[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Two CVEs newly rejected

2018-01-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5e086ed1 by Salvatore Bonaccorso at 2018-01-26T08:00:14+01:00
Two CVEs newly rejected

DWF project has further retired CVE-2017-1000468 and CVE-2017-1000464
since further analysis did show there wasnt a security issue in those
cases.

Remove the todo after checking.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2,10 +2,8 @@ CVE-2017-1000505 (In Jenkins Script Security Plugin version 
1.36 and earlier, us
NOT-FOR-US: Jenkins Script Security Plugin
 CVE-2017-1000468
REJECTED
-   TODO: check
 CVE-2017-1000464
REJECTED
-   TODO: check
 CVE-2017-1000414 (ImpulseAdventure JPEGsnoop version 1.7.5 is vulnerable to a 
division ...)
TODO: check
 CVE-2018-6312



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5e086ed1df8775902859321c00f1020ee024a81d

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5e086ed1df8775902859321c00f1020ee024a81d
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Starting from 0.69+repack-1 libyaml-libyaml-perl uses system libyaml

2018-01-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
835c0445 by Salvatore Bonaccorso at 2018-01-26T08:34:44+01:00
Starting from 0.69+repack-1 libyaml-libyaml-perl uses system libyaml

- - - - -


1 changed file:

- data/embedded-code-copies


Changes:

=
data/embedded-code-copies
=
--- a/data/embedded-code-copies
+++ b/data/embedded-code-copies
@@ -2922,7 +2922,7 @@ eigen3
- r-cran-rcppeigen  (modified-embed; bug #729716)
 
 libyaml
-   - libyaml-libyaml-perl  (embed; bug #664224)
+   - libyaml-libyaml-perl 0.69+repack-1 (embed; bug #664224)
 
 liblivemedia
- vlc  (static)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/835c044528a1bbbc3f0d2cc5bbfc228aed763362

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/835c044528a1bbbc3f0d2cc5bbfc228aed763362
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-5750/linux

2018-01-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e779a79a by Salvatore Bonaccorso at 2018-01-26T08:44:47+01:00
Add CVE-2018-5750/linux

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1417,8 +1417,10 @@ CVE-2017-18034
RESERVED
 CVE-2017-18033 (The Jira-importers-plugin in Atlassian Jira before version 
7.6.1 ...)
NOT-FOR-US: Jira-importers-plugin in Atlassian Jira
-CVE-2018-5750
+CVE-2018-5750 [ACPI: sbshc: remove raw pointer from printk message]
RESERVED
+   - linux 
+   NOTE: https://patchwork.kernel.org/patch/10174835/
 CVE-2018-5749 (install.php in Minecraft Servers List Lite before commit 
c1cd164 and ...)
NOT-FOR-US: Minecraft Servers List Lite
 CVE-2018-5748 (qemu/qemu_monitor.c in libvirt allows attackers to cause a 
denial of ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e779a79ab8e543be7ad826dc0f9c27fda5e6bafc

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e779a79ab8e543be7ad826dc0f9c27fda5e6bafc
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process one NFU

2018-01-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
62449d22 by Salvatore Bonaccorso at 2018-01-26T07:59:28+01:00
Process one NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,5 +1,5 @@
 CVE-2017-1000505 (In Jenkins Script Security Plugin version 1.36 and earlier, 
users with ...)
-   TODO: check
+   NOT-FOR-US: Jenkins Script Security Plugin
 CVE-2017-1000468
REJECTED
TODO: check



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/62449d22974210df29a4a4d743e462eddd0dce71

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/62449d22974210df29a4a4d743e462eddd0dce71
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] jackson-databind issues fixed in unstable with 2.9.4 new upstream version

2018-01-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d57e3cd9 by Salvatore Bonaccorso at 2018-01-26T07:20:29+01:00
jackson-databind issues fixed in unstable with 2.9.4 new upstream version

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -895,7 +895,7 @@ CVE-2018-5970
 CVE-2018-5969 (Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 
via ...)
NOT-FOR-US: Photography CMS
 CVE-2018-5968 (FasterXML jackson-databind through 2.8.11 and 2.9.x through 
2.9.3 ...)
-   - jackson-databind  (bug #888316)
+   - jackson-databind 2.9.4-1 (bug #888316)
NOTE: https://github.com/FasterXML/jackson-databind/issues/1899
NOTE: 
https://github.com/FasterXML/jackson-databind/commit/038b471e2efde2e8f96b4e0be958d3e5a1ff1d05
 CVE-2018-5967 (Netis WF2419 V2.2.36123 devices allow XSS via the Description 
parameter ...)
@@ -12539,7 +12539,7 @@ CVE-2017-17487
 CVE-2017-17486
RESERVED
 CVE-2017-17485 (FasterXML jackson-databind through 2.8.10 and 2.9.x through 
2.9.3 ...)
-   - jackson-databind  (bug #888318)
+   - jackson-databind 2.9.4-1 (bug #888318)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1528565#c0
NOTE: https://github.com/FasterXML/jackson-databind/issues/1855
 CVE-2017-17484 (The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International 
...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d57e3cd92b7c8a897c8f358edae7fe2d9328280d

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d57e3cd92b7c8a897c8f358edae7fe2d9328280d
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add thunderbird to dsa-needed list

2018-01-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b4875ff1 by Salvatore Bonaccorso at 2018-01-26T08:55:52+01:00
Add thunderbird to dsa-needed list

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -68,6 +68,8 @@ sqlite3/oldstable
 --
 sssd/stable
 --
+thunderbird
+--
 tiff (jmm)
   gcs proposed debdiffs for jessie and stretch: need review+ack
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b4875ff188aa8b5c2f1fc62638c1d5d0d12161c5

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b4875ff188aa8b5c2f1fc62638c1d5d0d12161c5
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] lts: add an claim thunderbird

2018-01-25 Thread Guido Günther 
Guido Günther pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0dfe3a67 by Guido Günther at 2018-01-26T08:47:39+01:00
lts: add an claim thunderbird

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -55,6 +55,8 @@ swftools (Guido Günther)
   NOTE: 20171118: At least CVE-2017-16797 is present. (lamby)
   NOTE: 20171210: likely to be turned into a pkg with limited sec support
 --
+thunderbird (Guido Günther)
+--
 tiff (Roberto C. Sánchez)
 --
 tiff3 (Roberto C. Sánchez)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0dfe3a6753af600a112533f0687f6edec5d0ffa5

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0dfe3a6753af600a112533f0687f6edec5d0ffa5
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add thunderbird CVEs from mfsa2018-04

2018-01-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6f7ac3e6 by Salvatore Bonaccorso at 2018-01-26T08:54:43+01:00
Add thunderbird CVEs from mfsa2018-04

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2937,8 +2937,10 @@ CVE-2018-5117
{DSA-4096-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
+   - thunderbird 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5117
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5117
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5117
 CVE-2018-5116
RESERVED
- firefox 58.0-1
@@ -2992,22 +2994,28 @@ CVE-2018-5104
{DSA-4096-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
+   - thunderbird 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5104
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5104
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5104
 CVE-2018-5103
RESERVED
{DSA-4096-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
+   - thunderbird 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5103
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5103
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5103
 CVE-2018-5102
RESERVED
{DSA-4096-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
+   - thunderbird 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5102
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5102
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5102
 CVE-2018-5101
RESERVED
- firefox 58.0-1
@@ -3021,35 +3029,45 @@ CVE-2018-5099
{DSA-4096-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
+   - thunderbird 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5099
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5099
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5099
 CVE-2018-5098
RESERVED
{DSA-4096-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
+   - thunderbird 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5098
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5098
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5098
 CVE-2018-5097
RESERVED
{DSA-4096-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
+   - thunderbird 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5097
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5097
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5097
 CVE-2018-5096
RESERVED
{DSA-4096-1 DLA-1256-1}
- firefox-esr 52.6.0esr-1
+   - thunderbird 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5096
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5096
 CVE-2018-5095
RESERVED
{DSA-4096-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
+   - thunderbird 
- skia  (bug #818180)
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5095
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5095
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5095
 CVE-2018-5094
RESERVED
- firefox 58.0-1
@@ -3078,8 +3096,10 @@ CVE-2018-5089
{DSA-4096-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
+   - thunderbird 
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5089
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5089
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5089
 CVE-2018-5088 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) 
allows local ...)
NOT-FOR-US: K7 AntiVirus
 CVE-2018-5087 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) 
allows local ...)



