[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Claim DLA-1343-1 for ming

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker Commits: 446a6c3e by Hugo Lefeuvre at 2018-04-09T08:19:01-04:00 Claim DLA-1343-1 for ming - - - - - 1 changed file: - data/DLA/list Changes: = data/DLA/list

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update lame and ming entries in dla-needed

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker Commits: 90325c3c by Hugo Lefeuvre at 2018-03-17T23:18:29+01:00 Update lame and ming entries in dla-needed - - - - - 1 changed file: - data/dla-needed.txt Changes

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Claim tiff in dla-needed, now working on CVE-2018-7456

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker Commits: 28374bb1 by Hugo Lefeuvre at 2018-03-17T23:10:12+01:00 Claim tiff in dla-needed, now working on CVE-2018-7456 - - - - - 1 changed file: - data/dla-needed.txt Changes

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Unclaim mupdf in dla-needed.

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker Commits: c18a7307 by Hugo Lefeuvre at 2018-03-17T23:04:45+01:00 Unclaim mupdf in dla-needed. I have finished my work on CVE-2018-6544 and CVE-2018-6187. Let mupdf in the list since CVE-2018-6192 and CVE-2018

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark CVE-2018-6187/CVE-2018-6544 ignored in Wheezy

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker Commits: a6b0ee97 by Hugo Lefeuvre at 2018-03-17T23:00:49+01:00 Mark CVE-2018-6187/CVE-2018-6544 ignored in Wheezy Mupdf in Wheezy is most likely not affected by these two rather unimportant issues

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Claim DLA-1305-1 for ming 0.4.4-1.1+deb7u7

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker Commits: 45d8830d by Hugo Lefeuvre at 2018-03-11T14:43:51+01:00 Claim DLA-1305-1 for ming 0.4.4-1.1+deb7u7 - - - - - b0e6e982 by Hugo Lefeuvre at 2018-03-11T14:44:43+01:00 Update ming entry in dla-needed

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add mupdf to dla-needed and claim it.

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker Commits: 4f2ad4a1 by Hugo Lefeuvre at 2018-01-25T15:34:08+01:00 Add mupdf to dla-needed and claim it. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update dla-needed entry for lame

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker Commits: dc08a19a by Hugo Lefeuvre at 2018-01-25T10:01:19+01:00 Update dla-needed entry for lame - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update libav entry in data/dla-needed.

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker Commits: fb67b93c by Hugo Lefeuvre at 2018-01-18T17:47:15+01:00 Update libav entry in data/dla-needed. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update lame entry in data/dla-needed.

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker Commits: 5e396f11 by Hugo Lefeuvre at 2018-01-18T17:42:52+01:00 Update lame entry in data/dla-needed. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update ming entry in data/dla-needed.

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker Commits: aa6a5777 by Hugo Lefeuvre at 2018-01-18T13:36:04+01:00 Update ming entry in data/dla-needed. Im still working on Ming issues. See upstream bug report and monthly report for more infos. - - - - - 1

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Claim DLA number 1240-1 for ming

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker Commits: 2529d6e7 by Hugo Lefeuvre at 2018-01-11T11:45:33+01:00 Claim DLA number 1240-1 for ming - - - - - 1 changed file: - data/DLA/list Changes: = data/DLA/list

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] libav not affected by CVE-2015-8218.

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker Commits: d1aaff1b by Hugo Lefeuvre at 2018-01-06T14:07:58+01:00 libav not affected by CVE-2015-8218. Vulnerability affects G3{1, 2}D code extensions feature, which is not present in libav 0.8 and 9. branches

[Secure-testing-commits] r57870 - data/CVE

Author: hle Date: 2017-11-20 21:15:20 + (Mon, 20 Nov 2017) New Revision: 57870 Modified: data/CVE/list Log: ming (removed, only in wheezy) is affected by new CVE-2017-16898 (more infos on upstreams bug tracker) Modified: data/CVE/list

[Secure-testing-commits] r57847 - data

09:37:51 UTC (rev 57846) +++ data/dla-needed.txt 2017-11-20 10:22:27 UTC (rev 57847) @@ -24,8 +24,8 @@ lame (Hugo Lefeuvre) NOTE: Couldn't reproduce CVE-2017-{69-72}, but successfully reproduced CVE-2017-150{18,45,46} NOTE: 20171120: Backporting 3.100 is not conceivable, diff >40k li

