UTC (rev 41776)
+++ data/dla-needed.txt 2016-05-16 18:27:40 UTC (rev 41777)
@@ -124,5 +124,5 @@
--
x11vnc
--
-xymon
+xymon (Markus Koschany)
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http
Author: apo
Date: 2016-05-14 13:52:35 + (Sat, 14 May 2016)
New Revision: 41719
Modified:
data/DLA/list
Log:
Reserve DLA-472-1 for icedove
Modified: data/DLA/list
===
--- data/DLA/list 2016-05-14 13:24:47 UTC (rev 41718)
on the
exploits
+graphicsmagick (Markus Koschany)
--
icu (Roberto C. Sánchez)
NOTE: check comments on CVE-2016-0494 as well
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin
Author: apo
Date: 2016-05-14 20:58:46 + (Sat, 14 May 2016)
New Revision: 41736
Modified:
data/dla-needed.txt
Log:
Update NOTE about imagemagick in dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt
:17:07 UTC (rev 41733)
+++ data/dla-needed.txt 2016-05-14 20:22:26 UTC (rev 41734)
@@ -87,7 +87,7 @@
policykit-1
NOTE: CVE-2016-2568 doesn't have a fix yet, 20160425
--
-python-tornado
+python-tornado (Markus Koschany)
--
quagga
NOTE: see dsa-needed's notes
@@
--
wireshark
--
-wpa (Markus Koschany)
---
x11vnc
--
xymon
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
minor issues
--
-jansson (Markus Koschany)
---
libidn (Brian May)
Testing is required.
https://people.debian.org/~bam/debian/pool/main/libi/libidn/
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http
(rev 41708)
+++ data/dla-needed.txt 2016-05-13 16:00:54 UTC (rev 41709)
@@ -133,7 +133,7 @@
--
wireshark
--
-wpa
+wpa (Markus Koschany)
--
x11vnc
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http
11:50:01 UTC (rev 41836)
+++ data/dla-needed.txt 2016-05-18 14:56:04 UTC (rev 41837)
@@ -24,6 +24,8 @@
--
eglibc (Santiago R.R.)
--
+expat (Markus Koschany)
+--
extplorer (Thorsten Alteholz)
NOTE: package for testing uploaded
--
___
Secure
)
@@ -88,8 +88,6 @@
policykit-1
NOTE: CVE-2016-2568 doesn't have a fix yet, 20160425
--
-python-tornado (Markus Koschany)
---
quagga
NOTE: see dsa-needed's notes.
NOTE: Maintainer's answer:
https://lists.debian.org/msgid-search/878tzv6pru@mid.deneb.enyo.de
Author: apo
Date: 2016-05-03 10:40:51 + (Tue, 03 May 2016)
New Revision: 41368
Modified:
data/dla-needed.txt
Log:
Update roundcube notes in dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-03
(rev 41366)
+++ data/dla-needed.txt 2016-05-03 10:28:40 UTC (rev 41367)
@@ -60,8 +60,6 @@
--
openafs
--
-openjdk-7 (Markus Koschany)
---
openssl
--
pdns (Guido Günther)
___
Secure-testing-commits mailing list
Secure-testing-commits
/dla-needed.txt 2016-05-03 15:30:48 UTC (rev 41382)
@@ -84,8 +84,6 @@
samba
Samba maintainers are preparing updates for regressions
--
-smarty3 (Markus Koschany)
---
squid
--
squid3
___
Secure-testing-commits mailing list
Secure-testing-commits
Author: apo
Date: 2016-05-10 16:01:38 + (Tue, 10 May 2016)
New Revision: 41616
Modified:
data/DLA/list
Log:
Reserve DLA-449-2 for botan1.10
Modified: data/DLA/list
===
--- data/DLA/list 2016-05-10 15:33:35 UTC (rev
-04 18:44:41 UTC (rev 41422)
+++ data/dla-needed.txt 2016-05-04 19:14:58 UTC (rev 41423)
@@ -49,6 +49,8 @@
--
mercurial (Thorsten Alteholz)
--
+nagios3 (Markus Koschany)
+--
nss (Guido Günther)
--
ntp
___
Secure-testing-commits mailing list
Secure
Author: apo
Date: 2016-05-04 20:40:21 + (Wed, 04 May 2016)
New Revision: 41428
Modified:
data/dla-needed.txt
Log:
Add librsvg to dla-needed.txt.
