[Secure-testing-commits] r39089 - data
Author: alteholz Date: 2016-01-22 13:51:02 + (Fri, 22 Jan 2016) New Revision: 39089 Modified: data/dla-needed.txt Log: add and take privoxy Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-01-22 13:48:29 UTC (rev 39088) +++ data/dla-needed.txt 2016-01-22 13:51:02 UTC (rev 39089) @@ -42,6 +42,8 @@ pound NOTE: updating to the wheezy option might be less error prone -- +privoxy (Thorsten Alteholz) +-- radicale (Markus Koschany) -- tiff (Santiago R.R.) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40391 - data
Author: alteholz Date: 2016-03-15 18:53:30 + (Tue, 15 Mar 2016) New Revision: 40391 Modified: data/dsa-needed.txt Log: extplorer prepared Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-03-15 18:31:27 UTC (rev 40390) +++ data/dsa-needed.txt 2016-03-15 18:53:30 UTC (rev 40391) @@ -18,6 +18,9 @@ -- botan1.10 -- +extplorer/oldstable (Thorsten Alteholz) + NOTE: .debdiff sent to the Security Team, waiting for feedback +-- gosa/oldstable (Mike Gabriel) NOTE: .debdiff sent to the Security Team, waiting for feedback NOTE: asked about jessie status (seb) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40838 - data
Author: alteholz Date: 2016-04-09 17:58:07 + (Sat, 09 Apr 2016) New Revision: 40838 Modified: data/dsa-needed.txt Log: showing some interest in asterisk Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-04-09 17:49:43 UTC (rev 40837) +++ data/dsa-needed.txt 2016-04-09 17:58:07 UTC (rev 40838) @@ -15,6 +15,7 @@ 389-ds-base -- asterisk + NOTE: Thorsten Alteholz is looking at CVEs for Wheezy and maybe Jessie ... -- botan1.10 -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40505 - data
Author: alteholz Date: 2016-03-21 21:03:51 + (Mon, 21 Mar 2016) New Revision: 40505 Modified: data/dsa-needed.txt Log: inspircd prepared Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-03-21 17:05:58 UTC (rev 40504) +++ data/dsa-needed.txt 2016-03-21 21:03:51 UTC (rev 40505) @@ -35,6 +35,9 @@ no-dsa bugs CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 should be fixed along -- +inspircd/oldstable (Thorsten Alteholz) + NOTE: .debdiff sent to the Security Team, waiting for feedback +-- libidn Working debdiff for wheezy-security at https://people.debian.org/~ghedo/libidn_1.25-2+deb7u1.diff ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40571 - data
Author: alteholz Date: 2016-03-25 12:52:53 + (Fri, 25 Mar 2016) New Revision: 40571 Modified: data/dsa-needed.txt Log: debdiff for fuseiso sent Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-03-25 12:31:04 UTC (rev 40570) +++ data/dsa-needed.txt 2016-03-25 12:52:53 UTC (rev 40571) @@ -24,6 +24,7 @@ NOTE: .debdiff sent to the Security Team, waiting for feedback -- fuseiso/oldstable (Thorsten Alteholz) + NOTE: debdiff sent by Thorsten Alteholz to the Security Team on 2016-03-25 -- gosa/oldstable (Mike Gabriel) NOTE: .debdiff sent to the Security Team, waiting for feedback ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40625 - data
Author: alteholz Date: 2016-03-29 10:31:00 + (Tue, 29 Mar 2016) New Revision: 40625 Modified: data/dsa-needed.txt Log: add tlslite/oldstable Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-03-29 09:10:22 UTC (rev 40624) +++ data/dsa-needed.txt 2016-03-29 10:31:00 UTC (rev 40625) @@ -92,6 +92,9 @@ tardiff fw asked maintainer for preparing debdiffs for wheezy- and jessie-security -- +tlslite/oldstable + NOTE: debdiff sent by Thorsten Alteholz to the Security Team on 2016-03-29 +-- tiff3 -- tomcat7 (Markus Koschany) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41126 - data
Author: alteholz Date: 2016-04-24 20:24:38 + (Sun, 24 Apr 2016) New Revision: 41126 Modified: data/dsa-needed.txt Log: update for asterisk Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-04-24 18:10:02 UTC (rev 41125) +++ data/dsa-needed.txt 2016-04-24 20:24:38 UTC (rev 41126) @@ -15,7 +15,7 @@ 389-ds-base -- asterisk - NOTE: Thorsten Alteholz is looking at CVEs for Wheezy and maybe Jessie ... + NOTE: debdiff sent by Thorsten Alteholz to the Security Team on 2016-04-24 -- botan1.10 (Markus Koschany) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41203 - data
Author: alteholz Date: 2016-04-26 11:43:33 + (Tue, 26 Apr 2016) New Revision: 41203 Modified: data/dla-needed.txt Log: claim poppler Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-04-26 11:20:33 UTC (rev 41202) +++ data/dla-needed.txt 2016-04-26 11:43:33 UTC (rev 41203) @@ -73,7 +73,7 @@ policykit-1 NOTE: CVE-2016-2568 doesn't have a fix yet, 20160425 -- -poppler +poppler (Thorsten Alteholz) -- samba Samba maintainers are preparing updates for regressions ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41199 - data
Author: alteholz Date: 2016-04-26 09:30:40 + (Tue, 26 Apr 2016) New Revision: 41199 Modified: data/dla-needed.txt Log: 389-ds-base is only in Jessie and above Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-04-26 09:10:11 UTC (rev 41198) +++ data/dla-needed.txt 2016-04-26 09:30:40 UTC (rev 41199) @@ -9,8 +9,6 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues -- -389-ds-base --- asterisk (Thorsten Alteholz) -- botan1.10 (Markus Koschany) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41077 - org
Author: alteholz Date: 2016-04-23 12:27:16 + (Sat, 23 Apr 2016) New Revision: 41077 Modified: org/lts-frontdesk.2016.txt Log: take some frontend weeks Modified: org/lts-frontdesk.2016.txt === --- org/lts-frontdesk.2016.txt 2016-04-23 11:40:48 UTC (rev 41076) +++ org/lts-frontdesk.2016.txt 2016-04-23 12:27:16 UTC (rev 41077) @@ -26,16 +26,16 @@ From 28-03 to 03-04:Santiago Ruano Rincón <santiag...@riseup.net> From 04-04 to 10-04: From 11-04 to 17-04:Markus Koschany <a...@debian.org> -From 18-04 to 24-04: +From 18-04 to 24-04:Thorsten Alteholz <alteh...@debian.org> From 25-04 to 01-05:Santiago Ruano Rincón <santiag...@riseup.net> From 02-05 to 08-05:Markus Koschany <a...@debian.org> From 09-05 to 15-05:Chris Lamb <ch...@chris-lamb.co.uk> From 16-05 to 22-05:Antoine Beaupré <anar...@anarc.at> -From 23-05 to 29-05: +From 23-05 to 29-05:Thorsten Alteholz <alteh...@debian.org> From 30-05 to 05-06: From 06-06 to 12-06:Chris Lamb <ch...@chris-lamb.co.uk> From 13-06 to 19-06:Antoine Beaupré <anar...@anarc.at> -From 20-06 to 26-06: +From 20-06 to 26-06:Thorsten Alteholz <alteh...@debian.org> From 27-06 to 03-07: From 04-07 to 10-07:Chris Lamb <ch...@chris-lamb.co.uk> From 11-07 to 17-07: ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41088 - data/CVE
Author: alteholz Date: 2016-04-23 15:22:54 + (Sat, 23 Apr 2016) New Revision: 41088 Modified: data/CVE/list Log: only version 11.x affected Modified: data/CVE/list === --- data/CVE/list 2016-04-23 15:13:35 UTC (rev 41087) +++ data/CVE/list 2016-04-23 15:22:54 UTC (rev 41088) @@ -41214,6 +41214,7 @@ CVE-2014-8414 (ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 ...) - asterisk 1:13.1.0~dfsg-1 (bug #771463) [jessie] - asterisk 1:11.13.1~dfsg-2 + [wheezy] - asterisk (Only affects 11.x) [squeeze] - asterisk (Unsupported in squeeze-lts) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24440 NOTE: http://downloads.digium.com/pub/security/AST-2014-014.html ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41090 - data/CVE
Author: alteholz Date: 2016-04-23 17:03:15 + (Sat, 23 Apr 2016) New Revision: 41090 Modified: data/CVE/list Log: only version 11.x, 12.x, 13.x affected Modified: data/CVE/list === --- data/CVE/list 2016-04-23 16:54:46 UTC (rev 41089) +++ data/CVE/list 2016-04-23 17:03:15 UTC (rev 41090) @@ -41190,6 +41190,7 @@ CVE-2014-8417 (ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and ...) - asterisk 1:13.1.0~dfsg-1 (bug #771463) [jessie] - asterisk 1:11.13.1~dfsg-2 + [wheezy] - asterisk (Only affects 11.x, 12.x and 13.x) [squeeze] - asterisk (Unsupported in squeeze-lts) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24490 NOTE: http://downloads.digium.com/pub/security/AST-2014-017.html ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41144 - data
Author: alteholz
Date: 2016-04-25 11:37:38 + (Mon, 25 Apr 2016)
New Revision: 41144
Modified:
data/dla-needed.txt
data/dsa-needed.txt
Log:
move some packages to dla-needed
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-25 10:37:02 UTC (rev 41143)
+++ data/dla-needed.txt 2016-04-25 11:37:38 UTC (rev 41144)
@@ -9,6 +9,8 @@
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
+asterisk (Thorsten Alteholz)
+--
cacti
NOTE: Issue being disputed, check
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814353#10
--
@@ -21,6 +23,8 @@
dwarfutils
NOTE: 20160123, no CVE assigned yet, no fix availabe yet
--
+extplorer (Thorsten Alteholz)
+--
graphicsmagick
NOTE: CVE-2016-231{8,9} don't have upstream fixes but we crash on the
exploits
--
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-04-25 10:37:02 UTC (rev 41143)
+++ data/dsa-needed.txt 2016-04-25 11:37:38 UTC (rev 41144)
@@ -19,9 +19,6 @@
--
botan1.10 (Markus Koschany)
--
-extplorer/oldstable (Thorsten Alteholz)
- NOTE: .debdiff sent to the Security Team, waiting for feedback
---
gosa/oldstable (Mike Gabriel)
NOTE: .debdiff sent to the Security Team, waiting for feedback
NOTE: asked about jessie status (seb)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41940 - in data: . DLA
Author: alteholz
Date: 2016-05-22 18:00:37 + (Sun, 22 May 2016)
New Revision: 41940
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-485-1 for extplorer
Modified: data/DLA/list
===
--- data/DLA/list 2016-05-22 17:53:15 UTC (rev 41939)
+++ data/DLA/list 2016-05-22 18:00:37 UTC (rev 41940)
@@ -1,3 +1,6 @@
+[22 May 2016] DLA-485-1 extplorer - security update
+ {CVE-2015-5660}
+ [wheezy] - extplorer 2.1.0b6+dfsg.3-4+deb7u3
[21 May 2016] DLA-484-1 graphicsmagick - security update
{CVE-2015-8808 CVE-2016-2317 CVE-2016-2318 CVE-2016-3714 CVE-2016-3715
CVE-2016-3716 CVE-2016-3717 CVE-2016-3718}
[wheezy] - graphicsmagick 1.3.16-1.1+deb7u1
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-22 17:53:15 UTC (rev 41939)
+++ data/dla-needed.txt 2016-05-22 18:00:37 UTC (rev 41940)
@@ -24,9 +24,6 @@
--
eglibc (Santiago R.R.)
