Raphaël Hertzog pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ebdf4656 by Raphaël Hertzog at 2018-02-15T12:16:05+01:00
Put gcc-4.6/gcc-4.7 update for retpoline support in our radar
- - - - -
1 changed file:
- data/dla-needed.txt
Changes
Raphaël Hertzog pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c5e428fb by Raphaël Hertzog at 2018-01-25T11:09:10+01:00
Drop Guido from frontdesk when hes not available
- - - - -
1 changed file:
- org/lts-frontdesk.2018.txt
Changes
Author: hertzog
Date: 2017-12-23 08:31:21 + (Sat, 23 Dec 2017)
New Revision: 58859
Modified:
data/CVE/list
Log:
Ignore open-iscsi CVE on wheezy too
Modified: data/CVE/list
===
--- data/CVE/list 2017-12-23 08:10:29 UTC
Author: hertzog
Date: 2017-12-22 12:02:23 + (Fri, 22 Dec 2017)
New Revision: 58840
Modified:
data/CVE/list
Log:
All nasm issues are fixed in the last upstream release
The 2.14rc0 release tested by the researcher is a tag roughly matching
the state of 2.13, lacking fixes made later in the
Author: hertzog
Date: 2017-12-22 11:06:00 + (Fri, 22 Dec 2017)
New Revision: 58838
Modified:
data/dla-needed.txt
Log:
Add enigmail to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-12-22
Author: hertzog
Date: 2017-12-21 12:47:32 + (Thu, 21 Dec 2017)
New Revision: 58792
Modified:
data/packages/lts-do-not-call
Log:
Add ruby1.8 and ruby1.9.1 to lts-do-not-call
As requested by Antonio in
https://lists.debian.org/debian-lts/2017/12/msg00090.html
Modified:
with sourceforge's
- NOTE: integrated messaging feature. -- Raphaël Hertzog
--
python2.6
NOTE: webbrowser.py as binary is hard to exploit, but when using it as an
import then it may be possible to trigger something. Should be fixed to be on
the safe side even though it is not an urgent problem
Author: hertzog
Date: 2017-12-21 10:02:34 + (Thu, 21 Dec 2017)
New Revision: 58773
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Drop global from dla-needed.txt, issue is unimportant
Still filed a bug because the underlying code should really be improved
even if it's generally not
Author: hertzog
Date: 2017-12-21 08:42:06 + (Thu, 21 Dec 2017)
New Revision: 58765
Modified:
data/dla-needed.txt
Log:
Drop jasperreports from dla-needed.txt
Issues are marked undetermined and upstream seems unwilling to help us.
Instead we will mark the package as unsupported (filed as
Author: hertzog
Date: 2017-12-21 07:46:05 + (Thu, 21 Dec 2017)
New Revision: 58758
Modified:
data/dla-needed.txt
Log:
Last CVE against tkabber was wrong
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-12-21
. -- Raphaël Hertzog
--
-suricata
- NOTE: 2017-10-27: At a quick glance, I can't see that this is vulnerable.
--lamby
---
swftools (Guido Günther)
NOTE: 20171118: At least CVE-2017-16797 is present. (lamby)
NOTE: 20171210: likely to be turned into a pkg with limited sec support
Author: hertzog
Date: 2017-12-20 09:35:56 + (Wed, 20 Dec 2017)
New Revision: 58719
Modified:
data/CVE/list
Log:
Add bug numbers for two gimp CVE
Modified: data/CVE/list
===
--- data/CVE/list 2017-12-20 09:28:35 UTC (rev
Author: hertzog
Date: 2017-12-20 09:17:12 + (Wed, 20 Dec 2017)
New Revision: 58717
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Add gimp to dla-needed.txt
Modified: data/CVE/list
===
--- data/CVE/list 2017-12-20
Author: hertzog
Date: 2017-12-12 10:18:26 + (Tue, 12 Dec 2017)
New Revision: 58486
Modified:
data/dla-needed.txt
Log:
Add comment about wireshark in dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt
Author: hertzog
Date: 2017-11-30 17:10:55 + (Thu, 30 Nov 2017)
New Revision: 58147
Modified:
data/CVE/list
Log:
Add patches for simplesamlphp issues
Modified: data/CVE/list
===
--- data/CVE/list 2017-11-30 15:53:22 UTC
12:54:23 UTC (rev 58141)
+++ data/dla-needed.txt 2017-11-30 13:35:58 UTC (rev 58142)
@@ -85,7 +85,7 @@
rtpproxy
NOTE: it's not clear to me if a fix is even possible. -- Raphaël Hertzog
--
-simplesamlphp
+simplesamlphp (Raphaël Hertzog)
NOTE: 2017-09-04: Maintainer will handle this.
