Author: carnil
Date: 2017-09-01 05:33:14 + (Fri, 01 Sep 2017)
New Revision: 55358
Modified:
data/CVE/list
Log:
Add bug reference for CVE-2017-14064
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-01 05:32:27 UTC
Author: carnil
Date: 2017-09-01 05:32:27 + (Fri, 01 Sep 2017)
New Revision: 55357
Modified:
data/CVE/list
Log:
Track ffmpeg issues
Note for reviewers: just started to track the upstream commit and source
package association. No further investigation done.
Modified: data/CVE/list
Author: carnil
Date: 2017-09-01 05:24:55 + (Fri, 01 Sep 2017)
New Revision: 55356
Modified:
data/CVE/list
Log:
Add new ruby issue
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-01 05:13:25 UTC (rev 55355)
+++
Author: carnil
Date: 2017-09-01 05:13:25 + (Fri, 01 Sep 2017)
New Revision: 55355
Modified:
data/CVE/list
Log:
Add bug reference for CVE-2017-14061/libidn2-0
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-01
Author: carnil
Date: 2017-09-01 05:12:35 + (Fri, 01 Sep 2017)
New Revision: 55354
Modified:
data/CVE/list
Log:
Add CVE-2017-14060/imagemagick
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-01 05:12:25 UTC (rev
Author: carnil
Date: 2017-09-01 05:12:25 + (Fri, 01 Sep 2017)
New Revision: 55353
Modified:
data/CVE/list
Log:
Add bug reference for CVE-2017-14062/libidn
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-01
Author: carnil
Date: 2017-09-01 05:04:10 + (Fri, 01 Sep 2017)
New Revision: 55352
Modified:
data/CVE/list
Log:
Add bug for CVE-2017-14062
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-01 05:01:16 UTC (rev 55351)
Author: carnil
Date: 2017-09-01 05:01:16 + (Fri, 01 Sep 2017)
New Revision: 55351
Modified:
data/CVE/list
Log:
Add CVE-2017-14061/libidn*
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-01 04:55:57 UTC (rev 55350)
Author: carnil
Date: 2017-09-01 04:55:47 + (Fri, 01 Sep 2017)
New Revision: 55349
Modified:
data/CVE/list
Log:
Add CVE-2017-14062/libidn2-0
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-01 04:35:53 UTC (rev
Author: carnil
Date: 2017-09-01 04:55:57 + (Fri, 01 Sep 2017)
New Revision: 55350
Modified:
data/CVE/list
Log:
Same function in libidn for CVE-2017-14062
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-01 04:55:47
Author: carnil
Date: 2017-09-01 04:35:53 + (Fri, 01 Sep 2017)
New Revision: 55348
Modified:
data/CVE/list
Log:
CVE-2016-10351/telegram-destop fix recorded for unstable upload
Modified: data/CVE/list
===
--- data/CVE/list
Author: carnil
Date: 2017-09-01 04:30:16 + (Fri, 01 Sep 2017)
New Revision: 55347
Modified:
data/CVE/list
Log:
Process NFUs
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-01 04:11:42 UTC (rev 55346)
+++
Author: carnil
Date: 2017-09-01 04:11:42 + (Fri, 01 Sep 2017)
New Revision: 55346
Modified:
data/CVE/list
Log:
Rercord #873885 as secondary bug for openexr (cloded from #864078)
Modified: data/CVE/list
===
--- data/CVE/list
Author: apo
Date: 2017-08-31 23:06:20 + (Thu, 31 Aug 2017)
New Revision: 55345
Modified:
data/dla-needed.txt
Log:
Update status of sox in dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-08-31
Author: gcs
Date: 2017-08-31 22:29:44 + (Thu, 31 Aug 2017)
New Revision: 55343
Modified:
data/CVE/list
Log:
Add CVE-2017-1372{6,7}/tiff fixed versions in unstable
Modified: data/CVE/list
===
--- data/CVE/list
Author: jmm
Date: 2017-08-31 22:00:31 + (Thu, 31 Aug 2017)
New Revision: 55342
Modified:
data/CVE/list
Log:
mpg123 no-dsa
qpdf no-dsa
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31 21:16:53 UTC (rev 55341)
Author: apo
Date: 2017-08-31 21:16:53 + (Thu, 31 Aug 2017)
New Revision: 55341
Modified:
data/dla-needed.txt
Log:
Readd openexr to dla-needed.txt because of one outstanding issue.
