[Secure-testing-commits] r41273 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Apr 29 09:10:12 UTC 2016
Author: sectracker
Date: 2016-04-29 09:10:12 +0000 (Fri, 29 Apr 2016)
New Revision: 41273
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-04-29 08:29:34 UTC (rev 41272)
+++ data/CVE/list 2016-04-29 09:10:12 UTC (rev 41273)
@@ -1,4 +1,511 @@
+CVE-2016-4341
+ RESERVED
+CVE-2016-4339
+ RESERVED
+CVE-2016-4338
+ RESERVED
+CVE-2016-4337
+ RESERVED
+CVE-2016-4336
+ RESERVED
+CVE-2016-4335
+ RESERVED
+CVE-2016-4334
+ RESERVED
+CVE-2016-4333
+ RESERVED
+CVE-2016-4332
+ RESERVED
+CVE-2016-4331
+ RESERVED
+CVE-2016-4330
+ RESERVED
+CVE-2016-4329
+ RESERVED
+CVE-2016-4328
+ RESERVED
+CVE-2016-4327
+ RESERVED
+CVE-2016-4326
+ RESERVED
+CVE-2016-4325
+ RESERVED
+CVE-2016-4324
+ RESERVED
+CVE-2016-4323
+ RESERVED
+CVE-2016-4322
+ RESERVED
+CVE-2016-4321
+ RESERVED
+CVE-2016-4320
+ RESERVED
+CVE-2016-4319
+ RESERVED
+CVE-2016-4318
+ RESERVED
+CVE-2016-4317
+ RESERVED
+CVE-2016-4316
+ RESERVED
+CVE-2016-4315
+ RESERVED
+CVE-2016-4314
+ RESERVED
+CVE-2016-4313
+ RESERVED
+CVE-2016-4312
+ RESERVED
+CVE-2016-4311
+ RESERVED
+CVE-2016-4310
+ RESERVED
+CVE-2016-4309
+ RESERVED
+CVE-2016-4308
+ RESERVED
+CVE-2016-4307
+ RESERVED
+CVE-2016-4306
+ RESERVED
+CVE-2016-4305
+ RESERVED
+CVE-2016-4304
+ RESERVED
+CVE-2016-4303
+ RESERVED
+CVE-2016-4302
+ RESERVED
+CVE-2016-4301
+ RESERVED
+CVE-2016-4300
+ RESERVED
+CVE-2016-4299
+ RESERVED
+CVE-2016-4298
+ RESERVED
+CVE-2016-4297
+ RESERVED
+CVE-2016-4296
+ RESERVED
+CVE-2016-4295
+ RESERVED
+CVE-2016-4294
+ RESERVED
+CVE-2016-4293
+ RESERVED
+CVE-2016-4292
+ RESERVED
+CVE-2016-4291
+ RESERVED
+CVE-2016-4290
+ RESERVED
+CVE-2016-4289
+ RESERVED
+CVE-2016-4288
+ RESERVED
+CVE-2016-4287
+ RESERVED
+CVE-2016-4286
+ RESERVED
+CVE-2016-4285
+ RESERVED
+CVE-2016-4284
+ RESERVED
+CVE-2016-4283
+ RESERVED
+CVE-2016-4282
+ RESERVED
+CVE-2016-4281
+ RESERVED
+CVE-2016-4280
+ RESERVED
+CVE-2016-4279
+ RESERVED
+CVE-2016-4278
+ RESERVED
+CVE-2016-4277
+ RESERVED
+CVE-2016-4276
+ RESERVED
+CVE-2016-4275
+ RESERVED
+CVE-2016-4274
+ RESERVED
+CVE-2016-4273
+ RESERVED
+CVE-2016-4272
+ RESERVED
+CVE-2016-4271
+ RESERVED
+CVE-2016-4270
+ RESERVED
+CVE-2016-4269
+ RESERVED
+CVE-2016-4268
+ RESERVED
+CVE-2016-4267
+ RESERVED
+CVE-2016-4266
+ RESERVED
+CVE-2016-4265
+ RESERVED
+CVE-2016-4264
+ RESERVED
+CVE-2016-4263
+ RESERVED
+CVE-2016-4262
+ RESERVED
+CVE-2016-4261
+ RESERVED
+CVE-2016-4260
+ RESERVED
+CVE-2016-4259
