[Secure-testing-commits] r39072 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Jan 21 21:41:50 UTC 2016


Author: carnil
Date: 2016-01-21 21:41:50 +0000 (Thu, 21 Jan 2016)
New Revision: 39072

Modified:
   data/CVE/list
Log:
More ntp CVEs added

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-01-21 21:36:05 UTC (rev 39071)
+++ data/CVE/list	2016-01-21 21:41:50 UTC (rev 39072)
@@ -6346,8 +6346,12 @@
 	RESERVED
 CVE-2015-8159
 	RESERVED
-CVE-2015-8158
+CVE-2015-8158 [Potential Infinite Loop in ntpq]
 	RESERVED
+	- ntp <unfixed>
+	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
+	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2948
+	TODO: check
 CVE-2015-8157
 	RESERVED
 CVE-2015-8156
@@ -6900,20 +6904,48 @@
 	- linux-2.6 <removed>
 	NOTE: https://lkml.org/lkml/2015/10/16/530
 	NOTE: http://www.openwall.com/lists/oss-security/2015/10/27/5
-CVE-2015-7979
+CVE-2015-7979 [Off-path Denial of Service (DoS) attack on authenticated broadcast mode]
 	RESERVED
-CVE-2015-7978
+	- ntp <unfixed>
+	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
+	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2942
+	TODO: check
+CVE-2015-7978 [Stack exhaustion in recursive traversal of restriction list]
 	RESERVED
-CVE-2015-7977
+	- ntp <unfixed>
+	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
+	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2940
+	TODO: check
+CVE-2015-7977 [reslist NULL pointer dereference]
 	RESERVED
-CVE-2015-7976
+	- ntp <unfixed>
+	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
+	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2939
+	TODO: check
+CVE-2015-7976 [ntpq saveconfig command allows dangerous characters in filenames]
 	RESERVED
-CVE-2015-7975
+	- ntp <unfixed>
+	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
+	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2938
+	TODO: check
+CVE-2015-7975 [nextvar() missing length check]
 	RESERVED
-CVE-2015-7974
+	- ntp <unfixed>
+	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
+	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2937
+	TODO: check
+CVE-2015-7974 [Skeleton Key: Missing key check allows impersonation between authenticated peers]
 	RESERVED
-CVE-2015-7973
+	- ntp <unfixed>
+	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
+	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2936
+	TODO: check
+CVE-2015-7973 [Deja Vu: Replay attack on authenticated broadcast mode]
 	RESERVED
+	- ntp <unfixed>
+	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
+	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2935
+	TODO: check
 CVE-2015-7972 (The (1) libxl_set_memory_target function in tools/libxl/libxl.c and ...)
 	{DSA-3414-1}
 	- xen 4.6.0-1




More information about the Secure-testing-commits mailing list