[Secure-testing-commits] r53361 - in data: . CVE

@@ libtasn1-3 (Thorsten Alteholz) NOTE: 20170702, no upstream fix yet -- -libtorrent-rasterbar (Thorsten Alteholz) - NOTE: 20170702 sent email to maintainer --- libxml-libxml-perl NOTE: 20170702, no upstream fix yet, so no need to bother maintainer yet, sent email later

[Secure-testing-commits] r53897 - data/packages

Author: alteholz Date: 2017-07-25 12:26:50 + (Tue, 25 Jul 2017) New Revision: 53897 Modified: data/packages/lts-do-not-call Log: add new entry Modified: data/packages/lts-do-not-call === --- data/packages/lts-do-not-call

[Secure-testing-commits] r53903 - data

53902) +++ data/dla-needed.txt 2017-07-25 17:53:12 UTC (rev 53903) @@ -167,7 +167,7 @@ NOTE: reds_on_main_agent_monitors_config does not exist. Unclear how issue NOTE: can be triggered/verified in this version -- -swftools +swftools (Thorsten Alteholz) -- tcpdump NOTE: patch sent upstream

[Secure-testing-commits] r53901 - in data: . DLA

/cgi-bin/bugreport.cgi?bug=858373 NOTE: package available for testing, see 87r2x9rjjt@curie.anarc.at -- -bind9 (Thorsten Alteholz) - NOTE: probably regression introduced in latest upload --- ca-certificates NOTE: 2017-07-19: maintainer will handle the upload, see https

[Secure-testing-commits] r53904 - data

53903) +++ data/dla-needed.txt 2017-07-25 17:59:35 UTC (rev 53904) @@ -156,7 +156,7 @@ rbenv NOTE: .ruby-version is .rbenv-version in wheezy -- -resiprocate +resiprocate (Thorsten Alteholz) -- rkhunter (Thorsten Alteholz) NOTE: 20170702 sent email to maintainer

[Secure-testing-commits] r53917 - in data: . DLA

(rev 53917) @@ -158,9 +158,6 @@ -- resiprocate (Thorsten Alteholz) -- -rkhunter (Thorsten Alteholz) - NOTE: 20170702 sent email to maintainer --- spice NOTE: CVE-2017-7506 already fixed in jessie. Can take patch there. NOTE: (Markus Koschany) Patch from Jessie does not apply. Function

[Secure-testing-commits] r53902 - data

Author: alteholz Date: 2017-07-25 17:52:19 + (Tue, 25 Jul 2017) New Revision: 53902 Modified: data/dla-needed.txt Log: no security issue in pspp Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-07-25 17:33:33

[Secure-testing-commits] r53844 - data

Author: alteholz Date: 2017-07-23 18:00:24 + (Sun, 23 Jul 2017) New Revision: 53844 Modified: data/dla-needed.txt Log: status update Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-07-23 17:58:14 UTC (rev

[Secure-testing-commits] r53841 - data/CVE

Author: alteholz Date: 2017-07-23 17:53:41 + (Sun, 23 Jul 2017) New Revision: 53841 Modified: data/CVE/list Log: add note for fix of CVE-2017-10790 Modified: data/CVE/list === --- data/CVE/list 2017-07-23 14:43:51 UTC

[Secure-testing-commits] r53842 - data

) +++ data/dla-needed.txt 2017-07-23 17:56:06 UTC (rev 53842) @@ -62,12 +62,13 @@ jasper (Thorsten Alteholz) NOTE: 20170629, no patch available for the remaining CVEs yet, pinged upstream NOTE: 20170708: re-pinged upstream (lamby) + NOTE: 20170723, no patches available yet -- jbig2dec

[Secure-testing-commits] r53843 - data

Author: alteholz Date: 2017-07-23 17:58:14 + (Sun, 23 Jul 2017) New Revision: 53843 Modified: data/dla-needed.txt Log: maintainer seems to have no time for this wireshark update Modified: data/dla-needed.txt === ---

[Secure-testing-commits] r53870 - in data: . DLA

: regression update, see: NOTE: https://lists.debian.org/debian-lts/2017/05/msg00012.html -- -libtasn1-3 (Thorsten Alteholz) --- libxml-libxml-perl NOTE: 20170702, no upstream fix yet, so no need to bother maintainer yet, sent email later

