Author: alteholz
Date: 2015-02-28 19:15:10 + (Sat, 28 Feb 2015)
New Revision: 32555
Modified:
data/DLA/list
Log:
e2fsprogs done
Modified: data/DLA/list
===
--- data/DLA/list 2015-02-28 19:08:48 UTC (rev 32554)
+++ data/D
Author: alteholz
Date: 2015-03-01 16:38:42 + (Sun, 01 Mar 2015)
New Revision: 32561
Modified:
data/DLA/list
Log:
bind9 done
Modified: data/DLA/list
===
--- data/DLA/list 2015-03-01 12:40:38 UTC (rev 32560)
+++ data/DLA/l
Author: alteholz
Date: 2015-03-02 20:43:10 + (Mon, 02 Mar 2015)
New Revision: 32591
Modified:
data/CVE/list
Log:
add reference to patch for unace
Modified: data/CVE/list
===
--- data/CVE/list 2015-03-02 20:33:20 UTC (rev
Author: alteholz
Date: 2015-03-03 18:42:38 + (Tue, 03 Mar 2015)
New Revision: 32621
Modified:
data/DLA/list
data/dla-needed.txt
Log:
unace done
Modified: data/DLA/list
===
--- data/DLA/list 2015-03-03 18:24:29 UTC (re
)
+++ data/dla-needed.txt 2015-03-07 13:28:56 UTC (rev 32683)
@@ -55,7 +55,7 @@
libvncserver (Nguyen Cong)
--
mod-gnutls (Thorsten Alteholz)
+--
p7zip
--
php5 (Thorsten Alteholz)
___
Secure-testing-commits mailing list
Secure-testing-commits
Author: alteholz
Date: 2015-03-07 14:39:30 + (Sat, 07 Mar 2015)
New Revision: 32684
Modified:
data/DLA/list
data/dla-needed.txt
Log:
libarchive done
Modified: data/DLA/list
===
--- data/DLA/list 2015-03-07 13:28:56 UT
Author: alteholz
Date: 2015-03-07 16:37:05 + (Sat, 07 Mar 2015)
New Revision: 32691
Modified:
data/DLA/list
Log:
redcloth done
Modified: data/DLA/list
===
--- data/DLA/list 2015-03-07 15:41:37 UTC (rev 32690)
+++ data/DL
Author: alteholz
Date: 2015-03-07 18:10:31 + (Sat, 07 Mar 2015)
New Revision: 32692
Modified:
data/CVE/list
Log:
mark CVE-2011-1716 for xymon as no-dsa, follow the decision of the security
team for Wheezy
Modified: data/CVE/list
Author: alteholz
Date: 2015-03-07 18:47:43 + (Sat, 07 Mar 2015)
New Revision: 32693
Modified:
data/DLA/list
data/dla-needed.txt
Log:
konversation done
Modified: data/DLA/list
===
--- data/DLA/list 2015-03-07 18:10:31
@@
--
linux-2.6
--
-mod-gnutls (Thorsten Alteholz)
---
openssl
Maintainer will take care of it:
http://lists.debian.org/20150309171443.ga6...@roeckx.be
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http
Author: alteholz
Date: 2015-03-14 16:42:21 + (Sat, 14 Mar 2015)
New Revision: 32867
Modified:
data/DLA/list
Log:
libssh2 done
Modified: data/DLA/list
===
--- data/DLA/list 2015-03-14 16:16:42 UTC (rev 32866)
+++ data/DLA
Author: alteholz
Date: 2015-03-14 18:40:08 + (Sat, 14 Mar 2015)
New Revision: 32871
Modified:
data/DLA/list
data/dla-needed.txt
Log:
libextlib-ruby done
Modified: data/DLA/list
===
--- data/DLA/list 2015-03-14 18:21:0
Author: alteholz
Date: 2015-03-14 21:58:32 + (Sat, 14 Mar 2015)
New Revision: 32873
Modified:
data/CVE/list
data/DLA/list
Log:
maybe I mixed up the numbers here
Modified: data/CVE/list
===
--- data/CVE/list 2015-03-14
