Author: anarcat
Date: 2013-01-09 17:11:21 + (Wed, 09 Jan 2013)
New Revision: 20866
Modified:
data/CVE/list
Log:
rails 2.3 (so all of the rails package) is not affected by CVE-2013-0155
Modified: data/CVE/list
===
---
:16:19 UTC (rev 38179)
+++ data/dla-needed.txt 2015-12-09 02:01:06 UTC (rev 38180)
@@ -44,7 +44,7 @@
--
quassel (Scott K)
--
-redmine
+redmine (Antoine Beaupré)
--
squid
NOTE: CVE-2015-5400: Fix is hard to backport, and default configuration is
not affected
Author: anarcat
Date: 2015-12-09 02:19:10 + (Wed, 09 Dec 2015)
New Revision: 38181
Modified:
data/CVE/list
Log:
add links to more patches in redmine issues
Modified: data/CVE/list
===
--- data/CVE/list 2015-12-09
Author: anarcat
Date: 2015-12-11 20:06:23 + (Fri, 11 Dec 2015)
New Revision: 38231
Modified:
data/CVE/list
Log:
update status of some redmine issues
Modified: data/CVE/list
===
--- data/CVE/list 2015-12-11 17:30:43 UTC
Author: anarcat
Date: 2016-01-06 16:25:43 + (Wed, 06 Jan 2016)
New Revision: 38733
Modified:
data/dla-needed.txt
Log:
xscreensaver mistakenly added to DLA
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-01-06
Author: anarcat
Date: 2015-12-29 19:36:06 + (Tue, 29 Dec 2015)
New Revision: 38595
Modified:
data/CVE/list
Log:
Summary: CVE-2015-8537 not in squeeze
Modified: data/CVE/list
===
--- data/CVE/list 2015-12-29 08:46:13
Author: anarcat
Date: 2015-12-29 21:31:55 + (Tue, 29 Dec 2015)
New Revision: 38597
Modified:
data/CVE/list
Log:
Summary: update status of 2012 redmine issues
Modified: data/CVE/list
===
--- data/CVE/list 2015-12-29
Author: anarcat
Date: 2015-12-31 22:26:35 + (Thu, 31 Dec 2015)
New Revision: 38626
Modified:
data/CVE/list
Log:
Summary: crossref ganeti issues
Modified: data/CVE/list
===
--- data/CVE/list 2015-12-31 21:10:11 UTC (rev
===
--- data/dla-needed.txt 2015-12-31 20:17:56 UTC (rev 38623)
+++ data/dla-needed.txt 2015-12-31 20:57:51 UTC (rev 38624)
@@ -49,8 +49,6 @@
--
quassel (Scott K)
--
-redmine (Antoine Beaupré)
---
samba (Santiago R.R.)
--
srtp (Thorsten Alteholz)
___
Secure
Author: anarcat
Date: 2015-12-31 20:17:56 + (Thu, 31 Dec 2015)
New Revision: 38623
Modified:
data/CVE/list
Log:
Summary: close all issues in redmine for LTS as it's unsupported
this should really be automated, as i spent hours working on those
patches only to discover it wasn't supported
Author: anarcat
Date: 2016-01-05 20:15:25 + (Tue, 05 Jan 2016)
New Revision: 38719
Modified:
data/dla-needed.txt
data/dsa-needed.txt
Log:
self-assign xscreensaver
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt
Author: anarcat
Date: 2015-11-25 16:37:24 + (Wed, 25 Nov 2015)
New Revision: 37896
Modified:
data/DLA/list
Log:
Reserve DLA-348-1 for smokeping
Modified: data/DLA/list
===
--- data/DLA/list 2015-11-25 16:29:07 UTC (rev
Author: anarcat
Date: 2015-11-26 21:59:14 + (Thu, 26 Nov 2015)
New Revision: 37937
Modified:
data/CVE/list
data/DLA/list
Log:
squeeze is not vulnerable to CVE-2015-0859
Modified: data/CVE/list
===
--- data/CVE/list
Author: anarcat
Date: 2016-05-30 18:35:17 + (Mon, 30 May 2016)
New Revision: 42166
Modified:
data/DLA/list
Log:
Summary: fix PMA version
Modified: data/DLA/list
===
--- data/DLA/list 2016-05-30 18:11:04 UTC (rev 42165)
Author: anarcat
Date: 2016-05-30 17:55:33 + (Mon, 30 May 2016)
New Revision: 42161
Modified:
data/DLA/list
Log:
Reserve DLA-481-2 for phpmyadmin
Modified: data/DLA/list
===
--- data/DLA/list 2016-05-30 17:54:28 UTC (rev
Author: anarcat
Date: 2016-02-05 18:11:37 + (Fri, 05 Feb 2016)
New Revision: 39485
Modified:
data/CVE/list
Log:
Summary: also postponed mysql 5.5 update for the next oracle CPU
Modified: data/CVE/list
===
--- data/CVE/list
Author: anarcat
Date: 2016-02-05 18:39:28 + (Fri, 05 Feb 2016)
New Revision: 39488
Modified:
data/dla-needed.txt
Log:
Summary: asterisk will need backporting
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt
Author: anarcat
Date: 2016-02-05 18:38:31 + (Fri, 05 Feb 2016)
New Revision: 39487
Modified:
data/CVE/list
Log:
Summary: more more patch and version information for asterisk
Modified: data/CVE/list
===
--- data/CVE/list
Author: anarcat
Date: 2016-02-05 18:14:43 + (Fri, 05 Feb 2016)
New Revision: 39486
Modified:
data/CVE/list
Log:
Summary: clarify vulnerable versions of asterisk
Modified: data/CVE/list
===
--- data/CVE/list 2016-02-05
Author: anarcat
Date: 2016-02-05 20:37:19 + (Fri, 05 Feb 2016)
New Revision: 39495
Modified:
data/CVE/list
Log:
Summary: no openid code vulnerable to CVE-2016-2049 found in Debian
Modified: data/CVE/list
===
---
Author: anarcat
Date: 2016-02-05 19:47:14 + (Fri, 05 Feb 2016)
New Revision: 39489
Modified:
data/CVE/list
data/dla-needed.txt
Log:
missed that asterisk is unsupported in squeeze
Modified: data/CVE/list
===
---
Author: anarcat
Date: 2016-02-05 20:15:33 + (Fri, 05 Feb 2016)
New Revision: 39494
Modified:
data/CVE/list
Log:
add todo for libxml, maybe we're not vulnerable like the previous one?
Modified: data/CVE/list
===
---
Author: anarcat
Date: 2016-02-05 20:04:29 + (Fri, 05 Feb 2016)
New Revision: 39492
Modified:
data/CVE/list
Log:
Summary: linkup more libmatroska and libebml issues
Modified: data/CVE/list
===
--- data/CVE/list
Author: anarcat
Date: 2016-02-05 21:20:36 + (Fri, 05 Feb 2016)
New Revision: 39497
Modified:
data/CVE/list
Log:
Summary: wheezy/squeeze do not have code vuln to CVE-2015-8793
Modified: data/CVE/list
===
--- data/CVE/list
===
--- data/dla-needed.txt 2016-02-05 19:47:14 UTC (rev 39489)
+++ data/dla-needed.txt 2016-02-05 19:51:10 UTC (rev 39490)
@@ -31,7 +31,7 @@
NOTE: I believe the referenced patch should fix this:
NOTE:
https://trac.gajim.org/changeset/af78b7c068904d78c5dfb802826aae99f26a8947/
--
-icu (Antoine
Author: anarcat
Date: 2016-02-05 21:26:01 + (Fri, 05 Feb 2016)
New Revision: 39498
Modified:
data/CVE/list
Log:
Summary: CVE-2015-8794 also not present in wheezy and squeeze
Modified: data/CVE/list
===
--- data/CVE/list
Author: anarcat
Date: 2016-02-05 19:52:24 + (Fri, 05 Feb 2016)
New Revision: 39491
Modified:
data/CVE/list
Log:
Summary: ffmpeg not supported in squeeze-lts
Modified: data/CVE/list
===
--- data/CVE/list 2016-02-05
Author: anarcat
Date: 2016-02-05 20:08:10 + (Fri, 05 Feb 2016)
New Revision: 39493
Modified:
data/CVE/list
Log:
Summary: i thought matroska was affected by two more CVEs, it is not,
only libebml
Modified: data/CVE/list
===
UTC (rev 39610)
+++ data/dla-needed.txt 2016-02-11 19:12:39 UTC (rev 39611)
@@ -12,9 +12,9 @@
cakephp
NOTE: 20160123, No official solution is currently available.
--
-chrony (antoine beaupré)
- NOTE: maintainer wants to take care of it in week 05
- NOTE: https://lists.debian.org/debian-lts
)
@@ -37,9 +37,6 @@
--
krb5 (Thorsten Alteholz)
--
-libraw (antoine beaupré)
- NOTE: libraw is not affected, but copies in other packages need to be
checked, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806809
---
lxc (Mike Gabriel)
NOTE: waiting for upstream feedback:
https
Author: anarcat
Date: 2016-02-11 19:34:44 + (Thu, 11 Feb 2016)
New Revision: 39612
Modified:
data/CVE/list
Log:
Summary: some research on the tiff issues
Modified: data/CVE/list
===
--- data/CVE/list 2016-02-11
Author: anarcat
Date: 2016-02-11 20:34:46 + (Thu, 11 Feb 2016)
New Revision: 39615
Modified:
data/CVE/list
Log:
Summary: darktable does the right thing and links against libraw now,
previous versions were using libraw 1.4, which is not vulnerable
Modified: data/CVE/list
Author: anarcat
Date: 2016-01-29 17:16:08 + (Fri, 29 Jan 2016)
New Revision: 39302
Modified:
data/CVE/list
Log:
Summary: clarify why we ignore 2015-3197
Modified: data/CVE/list
===
--- data/CVE/list 2016-01-29 17:05:09
Author: anarcat
Date: 2016-02-01 22:20:54 + (Mon, 01 Feb 2016)
New Revision: 39405
Modified:
data/CVE/list
Log:
fixup: add link to openssh thread to explain better
Modified: data/CVE/list
===
--- data/CVE/list
Author: anarcat
Date: 2016-02-01 22:19:32 + (Mon, 01 Feb 2016)
New Revision: 39404
Modified:
data/CVE/list
data/dla-needed.txt
Log:
mark the openssh issue as solved, as with wheezy and jessie
it is not worth trying to reproduce it in squeeze if we disable untrusted
connexions by
Author: anarcat
Date: 2016-02-03 20:18:55 + (Wed, 03 Feb 2016)
New Revision: 39438
Modified:
data/dla-needed.txt
Log:
Summary: explain libraw better
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-02-03
Author: anarcat
Date: 2016-01-30 17:08:02 + (Sat, 30 Jan 2016)
New Revision: 39352
Modified:
data/CVE/list
Log:
patches for CVE-2016-0494 and CVE-CVE-2015-4844 were reversed
f556d4c82ef1 appeared later than dbb4e2bdfa9e and the latter is refered to in
the redhat Bug
UTC (rev 39354)
+++ data/dla-needed.txt 2016-01-30 19:02:15 UTC (rev 39355)
@@ -70,7 +70,7 @@
php5 (Thorsten Alteholz)
NOTE: next upload end of December
--
-phpmyadmin
+phpmyadmin (Antoine Beaupré)
--
prosody
NOTE: affected code in core/s2smanager.lua
UTC (rev 39352)
+++ data/dla-needed.txt 2016-01-30 18:01:31 UTC (rev 39353)
@@ -35,7 +35,7 @@
--
gosa (Mike Gabriel)
--
-icu
+icu (Antoine Beaupré)
NOTE: check comments on CVE-2016-0494 as well
--
imagemagick
___
Secure-testing-commits mailing
UTC (rev 39356)
@@ -70,8 +70,6 @@
php5 (Thorsten Alteholz)
NOTE: next upload end of December
--
-phpmyadmin (Antoine Beaupré)
---
prosody
NOTE: affected code in core/s2smanager.lua
--
___
Secure-testing-commits mailing list
Secure-testing
Author: anarcat
Date: 2016-01-30 20:04:08 + (Sat, 30 Jan 2016)
New Revision: 39357
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-407-1 for prosody
Modified: data/DLA/list
===
--- data/DLA/list
Author: anarcat
Date: 2016-01-30 22:58:39 + (Sat, 30 Jan 2016)
New Revision: 39360
Modified:
data/CVE/list
Log:
prosody and phpmyadmin updates
Modified: data/CVE/list
===
--- data/CVE/list 2016-01-30 22:48:49 UTC (rev
Author: anarcat
Date: 2016-01-30 23:05:27 + (Sat, 30 Jan 2016)
New Revision: 39361
Modified:
data/CVE/list
Log:
Summary: link to packages for icu
Modified: data/CVE/list
===
--- data/CVE/list 2016-01-30 22:58:39 UTC
Author: anarcat
Date: 2016-02-02 14:21:00 + (Tue, 02 Feb 2016)
New Revision: 39411
Modified:
data/CVE/list
data/dla-needed.txt
Log:
mark CVE-2011-5325 as no-dsa, like wheezy and squeeze
also remove busybox from dla-needed, reviewed by chris lamb
Modified: data/CVE/list
Author: anarcat
Date: 2016-01-29 21:01:23 + (Fri, 29 Jan 2016)
New Revision: 39309
Modified:
data/CVE/list
Log:
Summary: can't reproduce cpio vuln, add details of openssh
Modified: data/CVE/list
===
--- data/CVE/list
Author: anarcat
Date: 2016-02-12 23:08:22 + (Fri, 12 Feb 2016)
New Revision: 39639
Modified:
data/CVE/list
Log:
mark openid as n-a
after discussion with reporter, it affects only the sample code and no
other vulnerable code was found after a summary search on
codesearch.debian.net
Author: anarcat
Date: 2016-02-12 20:45:45 + (Fri, 12 Feb 2016)
New Revision: 39635
Modified:
data/dla-needed.txt
Log:
take on chrony again
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-02-12 15:59:20 UTC (rev
Author: anarcat
Date: 2016-02-12 20:53:58 + (Fri, 12 Feb 2016)
New Revision: 39636
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-414-1 for chrony
Modified: data/DLA/list
===
--- data/DLA/list
:30:12 UTC (rev 39606)
+++ data/dla-needed.txt 2016-02-11 17:00:17 UTC (rev 39607)
@@ -12,7 +12,7 @@
cakephp
NOTE: 20160123, No official solution is currently available.
--
-chrony
+chrony (antoine beaupré)
NOTE: maintainer wants to take care of it in week 05
NOTE: https
Author: anarcat
Date: 2016-03-29 16:28:13 + (Tue, 29 Mar 2016)
New Revision: 40633
Modified:
data/CVE/list
Log:
Summary: CVE-2015-7575 not on wheezy / nss
Modified: data/CVE/list
===
--- data/CVE/list 2016-03-29
Author: anarcat
Date: 2016-03-29 15:38:02 + (Tue, 29 Mar 2016)
New Revision: 40631
Modified:
data/CVE/list
Log:
Summary: clarify NSS patches for CVE-2015-7575
Modified: data/CVE/list
===
--- data/CVE/list 2016-03-29
<ch...@chris-lamb.co.uk>
-From 13-06 to 19-06:Antoine Beaupré <anar...@anarc.at>
+From 13-06 to 19-06:
From 20-06 to 26-06:Thorsten Alteholz <alteh...@debian.org>
From 27-06 to 03-07:
From 04-07 to 10-07:Chris Lamb <ch...@chris-lamb.co.uk>
__
===
--- data/dla-needed.txt 2016-05-18 18:33:54 UTC (rev 41863)
+++ data/dla-needed.txt 2016-05-18 18:45:42 UTC (rev 41864)
@@ -78,9 +78,6 @@
--
php5 (Thorsten Alteholz)
--
-phpmyadmin (Antoine Beaupré)
- NOTE: anarcat already prepared a package:
https://lists.debian.org/debian-lts/2016/04/msg00086
Author: anarcat
Date: 2016-05-17 20:31:34 + (Tue, 17 May 2016)
New Revision: 41818
Modified:
data/CVE/list
Log:
Summary: mark openjdk-6 issues as EOL
Modified: data/CVE/list
===
--- data/CVE/list 2016-05-17 20:05:23
Author: anarcat
Date: 2016-05-17 16:13:46 + (Tue, 17 May 2016)
New Revision: 41807
Modified:
data/CVE/list
Log:
xen was affected by two more CVEs, but mark no-dsa because it's
non-default config
Modified: data/CVE/list
===
Author: anarcat
Date: 2016-05-18 16:11:37 + (Wed, 18 May 2016)
New Revision: 41841
Modified:
data/CVE/list
Log:
Summary: keystone CVE only in stretch/sid
Modified: data/CVE/list
===
--- data/CVE/list 2016-05-18
Author: anarcat
Date: 2016-05-18 16:03:33 + (Wed, 18 May 2016)
New Revision: 41840
Modified:
data/dla-needed.txt
Log:
Summary: triage xen as dla-needed
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-18
(rev 41853)
+++ data/dla-needed.txt 2016-05-18 17:42:26 UTC (rev 41854)
@@ -64,7 +64,7 @@
--
mxml
--
-nss (Guido Günther)
+nss (Antoine Beaupré)
--
ntp
NOTE: maintainer wants to upload package (as done before)
___
Secure-testing-commits mailing list
--
-nss (Antoine Beaupré)
---
ntp
NOTE: maintainer wants to upload package (as done before)
NOTE: <20160213161710.ga9...@roeckx.be>
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debi
Author: anarcat
Date: 2016-05-18 17:52:22 + (Wed, 18 May 2016)
New Revision: 41858
Modified:
doc/DLA.template
Log:
Summary: add common boilerplate
Modified: doc/DLA.template
===
--- doc/DLA.template2016-05-18 17:46:36
Author: anarcat
Date: 2016-05-18 18:08:19 + (Wed, 18 May 2016)
New Revision: 41861
Modified:
data/dla-needed.txt
Log:
Summary: update ntp status
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-05-18 18:08:04
Author: anarcat
Date: 2016-05-03 17:07:30 + (Tue, 03 May 2016)
New Revision: 41387
Modified:
data/CVE/list
Log:
Summary: atheme fixes in sid
Modified: data/CVE/list
===
--- data/CVE/list 2016-05-03 16:21:22 UTC (rev
Author: anarcat
Date: 2016-04-14 23:39:21 + (Thu, 14 Apr 2016)
New Revision: 40946
Modified:
data/CVE/list
Log:
update some PMA advisory statuses
Modified: data/CVE/list
===
--- data/CVE/list 2016-04-14 23:17:07 UTC
ris Lamb <ch...@chris-lamb.co.uk>
-From 16-05 to 22-05:
+From 16-05 to 22-05:Antoine Beaupré <anar...@anarc.at>
From 23-05 to 29-05:
From 30-05 to 05-06:
From 06-06 to 12-06:Chris Lamb <ch...@chris-lamb.co.uk>
-From 13-06 to 19-06:
+From 13-06 to 19-06:Antoine Beaupré <anar...@anar
Author: anarcat
Date: 2016-04-21 15:21:50 + (Thu, 21 Apr 2016)
New Revision: 41039
Modified:
data/CVE/list
Log:
Summary: CVE-2016-2045: not-affected
Modified: data/CVE/list
===
--- data/CVE/list 2016-04-21 15:17:30 UTC
Author: anarcat
Date: 2016-04-21 15:24:48 + (Thu, 21 Apr 2016)
New Revision: 41040
Modified:
data/CVE/list
Log:
Summary: it's 2044, not 2045, and same for 2043
Modified: data/CVE/list
===
--- data/CVE/list 2016-04-21
Author: anarcat
Date: 2016-04-21 15:44:08 + (Thu, 21 Apr 2016)
New Revision: 41041
Modified:
data/CVE/list
Log:
Summary: clarify status of CVE-2016-2039 (SNAFU) and CVE-2016-2042
(introduced with 2039)
Modified: data/CVE/list
Author: anarcat
Date: 2017-01-31 15:31:12 + (Tue, 31 Jan 2017)
New Revision: 48611
Modified:
data/CVE/list
Log:
use issued CVE ID for claibre bug #853004
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-31
-needed.txt 2017-01-23 21:55:37 UTC (rev 48311)
+++ data/dla-needed.txt 2017-01-23 22:07:02 UTC (rev 48312)
@@ -10,8 +10,9 @@
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
-apache2 (Antoine Beaupré)
+apache2
NOTE: update needs testing in
https://lists.debian.org/87fukh7hcq
===
--- data/dla-needed.txt 2017-01-23 22:07:02 UTC (rev 48312)
+++ data/dla-needed.txt 2017-01-23 22:23:27 UTC (rev 48313)
@@ -106,10 +106,6 @@
--
slurm-llnl
--
-tiff (Antoine Beaupré)
- NOTE: Please work in the git repo accessible to all DD (branch master-wheezy):
- NOTE
Author: anarcat
Date: 2017-01-28 20:09:18 + (Sat, 28 Jan 2017)
New Revision: 48485
Modified:
data/CVE/list
Log:
document bug #787085 affecting calibre
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-28 20:04:06
Author: anarcat
Date: 2017-01-29 17:28:33 + (Sun, 29 Jan 2017)
New Revision: 48535
Modified:
data/CVE/list
Log:
link to calibre CVE request
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-29 17:19:07 UTC (rev
Author: anarcat
Date: 2017-01-29 15:44:17 + (Sun, 29 Jan 2017)
New Revision: 48528
Modified:
data/CVE/list
Log:
add new calibre issue (bug #853004)
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-29 15:38:16 UTC
Author: anarcat
Date: 2017-01-29 16:48:50 + (Sun, 29 Jan 2017)
New Revision: 48530
Modified:
data/CVE/list
Log:
CVE requested for calibre
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-29 15:51:54 UTC (rev
Author: anarcat
Date: 2017-02-20 15:53:18 + (Mon, 20 Feb 2017)
New Revision: 49069
Modified:
data/CVE/list
Log:
clarify N/A for jessie/atheme
Modified: data/CVE/list
===
--- data/CVE/list 2017-02-20 15:03:59 UTC (rev
Author: anarcat
Date: 2017-02-20 14:48:25 + (Mon, 20 Feb 2017)
New Revision: 49067
Modified:
data/CVE/list
Log:
add atheme security issue
Modified: data/CVE/list
===
--- data/CVE/list 2017-02-20 07:33:35 UTC (rev
Author: anarcat
Date: 2017-02-20 15:03:59 + (Mon, 20 Feb 2017)
New Revision: 49068
Modified:
data/CVE/list
Log:
jessie is not affected by latest atheme issues
Modified: data/CVE/list
===
--- data/CVE/list 2017-02-20
Author: anarcat
Date: 2017-02-20 20:33:22 + (Mon, 20 Feb 2017)
New Revision: 49081
Modified:
data/dla-needed.txt
Log:
get on with apache2 again
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-02-20 20:01:03
Author: anarcat
Date: 2017-02-20 22:06:49 + (Mon, 20 Feb 2017)
New Revision: 49087
Modified:
data/dla-needed.txt
Log:
take on php5
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-02-20 21:54:05 UTC (rev
Author: anarcat
Date: 2017-02-20 22:22:04 + (Mon, 20 Feb 2017)
New Revision: 49088
Modified:
data/CVE/list
data/dla-needed.txt
Log:
unassign php5, note backported patch and suggest waiting for further issues
Modified: data/CVE/list
===
--- data/dla-needed.txt 2017-01-17 18:24:13 UTC (rev 48134)
+++ data/dla-needed.txt 2017-01-17 18:57:48 UTC (rev 48135)
@@ -11,13 +11,7 @@
--
apache2 (Antoine Beaupré)
- NOTE: The upstream change includes a new configuration option. This have to
- NOTE: be mentioned very clearly
Author: anarcat
Date: 2017-01-17 20:24:09 + (Tue, 17 Jan 2017)
New Revision: 48138
Modified:
data/DSA/list
Log:
remove CVE-2016-9535 from DSA-3762-1
as the fix was not actually shipped with the release, as the patch was
misdocumented
Modified: data/DSA/list
)
+++ data/dla-needed.txt 2017-01-16 18:13:37 UTC (rev 48109)
@@ -23,7 +23,7 @@
chicken
NOTE: I would set this as like in Jessie, but please recheck
--
-graphicsmagick
+graphicsmagick (Antoine Beaupré)
NOTE: seems only a single memory/CPU DOS at this point, maybe wait for more
issues
48105)
+++ data/dla-needed.txt 2017-01-16 18:02:15 UTC (rev 48106)
@@ -45,7 +45,7 @@
NOTE: Upstream should provide new point-releases fixing open security issues
in the next months.
NOTE: Lots of CVEs are open, this is going to take some time. (See
debian-lts ML)
--
-libical
+libical (Antoine
ML)
--
-libical (Antoine Beaupré)
+libical
+ NOTE: issues still unfixed upstream (2017-01-16)
--
libphp-swiftmailer (Markus Koschany)
NOTE: According to the release note this is a critial vulnerability so it
___
Secure-testing-commits mailing
Author: anarcat
Date: 2017-01-16 18:08:18 + (Mon, 16 Jan 2017)
New Revision: 48107
Modified:
data/CVE/list
Log:
assign temporary descriptions to libical issues
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-16
Author: anarcat
Date: 2017-01-16 19:53:58 + (Mon, 16 Jan 2017)
New Revision: 48111
Modified:
data/CVE/list
Log:
make CVE-2016-9830 as no-dsa on wheezy, add details about fix
Modified: data/CVE/list
===
--- data/CVE/list
22:09:09 UTC (rev 48121)
+++ data/dla-needed.txt 2017-01-16 23:00:07 UTC (rev 48122)
@@ -10,13 +10,14 @@
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
-apache2
+apache2 (Antoine Beaupré)
NOTE: The upstream change includes a new configuration option. This have
Author: anarcat
Date: 2017-01-18 21:26:43 + (Wed, 18 Jan 2017)
New Revision: 48170
Modified:
data/CVE/list
Log:
fix typo
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-18 21:21:00 UTC (rev 48169)
+++
Author: anarcat
Date: 2017-01-18 20:55:13 + (Wed, 18 Jan 2017)
New Revision: 48167
Modified:
data/CVE/list
Log:
note that CVE-2016-10095 seenms already fixed
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-18
Author: anarcat
Date: 2017-01-18 20:25:04 + (Wed, 18 Jan 2017)
New Revision: 48166
Modified:
data/CVE/list
Log:
CVE-2016-10094 n/a in wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-18 16:29:31 UTC (rev
Author: anarcat
Date: 2017-01-18 21:32:39 + (Wed, 18 Jan 2017)
New Revision: 48171
Modified:
data/CVE/list
Log:
remove wheezy no-dsa tags on tiff issues fixed in jessie
Modified: data/CVE/list
===
--- data/CVE/list
Author: anarcat
Date: 2017-01-18 21:33:59 + (Wed, 18 Jan 2017)
New Revision: 48173
Modified:
data/CVE/list
Log:
forgot another wheezy tiff issue
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-18 21:33:54 UTC
Author: anarcat
Date: 2017-01-18 21:36:53 + (Wed, 18 Jan 2017)
New Revision: 48174
Modified:
data/CVE/list
Log:
add patch for tiff bug #846837
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-18 21:33:59 UTC (rev
Author: anarcat
Date: 2017-01-19 20:09:49 + (Thu, 19 Jan 2017)
New Revision: 48202
Modified:
data/CVE/list
Log:
can't reproduce CVE-2016-3625 in wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-19 19:46:56
Author: anarcat
Date: 2017-02-28 15:38:27 + (Tue, 28 Feb 2017)
New Revision: 49295
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-841-1 for apache2
Modified: data/DLA/list
===
--- data/DLA/list
Author: anarcat
Date: 2017-02-28 15:17:18 + (Tue, 28 Feb 2017)
New Revision: 49293
Modified:
data/dla-needed.txt
Log:
take on kgb
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-02-28 14:00:56 UTC (rev 49292)
Author: anarcat
Date: 2017-02-28 16:07:02 + (Tue, 28 Feb 2017)
New Revision: 49302
Modified:
data/CVE/list
data/dla-needed.txt
Log:
mark kgb-bot as no-dsa in wheezy
after a review of the issue, i couldn't find a simple fixed
the issue is also quite old and hasn't seen movement
Author: anarcat
Date: 2016-09-05 23:31:14 + (Mon, 05 Sep 2016)
New Revision: 44353
Modified:
data/CVE/list
Log:
Summary: CVEs issued for SASL ircd bugs
Modified: data/CVE/list
===
--- data/CVE/list 2016-09-05 23:17:19
Author: anarcat
Date: 2016-09-05 23:34:10 + (Mon, 05 Sep 2016)
New Revision: 44354
Modified:
data/CVE/list
Log:
Summary: add CVE for nefarious
Modified: data/CVE/list
===
--- data/CVE/list 2016-09-05 23:31:14 UTC (rev
1 - 100 of 304 matches
Mail list logo