:06:06 UTC (rev 33255)
+++ data/dla-needed.txt 2015-03-30 17:08:18 UTC (rev 33256)
@@ -7,7 +7,9 @@
To pick an issue, simply add your name behind it.
--
-checkpw
+checkpw (Markus Koschany)
+https://lists.debian.org/debian-lts/2015/03/msg00093.html
+Debdiff and fix available. Needs review
Author: apo-guest
Date: 2015-03-30 17:16:00 + (Mon, 30 Mar 2015)
New Revision: 33258
Modified:
data/dla-needed.txt
Log:
Grooming. Remove trailing whitespace in dla-needed.txt
Modified: data/dla-needed.txt
===
---
-03-30 17:08:18 UTC (rev 33256)
+++ data/dla-needed.txt 2015-03-30 17:11:47 UTC (rev 33257)
@@ -11,7 +11,11 @@
https://lists.debian.org/debian-lts/2015/03/msg00093.html
Debdiff and fix available. Needs review and sponsor.
--
-commons-httpclient
+commons-httpclient (Markus Koschany
Author: apo-guest
Date: 2015-03-30 17:06:06 + (Mon, 30 Mar 2015)
New Revision: 33255
Modified:
data/dla-needed.txt
Log:
Remove libspring-2.5-java entry because the last CVE was misassigned to that
package
Modified: data/dla-needed.txt
-needed.txt 2015-05-14 09:11:01 UTC (rev 34269)
+++ data/dla-needed.txt 2015-05-14 10:18:56 UTC (rev 34270)
@@ -8,10 +8,10 @@
--
commons-httpclient (Markus Koschany)
-https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758086#50
-Debdiff and patch for Jessie and Sid available. Debian Java
Author: apo-guest
Date: 2015-05-31 11:38:06 + (Sun, 31 May 2015)
New Revision: 34606
Modified:
data/embedded-code-copies
Log:
embedded-code-copies: Spring does not embed oscpack anymore
Modified: data/embedded-code-copies
-needed.txt 2015-05-30 10:21:21 UTC (rev 34593)
+++ data/dla-needed.txt 2015-05-30 13:44:10 UTC (rev 34594)
@@ -24,9 +24,10 @@
--
jqueryui (Holger Levsen)
--
-libapache-mod-jk
- Markus Koschany will take care of it
- http://lists.debian.org/5564ab86.3000...@gambaru.de
+libapache-mod-jk (Markus
2016-06-02 20:27:47 UTC (rev 42275)
+++ data/dla-needed.txt 2016-06-02 20:58:37 UTC (rev 42276)
@@ -45,9 +45,10 @@
--
libxslt (Emilio Pozuelo)
--
-libxstream-java (jmm)
+libxstream-java (Markus Koschany)
Emmanuel Bourg proposed debdiff for both wheezy- and jessie-security
waiting
.2016.txt 2016-06-06 21:31:13 UTC (rev 42364)
+++ org/lts-frontdesk.2016.txt 2016-06-07 03:27:02 UTC (rev 42365)
@@ -37,29 +37,29 @@
From 13-06 to 19-06:Markus Koschany <a...@debian.org>
From 20-06 to 26-06:Thorsten Alteholz <alteh...@debian.org>
From 27-06 to 03-07:Chris Lamb
===
--- data/dla-needed.txt 2016-06-06 05:43:42 UTC (rev 42342)
+++ data/dla-needed.txt 2016-06-06 09:06:21 UTC (rev 42343)
@@ -46,11 +46,6 @@
--
libxslt (Emilio Pozuelo)
--
-libxstream-java (Markus Koschany)
- Emmanuel Bourg proposed
-8379 No official solution is currently available, 20160425
--
-expat (Markus Koschany)
---
extplorer
NOTE: 20160529, no fix yet
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http
/dla-needed.txt 2016-06-08 09:10:11 UTC (rev 42396)
+++ data/dla-needed.txt 2016-06-08 09:30:42 UTC (rev 42397)
@@ -32,8 +32,6 @@
--
libjackson-json-java
--
-libpdfbox-java (Markus Koschany)
---
libspring-java
The JSON/JaF doesn't appear to be present in wheezy but the
content-disposition
-08 09:30:42 UTC (rev 42397)
+++ data/dla-needed.txt 2016-06-08 09:42:28 UTC (rev 42398)
@@ -36,7 +36,7 @@
The JSON/JaF doesn't appear to be present in wheezy but the
content-disposition stuff might be.
