[Secure-testing-commits] r42363 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Mon Jun 6 21:10:11 UTC 2016


Author: sectracker
Date: 2016-06-06 21:10:11 +0000 (Mon, 06 Jun 2016)
New Revision: 42363

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-06-06 20:06:13 UTC (rev 42362)
+++ data/CVE/list	2016-06-06 21:10:11 UTC (rev 42363)
@@ -1,3 +1,113 @@
+CVE-2016-5299
+	RESERVED
+CVE-2016-5298
+	RESERVED
+CVE-2016-5297
+	RESERVED
+CVE-2016-5296
+	RESERVED
+CVE-2016-5295
+	RESERVED
+CVE-2016-5294
+	RESERVED
+CVE-2016-5293
+	RESERVED
+CVE-2016-5292
+	RESERVED
+CVE-2016-5291
+	RESERVED
+CVE-2016-5290
+	RESERVED
+CVE-2016-5289
+	RESERVED
+CVE-2016-5288
+	RESERVED
+CVE-2016-5287
+	RESERVED
+CVE-2016-5286
+	RESERVED
+CVE-2016-5285
+	RESERVED
+CVE-2016-5284
+	RESERVED
+CVE-2016-5283
+	RESERVED
+CVE-2016-5282
+	RESERVED
+CVE-2016-5281
+	RESERVED
+CVE-2016-5280
+	RESERVED
+CVE-2016-5279
+	RESERVED
+CVE-2016-5278
+	RESERVED
+CVE-2016-5277
+	RESERVED
+CVE-2016-5276
+	RESERVED
+CVE-2016-5275
+	RESERVED
+CVE-2016-5274
+	RESERVED
+CVE-2016-5273
+	RESERVED
+CVE-2016-5272
+	RESERVED
+CVE-2016-5271
+	RESERVED
+CVE-2016-5270
+	RESERVED
+CVE-2016-5269
+	RESERVED
+CVE-2016-5268
+	RESERVED
+CVE-2016-5267
+	RESERVED
+CVE-2016-5266
+	RESERVED
+CVE-2016-5265
+	RESERVED
+CVE-2016-5264
+	RESERVED
+CVE-2016-5263
+	RESERVED
+CVE-2016-5262
+	RESERVED
+CVE-2016-5261
+	RESERVED
+CVE-2016-5260
+	RESERVED
+CVE-2016-5259
+	RESERVED
+CVE-2016-5258
+	RESERVED
+CVE-2016-5257
+	RESERVED
+CVE-2016-5256
+	RESERVED
+CVE-2016-5255
+	RESERVED
+CVE-2016-5254
+	RESERVED
+CVE-2016-5253
+	RESERVED
+CVE-2016-5252
+	RESERVED
+CVE-2016-5251
+	RESERVED
+CVE-2016-5250
+	RESERVED
+CVE-2016-5249
+	RESERVED
+CVE-2016-5248
+	RESERVED
+CVE-2016-5247
+	RESERVED
+CVE-2016-5246
+	RESERVED
+CVE-2016-5245
+	RESERVED
 CVE-2016-XXXX [GNUTLS-SA-2016-1]
 	- gnutls28 3.4.13-1
 	[jessie] - gnutls28 <not-affected> (Introduced in 3.4.12)
@@ -19,18 +129,23 @@
 CVE-2014-9855
 	RESERVED
 CVE-2016-5301 [denial of service]
+	RESERVED
 	- libtorrent-rasterbar <unfixed> (bug #826380)
 	NOTE: https://github.com/arvidn/libtorrent/issues/780
 	NOTE: https://github.com/arvidn/libtorrent/pull/782
 CVE-2016-5300 [use of too little entropy]
+	RESERVED
 	- expat 2.1.1-3
 CVE-2016-5244 [rds: fix an infoleak in rds_inc_info_copy]
+	RESERVED
 	- linux <unfixed>
 	NOTE: https://patchwork.ozlabs.org/patch/629110/
 CVE-2016-5243 [tipc: an infoleak in tipc_nl_compat_link_dump]
+	RESERVED
 	- linux <unfixed>
 	NOTE: https://patchwork.ozlabs.org/patch/629100/
 CVE-2016-5242 [arm: Host crash caused by VMID exhaustion]
+	RESERVED
 	- xen <unfixed>
 	NOTE: http://xenbits.xen.org/xsa/advisory-181.html
 CVE-2016-5241
@@ -437,6 +552,7 @@
 CVE-2016-5127
 	RESERVED
 CVE-2015-8899 [denial of service - dnsmasq crashes querying any CNAME that points to localhost.localdomain]
+	RESERVED
 	- dnsmasq 2.76-1
 	[jessie] - dnsmasq <not-affected> (Vulnerable code introduced later)
 	[wheezy] - dnsmasq <not-affected> (Vulnerable code introduced later)
@@ -1473,8 +1589,8 @@
 	RESERVED
 CVE-2016-4813
 	RESERVED
-CVE-2016-4812
-	RESERVED
+CVE-2016-4812 (Cross-site scripting (XSS) vulnerability in the Markdown on Save ...)
