[Secure-testing-commits] r40901 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Apr 12 21:10:13 UTC 2016
Author: sectracker
Date: 2016-04-12 21:10:12 +0000 (Tue, 12 Apr 2016)
New Revision: 40901
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-04-12 18:09:26 UTC (rev 40900)
+++ data/CVE/list 2016-04-12 21:10:12 UTC (rev 40901)
@@ -1,3 +1,11 @@
+CVE-2016-4000
+ RESERVED
+CVE-2016-3999
+ RESERVED
+CVE-2016-3998
+ RESERVED
+CVE-2016-3997
+ RESERVED
CVE-2016-XXXX [auth bypass]
- brltty <unfixed>
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=967436
@@ -47,12 +55,14 @@
CVE-2015-8841 (Heap-based buffer overflow in the Archive support module in ESET NOD32 ...)
TODO: check
CVE-2016-4002 [net: buffer overflow in MIPSnet emulator]
+ RESERVED
- qemu <unfixed>
- qemu-kvm <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1326082
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01131.html
NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/6
CVE-2016-4001 [net: buffer overflow in stellaris_enet emulator]
+ RESERVED
- qemu <unfixed>
- qemu-kvm <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1325884
@@ -804,14 +814,14 @@
CVE-2016-3679 (Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, ...)
- libv8 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
-CVE-2016-3678
- RESERVED
+CVE-2016-3678 (Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with ...)
+ TODO: check
CVE-2016-3677
RESERVED
-CVE-2016-3676
- RESERVED
-CVE-2016-3675
- RESERVED
+CVE-2016-3676 (Huawei E3276s USB modems with software before ...)
+ TODO: check
+CVE-2016-3675 (SQL injection vulnerability in Huawei Policy Center with software ...)
+ TODO: check
CVE-2016-3673
RESERVED
CVE-2016-3672 [Unlimiting the stack not longer disables ASLR]
@@ -871,8 +881,7 @@
RESERVED
CVE-2016-3660
RESERVED
-CVE-2016-3659 [Cacti graph_view.php SQL Injection Vulnerability]
- RESERVED
+CVE-2016-3659 (SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows ...)
- cacti <unfixed> (bug #820521)
NOTE: http://bugs.cacti.net/view.php?id=2673
CVE-2016-3658 [Illegal read occurs in the TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c when using tiffset command]
@@ -2177,8 +2186,7 @@
[wheezy] - spice-gtk <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1320263
NOTE: No easy fix/tricky to address
-CVE-2016-3065
- RESERVED
+CVE-2016-3065 (The (1) brin_page_type and (2) brin_metapage_info functions in the ...)
- postgresql-9.5 9.5.2-1
- postgresql-9.4 <not-affected> (Only affects 9.5.x)
- postgresql-9.1 <not-affected> (Only affects 9.5.x)
@@ -4222,7 +4230,7 @@
CVE-2016-2403
RESERVED
CVE-2013-7448 (Directory traversal vulnerability in wiki.c in didiwiki allows remote ...)
- {DSA-3485-2 DSA-3485-1 DLA-424-1}
+ {DSA-3485-1 DLA-424-1}
- didiwiki 0.5-12 (bug #815111)
NOTE: https://github.com/OpenedHand/didiwiki/pull/1/files
NOTE: http://www.openwall.com/lists/oss-security/2016/02/19/4
@@ -4250,8 +4258,8 @@
RESERVED
CVE-2016-2394
RESERVED
-CVE-2016-2393
- RESERVED
+CVE-2016-2393 (Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before ...)
+ TODO: check
CVE-2016-2389 (Directory traversal vulnerability in the Manufacturing Integration and ...)
NOT-FOR-US: SAP
CVE-2016-2388 (The Universal Worklist Configuration in SAP NetWeaver 7.4 allows ...)
@@ -4455,8 +4463,7 @@
RESERVED
CVE-2016-2331
RESERVED
-CVE-2016-2385 [SEAS Module Heap overflow]
- RESERVED
+CVE-2016-2385 (Heap-based buffer overflow in the encode_msg function in encode_msg.c ...)
{DSA-3535-1}
- kamailio 4.3.4-2 (bug #815178)
NOTE: https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643
@@ -5000,8 +5007,7 @@
- botan1.10 1.10.12-1
NOTE: Introduced in 1.7.15, fixed in 1.11.27 and 1.10.11
NOTE: http://botan.randombit.net/security.html
-CVE-2016-2193
- RESERVED
+CVE-2016-2193 (PostgreSQL before 9.5.x before 9.5.2 does not properly maintain ...)