--
-libtorrent-rasterbar
+libtorrent-rasterbar (Markus Koschany)
--
libxslt (Emilio
UTC (rev 42347)
+++ data/dla-needed.txt 2016-06-06 11:44:26 UTC (rev 42348)
@@ -20,7 +20,7 @@
--
dhcpcd5 (Ola Lundqvist)
--
-expat
+expat (Markus Koschany)
--
extplorer
NOTE: 20160529, no fix yet
___
Secure-testing-commits mailing list
Secure
)
@@ -36,8 +36,6 @@
--
libjackson-json-java
--
-libpdfbox-java (Markus Koschany)
---
libspring-java
The JSON/JaF doesn't appear to be present in wheezy but the
content-disposition stuff might be.
___
Secure-testing-commits mailing list
Secure
if other issues apply too.
- NOTE: One maintainer suggests to update to the stable 1.0.x branch
- NOTE: https://lists.debian.org/debian-lts/2016/05/msg00016.html
+roundcube (Markus Koschany)
--
ruby-actionpack-3.2 (Guido Günther)
--
___
Secure-testing
Author: apo
Date: 2016-06-10 17:42:03 + (Fri, 10 Jun 2016)
New Revision: 42444
Modified:
data/CVE/list
Log:
Mark CVE-2015-2180 roundcube, wheezy as not affected
The dbmail driver does not exist in this version.
Modified: data/CVE/list
Author: apo
Date: 2016-06-10 19:17:31 + (Fri, 10 Jun 2016)
New Revision: 42446
Modified:
data/CVE/list
Log:
Mark CVE-2016-4096 roundcube, wheezy as not affected
program/lib/Roundcube/rcube_washtml.php is called lib/washtml.php in this
version but the function is_link_attribute does not
Author: apo
Date: 2016-06-10 17:44:24 + (Fri, 10 Jun 2016)
New Revision: 42445
Modified:
data/CVE/list
Log:
Mark CVE-2015-2181 roundcube, wheezy as not affected
variable and file not present
Modified: data/CVE/list
===
---
Author: apo
Date: 2016-06-10 19:20:13 + (Fri, 10 Jun 2016)
New Revision: 42447
Modified:
data/CVE/list
Log:
Revert last commit. Roundcube, wheezy is not affected by CVE-2016-5103
Modified: data/CVE/list
===
---
)
@@ -40,8 +40,6 @@
--
libstruts1.2-java
--
-libtorrent-rasterbar (Markus Koschany)
---
libxslt (Emilio Pozuelo)
--
linux
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin
:56 UTC (rev 42020)
+++ data/dla-needed.txt 2016-05-25 18:23:50 UTC (rev 42021)
@@ -11,7 +11,7 @@
--
asterisk (Thorsten Alteholz)
--
-bozohttpd
+bozohttpd (Markus Koschany)
--
cacti
NOTE: CVE-2016-3659 doesn't have a fix yet, 20160425
___
Secure
Author: apo
Date: 2016-05-25 18:25:21 + (Wed, 25 May 2016)
New Revision: 42022
Modified:
data/CVE/list
Log:
Add link to fix for CVE-2014-5015
Modified: data/CVE/list
===
--- data/CVE/list 2016-05-25 18:23:50 UTC (rev
Author: apo
Date: 2016-05-25 18:26:57 + (Wed, 25 May 2016)
New Revision: 42023
Modified:
data/CVE/list
Log:
Add link to fix for CVE-2015-8212
Modified: data/CVE/list
===
--- data/CVE/list 2016-05-25 18:25:21 UTC (rev
42030)
@@ -11,8 +11,6 @@
--
asterisk (Thorsten Alteholz)
--
-bozohttpd (Markus Koschany)
---
cacti
NOTE: CVE-2016-3659 doesn't have a fix yet, 20160425
NOTE: Maintainer wants to review changes; see
https://lists.debian.org/<5724f47d.6090...@debian.
