:15 UTC (rev 48377)
+++ data/dla-needed.txt 2017-01-25 16:46:07 UTC (rev 48378)
@@ -113,7 +113,7 @@
--
qemu-kvm
--
-wordpress
+wordpress (Markus Koschany)
--
xen
--
___
Secure-testing-commits mailing list
Secure-testing-commits
-needed.txt 2017-01-24 22:09:08 UTC (rev 48340)
+++ data/dla-needed.txt 2017-01-25 00:27:53 UTC (rev 48341)
@@ -77,8 +77,6 @@
NOTE: Giving a try to prepare the fixes because ~11% of sponsors' systems
NOTE: are still using the package despite the seemingly stalled development
--
-mysql-5.5 (Markus
49017)
@@ -118,10 +118,6 @@
NOTE: from my point of view backporting the introduction of these new
members to this old
NOTE: version is way to invasive and such this should be marked as
--
-spice (Markus Koschany)
- NOTE: package is ready. Intend to NMU #854336 if maintainer doesn't respond
UTC (rev 49164)
+++ data/dla-needed.txt 2017-02-24 05:48:40 UTC (rev 49165)
@@ -16,6 +16,8 @@
--
bind9 (Thorsten Alteholz)
--
+cakephp (Markus Koschany)
+--
calibre
NOTE: We will need to investigate the issue much further.
NOTE: In particular, it seems likely that there are more
Author: apo
Date: 2017-02-24 05:51:56 + (Fri, 24 Feb 2017)
New Revision: 49166
Modified:
data/CVE/list
Log:
CVE-2016-4793,cakephp: Add notes and link to patch.
Modified: data/CVE/list
===
--- data/CVE/list 2017-02-24
(Thorsten Alteholz)
--
-cakephp (Markus Koschany)
---
calibre
NOTE: We will need to investigate the issue much further.
NOTE: In particular, it seems likely that there are more undocumented but
___
Secure-testing-commits mailing list
Secure-testing
Author: apo
Date: 2017-02-22 19:19:04 + (Wed, 22 Feb 2017)
New Revision: 49134
Modified:
data/DLA/list
Log:
Reserve DLA-823-2 for tomcat7
Modified: data/DLA/list
===
--- data/DLA/list 2017-02-22 18:23:55 UTC (rev 49133)
)
+++ data/dla-needed.txt 2017-02-09 20:43:03 UTC (rev 48802)
@@ -101,6 +101,8 @@
NOTE: version is way to invasive and such this should be marked as
--
spice (Markus Koschany)
+ NOTE: package is ready. Intend to NMU #854336 if maintainer doesn't respond
+ NOTE: until Monday. Will release spice
Author: apo
Date: 2017-02-09 21:27:42 + (Thu, 09 Feb 2017)
New Revision: 48808
Modified:
data/dla-needed.txt
Log:
Add phpmyadmin to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-02-09 21:10:19
Author: apo
Date: 2017-02-09 20:51:23 + (Thu, 09 Feb 2017)
New Revision: 48803
Modified:
data/dla-needed.txt
Log:
Add bind9 to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-02-09 20:43:03 UTC
-09 21:01:12 UTC (rev 48805)
+++ data/dla-needed.txt 2017-02-09 21:06:19 UTC (rev 48806)
@@ -106,6 +106,8 @@
NOTE: package is ready. Intend to NMU #854336 if maintainer doesn't respond
NOTE: until Monday. Will release spice update for Wheezy afterwards.