@@
--
linux (Ben Hutchings)
--
-mactelnet (Thorsten Alteholz)
---
mat (Jonas Meurer)
NOTE: the fix for this issue:
https://security-tracker.debian.org/tracker/TEMP-0826101-4D75EC
is not available yet. It will be available in next upstream release (already
-09-27 17:24:53 UTC (rev 44926)
+++ data/dla-needed.txt 2016-09-27 18:20:48 UTC (rev 44927)
@@ -11,6 +11,8 @@
--
asterisk (Thorsten Alteholz)
--
+bind9 (Thorsten Alteholz)
+--
chicken (Balint Reczey)
NOTE: See report 87twdrpcyx@prune.linuxpenguins.xyz
NOTE: Wheezy probably vulnerable
Author: alteholz
Date: 2016-10-01 15:25:23 + (Sat, 01 Oct 2016)
New Revision: 44958
Modified:
data/CVE/list
Log:
patch for CVE-2016-2115 intentionally removed again
Modified: data/CVE/list
===
--- data/CVE/list 2016-10-0
Author: alteholz
Date: 2016-10-01 15:42:25 + (Sat, 01 Oct 2016)
New Revision: 44959
Modified:
data/dla-needed.txt
Log:
add samba
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-10-01 15:25:23 UTC (rev 44958)
+++
(rev 45075)
@@ -13,8 +13,6 @@
--
bash
--
-bind9 (Thorsten Alteholz)
---
c-ares (Markus Koschany)
--
freeimage
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman
45096)
@@ -92,5 +92,3 @@
tiff3
NOTE: 20160912: Open reproducible issues. No patches available.
--
-zendframework (Thorsten Alteholz)
---
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http
45096)
+++ data/dla-needed.txt 2016-10-05 20:50:53 UTC (rev 45097)
@@ -46,6 +46,8 @@
https://marc.info/?l=oss-security&m=146685931517961&w=2 claims
that 0.47 & 1.0 are affected and wheezy has 0.48.
--
+libxvmc (Thorsten Alteholz)
+--
linux (Ben Hutchings)
--
mat (Jonas Meurer)
@@
UTC (rev 45101)
+++ data/dla-needed.txt 2016-10-06 06:41:18 UTC (rev 45102)
@@ -82,7 +82,7 @@
NOTE: Potentially affected by all qemu CVE-s:
NOTE: https://lists.debian.org/debian-lts/2016/09/msg00014.html
--
-redis (Thorsten Alteholz)
+redis (Chris Lamb)
--
samba
NOTE: patch for CVE-2016
)
+++ data/dla-needed.txt 2016-10-14 17:55:17 UTC (rev 45319)
@@ -55,7 +55,7 @@
--
libxi (Emilio Pozuelo)
--
-libxml2
+libxml2 (Thorsten Alteholz)
--
libxrandr Hugo Lefeuvre)
--
___
Secure-testing-commits mailing list
Secure-testing-commits
17:55:17 UTC (rev 45319)
+++ data/dla-needed.txt 2016-10-14 17:56:59 UTC (rev 45320)
@@ -80,8 +80,6 @@
nss (Ola Lundqvist)
NOTE: No need to contact maintainer, Mike already opted out with firefox-esr
--
-pacemaker (Thorsten Alteholz)
---
php5 (Thorsten Alteholz)
--
phpmyadmin (Ola Lundqvist
)
+++ data/dla-needed.txt 2016-10-16 19:39:34 UTC (rev 45389)
@@ -46,7 +46,7 @@
NOTE: Upstream will provide new point-releases fixing open security issues
in the next months.
NOTE: (See debian-lts ML)
--
-libgd2
+libgd2 (Thorsten Alteholz)
--
libical (Ola Lundqvist)
NOTE: issues are
45436)
@@ -44,8 +44,6 @@
NOTE: Upstream will provide new point-releases fixing open security issues
in the next months.