Author: apo
Date: 2016-05-26 04:09:53 + (Thu, 26 May 2016)
New Revision: 42031
Modified:
data/CVE/list
Log:
Remove no-dsa wheezy entry from CVE-2014-5015
Modified: data/CVE/list
===
--- data/CVE/list 2016-05-26
Author: apo
Date: 2016-05-26 04:38:15 + (Thu, 26 May 2016)
New Revision: 42032
Modified:
doc/DLA.template
Log:
Update DLA.template
Modified: doc/DLA.template
===
--- doc/DLA.template2016-05-26 04:09:53 UTC (rev 42031)
:10:09 UTC (rev 42245)
+++ data/dla-needed.txt 2016-06-02 09:26:24 UTC (rev 42246)
@@ -32,7 +32,7 @@
--
libjackson-json-java
--
-libpdfbox-java
+libpdfbox-java (Markus Koschany)
--
libspring-java
The JSON/JaF doesn't appear to be present in wheezy
Author: apo
Date: 2016-06-02 08:19:18 + (Thu, 02 Jun 2016)
New Revision: 42244
Modified:
data/CVE/list
Log:
CVE-2016-5118: Add link to upstream's reproducer and patch
Modified: data/CVE/list
===
--- data/CVE/list
Author: apo
Date: 2016-06-02 05:59:33 + (Thu, 02 Jun 2016)
New Revision: 42234
Modified:
data/DLA/list
Log:
Reserve DLA-501-1 for gdk-pixbuf
Modified: data/DLA/list
===
--- data/DLA/list 2016-06-02 05:11:25 UTC (rev
@@
NOTE: .debdiff sent to the Security Team, waiting for feedback
NOTE: asked about jessie status (seb)
--
-graphicsmagick (Markus Koschany)
---
icu (Roberto C. Sánchez)
NOTE: check comments on CVE-2016-0494 as well
--
___
Secure-testing
Author: apo
Date: 2016-06-02 06:21:58 + (Thu, 02 Jun 2016)
New Revision: 42239
Modified:
data/DLA/list
Log:
Mark CVE-2015-7552 as not fixed in DLA-450-1
Modified: data/DLA/list
===
--- data/DLA/list 2016-06-02 06:18:19
:53:48 UTC (rev 42158)
+++ data/dla-needed.txt 2016-05-30 17:54:09 UTC (rev 42159)
@@ -25,6 +25,8 @@
NOTE: .debdiff sent to the Security Team, waiting for feedback
NOTE: asked about jessie status (seb)
--
+graphicsmagick (Markus Koschany)
+--
icu (Roberto C. Sánchez)
NOTE: check comments
Author: apo
Date: 2016-05-30 17:56:23 + (Mon, 30 May 2016)
New Revision: 42162
Modified:
data/CVE/list
Log:
Add link to fix for CVE-2016-5118
Modified: data/CVE/list
===
--- data/CVE/list 2016-05-30 17:55:33 UTC (rev
: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-06-22 17:42:19 UTC (rev 42698)
+++ data/dla-needed.txt 2016-06-22 18:48:00 UTC (rev 42699)
@@ -35,6 +35,8 @@
--
libarchive (Markus Koschany)
--
+libcommons-fileupload-java
Author: apo
Date: 2016-06-22 18:49:59 + (Wed, 22 Jun 2016)
New Revision: 42700
Modified:
data/CVE/list
Log:
CVE-2016-3092: Add links to fix and upstream advisory
Modified: data/CVE/list
===
--- data/CVE/list
Author: apo
Date: 2016-06-22 19:03:24 + (Wed, 22 Jun 2016)
New Revision: 42701
Modified:
data/CVE/list
Log:
CVE-2016-1621: libvpx in Wheezy is not affected
vulnerable code is not present because webm module not yet included
Modified: data/CVE/list
Author: apo
Date: 2016-06-22 22:37:51 + (Wed, 22 Jun 2016)
New Revision: 42709
Modified:
data/CVE/list
Log:
CVE-2016-4487: Mark vulnerability as no-dsa for Wheezy.
