[Secure-testing-commits] r41249 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Wed Apr 27 21:10:13 UTC 2016 

Author: sectracker
Date: 2016-04-27 21:10:13 +0000 (Wed, 27 Apr 2016)
New Revision: 41249

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-04-27 19:53:18 UTC (rev 41248)
+++ data/CVE/list	2016-04-27 21:10:13 UTC (rev 41249)
@@ -1,3 +1,7 @@
+CVE-2016-4087
+	RESERVED
+CVE-2016-4086
+	RESERVED
 CVE-2016-XXXX [cadence_uart: bounds check write offset]
 	- qemu <unfixed>
 	- qemu-kvm <removed>
@@ -256,7 +260,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/04/23/1
 CVE-2016-4039
 	RESERVED
-CVE-2016-4036 (openSUSE and SUSE Linux Enterprise Server 11 SP 1 use weak permissions ...)
+CVE-2016-4036 (The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux ...)
 	TODO: check
 CVE-2016-3955 [remote buffer overflow in usbip]
 	RESERVED
@@ -456,8 +460,7 @@
 	NOT-FOR-US: FortiOS
 CVE-2015-8841 (Heap-based buffer overflow in the Archive support module in ESET NOD32 ...)
 	NOT-FOR-US: ESET NOD32
-CVE-2016-4002 [net: buffer overflow in MIPSnet emulator]
-	RESERVED
+CVE-2016-4002 (Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in ...)
 	- qemu <unfixed> (bug #821061)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <no-dsa> (Minor issue)
@@ -510,6 +513,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/6
 CVE-2016-4070 [Integer overflow in php_raw_url_encode]
 	RESERVED
+	{DSA-3560-1}
 	- php7.0 7.0.5-1
 	- php5 5.6.20+dfsg-1
 	NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
@@ -518,6 +522,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
 CVE-2016-4071 [Format string vulnerability in php_snmp_error()]
 	RESERVED
+	{DSA-3560-1}
 	- php7.0 7.0.5-1
 	- php5 5.6.20+dfsg-1
 	NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
@@ -526,6 +531,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
 CVE-2016-4072 [Invalid memory write in phar on filename containing \0 inside name]
 	RESERVED
+	{DSA-3560-1}
 	- php7.0 7.0.5-1
 	- php5 5.6.20+dfsg-1
 	NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
@@ -535,6 +541,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
 CVE-2016-4073 [Negative size parameter in memcpy]
 	RESERVED
+	{DSA-3560-1}
 	- php7.0 7.0.5-1
 	- php5 5.6.20+dfsg-1
 	NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
@@ -659,6 +666,7 @@
 	TODO: check
 CVE-2015-8865 [Buffer over-write in finfo_open with malformed magic file]
 	RESERVED
+	{DSA-3560-1}
 	- php7.0 7.0.5-1
 	- php5 5.6.20+dfsg-1
 	- file 1:5.24-1
@@ -2572,10 +2580,10 @@
 	RESERVED
 CVE-2016-3083
 	RESERVED
-CVE-2016-3082
-	RESERVED
-CVE-2016-3081
-	RESERVED
+CVE-2016-3082 (XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before ...)
+	TODO: check
+CVE-2016-3081 (Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and ...)
+	TODO: check
 CVE-2016-3080
 	RESERVED
 	NOT-FOR-US: Red Hat Satellite / Spacewalk / spacewalk-monitoring
@@ -2600,8 +2608,7 @@
 	- eglibc <removed>
 	[wheezy] - eglibc <no-dsa> (Minor issue, can be fixed via point release)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=19879
-CVE-2016-3074 [Signedness vulnerability causing heap overflow]
-	RESERVED
+CVE-2016-3074 (Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or ...)
 	{DSA-3556-1}
 	- libgd2 2.1.1-4.1 (bug #822242)
 	- php5 <unfixed> (unimportant)
@@ -3412,6 +3419,7 @@
 	RESERVED
 CVE-2016-2814
 	RESERVED
+	{DSA-3559-1}
 	- iceweasel <removed>
 	- firefox-esr 45.1.0esr-1
 	- firefox 46.0-1
@@ -3448,12 +3456,14 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-40/
 CVE-2016-2808
 	RESERVED
+	{DSA-3559-1}
 	- iceweasel <removed>
 	- firefox-esr 45.1.0esr-1
 	- firefox 46.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-47/
 CVE-2016-2807 [Memory safety bugs fixed in Firefox ESR 45.1, Firefox ESR 38.8 and Firefox 46]
 	RESERVED
+	{DSA-3559-1}
 	- iceweasel <removed>
 	- firefox-esr 45.1.0esr-1
 	- firefox 46.0-1
@@ -3466,6 +3476,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/
 CVE-2016-2805 [Memory safety bug fixed in Firefox ESR 38.8]
 	RESERVED
+	{DSA-3559-1}
 	- iceweasel <removed>
 	- firefox-esr <not-affected> (Only affects Firefox ESR 38.x)
 	- firefox <not-affected> (Only affects Firefox ESR 38.x)
@@ -7647,8 +7658,8 @@
 	RESERVED
 CVE-2016-1602
 	RESERVED
-CVE-2016-1601
-	RESERVED
+CVE-2016-1601 (yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, ...)
+	TODO: check
 CVE-2016-1600
 	RESERVED
 CVE-2016-1599 (Cross-site scripting (XSS) vulnerability in NetIQ Self Service ...)

More information about the Secure-testing-commits mailing list