Hugo Lefeuvre pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
446a6c3e by Hugo Lefeuvre at 2018-04-09T08:19:01-04:00
Claim DLA-1343-1 for ming
- - - - -
1 changed file:
- data/DLA/list
Changes:
=
data/DLA/list
Hugo Lefeuvre pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
90325c3c by Hugo Lefeuvre at 2018-03-17T23:18:29+01:00
Update lame and ming entries in dla-needed
- - - - -
1 changed file:
- data/dla-needed.txt
Changes
Hugo Lefeuvre pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
28374bb1 by Hugo Lefeuvre at 2018-03-17T23:10:12+01:00
Claim tiff in dla-needed, now working on CVE-2018-7456
- - - - -
1 changed file:
- data/dla-needed.txt
Changes
Hugo Lefeuvre pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c18a7307 by Hugo Lefeuvre at 2018-03-17T23:04:45+01:00
Unclaim mupdf in dla-needed.
I have finished my work on CVE-2018-6544 and CVE-2018-6187.
Let mupdf in the list since CVE-2018-6192 and CVE-2018
Hugo Lefeuvre pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a6b0ee97 by Hugo Lefeuvre at 2018-03-17T23:00:49+01:00
Mark CVE-2018-6187/CVE-2018-6544 ignored in Wheezy
Mupdf in Wheezy is most likely not affected by these two rather
unimportant issues
Hugo Lefeuvre pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
45d8830d by Hugo Lefeuvre at 2018-03-11T14:43:51+01:00
Claim DLA-1305-1 for ming 0.4.4-1.1+deb7u7
- - - - -
b0e6e982 by Hugo Lefeuvre at 2018-03-11T14:44:43+01:00
Update ming entry in dla-needed
Hugo Lefeuvre pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4f2ad4a1 by Hugo Lefeuvre at 2018-01-25T15:34:08+01:00
Add mupdf to dla-needed and claim it.
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data
Hugo Lefeuvre pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dc08a19a by Hugo Lefeuvre at 2018-01-25T10:01:19+01:00
Update dla-needed entry for lame
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla
Hugo Lefeuvre pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fb67b93c by Hugo Lefeuvre at 2018-01-18T17:47:15+01:00
Update libav entry in data/dla-needed.
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data
Hugo Lefeuvre pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5e396f11 by Hugo Lefeuvre at 2018-01-18T17:42:52+01:00
Update lame entry in data/dla-needed.
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data
Hugo Lefeuvre pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
aa6a5777 by Hugo Lefeuvre at 2018-01-18T13:36:04+01:00
Update ming entry in data/dla-needed.
Im still working on Ming issues. See upstream bug report and monthly
report for more infos.
- - - - -
1
Hugo Lefeuvre pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2529d6e7 by Hugo Lefeuvre at 2018-01-11T11:45:33+01:00
Claim DLA number 1240-1 for ming
- - - - -
1 changed file:
- data/DLA/list
Changes:
=
data/DLA/list
Hugo Lefeuvre pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d1aaff1b by Hugo Lefeuvre at 2018-01-06T14:07:58+01:00
libav not affected by CVE-2015-8218.