--
-extplorer (Thorsten Alteholz)
- NOTE: package for testing uploaded
---
gosa (Mike Gabriel)
NOTE: .debdiff sent to the Security Team, waiting for feedback
NOTE: asked about jessie status (seb)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41636 - data
Author: alteholz Date: 2016-05-11 15:42:23 + (Wed, 11 May 2016) New Revision: 41636 Modified: data/dla-needed.txt Log: take ocaml Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-11 13:04:34 UTC (rev 41635) +++ data/dla-needed.txt 2016-05-11 15:42:23 UTC (rev 41636) @@ -74,7 +74,7 @@ NOTE: maintainer wants to upload package (as done before) NOTE: <20160213161710.ga9...@roeckx.be> -- -ocaml +ocaml (Thorsten Alteholz) -- openafs (Thorsten Alteholz) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41652 - data
Author: alteholz Date: 2016-05-11 20:49:58 + (Wed, 11 May 2016) New Revision: 41652 Modified: data/dla-needed.txt Log: take xerces-c Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-11 20:32:34 UTC (rev 41651) +++ data/dla-needed.txt 2016-05-11 20:49:58 UTC (rev 41652) @@ -136,7 +136,7 @@ -- x11vnc -- -xerces-c +xerces-c (Thorsten Alteholz) -- xymon (Chris Lamb) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41682 - data/CVE
Author: alteholz Date: 2016-05-12 17:55:42 + (Thu, 12 May 2016) New Revision: 41682 Modified: data/CVE/list Log: patch for CVE-2015-5660 can be found somewhere else Modified: data/CVE/list === --- data/CVE/list 2016-05-12 17:34:36 UTC (rev 41681) +++ data/CVE/list 2016-05-12 17:55:42 UTC (rev 41682) @@ -22077,7 +22077,7 @@ CVE-2015-5660 (Cross-site request forgery (CSRF) vulnerability in eXtplorer before ...) - extplorer NOTE: http://extplorer.net/news/18 - NOTE: http://extplorer.net/projects/extplorer/repository/diff?utf8=%E2%9C%93=240_to=239 + NOTE: http://extplorer.net/projects/extplorer/repository/diff?utf8=%E2%9C%93=242_to=241 CVE-2015-5659 (SQL injection vulnerability in Network Applied Communication ...) TODO: check CVE-2015-5658 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41680 - data
Author: alteholz Date: 2016-05-12 17:20:03 + (Thu, 12 May 2016) New Revision: 41680 Modified: data/dla-needed.txt Log: take extplorer Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-12 16:00:55 UTC (rev 41679) +++ data/dla-needed.txt 2016-05-12 17:20:03 UTC (rev 41680) @@ -22,7 +22,7 @@ -- dhcpcd5 -- -extplorer +extplorer (Thorsten Alteholz) -- gosa (Mike Gabriel) NOTE: .debdiff sent to the Security Team, waiting for feedback ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41662 - in data: . DLA
Author: alteholz
Date: 2016-05-12 08:34:12 + (Thu, 12 May 2016)
New Revision: 41662
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-467-1 for xerces-c
Modified: data/DLA/list
===
--- data/DLA/list 2016-05-12 07:38:12 UTC (rev 41661)
+++ data/DLA/list 2016-05-12 08:34:12 UTC (rev 41662)
@@ -1,3 +1,6 @@
+[12 May 2016] DLA-467-1 xerces-c - security update
+ {CVE-2016-2099}
+ [wheezy] - xerces-c 3.1.1-3+deb7u3
[11 May 2016] DLA-466-1 ocaml - security update
{CVE-2015-8869}
[wheezy] - ocaml 3.12.1-4+deb7u1
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-12 07:38:12 UTC (rev 41661)
+++ data/dla-needed.txt 2016-05-12 08:34:12 UTC (rev 41662)
@@ -137,7 +137,5 @@
--
x11vnc
--
-xerces-c (Thorsten Alteholz)
---
xymon (Chris Lamb)
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41812 - data
Author: alteholz Date: 2016-05-17 18:01:52 + (Tue, 17 May 2016) New Revision: 41812 Modified: data/dla-needed.txt Log: no need to mention CVEs here Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-17 17:11:39 UTC (rev 41811) +++ data/dla-needed.txt 2016-05-17 18:01:52 UTC (rev 41812) @@ -10,7 +10,6 @@ -- asterisk (Thorsten Alteholz) - NOTE: CVE-2014-2287 and CVE-2014-2287 still pending? -- bozohttpd -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41747 - data
Author: alteholz Date: 2016-05-15 17:49:52 + (Sun, 15 May 2016) New Revision: 41747 Modified: data/dla-needed.txt Log: tester needed Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-15 16:48:16 UTC (rev 41746) +++ data/dla-needed.txt 2016-05-15 17:49:52 UTC (rev 41747) @@ -25,6 +25,7 @@ eglibc -- extplorer (Thorsten Alteholz) + NOTE: package for testing uploaded -- gosa (Mike Gabriel) NOTE: .debdiff sent to the Security Team, waiting for feedback @@ -72,6 +73,7 @@ NOTE: <20160213161710.ga9...@roeckx.be> -- openafs (Thorsten Alteholz) + NOTE: package for testing uploaded -- p7zip NOTE: CPP/7zip/Archive/Udf/UdfIn.cpp line 261? ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41392 - in data: . DLA
Author: alteholz
Date: 2016-05-03 17:45:06 + (Tue, 03 May 2016)
New Revision: 41392
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-454-1 for minissdpd
Modified: data/DLA/list
===
--- data/DLA/list 2016-05-03 17:42:33 UTC (rev 41391)
+++ data/DLA/list 2016-05-03 17:45:06 UTC (rev 41392)
@@ -1,3 +1,6 @@
+[03 May 2016] DLA-454-1 minissdpd - security update
+ {CVE-2016-3178 CVE-2016-3179}
+ [wheezy] - minissdpd 1.1.20120121-1+deb7u1
[03 May 2016] DLA-453-1 extplorer - security update
{CVE-2015-0896}
[wheezy] - extplorer 2.1.0b6+dfsg.3-4+deb7u2
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-03 17:42:33 UTC (rev 41391)
+++ data/dla-needed.txt 2016-05-03 17:45:06 UTC (rev 41392)
@@ -47,9 +47,6 @@
--
linux
--
-minissdpd
- NOTE: debdiff sent by Thorsten Alteholz to the Security Team on 2016-03-28
---
nss (Guido Günther)
--
ntp
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41393 - in data: . DLA
Author: alteholz
Date: 2016-05-03 17:48:42 + (Tue, 03 May 2016)
New Revision: 41393
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-455-1 for asterisk
Modified: data/DLA/list
===
--- data/DLA/list 2016-05-03 17:45:06 UTC (rev 41392)
+++ data/DLA/list 2016-05-03 17:48:42 UTC (rev 41393)
@@ -1,3 +1,6 @@
+[03 May 2016] DLA-455-1 asterisk - security update
+ {CVE-2014-2286 CVE-2014-4046 CVE-2014-6610 CVE-2014-8412 CVE-2014-8418
CVE-2015-3008}
+ [wheezy] - asterisk 1:1.8.13.1~dfsg1-3+deb7u4
[03 May 2016] DLA-454-1 minissdpd - security update
{CVE-2016-3178 CVE-2016-3179}
[wheezy] - minissdpd 1.1.20120121-1+deb7u1
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-03 17:45:06 UTC (rev 41392)
+++ data/dla-needed.txt 2016-05-03 17:48:42 UTC (rev 41393)
@@ -9,8 +9,6 @@
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
-asterisk (Thorsten Alteholz)
---
cacti
NOTE: CVE-2016-3659 doesn't have a fix yet, 20160425
NOTE: Maintainer wants to review changes; see
https://lists.debian.org/<5724f47d.6090...@debian.org>
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41394 - data
Author: alteholz Date: 2016-05-03 17:49:07 + (Tue, 03 May 2016) New Revision: 41394 Modified: data/dla-needed.txt Log: still open issues Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-03 17:48:42 UTC (rev 41393) +++ data/dla-needed.txt 2016-05-03 17:49:07 UTC (rev 41394) @@ -9,6 +9,8 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues -- + asterisk (Thorsten Alteholz) +-- cacti NOTE: CVE-2016-3659 doesn't have a fix yet, 20160425 NOTE: Maintainer wants to review changes; see https://lists.debian.org/<5724f47d.6090...@debian.org> ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41410 - data
Author: alteholz Date: 2016-05-04 10:11:56 + (Wed, 04 May 2016) New Revision: 41410 Modified: data/dla-needed.txt Log: take mplayer Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-04 09:30:42 UTC (rev 41409) +++ data/dla-needed.txt 2016-05-04 10:11:56 UTC (rev 41410) @@ -47,6 +47,8 @@ -- linux -- + mplayer (Thorsten Alteholz) +-- nss (Guido Günther) -- ntp ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41484 - in data: . DLA
Author: alteholz
Date: 2016-05-06 15:49:21 + (Fri, 06 May 2016)
New Revision: 41484
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-459-1 for mercurial
Modified: data/DLA/list
===
--- data/DLA/list 2016-05-06 15:42:14 UTC (rev 41483)
+++ data/DLA/list 2016-05-06 15:49:21 UTC (rev 41484)
@@ -1,3 +1,6 @@
+[06 May 2016] DLA-459-1 mercurial - security update
+ {CVE-2016-3105}
+ [wheezy] - mercurial 2.2.2-4+deb7u3
[05 May 2016] DLA-458-1 mplayer2 - security update
{CVE-2016-4352}
[wheezy] - mplayer2 2.0-554-gf63dbad-1+deb7u1
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-06 15:42:14 UTC (rev 41483)
+++ data/dla-needed.txt 2016-05-06 15:49:21 UTC (rev 41484)
@@ -56,8 +56,6 @@
--
linux
--
-mercurial (Thorsten Alteholz)
---
nagios3 (Markus Koschany)
--
nss (Guido Günther)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41492 - data
Author: alteholz Date: 2016-05-06 20:43:26 + (Fri, 06 May 2016) New Revision: 41492 Modified: data/dla-needed.txt Log: claim lcms2 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-06 20:31:32 UTC (rev 41491) +++ data/dla-needed.txt 2016-05-06 20:43:26 UTC (rev 41492) @@ -33,6 +33,8 @@ imagemagick NOTE: only minor issues -- +lcms2 (Thorsten Alteholz) +-- libidn Working debdiff for wheezy-security at https://people.debian.org/~ghedo/libidn_1.25-2+deb7u1.diff ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41443 - in data: . DLA
Author: alteholz
Date: 2016-05-05 11:21:15 + (Thu, 05 May 2016)
New Revision: 41443
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-458-1 for mplayer2
Modified: data/DLA/list
===
--- data/DLA/list 2016-05-05 09:10:13 UTC (rev 41442)
+++ data/DLA/list 2016-05-05 11:21:15 UTC (rev 41443)
@@ -1,3 +1,6 @@
+[05 May 2016] DLA-458-1 mplayer2 - security update
+ {CVE-2016-4352}
+ [wheezy] - mplayer2 2.0-554-gf63dbad-1+deb7u1
[04 May 2016] DLA-457-1 mplayer - security update
{CVE-2016-4352}
[wheezy] - mplayer 2:1.0~rc4.dfsg1+svn34540-1+deb7u2
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-05 09:10:13 UTC (rev 41442)
+++ data/dla-needed.txt 2016-05-05 11:21:15 UTC (rev 41443)
@@ -58,8 +58,6 @@
--
mercurial (Thorsten Alteholz)
--
-mplayer2 (Thorsten Alteholz)
---
nagios3 (Markus Koschany)
--
nss (Guido Günther)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41461 - data
