@@
NOTE: fixed! Those checks should probably be added by cherry-picking
NOTE: additional upstream changes.
--
-p7zip (Brian May)
- NOTE: CPP/7zip/Archive/Udf/UdfIn.cpp line 261?
---
php5 (Thorsten Alteholz)
--
qemu
___
Secure-testing-commits
Author: bam
Date: 2016-06-02 07:29:05 + (Thu, 02 Jun 2016)
New Revision: 42241
Modified:
data/CVE/list
Log:
Clarify wheezy is broken
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-02 07:27:38 UTC (rev 42240)
+++
)
+++ data/dla-needed.txt 2016-06-02 07:33:15 UTC (rev 42242)
@@ -61,7 +61,7 @@
NOTE: maintainer would like help working on the updates but will handle the
updates himself
NOTE: 20160518175636.ga29...@roeckx.be
--
-p7zip
+p7zip (Brian May)
NOTE: CPP/7zip/Archive/Udf/UdfIn.cpp line 261
Author: bam
Date: 2016-06-02 07:27:38 + (Thu, 02 Jun 2016)
New Revision: 42240
Modified:
data/CVE/list
Log:
No upstream fix for this
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-02 06:21:58 UTC (rev 42239)
+++
)
+++ data/dla-needed.txt 2016-06-23 07:55:08 UTC (rev 42739)
@@ -54,12 +54,13 @@
NOTE: maintainer would like help working on the updates but will handle the
updates himself
NOTE: 20160518175636.ga29...@roeckx.be
--
-openssl (Brian May)
+openssl
NOTE: For CVE-2016-2177, some parts
.
--
-pidgin
+pidgin (Brian May)
--
php5 (Thorsten Alteholz)
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
(rev 42595)
+++ data/dla-needed.txt 2016-06-17 08:22:01 UTC (rev 42596)
@@ -51,11 +51,12 @@
NOTE: maintainer would like help working on the updates but will handle the
updates himself
NOTE: 20160518175636.ga29...@roeckx.be
--
-openssl
+openssl (Brian May)
NOTE: For CVE-2016-2177, some parts
-17 08:30:00 UTC (rev 42597)
@@ -30,8 +30,6 @@
icu (Roberto C. Sánchez)
NOTE: check comments on CVE-2016-0494 as well
--
-imagemagick (Brian May)
---
libjackson-json-java
--
libspring-java
___
Secure-testing-commits mailing list
Secure-testing
(rev 39554)
+++ data/dla-needed.txt 2016-02-09 06:09:57 UTC (rev 39555)
@@ -35,7 +35,7 @@
NOTE: check comments on CVE-2016-0494 as well
NOTE: tentative package for icu
https://lists.debian.org/debian-lts/2016/01/msg00133.html
--
-imagemagick
+imagemagick (Brian May)
NOTE: only minor
UTC (rev 39556)
@@ -26,11 +26,6 @@
dwarfutils
NOTE: 20160123, no CVE assigned yet, no fix availabe yet
--
-gajim (Brian May)
- NOTE: _rosterSetCB in src/common/connection_handlers.py ?
- NOTE: I believe the referenced patch should fix this:
- NOTE:
https://trac.gajim.org/changeset
Author: bam
Date: 2016-02-12 00:22:57 + (Fri, 12 Feb 2016)
New Revision: 39619
Modified:
data/CVE/list
Log:
dcraw vulnerable in stretch
Modified: data/CVE/list
===
--- data/CVE/list 2016-02-12 00:11:23 UTC (rev 39618)
Author: bam
Date: 2016-02-12 00:11:23 + (Fri, 12 Feb 2016)
New Revision: 39618
Modified:
data/CVE/list
Log:
dcraw
dcraw not affected by CVE-2015-8367, as vulnerability is in C++ code, and dcraw
is C only.
dcraw 8.99-1+b1 in squeeze and wheezy looks safe from CVE-2015-8366.
