UTC (rev 49740)
+++ data/dla-needed.txt 2017-03-17 13:05:09 UTC (rev 49741)
@@ -53,6 +53,8 @@
NOTE: No known solution as of 2017-01-16.
NOTE: Pinged on 2017-02-06
https://github.com/libical/libical/issues/253#issuecomment-277580552 (lamby)
--
+libplist (Markus Koschany)
+--
libpodofo
(rev 49780)
+++ data/dla-needed.txt 2017-03-18 21:22:47 UTC (rev 49781)
@@ -88,7 +88,7 @@
--
partclone
--
-php5
+php5 (Markus Koschany)
NOTE: only one issue at the time of writing (CVE-2016-7478)
NOTE: backported patch available, but maybe wait for more issues?
NOTE: -- 2017-02-20
-18 21:22:47 UTC (rev 49781)
+++ data/dla-needed.txt 2017-03-18 21:25:53 UTC (rev 49782)
@@ -56,6 +56,8 @@
NOTE: Pinged on 2017-02-06
https://github.com/libical/libical/issues/253#issuecomment-277580552 (lamby)
--
libplist (Markus Koschany)
+ NOTE: Fixed CVE-2017-6435, CVE-2017-6436. CVE-2017
Author: apo
Date: 2017-03-20 14:43:59 + (Mon, 20 Mar 2017)
New Revision: 49850
Modified:
data/CVE/list
Log:
CVE-2015-8994,php5: Wheezy is not affected
The OPcache feature was introduced in php5 >= 5.5. The vulnerable code is not
present in Wheezy.
Modified: data/CVE/list
===
21:18:58 UTC (rev 50007)
@@ -52,12 +52,6 @@
NOTE: No known solution as of 2017-01-16.
NOTE: Pinged on 2017-02-06
https://github.com/libical/libical/issues/253#issuecomment-277580552 (lamby)
--
-libplist (Markus Koschany)
- NOTE: Fixed CVE-2017-6435, CVE-2017-6436. CVE-2017-6439 is probably
Author: apo
Date: 2017-03-24 21:40:11 + (Fri, 24 Mar 2017)
New Revision: 50011
Modified:
data/CVE/list
Log:
Revert 50009 because update for libplist was just uploaded
An update for libplist was already prepared for Wheezy. I also think that we
should not mark the other CVEs as no-dsa until
Author: apo
Date: 2017-03-24 22:19:40 + (Fri, 24 Mar 2017)
New Revision: 50015
Modified:
data/dla-needed.txt
Log:
Add libplist to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-03-24 22:02:17 UT
(rev 50016)
+++ data/dla-needed.txt 2017-03-24 22:57:18 UTC (rev 50017)
@@ -138,7 +138,7 @@
--
xen
--
-xrdp
+xrdp (Markus Koschany)
--
zoneminder
NOTE: Sql injection and session fixation vulerability fixes:
___
Secure-testing-commits mailing
Author: apo
Date: 2017-03-25 10:55:19 + (Sat, 25 Mar 2017)
New Revision: 50049
Modified:
data/dla-needed.txt
Log:
Add ca-certificates to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-03-25 09:3
] - python3.2 3.2.3-7+deb7u1
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-03-27 06:54:29 UTC (rev 50082)
+++ data/dla-needed.txt 2017-03-27 07:34:50 UTC (rev 50083)
@@ -149,8 +149,6 @@
--
xen
--
-xrdp (Markus
@@
--
partclone
--
-php5 (Markus Koschany)
- NOTE: only one issue at the time of writing (CVE-2016-7478)
- NOTE: backported patch available, but maybe wait for more issues?