Vulnerability affects G3{1, 2}D code extensions feature, which is not
present in libav 0.8 and 9. branches
Author: hle
Date: 2017-11-20 21:15:20 + (Mon, 20 Nov 2017)
New Revision: 57870
Modified:
data/CVE/list
Log:
ming (removed, only in wheezy) is affected by new CVE-2017-16898 (more infos on
upstreams bug tracker)
Modified: data/CVE/list
09:37:51 UTC (rev 57846)
+++ data/dla-needed.txt 2017-11-20 10:22:27 UTC (rev 57847)
@@ -24,8 +24,8 @@
lame (Hugo Lefeuvre)
NOTE: Couldn't reproduce CVE-2017-{69-72}, but successfully reproduced
CVE-2017-150{18,45,46}
NOTE: 20171120: Backporting 3.100 is not conceivable, diff >40k li
-20 09:34:52 UTC (rev 57844)
+++ data/dla-needed.txt 2017-11-20 09:37:35 UTC (rev 57845)
@@ -23,9 +23,9 @@
--
lame (Hugo Lefeuvre)
NOTE: Couldn't reproduce CVE-2017-{69-72}, but successfully reproduced
CVE-2017-150{18,45,46}
- NOTE: 20171116: 3.100 available: check with the security team
Author: hle
Date: 2017-11-18 22:04:16 + (Sat, 18 Nov 2017)
New Revision: 57800
Modified:
data/CVE/list
Log:
ming (removed, only in wheezy) is affected by new CVE-2017-16883 (more infos on
upstreams bug tracker)
Modified: data/CVE/list
Author: hle
Date: 2017-11-18 12:35:47 + (Sat, 18 Nov 2017)
New Revision: 57778
Modified:
data/DLA/list
Log:
Claim DLA-1176-1 for ming
Modified: data/DLA/list
===
--- data/DLA/list 2017-11-18 11:22:31 UTC (rev 5)
+++
2017-11-16 13:34:51 UTC (rev 57681)
+++ data/dla-needed.txt 2017-11-16 16:47:58 UTC (rev 57682)
@@ -22,11 +22,13 @@
NOTE: 20171031: No details available. Asked upstream for clarification.
--
lame (Hugo Lefeuvre)
- NOTE: Couldn't reproduce CVE-2017-{69-72}. Wait for next upstream release
3.100
Author: hle
Date: 2017-10-31 14:55:47 + (Tue, 31 Oct 2017)
New Revision: 57163
Modified:
data/DLA/list
Log:
Fix bad version in DLA 1152-1
Modified: data/DLA/list
===
--- data/DLA/list 2017-10-31 14:46:14 UTC (rev 57162)
===
--- data/dla-needed.txt 2017-10-30 09:01:46 UTC (rev 57129)
+++ data/dla-needed.txt 2017-10-30 09:05:11 UTC (rev 57130)
@@ -98,7 +98,7 @@
python-werkzeug (Thorsten Alteholz)
--
quagga (Hugo Lefeuvre)
- NOTE: Patch available for CVE-2017-16227 (see
https://lists.debian.org/debian-lts
:23:17 UTC (rev 57128)
+++ data/dla-needed.txt 2017-10-30 09:01:46 UTC (rev 57129)
@@ -97,6 +97,9 @@
--
python-werkzeug (Thorsten Alteholz)
--
+quagga (Hugo Lefeuvre)
+ NOTE: Patch available for CVE-2017-16227 (see
https://lists.debian.org/debian-lts/2017/10/msg00104.html)
+--
qemu
NOTE
56903)
+++ data/dla-needed.txt 2017-10-21 09:47:48 UTC (rev 56904)
@@ -41,7 +41,6 @@
--
libav (Hugo Lefeuvre)
NOTE: Diego Biurrun (from the libav team) is working on patches.
- NOTE: O.8.21 and 11.11 just released.
--
liblouis
--
___
Secure
-16 08:01:39 UTC (rev 56731)
+++ data/dla-needed.txt 2017-10-16 08:20:42 UTC (rev 56732)
@@ -56,10 +56,9 @@
NOTE: Couldn't reproduce CVE-2017-{69-72}. Wait for next upstream release
3.100 ?
NOTE: https://lists.debian.org/debian-lts/2017/09/msg00082.html
--
-libav
+libav (Hugo Lefeuvre
-14319}
[wheezy] - xen 4.1.6.lts1-9
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-10-14 09:48:12 UTC (rev 56687)
+++ data/dla-needed.txt 2017-10-14 10:34:50 UTC (rev 56688)
@@ -68,8 +68,7 @@
linux
--
ming (Hugo
11:17:30 UTC (rev 56346)
+++ data/dla-needed.txt 2017-10-02 12:05:51 UTC (rev 56347)
@@ -76,7 +76,7 @@
linux
--
ming (Hugo Lefeuvre)
- NOTE: 20170930: patches unavailable
+ NOTE: 20170930: patches unavailable, currently working on it with upstream,
might take a while
NOTE: Successfully
16:35:41 UTC (rev 56286)
+++ data/dla-needed.txt 2017-09-30 16:39:42 UTC (rev 56287)
@@ -74,7 +74,8 @@
linux
--
ming (Hugo Lefeuvre)
- NOTE: 20170916: patches unavailable
+ NOTE: 20170930: patches unavailable
+ NOTE: Successfully reproduced CVE-2017-117{04, 28, 29, 30, 32, 34}.
