-11-26 12:05:05 UTC (rev 46580)
+++ data/dla-needed.txt 2016-11-26 15:55:21 UTC (rev 46581)
@@ -92,11 +92,11 @@
--
tomcat6 (Markus Koschany)
NOTE: https://anonscm.debian.org/cgit/pkg-java/tomcat6.git/log/?h=wheezy
- NOTE: 20161123: I'm currently working on three new CVEs which were disclosed
2016-11-23 13:05:05 UTC (rev 46482)
+++ data/dla-needed.txt 2016-11-23 14:26:10 UTC (rev 46483)
@@ -108,11 +108,11 @@
--
tomcat6 (Markus Koschany)
NOTE: https://anonscm.debian.org/cgit/pkg-java/tomcat6.git/log/?h=wheezy
- NOTE: We try to coordinate the release with the security team
+ NOTE
Author: apo
Date: 2016-11-22 13:32:14 + (Tue, 22 Nov 2016)
New Revision: 46448
Modified:
data/CVE/list
Log:
CVE-2016-7148,moin: Mark as not-affected in Wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2016-11-22
@@
NOTE: https://github.com/libming/libming/issues/52
NOTE: https://github.com/libming/libming/issues/53
--
-moin (Markus Koschany)
---
monit
--
mysql-connector-python
___
Secure-testing-commits mailing list
Secure-testing-commits
Author: apo
Date: 2016-11-18 21:08:54 + (Fri, 18 Nov 2016)
New Revision: 46332
Modified:
data/dla-needed.txt
Log:
Add moin to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-11-18 20:48:58 UTC
Author: apo
Date: 2016-11-18 22:10:41 + (Fri, 18 Nov 2016)
New Revision: 46334
Modified:
data/CVE/list
Log:
CVE-2016-9427,libgc: Add bug reference and links to patches.
Modified: data/CVE/list
===
--- data/CVE/list
-18 19:54:33 UTC (rev 46330)
+++ data/dla-needed.txt 2016-11-18 20:48:58 UTC (rev 46331)
@@ -14,6 +14,8 @@
dokuwiki
NOTE: upstream marked CVE-2016-7965 as WONTFIX
--
+drupal7 (Markus Koschany)
+--
dwarfutils
NOTE: New round of CVEs not seemingly covered by DLA 669-1
Author: apo
Date: 2016-11-18 17:29:03 + (Fri, 18 Nov 2016)
New Revision: 46327
Modified:
data/CVE/list
Log:
Mark CVE-2016-9401, bash as no-dsa for Wheezy
Upstream considers this only to be a normal bug
Modified: data/CVE/list
Author: apo
Date: 2016-11-18 16:56:51 + (Fri, 18 Nov 2016)
New Revision: 46325
Modified:
data/CVE/list
Log:
Mark teeworlds CVE-2016-9400 as end-of-life
Games are not supported in Wheezy
Modified: data/CVE/list
===
---
Author: apo
Date: 2016-11-18 17:21:52 + (Fri, 18 Nov 2016)
New Revision: 46326
Modified:
data/CVE/list
Log:
Mark CVE-2016-1249, libdbd-mysql-perl as no-dsa for Wheezy
because "this problem is only exposed when the user uses server-side prepared
statement support, which is NOT default
(rev 46328)
+++ data/dla-needed.txt 2016-11-18 19:50:08 UTC (rev 46329)
@@ -95,6 +95,8 @@
--
sendmail
--
+tiff
+--
tomcat6 (Markus Koschany)
NOTE: https://anonscm.debian.org/cgit/pkg-java/tomcat6.git/log/?h=wheezy
NOTE: We try to coordinate the release with the security team
Author: apo
Date: 2016-11-18 19:54:33 + (Fri, 18 Nov 2016)
New Revision: 46330
Modified:
data/dla-needed.txt
Log:
Add firefox-esr to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-11-18
Author: apo
Date: 2016-11-18 19:36:10 + (Fri, 18 Nov 2016)
New Revision: 46328
Modified:
data/dla-needed.txt
Log:
Add libxml2 to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-11-18 17:29:03
Author: apo
Date: 2016-11-20 15:55:10 + (Sun, 20 Nov 2016)
New Revision: 46353
Modified:
data/CVE/list
Log:
CVE-2016-8635, nss: Fixed in all distributions. Add link to upstream patch.
