[Secure-testing-commits] r40880 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Apr 11 21:10:13 UTC 2016
Author: sectracker
Date: 2016-04-11 21:10:13 +0000 (Mon, 11 Apr 2016)
New Revision: 40880
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-04-11 20:10:07 UTC (rev 40879)
+++ data/CVE/list 2016-04-11 21:10:13 UTC (rev 40880)
@@ -1,3 +1,31 @@
+CVE-2016-3996
+ RESERVED
+CVE-2016-3991
+ RESERVED
+CVE-2016-3990
+ RESERVED
+CVE-2016-3989
+ RESERVED
+CVE-2016-3988
+ RESERVED
+CVE-2016-3987 (The HTTP server in Trend Micro Password Manager allows remote web ...)
+ TODO: check
+CVE-2016-3986 (Avast allows remote attackers to cause a denial of service (memory ...)
+ TODO: check
+CVE-2016-3985 (The Terminal Services Remote Desktop Protocol (RDP) client session ...)
+ TODO: check
+CVE-2016-3984 (McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before ...)
+ TODO: check
+CVE-2016-3983 (McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow ...)
+ TODO: check
+CVE-2016-3980 (The Java Startup Framework (aka jstart) in SAP JAVA AS 7.4 allows ...)
+ TODO: check
+CVE-2016-3979 (Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.4 ...)
+ TODO: check
+CVE-2016-3978 (The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x ...)
+ TODO: check
+CVE-2015-8841 (Heap-based buffer overflow in the Archive support module in ESET NOD32 ...)
+ TODO: check
CVE-2016-XXXX [net: buffer overflow in MIPSnet emulator]
- qemu <unfixed>
- qemu-kvm <removed>
@@ -16,12 +44,14 @@
- libtasn1-3 <removed>
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/11/3
CVE-2011-5326 [divide-by-zero on 2x1 ellipse]
+ RESERVED
- imlib2 <unfixed> (bug #639414)
[jessie] - imlib2 <no-dsa> (Minor issue)
[wheezy] - imlib2 <no-dsa> (Minor issue)
NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c94d83ccab15d5ef02f88d42dce38ed3f0892882
NOTE: http://www.openwall.com/lists/oss-security/2016/04/10/5
CVE-2016-3995 [Timing Attack Counter Measure AES]
+ RESERVED
- libcrypto++ 5.6.3-5
NOTE: https://github.com/weidai11/cryptopp/issues/146
NOTE: http://www.openwall.com/lists/oss-security/2016/04/10/6
@@ -31,6 +61,7 @@
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759671
TODO: check versions, upstream but not yet public open but referenced in commit
CVE-2016-3994 [GIF loader: out-of-bounds read]
+ RESERVED
- imlib2 <unfixed> (bug #785369)
NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8
NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/6
@@ -79,17 +110,20 @@
CVE-2015-8840 (The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does ...)
NOT-FOR-US: SAP
CVE-2014-9771 [exploitable integer overflow in _imlib_SaveImage]
+ RESERVED
- imlib2 1.4.7-1 (bug #820206)
NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=143f299
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1324774
NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/3
CVE-2014-9770 [systemd / journald created world readable journal files (for volatile journals)]
+ RESERVED
- systemd 215-4
[wheezy] - systemd <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=972612
NOTE: Introduced by: https://github.com/systemd/systemd/commit/a606871da508995f5ede113a8fc6538afd98966c (v213)
NOTE: Fixed by (for volatile journals): https://github.com/systemd/systemd/commit/176f2acf8dee45fee832fd2ab07243f63783a238 (v214)
CVE-2015-8842 [systemd / journald created world readable journal files (for current persistent journal)]
+ RESERVED
- systemd 229-1
[wheezy] - systemd <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=972612
@@ -98,10 +132,12 @@
CVE-2016-7921
REJECTED
CVE-2016-3982 [optipng: heap buffer overflow pngxrbmp.c bmp_rle4_fread]
