[Secure-testing-commits] r20866 - data/CVE

2013-01-09 Thread Antoine Beaupré
Author: anarcat Date: 2013-01-09 17:11:21 + (Wed, 09 Jan 2013) New Revision: 20866 Modified: data/CVE/list Log: rails 2.3 (so all of the rails package) is not affected by CVE-2013-0155 Modified: data/CVE/list === ---

[Secure-testing-commits] r38180 - data

2015-12-08 Thread Antoine Beaupré
:16:19 UTC (rev 38179) +++ data/dla-needed.txt 2015-12-09 02:01:06 UTC (rev 38180) @@ -44,7 +44,7 @@ -- quassel (Scott K) -- -redmine +redmine (Antoine Beaupré) -- squid NOTE: CVE-2015-5400: Fix is hard to backport, and default configuration is not affected

[Secure-testing-commits] r38181 - data/CVE

2015-12-08 Thread Antoine Beaupré
Author: anarcat Date: 2015-12-09 02:19:10 + (Wed, 09 Dec 2015) New Revision: 38181 Modified: data/CVE/list Log: add links to more patches in redmine issues Modified: data/CVE/list === --- data/CVE/list 2015-12-09

[Secure-testing-commits] r38231 - data/CVE

2015-12-11 Thread Antoine Beaupré
Author: anarcat Date: 2015-12-11 20:06:23 + (Fri, 11 Dec 2015) New Revision: 38231 Modified: data/CVE/list Log: update status of some redmine issues Modified: data/CVE/list === --- data/CVE/list 2015-12-11 17:30:43 UTC

[Secure-testing-commits] r38733 - data

2016-01-06 Thread Antoine Beaupré
Author: anarcat Date: 2016-01-06 16:25:43 + (Wed, 06 Jan 2016) New Revision: 38733 Modified: data/dla-needed.txt Log: xscreensaver mistakenly added to DLA Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-01-06

[Secure-testing-commits] r38595 - data/CVE

2015-12-29 Thread Antoine Beaupré
Author: anarcat Date: 2015-12-29 19:36:06 + (Tue, 29 Dec 2015) New Revision: 38595 Modified: data/CVE/list Log: Summary: CVE-2015-8537 not in squeeze Modified: data/CVE/list === --- data/CVE/list 2015-12-29 08:46:13

[Secure-testing-commits] r38597 - data/CVE

2015-12-29 Thread Antoine Beaupré
Author: anarcat Date: 2015-12-29 21:31:55 + (Tue, 29 Dec 2015) New Revision: 38597 Modified: data/CVE/list Log: Summary: update status of 2012 redmine issues Modified: data/CVE/list === --- data/CVE/list 2015-12-29

[Secure-testing-commits] r38626 - data/CVE

2015-12-31 Thread Antoine Beaupré
Author: anarcat Date: 2015-12-31 22:26:35 + (Thu, 31 Dec 2015) New Revision: 38626 Modified: data/CVE/list Log: Summary: crossref ganeti issues Modified: data/CVE/list === --- data/CVE/list 2015-12-31 21:10:11 UTC (rev

[Secure-testing-commits] r38624 - data

2015-12-31 Thread Antoine Beaupré
=== --- data/dla-needed.txt 2015-12-31 20:17:56 UTC (rev 38623) +++ data/dla-needed.txt 2015-12-31 20:57:51 UTC (rev 38624) @@ -49,8 +49,6 @@ -- quassel (Scott K) -- -redmine (Antoine Beaupré) --- samba (Santiago R.R.) -- srtp (Thorsten Alteholz) ___ Secure

[Secure-testing-commits] r38623 - data/CVE

2015-12-31 Thread Antoine Beaupré
Author: anarcat Date: 2015-12-31 20:17:56 + (Thu, 31 Dec 2015) New Revision: 38623 Modified: data/CVE/list Log: Summary: close all issues in redmine for LTS as it's unsupported this should really be automated, as i spent hours working on those patches only to discover it wasn't supported

[Secure-testing-commits] r38719 - data

2016-01-05 Thread Antoine Beaupré
Author: anarcat Date: 2016-01-05 20:15:25 + (Tue, 05 Jan 2016) New Revision: 38719 Modified: data/dla-needed.txt data/dsa-needed.txt Log: self-assign xscreensaver Modified: data/dla-needed.txt === --- data/dla-needed.txt

[Secure-testing-commits] r37896 - data/DLA

2015-11-25 Thread Antoine Beaupré
Author: anarcat Date: 2015-11-25 16:37:24 + (Wed, 25 Nov 2015) New Revision: 37896 Modified: data/DLA/list Log: Reserve DLA-348-1 for smokeping Modified: data/DLA/list === --- data/DLA/list 2015-11-25 16:29:07 UTC (rev

