as he most likely would do the upload himself -- -gpgme1.0 (Thorsten Alteholz) --- graphicsmagick -- icinga ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28393 - data/CVE
Author: alteholz Date: 2014-08-20 20:32:44 + (Wed, 20 Aug 2014) New Revision: 28393 Modified: data/CVE/list Log: reportbug has been done in DLA 31-1 Modified: data/CVE/list === --- data/CVE/list 2014-08-20 19:37:56 UTC (rev 28392) +++ data/CVE/list 2014-08-20 20:32:44 UTC (rev 28393) @@ -12162,6 +12162,7 @@ CVE-2014-0479 (reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows ...) {DSA-2997-1} - reportbug 6.5.0+nmu1 + [squeeze] - reportbug 4.12.6+deb6u1 CVE-2014-0478 (APT before 1.0.4 does not properly validate source packages, which ...) {DSA-2958-1} - apt 1.0.4 (bug #749795) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28449 - data
Author: alteholz Date: 2014-08-24 09:13:17 + (Sun, 24 Aug 2014) New Revision: 28449 Modified: data/lts-needed.txt Log: wireshark done by Balint Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-08-24 05:09:54 UTC (rev 28448) +++ data/lts-needed.txt 2014-08-24 09:13:17 UTC (rev 28449) @@ -54,8 +54,6 @@ -- tomcat6 (Holger Levsen) -- -wireshark (Balint Reczey) --- xlhtml -- zendframework ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28450 - data
Author: alteholz Date: 2014-08-24 09:14:27 + (Sun, 24 Aug 2014) New Revision: 28450 Modified: data/lts-needed.txt Log: add and take python-imaging and php5 Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-08-24 09:13:17 UTC (rev 28449) +++ data/lts-needed.txt 2014-08-24 09:14:27 UTC (rev 28450) @@ -46,6 +46,10 @@ -- openjdk-6 -- +python-imaging (Thorsten Alteholz) +-- +php5 (Thorsten Alteholz) +-- qt4-x11 -- roundup ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28451 - in data: . CVE DLA
Author: alteholz Date: 2014-08-24 16:39:27 + (Sun, 24 Aug 2014) New Revision: 28451 Modified: data/CVE/list data/DLA/list data/lts-needed.txt Log: python-imaging done Modified: data/CVE/list === --- data/CVE/list 2014-08-24 09:14:27 UTC (rev 28450) +++ data/CVE/list 2014-08-24 16:39:27 UTC (rev 28451) @@ -4293,6 +4293,7 @@ {DSA-3009-1} - pillow 2.5.3-1 (bug #758772) - python-imaging + [squeeze] - python-imaging 1.1.7-2+deb6u1 NOTE: https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d CVE-2014-3588 RESERVED Modified: data/DLA/list === --- data/DLA/list 2014-08-24 09:14:27 UTC (rev 28450) +++ data/DLA/list 2014-08-24 16:39:27 UTC (rev 28451) @@ -1,3 +1,6 @@ +[24 Aug 2014] DLA-41-1 python-imaging - security update + {CVE-2014-3589} + [squeeze] - python-imaging 1.1.7-2+deb6u1 [22 aug 2014] DLA-40-1 cacti - security update {CVE-2014-5025 CVE-2014-5026 CVE-2014-5261 CVE-2014-5262} [squeeze] - cacti 0.8.7g-1+squeeze5 Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-08-24 09:14:27 UTC (rev 28450) +++ data/lts-needed.txt 2014-08-24 16:39:27 UTC (rev 28451) @@ -46,8 +46,6 @@ -- openjdk-6 -- -python-imaging (Thorsten Alteholz) --- php5 (Thorsten Alteholz) -- qt4-x11 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28455 - data
Author: alteholz Date: 2014-08-24 20:16:43 + (Sun, 24 Aug 2014) New Revision: 28455 Modified: data/lts-needed.txt Log: add and take python-django Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-08-24 18:26:39 UTC (rev 28454) +++ data/lts-needed.txt 2014-08-24 20:16:43 UTC (rev 28455) @@ -48,6 +48,8 @@ -- php5 (Thorsten Alteholz) -- +python-django (Thorsten Alteholz) +-- qt4-x11 -- roundup ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28522 - data
Author: alteholz Date: 2014-08-31 13:44:53 + (Sun, 31 Aug 2014) New Revision: 28522 Modified: data/lts-needed.txt Log: add squid3 Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-08-31 11:51:01 UTC (rev 28521) +++ data/lts-needed.txt 2014-08-31 13:44:53 UTC (rev 28522) @@ -56,6 +56,8 @@ -- ruby (several versions) -- +squid3 +-- tomcat6 (Holger Levsen) -- xlhtml ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28523 - data
Author: alteholz Date: 2014-08-31 13:45:44 + (Sun, 31 Aug 2014) New Revision: 28523 Modified: data/lts-needed.txt Log: add and take eglibc Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-08-31 13:44:53 UTC (rev 28522) +++ data/lts-needed.txt 2014-08-31 13:45:44 UTC (rev 28523) @@ -9,6 +9,8 @@ -- commons-beanutils -- +eglibc (Thorsten Alteholz) +-- evince -- fex (non-free) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28567 - in data: . CVE DLA
Author: alteholz Date: 2014-09-02 18:02:05 + (Tue, 02 Sep 2014) New Revision: 28567 Modified: data/CVE/list data/DLA/list data/lts-needed.txt Log: eglibc done Modified: data/CVE/list === --- data/CVE/list 2014-09-02 17:52:08 UTC (rev 28566) +++ data/CVE/list 2014-09-02 18:02:05 UTC (rev 28567) @@ -1831,9 +1831,10 @@ [squeeze] - rawstudio (Vulnerable code not present) CVE-2014-5119 [glibc locale issues] RESERVED - {DSA-3012-1} + {DSA-3012-1 DLA-43-1} - glibc 2.19-10 (medium) - eglibc (medium) +[squeeze] - eglibc 2.11.3-4+deb6u1 NOTE: http://www.openwall.com/lists/oss-security/2014/07/14/2 NOTE: http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html CVE-2014-4909 (Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in ...) @@ -12599,9 +12600,10 @@ - chkrootkit 0.49-5 [squeeze] - chkrootkit 0.49-4+deb6u1 CVE-2014-0475 (Multiple directory traversal vulnerabilities in GNU C Library (aka ...) - {DSA-2976-1} + {DSA-2976-1 DLA-43-1} - glibc 2.19-6 - eglibc +[squeeze] - eglibc 2.11.3-4+deb6u1 CVE-2014-0474 (The (1) FilePathField, (2) GenericIPAddressField, and (3) ...) {DSA-2934-1} - python-django 1.6.3-1 Modified: data/DLA/list === --- data/DLA/list 2014-09-02 17:52:08 UTC (rev 28566) +++ data/DLA/list 2014-09-02 18:02:05 UTC (rev 28567) @@ -1,3 +1,6 @@ +[02 Sep 2014] DLA-43-1 eglibc - security update + {CVE-2014-0475 CVE-2014-5119} + [squeeze] - eglibc 2.11.3-4+deb6u1 [27 Aug 2014] DLA-42-1 live-config - security update [squeeze] - live-config 2.0.15-1.1+deb6u1 [24 Aug 2014] DLA-41-1 python-imaging - security update Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-09-02 17:52:08 UTC (rev 28566) +++ data/lts-needed.txt 2014-09-02 18:02:05 UTC (rev 28567) @@ -9,8 +9,6 @@ -- commons-beanutils -- -eglibc (Thorsten Alteholz) --- evince -- fex (non-free) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28758 - data
Author: alteholz Date: 2014-09-13 17:56:01 + (Sat, 13 Sep 2014) New Revision: 28758 Modified: data/dla-needed.txt Log: take curl Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-09-13 15:28:40 UTC (rev 28757) +++ data/dla-needed.txt 2014-09-13 17:56:01 UTC (rev 28758) @@ -9,6 +9,8 @@ -- commons-beanutils -- +curl (Thorsten Alteholz) +-- evince -- fex (non-free) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29092 - in data: . DLA
Author: alteholz Date: 2014-09-26 21:07:38 + (Fri, 26 Sep 2014) New Revision: 29092 Modified: data/DLA/list data/dla-needed.txt Log: curl done Modified: data/DLA/list === --- data/DLA/list 2014-09-26 20:53:34 UTC (rev 29091) +++ data/DLA/list 2014-09-26 21:07:38 UTC (rev 29092) @@ -1,3 +1,6 @@ +[26 Sep 2014] DLA-64-1 curl - security update + {CVE-2014-3613} + [squeeze] - curl 7.21.0-2.1+squeeze9 [26 Sep 2014] DLA-63-1 bash - security update {CVE-2014-7169 CVE-2014-7186 CVE-2014-7187} [squeeze] - bash 4.1-3+deb6u2 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-09-26 20:53:34 UTC (rev 29091) +++ data/dla-needed.txt 2014-09-26 21:07:38 UTC (rev 29092) @@ -15,8 +15,6 @@ -- commons-httpclient -- -curl (Thorsten Alteholz) --- dbus -- drupal6 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29145 - in data: . DLA
