[Secure-testing-commits] r33256 - data
Author: apo-guest Date: 2015-03-30 17:08:18 + (Mon, 30 Mar 2015) New Revision: 33256 Modified: data/dla-needed.txt Log: Claim checkpw in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-03-30 17:06:06 UTC (rev 33255) +++ data/dla-needed.txt 2015-03-30 17:08:18 UTC (rev 33256) @@ -7,7 +7,9 @@ To pick an issue, simply add your name behind it. -- -checkpw +checkpw (Markus Koschany) +https://lists.debian.org/debian-lts/2015/03/msg00093.html +Debdiff and fix available. Needs review and sponsor. -- commons-httpclient -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33258 - data
Author: apo-guest Date: 2015-03-30 17:16:00 + (Mon, 30 Mar 2015) New Revision: 33258 Modified: data/dla-needed.txt Log: Grooming. Remove trailing whitespace in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-03-30 17:11:47 UTC (rev 33257) +++ data/dla-needed.txt 2015-03-30 17:16:00 UTC (rev 33258) @@ -1,4 +1,4 @@ -A squeeze-lts security update is needed for the following source packages. +A squeeze-lts security update is needed for the following source packages. The specific CVE IDs do not need to be listed, they can be gathered in an up-to-date manner from https://security-tracker.debian.org/tracker/source-package/SOURCEPACKAGE @@ -122,7 +122,7 @@ It might also be the case that a package is heavily used in stable, but has no reverse deps in oldstable and was introduced on a rather experimental basis. -no-dsa doesn't mean that a security issue will remain unfixed. For standard stable +no-dsa doesn't mean that a security issue will remain unfixed. For standard stable and oldstable in Debian there are regular point updates which incorporate such minor fixes. There are no such point updates for Debian LTS, though. But if e.g. there's a minor issue in a package, it can be postponed using no-dsa and if there's @@ -132,7 +132,7 @@ every update involves work on the admin rolling out the updated package! -So, if there's a security issue in a package listed at +So, if there's a security issue in a package listed at https://security-tracker.debian.org/tracker/status/release/oldstable which is not yet present in this file, so should do the following: ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33257 - data
Author: apo-guest Date: 2015-03-30 17:11:47 + (Mon, 30 Mar 2015) New Revision: 33257 Modified: data/dla-needed.txt Log: Claim commons-httpclient in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-03-30 17:08:18 UTC (rev 33256) +++ data/dla-needed.txt 2015-03-30 17:11:47 UTC (rev 33257) @@ -11,7 +11,11 @@ https://lists.debian.org/debian-lts/2015/03/msg00093.html Debdiff and fix available. Needs review and sponsor. -- -commons-httpclient +commons-httpclient (Markus Koschany) +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758086#50 +Debdiff and patch for Jessie and Sid available. Debian Java team members +prefer testcase before uploading. When approved the fix could be easily +backported to Wheezy and Squeeze. -- clamav http://lists.debian.org/20150218123232.ga25...@breakpoint.cc ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r33255 - data
Author: apo-guest Date: 2015-03-30 17:06:06 + (Mon, 30 Mar 2015) New Revision: 33255 Modified: data/dla-needed.txt Log: Remove libspring-2.5-java entry because the last CVE was misassigned to that package Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-03-30 04:58:57 UTC (rev 33254) +++ data/dla-needed.txt 2015-03-30 17:06:06 UTC (rev 33255) @@ -48,8 +48,6 @@ libphp-snoopy NOTE: maintainer might take care of it, cf http://lists.debian.org/1424805686.2351.19.ca...@debian.org -- -libspring-2.5-java --- libvncserver (Nguyen Cong) -- linux-2.6 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r34270 - data
Author: apo-guest Date: 2015-05-14 10:18:56 + (Thu, 14 May 2015) New Revision: 34270 Modified: data/dla-needed.txt Log: Update comment about commons-httpclient in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-05-14 09:11:01 UTC (rev 34269) +++ data/dla-needed.txt 2015-05-14 10:18:56 UTC (rev 34270) @@ -8,10 +8,10 @@ -- commons-httpclient (Markus Koschany) -https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758086#50 -Debdiff and patch for Jessie and Sid available. Debian Java team members -prefer testcase before uploading. When approved the fix could be easily -backported to Wheezy and Squeeze. +https://bugs.debian.org/758086#50 +Patch is attached to this e-mail. +https://lists.debian.org/debian-lts/2015/04/msg00082.html +Sponsor is needed. -- clamav (Scott Kitterman) http://lists.debian.org/20150218123232.ga25...@breakpoint.cc ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r34606 - data
Author: apo-guest Date: 2015-05-31 11:38:06 + (Sun, 31 May 2015) New Revision: 34606 Modified: data/embedded-code-copies Log: embedded-code-copies: Spring does not embed oscpack anymore Modified: data/embedded-code-copies === --- data/embedded-code-copies 2015-05-31 10:00:26 UTC (rev 34605) +++ data/embedded-code-copies 2015-05-31 11:38:06 UTC (rev 34606) @@ -2041,9 +2041,6 @@ - fceux unfixed (embed) NOTE: didn't check whether it's used -oscpack - - spring unfixed (embed) - hpiutil2 - spring unfixed (embed) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r34594 - data
Author: apo-guest Date: 2015-05-30 13:44:10 + (Sat, 30 May 2015) New Revision: 34594 Modified: data/dla-needed.txt Log: Update status of libapache-mod-jk in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2015-05-30 10:21:21 UTC (rev 34593) +++ data/dla-needed.txt 2015-05-30 13:44:10 UTC (rev 34594) @@ -24,9 +24,10 @@ -- jqueryui (Holger Levsen) -- -libapache-mod-jk - Markus Koschany will take care of it - http://lists.debian.org/5564ab86.3000...@gambaru.de +libapache-mod-jk (Markus Koschany) + See http://lists.debian.org/5564ab86.3000...@gambaru.de + Debdiff is attached to follow-up message. Feedback and testing are appreciated. + Sponsor required. -- libclamunrar NOTE: wheezy got a backport of 0.98.5, check if we should do the same in ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42276 - data
Author: apo Date: 2016-06-02 20:58:37 + (Thu, 02 Jun 2016) New Revision: 42276 Modified: data/dla-needed.txt Log: Take libxstream-java in dla-needed.txt as requested. Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-02 20:27:47 UTC (rev 42275) +++ data/dla-needed.txt 2016-06-02 20:58:37 UTC (rev 42276) @@ -45,9 +45,10 @@ -- libxslt (Emilio Pozuelo) -- -libxstream-java (jmm) +libxstream-java (Markus Koschany) Emmanuel Bourg proposed debdiff for both wheezy- and jessie-security waiting an additional to solicit regression feedback from change in sid + NOTE: https://lists.debian.org/debian-lts/2016/06/msg00020.html -- linux -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42365 - org
Author: apo Date: 2016-06-07 03:27:02 + (Tue, 07 Jun 2016) New Revision: 42365 Modified: org/lts-frontdesk.2016.txt Log: Add myself to lts-frontdesk 2016 duties Modified: org/lts-frontdesk.2016.txt === --- org/lts-frontdesk.2016.txt 2016-06-06 21:31:13 UTC (rev 42364) +++ org/lts-frontdesk.2016.txt 2016-06-07 03:27:02 UTC (rev 42365) @@ -37,29 +37,29 @@ From 13-06 to 19-06:Markus Koschany <a...@debian.org> From 20-06 to 26-06:Thorsten Alteholz <alteh...@debian.org> From 27-06 to 03-07:Chris Lamb <ch...@chris-lamb.co.uk> -From 04-07 to 10-07: +From 04-07 to 10-07:Markus Koschany <a...@debian.org> From 11-07 to 17-07:Ben Hutchings <b...@decadent.org.uk> From 18-07 to 24-07:Chris Lamb <ch...@chris-lamb.co.uk> From 25-07 to 31-07: -From 01-08 to 07-08: +From 01-08 to 07-08:Markus Koschany <a...@debian.org> From 08-08 to 14-08:Guido Günther <a...@sigxcpu.org> From 15-08 to 21-08:Chris Lamb <ch...@chris-lamb.co.uk> From 22-08 to 28-08:Ben Hutchings <b...@decadent.org.uk> From 29-08 to 04-09: From 05-09 to 11-09: -From 12-09 to 18-09: +From 12-09 to 18-09:Markus Koschany <a...@debian.org> From 19-09 to 25-09:Chris Lamb <ch...@chris-lamb.co.uk> From 26-09 to 02-10: From 03-10 to 09-10: -From 10-10 to 16-10: +From 10-10 to 16-10:Markus Koschany <a...@debian.org> From 17-10 to 23-10:Chris Lamb <ch...@chris-lamb.co.uk> From 24-10 to 30-10: From 31-10 to 06-11: From 07-11 to 13-11:Chris Lamb <ch...@chris-lamb.co.uk> -From 14-11 to 20-11: +From 14-11 to 20-11:Markus Koschany <a...@debian.org> From 21-11 to 27-11: From 28-11 to 04-12: From 05-12 to 11-12:Chris Lamb <ch...@chris-lamb.co.uk> -From 12-12 to 18-12: +From 12-12 to 18-12:Markus Koschany <a...@debian.org> From 19-12 to 25-12: From 26-12 to 01-01: ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42343 - in data: . DLA
Author: apo
Date: 2016-06-06 09:06:21 + (Mon, 06 Jun 2016)
New Revision: 42343
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-504-1 for libxstream-java
Modified: data/DLA/list
===
--- data/DLA/list 2016-06-06 05:43:42 UTC (rev 42342)
+++ data/DLA/list 2016-06-06 09:06:21 UTC (rev 42343)
@@ -1,3 +1,6 @@
+[06 Jun 2016] DLA-504-1 libxstream-java - security update
+ {CVE-2016-3674}
+ [wheezy] - libxstream-java 1.4.2-1+deb7u1
[03 Jun 2016] DLA-503-1 libxml2 - security update
{CVE-2015-8806 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835
CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-2073
CVE-2016-3627 CVE-2016-3705 CVE-2016-4447 CVE-2016-4449 CVE-2016-4483}
[wheezy] - libxml2 2.8.0+dfsg1-7+wheezy6
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-06-06 05:43:42 UTC (rev 42342)
+++ data/dla-needed.txt 2016-06-06 09:06:21 UTC (rev 42343)
@@ -46,11 +46,6 @@
--
libxslt (Emilio Pozuelo)
--
-libxstream-java (Markus Koschany)
- Emmanuel Bourg proposed debdiff for both wheezy- and jessie-security
- waiting an additional to solicit regression feedback from change in sid
- NOTE: https://lists.debian.org/debian-lts/2016/06/msg00020.html
---
linux
--
mat
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42395 - in data: . DLA
Author: apo
Date: 2016-06-08 08:32:26 + (Wed, 08 Jun 2016)
New Revision: 42395
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-508-1 for expat
Modified: data/DLA/list
===
--- data/DLA/list 2016-06-08 07:57:17 UTC (rev 42394)
+++ data/DLA/list 2016-06-08 08:32:26 UTC (rev 42395)
@@ -1,3 +1,6 @@
