[Secure-testing-commits] r42455 - in data: . DLA

) @@ -40,8 +40,6 @@ -- libstruts1.2-java -- -libtorrent-rasterbar (Markus Koschany) --- libxslt (Emilio Pozuelo) -- linux ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin

[Secure-testing-commits] r42477 - data

. Check if other issues apply too. - NOTE: One maintainer suggests to update to the stable 1.0.x branch - NOTE: https://lists.debian.org/debian-lts/2016/05/msg00016.html +roundcube (Markus Koschany) -- ruby-actionpack-3.2 (Guido Günther) -- ___ Secu

[Secure-testing-commits] r42647 - data

Author: apo Date: 2016-06-20 11:29:20 + (Mon, 20 Jun 2016) New Revision: 42647 Modified: data/dla-needed.txt Log: Add clamav to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-20 04:51:03 UTC

[Secure-testing-commits] r42649 - data

-06-20 11:33:11 UTC (rev 42648) +++ data/dla-needed.txt 2016-06-20 11:54:13 UTC (rev 42649) @@ -33,6 +33,8 @@ icu (Roberto C. Sánchez) NOTE: check comments on CVE-2016-0494 as well -- +libarchive (Markus Koschany) +-- libjackson-json-java -- libspring-java

[Secure-testing-commits] r42650 - data/CVE

Author: apo Date: 2016-06-20 12:03:40 + (Mon, 20 Jun 2016) New Revision: 42650 Modified: data/CVE/list Log: CVE-2016-4970: wheezy is not affected. Same version as in Jessie. Modified: data/CVE/list === --- data/CVE/list

[Secure-testing-commits] r42657 - data

-06-20 17:39:07 UTC (rev 42656) +++ data/dla-needed.txt 2016-06-20 17:42:36 UTC (rev 42657) @@ -43,7 +43,7 @@ -- mat -- -mysql-connector-java +mysql-connector-java (Markus Koschany) -- nss NOTE: Not 100% this applies to wheezy yet; can't find the changeset and the diff between NSS 3.2

[Secure-testing-commits] r42668 - data/CVE

Author: apo Date: 2016-06-20 22:22:19 + (Mon, 20 Jun 2016) New Revision: 42668 Modified: data/CVE/list Log: CVE-2016-3189, bzip2: Minor issue, no DLA Modified: data/CVE/list === --- data/CVE/list 2016-06-20 21:10:06 UTC

[Secure-testing-commits] r42699 - data

: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-22 17:42:19 UTC (rev 42698) +++ data/dla-needed.txt 2016-06-22 18:48:00 UTC (rev 42699) @@ -35,6 +35,8 @@ -- libarchive (Markus Koschany) -- +libcommons-fileupload-java

[Secure-testing-commits] r42700 - data/CVE

Author: apo Date: 2016-06-22 18:49:59 + (Wed, 22 Jun 2016) New Revision: 42700 Modified: data/CVE/list Log: CVE-2016-3092: Add links to fix and upstream advisory Modified: data/CVE/list === --- data/CVE/list 2016-06-22

[Secure-testing-commits] r42701 - data/CVE

Author: apo Date: 2016-06-22 19:03:24 + (Wed, 22 Jun 2016) New Revision: 42701 Modified: data/CVE/list Log: CVE-2016-1621: libvpx in Wheezy is not affected vulnerable code is not present because webm module not yet included Modified: data/CVE/list

[Secure-testing-commits] r42702 - data/CVE

Author: apo Date: 2016-06-22 19:37:58 + (Wed, 22 Jun 2016) New Revision: 42702 Modified: data/CVE/list Log: CVE-2016-4493: Mark vulnerability as no-dsa for Wheezy Modified: data/CVE/list === --- data/CVE/list 2016-06-2

[Secure-testing-commits] r42703 - data/CVE

Author: apo Date: 2016-06-22 20:03:27 + (Wed, 22 Jun 2016) New Revision: 42703 Modified: data/CVE/list Log: CVE-2016-4492: Mark vulnerability in Wheezy as no-dsa Modified: data/CVE/list === --- data/CVE/list 2016-06-22

[Secure-testing-commits] r42705 - data/CVE

Author: apo Date: 2016-06-22 22:25:58 + (Wed, 22 Jun 2016) New Revision: 42705 Modified: data/CVE/list Log: CVE-2016-4491: Mark vulnerability as no-dsa for Wheezy Modified: data/CVE/list === --- data/CVE/list 2016-06-22