[Secure-testing-commits] r57845 - data

-20 09:34:52 UTC (rev 57844) +++ data/dla-needed.txt 2017-11-20 09:37:35 UTC (rev 57845) @@ -23,9 +23,9 @@ -- lame (Hugo Lefeuvre) NOTE: Couldn't reproduce CVE-2017-{69-72}, but successfully reproduced CVE-2017-150{18,45,46} - NOTE: 20171116: 3.100 available: check with the security team

[Secure-testing-commits] r57800 - data/CVE

Author: hle Date: 2017-11-18 22:04:16 + (Sat, 18 Nov 2017) New Revision: 57800 Modified: data/CVE/list Log: ming (removed, only in wheezy) is affected by new CVE-2017-16883 (more infos on upstreams bug tracker) Modified: data/CVE/list

[Secure-testing-commits] r57778 - data/DLA

Author: hle Date: 2017-11-18 12:35:47 + (Sat, 18 Nov 2017) New Revision: 57778 Modified: data/DLA/list Log: Claim DLA-1176-1 for ming Modified: data/DLA/list === --- data/DLA/list 2017-11-18 11:22:31 UTC (rev 5) +++

[Secure-testing-commits] r57682 - data

2017-11-16 13:34:51 UTC (rev 57681) +++ data/dla-needed.txt 2017-11-16 16:47:58 UTC (rev 57682) @@ -22,11 +22,13 @@ NOTE: 20171031: No details available. Asked upstream for clarification. -- lame (Hugo Lefeuvre) - NOTE: Couldn't reproduce CVE-2017-{69-72}. Wait for next upstream release 3.100

[Secure-testing-commits] r57163 - data/DLA

Author: hle Date: 2017-10-31 14:55:47 + (Tue, 31 Oct 2017) New Revision: 57163 Modified: data/DLA/list Log: Fix bad version in DLA 1152-1 Modified: data/DLA/list === --- data/DLA/list 2017-10-31 14:46:14 UTC (rev 57162)

[Secure-testing-commits] r57130 - data

=== --- data/dla-needed.txt 2017-10-30 09:01:46 UTC (rev 57129) +++ data/dla-needed.txt 2017-10-30 09:05:11 UTC (rev 57130) @@ -98,7 +98,7 @@ python-werkzeug (Thorsten Alteholz) -- quagga (Hugo Lefeuvre) - NOTE: Patch available for CVE-2017-16227 (see https://lists.debian.org/debian-lts

[Secure-testing-commits] r57129 - data

:23:17 UTC (rev 57128) +++ data/dla-needed.txt 2017-10-30 09:01:46 UTC (rev 57129) @@ -97,6 +97,9 @@ -- python-werkzeug (Thorsten Alteholz) -- +quagga (Hugo Lefeuvre) + NOTE: Patch available for CVE-2017-16227 (see https://lists.debian.org/debian-lts/2017/10/msg00104.html) +-- qemu NOTE

[Secure-testing-commits] r56904 - in data: . DLA

56903) +++ data/dla-needed.txt 2017-10-21 09:47:48 UTC (rev 56904) @@ -41,7 +41,6 @@ -- libav (Hugo Lefeuvre) NOTE: Diego Biurrun (from the libav team) is working on patches. - NOTE: O.8.21 and 11.11 just released. -- liblouis -- ___ Secure

[Secure-testing-commits] r56732 - data

-16 08:01:39 UTC (rev 56731) +++ data/dla-needed.txt 2017-10-16 08:20:42 UTC (rev 56732) @@ -56,10 +56,9 @@ NOTE: Couldn't reproduce CVE-2017-{69-72}. Wait for next upstream release 3.100 ? NOTE: https://lists.debian.org/debian-lts/2017/09/msg00082.html -- -libav +libav (Hugo Lefeuvre

[Secure-testing-commits] r56688 - in data: . DLA

-14319} [wheezy] - xen 4.1.6.lts1-9 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-10-14 09:48:12 UTC (rev 56687) +++ data/dla-needed.txt 2017-10-14 10:34:50 UTC (rev 56688) @@ -68,8 +68,7 @@ linux -- ming (Hugo

[Secure-testing-commits] r56347 - data

11:17:30 UTC (rev 56346) +++ data/dla-needed.txt 2017-10-02 12:05:51 UTC (rev 56347) @@ -76,7 +76,7 @@ linux -- ming (Hugo Lefeuvre) - NOTE: 20170930: patches unavailable + NOTE: 20170930: patches unavailable, currently working on it with upstream, might take a while NOTE: Successfully