NOTE: (See debian-lts ML)
--
-libgd2 (Thorsten Alteholz)
---
libical (Ola Lundqvist)
NOTE: issues are currently not public, but
https://marc.info/?l=oss-security&a
+54,6 @@
--
libxtst (Emilio Pozuelo)
--
-libxvmc (Thorsten Alteholz)
---
mingw32 (Stephen Kitt)
--
nspr (Ola Lundqvist)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin
)
+++ data/dla-needed.txt 2016-10-19 20:28:00 UTC (rev 45466)
@@ -27,7 +27,7 @@
irssi
NOTE: rhonda@d.o is preparing an upload.
--
-jasper
+jasper (Thorsten Alteholz)
--
kde-runtime
NOTE: We may not need to update, but I'm leaning toward fixing
CVE-2016-7787, see #8
Author: alteholz
Date: 2016-10-20 14:14:32 + (Thu, 20 Oct 2016)
New Revision: 45477
Modified:
data/embedded-code-copies
Log:
vlc uses embedded copy of ffmpeg
Modified: data/embedded-code-copies
===
--- data/embedded-code-copie
Author: alteholz
Date: 2016-10-20 17:43:21 + (Thu, 20 Oct 2016)
New Revision: 45478
Modified:
data/CVE/list
Log:
add infos about CVE-2016-2848 for bind9
Modified: data/CVE/list
===
--- data/CVE/list 2016-10-20 14:14:32 U
Author: alteholz
Date: 2016-10-20 17:51:10 + (Thu, 20 Oct 2016)
New Revision: 45479
Modified:
data/DLA/list
Log:
Reserve DLA-672-1 for bind9
Modified: data/DLA/list
===
--- data/DLA/list 2016-10-20 17:43:21 UTC (rev 4547
45658)
+++ data/dla-needed.txt 2016-10-27 10:26:42 UTC (rev 45659)
@@ -9,7 +9,7 @@
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
-asterisk (Thorsten Alteholz)
+asterisk
--
dwarfutils
NOTE: New round of CVEs not seemingly covered by DLA 669-1
@@
libwmf (Balint Reczey)
NOTE: Patch is available in bug #842090, probably needs NMU in unstable
--
-libxml2 (Thorsten Alteholz)
---
linux
--
mysql-5.5
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http
-02 06:32:32 UTC (rev 45866)
+++ data/dla-needed.txt 2016-11-02 07:23:11 UTC (rev 45867)
@@ -13,6 +13,8 @@
--
bsdiff
--
+curl (Thorsten Alteholz)
+--
dwarfutils
NOTE: New round of CVEs not seemingly covered by DLA 669-1.
--
___
Secure-testing
)
+++ data/dla-needed.txt 2016-11-02 10:21:07 UTC (rev 45882)
@@ -11,7 +11,7 @@
--
asterisk
--
-bind9
+bind9 (Thorsten Alteholz)
--
bsdiff (Chris Lamb)
NOTE: Maintainer prepared a patch
https://anonscm.debian.org/git/collab-maint/bsdiff.git/log
45892)
+++ data/dla-needed.txt 2016-11-02 19:13:06 UTC (rev 45893)
@@ -18,6 +18,7 @@
NOTE: Jessie has the same upstream version
--
curl (Thorsten Alteholz)
+ NOTE: not all patches seem to be in the final state
--
dwarfutils
NOTE: New round of CVEs not seemingly covered by DLA 669-1
:19 UTC (rev 45910)
@@ -11,8 +11,6 @@
--
asterisk
--
-bind9 (Thorsten Alteholz)
---
bsdiff (Chris Lamb)
NOTE: Maintainer prepared a patch
https://anonscm.debian.org/git/collab-maint/bsdiff.git/log/
NOTE: Jessie has the same upstream version
2016-11-17 21:24:33 UTC (rev 46292)
+++ data/dla-needed.txt 2016-11-17 21:39:20 UTC (rev 46293)
@@ -11,9 +11,6 @@
--
asterisk
--
-curl (Thorsten Alteholz)
- NOTE: not all patches seem to be in the final state
---
dokuwiki