[Secure-testing-commits] r37937 - in data: CVE DLA

2015-11-26 Thread Antoine Beaupré
Author: anarcat Date: 2015-11-26 21:59:14 + (Thu, 26 Nov 2015) New Revision: 37937 Modified: data/CVE/list data/DLA/list Log: squeeze is not vulnerable to CVE-2015-0859 Modified: data/CVE/list === --- data/CVE/list

[Secure-testing-commits] r42166 - data/DLA

2016-05-30 Thread Antoine Beaupré
Author: anarcat Date: 2016-05-30 18:35:17 + (Mon, 30 May 2016) New Revision: 42166 Modified: data/DLA/list Log: Summary: fix PMA version Modified: data/DLA/list === --- data/DLA/list 2016-05-30 18:11:04 UTC (rev 42165)

[Secure-testing-commits] r42161 - data/DLA

2016-05-30 Thread Antoine Beaupré
Author: anarcat Date: 2016-05-30 17:55:33 + (Mon, 30 May 2016) New Revision: 42161 Modified: data/DLA/list Log: Reserve DLA-481-2 for phpmyadmin Modified: data/DLA/list === --- data/DLA/list 2016-05-30 17:54:28 UTC (rev

[Secure-testing-commits] r39485 - data/CVE

2016-02-05 Thread Antoine Beaupré
Author: anarcat Date: 2016-02-05 18:11:37 + (Fri, 05 Feb 2016) New Revision: 39485 Modified: data/CVE/list Log: Summary: also postponed mysql 5.5 update for the next oracle CPU Modified: data/CVE/list === --- data/CVE/list

[Secure-testing-commits] r39488 - data

2016-02-05 Thread Antoine Beaupré
Author: anarcat Date: 2016-02-05 18:39:28 + (Fri, 05 Feb 2016) New Revision: 39488 Modified: data/dla-needed.txt Log: Summary: asterisk will need backporting Modified: data/dla-needed.txt === --- data/dla-needed.txt

[Secure-testing-commits] r39487 - data/CVE

2016-02-05 Thread Antoine Beaupré
Author: anarcat Date: 2016-02-05 18:38:31 + (Fri, 05 Feb 2016) New Revision: 39487 Modified: data/CVE/list Log: Summary: more more patch and version information for asterisk Modified: data/CVE/list === --- data/CVE/list

[Secure-testing-commits] r39486 - data/CVE

2016-02-05 Thread Antoine Beaupré
Author: anarcat Date: 2016-02-05 18:14:43 + (Fri, 05 Feb 2016) New Revision: 39486 Modified: data/CVE/list Log: Summary: clarify vulnerable versions of asterisk Modified: data/CVE/list === --- data/CVE/list 2016-02-05

[Secure-testing-commits] r39495 - data/CVE

2016-02-05 Thread Antoine Beaupré
Author: anarcat Date: 2016-02-05 20:37:19 + (Fri, 05 Feb 2016) New Revision: 39495 Modified: data/CVE/list Log: Summary: no openid code vulnerable to CVE-2016-2049 found in Debian Modified: data/CVE/list === ---

[Secure-testing-commits] r39489 - in data: . CVE

2016-02-05 Thread Antoine Beaupré
Author: anarcat Date: 2016-02-05 19:47:14 + (Fri, 05 Feb 2016) New Revision: 39489 Modified: data/CVE/list data/dla-needed.txt Log: missed that asterisk is unsupported in squeeze Modified: data/CVE/list === ---

[Secure-testing-commits] r39494 - data/CVE

2016-02-05 Thread Antoine Beaupré
Author: anarcat Date: 2016-02-05 20:15:33 + (Fri, 05 Feb 2016) New Revision: 39494 Modified: data/CVE/list Log: add todo for libxml, maybe we're not vulnerable like the previous one? Modified: data/CVE/list === ---

[Secure-testing-commits] r39492 - data/CVE

2016-02-05 Thread Antoine Beaupré
Author: anarcat Date: 2016-02-05 20:04:29 + (Fri, 05 Feb 2016) New Revision: 39492 Modified: data/CVE/list Log: Summary: linkup more libmatroska and libebml issues Modified: data/CVE/list === --- data/CVE/list

[Secure-testing-commits] r39497 - data/CVE

2016-02-05 Thread Antoine Beaupré
Author: anarcat Date: 2016-02-05 21:20:36 + (Fri, 05 Feb 2016) New Revision: 39497 Modified: data/CVE/list Log: Summary: wheezy/squeeze do not have code vuln to CVE-2015-8793 Modified: data/CVE/list === --- data/CVE/list

[Secure-testing-commits] r39490 - data

2016-02-05 Thread Antoine Beaupré
=== --- data/dla-needed.txt 2016-02-05 19:47:14 UTC (rev 39489) +++ data/dla-needed.txt 2016-02-05 19:51:10 UTC (rev 39490) @@ -31,7 +31,7 @@ NOTE: I believe the referenced patch should fix this: NOTE: https://trac.gajim.org/changeset/af78b7c068904d78c5dfb802826aae99f26a8947/ -- -icu (Antoine

[Secure-testing-commits] r39498 - data/CVE

2016-02-05 Thread Antoine Beaupré
Author: anarcat Date: 2016-02-05 21:26:01 + (Fri, 05 Feb 2016) New Revision: 39498 Modified: data/CVE/list Log: Summary: CVE-2015-8794 also not present in wheezy and squeeze Modified: data/CVE/list === --- data/CVE/list

[Secure-testing-commits] r39491 - data/CVE

2016-02-05 Thread Antoine Beaupré
Author: anarcat Date: 2016-02-05 19:52:24 + (Fri, 05 Feb 2016) New Revision: 39491 Modified: data/CVE/list Log: Summary: ffmpeg not supported in squeeze-lts Modified: data/CVE/list === --- data/CVE/list 2016-02-05

[Secure-testing-commits] r39493 - data/CVE

2016-02-05 Thread Antoine Beaupré
Author: anarcat Date: 2016-02-05 20:08:10 + (Fri, 05 Feb 2016) New Revision: 39493 Modified: data/CVE/list Log: Summary: i thought matroska was affected by two more CVEs, it is not, only libebml Modified: data/CVE/list ===

[Secure-testing-commits] r39611 - data

2016-02-11 Thread Antoine Beaupré
UTC (rev 39610) +++ data/dla-needed.txt 2016-02-11 19:12:39 UTC (rev 39611) @@ -12,9 +12,9 @@ cakephp NOTE: 20160123, No official solution is currently available. -- -chrony (antoine beaupré) - NOTE: maintainer wants to take care of it in week 05 - NOTE: https://lists.debian.org/debian-lts

[Secure-testing-commits] r39614 - in data: . CVE

2016-02-11 Thread Antoine Beaupré
) @@ -37,9 +37,6 @@ -- krb5 (Thorsten Alteholz) -- -libraw (antoine beaupré) - NOTE: libraw is not affected, but copies in other packages need to be checked, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806809 --- lxc (Mike Gabriel) NOTE: waiting for upstream feedback: https

[Secure-testing-commits] r39612 - data/CVE

2016-02-11 Thread Antoine Beaupré
Author: anarcat Date: 2016-02-11 19:34:44 + (Thu, 11 Feb 2016) New Revision: 39612 Modified: data/CVE/list Log: Summary: some research on the tiff issues Modified: data/CVE/list === --- data/CVE/list 2016-02-11

[Secure-testing-commits] r39615 - data/CVE

2016-02-11 Thread Antoine Beaupré
Author: anarcat Date: 2016-02-11 20:34:46 + (Thu, 11 Feb 2016) New Revision: 39615 Modified: data/CVE/list Log: Summary: darktable does the right thing and links against libraw now, previous versions were using libraw 1.4, which is not vulnerable Modified: data/CVE/list

[Secure-testing-commits] r39302 - data/CVE

2016-01-29 Thread Antoine Beaupré
Author: anarcat Date: 2016-01-29 17:16:08 + (Fri, 29 Jan 2016) New Revision: 39302 Modified: data/CVE/list Log: Summary: clarify why we ignore 2015-3197 Modified: data/CVE/list === --- data/CVE/list 2016-01-29 17:05:09

[Secure-testing-commits] r39405 - data/CVE

2016-02-01 Thread Antoine Beaupré
Author: anarcat Date: 2016-02-01 22:20:54 + (Mon, 01 Feb 2016) New Revision: 39405 Modified: data/CVE/list Log: fixup: add link to openssh thread to explain better Modified: data/CVE/list === --- data/CVE/list

[Secure-testing-commits] r39404 - in data: . CVE

2016-02-01 Thread Antoine Beaupré
Author: anarcat Date: 2016-02-01 22:19:32 + (Mon, 01 Feb 2016) New Revision: 39404 Modified: data/CVE/list data/dla-needed.txt Log: mark the openssh issue as solved, as with wheezy and jessie it is not worth trying to reproduce it in squeeze if we disable untrusted connexions by

[Secure-testing-commits] r39438 - data

2016-02-03 Thread Antoine Beaupré
Author: anarcat Date: 2016-02-03 20:18:55 + (Wed, 03 Feb 2016) New Revision: 39438 Modified: data/dla-needed.txt Log: Summary: explain libraw better Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-02-03

[Secure-testing-commits] r39352 - data/CVE

2016-01-30 Thread Antoine Beaupré
Author: anarcat Date: 2016-01-30 17:08:02 + (Sat, 30 Jan 2016) New Revision: 39352 Modified: data/CVE/list Log: patches for CVE-2016-0494 and CVE-CVE-2015-4844 were reversed f556d4c82ef1 appeared later than dbb4e2bdfa9e and the latter is refered to in the redhat Bug

[Secure-testing-commits] r39355 - data

2016-01-30 Thread Antoine Beaupré
UTC (rev 39354) +++ data/dla-needed.txt 2016-01-30 19:02:15 UTC (rev 39355) @@ -70,7 +70,7 @@ php5 (Thorsten Alteholz) NOTE: next upload end of December -- -phpmyadmin +phpmyadmin (Antoine Beaupré) -- prosody NOTE: affected code in core/s2smanager.lua

[Secure-testing-commits] r39353 - data

2016-01-30 Thread Antoine Beaupré
UTC (rev 39352) +++ data/dla-needed.txt 2016-01-30 18:01:31 UTC (rev 39353) @@ -35,7 +35,7 @@ -- gosa (Mike Gabriel) -- -icu +icu (Antoine Beaupré) NOTE: check comments on CVE-2016-0494 as well -- imagemagick ___ Secure-testing-commits mailing

[Secure-testing-commits] r39356 - in data: . DLA

2016-01-30 Thread Antoine Beaupré
UTC (rev 39356) @@ -70,8 +70,6 @@ php5 (Thorsten Alteholz) NOTE: next upload end of December -- -phpmyadmin (Antoine Beaupré) --- prosody NOTE: affected code in core/s2smanager.lua -- ___ Secure-testing-commits mailing list Secure-testing

[Secure-testing-commits] r39357 - in data: . DLA

2016-01-30 Thread Antoine Beaupré
Author: anarcat Date: 2016-01-30 20:04:08 + (Sat, 30 Jan 2016) New Revision: 39357 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-407-1 for prosody Modified: data/DLA/list === --- data/DLA/list

[Secure-testing-commits] r39360 - data/CVE

2016-01-30 Thread Antoine Beaupré
Author: anarcat Date: 2016-01-30 22:58:39 + (Sat, 30 Jan 2016) New Revision: 39360 Modified: data/CVE/list Log: prosody and phpmyadmin updates Modified: data/CVE/list === --- data/CVE/list 2016-01-30 22:48:49 UTC (rev

[Secure-testing-commits] r39361 - data/CVE

2016-01-30 Thread Antoine Beaupré
Author: anarcat Date: 2016-01-30 23:05:27 + (Sat, 30 Jan 2016) New Revision: 39361 Modified: data/CVE/list Log: Summary: link to packages for icu Modified: data/CVE/list === --- data/CVE/list 2016-01-30 22:58:39 UTC

[Secure-testing-commits] r39411 - in data: . CVE

2016-02-02 Thread Antoine Beaupré
Author: anarcat Date: 2016-02-02 14:21:00 + (Tue, 02 Feb 2016) New Revision: 39411 Modified: data/CVE/list data/dla-needed.txt Log: mark CVE-2011-5325 as no-dsa, like wheezy and squeeze also remove busybox from dla-needed, reviewed by chris lamb Modified: data/CVE/list

[Secure-testing-commits] r39309 - data/CVE

2016-01-29 Thread Antoine Beaupré
Author: anarcat Date: 2016-01-29 21:01:23 + (Fri, 29 Jan 2016) New Revision: 39309 Modified: data/CVE/list Log: Summary: can't reproduce cpio vuln, add details of openssh Modified: data/CVE/list === --- data/CVE/list

[Secure-testing-commits] r39639 - data/CVE

2016-02-12 Thread Antoine Beaupré
Author: anarcat Date: 2016-02-12 23:08:22 + (Fri, 12 Feb 2016) New Revision: 39639 Modified: data/CVE/list Log: mark openid as n-a after discussion with reporter, it affects only the sample code and no other vulnerable code was found after a summary search on codesearch.debian.net

[Secure-testing-commits] r39635 - data

2016-02-12 Thread Antoine Beaupré
Author: anarcat Date: 2016-02-12 20:45:45 + (Fri, 12 Feb 2016) New Revision: 39635 Modified: data/dla-needed.txt Log: take on chrony again Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-02-12 15:59:20 UTC (rev

[Secure-testing-commits] r39636 - in data: . DLA

2016-02-12 Thread Antoine Beaupré
Author: anarcat Date: 2016-02-12 20:53:58 + (Fri, 12 Feb 2016) New Revision: 39636 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-414-1 for chrony Modified: data/DLA/list === --- data/DLA/list

[Secure-testing-commits] r39607 - data

2016-02-11 Thread Antoine Beaupré
:30:12 UTC (rev 39606) +++ data/dla-needed.txt 2016-02-11 17:00:17 UTC (rev 39607) @@ -12,7 +12,7 @@ cakephp NOTE: 20160123, No official solution is currently available. -- -chrony +chrony (antoine beaupré) NOTE: maintainer wants to take care of it in week 05 NOTE: https

[Secure-testing-commits] r40633 - data/CVE

2016-03-29 Thread Antoine Beaupré
Author: anarcat Date: 2016-03-29 16:28:13 + (Tue, 29 Mar 2016) New Revision: 40633 Modified: data/CVE/list Log: Summary: CVE-2015-7575 not on wheezy / nss Modified: data/CVE/list === --- data/CVE/list 2016-03-29

[Secure-testing-commits] r40631 - data/CVE

2016-03-29 Thread Antoine Beaupré
Author: anarcat Date: 2016-03-29 15:38:02 + (Tue, 29 Mar 2016) New Revision: 40631 Modified: data/CVE/list Log: Summary: clarify NSS patches for CVE-2015-7575 Modified: data/CVE/list === --- data/CVE/list 2016-03-29

[Secure-testing-commits] r41178 - org

2016-04-25 Thread Antoine Beaupré
<ch...@chris-lamb.co.uk> -From 13-06 to 19-06:Antoine Beaupré <anar...@anarc.at> +From 13-06 to 19-06: From 20-06 to 26-06:Thorsten Alteholz <alteh...@debian.org> From 27-06 to 03-07: From 04-07 to 10-07:Chris Lamb <ch...@chris-lamb.co.uk> __

[Secure-testing-commits] r41864 - in data: . DLA

2016-05-18 Thread Antoine Beaupré
=== --- data/dla-needed.txt 2016-05-18 18:33:54 UTC (rev 41863) +++ data/dla-needed.txt 2016-05-18 18:45:42 UTC (rev 41864) @@ -78,9 +78,6 @@ -- php5 (Thorsten Alteholz) -- -phpmyadmin (Antoine Beaupré) - NOTE: anarcat already prepared a package: https://lists.debian.org/debian-lts/2016/04/msg00086

[Secure-testing-commits] r41818 - data/CVE

2016-05-17 Thread Antoine Beaupré
Author: anarcat Date: 2016-05-17 20:31:34 + (Tue, 17 May 2016) New Revision: 41818 Modified: data/CVE/list Log: Summary: mark openjdk-6 issues as EOL Modified: data/CVE/list === --- data/CVE/list 2016-05-17 20:05:23

[Secure-testing-commits] r41807 - data/CVE

2016-05-17 Thread Antoine Beaupré
Author: anarcat Date: 2016-05-17 16:13:46 + (Tue, 17 May 2016) New Revision: 41807 Modified: data/CVE/list Log: xen was affected by two more CVEs, but mark no-dsa because it's non-default config Modified: data/CVE/list ===

[Secure-testing-commits] r41841 - data/CVE

2016-05-18 Thread Antoine Beaupré
Author: anarcat Date: 2016-05-18 16:11:37 + (Wed, 18 May 2016) New Revision: 41841 Modified: data/CVE/list Log: Summary: keystone CVE only in stretch/sid Modified: data/CVE/list === --- data/CVE/list 2016-05-18

[Secure-testing-commits] r41840 - data

2016-05-18 Thread Antoine Beaupré
Author: anarcat Date: 2016-05-18 16:03:33 + (Wed, 18 May 2016) New Revision: 41840 Modified: data/dla-needed.txt Log: Summary: triage xen as dla-needed Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-18

[Secure-testing-commits] r41854 - data

2016-05-18 Thread Antoine Beaupré
(rev 41853) +++ data/dla-needed.txt 2016-05-18 17:42:26 UTC (rev 41854) @@ -64,7 +64,7 @@ -- mxml -- -nss (Guido Günther) +nss (Antoine Beaupré) -- ntp NOTE: maintainer wants to upload package (as done before) ___ Secure-testing-commits mailing list

[Secure-testing-commits] r41856 - in data: . DLA

2016-05-18 Thread Antoine Beaupré
-- -nss (Antoine Beaupré) --- ntp NOTE: maintainer wants to upload package (as done before) NOTE: <20160213161710.ga9...@roeckx.be> ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debi

[Secure-testing-commits] r41858 - doc

2016-05-18 Thread Antoine Beaupré
Author: anarcat Date: 2016-05-18 17:52:22 + (Wed, 18 May 2016) New Revision: 41858 Modified: doc/DLA.template Log: Summary: add common boilerplate Modified: doc/DLA.template === --- doc/DLA.template2016-05-18 17:46:36

[Secure-testing-commits] r41861 - data

2016-05-18 Thread Antoine Beaupré
Author: anarcat Date: 2016-05-18 18:08:19 + (Wed, 18 May 2016) New Revision: 41861 Modified: data/dla-needed.txt Log: Summary: update ntp status Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-05-18 18:08:04

[Secure-testing-commits] r41387 - data/CVE

2016-05-03 Thread Antoine Beaupré
Author: anarcat Date: 2016-05-03 17:07:30 + (Tue, 03 May 2016) New Revision: 41387 Modified: data/CVE/list Log: Summary: atheme fixes in sid Modified: data/CVE/list === --- data/CVE/list 2016-05-03 16:21:22 UTC (rev

[Secure-testing-commits] r40946 - data/CVE

2016-04-14 Thread Antoine Beaupré
Author: anarcat Date: 2016-04-14 23:39:21 + (Thu, 14 Apr 2016) New Revision: 40946 Modified: data/CVE/list Log: update some PMA advisory statuses Modified: data/CVE/list === --- data/CVE/list 2016-04-14 23:17:07 UTC

[Secure-testing-commits] r41037 - org

2016-04-21 Thread Antoine Beaupré
ris Lamb <ch...@chris-lamb.co.uk> -From 16-05 to 22-05: +From 16-05 to 22-05:Antoine Beaupré <anar...@anarc.at> From 23-05 to 29-05: From 30-05 to 05-06: From 06-06 to 12-06:Chris Lamb <ch...@chris-lamb.co.uk> -From 13-06 to 19-06: +From 13-06 to 19-06:Antoine Beaupré <anar...@anar

[Secure-testing-commits] r41039 - data/CVE

2016-04-21 Thread Antoine Beaupré
Author: anarcat Date: 2016-04-21 15:21:50 + (Thu, 21 Apr 2016) New Revision: 41039 Modified: data/CVE/list Log: Summary: CVE-2016-2045: not-affected Modified: data/CVE/list === --- data/CVE/list 2016-04-21 15:17:30 UTC

[Secure-testing-commits] r41040 - data/CVE

2016-04-21 Thread Antoine Beaupré
Author: anarcat Date: 2016-04-21 15:24:48 + (Thu, 21 Apr 2016) New Revision: 41040 Modified: data/CVE/list Log: Summary: it's 2044, not 2045, and same for 2043 Modified: data/CVE/list === --- data/CVE/list 2016-04-21

[Secure-testing-commits] r41041 - data/CVE

2016-04-21 Thread Antoine Beaupré
Author: anarcat Date: 2016-04-21 15:44:08 + (Thu, 21 Apr 2016) New Revision: 41041 Modified: data/CVE/list Log: Summary: clarify status of CVE-2016-2039 (SNAFU) and CVE-2016-2042 (introduced with 2039) Modified: data/CVE/list

[Secure-testing-commits] r48611 - data/CVE

2017-01-31 Thread Antoine Beaupré
Author: anarcat Date: 2017-01-31 15:31:12 + (Tue, 31 Jan 2017) New Revision: 48611 Modified: data/CVE/list Log: use issued CVE ID for claibre bug #853004 Modified: data/CVE/list === --- data/CVE/list 2017-01-31

[Secure-testing-commits] r48312 - data

2017-01-23 Thread Antoine Beaupré
-needed.txt 2017-01-23 21:55:37 UTC (rev 48311) +++ data/dla-needed.txt 2017-01-23 22:07:02 UTC (rev 48312) @@ -10,8 +10,9 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues -- -apache2 (Antoine Beaupré) +apache2 NOTE: update needs testing in https://lists.debian.org/87fukh7hcq

[Secure-testing-commits] r48313 - in data: . DLA

2017-01-23 Thread Antoine Beaupré
=== --- data/dla-needed.txt 2017-01-23 22:07:02 UTC (rev 48312) +++ data/dla-needed.txt 2017-01-23 22:23:27 UTC (rev 48313) @@ -106,10 +106,6 @@ -- slurm-llnl -- -tiff (Antoine Beaupré) - NOTE: Please work in the git repo accessible to all DD (branch master-wheezy): - NOTE

[Secure-testing-commits] r48485 - data/CVE

2017-01-28 Thread Antoine Beaupré
Author: anarcat Date: 2017-01-28 20:09:18 + (Sat, 28 Jan 2017) New Revision: 48485 Modified: data/CVE/list Log: document bug #787085 affecting calibre Modified: data/CVE/list === --- data/CVE/list 2017-01-28 20:04:06

[Secure-testing-commits] r48535 - data/CVE

2017-01-29 Thread Antoine Beaupré
Author: anarcat Date: 2017-01-29 17:28:33 + (Sun, 29 Jan 2017) New Revision: 48535 Modified: data/CVE/list Log: link to calibre CVE request Modified: data/CVE/list === --- data/CVE/list 2017-01-29 17:19:07 UTC (rev

[Secure-testing-commits] r48528 - data/CVE

2017-01-29 Thread Antoine Beaupré
Author: anarcat Date: 2017-01-29 15:44:17 + (Sun, 29 Jan 2017) New Revision: 48528 Modified: data/CVE/list Log: add new calibre issue (bug #853004) Modified: data/CVE/list === --- data/CVE/list 2017-01-29 15:38:16 UTC

[Secure-testing-commits] r48530 - data/CVE

2017-01-29 Thread Antoine Beaupré
Author: anarcat Date: 2017-01-29 16:48:50 + (Sun, 29 Jan 2017) New Revision: 48530 Modified: data/CVE/list Log: CVE requested for calibre Modified: data/CVE/list === --- data/CVE/list 2017-01-29 15:51:54 UTC (rev

[Secure-testing-commits] r49069 - data/CVE

2017-02-20 Thread Antoine Beaupré
Author: anarcat Date: 2017-02-20 15:53:18 + (Mon, 20 Feb 2017) New Revision: 49069 Modified: data/CVE/list Log: clarify N/A for jessie/atheme Modified: data/CVE/list === --- data/CVE/list 2017-02-20 15:03:59 UTC (rev

[Secure-testing-commits] r49067 - data/CVE

2017-02-20 Thread Antoine Beaupré
Author: anarcat Date: 2017-02-20 14:48:25 + (Mon, 20 Feb 2017) New Revision: 49067 Modified: data/CVE/list Log: add atheme security issue Modified: data/CVE/list === --- data/CVE/list 2017-02-20 07:33:35 UTC (rev

[Secure-testing-commits] r49068 - data/CVE

2017-02-20 Thread Antoine Beaupré
Author: anarcat Date: 2017-02-20 15:03:59 + (Mon, 20 Feb 2017) New Revision: 49068 Modified: data/CVE/list Log: jessie is not affected by latest atheme issues Modified: data/CVE/list === --- data/CVE/list 2017-02-20

[Secure-testing-commits] r49081 - data

2017-02-20 Thread Antoine Beaupré
Author: anarcat Date: 2017-02-20 20:33:22 + (Mon, 20 Feb 2017) New Revision: 49081 Modified: data/dla-needed.txt Log: get on with apache2 again Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-02-20 20:01:03

[Secure-testing-commits] r49087 - data

2017-02-20 Thread Antoine Beaupré
Author: anarcat Date: 2017-02-20 22:06:49 + (Mon, 20 Feb 2017) New Revision: 49087 Modified: data/dla-needed.txt Log: take on php5 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-02-20 21:54:05 UTC (rev

[Secure-testing-commits] r49088 - in data: . CVE

2017-02-20 Thread Antoine Beaupré
Author: anarcat Date: 2017-02-20 22:22:04 + (Mon, 20 Feb 2017) New Revision: 49088 Modified: data/CVE/list data/dla-needed.txt Log: unassign php5, note backported patch and suggest waiting for further issues Modified: data/CVE/list

[Secure-testing-commits] r48135 - data

2017-01-17 Thread Antoine Beaupré
=== --- data/dla-needed.txt 2017-01-17 18:24:13 UTC (rev 48134) +++ data/dla-needed.txt 2017-01-17 18:57:48 UTC (rev 48135) @@ -11,13 +11,7 @@ -- apache2 (Antoine Beaupré) - NOTE: The upstream change includes a new configuration option. This have to - NOTE: be mentioned very clearly

[Secure-testing-commits] r48138 - data/DSA

2017-01-17 Thread Antoine Beaupré
Author: anarcat Date: 2017-01-17 20:24:09 + (Tue, 17 Jan 2017) New Revision: 48138 Modified: data/DSA/list Log: remove CVE-2016-9535 from DSA-3762-1 as the fix was not actually shipped with the release, as the patch was misdocumented Modified: data/DSA/list

[Secure-testing-commits] r48109 - data

2017-01-16 Thread Antoine Beaupré
) +++ data/dla-needed.txt 2017-01-16 18:13:37 UTC (rev 48109) @@ -23,7 +23,7 @@ chicken NOTE: I would set this as like in Jessie, but please recheck -- -graphicsmagick +graphicsmagick (Antoine Beaupré) NOTE: seems only a single memory/CPU DOS at this point, maybe wait for more issues

[Secure-testing-commits] r48106 - data

2017-01-16 Thread Antoine Beaupré
48105) +++ data/dla-needed.txt 2017-01-16 18:02:15 UTC (rev 48106) @@ -45,7 +45,7 @@ NOTE: Upstream should provide new point-releases fixing open security issues in the next months. NOTE: Lots of CVEs are open, this is going to take some time. (See debian-lts ML) -- -libical +libical (Antoine

[Secure-testing-commits] r48108 - data

2017-01-16 Thread Antoine Beaupré
ML) -- -libical (Antoine Beaupré) +libical + NOTE: issues still unfixed upstream (2017-01-16) -- libphp-swiftmailer (Markus Koschany) NOTE: According to the release note this is a critial vulnerability so it ___ Secure-testing-commits mailing

[Secure-testing-commits] r48107 - data/CVE

2017-01-16 Thread Antoine Beaupré
Author: anarcat Date: 2017-01-16 18:08:18 + (Mon, 16 Jan 2017) New Revision: 48107 Modified: data/CVE/list Log: assign temporary descriptions to libical issues Modified: data/CVE/list === --- data/CVE/list 2017-01-16

[Secure-testing-commits] r48111 - data/CVE

2017-01-16 Thread Antoine Beaupré
Author: anarcat Date: 2017-01-16 19:53:58 + (Mon, 16 Jan 2017) New Revision: 48111 Modified: data/CVE/list Log: make CVE-2016-9830 as no-dsa on wheezy, add details about fix Modified: data/CVE/list === --- data/CVE/list

[Secure-testing-commits] r48122 - data

2017-01-16 Thread Antoine Beaupré
22:09:09 UTC (rev 48121) +++ data/dla-needed.txt 2017-01-16 23:00:07 UTC (rev 48122) @@ -10,13 +10,14 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues -- -apache2 +apache2 (Antoine Beaupré) NOTE: The upstream change includes a new configuration option. This have

[Secure-testing-commits] r48170 - data/CVE

2017-01-18 Thread Antoine Beaupré
Author: anarcat Date: 2017-01-18 21:26:43 + (Wed, 18 Jan 2017) New Revision: 48170 Modified: data/CVE/list Log: fix typo Modified: data/CVE/list === --- data/CVE/list 2017-01-18 21:21:00 UTC (rev 48169) +++

[Secure-testing-commits] r48167 - data/CVE

2017-01-18 Thread Antoine Beaupré
Author: anarcat Date: 2017-01-18 20:55:13 + (Wed, 18 Jan 2017) New Revision: 48167 Modified: data/CVE/list Log: note that CVE-2016-10095 seenms already fixed Modified: data/CVE/list === --- data/CVE/list 2017-01-18

[Secure-testing-commits] r48166 - data/CVE

2017-01-18 Thread Antoine Beaupré
Author: anarcat Date: 2017-01-18 20:25:04 + (Wed, 18 Jan 2017) New Revision: 48166 Modified: data/CVE/list Log: CVE-2016-10094 n/a in wheezy Modified: data/CVE/list === --- data/CVE/list 2017-01-18 16:29:31 UTC (rev

[Secure-testing-commits] r48171 - data/CVE

2017-01-18 Thread Antoine Beaupré
Author: anarcat Date: 2017-01-18 21:32:39 + (Wed, 18 Jan 2017) New Revision: 48171 Modified: data/CVE/list Log: remove wheezy no-dsa tags on tiff issues fixed in jessie Modified: data/CVE/list === --- data/CVE/list

[Secure-testing-commits] r48173 - data/CVE

2017-01-18 Thread Antoine Beaupré
Author: anarcat Date: 2017-01-18 21:33:59 + (Wed, 18 Jan 2017) New Revision: 48173 Modified: data/CVE/list Log: forgot another wheezy tiff issue Modified: data/CVE/list === --- data/CVE/list 2017-01-18 21:33:54 UTC

[Secure-testing-commits] r48174 - data/CVE

2017-01-18 Thread Antoine Beaupré
Author: anarcat Date: 2017-01-18 21:36:53 + (Wed, 18 Jan 2017) New Revision: 48174 Modified: data/CVE/list Log: add patch for tiff bug #846837 Modified: data/CVE/list === --- data/CVE/list 2017-01-18 21:33:59 UTC (rev

[Secure-testing-commits] r48202 - data/CVE

2017-01-19 Thread Antoine Beaupré
Author: anarcat Date: 2017-01-19 20:09:49 + (Thu, 19 Jan 2017) New Revision: 48202 Modified: data/CVE/list Log: can't reproduce CVE-2016-3625 in wheezy Modified: data/CVE/list === --- data/CVE/list 2017-01-19 19:46:56

[Secure-testing-commits] r49295 - in data: . DLA

2017-02-28 Thread Antoine Beaupré
Author: anarcat Date: 2017-02-28 15:38:27 + (Tue, 28 Feb 2017) New Revision: 49295 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-841-1 for apache2 Modified: data/DLA/list === --- data/DLA/list

[Secure-testing-commits] r49293 - data

2017-02-28 Thread Antoine Beaupré
Author: anarcat Date: 2017-02-28 15:17:18 + (Tue, 28 Feb 2017) New Revision: 49293 Modified: data/dla-needed.txt Log: take on kgb Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-02-28 14:00:56 UTC (rev 49292)

[Secure-testing-commits] r49302 - in data: . CVE

2017-02-28 Thread Antoine Beaupré
Author: anarcat Date: 2017-02-28 16:07:02 + (Tue, 28 Feb 2017) New Revision: 49302 Modified: data/CVE/list data/dla-needed.txt Log: mark kgb-bot as no-dsa in wheezy after a review of the issue, i couldn't find a simple fixed the issue is also quite old and hasn't seen movement

[Secure-testing-commits] r44353 - data/CVE

2016-09-05 Thread Antoine Beaupré
Author: anarcat Date: 2016-09-05 23:31:14 + (Mon, 05 Sep 2016) New Revision: 44353 Modified: data/CVE/list Log: Summary: CVEs issued for SASL ircd bugs Modified: data/CVE/list === --- data/CVE/list 2016-09-05 23:17:19

[Secure-testing-commits] r44354 - data/CVE

2016-09-05 Thread Antoine Beaupré
Author: anarcat Date: 2016-09-05 23:34:10 + (Mon, 05 Sep 2016) New Revision: 44354 Modified: data/CVE/list Log: Summary: add CVE for nefarious Modified: data/CVE/list === --- data/CVE/list 2016-09-05 23:31:14 UTC (rev

  1   2   3   4   >