--
mosquitto
2017-09-29 12:49:10 UTC (rev 56243)
+++ data/dla-needed.txt 2017-09-29 13:13:25 UTC (rev 56244)
@@ -78,9 +78,11 @@
--
mosquitto (Roger A. Leigh/Gianfranco Costamagna)
--
-mp3gain (Hugo Lefeuvre)
- NOTE: successfully reproduced CVE-2017-14409 and CVE-2017-14407.
- NOTE: bundles a modified, old
(rev 56242)
+++ data/dla-needed.txt 2017-09-29 12:49:10 UTC (rev 56243)
@@ -73,7 +73,7 @@
--
linux
--
-ming
+ming (Hugo Lefeuvre)
NOTE: 20170916: patches unavailable
--
mosquitto (Roger A. Leigh/Gianfranco Costamagna)
___
Secure-testing-commits
:02 UTC (rev 56187)
+++ data/dla-needed.txt 2017-09-27 12:50:30 UTC (rev 56188)
@@ -84,7 +84,8 @@
mosquitto (Roger A. Leigh/Gianfranco Costamagna)
--
mp3gain (Hugo Lefeuvre)
- NOTE: Reproduced CVE-2017-14409, suspect to be a duplicate of something
already fixed in mpg123
+ NOTE: successfully
:27 UTC (rev 56186)
+++ data/dla-needed.txt 2017-09-27 10:26:02 UTC (rev 56187)
@@ -84,6 +84,7 @@
mosquitto (Roger A. Leigh/Gianfranco Costamagna)
--
mp3gain (Hugo Lefeuvre)
+ NOTE: Reproduced CVE-2017-14409, suspect to be a duplicate of something
already fixed in mpg123
--
mysql-connector
Author: hle
Date: 2017-09-27 09:49:27 + (Wed, 27 Sep 2017)
New Revision: 56186
Modified:
data/CVE/list
Log:
mp3gain: add links to stacktraces/reproducers for CVE-2017-144(06->12)
Modified: data/CVE/list
===
--- data/CVE/list
===
--- data/dla-needed.txt 2017-09-27 09:29:31 UTC (rev 56184)
+++ data/dla-needed.txt 2017-09-27 09:39:23 UTC (rev 56185)
@@ -83,14 +83,10 @@
--
mosquitto (Roger A. Leigh/Gianfranco Costamagna)
--
-mp3gain
+mp3gain (Hugo Lefeuvre)
--
-mysql-connector-python (Hugo Lefeuvre)
- NOTE: No patch
UTC (rev 56094)
+++ data/dla-needed.txt 2017-09-24 16:15:27 UTC (rev 56095)
@@ -44,9 +44,8 @@
imagemagick (Roberto C. Sánchez)
--
lame (Hugo Lefeuvre)
- NOTE: 20170907: Upstream claims to have reproduced and fixed
CVE-2017-{69-72}. asan outputs
- NOTE: are not exactly identical, wait for more
+27,6 @@
NOTE: HTML escaped. Without trying, it's hard to know if the error
NOTE: messages do include user controllable content.
--
-clamav (Hugo Lefeuvre)
- NOTE: https://lists.debian.org/debian-lts/2017/08/msg2.html
---
db
NOTE: We might want to wait one month like the security team
Author: hle
Date: 2017-09-22 08:16:27 + (Fri, 22 Sep 2017)
New Revision: 55998
Modified:
data/CVE/list
Log:
CVE-2017-6420 (clamav): Add link to commit 60671e3 fixing tests broken by
dfc00cd
Modified: data/CVE/list
===
---
Author: hle
Date: 2017-09-07 19:49:24 + (Thu, 07 Sep 2017)
New Revision: 3
Modified:
data/CVE/list
Log:
Add links to upstream bug tracking system for CVE-2017-98{69-72}
Modified: data/CVE/list
===
--- data/CVE/list
Author: hle
Date: 2017-09-07 16:59:42 + (Thu, 07 Sep 2017)
New Revision: 55549
Modified:
data/CVE/list
Log:
Mark CVE-2017-9996 in wheezy & jessie.
