--
-wireshark (Balint Reczey)
---
wordpress
--
xdg-utils
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
Author: rbalint
Date: 2015-05-28 17:07:27 + (Thu, 28 May 2015)
New Revision: 34563
Modified:
data/CVE/list
Log:
CVE-2015-3182 does not affect Debian (releases)
Modified: data/CVE/list
===
--- data/CVE/list 2015-05-28 15:
Author: rbalint
Date: 2015-06-10 19:21:06 + (Wed, 10 Jun 2015)
New Revision: 34853
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-241-1 for wireshark
Modified: data/DLA/list
===
--- data/DLA/list 2015-06
Author: rbalint
Date: 2015-10-24 22:56:46 + (Sat, 24 Oct 2015)
New Revision: 37306
Modified:
data/CVE/list
Log:
CVE-2015-6244 does not affect Wheezy and Squeeze, tested using the .pcap file
and Valgrind
Modified: data/CVE/list
==
Author: rbalint
Date: 2014-08-20 11:23:51 + (Wed, 20 Aug 2014)
New Revision: 28376
Modified:
data/DLA/list
Log:
wireshark DLA
Modified: data/DLA/list
===
--- data/DLA/list 2014-08-20 10:09:59 UTC (rev 28375)
+++ data/DLA
Author: rbalint
Date: 2014-08-22 12:35:28 + (Fri, 22 Aug 2014)
New Revision: 28428
Modified:
data/CVE/list
Log:
wireshark fixes for squeeze-lts
Modified: data/CVE/list
===
--- data/CVE/list 2014-08-22 12:07:23 UTC (rev 2
Author: rbalint
Date: 2014-08-22 12:48:41 + (Fri, 22 Aug 2014)
New Revision: 28432
Modified:
data/CVE/list
Log:
wireshark CVE housekeeping
Modified: data/CVE/list
===
--- data/CVE/list 2014-08-22 12:44:18 UTC (rev 28431)
Author: rbalint
Date: 2015-01-24 16:41:56 + (Sat, 24 Jan 2015)
New Revision: 31642
Modified:
data/CVE/list
Log:
Update some wireshark CVEs
Modified: data/CVE/list
===
--- data/CVE/list 2015-01-24 15:27:26 UTC (rev 31641)
Author: rbalint
Date: 2015-01-25 22:14:48 + (Sun, 25 Jan 2015)
New Revision: 31670
Modified:
data/CVE/list
Log:
Update some wireshark CVEs
Modified: data/CVE/list
===
--- data/CVE/list 2015-01-25 19:04:13 UTC (rev 31669)
(rev 44865)
+++ data/dla-needed.txt 2016-09-24 11:19:19 UTC (rev 44866)
@@ -18,7 +18,7 @@
--
dwarfutils (Chris Lamb)
--
-firefox-esr
+firefox-esr (Balint Reczey)
--
gcc-mingw-w64 (Stephen Kitt)
--
___
Secure-testing-commits mailing list
Secure-testing
.
--
-firefox-esr (Balint Reczey)
---
gcc-mingw-w64 (Stephen Kitt)
--
graphicsmagick (Brian May)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing
Author: rbalint
Date: 2016-09-27 12:04:18 + (Tue, 27 Sep 2016)
New Revision: 44924
Modified:
data/DLA/list
Log:
Reserve DLA-636-2 for firefox-esr
Modified: data/DLA/list
===
--- data/DLA/list 2016-09-27 11:28:53 UTC (rev
)
@@ -13,11 +13,6 @@
--
bind9 (Thorsten Alteholz)
--
-chicken (Balint Reczey)
- NOTE: See report 87twdrpcyx@prune.linuxpenguins.xyz
- NOTE: Wheezy probably vulnerable however upstream patch is too invasive.
- NOTE: Needs somebody with Scheme/C experience.