+ RESERVED
{DSA-3546-1}
- optipng 0.7.6-1
NOTE: https://sourceforge.net/p/optipng/bugs/57/
CVE-2016-3981 [optipng: heap buffer overflow pngxrbmp.c bmp_read_rows]
+ RESERVED
{DSA-3546-1}
- optipng 0.7.6-1
NOTE: https://sourceforge.net/p/optipng/bugs/56/
@@ -124,9 +160,10 @@
RESERVED
CVE-2016-3964
RESERVED
-CVE-2016-3963
+CVE-2016-3963 (Siemens SCALANCE S613 allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2016-3992 [uses predictable temporary files]
RESERVED
-CVE-2016-3992 [uses predictable temporary files]
- cronic 3-1 (bug #820331)
NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/4
CVE-2016-3962
@@ -182,6 +219,7 @@
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/11/7
TODO: recheck versions
CVE-2016-3993 [off-by-one OOB read in __imlib_MergeUpdate]
+ RESERVED
- imlib2 <unfixed> (bug #819818)
[jessie] - imlib2 <no-dsa> (Minor issue)
[wheezy] - imlib2 <no-dsa> (Minor issue)
@@ -1830,10 +1868,10 @@
TODO: check indigo and texlive-bin enbedding it
CVE-2016-3189
RESERVED
-CVE-2016-3188
- RESERVED
-CVE-2016-3187
- RESERVED
+CVE-2016-3188 (The _prepopulate_request_walk function in the Prepopulate module ...)
+ TODO: check
+CVE-2016-3187 (The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote ...)
+ TODO: check
CVE-2016-3186 [buffer overflow in gif2tiff]
RESERVED
- tiff <unfixed> (bug #819972)
@@ -2617,14 +2655,12 @@
CVE-2016-2860
RESERVED
- openafs 1.6.17-1
-CVE-2016-3154 [Objects injection via unserialize]
- RESERVED
+CVE-2016-3154 (The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP ...)
{DSA-3518-1}
- spip 3.0.22-1
NOTE: http://www.openwall.com/lists/oss-security/2016/03/15/2
NOTE: patch https://core.spip.net/projects/spip/repository/revisions/22903
-CVE-2016-3153 [PHP code injection]
- RESERVED
+CVE-2016-3153 (SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 ...)
{DSA-3518-1}
- spip 3.0.22-1
NOTE: http://www.openwall.com/lists/oss-security/2016/03/15/2
@@ -2679,8 +2715,7 @@
NOTE: https://bugs.php.net/bug.php?id=70081
NOTE: Fixed in 5.6.12, 5.5.28, 5.4.44
NOTE: CVE assignment is for "The first problem" section of Bug 70081
-CVE-2015-8833 [Heap use after free in Pidgin-OTR plugin]
- RESERVED
+CVE-2015-8833 (Use-after-free vulnerability in the create_smp_dialog function in ...)
{DSA-3528-1}
- pidgin-otr 4.0.2-1
[wheezy] - pidgin-otr <not-affected> (Vulnerable code not present)
@@ -2801,8 +2836,7 @@
CVE-2016-2840
RESERVED
- open-xchange <itp> (bug #269329)
-CVE-2016-2857 [net: out of bounds read in net_checksum_calculate]
- RESERVED
+CVE-2016-2857 (The net_checksum_calculate function in net/checksum.c in QEMU allows ...)
- qemu <unfixed> (bug #817182)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
@@ -3925,13 +3959,11 @@
RESERVED
CVE-2016-2514
RESERVED
-CVE-2016-2513 [User enumeration through timing difference on password hasher work factor upgrade]
- RESERVED
+CVE-2016-2513 (The password hasher in contrib/auth/hashers.py in Django before 1.8.10 ...)
{DSA-3544-1}
- python-django 1.9.4-1 (bug #816434)
NOTE: https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
-CVE-2016-2512 [Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth]
- RESERVED
+CVE-2016-2512 (The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x ...)
{DSA-3544-1}
- python-django 1.9.4-1 (bug #816434)
NOTE: https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
@@ -4293,8 +4325,7 @@
NOTE: Only affects custom builds with --enable-ssl (disabled for license purposes in Debian)
CVE-2016-2382
RESERVED
-CVE-2016-2381
- RESERVED
+CVE-2016-2381 (Perl might allow context-dependent attackers to bypass the taint ...)
