Author: hertzog
Date: 2014-09-22 09:26:19 + (Mon, 22 Sep 2014)
New Revision: 28950
Modified:
data/CVE/list
data/dla-needed.txt
data/dsa-needed.txt
Log:
Triage apache2 CVE
Modified: data/CVE/list
===
--- data/CVE/list
Author: hertzog
Date: 2014-09-22 09:45:48 + (Mon, 22 Sep 2014)
New Revision: 28951
Modified:
data/CVE/list
Log:
Update infos for CVE-2014-6610/asterisk
Modified: data/CVE/list
===
--- data/CVE/list 2014-09-22 09:26:19
Author: hertzog
Date: 2014-09-22 12:16:38 + (Mon, 22 Sep 2014)
New Revision: 28953
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Mark CVE-2014-3577/axis as unfixed
The bug number referred to CVE-2012-5784 which got patched in Debian
but whose patch was not robust enough. An updated
Author: hertzog
Date: 2014-09-22 13:00:19 + (Mon, 22 Sep 2014)
New Revision: 28954
Modified:
data/CVE/list
Log:
Add bug url for CVE-2012-5351/axis2c
Modified: data/CVE/list
===
--- data/CVE/list 2014-09-22 12:16:38 UTC
Author: hertzog
Date: 2014-09-22 13:40:52 + (Mon, 22 Sep 2014)
New Revision: 28955
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Update infos for CVE-2012-6153/commons-httpclient
Modified: data/CVE/list
===
---
Author: hertzog
Date: 2014-09-22 13:54:14 + (Mon, 22 Sep 2014)
New Revision: 28956
Modified:
data/CVE/list
Log:
Fix typo in asterisk package name
Modified: data/CVE/list
===
--- data/CVE/list 2014-09-22 13:40:52 UTC
Author: hertzog
Date: 2014-09-22 15:50:45 + (Mon, 22 Sep 2014)
New Revision: 28957
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Update CVE-2014-4945 CVE-2014-4946, add a bunch of packages to dla-needed.txt
Modified: data/CVE/list
Author: hertzog
Date: 2014-09-23 16:12:50 + (Tue, 23 Sep 2014)
New Revision: 28983
Modified:
data/CVE/list
data/dla-needed.txt
Log:
CVE-2011-0433 and CVE-2011-5244 are already fixed in evince/squeeze
Modified: data/CVE/list
Author: hertzog
Date: 2014-09-24 12:16:36 + (Wed, 24 Sep 2014)
New Revision: 28996
Modified:
data/dla-needed.txt
Log:
Drop graphicsmagick from dla-needed (no-dsa) and add httpcomponents-client to it
Modified: data/dla-needed.txt
Author: hertzog
Date: 2014-09-24 13:14:45 + (Wed, 24 Sep 2014)
New Revision: 28998
Modified:
data/CVE/list
Log:
Add details for CVE-2014-3558/libhibernate-validator-java
Modified: data/CVE/list
===
--- data/CVE/list
Author: hertzog
Date: 2014-09-24 13:14:47 + (Wed, 24 Sep 2014)
New Revision: 28999
Modified:
data/dla-needed.txt
Log:
Add kde4libs to dla-needed.txt and a comment about the libext-ruby update
Modified: data/dla-needed.txt
===
Author: hertzog
Date: 2014-09-24 14:48:22 + (Wed, 24 Sep 2014)
New Revision: 29004
Modified:
data/dla-needed.txt
Log:
Add libplack-perl to dla-needed
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-09-24
Author: hertzog
Date: 2014-09-25 08:17:44 + (Thu, 25 Sep 2014)
New Revision: 29028
Modified:
data/CVE/list
Log:
CVE-2014-5273/CVE-2014-5274 do not apply on squeeze/wheezy
Modified: data/CVE/list
===
--- data/CVE/list
Author: hertzog
Date: 2014-09-25 08:17:55 + (Thu, 25 Sep 2014)
New Revision: 29029
Modified:
data/dla-needed.txt
Log:
Add mysql-5.1 and ppp to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt
Author: hertzog
Date: 2014-09-25 09:47:55 + (Thu, 25 Sep 2014)
New Revision: 29034
Modified:
data/CVE/list
Log:
Mark CVE-2014-3956/sendmail as no-dsa for squeeze
Modified: data/CVE/list
===
--- data/CVE/list 2014-09-25
Author: hertzog
Date: 2014-09-25 09:47:57 + (Thu, 25 Sep 2014)
New Revision: 29035
Modified:
data/dla-needed.txt
Log:
Add squid to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-09-25 09:47:55
Author: hertzog
Date: 2014-09-25 09:48:04 + (Thu, 25 Sep 2014)
New Revision: 29036
Modified:
data/CVE/list
Log:
Mark CVE affecting qemu-kvm as end-of-life on squeeze + add some details
Modified: data/CVE/list
===
---
Author: hertzog
Date: 2014-09-25 09:51:21 + (Thu, 25 Sep 2014)
New Revision: 29040
Modified:
data/CVE/list
Log:
Mark CVE affecting xen as end-of-life on squeeze
Modified: data/CVE/list
===
--- data/CVE/list 2014-09-25
Author: hertzog
Date: 2014-09-25 10:15:54 + (Thu, 25 Sep 2014)
New Revision: 29041
Modified:
data/CVE/list
Log:
Add git repository to watch for rpcbind, a fix might be forthcoming
I pinged the upstream author (Steve Dickson ste...@redhat.com).
Modified: data/CVE/list
Author: hertzog
Date: 2014-09-29 08:06:06 + (Mon, 29 Sep 2014)
New Revision: 29133
Modified:
data/CVE/list
Log:
Drop no-dsa flag for wheezy on CVE-2012-3541/rpcbind on request of Moritz
Salvatore is still investigating the impact of the issue.
Modified: data/CVE/list
Author: hertzog
Date: 2014-09-29 08:11:11 + (Mon, 29 Sep 2014)
New Revision: 29134
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Take DLA-65-1 for python-django
Modified: data/DLA/list
===
--- data/DLA/list
Author: hertzog
Date: 2014-09-30 09:50:02 + (Tue, 30 Sep 2014)
New Revision: 29163
Modified:
data/CVE/list
Log:
Add link to patch for CVE-2013-5704/apache (for apache 2.2.x)
Modified: data/CVE/list
===
--- data/CVE/list
Author: hertzog
Date: 2014-10-14 11:54:41 + (Tue, 14 Oct 2014)
New Revision: 29391
Modified:
data/CVE/list
Log:
CVE-2014-7188/xen - end-of-life in squeeze
Modified: data/CVE/list
===
--- data/CVE/list 2014-10-14
Author: hertzog
Date: 2014-10-14 14:40:12 + (Tue, 14 Oct 2014)
New Revision: 29398
Modified:
data/CVE/list
Log:
Mark CVE-2014-2667 and CVE-2014-1912 as no-dsa for Squeeze
We just follow the decision of the security team (for non-default Python
versions and Python 3.x).
Modified:
Author: hertzog
Date: 2014-10-14 14:40:19 + (Tue, 14 Oct 2014)
New Revision: 29399
Modified:
data/CVE/list
Log:
Mark CVE-2013-7345/php5/squeeze as not-affected, but the wheezy one is affected
The verification done is this one:
$ cd ext/fileinfo
$ cat test.c END
END
$ cat data_file.c
Author: hertzog
Date: 2014-10-14 14:40:29 + (Tue, 14 Oct 2014)
New Revision: 29401
Modified:
data/dla-needed.txt
Log:
Add 3 packages to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-10-14
Author: hertzog
Date: 2014-10-14 14:40:27 + (Tue, 14 Oct 2014)
New Revision: 29400
Modified:
data/CVE/list
Log:
Mark CVE-2012-2672/mojarra as not-affected on squeeze
Same reasoning as for Wheezy.