Modified: data/CVE/list
===
--- data/CVE/list
Author: apo
Date: 2016-06-22 22:32:29 + (Wed, 22 Jun 2016)
New Revision: 42708
Modified:
data/CVE/list
Log:
CVE-2016-4488: Mark vulnerability as no-dsa for Wheezy
Modified: data/CVE/list
===
--- data/CVE/list
Author: apo
Date: 2016-06-22 22:41:34 + (Wed, 22 Jun 2016)
New Revision: 42710
Modified:
data/CVE/list
Log:
CVE-2016-2226: Mark vulnerability as no-dsa for Wheezy
Modified: data/CVE/list
===
--- data/CVE/list
Author: apo
Date: 2016-06-22 22:28:15 + (Wed, 22 Jun 2016)
New Revision: 42706
Modified:
data/CVE/list
Log:
CVE-2016-4490: Mark vulnerability as no-dsa for Wheezy
Modified: data/CVE/list
===
--- data/CVE/list
Author: apo
Date: 2016-06-22 22:25:58 + (Wed, 22 Jun 2016)
New Revision: 42705
Modified:
data/CVE/list
Log:
CVE-2016-4491: Mark vulnerability as no-dsa for Wheezy
Modified: data/CVE/list
===
--- data/CVE/list
Author: apo
Date: 2016-06-22 22:30:16 + (Wed, 22 Jun 2016)
New Revision: 42707
Modified:
data/CVE/list
Log:
CVE-2016-4489: Mark vulnerability as no-dsa for Wheezy
Modified: data/CVE/list
===
--- data/CVE/list
Author: apo
Date: 2016-06-23 13:43:35 + (Thu, 23 Jun 2016)
New Revision: 42741
Modified:
data/dla-needed.txt
Log:
Add pidgin to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-06-23 08:21:22 UTC
Author: apo
Date: 2016-06-22 20:03:27 + (Wed, 22 Jun 2016)
New Revision: 42703
Modified:
data/CVE/list
Log:
CVE-2016-4492: Mark vulnerability in Wheezy as no-dsa
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-22
Author: apo
Date: 2016-06-22 19:37:58 + (Wed, 22 Jun 2016)
New Revision: 42702
Modified:
data/CVE/list
Log:
CVE-2016-4493: Mark vulnerability as no-dsa for Wheezy
Modified: data/CVE/list
===
--- data/CVE/list
Author: apo
Date: 2016-06-20 12:03:40 + (Mon, 20 Jun 2016)
New Revision: 42650
Modified:
data/CVE/list
Log:
CVE-2016-4970: wheezy is not affected. Same version as in Jessie.
