[Secure-testing-commits] r38561 - in data: . DLA
Author: alteholz
Date: 2015-12-27 21:01:16 + (Sun, 27 Dec 2015)
New Revision: 38561
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-375-1 for libpng
Modified: data/DLA/list
===
--- data/DLA/list 2015-12-27 19:35:23 UTC (rev 38560)
+++ data/DLA/list 2015-12-27 21:01:16 UTC (rev 38561)
@@ -1,3 +1,6 @@
+[27 Dec 2015] DLA-375-1 libpng - security update
+ {CVE-2012-3425 CVE-2015-8472 CVE-2015-8540}
+ [squeeze] - libpng 1.2.44-1+squeeze6
[26 Dec 2015] DLA-374-1 cacti - security update
{CVE-2015-8369 CVE-2015-8377}
[squeeze] - cacti 0.8.7g-1+squeeze9+deb6u11
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2015-12-27 19:35:23 UTC (rev 38560)
+++ data/dla-needed.txt 2015-12-27 21:01:16 UTC (rev 38561)
@@ -14,8 +14,6 @@
dbconfig-common
NOTE: maintainer should take care of this, cf
https://lists.debian.org/565626bf.2010...@debian.org
--
-libpng (Thorsten Alteholz)
---
libraw
--
libvncserver (Mike Gabriel)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r38563 - data
Author: alteholz Date: 2015-12-27 21:14:08 + (Sun, 27 Dec 2015) New Revision: 38563 Modified: data/dla-needed.txt Log: take srtp and passenger Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-12-27 21:10:11 UTC (rev 38562) +++ data/dla-needed.txt 2015-12-27 21:14:08 UTC (rev 38563) @@ -28,7 +28,7 @@ NOTE: Trying to sync the solution for CVE-2015-4000 with security team first NOTE: see https://lists.debian.org/debian-lts/2015/12/msg00025.html -- -passenger +passenger (Thorsten Alteholz) NOTE: code is in ext/apache2/Hooks.cpp:sendHeaders() -- php5 (Thorsten Alteholz) @@ -43,7 +43,7 @@ -- samba (Santiago R.R.) -- -srtp +srtp (Thorsten Alteholz) -- sudo (Ben Hutchings) NOTE: Maintainer want to review the updated package: ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r27834 - in data: . CVE
Author: alteholz
Date: 2014-07-19 14:51:30 + (Sat, 19 Jul 2014)
New Revision: 27834
Modified:
data/CVE/list
data/lts-needed.txt
Log:
libxml2 for LTS done
Modified: data/CVE/list
===
--- data/CVE/list 2014-07-19 14:26:07 UTC (rev 27833)
+++ data/CVE/list 2014-07-19 14:51:30 UTC (rev 27834)
@@ -12684,6 +12684,7 @@
RESERVED
{DSA-2978-1}
- libxml2 2.9.1+dfsg1-4 (bug #747309)
+ [squeeze] - libxml2 2.7.8.dfsg-2+squeeze9
NOTE: patch:
https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df
CVE-2014-0190 (The GIF decoder in QtGui in Qt before 5.3 allows remote
attackers to ...)
- qt4-x11 4:4.8.6+dfsg-1 (low)
Modified: data/lts-needed.txt
===
--- data/lts-needed.txt 2014-07-19 14:26:07 UTC (rev 27833)
+++ data/lts-needed.txt 2014-07-19 14:51:30 UTC (rev 27834)
@@ -46,8 +46,6 @@
--
libwpd
--
-libxml2 (Thorsten Alteholz)
---
libxml-security-java
--
libxstream-java
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r27835 - data/DLA
Author: alteholz
Date: 2014-07-19 14:54:37 + (Sat, 19 Jul 2014)
New Revision: 27835
Modified:
data/DLA/list
Log:
libxml2 uploaded
Modified: data/DLA/list
===
--- data/DLA/list 2014-07-19 14:51:30 UTC (rev 27834)
+++ data/DLA/list 2014-07-19 14:54:37 UTC (rev 27835)
@@ -2,7 +2,7 @@
{CVE-2014-3515 CVE-2014-0207 CVE-2014-3480 CVE-2014-4721}
[squeeze] - php5 5.3.3-7+squeeze20
reserved DLA-0017-1 tor - new upstream version
-reserved DLA-0016-1 libxml2 - security update
+[19 Jul 2014] DLA-0016-1 libxml2 - security update
{CVE-2014-0191}
[squeeze] - libxml2 2.7.8.dfsg-2+squeeze
[12 Jul 2014] DLA-0015-1 linux-2.6 - security update
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r27836 - data
Author: alteholz Date: 2014-07-19 15:10:15 + (Sat, 19 Jul 2014) New Revision: 27836 Modified: data/lts-needed.txt Log: take fail2ban Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-07-19 14:54:37 UTC (rev 27835) +++ data/lts-needed.txt 2014-07-19 15:10:15 UTC (rev 27836) @@ -14,7 +14,7 @@ evince CVE-2011-0433 -- -fail2ban +fail2ban (Thorsten Alteholz) CVE-2009-5023 (#544232) was already solved in fail2ban (0.8.4-3+squeeze1) CVE-2013-7176, CVE-2013-7177 -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r27918 - in data: . CVE DLA
Author: alteholz
Date: 2014-07-23 19:12:09 + (Wed, 23 Jul 2014)
New Revision: 27918
Modified:
data/CVE/list
data/DLA/list
data/lts-needed.txt
Log:
php5 for LTS done
Modified: data/CVE/list
===
--- data/CVE/list 2014-07-23 17:44:56 UTC (rev 27917)
+++ data/CVE/list 2014-07-23 19:12:09 UTC (rev 27918)
@@ -830,6 +830,7 @@
CVE-2014-4721 (The phpinfo implementation in ext/standard/info.c in PHP before
5.4.30 ...)
{DSA-2974-1}
- php5 5.6.0~rc1+dfsg-2 (low)
+[squeeze] - php5 5.3.3-7+squeeze20
NOTE: https://bugs.php.net/bug.php?id=67498
NOTE: https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html
CVE-2014-4668 (The cherokee_validator_ldap_check function in validator_ldap.c
in ...)
@@ -3459,6 +3460,7 @@
CVE-2014-3515 (The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14
...)
{DSA-2974-1}
- php5 5.6.0~rc2+dfsg-1
+[squeeze] - php5 5.3.3-7+squeeze20
NOTE: https://bugs.php.net/bug.php?id=67492
CVE-2014-3514
RESERVED
@@ -3568,6 +3570,7 @@
- file 1:5.19-1
NOTE:
https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382
- php5 5.6.0~rc1+dfsg-1
+[squeeze] - php5 5.3.3-7+squeeze20
NOTE: http://bugs.php.net/bug.php?id=67412
CVE-2014-3479 (The cdf_check_stream_offset function in cdf.c in file before
5.19, as ...)
{DSA-2974-1}
@@ -12805,6 +12808,7 @@
- file 1:5.19-1
NOTE: fixed as part of
https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391#diff-0
- php5 5.6.0~beta4+dfsg-1
+[squeeze] - php5 5.3.3-7+squeeze20
NOTE: https://bugs.php.net/bug.php?id=67326
CVE-2014-0206 (Array index error in the aio_read_events_ring function in
fs/aio.c in ...)
- linux 3.14.10-1
Modified: data/DLA/list
===
--- data/DLA/list 2014-07-23 17:44:56 UTC (rev 27917)
+++ data/DLA/list 2014-07-23 19:12:09 UTC (rev 27918)
@@ -1,7 +1,7 @@
reserved DLA-0020-1 munin #679897 CVE-2013-6048 munin#1397 CVE-2012-3512
reserved DLA-0019-1 postgresql-8.4 - new upstream minor release
[squeeze] - postgresql-8.4 8.4.22-0squeeze1
-reserved DLA-0018-1 php5 - security update
+[23 Jul 2014] DLA-0018-1 php5 - security update
{CVE-2014-3515 CVE-2014-0207 CVE-2014-3480 CVE-2014-4721}
[squeeze] - php5 5.3.3-7+squeeze20
reserved DLA-0017-1 tor - new upstream version
Modified: data/lts-needed.txt
===
--- data/lts-needed.txt 2014-07-23 17:44:56 UTC (rev 27917)
+++ data/lts-needed.txt 2014-07-23 19:12:09 UTC (rev 27918)
@@ -66,9 +66,6 @@
--
openssl
--
-php5 (Thorsten Alteholz)
- just a reminder, only: CVE-2014-3515, CVE-2014-4721, CVE-2014-0207,
CVE-2014-3480
---
polarssl
NOTE: will need additional fix for #738854
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r27937 - in data: CVE DLA
Author: alteholz
Date: 2014-07-24 10:12:32 + (Thu, 24 Jul 2014)
New Revision: 27937
Modified:
data/CVE/list
data/DLA/list
Log:
oops, it is 21 and not 20 ...
Modified: data/CVE/list
===
--- data/CVE/list 2014-07-24 09:21:33 UTC (rev 27936)
+++ data/CVE/list 2014-07-24 10:12:32 UTC (rev 27937)
@@ -913,7 +913,7 @@
CVE-2014-4721 (The phpinfo implementation in ext/standard/info.c in PHP before
5.4.30 ...)
{DSA-2974-1}
- php5 5.6.0~rc1+dfsg-2 (low)
- [squeeze] - php5 5.3.3-7+squeeze20
+ [squeeze] - php5 5.3.3-7+squeeze21
NOTE: https://bugs.php.net/bug.php?id=67498
NOTE: https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html
CVE-2014-4668 (The cherokee_validator_ldap_check function in validator_ldap.c
in ...)
@@ -3540,7 +3540,7 @@
CVE-2014-3515 (The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14
...)
{DSA-2974-1}
- php5 5.6.0~rc2+dfsg-1
- [squeeze] - php5 5.3.3-7+squeeze20
+ [squeeze] - php5 5.3.3-7+squeeze21
NOTE: https://bugs.php.net/bug.php?id=67492
CVE-2014-3514
RESERVED
@@ -3651,7 +3651,7 @@
- file 1:5.19-1
NOTE:
https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382
- php5 5.6.0~rc1+dfsg-1
- [squeeze] - php5 5.3.3-7+squeeze20
+ [squeeze] - php5 5.3.3-7+squeeze21
NOTE: http://bugs.php.net/bug.php?id=67412
CVE-2014-3479 (The cdf_check_stream_offset function in cdf.c in file before
5.19, as ...)
{DSA-2974-1}
@@ -12878,7 +12878,7 @@
- file 1:5.19-1
NOTE: fixed as part of
https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391#diff-0
- php5 5.6.0~beta4+dfsg-1
- [squeeze] - php5 5.3.3-7+squeeze20
+ [squeeze] - php5 5.3.3-7+squeeze21
NOTE: https://bugs.php.net/bug.php?id=67326
CVE-2014-0206 (Array index error in the aio_read_events_ring function in
fs/aio.c in ...)
- linux 3.14.10-1
Modified: data/DLA/list
===
--- data/DLA/list 2014-07-24 09:21:33 UTC (rev 27936)
+++ data/DLA/list 2014-07-24 10:12:32 UTC (rev 27937)
@@ -3,7 +3,7 @@
[squeeze] - postgresql-8.4 8.4.22-0squeeze1
[23 Jul 2014] DLA-0018-1 php5 - security update
{CVE-2014-3515 CVE-2014-0207 CVE-2014-3480 CVE-2014-4721}
- [squeeze] - php5 5.3.3-7+squeeze20
+ [squeeze] - php5 5.3.3-7+squeeze21
reserved DLA-0017-1 tor - new upstream version
[19 Jul 2014] DLA-0016-1 libxml2 - security update
{CVE-2014-0191}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r27969 - in data: . CVE DLA
Author: alteholz
Date: 2014-07-26 10:37:06 + (Sat, 26 Jul 2014)
New Revision: 27969
Modified:
data/CVE/list
data/DLA/list
data/lts-needed.txt
Log:
fail2ban done
Modified: data/CVE/list
===
--- data/CVE/list 2014-07-26 05:23:56 UTC (rev 27968)
+++ data/CVE/list 2014-07-26 10:37:06 UTC (rev 27969)
@@ -11418,10 +11418,12 @@
CVE-2013-7177 (config/filter.d/cyrus-imap.conf in the cyrus-imap filter in
Fail2ban ...)
{DSA-2979-1}
- fail2ban 0.8.11-1
+ [squeeze] - fail2ban 0.8.4-3+squeeze3
NOTE:
https://github.com/fail2ban/fail2ban/commit/bd175f026737d66e7110868fb50b3760ff75e087
CVE-2013-7176 (config/filter.d/postfix.conf in the postfix filter in Fail2ban
before ...)
{DSA-2979-1}
- fail2ban 0.8.11-1
+ [squeeze] - fail2ban 0.8.4-3+squeeze3
CVE-2013-7175 (Multiple SQL injection vulnerabilities in Avanset Visual
CertExam ...)
NOT-FOR-US: Avanset Visual CertExam Manager
CVE-2013-7174 (Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP
QTS ...)