+	TODO: check
 CVE-2016-4811
 	RESERVED
 CVE-2016-4810 (Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR ...)
@@ -1532,8 +1648,7 @@
 	- linux 4.5.2-1
 	NOTE: Fixed by: https://git.kernel.org/linus/1f461dcdd296eecedaffffc6bae2bfa90bd7eb89 (v4.6-rc1)
 	NOTE: Introduced by: https://git.kernel.org/linus/273ec51dd7ceaa76e038875d85061ec856d8905e (v2.6.30)
-CVE-2016-4804
-	RESERVED
+CVE-2016-4804 (The read_boot function in boot.c in dosfstools before 4.0 allows ...)
 	{DLA-474-1}
 	- dosfstools 4.0-1
 	[jessie] - dosfstools <no-dsa> (Minor issue)
@@ -2030,16 +2145,13 @@
 	- linux 4.5.5-1
 	NOTE: http://comments.gmane.org/gmane.linux.kernel/2214250
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/tiwai/sound.git/commit/?h=for-next&id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e (not yet merged in Linus tree)
-CVE-2016-4564
-	RESERVED
+CVE-2016-4564 (The DrawImage function in MagickCore/draw.c in ImageMagick before ...)
 	- imagemagick <unfixed>
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
-CVE-2016-4563
-	RESERVED
+CVE-2016-4563 (The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick ...)
 	- imagemagick <unfixed>
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
-CVE-2016-4562
-	RESERVED
+CVE-2016-4562 (The DrawDashPolygon function in MagickCore/draw.c in ImageMagick ...)
 	- imagemagick <unfixed>
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
 CVE-2016-4560
@@ -2600,8 +2712,7 @@
 	- symfony 2.8.6+dfsg-1
 	NOTE: https://github.com/symfony/symfony/pull/18733
 	NOTE: https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session
-CVE-2015-8872
-	RESERVED
+CVE-2015-8872 (The set_fat function in fat.c in dosfstools before 4.0 might allow ...)
 	{DLA-474-1}
 	- dosfstools 4.0-1
 	[jessie] - dosfstools <no-dsa> (Minor issue)
@@ -4008,8 +4119,8 @@
 	[wheezy] - squid <no-dsa> (Minor issue)
 	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_3.txt
-CVE-2016-3944
-	RESERVED
+CVE-2016-3944 (UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle ...)
+	TODO: check
 CVE-2016-3943 (Panda Endpoint Administration Agent before 7.50.00, as used in Panda ...)
 	NOT-FOR-US: Panda
 CVE-2016-3942
@@ -5959,8 +6070,7 @@
 CVE-2016-3097
 	RESERVED
 	NOT-FOR-US: spacewalk-java
-CVE-2016-3096 [Code execution vulnerability in ansible lxc_container]
-	RESERVED
+CVE-2016-3096 (The create_script function in the lxc_container module in Ansible ...)
 	- ansible 2.0.1.0-2 (bug #819676)
 	[jessie] - ansible <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1322925
@@ -9082,6 +9192,7 @@
 	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ea96ad5a206b7b5f25dad230333e8ff032df3219
 	NOTE: https://www.openssl.org/news/secadv/20160503.txt
 CVE-2016-2175 (Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly ...)
+	{DLA-505-1}
 	- libpdfbox-java 1:1.8.12-1
 	NOTE: Fixed on upstream 1.8 branch in https://svn.apache.org/viewvc?view=revision&revision=1739564
 	NOTE: Fixed on upstream 2.0 branch in https://svn.apache.org/viewvc?view=revision&revision=1739565
@@ -9147,6 +9258,7 @@
 	- moodle 2.7.13+dfsg-1
 CVE-2016-2150 [Host memory access from guest with invalid primary surface parameters]
 	RESERVED
+	{DSA-3596-1}
 	- spice <unfixed> (bug #826584)
 CVE-2016-2149
 	RESERVED
@@ -10840,175 +10952,143 @@
 	RESERVED
 CVE-2016-1704
 	RESERVED
-CVE-2016-1703
-	RESERVED
+CVE-2016-1703 (Multiple unspecified vulnerabilities in Google Chrome before ...)
 	{DSA-3594-1}
 	- chromium-browser 51.0.2704.79-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1702
-	RESERVED
+CVE-2016-1702 (The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as ...)
 	{DSA-3594-1}
 	- chromium-browser 51.0.2704.79-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1701
-	RESERVED
+CVE-2016-1701 (The Autofill implementation in Google Chrome before 51.0.2704.79 ...)