Author: alteholz Date: 2016-05-05 21:16:50 + (Thu, 05 May 2016) New Revision: 41461 Modified: data/dla-needed.txt Log: claim openafs Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-05 21:10:11 UTC (rev 41460) +++ data/dla-needed.txt 2016-05-05 21:16:50 UTC (rev 41461) @@ -66,7 +66,7 @@ NOTE: maintainer wants to upload package (as done before) NOTE: <20160213161710.ga9...@roeckx.be> -- -openafs +openafs (Thorsten Alteholz) -- pdns (Guido Günther) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41421 - data
Author: alteholz Date: 2016-05-04 18:29:31 + (Wed, 04 May 2016) New Revision: 41421 Modified: data/dla-needed.txt Log: claim mercurial Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-04 18:27:04 UTC (rev 41420) +++ data/dla-needed.txt 2016-05-04 18:29:31 UTC (rev 41421) @@ -47,7 +47,7 @@ -- linux -- - mplayer (Thorsten Alteholz) +mercurial (Thorsten Alteholz) -- nss (Guido Günther) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41420 - data/DLA
Author: alteholz
Date: 2016-05-04 18:27:04 + (Wed, 04 May 2016)
New Revision: 41420
Modified:
data/DLA/list
Log:
Reserve DLA-457-1 for mplayer
Modified: data/DLA/list
===
--- data/DLA/list 2016-05-04 18:17:39 UTC (rev 41419)
+++ data/DLA/list 2016-05-04 18:27:04 UTC (rev 41420)
@@ -1,3 +1,6 @@
+[04 May 2016] DLA-457-1 mplayer - security update
+ {CVE-2016-4352}
+ [wheezy] - mplayer 2:1.0~rc4.dfsg1+svn34540-1+deb7u2
[03 May 2016] DLA-456-1 openssl - security update
{CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109}
[wheezy] - openssl 1.0.1e-2+deb7u21
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41429 - data
Author: alteholz Date: 2016-05-04 20:54:06 + (Wed, 04 May 2016) New Revision: 41429 Modified: data/dla-needed.txt Log: claim mplayer2 as well Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-04 20:40:21 UTC (rev 41428) +++ data/dla-needed.txt 2016-05-04 20:54:06 UTC (rev 41429) @@ -55,6 +55,8 @@ -- mercurial (Thorsten Alteholz) -- +mplayer2 (Thorsten Alteholz) +-- nagios3 (Markus Koschany) -- nss (Guido Günther) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41264 - in data: . DLA
Author: alteholz
Date: 2016-04-28 20:19:20 + (Thu, 28 Apr 2016)
New Revision: 41264
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-446-1 for poppler
Modified: data/DLA/list
===
--- data/DLA/list 2016-04-28 20:13:19 UTC (rev 41263)
+++ data/DLA/list 2016-04-28 20:19:20 UTC (rev 41264)
@@ -1,3 +1,6 @@
+[28 Apr 2016] DLA-446-1 poppler - security update
+ {CVE-2015-8868}
+ [wheezy] - poppler 0.18.4-6+deb7u1
[03 Mar 2016] DLA-445-2 squid3 - regression update
[squeeze] - squid3 3.1.6-1.2+squeeze7
[29 Feb 2016] DLA-445-1 squid3 - security update
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-28 20:13:19 UTC (rev 41263)
+++ data/dla-needed.txt 2016-04-28 20:19:20 UTC (rev 41264)
@@ -76,8 +76,6 @@
policykit-1
NOTE: CVE-2016-2568 doesn't have a fix yet, 20160425
--
-poppler (Thorsten Alteholz)
---
samba
Samba maintainers are preparing updates for regressions
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41517 - data
Author: alteholz Date: 2016-05-07 16:51:15 + (Sat, 07 May 2016) New Revision: 41517 Modified: data/dla-needed.txt Log: vulnerable code not present in Wheezy version Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-07 16:49:20 UTC (rev 41516) +++ data/dla-needed.txt 2016-05-07 16:51:15 UTC (rev 41517) @@ -31,8 +31,6 @@ imagemagick NOTE: only minor issues -- -lcms2 (Thorsten Alteholz) --- libidn Working debdiff for wheezy-security at https://people.debian.org/~ghedo/libidn_1.25-2+deb7u1.diff ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41516 - data/CVE
Author: alteholz Date: 2016-05-07 16:49:20 + (Sat, 07 May 2016) New Revision: 41516 Modified: data/CVE/list Log: mark CVE for lcms2 as not-affected Modified: data/CVE/list === --- data/CVE/list 2016-05-07 14:13:52 UTC (rev 41515) +++ data/CVE/list 2016-05-07 16:49:20 UTC (rev 41516) @@ -468,6 +468,7 @@ CVE-2013-7455 RESERVED - lcms2 2.6-1 + [wheezy] - lcms2 (vulnerable code not present, no cmsPipelineFree(Lut); in Error:-part) NOTE: https://www.kb.cert.org/vuls/id/369800 NOTE: https://github.com/mm2/Little-CMS/commit/fefaaa43c382eee632ea3ad0cfa915335140e1db#diff-189a94f0a7a47efdd43f5567e27a973b CVE-2016- [XSS] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43523 - data
Author: alteholz Date: 2016-07-27 08:19:35 + (Wed, 27 Jul 2016) New Revision: 43523 Modified: data/dla-needed.txt Log: take mupdf Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-27 07:14:17 UTC (rev 43522) +++ data/dla-needed.txt 2016-07-27 08:19:35 UTC (rev 43523) @@ -56,7 +56,7 @@ is not available yet. It will be available in next upstream release (already in upstream roadmap). -- -mupdf +mupdf (Thorsten Alteholz) NOTE: Can reproduce in wheezy chroot. -- mysql-5.5 (Santiago R.R.) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43526 - data/CVE
Author: alteholz Date: 2016-07-27 10:54:37 + (Wed, 27 Jul 2016) New Revision: 43526 Modified: data/CVE/list Log: mark CVE-2016-3120 as no-dsa in Wheezy like in Jessie Modified: data/CVE/list === --- data/CVE/list 2016-07-27 10:42:52 UTC (rev 43525) +++ data/CVE/list 2016-07-27 10:54:37 UTC (rev 43526) @@ -9723,6 +9723,7 @@ RESERVED - krb5 (bug #832572) [jessie] - krb5 (Minor issue; can be fixed along with a future DSA) + [wheezy] - krb5 (Minor issue; can be fixed along with a future DSA) NOTE: https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7 NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458 CVE-2016-3119 (The process_db_args function in ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43449 - data/CVE
Author: alteholz Date: 2016-07-25 12:37:34 + (Mon, 25 Jul 2016) New Revision: 43449 Modified: data/CVE/list Log: mark CVE-2016-6209 as no-dsa in Wheezy like in Jessie Modified: data/CVE/list === --- data/CVE/list 2016-07-25 12:36:17 UTC (rev 43448) +++ data/CVE/list 2016-07-25 12:37:34 UTC (rev 43449) @@ -504,6 +504,7 @@ RESERVED - nagios3 (bug #831698) [jessie] - nagios3 (Minor issue) + [wheezy] - nagios3 (Minor issue) - icinga (Vulnerable code not present) NOTE: http://seclists.org/fulldisclosure/2016/Jun/20 CVE-2016-6206 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43580 - data
Author: alteholz Date: 2016-07-28 20:46:03 + (Thu, 28 Jul 2016) New Revision: 43580 Modified: data/dla-needed.txt Log: add ntp Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-28 20:44:40 UTC (rev 43579) +++ data/dla-needed.txt 2016-07-28 20:46:03 UTC (rev 43580) @@ -75,6 +75,9 @@ -- mysql-5.5 (Santiago R.R.) -- +ntp + NOTE: up to now maintainer did the LTS uploads +-- openssh (Ola Lundqvist) -- openjdk-7 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43575 - data
Author: alteholz Date: 2016-07-28 20:36:56 + (Thu, 28 Jul 2016) New Revision: 43575 Modified: data/dla-needed.txt Log: add lighttpd Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-28 20:33:53 UTC (rev 43574) +++ data/dla-needed.txt 2016-07-28 20:36:56 UTC (rev 43575) @@ -57,6 +57,8 @@ -- libupnp (Balint Reczey) -- +lightttpd +-- linux (Ben Hutchings) -- mat ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43577 - data
Author: alteholz Date: 2016-07-28 20:39:57 + (Thu, 28 Jul 2016) New Revision: 43577 Modified: data/dla-needed.txt Log: add xmlrpc-epi Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-28 20:38:14 UTC (rev 43576) +++ data/dla-needed.txt 2016-07-28 20:39:57 UTC (rev 43577) @@ -132,3 +132,5 @@ Update prepared by credativ ready here: https://people.debian.org/~zobel/xen-lts/ Just need review, upload and DLA. -- +xmlrpc-epi +-- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43574 - data
Author: alteholz Date: 2016-07-28 20:33:53 + (Thu, 28 Jul 2016) New Revision: 43574 Modified: data/dla-needed.txt Log: add wireshark Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-28 19:18:37 UTC (rev 43573) +++ data/dla-needed.txt 2016-07-28 20:33:53 UTC (rev 43574) @@ -119,6 +119,9 @@ -- tiff3 -- +wireshark + NOTE: I guess this will be done by Balint +-- wordpress (Markus Koschany) -- xen (Brian May) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43579 - data
Author: alteholz Date: 2016-07-28 20:44:40 + (Thu, 28 Jul 2016) New Revision: 43579 Modified: data/dla-needed.txt Log: add libapache2-mod-fcgid Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-28 20:43:16 UTC (rev 43578) +++ data/dla-needed.txt 2016-07-28 20:44:40 UTC (rev 43579) @@ -37,6 +37,8 @@ -- kde4libs (Balint Reczey) -- +libapache2-mod-fcgid +-- libdbd-mysql-perl (Markus Koschany) -- libical ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43576 - data
Author: alteholz Date: 2016-07-28 20:38:14 + (Thu, 28 Jul 2016) New Revision: 43576 Modified: data/dla-needed.txt Log: add twisted Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-28 20:36:56 UTC (rev 43575) +++ data/dla-needed.txt 2016-07-28 20:38:14 UTC (rev 43576) @@ -121,6 +121,8 @@ -- tiff3 -- +twisted +-- wireshark NOTE: I guess this will be done by Balint -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43594 - data
Author: alteholz Date: 2016-07-29 08:31:11 + (Fri, 29 Jul 2016) New Revision: 43594 Modified: data/dla-needed.txt Log: take xmlrpc-epi for now Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-29 08:23:06 UTC (rev 43593) +++ data/dla-needed.txt 2016-07-29 08:31:11 UTC (rev 43594) @@ -132,5 +132,5 @@ Update prepared by credativ ready here: https://people.debian.org/~zobel/xen-lts/ Just need review, upload and DLA. -- -xmlrpc-epi +xmlrpc-epi (Thorsten Alteholz) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43629 - in data: . DLA
Author: alteholz
Date: 2016-07-29 21:11:34 + (Fri, 29 Jul 2016)
New Revision: 43629
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-569-1 for xmlrpc-epi
Modified: data/DLA/list
===
--- data/DLA/list 2016-07-29 21:10:12 UTC (rev 43628)
+++ data/DLA/list 2016-07-29 21:11:34 UTC (rev 43629)
@@ -1,3 +1,6 @@
+[29 Jul 2016] DLA-569-1 xmlrpc-epi - security update
+ {CVE-2016-6296}
+ [wheezy] - xmlrpc-epi 0.54.2-1+deb7u1
[29 Jul 2016] DLA-568-1 wordpress - security update
{CVE-2016-5837 CVE-2016-5832 CVE-2016-5834 CVE-2016-5835 CVE-2016-5838
CVE-2016-5839}
[wheezy] - wordpress 3.6.1+dfsg-1~deb7u11
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-07-29 21:10:12 UTC (rev 43628)
+++ data/dla-needed.txt 2016-07-29 21:11:34 UTC (rev 43629)
@@ -132,5 +132,3 @@
Update prepared by credativ ready here:
https://people.debian.org/~zobel/xen-lts/
Just need review, upload and DLA.