+[08 Jun 2016] DLA-508-1 expat - security update
+ {CVE-2012-6702 CVE-2016-5300}
+ [wheezy] - expat 2.1.0-1+deb7u4
[07 Jun 2016] DLA-507-1 nss - security update
{CVE-2015-4000}
[wheezy] - nss 2:3.14.5-1+deb7u7
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-06-08 07:57:17 UTC (rev 42394)
+++ data/dla-needed.txt 2016-06-08 08:32:26 UTC (rev 42395)
@@ -18,8 +18,6 @@
cakephp
NOTE: CVE-2015-8379 No official solution is currently available, 20160425
--
-expat (Markus Koschany)
---
extplorer
NOTE: 20160529, no fix yet
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42397 - data
Author: apo Date: 2016-06-08 09:30:42 + (Wed, 08 Jun 2016) New Revision: 42397 Modified: data/dla-needed.txt Log: Remove libpdfbox-java and libxstream-java from dla-needed.txt again Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-08 09:10:11 UTC (rev 42396) +++ data/dla-needed.txt 2016-06-08 09:30:42 UTC (rev 42397) @@ -32,8 +32,6 @@ -- libjackson-json-java -- -libpdfbox-java (Markus Koschany) --- libspring-java The JSON/JaF doesn't appear to be present in wheezy but the content-disposition stuff might be. @@ -42,8 +40,6 @@ -- libxslt (Emilio Pozuelo) -- -libxstream-java (Markus Koschany) --- linux -- mat ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42398 - data
Author: apo Date: 2016-06-08 09:42:28 + (Wed, 08 Jun 2016) New Revision: 42398 Modified: data/dla-needed.txt Log: Claim libtorrent-rasterbar in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-08 09:30:42 UTC (rev 42397) +++ data/dla-needed.txt 2016-06-08 09:42:28 UTC (rev 42398) @@ -36,7 +36,7 @@ The JSON/JaF doesn't appear to be present in wheezy but the content-disposition stuff might be. -- -libtorrent-rasterbar +libtorrent-rasterbar (Markus Koschany) -- libxslt (Emilio Pozuelo) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42348 - data
Author: apo Date: 2016-06-06 11:44:26 + (Mon, 06 Jun 2016) New Revision: 42348 Modified: data/dla-needed.txt Log: Claim expat in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-06 11:41:09 UTC (rev 42347) +++ data/dla-needed.txt 2016-06-06 11:44:26 UTC (rev 42348) @@ -20,7 +20,7 @@ -- dhcpcd5 (Ola Lundqvist) -- -expat +expat (Markus Koschany) -- extplorer NOTE: 20160529, no fix yet ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42347 - in data: . DLA
Author: apo
Date: 2016-06-06 11:41:09 + (Mon, 06 Jun 2016)
New Revision: 42347
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-505-1 for libpdfbox-java
Modified: data/DLA/list
===
--- data/DLA/list 2016-06-06 10:31:48 UTC (rev 42346)
+++ data/DLA/list 2016-06-06 11:41:09 UTC (rev 42347)
@@ -1,3 +1,6 @@
+[06 Jun 2016] DLA-505-1 libpdfbox-java - security update
+ {CVE-2016-2175}
+ [wheezy] - libpdfbox-java 1:1.7.0+dfsg-4+deb7u1
[06 Jun 2016] DLA-504-1 libxstream-java - security update
{CVE-2016-3674}
[wheezy] - libxstream-java 1.4.2-1+deb7u1
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-06-06 10:31:48 UTC (rev 42346)
+++ data/dla-needed.txt 2016-06-06 11:41:09 UTC (rev 42347)
@@ -36,8 +36,6 @@
--
libjackson-json-java
--
-libpdfbox-java (Markus Koschany)
---
libspring-java
The JSON/JaF doesn't appear to be present in wheezy but the
content-disposition stuff might be.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42477 - data
Author: apo Date: 2016-06-12 12:05:27 + (Sun, 12 Jun 2016) New Revision: 42477 Modified: data/dla-needed.txt Log: Claim roundcube in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-12 11:04:09 UTC (rev 42476) +++ data/dla-needed.txt 2016-06-12 12:05:27 UTC (rev 42477) @@ -71,10 +71,7 @@ NOTE: see dsa-needed's notes. NOTE: Maintainer's answer: https://lists.debian.org/msgid-search/878tzv6pru@mid.deneb.enyo.de -- -roundcube - NOTE: Partly affected by CVE-2016-4068. Check if other issues apply too. - NOTE: One maintainer suggests to update to the stable 1.0.x branch - NOTE: https://lists.debian.org/debian-lts/2016/05/msg00016.html +roundcube (Markus Koschany) -- ruby-actionpack-3.2 (Guido Günther) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42444 - data/CVE
Author: apo Date: 2016-06-10 17:42:03 + (Fri, 10 Jun 2016) New Revision: 42444 Modified: data/CVE/list Log: Mark CVE-2015-2180 roundcube, wheezy as not affected The dbmail driver does not exist in this version. Modified: data/CVE/list === --- data/CVE/list 2016-06-10 17:29:29 UTC (rev 42443) +++ data/CVE/list 2016-06-10 17:42:03 UTC (rev 42444) @@ -35270,6 +35270,7 @@ CVE-2015-2180 [execute arbitrary shell commands as root from the roundcube DBMail driver for the password plugin] RESERVED - roundcube 1.1.1+dfsg.1-2 + [wheezy] - roundcube (dbmail driver does not exist) NOTE: http://trac.roundcube.net/ticket/1490261 NOTE: http://advisories.mageia.org/MGASA-2015-0400.html NOTE: http://lists.opensuse.org/opensuse-updates/2015-07/msg00032.html ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42446 - data/CVE
Author: apo Date: 2016-06-10 19:17:31 + (Fri, 10 Jun 2016) New Revision: 42446 Modified: data/CVE/list Log: Mark CVE-2016-4096 roundcube, wheezy as not affected program/lib/Roundcube/rcube_washtml.php is called lib/washtml.php in this version but the function is_link_attribute does not exist. Modified: data/CVE/list === --- data/CVE/list 2016-06-10 17:44:24 UTC (rev 42445) +++ data/CVE/list 2016-06-10 19:17:31 UTC (rev 42446) @@ -3684,6 +3684,7 @@ CVE-2016-4069 [Protect download urls against CSRF using unique request tokens] RESERVED - roundcube 1.1.5+dfsg.1-1 (bug #822333) + [wheezy] - roundcube (vulnerable code not present) NOTE: https://github.com/roundcube/roundcubemail/issues/4957 NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115 NOTE: https://github.com/roundcube/roundcubemail/commit/4a408843b0ef816daf70a472a02b78cd6073a4d5 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42445 - data/CVE
Author: apo Date: 2016-06-10 17:44:24 + (Fri, 10 Jun 2016) New Revision: 42445 Modified: data/CVE/list Log: Mark CVE-2015-2181 roundcube, wheezy as not affected variable and file not present Modified: data/CVE/list === --- data/CVE/list 2016-06-10 17:42:03 UTC (rev 42444) +++ data/CVE/list 2016-06-10 17:44:24 UTC (rev 42445) @@ -35264,6 +35264,7 @@ CVE-2015-2181 [buffer overflows in the roundcube DBMail driver for the password plugin] RESERVED - roundcube 1.1.1+dfsg.1-2 + [wheezy] - roundcube (variable and chgdbmailusers.c does not exist) NOTE: http://trac.roundcube.net/ticket/1490261 NOTE: http://advisories.mageia.org/MGASA-2015-0400.html NOTE: http://lists.opensuse.org/opensuse-updates/2015-07/msg00032.html ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42447 - data/CVE
Author: apo Date: 2016-06-10 19:20:13 + (Fri, 10 Jun 2016) New Revision: 42447 Modified: data/CVE/list Log: Revert last commit. Roundcube, wheezy is not affected by CVE-2016-5103 Modified: data/CVE/list === --- data/CVE/list 2016-06-10 19:17:31 UTC (rev 42446) +++ data/CVE/list 2016-06-10 19:20:13 UTC (rev 42447) @@ -1256,6 +1256,7 @@ CVE-2016-5103 [XSS vulnerability in mail content page] RESERVED - roundcube 1.2.0+dfsg.1-1 + [wheezy] - roundcube (vulnerable code not present) NOTE: https://github.com/roundcube/roundcubemail/issues/5240 NOTE: https://github.com/roundcube/roundcubemail/pull/5241 NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/8 @@ -3684,7 +3685,6 @@ CVE-2016-4069 [Protect download urls against CSRF using unique request tokens] RESERVED - roundcube 1.1.5+dfsg.1-1 (bug #822333) - [wheezy] - roundcube (vulnerable code not present) NOTE: https://github.com/roundcube/roundcubemail/issues/4957 NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115 NOTE: https://github.com/roundcube/roundcubemail/commit/4a408843b0ef816daf70a472a02b78cd6073a4d5 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42455 - in data: . DLA
Author: apo
Date: 2016-06-11 07:07:04 + (Sat, 11 Jun 2016)
New Revision: 42455
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-511-1 for libtorrent-rasterbar
Modified: data/DLA/list
===
--- data/DLA/list 2016-06-11 07:03:25 UTC (rev 42454)
+++ data/DLA/list 2016-06-11 07:07:04 UTC (rev 42455)
@@ -1,3 +1,6 @@
+[11 Jun 2016] DLA-511-1 libtorrent-rasterbar - security update
+ {CVE-2016-5301}
+ [wheezy] - libtorrent-rasterbar 0.15.10-1+deb7u1
[10 Jun 2016] DLA-510-1 p7zip - security update
{CVE-2016-2335}
[wheezy] - p7zip 9.20.1~dfsg.1-4+deb7u2
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-06-11 07:03:25 UTC (rev 42454)
+++ data/dla-needed.txt 2016-06-11 07:07:04 UTC (rev 42455)
@@ -40,8 +40,6 @@
--
libstruts1.2-java
--
-libtorrent-rasterbar (Markus Koschany)
---
libxslt (Emilio Pozuelo)
--
linux
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42021 - data
Author: apo Date: 2016-05-25 18:23:50 + (Wed, 25 May 2016) New Revision: 42021 Modified: data/dla-needed.txt Log: Claim bozohttpd in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-25 16:45:56 UTC (rev 42020) +++ data/dla-needed.txt 2016-05-25 18:23:50 UTC (rev 42021) @@ -11,7 +11,7 @@ -- asterisk (Thorsten Alteholz) -- -bozohttpd +bozohttpd (Markus Koschany) -- cacti NOTE: CVE-2016-3659 doesn't have a fix yet, 20160425 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42022 - data/CVE
Author: apo Date: 2016-05-25 18:25:21 + (Wed, 25 May 2016) New Revision: 42022 Modified: data/CVE/list Log: Add link to fix for CVE-2014-5015 Modified: data/CVE/list === --- data/CVE/list 2016-05-25 18:23:50 UTC (rev 42021) +++ data/CVE/list 2016-05-25 18:25:21 UTC (rev 42022) @@ -52320,6 +52320,7 @@ NOT-FOR-US: DELL SonicWALL GMS CVE-2014-5015 (bozotic HTTP server (aka bozohttpd) before 20140708, as used in ...) - bozohttpd (bug #755197) + NOTE: FIX http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/httpd/bozohttpd.c.diff?r1=1.52=1.53_with_tag=MAIN [wheezy] - bozohttpd (Minor issue) [squeeze] - bozohttpd (Minor issue) CVE-2014-5009 [Incorrect fix for CVE-2014-5008] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42023 - data/CVE