dcraw
Author: bam
Date: 2016-02-12 00:40:18 + (Fri, 12 Feb 2016)
New Revision: 39620
Modified:
data/CVE/list
Log:
dcraw broken in >= jessie
Modified: data/CVE/list
===
--- data/CVE/list 2016-02-12 00:22:57 UTC (rev 39619)
Author: bam
Date: 2016-02-12 01:05:23 + (Fri, 12 Feb 2016)
New Revision: 39621
Modified:
data/CVE/list
Log:
This was fixed after 0.8.9
Modified: data/CVE/list
===
--- data/CVE/list 2016-02-12 00:40:18 UTC (rev 39620)
Author: bam
Date: 2016-02-12 03:01:22 + (Fri, 12 Feb 2016)
New Revision: 39622
Modified:
data/CVE/list
Log:
Check exactimage
Modified: data/CVE/list
===
--- data/CVE/list 2016-02-12 01:05:23 UTC (rev 39621)
+++
Author: bam
Date: 2016-02-12 03:03:05 + (Fri, 12 Feb 2016)
New Revision: 39623
Modified:
data/CVE/list
Log:
Fix vulnerable
Modified: data/CVE/list
===
--- data/CVE/list 2016-02-12 03:01:22 UTC (rev 39622)
+++
)
+++ data/dla-needed.txt 2016-01-31 01:05:12 UTC (rev 39362)
@@ -30,8 +30,10 @@
--
eglibc (Santiago R.R.)
--
-gajim
+gajim (Brian May)
NOTE: _rosterSetCB in src/common/connection_handlers.py ?
+ NOTE: I believe the referenced patch should fix this:
+ NOTE:
https://trac.gajim.org/changeset
Author: bam
Date: 2016-02-25 23:20:33 + (Thu, 25 Feb 2016)
New Revision: 39931
Modified:
data/CVE/list
Log:
Suse patch has been disputed.
https://bugzilla.novell.com/show_bug.cgi?id=960341#c26
https://bugzilla.novell.com/show_bug.cgi?id=960341#c27
Modified: data/CVE/list
Author: bam
Date: 2016-02-25 23:33:32 + (Thu, 25 Feb 2016)
New Revision: 39932
Modified:
data/dla-needed.txt
Log:
No fix yet for tiff issues
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-02-25 23:20:33 UTC
Author: bam
Date: 2016-02-22 23:29:33 + (Mon, 22 Feb 2016)
New Revision: 39823
Modified:
data/CVE/list
Log:
Add link to latest CVE request; imagemagic issues
Modified: data/CVE/list
===
--- data/CVE/list 2016-02-22
Author: bam
Date: 2016-02-26 00:05:15 + (Fri, 26 Feb 2016)
New Revision: 39933
Modified:
data/dla-needed.txt
Log:
No fix for libxml2 yet
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-02-25 23:33:32 UTC (rev
Author: bam
Date: 2016-02-26 01:24:50 + (Fri, 26 Feb 2016)
New Revision: 39934
Modified:
data/CVE/list
Log:
Fix spelling
Modified: data/CVE/list
===
--- data/CVE/list 2016-02-26 00:05:15 UTC (rev 39933)
+++
(rev 39093)
+++ data/dla-needed.txt 2016-01-23 00:37:16 UTC (rev 39094)
@@ -39,7 +39,7 @@
php5 (Thorsten Alteholz)
NOTE: next upload end of December
--
-pound
+pound (Brian May)
NOTE: updating to the wheezy option might be less error prone
--
privoxy (Thorsten Alteholz
Author: bam
Date: 2016-01-24 02:34:35 + (Sun, 24 Jan 2016)
New Revision: 39127
Modified:
data/DLA/list
Log:
Fix incorrect version
Modified: data/DLA/list
===
--- data/DLA/list 2016-01-24 02:33:19 UTC (rev 39126)
+++
39126)
@@ -58,9 +58,6 @@
php5 (Thorsten Alteholz)
NOTE: next upload end of December
--
-pound (Brian May)
- NOTE: updating to the wheezy option might be less error prone
---
radicale (Markus Koschany)
--
tiff (Santiago R.R.)