- postgresql-9.5 9.5.2-1
- postgresql-9.4 <not-affected> (Only affects 9.5.x)
- postgresql-9.1 <not-affected> (Only affects 9.5.x)
@@ -5081,8 +5087,8 @@
RESERVED
CVE-2016-2172
RESERVED
-CVE-2016-2171
- RESERVED
+CVE-2016-2171 (The User Manager service in Apache Jetspeed before 2.3.1 does not ...)
+ TODO: check
CVE-2016-2170
RESERVED
NOT-FOR-US: Apache OFBiz
@@ -5100,11 +5106,9 @@
NOTE: Affects Qpid Proton python API starting at 0.9 up to and including 0.12.0
CVE-2016-2165
RESERVED
-CVE-2016-2164
- RESERVED
+CVE-2016-2164 (The (1) FileService.importFileByInternalUserId and (2) ...)
NOT-FOR-US: Apache OpenMeetings
-CVE-2016-2163
- RESERVED
+CVE-2016-2163 (Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before ...)
NOT-FOR-US: Apache OpenMeetings
CVE-2016-2162
RESERVED
@@ -7929,8 +7933,7 @@
[jessie] - python-rsa 3.1.4-1+deb8u1
NOTE: proposed fix: https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by/diff
NOTE: https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/
-CVE-2015-8604 [SQL Injection in graphs_new.php]
- RESERVED
+CVE-2015-8604 (SQL injection vulnerability in the host_new_graphs function in ...)
{DSA-3494-1 DLA-386-1}
- cacti 0.8.8f+ds1-4
NOTE: http://bugs.cacti.net/view.php?id=2652
@@ -8264,8 +8267,7 @@
[squeeze] - gosa 2.6.11-3+squeeze4
NOTE: Fixed in 2.7.4+reloaded1-3 with follow-up fix in 2.7.4+reloaded1-5
NOTE: https://github.com/gosa-project/gosa-core/commit/e35b990464a2c2cf64d6833a217ed944876e7732
-CVE-2014-9759 [MantisBT SOAP API can be used to disclose confidential settings]
- RESERVED
+CVE-2014-9759 (Incomplete blacklist vulnerability in the config_is_private function ...)
- mantis <not-affected> (Affects >= 1.3.0-beta.1)
NOTE: http://github.com/mantisbt/mantisbt/commit/7927c275
NOTE: https://sourceforge.net/p/mantisbt/mailman/message/32948048/
@@ -8399,8 +8401,7 @@
RESERVED
CVE-2016-1236
RESERVED
-CVE-2016-1235 [vulnerability in the oarsh command]
- RESERVED
+CVE-2016-1235 (The oarsh script in OAR before 2.5.7 allows remote authenticated users ...)
{DSA-3543-1}
- oar 2.5.7-1 (bug #819952)
NOTE: https://raw.githubusercontent.com/oar-team/oar/ce77ffed620fdce94881c9b35064507777c24a1c/debian/patches/004-fix-oarsh-security-issue
@@ -9295,15 +9296,13 @@
[wheezy] - stalin <no-dsa> (Minor issue)
[squeeze] - stalin <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/12/27/1
-CVE-2015-8708 [for incomplete fix for CVE-2015-8614]
- RESERVED
+CVE-2015-8708 (Stack-based buffer overflow in the conv_euctojis function in ...)
- claws-mail 3.13.1-1.1 (bug #811048)
[jessie] - claws-mail <not-affected> (Incomplete fix for CVE-2015-8614 not applied)
[wheezy] - claws-mail <not-affected> (Incomplete fix for CVE-2015-8614 not applied)
[squeeze] - claws-mail <not-affected> (Incomplete fix for CVE-2015-8614 not applied; instead all fixed included in DLA-383-1)
- macopix <not-affected> (Incomplete fix not applied)
-CVE-2015-8614 [no bounds checking on the output buffer in conv_jistoeuc, conv_euctojis, conv_sjistoeuc]
- RESERVED
+CVE-2015-8614 (Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) ...)
{DSA-3452-1 DLA-383-1}
- claws-mail 3.13.1-1
- macopix 1.7.4-6
@@ -9753,11 +9752,9 @@
RESERVED
CVE-2016-0785
RESERVED
-CVE-2016-0784
- RESERVED
+CVE-2016-0784 (Directory traversal vulnerability in the Import/Export System Backups ...)
NOT-FOR-US: Apache OpenMeetings
-CVE-2016-0783
- RESERVED
+CVE-2016-0783 (The sendHashByUser function in Apache OpenMeetings before 3.1.1 ...)