View it on GitLab:

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: add dovecot and prevent upload

2018-01-25 Thread Thorsten Alteholz 
Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b6fc3782 by Thorsten Alteholz at 2018-01-26T08:49:00+01:00
add dovecot and prevent upload

- - - - -
af1f950e by Thorsten Alteholz at 2018-01-26T08:49:29+01:00
Merge branch master of 
salsa.debian.org:security-tracker-team/security-tracker

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -12,6 +12,11 @@ 
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 --
 curl (Thorsten Alteholz)
 --
+dovecot (Thorsten Alteholz)
+  NOTE: after applying the patch, login segfaults
+  NOTE: maintainer and security team are looking into this
+  NOTE: probably no-dsa
+--
 exiv2 (Brian May)
   NOTE: 20180101: built wheezy version with ASAN in jessie and confirmed that 
CVE-2017-17669 applies to wheezy version
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/a11c5719df3244497002a9567df4369e16496da7...af1f950ed11bc924f0e3ec8bad936c24197bea21

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/a11c5719df3244497002a9567df4369e16496da7...af1f950ed11bc924f0e3ec8bad936c24197bea21
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] follow security team with no-dsa for dnsmasq

2018-01-25 Thread Thorsten Alteholz 
Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
72fc365f by Thorsten Alteholz at 2018-01-26T08:54:48+01:00
follow security team with no-dsa for dnsmasq

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -22176,6 +22176,7 @@ CVE-2017-15107 (A vulnerability was found in the 
implementation of DNSSEC in Dns
- dnsmasq  (bug #888200)
[stretch] - dnsmasq  (Minor issue)
[jessie] - dnsmasq  (Minor issue)
+   [wheezy] - dnsmasq  (Minor issue)
NOTE: 
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html
NOTE: 
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=4fe6744a220eddd3f1749b40cac3dfc510787de6
 CVE-2017-15106



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/72fc365fc55621af0f6b053ab7d824b54cefdb70

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/72fc365fc55621af0f6b053ab7d824b54cefdb70
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add note for dovecot, holding back yet

2018-01-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a11c5719 by Salvatore Bonaccorso at 2018-01-26T08:49:44+01:00
Add note for dovecot, holding back yet

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -19,6 +19,7 @@ chromium-browser/stable
 curl (ghedo)
 --
 dovecot (carnil)
+  holding back upload due to possible regression
 --
 graphicsmagick
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a11c5719df3244497002a9567df4369e16496da7

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a11c5719df3244497002a9567df4369e16496da7
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2017-15703, mark as NFU

2018-01-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
58923432 by Salvatore Bonaccorso at 2018-01-25T21:15:04+01:00
Add CVE-2017-15703, mark as NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -20386,6 +20386,7 @@ CVE-2017-15704
REJECTED
 CVE-2017-15703
RESERVED
+   NOT-FOR-US: Apache NiFi
 CVE-2017-15702 (In Apache Qpid Broker-J 0.18 through 0.32, if the broker is 
configured ...)
- qpid-java  (bug #840131)
 CVE-2017-15701 (In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 
(inclusive) the ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/58923432d7f3447c48242176c8f2381f34023369

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/58923432d7f3447c48242176c8f2381f34023369
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Track jessie-pu proposal for nvidia-graphics-drivers, #887559

2018-01-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
22f19d25 by Salvatore Bonaccorso at 2018-01-25T21:19:23+01:00
Track jessie-pu proposal for nvidia-graphics-drivers, #887559

- - - - -


1 changed file:

- data/next-oldstable-point-update.txt


Changes:

=
data/next-oldstable-point-update.txt
=
--- a/data/next-oldstable-point-update.txt
+++ b/data/next-oldstable-point-update.txt
@@ -61,3 +61,9 @@ CVE-2017-15602
[jessie] - libextractor 1:1.3-2+deb8u1
 CVE-2017-15922
[jessie] - libextractor 1:1.3-2+deb8u1
+CVE-2017-5715
+   [jessie] - nvidia-graphics-drivers 340.106-1
+CVE-2017-5753
+   [jessie] - nvidia-graphics-drivers 340.106-1
+CVE-2017-5754
+   [jessie] - nvidia-graphics-drivers 340.106-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/22f19d250d17fb4863a832604ee18095c3b4e22c

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/22f19d250d17fb4863a832604ee18095c3b4e22c
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2017-15134: #888452

2018-01-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e957a4ee by Salvatore Bonaccorso at 2018-01-25T21:49:36+01:00
Add bug reference for CVE-2017-15134: #888452

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -22011,7 +22011,7 @@ CVE-2017-15135 (It was found that 389-ds-base since 
1.3.6.1 up to and including 
- 389-ds-base  (bug #888451)
 CVE-2017-15134 [Remote DoS via search filters in slapi_filter_sprintf in 
slapd/util.c]
RESERVED
-   - 389-ds-base 
+   - 389-ds-base  (bug #888452)
 CVE-2017-15133
RESERVED
 CVE-2017-15132 [dovecot: auth client leaks memory if SASL authentication is 
aborted]



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e957a4eefccb54b8d46c98dcecef308f058734a7

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e957a4eefccb54b8d46c98dcecef308f058734a7
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add reference for CVE-2017-17858/mupdf

2018-01-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e3c1256f by Salvatore Bonaccorso at 2018-01-25T21:54:21+01:00
Add reference for CVE-2017-17858/mupdf

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -6753,6 +6753,7 @@ CVE-2017-17858 (Heap-based buffer overflow in the 
ensure_solid_xref function in 
- mupdf 
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698819 (not public)
NOTE: 
http://git.ghostscript.com/?p=mupdf.git;a=commit;h=55c3f68d638ac1263a386e0aaa004bb6e8bde731
+   NOTE: 
https://github.com/mzet-/Security-Advisories/blob/master/mzet-adv-2017-01.md
 CVE-2017-17851
RESERVED
 CVE-2017-17850 (An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 
and ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e3c1256fe86ee8b7dd7c38c93af153ceb494f8a1

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e3c1256fe86ee8b7dd7c38c93af153ceb494f8a1
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update CVE-2018-1000016 information

2018-01-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
021fae20 by Salvatore Bonaccorso at 2018-01-25T22:01:05+01:00
Update CVE-2018-116 information

Turns out that this was a duplicte assigned for the already assigned
CVE-2017-17383.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -670,8 +670,8 @@ CVE-2018-6031
[wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2018-6030
RESERVED
-CVE-2018-116 (Jenkins Ant Plugin 1.7 and earlier failed to escape tool 
names it ...)
-   NOT-FOR-US: Jenkins plugin
+CVE-2018-116
+   REJECTED
 CVE-2018-115 (On Jenkins instances with Authorize Project plugin, the 
authentication ...)
NOT-FOR-US: Jenkins plugin
 CVE-2018-114 (Jenkins Translation Assistance Plugin 1.15 and earlier did 
not require ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/021fae200e1a795e1ee81319aa4d6b497dcf4729

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/021fae200e1a795e1ee81319aa4d6b497dcf4729
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