+ RESERVED
+CVE-2016-4258
+ RESERVED
+CVE-2016-4257
+ RESERVED
+CVE-2016-4256
+ RESERVED
+CVE-2016-4255
+ RESERVED
+CVE-2016-4254
+ RESERVED
+CVE-2016-4253
+ RESERVED
+CVE-2016-4252
+ RESERVED
+CVE-2016-4251
+ RESERVED
+CVE-2016-4250
+ RESERVED
+CVE-2016-4249
+ RESERVED
+CVE-2016-4248
+ RESERVED
+CVE-2016-4247
+ RESERVED
+CVE-2016-4246
+ RESERVED
+CVE-2016-4245
+ RESERVED
+CVE-2016-4244
+ RESERVED
+CVE-2016-4243
+ RESERVED
+CVE-2016-4242
+ RESERVED
+CVE-2016-4241
+ RESERVED
+CVE-2016-4240
+ RESERVED
+CVE-2016-4239
+ RESERVED
+CVE-2016-4238
+ RESERVED
+CVE-2016-4237
+ RESERVED
+CVE-2016-4236
+ RESERVED
+CVE-2016-4235
+ RESERVED
+CVE-2016-4234
+ RESERVED
+CVE-2016-4233
+ RESERVED
+CVE-2016-4232
+ RESERVED
+CVE-2016-4231
+ RESERVED
+CVE-2016-4230
+ RESERVED
+CVE-2016-4229
+ RESERVED
+CVE-2016-4228
+ RESERVED
+CVE-2016-4227
+ RESERVED
+CVE-2016-4226
+ RESERVED
+CVE-2016-4225
+ RESERVED
+CVE-2016-4224
+ RESERVED
+CVE-2016-4223
+ RESERVED
+CVE-2016-4222
+ RESERVED
+CVE-2016-4221
+ RESERVED
+CVE-2016-4220
+ RESERVED
+CVE-2016-4219
+ RESERVED
+CVE-2016-4218
+ RESERVED
+CVE-2016-4217
+ RESERVED
+CVE-2016-4216
+ RESERVED
+CVE-2016-4215
+ RESERVED
+CVE-2016-4214
+ RESERVED
+CVE-2016-4213
+ RESERVED
+CVE-2016-4212
+ RESERVED
+CVE-2016-4211
+ RESERVED
+CVE-2016-4210
+ RESERVED
+CVE-2016-4209
+ RESERVED
+CVE-2016-4208
+ RESERVED
+CVE-2016-4207
+ RESERVED
+CVE-2016-4206
+ RESERVED
+CVE-2016-4205
+ RESERVED
+CVE-2016-4204
+ RESERVED
+CVE-2016-4203
+ RESERVED
+CVE-2016-4202
+ RESERVED
+CVE-2016-4201
+ RESERVED
+CVE-2016-4200
+ RESERVED
+CVE-2016-4199
+ RESERVED
+CVE-2016-4198
+ RESERVED
+CVE-2016-4197
+ RESERVED
+CVE-2016-4196
+ RESERVED
+CVE-2016-4195
+ RESERVED
+CVE-2016-4194
+ RESERVED
+CVE-2016-4193
+ RESERVED
+CVE-2016-4192
+ RESERVED
+CVE-2016-4191
+ RESERVED
+CVE-2016-4190
+ RESERVED
+CVE-2016-4189
+ RESERVED
+CVE-2016-4188
+ RESERVED
+CVE-2016-4187
+ RESERVED
+CVE-2016-4186
+ RESERVED
+CVE-2016-4185
+ RESERVED
+CVE-2016-4184
+ RESERVED
+CVE-2016-4183
+ RESERVED
+CVE-2016-4182
+ RESERVED
+CVE-2016-4181
+ RESERVED
+CVE-2016-4180
+ RESERVED
+CVE-2016-4179
+ RESERVED
+CVE-2016-4178
+ RESERVED
+CVE-2016-4177
+ RESERVED
+CVE-2016-4176
+ RESERVED
+CVE-2016-4175
+ RESERVED
+CVE-2016-4174
+ RESERVED
+CVE-2016-4173
+ RESERVED
+CVE-2016-4172
+ RESERVED
+CVE-2016-4171
+ RESERVED
+CVE-2016-4170
+ RESERVED
+CVE-2016-4169
+ RESERVED
+CVE-2016-4168
+ RESERVED
+CVE-2016-4167
+ RESERVED
+CVE-2016-4166
+ RESERVED
+CVE-2016-4165
+ RESERVED
+CVE-2016-4164
