[Secure-testing-commits] r43541 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Jul 27 21:10:10 UTC 2016
Author: sectracker
Date: 2016-07-27 21:10:10 +0000 (Wed, 27 Jul 2016)
New Revision: 43541
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-07-27 21:04:33 UTC (rev 43540)
+++ data/CVE/list 2016-07-27 21:10:10 UTC (rev 43541)
@@ -1,10 +1,366 @@
+CVE-2016-6480
+ RESERVED
+CVE-2016-6478
+ RESERVED
+CVE-2016-6477
+ RESERVED
+CVE-2016-6476
+ RESERVED
+CVE-2016-6475
+ RESERVED
+CVE-2016-6474
+ RESERVED
+CVE-2016-6473
+ RESERVED
+CVE-2016-6472
+ RESERVED
+CVE-2016-6471
+ RESERVED
+CVE-2016-6470
+ RESERVED
+CVE-2016-6469
+ RESERVED
+CVE-2016-6468
+ RESERVED
+CVE-2016-6467
+ RESERVED
+CVE-2016-6466
+ RESERVED
+CVE-2016-6465
+ RESERVED
+CVE-2016-6464
+ RESERVED
+CVE-2016-6463
+ RESERVED
+CVE-2016-6462
+ RESERVED
+CVE-2016-6461
+ RESERVED
+CVE-2016-6460
+ RESERVED
+CVE-2016-6459
+ RESERVED
+CVE-2016-6458
+ RESERVED
+CVE-2016-6457
+ RESERVED
+CVE-2016-6456
+ RESERVED
+CVE-2016-6455
+ RESERVED
+CVE-2016-6454
+ RESERVED
+CVE-2016-6453
+ RESERVED
+CVE-2016-6452
+ RESERVED
+CVE-2016-6451
+ RESERVED
+CVE-2016-6450
+ RESERVED
+CVE-2016-6449
+ RESERVED
+CVE-2016-6448
+ RESERVED
+CVE-2016-6447
+ RESERVED
+CVE-2016-6446
+ RESERVED
+CVE-2016-6445
+ RESERVED
+CVE-2016-6444
+ RESERVED
+CVE-2016-6443
+ RESERVED
+CVE-2016-6442
+ RESERVED
+CVE-2016-6441
+ RESERVED
+CVE-2016-6440
+ RESERVED
+CVE-2016-6439
+ RESERVED
+CVE-2016-6438
+ RESERVED
+CVE-2016-6437
+ RESERVED
+CVE-2016-6436
+ RESERVED
+CVE-2016-6435
+ RESERVED
+CVE-2016-6434
+ RESERVED
+CVE-2016-6433
+ RESERVED
+CVE-2016-6432
+ RESERVED
+CVE-2016-6431
+ RESERVED
+CVE-2016-6430
+ RESERVED
+CVE-2016-6429
+ RESERVED
+CVE-2016-6428
+ RESERVED
+CVE-2016-6427
+ RESERVED
+CVE-2016-6426
+ RESERVED
+CVE-2016-6425
+ RESERVED
+CVE-2016-6424
+ RESERVED
+CVE-2016-6423
+ RESERVED
+CVE-2016-6422
+ RESERVED
+CVE-2016-6421
+ RESERVED
+CVE-2016-6420
+ RESERVED
+CVE-2016-6419
+ RESERVED
+CVE-2016-6418
+ RESERVED
+CVE-2016-6417
+ RESERVED
+CVE-2016-6416
+ RESERVED
+CVE-2016-6415
+ RESERVED
+CVE-2016-6414
+ RESERVED
+CVE-2016-6413
+ RESERVED
+CVE-2016-6412
+ RESERVED
+CVE-2016-6411
+ RESERVED
+CVE-2016-6410
+ RESERVED
+CVE-2016-6409
+ RESERVED
+CVE-2016-6408
+ RESERVED
+CVE-2016-6407
+ RESERVED
+CVE-2016-6406
+ RESERVED
+CVE-2016-6405
+ RESERVED
+CVE-2016-6404
+ RESERVED
+CVE-2016-6403
+ RESERVED
+CVE-2016-6402
+ RESERVED
+CVE-2016-6401
+ RESERVED
+CVE-2016-6400
+ RESERVED
+CVE-2016-6399
+ RESERVED
+CVE-2016-6398
+ RESERVED
+CVE-2016-6397
+ RESERVED
+CVE-2016-6396
+ RESERVED
+CVE-2016-6395
+ RESERVED
+CVE-2016-6394
+ RESERVED
+CVE-2016-6393
+ RESERVED
+CVE-2016-6392
+ RESERVED
+CVE-2016-6391
+ RESERVED
+CVE-2016-6390
+ RESERVED
+CVE-2016-6389
+ RESERVED
+CVE-2016-6388
+ RESERVED
+CVE-2016-6387
+ RESERVED
+CVE-2016-6386
+ RESERVED
+CVE-2016-6385