--
+viewvc (Markus Koschany)
+--
xen
Author: apo
Date: 2017-02-09 21:31:25 + (Thu, 09 Feb 2017)
New Revision: 48809
Modified:
data/CVE/list
Log:
CVE-2016-6621,phpmyadmin: Fixed since 4:4.6.6-1
Upstream finally released more information about CVE-2016-6621. This issue is
fixed in Stretch and Sid. Wheezy and Jessie are still
Author: apo
Date: 2017-02-09 21:44:22 + (Thu, 09 Feb 2017)
New Revision: 48810
Modified:
data/dla-needed.txt
Log:
Add zoneminder to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-02-09 21:31:25
Author: apo
Date: 2017-02-09 20:52:56 + (Thu, 09 Feb 2017)
New Revision: 48804
Modified:
data/CVE/list
Log:
CVE-2017-3135, bind9: Add link to patch
Modified: data/CVE/list
===
--- data/CVE/list 2017-02-09 20:51:23 UTC
Author: apo
Date: 2017-02-12 19:11:20 + (Sun, 12 Feb 2017)
New Revision: 48860
Modified:
data/CVE/list
Log:
CVE-2017-2586,CVE-2017-2587:netpbm, Debian is not affected
vulnerable code not present, see also patch at
Author: apo
Date: 2017-02-12 17:30:18 + (Sun, 12 Feb 2017)
New Revision: 48858
Modified:
data/CVE/list
Log:
CVE-2017-5953,vim: bug report filed
Modified: data/CVE/list
===
--- data/CVE/list 2017-02-12 17:23:06 UTC (rev
Author: apo
Date: 2017-02-12 16:38:30 + (Sun, 12 Feb 2017)
New Revision: 48854
Modified:
data/CVE/list
Log:
openpyxl,#854442: Mark Wheezy as not-affected
Support for lxml was first introduced in version 1.8
Modified: data/CVE/list
Author: apo
Date: 2017-02-12 19:29:08 + (Sun, 12 Feb 2017)
New Revision: 48861
Modified:
data/CVE/list
Log:
netpbm-free,CVE-2017-2581,CVE-2017-2580,CVE-2017-2579: bug report filed
Modified: data/CVE/list
===
---
Author: apo
Date: 2017-02-12 16:44:44 + (Sun, 12 Feb 2017)
New Revision: 48855
Modified:
data/dla-needed.txt
Log:
Add libxml2 to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-02-12 16:38:30
Author: apo
Date: 2017-02-12 16:54:30 + (Sun, 12 Feb 2017)
New Revision: 48856
Modified:
data/CVE/list
Log:
CVE-2017-5896,mupdf: Wheezy is not affected
Modified: data/CVE/list
===
--- data/CVE/list 2017-02-12 16:44:44
Author: apo
Date: 2017-02-12 17:23:06 + (Sun, 12 Feb 2017)
New Revision: 48857
Modified:
data/CVE/list
Log:
CVE-2017-5953,vim: Add link to patch
Modified: data/CVE/list
===
--- data/CVE/list 2017-02-12 16:54:30 UTC
Author: apo
Date: 2017-02-14 11:27:22 + (Tue, 14 Feb 2017)
New Revision: 48922
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-823-1 for tomcat7
Modified: data/DLA/list
===
--- data/DLA/list 2017-02-14
Author: apo
Date: 2017-02-14 12:43:06 + (Tue, 14 Feb 2017)
New Revision: 48923
Modified:
data/CVE/list
Log:
tomcat7 issue,#854551,fixed in Wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2017-02-14 11:27:22 UTC
@@
NOTE: package is ready. Intend to NMU #854336 if maintainer doesn't respond
NOTE: until Monday. Will release spice update for Wheezy afterwards.
--
-viewvc (Markus Koschany)
---
xen
--
xrdp
___
Secure-testing-commits mailing list
Secure
Author: apo
Date: 2017-02-10 17:13:40 + (Fri, 10 Feb 2017)
New Revision: 48836
Modified:
data/CVE/list
Log:
CVE-2017-5884,CVE-2017-5885,gtk-vnc fixed in unstable
Modified: data/CVE/list
===
--- data/CVE/list 2017-02-10
Author: apo
Date: 2017-02-11 01:20:16 + (Sat, 11 Feb 2017)
New Revision: 48844
Modified:
data/CVE/list
Log:
CVE-2017-5604,mcabber: Wheezy is not affected
XEP-0280: Message Carbons not implemented. Vulnerable code not present.
