[Secure-testing-commits] r33578 - in data: . DLA

2015-04-14 Thread Balint Reczey
-- -wireshark (Balint Reczey) --- wordpress -- xdg-utils ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r34563 - data/CVE

2015-05-28 Thread Balint Reczey
Author: rbalint Date: 2015-05-28 17:07:27 + (Thu, 28 May 2015) New Revision: 34563 Modified: data/CVE/list Log: CVE-2015-3182 does not affect Debian (releases) Modified: data/CVE/list === --- data/CVE/list 2015-05-28 15:

[Secure-testing-commits] r34853 - in data: . DLA

2015-06-10 Thread Balint Reczey
Author: rbalint Date: 2015-06-10 19:21:06 + (Wed, 10 Jun 2015) New Revision: 34853 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-241-1 for wireshark Modified: data/DLA/list === --- data/DLA/list 2015-06

[Secure-testing-commits] r37306 - data/CVE

2015-10-24 Thread Balint Reczey
Author: rbalint Date: 2015-10-24 22:56:46 + (Sat, 24 Oct 2015) New Revision: 37306 Modified: data/CVE/list Log: CVE-2015-6244 does not affect Wheezy and Squeeze, tested using the .pcap file and Valgrind Modified: data/CVE/list ==

[Secure-testing-commits] r28376 - data/DLA

2014-08-20 Thread Balint Reczey
Author: rbalint Date: 2014-08-20 11:23:51 + (Wed, 20 Aug 2014) New Revision: 28376 Modified: data/DLA/list Log: wireshark DLA Modified: data/DLA/list === --- data/DLA/list 2014-08-20 10:09:59 UTC (rev 28375) +++ data/DLA

[Secure-testing-commits] r28428 - data/CVE

2014-08-22 Thread Balint Reczey
Author: rbalint Date: 2014-08-22 12:35:28 + (Fri, 22 Aug 2014) New Revision: 28428 Modified: data/CVE/list Log: wireshark fixes for squeeze-lts Modified: data/CVE/list === --- data/CVE/list 2014-08-22 12:07:23 UTC (rev 2

[Secure-testing-commits] r28432 - data/CVE

2014-08-22 Thread Balint Reczey
Author: rbalint Date: 2014-08-22 12:48:41 + (Fri, 22 Aug 2014) New Revision: 28432 Modified: data/CVE/list Log: wireshark CVE housekeeping Modified: data/CVE/list === --- data/CVE/list 2014-08-22 12:44:18 UTC (rev 28431)

[Secure-testing-commits] r31642 - data/CVE

2015-01-24 Thread Balint Reczey
Author: rbalint Date: 2015-01-24 16:41:56 + (Sat, 24 Jan 2015) New Revision: 31642 Modified: data/CVE/list Log: Update some wireshark CVEs Modified: data/CVE/list === --- data/CVE/list 2015-01-24 15:27:26 UTC (rev 31641)

[Secure-testing-commits] r31670 - data/CVE

2015-01-25 Thread Balint Reczey
Author: rbalint Date: 2015-01-25 22:14:48 + (Sun, 25 Jan 2015) New Revision: 31670 Modified: data/CVE/list Log: Update some wireshark CVEs Modified: data/CVE/list === --- data/CVE/list 2015-01-25 19:04:13 UTC (rev 31669)

[Secure-testing-commits] r44866 - data

2016-09-24 Thread Balint Reczey
(rev 44865) +++ data/dla-needed.txt 2016-09-24 11:19:19 UTC (rev 44866) @@ -18,7 +18,7 @@ -- dwarfutils (Chris Lamb) -- -firefox-esr +firefox-esr (Balint Reczey) -- gcc-mingw-w64 (Stephen Kitt) -- ___ Secure-testing-commits mailing list Secure-testing

[Secure-testing-commits] r44878 - in data: . DLA

2016-09-24 Thread Balint Reczey
. -- -firefox-esr (Balint Reczey) --- gcc-mingw-w64 (Stephen Kitt) -- graphicsmagick (Brian May) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing

[Secure-testing-commits] r44924 - data/DLA

2016-09-27 Thread Balint Reczey
Author: rbalint Date: 2016-09-27 12:04:18 + (Tue, 27 Sep 2016) New Revision: 44924 Modified: data/DLA/list Log: Reserve DLA-636-2 for firefox-esr Modified: data/DLA/list === --- data/DLA/list 2016-09-27 11:28:53 UTC (rev

[Secure-testing-commits] r44944 - in data: . DLA

2016-09-30 Thread Balint Reczey
) @@ -13,11 +13,6 @@ -- bind9 (Thorsten Alteholz) -- -chicken (Balint Reczey) - NOTE: See report 87twdrpcyx@prune.linuxpenguins.xyz - NOTE: Wheezy probably vulnerable however upstream patch is too invasive. - NOTE: Needs somebody with Scheme/C experience. --- gcc-mingw-w64 (Stephen Kitt

