[Secure-testing-commits] r39244 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Wed Jan 27 21:10:23 UTC 2016 

Author: sectracker
Date: 2016-01-27 21:10:23 +0000 (Wed, 27 Jan 2016)
New Revision: 39244

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-01-27 20:55:01 UTC (rev 39243)
+++ data/CVE/list	2016-01-27 21:10:23 UTC (rev 39244)
@@ -1,3 +1,31 @@
+CVE-2016-2085
+	RESERVED
+CVE-2016-2084
+	RESERVED
+CVE-2016-2083
+	RESERVED
+CVE-2016-2082
+	RESERVED
+CVE-2016-2081
+	RESERVED
+CVE-2016-2080
+	RESERVED
+CVE-2016-2079
+	RESERVED
+CVE-2016-2078
+	RESERVED
+CVE-2016-2077
+	RESERVED
+CVE-2016-2076
+	RESERVED
+CVE-2016-2075
+	RESERVED
+CVE-2016-2074
+	RESERVED
+CVE-2016-2072
+	RESERVED
+CVE-2016-2071
+	RESERVED
 CVE-2015-8787 [Missing NULL pointer check in nf_nat_redirect_ipv4]
 	- linux <unfixed>
 	[jessie] - linux <not-affected> (Vulnerable code introduced in v3.19-rc1)
@@ -19,6 +47,7 @@
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/26/5
 	NOTE: http://sourceforge.net/p/giflib/code/ci/4cc68b315ff9a378aef6664e1be6b2144ad4a5e6/
 CVE-2016-2073 [Out-of-bounds Read in the libxml2's htmlParseNameComplex() function]
+	RESERVED
 	- libxml2 <unfixed> (bug #812807)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/25/6
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/26/8 has details
@@ -394,6 +423,7 @@
 	RESERVED
 CVE-2016-1935 [Buffer overflow in WebGL after out of memory allocation]
 	RESERVED
+	{DSA-3457-1}
 	- iceweasel 44.0-1
 	[squeeze] - iceweasel <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-03/
@@ -417,6 +447,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
 CVE-2016-1930 [Miscellaneous memory safety hazards]
 	RESERVED
+	{DSA-3457-1}
 	- iceweasel 44.0-1
 	[squeeze] - iceweasel <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
@@ -445,8 +476,8 @@
 	NOTE: workaround entry for DLA-399-1 until/if CVE assigned
 	NOTE: https://bugs.linuxfoundation.org/show_bug.cgi?id=1336
 	NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7431
-CVE-2016-1926
-	RESERVED
+CVE-2016-1926 (Cross-site scripting (XSS) vulnerability in the charts module in ...)
+	TODO: check
 CVE-2016-1921
 	RESERVED
 CVE-2016-1918
@@ -557,8 +588,8 @@
 CVE-2016-1899 (CRLF injection vulnerability in the ui-blob handler in CGit before ...)
 	- cgit <unfixed> (bug #812411)
 	NOTE: http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96 (v0.12)
-CVE-2016-1896
-	RESERVED
+CVE-2016-1896 (Race condition in the initialization process on Lexmark printers with ...)
+	TODO: check
 CVE-2016-1895
 	RESERVED
 CVE-2016-1894
@@ -1181,38 +1212,47 @@
 CVE-2016-1621
 	RESERVED
 CVE-2016-1620 (Multiple unspecified vulnerabilities in Google Chrome before ...)
+	{DSA-3456-1}
 	- chromium-browser 48.0.2564.82-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
 CVE-2016-1619 (Multiple integer overflows in the (1) sycc422_to_rgb and (2) ...)
+	{DSA-3456-1}
 	- chromium-browser 48.0.2564.82-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
 CVE-2016-1618 (Blink, as used in Google Chrome before 48.0.2564.82, does not ensure ...)
+	{DSA-3456-1}
 	- chromium-browser 48.0.2564.82-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
 CVE-2016-1617 (The CSPSource::schemeMatches function in ...)
+	{DSA-3456-1}
 	- chromium-browser 48.0.2564.82-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
 CVE-2016-1616 (The CustomButton::AcceleratorPressed function in ...)