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-04 20:37:43
19:16:07 UTC (rev 41424)
+++ data/dla-needed.txt 2016-05-04 20:16:15 UTC (rev 41425)
@@ -18,6 +18,8 @@
cakephp
NOTE: CVE-2015-8379 No official solution is currently available, 20160425
--
+file (Markus Koschany)
+--
gosa (Mike Gabriel)
NOTE: .debdiff sent to the Security Team, waiting
Author: apo
Date: 2016-05-04 21:19:38 + (Wed, 04 May 2016)
New Revision: 41432
Modified:
data/dla-needed.txt
Log:
Add libuser to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-04 21:14:30
Author: apo
Date: 2016-04-19 16:58:17 + (Tue, 19 Apr 2016)
New Revision: 40997
Modified:
data/CVE/list
Log:
Mark CVE-2015-7496 as in Wheezy.
Vulnerable code not present. Unreproducible. Steps to reproduce
1. Lock screen (Super +L)
2. Hold ESC key.
Modified: data/CVE/list
Author: apo
Date: 2016-04-19 17:00:37 + (Tue, 19 Apr 2016)
New Revision: 40998
Modified:
data/CVE/list
Log:
Mark CVE-2016-0737 and CVE-2016-0738 as in Wheezy.
Vulnerable code not present.
Modified: data/CVE/list
===
---
UTC (rev 40967)
+++ data/dsa-needed.txt 2016-04-18 13:26:45 UTC (rev 40968)
@@ -17,7 +17,7 @@
asterisk
NOTE: Thorsten Alteholz is looking at CVEs for Wheezy and maybe Jessie ...
--
-botan1.10
+botan1.10 (Markus Koschany)
--
extplorer/oldstable (Thorsten Alteholz)
NOTE: .debdiff sent
-frontdesk.2016.txt 2016-04-21 06:36:30 UTC (rev 41031)
+++ org/lts-frontdesk.2016.txt 2016-04-21 06:42:04 UTC (rev 41032)
@@ -28,7 +28,7 @@
From 11-04 to 17-04:Markus Koschany <a...@debian.org>
From 18-04 to 24-04:
From 25-04 to 01-05:
-From 02-05 to 08-05:
+From 02-05 to 08-05:Markus Ko
UTC (rev 41552)
+++ data/dla-needed.txt 2016-05-09 07:51:49 UTC (rev 41553)
@@ -45,7 +45,7 @@
--
libtasn1-3 (Thorsten Alteholz)
--
-libuser
+libuser (Markus Koschany)
NOTE: More information and fixing commit in https://bugs.debian.org/793465
--
libxml2
Author: apo
Date: 2016-05-09 07:54:16 + (Mon, 09 May 2016)
New Revision: 41554
Modified:
data/dla-needed.txt
Log:
Add sogo to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-09 07:51:49 UTC
Author: apo
Date: 2016-05-09 22:36:48 + (Mon, 09 May 2016)
New Revision: 41587
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-463-1 for ikiwiki
Modified: data/DLA/list
===
--- data/DLA/list 2016-05-09
UTC (rev 41522)
+++ data/dsa-needed.txt 2016-05-07 18:52:59 UTC (rev 41523)
@@ -64,5 +64,5 @@
--
squid3
--
-tomcat8
+tomcat8 (Markus Koschany)
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http
Author: apo
Date: 2016-05-07 19:09:03 + (Sat, 07 May 2016)
New Revision: 41524
Modified:
data/dla-needed.txt
Log:
Add jansson to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-07 18:52:59
No official solution is currently available, 20160425
--
-file (Markus Koschany)
---
gosa (Mike Gabriel)
NOTE: .debdiff sent to the Security Team, waiting for feedback
NOTE: asked about jessie status (seb)
___
Secure-testing-commits mailing list
}
[wheezy] - file 5.11-2+deb7u9
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-07 19:09:03 UTC (rev 41524)
+++ data/dla-needed.txt 2016-05-07 19:21:10 UTC (rev 41525)
@@ -60,8 +60,6 @@
--
linux
--
-nagios3 (Markus
Author: apo
Date: 2016-05-07 19:57:40 + (Sat, 07 May 2016)
New Revision: 41526
Modified:
data/dla-needed.txt
Log:
Add ocaml to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-07 19:21:10 UTC
Author: apo
Date: 2016-05-07 18:49:41 + (Sat, 07 May 2016)
New Revision: 41522
Modified:
data/dla-needed.txt
Log:
Add ikiwiki to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-07 17:44:45
Author: apo
Date: 2016-05-07 21:53:59 + (Sat, 07 May 2016)
New Revision: 41531
Modified:
data/dla-needed.txt
Log:
Add websvn to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-07 21:32:42 UTC
