Ben Hutchings pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c9e18c10 by Ben Hutchings at 2018-02-15T14:19:55+00:00
CVE-2017-13166 does affect mainline Linux
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE
Ben Hutchings pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
88d23e92 by Ben Hutchings at 2018-01-07T22:33:12+00:00
Reserve DLA-1232-1 for linux
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes
Author: benh
Date: 2017-12-09 19:50:11 + (Sat, 09 Dec 2017)
New Revision: 58404
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-1200-1 for linux
Modified: data/DLA/list
===
--- data/DLA/list 2017-12-09 19
+32,6 @@
db4.8 (Emilio Pozuelo)
NOTE: see comments on db.
--
-dnsmasq (Ben Hutchings)
---
exiv2 (Raphaël Hertzog)
NOTE: 20170702, no upstream fix yet, so no need to bother maintainer yet,
sent email later
--
___
Secure-testing-commits mailing
Author: benh
Date: 2017-10-06 01:09:20 + (Fri, 06 Oct 2017)
New Revision: 56437
Modified:
data/CVE/list
Log:
Mark CVE-2017-14496 as not affecting wheezy and jessie
Some of the added checks in the upstream fix for CVE-2017-14496 do
seem to apply to these versions of dnsmasq (in different fi
Author: benh
Date: 2017-10-05 16:28:22 + (Thu, 05 Oct 2017)
New Revision: 56434
Modified:
data/CVE/list
Log:
Update status of recent dnsmasq CVEs in wheezy and jessie
Two don't apply to wheezy. One was wrongly marked as not affecting jessie.
Modified: data/CVE/list
=
56431)
+++ data/dla-needed.txt 2017-10-05 14:06:30 UTC (rev 56432)
@@ -32,7 +32,7 @@
db4.8 (Emilio Pozuelo)
NOTE: see comments on db.
--
-dnsmasq
+dnsmasq (Ben Hutchings)
--
exiv2 (Raphaël Hertzog)
NOTE: 20170702, no upstream fix yet, so no need to bother maintainer yet,
sent email later
Author: benh
Date: 2017-09-25 01:39:05 + (Mon, 25 Sep 2017)
New Revision: 56108
Modified:
data/CVE/list
Log:
CVE-2017-9417 affects and is unfixed in firmware-nonfree
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-
Author: benh
Date: 2017-09-19 03:07:08 + (Tue, 19 Sep 2017)
New Revision: 55887
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-1099-1 for linux
Modified: data/DLA/list
===
--- data/DLA/list 2017-09-19 02
Author: benh
Date: 2017-06-20 00:41:01 + (Tue, 20 Jun 2017)
New Revision: 52721
Modified:
bin/gen-DSA
Log:
gen-DSA: Accept more punctuation characters around CVE IDs in changes file
Modified: bin/gen-DSA
===
--- bin/gen-DSA 2
Author: benh
Date: 2017-06-20 00:41:14 + (Tue, 20 Jun 2017)
New Revision: 52722
Modified:
data/DLA/list
Log:
Fix CVE list for DLA-993-1
Modified: data/DLA/list
===
--- data/DLA/list 2017-06-20 00:41:01 UTC (rev 52721)
++
Author: benh
Date: 2017-06-20 00:32:54 + (Tue, 20 Jun 2017)
New Revision: 52720
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-993-1 for linux
Modified: data/DLA/list
===
--- data/DLA/list 2017-06-19 21:
(Markus Koschany)
--
-sudo (Ben Hutchings)
---
swftools (Thorsten Alteholz)
NOTE: 20170528, one upstream fix is not yet complete
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi
Author: benh
Date: 2017-04-28 00:11:16 + (Fri, 28 Apr 2017)
New Revision: 51128
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-922-1 for linux
Modified: data/DLA/list
===
--- data/DLA/list 2017-04-27 21:
Author: benh
Date: 2017-03-18 20:28:38 + (Sat, 18 Mar 2017)
New Revision: 49777
Modified:
data/CVE/list
Log:
Triage some Android issues; mark most as NOT-FOR-US
Modified: data/CVE/list
===
--- data/CVE/list 2017-03-18 18
Author: benh
Date: 2017-03-14 20:11:52 + (Tue, 14 Mar 2017)
New Revision: 49687
Modified:
data/CVE/list
Log:
Mark CVE-2017-0537 as NOT-FOR-US, and add notes for other Android-related CVEs
Modified: data/CVE/list
===
--- data/C
Author: benh
Date: 2017-03-14 17:52:26 + (Tue, 14 Mar 2017)
New Revision: 49681
Modified:
data/CVE/list
Log:
Triage some linux issues for wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2017-03-14 16:33:33 UTC (rev
Author: benh
Date: 2017-03-08 16:23:09 + (Wed, 08 Mar 2017)
New Revision: 49515
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-849-1 for linux
Modified: data/DLA/list
===
--- data/DLA/list 2017-03-08 13:
Author: benh
Date: 2017-02-22 13:05:28 + (Wed, 22 Feb 2017)
New Revision: 49124
Modified:
data/DLA/list
Log:
Reserve DLA-833-1 for linux
Modified: data/DLA/list
===
--- data/DLA/list 2017-02-22 11:07:34 UTC (rev 49123)
+
Author: benh
Date: 2017-01-15 20:28:52 + (Sun, 15 Jan 2017)
New Revision: 48095
Modified:
data/DLA/list
Log:
Reserve DLA-785-1 for wireless-regdb
Modified: data/DLA/list
===
--- data/DLA/list 2017-01-15 19:07:48 UTC (rev
Author: benh
Date: 2017-01-03 20:13:10 + (Tue, 03 Jan 2017)
New Revision: 47703
Modified:
bin/gen-DSA
Log:
bin/gen-DSA: Fix wrapping of CVE ID list longer than 8 IDs
Global replacement doesn't work very well when matching .+ each time.
Modified: bin/gen-DSA
==
Author: benh
Date: 2017-01-03 20:05:53 + (Tue, 03 Jan 2017)
New Revision: 47702
Modified:
bin/gen-DSA
Log:
bin/gen-DSA: Fix sorting of CVE IDs with last part >= 1
Use sort -V, which seems to do the right thing.
Modified: bin/gen-DSA
===
Author: benh
Date: 2016-12-31 19:57:05 + (Sat, 31 Dec 2016)
New Revision: 47627
Modified:
data/DLA/list
Log:
Reserve DLA-772-1 for linux
Modified: data/DLA/list
===
--- data/DLA/list 2016-12-31 19:14:13 UTC (rev 47626)
+
Author: benh
Date: 2016-12-16 16:35:55 + (Fri, 16 Dec 2016)
New Revision: 47137
Modified:
data/CVE/list
Log:
Triage CVE-2016-8655
It's much less serious without unprivileged user namespaces enabled,
and that isn't even an option in wheezy.
Modified: data/CVE/list
(#838694)
--
-imagemagick (Ben Hutchings)
+imagemagick
+ NOTE: Some work already done on this; see
+
https://people.debian.org/~benh/packages/imagemagick_6.7.7.10-5+deb7u8_source.changes
--
irssi
NOTE: rhonda@d.o is preparing an upload
-needed.txt 2016-10-19 13:31:23 UTC (rev 45458)
+++ data/dla-needed.txt 2016-10-19 16:22:32 UTC (rev 45459)
@@ -56,8 +56,6 @@
--
libxvmc (Thorsten Alteholz)
--
-linux (Ben Hutchings)
---
mingw32 (Stephen Kitt)
--
nspr (Ola Lundqvist)
___
Secure
Author: benh
Date: 2016-10-06 17:43:01 + (Thu, 06 Oct 2016)
New Revision: 45105
Modified:
data/CVE/list
Log:
Triage some imagemagick issues for wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2016-10-06 11:05:26 UTC
-needed.txt 2016-09-02 20:53:05 UTC (rev 44281)
@@ -25,8 +25,6 @@
https://marc.info/?l=oss-security&m=146685931517961&w=2 claims
that 0.47 & 1.0 are affected and wheezy has 0.48.
