[Secure-testing-commits] r39276 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Jan 28 21:10:12 UTC 2016
Author: sectracker
Date: 2016-01-28 21:10:12 +0000 (Thu, 28 Jan 2016)
New Revision: 39276
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-28 20:29:56 UTC (rev 39275)
+++ data/CVE/list 2016-01-28 21:10:12 UTC (rev 39276)
@@ -1,3 +1,11 @@
+CVE-2016-2088
+ RESERVED
+CVE-2016-2087
+ RESERVED
+CVE-2016-2086
+ RESERVED
+CVE-2015-8788
+ RESERVED
CVE-2016-2091 [an out of bound read is found in libdwarf]
- dwarfutils <unfixed>
[wheezy] - dwarfutils <no-dsa> (Minor issue)
@@ -5,6 +13,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/3
TODO: file bug
CVE-2016-2090 [Heap buffer overflow in fgetwln function of libbsd]
+ RESERVED
- libbsd 0.8.2-1
[jessie] - libbsd <no-dsa> (Minor issue)
[wheezy] - libbsd <not-affected> (Vulnerable code not present)
@@ -14,6 +23,7 @@
NOTE: Fixed by: http://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7 (0.8.2)
NOTE: Introduced by: http://cgit.freedesktop.org/libbsd/commit/?id=a97ce513e031b29a47965b740be14fb9a84277fc (0.5.0)
CVE-2016-2089 [invalid read in the JasPer's jas_matrix_clip() function]
+ RESERVED
- jasper <unfixed> (bug #812978)
CVE-2016-2085
RESERVED
@@ -44,6 +54,7 @@
CVE-2016-2071
RESERVED
CVE-2015-8787 [Missing NULL pointer check in nf_nat_redirect_ipv4]
+ RESERVED
- linux <unfixed>
[jessie] - linux <not-affected> (Vulnerable code introduced in v3.19-rc1)
[wheezy] - linux <not-affected> (Vulnerable code introduced in v3.19-rc1)
@@ -198,8 +209,7 @@
- php-openid <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/2
TODO: check
-CVE-2016-2047 [ssl-validate-cert incorrect hostname check]
- RESERVED
+CVE-2016-2047 (The ssl_verify_server_cert function in sql-common/client.c in MariaDB ...)
{DSA-3453-1}
- mariadb-10.0 10.0.23-1
NOTE: https://mariadb.atlassian.net/browse/MDEV-9212
@@ -493,14 +503,12 @@
RESERVED
- phpmyadmin 4:4.5.4-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-4/
-CVE-2016-1983 [Remove empty Host headers in client requests; resulting in invalid reads]
- RESERVED
+CVE-2016-1983 (The client_host function in parsers.c in Privoxy before 3.0.24 allows ...)
{DLA-398-1}
- privoxy 3.0.24-1
NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.302&r2=1.303
NOTE: http://www.openwall.com/lists/oss-security/2016/01/21/4
-CVE-2016-1982 [Prevent invalid reads in case of corrupt chunk-encoded content]
- RESERVED
+CVE-2016-1982 (The remove_chunked_transfer_coding function in filters.c in Privoxy ...)
{DLA-398-1}
- privoxy 3.0.24-1
NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/filters.c?r1=1.196&r2=1.197
@@ -571,12 +579,10 @@
RESERVED
- lha <removed> (unimportant)
NOTE: Non-free not supported
-CVE-2016-1924 [opj_tgt_reset: AddressSanitizer: SEGV on unknown address]
- RESERVED
+CVE-2016-1924 (The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote ...)
- openjpeg2 <unfixed>
TODO: check
-CVE-2016-1923 [opj_j2k_update_image_data: AddressSanitizer: heap-buffer-overflow READ of size 4]
- RESERVED
+CVE-2016-1923 (Heap-based buffer overflow in the opj_j2k_update_image_data function ...)
- openjpeg2 <unfixed>
TODO: check
CVE-2016-1920 [VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3]
@@ -2025,10 +2031,10 @@
RESERVED
CVE-2016-1301
RESERVED
-CVE-2016-1300
- RESERVED
-CVE-2016-1299
- RESERVED
+CVE-2016-1300 (Cross-site scripting (XSS) vulnerability in Cisco Unity Connection ...)
+ TODO: check
+CVE-2016-1299 (The web-management GUI implementation on Cisco Small Business SG300 ...)
+ TODO: check
CVE-2016-1298 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified ...)
TODO: check
CVE-2016-1297
@@ -3443,8 +3449,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1284008
NOTE: http://www.openwall.com/lists/oss-security/2015/12/21/7
NOTE: LSI Megaraid SAS HBA emulation introduced in http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e8f943c3bcc2a578bfd30b825f2ebaf345c63a09 (v1.2.0-rc0)
-CVE-2015-8618 [math/big: fix carry propagation in Int.Exp Montgomery code]
- RESERVED
+CVE-2015-8618 (The Int.Exp Montgomery code in the math/big library in Go 1.5.x before ...)
- golang 2:1.5.3-1 (bug #809168)
[jessie] - golang <not-affected> (Introduced in 1.5 release)
[wheezy] - golang <not-affected> (Introduced in 1.5 release)
@@ -4486,8 +4491,8 @@
TODO: check
CVE-2016-0617
RESERVED
-CVE-2016-0616 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows ...)
- {DSA-3453-1}
+CVE-2016-0616 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and ...)
+ {DSA-3459-1 DSA-3453-1}
- mysql-5.6 <not-affected> (Only affects MySQL 5.5)
- mysql-5.5 <unfixed> (bug #811428)
- mariadb-10.0 10.0.23-1
@@ -4504,20 +4509,20 @@
- mysql-5.6 5.6.28-1 (bug #811443)
- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
-CVE-2016-0610 (Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows ...)
+CVE-2016-0610 (Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and ...)
- mysql-5.6 5.6.28-1 (bug #811443)
- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
- mariadb-10.0 10.0.22-1
[jessie] - mariadb-10.0 10.0.22-0+deb8u1
NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0609 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 ...)
- {DSA-3453-1}
+ {DSA-3459-1 DSA-3453-1}
- mysql-5.6 5.6.28-1 (bug #811443)
- mysql-5.5 <unfixed> (bug #811428)
- mariadb-10.0 10.0.23-1
NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0608 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 ...)
- {DSA-3453-1}
+ {DSA-3459-1 DSA-3453-1}
- mysql-5.6 5.6.28-1 (bug #811443)
- mysql-5.5 <unfixed> (bug #811428)
- mariadb-10.0 10.0.23-1
@@ -4527,7 +4532,7 @@
- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0606 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 ...)
- {DSA-3453-1}
+ {DSA-3459-1 DSA-3453-1}
- mysql-5.6 5.6.28-1 (bug #811443)
- mysql-5.5 <unfixed> (bug #811428)
- mariadb-10.0 10.0.23-1
@@ -4548,7 +4553,7 @@
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0600 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 ...)
- {DSA-3453-1}
+ {DSA-3459-1 DSA-3453-1}
- mysql-5.6 5.6.28-1 (bug #811443)
- mysql-5.5 <unfixed> (bug #811428)
- mariadb-10.0 10.0.23-1
@@ -4558,19 +4563,19 @@
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0598 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 ...)
- {DSA-3453-1}
+ {DSA-3459-1 DSA-3453-1}
- mysql-5.6 5.6.28-1 (bug #811443)
- mysql-5.5 <unfixed> (bug #811428)
- mariadb-10.0 10.0.23-1
NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0597 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 ...)
- {DSA-3453-1}
+ {DSA-3459-1 DSA-3453-1}
- mysql-5.6 5.6.28-1 (bug #811443)
- mysql-5.5 <unfixed> (bug #811428)
- mariadb-10.0 10.0.23-1
NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0596 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and ...)
- {DSA-3453-1}
+ {DSA-3459-1 DSA-3453-1}
- mysql-5.6 5.6.28-1 (bug #811443)
- mysql-5.5 <unfixed> (bug #811428)
- mariadb-10.0 10.0.23-1
@@ -4681,7 +4686,7 @@
CVE-2016-0547 (Unspecified vulnerability in the Oracle E-Business Intelligence ...)
TODO: check
CVE-2016-0546 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 ...)
- {DSA-3453-1}
+ {DSA-3459-1 DSA-3453-1}
- mysql-5.6 5.6.28-1 (bug #811443)
- mysql-5.5 <unfixed> (bug #811428)
- mariadb-10.0 10.0.23-1
@@ -4767,7 +4772,7 @@
CVE-2016-0506 (Unspecified vulnerability in the Oracle Retail Order Management System ...)
TODO: check
CVE-2016-0505 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 ...)
- {DSA-3453-1}
+ {DSA-3459-1 DSA-3453-1}
- mysql-5.6 5.6.28-1 (bug #811443)
- mysql-5.5 <unfixed> (bug #811428)
- mariadb-10.0 10.0.23-1
@@ -11812,8 +11817,8 @@
TODO: check
CVE-2015-6422 (The self-service application in Cisco Unified Communications Domain ...)
TODO: check
-CVE-2015-6421
- RESERVED
+CVE-2015-6421 (cifs-ao in the CIFS optimization functionality on Cisco Wide Area ...)
+ TODO: check
CVE-2015-6420 (Serialized-object interfaces in certain Cisco Collaboration and Social ...)
TODO: check
CVE-2015-6419 (Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, ...)
@@ -12024,8 +12029,8 @@
NOT-FOR-US: Cisco
CVE-2015-6320 (The IP ingress packet handler on Cisco Aironet 1800 devices with ...)
TODO: check
-CVE-2015-6319
- RESERVED
+CVE-2015-6319 (SQL injection vulnerability in the web-based management interface on ...)
+ TODO: check
CVE-2015-6318 (Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 ...)
NOT-FOR-US: Cisco
CVE-2015-6317 (Cisco Identity Services Engine (ISE) before 2.0 allows remote ...)
@@ -92391,6 +92396,7 @@
- bsd-mailx 8.1.2-0.20071201cvs-1
- mailx 1:8.1.2-0.20040524cvs-2 (bug #278748)
CVE-2003-1604 [oops in ipt_REDIRECT]
+ RESERVED
- linux <not-affected> (Fixed before rename to src:linux)
- linux-2.6 <not-affected> (Fixed before initial upload of linux-2.6 in Debian)
NOTE: https://marc.info/?l=netfilter-devel&m=106668497403047&w=2
More information about the Secure-testing-commits
mailing list