[Secure-testing-commits] r53950 - data

(rev 53949) +++ data/dla-needed.txt 2017-07-26 13:41:09 UTC (rev 53950) @@ -165,7 +165,8 @@ NOTE: reds_on_main_agent_monitors_config does not exist. Unclear how issue NOTE: can be triggered/verified in this version -- -swftools (Thorsten Alteholz) +swftools + NOTE: corresponding bugs have been

[Secure-testing-commits] r53951 - data

) +++ data/dla-needed.txt 2017-07-26 13:54:36 UTC (rev 53951) @@ -123,8 +123,7 @@ NOTE: has 8 different bugs fixed. Only 2 reverse dependancies: NOTE: mysql-utilities and mysql-workbench. -- -nasm - NOTE: 20170702 sent email to maintainer +nasm (Thorsten Alteholz) -- ncurses (Emilio Pozuelo

[Secure-testing-commits] r53958 - in data: . DLA

@@ rbenv NOTE: .ruby-version is .rbenv-version in wheezy -- -resiprocate (Thorsten Alteholz) --- spice NOTE: CVE-2017-7506 already fixed in jessie. Can take patch there. NOTE: (Markus Koschany) Patch from Jessie does not apply. Function ___ Secure

[Secure-testing-commits] r53659 - data

) +++ data/dla-needed.txt 2017-07-19 10:10:41 UTC (rev 53659) @@ -14,6 +14,9 @@ NOTE: There was a regression introduced in DLA-841-1 (2.2.22-13+deb7u8) NOTE: See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858373 -- +bind9 (Thorsten Alteholz) + NOTE: probably regression introduced

[Secure-testing-commits] r53032 - data/packages

Author: alteholz Date: 2017-06-30 09:16:42 + (Fri, 30 Jun 2017) New Revision: 53032 Modified: data/packages/lts-do-not-call Log: no need to inform maintainer about update Modified: data/packages/lts-do-not-call === ---

[Secure-testing-commits] r53035 - data

) +++ data/dla-needed.txt 2017-06-30 10:27:56 UTC (rev 53035) @@ -13,6 +13,8 @@ apache2 (Roberto C. Sánchez) NOTE: 20170625, packages ready for upload, request for testing sent to list -- +bind9 (Thorsten Alteholz) +-- boa NOTE: only available in Wheezy and orphaned NOTE: Should probably

[Secure-testing-commits] r53053 - in data: . DLA

@@ NOTE: regression update, see: NOTE: https://lists.debian.org/debian-lts/2017/05/msg00012.html -- -libxml2 (Thorsten Alteholz) - NOTE: 20170629, except one, patches seem to be available now --- libytnef (Thorsten Alteholz) NOTE: 20170629, patches missing

[Secure-testing-commits] r53054 - data

UTC (rev 53053) +++ data/dla-needed.txt 2017-06-30 20:48:04 UTC (rev 53054) @@ -67,6 +67,8 @@ NOTE: regression update, see: NOTE: https://lists.debian.org/debian-lts/2017/05/msg00012.html -- +libxml2 (Thorsten Alteholz) +-- libytnef (Thorsten Alteholz) NOTE: 20170629, patches missing

[Secure-testing-commits] r53110 - data

Author: alteholz Date: 2017-07-02 14:55:37 + (Sun, 02 Jul 2017) New Revision: 53110 Modified: data/dla-needed.txt Log: add poppler Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-07-02 14:55:09 UTC (rev 53109)

[Secure-testing-commits] r53111 - data

Author: alteholz Date: 2017-07-02 14:57:58 + (Sun, 02 Jul 2017) New Revision: 53111 Modified: data/dla-needed.txt Log: add nasm Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-07-02 14:55:37 UTC (rev 53110) +++

[Secure-testing-commits] r53112 - data/CVE

Author: alteholz Date: 2017-07-02 16:54:13 + (Sun, 02 Jul 2017) New Revision: 53112 Modified: data/CVE/list Log: these CVEs do not affect Wheezy Modified: data/CVE/list === --- data/CVE/list 2017-07-02 14:57:58 UTC (rev

[Secure-testing-commits] r53118 - data/packages

Author: alteholz Date: 2017-07-02 17:26:37 + (Sun, 02 Jul 2017) New Revision: 53118 Modified: data/packages/lts-do-not-call Log: add libcrypt11 Modified: data/packages/lts-do-not-call === --- data/packages/lts-do-not-call

[Secure-testing-commits] r53119 - data

Author: alteholz Date: 2017-07-02 17:27:09 + (Sun, 02 Jul 2017) New Revision: 53119 Modified: data/dla-needed.txt Log: add libgcrypt11 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-07-02 17:26:37 UTC (rev

