[Secure-testing-commits] r39417 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Feb 2 21:10:15 UTC 2016


Author: sectracker
Date: 2016-02-02 21:10:15 +0000 (Tue, 02 Feb 2016)
New Revision: 39417

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-02-02 20:57:09 UTC (rev 39416)
+++ data/CVE/list	2016-02-02 21:10:15 UTC (rev 39417)
@@ -1,3 +1,230 @@
+CVE-2016-7028
+	REJECTED
+	TODO: check
+CVE-2016-2199 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+	TODO: check
+CVE-2016-2196
+	RESERVED
+CVE-2016-2195
+	RESERVED
+CVE-2016-2194
+	RESERVED
+CVE-2016-2193
+	RESERVED
+CVE-2016-2192
+	RESERVED
+CVE-2016-2191
+	RESERVED
+CVE-2016-2190
+	RESERVED
+CVE-2016-2189
+	RESERVED
+CVE-2016-2188
+	RESERVED
+CVE-2016-2187
+	RESERVED
+CVE-2016-2186
+	RESERVED
+CVE-2016-2185
+	RESERVED
+CVE-2016-2184
+	RESERVED
+CVE-2016-2183
+	RESERVED
+CVE-2016-2182
+	RESERVED
+CVE-2016-2181
+	RESERVED
+CVE-2016-2180
+	RESERVED
+CVE-2016-2179
+	RESERVED
+CVE-2016-2178
+	RESERVED
+CVE-2016-2177
+	RESERVED
+CVE-2016-2176
+	RESERVED
+CVE-2016-2175
+	RESERVED
+CVE-2016-2174
+	RESERVED
+CVE-2016-2173
+	RESERVED
+CVE-2016-2172
+	RESERVED
+CVE-2016-2171
+	RESERVED
+CVE-2016-2170
+	RESERVED
+CVE-2016-2169
+	RESERVED
+CVE-2016-2168
+	RESERVED
+CVE-2016-2167
+	RESERVED
+CVE-2016-2166
+	RESERVED
+CVE-2016-2165
+	RESERVED
+CVE-2016-2164
+	RESERVED
+CVE-2016-2163
+	RESERVED
+CVE-2016-2162
+	RESERVED
+CVE-2016-2161
+	RESERVED
+CVE-2016-2160
+	RESERVED
+CVE-2016-2159
+	RESERVED
+CVE-2016-2158
+	RESERVED
+CVE-2016-2157
+	RESERVED
+CVE-2016-2156
+	RESERVED
+CVE-2016-2155
+	RESERVED
+CVE-2016-2154
+	RESERVED
+CVE-2016-2153
+	RESERVED
+CVE-2016-2152
+	RESERVED
+CVE-2016-2151
+	RESERVED
+CVE-2016-2150
+	RESERVED
+CVE-2016-2149
+	RESERVED
+CVE-2016-2148
+	RESERVED
+CVE-2016-2147
+	RESERVED
+CVE-2016-2146
+	RESERVED
+CVE-2016-2145
+	RESERVED
+CVE-2016-2144
+	RESERVED
+CVE-2016-2143
+	RESERVED
+CVE-2016-2142
+	RESERVED
+CVE-2016-2141
+	RESERVED
+CVE-2016-2140
+	RESERVED
+CVE-2016-2139
+	RESERVED
+CVE-2016-2138
+	RESERVED
+CVE-2016-2137
+	RESERVED
+CVE-2016-2136
+	RESERVED
+CVE-2016-2135
+	RESERVED
+CVE-2016-2134
+	RESERVED
+CVE-2016-2133
+	RESERVED
+CVE-2016-2132
+	RESERVED
+CVE-2016-2131
+	RESERVED
+CVE-2016-2130
+	RESERVED
+CVE-2016-2129
+	RESERVED
+CVE-2016-2128
+	RESERVED
+CVE-2016-2127
+	RESERVED
+CVE-2016-2126
+	RESERVED
+CVE-2016-2125
+	RESERVED
+CVE-2016-2124
+	RESERVED
+CVE-2016-2123
+	RESERVED
+CVE-2016-2122
+	RESERVED
+CVE-2016-2121
+	RESERVED
+CVE-2016-2120
+	RESERVED
+CVE-2016-2119
+	RESERVED
+CVE-2016-2118
+	RESERVED
+CVE-2016-2117
+	RESERVED
+CVE-2016-2116
+	RESERVED
+CVE-2016-2115
+	RESERVED
+CVE-2016-2114
+	RESERVED
+CVE-2016-2113
+	RESERVED
+CVE-2016-2112
+	RESERVED
+CVE-2016-2111
+	RESERVED
+CVE-2016-2110
+	RESERVED
+CVE-2016-2109
+	RESERVED
+CVE-2016-2108
+	RESERVED
+CVE-2016-2107
+	RESERVED
+CVE-2016-2106
+	RESERVED
+CVE-2016-2105
+	RESERVED
+CVE-2016-2104
+	RESERVED
+CVE-2016-2103
+	RESERVED
+CVE-2016-2102
+	RESERVED
+CVE-2016-2101
+	RESERVED
+CVE-2016-2100
+	RESERVED
+CVE-2016-2099