Modified: data/CVE/list
===
--- data/CVE/list
Author: apo
Date: 2016-06-20 11:29:20 + (Mon, 20 Jun 2016)
New Revision: 42647
Modified:
data/dla-needed.txt
Log:
Add clamav to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-06-20 04:51:03 UTC
-06-20 17:39:07 UTC (rev 42656)
+++ data/dla-needed.txt 2016-06-20 17:42:36 UTC (rev 42657)
@@ -43,7 +43,7 @@
--
mat
--
-mysql-connector-java
+mysql-connector-java (Markus Koschany)
--
nss
NOTE: Not 100% this applies to wheezy yet; can't find the changeset and the
diff between NSS 3.22
Author: apo
Date: 2016-06-23 17:25:42 + (Thu, 23 Jun 2016)
New Revision: 42755
Modified:
data/dla-needed.txt
Log:
Add phpmyadmin to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-06-23 16:59:44
:13:20 UTC (rev 38999)
+++ data/dla-needed.txt 2016-01-18 17:19:22 UTC (rev 39000)
@@ -44,7 +44,7 @@
pound
NOTE: updating to the wheezy option might be less error prone
--
-radicale
+radicale (Markus Koschany)
--
tiff
--
___
Secure-testing-commits
+51,6 @@
--
mat
--
-mysql-connector-java (Markus Koschany)
---
nss (Emilio Pozuelo)
NOTE: Not 100% this applies to wheezy yet; can't find the changeset and the
diff between NSS 3.22 and 3.23 is very large.
--
___
Secure-testing-commits mailing list
Author: apo
Date: 2016-06-26 18:00:14 + (Sun, 26 Jun 2016)
New Revision: 42806
Modified:
data/CVE/list
Log:
CVE-2016-3092: Tomcat 6 is not affected
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-26 14:01:44
===
--- data/dla-needed.txt 2016-06-26 18:00:14 UTC (rev 42806)
+++ data/dla-needed.txt 2016-06-26 18:01:41 UTC (rev 42807)
@@ -103,8 +103,6 @@
--
tiff3
--
-tomcat6 (Markus Koschany)
---
tomcat7 (Markus Koschany)
--
wget (Thorsten Alteholz)
___
Secure
)
@@ -101,8 +101,6 @@
--
tiff3
--
-tomcat7 (Markus Koschany)
---
wget (Thorsten Alteholz)
--
wireshark (Balint Reczey)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman
42808)
@@ -36,8 +36,6 @@
--
libarchive (Markus Koschany)
--
-libcommons-fileupload-java (Markus Koschany)
---
libgd2 (Thorsten Alteholz)
--
libjackson-json-java
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
Author: apo
Date: 2016-06-26 19:22:55 + (Sun, 26 Jun 2016)
New Revision: 42810
Modified:
data/DLA/list
Log:
Reserve DLA-530-1 for java-common
Modified: data/DLA/list
===
--- data/DLA/list 2016-06-26 18:05:39 UTC (rev
)
--
-openjdk-6 (Markus Koschany)
---
php5 (Thorsten Alteholz)
NOTE: next upload end of December
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure
Author: apo-guest
Date: 2016-02-09 13:07:20 + (Tue, 09 Feb 2016)
New Revision: 39559
Modified:
data/CVE/list
Log:
CVE-2014-3566 is fixed in wheezy for lighttpd 1.4.31-4+deb7u3
Modified: data/CVE/list
===
--- data/CVE/list
UTC (rev 39805)
+++ data/dla-needed.txt 2016-02-22 12:54:25 UTC (rev 39806)
@@ -9,7 +9,7 @@
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
-bsh
+bsh (Markus Koschany)
--
cacti
NOTE: Issue being disputed, check
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814353
Author: apo-guest
Date: 2016-02-26 19:59:55 + (Fri, 26 Feb 2016)
New Revision: 39959
Modified:
data/CVE/list
Log:
CVE-2015-5346 Remove fixed version for Tomcat 6
Modified: data/CVE/list
===
--- data/CVE/list 2016-02-26
Author: apo-guest
Date: 2016-02-28 13:51:43 + (Sun, 28 Feb 2016)
