[Secure-testing-commits] r38503 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Dec 23 21:10:11 UTC 2015
Author: sectracker
Date: 2015-12-23 21:10:11 +0000 (Wed, 23 Dec 2015)
New Revision: 38503
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-12-23 19:20:16 UTC (rev 38502)
+++ data/CVE/list 2015-12-23 21:10:11 UTC (rev 38503)
@@ -1,3 +1,403 @@
+CVE-2016-1130
+ RESERVED
+CVE-2016-1129
+ RESERVED
+CVE-2016-1128
+ RESERVED
+CVE-2016-1127
+ RESERVED
+CVE-2016-1126
+ RESERVED
+CVE-2016-1125
+ RESERVED
+CVE-2016-1124
+ RESERVED
+CVE-2016-1123
+ RESERVED
+CVE-2016-1122
+ RESERVED
+CVE-2016-1121
+ RESERVED
+CVE-2016-1120
+ RESERVED
+CVE-2016-1119
+ RESERVED
+CVE-2016-1118
+ RESERVED
+CVE-2016-1117
+ RESERVED
+CVE-2016-1116
+ RESERVED
+CVE-2016-1115
+ RESERVED
+CVE-2016-1114
+ RESERVED
+CVE-2016-1113
+ RESERVED
+CVE-2016-1112
+ RESERVED
+CVE-2016-1111
+ RESERVED
+CVE-2016-1110
+ RESERVED
+CVE-2016-1109
+ RESERVED
+CVE-2016-1108
+ RESERVED
+CVE-2016-1107
+ RESERVED
+CVE-2016-1106
+ RESERVED
+CVE-2016-1105
+ RESERVED
+CVE-2016-1104
+ RESERVED
+CVE-2016-1103
+ RESERVED
+CVE-2016-1102
+ RESERVED
+CVE-2016-1101
+ RESERVED
+CVE-2016-1100
+ RESERVED
+CVE-2016-1099
+ RESERVED
+CVE-2016-1098
+ RESERVED
+CVE-2016-1097
+ RESERVED
+CVE-2016-1096
+ RESERVED
+CVE-2016-1095
+ RESERVED
+CVE-2016-1094
+ RESERVED
+CVE-2016-1093
+ RESERVED
+CVE-2016-1092
+ RESERVED
+CVE-2016-1091
+ RESERVED
+CVE-2016-1090
+ RESERVED
+CVE-2016-1089
+ RESERVED
+CVE-2016-1088
+ RESERVED
+CVE-2016-1087
+ RESERVED
+CVE-2016-1086
+ RESERVED
+CVE-2016-1085
+ RESERVED
+CVE-2016-1084
+ RESERVED
+CVE-2016-1083
+ RESERVED
+CVE-2016-1082
+ RESERVED
+CVE-2016-1081
+ RESERVED
+CVE-2016-1080
+ RESERVED
+CVE-2016-1079
+ RESERVED
+CVE-2016-1078
+ RESERVED
+CVE-2016-1077
+ RESERVED
+CVE-2016-1076
+ RESERVED
+CVE-2016-1075
+ RESERVED
+CVE-2016-1074
+ RESERVED
+CVE-2016-1073
+ RESERVED
+CVE-2016-1072
+ RESERVED
+CVE-2016-1071
+ RESERVED
+CVE-2016-1070
+ RESERVED
+CVE-2016-1069
+ RESERVED
+CVE-2016-1068
+ RESERVED
+CVE-2016-1067
+ RESERVED
+CVE-2016-1066
+ RESERVED
+CVE-2016-1065
+ RESERVED
+CVE-2016-1064
+ RESERVED
+CVE-2016-1063
+ RESERVED
+CVE-2016-1062
+ RESERVED
+CVE-2016-1061
+ RESERVED
+CVE-2016-1060
+ RESERVED
+CVE-2016-1059
+ RESERVED
+CVE-2016-1058
+ RESERVED
+CVE-2016-1057
+ RESERVED
+CVE-2016-1056
+ RESERVED
+CVE-2016-1055
+ RESERVED
+CVE-2016-1054
+ RESERVED
+CVE-2016-1053
+ RESERVED
+CVE-2016-1052
+ RESERVED
+CVE-2016-1051
+ RESERVED
+CVE-2016-1050
+ RESERVED
+CVE-2016-1049
+ RESERVED
+CVE-2016-1048
+ RESERVED
+CVE-2016-1047
+ RESERVED
+CVE-2016-1046
+ RESERVED
