[Secure-testing-commits] r39929 - data/CVE

Thu Feb 25 21:10:12 UTC 2016

Author: sectracker
Date: 2016-02-25 21:10:12 +0000 (Thu, 25 Feb 2016)
New Revision: 39929

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-02-25 18:51:13 UTC (rev 39928)
+++ data/CVE/list	2016-02-25 21:10:12 UTC (rev 39929)
@@ -1,3 +1,17 @@
+CVE-2016-2558
+	RESERVED
+CVE-2016-2557
+	RESERVED
+CVE-2016-2556
+	RESERVED
+CVE-2016-2555
+	RESERVED
+CVE-2016-2553
+	RESERVED
+CVE-2016-2552
+	RESERVED
+CVE-2016-2551
+	RESERVED
 CVE-2016-XXXX [workspace overflow for (*ACCEPT) with deeply nested parentheses -- ZDI-CAN-3542]
 	- pcre3 <unfixed> (bug #815921)
 	- pcre2 <unfixed> (bug #815920)
@@ -672,6 +686,7 @@
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=1c1b8b69982375700d4b011eb89ea48b66dbd5aa
 	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
 CVE-2016-2554 [Stack overflow when decompressing tar archives]
+	RESERVED
 	- php5 5.6.18+dfsg-1
 	- php5.6 5.6.18+dfsg-1
 	- php7.0 7.0.3-1
@@ -986,6 +1001,7 @@
 CVE-2015-8809
 	RESERVED
 CVE-2014-9766 [create_bits(): Cast the result of height * stride to size_t]
+	RESERVED
 	{DLA-429-1}
 	- pixman 0.32.6-1
 	NOTE: https://lists.freedesktop.org/archives/pixman/2014-April/003244.html
@@ -4395,7 +4411,7 @@
 CVE-2015-8689
 	RESERVED
 CVE-2015-8688 (Gajim before 0.16.5 allows remote attackers to modify the roster and ...)
-	{DLA-413-1}
+	{DSA-3492-1 DLA-413-1}
 	- gajim 0.16.5-0.1 (bug #809900)
 	NOTE: http://gultsch.de/gajim_roster_push_and_message_interception.html
 	NOTE: https://trac.gajim.org/changeset/af78b7c068904d78c5dfb802826aae99f26a8947/
@@ -5522,7 +5538,7 @@
 	NOTE: https://rhn.redhat.com/errata/RHSA-2016-0103.html
 	NOTE: The upstream fix for 3.16 was correct, but wheezy had a incomplete backport
 CVE-2016-0773 (PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, ...)
-	{DSA-3476-1 DSA-3475-1}
+	{DSA-3476-1 DSA-3475-1 DLA-432-1}
 	- postgresql-9.5 9.5.1-1
 	- postgresql-9.4 <unfixed>
 	- postgresql-9.1 <removed>
@@ -5550,8 +5566,7 @@
 	RESERVED
 CVE-2016-0764
 	RESERVED
-CVE-2016-0763
-	RESERVED
+CVE-2016-0763 (The setGlobalContext method in ...)
 	- tomcat9 <itp> (bug #802312)
 	- tomcat8 8.0.32-1
 	- tomcat7 7.0.68-1
@@ -5685,6 +5700,7 @@
 	RESERVED
 CVE-2016-0729 [Apache Xerces-C XML Parser Crashes on Malformed Input]
 	RESERVED
+	{DSA-3493-1 DLA-433-1}
 	- xerces-c <unfixed> (bug #815907)
 	NOTE: http://xerces.apache.org/xerces-c/secadv/CVE-2016-0729.txt
 	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1727978
@@ -5733,8 +5749,7 @@
 	REJECTED
 CVE-2016-0715
 	RESERVED
-CVE-2016-0714
-	RESERVED
+CVE-2016-0714 (The session-persistence implementation in Apache Tomcat 6.x before ...)
 	- tomcat9 <itp> (bug #802312)
 	- tomcat8 8.0.32-1
 	- tomcat7 7.0.68-1
@@ -5754,8 +5769,7 @@
 	RESERVED
 CVE-2016-0707
 	RESERVED
-CVE-2016-0706
-	RESERVED
+CVE-2016-0706 (Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, ...)
 	- tomcat9 <itp> (bug #802312)
 	- tomcat8 8.0.32-1
 	- tomcat7 7.0.68-1
@@ -16457,8 +16471,7 @@
 	NOT-FOR-US: Novius OS
 CVE-2015-5353 (Directory traversal vulnerability in Novius OS 5.0.1 (Elche) allows ...)
 	NOT-FOR-US: Novius OS
-CVE-2015-5351
-	RESERVED
+CVE-2015-5351 (The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x ...)
 	- tomcat9 <itp> (bug #802312)
 	- tomcat8 8.0.32-1
 	- tomcat7 7.0.68-1
@@ -16473,15 +16486,13 @@
 	NOT-FOR-US: Apache Camel
 CVE-2015-5347
 	RESERVED
-CVE-2015-5346
-	RESERVED
+CVE-2015-5346 (Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x ...)
 	- tomcat9 <itp> (bug #802312)
 	- tomcat8 8.0.30-1
 	- tomcat7 7.0.68-1
 	- tomcat6 <undetermined>
 	NOTE: Fixed in 7.0.67, 8.0.30, 9.0.0.M3
-CVE-2015-5345
-	RESERVED
+CVE-2015-5345 (The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before ...)
 	- tomcat9 <itp> (bug #802312)
 	- tomcat8 8.0.30-1
 	- tomcat7 7.0.68-1
@@ -17186,8 +17197,7 @@
 CVE-2015-5175
 	RESERVED
 	NOT-FOR-US: Apache CXF Fediz
-CVE-2015-5174
-	RESERVED
+CVE-2015-5174 (Directory traversal vulnerability in RequestUtil.java in Apache Tomcat ...)
 	- tomcat8 8.0.28-1
 	- tomcat7 7.0.68-1
 	- tomcat6 <unfixed>
@@ -21600,7 +21610,7 @@
 CVE-2015-3592
 	RESERVED
 CVE-2015-3591
-	RESERVED
+	REJECTED
 CVE-2015-3590
 	RESERVED
 CVE-2015-3589
@@ -28259,6 +28269,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/13
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e1db19db5d6b9e4e83021595eab0dc8f107bef (v3.6-rc5)
 CVE-2012-6687 (FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause ...)
+	{DLA-431-1 DLA-430-1}
 	- libfcgi 2.4.0-8.3 (bug #681591)
 	[wheezy] - libfcgi 2.4.0-8.1+deb7u1
 	- libfcgi-perl <unfixed> (bug #815840)