Modified: data/CVE/list
===
---
Author: apo
Date: 2016-11-20 15:58:03 + (Sun, 20 Nov 2016)
New Revision: 46354
Modified:
data/CVE/list
Log:
Wrong CVE, correct last commit and use CVE-2016-5285
Modified: data/CVE/list
===
--- data/CVE/list 2016-11-20
Author: apo
Date: 2016-11-20 17:17:31 + (Sun, 20 Nov 2016)
New Revision: 46355
Modified:
data/dla-needed.txt
Log:
Add libgc to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-11-20 15:58:03 UTC
Author: apo
Date: 2016-11-20 17:21:11 + (Sun, 20 Nov 2016)
New Revision: 46356
Modified:
data/CVE/list
Log:
CVE-2016-9427,libgc: Fixed in version 1:7.4.4-1
Modified: data/CVE/list
===
--- data/CVE/list 2016-11-20
(rev 46377)
+++ data/dla-needed.txt 2016-11-21 12:54:35 UTC (rev 46378)
@@ -76,7 +76,7 @@
NOTE: https://github.com/libming/libming/issues/52
NOTE: https://github.com/libming/libming/issues/53
--
-moin
+moin (Markus Koschany)
--
monit
-11-21 12:53:59 UTC (rev 46377)
@@ -14,8 +14,6 @@
dokuwiki
NOTE: upstream marked CVE-2016-7965 as WONTFIX
--
-drupal7 (Markus Koschany)
---
dwarfutils
NOTE: New round of CVEs not seemingly covered by DLA 669-1.
--
___
Secure-testing-commits
UTC (rev 46350)
+++ data/dla-needed.txt 2016-11-20 15:14:18 UTC (rev 46351)
@@ -97,6 +97,8 @@
--
potrace
--
+sniffit
+--
tiff
--
tomcat6 (Markus Koschany)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http
Author: apo
Date: 2016-11-20 15:13:49 + (Sun, 20 Nov 2016)
New Revision: 46350
Modified:
data/CVE/list
Log:
CVE-2014-5439: Add bug reference for sniffit
Modified: data/CVE/list
===
--- data/CVE/list 2016-11-20 14:33:40
Author: apo
Date: 2016-11-20 14:33:40 + (Sun, 20 Nov 2016)
New Revision: 46349
Modified:
data/CVE/list
Log:
Triage CVEs for w3m. Mark them as no-dsa for Wheezy because
they are rather normal bugs and of minor security concern.
Modified: data/CVE/list
-needed.txt 2016-10-31 13:50:19 UTC (rev 45798)
+++ data/dla-needed.txt 2016-10-31 14:31:24 UTC (rev 45799)
@@ -87,8 +87,10 @@
tiff3 (Raphaël Hertzog)
NOTE: 20160912: Open reproducible issues. No patches available.
--
-tomcat7
+tomcat6 (Markus Koschany)
--
+tomcat7 (Markus Koschany
+--
xen (Credativ
Author: apo
Date: 2016-10-11 22:05:08 + (Tue, 11 Oct 2016)
New Revision: 45237
Modified:
data/CVE/list
Log:
Mark CVE-2016-7568, wheezy as not-affected
Modified: data/CVE/list
===
--- data/CVE/list 2016-10-11 21:33:10
:08 UTC (rev 45237)
+++ data/dla-needed.txt 2016-10-11 22:36:31 UTC (rev 45238)
@@ -49,6 +49,8 @@
--
libxrandr Hugo Lefeuvre)
--
+libxrender (Markus Koschany)
+--
libxvmc (Thorsten Alteholz)
--
linux (Ben Hutchings)
___
Secure-testing-commits
Author: apo
Date: 2016-10-11 21:00:42 + (Tue, 11 Oct 2016)
New Revision: 45234
Modified:
data/CVE/list
Log:
CVE-2016-7970: Mark Wheezy as not-affected
Modified: data/CVE/list
===
--- data/CVE/list 2016-10-11 19:31:57
Author: apo
Date: 2016-10-13 22:25:19 + (Thu, 13 Oct 2016)
New Revision: 45295
Modified:
data/dla-needed.txt
Log:
Add guile-2.0 to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-10-13 21:49:34
UTC (rev 45292)
+++ data/dla-needed.txt 2016-10-13 21:38:21 UTC (rev 45293)
@@ -47,6 +47,8 @@
https://marc.info/?l=oss-security=146685931517961=2 claims
that 0.47 & 1.0 are affected and wheezy has 0.48.
