[Secure-testing-commits] r43640 - data/CVE

Sat Jul 30 09:10:10 UTC 2016

Author: sectracker
Date: 2016-07-30 09:10:09 +0000 (Sat, 30 Jul 2016)
New Revision: 43640

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-07-30 08:50:19 UTC (rev 43639)
+++ data/CVE/list	2016-07-30 09:10:09 UTC (rev 43640)
@@ -1,3 +1,11 @@
+CVE-2016-6492
+	RESERVED
+CVE-2016-6488
+	RESERVED
+CVE-2016-6487
+	RESERVED
+CVE-2016-6486
+	RESERVED
 CVE-2016-6494 [world-readable .dbshell history file]
 	- mongodb <unfixed> (bug #832908)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/07/29/4
@@ -2,5 +10,7 @@
 CVE-2016-6491 [Buffer overflow]
+	RESERVED
 	- imagemagick <unfixed>
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/dd84447b63a71fa8c3f47071b09454efc667767b
 CVE-2016-6489 [RSA code is vulnerable to cache sharing related attacks]
+	RESERVED
 	- nettle <unfixed>
@@ -80,6 +90,7 @@
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12495
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/07/28/3
 CVE-2016-6490 [virtio: infinite loop in virtqueue_pop]
+	RESERVED
 	- qemu <unfixed> (bug #832767)
 	[jessie] - qemu <not-affected> (Vulnerable code not present)
 	[wheezy] - qemu <not-affected> (Issue introduced later)
@@ -94,6 +105,7 @@
 CVE-2016-6481
 	RESERVED
 CVE-2013-7458 [World readable .rediscli_history]
+	RESERVED
 	{DSA-3634-1}
 	- redis 2:3.2.1-4 (bug #832460)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/1
@@ -523,7 +535,7 @@
 	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9
 	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
 CVE-2016-6296 (Integer signedness error in the simplestring_addn function in ...)
-	{DSA-3631-1}
+	{DSA-3631-1 DLA-569-1}
 	- php7.0 7.0.9-1
 	- php5 5.6.24+dfsg-1
 	NOTE: PHP Bug: https://bugs.php.net/72606
@@ -598,7 +610,7 @@
 	NOTE: http://xenbits.xen.org/xsa/advisory-183.html
 CVE-2016-6258 [x86: Privilege escalation in PV guests]
 	RESERVED
-	{DSA-3633-1}
+	{DSA-3633-1 DLA-571-1}
 	- xen <unfixed>
 	NOTE: http://xenbits.xen.org/xsa/advisory-182.html
 CVE-2016-6257
@@ -607,6 +619,7 @@
 	RESERVED
 CVE-2016-6254
 	RESERVED
+	{DSA-3636-1}
 	- collectd 5.5.2-1 (bug #832507)
 	NOTE: https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18
 	NOTE: https://github.com/collectd/collectd/commit/8b4fed9940e02138b7e273e56863df03d1a39ef7
@@ -1018,6 +1031,7 @@
 	NOTE: https://github.com/zendframework/zf1/commit/bf3f40605be3d8f136a07ae991079a7dcb34d967
 CVE-2016-6232
 	RESERVED
+	{DLA-570-1}
 	- karchive 5.24.0-1
 	- kde4libs <unfixed> (bug #832620)
 	NOTE: The fix for 4:4.14.22-1 was incomplete, cf.
@@ -4830,8 +4844,8 @@
 	TODO: check affected versions
 CVE-2016-5006
 	RESERVED
-CVE-2016-5005
-	RESERVED
+CVE-2016-5005 (Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and ...)
+	TODO: check
 CVE-2016-5004
 	RESERVED
 	NOT-FOR-US: Apache Archiva
@@ -6633,7 +6647,7 @@
 CVE-2016-4481
 	RESERVED
 CVE-2016-4480 (The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen ...)
-	{DSA-3633-1}
+	{DSA-3633-1 DLA-571-1}
 	- xen <unfixed>
 	NOTE: http://xenbits.xen.org/xsa/advisory-176.html
 CVE-2016-4479
@@ -6655,8 +6669,7 @@
 	{DSA-3607-1}
 	- linux 4.6.2-2
 	NOTE: Fixed by: https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a
-CVE-2016-4469
-	RESERVED
+CVE-2016-4469 (Multiple cross-site request forgery (CSRF) vulnerabilities in Apache ...)
 	NOT-FOR-US: Apache Archiva
 CVE-2016-4468
 	RESERVED
@@ -8199,7 +8212,7 @@
 	- linux 4.5.2-1
 	NOTE: http://xenbits.xen.org/xsa/advisory-174.html
 CVE-2016-3960 (Integer overflow in the x86 shadow pagetable code in Xen allows local ...)
-	{DSA-3554-1}
+	{DSA-3554-1 DLA-571-1}
 	- xen <unfixed> (bug #823620)
 	NOTE: http://xenbits.xen.org/xsa/advisory-173.html
 CVE-2016-3957
@@ -8790,7 +8803,7 @@
 	NOTE: Introduced by: https://git.kernel.org/linus/910a6aae4e2e45855efc4a268e43eed2d8445575 (v4.2-rc1)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1332139
 CVE-2016-3712 (Integer overflow in the VGA module in QEMU allows local guest OS users ...)
-	{DSA-3573-1 DLA-540-1 DLA-539-1}
+	{DSA-3573-1 DLA-571-1 DLA-540-1 DLA-539-1}
 	- qemu 1:2.6+dfsg-1 (bug #823830)
 	- qemu-kvm <removed>
 	- xen 4.4.0-1
@@ -8801,7 +8814,7 @@
 CVE-2016-3711 (HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin ...)
 	NOT-FOR-US: OpenShift
 CVE-2016-3710 (The VGA module in QEMU improperly performs bounds checking on banked ...)
-	{DSA-3573-1 DLA-540-1 DLA-539-1}
+	{DSA-3573-1 DLA-571-1 DLA-540-1 DLA-539-1}
 	- qemu 1:2.6+dfsg-1 (bug #823830)
 	- qemu-kvm <removed>
 	- xen 4.4.0-1
@@ -10143,7 +10156,7 @@
 CVE-2016-3160
 	RESERVED
 CVE-2016-3159 (The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not ...)
-	{DSA-3554-1}
+	{DSA-3554-1 DLA-571-1}
 	- xen <unfixed> (bug #823620)
 	NOTE: http://xenbits.xen.org/xsa/advisory-172.html
 	NOTE: CVE-2016-3159 is for the code change which is applicable for later
@@ -10151,7 +10164,7 @@
 	NOTE: for CVE-2016-3158.  Ie for the first hunk in xsa172.patch, which
 	NOTE: patches the function fpu_fxrstor.
 CVE-2016-3158 (The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly ...)
-	{DSA-3554-1}
+	{DSA-3554-1 DLA-571-1}
 	- xen <unfixed> (bug #823620)
 	NOTE: http://xenbits.xen.org/xsa/advisory-172.html
 	NOTE: CVE-2016-3158 is for the code change which is required for all
@@ -61327,6 +61340,7 @@
 	[squeeze] - linux-2.6 2.6.32-48squeeze9
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9de7922bc709eee2f609cd01d98aaedc4cf5ea74 (v3.18-rc1)
 CVE-2014-3672 (The qemu implementation in libvirt before 1.3.0 and Xen allows local ...)
+	{DLA-571-1}
 	- qemu <unfixed>
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <no-dsa> (Minor issue)


