[Secure-testing-commits] r40937 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Apr 14 21:10:12 UTC 2016
Author: sectracker
Date: 2016-04-14 21:10:12 +0000 (Thu, 14 Apr 2016)
New Revision: 40937
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-04-14 20:16:46 UTC (rev 40936)
+++ data/CVE/list 2016-04-14 21:10:12 UTC (rev 40937)
@@ -1,3 +1,29 @@
+CVE-2016-4013
+ RESERVED
+CVE-2016-4012
+ RESERVED
+CVE-2016-4011
+ RESERVED
+CVE-2016-4010
+ RESERVED
+CVE-2016-4009 (Integer overflow in the ImagingResampleHorizontal function in ...)
+ TODO: check
+CVE-2016-4007 (Multiple unspecified vulnerabilities in the obs-service-extract_file ...)
+ TODO: check
+CVE-2016-4006
+ RESERVED
+CVE-2015-8850
+ RESERVED
+CVE-2015-8849
+ RESERVED
+CVE-2015-8848
+ RESERVED
+CVE-2015-8847
+ RESERVED
+CVE-2015-8846
+ RESERVED
+CVE-2015-8843 (The Foxit Cloud Update Service (FoxitCloudUpdateService) in Foxit ...)
+ TODO: check
CVE-2016-4024 [integer overflow resulting in insufficient heap allocation]
- imlib2 <unfixed>
NOTE: Upstream fix: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=7eba2e4c8ac0e20838947f10f29d0efe1add8227
@@ -16,6 +42,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/04/13/6
TODO: check affected versions
CVE-2015-8851
+ RESERVED
- node-uuid <unfixed> (unimportant)
NOTE: https://github.com/broofa/node-uuid/issues/108
NOTE: https://github.com/broofa/node-uuid/issues/118
@@ -23,6 +50,7 @@
NOTE: https://github.com/broofa/node-uuid/commit/672f3834ed02c798aa021c618d0a5666c8da000d
NOTE: nodejs not covered by security support
CVE-2015-8844
+ RESERVED
- linux 4.4.2-1
[jessie] - linux 3.16.7-ckt25-1
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
@@ -30,6 +58,7 @@
NOTE: Upstream commit: https://git.kernel.org/linus/d2b9d2a5ad5ef04ff978c9923d19730cb05efd55 (v4.4-rc3)
NOTE: Introduced by: https://git.kernel.org/linus/2b0a576d15e0e14751f00f9c87e46bad27f217e7 (v3.9-rc1)
CVE-2015-8845
+ RESERVED
- linux 4.4.2-1
[jessie] - linux 3.16.7-ckt25-1
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
@@ -109,6 +138,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/4
TODO: check affected versions
CVE-2016-4008 [Infinite loops parsing malicious DER certificates]
+ RESERVED
- libtasn1-6 <unfixed>
- libtasn1-3 <removed>
NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/3
@@ -201,13 +231,11 @@
NOTE: Fixed by (for current persistent journal): https://github.com/systemd/systemd/commit/afae249efa4774c6676738ac5de6aeb4daf4889f (v229)
CVE-2016-7921
REJECTED
-CVE-2016-3982 [optipng: heap buffer overflow pngxrbmp.c bmp_rle4_fread]
- RESERVED
+CVE-2016-3982 (Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in ...)
{DSA-3546-1}
- optipng 0.7.6-1
NOTE: https://sourceforge.net/p/optipng/bugs/57/
-CVE-2016-3981 [optipng: heap buffer overflow pngxrbmp.c bmp_read_rows]
- RESERVED
+CVE-2016-3981 (Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c ...)
{DSA-3546-1}
- optipng 0.7.6-1
NOTE: https://sourceforge.net/p/optipng/bugs/56/
@@ -834,8 +862,8 @@
RESERVED
CVE-2016-3687
RESERVED
-CVE-2016-3686
- RESERVED
+CVE-2016-3686 (The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 ...)