NOTE
Author: hertzog
Date: 2017-11-25 14:05:05 + (Sat, 25 Nov 2017)
New Revision: 58021
Modified:
data/dla-needed.txt
Log:
Add optipng to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-11-25 14:05:00
Author: hertzog
Date: 2017-11-25 14:05:00 + (Sat, 25 Nov 2017)
New Revision: 58020
Modified:
data/CVE/list
Log:
Mark CVE-2017-16879 as ignored on wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2017-11-25 14:03:18
Author: hertzog
Date: 2017-11-23 14:15:16 + (Thu, 23 Nov 2017)
New Revision: 57958
Modified:
data/CVE/list
Log:
Mark wheezy as not affected by CVE-2017-16834
Modified: data/CVE/list
===
--- data/CVE/list 2017-11-23
Author: hertzog
Date: 2017-11-23 14:03:24 + (Thu, 23 Nov 2017)
New Revision: 57957
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Add couchdb to dla-needed.txt
Modified: data/CVE/list
===
--- data/CVE/list
Author: hertzog
Date: 2017-11-23 11:50:22 + (Thu, 23 Nov 2017)
New Revision: 57954
Modified:
data/dla-needed.txt
Log:
Add xrdp to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-11-23 11:50:19
Author: hertzog
Date: 2017-11-23 11:50:19 + (Thu, 23 Nov 2017)
New Revision: 57953
Modified:
data/CVE/list
Log:
CVE-2017-15288: Indicate which pull request apply to each version
Modified: data/CVE/list
===
--- data/CVE/list
Author: hertzog
Date: 2017-11-23 11:50:05 + (Thu, 23 Nov 2017)
New Revision: 57952
Modified:
data/CVE/list
Log:
Ignore CVE-2017-1000203 in wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2017-11-23 11:49:52 UTC
Author: hertzog
Date: 2017-11-23 11:49:52 + (Thu, 23 Nov 2017)
New Revision: 57951
Modified:
data/dla-needed.txt
Log:
Add back xen to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-11-23
Author: hertzog
Date: 2017-11-23 10:42:43 + (Thu, 23 Nov 2017)
New Revision: 57950
Modified:
data/dla-needed.txt
Log:
Add otrs2 to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-11-23 10:33:28
, mp3gain is
dead upstream so this might be a candidate for no-dsa -- Hugo Lefeuvre
--
+ohcount
+ NOTE: No upstream bug tracker found (except on old copies of the code on
+ NOTE: github). Pinged sourceforge project owner with sourceforge's
+ NOTE: integrated messaging feature. -- Raphaël Hertzog
Author: hertzog
Date: 2017-11-23 09:56:59 + (Thu, 23 Nov 2017)
New Revision: 57948
Modified:
data/dla-needed.txt
Log:
Add exiv2 to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-11-23 09:10:18
2017-11-14 17:07:20 UTC (rev 57626)
@@ -49,8 +49,6 @@
NOTE: asked for reproducers for CVE-2017-14160 and CVE-2017-14633 on
NOTE: gitlab and vendor-sec
--
-libxml-libxml-perl (Raphaël Hertzog)
---
libxml2 (Thorsten Alteholz)
NOTE: bugfix needs confirmation by upstream
Author: hertzog
Date: 2017-11-14 16:56:12 + (Tue, 14 Nov 2017)
New Revision: 57625
Modified:
data/CVE/list
Log:
Update data for CVE-2017-10672
* experimental entry is no longer required
* update pull request URL to the one that got merged
Modified: data/CVE/list