[Secure-testing-commits] r53120 - data

Author: alteholz Date: 2017-07-02 17:27:34 + (Sun, 02 Jul 2017) New Revision: 53120 Modified: data/dla-needed.txt Log: add firefox-esr Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-07-02 17:27:09 UTC (rev

[Secure-testing-commits] r53101 - data

Author: alteholz Date: 2017-07-02 14:15:48 + (Sun, 02 Jul 2017) New Revision: 53101 Modified: data/dla-needed.txt Log: add icedove Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-07-02 14:13:01 UTC (rev 53100)

[Secure-testing-commits] r53108 - data/packages

Author: alteholz Date: 2017-07-02 14:54:46 + (Sun, 02 Jul 2017) New Revision: 53108 Modified: data/packages/lts-do-not-call Log: add poppler Modified: data/packages/lts-do-not-call === --- data/packages/lts-do-not-call

[Secure-testing-commits] r53123 - data

Author: alteholz Date: 2017-07-02 17:49:46 + (Sun, 02 Jul 2017) New Revision: 53123 Modified: data/dla-needed.txt Log: add teamspeak-client Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-07-02 17:46:08 UTC

[Secure-testing-commits] r53107 - data

/indirector/catalog/compiler.rb (line 25), NOTE: 2017-06-01: however I don't know whether pson is the only supported format @@ -117,6 +120,7 @@ NOTE: Patches for minor issues at https://anonscm.debian.org/cgit/users/agx/qemu-kvm.git/log/ -- rkhunter (Thorsten Alteholz) + NOTE: 20170702 sent

[Secure-testing-commits] r53116 - data

Author: alteholz Date: 2017-07-02 17:19:27 + (Sun, 02 Jul 2017) New Revision: 53116 Modified: data/dla-needed.txt Log: add libdbd-mysql-perl Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-07-02 17:17:59 UTC

[Secure-testing-commits] r53115 - data

(rev 53114) +++ data/dla-needed.txt 2017-07-02 17:17:59 UTC (rev 53115) @@ -73,6 +73,9 @@ NOTE: regression update, see: NOTE: https://lists.debian.org/debian-lts/2017/05/msg00012.html -- +libtorrent-rasterbar (Thorsten Alteholz) + NOTE: 20170702 sent email to maintainer +-- libxml2

[Secure-testing-commits] r53121 - data

Author: alteholz Date: 2017-07-02 17:45:39 + (Sun, 02 Jul 2017) New Revision: 53121 Modified: data/dla-needed.txt Log: add faad2 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-07-02 17:27:34 UTC (rev 53120)

[Secure-testing-commits] r53122 - data

Author: alteholz Date: 2017-07-02 17:46:08 + (Sun, 02 Jul 2017) New Revision: 53122 Modified: data/dla-needed.txt Log: add exiv2 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-07-02 17:45:39 UTC (rev 53121)

[Secure-testing-commits] r53100 - data/CVE

Author: alteholz Date: 2017-07-02 14:13:01 + (Sun, 02 Jul 2017) New Revision: 53100 Modified: data/CVE/list Log: mark vlc as eol for wheezy Modified: data/CVE/list === --- data/CVE/list 2017-07-02 14:11:18 UTC (rev

[Secure-testing-commits] r53106 - data

) +++ data/dla-needed.txt 2017-07-02 14:47:08 UTC (rev 53106) @@ -116,6 +116,8 @@ NOTE: Investigating CVE-2017-2633 NOTE: Patches for minor issues at https://anonscm.debian.org/cgit/users/agx/qemu-kvm.git/log/ -- +rkhunter (Thorsten Alteholz) +-- sudo (Antoine Beaupré) NOTE: this is about

[Secure-testing-commits] r53114 - data

(rev 53113) +++ data/dla-needed.txt 2017-07-02 17:14:46 UTC (rev 53114) @@ -75,6 +75,9 @@ -- libxml2 (Thorsten Alteholz) -- +libxml-libxml-perl + NOTE: 20170702, no upstream fix yet, so no need to bother maintainer yet, sent email later +-- libytnef (Thorsten Alteholz) NOTE: 20170629

[Secure-testing-commits] r53104 - data

Author: alteholz Date: 2017-07-02 14:35:13 + (Sun, 02 Jul 2017) New Revision: 53104 Modified: data/dla-needed.txt Log: add openvpn Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-07-02 14:26:00 UTC (rev 53103)