[Secure-testing-commits] r42706 - data/CVE

Author: apo Date: 2016-06-22 22:28:15 + (Wed, 22 Jun 2016) New Revision: 42706 Modified: data/CVE/list Log: CVE-2016-4490: Mark vulnerability as no-dsa for Wheezy Modified: data/CVE/list === --- data/CVE/list 2016-06-22

[Secure-testing-commits] r42707 - data/CVE

Author: apo Date: 2016-06-22 22:30:16 + (Wed, 22 Jun 2016) New Revision: 42707 Modified: data/CVE/list Log: CVE-2016-4489: Mark vulnerability as no-dsa for Wheezy Modified: data/CVE/list === --- data/CVE/list 2016-06-2

[Secure-testing-commits] r42708 - data/CVE

Author: apo Date: 2016-06-22 22:32:29 + (Wed, 22 Jun 2016) New Revision: 42708 Modified: data/CVE/list Log: CVE-2016-4488: Mark vulnerability as no-dsa for Wheezy Modified: data/CVE/list === --- data/CVE/list 2016-06-22

[Secure-testing-commits] r42709 - data/CVE

Author: apo Date: 2016-06-22 22:37:51 + (Wed, 22 Jun 2016) New Revision: 42709 Modified: data/CVE/list Log: CVE-2016-4487: Mark vulnerability as no-dsa for Wheezy. Modified: data/CVE/list === --- data/CVE/list 2016-06-2

[Secure-testing-commits] r42710 - data/CVE

Author: apo Date: 2016-06-22 22:41:34 + (Wed, 22 Jun 2016) New Revision: 42710 Modified: data/CVE/list Log: CVE-2016-2226: Mark vulnerability as no-dsa for Wheezy Modified: data/CVE/list === --- data/CVE/list 2016-06-22

[Secure-testing-commits] r42741 - data

Author: apo Date: 2016-06-23 13:43:35 + (Thu, 23 Jun 2016) New Revision: 42741 Modified: data/dla-needed.txt Log: Add pidgin to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-23 08:21:22 UTC

[Secure-testing-commits] r42755 - data

Author: apo Date: 2016-06-23 17:25:42 + (Thu, 23 Jun 2016) New Revision: 42755 Modified: data/dla-needed.txt Log: Add phpmyadmin to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-23 16:59:44

[Secure-testing-commits] r42790 - in data: . DLA

+51,6 @@ -- mat -- -mysql-connector-java (Markus Koschany) --- nss (Emilio Pozuelo) NOTE: Not 100% this applies to wheezy yet; can't find the changeset and the diff between NSS 3.22 and 3.23 is very large. -- ___ Secure-testing-commits mailing

[Secure-testing-commits] r42806 - data/CVE

Author: apo Date: 2016-06-26 18:00:14 + (Sun, 26 Jun 2016) New Revision: 42806 Modified: data/CVE/list Log: CVE-2016-3092: Tomcat 6 is not affected Modified: data/CVE/list === --- data/CVE/list 2016-06-26 14:01:44 UTC

[Secure-testing-commits] r42807 - data

=== --- data/dla-needed.txt 2016-06-26 18:00:14 UTC (rev 42806) +++ data/dla-needed.txt 2016-06-26 18:01:41 UTC (rev 42807) @@ -103,8 +103,6 @@ -- tiff3 -- -tomcat6 (Markus Koschany) --- tomcat7 (Markus Koschany) -- wget (Thorsten Alteholz) ___ Secure

[Secure-testing-commits] r42808 - in data: . DLA

42808) @@ -36,8 +36,6 @@ -- libarchive (Markus Koschany) -- -libcommons-fileupload-java (Markus Koschany) --- libgd2 (Thorsten Alteholz) -- libjackson-json-java ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org

[Secure-testing-commits] r42809 - in data: . DLA

) @@ -101,8 +101,6 @@ -- tiff3 -- -tomcat7 (Markus Koschany) --- wget (Thorsten Alteholz) -- wireshark (Balint Reczey) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman

[Secure-testing-commits] r42810 - data/DLA

Author: apo Date: 2016-06-26 19:22:55 + (Sun, 26 Jun 2016) New Revision: 42810 Modified: data/DLA/list Log: Reserve DLA-530-1 for java-common Modified: data/DLA/list === --- data/DLA/list 2016-06-26 18:05:39 UTC (rev 428