+ TODO: check
CVE-2016-3685
RESERVED
CVE-2016-3684
@@ -1006,8 +1034,7 @@
[wheezy] - tiff <no-dsa> (Minor issue)
- tiff3 <removed> (unimportant)
NOTE: src:tiff3: built binary packages do not contain the TIFF tools
-CVE-2016-3630 [remote code execution in binary delta decoding]
- RESERVED
+CVE-2016-3630 (The binary delta decoder in Mercurial before 3.7.3 allows remote ...)
{DSA-3542-1}
- mercurial 3.7.3-1 (bug #819504)
NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
@@ -1995,8 +2022,7 @@
RESERVED
CVE-2016-3160
RESERVED
-CVE-2016-3159
- RESERVED
+CVE-2016-3159 (The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not ...)
- xen <unfixed>
[jessie] - xen <no-dsa> (Minor issue, can be fixed along in a future DSA)
NOTE: http://xenbits.xen.org/xsa/advisory-172.html
@@ -2004,8 +2030,7 @@
NOTE: versions only, but which must always be combined with the code change
NOTE: for CVE-2016-3158. Ie for the first hunk in xsa172.patch, which
NOTE: patches the function fpu_fxrstor.
-CVE-2016-3158
- RESERVED
+CVE-2016-3158 (The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly ...)
- xen <unfixed>
[jessie] - xen <no-dsa> (Minor issue, can be fixed along in a future DSA)
NOTE: http://xenbits.xen.org/xsa/advisory-172.html
@@ -2203,8 +2228,7 @@
RESERVED
CVE-2016-3070
RESERVED
-CVE-2016-3069 [arbitrary code execution when converting Git repos]
- RESERVED
+CVE-2016-3069 (Mercurial before 3.7.3 allows remote attackers to execute arbitrary ...)
{DSA-3542-1}
- mercurial 3.7.3-1 (bug #819504)
NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
@@ -2213,8 +2237,7 @@
NOTE: https://selenic.com/repo/hg-stable/rev/b732e7f2aba4 (3/5)
NOTE: https://selenic.com/repo/hg-stable/rev/80cac1de6aea (4/5)
NOTE: https://selenic.com/repo/hg-stable/rev/ae279d4a19e9 (5/5)
-CVE-2016-3068 [arbitrary code execution with Git subrepos]
- RESERVED
+CVE-2016-3068 (Mercurial before 3.7.3 allows remote attackers to execute arbitrary ...)
{DSA-3542-1}
- mercurial 3.7.3-1 (bug #819504)
NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
@@ -3172,8 +3195,8 @@
TODO: check again after the CVE id split
CVE-2016-2783
RESERVED
-CVE-2016-2780
- RESERVED
+CVE-2016-2780 (Untrusted search path vulnerability in Huawei UTPS before ...)
+ TODO: check
CVE-2016-2778
RESERVED
CVE-2016-2777
@@ -4040,8 +4063,7 @@
NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commit;h=fe3c546c5ff2a6210f9a4d8561cc64051ca8603e
NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=6c9f886ceae5b998dc2b9af2bf77666941689bce (v0.10.0)
NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/3
-CVE-2016-2515
- RESERVED
+CVE-2016-2515 (Hawk before 3.1.3 and 4.x before 4.1.1 allow remote attackers to cause ...)
NOT-FOR-US: NodeJS Hawk
CVE-2016-2511 (Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier ...)
{DSA-3490-1 DLA-428-1}
@@ -4822,8 +4844,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1303532
NOTE: Fixed by: https://git.kernel.org/linus/67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3 (v4.5-rc1)
NOTE: Introduced by: https://git.kernel.org/linus/04b5d028f50ff05a8f9ae049ee71f8fdfcf1f5de (v2.6.30-rc2)
-CVE-2016-2313 [Authentication using web authentication as a user not in the cacti database allows complete access]
- RESERVED
+CVE-2016-2313 (auth_login.php in Cacti before 0.8.8g allows remote authenticated ...)
- cacti 0.8.8g+ds1-1 (bug #814353)
[jessie] - cacti <no-dsa> (Might cause regressions for some setups, to risky, not fully right approach; disputed)
[wheezy] - cacti <no-dsa> (Might cause regressions for some setups, to risky, not fully right approach; disputed)
@@ -4885,8 +4906,7 @@
RESERVED
CVE-2015-8809
RESERVED
-CVE-2014-9766 [create_bits(): Cast the result of height * stride to size_t]
- RESERVED
+CVE-2014-9766 (Integer overflow in the create_bits function in pixman-bits-image.c in ...)