2018-01-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4bcd2e22 by security tracker role at 2018-01-25T21:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,13 @@
+CVE-2017-1000505 (In Jenkins Script Security Plugin version 1.36 and earlier, 
users with ...)
+   TODO: check
+CVE-2017-1000468
+   REJECTED
+   TODO: check
+CVE-2017-1000464
+   REJECTED
+   TODO: check
+CVE-2017-1000414 (ImpulseAdventure JPEGsnoop version 1.7.5 is vulnerable to a 
division ...)
+   TODO: check
 CVE-2018-6312
RESERVED
 CVE-2018-6311
@@ -817,8 +827,8 @@ CVE-2018-5999 (An issue was discovered in AsusWRT before 
3.0.0.4.384_10007. In t
NOT-FOR-US: AsusWRT
 CVE-2018-5998
RESERVED
-CVE-2018-5997
-   RESERVED
+CVE-2018-5997 (An issue was discovered in the HTTP Server in RAVPower Filehub 
...)
+   TODO: check
 CVE-2018-107 (libcurl 7.1 through 7.57.0 might accidentally leak 
authentication data ...)
- curl 7.58.0-1
NOTE: https://curl.haxx.se/docs/adv_2018-b3bf.html
@@ -873,8 +883,8 @@ CVE-2018-5975
RESERVED
 CVE-2018-5974
RESERVED
-CVE-2018-5973
-   RESERVED
+CVE-2018-5973 (SQL Injection exists in Professional Local Directory Script 1.0 
via ...)
+   TODO: check
 CVE-2018-5972 (SQL Injection exists in Classified Ads CMS Quickad 4.0 via the 
...)
NOT-FOR-US: Classified Ads CMS Quickad
 CVE-2018-5971
@@ -891,12 +901,12 @@ CVE-2018-5967 (Netis WF2419 V2.2.36123 devices allow XSS 
via the Description par
NOT-FOR-US: Netis WF2419 V2.2.36123 devices
 CVE-2018-5966
RESERVED
-CVE-2018-5965
-   RESERVED
-CVE-2018-5964
-   RESERVED
-CVE-2018-5963
-   RESERVED
+CVE-2018-5965 (CMS Made Simple (CMSMS) 2.2.5 has XSS in 
admin/moduleinterface.php via ...)
+   TODO: check
+CVE-2018-5964 (CMS Made Simple (CMSMS) 2.2.5 has XSS in 
admin/moduleinterface.php via ...)
+   TODO: check
+CVE-2018-5963 (CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php 
via the ...)
+   TODO: check
 CVE-2018-5962 (index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 
through ...)
NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
 CVE-2018-5961 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 
v0.9.8.12 has ...)
@@ -923,8 +933,8 @@ CVE-2016-10708 (sshd in OpenSSH before 7.4 allows remote 
attackers to cause a de
- openssh 1:7.4p1-1
NOTE: 
https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737
NOTE: http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html
-CVE-2018-5954
-   RESERVED
+CVE-2018-5954 (phpFreeChat 1.7 and earlier allows remote attackers to cause a 
denial ...)
+   TODO: check
 CVE-2018-5953
RESERVED
 CVE-2018-5952
@@ -1412,8 +1422,7 @@ CVE-2018-5750
RESERVED
 CVE-2018-5749 (install.php in Minecraft Servers List Lite before commit 
c1cd164 and ...)
NOT-FOR-US: Minecraft Servers List Lite
-CVE-2018-5748 [resource exhaustion via qemuMonitorIORead() method]
-   RESERVED
+CVE-2018-5748 (qemu/qemu_monitor.c in libvirt allows attackers to cause a 
denial of ...)
- libvirt 4.0.0-1 (bug #887700)
[stretch] - libvirt  (Minor issue)
[jessie] - libvirt  (Minor issue)
@@ -3671,12 +3680,12 @@ CVE-2018-4839
RESERVED
 CVE-2018-4838
RESERVED
-CVE-2018-4837
-   RESERVED
-CVE-2018-4836
-   RESERVED
-CVE-2018-4835
-   RESERVED
+CVE-2018-4837 (A vulnerability has been identified in TeleControl Server Basic 
 ...)
+   TODO: check
+CVE-2018-4836 (A vulnerability has been identified in TeleControl Server Basic 
 ...)
+   TODO: check
+CVE-2018-4835 (A vulnerability has been identified in TeleControl Server Basic 
 ...)
+   TODO: check
 CVE-2018-4834 (A vulnerability has been identified in Desigo Automation 
Controllers ...)
NOT-FOR-US: Desigo
 CVE-2018-4833
@@ -5773,7 +5782,7 @@ CVE-2017-1000458 (Bro before Bro v2.5.2 is vulnerable to 
an out of bounds write 
 CVE-2017-1000457 (Cross-site scripting (XSS) vulnerability in Help.aspx in 
mojoPortal ...)
NOT-FOR-US: mojoPortal
 CVE-2017-1000456 (freedesktop.org libpoppler 0.60.1 fails to validate 
boundaries in ...)
-   {DLA-1228-1}
+   {DSA-4097-1 DLA-1228-1}
- poppler 0.61.1-2
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103116
NOTE: Fixed by: 
https://cgit.freedesktop.org/poppler/poppler/commit/?id=7ee9dadef37b20bca707a6b1e858e17d191e368b
@@ -13426,8 +13435,8 @@ CVE-2018-1053
RESERVED
 CVE-2018-1052
RESERVED
-CVE-2018-1051
-   RESERVED
+CVE-2018-1051 (It was found that the fix for CVE-2016-9606 in versions 3.0.22 
and ...)
+   TODO: check
 CVE-2018-1050
RESERVED
 CVE-2018-1049 [automount: access to

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: follow security team with no-dsa for irssi

2018-01-25 Thread Thorsten Alteholz 
Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
64b06266 by Thorsten Alteholz at 2018-01-25T22:19:19+01:00
follow security team with no-dsa for irssi

- - - - -
305de372 by Thorsten Alteholz at 2018-01-25T22:20:00+01:00
follow security team with no-dsa for non-free p7zip-rar

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -838,6 +838,7 @@ CVE-2018-5996 [Memory Corruptions via RAR PPMd]
- p7zip-rar  (bug #888314)
[stretch] - p7zip-rar  (Non-free not supported)
[jessie] - p7zip-rar  (Non-free not supported)
+   [wheezy] - p7zip-rar  (Non-free not supported)
NOTE: 
https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
 CVE-2018-5995
RESERVED
@@ -2725,24 +2726,28 @@ CVE-2018-5208 (In Irssi before 1.0.6, a calculation 
error in the completion code
- irssi  (bug #886475)
[stretch] - irssi  (Minor issue)
[jessie] - irssi  (Minor issue)
+   [wheezy] - irssi  (Minor issue)
NOTE: https://irssi.org/security/irssi_sa_2018_01.txt
NOTE: 
https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
 CVE-2018-5207 (When using an incomplete variable argument, Irssi before 1.0.6 
may ...)
- irssi  (bug #886475)
[stretch] - irssi  (Minor issue)
[jessie] - irssi  (Minor issue)
+   [wheezy] - irssi  (Minor issue)
NOTE: https://irssi.org/security/irssi_sa_2018_01.txt
NOTE: 
https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
 CVE-2018-5206 (When the channel topic is set without specifying a sender, 
Irssi before ...)
- irssi  (bug #886475)
[stretch] - irssi  (Minor issue)
[jessie] - irssi  (Minor issue)
+   [wheezy] - irssi  (Minor issue)
NOTE: https://irssi.org/security/irssi_sa_2018_01.txt
NOTE: 
https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
 CVE-2018-5205 (When using incomplete escape codes, Irssi before 1.0.6 may 
access data ...)
- irssi  (bug #886475)
[stretch] - irssi  (Minor issue)
[jessie] - irssi  (Minor issue)
+   [wheezy] - irssi  (Minor issue)
NOTE: https://irssi.org/security/irssi_sa_2018_01.txt
NOTE: 
https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
 CVE-2018-5204



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/4bcd2e221f60a7ffd8fa43abc8fc052b345bdc6a...305de3729c58e24206a7a57f6254acc270daf622

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/4bcd2e221f60a7ffd8fa43abc8fc052b345bdc6a...305de3729c58e24206a7a57f6254acc270daf622
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update information for CVE-2017-17858/mupdf

2018-01-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6a4a65c3 by Salvatore Bonaccorso at 2018-01-26T00:03:29+01:00
Update information for CVE-2017-17858/mupdf

