Author: apo
Date: 2017-04-10 20:20:14 + (Mon, 10 Apr 2017)
New Revision: 50551
Modified:
data/dla-needed.txt
Log:
Add tiff and tiff3 to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-04-10
UTC (rev 50573)
+++ data/dla-needed.txt 2017-04-11 14:08:38 UTC (rev 50574)
@@ -116,6 +116,8 @@
--
tiff3
--
+tomcat7 (Markus Koschany)
+--
web2py
NOTE: Unclear if these bugs have been fixed or when.
NOTE: No response to upstream bug report
Author: apo
Date: 2017-04-14 22:01:40 + (Fri, 14 Apr 2017)
New Revision: 50683
Modified:
data/CVE/list
Log:
Triage elfutils for Wheezy
CVE-2017-7607 and CVE-2017-7609 do not affect Wheezy, the rest is too minor
Modified: data/CVE/list
Author: apo
Date: 2017-04-14 22:08:38 + (Fri, 14 Apr 2017)
New Revision: 50684
Modified:
data/dla-needed.txt
Log:
Add libosip2 to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-04-14 22:01:40
Author: apo
Date: 2017-04-16 22:17:30 + (Sun, 16 Apr 2017)
New Revision: 50706
Modified:
data/dla-needed.txt
Log:
Add heimdal to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-04-16 21:51:49
-needed.txt 2017-04-16 21:10:13 UTC (rev 50704)
+++ data/dla-needed.txt 2017-04-16 21:51:49 UTC (rev 50705)
@@ -45,6 +45,8 @@
NOTE: 20170324: more information needed for open CVEs.
--
libpodofo (Markus Koschany)
+ NOTE: Waiting for more upstream fixes and will release the update in the last
-needed.txt 2017-04-16 22:17:30 UTC (rev 50706)
+++ data/dla-needed.txt 2017-04-16 22:18:50 UTC (rev 50707)
@@ -20,10 +20,14 @@
--
chicken
--
+feh (Markus Koschany)
+--
firefox-esr (Emilio Pozuelo)
NOTE: no update needed yet, but next update will be for ESR 52 as ESR 45 is
now
NOTE: EOL. I have
Author: apo
Date: 2017-04-16 22:23:21 + (Sun, 16 Apr 2017)
New Revision: 50708
Modified:
data/dla-needed.txt
Log:
Add icu to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-04-16 22:18:50 UTC
Author: apo
Date: 2017-04-17 15:13:58 + (Mon, 17 Apr 2017)
New Revision: 50724
Modified:
data/CVE/list
Log:
CVE-2017-7864,freetype: Wheezy is not affected
CFF2 support was introduced later (2016-12-15)
Modified: data/CVE/list
, but next update will be for ESR 52 as ESR 45 is
now
NOTE: EOL. I have already started to look at ESR 52 to anticipate any
problems
--
-freetype (Markus Koschany)
---
ghostscript (Raphaël Hertzog)
NOTE: 20170407: Have fixed package for CVE-2016-10219 CVE-2016-10220 and
CVE-2017-5951.
