[Secure-testing-commits] r41069 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Apr 22 21:10:13 UTC 2016 

Author: sectracker
Date: 2016-04-22 21:10:13 +0000 (Fri, 22 Apr 2016)
New Revision: 41069

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-04-22 16:33:23 UTC (rev 41068)
+++ data/CVE/list	2016-04-22 21:10:13 UTC (rev 41069)
@@ -1,3 +1,7 @@
+CVE-2016-4058
+	RESERVED
+CVE-2016-4057
+	RESERVED
 CVE-2016-6479
 	REJECTED
 CVE-2016-4055
@@ -69,6 +73,7 @@
 	NOTE: Fixed in 7.0.0, 5.6.12, 5.5.28, 5.5.44
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/21/8
 CVE-2016-4056
+	RESERVED
 	- typo3-src <removed>
 	[wheezy] - typo3-src <end-of-life> (See DSA 3314)
 CVE-2016-4054
@@ -436,8 +441,7 @@
 	{DSA-3546-1}
 	- optipng 0.7.6-1
 	NOTE: https://sourceforge.net/p/optipng/bugs/56/
-CVE-2016-3977 [gif2rgb: heap buffer overflow]
-	RESERVED
+CVE-2016-3977 (Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib ...)
 	- giflib <unfixed> (bug #820526)
 	[jessie] - giflib <no-dsa> (Minor issue)
 	[wheezy] - giflib <no-dsa> (minor issue)
@@ -2170,8 +2174,7 @@
 	RESERVED
 CVE-2016-3192
 	RESERVED
-CVE-2016-3190 [Out-of-bounds read in _fill_xrgb32_lerp_opaque_spans]
-	RESERVED
+CVE-2016-3190 (The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c ...)
 	- cairo 1.14.2-2
 	[jessie] - cairo 1.14.0-2.1+deb8u1
 	[wheezy] - cairo <no-dsa> (Minor issue)
@@ -2286,8 +2289,8 @@
 	RESERVED
 CVE-2016-3146
 	RESERVED
-CVE-2016-3145
-	RESERVED
+CVE-2016-3145 (Lexmark printers with firmware ATL before ATL.021.063, CB before ...)
+	TODO: check
 CVE-2016-3144 (Cross-site scripting (XSS) vulnerability in the Block Class module ...)
 	TODO: check
 CVE-2016-3143
@@ -4699,8 +4702,8 @@
 	RESERVED
 CVE-2016-2355
 	RESERVED
-CVE-2016-2354
-	RESERVED
+CVE-2016-2354 (The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver ...)
+	TODO: check
 CVE-2016-2353
 	RESERVED
 CVE-2016-2352
@@ -4934,22 +4937,22 @@
 	RESERVED
 CVE-2016-2307
 	RESERVED
-CVE-2016-2306
-	RESERVED
-CVE-2016-2305
-	RESERVED
-CVE-2016-2304
-	RESERVED
-CVE-2016-2303
-	RESERVED
-CVE-2016-2302
-	RESERVED
-CVE-2016-2301
-	RESERVED
-CVE-2016-2300
-	RESERVED
-CVE-2016-2299
-	RESERVED
+CVE-2016-2306 (The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows ...)
+	TODO: check
+CVE-2016-2305 (Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before ...)
+	TODO: check
+CVE-2016-2304 (Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly ...)
+	TODO: check
+CVE-2016-2303 (CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 ...)
+	TODO: check
+CVE-2016-2302 (Ecava IntegraXor before 5.0 build 4522 allows remote attackers to ...)
+	TODO: check
+CVE-2016-2301 (SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 ...)
+	TODO: check
+CVE-2016-2300 (Ecava IntegraXor before 5.0 build 4522 allows remote attackers to ...)
+	TODO: check
+CVE-2016-2299 (SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 ...)
+	TODO: check
 CVE-2016-2298
 	RESERVED
 CVE-2016-2297
@@ -7386,14 +7389,14 @@
 	RESERVED
 CVE-2016-1597
 	RESERVED
-CVE-2016-1596
-	RESERVED
-CVE-2016-1595
-	RESERVED
-CVE-2016-1594
-	RESERVED
-CVE-2016-1593
-	RESERVED
+CVE-2016-1596 (Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus ...)
+	TODO: check
+CVE-2016-1595 (LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in ...)
+	TODO: check
+CVE-2016-1594 (Micro Focus Novell Service Desk before 7.2 allows remote authenticated ...)
+	TODO: check
+CVE-2016-1593 (Directory traversal vulnerability in the import users feature in Micro ...)
+	TODO: check
 CVE-2016-1592
 	RESERVED
 CVE-2016-1591
@@ -33431,8 +33434,7 @@
 	[squeeze] - asterisk <not-affected> (Only affects 12.x and 13.x)
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24666
 	NOTE: http://downloads.digium.com/pub/security/AST-2015-001.html
-CVE-2013-7449 [don't properly verify SSL certificates]
-	RESERVED
+CVE-2013-7449 (The ssl_do_connect function in common/server.c in HexChat before ...)
 	- xchat <unfixed> (bug #776609)
 	[jessie] - xchat <no-dsa> (Minor issue)
 	[squeeze] - xchat <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list