--
+libxfixes
+--
libxrandr Hugo Lefeuvre)
--
libxrender (Markus Kosc
Author: apo
Date: 2016-10-13 22:35:21 + (Thu, 13 Oct 2016)
New Revision: 45296
Modified:
data/CVE/list
Log:
Mark CVE-2015-5162, glance as end-of-life (not supported) in Wheezy
Modified: data/CVE/list
===
--- data/CVE/list
Author: apo
Date: 2016-10-13 22:52:40 + (Thu, 13 Oct 2016)
New Revision: 45297
Modified:
data/CVE/list
Log:
Mark CVE-2016-7142 as end-of-life (not-supported) in Wheezy
Modified: data/CVE/list
===
--- data/CVE/list
UTC (rev 45297)
+++ data/dla-needed.txt 2016-10-13 23:18:35 UTC (rev 45298)
@@ -34,6 +34,8 @@
kde-runtime
NOTE: We may not need to update, but I'm leaning toward fixing
CVE-2016-7787, see #839865
--
+kdepimlibs
+--
libarchive (Emilio Pozuelo)
--
libass (Markus Koschany
UTC (rev 45385)
+++ data/dla-needed.txt 2016-10-16 18:43:23 UTC (rev 45386)
@@ -40,6 +40,8 @@
--
libass (Markus Koschany)
--
+libarchive
+--
libav (Hugo Lefeuvre)
NOTE: Upstream will provide new point-releases fixing open security issues
in the next months.
NOTE: (See debian-lts ML
:14 UTC (rev 45383)
+++ data/dla-needed.txt 2016-10-16 18:39:42 UTC (rev 45384)
@@ -21,7 +21,7 @@
--
graphicsmagick
--
-guile-2.0
+guile-2.0 (Markus Koschany)
--
icu (Roberto C. Sánchez)
NOTE: I have been unable to reproduce the CVE-2016-7415 crash as described
in the PHP bug report
Author: apo
Date: 2016-10-16 18:39:14 + (Sun, 16 Oct 2016)
New Revision: 45383
Modified:
data/dla-needed.txt
Log:
Add graphicsmagick to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-10-16
Author: apo
Date: 2016-10-16 18:42:19 + (Sun, 16 Oct 2016)
New Revision: 45385
Modified:
data/dla-needed.txt
Log:
Add jasper to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-10-16 18:39:42 UTC
Author: apo
Date: 2016-10-16 18:59:27 + (Sun, 16 Oct 2016)
New Revision: 45387
Modified:
data/dla-needed.txt
Log:
Add libgd2 to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-10-16 18:43:23
Author: apo
Date: 2016-10-16 19:12:03 + (Sun, 16 Oct 2016)
New Revision: 45388
Modified:
data/CVE/list
Log:
Add Wheezy note to CVE-2016-8674, mupdf
Modified: data/CVE/list
===
--- data/CVE/list 2016-10-16 18:59:27 UTC
Author: apo
Date: 2016-10-14 17:45:24 + (Fri, 14 Oct 2016)
New Revision: 45317
Modified:
data/dla-needed.txt
Log:
Add libxv to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-10-14 17:42:35 UTC
Author: apo
Date: 2016-10-14 17:51:49 + (Fri, 14 Oct 2016)
New Revision: 45318
Modified:
data/dla-needed.txt
Log:
Add spip to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-10-14 17:45:24 UTC
:26 UTC (rev 46914)
+++ data/dla-needed.txt 2016-12-08 20:16:21 UTC (rev 46915)
@@ -100,8 +100,10 @@
--
tiff
--
-tomcat7
+tomcat6 (Markus Koschany)
--
+tomcat7 (Markus Koschany)
+--
unzip
--
xen
___
Secure-testing-commits mailing list
Secure-testing
13:01:28 UTC (rev 47129)
+++ data/dla-needed.txt 2016-12-16 13:27:58 UTC (rev 47130)
@@ -68,6 +68,8 @@
NOTE: From Adrian Bunk: ming is orphaned and noone intends to adopt it
NOTE: (see #838773), so please go ahead.