+ RESERVED
+CVE-2016-4163
+ RESERVED
+CVE-2016-4162
+ RESERVED
+CVE-2016-4161
+ RESERVED
+CVE-2016-4160
+ RESERVED
+CVE-2016-4159
+ RESERVED
+CVE-2016-4158
+ RESERVED
+CVE-2016-4157
+ RESERVED
+CVE-2016-4156
+ RESERVED
+CVE-2016-4155
+ RESERVED
+CVE-2016-4154
+ RESERVED
+CVE-2016-4153
+ RESERVED
+CVE-2016-4152
+ RESERVED
+CVE-2016-4151
+ RESERVED
+CVE-2016-4150
+ RESERVED
+CVE-2016-4149
+ RESERVED
+CVE-2016-4148
+ RESERVED
+CVE-2016-4147
+ RESERVED
+CVE-2016-4146
+ RESERVED
+CVE-2016-4145
+ RESERVED
+CVE-2016-4144
+ RESERVED
+CVE-2016-4143
+ RESERVED
+CVE-2016-4142
+ RESERVED
+CVE-2016-4141
+ RESERVED
+CVE-2016-4140
+ RESERVED
+CVE-2016-4139
+ RESERVED
+CVE-2016-4138
+ RESERVED
+CVE-2016-4137
+ RESERVED
+CVE-2016-4136
+ RESERVED
+CVE-2016-4135
+ RESERVED
+CVE-2016-4134
+ RESERVED
+CVE-2016-4133
+ RESERVED
+CVE-2016-4132
+ RESERVED
+CVE-2016-4131
+ RESERVED
+CVE-2016-4130
+ RESERVED
+CVE-2016-4129
+ RESERVED
+CVE-2016-4128
+ RESERVED
+CVE-2016-4127
+ RESERVED
+CVE-2016-4126
+ RESERVED
+CVE-2016-4125
+ RESERVED
+CVE-2016-4124
+ RESERVED
+CVE-2016-4123
+ RESERVED
+CVE-2016-4122
+ RESERVED
+CVE-2016-4121
+ RESERVED
+CVE-2016-4120
+ RESERVED
+CVE-2016-4119
+ RESERVED
+CVE-2016-4118
+ RESERVED
+CVE-2016-4117
+ RESERVED
+CVE-2016-4116
+ RESERVED
+CVE-2016-4115
+ RESERVED
+CVE-2016-4114
+ RESERVED
+CVE-2016-4113
+ RESERVED
+CVE-2016-4112
+ RESERVED
+CVE-2016-4111
+ RESERVED
+CVE-2016-4110
+ RESERVED
+CVE-2016-4109
+ RESERVED
+CVE-2016-4108
+ RESERVED
+CVE-2016-4107
+ RESERVED
+CVE-2016-4106
+ RESERVED
+CVE-2016-4105
+ RESERVED
+CVE-2016-4104
+ RESERVED
+CVE-2016-4103
+ RESERVED
+CVE-2016-4102
+ RESERVED
+CVE-2016-4101
+ RESERVED
+CVE-2016-4100
+ RESERVED
+CVE-2016-4099
+ RESERVED
+CVE-2016-4098
+ RESERVED
+CVE-2016-4097
+ RESERVED
+CVE-2016-4096
+ RESERVED
+CVE-2016-4095
+ RESERVED
+CVE-2016-4094
+ RESERVED
+CVE-2016-4093
+ RESERVED
+CVE-2016-4092
+ RESERVED
+CVE-2016-4091
+ RESERVED
+CVE-2016-4090
+ RESERVED
+CVE-2016-4089
+ RESERVED
+CVE-2016-4088
+ RESERVED
CVE-2016-4340
+ RESERVED
- gitlab <undetermined>
NOTE: https://about.gitlab.com/2016/04/28/gitlab-major-security-update-for-cve-2016-4340/
TODO: check
@@ -392,16 +899,14 @@
NOTE: https://github.com/broofa/node-uuid/issues/122
NOTE: https://github.com/broofa/node-uuid/commit/672f3834ed02c798aa021c618d0a5666c8da000d
NOTE: nodejs not covered by security support
-CVE-2015-8844
- RESERVED
+CVE-2015-8844 (The signal implementation in the Linux kernel before 4.3.5 on powerpc ...)