New Revision: 40004
Modified:
data/CVE/list
Log:
Mark CVE-2015-5351 as fixed since 6.0.45-1~deb6u1
The upstream advisory makes no reference about the 6.x series but looking at
the code reveals that this issue was also fixed
:18 UTC (rev 40017)
+++ data/dla-needed.txt 2016-02-28 18:26:38 UTC (rev 40018)
@@ -58,7 +58,7 @@
--
xymon (Chris Lamb)
--
-pcre3
+pcre3 (Markus Koschany)
--
policykit-1
--
___
Secure-testing-commits mailing list
Secure-testing-commits
@@
--
openssl
--
-pcre3 (Markus Koschany)
---
php5 (Thorsten Alteholz)
NOTE: next upload end of December
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure
/Development#Triage_new_security_issues
--
-bsh (Markus Koschany)
---
cacti
NOTE: Issue being disputed, check
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814353#10
--
___
Secure-testing-commits mailing list
Secure-testing-commits
:51:31 UTC (rev 39952)
+++ data/dla-needed.txt 2016-02-26 14:25:29 UTC (rev 39953)
@@ -62,7 +62,7 @@
--
xymon (Chris Lamb)
--
-tomcat6
+tomcat6 (Markus Koschany)
--
pcre3
--
___
Secure-testing-commits mailing list
Secure-testing-commits
(Markus Koschany)
---
pcre3
--
policykit-1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
Author: apo-guest
Date: 2016-02-27 18:45:30 + (Sat, 27 Feb 2016)
New Revision: 39993
Modified:
data/DLA/list
Log:
Reserve only DLA-435-1
Modified: data/DLA/list
===
--- data/DLA/list 2016-02-27 18:43:06 UTC (rev 39992)
Author: apo-guest
Date: 2016-02-26 19:39:16 + (Fri, 26 Feb 2016)
New Revision: 39958
Modified:
data/CVE/list
Log:
Triage CVE-2015-5346. Mark as minor issue and no-dsa for Tomcat 6
Modified: data/CVE/list
===
--- data/CVE/list
@@
php5 (Thorsten Alteholz)
NOTE: next upload end of December
--
-radicale (Markus Koschany)
---
tiff
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo
Author: apo-guest
Date: 2016-01-26 19:36:57 + (Tue, 26 Jan 2016)
New Revision: 39210
Modified:
data/DLA/list
Log:
Fix version number of DLA-403
Modified: data/DLA/list
===
--- data/DLA/list 2016-01-26 19:27:36 UTC (rev
:10:13 UTC (rev 39637)
+++ data/dla-needed.txt 2016-02-12 22:53:41 UTC (rev 39638)
@@ -51,5 +51,5 @@
--
xymon (Chris Lamb)
--
-wordpress
+wordpress (Markus Koschany)
--
___
Secure-testing-commits mailing list
Secure-testing-commits
+64,3 @@
--
xymon (Chris Lamb)
--
-wordpress (Markus Koschany)
---
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
-18 08:16:31 UTC (rev 39754)
+++ data/dla-needed.txt 2016-02-18 13:35:42 UTC (rev 39755)
@@ -60,7 +60,7 @@
php5 (Thorsten Alteholz)
NOTE: next upload end of December
--
-python-imaging
+python-imaging (Markus Koschany)
--
tiff
--
___
Secure
@@
php5 (Thorsten Alteholz)
NOTE: next upload end of December
--
-python-imaging (Markus Koschany)
---
tiff
--
xymon (Chris Lamb)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http
Author: apo-guest
Date: 2016-02-21 13:53:06 + (Sun, 21 Feb 2016)
New Revision: 39796
Modified:
data/CVE/list
Log:
Mark pillow, python-imaging prior version 2.7 as not-affected
Modified: data/CVE/list
===
--- data/CVE/list
-From 11-04 to 17-04:
+From 11-04 to 17-04:Markus Koschany <a...@debian.org>
From 18-04 to 24-04:
From 25-04 to 01-05:
From 02-05 to 08-05:
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.
