[Secure-testing-commits] r39976 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Sat Feb 27 08:03:21 UTC 2016 

Author: jmm
Date: 2016-02-27 08:03:20 +0000 (Sat, 27 Feb 2016)
New Revision: 39976

Modified:
   data/CVE/list
Log:
NFUs
new libv8 issue
mark CAIN issue as unimportant, with the current design it's
  a limitation which won't get fixed and for anyone concerned
  a workaround is available


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-02-27 07:41:17 UTC (rev 39975)
+++ data/CVE/list	2016-02-27 08:03:20 UTC (rev 39976)
@@ -1145,9 +1145,9 @@
 CVE-2016-2202
 	RESERVED
 CVE-2016-2201 (Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote ...)
-	TODO: check
+	NOTE: Siemens SIMATIC
 CVE-2016-2200 (Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote ...)
-	TODO: check
+	NOTE: Siemens SIMATIC
 CVE-2015-8802
 	RESERVED
 CVE-2015-8801
@@ -1640,9 +1640,9 @@
 CVE-2016-2074
 	RESERVED
 CVE-2016-2072 (The Administrative Web Interface in Citrix NetScaler Application ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2016-2071 (Citrix NetScaler Application Delivery Controller (ADC) and NetScaler ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2015-8787 (The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c ...)
 	- linux 4.3.5-1
 	[jessie] - linux <not-affected> (Vulnerable code introduced in v3.19-rc1)
@@ -1718,7 +1718,8 @@
 CVE-2016-2052 (Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used ...)
 	TODO: check
 CVE-2016-2051 (Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, ...)
-	TODO: check
+	- libv8 <unfixed> (unimportant)
+	NOTE: libv8 not covered by security support
 CVE-2016-2048 (Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, ...)
 	- python-django 1.9.2-1 (bug #813448)
 	[jessie] - python-django <not-affected> (Only affects 1.9)
@@ -1926,7 +1927,7 @@
 CVE-2016-1987 (HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state ...)
 	NOT-FOR-US: HP-UX IPFilter
 CVE-2016-1986 (HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: HP CDA
 CVE-2016-1985 (HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers ...)
 	NOT-FOR-US: HPE Operations Manager
 CVE-2016-1984 (The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices ...)
@@ -2104,9 +2105,9 @@
 	[squeeze] - icedove <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
 CVE-2016-1929 (The XS engine in SAP HANA allows remote attackers to spoof log entries ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2016-1928 (Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2016-1927 (The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x ...)
 	- phpmyadmin 4:4.5.4-1
 	[squeeze] - phpmyadmin <no-dsa> (minor issue)
@@ -2154,9 +2155,9 @@
 	[jessie] - dolibarr <no-dsa> (Minor issue)
 	NOTE: https://github.com/Dolibarr/dolibarr/issues/4341
 CVE-2016-1911 (Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2016-1910 (The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2016-1909 (FortiOS 4.x before 4.3.17 and 5.0.x before 5.0.8 has a hardcoded ...)
 	TODO: check
 CVE-2015-8775
@@ -2164,9 +2165,9 @@
 CVE-2015-8774
 	RESERVED
 CVE-2015-8773 (Stack-based buffer overflow in McPvDrv.sys 4.6.111.0 in McAfee File ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2015-8772 (McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2016-1981 [net: e1000 infinite loop in start_xmit and e1000_receive_iov routines]
 	RESERVED
 	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
@@ -2594,35 +2595,35 @@
 CVE-2016-1731
 	RESERVED
 CVE-2016-1730 (WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2016-1729 (Untrusted search path vulnerability in OSA Scripts in Apple OS X ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-1728 (The Cascading Style Sheets (CSS) implementation in Apple iOS before ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2016-1727 (WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2016-1726 (WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2016-1725 (WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2016-1724 (WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2016-1723 (WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2016-1722 (syslog in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2016-1721 (The kernel in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2016-1720 (IOKit in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2016-1719 (The IOHIDFamily API in Apple iOS before 9.2.1, OS X before 10.11.3, ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2016-1718 (The IOAcceleratorFamily2 interface in IOAcceleratorFamily in Apple OS ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2016-1717 (The Disk Images component in Apple iOS before 9.2.1, OS X before ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-1716 (AppleGraphicsPowerManagement in Apple OS X before 10.11.3 allows local ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2016-1908 [Eliminate the fallback from untrusted X11-forwarding to trusted forwarding for cases when the X server disables the SECURITY extension]
 	RESERVED
 	- openssh <unfixed>
@@ -23857,12 +23858,11 @@
 	RESERVED
 CVE-2015-2877 [Cross-VM ASL INtrospection (CAIN)]
 	RESERVED
-	- linux <unfixed>
-	- linux-2.6 <removed>
-	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
+	- linux <unfixed> (unimportant)
+	- linux-2.6 <removed> (unimportant)
 	NOTE: https://www.usenix.org/conference/woot15/workshop-program/presentation/barresi
 	NOTE: http://www.antoniobarresi.com/security/cloud/2015/07/30/cain/
-	TODO: check closer the referenced advisories
+	NOTE: Architectual limitation, workaround exists
 CVE-2015-2876 (Unrestricted file upload vulnerability on Seagate GoFlex Satellite, ...)
 	NOT-FOR-US: Seagate GoFlex
 CVE-2015-2875 (Absolute path traversal vulnerability on Seagate GoFlex Satellite, ...)

More information about the Secure-testing-commits mailing list