{DSA-3525-1 DLA-429-1}
- pixman 0.32.6-1
NOTE: https://lists.freedesktop.org/archives/pixman/2014-April/003244.html
@@ -5001,14 +5021,12 @@
NOTE: issue introduced in ~2008 with the SIP timer support implementation (https://issues.asterisk.org/jira/browse/ASTERISK-4257 https://issues.asterisk.org/jira/browse/ASTERISK-5187), so squeeze also vulnerable
NOTE: patch for jessie / 11: https://code.asterisk.org/code/changelog/asterisk?cs=882e85388295eac8eebd0b82e71a9af0a769b41f
NOTE: all versions vulnerable, backport required for wheezy
-CVE-2015-8807 [XSS in Horde_Core_VarRenderer_Html]
- RESERVED
+CVE-2015-8807 (Cross-site scripting (XSS) vulnerability in the _renderVarInput_number ...)
{DSA-3496-1}
- php-horde-core 2.22.4+debian0-1 (bug #813590)
NOTE: https://github.com/horde/horde/commit/11d74fa5a22fe626c5e5a010b703cd46a136f253
NOTE: http://www.openwall.com/lists/oss-security/2016/02/06/4
-CVE-2016-2228 [reflected cross-site scripting]
- RESERVED
+CVE-2016-2228 (Cross-site scripting (XSS) vulnerability in ...)
{DSA-3497-1}
- php-horde 5.2.9+debian0-1 (bug #813573)
NOTE: https://bugs.horde.org/ticket/14213
@@ -5049,8 +5067,7 @@
NOTE: http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=db69e58a0642ef7fa46d62f6c4cf2460c3a1b41b
CVE-2016-2192
RESERVED
-CVE-2016-2191 [Invalid write while processing delta escapes without any boundary checking]
- RESERVED
+CVE-2016-2191 (The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before ...)
{DSA-3546-1}
- optipng 0.7.6-1 (bug #820068)
NOTE: https://sourceforge.net/p/optipng/bugs/59/
@@ -5266,8 +5283,7 @@
RESERVED
- linux <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2016/03/16/7
-CVE-2016-2116 [memory leak in the jas_iccprof_createfrombuf function]
- RESERVED
+CVE-2016-2116 (Memory leak in the jas_iccprof_createfrombuf function in JasPer ...)
{DSA-3508-1}
- jasper <unfixed> (bug #816626)
NOTE: http://www.openwall.com/lists/oss-security/2016/03/03/12
@@ -5356,8 +5372,7 @@
RESERVED
CVE-2016-2093
RESERVED
-CVE-2015-8806 [Heap-buffer overread in libxml2/dict.c]
- RESERVED
+CVE-2015-8806 (dict.c in libxml2 allows remote attackers to cause a denial of service ...)
- libxml2 <unfixed> (bug #813613)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=749115
CVE-2015-8805 (The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not ...)
@@ -5411,8 +5426,7 @@
- libebml 1.3.3-1
NOTE: https://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html
NOTE: https://github.com/Matroska-Org/libebml/commit/ababb64e0c792ad2a314245233db0833ba12036b
-CVE-2016-2533 [Buffer overflow in Python-Pillow and PIL]
- RESERVED
+CVE-2016-2533 (Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in ...)
{DSA-3499-1 DLA-422-1}
- pillow 3.1.1-1
- python-imaging <removed>
@@ -5551,8 +5565,8 @@
- linux-2.6 <removed> (unimportant)
NOTE: EVM is not enabled
NOTE: https://git.kernel.org/linus/613317bd212c585c20796c10afe5daaa95d4b0a1 (v4.5-rc4)
-CVE-2016-2084
- RESERVED
+CVE-2016-2084 (F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM ...)
+ TODO: check
CVE-2016-2083
RESERVED
CVE-2016-2082
@@ -5633,28 +5647,23 @@
RESERVED
CVE-2016-2059
RESERVED
-CVE-2016-2058
- RESERVED
+CVE-2016-2058 (Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, ...)