[Secure-testing-commits] r44998 - in data: . packages

2016-10-03 Thread Balint Reczey
Author: rbalint Date: 2016-10-03 15:02:21 + (Mon, 03 Oct 2016) New Revision: 44998 Modified: data/dla-needed.txt data/packages/lts-do-not-call Log: add nss and nspr to dla-needed Modified: data/dla-needed.txt === --- data/d

[Secure-testing-commits] r45000 - data/packages

2016-10-03 Thread Balint Reczey
Author: rbalint Date: 2016-10-03 15:15:56 + (Mon, 03 Oct 2016) New Revision: 45000 Modified: data/packages/lts-do-not-call Log: fix lts-do-not-call line formats and sorting Modified: data/packages/lts-do-not-call === --- data/

[Secure-testing-commits] r45045 - data

2016-10-04 Thread Balint Reczey
Author: rbalint Date: 2016-10-04 21:52:30 + (Tue, 04 Oct 2016) New Revision: 45045 Modified: data/dla-needed.txt Log: add systemd and mpg123 to dla-needed Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-10-04 21

[Secure-testing-commits] r45046 - data

2016-10-04 Thread Balint Reczey
Author: rbalint Date: 2016-10-04 22:51:58 + (Tue, 04 Oct 2016) New Revision: 45046 Modified: data/dla-needed.txt Log: add libdbd-mysql-perl to dla-needed Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-10-04 21:

[Secure-testing-commits] r45059 - in data: . CVE

2016-10-05 Thread Balint Reczey
Author: rbalint Date: 2016-10-05 13:58:52 + (Wed, 05 Oct 2016) New Revision: 45059 Modified: data/CVE/list data/dla-needed.txt Log: add bash for DLA Modified: data/CVE/list === --- data/CVE/list 2016-10-05 13:10:05 UT

[Secure-testing-commits] r45060 - data

2016-10-05 Thread Balint Reczey
Author: rbalint Date: 2016-10-05 14:32:23 + (Wed, 05 Oct 2016) New Revision: 45060 Modified: data/dla-needed.txt Log: add freeimage for DLA Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-10-05 13:58:52 UTC (rev

[Secure-testing-commits] r45169 - data

2016-10-09 Thread Balint Reczey
Author: rbalint Date: 2016-10-09 21:56:15 + (Sun, 09 Oct 2016) New Revision: 45169 Modified: data/dla-needed.txt Log: add kde-runtime as candidate to dla-needed Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-10

[Secure-testing-commits] r45664 - data

2016-10-27 Thread Balint Reczey
Author: rbalint Date: 2016-10-27 14:42:17 + (Thu, 27 Oct 2016) New Revision: 45664 Modified: data/dla-needed.txt Log: Add mysql-5.5 to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-10-27 14:39:

[Secure-testing-commits] r45667 - data

2016-10-27 Thread Balint Reczey
Author: rbalint Date: 2016-10-27 17:05:59 + (Thu, 27 Oct 2016) New Revision: 45667 Modified: data/dla-needed.txt Log: add qemu and qemu-kvm to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-10-27

[Secure-testing-commits] r45680 - in data: . CVE

2016-10-27 Thread Balint Reczey
Author: rbalint Date: 2016-10-27 21:48:32 + (Thu, 27 Oct 2016) New Revision: 45680 Modified: data/CVE/list data/dla-needed.txt Log: add libwmf to dla-needed.txt Modified: data/CVE/list === --- data/CVE/list 2016-10-27

[Secure-testing-commits] r45717 - data

2016-10-28 Thread Balint Reczey
Author: rbalint Date: 2016-10-28 16:14:14 + (Fri, 28 Oct 2016) New Revision: 45717 Modified: data/dla-needed.txt Log: add tar to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-10-28 15:42:07 UTC

[Secure-testing-commits] r45718 - data

2016-10-28 Thread Balint Reczey
Author: rbalint Date: 2016-10-28 16:41:04 + (Fri, 28 Oct 2016) New Revision: 45718 Modified: data/dla-needed.txt Log: add cairo to dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-10-28 16:14:14 UT

[Secure-testing-commits] r45722 - data

2016-10-28 Thread Balint Reczey
19:26:58 UTC (rev 45721) +++ data/dla-needed.txt 2016-10-28 20:54:41 UTC (rev 45722) @@ -28,7 +28,7 @@ -- jasper (Thorsten Alteholz) -- -kde-runtime +kde-runtime (Balint Reczey) NOTE: We may not need to update, but I'm leaning toward fixing CVE-2016-7787, see #839865 -- libass @@

[Secure-testing-commits] r45776 - data

2016-10-30 Thread Balint Reczey
Author: rbalint Date: 2016-10-30 23:13:37 + (Sun, 30 Oct 2016) New Revision: 45776 Modified: data/dla-needed.txt Log: update status of mysql-5.5 fix in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2

[Secure-testing-commits] r45886 - in data: . DLA

2016-11-02 Thread Balint Reczey
=== --- data/dla-needed.txt 2016-11-02 13:03:44 UTC (rev 45885) +++ data/dla-needed.txt 2016-11-02 13:10:49 UTC (rev 45886) @@ -59,9 +59,6 @@ libupnp4 NOTE: same issues as in libupnp -- -libwmf (Balint Reczey) - NOTE: Patch is available

