[Secure-testing-commits] r46581 - data

2016-11-26 Thread Markus Koschany
-11-26 12:05:05 UTC (rev 46580) +++ data/dla-needed.txt 2016-11-26 15:55:21 UTC (rev 46581) @@ -92,11 +92,11 @@ -- tomcat6 (Markus Koschany) NOTE: https://anonscm.debian.org/cgit/pkg-java/tomcat6.git/log/?h=wheezy - NOTE: 20161123: I'm currently working on three new CVEs which were disclosed

[Secure-testing-commits] r46483 - data

2016-11-23 Thread Markus Koschany
2016-11-23 13:05:05 UTC (rev 46482) +++ data/dla-needed.txt 2016-11-23 14:26:10 UTC (rev 46483) @@ -108,11 +108,11 @@ -- tomcat6 (Markus Koschany) NOTE: https://anonscm.debian.org/cgit/pkg-java/tomcat6.git/log/?h=wheezy - NOTE: We try to coordinate the release with the security team + NOTE

[Secure-testing-commits] r46448 - data/CVE

2016-11-22 Thread Markus Koschany
Author: apo Date: 2016-11-22 13:32:14 + (Tue, 22 Nov 2016) New Revision: 46448 Modified: data/CVE/list Log: CVE-2016-7148,moin: Mark as not-affected in Wheezy Modified: data/CVE/list === --- data/CVE/list 2016-11-22

[Secure-testing-commits] r46446 - in data: . DLA

2016-11-22 Thread Markus Koschany
@@ NOTE: https://github.com/libming/libming/issues/52 NOTE: https://github.com/libming/libming/issues/53 -- -moin (Markus Koschany) --- monit -- mysql-connector-python ___ Secure-testing-commits mailing list Secure-testing-commits

[Secure-testing-commits] r46332 - data

2016-11-18 Thread Markus Koschany
Author: apo Date: 2016-11-18 21:08:54 + (Fri, 18 Nov 2016) New Revision: 46332 Modified: data/dla-needed.txt Log: Add moin to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-11-18 20:48:58 UTC

[Secure-testing-commits] r46334 - data/CVE

2016-11-18 Thread Markus Koschany
Author: apo Date: 2016-11-18 22:10:41 + (Fri, 18 Nov 2016) New Revision: 46334 Modified: data/CVE/list Log: CVE-2016-9427,libgc: Add bug reference and links to patches. Modified: data/CVE/list === --- data/CVE/list

[Secure-testing-commits] r46331 - data

2016-11-18 Thread Markus Koschany
-18 19:54:33 UTC (rev 46330) +++ data/dla-needed.txt 2016-11-18 20:48:58 UTC (rev 46331) @@ -14,6 +14,8 @@ dokuwiki NOTE: upstream marked CVE-2016-7965 as WONTFIX -- +drupal7 (Markus Koschany) +-- dwarfutils NOTE: New round of CVEs not seemingly covered by DLA 669-1

[Secure-testing-commits] r46327 - data/CVE

2016-11-18 Thread Markus Koschany
Author: apo Date: 2016-11-18 17:29:03 + (Fri, 18 Nov 2016) New Revision: 46327 Modified: data/CVE/list Log: Mark CVE-2016-9401, bash as no-dsa for Wheezy Upstream considers this only to be a normal bug Modified: data/CVE/list

[Secure-testing-commits] r46325 - data/CVE

2016-11-18 Thread Markus Koschany
Author: apo Date: 2016-11-18 16:56:51 + (Fri, 18 Nov 2016) New Revision: 46325 Modified: data/CVE/list Log: Mark teeworlds CVE-2016-9400 as end-of-life Games are not supported in Wheezy Modified: data/CVE/list === ---

[Secure-testing-commits] r46326 - data/CVE

2016-11-18 Thread Markus Koschany
Author: apo Date: 2016-11-18 17:21:52 + (Fri, 18 Nov 2016) New Revision: 46326 Modified: data/CVE/list Log: Mark CVE-2016-1249, libdbd-mysql-perl as no-dsa for Wheezy because "this problem is only exposed when the user uses server-side prepared statement support, which is NOT default

[Secure-testing-commits] r46329 - data

2016-11-18 Thread Markus Koschany
(rev 46328) +++ data/dla-needed.txt 2016-11-18 19:50:08 UTC (rev 46329) @@ -95,6 +95,8 @@ -- sendmail -- +tiff +-- tomcat6 (Markus Koschany) NOTE: https://anonscm.debian.org/cgit/pkg-java/tomcat6.git/log/?h=wheezy NOTE: We try to coordinate the release with the security team

[Secure-testing-commits] r46330 - data

2016-11-18 Thread Markus Koschany
Author: apo Date: 2016-11-18 19:54:33 + (Fri, 18 Nov 2016) New Revision: 46330 Modified: data/dla-needed.txt Log: Add firefox-esr to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-11-18