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-07 16:55:31 UTC
Author: hle
Date: 2017-09-07 16:47:53 + (Thu, 07 Sep 2017)
New Revision: 55545
Modified:
data/CVE/list
Log:
Mark CVE-2017-9991 in wheezy & jessie.
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-07 16:40:00 UTC
UTC (rev 55311)
+++ data/dla-needed.txt 2017-08-31 12:15:47 UTC (rev 55312)
@@ -80,9 +80,11 @@
NOTE: 20170813: still no patch available yet
--
lame (Hugo Lefeuvre)
- NOTE: 20170824: no patch yet, CVE-2017-{69-72} not reproducible.
+ NOTE: 20170831: no patch yet, CVE-2017-{69-72
Author: hle
Date: 2017-08-25 22:57:13 + (Fri, 25 Aug 2017)
New Revision: 55095
Modified:
data/CVE/list
Log:
Mark CVE-2015-8365 as unfixed in wheezy and jessie. Add link to upstream
patches for both branches.
Modified: data/CVE/list
Author: hle
Date: 2017-08-25 21:39:45 + (Fri, 25 Aug 2017)
New Revision: 55093
Modified:
data/CVE/list
Log:
Mark CVE-2017-9994 in wheezy (Vulnerable code not present, WebP
decoder feature introduced in v10)
Modified: data/CVE/list
Author: hle
Date: 2017-08-25 21:36:12 + (Fri, 25 Aug 2017)
New Revision: 55091
Modified:
data/CVE/list
Log:
Mark CVE-2017-9991 in wheezy (vulnerable code not present, XWD
feature present since v9b)
Modified: data/CVE/list
Author: hle
Date: 2017-08-25 21:19:56 + (Fri, 25 Aug 2017)
New Revision: 55090
Modified:
data/CVE/list
Log:
Fix typo in CVE-2017-6419 & CVE-2017-11423 (does not does not have). Mark
CVE-2017-9996 in wheezy (Vulnerable code not present).
Modified: data/CVE/list
Author: hle
Date: 2017-08-25 20:16:33 + (Fri, 25 Aug 2017)
New Revision: 55086
Modified:
data/CVE/list
Log:
Mark mysql-connector-python postponed in wheezy.
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-25
:42 UTC (rev 55025)
+++ data/dla-needed.txt 2017-08-24 10:39:14 UTC (rev 55026)
@@ -77,8 +77,9 @@
NOTE: 20170807: Can't immediately reproduce POC (lamby)
--
lame (Hugo Lefeuvre)
- NOTE: 20170810: no patch yet, CVE-2017-{69-72} not reproducible.
- NOTE: Contacted original reporter to get more
Author: hle
Date: 2017-08-10 17:03:32 + (Thu, 10 Aug 2017)
New Revision: 54555
Modified:
data/CVE/list
Log:
mupdf not affected by CVE-2016-10246, CVE-2016-10247 and CVE-2017-6060 in
wheezy: Vulnerable code not present (present since 1.4)
Modified: data/CVE/list
(rev 54550)
+++ data/dla-needed.txt 2017-08-10 16:46:23 UTC (rev 54551)
@@ -26,7 +26,7 @@
NOTE: HTML escaped. Without trying, it's hard to know if the error
NOTE: messages do include user controllable content.
--
-clamav
+clamav (Hugo Lefeuvre)
NOTE: https://lists.debian.org/debian-lts/2017
-10 16:35:43 UTC (rev 54549)
+++ data/dla-needed.txt 2017-08-10 16:43:53 UTC (rev 54550)
@@ -79,9 +79,8 @@
krb5 (Lucas Kanashiro)
--
lame (Hugo Lefeuvre)
- NOTE: 20170720, no patch yet
- NOTE: Reproduced CVE-2017-11720, but not CVE-2017-{69-72}.