--
+most (Markus Koschany)
+--
mysql-connector-python
NOTE: see http
Author: apo
Date: 2016-12-16 13:49:38 + (Fri, 16 Dec 2016)
New Revision: 47131
Modified:
data/CVE/list
Log:
CVE-2015-8786,rabbitmq-server: Mark Wheezy as not affected because
the lengths_age or lengths_incr parameters are not present thus the denial of
service attack won't work.
Author: apo
Date: 2016-12-13 17:01:40 + (Tue, 13 Dec 2016)
New Revision: 47028
Modified:
data/DLA/list
Log:
Reserve DLA-742-1 for chrony
Modified: data/DLA/list
===
--- data/DLA/list 2016-12-13 16:44:36 UTC (rev 47027)
Author: apo
Date: 2016-12-14 22:48:58 + (Wed, 14 Dec 2016)
New Revision: 47074
Modified:
data/CVE/list
Log:
CVE-2016-9583, jasper: Add link to patch
Modified: data/CVE/list
===
--- data/CVE/list 2016-12-14 21:10:13 UTC
Author: apo
Date: 2016-12-14 23:33:52 + (Wed, 14 Dec 2016)
New Revision: 47077
Modified:
data/CVE/list
Log:
CVE-2016-9583, jasper: Clarify that the vulnerability is not present in
Wheezy and Jessie and suggest to implement the check when more important issues
are found. Leave as for
Author: apo
Date: 2016-12-14 23:43:12 + (Wed, 14 Dec 2016)
New Revision: 47078
Modified:
data/CVE/list
Log:
Mark openjdk-6 CVEs in Wheezy as
- Diese und die folgenden Zeilen werden ignoriert --
Mdata/CVE/list
Modified: data/CVE/list
Author: apo
Date: 2016-12-14 23:49:56 + (Wed, 14 Dec 2016)
New Revision: 47079
Modified:
data/dla-needed.txt
Log:
Add game-music-emu to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-12-14
Author: apo
Date: 2016-12-15 00:53:45 + (Thu, 15 Dec 2016)
New Revision: 47080
Modified:
data/CVE/list
Log:
Mark all open bluez CVE as for Wheezy because
the real-life impact for users is minimal. This is a minor issue.