___
Secure-testing
Author: bam
Date: 2016-02-21 08:12:04 + (Sun, 21 Feb 2016)
New Revision: 39789
Modified:
data/CVE/list
Log:
Check ufraw
Modified: data/CVE/list
===
--- data/CVE/list 2016-02-20 21:10:14 UTC (rev 39788)
+++
Author: bam
Date: 2016-02-21 08:51:41 + (Sun, 21 Feb 2016)
New Revision: 39790
Modified:
data/CVE/list
Log:
Check rawtherapee
Modified: data/CVE/list
===
--- data/CVE/list 2016-02-21 08:12:04 UTC (rev 39789)
+++
Author: bam
Date: 2016-02-21 08:52:27 + (Sun, 21 Feb 2016)
New Revision: 39791
Modified:
data/CVE/list
Log:
Add comment
Modified: data/CVE/list
===
--- data/CVE/list 2016-02-21 08:51:41 UTC (rev 39790)
+++
Author: bam
Date: 2016-02-21 09:15:29 + (Sun, 21 Feb 2016)
New Revision: 39792
Modified:
data/CVE/list
Log:
check xbmc; too old to be affected
Modified: data/CVE/list
===
--- data/CVE/list 2016-02-21 08:52:27 UTC (rev
Author: bam
Date: 2016-02-21 09:29:16 + (Sun, 21 Feb 2016)
New Revision: 39793
Modified:
data/CVE/list
Log:
kodi has same dcraw.c as xbmc so not affected
Modified: data/CVE/list
===
--- data/CVE/list 2016-02-21
-needed.txt 2016-05-23 02:14:38 UTC (rev 41944)
@@ -31,9 +31,6 @@
icu (Roberto C. Sánchez)
NOTE: check comments on CVE-2016-0494 as well
--
-imagemagick (Brian May)
- NOTE: several high profile vulnerabilities
---
libjackson-json-java
--
libspring-java
(rev 41659)
+++ data/dla-needed.txt 2016-05-12 07:18:30 UTC (rev 41660)
@@ -48,9 +48,8 @@
libjackson-json-java
--
librsvg (Brian May)
- Reproduced issue in wheezy and Jessie. Need to git bisect to find fix.
- NOTE: reproducer http://seclists.org/oss-sec/2016/q2/161
- NOTE: Apparently fixed
Author: bam
Date: 2016-05-17 22:37:22 + (Tue, 17 May 2016)
New Revision: 41821
Modified:
data/DLA/list
Log:
Reserve DLA-479-1 for xen
Modified: data/DLA/list
===
--- data/DLA/list 2016-05-17 21:27:26 UTC (rev 41820)
+++
)
+++ data/dla-needed.txt 2016-05-17 23:31:52 UTC (rev 41822)
@@ -36,7 +36,7 @@
icu (Roberto C. Sánchez)
NOTE: check comments on CVE-2016-0494 as well
--
-imagemagick
+imagemagick (Brian May)
NOTE: several high profile vulnerabilities
--
libjackson-json-java
)
+++ data/dla-needed.txt 2016-05-16 08:46:37 UTC (rev 41763)
@@ -41,10 +41,6 @@
--
libjackson-json-java
--
-librsvg (Brian May)
- Packages available for testing.
- https://people.debian.org/~bam/debian/pool/main/libr/librsvg/
---
libspring-java
The JSON/JaF doesn't appear to be present
Author: bam
Date: 2016-05-16 08:18:35 + (Mon, 16 May 2016)
New Revision: 41761
Modified:
data/DLA/list
Log:
Reserve DLA-477-1 for libidn
Modified: data/DLA/list
===
--- data/DLA/list 2016-05-16 07:50:05 UTC (rev 41760)
: several high profile vulnerabilities
--
-libidn (Brian May)
- Testing is required.
