[Secure-testing-commits] r39470 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Feb 5 09:10:16 UTC 2016 

Author: sectracker
Date: 2016-02-05 09:10:16 +0000 (Fri, 05 Feb 2016)
New Revision: 39470

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-02-04 21:21:11 UTC (rev 39469)
+++ data/CVE/list	2016-02-05 09:10:16 UTC (rev 39470)
@@ -1,3 +1,45 @@
+CVE-2016-2216
+	RESERVED
+CVE-2016-2215
+	RESERVED
+CVE-2016-2214
+	RESERVED
+CVE-2016-2212
+	RESERVED
+CVE-2016-2211
+	RESERVED
+CVE-2016-2210
+	RESERVED
+CVE-2016-2209
+	RESERVED
+CVE-2016-2208
+	RESERVED
+CVE-2016-2207
+	RESERVED
+CVE-2016-2206
+	RESERVED
+CVE-2016-2205
+	RESERVED
+CVE-2016-2204
+	RESERVED
+CVE-2016-2203
+	RESERVED
+CVE-2016-2202
+	RESERVED
+CVE-2016-2201
+	RESERVED
+CVE-2016-2200
+	RESERVED
+CVE-2015-8802
+	RESERVED
+CVE-2015-8801
+	RESERVED
+CVE-2015-8800
+	RESERVED
+CVE-2015-8799
+	RESERVED
+CVE-2015-8798
+	RESERVED
 CVE-2016-XXXX [Integer oferflow in Resample.c]
 	- pillow <unfixed>
 	- python-imaging <removed>
@@ -31,7 +73,7 @@
 	REJECTED
 CVE-2016-2199 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
 	NOT-FOR-US: Enterprise Manager in McAfee Vulnerability Manager
-CVE-2016-2213
+CVE-2016-2213 (The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in ...)
 	- ffmpeg 7:2.8.6-1
 	- libav <removed>
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0aada30510d809bccfd539a90ea37b61188f2cb4
@@ -244,20 +286,24 @@
 CVE-2016-2093
 	RESERVED
 CVE-2015-8806 [Heap-buffer overread in libxml2/dict.c]
+	RESERVED
 	- libxml2 <unfixed> (bug #813613)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=749115
 CVE-2015-8805 [miscomputation bugs in secp-256r1 modulo functions]
+	RESERVED
 	- nettle <unfixed> (bug #813679)
 	[wheezy] - nettle <not-affected> (Vulnerable code not present)
 	[squeeze] - nettle <not-affected> (Vulnerable code not present)
 	NOTE: https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d
 CVE-2015-8804 [Miscalculations on secp384 curve]
+	RESERVED
 	- nettle <unfixed> (bug #813679)
 	[wheezy] - nettle <not-affected> (Vulnerable code not present)
 	[squeeze] - nettle <not-affected> (Vulnerable code not present)
 	NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2015/003024.html
 	NOTE: https://git.lysator.liu.se/nettle/nettle/commit/fa269b6ad06dd13c901dbd84a12e52b918a09cd7
 CVE-2015-8803 [secp256 calculation bug]
+	RESERVED
 	- nettle <unfixed> (bug #813679)
 	[wheezy] - nettle <not-affected> (Vulnerable code not present)
 	[squeeze] - nettle <not-affected> (Vulnerable code not present)
@@ -304,6 +350,7 @@
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/01/5
 	NOTE: http://www.dest-unreach.org/socat/contrib/socat-secadv8.html
 CVE-2016-2217 [Socat security advisory 7 - Created new 2048bit DH modulus]
+	RESERVED
 	- socat 1.7.3.1-1 (bug #813536)
 	[jessie] - socat <not-affected> (Broken 1024bit DH parameter generated in 1.7.3.0)
 	[wheezy] - socat <not-affected> (Broken 1024bit DH parameter generated in 1.7.3.0)
@@ -987,13 +1034,11 @@
 	[jessie] - symfony <no-dsa> (Minor issue)
 	NOTE: http://symfony.com/blog/cve-2016-1902-securerandom-s-fallback-not-secure-when-openssl-fails
 	NOTE: https://github.com/symfony/symfony/pull/17359
-CVE-2016-1906 [Kubernetes api server: build config to a strategy that isn't allowed by policy]
-	RESERVED
+CVE-2016-1906 (The API server in Kubernetes might allow remote attackers to gain ...)
 	- kubernetes <itp> (bug #795652)
 	NOTE: https://github.com/openshift/origin/issues/6556
 	NOTE: https://github.com/openshift/origin/pull/6576
