[Secure-testing-commits] r43382 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Jul 22 21:10:12 UTC 2016 

Author: sectracker
Date: 2016-07-22 21:10:12 +0000 (Fri, 22 Jul 2016)
New Revision: 43382

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-07-22 19:38:56 UTC (rev 43381)
+++ data/CVE/list	2016-07-22 21:10:12 UTC (rev 43382)
@@ -1,3 +1,15 @@
+CVE-2016-6271
+	RESERVED
+CVE-2016-6270
+	RESERVED
+CVE-2016-6269
+	RESERVED
+CVE-2016-6268
+	RESERVED
+CVE-2016-6267
+	RESERVED
+CVE-2016-6266
+	RESERVED
 CVE-2016-6260
 	RESERVED
 CVE-2016-6259
@@ -213,30 +225,36 @@
 CVE-2016-1000112
 	RESERVED
 CVE-2016-6265 [use-after-free]
+	RESERVED
 	- mupdf <unfixed> (bug #832031)
 	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696941
 CVE-2016-6264
+	RESERVED
 	- uclibc-ng <itp> (bug #811275)
 	- uclibc <unfixed>
 	NOTE: http://repo.or.cz/uclibc-ng.git/commit/e3848e3dd64a8d6437531488fe341354bc02eaed
 	NOTE: http://mailman.uclibc-ng.org/pipermail/devel/2016-July/001067.html
 	NOTE: Fixed in 1.0.16 of uClibc-ng
 CVE-2016-6263 [stringprep_utf8_nfkc_normalize reject invalid UTF-8]
+	RESERVED
 	- libidn 1.33-1
 	NOTE: https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
 	NOTE: Test / Fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555 (libidn-1-33)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/6
 CVE-2015-8948 [Solve out-of-bounds-read when reading one zero byte as input]
+	RESERVED
 	- libidn 1.33-1
 	NOTE: Fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041 (libidn-1-33)
 	NOTE: When fixing this issue, the followup fix http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60
 	NOTE: is required to fix the problem. (Resultet in followup CVE, CVE-2016-6262
 	NOTE: if not applied completely).
 CVE-2016-6262 [Solve out-of-bounds-read when reading one zero byte as input]
+	RESERVED
 	- libidn <not-affected> (Incomplete fix for CVE-2015-8948 not applied)
 	NOTE: Follow-up fix for CVE-2015-8948: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60 (libidn-1-33)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/6
 CVE-2016-6261 [out-of-bounds stack read in idna_to_ascii_4i]
+	RESERVED
 	- libidn 1.33-1
 	NOTE: https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
 	NOTE: Test: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=9a1a7e15d0706634971364493fbb06e77e74726c (libidn-1-33)
@@ -2741,8 +2759,8 @@
 	RESERVED
 CVE-2016-5339
 	RESERVED
-CVE-2014-9862
-	RESERVED
+CVE-2014-9862 (Integer signedness error in bspatch.c in bspatch in bsdiff, as used in ...)
+	TODO: check
 CVE-2016-5361 (programs/pluto/ikev1.c in libreswan before 3.17 retransmits in ...)
 	- libreswan <itp> (bug #773459)
 	NOTE: Possibly the CVE should be rejected: http://www.openwall.com/lists/oss-security/2016/06/13/1
@@ -5220,150 +5238,150 @@
 	RESERVED
 CVE-2016-4654
 	RESERVED
-CVE-2016-4653
-	RESERVED
-CVE-2016-4652
-	RESERVED
-CVE-2016-4651
-	RESERVED
+CVE-2016-4653 (The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before ...)
+	TODO: check
+CVE-2016-4652 (CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain ...)
+	TODO: check
+CVE-2016-4651 (Cross-site scripting (XSS) vulnerability in the WebKit JavaScript ...)
+	TODO: check
 CVE-2016-4650
 	RESERVED
-CVE-2016-4649
-	RESERVED
-CVE-2016-4648
-	RESERVED
-CVE-2016-4647
-	RESERVED
-CVE-2016-4646
-	RESERVED
-CVE-2016-4645
-	RESERVED
+CVE-2016-4649 (Audio in Apple OS X before 10.11.6 allows local users to cause a ...)
+	TODO: check
+CVE-2016-4648 (Audio in Apple OS X before 10.11.6 allows local users to obtain ...)
+	TODO: check
+CVE-2016-4647 (Audio in Apple OS X before 10.11.6 allows local users to gain ...)
+	TODO: check
+CVE-2016-4646 (Audio in Apple OS X before 10.11.6 mishandles a size value, which ...)