Modified: data/CVE/list
===
Author: hertzog
Date: 2014-10-14 15:22:32 + (Tue, 14 Oct 2014)
New Revision: 29402
Modified:
data/CVE/list
Log:
Mark CVE-2013-7107/icinga as no-dsa much like has been done for nagios3
Modified: data/CVE/list
===
---
:58 UTC (rev 29411)
+++ data/dla-needed.txt 2014-10-15 09:37:22 UTC (rev 29412)
@@ -7,7 +7,7 @@
To pick an issue, simply add your name behind it.
--
-apache2
+apache2 (Raphaël Hertzog)
--
axis
--
___
Secure-testing-commits mailing list
Secure
an issue, simply add your name behind it.
--
-apache2 (Raphaël Hertzog)
---
axis
--
commons-beanutils
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure
Author: hertzog
Date: 2014-10-21 07:50:12 + (Tue, 21 Oct 2014)
New Revision: 29547
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-74-1 for ppp by Andrew Bartlett
Modified: data/DLA/list
===
--- data/DLA/list
Author: hertzog
Date: 2014-10-21 09:09:16 + (Tue, 21 Oct 2014)
New Revision: 29548
Modified:
data/dla-needed.txt
Log:
Add ejabberd to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-10-21
Author: hertzog
Date: 2014-10-21 09:09:30 + (Tue, 21 Oct 2014)
New Revision: 29550
Modified:
data/dla-needed.txt
Log:
Add libxml2 to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-10-21 09:09:24
Author: hertzog
Date: 2014-10-21 09:09:24 + (Tue, 21 Oct 2014)
New Revision: 29549
Modified:
data/CVE/list
Log:
Mark CVE-2014-3689/qemu-kvm as end-of-life for squeeze
Modified: data/CVE/list
===
--- data/CVE/list
Author: hertzog
Date: 2014-10-21 09:26:23 + (Tue, 21 Oct 2014)
New Revision: 29552
Modified:
data/CVE/list
Log:
Add details about CVE-2014-3660 and the upstream patch
Modified: data/CVE/list
===
--- data/CVE/list
Author: hertzog
Date: 2014-10-21 10:46:24 + (Tue, 21 Oct 2014)
New Revision: 29555
Modified:
data/CVE/list
Log:
CVE-2012-5614/mysql has been fixed in last upstream import
According to
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
only versions up to 5.1.67 are
(Holger Levsen)
--
-mysql-5.1 (Raphaël Hertzog)
---
nfs-utils
--
nss
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
Author: hertzog
Date: 2014-10-28 11:19:43 + (Tue, 28 Oct 2014)
New Revision: 29704
Modified:
data/CVE/list
data/dla-needed.txt
Log:
For Squeeze LTS handle dokuwiki privilege escalation at the php level
I would suggest to do the same for wheezy.
Modified: data/CVE/list
Author: hertzog
Date: 2014-11-18 10:58:46 + (Tue, 18 Nov 2014)
New Revision: 30116
Modified:
data/CVE/list
Log:
Mark axis2c CVE as end-of-life for Squeeze now that #765374 is closed
Modified: data/CVE/list
===
---
Author: hertzog
Date: 2014-11-18 10:59:04 + (Tue, 18 Nov 2014)
New Revision: 30118
Modified:
data/CVE/list
Log:
Mark CVE-2014-3566/chromium-browser as end-of-life on Squeeze
Modified: data/CVE/list
===
--- data/CVE/list
Author: hertzog
Date: 2014-11-18 10:58:56 + (Tue, 18 Nov 2014)
New Revision: 30117
Modified:
data/CVE/list
Log:
Mark CVE-2014-4607/busybox as no-dsa on squeeze
Following the lead of the security team who tagged it no-dsa for Wheezy.
Modified: data/CVE/list
Author: hertzog
Date: 2014-11-18 10:59:26 + (Tue, 18 Nov 2014)
New Revision: 30121
Modified:
data/dla-needed.txt
Log:
Add libgcrypt11 to dla-needed.txt
CVE-2014-5270 has been fixed in wheezy, it ought to be fixed in Squeeze
too.
