New Debian patches

repository/definitions/patch/oval_com.altx-soft.nix_def_25220.xml

@@ -0,0 +1,25 @@
+<oval-def:definition xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="patch" id="oval:com.altx-soft.nix:def:25220" version="0">
+  <oval-def:metadata>
+    <oval-def:title>DSA-3817-1 -- jbig2dec -- security update</oval-def:title>
+    <oval-def:affected family="unix">
+      <oval-def:platform>Debian 8</oval-def:platform>
+      <oval-def:product>jbig2dec</oval-def:product>
+    </oval-def:affected>
+    <oval-def:reference ref_id="DSA-3817-1" ref_url="https://www.debian.org/security/dsa-3817" source="VENDOR" />
+    <oval-def:reference ref_id="CVE-2016-9601" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9601" source="CVE" />
+    <oval-def:description>Multiple security issues have been found in the JBIG2 decoder library, which may lead to lead to denial of service or the execution of arbitrary code 
+		if a malformed image file (usually embedded in a PDF document) is opened.</oval-def:description>
+    <oval-def:oval_repository>
+      <oval-def:dates>
+        <oval-def:submitted date="2017-03-31T11:50:19">
+          <oval-def:contributor organization="ALTX-SOFT">Sergey Artykhov</oval-def:contributor>
+        </oval-def:submitted>
+      </oval-def:dates>
+      <oval-def:status>INITIAL SUBMISSION</oval-def:status>
+    </oval-def:oval_repository>
+  </oval-def:metadata>
+  <oval-def:criteria>
+    <oval-def:extend_definition comment="Debian 8 is installed" definition_ref="oval:org.mitre.oval:def:28919" />
+    <oval-def:criterion comment="jbig2dec is earlier than 0:0.13-4~deb8u1" test_ref="oval:ru.altx-soft.nix:tst:85779" />
+  </oval-def:criteria>
+</oval-def:definition>

repository/definitions/patch/oval_com.altx-soft.nix_def_25221.xml

@@ -0,0 +1,29 @@
+<oval-def:definition xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="patch" id="oval:com.altx-soft.nix:def:25221" version="0">
+  <oval-def:metadata>
+    <oval-def:title>DSA-3818-1 -- gst-plugins-bad1.0 -- security update</oval-def:title>
+    <oval-def:affected family="unix">
+      <oval-def:platform>Debian 8</oval-def:platform>
+      <oval-def:product>gst-plugins-bad1.0</oval-def:product>
+    </oval-def:affected>
+    <oval-def:reference ref_id="DSA-3818-1" ref_url="https://www.debian.org/security/dsa-3818" source="VENDOR" />
+    <oval-def:reference ref_id="CVE-2016-9809" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9809" source="CVE" />
+    <oval-def:reference ref_id="CVE-2016-9812" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9812" source="CVE" />
+    <oval-def:reference ref_id="CVE-2016-9813" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9813" source="CVE" />
+    <oval-def:reference ref_id="CVE-2017-5843" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5843" source="CVE" />
+    <oval-def:reference ref_id="CVE-2017-5848" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5848" source="CVE" />
+    <oval-def:description>Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, 
+		which may result in denial of service or the execution of arbitrary code if a malformed media file is opened.</oval-def:description>
+    <oval-def:oval_repository>
+      <oval-def:dates>
+        <oval-def:submitted date="2017-03-31T11:50:19">
+          <oval-def:contributor organization="ALTX-SOFT">Sergey Artykhov</oval-def:contributor>
+        </oval-def:submitted>
+      </oval-def:dates>
+      <oval-def:status>INITIAL SUBMISSION</oval-def:status>
+    </oval-def:oval_repository>
+  </oval-def:metadata>
+  <oval-def:criteria>
+    <oval-def:extend_definition comment="Debian 8 is installed" definition_ref="oval:org.mitre.oval:def:28919" />
+    <oval-def:criterion comment="gst-plugins-bad1.0 is earlier than 0:1.4.4-2.1+deb8u2" test_ref="oval:ru.altx-soft.nix:tst:85780" />
+  </oval-def:criteria>
+</oval-def:definition>