[Secure-testing-commits] r56287 - data

16:35:41 UTC (rev 56286) +++ data/dla-needed.txt 2017-09-30 16:39:42 UTC (rev 56287) @@ -74,7 +74,8 @@ linux -- ming (Hugo Lefeuvre) - NOTE: 20170916: patches unavailable + NOTE: 20170930: patches unavailable + NOTE: Successfully reproduced CVE-2017-117{04, 28, 29, 30, 32, 34}. -- mosquitto

[Secure-testing-commits] r56244 - data

2017-09-29 12:49:10 UTC (rev 56243) +++ data/dla-needed.txt 2017-09-29 13:13:25 UTC (rev 56244) @@ -78,9 +78,11 @@ -- mosquitto (Roger A. Leigh/Gianfranco Costamagna) -- -mp3gain (Hugo Lefeuvre) - NOTE: successfully reproduced CVE-2017-14409 and CVE-2017-14407. - NOTE: bundles a modified, old

[Secure-testing-commits] r56243 - data

(rev 56242) +++ data/dla-needed.txt 2017-09-29 12:49:10 UTC (rev 56243) @@ -73,7 +73,7 @@ -- linux -- -ming +ming (Hugo Lefeuvre) NOTE: 20170916: patches unavailable -- mosquitto (Roger A. Leigh/Gianfranco Costamagna) ___ Secure-testing-commits

[Secure-testing-commits] r56188 - data

:02 UTC (rev 56187) +++ data/dla-needed.txt 2017-09-27 12:50:30 UTC (rev 56188) @@ -84,7 +84,8 @@ mosquitto (Roger A. Leigh/Gianfranco Costamagna) -- mp3gain (Hugo Lefeuvre) - NOTE: Reproduced CVE-2017-14409, suspect to be a duplicate of something already fixed in mpg123 + NOTE: successfully

[Secure-testing-commits] r56187 - data

:27 UTC (rev 56186) +++ data/dla-needed.txt 2017-09-27 10:26:02 UTC (rev 56187) @@ -84,6 +84,7 @@ mosquitto (Roger A. Leigh/Gianfranco Costamagna) -- mp3gain (Hugo Lefeuvre) + NOTE: Reproduced CVE-2017-14409, suspect to be a duplicate of something already fixed in mpg123 -- mysql-connector

[Secure-testing-commits] r56186 - data/CVE

Author: hle Date: 2017-09-27 09:49:27 + (Wed, 27 Sep 2017) New Revision: 56186 Modified: data/CVE/list Log: mp3gain: add links to stacktraces/reproducers for CVE-2017-144(06->12) Modified: data/CVE/list === --- data/CVE/list

[Secure-testing-commits] r56185 - data

=== --- data/dla-needed.txt 2017-09-27 09:29:31 UTC (rev 56184) +++ data/dla-needed.txt 2017-09-27 09:39:23 UTC (rev 56185) @@ -83,14 +83,10 @@ -- mosquitto (Roger A. Leigh/Gianfranco Costamagna) -- -mp3gain +mp3gain (Hugo Lefeuvre) -- -mysql-connector-python (Hugo Lefeuvre) - NOTE: No patch

[Secure-testing-commits] r56095 - data

UTC (rev 56094) +++ data/dla-needed.txt 2017-09-24 16:15:27 UTC (rev 56095) @@ -44,9 +44,8 @@ imagemagick (Roberto C. Sánchez) -- lame (Hugo Lefeuvre) - NOTE: 20170907: Upstream claims to have reproduced and fixed CVE-2017-{69-72}. asan outputs - NOTE: are not exactly identical, wait for more

[Secure-testing-commits] r56013 - in data: . DLA

+27,6 @@ NOTE: HTML escaped. Without trying, it's hard to know if the error NOTE: messages do include user controllable content. -- -clamav (Hugo Lefeuvre) - NOTE: https://lists.debian.org/debian-lts/2017/08/msg2.html --- db NOTE: We might want to wait one month like the security team

[Secure-testing-commits] r55998 - data/CVE

Author: hle Date: 2017-09-22 08:16:27 + (Fri, 22 Sep 2017) New Revision: 55998 Modified: data/CVE/list Log: CVE-2017-6420 (clamav): Add link to commit 60671e3 fixing tests broken by dfc00cd Modified: data/CVE/list === ---

[Secure-testing-commits] r55553 - data/CVE

Author: hle Date: 2017-09-07 19:49:24 + (Thu, 07 Sep 2017) New Revision: 3 Modified: data/CVE/list Log: Add links to upstream bug tracking system for CVE-2017-98{69-72} Modified: data/CVE/list === --- data/CVE/list