[Secure-testing-commits] r53103 - data

Author: alteholz Date: 2017-07-02 14:26:00 + (Sun, 02 Jul 2017) New Revision: 53103 Modified: data/dla-needed.txt Log: add mpg123 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-07-02 14:21:39 UTC (rev 53102)

[Secure-testing-commits] r53113 - data

Author: alteholz Date: 2017-07-02 16:54:45 + (Sun, 02 Jul 2017) New Revision: 53113 Modified: data/dla-needed.txt Log: openvpn removed again, everything is done Modified: data/dla-needed.txt === --- data/dla-needed.txt

[Secure-testing-commits] r53099 - data/CVE

Author: alteholz Date: 2017-07-02 14:11:18 + (Sun, 02 Jul 2017) New Revision: 53099 Modified: data/CVE/list Log: mark glance as eol for wheezy Modified: data/CVE/list === --- data/CVE/list 2017-07-02 14:07:40 UTC (rev

[Secure-testing-commits] r53102 - data

Author: alteholz Date: 2017-07-02 14:21:39 + (Sun, 02 Jul 2017) New Revision: 53102 Modified: data/dla-needed.txt Log: add libmtp Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-07-02 14:15:48 UTC (rev 53101)

[Secure-testing-commits] r53124 - data

53123) +++ data/dla-needed.txt 2017-07-02 17:51:25 UTC (rev 53124) @@ -87,6 +87,9 @@ NOTE: regression update, see: NOTE: https://lists.debian.org/debian-lts/2017/05/msg00012.html -- +libtasn1-3 (Thorsten Alteholz) + NOTE: 20170702, no upstream fix yet +-- libtorrent-rasterbar (Thorsten Alteholz

[Secure-testing-commits] r53006 - data/CVE

Author: alteholz Date: 2017-06-29 11:34:02 + (Thu, 29 Jun 2017) New Revision: 53006 Modified: data/CVE/list Log: mark matrixssl as eol in Wheezy Modified: data/CVE/list === --- data/CVE/list 2017-06-29 11:30:48 UTC (rev

[Secure-testing-commits] r53008 - data/CVE

Author: alteholz Date: 2017-06-29 11:42:55 + (Thu, 29 Jun 2017) New Revision: 53008 Modified: data/CVE/list Log: mark binutil CVEs as no-dsa Modified: data/CVE/list === --- data/CVE/list 2017-06-29 11:38:26 UTC (rev

[Secure-testing-commits] r53011 - data

:14 UTC (rev 53010) +++ data/dla-needed.txt 2017-06-29 12:10:47 UTC (rev 53011) @@ -39,10 +39,10 @@ NOTE: the maintainer. -- jasper (Thorsten Alteholz) - NOTE: 20170618, no patch available for the remaining CVEs yet, pinged upstream + NOTE: 20170629, no patch available for the remaining CVEs

[Secure-testing-commits] r53007 - data

Author: alteholz Date: 2017-06-29 11:38:26 + (Thu, 29 Jun 2017) New Revision: 53007 Modified: data/dla-needed.txt Log: add tiff Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-06-29 11:34:02 UTC (rev 53006) +++

[Secure-testing-commits] r53010 - data/CVE

Author: alteholz Date: 2017-06-29 11:57:14 + (Thu, 29 Jun 2017) New Revision: 53010 Modified: data/CVE/list Log: mark radare2 CVE as no-dsa Modified: data/CVE/list === --- data/CVE/list 2017-06-29 11:46:05 UTC (rev

[Secure-testing-commits] r53012 - data

Author: alteholz Date: 2017-06-29 12:16:17 + (Thu, 29 Jun 2017) New Revision: 53012 Modified: data/dla-needed.txt Log: add ming Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-06-29 12:10:47 UTC (rev 53011) +++

[Secure-testing-commits] r53009 - data/CVE

Author: alteholz Date: 2017-06-29 11:46:05 + (Thu, 29 Jun 2017) New Revision: 53009 Modified: data/CVE/list Log: mark dwarfutils CVE as no-dsa Modified: data/CVE/list === --- data/CVE/list 2017-06-29 11:42:55 UTC (rev

[Secure-testing-commits] r51084 - data/DLA

Author: alteholz Date: 2017-04-26 20:09:02 + (Wed, 26 Apr 2017) New Revision: 51084 Modified: data/DLA/list Log: reserve DLA for jasper Modified: data/DLA/list === --- data/DLA/list 2017-04-26 20:05:13 UTC (rev 51083)