To reviewers: double check this update since the
http://git.ghostscript.com/?p=mupdf.git;a=commit;h=f595e889b91a674eb94db7ca4d832da54f5194cd
is involving and I might have missed something which makes the issue
only be covered before. Before that change though the offsets are
already checked if they are out of range, ofs of type fz_off_t.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -6764,9 +6764,11 @@ CVE-2017-17860 (In Samsung Gear products, Bluetooth link 
key is updated to the .
 CVE-2017-17859 (Samsung Internet Browser 6.2.01.12 allows remote attackers to 
bypass ...)
NOT-FOR-US: Samsung Internet Browser
 CVE-2017-17858 (Heap-based buffer overflow in the ensure_solid_xref function 
in ...)
-   - mupdf 
+   - mupdf  (Vulnerable code introduced in 1.11.1)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698819 (not public)
-   NOTE: 
http://git.ghostscript.com/?p=mupdf.git;a=commit;h=55c3f68d638ac1263a386e0aaa004bb6e8bde731
+   NOTE: Fixed by: 
http://git.ghostscript.com/?p=mupdf.git;a=commit;h=55c3f68d638ac1263a386e0aaa004bb6e8bde731
+   NOTE: Commit 
http://git.ghostscript.com/?p=mupdf.git;a=commit;h=f595e889b91a674eb94db7ca4d832da54f5194cd
+   NOTE: switches to use int64_t for public file API offsets and 
introduced the flaw.
NOTE: 
https://github.com/mzet-/Security-Advisories/blob/master/mzet-adv-2017-01.md
 CVE-2017-17851
RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a4a65c33f5e2b6bf8ba67c22b0dde0357975821

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a4a65c33f5e2b6bf8ba67c22b0dde0357975821
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2018-6187: #888464

2018-01-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2079a449 by Salvatore Bonaccorso at 2018-01-26T00:22:32+01:00
Add bug reference for CVE-2018-6187: #888464

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -281,7 +281,7 @@ CVE-2018-6189
 CVE-2018-6188
RESERVED
 CVE-2018-6187 (In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow 
...)
-   - mupdf 
+   - mupdf  (bug #888464)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698908
 CVE-2018-6186
RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2079a4494c96edc278cad6b79c48c23414a09c45

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2079a4494c96edc278cad6b79c48c23414a09c45
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] irssi no-dsa

2018-01-25 Thread Moritz Muehlenhoff 
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5d9ac92b by Moritz Muehlenhoff at 2018-01-25T16:22:26+01:00
irssi no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2712,18 +2712,26 @@ CVE-2018-5209
RESERVED
 CVE-2018-5208 (In Irssi before 1.0.6, a calculation error in the completion 
code could ...)
- irssi  (bug #886475)
+   [stretch] - irssi  (Minor issue)
+   [jessie] - irssi  (Minor issue)
NOTE: https://irssi.org/security/irssi_sa_2018_01.txt
NOTE: 
https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
 CVE-2018-5207 (When using an incomplete variable argument, Irssi before 1.0.6 
may ...)
- irssi  (bug #886475)
+   [stretch] - irssi  (Minor issue)
+   [jessie] - irssi  (Minor issue)
NOTE: https://irssi.org/security/irssi_sa_2018_01.txt
NOTE: 
https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
 CVE-2018-5206 (When the channel topic is set without specifying a sender, 
Irssi before ...)
- irssi  (bug #886475)
+   [stretch] - irssi  (Minor issue)
+   [jessie] - irssi  (Minor issue)
NOTE: https://irssi.org/security/irssi_sa_2018_01.txt
NOTE: 
https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
 CVE-2018-5205 (When using incomplete escape codes, Irssi before 1.0.6 may 
access data ...)
- irssi  (bug #886475)
+   [stretch] - irssi  (Minor issue)
+   [jessie] - irssi  (Minor issue)
NOTE: https://irssi.org/security/irssi_sa_2018_01.txt
NOTE: 
https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
 CVE-2018-5204



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d9ac92b05369e580174c75691628f7e3c8f482d

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d9ac92b05369e580174c75691628f7e3c8f482d
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] p7zip-rar no-dsa

2018-01-25 Thread Moritz Muehlenhoff 
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0b7afbd3 by Moritz Muehlenhoff at 2018-01-25T16:32:42+01:00
p7zip-rar no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -826,6 +826,8 @@ CVE-2018-107 (libcurl 7.1 through 7.57.0 might 
accidentally leak authenticat
 CVE-2018-5996 [Memory Corruptions via RAR PPMd]
RESERVED
- p7zip-rar  (bug #888314)
+   [stretch] - p7zip-rar  (Non-free not supported)
+   [jessie] - p7zip-rar  (Non-free not supported)
NOTE: 
https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
 CVE-2018-5995
RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b7afbd31f25679ee24b0973c4ec6e1c1e02b7d1

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b7afbd31f25679ee24b0973c4ec6e1c1e02b7d1
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] poppler DSA

2018-01-25 Thread Moritz Muehlenhoff 
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ffe1c712 by Moritz Muehlenhoff at 2018-01-25T13:19:45+01:00
poppler DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -22776,6 +22776,8 @@ CVE-2017-14930 (Memory leak in decode_line_info in 
dwarf2.c in the Binary File .
NOTE: 
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a26a013f22a19e2c16729e64f40ef8a7dfcc086e
 CVE-2017-14929 (In Poppler 0.59.0, memory corruption occurs in a call to ...)
- poppler 0.61.1-2 (bug #877222)
+   [stretch] - poppler 0.48.0-2+deb9u2
+   [jessie] - poppler  (Minor impact, too intrusive to backport)
[wheezy] - poppler  (unreproducible, requires API change which 
appears to be too intrusive in this case.)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102969
NOTE: 
https://cgit.freedesktop.org/poppler/poppler/commit/?id=2c92c7b6a828c9db8a38f079ea7a3d51c12a481d


=
data/DSA/list
=
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -1,3 +1,7 @@
+[25 Jan 2018] DSA-4097-1 poppler - security update
+   {CVE-2017-1000456}
+   [jessie] - poppler 0.26.5-2+deb8u3
+   [stretch] - poppler 0.48.0-2+deb9u2
 [25 Jan 2018] DSA-4096-1 firefox-esr - security update
{CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 
CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 
CVE-2018-5117}
[jessie] - firefox-esr 52.6.0esr-1~deb8u1


=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -46,9 +46,6 @@ phpmyadmin/oldstable
 --
 pjproject
 --
-poppler
-  For regression introduced in DSA-4079: #886733
---
 qemu/oldstable
 --
 redmine



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ffe1c712a15f7330ce0401ba7959d11b27720957

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ffe1c712a15f7330ce0401ba7959d11b27720957
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add new dovecot issue (CVE-2017-15132)

2018-01-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e3e58713 by Salvatore Bonaccorso at 2018-01-25T13:24:37+01:00
Add new dovecot issue (CVE-2017-15132)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -21929,8 +21929,11 @@ CVE-2017-15134 [Remote DoS via search filters in 
slapi_filter_sprintf in slapd/u
- 389-ds-base 
 CVE-2017-15133
RESERVED
-CVE-2017-15132
+CVE-2017-15132 [dovecot: auth client leaks memory if SASL authentication is 
aborted]
RESERVED
+   - dovecot 
+   NOTE: 
https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch
+   NOTE: http://www.openwall.com/lists/oss-security/2018/01/25/4
 CVE-2017-15131 (It was found that system umask policy is not being honored 
when ...)
- xdg-user-dirs  (unimportant)
NOTE: The CVE relates that created directories by xdg-user-dirs might 
not



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e3e5871353507402edfb1514759546a41895cf5c

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e3e5871353507402edfb1514759546a41895cf5c
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update dla-needed entry for lame

2018-01-25 Thread Hugo Lefeuvre 
Hugo Lefeuvre pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
dc08a19a by Hugo Lefeuvre at 2018-01-25T10:01:19+01:00
Update dla-needed entry for lame

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -24,7 +24,8 @@ isc-dhcp (Thorsten Alteholz)
 --
 lame (Hugo Lefeuvre)
   NOTE: Couldn't reproduce CVE-2017-{69-72}, but successfully reproduced 
CVE-2017-150{18,45,46}
-  NOTE: 20180118: Fabian showed interest in porting lame to libsndfile, but 
probably didn't have time until now. Just pinged him.
+  NOTE: 20180125: Fabian showed interest in porting lame to libsndfile and 
submitted a patch draft for Jessie.
+  NOTE: I'll test it, submit the update for Jessie and backport the result to 
Wheezy on time.
 --
 libav (Hugo Lefeuvre)
   NOTE: 20180118: Diego Biurrun (from the libav team) was working on patches, 
but encountered personal issues and had to stop.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/dc08a19a873d98d046a7cf69866655b0dc410801