+	RESERVED
+CVE-2016-2098
+	RESERVED
+CVE-2016-2097
+	RESERVED
+CVE-2016-2096
+	RESERVED
+CVE-2016-2095
+	RESERVED
+CVE-2016-2094
+	RESERVED
+CVE-2016-2093
+	RESERVED
+CVE-2015-8797
+	RESERVED
+CVE-2015-8796
+	RESERVED
+CVE-2015-8795
+	RESERVED
+CVE-2015-8794 (Absolute path traversal vulnerability in ...)
+	TODO: check
+CVE-2015-8793 (Cross-site scripting (XSS) vulnerability in program/include/rcmail.php ...)
+	TODO: check
+CVE-2015-8791 (The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 ...)
+	TODO: check
+CVE-2015-8790 (The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 ...)
+	TODO: check
 CVE-2016-XXXX [Buffer overflow in Python-Pillow and PIL]
 	- pillow <unfixed>
 	- python-imaging <removed>
@@ -45,6 +272,7 @@
 CVE-2016-2092
 	RESERVED
 CVE-2016-2198 [usb: ehci null pointer dereference in ehci_caps_write]
+	RESERVED
 	- qemu <unfixed> (bug #813193)
 	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
 	- qemu-kvm <removed>
@@ -53,6 +281,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1301643
 	TODO: check versions
 CVE-2016-2197 [ide: ahci null pointer dereference when using FIS CLB engines]
+	RESERVED
 	- qemu <unfixed> (bug #813194)
 	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
 	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
@@ -68,11 +297,11 @@
 	RESERVED
 CVE-2016-2086
 	RESERVED
-CVE-2015-8792 [Out-of-bounds heap read in KaxInternalBlock::ReadData()]
+CVE-2015-8792 (The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 ...)
 	- libmatroska 1.4.4-1
 	NOTE: http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html
 	NOTE: https://github.com/Matroska-Org/libmatroska/commit/0a2d3e3644a7453b6513db2f9bc270f77943573f
-CVE-2015-8789 [Use-after-free vulnerability in the EbmlMaster::Read function]
+CVE-2015-8789 (Use-after-free vulnerability in the EbmlMaster::Read function in ...)
 	- libebml 1.3.3-1
 	NOTE: http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html
 	NOTE: https://github.com/Matroska-Org/libebml/commit/88409e2a94dd3b40ff81d08bf6d92f486d036b24
@@ -265,22 +494,19 @@
 	- linux-2.6 <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1300237
 	NOTE: Introduced in https://git.kernel.org/linus/3d167d68e3805ee45ed2e8412fc03ed919c54c24 (v3.13-rc1)
-CVE-2015-8783 [other out-of-bounds reads]
-	RESERVED
+CVE-2015-8783 (tif_luv.c in libtiff allows attackers to cause a denial of service ...)
 	{DLA-405-1}
 	- tiff 4.0.6-1
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522
 	NOTE: Commit: https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/3
-CVE-2015-8782 [other out-of-bounds writes]
-	RESERVED
+CVE-2015-8782 (tif_luv.c in libtiff allows attackers to cause a denial of service ...)
 	{DLA-405-1}
 	- tiff 4.0.6-1
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522
 	NOTE: Commit: https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/3
-CVE-2015-8781 [an out of bounds write at tif_luv.c:208]
-	RESERVED
+CVE-2015-8781 (tif_luv.c in libtiff allows attackers to cause a denial of service ...)