-25 16:06:21 UTC (rev 42019)
+++ data/dla-needed.txt 2016-05-25 16:45:56 UTC (rev 42020)
@@ -118,5 +118,3 @@
--
xen
--
-xymon (Markus Koschany)
---
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http
UTC (rev 43475)
+++ data/dla-needed.txt 2016-07-26 00:26:56 UTC (rev 43476)
@@ -119,7 +119,7 @@
--
tiff3
--
-uclibc
+uclibc (Markus Koschany)
--
wordpress (Markus Koschany)
--
___
Secure-testing-commits mailing list
Secure-testing-commits
Author: apo
Date: 2016-07-25 23:57:37 + (Mon, 25 Jul 2016)
New Revision: 43475
Modified:
data/CVE/list
Log:
Wheezy is not affected by CVE-2016-5833
column_title function not present
Modified: data/CVE/list
===
---
(rev 43485)
@@ -119,8 +119,6 @@
--
tiff3
--
-uclibc (Markus Koschany)
---
wordpress (Markus Koschany)
--
xen (Brian May)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin
(rev 43485)
+++ data/dla-needed.txt 2016-07-26 09:37:55 UTC (rev 43486)
@@ -22,9 +22,8 @@
NOTE: 20160529, no fix yet
NOTE: 20160618, still no fix
--
-gosa (Mike Gabriel)
- NOTE: .debdiff sent to the Security Team, waiting for feedback
- NOTE: asked about jessie status (seb)
+gosa (Markus
-needed.txt 2016-07-28 09:10:10 UTC (rev 43550)
+++ data/dla-needed.txt 2016-07-28 09:42:54 UTC (rev 43551)
@@ -31,6 +31,8 @@
--
kde4libs (Balint Reczey)
--
+libdbd-mysql-perl (Markus Koschany)
+--
libical
NOTE: issues are currently not public, but
https://marc.info/?l=oss-security=146685931517961=2
Author: apo
Date: 2016-07-28 11:53:24 + (Thu, 28 Jul 2016)
New Revision: 43553
Modified:
data/CVE/list
Log:
Add some notes about CVE-2016-5836
Modified: data/CVE/list
===
--- data/CVE/list 2016-07-28 11:30:38 UTC (rev
:58:48 UTC (rev 43611)
+++ data/dla-needed.txt 2016-07-29 15:48:04 UTC (rev 43612)
@@ -126,8 +126,6 @@
wireshark
NOTE: I guess this will be done by Balint
--
-wordpress (Markus Koschany)
---
xen (Brian May)
Update prepared by credativ ready here:
https://people.debian.org/~zobel/xen-lts
Author: apo
Date: 2016-08-01 07:41:02 + (Mon, 01 Aug 2016)
New Revision: 43687
Modified:
data/dla-needed.txt
Log:
Add wordpress to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-08-01 05:11:02
Author: apo
Date: 2016-08-01 08:04:42 + (Mon, 01 Aug 2016)
New Revision: 43688
Modified:
data/dla-needed.txt
Log:
Add libsys-syslog-perl to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-08-01
Author: apo
Date: 2016-08-01 10:24:30 + (Mon, 01 Aug 2016)
New Revision: 43694
Modified:
data/DLA/list
Log:
Fix DLA number for graphite2
Modified: data/DLA/list
===
--- data/DLA/list 2016-08-01 09:50:42 UTC (rev 43693)
UTC (rev 43695)
+++ data/dla-needed.txt 2016-08-01 12:15:34 UTC (rev 43696)
@@ -104,7 +104,7 @@
NOTE: 20160626, there are new vulnerabilities, Emilio Pozuelo Monfort
forwarded them upstream
NOTE: 20160729, some vulnerabilities fixed, many still unfixed
--
-tiff3
+tiff3 (Markus Koschany
Author: apo
Date: 2016-08-01 08:09:58 + (Mon, 01 Aug 2016)
New Revision: 43689
Modified:
data/dla-needed.txt
Log:
Add mysql-5.5 to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-08-01 08:04:42
Author: apo
Date: 2016-08-01 09:44:49 + (Mon, 01 Aug 2016)
New Revision: 43691
Modified:
data/dla-needed.txt
Log:
Clarify status of mysql-5.5
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-08-01 08:30:07 UTC
Author: apo
Date: 2016-08-01 10:33:54 + (Mon, 01 Aug 2016)
New Revision: 43695
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Mark CVE-2016-127 as no-dsa for Wheezy
"Vulnerable" code is present but upstream says it works as intended. Will
however improve the documentation in
: 20160529, no fix yet
NOTE: 20160618, still no fix
--
-gosa (Markus Koschany)
- NOTE: Take gosa and get the upload done because Mike hasn't responded to my
last e-mail.