- https://people.debian.org/~bam/debian/pool/main/libi/libidn/
---
libjackson-json-java
--
librsvg (Brian May)
___
Secure-testing-commits mailing list
Secure
/libidn_1.29-1+deb8u1.diff
- Help is needed to fix it so that it doesn't FTBFS
+libidn (Brian May)
+ Testing is required.
+ https://people.debian.org/~bam/debian/pool/main/libi/libidn/
--
librsvg
NOTE: reproducer http://seclists.org/oss-sec/2016/q2/161
)
+++ data/dla-needed.txt 2016-05-09 23:00:01 UTC (rev 41588)
@@ -41,7 +41,8 @@
--
libjackson-json-java
--
-librsvg
+librsvg (Brian May)
+ Reproduced issue in wheezy and Jessie. Need to git bisect to find fix.
NOTE: reproducer http://seclists.org/oss-sec/2016/q2/161
NOTE: Apparently fixed
Author: bam
Date: 2016-07-26 08:57:04 + (Tue, 26 Jul 2016)
New Revision: 43482
Modified:
data/CVE/list
Log:
Temp CVE was fixed in wheezy LTS
Modified: data/CVE/list
===
--- data/CVE/list 2016-07-26 06:29:30 UTC (rev
)
+++ data/dla-needed.txt 2016-08-03 08:34:13 UTC (rev 43736)
@@ -98,7 +98,7 @@
--
tiff3 (Markus Koschany)
--
-twisted
+twisted (Brian May)
NOTE: https://twistedmatrix.com/trac/ticket/8623
--
wireshark (Balint Reczey)
___
Secure-testing-commits
Author: bam
Date: 2016-08-15 08:20:09 + (Mon, 15 Aug 2016)
New Revision: 43978
Modified:
data/CVE/list
Log:
Add prerequisite patch for CVE-2015-8834
Modified: data/CVE/list
===
--- data/CVE/list 2016-08-14 10:57:58 UTC
Author: bam
Date: 2016-08-10 07:57:30 + (Wed, 10 Aug 2016)
New Revision: 43906
Modified:
data/CVE/list
Log:
Make twisted-web no-dsa in wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2016-08-10 04:50:11 UTC (rev
-08-10 07:58:31 UTC (rev 43907)
+++ data/dla-needed.txt 2016-08-10 08:02:33 UTC (rev 43908)
@@ -92,11 +92,6 @@
--
tiff3 (Markus Koschany)
--
-twisted (Brian May)
- NOTE: https://twistedmatrix.com/trac/ticket/8623
---
-twisted-web
---
wireshark (Balint Reczey)
--
wordpress
2016-07-18 06:47:05 UTC (rev 43250)
+++ data/dla-needed.txt 2016-07-18 08:40:35 UTC (rev 43251)
@@ -11,8 +11,6 @@
--
asterisk (Thorsten Alteholz)
--
-binutils (Brian May)
---
cacti (Emilio Pozuelo)
NOTE: Maintainer wants to review changes; see
https://lists.debian.org/<5724f47d.6
)
+++ data/dla-needed.txt 2016-07-05 06:51:33 UTC (rev 43006)
@@ -11,7 +11,7 @@
--
asterisk (Thorsten Alteholz)
--
-binutils
+binutils (Brian May)
--
binutils-h8300-hms
--
___
Secure-testing-commits mailing list
Secure-testing-commits
Author: bam
Date: 2016-08-09 08:32:56 + (Tue, 09 Aug 2016)
New Revision: 43886
Modified:
data/DLA/list
Log:
Reserve DLA-590-1 for python-django
Modified: data/DLA/list
===
--- data/DLA/list 2016-08-09 08:11:00 UTC (rev
===
--- data/dla-needed.txt 2016-07-04 09:10:11 UTC (rev 42994)
+++ data/dla-needed.txt 2016-07-04 09:31:29 UTC (rev 42995)
@@ -81,8 +81,6 @@
--
phpmyadmin (Ola Lundqvist)
--
-pidgin (Brian May)
---
quagga
NOTE: see dsa-needed's notes.