---
gcc-mingw-w64 (Stephen Kitt
Author: rbalint
Date: 2016-10-03 15:02:21 + (Mon, 03 Oct 2016)
New Revision: 44998
Modified:
data/dla-needed.txt
data/packages/lts-do-not-call
Log:
add nss and nspr to dla-needed
Modified: data/dla-needed.txt
===
--- data/d
Author: rbalint
Date: 2016-10-03 15:15:56 + (Mon, 03 Oct 2016)
New Revision: 45000
Modified:
data/packages/lts-do-not-call
Log:
fix lts-do-not-call line formats and sorting
Modified: data/packages/lts-do-not-call
===
--- data/
Author: rbalint
Date: 2016-10-04 21:52:30 + (Tue, 04 Oct 2016)
New Revision: 45045
Modified:
data/dla-needed.txt
Log:
add systemd and mpg123 to dla-needed
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-10-04 21
Author: rbalint
Date: 2016-10-04 22:51:58 + (Tue, 04 Oct 2016)
New Revision: 45046
Modified:
data/dla-needed.txt
Log:
add libdbd-mysql-perl to dla-needed
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-10-04 21:
Author: rbalint
Date: 2016-10-05 13:58:52 + (Wed, 05 Oct 2016)
New Revision: 45059
Modified:
data/CVE/list
data/dla-needed.txt
Log:
add bash for DLA
Modified: data/CVE/list
===
--- data/CVE/list 2016-10-05 13:10:05 UT
Author: rbalint
Date: 2016-10-05 14:32:23 + (Wed, 05 Oct 2016)
New Revision: 45060
Modified:
data/dla-needed.txt
Log:
add freeimage for DLA
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-10-05 13:58:52 UTC (rev
Author: rbalint
Date: 2016-10-09 21:56:15 + (Sun, 09 Oct 2016)
New Revision: 45169
Modified:
data/dla-needed.txt
Log:
add kde-runtime as candidate to dla-needed
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-10
Author: rbalint
Date: 2016-10-27 14:42:17 + (Thu, 27 Oct 2016)
New Revision: 45664
Modified:
data/dla-needed.txt
Log:
Add mysql-5.5 to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-10-27 14:39:
Author: rbalint
Date: 2016-10-27 17:05:59 + (Thu, 27 Oct 2016)
New Revision: 45667
Modified:
data/dla-needed.txt
Log:
add qemu and qemu-kvm to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-10-27
Author: rbalint
Date: 2016-10-27 21:48:32 + (Thu, 27 Oct 2016)
New Revision: 45680
Modified:
data/CVE/list
data/dla-needed.txt
Log:
add libwmf to dla-needed.txt
Modified: data/CVE/list
===
--- data/CVE/list 2016-10-27
Author: rbalint
Date: 2016-10-28 16:14:14 + (Fri, 28 Oct 2016)
New Revision: 45717
Modified:
data/dla-needed.txt
Log:
add tar to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-10-28 15:42:07 UTC
Author: rbalint
Date: 2016-10-28 16:41:04 + (Fri, 28 Oct 2016)
New Revision: 45718
Modified:
data/dla-needed.txt
Log:
add cairo to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-10-28 16:14:14 UT
19:26:58 UTC (rev 45721)
+++ data/dla-needed.txt 2016-10-28 20:54:41 UTC (rev 45722)
@@ -28,7 +28,7 @@
--
jasper (Thorsten Alteholz)
--
-kde-runtime
+kde-runtime (Balint Reczey)
NOTE: We may not need to update, but I'm leaning toward fixing
CVE-2016-7787, see #839865
--
libass
@@
Author: rbalint
Date: 2016-10-30 23:13:37 + (Sun, 30 Oct 2016)
New Revision: 45776
Modified:
data/dla-needed.txt
Log:
update status of mysql-5.5 fix in dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2
===
--- data/dla-needed.txt 2016-11-02 13:03:44 UTC (rev 45885)
