[Secure-testing-commits] r41028 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Wed Apr 20 21:10:12 UTC 2016 

Author: sectracker
Date: 2016-04-20 21:10:12 +0000 (Wed, 20 Apr 2016)
New Revision: 41028

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-04-20 17:11:10 UTC (rev 41027)
+++ data/CVE/list	2016-04-20 21:10:12 UTC (rev 41028)
@@ -1,3 +1,13 @@
+CVE-2016-4044
+	RESERVED
+CVE-2016-4043
+	RESERVED
+CVE-2016-4042
+	RESERVED
+CVE-2016-4041
+	RESERVED
+CVE-2016-4040 (SQL injection vulnerability in the Workflow Screen in dotCMS before ...)
+	TODO: check
 CVE-2015-8853 [Regexp-matching "hangs" indefinitely on illegal input using binmode :utf8 using 100%CPU]
 	- perl 5.22.1-1 (bug #821848)
 	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=123562
@@ -358,8 +368,7 @@
 CVE-2016-3961 (Xen and the Linux kernel through 4.5.x do not properly suppress ...)
 	- linux <unfixed>
 	NOTE: http://xenbits.xen.org/xsa/advisory-174.html
-CVE-2016-3960 [x86 shadow pagetables: address width overflow]
-	RESERVED
+CVE-2016-3960 (Integer overflow in the x86 shadow pagetable code in Xen allows local ...)
 	- xen <unfixed>
 	NOTE: http://xenbits.xen.org/xsa/advisory-173.html
 CVE-2016-3957
@@ -946,8 +955,8 @@
 	- vlc 2.2.1-1
 	NOTE: https://bugs.launchpad.net/bugs/1533633
 	NOTE: It is unclear when this was fixed exactly, marking the version in jessie as fixed for now
-CVE-2016-3688
-	RESERVED
+CVE-2016-3688 (SQL injection vulnerability in dotCMS before 3.5 allows remote ...)
+	TODO: check
 CVE-2016-3687
 	RESERVED
 CVE-2016-3686 (The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 ...)
@@ -1130,8 +1139,8 @@
 	NOTE: https://selenic.com/repo/hg-stable/rev/b9714d958e89 (2/2)
 CVE-2016-3629
 	RESERVED
-CVE-2016-3628
-	RESERVED
+CVE-2016-3628 (Buffer overflow in tibemsd in the server in TIBCO Enterprise Message ...)
+	TODO: check
 CVE-2016-3626
 	RESERVED
 CVE-2016-3625 [Out-of-bounds Read occurred in tif_read.c:545 or tif_read.c:402 or tif_read.c:560 in tiff2bw]
@@ -2084,8 +2093,7 @@
 	TODO: check
 CVE-2016-3187 (The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote ...)
 	TODO: check
-CVE-2016-3186 [buffer overflow in gif2tiff]
-	RESERVED
+CVE-2016-3186 (Buffer overflow in the readextension function in gif2tiff.c in LibTIFF ...)
 	- tiff <unfixed> (bug #819972)
 	[jessie] - tiff <no-dsa> (Minor issue)
 	[wheezy] - tiff <no-dsa> (Minor issue)
@@ -4524,8 +4532,7 @@
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03374.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1304794
 	NOTE: http://www.openwall.com/lists/oss-security/2016/02/16/2
-CVE-2016-2390 [Segfault on Certain SSL Handshake Errors]
-	RESERVED
+CVE-2016-2390 (The FwdState::connectedToPeer method in FwdState.cc in Squid before ...)
 	- squid <removed> (unimportant)
 	- squid3 3.5.14-1 (unimportant)
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_1.txt
@@ -5037,8 +5044,7 @@
 	- pixman 0.32.6-1
 	NOTE: https://lists.freedesktop.org/archives/pixman/2014-April/003244.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=972647
-CVE-2014-9765 [Buffer overflow]
-	RESERVED
+CVE-2014-9765 (Buffer overflow in the main_get_appheader function in xdelta3-main.h ...)