Modified: data/DLA/list
===
--- data/DLA/list 2014-07-26 05:23:56 UTC (rev 27968)
+++ data/DLA/list 2014-07-26 10:37:06 UTC (rev 27969)
@@ -1,3 +1,6 @@
+[26 Jul 2014] DLA-0021-1 fail2ban - security update
+ {CVE-2013-7176 CVE-2013-7177}
+ [squeeze] - fail2ban 0.8.4-3+squeeze3
reserved DLA-0020-1 munin #679897 CVE-2013-6048 munin#1397 CVE-2012-3512
reserved DLA-0019-1 postgresql-8.4 - new upstream minor release
[squeeze] - postgresql-8.4 8.4.22-0squeeze1
Modified: data/lts-needed.txt
===
--- data/lts-needed.txt 2014-07-26 05:23:56 UTC (rev 27968)
+++ data/lts-needed.txt 2014-07-26 10:37:06 UTC (rev 27969)
@@ -16,10 +16,6 @@
evince
CVE-2011-0433
--
-fail2ban (Thorsten Alteholz)
- CVE-2009-5023 (#544232) was already solved in fail2ban (0.8.4-3+squeeze1)
- CVE-2013-7176, CVE-2013-7177
---
fex (non-free)
--
file
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28045 - data
Author: alteholz Date: 2014-08-01 10:00:09 + (Fri, 01 Aug 2014) New Revision: 28045 Modified: data/lts-needed.txt Log: only a minor issue for sendmail and no DSA, so I remove it from lts-needed as well Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-08-01 09:46:41 UTC (rev 28044) +++ data/lts-needed.txt 2014-08-01 10:00:09 UTC (rev 28045) @@ -71,9 +71,6 @@ -- ruby (several versions) -- -sendmail (Thorsten Alteholz) - CVE-2014-3956 (minor issue) --- tomcat6 -- xlhtml ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28050 - data
Author: alteholz Date: 2014-08-01 11:25:52 + (Fri, 01 Aug 2014) New Revision: 28050 Modified: data/lts-needed.txt Log: take transmission, nspr and libapache-mod-security Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-08-01 10:15:32 UTC (rev 28049) +++ data/lts-needed.txt 2014-08-01 11:25:52 UTC (rev 28050) @@ -24,7 +24,7 @@ -- icinga -- -libapache-mod-security +libapache-mod-security (Thorsten Alteholz) -- libextlib-ruby -- @@ -50,6 +50,8 @@ -- nfs-utils -- +nspr (Thorsten Alteholz) +-- nss -- openjdk-6 @@ -67,6 +69,8 @@ -- tomcat6 -- +transmission (Thorsten Alteholz) +-- xlhtml -- zendframework ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28127 - in data: . CVE
Author: alteholz
Date: 2014-08-07 10:11:08 + (Thu, 07 Aug 2014)
New Revision: 28127
Modified:
data/CVE/list
data/lts-needed.txt
Log:
no need for transmission DLA
Modified: data/CVE/list
===
--- data/CVE/list 2014-08-07 09:20:30 UTC (rev 28126)
+++ data/CVE/list 2014-08-07 10:11:08 UTC (rev 28127)
@@ -1076,6 +1076,7 @@
CVE-2014-4909 (Integer overflow in the tr_bitfieldEnsureNthBitAlloced function
in ...)
{DSA-2988-1}
- transmission (bug #755985)
+ [squeeze] - transmission (Vulnerable code not present)
NOTE: http://trac.transmissionbt.com/wiki/Changes#version-2.84
NOTE: PoC: http://inertiawar.com/submission.go
CVE-2013-7389 (Multiple cross-site scripting (XSS) vulnerabilities in D-Link
DIR-645 ...)
Modified: data/lts-needed.txt
===
--- data/lts-needed.txt 2014-08-07 09:20:30 UTC (rev 28126)
+++ data/lts-needed.txt 2014-08-07 10:11:08 UTC (rev 28127)
@@ -71,8 +71,6 @@
--
tomcat6
--
-transmission (Thorsten Alteholz)
---
xlhtml
--
zendframework
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28133 - in data: . CVE DLA
Author: alteholz
Date: 2014-08-07 18:03:39 + (Thu, 07 Aug 2014)
New Revision: 28133
Modified:
data/CVE/list
data/DLA/list
data/lts-needed.txt
Log:
nspr done
Modified: data/CVE/list
===
--- data/CVE/list 2014-08-07 17:44:21 UTC (rev 28132)
+++ data/CVE/list 2014-08-07 18:03:39 UTC (rev 28133)
@@ -9346,6 +9346,7 @@
- icedove 31.0~b1-1
[squeeze] - iceweasel
[squeeze] - icedove
+ [squeeze] - nspr 4.8.6-1+squeeze2
NOTE: Only the Wheezy builds use the bundled nspr
CVE-2014-1544 (Use-after-free vulnerability in the CERT_DestroyCertificate
function ...)
{DSA-2996-1 DSA-2986-1}
Modified: data/DLA/list
===
--- data/DLA/list 2014-08-07 17:44:21 UTC (rev 28132)
+++ data/DLA/list 2014-08-07 18:03:39 UTC (rev 28133)
@@ -1,3 +1,6 @@
+[07 Aug 2014] DLA-32-1 nspr - security update
+ {CVE-2014-1545}
+ [squeeze] - nspr 4.8.6-1+squeeze2
[07 Aug 2014] DLA-31-1 reportbug - security update
{CVE-2014-0479}
[squeeze] - reportbug 4.12.6+deb6u1
Modified: data/lts-needed.txt
===
--- data/lts-needed.txt 2014-08-07 17:44:21 UTC (rev 28132)
+++ data/lts-needed.txt 2014-08-07 18:03:39 UTC (rev 28133)
@@ -48,8 +48,6 @@
--
nfs-utils
--
-nspr (Thorsten Alteholz)
---
nss
--
openjdk-6
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28158 - in data: . CVE DLA
Author: alteholz
Date: 2014-08-09 13:55:21 + (Sat, 09 Aug 2014)
New Revision: 28158
Modified:
data/CVE/list
data/DLA/list
data/lts-needed.txt
Log:
libapache-mod-security done
Modified: data/CVE/list
===
--- data/CVE/list 2014-08-09 13:35:54 UTC (rev 28157)
+++ data/CVE/list 2014-08-09 13:55:21 UTC (rev 28158)
@@ -17154,6 +17154,7 @@
{DSA-2991-1}
- modsecurity-apache 2.7.7-1
- libapache-mod-security
+ [squeeze] - libapache-mod-security 2.5.12-1+squeeze4
NOTE: Upstream commit:
https://github.com/SpiderLabs/ModSecurity/commit/f8d441cd25172fdfe5b613442fedfc0da3cc333d
NOTE: http://martin.swende.se/blog/HTTPChunked.html
CVE-2013-5704 (The mod_headers module in the Apache HTTP Server 2.2.22 allows
remote ...)
Modified: data/DLA/list
===
--- data/DLA/list 2014-08-09 13:35:54 UTC (rev 28157)
+++ data/DLA/list 2014-08-09 13:55:21 UTC (rev 28158)
@@ -1,3 +1,5 @@
+[09 Aug 2014] DLA-34-1 libapache-mod-security - security update
+ [squeeze] - libapache-mod-security 2.5.12-1+squeeze4
[07 Aug 2014] DLA-33-1 openssl - security update
{CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3510}
[squeeze] - openssl 0.9.8o-4squeeze17
Modified: data/lts-needed.txt
===
--- data/lts-needed.txt 2014-08-09 13:35:54 UTC (rev 28157)
+++ data/lts-needed.txt 2014-08-09 13:55:21 UTC (rev 28158)
@@ -22,8 +22,6 @@
--
icinga
--
-libapache-mod-security (Thorsten Alteholz)
---
libextlib-ruby
--
libjson-ruby
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28160 - data
Author: alteholz Date: 2014-08-09 21:39:27 + (Sat, 09 Aug 2014) New Revision: 28160 Modified: data/lts-needed.txt Log: take krb5 and polarssl Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-08-09 20:04:39 UTC (rev 28159) +++ data/lts-needed.txt 2014-08-09 21:39:27 UTC (rev 28160) @@ -22,6 +22,8 @@ -- icinga -- +krb5 (Thorsten Alteholz) +-- libextlib-ruby -- libjson-ruby @@ -50,7 +52,7 @@ -- openjdk-6 -- -polarssl +polarssl (Thorsten Alteholz) Needs additional fix for #738854 -- qt4-x11 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28212 - in data: . CVE DLA DSA
Author: alteholz
Date: 2014-08-11 17:19:44 + (Mon, 11 Aug 2014)
New Revision: 28212
Modified:
data/CVE/list
data/DLA/list
data/DSA/list
data/lts-needed.txt
Log:
polarssl done
Modified: data/CVE/list
===
--- data/CVE/list 2014-08-11 16:40:52 UTC (rev 28211)
+++ data/CVE/list 2014-08-11 17:19:44 UTC (rev 28212)
@@ -1113,6 +1113,7 @@
CVE-2014-4911 (The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL
before ...)
{DSA-2981-1}
- polarssl 1.3.7-2.1 (bug #754655)
+ [squeeze] - polarssl 1.2.9-1~deb6u2
NOTE:
https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-02
NOTE: commit for 1.3.x branch:
https://github.com/polarssl/polarssl/commit/0bcc4e1df78fff6d15c3ecb521e3bd0bbee86e1c
NOTE: commit for 1.2.x branch:
https://github.com/polarssl/polarssl/commit/5bad6afd8c72b2c3a6574dff01ca5f8f2f04800a
Modified: data/DLA/list
===
--- data/DLA/list 2014-08-11 16:40:52 UTC (rev 28211)
+++ data/DLA/list 2014-08-11 17:19:44 UTC (rev 28212)
@@ -1,3 +1,5 @@
+[11 Aug 2014] DLA-36-1 polarssl - security update
+ [squeeze] - polarssl 1.2.9-1~deb6u2
[11 Aug 2014] DLA-35-1 lzo2 - security update
{CVE-2014-4607}
[squeeze] - lzo2 2.03-2+deb6u1
Modified: data/DSA/list
===
--- data/DSA/list 2014-08-11 16:40:52 UTC (rev 28211)
+++ data/DSA/list 2014-08-11 17:19:44 UTC (rev 28212)
@@ -70,6 +70,7 @@
[18 Jul 2014] DSA-2981-1 polarssl - security update
{CVE-2014-4911}
[wheezy] - polarssl 1.2.9-1~deb7u3
+ [squeeze] - polarssl 1.2.9-1~deb6u2
[17 Jul 2014] DSA-2980-1 openjdk-6 - security update
{CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219
CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266
CVE-2014-4268}
[wheezy] - openjdk-6 6b32-1.13.4-1~deb7u1
Modified: data/lts-needed.txt
===
--- data/lts-needed.txt 2014-08-11 16:40:52 UTC (rev 28211)
+++ data/lts-needed.txt 2014-08-11 17:19:44 UTC (rev 28212)
@@ -50,9 +50,6 @@
--
openjdk-6
--
-polarssl (Thorsten Alteholz)
- Needs additional fix for #738854
---
qt4-x11
--
roundup
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28329 - data
Author: alteholz Date: 2014-08-18 11:03:18 + (Mon, 18 Aug 2014) New Revision: 28329 Modified: data/lts-needed.txt Log: add and take wireshark and gpgme1.0 Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-08-18 10:54:53 UTC (rev 28328) +++ data/lts-needed.txt 2014-08-18 11:03:18 UTC (rev 28329) @@ -18,6 +18,8 @@ gnupg2 Please talk to the maintainer Eric, as he most likely would do the upload himself -- +gpgme1.0 (Thorsten Alteholz) +-- graphicsmagick -- icinga @@ -58,6 +60,8 @@ -- tomcat6 -- +wireshark (Thorsten Alteholz) +-- xlhtml -- zendframework ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28338 - in data: . CVE DLA
Author: alteholz
Date: 2014-08-18 17:37:50 + (Mon, 18 Aug 2014)
New Revision: 28338
Modified:
data/CVE/list
data/DLA/list
data/lts-needed.txt
Log:
krb5 done
Modified: data/CVE/list
===
--- data/CVE/list 2014-08-18 16:31:48 UTC (rev 28337)
+++ data/CVE/list 2014-08-18 17:37:50 UTC (rev 28338)
@@ -2236,25 +2236,30 @@
RESERVED
{DSA-3000-1}
- krb5 1.12.1+dfsg-7 (bug #757416)
+ [squeeze] - krb5 1.8.3+dfsg-4squeeze8
NOTE:
https://github.com/krb5/krb5/commit/81c332e29f10887c6b9deb065f81ba259f4c7e03
NOTE: http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2014-001.txt
CVE-2014-4344 [NULL dereference in GSSAPI servers]
RESERVED
{DSA-3000-1}
- krb5 1.12.1+dfsg-5 (bug #755521)
+ [squeeze] - krb5 1.8.3+dfsg-4squeeze8
NOTE:
https://github.com/krb5/krb5/commit/524688ce87a15fc75f87efc8c039ba4c7d5c197b
CVE-2014-4343 [double-free in SPNEGO initiators]
RESERVED
{DSA-3000-1}
- krb5 1.12.1+dfsg-5 (bug #755520)
+ [squeeze] - krb5 1.8.3+dfsg-4squeeze8
NOTE:
https://github.com/krb5/krb5/commit/f18ddf5d82de0ab7591a36e465bc24225776940f
CVE-2014-4342 (MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2
allows ...)
