[Secure-testing-commits] r39869 - data/CVE

Tue Feb 23 21:10:25 UTC 2016

Author: sectracker
Date: 2016-02-23 21:10:25 +0000 (Tue, 23 Feb 2016)
New Revision: 39869

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-02-23 21:04:12 UTC (rev 39868)
+++ data/CVE/list	2016-02-23 21:10:25 UTC (rev 39869)
@@ -1,3 +1,11 @@
+CVE-2016-2537 (The is-my-json-valid package before 2.12.4 for Node.js has an ...)
+	TODO: check
+CVE-2016-2536 (Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise ...)
+	TODO: check
+CVE-2016-2535
+	RESERVED
+CVE-2016-2534
+	RESERVED
 CVE-2016-2532
 	RESERVED
 CVE-2016-2531
@@ -56,6 +64,7 @@
 	NOT-FOR-US: NodeJS Hawk
 CVE-2016-2511 [Reflected Cross-Site Scripting]
 	RESERVED
+	{DSA-3490-1}
 	- websvn <removed>
 CVE-2016-2509 (The password-sync feature on Belden Hirschmann Classic Platform ...)
 	NOT-FOR-US: Belden Hirschmann Classic Platform switches
@@ -604,8 +613,8 @@
 	RESERVED
 CVE-2016-2319
 	RESERVED
-CVE-2016-2316
-	RESERVED
+CVE-2016-2316 (chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and ...)
+	TODO: check
 CVE-2016-2315
 	RESERVED
 CVE-2016-2314 (GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices ...)
@@ -827,8 +836,8 @@
 	RESERVED
 CVE-2016-2233
 	RESERVED
-CVE-2016-2232
-	RESERVED
+CVE-2016-2232 (Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before ...)
+	TODO: check
 CVE-2016-2231 (The Windows-based Host Interface Program (WHIP) service on Huawei ...)
 	TODO: check
 CVE-2016-2230 (OpenELEC and RasPlex devices have a hardcoded password for the root ...)
@@ -1265,6 +1274,7 @@
 	NOTE: https://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html
 	NOTE: https://github.com/Matroska-Org/libebml/commit/ababb64e0c792ad2a314245233db0833ba12036b
 CVE-2016-2533 [Buffer overflow in Python-Pillow and PIL]
+	RESERVED
 	{DLA-422-1}
 	- pillow 3.1.1-1
 	- python-imaging <removed>
@@ -1507,7 +1517,7 @@
 	[wheezy] - python-django <not-affected> (Only affects 1.9)
 	[squeeze] - python-django <not-affected> (Only affects 1.9)
 	NOTE: https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189/
-CVE-2016-2046 (Cross-site scripting (XSS) vulnerability in the Nessus Web UI in ...)
+CVE-2016-2046 (Cross-site scripting (XSS) vulnerability in the UserPortal page in ...)
 	TODO: check
 CVE-2016-2045 (Cross-site scripting (XSS) vulnerability in the SQL editor in ...)
 	- phpmyadmin 4:4.5.4-1
@@ -1833,6 +1843,7 @@
 	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-04/
 CVE-2016-1938 (The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network ...)
+	{DLA-427-1}
 	- iceweasel 44.0-1
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
@@ -1958,8 +1969,7 @@
 	NOTE: Introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=7c23b8920329180f48b8a147b629d8837709d201 (v0.10.0)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1298570
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/10
-CVE-2016-2037 [out-of-bounds write with cpio 2.11]
-	RESERVED
+CVE-2016-2037 (The cpio_safer_name_suffix function in util.c in cpio 2.11 allows ...)
 	{DSA-3483-1 DLA-415-1}
 	- cpio 2.11+dfsg-5 (bug #812401)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/4
@@ -4187,8 +4197,8 @@
 	RESERVED
 CVE-2016-1158
 	RESERVED
-CVE-2016-1157
-	RESERVED
+CVE-2016-1157 (Cross-site scripting (XSS) vulnerability in log_chat.cgi in Script* ...)
+	TODO: check
 CVE-2016-1156 (LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X ...)
 	TODO: check
 CVE-2016-1155
@@ -5332,6 +5342,8 @@
 CVE-2016-0788
 	RESERVED
 CVE-2016-0787 [Weak Diffie-Hellman secret generation in libssh2 before 1.7.0]
+	RESERVED
+	{DSA-3487-1 DLA-426-1}
 	- libssh2 <unfixed> (bug #815662)
 	NOTE: Upstream fix: https://github.com/libssh2/libssh2/commit/ca5222ea819cc5ed797860070b4c6c1aeeb28420
 	NOTE: Upstream patch only fixes DH SHA-256 key exchange type, not DH SHA-1
@@ -5508,6 +5520,8 @@
 	NOTE: Fixed by: https://github.com/python-pillow/Pillow/commit/6dcbf5bd96b717c58d7b642949da8d323099928e (3.1.1)
 	NOTE: Introduced by: https://github.com/python-pillow/Pillow/commit/e782fe721e0156de9636e78cd881d9f9e7e6ce50 (2.0.0)
 CVE-2016-0739 [Weak Diffie-Hellman secret generation in libssh]
+	RESERVED
+	{DSA-3488-1 DLA-425-1}
 	- libssh <unfixed> (bug #815663)
 	NOTE: Upstream fix: https://git.libssh.org/projects/libssh.git/commit/?h=v0-7&id=f8d0026c65fc8a55748ae481758e2cf376c26c86
 CVE-2016-0738 (OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x ...)
@@ -48209,7 +48223,7 @@
 	{DSA-3053-1 DLA-81-1}
 	- openssl 1.0.1j-1
 CVE-2014-3566 (The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...)
-	{DSA-3253-1 DSA-3147-1 DSA-3144-1 DSA-3092-1 DLA-400-1 DLA-282-1 DLA-157-1}
+	{DSA-3489-1 DSA-3253-1 DSA-3147-1 DSA-3144-1 DSA-3092-1 DLA-400-1 DLA-282-1 DLA-157-1}
 	- arora <unfixed> (unimportant)
 	- bouncycastle <not-affected> (SSLv3 needs to be explicitly enabled)
 	NOTE: http://www.kb.cert.org/vuls/id/BLUU-9PYTFQ
@@ -57891,7 +57905,7 @@
 CVE-2014-0293 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2014-0292
-	RESERVED
+	REJECTED
 CVE-2014-0291
 	RESERVED
 CVE-2014-0290 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)


