[Secure-testing-commits] r42363 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Jun 6 21:10:11 UTC 2016
Author: sectracker
Date: 2016-06-06 21:10:11 +0000 (Mon, 06 Jun 2016)
New Revision: 42363
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-06-06 20:06:13 UTC (rev 42362)
+++ data/CVE/list 2016-06-06 21:10:11 UTC (rev 42363)
@@ -1,3 +1,113 @@
+CVE-2016-5299
+ RESERVED
+CVE-2016-5298
+ RESERVED
+CVE-2016-5297
+ RESERVED
+CVE-2016-5296
+ RESERVED
+CVE-2016-5295
+ RESERVED
+CVE-2016-5294
+ RESERVED
+CVE-2016-5293
+ RESERVED
+CVE-2016-5292
+ RESERVED
+CVE-2016-5291
+ RESERVED
+CVE-2016-5290
+ RESERVED
+CVE-2016-5289
+ RESERVED
+CVE-2016-5288
+ RESERVED
+CVE-2016-5287
+ RESERVED
+CVE-2016-5286
+ RESERVED
+CVE-2016-5285
+ RESERVED
+CVE-2016-5284
+ RESERVED
+CVE-2016-5283
+ RESERVED
+CVE-2016-5282
+ RESERVED
+CVE-2016-5281
+ RESERVED
+CVE-2016-5280
+ RESERVED
+CVE-2016-5279
+ RESERVED
+CVE-2016-5278
+ RESERVED
+CVE-2016-5277
+ RESERVED
+CVE-2016-5276
+ RESERVED
+CVE-2016-5275
+ RESERVED
+CVE-2016-5274
+ RESERVED
+CVE-2016-5273
+ RESERVED
+CVE-2016-5272
+ RESERVED
+CVE-2016-5271
+ RESERVED
+CVE-2016-5270
+ RESERVED
+CVE-2016-5269
+ RESERVED
+CVE-2016-5268
+ RESERVED
+CVE-2016-5267
+ RESERVED
+CVE-2016-5266
+ RESERVED
+CVE-2016-5265
+ RESERVED
+CVE-2016-5264
+ RESERVED
+CVE-2016-5263
+ RESERVED
+CVE-2016-5262
+ RESERVED
+CVE-2016-5261
+ RESERVED
+CVE-2016-5260
+ RESERVED
+CVE-2016-5259
+ RESERVED
+CVE-2016-5258
+ RESERVED
+CVE-2016-5257
+ RESERVED
+CVE-2016-5256
+ RESERVED
+CVE-2016-5255
+ RESERVED
+CVE-2016-5254
+ RESERVED
+CVE-2016-5253
+ RESERVED
+CVE-2016-5252
+ RESERVED
+CVE-2016-5251
+ RESERVED
+CVE-2016-5250
+ RESERVED
+CVE-2016-5249
+ RESERVED
+CVE-2016-5248
+ RESERVED
+CVE-2016-5247
+ RESERVED
+CVE-2016-5246
+ RESERVED
+CVE-2016-5245
+ RESERVED
CVE-2016-XXXX [GNUTLS-SA-2016-1]
- gnutls28 3.4.13-1
[jessie] - gnutls28 <not-affected> (Introduced in 3.4.12)
@@ -19,18 +129,23 @@
CVE-2014-9855
RESERVED
CVE-2016-5301 [denial of service]
+ RESERVED
- libtorrent-rasterbar <unfixed> (bug #826380)
NOTE: https://github.com/arvidn/libtorrent/issues/780
NOTE: https://github.com/arvidn/libtorrent/pull/782
CVE-2016-5300 [use of too little entropy]
+ RESERVED
- expat 2.1.1-3
CVE-2016-5244 [rds: fix an infoleak in rds_inc_info_copy]
+ RESERVED
- linux <unfixed>
NOTE: https://patchwork.ozlabs.org/patch/629110/
CVE-2016-5243 [tipc: an infoleak in tipc_nl_compat_link_dump]
+ RESERVED
- linux <unfixed>
NOTE: https://patchwork.ozlabs.org/patch/629100/
CVE-2016-5242 [arm: Host crash caused by VMID exhaustion]
+ RESERVED
- xen <unfixed>
NOTE: http://xenbits.xen.org/xsa/advisory-181.html
CVE-2016-5241
@@ -437,6 +552,7 @@
CVE-2016-5127
RESERVED
CVE-2015-8899 [denial of service - dnsmasq crashes querying any CNAME that points to localhost.localdomain]
+ RESERVED
- dnsmasq 2.76-1
[jessie] - dnsmasq <not-affected> (Vulnerable code introduced later)
[wheezy] - dnsmasq <not-affected> (Vulnerable code introduced later)
@@ -1473,8 +1589,8 @@
RESERVED
CVE-2016-4813
RESERVED
-CVE-2016-4812
- RESERVED
+CVE-2016-4812 (Cross-site scripting (XSS) vulnerability in the Markdown on Save ...)