repository/definitions/patch/oval_com.altx-soft.nix_def_25222.xml

@@ -0,0 +1,29 @@
+<oval-def:definition xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="patch" id="oval:com.altx-soft.nix:def:25222" version="0">
+  <oval-def:metadata>
+    <oval-def:title>DSA-3819-1 -- gst-plugins-base1.0 -- security update</oval-def:title>
+    <oval-def:affected family="unix">
+      <oval-def:platform>Debian 8</oval-def:platform>
+      <oval-def:product>gst-plugins-base1.0</oval-def:product>
+    </oval-def:affected>
+    <oval-def:reference ref_id="DSA-3819-1" ref_url="https://www.debian.org/security/dsa-3819" source="VENDOR" />
+    <oval-def:reference ref_id="CVE-2016-9811" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9811" source="CVE" />
+    <oval-def:reference ref_id="CVE-2017-5837" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5837" source="CVE" />
+    <oval-def:reference ref_id="CVE-2017-5839" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5839" source="CVE" />
+    <oval-def:reference ref_id="CVE-2017-5842" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5842" source="CVE" />
+    <oval-def:reference ref_id="CVE-2017-5844" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5844" source="CVE" />
+    <oval-def:description>Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers,
+		which may result in denial of service or the execution of arbitrary code if a malformed media file is opened.</oval-def:description>
+    <oval-def:oval_repository>
+      <oval-def:dates>
+        <oval-def:submitted date="2017-03-31T11:50:22">
+          <oval-def:contributor organization="ALTX-SOFT">Sergey Artykhov</oval-def:contributor>
+        </oval-def:submitted>
+      </oval-def:dates>
+      <oval-def:status>INITIAL SUBMISSION</oval-def:status>
+    </oval-def:oval_repository>
+  </oval-def:metadata>
+  <oval-def:criteria>
+    <oval-def:extend_definition comment="Debian 8 is installed" definition_ref="oval:org.mitre.oval:def:28919" />
+    <oval-def:criterion comment="gst-plugins-base1.0 is earlier than 0:1.4.4-2+deb8u1" test_ref="oval:ru.altx-soft.nix:tst:85781" />
+  </oval-def:criteria>
+</oval-def:definition>

repository/definitions/patch/oval_com.altx-soft.nix_def_25223.xml

@@ -0,0 +1,29 @@
+<oval-def:definition xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="patch" id="oval:com.altx-soft.nix:def:25223" version="0">
+  <oval-def:metadata>
+    <oval-def:title>DSA-3820-1 -- gst-plugins-good1.0 -- security update</oval-def:title>
+    <oval-def:affected family="unix">
+      <oval-def:platform>Debian 8</oval-def:platform>
+      <oval-def:product>gst-plugins-good1.0</oval-def:product>
+    </oval-def:affected>
+    <oval-def:reference ref_id="DSA-3820-1" ref_url="https://www.debian.org/security/dsa-3820" source="VENDOR" />
+    <oval-def:reference ref_id="CVE-2016-10198" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10198" source="CVE" />
+    <oval-def:reference ref_id="CVE-2016-10199" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10199" source="CVE" />
+    <oval-def:reference ref_id="CVE-2017-5840" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5840" source="CVE" />
+    <oval-def:reference ref_id="CVE-2017-5841" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5841" source="CVE" />
+    <oval-def:reference ref_id="CVE-2017-5845" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5845" source="CVE" />
+    <oval-def:description>Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers,
+		which may result in denial of service or the execution of arbitrary code if a malformed media file is opened.</oval-def:description>
+    <oval-def:oval_repository>
+      <oval-def:dates>
+        <oval-def:submitted date="2017-03-31T11:50:25">
+          <oval-def:contributor organization="ALTX-SOFT">Sergey Artykhov</oval-def:contributor>
+        </oval-def:submitted>
+      </oval-def:dates>
+      <oval-def:status>INITIAL SUBMISSION</oval-def:status>
+    </oval-def:oval_repository>
+  </oval-def:metadata>
+  <oval-def:criteria>
+    <oval-def:extend_definition comment="Debian 8 is installed" definition_ref="oval:org.mitre.oval:def:28919" />
+    <oval-def:criterion comment="gst-plugins-good1.0 is earlier than 0:1.4.4-2+deb8u3" test_ref="oval:ru.altx-soft.nix:tst:85782" />
+  </oval-def:criteria>
+</oval-def:definition>