[Secure-testing-commits] r55549 - data/CVE

Author: hle Date: 2017-09-07 16:59:42 + (Thu, 07 Sep 2017) New Revision: 55549 Modified: data/CVE/list Log: Mark CVE-2017-9996 in wheezy & jessie. Modified: data/CVE/list === --- data/CVE/list 2017-09-07 16:55:31 UTC

[Secure-testing-commits] r55545 - data/CVE

Author: hle Date: 2017-09-07 16:47:53 + (Thu, 07 Sep 2017) New Revision: 55545 Modified: data/CVE/list Log: Mark CVE-2017-9991 in wheezy & jessie. Modified: data/CVE/list === --- data/CVE/list 2017-09-07 16:40:00 UTC

[Secure-testing-commits] r55312 - data

UTC (rev 55311) +++ data/dla-needed.txt 2017-08-31 12:15:47 UTC (rev 55312) @@ -80,9 +80,11 @@ NOTE: 20170813: still no patch available yet -- lame (Hugo Lefeuvre) - NOTE: 20170824: no patch yet, CVE-2017-{69-72} not reproducible. + NOTE: 20170831: no patch yet, CVE-2017-{69-72

[Secure-testing-commits] r55095 - data/CVE

Author: hle Date: 2017-08-25 22:57:13 + (Fri, 25 Aug 2017) New Revision: 55095 Modified: data/CVE/list Log: Mark CVE-2015-8365 as unfixed in wheezy and jessie. Add link to upstream patches for both branches. Modified: data/CVE/list

[Secure-testing-commits] r55093 - data/CVE

Author: hle Date: 2017-08-25 21:39:45 + (Fri, 25 Aug 2017) New Revision: 55093 Modified: data/CVE/list Log: Mark CVE-2017-9994 in wheezy (Vulnerable code not present, WebP decoder feature introduced in v10) Modified: data/CVE/list

[Secure-testing-commits] r55091 - data/CVE

Author: hle Date: 2017-08-25 21:36:12 + (Fri, 25 Aug 2017) New Revision: 55091 Modified: data/CVE/list Log: Mark CVE-2017-9991 in wheezy (vulnerable code not present, XWD feature present since v9b) Modified: data/CVE/list

[Secure-testing-commits] r55090 - data/CVE

Author: hle Date: 2017-08-25 21:19:56 + (Fri, 25 Aug 2017) New Revision: 55090 Modified: data/CVE/list Log: Fix typo in CVE-2017-6419 & CVE-2017-11423 (does not does not have). Mark CVE-2017-9996 in wheezy (Vulnerable code not present). Modified: data/CVE/list

[Secure-testing-commits] r55086 - data/CVE

Author: hle Date: 2017-08-25 20:16:33 + (Fri, 25 Aug 2017) New Revision: 55086 Modified: data/CVE/list Log: Mark mysql-connector-python postponed in wheezy. Modified: data/CVE/list === --- data/CVE/list 2017-08-25

[Secure-testing-commits] r55026 - data

:42 UTC (rev 55025) +++ data/dla-needed.txt 2017-08-24 10:39:14 UTC (rev 55026) @@ -77,8 +77,9 @@ NOTE: 20170807: Can't immediately reproduce POC (lamby) -- lame (Hugo Lefeuvre) - NOTE: 20170810: no patch yet, CVE-2017-{69-72} not reproducible. - NOTE: Contacted original reporter to get more

[Secure-testing-commits] r54555 - data/CVE

Author: hle Date: 2017-08-10 17:03:32 + (Thu, 10 Aug 2017) New Revision: 54555 Modified: data/CVE/list Log: mupdf not affected by CVE-2016-10246, CVE-2016-10247 and CVE-2017-6060 in wheezy: Vulnerable code not present (present since 1.4) Modified: data/CVE/list

[Secure-testing-commits] r54551 - data

(rev 54550) +++ data/dla-needed.txt 2017-08-10 16:46:23 UTC (rev 54551) @@ -26,7 +26,7 @@ NOTE: HTML escaped. Without trying, it's hard to know if the error NOTE: messages do include user controllable content. -- -clamav +clamav (Hugo Lefeuvre) NOTE: https://lists.debian.org/debian-lts/2017

[Secure-testing-commits] r54550 - data

-10 16:35:43 UTC (rev 54549) +++ data/dla-needed.txt 2017-08-10 16:43:53 UTC (rev 54550) @@ -79,9 +79,8 @@ krb5 (Lucas Kanashiro) -- lame (Hugo Lefeuvre) - NOTE: 20170720, no patch yet - NOTE: Reproduced CVE-2017-11720, but not CVE-2017-{69-72}. - NOTE: Contacted original reporter to get more