--
-linux (Ben Hutchings)
---
mactelnet (Thorsten Alteho
Author: benh
Date: 2016-08-26 23:45:39 + (Fri, 26 Aug 2016)
New Revision: 44166
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Triage new issues for wheezy; add notes
Modified: data/CVE/list
===
--- data/CVE/list 2
Author: benh
Date: 2016-07-14 22:27:07 + (Thu, 14 Jul 2016)
New Revision: 43204
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Triage new issues for wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2016-07-14 21
Author: benh
Date: 2016-07-14 20:25:38 + (Thu, 14 Jul 2016)
New Revision: 43202
Modified:
data/DLA/list
Log:
Note clamav issues fixed upstream and included in the recent update in
wheezy-lts
Modified: data/DLA/list
===
--- d
Author: benh
Date: 2016-07-08 10:04:09 + (Fri, 08 Jul 2016)
New Revision: 43072
Modified:
data/CVE/list
Log:
Add fixed version for CVE-2016-2053 in jessie
Modified: data/CVE/list
===
--- data/CVE/list 2016-07-08 09:32:57
Author: benh
Date: 2016-07-08 09:32:57 + (Fri, 08 Jul 2016)
New Revision: 43071
Modified:
data/CVE/list
Log:
Triage linux issues for wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2016-07-08 09:10:12 UTC (rev 43070
:19:06 UTC (rev 42930)
+++ data/dla-needed.txt 2016-06-30 21:45:26 UTC (rev 42931)
@@ -40,7 +40,7 @@
icu (Roberto C. Sánchez)
NOTE: check comments on CVE-2016-0494 as well
--
-imagemagick
+imagemagick (Ben Hutchings)
--
libarchive (Markus Koschany)
--
@@ -55,7 +55,7 @@
--
libreoffice
Author: benh
Date: 2016-06-17 21:33:59 + (Fri, 17 Jun 2016)
New Revision: 42615
Modified:
data/CVE/list
Log:
Triage CVE-2016-3689
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-17 21:11:25 UTC (rev 42614)
+++ data
Author: benh
Date: 2016-06-17 18:30:27 + (Fri, 17 Jun 2016)
New Revision: 42605
Modified:
data/CVE/list
Log:
Mark various kernel issues fixed or not-affected
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-17 17:45
Author: benh
Date: 2016-06-17 03:06:30 + (Fri, 17 Jun 2016)
New Revision: 42588
Modified:
data/CVE/list
Log:
Triage some linux kernel issues
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-17 00:38:26 UTC (rev 4258
Author: benh
Date: 2016-06-17 00:38:26 + (Fri, 17 Jun 2016)
New Revision: 42587
Modified:
data/CVE/list
data/DLA/list
Log:
CVE-2016-3156 is not a security issue for linux/wheezy
Modified: data/CVE/list
===
--- data/CVE/list
Author: benh
Date: 2016-06-16 22:10:34 + (Thu, 16 Jun 2016)
New Revision: 42586
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-516-1 for linux
Modified: data/DLA/list
===
--- data/DLA/list 2016-06-16 21:
Author: benh
Date: 2016-06-13 17:41:18 + (Mon, 13 Jun 2016)
New Revision: 42510
Modified:
data/CVE/list
Log:
Mark qemu/qemu-kvm esp emulation issues as
This device is not enabled by default and Michael Tokarev says there
is no reason to enable it.
Modified: data/CVE/list
===
Author: benh
Date: 2016-06-06 00:31:38 + (Mon, 06 Jun 2016)
New Revision: 42334
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Triage new issues for wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-05 2
Author: benh
Date: 2016-06-01 00:57:08 + (Wed, 01 Jun 2016)
New Revision: 42205
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Triage new issues for wheezy; add links to bug reports and fixes where available
Modified: data/CVE/list
Author: benh
Date: 2016-06-01 00:06:26 + (Wed, 01 Jun 2016)
New Revision: 42204
Modified:
data/CVE/list
Log:
Mark various issues affecting wheezy as , matching jessie's status