- linux 4.4.2-1
[jessie] - linux 3.16.7-ckt25-1
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1326540
NOTE: Upstream commit: https://git.kernel.org/linus/d2b9d2a5ad5ef04ff978c9923d19730cb05efd55 (v4.4-rc3)
NOTE: Introduced by: https://git.kernel.org/linus/2b0a576d15e0e14751f00f9c87e46bad27f217e7 (v3.9-rc1)
-CVE-2015-8845
- RESERVED
+CVE-2015-8845 (The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the ...)
- linux 4.4.2-1
[jessie] - linux 3.16.7-ckt25-1
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
@@ -1266,8 +1771,7 @@
NOT-FOR-US: Huawei
CVE-2016-3673
RESERVED
-CVE-2016-3672 [Unlimiting the stack not longer disables ASLR]
- RESERVED
+CVE-2016-3672 (The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux ...)
- linux 4.5.1-1
NOTE: http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html
NOTE: Upstream fix: https://git.kernel.org/linus/8b8addf891de8a00e4d39fc32f93f7c5eb8feceb (v4.6-rc1)
@@ -2469,8 +2973,7 @@
NOT-FOR-US: Drupal Block Class module
CVE-2016-3143
RESERVED
-CVE-2016-3156 [ipv4: Don't do expensive useless work during inetdev destroy]
- RESERVED
+CVE-2016-3156 (The IPv4 implementation in the Linux kernel before 4.5.2 mishandles ...)
- linux 4.5.1-1
NOTE: http://www.openwall.com/lists/oss-security/2016/03/15/3
CVE-2016-3133
@@ -2715,8 +3218,7 @@
NOTE: http://seclists.org/bugtraq/2016/Mar/61
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283378
NOTE: https://marc.info/?l=linux-usb&m=145796765030590&w=2
-CVE-2016-3139 [crash on invalid USB device descriptors (wacom driver)]
- RESERVED
+CVE-2016-3139 (The wacom_probe function in drivers/input/tablet/wacom_sys.c in the ...)
- linux <unfixed> (low)
NOTE: http://seclists.org/bugtraq/2016/Mar/60
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283375
@@ -3194,8 +3696,7 @@
NOTE: Portable OpenSSH 7.2p2 contains a fix for this vulnerability.
NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/8
NOTE: Upstream fix: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&sortby=date&f=h
-CVE-2016-3134 [netfilter IPT_SO_SET_REPLACE memory corruption]
- RESERVED
+CVE-2016-3134 (The netfilter subsystem in the Linux kernel through 4.5.2 does not ...)
- linux 4.5.1-1
NOTE: https://code.google.com/p/google-security-research/issues/detail?id=758
NOTE: https://patchwork.ozlabs.org/patch/595575/
@@ -3203,8 +3704,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/4
NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/7
NOTE: Non-privileged user namespaces disabled by default, only vulnerable with sysctl kernel.unprivileged_userns_clone=1
-CVE-2016-3135 [unsigned integer overflow on 32bit kernels]
- RESERVED
+CVE-2016-3135 (Integer overflow in the xt_alloc_table_info function in ...)
- linux 4.4.6-1
[jessie] - linux <not-affected> (Vulnerable code not present)
[wheezy] - linux <not-affected> (Vulnerable code not present)
@@ -4121,8 +4621,7 @@
NOTE: https://github.com/moment/moment/pull/2939
NOTE: https://nodesecurity.io/advisories/55
NOTE: nodejs not covered by security support
-CVE-2016-2782
- RESERVED
+CVE-2016-2782 (The treo_attach function in drivers/usb/serial/visor.c in the Linux ...)
- linux 4.4.2-1
[jessie] - linux 3.16.7-ckt25-1
[wheezy] - linux 3.2.78-1
@@ -4330,8 +4829,7 @@
RESERVED
CVE-2016-2539
RESERVED
-CVE-2016-2550 [unix: correctly track in-flight fds in sending process user_struct]
- RESERVED
+CVE-2016-2550 (The Linux kernel before 4.5 allows local users to bypass ...)
{DSA-3503-1}
- linux 4.4.4-1
- linux-2.6 <removed>
@@ -4339,44 +4837,37 @@
NOTE: Introduced by: https://git.kernel.org/linus/712f4aad406bb1ed67f3f98d04c044191f0ff593 (v4.5-rc1)
NOTE: Technically wheezy-security and squeeze-lts are not affected by this CVE since the fix for
NOTE: addressing CVE-2013-4312 was not applied.