- NOTE: Contacted original reporter to get more
Author: hle
Date: 2017-08-10 16:35:43 + (Thu, 10 Aug 2017)
New Revision: 54549
Modified:
data/dla-needed.txt
Log:
Add note to mysql-connector-python entry in dla-needed.
Modified: data/dla-needed.txt
===
---
Author: hle
Date: 2017-08-05 22:48:52 + (Sat, 05 Aug 2017)
New Revision: 54338
Modified:
data/dla-needed.txt
Log:
Update lame notes and assign mysql-connector-python to Hugo Lefeuvre in
dla-needed
Modified: data/dla-needed.txt
Author: hle
Date: 2017-08-04 18:17:49 + (Fri, 04 Aug 2017)
New Revision: 54277
Modified:
data/dla-needed.txt
Log:
Assign lame to Hugo Lefeuvre in data/dla-needed
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017
Author: hle
Date: 2017-06-30 10:24:02 + (Fri, 30 Jun 2017)
New Revision: 53034
Modified:
data/dla-needed.txt
Log:
Add note to boa entry in dla-needed
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-06-30
(rev 53029)
+++ data/dla-needed.txt 2017-06-30 09:01:02 UTC (rev 53030)
@@ -109,9 +109,6 @@
NOTE: Investigating CVE-2017-2633
NOTE: Patches for minor issues at
https://anonscm.debian.org/cgit/users/agx/qemu-kvm.git/log/
--
-samba (Hugo Lefeuvre)
- NOTE: Trying to reproduce CVE-2017-9461
Author: hle
Date: 2017-06-30 08:58:50 + (Fri, 30 Jun 2017)
New Revision: 53029
Modified:
data/CVE/list
Log:
Mark CVE-2017-9461 no-dsa in wheezy (minor issue, could not be reproduced)
Modified: data/CVE/list
===
---
(rev 52381)
+++ data/dla-needed.txt 2017-06-07 11:22:07 UTC (rev 52382)
@@ -96,7 +96,8 @@
qemu-kvm (Guido Günther)
NOTE: Investigating CVE-2017-2633
--
-samba
+samba (Hugo Lefeuvre)
+ NOTE: Trying to reproduce CVE-2017-9461 in the wheezy version
--
smb4k (Markus Koschany
as undetermined. Diego has asked for the reporters.
+ NOTE: undetermined issues are currently being triaged (Diego Biurrun and
Hugo Lefeuvre
+ NOTE: have access to the original reproducers)
--
libraw (Emilio Pozuelo)
NOTE: Maintainer contacted 2017-06-05
Author: hle
Date: 2017-06-07 08:51:48 + (Wed, 07 Jun 2017)
New Revision: 52375
Modified:
data/CVE/list
Log:
CVE-2017-9051: libav 0.8.* and 11.* branches not vulnerable
Modified: data/CVE/list
===
--- data/CVE/list
/Development#Triage_new_security_issues
--
-apng2gif (Hugo Lefeuvre)
- NOTE: 24031017: No upstream patch available yet. Have pinged bug#.
- NOTE: Currently working on a patch fixing CVE-2017-6960 --Hugo
---
ca-certificates
NOTE: 2017-03-27: maintainer will handle the upload, see
https
Author: hle
Date: 2017-05-19 17:26:43 + (Fri, 19 May 2017)
New Revision: 51758
Modified:
data/CVE/list
Log:
Re-introduce previously removed entries for libav and mark them
with appropriate NOTE.
Modified: data/CVE/list
===
Author: hle
Date: 2017-05-19 16:23:25 + (Fri, 19 May 2017)
New Revision: 51756
Modified:
data/CVE/list
Log:
CVE triage for libav in wheezy by Diego Biurrun
Modified: data/CVE/list
===
--- data/CVE/list 2017-05-19
:32 UTC (rev 51742)
+++ data/dla-needed.txt 2017-05-19 10:54:41 UTC (rev 51743)
@@ -12,6 +12,7 @@
--
apng2gif (Hugo Lefeuvre)
NOTE: 24031017: No upstream patch available yet. Have pinged bug#.