[Secure-testing-commits] r51007 - in data: . DLA

NOTE: See https://lists.debian.org/debian-lts/2017/03/msg8.html -- -minicom (Thorsten Alteholz) - NOTE: Maintainer contacted at 2017-04-23. --- mp3splt NOTE: 2017-02-28: No patch available. Reproducer doesn't work with Debian NOTE: packages (tested on Stretch, Jessie and Wheezy). It's

[Secure-testing-commits] r51042 - in data: . DLA

(Thorsten Alteholz) -- -botan1.10 (Thorsten Alteholz) - NOTE: Maintainer contacted at 2017-04-23. --- ca-certificates NOTE: maintainer will handle the upload, see https://lists.debian.org/1acb8e97-8c9f-8b54-348c-0c12f53a8...@pbandjelly.org

[Secure-testing-commits] r51156 - data

) +++ data/dla-needed.txt 2017-04-28 17:53:47 UTC (rev 51156) @@ -41,6 +41,8 @@ -- jasper (Thorsten Alteholz) -- +jbig2dec +-- kedpm (Antoine Beaupré) NOTE: no further triage done from ta, please decide on your own -- ___ Secure-testing-commits

[Secure-testing-commits] r51159 - data

Author: alteholz Date: 2017-04-28 18:01:02 + (Fri, 28 Apr 2017) New Revision: 51159 Modified: data/dla-needed.txt Log: add mysql-connector-python Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-04-28 17:59:20

[Secure-testing-commits] r51155 - data

Author: alteholz Date: 2017-04-28 17:39:08 + (Fri, 28 Apr 2017) New Revision: 51155 Modified: data/dla-needed.txt Log: add nss Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-04-28 17:38:23 UTC (rev 51154) +++

[Secure-testing-commits] r51158 - data

(rev 51157) +++ data/dla-needed.txt 2017-04-28 17:59:20 UTC (rev 51158) @@ -42,6 +42,7 @@ jasper (Thorsten Alteholz) -- jbig2dec + NOTE: maintainer contacted 20170428 -- kedpm (Antoine Beaupré) NOTE: no further triage done from ta, please decide on your own @@ -76,6 +77,9 @@ NOTE

[Secure-testing-commits] r51112 - data

Author: alteholz Date: 2017-04-27 17:57:12 + (Thu, 27 Apr 2017) New Revision: 51112 Modified: data/dla-needed.txt Log: add freetype again to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-04-27

[Secure-testing-commits] r51115 - data

) +++ data/dla-needed.txt 2017-04-27 18:07:38 UTC (rev 51115) @@ -41,6 +41,9 @@ -- jasper (Thorsten Alteholz) -- +kedpm (Antoine Beaupré) + NOTE: no further triage done from ta, please decide on your own +-- libav NOTE: Diego Biurrun (from the libav team) is working on patches. NOTE: Some

[Secure-testing-commits] r51114 - data

Author: alteholz Date: 2017-04-27 18:05:13 + (Thu, 27 Apr 2017) New Revision: 51114 Modified: data/dla-needed.txt Log: add ghostscript Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-04-27 18:04:51 UTC (rev

[Secure-testing-commits] r51113 - data/packages

Author: alteholz Date: 2017-04-27 18:04:51 + (Thu, 27 Apr 2017) New Revision: 51113 Modified: data/packages/lts-do-not-call Log: add ghostscript Modified: data/packages/lts-do-not-call === --- data/packages/lts-do-not-call

[Secure-testing-commits] r51171 - data

Author: alteholz Date: 2017-04-29 11:58:40 + (Sat, 29 Apr 2017) New Revision: 51171 Modified: data/dla-needed.txt Log: add linux again Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-04-29 09:10:12 UTC (rev

[Secure-testing-commits] r51173 - data/packages

Author: alteholz Date: 2017-04-29 12:01:10 + (Sat, 29 Apr 2017) New Revision: 51173 Modified: data/packages/lts-do-not-call Log: add packages from Jonas Modified: data/packages/lts-do-not-call === ---

[Secure-testing-commits] r51008 - data

-needed.txt 2017-04-24 19:46:16 UTC (rev 51007) +++ data/dla-needed.txt 2017-04-24 19:56:06 UTC (rev 51008) @@ -18,7 +18,7 @@ -- bind9 (Thorsten Alteholz) -- -botan1.10 +botan1.10 (Thorsten Alteholz) NOTE: Maintainer contacted at 2017-04-23. -- ca-certificates