 	{DLA-405-1}
 	- tiff 4.0.6-1
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522#0
@@ -298,8 +524,7 @@
 CVE-2015-XXXX [insecure use of temporary files]
 	- node-cli <unfixed> (bug #809252)
 	[jessie] - node-cli <no-dsa> (Minor issue)
-CVE-2016-2049 [php-openid: host based account hijack attack]
-	RESERVED
+CVE-2016-2049 (examples/consumer/common.php in JanRain PHP OpenID library (aka ...)
 	- php-openid <unfixed>
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/2
 	TODO: check
@@ -410,8 +635,7 @@
 	RESERVED
 CVE-2016-1986
 	RESERVED
-CVE-2016-1985
-	RESERVED
+CVE-2016-1985 (HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers ...)
 	NOT-FOR-US: HPE Operations Manager
 CVE-2016-1984 (The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices ...)
 	NOT-FOR-US: Harman AMX devices
@@ -479,69 +703,58 @@
 	RESERVED
 CVE-2016-1949
 	RESERVED
-CVE-2016-1948 [Lightweight themes on Firefox for Android do not verify a secure connection]
-	RESERVED
+CVE-2016-1948 (Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is ...)
 	- iceweasel <not-affected> (Only affects Firefox for Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-12/
-CVE-2016-1947 [Application Reputation service disabled in Firefox 43]
-	RESERVED
+CVE-2016-1947 (Mozilla Firefox 43.x mishandles attempts to connect to the Application ...)
 	- iceweasel 44.0-1
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-11/
-CVE-2016-1946 [Unsafe memory manipulation found through code inspection]
-	RESERVED
+CVE-2016-1946 (The MoofParser::Metadata function in binding/MoofParser.cpp in ...)
 	- iceweasel 44.0-1
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-10/
-CVE-2016-1945 [Unsafe memory manipulation found through code inspection]
-	RESERVED
+CVE-2016-1945 (The nsZipArchive function in Mozilla Firefox before 44.0 might allow ...)
 	- iceweasel 44.0-1
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-10/
-CVE-2016-1944 [Unsafe memory manipulation found through code inspection]
-	RESERVED
+CVE-2016-1944 (The Buffer11::NativeBuffer11::map function in ANGLE, as used in ...)
 	- iceweasel 44.0-1
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-10/
-CVE-2016-1943 [Addressbar spoofing attacks]
-	RESERVED
+CVE-2016-1943 (Mozilla Firefox before 44.0 on Android allows remote attackers to ...)
 	- iceweasel 44.0-1
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-09/
-CVE-2016-1942 [Addressbar spoofing attacks]
-	RESERVED
+CVE-2016-1942 (Mozilla Firefox before 44.0 allows user-assisted remote attackers to ...)
 	- iceweasel 44.0-1
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-09/
-CVE-2016-1941 [Delay following click events in file download dialog too short on OS X]
-	RESERVED
+CVE-2016-1941 (The file-download dialog in Mozilla Firefox before 44.0 on OS X ...)
 	- iceweasel <not-affected> (Affects only Firefox on OS X)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-08/
-CVE-2016-1940 [Addressbar spoofing through stored data url shortcuts on Firefox for Android]
-	RESERVED
+CVE-2016-1940 (Mozilla Firefox before 44.0 on Android allows remote attackers to ...)
 	- iceweasel <not-affected> (Affects Firefox for Android only)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-05/
-CVE-2016-1939
-	RESERVED
+CVE-2016-1939 (Mozilla Firefox before 44.0 stores cookies with names containing ...)
 	- iceweasel 44.0-1
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-04/
-CVE-2016-1938
-	RESERVED
+CVE-2016-1938 (The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network ...)
 	- iceweasel 44.0-1
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
@@ -555,8 +768,7 @@
 	NOTE: https://hg.mozilla.org/projects/nss/rev/608645309ab9
 	NOTE: https://hg.mozilla.org/projects/nss/rev/cfd0ad4726cb
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1190248 (not yet public)
-CVE-2016-1937
-	RESERVED
+CVE-2016-1937 (The protocol-handler dialog in Mozilla Firefox before 44.0 allows ...)
 	- iceweasel 44.0-1
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
@@ -564,16 +776,14 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-06/
 CVE-2016-1936
 	RESERVED
-CVE-2016-1935 [Buffer overflow in WebGL after out of memory allocation]
-	RESERVED
+CVE-2016-1935 (Buffer overflow in the BufferSubData function in Mozilla Firefox ...)
