[Secure-testing-commits] r39512 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Sat Feb 6 09:10:15 UTC 2016 

Author: sectracker
Date: 2016-02-06 09:10:15 +0000 (Sat, 06 Feb 2016)
New Revision: 39512

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-02-06 07:18:20 UTC (rev 39511)
+++ data/CVE/list	2016-02-06 09:10:15 UTC (rev 39512)
@@ -1,3 +1,13 @@
+CVE-2016-2223
+	RESERVED
+CVE-2016-2220
+	RESERVED
+CVE-2016-2219
+	RESERVED
+CVE-2016-2218
+	RESERVED
+CVE-2015-8807
+	RESERVED
 CVE-2016-2224 [denial of service while parsing compressed items]
 	- uclibc <unfixed> (unimportant)
 	NOTE: Just for cross-compiling, not used for actual packages
@@ -370,11 +380,13 @@
 	NOTE: https://github.com/python-pillow/Pillow/pull/1706
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/02/5
 CVE-2016-2221 [open redirect vulnerability]
+	RESERVED
 	- wordpress 4.4.2+dfsg-1 (bug #813697)
 	NOTE: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
 	NOTE:  https://core.trac.wordpress.org/changeset/36444
 	NOTE: http://www.openwall.com/lists/oss-security/2016/02/04/4
 CVE-2016-2222 [SSRF for certain local URIs]
+	RESERVED
 	- wordpress 4.4.2+dfsg-1 (bug #813697)
 	NOTE: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
 	NOTE: https://core.trac.wordpress.org/changeset/36435
@@ -652,26 +664,26 @@
 	NOTE: Introduced in https://git.kernel.org/linus/3d167d68e3805ee45ed2e8412fc03ed919c54c24 (v3.13-rc1)
 	NOTE: Fixed by: https://git.kernel.org/linus/0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f (v4.3-rc1)
 CVE-2015-8783 (tif_luv.c in libtiff allows attackers to cause a denial of service ...)
-	{DLA-405-1}
+	{DSA-3467-1 DLA-405-1}
 	- tiff 4.0.6-1
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522
 	NOTE: Commit: https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/3
 CVE-2015-8782 (tif_luv.c in libtiff allows attackers to cause a denial of service ...)
-	{DLA-405-1}
+	{DSA-3467-1 DLA-405-1}
 	- tiff 4.0.6-1
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522
 	NOTE: Commit: https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/3
 CVE-2015-8781 (tif_luv.c in libtiff allows attackers to cause a denial of service ...)
-	{DLA-405-1}
+	{DSA-3467-1 DLA-405-1}
 	- tiff 4.0.6-1
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522#0
 	NOTE: Commit: https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/3
 CVE-2015-8784 [potential out-of-bound write in NeXTDecode()]
 	RESERVED
-	{DLA-405-1}
+	{DSA-3467-1 DLA-405-1}
 	- tiff 4.0.6-1
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2508
 	NOTE: Can be reproduced with tiff compiled with AddressSanitizer
@@ -3419,14 +3431,14 @@
 	TODO: check
 CVE-2015-8683 [out-of-bounds read in CIE Lab image format]
 	RESERVED
-	{DLA-402-1}
+	{DSA-3467-1 DLA-402-1}
 	- tiff 4.0.6-1 (bug #809021)
 	- tiff3 <removed>
 	NOTE: http://www.openwall.com/lists/oss-security/2015/12/25/1
 	NOTE: https://github.com/vadz/libtiff/commit/f94a29a822f5528d2334592760fbb7938f15eb55
 CVE-2015-8665 [Out-of-bounds Read]
 	RESERVED
-	{DLA-402-1}
+	{DSA-3467-1 DLA-402-1}
 	- tiff 4.0.6-1 (bug #808968)
 	- tiff3 <removed>
 	NOTE: http://www.openwall.com/lists/oss-security/2015/12/24/2
@@ -4188,11 +4200,9 @@
 	RESERVED
 CVE-2016-0863
 	RESERVED
-CVE-2016-0862
-	RESERVED
+CVE-2016-0862 (General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter ...)
 	NOT-FOR-US: General Electric devices
-CVE-2016-0861
-	RESERVED
+CVE-2016-0861 (General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter ...)
 	NOT-FOR-US: General Electric devices
 CVE-2016-0860 (Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess ...)
 	TODO: check
@@ -24341,9 +24351,9 @@
 	NOTE: https://github.com/mono/mono/commit/1509226c41d74194c146deb173e752b8d3cdeec4
 	NOTE: Patch for versions earlier than 3.4: https://gist.github.com/directhex/f8c6e67f551d8a608154
 CVE-2015-2303
-	RESERVED
+	REJECTED
 CVE-2015-2302
-	RESERVED
+	REJECTED
 CVE-2015-2300
 	RESERVED
 CVE-2015-2299
@@ -43320,12 +43330,15 @@
 CVE-2014-5014
 	RESERVED
 CVE-2014-5013 [Remote Code Execution (complement of CVE-2014-2383)]
+	RESERVED
 	- php-dompdf <unfixed> (bug #813849)
 	NOTE: https://github.com/dompdf/dompdf/releases/tag/v0.6.2
 CVE-2014-5012 [Denial Of Service Vector]
+	RESERVED
 	- php-dompdf <unfixed> (bug #813849)
 	NOTE: https://github.com/dompdf/dompdf/releases/tag/v0.6.2
 CVE-2014-5011 [Information Disclosure]
+	RESERVED
 	- php-dompdf <unfixed> (bug #813849)
 	NOTE: https://github.com/dompdf/dompdf/releases/tag/v0.6.2
 CVE-2014-5010

More information about the Secure-testing-commits mailing list