Author: apo Date: 2016-05-25 18:26:57 + (Wed, 25 May 2016) New Revision: 42023 Modified: data/CVE/list Log: Add link to fix for CVE-2015-8212 Modified: data/CVE/list === --- data/CVE/list 2016-05-25 18:25:21 UTC (rev 42022) +++ data/CVE/list 2016-05-25 18:26:57 UTC (rev 42023) @@ -15966,6 +15966,7 @@ CVE-2015-8212 [bozohttpd CGI handlers potential remote code execution] RESERVED - bozohttpd + NOTE: FIX http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/httpd/bozohttpd.c.diff?r1=1.79=1.80_with_tag=MAIN NOTE: http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2016-005.txt.asc NOTE: http://www.eterna.com.au/bozohttpd/CHANGES NOTE: http://www.eterna.com.au/bozohttpd/bozohttpd-20160415.tar.bz2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42030 - in data: . DLA
Author: apo
Date: 2016-05-26 04:03:50 + (Thu, 26 May 2016)
New Revision: 42030
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-490-1 for bozohttpd
Modified: data/DLA/list
===
--- data/DLA/list 2016-05-26 03:04:21 UTC (rev 42029)
+++ data/DLA/list 2016-05-26 04:03:50 UTC (rev 42030)
@@ -1,3 +1,6 @@
+[26 May 2016] DLA-490-1 bozohttpd - security update
+ {CVE-2014-5015 CVE-2015-8212}
+ [wheezy] - bozohttpd 2018-1+deb7u1
[25 May 2016] DLA-489-1 ruby-mail - security update
[wheezy] - ruby-mail 2.4.4-2+deb7u1
[25 May 2016] DLA-488-1 xymon - security update
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-26 03:04:21 UTC (rev 42029)
+++ data/dla-needed.txt 2016-05-26 04:03:50 UTC (rev 42030)
@@ -11,8 +11,6 @@
--
asterisk (Thorsten Alteholz)
--
-bozohttpd (Markus Koschany)
---
cacti
NOTE: CVE-2016-3659 doesn't have a fix yet, 20160425
NOTE: Maintainer wants to review changes; see
https://lists.debian.org/<5724f47d.6090...@debian.org>
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42031 - data/CVE
Author: apo Date: 2016-05-26 04:09:53 + (Thu, 26 May 2016) New Revision: 42031 Modified: data/CVE/list Log: Remove no-dsa wheezy entry from CVE-2014-5015 Modified: data/CVE/list === --- data/CVE/list 2016-05-26 04:03:50 UTC (rev 42030) +++ data/CVE/list 2016-05-26 04:09:53 UTC (rev 42031) @@ -52328,7 +52328,6 @@ NOT-FOR-US: DELL SonicWALL GMS CVE-2014-5015 (bozotic HTTP server (aka bozohttpd) before 20140708, as used in ...) - bozohttpd (bug #755197) - [wheezy] - bozohttpd (Minor issue) [squeeze] - bozohttpd (Minor issue) NOTE: Fixed by: http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/httpd/bozohttpd.c.diff?r1=1.52=1.53_with_tag=MAIN CVE-2014-5009 [Incorrect fix for CVE-2014-5008] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42032 - doc
Author: apo Date: 2016-05-26 04:38:15 + (Thu, 26 May 2016) New Revision: 42032 Modified: doc/DLA.template Log: Update DLA.template Modified: doc/DLA.template === --- doc/DLA.template2016-05-26 04:09:53 UTC (rev 42031) +++ doc/DLA.template2016-05-26 04:38:15 UTC (rev 42032) @@ -7,11 +7,14 @@ CVE ID : $CVE Debian Bug : $BUGNUM -This security update fixes a number of security issues in -$PACKAGE. We recommend you upgrade your $PACKAGE packages. $TEXT -Further information about Debian LTS security Advisories, how to apply +For Debian 7 "Wheezy", these problems have been fixed in version +$wheezy_VERSION. + +We recommend that you upgrade your $PACKAGE packages. + +Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42246 - data
Author: apo Date: 2016-06-02 09:26:24 + (Thu, 02 Jun 2016) New Revision: 42246 Modified: data/dla-needed.txt Log: Claim libpdfbox-java in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-02 09:10:09 UTC (rev 42245) +++ data/dla-needed.txt 2016-06-02 09:26:24 UTC (rev 42246) @@ -32,7 +32,7 @@ -- libjackson-json-java -- -libpdfbox-java +libpdfbox-java (Markus Koschany) -- libspring-java The JSON/JaF doesn't appear to be present in wheezy but the ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42244 - data/CVE
Author: apo Date: 2016-06-02 08:19:18 + (Thu, 02 Jun 2016) New Revision: 42244 Modified: data/CVE/list Log: CVE-2016-5118: Add link to upstream's reproducer and patch Modified: data/CVE/list === --- data/CVE/list 2016-06-02 08:14:15 UTC (rev 42243) +++ data/CVE/list 2016-06-02 08:19:18 UTC (rev 42244) @@ -341,6 +341,7 @@ - imagemagick 8:6.8.9.9-7.1 (bug #825799) - graphicsmagick 1.3.24-1 (bug #825800) NOTE: fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ae3928faa858 + NOTE: patch available at http://www.openwall.com/lists/oss-security/2016/05/29/7 CVE-2016-5116 [xbm: avoid stack overflow (read) with large names] RESERVED - libgd2 2.2.1-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42234 - data/DLA
Author: apo
Date: 2016-06-02 05:59:33 + (Thu, 02 Jun 2016)
New Revision: 42234
Modified:
data/DLA/list
Log:
Reserve DLA-501-1 for gdk-pixbuf
Modified: data/DLA/list
===
--- data/DLA/list 2016-06-02 05:11:25 UTC (rev 42233)
+++ data/DLA/list 2016-06-02 05:59:33 UTC (rev 42234)
@@ -1,3 +1,6 @@
+[02 Jun 2016] DLA-501-1 gdk-pixbuf - security update
+ {CVE-2015-7552}
+ [wheezy] - gdk-pixbuf 2.26.1-1+deb7u5
[01 Jun 2016] DLA-500-1 imagemagick - security update
{CVE-2016-5118}
[wheezy] - imagemagick 8:6.7.7.10-5+deb7u6
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42243 - in data: . DLA
Author: apo
Date: 2016-06-02 08:14:15 + (Thu, 02 Jun 2016)
New Revision: 42243
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-502-1 for graphicsmagick
Modified: data/DLA/list
===
--- data/DLA/list 2016-06-02 07:33:15 UTC (rev 42242)
+++ data/DLA/list 2016-06-02 08:14:15 UTC (rev 42243)
@@ -1,3 +1,6 @@
+[02 Jun 2016] DLA-502-1 graphicsmagick - security update
+ {CVE-2016-5118}
+ [wheezy] - graphicsmagick 1.3.16-1.1+deb7u2
[02 Jun 2016] DLA-501-1 gdk-pixbuf - security update
{CVE-2015-7552}
[wheezy] - gdk-pixbuf 2.26.1-1+deb7u5
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-06-02 07:33:15 UTC (rev 42242)
+++ data/dla-needed.txt 2016-06-02 08:14:15 UTC (rev 42243)
@@ -27,8 +27,6 @@
NOTE: .debdiff sent to the Security Team, waiting for feedback
NOTE: asked about jessie status (seb)
--
-graphicsmagick (Markus Koschany)
---
icu (Roberto C. Sánchez)
NOTE: check comments on CVE-2016-0494 as well
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42239 - data/DLA
Author: apo
Date: 2016-06-02 06:21:58 + (Thu, 02 Jun 2016)
New Revision: 42239
Modified:
data/DLA/list
Log:
Mark CVE-2015-7552 as not fixed in DLA-450-1
Modified: data/DLA/list
===
--- data/DLA/list 2016-06-02 06:18:19 UTC (rev 42238)
+++ data/DLA/list 2016-06-02 06:21:58 UTC (rev 42239)
@@ -153,7 +153,7 @@
{CVE-2016-0636 CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425
CVE-2016-3426 CVE-2016-3427}
[wheezy] - openjdk-7 7u101-2.6.6-2~deb7u1
[30 Apr 2016] DLA-450-1 gdk-pixbuf - security update
- {CVE-2015-7552 CVE-2015-8875 CVE-2015-7674}
+ {CVE-2015-8875 CVE-2015-7674}
[wheezy] - gdk-pixbuf 2.26.1-1+deb7u4
[30 Apr 2016] DLA-449-1 botan1.10 - security update
{CVE-2014-9742 CVE-2015-5726 CVE-2015-5727 CVE-2015-7827 CVE-2016-2194
CVE-2016-2195 CVE-2016-2849}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42159 - data
Author: apo Date: 2016-05-30 17:54:09 + (Mon, 30 May 2016) New Revision: 42159 Modified: data/dla-needed.txt Log: Claim graphicsmagick in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-30 17:53:48 UTC (rev 42158) +++ data/dla-needed.txt 2016-05-30 17:54:09 UTC (rev 42159) @@ -25,6 +25,8 @@ NOTE: .debdiff sent to the Security Team, waiting for feedback NOTE: asked about jessie status (seb) -- +graphicsmagick (Markus Koschany) +-- icu (Roberto C. Sánchez) NOTE: check comments on CVE-2016-0494 as well -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42162 - data/CVE
Author: apo Date: 2016-05-30 17:56:23 + (Mon, 30 May 2016) New Revision: 42162 Modified: data/CVE/list Log: Add link to fix for CVE-2016-5118 Modified: data/CVE/list === --- data/CVE/list 2016-05-30 17:55:33 UTC (rev 42161) +++ data/CVE/list 2016-05-30 17:56:23 UTC (rev 42162) @@ -18,6 +18,7 @@ CVE-2016-5118 [popen() shell vulnerability via filename] - imagemagick (bug #825799) - graphicsmagick (bug #825800) + NOTE: fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ae3928faa858 CVE-2016-5116 [xbm: avoid stack overflow (read) with large names] - libgd2 2.2.1-1 [wheezy] - libgd2 (Vulnerable code not present) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42699 - data
Author: apo Date: 2016-06-22 18:48:00 + (Wed, 22 Jun 2016) New Revision: 42699 Modified: data/dla-needed.txt Log: Add libcommons-fileupload-java, tomcat6 and tomcat7 to dla-needed.txt and claim them. All three are affected by CVE-2016-3092, DoS through exhausting CPU resources Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-22 17:42:19 UTC (rev 42698) +++ data/dla-needed.txt 2016-06-22 18:48:00 UTC (rev 42699) @@ -35,6 +35,8 @@ -- libarchive (Markus Koschany) -- +libcommons-fileupload-java (Markus Koschany) +-- libjackson-json-java -- libspring-java @@ -93,6 +95,10 @@ -- tiff3 -- +tomcat6 (Markus Koschany) +-- +tomcat7 (Markus Koschany) +-- wget (Thorsten Alteholz) -- wireshark (Balint Reczey) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42700 - data/CVE
Author: apo Date: 2016-06-22 18:49:59 + (Wed, 22 Jun 2016) New Revision: 42700 Modified: data/CVE/list Log: CVE-2016-3092: Add links to fix and upstream advisory Modified: data/CVE/list === --- data/CVE/list 2016-06-22 18:48:00 UTC (rev 42699) +++ data/CVE/list 2016-06-22 18:49:59 UTC (rev 42700) @@ -7382,6 +7382,8 @@ - tomcat7 7.0.70-1 - tomcat8 8.0.36-1 - tomcat9 (bug #802312) + NOTE: Fixed by https://svn.apache.org/r1743480 + NOTE: Upstream advisory http://markmail.org/message/oyxfv73jb2g7rjg3 CVE-2016-3091 RESERVED CVE-2016-3090 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42701 - data/CVE
Author: apo
Date: 2016-06-22 19:03:24 + (Wed, 22 Jun 2016)
New Revision: 42701
Modified:
data/CVE/list
Log:
CVE-2016-1621: libvpx in Wheezy is not affected
vulnerable code is not present because webm module not yet included
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-22 18:49:59 UTC (rev 42700)
+++ data/CVE/list 2016-06-22 19:03:24 UTC (rev 42701)
@@ -12683,6 +12683,7 @@
CVE-2016-1621 (libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before
5.1.1 ...)
- libvpx
[jessie] - libvpx (Vulnerable code not present, libwebm
not yet included)
+ [wheezy] - libvpx (Vulnerable code not present, libwebm
not yet included)
NOTE:
https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d%5E!/#F1
CVE-2016-1620 (Multiple unspecified vulnerabilities in Google Chrome before
...)