Modified: data/CVE/list
Author: apo
Date: 2016-12-15 12:52:27 + (Thu, 15 Dec 2016)
New Revision: 47101
Modified:
data/CVE/list
Log:
simplesamlphp, incorrect signature verification, mark as no-dsa for Wheezy
with the same reasoning as CVE-2016-9814 because the circumstances to use this
flaw are hard to achieve
Author: apo
Date: 2016-12-15 13:05:46 + (Thu, 15 Dec 2016)
New Revision: 47102
Modified:
data/dla-needed.txt
Log:
Add imagemagick to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-12-15
Author: apo
Date: 2016-12-15 14:38:50 + (Thu, 15 Dec 2016)
New Revision: 47103
Modified:
data/CVE/list
Log:
CVE-2016-9566,nagios3: Add link to security advisory
Modified: data/CVE/list
===
--- data/CVE/list 2016-12-15
Author: apo
Date: 2016-12-15 14:39:23 + (Thu, 15 Dec 2016)
New Revision: 47104
Modified:
data/dla-needed.txt
Log:
Add nagios3 to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-12-15 14:38:50
UTC (rev 47138)
+++ data/dla-needed.txt 2016-12-16 18:46:15 UTC (rev 47139)
@@ -39,7 +39,7 @@
--
libical
--
-libupnp
+libupnp (Markus Koschany)
--
libupnp4
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
repo accessible to all DD (branch master-wheezy):
NOTE:
https://anonscm.debian.org/cgit/collab-maint/tiff.git/log/?id=refs/heads/master-wheezy
--
-tomcat6 (Markus Koschany)
---
tomcat7 (Markus Koschany)
--
xen
___
Secure-testing-commits mailing
UTC (rev 47142)
+++ data/dla-needed.txt 2016-12-16 20:24:45 UTC (rev 47143)
@@ -39,7 +39,7 @@
--
libical
--
-libupnp4
+libupnp4 (Markus Koschany)
--
libxml-twig-perl
NOTE: no upstream fix yet for expand_external_ents but new no_xxe flag in
3.50
@@
--
libical
--
-libupnp4 (Markus Koschany)
---
libxml-twig-perl
NOTE: no upstream fix yet for expand_external_ents but new no_xxe flag in
3.50
NOTE: could be backported (2016-12-13)
___
Secure-testing-commits mailing list
Secure-testing-commits
===
--- data/dla-needed.txt 2016-12-17 20:03:16 UTC (rev 47184)
+++ data/dla-needed.txt 2016-12-17 20:04:15 UTC (rev 47185)
@@ -23,8 +23,6 @@
--
hdf5 (Thorsten Alteholz)
--
-html5lib (Markus Koschany)
---
imagemagick (Antoine Beaupre)
--
libav (Hugo Lefeuvre
Author: apo
Date: 2016-12-17 21:35:59 + (Sat, 17 Dec 2016)
New Revision: 47188
Modified:
data/DLA/list
Log:
Reserve DLA-746-2 for tomcat6
Modified: data/DLA/list
===
--- data/DLA/list 2016-12-17 21:10:12 UTC (rev 47187)
Author: apo
Date: 2016-12-17 20:03:16 + (Sat, 17 Dec 2016)
New Revision: 47184
Modified:
data/CVE/list
Log:
CVE-2016-9910,CVE-2016-9909,html5lib: Mark both issues as no-dsa for Wheezy
Apparently this affects only older browsers and is mitigated in newer ones.
Since the fix requires an API
Author: apo
Date: 2016-12-17 20:20:20 + (Sat, 17 Dec 2016)
New Revision: 47186
Modified:
data/dla-needed.txt
Log:
Add python-bottle to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-12-17
@@
NOTE: Please work in the git repo accessible to all DD (branch master-wheezy):
NOTE:
https://anonscm.debian.org/cgit/collab-maint/tiff.git/log/?id=refs/heads/master-wheezy
--
-tomcat7 (Markus Koschany)
---
w3m
--
xen
___
Secure-testing
@@
NOTE: This change is invasive and need extra testing. We should
NOTE: wait until it has been fixed in one of stable and sid.