[Secure-testing-commits] r45887 - data/CVE

2016-11-02 Thread Balint Reczey
Author: rbalint Date: 2016-11-02 13:16:23 + (Wed, 02 Nov 2016) New Revision: 45887 Modified: data/CVE/list Log: update info on libwmf CVE-2016-9011 Modified: data/CVE/list === --- data/CVE/list 2016-11-02 13:10:49 UTC (r

[Secure-testing-commits] r45901 - org

2016-11-02 Thread Balint Reczey
:Balint Reczey +From 21-11 to 27-11: From 28-11 to 04-12:Guido Günther From 05-12 to 11-12:Chris Lamb From 12-12 to 18-12:Markus Koschany -From 19-12 to 25-12:Balint Reczey +From 19-12 to 25-12: From 26-12 to 01-01: ___ Secure-testing-commits

[Secure-testing-commits] r46087 - data/CVE

2016-11-09 Thread Balint Reczey
Author: rbalint Date: 2016-11-09 17:12:06 + (Wed, 09 Nov 2016) New Revision: 46087 Modified: data/CVE/list Log: update info on kdesu CVE-2016-7787 Modified: data/CVE/list === --- data/CVE/list 2016-11-09 16:55:14 UTC (re

[Secure-testing-commits] r46088 - in data: . CVE

2016-11-09 Thread Balint Reczey
(Thorsten Alteholz) -- -kde-runtime (Balint Reczey) - NOTE: We may not need to update, but I'm leaning toward fixing CVE-2016-7787, see #839865 --- libass NOTE: 20161019: CVE-2016-7971 is disputed upstream. No patch available yet. NOTE: 20161026: CVE-2016-7971 is not only disputed upstrea

[Secure-testing-commits] r46118 - data

2016-11-11 Thread Balint Reczey
) +++ data/dla-needed.txt 2016-11-11 12:20:37 UTC (rev 46118) @@ -93,7 +93,7 @@ -- sendmail -- -sudo +sudo (Balint Reczey) -- tomcat6 (Markus Koschany) NOTE: https://anonscm.debian.org/cgit/pkg-java/tomcat6.git/log/?h=wheezy ___ Secure-testing

[Secure-testing-commits] r46178 - data

2016-11-14 Thread Balint Reczey
(rev 46177) +++ data/dla-needed.txt 2016-11-14 13:17:13 UTC (rev 46178) @@ -65,7 +65,7 @@ -- monit -- -mysql-5.5 +mysql-5.5 (Balint Reczey) NOTE: work started in https://anonscm.debian.org/cgit/pkg-mysql/mysql-5.5.git/log/?id=refs/heads/debian/wheezy NOTE: waiting for maintainer feedack

[Secure-testing-commits] r46193 - in data: . DLA

2016-11-14 Thread Balint Reczey
@@ -- sendmail -- -sudo (Balint Reczey) --- tomcat6 (Markus Koschany) NOTE: https://anonscm.debian.org/cgit/pkg-java/tomcat6.git/log/?h=wheezy NOTE: We try to coordinate the release with the security team ___ Secure-testing-commits mailing list

[Secure-testing-commits] r46202 - data

2016-11-14 Thread Balint Reczey
Author: rbalint Date: 2016-11-15 01:38:11 + (Tue, 15 Nov 2016) New Revision: 46202 Modified: data/dla-needed.txt Log: no upstream fix for ming and libupnp yet Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-11-1

[Secure-testing-commits] r46203 - data

2016-11-14 Thread Balint Reczey
Author: rbalint Date: 2016-11-15 01:39:14 + (Tue, 15 Nov 2016) New Revision: 46203 Modified: data/dla-needed.txt Log: fix indentation Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-11-15 01:38:11 UTC (rev 46202

[Secure-testing-commits] r46237 - in data: . DLA

2016-11-16 Thread Balint Reczey
) @@ -70,13 +70,6 @@ -- monit -- -mysql-5.5 (Balint Reczey) - NOTE: work started in https://anonscm.debian.org/cgit/pkg-mysql/mysql-5.5.git/log/?id=refs/heads/debian/wheezy - NOTE: waiting for maintainer feedack/timeout - NOTE: maintainer proposed the patch in email: https://lists.debian.org/debian

[Secure-testing-commits] r46238 - data

2016-11-16 Thread Balint Reczey
(rev 46237) +++ data/dla-needed.txt 2016-11-16 11:03:41 UTC (rev 46238) @@ -9,6 +9,10 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues -- +akonadi (Balint Reczey) + NOTE: compatibility update with mysql-5.5 5.5.53 + NOTE: https://lists.debian.org/debian-security-announce/2016

[Secure-testing-commits] r46242 - data

2016-11-16 Thread Balint Reczey
-11-16 15:26:47 UTC (rev 46241) +++ data/dla-needed.txt 2016-11-16 17:08:35 UTC (rev 46242) @@ -12,6 +12,8 @@ akonadi (Balint Reczey) NOTE: compatibility update with mysql-5.5 5.5.53 NOTE: https://lists.debian.org/debian-security-announce/2016/msg00298.html + NOTE: akonadi is now broken for