{DSA-3456-1}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42709 - data/CVE
Author: apo Date: 2016-06-22 22:37:51 + (Wed, 22 Jun 2016) New Revision: 42709 Modified: data/CVE/list Log: CVE-2016-4487: Mark vulnerability as no-dsa for Wheezy. Modified: data/CVE/list === --- data/CVE/list 2016-06-22 22:32:29 UTC (rev 42708) +++ data/CVE/list 2016-06-22 22:37:51 UTC (rev 42709) @@ -3769,22 +3769,31 @@ RESERVED - valgrind (low) [jessie] - valgrind (Minor issue) + [wheezy] - valgrind (Minor issue) - ht (low) [jessie] - ht (Minor issue) + [wheezy] - ht (Minor issue) - binutils (low) [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) - binutils-h8300-hms (low) [jessie] - binutils-h8300-hms (Minor issue) + [wheezy] - binutils-h8300-hms (Minor issue) - gcc-h8300-hms (low) [jessie] - gcc-h8300-hms (Minor issue) + [wheezy] - gcc-h8300-hms (Minor issue) - gdb (low) [jessie] - gdb (Minor issue) + [wheezy] - gdb (Minor issue) - libiberty (low) [jessie] - libiberty (Minor issue) + [wheezy] - libiberty (Minor issue) - nescc (low) [jessie] - nescc (Minor issue) + [wheezy] - nescc (Minor issue) - sdcc (low) [jessie] - sdcc (Minor issue) + [wheezy] - sdcc (Minor issue) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481 NOTE: https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html CVE-2016-4539 (The xml_parse_into_struct function in ext/xml/xml.c in PHP before ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42708 - data/CVE
Author: apo Date: 2016-06-22 22:32:29 + (Wed, 22 Jun 2016) New Revision: 42708 Modified: data/CVE/list Log: CVE-2016-4488: Mark vulnerability as no-dsa for Wheezy Modified: data/CVE/list === --- data/CVE/list 2016-06-22 22:30:16 UTC (rev 42707) +++ data/CVE/list 2016-06-22 22:32:29 UTC (rev 42708) @@ -3738,22 +3738,31 @@ RESERVED - valgrind (low) [jessie] - valgrind (Minor issue) + [wheezy] - valgrind (Minor issue) - ht (low) [jessie] - ht (Minor issue) + [wheezy] - ht (Minor issue) - binutils (low) [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) - binutils-h8300-hms (low) [jessie] - binutils-h8300-hms (Minor issue) + [wheezy] - binutils-h8300-hms (Minor issue) - gcc-h8300-hms (low) [jessie] - gcc-h8300-hms (Minor issue) + [wheezy] - gcc-h8300-hms (Minor issue) - gdb (low) [jessie] - gdb (Minor issue) + [wheezy] - gdb (Minor issue) - libiberty (low) [jessie] - libiberty (Minor issue) + [wheezy] - libiberty (Minor issue) - nescc (low) [jessie] - nescc (Minor issue) + [wheezy] - nescc (Minor issue) - sdcc (low) [jessie] - sdcc (Minor issue) + [wheezy] - sdcc (Minor issue) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481 NOTE: https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html CVE-2016-4487 [Invalid write due to a use-after-free to array btypevec] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42710 - data/CVE
Author: apo Date: 2016-06-22 22:41:34 + (Wed, 22 Jun 2016) New Revision: 42710 Modified: data/CVE/list Log: CVE-2016-2226: Mark vulnerability as no-dsa for Wheezy Modified: data/CVE/list === --- data/CVE/list 2016-06-22 22:37:51 UTC (rev 42709) +++ data/CVE/list 2016-06-22 22:41:34 UTC (rev 42710) @@ -10373,22 +10373,31 @@ RESERVED - valgrind (low) [jessie] - valgrind (Minor issue) + [wheezy] - valgrind (Minor issue) - ht (low) [jessie] - ht (Minor issue) + [wheezy] - ht (Minor issue) - binutils (low) [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) - binutils-h8300-hms (low) [jessie] - binutils-h8300-hms (Minor issue) + [wheezy] - binutils-h8300-hms (Minor issue) - gcc-h8300-hms (low) [jessie] - gcc-h8300-hms (Minor issue) + [wheezy] - gcc-h8300-hms (Minor issue) - gdb (low) [jessie] - gdb (Minor issue) + [wheezy] - gdb (Minor issue) - libiberty (low) [jessie] - libiberty (Minor issue) + [wheezy] - libiberty (Minor issue) - nescc (low) [jessie] - nescc (Minor issue) + [wheezy] - nescc (Minor issue) - sdcc (low) [jessie] - sdcc (Minor issue) + [wheezy] - sdcc (Minor issue) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687 NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision=234829 CVE-2015-8811 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42706 - data/CVE
Author: apo Date: 2016-06-22 22:28:15 + (Wed, 22 Jun 2016) New Revision: 42706 Modified: data/CVE/list Log: CVE-2016-4490: Mark vulnerability as no-dsa for Wheezy Modified: data/CVE/list === --- data/CVE/list 2016-06-22 22:25:58 UTC (rev 42705) +++ data/CVE/list 2016-06-22 22:28:15 UTC (rev 42706) @@ -3676,22 +3676,31 @@ RESERVED - valgrind (low) [jessie] - valgrind (Minor issue) + [wheezy] - valgrind (Minor issue) - ht (low) [jessie] - ht (Minor issue) + [wheezy] - ht (Minor issue) - binutils (low) [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) - binutils-h8300-hms (low) [jessie] - binutils-h8300-hms (Minor issue) + [wheezy] - binutils-h8300-hms (Minor issue) - gcc-h8300-hms (low) [jessie] - gcc-h8300-hms (Minor issue) + [wheezy] - gcc-h8300-hms (Minor issue) - gdb (low) [jessie] - gdb (Minor issue) + [wheezy] - gdb (Minor issue) - libiberty (low) [jessie] - libiberty (Minor issue) + [wheezy] - libiberty (Minor issue) - nescc (low) [jessie] - nescc (Minor issue) + [wheezy] - nescc (Minor issue) - sdcc (low) [jessie] - sdcc (Minor issue) + [wheezy] - sdcc (Minor issue) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498 NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision=235767 CVE-2016-4489 [Invalid write due to integer overflow] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42705 - data/CVE
Author: apo Date: 2016-06-22 22:25:58 + (Wed, 22 Jun 2016) New Revision: 42705 Modified: data/CVE/list Log: CVE-2016-4491: Mark vulnerability as no-dsa for Wheezy Modified: data/CVE/list === --- data/CVE/list 2016-06-22 21:10:11 UTC (rev 42704) +++ data/CVE/list 2016-06-22 22:25:58 UTC (rev 42705) @@ -3645,22 +3645,31 @@ RESERVED - valgrind (low) [jessie] - valgrind (Minor issue) + [wheezy] - valgrind (Minor issue) - ht (low) [jessie] - ht (Minor issue) + [wheezy] - ht (Minor issue) - binutils (low) [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) - binutils-h8300-hms (low) [jessie] - binutils-h8300-hms (Minor issue) + [wheezy] - binutils-h8300-hms (Minor issue) - gcc-h8300-hms (low) [jessie] - gcc-h8300-hms (Minor issue) + [wheezy] - gcc-h8300-hms (Minor issue) - gdb (low) [jessie] - gdb (Minor issue) + [wheezy] - gdb (Minor issue) - libiberty (low) [jessie] - libiberty (Minor issue) + [wheezy] - libiberty (Minor issue) - nescc (low) [jessie] - nescc (Minor issue) + [wheezy] - nescc (Minor issue) - sdcc (low) [jessie] - sdcc (Minor issue) + [wheezy] - sdcc (Minor issue) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909 NOTE: https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html CVE-2016-4490 [Write access violation] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42707 - data/CVE
Author: apo Date: 2016-06-22 22:30:16 + (Wed, 22 Jun 2016) New Revision: 42707 Modified: data/CVE/list Log: CVE-2016-4489: Mark vulnerability as no-dsa for Wheezy Modified: data/CVE/list === --- data/CVE/list 2016-06-22 22:28:15 UTC (rev 42706) +++ data/CVE/list 2016-06-22 22:30:16 UTC (rev 42707) @@ -3707,22 +3707,31 @@ RESERVED - valgrind (low) [jessie] - valgrind (Minor issue) + [wheezy] - valgrind (Minor issue) - ht (low) [jessie] - ht (Minor issue) + [wheezy] - ht (Minor issue) - binutils (low) [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) - binutils-h8300-hms (low) [jessie] - binutils-h8300-hms (Minor issue) + [wheezy] - binutils-h8300-hms (Minor issue) - gcc-h8300-hms (low) [jessie] - gcc-h8300-hms (Minor issue) + [wheezy] - gcc-h8300-hms (Minor issue) - gdb (low) [jessie] - gdb (Minor issue) + [wheezy] - gdb (Minor issue) - libiberty (low) [jessie] - libiberty (Minor issue) + [wheezy] - libiberty (Minor issue) - nescc (low) [jessie] - nescc (Minor issue) + [wheezy] - nescc (Minor issue) - sdcc (low) [jessie] - sdcc (Minor issue) + [wheezy] - sdcc (Minor issue) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492 NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision=234828 CVE-2016-4488 [Invalid write due to a use-after-free to array ktypevec] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42741 - data
Author: apo Date: 2016-06-23 13:43:35 + (Thu, 23 Jun 2016) New Revision: 42741 Modified: data/dla-needed.txt Log: Add pidgin to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-23 08:21:22 UTC (rev 42740) +++ data/dla-needed.txt 2016-06-23 13:43:35 UTC (rev 42741) @@ -62,6 +62,8 @@ NOTE: Kurt Roeckx considers CVE-2016-2177 and CVE-2016-2178 to be low NOTE: priority issues and will fix them after the next release of OpenSSL. -- +pidgin +-- php5 (Thorsten Alteholz) -- qemu ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42703 - data/CVE
Author: apo Date: 2016-06-22 20:03:27 + (Wed, 22 Jun 2016) New Revision: 42703 Modified: data/CVE/list Log: CVE-2016-4492: Mark vulnerability in Wheezy as no-dsa Modified: data/CVE/list === --- data/CVE/list 2016-06-22 19:37:58 UTC (rev 42702) +++ data/CVE/list 2016-06-22 20:03:27 UTC (rev 42703) @@ -3589,22 +3589,31 @@ RESERVED - valgrind (low) [jessie] - valgrind (Minor issue) + [wheezy] - valgrind (Minor issue) - ht (low) [jessie] - ht (Minor issue) + [wheezy] - ht (Minor issue) - binutils (low) [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) - binutils-h8300-hms (low) [jessie] - binutils-h8300-hms (Minor issue) + [wheezy] - binutils-h8300-hms (Minor issue) - gcc-h8300-hms (low) [jessie] - gcc-h8300-hms (Minor issue) + [wheezy] - gcc-h8300-hms (Minor issue) - gdb (low) [jessie] - gdb (Minor issue) + [wheezy] - gdb (Minor issue) - libiberty (low) [jessie] - libiberty (Minor issue) + [wheezy] - libiberty (Minor issue) - nescc (low) [jessie] - nescc (Minor issue) + [wheezy] - nescc (Minor issue) - sdcc (low) [jessie] - sdcc (Minor issue) + [wheezy] - sdcc (Minor issue) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926 NOTE: https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html CVE-2016-4491 [Stack overflow due to infinite recursion in d_print_comp] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42702 - data/CVE