+ TODO: check
CVE-2016-4811
RESERVED
CVE-2016-4810 (Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR ...)
@@ -1532,8 +1648,7 @@
- linux 4.5.2-1
NOTE: Fixed by: https://git.kernel.org/linus/1f461dcdd296eecedaffffc6bae2bfa90bd7eb89 (v4.6-rc1)
NOTE: Introduced by: https://git.kernel.org/linus/273ec51dd7ceaa76e038875d85061ec856d8905e (v2.6.30)
-CVE-2016-4804
- RESERVED
+CVE-2016-4804 (The read_boot function in boot.c in dosfstools before 4.0 allows ...)
{DLA-474-1}
- dosfstools 4.0-1
[jessie] - dosfstools <no-dsa> (Minor issue)
@@ -2030,16 +2145,13 @@
- linux 4.5.5-1
NOTE: http://comments.gmane.org/gmane.linux.kernel/2214250
NOTE: https://git.kernel.org/cgit/linux/kernel/git/tiwai/sound.git/commit/?h=for-next&id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e (not yet merged in Linus tree)
-CVE-2016-4564
- RESERVED
+CVE-2016-4564 (The DrawImage function in MagickCore/draw.c in ImageMagick before ...)
- imagemagick <unfixed>
NOTE: https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
-CVE-2016-4563
- RESERVED
+CVE-2016-4563 (The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick ...)
- imagemagick <unfixed>
NOTE: https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
-CVE-2016-4562
- RESERVED
+CVE-2016-4562 (The DrawDashPolygon function in MagickCore/draw.c in ImageMagick ...)
- imagemagick <unfixed>
NOTE: https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
CVE-2016-4560
@@ -2600,8 +2712,7 @@
- symfony 2.8.6+dfsg-1
NOTE: https://github.com/symfony/symfony/pull/18733
NOTE: https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session
-CVE-2015-8872
- RESERVED
+CVE-2015-8872 (The set_fat function in fat.c in dosfstools before 4.0 might allow ...)
{DLA-474-1}
- dosfstools 4.0-1
[jessie] - dosfstools <no-dsa> (Minor issue)
@@ -4008,8 +4119,8 @@
[wheezy] - squid <no-dsa> (Minor issue)
NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_3.txt
-CVE-2016-3944
- RESERVED
+CVE-2016-3944 (UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle ...)
+ TODO: check
CVE-2016-3943 (Panda Endpoint Administration Agent before 7.50.00, as used in Panda ...)
NOT-FOR-US: Panda
CVE-2016-3942
@@ -5959,8 +6070,7 @@
CVE-2016-3097
RESERVED
NOT-FOR-US: spacewalk-java
-CVE-2016-3096 [Code execution vulnerability in ansible lxc_container]
- RESERVED
+CVE-2016-3096 (The create_script function in the lxc_container module in Ansible ...)
- ansible 2.0.1.0-2 (bug #819676)
[jessie] - ansible <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1322925
@@ -9082,6 +9192,7 @@
NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ea96ad5a206b7b5f25dad230333e8ff032df3219
NOTE: https://www.openssl.org/news/secadv/20160503.txt
CVE-2016-2175 (Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly ...)
+ {DLA-505-1}
- libpdfbox-java 1:1.8.12-1
NOTE: Fixed on upstream 1.8 branch in https://svn.apache.org/viewvc?view=revision&revision=1739564
NOTE: Fixed on upstream 2.0 branch in https://svn.apache.org/viewvc?view=revision&revision=1739565
@@ -9147,6 +9258,7 @@
- moodle 2.7.13+dfsg-1
CVE-2016-2150 [Host memory access from guest with invalid primary surface parameters]
RESERVED
+ {DSA-3596-1}
- spice <unfixed> (bug #826584)
CVE-2016-2149
RESERVED
@@ -10840,175 +10952,143 @@
RESERVED
CVE-2016-1704
RESERVED
-CVE-2016-1703
- RESERVED
+CVE-2016-1703 (Multiple unspecified vulnerabilities in Google Chrome before ...)