[Secure-testing-commits] r46289 - in data: . DLA

2016-11-17 Thread Balint Reczey
://wiki.debian.org/LTS/Development#Triage_new_security_issues -- -akonadi (Balint Reczey) - NOTE: compatibility update with mysql-5.5 5.5.53 - NOTE: https://lists.debian.org/debian-security-announce/2016/msg00298.html - NOTE: akonadi is now broken for root and jessie update breaks for normal

[Secure-testing-commits] r46339 - in data: . CVE

2016-11-19 Thread Balint Reczey
Author: rbalint Date: 2016-11-19 09:27:58 + (Sat, 19 Nov 2016) New Revision: 46339 Modified: data/CVE/list data/dla-needed.txt Log: Mark #841257, sendmail no-dsa in wheezy Modified: data/CVE/list === --- data/CVE/list

[Secure-testing-commits] r46340 - data

2016-11-19 Thread Balint Reczey
46339) +++ data/dla-needed.txt 2016-11-19 09:28:35 UTC (rev 46340) @@ -109,3 +109,5 @@ NOTE: https://anonscm.debian.org/cgit/pkg-java/tomcat7.git/log/?h=wheezy NOTE: We try to coordinate the release with the security team -- +wireshark (Balint Reczey

[Secure-testing-commits] r46374 - in data: . DLA

2016-11-21 Thread Balint Reczey
-21 09:10:45 UTC (rev 46373) +++ data/dla-needed.txt 2016-11-21 09:34:13 UTC (rev 46374) @@ -109,5 +109,3 @@ NOTE: https://anonscm.debian.org/cgit/pkg-java/tomcat7.git/log/?h=wheezy NOTE: We try to coordinate the release with the security team -- -wireshark (Balint Reczey

[Secure-testing-commits] r47222 - data

2016-12-19 Thread Balint Reczey
47221) +++ data/dla-needed.txt 2016-12-19 14:40:20 UTC (rev 47222) @@ -15,7 +15,7 @@ botan1.10 NOTE: Jessie has almost identical code. Looks hard to exploit but worth fixing. -- -dcmtk +dcmtk (Balint Reczey) NOTE: Gert Wollny is interested in fixing it but not before the beginning of 2017

[Secure-testing-commits] r47236 - data

2016-12-19 Thread Balint Reczey
Author: rbalint Date: 2016-12-19 21:55:11 + (Mon, 19 Dec 2016) New Revision: 47236 Modified: data/dla-needed.txt Log: update notes on nss DLA Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-12-19 21:23:16 UTC (r

[Secure-testing-commits] r47239 - data/CVE

2016-12-19 Thread Balint Reczey
Author: rbalint Date: 2016-12-20 02:22:59 + (Tue, 20 Dec 2016) New Revision: 47239 Modified: data/CVE/list Log: add bug for dcmtk CVE Modified: data/CVE/list === --- data/CVE/list 2016-12-19 22:17:49 UTC (rev 47238) +++

[Secure-testing-commits] r47262 - in data: . DLA

2016-12-20 Thread Balint Reczey
has almost identical code. Looks hard to exploit but worth fixing. -- -dcmtk (Balint Reczey) - NOTE: Gert Wollny is interested in fixing it but not before the beginning of 2017. - NOTE: https://lists.debian.org/debian-lts/2016/12/msg00105.html --- graphicsmagick NOTE: seems only a single

[Secure-testing-commits] r47311 - data

2016-12-21 Thread Balint Reczey
47310) +++ data/dla-needed.txt 2016-12-22 01:37:37 UTC (rev 47311) @@ -30,7 +30,7 @@ libdbd-mysql-perl (Chris Lamb) NOTE: Jessie has almost identical code, would be great to fix as well -- -libgd2 +libgd2 (Balint Reczey) NOTE: Php is vulnerable but uses system libgd so as soon as libgd is fixed

[Secure-testing-commits] r47314 - data/CVE

2016-12-21 Thread Balint Reczey
Author: rbalint Date: 2016-12-22 02:51:42 + (Thu, 22 Dec 2016) New Revision: 47314 Modified: data/CVE/list Log: add bug for libgd2 CVE-2016-9933 Modified: data/CVE/list === --- data/CVE/list 2016-12-22 02:03:05 UTC (rev

[Secure-testing-commits] r47343 - in data: . DLA

2016-12-22 Thread Balint Reczey
UTC (rev 47342) +++ data/dla-needed.txt 2016-12-22 14:26:06 UTC (rev 47343) @@ -30,11 +30,6 @@ libdbd-mysql-perl (Chris Lamb) NOTE: Jessie has almost identical code, would be great to fix as well -- -libgd2 (Balint Reczey) - NOTE: Php is vulnerable but uses system libgd so as soon as libgd is