[Secure-testing-commits] r46328 - data

2016-11-18 Thread Markus Koschany
Author: apo Date: 2016-11-18 19:36:10 + (Fri, 18 Nov 2016) New Revision: 46328 Modified: data/dla-needed.txt Log: Add libxml2 to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-11-18 17:29:03

[Secure-testing-commits] r46353 - data/CVE

2016-11-20 Thread Markus Koschany
Author: apo Date: 2016-11-20 15:55:10 + (Sun, 20 Nov 2016) New Revision: 46353 Modified: data/CVE/list Log: CVE-2016-8635, nss: Fixed in all distributions. Add link to upstream patch. Modified: data/CVE/list === ---

[Secure-testing-commits] r46354 - data/CVE

2016-11-20 Thread Markus Koschany
Author: apo Date: 2016-11-20 15:58:03 + (Sun, 20 Nov 2016) New Revision: 46354 Modified: data/CVE/list Log: Wrong CVE, correct last commit and use CVE-2016-5285 Modified: data/CVE/list === --- data/CVE/list 2016-11-20

[Secure-testing-commits] r46355 - data

2016-11-20 Thread Markus Koschany
Author: apo Date: 2016-11-20 17:17:31 + (Sun, 20 Nov 2016) New Revision: 46355 Modified: data/dla-needed.txt Log: Add libgc to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-11-20 15:58:03 UTC

[Secure-testing-commits] r46356 - data/CVE

2016-11-20 Thread Markus Koschany
Author: apo Date: 2016-11-20 17:21:11 + (Sun, 20 Nov 2016) New Revision: 46356 Modified: data/CVE/list Log: CVE-2016-9427,libgc: Fixed in version 1:7.4.4-1 Modified: data/CVE/list === --- data/CVE/list 2016-11-20

[Secure-testing-commits] r46378 - data

2016-11-21 Thread Markus Koschany
(rev 46377) +++ data/dla-needed.txt 2016-11-21 12:54:35 UTC (rev 46378) @@ -76,7 +76,7 @@ NOTE: https://github.com/libming/libming/issues/52 NOTE: https://github.com/libming/libming/issues/53 -- -moin +moin (Markus Koschany) -- monit

[Secure-testing-commits] r46377 - in data: . DLA

2016-11-21 Thread Markus Koschany
-11-21 12:53:59 UTC (rev 46377) @@ -14,8 +14,6 @@ dokuwiki NOTE: upstream marked CVE-2016-7965 as WONTFIX -- -drupal7 (Markus Koschany) --- dwarfutils NOTE: New round of CVEs not seemingly covered by DLA 669-1. -- ___ Secure-testing-commits

[Secure-testing-commits] r46351 - data

2016-11-20 Thread Markus Koschany
UTC (rev 46350) +++ data/dla-needed.txt 2016-11-20 15:14:18 UTC (rev 46351) @@ -97,6 +97,8 @@ -- potrace -- +sniffit +-- tiff -- tomcat6 (Markus Koschany) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http

[Secure-testing-commits] r46350 - data/CVE

2016-11-20 Thread Markus Koschany
Author: apo Date: 2016-11-20 15:13:49 + (Sun, 20 Nov 2016) New Revision: 46350 Modified: data/CVE/list Log: CVE-2014-5439: Add bug reference for sniffit Modified: data/CVE/list === --- data/CVE/list 2016-11-20 14:33:40

[Secure-testing-commits] r46349 - data/CVE

2016-11-20 Thread Markus Koschany
Author: apo Date: 2016-11-20 14:33:40 + (Sun, 20 Nov 2016) New Revision: 46349 Modified: data/CVE/list Log: Triage CVEs for w3m. Mark them as no-dsa for Wheezy because they are rather normal bugs and of minor security concern. Modified: data/CVE/list

[Secure-testing-commits] r45799 - data

2016-10-31 Thread Markus Koschany
-needed.txt 2016-10-31 13:50:19 UTC (rev 45798) +++ data/dla-needed.txt 2016-10-31 14:31:24 UTC (rev 45799) @@ -87,8 +87,10 @@ tiff3 (Raphaël Hertzog) NOTE: 20160912: Open reproducible issues. No patches available. -- -tomcat7 +tomcat6 (Markus Koschany) -- +tomcat7 (Markus Koschany +-- xen (Credativ

[Secure-testing-commits] r45237 - data/CVE

2016-10-11 Thread Markus Koschany
Author: apo Date: 2016-10-11 22:05:08 + (Tue, 11 Oct 2016) New Revision: 45237 Modified: data/CVE/list Log: Mark CVE-2016-7568, wheezy as not-affected Modified: data/CVE/list === --- data/CVE/list 2016-10-11 21:33:10

[Secure-testing-commits] r45238 - data

2016-10-11 Thread Markus Koschany
:08 UTC (rev 45237) +++ data/dla-needed.txt 2016-10-11 22:36:31 UTC (rev 45238) @@ -49,6 +49,8 @@ -- libxrandr Hugo Lefeuvre) -- +libxrender (Markus Koschany) +-- libxvmc (Thorsten Alteholz) -- linux (Ben Hutchings) ___ Secure-testing-commits