NOTE
@@
--
chicken
--
-feh (Markus Koschany)
---
firefox-esr (Emilio Pozuelo)
NOTE: no update needed yet, but next update will be for ESR 52 as ESR 45 is
now
NOTE: EOL. I have already started to look at ESR 52 to anticipate any
problems
:30 UTC (rev 50726)
+++ data/dla-needed.txt 2017-04-17 16:35:13 UTC (rev 50727)
@@ -36,7 +36,7 @@
--
icu
--
-imagemagick
+imagemagick (Markus Koschany)
--
jasper (Thorsten Alteholz)
--
___
Secure-testing-commits mailing list
Secure-testing-commits
UTC (rev 50886)
+++ data/dla-needed.txt 2017-04-21 16:06:26 UTC (rev 50887)
@@ -109,7 +109,7 @@
--
tiff (Markus Koschany)
--
-tiff3
+tiff3 (Markus Koschany)
--
tomcat7 (Markus Koschany)
NOTE: https://lists.debian.org/debian-lts/2017/04/msg00044.html
xcpu.org>
-From 24-07 to 30-07:
-From 31-07 to 06-08:
+From 24-07 to 30-07:Markus Koschany <a...@debian.org>
+From 31-07 to 06-08:Markus Koschany <a...@debian.org>
From 07-08 to 13-08:Chris Lamb <ch...@chris-lamb.co.uk>
From 14-08 to 20-08:Ola Lundqvist <o...@debian.org&
(rev 50852)
+++ data/dla-needed.txt 2017-04-20 14:54:31 UTC (rev 50853)
@@ -110,7 +110,7 @@
NOTE: from my point of view backporting the introduction of these new
members to this old
NOTE: version is way to invasive and such this should be marked as
--
-tiff
+tiff (Markus Koschany
@@
--
icu (Thorsten Alteholz)
--
-imagemagick (Markus Koschany)
---
jasper (Thorsten Alteholz)
--
libav (Hugo Lefeuvre)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin
:10 UTC (rev 50760)
+++ data/dla-needed.txt 2017-04-18 17:32:45 UTC (rev 50761)
@@ -126,13 +126,6 @@
tomcat7 (Markus Koschany)
NOTE: https://lists.debian.org/debian-lts/2017/04/msg00044.html
--
-web2py
- NOTE: Unclear if these bugs have been fixed or when.
- NOTE: No response to upstream bug
Author: apo
Date: 2017-04-18 17:32:10 + (Tue, 18 Apr 2017)
New Revision: 50760
Modified:
data/CVE/list
Log:
web2py issues: Follow Jessie, no-dsa for Wheezy
The admin application is not used in production hence the security impact is
quite low.
Modified: data/CVE/list
information needed for open CVEs.
+libplist (Markus Koschany)
--
libpodofo (Markus Koschany)
NOTE: Waiting for more upstream fixes and will release the update in the last
___
Secure-testing-commits mailing list
Secure-testing-commits
:23 UTC (rev 50802)
+++ data/dla-needed.txt 2017-04-19 13:25:48 UTC (rev 50803)
@@ -46,8 +46,6 @@
NOTE: Pinged on 2017-02-06
https://github.com/libical/libical/issues/253#issuecomment-277580552 (lamby)
NOTE: Unclear, which reproducer belongs to which bug.
--
-libplist (Markus Koschany
Author: apo
Date: 2017-04-19 13:25:23 + (Wed, 19 Apr 2017)
New Revision: 50802
Modified:
data/CVE/list
Log:
Remaining libplist issues do not affect Wheezy
The affected sanity checks either do not exist in Wheezy or do not use 64-bit
seizes hence the envisaged interger-overflow situation
Author: apo
Date: 2017-04-23 19:57:15 + (Sun, 23 Apr 2017)
New Revision: 50969
Modified:
data/CVE/list
Log:
Revert 50966. CVE-2017-6949,chicken was fixed in DLA-908-1
Modified: data/CVE/list
===
--- data/CVE/list
(rev 49517)
+++ data/dla-needed.txt 2017-03-08 20:33:41 UTC (rev 49518)
@@ -123,6 +123,8 @@
web2py
NOTE: added 2017-02-25, please give maintainer some time to respond
--
+wget
+--
wireshark (Balint Reczey)
--
wordpress (Markus Koschany)
___
Secure
:02 UTC (rev 49609)
+++ data/dla-needed.txt 2017-03-12 16:22:15 UTC (rev 49610)
@@ -109,6 +109,8 @@
--
r-base
--
+roundcube (Markus Koschany)
+--
sane-backends (Jörg Frings-Fürst)
--
slurm-llnl
___
Secure-testing-commits mailing list
Secure-testing
UTC (rev 49579)
+++ data/dla-needed.txt 2017-03-11 01:09:32 UTC (rev 49580)
@@ -92,6 +92,8 @@
NOTE: backported patch available, but maybe wait for more issues?