{DSA-3594-1}
- chromium-browser 51.0.2704.79-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1702
- RESERVED
+CVE-2016-1702 (The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as ...)
{DSA-3594-1}
- chromium-browser 51.0.2704.79-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1701
- RESERVED
+CVE-2016-1701 (The Autofill implementation in Google Chrome before 51.0.2704.79 ...)
{DSA-3594-1}
- chromium-browser 51.0.2704.79-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1700
- RESERVED
+CVE-2016-1700 (extensions/renderer/runtime_custom_bindings.cc in Google Chrome before ...)
{DSA-3594-1}
- chromium-browser 51.0.2704.79-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1699
- RESERVED
+CVE-2016-1699 (WebKit/Source/devtools/front_end/devtools.js in the Developer Tools ...)
{DSA-3594-1}
- chromium-browser 51.0.2704.79-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1698
- RESERVED
+CVE-2016-1698 (The createCustomType function in ...)
{DSA-3594-1}
- chromium-browser 51.0.2704.79-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1697
- RESERVED
+CVE-2016-1697 (The FrameLoader::startLoad function in ...)
{DSA-3594-1}
- chromium-browser 51.0.2704.79-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1696
- RESERVED
+CVE-2016-1696 (The extensions subsystem in Google Chrome before 51.0.2704.79 does not ...)
{DSA-3594-1}
- chromium-browser 51.0.2704.79-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1695
- RESERVED
+CVE-2016-1695 (Multiple unspecified vulnerabilities in Google Chrome before ...)
{DSA-3590-1}
- chromium-browser 51.0.2704.63-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1694
- RESERVED
+CVE-2016-1694 (browser/browsing_data/browsing_data_remover.cc in Google Chrome before ...)
{DSA-3590-1}
- chromium-browser 51.0.2704.63-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1693
- RESERVED
+CVE-2016-1693 (browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before ...)
{DSA-3590-1}
- chromium-browser 51.0.2704.63-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1692
- RESERVED
+CVE-2016-1692 (WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in ...)
{DSA-3590-1}
- chromium-browser 51.0.2704.63-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1691
- RESERVED
+CVE-2016-1691 (Skia, as used in Google Chrome before 51.0.2704.63, mishandles ...)
{DSA-3590-1}
- chromium-browser 51.0.2704.63-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1690
- RESERVED
+CVE-2016-1690 (The Autofill implementation in Google Chrome before 51.0.2704.63 ...)
{DSA-3590-1}
- chromium-browser 51.0.2704.63-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1689
- RESERVED
+CVE-2016-1689 (Heap-based buffer overflow in ...)
{DSA-3590-1}
- chromium-browser 51.0.2704.63-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1688
- RESERVED
+CVE-2016-1688 (The regexp (aka regular expression) implementation in Google V8 before ...)
{DSA-3590-1}
- chromium-browser 51.0.2704.63-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
- libv8 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
-CVE-2016-1687
- RESERVED
+CVE-2016-1687 (The renderer implementation in Google Chrome before 51.0.2704.63 does ...)
{DSA-3590-1}
- chromium-browser 51.0.2704.63-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1686
- RESERVED
+CVE-2016-1686 (The CPDF_DIBSource::CreateDecoder function in ...)
{DSA-3590-1}
- chromium-browser 51.0.2704.63-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1685
- RESERVED
+CVE-2016-1685 (core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before ...)
{DSA-3590-1}
- chromium-browser 51.0.2704.63-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1684
- RESERVED
+CVE-2016-1684 (numbers.c in libxslt before 1.1.29, as used in Google Chrome before ...)
{DSA-3590-1}
- libxslt <unfixed>
NOTE: https://git.gnome.org/browse/libxslt/commit/?id=91d0540ac9beaa86719a05b749219a69baa0dd8d (v1.1.29-rc1)
- chromium-browser 51.0.2704.63-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
NOTE: Chromium bug report: https://code.google.com/p/chromium/issues/detail?id=583171
-CVE-2016-1683
- RESERVED
+CVE-2016-1683 (numbers.c in libxslt before 1.1.29, as used in Google Chrome before ...)
