[Secure-testing-commits] r44165 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Aug 26 21:10:13 UTC 2016 

Author: sectracker
Date: 2016-08-26 21:10:13 +0000 (Fri, 26 Aug 2016)
New Revision: 44165

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-08-26 20:16:29 UTC (rev 44164)
+++ data/CVE/list	2016-08-26 21:10:13 UTC (rev 44165)
@@ -1,3 +1,11 @@
+CVE-2016-7094
+	RESERVED
+CVE-2016-7093
+	RESERVED
+CVE-2016-7092
+	RESERVED
+CVE-2016-7090
+	RESERVED
 CVE-2016-7097 [Setting a POSIX ACL via setxattr doesn't clear the setgid bit]
 	- linux <unfixed>
 	NOTE: http://www.spinics.net/lists/linux-fsdevel/msg98328.html
@@ -4,6 +12,7 @@
 	NOTE: http://marc.info/?l=linux-fsdevel&m=147162313630259&w=2
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1368938
 CVE-2016-7091
+	RESERVED
 	- sudo <not-affected> (Debian not including INPUTRC in /etc/sudoers)
 	NOTE: Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1339935
 	NOTE: The scope of this CVE is the entire 'INPUTRC should
@@ -653,11 +662,13 @@
 CVE-2016-6793
 	RESERVED
 CVE-2015-8953
+	RESERVED
 	- linux 4.2.6-1
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.kernel.org/linus/ab79efab0a0ba01a74df782eb7fa44b044dae8b5 (v4.3)
 CVE-2015-8952
+	RESERVED
 	- linux 4.6.1-1
 	NOTE: https://git.kernel.org/linus/be0726d33cb8f411945884664924bed3cb8c70ee (v4.6-rc1)
 CVE-2015-8951
@@ -1575,7 +1586,7 @@
 	RESERVED
 CVE-2016-6525 [heap overflow in pdf_load_mesh_params()]
 	RESERVED
-	{DLA-589-1}
+	{DSA-3655-1 DLA-589-1}
 	- mupdf 1.9a+ds1-1.2 (bug #833417)
 	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696954
 	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e
@@ -1976,8 +1987,8 @@
 	RESERVED
 CVE-2016-6370
 	RESERVED
-CVE-2016-6369
-	RESERVED
+CVE-2016-6369 (Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x ...)
+	TODO: check
 CVE-2016-6368
 	RESERVED
 CVE-2016-6367 (Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA ...)
@@ -2550,6 +2561,7 @@
 	RESERVED
 CVE-2016-6265 [use-after-free]
 	RESERVED
+	{DSA-3655-1}
 	- mupdf 1.9a+ds1-1.1 (bug #832031)
 	[wheezy] - mupdf <not-affected> (vulnerable code not present, no segfault)
 	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696941
@@ -2691,8 +2703,8 @@
 CVE-2016-6234
 	RESERVED
 	- lepton 1.2.1-1 (bug #831814)
-CVE-2016-6231
-	RESERVED
+CVE-2016-6231 (Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 ...)
+	TODO: check
 CVE-2016-6230
 	RESERVED
 CVE-2016-6229
@@ -4382,8 +4394,8 @@
 	RESERVED
 CVE-2016-5682
 	RESERVED
-CVE-2016-5681
-	RESERVED
+CVE-2016-5681 (Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 ...)
+	TODO: check
 CVE-2016-5680
 	RESERVED
 CVE-2016-5679
@@ -4398,8 +4410,8 @@
 	RESERVED
 CVE-2016-5674
 	RESERVED
-CVE-2016-5673
-	RESERVED
+CVE-2016-5673 (UltraVNC Repeater before 1300 does not restrict destination IP ...)
+	TODO: check
 CVE-2016-5672 (Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x ...)
 	- crosswalk <itp> (bug #775876)
 CVE-2016-5671 (Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron ...)