-CVE-2016-2549 [ALSA: hrtimer: Fix stall by hrtimer_cancel()]
- RESERVED
+CVE-2016-2549 (sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent ...)
{DSA-3503-1}
- linux 4.4.2-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2ba1fe7a06d3624f9a7586d672b55f08f7c670f3 (v4.5-rc1)
-CVE-2016-2548
- RESERVED
+CVE-2016-2548 (sound/core/timer.c in the Linux kernel before 4.4.1 retains certain ...)
{DSA-3503-1}
- linux 4.4.2-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d (v4.5-rc1)
-CVE-2016-2547
- RESERVED
+CVE-2016-2547 (sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking ...)
{DSA-3503-1}
- linux 4.4.2-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d (v4.5-rc1)
-CVE-2016-2546 [ALSA: timer: Fix race among timer ioctls]
- RESERVED
+CVE-2016-2546 (sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect ...)
{DSA-3503-1}
- linux 4.4.2-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af368027a49a751d6ff4ee9e3f9961f35bb4fede (v4.5-rc1)
-CVE-2016-2545 [ALSA: timer: Fix double unlink of active_list]
- RESERVED
+CVE-2016-2545 (The snd_timer_interrupt function in sound/core/timer.c in the Linux ...)
{DSA-3503-1}
- linux 4.4.2-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee8413b01045c74340aa13ad5bdf905de32be736 (v4.5-rc1)
-CVE-2016-2544 [ALSA: seq: Fix race at timer setup and close]
- RESERVED
+CVE-2016-2544 (Race condition in the queue_delete function in ...)
{DSA-3503-1}
- linux 4.4.2-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3567eb6af614dac436c4b16a8d426f9faed639b3 (v4.5-rc1)
-CVE-2016-2543 [ALSA: seq: Fix missing NULL check at remove_events ioctl]
- RESERVED
+CVE-2016-2543 (The snd_seq_ioctl_remove_events function in ...)
{DSA-3503-1}
- linux 4.4.2-1
- linux-2.6 <removed>
@@ -4874,8 +5365,7 @@
[jessie] - linux 3.16.7-ckt20-1+deb8u4
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4c185ce06dca14f5cea192f5a2c981ef50663f2b (v4.1-rc1)
-CVE-2015-8816 [USB hub invalid memory access in hub_activate()]
- RESERVED
+CVE-2015-8816 (The hub_activate function in drivers/usb/core/hub.c in the Linux ...)
{DSA-3503-1}
- linux 4.4.2-1
- linux-2.6 <removed>
@@ -5029,16 +5519,14 @@
- kamailio 4.3.4-2 (bug #815178)
NOTE: https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643
NOTE: https://census-labs.com/news/2016/03/30/kamailio-seas-heap-overflow/
-CVE-2016-2384 [Double-free in snd-usbmidi-lib triggered by invalid USB descriptor]
- RESERVED
+CVE-2016-2384 (Double free vulnerability in the snd_usbmidi_create function in ...)
{DSA-3503-1 DLA-439-1}
- linux 4.4.2-1
- linux-2.6 <removed>
NOTE: Fixed by: https://git.kernel.org/linus/07d86ca93db7e5cdf4743564d98292042ec21af7 (v4.5-rc4)
NOTE: http://www.openwall.com/lists/oss-security/2016/02/14/2
NOTE: https://xairy.github.io/blog/2016/cve-2016-2384
-CVE-2016-2383 [Incorrect branch fixups for eBPF allow arbitrary read]
- RESERVED
+CVE-2016-2383 (The adjust_branches function in kernel/bpf/verifier.c in the Linux ...)
- linux 4.4.2-1
[jessie] - linux <not-affected> (Vulnerable code not present)
[wheezy] - linux <not-affected> (Vulnerable code not present)
@@ -5364,8 +5852,7 @@
CVE-2015-8813
RESERVED
NOT-FOR-US: Umbraco
-CVE-2015-8812 [Flaw in CXGB3 driver]
- RESERVED
+CVE-2015-8812 (drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 ...)
{DSA-3503-1 DLA-439-1}
- linux 4.4.2-1
- linux-2.6 <removed>
@@ -5637,8 +6124,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1317014
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283362
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283363
-CVE-2016-2184 [Kernel panic on invalid USB device descriptor (snd_usb_audio driver)]
- RESERVED
+CVE-2016-2184 (The create_fixed_stream_quirk function in sound/usb/quirks.c in the ...)