Author: apo Date: 2016-06-22 19:37:58 + (Wed, 22 Jun 2016) New Revision: 42702 Modified: data/CVE/list Log: CVE-2016-4493: Mark vulnerability as no-dsa for Wheezy Modified: data/CVE/list === --- data/CVE/list 2016-06-22 19:03:24 UTC (rev 42701) +++ data/CVE/list 2016-06-22 19:37:58 UTC (rev 42702) @@ -3558,22 +3558,31 @@ RESERVED - valgrind (low) [jessie] - valgrind (Minor issue) + [wheezy] - valgrind (Minor issue) - ht (low) [jessie] - ht (Minor issue) + [wheezy] - ht (Minor issue) - binutils (low) [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) - binutils-h8300-hms (low) [jessie] - binutils-h8300-hms (Minor issue) + [wheezy] - binutils-h8300-hms (Minor issue) - gcc-h8300-hms (low) [jessie] - gcc-h8300-hms (Minor issue) + [wheezy] - gcc-h8300-hms (Minor issue) - gdb (low) [jessie] - gdb (Minor issue) + [wheezy] - gdb (Minor issue) - libiberty (low) [jessie] - libiberty (Minor issue) + [wheezy] - libiberty (Minor issue) - nescc (low) [jessie] - nescc (Minor issue) + [wheezy] - nescc (Minor issue) - sdcc (low) [jessie] - sdcc (Minor issue) + [wheezy] - sdcc (Minor issue) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926 NOTE: https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html CVE-2016-4492 [Write access violations] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42650 - data/CVE
Author: apo Date: 2016-06-20 12:03:40 + (Mon, 20 Jun 2016) New Revision: 42650 Modified: data/CVE/list Log: CVE-2016-4970: wheezy is not affected. Same version as in Jessie. Modified: data/CVE/list === --- data/CVE/list 2016-06-20 11:54:13 UTC (rev 42649) +++ data/CVE/list 2016-06-20 12:03:40 UTC (rev 42650) @@ -1946,6 +1946,7 @@ CVE-2016-4970 [nfinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl] RESERVED - netty 1:4.0.37-1 (bug #827620) + [wheezy] - netty (Vulnerable code not present) [jessie] - netty (Vulnerable code not present) NOTE: Versions affected: Netty 4.0.0.Final - 4.0.36.Final and 4.1.0.Final CVE-2016-4969 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42647 - data
Author: apo Date: 2016-06-20 11:29:20 + (Mon, 20 Jun 2016) New Revision: 42647 Modified: data/dla-needed.txt Log: Add clamav to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-20 04:51:03 UTC (rev 42646) +++ data/dla-needed.txt 2016-06-20 11:29:20 UTC (rev 42647) @@ -18,6 +18,10 @@ cakephp NOTE: CVE-2015-8379 No official solution is currently available, 20160425 -- +clamav + NOTE: Should be updated to the latest stable release 0.99.2 in line with the +approach for Jessie. +-- extplorer NOTE: 20160529, no fix yet NOTE: 20160618, still no fix ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42657 - data
Author: apo Date: 2016-06-20 17:42:36 + (Mon, 20 Jun 2016) New Revision: 42657 Modified: data/dla-needed.txt Log: Claim mysql-connector-java in dla-needed.txt. Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-20 17:39:07 UTC (rev 42656) +++ data/dla-needed.txt 2016-06-20 17:42:36 UTC (rev 42657) @@ -43,7 +43,7 @@ -- mat -- -mysql-connector-java +mysql-connector-java (Markus Koschany) -- nss NOTE: Not 100% this applies to wheezy yet; can't find the changeset and the diff between NSS 3.22 and 3.23 is very large. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42755 - data
Author: apo Date: 2016-06-23 17:25:42 + (Thu, 23 Jun 2016) New Revision: 42755 Modified: data/dla-needed.txt Log: Add phpmyadmin to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-23 16:59:44 UTC (rev 42754) +++ data/dla-needed.txt 2016-06-23 17:25:42 UTC (rev 42755) @@ -66,6 +66,8 @@ -- php5 (Thorsten Alteholz) -- +phpmyadmin +-- qemu -- qemu-kvm ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39000 - data
Author: apo-guest Date: 2016-01-18 17:19:22 + (Mon, 18 Jan 2016) New Revision: 39000 Modified: data/dla-needed.txt Log: Claim radicale in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-01-18 10:13:20 UTC (rev 38999) +++ data/dla-needed.txt 2016-01-18 17:19:22 UTC (rev 39000) @@ -44,7 +44,7 @@ pound NOTE: updating to the wheezy option might be less error prone -- -radicale +radicale (Markus Koschany) -- tiff -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42790 - in data: . DLA
Author: apo
Date: 2016-06-25 16:08:52 + (Sat, 25 Jun 2016)
New Revision: 42790
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-526-1 for mysql-connector-java
Modified: data/DLA/list
===
--- data/DLA/list 2016-06-25 15:26:12 UTC (rev 42789)
+++ data/DLA/list 2016-06-25 16:08:52 UTC (rev 42790)
@@ -1,3 +1,6 @@
+[25 Jun 2016] DLA-526-1 mysql-connector-java - security update
+ {CVE-2015-2575}
+ [wheezy] - mysql-connector-java 5.1.39-1~deb7u1
[25 Jun 2016] DLA-525-1 gimp - security update
{CVE-2016-4994}
[wheezy] - gimp 2.8.2-2+deb7u2
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-06-25 15:26:12 UTC (rev 42789)
+++ data/dla-needed.txt 2016-06-25 16:08:52 UTC (rev 42790)
@@ -51,8 +51,6 @@
--
mat
--
-mysql-connector-java (Markus Koschany)
---
nss (Emilio Pozuelo)
NOTE: Not 100% this applies to wheezy yet; can't find the changeset and the
diff between NSS 3.22 and 3.23 is very large.
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42806 - data/CVE
Author: apo Date: 2016-06-26 18:00:14 + (Sun, 26 Jun 2016) New Revision: 42806 Modified: data/CVE/list Log: CVE-2016-3092: Tomcat 6 is not affected Modified: data/CVE/list === --- data/CVE/list 2016-06-26 14:01:44 UTC (rev 42805) +++ data/CVE/list 2016-06-26 18:00:14 UTC (rev 42806) @@ -7636,12 +7636,12 @@ CVE-2016-3092 RESERVED - libcommons-fileupload-java 1.3.2-1 - - tomcat6 - tomcat7 7.0.70-1 - tomcat8 8.0.36-1 - tomcat9 (bug #802312) NOTE: Fixed by https://svn.apache.org/r1743480 NOTE: Upstream advisory http://markmail.org/message/oyxfv73jb2g7rjg3 + NOTE: https://mail-archives.us.apache.org/mod_mbox/www-announce/201606.mbox/%3c6223ece6-2b41-ef4f-22f9-d3481e492...@apache.org%3E CVE-2016-3091 RESERVED CVE-2016-3090 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42807 - data
Author: apo Date: 2016-06-26 18:01:41 + (Sun, 26 Jun 2016) New Revision: 42807 Modified: data/dla-needed.txt Log: Remove Tomcat 6 from dla-needed.txt. It is not affected by CVE-2016-3092 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-26 18:00:14 UTC (rev 42806) +++ data/dla-needed.txt 2016-06-26 18:01:41 UTC (rev 42807) @@ -103,8 +103,6 @@ -- tiff3 -- -tomcat6 (Markus Koschany) --- tomcat7 (Markus Koschany) -- wget (Thorsten Alteholz) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42809 - in data: . DLA
Author: apo
Date: 2016-06-26 18:05:39 + (Sun, 26 Jun 2016)
New Revision: 42809
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-529-1 for tomcat7
Modified: data/DLA/list
===
--- data/DLA/list 2016-06-26 18:03:09 UTC (rev 42808)
+++ data/DLA/list 2016-06-26 18:05:39 UTC (rev 42809)
@@ -1,3 +1,6 @@
+[26 Jun 2016] DLA-529-1 tomcat7 - security update
+ {CVE-2016-3092}
+ [wheezy] - tomcat7 7.0.28-4+deb7u5
[26 Jun 2016] DLA-528-1 libcommons-fileupload-java - security update
{CVE-2016-3092}
[wheezy] - libcommons-fileupload-java 1.2.2-1+deb7u3
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-06-26 18:03:09 UTC (rev 42808)
+++ data/dla-needed.txt 2016-06-26 18:05:39 UTC (rev 42809)
@@ -101,8 +101,6 @@
--
tiff3
--
-tomcat7 (Markus Koschany)
---
wget (Thorsten Alteholz)
--
wireshark (Balint Reczey)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42808 - in data: . DLA
Author: apo
Date: 2016-06-26 18:03:09 + (Sun, 26 Jun 2016)
New Revision: 42808
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-528-1 for libcommons-fileupload-java
Modified: data/DLA/list
===
--- data/DLA/list 2016-06-26 18:01:41 UTC (rev 42807)
+++ data/DLA/list 2016-06-26 18:03:09 UTC (rev 42808)
@@ -1,3 +1,6 @@
+[26 Jun 2016] DLA-528-1 libcommons-fileupload-java - security update
+ {CVE-2016-3092}
+ [wheezy] - libcommons-fileupload-java 1.2.2-1+deb7u3
[25 Jun 2016] DLA-527-1 nss - security update
{CVE-2016-2834}
[wheezy] - nss 2:3.14.5-1+deb7u8
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-06-26 18:01:41 UTC (rev 42807)
+++ data/dla-needed.txt 2016-06-26 18:03:09 UTC (rev 42808)
@@ -36,8 +36,6 @@
--
libarchive (Markus Koschany)
--
-libcommons-fileupload-java (Markus Koschany)
---
libgd2 (Thorsten Alteholz)
--
libjackson-json-java
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42810 - data/DLA
Author: apo
Date: 2016-06-26 19:22:55 + (Sun, 26 Jun 2016)
New Revision: 42810
Modified:
data/DLA/list
Log:
Reserve DLA-530-1 for java-common
Modified: data/DLA/list
===
--- data/DLA/list 2016-06-26 18:05:39 UTC (rev 42809)
+++ data/DLA/list 2016-06-26 19:22:55 UTC (rev 42810)
@@ -1,3 +1,5 @@
+[26 Jun 2016] DLA-530-1 java-common - security update
+ [wheezy] - java-common 0.47+deb7u2
[26 Jun 2016] DLA-529-1 tomcat7 - security update
{CVE-2016-3092}
[wheezy] - tomcat7 7.0.28-4+deb7u5
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39452 - in data: . DLA
Author: apo-guest
Date: 2016-02-04 12:10:38 + (Thu, 04 Feb 2016)
New Revision: 39452
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-410-1 for openjdk-6
Modified: data/DLA/list
===
--- data/DLA/list 2016-02-04 10:17:15 UTC (rev 39451)
+++ data/DLA/list 2016-02-04 12:10:38 UTC (rev 39452)
@@ -1,3 +1,6 @@
+[04 Feb 2016] DLA-410-1 openjdk-6 - security update
+ {CVE-2015-7575 CVE-2015-8126 CVE-2015-8472 CVE-2016-0402 CVE-2016-0448
CVE-2016-0466 CVE-2016-0483 CVE-2016-0494}
+ [squeeze] - openjdk-6 6b38-1.13.10-1~deb6u1
[31 Jan 2016] DLA-409-1 mysql-5.5 - security update
{CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598
CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616}
[squeeze] - mysql-5.5 5.5.47-0+deb6u1
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-02-04 10:17:15 UTC (rev 39451)
+++ data/dla-needed.txt 2016-02-04 12:10:38 UTC (rev 39452)
@@ -61,8 +61,6 @@
ntp
NOTE: maybe maintainer wants to upload package (as done before)
--
-openjdk-6 (Markus Koschany)
---
php5 (Thorsten Alteholz)
NOTE: next upload end of December
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39559 - data/CVE
Author: apo-guest Date: 2016-02-09 13:07:20 + (Tue, 09 Feb 2016) New Revision: 39559 Modified: data/CVE/list Log: CVE-2014-3566 is fixed in wheezy for lighttpd 1.4.31-4+deb7u3 Modified: data/CVE/list === --- data/CVE/list 2016-02-09 10:03:27 UTC (rev 39558) +++ data/CVE/list 2016-02-09 13:07:20 UTC (rev 39559) @@ -47263,7 +47263,7 @@ - erlang 1:17.3-dfsg-3 (bug #771359) [squeeze] - erlang (Minor issue) [wheezy] - erlang (Minor issue) - - lighttpd 1.4.35-4 (bug #765702) + [wheezy] - lighttpd 1.4.31-4+deb7u3 (bug #765702; medium) NOTE: https://www.openssl.org/~bodo/ssl-poodle.pdf NOTE: http://googleonlinesecurity.blogspot.fr/2014/10/this-poodle-bites-exploiting-ssl-30.html NOTE: This is only about the SSLv3 CBC padding, not about any downgrade attack or support for the fallback SCSV ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39806 - data