Modified: data/dla-needed.txt
Author: hertzog
Date: 2014-11-18 10:59:22 + (Tue, 18 Nov 2014)
New Revision: 30120
Modified:
data/CVE/list
data/dla-needed.txt
Log:
CVE-2014-8483: add konversation to dla-needed, mark quassel as not-affected on
Squeeze
Modified: data/CVE/list
Author: hertzog
Date: 2014-11-18 10:59:12 + (Tue, 18 Nov 2014)
New Revision: 30119
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Add imagemagick to dla-needed.txt
And add patch link to CVE-2014-8716
Modified: data/CVE/list
Author: hertzog
Date: 2014-11-18 15:45:32 + (Tue, 18 Nov 2014)
New Revision: 30130
Modified:
data/CVE/list
Log:
Mark lsyncd on squeeze as no-dsa as well
Modified: data/CVE/list
===
--- data/CVE/list 2014-11-18 14:32:30
Author: hertzog
Date: 2014-11-18 15:45:42 + (Tue, 18 Nov 2014)
New Revision: 30131
Modified:
data/CVE/list
Log:
Add link to upstream patch for CVE-2012-3541/nfs-utils
Modified: data/CVE/list
===
--- data/CVE/list
Author: hertzog
Date: 2014-11-18 15:45:52 + (Tue, 18 Nov 2014)
New Revision: 30132
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Add details about CVE-2014-4737/textpattern and put it in dla-needed.txt
Modified: data/CVE/list
Author: hertzog
Date: 2014-11-19 12:20:30 + (Wed, 19 Nov 2014)
New Revision: 30141
Modified:
data/CVE/list
Log:
Mark CVE-2014-6540 as no-dsa for squeeze
Modified: data/CVE/list
===
--- data/CVE/list 2014-11-19 08:52:32
Author: hertzog
Date: 2014-11-19 14:47:26 + (Wed, 19 Nov 2014)
New Revision: 30143
Modified:
data/CVE/list
Log:
Add fixed version for CVE-2014-3558/libhibernate-validator-java
Modified: data/CVE/list
===
--- data/CVE/list
Author: hertzog
Date: 2014-11-19 15:42:03 + (Wed, 19 Nov 2014)
New Revision: 30145
Modified:
data/CVE/list
Log:
Mark 3 dbus CVE as not applicable to the version in squeeze
Modified: data/CVE/list
===
--- data/CVE/list
-httpclient
--
-dbus (Raphaël Hertzog)
---
drupal6
--
eglibc
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
:42:15 UTC (rev 30186)
+++ data/dla-needed.txt 2014-11-20 13:44:59 UTC (rev 30187)
@@ -30,7 +30,7 @@
libextlib-ruby
NOTE: debdiff of Salvatore Bonaccorso ready in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697895#23
--
-libgcrypt11
+libgcrypt11 (Raphaël Hertzog)
--
libjson-ruby (Matt
30296)
@@ -28,8 +28,6 @@
libextlib-ruby
NOTE: debdiff of Salvatore Bonaccorso ready in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697895#23
--
-libgcrypt11 (Raphaël Hertzog)
---
libjson-ruby (Matt Palmer)
--
libphp-snoopy
___
Secure
:01 UTC (rev 30297)
+++ data/dla-needed.txt 2014-11-25 09:28:49 UTC (rev 30298)
@@ -40,7 +40,7 @@
--
linux-2.6 (Holger Levsen)
--
-openjdk-6
+openjdk-6 (Raphaël Hertzog)
--
php5 (Thorsten Alteholz)
NOTE: Please include
http://git.php.net/?p=php-src.git;a=commitdiff;h
(Holger Levsen)
--
-openjdk-6 (Raphaël Hertzog)
---
qemu
--
qt4-x11 (Thorsten Alteholz)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing
Author: hertzog
Date: 2014-12-12 10:11:04 + (Fri, 12 Dec 2014)
New Revision: 30693
Modified:
data/CVE/list
Log:
Mark CVE-2010-5109 as not affecting claws-mail in squeeze/wheezy
The problematic binary package is only built by claws-mail-extra-plugins
and not by claws-mail.