Author: alteholz Date: 2014-09-29 20:05:00 + (Mon, 29 Sep 2014) New Revision: 29145 Modified: data/DLA/list data/dla-needed.txt Log: php5 done Modified: data/DLA/list === --- data/DLA/list 2014-09-29 17:54:13 UTC (rev 29144) +++ data/DLA/list 2014-09-29 20:05:00 UTC (rev 29145) @@ -1,3 +1,6 @@ +[29 Sep 2014] DLA-67-1 php5 - security update + {CVE-2014-3538 CVE-2014-3587 CVE-2014-3597} + [squeeze] - php5 5.3.3-7+squeeze22 [29 Sep 2014] DLA-66-1 apache2 - security update {CVE-2013-6438 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231} [squeeze] - apache2 2.2.16-6+squeeze13 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-09-29 17:54:13 UTC (rev 29144) +++ data/dla-needed.txt 2014-09-29 20:05:00 UTC (rev 29145) @@ -52,8 +52,6 @@ -- openjdk-6 -- -php5 (Thorsten Alteholz) --- ppp -- qt4-x11 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29172 - in data: . DLA
Author: alteholz Date: 2014-09-30 17:49:32 + (Tue, 30 Sep 2014) New Revision: 29172 Modified: data/DLA/list data/dla-needed.txt Log: fex done, Squeeze has a version in main Modified: data/DLA/list === --- data/DLA/list 2014-09-30 17:42:06 UTC (rev 29171) +++ data/DLA/list 2014-09-30 17:49:32 UTC (rev 29172) @@ -1,3 +1,6 @@ +[30 Sep 2014] DLA-68-1 fex - security update + {CVE-2014-3875 CVE-2014-3876 CVE-2014-3877} + [squeeze] - fex 20100208+debian1-1+squeeze4 [29 Sep 2014] DLA-67-1 php5 - security update {CVE-2014-3538 CVE-2014-3587 CVE-2014-3597} [squeeze] - php5 5.3.3-7+squeeze22 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-09-30 17:42:06 UTC (rev 29171) +++ data/dla-needed.txt 2014-09-30 17:49:32 UTC (rev 29172) @@ -23,8 +23,6 @@ -- fckeditor -- -fex (non-free) --- httpcomponents-client -- kde4libs ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29305 - data
Author: alteholz Date: 2014-10-07 18:01:56 + (Tue, 07 Oct 2014) New Revision: 29305 Modified: data/dla-needed.txt Log: take some packages Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-10-07 18:01:55 UTC (rev 29304) +++ data/dla-needed.txt 2014-10-07 18:01:56 UTC (rev 29305) @@ -34,11 +34,11 @@ -- libphp-snoopy -- -librack-ruby +librack-ruby (Thorsten Alteholz) -- libspring-2.5-java -- -libtasn1-3 +libtasn1-3 (Thorsten Alteholz) -- libxml-security-java (Thorsten Alteholz) -- @@ -56,8 +56,10 @@ -- qt4-x11 -- -roundup +roundup (Thorsten Alteholz) -- +rsyslogd (Thorsten Alteholz) +-- ruby1.8 -- ruby1.9.1 (Matt Palmer) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29535 - in data: . DLA
Author: alteholz Date: 2014-10-19 16:49:11 + (Sun, 19 Oct 2014) New Revision: 29535 Modified: data/DLA/list data/dla-needed.txt Log: rsyslog done in Squeeze LTS Modified: data/DLA/list === --- data/DLA/list 2014-10-19 16:02:04 UTC (rev 29534) +++ data/DLA/list 2014-10-19 16:49:11 UTC (rev 29535) @@ -1,3 +1,6 @@ +[19 Oct 2014] DLA-72-1 rsylog - security update + {CVE-2014-3634 CVE-2014-3683} + [squeeze] - rsylog 4.6.4-2+deb6u1 [16 Oct 2014] DLA-71-1 apache2 - security update {CVE-2013-5704 CVE-2014-3581} [squeeze] - apache2 2.2.16-6+squeeze14 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-10-19 16:02:04 UTC (rev 29534) +++ data/dla-needed.txt 2014-10-19 16:49:11 UTC (rev 29535) @@ -64,8 +64,6 @@ -- roundup (Thorsten Alteholz) -- -rsyslog (Thorsten Alteholz) --- ruby1.8 -- ruby1.9.1 (Matt Palmer) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29538 - data/DLA
Author: alteholz Date: 2014-10-20 09:26:02 + (Mon, 20 Oct 2014) New Revision: 29538 Modified: data/DLA/list Log: regression for rsyslog Modified: data/DLA/list === --- data/DLA/list 2014-10-19 21:14:12 UTC (rev 29537) +++ data/DLA/list 2014-10-20 09:26:02 UTC (rev 29538) @@ -1,3 +1,5 @@ +[20 Oct 2014] DLA-72-2 rsyslog - regression update + [squeeze] - rsyslog 4.6.4-2+deb6u2 [19 Oct 2014] DLA-72-1 rsyslog - security update {CVE-2014-3634 CVE-2014-3683} [squeeze] - rsyslog 4.6.4-2+deb6u1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29688 - data
Author: alteholz Date: 2014-10-27 13:41:14 + (Mon, 27 Oct 2014) New Revision: 29688 Modified: data/dla-needed.txt Log: didn't find upstream patch Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-10-27 13:01:20 UTC (rev 29687) +++ data/dla-needed.txt 2014-10-27 13:41:14 UTC (rev 29688) @@ -32,7 +32,7 @@ -- libphp-snoopy -- -librack-ruby (Thorsten Alteholz) +librack-ruby -- libspring-2.5-java -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29689 - data
Author: alteholz Date: 2014-10-27 13:43:16 + (Mon, 27 Oct 2014) New Revision: 29689 Modified: data/dla-needed.txt Log: take libxml2 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-10-27 13:41:14 UTC (rev 29688) +++ data/dla-needed.txt 2014-10-27 13:43:16 UTC (rev 29689) @@ -38,7 +38,7 @@ -- libvncserver -- -libxml2 +libxml2 (Thorsten Alteholz) -- libxml-security-java (Thorsten Alteholz) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29693 - in data: . DLA
Author: alteholz Date: 2014-10-27 18:55:48 + (Mon, 27 Oct 2014) New Revision: 29693 Modified: data/DLA/list data/dla-needed.txt Log: torque done Modified: data/DLA/list === --- data/DLA/list 2014-10-27 16:12:00 UTC (rev 29692) +++ data/DLA/list 2014-10-27 18:55:48 UTC (rev 29693) @@ -1,3 +1,6 @@ +[27 Oct 2014] DLA-78-1 torque - security update + {CVE-2014-3684} + [squeeze] - torque 2.4.8+dfsg-9squeeze5 [26 Oct 2014] DLA-77-1 libtasn1-3 - security update {CVE-2014-3467 CVE-2014-3468 CVE-2014-3469} [squeeze] - libtasn1-3 2.7-1+squeeze+2 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-10-27 16:12:00 UTC (rev 29692) +++ data/dla-needed.txt 2014-10-27 18:55:48 UTC (rev 29693) @@ -71,8 +71,6 @@ -- tomcat6 (Holger Levsen and Tony Mancill) -- -torque --- xlhtml -- wireshark ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29729 - in data: . DLA
Author: alteholz Date: 2014-10-29 19:19:06 + (Wed, 29 Oct 2014) New Revision: 29729 Modified: data/DLA/list data/dla-needed.txt Log: libxml2 done Modified: data/DLA/list === --- data/DLA/list 2014-10-29 19:15:55 UTC (rev 29728) +++ data/DLA/list 2014-10-29 19:19:06 UTC (rev 29729) @@ -1,3 +1,6 @@ +[29 Oct 2014] DLA-80-1 libxml2 - security update + {CVE-2014-0191 CVE-2014-3660} + [squeeze] - libxml2 2.7.8.dfsg-2+squeeze10 [29 Oct 2014] DLA-79-1 dokuwiki - security update {CVE-2014-8763 CVE-2014-8764} [squeeze] - dokuwiki 0.0.20091225c-10+squeeze3 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-10-29 19:15:55 UTC (rev 29728) +++ data/dla-needed.txt 2014-10-29 19:19:06 UTC (rev 29729) @@ -38,8 +38,6 @@ -- libvncserver -- -libxml2 (Thorsten Alteholz) --- libxml-security-java (Thorsten Alteholz) -- libxstream-java (Holger Levsen, help welcome) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29766 - data
Author: alteholz Date: 2014-10-31 14:21:15 + (Fri, 31 Oct 2014) New Revision: 29766 Modified: data/dla-needed.txt Log: take php5 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-10-31 14:03:48 UTC (rev 29765) +++ data/dla-needed.txt 2014-10-31 14:21:15 UTC (rev 29766) @@ -53,7 +53,7 @@ -- openjdk-6 -- -php5 +php5 (Thorsten Alteholz) NOTE: Please include http://git.php.net/?p=php-src.git;a=commitdiff;h=ad1b9eef98df53adefa0c79c02e5dc1f2b928b8c to fix issues with other PHP apps (see CVE-2014-8763/CVE-2014-8764 for example) -- qemu ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29814 - data/DLA