Modified: data/CVE/list
===
--- data/CVE/list
Author: benh
Date: 2016-05-31 23:56:34 + (Tue, 31 May 2016)
New Revision: 42203
Modified:
data/CVE/list
Log:
Mark typo3-src issue affecting wheezy as
Modified: data/CVE/list
===
--- data/CVE/list 2016-05-31 23:54:00 UTC
Author: benh
Date: 2016-05-31 23:54:00 + (Tue, 31 May 2016)
New Revision: 42202
Modified:
data/dla-needed.txt
Log:
Fix package name order in dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-31 2
Author: benh
Date: 2016-05-31 23:53:08 + (Tue, 31 May 2016)
New Revision: 42201
Modified:
data/CVE/list
Log:
Mark un-numbered mediawiki issues affecting wheezy and jessie as
Modified: data/CVE/list
===
--- data/CVE/list
Author: benh
Date: 2016-05-31 23:50:03 + (Tue, 31 May 2016)
New Revision: 42200
Modified:
data/dla-needed.txt
Log:
Remove ruby-activesupport-2.3 from dla-needed.txt; it is end-of-life
Modified: data/dla-needed.txt
===
--- data
Author: benh
Date: 2016-05-31 23:47:11 + (Tue, 31 May 2016)
New Revision: 42199
Modified:
data/CVE/list
Log:
Mark mediawiki issues affecting wheezy as
Modified: data/CVE/list
===
--- data/CVE/list 2016-05-31 22:25:18 UT
Author: benh
Date: 2016-05-01 13:00:33 + (Sun, 01 May 2016)
New Revision: 41336
Modified:
data/CVE/list
Log:
Mark CVE-2016-2143 as for wheezy as s390(x) are not supported
Modified: data/CVE/list
===
--- data/CVE/list 20
Author: benh
Date: 2016-04-30 20:54:58 + (Sat, 30 Apr 2016)
New Revision: 41322
Modified:
data/dla-needed.txt
Log:
Link to cacti maintainer's message
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-30 20:20:4
Author: benh
Date: 2016-04-30 17:39:11 + (Sat, 30 Apr 2016)
New Revision: 41316
Modified:
data/CVE/list
Log:
Mark some linux issues for wheezy due to lack of user namespaces
Modified: data/CVE/list
===
--- data/CVE/list
Author: benh
Date: 2016-04-30 14:34:34 + (Sat, 30 Apr 2016)
New Revision: 41311
Modified:
data/CVE/list
Log:
Mark CVE-2015-7515 as since it is a minor issue
Modified: data/CVE/list
===
--- data/CVE/list 2016-04-30 14:24
https://lists.debian.org/debian-lts/2016/01/msg00133.html
--
-imagemagick (Brian May)
- NOTE: only minor issues without CVE
+imagemagick
+ NOTE: only minor issues
--
-jasper (Ben Hutchings)
---
libxml2
NOTE: 20160226, no fix available yet
--
-linux-2.6
+linux
--
-macopix (Paul Liu)
---
ntp
.txt 2016-04-24 20:24:38 UTC (rev 41126)
+++ org/lts-frontdesk.2016.txt 2016-04-24 20:46:57 UTC (rev 41127)
@@ -32,19 +32,19 @@
From 09-05 to 15-05:Chris Lamb
From 16-05 to 22-05:Antoine Beaupré
From 23-05 to 29-05:Thorsten Alteholz
-From 30-05 to 05-06:
+From 30-05 to 05-06:Ben Hutchings
(rev 40027)
@@ -39,8 +39,6 @@
libxml2
NOTE: 20160226, no fix available yet
--
-linux-2.6 (Ben Hutchings)
---
lxc (Mike Gabriel)
NOTE: waiting for upstream feedback:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662/comments/77
Author: benh
Date: 2016-02-23 13:02:17 + (Tue, 23 Feb 2016)
New Revision: 39836
Modified:
data/DLA/list
Log:
Reserve DLA-426-1 for libssh2
Modified: data/DLA/list
===
--- data/DLA/list 2016-02-23 13:00:56 UTC (rev 39835)
Author: benh
Date: 2016-02-23 13:00:56 + (Tue, 23 Feb 2016)
New Revision: 39835
Modified:
data/CVE/list
Log:
Add details of CVE-2016-0739 and CVE-2016-0787
Modified: data/CVE/list
===
--- data/CVE/list 2016-02-23 12:42:5
Author: benh
Date: 2016-02-21 22:17:12 + (Sun, 21 Feb 2016)
New Revision: 39802
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Triage new issues for squeeze