NOTE: -- 2017-02-20 Antoine Beaupre
--
+pidgin (Markus Koschany)
+--
potrace (Hugo Lefeuvre)
NOTE: Try to reproduce CVE-2016-8685
UTC (rev 49587)
+++ data/dla-needed.txt 2017-03-11 11:57:10 UTC (rev 49588)
@@ -92,8 +92,6 @@
NOTE: backported patch available, but maybe wait for more issues?
NOTE: -- 2017-02-20 Antoine Beaupre
--
-pidgin (Markus Koschany)
---
potrace (Hugo Lefeuvre)
NOTE: Try to reproduce CVE-2016
+65,6 @@
--
libytnef (Thorsten Alteholz)
--
-libzip-ruby (Markus Koschany)
---
linux
--
mcollective
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure
Author: apo
Date: 2017-03-06 20:51:52 + (Mon, 06 Mar 2017)
New Revision: 49457
Modified:
data/dla-needed.txt
Log:
Add freetype to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-03-06 20:35:02
Author: apo
Date: 2017-03-06 20:58:51 + (Mon, 06 Mar 2017)
New Revision: 49459
Modified:
data/CVE/list
Log:
CVE-2017-6497,imagemagick: Wheezy is not affected
Modified: data/CVE/list
===
--- data/CVE/list 2017-03-06
Author: apo
Date: 2017-03-06 21:08:09 + (Mon, 06 Mar 2017)
New Revision: 49460
Modified:
data/CVE/list
Log:
CVE-2017-6499,imagemagick: Wheezy is not affected
Modified: data/CVE/list
===
--- data/CVE/list 2017-03-06
Author: apo
Date: 2017-03-06 21:39:54 + (Mon, 06 Mar 2017)
New Revision: 49463
Modified:
data/CVE/list
Log:
CVE-2017-6501,imagemagick: Wheezy is not affected.
The DestroyImage function is not called at this point so there is no need for a
NULL pointer check.
Modified: data/CVE/list
Author: apo
Date: 2017-03-06 21:40:49 + (Mon, 06 Mar 2017)
New Revision: 49464
Modified:
data/dla-needed.txt
Log:
Add imagemagick to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-03-06
Author: apo
Date: 2017-03-06 22:48:56 + (Mon, 06 Mar 2017)
New Revision: 49466
Modified:
data/dla-needed.txt
Log:
Add qbittorrent to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-03-06
Author: apo
Date: 2017-03-07 11:05:33 + (Tue, 07 Mar 2017)
New Revision: 49479
Modified:
data/dla-needed.txt
Log:
Add bluez to dla-needed.txt but suggest to wait
for more important issues
Modified: data/dla-needed.txt
===
Author: apo
Date: 2017-03-07 09:36:20 + (Tue, 07 Mar 2017)
New Revision: 49475
Modified:
data/CVE/list
Log:
CVE-2016-10228,eglibc in Wheezy minor issue
Modified: data/CVE/list
===
--- data/CVE/list 2017-03-07 09:10:14
:15 UTC (rev 49480)
+++ data/dla-needed.txt 2017-03-07 11:16:57 UTC (rev 49481)
@@ -126,6 +126,8 @@
--
wireshark (Balint Reczey)
--
+wordpress (Markus Koschany)
+--
xbmc
NOTE: under reserve, could not reproduce with 2:12.3+dfsg1-3ubuntu1, which
is newer than the Wheezy version
NOTE: no mail
Author: apo
Date: 2017-03-06 09:30:35 + (Mon, 06 Mar 2017)
New Revision: 49437
Modified:
data/CVE/list
Log:
CVE-2016-10228,glibc: Mark as no-dsa (minor issue)
Modified: data/CVE/list
===
--- data/CVE/list 2017-03-06