+++ data/dla-needed.txt 2016-11-02 13:10:49 UTC (rev 45886)
@@ -59,9 +59,6 @@
libupnp4
NOTE: same issues as in libupnp
--
-libwmf (Balint Reczey)
- NOTE: Patch is available
Author: rbalint
Date: 2016-11-02 13:16:23 + (Wed, 02 Nov 2016)
New Revision: 45887
Modified:
data/CVE/list
Log:
update info on libwmf CVE-2016-9011
Modified: data/CVE/list
===
--- data/CVE/list 2016-11-02 13:10:49 UTC (r
:Balint Reczey
+From 21-11 to 27-11:
From 28-11 to 04-12:Guido Günther
From 05-12 to 11-12:Chris Lamb
From 12-12 to 18-12:Markus Koschany
-From 19-12 to 25-12:Balint Reczey
+From 19-12 to 25-12:
From 26-12 to 01-01:
___
Secure-testing-commits
Author: rbalint
Date: 2016-11-09 17:12:06 + (Wed, 09 Nov 2016)
New Revision: 46087
Modified:
data/CVE/list
Log:
update info on kdesu CVE-2016-7787
Modified: data/CVE/list
===
--- data/CVE/list 2016-11-09 16:55:14 UTC (re
(Thorsten Alteholz)
--
-kde-runtime (Balint Reczey)
- NOTE: We may not need to update, but I'm leaning toward fixing
CVE-2016-7787, see #839865
---
libass
NOTE: 20161019: CVE-2016-7971 is disputed upstream. No patch available yet.
NOTE: 20161026: CVE-2016-7971 is not only disputed upstrea
)
+++ data/dla-needed.txt 2016-11-11 12:20:37 UTC (rev 46118)
@@ -93,7 +93,7 @@
--
sendmail
--
-sudo
+sudo (Balint Reczey)
--
tomcat6 (Markus Koschany)
NOTE: https://anonscm.debian.org/cgit/pkg-java/tomcat6.git/log/?h=wheezy
___
Secure-testing
(rev 46177)
+++ data/dla-needed.txt 2016-11-14 13:17:13 UTC (rev 46178)
@@ -65,7 +65,7 @@
--
monit
--
-mysql-5.5
+mysql-5.5 (Balint Reczey)
NOTE: work started in
https://anonscm.debian.org/cgit/pkg-mysql/mysql-5.5.git/log/?id=refs/heads/debian/wheezy
NOTE: waiting for maintainer feedack
@@
--
sendmail
--
-sudo (Balint Reczey)
---
tomcat6 (Markus Koschany)
NOTE: https://anonscm.debian.org/cgit/pkg-java/tomcat6.git/log/?h=wheezy
NOTE: We try to coordinate the release with the security team
___
Secure-testing-commits mailing list
Author: rbalint
Date: 2016-11-15 01:38:11 + (Tue, 15 Nov 2016)
New Revision: 46202
Modified:
data/dla-needed.txt
Log:
no upstream fix for ming and libupnp yet
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-11-1
Author: rbalint
Date: 2016-11-15 01:39:14 + (Tue, 15 Nov 2016)
New Revision: 46203
Modified:
data/dla-needed.txt
Log:
fix indentation
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-11-15 01:38:11 UTC (rev 46202
)
@@ -70,13 +70,6 @@
--
monit
--
-mysql-5.5 (Balint Reczey)
- NOTE: work started in
https://anonscm.debian.org/cgit/pkg-mysql/mysql-5.5.git/log/?id=refs/heads/debian/wheezy
- NOTE: waiting for maintainer feedack/timeout
- NOTE: maintainer proposed the patch in email:
https://lists.debian.org/debian
(rev 46237)
+++ data/dla-needed.txt 2016-11-16 11:03:41 UTC (rev 46238)
@@ -9,6 +9,10 @@
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
+akonadi (Balint Reczey)
+ NOTE: compatibility update with mysql-5.5 5.5.53
+ NOTE: https://lists.debian.org/debian-security-announce/2016
-11-16 15:26:47 UTC (rev 46241)
+++ data/dla-needed.txt 2016-11-16 17:08:35 UTC (rev 46242)
@@ -12,6 +12,8 @@
akonadi (Balint Reczey)
NOTE: compatibility update with mysql-5.5 5.5.53