Modified: data/CVE/list
Author: apo
Date: 2017-02-11 01:32:01 + (Sat, 11 Feb 2017)
New Revision: 48845
Modified:
data/CVE/list
Log:
CVE-2017-5591,sleekxmpp: Wheezy is not affected
vulnerable code not present, XEP-0280 not implemented
Modified: data/CVE/list
Author: apo
Date: 2017-02-11 01:47:46 + (Sat, 11 Feb 2017)
New Revision: 48846
Modified:
data/CVE/list
Log:
CVE-2017-5593,psi-plus: Wheezy is not affected
vulnerable code not present
Modified: data/CVE/list
===
---
Author: apo
Date: 2017-02-11 00:57:08 + (Sat, 11 Feb 2017)
New Revision: 48843
Modified:
data/dla-needed.txt
Log:
Add gtk-vnc to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-02-11 00:42:17
Author: apo
Date: 2017-02-11 00:42:17 + (Sat, 11 Feb 2017)
New Revision: 48842
Modified:
data/CVE/list
Log:
CVE-2017-5930,postfixadmin: Wheezy is not affected
Modified: data/CVE/list
===
--- data/CVE/list 2017-02-11
Author: apo
Date: 2017-02-12 20:17:28 + (Sun, 12 Feb 2017)
New Revision: 48862
Modified:
data/dla-needed.txt
Log:
Add vim to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-02-12 19:29:08 UTC
:17 UTC (rev 48873)
+++ data/dla-needed.txt 2017-02-13 07:41:33 UTC (rev 48874)
@@ -100,7 +100,7 @@
--
php5
--
-phpmyadmin
+phpmyadmin (Markus Koschany)
--
potrace (Hugo Lefeuvre)
NOTE: Try to reproduce CVE-2016-8685/cherry pick the patch from Stretch
-15 16:29:00 UTC (rev 48088)
+++ data/dla-needed.txt 2017-01-15 16:53:23 UTC (rev 48089)
@@ -50,7 +50,7 @@
--
libical
--
-libphp-swiftmailer
+libphp-swiftmailer (Markus Koschany)
NOTE: According to the release note this is a critial vulnerability so it
NOTE: should have high priority
Author: apo
Date: 2017-01-15 15:57:07 + (Sun, 15 Jan 2017)
New Revision: 48084
Modified:
data/DLA/list
Log:
Reserve DLA-761-2 for python-bottle
Modified: data/DLA/list
===
--- data/DLA/list 2017-01-15 14:27:18 UTC (rev
Author: apo
Date: 2017-01-19 17:46:49 + (Thu, 19 Jan 2017)
New Revision: 48197
Modified:
data/CVE/list
Log:
CVE-2016-10074, libphp-swiftmailer: Add more information.
Modified: data/CVE/list
===
--- data/CVE/list
-19 17:44:54 UTC (rev 48196)
@@ -42,10 +42,6 @@
libical
NOTE: No known solution as of 2017-01-16.
--
-libphp-swiftmailer (Markus Koschany)
- NOTE: According to the release note this is a critial vulnerability so it
- NOTE: should have high priority.
---
libplist (Emilio Pozuelo)
--
libxml
===
--- data/dla-needed.txt 2016-08-04 12:27:01 UTC (rev 43766)
+++ data/dla-needed.txt 2016-08-04 15:54:50 UTC (rev 43767)
@@ -11,8 +11,6 @@
--
asterisk (Thorsten Alteholz)
--
-curl (Markus Koschany)
---
erlang
NOTE: recheck, maybe it is enough to just blacklist HTTP_PROXY in mod_cgi
+libpodofo (Markus Koschany)
NOTE: CVE-2017-5854 does not crash but the NULL check is missing
NOTE: CVE-2017-5855 does not crash since the Wheezy code being different
NOTE: CVE-2017-5852, CVE-2017-5853 crash in Wheezy
___
Secure-testing-commits
Author: apo
Date: 2017-02-28 14:00:56 + (Tue, 28 Feb 2017)
New Revision: 49292
Modified:
data/CVE/list
Log:
CVE-2017-5836,libplist: Mark as no-dsa in Wheezy
The pointers are not incorrectly freed because the code is different in Wheezy.
