[Secure-testing-commits] r43130 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Jul 11 21:10:12 UTC 2016
Author: sectracker
Date: 2016-07-11 21:10:12 +0000 (Mon, 11 Jul 2016)
New Revision: 43130
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-07-11 20:22:08 UTC (rev 43129)
+++ data/CVE/list 2016-07-11 21:10:12 UTC (rev 43130)
@@ -1,3 +1,7 @@
+CVE-2016-6186
+ RESERVED
+CVE-2016-1000009
+ RESERVED
CVE-2016-XXXX [Insecure use of /tmp]
- leptonlib <unfixed> (bug #830660)
[jessie] - leptonlib <no-dsa> (Minor issue)
@@ -12,28 +16,33 @@
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/11f3710417d026ea2f4fcf362d866342c5274185 (v4.6-rc1)
CVE-2016-6191 [Persistent Cross-Site Scripting in calendar]
+ RESERVED
- sogo <unfixed>
NOTE: https://sogo.nu/bugs/view.php?id=3718
NOTE: http://github.com/inverse-inc/sogo/commit/64ce3c9c22fd9a28caabf11e76216cd53d0245aa
TODO: check versions
CVE-2016-6190 [Meta information can be derived from UID/DTSTAMP attributes though "View the Date & Time" restricted access Backend Calendar]
+ RESERVED
- sogo <unfixed>
NOTE: Fix SOGo v2: https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225
NOTE: Fix SOGo v3: https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d
NOTE: https://sogo.nu/bugs/view.php?id=3696
TODO: check versions
CVE-2016-6189 [Private information leakage through ics/XML feeds when restricted to "View the Date & Time"]
+ RESERVED
- sogo <unfixed>
NOTE: Fix SOGo v2: https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225
NOTE: Fix SOGo v3: https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d
NOTE: https://sogo.nu/bugs/view.php?id=3695
TODO: check versions
CVE-2016-6188 [DOS attack through uploading malicious attachments]
+ RESERVED
- sogo <unfixed>
NOTE: http://github.com/inverse-inc/sogo/commit/32bb1456e23a32c7f45079c3985bf732dd0d276d
NOTE: https://sogo.nu/bugs/view.php?id=3510
TODO: check versions
CVE-2016-6187 [apparmor: oops in apparmor_setprocattr()]
+ RESERVED
- linux <unfixed>
[jessie] - linux <not-affected> (Vulnerable code introduced later)
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
@@ -69,6 +78,7 @@
[jessie] - trn <no-dsa> (non-free not supported)
[wheezy] - trn <no-dsa> (non-free not supported)
CVE-2016-6185
+ RESERVED
- perl 5.22.2-2 (bug #829578)
[jessie] - perl <no-dsa> (Will be fixed in future DSA)
[wheezy] - perl <no-dsa> (Will be fixed in future DLA)
@@ -118,7 +128,7 @@
[jessie] - knot <no-dsa> (Minor issue)
NOTE: https://gitlab.labs.nic.cz/labs/knot/merge_requests/541
NOTE: https://gitlab.labs.nic.cz/labs/knot/issues/464
-CVE-2016-6170 (ISC BIND through 9.10.4-P1 allows primary DNS servers to cause a ...)
+CVE-2016-6170 (ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x ...)
- bind9 <unfixed> (bug #830810)
[jessie] - bind9 <no-dsa> (Minor issue)
NOTE: Fixed by https://github.com/sischkg/xfer-limit/blob/master/bind-9.10.3-xfer-limit-0.0.1.patch
@@ -1002,6 +1012,7 @@
CVE-2015-8937
RESERVED
CVE-2014-9905 [Script injection in calendar title]
+ RESERVED
- sogo <unfixed>
NOTE: https://github.com/inverse-inc/sogo/commit/1a7fc2a0e90a19dfb1fce292ae5ff53aa513ade9
NOTE: https://github.com/inverse-inc/sogo/commit/80a09407652ec04e8c9fb6cb48e1029e69a15765
@@ -2650,10 +2661,12 @@
NOTE: http://xenbits.xen.org/xsa/advisory-181.html
CVE-2016-5241
RESERVED
+ {DLA-547-1}
- graphicsmagick 1.3.24-1
NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/8d175c4edfe7
CVE-2016-5240
RESERVED
+ {DLA-547-1}
- graphicsmagick 1.3.24-1
NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ddc999ec896c
CVE-2016-5237
@@ -2662,8 +2675,8 @@
RESERVED
CVE-2016-5235
RESERVED
-CVE-2014-9803
- RESERVED
+CVE-2014-9803 (arch/arm64/include/asm/pgtable.h in the Linux kernel before ...)