+ NOTE: Currently working on a patch fixing CVE-2017-6960 --Hugo
--
bind9 (Thorsten Alteholz
UTC (rev 51331)
+++ data/dla-needed.txt 2017-05-04 13:19:19 UTC (rev 51332)
@@ -10,7 +10,7 @@
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
-apng2gif
+apng2gif (Hugo Lefeuvre)
NOTE: 24031017: No upstream patch available yet. Have pinged bug#.
--
bind9 (Thorsten
ertzog <hert...@debian.org>
-From 25-12 to 31-12:
+From 25-12 to 31-12:Hugo Lefeuvre <h...@debian.org>
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
===
--- data/dla-needed.txt 2017-04-28 18:59:29 UTC (rev 51161)
+++ data/dla-needed.txt 2017-04-28 20:04:24 UTC (rev 51162)
@@ -90,9 +90,6 @@
--
openjdk-7 (Emilio Pozuelo)
--
-partclone (Hugo Lefeuvre)
- NOTE: CVE-2017-6596 successfully reproduced
===
--- data/dla-needed.txt 2017-04-26 20:09:02 UTC (rev 51084)
+++ data/dla-needed.txt 2017-04-26 20:54:29 UTC (rev 51085)
@@ -36,9 +36,10 @@
--
jasper (Thorsten Alteholz)
--
-libav (Hugo Lefeuvre)
- NOTE: Upstream should provide new point-releases fixing open security issues
in the next months
Author: hle
Date: 2017-04-09 19:16:24 + (Sun, 09 Apr 2017)
New Revision: 50492
Modified:
data/DLA/list
Log:
Reserve DLA number DLA-889-1 for potrace
Modified: data/DLA/list
===
--- data/DLA/list 2017-04-09 19:13:48 UTC
Author: hle
Date: 2017-03-31 09:20:51 + (Fri, 31 Mar 2017)
New Revision: 50219
Modified:
data/dla-needed.txt
Log:
Assign partclone to Hugo Lefeuvre in dla-needed
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017
Author: hle
Date: 2017-01-19 12:24:30 + (Thu, 19 Jan 2017)
New Revision: 48193
Modified:
data/DLA/list
Log:
Reserve DLA number 791-1 for libav.
Modified: data/DLA/list
===
--- data/DLA/list 2017-01-19 12:21:44 UTC (rev
:11 UTC (rev 48101)
@@ -20,9 +20,6 @@
--
bind9 (Thorsten Alteholz)
--
-botan1.10 (Hugo Lefeuvre)
- NOTE: Jessie has almost identical code. Looks hard to exploit but worth
fixing.
---
chicken
NOTE: I would set this as like in Jessie, but please recheck
Author: hle
Date: 2017-01-16 08:25:25 + (Mon, 16 Jan 2017)
New Revision: 48100
Modified:
data/dla-needed.txt
Log:
Assign potrace to Hugo Lefeuvre in dla-needed.
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017
Author: hle
Date: 2017-01-12 15:29:04 + (Thu, 12 Jan 2017)
New Revision: 47952
Modified:
data/dla-needed.txt
Log:
Assign botan1.10 to Hugo Lefeuvre in dla-needed.
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017
Author: hle
Date: 2017-01-12 15:03:08 + (Thu, 12 Jan 2017)
New Revision: 47947
Modified:
data/DLA/list
Log:
Claim DLA ID DLA-780-1 for libav
Modified: data/DLA/list
===
--- data/DLA/list 2017-01-12 15:02:57 UTC (rev
Author: hle
Date: 2017-01-06 16:20:45 + (Fri, 06 Jan 2017)
New Revision: 47790
Modified:
data/CVE/list
Log:
Mark various issues as not-affecting Xen in wheezy (qemu/{virtio, qcow and ui}
issues irrelevant)
Modified: data/CVE/list
Author: hle
Date: 2016-12-26 14:40:49 + (Mon, 26 Dec 2016)
New Revision: 47443
Modified:
data/CVE/list
Log:
CVE triage for Xen in wheezy.