NOT-FOR-US: Apache OpenMeetings
CVE-2016-0782 [Cross-Site Scripting]
RESERVED
@@ -9955,8 +9952,7 @@
TODO: check, not exaclty clear if it really only was introduced in 2.2.1
CVE-2016-0736
RESERVED
-CVE-2016-0735
- RESERVED
+CVE-2016-0735 (Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to ...)
NOT-FOR-US: Apache Ranger
CVE-2016-0734 (The web-based administration console in Apache ActiveMQ 5.x before ...)
- activemq <not-affected> (Admin console not enabled in the Debian package, see #702670)
@@ -10033,15 +10029,13 @@
NOTE: Fixed in 6.0.45, 7.0.68, 8.0.32, 9.0.0.M3
CVE-2016-0713
RESERVED
-CVE-2016-0712
- RESERVED
-CVE-2016-0711
- RESERVED
-CVE-2016-0710
- RESERVED
+CVE-2016-0712 (Cross-site scripting (XSS) vulnerability in Apache Jetspeed before ...)
+ TODO: check
+CVE-2016-0711 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Jetspeed ...)
+ TODO: check
+CVE-2016-0710 (Multiple SQL injection vulnerabilities in the User Manager service in ...)
NOT-FOR-US: Apache Jetspeed
-CVE-2016-0709
- RESERVED
+CVE-2016-0709 (Directory traversal vulnerability in the Import/Export function in the ...)
NOT-FOR-US: Apache Jetspeed
CVE-2016-0708
RESERVED
@@ -12194,11 +12188,9 @@
NOT-FOR-US: Adobe Flash
CVE-2015-8401 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
NOT-FOR-US: Adobe Flash
-CVE-2015-8399
- RESERVED
+CVE-2015-8399 (Atlassian Confluence before 5.8.17 allows remote authenticated users ...)
NOT-FOR-US: Atlassian Confluence
-CVE-2015-8398
- RESERVED
+CVE-2015-8398 (Cross-site scripting (XSS) vulnerability in Atlassian Confluence ...)
NOT-FOR-US: Atlassian Confluence
CVE-2015-8397 (The JPEGLSCodec::DecodeExtent function in ...)
- gdcm 2.6.2-1
@@ -12223,20 +12215,17 @@
- linux-2.6 3.2.19-1
NOTE: https://git.kernel.org/linus/a70b52ec1aaeaf60f4739edb1b422827cb6f3893 (v3.5-rc1)
NOTE: https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=07343eab681bf8c22a2b31d978569a5f65253171 (v3.2.19)
-CVE-2012-6700
- RESERVED
+CVE-2012-6700 (The decode_search function in dhcp.c in dhcpcd 3.x does not properly ...)
{DSA-3534-1 DLA-362-1}
- dhcpcd <removed>
NOTE: https://launchpadlibrarian.net/228152582/dhcp.c.patch
NOTE: original ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226
-CVE-2012-6699
- RESERVED
+CVE-2012-6699 (The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP ...)
{DSA-3534-1}
- dhcpcd <removed>
NOTE: https://launchpadlibrarian.net/228152582/dhcp.c.patch
NOTE: original ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226
-CVE-2012-6698
- RESERVED
+CVE-2012-6698 (The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP ...)
{DSA-3534-1 DLA-362-1}
- dhcpcd <removed>
NOTE: https://launchpadlibrarian.net/228152582/dhcp.c.patch
@@ -12740,8 +12729,8 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/11/20/2
CVE-2015-8243
RESERVED
-CVE-2015-8240
- RESERVED
+CVE-2015-8240 (The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, ...)
+ TODO: check
CVE-2015-8238
RESERVED
CVE-2015-8237
@@ -15079,8 +15068,7 @@
RESERVED
- sosreport 3.2+git276-g7da50d6-3
[jessie] - sosreport <no-dsa> (Minor issue; mitigated by fs.protected_symlinks)
-CVE-2015-7528
- RESERVED
+CVE-2015-7528 (Kubernetes before 1.2.0-alpha.5 allows remote attackers to read ...)
NOT-FOR-US: OpenShift
CVE-2015-7527 (lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows ...)
NOT-FOR-US: WordPress plugin cool-video-gallery
@@ -15199,8 +15187,8 @@
RESERVED
NOT-FOR-US: php-zend-crypt
NOTE: http://framework.zend.com/security/advisory/ZF2015-10
-CVE-2015-7502
- RESERVED
+CVE-2015-7502 (Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms ...)