---
icedove (Guido Günther)
--
icu (Roberto C. Sánchez)
___
Secure-testing
Author: apo
Date: 2016-07-26 13:30:38 + (Tue, 26 Jul 2016)
New Revision: 43492
Modified:
data/CVE/list
Log:
CVE-2014-9760 is fixed in Gosa (Wheezy)
0003_xss-vulnerability-on-login-screen.patch has been applied since 2014
Modified: data/CVE/list
)
@@ -22,8 +22,6 @@
--
imagemagick (Ben Hutchings)
--
-libdbd-mysql-perl (Markus Koschany)
---
libical
NOTE: issues are currently not public, but
https://marc.info/?l=oss-security=146685931517961=2 claims
___
Secure-testing-commits mailing list
Author: apo
Date: 2016-08-03 09:01:41 + (Wed, 03 Aug 2016)
New Revision: 43738
Modified:
data/CVE/list
Log:
CVE-2016-5419: Add link to patch
Modified: data/CVE/list
===
--- data/CVE/list 2016-08-03 08:49:35 UTC (rev
Author: apo
Date: 2016-08-03 09:03:35 + (Wed, 03 Aug 2016)
New Revision: 43739
Modified:
data/CVE/list
Log:
CVE-2016-5420: Add link to patch
Modified: data/CVE/list
===
--- data/CVE/list 2016-08-03 09:01:41 UTC (rev
Author: apo
Date: 2016-08-03 09:07:23 + (Wed, 03 Aug 2016)
New Revision: 43740
Modified:
data/CVE/list
Log:
CVE-2016-5421: Add link to patch. Mark Wheezy as not-affected
Modified: data/CVE/list
===
--- data/CVE/list
Author: apo
Date: 2016-08-03 09:07:51 + (Wed, 03 Aug 2016)
New Revision: 43741
Modified:
data/dla-needed.txt
Log:
Add curl to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-08-03 09:07:23 UTC
Author: apo
Date: 2016-08-03 08:49:35 + (Wed, 03 Aug 2016)
New Revision: 43737
Modified:
data/dla-needed.txt
Log:
Add squid to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-08-03 08:34:13 UTC
Author: apo
Date: 2016-08-04 09:37:52 + (Thu, 04 Aug 2016)
New Revision: 43764
Modified:
data/CVE/list
Log:
CVE-2016-6301: no-dsa for Busybox because NTP server not enabled by default
Modified: data/CVE/list
===
---
(rev 43759)
+++ data/dla-needed.txt 2016-08-04 08:46:20 UTC (rev 43760)
@@ -11,7 +11,7 @@
--
asterisk (Thorsten Alteholz)
--
-curl
+curl (Markus Koschany)
--
erlang
NOTE: recheck, maybe it is enough to just blacklist HTTP_PROXY in mod_cgi
Author: apo
Date: 2016-08-04 08:47:45 + (Thu, 04 Aug 2016)
New Revision: 43761
Modified:
data/DLA/list
Log:
Reserve DLA-585-1 for firefox-esr
Modified: data/DLA/list
===
--- data/DLA/list 2016-08-04 08:46:20 UTC (rev
: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-07-21 04:44:21 UTC (rev 43328)
+++ data/dla-needed.txt 2016-07-21 05:48:32 UTC (rev 43329)
@@ -32,8 +32,6 @@
--
kde4libs
--
-libarchive (Markus Koschany)
---
libgd2 (Thorsten
Author: apo
Date: 2016-07-07 17:08:59 + (Thu, 07 Jul 2016)
New Revision: 43055
