[Secure-testing-commits] r43664 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Sat Jul 30 21:10:10 UTC 2016 

Author: sectracker
Date: 2016-07-30 21:10:10 +0000 (Sat, 30 Jul 2016)
New Revision: 43664

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-07-30 21:01:36 UTC (rev 43663)
+++ data/CVE/list	2016-07-30 21:10:10 UTC (rev 43664)
@@ -108,7 +108,7 @@
 	RESERVED
 CVE-2013-7458 [World readable .rediscli_history]
 	RESERVED
-	{DSA-3634-1}
+	{DSA-3634-1 DLA-577-1}
 	- redis 2:3.2.1-4 (bug #832460)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/1
 CVE-2016-6480
@@ -474,6 +474,7 @@
 	TODO: It needs to be evaluated which reverse reverse build-dependencies or sources using the generated code needs fixing/rebuild
 CVE-2016-6351 [scsi: esp: oob write access while reading ESP command]
 	RESERVED
+	{DLA-574-1 DLA-573-1}
 	- qemu <unfixed> (bug #832621)
 	- qemu-kvm <removed>
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11 (v2.7.0-rc0)
@@ -621,7 +622,7 @@
 	RESERVED
 CVE-2016-6254
 	RESERVED
-	{DSA-3636-1}
+	{DSA-3636-1 DLA-575-1}
 	- collectd 5.5.2-1 (bug #832507)
 	NOTE: https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18
 	NOTE: https://github.com/collectd/collectd/commit/8b4fed9940e02138b7e273e56863df03d1a39ef7
@@ -852,7 +853,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/6
 CVE-2015-8949 [Use after free in my_login() function of DBD::mysql]
 	RESERVED
-	{DSA-3635-1}
+	{DSA-3635-1 DLA-576-1}
 	- libdbd-mysql-perl 4.035-1
 	NOTE: https://github.com/perl5-dbi/DBD-mysql/pull/45
 	NOTE: https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156
@@ -1050,7 +1051,7 @@
 	- drupal8 <itp> (bug #756305)
 CVE-2016-6210 [User enumeration via covert timing channel]
 	RESERVED
-	{DSA-3626-1}
+	{DSA-3626-1 DLA-578-1}
 	- openssh 1:7.2p2-6 (bug #831902)
 	NOTE: http://seclists.org/fulldisclosure/2016/Jul/51
 	NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=9286875a73b2de7736b5e50692739d314cd8d9dc
@@ -2242,7 +2243,7 @@
 	RESERVED
 CVE-2014-9906 [use-after-free in mysql_dr_error]
 	RESERVED
-	{DSA-3635-1}
+	{DSA-3635-1 DLA-576-1}
 	- libdbd-mysql-perl 4.033-1
 	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=97625
 	NOTE: https://github.com/perl5-dbi/DBD-mysql/pull/27
@@ -3307,6 +3308,7 @@
 	RESERVED
 CVE-2016-5403 [virtio: unbounded memory allocation on host via guest leading to DoS]
 	RESERVED
+	{DLA-574-1 DLA-573-1}
 	- qemu <unfixed> (bug #832619)
 	- qemu-kvm <removed>
 	- xen 4.4.0-1
@@ -6785,6 +6787,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337806
 	NOTE: http://comments.gmane.org/gmane.comp.emulators.kvm.devel/152100
 CVE-2016-4439 (The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI ...)
+	{DLA-574-1 DLA-573-1}
 	- qemu 1:2.6+dfsg-2 (bug #824856)
 	[jessie] - qemu <no-dsa> (Minor issue; can be fixed along with a future DSA)
 	[wheezy] - qemu <no-dsa> (Minor issue; can be fixed along with a future DSA)
@@ -7976,6 +7979,7 @@
 	- libstruts1.2-java <not-affected> (Only affects 2.x)
 	NOTE: http://struts.apache.org/docs/s2-028.html
 CVE-2016-4020 (The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not ...)
+	{DLA-574-1 DLA-573-1}
 	- qemu 1:2.6+dfsg-2 (bug #821062)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <no-dsa> (Minor issue)
@@ -11140,6 +11144,7 @@
 	RESERVED
 	- open-xchange <itp> (bug #269329)
 CVE-2016-2857 (The net_checksum_calculate function in net/checksum.c in QEMU allows ...)
+	{DLA-574-1 DLA-573-1}
 	- qemu 1:2.6+dfsg-1 (bug #817182)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <no-dsa> (Minor issue)
@@ -11234,7 +11239,7 @@
 	- firefox-esr 45.2.0esr-1
 	- firefox 47.0-1
 CVE-2016-2818 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
-	{DSA-3600-1 DLA-521-1}
+	{DSA-3600-1 DLA-572-1 DLA-521-1}
 	- firefox-esr 45.2.0esr-1
 	- firefox 47.0-1
 CVE-2016-2817 (The WebExtension sandbox feature in ...)
@@ -30275,6 +30280,7 @@
 	NOTE: versions through 2014.2.3 and 2015.1 versions through 2015.1.1
 CVE-2015-5239 [Integer overflow in vnc_client_read() and protocol_client_msg()]
 	RESERVED
+	{DLA-574-1 DLA-573-1}
 	- qemu 2.1+dfsg-1
 	[wheezy] - qemu <no-dsa> (Minor issue)
 	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)

More information about the Secure-testing-commits mailing list