[Secure-testing-commits] r39898 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Wed Feb 24 21:10:17 UTC 2016 

Author: sectracker
Date: 2016-02-24 21:10:17 +0000 (Wed, 24 Feb 2016)
New Revision: 39898

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-02-24 21:05:18 UTC (rev 39897)
+++ data/CVE/list	2016-02-24 21:10:17 UTC (rev 39898)
@@ -1,4 +1,11 @@
+CVE-2016-2541
+	RESERVED
+CVE-2016-2540
+	RESERVED
+CVE-2016-2539
+	RESERVED
 CVE-2016-2550 [unix: correctly track in-flight fds in sending process user_struct]
+	RESERVED
 	- linux <unfixed>
 	- linux-2.6 <removed>
 	NOTE: Upstream fix: https://git.kernel.org/linus/415e3d3e90ce9e18727e8843ae343eda5a58fad6 (v4.5-rc4)
@@ -6,41 +13,48 @@
 	NOTE: Technically wheezy-security and squeeze-lts are not affected by this CVE since the fix for
 	NOTE: addressing CVE-2013-4312 was not applied.
 CVE-2016-2549 [ALSA: hrtimer: Fix stall by hrtimer_cancel()]
+	RESERVED
 	- linux 4.4.2-1
 	- linux-2.6 <removed>
 	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2ba1fe7a06d3624f9a7586d672b55f08f7c670f3 (v4.5-rc1)
 	TODO: check versions
 CVE-2016-2548
+	RESERVED
 	- linux 4.4.2-1
 	- linux-2.6 <removed>
 	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d (v4.5-rc1)
 	TODO: check versions
 CVE-2016-2547
+	RESERVED
 	- linux 4.4.2-1
 	- linux-2.6 <removed>
 	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d (v4.5-rc1)
 	TODO: check versions
 CVE-2016-2546 [ALSA: timer: Fix race among timer ioctls]
+	RESERVED
 	- linux 4.4.2-1
 	- linux-2.6 <removed>
 	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af368027a49a751d6ff4ee9e3f9961f35bb4fede (v4.5-rc1)
 	TODO: check versions
 CVE-2016-2545 [ALSA: timer: Fix double unlink of active_list]
+	RESERVED
 	- linux 4.4.2-1
 	- linux-2.6 <removed>
 	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee8413b01045c74340aa13ad5bdf905de32be736 (v4.5-rc1)
 	TODO: check versions
 CVE-2016-2544 [ALSA: seq: Fix race at timer setup and close]
+	RESERVED
 	- linux 4.4.2-1
 	- linux-2.6 <removed>
 	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3567eb6af614dac436c4b16a8d426f9faed639b3 (v4.5-rc1)
 	TODO: check versions
 CVE-2016-2543 [ALSA: seq: Fix missing NULL check at remove_events ioctl]
+	RESERVED
 	- linux 4.4.2-1
 	- linux-2.6 <removed>
 	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=030e2c78d3a91dd0d27fef37e91950dde333eba1 (v4.5-rc1)
 	TODO: check versions
-CVE-2016-2542
+CVE-2016-2542 (Untrusted search path vulnerability in Flexera InstallShield through ...)
 	NOT-FOR-US: Flexera InstallShield
 CVE-2016-2537 (The is-my-json-valid package before 2.12.4 for Node.js has an ...)
 	TODO: check
@@ -91,6 +105,7 @@
 CVE-2016-2512
 	RESERVED
 CVE-2016-2538 [usb: integer overflow in remote NDIS control message handling]
+	RESERVED
 	- qemu <unfixed> (bug #815680)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <no-dsa> (Minor issue)
@@ -108,7 +123,7 @@
 	NOT-FOR-US: NodeJS Hawk
 CVE-2016-2511 [Reflected Cross-Site Scripting]
 	RESERVED
-	{DSA-3490-1}
+	{DSA-3490-1 DLA-428-1}
 	- websvn <removed>
 CVE-2016-2509 (The password-sync feature on Belden Hirschmann Classic Platform ...)
 	NOT-FOR-US: Belden Hirschmann Classic Platform switches
@@ -324,8 +339,7 @@
 	RESERVED
 CVE-2016-2403
 	RESERVED
-CVE-2013-7448 [path traversal vulnerability]
-	RESERVED
+CVE-2013-7448 (Directory traversal vulnerability in wiki.c in didiwiki allows remote ...)
 	{DSA-3485-1 DLA-424-1}
 	- didiwiki 0.5-12 (bug #815111)
 	NOTE: https://github.com/OpenedHand/didiwiki/pull/1/files
@@ -365,6 +379,7 @@
 CVE-2016-2386 (SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE ...)
 	TODO: check
 CVE-2015-8816 [USB hub invalid memory access in hub_activate()]
+	RESERVED
 	- linux 4.4.2-1
 	- linux-2.6 <removed>
 	NOTE: Fixed by: https://git.kernel.org/linus/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea (v4.4-rc6)
@@ -900,6 +915,7 @@
 CVE-2015-8809
 	RESERVED
 CVE-2014-9766 [create_bits(): Cast the result of height * stride to size_t]
+	{DLA-429-1}
 	- pixman 0.32.6-1
 	NOTE: https://lists.freedesktop.org/archives/pixman/2014-April/003244.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=972647
@@ -1261,23 +1277,20 @@
 	RESERVED
 	- libxml2 <unfixed> (bug #813613)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=749115
-CVE-2015-8805 [miscomputation bugs in secp-256r1 modulo functions]
-	RESERVED
+CVE-2015-8805 (The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not ...)
 	- nettle 3.2-1 (bug #813679)
 	[jessie] - nettle <no-dsa> (Minor issue; will be fixed via a point release)
 	[wheezy] - nettle <not-affected> (Vulnerable code not present)
 	[squeeze] - nettle <not-affected> (Vulnerable code not present)
 	NOTE: https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d
-CVE-2015-8804 [Miscalculations on secp384 curve]
-	RESERVED
+CVE-2015-8804 (x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle ...)
 	- nettle 3.2-1 (bug #813679)
 	[jessie] - nettle <no-dsa> (Minor issue; will be fixed via a point release)
 	[wheezy] - nettle <not-affected> (Vulnerable code not present)
 	[squeeze] - nettle <not-affected> (Vulnerable code not present)
 	NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2015/003024.html
 	NOTE: https://git.lysator.liu.se/nettle/nettle/commit/fa269b6ad06dd13c901dbd84a12e52b918a09cd7
-CVE-2015-8803 [secp256 calculation bug]
-	RESERVED
+CVE-2015-8803 (The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not ...)
 	- nettle 3.2-1 (bug #813679)
 	[jessie] - nettle <no-dsa> (Minor issue; will be fixed via a point release)
 	[wheezy] - nettle <not-affected> (Vulnerable code not present)
@@ -3475,8 +3488,7 @@
 	RESERVED
 CVE-2016-1342
 	RESERVED
-CVE-2016-1341
-	RESERVED
+CVE-2016-1341 (Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 ...)
 	NOT-FOR-US: Cisco
 CVE-2016-1340
 	RESERVED
@@ -8221,8 +8233,7 @@
 	TODO: check
 CVE-2015-8278
 	RESERVED
-CVE-2015-8277
-	RESERVED
+CVE-2015-8277 (Multiple buffer overflows in (1) lmgrd and (2) Vendor Daemon in ...)
 	NOT-FOR-US: Flexera FlexNet Publisher
 CVE-2015-8276
 	RESERVED
@@ -16603,7 +16614,7 @@
 	[jessie] - heat <no-dsa> (Minor issue)
 	NOTE: Affects: <=2015.1.2, ==5.0.0
 CVE-2015-5294
-	RESERVED
+	REJECTED
 CVE-2015-5293
 	RESERVED
 	NOT-FOR-US: RHEV

More information about the Secure-testing-commits mailing list