NOTE
Author: bam
Date: 2016-09-06 21:48:04 + (Tue, 06 Sep 2016)
New Revision: 44377
Modified:
data/dla-needed.txt
Log:
Remove matrixssl from dla-needed.txt
As per email
CABY6=0mdovum1vkzmxiau7rs5jysjv8mybinutz4fze11es...@mail.gmail.com
Matrixssl is seldom used and only supports SSLv3. Also
)
+++ data/dla-needed.txt 2016-09-11 22:18:10 UTC (rev 44515)
@@ -11,7 +11,7 @@
--
asterisk (Thorsten Alteholz)
--
-autotrace
+autotrace (Brian May)
NOTE: Reproducible with valgrind on Wheezy
--
chicken
___
Secure-testing-commits mailing list
Secure
Author: bam
Date: 2016-09-12 21:58:51 + (Mon, 12 Sep 2016)
New Revision: 44536
Modified:
data/dla-needed.txt
Log:
Add summary of my chicken research
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-09-12
@@
--
asterisk (Thorsten Alteholz)
--
-autotrace (Brian May)
- NOTE: Reproducible with valgrind on Wheezy
---
chicken
NOTE: See report 87twdrpcyx@prune.linuxpenguins.xyz
NOTE: Wheezy probably vulnerable however upstream patch is too invasive
44743)
+++ data/dla-needed.txt 2016-09-19 21:34:07 UTC (rev 44744)
@@ -20,7 +20,7 @@
--
gcc-mingw-w64 (Stephen Kitt)
--
-graphicsmagick
+graphicsmagick (Brian May)
--
icu (Roberto C. Sánchez)
--
___
Secure-testing-commits mailing list
Secure-testing
-needed.txt 2016-10-10 20:58:28 UTC (rev 45194)
@@ -19,8 +19,6 @@
--
ghostscript (Roberto C. Sánchez)
--
-graphicsmagick (Brian May)
---
icedove (Guido Günther)
--
icu (Roberto C. Sánchez)
___
Secure-testing-commits mailing list
Secure-testing-commits
)
+++ data/dla-needed.txt 2016-10-10 21:15:13 UTC (rev 45196)
@@ -80,7 +80,7 @@
NOTE: patch for CVE-2016-2115 has been removed intentionally in version
2:3.6.6-6+deb7u10
NOTE: so maybe this is
--
-systemd
+systemd (Brian May)
NOTE: No crash, "just" breaking notifications, s
Author: bam
Date: 2016-11-07 21:59:46 + (Mon, 07 Nov 2016)
New Revision: 46053
Modified:
data/CVE/list
Log:
CVE-2016-9013 not worth fixing in Wheezy
- is not?\194?\160triggered by normal usage, and cannot be triggered by a
malicious user.
- is documented, and can be overridden:
@@
--
spip (Jonas Meurer)
--
-systemd (Brian May)
- NOTE: No crash, "just" breaking notifications, see #839607
---
tiff (Emilio Pozuelo)
--
tiff3
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debia
-cur (Brian May)
- NOTE: Version available for testing.
- NOTE: See https://people.debian.org/~bam/debian/pool/main/l/lynx-cur/
- NOTE: Waiting for upstream 2.8.9dev12 which should fix a minor issue
- NOTE: (obsolete warning messsage to user).
