[Secure-testing-commits] r37900 - in data: . CVE

Wed Nov 25 20:32:45 UTC 2015

Author: benh
Date: 2015-11-25 20:32:45 +0000 (Wed, 25 Nov 2015)
New Revision: 37900

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
Triage new issues for squeeze

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2015-11-25 17:36:14 UTC (rev 37899)
+++ data/CVE/list	2015-11-25 20:32:45 UTC (rev 37900)
@@ -3,7 +3,9 @@
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/11/25/5
 CVE-2015-XXXX [Qemu: net: eepro100: infinite loop in processing command block list]
 	- qemu <unfixed>
+	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
 	- qemu-kvm <removed>
+	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg03911.html
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/11/25/3
 	TODO: check
@@ -13,6 +15,8 @@
 	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
 	NOTE: https://www.redmine.org/issues/21150 (private)
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/11/25/1
+	NOTE: Commit: https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c
+	NOTE: For squeeze, the bug is in app/views/timelog/edit.rhtml
 CVE-2015-XXXX [Insecure permissions for backup directory]
 	- dbconfig-common 1.8.58 (bug #805638)
 	[jessie] - dbconfig-common <no-dsa> (Will be fixed via a jessie-pu update)

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2015-11-25 17:36:14 UTC (rev 37899)
+++ data/dla-needed.txt	2015-11-25 20:32:45 UTC (rev 37900)
@@ -14,6 +14,8 @@
 bouncycastle (Raphaël Hertzog)
   NOTE: Waiting second review from upstream author. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802671#29
 --
+dbconfig-common
+--
 eglibc (Raphaël Hertzog)
 --
 imagemagick
@@ -47,6 +49,8 @@
 --
 quassel (Scott K)
 --
+redmine
+--
 squid (Santiago R.R.)
 --
 sudo (Ben Hutchings)