+CVE-2016-1045
+ RESERVED
+CVE-2016-1044
+ RESERVED
+CVE-2016-1043
+ RESERVED
+CVE-2016-1042
+ RESERVED
+CVE-2016-1041
+ RESERVED
+CVE-2016-1040
+ RESERVED
+CVE-2016-1039
+ RESERVED
+CVE-2016-1038
+ RESERVED
+CVE-2016-1037
+ RESERVED
+CVE-2016-1036
+ RESERVED
+CVE-2016-1035
+ RESERVED
+CVE-2016-1034
+ RESERVED
+CVE-2016-1033
+ RESERVED
+CVE-2016-1032
+ RESERVED
+CVE-2016-1031
+ RESERVED
+CVE-2016-1030
+ RESERVED
+CVE-2016-1029
+ RESERVED
+CVE-2016-1028
+ RESERVED
+CVE-2016-1027
+ RESERVED
+CVE-2016-1026
+ RESERVED
+CVE-2016-1025
+ RESERVED
+CVE-2016-1024
+ RESERVED
+CVE-2016-1023
+ RESERVED
+CVE-2016-1022
+ RESERVED
+CVE-2016-1021
+ RESERVED
+CVE-2016-1020
+ RESERVED
+CVE-2016-1019
+ RESERVED
+CVE-2016-1018
+ RESERVED
+CVE-2016-1017
+ RESERVED
+CVE-2016-1016
+ RESERVED
+CVE-2016-1015
+ RESERVED
+CVE-2016-1014
+ RESERVED
+CVE-2016-1013
+ RESERVED
+CVE-2016-1012
+ RESERVED
+CVE-2016-1011
+ RESERVED
+CVE-2016-1010
+ RESERVED
+CVE-2016-1009
+ RESERVED
+CVE-2016-1008
+ RESERVED
+CVE-2016-1007
+ RESERVED
+CVE-2016-1006
+ RESERVED
+CVE-2016-1005
+ RESERVED
+CVE-2016-1004
+ RESERVED
+CVE-2016-1003
+ RESERVED
+CVE-2016-1002
+ RESERVED
+CVE-2016-1001
+ RESERVED
+CVE-2016-1000
+ RESERVED
+CVE-2016-0999
+ RESERVED
+CVE-2016-0998
+ RESERVED
+CVE-2016-0997
+ RESERVED
+CVE-2016-0996
+ RESERVED
+CVE-2016-0995
+ RESERVED
+CVE-2016-0994
+ RESERVED
+CVE-2016-0993
+ RESERVED
+CVE-2016-0992
+ RESERVED
+CVE-2016-0991
+ RESERVED
+CVE-2016-0990
+ RESERVED
+CVE-2016-0989
+ RESERVED
+CVE-2016-0988
+ RESERVED
+CVE-2016-0987
+ RESERVED
+CVE-2016-0986
+ RESERVED
+CVE-2016-0985
+ RESERVED
+CVE-2016-0984
+ RESERVED
+CVE-2016-0983
+ RESERVED
+CVE-2016-0982
+ RESERVED
+CVE-2016-0981
+ RESERVED
+CVE-2016-0980
+ RESERVED
+CVE-2016-0979
+ RESERVED
+CVE-2016-0978
+ RESERVED
+CVE-2016-0977
+ RESERVED
+CVE-2016-0976
+ RESERVED
+CVE-2016-0975
+ RESERVED
+CVE-2016-0974
+ RESERVED
+CVE-2016-0973
+ RESERVED
+CVE-2016-0972
+ RESERVED
+CVE-2016-0971
+ RESERVED
+CVE-2016-0970
+ RESERVED
+CVE-2016-0969
+ RESERVED
+CVE-2016-0968
+ RESERVED
+CVE-2016-0967
+ RESERVED
+CVE-2016-0966
+ RESERVED
+CVE-2016-0965
+ RESERVED
+CVE-2016-0964
+ RESERVED
+CVE-2016-0963
+ RESERVED
+CVE-2016-0962
+ RESERVED
+CVE-2016-0961
+ RESERVED
+CVE-2016-0960
+ RESERVED
+CVE-2016-0959
+ RESERVED
+CVE-2016-0958
+ RESERVED
+CVE-2016-0957
+ RESERVED
+CVE-2016-0956
+ RESERVED
+CVE-2016-0955
+ RESERVED
+CVE-2016-0954
+ RESERVED
+CVE-2016-0953
+ RESERVED
+CVE-2016-0952
+ RESERVED
+CVE-2016-0951
+ RESERVED
+CVE-2016-0950
+ RESERVED
+CVE-2016-0949
+ RESERVED
+CVE-2016-0948
+ RESERVED
+CVE-2016-0947
+ RESERVED