@@ -5172,8 +5184,7 @@
 	- fontconfig 2.11.0-6.5 (bug #833570)
 	NOTE: https://lists.freedesktop.org/archives/fontconfig/2016-August/005792.html
 	NOTE: Fixed by: https://cgit.freedesktop.org/fontconfig/commit/?id=7a4a5bd7897d216f0794ca9dbce0a4a5c9d14940 (2.12.1)
-CVE-2016-5383
-	RESERVED
+CVE-2016-5383 (The web UI in Red Hat CloudForms 4.1 allows remote authenticated users ...)
 	NOT-FOR-US: Red Hat CloudForms
 CVE-2016-5382
 	RESERVED
@@ -6632,8 +6643,8 @@
 	RESERVED
 CVE-2016-5024
 	RESERVED
-CVE-2016-5023
-	RESERVED
+CVE-2016-5023 (Virtual servers in F5 BIG-IP systems 11.2.1 HF11 through HF15, 11.4.1 ...)
+	TODO: check
 CVE-2016-5022
 	RESERVED
 CVE-2016-5021 (The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ...)
@@ -7778,12 +7789,12 @@
 	RESERVED
 CVE-2016-4658
 	RESERVED
-CVE-2016-4657
-	RESERVED
-CVE-2016-4656
-	RESERVED
-CVE-2016-4655
-	RESERVED
+CVE-2016-4657 (WebKit in Apple iOS before 9.3.5 allows remote attackers to execute ...)
+	TODO: check
+CVE-2016-4656 (The kernel in Apple iOS before 9.3.5 allows attackers to execute ...)
+	TODO: check
+CVE-2016-4655 (The kernel in Apple iOS before 9.3.5 allows attackers to obtain ...)
+	TODO: check
 CVE-2016-4654 (IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to ...)
 	TODO: check
 CVE-2016-4653 (The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before ...)
@@ -9481,8 +9492,7 @@
 	[jessie] - jq <no-dsa> (Minor issue)
 	NOTE: https://github.com/stedolan/jq/issues/1136
 	NOTE: http://www.openwall.com/lists/oss-security/2016/04/24/3
-CVE-2016-4069 [Protect download urls against CSRF using unique request tokens]
-	RESERVED
+CVE-2016-4069 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail ...)
 	- roundcube 1.1.5+dfsg.1-1 (bug #822333)
 	NOTE: https://github.com/roundcube/roundcubemail/issues/4957
 	NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115
@@ -9571,7 +9581,7 @@
 CVE-2016-4050
 	RESERVED
 CVE-2016-4049 (The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does ...)
-	{DSA-3654-1}
+	{DSA-3654-1 DLA-601-1}
 	- quagga <unfixed> (bug #822787)
 	NOTE: https://lists.quagga.net/pipermail/quagga-dev/2016-January/014699.html
 	NOTE: https://lists.quagga.net/pipermail/quagga-dev/2016-April/015241.html
@@ -9717,7 +9727,7 @@
 CVE-2016-4039
 	RESERVED
 CVE-2016-4036 (The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux ...)
-	{DSA-3654-1}
+	{DSA-3654-1 DLA-601-1}
 	- quagga <unfixed> (bug #835223)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=770619
 	NOTE: World readable files in /etc/quagga as well in Debian
@@ -18094,8 +18104,8 @@
 	RESERVED
 CVE-2016-1502
 	RESERVED
-CVE-2016-1497
-	RESERVED
+CVE-2016-1497 (The Configuration utility in F5 BIG-IP systems 11.0.x, 11.1.x, 11.2.x ...)
+	TODO: check
 CVE-2016-1496 (The graphics driver in Huawei P8 smartphones with software GRA-TL00 ...)
 	NOT-FOR-US: Huawei
 CVE-2016-1495 (Integer overflow in the graphics drivers in Huawei Mate S smartphones ...)

More information about the Secure-testing-commits mailing list