repository/definitions/patch/oval_com.altx-soft.nix_def_25224.xml

@@ -0,0 +1,26 @@
+<oval-def:definition xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="patch" id="oval:com.altx-soft.nix:def:25224" version="0">
+  <oval-def:metadata>
+    <oval-def:title>DSA-3821-1 -- gst-plugins-ugly1.0 -- security update</oval-def:title>
+    <oval-def:affected family="unix">
+      <oval-def:platform>Debian 8</oval-def:platform>
+      <oval-def:product>gst-plugins-ugly1.0</oval-def:product>
+    </oval-def:affected>
+    <oval-def:reference ref_id="DSA-3821-1" ref_url="https://www.debian.org/security/dsa-3821" source="VENDOR" />
+    <oval-def:reference ref_id="CVE-2017-5846" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5846" source="CVE" />
+    <oval-def:reference ref_id="CVE-2017-5847" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5847" source="CVE" />
+    <oval-def:description>Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers,
+		which may result in denial of service or the execution of arbitrary code if a malformed media file is opened.</oval-def:description>
+    <oval-def:oval_repository>
+      <oval-def:dates>
+        <oval-def:submitted date="2017-03-31T11:50:27">
+          <oval-def:contributor organization="ALTX-SOFT">Sergey Artykhov</oval-def:contributor>
+        </oval-def:submitted>
+      </oval-def:dates>
+      <oval-def:status>INITIAL SUBMISSION</oval-def:status>
+    </oval-def:oval_repository>
+  </oval-def:metadata>
+  <oval-def:criteria>
+    <oval-def:extend_definition comment="Debian 8 is installed" definition_ref="oval:org.mitre.oval:def:28919" />
+    <oval-def:criterion comment="gst-plugins-ugly1.0 is earlier than 0:1.4.4-2+deb8u1" test_ref="oval:ru.altx-soft.nix:tst:85783" />
+  </oval-def:criteria>
+</oval-def:definition>

repository/definitions/patch/oval_com.altx-soft.nix_def_25225.xml

@@ -0,0 +1,25 @@
+<oval-def:definition xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="patch" id="oval:com.altx-soft.nix:def:25225" version="0">
+  <oval-def:metadata>
+    <oval-def:title>DSA-3822-1 -- gstreamer1.0 -- security update</oval-def:title>
+    <oval-def:affected family="unix">
+      <oval-def:platform>Debian 8</oval-def:platform>
+      <oval-def:product>gstreamer1.0</oval-def:product>
+    </oval-def:affected>
+    <oval-def:reference ref_id="DSA-3822-1" ref_url="https://www.debian.org/security/dsa-3822" source="VENDOR" />
+    <oval-def:reference ref_id="CVE-2017-5838" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5838" source="CVE" />
+    <oval-def:description>Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers,
+		which may result in denial of service or the execution of arbitrary code if a malformed media file is opened.</oval-def:description>
+    <oval-def:oval_repository>
+      <oval-def:dates>
+        <oval-def:submitted date="2017-03-31T11:50:29">
+          <oval-def:contributor organization="ALTX-SOFT">Sergey Artykhov</oval-def:contributor>
+        </oval-def:submitted>
+      </oval-def:dates>
+      <oval-def:status>INITIAL SUBMISSION</oval-def:status>
+    </oval-def:oval_repository>
+  </oval-def:metadata>
+  <oval-def:criteria>
+    <oval-def:extend_definition comment="Debian 8 is installed" definition_ref="oval:org.mitre.oval:def:28919" />
+    <oval-def:criterion comment="gstreamer1.0 is earlier than 0:1.4.4-2+deb8u1" test_ref="oval:ru.altx-soft.nix:tst:85784" />
+  </oval-def:criteria>
+</oval-def:definition>