- NOTE: See https://lists.debian.org/debian-lts
Author: bam
Date: 2016-11-28 06:24:13 + (Mon, 28 Nov 2016)
New Revision: 46613
Modified:
data/CVE/list
Log:
Add links to upstream Asterisk security advisories
Modified: data/CVE/list
===
--- data/CVE/list 2016-11-28
UTC (rev 46264)
+++ data/dla-needed.txt 2016-11-17 06:56:40 UTC (rev 46265)
@@ -69,6 +69,11 @@
linux
--
lynx-cur (Brian May)
+ NOTE: Version available for testing.
+ NOTE: See https://people.debian.org/~bam/debian/pool/main/l/lynx-cur/
+ NOTE: Waiting for upstream 2.8.9dev12 which should fix
@@
--
potrace
--
-python-django (Brian May)
---
sendmail
--
sudo (Balint Reczey)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
)
+++ data/dla-needed.txt 2016-11-14 06:53:10 UTC (rev 46175)
@@ -59,7 +59,7 @@
--
linux
--
-lynx-cur
+lynx-cur (Brian May)
--
ming
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org
45952)
+++ data/dla-needed.txt 2016-11-03 21:00:26 UTC (rev 45953)
@@ -90,7 +90,7 @@
NOTE: wait for upstream releasing more information about it. Shall
NOTE: we maybe remove this entry?
--
-python-django
+python-django (Brian May)
--
sendmail
)
+++ data/dla-needed.txt 2016-12-05 21:17:46 UTC (rev 46802)
@@ -92,7 +92,7 @@
--
php5 (Thorsten Alteholz)
--
-phpmyadmin
+phpmyadmin (Brian May)
--
potrace
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
===
--- data/dla-needed.txt 2016-12-22 06:02:49 UTC (rev 47321)
+++ data/dla-needed.txt 2016-12-22 06:28:23 UTC (rev 47322)
@@ -89,8 +89,6 @@
--
php5
--
-phpmyadmin (Brian May)
---
postgres-common
--
potrace
___
Secure-testing-commits mailing list
Secure
-needed.txt 2017-03-17 08:35:24 UTC (rev 49731)
+++ data/dla-needed.txt 2017-03-17 08:38:18 UTC (rev 49732)
@@ -19,11 +19,6 @@
NOTE: I suggest to wait for more important issues. CVE-2016-7837 has a rather
NOTE: low impact.
--
-calibre (Brian May)
- NOTE: We will need to investigate the issue
)
+++ data/dla-needed.txt 2017-04-03 07:24:28 UTC (rev 50274)
@@ -116,7 +116,12 @@
NOTE: issue is no-dsa in jessie but code is similar so uploading to s-p-u
might make sense
NOTE: to not diverge between Jessie and Wheezy
--
-web2py (Brian May)
+web2py
+ NOTE: Unclear if these bugs have been
/msg00046.html
--
-xbmc
- NOTE: under reserve, could not reproduce with 2:12.3+dfsg1-3ubuntu1, which
is newer than the Wheezy version
- NOTE: no mail to maintainer yet
+xbmc (Brian May)
+ NOTE: Reproduced: https://lists.debian.org/debian-lts/2017/04/msg00025.html
--
xen
Author: bam
Date: 2017-03-10 06:45:42 + (Fri, 10 Mar 2017)
New Revision: 49550
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Update libpodofo information
Modified: data/CVE/list
===
--- data/CVE/list 2017-03-10
+web2py (Brian May)
--
wget (Chris Lamb)
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
)
+++ data/dla-needed.txt 2017-03-07 06:21:34 UTC (rev 49471)
@@ -113,7 +113,7 @@
--
suricata (Chris Lamb)
--
-texlive-base
+texlive-base (Brian May)
--
tzdata (Emilio Pozuelo)
--
___
Secure-testing-commits mailing list
Secure-testing-commits
@@
--
suricata (Chris Lamb)
--
-texlive-base (Brian May)
---
tzdata (Emilio Pozuelo)
--
vim (James McCoy)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure
Author: bam
Date: 2017-03-06 06:56:51 + (Mon, 06 Mar 2017)
New Revision: 49428
Modified:
data/CVE/list
Log:
Add link to upstream BTS for web2py issues
Modified: data/CVE/list
===
--- data/CVE/list 2017-03-06 05:52:47
Author: bam
Date: 2017-03-03 06:43:04 + (Fri, 03 Mar 2017)
New Revision: 49383
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Add extra information concerning zoneminder
Modified: data/CVE/list
===
--- data/CVE/list
Author: bam
Date: 2017-03-08 06:08:08 + (Wed, 08 Mar 2017)
New Revision: 49499
Modified:
data/dla-needed.txt
Log:
Add link to report I made on mcollective
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-03-08
Author: bam
Date: 2017-05-12 07:19:46 + (Fri, 12 May 2017)
New Revision: 51565
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Update potrace information
CVE-2016-8686 was marked no-dsa for wheezy, so that comment in
dla-needed.txt is no longer applicable. However there is now
:19:46 UTC (rev 51565)
+++ data/dla-needed.txt 2017-05-12 07:19:52 UTC (rev 51566)
@@ -74,7 +74,10 @@
NOTE: upload the new version for Wheezy as well.