 	{DSA-3484-1 DLA-417-1}
 	- xdelta3 3.0.8-dfsg-1.1 (bug #814067)
 	NOTE: https://github.com/jmacd/xdelta-devel/commit/ef93ff74203e030073b898c05e8b4860b5d09ef2
@@ -6876,20 +6882,17 @@
 	RESERVED
 CVE-2016-1712
 	RESERVED
-CVE-2015-8779 [catopen() Multiple unbounded stack allocations]
-	RESERVED
+CVE-2015-8779 (Stack-based buffer overflow in the catopen function in the GNU C ...)
 	{DSA-3481-1 DSA-3480-1 DLA-411-1}
 	- glibc 2.21-7 (bug #812455)
 	- eglibc <removed>
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17905#c0
-CVE-2015-8778 [hcreate((size_t)-1) should fail with ENOMEM]
-	RESERVED
+CVE-2015-8778 (Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 ...)
 	{DSA-3481-1 DSA-3480-1 DLA-411-1}
 	- glibc 2.21-8 (bug #812441)
 	- eglibc <removed>
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18240
-CVE-2015-8776 [Passing out of range data to strftime() causes a segfault]
-	RESERVED
+CVE-2015-8776 (The strftime function in the GNU C Library (aka glibc or libc6) before ...)
 	{DSA-3481-1 DSA-3480-1 DLA-411-1}
 	- glibc 2.21-7 (bug #812445)
 	- eglibc <removed>
@@ -8433,8 +8436,7 @@
 	{DSA-3537-1 DLA-401-1}
 	- imlib2 1.4.7-1
 	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?h=v1.4.7&id=39641e74a560982fbf93f29bf96b37d27803cb56
-CVE-2014-9761 [nan function unbounded stack allocation]
-	RESERVED
+CVE-2014-9761 (Multiple stack-based buffer overflows in the GNU C Library (aka glibc ...)
 	{DLA-411-1}
 	[experimental] - glibc 2.23-0experimental0
 	- glibc <unfixed> (bug #813187)
@@ -10106,8 +10108,8 @@
 	- nginx 1.9.10-1 (bug #812806)
 	NOTE: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html
 	NOTE: https://github.com/nginx/nginx/commit/c44fd4e837f979912749a5a19490ccb9b46398d3 (release-1.9.10)
-CVE-2016-0741
-	RESERVED
+CVE-2016-0741 (slapd/connection.c in 389 Directory Server (formerly Fedora Directory ...)
+	TODO: check
 CVE-2016-0740 (Buffer overflow in the ImagingLibTiffDecode function in ...)
 	{DSA-3499-1}
 	- pillow 3.1.1-1 (bug #813905)
@@ -15411,8 +15413,7 @@
 	- qemu-kvm <removed>
 	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06341.html
-CVE-2015-7511
-	RESERVED
+CVE-2015-7511 (Libgcrypt before 1.6.5 does not properly perform elliptic-point curve ...)
 	{DSA-3478-1 DSA-3474-1}
 	- libgcrypt20 1.6.5-2
 	- libgcrypt11 <removed>
@@ -20755,8 +20756,7 @@
 	NOT-FOR-US: GD bbPress Attachments plugin for WordPress
 CVE-2015-5480
 	RESERVED
-CVE-2015-5479
-	RESERVED
+CVE-2015-5479 (The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav ...)
 	- ffmpeg <not-affected> (Vulnerable code not present)
 	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <removed> (low)
@@ -31960,8 +31960,7 @@
 	- rhn-client-tools <unfixed> (bug #779817)
 	[jessie] - rhn-client-tools <no-dsa> (Minor issue)
 	[wheezy] - rhn-client-tools <no-dsa> (Minor issue)
-CVE-2015-1776
-	RESERVED
+CVE-2015-1776 (Apache Hadoop 2.6.x encrypts intermediate data generated by a ...)
 	- hadoop <itp> (bug #793644)
 CVE-2015-1775 (Server-side request forgery (SSRF) vulnerability in the proxy endpoint ...)
 	NOT-FOR-US: Apache Ambari

More information about the Secure-testing-commits mailing list