[Secure-testing-commits] r41301 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Apr 29 21:10:15 UTC 2016 

Author: sectracker
Date: 2016-04-29 21:10:15 +0000 (Fri, 29 Apr 2016)
New Revision: 41301

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-04-29 16:28:58 UTC (rev 41300)
+++ data/CVE/list	2016-04-29 21:10:15 UTC (rev 41301)
@@ -1,3 +1,5 @@
+CVE-2016-4349 (Untrusted search path vulnerability in Cisco WebEx Productivity Tools ...)
+	TODO: check
 CVE-2016-4352 [Mplayer/Mencoder integer overflow parsing gif files]
 	- mplayer <unfixed>
 	NOTE: https://trac.mplayerhq.hu/ticket/2295
@@ -5580,28 +5582,35 @@
 	- hhvm 3.12.1+dfsg-1
 	NOTE: https://github.com/facebook/hhvm/commit/eae73029336e4d577707cb8a0527f22cb8a4588a
 CVE-2016-4348
+	RESERVED
 	- librsvg <unfixed>
 	TODO: check affected versions
 CVE-2016-4347
+	RESERVED
 	- librsvg <unfixed>
 	TODO: check affected versions
 CVE-2016-4346 [Multiple Heap Overflow due to integer overflows | xml/filter_url/addcslashes -- ext/standard/string.c]
+	RESERVED
 	- php7.0 <undetermined>
 	- php5 <undetermined>
 	NOTE: https://bugs.php.net/bug.php?id=71637
 CVE-2016-4345 [Multiple Heap Overflow due to integer overflows | xml/filter_url/addcslashes -- ext/filter/sanitizing_filters.c]
+	RESERVED
 	- php7.0 <undetermined>
 	- php5 <undetermined>
 	NOTE: https://bugs.php.net/bug.php?id=71637
 CVE-2016-4344 [Multiple Heap Overflow due to integer overflows | xml/filter_url/addcslashes -- ext/xml/xml.c]
+	RESERVED
 	- php7.0 <undetermined>
 	- php5 <undetermined>
 	NOTE: https://bugs.php.net/bug.php?id=71637
 CVE-2016-4343 [Uninitialized pointer in phar_make_dirstream()]
+	RESERVED
 	- php7.0 <undetermined>
 	- php5 <undetermined>
 	NOTE: https://bugs.php.net/bug.php?id=71331
 CVE-2016-4342 [Heap corruption in tar/zip/phar parser]
+	RESERVED
 	- php5 5.6.18+dfsg-1
 	[jessie] - php5 5.6.19+dfsg-0+deb8u1
 	[wheezy] - php5 <no-dsa> (Minor issue, can be fixed in next update round)
@@ -6173,10 +6182,12 @@
 	RESERVED
 CVE-2016-2168
 	RESERVED
+	{DSA-3561-1}
 	- subversion 1.9.4-1
 	NOTE: https://subversion.apache.org/security/CVE-2016-2168-advisory.txt
 CVE-2016-2167
 	RESERVED
+	{DSA-3561-1}
 	- subversion 1.9.4-1
 	NOTE: https://subversion.apache.org/security/CVE-2016-2167-advisory.txt
 CVE-2016-2166 (The (1) proton.reactor.Connector, (2) proton.reactor.Container, and ...)
@@ -8806,14 +8817,14 @@
 	RESERVED
 CVE-2016-1390
 	RESERVED
-CVE-2016-1389
-	RESERVED
+CVE-2016-1389 (Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 ...)
+	TODO: check
 CVE-2016-1388
 	RESERVED
 CVE-2016-1387
 	RESERVED
-CVE-2016-1386
-	RESERVED
+CVE-2016-1386 (The API in Cisco Application Policy Infrastructure Controller ...)
+	TODO: check
 CVE-2016-1385
 	RESERVED
 CVE-2016-1384 (The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 ...)
@@ -79294,7 +79305,7 @@
 	NOT-FOR-US: WordPress theme
 CVE-2011-5256 (Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey ...)
 	- limesurvey <itp> (bug #472802)
-CVE-2013-1656 (Spree Commerce 1.0.x through 1.3.2 allow remote authenticated ...)
+CVE-2013-1656 (Spree Commerce 1.0.x through 1.3.2 allows remote authenticated ...)
 	NOT-FOR-US: Spree
 CVE-2013-1655 (Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby ...)
 	{DSA-2643-1}
@@ -105323,7 +105334,7 @@
 	NOT-FOR-US: Oracle Siebel
 CVE-2011-3525 (Unspecified vulnerability in the Application Express component in ...)
 	NOT-FOR-US: Oracle Database Server
-CVE-2011-3524 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools ...)
+CVE-2011-3524 (Unspecified vulnerability in the EnterpriseOne Tools component in ...)
 	NOT-FOR-US: Oracle JD Edwards Products
 CVE-2011-3523 (Unspecified vulnerability in the Oracle Web Services Manager component ...)
 	NOT-FOR-US: Oracle Fusion
@@ -105349,7 +105360,7 @@
 	- openjdk-6 <not-affected> (Windows-specific)
 CVE-2011-3515 (Unspecified vulnerability in the Oracle Solaris 10 and 11 Express ...)