Modified:
data/dla-needed.txt
Log:
Add bind9 to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-07-07 16:35:40 UTC
Author: apo
Date: 2016-07-07 17:11:22 + (Thu, 07 Jul 2016)
New Revision: 43056
Modified:
data/dla-needed.txt
Log:
Add pdns to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-07-07 17:08:59 UTC
Author: apo
Date: 2016-07-07 17:12:57 + (Thu, 07 Jul 2016)
New Revision: 43057
Modified:
data/CVE/list
Log:
CVE-2016-6170: Add links to proposed patches
Modified: data/CVE/list
===
--- data/CVE/list 2016-07-07 17:11:22
Author: apo
Date: 2016-07-07 16:35:40 + (Thu, 07 Jul 2016)
New Revision: 43054
Modified:
data/CVE/list
Log:
Mark CVE-2016-6163 as not-affected in Wheezy
Unreproducible, vulnerable fallback functions not present.
Modified: data/CVE/list
Author: apo
Date: 2016-07-10 16:11:14 + (Sun, 10 Jul 2016)
New Revision: 43094
Modified:
data/CVE/list
Log:
Mark trn as not-supported in Wheezy.
non-free, removed from Debian, no upstream support
see #830294
Modified: data/CVE/list
Author: apo
Date: 2016-07-10 16:26:09 + (Sun, 10 Jul 2016)
New Revision: 43095
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Remove no-dsa tag from CVE-2016-5240 and CVE-2016-5241
and add graphicsmagick to dla-needed.txt since we want to fix even minor issues
Modified:
Author: apo
Date: 2016-07-10 16:35:31 + (Sun, 10 Jul 2016)
New Revision: 43096
Modified:
data/dla-needed.txt
Log:
Add drupal7 to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-07-10 16:26:09
Author: apo
Date: 2016-07-10 16:36:54 + (Sun, 10 Jul 2016)
New Revision: 43097
Modified:
data/CVE/list
Log:
Remove no-dsa tag from CVE-2015-7943, drupal7.
Modified: data/CVE/list
===
--- data/CVE/list 2016-07-10
Author: apo
Date: 2016-07-04 14:41:24 + (Mon, 04 Jul 2016)
New Revision: 42998
Modified:
data/CVE/list
Log:
roundcube: Link to my additional comments regarding the last security update
Modified: data/CVE/list
===
---
Author: apo
Date: 2016-08-06 10:25:00 + (Sat, 06 Aug 2016)
New Revision: 43807
Modified:
data/dla-needed.txt
Log:
Add mupdf to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-08-06 10:07:59 UTC
Author: apo
Date: 2016-07-29 16:41:20 + (Fri, 29 Jul 2016)
New Revision: 43616
Modified:
data/DLA/list
Log:
wordpress update: Fix typo with CVE-2016-5837
Modified: data/DLA/list
===
--- data/DLA/list 2016-07-29
Author: apo
Date: 2016-06-30 18:33:36 + (Thu, 30 Jun 2016)
New Revision: 42924
Modified:
data/CVE/list
data/dla-needed.txt
Log:
CVE-2015-5211: Mark as no-dsa for Wheezy
and remove libspring-java and libjackson-json-java from dla-needed.txt
Modified: data/CVE/list
notes.