Modified: data/CVE/list
===
--- data/CVE/list 2016-02-21 2
-needed.txt
===
--- data/dla-needed.txt 2016-02-17 18:00:48 UTC (rev 39749)
+++ data/dla-needed.txt 2016-02-17 19:11:30 UTC (rev 39750)
@@ -40,6 +40,10 @@
--
libmatroska (Chris Lamb)
--
+libxml2
+--
+linux-2.6 (Ben Hutchings)
+--
lxc (Mike
39477)
+++ data/dla-needed.txt 2016-02-05 15:05:11 UTC (rev 39478)
@@ -45,8 +45,6 @@
libraw
NOTE: libraw is not affected, but copies in other packages need to be
checked, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806809
--
-linux-2.6 (Ben Hutchings)
---
lxc (Mike Gabriel)
NOTE
Author: benh
Date: 2016-01-29 03:52:06 + (Fri, 29 Jan 2016)
New Revision: 39278
Modified:
data/CVE/list
Log:
Revert "Remove for CVE-2015-{5203,5221}; these are not minor issues"
jmm told me that double-frees are rarely exploitable when using the glibc
allocator, so I'll accept the previou
Author: benh
Date: 2016-01-29 03:49:22 + (Fri, 29 Jan 2016)
New Revision: 39277
Modified:
data/CVE/list
Log:
Mark CVE-2016-2053 as no-dsa for jessie; vulnerable code is not built
Modified: data/CVE/list
===
--- data/CVE/list
Author: benh
Date: 2016-01-28 20:29:56 + (Thu, 28 Jan 2016)
New Revision: 39275
Modified:
data/CVE/list
Log:
Remove for CVE-2015-{5203,5221}; these are not minor issues
Both of these involve double-free and I haven't found any explanation of
why they are minor.
Modified: data/CVE/list
=
Author: benh
Date: 2016-01-23 22:15:43 + (Sat, 23 Jan 2016)
New Revision: 39121
Modified:
data/CVE/list
Log:
Add references to discussion of patch for CVE-2015-8553
Modified: data/CVE/list
===
--- data/CVE/list 2016-01-2
Author: benh
Date: 2016-01-19 15:57:54 + (Tue, 19 Jan 2016)
New Revision: 39016
Modified:
data/CVE/list
Log:
Correct triaging of CVE-2015-2877 for squeeze
It is affected, but we're still not going to fix it.
Modified: data/CVE/list
Author: benh
Date: 2016-01-17 00:16:24 + (Sun, 17 Jan 2016)
New Revision: 38974
Modified:
data/CVE/list
Log:
Mark CVE-2016-1867 as minor for squeeze as well
Modified: data/CVE/list
===
--- data/CVE/list 2016-01-16 21:10:
)
+++ data/dla-needed.txt 2016-01-15 00:55:14 UTC (rev 38928)
@@ -21,7 +21,7 @@
--
giflib (Guido Günther)
--
-jasper
+jasper (Ben Hutchings)
--
libraw
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http
+26,6 @@
--
giflib (Guido Günther)
--
-inspircd (Ben Hutchings)
---
jasper
--
libraw
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
@@
https://lists.debian.org/debian-lts/2016/01/msg00023.html
NOTE: not the same as CVE-2015-8377
--
-claws-mail (Ben Hutchings)
---
dbconfig-common (Paul Gevers)
NOTE: maintainer should take care of this, cf
https://lists.debian.org/565626bf.2010...@debian.org
)
--
-sudo (Ben Hutchings)
- NOTE: Maintainer wants to review the updated package:
- https://lists.debian.org/87fv0hmref@rover.gag.com
---
tiff (Mike Gabriel)
--
cacti (Chris Lamb)
___
Secure-testing-commits mailing list
Secure-testing-commits
Author: benh
Date: 2016-01-11 01:28:52 + (Mon, 11 Jan 2016)
New Revision: 38833
Modified:
data/CVE/list
Log:
Add details of CVE-2016-0723
Modified: data/CVE/list
===
--- data/CVE/list 2016-01-10 21:18:18 UTC (rev 38832)
:59:02 UTC (rev 38675)
+++ data/dla-needed.txt 2016-01-04 00:58:10 UTC (rev 38676)
@@ -18,6 +18,8 @@
--
giflib (Guido Günther)
--
+icu
+--
inspircd (Ben Hutchings)
--
libraw
___
Secure-testing-commits mailing list
Secure-testing-commits
NOTE: possibly ending up in ABI breakage, second opinion welcome!