Modified:
Author: hertzog
Date: 2014-12-12 10:10:57 + (Fri, 12 Dec 2014)
New Revision: 30692
Modified:
data/dla-needed.txt
Log:
Add binutils to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-12-12
Author: hertzog
Date: 2014-12-12 10:11:06 + (Fri, 12 Dec 2014)
New Revision: 30694
Modified:
data/dla-needed.txt
Log:
Add coreutils to dla-needed.txt
Even though we don't have a real CVE yet, the possibility of a DoS by
feeding an invalid date looks serious enough to me to warrant an
Author: hertzog
Date: 2014-12-12 10:10:48 + (Fri, 12 Dec 2014)
New Revision: 30690
Modified:
data/dla-needed.txt
Log:
Add getmail4 to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-12-12
Author: hertzog
Date: 2014-12-12 10:11:07 + (Fri, 12 Dec 2014)
New Revision: 30695
Modified:
data/dla-needed.txt
Log:
Add cpio to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-12-12 10:11:06
Author: hertzog
Date: 2014-12-12 10:10:54 + (Fri, 12 Dec 2014)
New Revision: 30691
Modified:
data/CVE/list
Log:
Mark CVE-2014-3583/apache2 as no-dsa for squeeze too
We follow the decision taken for wheezy.
Modified: data/CVE/list
Author: hertzog
Date: 2014-12-12 11:07:29 + (Fri, 12 Dec 2014)
New Revision: 30696
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Mark CVE affecting drupal6 as end-of-life on squeeze
And drop drupal6 from dla-needed.txt where it had been erroneously added.
Modified: data/CVE/list
Author: hertzog
Date: 2014-12-12 11:07:41 + (Fri, 12 Dec 2014)
New Revision: 30697
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Mark CVE-2014-4037/fckeditor as no-dsa on squeeze
We follow the decision made for wheezy. Thus drop it from dla-needed.txt.
Modified: data/CVE/list
Author: hertzog
Date: 2014-12-12 11:07:47 + (Fri, 12 Dec 2014)
New Revision: 30699
Modified:
data/dla-needed.txt
Log:
Add jqueryui to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-12-12
30700)
+++ data/dla-needed.txt 2014-12-12 13:22:09 UTC (rev 30701)
@@ -21,7 +21,7 @@
--
ejabberd
--
-getmail4
+getmail4 (Raphaël Hertzog)
--
httpcomponents-client
--
___
Secure-testing-commits mailing list
Secure-testing-commits
)
@@ -21,8 +21,6 @@
--
ejabberd
--
-getmail4 (Raphaël Hertzog)
---
httpcomponents-client
--
jqueryui
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure
Author: hertzog
Date: 2014-12-12 14:32:03 + (Fri, 12 Dec 2014)
New Revision: 30707
Modified:
data/dla-needed.txt
Log:
Add libksba to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-12-12 14:32:00
Author: hertzog
Date: 2014-12-12 14:32:00 + (Fri, 12 Dec 2014)
New Revision: 30706
Modified:
data/CVE/list
Log:
Mark CVE-2014-3558/libhibernate-validator-java as no-dsa on squeeze
Follow the decision taken for wheezy.
Modified: data/CVE/list
Author: hertzog
Date: 2014-12-12 14:32:12 + (Fri, 12 Dec 2014)
New Revision: 30709
Modified:
data/dla-needed.txt
Log:
Add libyaml/libyaml-yaml-parser/pyyaml to dla-needed.txt
Modified: data/dla-needed.txt
===
---
Author: hertzog
Date: 2014-12-12 14:32:10 + (Fri, 12 Dec 2014)
New Revision: 30708
Modified:
data/CVE/list
Log:
Squeeze has librack-ruby and not ruby-rack
Modified: data/CVE/list
===
--- data/CVE/list 2014-12-12
Author: hertzog
Date: 2014-12-12 14:32:15 + (Fri, 12 Dec 2014)
New Revision: 30711
Modified:
data/DLA/list
Log:
DLA-100-1 actually fixed CVE-2014-9116 and not CVE-2014-0467
CVE-2014-0467 had already been fixed by DSA 2874-1 with version
1.5.20-9+squeeze3.