NOTE: Maintainer's answer:
https://lists.debian.org/msgid-search/878tzv6pru@mid.deneb.enyo.de
--
-roundcube (Markus Koschany)
---
ruby-actionpack-3.2 (Guido Günther)
NOTE: help appreciated from s.b. knowing active{record,model
Author: apo
Date: 2016-07-01 17:14:36 + (Fri, 01 Jul 2016)
New Revision: 42964
Modified:
data/CVE/list
Log:
CVE-2015-8916: Mark as not-affected for Wheezy
CVE is not reproducible in Wheezy with reproducer from
https://github.com/libarchive/libarchive/issues/504
but the issue can be
Author: apo
Date: 2016-07-01 18:55:52 + (Fri, 01 Jul 2016)
New Revision: 42966
Modified:
data/CVE/list
Log:
CVE-2015-8917: Add link to patch
Modified: data/CVE/list
===
--- data/CVE/list 2016-07-01 18:09:57 UTC (rev
Author: apo
Date: 2016-07-01 20:32:14 + (Fri, 01 Jul 2016)
New Revision: 42971
Modified:
data/CVE/list
Log:
CVE-2015-8919: Add link to patch
Modified: data/CVE/list
===
--- data/CVE/list 2016-07-01 19:53:08 UTC (rev
Author: apo
Date: 2016-07-01 21:18:05 + (Fri, 01 Jul 2016)
New Revision: 42973
Modified:
data/CVE/list
Log:
CVE-2015-8920: Add link to patch
Modified: data/CVE/list
===
--- data/CVE/list 2016-07-01 21:10:11 UTC (rev
Author: apo
Date: 2016-07-01 19:50:25 + (Fri, 01 Jul 2016)
New Revision: 42968
Modified:
data/CVE/list
Log:
CVE-2015-8918: Mark as not-affected for Wheezy
Issue is not reproducible with Wheezy's version of bsdtar.
Modified: data/CVE/list
Author: apo
Date: 2016-07-03 22:04:59 + (Sun, 03 Jul 2016)
New Revision: 42992
Modified:
data/CVE/list
Log:
libarchive: Add more links to patches
Modified: data/CVE/list
===
--- data/CVE/list 2016-07-03 15:53:24 UTC
Author: apo
Date: 2016-06-20 22:22:19 + (Mon, 20 Jun 2016)
New Revision: 42668
Modified:
data/CVE/list
Log:
CVE-2016-3189, bzip2: Minor issue, no DLA
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-20 21:10:06
Author: apo
Date: 2017-02-01 04:54:42 + (Wed, 01 Feb 2017)
New Revision: 48640
Modified:
data/CVE/list
Log:
CVE-2017-5487,wordpress: Mark as not-affected in Wheezy
The vulnerable code was introduced later.
Modified: data/CVE/list
/dla-needed.txt 2017-02-01 04:54:42 UTC (rev 48640)
+++ data/dla-needed.txt 2017-02-01 06:46:37 UTC (rev 48641)
@@ -96,8 +96,6 @@
--
svgsalamander
--
-wordpress (Markus Koschany)
---
xen
--
xrdp
___
Secure-testing-commits mailing list
Secure
Author: apo
Date: 2017-02-07 10:10:30 + (Tue, 07 Feb 2017)
New Revision: 48753
Modified:
data/CVE/list
Log:
gnome-keyring, bug #395572, no-dsa in Wheezy
Follow Jessie
Modified: data/CVE/list
===
--- data/CVE/list
Author: apo
Date: 2017-02-07 10:00:06 + (Tue, 07 Feb 2017)
New Revision: 48752
Modified:
data/CVE/list
Log:
TEMP-000-573218, irssi: not-affected
support for sasl not present
Modified: data/CVE/list
===
--- data/CVE/list
Author: apo
Date: 2017-02-07 10:59:55 + (Tue, 07 Feb 2017)
New Revision: 48755
Modified:
data/CVE/list
Log:
CVE-2017-5884,CVE-2017-5885,gtk-vnc: bug #854450 filed
Modified: data/CVE/list
===
--- data/CVE/list
Author: apo
Date: 2017-02-07 11:37:55 + (Tue, 07 Feb 2017)
New Revision: 48756
Modified:
data/CVE/list
Log:
CVE-2017-5487,wordpress: not-affected, vulnerable code not present
Modified: data/CVE/list
===
--- data/CVE/list
Author: apo
Date: 2017-02-08 21:49:37 + (Wed, 08 Feb 2017)
New Revision: 48782
Modified:
data/dla-needed.txt
Log:
Add php5 to dla-needed.txt
It is vulnerable to CVE-2016-7478
Modified: data/dla-needed.txt
===
---
Author: apo
Date: 2017-02-06 21:25:47 + (Mon, 06 Feb 2017)
New Revision: 48738
Modified:
data/dla-needed.txt
Log:
Add mp3splt to dla-needed.txt for now
Needs more investigation. E-Mail sent to maintainer.