+CVE-2016-0946
+ RESERVED
+CVE-2016-0945
+ RESERVED
+CVE-2016-0944
+ RESERVED
+CVE-2016-0943
+ RESERVED
+CVE-2016-0942
+ RESERVED
+CVE-2016-0941
+ RESERVED
+CVE-2016-0940
+ RESERVED
+CVE-2016-0939
+ RESERVED
+CVE-2016-0938
+ RESERVED
+CVE-2016-0937
+ RESERVED
+CVE-2016-0936
+ RESERVED
+CVE-2016-0935
+ RESERVED
+CVE-2016-0934
+ RESERVED
+CVE-2016-0933
+ RESERVED
+CVE-2016-0932
+ RESERVED
+CVE-2016-0931
+ RESERVED
CVE-2015-XXXX [overlay: fix permission checking for setattr]
- linux <unfixed>
[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -40,16 +440,19 @@
[wheezy] - t-coffee <no-dsa> (Minor issue)
[jessie] - t-coffee <no-dsa> (Minor issue)
CVE-2015-8619 [hmp: stack based OOB write in hmp_sendkey routine]
+ RESERVED
- qemu <unfixed>
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02930.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283926
TODO: check affected versions
CVE-2015-8617 [format string vulnerability]
+ RESERVED
- php7.0 <unfixed>
NOTE: https://bugs.php.net/bug.php?id=71105
NOTE: https://github.com/php/php-src/commit/b101a6bbd4f2181c360bd38e7683df4a03cba83e (php-7.0.2RC1)
CVE-2015-8616 [Use after free in PHP Collator::sortWithSortKeys function]
+ RESERVED
- php7.0 7.0.1-1
NOTE: https://bugs.php.net/bug.php?id=71020
NOTE: http://www.openwall.com/lists/oss-security/2015/12/22/4
@@ -78,6 +481,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/12/21/7
TODO: check
CVE-2015-8618 [math/big: fix carry propagation in Int.Exp Montgomery code]
+ RESERVED
- golang <unfixed>
[jessie] - golang <not-affected> (Introduced in 1.5 release)
[wheezy] - golang <not-affected> (Introduced in 1.5 release)
@@ -85,6 +489,7 @@
NOTE: Introduced in 1.5 release. Fixed in 1.5.3 upstream.
NOTE: http://www.openwall.com/lists/oss-security/2015/12/21/6
CVE-2015-8615 [XSA-169: ioreq handling possibly susceptible to multiple read issue]
+ RESERVED
- xen <unfixed>
[jessie] - xen <not-affected> (Only affects 4.6)
[wheezy] - xen <not-affected> (Only affects 4.6)
@@ -2607,8 +3012,7 @@
TODO: check
CVE-2015-8376
RESERVED
-CVE-2015-8373
- RESERVED
+CVE-2015-8373 (The kea-dhcp4 and kea-dhcp6 servers 0.9.2 and 1.0.0-beta in ISC Kea, ...)
- isc-kea-dhcp-server <itp> (bug #759703)
CVE-2015-8372
RESERVED
@@ -3076,7 +3480,7 @@
NOTE: Introduced by: https://git.gnome.org/browse/libxml2/commit/?id=826bc320206f70fccd2941a77d363e95e8076898 (v2.9.2-rc1)
NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=8fb4a770075628d6441fb17a1e435100e2f3b1a2 (v2.9.3)
CVE-2015-8241 (The xmlNextChar function in libxml2 2.9.2 does not properly check the ...)