[Secure-testing-commits] r45234 - data/CVE

2016-10-11 Thread Markus Koschany
Author: apo Date: 2016-10-11 21:00:42 + (Tue, 11 Oct 2016) New Revision: 45234 Modified: data/CVE/list Log: CVE-2016-7970: Mark Wheezy as not-affected Modified: data/CVE/list === --- data/CVE/list 2016-10-11 19:31:57

[Secure-testing-commits] r45295 - data

2016-10-13 Thread Markus Koschany
Author: apo Date: 2016-10-13 22:25:19 + (Thu, 13 Oct 2016) New Revision: 45295 Modified: data/dla-needed.txt Log: Add guile-2.0 to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-10-13 21:49:34

[Secure-testing-commits] r45293 - data

2016-10-13 Thread Markus Koschany
UTC (rev 45292) +++ data/dla-needed.txt 2016-10-13 21:38:21 UTC (rev 45293) @@ -47,6 +47,8 @@ https://marc.info/?l=oss-security=146685931517961=2 claims that 0.47 & 1.0 are affected and wheezy has 0.48. -- +libxfixes +-- libxrandr Hugo Lefeuvre) -- libxrender (Markus Kosc

[Secure-testing-commits] r45296 - data/CVE

2016-10-13 Thread Markus Koschany
Author: apo Date: 2016-10-13 22:35:21 + (Thu, 13 Oct 2016) New Revision: 45296 Modified: data/CVE/list Log: Mark CVE-2015-5162, glance as end-of-life (not supported) in Wheezy Modified: data/CVE/list === --- data/CVE/list

[Secure-testing-commits] r45297 - data/CVE

2016-10-13 Thread Markus Koschany
Author: apo Date: 2016-10-13 22:52:40 + (Thu, 13 Oct 2016) New Revision: 45297 Modified: data/CVE/list Log: Mark CVE-2016-7142 as end-of-life (not-supported) in Wheezy Modified: data/CVE/list === --- data/CVE/list

[Secure-testing-commits] r45298 - data

2016-10-13 Thread Markus Koschany
UTC (rev 45297) +++ data/dla-needed.txt 2016-10-13 23:18:35 UTC (rev 45298) @@ -34,6 +34,8 @@ kde-runtime NOTE: We may not need to update, but I'm leaning toward fixing CVE-2016-7787, see #839865 -- +kdepimlibs +-- libarchive (Emilio Pozuelo) -- libass (Markus Koschany

[Secure-testing-commits] r45386 - data

2016-10-16 Thread Markus Koschany
UTC (rev 45385) +++ data/dla-needed.txt 2016-10-16 18:43:23 UTC (rev 45386) @@ -40,6 +40,8 @@ -- libass (Markus Koschany) -- +libarchive +-- libav (Hugo Lefeuvre) NOTE: Upstream will provide new point-releases fixing open security issues in the next months. NOTE: (See debian-lts ML

[Secure-testing-commits] r45384 - data

2016-10-16 Thread Markus Koschany
:14 UTC (rev 45383) +++ data/dla-needed.txt 2016-10-16 18:39:42 UTC (rev 45384) @@ -21,7 +21,7 @@ -- graphicsmagick -- -guile-2.0 +guile-2.0 (Markus Koschany) -- icu (Roberto C. Sánchez) NOTE: I have been unable to reproduce the CVE-2016-7415 crash as described in the PHP bug report

[Secure-testing-commits] r45383 - data

2016-10-16 Thread Markus Koschany
Author: apo Date: 2016-10-16 18:39:14 + (Sun, 16 Oct 2016) New Revision: 45383 Modified: data/dla-needed.txt Log: Add graphicsmagick to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-10-16

[Secure-testing-commits] r45385 - data

2016-10-16 Thread Markus Koschany
Author: apo Date: 2016-10-16 18:42:19 + (Sun, 16 Oct 2016) New Revision: 45385 Modified: data/dla-needed.txt Log: Add jasper to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-10-16 18:39:42 UTC

[Secure-testing-commits] r45387 - data

2016-10-16 Thread Markus Koschany
Author: apo Date: 2016-10-16 18:59:27 + (Sun, 16 Oct 2016) New Revision: 45387 Modified: data/dla-needed.txt Log: Add libgd2 to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-10-16 18:43:23

[Secure-testing-commits] r45388 - data/CVE

2016-10-16 Thread Markus Koschany
Author: apo Date: 2016-10-16 19:12:03 + (Sun, 16 Oct 2016) New Revision: 45388 Modified: data/CVE/list Log: Add Wheezy note to CVE-2016-8674, mupdf Modified: data/CVE/list === --- data/CVE/list 2016-10-16 18:59:27 UTC

[Secure-testing-commits] r45317 - data

2016-10-14 Thread Markus Koschany
Author: apo Date: 2016-10-14 17:45:24 + (Fri, 14 Oct 2016) New Revision: 45317 Modified: data/dla-needed.txt Log: Add libxv to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-10-14 17:42:35 UTC