 	{DSA-3457-1}
 	- iceweasel 44.0-1
 	[squeeze] - iceweasel <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-03/
 CVE-2016-1934
 	RESERVED
-CVE-2016-1933 [Out of Memory crash when parsing GIF format images]
-	RESERVED
+CVE-2016-1933 (Integer overflow in the image-deinterlacing functionality in Mozilla ...)
 	- iceweasel 44.0-1
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
@@ -581,15 +791,13 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-02/
 CVE-2016-1932
 	RESERVED
-CVE-2016-1931 [Memory safety bugs]
-	RESERVED
+CVE-2016-1931 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- iceweasel 44.0-1
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-CVE-2016-1930 [Miscellaneous memory safety hazards]
-	RESERVED
+CVE-2016-1930 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	{DSA-3457-1}
 	- iceweasel 44.0-1
 	[squeeze] - iceweasel <end-of-life>
@@ -654,10 +862,10 @@
 	RESERVED
 CVE-2015-8774
 	RESERVED
-CVE-2015-8773
-	RESERVED
-CVE-2015-8772
-	RESERVED
+CVE-2015-8773 (Stack-based buffer overflow in McPvDrv.sys 4.6.111.0 in McAfee File ...)
+	TODO: check
+CVE-2015-8772 (McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total ...)
+	TODO: check
 CVE-2016-1981 [net: e1000 infinite loop in start_xmit and e1000_receive_iov routines]
 	RESERVED
 	- qemu 1:2.5+dfsg-5 (bug #812307)
@@ -766,8 +974,7 @@
 	RESERVED
 CVE-2016-1883
 	RESERVED
-CVE-2016-1882 [TCP MD5 signature denial of service [SA-16:05]]
-	RESERVED
+CVE-2016-1882 (FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow ...)
 	- kfreebsd-10 <unfixed> (unimportant; bug #811280)
 	NOTE: kfreebsd not covered by security support in Jessie
 	- kfreebsd-9 <removed>
@@ -781,8 +988,7 @@
 	- kfreebsd-10 <unfixed> (unimportant; bug #811278)
 	NOTE: kfreebsd not covered by security support in Jessie
 	- kfreebsd-9 <removed>
-CVE-2016-1879 [SCTP ICMPv6 error message vulnerability [SA-16:01]]
-	RESERVED
+CVE-2016-1879 (The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 ...)
 	- kfreebsd-10 <unfixed> (unimportant; bug #811277)
 	NOTE: kfreebsd not covered by security support in Jessie
 	- kfreebsd-9 <removed>
@@ -1080,36 +1286,36 @@
 	RESERVED
 CVE-2016-1731
 	RESERVED
-CVE-2016-1730
-	RESERVED
-CVE-2016-1729
-	RESERVED
-CVE-2016-1728
-	RESERVED
-CVE-2016-1727
-	RESERVED
-CVE-2016-1726
-	RESERVED
-CVE-2016-1725
-	RESERVED
-CVE-2016-1724
-	RESERVED
-CVE-2016-1723
-	RESERVED
-CVE-2016-1722
-	RESERVED
-CVE-2016-1721
-	RESERVED
-CVE-2016-1720
-	RESERVED
-CVE-2016-1719
-	RESERVED
-CVE-2016-1718
-	RESERVED
-CVE-2016-1717
-	RESERVED
-CVE-2016-1716
-	RESERVED
+CVE-2016-1730 (WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or ...)
+	TODO: check
+CVE-2016-1729 (Untrusted search path vulnerability in OSA Scripts in Apple OS X ...)
+	TODO: check
+CVE-2016-1728 (The Cascading Style Sheets (CSS) implementation in Apple iOS before ...)
+	TODO: check
+CVE-2016-1727 (WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and ...)
+	TODO: check
+CVE-2016-1726 (WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, ...)
+	TODO: check
+CVE-2016-1725 (WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, ...)
+	TODO: check
+CVE-2016-1724 (WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and ...)
+	TODO: check
+CVE-2016-1723 (WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, ...)
+	TODO: check
+CVE-2016-1722 (syslog in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before ...)
+	TODO: check
+CVE-2016-1721 (The kernel in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS ...)