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/dc08a19a873d98d046a7cf69866655b0dc410801
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

2018-01-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d8c5dfb1 by security tracker role at 2018-01-25T09:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,14 +1,262 @@
-CVE-2018-6198 [insecure temporary files creation when ~/.w3m is unwritable]
+CVE-2018-6312
+   RESERVED
+CVE-2018-6311
+   RESERVED
+CVE-2018-6310
+   RESERVED
+CVE-2018-6309
+   RESERVED
+CVE-2018-6308 (Multiple SQL injections exist in SugarCRM Community Edition 
6.5.26 and ...)
+   TODO: check
+CVE-2018-6307
+   RESERVED
+CVE-2018-6306
+   RESERVED
+CVE-2018-6305
+   RESERVED
+CVE-2018-6304
+   RESERVED
+CVE-2018-6303
+   RESERVED
+CVE-2018-6302
+   RESERVED
+CVE-2018-6301
+   RESERVED
+CVE-2018-6300
+   RESERVED
+CVE-2018-6299
+   RESERVED
+CVE-2018-6298
+   RESERVED
+CVE-2018-6297
+   RESERVED
+CVE-2018-6296
+   RESERVED
+CVE-2018-6295
+   RESERVED
+CVE-2018-6294
+   RESERVED
+CVE-2018-6293
+   RESERVED
+CVE-2018-6292
+   RESERVED
+CVE-2018-6291
+   RESERVED
+CVE-2018-6290
+   RESERVED
+CVE-2018-6289
+   RESERVED
+CVE-2018-6288
+   RESERVED
+CVE-2018-6287
+   RESERVED
+CVE-2018-6286
+   RESERVED
+CVE-2018-6285
+   RESERVED
+CVE-2018-6284
+   RESERVED
+CVE-2018-6283
+   RESERVED
+CVE-2018-6282
+   RESERVED
+CVE-2018-6281
+   RESERVED
+CVE-2018-6280
+   RESERVED
+CVE-2018-6279
+   RESERVED
+CVE-2018-6278
+   RESERVED
+CVE-2018-6277
+   RESERVED
+CVE-2018-6276
+   RESERVED
+CVE-2018-6275
+   RESERVED
+CVE-2018-6274
+   RESERVED
+CVE-2018-6273
+   RESERVED
+CVE-2018-6272
+   RESERVED
+CVE-2018-6271
+   RESERVED
+CVE-2018-6270
+   RESERVED
+CVE-2018-6269
+   RESERVED
+CVE-2018-6268
+   RESERVED
+CVE-2018-6267
+   RESERVED
+CVE-2018-6266
+   RESERVED
+CVE-2018-6265
+   RESERVED
+CVE-2018-6264
+   RESERVED
+CVE-2018-6263
+   RESERVED
+CVE-2018-6262
+   RESERVED
+CVE-2018-6261
+   RESERVED
+CVE-2018-6260
+   RESERVED
+CVE-2018-6259
+   RESERVED
+CVE-2018-6258
+   RESERVED
+CVE-2018-6257
+   RESERVED
+CVE-2018-6256
+   RESERVED
+CVE-2018-6255
+   RESERVED
+CVE-2018-6254
+   RESERVED
+CVE-2018-6253
+   RESERVED
+CVE-2018-6252
+   RESERVED
+CVE-2018-6251
+   RESERVED
+CVE-2018-6250
+   RESERVED
+CVE-2018-6249
+   RESERVED
+CVE-2018-6248
+   RESERVED
+CVE-2018-6247
+   RESERVED
+CVE-2018-6246
+   RESERVED
+CVE-2018-6245
+   RESERVED
+CVE-2018-6244
+   RESERVED
+CVE-2018-6243
+   RESERVED
+CVE-2018-6242
+   RESERVED
+CVE-2018-6241
+   RESERVED
+CVE-2018-6240
+   RESERVED
+CVE-2018-6239
+   RESERVED
+CVE-2018-6238
+   RESERVED
+CVE-2018-6237
+   RESERVED
+CVE-2018-6236
+   RESERVED
+CVE-2018-6235
+   RESERVED
+CVE-2018-6234
+   RESERVED
+CVE-2018-6233
+   RESERVED
+CVE-2018-6232
+   RESERVED
+CVE-2018-6231
+   RESERVED
+CVE-2018-6230
+   RESERVED
+CVE-2018-6229
+   RESERVED
+CVE-2018-6228
+   RESERVED
+CVE-2018-6227
+   RESERVED
+CVE-2018-6226
+   RESERVED
+CVE-2018-6225
+   RESERVED
+CVE-2018-6224
+   RESERVED
+CVE-2018-6223
+   RESERVED
+CVE-2018-6222
+   RESERVED
+CVE-2018-6221
+   RESERVED
+CVE-2018-6220
+   RESERVED
+CVE-2018-6219
+   RESERVED
+CVE-2018-6218
+   RESERVED
+CVE-2018-6217 (The WStr::_alloc_iostr_data() function in kso.dll in Kingsoft 
WPS ...)
+   TODO: check
+CVE-2018-6216
+   RESERVED
+CVE-2018-6215
+   RESERVED
+CVE-2018-6214
+   RESERVED
+CVE-2018-6213
+   RESERVED
+CVE-2018-6212
+   RESERVED
+CVE-2018-6211
+   RESERVED
+CVE-2018-6210
+   RESERVED
+CVE-2018-6209 (In Max Secure Anti Virus 19.0.3.019,, the driver file 
(MaxCryptMon.sys) ...)
+   TODO: check
+CVE-2018-6208 (In Max Secure Anti Virus 19.0.3.019,, the driver file ...)
+   TODO: check
+CVE-2018-6207 (In Max Secure Anti Virus 19.0.3.019,, the driver file ...)
+   TODO: check
+CVE-2018-6206 (In Max Secure Anti Virus 19.0.3.019,, the driver file ...)
+   TODO: check
+CVE-2018-6205 (In Max Secure Anti Virus 19.0.3.019,, the driver file ...)
+   TODO: check
+CVE-2018-6204 (In Max Secure Anti Virus 19.0.3.019,, the driver file 
(SDActMon.sys) ...)
+   TODO: check
+CVE-2018-6203 (In eScan Antivirus 14.0.1400.2029, the driver file 
(econceal.sys) ...)
+   TODO: check
+CVE-2018-6202 (In eScan Antivirus 14.0.1400.2029, the driver file 
(econceal.sys) ...)
+   TODO: check
+CVE-2018-6201 (In eScan Antivirus 14.0.1400.2029, the driver file 
(econceal.sys) ...)
+   TODO: check
+CVE-2018-6200 (vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect 
via the ...)
+   TODO: check
+CVE-2018-6199
+   RESERVED

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: follow security with no-dsa for isc-dhcp

2018-01-25 Thread Thorsten Alteholz 
Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
15c8e95c by Thorsten Alteholz at 2018-01-25T11:13:11+01:00
follow security with no-dsa for isc-dhcp

- - - - -
d0025168 by Thorsten Alteholz at 2018-01-25T11:13:47+01:00
no-dsa for isc-dhcp

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -58905,6 +58905,7 @@ CVE-2017-3144 [dhcp: omapi code doesn't free socket 
descriptors when empty messa
- isc-dhcp  (bug #887413)
[stretch] - isc-dhcp  (Minor issue)
[jessie] - isc-dhcp  (Minor issue)
+   [wheezy] - isc-dhcp  (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1522918
NOTE: 
https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=1a6b62fe17a42b00fa234d06b6dfde3d03451894
 CVE-2017-3143 [An error in TSIG authentication can permit unauthorized dynamic 
updates]


=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -20,8 +20,6 @@ icu
 --
 irssi (Emilio Pozuelo)
 --
-isc-dhcp (Thorsten Alteholz)
---
 lame (Hugo Lefeuvre)
   NOTE: Couldn't reproduce CVE-2017-{69-72}, but successfully reproduced 
CVE-2017-150{18,45,46}
   NOTE: 20180125: Fabian showed interest in porting lame to libsndfile and 
submitted a patch draft for Jessie.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/c5e428fbc9fd0db0cc94358a9be87b5001f51f63...d0025168fac79aa3806dc83da486f4e4fbb2de84

