Author: carnil
Date: 2017-11-18 08:08:53 + (Sat, 18 Nov 2017)
New Revision: 57775
Modified:
data/CVE/list
Log:
Update status for jessie for CVE-2017-16239/nova
Modified: data/CVE/list
===
--- data/CVE/list 2017-11-18
Author: aurel32
Date: 2017-11-18 11:22:31 + (Sat, 18 Nov 2017)
New Revision: 5
Modified:
data/CVE/list
Log:
CVE-2017-12132 is now fixed in sid
Modified: data/CVE/list
===
--- data/CVE/list 2017-11-18 09:10:15 UTC
Author: sectracker
Date: 2017-11-18 09:10:15 + (Sat, 18 Nov 2017)
New Revision: 57776
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2017-11-18 08:08:53 UTC (rev 57775)
+++
Author: hle
Date: 2017-11-18 12:35:47 + (Sat, 18 Nov 2017)
New Revision: 57778
Modified:
data/DLA/list
Log:
Claim DLA-1176-1 for ming
Modified: data/DLA/list
===
--- data/DLA/list 2017-11-18 11:22:31 UTC (rev 5)
+++
Author: carnil
Date: 2017-11-18 13:05:57 + (Sat, 18 Nov 2017)
New Revision: 57780
Modified:
data/CVE/list
Log:
Add CVE-2017-1000190/simple-xml
Modified: data/CVE/list
===
--- data/CVE/list 2017-11-18 13:05:45 UTC (rev
Author: carnil
Date: 2017-11-18 13:05:45 + (Sat, 18 Nov 2017)
New Revision: 57779
Modified:
data/CVE/list
Log:
Process NFUs
Modified: data/CVE/list
===
--- data/CVE/list 2017-11-18 12:35:47 UTC (rev 57778)
+++
Author: carnil
Date: 2017-11-18 13:06:09 + (Sat, 18 Nov 2017)
New Revision: 57781
Modified:
data/CVE/list
Log:
Add CVE-2017-100012{6,7,8}/exiv2
Modified: data/CVE/list
===
--- data/CVE/list 2017-11-18 13:05:57 UTC (rev
Author: carnil
Date: 2017-11-18 14:44:38 + (Sat, 18 Nov 2017)
New Revision: 57782
Modified:
data/CVE/list
Log:
Add mariadb-10.1 issues and mark as postponed for stretch
There is no urgency to have a seprate DSA release for this update since
the CVE are fairly minor (at least from the
Author: carnil
Date: 2017-11-18 15:26:51 + (Sat, 18 Nov 2017)
New Revision: 57783
Modified:
data/CVE/list
Log:
Remove todo for CVE-2017-5130
Modified: data/CVE/list
===
--- data/CVE/list 2017-11-18 14:44:38 UTC (rev
+98,6 @@
rtpproxy
NOTE: it's not clear to me if a fix is even possible. -- Raphaël Hertzog
--
-shibboleth-sp2 (Markus Koschany)
- NOTE: 20171118: Same as opensaml2
---
simplesamlphp
NOTE: 2017-09-04: Maintainer will handle this.
NOTE: https://lists.debian.org/debian-lts/2017/09/msg00010
Author: apo
Date: 2017-11-18 20:03:47 + (Sat, 18 Nov 2017)
New Revision: 57794
Modified:
data/DLA/list
Log:
It was the other way around
Modified: data/DLA/list
===
--- data/DLA/list 2017-11-18 20:01:28 UTC (rev 57793)
Author: apo
Date: 2017-11-18 20:01:28 + (Sat, 18 Nov 2017)
New Revision: 57793
Modified:
data/DLA/list
Log:
Fix CVE id for opensaml2 in data/DLA/list.
Modified: data/DLA/list
===
--- data/DLA/list 2017-11-18 19:56:24
Author: carnil
Date: 2017-11-18 20:24:30 + (Sat, 18 Nov 2017)
New Revision: 57796
Modified:
data/CVE/list
Log:
ruby-ox fixed in unstable
Modified: data/CVE/list
===
--- data/CVE/list 2017-11-18 20:07:26 UTC (rev 57795)
Author: sectracker
Date: 2017-11-18 21:10:12 + (Sat, 18 Nov 2017)
New Revision: 57799
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2017-11-18 20:26:51 UTC (rev 57798)
+++
19:15:54 UTC (rev 57791)
+++ data/dla-needed.txt 2017-11-18 19:56:24 UTC (rev 57792)
@@ -78,6 +78,7 @@
openjdk-7 (Emilio Pozuelo)
--
optipng
+ NOTE: 20171118: pinged upstream (Markus Koschany)
--
python-werkzeug (Thorsten Alteholz)
--
___
Secure
Author: roberto
Date: 2017-11-18 22:06:24 + (Sat, 18 Nov 2017)
New Revision: 57801
Modified:
data/dla-needed.txt
Log:
Update roundcube LTS status
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-11-18 22:04:16
Author: carnil
Date: 2017-11-18 22:37:15 + (Sat, 18 Nov 2017)
New Revision: 57803
Modified:
data/CVE/list
Log:
Add CVE-2017-16882/icinga
Modified: data/CVE/list
===
--- data/CVE/list 2017-11-18 22:09:46 UTC (rev 57802)
Author: carnil
Date: 2017-11-18 22:38:25 + (Sat, 18 Nov 2017)
New Revision: 57804
Modified:
data/CVE/list
Log:
Mark CVE-2017-16881 as NFU
Modified: data/CVE/list
===
--- data/CVE/list 2017-11-18 22:37:15 UTC (rev 57803)
Author: hle
Date: 2017-11-18 22:04:16 + (Sat, 18 Nov 2017)
New Revision: 57800
Modified:
data/CVE/list
Log:
ming (removed, only in wheezy) is affected by new CVE-2017-16883 (more infos on
upstreams bug tracker)
Modified: data/CVE/list
Author: apo
Date: 2017-11-18 20:07:26 + (Sat, 18 Nov 2017)
New Revision: 57795
Modified:
data/dla-needed.txt
Log:
Claim libspring-ldap-java in dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt
Author: carnil
Date: 2017-11-18 20:26:51 + (Sat, 18 Nov 2017)
New Revision: 57798
Modified:
data/dsa-needed.txt
Log:
Remove old notes for php5 and php7.0
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2017-11-18
Author: carnil
Date: 2017-11-18 20:26:48 + (Sat, 18 Nov 2017)
New Revision: 57797
Modified:
data/dsa-needed.txt
Log:
Add note for procmail
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2017-11-18 20:24:30 UTC (rev
Author: carnil
Date: 2017-11-18 18:22:40 + (Sat, 18 Nov 2017)
New Revision: 57789
Modified:
data/CVE/list
Log:
Add fixing (pending) versions for CVE-2017-5969 and CVE-2017-5130
Modified: data/CVE/list
===
--- data/CVE/list
(rev 57790)
@@ -77,9 +77,6 @@
--
openjdk-7 (Emilio Pozuelo)
--
-opensaml2 (Markus Koschany)
- NOTE: 20171118: Same as shibboleth-sp2
---
optipng
--
python-werkzeug (Thorsten Alteholz)
___
Secure-testing-commits mailing list
Secure-testing-commits
Author: roberto
Date: 2017-11-18 22:09:46 + (Sat, 18 Nov 2017)
New Revision: 57802
Modified:
data/CVE/list
Log:
Additional URLs for roundcube CVE-2017-16651
Modified: data/CVE/list
===
--- data/CVE/list 2017-11-18
Author: roberto
Date: 2017-11-19 04:20:53 + (Sun, 19 Nov 2017)
New Revision: 57809
Modified:
data/CVE/list
Log:
Postpone CVE-2017-16808 for tcpdump in wheezy, as was done for jessie and
stretch
Modified: data/CVE/list
===
Author: roberto
Date: 2017-11-19 04:42:54 + (Sun, 19 Nov 2017)
New Revision: 57811
Modified:
data/dla-needed.txt
Log:
Claim ldns in dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-11-19 04:23:12
Author: lamby
Date: 2017-11-19 03:55:53 + (Sun, 19 Nov 2017)
New Revision: 57806
Modified:
data/CVE/list
Log:
Add note re CVE-2017-1000126/exiv2 in wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2017-11-19
Author: lamby
Date: 2017-11-19 03:55:14 + (Sun, 19 Nov 2017)
New Revision: 57805
Modified:
data/CVE/list
Log:
Add upstream URL for CVE-2017-1000126/exiv2
Modified: data/CVE/list
===
--- data/CVE/list 2017-11-18 22:38:25
Author: roberto
Date: 2017-11-19 03:56:43 + (Sun, 19 Nov 2017)
New Revision: 57807
Modified:
data/CVE/list
Log:
Note that CVE-2017-14107 also affects php5 and mark no-DSA in wheezy, not sure
about jessie
Modified: data/CVE/list
-needed.txt 2017-11-19 03:56:43 UTC (rev 57807)
+++ data/dla-needed.txt 2017-11-19 03:56:47 UTC (rev 57808)
@@ -83,8 +83,10 @@
python-werkzeug (Thorsten Alteholz)
--
python2.6 (Roberto C. Sánchez)
+ NOTE: 20171118: Update is prepared, call for testing has been sent, will
upload and release DLA
===
--- data/dla-needed.txt 2017-11-19 04:20:53 UTC (rev 57809)
+++ data/dla-needed.txt 2017-11-19 04:23:12 UTC (rev 57810)
@@ -118,9 +118,6 @@
swftools
NOTE: 20171118: At least CVE-2017-16797 is present. (lamby)
--
-tcpdump
- NOTE: 20171118: PoC
(https://github.com/the-tcpdump-group/tcpdump/issues
Author: carnil
Date: 2017-11-18 16:40:38 + (Sat, 18 Nov 2017)
New Revision: 57784
Modified:
data/CVE/list
Log:
Record experimental version for CVE-2017-14107/libzip
Modified: data/CVE/list
===
--- data/CVE/list
Author: apo
Date: 2017-11-18 17:14:24 + (Sat, 18 Nov 2017)
New Revision: 57785
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-1177-1 for poppler
Modified: data/DLA/list
===
--- data/DLA/list 2017-11-18
Author: apo
Date: 2017-11-18 17:52:46 + (Sat, 18 Nov 2017)
New Revision: 57786
Modified:
data/CVE/list
Log:
CVE-2017-14929,poppler: Mark as ignored for Wheezy
The vulnerability (infinite loop) is not reproducible with the provided POC in
Wheezy. The code looks similar although it differs
Author: geissert
Date: 2017-11-18 17:57:47 + (Sat, 18 Nov 2017)
New Revision: 57787
Modified:
doc/DSA.template
Log:
Add a link to the security tracker to the DSA template
Modified: doc/DSA.template
===
--- doc/DSA.template
2017-11-18 17:57:47 UTC (rev 57787)
+++ data/dla-needed.txt 2017-11-18 18:04:18 UTC (rev 57788)
@@ -77,7 +77,7 @@
--
openjdk-7 (Emilio Pozuelo)
--
-opensaml2
+opensaml2 (Markus Koschany)
NOTE: 20171118: Same as shibboleth-sp2
--
optipng
@@ -101,7 +101,7 @@
rtpproxy
NOTE: it's not clear
37 matches
Mail list logo