+	TODO: check
+CVE-2016-4645 (CFNetwork in Apple OS X before 10.11.6 uses weak permissions for ...)
+	TODO: check
 CVE-2016-4644
 	RESERVED
 CVE-2016-4643
 	RESERVED
 CVE-2016-4642
 	RESERVED
-CVE-2016-4641
-	RESERVED
-CVE-2016-4640
-	RESERVED
-CVE-2016-4639
-	RESERVED
-CVE-2016-4638
-	RESERVED
-CVE-2016-4637
-	RESERVED
+CVE-2016-4641 (Login Window in Apple OS X before 10.11.6 allows attackers to execute ...)
+	TODO: check
+CVE-2016-4640 (Login Window in Apple OS X before 10.11.6 allows attackers to execute ...)
+	TODO: check
+CVE-2016-4639 (Login Window in Apple OS X before 10.11.6 does not properly initialize ...)
+	TODO: check
+CVE-2016-4638 (Login Window in Apple OS X before 10.11.6 allows attackers to gain ...)
+	TODO: check
+CVE-2016-4637 (CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS ...)
+	TODO: check
 CVE-2016-4636
 	RESERVED
-CVE-2016-4635
-	RESERVED
-CVE-2016-4634
-	RESERVED
-CVE-2016-4633
-	RESERVED
-CVE-2016-4632
-	RESERVED
-CVE-2016-4631
-	RESERVED
-CVE-2016-4630
-	RESERVED
-CVE-2016-4629
-	RESERVED
-CVE-2016-4628
-	RESERVED
-CVE-2016-4627
-	RESERVED
-CVE-2016-4626
-	RESERVED
-CVE-2016-4625
-	RESERVED
-CVE-2016-4624
-	RESERVED
-CVE-2016-4623
-	RESERVED
-CVE-2016-4622
-	RESERVED
-CVE-2016-4621
-	RESERVED
+CVE-2016-4635 (FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows ...)
+	TODO: check
+CVE-2016-4634 (The Graphics Drivers subsystem in Apple OS X before 10.11.6 allows ...)
+	TODO: check
+CVE-2016-4633 (Intel Graphics Driver in Apple OS X before 10.11.6 allows attackers to ...)
+	TODO: check
+CVE-2016-4632 (ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before ...)
+	TODO: check
+CVE-2016-4631 (ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before ...)
+	TODO: check
+CVE-2016-4630 (ImageIO in Apple OS X before 10.11.6 allows remote attackers to ...)
+	TODO: check
+CVE-2016-4629 (ImageIO in Apple OS X before 10.11.6 allows remote attackers to ...)
+	TODO: check
+CVE-2016-4628 (IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 ...)
+	TODO: check
+CVE-2016-4627 (IOAcceleratorFamily in Apple iOS before 9.3.3, tvOS before 9.2.2, and ...)
+	TODO: check
+CVE-2016-4626 (IOHIDFamily in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS ...)
+	TODO: check
+CVE-2016-4625 (Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 ...)
+	TODO: check
+CVE-2016-4624 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
+	TODO: check
+CVE-2016-4623 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
+	TODO: check
+CVE-2016-4622 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
+	TODO: check
+CVE-2016-4621 (libc++abi in Apple OS X before 10.11.6 allows attackers to execute ...)
+	TODO: check
 CVE-2016-4620
 	RESERVED
-CVE-2016-4619
-	RESERVED
+CVE-2016-4619 (libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...)
+	TODO: check
 CVE-2016-4618
 	RESERVED
 CVE-2016-4617
 	RESERVED
-CVE-2016-4616
-	RESERVED
-CVE-2016-4615
-	RESERVED
-CVE-2016-4614
-	RESERVED
+CVE-2016-4616 (libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...)
+	TODO: check
+CVE-2016-4615 (libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...)
+	TODO: check
+CVE-2016-4614 (libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...)
+	TODO: check
 CVE-2016-4613
 	RESERVED
-CVE-2016-4612
-	RESERVED
+CVE-2016-4612 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...)
+	TODO: check
 CVE-2016-4611
 	RESERVED
-CVE-2016-4610
-	RESERVED
-CVE-2016-4609
-	RESERVED
-CVE-2016-4608
-	RESERVED
-CVE-2016-4607
-	RESERVED
+CVE-2016-4610 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...)
+	TODO: check
+CVE-2016-4609 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...)
+	TODO: check
+CVE-2016-4608 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...)
+	TODO: check
+CVE-2016-4607 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...)
+	TODO: check
 CVE-2016-4606
 	RESERVED
-CVE-2016-4605
-	RESERVED
-CVE-2016-4604
-	RESERVED
-CVE-2016-4603
-	RESERVED
-CVE-2016-4602
-	RESERVED
-CVE-2016-4601
-	RESERVED
-CVE-2016-4600
-	RESERVED
-CVE-2016-4599
-	RESERVED
-CVE-2016-4598
-	RESERVED
-CVE-2016-4597
-	RESERVED
-CVE-2016-4596
-	RESERVED
-CVE-2016-4595
-	RESERVED
-CVE-2016-4594
-	RESERVED
-CVE-2016-4593
-	RESERVED
-CVE-2016-4592
-	RESERVED
-CVE-2016-4591
-	RESERVED
-CVE-2016-4590
-	RESERVED
-CVE-2016-4589
-	RESERVED
-CVE-2016-4588
-	RESERVED
-CVE-2016-4587
-	RESERVED
-CVE-2016-4586
-	RESERVED
-CVE-2016-4585
-	RESERVED
-CVE-2016-4584
-	RESERVED
-CVE-2016-4583
-	RESERVED
-CVE-2016-4582
-	RESERVED
+CVE-2016-4605 (Calendar in Apple iOS before 9.3.3 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2016-4604 (Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the ...)
+	TODO: check
+CVE-2016-4603 (Web Media in Apple iOS before 9.3.3 allows attackers to bypass the ...)
+	TODO: check
+CVE-2016-4602 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to ...)
+	TODO: check
+CVE-2016-4601 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to ...)
+	TODO: check
+CVE-2016-4600 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to ...)
+	TODO: check
+CVE-2016-4599 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to ...)
+	TODO: check
+CVE-2016-4598 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to ...)
+	TODO: check
+CVE-2016-4597 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to ...)
+	TODO: check
+CVE-2016-4596 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to ...)
+	TODO: check
+CVE-2016-4595 (Safari Login AutoFill in Apple OS X before 10.11.6 allows physically ...)
+	TODO: check
+CVE-2016-4594 (The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before ...)
+	TODO: check
+CVE-2016-4593 (The Siri Contacts component in Apple iOS before 9.3.3 allows ...)
+	TODO: check
+CVE-2016-4592 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
+	TODO: check
+CVE-2016-4591 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
+	TODO: check
+CVE-2016-4590 (WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles ...)
+	TODO: check
+CVE-2016-4589 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
+	TODO: check
+CVE-2016-4588 (WebKit in Apple tvOS before 9.2.2 allows remote attackers to execute ...)
+	TODO: check
+CVE-2016-4587 (WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote ...)
+	TODO: check
+CVE-2016-4586 (WebKit in Apple Safari before 9.1.2 and tvOS before 9.2.2 allows ...)
+	TODO: check
+CVE-2016-4585 (Cross-site scripting (XSS) vulnerability in the WebKit Page Loading ...)
+	TODO: check
+CVE-2016-4584 (The WebKit Page Loading implementation in Apple iOS before 9.3.3, ...)
+	TODO: check
+CVE-2016-4583 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
+	TODO: check
+CVE-2016-4582 (The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before ...)
+	TODO: check
 CVE-2016-4580 (The x25_negotiate_facilities function in net/x25/x25_facilities.c in ...)
 	{DSA-3607-1 DLA-516-1}
 	- linux 4.5.5-1
@@ -7100,7 +7118,7 @@
 	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4)
 	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5)
 CVE-2016-4051 (Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and ...)
-	{DSA-3625-1 DLA-478-1}
+	{DSA-3625-1 DLA-556-1 DLA-478-1}
 	- squid3 3.5.17-1
 	- squid <removed>
 	[wheezy] - squid <not-affected> (cachemgr.cgi not installed. squid-cgi binary package built from squid3)
@@ -14233,12 +14251,12 @@
 	- salt 2015.8.5+ds-1
 	[jessie] - salt <not-affected> (affects only the 2015.8.x releases of Salt)
 	NOTE: https://docs.saltstack.com/en/latest/topics/releases/2015.8.5.html
-CVE-2016-1865
-	RESERVED
+CVE-2016-1865 (The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before ...)
+	TODO: check
 CVE-2016-1864 (The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari ...)
 	TODO: check
-CVE-2016-1863
-	RESERVED
+CVE-2016-1863 (The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before ...)
+	TODO: check
 CVE-2016-1862 (Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to ...)
 	TODO: check
 CVE-2016-1861 (The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 ...)

More information about the Secure-testing-commits mailing list