[Secure-testing-commits] r43063 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Jul 7 21:10:11 UTC 2016
Author: sectracker
Date: 2016-07-07 21:10:11 +0000 (Thu, 07 Jul 2016)
New Revision: 43063
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-07-07 20:24:59 UTC (rev 43062)
+++ data/CVE/list 2016-07-07 21:10:11 UTC (rev 43063)
@@ -1,3 +1,35 @@
+CVE-2016-6175
+ RESERVED
+CVE-2016-6174
+ RESERVED
+CVE-2016-6173
+ RESERVED
+CVE-2016-6172
+ RESERVED
+CVE-2016-6169
+ RESERVED
+CVE-2016-6168
+ RESERVED
+CVE-2016-6167
+ RESERVED
+CVE-2016-6166
+ RESERVED
+CVE-2016-6165
+ RESERVED
+CVE-2016-6164
+ RESERVED
+CVE-2016-1000101
+ RESERVED
+CVE-2016-1000100
+ RESERVED
+CVE-2016-1000008
+ RESERVED
+CVE-2016-1000006
+ RESERVED
+CVE-2016-1000005
+ RESERVED
+CVE-2016-1000004
+ RESERVED
CVE-2016-6713
- nsd <unfixed>
[jessie] - nsd <no-dsa> (Minor issue)
@@ -9,23 +41,27 @@
NOTE: Master: https://github.com/PowerDNS/pdns/pull/4133
NOTE: 3.4.x: https://github.com/PowerDNS/pdns/pull/4134
CVE-2016-6171
+ RESERVED
- knot <unfixed>
[jessie] - knot <no-dsa> (Minor issue)
NOTE: https://gitlab.labs.nic.cz/labs/knot/merge_requests/541
-CVE-2016-6170
+CVE-2016-6170 (ISC BIND through 9.10.4-P1 allows primary DNS servers to cause a ...)
- bind9 <unfixed>
[jessie] - bind9 <no-dsa> (Minor issue)
NOTE: Fixed by https://github.com/sischkg/xfer-limit/blob/master/bind-9.10.3-xfer-limit-0.0.1.patch
NOTE: Fixed by https://github.com/sischkg/xfer-limit/blob/master/bind-9.9.9-P1-xfer-limit-0.0.1.patch
CVE-2016-6163 [read out-of-bounds in librsvg2 (a dependency of gdk-pixbuf used to render svg images).]
+ RESERVED
- librsvg 2.40.9-2
[jessie] - librsvg <no-dsa> (Minor issue)
[wheezy] - librsvg <not-affected> (vulnerable code not present, no segfault)
NOTE: Fixed by: https://git.gnome.org/browse/librsvg/commit/?id=0035e95118a60c0cd3949c2300472d805e16a022 (2.40.7)
NOTE: Reproducer attached in http://seclists.org/oss-sec/2016/q3/7
CVE-2016-6162 [BUG_ON crash in linux 4.7-rc6/master skbuff.c]
+ RESERVED
- linux <not-affected> (Vulnerable code introduced in 4.7-rc1)
CVE-2016-6161
+ RESERVED
- libgd2 2.2.1-1
NOTE: https://github.com/libgd/libgd/issues/209
NOTE: https://github.com/libgd/libgd/commit/82b80dcb70a7ca8986125ff412bceddafc896842 (gd-2.2.0)
@@ -88,6 +124,8 @@
NOTE: https://pagure.io/pagure/c/070d63983fe5daef92005ea33d3b8c693c224c77
TODO: check if this CVE is correct
CVE-2016-6160 [segfault upon huge frames, missing size check]
+ RESERVED
+ {DLA-544-1}
- tcpreplay 3.4.4-3 (bug #829350)
[jessie] - tcpreplay <no-dsa> (Minor issue; will be addressed via point release)
CVE-2016-6133
@@ -3375,8 +3413,7 @@
CVE-2016-4980
RESERVED
NOT-FOR-US: Red Hat xguest kiosk mode
-CVE-2016-4979
- RESERVED
+CVE-2016-4979 (The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and ...)
- apache2 2.4.23-1
[jessie] - apache2 <not-affected> (Vulnerable code not present)
[wheezy] - apache2 <not-affected> (Vulnerable code not present)
@@ -4760,10 +4797,10 @@
TODO: check
CVE-2016-4509 (Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and ...)
TODO: check
-CVE-2016-4508
- RESERVED
-CVE-2016-4507
- RESERVED
+CVE-2016-4508 (Cross-site scripting (XSS) vulnerability in Rexroth Bosch ...)
+ TODO: check
+CVE-2016-4507 (SQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 ...)
+ TODO: check
CVE-2016-4506 (Cross-site request forgery (CSRF) vulnerability on Resource Data ...)
NOT-FOR-US: Resource Data Management
CVE-2016-4505 (Resource Data Management (RDM) Intuitive 650 TDB Controller devices ...)
@@ -5477,7 +5514,7 @@
NOTE: https://trac.mplayerhq.hu/ticket/2295
NOTE: Fixed in Revision r37857 upstream
NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/3
-CVE-2015-8869 (OCamel before 4.03.0 does not properly handle sign extensions, which ...)
+CVE-2015-8869 (OCaml before 4.03.0 does not properly handle sign extensions, which ...)
{DLA-466-1}
- ocaml <unfixed> (bug #824139)
[jessie] - ocaml <no-dsa> (Minor issue; can be fixed via point release and sheduling binNMUs there)
@@ -14387,8 +14424,7 @@
- ntp 1:4.2.8p7+dfsg-1
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
TODO: check
-CVE-2016-1546
- RESERVED
+CVE-2016-1546 (The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, ...)
- apache2 2.4.20-1
[jessie] - apache2 <not-affected> (Vulnerable code not present)
[wheezy] - apache2 <not-affected> (Vulnerable code not present)
@@ -16555,8 +16591,7 @@
NOT-FOR-US: EMC Isilon
CVE-2016-0907 (EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before ...)
NOT-FOR-US: EMC Isilon
-CVE-2016-0906
- RESERVED
+CVE-2016-0906 (The web-restore interface in Avamar Data Store (ADS) and Avamar ...)
NOT-FOR-US: EMC Avamar
CVE-2016-0905
RESERVED
@@ -18090,7 +18125,7 @@
[wheezy] - virtualbox <end-of-life> (DSA 3454)
NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR
CVE-2016-0494 (Unspecified vulnerability in the Java SE and Java SE Embedded ...)
- {DSA-3465-1 DSA-3458-1 DLA-410-1}
+ {DSA-3465-1 DSA-3458-1 DLA-545-1 DLA-410-1}
- openjdk-8 8u72-b15-1
- openjdk-7 7u95-2.6.4-1
- openjdk-6 <removed>
@@ -29715,7 +29750,7 @@
CVE-2015-4845 (Unspecified vulnerability in the Oracle Application Object Library ...)
NOT-FOR-US: Oracle
CVE-2015-4844 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
- {DSA-3465-1 DSA-3381-1 DLA-346-1}
+ {DSA-3465-1 DSA-3381-1 DLA-545-1 DLA-346-1}
- openjdk-6 <removed>
- openjdk-7 7u85-2.6.1-6
- openjdk-8 8u66-b17-1
@@ -36375,7 +36410,7 @@
CVE-2015-2633 (Unspecified vulnerability in the Enterprise Manager Ops Center ...)
NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2015-2632 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 ...)
- {DSA-3339-1 DSA-3316-1 DLA-381-1 DLA-303-1}
+ {DSA-3339-1 DSA-3316-1 DLA-545-1 DLA-381-1 DLA-303-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
More information about the Secure-testing-commits
mailing list