[Secure-testing-commits] r42924 - in data: . CVE

Author: apo Date: 2016-06-30 18:33:36 + (Thu, 30 Jun 2016) New Revision: 42924 Modified: data/CVE/list data/dla-needed.txt Log: CVE-2015-5211: Mark as no-dsa for Wheezy and remove libspring-java and libjackson-json-java from dla-needed.txt Modified: data/CVE/list =

[Secure-testing-commits] r42928 - in data: . DLA

x27;s notes. NOTE: Maintainer's answer: https://lists.debian.org/msgid-search/878tzv6pru@mid.deneb.enyo.de -- -roundcube (Markus Koschany) --- ruby-actionpack-3.2 (Guido Günther) NOTE: help appreciated from s.b. knowing active{re

[Secure-testing-commits] r42964 - data/CVE

Author: apo Date: 2016-07-01 17:14:36 + (Fri, 01 Jul 2016) New Revision: 42964 Modified: data/CVE/list Log: CVE-2015-8916: Mark as not-affected for Wheezy CVE is not reproducible in Wheezy with reproducer from https://github.com/libarchive/libarchive/issues/504 but the issue can be trigger

[Secure-testing-commits] r42966 - data/CVE

Author: apo Date: 2016-07-01 18:55:52 + (Fri, 01 Jul 2016) New Revision: 42966 Modified: data/CVE/list Log: CVE-2015-8917: Add link to patch Modified: data/CVE/list === --- data/CVE/list 2016-07-01 18:09:57 UTC (rev 429

[Secure-testing-commits] r42968 - data/CVE

Author: apo Date: 2016-07-01 19:50:25 + (Fri, 01 Jul 2016) New Revision: 42968 Modified: data/CVE/list Log: CVE-2015-8918: Mark as not-affected for Wheezy Issue is not reproducible with Wheezy's version of bsdtar. Modified: data/CVE/list ==

[Secure-testing-commits] r42971 - data/CVE

Author: apo Date: 2016-07-01 20:32:14 + (Fri, 01 Jul 2016) New Revision: 42971 Modified: data/CVE/list Log: CVE-2015-8919: Add link to patch Modified: data/CVE/list === --- data/CVE/list 2016-07-01 19:53:08 UTC (rev 429

[Secure-testing-commits] r42973 - data/CVE

Author: apo Date: 2016-07-01 21:18:05 + (Fri, 01 Jul 2016) New Revision: 42973 Modified: data/CVE/list Log: CVE-2015-8920: Add link to patch Modified: data/CVE/list === --- data/CVE/list 2016-07-01 21:10:11 UTC (rev 429

[Secure-testing-commits] r42992 - data/CVE

Author: apo Date: 2016-07-03 22:04:59 + (Sun, 03 Jul 2016) New Revision: 42992 Modified: data/CVE/list Log: libarchive: Add more links to patches Modified: data/CVE/list === --- data/CVE/list 2016-07-03 15:53:24 UTC (re

[Secure-testing-commits] r42998 - data/CVE

Author: apo Date: 2016-07-04 14:41:24 + (Mon, 04 Jul 2016) New Revision: 42998 Modified: data/CVE/list Log: roundcube: Link to my additional comments regarding the last security update Modified: data/CVE/list === --- data/CVE

[Secure-testing-commits] r43054 - data/CVE

Author: apo Date: 2016-07-07 16:35:40 + (Thu, 07 Jul 2016) New Revision: 43054 Modified: data/CVE/list Log: Mark CVE-2016-6163 as not-affected in Wheezy Unreproducible, vulnerable fallback functions not present. Modified: data/CVE/list

[Secure-testing-commits] r43055 - data

Author: apo Date: 2016-07-07 17:08:59 + (Thu, 07 Jul 2016) New Revision: 43055 Modified: data/dla-needed.txt Log: Add bind9 to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-07 16:35:40 UTC (

[Secure-testing-commits] r43056 - data

Author: apo Date: 2016-07-07 17:11:22 + (Thu, 07 Jul 2016) New Revision: 43056 Modified: data/dla-needed.txt Log: Add pdns to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-07 17:08:59 UTC (r