- NOTE: -- 2017-02-20 Antoine Beaupre
---
potrace (Hugo Lefeuvre)
NOTE: Try to reproduce CVE-2016-8685/cherry pick the patch
UTC (rev 50167)
+++ data/dla-needed.txt 2017-03-29 09:38:02 UTC (rev 50168)
@@ -68,7 +68,7 @@
--
linux
--
-logback
+logback (Markus Koschany)
--
mcollective
NOTE: See https://lists.debian.org/debian-lts/2017/03/msg8.html
___
Secure-testing
Author: apo
Date: 2017-03-29 09:37:32 + (Wed, 29 Mar 2017)
New Revision: 50167
Modified:
data/CVE/list
Log:
CVE-2017-5929,logback: Probably unfixed, waiting for more information
Modified: data/CVE/list
===
--- data/CVE/list
:19:49 UTC (rev 50349)
+++ data/dla-needed.txt 2017-04-04 18:52:27 UTC (rev 50350)
@@ -13,7 +13,7 @@
apng2gif
NOTE: 24031017: No upstream patch available yet. Have pinged bug#.
--
-bouncycastle
+bouncycastle (Markus Koschany)
--
ca-certificates
NOTE: maintainer will handle the upload, see
-07 21:42:15 UTC (rev 50454)
@@ -71,8 +71,6 @@
--
linux
--
-logback (Markus Koschany)
---
mcollective
NOTE: See https://lists.debian.org/debian-lts/2017/03/msg8.html
--
___
Secure-testing-commits mailing list
Secure-testing-commits
Author: apo
Date: 2017-04-08 14:10:53 + (Sat, 08 Apr 2017)
New Revision: 50470
Modified:
data/CVE/list
data/dla-needed.txt
Log:
CVE-2016-10169,wavpack: Mark as no-dsa for Wheezy
According to upstream two of the three fixes only apply to versions since 4.80.
https://github.com/dbry/WavPa
: https://sourceforge.net/p/podofo/mailman/message/35692197/
+libpodofo (Markus Koschany)
--
libreoffice (Emilio Pozuelo)
NOTE: Rene (maintainer) is working on the patch since the proposed one seems
to be incomplete
___
Secure-testing-commits mailing
NOTE: 24031017: No upstream patch available yet. Have pinged bug#.
--
-bouncycastle (Markus Koschany)
---
ca-certificates
NOTE: maintainer will handle the upload, see
https://lists.debian.org/1acb8e97-8c9f-8b54-348c-0c12f53a8...@pbandjelly.org
Author: apo
Date: 2017-04-10 19:36:12 + (Mon, 10 Apr 2017)
New Revision: 50547
Modified:
data/CVE/list
Log:
CVE-2017-7614,binutils: Minor issue no-dsa for Wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2017-04-10
Author: apo
Date: 2017-04-10 20:20:14 + (Mon, 10 Apr 2017)
New Revision: 50551
Modified:
data/dla-needed.txt
Log:
Add tiff and tiff3 to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-04-10 19:58
UTC (rev 50573)
+++ data/dla-needed.txt 2017-04-11 14:08:38 UTC (rev 50574)
@@ -116,6 +116,8 @@
--
tiff3
--
+tomcat7 (Markus Koschany)
+--
web2py
NOTE: Unclear if these bugs have been fixed or when.
NOTE: No response to upstream bug report
Author: apo
Date: 2017-04-14 21:05:21 + (Fri, 14 Apr 2017)
New Revision: 50678
Modified:
data/dla-needed.txt
Log:
Add wireshark to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-04-14 17:31:39 U
Author: apo
Date: 2017-04-14 21:27:18 + (Fri, 14 Apr 2017)
New Revision: 50682
Modified:
data/dla-needed.txt
Log:
Add imagemagick to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-04-14 21:20:04
Author: apo
Date: 2017-04-14 22:01:40 + (Fri, 14 Apr 2017)
New Revision: 50683
Modified:
data/CVE/list
Log:
Triage elfutils for Wheezy
CVE-2017-7607 and CVE-2017-7609 do not affect Wheezy, the rest is too minor
Modified: data/CVE/list
=
Author: apo
Date: 2017-04-14 22:08:38 + (Fri, 14 Apr 2017)
New Revision: 50684
Modified:
data/dla-needed.txt
Log:
Add libosip2 to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-04-14 22:01:40 UT
-needed.txt 2017-04-16 21:10:13 UTC (rev 50704)
+++ data/dla-needed.txt 2017-04-16 21:51:49 UTC (rev 50705)
@@ -45,6 +45,8 @@
NOTE: 20170324: more information needed for open CVEs.