Instead of parse_dict_node plist_from_bin would be
49291)
@@ -57,12 +57,6 @@
NOTE: No known solution as of 2017-01-16.
NOTE: Pinged on 2017-02-06
https://github.com/libical/libical/issues/253#issuecomment-277580552 (lamby)
--
-libplist (Markus Koschany)
- NOTE: wheezy has an old version, code has been largely rewritten so it's not
easy
Author: apo
Date: 2017-02-28 22:01:22 + (Tue, 28 Feb 2017)
New Revision: 49320
Modified:
data/CVE/list
Log:
CVE-2017-5604,mcabber: Jessie is not affected
Modified: data/CVE/list
===
--- data/CVE/list 2017-02-28
consider upgrading to the version in wheezy once this
is fixed there.
--
-libpodofo (Markus Koschany)
+libpodofo
NOTE: CVE-2017-5854 does not crash but the NULL check is missing
NOTE: CVE-2017-5855 does not crash since the Wheezy code being different
NOTE: CVE-2017-5852, CVE-2017-5853
UTC (rev 49248)
+++ data/dla-needed.txt 2017-02-26 22:21:47 UTC (rev 49249)
@@ -60,7 +60,7 @@
NOTE: No known solution as of 2017-01-16.
NOTE: Pinged on 2017-02-06
https://github.com/libical/libical/issues/253#issuecomment-277580552 (lamby)
--
-libplist
+libplist (Markus Koschany)
NOTE
Author: apo
Date: 2017-02-26 22:08:52 + (Sun, 26 Feb 2017)
New Revision: 49248
Modified:
data/CVE/list
Log:
CVE-2017-5591,slixmpp: Fixed in unstable #854740
Modified: data/CVE/list
===
--- data/CVE/list 2017-02-26
:09 UTC (rev 44370)
+++ data/dla-needed.txt 2016-09-06 15:32:40 UTC (rev 44371)
@@ -75,6 +75,6 @@
--
tomcat7 (Markus Koschany)
--
-wordpress
+wordpress (Markus Koschany)
NOTE: Proposed patch for CVE-2015-8834 doesn't seem to work for Wheezy. DB
upgrade fails
Author: apo
Date: 2016-09-04 19:50:05 + (Sun, 04 Sep 2016)
New Revision: 44318
Modified:
data/DLA/list
Log:
Also mark CVE-2016-6223 as fixed in Wheezy (tiff3)
Modified: data/DLA/list
===
--- data/DLA/list 2016-09-04
Author: apo
Date: 2016-09-04 21:00:10 + (Sun, 04 Sep 2016)
New Revision: 44323
Modified:
data/CVE/list
Log:
Clarify status for CVE-2015-7554
Modified: data/CVE/list
===
--- data/CVE/list 2016-09-04 20:52:05 UTC (rev
2016-09-04 19:10:32 UTC (rev 44314)
@@ -71,8 +71,6 @@
--
tiff (Emilio Pozuelo)
--
-tiff3 (Markus Koschany)
---
tomcat6 (Markus Koschany)
--
tomcat7 (Markus Koschany)
___
Secure-testing-commits mailing list
Secure-testing-commits
Author: apo
Date: 2016-09-04 19:08:34 + (Sun, 04 Sep 2016)
New Revision: 44313
Modified:
data/CVE/list
Log:
CVE-2013-1961 will be fixed in Wheezy (tiff3)
Modified: data/CVE/list
===
--- data/CVE/list 2016-09-04
Author: apo
Date: 2016-09-04 19:57:28 + (Sun, 04 Sep 2016)
New Revision: 44319
Modified:
data/CVE/list
Log:
CVE-2010-2596: Clarify fixed version in Stretch.