[Secure-testing-commits] r51175 - data

Author: alteholz Date: 2017-04-29 14:13:29 + (Sat, 29 Apr 2017) New Revision: 51175 Modified: data/dla-needed.txt Log: add gnome-shell Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-04-29 12:04:44 UTC (rev

[Secure-testing-commits] r51177 - data

51176) +++ data/dla-needed.txt 2017-04-29 14:16:47 UTC (rev 51177) @@ -45,7 +45,6 @@ jasper (Thorsten Alteholz) -- jbig2dec - NOTE: maintainer contacted 20170428 -- kedpm (Antoine Beaupré) NOTE: no further triage done from ta, please decide on your own

[Secure-testing-commits] r51176 - data

Author: alteholz Date: 2017-04-29 14:16:04 + (Sat, 29 Apr 2017) New Revision: 51176 Modified: data/dla-needed.txt Log: add mysql-workbench Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-04-29 14:13:29 UTC (rev

[Secure-testing-commits] r54030 - in data: . DLA

UTC (rev 54029) +++ data/dla-needed.txt 2017-07-28 20:10:47 UTC (rev 54030) @@ -81,8 +81,6 @@ -- libgd2 -- -libquicktime (Thorsten Alteholz) --- libraw (Emilio Pozuelo) NOTE: Maintainer contacted 2017-06-05. -- ___ Secure-testing-commits mailing

[Secure-testing-commits] r54029 - in data: . DLA

54029) @@ -121,8 +121,6 @@ NOTE: has 8 different bugs fixed. Only 2 reverse dependancies: NOTE: mysql-utilities and mysql-workbench. -- -nasm (Thorsten Alteholz) --- openexr NOTE: 20170707: Pinged upstream (lamby) -- ___ Secure-testing

[Secure-testing-commits] r54890 - data

54889) +++ data/dla-needed.txt 2017-08-19 15:25:34 UTC (rev 54890) @@ -138,7 +138,7 @@ NOTE: mysql-utilities and mysql-workbench. NOTE: 20170810: Wait for more issues (see ML: https://lists.debian.org/debian-lts/2017/08/msg00039.html) -- -newsbeuter +newsbeuter (Thorsten Alteholz) -- openexr

[Secure-testing-commits] r54889 - data

54888) +++ data/dla-needed.txt 2017-08-19 14:22:34 UTC (rev 54889) @@ -110,8 +110,7 @@ libxml-libxml-perl NOTE: 20170702: no upstream fix yet, so no need to bother maintainer yet, sent email later -- -libxml2 - NOTE: 20170813: no fix yet +libxml2 (Thorsten Alteholz) -- libytnef NOTE

[Secure-testing-commits] r54912 - data

(rev 54911) +++ data/dla-needed.txt 2017-08-20 16:45:38 UTC (rev 54912) @@ -60,7 +60,7 @@ -- gnupg -- -graphicsmagick +graphicsmagick (Thorsten Alteholz) -- imagemagick (Roberto C. Sánchez) NOTE: 20170814, work continues patches up to CVE-2017-12587 backported @@ -98,6 +98,7 @@ NOTE

[Secure-testing-commits] r54913 - in data: . DLA

Lefeuvre) NOTE: https://lists.debian.org/debian-lts/2017/08/msg2.html -- -curl (Thorsten Alteholz) - NOTE: 20170809: Not entirely sure vulnerable, adding just in case. (lamby) --- db NOTE: 20170813: Not sure vulnerable as some of the DB_CONFIG code is missing in env_open.c, but the reporter

[Secure-testing-commits] r54916 - data

54915) +++ data/dla-needed.txt 2017-08-20 16:56:22 UTC (rev 54916) @@ -44,7 +44,7 @@ faad2 NOTE: 20170702, no upstream fix yet, so no need to bother maintainer yet, sent email later -- -fontforge +fontforge (Thorsten Alteholz) -- freeradius NOTE: CVE-2017-10983 is in fr_dhcp_decode since

[Secure-testing-commits] r51643 - data

(rev 51642) +++ data/dla-needed.txt 2017-05-15 12:39:22 UTC (rev 51643) @@ -40,7 +40,7 @@ NOTE: sooner than later. -- jasper (Thorsten Alteholz) - NOTE: 20170510, no patch available for the remaining CVEs yet + NOTE: 20170515, no patch available for the remaining CVEs yet -- jbig2dec

