[Secure-testing-commits] r41114 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sun Apr 24 13:49:35 UTC 2016 

Author: carnil
Date: 2016-04-24 13:49:35 +0000 (Sun, 24 Apr 2016)
New Revision: 41114

Modified:
   data/CVE/list
Log:
First batch of CVEs from external check added/updated

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-04-24 13:00:39 UTC (rev 41113)
+++ data/CVE/list	2016-04-24 13:49:35 UTC (rev 41114)
@@ -60,6 +60,8 @@
 	REJECTED
 CVE-2016-4055
 	RESERVED
+	- node-moment <unfixed> (unimportant)
+	NOTE: nodejs not covered by security support
 CVE-2016-4050
 	RESERVED
 CVE-2016-4049
@@ -302,7 +304,9 @@
 CVE-2016-4004 (Directory traversal vulnerability in Dell OpenManage Server ...)
 	NOT-FOR-US: Dell
 CVE-2016-4003 (Cross-site scripting (XSS) vulnerability in the URLDecoder function in ...)
-	TODO: check
+	- libstruts1.2-java <undetermined>
+	NOTE: http://struts.apache.org/docs/s2-028.html
+	TODO: check, possibly only 2.x
 CVE-2016-4020 [i386: leakage of stack memory to guest in kvmvapic.c]
 	RESERVED
 	- qemu <unfixed> (bug #821062)
@@ -1127,6 +1131,7 @@
 	TODO: check
 CVE-2016-3696
 	RESERVED
+	NOT-FOR-US: Pulp (Red Hat)
 CVE-2016-3695
 	RESERVED
 CVE-2016-3694
@@ -2378,7 +2383,7 @@
 CVE-2016-3145 (Lexmark printers with firmware ATL before ATL.021.063, CB before ...)
 	NOT-FOR-US: Lexmark printers
 CVE-2016-3144 (Cross-site scripting (XSS) vulnerability in the Block Class module ...)
-	TODO: check
+	NOT-FOR-US: Drupal Block Class module
 CVE-2016-3143
 	RESERVED
 CVE-2016-3156 [ipv4: Don't do expensive useless work during inetdev destroy]
@@ -2455,16 +2460,21 @@
 	RESERVED
 CVE-2016-3102
 	RESERVED
+	- jenkins <removed>
 CVE-2016-3101
 	RESERVED
+	- jenkins <removed>
 CVE-2016-3100
 	RESERVED
-CVE-2016-3099
+CVE-2016-3099 [Invalid handling of +CIPHER operator]
 	RESERVED
+	- libapache2-mod-nss <undetermined>
+	TODO: check
 CVE-2016-3098
 	RESERVED
 CVE-2016-3097
 	RESERVED
+	NOT-FOR-US: spacewalk-java
 CVE-2016-3096 [Code execution vulnerability in ansible lxc_container]
 	RESERVED
 	- ansible 2.0.1.0-2 (bug #819676)
@@ -2504,12 +2514,14 @@
 	RESERVED
 CVE-2016-3080
 	RESERVED
+	NOT-FOR-US: Red Hat Satellite / Spacewalk / spacewalk-monitoring
 CVE-2016-3079 (Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in ...)
 	NOT-FOR-US: Red Hat Satellite / Spacewalk
 CVE-2016-3078
 	RESERVED
 CVE-2016-3077
 	RESERVED
+	NOT-FOR-US: ovirt-engine
 CVE-2016-3076 [j2k integer overflow error on encode]
 	RESERVED
 	- pillow <unfixed> (unimportant)
@@ -4216,7 +4228,7 @@
 CVE-2016-2542 (Untrusted search path vulnerability in Flexera InstallShield through ...)
 	NOT-FOR-US: Flexera InstallShield
 CVE-2016-2537 (The is-my-json-valid package before 2.12.4 for Node.js has an ...)
-	TODO: check
+	NOT-FOR-US: is-my-json-valid package for Node.js
 CVE-2016-2536 (Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise ...)
 	NOT-FOR-US: SAP
 CVE-2016-2535
@@ -4622,6 +4634,7 @@
 	NOTE: https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced
 CVE-2016-2402
 	RESERVED
+	NOT-FOR-US: OkHttp
 CVE-2016-2401
 	RESERVED
 CVE-2016-2400

More information about the Secure-testing-commits mailing list