[Secure-testing-commits] r57775 - data/CVE

Author: carnil Date: 2017-11-18 08:08:53 + (Sat, 18 Nov 2017) New Revision: 57775 Modified: data/CVE/list Log: Update status for jessie for CVE-2017-16239/nova Modified: data/CVE/list === --- data/CVE/list 2017-11-18

[Secure-testing-commits] r57777 - data/CVE

Author: aurel32 Date: 2017-11-18 11:22:31 + (Sat, 18 Nov 2017) New Revision: 5 Modified: data/CVE/list Log: CVE-2017-12132 is now fixed in sid Modified: data/CVE/list === --- data/CVE/list 2017-11-18 09:10:15 UTC

[Secure-testing-commits] r57776 - data/CVE

Author: sectracker Date: 2017-11-18 09:10:15 + (Sat, 18 Nov 2017) New Revision: 57776 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-18 08:08:53 UTC (rev 57775) +++

[Secure-testing-commits] r57778 - data/DLA

Author: hle Date: 2017-11-18 12:35:47 + (Sat, 18 Nov 2017) New Revision: 57778 Modified: data/DLA/list Log: Claim DLA-1176-1 for ming Modified: data/DLA/list === --- data/DLA/list 2017-11-18 11:22:31 UTC (rev 5) +++

[Secure-testing-commits] r57780 - data/CVE

Author: carnil Date: 2017-11-18 13:05:57 + (Sat, 18 Nov 2017) New Revision: 57780 Modified: data/CVE/list Log: Add CVE-2017-1000190/simple-xml Modified: data/CVE/list === --- data/CVE/list 2017-11-18 13:05:45 UTC (rev

[Secure-testing-commits] r57779 - data/CVE

Author: carnil Date: 2017-11-18 13:05:45 + (Sat, 18 Nov 2017) New Revision: 57779 Modified: data/CVE/list Log: Process NFUs Modified: data/CVE/list === --- data/CVE/list 2017-11-18 12:35:47 UTC (rev 57778) +++

[Secure-testing-commits] r57781 - data/CVE

Author: carnil Date: 2017-11-18 13:06:09 + (Sat, 18 Nov 2017) New Revision: 57781 Modified: data/CVE/list Log: Add CVE-2017-100012{6,7,8}/exiv2 Modified: data/CVE/list === --- data/CVE/list 2017-11-18 13:05:57 UTC (rev

[Secure-testing-commits] r57782 - data/CVE

Author: carnil Date: 2017-11-18 14:44:38 + (Sat, 18 Nov 2017) New Revision: 57782 Modified: data/CVE/list Log: Add mariadb-10.1 issues and mark as postponed for stretch There is no urgency to have a seprate DSA release for this update since the CVE are fairly minor (at least from the

[Secure-testing-commits] r57783 - data/CVE

Author: carnil Date: 2017-11-18 15:26:51 + (Sat, 18 Nov 2017) New Revision: 57783 Modified: data/CVE/list Log: Remove todo for CVE-2017-5130 Modified: data/CVE/list === --- data/CVE/list 2017-11-18 14:44:38 UTC (rev

[Secure-testing-commits] r57791 - in data: . DLA

+98,6 @@ rtpproxy NOTE: it's not clear to me if a fix is even possible. -- Raphaël Hertzog -- -shibboleth-sp2 (Markus Koschany) - NOTE: 20171118: Same as opensaml2 --- simplesamlphp NOTE: 2017-09-04: Maintainer will handle this. NOTE: https://lists.debian.org/debian-lts/2017/09/msg00010

[Secure-testing-commits] r57794 - data/DLA

Author: apo Date: 2017-11-18 20:03:47 + (Sat, 18 Nov 2017) New Revision: 57794 Modified: data/DLA/list Log: It was the other way around Modified: data/DLA/list === --- data/DLA/list 2017-11-18 20:01:28 UTC (rev 57793)

[Secure-testing-commits] r57793 - data/DLA

Author: apo Date: 2017-11-18 20:01:28 + (Sat, 18 Nov 2017) New Revision: 57793 Modified: data/DLA/list Log: Fix CVE id for opensaml2 in data/DLA/list. Modified: data/DLA/list === --- data/DLA/list 2017-11-18 19:56:24

[Secure-testing-commits] r57796 - data/CVE

Author: carnil Date: 2017-11-18 20:24:30 + (Sat, 18 Nov 2017) New Revision: 57796 Modified: data/CVE/list Log: ruby-ox fixed in unstable Modified: data/CVE/list === --- data/CVE/list 2017-11-18 20:07:26 UTC (rev 57795)

[Secure-testing-commits] r57799 - data/CVE

Author: sectracker Date: 2017-11-18 21:10:12 + (Sat, 18 Nov 2017) New Revision: 57799 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2017-11-18 20:26:51 UTC (rev 57798) +++

[Secure-testing-commits] r57792 - data

19:15:54 UTC (rev 57791) +++ data/dla-needed.txt 2017-11-18 19:56:24 UTC (rev 57792) @@ -78,6 +78,7 @@ openjdk-7 (Emilio Pozuelo) -- optipng + NOTE: 20171118: pinged upstream (Markus Koschany) -- python-werkzeug (Thorsten Alteholz) -- ___ Secure

[Secure-testing-commits] r57801 - data

Author: roberto Date: 2017-11-18 22:06:24 + (Sat, 18 Nov 2017) New Revision: 57801 Modified: data/dla-needed.txt Log: Update roundcube LTS status Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-11-18 22:04:16

[Secure-testing-commits] r57803 - data/CVE

Author: carnil Date: 2017-11-18 22:37:15 + (Sat, 18 Nov 2017) New Revision: 57803 Modified: data/CVE/list Log: Add CVE-2017-16882/icinga Modified: data/CVE/list === --- data/CVE/list 2017-11-18 22:09:46 UTC (rev 57802)

[Secure-testing-commits] r57804 - data/CVE

Author: carnil Date: 2017-11-18 22:38:25 + (Sat, 18 Nov 2017) New Revision: 57804 Modified: data/CVE/list Log: Mark CVE-2017-16881 as NFU Modified: data/CVE/list === --- data/CVE/list 2017-11-18 22:37:15 UTC (rev 57803)

[Secure-testing-commits] r57800 - data/CVE

Author: hle Date: 2017-11-18 22:04:16 + (Sat, 18 Nov 2017) New Revision: 57800 Modified: data/CVE/list Log: ming (removed, only in wheezy) is affected by new CVE-2017-16883 (more infos on upstreams bug tracker) Modified: data/CVE/list

[Secure-testing-commits] r57795 - data

Author: apo Date: 2017-11-18 20:07:26 + (Sat, 18 Nov 2017) New Revision: 57795 Modified: data/dla-needed.txt Log: Claim libspring-ldap-java in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt

[Secure-testing-commits] r57798 - data

Author: carnil Date: 2017-11-18 20:26:51 + (Sat, 18 Nov 2017) New Revision: 57798 Modified: data/dsa-needed.txt Log: Remove old notes for php5 and php7.0 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-11-18

[Secure-testing-commits] r57797 - data

Author: carnil Date: 2017-11-18 20:26:48 + (Sat, 18 Nov 2017) New Revision: 57797 Modified: data/dsa-needed.txt Log: Add note for procmail Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2017-11-18 20:24:30 UTC (rev

[Secure-testing-commits] r57789 - data/CVE

Author: carnil Date: 2017-11-18 18:22:40 + (Sat, 18 Nov 2017) New Revision: 57789 Modified: data/CVE/list Log: Add fixing (pending) versions for CVE-2017-5969 and CVE-2017-5130 Modified: data/CVE/list === --- data/CVE/list

[Secure-testing-commits] r57790 - in data: . DLA

(rev 57790) @@ -77,9 +77,6 @@ -- openjdk-7 (Emilio Pozuelo) -- -opensaml2 (Markus Koschany) - NOTE: 20171118: Same as shibboleth-sp2 --- optipng -- python-werkzeug (Thorsten Alteholz) ___ Secure-testing-commits mailing list Secure-testing-commits

[Secure-testing-commits] r57802 - data/CVE

Author: roberto Date: 2017-11-18 22:09:46 + (Sat, 18 Nov 2017) New Revision: 57802 Modified: data/CVE/list Log: Additional URLs for roundcube CVE-2017-16651 Modified: data/CVE/list === --- data/CVE/list 2017-11-18

[Secure-testing-commits] r57809 - data/CVE

Author: roberto Date: 2017-11-19 04:20:53 + (Sun, 19 Nov 2017) New Revision: 57809 Modified: data/CVE/list Log: Postpone CVE-2017-16808 for tcpdump in wheezy, as was done for jessie and stretch Modified: data/CVE/list ===

[Secure-testing-commits] r57811 - data

Author: roberto Date: 2017-11-19 04:42:54 + (Sun, 19 Nov 2017) New Revision: 57811 Modified: data/dla-needed.txt Log: Claim ldns in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-11-19 04:23:12

[Secure-testing-commits] r57806 - data/CVE

Author: lamby Date: 2017-11-19 03:55:53 + (Sun, 19 Nov 2017) New Revision: 57806 Modified: data/CVE/list Log: Add note re CVE-2017-1000126/exiv2 in wheezy Modified: data/CVE/list === --- data/CVE/list 2017-11-19

[Secure-testing-commits] r57805 - data/CVE

Author: lamby Date: 2017-11-19 03:55:14 + (Sun, 19 Nov 2017) New Revision: 57805 Modified: data/CVE/list Log: Add upstream URL for CVE-2017-1000126/exiv2 Modified: data/CVE/list === --- data/CVE/list 2017-11-18 22:38:25

[Secure-testing-commits] r57807 - data/CVE

Author: roberto Date: 2017-11-19 03:56:43 + (Sun, 19 Nov 2017) New Revision: 57807 Modified: data/CVE/list Log: Note that CVE-2017-14107 also affects php5 and mark no-DSA in wheezy, not sure about jessie Modified: data/CVE/list

[Secure-testing-commits] r57808 - data

-needed.txt 2017-11-19 03:56:43 UTC (rev 57807) +++ data/dla-needed.txt 2017-11-19 03:56:47 UTC (rev 57808) @@ -83,8 +83,10 @@ python-werkzeug (Thorsten Alteholz) -- python2.6 (Roberto C. Sánchez) + NOTE: 20171118: Update is prepared, call for testing has been sent, will upload and release DLA

[Secure-testing-commits] r57810 - data

=== --- data/dla-needed.txt 2017-11-19 04:20:53 UTC (rev 57809) +++ data/dla-needed.txt 2017-11-19 04:23:12 UTC (rev 57810) @@ -118,9 +118,6 @@ swftools NOTE: 20171118: At least CVE-2017-16797 is present. (lamby) -- -tcpdump - NOTE: 20171118: PoC (https://github.com/the-tcpdump-group/tcpdump/issues

[Secure-testing-commits] r57784 - data/CVE

Author: carnil Date: 2017-11-18 16:40:38 + (Sat, 18 Nov 2017) New Revision: 57784 Modified: data/CVE/list Log: Record experimental version for CVE-2017-14107/libzip Modified: data/CVE/list === --- data/CVE/list

[Secure-testing-commits] r57785 - in data: . DLA

Author: apo Date: 2017-11-18 17:14:24 + (Sat, 18 Nov 2017) New Revision: 57785 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-1177-1 for poppler Modified: data/DLA/list === --- data/DLA/list 2017-11-18

[Secure-testing-commits] r57786 - data/CVE

Author: apo Date: 2017-11-18 17:52:46 + (Sat, 18 Nov 2017) New Revision: 57786 Modified: data/CVE/list Log: CVE-2017-14929,poppler: Mark as ignored for Wheezy The vulnerability (infinite loop) is not reproducible with the provided POC in Wheezy. The code looks similar although it differs

[Secure-testing-commits] r57787 - doc

Author: geissert Date: 2017-11-18 17:57:47 + (Sat, 18 Nov 2017) New Revision: 57787 Modified: doc/DSA.template Log: Add a link to the security tracker to the DSA template Modified: doc/DSA.template === --- doc/DSA.template

[Secure-testing-commits] r57788 - data

2017-11-18 17:57:47 UTC (rev 57787) +++ data/dla-needed.txt 2017-11-18 18:04:18 UTC (rev 57788) @@ -77,7 +77,7 @@ -- openjdk-7 (Emilio Pozuelo) -- -opensaml2 +opensaml2 (Markus Koschany) NOTE: 20171118: Same as shibboleth-sp2 -- optipng @@ -101,7 +101,7 @@ rtpproxy NOTE: it's not clear