Author: apo-guest Date: 2016-02-22 12:54:25 + (Mon, 22 Feb 2016) New Revision: 39806 Modified: data/dla-needed.txt Log: Claim bsh in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-02-22 12:16:22 UTC (rev 39805) +++ data/dla-needed.txt 2016-02-22 12:54:25 UTC (rev 39806) @@ -9,7 +9,7 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues -- -bsh +bsh (Markus Koschany) -- cacti NOTE: Issue being disputed, check https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814353#10 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39959 - data/CVE
Author: apo-guest Date: 2016-02-26 19:59:55 + (Fri, 26 Feb 2016) New Revision: 39959 Modified: data/CVE/list Log: CVE-2015-5346 Remove fixed version for Tomcat 6 Modified: data/CVE/list === --- data/CVE/list 2016-02-26 19:39:16 UTC (rev 39958) +++ data/CVE/list 2016-02-26 19:59:55 UTC (rev 39959) @@ -16535,7 +16535,7 @@ - tomcat9 (bug #802312) - tomcat8 8.0.30-1 - tomcat7 7.0.68-1 - - tomcat6 6.0.35-1+squeeze4 + - tomcat6 [squeeze] - tomcat6 (Minor issue, very unlikely to exploit) [wheezy] - tomcat6 (Minor issue, very unlikely to exploit) [jessie] - tomcat6 (Minor issue, very unlikely to exploit) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40004 - data/CVE
Author: apo-guest Date: 2016-02-28 13:51:43 + (Sun, 28 Feb 2016) New Revision: 40004 Modified: data/CVE/list Log: Mark CVE-2015-5351 as fixed since 6.0.45-1~deb6u1 The upstream advisory makes no reference about the 6.x series but looking at the code reveals that this issue was also fixed in 6.0.45. Modified: data/CVE/list === --- data/CVE/list 2016-02-28 13:49:10 UTC (rev 40003) +++ data/CVE/list 2016-02-28 13:51:43 UTC (rev 40004) @@ -16604,11 +16604,12 @@ - tomcat9 (bug #802312) - tomcat8 8.0.32-1 - tomcat7 7.0.68-1 - - tomcat6 + - tomcat6 6.0.45-1~deb6u1 NOTE: Fixed in 7.0.68, 8.0.32, 9.0.0.M3 - NOTE: Unstable upload marks CVe-2015-5351 as fixed in tomcat6/6.0.45+dfsg-1 but - NOTE: upstream advisory does not make reference to 6.x - TODO: check 6.x series + NOTE: Upstream advisory does not make reference to 6.x but looking at the + NOTE: upstream patches reveals that this issue is fixed since 6.0.45-1~deb6u1. + NOTE: http://svn.apache.org/viewvc?view=revision=1720661 + NOTE: http://svn.apache.org/viewvc?view=revision=1720663 CVE-2015-5350 RESERVED CVE-2015-5349 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40018 - data
Author: apo-guest Date: 2016-02-28 18:26:38 + (Sun, 28 Feb 2016) New Revision: 40018 Modified: data/dla-needed.txt Log: Claim pcre3 in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-02-28 18:21:18 UTC (rev 40017) +++ data/dla-needed.txt 2016-02-28 18:26:38 UTC (rev 40018) @@ -58,7 +58,7 @@ -- xymon (Chris Lamb) -- -pcre3 +pcre3 (Markus Koschany) -- policykit-1 -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40057 - in data: . DLA
Author: apo-guest Date: 2016-02-29 11:20:18 + (Mon, 29 Feb 2016) New Revision: 40057 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-441-1 for pcre3 Modified: data/DLA/list === --- data/DLA/list 2016-02-29 09:24:27 UTC (rev 40056) +++ data/DLA/list 2016-02-29 11:20:18 UTC (rev 40057) @@ -1,3 +1,5 @@ +[29 Feb 2016] DLA-441-1 pcre3 - security update + [squeeze] - pcre3 8.02-1.1+deb6u1 [28 Feb 2016] DLA-440-1 dansguardian - security update [squeeze] - dansguardian 2.10.1.1-3+deb6u1 [28 Feb 2016] DLA-439-1 linux-2.6 - security update Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-02-29 09:24:27 UTC (rev 40056) +++ data/dla-needed.txt 2016-02-29 11:20:18 UTC (rev 40057) @@ -56,8 +56,6 @@ -- openssl -- -pcre3 (Markus Koschany) --- php5 (Thorsten Alteholz) NOTE: next upload end of December -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40059 - in data: . DLA
Author: apo-guest
Date: 2016-02-29 13:01:10 + (Mon, 29 Feb 2016)
New Revision: 40059
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-443-1 for bsh
Modified: data/DLA/list
===
--- data/DLA/list 2016-02-29 12:56:49 UTC (rev 40058)
+++ data/DLA/list 2016-02-29 13:01:10 UTC (rev 40059)
@@ -1,3 +1,6 @@
+[29 Feb 2016] DLA-443-1 bsh - security update
+ {CVE-2016-2510}
+ [squeeze] - bsh 2.0b4-12+deb6u1
[29 Feb 2016] DLA-442-1 lxc - security update
{CVE-2013-6441 CVE-2015-1335}
[squeeze] - lxc 0.7.2-1+deb6u1
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-02-29 12:56:49 UTC (rev 40058)
+++ data/dla-needed.txt 2016-02-29 13:01:10 UTC (rev 40059)
@@ -9,8 +9,6 @@
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
-bsh (Markus Koschany)
---
cacti
NOTE: Issue being disputed, check
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814353#10
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39953 - data
Author: apo-guest Date: 2016-02-26 14:25:29 + (Fri, 26 Feb 2016) New Revision: 39953 Modified: data/dla-needed.txt Log: Claim tomcat6 in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-02-26 09:51:31 UTC (rev 39952) +++ data/dla-needed.txt 2016-02-26 14:25:29 UTC (rev 39953) @@ -62,7 +62,7 @@ -- xymon (Chris Lamb) -- -tomcat6 +tomcat6 (Markus Koschany) -- pcre3 -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39992 - in data: . DLA
Author: apo-guest
Date: 2016-02-27 18:43:06 + (Sat, 27 Feb 2016)
New Revision: 39992
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-436-1 for tomcat6
Modified: data/DLA/list
===
--- data/DLA/list 2016-02-27 16:15:13 UTC (rev 39991)
+++ data/DLA/list 2016-02-27 18:43:06 UTC (rev 39992)
@@ -1,3 +1,9 @@
+[27 Feb 2016] DLA-436-1 tomcat6 - security update
+ {CVE-2015-5174 CVE-2015-5345 CVE-2015-5351 CVE-2016-0706 CVE-2016-0714
CVE-2016-0763}
+ [squeeze] - tomcat6 6.0.45-1~deb6u1
+[27 Feb 2016] DLA-435-1 tomcat6 - security update
+ {CVE-2015-5174 CVE-2015-5345 CVE-2015-5351 CVE-2016-0706 CVE-2016-0714
CVE-2016-0763}
+ [squeeze] - tomcat6 Soldat99
[27 Feb 2016] DLA-434-1 gtk+2.0 - security update
{CVE-2015-4491 CVE-2015-7673 CVE-2015-7674}
[squeeze] - gtk+2.0 2.20.1-2+deb6u2
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-02-27 16:15:13 UTC (rev 39991)
+++ data/dla-needed.txt 2016-02-27 18:43:06 UTC (rev 39992)
@@ -60,8 +60,6 @@
--
xymon (Chris Lamb)
--
-tomcat6 (Markus Koschany)
---
pcre3
--
policykit-1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39993 - data/DLA
Author: apo-guest
Date: 2016-02-27 18:45:30 + (Sat, 27 Feb 2016)
New Revision: 39993
Modified:
data/DLA/list
Log:
Reserve only DLA-435-1
Modified: data/DLA/list
===
--- data/DLA/list 2016-02-27 18:43:06 UTC (rev 39992)
+++ data/DLA/list 2016-02-27 18:45:30 UTC (rev 39993)
@@ -1,9 +1,6 @@
-[27 Feb 2016] DLA-436-1 tomcat6 - security update
- {CVE-2015-5174 CVE-2015-5345 CVE-2015-5351 CVE-2016-0706 CVE-2016-0714
CVE-2016-0763}
- [squeeze] - tomcat6 6.0.45-1~deb6u1
[27 Feb 2016] DLA-435-1 tomcat6 - security update
{CVE-2015-5174 CVE-2015-5345 CVE-2015-5351 CVE-2016-0706 CVE-2016-0714
CVE-2016-0763}
- [squeeze] - tomcat6 Soldat99
+ [squeeze] - tomcat6 6.0.45-1~deb6u1
[27 Feb 2016] DLA-434-1 gtk+2.0 - security update
{CVE-2015-4491 CVE-2015-7673 CVE-2015-7674}
[squeeze] - gtk+2.0 2.20.1-2+deb6u2
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39958 - data/CVE
Author: apo-guest Date: 2016-02-26 19:39:16 + (Fri, 26 Feb 2016) New Revision: 39958 Modified: data/CVE/list Log: Triage CVE-2015-5346. Mark as minor issue and no-dsa for Tomcat 6 Modified: data/CVE/list === --- data/CVE/list 2016-02-26 18:43:10 UTC (rev 39957) +++ data/CVE/list 2016-02-26 19:39:16 UTC (rev 39958) @@ -16535,8 +16535,15 @@ - tomcat9 (bug #802312) - tomcat8 8.0.30-1 - tomcat7 7.0.68-1 - - tomcat6 + - tomcat6 6.0.35-1+squeeze4 + [squeeze] - tomcat6 (Minor issue, very unlikely to exploit) + [wheezy] - tomcat6 (Minor issue, very unlikely to exploit) + [jessie] - tomcat6 (Minor issue, very unlikely to exploit) NOTE: Fixed in 7.0.67, 8.0.30, 9.0.0.M3 + NOTE: Not fixed for Tomcat 6. Request.java is affected. + NOTE: https://svn.apache.org/viewvc?view=revision=1713187 + NOTE: http://svn.apache.org/viewvc?view=revision=1713185 + NOTE: http://svn.apache.org/viewvc?view=revision=1723506 CVE-2015-5345 (The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before ...) - tomcat9 (bug #802312) - tomcat8 8.0.30-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39208 - in data: . DLA
Author: apo-guest
Date: 2016-01-26 19:16:01 + (Tue, 26 Jan 2016)
New Revision: 39208
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-403-1 for radicale
Modified: data/DLA/list
===
--- data/DLA/list 2016-01-26 19:14:41 UTC (rev 39207)
+++ data/DLA/list 2016-01-26 19:16:01 UTC (rev 39208)
@@ -1,3 +1,6 @@
+[26 Jan 2016] DLA-403-1 radicale - security update
+ {CVE-2015-8747 CVE-2015-8748}
+ [squeeze] - radicale 0.3-2
[26 Jan 2016] DLA-402-1 tiff - security update
{CVE-2015-8665 CVE-2015-8683}
[squeeze] - tiff 3.9.4-5+squeeze13
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-01-26 19:14:41 UTC (rev 39207)
+++ data/dla-needed.txt 2016-01-26 19:16:01 UTC (rev 39208)
@@ -56,7 +56,5 @@
php5 (Thorsten Alteholz)
NOTE: next upload end of December
--
-radicale (Markus Koschany)
---
tiff
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39210 - data/DLA
Author: apo-guest
Date: 2016-01-26 19:36:57 + (Tue, 26 Jan 2016)
New Revision: 39210
Modified:
data/DLA/list
Log:
Fix version number of DLA-403
Modified: data/DLA/list
===
--- data/DLA/list 2016-01-26 19:27:36 UTC (rev 39209)
+++ data/DLA/list 2016-01-26 19:36:57 UTC (rev 39210)
@@ -1,6 +1,6 @@
[26 Jan 2016] DLA-403-1 radicale - security update
{CVE-2015-8747 CVE-2015-8748}
- [squeeze] - radicale 0.3-2
+ [squeeze] - radicale 0.3-2+deb6u1
[26 Jan 2016] DLA-402-1 tiff - security update
{CVE-2015-8665 CVE-2015-8683}
[squeeze] - tiff 3.9.4-5+squeeze13
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39638 - data