maintainer yet,
sent email later
+libxml-libxml-perl (Raphaël Hertzog)
--
libxml2 (Thorsten Alteholz)
NOTE: bugfix needs confirmation by upstream
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http
:48 UTC (rev 56996)
@@ -14,9 +14,6 @@
NOTE: 20170719: maintainer will handle the upload, see
https://lists.debian.org/d0b9674a-ac5b-5cc9-1982-fb6f36155...@pbandjelly.org
NOTE: 20171013: anarcat pinged maintainer:
https://lists.debian.org/87efpuc95w@curie.anarc.at
--
-exiv2 (Raphaël
: anarcat pinged maintainer:
https://lists.debian.org/87efpuc95w@curie.anarc.at
--
exiv2 (Raphaël Hertzog)
NOTE: 20170702, no upstream fix yet, so no need to bother maintainer yet,
sent email later
___
Secure-testing-commits mailing list
Secure
Author: hertzog
Date: 2017-10-26 16:43:58 + (Thu, 26 Oct 2017)
New Revision: 56995
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Demote CVE-2017-147 on wheezy to no-dsa like the security team did
Modified: data/CVE/list
Author: hertzog
Date: 2017-10-26 16:31:39 + (Thu, 26 Oct 2017)
New Revision: 56993
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Demote CVE-2017-0378 on wheezy to no-dsa like the security team did
Modified: data/CVE/list
Author: hertzog
Date: 2017-10-26 16:29:06 + (Thu, 26 Oct 2017)
New Revision: 56992
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Demote CVE-2017-11692 and CVE-2017-5950 into no-dsa like the security team did
Modified: data/CVE/list
Author: hertzog
Date: 2017-10-26 15:47:18 + (Thu, 26 Oct 2017)
New Revision: 56991
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-1146-1 for mosquitto
Modified: data/DLA/list
===
--- data/DLA/list
is different in wheezy but from a cursory look, there
- NOTE: might be multiple places where error messages are not properly
- NOTE: HTML escaped. Without trying, it's hard to know if the error
- NOTE: messages do include user controllable content.
---
exiv2 (Raphaël Hertzog)
NOTE: 20170702, no upstream
Author: hertzog
Date: 2017-10-26 15:14:54 + (Thu, 26 Oct 2017)
New Revision: 56987
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Ignore CVE-2017-5982 in wheezy too
Modified: data/CVE/list
===
--- data/CVE/list
@@
NOTE: fix sent upstream, waiting for review
NOTE: 20170711: Pinged upstream (lamby)
--
-zoneminder (Raphaël Hertzog)
---
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin
:56:34 UTC (rev 56967)
+++ data/dla-needed.txt 2017-10-25 18:50:34 UTC (rev 56968)
@@ -168,5 +168,5 @@
NOTE: fix sent upstream, waiting for review
NOTE: 20170711: Pinged upstream (lamby)
--
-zoneminder
+zoneminder (Raphaël Hertzog)
--
___
Secure
Author: hertzog
Date: 2017-10-25 17:56:34 + (Wed, 25 Oct 2017)
New Revision: 56967
Modified:
data/CVE/list
data/dla-needed.txt
Log:
CVE triaging on zoneminder
Modified: data/CVE/list
===
--- data/CVE/list 2017-10-25
Author: hertzog
Date: 2017-10-25 16:46:31 + (Wed, 25 Oct 2017)
New Revision: 56966
Modified:
data/CVE/list
Log:
zoneminder issues are fixed in unstable
Chris Lamb checked that the CVE have been fixed upstream:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854733#53
Modified:
Author: hertzog
Date: 2017-10-25 15:32:12 + (Wed, 25 Oct 2017)
New Revision: 56965
Modified:
data/CVE/list
Log:
Mark one more exiv2 CVE as not-affecting wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2017-10-25
Author: hertzog
Date: 2017-10-25 14:03:54 + (Wed, 25 Oct 2017)
New Revision: 56964
Modified:
data/CVE/list
Log:
Add patch URL for exiv2 CVE and mark some as not-affected on wheezy
Modified: data/CVE/list
===
--- data/CVE/list
Author: hertzog
Date: 2017-10-25 09:25:40 + (Wed, 25 Oct 2017)
New Revision: 56962
Modified:
data/CVE/list
Log:
Add reproducibility results and upstream reports for all exiv2 CVE
Modified: data/CVE/list
===
--- data/CVE/list
Author: hertzog
Date: 2017-10-25 07:55:16 + (Wed, 25 Oct 2017)
New Revision: 56958
Modified:
data/CVE/list
Log:
Add URL for CVE-2017-5130
We have no details yet. The URL is private. I was not able to find any
bug report on the libxml2 side.
Modified: data/CVE/list
Author: hertzog
Date: 2017-10-18 10:29:56 + (Wed, 18 Oct 2017)
New Revision: 56819
Modified:
data/CVE/list
Log:
Add bug number for libpam4j CVE
Modified: data/CVE/list
===
--- data/CVE/list 2017-10-18 10:29:43 UTC (rev
Author: hertzog
Date: 2017-10-18 10:29:43 + (Wed, 18 Oct 2017)
New Revision: 56818
Modified:
data/CVE/list
Log:
Mark CVE-2017-14952 as postponed for a future update
Modified: data/CVE/list
===
--- data/CVE/list
Author: hertzog
Date: 2017-10-18 09:55:12 + (Wed, 18 Oct 2017)
New Revision: 56813
Modified:
data/dla-needed.txt
Log:
Add xen to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-10-18 09:38:32 UTC
Author: hertzog
Date: 2017-10-18 09:55:25 + (Wed, 18 Oct 2017)
New Revision: 56815
Modified:
data/dla-needed.txt
Log:
Add wpa to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-10-18 09:55:22 UTC
Author: hertzog
Date: 2017-10-18 09:55:22 + (Wed, 18 Oct 2017)
New Revision: 56814
Modified:
data/CVE/list
Log:
Mark CVE-2017-15185 as no-dsa for libmp3splt in wheezy
We follow the decision of the security team.
Modified: data/CVE/list
Author: hertzog
Date: 2017-10-18 09:38:32 + (Wed, 18 Oct 2017)
New Revision: 56812
Modified:
data/CVE/list
Log:
Mark redmine CVE as end-of-life on wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2017-10-18 09:23:11
Author: hertzog
Date: 2017-10-01 18:51:21 + (Sun, 01 Oct 2017)
New Revision: 56323
Modified:
data/CVE/list
Log:
Add some reproducibility results on some exiv CVE
Modified: data/CVE/list
===
--- data/CVE/list 2017-10-01
Author: hertzog
Date: 2017-09-19 14:11:33 + (Tue, 19 Sep 2017)
New Revision: 55901
Modified:
data/CVE/list
Log:
Correctly add wheezy classification on CVE-2017-11553
Modified: data/CVE/list
===
--- data/CVE/list
Author: hertzog
Date: 2017-09-19 14:02:55 + (Tue, 19 Sep 2017)
