[Secure-testing-commits] r40778 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Apr 5 21:10:11 UTC 2016 

Author: sectracker
Date: 2016-04-05 21:10:11 +0000 (Tue, 05 Apr 2016)
New Revision: 40778

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-04-05 19:18:19 UTC (rev 40777)
+++ data/CVE/list	2016-04-05 21:10:11 UTC (rev 40778)
@@ -710,6 +710,7 @@
 	RESERVED
 CVE-2016-3630 [remote code execution in binary delta decoding]
 	RESERVED
+	{DSA-3542-1}
 	- mercurial 3.7.3-1 (bug #819504)
 	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
 	NOTE: https://selenic.com/repo/hg-stable/rev/b6ed2505d6cf (1/2)
@@ -1863,6 +1864,7 @@
 	RESERVED
 CVE-2016-3069 [arbitrary code execution when converting Git repos]
 	RESERVED
+	{DSA-3542-1}
 	- mercurial 3.7.3-1 (bug #819504)
 	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
 	NOTE: https://selenic.com/repo/hg-stable/rev/197eed39e3d5 (1/5)
@@ -1872,6 +1874,7 @@
 	NOTE: https://selenic.com/repo/hg-stable/rev/ae279d4a19e9 (5/5)
 CVE-2016-3068 [arbitrary code execution with Git subrepos]
 	RESERVED
+	{DSA-3542-1}
 	- mercurial 3.7.3-1 (bug #819504)
 	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
 	NOTE: https://selenic.com/repo/hg-stable/rev/34d43cb85de8
@@ -5502,8 +5505,8 @@
 	RESERVED
 CVE-2016-2001
 	RESERVED
-CVE-2016-2000
-	RESERVED
+CVE-2016-2000 (HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem ...)
+	TODO: check
 CVE-2016-1999
 	RESERVED
 CVE-2016-1998 (HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 ...)
@@ -8099,6 +8102,7 @@
 	RESERVED
 CVE-2016-1235 [vulnerability in the oarsh command]
 	RESERVED
+	{DSA-3543-1}
 	- oar 2.5.7-1 (bug #819952)
 	NOTE: https://raw.githubusercontent.com/oar-team/oar/ce77ffed620fdce94881c9b35064507777c24a1c/debian/patches/004-fix-oarsh-security-issue
 CVE-2016-1234
@@ -8228,8 +8232,8 @@
 	RESERVED
 CVE-2016-1178
 	RESERVED
-CVE-2016-1177
-	RESERVED
+CVE-2016-1177 (The management screen in Falcon WisePoint 4.3.1 and earlier and ...)
+	TODO: check
 CVE-2016-1176
 	RESERVED
 CVE-2016-1175
@@ -8376,7 +8380,7 @@
 	RESERVED
 CVE-2015-8673 (Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing ...)
 	NOT-FOR-US: Huawei
-CVE-2015-8672 (The presentation transmission permission management mechanism in ...)
+CVE-2015-8672 (The presentation transmission permission management mechanism in Huawei ...)
 	NOT-FOR-US: Huawei
 CVE-2015-8671
 	RESERVED
@@ -10986,8 +10990,8 @@
 	RESERVED
 CVE-2016-0290
 	RESERVED
-CVE-2016-0289
-	RESERVED
+CVE-2016-0289 (shiprec.xml in the SHIPREC application in IBM Maximo Asset Management ...)
+	TODO: check
 CVE-2016-0288
 	RESERVED
 CVE-2016-0287
@@ -11193,16 +11197,16 @@
 	RESERVED
 CVE-2015-8524 (Cross-site scripting (XSS) vulnerability in Process Portal in IBM ...)
 	NOT-FOR-US: IBM
-CVE-2015-8523
-	RESERVED
-CVE-2015-8522
-	RESERVED
-CVE-2015-8521
-	RESERVED
-CVE-2015-8520
-	RESERVED
-CVE-2015-8519
-	RESERVED
+CVE-2015-8523 (The server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before ...)
+	TODO: check
+CVE-2015-8522 (Buffer overflow in the server in IBM Tivoli Storage Manager FastBack ...)
+	TODO: check
+CVE-2015-8521 (Buffer overflow in the server in IBM Tivoli Storage Manager FastBack ...)
+	TODO: check
+CVE-2015-8520 (Buffer overflow in the server in IBM Tivoli Storage Manager FastBack ...)