[Secure-testing-commits] r51508 - data

51507) +++ data/dla-needed.txt 2017-05-10 17:50:53 UTC (rev 51508) @@ -46,7 +46,8 @@ jasper (Thorsten Alteholz) NOTE: 20170510, no patch available for the remaining CVEs yet -- -jbig2dec +jbig2dec (Thorsten Alteholz) + NOTE: 20170510, one CVE is missing a patch -- libav NOTE: Diego Biurrun

[Secure-testing-commits] r51455 - in data: . DLA

: Investigating CVE-2017-2633 and CVE-2016-9602 (and related CVEs) NOTE: version fixing cirrus related issues up for testing -- -radicale (Thorsten Alteholz) --- rpcbind (Markus Koschany) -- sane-backends (Jörg Frings-Fürst) ___ Secure-testing-commits

[Secure-testing-commits] r51507 - data

UTC (rev 51506) +++ data/dla-needed.txt 2017-05-10 17:47:56 UTC (rev 51507) @@ -44,7 +44,7 @@ NOTE: sooner than later. -- jasper (Thorsten Alteholz) - NOTE: 20170430, not patch for the remaining CVEs yet + NOTE: 20170510, no patch available for the remaining CVEs yet -- jbig2dec

[Secure-testing-commits] r51655 - data

(rev 51654) +++ data/dla-needed.txt 2017-05-15 18:18:09 UTC (rev 51655) @@ -59,8 +59,7 @@ libpodofo NOTE: maintainer asked for a review -- -libxml2 - NOTE: 2017-05-13: No upstream patch yet. +libxml2 (Thorsten Alteholz) -- linux -- ___ Secure

[Secure-testing-commits] r51664 - in data: . DLA

(rev 51664) @@ -44,9 +44,6 @@ jasper (Thorsten Alteholz) NOTE: 20170515, no patch available for the remaining CVEs yet -- -jbig2dec (Thorsten Alteholz) - NOTE: 20170510, one CVE is missing a patch --- libarchive (Markus Koschany) -- libav

[Secure-testing-commits] r52780 - data

(Thorsten Alteholz) -- eglibc NOTE: Patch available, however not yet applied upstream. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing

[Secure-testing-commits] r52782 - data/CVE

Author: alteholz Date: 2017-06-21 13:25:01 + (Wed, 21 Jun 2017) New Revision: 52782 Modified: data/CVE/list Log: fix typo Modified: data/CVE/list === --- data/CVE/list 2017-06-21 12:49:48 UTC (rev 52781) +++

[Secure-testing-commits] r52778 - data/CVE

Author: alteholz Date: 2017-06-21 12:18:08 + (Wed, 21 Jun 2017) New Revision: 52778 Modified: data/CVE/list Log: mark CVE-2017-5977 as in Wheezy as well Modified: data/CVE/list === --- data/CVE/list 2017-06-21 12:04:40

[Secure-testing-commits] r52759 - in data: . DLA

52758) +++ data/dla-needed.txt 2017-06-20 20:24:04 UTC (rev 52759) @@ -120,10 +120,6 @@ NOTE: this is about https://www.sudo.ws/repos/sudo/raw-rev/15a46f4007dd NOTE: which might well be fixed once more issues piled up -- -swftools (Thorsten Alteholz) - NOTE: 20170618, patches seem

[Secure-testing-commits] r52757 - in data: . DLA

assigned. -- -zziplib (Thorsten Alteholz) --- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r52824 - in data: . DLA

C. Sánchez) -- -c-ares (Thorsten Alteholz) --- ca-certificates NOTE: 2017-03-27: maintainer will handle the upload, see https://lists.debian.org/1acb8e97-8c9f-8b54-348c-0c12f53a8...@pbandjelly.org NOTE: 2017-05-12: Pinged the maintainer -- Raphael Hertzog

[Secure-testing-commits] r52928 - data/CVE

Author: alteholz Date: 2017-06-26 18:07:43 + (Mon, 26 Jun 2017) New Revision: 52928 Modified: data/CVE/list Log: mark lrzip issues as no-dsa like in jessie and stretch Modified: data/CVE/list === --- data/CVE/list

[Secure-testing-commits] r52929 - data

Author: alteholz Date: 2017-06-26 18:10:33 + (Mon, 26 Jun 2017) New Revision: 52929 Modified: data/dla-needed.txt Log: add boa Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-06-26 18:07:43 UTC (rev 52928) +++

[Secure-testing-commits] r51782 - data

Author: alteholz Date: 2017-05-20 14:50:39 + (Sat, 20 May 2017) New Revision: 51782 Modified: data/dla-needed.txt Log: update lzo2 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-05-20 14:27:26 UTC (rev 51781)