Modified: data/CVE/list
===
--- data/CVE/list 2016-12-26 10:38:59 UTC (rev 47442)
Author: hle
Date: 2016-12-26 10:06:12 + (Mon, 26 Dec 2016)
New Revision: 47438
Modified:
data/DLA/list
Log:
Reserve DLA-765-1 for qemu-kvm
Modified: data/DLA/list
===
--- data/DLA/list 2016-12-26 09:58:54 UTC (rev
@@
--
potrace
--
-qemu (Hugo Lefeuvre)
---
-qemu-kvm (Hugo Lefeuvre)
---
samba
--
shutter (Christoph Biedl)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo
Author: hle
Date: 2016-12-25 10:44:55 + (Sun, 25 Dec 2016)
New Revision: 47422
Modified:
data/CVE/list
Log:
Update informations for CVE-2016-9916
Modified: data/CVE/list
===
--- data/CVE/list 2016-12-25 10:24:00 UTC
Author: hle
Date: 2016-12-15 21:45:31 + (Thu, 15 Dec 2016)
New Revision: 47119
Modified:
data/CVE/list
Log:
Mark CVE-2016-9907 as not affecting qemu(-kvm) in wheezy
Modified: data/CVE/list
===
--- data/CVE/list
Author: hle
Date: 2016-12-15 18:56:01 + (Thu, 15 Dec 2016)
New Revision: 47114
Modified:
data/CVE/list
Log:
Mark CVE-2016-9923 no-dsa in wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2016-12-15 18:55:32 UTC (rev
Author: hle
Date: 2016-12-13 10:16:42 + (Tue, 13 Dec 2016)
New Revision: 47019
Modified:
data/CVE/list
Log:
CVE triage for Xen in wheezy.
Modified: data/CVE/list
===
--- data/CVE/list 2016-12-13 09:58:33 UTC (rev 47018)
(rev 46929)
+++ data/dla-needed.txt 2016-12-09 09:44:06 UTC (rev 46930)
@@ -94,9 +94,9 @@
--
potrace
--
-qemu
+qemu (Hugo Lefeuvre)
--
-qemu-kvm
+qemu-kvm (Hugo Lefeuvre)
--
tiff
--
___
Secure-testing-commits mailing list
Secure-testing-commits
Author: hle
Date: 2016-11-29 08:47:12 + (Tue, 29 Nov 2016)
New Revision: 46633
Modified:
data/CVE/list
Log:
CVE triage for Xen in wheezy.
Modified: data/CVE/list
===
--- data/CVE/list 2016-11-29 07:30:50 UTC (rev 46632)
Author: hle
Date: 2016-11-24 09:21:29 + (Thu, 24 Nov 2016)
New Revision: 46507
Modified:
data/CVE/list
Log:
CVE triage for Xen in wheezy.
Modified: data/CVE/list
===
--- data/CVE/list 2016-11-24 09:10:13 UTC (rev 46506)
Author: hle
Date: 2016-11-21 22:30:01 + (Mon, 21 Nov 2016)
New Revision: 46412
Modified:
data/CVE/list
Log:
CVE triage for Xen in wheezy.
Modified: data/CVE/list
===
--- data/CVE/list 2016-11-21 22:24:47 UTC (rev 46411)
Author: hle
Date: 2016-11-21 18:08:48 + (Mon, 21 Nov 2016)
New Revision: 46385
Modified:
data/CVE/list
Log:
CVE triage for Xen in wheezy.
Modified: data/CVE/list
===
--- data/CVE/list 2016-11-21 16:17:56 UTC (rev 46384)
Author: hle
Date: 2016-11-19 08:21:13 + (Sat, 19 Nov 2016)
New Revision: 46336
Modified:
data/CVE/list
Log:
CVE triage for Xen in wheezy.
Modified: data/CVE/list
===
--- data/CVE/list 2016-11-19 06:57:40 UTC (rev 46335)
Author: hle
Date: 2016-11-14 21:40:56 + (Mon, 14 Nov 2016)
New Revision: 46201
Modified:
data/CVE/list
Log:
CVE triage for Xen in wheezy.