--
-xmlrpc-epi (Thorsten Alteholz)
---
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43630 - data
Author: alteholz Date: 2016-07-29 21:17:58 + (Fri, 29 Jul 2016) New Revision: 43630 Modified: data/dla-needed.txt Log: libapache2-mod-fcgid has been taken care of by apache2 upload Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-29 21:11:34 UTC (rev 43629) +++ data/dla-needed.txt 2016-07-29 21:17:58 UTC (rev 43630) @@ -30,8 +30,6 @@ -- kde4libs (Balint Reczey) -- -libapache2-mod-fcgid --- libdbd-mysql-perl (Markus Koschany) -- libical ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43672 - data
Author: alteholz Date: 2016-07-31 09:59:15 + (Sun, 31 Jul 2016) New Revision: 43672 Modified: data/dla-needed.txt Log: add erlang Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-31 09:55:40 UTC (rev 43671) +++ data/dla-needed.txt 2016-07-31 09:59:15 UTC (rev 43672) @@ -11,6 +11,9 @@ -- asterisk (Thorsten Alteholz) -- +erlang + NOTE: recheck, maybe it is enough to just blacklist HTTP_PROXY in mod_cgi. +-- extplorer NOTE: 20160529, no fix yet NOTE: 20160618, still no fix ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43668 - in data: . CVE
Author: alteholz Date: 2016-07-31 09:26:57 + (Sun, 31 Jul 2016) New Revision: 43668 Modified: data/CVE/list data/dla-needed.txt Log: mark mupdf as not-affected Modified: data/CVE/list === --- data/CVE/list 2016-07-31 07:40:59 UTC (rev 43667) +++ data/CVE/list 2016-07-31 09:26:57 UTC (rev 43668) @@ -835,6 +835,7 @@ CVE-2016-6265 [use-after-free] RESERVED - mupdf (bug #832031) + [wheezy] - mupdf (vulnerable code not present, no segfault) NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696941 CVE-2016-6264 RESERVED Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-31 07:40:59 UTC (rev 43667) +++ data/dla-needed.txt 2016-07-31 09:26:57 UTC (rev 43668) @@ -51,9 +51,6 @@ is not available yet. It will be available in next upstream release (already in upstream roadmap). -- -mupdf (Thorsten Alteholz) - NOTE: Can reproduce in wheezy chroot. --- ntp NOTE: up to now maintainer did the LTS uploads -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43669 - in data: . CVE
Author: alteholz Date: 2016-07-31 09:32:57 + (Sun, 31 Jul 2016) New Revision: 43669 Modified: data/CVE/list data/dla-needed.txt Log: mark libjgroups-java as no-dsa in Wheezy like in Jessie Modified: data/CVE/list === --- data/CVE/list 2016-07-31 09:26:57 UTC (rev 43668) +++ data/CVE/list 2016-07-31 09:32:57 UTC (rev 43669) @@ -13713,6 +13713,7 @@ CVE-2016-2141 (JGroups before 4.0 does not require the proper headers for the ENCRYPT ...) - libjgroups-java (low) [jessie] - libjgroups-java (Minor issue) + [wheezy] - libjgroups-java (Minor issue, only used as build dependency) CVE-2016-2140 (The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) ...) - nova [jessie] - nova (Minor issue) Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-31 09:26:57 UTC (rev 43668) +++ data/dla-needed.txt 2016-07-31 09:32:57 UTC (rev 43669) @@ -29,11 +29,6 @@ -- libidn (Lucas Kanashiro) -- -libjgroups-java - NOTE: Maintainer suggest to ignore this package and avoid wasting of time - "libjgroups-java is a mere build dependency and never actually used at - runtime. Fixing it will make no difference." --- libreoffice (Balint Reczey) NOTE: this package needs 30GB disk space, lots of RAM and CPU power NOTE: can reproduce in Wheezy VM ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43670 - data
Author: alteholz Date: 2016-07-31 09:50:59 + (Sun, 31 Jul 2016) New Revision: 43670 Modified: data/dla-needed.txt Log: add nettle Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-31 09:32:57 UTC (rev 43669) +++ data/dla-needed.txt 2016-07-31 09:50:59 UTC (rev 43670) @@ -46,6 +46,9 @@ is not available yet. It will be available in next upstream release (already in upstream roadmap). -- +nettle + NOTE: Original patch had some unintended side effects: https://lists.lysator.liu.se/pipermail/nettle-bugs/2016/003104.html +-- ntp NOTE: up to now maintainer did the LTS uploads -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43671 - data
Author: alteholz Date: 2016-07-31 09:55:40 + (Sun, 31 Jul 2016) New Revision: 43671 Modified: data/dla-needed.txt Log: add mongodb Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-31 09:50:59 UTC (rev 43670) +++ data/dla-needed.txt 2016-07-31 09:55:40 UTC (rev 43671) @@ -46,6 +46,8 @@ is not available yet. It will be available in next upstream release (already in upstream roadmap). -- +mongodb +-- nettle NOTE: Original patch had some unintended side effects: https://lists.lysator.liu.se/pipermail/nettle-bugs/2016/003104.html -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43528 - data/CVE
Author: alteholz Date: 2016-07-27 12:07:46 + (Wed, 27 Jul 2016) New Revision: 43528 Modified: data/CVE/list Log: mark CVE-2016-1000108 as no-dsa in Wheezy like in Jessie Modified: data/CVE/list === --- data/CVE/list 2016-07-27 11:16:36 UTC (rev 43527) +++ data/CVE/list 2016-07-27 12:07:46 UTC (rev 43528) @@ -2843,6 +2843,7 @@ RESERVED - yaws 2.0.3-2 (bug #832433) [jessie] - yaws (Minor issue, can be fixed via point release) + [wheezy] - yaws (Minor issue; can be fixed along with a future DSA) NOTE: https://github.com/klacke/yaws/commit/9d8fb070e782c95821c90d0ca7372fc6d7316c78#diff-54053c47eb173a90c26ed19bd9d106c1 CVE-2016-1000104 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43529 - data
Author: alteholz Date: 2016-07-27 12:18:25 + (Wed, 27 Jul 2016) New Revision: 43529 Modified: data/dla-needed.txt Log: Dominic wants to do the upload Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-27 12:07:46 UTC (rev 43528) +++ data/dla-needed.txt 2016-07-27 12:18:25 UTC (rev 43529) @@ -76,7 +76,7 @@ NOTE: but as I discussed with the maintainer (https://lists.debian.org/debian-lts/2016/07/msg00117.html) NOTE: we will wait upstream release it as an official solution. -- -perl +perl (Dominic Hargreaves) NOTE: Ben and Thorsten have the patches. -- php5 (Thorsten Alteholz) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43937 - org
Author: alteholz Date: 2016-08-11 17:27:23 + (Thu, 11 Aug 2016) New Revision: 43937 Modified: org/lts-frontdesk.2016.txt Log: took last available frontdesk for this year Modified: org/lts-frontdesk.2016.txt === --- org/lts-frontdesk.2016.txt 2016-08-11 15:39:25 UTC (rev 43936) +++ org/lts-frontdesk.2016.txt 2016-08-11 17:27:23 UTC (rev 43937) @@ -49,7 +49,7 @@ From 05-09 to 11-09:Balint Reczey <bal...@balintreczey.hu> From 12-09 to 18-09:Markus Koschany <a...@debian.org> From 19-09 to 25-09:Chris Lamb <ch...@chris-lamb.co.uk> -From 26-09 to 02-10: +From 26-09 to 02-10:Thorsten Alteholz <alteh...@debian.org> From 03-10 to 09-10:Balint Reczey <bal...@balintreczey.hu> From 10-10 to 16-10:Markus Koschany <a...@debian.org> From 17-10 to 23-10:Chris Lamb <ch...@chris-lamb.co.uk> ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43941 - data/CVE
Author: alteholz Date: 2016-08-11 20:38:49 + (Thu, 11 Aug 2016) New Revision: 43941 Modified: data/CVE/list Log: mark sogo CVEs as as it has been done before Modified: data/CVE/list === --- data/CVE/list 2016-08-11 20:11:31 UTC (rev 43940) +++ data/CVE/list 2016-08-11 20:38:49 UTC (rev 43941) @@ -1777,12 +1777,14 @@ CVE-2016-6191 [Persistent Cross-Site Scripting in calendar] RESERVED - sogo + [wheezy] - sogo (not supported in Wheezy LTS) NOTE: https://sogo.nu/bugs/view.php?id=3718 NOTE: http://github.com/inverse-inc/sogo/commit/64ce3c9c22fd9a28caabf11e76216cd53d0245aa TODO: check versions CVE-2016-6190 [Meta information can be derived from UID/DTSTAMP attributes though "View the Date & Time" restricted access Backend Calendar] RESERVED - sogo + [wheezy] - sogo (not supported in Wheezy LTS) NOTE: Fix SOGo v2: https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225 NOTE: Fix SOGo v3: https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d NOTE: https://sogo.nu/bugs/view.php?id=3696 @@ -1790,6 +1792,7 @@ CVE-2016-6189 [Private information leakage through ics/XML feeds when restricted to "View the Date & Time"] RESERVED - sogo + [wheezy] - sogo (not supported in Wheezy LTS) NOTE: Fix SOGo v2: https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225 NOTE: Fix SOGo v3: https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d NOTE: https://sogo.nu/bugs/view.php?id=3695 @@ -1797,6 +1800,7 @@ CVE-2016-6188 [DOS attack through uploading malicious attachments] RESERVED - sogo + [wheezy] - sogo (not supported in Wheezy LTS) NOTE: http://github.com/inverse-inc/sogo/commit/32bb1456e23a32c7f45079c3985bf732dd0d276d NOTE: https://sogo.nu/bugs/view.php?id=3510 TODO: check versions @@ -2787,6 +2791,7 @@ CVE-2014-9905 [Script injection in calendar title] RESERVED - sogo + [wheezy] - sogo (not supported in Wheezy LTS) NOTE: https://github.com/inverse-inc/sogo/commit/1a7fc2a0e90a19dfb1fce292ae5ff53aa513ade9 NOTE: https://github.com/inverse-inc/sogo/commit/80a09407652ec04e8c9fb6cb48e1029e69a15765 NOTE: https://github.com/inverse-inc/sogo/commit/3a5e44e7eb8b390b67a8f8a83030b49606956501 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43314 - data
Author: alteholz Date: 2016-07-20 18:02:58 + (Wed, 20 Jul 2016) New Revision: 43314 Modified: data/dla-needed.txt Log: I give up with libreoffice ... Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-20 18:01:28 UTC (rev 43313) +++ data/dla-needed.txt 2016-07-20 18:02:58 UTC (rev 43314) @@ -43,7 +43,8 @@ -- libjgroups-java -- -libreoffice (Thorsten Alteholz) +libreoffice + NOTE: this package needs 30GB disk space, lots of RAM and CPU power -- libupnp -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r43241 - in data: . CVE