+ RESERVED
+CVE-2016-6384
+ RESERVED
+CVE-2016-6383
+ RESERVED
+CVE-2016-6382
+ RESERVED
+CVE-2016-6381
+ RESERVED
+CVE-2016-6380
+ RESERVED
+CVE-2016-6379
+ RESERVED
+CVE-2016-6378
+ RESERVED
+CVE-2016-6377
+ RESERVED
+CVE-2016-6376
+ RESERVED
+CVE-2016-6375
+ RESERVED
+CVE-2016-6374
+ RESERVED
+CVE-2016-6373
+ RESERVED
+CVE-2016-6372
+ RESERVED
+CVE-2016-6371
+ RESERVED
+CVE-2016-6370
+ RESERVED
+CVE-2016-6369
+ RESERVED
+CVE-2016-6368
+ RESERVED
+CVE-2016-6367
+ RESERVED
+CVE-2016-6366
+ RESERVED
+CVE-2016-6365
+ RESERVED
+CVE-2016-6364
+ RESERVED
+CVE-2016-6363
+ RESERVED
+CVE-2016-6362
+ RESERVED
+CVE-2016-6361
+ RESERVED
+CVE-2016-6360
+ RESERVED
+CVE-2016-6359
+ RESERVED
+CVE-2016-6358
+ RESERVED
+CVE-2016-6357
+ RESERVED
+CVE-2016-6356
+ RESERVED
+CVE-2016-6355
+ RESERVED
+CVE-2016-6353
+ RESERVED
+CVE-2016-6348
+ RESERVED
+CVE-2016-6347
+ RESERVED
+CVE-2016-6346
+ RESERVED
+CVE-2016-6345
+ RESERVED
+CVE-2016-6344
+ RESERVED
+CVE-2016-6343
+ RESERVED
+CVE-2016-6342
+ RESERVED
+CVE-2016-6341
+ RESERVED
+CVE-2016-6340
+ RESERVED
+CVE-2016-6339
+ RESERVED
+CVE-2016-6338
+ RESERVED
+CVE-2016-6337
+ RESERVED
+CVE-2016-6336
+ RESERVED
+CVE-2016-6335
+ RESERVED
+CVE-2016-6334
+ RESERVED
+CVE-2016-6333
+ RESERVED
+CVE-2016-6332
+ RESERVED
+CVE-2016-6331
+ RESERVED
+CVE-2016-6330
+ RESERVED
+CVE-2016-6329
+ RESERVED
+CVE-2016-6328
+ RESERVED
+CVE-2016-6327
+ RESERVED
+CVE-2016-6326
+ RESERVED
+CVE-2016-6325
+ RESERVED
+CVE-2016-6324
+ RESERVED
+CVE-2016-6323
+ RESERVED
+CVE-2016-6322
+ RESERVED
+CVE-2016-6321
+ RESERVED
+CVE-2016-6320
+ RESERVED
+CVE-2016-6319
+ RESERVED
+CVE-2016-6318
+ RESERVED
+CVE-2016-6317
+ RESERVED
+CVE-2016-6316
+ RESERVED
+CVE-2016-6315
+ RESERVED
+CVE-2016-6314
+ RESERVED
+CVE-2016-6313
+ RESERVED
+CVE-2016-6312
+ RESERVED
+CVE-2016-6311
+ RESERVED
+CVE-2016-6310
+ RESERVED
+CVE-2016-6309
+ RESERVED
+CVE-2016-6308
+ RESERVED
+CVE-2016-6307
+ RESERVED
+CVE-2016-6306
+ RESERVED
+CVE-2016-6305
+ RESERVED
+CVE-2016-6304
+ RESERVED
+CVE-2016-6303
+ RESERVED
+CVE-2016-6302
+ RESERVED
+CVE-2016-6301
+ RESERVED
+CVE-2016-6300
+ RESERVED
+CVE-2016-6299
+ RESERVED
+CVE-2016-6298
+ RESERVED
CVE-2016-6354 [Buffer overflow in generated code (yy_get_next_buffer); related to num_to_read]
+ RESERVED
- flex <unfixed>
[wheezy] - flex <not-affected> (Issue introduced with 2.5.36)
NOTE: Intorduced by: https://github.com/westes/flex/commit/9ba3187a537d6a58d345f2874d06087fd4050399 (flex-2-5-36)
NOTE: Fixed by: https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466 (v2.6.1)
TODO: It needs to be evaluated which reverse reverse build-dependencies or sources using the generated code needs fixing/rebuild
CVE-2016-6351 [scsi: esp: oob write access while reading ESP command]
+ RESERVED
- qemu <unfixed> (bug #832621)
- qemu-kvm <removed>