[Secure-testing-commits] r43057 - data/CVE

Author: apo Date: 2016-07-07 17:12:57 + (Thu, 07 Jul 2016) New Revision: 43057 Modified: data/CVE/list Log: CVE-2016-6170: Add links to proposed patches Modified: data/CVE/list === --- data/CVE/list 2016-07-07 17:11:22

[Secure-testing-commits] r43094 - data/CVE

Author: apo Date: 2016-07-10 16:11:14 + (Sun, 10 Jul 2016) New Revision: 43094 Modified: data/CVE/list Log: Mark trn as not-supported in Wheezy. non-free, removed from Debian, no upstream support see #830294 Modified: data/CVE/list

[Secure-testing-commits] r43095 - in data: . CVE

Author: apo Date: 2016-07-10 16:26:09 + (Sun, 10 Jul 2016) New Revision: 43095 Modified: data/CVE/list data/dla-needed.txt Log: Remove no-dsa tag from CVE-2016-5240 and CVE-2016-5241 and add graphicsmagick to dla-needed.txt since we want to fix even minor issues Modified: data/CVE/lis

[Secure-testing-commits] r43096 - data

Author: apo Date: 2016-07-10 16:35:31 + (Sun, 10 Jul 2016) New Revision: 43096 Modified: data/dla-needed.txt Log: Add drupal7 to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-10 16:26:09 UTC

[Secure-testing-commits] r43097 - data/CVE

Author: apo Date: 2016-07-10 16:36:54 + (Sun, 10 Jul 2016) New Revision: 43097 Modified: data/CVE/list Log: Remove no-dsa tag from CVE-2015-7943, drupal7. Modified: data/CVE/list === --- data/CVE/list 2016-07-10 16:35:3

[Secure-testing-commits] r43329 - in data: . DLA

: data/dla-needed.txt === --- data/dla-needed.txt 2016-07-21 04:44:21 UTC (rev 43328) +++ data/dla-needed.txt 2016-07-21 05:48:32 UTC (rev 43329) @@ -32,8 +32,6 @@ -- kde4libs -- -libarchive (Markus Koschany) --- libgd2 (Thorsten

[Secure-testing-commits] r43475 - data/CVE

Author: apo Date: 2016-07-25 23:57:37 + (Mon, 25 Jul 2016) New Revision: 43475 Modified: data/CVE/list Log: Wheezy is not affected by CVE-2016-5833 column_title function not present Modified: data/CVE/list === --- data/CVE/l

[Secure-testing-commits] r43476 - data

UTC (rev 43475) +++ data/dla-needed.txt 2016-07-26 00:26:56 UTC (rev 43476) @@ -119,7 +119,7 @@ -- tiff3 -- -uclibc +uclibc (Markus Koschany) -- wordpress (Markus Koschany) -- ___ Secure-testing-commits mailing list Secure-testing-commits

[Secure-testing-commits] r43485 - in data: . DLA

(rev 43485) @@ -119,8 +119,6 @@ -- tiff3 -- -uclibc (Markus Koschany) --- wordpress (Markus Koschany) -- xen (Brian May) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin

[Secure-testing-commits] r43486 - data

(rev 43485) +++ data/dla-needed.txt 2016-07-26 09:37:55 UTC (rev 43486) @@ -22,9 +22,8 @@ NOTE: 20160529, no fix yet NOTE: 20160618, still no fix -- -gosa (Mike Gabriel) - NOTE: .debdiff sent to the Security Team, waiting for feedback - NOTE: asked about jessie status (seb) +gosa (Markus

[Secure-testing-commits] r43492 - data/CVE

Author: apo Date: 2016-07-26 13:30:38 + (Tue, 26 Jul 2016) New Revision: 43492 Modified: data/CVE/list Log: CVE-2014-9760 is fixed in Gosa (Wheezy) 0003_xss-vulnerability-on-login-screen.patch has been applied since 2014 Modified: data/CVE/list ===

[Secure-testing-commits] r43493 - in data: . DLA

: 20160529, no fix yet NOTE: 20160618, still no fix -- -gosa (Markus Koschany) - NOTE: Take gosa and get the upload done because Mike hasn't responded to my last e-mail. --- icedove (Guido Günther) -- icu (Roberto C. Sánchez) ___ Secure-te

[Secure-testing-commits] r43551 - data

-needed.txt 2016-07-28 09:10:10 UTC (rev 43550) +++ data/dla-needed.txt 2016-07-28 09:42:54 UTC (rev 43551) @@ -31,6 +31,8 @@ -- kde4libs (Balint Reczey) -- +libdbd-mysql-perl (Markus Koschany) +-- libical NOTE: issues are currently not public, but https://marc.info/?l=oss-security&m=14668593151