{DSA-3000-1}
- krb5 1.12.1+dfsg-4 (bug #753625)
+ [squeeze] - krb5 1.8.3+dfsg-4squeeze8
NOTE:
https://github.com/krb5/krb5/commit/fb99962cbd063ac04c9a9d2cc7c75eab73f3533d
CVE-2014-4341 (MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers
to ...)
{DSA-3000-1}
- krb5 1.12.1+dfsg-4 (bug #753624)
+ [squeeze] - krb5 1.8.3+dfsg-4squeeze8
NOTE:
https://github.com/krb5/krb5/commit/fb99962cbd063ac04c9a9d2cc7c75eab73f3533d
CVE-2014-4340
RESERVED
Modified: data/DLA/list
===
--- data/DLA/list 2014-08-18 16:31:48 UTC (rev 28337)
+++ data/DLA/list 2014-08-18 17:37:50 UTC (rev 28338)
@@ -1,3 +1,5 @@
+[18 Aug 2014] DLA-37-1 krb5 - security update
+ [squeeze] - krb5 1.8.3+dfsg-4squeeze8
[12 Aug 2014] DLA-25-3 python2.6 - regression update
[squeeze] - python2.6 2.6.6-8+deb6u3
[11 Aug 2014] DLA-36-1 polarssl - security update
Modified: data/lts-needed.txt
===
--- data/lts-needed.txt 2014-08-18 16:31:48 UTC (rev 28337)
+++ data/lts-needed.txt 2014-08-18 17:37:50 UTC (rev 28338)
@@ -24,8 +24,6 @@
--
icinga
--
-krb5 (Thorsten Alteholz)
---
libextlib-ruby
--
libjson-ruby
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28358 - data
Author: alteholz Date: 2014-08-19 11:03:58 + (Tue, 19 Aug 2014) New Revision: 28358 Modified: data/lts-needed.txt Log: wireshark will be done by maintainer Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-08-19 10:41:06 UTC (rev 28357) +++ data/lts-needed.txt 2014-08-19 11:03:58 UTC (rev 28358) @@ -58,7 +58,7 @@ -- tomcat6 -- -wireshark (Thorsten Alteholz) +wireshark (Balint Reczey) -- xlhtml -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28359 - data
Author: alteholz Date: 2014-08-19 11:04:50 + (Tue, 19 Aug 2014) New Revision: 28359 Modified: data/lts-needed.txt Log: take libxml-security-java Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-08-19 11:03:58 UTC (rev 28358) +++ data/lts-needed.txt 2014-08-19 11:04:50 UTC (rev 28359) @@ -38,7 +38,7 @@ -- libwpd (Holger Levsen) -- -libxml-security-java +libxml-security-java (Thorsten Alteholz) -- libxstream-java (Holger Levsen, help welcome) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28388 - in data: . CVE DLA
Author: alteholz
Date: 2014-08-20 18:15:14 + (Wed, 20 Aug 2014)
New Revision: 28388
Modified:
data/CVE/list
data/DLA/list
data/lts-needed.txt
Log:
gpgme1.0 done
Modified: data/CVE/list
===
--- data/CVE/list 2014-08-20 17:59:15 UTC (rev 28387)
+++ data/CVE/list 2014-08-20 18:15:14 UTC (rev 28388)
@@ -4164,6 +4164,7 @@
RESERVED
{DSA-3005-1}
- gpgme1.0 1.5.1-1 (bug #756651)
+ [squeeze] - gpgme1.0 1.2.0-1.2+deb6u1
NOTE: patch:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77
CVE-2014-3563
RESERVED
Modified: data/DLA/list
===
--- data/DLA/list 2014-08-20 17:59:15 UTC (rev 28387)
+++ data/DLA/list 2014-08-20 18:15:14 UTC (rev 28388)
@@ -1,3 +1,6 @@
+[20 Aug 2014] DLA-39-1 gpgme1.0 - security update
+ {CVE-2014-3564}
+ [squeeze] - gpgme1.0 1.2.0-1.2+deb6u1
[20 Aug 2014] DLA-38-1 wireshark - security update
{CVE-2014-5161 CVE-2014-5162 CVE-2014-5163}
[squeeze] - wireshark 1.2.11-6+squeeze15
Modified: data/lts-needed.txt
===
--- data/lts-needed.txt 2014-08-20 17:59:15 UTC (rev 28387)
+++ data/lts-needed.txt 2014-08-20 18:15:14 UTC (rev 28388)
@@ -18,8 +18,6 @@
gnupg2
Please talk to the maintainer Eric, as he most likely would do the upload
himself
--
-gpgme1.0 (Thorsten Alteholz)
---
graphicsmagick
--
icinga
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28393 - data/CVE
Author: alteholz
Date: 2014-08-20 20:32:44 + (Wed, 20 Aug 2014)
New Revision: 28393
Modified:
data/CVE/list
Log:
reportbug has been done in DLA 31-1
Modified: data/CVE/list
===
--- data/CVE/list 2014-08-20 19:37:56 UTC (rev 28392)
+++ data/CVE/list 2014-08-20 20:32:44 UTC (rev 28393)
@@ -12162,6 +12162,7 @@
CVE-2014-0479 (reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1
allows ...)
{DSA-2997-1}
- reportbug 6.5.0+nmu1
+ [squeeze] - reportbug 4.12.6+deb6u1
CVE-2014-0478 (APT before 1.0.4 does not properly validate source packages,
which ...)
{DSA-2958-1}
- apt 1.0.4 (bug #749795)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28449 - data
Author: alteholz Date: 2014-08-24 09:13:17 + (Sun, 24 Aug 2014) New Revision: 28449 Modified: data/lts-needed.txt Log: wireshark done by Balint Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-08-24 05:09:54 UTC (rev 28448) +++ data/lts-needed.txt 2014-08-24 09:13:17 UTC (rev 28449) @@ -54,8 +54,6 @@ -- tomcat6 (Holger Levsen) -- -wireshark (Balint Reczey) --- xlhtml -- zendframework ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28450 - data
Author: alteholz Date: 2014-08-24 09:14:27 + (Sun, 24 Aug 2014) New Revision: 28450 Modified: data/lts-needed.txt Log: add and take python-imaging and php5 Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-08-24 09:13:17 UTC (rev 28449) +++ data/lts-needed.txt 2014-08-24 09:14:27 UTC (rev 28450) @@ -46,6 +46,10 @@ -- openjdk-6 -- +python-imaging (Thorsten Alteholz) +-- +php5 (Thorsten Alteholz) +-- qt4-x11 -- roundup ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28451 - in data: . CVE DLA
Author: alteholz
Date: 2014-08-24 16:39:27 + (Sun, 24 Aug 2014)
New Revision: 28451
Modified:
data/CVE/list
data/DLA/list
data/lts-needed.txt
Log:
python-imaging done
Modified: data/CVE/list
===
--- data/CVE/list 2014-08-24 09:14:27 UTC (rev 28450)
+++ data/CVE/list 2014-08-24 16:39:27 UTC (rev 28451)
@@ -4293,6 +4293,7 @@
{DSA-3009-1}
- pillow 2.5.3-1 (bug #758772)
- python-imaging
+ [squeeze] - python-imaging 1.1.7-2+deb6u1
NOTE:
https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d
CVE-2014-3588
RESERVED
Modified: data/DLA/list
===
--- data/DLA/list 2014-08-24 09:14:27 UTC (rev 28450)
+++ data/DLA/list 2014-08-24 16:39:27 UTC (rev 28451)
@@ -1,3 +1,6 @@
+[24 Aug 2014] DLA-41-1 python-imaging - security update
+ {CVE-2014-3589}
+ [squeeze] - python-imaging 1.1.7-2+deb6u1
[22 aug 2014] DLA-40-1 cacti - security update
{CVE-2014-5025 CVE-2014-5026 CVE-2014-5261 CVE-2014-5262}
[squeeze] - cacti 0.8.7g-1+squeeze5
Modified: data/lts-needed.txt
===
--- data/lts-needed.txt 2014-08-24 09:14:27 UTC (rev 28450)
+++ data/lts-needed.txt 2014-08-24 16:39:27 UTC (rev 28451)
@@ -46,8 +46,6 @@
--
openjdk-6
--
-python-imaging (Thorsten Alteholz)
---
php5 (Thorsten Alteholz)
--
qt4-x11
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28455 - data
Author: alteholz Date: 2014-08-24 20:16:43 + (Sun, 24 Aug 2014) New Revision: 28455 Modified: data/lts-needed.txt Log: add and take python-django Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-08-24 18:26:39 UTC (rev 28454) +++ data/lts-needed.txt 2014-08-24 20:16:43 UTC (rev 28455) @@ -48,6 +48,8 @@ -- php5 (Thorsten Alteholz) -- +python-django (Thorsten Alteholz) +-- qt4-x11 -- roundup ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28522 - data
Author: alteholz Date: 2014-08-31 13:44:53 + (Sun, 31 Aug 2014) New Revision: 28522 Modified: data/lts-needed.txt Log: add squid3 Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-08-31 11:51:01 UTC (rev 28521) +++ data/lts-needed.txt 2014-08-31 13:44:53 UTC (rev 28522) @@ -56,6 +56,8 @@ -- ruby (several versions) -- +squid3 +-- tomcat6 (Holger Levsen) -- xlhtml ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28523 - data
Author: alteholz Date: 2014-08-31 13:45:44 + (Sun, 31 Aug 2014) New Revision: 28523 Modified: data/lts-needed.txt Log: add and take eglibc Modified: data/lts-needed.txt === --- data/lts-needed.txt 2014-08-31 13:44:53 UTC (rev 28522) +++ data/lts-needed.txt 2014-08-31 13:45:44 UTC (rev 28523) @@ -9,6 +9,8 @@ -- commons-beanutils -- +eglibc (Thorsten Alteholz) +-- evince -- fex (non-free) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28567 - in data: . CVE DLA
Author: alteholz
Date: 2014-09-02 18:02:05 + (Tue, 02 Sep 2014)
New Revision: 28567
Modified:
data/CVE/list
data/DLA/list
data/lts-needed.txt
Log:
eglibc done
Modified: data/CVE/list
===
--- data/CVE/list 2014-09-02 17:52:08 UTC (rev 28566)
+++ data/CVE/list 2014-09-02 18:02:05 UTC (rev 28567)
@@ -1831,9 +1831,10 @@
[squeeze] - rawstudio (Vulnerable code not present)
CVE-2014-5119 [glibc locale issues]
RESERVED
- {DSA-3012-1}
+ {DSA-3012-1 DLA-43-1}
- glibc 2.19-10 (medium)
- eglibc (medium)
+[squeeze] - eglibc 2.11.3-4+deb6u1
NOTE: http://www.openwall.com/lists/oss-security/2014/07/14/2
NOTE:
http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html
CVE-2014-4909 (Integer overflow in the tr_bitfieldEnsureNthBitAlloced function
in ...)
@@ -12599,9 +12600,10 @@
- chkrootkit 0.49-5
[squeeze] - chkrootkit 0.49-4+deb6u1
CVE-2014-0475 (Multiple directory traversal vulnerabilities in GNU C Library
(aka ...)
- {DSA-2976-1}
+ {DSA-2976-1 DLA-43-1}
- glibc 2.19-6
- eglibc
+[squeeze] - eglibc 2.11.3-4+deb6u1
CVE-2014-0474 (The (1) FilePathField, (2) GenericIPAddressField, and (3) ...)