Author: alteholz Date: 2014-11-03 18:10:49 + (Mon, 03 Nov 2014) New Revision: 29814 Modified: data/DLA/list Log: wget done Modified: data/DLA/list === --- data/DLA/list 2014-11-03 16:59:34 UTC (rev 29813) +++ data/DLA/list 2014-11-03 18:10:49 UTC (rev 29814) @@ -1,3 +1,6 @@ +[03 Nov 2014] DLA-82-1 wget - security update + {CVE-2014-4877} + [squeeze] - wget 1.12-2.1+deb6u1 [01 Nov 2014] DLA-81-1 openssl - security update {CVE-2014-3567 CVE-2014-3568 CVE-2014-3569} [squeeze] - openssl 0.9.8o-4squeeze18 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29933 - data/DLA
Author: alteholz Date: 2014-11-09 15:57:19 + (Sun, 09 Nov 2014) New Revision: 29933 Modified: data/DLA/list Log: curl done Modified: data/DLA/list === --- data/DLA/list 2014-11-09 14:52:30 UTC (rev 29932) +++ data/DLA/list 2014-11-09 15:57:19 UTC (rev 29933) @@ -1,3 +1,6 @@ +[09 Nov 2014] DLA-84-1 curl - security update + {CVE-2014-3707} + [squeeze] - curl 7.21.0-2.1+squeeze10 [06 Nov 2014] DLA-83-1 ffmpeg - update [squeeze] - ffmpeg 4:0.5.10-1+deb6u1 [03 Nov 2014] DLA-82-1 wget - security update ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29934 - in data: . DLA
Author: alteholz Date: 2014-11-09 16:11:01 + (Sun, 09 Nov 2014) New Revision: 29934 Modified: data/DLA/list data/dla-needed.txt Log: libxml-security-java done Modified: data/DLA/list === --- data/DLA/list 2014-11-09 15:57:19 UTC (rev 29933) +++ data/DLA/list 2014-11-09 16:11:01 UTC (rev 29934) @@ -1,3 +1,6 @@ +[09 Nov 2014] DLA-85-1 libxml-security-java - security update + {CVE-2013-2172} + [squeeze] - libxml-security-java 1.4.3-2+deb6u1 [09 Nov 2014] DLA-84-1 curl - security update {CVE-2014-3707} [squeeze] - curl 7.21.0-2.1+squeeze10 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-11-09 15:57:19 UTC (rev 29933) +++ data/dla-needed.txt 2014-11-09 16:11:01 UTC (rev 29934) @@ -40,8 +40,6 @@ -- libvncserver -- -libxml-security-java (Thorsten Alteholz) --- libxstream-java (Holger Levsen, help welcome) -- linux-2.6 (Holger Levsen) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30256 - in data: . DLA
Author: alteholz Date: 2014-11-22 16:13:30 + (Sat, 22 Nov 2014) New Revision: 30256 Modified: data/DLA/list data/dla-needed.txt Log: nss done Modified: data/DLA/list === --- data/DLA/list 2014-11-22 14:54:29 UTC (rev 30255) +++ data/DLA/list 2014-11-22 16:13:30 UTC (rev 30256) @@ -1,3 +1,6 @@ +[22 Nov 2014] DLA-89-1 nss - security update + {CVE-2014-1544} + [squeeze] - nss 3.12.8-1+squeeze10 [21 Nov 2014] DLA-88-1 ruby1.8 - security update {CVE-2011-0188 CVE-2011-2686 CVE-2011-2705 CVE-2011-4815 CVE-2014-8080 CVE-2014-8090} [squeeze] - ruby1.8 1.8.7.302-2squeeze3 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-11-22 14:54:29 UTC (rev 30255) +++ data/dla-needed.txt 2014-11-22 16:13:30 UTC (rev 30256) @@ -48,8 +48,6 @@ -- nfs-utils -- -nss --- openjdk-6 -- php5 (Thorsten Alteholz) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30257 - in data: . DLA
Author: alteholz Date: 2014-11-22 18:53:22 + (Sat, 22 Nov 2014) New Revision: 30257 Modified: data/DLA/list data/dla-needed.txt Log: imagemagick done Modified: data/DLA/list === --- data/DLA/list 2014-11-22 16:13:30 UTC (rev 30256) +++ data/DLA/list 2014-11-22 18:53:22 UTC (rev 30257) @@ -1,3 +1,6 @@ +[22 Nov 2014] DLA-90-1 imagemagick - security update + {CVE-2014-8716} + [squeeze] - imagemagick 8:6.6.0.4-3+squeeze5 [22 Nov 2014] DLA-89-1 nss - security update {CVE-2014-1544} [squeeze] - nss 3.12.8-1+squeeze10 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-11-22 16:13:30 UTC (rev 30256) +++ data/dla-needed.txt 2014-11-22 18:53:22 UTC (rev 30257) @@ -23,8 +23,6 @@ -- httpcomponents-client -- -imagemagick --- konversation -- libextlib-ruby ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30258 - data
Author: alteholz Date: 2014-11-22 19:04:57 + (Sat, 22 Nov 2014) New Revision: 30258 Modified: data/dla-needed.txt Log: nfs-utils marked as no-dsa Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-11-22 18:53:22 UTC (rev 30257) +++ data/dla-needed.txt 2014-11-22 19:04:57 UTC (rev 30258) @@ -44,8 +44,6 @@ -- linux-2.6 (Holger Levsen) -- -nfs-utils --- openjdk-6 -- php5 (Thorsten Alteholz) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30265 - data
Author: alteholz Date: 2014-11-23 16:19:34 + (Sun, 23 Nov 2014) New Revision: 30265 Modified: data/dla-needed.txt Log: version of libxstream-java not affected in squeeze Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-11-23 13:31:51 UTC (rev 30264) +++ data/dla-needed.txt 2014-11-23 16:19:34 UTC (rev 30265) @@ -40,8 +40,6 @@ -- libvncserver -- -libxstream-java --- linux-2.6 (Holger Levsen) -- openjdk-6 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30266 - data
Author: alteholz Date: 2014-11-23 16:27:58 + (Sun, 23 Nov 2014) New Revision: 30266 Modified: data/dla-needed.txt Log: package xlhtml removed, marked as no-dsa, no fix available Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-11-23 16:19:34 UTC (rev 30265) +++ data/dla-needed.txt 2014-11-23 16:27:58 UTC (rev 30266) @@ -63,8 +63,6 @@ NOTE: Has been dropped from newer releases. Should we instead mark it unsupported? -- -xlhtml --- wireshark (Balint Reczey) -- wpasupplicant (geissert) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30272 - data
Author: alteholz Date: 2014-11-23 21:24:05 + (Sun, 23 Nov 2014) New Revision: 30272 Modified: data/dla-needed.txt Log: take eglibc Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-11-23 20:57:06 UTC (rev 30271) +++ data/dla-needed.txt 2014-11-23 21:24:05 UTC (rev 30272) @@ -15,7 +15,7 @@ -- drupal6 -- -eglibc +eglibc (Thorsten Alteholz) -- ejabberd -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30322 - in data: . DLA
Author: alteholz Date: 2014-11-25 18:52:16 + (Tue, 25 Nov 2014) New Revision: 30322 Modified: data/DLA/list data/dla-needed.txt Log: php5 done Modified: data/DLA/list === --- data/DLA/list 2014-11-25 18:46:59 UTC (rev 30321) +++ data/DLA/list 2014-11-25 18:52:16 UTC (rev 30322) @@ -1,3 +1,6 @@ +[25 Nov 2014] DLA-94-1 php5 - security update + {CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-3710} + [squeeze] - php5 5.3.3-7+squeeze23 [25 Nov 2014] DLA-93-1 libgcrypt11 - security update {CVE-2014-5270} [squeeze] - libgcrypt11 1.4.5-2+squeeze2 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-11-25 18:46:59 UTC (rev 30321) +++ data/dla-needed.txt 2014-11-25 18:52:16 UTC (rev 30322) @@ -46,9 +46,6 @@ -- openjdk-6 (Raphaël Hertzog) -- -php5 (Thorsten Alteholz) - NOTE: Please include http://git.php.net/?p=php-src.git;a=commitdiff;h=ad1b9eef98df53adefa0c79c02e5dc1f2b928b8c to fix issues with other PHP apps (see CVE-2014-8763/CVE-2014-8764 for example) --- qemu -- qt4-x11 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30356 - data
Author: alteholz Date: 2014-11-26 15:00:00 + (Wed, 26 Nov 2014) New Revision: 30356 Modified: data/dla-needed.txt Log: take qt4-x11 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-11-26 11:38:52 UTC (rev 30355) +++ data/dla-needed.txt 2014-11-26 15:00:00 UTC (rev 30356) @@ -48,7 +48,7 @@ -- qemu -- -qt4-x11 +qt4-x11 (Thorsten Alteholz) -- roundup (Thorsten Alteholz) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30445 - in data: . DLA