[Secure-testing-commits] r43553 - data/CVE

Author: apo Date: 2016-07-28 11:53:24 + (Thu, 28 Jul 2016) New Revision: 43553 Modified: data/CVE/list Log: Add some notes about CVE-2016-5836 Modified: data/CVE/list === --- data/CVE/list 2016-07-28 11:30:38 UTC (rev 4

[Secure-testing-commits] r43612 - in data: . DLA

:58:48 UTC (rev 43611) +++ data/dla-needed.txt 2016-07-29 15:48:04 UTC (rev 43612) @@ -126,8 +126,6 @@ wireshark NOTE: I guess this will be done by Balint -- -wordpress (Markus Koschany) --- xen (Brian May) Update prepared by credativ ready here: https://people.debian.org/~zobel/xen-lts

[Secure-testing-commits] r43616 - data/DLA

Author: apo Date: 2016-07-29 16:41:20 + (Fri, 29 Jul 2016) New Revision: 43616 Modified: data/DLA/list Log: wordpress update: Fix typo with CVE-2016-5837 Modified: data/DLA/list === --- data/DLA/list 2016-07-29 16:21:21

[Secure-testing-commits] r43645 - in data: . DLA

) @@ -22,8 +22,6 @@ -- imagemagick (Ben Hutchings) -- -libdbd-mysql-perl (Markus Koschany) --- libical NOTE: issues are currently not public, but https://marc.info/?l=oss-security&m=146685931517961&w=2 claims ___ Secure-testing-commits

[Secure-testing-commits] r43687 - data

Author: apo Date: 2016-08-01 07:41:02 + (Mon, 01 Aug 2016) New Revision: 43687 Modified: data/dla-needed.txt Log: Add wordpress to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-08-01 05:11:02 U

[Secure-testing-commits] r43688 - data

Author: apo Date: 2016-08-01 08:04:42 + (Mon, 01 Aug 2016) New Revision: 43688 Modified: data/dla-needed.txt Log: Add libsys-syslog-perl to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-08-01 0

[Secure-testing-commits] r43689 - data

Author: apo Date: 2016-08-01 08:09:58 + (Mon, 01 Aug 2016) New Revision: 43689 Modified: data/dla-needed.txt Log: Add mysql-5.5 to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-08-01 08:04:42 U

[Secure-testing-commits] r43691 - data

Author: apo Date: 2016-08-01 09:44:49 + (Mon, 01 Aug 2016) New Revision: 43691 Modified: data/dla-needed.txt Log: Clarify status of mysql-5.5 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-08-01 08:30:07 UTC (

[Secure-testing-commits] r43694 - data/DLA

Author: apo Date: 2016-08-01 10:24:30 + (Mon, 01 Aug 2016) New Revision: 43694 Modified: data/DLA/list Log: Fix DLA number for graphite2 Modified: data/DLA/list === --- data/DLA/list 2016-08-01 09:50:42 UTC (rev 43693)

[Secure-testing-commits] r43695 - in data: . CVE

Author: apo Date: 2016-08-01 10:33:54 + (Mon, 01 Aug 2016) New Revision: 43695 Modified: data/CVE/list data/dla-needed.txt Log: Mark CVE-2016-127 as no-dsa for Wheezy "Vulnerable" code is present but upstream says it works as intended. Will however improve the documentation in futur

[Secure-testing-commits] r43696 - data

UTC (rev 43695) +++ data/dla-needed.txt 2016-08-01 12:15:34 UTC (rev 43696) @@ -104,7 +104,7 @@ NOTE: 20160626, there are new vulnerabilities, Emilio Pozuelo Monfort forwarded them upstream NOTE: 20160729, some vulnerabilities fixed, many still unfixed -- -tiff3 +tiff3 (Markus Koschany

[Secure-testing-commits] r43737 - data

Author: apo Date: 2016-08-03 08:49:35 + (Wed, 03 Aug 2016) New Revision: 43737 Modified: data/dla-needed.txt Log: Add squid to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-08-03 08:34:13 UTC (