NOTE: upstream marked CVE-2016-7965 as WONTFIX
Author: alteholz
Date: 2016-11-17 21:42:00 + (Thu, 17 Nov 2016)
New Revision: 46294
Modified:
data/CVE/list
Log:
mark CVE-2016-8625 as no-dsa like in Jessie (the fix is too invasive)
Modified: data/CVE/list
===
--- data/CVE/li
Author: alteholz
Date: 2016-11-26 21:47:15 + (Sat, 26 Nov 2016)
New Revision: 46586
Modified:
data/CVE/list
Log:
take care of some jasper issues
Modified: data/CVE/list
===
--- data/CVE/list 2016-11-26 20:02:32 UTC (rev
)
+++ data/dla-needed.txt 2016-11-30 14:52:22 UTC (rev 46660)
@@ -19,7 +19,7 @@
--
gst-plugins-good0.10 (Emilio Pozuelo)
--
-hdf5
+hdf5 (Thorsten Alteholz)
--
icedove (Guido Günther)
--
___
Secure-testing-commits mailing list
Secure-testing-commits
+
+ * Making sure that queries on debian-...@lists.debian.org get an answer.
+
+Who is in charge ?
+--
+
+From 02-01 to 08-01:
+From 09-01 to 15-01:Thorsten Alteholz
+From 16-01 to 22-01:
+From 23-01 to 29-01:
+From 30-01 to 05-02:
+From 06-02 to 12-02:
+From 13-02 to 19-02:
+From 20
/dla-needed.txt 2016-12-10 17:13:13 UTC (rev 46955)
@@ -30,8 +30,6 @@
--
imagemagick
--
-jasper (Thorsten Alteholz)
---
libav (Hugo Lefeuvre)
NOTE: Upstream should provide new point-releases fixing open security issues
in the next months.
NOTE: Lots of CVEs are open, this is going to take
Author: alteholz
Date: 2016-12-10 22:04:01 + (Sat, 10 Dec 2016)
New Revision: 46959
Modified:
data/CVE/list
Log:
marked as no-dsa
Modified: data/CVE/list
===
--- data/CVE/list 2016-12-10 21:10:13 UTC (rev 46958)
+++ data
Author: alteholz
Date: 2016-12-10 22:07:41 + (Sat, 10 Dec 2016)
New Revision: 46960
Modified:
data/CVE/list
Log:
workaround for jasper temporary entry
Modified: data/CVE/list
===
--- data/CVE/list 2016-12-10 22:04:01 UTC
Author: alteholz
Date: 2016-12-10 22:08:16 + (Sat, 10 Dec 2016)
New Revision: 46961
Modified:
data/dla-needed.txt
Log:
there was a jasper upload some minutes ago
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-1
===
--- data/dla-needed.txt 2016-12-16 21:17:39 UTC (rev 47149)
+++ data/dla-needed.txt 2016-12-16 21:44:47 UTC (rev 47150)
@@ -88,8 +88,6 @@
--
otrs2
--
-php5 (Thorsten Alteholz)
---
phpmyadmin (Brian May)
--
potrace
Author: alteholz
Date: 2016-12-16 21:45:17 + (Fri, 16 Dec 2016)
New Revision: 47151
Modified:
data/dla-needed.txt
Log:
there is more todo
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-12-16 21:44:47 UTC (rev 4
47621)
@@ -29,8 +29,6 @@
NOTE: Incomplete/Incorrect fix as per
https://lists.debian.org/debian-lts/2016/12/msg00077.html
NOTE: Subject of announce mail also contained typo (DLA-574-1 vs. DLA-547-1)
--
-hdf5 (Thorsten Alteholz)
---
ikiwiki
NOTE: The maintainer (Simon) think we shall de
)
+++ data/dla-needed.txt 2016-12-31 16:42:34 UTC (rev 47622)
@@ -36,6 +36,8 @@
--
imagemagick (Emilio Pozuelo)
--
+ jasper (Thorsten Alteholz)
+--
libav (Hugo Lefeuvre)
NOTE: Upstream should provide new point-releases fixing open security issues
in the next months.
