[Secure-testing-commits] r39964 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Feb 26 22:45:39 UTC 2016
Author: jmm
Date: 2016-02-26 22:45:38 +0000 (Fri, 26 Feb 2016)
New Revision: 39964
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-02-26 21:24:23 UTC (rev 39963)
+++ data/CVE/list 2016-02-26 22:45:38 UTC (rev 39964)
@@ -169,49 +169,42 @@
- linux 4.4.2-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2ba1fe7a06d3624f9a7586d672b55f08f7c670f3 (v4.5-rc1)
- TODO: check versions
CVE-2016-2548
RESERVED
- linux 4.4.2-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d (v4.5-rc1)
- TODO: check versions
CVE-2016-2547
RESERVED
- linux 4.4.2-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d (v4.5-rc1)
- TODO: check versions
CVE-2016-2546 [ALSA: timer: Fix race among timer ioctls]
RESERVED
- linux 4.4.2-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af368027a49a751d6ff4ee9e3f9961f35bb4fede (v4.5-rc1)
- TODO: check versions
CVE-2016-2545 [ALSA: timer: Fix double unlink of active_list]
RESERVED
- linux 4.4.2-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee8413b01045c74340aa13ad5bdf905de32be736 (v4.5-rc1)
- TODO: check versions
CVE-2016-2544 [ALSA: seq: Fix race at timer setup and close]
RESERVED
- linux 4.4.2-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3567eb6af614dac436c4b16a8d426f9faed639b3 (v4.5-rc1)
- TODO: check versions
CVE-2016-2543 [ALSA: seq: Fix missing NULL check at remove_events ioctl]
RESERVED
- linux 4.4.2-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=030e2c78d3a91dd0d27fef37e91950dde333eba1 (v4.5-rc1)
- TODO: check versions
CVE-2016-2542 (Untrusted search path vulnerability in Flexera InstallShield through ...)
NOT-FOR-US: Flexera InstallShield
CVE-2016-2537 (The is-my-json-valid package before 2.12.4 for Node.js has an ...)
TODO: check
CVE-2016-2536 (Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2016-2535
RESERVED
CVE-2016-2534
@@ -513,9 +506,9 @@
CVE-2016-2398 (Comcast XFINITY Home Security System does not properly maintain ...)
TODO: check
CVE-2016-2397 (The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2016-2396 (The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2016-2395
RESERVED
CVE-2016-2394
@@ -523,19 +516,18 @@
CVE-2016-2393
RESERVED
CVE-2016-2389 (Directory traversal vulnerability in the Manufacturing Integration and ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2016-2388 (The Universal Worklist Configuration in SAP NetWeaver 7.4 allows ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2016-2387 (Cross-site scripting (XSS) vulnerability in the Java Proxy Runtime ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2016-2386 (SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2015-8816 [USB hub invalid memory access in hub_activate()]
RESERVED
- linux 4.4.2-1
- linux-2.6 <removed>
NOTE: Fixed by: https://git.kernel.org/linus/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea (v4.4-rc6)
- TODO: check other versions
CVE-2015-8815
RESERVED
CVE-2015-8814
@@ -833,7 +825,7 @@
CVE-2016-2315
RESERVED
CVE-2016-2314 (GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2016-2318
RESERVED
- graphicsmagick <unfixed> (bug #814732)
@@ -915,7 +907,7 @@
CVE-2016-2276
RESERVED
CVE-2016-2275 (The web interface on Advantech/B+B SmartWorx VESP211-EU devices with ...)
- TODO: check
+ NOT-FOR-US: SmartWorx
CVE-2016-2274
RESERVED
CVE-2016-2273
@@ -926,16 +918,14 @@
- xen <unfixed>
[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-170.html
- TODO: check
CVE-2016-2270 (Xen 4.6.x and earlier allows local guest administrators to cause a ...)
- xen <unfixed>
[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-154.html
- TODO: check
CVE-2016-2269
RESERVED
CVE-2016-2268 (Dell SecureWorks app before 2.1 for iOS does not validate SSL ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2016-2267
RESERVED
CVE-2016-2266
@@ -997,7 +987,6 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1303532
NOTE: Fixed by: https://git.kernel.org/linus/67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3 (v4.5-rc1)
NOTE: Introduced by: https://git.kernel.org/linus/04b5d028f50ff05a8f9ae049ee71f8fdfcf1f5de (v2.6.30-rc2)
- TODO: check versions
CVE-2016-2313 [Authentication using web authentication as a user not in the cacti database allows complete access]
RESERVED
- cacti <unfixed> (bug #814353)
@@ -1052,9 +1041,9 @@
CVE-2016-2233
RESERVED
CVE-2016-2231 (The Windows-based Host Interface Program (WHIP) service on Huawei ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2016-2230 (OpenELEC and RasPlex devices have a hardcoded password for the root ...)
- TODO: check
+ NOT-FOR-US: OpenELEC/ResPlex
CVE-2016-2229
RESERVED
CVE-2016-2227
@@ -21955,6 +21944,7 @@
CVE-2015-3905 (Buffer overflow in the set_cs_start function in t1disasm.c in t1utils ...)
{DLA-256-1}
- t1utils 1.38-4 (bug #779274)
+ [wheezy] - t1utils <no-dsa> (Minor issue)
NOTE: https://github.com/kohler/t1utils/issues/4
NOTE: http://www.openwall.com/lists/oss-security/2015/05/13/9
CVE-2015-XXXX [crashes on crafted upack packed file]
More information about the Secure-testing-commits
mailing list