[Secure-testing-commits] r45318 - data

2016-10-14 Thread Markus Koschany
Author: apo Date: 2016-10-14 17:51:49 + (Fri, 14 Oct 2016) New Revision: 45318 Modified: data/dla-needed.txt Log: Add spip to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-10-14 17:45:24 UTC

[Secure-testing-commits] r46915 - data

2016-12-08 Thread Markus Koschany
:26 UTC (rev 46914) +++ data/dla-needed.txt 2016-12-08 20:16:21 UTC (rev 46915) @@ -100,8 +100,10 @@ -- tiff -- -tomcat7 +tomcat6 (Markus Koschany) -- +tomcat7 (Markus Koschany) +-- unzip -- xen ___ Secure-testing-commits mailing list Secure-testing

[Secure-testing-commits] r47130 - data

2016-12-16 Thread Markus Koschany
13:01:28 UTC (rev 47129) +++ data/dla-needed.txt 2016-12-16 13:27:58 UTC (rev 47130) @@ -68,6 +68,8 @@ NOTE: From Adrian Bunk: ming is orphaned and noone intends to adopt it NOTE: (see #838773), so please go ahead. -- +most (Markus Koschany) +-- mysql-connector-python NOTE: see http

[Secure-testing-commits] r47131 - data/CVE

2016-12-16 Thread Markus Koschany
Author: apo Date: 2016-12-16 13:49:38 + (Fri, 16 Dec 2016) New Revision: 47131 Modified: data/CVE/list Log: CVE-2015-8786,rabbitmq-server: Mark Wheezy as not affected because the lengths_age or lengths_incr parameters are not present thus the denial of service attack won't work.

[Secure-testing-commits] r47028 - data/DLA

2016-12-13 Thread Markus Koschany
Author: apo Date: 2016-12-13 17:01:40 + (Tue, 13 Dec 2016) New Revision: 47028 Modified: data/DLA/list Log: Reserve DLA-742-1 for chrony Modified: data/DLA/list === --- data/DLA/list 2016-12-13 16:44:36 UTC (rev 47027)

[Secure-testing-commits] r47074 - data/CVE

2016-12-14 Thread Markus Koschany
Author: apo Date: 2016-12-14 22:48:58 + (Wed, 14 Dec 2016) New Revision: 47074 Modified: data/CVE/list Log: CVE-2016-9583, jasper: Add link to patch Modified: data/CVE/list === --- data/CVE/list 2016-12-14 21:10:13 UTC

[Secure-testing-commits] r47077 - data/CVE

2016-12-14 Thread Markus Koschany
Author: apo Date: 2016-12-14 23:33:52 + (Wed, 14 Dec 2016) New Revision: 47077 Modified: data/CVE/list Log: CVE-2016-9583, jasper: Clarify that the vulnerability is not present in Wheezy and Jessie and suggest to implement the check when more important issues are found. Leave as for

[Secure-testing-commits] r47078 - data/CVE

2016-12-14 Thread Markus Koschany
Author: apo Date: 2016-12-14 23:43:12 + (Wed, 14 Dec 2016) New Revision: 47078 Modified: data/CVE/list Log: Mark openjdk-6 CVEs in Wheezy as - Diese und die folgenden Zeilen werden ignoriert -- Mdata/CVE/list Modified: data/CVE/list

[Secure-testing-commits] r47079 - data

2016-12-14 Thread Markus Koschany
Author: apo Date: 2016-12-14 23:49:56 + (Wed, 14 Dec 2016) New Revision: 47079 Modified: data/dla-needed.txt Log: Add game-music-emu to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-12-14

[Secure-testing-commits] r47080 - data/CVE

2016-12-14 Thread Markus Koschany
Author: apo Date: 2016-12-15 00:53:45 + (Thu, 15 Dec 2016) New Revision: 47080 Modified: data/CVE/list Log: Mark all open bluez CVE as for Wheezy because the real-life impact for users is minimal. This is a minor issue. Modified: data/CVE/list

[Secure-testing-commits] r47101 - data/CVE

2016-12-15 Thread Markus Koschany
Author: apo Date: 2016-12-15 12:52:27 + (Thu, 15 Dec 2016) New Revision: 47101 Modified: data/CVE/list Log: simplesamlphp, incorrect signature verification, mark as no-dsa for Wheezy with the same reasoning as CVE-2016-9814 because the circumstances to use this flaw are hard to achieve

[Secure-testing-commits] r47102 - data

2016-12-15 Thread Markus Koschany
Author: apo Date: 2016-12-15 13:05:46 + (Thu, 15 Dec 2016) New Revision: 47102 Modified: data/dla-needed.txt Log: Add imagemagick to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-12-15

[Secure-testing-commits] r47103 - data/CVE

2016-12-15 Thread Markus Koschany
Author: apo Date: 2016-12-15 14:38:50 + (Thu, 15 Dec 2016) New Revision: 47103 Modified: data/CVE/list Log: CVE-2016-9566,nagios3: Add link to security advisory Modified: data/CVE/list === --- data/CVE/list 2016-12-15