Author: alteholz Date: 2014-11-29 18:36:49 + (Sat, 29 Nov 2014) New Revision: 30445 Modified: data/DLA/list data/dla-needed.txt Log: eglibc done Modified: data/DLA/list === --- data/DLA/list 2014-11-29 17:14:10 UTC (rev 30444) +++ data/DLA/list 2014-11-29 18:36:49 UTC (rev 30445) @@ -1,3 +1,6 @@ +[29 Nov 2014] DLA-97-1 eglibc - security update + {CVE-2012-6656 CVE-2014-6040 CVE-2014-7817} + [squeeze] - eglibc 2.11.3-4+deb6u2 [28 Nov 2014] DLA-96-1 openjdk-6 - security update {CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266 CVE-2014-4268 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558} [squeeze] - openjdk-6 6b33-1.13.5-2~deb6u1 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-11-29 17:14:10 UTC (rev 30444) +++ data/dla-needed.txt 2014-11-29 18:36:49 UTC (rev 30445) @@ -15,8 +15,6 @@ -- drupal6 -- -eglibc (Thorsten Alteholz) --- ejabberd -- fckeditor ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30561 - data
Author: alteholz Date: 2014-12-05 18:20:15 + (Fri, 05 Dec 2014) New Revision: 30561 Modified: data/dla-needed.txt Log: add note to qt4-x11 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-12-05 18:01:39 UTC (rev 30560) +++ data/dla-needed.txt 2014-12-05 18:20:15 UTC (rev 30561) @@ -39,6 +39,7 @@ qemu -- qt4-x11 (Thorsten Alteholz) + NOTE: even version in Squeeze does not build with pbuilder :-( -- roundup (Thorsten Alteholz) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30562 - data/DLA
Author: alteholz Date: 2014-12-05 18:21:27 + (Fri, 05 Dec 2014) New Revision: 30562 Modified: data/DLA/list Log: flac done Modified: data/DLA/list === --- data/DLA/list 2014-12-05 18:20:15 UTC (rev 30561) +++ data/DLA/list 2014-12-05 18:21:27 UTC (rev 30562) @@ -1,3 +1,6 @@ +[05 Dec 2014] DLA-99-1 flac - security update + {CVE-2014-8962 CVE-2014-9028} + [squeeze] - flac 1.2.1-2+deb6u1 [02 Dec 2014] DLA-98-1 openvpn - security update {CVE-2014-8104} [squeeze] - openvpn 2.1.3-2+squeeze3 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30567 - data/DLA
Author: alteholz Date: 2014-12-05 19:01:20 + (Fri, 05 Dec 2014) New Revision: 30567 Modified: data/DLA/list Log: mutt done Modified: data/DLA/list === --- data/DLA/list 2014-12-05 18:29:53 UTC (rev 30566) +++ data/DLA/list 2014-12-05 19:01:20 UTC (rev 30567) @@ -1,3 +1,6 @@ +[05 Dec 2014] DLA-100-1 mutt - security update + {CVE-2014-0467} + [squeeze] - mutt 1.5.20-9+squeeze4 [05 Dec 2014] DLA-99-1 flac - security update {CVE-2014-8962 CVE-2014-9028} [squeeze] - flac 1.2.1-2+deb6u1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30570 - data/DLA
Author: alteholz Date: 2014-12-06 12:03:51 + (Sat, 06 Dec 2014) New Revision: 30570 Modified: data/DLA/list Log: jasper done Modified: data/DLA/list === --- data/DLA/list 2014-12-06 07:11:10 UTC (rev 30569) +++ data/DLA/list 2014-12-06 12:03:51 UTC (rev 30570) @@ -1,3 +1,6 @@ +[06 Dec 2014] DLA-101-1 jasper - security update + {CVE-2014-9029} + [squeeze] - jasper 1.900.1-7+squeeze2 [05 Dec 2014] DLA-100-1 mutt - security update {CVE-2014-0467} [squeeze] - mutt 1.5.20-9+squeeze4 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30596 - data/DLA
Author: alteholz Date: 2014-12-08 18:23:06 + (Mon, 08 Dec 2014) New Revision: 30596 Modified: data/DLA/list Log: tcpdump done Modified: data/DLA/list === --- data/DLA/list 2014-12-08 18:13:09 UTC (rev 30595) +++ data/DLA/list 2014-12-08 18:23:06 UTC (rev 30596) @@ -1,3 +1,6 @@ +[08 Dec 2014] DLA-102-1 tcpdump - security update + {CVE-2014-8767 CVE-2014-8769 CVE-2014-9140} + [squeeze] - tcpdump 4.1.1-1+deb6u1 [06 Dec 2014] DLA-101-1 jasper - security update {CVE-2014-9029} [squeeze] - jasper 1.900.1-7+squeeze2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30601 - data
Author: alteholz Date: 2014-12-08 21:09:44 + (Mon, 08 Dec 2014) New Revision: 30601 Modified: data/dla-needed.txt Log: take qemu Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-12-08 20:43:56 UTC (rev 30600) +++ data/dla-needed.txt 2014-12-08 21:09:44 UTC (rev 30601) @@ -36,7 +36,7 @@ -- linux-2.6 (Holger Levsen) -- -qemu +qemu (Thorsten Alteholz) -- qt4-x11 (Thorsten Alteholz) NOTE: even version in Squeeze does not build with pbuilder :-( ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30670 - data
Author: alteholz Date: 2014-12-11 11:11:04 + (Thu, 11 Dec 2014) New Revision: 30670 Modified: data/dla-needed.txt Log: add new packages Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-12-11 10:20:33 UTC (rev 30669) +++ data/dla-needed.txt 2014-12-11 11:11:04 UTC (rev 30670) @@ -9,6 +9,8 @@ -- axis -- +bind9 +-- commons-httpclient -- drupal6 @@ -17,6 +19,8 @@ -- fckeditor -- +graphviz (Thorsten Alteholz) +-- httpcomponents-client -- konversation @@ -34,6 +38,8 @@ -- libvncserver -- +pdns-recursor (Thorsten Alteholz) +-- qemu (Thorsten Alteholz) -- qt4-x11 (Thorsten Alteholz) @@ -51,6 +57,8 @@ NOTE: Has been dropped from newer releases. Should we instead mark it unsupported? -- +unbound +-- wireshark (Balint Reczey) -- wpasupplicant (geissert) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30679 - in data: . DLA
Author: alteholz Date: 2014-12-11 18:50:07 + (Thu, 11 Dec 2014) New Revision: 30679 Modified: data/DLA/list data/dla-needed.txt Log: pdns-recursor done Modified: data/DLA/list === --- data/DLA/list 2014-12-11 16:57:05 UTC (rev 30678) +++ data/DLA/list 2014-12-11 18:50:07 UTC (rev 30679) @@ -1,3 +1,6 @@ +[11 Dec 2014] DLA-104-1 pdns-recursor - security update + {CVE-2014-8601} + [squeeze] - pdns-recursor 3.2-4+deb6u1 [09 Dec 2014] DLA-103-1 linux-2.6 - security update {CVE-2012-6657 CVE-2013-0228 CVE-2013-7266 CVE-2014-4157 CVE-2014-4508 CVE-2014-4653 CVE-2014-4654 CVE-2014-4655 CVE-2014-4943 CVE-2014-5077 CVE-2014-5471 CVE-2014-5472 CVE-2014-9090} [squeeze] - linux-2.6 CVE-2014-90902.6.32-48squeeze9 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-12-11 16:57:05 UTC (rev 30678) +++ data/dla-needed.txt 2014-12-11 18:50:07 UTC (rev 30679) @@ -38,8 +38,6 @@ -- libvncserver -- -pdns-recursor (Thorsten Alteholz) --- qemu (Thorsten Alteholz) -- qt4-x11 (Thorsten Alteholz) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30680 - data
Author: alteholz Date: 2014-12-11 19:07:24 + (Thu, 11 Dec 2014) New Revision: 30680 Modified: data/dla-needed.txt Log: no support for qemu in Squeeze LTS Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-12-11 18:50:07 UTC (rev 30679) +++ data/dla-needed.txt 2014-12-11 19:07:24 UTC (rev 30680) @@ -38,8 +38,6 @@ -- libvncserver -- -qemu (Thorsten Alteholz) --- qt4-x11 (Thorsten Alteholz) NOTE: even version in Squeeze does not build with pbuilder :-( -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30683 - in data: . DLA
Author: alteholz Date: 2014-12-11 21:26:02 + (Thu, 11 Dec 2014) New Revision: 30683 Modified: data/DLA/list data/dla-needed.txt Log: graphviz done Modified: data/DLA/list === --- data/DLA/list 2014-12-11 21:10:16 UTC (rev 30682) +++ data/DLA/list 2014-12-11 21:26:02 UTC (rev 30683) @@ -1,3 +1,6 @@ +[11 Dec 2014] DLA-105-1 graphviz - security update + {CVE-2014-9157} + [squeeze] - graphviz 2.26.3-5+squeeze3 [11 Dec 2014] DLA-104-1 pdns-recursor - security update {CVE-2014-8601} [squeeze] - pdns-recursor 3.2-4+deb6u1 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-12-11 21:10:16 UTC (rev 30682) +++ data/dla-needed.txt 2014-12-11 21:26:02 UTC (rev 30683) @@ -19,8 +19,6 @@ -- fckeditor -- -graphviz (Thorsten Alteholz) --- httpcomponents-client -- konversation ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30704 - data