{DSA-2934-1}
- python-django 1.6.3-1
Modified: data/DLA/list
===
--- data/DLA/list 2014-09-02 17:52:08 UTC (rev 28566)
+++ data/DLA/list 2014-09-02 18:02:05 UTC (rev 28567)
@@ -1,3 +1,6 @@
+[02 Sep 2014] DLA-43-1 eglibc - security update
+ {CVE-2014-0475 CVE-2014-5119}
+ [squeeze] - eglibc 2.11.3-4+deb6u1
[27 Aug 2014] DLA-42-1 live-config - security update
[squeeze] - live-config 2.0.15-1.1+deb6u1
[24 Aug 2014] DLA-41-1 python-imaging - security update
Modified: data/lts-needed.txt
===
--- data/lts-needed.txt 2014-09-02 17:52:08 UTC (rev 28566)
+++ data/lts-needed.txt 2014-09-02 18:02:05 UTC (rev 28567)
@@ -9,8 +9,6 @@
--
commons-beanutils
--
-eglibc (Thorsten Alteholz)
---
evince
--
fex (non-free)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28758 - data
Author: alteholz Date: 2014-09-13 17:56:01 + (Sat, 13 Sep 2014) New Revision: 28758 Modified: data/dla-needed.txt Log: take curl Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-09-13 15:28:40 UTC (rev 28757) +++ data/dla-needed.txt 2014-09-13 17:56:01 UTC (rev 28758) @@ -9,6 +9,8 @@ -- commons-beanutils -- +curl (Thorsten Alteholz) +-- evince -- fex (non-free) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29092 - in data: . DLA
Author: alteholz
Date: 2014-09-26 21:07:38 + (Fri, 26 Sep 2014)
New Revision: 29092
Modified:
data/DLA/list
data/dla-needed.txt
Log:
curl done
Modified: data/DLA/list
===
--- data/DLA/list 2014-09-26 20:53:34 UTC (rev 29091)
+++ data/DLA/list 2014-09-26 21:07:38 UTC (rev 29092)
@@ -1,3 +1,6 @@
+[26 Sep 2014] DLA-64-1 curl - security update
+ {CVE-2014-3613}
+ [squeeze] - curl 7.21.0-2.1+squeeze9
[26 Sep 2014] DLA-63-1 bash - security update
{CVE-2014-7169 CVE-2014-7186 CVE-2014-7187}
[squeeze] - bash 4.1-3+deb6u2
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-09-26 20:53:34 UTC (rev 29091)
+++ data/dla-needed.txt 2014-09-26 21:07:38 UTC (rev 29092)
@@ -15,8 +15,6 @@
--
commons-httpclient
--
-curl (Thorsten Alteholz)
---
dbus
--
drupal6
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29145 - in data: . DLA
Author: alteholz
Date: 2014-09-29 20:05:00 + (Mon, 29 Sep 2014)
New Revision: 29145
Modified:
data/DLA/list
data/dla-needed.txt
Log:
php5 done
Modified: data/DLA/list
===
--- data/DLA/list 2014-09-29 17:54:13 UTC (rev 29144)
+++ data/DLA/list 2014-09-29 20:05:00 UTC (rev 29145)
@@ -1,3 +1,6 @@
+[29 Sep 2014] DLA-67-1 php5 - security update
+ {CVE-2014-3538 CVE-2014-3587 CVE-2014-3597}
+ [squeeze] - php5 5.3.3-7+squeeze22
[29 Sep 2014] DLA-66-1 apache2 - security update
{CVE-2013-6438 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231}
[squeeze] - apache2 2.2.16-6+squeeze13
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-09-29 17:54:13 UTC (rev 29144)
+++ data/dla-needed.txt 2014-09-29 20:05:00 UTC (rev 29145)
@@ -52,8 +52,6 @@
--
openjdk-6
--
-php5 (Thorsten Alteholz)
---
ppp
--
qt4-x11
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29172 - in data: . DLA
Author: alteholz
Date: 2014-09-30 17:49:32 + (Tue, 30 Sep 2014)
New Revision: 29172
Modified:
data/DLA/list
data/dla-needed.txt
Log:
fex done, Squeeze has a version in main
Modified: data/DLA/list
===
--- data/DLA/list 2014-09-30 17:42:06 UTC (rev 29171)
+++ data/DLA/list 2014-09-30 17:49:32 UTC (rev 29172)
@@ -1,3 +1,6 @@
+[30 Sep 2014] DLA-68-1 fex - security update
+ {CVE-2014-3875 CVE-2014-3876 CVE-2014-3877}
+ [squeeze] - fex 20100208+debian1-1+squeeze4
[29 Sep 2014] DLA-67-1 php5 - security update
{CVE-2014-3538 CVE-2014-3587 CVE-2014-3597}
[squeeze] - php5 5.3.3-7+squeeze22
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-09-30 17:42:06 UTC (rev 29171)
+++ data/dla-needed.txt 2014-09-30 17:49:32 UTC (rev 29172)
@@ -23,8 +23,6 @@
--
fckeditor
--
-fex (non-free)
---
httpcomponents-client
--
kde4libs
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29305 - data
Author: alteholz Date: 2014-10-07 18:01:56 + (Tue, 07 Oct 2014) New Revision: 29305 Modified: data/dla-needed.txt Log: take some packages Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-10-07 18:01:55 UTC (rev 29304) +++ data/dla-needed.txt 2014-10-07 18:01:56 UTC (rev 29305) @@ -34,11 +34,11 @@ -- libphp-snoopy -- -librack-ruby +librack-ruby (Thorsten Alteholz) -- libspring-2.5-java -- -libtasn1-3 +libtasn1-3 (Thorsten Alteholz) -- libxml-security-java (Thorsten Alteholz) -- @@ -56,8 +56,10 @@ -- qt4-x11 -- -roundup +roundup (Thorsten Alteholz) -- +rsyslogd (Thorsten Alteholz) +-- ruby1.8 -- ruby1.9.1 (Matt Palmer) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29535 - in data: . DLA
Author: alteholz
Date: 2014-10-19 16:49:11 + (Sun, 19 Oct 2014)
New Revision: 29535
Modified:
data/DLA/list
data/dla-needed.txt
Log:
rsyslog done in Squeeze LTS
Modified: data/DLA/list
===
--- data/DLA/list 2014-10-19 16:02:04 UTC (rev 29534)
+++ data/DLA/list 2014-10-19 16:49:11 UTC (rev 29535)
@@ -1,3 +1,6 @@
+[19 Oct 2014] DLA-72-1 rsylog - security update
+ {CVE-2014-3634 CVE-2014-3683}
+ [squeeze] - rsylog 4.6.4-2+deb6u1
[16 Oct 2014] DLA-71-1 apache2 - security update
{CVE-2013-5704 CVE-2014-3581}
[squeeze] - apache2 2.2.16-6+squeeze14
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-10-19 16:02:04 UTC (rev 29534)
+++ data/dla-needed.txt 2014-10-19 16:49:11 UTC (rev 29535)
@@ -64,8 +64,6 @@
--
roundup (Thorsten Alteholz)
--
-rsyslog (Thorsten Alteholz)
---
ruby1.8
--
ruby1.9.1 (Matt Palmer)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29538 - data/DLA
Author: alteholz
Date: 2014-10-20 09:26:02 + (Mon, 20 Oct 2014)
New Revision: 29538
Modified:
data/DLA/list
Log:
regression for rsyslog
Modified: data/DLA/list
===
--- data/DLA/list 2014-10-19 21:14:12 UTC (rev 29537)
+++ data/DLA/list 2014-10-20 09:26:02 UTC (rev 29538)
@@ -1,3 +1,5 @@
+[20 Oct 2014] DLA-72-2 rsyslog - regression update
+ [squeeze] - rsyslog 4.6.4-2+deb6u2
[19 Oct 2014] DLA-72-1 rsyslog - security update
{CVE-2014-3634 CVE-2014-3683}
[squeeze] - rsyslog 4.6.4-2+deb6u1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29688 - data
Author: alteholz Date: 2014-10-27 13:41:14 + (Mon, 27 Oct 2014) New Revision: 29688 Modified: data/dla-needed.txt Log: didn't find upstream patch Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-10-27 13:01:20 UTC (rev 29687) +++ data/dla-needed.txt 2014-10-27 13:41:14 UTC (rev 29688) @@ -32,7 +32,7 @@ -- libphp-snoopy -- -librack-ruby (Thorsten Alteholz) +librack-ruby -- libspring-2.5-java -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29689 - data
Author: alteholz Date: 2014-10-27 13:43:16 + (Mon, 27 Oct 2014) New Revision: 29689 Modified: data/dla-needed.txt Log: take libxml2 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-10-27 13:41:14 UTC (rev 29688) +++ data/dla-needed.txt 2014-10-27 13:43:16 UTC (rev 29689) @@ -38,7 +38,7 @@ -- libvncserver -- -libxml2 +libxml2 (Thorsten Alteholz) -- libxml-security-java (Thorsten Alteholz) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29693 - in data: . DLA
Author: alteholz
Date: 2014-10-27 18:55:48 + (Mon, 27 Oct 2014)
New Revision: 29693
Modified:
data/DLA/list
data/dla-needed.txt
Log:
torque done
Modified: data/DLA/list
===
--- data/DLA/list 2014-10-27 16:12:00 UTC (rev 29692)
+++ data/DLA/list 2014-10-27 18:55:48 UTC (rev 29693)
@@ -1,3 +1,6 @@
+[27 Oct 2014] DLA-78-1 torque - security update
+ {CVE-2014-3684}
+ [squeeze] - torque 2.4.8+dfsg-9squeeze5
[26 Oct 2014] DLA-77-1 libtasn1-3 - security update
{CVE-2014-3467 CVE-2014-3468 CVE-2014-3469}
[squeeze] - libtasn1-3 2.7-1+squeeze+2
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-10-27 16:12:00 UTC (rev 29692)
+++ data/dla-needed.txt 2014-10-27 18:55:48 UTC (rev 29693)
@@ -71,8 +71,6 @@
--
tomcat6 (Holger Levsen and Tony Mancill)
--
-torque
---
xlhtml
--
wireshark
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29729 - in data: . DLA
Author: alteholz
Date: 2014-10-29 19:19:06 + (Wed, 29 Oct 2014)
New Revision: 29729
Modified:
data/DLA/list
data/dla-needed.txt
Log:
libxml2 done
Modified: data/DLA/list
===
--- data/DLA/list 2014-10-29 19:15:55 UTC (rev 29728)
+++ data/DLA/list 2014-10-29 19:19:06 UTC (rev 29729)
@@ -1,3 +1,6 @@
+[29 Oct 2014] DLA-80-1 libxml2 - security update
+ {CVE-2014-0191 CVE-2014-3660}
+ [squeeze] - libxml2 2.7.8.dfsg-2+squeeze10
[29 Oct 2014] DLA-79-1 dokuwiki - security update
{CVE-2014-8763 CVE-2014-8764}
[squeeze] - dokuwiki 0.0.20091225c-10+squeeze3
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-10-29 19:15:55 UTC (rev 29728)
+++ data/dla-needed.txt 2014-10-29 19:19:06 UTC (rev 29729)
@@ -38,8 +38,6 @@
--
libvncserver
--
-libxml2 (Thorsten Alteholz)
---
libxml-security-java (Thorsten Alteholz)
--
libxstream-java (Holger Levsen, help welcome)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29766 - data
Author: alteholz Date: 2014-10-31 14:21:15 + (Fri, 31 Oct 2014) New Revision: 29766 Modified: data/dla-needed.txt Log: take php5 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-10-31 14:03:48 UTC (rev 29765) +++ data/dla-needed.txt 2014-10-31 14:21:15 UTC (rev 29766) @@ -53,7 +53,7 @@ -- openjdk-6 -- -php5 +php5 (Thorsten Alteholz) NOTE: Please include http://git.php.net/?p=php-src.git;a=commitdiff;h=ad1b9eef98df53adefa0c79c02e5dc1f2b928b8c to fix issues with other PHP apps (see CVE-2014-8763/CVE-2014-8764 for example) -- qemu ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29814 - data/DLA
Author: alteholz
Date: 2014-11-03 18:10:49 + (Mon, 03 Nov 2014)
New Revision: 29814
Modified:
data/DLA/list
Log:
wget done
Modified: data/DLA/list
===
--- data/DLA/list 2014-11-03 16:59:34 UTC (rev 29813)
+++ data/DLA/list 2014-11-03 18:10:49 UTC (rev 29814)
@@ -1,3 +1,6 @@
+[03 Nov 2014] DLA-82-1 wget - security update
+ {CVE-2014-4877}
+ [squeeze] - wget 1.12-2.1+deb6u1
[01 Nov 2014] DLA-81-1 openssl - security update
{CVE-2014-3567 CVE-2014-3568 CVE-2014-3569}
[squeeze] - openssl 0.9.8o-4squeeze18
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29933 - data/DLA
Author: alteholz
Date: 2014-11-09 15:57:19 + (Sun, 09 Nov 2014)
New Revision: 29933
Modified:
data/DLA/list
Log:
curl done
Modified: data/DLA/list
===
--- data/DLA/list 2014-11-09 14:52:30 UTC (rev 29932)
+++ data/DLA/list 2014-11-09 15:57:19 UTC (rev 29933)
@@ -1,3 +1,6 @@
+[09 Nov 2014] DLA-84-1 curl - security update
+ {CVE-2014-3707}
+ [squeeze] - curl 7.21.0-2.1+squeeze10
[06 Nov 2014] DLA-83-1 ffmpeg - update
[squeeze] - ffmpeg 4:0.5.10-1+deb6u1
[03 Nov 2014] DLA-82-1 wget - security update
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29934 - in data: . DLA
Author: alteholz
Date: 2014-11-09 16:11:01 + (Sun, 09 Nov 2014)
New Revision: 29934
Modified:
data/DLA/list
data/dla-needed.txt
Log:
libxml-security-java done