{DSA-3590-1}
- libxslt <unfixed>
NOTE: https://git.gnome.org/browse/libxslt/commit/?id=d182d8f6ba3071503d96ce17395c9d55871f0242 (v1.1.29-rc1)
- chromium-browser 51.0.2704.63-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
NOTE: Chromium bug report: https://code.google.com/p/chromium/issues/detail?id=583156
-CVE-2016-1682
- RESERVED
+CVE-2016-1682 (The ServiceWorkerContainer::registerServiceWorkerImpl function in ...)
{DSA-3590-1}
- chromium-browser 51.0.2704.63-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1681
- RESERVED
+CVE-2016-1681 (Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in ...)
{DSA-3590-1}
- chromium-browser 51.0.2704.63-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1680
- RESERVED
+CVE-2016-1680 (Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, ...)
{DSA-3590-1}
- chromium-browser 51.0.2704.63-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1679
- RESERVED
+CVE-2016-1679 (The ToV8Value function in content/child/v8_value_converter_impl.cc in ...)
{DSA-3590-1}
- chromium-browser 51.0.2704.63-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1678
- RESERVED
+CVE-2016-1678 (objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome ...)
{DSA-3590-1}
- chromium-browser 51.0.2704.63-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
- libv8 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
-CVE-2016-1677
- RESERVED
+CVE-2016-1677 (uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before ...)
{DSA-3590-1}
- chromium-browser 51.0.2704.63-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
- libv8 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
-CVE-2016-1676
- RESERVED
+CVE-2016-1676 (extensions/renderer/resources/binding.js in the extension bindings in ...)
{DSA-3590-1}
- chromium-browser 51.0.2704.63-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1675
- RESERVED
+CVE-2016-1675 (Blink, as used in Google Chrome before 51.0.2704.63, allows remote ...)
{DSA-3590-1}
- chromium-browser 51.0.2704.63-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1674
- RESERVED
+CVE-2016-1674 (The extensions subsystem in Google Chrome before 51.0.2704.63 allows ...)
{DSA-3590-1}
- chromium-browser 51.0.2704.63-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1673
- RESERVED
+CVE-2016-1673 (Blink, as used in Google Chrome before 51.0.2704.63, allows remote ...)
{DSA-3590-1}
- chromium-browser 51.0.2704.63-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1672
- RESERVED
+CVE-2016-1672 (The ModuleSystem::RequireForJsInner function in ...)
{DSA-3590-1}
- chromium-browser 51.0.2704.63-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -11901,8 +11981,8 @@
RESERVED
CVE-2016-1404 (Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and ...)
TODO: check
-CVE-2016-1403
- RESERVED
+CVE-2016-1403 (CISCO IP 8800 phones with software 11.0.1 and earlier allow local ...)
+ TODO: check
CVE-2016-1402 (The Active Directory (AD) integration component in Cisco Identity ...)
TODO: check
CVE-2016-1401 (Cross-site scripting (XSS) vulnerability in the management interface ...)
@@ -11925,10 +12005,10 @@
TODO: check
CVE-2016-1392 (Open redirect vulnerability in Cisco Prime Collaboration Assurance ...)
TODO: check
-CVE-2016-1391
- RESERVED
-CVE-2016-1390
- RESERVED
+CVE-2016-1391 (Cisco Prime Network Analysis Module (NAM) before 6.1(1) ...)
+ TODO: check
+CVE-2016-1390 (Cisco Prime Network Analysis Module (NAM) before 6.1(1) ...)
+ TODO: check
CVE-2016-1389 (Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 ...)
TODO: check
CVE-2016-1388 (Cisco Prime Network Analysis Module (NAM) before 6.1(1) ...)
@@ -12690,10 +12770,10 @@
- prosody 0.9.9-1
[squeeze] - prosody <not-affected> (Vulnerable code not present)
NOTE: https://prosody.im/security/advisory_20160108-1/
-CVE-2016-1230
- RESERVED
-CVE-2016-1229
- RESERVED
+CVE-2016-1230 (Cross-site scripting (XSS) vulnerability in NTT PC Communications ...)
+ TODO: check
+CVE-2016-1229 (Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 ...)
+ TODO: check
CVE-2016-1228
RESERVED
CVE-2016-1227
@@ -12706,8 +12786,8 @@
RESERVED
CVE-2016-1223
RESERVED
-CVE-2016-1222
- RESERVED
+CVE-2016-1222 (Cross-site scripting (XSS) vulnerability in Kobe Beauty ...)