 	{DSA-3594-1}
 	- chromium-browser 51.0.2704.79-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1700
-	RESERVED
+CVE-2016-1700 (extensions/renderer/runtime_custom_bindings.cc in Google Chrome before ...)
 	{DSA-3594-1}
 	- chromium-browser 51.0.2704.79-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1699
-	RESERVED
+CVE-2016-1699 (WebKit/Source/devtools/front_end/devtools.js in the Developer Tools ...)
 	{DSA-3594-1}
 	- chromium-browser 51.0.2704.79-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1698
-	RESERVED
+CVE-2016-1698 (The createCustomType function in ...)
 	{DSA-3594-1}
 	- chromium-browser 51.0.2704.79-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1697
-	RESERVED
+CVE-2016-1697 (The FrameLoader::startLoad function in ...)
 	{DSA-3594-1}
 	- chromium-browser 51.0.2704.79-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1696
-	RESERVED
+CVE-2016-1696 (The extensions subsystem in Google Chrome before 51.0.2704.79 does not ...)
 	{DSA-3594-1}
 	- chromium-browser 51.0.2704.79-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1695
-	RESERVED
+CVE-2016-1695 (Multiple unspecified vulnerabilities in Google Chrome before ...)
 	{DSA-3590-1}
 	- chromium-browser 51.0.2704.63-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1694
-	RESERVED
+CVE-2016-1694 (browser/browsing_data/browsing_data_remover.cc in Google Chrome before ...)
 	{DSA-3590-1}
 	- chromium-browser 51.0.2704.63-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1693
-	RESERVED
+CVE-2016-1693 (browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before ...)
 	{DSA-3590-1}
 	- chromium-browser 51.0.2704.63-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1692
-	RESERVED
+CVE-2016-1692 (WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in ...)
 	{DSA-3590-1}
 	- chromium-browser 51.0.2704.63-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1691
-	RESERVED
+CVE-2016-1691 (Skia, as used in Google Chrome before 51.0.2704.63, mishandles ...)
 	{DSA-3590-1}
 	- chromium-browser 51.0.2704.63-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1690
-	RESERVED
+CVE-2016-1690 (The Autofill implementation in Google Chrome before 51.0.2704.63 ...)
 	{DSA-3590-1}
 	- chromium-browser 51.0.2704.63-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1689
-	RESERVED
+CVE-2016-1689 (Heap-based buffer overflow in ...)
 	{DSA-3590-1}
 	- chromium-browser 51.0.2704.63-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1688
-	RESERVED
+CVE-2016-1688 (The regexp (aka regular expression) implementation in Google V8 before ...)
 	{DSA-3590-1}
 	- chromium-browser 51.0.2704.63-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 	- libv8 <unfixed> (unimportant)
 	NOTE: libv8 not covered by security support
-CVE-2016-1687
-	RESERVED
+CVE-2016-1687 (The renderer implementation in Google Chrome before 51.0.2704.63 does ...)
 	{DSA-3590-1}
 	- chromium-browser 51.0.2704.63-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1686
-	RESERVED
+CVE-2016-1686 (The CPDF_DIBSource::CreateDecoder function in ...)
 	{DSA-3590-1}
 	- chromium-browser 51.0.2704.63-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1685
-	RESERVED
+CVE-2016-1685 (core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before ...)
 	{DSA-3590-1}
 	- chromium-browser 51.0.2704.63-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1684
-	RESERVED
+CVE-2016-1684 (numbers.c in libxslt before 1.1.29, as used in Google Chrome before ...)
 	{DSA-3590-1}
 	- libxslt <unfixed>
 	NOTE: https://git.gnome.org/browse/libxslt/commit/?id=91d0540ac9beaa86719a05b749219a69baa0dd8d (v1.1.29-rc1)
 	- chromium-browser 51.0.2704.63-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 	NOTE: Chromium bug report: https://code.google.com/p/chromium/issues/detail?id=583171
-CVE-2016-1683
-	RESERVED
+CVE-2016-1683 (numbers.c in libxslt before 1.1.29, as used in Google Chrome before ...)
 	{DSA-3590-1}
 	- libxslt <unfixed>
 	NOTE: https://git.gnome.org/browse/libxslt/commit/?id=d182d8f6ba3071503d96ce17395c9d55871f0242 (v1.1.29-rc1)
 	- chromium-browser 51.0.2704.63-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 	NOTE: Chromium bug report: https://code.google.com/p/chromium/issues/detail?id=583156
-CVE-2016-1682
-	RESERVED
+CVE-2016-1682 (The ServiceWorkerContainer::registerServiceWorkerImpl function in ...)