[Secure-testing-commits] r47517 - data

2016-12-28 Thread Balint Reczey
) +++ data/dla-needed.txt 2016-12-28 16:21:33 UTC (rev 47517) @@ -20,7 +20,7 @@ botan1.10 NOTE: Jessie has almost identical code. Looks hard to exploit but worth fixing. -- -curl +curl (Balint Reczey) -- graphicsmagick NOTE: seems only a single memory/CPU DOS at this point, maybe wait for

[Secure-testing-commits] r47531 - data

2016-12-28 Thread Balint Reczey
Author: rbalint Date: 2016-12-28 21:36:01 + (Wed, 28 Dec 2016) New Revision: 47531 Modified: data/dla-needed.txt Log: postgresql-common DLA will be taken care of by maintainer Modified: data/dla-needed.txt === --- data/dla-nee

[Secure-testing-commits] r47532 - data

2016-12-28 Thread Balint Reczey
Author: rbalint Date: 2016-12-28 22:00:51 + (Wed, 28 Dec 2016) New Revision: 47532 Modified: data/dla-needed.txt Log: ming has been removed from unstable Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-12-28 21:

[Secure-testing-commits] r47535 - data

2016-12-28 Thread Balint Reczey
Author: rbalint Date: 2016-12-28 22:27:12 + (Wed, 28 Dec 2016) New Revision: 47535 Modified: data/dla-needed.txt Log: xrdp DLA will be taken care of by maintainer Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-

[Secure-testing-commits] r47536 - in data: . DLA

2016-12-28 Thread Balint Reczey
@@ botan1.10 NOTE: Jessie has almost identical code. Looks hard to exploit but worth fixing. -- -curl (Balint Reczey) --- graphicsmagick NOTE: seems only a single memory/CPU DOS at this point, maybe wait for more issues? NOTE: DLA-547-1 also did not fix CVE-2016-5240 so should be included in next

[Secure-testing-commits] r47560 - data

2016-12-29 Thread Balint Reczey
Author: rbalint Date: 2016-12-29 16:54:32 + (Thu, 29 Dec 2016) New Revision: 47560 Modified: data/dla-needed.txt Log: remove maradns from DLA queue due to CVEs getting rejected Modified: data/dla-needed.txt === --- data/dla-ne

[Secure-testing-commits] r47570 - data

2016-12-29 Thread Balint Reczey
47569) +++ data/dla-needed.txt 2016-12-29 22:26:26 UTC (rev 47570) @@ -68,7 +68,7 @@ NOTE: A privilege escalation of this should be seen as a problem. NOTE: this was marked no-dsa in jessie, and requires changes to linux -- -ming +ming (Balint Reczey) NOTE: No upstream fix yet (2016-11-15

[Secure-testing-commits] r47726 - data

2017-01-04 Thread Balint Reczey
UTC (rev 47725) +++ data/dla-needed.txt 2017-01-04 20:07:59 UTC (rev 47726) @@ -104,7 +104,7 @@ -- potrace -- -rabbitmq-server +rabbitmq-server (Balint Reczey) NOTE: It remains to investigate if this applies to the 2.x branch in NOTE: oldstable as well. It should as SSL support was added

[Secure-testing-commits] r47771 - in data: . CVE

2017-01-05 Thread Balint Reczey
Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-01-05 23:49:38 UTC (rev 47770) +++ data/dla-needed.txt 2017-01-06 01:04:11 UTC (rev 47771) @@ -110,11 +110,6 @@ -- potrace -- -rabbitmq-server (Balint Reczey) - NOTE: It

[Secure-testing-commits] r48421 - in data: . DLA

2017-01-26 Thread Balint Reczey
:53:44 UTC (rev 48420) +++ data/dla-needed.txt 2017-01-26 12:58:32 UTC (rev 48421) @@ -71,19 +71,6 @@ -- mcollective -- -ming (Balint Reczey) - NOTE: No upstream fix yet (2016-11-15) for any of the CVEs: - NOTE: https://github.com/libming/libming/issues/51 - NOTE: https://github.com/libming

[Secure-testing-commits] r48456 - data

2017-01-27 Thread Balint Reczey
48455) +++ data/dla-needed.txt 2017-01-27 20:23:26 UTC (rev 48456) @@ -50,7 +50,7 @@ NOTE: Upstream should provide new point-releases fixing open security issues in the next months. NOTE: Lots of CVEs are open, this is going to take some time. (See debian-lts ML) -- -libgd2 +libgd2 (Balint

[Secure-testing-commits] r48467 - data/CVE

2017-01-28 Thread Balint Reczey
Author: rbalint Date: 2017-01-28 09:18:43 + (Sat, 28 Jan 2017) New Revision: 48467 Modified: data/CVE/list Log: libgd2's CVE-2016-6912 and CVE-2016-6906 don't affect wheezy Modified: data/CVE/list === --- data/CVE/list 2

[Secure-testing-commits] r48509 - data/CVE

2017-01-28 Thread Balint Reczey
Author: rbalint Date: 2017-01-29 00:19:43 + (Sun, 29 Jan 2017) New Revision: 48509 Modified: data/CVE/list Log: libgd2's CVE-2016-10166 doesn't affect wheezy Modified: data/CVE/list === --- data/CVE/list 2017-01-28 23:51