Modified: data/dla-needed.txt
===
---
Author: apo
Date: 2017-08-31 21:14:58 + (Thu, 31 Aug 2017)
New Revision: 55340
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-1083-1 for openexr
Modified: data/DLA/list
===
--- data/DLA/list 2017-08-31
Author: sectracker
Date: 2017-08-31 21:10:14 + (Thu, 31 Aug 2017)
New Revision: 55339
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31 20:34:31 UTC (rev 55338)
+++
Author: carnil
Date: 2017-08-31 20:34:31 + (Thu, 31 Aug 2017)
New Revision: 55338
Modified:
data/CVE/list
Log:
Add bug reference for CVE-2017-13726, mark as no-dsa for stretch and jessie
Modified: data/CVE/list
===
---
Author: carnil
Date: 2017-08-31 20:24:42 + (Thu, 31 Aug 2017)
New Revision: 55337
Modified:
data/CVE/list
Log:
Add CVE-2017-13727 bug, mark as no-dsa for stretch and jessie
Modified: data/CVE/list
===
--- data/CVE/list
Author: alteholz
Date: 2017-08-31 20:19:33 + (Thu, 31 Aug 2017)
New Revision: 55336
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-1082-1 for graphicsmagick
Modified: data/DLA/list
===
--- data/DLA/list
Author: carnil
Date: 2017-08-31 20:06:26 + (Thu, 31 Aug 2017)
New Revision: 55335
Modified:
data/CVE/list
Log:
Reference commits for CVE-2017-1372{6,7}/tiff
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31
Author: carnil
Date: 2017-08-31 20:00:11 + (Thu, 31 Aug 2017)
New Revision: 55334
Modified:
data/next-oldstable-point-update.txt
Log:
Add flightgear update as proposed via jessie-pu
Modified: data/next-oldstable-point-update.txt
Author: carnil
Date: 2017-08-31 19:45:35 + (Thu, 31 Aug 2017)
New Revision: 55333
Modified:
data/CVE/list
Log:
Add bug for CVE-2017-13711, mark no-dsa for stretch
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31
Author: carnil
Date: 2017-08-31 19:44:27 + (Thu, 31 Aug 2017)
New Revision: 55332
Modified:
data/CVE/list
Log:
ncurses issues, #873723, fixed in unstable
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31 19:42:04
Author: carnil
Date: 2017-08-31 19:42:04 + (Thu, 31 Aug 2017)
New Revision: 55331
Modified:
data/CVE/list
Log:
Update status for CVE-2017-13711
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31 19:17:23 UTC (rev
Author: carnil
Date: 2017-08-31 19:17:23 + (Thu, 31 Aug 2017)
New Revision: 55330
Modified:
data/CVE/list
Log:
Correct assigned CVE id
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31 19:11:13 UTC (rev 55329)
Author: carnil
Date: 2017-08-31 19:11:13 + (Thu, 31 Aug 2017)
New Revision: 55329
Modified:
data/CVE/list
Log:
Add CVE-2017-10463/async-http-client
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31 19:05:17 UTC
Author: carnil
Date: 2017-08-31 19:05:17 + (Thu, 31 Aug 2017)
New Revision: 55328
Modified:
data/CVE/list
Log:
Add bug reference for CVE-2017-12875/imagemagick
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31
Author: carnil
Date: 2017-08-31 19:04:34 + (Thu, 31 Aug 2017)
New Revision: 55327
Modified:
data/CVE/list
Log:
Four CVEs fixed for wireshark in unstable
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31 17:27:13
Author: carnil
Date: 2017-08-31 17:27:13 + (Thu, 31 Aug 2017)
New Revision: 55326
Modified:
data/CVE/list
Log:
Reported bugs for two qemu issues
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31 17:13:27 UTC (rev
Author: carnil
Date: 2017-08-31 17:13:27 + (Thu, 31 Aug 2017)
New Revision: 55325
Modified:
data/CVE/list
Log:
Workaround dcl issues due to source package name takeover
Modified: data/CVE/list
===
--- data/CVE/list
Author: hertzog
Date: 2017-08-31 17:05:03 + (Thu, 31 Aug 2017)
New Revision: 55324
Modified:
data/CVE/list
Log:
Add some preliminary results of my tests on exiv2
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31
Author: anarcat
Date: 2017-08-31 15:59:41 + (Thu, 31 Aug 2017)
New Revision: 55323
Modified:
data/CVE/list
Log:
CVE-2017-0902 N/A in wheezy
this concerns SRV lookup code that was introduce later (present in 2.1
and above)
Modified: data/CVE/list
Author: anarcat
Date: 2017-08-31 15:55:50 + (Thu, 31 Aug 2017)
New Revision: 55322
Modified:
data/CVE/list
Log:
clarify descriptions of ruby vulnerabilities
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31
Author: hertzog
Date: 2017-08-31 15:37:07 + (Thu, 31 Aug 2017)
New Revision: 55321
Modified:
data/CVE/list
Log:
Reported all exiv2 issues to upstream
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31 15:36:57 UTC
Author: hertzog
Date: 2017-08-31 15:36:57 + (Thu, 31 Aug 2017)
New Revision: 55320
Modified:
data/dla-needed.txt
Log:
Take exiv2
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-08-31 14:16:53 UTC (rev 55319)
Author: anarcat
Date: 2017-08-31 14:16:53 + (Thu, 31 Aug 2017)
New Revision: 55319
Modified:
data/dla-needed.txt
Log:
claim ruby(gems) LTS
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-08-31 14:06:42 UTC
55317)
+++ data/dla-needed.txt 2017-08-31 14:06:42 UTC (rev 55318)
@@ -135,6 +135,7 @@
NOTE: no upstream fixed yet, therefore maintainers not yet contacted
--
qemu (Guido Günther)
+ NOTE: 20170831: at first glance nothing critical, can wait for further issues
--
qemu-kvm (Guido Günther
Author: agx
Date: 2017-08-31 14:04:38 + (Thu, 31 Aug 2017)
New Revision: 55317
Modified:
data/CVE/list
Log:
lts: triage CVE-2017-12809
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31 14:00:27 UTC (rev 55316)
Author: anarcat
Date: 2017-08-31 14:00:27 + (Thu, 31 Aug 2017)
New Revision: 55316
Modified:
data/CVE/list
data/dla-needed.txt
Log:
CVE-2017-7506 not present in wheezy
I have audited the code and the vulnerability is specifically bound to
the reds_on_main_agent_monitors_config
Author: agx
Date: 2017-08-31 13:48:46 + (Thu, 31 Aug 2017)
New Revision: 55315
Modified:
data/CVE/list
Log:
lts: qemu not affected by CVE-2017-13711
The leak fixed in ea64d5f08817b5e79e17135dce516c7583107f91 is still
present but that's less troublesome than the use after free. And
there
Author: anarcat
Date: 2017-08-31 13:42:53 + (Thu, 31 Aug 2017)
New Revision: 55314
Modified:
data/dla-needed.txt
Log:
trying my luck with spice, make or break.
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt
Author: hertzog
Date: 2017-08-31 12:54:13 + (Thu, 31 Aug 2017)
New Revision: 55313
Modified:
data/dla-needed.txt
Log:
Fix typo
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-08-31 12:15:47 UTC (rev 55312)
+++
UTC (rev 55311)
+++ data/dla-needed.txt 2017-08-31 12:15:47 UTC (rev 55312)
@@ -80,9 +80,11 @@
NOTE: 20170813: still no patch available yet
--
lame (Hugo Lefeuvre)
- NOTE: 20170824: no patch yet, CVE-2017-{69-72} not reproducible.
+ NOTE: 20170831: no patch yet, CVE-2017-{69-72
Author: carnil
Date: 2017-08-31 11:26:59 + (Thu, 31 Aug 2017)
New Revision: 55311
Modified:
data/DLA/list
Log:
Fix imagemagick version (missing epoch)
Modified: data/DLA/list
===
--- data/DLA/list 2017-08-31 11:25:26
Author: agx
Date: 2017-08-31 11:25:26 + (Thu, 31 Aug 2017)
New Revision: 55310
Modified:
data/dla-needed.txt
Log:
lts: grab thunderbird and qemu
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-08-31 11:09:49
Author: agx
Date: 2017-08-31 11:09:49 + (Thu, 31 Aug 2017)
New Revision: 55309
Modified:
data/CVE/list
data/dla-needed.txt
Log:
File bugs for tcpdump
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31 11:09:39
Author: agx
Date: 2017-08-31 11:09:39 + (Thu, 31 Aug 2017)
New Revision: 55308
Modified:
data/dla-needed.txt
Log:
lts: don't block on wireshark
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-08-31 10:46:43 UTC
Author: roberto
Date: 2017-08-31 10:46:43 + (Thu, 31 Aug 2017)
New Revision: 55307
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-1081-1 for imagemagick
Modified: data/DLA/list
===
--- data/DLA/list
Author: alteholz
Date: 2017-08-31 10:42:59 + (Thu, 31 Aug 2017)
New Revision: 55306
Modified:
data/CVE/list
Log:
mark CVE-2017-13775 as in Wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31 10:32:30 UTC
Author: pochu
Date: 2017-08-31 10:32:30 + (Thu, 31 Aug 2017)
New Revision: 55305
Modified:
data/dla-needed.txt
Log:
dla: claim libgd2
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-08-31 10:31:34 UTC (rev