Modified: data/dla-needed.txt
Author: apo
Date: 2017-02-06 21:57:40 + (Mon, 06 Feb 2017)
New Revision: 48739
Modified:
data/CVE/list
Log:
CVE-2016-9577,CVE-2016-9578,spice: Add links to patches
Modified: data/CVE/list
===
--- data/CVE/list
UTC (rev 48739)
+++ data/dla-needed.txt 2017-02-06 21:58:18 UTC (rev 48740)
@@ -104,6 +104,8 @@
NOTE: from my point of view backporting the introduction of these new
members to this old
NOTE: version is way to invasive and such this should be marked as
--
+spice (Markus Koschany)
+--
xen
of announce mail also contained typo (DLA-574-1 vs. DLA-547-1)
NOTE: update available for testing in:
https://lists.debian.org/87inpe4wgu@curie.anarc.at
--
-groovy (Markus Koschany)
---
hesiod
--
ikiwiki
___
Secure-testing-commits mailing list
Author: apo
Date: 2017-01-22 23:17:39 + (Sun, 22 Jan 2017)
New Revision: 48292
Modified:
data/dla-needed.txt
Log:
Add zoneminder to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-01-22 21:48:53
:32:37 UTC (rev 48280)
+++ data/dla-needed.txt 2017-01-22 17:59:20 UTC (rev 48281)
@@ -80,6 +80,8 @@
NOTE: jessie is marked as the issue is minor enough to wait
NOTE: for the next round of updates (last check: 2017-01-16)
--
+opus (Markus Koschany)
+--
pdns (Jonas Meurer)
--
php5 (Roberto C
Author: apo
Date: 2017-01-22 17:07:19 + (Sun, 22 Jan 2017)
New Revision: 48277
Modified:
data/dla-needed.txt
Log:
Add imagemagick to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-01-22
Author: apo
Date: 2017-01-22 17:32:37 + (Sun, 22 Jan 2017)
New Revision: 48280
Modified:
data/dla-needed.txt
Log:
Add hesiod to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-01-22 17:17:05 UTC
Author: apo
Date: 2017-01-22 16:41:33 + (Sun, 22 Jan 2017)
New Revision: 48276
Modified:
data/dla-needed.txt
Log:
Add mysql-5.5 to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-01-22 14:20:10
Author: apo
Date: 2017-01-22 17:17:05 + (Sun, 22 Jan 2017)
New Revision: 48279
Modified:
data/dla-needed.txt
Log:
Add groovy to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-01-22 17:13:32 UTC
@@
NOTE: jessie is marked as the issue is minor enough to wait
NOTE: for the next round of updates (last check: 2017-01-16)
--
-opus (Markus Koschany)
---
pdns (Jonas Meurer)
--
php5 (Roberto C. Sánchez)
___
Secure-testing-commits mailing list
+groovy (Markus Koschany)
--
hesiod
--
@@ -69,7 +69,7 @@
NOTE: Giving a try to prepare the fixes because ~11% of sponsors' systems
NOTE: are still using the package despite the seemingly stalled development
--
-mysql-5.5
+mysql-5.5 (Markus Koschany)
--
mysql-connector-python
NOTE: see
Author: apo
Date: 2017-01-22 20:50:48 + (Sun, 22 Jan 2017)
New Revision: 48285
Modified:
data/CVE/list
Log:
CVE-2016-5537, netbeans: Mark as no-dsa
Backporting Netbeans 8.2 is too intrusive and we have no information about the
affected code thus we cannot prepare a targeted fix.
Author: apo
Date: 2017-01-27 11:26:50 + (Fri, 27 Jan 2017)
New Revision: 48449
Modified:
data/DLA/list
Log:
Reserve DLA-781-2 for asterisk
Modified: data/DLA/list
===
--- data/DLA/list 2017-01-27 11:22:58 UTC (rev
101 - 200 of 799 matches
Mail list logo