[Secure-testing-commits] r48511 - in data: . DLA

2017-01-29 Thread Balint Reczey
2017-01-29 09:43:31 UTC (rev 48511) @@ -55,8 +55,6 @@ NOTE: Upstream should provide new point-releases fixing open security issues in the next months. NOTE: Lots of CVEs are open, this is going to take some time. (See debian-lts ML) -- -libgd2 (Balint Reczey) --- libical NOTE: No known

[Secure-testing-commits] r48536 - data

2017-01-29 Thread Balint Reczey
17:28:33 UTC (rev 48535) +++ data/dla-needed.txt 2017-01-29 17:41:22 UTC (rev 48536) @@ -68,7 +68,7 @@ -- mcollective -- -mysql-5.5 +mysql-5.5 (Balint Reczey) -- mysql-connector-python NOTE: see http://bugs.debian.org/841677 for current discussion @@ -106,7 +106,7 @@ -- qemu-kvm (Guido

[Secure-testing-commits] r48551 - in data: . CVE

2017-01-30 Thread Balint Reczey
-bc1807cb462afb05056502f77834c6ebR291 NOTE: is missing in the wheezy version -- -wireshark (Balint Reczey) --- wordpress (Markus Koschany) -- xen ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman

[Secure-testing-commits] r48562 - data

2017-01-30 Thread Balint Reczey
(Balint Reczey) NOTE: Needs further triaging as there is very little information on many of NOTE: the issues. However one of them looks like a major problem so the NOTE: package needs a DLA. @@ -91,7 +91,7 @@ NOTE: Upstream is not going to fix CVE-2016-8686 since it believes it is not NOTE

[Secure-testing-commits] r48568 - data/CVE

2017-01-30 Thread Balint Reczey
Author: rbalint Date: 2017-01-30 20:06:29 + (Mon, 30 Jan 2017) New Revision: 48568 Modified: data/CVE/list Log: Add bug reference for ruby-archive-tar-minitar issue, #853249 Modified: data/CVE/list === --- data/CVE/list

[Secure-testing-commits] r48576 - in data: . DLA

2017-01-30 Thread Balint Reczey
2017-01-30 21:06:19 UTC (rev 48576) @@ -91,9 +91,6 @@ NOTE: Upstream is not going to fix CVE-2016-8686 since it believes it is not NOTE: a bug (see #843861). -- -ruby-archive-tar-minitar (Balint Reczey) - NOTE: Vulnerable code is in lib/archive/tar/minitar/command.rb --- slurm-llnl NOTE

[Secure-testing-commits] r48604 - data

2017-01-31 Thread Balint Reczey
(rev 48603) +++ data/dla-needed.txt 2017-01-31 11:40:23 UTC (rev 48604) @@ -108,7 +108,7 @@ -- svgsalamander -- -wavpack +wavpack (Balint Reczey) NOTE: the provided testcases don't crash but this hunk NOTE: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc

[Secure-testing-commits] r48631 - in data: . CVE

2017-01-31 Thread Balint Reczey
potential unsigned underflow] Modified: data/dla-needed.txt === --- data/dla-needed.txt 2017-01-31 20:10:36 UTC (rev 48630) +++ data/dla-needed.txt 2017-01-31 20:46:30 UTC (rev 48631) @@ -101,11 +101,6 @@ -- svgsalamander -- -wavpack (Bal

[Secure-testing-commits] r48636 - data

2017-01-31 Thread Balint Reczey
22:18:37 UTC (rev 48635) +++ data/dla-needed.txt 2017-01-31 22:25:11 UTC (rev 48636) @@ -69,7 +69,7 @@ -- mysql-5.5 (Balint Reczey) -- -mysql-connector-python +mysql-connector-python (Balint Reczey) NOTE: see http://bugs.debian.org/841677 for current discussion -- openjdk-7 (Emilio Pozuelo

[Secure-testing-commits] r48637 - in data: . CVE

2017-01-31 Thread Balint Reczey
) @@ -69,9 +69,6 @@ -- mysql-5.5 (Balint Reczey) -- -mysql-connector-python (Balint Reczey) - NOTE: see http://bugs.debian.org/841677 for current discussion --- openjdk-7 (Emilio Pozuelo) -- openssl (Emilio Pozuelo) ___ Secure-testing-commits mailing

[Secure-testing-commits] r48698 - data

2017-02-04 Thread Balint Reczey
:16 UTC (rev 48697) +++ data/dla-needed.txt 2017-02-04 08:37:49 UTC (rev 48698) @@ -23,7 +23,7 @@ -- cgiemail -- -glassfish (Balint Reczey) +glassfish NOTE: Needs further triaging as there is very little information on many of NOTE: the issues. However one of them looks like a major problem

[Secure-testing-commits] r48800 - in data: . DLA

2017-02-09 Thread Balint Reczey
48799) +++ data/dla-needed.txt 2017-02-09 18:36:19 UTC (rev 48800) @@ -80,8 +80,6 @@ NOTE: 170206: No patch available. Unclear how reproducer is supposed to work NOTE: because the file format cannot be detected. -- -mysql-5.5 (Balint Reczey) --- openjdk-7 (Emilio Pozuelo) -- php5