Modified: data/DLA/list
===
--- data/DLA/list 2014-11-09 15:57:19 UTC (rev 29933)
+++ data/DLA/list 2014-11-09 16:11:01 UTC (rev 29934)
@@ -1,3 +1,6 @@
+[09 Nov 2014] DLA-85-1 libxml-security-java - security update
+ {CVE-2013-2172}
+ [squeeze] - libxml-security-java 1.4.3-2+deb6u1
[09 Nov 2014] DLA-84-1 curl - security update
{CVE-2014-3707}
[squeeze] - curl 7.21.0-2.1+squeeze10
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-11-09 15:57:19 UTC (rev 29933)
+++ data/dla-needed.txt 2014-11-09 16:11:01 UTC (rev 29934)
@@ -40,8 +40,6 @@
--
libvncserver
--
-libxml-security-java (Thorsten Alteholz)
---
libxstream-java (Holger Levsen, help welcome)
--
linux-2.6 (Holger Levsen)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30256 - in data: . DLA
Author: alteholz
Date: 2014-11-22 16:13:30 + (Sat, 22 Nov 2014)
New Revision: 30256
Modified:
data/DLA/list
data/dla-needed.txt
Log:
nss done
Modified: data/DLA/list
===
--- data/DLA/list 2014-11-22 14:54:29 UTC (rev 30255)
+++ data/DLA/list 2014-11-22 16:13:30 UTC (rev 30256)
@@ -1,3 +1,6 @@
+[22 Nov 2014] DLA-89-1 nss - security update
+ {CVE-2014-1544}
+ [squeeze] - nss 3.12.8-1+squeeze10
[21 Nov 2014] DLA-88-1 ruby1.8 - security update
{CVE-2011-0188 CVE-2011-2686 CVE-2011-2705 CVE-2011-4815 CVE-2014-8080
CVE-2014-8090}
[squeeze] - ruby1.8 1.8.7.302-2squeeze3
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-11-22 14:54:29 UTC (rev 30255)
+++ data/dla-needed.txt 2014-11-22 16:13:30 UTC (rev 30256)
@@ -48,8 +48,6 @@
--
nfs-utils
--
-nss
---
openjdk-6
--
php5 (Thorsten Alteholz)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30257 - in data: . DLA
Author: alteholz
Date: 2014-11-22 18:53:22 + (Sat, 22 Nov 2014)
New Revision: 30257
Modified:
data/DLA/list
data/dla-needed.txt
Log:
imagemagick done
Modified: data/DLA/list
===
--- data/DLA/list 2014-11-22 16:13:30 UTC (rev 30256)
+++ data/DLA/list 2014-11-22 18:53:22 UTC (rev 30257)
@@ -1,3 +1,6 @@
+[22 Nov 2014] DLA-90-1 imagemagick - security update
+ {CVE-2014-8716}
+ [squeeze] - imagemagick 8:6.6.0.4-3+squeeze5
[22 Nov 2014] DLA-89-1 nss - security update
{CVE-2014-1544}
[squeeze] - nss 3.12.8-1+squeeze10
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-11-22 16:13:30 UTC (rev 30256)
+++ data/dla-needed.txt 2014-11-22 18:53:22 UTC (rev 30257)
@@ -23,8 +23,6 @@
--
httpcomponents-client
--
-imagemagick
---
konversation
--
libextlib-ruby
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30258 - data
Author: alteholz Date: 2014-11-22 19:04:57 + (Sat, 22 Nov 2014) New Revision: 30258 Modified: data/dla-needed.txt Log: nfs-utils marked as no-dsa Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-11-22 18:53:22 UTC (rev 30257) +++ data/dla-needed.txt 2014-11-22 19:04:57 UTC (rev 30258) @@ -44,8 +44,6 @@ -- linux-2.6 (Holger Levsen) -- -nfs-utils --- openjdk-6 -- php5 (Thorsten Alteholz) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30265 - data
Author: alteholz Date: 2014-11-23 16:19:34 + (Sun, 23 Nov 2014) New Revision: 30265 Modified: data/dla-needed.txt Log: version of libxstream-java not affected in squeeze Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-11-23 13:31:51 UTC (rev 30264) +++ data/dla-needed.txt 2014-11-23 16:19:34 UTC (rev 30265) @@ -40,8 +40,6 @@ -- libvncserver -- -libxstream-java --- linux-2.6 (Holger Levsen) -- openjdk-6 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30266 - data
Author: alteholz Date: 2014-11-23 16:27:58 + (Sun, 23 Nov 2014) New Revision: 30266 Modified: data/dla-needed.txt Log: package xlhtml removed, marked as no-dsa, no fix available Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-11-23 16:19:34 UTC (rev 30265) +++ data/dla-needed.txt 2014-11-23 16:27:58 UTC (rev 30266) @@ -63,8 +63,6 @@ NOTE: Has been dropped from newer releases. Should we instead mark it unsupported? -- -xlhtml --- wireshark (Balint Reczey) -- wpasupplicant (geissert) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30272 - data
Author: alteholz Date: 2014-11-23 21:24:05 + (Sun, 23 Nov 2014) New Revision: 30272 Modified: data/dla-needed.txt Log: take eglibc Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-11-23 20:57:06 UTC (rev 30271) +++ data/dla-needed.txt 2014-11-23 21:24:05 UTC (rev 30272) @@ -15,7 +15,7 @@ -- drupal6 -- -eglibc +eglibc (Thorsten Alteholz) -- ejabberd -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30322 - in data: . DLA
Author: alteholz
Date: 2014-11-25 18:52:16 + (Tue, 25 Nov 2014)
New Revision: 30322
Modified:
data/DLA/list
data/dla-needed.txt
Log:
php5 done
Modified: data/DLA/list
===
--- data/DLA/list 2014-11-25 18:46:59 UTC (rev 30321)
+++ data/DLA/list 2014-11-25 18:52:16 UTC (rev 30322)
@@ -1,3 +1,6 @@
+[25 Nov 2014] DLA-94-1 php5 - security update
+ {CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-3710}
+ [squeeze] - php5 5.3.3-7+squeeze23
[25 Nov 2014] DLA-93-1 libgcrypt11 - security update
{CVE-2014-5270}
[squeeze] - libgcrypt11 1.4.5-2+squeeze2
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-11-25 18:46:59 UTC (rev 30321)
+++ data/dla-needed.txt 2014-11-25 18:52:16 UTC (rev 30322)
@@ -46,9 +46,6 @@
--
openjdk-6 (Raphaël Hertzog)
--
-php5 (Thorsten Alteholz)
- NOTE: Please include
http://git.php.net/?p=php-src.git;a=commitdiff;h=ad1b9eef98df53adefa0c79c02e5dc1f2b928b8c
to fix issues with other PHP apps (see CVE-2014-8763/CVE-2014-8764 for example)
---
qemu
--
qt4-x11
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30356 - data
Author: alteholz Date: 2014-11-26 15:00:00 + (Wed, 26 Nov 2014) New Revision: 30356 Modified: data/dla-needed.txt Log: take qt4-x11 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-11-26 11:38:52 UTC (rev 30355) +++ data/dla-needed.txt 2014-11-26 15:00:00 UTC (rev 30356) @@ -48,7 +48,7 @@ -- qemu -- -qt4-x11 +qt4-x11 (Thorsten Alteholz) -- roundup (Thorsten Alteholz) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30445 - in data: . DLA
Author: alteholz
Date: 2014-11-29 18:36:49 + (Sat, 29 Nov 2014)
New Revision: 30445
Modified:
data/DLA/list
data/dla-needed.txt
Log:
eglibc done
Modified: data/DLA/list
===
--- data/DLA/list 2014-11-29 17:14:10 UTC (rev 30444)
+++ data/DLA/list 2014-11-29 18:36:49 UTC (rev 30445)
@@ -1,3 +1,6 @@
+[29 Nov 2014] DLA-97-1 eglibc - security update
+ {CVE-2012-6656 CVE-2014-6040 CVE-2014-7817}
+ [squeeze] - eglibc 2.11.3-4+deb6u2
[28 Nov 2014] DLA-96-1 openjdk-6 - security update
{CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219
CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266
CVE-2014-4268 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506
CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531
CVE-2014-6558}
[squeeze] - openjdk-6 6b33-1.13.5-2~deb6u1
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-11-29 17:14:10 UTC (rev 30444)
+++ data/dla-needed.txt 2014-11-29 18:36:49 UTC (rev 30445)
@@ -15,8 +15,6 @@
--
drupal6
--
-eglibc (Thorsten Alteholz)
---
ejabberd
--
fckeditor
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30561 - data
Author: alteholz Date: 2014-12-05 18:20:15 + (Fri, 05 Dec 2014) New Revision: 30561 Modified: data/dla-needed.txt Log: add note to qt4-x11 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-12-05 18:01:39 UTC (rev 30560) +++ data/dla-needed.txt 2014-12-05 18:20:15 UTC (rev 30561) @@ -39,6 +39,7 @@ qemu -- qt4-x11 (Thorsten Alteholz) + NOTE: even version in Squeeze does not build with pbuilder :-( -- roundup (Thorsten Alteholz) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30562 - data/DLA
Author: alteholz
Date: 2014-12-05 18:21:27 + (Fri, 05 Dec 2014)
New Revision: 30562
Modified:
data/DLA/list
Log:
flac done
Modified: data/DLA/list
===
--- data/DLA/list 2014-12-05 18:20:15 UTC (rev 30561)
+++ data/DLA/list 2014-12-05 18:21:27 UTC (rev 30562)
@@ -1,3 +1,6 @@
+[05 Dec 2014] DLA-99-1 flac - security update
+ {CVE-2014-8962 CVE-2014-9028}
+ [squeeze] - flac 1.2.1-2+deb6u1
[02 Dec 2014] DLA-98-1 openvpn - security update
{CVE-2014-8104}
[squeeze] - openvpn 2.1.3-2+squeeze3
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30567 - data/DLA
Author: alteholz
Date: 2014-12-05 19:01:20 + (Fri, 05 Dec 2014)
New Revision: 30567
Modified:
data/DLA/list
Log:
mutt done
Modified: data/DLA/list
===
--- data/DLA/list 2014-12-05 18:29:53 UTC (rev 30566)
+++ data/DLA/list 2014-12-05 19:01:20 UTC (rev 30567)
@@ -1,3 +1,6 @@
+[05 Dec 2014] DLA-100-1 mutt - security update
+ {CVE-2014-0467}
+ [squeeze] - mutt 1.5.20-9+squeeze4
[05 Dec 2014] DLA-99-1 flac - security update
{CVE-2014-8962 CVE-2014-9028}
[squeeze] - flac 1.2.1-2+deb6u1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30570 - data/DLA
Author: alteholz
Date: 2014-12-06 12:03:51 + (Sat, 06 Dec 2014)
New Revision: 30570
Modified:
data/DLA/list
Log:
jasper done
Modified: data/DLA/list
===
--- data/DLA/list 2014-12-06 07:11:10 UTC (rev 30569)
+++ data/DLA/list 2014-12-06 12:03:51 UTC (rev 30570)
@@ -1,3 +1,6 @@
+[06 Dec 2014] DLA-101-1 jasper - security update
+ {CVE-2014-9029}
+ [squeeze] - jasper 1.900.1-7+squeeze2
[05 Dec 2014] DLA-100-1 mutt - security update
{CVE-2014-0467}
[squeeze] - mutt 1.5.20-9+squeeze4
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30596 - data/DLA
Author: alteholz
Date: 2014-12-08 18:23:06 + (Mon, 08 Dec 2014)
New Revision: 30596
Modified:
data/DLA/list
Log:
tcpdump done
Modified: data/DLA/list
===
--- data/DLA/list 2014-12-08 18:13:09 UTC (rev 30595)
+++ data/DLA/list 2014-12-08 18:23:06 UTC (rev 30596)
@@ -1,3 +1,6 @@
+[08 Dec 2014] DLA-102-1 tcpdump - security update
+ {CVE-2014-8767 CVE-2014-8769 CVE-2014-9140}
+ [squeeze] - tcpdump 4.1.1-1+deb6u1
[06 Dec 2014] DLA-101-1 jasper - security update
{CVE-2014-9029}
[squeeze] - jasper 1.900.1-7+squeeze2
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30601 - data
Author: alteholz Date: 2014-12-08 21:09:44 + (Mon, 08 Dec 2014) New Revision: 30601 Modified: data/dla-needed.txt Log: take qemu Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-12-08 20:43:56 UTC (rev 30600) +++ data/dla-needed.txt 2014-12-08 21:09:44 UTC (rev 30601) @@ -36,7 +36,7 @@ -- linux-2.6 (Holger Levsen) -- -qemu +qemu (Thorsten Alteholz) -- qt4-x11 (Thorsten Alteholz) NOTE: even version in Squeeze does not build with pbuilder :-( ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30670 - data