[Secure-testing-commits] r47104 - data

2016-12-15 Thread Markus Koschany
Author: apo Date: 2016-12-15 14:39:23 + (Thu, 15 Dec 2016) New Revision: 47104 Modified: data/dla-needed.txt Log: Add nagios3 to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-12-15 14:38:50

[Secure-testing-commits] r47139 - data

2016-12-16 Thread Markus Koschany
UTC (rev 47138) +++ data/dla-needed.txt 2016-12-16 18:46:15 UTC (rev 47139) @@ -39,7 +39,7 @@ -- libical -- -libupnp +libupnp (Markus Koschany) -- libupnp4 -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org

[Secure-testing-commits] r47138 - in data: . DLA

2016-12-16 Thread Markus Koschany
repo accessible to all DD (branch master-wheezy): NOTE: https://anonscm.debian.org/cgit/collab-maint/tiff.git/log/?id=refs/heads/master-wheezy -- -tomcat6 (Markus Koschany) --- tomcat7 (Markus Koschany) -- xen ___ Secure-testing-commits mailing

[Secure-testing-commits] r47143 - data

2016-12-16 Thread Markus Koschany
UTC (rev 47142) +++ data/dla-needed.txt 2016-12-16 20:24:45 UTC (rev 47143) @@ -39,7 +39,7 @@ -- libical -- -libupnp4 +libupnp4 (Markus Koschany) -- libxml-twig-perl NOTE: no upstream fix yet for expand_external_ents but new no_xxe flag in 3.50

[Secure-testing-commits] r47148 - in data: . DLA

2016-12-16 Thread Markus Koschany
@@ -- libical -- -libupnp4 (Markus Koschany) --- libxml-twig-perl NOTE: no upstream fix yet for expand_external_ents but new no_xxe flag in 3.50 NOTE: could be backported (2016-12-13) ___ Secure-testing-commits mailing list Secure-testing-commits

[Secure-testing-commits] r47185 - data

2016-12-17 Thread Markus Koschany
=== --- data/dla-needed.txt 2016-12-17 20:03:16 UTC (rev 47184) +++ data/dla-needed.txt 2016-12-17 20:04:15 UTC (rev 47185) @@ -23,8 +23,6 @@ -- hdf5 (Thorsten Alteholz) -- -html5lib (Markus Koschany) --- imagemagick (Antoine Beaupre) -- libav (Hugo Lefeuvre

[Secure-testing-commits] r47188 - data/DLA

2016-12-17 Thread Markus Koschany
Author: apo Date: 2016-12-17 21:35:59 + (Sat, 17 Dec 2016) New Revision: 47188 Modified: data/DLA/list Log: Reserve DLA-746-2 for tomcat6 Modified: data/DLA/list === --- data/DLA/list 2016-12-17 21:10:12 UTC (rev 47187)

[Secure-testing-commits] r47184 - data/CVE

2016-12-17 Thread Markus Koschany
Author: apo Date: 2016-12-17 20:03:16 + (Sat, 17 Dec 2016) New Revision: 47184 Modified: data/CVE/list Log: CVE-2016-9910,CVE-2016-9909,html5lib: Mark both issues as no-dsa for Wheezy Apparently this affects only older browsers and is mitigated in newer ones. Since the fix requires an API

[Secure-testing-commits] r47186 - data

2016-12-17 Thread Markus Koschany
Author: apo Date: 2016-12-17 20:20:20 + (Sat, 17 Dec 2016) New Revision: 47186 Modified: data/dla-needed.txt Log: Add python-bottle to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-12-17

[Secure-testing-commits] r47884 - in data: . DLA

2017-01-10 Thread Markus Koschany
@@ NOTE: Please work in the git repo accessible to all DD (branch master-wheezy): NOTE: https://anonscm.debian.org/cgit/collab-maint/tiff.git/log/?id=refs/heads/master-wheezy -- -tomcat7 (Markus Koschany) --- w3m -- xen ___ Secure-testing

[Secure-testing-commits] r47960 - in data: . DLA

2017-01-12 Thread Markus Koschany
@@ NOTE: This change is invasive and need extra testing. We should NOTE: wait until it has been fixed in one of stable and sid. -- -asterisk (Markus Koschany) --- botan1.10 (Hugo Lefeuvre) NOTE: Jessie has almost identical code. Looks hard to exploit but worth fixing

[Secure-testing-commits] r46685 - in data: . DLA

2016-12-01 Thread Markus Koschany
=== --- data/dla-needed.txt 2016-12-01 19:57:04 UTC (rev 46684) +++ data/dla-needed.txt 2016-12-01 19:57:31 UTC (rev 46685) @@ -94,10 +94,6 @@ -- tiff -- -tomcat7 (Markus Koschany) - NOTE: https://anonscm.debian.org/cgit/pkg-java/tomcat7.git/log/?h=wheezy - NOTE: 20161126: Needs more