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11 (v2.7.0-rc0)
@@ -12,8 +368,10 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/07/25/14
TODO: check versions
CVE-2016-6350
+ RESERVED
NOT-FOR-US: OpenBSD
CVE-2016-6349 [information exposure for docker containers]
+ RESERVED
- systemd <unfixed> (unimportant)
NOTE: http://www.openwall.com/lists/oss-security/2016/07/26/5
NOTE: Requirement is that docker containers would register themselves to
@@ -144,8 +502,9 @@
RESERVED
CVE-2016-6256
RESERVED
-CVE-2016-6254 (Heap overflow in the network plugin)
- - collectd <unfixed> (bug #832507)
+CVE-2016-6254
+ RESERVED
+ - collectd <unfixed> (bug #832507)
NOTE: https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18
NOTE: https://github.com/collectd/collectd/commit/8b4fed9940e02138b7e273e56863df03d1a39ef7
CVE-2016-6253
@@ -374,6 +733,7 @@
NOTE: Test / Fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555 (libidn-1-33)
NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/6
CVE-2015-8949 [Use after free in my_login() function of DBD::mysql]
+ RESERVED
- libdbd-mysql-perl 4.035-1
NOTE: https://github.com/perl5-dbi/DBD-mysql/pull/45
NOTE: https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156
@@ -679,6 +1039,7 @@
NOTE: https://github.com/libgd/libgd/commit/5a3f19e962b507560c9206965087db4dc0ad107f
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/07/12/4
CVE-2016-6352 [Write out-of-bounds]
+ RESERVED
- gdk-pixbuf <unfixed> (bug #832496)
[wheezy] - gdk-pixbuf <not-affected> (Fails with ENOMEM, no crash)
NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/11
@@ -2689,7 +3050,7 @@
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-5440 (Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 ...)
- {DSA-3624-1}
+ {DSA-3632-1 DSA-3624-1}
- mariadb-10.0 10.0.26-1
- mysql-5.6 <unfixed> (bug #831844)
- mysql-5.5 <removed>
@@ -7689,8 +8050,7 @@
RESERVED
CVE-2016-3963 (Siemens SCALANCE S613 allows remote attackers to cause a denial of ...)
NOT-FOR-US: Siemens
-CVE-2016-3992 [uses predictable temporary files]
- RESERVED
+CVE-2016-3992 (cronic before 3 allows local users to write to arbitrary files via a ...)
- cronic 3-1 (bug #820331)
NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/4
CVE-2016-3962 (Stack-based buffer overflow in the NTP time-server interface on ...)
@@ -8658,7 +9018,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/03/21/3
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=762100
CVE-2016-3615 (Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 ...)
- {DSA-3624-1}
+ {DSA-3632-1 DSA-3624-1}
- mariadb-10.0 10.0.26-1
- mysql-5.6 <unfixed> (bug #831844)
- mysql-5.5 <removed>
@@ -8857,7 +9217,7 @@
CVE-2016-3522 (Unspecified vulnerability in the Oracle Web Applications Desktop ...)
TODO: check
CVE-2016-3521 (Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 ...)