[Secure-testing-commits] r48834 - data/CVE

2017-02-10 Thread Balint Reczey
Author: rbalint Date: 2017-02-10 11:45:40 + (Fri, 10 Feb 2017) New Revision: 48834 Modified: data/CVE/list Log: add mysql-5.5 bug Modified: data/CVE/list === --- data/CVE/list 2017-02-10 09:19:21 UTC (rev 48833) +++ data

[Secure-testing-commits] r48835 - data/DLA

2017-02-10 Thread Balint Reczey
Author: rbalint Date: 2017-02-10 11:58:39 + (Fri, 10 Feb 2017) New Revision: 48835 Modified: data/DLA/list Log: DLA-819-2 fixing wrong mysql-5.5 version in DLA-819-1 Modified: data/DLA/list === --- data/DLA/list 2017-02-

[Secure-testing-commits] r48954 - in data: . DLA

2017-02-15 Thread Balint Reczey
Author: rbalint Date: 2017-02-15 15:12:40 + (Wed, 15 Feb 2017) New Revision: 48954 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-824-1 for libevent Modified: data/DLA/list === --- data/DLA/list 2017-02-

[Secure-testing-commits] r49169 - data

2017-02-23 Thread Balint Reczey
06:31:06 UTC (rev 49168) +++ data/dla-needed.txt 2017-02-24 07:42:20 UTC (rev 49169) @@ -70,6 +70,8 @@ NOTE: CVE-2017-5852, CVE-2017-5853 crash in Wheezy NOTE: CVE-2015-8981 crashes in Wheezy -- +libreoffice (Balint Reczey) +-- libxml-twig-perl NOTE: no upstream fix yet (as of 2017-01-20

[Secure-testing-commits] r49250 - in data: . DLA

2017-02-26 Thread Balint Reczey
-backends (Jörg Frings-Fürst) -- -shadow (Balint Reczey) --- slurm-llnl NOTE: the patch from upstream uses new members of the struct batch_job_launch_msg_t NOTE: from my point of view backporting the introduction of these new members to this old

[Secure-testing-commits] r49251 - data

2017-02-26 Thread Balint Reczey
UTC (rev 49250) +++ data/dla-needed.txt 2017-02-27 00:23:10 UTC (rev 49251) @@ -73,7 +73,7 @@ NOTE: CVE-2015-8981 Wheezy is affected, patch is straightforward. NOTE: 20170226: No patches available for other issues. -- -libquicktime +libquicktime (Balint Reczey) NOTE: added 2017-02-25, please

[Secure-testing-commits] r49325 - in data: . DLA

2017-02-28 Thread Balint Reczey
@@ libpodofo NOTE: 20170226: No patches available. -- -libquicktime (Balint Reczey) - NOTE: added 2017-02-25, please give maintainer some time to respond --- libreoffice (Balint Reczey) -- libxdmcp (Emilio Pozuelo) ___ Secure-testing-commits

[Secure-testing-commits] r49361 - bin

2017-03-02 Thread Balint Reczey
Author: rbalint Date: 2017-03-02 11:12:11 + (Thu, 02 Mar 2017) New Revision: 49361 Modified: bin/gen-DSA Log: gen-DSA, gen-DLA: Read details from .changes Package name, version, bug(s) and cve(s) are filled from .changes file. Modified: bin/gen-DSA

[Secure-testing-commits] r49420 - data

2017-03-05 Thread Balint Reczey
(rev 49419) +++ data/dla-needed.txt 2017-03-05 19:11:26 UTC (rev 49420) @@ -108,6 +108,8 @@ web2py NOTE: added 2017-02-25, please give maintainer some time to respond -- +wireshark (Balint Reczey) +-- xbmc NOTE: under reserve, could not reproduce with 2:12.3+dfsg1-3ubuntu1, which is newer

[Secure-testing-commits] r49726 - in data: . DLA

2017-03-16 Thread Balint Reczey
=== --- data/dla-needed.txt 2017-03-16 21:12:27 UTC (rev 49725) +++ data/dla-needed.txt 2017-03-17 01:12:47 UTC (rev 49726) @@ -123,8 +123,6 @@ -- web2py (Brian May) -- -wireshark (Balint Reczey) --- wordpress (Markus Koschany) -- xbmc

[Secure-testing-commits] r49727 - data

2017-03-16 Thread Balint Reczey
:47 UTC (rev 49726) +++ data/dla-needed.txt 2017-03-17 01:36:34 UTC (rev 49727) @@ -64,6 +64,7 @@ NOTE: https://sourceforge.net/p/podofo/mailman/message/35692197/ -- libreoffice (Balint Reczey) + NOTE: Rene (maintainer) is working on the patch since the proposed one seems to be incomplete