:05:20 UTC (rev 39395)
+++ data/dla-needed.txt 2016-02-01 18:11:07 UTC (rev 39396)
@@ -63,7 +63,7 @@
ntp
NOTE: maybe maintainer wants to upload package (as done before)
--
-openjdk-6
+openjdk-6 (Markus Koschany)
--
openssh (Guido Günther
:10:24 UTC (rev 40450)
+++ data/dsa-needed.txt 2016-03-18 14:43:53 UTC (rev 40451)
@@ -78,7 +78,7 @@
--
tomcat6 (Markus Koschany)
--
-tomcat7
+tomcat7 (Markus Koschany)
--
tomcat8
--
___
Secure-testing-commits mailing list
Secure-testing-commits
:11 UTC (rev 40507)
+++ data/dsa-needed.txt 2016-03-21 22:31:30 UTC (rev 40508)
@@ -35,6 +35,8 @@
no-dsa bugs CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716
should be fixed along
--
+imlib2 (Markus Koschany)
+--
inspircd/oldstable (Thorsten Alteholz)
NOTE: .debdiff sent
-03-24 16:33:35 UTC (rev 40560)
+++ data/dsa-needed.txt 2016-03-24 17:02:13 UTC (rev 40561)
@@ -41,6 +41,7 @@
NOTE: debdiff sent to the Security Team on 2016-03-21
--
libebml (Markus Koschany)
+ NOTE: debdiff sent to the Security Team on 2016-03-24
--
libidn
Working debdiff for wheezy
:10:14 UTC (rev 40528)
+++ data/dsa-needed.txt 2016-03-23 00:06:25 UTC (rev 40529)
@@ -42,6 +42,8 @@
NOTE: OK Thorsten's upload (seb)
NOTE: .debdiff sent to the Security Team, waiting for feedback
--
+libebml (Markus Koschany)
+--
libidn
Working debdiff for wheezy-security at
https
===
--- data/dsa-needed.txt 2016-03-01 12:37:25 UTC (rev 40086)
+++ data/dsa-needed.txt 2016-03-01 12:51:17 UTC (rev 40087)
@@ -76,7 +76,7 @@
--
tiff3
--
-tomcat6
+tomcat6 (Markus Koschany)
--
tomcat7
:13 UTC (rev 40633)
+++ data/dsa-needed.txt 2016-03-29 18:03:48 UTC (rev 40634)
@@ -87,6 +87,8 @@
--
squid/oldstable
--
+srtp (Markus Koschany)
+--
tardiff
fw asked maintainer for preparing debdiffs for wheezy- and jessie-security
--
___
Secure
:31:30 UTC (rev 40508)
+++ data/dsa-needed.txt 2016-03-22 00:06:38 UTC (rev 40509)
@@ -74,6 +74,8 @@
redmine/stable
Updates proposed by terceiro, check debdiff
--
+roundcube/oldstable (Markus Koschany)
+--
smarty3/oldstable
NOTE: https://lists.debian.org/debian-lts/2016/03/msg0.html
:13 UTC (rev 41219)
+++ data/dla-needed.txt 2016-04-26 21:19:20 UTC (rev 41220)
@@ -62,7 +62,7 @@
NOTE: maintainer wants to upload package (as done before)
NOTE: <20160213161710.ga9...@roeckx.be>
--
-openjdk-7
+openjdk-7 (Markus Koschany)
--
o
10:46:52 UTC (rev 41201)
+++ data/dla-needed.txt 2016-04-26 11:20:33 UTC (rev 41202)
@@ -78,6 +78,8 @@
samba
Samba maintainers are preparing updates for regressions
--
+smarty3 (Markus Koschany)
+--
squid
--
tardiff
___
Secure-testing-commits
<ch...@chris-lamb.co.uk>
-From 13-06 to 19-06:
+From 13-06 to 19-06:Markus Koschany <a...@debian.org>
From 20-06 to 26-06:Thorsten Alteholz <alteh...@debian.org>
From 27-06 to 03-07:
From 04-07 to 10-07:Chris Lamb <ch...@chris-lamb.co.uk>
__
Author: apo