Author: alteholz Date: 2014-12-11 11:11:04 + (Thu, 11 Dec 2014) New Revision: 30670 Modified: data/dla-needed.txt Log: add new packages Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-12-11 10:20:33 UTC (rev 30669) +++ data/dla-needed.txt 2014-12-11 11:11:04 UTC (rev 30670) @@ -9,6 +9,8 @@ -- axis -- +bind9 +-- commons-httpclient -- drupal6 @@ -17,6 +19,8 @@ -- fckeditor -- +graphviz (Thorsten Alteholz) +-- httpcomponents-client -- konversation @@ -34,6 +38,8 @@ -- libvncserver -- +pdns-recursor (Thorsten Alteholz) +-- qemu (Thorsten Alteholz) -- qt4-x11 (Thorsten Alteholz) @@ -51,6 +57,8 @@ NOTE: Has been dropped from newer releases. Should we instead mark it unsupported? -- +unbound +-- wireshark (Balint Reczey) -- wpasupplicant (geissert) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30679 - in data: . DLA
Author: alteholz
Date: 2014-12-11 18:50:07 + (Thu, 11 Dec 2014)
New Revision: 30679
Modified:
data/DLA/list
data/dla-needed.txt
Log:
pdns-recursor done
Modified: data/DLA/list
===
--- data/DLA/list 2014-12-11 16:57:05 UTC (rev 30678)
+++ data/DLA/list 2014-12-11 18:50:07 UTC (rev 30679)
@@ -1,3 +1,6 @@
+[11 Dec 2014] DLA-104-1 pdns-recursor - security update
+ {CVE-2014-8601}
+ [squeeze] - pdns-recursor 3.2-4+deb6u1
[09 Dec 2014] DLA-103-1 linux-2.6 - security update
{CVE-2012-6657 CVE-2013-0228 CVE-2013-7266 CVE-2014-4157 CVE-2014-4508
CVE-2014-4653 CVE-2014-4654 CVE-2014-4655 CVE-2014-4943 CVE-2014-5077
CVE-2014-5471 CVE-2014-5472 CVE-2014-9090}
[squeeze] - linux-2.6 CVE-2014-90902.6.32-48squeeze9
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-12-11 16:57:05 UTC (rev 30678)
+++ data/dla-needed.txt 2014-12-11 18:50:07 UTC (rev 30679)
@@ -38,8 +38,6 @@
--
libvncserver
--
-pdns-recursor (Thorsten Alteholz)
---
qemu (Thorsten Alteholz)
--
qt4-x11 (Thorsten Alteholz)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30680 - data
Author: alteholz Date: 2014-12-11 19:07:24 + (Thu, 11 Dec 2014) New Revision: 30680 Modified: data/dla-needed.txt Log: no support for qemu in Squeeze LTS Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-12-11 18:50:07 UTC (rev 30679) +++ data/dla-needed.txt 2014-12-11 19:07:24 UTC (rev 30680) @@ -38,8 +38,6 @@ -- libvncserver -- -qemu (Thorsten Alteholz) --- qt4-x11 (Thorsten Alteholz) NOTE: even version in Squeeze does not build with pbuilder :-( -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30683 - in data: . DLA
Author: alteholz
Date: 2014-12-11 21:26:02 + (Thu, 11 Dec 2014)
New Revision: 30683
Modified:
data/DLA/list
data/dla-needed.txt
Log:
graphviz done
Modified: data/DLA/list
===
--- data/DLA/list 2014-12-11 21:10:16 UTC (rev 30682)
+++ data/DLA/list 2014-12-11 21:26:02 UTC (rev 30683)
@@ -1,3 +1,6 @@
+[11 Dec 2014] DLA-105-1 graphviz - security update
+ {CVE-2014-9157}
+ [squeeze] - graphviz 2.26.3-5+squeeze3
[11 Dec 2014] DLA-104-1 pdns-recursor - security update
{CVE-2014-8601}
[squeeze] - pdns-recursor 3.2-4+deb6u1
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-12-11 21:10:16 UTC (rev 30682)
+++ data/dla-needed.txt 2014-12-11 21:26:02 UTC (rev 30683)
@@ -19,8 +19,6 @@
--
fckeditor
--
-graphviz (Thorsten Alteholz)
---
httpcomponents-client
--
konversation
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30704 - data
Author: alteholz Date: 2014-12-12 14:10:06 + (Fri, 12 Dec 2014) New Revision: 30704 Modified: data/dla-needed.txt Log: take unbound Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-12-12 13:50:47 UTC (rev 30703) +++ data/dla-needed.txt 2014-12-12 14:10:06 UTC (rev 30704) @@ -57,7 +57,7 @@ NOTE: Has been dropped from newer releases. Should we instead mark it unsupported? -- -unbound +unbound (Thorsten Alteholz) -- wireshark (Balint Reczey) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30717 - in data: . DLA
Author: alteholz
Date: 2014-12-12 18:47:29 + (Fri, 12 Dec 2014)
New Revision: 30717
Modified:
data/DLA/list
data/dla-needed.txt
Log:
unbound done
Modified: data/DLA/list
===
--- data/DLA/list 2014-12-12 18:26:07 UTC (rev 30716)
+++ data/DLA/list 2014-12-12 18:47:29 UTC (rev 30717)
@@ -1,3 +1,6 @@
+[12 Dec 2014] DLA-107-1 unbound - security update
+ {CVE-2014-8602}
+ [squeeze] - unbound 1.4.6-1+squeeze4
[12 Dec 2014] DLA-106-1 getmail4 - security update
{CVE-2014-7273 CVE-2014-7274 CVE-2014-7275}
[squeeze] - getmail4 4.46.0-1~deb6u1
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-12-12 18:26:07 UTC (rev 30716)
+++ data/dla-needed.txt 2014-12-12 18:47:29 UTC (rev 30717)
@@ -73,8 +73,6 @@
NOTE: Has been dropped from newer releases. Should we instead mark
it unsupported?
--
-unbound (Thorsten Alteholz)
---
unrtf
--
wireshark (Balint Reczey)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30718 - data
Author: alteholz Date: 2014-12-12 19:01:46 + (Fri, 12 Dec 2014) New Revision: 30718 Modified: data/dla-needed.txt Log: take nfs-utils Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-12-12 18:47:29 UTC (rev 30717) +++ data/dla-needed.txt 2014-12-12 19:01:46 UTC (rev 30718) @@ -48,7 +48,7 @@ -- linux-2.6 -- -nfs-utils +nfs-utils (Thorsten Alteholz) -- nss -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30724 - in data: . DLA
Author: alteholz
Date: 2014-12-13 10:56:04 + (Sat, 13 Dec 2014)
New Revision: 30724
Modified:
data/DLA/list
data/dla-needed.txt
Log:
nfs-utils done
Modified: data/DLA/list
===
--- data/DLA/list 2014-12-13 06:22:06 UTC (rev 30723)
+++ data/DLA/list 2014-12-13 10:56:04 UTC (rev 30724)
@@ -1,3 +1,6 @@
+[13 Dec 2014] DLA-108-1 nfs-utils - security update
+ {CVE-2012-3541}
+ [squeeze] - nfs-utils 1:1.2.2-4squeeze3
[12 Dec 2014] DLA-107-1 unbound - security update
{CVE-2014-8602}
[squeeze] - unbound 1.4.6-1+squeeze4
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-12-13 06:22:06 UTC (rev 30723)
+++ data/dla-needed.txt 2014-12-13 10:56:04 UTC (rev 30724)
@@ -48,8 +48,6 @@
--
linux-2.6
--
-nfs-utils (Thorsten Alteholz)
---
nss
--
pyyaml
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30729 - data
Author: alteholz Date: 2014-12-13 13:28:17 + (Sat, 13 Dec 2014) New Revision: 30729 Modified: data/dla-needed.txt Log: take some packages Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-12-13 12:48:46 UTC (rev 30728) +++ data/dla-needed.txt 2014-12-13 13:28:17 UTC (rev 30729) @@ -11,7 +11,7 @@ -- bind9 -- -binutils +binutils (Thorsten Alteholz) -- commons-httpclient -- @@ -42,15 +42,15 @@ -- libvncserver -- -libyaml +libyaml (Thorsten Alteholz) -- -libyaml-libyaml-perl +libyaml-libyaml-perl (Thorsten Alteholz) -- linux-2.6 -- nss -- -pyyaml +pyyaml (Thorsten Alteholz) -- qemu -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30739 - in data: . DLA
Author: alteholz
Date: 2014-12-14 13:26:16 + (Sun, 14 Dec 2014)
New Revision: 30739
Modified:
data/DLA/list
data/dla-needed.txt
Log:
libyaml-libyaml-perl done
Modified: data/DLA/list
===
--- data/DLA/list 2014-12-14 12:21:15 UTC (rev 30738)
+++ data/DLA/list 2014-12-14 13:26:16 UTC (rev 30739)
@@ -1,3 +1,6 @@
+[14 Dec 2014] DLA-109-1 libyaml-libyaml-perl - security update
+ {CVE-2014-9130}
+ [squeeze] - libyaml-libyaml-perl 0.33-1+squeeze4
[13 Dec 2014] DLA-108-1 nfs-utils - security update
{CVE-2012-3541}
[squeeze] - nfs-utils 1:1.2.2-4squeeze3
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-12-14 12:21:15 UTC (rev 30738)
+++ data/dla-needed.txt 2014-12-14 13:26:16 UTC (rev 30739)
@@ -44,8 +44,6 @@
--
libyaml (Thorsten Alteholz)
--
-libyaml-libyaml-perl (Thorsten Alteholz)
---
linux-2.6
--
nss
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30740 - in data: . DLA
Author: alteholz
Date: 2014-12-14 13:50:56 + (Sun, 14 Dec 2014)
New Revision: 30740
Modified:
data/DLA/list
data/dla-needed.txt
Log:
libyaml done
Modified: data/DLA/list
===
--- data/DLA/list 2014-12-14 13:26:16 UTC (rev 30739)
+++ data/DLA/list 2014-12-14 13:50:56 UTC (rev 30740)
@@ -1,3 +1,6 @@
+[14 Dec 2014] DLA-110-1 libyaml - security update
+ {CVE-2014-9130}
+ [squeeze] - libyaml 0.1.3-1+deb6u5
[14 Dec 2014] DLA-109-1 libyaml-libyaml-perl - security update
{CVE-2014-9130}
[squeeze] - libyaml-libyaml-perl 0.33-1+squeeze4
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-12-14 13:26:16 UTC (rev 30739)
+++ data/dla-needed.txt 2014-12-14 13:50:56 UTC (rev 30740)
@@ -42,8 +42,6 @@
--
libvncserver
--
-libyaml (Thorsten Alteholz)
---
linux-2.6
--
nss
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30861 - data
Author: alteholz Date: 2014-12-20 11:34:57 + (Sat, 20 Dec 2014) New Revision: 30861 Modified: data/dla-needed.txt Log: php5 added Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-12-20 07:23:12 UTC (rev 30860) +++ data/dla-needed.txt 2014-12-20 11:34:57 UTC (rev 30861) @@ -46,6 +46,10 @@ -- nss -- +php5 (Thorsten Alteholz) + NOTE: update planned for January + NOTE: include Univention patches +-- pyyaml (Thorsten Alteholz) -- qemu ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30886 - in data: . DLA
Author: alteholz
Date: 2014-12-21 13:13:16 + (Sun, 21 Dec 2014)
New Revision: 30886
Modified:
data/DLA/list
data/dla-needed.txt
Log:
qt4-x11 done
Modified: data/DLA/list
===
--- data/DLA/list 2014-12-21 12:51:10 UTC (rev 30885)
+++ data/DLA/list 2014-12-21 13:13:16 UTC (rev 30886)
@@ -1,3 +1,6 @@
+[21 Dec 2014] DLA-117-1 qt4-x11 - security update
+ {CVE-2011-3193 CVE-2011-3194}
+ [squeeze] - qt4-x11 4:4.6.3-4+squeeze2
[20 Dec 2014] DLA-116-1 ntp - security update
{CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296}
[squeeze] - ntp 1:4.2.6.p2+dfsg-1+deb6u1
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-12-21 12:51:10 UTC (rev 30885)
+++ data/dla-needed.txt 2014-12-21 13:13:16 UTC (rev 30886)
@@ -54,9 +54,6 @@
--
qemu
--
-qt4-x11 (Thorsten Alteholz)
- NOTE: even version in Squeeze does not build with pbuilder :-(
---
roundup (Thorsten Alteholz)
--
rpm
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30919 - data
Author: alteholz Date: 2014-12-22 16:04:17 + (Mon, 22 Dec 2014) New Revision: 30919 Modified: data/dla-needed.txt Log: take eglibc and jasper Modified: data/dla-needed.txt === --- data/dla-needed.txt 2014-12-22 15:58:36 UTC (rev 30918) +++ data/dla-needed.txt 2014-12-22 16:04:17 UTC (rev 30919) @@ -15,7 +15,7 @@ -- coreutils -- -eglibc +eglibc (Thorsten Alteholz) -- ejabberd -- @@ -34,7 +34,7 @@ -- httpcomponents-client -- -jasper +jasper (Thorsten Alteholz) -- jqueryui (Holger Levsen) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30920 - in data: . DLA
Author: alteholz
Date: 2014-12-22 16:18:59 + (Mon, 22 Dec 2014)
New Revision: 30920
Modified:
data/DLA/list
data/dla-needed.txt
Log:
jasper done
Modified: data/DLA/list
===
--- data/DLA/list 2014-12-22 16:04:17 UTC (rev 30919)
+++ data/DLA/list 2014-12-22 16:18:59 UTC (rev 30920)
@@ -1,3 +1,6 @@
+[22 Dec 2014] DLA-121-1 jasper - security update
+ {CVE-2014-8137 CVE-2014-8138}
+ [squeeze] - jasper 1.900.1-7+squeeze3
[22 Dec 2014] DLA-120-1 xorg-server - security update
{CVE-2014-8091 CVE-2014-8092 CVE-2014-8093 CVE-2014-8094 CVE-2014-8095
CVE-2014-8096 CVE-2014-8097 CVE-2014-8098 CVE-2014-8099 CVE-2014-8100