+ TODO: check
CVE-2015-7501
RESERVED
CVE-2015-7500 (The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows ...)
@@ -15581,8 +15569,8 @@
RESERVED
CVE-2015-7331
RESERVED
-CVE-2015-7330
- RESERVED
+CVE-2015-7330 (Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to ...)
+ TODO: check
CVE-2015-7329
RESERVED
CVE-2015-7328 (Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and ...)
@@ -20864,8 +20852,8 @@
NOTE: http://svn.apache.org/viewvc?view=revision&revision=1720663
CVE-2015-5350
RESERVED
-CVE-2015-5349
- RESERVED
+CVE-2015-5349 (The CSV export in Apache LDAP Studio and Apache Directory Studio ...)
+ TODO: check
CVE-2015-5348
RESERVED
NOT-FOR-US: Apache Camel
@@ -20952,8 +20940,8 @@
NOTE: https://git.samba.org/?p=samba.git;a=commit;h=83f1d39cd9ab9b8b548602f9ee806a994fca9d0c (v4-1-stable)
NOTE: https://www.samba.org/samba/security/CVE-2015-5330.html
NOTE: Samba update needs as well fixed ldb
-CVE-2015-5329
- RESERVED
+CVE-2015-5329 (The TripleO Heat templates (tripleo-heat-templates), as used in Red ...)
+ TODO: check
CVE-2015-5328
RESERVED
CVE-2015-5327 [User triggerable out-of-bounds read]
@@ -21021,8 +21009,7 @@
NOTE: http://w1.fi/security/2015-7/
NOTE: https://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt
NOTE: https://w1.fi/security/2015-7/0001-EAP-pwd-server-Fix-last-fragment-length-validation.patch
-CVE-2015-5313 [ACL bypass using ../ to access beyond storage pool]
- RESERVED
+CVE-2015-5313 (Directory traversal vulnerability in the ...)
- libvirt 1.3.0-1 (bug #808273)
[jessie] - libvirt 1.2.9-9+deb8u2
[jessie] - libvirt <no-dsa> (Minor issue)
@@ -21076,8 +21063,8 @@
- kubernetes <itp> (bug #795652)
CVE-2015-5304 (Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does ...)
NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
-CVE-2015-5303
- RESERVED
+CVE-2015-5303 (The TripleO Heat templates (tripleo-heat-templates), when deployed via ...)
+ TODO: check
CVE-2015-5302 (libreport 2.0.7 before 2.6.3 only saves changes to the first file when ...)
NOT-FOR-US: abrt/libreport
CVE-2015-5301 (providers/saml2/admin.py in the Identity Provider (IdP) server in ...)
@@ -21381,8 +21368,7 @@
- icedtea-web 1.6.1-1 (bug #798467)
[jessie] - icedtea-web <no-dsa> (Minor issue)
[wheezy] - icedtea-web <no-dsa> (Minor issue)
-CVE-2015-5233
- RESERVED
+CVE-2015-5233 (Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply ...)
- foreman <itp> (bug #663101)
CVE-2015-5232
RESERVED
@@ -26745,8 +26731,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/10/22/5
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 (v2.9.3)
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=9b8512337d14c8ddf662fcb98b0135f225a1c489 (v2.9.3)
-CVE-2015-8710 [out-of-bounds memory access when parsing an unclosed HTML comment]
- RESERVED
+CVE-2015-8710 (The htmlParseComment function in HTMLparser.c in libxml2 allows ...)
{DSA-3430-1 DLA-266-1}
- libxml2 2.9.2+really2.9.1+dfsg1-0.1 (bug #782985)
NOTE: Added workaround item to reflect entry fixed status, remove once CVE assigned
@@ -38616,11 +38601,9 @@
NOTE: http://xenbits.xen.org/xsa/advisory-117.html
CVE-2015-0267 (The Red Hat module-setup.sh script for kexec-tools, as distributed in ...)
- kexec-tools <not-affected> (Vulnerable script not present in the Debian package)
-CVE-2015-0266
- RESERVED
+CVE-2015-0266 (The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote ...)
NOT-FOR-US: Apache Ranger
-CVE-2015-0265
- RESERVED
+CVE-2015-0265 (Cross-site scripting (XSS) vulnerability in the Policy Admin Tool in ...)
NOT-FOR-US: Apache Ranger
CVE-2015-0264 (Multiple XML external entity (XXE) vulnerabilities in ...)
NOT-FOR-US: Apache Camel
More information about the Secure-testing-commits
mailing list