Author: apo-guest Date: 2016-02-12 22:53:41 + (Fri, 12 Feb 2016) New Revision: 39638 Modified: data/dla-needed.txt Log: Claim wordpress in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-02-12 21:10:13 UTC (rev 39637) +++ data/dla-needed.txt 2016-02-12 22:53:41 UTC (rev 39638) @@ -51,5 +51,5 @@ -- xymon (Chris Lamb) -- -wordpress +wordpress (Markus Koschany) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39722 - in data: . DLA
Author: apo-guest
Date: 2016-02-16 16:20:37 + (Tue, 16 Feb 2016)
New Revision: 39722
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-418-1 for wordpress
Modified: data/DLA/list
===
--- data/DLA/list 2016-02-16 16:11:42 UTC (rev 39721)
+++ data/DLA/list 2016-02-16 16:20:37 UTC (rev 39722)
@@ -1,3 +1,6 @@
+[16 Feb 2016] DLA-418-1 wordpress - security update
+ {CVE-2016-2221 CVE-2016-}
+ [squeeze] - wordpress 3.6.1+dfsg-1~deb6u9
[16 Feb 2016] DLA-417-1 xdelta3 - security update
{CVE-2014-9765}
[squeeze] - xdelta3 0y.dfsg-1+deb6u1
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-02-16 16:11:42 UTC (rev 39721)
+++ data/dla-needed.txt 2016-02-16 16:20:37 UTC (rev 39722)
@@ -64,5 +64,3 @@
--
xymon (Chris Lamb)
--
-wordpress (Markus Koschany)
---
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39755 - data
Author: apo-guest Date: 2016-02-18 13:35:42 + (Thu, 18 Feb 2016) New Revision: 39755 Modified: data/dla-needed.txt Log: Claim python-imaging in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-02-18 08:16:31 UTC (rev 39754) +++ data/dla-needed.txt 2016-02-18 13:35:42 UTC (rev 39755) @@ -60,7 +60,7 @@ php5 (Thorsten Alteholz) NOTE: next upload end of December -- -python-imaging +python-imaging (Markus Koschany) -- tiff -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39795 - in data: . DLA
Author: apo-guest
Date: 2016-02-21 13:27:52 + (Sun, 21 Feb 2016)
New Revision: 39795
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-422-1 for python-imaging
Modified: data/DLA/list
===
--- data/DLA/list 2016-02-21 11:18:02 UTC (rev 39794)
+++ data/DLA/list 2016-02-21 13:27:52 UTC (rev 39795)
@@ -1,3 +1,6 @@
+[21 Feb 2016] DLA-422-1 python-imaging - security update
+ {CVE-2016-0775}
+ [squeeze] - python-imaging 1.1.7-2+deb6u2
[20 Feb 2016] DLA-421-1 openssl - security update
{CVE-2015-3197}
[squeeze] - openssl 0.9.8o-4squeeze23
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-02-21 11:18:02 UTC (rev 39794)
+++ data/dla-needed.txt 2016-02-21 13:27:52 UTC (rev 39795)
@@ -58,8 +58,6 @@
php5 (Thorsten Alteholz)
NOTE: next upload end of December
--
-python-imaging (Markus Koschany)
---
tiff
--
xymon (Chris Lamb)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39796 - data/CVE
Author: apo-guest Date: 2016-02-21 13:53:06 + (Sun, 21 Feb 2016) New Revision: 39796 Modified: data/CVE/list Log: Mark pillow, python-imaging prior version 2.7 as not-affected Modified: data/CVE/list === --- data/CVE/list 2016-02-21 13:27:52 UTC (rev 39795) +++ data/CVE/list 2016-02-21 13:53:06 UTC (rev 39796) @@ -872,10 +872,12 @@ CVE-2016- [Integer overflow in Resample.c] - pillow 3.1.1-1 - python-imaging + [jessie] - pillow + [wheezy] - python-imaging + [squeeze] - python-imaging NOTE: https://github.com/python-pillow/Pillow/commit/41fae6d9e2da741d2c5464775c7f1a609ea03798 - NOTE: For jessie the vulnerable code seems to be in libImaging/Antialias.c instead, - NOTE: due to upstream commit bc0f896a47d7b2dcd6f9fc1fff88f6a25b248f8a renaming - NOTE: Antialias and stretch to resample. + NOTE: Upstream confirmed that versions prior 2.7 are not vulnerable. + NOTE: https://github.com/python-pillow/Pillow/issues/1737 CVE-2016- [AST-2016-003: Remote crash vulnerability when receiving UDPTL FAX data] - asterisk [jessie] - asterisk (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39395 - org
Author: apo-guest Date: 2016-02-01 18:05:20 + (Mon, 01 Feb 2016) New Revision: 39395 Modified: org/lts-frontdesk.2016.txt Log: Add myself to lts frontdesk in April 2016. Modified: org/lts-frontdesk.2016.txt === --- org/lts-frontdesk.2016.txt 2016-02-01 15:58:26 UTC (rev 39394) +++ org/lts-frontdesk.2016.txt 2016-02-01 18:05:20 UTC (rev 39395) @@ -25,7 +25,7 @@ From 21-03 to 27-03:Antoine Beaupré <anar...@anarc.at> From 28-03 to 03-04:Santiago Ruano Rincón <santiag...@riseup.net> From 04-04 to 10-04: -From 11-04 to 17-04: +From 11-04 to 17-04:Markus Koschany <a...@debian.org> From 18-04 to 24-04: From 25-04 to 01-05: From 02-05 to 08-05: ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r39396 - data
Author: apo-guest Date: 2016-02-01 18:11:07 + (Mon, 01 Feb 2016) New Revision: 39396 Modified: data/dla-needed.txt Log: Claim openjdk-6 in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-02-01 18:05:20 UTC (rev 39395) +++ data/dla-needed.txt 2016-02-01 18:11:07 UTC (rev 39396) @@ -63,7 +63,7 @@ ntp NOTE: maybe maintainer wants to upload package (as done before) -- -openjdk-6 +openjdk-6 (Markus Koschany) -- openssh (Guido Günther) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40451 - data
Author: apo-guest Date: 2016-03-18 14:43:53 + (Fri, 18 Mar 2016) New Revision: 40451 Modified: data/dsa-needed.txt Log: Claim Tomcat7 in dsa-needed.txt Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-03-18 09:10:24 UTC (rev 40450) +++ data/dsa-needed.txt 2016-03-18 14:43:53 UTC (rev 40451) @@ -78,7 +78,7 @@ -- tomcat6 (Markus Koschany) -- -tomcat7 +tomcat7 (Markus Koschany) -- tomcat8 -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40508 - data
Author: apo-guest Date: 2016-03-21 22:31:30 + (Mon, 21 Mar 2016) New Revision: 40508 Modified: data/dsa-needed.txt Log: Claim imlib2 in dsa-needed.txt Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-03-21 21:10:11 UTC (rev 40507) +++ data/dsa-needed.txt 2016-03-21 22:31:30 UTC (rev 40508) @@ -35,6 +35,8 @@ no-dsa bugs CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 should be fixed along -- +imlib2 (Markus Koschany) +-- inspircd/oldstable (Thorsten Alteholz) NOTE: .debdiff sent to the Security Team, waiting for feedback -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40561 - data
Author: apo-guest Date: 2016-03-24 17:02:13 + (Thu, 24 Mar 2016) New Revision: 40561 Modified: data/dsa-needed.txt Log: dsa-needed.txt: Update status of libebml Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-03-24 16:33:35 UTC (rev 40560) +++ data/dsa-needed.txt 2016-03-24 17:02:13 UTC (rev 40561) @@ -41,6 +41,7 @@ NOTE: debdiff sent to the Security Team on 2016-03-21 -- libebml (Markus Koschany) + NOTE: debdiff sent to the Security Team on 2016-03-24 -- libidn Working debdiff for wheezy-security at ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40529 - data
Author: apo-guest Date: 2016-03-23 00:06:25 + (Wed, 23 Mar 2016) New Revision: 40529 Modified: data/dsa-needed.txt Log: Claim libebml in dsa-needed.txt Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-03-22 21:10:14 UTC (rev 40528) +++ data/dsa-needed.txt 2016-03-23 00:06:25 UTC (rev 40529) @@ -42,6 +42,8 @@ NOTE: OK Thorsten's upload (seb) NOTE: .debdiff sent to the Security Team, waiting for feedback -- +libebml (Markus Koschany) +-- libidn Working debdiff for wheezy-security at https://people.debian.org/~ghedo/libidn_1.25-2+deb7u1.diff ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40087 - data
Author: apo-guest Date: 2016-03-01 12:51:17 + (Tue, 01 Mar 2016) New Revision: 40087 Modified: data/dsa-needed.txt Log: Claim Tomcat 6 in dsa-needed.txt I sent my last e-mail to t...@security.debian.org on 2016-02-27. Waiting for a response now. Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-03-01 12:37:25 UTC (rev 40086) +++ data/dsa-needed.txt 2016-03-01 12:51:17 UTC (rev 40087) @@ -76,7 +76,7 @@ -- tiff3 -- -tomcat6 +tomcat6 (Markus Koschany) -- tomcat7 -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40634 - data
Author: apo-guest Date: 2016-03-29 18:03:48 + (Tue, 29 Mar 2016) New Revision: 40634 Modified: data/dsa-needed.txt Log: Claim srtp in dsa-needed.txt Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-03-29 16:28:13 UTC (rev 40633) +++ data/dsa-needed.txt 2016-03-29 18:03:48 UTC (rev 40634) @@ -87,6 +87,8 @@ -- squid/oldstable -- +srtp (Markus Koschany) +-- tardiff fw asked maintainer for preparing debdiffs for wheezy- and jessie-security -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40509 - data
Author: apo-guest Date: 2016-03-22 00:06:38 + (Tue, 22 Mar 2016) New Revision: 40509 Modified: data/dsa-needed.txt Log: Claim roundcube in dsa-needed.txt Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-03-21 22:31:30 UTC (rev 40508) +++ data/dsa-needed.txt 2016-03-22 00:06:38 UTC (rev 40509) @@ -74,6 +74,8 @@ redmine/stable Updates proposed by terceiro, check debdiff -- +roundcube/oldstable (Markus Koschany) +-- smarty3/oldstable NOTE: https://lists.debian.org/debian-lts/2016/03/msg0.html Version bump to package version in jessie recommended. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41220 - data
Author: apo Date: 2016-04-26 21:19:20 + (Tue, 26 Apr 2016) New Revision: 41220 Modified: data/dla-needed.txt Log: Claim OpenJDK 7 in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-04-26 21:10:13 UTC (rev 41219) +++ data/dla-needed.txt 2016-04-26 21:19:20 UTC (rev 41220) @@ -62,7 +62,7 @@ NOTE: maintainer wants to upload package (as done before) NOTE: <20160213161710.ga9...@roeckx.be> -- -openjdk-7 +openjdk-7 (Markus Koschany) -- openssl -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41202 - data
Author: apo Date: 2016-04-26 11:20:33 + (Tue, 26 Apr 2016) New Revision: 41202 Modified: data/dla-needed.txt Log: Add and claim smarty3 in dla-needed.txt. Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-04-26 10:46:52 UTC (rev 41201) +++ data/dla-needed.txt 2016-04-26 11:20:33 UTC (rev 41202) @@ -78,6 +78,8 @@ samba Samba maintainers are preparing updates for regressions -- +smarty3 (Markus Koschany) +-- squid -- tardiff ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41204 - org
Author: apo Date: 2016-04-26 11:43:47 + (Tue, 26 Apr 2016) New Revision: 41204 Modified: org/lts-frontdesk.2016.txt Log: Add myself to lts-frontdesk.2016.txt in June Modified: org/lts-frontdesk.2016.txt === --- org/lts-frontdesk.2016.txt 2016-04-26 11:43:33 UTC (rev 41203) +++ org/lts-frontdesk.2016.txt 2016-04-26 11:43:47 UTC (rev 41204) @@ -34,7 +34,7 @@ From 23-05 to 29-05:Thorsten Alteholz <alteh...@debian.org> From 30-05 to 05-06:Ben Hutchings <b...@decadent.org.uk> From 06-06 to 12-06:Chris Lamb <ch...@chris-lamb.co.uk> -From 13-06 to 19-06: +From 13-06 to 19-06:Markus Koschany <a...@debian.org> From 20-06 to 26-06:Thorsten Alteholz <alteh...@debian.org> From 27-06 to 03-07: From 04-07 to 10-07:Chris Lamb <ch...@chris-lamb.co.uk> ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41201 - data/CVE