Author: alteholz Date: 2016-07-16 18:02:44 + (Sat, 16 Jul 2016) New Revision: 43241 Modified: data/CVE/list data/dla-needed.txt Log: zone transfers should be done in trusted environments, so mark this as no-dsa like in Jessie Modified: data/CVE/list === --- data/CVE/list 2016-07-16 17:00:16 UTC (rev 43240) +++ data/CVE/list 2016-07-16 18:02:44 UTC (rev 43241) @@ -275,6 +275,7 @@ CVE-2016-6170 (ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x ...) - bind9 (bug #830810) [jessie] - bind9 (Minor issue) + [wheezy] - bind9 (Minor issue) NOTE: Fixed by https://github.com/sischkg/xfer-limit/blob/master/bind-9.10.3-xfer-limit-0.0.1.patch NOTE: Fixed by https://github.com/sischkg/xfer-limit/blob/master/bind-9.9.9-P1-xfer-limit-0.0.1.patch CVE-2016-6163 [read out-of-bounds in librsvg2 (a dependency of gdk-pixbuf used to render svg images).] Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-16 17:00:16 UTC (rev 43240) +++ data/dla-needed.txt 2016-07-16 18:02:44 UTC (rev 43241) @@ -11,8 +11,6 @@ -- asterisk (Thorsten Alteholz) -- -bind9 --- binutils (Brian May) -- binutils-h8300-hms ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42917 - in data: . DLA
Author: alteholz
Date: 2016-06-30 17:40:05 + (Thu, 30 Jun 2016)
New Revision: 42917
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-536-1 for wget
Modified: data/DLA/list
===
--- data/DLA/list 2016-06-30 16:18:24 UTC (rev 42916)
+++ data/DLA/list 2016-06-30 17:40:05 UTC (rev 42917)
@@ -1,3 +1,6 @@
+[30 Jun 2016] DLA-536-1 wget - security update
+ {CVE-2016-4971}
+ [wheezy] - wget 1.13.4-3+deb7u3
[29 Jun 2016] DLA-535-1 xerces-c - security update
{CVE-2016-4463}
[wheezy] - xerces-c 3.1.1-3+deb7u4
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-06-30 16:18:24 UTC (rev 42916)
+++ data/dla-needed.txt 2016-06-30 17:40:05 UTC (rev 42917)
@@ -112,8 +112,6 @@
--
tiff3
--
-wget (Thorsten Alteholz)
---
wireshark (Balint Reczey)
Preparing Jessie update, then Wheezy LTS, too.
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42918 - data
Author: alteholz Date: 2016-06-30 17:41:42 + (Thu, 30 Jun 2016) New Revision: 42918 Modified: data/dla-needed.txt Log: most CVEs need a patch Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-30 17:40:05 UTC (rev 42917) +++ data/dla-needed.txt 2016-06-30 17:41:42 UTC (rev 42918) @@ -72,7 +72,6 @@ NOTE: priority issues and will fix them after the next release of OpenSSL. -- php5 (Thorsten Alteholz) - NOTE: At least CVE-2016-4538 is vulnerable -- phpmyadmin (Ola Lundqvist) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42926 - data
Author: alteholz Date: 2016-06-30 20:17:53 + (Thu, 30 Jun 2016) New Revision: 42926 Modified: data/dla-needed.txt Log: a new one arrived Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-30 19:55:28 UTC (rev 42925) +++ data/dla-needed.txt 2016-06-30 20:17:53 UTC (rev 42926) @@ -44,6 +44,8 @@ -- libarchive (Markus Koschany) -- +libgd2 (Thorsten Alteholz) +-- libical NOTE: issues are currently not public, but https://marc.info/?l=oss-security=146685931517961=2 claims ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42927 - data
Author: alteholz Date: 2016-06-30 20:24:07 + (Thu, 30 Jun 2016) New Revision: 42927 Modified: data/dla-needed.txt Log: take libreoffice Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-30 20:17:53 UTC (rev 42926) +++ data/dla-needed.txt 2016-06-30 20:24:07 UTC (rev 42927) @@ -53,7 +53,7 @@ -- libjgroups-java -- -libreoffice +libreoffice (Thorsten Alteholz) -- linux -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42886 - in data: . DLA
Author: alteholz
Date: 2016-06-29 18:03:10 + (Wed, 29 Jun 2016)
New Revision: 42886
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-533-1 for php5
Modified: data/DLA/list
===
--- data/DLA/list 2016-06-29 15:30:55 UTC (rev 42885)
+++ data/DLA/list 2016-06-29 18:03:10 UTC (rev 42886)
@@ -1,3 +1,6 @@
+[29 Jun 2016] DLA-533-1 php5 - security update
+ {CVE-2016-5093 CVE-2016-5094 CVE-2016-5095 CVE-2016-5096}
+ [wheezy] - php5 5.4.45-0+deb7u4
[27 Jun 2016] DLA-532-1 movabletype-opensource - security update
{CVE-2016-5742}
[wheezy] - movabletype-opensource 5.1.4+dfsg-4+deb7u4
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-06-29 15:30:55 UTC (rev 42885)
+++ data/dla-needed.txt 2016-06-29 18:03:10 UTC (rev 42886)
@@ -71,8 +71,6 @@
NOTE: Kurt Roeckx considers CVE-2016-2177 and CVE-2016-2178 to be low
NOTE: priority issues and will fix them after the next release of OpenSSL.
--
-php5 (Thorsten Alteholz)
---
phpmyadmin (Ola Lundqvist)
--
pidgin (Brian May)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42887 - data/CVE
Author: alteholz Date: 2016-06-29 18:19:32 + (Wed, 29 Jun 2016) New Revision: 42887 Modified: data/CVE/list Log: mark issues Modified: data/CVE/list === --- data/CVE/list 2016-06-29 18:03:10 UTC (rev 42886) +++ data/CVE/list 2016-06-29 18:19:32 UTC (rev 42887) @@ -7830,6 +7830,7 @@ NOTE: https://bugs.php.net/bug.php?id=70480 NOTE: https://github.com/facebook/hhvm/commit/3fa7e73055855c409d48e8aa1dc416a76d3dd764 NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=629e4da7cc8b174acdeab84969cbfc606a019b31 + NOTE: fixed in DLA 533-1 for Wheezy CVE-2014-9767 (Directory traversal vulnerability in the ZipArchive::extractTo ...) - hhvm 3.12.1+dfsg-1 - php5 5.6.13+dfsg-1 @@ -11564,18 +11565,21 @@ NOTE: http://git.php.net/?p=php-src.git;a=commit;h=f3c1863aa2721343245b63ac7bd68cfdc3dd41f3 NOTE: https://bugs.php.net/bug.php?id=70728 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/03/3 + NOTE: fixed in DLA 533-1 for Wheezy CVE-2015- [Session WDDX Packet Deserialization Type Confusion Vulnerability] - php5 5.6.17+dfsg-1 [jessie] - php5 5.6.17+dfsg-0+deb8u1 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=1785d2b805f64eaaacf98c14c9e13107bf085ab1 NOTE: https://bugs.php.net/bug.php?id=70741 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/03/3 + NOTE: fixed in DLA 533-1 for Wheezy CVE-2015- [Use-after-free in WDDX Packet Deserialization] - php5 5.6.17+dfsg-1 [jessie] - php5 5.6.17+dfsg-0+deb8u1 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=366f9505a4aae98ef2f4ca39a838f628a324b746 NOTE: https://bugs.php.net/bug.php?id=70661 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/03/3 + NOTE: fixed in DLA 533-1 for Wheezy CVE-2016-5114 RESERVED - php5 5.6.17+dfsg-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42888 - in data: . DLA
Author: alteholz
Date: 2016-06-29 18:21:22 + (Wed, 29 Jun 2016)
New Revision: 42888
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-534-1 for libgd2
Modified: data/DLA/list
===
--- data/DLA/list 2016-06-29 18:19:32 UTC (rev 42887)
+++ data/DLA/list 2016-06-29 18:21:22 UTC (rev 42888)
@@ -1,3 +1,6 @@
+[29 Jun 2016] DLA-534-1 libgd2 - security update
+ {CVE-2016-5766}
+ [wheezy] - libgd2 2.0.36~rc1~dfsg-6.1+deb7u4
[29 Jun 2016] DLA-533-1 php5 - security update
{CVE-2016-5093 CVE-2016-5094 CVE-2016-5095 CVE-2016-5096}
[wheezy] - php5 5.4.45-0+deb7u4
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-06-29 18:19:32 UTC (rev 42887)
+++ data/dla-needed.txt 2016-06-29 18:21:22 UTC (rev 42888)
@@ -38,8 +38,6 @@
--
libarchive (Markus Koschany)
--
-libgd2 (Thorsten Alteholz)
---
libical
NOTE: issues are currently not public, but
https://marc.info/?l=oss-security=146685931517961=2 claims
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42889 - data
Author: alteholz Date: 2016-06-29 18:21:55 + (Wed, 29 Jun 2016) New Revision: 42889 Modified: data/dla-needed.txt Log: new bugs on their way Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-29 18:21:22 UTC (rev 42888) +++ data/dla-needed.txt 2016-06-29 18:21:55 UTC (rev 42889) @@ -69,6 +69,8 @@ NOTE: Kurt Roeckx considers CVE-2016-2177 and CVE-2016-2178 to be low NOTE: priority issues and will fix them after the next release of OpenSSL. -- +php5 (Thorsten Alteholz) +-- phpmyadmin (Ola Lundqvist) -- pidgin (Brian May) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42969 - org
Author: alteholz Date: 2016-07-01 19:51:28 + (Fri, 01 Jul 2016) New Revision: 42969 Modified: org/lts-frontdesk.2016.txt Log: add myself to some frontdesk weeks Modified: org/lts-frontdesk.2016.txt === --- org/lts-frontdesk.2016.txt 2016-07-01 19:50:25 UTC (rev 42968) +++ org/lts-frontdesk.2016.txt 2016-07-01 19:51:28 UTC (rev 42969) @@ -40,12 +40,12 @@ From 04-07 to 10-07:Markus Koschany <a...@debian.org> From 11-07 to 17-07:Ben Hutchings <b...@decadent.org.uk> From 18-07 to 24-07:Chris Lamb <ch...@chris-lamb.co.uk> -From 25-07 to 31-07: +From 25-07 to 31-07:Thorsten Alteholz <alteh...@debian.org> From 01-08 to 07-08:Markus Koschany <a...@debian.org> From 08-08 to 14-08:Guido Günther <a...@sigxcpu.org> From 15-08 to 21-08:Chris Lamb <ch...@chris-lamb.co.uk> From 22-08 to 28-08:Ben Hutchings <b...@decadent.org.uk> -From 29-08 to 04-09: +From 29-08 to 04-09:Thorsten Alteholz <alteh...@debian.org> From 05-09 to 11-09: From 12-09 to 18-09:Markus Koschany <a...@debian.org> From 19-09 to 25-09:Chris Lamb <ch...@chris-lamb.co.uk> ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r44012 - data
Author: alteholz Date: 2016-08-17 18:01:38 + (Wed, 17 Aug 2016) New Revision: 44012 Modified: data/dla-needed.txt Log: all done for xen Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-08-17 17:38:58 UTC (rev 44011) +++ data/dla-needed.txt 2016-08-17 18:01:38 UTC (rev 44012) @@ -86,5 +86,3 @@ wordpress NOTE: Proposed patch for CVE-2015-8834 doesn't seem to work for Wheezy. DB upgrade fails. -- -xen (credativ) --- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r48601 - data/CVE