 	NOT-FOR-US: Oracle Solaris
-CVE-2011-3514 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools ...)
+CVE-2011-3514 (Unspecified vulnerability in the EnterpriseOne Tools component in ...)
 	NOT-FOR-US: Oracle JD Edwards Products
 CVE-2011-3513 (Unspecified vulnerability in the Oracle Application Object Library ...)
 	NOT-FOR-US: Oracle E-Business Suite
@@ -105359,7 +105370,7 @@
 	NOT-FOR-US: Oracle Database Server
 CVE-2011-3510 (Unspecified vulnerability in the Oracle Business Intelligence ...)
 	NOT-FOR-US: Oracle Fusion Middleware
-CVE-2011-3509 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools ...)
+CVE-2011-3509 (Unspecified vulnerability in the EnterpriseOne Tools component in ...)
 	NOT-FOR-US: Oracle JD Edwards Products
 CVE-2011-3508 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express ...)
 	NOT-FOR-US: Oracle Solaris
@@ -108942,17 +108953,17 @@
 	[squeeze] - rampart <no-dsa> (Minor issue)
 CVE-2011-2327 (Unspecified vulnerability in the Oracle Communications Unified ...)
 	NOT-FOR-US: Oracle Sun Products Suite
-CVE-2011-2326 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools ...)
+CVE-2011-2326 (Unspecified vulnerability in the EnterpriseOne Tools component in ...)
 	NOT-FOR-US: Oracle JD Edwards Products
-CVE-2011-2325 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools ...)
+CVE-2011-2325 (Unspecified vulnerability in the EnterpriseOne Tools component in ...)
 	NOT-FOR-US: Oracle JD Edwards Products
-CVE-2011-2324 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools ...)
+CVE-2011-2324 (Unspecified vulnerability in the EnterpriseOne Tools component in ...)
 	NOT-FOR-US: Oracle JD Edwards Products
 CVE-2011-2323 (Unspecified vulnerability in the Health Sciences - Oracle Thesaurus ...)
 	NOT-FOR-US: Oracle Thesaurus Management System
 CVE-2011-2322 (Unspecified vulnerability in the Database Vault component in Oracle ...)
 	NOT-FOR-US: Oracle Database Server
-CVE-2011-2321 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools ...)
+CVE-2011-2321 (Unspecified vulnerability in the EnterpriseOne Tools component in ...)
 	NOT-FOR-US: Oracle JD Edwards Products
 CVE-2011-2320 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
 	NOT-FOR-US: Oracle Fusion Middleware
@@ -108960,7 +108971,7 @@
 	NOT-FOR-US: Oracle Fusion Middleware
 CVE-2011-2318 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
 	NOT-FOR-US: Oracle Fusion Middleware
-CVE-2011-2317 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools ...)
+CVE-2011-2317 (Unspecified vulnerability in the EnterpriseOne Tools component in ...)
 	NOT-FOR-US: Oracle JD Edwards Products
 CVE-2011-2316 (Unspecified vulnerability in the Siebel Apps - Marketing component in ...)
 	NOT-FOR-US: Oracle Siebel
@@ -108984,7 +108995,7 @@
 	NOT-FOR-US: Oracle SysFW
 CVE-2011-2306 (Unspecified vulnerability in Oracle Linux 4 and 5 allows remote ...)
 	NOT-FOR-US: Oracle Linux-specific feature
-CVE-2011-2305 (Unspecified vulnerability in Oracle VM VirtualBox 3.0, 3.1, 3.2, and ...)
+CVE-2011-2305 (Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local ...)
 	- virtualbox-ose <not-affected> (Only affects 4.x)
 	- virtualbox 4.0.10-dfsg-1
 CVE-2011-2304 (Unspecified vulnerability in Oracle Solaris 10 allows remote attackers ...)
@@ -108995,7 +109006,7 @@
 	NOT-FOR-US: Oracle E-Business Suite
 CVE-2011-2301 (Unspecified vulnerability in the Oracle Text component in Oracle ...)
 	NOT-FOR-US: Oracle Database
-CVE-2011-2300 (Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local ...)
+CVE-2011-2300 (Unspecified vulnerability in Oracle VM VirtualBox 3.0, 3.1, 3.2, and ...)
 	- virtualbox-guest-additions-iso 4.0.10-1 (bug #635276)
 	[squeeze] - virtualbox-guest-additions <no-dsa> (Non-free not supported)
 CVE-2011-2299 (Unspecified vulnerability in Oracle SPARC Enterprise M3000, M4000, ...)

More information about the Secure-testing-commits mailing list