{DSA-3495-1}
- xymon 4.3.25-1
NOTE: http://lists.xymon.com/pipermail/xymon/2016-February/042986.html
-CVE-2016-2057 [Incorrect permissions on IPC queues used by the xymond daemon can bypass IP access filtering]
- RESERVED
+CVE-2016-2057 (lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use ...)
{DSA-3495-1}
- xymon 4.3.25-1
NOTE: http://lists.xymon.com/pipermail/xymon/2016-February/042986.html
-CVE-2016-2056 [Shell command injection in the "useradm" and "chpasswd" web applications]
- RESERVED
+CVE-2016-2056 (xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote ...)
{DSA-3495-1}
- xymon 4.3.25-1
NOTE: http://lists.xymon.com/pipermail/xymon/2016-February/042986.html
-CVE-2016-2055 [Access to possibly confidential files in the Xymon configuration directory]
- RESERVED
+CVE-2016-2055 (xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before ...)
{DSA-3495-1}
- xymon 4.3.25-1
NOTE: http://lists.xymon.com/pipermail/xymon/2016-February/042986.html
-CVE-2016-2054 [Buffer overflow in xymond handling of "config" command]
- RESERVED
+CVE-2016-2054 (Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, ...)
{DSA-3495-1}
- xymon 4.3.25-1
NOTE: http://lists.xymon.com/pipermail/xymon/2016-February/042986.html
@@ -5744,8 +5753,7 @@
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522#0
NOTE: Commit: https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/3
-CVE-2015-8784 [potential out-of-bound write in NeXTDecode()]
- RESERVED
+CVE-2015-8784 (The NeXTDecode function in tif_next.c in LibTIFF allows remote ...)
{DSA-3467-1 DLA-405-1}
- tiff 4.0.6-1
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2508
@@ -7174,8 +7182,7 @@
RESERVED
CVE-2016-1578
RESERVED
-CVE-2016-1577 [double free vulnerability in the jas_iccattrval_destroy function]
- RESERVED
+CVE-2016-1577 (Double free vulnerability in the jas_iccattrval_destroy function in ...)
{DSA-3508-1}
- jasper <unfixed> (bug #816625)
NOTE: http://www.openwall.com/lists/oss-security/2016/03/03/12
@@ -7447,10 +7454,10 @@
RESERVED
CVE-2016-1497
RESERVED
-CVE-2016-1496
- RESERVED
-CVE-2016-1495
- RESERVED
+CVE-2016-1496 (The graphics driver in Huawei P8 smartphones with software GRA-TL00 ...)
+ TODO: check
+CVE-2016-1495 (Integer overflow in the graphics drivers in Huawei Mate S smartphones ...)
+ TODO: check
CVE-2016-1564 [cross-site scripting vulnerability]
RESERVED
{DSA-3444-1}
@@ -7736,8 +7743,8 @@
RESERVED
CVE-2016-1379
RESERVED
-CVE-2016-1378
- RESERVED
+CVE-2016-1378 (Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote ...)
+ TODO: check
CVE-2016-1377 (Cross-site scripting (XSS) vulnerability in Cisco Unity Connection ...)
TODO: check
CVE-2016-1376 (Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 devices allows ...)
@@ -7788,8 +7795,7 @@
NOT-FOR-US: Cisco
CVE-2016-1353 (The TCP implementation in Cisco Videoscape Distribution Suite for ...)
NOT-FOR-US: Cisco Videoscape Distribution Suite
-CVE-2016-1352
- RESERVED
+CVE-2016-1352 (Cisco Unified Computing System (UCS) Central Software 1.3(1b) and ...)
NOT-FOR-US: Cisco
CVE-2016-1351 (The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS ...)
NOT-FOR-US: Cisco
@@ -8713,8 +8719,8 @@
NOTE: https://github.com/GPCsolutions/dolibarr/commit/0d3181324c816bdf664ca5e1548dfe8eb05c54f8
CVE-2015-8684
RESERVED
-CVE-2015-8682
- RESERVED
+CVE-2015-8682 (The Video0 driver in Huawei P8 smartphones with software GRA-UL00 ...)
+ TODO: check
CVE-2015-8681 (The ovisp driver in Huawei P8 smartphones with software GRA-TL00 ...)
TODO: check
CVE-2015-8680 (The Graphics driver in Huawei P8 smartphones with software GRA-TL00 ...)
@@ -8829,8 +8835,8 @@
{DSA-3466-1 DLA-423-1}
- krb5 1.13.2+dfsg-5 (bug #813296)
NOTE: Fixed by: https://github.com/krb5/krb5/commit/df17a1224a3406f57477bcd372c61e04c0e5a5bb
-CVE-2015-8620
- RESERVED
+CVE-2015-8620 (Heap-based buffer overflow in the Avast virtualization driver ...)
+ TODO: check
CVE-2015-8669 (libraries/config/messages.inc.php in phpMyAdmin 4.0.x before ...)
- phpmyadmin 4:4.5.3.1-1 (unimportant)
[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
@@ -8843,15 +8849,13 @@
NOTE: no fix published yet
NOTE: Red Hat say it's only OOB read: https://bugzilla.redhat.com/show_bug.cgi?id=1294425#c1
TODO: check
-CVE-2015-8683 [out-of-bounds read in CIE Lab image format]
- RESERVED
+CVE-2015-8683 (The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 ...)
{DSA-3467-1 DLA-402-1}
- tiff 4.0.6-1 (bug #809021)
- tiff3 <removed>
NOTE: http://www.openwall.com/lists/oss-security/2015/12/25/1
NOTE: https://github.com/vadz/libtiff/commit/f94a29a822f5528d2334592760fbb7938f15eb55
-CVE-2015-8665 [Out-of-bounds Read]
- RESERVED
+CVE-2015-8665 (tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a ...)
{DSA-3467-1 DLA-402-1}
- tiff 4.0.6-1 (bug #808968)
- tiff3 <removed>
@@ -9534,8 +9538,8 @@
[squeeze] - libfile-spec-perl <not-affected> (Introduced in 3.47)
NOTE: http://perl5.git.perl.org/perl.git/commit/130509aa42a87eef258fab0182ee2c7ad16baa8b
NOTE: https://rt.perl.org/Public/Bug/Display.html?id=126862
-CVE-2015-8606
- RESERVED
+CVE-2015-8606 (Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe ...)
+ TODO: check
CVE-2015-8605 (ISC DHCP 4.x before 4.1-ESV-R12-P1 and 4.2.x and 4.3.x before 4.3.3-P1 ...)
{DSA-3442-1 DLA-385-2 DLA-385-1}
- isc-dhcp 4.3.3-7 (bug #810875)
@@ -9795,8 +9799,7 @@
CVE-2016-0788 (The remoting module in CloudBees Jenkins before 1.650 and LTS before ...)
- jenkins <removed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24
-CVE-2016-0787 [Weak Diffie-Hellman secret generation in libssh2 before 1.7.0]
- RESERVED
+CVE-2016-0787 (The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 ...)
{DSA-3487-1 DLA-426-1}
- libssh2 1.5.0-2.1 (bug #815662)
NOTE: Upstream fix: https://github.com/libssh2/libssh2/commit/ca5222ea819cc5ed797860070b4c6c1aeeb28420
@@ -9830,8 +9833,7 @@
NOTE: https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt
CVE-2016-0776
RESERVED
-CVE-2016-0775 [Buffer overflow in FliDecode.c]
- RESERVED
+CVE-2016-0775 (Buffer overflow in the ImagingFliDecode function in ...)
{DSA-3499-1 DLA-422-1}
- pillow 3.1.1-1 (bug #813909)
- python-imaging <removed>
@@ -9901,8 +9903,7 @@
RESERVED
CVE-2016-0758
RESERVED
-CVE-2016-0757 [Glance image status manipulation through locations removal]
- RESERVED
+CVE-2016-0757 (OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x ...)
- glance <unfixed>
[wheezy] - glance <no-dsa> (Minor issue)
[jessie] - glance <no-dsa> (Minor issue)
@@ -9982,16 +9983,14 @@
NOTE: https://github.com/nginx/nginx/commit/c44fd4e837f979912749a5a19490ccb9b46398d3 (release-1.9.10)
CVE-2016-0741
RESERVED
-CVE-2016-0740 [Buffer overflow in TiffDecode.c]
- RESERVED
+CVE-2016-0740 (Buffer overflow in the ImagingLibTiffDecode function in ...)
{DSA-3499-1}
- pillow 3.1.1-1 (bug #813905)
- python-imaging <not-affected> (Vulnerable code introduce in 2.0.0)
NOTE: Issue when linked against libtiff >= 4.0.0
NOTE: Fixed by: https://github.com/python-pillow/Pillow/commit/6dcbf5bd96b717c58d7b642949da8d323099928e (3.1.1)
NOTE: Introduced by: https://github.com/python-pillow/Pillow/commit/e782fe721e0156de9636e78cd881d9f9e7e6ce50 (2.0.0)
-CVE-2016-0739 [Weak Diffie-Hellman secret generation in libssh]
- RESERVED
+CVE-2016-0739 (libssh before 0.7.3 improperly truncates ephemeral secrets generated ...)
{DSA-3488-1 DLA-425-1}
- libssh 0.6.3-4.3 (bug #815663)
NOTE: Upstream fix: https://git.libssh.org/projects/libssh.git/commit/?h=v0-7&id=f8d0026c65fc8a55748ae481758e2cf376c26c86
@@ -10189,8 +10188,7 @@
NOT-FOR-US: Joomla
CVE-2015-8561 (The F1BookView ActiveX control in F1 Bookview in Schneider Electric ...)
NOT-FOR-US: F1BookView
-CVE-2015-8555 [information leak in legacy x86 FPU/XMM initialization]
- RESERVED
+CVE-2015-8555 (Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU ...)
{DSA-3519-1}
- xen <unfixed>
[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
@@ -10200,8 +10198,7 @@
- xen 4.4.0-1
[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-164.html
-CVE-2015-8553 [Incomplete patches in XSA-120]
- RESERVED
+CVE-2015-8553 (Xen allows guest OS users to obtain sensitive information from ...)
- linux <unfixed>
- linux-2.6 <removed>
[squeeze] - linux-2.6 <no-dsa> (Xen not supported in Squeeze LTS)
@@ -10211,8 +10208,7 @@
NOTE: http://xenbits.xen.org/xsa/advisory-120.html
NOTE: Patch is discussed in http://thread.gmane.org/gmane.comp.emulators.xen.devel/140440/focus=140441
NOTE: and http://thread.gmane.org/gmane.linux.kernel/1924087/focus=1924088
-CVE-2015-8552 [Linux pciback missing sanity checks leading to crash]
- RESERVED
+CVE-2015-8552 (The PCI backend driver in Xen, when running on an x86 system and using ...)
{DSA-3434-1}
[experimental] - linux 4.4~rc6-1~exp1
- linux 4.3.3-3
@@ -10224,8 +10220,7 @@
NOTE: https://git.kernel.org/linus/a396f3a210c3a61e94d6b87ec05a75d0be2a60d0
NOTE: https://git.kernel.org/linus/7cfb905b9638982862f0331b36ccaaca5d383b49
NOTE: https://git.kernel.org/linus/408fb0e5aa7fda0059db282ff58c3b2a4278baa0
-CVE-2015-8551 [Linux pciback missing sanity checks leading to crash]
- RESERVED
+CVE-2015-8551 (The PCI backend driver in Xen, when running on an x86 system and using ...)
{DSA-3434-1}
[experimental] - linux 4.4~rc6-1~exp1
- linux 4.3.3-3
@@ -12614,8 +12609,8 @@
NOT-FOR-US: Huawei
CVE-2015-8305 (Huawei Sophia-L10 smartphones with software before P7-L10C900B852 ...)
TODO: check
-CVE-2015-8304
- RESERVED
+CVE-2015-8304 (Integer overflow in Huawei P7 phones with software before P7-L07 ...)
+ TODO: check
CVE-2015-8303 (Huawei Document Security Management (DSM) with software before ...)