--
libpodofo (Markus Koschany)
+ NOTE: Waiting for more upstream fixes and will release the update in the last
Author: apo
Date: 2017-04-16 22:17:30 + (Sun, 16 Apr 2017)
New Revision: 50706
Modified:
data/dla-needed.txt
Log:
Add heimdal to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-04-16 21:51:49 UTC
-needed.txt 2017-04-16 22:17:30 UTC (rev 50706)
+++ data/dla-needed.txt 2017-04-16 22:18:50 UTC (rev 50707)
@@ -20,10 +20,14 @@
--
chicken
--
+feh (Markus Koschany)
+--
firefox-esr (Emilio Pozuelo)
NOTE: no update needed yet, but next update will be for ESR 52 as ESR 45 is
now
NOTE: EOL. I have
Author: apo
Date: 2017-04-16 22:23:21 + (Sun, 16 Apr 2017)
New Revision: 50708
Modified:
data/dla-needed.txt
Log:
Add icu to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-04-16 22:18:50 UTC (re
Author: apo
Date: 2017-04-17 15:13:58 + (Mon, 17 Apr 2017)
New Revision: 50724
Modified:
data/CVE/list
Log:
CVE-2017-7864,freetype: Wheezy is not affected
CFF2 support was introduced later (2016-12-15)
Modified: data/CVE/list
==
@@
--
chicken
--
-feh (Markus Koschany)
---
firefox-esr (Emilio Pozuelo)
NOTE: no update needed yet, but next update will be for ESR 52 as ESR 45 is
now
NOTE: EOL. I have already started to look at ESR 52 to anticipate any
problems
, but next update will be for ESR 52 as ESR 45 is
now
NOTE: EOL. I have already started to look at ESR 52 to anticipate any
problems
--
-freetype (Markus Koschany)
---
ghostscript (Raphaël Hertzog)
NOTE: 20170407: Have fixed package for CVE-2016-10219 CVE-2016-10220 and
CVE-2017-5951.
NOTE
:30 UTC (rev 50726)
+++ data/dla-needed.txt 2017-04-17 16:35:13 UTC (rev 50727)
@@ -36,7 +36,7 @@
--
icu
--
-imagemagick
+imagemagick (Markus Koschany)
--
jasper (Thorsten Alteholz)
--
___
Secure-testing-commits mailing list
Secure-testing-commits
@@
--
icu (Thorsten Alteholz)
--
-imagemagick (Markus Koschany)
---
jasper (Thorsten Alteholz)
--
libav (Hugo Lefeuvre)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin
Author: apo
Date: 2017-04-18 17:32:10 + (Tue, 18 Apr 2017)
New Revision: 50760
Modified:
data/CVE/list
Log:
web2py issues: Follow Jessie, no-dsa for Wheezy
The admin application is not used in production hence the security impact is
quite low.
Modified: data/CVE/list
===
:10 UTC (rev 50760)
+++ data/dla-needed.txt 2017-04-18 17:32:45 UTC (rev 50761)
@@ -126,13 +126,6 @@
tomcat7 (Markus Koschany)
NOTE: https://lists.debian.org/debian-lts/2017/04/msg00044.html
--
-web2py
- NOTE: Unclear if these bugs have been fixed or when.
- NOTE: No response to upstream bug
information needed for open CVEs.
+libplist (Markus Koschany)
--
libpodofo (Markus Koschany)
NOTE: Waiting for more upstream fixes and will release the update in the last
___
Secure-testing-commits mailing list
Secure-testing-commits
:23 UTC (rev 50802)
+++ data/dla-needed.txt 2017-04-19 13:25:48 UTC (rev 50803)
@@ -46,8 +46,6 @@
NOTE: Pinged on 2017-02-06
https://github.com/libical/libical/issues/253#issuecomment-277580552 (lamby)
NOTE: Unclear, which reproducer belongs to which bug.
--
-libplist (Markus Koschany
Author: apo
Date: 2017-04-19 13:25:23 + (Wed, 19 Apr 2017)
New Revision: 50802
Modified:
data/CVE/list
Log:
Remaining libplist issues do not affect Wheezy
The affected sanity checks either do not exist in Wheezy or do not use 64-bit
seizes hence the envisaged interger-overflow situation ca
:Markus Koschany
+From 31-07 to 06-08:Markus Koschany
From 07-08 to 13-08:Chris Lamb
From 14-08 to 20-08:Ola Lundqvist
From 21-08 to 27-08:Thorsten Alteholz
From 28-08 to 03-09:Raphaël Hertzog
From 04-09 to 10-09:Ola Lundqvist
From 11-09 to 17-09:Chris Lamb
-From 18-09 to 24-09:
+From 18
(rev 50852)
+++ data/dla-needed.txt 2017-04-20 14:54:31 UTC (rev 50853)
@@ -110,7 +110,7 @@
NOTE: from my point of view backporting the introduction of these new
members to this old
NOTE: version is way to invasive and such this should be marked as
--
-tiff
+tiff (Markus Koschany
UTC (rev 50886)
+++ data/dla-needed.txt 2017-04-21 16:06:26 UTC (rev 50887)
@@ -109,7 +109,7 @@
--
tiff (Markus Koschany)
--
-tiff3
+tiff3 (Markus Koschany)
--
tomcat7 (Markus Koschany)
NOTE: https://lists.debian.org/debian-lts/2017/04/msg00044.html
Author: apo
Date: 2017-04-23 19:57:15 + (Sun, 23 Apr 2017)
New Revision: 50969
Modified:
data/CVE/list
Log:
Revert 50966. CVE-2017-6949,chicken was fixed in DLA-908-1
Modified: data/CVE/list
===
--- data/CVE/list 2017-0
===
--- data/dla-needed.txt 2017-04-24 07:38:04 UTC (rev 50981)
+++ data/dla-needed.txt 2017-04-24 08:26:34 UTC (rev 50982)
@@ -107,8 +107,6 @@
--
squirrelmail (Antoine Beaupré)
--
-tiff (Markus Koschany)
---
tiff3 (Markus Koschany)
--
tomcat7 (Markus Koschany
Author: apo
Date: 2017-04-24 09:49:31 + (Mon, 24 Apr 2017)
New Revision: 50985
Modified:
data/CVE/list
Log:
CVE-2017-7592,tiff3: Wheezy is not affected
The affected function is DECLAREContigPutFunc(putgreytile)
in this version. However there is no left-shift hence no undefined behavior.
Author: apo
Date: 2017-04-24 09:53:55 + (Mon, 24 Apr 2017)
New Revision: 50986
Modified:
data/CVE/list
Log:
CVE-2017-7598,tiff3: Wheezy is not affected.
Vulnerable code is not present
Modified: data/CVE/list
===
--- data/CVE
Author: apo
Date: 2017-04-24 10:06:51 + (Mon, 24 Apr 2017)
New Revision: 50987
Modified:
data/CVE/list
Log:
CVE-2017-7602,tiff3: Wheezy is not affected
Not reproducible and code is different
Modified: data/CVE/list
===
--- d
===
--- data/dla-needed.txt 2017-04-24 10:06:51 UTC (rev 50987)
+++ data/dla-needed.txt 2017-04-24 10:08:17 UTC (rev 50988)
@@ -107,8 +107,6 @@
--
squirrelmail (Antoine Beaupré)
--
-tiff3 (Markus Koschany)
---
tomcat7 (Markus Koschany
data/dla-needed.txt 2017-04-24 10:08:17 UTC (rev 50988)
+++ data/dla-needed.txt 2017-04-24 10:41:28 UTC (rev 50989)
@@ -10,6 +10,8 @@
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
+activemq (Markus Koschany)
+--
apng2gif
NOTE: 24031017: No upstream patch availabl
)
+++ data/dla-needed.txt 2017-04-24 11:24:25 UTC (rev 50990)
@@ -10,8 +10,6 @@
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
-activemq (Markus Koschany)
---
apng2gif
NOTE: 24031017: No upstream patch available yet. Have pinged bug
@@
NOTE: maintainer contacted 2017-04-26
NOTE: reproducer doesn't crash server in a test VM - ?
--anarcat
--
-tomcat7 (Markus Koschany)
- NOTE: https://lists.debian.org/debian-lts/2017/04/msg00044.html
---
wireshark
NOTE: maintainer *may* take care of this, as previ
: maintainer contacted 20170428
+mysql-connector-java (Markus Koschany)
--
mysql-connector-python
NOTE: Brian May is one of the maintainers
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org
Author: apo
Date: 2017-04-29 16:31:07 + (Sat, 29 Apr 2017)
New Revision: 51185
Modified:
data/CVE/list
Log:
Remove no-dsa for some libpodofo issues in Wheezy
Will be fixed with an upcoming DLA
Modified: data/CVE/list
===
---
reproducer belongs to which bug.
--
-libpodofo (Markus Koschany)
- NOTE: Waiting for more upstream fixes and will release the update in the last
-week of April.
---
linux
--
mcollective
___
Secure-testing-commits mailing list
Secure-testing-commits
Author: apo
Date: 2017-04-29 20:40:44 + (Sat, 29 Apr 2017)
New Revision: 51194
Modified:
data/dla-needed.txt
Log:
Add libpodofo to dla-needed.txt again
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-04-29 20
Author: apo
Date: 2017-04-29 23:41:44 + (Sat, 29 Apr 2017)
New Revision: 51197
Modified:
data/dla-needed.txt
Log:
libpodofo: Note that maintainer asked for a review
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 20
:39:17 UTC (rev 51380)
+++ data/dla-needed.txt 2017-05-07 18:53:57 UTC (rev 51381)
@@ -57,6 +57,8 @@
NOTE: -- Jonas Meurer
--
mysql-connector-java (Markus Koschany)
+ NOTE: waiting for new release in unstable. After a few days of testing we can
+ NOTE: upload the new version for Wheezy as well
Author: apo
Date: 2017-05-07 19:04:02 + (Sun, 07 May 2017)
New Revision: 51382
Modified:
data/CVE/list
Log:
Mark CVE-2017-7483,rxvt as no-dsa.
Appears to be too minor. A possible candidate if a more serious issue does
arise in the future.
Modified: data/CVE/list
=
Author: apo
Date: 2017-05-07 19:17:52 + (Sun, 07 May 2017)
New Revision: 51383
Modified:
data/dla-needed.txt
Log:
Add imagemagick to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-05-07 19:04:02
2017-05-07 19:17:52 UTC (rev 51383)
+++ data/dla-needed.txt 2017-05-07 19:19:09 UTC (rev 51384)
@@ -45,6 +45,8 @@
libpodofo
NOTE: maintainer asked for a review
--
+libtirpc (Markus Koschany)
+--
linux
--
mcollective
@@ -93,6 +95,8 @@
--
radicale (Thorsten Alteholz)
--
+rpcbind (Markus
Author: apo
Date: 2017-05-07 19:25:58 + (Sun, 07 May 2017)
New Revision: 51385
Modified:
data/CVE/list
Log:
Mark two binutils CVE as no-dsa in Wheezy
objdump is a development tool hence the impact on production systems is rather
low
Modified: data/CVE/list
===
Author: apo
Date: 2017-05-07 19:47:17 + (Sun, 07 May 2017)
New Revision: 51387
Modified:
data/CVE/list
Log:
Add more information about CVE-2017-8295,wordpress
Modified: data/CVE/list
===
--- data/CVE/list 2017-05-07 1
Author: apo
Date: 2017-05-07 19:58:59 + (Sun, 07 May 2017)
New Revision: 51388
Modified:
data/CVE/list
Log:
CVE-2017-8295,wordpress: Add bug reference
Modified: data/CVE/list
===
--- data/CVE/list 2017-05-07 19:47:17 UT
Author: apo
Date: 2017-05-07 20:09:31 + (Sun, 07 May 2017)
New Revision: 51390
Modified:
data/dla-needed.txt
Log:
Add wordpress to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-05-07 19:59:48 U
Author: apo
Date: 2017-05-07 20:26:16 + (Sun, 07 May 2017)
New Revision: 51392
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Update status of imagemagick in dla-needed.txt
Modified: data/CVE/list
===
--- data/CVE/list
Author: apo
Date: 2017-05-07 20:59:51 + (Sun, 07 May 2017)
New Revision: 51394
Modified:
data/CVE/list
Log:
CVE-2017-8804,eglibc: Note proposed patch
Modified: data/CVE/list
===
--- data/CVE/list 2017-05-07 20:43:38 UTC
Author: apo
Date: 2017-05-07 21:17:07 + (Sun, 07 May 2017)
New Revision: 51396
Modified:
data/DLA/list
Log:
Reserve DLA-933-1 for roundcube
Modified: data/DLA/list
===
--- data/DLA/list 2017-05-07 21:10:11 UTC (rev 51395
: maintainer asked for a review
--
-libtirpc (Markus Koschany)
---
linux
--
mcollective
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing
CVE-2017-2633 and CVE-2016-9602 (and related CVEs)
NOTE: version fixing cirrus related issues up for testing
--
-rpcbind (Markus Koschany)
---
rzip
NOTE: 2017-05-09: No patch
--
___
Secure-testing-commits mailing list
Secure-testing-commits
(rev 51493)
+++ data/dla-needed.txt 2017-05-10 12:45:15 UTC (rev 51494)
@@ -29,6 +29,8 @@
NOTE: EOL. I have already started to look at ESR 52 to anticipate any
problems.
NOTE: Patches for ESR 52 on wheezy sent to maintainer.
--
+git (Markus Koschany)
+--
icu (Thorsten Alteholz)
NOTE
started to look at ESR 52 to anticipate any
problems.
NOTE: Patches for ESR 52 on wheezy sent to maintainer.
--
-git (Markus Koschany)
---
icu (Thorsten Alteholz)
NOTE: Update from Roberto C. Sánchez: the problem appears to be related to
algorithm
NOTE: for the reverse fill of a Unicode text
Author: apo
Date: 2017-05-10 19:35:00 + (Wed, 10 May 2017)
New Revision: 51514
Modified:
data/DLA/list
Log:
Reserve DLA-924-2 for tomcat7
Modified: data/DLA/list
===
--- data/DLA/list 2017-05-10 19:21:59 UTC (rev 51513)
Author: apo
Date: 2017-05-11 20:50:41 + (Thu, 11 May 2017)
New Revision: 51552
Modified:
data/CVE/list
Log:
CVE-2016-10371,tiff,tiff3: Mark tiff3 no-dsa in Wheezy
tiff3: tools are not built but could be fixed later when more serious issues
arise. Add link to fixing commit.
Modified: data
(rev 51552)
+++ data/dla-needed.txt 2017-05-11 20:51:07 UTC (rev 51553)
@@ -113,7 +113,7 @@
NOTE: in coordination with the sec team, waiting for a possible
NOTE: coordinated release
--
-tiff3
+tiff (Markus Koschany)
--
trafficserver
NOTE: maintainer contacted 2017-04-26
21:45:29 UTC (rev 51593)
+++ data/dla-needed.txt 2017-05-12 22:38:16 UTC (rev 51594)
@@ -114,7 +114,9 @@
NOTE: in coordination with the sec team, waiting for a possible
NOTE: coordinated release
--
-tiff (Markus Koschany)
+tiff
+ NOTE: https://people.debian.org/~apo/tiff/tiff.debdiff
+ NOTE
2017-05-14 17:40:50 UTC (rev 51623)
+++ data/dla-needed.txt 2017-05-14 20:53:19 UTC (rev 51624)
@@ -45,6 +45,8 @@
jbig2dec (Thorsten Alteholz)
NOTE: 20170510, one CVE is missing a patch
--
+libarchive (Markus Koschany)
+--
libav
NOTE: Diego Biurrun (from the libav team) is working on
)
@@ -113,10 +113,6 @@
rzip
NOTE: 2017-05-09: No patch
--
-squirrelmail (Markus Koschany)
- NOTE: in coordination with the sec team, waiting for a possible
- NOTE: coordinated release
---
tiff
NOTE: https://people.debian.org/~apo/tiff/tiff.debdiff
NOTE: Waiting for more issues until the
:47:34 UTC (rev 51689)
@@ -71,10 +71,6 @@
NOTE:
https://blogs.gentoo.org/ago/2017/01/29/mp3splt-invalid-free-in-free_options-options_manager-c/
NOTE: -- Jonas Meurer
--
-mysql-connector-java (Markus Koschany)
- NOTE: waiting for new release in unstable. After a few days of testing we can
:33:59 UTC (rev 51804)
+++ data/dla-needed.txt 2017-05-21 21:40:20 UTC (rev 51805)
@@ -24,7 +24,7 @@
eglibc
NOTE: Patch available, however not yet applied upstream.
--
-graphicsmagick
+graphicsmagick (Markus Koschany)
--
firefox-esr (Emilio Pozuelo)
NOTE: no update needed yet, but next
-05-22 21:20:08 UTC (rev 51853)
+++ data/dla-needed.txt 2017-05-22 21:21:14 UTC (rev 51854)
@@ -39,7 +39,10 @@
--
kde4libs
--
-libarchive (Markus Koschany)
+libarchive
+ NOTE: I suggest to wait for more issues. Could not find more information
+ NOTE: about the undetermined CVEs. Debdiff is at
(rev 51972)
@@ -24,8 +24,6 @@
eglibc
NOTE: Patch available, however not yet applied upstream.
--
-graphicsmagick (Markus Koschany)
---
imagemagick (Roberto C. Sánchez)
NOTE: 20170524, packages are prepared and a call for testing was sent to
debian-lts@l.d.o
:59 UTC (rev 51972)
+++ data/dla-needed.txt 2017-05-26 11:59:58 UTC (rev 51973)
@@ -126,8 +126,7 @@
wireshark
NOTE: maintainer *may* take care of this, as previously
--
-wordpress
- NOTE: 2017-05-15: no fix yet beyond "change your Apache config"
+wordpress (Markus Koschany)
--
xb
UTC (rev 52121)
+++ data/dla-needed.txt 2017-05-30 19:02:48 UTC (rev 52122)
@@ -89,7 +89,7 @@
qemu-kvm (Guido Günther)
NOTE: Investigating CVE-2017-2633
--
-smb4k
+smb4k (Markus Koschany)
--
sudo (Ben Hutchings)
--
___
Secure-testing-commits
(Markus Koschany)
- NOTE: maintainer asked for a review
---
libxml2 (Thorsten Alteholz)
NOTE: 20170528, patches suggested but not accepted, bugs not yet public
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
Author: apo
Date: 2017-05-30 20:51:45 + (Tue, 30 May 2017)
New Revision: 52130
Modified:
data/CVE/list
Log:
Remove no-dsa tag for CVE-2016-3658,Wheezy
Will be fixed in an upcoming security update.
Modified: data/CVE/list
===
Author: apo
Date: 2017-05-30 20:52:17 + (Tue, 30 May 2017)
New Revision: 52131
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-969-1 for tiff
Modified: data/DLA/list
===
--- data/DLA/list 2017-05-30 20:51
2017-06-02 12:32:25 UTC (rev 52234)
@@ -112,8 +112,6 @@
wireshark
NOTE: maintainer *may* take care of this, as previously
--
-wordpress (Markus Koschany)
---
xbmc
NOTE: Reproduced: https://lists.debian.org/debian-lts/2017/04/msg00025.html
NOTE: no upstream fix, may require refactoring
21:10:13 UTC (rev 52428)
+++ data/dla-needed.txt 2017-06-08 21:33:04 UTC (rev 52429)
@@ -104,6 +104,9 @@
NOTE: Trying to reproduce CVE-2017-9461 in the wheezy version
--
smb4k (Markus Koschany)
+ NOTE: I have backported the patch to Wheezy but something is wrong with it
+ NOTE: and I haven
UTC (rev 52429)
+++ data/dla-needed.txt 2017-06-08 21:34:07 UTC (rev 52430)
@@ -123,7 +123,7 @@
NOTE: two leaks (CVE-2017-9403, CVE-2017-9404). Might be worth waiting until
NOTE: more issues piled up
--
-tomcat7
+tomcat7 (Markus Koschany)
--
tor
Author: apo
Date: 2017-06-13 22:24:05 + (Tue, 13 Jun 2017)
New Revision: 52544
Modified:
data/CVE/list
data/dla-needed.txt
Log:
CVE-2017-3469,mysql-workbench: Mark as no-dsa for Wheezy
Follow Jessie. According to the CVE description the vulnerability is difficult
to exploit.
Unfortunat
:05 UTC (rev 52544)
+++ data/dla-needed.txt 2017-06-13 22:25:26 UTC (rev 52545)
@@ -145,7 +145,7 @@
NOTE: https://github.com/ZoneMinder/ZoneMinder/pull/1764/files
NOTE: No CVE assigned.
--
-zookeeper
+zookeeper (Markus Koschany)
--
zziplib (Thorsten Alteholz
: https://github.com/ZoneMinder/ZoneMinder/pull/1764/files
NOTE: No CVE assigned.
--
-zookeeper (Markus Koschany)
---
zziplib (Thorsten Alteholz)
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http
:00:05 UTC (rev 52593)
+++ data/dla-needed.txt 2017-06-15 20:24:55 UTC (rev 52594)
@@ -117,9 +117,7 @@
NOTE: Trying to reproduce CVE-2017-9461 in the wheezy version
--
smb4k (Markus Koschany)
- NOTE: I have backported the patch to Wheezy but something is wrong with it
- NOTE: and I haven
Author: apo
Date: 2017-06-15 21:34:52 + (Thu, 15 Jun 2017)
New Revision: 52596
Modified:
data/CVE/list
data/dla-needed.txt
Log:
CVE-2017-5666,mp3splt: no-dsa for Wheezy
Follow Jessie.
Modified: data/CVE/list
===
--- data/
Author: apo
Date: 2017-06-15 22:00:55 + (Thu, 15 Jun 2017)
New Revision: 52599
Modified:
data/CVE/list
data/dla-needed.txt
Log:
CVE-2017-6542,putty: no-dsa for Wheezy
The issue is only exploitable when SSH agent forwarding is enabled (disabled by
default) AND the attacker has been able
Author: apo
Date: 2017-06-16 10:37:35 + (Fri, 16 Jun 2017)
New Revision: 52614
Modified:
data/CVE/list
Log:
CVE-2017-2666,CVE-2017-2670: Update status of undertow
Modified: data/CVE/list
===
--- data/CVE/list 2017-06-16
UTC (rev 52619)
+++ data/dla-needed.txt 2017-06-16 17:27:23 UTC (rev 52620)
@@ -38,6 +38,8 @@
NOTE: other no-dsa CVE issue open that might be worth fixing
NOTE: jessie has the same version
--
+jython (Markus Koschany)
+--
libarchive
NOTE: I suggest to wait for more issues. Could not find
@@
NOTE: other no-dsa CVE issue open that might be worth fixing
NOTE: jessie has the same version
--
-jython (Markus Koschany)
---
libarchive
NOTE: I suggest to wait for more issues. Could not find more information
NOTE: about the undetermined CVEs. Debdiff is at
Author: apo
Date: 2017-06-18 11:28:21 + (Sun, 18 Jun 2017)
New Revision: 52694
Modified:
data/dla-needed.txt
Log:
Remove jython from dla-needed.txt again.
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-06-18 1
UTC (rev 52694)
+++ data/dla-needed.txt 2017-06-18 11:56:45 UTC (rev 52695)
@@ -36,9 +36,9 @@
NOTE: other no-dsa CVE issue open that might be worth fixing
NOTE: jessie has the same version
--
-jetty
+jetty (Markus Koschany)
--
-jetty8
+jetty8 (Markus Koschany)
--
kdepim
301 - 400 of 810 matches
Mail list logo