--
+linux-2.6 (Ben Hutchings)
+--
lxc (Mike Gabriel)
--
macopix (Paul Liu)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debia
Author: benh
Date: 2016-01-03 23:57:33 + (Sun, 03 Jan 2016)
New Revision: 38674
Modified:
data/dla-needed.txt
Log:
Add tiff to dla-needed, missed in r38599
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-01-03 1
:42 UTC (rev 38647)
@@ -28,8 +28,6 @@
NOTE: a fix is probably not trivial, as thread safety has to be backported
to 0.9.7
NOTE: possibly ending up in ABI breakage, second opinion welcome!
--
-linux-2.6 (Ben Hutchings)
---
lxc (Mike Gabriel)
--
macopix (Paul Liu
)
+++ data/dla-needed.txt 2016-01-01 17:25:03 UTC (rev 38635)
@@ -18,7 +18,7 @@
--
giflib (Guido Günther)
--
-inspircd
+inspircd (Ben Hutchings)
--
libraw
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http
)
+++ data/dla-needed.txt 2016-01-01 17:22:47 UTC (rev 38634)
@@ -11,7 +11,7 @@
--
busybox (Chris Lamb)
--
-claws-mail
+claws-mail (Ben Hutchings)
--
dbconfig-common
NOTE: maintainer should take care of this, cf
https://lists.debian.org/565626bf.2010...@debian.org
Author: benh
Date: 2015-12-31 02:38:31 + (Thu, 31 Dec 2015)
New Revision: 38616
Modified:
data/CVE/list
Log:
Add details of CVE-2015-7550
Modified: data/CVE/list
===
--- data/CVE/list 2015-12-31 01:24:34 UTC (rev 38615)
Author: benh
Date: 2015-12-31 00:29:06 + (Thu, 31 Dec 2015)
New Revision: 38614
Modified:
bin/contact-maintainers
Log:
contact-maintainers: Fix PTS URL for lib-packages
Modified: bin/contact-maintainers
===
--- bin/contact-mai
Author: benh
Date: 2015-12-31 00:23:22 + (Thu, 31 Dec 2015)
New Revision: 38613
Modified:
bin/contact-maintainers
templates/lts-no-dsa.txt
templates/lts-update-planned.txt
Log:
Change maintainer lookup in contact-maintainers to use PTS
The current implementation depends on apt-cache
Author: benh
Date: 2015-12-30 22:53:09 + (Wed, 30 Dec 2015)
New Revision: 38612
Modified:
bin/contact-maintainers
Log:
Correct help text for contact-maintainers --no-dsa option
Modified: bin/contact-maintainers
===
--- bin/con
Author: benh
Date: 2015-12-30 20:43:26 + (Wed, 30 Dec 2015)
New Revision: 38609
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Triage new issues for squeeze
Modified: data/CVE/list
===
--- data/CVE/list 2015-12-30 1
Author: benh
Date: 2015-12-30 01:46:01 + (Wed, 30 Dec 2015)
New Revision: 38599
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Triage new issues for squeeze
Modified: data/CVE/list
===
--- data/CVE/list 2015-12-29 2
Author: benh
Date: 2015-12-27 05:27:30 + (Sun, 27 Dec 2015)
New Revision: 38536
Modified:
data/CVE/list
Log:
Add qemu to packages affected by CVE-2015-8550
Modified: data/CVE/list
===
--- data/CVE/list 2015-12-27 05:26:5
Author: benh
Date: 2015-12-27 05:26:54 + (Sun, 27 Dec 2015)
New Revision: 38535
Modified:
data/CVE/list
Log:
Add upstream commits and fixed version for CVE-2015-855{0,1,2} in linux
Modified: data/CVE/list
===
--- data/CVE/list
Author: benh
Date: 2015-12-27 04:51:10 + (Sun, 27 Dec 2015)
New Revision: 38534
Modified:
data/CVE/list
Log:
Fix affected packages for CVE-2015-855{0,1,2}
CVE-2015-8550 applies to both Linux and Xen drivers.
CVE-2015-855{1,2} apply only to Linux drivers.
Modified: data/CVE/list
Author: benh
Date: 2015-12-27 04:39:19 + (Sun, 27 Dec 2015)
New Revision: 38533
Modified:
data/CVE/list
Log:
Add details of CVE-2015-7509, already fixed in all suites
Modified: data/CVE/list
===
--- data/CVE/list 2015-12
Author: benh
Date: 2015-12-06 21:30:17 + (Sun, 06 Dec 2015)
New Revision: 38139
Modified:
data/DLA/list
Log:
Assign DLA-360-1 to linux-2.6
Don't take it out of dla-needed.txt as there are still unfixed issues.