Modified: data/CVE/list
===
--- data/CVE/list 2016-09-04
Author: apo
Date: 2016-09-04 20:47:50 + (Sun, 04 Sep 2016)
New Revision: 44320
Modified:
data/CVE/list
Log:
CVE-2016-3634, CVE-2016-3633, CVE-2016-3632, CVE-2016-3631 won't be fixed by
upstream. Marked as wontfix because those tools will be removed upstream. No
patch available.
Minor
Author: apo
Date: 2016-09-04 21:08:27 + (Sun, 04 Sep 2016)
New Revision: 44325
Modified:
data/CVE/list
Log:
Clarify status of CVE-2016-5319
Modified: data/CVE/list
===
--- data/CVE/list 2016-09-04 21:03:42 UTC (rev
Author: apo
Date: 2016-09-04 19:03:59 + (Sun, 04 Sep 2016)
New Revision: 44312
Modified:
data/CVE/list
Log:
CVE-2010-2596: fixed in Stretch
Add link to patch for Wheezy and Jessie
Modified: data/CVE/list
===
---
Author: apo
Date: 2016-09-04 20:52:05 + (Sun, 04 Sep 2016)
New Revision: 44322
Modified:
data/CVE/list
Log:
Clarify status of CVE-2016-5102.
Modified: data/CVE/list
===
--- data/CVE/list 2016-09-04 20:51:27 UTC (rev
Author: apo
Date: 2016-09-04 21:03:42 + (Sun, 04 Sep 2016)
New Revision: 44324
Modified:
data/CVE/list
Log:
Clarify status of CVE-2015-8668
Modified: data/CVE/list
===
--- data/CVE/list 2016-09-04 21:00:10 UTC (rev
Author: apo
Date: 2016-09-13 19:21:33 + (Tue, 13 Sep 2016)
New Revision: 44565
Modified:
data/dla-needed.txt
Log:
Add libarchive to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-09-13 18:35:40
(rev 44529)
+++ data/dla-needed.txt 2016-09-12 20:31:34 UTC (rev 44530)
@@ -77,6 +77,9 @@
--
tiff (Emilio Pozuelo)
--
+tiff3
+ NOTE: 20160912: Open reproducible issues. No patches available.
+--
tomcat6 (Markus Koschany)
--
tomcat7 (Markus Koschany
Author: apo
Date: 2016-09-13 12:10:15 + (Tue, 13 Sep 2016)
New Revision: 44552
Modified:
data/CVE/list
Log:
Mark CVE-2016-3088 as fixed in unstable.
Modified: data/CVE/list
===
--- data/CVE/list 2016-09-13 12:02:08 UTC
Author: apo
Date: 2016-09-15 16:00:57 + (Thu, 15 Sep 2016)
New Revision: 44611
Modified:
data/dla-needed.txt
Log:
Add dropbear to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-09-15 15:59:10
Author: apo
Date: 2016-09-15 16:13:52 + (Thu, 15 Sep 2016)
New Revision: 44612
Modified:
data/CVE/list
Log:
mantis: CVE-2016-6837, no-dsa, unsupported
Modified: data/CVE/list
===
--- data/CVE/list 2016-09-15 16:00:57
Author: apo
Date: 2016-09-15 15:46:55 + (Thu, 15 Sep 2016)
New Revision: 44609
Modified:
data/dla-needed.txt
Log:
Add curl to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-09-15 15:10:53 UTC
: 20160912: Open reproducible issues. No patches available.
--
-tomcat6 (Markus Koschany)
---
tomcat7 (Markus Koschany)
--
wireshark (Balint Reczey)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http
: 20160912: Open reproducible issues. No patches available.