[Secure-testing-commits] r54549 - data

Author: hle Date: 2017-08-10 16:35:43 + (Thu, 10 Aug 2017) New Revision: 54549 Modified: data/dla-needed.txt Log: Add note to mysql-connector-python entry in dla-needed. Modified: data/dla-needed.txt === ---

[Secure-testing-commits] r54338 - data

Author: hle Date: 2017-08-05 22:48:52 + (Sat, 05 Aug 2017) New Revision: 54338 Modified: data/dla-needed.txt Log: Update lame notes and assign mysql-connector-python to Hugo Lefeuvre in dla-needed Modified: data/dla-needed.txt

[Secure-testing-commits] r54277 - data

Author: hle Date: 2017-08-04 18:17:49 + (Fri, 04 Aug 2017) New Revision: 54277 Modified: data/dla-needed.txt Log: Assign lame to Hugo Lefeuvre in data/dla-needed Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017

[Secure-testing-commits] r53034 - data

Author: hle Date: 2017-06-30 10:24:02 + (Fri, 30 Jun 2017) New Revision: 53034 Modified: data/dla-needed.txt Log: Add note to boa entry in dla-needed Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-06-30

[Secure-testing-commits] r53030 - data

(rev 53029) +++ data/dla-needed.txt 2017-06-30 09:01:02 UTC (rev 53030) @@ -109,9 +109,6 @@ NOTE: Investigating CVE-2017-2633 NOTE: Patches for minor issues at https://anonscm.debian.org/cgit/users/agx/qemu-kvm.git/log/ -- -samba (Hugo Lefeuvre) - NOTE: Trying to reproduce CVE-2017-9461

[Secure-testing-commits] r53029 - data/CVE

Author: hle Date: 2017-06-30 08:58:50 + (Fri, 30 Jun 2017) New Revision: 53029 Modified: data/CVE/list Log: Mark CVE-2017-9461 no-dsa in wheezy (minor issue, could not be reproduced) Modified: data/CVE/list === ---

[Secure-testing-commits] r52382 - data

(rev 52381) +++ data/dla-needed.txt 2017-06-07 11:22:07 UTC (rev 52382) @@ -96,7 +96,8 @@ qemu-kvm (Guido Günther) NOTE: Investigating CVE-2017-2633 -- -samba +samba (Hugo Lefeuvre) + NOTE: Trying to reproduce CVE-2017-9461 in the wheezy version -- smb4k (Markus Koschany

[Secure-testing-commits] r52381 - data

as undetermined. Diego has asked for the reporters. + NOTE: undetermined issues are currently being triaged (Diego Biurrun and Hugo Lefeuvre + NOTE: have access to the original reproducers) -- libraw (Emilio Pozuelo) NOTE: Maintainer contacted 2017-06-05

[Secure-testing-commits] r52375 - data/CVE

Author: hle Date: 2017-06-07 08:51:48 + (Wed, 07 Jun 2017) New Revision: 52375 Modified: data/CVE/list Log: CVE-2017-9051: libav 0.8.* and 11.* branches not vulnerable Modified: data/CVE/list === --- data/CVE/list

[Secure-testing-commits] r52374 - in data: . DLA

/Development#Triage_new_security_issues -- -apng2gif (Hugo Lefeuvre) - NOTE: 24031017: No upstream patch available yet. Have pinged bug#. - NOTE: Currently working on a patch fixing CVE-2017-6960 --Hugo --- ca-certificates NOTE: 2017-03-27: maintainer will handle the upload, see https

[Secure-testing-commits] r51758 - data/CVE

Author: hle Date: 2017-05-19 17:26:43 + (Fri, 19 May 2017) New Revision: 51758 Modified: data/CVE/list Log: Re-introduce previously removed entries for libav and mark them with appropriate NOTE. Modified: data/CVE/list ===

[Secure-testing-commits] r51756 - data/CVE

Author: hle Date: 2017-05-19 16:23:25 + (Fri, 19 May 2017) New Revision: 51756 Modified: data/CVE/list Log: CVE triage for libav in wheezy by Diego Biurrun Modified: data/CVE/list === --- data/CVE/list 2017-05-19