--
-asterisk (Markus Koschany)
---
botan1.10 (Hugo Lefeuvre)
NOTE: Jessie has almost identical code. Looks hard to exploit but worth
fixing
===
--- data/dla-needed.txt 2016-12-01 19:57:04 UTC (rev 46684)
+++ data/dla-needed.txt 2016-12-01 19:57:31 UTC (rev 46685)
@@ -94,10 +94,6 @@
--
tiff
--
-tomcat7 (Markus Koschany)
- NOTE: https://anonscm.debian.org/cgit/pkg-java/tomcat7.git/log/?h=wheezy
- NOTE: 20161126: Needs more
-needed.txt 2016-12-01 19:25:32 UTC (rev 46683)
+++ data/dla-needed.txt 2016-12-01 19:57:04 UTC (rev 46684)
@@ -94,10 +94,6 @@
--
tiff
--
-tomcat6 (Markus Koschany)
- NOTE: https://anonscm.debian.org/cgit/pkg-java/tomcat6.git/log/?h=wheezy
- NOTE: 20161126: Needs more testing and will be released
-frontdesk.2017.txt 2016-12-02 19:12:34 UTC (rev 46721)
+++ org/lts-frontdesk.2017.txt 2016-12-02 20:10:13 UTC (rev 46722)
@@ -13,22 +13,22 @@
From 02-01 to 08-01:
From 09-01 to 15-01:Thorsten Alteholz <alteh...@debian.org>
-From 16-01 to 22-01:
+From 16-01 to 22-01:Markus Koschany <a...@d
UTC (rev 47753)
+++ data/dla-needed.txt 2017-01-05 16:34:09 UTC (rev 47754)
@@ -117,6 +117,8 @@
NOTE: Please work in the git repo accessible to all DD (branch master-wheezy):
NOTE:
https://anonscm.debian.org/cgit/collab-maint/tiff.git/log/?id=refs/heads/master-wheezy
--
+tomcat7 (Markus
Author: apo
Date: 2016-12-18 21:47:30 + (Sun, 18 Dec 2016)
New Revision: 47205
Modified:
data/dla-needed.txt
Log:
Add dcmtk to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-12-18 21:10:12 UTC
Author: apo
Date: 2016-12-18 22:18:56 + (Sun, 18 Dec 2016)
New Revision: 47206
Modified:
data/CVE/list
Log:
TOCTOU race condition was fixed in 7.0.28-4+deb7u7 in Wheezy
Modified: data/CVE/list
===
--- data/CVE/list
UTC (rev 47202)
+++ data/dla-needed.txt 2016-12-18 20:11:04 UTC (rev 47203)
@@ -10,7 +10,7 @@
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
-asterisk
+asterisk (Markus Koschany)
--
botan1.10
NOTE: Jessie has almost identical code. Looks hard to exploit but worth
+97,6 @@
NOTE: Please work in the git repo accessible to all DD (branch master-wheezy):
NOTE:
https://anonscm.debian.org/cgit/collab-maint/tiff.git/log/?id=refs/heads/master-wheezy
--
-tomcat7 (Markus Koschany)
---
xen
NOTE: May need further triaging
Author: apo
Date: 2016-12-19 08:03:08 + (Mon, 19 Dec 2016)
New Revision: 47212
Modified:
data/dla-needed.txt
Log:
dcmtk: Gert Wollny is interested in fixing dcmtk for Wheezy
Modified: data/dla-needed.txt
===
---
:29:12 UTC (rev 47410)
+++ data/dla-needed.txt 2016-12-24 15:54:43 UTC (rev 47411)
@@ -100,7 +100,7 @@
--
potrace
--
-python-bottle
+python-bottle (Markus Koschany)
--
qemu (Hugo Lefeuvre)
--
___
Secure-testing-commits mailing list
Secure-testing
@@
--
potrace
--
-python-bottle (Markus Koschany)
---
qemu (Hugo Lefeuvre)
--
qemu-kvm (Hugo Lefeuvre)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo
Author: apo
Date: 2016-12-24 14:56:01 + (Sat, 24 Dec 2016)
New Revision: 47407
Modified:
data/CVE/list
Log:
CVE-2016-9938,asterisk: Mark as no-dsa for Wheezy
Same reasoning as for Jessie. The issue is only applicable in special
environments and when a proxy is in use. This is not the
Author: apo
Date: 2016-12-24 14:53:37 + (Sat, 24 Dec 2016)
New Revision: 47406
Modified:
data/CVE/list
Log:
CVE-2014-4047,asterisk: Fixed in Wheezy in version 1:1.8.13.1~dfsg1-3+deb7u4
Apparently the fix for CVE-2014-4047 is identical to CVE-2014-2286.