CVE-2014-8101 CVE-2014-8102}
[squeeze] - xorg-server 2:1.7.7-18+deb6u1
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-12-22 16:04:17 UTC (rev 30919)
+++ data/dla-needed.txt 2014-12-22 16:18:59 UTC (rev 30920)
@@ -34,8 +34,6 @@
--
httpcomponents-client
--
-jasper (Thorsten Alteholz)
---
jqueryui (Holger Levsen)
--
konversation
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30925 - in data: . DLA
Author: alteholz
Date: 2014-12-22 18:47:53 + (Mon, 22 Dec 2014)
New Revision: 30925
Modified:
data/DLA/list
data/dla-needed.txt
Log:
eglibc done
Modified: data/DLA/list
===
--- data/DLA/list 2014-12-22 17:30:36 UTC (rev 30924)
+++ data/DLA/list 2014-12-22 18:47:53 UTC (rev 30925)
@@ -1,3 +1,6 @@
+[22 Dec 2014] DLA-122-1 eglibc - security update
+ {CVE-2014-9402}
+ [squeeze] - eglibc 2.11.3-4+deb6u3
[22 Dec 2014] DLA-121-1 jasper - security update
{CVE-2014-8137 CVE-2014-8138}
[squeeze] - jasper 1.900.1-7+squeeze3
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-12-22 17:30:36 UTC (rev 30924)
+++ data/dla-needed.txt 2014-12-22 18:47:53 UTC (rev 30925)
@@ -15,8 +15,6 @@
--
coreutils
--
-eglibc (Thorsten Alteholz)
---
ejabberd
--
ettercap
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r30943 - in data: . DLA
Author: alteholz
Date: 2014-12-23 14:00:07 + (Tue, 23 Dec 2014)
New Revision: 30943
Modified:
data/DLA/list
data/dla-needed.txt
Log:
firebird 2.5 done
Modified: data/DLA/list
===
--- data/DLA/list 2014-12-23 13:36:41 UTC (rev 30942)
+++ data/DLA/list 2014-12-23 14:00:07 UTC (rev 30943)
@@ -1,3 +1,6 @@
+[23 Dec 2014] DLA-123-1 firebird2.5 - security update
+ {CVE-2014-9323}
+ [squeeze] - firebird2.5 2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2
[22 Dec 2014] DLA-122-1 eglibc - security update
{CVE-2014-9402}
[squeeze] - eglibc 2.11.3-4+deb6u3
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-12-23 13:36:41 UTC (rev 30942)
+++ data/dla-needed.txt 2014-12-23 14:00:07 UTC (rev 30943)
@@ -26,8 +26,6 @@
--
firebird2.1
--
-firebird2.5
---
git
--
httpcomponents-client
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31000 - data/DLA
Author: alteholz
Date: 2014-12-28 18:44:05 + (Sun, 28 Dec 2014)
New Revision: 31000
Modified:
data/DLA/list
Log:
unzip done
Modified: data/DLA/list
===
--- data/DLA/list 2014-12-28 12:01:54 UTC (rev 30999)
+++ data/DLA/list 2014-12-28 18:44:05 UTC (rev 31000)
@@ -1,3 +1,6 @@
+[28 Dec 2014] DLA-124-1 unzip - security update
+ {CVE-2014-8139 CVE-2014-8140 CVE-2014-8141}
+ [squeeze] - unzip 6.0-4+deb6u1
[23 Dec 2014] DLA-123-1 firebird2.5 - security update
{CVE-2014-9323}
[squeeze] - firebird2.5 2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31026 - in data: . DLA
Author: alteholz
Date: 2014-12-29 18:51:19 + (Mon, 29 Dec 2014)
New Revision: 31026
Modified:
data/DLA/list
data/dla-needed.txt
Log:
ettercap done
Modified: data/DLA/list
===
--- data/DLA/list 2014-12-29 18:50:54 UTC (rev 31025)
+++ data/DLA/list 2014-12-29 18:51:19 UTC (rev 31026)
@@ -1,3 +1,6 @@
+[29 Dec 2014] DLA-126-1 ettercap - security update
+ {CVE-2014-9380 CVE-2014-9381}
+ [squeeze] - ettercap 1:0.7.3-2.1+squeeze2
[29 Dec 2014] DLA-125-1 mime-support - security update
{CVE-2014-7209}
[squeeze] - mime-support 3.48-1+deb6u1
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-12-29 18:50:54 UTC (rev 31025)
+++ data/dla-needed.txt 2014-12-29 18:51:19 UTC (rev 31026)
@@ -17,9 +17,6 @@
--
ejabberd
--
-ettercap
- NOTE: see discussion with maintainer and upstream author in #773416
---
dokuwiki
--
file (Christoph Biedl)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31101 - in data: . DLA
Author: alteholz
Date: 2015-01-03 16:47:25 + (Sat, 03 Jan 2015)
New Revision: 31101
Modified:
data/DLA/list
data/dla-needed.txt
Log:
pyyaml done
Modified: data/DLA/list
===
--- data/DLA/list 2015-01-03 05:24:14 UTC (rev 31100)
+++ data/DLA/list 2015-01-03 16:47:25 UTC (rev 31101)
@@ -1,3 +1,6 @@
+[03 Jan 2015] DLA-127-1 pyyaml - security update
+ {CVE-2014-9130}
+ [squeeze] - pyyaml 3.09-5+deb6u1
[29 Dec 2014] DLA-126-1 ettercap - security update
{CVE-2014-9380 CVE-2014-9381}
[squeeze] - ettercap 1:0.7.3-2.1+squeeze2
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2015-01-03 05:24:14 UTC (rev 31100)
+++ data/dla-needed.txt 2015-01-03 16:47:25 UTC (rev 31101)
@@ -52,8 +52,6 @@
NOTE: update planned for January
NOTE: include Univention patches
--
-pyyaml (Thorsten Alteholz)
---
qemu
--
qt4-x11
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31102 - data/DLA
Author: alteholz
Date: 2015-01-03 18:45:54 + (Sat, 03 Jan 2015)
New Revision: 31102
Modified:
data/DLA/list
Log:
sox done
Modified: data/DLA/list
===
--- data/DLA/list 2015-01-03 16:47:25 UTC (rev 31101)
+++ data/DLA/list 2015-01-03 18:45:54 UTC (rev 31102)
@@ -1,3 +1,6 @@
+[03 Jan 2015] DLA-128-1 sox - security update
+ {CVE-2014-8145}
+ [squeeze] - sox 14.3.1-1+deb6u1
[03 Jan 2015] DLA-127-1 pyyaml - security update
{CVE-2014-9130}
[squeeze] - pyyaml 3.09-5+deb6u1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31103 - data/DLA
Author: alteholz
Date: 2015-01-03 18:52:55 + (Sat, 03 Jan 2015)
New Revision: 31103
Modified:
data/DLA/list
Log:
polarssl done
Modified: data/DLA/list
===
--- data/DLA/list 2015-01-03 18:45:54 UTC (rev 31102)
+++ data/DLA/list 2015-01-03 18:52:55 UTC (rev 31103)
@@ -1,3 +1,6 @@
+[03 Jan 2015] DLA-129-1 polarssl - security update
+ {CVE-2014-8628}
+ [squeeze] - polarssl 1.2.9-1~deb6u3
[03 Jan 2015] DLA-128-1 sox - security update
{CVE-2014-8145}
[squeeze] - sox 14.3.1-1+deb6u1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31201 - in data: . DLA
Author: alteholz
Date: 2015-01-08 18:54:13 + (Thu, 08 Jan 2015)
New Revision: 31201
Modified:
data/DLA/list
data/dla-needed.txt
Log:
firebird2.1 done
Modified: data/DLA/list
===
--- data/DLA/list 2015-01-08 18:35:37 UTC (rev 31200)
+++ data/DLA/list 2015-01-08 18:54:13 UTC (rev 31201)
@@ -1,3 +1,6 @@
+[08 Jan 2015] DLA-130-1 firebird2.1 - security update
+ {CVE-2014-9323}
+ [squeeze] - firebird2.1 2.1.3.18185-0.ds1-11+squeeze2
[03 Jan 2015] DLA-129-1 polarssl - security update
{CVE-2014-8628}
[squeeze] - polarssl 1.2.9-1~deb6u3
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2015-01-08 18:35:37 UTC (rev 31200)
+++ data/dla-needed.txt 2015-01-08 18:54:13 UTC (rev 31201)
@@ -21,8 +21,6 @@
--
file (Christoph Biedl)
--
-firebird2.1
---
git
--
httpcomponents-client
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31250 - data/CVE
Author: alteholz
Date: 2015-01-10 15:58:00 + (Sat, 10 Jan 2015)
New Revision: 31250
Modified:
data/CVE/list
Log:
update CVE-2014-9427/php5 entry for squeeze
Modified: data/CVE/list
===
--- data/CVE/list 2015-01-10 14:40:47 UTC (rev 31249)
+++ data/CVE/list 2015-01-10 15:58:00 UTC (rev 31250)
@@ -1306,6 +1306,7 @@
CVE-2014-9427 (sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36,
5.5.x ...)
{DSA-3117-1}
- php5
+ [squeeze] - php5 (Introduced in 5.4.1)
NOTE: https://bugs.php.net/bug.php?id=68618
NOTE:
http://git.php.net/?p=php-src.git;a=commit;h=f9ad3086693fce680fbe246e4a45aa92edd2ac35
CVE-2014- [CRAM-MD5 authentication bypass]
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31251 - data/CVE
Author: alteholz Date: 2015-01-10 16:07:16 + (Sat, 10 Jan 2015) New Revision: 31251 Modified: data/CVE/list Log: update CVE-2015-/php5 entry for squeeze Modified: data/CVE/list === --- data/CVE/list 2015-01-10 15:58:00 UTC (rev 31250) +++ data/CVE/list 2015-01-10 16:07:16 UTC (rev 31251) @@ -861,6 +861,7 @@ TODO: check CVE-2015- [Use after free in 'opcache' component of PHP] - php5 + [squeeze] - php5 (vulnerable code introduced later) NOTE: https://bugs.php.net/bug.php?id=68677 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=777c39f4042327eac4b63c7ee87dc1c7a09a3115 TODO: check ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31343 - in data: . DLA
Author: alteholz
Date: 2015-01-14 18:45:04 + (Wed, 14 Jan 2015)
New Revision: 31343
Modified:
data/DLA/list
data/dla-needed.txt
Log:
unrtf done
Modified: data/DLA/list
===
--- data/DLA/list 2015-01-14 17:53:17 UTC (rev 31342)
+++ data/DLA/list 2015-01-14 18:45:04 UTC (rev 31343)
@@ -1,3 +1,6 @@
+[14 Jan 2015] DLA-133-1 unrtf - security update
+ {CVE-2014-9274 CVE-2014-9275}
+ [squeeze] - unrtf 0.19.3-1.1+deb6u1
[11 Jan 2015] DLA-132-1 openssl - security update
{CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204}
[squeeze] - openssl 0.9.8o-4squeeze19
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2015-01-14 17:53:17 UTC (rev 31342)
+++ data/dla-needed.txt 2015-01-14 18:45:04 UTC (rev 31343)
@@ -64,8 +64,6 @@
--
squid
--
-unrtf
---
wireshark (Balint Reczey)
--
wordpress
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31346 - in data: . DLA
Author: alteholz
Date: 2015-01-14 19:13:34 + (Wed, 14 Jan 2015)
New Revision: 31346
Modified:
data/DLA/list
data/dla-needed.txt
Log:
curl done
Modified: data/DLA/list
===
--- data/DLA/list 2015-01-14 18:58:24 UTC (rev 31345)
+++ data/DLA/list 2015-01-14 19:13:34 UTC (rev 31346)
@@ -1,3 +1,6 @@
+[14 Jan 2015] DLA-134-1 curl - security update
+ {CVE-2014-8150}
+ [squeeze] - curl 7.21.0-2.1+squeeze11
[14 Jan 2015] DLA-133-1 unrtf - security update
{CVE-2014-9274 CVE-2014-9275}
[squeeze] - unrtf 0.19.3-1.1+deb6u1
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2015-01-14 18:58:24 UTC (rev 31345)
+++ data/dla-needed.txt 2015-01-14 19:13:34 UTC (rev 31346)
@@ -15,8 +15,6 @@
--
coreutils
--
-curl (Nguyen Cong)
---
ejabberd
--
dokuwiki
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31572 - data/CVE
Author: alteholz Date: 2015-01-21 12:32:47 + (Wed, 21 Jan 2015) New Revision: 31572 Modified: data/CVE/list Log: temporary php CVE not for squeeze Modified: data/CVE/list === --- data/CVE/list 2015-01-21 11:33:51 UTC (rev 31571) +++ data/CVE/list 2015-01-21 12:32:47 UTC (rev 31572) @@ -1799,6 +1799,7 @@ TODO: check CVE-2015- [Null Pointer Deference in pgsql] - php5 + [squeeze] - php5 (vulnerable code (build_tablename()) introduced later) NOTE: https://bugs.php.net/bug.php?id=68741 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=124fb22a13fafa3648e4e15b4f207c7096d8155e TODO: check ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31719 - data
Author: alteholz Date: 2015-01-27 08:52:51 + (Tue, 27 Jan 2015) New Revision: 31719 Modified: data/dla-needed.txt Log: take jasper Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-01-27 08:32:14 UTC (rev 31718) +++ data/dla-needed.txt 2015-01-27 08:52:51 UTC (rev 31719) @@ -23,6 +23,8 @@ -- httpcomponents-client -- +jasper (Thorsten Alteholz) +-- jqueryui (Holger Levsen) -- konversation ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31772 - in data: . DLA
Author: alteholz
