[Secure-testing-commits] r43942 - data/CVE

Thu Aug 11 21:10:14 UTC 2016

Author: sectracker
Date: 2016-08-11 21:10:13 +0000 (Thu, 11 Aug 2016)
New Revision: 43942

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-08-11 20:38:49 UTC (rev 43941)
+++ data/CVE/list	2016-08-11 21:10:13 UTC (rev 43942)
@@ -1,3 +1,73 @@
+CVE-2016-6670
+	RESERVED
+CVE-2016-6669
+	RESERVED
+CVE-2016-6668
+	RESERVED
+CVE-2016-6667
+	RESERVED
+CVE-2016-6666
+	RESERVED
+CVE-2016-6665
+	RESERVED
+CVE-2016-6664
+	RESERVED
+CVE-2016-6663
+	RESERVED
+CVE-2016-6662
+	RESERVED
+CVE-2016-6661
+	RESERVED
+CVE-2016-6660
+	RESERVED
+CVE-2016-6659
+	RESERVED
+CVE-2016-6658
+	RESERVED
+CVE-2016-6657
+	RESERVED
+CVE-2016-6656
+	RESERVED
+CVE-2016-6655
+	RESERVED
+CVE-2016-6654
+	RESERVED
+CVE-2016-6653
+	RESERVED
+CVE-2016-6652
+	RESERVED
+CVE-2016-6651
+	RESERVED
+CVE-2016-6650
+	RESERVED
+CVE-2016-6649
+	RESERVED
+CVE-2016-6648
+	RESERVED
+CVE-2016-6647
+	RESERVED
+CVE-2016-6646
+	RESERVED
+CVE-2016-6645
+	RESERVED
+CVE-2016-6644
+	RESERVED
+CVE-2016-6643
+	RESERVED
+CVE-2016-6642
+	RESERVED
+CVE-2016-6641
+	RESERVED
+CVE-2016-6640
+	RESERVED
+CVE-2016-6639
+	RESERVED
+CVE-2016-6638
+	RESERVED
+CVE-2016-6637
+	RESERVED
+CVE-2016-6636
+	RESERVED
 CVE-2016-1000038
 	RESERVED
 CVE-2016-XXXX [RLE check for pixel offset less than 0]
@@ -275,8 +345,8 @@
 	RESERVED
 CVE-2016-6598
 	RESERVED
-CVE-2016-6597
-	RESERVED
+CVE-2016-6597 (Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus ...)
+	TODO: check
 CVE-2016-6596
 	RESERVED
 CVE-2016-6594
@@ -518,6 +588,7 @@
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/dd84447b63a71fa8c3f47071b09454efc667767b
 CVE-2016-6489 [RSA code is vulnerable to cache sharing related attacks]
 	RESERVED
+	{DLA-593-1}
 	- nettle <unfixed> (bug #832983)
 	NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2016/003093.html
 	NOTE: https://git.lysator.liu.se/nettle/nettle/commit/3fe1d6549765ecfb24f0b80b2ed086fdc818bff3
@@ -627,8 +698,7 @@
 	RESERVED
 CVE-2016-6481
 	RESERVED
-CVE-2013-7458 [World readable .rediscli_history]
-	RESERVED
+CVE-2013-7458 (linenoise, as used in Redis before 3.2.3, uses world-readable ...)
 	{DSA-3634-1 DLA-577-1}
 	- redis 2:3.2.1-4 (bug #832460)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/1
@@ -3792,7 +3862,7 @@
 	RESERVED
 CVE-2016-5424 [Fix client programs' handling of special characters in database and role names]
 	RESERVED
-	{DLA-592-1}
+	{DSA-3646-1 DLA-592-1}
 	- postgresql-9.5 9.5.4-1
 	- postgresql-9.4 <removed>
 	- postgresql-9.1 <removed>
@@ -3800,7 +3870,7 @@
 	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=fcd15f13581f6d75c63d213220d5a94889206c1b
 CVE-2016-5423 [possible mis-evaluation of nested CASE-WHEN expressions]
 	RESERVED
-	{DLA-592-1}
+	{DSA-3646-1 DLA-592-1}
 	- postgresql-9.5 9.5.4-1
 	- postgresql-9.4 <removed>
 	- postgresql-9.1 <removed>
@@ -3808,22 +3878,19 @@
 	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=f0c7b789ab12fbc8248b671c7882dd96ac932ef4
 CVE-2016-5422
 	RESERVED
-CVE-2016-5421 [TLS session resumption client cert bypass]
-	RESERVED
+CVE-2016-5421 (Use-after-free vulnerability in libcurl before 7.50.1 allows attackers ...)
 	{DSA-3638-1}
 	- curl 7.50.1-1
 	[wheezy] - curl <not-affected> (introduced in 7.32.0)
 	NOTE: https://curl.haxx.se/docs/adv_20160803C.html
 	NOTE: Fixed by https://curl.haxx.se/CVE-2016-5421.patch
-CVE-2016-5420 [Re-using connection with wrong client cert]
-	RESERVED
+CVE-2016-5420 (curl and libcurl before 7.50.1 do not check the client certificate ...)
 	{DSA-3638-1 DLA-586-1}
 	- curl 7.50.1-1
 	NOTE: https://curl.haxx.se/docs/adv_20160803B.html
 	NOTE: Fixed by https://curl.haxx.se/CVE-2016-5420.patch
 	NOTE: Wheezy: vulnerable code is in lib/sslgen.c
-CVE-2016-5419 [TLS session resumption client cert bypass]
-	RESERVED
+CVE-2016-5419 (curl and libcurl before 7.50.1 do not prevent TLS session resumption ...)
 	{DSA-3638-1 DLA-586-1}
 	- curl 7.50.1-1
 	NOTE: https://curl.haxx.se/docs/adv_20160803A.html
@@ -3860,8 +3927,7 @@
 	RESERVED
 CVE-2016-5409
 	RESERVED
-CVE-2016-5408
-	RESERVED
+CVE-2016-5408 (Stack-based buffer overflow in the munge_other_line function in ...)
 	{DLA-556-1}
 	- squid3 <not-affected> (Incomplete fix for CVE-2016-4051 not applied)
 	NOTE: CVE is specific for the incomplete fix of CVE-2016-4051 as applied
@@ -11896,7 +11962,7 @@
 	- firefox-esr 45.2.0esr-1
 	- firefox 47.0-1
 CVE-2016-2818 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
-	{DSA-3600-1 DLA-572-1 DLA-521-1}
+	{DSA-3647-1 DSA-3600-1 DLA-572-1 DLA-521-1}
 	- firefox-esr 45.2.0esr-1
 	- firefox 47.0-1
 	- icedove 1:45.2.0-1