Author: alteholz Date: 2014-12-12 14:10:06 + (Fri, 12 Dec 2014) New Revision: 30704 Modified: data/dla-needed.txt Log: take unbound Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-12-12 13:50:47 UTC (rev 30703) +++ data/dla-needed.txt 2014-12-12 14:10:06 UTC (rev 30704) @@ -57,7 +57,7 @@ NOTE: Has been dropped from newer releases. Should we instead mark it unsupported? -- -unbound +unbound (Thorsten Alteholz) -- wireshark (Balint Reczey) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30717 - in data: . DLA
Author: alteholz Date: 2014-12-12 18:47:29 + (Fri, 12 Dec 2014) New Revision: 30717 Modified: data/DLA/list data/dla-needed.txt Log: unbound done Modified: data/DLA/list === --- data/DLA/list 2014-12-12 18:26:07 UTC (rev 30716) +++ data/DLA/list 2014-12-12 18:47:29 UTC (rev 30717) @@ -1,3 +1,6 @@ +[12 Dec 2014] DLA-107-1 unbound - security update + {CVE-2014-8602} + [squeeze] - unbound 1.4.6-1+squeeze4 [12 Dec 2014] DLA-106-1 getmail4 - security update {CVE-2014-7273 CVE-2014-7274 CVE-2014-7275} [squeeze] - getmail4 4.46.0-1~deb6u1 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-12-12 18:26:07 UTC (rev 30716) +++ data/dla-needed.txt 2014-12-12 18:47:29 UTC (rev 30717) @@ -73,8 +73,6 @@ NOTE: Has been dropped from newer releases. Should we instead mark it unsupported? -- -unbound (Thorsten Alteholz) --- unrtf -- wireshark (Balint Reczey) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30718 - data
Author: alteholz Date: 2014-12-12 19:01:46 + (Fri, 12 Dec 2014) New Revision: 30718 Modified: data/dla-needed.txt Log: take nfs-utils Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-12-12 18:47:29 UTC (rev 30717) +++ data/dla-needed.txt 2014-12-12 19:01:46 UTC (rev 30718) @@ -48,7 +48,7 @@ -- linux-2.6 -- -nfs-utils +nfs-utils (Thorsten Alteholz) -- nss -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30724 - in data: . DLA
Author: alteholz Date: 2014-12-13 10:56:04 + (Sat, 13 Dec 2014) New Revision: 30724 Modified: data/DLA/list data/dla-needed.txt Log: nfs-utils done Modified: data/DLA/list === --- data/DLA/list 2014-12-13 06:22:06 UTC (rev 30723) +++ data/DLA/list 2014-12-13 10:56:04 UTC (rev 30724) @@ -1,3 +1,6 @@ +[13 Dec 2014] DLA-108-1 nfs-utils - security update + {CVE-2012-3541} + [squeeze] - nfs-utils 1:1.2.2-4squeeze3 [12 Dec 2014] DLA-107-1 unbound - security update {CVE-2014-8602} [squeeze] - unbound 1.4.6-1+squeeze4 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-12-13 06:22:06 UTC (rev 30723) +++ data/dla-needed.txt 2014-12-13 10:56:04 UTC (rev 30724) @@ -48,8 +48,6 @@ -- linux-2.6 -- -nfs-utils (Thorsten Alteholz) --- nss -- pyyaml ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30729 - data
Author: alteholz Date: 2014-12-13 13:28:17 + (Sat, 13 Dec 2014) New Revision: 30729 Modified: data/dla-needed.txt Log: take some packages Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-12-13 12:48:46 UTC (rev 30728) +++ data/dla-needed.txt 2014-12-13 13:28:17 UTC (rev 30729) @@ -11,7 +11,7 @@ -- bind9 -- -binutils +binutils (Thorsten Alteholz) -- commons-httpclient -- @@ -42,15 +42,15 @@ -- libvncserver -- -libyaml +libyaml (Thorsten Alteholz) -- -libyaml-libyaml-perl +libyaml-libyaml-perl (Thorsten Alteholz) -- linux-2.6 -- nss -- -pyyaml +pyyaml (Thorsten Alteholz) -- qemu -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30739 - in data: . DLA
Author: alteholz Date: 2014-12-14 13:26:16 + (Sun, 14 Dec 2014) New Revision: 30739 Modified: data/DLA/list data/dla-needed.txt Log: libyaml-libyaml-perl done Modified: data/DLA/list === --- data/DLA/list 2014-12-14 12:21:15 UTC (rev 30738) +++ data/DLA/list 2014-12-14 13:26:16 UTC (rev 30739) @@ -1,3 +1,6 @@ +[14 Dec 2014] DLA-109-1 libyaml-libyaml-perl - security update + {CVE-2014-9130} + [squeeze] - libyaml-libyaml-perl 0.33-1+squeeze4 [13 Dec 2014] DLA-108-1 nfs-utils - security update {CVE-2012-3541} [squeeze] - nfs-utils 1:1.2.2-4squeeze3 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-12-14 12:21:15 UTC (rev 30738) +++ data/dla-needed.txt 2014-12-14 13:26:16 UTC (rev 30739) @@ -44,8 +44,6 @@ -- libyaml (Thorsten Alteholz) -- -libyaml-libyaml-perl (Thorsten Alteholz) --- linux-2.6 -- nss ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30740 - in data: . DLA
Author: alteholz Date: 2014-12-14 13:50:56 + (Sun, 14 Dec 2014) New Revision: 30740 Modified: data/DLA/list data/dla-needed.txt Log: libyaml done Modified: data/DLA/list === --- data/DLA/list 2014-12-14 13:26:16 UTC (rev 30739) +++ data/DLA/list 2014-12-14 13:50:56 UTC (rev 30740) @@ -1,3 +1,6 @@ +[14 Dec 2014] DLA-110-1 libyaml - security update + {CVE-2014-9130} + [squeeze] - libyaml 0.1.3-1+deb6u5 [14 Dec 2014] DLA-109-1 libyaml-libyaml-perl - security update {CVE-2014-9130} [squeeze] - libyaml-libyaml-perl 0.33-1+squeeze4 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-12-14 13:26:16 UTC (rev 30739) +++ data/dla-needed.txt 2014-12-14 13:50:56 UTC (rev 30740) @@ -42,8 +42,6 @@ -- libvncserver -- -libyaml (Thorsten Alteholz) --- linux-2.6 -- nss ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30861 - data
Author: alteholz Date: 2014-12-20 11:34:57 + (Sat, 20 Dec 2014) New Revision: 30861 Modified: data/dla-needed.txt Log: php5 added Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-12-20 07:23:12 UTC (rev 30860) +++ data/dla-needed.txt 2014-12-20 11:34:57 UTC (rev 30861) @@ -46,6 +46,10 @@ -- nss -- +php5 (Thorsten Alteholz) + NOTE: update planned for January + NOTE: include Univention patches +-- pyyaml (Thorsten Alteholz) -- qemu ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30886 - in data: . DLA
Author: alteholz Date: 2014-12-21 13:13:16 + (Sun, 21 Dec 2014) New Revision: 30886 Modified: data/DLA/list data/dla-needed.txt Log: qt4-x11 done Modified: data/DLA/list === --- data/DLA/list 2014-12-21 12:51:10 UTC (rev 30885) +++ data/DLA/list 2014-12-21 13:13:16 UTC (rev 30886) @@ -1,3 +1,6 @@ +[21 Dec 2014] DLA-117-1 qt4-x11 - security update + {CVE-2011-3193 CVE-2011-3194} + [squeeze] - qt4-x11 4:4.6.3-4+squeeze2 [20 Dec 2014] DLA-116-1 ntp - security update {CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296} [squeeze] - ntp 1:4.2.6.p2+dfsg-1+deb6u1 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-12-21 12:51:10 UTC (rev 30885) +++ data/dla-needed.txt 2014-12-21 13:13:16 UTC (rev 30886) @@ -54,9 +54,6 @@ -- qemu -- -qt4-x11 (Thorsten Alteholz) - NOTE: even version in Squeeze does not build with pbuilder :-( --- roundup (Thorsten Alteholz) -- rpm ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30919 - data
Author: alteholz Date: 2014-12-22 16:04:17 + (Mon, 22 Dec 2014) New Revision: 30919 Modified: data/dla-needed.txt Log: take eglibc and jasper Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-12-22 15:58:36 UTC (rev 30918) +++ data/dla-needed.txt 2014-12-22 16:04:17 UTC (rev 30919) @@ -15,7 +15,7 @@ -- coreutils -- -eglibc +eglibc (Thorsten Alteholz) -- ejabberd -- @@ -34,7 +34,7 @@ -- httpcomponents-client -- -jasper +jasper (Thorsten Alteholz) -- jqueryui (Holger Levsen) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30920 - in data: . DLA