{DSA-3501-1}
- perl 5.22.1-8
NOTE: http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076
@@ -4546,8 +4577,7 @@
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7c0b84d89911b2035161f5ef51aafbfcc84aa9e2
CVE-2016-2325
RESERVED
-CVE-2016-2324 [integer overflow due to a loop which adds more to "len"]
- RESERVED
+CVE-2016-2324 (Integer overflow in Git before 2.7.4 allows remote attackers to ...)
{DSA-3521-1}
- git 1:2.8.0~rc3-1 (bug #818318)
NOTE: Removal of path_name: https://github.com/git/git/commit/9831e92bfa833ee9c0ce464bbc2f941ae6c2698d (v2.8.0-rc0)
@@ -4563,8 +4593,7 @@
RESERVED
CVE-2016-2319
RESERVED
-CVE-2016-2315 ["int" is the wrong data type for ... nlen assignment]
- RESERVED
+CVE-2016-2315 (revision.c in git before 2.7.4 uses an incorrect integer data type, ...)
{DSA-3521-1}
- git 1:2.7.0-1 (bug #818318)
NOTE: https://github.com/git/git/commit/34fa79a6cde56d6d428ab0d3160cb094ebad3305 (v2.7.0-rc0)
@@ -6236,8 +6265,7 @@
RESERVED
CVE-2016-1886
RESERVED
-CVE-2016-1885 [SA-16:15: Fix incorrect argument validation in sysarch]
- RESERVED
+CVE-2016-1885 (Integer signedness error in the amd64_set_ldt function in ...)
[experimental] - kfreebsd-10 10.3~svn296998-1
- kfreebsd-10 <unfixed> (unimportant; bug #818426)
NOTE: kfreebsd not covered by security support in Jessie
@@ -7158,8 +7186,7 @@
[squeeze] - firebird2.5 <not-affected> (Issue introduced in 2.5.5)
NOTE: http://tracker.firebirdsql.org/browse/CORE-5068
NOTE: http://www.openwall.com/lists/oss-security/2016/01/10/2
-CVE-2016-1568 [ide: ahci use-after-free vulnerability in aio port commands]
- RESERVED
+CVE-2016-1568 (Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with ...)
{DSA-3471-1 DSA-3470-1 DSA-3469-1}
- qemu 1:2.5+dfsg-2 (bug #810527)
[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
@@ -7620,8 +7647,8 @@
RESERVED
CVE-2016-1376
RESERVED
-CVE-2016-1375
- RESERVED
+CVE-2016-1375 (Cross-site scripting (XSS) vulnerability in Cisco IP Interoperability ...)
+ TODO: check
CVE-2016-1374
RESERVED
CVE-2016-1373
@@ -8460,8 +8487,8 @@
RESERVED
CVE-2016-1181
RESERVED
-CVE-2016-1180
- RESERVED
+CVE-2016-1180 (Cross-site scripting (XSS) vulnerability in the Cyber-Will ...)
+ TODO: check
CVE-2016-1179
RESERVED
CVE-2016-1178
@@ -8943,52 +8970,52 @@
RESERVED
CVE-2016-1034
RESERVED
-CVE-2016-1033
- RESERVED
-CVE-2016-1032
- RESERVED
-CVE-2016-1031
- RESERVED
-CVE-2016-1030
- RESERVED
-CVE-2016-1029
- RESERVED
-CVE-2016-1028
- RESERVED
-CVE-2016-1027
- RESERVED
-CVE-2016-1026
- RESERVED
-CVE-2016-1025
- RESERVED
-CVE-2016-1024
- RESERVED
-CVE-2016-1023
- RESERVED
-CVE-2016-1022
- RESERVED
-CVE-2016-1021
- RESERVED
-CVE-2016-1020
- RESERVED
+CVE-2016-1033 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
+ TODO: check
+CVE-2016-1032 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
+ TODO: check
+CVE-2016-1031 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 ...)
