Author: carnil
Date: 2017-09-22 20:19:47 + (Fri, 22 Sep 2017)
New Revision: 56030
Modified:
data/CVE/list
Log:
Followup on nss issues, update status
Mark the issues as unimportant, negligible impact, needs local access to
the NSS DBM files to be crafted.
Modified: data/CVE/list
Author: jmm
Date: 2017-09-22 21:15:27 + (Fri, 22 Sep 2017)
New Revision: 56034
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
samba DSA
Modified: data/DSA/list
===
--- data/DSA/list 2017-09-22 21:13:32 UTC (rev
Author: apo
Date: 2017-09-22 19:41:14 + (Fri, 22 Sep 2017)
New Revision: 56029
Modified:
data/CVE/list
Log:
libexif,CVE-2017-7544: no-dsa for Wheezy
Wheezy is vulnerable but the issue (out-of-bound read) is minor. Can be fixed
when more important issues arise.
Modified: data/CVE/list
Author: apo
Date: 2017-09-22 21:07:22 + (Fri, 22 Sep 2017)
New Revision: 56031
Modified:
data/dla-needed.txt
Log:
Add nautilus to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-09-22 20:19:47
Author: luciano
Date: 2017-09-22 21:13:32 + (Fri, 22 Sep 2017)
New Revision: 56033
Modified:
data/CVE/list
Log:
CVE-2017-14266: tcpreplay
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-22 21:10:17 UTC (rev 56032)
Author: sectracker
Date: 2017-09-22 21:10:17 + (Fri, 22 Sep 2017)
New Revision: 56032
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-22 21:07:22 UTC (rev 56031)
+++
Author: carnil
Date: 2017-09-22 21:17:04 + (Fri, 22 Sep 2017)
New Revision: 56035
Modified:
data/CVE/list
Log:
Process NFUs
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-22 21:15:27 UTC (rev 56034)
+++
Author: apo
Date: 2017-09-22 23:16:33 + (Fri, 22 Sep 2017)
New Revision: 56036
Modified:
data/CVE/list
Log:
libstruts1.2-java,CVE-2016-6795,CVE-2016-8738: end-of-life for Wheezy
Ignore open security issues for libstruts1.2-java and mark them EOL because
this package is used
by nobody and
Author: carnil
Date: 2017-09-22 09:16:20 + (Fri, 22 Sep 2017)
New Revision: 56005
Modified:
data/CVE/list
Log:
Add CVE-2017-14682, left TODO since unchecked
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-22
Author: carnil
Date: 2017-09-22 10:19:18 + (Fri, 22 Sep 2017)
New Revision: 56008
Modified:
data/CVE/list
Log:
Add p3scan issue
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-22 10:19:08 UTC (rev 56007)
+++
Author: carnil
Date: 2017-09-22 10:19:29 + (Fri, 22 Sep 2017)
New Revision: 56009
Modified:
data/CVE/list
Log:
Process NFUs
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-22 10:19:18 UTC (rev 56008)
+++
Author: carnil
Date: 2017-09-22 10:19:39 + (Fri, 22 Sep 2017)
New Revision: 56010
Modified:
data/CVE/list
Log:
Add libstruts1.2-java CVEs
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-22 10:19:29 UTC (rev 56009)
Author: sectracker
Date: 2017-09-22 09:10:12 + (Fri, 22 Sep 2017)
New Revision: 56002
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-22 08:46:43 UTC (rev 56001)
+++
Author: carnil