Date: 2015-01-27 21:50:33 + (Tue, 27 Jan 2015)
New Revision: 31772
Modified:
data/DLA/list
data/dla-needed.txt
Log:
jasper done
Modified: data/DLA/list
===
--- data/DLA/list 2015-01-27 21:17:33 UTC (rev 31771)
+++ data/DLA/list 2015-01-27 21:50:33 UTC (rev 31772)
@@ -1,3 +1,6 @@
+[27 Jan 2015] DLA-138-1 jasper - security update
+ {CVE-2014-8157 CVE-2014-8158}
+ [squeeze] - jasper 1.900.1-7+squeeze4
[26 Jan 2015] DLA-137-1 libevent - security update
{CVE-2014-6272}
[squeeze] - libevent 1.4.13-stable-1+deb6u1
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2015-01-27 21:17:33 UTC (rev 31771)
+++ data/dla-needed.txt 2015-01-27 21:50:33 UTC (rev 31772)
@@ -25,8 +25,6 @@
--
httpcomponents-client
--
-jasper (Thorsten Alteholz)
---
jqueryui (Holger Levsen)
--
konversation
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31812 - data
Author: alteholz Date: 2015-01-29 07:19:58 + (Thu, 29 Jan 2015) New Revision: 31812 Modified: data/dla-needed.txt Log: take polarssl Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-01-29 06:58:04 UTC (rev 31811) +++ data/dla-needed.txt 2015-01-29 07:19:58 UTC (rev 31812) @@ -58,7 +58,7 @@ -- piwigo -- -polarssl +polarssl (Thorsten Alteholz) -- privoxy (Holger Levsen) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31830 - in data: . DLA
Author: alteholz
Date: 2015-01-29 18:53:18 + (Thu, 29 Jan 2015)
New Revision: 31830
Modified:
data/DLA/list
data/dla-needed.txt
Log:
polarssl done
Modified: data/DLA/list
===
--- data/DLA/list 2015-01-29 18:27:36 UTC (rev 31829)
+++ data/DLA/list 2015-01-29 18:53:18 UTC (rev 31830)
@@ -1,3 +1,6 @@
+[29 Jan 2015] DLA-144-1 polarssl - security update
+ {CVE-2015-1182}
+ [squeeze] - polarssl 1.2.9-1~deb6u4
[29 Jan 2015] DLA-143-1 python-django - security update
{CVE-2015-0219 CVE-2015-0220 CVE-2015-0221}
[squeeze] - python-django 1.2.3-3+squeeze12
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2015-01-29 18:27:36 UTC (rev 31829)
+++ data/dla-needed.txt 2015-01-29 18:53:18 UTC (rev 31830)
@@ -58,8 +58,6 @@
--
piwigo
--
-polarssl (Thorsten Alteholz)
---
qemu
--
qt4-x11 (iESDebian)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31868 - in data: . DLA
Author: alteholz
Date: 2015-01-31 13:00:36 + (Sat, 31 Jan 2015)
New Revision: 31868
Modified:
data/DLA/list
data/dla-needed.txt
Log:
php5 done
Modified: data/DLA/list
===
--- data/DLA/list 2015-01-31 12:57:02 UTC (rev 31867)
+++ data/DLA/list 2015-01-31 13:00:36 UTC (rev 31868)
@@ -1,3 +1,6 @@
+[31 Jan 2015] DLA-145-1 php5 - security update
+ {CVE-2014-0237 CVE-2014-0238 CVE-2014-2270 CVE-2014-8117}
+ [squeeze] - php5 5.3.3-7+squeeze24
[29 Jan 2015] DLA-144-1 polarssl - security update
{CVE-2015-1182}
[squeeze] - polarssl 1.2.9-1~deb6u4
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2015-01-31 12:57:02 UTC (rev 31867)
+++ data/dla-needed.txt 2015-01-31 13:00:36 UTC (rev 31868)
@@ -50,10 +50,6 @@
--
openjdk-6
--
-php5 (Thorsten Alteholz)
- NOTE: update planned for January
- NOTE: include Univention patches
---
piwigo
--
qemu
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31913 - data/DLA
Author: alteholz
Date: 2015-02-02 16:30:14 + (Mon, 02 Feb 2015)
New Revision: 31913
Modified:
data/DLA/list
Log:
DLA-145-1 php5 regression update
Modified: data/DLA/list
===
--- data/DLA/list 2015-02-02 16:27:16 UTC (rev 31912)
+++ data/DLA/list 2015-02-02 16:30:14 UTC (rev 31913)
@@ -1,3 +1,5 @@
+[02 Feb 2015] DLA-145-2 php5 - regression update
+ [squeeze] - php5 5.3.3-7+squeeze25
[31 Jan 2015] DLA-145-1 php5 - security update
{CVE-2014-0237 CVE-2014-0238 CVE-2014-2270 CVE-2014-8117}
[squeeze] - php5 5.3.3-7+squeeze24
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r31969 - data
Author: alteholz Date: 2015-02-04 21:37:02 + (Wed, 04 Feb 2015) New Revision: 31969 Modified: data/dla-needed.txt Log: take unzip, libxml2 and krb5 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-02-04 21:10:17 UTC (rev 31968) +++ data/dla-needed.txt 2015-02-04 21:37:02 UTC (rev 31969) @@ -25,6 +25,8 @@ -- konversation -- +krb5 (Thorsten Alteholz) +-- libclamunrar NOTE: wheezy got a backport of 0.98.5, check if we should do the same in Squeeze? (non-free package) @@ -42,7 +44,7 @@ -- libvncserver (Nguyen Cong) -- -libxml2 +libxml2 (Thorsten Alteholz) -- linux-2.6 (Ben Hutchings) -- @@ -64,6 +66,8 @@ -- sympa (Emmanuel Bouthenot) -- +unzip (Thorsten Alteholz) +-- wireshark (Balint Reczey) -- wordpress ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32034 - in data: . DLA
Author: alteholz
Date: 2015-02-06 21:50:36 + (Fri, 06 Feb 2015)
New Revision: 32034
Modified:
data/DLA/list
data/dla-needed.txt
Log:
krb5 done
Modified: data/DLA/list
===
--- data/DLA/list 2015-02-06 21:10:20 UTC (rev 32033)
+++ data/DLA/list 2015-02-06 21:50:36 UTC (rev 32034)
@@ -1,3 +1,6 @@
+[06 Feb 2015] DLA-146-1 krb5 - security update
+ {CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423}
+ [squeeze] - krb5 1.8.3+dfsg-4squeeze9
[02 Feb 2015] DLA-145-2 php5 - regression update
[squeeze] - php5 5.3.3-7+squeeze25
[31 Jan 2015] DLA-145-1 php5 - security update
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2015-02-06 21:10:20 UTC (rev 32033)
+++ data/dla-needed.txt 2015-02-06 21:50:36 UTC (rev 32034)
@@ -27,8 +27,6 @@
--
konversation
--
-krb5 (Thorsten Alteholz)
---
libclamunrar
NOTE: wheezy got a backport of 0.98.5, check if we should do the same in
Squeeze? (non-free package)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32063 - in data: . DLA
Author: alteholz
Date: 2015-02-07 13:31:39 + (Sat, 07 Feb 2015)
New Revision: 32063
Modified:
data/DLA/list
data/dla-needed.txt
Log:
unzip done
Modified: data/DLA/list
===
--- data/DLA/list 2015-02-07 13:03:30 UTC (rev 32062)
+++ data/DLA/list 2015-02-07 13:31:39 UTC (rev 32063)
@@ -1,3 +1,6 @@
+[07 Feb 2015] DLA-150-1 unzip - security update
+ {CVE-2014-8139 CVE-2014-9636}
+ [squeeze] - unzip 6.0-4+deb6u2
[07 Feb 2015] DLA-149-1 ntp - security update
{CVE-2014-9297 CVE-2014-9298}
[squeeze] - ntp 1:4.2.6.p2+dfsg-1+deb6u2
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2015-02-07 13:03:30 UTC (rev 32062)
+++ data/dla-needed.txt 2015-02-07 13:31:39 UTC (rev 32063)
@@ -72,8 +72,6 @@
--
unrar-nonfree
--
-unzip (Thorsten Alteholz)
---
virtualbox-ose
--
wireshark (Balint Reczey)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32069 - in data: . DLA
Author: alteholz
Date: 2015-02-07 14:20:33 + (Sat, 07 Feb 2015)
New Revision: 32069
Modified:
data/DLA/list
data/dla-needed.txt
Log:
libxml2 done
Modified: data/DLA/list
===
--- data/DLA/list 2015-02-07 14:19:28 UTC (rev 32068)
+++ data/DLA/list 2015-02-07 14:20:33 UTC (rev 32069)
@@ -1,3 +1,6 @@
+[07 Feb 2015] DLA-151-1 libxml2 - security update
+ {CVE-2014-0191 CVE-2014-3660}
+ [squeeze] - libxml2 2.7.8.dfsg-2+squeeze11
[07 Feb 2015] DLA-150-1 unzip - security update
{CVE-2014-8139 CVE-2014-9636}
[squeeze] - unzip 6.0-4+deb6u2
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2015-02-07 14:19:28 UTC (rev 32068)
+++ data/dla-needed.txt 2015-02-07 14:20:33 UTC (rev 32069)
@@ -44,8 +44,6 @@
--
libvncserver (Nguyen Cong)
--
-libxml2 (Thorsten Alteholz)
---
linux-2.6 (Ben Hutchings)
--
nss
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32314 - data
Author: alteholz Date: 2015-02-18 14:43:11 + (Wed, 18 Feb 2015) New Revision: 32314 Modified: data/dla-needed.txt Log: take php5 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-02-18 14:22:17 UTC (rev 32313) +++ data/dla-needed.txt 2015-02-18 14:43:11 UTC (rev 32314) @@ -52,7 +52,8 @@ -- openjdk-6 -- -php5 +php5 (Thorsten Alteholz) + NOTE: upload in March -- phpmyadmin -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32549 - data
Author: alteholz Date: 2015-02-28 14:27:57 + (Sat, 28 Feb 2015) New Revision: 32549 Modified: data/dla-needed.txt Log: get libgtk2-perl and mod-gnutls Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-02-28 14:17:31 UTC (rev 32548) +++ data/dla-needed.txt 2015-02-28 14:27:57 UTC (rev 32549) @@ -46,7 +46,7 @@ libextlib-ruby NOTE: debdiff of Salvatore Bonaccorso ready in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697895#23 -- -libgtk2-perl +libgtk2-perl (Thorsten Alteholz) -- libnokogiri-ruby -- @@ -58,7 +58,7 @@ -- libvncserver (Nguyen Cong) -- -mod-gnutls +mod-gnutls (Thorsten Alteholz) --- p7zip -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32552 - in data: . CVE DLA
Author: alteholz
Date: 2015-02-28 16:22:55 + (Sat, 28 Feb 2015)
New Revision: 32552
Modified:
data/CVE/list
data/DLA/list
data/dla-needed.txt
Log:
libgtk2-perl done
Modified: data/CVE/list
===
--- data/CVE/list 2015-02-28 15:41:12 UTC (rev 32551)
+++ data/CVE/list 2015-02-28 16:22:55 UTC (rev 32552)
@@ -1062,6 +1062,7 @@
- libgtk2-perl 2:1.2492-4
[wheezy] - libgtk2-perl 2:1.244-1+deb7u1
NOTE: wheezy tagged entry as workaround/reminder for when CVE is
assigned
+ NOTE: CVE needs to be added to data/DLA/list as well
NOTE:
https://mail.gnome.org/archives/gtk-perl-list/2015-January/msg00039.html
NOTE: https://bugs.mageia.org/show_bug.cgi?id=15173
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/02/20/14
Modified: data/DLA/list
===
--- data/DLA/list 2015-02-28 15:41:12 UTC (rev 32551)
+++ data/DLA/list 2015-02-28 16:22:55 UTC (rev 32552)
@@ -1,3 +1,5 @@
+[28 Feb 2015] DLA-161-1 libgtk2-perl - security update
+ [squeeze] - libgtk2-perl 2:1.222-1+deb6u1
[27 Feb 2015] DLA-160-1 sudo - security update
{CVE-2014-0106 CVE-2014-9680}
[squeeze] - sudo 1.7.4p4-2.squeeze.5
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2015-02-28 15:41:12 UTC (rev 32551)
+++ data/dla-needed.txt 2015-02-28 16:22:55 UTC (rev 32552)
@@ -46,8 +46,6 @@
libextlib-ruby
NOTE: debdiff of Salvatore Bonaccorso ready in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697895#23
--
-libgtk2-perl (Thorsten Alteholz)
---
libnokogiri-ruby
--
libjson-ruby
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r32553 - data/CVE
Author: alteholz Date: 2015-02-28 18:36:12 + (Sat, 28 Feb 2015) New Revision: 32553 Modified: data/CVE/list Log: mark CVE-2012-6687 for libfcgi as no-dsa, follow the decision of the security team for Wheezy Modified: data/CVE/list === --- data/CVE/list 2015-02-28 16:22:55 UTC (rev 32552) +++ data/CVE/list 2015-02-28 18:36:12 UTC (rev 32553) @@ -1629,6 +1629,7 @@ CVE-2012-6687 (FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause ...) - libfcgi 2.4.0-8.3 (bug #681591) [wheezy] - libfcgi (Minor issue) + [squeeze] - libfcgi (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/4 CVE-2012- [Stack-based buffer overflow when scanning directory structure for absolute path entries] - fuseiso (bug #779047) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