Author: apo Date: 2016-04-26 10:46:52 + (Tue, 26 Apr 2016) New Revision: 41201 Modified: data/CVE/list Log: Add CVE-2016-2849/botan1.10 Modified: data/CVE/list === --- data/CVE/list 2016-04-26 09:58:11 UTC (rev 41200) +++ data/CVE/list 2016-04-26 10:46:52 UTC (rev 41201) @@ -3230,6 +3230,9 @@ RESERVED CVE-2016-2849 RESERVED + - botan1.10 + NOTE: http://botan.randombit.net/security.html + NOTE: FIX https://github.com/randombit/botan/commit/bcf13fa153a11b3e0ad54e2af6962441cea3adf1 CVE-2016-2848 RESERVED CVE-2016-2846 (Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41306 - in data: . DLA
Author: apo
Date: 2016-04-30 09:33:56 + (Sat, 30 Apr 2016)
New Revision: 41306
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-449-1 for botan1.10
Modified: data/DLA/list
===
--- data/DLA/list 2016-04-30 09:10:12 UTC (rev 41305)
+++ data/DLA/list 2016-04-30 09:33:56 UTC (rev 41306)
@@ -1,3 +1,6 @@
+[30 Apr 2016] DLA-449-1 botan1.10 - security update
+ {CVE-2014-9742 CVE-2015-5726 CVE-2015-5727 CVE-2015-7827 CVE-2016-2194
CVE-2016-2195 CVE-2016-2849}
+ [wheezy] - botan1.10 1.10.5-1+deb7u1
[29 Apr 2016] DLA-448-1 subversion - security update
{CVE-2016-2167 CVE-2016-2168}
[wheezy] - subversion 1.6.17dfsg-4+deb7u11
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-30 09:10:12 UTC (rev 41305)
+++ data/dla-needed.txt 2016-04-30 09:33:56 UTC (rev 41306)
@@ -11,8 +11,6 @@
--
asterisk (Thorsten Alteholz)
--
-botan1.10 (Markus Koschany)
---
cacti
NOTE: CVE-2016-3659 doesn't have a fix yet, 20160425
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41317 - in data: . DLA
Author: apo
Date: 2016-04-30 17:40:59 + (Sat, 30 Apr 2016)
New Revision: 41317
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-450-1 for gdk-pixbuf
Modified: data/DLA/list
===
--- data/DLA/list 2016-04-30 17:39:11 UTC (rev 41316)
+++ data/DLA/list 2016-04-30 17:40:59 UTC (rev 41317)
@@ -1,3 +1,6 @@
+[30 Apr 2016] DLA-450-1 gdk-pixbuf - security update
+ {CVE-2015-7552 CVE-2015-7674}
+ [wheezy] - gdk-pixbuf 2.26.1-1+deb7u4
[30 Apr 2016] DLA-449-1 botan1.10 - security update
{CVE-2014-9742 CVE-2015-5726 CVE-2015-5727 CVE-2015-7827 CVE-2016-2194
CVE-2016-2195 CVE-2016-2849}
[wheezy] - botan1.10 1.10.5-1+deb7u1
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-04-30 17:39:11 UTC (rev 41316)
+++ data/dla-needed.txt 2016-04-30 17:40:59 UTC (rev 41317)
@@ -19,8 +19,6 @@
--
extplorer (Thorsten Alteholz)
--
-gdk-pixbuf (Markus Koschany)
---
gosa (Mike Gabriel)
NOTE: .debdiff sent to the Security Team, waiting for feedback
NOTE: asked about jessie status (seb)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41259 - data
Author: apo Date: 2016-04-28 17:00:29 + (Thu, 28 Apr 2016) New Revision: 41259 Modified: data/dla-needed.txt Log: Add gdk-pixbuf to dla-needed.txt and claim it. Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-04-28 16:04:31 UTC (rev 41258) +++ data/dla-needed.txt 2016-04-28 17:00:29 UTC (rev 41259) @@ -21,6 +21,8 @@ -- extplorer (Thorsten Alteholz) -- +gdk-pixbuf (Markus Koschany) +-- gosa (Mike Gabriel) NOTE: .debdiff sent to the Security Team, waiting for feedback NOTE: asked about jessie status (seb) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41929 - data/CVE
Author: apo Date: 2016-05-21 16:32:55 + (Sat, 21 May 2016) New Revision: 41929 Modified: data/CVE/list Log: CVE-2016-2317: Add more links to patches. Modified: data/CVE/list === --- data/CVE/list 2016-05-21 14:22:04 UTC (rev 41928) +++ data/CVE/list 2016-05-21 16:32:55 UTC (rev 41929) @@ -7363,6 +7363,8 @@ RESERVED - graphicsmagick (bug #814732) NOTE: FIX http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/98394eb235a6 + NOTE: FIX http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/52b59d2ef4a1 + NOTE: FIX http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ed8318ba6a TODO: check other versions (newest 1.3.23 is vulnerable according to reporter) CVE-2016-2311 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41931 - in data: . DLA
Author: apo
Date: 2016-05-21 18:08:56 + (Sat, 21 May 2016)
New Revision: 41931
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-484-1 for graphicsmagick
Modified: data/DLA/list
===
--- data/DLA/list 2016-05-21 16:35:00 UTC (rev 41930)
+++ data/DLA/list 2016-05-21 18:08:56 UTC (rev 41931)
@@ -1,3 +1,6 @@
+[21 May 2016] DLA-484-1 graphicsmagick - security update
+ {CVE-2015-8808 CVE-2016-2317 CVE-2016-2318 CVE-2016-3714 CVE-2016-3715
CVE-2016-3716 CVE-2016-3717 CVE-2016-3718}
+ [wheezy] - graphicsmagick 1.3.16-1.1+deb7u1
[19 May 2016] DLA-483-1 expat - security update
{CVE-2016-0718}
[wheezy] - expat 2.1.0-1+deb7u3
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-21 16:35:00 UTC (rev 41930)
+++ data/dla-needed.txt 2016-05-21 18:08:56 UTC (rev 41931)
@@ -31,8 +31,6 @@
NOTE: .debdiff sent to the Security Team, waiting for feedback
NOTE: asked about jessie status (seb)
--
-graphicsmagick (Markus Koschany)
---
icu (Roberto C. Sánchez)
NOTE: check comments on CVE-2016-0494 as well
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41930 - data/CVE
Author: apo Date: 2016-05-21 16:35:00 + (Sat, 21 May 2016) New Revision: 41930 Modified: data/CVE/list Log: CVE-2016-2318: Add link to patch Modified: data/CVE/list === --- data/CVE/list 2016-05-21 16:32:55 UTC (rev 41929) +++ data/CVE/list 2016-05-21 16:35:00 UTC (rev 41930) @@ -7358,6 +7358,7 @@ CVE-2016-2318 RESERVED - graphicsmagick (bug #814732) + NOTE: FIX http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/e797bb0aec31 TODO: check other versions (newest 1.3.23 is vulnerable according to reporter) CVE-2016-2317 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41918 - data/CVE
Author: apo Date: 2016-05-20 21:03:37 + (Fri, 20 May 2016) New Revision: 41918 Modified: data/CVE/list Log: Add FIX for CVE-2016-2317 Modified: data/CVE/list === --- data/CVE/list 2016-05-20 20:31:52 UTC (rev 41917) +++ data/CVE/list 2016-05-20 21:03:37 UTC (rev 41918) @@ -7357,6 +7357,7 @@ CVE-2016-2317 RESERVED - graphicsmagick (bug #814732) + NOTE: FIX http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/98394eb235a6 TODO: check other versions (newest 1.3.23 is vulnerable according to reporter) CVE-2016-2311 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41895 - in data: . DLA
Author: apo
Date: 2016-05-19 19:33:39 + (Thu, 19 May 2016)
New Revision: 41895
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-483-1 for expat
Modified: data/DLA/list
===
--- data/DLA/list 2016-05-19 19:07:18 UTC (rev 41894)
+++ data/DLA/list 2016-05-19 19:33:39 UTC (rev 41895)
@@ -1,3 +1,6 @@
+[19 May 2016] DLA-483-1 expat - security update
+ {CVE-2016-0718}
+ [wheezy] - expat 2.1.0-1+deb7u3
[19 May 2016] DLA-482-1 libgd2 - security update
{CVE-2015-8874}
[wheezy] - libgd2 2.0.36~rc1~dfsg-6.1+deb7u3
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-19 19:07:18 UTC (rev 41894)
+++ data/dla-needed.txt 2016-05-19 19:33:39 UTC (rev 41895)
@@ -24,8 +24,6 @@
--
eglibc (Santiago R.R.)
--
-expat (Markus Koschany)
---
extplorer (Thorsten Alteholz)
NOTE: package for testing uploaded
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41896 - in data: . CVE
Author: apo Date: 2016-05-19 19:37:39 + (Thu, 19 May 2016) New Revision: 41896 Modified: data/CVE/list data/dla-needed.txt Log: Mark sogo as unsupported in Wheezy LTS. Modified: data/CVE/list === --- data/CVE/list 2016-05-19 19:33:39 UTC (rev 41895) +++ data/CVE/list 2016-05-19 19:37:39 UTC (rev 41896) @@ -23683,6 +23683,8 @@ CVE-2015-5395 [CSRF] RESERVED - sogo (bug #796197) + [wheezy] - sogo (not supported in Wheezy LTS) + NOTE: https://lists.debian.org/debian-lts/2016/05/msg00197.html NOTE: http://www.openwall.com/lists/oss-security/2015/07/07/10 NOTE: http://www.sogo.nu/bugs/view.php?id=3246 NOTE: https://github.com/inverse-inc/sogo/commit/582baf2960969c73f98643e46cfb49432c30b711 (SOGo-3.1.0) Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-19 19:33:39 UTC (rev 41895) +++ data/dla-needed.txt 2016-05-19 19:37:39 UTC (rev 41896) @@ -104,9 +104,6 @@ samba NOTE: regression update required for #821811, patches available -- -sogo - NOTE: Solved in 3.1.0 according to upstream. Sid has 2.2.17 so far. --- squid -- tardiff ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41679 - in data: . DLA
Author: apo
Date: 2016-05-12 16:00:55 + (Thu, 12 May 2016)
New Revision: 41679
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-468-1 for libuser
Modified: data/DLA/list
===
--- data/DLA/list 2016-05-12 16:00:16 UTC (rev 41678)
+++ data/DLA/list 2016-05-12 16:00:55 UTC (rev 41679)
@@ -1,3 +1,6 @@
+[12 May 2016] DLA-468-1 libuser - security update
+ {CVE-2015-3245 CVE-2015-3246}
+ [wheezy] - libuser 1:0.56.9.dfsg.1-1.2+deb7u1
[12 May 2016] DLA-467-1 xerces-c - security update
{CVE-2016-2099}
[wheezy] - xerces-c 3.1.1-3+deb7u3
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-12 16:00:16 UTC (rev 41678)
+++ data/dla-needed.txt 2016-05-12 16:00:55 UTC (rev 41679)
@@ -59,9 +59,6 @@
--
libtasn1-3 (Thorsten Alteholz)
--
-libuser (Markus Koschany)
- NOTE: More information and fixing commit in https://bugs.debian.org/793465
---
libxml2
NOTE: 20160226, no fix available yet
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41816 - data/CVE
Author: apo
Date: 2016-05-17 19:36:58 + (Tue, 17 May 2016)
New Revision: 41816
Modified:
data/CVE/list
Log:
Mark xymon CVE-2016-2057 as not-affected
Modified: data/CVE/list
===
--- data/CVE/list 2016-05-17 19:21:36 UTC (rev 41815)
+++ data/CVE/list 2016-05-17 19:36:58 UTC (rev 41816)
@@ -8047,6 +8047,7 @@
CVE-2016-2057 (lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25
use ...)
{DSA-3495-1}
- xymon 4.3.25-1
+ [wheezy] - xymon (vulnerable code not present)
NOTE: http://lists.xymon.com/pipermail/xymon/2016-February/042986.html
CVE-2016-2056 (xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow
remote ...)
{DSA-3495-1}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