Date: 2017-09-22 09:15:14 + (Fri, 22 Sep 2017)
New Revision: 56004
Modified:
data/CVE/list
Log:
Add CVE-2017-14684/imagemagick
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-22 09:14:11 UTC (rev
Author: jmm
Date: 2017-09-22 09:14:11 + (Fri, 22 Sep 2017)
New Revision: 56003
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-22 09:10:12 UTC (rev 56002)
+++ data/CVE/list
Author: carnil
Date: 2017-09-22 10:19:08 + (Fri, 22 Sep 2017)
New Revision: 56007
Modified:
data/CVE/list
Log:
Add reference for imagemagick issue, remove TODO, checked
Modified: data/CVE/list
===
--- data/CVE/list
Author: carnil
Date: 2017-09-22 09:18:23 + (Fri, 22 Sep 2017)
New Revision: 56006
Modified:
data/CVE/list
Log:
Add two more sam2p issues
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-22 09:16:20 UTC (rev 56005)
Author: hle
Date: 2017-09-22 08:16:27 + (Fri, 22 Sep 2017)
New Revision: 55998
Modified:
data/CVE/list
Log:
CVE-2017-6420 (clamav): Add link to commit 60671e3 fixing tests broken by
dfc00cd
Modified: data/CVE/list
===
---
Author: jmm
Date: 2017-09-22 07:47:32 + (Fri, 22 Sep 2017)
New Revision: 55997
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-22 07:31:44 UTC (rev 55996)
+++ data/CVE/list
Author: agx
Date: 2017-09-22 08:43:36 + (Fri, 22 Sep 2017)
New Revision: 55999
Modified:
data/CVE/list
Log:
lts: samba in wheezy not affected by CVE-2017-12151
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-22
Author: jmm
Date: 2017-09-22 08:45:44 + (Fri, 22 Sep 2017)
New Revision: 56000
Modified:
data/dsa-needed.txt
Log:
take samba
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2017-09-22 08:43:36 UTC (rev 55999)
+++
Author: jmm
Date: 2017-09-22 06:41:30 + (Fri, 22 Sep 2017)
New Revision: 55995
Modified:
data/CVE/list
Log:
new chromium issues
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-22 06:29:27 UTC (rev 55994)
+++
Author: jmm
Date: 2017-09-22 07:31:44 + (Fri, 22 Sep 2017)
New Revision: 55996
Modified:
data/CVE/list
Log:
NFU
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-22 06:41:30 UTC (rev 55995)
+++ data/CVE/list
Author: jmm
Date: 2017-09-22 08:46:43 + (Fri, 22 Sep 2017)
New Revision: 56001
Modified:
data/CVE/list
Log:
NFU
gm unimportant
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-22 08:45:44 UTC (rev 56000)
+++
Author: js
Date: 2017-09-23 00:38:15 + (Sat, 23 Sep 2017)
New Revision: 56037
Modified:
data/embedded-code-copies
Log:
Track embedded copies of portaudio and others.
Modified: data/embedded-code-copies
===
---
Author: apo
Date: 2017-09-22 11:24:05 + (Fri, 22 Sep 2017)
New Revision: 56011
Modified:
data/dla-needed.txt
Log:
Claim poppler in dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-09-22 10:19:39
Author: apo
Date: 2017-09-22 11:41:43 + (Fri, 22 Sep 2017)
New Revision: 56012
Modified:
data/CVE/list
Log:
poppler,CVE-2017-14520,CVE-2017-14518: Wheezy is not affected
Vulnerable code is not present.