Author: hertzog
Date: 2017-08-31 10:31:22 + (Thu, 31 Aug 2017)
New Revision: 55303
Modified:
data/dla-needed.txt
Log:
Add ruby1.9.1 and rubygems to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt
Author: hertzog
Date: 2017-08-31 10:31:34 + (Thu, 31 Aug 2017)
New Revision: 55304
Modified:
data/CVE/list
Log:
Add bug number for ruby2.3 CVE
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31 10:31:22 UTC (rev
Author: pochu
Date: 2017-08-31 10:20:55 + (Thu, 31 Aug 2017)
New Revision: 55302
Modified:
data/dla-needed.txt
Log:
dla: claim gdk-pixbuf
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-08-31 09:58:38 UTC (rev
Author: hertzog
Date: 2017-08-31 09:58:38 + (Thu, 31 Aug 2017)
New Revision: 55301
Modified:
data/CVE/list
Log:
Mark CVE-2015-5209 as not affecting wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31
Author: hertzog
Date: 2017-08-31 09:44:34 + (Thu, 31 Aug 2017)
New Revision: 55300
Modified:
data/CVE/list
Log:
Mark CVE-2017-12595 as ignored in wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31 09:31:22
Author: hertzog
Date: 2017-08-31 09:31:22 + (Thu, 31 Aug 2017)
New Revision: 55299
Modified:
data/dla-needed.txt
Log:
Add libgd2 to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-08-31 09:20:32
Author: hertzog
Date: 2017-08-31 09:20:32 + (Thu, 31 Aug 2017)
New Revision: 55298
Modified:
data/dla-needed.txt
Log:
Add gdk-pixbuf to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-08-31
Author: carnil
Date: 2017-08-31 09:18:08 + (Thu, 31 Aug 2017)
New Revision: 55297
Modified:
data/CVE/list
Log:
Process NFUs
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31 09:17:42 UTC (rev 55296)
+++
Author: hertzog
Date: 2017-08-31 09:17:42 + (Thu, 31 Aug 2017)
New Revision: 55296
Modified:
bin/lts-cve-triage.py
Log:
Print source package URL as well and try to align URLs
Modified: bin/lts-cve-triage.py
===
---
Author: carnil
Date: 2017-08-31 09:15:20 + (Thu, 31 Aug 2017)
New Revision: 55295
Modified:
data/CVE/list
Log:
Process some NFUs
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31 09:13:18 UTC (rev 55294)
+++
Author: carnil
Date: 2017-08-31 09:13:18 + (Thu, 31 Aug 2017)
New Revision: 55294
Modified:
data/CVE/list
Log:
CVE-2017-14042/graphicsmagick assigned
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31 09:10:16 UTC
Author: sectracker
Date: 2017-08-31 09:10:16 + (Thu, 31 Aug 2017)
New Revision: 55293
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31 08:41:37 UTC (rev 55292)
+++
Author: agx
Date: 2017-08-31 08:41:37 + (Thu, 31 Aug 2017)
New Revision: 55292
Modified:
data/DLA/list
data/dla-needed.txt
Log:
lts: grab DLA-1080-1 for gnupg
Modified: data/DLA/list
===
--- data/DLA/list 2017-08-31
Author: hertzog
Date: 2017-08-31 08:30:02 + (Thu, 31 Aug 2017)
New Revision: 55291
Modified:
data/CVE/list
Log:
Mark CVE-2017-13757 as ignored on wheezy too
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31
Author: carnil
Date: 2017-08-31 07:10:56 + (Thu, 31 Aug 2017)
New Revision: 55290
Modified:
data/CVE/list
Log:
Update openjpeg2 entries: add upstream issue and CVE assigned
Modified: data/CVE/list
===
--- data/CVE/list
Author: jmm
Date: 2017-08-31 07:08:54 + (Thu, 31 Aug 2017)
New Revision: 55289
Modified:
data/CVE/list
Log:
pyjwt n/a in jessie
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31 06:34:24 UTC (rev 55288)
+++
Author: carnil
Date: 2017-08-31 06:34:24 + (Thu, 31 Aug 2017)
New Revision: 55288
Modified:
data/CVE/list
Log:
Add CVE-2017-14051/linux
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31 06:29:30 UTC (rev 55287)
Author: carnil
Date: 2017-08-31 06:29:30 + (Thu, 31 Aug 2017)
New Revision: 55287
Modified:
data/CVE/list
Log:
Add CVE-2017-12149 from external check
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31 06:24:14 UTC
Author: carnil
Date: 2017-08-31 06:24:14 + (Thu, 31 Aug 2017)
New Revision: 55286
Modified:
data/CVE/list
Log:
Add fixing version for CVE-2017-13709/flightgear
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31
72 matches
Mail list logo