+	TODO: check
+CVE-2015-8519 (Buffer overflow in the server in IBM Tivoli Storage Manager FastBack ...)
+	TODO: check
 CVE-2015-8518
 	RESERVED
 CVE-2015-8517
@@ -19283,7 +19287,7 @@
 	NOT-FOR-US: Fortinet
 CVE-2015-5736 (The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows ...)
 	NOT-FOR-US: Fortinet
-CVE-2015-5735 (The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and ...)
+CVE-2015-5735 (The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) ...)
 	NOT-FOR-US: Fortinet
 CVE-2015-5729
 	RESERVED
@@ -24311,7 +24315,7 @@
 	RESERVED
 CVE-2015-4078
 	RESERVED
-CVE-2015-4077 (The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and ...)
+CVE-2015-4077 (The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) ...)
 	NOT-FOR-US: Fortinet
 CVE-2015-4076
 	RESERVED
@@ -24492,7 +24496,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2015/05/20/1
 CVE-2015-4023
 	RESERVED
-CVE-2015-4020 (RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before ...)
+CVE-2015-4020 (RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 ...)
 	- rubygems <not-affected> (Affects versions between 2.0 and 2.4.6 and incomplete fix not applied)
 	- libgems-ruby <not-affected> (Affects versions between 2.0 and 2.4.6 and incomplete fix not applied)
 	- ruby1.8 <not-affected> (Vulnerable code not present)
@@ -25649,7 +25653,7 @@
 CVE-2015-3627 (Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor ...)
 	- docker.io 1.6.1+dfsg1-1 (bug #784726)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10
-CVE-2015-3626 (Cross-site scripting (XSS) vulnerability in the DHCP Monitor page the ...)
+CVE-2015-3626 (Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in the ...)
 	NOT-FOR-US: Fortinet FortiOS
 CVE-2015-3625 (The NVIDIA GPU driver for FreeBSD R352 before 352.09, 346 before ...)
 	- nvidia-graphics-drivers <not-affected> (FreeBSD drivers in separate blobs/source)
@@ -55722,7 +55726,7 @@
 	NOT-FOR-US: Oracle iLearning
 CVE-2014-2470 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
 	NOT-FOR-US: Oracle Fusion Middleware
-CVE-2014-2469 (Unspecified vulnerability in Lighthttpd in Oracle Solaris 11.1 allows ...)
+CVE-2014-2469 (Unspecified vulnerability in lighttpd in Oracle Solaris 11.1 allows ...)
 	- lighttpd <not-affected> (Only affects lighttpd on Oracle Solaris)
 CVE-2014-2468 (Unspecified vulnerability in the Siebel UI Framework component in ...)
 	NOT-FOR-US: Oracle Siebel CRM
@@ -78424,7 +78428,7 @@
 CVE-2013-1428 (Stack-based buffer overflow in the receive_tcppacket function in ...)
 	{DSA-2663-1}
 	- tinc 1.0.19-3
-CVE-2013-1427 (The configuration file for the FastCGI PHP support for lighthttpd ...)
+CVE-2013-1427 (The configuration file for the FastCGI PHP support for lighttpd before ...)
 	{DSA-2649-1}
 	- lighttpd 1.4.31-4
 CVE-2013-1426 [mahara: stored XSS in tinyMCE editor]
@@ -104877,7 +104881,7 @@
 	{DSA-2470-1}
 	- wordpress 3.2.1+dfsg-1
 	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
-CVE-2011-3129 (The file upload functionality WordPress 3.1 before 3.1.3 and 3.2 ...)
+CVE-2011-3129 (The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 ...)
 	{DSA-2470-1}
 	- wordpress 3.2.1+dfsg-1
 	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce

More information about the Secure-testing-commits mailing list