- linux 4.5.1-1 (low)
[jessie] - linux <no-dsa> (Minor issue)
[wheezy] - linux <no-dsa> (Minor issue)
@@ -5756,8 +6242,7 @@
[jessie] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
CVE-2016-2144
REJECTED
-CVE-2016-2143 [s390/mm: page table corruption]
- RESERVED
+CVE-2016-2143 (The fork implementation in the Linux kernel before 4.5 on s390 ...)
- linux 4.4.6-1
NOTE: Fixed by: https://git.kernel.org/linus/3446c13b268af86391d06611327006b059b8bab1 (v4.5)
NOTE: Introduced in: https://git.kernel.org/linus/6252d702c5311ce916caf75ed82e5c8245171c92 (v2.6.25-rc1)
@@ -6104,8 +6589,7 @@
{DSA-3508-1}
- jasper <unfixed> (bug #812978)
[squeeze] - jasper <no-dsa> (Minor issue)
-CVE-2016-2085 [Timing side-channel in EVM]
- RESERVED
+CVE-2016-2085 (The evm_verify_hmac function in security/integrity/evm/evm_main.c in ...)
- linux 4.4.2-1 (unimportant)
[jessie] - linux 3.16.7-ckt25-1
- linux-2.6 <removed> (unimportant)
@@ -6279,8 +6763,7 @@
RESERVED
CVE-2015-8780
RESERVED
-CVE-2016-2069 [x86 Linux TLB flush bug]
- RESERVED
+CVE-2016-2069 (Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 ...)
{DSA-3503-1 DLA-412-1}
- linux 4.3.5-1
- linux-2.6 <removed>
@@ -9111,8 +9594,8 @@
RESERVED
CVE-2016-1206
RESERVED
-CVE-2016-1205
- RESERVED
+CVE-2016-1205 (Cross-site scripting (XSS) vulnerability in the shiro8 (1) ...)
+ TODO: check
CVE-2016-1204
RESERVED
CVE-2016-1203
@@ -10417,8 +10900,7 @@
- python-imaging <removed>
[wheezy] - python-imaging 1.1.7-4+deb7u2
NOTE: https://github.com/python-pillow/Pillow/commit/bcaaf97f4ff25b3b5b9e8efeda364e17e80858ec (3.1.1)
-CVE-2016-0774 [Incomplete fix for CVE-2015-1805 for kernel versions < 3.16]
- RESERVED
+CVE-2016-0774 (The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a ...)
{DLA-439-1}
- linux 3.16.2-2
[wheezy] - linux 3.2.73-2+deb7u3
@@ -12169,8 +12651,8 @@
NOT-FOR-US: IBM
CVE-2016-0212 (Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 ...)
NOT-FOR-US: IBM
-CVE-2016-0211
- RESERVED
+CVE-2016-0211 (IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 ...)
+ TODO: check
CVE-2016-0210
RESERVED
CVE-2016-0209 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 ...)
@@ -15851,8 +16333,7 @@
CVE-2015-7516
RESERVED
NOT-FOR-US: Onos
-CVE-2015-7515 [aiptek Nullpointer Dereference]
- RESERVED
+CVE-2015-7515 (The aiptek_probe function in drivers/input/tablet/aiptek.c in the ...)
- linux 4.4.2-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1285326
NOTE: https://os-s.net/advisories/OSS-2016-05_aiptek.pdf
@@ -33904,8 +34385,7 @@
RESERVED
CVE-2015-1340
RESERVED
-CVE-2015-1339 [memory exhaustion via CUSE driver]
- RESERVED
+CVE-2015-1339 (Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in ...)
- linux 4.4.2-1
[jessie] - linux <not-affected> (Vulnerable code introduced in v4.2-rc1)
[wheezy] - linux <not-affected> (Vulnerable code introduced in v4.2-rc1)
@@ -71189,8 +71669,7 @@
CVE-2013-4313 (Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and ...)
- moodle 2.5.2-1
[squeeze] - moodle <not-affected>
-CVE-2016-2847 [pipe: limit the per-user amount of pages allocated in pipes]
- RESERVED
+CVE-2016-2847 (fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of ...)
{DSA-3503-1}
- linux 4.3.5-1
NOTE: https://git.kernel.org/linus/759c01142a5d0f364a462346168a56de28a80f52 (v4.5-rc1)
More information about the Secure-testing-commits
mailing list