New Revision: 55900
Modified:
data/CVE/list
Log:
Reclassify exiv2 CVE according to my findings
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-19
Author: hertzog
Date: 2017-09-19 09:50:10 + (Tue, 19 Sep 2017)
New Revision: 55898
Modified:
data/CVE/list
Log:
Add results of reproducibility tests of exiv2 CVE
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-19
:31 UTC (rev 55418)
+++ data/dla-needed.txt 2017-09-03 13:39:58 UTC (rev 55419)
@@ -151,6 +151,9 @@
NOTE: .ruby-version is .rbenv-version in wheezy
NOTE: 20170802: No upstream patch (lamby)
--
+rtpproxy
+ NOTE: it's not clear to me if a fix is even possible. -- Raphaël Hertzog
+--
ruby
Author: hertzog
Date: 2017-09-03 13:29:37 + (Sun, 03 Sep 2017)
New Revision: 55416
Modified:
data/dla-needed.txt
Log:
Add pngcrush to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-09-03
Author: hertzog
Date: 2017-09-03 13:29:34 + (Sun, 03 Sep 2017)
New Revision: 55415
Modified:
data/CVE/list
Log:
Mark CVE-2017-13716 as ignored on wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-03 13:23:23
Author: hertzog
Date: 2017-09-01 16:13:18 + (Fri, 01 Sep 2017)
New Revision: 55370
Modified:
data/dla-needed.txt
Log:
Add asterisk to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-09-01
Author: hertzog
Date: 2017-09-01 16:02:46 + (Fri, 01 Sep 2017)
New Revision: 55369
Modified:
data/CVE/list
Log:
Ignore sleuthkit CVE on wheezy
The forensics tools are rarely used on external untrusted input. And
when they are, it is often done by security experts who are likely
rather
Author: hertzog
Date: 2017-09-01 14:49:31 + (Fri, 01 Sep 2017)
New Revision: 55366
Modified:
data/CVE/list
Log:
Mark CVE-2017-14102 as ignored on wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-01 14:42:18
Author: hertzog
Date: 2017-09-01 14:49:34 + (Fri, 01 Sep 2017)
New Revision: 55367
Modified:
data/dla-needed.txt
Log:
Add back graphicsmagick and imagemagick to dla-needed.txt
Modified: data/dla-needed.txt
===
---
Author: hertzog
Date: 2017-09-01 14:42:18 + (Fri, 01 Sep 2017)
New Revision: 55365
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Add libidn and libidn2-0 to dla-needed.txt
I hesitated to mark this as no-dsa but give this is about URL and that
we embed URLs everywhere, I think we
Author: hertzog
Date: 2017-08-31 17:05:03 + (Thu, 31 Aug 2017)
New Revision: 55324
Modified:
data/CVE/list
Log:
Add some preliminary results of my tests on exiv2
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31
Author: hertzog
Date: 2017-08-31 15:37:07 + (Thu, 31 Aug 2017)
New Revision: 55321
Modified:
data/CVE/list
Log:
Reported all exiv2 issues to upstream
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31 15:36:57 UTC
)
+++ data/dla-needed.txt 2017-08-31 15:36:57 UTC (rev 55320)
@@ -39,7 +39,7 @@
NOTE: 20170510, patch available, however not yet applied upstream.
NOTE: 20170706: no change upstream, patch disputed.