+	TODO: check
+CVE-2016-1720 (IOKit in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before ...)
+	TODO: check
+CVE-2016-1719 (The IOHIDFamily API in Apple iOS before 9.2.1, OS X before 10.11.3, ...)
+	TODO: check
+CVE-2016-1718 (The IOAcceleratorFamily2 interface in IOAcceleratorFamily in Apple OS ...)
+	TODO: check
+CVE-2016-1717 (The Disk Images component in Apple iOS before 9.2.1, OS X before ...)
+	TODO: check
+CVE-2016-1716 (AppleGraphicsPowerManagement in Apple OS X before 10.11.3 allows local ...)
+	TODO: check
 CVE-2016-1908 [Eliminate the fallback from untrusted X11-forwarding to trusted forwarding for cases when the X server disables the SECURITY extension]
 	RESERVED
 	- openssh <unfixed>
@@ -1175,8 +1381,7 @@
 	{DLA-408-1}
 	- gosa 2.7.4+reloaded2-6
 	NOTE: https://github.com/gosa-project/gosa-core/commit/a67a047cba2cdae8bccb0f0e2bc6d3eb45cfcbc8
-CVE-2015-8770 [remote code execution / path traversal]
-	RESERVED
+CVE-2015-8770 (Directory traversal vulnerability in the set_skin function in ...)
 	{DLA-392-1}
 	- roundcube 1.1.4+dfsg.1-1
 	NOTE: https://roundcube.net/news/2015/12/26/updates-1.1.4-and-1.0.8-released/
@@ -1760,8 +1965,8 @@
 	- owncloud 7.0.12~dfsg-1
 	[jessie] - owncloud 7.0.4+dfsg-4~deb8u4
 	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-001
-CVE-2016-1493
-	RESERVED
+CVE-2016-1493 (Intel Driver Update Utility before 2.4 retrieves driver updates in ...)
+	TODO: check
 CVE-2016-1492 (The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when ...)
 	TODO: check
 CVE-2016-1491 (The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when ...)
@@ -1770,8 +1975,8 @@
 	TODO: check
 CVE-2016-1489 (Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww ...)
 	TODO: check
-CVE-2016-1488
-	RESERVED
+CVE-2016-1488 (Cross-site scripting (XSS) vulnerability in the login form in the ...)
+	TODO: check
 CVE-2016-1487
 	RESERVED
 CVE-2016-1486
@@ -2138,10 +2343,10 @@
 	RESERVED
 CVE-2016-1305
 	RESERVED
-CVE-2016-1304
-	RESERVED
-CVE-2016-1303
-	RESERVED
+CVE-2016-1304 (Cross-site scripting (XSS) vulnerability in Cisco Unity Connection ...)
+	TODO: check
+CVE-2016-1303 (The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote ...)
+	TODO: check
 CVE-2016-1302
 	RESERVED
 CVE-2016-1301
@@ -2846,26 +3051,26 @@
 	RESERVED
 CVE-2016-1146
 	RESERVED
-CVE-2016-1145
-	RESERVED
-CVE-2016-1144
-	RESERVED
-CVE-2016-1143
-	RESERVED
+CVE-2016-1145 (Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER ...)
+	TODO: check
+CVE-2016-1144 (Cross-site scripting (XSS) vulnerability in JOB-CUBE -JOB WEB SYSTEM ...)
+	TODO: check
+CVE-2016-1143 (Cross-site scripting (XSS) vulnerability in main.rb in Vine MV before ...)
+	TODO: check
 CVE-2016-1142 (Seeds acmailer before 3.8.21 and 3.9.x before 3.9.15 Beta allows ...)
 	TODO: check
-CVE-2016-1141
-	RESERVED
-CVE-2016-1140
-	RESERVED
-CVE-2016-1139
-	RESERVED
-CVE-2016-1138
-	RESERVED
-CVE-2016-1137
-	RESERVED
-CVE-2016-1136
-	RESERVED
+CVE-2016-1141 (KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users ...)
+	TODO: check
+CVE-2016-1140 (KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct ...)
+	TODO: check
+CVE-2016-1139 (Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE ...)
+	TODO: check
+CVE-2016-1138 (CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 ...)
+	TODO: check
+CVE-2016-1137 (Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 ...)
+	TODO: check
+CVE-2016-1136 (Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE ...)