Author: alteholz Date: 2014-12-22 16:18:59 + (Mon, 22 Dec 2014) New Revision: 30920 Modified: data/DLA/list data/dla-needed.txt Log: jasper done Modified: data/DLA/list === --- data/DLA/list 2014-12-22 16:04:17 UTC (rev 30919) +++ data/DLA/list 2014-12-22 16:18:59 UTC (rev 30920) @@ -1,3 +1,6 @@ +[22 Dec 2014] DLA-121-1 jasper - security update + {CVE-2014-8137 CVE-2014-8138} + [squeeze] - jasper 1.900.1-7+squeeze3 [22 Dec 2014] DLA-120-1 xorg-server - security update {CVE-2014-8091 CVE-2014-8092 CVE-2014-8093 CVE-2014-8094 CVE-2014-8095 CVE-2014-8096 CVE-2014-8097 CVE-2014-8098 CVE-2014-8099 CVE-2014-8100 CVE-2014-8101 CVE-2014-8102} [squeeze] - xorg-server 2:1.7.7-18+deb6u1 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-12-22 16:04:17 UTC (rev 30919) +++ data/dla-needed.txt 2014-12-22 16:18:59 UTC (rev 30920) @@ -34,8 +34,6 @@ -- httpcomponents-client -- -jasper (Thorsten Alteholz) --- jqueryui (Holger Levsen) -- konversation ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30925 - in data: . DLA
Author: alteholz Date: 2014-12-22 18:47:53 + (Mon, 22 Dec 2014) New Revision: 30925 Modified: data/DLA/list data/dla-needed.txt Log: eglibc done Modified: data/DLA/list === --- data/DLA/list 2014-12-22 17:30:36 UTC (rev 30924) +++ data/DLA/list 2014-12-22 18:47:53 UTC (rev 30925) @@ -1,3 +1,6 @@ +[22 Dec 2014] DLA-122-1 eglibc - security update + {CVE-2014-9402} + [squeeze] - eglibc 2.11.3-4+deb6u3 [22 Dec 2014] DLA-121-1 jasper - security update {CVE-2014-8137 CVE-2014-8138} [squeeze] - jasper 1.900.1-7+squeeze3 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-12-22 17:30:36 UTC (rev 30924) +++ data/dla-needed.txt 2014-12-22 18:47:53 UTC (rev 30925) @@ -15,8 +15,6 @@ -- coreutils -- -eglibc (Thorsten Alteholz) --- ejabberd -- ettercap ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30943 - in data: . DLA
Author: alteholz Date: 2014-12-23 14:00:07 + (Tue, 23 Dec 2014) New Revision: 30943 Modified: data/DLA/list data/dla-needed.txt Log: firebird 2.5 done Modified: data/DLA/list === --- data/DLA/list 2014-12-23 13:36:41 UTC (rev 30942) +++ data/DLA/list 2014-12-23 14:00:07 UTC (rev 30943) @@ -1,3 +1,6 @@ +[23 Dec 2014] DLA-123-1 firebird2.5 - security update + {CVE-2014-9323} + [squeeze] - firebird2.5 2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2 [22 Dec 2014] DLA-122-1 eglibc - security update {CVE-2014-9402} [squeeze] - eglibc 2.11.3-4+deb6u3 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-12-23 13:36:41 UTC (rev 30942) +++ data/dla-needed.txt 2014-12-23 14:00:07 UTC (rev 30943) @@ -26,8 +26,6 @@ -- firebird2.1 -- -firebird2.5 --- git -- httpcomponents-client ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31000 - data/DLA
Author: alteholz Date: 2014-12-28 18:44:05 + (Sun, 28 Dec 2014) New Revision: 31000 Modified: data/DLA/list Log: unzip done Modified: data/DLA/list === --- data/DLA/list 2014-12-28 12:01:54 UTC (rev 30999) +++ data/DLA/list 2014-12-28 18:44:05 UTC (rev 31000) @@ -1,3 +1,6 @@ +[28 Dec 2014] DLA-124-1 unzip - security update + {CVE-2014-8139 CVE-2014-8140 CVE-2014-8141} + [squeeze] - unzip 6.0-4+deb6u1 [23 Dec 2014] DLA-123-1 firebird2.5 - security update {CVE-2014-9323} [squeeze] - firebird2.5 2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31026 - in data: . DLA
Author: alteholz Date: 2014-12-29 18:51:19 + (Mon, 29 Dec 2014) New Revision: 31026 Modified: data/DLA/list data/dla-needed.txt Log: ettercap done Modified: data/DLA/list === --- data/DLA/list 2014-12-29 18:50:54 UTC (rev 31025) +++ data/DLA/list 2014-12-29 18:51:19 UTC (rev 31026) @@ -1,3 +1,6 @@ +[29 Dec 2014] DLA-126-1 ettercap - security update + {CVE-2014-9380 CVE-2014-9381} + [squeeze] - ettercap 1:0.7.3-2.1+squeeze2 [29 Dec 2014] DLA-125-1 mime-support - security update {CVE-2014-7209} [squeeze] - mime-support 3.48-1+deb6u1 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-12-29 18:50:54 UTC (rev 31025) +++ data/dla-needed.txt 2014-12-29 18:51:19 UTC (rev 31026) @@ -17,9 +17,6 @@ -- ejabberd -- -ettercap - NOTE: see discussion with maintainer and upstream author in #773416 --- dokuwiki -- file (Christoph Biedl) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31101 - in data: . DLA
Author: alteholz Date: 2015-01-03 16:47:25 + (Sat, 03 Jan 2015) New Revision: 31101 Modified: data/DLA/list data/dla-needed.txt Log: pyyaml done Modified: data/DLA/list === --- data/DLA/list 2015-01-03 05:24:14 UTC (rev 31100) +++ data/DLA/list 2015-01-03 16:47:25 UTC (rev 31101) @@ -1,3 +1,6 @@ +[03 Jan 2015] DLA-127-1 pyyaml - security update + {CVE-2014-9130} + [squeeze] - pyyaml 3.09-5+deb6u1 [29 Dec 2014] DLA-126-1 ettercap - security update {CVE-2014-9380 CVE-2014-9381} [squeeze] - ettercap 1:0.7.3-2.1+squeeze2 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-01-03 05:24:14 UTC (rev 31100) +++ data/dla-needed.txt 2015-01-03 16:47:25 UTC (rev 31101) @@ -52,8 +52,6 @@ NOTE: update planned for January NOTE: include Univention patches -- -pyyaml (Thorsten Alteholz) --- qemu -- qt4-x11 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31102 - data/DLA
Author: alteholz Date: 2015-01-03 18:45:54 + (Sat, 03 Jan 2015) New Revision: 31102 Modified: data/DLA/list Log: sox done Modified: data/DLA/list === --- data/DLA/list 2015-01-03 16:47:25 UTC (rev 31101) +++ data/DLA/list 2015-01-03 18:45:54 UTC (rev 31102) @@ -1,3 +1,6 @@ +[03 Jan 2015] DLA-128-1 sox - security update + {CVE-2014-8145} + [squeeze] - sox 14.3.1-1+deb6u1 [03 Jan 2015] DLA-127-1 pyyaml - security update {CVE-2014-9130} [squeeze] - pyyaml 3.09-5+deb6u1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31103 - data/DLA
Author: alteholz Date: 2015-01-03 18:52:55 + (Sat, 03 Jan 2015) New Revision: 31103 Modified: data/DLA/list Log: polarssl done Modified: data/DLA/list === --- data/DLA/list 2015-01-03 18:45:54 UTC (rev 31102) +++ data/DLA/list 2015-01-03 18:52:55 UTC (rev 31103) @@ -1,3 +1,6 @@ +[03 Jan 2015] DLA-129-1 polarssl - security update + {CVE-2014-8628} + [squeeze] - polarssl 1.2.9-1~deb6u3 [03 Jan 2015] DLA-128-1 sox - security update {CVE-2014-8145} [squeeze] - sox 14.3.1-1+deb6u1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31201 - in data: . DLA
Author: alteholz Date: 2015-01-08 18:54:13 + (Thu, 08 Jan 2015) New Revision: 31201 Modified: data/DLA/list data/dla-needed.txt Log: firebird2.1 done Modified: data/DLA/list === --- data/DLA/list 2015-01-08 18:35:37 UTC (rev 31200) +++ data/DLA/list 2015-01-08 18:54:13 UTC (rev 31201) @@ -1,3 +1,6 @@ +[08 Jan 2015] DLA-130-1 firebird2.1 - security update + {CVE-2014-9323} + [squeeze] - firebird2.1 2.1.3.18185-0.ds1-11+squeeze2 [03 Jan 2015] DLA-129-1 polarssl - security update {CVE-2014-8628} [squeeze] - polarssl 1.2.9-1~deb6u3 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-01-08 18:35:37 UTC (rev 31200) +++ data/dla-needed.txt 2015-01-08 18:54:13 UTC (rev 31201) @@ -21,8 +21,6 @@ -- file (Christoph Biedl) -- -firebird2.1 --- git -- httpcomponents-client ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31250 - data/CVE