--
-tomcat7 (Markus Koschany)
---
wireshark (Balint Reczey)
--
wordpress (Markus Koschany)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http
Author: apo
Date: 2016-09-15 17:51:34 + (Thu, 15 Sep 2016)
New Revision: 44617
Modified:
data/CVE/list
Log:
CVE-2016-6837: end-of-life
Modified: data/CVE/list
===
--- data/CVE/list 2016-09-15 17:43:58 UTC (rev 44616)
Author: apo
Date: 2016-09-30 13:58:58 + (Fri, 30 Sep 2016)
New Revision: 44942
Modified:
data/DLA/list
Log:
Fix version number of ruby-activesupport-3.2
Modified: data/DLA/list
===
--- data/DLA/list 2016-09-30 12:50:13
)
--
-c-ares (Markus Koschany)
---
gcc-mingw-w64 (Stephen Kitt)
--
ghostscript (Roberto C. Sánchez)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure
UTC (rev 45110)
+++ data/dla-needed.txt 2016-10-06 19:19:09 UTC (rev 45111)
@@ -31,6 +31,8 @@
--
libarchive (Emilio Pozuelo)
--
+libass (Markus Koschany)
+--
libav (Hugo Lefeuvre)
NOTE: Upstream will provide new point-releases fixing open security issues
in the next months.
NOTE: (See
@@
--
zendframework (Thorsten Alteholz)
--
-zookeeper (Markus Koschany)
---
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
-needed.txt
===
--- data/dla-needed.txt 2016-09-18 15:09:58 UTC (rev 44716)
+++ data/dla-needed.txt 2016-09-18 16:12:28 UTC (rev 44717)
@@ -22,8 +22,6 @@
--
imagemagick (Ben Hutchings)
--
-jackrabbit (Markus Koschany)
---
libarchive
Author: apo
Date: 2016-09-17 21:23:32 + (Sat, 17 Sep 2016)
New Revision: 44700
Modified:
data/CVE/list
Log:
CVE-2016-5017, zookeeper: Add link to patch and security advisory.
Modified: data/CVE/list
===
--- data/CVE/list
:32 UTC (rev 44700)
+++ data/dla-needed.txt 2016-09-17 21:33:25 UTC (rev 44701)
@@ -86,3 +86,5 @@
--
zendframework
--
+zookeeper (Markus Koschany)
+--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http
Author: apo
Date: 2016-09-17 19:38:48 + (Sat, 17 Sep 2016)
New Revision: 44696
Modified:
data/CVE/list
Log:
CVE-2016-7410, dwarfutils: Add note for Jessie
that dwarfutils in Jessie shows no heap-based overflow with the reproducer
which is why the CVE was assigned in the first place.
The
:05 UTC (rev 44697)
+++ data/dla-needed.txt 2016-09-17 20:23:38 UTC (rev 44698)
@@ -84,3 +84,5 @@
wordpress (Markus Koschany)
NOTE: Proposed patch for CVE-2015-8834 doesn't seem to work for Wheezy. DB
upgrade fails.
--
+zendframework
+--
___
Secure
Author: apo
Date: 2016-09-17 20:23:05 + (Sat, 17 Sep 2016)
New Revision: 44697
Modified:
data/CVE/list
Log:
CVE-2016-4861, zendframework: Add link to patch.
Modified: data/CVE/list
===
--- data/CVE/list 2016-09-17
Author: apo
Date: 2016-09-18 21:14:07 + (Sun, 18 Sep 2016)
New Revision: 44730
Modified:
data/CVE/list
Log:
Add graphicsmagick, CVE-2016-{7446,7447,7448,7449) patches
Modified: data/CVE/list
===
--- data/CVE/list
Author: apo
Date: 2016-09-18 21:16:21 + (Sun, 18 Sep 2016)
New Revision: 44731
Modified:
data/dla-needed.txt
Log:
Add graphicsmagick to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-09-18
===
--- data/dla-needed.txt 2016-09-22 19:53:02 UTC (rev 44829)
+++ data/dla-needed.txt 2016-09-22 19:59:00 UTC (rev 44830)
@@ -79,8 +79,5 @@
tiff3
NOTE: 20160912: Open reproducible issues. No patches available.