Date: 2016-04-26 10:46:52 + (Tue, 26 Apr 2016)
New Revision: 41201
Modified:
data/CVE/list
Log:
Add CVE-2016-2849/botan1.10
Modified: data/CVE/list
===
--- data/CVE/list 2016-04-26 09:58:11 UTC (rev 41200)
(rev 41305)
+++ data/dla-needed.txt 2016-04-30 09:33:56 UTC (rev 41306)
@@ -11,8 +11,6 @@
--
asterisk (Thorsten Alteholz)
--
-botan1.10 (Markus Koschany)
---
cacti
NOTE: CVE-2016-3659 doesn't have a fix yet, 20160425
--
___
Secure-testing-commits
41316)
+++ data/dla-needed.txt 2016-04-30 17:40:59 UTC (rev 41317)
@@ -19,8 +19,6 @@
--
extplorer (Thorsten Alteholz)
--
-gdk-pixbuf (Markus Koschany)
---
gosa (Mike Gabriel)
NOTE: .debdiff sent to the Security Team, waiting for feedback
NOTE: asked about jessie status (seb
-04-28 16:04:31 UTC (rev 41258)
+++ data/dla-needed.txt 2016-04-28 17:00:29 UTC (rev 41259)
@@ -21,6 +21,8 @@
--
extplorer (Thorsten Alteholz)
--
+gdk-pixbuf (Markus Koschany)
+--
gosa (Mike Gabriel)
NOTE: .debdiff sent to the Security Team, waiting for feedback
NOTE: asked about jessie
Author: apo
Date: 2016-05-21 16:32:55 + (Sat, 21 May 2016)
New Revision: 41929
Modified:
data/CVE/list
Log:
CVE-2016-2317: Add more links to patches.
Modified: data/CVE/list
===
--- data/CVE/list 2016-05-21 14:22:04
(rev 41930)
+++ data/dla-needed.txt 2016-05-21 18:08:56 UTC (rev 41931)
@@ -31,8 +31,6 @@
NOTE: .debdiff sent to the Security Team, waiting for feedback
NOTE: asked about jessie status (seb)
--
-graphicsmagick (Markus Koschany)
---
icu (Roberto C. Sánchez)
NOTE: check comments on CVE-2016
Author: apo
Date: 2016-05-21 16:35:00 + (Sat, 21 May 2016)
New Revision: 41930
Modified:
data/CVE/list
Log:
CVE-2016-2318: Add link to patch
Modified: data/CVE/list
===
--- data/CVE/list 2016-05-21 16:32:55 UTC (rev
Author: apo
Date: 2016-05-20 21:03:37 + (Fri, 20 May 2016)
New Revision: 41918
Modified:
data/CVE/list
Log:
Add FIX for CVE-2016-2317
Modified: data/CVE/list
===
--- data/CVE/list 2016-05-20 20:31:52 UTC (rev 41917)
.)
--
-expat (Markus Koschany)
---
extplorer (Thorsten Alteholz)
NOTE: package for testing uploaded
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo
Author: apo
Date: 2016-05-19 19:37:39 + (Thu, 19 May 2016)
New Revision: 41896
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Mark sogo as unsupported in Wheezy LTS.
Modified: data/CVE/list
===
--- data/CVE/list
@@
--
libtasn1-3 (Thorsten Alteholz)
--
-libuser (Markus Koschany)
- NOTE: More information and fixing commit in https://bugs.debian.org/793465
---
libxml2
NOTE: 20160226, no fix available yet
--
___
Secure-testing-commits mailing list
Secure
Author: apo
Date: 2016-05-17 19:36:58 + (Tue, 17 May 2016)
New Revision: 41816
Modified:
data/CVE/list
Log:
Mark xymon CVE-2016-2057 as not-affected
Modified: data/CVE/list
===
--- data/CVE/list 2016-05-17 19:21:36 UTC
1 - 100 of 799 matches
Mail list logo