UTC (rev 47429)
+++ data/dla-needed.txt 2016-12-25 17:21:18 UTC (rev 47430)
@@ -107,7 +107,7 @@
--
shutter (Christoph Biedl)
--
-squid3
+squid3 (Markus Koschany)
--
tiff
NOTE: Please work in the git repo accessible to all DD (branch master-wheezy
)
--
-squid3 (Markus Koschany)
---
tiff
NOTE: Please work in the git repo accessible to all DD (branch master-wheezy):
NOTE:
https://anonscm.debian.org/cgit/collab-maint/tiff.git/log/?id=refs/heads/master-wheezy
___
Secure-testing-commits mailing
++
+libcrypto++ (Markus Koschany)
--
libdbd-mysql-perl (Chris Lamb)
NOTE: Jessie has almost identical code, would be great to fix as well
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http
)
@@ -43,8 +43,6 @@
NOTE: Upstream should provide new point-releases fixing open security issues
in the next months.
NOTE: Lots of CVEs are open, this is going to take some time. (See
debian-lts ML)
--
-libcrypto++ (Markus Koschany)
---
libdbd-mysql-perl (Chris Lamb)
NOTE: Jessie has
Author: apo
Date: 2016-12-19 08:10:19 + (Mon, 19 Dec 2016)
New Revision: 47213
Modified:
data/dla-needed.txt
Log:
Add squid3 to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-12-19 08:03:08 UTC
UTC (rev 47154)
+++ data/dla-needed.txt 2016-12-16 22:52:30 UTC (rev 47155)
@@ -24,7 +24,7 @@
--
hdf5 (Thorsten Alteholz)
--
-html5lib
+html5lib (Markus Koschany)
--
icedove (Guido Günther)
--
___
Secure-testing-commits mailing list
Secure-testing
21:18:58 UTC (rev 50007)
@@ -52,12 +52,6 @@
NOTE: No known solution as of 2017-01-16.
NOTE: Pinged on 2017-02-06
https://github.com/libical/libical/issues/253#issuecomment-277580552 (lamby)
--
-libplist (Markus Koschany)
- NOTE: Fixed CVE-2017-6435, CVE-2017-6436. CVE-2017-6439 is probably
Author: apo
Date: 2017-03-24 21:40:11 + (Fri, 24 Mar 2017)
New Revision: 50011
Modified:
data/CVE/list
Log:
Revert 50009 because update for libplist was just uploaded
An update for libplist was already prepared for Wheezy. I also think that we
should not mark the other CVEs as no-dsa
Author: apo
Date: 2017-03-24 22:19:40 + (Fri, 24 Mar 2017)
New Revision: 50015
Modified:
data/dla-needed.txt
Log:
Add libplist to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-03-24 22:02:17
(rev 50016)
+++ data/dla-needed.txt 2017-03-24 22:57:18 UTC (rev 50017)
@@ -138,7 +138,7 @@
--
xen
--
-xrdp
+xrdp (Markus Koschany)
--
zoneminder
NOTE: Sql injection and session fixation vulerability fixes:
___
Secure-testing-commits mailing
] - python3.2 3.2.3-7+deb7u1
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-03-27 06:54:29 UTC (rev 50082)
+++ data/dla-needed.txt 2017-03-27 07:34:50 UTC (rev 50083)
@@ -149,8 +149,6 @@
--
xen
--
-xrdp (Markus
Author: apo
Date: 2017-03-25 10:55:19 + (Sat, 25 Mar 2017)
New Revision: 50049
Modified:
data/dla-needed.txt
Log:
Add ca-certificates to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-03-25
UTC (rev 50167)
+++ data/dla-needed.txt 2017-03-29 09:38:02 UTC (rev 50168)
@@ -68,7 +68,7 @@
--
linux
--
-logback
+logback (Markus Koschany)
--
mcollective
NOTE: See https://lists.debian.org/debian-lts/2017/03/msg8.html
___
Secure-testing
Author: apo
Date: 2017-03-29 09:37:32 + (Wed, 29 Mar 2017)
New Revision: 50167
Modified:
data/CVE/list
Log:
CVE-2017-5929,logback: Probably unfixed, waiting for more information
Modified: data/CVE/list
===
--- data/CVE/list
@@
--
partclone
--
-php5 (Markus Koschany)
- NOTE: only one issue at the time of writing (CVE-2016-7478)
- NOTE: backported patch available, but maybe wait for more issues?