--
mysql-connector-python
- NOTE: Brian May is one of the maintainers
+ NOTE: No patch to apply. Upstream has released new upstream version
Author: bam
Date: 2017-05-11 07:01:10 + (Thu, 11 May 2017)
New Revision: 51525
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Mark binutils no-dsa for wheezy
These are minor issues only. See
https://lists.debian.org/debian-lts/2017/05/msg00031.html
Modified: data/CVE/list
Author: bam
Date: 2017-05-10 07:36:28 + (Wed, 10 May 2017)
New Revision: 51478
Modified:
data/dla-needed.txt
Log:
Add comment to binutils entry
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-05-10 07:31:49 UTC
Author: bam
Date: 2017-05-10 07:31:49 + (Wed, 10 May 2017)
New Revision: 51477
Modified:
data/dla-needed.txt
Log:
Add comment for eglibc
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-05-10 06:33:27 UTC (rev
-08 07:29:50 UTC (rev 51404)
@@ -116,7 +116,7 @@
--
wordpress (Chris Lamb)
--
-xbmc (Brian May)
+xbmc
NOTE: Reproduced: https://lists.debian.org/debian-lts/2017/04/msg00025.html
NOTE: no upstream fix, may require refactoring
--
___
Secure
Author: bam
Date: 2017-05-05 07:30:11 + (Fri, 05 May 2017)
New Revision: 51348
Modified:
data/CVE/list
Log:
Attempts to fix Heimdal in wheezy/Jessie unsuccessful
Modified: data/CVE/list
===
--- data/CVE/list 2017-05-05
-needed.txt 2017-05-05 07:30:11 UTC (rev 51348)
+++ data/dla-needed.txt 2017-05-05 07:31:27 UTC (rev 51349)
@@ -31,9 +31,6 @@
gnome-shell (Emilio Pozuelo)
NOTE: Emilio Pozuelo is one of the uploaders
--
-heimdal
- NOTE: Brian May is the maintainer
---
icu (Thorsten Alteholz)
--
jasper
com>
aurel32 = Aurelien Jarno <aure...@debian.org>
aw-guest = Arne Wichmann <a...@anhrefn.saar.de>
-bam = Brian May <br...@microcomaustralia.com.au>
+bam = Brian May <b...@debian.org>
baruch = Baruch Even <bar...@debian.org>
benh = Ben Hutchings <b...@debian.