NOT-FOR-US: Huawei
CVE-2015-8302
@@ -13280,8 +13275,7 @@
NOTE: https://github.com/apache/commons-collections/commit/b2b8f4adc557e4ef1ee2fe5e0ab46866c06ec55b
CVE-2015-8079
RESERVED
-CVE-2015-8080 [integer overflow in getnum]
- RESERVED
+CVE-2015-8080 (Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x ...)
{DSA-3412-1}
- redis 2:3.0.5-4 (bug #804419)
[wheezy] - redis <not-affected> (Vulnerable code not present)
@@ -14508,8 +14502,7 @@
CVE-2015-7740
RESERVED
NOT-FOR-US: ARM Mali GPU driver
-CVE-2015-7545 [arbitrary code execution issues via URLs]
- RESERVED
+CVE-2015-7545 (The (1) git-remote-ext and (2) unspecified other remote helper ...)
{DSA-3435-1}
- git 1:2.6.1-1
[squeeze] - git <not-affected> (git 1.7.2 did not have git-remote-ext yet)
@@ -15010,8 +15003,7 @@
NOTE: https://git.gnome.org/browse/librsvg/commit/rsvg-shapes.c?id=40af93e6eb1c94b90c3b9a0b87e0840e126bb8df (2.40.7)
CVE-2015-7556
RESERVED
-CVE-2015-7555 [Heap-based buffer overflow in giffix utility]
- RESERVED
+CVE-2015-7555 (Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 ...)
{DLA-389-1}
- giflib 5.1.2-0.1 (bug #808704)
[jessie] - giflib 4.1.6-11+deb8u1
@@ -27539,8 +27531,7 @@
CVE-2015-3147
RESERVED
NOT-FOR-US: abrt is Red Hat / Fedora specific
-CVE-2015-3146 [null pointer dereference due to a logical error in the handling of a SSH_MSG_NEWKEYS and KEXDH_REPLY packets]
- RESERVED
+CVE-2015-3146 (The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in ...)
- libssh 0.6.3-4.2 (bug #784404)
[jessie] - libssh 0.6.3-4+deb8u1
[wheezy] - libssh 0.5.4-1+deb7u3
@@ -32736,8 +32727,7 @@
CVE-2010-XXXX [crash when parsing overly long links]
- lynx-cur 2.8.8dev.4-1
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/07/2
-CVE-2015-1547 [uninitialized memory in NeXTDecode]
- RESERVED
+CVE-2015-1547 (The NeXTDecode function in tif_next.c in LibTIFF allows remote ...)
{DSA-3273-1 DLA-221-1}
- tiff 4.0.3-12.1 (bug #777390)
- tiff3 <removed>
@@ -32878,8 +32868,7 @@
[squeeze] - cabextract <no-dsa> (Minor issue)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/03/12
NOTE: Starting with 1.4-5 cabextract uses the mspack system library
-CVE-2014-9655 [access of uninitialized memory]
- RESERVED
+CVE-2014-9655 (The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) ...)
{DSA-3273-1 DLA-221-1}
- tiff 4.0.3-12.1 (bug #777390)
- tiff3 <removed>
@@ -35156,8 +35145,7 @@
[jessie] - rabbitmq-server <no-dsa> (Minor issue)
[wheezy] - rabbitmq-server <no-dsa> (Minor issue)
[squeeze] - rabbitmq-server <not-affected> (Management web UI not available in version 1.8.1)
-CVE-2015-0861 [missing access permission checks for fields when multiple records are written]
- RESERVED
+CVE-2015-0861 (model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before ...)
{DSA-3425-1}
- tryton-server 3.8.1-1
[wheezy] - tryton-server <not-affected> (Version < 3.2)
@@ -46180,8 +46168,7 @@
NOTE: exploitation of this issue by making bash only use environment variables
NOTE: with specific names (BASH_FUNC_*()) to define functions from its
NOTE: environment.
-CVE-2014-6276
- RESERVED
+CVE-2014-6276 (schema.py in Roundup before 1.5.1 does not properly limit attributes ...)
{DSA-3502-1}
- roundup <unfixed> (bug #816780)
NOTE: http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9
More information about the Secure-testing-commits
mailing list