NOTE: Lots of CVEs are
)
+++ data/dla-needed.txt 2016-12-31 16:42:52 UTC (rev 47623)
@@ -36,7 +36,7 @@
--
imagemagick (Emilio Pozuelo)
--
- jasper (Thorsten Alteholz)
+jasper (Thorsten Alteholz)
--
libav (Hugo Lefeuvre)
NOTE: Upstream should provide new point-releases fixing open security issues
in the next
2017-01-14 22:19:49 UTC (rev 48067)
+++ data/dla-needed.txt 2017-01-14 22:31:19 UTC (rev 48068)
@@ -18,6 +18,8 @@
NOTE: This change is invasive and need extra testing. We should
NOTE: wait until it has been fixed in one of stable and sid.
--
+bind (Thorsten Alteholz)
+--
botan1.10 (Hugo
Author: alteholz
Date: 2017-01-14 22:31:49 + (Sat, 14 Jan 2017)
New Revision: 48069
Modified:
data/dla-needed.txt
Log:
add xen
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-01-14 22:31:19 UTC (rev 48068)
+++ d
Author: alteholz
Date: 2017-01-14 22:35:29 + (Sat, 14 Jan 2017)
New Revision: 48070
Modified:
data/dla-needed.txt
Log:
add wordpress
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-01-14 22:31:49 UTC (rev 48069)
Author: alteholz
Date: 2017-01-15 12:16:53 + (Sun, 15 Jan 2017)
New Revision: 48077
Modified:
data/dla-needed.txt
Log:
chicken
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-01-15 12:15:58 UTC (rev 48076)
+++ d
Author: alteholz
Date: 2017-01-15 12:22:10 + (Sun, 15 Jan 2017)
New Revision: 48078
Modified:
data/CVE/list
Log:
mark CVE-2017-5356 as no-dsa like in jessie
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-15 12:16:
Author: alteholz
Date: 2017-01-15 12:30:36 + (Sun, 15 Jan 2017)
New Revision: 48081
Modified:
data/dla-needed.txt
Log:
add libplist
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-01-15 12:29:25 UTC (rev 48080)
UTC (rev 48081)
+++ data/dla-needed.txt 2017-01-15 12:47:40 UTC (rev 48082)
@@ -18,7 +18,7 @@
NOTE: This change is invasive and need extra testing. We should
NOTE: wait until it has been fixed in one of stable and sid.
--
-bind (Thorsten Alteholz)
+bind9 (Thorsten Alteholz)
--
botan1.10
Author: alteholz
Date: 2017-01-15 16:03:27 + (Sun, 15 Jan 2017)
New Revision: 48085
Modified:
data/CVE/list
Log:
mark lxc CVE as no-dsa like in jessie
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-15 15:57:07 UTC
Author: alteholz
Date: 2017-01-15 16:07:52 + (Sun, 15 Jan 2017)
New Revision: 48086
Modified:
data/CVE/list
Log:
mark qt4-x11 CVE as no-dsa like in jessie
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-15 16:03:27
48374)
+++ data/dla-needed.txt 2017-01-25 14:51:02 UTC (rev 48375)
@@ -120,5 +120,5 @@
NOTE: Dominik George (maintainer) will take care of the issue:
NOTE: https://lists.debian.org/debian-lts/2016/12/msg00135.html
--
-zoneminder
+zoneminder (Thorsten Alteholz
48375)
+++ data/dla-needed.txt 2017-01-25 14:52:01 UTC (rev 48376)
@@ -40,6 +40,7 @@
imagemagick (Guido Günther)
--
jasper (Thorsten Alteholz)
+ NOTE: not really clear what CVEs need to be fixed
--
jbig2dec (Raphaël Hertzog)
NOTE: No known solution as of 2017-01-20
2017-01-29 11:13:51 UTC (rev 48518)
@@ -14,8 +14,6 @@
NOTE: update needs testing in
https://lists.debian.org/87fukh7hcq@curie.anarc.at
NOTE: ready to upload after smoke tests, read the above thread.