+ TODO: check
CVE-2016-1221
RESERVED
CVE-2016-1220
@@ -12726,10 +12806,10 @@
RESERVED
CVE-2016-1213
RESERVED
-CVE-2016-1212
- RESERVED
-CVE-2016-1211
- RESERVED
+CVE-2016-1212 (Directory traversal vulnerability in futomi MP Form Mail CGI ...)
+ TODO: check
+CVE-2016-1211 (Cross-site scripting (XSS) vulnerability in Epoch Web Mailing List ...)
+ TODO: check
CVE-2016-1210
RESERVED
CVE-2016-1209 (The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote ...)
@@ -13665,8 +13745,8 @@
RESERVED
CVE-2016-0909
RESERVED
-CVE-2016-0908
- RESERVED
+CVE-2016-0908 (EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows ...)
+ TODO: check
CVE-2016-0907 (EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before ...)
TODO: check
CVE-2016-0906
@@ -14165,6 +14245,7 @@
RESERVED
CVE-2016-0749 [heap-based memory corruption within smartcard handling]
RESERVED
+ {DSA-3596-1}
- spice <unfixed> (bug #826585)
CVE-2016-0748
RESERVED
@@ -15224,7 +15305,7 @@
NOT-FOR-US: Oracle
CVE-2016-0484 (Unspecified vulnerability in the Oracle Application Testing Suite ...)
NOT-FOR-US: Oracle
-CVE-2016-0483 (Unspecified vulnerability in the Java SE, Java SE Embedded, and ...)
+CVE-2016-0483 (Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; ...)
{DSA-3465-1 DSA-3458-1 DLA-410-1}
- openjdk-8 8u72-b15-1
- openjdk-7 7u95-2.6.4-1
@@ -15483,8 +15564,8 @@
RESERVED
CVE-2016-0377
RESERVED
-CVE-2016-0376
- RESERVED
+CVE-2016-0376 (The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java ...)
+ TODO: check
CVE-2016-0375
RESERVED
CVE-2016-0374
@@ -15509,8 +15590,8 @@
RESERVED
CVE-2016-0364
RESERVED
-CVE-2016-0363
- RESERVED
+CVE-2016-0363 (The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java ...)
+ TODO: check
CVE-2016-0362
RESERVED
CVE-2016-0361
@@ -16591,6 +16672,7 @@
NOTE: http://sourceforge.net/p/gdcm/gdcm/ci/9cbca25ff7f20c432b61eb9f4cae43a946502b66/
NOTE: http://sourceforge.net/p/gdcm/gdcm/ci/e0dd1114c82d372dd905c029ddbee4e81ed01a89/
CVE-2012-6702 [unanticipated internal calls to srand]
+ RESERVED
- expat 2.1.1-3
CVE-2012-6701 (Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows ...)
- linux <not-affected> (Fixed in v3.2.19; which was before src:linux rename)
@@ -34477,6 +34559,7 @@
NOTE: https://nodesecurity.io/advisories/serve-static-xss
NOTE: https://github.com/expressjs/serve-index/issues/28
CVE-2015-8903 [denial of service flaw in VICAR file processing]
+ RESERVED
[experimental] - imagemagick 8:6.9.1.2-1
- imagemagick 8:6.8.9.9-6 (low)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
@@ -34486,6 +34569,7 @@
NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26933
NOTE: http://web.archive.org/web/20150428140926/http://trac.imagemagick.org/changeset/17856
CVE-2015-8902 [denial of service flaw in PDB file processing]
+ RESERVED
[experimental] - imagemagick 8:6.9.1.2-1
- imagemagick 8:6.8.9.9-6 (low)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
@@ -34495,6 +34579,7 @@
NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26932
NOTE: http://web.archive.org/web/20150428145652/http://trac.imagemagick.org/changeset/17855
CVE-2015-8901 [denial of service flaw in MIFF file processing]
+ RESERVED
[experimental] - imagemagick 8:6.9.1.2-1
- imagemagick 8:6.8.9.9-6
[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
@@ -34505,6 +34590,7 @@
NOTE: http://trac.imagemagick.org/changeset/17854
TODO: The link in the previous line is broken. Please, consider replacing it. Error: Name or service not known
CVE-2015-8900 [denial of service flaw in HDR file processing]
+ RESERVED
[experimental] - imagemagick 8:6.9.1.2-1
- imagemagick 8:6.8.9.9-6
[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
More information about the Secure-testing-commits
mailing list