--
-exiv2
+exiv2 (Raphaël Hertzog)
NOTE: 20170702, no upstream fix yet, so no need to bother
Author: hertzog
Date: 2017-08-31 12:54:13 + (Thu, 31 Aug 2017)
New Revision: 55313
Modified:
data/dla-needed.txt
Log:
Fix typo
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-08-31 12:15:47 UTC (rev 55312)
+++
Author: hertzog
Date: 2017-08-31 10:31:22 + (Thu, 31 Aug 2017)
New Revision: 55303
Modified:
data/dla-needed.txt
Log:
Add ruby1.9.1 and rubygems to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt
Author: hertzog
Date: 2017-08-31 10:31:34 + (Thu, 31 Aug 2017)
New Revision: 55304
Modified:
data/CVE/list
Log:
Add bug number for ruby2.3 CVE
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31 10:31:22 UTC (rev
Author: hertzog
Date: 2017-08-31 09:58:38 + (Thu, 31 Aug 2017)
New Revision: 55301
Modified:
data/CVE/list
Log:
Mark CVE-2015-5209 as not affecting wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31
Author: hertzog
Date: 2017-08-31 09:44:34 + (Thu, 31 Aug 2017)
New Revision: 55300
Modified:
data/CVE/list
Log:
Mark CVE-2017-12595 as ignored in wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31 09:31:22
Author: hertzog
Date: 2017-08-31 09:31:22 + (Thu, 31 Aug 2017)
New Revision: 55299
Modified:
data/dla-needed.txt
Log:
Add libgd2 to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-08-31 09:20:32
Author: hertzog
Date: 2017-08-31 09:20:32 + (Thu, 31 Aug 2017)
New Revision: 55298
Modified:
data/dla-needed.txt
Log:
Add gdk-pixbuf to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-08-31
Author: hertzog
Date: 2017-08-31 09:17:42 + (Thu, 31 Aug 2017)
New Revision: 55296
Modified:
bin/lts-cve-triage.py
Log:
Print source package URL as well and try to align URLs
Modified: bin/lts-cve-triage.py
===
---
Author: hertzog
Date: 2017-08-31 08:30:02 + (Thu, 31 Aug 2017)
New Revision: 55291
Modified:
data/CVE/list
Log:
Mark CVE-2017-13757 as ignored on wheezy too
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-31
Author: hertzog
Date: 2017-08-30 14:23:33 + (Wed, 30 Aug 2017)
New Revision: 55238
Modified:
data/dla-needed.txt
Log:
Add simplesamlphp to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-08-30
Author: hertzog
Date: 2017-08-30 13:54:36 + (Wed, 30 Aug 2017)
New Revision: 55236
Modified:
data/CVE/list
Log:
Add bug number for ncurses CVE
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-30 13:51:39 UTC (rev
Author: hertzog
Date: 2017-08-30 13:44:17 + (Wed, 30 Aug 2017)
New Revision: 55234
Modified:
data/CVE/list
Log:
Mark all ncurses CVE as ignored on wheezy
They all affect (pretty much unknown) command-line tools that you are
unlikely to use with untrusted input.
Modified: data/CVE/list
Author: hertzog
Date: 2017-08-30 13:29:27 + (Wed, 30 Aug 2017)
New Revision: 55233
Modified:
data/CVE/list
Log:
Mark CVE-2017-12797 as ignored on wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-30 12:57:18
Author: hertzog
Date: 2017-08-30 12:57:18 + (Wed, 30 Aug 2017)
New Revision: 55232
Modified:
data/CVE/list
Log:
Add bug reference for libgig
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-30 12:34:02 UTC (rev
Author: hertzog
Date: 2017-08-30 12:34:02 + (Wed, 30 Aug 2017)
New Revision: 55231
Modified:
data/CVE/list
Log:
Mark CVE affecting postgresql-8.4 as not-affected since this source only
provides PL/Perl.
Modified: data/CVE/list
Author: hertzog
Date: 2017-08-30 12:22:46 + (Wed, 30 Aug 2017)
New Revision: 55230
Modified:
data/dla-needed.txt
Log:
Add db4.7 and db4.8 to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-08-30
Author: hertzog
Date: 2017-08-30 10:05:46 + (Wed, 30 Aug 2017)
New Revision: 55227
Modified:
data/dla-needed.txt
Log:
Add connman to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-08-30 09:53:16
Author: hertzog
Date: 2017-08-30 09:53:16 + (Wed, 30 Aug 2017)
New Revision: 55226
Modified:
data/dla-needed.txt
Log:
Add qemu and qemu-kvm to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt
Author: hertzog
Date: 2017-08-30 09:19:35 + (Wed, 30 Aug 2017)
New Revision: 55225
Added:
packages/php5.txt
Log:
Add some documentation for the workflow that the LTS team uses for php5
Added: packages/php5.txt
===
---
Author: hertzog
Date: 2017-08-29 14:50:19 + (Tue, 29 Aug 2017)
New Revision: 55198
Modified:
data/CVE/list
Log:
Postpone fix for CVE-2017-3735/openssl just like on stretch and jessie
OpenSSL updates are usually handled by Kurt himself anyway.