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/c5e428fbc9fd0db0cc94358a9be87b5001f51f63...d0025168fac79aa3806dc83da486f4e4fbb2de84
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

2018-01-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1dc06687 by Salvatore Bonaccorso at 2018-01-25T10:20:43+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -7,7 +7,7 @@ CVE-2018-6310
 CVE-2018-6309
RESERVED
 CVE-2018-6308 (Multiple SQL injections exist in SugarCRM Community Edition 
6.5.26 and ...)
-   TODO: check
+   NOT-FOR-US: SugarCRM
 CVE-2018-6307
RESERVED
 CVE-2018-6306
@@ -189,7 +189,7 @@ CVE-2018-6219
 CVE-2018-6218
RESERVED
 CVE-2018-6217 (The WStr::_alloc_iostr_data() function in kso.dll in Kingsoft 
WPS ...)
-   TODO: check
+   NOT-FOR-US: Kingsoft WPS Office
 CVE-2018-6216
RESERVED
 CVE-2018-6215
@@ -205,23 +205,23 @@ CVE-2018-6211
 CVE-2018-6210
RESERVED
 CVE-2018-6209 (In Max Secure Anti Virus 19.0.3.019,, the driver file 
(MaxCryptMon.sys) ...)
-   TODO: check
+   NOT-FOR-US: Max Secure Anti Virus
 CVE-2018-6208 (In Max Secure Anti Virus 19.0.3.019,, the driver file ...)
-   TODO: check
+   NOT-FOR-US: Max Secure Anti Virus
 CVE-2018-6207 (In Max Secure Anti Virus 19.0.3.019,, the driver file ...)
-   TODO: check
+   NOT-FOR-US: Max Secure Anti Virus
 CVE-2018-6206 (In Max Secure Anti Virus 19.0.3.019,, the driver file ...)
-   TODO: check
+   NOT-FOR-US: Max Secure Anti Virus
 CVE-2018-6205 (In Max Secure Anti Virus 19.0.3.019,, the driver file ...)
-   TODO: check
+   NOT-FOR-US: Max Secure Anti Virus
 CVE-2018-6204 (In Max Secure Anti Virus 19.0.3.019,, the driver file 
(SDActMon.sys) ...)
-   TODO: check
+   NOT-FOR-US: Max Secure Anti Virus
 CVE-2018-6203 (In eScan Antivirus 14.0.1400.2029, the driver file 
(econceal.sys) ...)
-   TODO: check
+   NOT-FOR-US: eScan Antivirus
 CVE-2018-6202 (In eScan Antivirus 14.0.1400.2029, the driver file 
(econceal.sys) ...)
-   TODO: check
+   NOT-FOR-US: eScan Antivirus
 CVE-2018-6201 (In eScan Antivirus 14.0.1400.2029, the driver file 
(econceal.sys) ...)
-   TODO: check
+   NOT-FOR-US: eScan Antivirus
 CVE-2018-6200 (vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect 
via the ...)
TODO: check
 CVE-2018-6199
@@ -237,7 +237,7 @@ CVE-2018-6192 (In Artifex MuPDF 1.12.0, the 
pdf_read_new_xref function in ...)
 CVE-2018-6191 (The js_strtod function in jsdtoa.c in Artifex MuJS through 
1.0.2 has an ...)
TODO: check
 CVE-2018-6190 (Netis WF2419 V3.2.41381 devices allow XSS via the Description 
field on ...)
-   TODO: check
+   NOT-FOR-US: Netis WF2419 V3.2.41381 devices
 CVE-2017-1000504 (A race condition during Jenkins 2.94 and earlier; 2.89.1 and 
earlier ...)
TODO: check
 CVE-2017-1000503 (A race condition during Jenkins 2.81 through 2.94 
(inclusive); 2.89.1 ...)
@@ -245,7 +245,7 @@ CVE-2017-1000503 (A race condition during Jenkins 2.81 
through 2.94 (inclusive);
 CVE-2017-1000502 (Users with permission to create or configure agents in 
Jenkins 1.37 ...)
TODO: check
 CVE-2017-1000474 (Soyket Chowdhury Vehicle Sales Management System version 
2017-07-30 is ...)
-   TODO: check
+   NOT-FOR-US: Soyket Chowdhury Vehicle Sales Management System
 CVE-2018-6198 (w3m through 0.5.3 does not properly handle temporary files when 
the ...)
- w3m  (bug #888097; unimportant)
NOTE: 
https://github.com/tats/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753
@@ -810,7 +810,7 @@ CVE-2018-5968 (FasterXML jackson-databind through 2.8.11 
and 2.9.x through 2.9.3
NOTE: https://github.com/FasterXML/jackson-databind/issues/1899
NOTE: 
https://github.com/FasterXML/jackson-databind/commit/038b471e2efde2e8f96b4e0be958d3e5a1ff1d05
 CVE-2018-5967 (Netis WF2419 V2.2.36123 devices allow XSS via the Description 
parameter ...)
-   TODO: check
+   NOT-FOR-US: Netis WF2419 V2.2.36123 devices
 CVE-2018-5966
RESERVED
 CVE-2018-5965



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1dc06687257008717df0e141e1656bd9651c9263

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1dc06687257008717df0e141e1656bd9651c9263
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-6192/mupdf

2018-01-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
485ffa35 by Salvatore Bonaccorso at 2018-01-25T10:21:09+01:00
Add CVE-2018-6192/mupdf

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -233,6 +233,8 @@ CVE-2018-6194
 CVE-2018-6193 (A Cross-Site Scripting (XSS) vulnerability was found in 
Routers2 2.24, ...)
TODO: check
 CVE-2018-6192 (In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in ...)
+   - mupdf 
+   NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698916
TODO: check
 CVE-2018-6191 (The js_strtod function in jsdtoa.c in Artifex MuJS through 
1.0.2 has an ...)
TODO: check



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/485ffa35c103485e1847b4bc43eeb624665aafac

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/485ffa35c103485e1847b4bc43eeb624665aafac
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process three jenkins issues (removed)

2018-01-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3e350817 by Salvatore Bonaccorso at 2018-01-25T10:21:32+01:00
Process three jenkins issues (removed)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -241,11 +241,11 @@ CVE-2018-6191 (The js_strtod function in jsdtoa.c in 
Artifex MuJS through 1.0.2 
 CVE-2018-6190 (Netis WF2419 V3.2.41381 devices allow XSS via the Description 
field on ...)
NOT-FOR-US: Netis WF2419 V3.2.41381 devices
 CVE-2017-1000504 (A race condition during Jenkins 2.94 and earlier; 2.89.1 and 
earlier ...)
-   TODO: check
+   - jenkins 
 CVE-2017-1000503 (A race condition during Jenkins 2.81 through 2.94 
(inclusive); 2.89.1 ...)
-   TODO: check
+   - jenkins 
 CVE-2017-1000502 (Users with permission to create or configure agents in 
Jenkins 1.37 ...)
-   TODO: check
+   - jenkins 
 CVE-2017-1000474 (Soyket Chowdhury Vehicle Sales Management System version 
2017-07-30 is ...)
NOT-FOR-US: Soyket Chowdhury Vehicle Sales Management System
 CVE-2018-6198 (w3m through 0.5.3 does not properly handle temporary files when 
the ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3e350817d35d06ab9462481b737de9e37b5927c1

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3e350817d35d06ab9462481b737de9e37b5927c1
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Drop Guido from frontdesk when he's not available

2018-01-25 Thread Raphaël Hertzog 
Raphaël Hertzog pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c5e428fb by Raphaël Hertzog at 2018-01-25T11:09:10+01:00
Drop Guido from frontdesk when hes not available

- - - - -


1 changed file:

- org/lts-frontdesk.2018.txt


Changes:

=
org/lts-frontdesk.2018.txt
=
--- a/org/lts-frontdesk.2018.txt
+++ b/org/lts-frontdesk.2018.txt
@@ -17,7 +17,7 @@ From 15-01 to 21-01:Guido Günther 
 From 22-01 to 28-01:Thorsten Alteholz 
 From 29-01 to 04-02:Ola Lundqvist 
 From 05-02 to 11-02:Markus Koschany 
-From 12-02 to 18-02:Guido Günther 
+From 12-02 to 18-02:
 From 19-02 to 25-02:Chris Lamb 
 From 26-02 to 04-03:Antoine Beaupré 
 From 05-03 to 11-03:Chris Lamb 
@@ -28,7 +28,7 @@ From 02-04 to 08-04:Chris Lamb 
 From 09-04 to 15-04:Antoine Beaupré 
 From 16-04 to 22-04:Markus Koschany 
 From 23-04 to 29-04:Thorsten Alteholz 
-From 30-04 to 06-05:Guido Günther 
+From 30-04 to 06-05:
 From 07-05 to 13-05:Ola Lundqvist 
 From 14-05 to 20-05:Chris Lamb 
 From 21-05 to 27-05:Markus Koschany 



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c5e428fbc9fd0db0cc94358a9be87b5001f51f63

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c5e428fbc9fd0db0cc94358a9be87b5001f51f63
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] fix syntax

2018-01-25 Thread Moritz Muehlenhoff 
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fbfc9696 by Moritz Muehlenhoff at 2018-01-25T15:14:20+01:00
fix syntax

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -260,7 +260,7 @@ CVE-2018-6197 (w3m through 0.5.3 is prone to a NULL pointer 
dereference flaw in 
NOTE: https://github.com/tats/w3m/issues/89
NOTE: 
https://github.com/tats/w3m/commit/7fdc83b0364005a0b5ed869230dd81752ba022e8
 CVE-2018-6196 (w3m through 0.5.3 is prone to an infinite recursion flaw in ...)
-   - w3m 0.5.3-36 (low
+   - w3m 0.5.3-36 (low)
[stretch] - w3m  (Minor issue)
[jessie] - w3m  (Minor issue)
[wheezy] - w3m  (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fbfc96966a6d89458d19938efbcf14f23b55e9a7

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fbfc96966a6d89458d19938efbcf14f23b55e9a7
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] add jackson-databind to dsa-needed

2018-01-25 Thread Moritz Muehlenhoff 
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
06ea959f by Moritz Muehlenhoff at 2018-01-25T15:16:28+01:00
add jackson-databind to dsa-needed

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -22,6 +22,8 @@ graphicsmagick
 --
 imagemagick/oldstable (jmm)
 --
+jackson-databind
+--
 libav/oldstable
   We can ship the next libav 11.x point release when available
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/06ea959f8738fa2ca019b9273df00e9dd21e69ef

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/06ea959f8738fa2ca019b9273df00e9dd21e69ef
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] add dovecot to dsa-needed

2018-01-25 Thread Moritz Muehlenhoff 
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5934fc1d by Moritz Muehlenhoff at 2018-01-25T15:16:57+01:00
add dovecot to dsa-needed

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -18,6 +18,8 @@ chromium-browser/stable
 --
 curl (ghedo)
 --
+dovecot (carnil)
+--
 graphicsmagick
 --
 imagemagick/oldstable (jmm)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5934fc1d72a4332ec192e13a2517d5e73300cfc3

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5934fc1d72a4332ec192e13a2517d5e73300cfc3
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] new chromium issues

2018-01-25 Thread Moritz Muehlenhoff 
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d0d2cde3 by Moritz Muehlenhoff at 2018-01-25T14:48:07+01:00
new chromium issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -550,52 +550,124 @@ CVE-2018-6055
RESERVED
 CVE-2018-6054
RESERVED
+   - chromium-browser 
+   [jessie] - chromium-browser  (End of life, see DSA 4020)
+   [wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2018-6053
RESERVED
+   - chromium-browser 
+   [jessie] - chromium-browser  (End of life, see DSA 4020)
+   [wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2018-6052
RESERVED
+   - chromium-browser 
+   [jessie] - chromium-browser  (End of life, see DSA 4020)
+   [wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2018-6051
RESERVED
+   - chromium-browser 
+   [jessie] - chromium-browser  (End of life, see DSA 4020)
+   [wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2018-6050
RESERVED
+   - chromium-browser 
+   [jessie] - chromium-browser  (End of life, see DSA 4020)
+   [wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2018-6049
RESERVED
+   - chromium-browser 
+   [jessie] - chromium-browser  (End of life, see DSA 4020)
+   [wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2018-6048
RESERVED
+   - chromium-browser 
+   [jessie] - chromium-browser  (End of life, see DSA 4020)
+   [wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2018-6047
RESERVED
+   - chromium-browser 
+   [jessie] - chromium-browser  (End of life, see DSA 4020)
+   [wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2018-6046
RESERVED
+   - chromium-browser 
+   [jessie] - chromium-browser  (End of life, see DSA 4020)
+   [wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2018-6045
RESERVED
+   - chromium-browser 
+   [jessie] - chromium-browser  (End of life, see DSA 4020)
+   [wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2018-6044
RESERVED
+   - chromium-browser 
+   [jessie] - chromium-browser  (End of life, see DSA 4020)
+   [wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2018-6043
RESERVED
+   - chromium-browser 
+   [jessie] - chromium-browser  (End of life, see DSA 4020)
+   [wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2018-6042
RESERVED
+   - chromium-browser 
+   [jessie] - chromium-browser  (End of life, see DSA 4020)
+   [wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2018-6041
RESERVED
+   - chromium-browser 
+   [jessie] - chromium-browser  (End of life, see DSA 4020)
+   [wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2018-6040
RESERVED
+   - chromium-browser 
+   [jessie] - chromium-browser  (End of life, see DSA 4020)
+   [wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2018-6039
RESERVED
+   - chromium-browser 
+   [jessie] - chromium-browser  (End of life, see DSA 4020)
+   [wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2018-6038
RESERVED
+   - chromium-browser 
+   [jessie] - chromium-browser  (End of life, see DSA 4020)
+   [wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2018-6037
RESERVED
+   - chromium-browser 
+   [jessie] - chromium-browser  (End of life, see DSA 4020)
+   [wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2018-6036
RESERVED
+   - chromium-browser 
+   [jessie] - chromium-browser  (End of life, see DSA 4020)
+   [wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2018-6035
RESERVED
+   - chromium-browser 
+   [jessie] - chromium-browser  (End of life, see DSA 4020)
+   [wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2018-6034
RESERVED
+   - chromium-browser 
+   [jessie] - chromium-browser  (End of life, see DSA 4020)
+   [wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2018-6033
RESERVED
+   - chromium-browser 
+   [jessie] - chromium-browser  (End of life, see DSA 4020)
+   [wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2018-6032
RESERVED
+   - chromium-browser 
+   [jessie] - chromium-browser  (End of life, see DSA 4020)
+   [wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2018-6031
RESERVED
+   - chromium-browser 
+   [jessie] - chromium-browser  (End of life, see DSA 4020)
+   [wheezy] - chromium-browser  (Not supported in Wheezy)
 CVE-2018-6030
RESERVED
 CVE-2018-116 (Jenkins Ant

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] follow security team with CVEs for w3m

2018-01-25 Thread Thorsten Alteholz 
Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7d870b82 by Thorsten Alteholz at 2018-01-25T14:02:18+01:00
follow security team with CVEs for w3m

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -256,12 +256,14 @@ CVE-2018-6197 (w3m through 0.5.3 is prone to a NULL 
pointer dereference flaw in 
- w3m 
[stretch] - w3m  (Minor issue)
[jessie] - w3m  (Minor issue)
+   [wheezy] - w3m  (Minor issue)
NOTE: https://github.com/tats/w3m/issues/89
NOTE: 
https://github.com/tats/w3m/commit/7fdc83b0364005a0b5ed869230dd81752ba022e8
 CVE-2018-6196 (w3m through 0.5.3 is prone to an infinite recursion flaw in ...)
- w3m 
[stretch] - w3m  (Minor issue)
[jessie] - w3m  (Minor issue)
+   [wheezy] - w3m  (Minor issue)
NOTE: https://github.com/tats/w3m/issues/88
NOTE: 
https://github.com/tats/w3m/commit/8354763b90490d4105695df52674d0fcef823e92
 CVE-2018-6189



