[Secure-testing-commits] r43628 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Jul 29 21:10:12 UTC 2016
Author: sectracker
Date: 2016-07-29 21:10:12 +0000 (Fri, 29 Jul 2016)
New Revision: 43628
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-07-29 19:38:06 UTC (rev 43627)
+++ data/CVE/list 2016-07-29 21:10:12 UTC (rev 43628)
@@ -94,6 +94,7 @@
CVE-2016-6481
RESERVED
CVE-2013-7458 [World readable .rediscli_history]
+ {DSA-3634-1}
- redis 2:3.2.1-4 (bug #832460)
NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/1
CVE-2016-6480
@@ -834,6 +835,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/6
CVE-2015-8949 [Use after free in my_login() function of DBD::mysql]
RESERVED
+ {DSA-3635-1}
- libdbd-mysql-perl 4.035-1
NOTE: https://github.com/perl5-dbi/DBD-mysql/pull/45
NOTE: https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156
@@ -2222,6 +2224,7 @@
RESERVED
CVE-2014-9906 [use-after-free in mysql_dr_error]
RESERVED
+ {DSA-3635-1}
- libdbd-mysql-perl 4.033-1
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=97625
NOTE: https://github.com/perl5-dbi/DBD-mysql/pull/27
@@ -2382,12 +2385,15 @@
CVE-2016-5743 (Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, ...)
TODO: check
CVE-2016-5839 (WordPress before 4.5.3 allows remote attackers to bypass the ...)
+ {DLA-568-1}
- wordpress 4.5.3+dfsg-1
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
CVE-2016-5838 (WordPress before 4.5.3 allows remote attackers to bypass intended ...)
+ {DLA-568-1}
- wordpress 4.5.3+dfsg-1
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
CVE-2016-5837 (WordPress before 4.5.3 allows remote attackers to bypass intended ...)
+ {DLA-568-1}
- wordpress 4.5.3+dfsg-1
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
CVE-2016-5836 (The oEmbed protocol implementation in WordPress before 4.5.3 allows ...)
@@ -2397,9 +2403,11 @@
NOTE: Check if this makes sense. Seems to be the only change regarding oEmbed in 4.5.3
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
CVE-2016-5835 (WordPress before 4.5.3 allows remote attackers to obtain sensitive ...)
+ {DLA-568-1}
- wordpress 4.5.3+dfsg-1
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
CVE-2016-5834 (Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link ...)
+ {DLA-568-1}
- wordpress 4.5.3+dfsg-1
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
CVE-2016-5833 (Cross-site scripting (XSS) vulnerability in the column_title function ...)
@@ -2407,6 +2415,7 @@
[wheezy] - wordpress <not-affected> (vulnerable code not present)
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
CVE-2016-5832 (The customizer in WordPress before 4.5.3 allows remote attackers to ...)
+ {DLA-568-1}
- wordpress 4.5.3+dfsg-1
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
CVE-2016-5773 [ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize]
@@ -6227,6 +6236,7 @@
NOTE: Regression and fix: http://bugs.squid-cache.org/show_bug.cgi?id=4515
NOTE: Complete patch for 3.4 branch: http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_8.patch
CVE-2016-4553 (client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not ...)
+ {DSA-3625-1}
- squid3 3.5.19-1 (bug #823968)
[wheezy] - squid3 <not-affected> (issue introduced by CVE-2009-0801 fix, not applied in wheezy)
- squid <not-affected> (Does not affect 2.x)
More information about the Secure-testing-commits
mailing list