Modified: data/DLA/list
==
-needed.txt 2015-11-29 22:42:31 UTC (rev 37975)
+++ data/dla-needed.txt 2015-11-30 00:40:10 UTC (rev 37976)
@@ -42,6 +42,8 @@
squid
NOTE: CVE-2015-5400: Fix is hard to backport, and default configuration is
not affected
--
+srtp
+--
sudo (Ben Hutchings)
NOTE: Maintainer want to review the
Author: benh
Date: 2015-11-26 00:28:08 + (Thu, 26 Nov 2015)
New Revision: 37907
Modified:
data/dla-needed.txt
Log:
Add reference to mail about dbconfig-common
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2015-11-2
second review from upstream author. See
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802671#29
--
+dbconfig-common
+--
eglibc (Raphaël Hertzog)
--
imagemagick
@@ -47,6 +49,8 @@
--
quassel (Scott K)
--
+redmine
+--
squid (Santiago R.R.)
--
sudo (Ben Hutchings
Author: benh
Date: 2015-11-24 21:56:49 + (Tue, 24 Nov 2015)
New Revision: 37879
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Triage new issues for squeeze
Modified: data/CVE/list
===
--- data/CVE/list 2015-11-24 2
)
+++ data/dla-needed.txt 2015-11-24 02:16:51 UTC (rev 37839)
@@ -31,7 +31,7 @@
--
libxml2 (Thorsten Alteholz)
--
-linux-2.6
+linux-2.6 (Ben Hutchings)
--
lxc (Mike Gabriel)
--
___
Secure-testing-commits mailing list
Secure-testing-commits
===
--- data/dla-needed.txt 2015-11-24 00:31:44 UTC (rev 37837)
+++ data/dla-needed.txt 2015-11-24 02:07:27 UTC (rev 37838)
@@ -43,8 +43,6 @@
pound
NOTE: updating to the wheezy option might be less error prone
--
-putty (Ben Hutchings
(Raphaël Hertzog)
--
-ffmpeg (Ben Hutchings)
---
imagemagick
NOTE: maintainer might take care of it, cf
http://lists.debian.org/d7ae3b74-1c15-4073-9e4e-30803be14...@gmail.com
--
___
Secure-testing-commits mailing list
Secure-testing-commits
)
+++ data/dla-needed.txt 2015-11-24 00:31:44 UTC (rev 37837)
@@ -43,7 +43,7 @@
pound
NOTE: updating to the wheezy option might be less error prone
--
-putty
+putty (Ben Hutchings)
--
quassel (Scott K)
--
___
Secure-testing-commits mailing list
Secure
)
+++ data/dla-needed.txt 2015-11-24 00:27:19 UTC (rev 37835)
@@ -16,7 +16,7 @@
--
eglibc (Raphaël Hertzog)
--
-ffmpeg
+ffmpeg (Ben Hutchings)
--
imagemagick
NOTE: maintainer might take care of it, cf
http://lists.debian.org/d7ae3b74-1c15-4073-9e4e-30803be14...@gmail.com
Author: benh
Date: 2015-11-24 00:22:57 + (Tue, 24 Nov 2015)
New Revision: 37834
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Triage new issues for squeeze
Modified: data/CVE/list
===
--- data/CVE/list 2015-11-23
)
+++ data/dla-needed.txt 2015-11-21 02:25:57 UTC (rev 37801)
@@ -48,7 +48,7 @@
--
squid (Santiago R.R.)
--
-sudo
+sudo (Ben Hutchings)
NOTE: Maintainer want to review the updated package:
https://lists.debian.org/87fv0hmref@rover.gag.com
Author: benh
Date: 2015-11-21 02:18:47 + (Sat, 21 Nov 2015)
New Revision: 37800
Modified:
data/CVE/list
Log:
Mark new KVM issues as no-dsa for linux-2.6 in squeeze, not end-of-life
Modified: data/CVE/list
===
--- data/CVE/list
1 - 100 of 174 matches
Mail list logo