[Secure-testing-commits] r39166 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Jan 25 21:10:18 UTC 2016
Author: sectracker
Date: 2016-01-25 21:10:18 +0000 (Mon, 25 Jan 2016)
New Revision: 39166
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-25 20:24:38 UTC (rev 39165)
+++ data/CVE/list 2016-01-25 21:10:18 UTC (rev 39166)
@@ -1,3 +1,61 @@
+CVE-2016-2068
+ RESERVED
+CVE-2016-2067
+ RESERVED
+CVE-2016-2066
+ RESERVED
+CVE-2016-2065
+ RESERVED
+CVE-2016-2064
+ RESERVED
+CVE-2016-2063
+ RESERVED
+CVE-2016-2062
+ RESERVED
+CVE-2016-2061
+ RESERVED
+CVE-2016-2060
+ RESERVED
+CVE-2016-2059
+ RESERVED
+CVE-2016-2058
+ RESERVED
+CVE-2016-2057
+ RESERVED
+CVE-2016-2056
+ RESERVED
+CVE-2016-2055
+ RESERVED
+CVE-2016-2054
+ RESERVED
+CVE-2016-2052 (Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used ...)
+ TODO: check
+CVE-2016-2051 (Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, ...)
+ TODO: check
+CVE-2016-2048
+ RESERVED
+CVE-2016-2046
+ RESERVED
+CVE-2016-2045
+ RESERVED
+CVE-2016-2044
+ RESERVED
+CVE-2016-2043
+ RESERVED
+CVE-2016-2042
+ RESERVED
+CVE-2016-2041
+ RESERVED
+CVE-2016-2040
+ RESERVED
+CVE-2016-2039
+ RESERVED
+CVE-2016-2038
+ RESERVED
+CVE-2016-2036
+ RESERVED
+CVE-2015-8780
+ RESERVED
CVE-2016-XXXX [x86 Linux TLB flush bug]
- linux <unfixed>
- linux-2.6 <removed>
@@ -5,26 +63,31 @@
NOTE: https://git.kernel.org/linus/71b3c126e61177eb693423f2e18a1914205b165e (v4.5-rc1)
NOTE: https://git.kernel.org/linux/4eaffdd5a5fe6ff9f95e1ab4de1ac904d5e0fa8b (v4.5-rc1)
CVE-2016-2053 [Denial of service with specially crafted key file]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1300237
TODO: check versions
CVE-2015-8783 [other out-of-bounds reads]
+ RESERVED
- tiff 4.0.6-1
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522
NOTE: Commit: https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/3
CVE-2015-8782 [other out-of-bounds writes]
+ RESERVED
- tiff 4.0.6-1
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522
NOTE: Commit: https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/3
CVE-2015-8781 [an outof bounds write at tif_luv.c:208]
+ RESERVED
- tiff 4.0.6-1
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522#0
NOTE: Commit: https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/3
CVE-2015-8784 [potential out-of-bound write in NeXTDecode()]
+ RESERVED
- tiff 4.0.6-1
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2508
NOTE: Can be reproduced with tiff compiled with AddressSanitizer
@@ -35,10 +98,13 @@
- node-cli <unfixed> (bug #809252)
[jessie] - node-cli <no-dsa> (Minor issue)
CVE-2016-2049 [php-openid: host based account hijack attack]
+ RESERVED
- php-openid <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/2
TODO: check
CVE-2016-2047 [ssl-validate-cert incorrect hostname check]
+ RESERVED
+ {DSA-3453-1}
- mariadb-10.0 10.0.23-1
NOTE: https://mariadb.atlassian.net/browse/MDEV-9212
NOTE: https://github.com/MariaDB/server/commit/f0d774d48416bb06063184380b684380ca005a41
@@ -317,9 +383,11 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1298570
NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/10
CVE-2016-2037 [out-of-bounds write with cpio 2.11]
+ RESERVED
- cpio <unfixed> (bug #812401)
NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/4
CVE-2016-2050 [out of bound write in libdwarf -20151114]
+ RESERVED
- dwarfutils <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/9
TODO: check
@@ -1002,48 +1070,39 @@
RESERVED
CVE-2016-1621
RESERVED
-CVE-2016-1620
- RESERVED
+CVE-2016-1620 (Multiple unspecified vulnerabilities in Google Chrome before ...)
- chromium-browser 48.0.2564.82-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
-CVE-2016-1619
- RESERVED
+CVE-2016-1619 (Multiple integer overflows in the (1) sycc422_to_rgb and (2) ...)
- chromium-browser 48.0.2564.82-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
-CVE-2016-1618
- RESERVED
+CVE-2016-1618 (Blink, as used in Google Chrome before 48.0.2564.82, does not ensure ...)
- chromium-browser 48.0.2564.82-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
-CVE-2016-1617
- RESERVED
+CVE-2016-1617 (The CSPSource::schemeMatches function in ...)
- chromium-browser 48.0.2564.82-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
-CVE-2016-1616
- RESERVED
+CVE-2016-1616 (The CustomButton::AcceleratorPressed function in ...)
- chromium-browser 48.0.2564.82-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
-CVE-2016-1615
- RESERVED
+CVE-2016-1615 (The Omnibox implementation in Google Chrome before 48.0.2564.82 allows ...)
- chromium-browser 48.0.2564.82-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
-CVE-2016-1614
- RESERVED
+CVE-2016-1614 (The UnacceleratedImageBufferSurface class in ...)
- chromium-browser 48.0.2564.82-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
-CVE-2016-1613
- RESERVED
+CVE-2016-1613 (Multiple use-after-free vulnerabilities in the formfiller ...)
- chromium-browser 48.0.2564.82-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
-CVE-2016-1612
- RESERVED
+CVE-2016-1612 (The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in ...)
- chromium-browser 48.0.2564.82-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
@@ -1125,20 +1184,17 @@
RESERVED
CVE-2016-1573
RESERVED
-CVE-2016-1572 [privilege escalation by overmounting /proc/$pid]
- RESERVED
+CVE-2016-1572 (mount.ecryptfs_private.c in eCryptfs-utils does not validate mount ...)
{DSA-3450-1 DLA-397-1}
- ecryptfs-utils 106-2
NOTE: https://bugs.launchpad.net/ecryptfs/+bug/1530566
NOTE: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/870
-CVE-2016-1571 [VMX: intercept issue with INVLPG on non-canonical address]
- RESERVED
+CVE-2016-1571 (The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x ...)
- xen <unfixed>
[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-168.html
TODO: check
-CVE-2016-1570 [PV superpage functionality missing sanity checks]
- RESERVED
+CVE-2016-1570 (The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, ...)
- xen <unfixed>
[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-167.html
@@ -2128,14 +2184,17 @@
NOTE: https://github.com/htacg/tidy-html5/issues/341
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/03/4
CVE-2014-9764 [Fix segfault when opening input/queue/id:000007,src:000000,op:flip1,pos:51 with feh]
+ RESERVED
{DLA-401-1}
- imlib2 1.4.7-1
NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?h=v1.4.7&id=1f9b0b32728803a1578e658cd0955df773e34f49
CVE-2014-9763 [Prevent division-by-zero crashes]
+ RESERVED
{DLA-401-1}
- imlib2 1.4.7-1
NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?h=v1.4.7&id=c21beaf1780cf3ca291735ae7d58a3dde63277a2
CVE-2014-9762 GIF loader: Fix segv on images without colormap]
+ RESERVED
{DLA-401-1}
- imlib2 1.4.7-1
NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?h=v1.4.7&id=39641e74a560982fbf93f29bf96b37d27803cb56
@@ -3977,6 +4036,7 @@
- qemu <not-affected> (Issue specific to virtfs-proxy-helper in Gentoo installed suid)
NOTE: http://www.openwall.com/lists/oss-security/2015/12/14/5
CVE-2015-8785 [fuse: possible denial of service in fuse_fill_write_pages()]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3ca8138f014a913f98e6ef40e939868e1e9ea876 (v4.4-rc5)
@@ -4180,6 +4240,7 @@
CVE-2016-0617
RESERVED
CVE-2016-0616 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows ...)
+ {DSA-3453-1}
- mysql-5.6 <not-affected> (Only affects MySQL 5.5)
- mysql-5.5 <unfixed> (bug #811428)
- mariadb-10.0 10.0.23-1
@@ -4203,11 +4264,13 @@
[jessie] - mariadb-10.0 10.0.22-0+deb8u1
NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0609 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 ...)
+ {DSA-3453-1}
- mysql-5.6 5.6.28-1 (bug #811443)
- mysql-5.5 <unfixed> (bug #811428)
- mariadb-10.0 10.0.23-1
NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0608 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 ...)
+ {DSA-3453-1}
- mysql-5.6 5.6.28-1 (bug #811443)
- mysql-5.5 <unfixed> (bug #811428)
- mariadb-10.0 10.0.23-1
@@ -4217,6 +4280,7 @@
- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0606 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 ...)
+ {DSA-3453-1}
- mysql-5.6 5.6.28-1 (bug #811443)
- mysql-5.5 <unfixed> (bug #811428)
- mariadb-10.0 10.0.23-1
@@ -4237,6 +4301,7 @@
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0600 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 ...)
+ {DSA-3453-1}
- mysql-5.6 5.6.28-1 (bug #811443)
- mysql-5.5 <unfixed> (bug #811428)
- mariadb-10.0 10.0.23-1
@@ -4246,16 +4311,19 @@
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0598 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 ...)
+ {DSA-3453-1}
- mysql-5.6 5.6.28-1 (bug #811443)
- mysql-5.5 <unfixed> (bug #811428)
- mariadb-10.0 10.0.23-1
NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0597 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 ...)
+ {DSA-3453-1}
- mysql-5.6 5.6.28-1 (bug #811443)
- mysql-5.5 <unfixed> (bug #811428)
- mariadb-10.0 10.0.23-1
NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0596 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and ...)
+ {DSA-3453-1}
- mysql-5.6 5.6.28-1 (bug #811443)
- mysql-5.5 <unfixed> (bug #811428)
- mariadb-10.0 10.0.23-1
@@ -4365,6 +4433,7 @@
CVE-2016-0547 (Unspecified vulnerability in the Oracle E-Business Intelligence ...)
TODO: check
CVE-2016-0546 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 ...)
+ {DSA-3453-1}
- mysql-5.6 5.6.28-1 (bug #811443)
- mysql-5.5 <unfixed> (bug #811428)
- mariadb-10.0 10.0.23-1
@@ -4450,6 +4519,7 @@
CVE-2016-0506 (Unspecified vulnerability in the Oracle Retail Order Management System ...)
TODO: check
CVE-2016-0505 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 ...)
+ {DSA-3453-1}
- mysql-5.6 5.6.28-1 (bug #811443)
- mysql-5.5 <unfixed> (bug #811428)
- mariadb-10.0 10.0.23-1
@@ -7856,8 +7926,7 @@
RESERVED
CVE-2015-7745
RESERVED
-CVE-2015-7744
- RESERVED
+CVE-2015-7744 (wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults ...)
- mysql-5.6 5.6.27-1
- mysql-5.5 5.5.46-0+deb8u1
[jessie] - mysql-5.5 5.5.46-0+deb8u1
@@ -7995,6 +8064,7 @@
[wheezy] - gummi <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/10/08/4
CVE-2008-7316
+ RESERVED
- linux <not-affected> (Issue fixed before the src:linux-2.6 rename)
- linux-2.6 2.6.25-1
NOTE: https://git.kernel.org/linus/124d3b7041f9a0ca7c43a6293e1cae4576c32fd5 (v2.6.25-rc1)
@@ -8853,8 +8923,7 @@
NOT-FOR-US: IBM
CVE-2015-7418
RESERVED
-CVE-2015-7417
- RESERVED
+CVE-2015-7417 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2015-7416 (AFP Workbench Viewer in IBM i Access 7.1 on Windows allows remote ...)
TODO: check
@@ -10064,8 +10133,7 @@
NOT-FOR-US: CubeCart
CVE-2015-6926
RESERVED
-CVE-2015-6925 [DoS and DoS amplification]
- RESERVED
+CVE-2015-6925 (wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to ...)
- wolfssl <unfixed> (bug #801120)
CVE-2015-6924
RESERVED
@@ -11673,8 +11741,7 @@
RESERVED
CVE-2015-6318 (Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 ...)
NOT-FOR-US: Cisco
-CVE-2015-6317
- RESERVED
+CVE-2015-6317 (Cisco Identity Services Engine (ISE) before 2.0 allows remote ...)
NOT-FOR-US: Cisco
CVE-2015-6316 (The default configuration of sshd_config in Cisco Mobility Services ...)
NOT-FOR-US: Cisco
@@ -12273,12 +12340,12 @@
TODO: check
CVE-2015-6016 (ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), ...)
TODO: check
-CVE-2015-6015
- RESERVED
-CVE-2015-6014
- RESERVED
-CVE-2015-6013
- RESERVED
+CVE-2015-6015 (Unspecified vulnerability in the Oracle Outside In Technology ...)
+ TODO: check
+CVE-2015-6014 (Unspecified vulnerability in the Oracle Outside In Technology ...)
+ TODO: check
+CVE-2015-6013 (Unspecified vulnerability in the Oracle Outside In Technology ...)
+ TODO: check
CVE-2015-6012 (Multiple open redirect vulnerabilities in Web Reference Database (aka ...)
NOT-FOR-US: Web Reference Database (aka refbase)
CVE-2015-6011 (Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge ...)
More information about the Secure-testing-commits
mailing list