-CVE-2016-1905 [Kubernetes api server: patch operation should use patched object to check admission control]
-	RESERVED
+CVE-2016-1905 (The API server in Kubernetes does not properly check admission ...)
 	- kubernetes <itp> (bug #795652)
 	NOTE: https://github.com/kubernetes/kubernetes/issues/19479
 	NOTE: https://github.com/kubernetes/kubernetes/pull/19481
@@ -2463,10 +2508,9 @@
 	RESERVED
 CVE-2016-1285
 	RESERVED
-CVE-2016-1284
-	RESERVED
-CVE-2016-1505 [On MS Windows the filesystem backend allows access to the first level of files on a drive.]
-	RESERVED
+CVE-2016-1284 (rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before ...)
+	TODO: check
+CVE-2016-1505 (The filesystem storage backend in Radicale before 1.1 on Windows ...)
 	- radicale <not-affected> (Only an issue on MS Windows)
 CVE-2015-8764 [one byte buffer overrun]
 	RESERVED
@@ -2498,12 +2542,10 @@
 	- nova <unfixed>
 	NOTE: https://launchpad.net/bugs/1516765
 	NOTE: Affects: >= 2014.2 <= 2015.1.2, ==12.0.0
-CVE-2015-8748 [Prevent regex injection in rights management]
-	RESERVED
+CVE-2015-8748 (Radicale before 1.1 allows remote authenticated users to bypass ...)
 	{DSA-3462-1 DLA-403-1}
 	- radicale 1.1.1-1 (bug #809920)
-CVE-2015-8747 [The multifilesystem backend allows access to arbitrary files on all platforms]
-	RESERVED
+CVE-2015-8747 (The multifilesystem storage backend in Radicale before 1.1 allows ...)
 	{DSA-3462-1 DLA-403-1}
 	- radicale 1.1.1-1 (bug #809920)
 CVE-2015-8746 [when NFSv4 migration is executed, kernel oops occurs at NFS client]
@@ -7025,8 +7067,8 @@
 	RESERVED
 CVE-2015-8270
 	RESERVED
-CVE-2015-8269
-	RESERVED
+CVE-2015-8269 (The API on Fisher-Price Smart Toy Bear devices allows remote attackers ...)
+	TODO: check
 CVE-2015-8268
 	RESERVED
 CVE-2015-8267 (The PasswordReset.Controllers.ResetController.ChangePasswordIndex ...)
@@ -9315,8 +9357,7 @@
 	NOTE: https://bugs.launchpad.net/bugs/1524274
 CVE-2015-7547
 	RESERVED
-CVE-2015-7546 [Potential reuse of revoked Identity tokens]
-	RESERVED
+CVE-2015-7546 (The identity service in OpenStack Identity (Keystone) before 2015.1.3 ...)
 	- keystone <unfixed>
 	[wheezy] - keystone <no-dsa> (Too intrusive to backport, needs to switch to different token provider)
 	[jessie] - keystone <no-dsa> (Too intrusive to backport, needs to switch to different token provider)
@@ -9345,14 +9386,14 @@
 	[wheezy] - samba <not-affected> (Only affects 4.0.0 to 4.1.21)
 	[squeeze] - samba <not-affected> (Only affects 4.0.0 to 4.1.21)
 	NOTE: https://www.samba.org/samba/security/CVE-2015-7540.html
-CVE-2015-7539
-	RESERVED
-CVE-2015-7538
-	RESERVED
-CVE-2015-7537
-	RESERVED
-CVE-2015-7536
-	RESERVED
+CVE-2015-7539 (The Plugins Manager in CloudBees Jenkins before 1.640 and LTS before ...)
+	TODO: check
+CVE-2015-7538 (CloudBees Jenkins before 1.640 and LTS before 1.625.2 allow remote ...)
+	TODO: check
+CVE-2015-7537 (Cross-site request forgery (CSRF) vulnerability in CloudBees Jenkins ...)
+	TODO: check
+CVE-2015-7536 (Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before ...)
+	TODO: check
 CVE-2015-7535
 	RESERVED
 CVE-2015-7534
@@ -15109,8 +15150,7 @@
 	RESERVED
 CVE-2015-5345
 	RESERVED
-CVE-2015-5344
-	RESERVED
+CVE-2015-5344 (The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x ...)
 	NOT-FOR-US: Apache Camel
 CVE-2015-5343 [Remotely triggerable heap overflow and out-of-bounds read in mod_dav_svn caused by integer overflow when parsing skel-encoded request bodies]
 	RESERVED

More information about the Secure-testing-commits mailing list