[Secure-testing-commits] r51743 - data

:32 UTC (rev 51742) +++ data/dla-needed.txt 2017-05-19 10:54:41 UTC (rev 51743) @@ -12,6 +12,7 @@ -- apng2gif (Hugo Lefeuvre) NOTE: 24031017: No upstream patch available yet. Have pinged bug#. + NOTE: Currently working on a patch fixing CVE-2017-6960 --Hugo -- bind9 (Thorsten Alteholz

[Secure-testing-commits] r51332 - data

UTC (rev 51331) +++ data/dla-needed.txt 2017-05-04 13:19:19 UTC (rev 51332) @@ -10,7 +10,7 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues -- -apng2gif +apng2gif (Hugo Lefeuvre) NOTE: 24031017: No upstream patch available yet. Have pinged bug#. -- bind9 (Thorsten

[Secure-testing-commits] r51265 - org

ertzog <hert...@debian.org> -From 25-12 to 31-12: +From 25-12 to 31-12:Hugo Lefeuvre <h...@debian.org> ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r51162 - in data: . DLA

=== --- data/dla-needed.txt 2017-04-28 18:59:29 UTC (rev 51161) +++ data/dla-needed.txt 2017-04-28 20:04:24 UTC (rev 51162) @@ -90,9 +90,6 @@ -- openjdk-7 (Emilio Pozuelo) -- -partclone (Hugo Lefeuvre) - NOTE: CVE-2017-6596 successfully reproduced

[Secure-testing-commits] r51085 - data

=== --- data/dla-needed.txt 2017-04-26 20:09:02 UTC (rev 51084) +++ data/dla-needed.txt 2017-04-26 20:54:29 UTC (rev 51085) @@ -36,9 +36,10 @@ -- jasper (Thorsten Alteholz) -- -libav (Hugo Lefeuvre) - NOTE: Upstream should provide new point-releases fixing open security issues in the next months

[Secure-testing-commits] r50492 - data/DLA

Author: hle Date: 2017-04-09 19:16:24 + (Sun, 09 Apr 2017) New Revision: 50492 Modified: data/DLA/list Log: Reserve DLA number DLA-889-1 for potrace Modified: data/DLA/list === --- data/DLA/list 2017-04-09 19:13:48 UTC

[Secure-testing-commits] r50219 - data

Author: hle Date: 2017-03-31 09:20:51 + (Fri, 31 Mar 2017) New Revision: 50219 Modified: data/dla-needed.txt Log: Assign partclone to Hugo Lefeuvre in dla-needed Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017

[Secure-testing-commits] r48193 - data/DLA

Author: hle Date: 2017-01-19 12:24:30 + (Thu, 19 Jan 2017) New Revision: 48193 Modified: data/DLA/list Log: Reserve DLA number 791-1 for libav. Modified: data/DLA/list === --- data/DLA/list 2017-01-19 12:21:44 UTC (rev

[Secure-testing-commits] r48101 - in data: . DLA

:11 UTC (rev 48101) @@ -20,9 +20,6 @@ -- bind9 (Thorsten Alteholz) -- -botan1.10 (Hugo Lefeuvre) - NOTE: Jessie has almost identical code. Looks hard to exploit but worth fixing. --- chicken NOTE: I would set this as like in Jessie, but please recheck

[Secure-testing-commits] r48100 - data

Author: hle Date: 2017-01-16 08:25:25 + (Mon, 16 Jan 2017) New Revision: 48100 Modified: data/dla-needed.txt Log: Assign potrace to Hugo Lefeuvre in dla-needed. Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017

[Secure-testing-commits] r47952 - data

Author: hle Date: 2017-01-12 15:29:04 + (Thu, 12 Jan 2017) New Revision: 47952 Modified: data/dla-needed.txt Log: Assign botan1.10 to Hugo Lefeuvre in dla-needed. Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017

[Secure-testing-commits] r47947 - data/DLA

Author: hle Date: 2017-01-12 15:03:08 + (Thu, 12 Jan 2017) New Revision: 47947 Modified: data/DLA/list Log: Claim DLA ID DLA-780-1 for libav Modified: data/DLA/list === --- data/DLA/list 2017-01-12 15:02:57 UTC (rev

[Secure-testing-commits] r47790 - data/CVE

Author: hle Date: 2017-01-06 16:20:45 + (Fri, 06 Jan 2017) New Revision: 47790 Modified: data/CVE/list Log: Mark various issues as not-affecting Xen in wheezy (qemu/{virtio, qcow and ui} issues irrelevant) Modified: data/CVE/list

[Secure-testing-commits] r47443 - data/CVE

Author: hle Date: 2016-12-26 14:40:49 + (Mon, 26 Dec 2016) New Revision: 47443 Modified: data/CVE/list Log: CVE triage for Xen in wheezy. Modified: data/CVE/list === --- data/CVE/list 2016-12-26 10:38:59 UTC (rev 47442)

[Secure-testing-commits] r47438 - data/DLA

Author: hle Date: 2016-12-26 10:06:12 + (Mon, 26 Dec 2016) New Revision: 47438 Modified: data/DLA/list Log: Reserve DLA-765-1 for qemu-kvm Modified: data/DLA/list === --- data/DLA/list 2016-12-26 09:58:54 UTC (rev

[Secure-testing-commits] r47432 - in data: . DLA

@@ -- potrace -- -qemu (Hugo Lefeuvre) --- -qemu-kvm (Hugo Lefeuvre) --- samba -- shutter (Christoph Biedl) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo

[Secure-testing-commits] r47422 - data/CVE

Author: hle Date: 2016-12-25 10:44:55 + (Sun, 25 Dec 2016) New Revision: 47422 Modified: data/CVE/list Log: Update informations for CVE-2016-9916 Modified: data/CVE/list === --- data/CVE/list 2016-12-25 10:24:00 UTC

[Secure-testing-commits] r47119 - data/CVE

Author: hle Date: 2016-12-15 21:45:31 + (Thu, 15 Dec 2016) New Revision: 47119 Modified: data/CVE/list Log: Mark CVE-2016-9907 as not affecting qemu(-kvm) in wheezy Modified: data/CVE/list === --- data/CVE/list

[Secure-testing-commits] r47114 - data/CVE

Author: hle Date: 2016-12-15 18:56:01 + (Thu, 15 Dec 2016) New Revision: 47114 Modified: data/CVE/list Log: Mark CVE-2016-9923 no-dsa in wheezy Modified: data/CVE/list === --- data/CVE/list 2016-12-15 18:55:32 UTC (rev

[Secure-testing-commits] r47019 - data/CVE

Author: hle Date: 2016-12-13 10:16:42 + (Tue, 13 Dec 2016) New Revision: 47019 Modified: data/CVE/list Log: CVE triage for Xen in wheezy. Modified: data/CVE/list === --- data/CVE/list 2016-12-13 09:58:33 UTC (rev 47018)

[Secure-testing-commits] r46930 - data

(rev 46929) +++ data/dla-needed.txt 2016-12-09 09:44:06 UTC (rev 46930) @@ -94,9 +94,9 @@ -- potrace -- -qemu +qemu (Hugo Lefeuvre) -- -qemu-kvm +qemu-kvm (Hugo Lefeuvre) -- tiff -- ___ Secure-testing-commits mailing list Secure-testing-commits

[Secure-testing-commits] r46633 - data/CVE

Author: hle Date: 2016-11-29 08:47:12 + (Tue, 29 Nov 2016) New Revision: 46633 Modified: data/CVE/list Log: CVE triage for Xen in wheezy. Modified: data/CVE/list === --- data/CVE/list 2016-11-29 07:30:50 UTC (rev 46632)

[Secure-testing-commits] r46507 - data/CVE

Author: hle Date: 2016-11-24 09:21:29 + (Thu, 24 Nov 2016) New Revision: 46507 Modified: data/CVE/list Log: CVE triage for Xen in wheezy. Modified: data/CVE/list === --- data/CVE/list 2016-11-24 09:10:13 UTC (rev 46506)

[Secure-testing-commits] r46412 - data/CVE

Author: hle Date: 2016-11-21 22:30:01 + (Mon, 21 Nov 2016) New Revision: 46412 Modified: data/CVE/list Log: CVE triage for Xen in wheezy. Modified: data/CVE/list === --- data/CVE/list 2016-11-21 22:24:47 UTC (rev 46411)

[Secure-testing-commits] r46385 - data/CVE

Author: hle Date: 2016-11-21 18:08:48 + (Mon, 21 Nov 2016) New Revision: 46385 Modified: data/CVE/list Log: CVE triage for Xen in wheezy. Modified: data/CVE/list === --- data/CVE/list 2016-11-21 16:17:56 UTC (rev 46384)

[Secure-testing-commits] r46336 - data/CVE

Author: hle Date: 2016-11-19 08:21:13 + (Sat, 19 Nov 2016) New Revision: 46336 Modified: data/CVE/list Log: CVE triage for Xen in wheezy. Modified: data/CVE/list === --- data/CVE/list 2016-11-19 06:57:40 UTC (rev 46335)