--
-bind9 (Thorsten Alteholz)
---
cgiemail
--
calibre
(rev 48519)
@@ -113,5 +113,3 @@
NOTE: Dominik George (maintainer) will take care of the issue:
NOTE: https://lists.debian.org/debian-lts/2016/12/msg00135.html
--
-zoneminder (Thorsten Alteholz)
---
___
Secure-testing-commits mailing list
Secure
Author: alteholz
Date: 2017-01-29 15:18:37 + (Sun, 29 Jan 2017)
New Revision: 48525
Modified:
data/dla-needed.txt
Log:
add note to slurm-llnl
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-01-29 13:22:47 UTC (r
)
+++ data/dla-needed.txt 2017-01-30 10:43:45 UTC (rev 48552)
@@ -39,7 +39,7 @@
NOTE: https://lists.debian.org/debian-lts/2017/01/msg00059.html
--
jasper (Thorsten Alteholz)
- NOTE: not really clear what CVEs need to be fixed
+ NOTE: no upstream fixes yet
--
jbig2dec (Raphaël Hertzog
Author: alteholz
Date: 2017-01-30 19:05:33 + (Mon, 30 Jan 2017)
New Revision: 48566
Modified:
data/CVE/list
Log:
add bug number
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-30 18:57:10 UTC (rev 48565)
+++ data/C
Author: alteholz
Date: 2017-01-30 21:22:09 + (Mon, 30 Jan 2017)
New Revision: 48578
Modified:
data/CVE/list
Log:
according to
https://lists.apple.com/archives/security-announce/2016/Mar/msg5.html this
belongs to Safari
Modified: data/CVE/list
=
Author: alteholz
Date: 2017-01-31 10:48:12 + (Tue, 31 Jan 2017)
New Revision: 48601
Modified:
data/CVE/list
Log:
change check to NOFU
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-31 10:11:31 UTC (rev 48600)
+++
Author: alteholz
Date: 2017-01-31 10:49:50 + (Tue, 31 Jan 2017)
New Revision: 48602
Modified:
data/CVE/list
Log:
change check to NOFU
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-31 10:48:12 UTC (rev 48601)
+++
Author: alteholz
Date: 2017-01-31 11:24:18 + (Tue, 31 Jan 2017)
New Revision: 48603
Modified:
data/CVE/list
Log:
TODO for CVE-2011-4076 done
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-31 10:49:50 UTC (rev 4860
Author: alteholz
Date: 2017-01-31 11:42:16 + (Tue, 31 Jan 2017)
New Revision: 48605
Modified:
data/CVE/list
Log:
first version in unstable containing the fix
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-31 11:40
Author: alteholz
Date: 2017-01-31 18:37:33 + (Tue, 31 Jan 2017)
New Revision: 48625
Modified:
data/CVE/list
Log:
mark some Microsoft issues as NOT-FOR-US:
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-31 18:14:40
)
+++ data/dla-needed.txt 2017-01-31 21:13:45 UTC (rev 48634)
@@ -14,7 +14,7 @@
NOTE: update needs testing in
https://lists.debian.org/87fukh7hcq@curie.anarc.at
NOTE: ready to upload after smoke tests, read the above thread.
--
-bitlbee
+bitlbee (Thorsten Alteholz)
--
calibre
NOTE
Author: alteholz
Date: 2017-02-04 18:15:07 + (Sat, 04 Feb 2017)
New Revision: 48712
Modified:
data/CVE/list
Log:
Microsoft CLFS is NOFU
Modified: data/CVE/list
===
--- data/CVE/list 2017-02-04 17:45:19 UTC (rev 48711)
++
Author: alteholz
Date: 2017-02-04 18:43:06 + (Sat, 04 Feb 2017)
New Revision: 48713
Modified:
data/CVE/list
Log:
Microsoft OWA is NOFU
Modified: data/CVE/list
===
--- data/CVE/list 2017-02-04 18:15:07 UTC (rev 48712)
+++
Author: alteholz
Date: 2017-02-04 18:45:49 + (Sat, 04 Feb 2017)
New Revision: 48714
Modified:
data/CVE/list
Log:
Microsoft Excel is NOFU
Modified: data/CVE/list
===
--- data/CVE/list 2017-02-04 18:43:06 UTC (rev 48713)
+
Author: alteholz
Date: 2017-02-04 18:51:33 + (Sat, 04 Feb 2017)
New Revision: 48715
Modified:
data/CVE/list
Log:
Microsoft NFUs
Modified: data/CVE/list
===
--- data/CVE/list 2017-02-04 18:45:49 UTC (rev 48714)
+++ data/C
)
+++ data/dla-needed.txt 2017-02-10 18:52:03 UTC (rev 48838)
@@ -14,7 +14,7 @@
NOTE: update needs testing in
https://lists.debian.org/87fukh7hcq@curie.anarc.at
NOTE: ready to upload after smoke tests, read the above thread.
--
-bind9
+bind9 (Thorsten Alteholz)
--
bitlbee (Thorsten
49073)
@@ -16,8 +16,6 @@
--
bind9 (Thorsten Alteholz)
--
-bitlbee (Thorsten Alteholz)
---
calibre
NOTE: We will need to investigate the issue much further.
NOTE: In particular, it seems likely that there are more undocumented but
___
Secure
Author: alteholz
Date: 2017-02-20 19:04:47 + (Mon, 20 Feb 2017)
New Revision: 49075
Modified:
data/CVE/list
Log:
mark CVE-2017-5969 as no-dsa like in Jessie and fix typo
Modified: data/CVE/list
===
--- data/CVE/list 2017
Author: alteholz
Date: 2017-02-20 21:05:54 + (Mon, 20 Feb 2017)
New Revision: 49082
Modified:
data/dla-needed.txt
Log:
libxml2 is no longer needed
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-02-20 20:33:22 U
Author: alteholz
Date: 2017-02-21 07:11:57 + (Tue, 21 Feb 2017)
New Revision: 49092
Modified:
data/packages/lts-do-not-call
Log:
no need to ask maintainer for php5
Modified: data/packages/lts-do-not-call
===
--- data/packages/
Author: alteholz
Date: 2017-02-23 11:31:43 + (Thu, 23 Feb 2017)
New Revision: 49142
Modified:
data/dla-needed.txt
Log:
add munin
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-02-23 11:24:25 UTC (rev 49141)
+++
49170)
+++ data/dla-needed.txt 2017-02-24 10:06:21 UTC (rev 49171)
@@ -78,7 +78,7 @@
NOTE: 2016-12-13: Upstream ping here:
https://rt.cpan.org/Public/Bug/Display.html?id=118097#txn-1690223
NOTE: 2017-01-20: Ping upstream by private email -- Raphael Hertzog
--
-libytnef
+libytnef (Thorsten
Author: alteholz
Date: 2017-02-24 11:19:24 + (Fri, 24 Feb 2017)
New Revision: 49176
Modified:
data/dla-needed.txt
Log:
add xbmc under reserve
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-02-24 11:18:19 UTC (r
Author: alteholz
Date: 2017-02-24 11:28:57 + (Fri, 24 Feb 2017)
New Revision: 49180
Modified:
data/CVE/list
Log:
add note for libytnef fix
Modified: data/CVE/list
===
--- data/CVE/list 2017-02-24 11:26:48 UTC (rev 49179)
Author: alteholz
Date: 2017-02-24 22:21:06 + (Fri, 24 Feb 2017)
New Revision: 49194
Modified:
data/dla-needed.txt
Log:
add radare2
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-02-24 21:10:12 UTC (rev 49193)
+
Author: alteholz
Date: 2017-02-25 12:08:46 + (Sat, 25 Feb 2017)
New Revision: 49206
Modified:
data/packages/lts-do-not-call
Log:
maintainer of radare2 opted out
Modified: data/packages/lts-do-not-call
===
--- data/packages/lts
(rev 49206)
+++ data/dla-needed.txt 2017-02-25 12:11:54 UTC (rev 49207)
@@ -108,7 +108,7 @@
qemu-kvm (Guido Günther)
--
radare2 (Thorsten Alteholz)
- NOTE: according to maintainer, nothing needs to be done, recheck
+ NOTE: the vulnerability still exists, but is just in a different function
49207)
+++ data/dla-needed.txt 2017-02-25 12:48:20 UTC (rev 49208)
@@ -117,6 +117,8 @@
NOTE: from my point of view backporting the introduction of these new
members to this old
NOTE: version is way to invasive and such this should be marked as
--
+tnef (Thorsten Alteholz)
+--
xbmc
NOTE
Author: alteholz
Date: 2017-02-25 15:07:29 + (Sat, 25 Feb 2017)
New Revision: 49213
Modified:
data/dla-needed.txt
Log:
add mupdf
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-02-25 15:00:22 UTC (rev 49212)
+++
(rev 49213)
+++ data/dla-needed.txt 2017-02-25 15:08:09 UTC (rev 49214)
@@ -15,6 +15,7 @@
NOTE: ready to upload after smoke tests, read the above thread.
--
bind9 (Thorsten Alteholz)
+ NOTE: test package at
https://people.debian.org/~alteholz/packages/wheezy-lts/bind9/amd64/
--
calibre
Author: alteholz
Date: 2017-02-25 15:21:30 + (Sat, 25 Feb 2017)
New Revision: 49215
Modified:
data/CVE/list
Log:
add bug number
Modified: data/CVE/list
===
--- data/CVE/list 2017-02-25 15:08:09 UTC (rev 49214)
+++ data/C
to respond
+--
jasper (Thorsten Alteholz)
NOTE: no upstream fixes yet
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
Author: alteholz
Date: 2017-02-25 15:43:59 + (Sat, 25 Feb 2017)
New Revision: 49218
Modified:
data/dla-needed.txt
Log:
add zziplib
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-02-25 15:38:11 UTC (rev 49217)
+
)
--
-radare2 (Thorsten Alteholz)
- NOTE: the vulnerability still exists, but is just in a different function
---
sane-backends (Jörg Frings-Fürst)
--
shadow (Balint Reczey)
___
Secure-testing-commits mailing list
Secure-testing-commits
)
@@ -121,8 +121,6 @@
NOTE: from my point of view backporting the introduction of these new
members to this old
NOTE: version is way to invasive and such this should be marked as
--
-tnef (Thorsten Alteholz)
---
web2py
NOTE: added 2017-02-25, please give maintainer some time to respond
:45 UTC (rev 49315)
@@ -10,9 +10,6 @@
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
-bind9 (Thorsten Alteholz)
- NOTE: test package at
https://people.debian.org/~alteholz/packages/wheezy-lts/bind9/amd64/
---
calibre
NOTE: We will need to investigate the issue much
49423)
+++ data/dla-needed.txt 2017-03-05 22:00:46 UTC (rev 49424)
@@ -96,6 +96,8 @@
--
qemu-kvm (Guido Günther)
--
+radare2 (Thorsten Alteholz)
+--
sane-backends (Jörg Frings-Fürst)
--
slurm-llnl
___
Secure-testing-commits mailing list
Secure
Author: alteholz
Date: 2017-03-15 14:36:16 + (Wed, 15 Mar 2017)
New Revision: 49703
Modified:
data/CVE/list
Log:
according to Ubuntu php5 is affected as well
Modified: data/CVE/list
===
--- data/CVE/list 2017-03-15 12:17
301 - 400 of 800 matches
Mail list logo