The Debian changelog entries
Author: hertzog
Date: 2014-12-12 14:32:13 + (Fri, 12 Dec 2014)
New Revision: 30710
Modified:
data/dla-needed.txt
Log:
Add linux-2.6 to dla-needed.txt
It deserves an almost permanent entry anyway.
Modified: data/dla-needed.txt
Author: hertzog
Date: 2014-12-12 15:52:18 + (Fri, 12 Dec 2014)
New Revision: 30713
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Add nss to dla-needed.txt due to CVE-2011-3389/nss
And add the links to the associated commit and bug entry.
Modified: data/CVE/list
Author: hertzog
Date: 2014-12-12 15:52:12 + (Fri, 12 Dec 2014)
New Revision: 30712
Modified:
data/dla-needed.txt
Log:
Add nfs-utils to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-12-12
Author: hertzog
Date: 2014-12-12 15:52:27 + (Fri, 12 Dec 2014)
New Revision: 30714
Modified:
data/CVE/list
Log:
Mark CVE-2014-7185/python-2.5 and CVE-2014-4616/python-2.5 as no-dsa
Modified: data/CVE/list
===
---
Author: hertzog
Date: 2014-12-12 16:17:07 + (Fri, 12 Dec 2014)
New Revision: 30715
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Add rpm, unrtf, wordpress, xorg-server and zoph to dla-needed.txt
Filed an upstream ticket for zoph.
Modified: data/CVE/list
Author: hertzog
Date: 2014-12-15 09:44:37 + (Mon, 15 Dec 2014)
New Revision: 30752
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Mark zoph issue as unimportant
The claims appear to be unfounded.
Modified: data/CVE/list
30753)
+++ data/dla-needed.txt 2014-12-15 10:04:53 UTC (rev 30754)
@@ -17,7 +17,7 @@
--
coreutils
--
-cpio
+cpio (Raphaël Hertzog)
--
ejabberd
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http
Author: hertzog
Date: 2014-12-15 10:19:41 + (Mon, 15 Dec 2014)
New Revision: 30755
Modified:
data/CVE/list
Log:
Add one more commit to CVE-2014-9112/cpio
Modified: data/CVE/list
===
--- data/CVE/list 2014-12-15 10:04:53
(Raphaël Hertzog)
---
ejabberd
--
file (Christoph Biedl)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
Author: hertzog
Date: 2014-12-17 15:18:57 + (Wed, 17 Dec 2014)
New Revision: 30795
Modified:
data/CVE/list
Log:
Drop the epoch in fixed version for bsd-mailx for CVE-2004-2771
The bug has been fixed in mailx 1:8.1.2-0.20040524cvs-2 but when the
source package has been renamed to
-needed.txt 2014-12-17 15:18:57 UTC (rev 30795)
+++ data/dla-needed.txt 2014-12-17 15:21:38 UTC (rev 30796)
@@ -11,6 +11,8 @@
--
binutils (Thorsten Alteholz)
--
+bsd-mailx (Raphaël Hertzog)
+--
commons-httpclient
--
coreutils
@@ -19,6 +21,8 @@
--
file (Christoph Biedl)
--
+heirloom-mailx
UTC (rev 30799)
@@ -19,8 +19,6 @@
--
file (Christoph Biedl)
--
-heirloom-mailx (Raphaël Hertzog)
---
httpcomponents-client
--
jqueryui
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http
Author: hertzog
Date: 2014-12-17 17:05:20 + (Wed, 17 Dec 2014)
New Revision: 30801
Modified:
data/dla-needed.txt
Log:
Add some packages to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-12-17
Author: hertzog
Date: 2014-12-17 17:05:17 + (Wed, 17 Dec 2014)
New Revision: 30800
Modified:
data/CVE/list
Log:
Mark CVE-2014-8298 as no-dsa for nvidia-graphics-drivers/squeeze
Modified: data/CVE/list
===
--- data/CVE/list
Author: hertzog
Date: 2014-12-18 14:16:26 + (Thu, 18 Dec 2014)
New Revision: 30820