Author: alteholz Date: 2017-01-31 10:48:12 + (Tue, 31 Jan 2017) New Revision: 48601 Modified: data/CVE/list Log: change check to NOFU Modified: data/CVE/list === --- data/CVE/list 2017-01-31 10:11:31 UTC (rev 48600) +++ data/CVE/list 2017-01-31 10:48:12 UTC (rev 48601) @@ -81560,9 +81560,9 @@ CVE-2014-5416 RESERVED CVE-2014-5415 (Beckhoff Embedded PC images before 2014-10-22 and Automation Device ...) - TODO: check + NOT-FOR-US: Beckhoff Embedded PC image CVE-2014-5414 (Beckhoff Embedded PC images before 2014-10-22 and Automation Device ...) - TODO: check + NOT-FOR-US: Beckhoff Embedded PC image CVE-2014-5413 (Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 ...) NOT-FOR-US: Schneider Electric CVE-2014-5412 (Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r48602 - data/CVE
Author: alteholz Date: 2017-01-31 10:49:50 + (Tue, 31 Jan 2017) New Revision: 48602 Modified: data/CVE/list Log: change check to NOFU Modified: data/CVE/list === --- data/CVE/list 2017-01-31 10:48:12 UTC (rev 48601) +++ data/CVE/list 2017-01-31 10:49:50 UTC (rev 48602) @@ -73065,7 +73065,7 @@ CVE-2014-8887 (IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before ...) NOT-FOR-US: IBM Marketing Operations CVE-2014-8886 (AVM FRITZ!OS before 6.30 extracts the contents of firmware updates ...) - TODO: check + NOT-FOR-US: AVM FRITZ!OS CVE-2014-8885 RESERVED CVE-2014-8883 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r48603 - data/CVE
Author: alteholz
Date: 2017-01-31 11:24:18 + (Tue, 31 Jan 2017)
New Revision: 48603
Modified:
data/CVE/list
Log:
TODO for CVE-2011-4076 done
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-31 10:49:50 UTC (rev 48602)
+++ data/CVE/list 2017-01-31 11:24:18 UTC (rev 48603)
@@ -135900,9 +135900,11 @@
- linux-2.6 3.0.0-6
CVE-2011-4076
RESERVED
- - nova
+ - nova
NOTE: https://bugs.launchpad.net/nova/+bug/868360
- TODO: check
+ NOTE: the patch for this bug is available at
https://review.openstack.org/#/c/794/
+ NOTE: and this patch is already applied in the Wheezy version of nova
+ NOTE: (which is the oldest version nowadays)
CVE-2011-4075 (The masort function in lib/functions.php in phpLDAPadmin 1.2.x
before ...)
{DSA-2333-1}
- phpldapadmin 1.2.0.5-2.1 (bug #646754)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r48605 - data/CVE
Author: alteholz Date: 2017-01-31 11:42:16 + (Tue, 31 Jan 2017) New Revision: 48605 Modified: data/CVE/list Log: first version in unstable containing the fix Modified: data/CVE/list === --- data/CVE/list 2017-01-31 11:40:23 UTC (rev 48604) +++ data/CVE/list 2017-01-31 11:42:16 UTC (rev 48605) @@ -135900,7 +135900,7 @@ - linux-2.6 3.0.0-6 CVE-2011-4076 RESERVED - - nova + - nova 2012.1~e1-1 NOTE: https://bugs.launchpad.net/nova/+bug/868360 NOTE: the patch for this bug is available at https://review.openstack.org/#/c/794/ NOTE: and this patch is already applied in the Wheezy version of nova ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r48625 - data/CVE
Author: alteholz Date: 2017-01-31 18:37:33 + (Tue, 31 Jan 2017) New Revision: 48625 Modified: data/CVE/list Log: mark some Microsoft issues as NOT-FOR-US: Modified: data/CVE/list === --- data/CVE/list 2017-01-31 18:14:40 UTC (rev 48624) +++ data/CVE/list 2017-01-31 18:37:33 UTC (rev 48625) @@ -18720,9 +18720,9 @@ CVE-2017-0004 (The Local Security Authority Subsystem Service (LSASS) in Microsoft ...) TODO: check CVE-2017-0003 (Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-0002 (Microsoft Edge allows remote attackers to bypass the Same Origin ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2017-0001 RESERVED CVE-2016-8200 @@ -20998,11 +20998,11 @@ CVE-2016-7299 RESERVED CVE-2016-7298 (Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-7297 (The scripting engines in Microsoft Edge allow remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-7296 (The scripting engines in Microsoft Edge allow remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-7295 (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...) TODO: check CVE-2016-7294 @@ -21012,45 +21012,45 @@ CVE-2016-7292 (The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2 ...) TODO: check CVE-2016-7291 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-7290 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-7289 (Microsoft Publisher 2010 SP2 allows remote attackers to execute ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-7288 (The scripting engines in Microsoft Edge allow remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-7287 (The scripting engines in Microsoft Internet Explorer 11 and Microsoft ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-7286 (The scripting engines in Microsoft Edge allow remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-7285 RESERVED CVE-2016-7284 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-7283 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-7282 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-7281 (The Web Workers implementation in Microsoft Internet Explorer 10 and ...) TODO: check CVE-2016-7280 (Cross-site scripting (XSS) vulnerability in Microsoft Edge allows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-7279 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-7278 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-7277 (Microsoft Office 2016 allows remote attackers to execute arbitrary ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-7276 (Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-7275 (Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-7274 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-7273 (The Graphics component in Microsoft Windows 10 Gold, 1511, and 1607 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-7272 (The Graphics component in Microsoft Windows Vista SP2, Windows Server ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-7271 (The Secure Kernel Mode implementation in Microsoft Windows 10 Gold, ...) TODO: check CVE-2016-7270 (The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 ...) @@ -21058,19 +21058,19 @@ CVE-2016-7269 RESERVED CVE-2016-7268 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-7267 (Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-7266 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-7265 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...) - TODO:
[Secure-testing-commits] r48712 - data/CVE
Author: alteholz Date: 2017-02-04 18:15:07 + (Sat, 04 Feb 2017) New Revision: 48712 Modified: data/CVE/list Log: Microsoft CLFS is NOFU Modified: data/CVE/list === --- data/CVE/list 2017-02-04 17:45:19 UTC (rev 48711) +++ data/CVE/list 2017-02-04 18:15:07 UTC (rev 48712) @@ -21653,7 +21653,7 @@ CVE-2016-7296 (The scripting engines in Microsoft Edge allow remote attackers to ...) NOT-FOR-US: Microsoft CVE-2016-7295 (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-7294 RESERVED CVE-2016-7293 @@ -34971,29 +34971,29 @@ CVE-2016-3344 (The Secure Kernel Mode feature in Microsoft Windows 10 Gold and 1511 ...) TODO: check CVE-2016-3343 (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-3342 (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-3341 (The kernel-mode drivers in Transaction Manager in Microsoft Windows ...) TODO: check CVE-2016-3340 (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-3339 RESERVED CVE-2016-3338 (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-3337 RESERVED CVE-2016-3336 RESERVED CVE-2016-3335 (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-3334 (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016- (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-3332 (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-3331 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote ...) NOT-FOR-US: Microsoft CVE-2016-3330 (Microsoft Edge allows remote attackers to execute arbitrary code or ...) @@ -46164,7 +46164,7 @@ CVE-2016-0027 RESERVED CVE-2016-0026 (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0025 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...) NOT-FOR-US: Microsoft CVE-2016-0024 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r48714 - data/CVE
Author: alteholz Date: 2017-02-04 18:45:49 + (Sat, 04 Feb 2017) New Revision: 48714 Modified: data/CVE/list Log: Microsoft Excel is NOFU Modified: data/CVE/list === --- data/CVE/list 2017-02-04 18:43:06 UTC (rev 48713) +++ data/CVE/list 2017-02-04 18:45:49 UTC (rev 48714) @@ -45972,7 +45972,7 @@ CVE-2016-0123 (Microsoft Edge allows remote attackers to execute arbitrary code or ...) NOT-FOR-US: Microsoft CVE-2016-0122 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0121 (The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows ...) NOT-FOR-US: Microsoft CVE-2016-0120 (The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r48715 - data/CVE
Author: alteholz
Date: 2017-02-04 18:51:33 + (Sat, 04 Feb 2017)
New Revision: 48715
Modified:
data/CVE/list
Log:
Microsoft NFUs
Modified: data/CVE/list
===
--- data/CVE/list 2017-02-04 18:45:49 UTC (rev 48714)
+++ data/CVE/list 2017-02-04 18:51:33 UTC (rev 48715)
@@ -21831,7 +21831,7 @@
CVE-2016-7207
RESERVED
CVE-2016-7206 (Cross-site scripting (XSS) vulnerability in Microsoft Edge
allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-7205 (Animation Manager in Microsoft Windows Server 2008 R2 SP1,
Windows 7 ...)
NOT-FOR-US: Microsoft
CVE-2016-7204 (Microsoft Edge allows remote attackers to access arbitrary
My ...)
@@ -21881,7 +21881,7 @@
CVE-2016-7182 (The Graphics component in Microsoft Windows Vista SP2; Windows
Server ...)