[Secure-testing-commits] r46684 - in data: . DLA

2016-12-01 Thread Markus Koschany
-needed.txt 2016-12-01 19:25:32 UTC (rev 46683) +++ data/dla-needed.txt 2016-12-01 19:57:04 UTC (rev 46684) @@ -94,10 +94,6 @@ -- tiff -- -tomcat6 (Markus Koschany) - NOTE: https://anonscm.debian.org/cgit/pkg-java/tomcat6.git/log/?h=wheezy - NOTE: 20161126: Needs more testing and will be released

[Secure-testing-commits] r46722 - org

2016-12-02 Thread Markus Koschany
-frontdesk.2017.txt 2016-12-02 19:12:34 UTC (rev 46721) +++ org/lts-frontdesk.2017.txt 2016-12-02 20:10:13 UTC (rev 46722) @@ -13,22 +13,22 @@ From 02-01 to 08-01: From 09-01 to 15-01:Thorsten Alteholz <alteh...@debian.org> -From 16-01 to 22-01: +From 16-01 to 22-01:Markus Koschany <a...@d

[Secure-testing-commits] r47754 - data

2017-01-05 Thread Markus Koschany
UTC (rev 47753) +++ data/dla-needed.txt 2017-01-05 16:34:09 UTC (rev 47754) @@ -117,6 +117,8 @@ NOTE: Please work in the git repo accessible to all DD (branch master-wheezy): NOTE: https://anonscm.debian.org/cgit/collab-maint/tiff.git/log/?id=refs/heads/master-wheezy -- +tomcat7 (Markus

[Secure-testing-commits] r47205 - data

2016-12-18 Thread Markus Koschany
Author: apo Date: 2016-12-18 21:47:30 + (Sun, 18 Dec 2016) New Revision: 47205 Modified: data/dla-needed.txt Log: Add dcmtk to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-12-18 21:10:12 UTC

[Secure-testing-commits] r47206 - data/CVE

2016-12-18 Thread Markus Koschany
Author: apo Date: 2016-12-18 22:18:56 + (Sun, 18 Dec 2016) New Revision: 47206 Modified: data/CVE/list Log: TOCTOU race condition was fixed in 7.0.28-4+deb7u7 in Wheezy Modified: data/CVE/list === --- data/CVE/list

[Secure-testing-commits] r47203 - data

2016-12-18 Thread Markus Koschany
UTC (rev 47202) +++ data/dla-needed.txt 2016-12-18 20:11:04 UTC (rev 47203) @@ -10,7 +10,7 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues -- -asterisk +asterisk (Markus Koschany) -- botan1.10 NOTE: Jessie has almost identical code. Looks hard to exploit but worth

[Secure-testing-commits] r47202 - in data: . DLA

2016-12-18 Thread Markus Koschany
+97,6 @@ NOTE: Please work in the git repo accessible to all DD (branch master-wheezy): NOTE: https://anonscm.debian.org/cgit/collab-maint/tiff.git/log/?id=refs/heads/master-wheezy -- -tomcat7 (Markus Koschany) --- xen NOTE: May need further triaging

[Secure-testing-commits] r47212 - data

2016-12-19 Thread Markus Koschany
Author: apo Date: 2016-12-19 08:03:08 + (Mon, 19 Dec 2016) New Revision: 47212 Modified: data/dla-needed.txt Log: dcmtk: Gert Wollny is interested in fixing dcmtk for Wheezy Modified: data/dla-needed.txt === ---

[Secure-testing-commits] r47411 - data

2016-12-24 Thread Markus Koschany
:29:12 UTC (rev 47410) +++ data/dla-needed.txt 2016-12-24 15:54:43 UTC (rev 47411) @@ -100,7 +100,7 @@ -- potrace -- -python-bottle +python-bottle (Markus Koschany) -- qemu (Hugo Lefeuvre) -- ___ Secure-testing-commits mailing list Secure-testing

[Secure-testing-commits] r47412 - in data: . DLA

2016-12-24 Thread Markus Koschany
@@ -- potrace -- -python-bottle (Markus Koschany) --- qemu (Hugo Lefeuvre) -- qemu-kvm (Hugo Lefeuvre) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo

[Secure-testing-commits] r47407 - data/CVE

2016-12-24 Thread Markus Koschany
Author: apo Date: 2016-12-24 14:56:01 + (Sat, 24 Dec 2016) New Revision: 47407 Modified: data/CVE/list Log: CVE-2016-9938,asterisk: Mark as no-dsa for Wheezy Same reasoning as for Jessie. The issue is only applicable in special environments and when a proxy is in use. This is not the

[Secure-testing-commits] r47406 - data/CVE

2016-12-24 Thread Markus Koschany
Author: apo Date: 2016-12-24 14:53:37 + (Sat, 24 Dec 2016) New Revision: 47406 Modified: data/CVE/list Log: CVE-2014-4047,asterisk: Fixed in Wheezy in version 1:1.8.13.1~dfsg1-3+deb7u4 Apparently the fix for CVE-2014-4047 is identical to CVE-2014-2286.

