[Secure-testing-commits] r41118 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sun Apr 24 14:10:31 UTC 2016 

Author: carnil
Date: 2016-04-24 14:10:31 +0000 (Sun, 24 Apr 2016)
New Revision: 41118

Modified:
   data/CVE/list
Log:
Add another batch of CVEs from external check

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-04-24 13:54:17 UTC (rev 41117)
+++ data/CVE/list	2016-04-24 14:10:31 UTC (rev 41118)
@@ -5513,6 +5513,7 @@
 	RESERVED
 CVE-2016-2160
 	RESERVED
+	NOT-FOR-US: OpenShift
 CVE-2016-2159 [MSA-16-0012: External function mod_assign_save_submission does not check due dates]
 	RESERVED
 	- moodle 2.7.13+dfsg-1
@@ -5544,6 +5545,7 @@
 	RESERVED
 CVE-2016-2149
 	RESERVED
+	NOT-FOR-US: OpenShift
 CVE-2016-2148 [heap overflow in OPTION_6RD parsing]
 	RESERVED
 	- busybox <unfixed> (bug #818497)
@@ -5682,10 +5684,13 @@
 	RESERVED
 CVE-2016-2104
 	RESERVED
+	NOT-FOR-US: Red Hat Satellite
 CVE-2016-2103 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat ...)
 	NOT-FOR-US: Red Hat Satellite
 CVE-2016-2102
 	RESERVED
+	- tripleo-image-elements <undetermined>
+	TODO: check, possibly Red Hat specific
 CVE-2016-2101
 	RESERVED
 CVE-2016-2100
@@ -5721,6 +5726,7 @@
 	RESERVED
 CVE-2016-2094
 	RESERVED
+	NOT-FOR-US: JBoss EAP
 CVE-2016-2093
 	RESERVED
 CVE-2015-8806 (dict.c in libxml2 allows remote attackers to cause a denial of service ...)
@@ -6019,6 +6025,9 @@
 	- xymon 4.3.25-1
 	NOTE: http://lists.xymon.com/pipermail/xymon/2016-February/042986.html
 CVE-2016-2052 (Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used ...)
+	- harfbuzz <undetermined>
+	- chromium-browser <undetermined>
+	NOTE: https://code.google.com/p/chromium/issues/detail?id=544270
 	TODO: check
 CVE-2016-2051 (Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, ...)
 	- libv8 <unfixed> (unimportant)
@@ -6296,6 +6305,11 @@
 CVE-2016-1970 (Integer underflow in the srtp_unprotect function in the WebRTC ...)
 	- iceweasel <not-affected> (Windows-specific)
 CVE-2016-1969 (The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla ...)
+	- graphite2 <undetermined>
+	- iceweasel <removed>
+	- firefox 45.0-1
+	- firefox-esr 45.0esr-1
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-38/
 	TODO: check
 CVE-2016-1968 (Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, ...)
 	- iceweasel <unfixed>
@@ -7424,6 +7438,8 @@
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
 CVE-2016-1621 (libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 ...)
+	- libvpx <undetermined>
+	NOTE: https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d%5E!/#F1
 	TODO: check
 CVE-2016-1620 (Multiple unspecified vulnerabilities in Google Chrome before ...)
 	{DSA-3456-1}

More information about the Secure-testing-commits mailing list