NOT-FOR-US: Microsoft
CVE-2016-7181 (Microsoft Edge allows remote attackers to execute arbitrary
code or ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-7393 [stack-based buffer overflow in aac_sync (aac_parser.c)]
RESERVED
{DLA-644-1}
@@ -34899,13 +34899,13 @@
CVE-2016-3380
RESERVED
CVE-2016-3379 (Cross-site scripting (XSS) vulnerability in Microsoft Exchange
Server ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-3378 (Open redirect vulnerability in Microsoft Exchange Server 2013
SP1, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-3377 (The Chakra JavaScript engine in Microsoft Edge allows remote
attackers ...)
NOT-FOR-US: Microsoft
CVE-2016-3376 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows
Server ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-3375 (The OLE Automation mechanism and VBScript scripting engine in
...)
TODO: check
CVE-2016-3374 (The PDF library in Microsoft Edge, Windows 8.1, Windows Server
2012 ...)
@@ -34923,7 +34923,7 @@
CVE-2016-3368 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2
SP1, ...)
NOT-FOR-US: Microsoft
CVE-2016-3367 (StringBuilder in Microsoft Silverlight 5 before 5.1.50709.0
does not ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-3366 (Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1,
...)
NOT-FOR-US: Microsoft
CVE-2016-3365 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel
2013 ...)
@@ -34959,9 +34959,9 @@
CVE-2016-3350 (The Chakra JavaScript engine in Microsoft Edge allows remote
attackers ...)
NOT-FOR-US: Microsoft
CVE-2016-3349 (The kernel-mode drivers in Microsoft Windows 8.1, Windows
Server 2012 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-3348 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows
Server ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-3347
RESERVED
CVE-2016-3346 (Microsoft Windows 10 Gold, 1511, and 1607 does not properly
enforce ...)
@@ -34969,13 +34969,13 @@
CVE-2016-3345 (The SMBv1 server in Microsoft Windows Vista SP2, Windows Server
2008 ...)
NOT-FOR-US: Microsoft
CVE-2016-3344 (The Secure Kernel Mode feature in Microsoft Windows 10 Gold and
1511 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-3343 (The Common Log File System (CLFS) driver in Microsoft Windows
Vista ...)
NOT-FOR-US: Microsoft
CVE-2016-3342 (The Common Log File System (CLFS) driver in Microsoft Windows
Vista ...)
NOT-FOR-US: Microsoft
CVE-2016-3341 (The kernel-mode drivers in Transaction Manager in Microsoft
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-3340 (The Common Log File System (CLFS) driver in Microsoft Windows
Vista ...)
NOT-FOR-US: Microsoft
CVE-2016-3339
@@ -35035,13 +35035,13 @@
CVE-2016-3312 (ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows
...)
TODO: check
CVE-2016-3311 (The kernel-mode drivers in Microsoft Windows Vista SP2; Windows
Server ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-3310 (The kernel-mode drivers in Microsoft Windows Vista SP2; Windows
Server ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-3309 (The kernel-mode drivers in Microsoft Windows Vista SP2; Windows
Server ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-3308 (The kernel-mode drivers in Microsoft Windows Vista SP2; Windows
Server ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-3307
RESERVED
CVE-2016-3306 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
@@ -35206,7 +35206,7 @@
CVE-2016-3227 (Use-after-free vulnerability in the DNS Server component in
Microsoft ...)
TODO: check
CVE-2016-3226 (Active Directory in Microsoft Windows Server 2008 R2 SP1 and
Server ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-3225 (The SMB server component in Microsoft Windows Vista SP2,
Windows ...)
[Secure-testing-commits] r48713 - data/CVE
Author: alteholz Date: 2017-02-04 18:43:06 + (Sat, 04 Feb 2017) New Revision: 48713 Modified: data/CVE/list Log: Microsoft OWA is NOFU Modified: data/CVE/list === --- data/CVE/list 2017-02-04 18:15:07 UTC (rev 48712) +++ data/CVE/list 2017-02-04 18:43:06 UTC (rev 48713) @@ -46160,7 +46160,7 @@ CVE-2016-0029 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...) NOT-FOR-US: Microsoft CVE-2016-0028 (Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2016-0027 RESERVED CVE-2016-0026 (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r48634 - data
Author: alteholz Date: 2017-01-31 21:13:45 + (Tue, 31 Jan 2017) New Revision: 48634 Modified: data/dla-needed.txt Log: take bitlbee Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-01-31 21:10:48 UTC (rev 48633) +++ data/dla-needed.txt 2017-01-31 21:13:45 UTC (rev 48634) @@ -14,7 +14,7 @@ NOTE: update needs testing in https://lists.debian.org/87fukh7hcq@curie.anarc.at NOTE: ready to upload after smoke tests, read the above thread. -- -bitlbee +bitlbee (Thorsten Alteholz) -- calibre NOTE: We will need to investigate the issue much further. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r48552 - data
Author: alteholz Date: 2017-01-30 10:43:45 + (Mon, 30 Jan 2017) New Revision: 48552 Modified: data/dla-needed.txt Log: jasper notes Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-01-30 10:29:52 UTC (rev 48551) +++ data/dla-needed.txt 2017-01-30 10:43:45 UTC (rev 48552) @@ -39,7 +39,7 @@ NOTE: https://lists.debian.org/debian-lts/2017/01/msg00059.html -- jasper (Thorsten Alteholz) - NOTE: not really clear what CVEs need to be fixed + NOTE: no upstream fixes yet -- jbig2dec (Raphaël Hertzog) NOTE: No known solution as of 2017-01-20. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r48578 - data/CVE
Author: alteholz Date: 2017-01-30 21:22:09 + (Mon, 30 Jan 2017) New Revision: 48578 Modified: data/CVE/list Log: according to https://lists.apple.com/archives/security-announce/2016/Mar/msg5.html this belongs to Safari Modified: data/CVE/list === --- data/CVE/list 2017-01-30 21:10:11 UTC (rev 48577) +++ data/CVE/list 2017-01-30 21:22:09 UTC (rev 48578) @@ -169152,7 +169152,7 @@ CVE-2009-2198 (Apple GarageBand before 5.1 reconfigures Safari to accept all cookies ...) NOT-FOR-US: Apple GarageBand CVE-2009-2197 (Apple Safari before 9.1 allows remote attackers to spoof the user ...) - TODO: check + NOT-FOR-US: Apple Safari CVE-2009-2196 (Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote ...) NOT-FOR-US: Apple Safari CVE-2009-2195 (Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r48566 - data/CVE
Author: alteholz Date: 2017-01-30 19:05:33 + (Mon, 30 Jan 2017) New Revision: 48566 Modified: data/CVE/list Log: add bug number Modified: data/CVE/list === --- data/CVE/list 2017-01-30 18:57:10 UTC (rev 48565) +++ data/CVE/list 2017-01-30 19:05:33 UTC (rev 48566) @@ -15752,7 +15752,7 @@ RESERVED CVE-2016-8867 (Docker Engine 1.12.2 enabled ambient capabilities with misconfigured ...) - docker.io - - runc + - runc (bug #853240) NOTE: https://github.com/docker/docker/issues/27590 NOTE: docker: https://github.com/docker/docker/pull/27610/commits/d60a3418d0268745dff38947bc8c929fbd24f837 (1.12.3) NOTE: runc: https://github.com/opencontainers/runc/commit/a83f5bac28554fa0fd49bc1559a3c79f5907348f ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r48376 - data
Author: alteholz Date: 2017-01-25 14:52:01 + (Wed, 25 Jan 2017) New Revision: 48376 Modified: data/dla-needed.txt Log: update for jasper Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-01-25 14:51:02 UTC (rev 48375) +++ data/dla-needed.txt 2017-01-25 14:52:01 UTC (rev 48376) @@ -40,6 +40,7 @@ imagemagick (Guido Günther) -- jasper (Thorsten Alteholz) + NOTE: not really clear what CVEs need to be fixed -- jbig2dec (Raphaël Hertzog) NOTE: No known solution as of 2017-01-20. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r48375 - data
Author: alteholz Date: 2017-01-25 14:51:02 + (Wed, 25 Jan 2017) New Revision: 48375 Modified: data/dla-needed.txt Log: claim zoneminder Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-01-25 12:29:09 UTC (rev 48374) +++ data/dla-needed.txt 2017-01-25 14:51:02 UTC (rev 48375) @@ -120,5 +120,5 @@ NOTE: Dominik George (maintainer) will take care of the issue: NOTE: https://lists.debian.org/debian-lts/2016/12/msg00135.html -- -zoneminder +zoneminder (Thorsten Alteholz) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r48519 - in data: . DLA
Author: alteholz
Date: 2017-01-29 11:39:43 + (Sun, 29 Jan 2017)
New Revision: 48519
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-806-1 for zoneminder
Modified: data/DLA/list
===
--- data/DLA/list 2017-01-29 11:13:51 UTC (rev 48518)
+++ data/DLA/list 2017-01-29 11:39:43 UTC (rev 48519)
@@ -1,3 +1,6 @@
+[29 Jan 2017] DLA-806-1 zoneminder - security update
+ {CVE-2016-10140}
+ [wheezy] - zoneminder 1.25.0-4+deb7u1
[29 Jan 2017] DLA-805-1 bind9 - security update
{CVE-2016-9131 CVE-2016-9147 CVE-2016-9444}
[wheezy] - bind9 1:9.8.4.dfsg.P1-6+nmu2+deb7u14
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-01-29 11:13:51 UTC (rev 48518)
+++ data/dla-needed.txt 2017-01-29 11:39:43 UTC (rev 48519)
@@ -113,5 +113,3 @@
NOTE: Dominik George (maintainer) will take care of the issue:
NOTE: https://lists.debian.org/debian-lts/2016/12/msg00135.html
--
-zoneminder (Thorsten Alteholz)
---
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r48525 - data
Author: alteholz Date: 2017-01-29 15:18:37 + (Sun, 29 Jan 2017) New Revision: 48525 Modified: data/dla-needed.txt Log: add note to slurm-llnl Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-01-29 13:22:47 UTC (rev 48524) +++ data/dla-needed.txt 2017-01-29 15:18:37 UTC (rev 48525) @@ -90,6 +90,9 @@ NOTE: a bug (see #843861). -- slurm-llnl + NOTE: the patch from upstream uses new members of the struct batch_job_launch_msg_t + NOTE: from my point of view backporting the introduction of these new members to this old + NORE: version is way to invasive and such this should be marked as -- svgsalamander -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r48518 - in data: . DLA
Author: alteholz
Date: 2017-01-29 11:13:51 + (Sun, 29 Jan 2017)
New Revision: 48518
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-805-1 for bind9
Modified: data/DLA/list
===
--- data/DLA/list 2017-01-29 11:02:04 UTC (rev 48517)
+++ data/DLA/list 2017-01-29 11:13:51 UTC (rev 48518)
@@ -1,3 +1,6 @@
+[29 Jan 2017] DLA-805-1 bind9 - security update
+ {CVE-2016-9131 CVE-2016-9147 CVE-2016-9444}
+ [wheezy] - bind9 1:9.8.4.dfsg.P1-6+nmu2+deb7u14
[29 Jan 2017] DLA-804-1 libgd2 - security update
{CVE-2016-9317 CVE-2016-10167 CVE-2016-10168}
[wheezy] - libgd2 2.0.36~rc1~dfsg-6.1+deb7u8
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-01-29 11:02:04 UTC (rev 48517)
+++ data/dla-needed.txt 2017-01-29 11:13:51 UTC (rev 48518)
@@ -14,8 +14,6 @@
NOTE: update needs testing in
https://lists.debian.org/87fukh7hcq@curie.anarc.at
NOTE: ready to upload after smoke tests, read the above thread.
--
-bind9 (Thorsten Alteholz)
---
cgiemail
--
calibre
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r49075 - data/CVE
Author: alteholz Date: 2017-02-20 19:04:47 + (Mon, 20 Feb 2017) New Revision: 49075 Modified: data/CVE/list Log: mark CVE-2017-5969 as no-dsa like in Jessie and fix typo Modified: data/CVE/list === --- data/CVE/list 2017-02-20 18:58:47 UTC (rev 49074) +++ data/CVE/list 2017-02-20 19:04:47 UTC (rev 49075) @@ -357,7 +357,8 @@ CVE-2017-5969 [null pointer dereference when parsing a xml file using recover mode] RESERVED - libxml2 (bug #855001) - [jessie] - libxml2 (Minor issue, nonly a denial-of-service when using recover mode) + [jessie] - libxml2 (Minor issue, only a denial-of-service when using recover mode) + [wheezy] - libxml2 (Minor issue, only a denial-of-service when using recover mode) NOTE: http://www.openwall.com/lists/oss-security/2016/11/05/3 NOTE: Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=778519 CVE-2017-5968 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r49082 - data
Author: alteholz Date: 2017-02-20 21:05:54 + (Mon, 20 Feb 2017) New Revision: 49082 Modified: data/dla-needed.txt Log: libxml2 is no longer needed Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-02-20 20:33:22 UTC (rev 49081) +++ data/dla-needed.txt 2017-02-20 21:05:54 UTC (rev 49082) @@ -74,8 +74,6 @@ NOTE: 2016-12-13: Upstream ping here: https://rt.cpan.org/Public/Bug/Display.html?id=118097#txn-1690223 NOTE: 2017-01-20: Ping upstream by private email -- Raphael Hertzog -- -libxml2 --- libytnef -- linux ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r49171 - data
Author: alteholz Date: 2017-02-24 10:06:21 + (Fri, 24 Feb 2017) New Revision: 49171 Modified: data/dla-needed.txt Log: claim libytnef Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-02-24 09:10:11 UTC (rev 49170) +++ data/dla-needed.txt 2017-02-24 10:06:21 UTC (rev 49171) @@ -78,7 +78,7 @@ NOTE: 2016-12-13: Upstream ping here: https://rt.cpan.org/Public/Bug/Display.html?id=118097#txn-1690223 NOTE: 2017-01-20: Ping upstream by private email -- Raphael Hertzog -- -libytnef +libytnef (Thorsten Alteholz) -- linux -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r49176 - data
Author: alteholz Date: 2017-02-24 11:19:24 + (Fri, 24 Feb 2017) New Revision: 49176 Modified: data/dla-needed.txt Log: add xbmc under reserve Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-02-24 11:18:19 UTC (rev 49175) +++ data/dla-needed.txt 2017-02-24 11:19:24 UTC (rev 49176) @@ -116,6 +116,10 @@ NOTE: from my point of view backporting the introduction of these new members to this old NOTE: version is way to invasive and such this should be marked as -- +xbmc + NOTE: under reserve, could not reproduce with 2:12.3+dfsg1-3ubuntu1, which is newer than the Wheezy version + NOTE: no mail to maintainer yet +-- xen -- xrdp ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r49180 - data/CVE
Author: alteholz Date: 2017-02-24 11:28:57 + (Fri, 24 Feb 2017) New Revision: 49180 Modified: data/CVE/list Log: add note for libytnef fix Modified: data/CVE/list === --- data/CVE/list 2017-02-24 11:26:48 UTC (rev 49179) +++ data/CVE/list 2017-02-24 11:28:57 UTC (rev 49180) @@ -22,38 +22,47 @@ - libytnef 1.9.1-1 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4 + NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 CVE-2017-6305 (An issue was discovered in ytnef before 1.9.1. This is related to a ...) - libytnef 1.9.1-1 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4 + NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 CVE-2017-6304 (An issue was discovered in ytnef before 1.9.1. This is related to a ...) - libytnef 1.9.1-1 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4 + NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 CVE-2017-6303 (An issue was discovered in ytnef before 1.9.1. This is related to a ...) - libytnef 1.9.1-1 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4 + NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 CVE-2017-6302 (An issue was discovered in ytnef before 1.9.1. This is related to a ...) - libytnef 1.9.1-1 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4 + NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 CVE-2017-6301 (An issue was discovered in ytnef before 1.9.1. This is related to a ...) - libytnef 1.9.1-1 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4 + NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 CVE-2017-6300 (An issue was discovered in ytnef before 1.9.1. This is related to a ...) - libytnef 1.9.1-1 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4 + NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 CVE-2017-6299 (An issue was discovered in ytnef before 1.9.1. This is related to a ...) - libytnef 1.9.1-1 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4 + NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 CVE-2017-6298 (An issue was discovered in ytnef before 1.9.1. This is related to a ...) - libytnef 1.9.1-1 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4 + NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 CVE-2017-6297 RESERVED CVE-2017-6296 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r49206 - data/packages
Author: alteholz Date: 2017-02-25 12:08:46 + (Sat, 25 Feb 2017) New Revision: 49206 Modified: data/packages/lts-do-not-call Log: maintainer of radare2 opted out Modified: data/packages/lts-do-not-call === --- data/packages/lts-do-not-call 2017-02-25 10:47:10 UTC (rev 49205) +++ data/packages/lts-do-not-call 2017-02-25 12:08:46 UTC (rev 49206) @@ -12,3 +12,4 @@ nspr https://lists.debian.org/debian-lts/2016/09/msg00192.html nss https://lists.debian.org/debian-lts/2016/09/msg00192.html php5 (once upon a time during Squeeze LTS) +radare2 https://lists.debian.org/debian-lts/2017/02/msg00076.html ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r49207 - data
Author: alteholz Date: 2017-02-25 12:11:54 + (Sat, 25 Feb 2017) New Revision: 49207 Modified: data/dla-needed.txt Log: update entry of radare2 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-02-25 12:08:46 UTC (rev 49206) +++ data/dla-needed.txt 2017-02-25 12:11:54 UTC (rev 49207) @@ -108,7 +108,7 @@ qemu-kvm (Guido Günther) -- radare2 (Thorsten Alteholz) - NOTE: according to maintainer, nothing needs to be done, recheck + NOTE: the vulnerability still exists, but is just in a different function -- shadow (Balint Reczey) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r49208 - data
Author: alteholz Date: 2017-02-25 12:48:20 + (Sat, 25 Feb 2017) New Revision: 49208 Modified: data/dla-needed.txt Log: add and claim tnef Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-02-25 12:11:54 UTC (rev 49207) +++ data/dla-needed.txt 2017-02-25 12:48:20 UTC (rev 49208) @@ -117,6 +117,8 @@ NOTE: from my point of view backporting the introduction of these new members to this old NOTE: version is way to invasive and such this should be marked as -- +tnef (Thorsten Alteholz) +-- xbmc NOTE: under reserve, could not reproduce with 2:12.3+dfsg1-3ubuntu1, which is newer than the Wheezy version NOTE: no mail to maintainer yet ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r49213 - data
Author: alteholz Date: 2017-02-25 15:07:29 + (Sat, 25 Feb 2017) New Revision: 49213 Modified: data/dla-needed.txt Log: add mupdf Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-02-25 15:00:22 UTC (rev 49212) +++ data/dla-needed.txt 2017-02-25 15:07:29 UTC (rev 49213) @@ -91,6 +91,9 @@ munin (Jonas Meurer) NOTE: upstream did not comment on patch yet -- +mupdf + NOTE: added 2017-02-25, please give maintainer some time to respond +-- php5 NOTE: only one issue at the time of writing (CVE-2016-7478) NOTE: backported patch available, but maybe wait for more issues? ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r49214 - data
Author: alteholz Date: 2017-02-25 15:08:09 + (Sat, 25 Feb 2017) New Revision: 49214 Modified: data/dla-needed.txt Log: add link to test package Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-02-25 15:07:29 UTC (rev 49213) +++ data/dla-needed.txt 2017-02-25 15:08:09 UTC (rev 49214) @@ -15,6 +15,7 @@ NOTE: ready to upload after smoke tests, read the above thread. -- bind9 (Thorsten Alteholz) + NOTE: test package at https://people.debian.org/~alteholz/packages/wheezy-lts/bind9/amd64/ -- calibre NOTE: We will need to investigate the issue much further. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r49215 - data/CVE
Author: alteholz Date: 2017-02-25 15:21:30 + (Sat, 25 Feb 2017) New Revision: 49215 Modified: data/CVE/list Log: add bug number Modified: data/CVE/list === --- data/CVE/list 2017-02-25 15:08:09 UTC (rev 49214) +++ data/CVE/list 2017-02-25 15:21:30 UTC (rev 49215) @@ -298,7 +298,7 @@ NOTE: vector and seen under valgrind. It might be disputable if that is the NOTE: same vulnerability though. CVE-2017-6196 (Multiple use-after-free vulnerabilities in the gx_image_enum_begin ...) - - ghostscript + - ghostscript (bug #856142) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697596 NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;h=ecceafe3abba2714ef9b432035fe0739d9b1a283 CVE-2017-6195 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r49217 - data
Author: alteholz Date: 2017-02-25 15:38:11 + (Sat, 25 Feb 2017) New Revision: 49217 Modified: data/dla-needed.txt Log: add icoutils Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-02-25 15:29:49 UTC (rev 49216) +++ data/dla-needed.txt 2017-02-25 15:38:11 UTC (rev 49217) @@ -40,6 +40,9 @@ NOTE: maintainer currenlty planx to rename to thunderbird with the next NOTE: upstream version (#851989). Jessie / Wheezy should do the same. -- +icoutils + NOTE: added 2017-02-25, please give maintainer some time to respond +-- jasper (Thorsten Alteholz) NOTE: no upstream fixes yet -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r49218 - data
Author: alteholz Date: 2017-02-25 15:43:59 + (Sat, 25 Feb 2017) New Revision: 49218 Modified: data/dla-needed.txt Log: add zziplib Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-02-25 15:38:11 UTC (rev 49217) +++ data/dla-needed.txt 2017-02-25 15:43:59 UTC (rev 49218) @@ -147,3 +147,6 @@ -- zoneminder -- +zziplib + NOTE: added 2017-02-25, please give maintainer some time to respond +-- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r49194 - data
Author: alteholz Date: 2017-02-24 22:21:06 + (Fri, 24 Feb 2017) New Revision: 49194 Modified: data/dla-needed.txt Log: add radare2 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-02-24 21:10:12 UTC (rev 49193) +++ data/dla-needed.txt 2017-02-24 22:21:06 UTC (rev 49194) @@ -107,6 +107,8 @@ -- qemu-kvm (Guido Günther) -- +radare2 +-- shadow (Balint Reczey) -- slurm-llnl ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