repository/definitions/patch/oval_com.altx-soft.nix_def_25226.xml

@@ -0,0 +1,25 @@
+<oval-def:definition xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="patch" id="oval:com.altx-soft.nix:def:25226" version="0">
+  <oval-def:metadata>
+    <oval-def:title>DSA-3823-1 -- eject -- security update</oval-def:title>
+    <oval-def:affected family="unix">
+      <oval-def:platform>Debian 8</oval-def:platform>
+      <oval-def:product>eject</oval-def:product>
+    </oval-def:affected>
+    <oval-def:reference ref_id="DSA-3823-1" ref_url="https://www.debian.org/security/dsa-3823" source="VENDOR" />
+    <oval-def:reference ref_id="CVE-2017-6964" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6964" source="CVE" />
+    <oval-def:description>Ilja Van Sprundel discovered that the dmcrypt-get-device helper used to check if a given device is an encrypted device handled by devmapper,
+		and used in eject, does not check return values from setuid() and setgid() when dropping privileges.</oval-def:description>
+    <oval-def:oval_repository>
+      <oval-def:dates>
+        <oval-def:submitted date="2017-03-31T11:50:30">
+          <oval-def:contributor organization="ALTX-SOFT">Sergey Artykhov</oval-def:contributor>
+        </oval-def:submitted>
+      </oval-def:dates>
+      <oval-def:status>INITIAL SUBMISSION</oval-def:status>
+    </oval-def:oval_repository>
+  </oval-def:metadata>
+  <oval-def:criteria>
+    <oval-def:extend_definition comment="Debian 8 is installed" definition_ref="oval:org.mitre.oval:def:28919" />
+    <oval-def:criterion comment="eject is earlier than 0:2.1.5+deb1+cvs20081104-13.1+deb8u1" test_ref="oval:ru.altx-soft.nix:tst:85785" />
+  </oval-def:criteria>
+</oval-def:definition>

repository/definitions/patch/oval_com.altx-soft.nix_def_25227.xml

@@ -0,0 +1,25 @@
+<oval-def:definition xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="patch" id="oval:com.altx-soft.nix:def:25227" version="0">
+  <oval-def:metadata>
+    <oval-def:title>DSA-3824-1 -- firebird2.5 -- security update</oval-def:title>
+    <oval-def:affected family="unix">
+      <oval-def:platform>Debian 8</oval-def:platform>
+      <oval-def:product>firebird2.5</oval-def:product>
+    </oval-def:affected>
+    <oval-def:reference ref_id="DSA-3824-1" ref_url="https://www.debian.org/security/dsa-3824" source="VENDOR" />
+    <oval-def:reference ref_id="CVE-2017-6369" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6369" source="CVE" />
+    <oval-def:description>George Noseevich discovered that firebird2.5, a relational database system, did not properly check User-Defined Functions (UDF),
+		thus allowing remote authenticated users to execute arbitrary code on the firebird server.</oval-def:description>
+    <oval-def:oval_repository>
+      <oval-def:dates>
+        <oval-def:submitted date="2017-03-31T11:50:30">
+          <oval-def:contributor organization="ALTX-SOFT">Sergey Artykhov</oval-def:contributor>
+        </oval-def:submitted>
+      </oval-def:dates>
+      <oval-def:status>INITIAL SUBMISSION</oval-def:status>
+    </oval-def:oval_repository>
+  </oval-def:metadata>
+  <oval-def:criteria>
+    <oval-def:extend_definition comment="Debian 8 is installed" definition_ref="oval:org.mitre.oval:def:28919" />
+    <oval-def:criterion comment="firebird2.5 is earlier than 0:2.5.3.26778.ds4-5+deb8u1" test_ref="oval:ru.altx-soft.nix:tst:85786" />
+  </oval-def:criteria>
+</oval-def:definition>

