[Secure-testing-commits] r39551 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Feb 8 21:10:21 UTC 2016
Author: sectracker
Date: 2016-02-08 21:10:21 +0000 (Mon, 08 Feb 2016)
New Revision: 39551
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-02-08 20:22:27 UTC (rev 39550)
+++ data/CVE/list 2016-02-08 21:10:21 UTC (rev 39551)
@@ -1,3 +1,41 @@
+CVE-2016-2242
+ RESERVED
+CVE-2016-2241
+ RESERVED
+CVE-2016-2240
+ RESERVED
+CVE-2016-2239
+ RESERVED
+CVE-2016-2238
+ RESERVED
+CVE-2016-2237
+ RESERVED
+CVE-2016-2236
+ RESERVED
+CVE-2016-2235
+ RESERVED
+CVE-2016-2234
+ RESERVED
+CVE-2016-2233
+ RESERVED
+CVE-2016-2232
+ RESERVED
+CVE-2016-2231
+ RESERVED
+CVE-2016-2230
+ RESERVED
+CVE-2016-2229
+ RESERVED
+CVE-2016-2227
+ RESERVED
+CVE-2016-2226
+ RESERVED
+CVE-2015-8811
+ RESERVED
+CVE-2015-8810
+ RESERVED
+CVE-2015-8809
+ RESERVED
CVE-2014-9765 [Buffer overflow]
- xdelta3 <unfixed> (bug #814067)
NOTE: https://github.com/jmacd/xdelta-devel/commit/ef93ff74203e030073b898c05e8b4860b5d09ef2
@@ -10,6 +48,7 @@
CVE-2009-XXXX [tinyca leaks password to all local users on openssl operations]
- tinyca <unfixed> (bug #538074)
CVE-2015-8808 [out-of-bound read in the parsing of gif files]
+ RESERVED
- graphicsmagick <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2016/02/06/1
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=8e8fa353f53
@@ -22,11 +61,13 @@
CVE-2016-2218
RESERVED
CVE-2016-2224 [denial of service while parsing compressed items]
+ RESERVED
- uclibc <unfixed> (unimportant)
NOTE: Just for cross-compiling, not used for actual packages
NOTE: http://repo.or.cz/uclibc-ng.git/commit/16719c1a7078421928e6d31dd1dec574825ef515
NOTE: http://www.openwall.com/lists/oss-security/2016/02/05/2
CVE-2016-2225 [crafted packet will make the parser terminate early]
+ RESERVED
- uclibc <unfixed> (unimportant)
NOTE: Just for cross-compiling, not used for actual packages
NOTE: http://repo.or.cz/uclibc-ng.git/commit/bb01edff0377f2585ce304ecbadcb7b6cde372ac
@@ -114,6 +155,7 @@
NOTE: https://github.com/horde/horde/commit/11d74fa5a22fe626c5e5a010b703cd46a136f253
NOTE: http://www.openwall.com/lists/oss-security/2016/02/06/4
CVE-2016-2228 [reflected cross-site scripting]
+ RESERVED
- php-horde 5.2.9+debian0-1 (bug #813573)
NOTE: https://bugs.horde.org/ticket/14213
NOTE: http://lists.horde.org/archives/announce/2016/001140.html
@@ -401,12 +443,14 @@
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/02/5
CVE-2016-2221 [open redirect vulnerability]
RESERVED
+ {DSA-3472-1}
- wordpress 4.4.2+dfsg-1 (bug #813697)
NOTE: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
NOTE: https://core.trac.wordpress.org/changeset/36444
NOTE: http://www.openwall.com/lists/oss-security/2016/02/04/4
CVE-2016-2222 [SSRF for certain local URIs]
RESERVED
+ {DSA-3472-1}
- wordpress 4.4.2+dfsg-1 (bug #813697)
NOTE: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
NOTE: https://core.trac.wordpress.org/changeset/36435
@@ -542,8 +586,7 @@
RESERVED
CVE-2016-2071
RESERVED
-CVE-2015-8787 [Missing NULL pointer check in nf_nat_redirect_ipv4]
- RESERVED
+CVE-2015-8787 (The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c ...)