- {DLA-355-1}
+ {DSA-3430-1 DLA-355-1}
- libxml2 2.9.3+dfsg1-1 (bug #806384)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756263
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe
@@ -3302,7 +3706,7 @@
NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ec0d215f9420564fc8286dcf93d2d068bb53a07e (v2.6.26-rc9)
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c (v4.4-rc4)
CVE-2015-8317 (The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 ...)
- {DLA-355-1}
+ {DSA-3430-1 DLA-355-1}
- libxml2 2.9.2+zdfsg1-4
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=751631
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f26462a9d8333102e
@@ -3614,6 +4018,7 @@
CVE-2015-8032
RESERVED
CVE-2015-8035 (The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly ...)
+ {DSA-3430-1}
- libxml2 2.9.3+dfsg1-1 (bug #803942)
[squeeze] - libxml2 <not-affected> (No LZMA/XZ support in version 2.7.8)
NOTE: Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 (v2.9.3)
@@ -3927,10 +4332,10 @@
RESERVED
CVE-2015-7937 (Stack-based buffer overflow in the GoAhead Web Server on Schneider ...)
TODO: check
-CVE-2015-7936
- RESERVED
-CVE-2015-7935
- RESERVED
+CVE-2015-7936 (Cross-site request forgery (CSRF) vulnerability in Motorola Solutions ...)
+ TODO: check
+CVE-2015-7935 (Motorola Solutions MOSCAD IP Gateway allows remote attackers to read ...)
+ TODO: check
CVE-2015-7934
RESERVED
CVE-2015-7933
@@ -3941,18 +4346,18 @@
RESERVED
CVE-2015-7930
RESERVED
-CVE-2015-7929
- RESERVED
-CVE-2015-7928
- RESERVED
-CVE-2015-7927
- RESERVED
-CVE-2015-7926
- RESERVED
-CVE-2015-7925
- RESERVED
-CVE-2015-7924
- RESERVED
+CVE-2015-7929 (eWON devices with firmware through 10.1s0 support unspecified GET ...)
+ TODO: check
+CVE-2015-7928 (eWON devices with firmware before 10.1s0 do not have an off ...)
+ TODO: check
+CVE-2015-7927 (Cross-site scripting (XSS) vulnerability on eWON devices with firmware ...)
+ TODO: check
+CVE-2015-7926 (eWON devices with firmware before 10.1s0 omit RBAC for I/O server ...)
+ TODO: check
+CVE-2015-7925 (Cross-site request forgery (CSRF) vulnerability on eWON devices with ...)
+ TODO: check
+CVE-2015-7924 (eWON devices with firmware before 10.1s0 do not trigger the discarding ...)
+ TODO: check
CVE-2015-7923
RESERVED
CVE-2015-7922
@@ -3965,8 +4370,8 @@
TODO: check
CVE-2015-7918 (Multiple buffer overflows in the F1BookView ActiveX control in F1 ...)
NOT-FOR-US: F1BookView
-CVE-2015-7917
- RESERVED
+CVE-2015-7917 (Untrusted search path vulnerability in Open Automation OPC Systems.NET ...)
+ TODO: check
CVE-2015-7916
RESERVED
CVE-2015-7915
@@ -3977,8 +4382,8 @@
NOT-FOR-US: AggreGate
CVE-2015-7912 (The Ice Faces servlet in ag_server_service.exe in the AggreGate Server ...)
NOT-FOR-US: AggreGate
-CVE-2015-7911
- RESERVED
+CVE-2015-7911 (Saia Burgess PCD1.M0xx0, PCD1.M2xx0, PCD2.M5xx0, PCD3.Mxx60, ...)
+ TODO: check
CVE-2015-7910 (Exemys Telemetry Web Server relies on an HTTP Location header to ...)
NOT-FOR-US: Exemys
CVE-2015-7909
@@ -5220,19 +5625,23 @@
CVE-2015-7501
RESERVED
CVE-2015-7500 (The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows ...)
+ {DSA-3430-1}
- libxml2 2.9.3+dfsg1-1
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=f1063fdbe7fa66332bbb76874101c2a7b51b519f (v2.9.3)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756525 (upstream bug not yet open)
CVE-2015-7499 (Heap-based buffer overflow in the xmlGROW function in parser.c in ...)