repository/definitions/patch/oval_com.altx-soft.nix_def_25256.xml

@@ -0,0 +1,25 @@
+<oval-def:definition xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="patch" id="oval:com.altx-soft.nix:def:25256" version="0">
+  <oval-def:metadata>
+    <oval-def:title>DSA-3825-1 -- jhead -- security update</oval-def:title>
+    <oval-def:affected family="unix">
+      <oval-def:platform>Debian 8</oval-def:platform>
+      <oval-def:product>jhead</oval-def:product>
+    </oval-def:affected>
+    <oval-def:reference ref_id="DSA-3825-1" ref_url="https://www.debian.org/security/dsa-3825" source="VENDOR" />
+    <oval-def:reference ref_id="CVE-2016-3822" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3822" source="CVE" />
+    <oval-def:description>It was discovered that jhead, a tool to manipulate the non-image part of EXIF compliant JPEG files, is prone to an out-of-bounds access vulnerability,
+		which may result in denial of service or, potentially, the execution of arbitrary code if an image with specially crafted EXIF data is processed.</oval-def:description>
+    <oval-def:oval_repository>
+      <oval-def:dates>
+        <oval-def:submitted date="2017-04-04T10:26:03">
+          <oval-def:contributor organization="ALTX-SOFT">Sergey Artykhov</oval-def:contributor>
+        </oval-def:submitted>
+      </oval-def:dates>
+      <oval-def:status>INITIAL SUBMISSION</oval-def:status>
+    </oval-def:oval_repository>
+  </oval-def:metadata>
+  <oval-def:criteria>
+    <oval-def:extend_definition comment="Debian 8 is installed" definition_ref="oval:org.mitre.oval:def:28919" />
+    <oval-def:criterion comment="jhead is earlier than 1:2.97-1+deb8u1" test_ref="oval:ru.altx-soft.nix:tst:86119" />
+  </oval-def:criteria>
+</oval-def:definition>

repository/definitions/patch/oval_com.altx-soft.nix_def_25276.xml

@@ -0,0 +1,24 @@
+<oval-def:definition xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="patch" id="oval:com.altx-soft.nix:def:25276" version="0">
+  <oval-def:metadata>
+    <oval-def:title>DSA-3826-1 -- tryton-server -- security update</oval-def:title>
+    <oval-def:affected family="unix">
+      <oval-def:platform>Debian 8</oval-def:platform>
+      <oval-def:product>tryton-server</oval-def:product>
+    </oval-def:affected>
+    <oval-def:reference ref_id="DSA-3826-1" ref_url="https://www.debian.org/security/dsa-3826" source="VENDOR" />
+    <oval-def:reference ref_id="CVE-2017-0360" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0360" source="CVE" />
+    <oval-def:description>It was discovered that the original patch to address CVE-2016-1242 did not cover all cases, which may result in information disclosure of file contents.</oval-def:description>
+    <oval-def:oval_repository>
+      <oval-def:dates>
+        <oval-def:submitted date="2017-04-07T15:07:30">
+          <oval-def:contributor organization="ALTX-SOFT">Sergey Artykhov</oval-def:contributor>
+        </oval-def:submitted>
+      </oval-def:dates>
+      <oval-def:status>INITIAL SUBMISSION</oval-def:status>
+    </oval-def:oval_repository>
+  </oval-def:metadata>
+  <oval-def:criteria>
+    <oval-def:extend_definition comment="Debian 8 is installed" definition_ref="oval:org.mitre.oval:def:28919" />
+    <oval-def:criterion comment="tryton-server is earlier than 0:3.4.0-3+deb8u3" test_ref="oval:ru.altx-soft.nix:tst:86524" />
+  </oval-def:criteria>
+</oval-def:definition>