56564)
+++ data/dla-needed.txt 2017-10-10 07:34:52 UTC (rev 56565)
@@ -39,8 +39,6 @@
--
golang
--
-graphicsmagick (Brian May)
---
imagemagick (Roberto C. Sánchez)
--
lame (Hugo Lefeuvre)
___
Secure-testing-commits mailing list
Secure-testing
Author: bam
Date: 2017-09-06 07:03:17 + (Wed, 06 Sep 2017)
New Revision: 55502
Modified:
data/CVE/list
Log:
Add links to upstream fixes
Modified: data/CVE/list
===
--- data/CVE/list 2017-09-06 06:57:12 UTC (rev 55501)
Author: bam
Date: 2017-09-06 07:29:13 + (Wed, 06 Sep 2017)
New Revision: 55503
Modified:
data/dla-needed.txt
Log:
Add note to simplesamlphp
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-09-06 07:03:17 UTC
55529)
+++ data/dla-needed.txt 2017-09-07 07:31:16 UTC (rev 55530)
@@ -61,7 +61,7 @@
NOTE: wheezy version. I cannot reproduce it, needs to find a way to check
NOTE: whether wheezy version is affected. (kanashiro)
--
-graphicsmagick
+graphicsmagick (Brian May)
--
imagemagick
-10-19 07:11:06 UTC (rev 56852)
@@ -30,8 +30,6 @@
--
golang
--
-graphicsmagick (Brian May)
---
icedove
NOTE: Guido Gunter has promised to handle this once a version is available
for sid.
--
___
Secure-testing-commits mailing list
Secure-testing
(rev 56850)
+++ data/dla-needed.txt 2017-10-19 07:10:59 UTC (rev 56851)
@@ -30,7 +30,7 @@
--
golang
--
-graphicsmagick
+graphicsmagick (Brian May)
--
icedove
NOTE: Guido Gunter has promised to handle this once a version is available
for sid
Author: bam
Date: 2017-11-06 04:39:52 + (Mon, 06 Nov 2017)
New Revision: 57356
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Mark pngcrush no-DSA
It is already no-DSA for Stretch and Jessie.
Modified: data/CVE/list
===
rcat
2017-10-24
+ NOTE: CVE-2017-9935: no upstream fix -- Brian May 2017-11-06
+ NOTE: CVE-2017-11613: no upstream fix, "not a bug" according to RH --
anarcat 2017-10-24
--
tiff3
NOTE: CVE-2017-9935: no upstream fix -- Brian May 2017-11-06
__
)
+++ data/dla-needed.txt 2017-11-10 06:42:22 UTC (rev 57519)
@@ -102,11 +102,11 @@
suricata
NOTE: 2017-10-27: At a quick glance, I can't see that this is vulnerable.
--lamby
--
-tiff
+tiff (Brian May)
NOTE: CVE-2017-9935: no upstream fix -- Brian May 2017-11-06
NOTE: CVE-2017-11613: no upstream
Brian May pushed to branch master at Debian Security Tracker / security-tracker
Commits:
75b6a50e by Brian May at 2018-01-08T17:55:27+11:00
Claim awstats
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla-needed.txt
Brian May pushed to branch master at Debian Security Tracker / security-tracker
Commits:
acd4972f by Brian May at 2018-01-09T07:53:20+11:00
Update wordpress information
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla-needed.txt
Brian May pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4258c7b5 by Brian May at 2018-01-09T08:08:35+11:00
Add details for poco
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla-needed.txt
Brian May pushed to branch master at Debian Security Tracker / security-tracker
Commits:
521680a4 by Brian May at 2018-01-16T07:33:12+11:00
Reserve DLA-1244-1 for ca-certificates
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes
Brian May pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0bba4034 by Brian May at 2018-01-15T07:53:45+11:00
Claim ca-certificates
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla-needed.txt
Brian May pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d1b0403d by Brian May at 2018-01-10T17:47:39+11:00
Replace with http link to email
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=
data/dla-needed.txt
Brian May pushed to branch master at Debian Security Tracker / security-tracker
Commits:
558f3663 by Brian May at 2018-01-10T16:55:38+11:00
Reserve DLA-1238-1 for awstats
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data
1 - 100 of 122 matches
Mail list logo