:35 UTC (rev 49437)
+++ data/dla-needed.txt 2017-03-06 09:43:20 UTC (rev 49438)
@@ -65,6 +65,8 @@
--
libytnef (Thorsten Alteholz)
--
+libzip-ruby (Markus Koschany)
+--
linux
--
mcollective
___
Secure-testing-commits mailing list
Secure-testing
Author: apo
Date: 2017-03-06 08:45:37 + (Mon, 06 Mar 2017)
New Revision: 49429
Modified:
data/dla-needed.txt
Log:
Add vim to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-03-06 06:56:51 UTC
Author: apo
Date: 2017-03-06 08:59:22 + (Mon, 06 Mar 2017)
New Revision: 49430
Modified:
data/dla-needed.txt
Log:
Add texlive-base to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-03-06
Author: apo
Date: 2017-03-06 09:23:07 + (Mon, 06 Mar 2017)
New Revision: 49436
Modified:
data/dla-needed.txt
Log:
Add suricata to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-03-06 09:22:33
Author: apo
Date: 2017-03-06 09:22:33 + (Mon, 06 Mar 2017)
New Revision: 49435
Modified:
data/CVE/list
Log:
suricata: Mark one issue as not-affected in Wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2017-03-06
Author: apo
Date: 2017-04-08 14:10:53 + (Sat, 08 Apr 2017)
New Revision: 50470
Modified:
data/CVE/list
data/dla-needed.txt
Log:
CVE-2016-10169,wavpack: Mark as no-dsa for Wheezy
According to upstream two of the three fixes only apply to versions since 4.80.
: https://sourceforge.net/p/podofo/mailman/message/35692197/
+libpodofo (Markus Koschany)
--
libreoffice (Emilio Pozuelo)
NOTE: Rene (maintainer) is working on the patch since the proposed one seems
to be incomplete
___
Secure-testing-commits mailing
-07 21:42:15 UTC (rev 50454)
@@ -71,8 +71,6 @@
--
linux
--
-logback (Markus Koschany)
---
mcollective
NOTE: See https://lists.debian.org/debian-lts/2017/03/msg8.html
--
___
Secure-testing-commits mailing list
Secure-testing-commits
Author: apo
Date: 2017-04-14 21:27:18 + (Fri, 14 Apr 2017)
New Revision: 50682
Modified:
data/dla-needed.txt
Log:
Add imagemagick to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-04-14
Author: apo
Date: 2017-04-14 21:05:21 + (Fri, 14 Apr 2017)
New Revision: 50678
Modified:
data/dla-needed.txt
Log:
Add wireshark to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-04-14 17:31:39
Author: apo
Date: 2017-07-31 15:56:31 + (Mon, 31 Jul 2017)
New Revision: 54132
Modified:
data/CVE/list
Log:
CVE-2017-11671,gcc-4.6,gcc-4.7: no-dsa for Wheezy, minor issue
Modified: data/CVE/list
===
--- data/CVE/list
@@
rbenv
NOTE: .ruby-version is .rbenv-version in wheezy
--
-supervisor (Markus Koschany)
---
spice
NOTE: CVE-2017-7506 already fixed in jessie. Can take patch there.
NOTE: (Markus Koschany) Patch from Jessie does not apply. Function
___
Secure
Author: apo
Date: 2017-07-31 12:01:36 + (Mon, 31 Jul 2017)
New Revision: 54126
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Mark teamspeak-server and teamspeak-client as end-of-life.
Non-free is not supported
Modified: data/CVE/list
Author: apo
Date: 2017-07-31 12:42:49 + (Mon, 31 Jul 2017)
New Revision: 54130
Modified:
data/dla-needed.txt
Log:
Add fontforge to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-07-31 12:35:16
Author: apo
Date: 2017-07-31 12:49:44 + (Mon, 31 Jul 2017)
New Revision: 54131
Modified:
data/dla-needed.txt
Log:
Add ghostscript to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-07-31
:31 UTC (rev 54132)
+++ data/dla-needed.txt 2017-07-31 16:38:32 UTC (rev 54133)
@@ -40,7 +40,7 @@
--
freerdp
--
-ghostscript
+ghostscript (Markus Koschany)
--
imagemagick (Roberto C. Sánchez)
NOTE: 20170726, still working but more issues shows up every few days (up to
40 now
Author: apo
Date: 2017-07-30 13:33:41 + (Sun, 30 Jul 2017)
New Revision: 54073
Modified:
data/CVE/list
Log:
CVE-2017-10800,graphicsmagick: Mark as no-dsa for Wheezy
Follow Jessie
Modified: data/CVE/list
===
---
Author: apo
Date: 2017-07-30 13:29:25 + (Sun, 30 Jul 2017)
New Revision: 54072
Modified:
data/CVE/list
Log:
CVE-2017-10794,graphicsmagick: Wheezy is not affected
The QuantumTransferMode function does not accept samples_per_pixel in Wheezy.
There is no need for comparisons and an overflow
Author: apo
Date: 2017-07-30 13:50:27 + (Sun, 30 Jul 2017)
New Revision: 54074
Modified:
data/CVE/list
Log:
CVE-2017-11139,graphicsmagick: Wheezy is not affected
The vulnerable code was introduced to fix CVE-2017-11102. Since we don't
refactor the code because the DestroyJNGInfo function
Author: apo
Date: 2017-07-31 18:26:43 + (Mon, 31 Jul 2017)
New Revision: 54135
Modified:
data/CVE/list
Log:
CVE-2017-7207,ghostscript: Remove no-dsa tag for Wheezy
Will be fixed with the upcoming security release.
Modified: data/CVE/list
:37:57 UTC (rev 54156)
+++ data/dla-needed.txt 2017-08-01 08:02:32 UTC (rev 54157)
@@ -40,8 +40,6 @@
--
freerdp
--
-ghostscript (Markus Koschany)
---
imagemagick (Roberto C. Sánchez)
NOTE: 20170726, still working but more issues shows up every few days (up to
40 now
Author: apo
Date: 2017-08-01 08:35:19 + (Tue, 01 Aug 2017)
New Revision: 54162
Modified:
data/CVE/list
Log:
CVE-2017-11747,tinyproxy: no-dsa for Wheezy
Minor issue
Modified: data/CVE/list
===
--- data/CVE/list
Author: apo
Date: 2017-08-02 11:49:31 + (Wed, 02 Aug 2017)
New Revision: 54196
Modified:
data/CVE/list
Log:
CVE-2017-12061, CVE-2017-12062, mantis. Mark as end-of-life in Wheezy
Not supported
Modified: data/CVE/list
===
---
Author: apo
Date: 2017-08-02 12:06:51 + (Wed, 02 Aug 2017)
New Revision: 54198
Modified:
data/CVE/list
Log:
Add link to upstream bug report for sox issues.
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-02
===
--- data/dla-needed.txt 2017-08-03 12:20:43 UTC (rev 54227)
+++ data/dla-needed.txt 2017-08-03 12:34:54 UTC (rev 54228)
@@ -166,6 +166,9 @@
NOTE: 20170711, Version 3.9.6-11+deb7u7 fixes CVE-2017-9936 (DLA-1023-1)
NOTE: CVE-2017-9935 is still unresolved upstream
--
+varnish (Markus Koschany
(rev 54641)
+++ data/dla-needed.txt 2017-08-11 19:59:13 UTC (rev 54642)
@@ -50,6 +50,8 @@
NOTE: CVE-2017-10983 is in fr_dhcp_decode since fr_dhcp_decode_options
doesn't exist yet
--
freerdp (Markus Koschany)
+ NOTE: I need to contact upstream because only half of the patch applies to
+ NOTE
(rev 54639)
+++ data/dla-needed.txt 2017-08-11 19:55:59 UTC (rev 54640)
@@ -53,7 +53,7 @@
--
giflib
--
-git
+git (Markus Koschany)
--
gnupg
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http
Author: apo
Date: 2017-07-17 20:52:24 + (Mon, 17 Jul 2017)
New Revision: 53591
Modified:
data/CVE/list
Log:
CVE-2017-11142, php5: Wheezy is not affected
Vulnerable code is not present
Modified: data/CVE/list
===
---
-07-17 20:52:24 UTC (rev 53591)
+++ data/dla-needed.txt 2017-07-17 20:56:56 UTC (rev 53592)
@@ -124,6 +124,7 @@
NOTE: 20170707: Pinged upstream (lamby)
--
php5 (Markus Koschany)
+ NOTE: A few more tests. Release date either 18.07 or 19.07.
--
poppler
NOTE: patch available for CVE-2017-9865
version
NOTE: 20170708: still no patch available yet (lamby)
--
-jetty8 (Markus Koschany)
---
libav
NOTE: Diego Biurrun (from the libav team) is working on patches.
NOTE: undetermined issues are currently being triaged (Diego Biurrun and
Hugo Lefeuvre
the same version
NOTE: 20170708: still no patch available yet (lamby)
--
-jetty (Markus Koschany)
---
jetty8 (Markus Koschany)
--
libav
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http
(rev 53354)
+++ data/dla-needed.txt 2017-07-09 21:19:56 UTC (rev 53355)
@@ -123,7 +123,7 @@
openexr
NOTE: 20170707: Pinged upstream (lamby)
--
-php5
+php5 (Markus Koschany)
--
poppler
NOTE: patch available for CVE-2017-9865 but not fixed upstream
UTC (rev 53732)
@@ -142,9 +142,6 @@
phamm
NOTE: no upstream fixed yet, therefore maintainers not yet contacted
--
-php5 (Markus Koschany)
- NOTE: A few more tests. Release date either 18.07 or 19.07.
---
poppler (Emilio Pozuelo)
NOTE: patch available for CVE-2017-9865 but not fixed
UTC (rev 53733)
+++ data/dla-needed.txt 2017-07-21 08:44:27 UTC (rev 53734)
@@ -165,7 +165,7 @@
rkhunter (Thorsten Alteholz)
NOTE: 20170702 sent email to maintainer
--
-spice
+spice (Markus Koschany)
NOTE: CVE-2017-7506 already fixed in jessie. Can take patch there.
--
swftools
)
--
-catdoc (Markus Koschany)
---
check-mk
NOTE: the code is different in wheezy but from a cursory look, there
NOTE: might be multiple places where error messages are not properly
___
Secure-testing-commits mailing list
Secure-testing-commits
(Emilio Pozuelo)
--
+catdoc (Markus Koschany)
+--
check-mk
NOTE: the code is different in wheezy but from a cursory look, there
NOTE: might be multiple places where error messages are not properly
___
Secure-testing-commits mailing list
Secure
/dla-needed.txt 2017-07-24 18:08:24 UTC (rev 53865)
@@ -46,8 +46,6 @@
--
graphicsmagick
--
-gsoap (Markus Koschany)
---
imagemagick (Roberto C. Sánchez)
--
ipsec-tools
___
Secure-testing-commits mailing list
Secure-testing-commits
:08:24 UTC (rev 53865)
+++ data/dla-needed.txt 2017-07-24 18:11:01 UTC (rev 53866)
@@ -44,7 +44,7 @@
freeradius
NOTE: CVE-2017-10983 is in fr_dhcp_decode since fr_dhcp_decode_options
doesn't exist yet
--
-graphicsmagick
+graphicsmagick (Markus Koschany)
--
imagemagick (Roberto C. Sánchez
Author: apo
Date: 2017-07-27 20:24:34 + (Thu, 27 Jul 2017)
New Revision: 54013
Modified:
data/DLA/list
Log:
Reserve DLA-613-2 for roundcube
Modified: data/DLA/list
===
--- data/DLA/list 2017-07-27 19:11:41 UTC (rev
:24 UTC (rev 53856)
+++ data/dla-needed.txt 2017-07-24 13:13:33 UTC (rev 53857)
@@ -171,8 +171,11 @@
rkhunter (Thorsten Alteholz)
NOTE: 20170702 sent email to maintainer
--
-spice (Markus Koschany)
+spice
NOTE: CVE-2017-7506 already fixed in jessie. Can take patch there.
+ NOTE: (Markus
UTC (rev 53857)
+++ data/dla-needed.txt 2017-07-24 13:18:30 UTC (rev 53858)
@@ -46,7 +46,7 @@
--
graphicsmagick
--
-gsoap
+gsoap (Markus Koschany)
--
imagemagick (Roberto C. Sánchez)
--
___
Secure-testing-commits mailing list
Secure-testing-commits
Author: apo
Date: 2017-06-29 15:37:59 + (Thu, 29 Jun 2017)
New Revision: 53014
Modified:
data/CVE/list
Log:
CVE-2017-2666,undertow: link to patch
Modified: data/CVE/list
===
--- data/CVE/list 2017-06-29 13:45:25 UTC
)
+++ data/dla-needed.txt 2017-07-05 11:32:22 UTC (rev 53185)
@@ -40,8 +40,6 @@
--
graphicsmagick
--
-graphite2 (Markus Koschany)
---
icedove
NOTE: I think Guido will do the upload
--
___
Secure-testing-commits mailing list
Secure-testing-commits
===
--- data/dla-needed.txt 2017-04-24 07:38:04 UTC (rev 50981)
+++ data/dla-needed.txt 2017-04-24 08:26:34 UTC (rev 50982)
@@ -107,8 +107,6 @@
--
squirrelmail (Antoine Beaupré)
--
-tiff (Markus Koschany)
---
tiff3 (Markus Koschany)
--
tomcat7 (Markus Koschany
Author: apo
Date: 2017-04-24 09:49:31 + (Mon, 24 Apr 2017)
New Revision: 50985
Modified:
data/CVE/list
Log:
CVE-2017-7592,tiff3: Wheezy is not affected
The affected function is DECLAREContigPutFunc(putgreytile)
in this version. However there is no left-shift hence no undefined behavior.
===
--- data/dla-needed.txt 2017-04-24 10:06:51 UTC (rev 50987)
+++ data/dla-needed.txt 2017-04-24 10:08:17 UTC (rev 50988)
@@ -107,8 +107,6 @@
--
squirrelmail (Antoine Beaupré)
--
-tiff3 (Markus Koschany)
---
tomcat7 (Markus Koschany
Author: apo
Date: 2017-04-24 10:06:51 + (Mon, 24 Apr 2017)
New Revision: 50987
Modified:
data/CVE/list
Log:
CVE-2017-7602,tiff3: Wheezy is not affected
Not reproducible and code is different
Modified: data/CVE/list
===
---
Author: apo
Date: 2017-04-24 09:53:55 + (Mon, 24 Apr 2017)
New Revision: 50986
Modified:
data/CVE/list
Log:
CVE-2017-7598,tiff3: Wheezy is not affected.
Vulnerable code is not present
Modified: data/CVE/list
===
---
/dla-needed.txt 2017-04-24 10:08:17 UTC (rev 50988)
+++ data/dla-needed.txt 2017-04-24 10:41:28 UTC (rev 50989)
@@ -10,6 +10,8 @@
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
+activemq (Markus Koschany)
+--
apng2gif
NOTE: 24031017: No upstream patch available yet
)
+++ data/dla-needed.txt 2017-04-24 11:24:25 UTC (rev 50990)
@@ -10,8 +10,6 @@
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
-activemq (Markus Koschany)
---
apng2gif
NOTE: 24031017: No upstream patch available yet. Have pinged bug
@@
NOTE: maintainer contacted 2017-04-26
NOTE: reproducer doesn't crash server in a test VM - ?
--anarcat
--
-tomcat7 (Markus Koschany)
- NOTE: https://lists.debian.org/debian-lts/2017/04/msg00044.html
---
wireshark
NOTE: maintainer *may* take care of this, as previously
: maintainer contacted 20170428
+mysql-connector-java (Markus Koschany)
--
mysql-connector-python
NOTE: Brian May is one of the maintainers
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org
reproducer belongs to which bug.
--
-libpodofo (Markus Koschany)
- NOTE: Waiting for more upstream fixes and will release the update in the last
-week of April.
---
linux
--
mcollective
___
Secure-testing-commits mailing list
Secure-testing-commits
Author: apo
Date: 2017-04-29 16:31:07 + (Sat, 29 Apr 2017)
New Revision: 51185
Modified:
data/CVE/list
Log:
Remove no-dsa for some libpodofo issues in Wheezy
Will be fixed with an upcoming DLA
Modified: data/CVE/list
===
Author: apo
Date: 2017-08-06 01:09:16 + (Sun, 06 Aug 2017)
New Revision: 54339
Modified:
data/CVE/list
Log:
Mark binutils issues as no-dsa for Wheezy
Follow Jessie and Stretch. Minor issue.
Modified: data/CVE/list
===
---
Author: apo
Date: 2017-08-06 01:18:41 + (Sun, 06 Aug 2017)
New Revision: 54340
Modified:
data/CVE/list
Log:
Mark smplayer issue as not-affected in Wheezy.
Vulnerable code is not present. No Javascript is executed.
Modified: data/CVE/list
Author: apo
Date: 2017-08-06 01:30:39 + (Sun, 06 Aug 2017)
New Revision: 54342
Modified:
data/CVE/list
Log:
CVE-2017-9545,mpg123: Mark Wheezy as no-dsa
Minor issue, follow Jessie and Stretch.
Modified: data/CVE/list
===
---
Author: apo
Date: 2017-08-06 01:49:03 + (Sun, 06 Aug 2017)
New Revision: 54343
Modified:
data/CVE/list
Log:
CVE-2017-12424,shadow: Mark as no-dsa for Wheezy.
Follow Jessie and Stretch.
Modified: data/CVE/list
===
---
Author: apo
Date: 2017-08-06 01:23:19 + (Sun, 06 Aug 2017)
New Revision: 54341
Modified:
data/CVE/list
Log:
CVE-2017-11551,libid3tag: Mark as no-dsa for Wheezy.
Null-pointer dereference. Minor issue.
Modified: data/CVE/list
:45 UTC (rev 54103)
+++ data/dla-needed.txt 2017-07-30 20:03:10 UTC (rev 54104)
@@ -138,6 +138,8 @@
rbenv
NOTE: .ruby-version is .rbenv-version in wheezy
--
+supervisor (Markus Koschany)
+--
spice
NOTE: CVE-2017-7506 already fixed in jessie. Can take patch there.
NOTE: (Markus Koschany
Author: apo
Date: 2017-07-30 20:40:57 + (Sun, 30 Jul 2017)
New Revision: 54108
Modified:
data/CVE/list
Log:
CVE-2017-11627, CVE-2017-11626, CVE-2017-11625, CVE-2017-11624,qpdf: no-dsa in
Wheezy. Looks like this is a DoS via a crafted file only. Could be fixed later
if more serious issues
Author: apo
Date: 2017-07-30 17:54:05 + (Sun, 30 Jul 2017)
New Revision: 54084
Modified:
data/CVE/list
Log:
CVE-2017-11654,CVE-2017-11655,sipcrack: Mark as no-dsa for Wheezy
Follow Jessie, minor issue
Modified: data/CVE/list
Author: apo
Date: 2017-07-30 14:12:17 + (Sun, 30 Jul 2017)
New Revision: 54075
Modified:
data/CVE/list
Log:
CVE-2017-11722,graphicsmagick: Wheezy is not affected
Vulnerable code not present
Modified: data/CVE/list
===
---
401 - 500 of 799 matches
Mail list logo