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7d870b8244832e9771b6f5a50727b9b6feddffdc

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7d870b8244832e9771b6f5a50727b9b6feddffdc
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] w3m fixed

2018-01-25 Thread Moritz Muehlenhoff 
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9bebbe94 by Moritz Muehlenhoff at 2018-01-25T14:54:01+01:00
w3m fixed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -249,18 +249,18 @@ CVE-2017-1000502 (Users with permission to create or 
configure agents in Jenkins
 CVE-2017-1000474 (Soyket Chowdhury Vehicle Sales Management System version 
2017-07-30 is ...)
NOT-FOR-US: Soyket Chowdhury Vehicle Sales Management System
 CVE-2018-6198 (w3m through 0.5.3 does not properly handle temporary files when 
the ...)
-   - w3m  (bug #888097; unimportant)
+   - w3m 0.5.3-36 (bug #888097; unimportant)
NOTE: 
https://github.com/tats/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753
NOTE: Neutralised by kernel hardening
 CVE-2018-6197 (w3m through 0.5.3 is prone to a NULL pointer dereference flaw 
in ...)
-   - w3m 
+   - w3m 0.5.3-36 (low)
[stretch] - w3m  (Minor issue)
[jessie] - w3m  (Minor issue)
[wheezy] - w3m  (Minor issue)
NOTE: https://github.com/tats/w3m/issues/89
NOTE: 
https://github.com/tats/w3m/commit/7fdc83b0364005a0b5ed869230dd81752ba022e8
 CVE-2018-6196 (w3m through 0.5.3 is prone to an infinite recursion flaw in ...)
-   - w3m 
+   - w3m 0.5.3-36 (low
[stretch] - w3m  (Minor issue)
[jessie] - w3m  (Minor issue)
[wheezy] - w3m  (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9bebbe941b7379efa9f5bbe9fcad581f25849c71

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9bebbe941b7379efa9f5bbe9fcad581f25849c71
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add mupdf to dla-needed and claim it.

2018-01-25 Thread Hugo Lefeuvre 
Hugo Lefeuvre pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4f2ad4a1 by Hugo Lefeuvre at 2018-01-25T15:34:08+01:00
Add mupdf to dla-needed and claim it.

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -45,6 +45,8 @@ ming (Hugo Lefeuvre)
   NOTE: 20180118: wip, currently working on it with upstream, might take a 
while
   NOTE: Some issues currently in upstream's bug tracker are missing a CVE 
number, so number of issues might increase in the next weeks
 --
+mupdf (Hugo Lefeuvre)
+--
 opencv (Thorsten Alteholz)
 --
 openjdk-7 (Emilio Pozuelo)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4f2ad4a1be743e2edf9ee8bc3902699e805c410a

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4f2ad4a1be743e2edf9ee8bc3902699e805c410a
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for CVE-2017-15132/dovecot: #888432

2018-01-25 Thread Salvatore Bonaccorso 
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a9bde9ae by Salvatore Bonaccorso at 2018-01-25T15:45:51+01:00
Add bug reference for CVE-2017-15132/dovecot: #888432

At same time remove oss-security reference, not adding much and already
given by cross reference.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -22005,9 +22005,8 @@ CVE-2017-15133
RESERVED
 CVE-2017-15132 [dovecot: auth client leaks memory if SASL authentication is 
aborted]
RESERVED
-   - dovecot 
+   - dovecot  (bug #888432)
NOTE: 
https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch
-   NOTE: http://www.openwall.com/lists/oss-security/2018/01/25/4
 CVE-2017-15131 (It was found that system umask policy is not being honored 
when ...)
- xdg-user-dirs  (unimportant)
NOTE: The CVE relates that created directories by xdg-user-dirs might 
not



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a9bde9ae3054acc715f456ec627ef0079730

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a9bde9ae3054acc715f456ec627ef0079730
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] reclaim agx lts frontdesk weeks

2018-01-25 Thread Antoine Beaupré 
Antoine Beaupré pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c4a42421 by Antoine Beaupré at 2018-01-25T09:46:30-05:00
reclaim agx lts frontdesk weeks

- - - - -


1 changed file:

- org/lts-frontdesk.2018.txt


Changes:

=
org/lts-frontdesk.2018.txt
=
--- a/org/lts-frontdesk.2018.txt
+++ b/org/lts-frontdesk.2018.txt
@@ -17,7 +17,7 @@ From 15-01 to 21-01:Guido Günther 
 From 22-01 to 28-01:Thorsten Alteholz 
 From 29-01 to 04-02:Ola Lundqvist 
 From 05-02 to 11-02:Markus Koschany 
-From 12-02 to 18-02:
+From 12-02 to 18-02:Antoine Beaupré 
 From 19-02 to 25-02:Chris Lamb 
 From 26-02 to 04-03:Antoine Beaupré 
 From 05-03 to 11-03:Chris Lamb 
@@ -28,7 +28,7 @@ From 02-04 to 08-04:Chris Lamb 
 From 09-04 to 15-04:Antoine Beaupré 
 From 16-04 to 22-04:Markus Koschany 
 From 23-04 to 29-04:Thorsten Alteholz 
-From 30-04 to 06-05:
+From 30-04 to 06-05:Antoine Beaupré 
 From 07-05 to 13-05:Ola Lundqvist 
 From 14-05 to 20-05:Chris Lamb 
 From 21-05 to 27-05:Markus Koschany 



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4a42421d4c485f9f9ac1cd2de58b66af0ae6d1e

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4a42421d4c485f9f9ac1cd2de58b66af0ae6d1e
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: add knot-resolver to dsa-needed

2018-01-25 Thread Moritz Muehlenhoff 
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6589de50 by Moritz Muehlenhoff at 2018-01-25T16:08:16+01:00
add knot-resolver to dsa-needed

- - - - -
9a39627a by Moritz Muehlenhoff at 2018-01-25T16:09:43+01:00
Merge branch master of 
salsa.debian.org:security-tracker-team/security-tracker

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -26,6 +26,8 @@ imagemagick/oldstable (jmm)
 --
 jackson-databind
 --
+knot-resolver
+--
 libav/oldstable
   We can ship the next libav 11.x point release when available
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/c4a42421d4c485f9f9ac1cd2de58b66af0ae6d1e...9a39627a49ea305dfe9bd8e420da202afa196521

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/c4a42421d4c485f9f9ac1cd2de58b66af0ae6d1e...9a39627a49ea305dfe9bd8e420da202afa196521
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] add mercurial to dsa-needed

2018-01-25 Thread Moritz Muehlenhoff 
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e65fa623 by Moritz Muehlenhoff at 2018-01-25T16:11:34+01:00
add mercurial to dsa-needed

- - - - -


1 changed file:

- data/dsa-needed.txt


Changes:

=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -38,6 +38,8 @@ libvpx/oldstable
 linux
   Wait until more issues have piled up
 --
+mercurial
+--
 openjdk-7/oldstable (jmm)
 --
 openjdk-8/stable (jmm)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e65fa623bb8e43d5cc4ac9efddb81e8522b34170

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e65fa623bb8e43d5cc4ac9efddb81e8522b34170
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] dnsmasq no-dsa

2018-01-25 Thread Moritz Muehlenhoff 
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7492440e by Moritz Muehlenhoff at 2018-01-25T16:10:58+01:00
dnsmasq no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -22128,6 +22128,8 @@ CVE-2017-15108 (spice-vdagent up to and including 
0.17.0 does not properly escap
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1510864
 CVE-2017-15107 (A vulnerability was found in the implementation of DNSSEC in 
Dnsmasq ...)
- dnsmasq  (bug #888200)
+   [stretch] - dnsmasq  (Minor issue)
+   [jessie] - dnsmasq  (Minor issue)
NOTE: 
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html
NOTE: 
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=4fe6744a220eddd3f1749b40cac3dfc510787de6
 CVE-2017-15106



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7492440e3e1f924f468e214d6b92c6572c77a676

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7492440e3e1f924f468e214d6b92c6572c77a676
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits