[Secure-testing-commits] r43508 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Jul 26 21:10:11 UTC 2016 

Author: sectracker
Date: 2016-07-26 21:10:11 +0000 (Tue, 26 Jul 2016)
New Revision: 43508

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-07-26 21:02:12 UTC (rev 43507)
+++ data/CVE/list	2016-07-26 21:10:11 UTC (rev 43508)
@@ -46,61 +46,60 @@
 	- tiff <unfixed>
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2573
-CVE-2016-6297 [Stack-based buffer overflow vulnerability in php_stream_zip_opener]
-	RESERVED
+CVE-2016-6297 (Integer overflow in the php_stream_zip_opener function in ...)
+	{DSA-3631-1}
 	- php7.0 7.0.9-1
 	- php5 5.6.24+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/72520
 	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9
 	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
-CVE-2016-6296 [heap-buffer-overflow (write) simplestring_addn simplestring.c]
-	RESERVED
+CVE-2016-6296 (Integer signedness error in the simplestring_addn function in ...)
+	{DSA-3631-1}
 	- php7.0 7.0.9-1
 	- php5 5.6.24+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/72606
 	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=e6c48213c22ed50b2b987b479fcc1ac709394caa
 	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
 	- xmlrpc-epi <unfixed>
-CVE-2016-6295 [Use After Free Vulnerability in SNMP with GC and unserialize()]
-	RESERVED
+CVE-2016-6295 (ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x ...)
+	{DSA-3631-1}
 	- php7.0 7.0.9-1
 	- php5 5.6.24+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/72479
 	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=cab1c3b3708eead315e033359d07049b23b147a3
 	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
-CVE-2016-6294 [locale_accept_from_http out-of-bounds access]
-	RESERVED
+CVE-2016-6294 (The locale_accept_from_http function in ...)
+	{DSA-3631-1}
 	- php7.0 7.0.9-1
 	- php5 5.6.24+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/72533
 	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4
 	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
-CVE-2016-6293 [locale_accept_from_http out-of-bounds access]
-	RESERVED
+CVE-2016-6293 (The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in ...)
 	- icu <unfixed>
-CVE-2016-6292 [NULL Pointer Dereference in exif_process_user_comment]
-	RESERVED
+CVE-2016-6292 (The exif_process_user_comment function in ext/exif/exif.c in PHP ...)
+	{DSA-3631-1}
 	- php7.0 7.0.9-1
 	- php5 5.6.24+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/72618
 	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=41131cd41d2fd2e0c2f332a27988df75659c42e4
 	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
-CVE-2016-6291 [Out of bound read in exif_process_IFD_in_MAKERNOTE]
-	RESERVED
+CVE-2016-6291 (The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP ...)
+	{DSA-3631-1}
 	- php7.0 7.0.9-1
 	- php5 5.6.24+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/72603
 	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=eebcbd5de38a0f1c2876035402cb770e37476519
 	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
-CVE-2016-6290 [Use After Free in unserialize() with Unexpected Session Deserialization]
-	RESERVED
+CVE-2016-6290 (ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and ...)
+	{DSA-3631-1}
 	- php7.0 7.0.9-1
 	- php5 5.6.24+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/72562
 	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=3798eb6fd5dddb211b01d41495072fd9858d4e32
 	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
-CVE-2016-6289 [Stack-based buffer overflow vulnerability in virtual_file_ex]
-	RESERVED
+CVE-2016-6289 (Integer overflow in the virtual_file_ex function in ...)
+	{DSA-3631-1}
 	- php7.0 7.0.9-1
 	- php5 5.6.24+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/72513
@@ -344,6 +343,7 @@
 	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696941
 CVE-2016-6264
 	RESERVED
+	{DLA-561-1}
 	- uclibc-ng <itp> (bug #811275)
 	- uclibc <unfixed> (unimportant)
 	NOTE: Just for cross-compiling, not used for actual packages
@@ -553,6 +553,7 @@
 	RESERVED
 CVE-2016-6207
 	RESERVED
+	{DSA-3630-1}
 	- libgd2 2.2.2-43-g22cba39-1
 	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/libgd/libgd/commit/0dd40abd6d5b3e53a6b745dd4d6cf94b70010989
@@ -850,7 +851,7 @@
 	- linux <not-affected> (Vulnerable code introduced in 4.7-rc1)
 CVE-2016-6161
 	RESERVED
-	{DSA-3619-1}
+	{DSA-3619-1 DLA-563-1}
 	- libgd2 2.2.1-1
 	NOTE: https://github.com/libgd/libgd/issues/209
 	NOTE: https://github.com/libgd/libgd/commit/82b80dcb70a7ca8986125ff412bceddafc896842 (gd-2.2.0)
@@ -871,10 +872,10 @@
 	RESERVED
 CVE-2016-6154
 	RESERVED
-CVE-2016-6152
-	RESERVED
-CVE-2016-6151
-	RESERVED
+CVE-2016-6152 (CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated ...)
+	TODO: check
+CVE-2016-6151 (CA eHealth 6.2.x allows remote authenticated users to cause a denial ...)
+	TODO: check
 CVE-2016-6150
 	RESERVED
 CVE-2016-6149
@@ -2751,8 +2752,8 @@
 CVE-2016-5409
 	RESERVED
 CVE-2016-5408
+	RESERVED
 	{DLA-556-1}
-	RESERVED
 	- squid3 <not-affected> (Incomplete fix for CVE-2016-4051 not applied)
 	NOTE: CVE is specific for the incomplete fix of CVE-2016-4051 as applied
 	NOTE: by some vendors.
@@ -2776,6 +2777,7 @@
 	- linux <unfixed>
 CVE-2016-5399 [Improper error handling in bzread()]
 	RESERVED
+	{DSA-3631-1}
 	- php7.0 7.0.9-1
 	- php5 5.6.24+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72613
@@ -2834,6 +2836,7 @@
 CVE-2016-5386 (The net/http package in Go through 1.6 does not attempt to address RFC ...)
 	- golang <unfixed>
 CVE-2016-5385 (PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 ...)
+	{DSA-3631-1}
 	- php7.0 7.0.9-1
 	- php5 5.6.24+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72573
@@ -9635,8 +9638,7 @@
 CVE-2016-XXXX [use-after-free in unserialisation]
 	- hhvm 3.12.1+dfsg-1
 	NOTE: https://github.com/facebook/hhvm/commit/fd456ffad5d164c1563dc8bd97bcc2f200ff6f69
-CVE-2016-6288 [php_url_parse_ex() buffer overflow read]
-	RESERVED
+CVE-2016-6288 (The php_url_parse_ex function in ext/standard/url.c in PHP before ...)
 	{DLA-533-1}
 	- hhvm 3.12.1+dfsg-1
 	- php5 5.6.15+dfsg-1
@@ -12841,12 +12843,14 @@
 	RESERVED
 CVE-2016-2224 [denial of service while parsing compressed items]
 	RESERVED
+	{DLA-561-1}
 	- uclibc <unfixed> (unimportant)
 	NOTE: Just for cross-compiling, not used for actual packages
 	NOTE: http://repo.or.cz/uclibc-ng.git/commit/d9c3a16dcab57d6b56225b9a67e9119cc9e2e4ac
 	NOTE: http://www.openwall.com/lists/oss-security/2016/02/05/2
 CVE-2016-2225 [crafted packet will make the parser terminate early]
 	RESERVED
+	{DLA-561-1}
 	- uclibc <unfixed> (unimportant)
 	NOTE: Just for cross-compiling, not used for actual packages
 	NOTE: http://repo.or.cz/uclibc-ng.git/commit/6932f2282ba0578d6ca2f21eead920d6b78bc93c
@@ -14792,7 +14796,7 @@
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d36c75fc0d44deec29635dd239b0fbd206ca49b7
 CVE-2015-8771 [Possibility of code injection when setting passwords for Samba]
 	RESERVED
-	{DLA-408-1}
+	{DLA-562-1 DLA-408-1}
 	- gosa 2.7.4+reloaded2-6
 	[jessie] - gosa 2.7.4+reloaded2-1+deb8u2
 	NOTE: https://github.com/gosa-project/gosa-core/commit/a67a047cba2cdae8bccb0f0e2bc6d3eb45cfcbc8

More information about the Secure-testing-commits mailing list