Author: alteholz Date: 2015-01-10 15:58:00 + (Sat, 10 Jan 2015) New Revision: 31250 Modified: data/CVE/list Log: update CVE-2014-9427/php5 entry for squeeze Modified: data/CVE/list === --- data/CVE/list 2015-01-10 14:40:47 UTC (rev 31249) +++ data/CVE/list 2015-01-10 15:58:00 UTC (rev 31250) @@ -1306,6 +1306,7 @@ CVE-2014-9427 (sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x ...) {DSA-3117-1} - php5 + [squeeze] - php5 (Introduced in 5.4.1) NOTE: https://bugs.php.net/bug.php?id=68618 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=f9ad3086693fce680fbe246e4a45aa92edd2ac35 CVE-2014- [CRAM-MD5 authentication bypass] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31251 - data/CVE
Author: alteholz Date: 2015-01-10 16:07:16 + (Sat, 10 Jan 2015) New Revision: 31251 Modified: data/CVE/list Log: update CVE-2015-/php5 entry for squeeze Modified: data/CVE/list === --- data/CVE/list 2015-01-10 15:58:00 UTC (rev 31250) +++ data/CVE/list 2015-01-10 16:07:16 UTC (rev 31251) @@ -861,6 +861,7 @@ TODO: check CVE-2015- [Use after free in 'opcache' component of PHP] - php5 + [squeeze] - php5 (vulnerable code introduced later) NOTE: https://bugs.php.net/bug.php?id=68677 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=777c39f4042327eac4b63c7ee87dc1c7a09a3115 TODO: check ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31343 - in data: . DLA
Author: alteholz Date: 2015-01-14 18:45:04 + (Wed, 14 Jan 2015) New Revision: 31343 Modified: data/DLA/list data/dla-needed.txt Log: unrtf done Modified: data/DLA/list === --- data/DLA/list 2015-01-14 17:53:17 UTC (rev 31342) +++ data/DLA/list 2015-01-14 18:45:04 UTC (rev 31343) @@ -1,3 +1,6 @@ +[14 Jan 2015] DLA-133-1 unrtf - security update + {CVE-2014-9274 CVE-2014-9275} + [squeeze] - unrtf 0.19.3-1.1+deb6u1 [11 Jan 2015] DLA-132-1 openssl - security update {CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204} [squeeze] - openssl 0.9.8o-4squeeze19 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-01-14 17:53:17 UTC (rev 31342) +++ data/dla-needed.txt 2015-01-14 18:45:04 UTC (rev 31343) @@ -64,8 +64,6 @@ -- squid -- -unrtf --- wireshark (Balint Reczey) -- wordpress ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31346 - in data: . DLA
Author: alteholz Date: 2015-01-14 19:13:34 + (Wed, 14 Jan 2015) New Revision: 31346 Modified: data/DLA/list data/dla-needed.txt Log: curl done Modified: data/DLA/list === --- data/DLA/list 2015-01-14 18:58:24 UTC (rev 31345) +++ data/DLA/list 2015-01-14 19:13:34 UTC (rev 31346) @@ -1,3 +1,6 @@ +[14 Jan 2015] DLA-134-1 curl - security update + {CVE-2014-8150} + [squeeze] - curl 7.21.0-2.1+squeeze11 [14 Jan 2015] DLA-133-1 unrtf - security update {CVE-2014-9274 CVE-2014-9275} [squeeze] - unrtf 0.19.3-1.1+deb6u1 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-01-14 18:58:24 UTC (rev 31345) +++ data/dla-needed.txt 2015-01-14 19:13:34 UTC (rev 31346) @@ -15,8 +15,6 @@ -- coreutils -- -curl (Nguyen Cong) --- ejabberd -- dokuwiki ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31572 - data/CVE
Author: alteholz Date: 2015-01-21 12:32:47 + (Wed, 21 Jan 2015) New Revision: 31572 Modified: data/CVE/list Log: temporary php CVE not for squeeze Modified: data/CVE/list === --- data/CVE/list 2015-01-21 11:33:51 UTC (rev 31571) +++ data/CVE/list 2015-01-21 12:32:47 UTC (rev 31572) @@ -1799,6 +1799,7 @@ TODO: check CVE-2015- [Null Pointer Deference in pgsql] - php5 + [squeeze] - php5 (vulnerable code (build_tablename()) introduced later) NOTE: https://bugs.php.net/bug.php?id=68741 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=124fb22a13fafa3648e4e15b4f207c7096d8155e TODO: check ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31719 - data
Author: alteholz Date: 2015-01-27 08:52:51 + (Tue, 27 Jan 2015) New Revision: 31719 Modified: data/dla-needed.txt Log: take jasper Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-01-27 08:32:14 UTC (rev 31718) +++ data/dla-needed.txt 2015-01-27 08:52:51 UTC (rev 31719) @@ -23,6 +23,8 @@ -- httpcomponents-client -- +jasper (Thorsten Alteholz) +-- jqueryui (Holger Levsen) -- konversation ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31772 - in data: . DLA
Author: alteholz Date: 2015-01-27 21:50:33 + (Tue, 27 Jan 2015) New Revision: 31772 Modified: data/DLA/list data/dla-needed.txt Log: jasper done Modified: data/DLA/list === --- data/DLA/list 2015-01-27 21:17:33 UTC (rev 31771) +++ data/DLA/list 2015-01-27 21:50:33 UTC (rev 31772) @@ -1,3 +1,6 @@ +[27 Jan 2015] DLA-138-1 jasper - security update + {CVE-2014-8157 CVE-2014-8158} + [squeeze] - jasper 1.900.1-7+squeeze4 [26 Jan 2015] DLA-137-1 libevent - security update {CVE-2014-6272} [squeeze] - libevent 1.4.13-stable-1+deb6u1 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-01-27 21:17:33 UTC (rev 31771) +++ data/dla-needed.txt 2015-01-27 21:50:33 UTC (rev 31772) @@ -25,8 +25,6 @@ -- httpcomponents-client -- -jasper (Thorsten Alteholz) --- jqueryui (Holger Levsen) -- konversation ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31812 - data
Author: alteholz Date: 2015-01-29 07:19:58 + (Thu, 29 Jan 2015) New Revision: 31812 Modified: data/dla-needed.txt Log: take polarssl Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-01-29 06:58:04 UTC (rev 31811) +++ data/dla-needed.txt 2015-01-29 07:19:58 UTC (rev 31812) @@ -58,7 +58,7 @@ -- piwigo -- -polarssl +polarssl (Thorsten Alteholz) -- privoxy (Holger Levsen) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31830 - in data: . DLA
Author: alteholz Date: 2015-01-29 18:53:18 + (Thu, 29 Jan 2015) New Revision: 31830 Modified: data/DLA/list data/dla-needed.txt Log: polarssl done Modified: data/DLA/list === --- data/DLA/list 2015-01-29 18:27:36 UTC (rev 31829) +++ data/DLA/list 2015-01-29 18:53:18 UTC (rev 31830) @@ -1,3 +1,6 @@ +[29 Jan 2015] DLA-144-1 polarssl - security update + {CVE-2015-1182} + [squeeze] - polarssl 1.2.9-1~deb6u4 [29 Jan 2015] DLA-143-1 python-django - security update {CVE-2015-0219 CVE-2015-0220 CVE-2015-0221} [squeeze] - python-django 1.2.3-3+squeeze12 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-01-29 18:27:36 UTC (rev 31829) +++ data/dla-needed.txt 2015-01-29 18:53:18 UTC (rev 31830) @@ -58,8 +58,6 @@ -- piwigo -- -polarssl (Thorsten Alteholz) --- qemu -- qt4-x11 (iESDebian) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31868 - in data: . DLA
Author: alteholz Date: 2015-01-31 13:00:36 + (Sat, 31 Jan 2015) New Revision: 31868 Modified: data/DLA/list data/dla-needed.txt Log: php5 done Modified: data/DLA/list === --- data/DLA/list 2015-01-31 12:57:02 UTC (rev 31867) +++ data/DLA/list 2015-01-31 13:00:36 UTC (rev 31868) @@ -1,3 +1,6 @@ +[31 Jan 2015] DLA-145-1 php5 - security update + {CVE-2014-0237 CVE-2014-0238 CVE-2014-2270 CVE-2014-8117} + [squeeze] - php5 5.3.3-7+squeeze24 [29 Jan 2015] DLA-144-1 polarssl - security update {CVE-2015-1182} [squeeze] - polarssl 1.2.9-1~deb6u4 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-01-31 12:57:02 UTC (rev 31867) +++ data/dla-needed.txt 2015-01-31 13:00:36 UTC (rev 31868) @@ -50,10 +50,6 @@ -- openjdk-6 -- -php5 (Thorsten Alteholz) - NOTE: update planned for January - NOTE: include Univention patches --- piwigo -- qemu ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31913 - data/DLA