[Secure-testing-commits] r43738 - data/CVE

Author: apo Date: 2016-08-03 09:01:41 + (Wed, 03 Aug 2016) New Revision: 43738 Modified: data/CVE/list Log: CVE-2016-5419: Add link to patch Modified: data/CVE/list === --- data/CVE/list 2016-08-03 08:49:35 UTC (rev 437

[Secure-testing-commits] r43739 - data/CVE

Author: apo Date: 2016-08-03 09:03:35 + (Wed, 03 Aug 2016) New Revision: 43739 Modified: data/CVE/list Log: CVE-2016-5420: Add link to patch Modified: data/CVE/list === --- data/CVE/list 2016-08-03 09:01:41 UTC (rev 437

[Secure-testing-commits] r43740 - data/CVE

Author: apo Date: 2016-08-03 09:07:23 + (Wed, 03 Aug 2016) New Revision: 43740 Modified: data/CVE/list Log: CVE-2016-5421: Add link to patch. Mark Wheezy as not-affected Modified: data/CVE/list === --- data/CVE/list 201

[Secure-testing-commits] r43741 - data

Author: apo Date: 2016-08-03 09:07:51 + (Wed, 03 Aug 2016) New Revision: 43741 Modified: data/dla-needed.txt Log: Add curl to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-08-03 09:07:23 UTC (r

[Secure-testing-commits] r43760 - data

(rev 43759) +++ data/dla-needed.txt 2016-08-04 08:46:20 UTC (rev 43760) @@ -11,7 +11,7 @@ -- asterisk (Thorsten Alteholz) -- -curl +curl (Markus Koschany) -- erlang NOTE: recheck, maybe it is enough to just blacklist HTTP_PROXY in mod_cgi

[Secure-testing-commits] r43761 - data/DLA

Author: apo Date: 2016-08-04 08:47:45 + (Thu, 04 Aug 2016) New Revision: 43761 Modified: data/DLA/list Log: Reserve DLA-585-1 for firefox-esr Modified: data/DLA/list === --- data/DLA/list 2016-08-04 08:46:20 UTC (rev 437

[Secure-testing-commits] r43764 - data/CVE

Author: apo Date: 2016-08-04 09:37:52 + (Thu, 04 Aug 2016) New Revision: 43764 Modified: data/CVE/list Log: CVE-2016-6301: no-dsa for Busybox because NTP server not enabled by default Modified: data/CVE/list === --- data/CVE/

[Secure-testing-commits] r43767 - in data: . DLA

=== --- data/dla-needed.txt 2016-08-04 12:27:01 UTC (rev 43766) +++ data/dla-needed.txt 2016-08-04 15:54:50 UTC (rev 43767) @@ -11,8 +11,6 @@ -- asterisk (Thorsten Alteholz) -- -curl (Markus Koschany) --- erlang NOTE: recheck, maybe it is enough to just blacklist HTTP_PROXY in mod_cgi

[Secure-testing-commits] r43807 - data

Author: apo Date: 2016-08-06 10:25:00 + (Sat, 06 Aug 2016) New Revision: 43807 Modified: data/dla-needed.txt Log: Add mupdf to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-08-06 10:07:59 UTC (

[Secure-testing-commits] r44201 - data

-08-28 18:07:23 UTC (rev 44200) +++ data/dla-needed.txt 2016-08-28 18:27:45 UTC (rev 44201) @@ -42,6 +42,10 @@ -- mingw32 (Stephen Kitt) -- +openjdk-6 (Markus Koschany) +-- +openjdk-7 (Markus Koschany) +-- openssl NOTE: For CVE-2016-2177, some parts of the upstream patch do not apply NOTE

[Secure-testing-commits] r44202 - data

UTC (rev 44201) +++ data/dla-needed.txt 2016-08-28 18:30:33 UTC (rev 44202) @@ -42,10 +42,6 @@ -- mingw32 (Stephen Kitt) -- -openjdk-6 (Markus Koschany) --- -openjdk-7 (Markus Koschany) --- openssl NOTE: For CVE-2016-2177, some parts of the upstream patch do not apply NOTE: because the

[Secure-testing-commits] r44312 - data/CVE

Author: apo Date: 2016-09-04 19:03:59 + (Sun, 04 Sep 2016) New Revision: 44312 Modified: data/CVE/list Log: CVE-2010-2596: fixed in Stretch Add link to patch for Wheezy and Jessie Modified: data/CVE/list === --- data/CVE/lis

[Secure-testing-commits] r44313 - data/CVE

Author: apo Date: 2016-09-04 19:08:34 + (Sun, 04 Sep 2016) New Revision: 44313 Modified: data/CVE/list Log: CVE-2013-1961 will be fixed in Wheezy (tiff3) Modified: data/CVE/list === --- data/CVE/list 2016-09-04 19:03:59

[Secure-testing-commits] r44314 - in data: . DLA

2016-09-04 19:10:32 UTC (rev 44314) @@ -71,8 +71,6 @@ -- tiff (Emilio Pozuelo) -- -tiff3 (Markus Koschany) --- tomcat6 (Markus Koschany) -- tomcat7 (Markus Koschany) ___ Secure-testing-commits mailing list Secure-testing-commits

[Secure-testing-commits] r44318 - data/DLA

Author: apo Date: 2016-09-04 19:50:05 + (Sun, 04 Sep 2016) New Revision: 44318 Modified: data/DLA/list Log: Also mark CVE-2016-6223 as fixed in Wheezy (tiff3) Modified: data/DLA/list === --- data/DLA/list 2016-09-04 19:

[Secure-testing-commits] r44319 - data/CVE

Author: apo Date: 2016-09-04 19:57:28 + (Sun, 04 Sep 2016) New Revision: 44319 Modified: data/CVE/list Log: CVE-2010-2596: Clarify fixed version in Stretch. Modified: data/CVE/list === --- data/CVE/list 2016-09-04 19:50

[Secure-testing-commits] r44320 - data/CVE

Author: apo Date: 2016-09-04 20:47:50 + (Sun, 04 Sep 2016) New Revision: 44320 Modified: data/CVE/list Log: CVE-2016-3634, CVE-2016-3633, CVE-2016-3632, CVE-2016-3631 won't be fixed by upstream. Marked as wontfix because those tools will be removed upstream. No patch available. Minor issu

[Secure-testing-commits] r44322 - data/CVE

Author: apo Date: 2016-09-04 20:52:05 + (Sun, 04 Sep 2016) New Revision: 44322 Modified: data/CVE/list Log: Clarify status of CVE-2016-5102. Modified: data/CVE/list === --- data/CVE/list 2016-09-04 20:51:27 UTC (rev 443

[Secure-testing-commits] r44323 - data/CVE

Author: apo Date: 2016-09-04 21:00:10 + (Sun, 04 Sep 2016) New Revision: 44323 Modified: data/CVE/list Log: Clarify status for CVE-2015-7554 Modified: data/CVE/list === --- data/CVE/list 2016-09-04 20:52:05 UTC (rev 443

[Secure-testing-commits] r44324 - data/CVE

Author: apo Date: 2016-09-04 21:03:42 + (Sun, 04 Sep 2016) New Revision: 44324 Modified: data/CVE/list Log: Clarify status of CVE-2015-8668 Modified: data/CVE/list === --- data/CVE/list 2016-09-04 21:00:10 UTC (rev 4432

[Secure-testing-commits] r44325 - data/CVE

Author: apo Date: 2016-09-04 21:08:27 + (Sun, 04 Sep 2016) New Revision: 44325 Modified: data/CVE/list Log: Clarify status of CVE-2016-5319 Modified: data/CVE/list === --- data/CVE/list 2016-09-04 21:03:42 UTC (rev 4432

[Secure-testing-commits] r44371 - data

:09 UTC (rev 44370) +++ data/dla-needed.txt 2016-09-06 15:32:40 UTC (rev 44371) @@ -75,6 +75,6 @@ -- tomcat7 (Markus Koschany) -- -wordpress +wordpress (Markus Koschany) NOTE: Proposed patch for CVE-2015-8834 doesn't seem to work for Wheezy. DB upgrade

[Secure-testing-commits] r44530 - data

(rev 44529) +++ data/dla-needed.txt 2016-09-12 20:31:34 UTC (rev 44530) @@ -77,6 +77,9 @@ -- tiff (Emilio Pozuelo) -- +tiff3 + NOTE: 20160912: Open reproducible issues. No patches available. +-- tomcat6 (Markus Koschany) -- tomcat7 (Markus Koschany

[Secure-testing-commits] r44533 - data

Author: apo Date: 2016-09-12 20:47:52 + (Mon, 12 Sep 2016) New Revision: 44533 Modified: data/dla-needed.txt Log: Add mysql-5.5 to dla-needed.txt. Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-09-12 20:38:45

[Secure-testing-commits] r44552 - data/CVE

Author: apo Date: 2016-09-13 12:10:15 + (Tue, 13 Sep 2016) New Revision: 44552 Modified: data/CVE/list Log: Mark CVE-2016-3088 as fixed in unstable. Modified: data/CVE/list === --- data/CVE/list 2016-09-13 12:02:08 UTC

[Secure-testing-commits] r44565 - data

Author: apo Date: 2016-09-13 19:21:33 + (Tue, 13 Sep 2016) New Revision: 44565 Modified: data/dla-needed.txt Log: Add libarchive to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-09-13 18:35:40

[Secure-testing-commits] r44606 - in data: . DLA

: 20160912: Open reproducible issues. No patches available. -- -tomcat6 (Markus Koschany) --- tomcat7 (Markus Koschany) -- wireshark (Balint Reczey) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http

[Secure-testing-commits] r44607 - in data: . DLA

: 20160912: Open reproducible issues. No patches available. -- -tomcat7 (Markus Koschany) --- wireshark (Balint Reczey) -- wordpress (Markus Koschany) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http

[Secure-testing-commits] r44609 - data

Author: apo Date: 2016-09-15 15:46:55 + (Thu, 15 Sep 2016) New Revision: 44609 Modified: data/dla-needed.txt Log: Add curl to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-09-15 15:10:53 UTC (r

[Secure-testing-commits] r44611 - data

Author: apo Date: 2016-09-15 16:00:57 + (Thu, 15 Sep 2016) New Revision: 44611 Modified: data/dla-needed.txt Log: Add dropbear to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-09-15 15:59:10 UT

[Secure-testing-commits] r44612 - data/CVE

Author: apo Date: 2016-09-15 16:13:52 + (Thu, 15 Sep 2016) New Revision: 44612 Modified: data/CVE/list Log: mantis: CVE-2016-6837, no-dsa, unsupported Modified: data/CVE/list === --- data/CVE/list 2016-09-15 16:00:57 UT

[Secure-testing-commits] r44617 - data/CVE

Author: apo Date: 2016-09-15 17:51:34 + (Thu, 15 Sep 2016) New Revision: 44617 Modified: data/CVE/list Log: CVE-2016-6837: end-of-life Modified: data/CVE/list === --- data/CVE/list 2016-09-15 17:43:58 UTC (rev 44616) ++

[Secure-testing-commits] r44674 - data/CVE

Author: apo Date: 2016-09-17 09:59:17 + (Sat, 17 Sep 2016) New Revision: 44674 Modified: data/CVE/list Log: wordpress: Add more links and information regarding Wheezy Modified: data/CVE/list === --- data/CVE/list 2016-0

[Secure-testing-commits] r44676 - data/CVE

Author: apo Date: 2016-09-17 12:07:41 + (Sat, 17 Sep 2016) New Revision: 44676 Modified: data/CVE/list Log: bash: CVE-2016-0634: Mark as no-dsa because /etc/hosts and /etc/hostname are controlled by root. icu: CVE-2016-7415: Disputed if this is a bug in icu. Mainly an issue in PHP. Modi

[Secure-testing-commits] r44677 - data

UTC (rev 44676) +++ data/dla-needed.txt 2016-09-17 13:45:57 UTC (rev 44677) @@ -24,6 +24,8 @@ -- imagemagick (Ben Hutchings) -- +jackrabbit (Markus Koschany) +-- libarchive (Emilio Pozuelo) -- libav (Hugo Lefeuvre) ___ Secure-testing-commits

[Secure-testing-commits] r44678 - data/CVE

Author: apo Date: 2016-09-17 14:00:48 + (Sat, 17 Sep 2016) New Revision: 44678 Modified: data/CVE/list Log: CVE-2016-7410: dwarfutils not-affected in Wheezy and Jessie The reproducer shows no errors with Valgrind. The version in Sid appears to be affected though. Modified: data/CVE/list

[Secure-testing-commits] r44696 - data/CVE

Author: apo Date: 2016-09-17 19:38:48 + (Sat, 17 Sep 2016) New Revision: 44696 Modified: data/CVE/list Log: CVE-2016-7410, dwarfutils: Add note for Jessie that dwarfutils in Jessie shows no heap-based overflow with the reproducer which is why the CVE was assigned in the first place. The i

<    3   4   5   6   7   8   9   >