- NOTE: -- 2017-02-20 Antoine Beaupre
---
potrace (Hugo Lefeuvre)
NOTE: Try to reproduce CVE-2016-8685/cherry pick the patch
-18 21:22:47 UTC (rev 49781)
+++ data/dla-needed.txt 2017-03-18 21:25:53 UTC (rev 49782)
@@ -56,6 +56,8 @@
NOTE: Pinged on 2017-02-06
https://github.com/libical/libical/issues/253#issuecomment-277580552 (lamby)
--
libplist (Markus Koschany)
+ NOTE: Fixed CVE-2017-6435, CVE-2017-6436. CVE-2017
(rev 49780)
+++ data/dla-needed.txt 2017-03-18 21:22:47 UTC (rev 49781)
@@ -88,7 +88,7 @@
--
partclone
--
-php5
+php5 (Markus Koschany)
NOTE: only one issue at the time of writing (CVE-2016-7478)
NOTE: backported patch available, but maybe wait for more issues?
NOTE: -- 2017-02-20
Author: apo
Date: 2017-03-20 14:43:59 + (Mon, 20 Mar 2017)
New Revision: 49850
Modified:
data/CVE/list
Log:
CVE-2015-8994,php5: Wheezy is not affected
The OPcache feature was introduced in php5 >= 5.5. The vulnerable code is not
present in Wheezy.
Modified: data/CVE/list
Author: apo
Date: 2017-03-17 12:37:55 + (Fri, 17 Mar 2017)
New Revision: 49740
Modified:
data/dla-needed.txt
Log:
Remove mupdf from dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-03-17 12:37:02
Author: apo
Date: 2017-03-17 12:37:02 + (Fri, 17 Mar 2017)
New Revision: 49739
Modified:
data/CVE/list
Log:
CVE-2017-5991,mupdf: Mark as not-affected for Wheezy
Issue is not reproducible with test case. Vulnerable code not present
Modified: data/CVE/list
UTC (rev 49740)
+++ data/dla-needed.txt 2017-03-17 13:05:09 UTC (rev 49741)
@@ -53,6 +53,8 @@
NOTE: No known solution as of 2017-01-16.
NOTE: Pinged on 2017-02-06
https://github.com/libical/libical/issues/253#issuecomment-277580552 (lamby)
--
+libplist (Markus Koschany)
+--
libpodofo
49736)
@@ -121,8 +121,6 @@
--
web2py (Brian May)
--
-wordpress (Markus Koschany)
---
xbmc
NOTE: under reserve, could not reproduce with 2:12.3+dfsg1-3ubuntu1, which
is newer than the Wheezy version
NOTE: no mail to maintainer yet
___
Secure
:19:49 UTC (rev 50349)
+++ data/dla-needed.txt 2017-04-04 18:52:27 UTC (rev 50350)
@@ -13,7 +13,7 @@
apng2gif
NOTE: 24031017: No upstream patch available yet. Have pinged bug#.
--
-bouncycastle
+bouncycastle (Markus Koschany)
--
ca-certificates
NOTE: maintainer will handle the upload, see
NOTE: 24031017: No upstream patch available yet. Have pinged bug#.
--
-bouncycastle (Markus Koschany)
---
ca-certificates
NOTE: maintainer will handle the upload, see
https://lists.debian.org/1acb8e97-8c9f-8b54-348c-0c12f53a8...@pbandjelly.org
Author: apo
Date: 2017-04-10 19:36:12 + (Mon, 10 Apr 2017)
New Revision: 50547
Modified:
data/CVE/list
Log:
CVE-2017-7614,binutils: Minor issue no-dsa for Wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2017-04-10
301 - 400 of 799 matches
Mail list logo