[Secure-testing-commits] r47430 - data

2016-12-25 Thread Markus Koschany
UTC (rev 47429) +++ data/dla-needed.txt 2016-12-25 17:21:18 UTC (rev 47430) @@ -107,7 +107,7 @@ -- shutter (Christoph Biedl) -- -squid3 +squid3 (Markus Koschany) -- tiff NOTE: Please work in the git repo accessible to all DD (branch master-wheezy

[Secure-testing-commits] r47431 - in data: . DLA

2016-12-25 Thread Markus Koschany
) -- -squid3 (Markus Koschany) --- tiff NOTE: Please work in the git repo accessible to all DD (branch master-wheezy): NOTE: https://anonscm.debian.org/cgit/collab-maint/tiff.git/log/?id=refs/heads/master-wheezy ___ Secure-testing-commits mailing

[Secure-testing-commits] r47495 - data

2016-12-27 Thread Markus Koschany
++ +libcrypto++ (Markus Koschany) -- libdbd-mysql-perl (Chris Lamb) NOTE: Jessie has almost identical code, would be great to fix as well ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http

[Secure-testing-commits] r47504 - in data: . DLA

2016-12-27 Thread Markus Koschany
) @@ -43,8 +43,6 @@ NOTE: Upstream should provide new point-releases fixing open security issues in the next months. NOTE: Lots of CVEs are open, this is going to take some time. (See debian-lts ML) -- -libcrypto++ (Markus Koschany) --- libdbd-mysql-perl (Chris Lamb) NOTE: Jessie has

[Secure-testing-commits] r47213 - data

2016-12-19 Thread Markus Koschany
Author: apo Date: 2016-12-19 08:10:19 + (Mon, 19 Dec 2016) New Revision: 47213 Modified: data/dla-needed.txt Log: Add squid3 to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-12-19 08:03:08 UTC

[Secure-testing-commits] r47155 - data

2016-12-16 Thread Markus Koschany
UTC (rev 47154) +++ data/dla-needed.txt 2016-12-16 22:52:30 UTC (rev 47155) @@ -24,7 +24,7 @@ -- hdf5 (Thorsten Alteholz) -- -html5lib +html5lib (Markus Koschany) -- icedove (Guido Günther) -- ___ Secure-testing-commits mailing list Secure-testing

[Secure-testing-commits] r50007 - in data: . DLA

2017-03-24 Thread Markus Koschany
21:18:58 UTC (rev 50007) @@ -52,12 +52,6 @@ NOTE: No known solution as of 2017-01-16. NOTE: Pinged on 2017-02-06 https://github.com/libical/libical/issues/253#issuecomment-277580552 (lamby) -- -libplist (Markus Koschany) - NOTE: Fixed CVE-2017-6435, CVE-2017-6436. CVE-2017-6439 is probably

[Secure-testing-commits] r50011 - data/CVE

2017-03-24 Thread Markus Koschany
Author: apo Date: 2017-03-24 21:40:11 + (Fri, 24 Mar 2017) New Revision: 50011 Modified: data/CVE/list Log: Revert 50009 because update for libplist was just uploaded An update for libplist was already prepared for Wheezy. I also think that we should not mark the other CVEs as no-dsa

[Secure-testing-commits] r50015 - data

2017-03-24 Thread Markus Koschany
Author: apo Date: 2017-03-24 22:19:40 + (Fri, 24 Mar 2017) New Revision: 50015 Modified: data/dla-needed.txt Log: Add libplist to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-03-24 22:02:17

[Secure-testing-commits] r50017 - data

2017-03-24 Thread Markus Koschany
(rev 50016) +++ data/dla-needed.txt 2017-03-24 22:57:18 UTC (rev 50017) @@ -138,7 +138,7 @@ -- xen -- -xrdp +xrdp (Markus Koschany) -- zoneminder NOTE: Sql injection and session fixation vulerability fixes: ___ Secure-testing-commits mailing

[Secure-testing-commits] r50083 - in data: . DLA

2017-03-27 Thread Markus Koschany
] - python3.2 3.2.3-7+deb7u1 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-03-27 06:54:29 UTC (rev 50082) +++ data/dla-needed.txt 2017-03-27 07:34:50 UTC (rev 50083) @@ -149,8 +149,6 @@ -- xen -- -xrdp (Markus

[Secure-testing-commits] r50049 - data

2017-03-25 Thread Markus Koschany
Author: apo Date: 2017-03-25 10:55:19 + (Sat, 25 Mar 2017) New Revision: 50049 Modified: data/dla-needed.txt Log: Add ca-certificates to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-03-25

[Secure-testing-commits] r50168 - data

2017-03-29 Thread Markus Koschany
UTC (rev 50167) +++ data/dla-needed.txt 2017-03-29 09:38:02 UTC (rev 50168) @@ -68,7 +68,7 @@ -- linux -- -logback +logback (Markus Koschany) -- mcollective NOTE: See https://lists.debian.org/debian-lts/2017/03/msg8.html ___ Secure-testing

