[Secure-testing-commits] r44069 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Aug 19 21:10:13 UTC 2016
Author: sectracker
Date: 2016-08-19 21:10:13 +0000 (Fri, 19 Aug 2016)
New Revision: 44069
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-08-19 20:18:20 UTC (rev 44068)
+++ data/CVE/list 2016-08-19 21:10:13 UTC (rev 44069)
@@ -1,3 +1,87 @@
+CVE-2016-6880
+ RESERVED
+CVE-2016-6879
+ RESERVED
+CVE-2016-6878
+ RESERVED
+CVE-2016-6877
+ RESERVED
+CVE-2016-6876
+ RESERVED
+CVE-2016-6869
+ RESERVED
+CVE-2016-6868
+ RESERVED
+CVE-2016-6867
+ RESERVED
+CVE-2016-6865
+ RESERVED
+CVE-2016-6864
+ RESERVED
+CVE-2016-6863
+ RESERVED
+CVE-2016-6862
+ RESERVED
+CVE-2016-6861
+ RESERVED
+CVE-2016-6860
+ RESERVED
+CVE-2016-6859
+ RESERVED
+CVE-2016-6858
+ RESERVED
+CVE-2016-6857
+ RESERVED
+CVE-2016-6856
+ RESERVED
+CVE-2016-6855
+ RESERVED
+CVE-2016-6854
+ RESERVED
+CVE-2016-6853
+ RESERVED
+CVE-2016-6852
+ RESERVED
+CVE-2016-6851
+ RESERVED
+CVE-2016-6850
+ RESERVED
+CVE-2016-6849
+ RESERVED
+CVE-2016-6848
+ RESERVED
+CVE-2016-6847
+ RESERVED
+CVE-2016-6846
+ RESERVED
+CVE-2016-6845
+ RESERVED
+CVE-2016-6844
+ RESERVED
+CVE-2016-6843
+ RESERVED
+CVE-2016-6842
+ RESERVED
+CVE-2016-6841
+ RESERVED
+CVE-2016-6840
+ RESERVED
+CVE-2016-6839
+ RESERVED
+CVE-2016-6838
+ RESERVED
+CVE-2016-6829
+ RESERVED
+CVE-2016-6827
+ RESERVED
+CVE-2016-6826
+ RESERVED
+CVE-2016-6825
+ RESERVED
+CVE-2016-6824
+ RESERVED
+CVE-2016-6823
+ RESERVED
CVE-2016-6888 [net: vmxnet: integer overflow in packet initialisation]
- qemu <unfixed>
[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
@@ -7,24 +91,31 @@
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=47882fa4975bf0b58dd74474329fdd7154e8f04c
TODO: check
CVE-2016-6875 [Fix infinite recursion in wddx]
+ RESERVED
- hhvm <unfixed>
NOTE: https://github.com/facebook/hhvm/commit/1888810e77b446a79a7674784d5f139fcfa605e2
CVE-2016-6874 [Fix recursion checks in array_*_recursive]
+ RESERVED
- hhvm <unfixed>
NOTE: https://github.com/facebook/hhvm/commit/05e706d98f748f609b19d8697e490eaab5007d69
CVE-2016-6873 [Fix self recursion in compact]
+ RESERVED
- hhvm <unfixed>
NOTE: https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e
CVE-2016-6872 [Fix integer overflow in StringUtil::implode]
+ RESERVED
- hhvm <unfixed>
NOTE: https://github.com/facebook/hhvm/commit/2c9a8fcc73a151608634d3e712973d192027c271
CVE-2016-6871 [Fix buffer overrun due to integer overflow in bcmath]
+ RESERVED
- hhvm <unfixed>
NOTE: https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475
CVE-2016-6870 [incorrect use of strndup]
+ RESERVED
- hhvm <unfixed>
NOTE: https://github.com/facebook/hhvm/commit/365abe807cab2d60dc9ec307292a06181f77a9c2
CVE-2016-6866
+ RESERVED
- suckless-tools 41-1
[jessie] - suckless-tools <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2016/08/18/22
@@ -34,24 +125,29 @@
NOTE: thus in readpw, not calling crypt(passwd, pws) with a possibly
NOTE: empty pws.