Author: alteholz Date: 2015-02-02 16:30:14 + (Mon, 02 Feb 2015) New Revision: 31913 Modified: data/DLA/list Log: DLA-145-1 php5 regression update Modified: data/DLA/list === --- data/DLA/list 2015-02-02 16:27:16 UTC (rev 31912) +++ data/DLA/list 2015-02-02 16:30:14 UTC (rev 31913) @@ -1,3 +1,5 @@ +[02 Feb 2015] DLA-145-2 php5 - regression update + [squeeze] - php5 5.3.3-7+squeeze25 [31 Jan 2015] DLA-145-1 php5 - security update {CVE-2014-0237 CVE-2014-0238 CVE-2014-2270 CVE-2014-8117} [squeeze] - php5 5.3.3-7+squeeze24 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31969 - data
Author: alteholz Date: 2015-02-04 21:37:02 + (Wed, 04 Feb 2015) New Revision: 31969 Modified: data/dla-needed.txt Log: take unzip, libxml2 and krb5 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-02-04 21:10:17 UTC (rev 31968) +++ data/dla-needed.txt 2015-02-04 21:37:02 UTC (rev 31969) @@ -25,6 +25,8 @@ -- konversation -- +krb5 (Thorsten Alteholz) +-- libclamunrar NOTE: wheezy got a backport of 0.98.5, check if we should do the same in Squeeze? (non-free package) @@ -42,7 +44,7 @@ -- libvncserver (Nguyen Cong) -- -libxml2 +libxml2 (Thorsten Alteholz) -- linux-2.6 (Ben Hutchings) -- @@ -64,6 +66,8 @@ -- sympa (Emmanuel Bouthenot) -- +unzip (Thorsten Alteholz) +-- wireshark (Balint Reczey) -- wordpress ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32034 - in data: . DLA
Author: alteholz Date: 2015-02-06 21:50:36 + (Fri, 06 Feb 2015) New Revision: 32034 Modified: data/DLA/list data/dla-needed.txt Log: krb5 done Modified: data/DLA/list === --- data/DLA/list 2015-02-06 21:10:20 UTC (rev 32033) +++ data/DLA/list 2015-02-06 21:50:36 UTC (rev 32034) @@ -1,3 +1,6 @@ +[06 Feb 2015] DLA-146-1 krb5 - security update + {CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423} + [squeeze] - krb5 1.8.3+dfsg-4squeeze9 [02 Feb 2015] DLA-145-2 php5 - regression update [squeeze] - php5 5.3.3-7+squeeze25 [31 Jan 2015] DLA-145-1 php5 - security update Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-02-06 21:10:20 UTC (rev 32033) +++ data/dla-needed.txt 2015-02-06 21:50:36 UTC (rev 32034) @@ -27,8 +27,6 @@ -- konversation -- -krb5 (Thorsten Alteholz) --- libclamunrar NOTE: wheezy got a backport of 0.98.5, check if we should do the same in Squeeze? (non-free package) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32063 - in data: . DLA
Author: alteholz Date: 2015-02-07 13:31:39 + (Sat, 07 Feb 2015) New Revision: 32063 Modified: data/DLA/list data/dla-needed.txt Log: unzip done Modified: data/DLA/list === --- data/DLA/list 2015-02-07 13:03:30 UTC (rev 32062) +++ data/DLA/list 2015-02-07 13:31:39 UTC (rev 32063) @@ -1,3 +1,6 @@ +[07 Feb 2015] DLA-150-1 unzip - security update + {CVE-2014-8139 CVE-2014-9636} + [squeeze] - unzip 6.0-4+deb6u2 [07 Feb 2015] DLA-149-1 ntp - security update {CVE-2014-9297 CVE-2014-9298} [squeeze] - ntp 1:4.2.6.p2+dfsg-1+deb6u2 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-02-07 13:03:30 UTC (rev 32062) +++ data/dla-needed.txt 2015-02-07 13:31:39 UTC (rev 32063) @@ -72,8 +72,6 @@ -- unrar-nonfree -- -unzip (Thorsten Alteholz) --- virtualbox-ose -- wireshark (Balint Reczey) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32069 - in data: . DLA
Author: alteholz Date: 2015-02-07 14:20:33 + (Sat, 07 Feb 2015) New Revision: 32069 Modified: data/DLA/list data/dla-needed.txt Log: libxml2 done Modified: data/DLA/list === --- data/DLA/list 2015-02-07 14:19:28 UTC (rev 32068) +++ data/DLA/list 2015-02-07 14:20:33 UTC (rev 32069) @@ -1,3 +1,6 @@ +[07 Feb 2015] DLA-151-1 libxml2 - security update + {CVE-2014-0191 CVE-2014-3660} + [squeeze] - libxml2 2.7.8.dfsg-2+squeeze11 [07 Feb 2015] DLA-150-1 unzip - security update {CVE-2014-8139 CVE-2014-9636} [squeeze] - unzip 6.0-4+deb6u2 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-02-07 14:19:28 UTC (rev 32068) +++ data/dla-needed.txt 2015-02-07 14:20:33 UTC (rev 32069) @@ -44,8 +44,6 @@ -- libvncserver (Nguyen Cong) -- -libxml2 (Thorsten Alteholz) --- linux-2.6 (Ben Hutchings) -- nss ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32314 - data
Author: alteholz Date: 2015-02-18 14:43:11 + (Wed, 18 Feb 2015) New Revision: 32314 Modified: data/dla-needed.txt Log: take php5 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-02-18 14:22:17 UTC (rev 32313) +++ data/dla-needed.txt 2015-02-18 14:43:11 UTC (rev 32314) @@ -52,7 +52,8 @@ -- openjdk-6 -- -php5 +php5 (Thorsten Alteholz) + NOTE: upload in March -- phpmyadmin -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32549 - data
Author: alteholz Date: 2015-02-28 14:27:57 + (Sat, 28 Feb 2015) New Revision: 32549 Modified: data/dla-needed.txt Log: get libgtk2-perl and mod-gnutls Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-02-28 14:17:31 UTC (rev 32548) +++ data/dla-needed.txt 2015-02-28 14:27:57 UTC (rev 32549) @@ -46,7 +46,7 @@ libextlib-ruby NOTE: debdiff of Salvatore Bonaccorso ready in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697895#23 -- -libgtk2-perl +libgtk2-perl (Thorsten Alteholz) -- libnokogiri-ruby -- @@ -58,7 +58,7 @@ -- libvncserver (Nguyen Cong) -- -mod-gnutls +mod-gnutls (Thorsten Alteholz) --- p7zip -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32552 - in data: . CVE DLA
Author: alteholz Date: 2015-02-28 16:22:55 + (Sat, 28 Feb 2015) New Revision: 32552 Modified: data/CVE/list data/DLA/list data/dla-needed.txt Log: libgtk2-perl done Modified: data/CVE/list === --- data/CVE/list 2015-02-28 15:41:12 UTC (rev 32551) +++ data/CVE/list 2015-02-28 16:22:55 UTC (rev 32552) @@ -1062,6 +1062,7 @@ - libgtk2-perl 2:1.2492-4 [wheezy] - libgtk2-perl 2:1.244-1+deb7u1 NOTE: wheezy tagged entry as workaround/reminder for when CVE is assigned + NOTE: CVE needs to be added to data/DLA/list as well NOTE: https://mail.gnome.org/archives/gtk-perl-list/2015-January/msg00039.html NOTE: https://bugs.mageia.org/show_bug.cgi?id=15173 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/20/14 Modified: data/DLA/list === --- data/DLA/list 2015-02-28 15:41:12 UTC (rev 32551) +++ data/DLA/list 2015-02-28 16:22:55 UTC (rev 32552) @@ -1,3 +1,5 @@ +[28 Feb 2015] DLA-161-1 libgtk2-perl - security update + [squeeze] - libgtk2-perl 2:1.222-1+deb6u1 [27 Feb 2015] DLA-160-1 sudo - security update {CVE-2014-0106 CVE-2014-9680} [squeeze] - sudo 1.7.4p4-2.squeeze.5 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-02-28 15:41:12 UTC (rev 32551) +++ data/dla-needed.txt 2015-02-28 16:22:55 UTC (rev 32552) @@ -46,8 +46,6 @@ libextlib-ruby NOTE: debdiff of Salvatore Bonaccorso ready in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697895#23 -- -libgtk2-perl (Thorsten Alteholz) --- libnokogiri-ruby -- libjson-ruby ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32553 - data/CVE
Author: alteholz Date: 2015-02-28 18:36:12 + (Sat, 28 Feb 2015) New Revision: 32553 Modified: data/CVE/list Log: mark CVE-2012-6687 for libfcgi as no-dsa, follow the decision of the security team for Wheezy Modified: data/CVE/list === --- data/CVE/list 2015-02-28 16:22:55 UTC (rev 32552) +++ data/CVE/list 2015-02-28 18:36:12 UTC (rev 32553) @@ -1629,6 +1629,7 @@ CVE-2012-6687 (FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause ...) - libfcgi 2.4.0-8.3 (bug #681591) [wheezy] - libfcgi (Minor issue) + [squeeze] - libfcgi (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/4 CVE-2012- [Stack-based buffer overflow when scanning directory structure for absolute path entries] - fuseiso (bug #779047) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits