[Secure-testing-commits] r41011 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Apr 19 21:10:12 UTC 2016 

Author: sectracker
Date: 2016-04-19 21:10:12 +0000 (Tue, 19 Apr 2016)
New Revision: 41011

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-04-19 20:01:27 UTC (rev 41010)
+++ data/CVE/list	2016-04-19 21:10:12 UTC (rev 41011)
@@ -1,8 +1,14 @@
+CVE-2016-4039
+	RESERVED
+CVE-2016-4036 (openSUSE and SUSE Linux Enterprise Server 11 SP 1 use weak permissions ...)
+	TODO: check
 CVE-2016-3955 [remote buffer overflow in usbip]
+	RESERVED
 	- linux <unfixed>
 	NOTE: Upstream commit: https://git.kernel.org/linus/b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb (v4.6-rc3)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/04/19/1
 CVE-2016-4038
+	RESERVED
 	NOT-FOR-US: Samsung Android driver
 CVE-2016-4035
 	RESERVED
@@ -15,6 +21,7 @@
 CVE-2016-4031
 	RESERVED
 CVE-2016-4037 [usb: Infinite loop vulnerability in usb_ehci using siTD process]
+	RESERVED
 	- qemu <unfixed>
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <no-dsa> (Minor issue)
@@ -272,10 +279,10 @@
 	NOT-FOR-US: SAP
 CVE-2016-3973 (The chat feature in the Real-Time Collaboration (RTC) services in SAP ...)
 	NOT-FOR-US: SAP
-CVE-2016-3972
-	RESERVED
-CVE-2016-3971
-	RESERVED
+CVE-2016-3972 (Directory traversal vulnerability in the dotTailLogServlet in dotCMS ...)
+	TODO: check
+CVE-2016-3971 (Cross-site scripting (XSS) vulnerability in lucene_search.jsp in ...)
+	TODO: check
 CVE-2016-3970
 	RESERVED
 CVE-2015-8840 (The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does ...)
@@ -360,8 +367,8 @@
 	NOTE: https://git.kernel.org/linus/4d06dd537f95683aba3651098ae288b7cbff8274 (v4.5)
 	NOTE: https://git.kernel.org/linus/1666984c8625b3db19a9abc298931d35ab7bc64b (v4.5)
 	NOTE: https://www.spinics.net/lists/netdev/msg367669.html
-CVE-2016-3950
-	RESERVED
+CVE-2016-3950 (Huawei AR3200 routers with software before V200R006C10SPC300 allow ...)
+	TODO: check
 CVE-2016-3949
 	RESERVED
 CVE-2016-3959
@@ -417,8 +424,8 @@
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_3.txt
 CVE-2016-3944
 	RESERVED
-CVE-2016-3943
-	RESERVED
+CVE-2016-3943 (Panda Endpoint Administration Agent before 7.50.00, as used in Panda ...)
+	TODO: check
 CVE-2016-3942
 	RESERVED
 CVE-2016-3940
@@ -923,8 +930,7 @@
 	RESERVED
 CVE-2016-3690
 	RESERVED
-CVE-2016-3941 [Heap overflow processing wav files]
-	RESERVED
+CVE-2016-3941 (Buffer overflow in the AStreamPeekStream function in input/stream.c in ...)
 	- vlc 2.2.1-1
 	NOTE: https://bugs.launchpad.net/bugs/1533633
 	NOTE: It is unclear when this was fixed exactly, marking the version in jessie as fixed for now
@@ -2316,8 +2322,8 @@
 	RESERVED
 CVE-2016-3072
 	RESERVED
-CVE-2016-3071
-	RESERVED
+CVE-2016-3071 (Libreswan 3.16 might allow remote attackers to cause a denial of ...)
+	TODO: check
 CVE-2016-3070
 	RESERVED
 CVE-2016-3069 (Mercurial before 3.7.3 allows remote attackers to execute arbitrary ...)
@@ -3704,6 +3710,7 @@
 CVE-2016-2574
 	RESERVED
 CVE-2015-8852 [HTTP Smuggling issues: Double Content Length and bad EOL]
+	RESERVED
 	- varnish 4.0.0-1 (bug #783510)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/04/16/1
 	NOTE: fixed in 3.0.7 upstream, mark as fixed with first 4.x version in unstable
@@ -4383,6 +4390,7 @@
 CVE-2016-2403
 	RESERVED
 CVE-2013-7450
+	RESERVED
 	NOT-FOR-US: Pulp (Red Hat)
 CVE-2013-7448 (Directory traversal vulnerability in wiki.c in didiwiki allows remote ...)
 	{DSA-3485-1 DLA-424-1}
@@ -13353,8 +13361,7 @@
 	- a2ps 1:4.14-1.2
 	[wheezy] - a2ps <no-dsa> (Minor issue)
 	[squeeze] - a2ps <no-dsa> (Minor issue)
-CVE-2015-8106 [format string vulnerability]
-	RESERVED
+CVE-2015-8106 (Format string vulnerability in the CmdKeywords function in funct1.c in ...)
 	- latex2rtf 2.3.10-1 (unimportant; bug #805398)
 	[wheezy] - latex2rtf <not-affected> (Vulnerable code introduced later)
 	[squeeze] - latex2rtf <not-affected> (Vulnerable code introduced later)
@@ -15226,8 +15233,8 @@
 	- linux <not-affected> (RHEL-specific backport bug)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1288934
 	NOTE: Related to an incomplete RHEL backport of https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8ac2bde2a4a05c38e2bd733bea94507cb1461e06
-CVE-2015-7552
-	RESERVED
+CVE-2015-7552 (Heap-based buffer overflow in the gdk_pixbuf_flip function in ...)
+	TODO: check
 CVE-2015-7551 (The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby ...)
 	- ruby1.9.1 <removed>
 	[wheezy] - ruby1.9.1 <no-dsa> (Minor issue)
@@ -15713,8 +15720,8 @@
 	RESERVED
 CVE-2015-7379
 	RESERVED
-CVE-2015-7378
-	RESERVED
+CVE-2015-7378 (Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the ...)
+	TODO: check
 CVE-2015-7377 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Pie Register plugin for WordPress
 CVE-2015-7376

More information about the Secure-testing-commits mailing list