Modified: data/CVE/list
===
--- data/CVE/list 2016-11-14 21:18:28 UTC (rev 46200)
Author: hle
Date: 2016-11-10 09:33:21 + (Thu, 10 Nov 2016)
New Revision: 46095
Modified:
data/CVE/list
Log:
CVE triage for Xen in wheezy.
Modified: data/CVE/list
===
--- data/CVE/list 2016-11-10 07:57:54 UTC (rev 46094)
Author: hle
Date: 2016-11-06 21:46:25 + (Sun, 06 Nov 2016)
New Revision: 46028
Modified:
data/CVE/list
Log:
CVE triage for Xen in wheezy.
Modified: data/CVE/list
===
--- data/CVE/list 2016-11-06 20:57:49 UTC (rev 46027)
-26 19:29:10 UTC (rev 45638)
+++ data/dla-needed.txt 2016-10-26 19:29:52 UTC (rev 45639)
@@ -38,8 +38,8 @@
NOTE: 20161019: CVE-2016-7971 is disputed upstream. No patch available yet.
--
libav (Hugo Lefeuvre)
- NOTE: Upstream will provide new point-releases fixing open security issues
this entry?
--
-qemu (Hugo Lefeuvre)
---
-qemu-kvm (Hugo Lefeuvre)
- NOTE: Potentially affected by all qemu CVE-s:
- NOTE: https://lists.debian.org/debian-lts/2016/09/msg00014.html
---
samba
NOTE: patch for CVE-2016-2115 has been removed intentionally in version
2:3.6.6-6+deb7u10
NOTE: so
Author: hle
Date: 2016-10-24 19:55:44 + (Mon, 24 Oct 2016)
New Revision: 45557
Modified:
data/CVE/list
Log:
Add link to upstream commit for CVE-2016-8669.
Modified: data/CVE/list
===
--- data/CVE/list 2016-10-24
Author: hle
Date: 2016-10-22 10:23:58 + (Sat, 22 Oct 2016)
New Revision: 45511
Modified:
data/CVE/list
Log:
Add link to upstream commits for CVE-2016{8678, 8577, 8576} (qemu/qemu-kvm)
Modified: data/CVE/list
===
---
@@
--
libxml2 (Thorsten Alteholz)
--
-libxrandr (Hugo Lefeuvre)
---
libxrender (Markus Koschany)
--
libxtst (Emilio Pozuelo)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman
Author: hle
Date: 2016-10-11 11:56:43 + (Tue, 11 Oct 2016)
New Revision: 45210
Modified:
data/dla-needed.txt
Log:
Assign libxrandr to Hugo Lefeuvre in dla-needed.
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016
Author: hle
Date: 2016-10-11 07:31:26 + (Tue, 11 Oct 2016)
New Revision: 45207
Modified:
data/DLA/list
Log:
Claim DLA ID DLA-653-1 & DLA-652-1 for qemu and qemu-kvm
Modified: data/DLA/list
===
--- data/DLA/list
+34,7 @@
libarchive (Emilio Pozuelo)
--
libav (Hugo Lefeuvre)
- NOTE: Latest issue is CVE-2016-7393, it would be a good time to release
accumulated fixes
+ NOTE: Upstream will provide new point-releases fixing open security issues
in the next months.
NOTE: (See debian-lts ML)
--
libical
Author: hle
Date: 2016-09-14 10:39:34 + (Wed, 14 Sep 2016)
New Revision: 44584
Modified:
data/dla-needed.txt
Log:
Assign libav to Hugo Lefeuvre in dla-needed.
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-09
Author: hle
Date: 2016-09-11 16:13:52 + (Sun, 11 Sep 2016)
New Revision: 44504
Modified:
data/DLA/list
Log:
Reserve DLA number 619-1 for qemu-kvm.
Modified: data/DLA/list
===
--- data/DLA/list 2016-09-11 16:12:19 UTC
1 - 100 of 105 matches
Mail list logo