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Switch CVE-2013-5919/suricata as no-dsa on squeeze too
Modified: data/CVE/list
===
---
Author: hertzog
Date: 2014-12-18 14:16:35 + (Thu, 18 Dec 2014)
New Revision: 30821
Modified:
data/CVE/list
Log:
Mark CVE-2014-9365 as no-dsa for all python versions in Squeeze
The lack of cert validation is a widely known and documented mis-feature
of Python's stdlib, no Python programs
(rev 30821)
+++ data/dla-needed.txt 2014-12-18 14:22:19 UTC (rev 30822)
@@ -77,7 +77,7 @@
--
wpasupplicant (geissert)
--
-xorg-server
+xorg-server (Raphaël Hertzog)
--
zendframework
--
___
Secure-testing-commits mailing list
Secure-testing-commits
Author: hertzog
Date: 2014-12-20 19:33:34 + (Sat, 20 Dec 2014)
New Revision: 30867
Modified:
data/dla-needed.txt
Log:
Add ntp to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-12-20 19:00:17 UTC
===
--- data/dla-needed.txt 2014-12-22 08:41:31 UTC (rev 30900)
+++ data/dla-needed.txt 2014-12-22 08:44:07 UTC (rev 30901)
@@ -70,8 +70,6 @@
--
wpasupplicant (geissert)
--
-xorg-server (Raphaël Hertzog)
---
zendframework
Author: hertzog
Date: 2014-12-22 09:29:40 + (Mon, 22 Dec 2014)
New Revision: 30903
Modified:
data/dla-needed.txt
Log:
Add packages to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-12-22
Author: hertzog
Date: 2014-12-22 09:33:13 + (Mon, 22 Dec 2014)
New Revision: 30904
Modified:
data/CVE/list
Log:
Mark CVE-2014-8132/libssh as not-affected on squeeze
Modified: data/CVE/list
===
--- data/CVE/list
Author: hertzog
Date: 2014-12-22 09:49:00 + (Mon, 22 Dec 2014)
New Revision: 30906
Modified:
data/dla-needed.txt
Log:
Add firebird2.1 and firebird2.5 to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt
Author: hertzog
Date: 2014-12-22 09:48:58 + (Mon, 22 Dec 2014)
New Revision: 30905
Modified:
data/dla-needed.txt
Log:
Add ettercap to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-12-22
Author: hertzog
Date: 2014-12-22 09:54:48 + (Mon, 22 Dec 2014)
New Revision: 30907
Modified:
data/dla-needed.txt
Log:
Add jasper to dla-needed.txt
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2014-12-22 09:49:00
Author: hertzog
Date: 2014-12-22 10:21:29 + (Mon, 22 Dec 2014)
New Revision: 30908
Modified:
data/CVE/list
Log:
Mark CVE-2014-5353/krb5 as no-dsa on squeeze
Modified: data/CVE/list
===
--- data/CVE/list 2014-12-22
Author: hertzog
Date: 2014-12-22 10:52:10 + (Mon, 22 Dec 2014)
New Revision: 30909
Modified:
data/CVE/list
Log:
Mark mediawiki as end-of-life on squeeze and add patch for polarssl
Modified: data/CVE/list
===
--- data/CVE/list
Author: hertzog
Date: 2014-12-22 11:16:03 + (Mon, 22 Dec 2014)
New Revision: 30910
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Mark most ettercap CVE as not affecting squeeze
Modified: data/CVE/list
===
---
Author: hertzog
Date: 2014-12-22 17:30:36 + (Mon, 22 Dec 2014)
New Revision: 30924
Modified:
data/CVE/list
Log:
Mark CVE-2014-9324/otrs2 as not-affected on wheezy/squeeze
The problematic module got introduced in 3.2.
Modified: data/CVE/list
Author: hertzog
Date: 2015-01-26 21:21:39 + (Mon, 26 Jan 2015)
New Revision: 31707
Modified:
data/CVE/list
Log:
Mark freecad on squeeze as not affected by
http://freecadweb.org/tracker/view.php?id=1785
Modified: data/CVE/list
1 - 100 of 661 matches
Mail list logo