+ TODO: check
CVE-2014-9804 [Avoid a DOS in vision.c due to an infinite loop]
RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
@@ -3106,72 +3119,72 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/10/07/2
NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/4
NOTE: The problem can only be triggered with recent versions of ImageMagick (8:6.9.1.2-1 in experimental is vulnerable, 8:6.8.9.9-6 in sid is not vulnerable, older versions are not vulnerable)
-CVE-2015-8893
- RESERVED
-CVE-2015-8892
- RESERVED
-CVE-2015-8891
- RESERVED
-CVE-2015-8890
- RESERVED
-CVE-2015-8889
- RESERVED
-CVE-2015-8888
- RESERVED
-CVE-2014-9802
- RESERVED
-CVE-2014-9801
- RESERVED
-CVE-2014-9800
- RESERVED
-CVE-2014-9799
- RESERVED
-CVE-2014-9798
- RESERVED
+CVE-2015-8893 (app/aboot/aboot.c in the Qualcomm bootloader in Android before ...)
+ TODO: check
+CVE-2015-8892 (platform/msm_shared/boot_verifier.c in the Qualcomm components in ...)
+ TODO: check
+CVE-2015-8891 (Multiple integer overflows in app/aboot/aboot.c in the Qualcomm ...)
+ TODO: check
+CVE-2015-8890 (platform/msm_shared/partition_parser.c in the Qualcomm components in ...)
+ TODO: check
+CVE-2015-8889 (The aboot implementation in the Qualcomm components in Android before ...)
+ TODO: check
+CVE-2015-8888 (Integer overflow in app/aboot/aboot.c in the Qualcomm components in ...)
+ TODO: check
+CVE-2014-9802 (Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm ...)
+ TODO: check
+CVE-2014-9801 (Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm ...)
+ TODO: check
+CVE-2014-9800 (Integer overflow in lib/heap/heap.c in the Qualcomm components in ...)
+ TODO: check
+CVE-2014-9799 (The makefile in the Qualcomm components in Android before 2016-07-05 ...)
+ TODO: check
+CVE-2014-9798 (platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android ...)
+ TODO: check
CVE-2014-9797
- RESERVED
-CVE-2014-9796
- RESERVED
-CVE-2014-9795
- RESERVED
+ REJECTED
+CVE-2014-9796 (app/aboot/aboot.c in the Qualcomm components in Android before ...)
+ TODO: check
+CVE-2014-9795 (app/aboot/aboot.c in the Qualcomm components in Android before ...)
+ TODO: check
CVE-2014-9794
- RESERVED
-CVE-2014-9793
- RESERVED
-CVE-2014-9792
- RESERVED
+ REJECTED
+CVE-2014-9793 (platform/msm_shared/mmc.c in the Qualcomm components in Android before ...)
+ TODO: check
+CVE-2014-9792 (arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android ...)
+ TODO: check
CVE-2014-9791
- RESERVED
-CVE-2014-9790
- RESERVED
-CVE-2014-9789
- RESERVED
-CVE-2014-9788
- RESERVED
-CVE-2014-9787
- RESERVED
-CVE-2014-9786
- RESERVED
-CVE-2014-9785
- RESERVED
-CVE-2014-9784
- RESERVED
-CVE-2014-9783
- RESERVED
-CVE-2014-9782
- RESERVED
-CVE-2014-9781
- RESERVED
-CVE-2014-9780
- RESERVED
-CVE-2014-9779
- RESERVED
-CVE-2014-9778
- RESERVED
-CVE-2014-9777
- RESERVED
-CVE-2013-7457
- RESERVED
+ REJECTED
+CVE-2014-9790 (drivers/mmc/core/debugfs.c in the Qualcomm components in Android ...)
+ TODO: check
+CVE-2014-9789 (The (1) alloc and (2) free APIs in ...)
+ TODO: check
+CVE-2014-9788 (Multiple buffer overflow in the voice drivers in the Qualcomm ...)
+ TODO: check
+CVE-2014-9787 (Integer overflow in drivers/misc/qseecom.c in the Qualcomm components ...)
+ TODO: check
+CVE-2014-9786 (Heap-based buffer overflow in ...)
+ TODO: check
+CVE-2014-9785 (drivers/misc/qseecom.c in the Qualcomm components in Android before ...)
+ TODO: check
+CVE-2014-9784 (Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the ...)
+ TODO: check
+CVE-2014-9783 (drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the ...)
+ TODO: check
+CVE-2014-9782 (drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in ...)
+ TODO: check
+CVE-2014-9781 (Buffer overflow in drivers/video/fbcmap.c in the Qualcomm components ...)
+ TODO: check
+CVE-2014-9780 (drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in ...)
+ TODO: check
+CVE-2014-9779 (arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components ...)
+ TODO: check
+CVE-2014-9778 (The vid_dec_set_h264_mv_buffers function in ...)
+ TODO: check
+CVE-2014-9777 (The vid_dec_set_meta_buffers function in ...)
+ TODO: check
+CVE-2013-7457 (Unspecified vulnerability in the Qualcomm components in Android before ...)
+ TODO: check
CVE-2016-5125
RESERVED
CVE-2016-5124
@@ -5269,8 +5282,7 @@
NOTE: https://struts.apache.org/docs/s2-041.html
CVE-2016-4464
RESERVED
-CVE-2016-4463 [Apache Xerces-C XML Parser Crashes on Malformed DTD]
- RESERVED
+CVE-2016-4463 (Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows ...)
{DSA-3610-1 DLA-535-1}
- xerces-c 3.1.3+debian-2.1 (bug #828990)
NOTE: http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt
@@ -5664,8 +5676,7 @@
TODO: check
CVE-2016-4325 (Lantronix xPrintServer devices with firmware before 5.0.1-65 have ...)
NOT-FOR-US: Lantronix xPrintServer
-CVE-2016-4324
- RESERVED
+CVE-2016-4324 (Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote ...)
{DSA-3608-1}
- libreoffice 1:5.1.4~rc1-1
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2016-4324/
@@ -7119,60 +7130,60 @@
RESERVED
CVE-2016-3819
RESERVED
-CVE-2016-3818
- RESERVED
+CVE-2016-3818 (libc in Android 4.x before 4.4.4 allows remote attackers to cause a ...)
+ TODO: check
CVE-2016-3817
RESERVED
-CVE-2016-3816
- RESERVED
-CVE-2016-3815
- RESERVED
-CVE-2016-3814
- RESERVED
-CVE-2016-3813
- RESERVED
-CVE-2016-3812
- RESERVED
-CVE-2016-3811
- RESERVED
-CVE-2016-3810
- RESERVED
-CVE-2016-3809
- RESERVED
-CVE-2016-3808
- RESERVED
-CVE-2016-3807
- RESERVED
-CVE-2016-3806
- RESERVED
-CVE-2016-3805
- RESERVED
-CVE-2016-3804
- RESERVED
-CVE-2016-3803
- RESERVED
-CVE-2016-3802
- RESERVED
-CVE-2016-3801
- RESERVED
-CVE-2016-3800
- RESERVED
-CVE-2016-3799
- RESERVED
-CVE-2016-3798
- RESERVED
-CVE-2016-3797
- RESERVED
-CVE-2016-3796
- RESERVED
-CVE-2016-3795
- RESERVED
+CVE-2016-3816 (The MediaTek display driver in Android before 2016-07-05 on Android ...)
+ TODO: check
+CVE-2016-3815 (The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 ...)
+ TODO: check
+CVE-2016-3814 (The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 ...)
+ TODO: check
+CVE-2016-3813 (The Qualcomm USB driver in Android before 2016-07-05 on Nexus 5, 5X, ...)
+ TODO: check
+CVE-2016-3812 (The MediaTek video codec driver in Android before 2016-07-05 on ...)
+ TODO: check
+CVE-2016-3811 (The kernel video driver in Android before 2016-07-05 on Nexus 9 ...)
+ TODO: check
+CVE-2016-3810 (The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One ...)
+ TODO: check
+CVE-2016-3809 (The networking component in Android before 2016-07-05 on Android One, ...)
+ TODO: check
+CVE-2016-3808 (The serial peripheral interface driver in Android before 2016-07-05 on ...)
+ TODO: check
+CVE-2016-3807 (The serial peripheral interface driver in Android before 2016-07-05 on ...)
+ TODO: check
+CVE-2016-3806 (The MediaTek display driver in Android before 2016-07-05 on Android ...)
+ TODO: check
+CVE-2016-3805 (The MediaTek power management driver in Android before 2016-07-05 on ...)
+ TODO: check
+CVE-2016-3804 (The MediaTek power management driver in Android before 2016-07-05 on ...)
+ TODO: check
+CVE-2016-3803 (The kernel filesystem implementation in Android before 2016-07-05 on ...)
+ TODO: check
+CVE-2016-3802 (The kernel filesystem implementation in Android before 2016-07-05 on ...)
+ TODO: check
+CVE-2016-3801 (The MediaTek GPS driver in Android before 2016-07-05 on Android One ...)
+ TODO: check
+CVE-2016-3800 (The MediaTek video driver in Android before 2016-07-05 on Android One ...)
+ TODO: check
+CVE-2016-3799 (The MediaTek video driver in Android before 2016-07-05 on Android One ...)
+ TODO: check
+CVE-2016-3798 (The MediaTek hardware sensor driver in Android before 2016-07-05 on ...)
+ TODO: check
+CVE-2016-3797 (The Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 5X ...)
+ TODO: check
+CVE-2016-3796 (The MediaTek power driver in Android before 2016-07-05 on Android One ...)
+ TODO: check
+CVE-2016-3795 (The MediaTek power driver in Android before 2016-07-05 on Android One ...)
+ TODO: check
CVE-2016-3794
REJECTED
-CVE-2016-3793
- RESERVED
-CVE-2016-3792
- RESERVED
+CVE-2016-3793 (The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 ...)
+ TODO: check
+CVE-2016-3792 (CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in ...)
+ TODO: check
CVE-2016-3791
RESERVED
CVE-2016-3790
@@ -7205,76 +7216,76 @@
RESERVED
CVE-2016-3776
RESERVED
-CVE-2016-3775
- RESERVED
-CVE-2016-3774
- RESERVED
-CVE-2016-3773
- RESERVED
-CVE-2016-3772
- RESERVED
-CVE-2016-3771
- RESERVED
-CVE-2016-3770
- RESERVED
-CVE-2016-3769
- RESERVED
-CVE-2016-3768
- RESERVED
-CVE-2016-3767
- RESERVED
-CVE-2016-3766
- RESERVED
-CVE-2016-3765
- RESERVED
-CVE-2016-3764
- RESERVED
-CVE-2016-3763
- RESERVED
-CVE-2016-3762
- RESERVED
-CVE-2016-3761
- RESERVED
-CVE-2016-3760
- RESERVED
-CVE-2016-3759
- RESERVED
-CVE-2016-3758
- RESERVED
-CVE-2016-3757
- RESERVED
-CVE-2016-3756
- RESERVED
-CVE-2016-3755
- RESERVED
-CVE-2016-3754
- RESERVED
-CVE-2016-3753
- RESERVED
-CVE-2016-3752
- RESERVED
-CVE-2016-3751
- RESERVED
-CVE-2016-3750
- RESERVED
-CVE-2016-3749
- RESERVED
-CVE-2016-3748
- RESERVED
-CVE-2016-3747
- RESERVED
-CVE-2016-3746
- RESERVED
-CVE-2016-3745
- RESERVED
-CVE-2016-3744
- RESERVED
-CVE-2016-3743
- RESERVED
-CVE-2016-3742
- RESERVED
-CVE-2016-3741
- RESERVED
+CVE-2016-3775 (The kernel filesystem implementation in Android before 2016-07-05 on ...)
+ TODO: check
+CVE-2016-3774 (The MediaTek drivers in Android before 2016-07-05 on Android One ...)
+ TODO: check
+CVE-2016-3773 (The MediaTek drivers in Android before 2016-07-05 on Android One ...)
+ TODO: check
+CVE-2016-3772 (The MediaTek drivers in Android before 2016-07-05 on Android One ...)
+ TODO: check
+CVE-2016-3771 (The MediaTek drivers in Android before 2016-07-05 on Android One ...)
+ TODO: check
+CVE-2016-3770 (The MediaTek drivers in Android before 2016-07-05 on Android One ...)
+ TODO: check
+CVE-2016-3769 (The NVIDIA video driver in Android before 2016-07-05 on Nexus 9 ...)
+ TODO: check
+CVE-2016-3768 (The Qualcomm performance component in Android before 2016-07-05 on ...)
+ TODO: check
+CVE-2016-3767 (The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One ...)
+ TODO: check
+CVE-2016-3766 (MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x ...)
+ TODO: check
+CVE-2016-3765 (decoder/impeg2d_bitstream.c in mediaserver in Android 6.x before ...)
+ TODO: check
+CVE-2016-3764 (media/libmediaplayerservice/MetadataRetrieverClient.cpp in mediaserver ...)
+ TODO: check
+CVE-2016-3763 (net/PacProxySelector.java in the Proxy Auto-Config (PAC) feature in ...)
+ TODO: check
+CVE-2016-3762 (The sockets subsystem in Android 5.0.x before 5.0.2, 5.1.x before ...)
+ TODO: check
+CVE-2016-3761 (NfcService.java in NFC in Android 4.x before 4.4.4, 5.0.x before ...)
+ TODO: check
+CVE-2016-3760 (Bluetooth in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x ...)
+ TODO: check
+CVE-2016-3759 (The Framework APIs in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, ...)
+ TODO: check
+CVE-2016-3758 (Multiple buffer overflows in libdex/OptInvocation.cpp in ...)
+ TODO: check
+CVE-2016-3757 (The print_maps function in toolbox/lsof.c in Android 4.x before 4.4.4, ...)
+ TODO: check
+CVE-2016-3756 (Tremolo/res012.c in mediaserver in Android 4.x before 4.4.4, 5.0.x ...)
+ TODO: check
+CVE-2016-3755 (decoder/ih264d_parse_pslice.c in mediaserver in Android 6.x before ...)
+ TODO: check
+CVE-2016-3754 (mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x ...)
+ TODO: check
+CVE-2016-3753 (mediaserver in Android 4.x before 4.4.4 allows remote attackers to ...)
+ TODO: check
+CVE-2016-3752 (internal/app/ChooserActivity.java in the ChooserTarget service in ...)
+ TODO: check
+CVE-2016-3751 (Unspecified vulnerability in libpng before 1.6.20, as used in Android ...)
+ TODO: check
+CVE-2016-3750 (libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x ...)
+ TODO: check
+CVE-2016-3749 (server/LockSettingsService.java in LockSettingsService in Android 6.x ...)
+ TODO: check
+CVE-2016-3748 (The sockets subsystem in Android 6.x before 2016-07-01 allows ...)
+ TODO: check
+CVE-2016-3747 (Use-after-free vulnerability in the mm-video-v4l2 venc component in ...)
+ TODO: check
+CVE-2016-3746 (Use-after-free vulnerability in the mm-video-v4l2 vdec component in ...)
+ TODO: check
+CVE-2016-3745 (Multiple buffer overflows in mediaserver in Android 4.x before 4.4.4, ...)
+ TODO: check
+CVE-2016-3744 (Buffer overflow in the create_pbuf function in btif/src/btif_hh.c in ...)
+ TODO: check
+CVE-2016-3743 (decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 ...)
+ TODO: check
+CVE-2016-3742 (decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before ...)
+ TODO: check
+CVE-2016-3741 (The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does ...)
+ TODO: check
CVE-2016-3740
RESERVED
CVE-2016-3739 (The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) ...)
@@ -7567,9 +7578,9 @@
RESERVED
CVE-2016-3659 (SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows ...)
- cacti 0.8.8h+ds1-1 (bug #820521)
- [jessie] - cacti <no-dsa> (Minor issue)
+ [jessie] - cacti <no-dsa> (Minor issue)
NOTE: http://bugs.cacti.net/view.php?id=2673
- NOTE: Requires authenticated user
+ NOTE: Requires authenticated user
CVE-2016-3658 [Illegal read occurs in the TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c when using tiffset command]
RESERVED
- tiff <unfixed> (low)
@@ -9473,10 +9484,10 @@
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/05/8
CVE-2016-3172 (SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier ...)
- cacti 0.8.8g+ds1-2 (bug #818647)
- [jessie] - cacti <no-dsa> (Minor issue)
+ [jessie] - cacti <no-dsa> (Minor issue)
NOTE: http://bugs.cacti.net/view.php?id=2667
NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/13
- NOTE: Requires authenticated user
+ NOTE: Requires authenticated user
CVE-2016-3116 (CRLF injection vulnerability in Dropbear SSH before 2016.72 allows ...)
- dropbear 2016.72-1
[jessie] - dropbear <no-dsa> (Minor issue)
@@ -10883,22 +10894,22 @@
- websvn <removed>
CVE-2016-2509 (The password-sync feature on Belden Hirschmann Classic Platform ...)
NOT-FOR-US: Belden Hirschmann Classic Platform switches
-CVE-2016-2508
- RESERVED
-CVE-2016-2507
- RESERVED
-CVE-2016-2506
- RESERVED
-CVE-2016-2505
- RESERVED
+CVE-2016-2508 (media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver ...)
+ TODO: check
+CVE-2016-2507 (Integer overflow in codecs/on2/h264dec/source/h264bsd_storage.c in ...)
+ TODO: check
+CVE-2016-2506 (DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x ...)
+ TODO: check
+CVE-2016-2505 (mpeg2ts/ATSParser.cpp in libstagefright in mediaserver in Android 6.x ...)
+ TODO: check
CVE-2016-2504
RESERVED
-CVE-2016-2503
- RESERVED
-CVE-2016-2502
- RESERVED
-CVE-2016-2501
- RESERVED
+CVE-2016-2503 (The Qualcomm GPU driver in Android before 2016-07-05 on Nexus 5X and ...)
+ TODO: check
+CVE-2016-2502 (drivers/usb/gadget/f_serial.c in the Qualcomm USB driver in Android ...)
+ TODO: check
+CVE-2016-2501 (The Qualcomm camera driver in Android before 2016-07-05 on Nexus 5X, ...)
+ TODO: check
CVE-2016-2500 (Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, ...)
TODO: check
CVE-2016-2499 (AudioSource.cpp in libstagefright in mediaserver in Android 4.x before ...)
@@ -11782,13 +11793,13 @@
NOTE: Introduced by: https://git.kernel.org/linus/04b5d028f50ff05a8f9ae049ee71f8fdfcf1f5de (v2.6.30-rc2)
CVE-2016-2313 (auth_login.php in Cacti before 0.8.8g allows remote authenticated ...)
- cacti 0.8.8g+ds1-1 (bug #814353)
- [jessie] - cacti <no-dsa> (Minor issue)
+ [jessie] - cacti <no-dsa> (Minor issue)
NOTE: http://svn.cacti.net/viewvc/cacti/tags/0.8.8g/docs/CHANGELOG?revision=7788&view=markup
NOTE: http://bugs.cacti.net/view.php?id=2656
NOTE: Upstream fix: http://svn.cacti.net/viewvc?view=rev&revision=7770
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=965930
NOTE: http://www.openwall.com/lists/oss-security/2016/02/09/3
- NOTE: Only exploitable in non default setup
+ NOTE: Only exploitable in non default setup
CVE-2016-2312 [KDE lockscreen bypass by switching display off and on]
RESERVED
- plasma-workspace 4:5.4.3-2 (bug #814355)
@@ -12622,10 +12633,10 @@
- linux-2.6 <not-affected> (Vulnerable code introduced later)
NOTE: Upstream commit: https://git.kernel.org/linus/8b8a321ff72c785ed5e8b4cf6eda20b35d427390 (v4.4)
NOTE: Introduced by: https://git.kernel.org/linus/3759824da87b30ce7a35b4873b62b0ba38905ef5 (v4.3-rc1)
-CVE-2016-2068
- RESERVED
-CVE-2016-2067
- RESERVED
+CVE-2016-2068 (The MSM QDSP6 audio driver (aka sound driver) for the Linux kernel ...)
+ TODO: check
+CVE-2016-2067 (drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for ...)
+ TODO: check
CVE-2016-2066 (Integer signedness error in the MSM QDSP6 audio driver for the Linux ...)
TODO: check
CVE-2016-2065
@@ -20095,7 +20106,7 @@
NOT-FOR-US: Dovestones
CVE-2015-8266
RESERVED
-CVE-2015-8265 (Huawei E5186 4G LTE router with software before V200R001B310D01SP00C00 ...)
+CVE-2015-8265 (Huawei Mobile WiFi E5151 routers with software before ...)
NOT-FOR-US: Huawei
CVE-2015-8264
RESERVED
@@ -21292,6 +21303,7 @@
[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2015-7943 [Open Redirect - SA-CORE-2015-004]
RESERVED
+ {DLA-548-1}
- drupal7 7.41-1
[jessie] - drupal7 <no-dsa> (Minor issue, can be included in future DSA)
NOTE: https://www.drupal.org/SA-CORE-2015-004
More information about the Secure-testing-commits
mailing list