Modified: data/CVE/list
Author: hertzog
Date: 2017-08-29 14:37:00 + (Tue, 29 Aug 2017)
New Revision: 55196
Modified:
data/CVE/list
Log:
Mark CVE-2017-13710 as ignored in wheezy too
Modified: data/CVE/list
===
--- data/CVE/list 2017-08-29
Author: hertzog
Date: 2017-08-29 14:36:49 + (Tue, 29 Aug 2017)
New Revision: 55195
Modified:
data/dla-needed.txt
Log:
Add php5 to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-08-29 14:36:47
Author: hertzog
Date: 2017-08-29 14:36:47 + (Tue, 29 Aug 2017)
New Revision: 55194
Modified:
data/dla-needed.txt
Log:
Add icedove to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-08-29 14:27:43
Author: hertzog
Date: 2017-08-29 13:53:42 + (Tue, 29 Aug 2017)
New Revision: 55190
Modified:
data/dla-needed.txt
Log:
Add git-annex to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-08-29
Author: hertzog
Date: 2017-08-24 09:04:23 + (Thu, 24 Aug 2017)
New Revision: 55020
Modified:
data/dla-needed.txt
Log:
apache2 has no open issues on wheezy currently
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt
Author: hertzog
Date: 2017-07-18 09:09:40 + (Tue, 18 Jul 2017)
New Revision: 53607
Modified:
data/dla-needed.txt
Log:
Drop samba4 since it doesn't use the embedded heimdal
Modified: data/dla-needed.txt
===
---
Author: hertzog
Date: 2017-07-15 09:51:38 + (Sat, 15 Jul 2017)
New Revision: 53507
Modified:
data/dla-needed.txt
Log:
Add apache2 to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-07-15 09:51:02
Author: hertzog
Date: 2017-07-15 09:51:02 + (Sat, 15 Jul 2017)
New Revision: 53506
Modified:
data/CVE/list
Log:
Mark CVE-2017-9789 as not-affecting wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2017-07-15
Author: hertzog
Date: 2017-07-15 09:18:56 + (Sat, 15 Jul 2017)
New Revision: 53504
Modified:
data/CVE/list
Log:
Mark CVE-2017-171 as no-dsa on wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2017-07-15 07:04:43
Author: hertzog
Date: 2017-07-15 09:19:09 + (Sat, 15 Jul 2017)
New Revision: 53505
Modified:
data/CVE/list
Log:
Mark CVE-2017-161 as no-dsa no wheezy too
Modified: data/CVE/list
===
--- data/CVE/list 2017-07-15
Author: hertzog
Date: 2017-07-13 05:23:17 + (Thu, 13 Jul 2017)
New Revision: 53432
Modified:
data/dla-needed.txt
Log:
Add samba4 to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-07-13 05:23:12
Author: hertzog
Date: 2017-07-13 05:23:12 + (Thu, 13 Jul 2017)
New Revision: 53431
Modified:
data/CVE/list
Log:
Filed bug against samba for CVE-2017-11103
Modified: data/CVE/list
===
--- data/CVE/list 2017-07-13
Author: hertzog
Date: 2017-07-13 05:18:48 + (Thu, 13 Jul 2017)
New Revision: 53430
Modified:
data/CVE/list
Log:
Filed bug on heimdal for CVE-2017-11103
Modified: data/CVE/list
===
--- data/CVE/list 2017-07-13 05:18:37
1 - 100 of 661 matches
Mail list logo