--
-wordpress (Markus Koschany)
- NOTE: Proposed patch for CVE-2015-8834
Author: apo
Date: 2016-09-20 20:45:45 + (Tue, 20 Sep 2016)
New Revision: 44767
Modified:
data/embedded-code-copies
Log:
embedded-code-copies: warzone2100 embeds glm.
Not fixable at the moment because Debian's version causes graphical glitches.
Modified: data/embedded-code-copies
Author: apo
Date: 2016-09-17 12:07:41 + (Sat, 17 Sep 2016)
New Revision: 44676
Modified:
data/CVE/list
Log:
bash: CVE-2016-0634: Mark as no-dsa because /etc/hosts and /etc/hostname are
controlled by root.
icu: CVE-2016-7415: Disputed if this is a bug in icu. Mainly an issue in PHP.
UTC (rev 44676)
+++ data/dla-needed.txt 2016-09-17 13:45:57 UTC (rev 44677)
@@ -24,6 +24,8 @@
--
imagemagick (Ben Hutchings)
--
+jackrabbit (Markus Koschany)
+--
libarchive (Emilio Pozuelo)
--
libav (Hugo Lefeuvre)
___
Secure-testing-commits
Author: apo
Date: 2016-09-17 14:00:48 + (Sat, 17 Sep 2016)
New Revision: 44678
Modified:
data/CVE/list
Log:
CVE-2016-7410: dwarfutils not-affected in Wheezy and Jessie
The reproducer shows no errors with Valgrind. The version in Sid appears to be
affected though.
Modified: data/CVE/list
Author: apo
Date: 2016-09-17 09:59:17 + (Sat, 17 Sep 2016)
New Revision: 44674
Modified:
data/CVE/list
Log:
wordpress: Add more links and information regarding Wheezy
Modified: data/CVE/list
===
--- data/CVE/list
-08-28 18:07:23 UTC (rev 44200)
+++ data/dla-needed.txt 2016-08-28 18:27:45 UTC (rev 44201)
@@ -42,6 +42,10 @@
--
mingw32 (Stephen Kitt)
--
+openjdk-6 (Markus Koschany)
+--
+openjdk-7 (Markus Koschany)
+--
openssl
NOTE: For CVE-2016-2177, some parts of the upstream patch do not apply
NOTE
UTC (rev 44201)
+++ data/dla-needed.txt 2016-08-28 18:30:33 UTC (rev 44202)
@@ -42,10 +42,6 @@
--
mingw32 (Stephen Kitt)
--
-openjdk-6 (Markus Koschany)
---
-openjdk-7 (Markus Koschany)
---
openssl
NOTE: For CVE-2016-2177, some parts of the upstream patch do not apply
NOTE: because
Author: apo
Date: 2016-11-07 13:47:16 + (Mon, 07 Nov 2016)
New Revision: 46045
Modified:
data/CVE/list
Log:
Add more links to patches for Tomcat 6 security vulnerabilities.
Modified: data/CVE/list
===
--- data/CVE/list
-needed.txt 2016-11-07 12:08:04 UTC (rev 46042)
+++ data/dla-needed.txt 2016-11-07 13:23:20 UTC (rev 46043)
@@ -97,6 +97,10 @@
sudo
--
tomcat6 (Markus Koschany)
+ NOTE: https://anonscm.debian.org/cgit/pkg-java/tomcat6.git/log/?h=wheezy
+ NOTE: We try to coordinate the release with the security team
(Emilio Pozuelo)
--
-libxv (Markus Koschany)
---
libxvmc (Thorsten Alteholz)
--
linux (Ben Hutchings)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo
--
-libass (Markus Koschany)
---
libav (Hugo Lefeuvre)
NOTE: Upstream will provide new point-releases fixing open security issues
in the next months.