[Secure-testing-commits] r51783 - data

-05-20 14:50:39 UTC (rev 51782) +++ data/dla-needed.txt 2017-05-20 14:52:45 UTC (rev 51783) @@ -53,6 +53,8 @@ libxml2 (Thorsten Alteholz) NOTE: 20170519, patches suggested but not accepted -- +libytnef (Thorsten Alteholz) +-- linux -- lzo2

[Secure-testing-commits] r51784 - data

:52:45 UTC (rev 51783) +++ data/dla-needed.txt 2017-05-20 14:58:31 UTC (rev 51784) @@ -15,6 +15,7 @@ NOTE: Currently working on a patch fixing CVE-2017-6960 --Hugo -- bind9 (Thorsten Alteholz) + NOTE: test package at https://people.debian.org/~alteholz/packages/wheezy-lts/bind9/amd64/ -- ca

[Secure-testing-commits] r51781 - in data: . DLA

: EOL. I have already started to look at ESR 52 to anticipate any problems. NOTE: Patches for ESR 52 on wheezy sent to maintainer. -- -icu (Thorsten Alteholz) - NOTE: Update from Roberto C. Sánchez: I have isolated the problem and provided a - NOTE: patch to Thorsten to use to prepare

[Secure-testing-commits] r51840 - data

:55 UTC (rev 51839) +++ data/dla-needed.txt 2017-05-22 17:11:27 UTC (rev 51840) @@ -60,8 +60,6 @@ -- libytnef (Thorsten Alteholz) -- -lintian --- linux -- lrzip ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org

[Secure-testing-commits] r51850 - data

/dla-needed.txt 2017-05-22 20:34:34 UTC (rev 51849) +++ data/dla-needed.txt 2017-05-22 20:35:21 UTC (rev 51850) @@ -53,7 +53,8 @@ libpodofo NOTE: maintainer asked for a review -- -libsndfile +libsndfile (Thorsten Alteholz) + NOTE: giving maintainer some time to respond to email -- libxml2

[Secure-testing-commits] r51848 - data

19:05:50 UTC (rev 51847) +++ data/dla-needed.txt 2017-05-22 20:32:05 UTC (rev 51848) @@ -92,9 +92,6 @@ -- openjdk-7 (Emilio Pozuelo) -- -postgresql-8.4 (Thorsten Alteholz) - NOTE: 20170521, asking maintainer whether this version is affected --- postgresql-9.1 (Thorsten Alteholz) NOTE

[Secure-testing-commits] r51884 - data

:37:26 UTC (rev 51883) +++ data/dla-needed.txt 2017-05-23 16:59:08 UTC (rev 51884) @@ -58,7 +58,7 @@ libpodofo NOTE: maintainer asked for a review -- -libtasn1-3 +libtasn1-3 (Thorsten Alteholz) -- libsndfile (Thorsten Alteholz) NOTE: giving maintainer some time to respond to email

[Secure-testing-commits] r51883 - in data: . CVE

-needed.txt 2017-05-23 16:37:26 UTC (rev 51883) @@ -35,7 +35,7 @@ NOTE: 20170522, there are numerous issues to address and work continues -- jasper (Thorsten Alteholz) - NOTE: 20170519, no patch available for the remaining CVEs yet + NOTE: 20170523, no patch available for the remaining CVEs yet

[Secure-testing-commits] r51901 - in data: . DLA

NOTE: maintainer asked for a review -- -libtasn1-3 (Thorsten Alteholz) --- libsndfile (Thorsten Alteholz) NOTE: giving maintainer some time to respond to email -- ___ Secure-testing-commits mailing list Secure-testing-commits

[Secure-testing-commits] r51798 - data/CVE

Author: alteholz Date: 2017-05-21 17:34:44 + (Sun, 21 May 2017) New Revision: 51798 Modified: data/CVE/list Log: according to maintainer wheezy is not affected by CVE-2017-9078 Modified: data/CVE/list === --- data/CVE/list

[Secure-testing-commits] r51800 - in data: . DLA

(Thorsten Alteholz) NOTE: test package at https://people.debian.org/~alteholz/packages/wheezy-lts/bind9/amd64/ -- -dropbear (Thorsten Alteholz) - NOTE: maintainer prepared debdiff --- ca-certificates NOTE: 2017-03-27: maintainer will handle the upload, see https://lists.debian.org/1acb8e97

<    1   2   3   4   5   6   7   8   >