CVE-2016-6837 [XSS in view_all_bug_page.php]
+ RESERVED
- mantis <removed>
NOTE: https://mantisbt.org/bugs/view.php?id=21611
NOTE: https://github.com/mantisbt/mantisbt/commit/7086c2d8b4b20ac14013b36761ac04f0abf21a4e
CVE-2016-6832 [heap-based buffer overflow in ff_audio_resample (resample.c)]
+ RESERVED
- libav <removed>
[wheezy] - libav <not-affected> (Vulnerable code not present)
NOTE: https://blogs.gentoo.org/ago/2016/08/07/libav-heap-based-buffer-overflow-in-ff_audio_resample-resample-c/
NOTE: https://git.libav.org/?p=libav.git;a=commit;h=0ac8ff618c5e6d878c547a8877e714ed728950ce
NOTE: Claimed to not affect ffmpeg
CVE-2016-6831 [Memory leak in CHICKEN Scheme's process-execute and process-spawn procedures]
+ RESERVED
- chicken <unfixed> (bug #834845)
NOTE: Fixed in the same upstream patch which is provided for CVE-2016-6830
CVE-2016-6830 [Buffer overrun in CHICKEN Scheme's "process-execute" and "process-spawn" procedures from the posix unit]
+ RESERVED
- chicken <unfixed> (bug #834845)
NOTE: http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html
NOTE: https://lists.nongnu.org/archive/html/chicken-hackers/2016-07/txtSWHYeFeG0R.txt
NOTE: http://bugs.call-cc.org/ticket/1308
CVE-2016-6828 [Linux tcp_xmit_retransmit_queue use after free]
+ RESERVED
- linux <unfixed>
CVE-2016-6822
RESERVED
@@ -368,6 +464,7 @@
- imagemagick <unfixed> (bug #834183)
NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30245
CVE-2016-6833 [net: vmxnet3: use after free while writing]
+ RESERVED
- qemu <unfixed>
[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
- qemu-kvm <removed>
@@ -376,6 +473,7 @@
NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01602.html
NOTE: http://www.openwall.com/lists/oss-security/2016/08/12/1
CVE-2016-6834 [an infinite loop during packet fragmentation]
+ RESERVED
- qemu <unfixed>
[wheezy] - qemu <not-affected> (Vulnerable code not present, packet abstraction introduced in 1.5)
- qemu-kvm <removed>
@@ -384,6 +482,7 @@
NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01601.html
NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/8
CVE-2016-6835 [buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device emulation]
+ RESERVED
- qemu <unfixed>
[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
- qemu-kvm <removed>
@@ -391,6 +490,7 @@
NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-stable/2016-08/msg00077.html
NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/7
CVE-2016-6836 [Information leak in vmxnet3_complete_packet]
+ RESERVED
- qemu <unfixed>
[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
- qemu-kvm <removed>
@@ -1383,10 +1483,10 @@
RESERVED
CVE-2016-6368
RESERVED
-CVE-2016-6367
- RESERVED
-CVE-2016-6366
- RESERVED
+CVE-2016-6367 (Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA ...)
+ TODO: check
+CVE-2016-6366 (Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software ...)
+ TODO: check
CVE-2016-6365
RESERVED
CVE-2016-6364
@@ -7144,8 +7244,8 @@
RESERVED
CVE-2016-4655
RESERVED
-CVE-2016-4654
- RESERVED
+CVE-2016-4654 (IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to ...)
+ TODO: check
CVE-2016-4653 (The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before ...)
TODO: check
CVE-2016-4652 (CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain ...)
@@ -17567,10 +17667,10 @@
TODO: check
CVE-2016-1459 (Cisco IOS 12.4 and 15.0 through 15.5 and IOS XE 3.13 through 3.17 ...)
TODO: check
-CVE-2016-1458
- RESERVED
-CVE-2016-1457
- RESERVED
+CVE-2016-1458 (The web-based GUI in Cisco Firepower Management Center 4.x and 5.x ...)
+ TODO: check
+CVE-2016-1457 (The web-based GUI in Cisco Firepower Management Center 4.x and 5.x ...)
+ TODO: check
CVE-2016-1456 (The CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to ...)
TODO: check
CVE-2016-1455
@@ -17763,8 +17863,8 @@
TODO: check
CVE-2016-1366 (The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on ...)
NOT-FOR-US: Cisco IOS XR
-CVE-2016-1365
- RESERVED
+CVE-2016-1365 (The Grapevine update process in Cisco Application Policy ...)
+ TODO: check
CVE-2016-1364 (Cisco Wireless LAN Controller (WLC) Software 7.4 before 7.4.130.0(MD) ...)
TODO: check
CVE-2016-1363 (Buffer overflow in the redirection functionality in Cisco Wireless LAN ...)
More information about the Secure-testing-commits
mailing list