[Secure-testing-commits] r49823 - data

2017-03-19 Thread Balint Reczey
=== --- data/dla-needed.txt 2017-03-19 21:28:44 UTC (rev 49822) +++ data/dla-needed.txt 2017-03-19 23:29:07 UTC (rev 49823) @@ -66,7 +66,7 @@ NOTE: Proposed patch for CVE-2017-5853, which is marked no-dsa. NOTE: https://sourceforge.net/p/podofo/mailman/message/35692197/ -- -libreoffice (Balint Reczey

[Secure-testing-commits] r39499 - data/CVE

2016-02-05 Thread Balint Reczey
Author: rbalint Date: 2016-02-05 21:33:50 + (Fri, 05 Feb 2016) New Revision: 39499 Modified: data/CVE/list Log: CVE-2015-8731 fix in incomplete upstream Modified: data/CVE/list === --- data/CVE/list 2016-02-05 21:26:01 U

[Secure-testing-commits] r40071 - data/CVE

2016-02-29 Thread Balint Reczey
Author: rbalint Date: 2016-02-29 20:21:26 + (Mon, 29 Feb 2016) New Revision: 40071 Modified: data/CVE/list Log: Update some wireshark CVE-s not affecting wheezy Modified: data/CVE/list === --- data/CVE/list 2016-02-29 20

[Secure-testing-commits] r40075 - data/CVE

2016-02-29 Thread Balint Reczey
Author: rbalint Date: 2016-02-29 21:34:21 + (Mon, 29 Feb 2016) New Revision: 40075 Modified: data/CVE/list Log: wireshark CVEs not affecting wheezy Modified: data/CVE/list === --- data/CVE/list 2016-02-29 20:47:36 UTC (r

[Secure-testing-commits] r40176 - data/CVE

2016-03-05 Thread Balint Reczey
Author: rbalint Date: 2016-03-05 09:53:14 + (Sat, 05 Mar 2016) New Revision: 40176 Modified: data/CVE/list Log: wireshark's CVE-2015-8731 is at least partially fixed in 2.0.1 Modified: data/CVE/list === --- data/CVE/list

[Secure-testing-commits] r40200 - data/CVE

2016-03-06 Thread Balint Reczey
Author: rbalint Date: 2016-03-06 22:22:15 + (Sun, 06 Mar 2016) New Revision: 40200 Modified: data/CVE/list Log: wireshark CVE updates Modified: data/CVE/list === --- data/CVE/list 2016-03-06 21:47:28 UTC (rev 40199) +++

[Secure-testing-commits] r40312 - data/CVE

2016-03-10 Thread Balint Reczey
Author: rbalint Date: 2016-03-10 22:05:32 + (Thu, 10 Mar 2016) New Revision: 40312 Modified: data/CVE/list Log: Mark wireshark 2.0.x only issues not affecting jessie and wheezy Modified: data/CVE/list === --- data/CVE/list

[Secure-testing-commits] r41925 - data/CVE

2016-05-21 Thread Balint Reczey
Author: rbalint Date: 2016-05-21 11:50:55 + (Sat, 21 May 2016) New Revision: 41925 Modified: data/CVE/list Log: CVE-2016-4078 of wireshark does not affect jessie Modified: data/CVE/list === --- data/CVE/list 2016-05-21 0

[Secure-testing-commits] r42128 - data

2016-05-29 Thread Balint Reczey
Author: rbalint Date: 2016-05-29 19:41:35 + (Sun, 29 May 2016) New Revision: 42128 Modified: data/dla-needed.txt Log: Take wireshark according to our discussion with Steffen See https://lists.debian.org/debian-lts/2016/05/msg00234.html for details. Modified: data/dla-needed.txt =

[Secure-testing-commits] r42185 - in data: . DLA

2016-05-31 Thread Balint Reczey
Author: rbalint Date: 2016-05-31 10:10:51 + (Tue, 31 May 2016) New Revision: 42185 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-497-1 for wireshark Modified: data/DLA/list === --- data/DLA/list 2016-05

[Secure-testing-commits] r42666 - data

2016-06-20 Thread Balint Reczey
(rev 42665) +++ data/dla-needed.txt 2016-06-20 21:01:53 UTC (rev 42666) @@ -97,7 +97,8 @@ -- wget (Thorsten Alteholz) -- -wireshark +wireshark (Balint Reczey) + Preparing Jessie update, then Wheezy LTS, too. -- wordpress -- ___ Secure-testing

[Secure-testing-commits] r42803 - data

2016-06-26 Thread Balint Reczey
Author: rbalint Date: 2016-06-26 13:55:50 + (Sun, 26 Jun 2016) New Revision: 42803 Modified: data/dla-needed.txt Log: pochu forwarded tiff CVE-s upstream Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-25 22:

[Secure-testing-commits] r42830 - data

2016-06-27 Thread Balint Reczey
(rev 42829) +++ data/dla-needed.txt 2016-06-27 18:30:10 UTC (rev 42830) @@ -91,7 +91,7 @@ -- ruby-activesupport-3.2 (Guido Günther) -- -ruby-eventmachine +ruby-eventmachine (Balint Reczey) -- squid (Santiago R.R.) -- ___ Secure-testing-commits

  1   2   >