- linux 4.3.5-1
[jessie] - linux <not-affected> (Vulnerable code introduced in v3.19-rc1)
[wheezy] - linux <not-affected> (Vulnerable code introduced in v3.19-rc1)
@@ -1973,8 +2016,7 @@
NOTE: fw_cfg support for guest-side data writes removed in 2.4 (1:2.4+dfsg-1a)
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=023e3148567ac898c7258138f8e86c3c2bb40d07 (v2.4.0-rc0)
NOTE: fw_cfg_read removed in: http://git.qemu.org/?p=qemu.git;a=commit;h=6c8d56a2e95712a6206a2671d2b04b2e59cabc0b
-CVE-2015-8767 [SCTP denial of service during heartbeat timeout functions]
- RESERVED
+CVE-2015-8767 (net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not ...)
{DSA-3448-1 DLA-412-1}
- linux 4.3.1-1
- linux-2.6 <removed>
@@ -2559,28 +2601,28 @@
RESERVED
CVE-2016-1312
RESERVED
-CVE-2016-1311
- RESERVED
-CVE-2016-1310
- RESERVED
-CVE-2016-1309
- RESERVED
-CVE-2016-1308
- RESERVED
-CVE-2016-1307
- RESERVED
-CVE-2016-1306
- RESERVED
-CVE-2016-1305
- RESERVED
+CVE-2016-1311 (Cross-site scripting (XSS) vulnerability in the management interface ...)
+ TODO: check
+CVE-2016-1310 (Cross-site scripting (XSS) vulnerability in Cisco Unity Connection ...)
+ TODO: check
+CVE-2016-1309 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx ...)
+ TODO: check
+CVE-2016-1308 (SQL injection vulnerability in Cisco Unified Communications Manager ...)
+ TODO: check
+CVE-2016-1307 (The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and ...)
+ TODO: check
+CVE-2016-1306 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Fog ...)
+ TODO: check
+CVE-2016-1305 (Cross-site scripting (XSS) vulnerability in Cisco Application Policy ...)
+ TODO: check
CVE-2016-1304 (Cross-site scripting (XSS) vulnerability in Cisco Unity Connection ...)
TODO: check
CVE-2016-1303 (The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote ...)
TODO: check
-CVE-2016-1302
- RESERVED
-CVE-2016-1301
- RESERVED
+CVE-2016-1302 (Cisco Application Policy Infrastructure Controller (APIC) devices with ...)
+ TODO: check
+CVE-2016-1301 (The RBAC implementation in Cisco ASA-CX Content-Aware Security ...)
+ TODO: check
CVE-2016-1300 (Cross-site scripting (XSS) vulnerability in Cisco Unity Connection ...)
TODO: check
CVE-2016-1299 (The web-management GUI implementation on Cisco Small Business SG300 ...)
@@ -4208,8 +4250,7 @@
NOTE: https://twitter.com/thegrugq/status/677809527882813440
NOTE: https://github.com/blueman-project/blueman/commit/a3845bbed5fdddf14daec436b7e74f62719a71c1
NOTE: http://www.openwall.com/lists/oss-security/2015/12/18/6
-CVE-2015-8709 [privilege escalation in user namespaces]
- RESERVED
+CVE-2015-8709 (** DISPUTED ** kernel/ptrace.c in the Linux kernel through 4.4.1 ...)
- linux 4.3.3-3
[jessie] - linux 3.16.7-ckt20-1+deb8u2
[wheezy] - linux <not-affected> (Vulnerable code not present)
@@ -4350,32 +4391,32 @@
RESERVED
CVE-2016-0814
RESERVED
-CVE-2016-0813
- RESERVED
-CVE-2016-0812
- RESERVED
-CVE-2016-0811
- RESERVED
-CVE-2016-0810
- RESERVED
-CVE-2016-0809
- RESERVED
-CVE-2016-0808
- RESERVED
-CVE-2016-0807
- RESERVED
-CVE-2016-0806
- RESERVED
-CVE-2016-0805
- RESERVED
-CVE-2016-0804
- RESERVED
-CVE-2016-0803
- RESERVED
-CVE-2016-0802
- RESERVED
-CVE-2016-0801
- RESERVED
+CVE-2016-0813 (packages/SystemUI/src/com/android/systemui/recents/AlternateRecentsComponent.java ...)
+ TODO: check
+CVE-2016-0812 (The interceptKeyBeforeDispatching function in ...)
+ TODO: check
+CVE-2016-0811 (Integer overflow in the BnCrypto::onTransact function in ...)
+ TODO: check
+CVE-2016-0810 (media/libmedia/SoundPool.cpp in mediaserver in Android 4.x before ...)
+ TODO: check
+CVE-2016-0809 (Use-after-free vulnerability in the wifi_cleanup function in ...)
+ TODO: check
+CVE-2016-0808 (Integer overflow in the getCoverageFormat12 function in ...)
+ TODO: check
+CVE-2016-0807 (The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x ...)
+ TODO: check
+CVE-2016-0806 (The Qualcomm Wi-Fi driver in the kernel in Android 4.x before 4.4.4, ...)
+ TODO: check
+CVE-2016-0805 (The performance event manager for Qualcomm ARM processors in Android ...)
+ TODO: check
+CVE-2016-0804 (The NuPlayer::GenericSource::notifyPreparedAndCleanup function in ...)
+ TODO: check
+CVE-2016-0803 (libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before ...)
+ TODO: check
+CVE-2016-0802 (The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, ...)
+ TODO: check
+CVE-2016-0801 (The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, ...)
+ TODO: check
CVE-2016-0800
RESERVED
CVE-2016-0799
@@ -4591,8 +4632,7 @@
RESERVED
CVE-2016-0729
RESERVED
-CVE-2016-0728
- RESERVED
+CVE-2016-0728 (The join_session_keyring function in security/keys/process_keys.c in ...)
{DSA-3448-1}
- linux 4.3.3-6
[wheezy] - linux <not-affected> (Introduced in v3.8-rc1)
@@ -4617,8 +4657,7 @@
- moodle 2.7.12+dfsg-1 (bug #811344)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52072
-CVE-2016-0723 [use-after-free in TIOCGETD ioctl]
- RESERVED
+CVE-2016-0723 (Race condition in the tty_ioctl function in drivers/tty/tty_io.c in ...)
{DSA-3448-1 DLA-412-1}
- linux 4.3.3-6
- linux-2.6 <removed>
@@ -4718,8 +4757,7 @@
NOT-FOR-US: Autodesk
CVE-2015-8570 (The password reset functionality in Lepide Active Directory Self ...)
NOT-FOR-US: Lepide
-CVE-2015-8575 [sco_sock_bind issue]
- RESERVED
+CVE-2015-8575 (The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel ...)
{DSA-3434-1 DLA-378-1}
- linux 4.3.3-3
- linux-2.6 <removed>
@@ -4875,8 +4913,7 @@
RESERVED
- qemu <not-affected> (Issue specific to virtfs-proxy-helper in Gentoo installed suid)
NOTE: http://www.openwall.com/lists/oss-security/2015/12/14/5
-CVE-2015-8785 [fuse: possible denial of service in fuse_fill_write_pages()]
- RESERVED
+CVE-2015-8785 (The fuse_fill_write_pages function in fs/fuse/file.c in the Linux ...)
{DLA-412-1}
- linux 4.3.5-1
- linux-2.6 <removed>
@@ -5637,8 +5674,7 @@
- linux-2.6 <removed>
NOTE: http://www.openwall.com/lists/oss-security/2015/12/09/3
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79462ad02e861803b3840cc782248c7359451cd9 (v4.4-rc6)
-CVE-2015-8539 [Fix handling of stored error in a negatively instantiated user key]
- RESERVED
+CVE-2015-8539 (The KEYS subsystem in the Linux kernel before 4.4 allows local users ...)
- linux <not-affected> (Vulnerable code not present)
- linux-2.6 <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096fe9eaea40a17e125569f9e657e34cdb6d73bd (v4.4-rc3)
@@ -8275,12 +8311,12 @@
NOT-FOR-US: F1BookView
CVE-2015-7917 (Untrusted search path vulnerability in Open Automation OPC Systems.NET ...)
NOT-FOR-US: Open Automation OPC Systems.NET
-CVE-2015-7916
- RESERVED
-CVE-2015-7915
- RESERVED
-CVE-2015-7914
- RESERVED
+CVE-2015-7916 (Cross-site scripting (XSS) vulnerability in Sauter EY-WS505F0x0 ...)
+ TODO: check
+CVE-2015-7915 (Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext ...)
+ TODO: check
+CVE-2015-7914 (Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote ...)
+ TODO: check
CVE-2015-7913 (ag_server_service.exe in the AggreGate Server Service in Tibbo ...)
NOT-FOR-US: AggreGate
CVE-2015-7912 (The Ice Faces servlet in ag_server_service.exe in the AggreGate Server ...)
@@ -9399,8 +9435,7 @@
RESERVED
CVE-2015-7567
RESERVED
-CVE-2015-7566 [Crash on invalid USB device descriptors in visor driver]
- RESERVED
+CVE-2015-7566 (The clie_5_attach function in drivers/usb/serial/visor.c in the Linux ...)
{DSA-3448-1 DLA-412-1}
- linux 4.3.3-6
- linux-2.6 <removed>
@@ -9464,8 +9499,7 @@
- ruby2.2 2.2.4-1 (bug #796551)
NOTE: https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/
TODO: check correctness for CVE-2009-5147/CVE-2015-7551 record since affects multiple ruby versions
-CVE-2015-7550 [Linux keyring subsystem race leads to null dereference]
- RESERVED
+CVE-2015-7550 (The keyctl_read_key function in security/keys/keyctl.c in the Linux ...)
{DSA-3434-1 DLA-378-1}
- linux 4.3.3-3
- linux-2.6 <removed>
@@ -9576,8 +9610,7 @@
CVE-2015-7514
RESERVED
- ironic 1:4.2.2-1 (bug #807269)
-CVE-2015-7513 [Reload pit counters for all channels when restoring state]
- RESERVED
+CVE-2015-7513 (arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the ...)
{DSA-3434-1}
- linux 4.3.3-3
- linux-2.6 <removed>
@@ -12118,7 +12151,7 @@
CVE-2015-6554 (Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 ...)
TODO: check
CVE-2015-6553
- RESERVED
+ REJECTED
CVE-2015-6552
RESERVED
CVE-2015-6551
@@ -12490,8 +12523,8 @@
TODO: check
CVE-2015-6399 (The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management ...)
TODO: check
-CVE-2015-6398
- RESERVED
+CVE-2015-6398 (Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode ...)
+ TODO: check
CVE-2015-6397
RESERVED
CVE-2015-6396
@@ -64775,8 +64808,7 @@
CVE-2013-4313 (Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and ...)
- moodle 2.5.2-1
[squeeze] - moodle <not-affected>
-CVE-2013-4312
- RESERVED
+CVE-2013-4312 (The Linux kernel before 4.4.1 allows local users to bypass ...)
{DSA-3448-1}
- linux 4.3.5-1
- linux-2.6 <removed>
More information about the Secure-testing-commits
mailing list