- {DSA-3624-1}
+ {DSA-3632-1 DSA-3624-1}
- mariadb-10.0 10.0.26-1
- mysql-5.6 <unfixed> (bug #831844)
- mysql-5.5 <removed>
@@ -8965,7 +9325,7 @@
CVE-2016-3478 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
TODO: check
CVE-2016-3477 (Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 ...)
- {DSA-3624-1}
+ {DSA-3632-1 DSA-3624-1}
- mariadb-10.0 10.0.26-1
- mysql-5.6 <unfixed> (bug #831844)
- mysql-5.5 <removed>
@@ -14486,29 +14846,29 @@
CVE-2016-1841 (libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...)
- libxslt <undetermined>
TODO: check, most likely *not* only Apple specific, but currently not enough public information available to determine the fix
-CVE-2016-1840 (libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...)
+CVE-2016-1840 (Heap-based buffer overflow in the xmlFAParsePosCharGroup function in ...)
{DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=cbb271655cadeb8dbb258a64701d9a3a0c4835b4 (v2.9.4)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=757711
-CVE-2016-1839 (libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...)
+CVE-2016-1839 (The xmlDictAddString function in libxml2 before 2.9.4, as used in ...)
{DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=a820dbeac29d330bae4be05d9ecd939ad6b4aa33 (v2.9.4)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758605
NOTE: https://code.google.com/p/google-security-research/issues/detail?id=637
-CVE-2016-1838 (libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...)
+CVE-2016-1838 (The xmlPArserPrintFileContextInternal function in libxml2 before ...)
{DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=db07dd613e461df93dde7902c6505629bf0734e9 (v2.9.4)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758588
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=639
-CVE-2016-1837 (libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...)
+CVE-2016-1837 (Multiple use-after-free vulnerabilities in the (1) ...)
{DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=11ed4a7a90d5ce156a18980a4ad4e53e77384852 (v2.9.4)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=760263
-CVE-2016-1836 (libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...)
+CVE-2016-1836 (Use-after-free vulnerability in the xmlDictComputeFastKey function in ...)
{DSA-3593-1}
- libxml2 2.9.3+dfsg1-1.1
[wheezy] - libxml2 <not-affected> (Vulnerable code not present)
@@ -14516,17 +14876,17 @@
NOTE: Introduced by: https://git.gnome.org/browse/libxml2/commit/?id=dcc19503193c71596278a252064a8ce66331b3cd (v2.9.2)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759398
NOTE: Regression applies to Jessie, since fix backported as 0007-Fix-a-parsing-bug-on-non-ascii-element-and-CR-LF-usa.patch
-CVE-2016-1835 (libxml2, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, ...)
+CVE-2016-1835 (Use-after-free vulnerability in the xmlSAX2AttributeNs function in ...)
{DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=38eae571111db3b43ffdeb05487c9f60551906fb (v2.9.4)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759020
-CVE-2016-1834 (libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...)
+CVE-2016-1834 (Heap-based buffer overflow in the xmlStrncat function in libxml2 ...)
{DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=8fbbf5513d609c1770b391b99e33314cd0742704 (v2.9.4)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=763071
-CVE-2016-1833 (libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...)
+CVE-2016-1833 (The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple ...)
{DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=0bcd05c5cd83dec3406c8f68b769b1d610c72f76 (v2.9.4)
@@ -14671,7 +15031,7 @@
TODO: check
CVE-2016-1763 (Messages in Apple iOS before 9.3 does not ensure that an auto-fill ...)
TODO: check
-CVE-2016-1762 (libxml2 in Apple iOS before 9.3, OS X before 10.11.4, Safari before ...)
+CVE-2016-1762 (The xmlNextChar function in libxml2 before 2.9.4 allows remote ...)
{DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=a7a94612aa3b16779e2c74e1fa353b5d9786c602
@@ -27955,8 +28315,7 @@
RESERVED
CVE-2015-5742 (VeeamVixProxy in Veeam Backup & Replication (B&R) before 8.0 update 3 ...)
TODO: check
-CVE-2015-5738 [RSA-CRT key leak in custom version of OpenSSL]
- RESERVED
+CVE-2015-5738 (The RSA-CRT implementation in the Cavium Software Development Kit ...)
- openssl <not-affected> (OpenSSL upstream is not affected)
CVE-2015-5959
RESERVED
More information about the Secure-testing-commits
mailing list