NOTE: https://lists.debian.org/debian-security-announce/2016/msg00298.html
+ NOTE: akonadi is now broken for
://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
-akonadi (Balint Reczey)
- NOTE: compatibility update with mysql-5.5 5.5.53
- NOTE: https://lists.debian.org/debian-security-announce/2016/msg00298.html
- NOTE: akonadi is now broken for root and jessie update breaks for normal
Author: rbalint
Date: 2016-11-19 09:27:58 + (Sat, 19 Nov 2016)
New Revision: 46339
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Mark #841257, sendmail no-dsa in wheezy
Modified: data/CVE/list
===
--- data/CVE/list
46339)
+++ data/dla-needed.txt 2016-11-19 09:28:35 UTC (rev 46340)
@@ -109,3 +109,5 @@
NOTE: https://anonscm.debian.org/cgit/pkg-java/tomcat7.git/log/?h=wheezy
NOTE: We try to coordinate the release with the security team
--
+wireshark (Balint Reczey
-21 09:10:45 UTC (rev 46373)
+++ data/dla-needed.txt 2016-11-21 09:34:13 UTC (rev 46374)
@@ -109,5 +109,3 @@
NOTE: https://anonscm.debian.org/cgit/pkg-java/tomcat7.git/log/?h=wheezy
NOTE: We try to coordinate the release with the security team
--
-wireshark (Balint Reczey
47221)
+++ data/dla-needed.txt 2016-12-19 14:40:20 UTC (rev 47222)
@@ -15,7 +15,7 @@
botan1.10
NOTE: Jessie has almost identical code. Looks hard to exploit but worth
fixing.
--
-dcmtk
+dcmtk (Balint Reczey)
NOTE: Gert Wollny is interested in fixing it but not before the beginning of
2017
Author: rbalint
Date: 2016-12-19 21:55:11 + (Mon, 19 Dec 2016)
New Revision: 47236
Modified:
data/dla-needed.txt
Log:
update notes on nss DLA
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-12-19 21:23:16 UTC (r
Author: rbalint
Date: 2016-12-20 02:22:59 + (Tue, 20 Dec 2016)
New Revision: 47239
Modified:
data/CVE/list
Log:
add bug for dcmtk CVE
Modified: data/CVE/list
===
--- data/CVE/list 2016-12-19 22:17:49 UTC (rev 47238)
+++
has almost identical code. Looks hard to exploit but worth
fixing.
--
-dcmtk (Balint Reczey)
- NOTE: Gert Wollny is interested in fixing it but not before the beginning of
2017.
- NOTE: https://lists.debian.org/debian-lts/2016/12/msg00105.html
---
graphicsmagick
NOTE: seems only a single
47310)
+++ data/dla-needed.txt 2016-12-22 01:37:37 UTC (rev 47311)
@@ -30,7 +30,7 @@
libdbd-mysql-perl (Chris Lamb)
NOTE: Jessie has almost identical code, would be great to fix as well
--
-libgd2
+libgd2 (Balint Reczey)
NOTE: Php is vulnerable but uses system libgd so as soon as libgd is fixed
Author: rbalint
Date: 2016-12-22 02:51:42 + (Thu, 22 Dec 2016)
New Revision: 47314
Modified:
data/CVE/list
Log:
add bug for libgd2 CVE-2016-9933
Modified: data/CVE/list
===
--- data/CVE/list 2016-12-22 02:03:05 UTC (rev
UTC (rev 47342)
+++ data/dla-needed.txt 2016-12-22 14:26:06 UTC (rev 47343)
@@ -30,11 +30,6 @@
libdbd-mysql-perl (Chris Lamb)
NOTE: Jessie has almost identical code, would be great to fix as well
--
-libgd2 (Balint Reczey)
- NOTE: Php is vulnerable but uses system libgd so as soon as libgd is
)
+++ data/dla-needed.txt 2016-12-28 16:21:33 UTC (rev 47517)
@@ -20,7 +20,7 @@
botan1.10
NOTE: Jessie has almost identical code. Looks hard to exploit but worth
fixing.
--
-curl
+curl (Balint Reczey)
--
graphicsmagick
NOTE: seems only a single memory/CPU DOS at this point, maybe wait for
Author: rbalint
Date: 2016-12-28 21:36:01 + (Wed, 28 Dec 2016)
New Revision: 47531
Modified:
data/dla-needed.txt
Log:
postgresql-common DLA will be taken care of by maintainer
Modified: data/dla-needed.txt
===
--- data/dla-nee
Author: rbalint
Date: 2016-12-28 22:00:51 + (Wed, 28 Dec 2016)
New Revision: 47532
Modified:
data/dla-needed.txt
Log:
ming has been removed from unstable
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-12-28 21:
Author: rbalint
Date: 2016-12-28 22:27:12 + (Wed, 28 Dec 2016)
New Revision: 47535
Modified:
data/dla-needed.txt
Log:
xrdp DLA will be taken care of by maintainer
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-
@@
botan1.10
NOTE: Jessie has almost identical code. Looks hard to exploit but worth
fixing.
--
-curl (Balint Reczey)
---
graphicsmagick
NOTE: seems only a single memory/CPU DOS at this point, maybe wait for more
issues?
NOTE: DLA-547-1 also did not fix CVE-2016-5240 so should be included in next
Author: rbalint
Date: 2016-12-29 16:54:32 + (Thu, 29 Dec 2016)
New Revision: 47560
Modified:
data/dla-needed.txt
Log:
remove maradns from DLA queue due to CVEs getting rejected
Modified: data/dla-needed.txt
===
--- data/dla-ne
47569)
+++ data/dla-needed.txt 2016-12-29 22:26:26 UTC (rev 47570)
@@ -68,7 +68,7 @@
NOTE: A privilege escalation of this should be seen as a problem.
NOTE: this was marked no-dsa in jessie, and requires changes to linux
--
-ming
+ming (Balint Reczey)
NOTE: No upstream fix yet (2016-11-15
UTC (rev 47725)
+++ data/dla-needed.txt 2017-01-04 20:07:59 UTC (rev 47726)
@@ -104,7 +104,7 @@
--
potrace
--
-rabbitmq-server
+rabbitmq-server (Balint Reczey)
NOTE: It remains to investigate if this applies to the 2.x branch in
NOTE: oldstable as well. It should as SSL support was added
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-01-05 23:49:38 UTC (rev 47770)
+++ data/dla-needed.txt 2017-01-06 01:04:11 UTC (rev 47771)
@@ -110,11 +110,6 @@
--
potrace
--
-rabbitmq-server (Balint Reczey)
- NOTE: It
:53:44 UTC (rev 48420)
+++ data/dla-needed.txt 2017-01-26 12:58:32 UTC (rev 48421)
@@ -71,19 +71,6 @@
--
mcollective
--
-ming (Balint Reczey)
- NOTE: No upstream fix yet (2016-11-15) for any of the CVEs:
- NOTE: https://github.com/libming/libming/issues/51
- NOTE: https://github.com/libming
48455)
+++ data/dla-needed.txt 2017-01-27 20:23:26 UTC (rev 48456)
@@ -50,7 +50,7 @@
NOTE: Upstream should provide new point-releases fixing open security issues
in the next months.
NOTE: Lots of CVEs are open, this is going to take some time. (See
debian-lts ML)
--
-libgd2
+libgd2 (Balint
Author: rbalint
Date: 2017-01-28 09:18:43 + (Sat, 28 Jan 2017)
New Revision: 48467
Modified:
data/CVE/list
Log:
libgd2's CVE-2016-6912 and CVE-2016-6906 don't affect wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2
Author: rbalint
Date: 2017-01-29 00:19:43 + (Sun, 29 Jan 2017)
New Revision: 48509
Modified:
data/CVE/list
Log:
libgd2's CVE-2016-10166 doesn't affect wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2017-01-28 23:51
2017-01-29 09:43:31 UTC (rev 48511)
@@ -55,8 +55,6 @@
NOTE: Upstream should provide new point-releases fixing open security issues
in the next months.
NOTE: Lots of CVEs are open, this is going to take some time. (See
debian-lts ML)
--
-libgd2 (Balint Reczey)
---
libical
NOTE: No known
17:28:33 UTC (rev 48535)
+++ data/dla-needed.txt 2017-01-29 17:41:22 UTC (rev 48536)
@@ -68,7 +68,7 @@
--
mcollective
--
-mysql-5.5
+mysql-5.5 (Balint Reczey)
--
mysql-connector-python
NOTE: see http://bugs.debian.org/841677 for current discussion
@@ -106,7 +106,7 @@
--
qemu-kvm (Guido
-bc1807cb462afb05056502f77834c6ebR291
NOTE: is missing in the wheezy version
--
-wireshark (Balint Reczey)
---
wordpress (Markus Koschany)
--
xen
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman
(Balint Reczey)
NOTE: Needs further triaging as there is very little information on many of
NOTE: the issues. However one of them looks like a major problem so the
NOTE: package needs a DLA.
@@ -91,7 +91,7 @@
NOTE: Upstream is not going to fix CVE-2016-8686 since it believes it is not
NOTE
Author: rbalint
Date: 2017-01-30 20:06:29 + (Mon, 30 Jan 2017)
New Revision: 48568
Modified:
data/CVE/list
Log:
Add bug reference for ruby-archive-tar-minitar issue, #853249
Modified: data/CVE/list
===
--- data/CVE/list
2017-01-30 21:06:19 UTC (rev 48576)
@@ -91,9 +91,6 @@
NOTE: Upstream is not going to fix CVE-2016-8686 since it believes it is not
NOTE: a bug (see #843861).
--
-ruby-archive-tar-minitar (Balint Reczey)
- NOTE: Vulnerable code is in lib/archive/tar/minitar/command.rb
---
slurm-llnl
NOTE
(rev 48603)
+++ data/dla-needed.txt 2017-01-31 11:40:23 UTC (rev 48604)
@@ -108,7 +108,7 @@
--
svgsalamander
--
-wavpack
+wavpack (Balint Reczey)
NOTE: the provided testcases don't crash but this hunk
NOTE:
https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc
potential unsigned underflow]
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2017-01-31 20:10:36 UTC (rev 48630)
+++ data/dla-needed.txt 2017-01-31 20:46:30 UTC (rev 48631)
@@ -101,11 +101,6 @@
--
svgsalamander
--
-wavpack (Bal
22:18:37 UTC (rev 48635)
+++ data/dla-needed.txt 2017-01-31 22:25:11 UTC (rev 48636)
@@ -69,7 +69,7 @@
--
mysql-5.5 (Balint Reczey)
--
-mysql-connector-python
+mysql-connector-python (Balint Reczey)
NOTE: see http://bugs.debian.org/841677 for current discussion
--
openjdk-7 (Emilio Pozuelo
)
@@ -69,9 +69,6 @@
--
mysql-5.5 (Balint Reczey)
--
-mysql-connector-python (Balint Reczey)
- NOTE: see http://bugs.debian.org/841677 for current discussion
---
openjdk-7 (Emilio Pozuelo)
--
openssl (Emilio Pozuelo)
___
Secure-testing-commits mailing
:16 UTC (rev 48697)
+++ data/dla-needed.txt 2017-02-04 08:37:49 UTC (rev 48698)
@@ -23,7 +23,7 @@
--
cgiemail
--
-glassfish (Balint Reczey)
+glassfish
NOTE: Needs further triaging as there is very little information on many of
NOTE: the issues. However one of them looks like a major problem
48799)
+++ data/dla-needed.txt 2017-02-09 18:36:19 UTC (rev 48800)
@@ -80,8 +80,6 @@
NOTE: 170206: No patch available. Unclear how reproducer is supposed to work
NOTE: because the file format cannot be detected.
--
-mysql-5.5 (Balint Reczey)
---
openjdk-7 (Emilio Pozuelo)
--
php5
Author: rbalint
Date: 2017-02-10 11:45:40 + (Fri, 10 Feb 2017)
New Revision: 48834
Modified:
data/CVE/list
Log:
add mysql-5.5 bug
Modified: data/CVE/list
===
--- data/CVE/list 2017-02-10 09:19:21 UTC (rev 48833)
+++ data
Author: rbalint
Date: 2017-02-10 11:58:39 + (Fri, 10 Feb 2017)
New Revision: 48835
Modified:
data/DLA/list
Log:
DLA-819-2 fixing wrong mysql-5.5 version in DLA-819-1
Modified: data/DLA/list
===
--- data/DLA/list 2017-02-
Author: rbalint
Date: 2017-02-15 15:12:40 + (Wed, 15 Feb 2017)
New Revision: 48954
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-824-1 for libevent
Modified: data/DLA/list
===
--- data/DLA/list 2017-02-
06:31:06 UTC (rev 49168)
+++ data/dla-needed.txt 2017-02-24 07:42:20 UTC (rev 49169)
@@ -70,6 +70,8 @@
NOTE: CVE-2017-5852, CVE-2017-5853 crash in Wheezy
NOTE: CVE-2015-8981 crashes in Wheezy
--
+libreoffice (Balint Reczey)
+--
libxml-twig-perl
NOTE: no upstream fix yet (as of 2017-01-20
-backends (Jörg Frings-Fürst)
--
-shadow (Balint Reczey)
---
slurm-llnl
NOTE: the patch from upstream uses new members of the struct
batch_job_launch_msg_t
NOTE: from my point of view backporting the introduction of these new
members to this old
UTC (rev 49250)
+++ data/dla-needed.txt 2017-02-27 00:23:10 UTC (rev 49251)
@@ -73,7 +73,7 @@
NOTE: CVE-2015-8981 Wheezy is affected, patch is straightforward.
NOTE: 20170226: No patches available for other issues.
--
-libquicktime
+libquicktime (Balint Reczey)
NOTE: added 2017-02-25, please
@@
libpodofo
NOTE: 20170226: No patches available.
--
-libquicktime (Balint Reczey)
- NOTE: added 2017-02-25, please give maintainer some time to respond
---
libreoffice (Balint Reczey)
--
libxdmcp (Emilio Pozuelo)
___
Secure-testing-commits
Author: rbalint
Date: 2017-03-02 11:12:11 + (Thu, 02 Mar 2017)
New Revision: 49361
Modified:
bin/gen-DSA
Log:
gen-DSA, gen-DLA: Read details from .changes
Package name, version, bug(s) and cve(s) are filled from .changes
file.
Modified: bin/gen-DSA
(rev 49419)
+++ data/dla-needed.txt 2017-03-05 19:11:26 UTC (rev 49420)
@@ -108,6 +108,8 @@
web2py
NOTE: added 2017-02-25, please give maintainer some time to respond
--
+wireshark (Balint Reczey)
+--
xbmc
NOTE: under reserve, could not reproduce with 2:12.3+dfsg1-3ubuntu1, which
is newer
===
--- data/dla-needed.txt 2017-03-16 21:12:27 UTC (rev 49725)
+++ data/dla-needed.txt 2017-03-17 01:12:47 UTC (rev 49726)
@@ -123,8 +123,6 @@
--
web2py (Brian May)
--
-wireshark (Balint Reczey)
---
wordpress (Markus Koschany)
--
xbmc
:47 UTC (rev 49726)
+++ data/dla-needed.txt 2017-03-17 01:36:34 UTC (rev 49727)
@@ -64,6 +64,7 @@
NOTE: https://sourceforge.net/p/podofo/mailman/message/35692197/
--
libreoffice (Balint Reczey)
+ NOTE: Rene (maintainer) is working on the patch since the proposed one seems
to be incomplete
===
--- data/dla-needed.txt 2017-03-19 21:28:44 UTC (rev 49822)
+++ data/dla-needed.txt 2017-03-19 23:29:07 UTC (rev 49823)
@@ -66,7 +66,7 @@
NOTE: Proposed patch for CVE-2017-5853, which is marked no-dsa.
NOTE: https://sourceforge.net/p/podofo/mailman/message/35692197/
--
-libreoffice (Balint Reczey
Author: rbalint
Date: 2016-02-05 21:33:50 + (Fri, 05 Feb 2016)
New Revision: 39499
Modified:
data/CVE/list
Log:
CVE-2015-8731 fix in incomplete upstream
Modified: data/CVE/list
===
--- data/CVE/list 2016-02-05 21:26:01 U
Author: rbalint
Date: 2016-02-29 20:21:26 + (Mon, 29 Feb 2016)
New Revision: 40071
Modified:
data/CVE/list
Log:
Update some wireshark CVE-s not affecting wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2016-02-29 20
Author: rbalint
Date: 2016-02-29 21:34:21 + (Mon, 29 Feb 2016)
New Revision: 40075
Modified:
data/CVE/list
Log:
wireshark CVEs not affecting wheezy
Modified: data/CVE/list
===
--- data/CVE/list 2016-02-29 20:47:36 UTC (r
Author: rbalint
Date: 2016-03-05 09:53:14 + (Sat, 05 Mar 2016)
New Revision: 40176
Modified:
data/CVE/list
Log:
wireshark's CVE-2015-8731 is at least partially fixed in 2.0.1
Modified: data/CVE/list
===
--- data/CVE/list
Author: rbalint
Date: 2016-03-06 22:22:15 + (Sun, 06 Mar 2016)
New Revision: 40200
Modified:
data/CVE/list
Log:
wireshark CVE updates
Modified: data/CVE/list
===
--- data/CVE/list 2016-03-06 21:47:28 UTC (rev 40199)
+++
Author: rbalint
Date: 2016-03-10 22:05:32 + (Thu, 10 Mar 2016)
New Revision: 40312
Modified:
data/CVE/list
Log:
Mark wireshark 2.0.x only issues not affecting jessie and wheezy
Modified: data/CVE/list
===
--- data/CVE/list
Author: rbalint
Date: 2016-05-21 11:50:55 + (Sat, 21 May 2016)
New Revision: 41925
Modified:
data/CVE/list
Log:
CVE-2016-4078 of wireshark does not affect jessie
Modified: data/CVE/list
===
--- data/CVE/list 2016-05-21 0
Author: rbalint
Date: 2016-05-29 19:41:35 + (Sun, 29 May 2016)
New Revision: 42128
Modified:
data/dla-needed.txt
Log:
Take wireshark according to our discussion with Steffen
See https://lists.debian.org/debian-lts/2016/05/msg00234.html
for details.
Modified: data/dla-needed.txt
=
Author: rbalint
Date: 2016-05-31 10:10:51 + (Tue, 31 May 2016)
New Revision: 42185
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-497-1 for wireshark
Modified: data/DLA/list
===
--- data/DLA/list 2016-05
(rev 42665)
+++ data/dla-needed.txt 2016-06-20 21:01:53 UTC (rev 42666)
@@ -97,7 +97,8 @@
--
wget (Thorsten Alteholz)
--
-wireshark
+wireshark (Balint Reczey)
+ Preparing Jessie update, then Wheezy LTS, too.
--
wordpress
--
___
Secure-testing
Author: rbalint
Date: 2016-06-26 13:55:50 + (Sun, 26 Jun 2016)
New Revision: 42803
Modified:
data/dla-needed.txt
Log:
pochu forwarded tiff CVE-s upstream
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-06-25 22:
(rev 42829)
+++ data/dla-needed.txt 2016-06-27 18:30:10 UTC (rev 42830)
@@ -91,7 +91,7 @@
--
ruby-activesupport-3.2 (Guido Günther)
--
-ruby-eventmachine
+ruby-eventmachine (Balint Reczey)
--
squid (Santiago R.R.)
--
___
Secure-testing-commits
1 - 100 of 135 matches
Mail list logo