+	TODO: check
 CVE-2016-1135 (Cross-site scripting (XSS) vulnerability on BUFFALO BHR-4GRV2 devices ...)
 	TODO: check
 CVE-2016-1134 (Cross-site request forgery (CSRF) vulnerability on BUFFALO BHR-4GRV2 ...)
@@ -3798,8 +4003,8 @@
 	TODO: check
 CVE-2016-0868 (Stack-based buffer overflow on Rockwell Automation Allen-Bradley ...)
 	TODO: check
-CVE-2016-0867
-	RESERVED
+CVE-2016-0867 (CAREL PlantVisorEnhanced allows remote attackers to bypass intended ...)
+	TODO: check
 CVE-2016-0866
 	RESERVED
 CVE-2016-0865
@@ -4024,21 +4229,18 @@
 	RESERVED
 CVE-2016-0757
 	RESERVED
-CVE-2016-0756 [insecure dialback key generation/validation algorithm]
-	RESERVED
+CVE-2016-0756 (The generate_dialback function in the mod_dialback module in Prosody ...)
 	{DSA-3463-1 DLA-407-1}
 	- prosody 0.9.10-1
 	NOTE: http://blog.prosody.im/prosody-0-9-10-released/
 	NOTE: https://prosody.im/security/advisory_20160127/
 	NOTE: Upstream fix https://github.com/bjc/prosody/commit/8708def4f55e61acdd5b2c762d420ab40da0d015
-CVE-2016-0755 [NTLM credentials not-checked for proxy connection re-use]
-	RESERVED
+CVE-2016-0755 (The ConnectionExists function in lib/url.c in libcurl before 7.47.0 ...)
 	{DSA-3455-1}
 	- curl 7.47.0-1
 	[wheezy] - curl <no-dsa> (Too intrusive to backport)
 	NOTE: http://curl.haxx.se/docs/adv_20160127A.html
-CVE-2016-0754 [remote file name path traversal in curl tool for Windows]
-	RESERVED
+CVE-2016-0754 (cURL before 7.47.0 on Windows allows attackers to write to arbitrary ...)
 	- curl <not-affected> (Windows only)
 	NOTE: http://curl.haxx.se/docs/adv_20160127B.html
 CVE-2016-0753 [Possible Input Validation Circumvention in Active Model]
@@ -4110,13 +4312,11 @@
 	RESERVED
 CVE-2016-0739
 	RESERVED
-CVE-2016-0738
-	RESERVED
+CVE-2016-0738 (OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x ...)
 	- swift 2.5.0-3 (bug #812984)
 	NOTE: Swift: >=2.2.1 <= 2.3.0, >= 2.4.0 <= 2.5.0
 	TODO: check
-CVE-2016-0737
-	RESERVED
+CVE-2016-0737 (OpenStack Object Storage (Swift) before 2.4.0 does not properly close ...)
 	- swift 2.4.0-1
 	NOTE: Swift: >=2.2.1 <= 2.3.0
 	TODO: check, not exaclty clear if it really only was introduced in 2.2.1
@@ -6732,8 +6932,8 @@
 	NOT-FOR-US: Dovestones
 CVE-2015-8266
 	RESERVED
-CVE-2015-8265
-	RESERVED
+CVE-2015-8265 (Huawei E5186 4G LTE router with software before V200R001B310D01SP00C00 ...)
+	TODO: check
 CVE-2015-8264
 	RESERVED
 CVE-2015-8263 (NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same source ...)
@@ -7790,8 +7990,8 @@
 	NOT-FOR-US: eWON devices
 CVE-2015-7924 (eWON devices with firmware before 10.1s0 do not trigger the discarding ...)
 	NOT-FOR-US: eWON devices
-CVE-2015-7923
-	RESERVED
+CVE-2015-7923 (Westermo WeOS before 4.19.0 uses the same SSL private key across ...)
+	TODO: check
 CVE-2015-7922
 	RESERVED
 CVE-2015-7921
@@ -9082,8 +9282,7 @@
 	RESERVED
 CVE-2015-7522
 	RESERVED
-CVE-2015-7521
-	RESERVED
+CVE-2015-7521 (The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, ...)
 	NOT-FOR-US: Apache Hive
 CVE-2015-7520
 	RESERVED




More information about the Secure-testing-commits mailing list