+ {DSA-3430-1}
- libxml2 2.9.3+dfsg1-1
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc (v2.9.3)
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da (v2.9.3)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756479 (upstream bug not yet open)
CVE-2015-7498 (Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c ...)
+ {DSA-3430-1}
- libxml2 2.9.3+dfsg1-1
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=afd27c21f6b36e22682b7da20d726bce2dcb2f43 (v2.9.3)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756527 (upstream bug not yet open)
CVE-2015-7497 (Heap-based buffer overflow in the xmlDictComputeFastQKey function in ...)
+ {DSA-3430-1}
- libxml2 2.9.3+dfsg1-1
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9 (v2.9.3)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756528 (upstream bug not yet open)
@@ -6747,8 +7156,7 @@
CVE-2015-6852
RESERVED
NOT-FOR-US: EMC Secure Remote Services Virtual Edition
-CVE-2015-6851
- RESERVED
+CVE-2015-6851 (EMC RSA SecurID Web Agent before 8.0 allows physically proximate ...)
NOT-FOR-US: RSA SecurID
CVE-2015-6850
RESERVED
@@ -7898,8 +8306,8 @@
RESERVED
CVE-2015-6472
RESERVED
-CVE-2015-6471
- RESERVED
+CVE-2015-6471 (Eaton Cooper Power Systems ProView 4.x and 5.x before 5.1 on Form 6 ...)
+ TODO: check
CVE-2015-6470 (Resource Data Management Data Manager before 2.2 allows remote ...)
NOT-FOR-US: Resource Data Manager
CVE-2015-6469 (The interpreter in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ ...)
@@ -7978,8 +8386,8 @@
RESERVED
CVE-2015-6432
RESERVED
-CVE-2015-6431
- RESERVED
+CVE-2015-6431 (Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of ...)
+ TODO: check
CVE-2015-6430
RESERVED
CVE-2015-6429 (The IKEv1 state machine in Cisco IOS 15.4 through 15.6 and IOS XE 3.15 ...)
@@ -10981,6 +11389,7 @@
NOTE: Broken by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=c930410bebae0a45889b992a7932c663b06cbbcd (v1.1.0-rc1)
NOTE: http://security.libvirt.org/2015/0004.html
CVE-2015-5312 (The xmlStringLenDecodeEntities function in parser.c in libxml2 before ...)
+ {DSA-3430-1}
- libxml2 2.9.3+dfsg1-1
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e (v2.9.3)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756733 (upstream bug not yet open)
@@ -16648,14 +17057,14 @@
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b01fc86b9f425899f8a3a8fc1c47d73c2c20543
NOTE: http://www.openwall.com/lists/oss-security/2015/04/20/1
CVE-2015-7942 (The xmlParseConditionalSections function in parser.c in libxml2 does ...)
- {DLA-334-1}
+ {DSA-3430-1 DLA-334-1}
- libxml2 2.9.3+dfsg1-1 (bug #802827)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=744980#c8
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756456#c0
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=bd0526e66a56e75a18da8c15c4750db8f801c52d
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=41ac9049a27f52e7a1f3b341f8714149fc88d450
CVE-2015-7941 (libxml2 2.9.2 does not properly stop parsing invalid input, which ...)
- {DLA-266-1}
+ {DSA-3430-1 DLA-266-1}
- libxml2 2.9.2+really2.9.1+dfsg1-0.1 (bug #783010)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=744980
NOTE: http://www.openwall.com/lists/oss-security/2015/04/19/5
@@ -21424,7 +21833,7 @@
NOTE: https://github.com/rest-client/rest-client/issues/369
NOTE: Patch: https://github.com/rest-client/rest-client/pull/365.patch (will need new dependency to ruby-http-cookie)
CVE-2015-1819 (The xmlreader in libxml allows remote attackers to cause a denial of ...)
- {DLA-266-1}
+ {DSA-3430-1 DLA-266-1}
- libxml2 2.9.2+really2.9.1+dfsg1-0.1 (low; bug #782782)
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9
NOTE: Concerns by Florian Weimer: https://bugzilla.gnome.org/show_bug.cgi?id=748278
More information about the Secure-testing-commits
mailing list