[Secure-testing-commits] r43203 - data/CVE

Thu Jul 14 21:10:12 UTC 2016

Author: sectracker
Date: 2016-07-14 21:10:11 +0000 (Thu, 14 Jul 2016)
New Revision: 43203

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-07-14 20:25:38 UTC (rev 43202)
+++ data/CVE/list	2016-07-14 21:10:11 UTC (rev 43203)
@@ -1,4 +1,19 @@
+CVE-2016-6217
+	RESERVED
+CVE-2016-6216
+	RESERVED
+CVE-2016-6215
+	RESERVED
+CVE-2016-6212
+	RESERVED
+CVE-2016-6210
+	RESERVED
+CVE-2016-6208
+	RESERVED
+CVE-2016-6207
+	RESERVED
 CVE-2016-6209 [Reflected XSS vulnerability and possible phishing vector]
+	RESERVED
 	- nagios3 <undetermined>
 	NOTE: http://seclists.org/fulldisclosure/2016/Jun/20
 	TODO: check, and check icinga as well
@@ -95,6 +110,7 @@
 	NOTE: Fixed by: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/857
 	NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/2
 CVE-2016-6214 [read out-of-bounds issue]
+	RESERVED
 	- libgd2 2.2.2-29-g3c2b605-1
 	NOTE: https://github.com/libgd/libgd/issues/247#issuecomment-232084241
 	NOTE: Different issue than CVE-2016-6132
@@ -110,6 +126,7 @@
 	NOTE: https://github.com/isaacs/minimatch/commit/6944abf9e0694bd22fd9dad293faa40c2bc8a955
 	NOTE: libv8 is not covered by security support
 CVE-2016-6213
+	RESERVED
 	- linux <unfixed>
 CVE-2016-6186
 	RESERVED
@@ -972,8 +989,7 @@
 	RESERVED
 CVE-2016-5822
 	RESERVED
-CVE-2016-5821
-	RESERVED
+CVE-2016-5821 (Huawei HiSuite before 4.0.4.204_ove (Out of China) and before ...)
 	NOT-FOR-US: Huawei HiSuite
 CVE-2016-5820
 	RESERVED
@@ -1112,6 +1128,7 @@
 CVE-2016-5745
 	RESERVED
 CVE-2015-8945
+	RESERVED
 	NOT-FOR-US: OpenShift
 CVE-2015-8944
 	RESERVED
@@ -1309,6 +1326,7 @@
 	NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
 CVE-2016-5773 [ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize]
 	RESERVED
+	{DSA-3618-1}
 	- php7.0 7.0.8-1
 	- php5 5.6.23+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72434
@@ -1316,6 +1334,7 @@
 	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
 CVE-2016-5772 [Double Free Courruption in wddx_deserialize]
 	RESERVED
+	{DSA-3618-1}
 	- php7.0 7.0.8-1
 	- php5 5.6.23+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72340
@@ -1323,6 +1342,7 @@
 	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
 CVE-2016-5771 [Use After Free Vulnerability in PHP's GC algorithm and unserialize]
 	RESERVED
+	{DSA-3618-1}
 	- php7.0 <not-affected> (Does not affect PHP 7.x)
 	- php5 5.6.23+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72433
@@ -1330,6 +1350,7 @@
 	NOTE: Fixed in 5.5.37, 5.6.23
 CVE-2016-5770 [int/size_t confusion in SplFileObject::fread]
 	RESERVED
+	{DSA-3618-1}
 	- php7.0 7.0.8-1
 	- php5 5.6.23+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72262
@@ -1337,6 +1358,7 @@
 	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
 CVE-2016-5769 [Heap Overflow due to integer overflows]
 	RESERVED
+	{DSA-3618-1}
 	- php7.0 7.0.8-1
 	- php5 5.6.23+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72455
@@ -1344,6 +1366,7 @@
 	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
 CVE-2016-5768 [_php_mb_regex_ereg_replace_exec - double free]
 	RESERVED
+	{DSA-3618-1}
 	- php7.0 7.0.8-1
 	- php5 5.6.23+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72402
@@ -2041,6 +2064,7 @@
 CVE-2016-5435 (Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and ...)
 	TODO: check
 CVE-2016-6211 [SA-CORE-2016-002 -- User module -- Saving user accounts can sometimes grant the user all roles]
+	RESERVED
 	{DSA-3604-1}
 	- drupal7 7.44-1
 	[jessie] - drupal7 7.32-1+deb8u7
@@ -2152,7 +2176,7 @@
 	- linux <unfixed>
 	NOTE: https://www.mail-archive.com/netdev@vger.kernel.org/msg118677.html
 CVE-2016-5389
-	RESERVED
+	REJECTED
 CVE-2016-5388
 	RESERVED
 CVE-2016-5387
@@ -3338,8 +3362,8 @@
 	RESERVED
 CVE-2016-5110
 	RESERVED
-CVE-2016-5109
-	RESERVED
+CVE-2016-5109 (Citrix Worx Home for iOS before 10.3.6 and XenMobile MDX Toolkit for ...)
+	TODO: check
 CVE-2015-8887
 	RESERVED
 CVE-2015-8886
@@ -3421,8 +3445,8 @@
 	[jessie] - phpmyadmin <no-dsa> (Minor issue)
 	[wheezy] - phpmyadmin <no-dsa> (Minor issue)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-14/
-CVE-2016-5092
-	RESERVED
+CVE-2016-5092 (Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 ...)
+	TODO: check
 CVE-2016-5108 (Buffer overflow in the DecodeAdpcmImaQT function in ...)
 	{DSA-3598-1}
 	- vlc 2.2.3-2 (bug #825728)
@@ -3563,8 +3587,7 @@
 	NOTE: http://tracker.ceph.com/issues/16297
 	NOTE: https://github.com/ceph/ceph/pull/9700
 	NOTE: https://github.com/ceph/ceph/commit/957ece7e95d8f8746191fd9629622d4457d690d6
-CVE-2016-5008 [libvirt: Setting empty VNC password allows access to unauthorized users]
-	RESERVED
+CVE-2016-5008 (libvirt before 2.0.0 improperly disables password checking when the ...)
 	{DSA-3613-1 DLA-541-1}
 	- libvirt 2.0.0-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1180092
@@ -3677,8 +3700,7 @@
 	RESERVED
 CVE-2016-4975
 	RESERVED
-CVE-2016-4974
-	RESERVED
+CVE-2016-4974 (Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before ...)
 	NOT-FOR-US: Apache Qpid Java Broker
 CVE-2016-4973
 	RESERVED
@@ -6324,8 +6346,8 @@
 	RESERVED
 CVE-2016-4067
 	RESERVED
-CVE-2016-4066
-	RESERVED
+CVE-2016-4066 (Cross-site request forgery (CSRF) vulnerability in Fortinet FortiWeb ...)
+	TODO: check
 CVE-2016-4065 (The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on ...)
 	NOT-FOR-US: Foxit
 CVE-2016-4064 (Use-after-free vulnerability in the XFA forms handling functionality ...)
@@ -8965,8 +8987,7 @@
 CVE-2016-3101
 	RESERVED
 	- jenkins <removed>
-CVE-2016-3100
-	RESERVED
+CVE-2016-3100 (kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for ...)
 	- kinit 5.23.0-1 (bug #827476)
 	NOTE: https://bugs.kde.org/show_bug.cgi?id=358593
 	NOTE: https://bugs.kde.org/show_bug.cgi?id=363140
@@ -12035,8 +12056,7 @@
 	- tcpdf <undetermined> (bug #814030)
 	NOTE: https://sourceforge.net/p/tcpdf/bugs/1005/ (not public)
 	NOTE: According to upstream fixed in 6.2.0, but not details available
-CVE-2015-8808 [out-of-bound read in the parsing of gif files]
-	RESERVED
+CVE-2015-8808 (The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 ...)
 	{DLA-484-1}
 	- graphicsmagick 1.3.21-2
 	NOTE: http://www.openwall.com/lists/oss-security/2016/02/06/1
@@ -13411,7 +13431,7 @@
 	NOT-FOR-US: SAP
 CVE-2016-1910 (The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers ...)
 	NOT-FOR-US: SAP
-CVE-2016-1909 (FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x ...)
+CVE-2016-1909 (Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; ...)
 	NOT-FOR-US: FortiOS
 CVE-2015-8775
 	RESERVED
@@ -15116,12 +15136,14 @@
 	TODO: check
 CVE-2016-1372
 	RESERVED
+	{DLA-546-1}
 	- clamav 0.99.2+dfsg-1
 	[jessie] - clamav 0.99.2+dfsg-0+deb8u1
 	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11514
 	NOTE: https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/
 CVE-2016-1371
 	RESERVED
+	{DLA-546-1}
 	- clamav 0.99.2+dfsg-1
 	[jessie] - clamav 0.99.2+dfsg-0+deb8u1
 	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11514


