[Secure-testing-commits] r43120 - data/CVE

Paul Mathijs Gevers elbrus at moszumanska.debian.org
Mon Jul 11 18:22:32 UTC 2016 

Author: elbrus
Date: 2016-07-11 18:22:32 +0000 (Mon, 11 Jul 2016)
New Revision: 43120

Modified:
   data/CVE/list
Log:
Update notes for cacti CVE's

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-07-11 17:55:50 UTC (rev 43119)
+++ data/CVE/list	2016-07-11 18:22:32 UTC (rev 43120)
@@ -7553,7 +7553,9 @@
 	RESERVED
 CVE-2016-3659 (SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows ...)
 	- cacti 0.8.8h+ds1-1 (bug #820521)
+    [jessie] - cacti <no-dsa> (Minor issue)
 	NOTE: http://bugs.cacti.net/view.php?id=2673
+    NOTE: Requires authenticated user
 CVE-2016-3658 [Illegal read occurs in the TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c when using tiffset command]
 	RESERVED
 	- tiff <unfixed> (low)
@@ -9457,8 +9459,10 @@
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/05/8
 CVE-2016-3172 (SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier ...)
 	- cacti 0.8.8g+ds1-2 (bug #818647)
+    [jessie] - cacti <no-dsa> (Minor issue)
 	NOTE: http://bugs.cacti.net/view.php?id=2667
 	NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/13
+    NOTE: Requires authenticated user
 CVE-2016-3116 (CRLF injection vulnerability in Dropbear SSH before 2016.72 allows ...)
 	- dropbear 2016.72-1
 	[jessie] - dropbear <no-dsa> (Minor issue)
@@ -11764,11 +11768,13 @@
 	NOTE: Introduced by: https://git.kernel.org/linus/04b5d028f50ff05a8f9ae049ee71f8fdfcf1f5de (v2.6.30-rc2)
 CVE-2016-2313 (auth_login.php in Cacti before 0.8.8g allows remote authenticated ...)
 	- cacti 0.8.8g+ds1-1 (bug #814353)
+    [jessie] - cacti <no-dsa> (Minor issue)
 	NOTE: http://svn.cacti.net/viewvc/cacti/tags/0.8.8g/docs/CHANGELOG?revision=7788&view=markup
 	NOTE: http://bugs.cacti.net/view.php?id=2656
 	NOTE: Upstream fix: http://svn.cacti.net/viewvc?view=rev&revision=7770
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=965930
 	NOTE: http://www.openwall.com/lists/oss-security/2016/02/09/3
+    NOTE: Only exploitable in non default setup
 CVE-2016-2312 [KDE lockscreen bypass by switching display off and on]
 	RESERVED
 	- plasma-workspace 4:5.4.3-2 (bug #814355)

More information about the Secure-testing-commits mailing list