[Secure-testing-commits] r50167 - data/CVE

2017-03-29 Thread Markus Koschany
Author: apo Date: 2017-03-29 09:37:32 + (Wed, 29 Mar 2017) New Revision: 50167 Modified: data/CVE/list Log: CVE-2017-5929,logback: Probably unfixed, waiting for more information Modified: data/CVE/list === --- data/CVE/list

[Secure-testing-commits] r50107 - in data: . DLA

2017-03-27 Thread Markus Koschany
@@ -- partclone -- -php5 (Markus Koschany) - NOTE: only one issue at the time of writing (CVE-2016-7478) - NOTE: backported patch available, but maybe wait for more issues? - NOTE: -- 2017-02-20 Antoine Beaupre --- potrace (Hugo Lefeuvre) NOTE: Try to reproduce CVE-2016-8685/cherry pick the patch

[Secure-testing-commits] r49782 - data

2017-03-18 Thread Markus Koschany
-18 21:22:47 UTC (rev 49781) +++ data/dla-needed.txt 2017-03-18 21:25:53 UTC (rev 49782) @@ -56,6 +56,8 @@ NOTE: Pinged on 2017-02-06 https://github.com/libical/libical/issues/253#issuecomment-277580552 (lamby) -- libplist (Markus Koschany) + NOTE: Fixed CVE-2017-6435, CVE-2017-6436. CVE-2017

[Secure-testing-commits] r49781 - data

2017-03-18 Thread Markus Koschany
(rev 49780) +++ data/dla-needed.txt 2017-03-18 21:22:47 UTC (rev 49781) @@ -88,7 +88,7 @@ -- partclone -- -php5 +php5 (Markus Koschany) NOTE: only one issue at the time of writing (CVE-2016-7478) NOTE: backported patch available, but maybe wait for more issues? NOTE: -- 2017-02-20

[Secure-testing-commits] r49850 - data/CVE

2017-03-20 Thread Markus Koschany
Author: apo Date: 2017-03-20 14:43:59 + (Mon, 20 Mar 2017) New Revision: 49850 Modified: data/CVE/list Log: CVE-2015-8994,php5: Wheezy is not affected The OPcache feature was introduced in php5 >= 5.5. The vulnerable code is not present in Wheezy. Modified: data/CVE/list

[Secure-testing-commits] r49740 - data

2017-03-17 Thread Markus Koschany
Author: apo Date: 2017-03-17 12:37:55 + (Fri, 17 Mar 2017) New Revision: 49740 Modified: data/dla-needed.txt Log: Remove mupdf from dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-03-17 12:37:02

[Secure-testing-commits] r49739 - data/CVE

2017-03-17 Thread Markus Koschany
Author: apo Date: 2017-03-17 12:37:02 + (Fri, 17 Mar 2017) New Revision: 49739 Modified: data/CVE/list Log: CVE-2017-5991,mupdf: Mark as not-affected for Wheezy Issue is not reproducible with test case. Vulnerable code not present Modified: data/CVE/list

[Secure-testing-commits] r49741 - data

2017-03-17 Thread Markus Koschany
UTC (rev 49740) +++ data/dla-needed.txt 2017-03-17 13:05:09 UTC (rev 49741) @@ -53,6 +53,8 @@ NOTE: No known solution as of 2017-01-16. NOTE: Pinged on 2017-02-06 https://github.com/libical/libical/issues/253#issuecomment-277580552 (lamby) -- +libplist (Markus Koschany) +-- libpodofo

[Secure-testing-commits] r49736 - in data: . DLA

2017-03-17 Thread Markus Koschany
49736) @@ -121,8 +121,6 @@ -- web2py (Brian May) -- -wordpress (Markus Koschany) --- xbmc NOTE: under reserve, could not reproduce with 2:12.3+dfsg1-3ubuntu1, which is newer than the Wheezy version NOTE: no mail to maintainer yet ___ Secure

[Secure-testing-commits] r50350 - data

2017-04-04 Thread Markus Koschany
:19:49 UTC (rev 50349) +++ data/dla-needed.txt 2017-04-04 18:52:27 UTC (rev 50350) @@ -13,7 +13,7 @@ apng2gif NOTE: 24031017: No upstream patch available yet. Have pinged bug#. -- -bouncycastle +bouncycastle (Markus Koschany) -- ca-certificates NOTE: maintainer will handle the upload, see

[Secure-testing-commits] r50546 - in data: . DLA

2017-04-10 Thread Markus Koschany
NOTE: 24031017: No upstream patch available yet. Have pinged bug#. -- -bouncycastle (Markus Koschany) --- ca-certificates NOTE: maintainer will handle the upload, see https://lists.debian.org/1acb8e97-8c9f-8b54-348c-0c12f53a8...@pbandjelly.org

[Secure-testing-commits] r50547 - data/CVE

2017-04-10 Thread Markus Koschany
Author: apo Date: 2017-04-10 19:36:12 + (Mon, 10 Apr 2017) New Revision: 50547 Modified: data/CVE/list Log: CVE-2017-7614,binutils: Minor issue no-dsa for Wheezy Modified: data/CVE/list === --- data/CVE/list 2017-04-10

<    1   2   3   4   5   6   7   8   >