[Secure-testing-commits] r46201 - data/CVE

Author: hle Date: 2016-11-14 21:40:56 + (Mon, 14 Nov 2016) New Revision: 46201 Modified: data/CVE/list Log: CVE triage for Xen in wheezy. Modified: data/CVE/list === --- data/CVE/list 2016-11-14 21:18:28 UTC (rev 46200)

[Secure-testing-commits] r46095 - data/CVE

Author: hle Date: 2016-11-10 09:33:21 + (Thu, 10 Nov 2016) New Revision: 46095 Modified: data/CVE/list Log: CVE triage for Xen in wheezy. Modified: data/CVE/list === --- data/CVE/list 2016-11-10 07:57:54 UTC (rev 46094)

[Secure-testing-commits] r46028 - data/CVE

Author: hle Date: 2016-11-06 21:46:25 + (Sun, 06 Nov 2016) New Revision: 46028 Modified: data/CVE/list Log: CVE triage for Xen in wheezy. Modified: data/CVE/list === --- data/CVE/list 2016-11-06 20:57:49 UTC (rev 46027)

[Secure-testing-commits] r45639 - data

-26 19:29:10 UTC (rev 45638) +++ data/dla-needed.txt 2016-10-26 19:29:52 UTC (rev 45639) @@ -38,8 +38,8 @@ NOTE: 20161019: CVE-2016-7971 is disputed upstream. No patch available yet. -- libav (Hugo Lefeuvre) - NOTE: Upstream will provide new point-releases fixing open security issues

[Secure-testing-commits] r45612 - in data: . DLA

this entry? -- -qemu (Hugo Lefeuvre) --- -qemu-kvm (Hugo Lefeuvre) - NOTE: Potentially affected by all qemu CVE-s: - NOTE: https://lists.debian.org/debian-lts/2016/09/msg00014.html --- samba NOTE: patch for CVE-2016-2115 has been removed intentionally in version 2:3.6.6-6+deb7u10 NOTE: so

[Secure-testing-commits] r45557 - data/CVE

Author: hle Date: 2016-10-24 19:55:44 + (Mon, 24 Oct 2016) New Revision: 45557 Modified: data/CVE/list Log: Add link to upstream commit for CVE-2016-8669. Modified: data/CVE/list === --- data/CVE/list 2016-10-24

[Secure-testing-commits] r45511 - data/CVE

Author: hle Date: 2016-10-22 10:23:58 + (Sat, 22 Oct 2016) New Revision: 45511 Modified: data/CVE/list Log: Add link to upstream commits for CVE-2016{8678, 8577, 8576} (qemu/qemu-kvm) Modified: data/CVE/list === ---

[Secure-testing-commits] r45407 - in data: . DLA

@@ -- libxml2 (Thorsten Alteholz) -- -libxrandr (Hugo Lefeuvre) --- libxrender (Markus Koschany) -- libxtst (Emilio Pozuelo) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman

[Secure-testing-commits] r45210 - data

Author: hle Date: 2016-10-11 11:56:43 + (Tue, 11 Oct 2016) New Revision: 45210 Modified: data/dla-needed.txt Log: Assign libxrandr to Hugo Lefeuvre in dla-needed. Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016

[Secure-testing-commits] r45207 - data/DLA

Author: hle Date: 2016-10-11 07:31:26 + (Tue, 11 Oct 2016) New Revision: 45207 Modified: data/DLA/list Log: Claim DLA ID DLA-653-1 & DLA-652-1 for qemu and qemu-kvm Modified: data/DLA/list === --- data/DLA/list

[Secure-testing-commits] r45044 - in data: . DLA

+34,7 @@ libarchive (Emilio Pozuelo) -- libav (Hugo Lefeuvre) - NOTE: Latest issue is CVE-2016-7393, it would be a good time to release accumulated fixes + NOTE: Upstream will provide new point-releases fixing open security issues in the next months. NOTE: (See debian-lts ML) -- libical

[Secure-testing-commits] r44584 - data

Author: hle Date: 2016-09-14 10:39:34 + (Wed, 14 Sep 2016) New Revision: 44584 Modified: data/dla-needed.txt Log: Assign libav to Hugo Lefeuvre in dla-needed. Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-09

[Secure-testing-commits] r44504 - data/DLA

Author: hle Date: 2016-09-11 16:13:52 + (Sun, 11 Sep 2016) New Revision: 44504 Modified: data/DLA/list Log: Reserve DLA number 619-1 for qemu-kvm. Modified: data/DLA/list === --- data/DLA/list 2016-09-11 16:12:19 UTC

  1   2   >