NOTE: (See debian-lts ML)
___
Secure-testing-commits mailing list
Secure-testing-commits
Author: apo
Date: 2016-10-19 11:04:17 + (Wed, 19 Oct 2016)
New Revision: 45455
Modified:
data/dla-needed.txt
Log:
Readd libass to dla-needed.txt for CVE-2016-7971
This CVE is currently without a patch and disputed by upstream.
Modified: data/dla-needed.txt
(rev 45309)
+++ data/dla-needed.txt 2016-10-14 15:25:56 UTC (rev 45310)
@@ -53,6 +53,8 @@
--
libx11
--
+libxi
+--
libxrandr Hugo Lefeuvre)
--
libxrender (Markus Koschany)
___
Secure-testing-commits mailing list
Secure-testing-commits
UTC (rev 45310)
+++ data/dla-needed.txt 2016-10-14 15:29:29 UTC (rev 45311)
@@ -59,6 +59,8 @@
--
libxrender (Markus Koschany)
--
+libxtst
+--
libxvmc (Thorsten Alteholz)
--
linux (Ben Hutchings)
___
Secure-testing-commits mailing list
Secure-testing
Author: apo
Date: 2016-10-14 15:44:15 + (Fri, 14 Oct 2016)
New Revision: 45312
Modified:
data/CVE/list
Log:
Mark CVE issues for Wheezy in matrixssl as
Modified: data/CVE/list
===
--- data/CVE/list 2016-10-14 15:29:29
(rev 45308)
+++ data/dla-needed.txt 2016-10-14 15:20:22 UTC (rev 45309)
@@ -51,6 +51,8 @@
https://marc.info/?l=oss-security=146685931517961=2 claims
that 0.47 & 1.0 are affected and wheezy has 0.48.
--
+libx11
+--
libxrandr Hugo Lefeuvre)
--
libxrender (Markus Kosc
Author: apo
Date: 2016-10-14 16:02:12 + (Fri, 14 Oct 2016)
New Revision: 45313
Modified:
data/dla-needed.txt
Log:
Add libxml2 to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-10-14 15:44:15
-runtime
NOTE: We may not need to update, but I'm leaning toward fixing
CVE-2016-7787, see #839865
--
-kdepimlibs (Markus Koschany)
---
libass
NOTE: 20161019: CVE-2016-7971 is disputed upstream. No patch available yet.
--
___
Secure-testing
+57,6 @@
--
libxml2 (Thorsten Alteholz)
--
-libxrender (Markus Koschany)
---
libxtst (Emilio Pozuelo)
--
libxv
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman
UTC (rev 45437)
+++ data/dla-needed.txt 2016-10-18 20:35:36 UTC (rev 45438)
@@ -55,7 +55,7 @@
--
libxtst (Emilio Pozuelo)
--
-libxv
+libxv (Markus Koschany)
--
libxvmc (Thorsten Alteholz)
--
___
Secure-testing-commits mailing list
Secure-testing
)
@@ -21,8 +21,6 @@
--
graphicsmagick
--
-guile-2.0 (Markus Koschany)
---
icu (Roberto C. Sánchez)
NOTE: I have been unable to reproduce the CVE-2016-7415 crash as described
in the PHP bug report
--
___
Secure-testing-commits mailing list
Secure
:28 UTC (rev 45499)
+++ data/dla-needed.txt 2016-10-21 20:06:27 UTC (rev 45500)
@@ -35,7 +35,7 @@
kde-runtime
NOTE: We may not need to update, but I'm leaning toward fixing
CVE-2016-7787, see #839865
--
-kdepimlibs
+kdepimlibs (Markus Koschany)
--
libass
NOTE: 20161019: CVE-2016-7971
Author: apo
Date: 2016-10-18 21:33:56 + (Tue, 18 Oct 2016)
New Revision: 45442
Modified:
data/dla-needed.txt
Log:
Remove guile-2.0 from dla-needed.txt again.
These issues are already fixed by DLA-666-1.
Modified: data/dla-needed.txt
201 - 300 of 799 matches
Mail list logo