Modified: data/CVE/list
Author: hle
Date: 2017-09-22 12:04:38 + (Fri, 22 Sep 2017)
New Revision: 56013
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Claim DLA number DLA-1105-1 for clamav
Modified: data/DLA/list
===
--- data/DLA/list
Author: carnil
Date: 2017-09-22 06:29:27 + (Fri, 22 Sep 2017)
New Revision: 55994
Modified:
data/CVE/list
Log:
Add entires for CVE-2017-6266, CVE-2017-6267 and CVE-2017-6272
Modified: data/CVE/list
===
--- data/CVE/list
Author: carnil
Date: 2017-09-22 06:17:20 + (Fri, 22 Sep 2017)
New Revision: 55993
Modified:
data/CVE/list
Log:
Add CVE-2017-12617
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-22 04:30:43 UTC (rev 55992)
+++
Author: carnil
Date: 2017-09-22 14:09:52 + (Fri, 22 Sep 2017)
New Revision: 56014
Modified:
data/CVE/list
Log:
Add wordpress issues as CVE should be assigned shortly
Modified: data/CVE/list
===
--- data/CVE/list
Author: carnil
Date: 2017-09-22 14:50:46 + (Fri, 22 Sep 2017)
New Revision: 56016
Modified:
data/CVE/list
Log:
Add bug reference for CVE-2017-14635, #876462
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-22
Author: carnil
Date: 2017-09-22 14:50:35 + (Fri, 22 Sep 2017)
New Revision: 56015
Modified:
data/CVE/list
Log:
Add bug for one graphicsmagick issue
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-22 14:09:52 UTC
Author: carnil
Date: 2017-09-22 15:18:22 + (Fri, 22 Sep 2017)
New Revision: 56018
Modified:
data/CVE/list
Log:
Add bug for libexif issue
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-22 14:59:15 UTC (rev 56017)
Author: carnil
Date: 2017-09-22 14:59:15 + (Fri, 22 Sep 2017)
New Revision: 56017
Modified:
data/CVE/list
Log:
Mark CVE-2017-6272, CVe-2017-6267 and CVE-2017-6266 as unfixed
Modified: data/CVE/list
===
--- data/CVE/list
Author: pochu
Date: 2017-09-22 15:35:51 + (Fri, 22 Sep 2017)
New Revision: 56019
Modified:
data/dla-needed.txt
Log:
dla: drop jbig2dec
The CVE was fixed in a previous update for a different CVE
Modified: data/dla-needed.txt
Author: pochu
Date: 2017-09-22 15:47:36 + (Fri, 22 Sep 2017)
New Revision: 56021
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-1106-1 for libgd2
Modified: data/DLA/list
===
--- data/DLA/list 2017-09-22
Author: js
Date: 2017-09-22 15:45:07 + (Fri, 22 Sep 2017)
New Revision: 56020
Modified:
data/embedded-code-copies
Log:
Track embedded copy of libresample.
Modified: data/embedded-code-copies
===
--- data/embedded-code-copies
Author: apo
Date: 2017-09-22 17:56:21 + (Fri, 22 Sep 2017)
New Revision: 56022
Modified:
data/CVE/list
Log:
binutils,CVE-2017-14529: no-dsa/ignored for Wheezy
Vulnerable code is present but issue is of minor importance. Follow
Jessie/Stretch which is also in line with our privious
Author: apo
Date: 2017-09-22 18:23:13 + (Fri, 22 Sep 2017)
New Revision: 56023
Modified:
data/CVE/list
Log:
kannel,CVE-2017-14609: no-dsa for Wheezy
I think it is sensible to follow Jessie/Stretch in this case. The exploit is
limited to non-root local users and requires that someone
Author: carnil
Date: 2017-09-22 18:26:49 + (Fri, 22 Sep 2017)
New Revision: 56024
Modified:
data/CVE/list
Log:
Add bug reference for CVE-2017-14682, #876488
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-22
Author: carnil
Date: 2017-09-22 18:28:16 + (Fri, 22 Sep 2017)
New Revision: 56025
Modified:
data/CVE/list
Log:
Add bug reference for CVe-2017-14684
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-22 18:26:49 UTC
Author: carnil
Date: 2017-09-22 18:30:56 + (Fri, 22 Sep 2017)
New Revision: 56026
Modified:
data/CVE/list
Log:
Mark CVE-2017-7544 as no-dsa
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-22 18:28:16 UTC (rev
Author: apo
Date: 2017-09-22 18:35:24 + (Fri, 22 Sep 2017)
New Revision: 56027
Modified:
data/dla-needed.txt
Log:
Add wordpress to dla-needed.txt
CVEs were requested. It is likely that the Wheezy version will be affected
again. More information will follow soon.
Modified:
Author: apo
Date: 2017-09-22 18:39:54 + (Fri, 22 Sep 2017)
New Revision: 56028
Modified:
data/CVE/list
Log:
libsndfile,CVE-2017-14634: no-dsa for Wheezy
Divide by zero
Modified: data/CVE/list
===
--- data/CVE/list
45 matches
Mail list logo