+	{DSA-3456-1}
 	- chromium-browser 48.0.2564.82-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
 CVE-2016-1615 (The Omnibox implementation in Google Chrome before 48.0.2564.82 allows ...)
+	{DSA-3456-1}
 	- chromium-browser 48.0.2564.82-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
 CVE-2016-1614 (The UnacceleratedImageBufferSurface class in ...)
+	{DSA-3456-1}
 	- chromium-browser 48.0.2564.82-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
 CVE-2016-1613 (Multiple use-after-free vulnerabilities in the formfiller ...)
+	{DSA-3456-1}
 	- chromium-browser 48.0.2564.82-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
 CVE-2016-1612 (The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in ...)
+	{DSA-3456-1}
 	- chromium-browser 48.0.2564.82-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
@@ -1309,8 +1349,8 @@
 	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
 	NOTE: http://xenbits.xen.org/xsa/advisory-167.html
 	TODO: check
-CVE-2016-1567
-	RESERVED
+CVE-2016-1567 (chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer ...)
+	TODO: check
 CVE-2016-1566
 	RESERVED
 CVE-2016-1565 (Cross-site scripting (XSS) vulnerability in the Field Group module ...)
@@ -1561,14 +1601,14 @@
 	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-001
 CVE-2016-1493
 	RESERVED
-CVE-2016-1492
-	RESERVED
-CVE-2016-1491
-	RESERVED
-CVE-2016-1490
-	RESERVED
-CVE-2016-1489
-	RESERVED
+CVE-2016-1492 (The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when ...)
+	TODO: check
+CVE-2016-1491 (The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when ...)
+	TODO: check
+CVE-2016-1490 (The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows ...)
+	TODO: check
+CVE-2016-1489 (Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww ...)
+	TODO: check
 CVE-2016-1488
 	RESERVED
 CVE-2016-1487
@@ -2459,8 +2499,7 @@
 	RESERVED
 CVE-2016-1234
 	RESERVED
-CVE-2016-1233
-	RESERVED
+CVE-2016-1233 (An unspecified udev rule in the Debian fuse package in jessie before ...)
 	{DSA-3451-1}
 	- fuse 2.9.5-1
 	[wheezy] - fuse <not-affected> (Problematic permissions via udev rule not set)
@@ -3583,8 +3622,8 @@
 	RESERVED
 CVE-2016-0870
 	RESERVED
-CVE-2016-0869
-	RESERVED
+CVE-2016-0869 (Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows ...)
+	TODO: check
 CVE-2016-0868
 	RESERVED
 CVE-2016-0867
@@ -3817,6 +3856,7 @@
 	RESERVED
 CVE-2016-0755 [NTLM credentials not-checked for proxy connection re-use]
 	RESERVED
+	{DSA-3455-1}
 	- curl 7.47.0-1
 	[wheezy] - curl <no-dsa> (Too intrusive to backport)
 	NOTE: http://curl.haxx.se/docs/adv_20160127A.html
@@ -3879,6 +3919,7 @@
 	RESERVED
 CVE-2016-0742 [Invalid pointer dereference might occur during DNS server response processing]
 	RESERVED
+	{DLA-404-1}
 	- nginx 1.9.10-1 (bug #812806)
 	NOTE: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html
 	NOTE: https://github.com/nginx/nginx/commit/c44fd4e837f979912749a5a19490ccb9b46398d3
@@ -4711,6 +4752,7 @@
 	[wheezy] - virtualbox <end-of-life> (DSA 3454)
 	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR
 CVE-2016-0494 (Unspecified vulnerability in the Java SE and Java SE Embedded ...)
+	{DSA-3458-1}
 	- openjdk-8 8u72-b15-1
 	- openjdk-7 7u95-2.6.4-1
 	- openjdk-6 <removed>
@@ -4737,6 +4779,7 @@
 CVE-2016-0484 (Unspecified vulnerability in the Oracle Application Testing Suite ...)
 	TODO: check
 CVE-2016-0483 (Unspecified vulnerability in the Java SE, Java SE Embedded, and ...)
+	{DSA-3458-1}
 	- openjdk-8 8u72-b15-1
 	- openjdk-7 7u95-2.6.4-1
 	- openjdk-6 <removed>
@@ -4774,6 +4817,7 @@
 CVE-2016-0467 (Unspecified vulnerability in the Security component in Oracle Database ...)
 	TODO: check
 CVE-2016-0466 (Unspecified vulnerability in the Java SE, Java SE Embedded, and ...)
+	{DSA-3458-1}
 	- openjdk-8 8u72-b15-1
 	- openjdk-7 7u95-2.6.4-1
 	- openjdk-6 <unfixed>
@@ -4813,6 +4857,7 @@
 CVE-2016-0449 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
 	TODO: check
 CVE-2016-0448 (Unspecified vulnerability in the Java SE and Java SE Embedded ...)
+	{DSA-3458-1}
 	- openjdk-8 8u72-b15-1
 	- openjdk-7 7u95-2.6.4-1
 	- openjdk-6 <removed>
@@ -4908,6 +4953,7 @@
 CVE-2016-0403 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote ...)
 	TODO: check
 CVE-2016-0402 (Unspecified vulnerability in the Java SE and Java SE Embedded ...)
+	{DSA-3458-1}
 	- openjdk-8 8u72-b15-1
 	- openjdk-7 7u95-2.6.4-1
 	- openjdk-6 <removed>
@@ -5326,8 +5372,8 @@
 	RESERVED
 CVE-2016-0210
 	RESERVED
-CVE-2016-0209
-	RESERVED
+CVE-2016-0209 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 ...)
+	TODO: check
 CVE-2016-0208
 	RESERVED
 CVE-2016-0207
@@ -6111,8 +6157,7 @@
 	{DLA-362-1}
 	- dhcpcd <removed>
 	NOTE: https://launchpadlibrarian.net/228152582/dhcp.c.patch
-CVE-2015-8379 [cakephp: CSRF protection bypass]
-	RESERVED
+CVE-2015-8379 (CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to ...)
 	- cakephp <unfixed>
 	NOTE: http://karmainsecurity.com/KIS-2016-01
 	TODO: check
@@ -7366,8 +7411,7 @@
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
 	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2937
 	TODO: check
-CVE-2015-7974 [Skeleton Key: Missing key check allows impersonation between authenticated peers]
-	RESERVED
+CVE-2015-7974 (NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer ...)
 	- ntp <unfixed>
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
 	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2936
@@ -8645,7 +8689,7 @@
 	- ruby-activesupport-2.3 <removed>
 	TODO: check
 CVE-2015-7575 (Mozilla Network Security Services (NSS) before 3.20.2, as used in ...)
-	{DSA-3437-1 DSA-3436-1}
+	{DSA-3458-1 DSA-3457-1 DSA-3437-1 DSA-3436-1}
 	- iceweasel 43.0.2-1
 	[squeeze] - iceweasel <end-of-life>
 	- nss 2:3.21-1
@@ -8968,10 +9012,10 @@
 	RESERVED
 CVE-2015-7489 (IBM SPSS Statistics 22.0.0.2 before IF10 and 23.0.0.2 before IF7 uses ...)
 	TODO: check
-CVE-2015-7488
-	RESERVED
-CVE-2015-7487
-	RESERVED
+CVE-2015-7488 (IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1, in ...)
+	TODO: check
+CVE-2015-7487 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 ...)
+	TODO: check
 CVE-2015-7486
 	RESERVED
 CVE-2015-7485
@@ -9066,8 +9110,8 @@
 	TODO: check
 CVE-2015-7440
 	RESERVED
-CVE-2015-7439
-	RESERVED
+CVE-2015-7439 (Cross-site scripting (XSS) vulnerability in InfoSphere Data Architect ...)
+	TODO: check
 CVE-2015-7438 (IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive ...)
 	TODO: check
 CVE-2015-7437 (Queue Watcher in IBM Sterling B2B Integrator 5.2 allows local users to ...)
@@ -10756,6 +10800,7 @@
 CVE-2015-6793
 	RESERVED
 CVE-2015-6792 (The MIDI subsystem in Google Chrome before 47.0.2526.106 does not ...)
+	{DSA-3456-1}
 	- chromium-browser 47.0.2526.111-1
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>

More information about the Secure-testing-commits mailing list