+ TODO: check
+CVE-2016-1030 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
+ TODO: check
+CVE-2016-1029 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
+ TODO: check
+CVE-2016-1028 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
+ TODO: check
+CVE-2016-1027 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
+ TODO: check
+CVE-2016-1026 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
+ TODO: check
+CVE-2016-1025 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
+ TODO: check
+CVE-2016-1024 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
+ TODO: check
+CVE-2016-1023 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
+ TODO: check
+CVE-2016-1022 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
+ TODO: check
+CVE-2016-1021 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
+ TODO: check
+CVE-2016-1020 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
+ TODO: check
CVE-2016-1019 (Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to ...)
TODO: check
-CVE-2016-1018
- RESERVED
-CVE-2016-1017
- RESERVED
-CVE-2016-1016
- RESERVED
-CVE-2016-1015
- RESERVED
-CVE-2016-1014
- RESERVED
-CVE-2016-1013
- RESERVED
-CVE-2016-1012
- RESERVED
-CVE-2016-1011
- RESERVED
+CVE-2016-1018 (Stack-based buffer overflow in Adobe Flash Player before 18.0.0.343 ...)
+ TODO: check
+CVE-2016-1017 (Use-after-free vulnerability in the LoadVars.decode function in Adobe ...)
+ TODO: check
+CVE-2016-1016 (Use-after-free vulnerability in the Transform object implementation in ...)
+ TODO: check
+CVE-2016-1015 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
+ TODO: check
+CVE-2016-1014 (Untrusted search path vulnerability in Adobe Flash Player before ...)
+ TODO: check
+CVE-2016-1013 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 ...)
+ TODO: check
+CVE-2016-1012 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
+ TODO: check
+CVE-2016-1011 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 ...)
+ TODO: check
CVE-2016-1010 (Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x ...)
NOT-FOR-US: Adobe Flash
CVE-2016-1009 (Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC ...)
@@ -8997,8 +9024,8 @@
NOT-FOR-US: Adobe
CVE-2016-1007 (Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC ...)
NOT-FOR-US: Adobe
-CVE-2016-1006
- RESERVED
+CVE-2016-1006 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
+ TODO: check
CVE-2016-1005 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...)
NOT-FOR-US: Adobe Flash
CVE-2016-1004
@@ -13039,8 +13066,8 @@
RESERVED
CVE-2015-8109
RESERVED
-CVE-2015-8108
- RESERVED
+CVE-2015-8108 (The management interface in LenovoEMC EZ Media & Backup (hm3), ...)
+ TODO: check
CVE-2015-8107 [format string vulnerability]
RESERVED
- a2ps 1:4.14-1.2
@@ -17641,8 +17668,7 @@
RESERVED
CVE-2015-6542
RESERVED
-CVE-2015-6541
- RESERVED
+CVE-2015-6541 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail ...)
NOT-FOR-US: Zimbra
CVE-2015-6540
RESERVED
@@ -18914,8 +18940,8 @@
RESERVED
CVE-2015-5970 (The ChangePassword RPC method in Novell ZENworks Configuration ...)
TODO: check
-CVE-2015-5969
- RESERVED
+CVE-2015-5969 (The mysql-systemd-helper script in the mysql-community-server package ...)
+ TODO: check
CVE-2015-5968 (Cross-site scripting (XSS) vulnerability in Novell Filr 1.2 before Hot ...)
TODO: check
CVE-2015-5967
@@ -21332,8 +21358,7 @@
[wheezy] - pdns <not-affected> (Only affects 3.4.0-3.4.5)
[squeeze] - pdns <not-affected> (Only affects 3.4.0-3.4.5)
NOTE: https://downloads.powerdns.com/patches/2015-02/
-CVE-2015-5229 [could return memory areas which contain non-zero bytes]
- RESERVED
+CVE-2015-5229 (The calloc function in the glibc package in Red Hat Enterprise Linux ...)
- glibc <not-affected> (RHEL-specific backport)
- eglibc <not-affected> (RHEL-specific backport)
CVE-2015-5228 [arbitrary file creation and chown]
@@ -21618,8 +21643,7 @@
CVE-2015-5159
RESERVED
NOT-FOR-US: kdcproxy
-CVE-2015-5158 [scsi stack buffer overflow]
- RESERVED
+CVE-2015-5158 (Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built ...)
- qemu 1:2.4+dfsg-1a (bug #793388)
[jessie] - qemu <not-affected> (Vulnerable code not present)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
More information about the Secure-testing-commits
mailing list