 	{DSA-3590-1}
 	- chromium-browser 51.0.2704.63-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1681
-	RESERVED
+CVE-2016-1681 (Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in ...)
 	{DSA-3590-1}
 	- chromium-browser 51.0.2704.63-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1680
-	RESERVED
+CVE-2016-1680 (Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, ...)
 	{DSA-3590-1}
 	- chromium-browser 51.0.2704.63-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1679
-	RESERVED
+CVE-2016-1679 (The ToV8Value function in content/child/v8_value_converter_impl.cc in ...)
 	{DSA-3590-1}
 	- chromium-browser 51.0.2704.63-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1678
-	RESERVED
+CVE-2016-1678 (objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome ...)
 	{DSA-3590-1}
 	- chromium-browser 51.0.2704.63-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 	- libv8 <unfixed> (unimportant)
 	NOTE: libv8 not covered by security support
-CVE-2016-1677
-	RESERVED
+CVE-2016-1677 (uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before ...)
 	{DSA-3590-1}
 	- chromium-browser 51.0.2704.63-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 	- libv8 <unfixed> (unimportant)
 	NOTE: libv8 not covered by security support
-CVE-2016-1676
-	RESERVED
+CVE-2016-1676 (extensions/renderer/resources/binding.js in the extension bindings in ...)
 	{DSA-3590-1}
 	- chromium-browser 51.0.2704.63-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1675
-	RESERVED
+CVE-2016-1675 (Blink, as used in Google Chrome before 51.0.2704.63, allows remote ...)
 	{DSA-3590-1}
 	- chromium-browser 51.0.2704.63-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1674
-	RESERVED
+CVE-2016-1674 (The extensions subsystem in Google Chrome before 51.0.2704.63 allows ...)
 	{DSA-3590-1}
 	- chromium-browser 51.0.2704.63-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1673
-	RESERVED
+CVE-2016-1673 (Blink, as used in Google Chrome before 51.0.2704.63, allows remote ...)
 	{DSA-3590-1}
 	- chromium-browser 51.0.2704.63-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1672
-	RESERVED
+CVE-2016-1672 (The ModuleSystem::RequireForJsInner function in ...)
 	{DSA-3590-1}
 	- chromium-browser 51.0.2704.63-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -11901,8 +11981,8 @@
 	RESERVED
 CVE-2016-1404 (Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and ...)
 	TODO: check
-CVE-2016-1403
-	RESERVED
+CVE-2016-1403 (CISCO IP 8800 phones with software 11.0.1 and earlier allow local ...)
+	TODO: check
 CVE-2016-1402 (The Active Directory (AD) integration component in Cisco Identity ...)
 	TODO: check
 CVE-2016-1401 (Cross-site scripting (XSS) vulnerability in the management interface ...)
@@ -11925,10 +12005,10 @@
 	TODO: check
 CVE-2016-1392 (Open redirect vulnerability in Cisco Prime Collaboration Assurance ...)
 	TODO: check
-CVE-2016-1391
-	RESERVED
-CVE-2016-1390
-	RESERVED
+CVE-2016-1391 (Cisco Prime Network Analysis Module (NAM) before 6.1(1) ...)
+	TODO: check
+CVE-2016-1390 (Cisco Prime Network Analysis Module (NAM) before 6.1(1) ...)
+	TODO: check
 CVE-2016-1389 (Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 ...)
 	TODO: check
 CVE-2016-1388 (Cisco Prime Network Analysis Module (NAM) before 6.1(1) ...)
@@ -12690,10 +12770,10 @@
 	- prosody 0.9.9-1
 	[squeeze] - prosody <not-affected> (Vulnerable code not present)
 	NOTE: https://prosody.im/security/advisory_20160108-1/
-CVE-2016-1230
-	RESERVED
-CVE-2016-1229
-	RESERVED
+CVE-2016-1230 (Cross-site scripting (XSS) vulnerability in NTT PC Communications ...)
+	TODO: check
+CVE-2016-1229 (Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 ...)
+	TODO: check
 CVE-2016-1228
 	RESERVED
 CVE-2016-1227
@@ -12706,8 +12786,8 @@
 	RESERVED
 CVE-2016-1223
 	RESERVED
-CVE-2016-1222
-	RESERVED
+CVE-2016-1222 (Cross-site scripting (XSS) vulnerability in Kobe Beauty ...)
+	TODO: check
 CVE-2016-1221
 	RESERVED
 CVE-2016-1220
@@ -12726,10 +12806,10 @@
 	RESERVED
 CVE-2016-1213
 	RESERVED
-CVE-2016-1212
-	RESERVED
-CVE-2016-1211
-	RESERVED
+CVE-2016-1212 (Directory traversal vulnerability in futomi MP Form Mail CGI ...)
+	TODO: check
+CVE-2016-1211 (Cross-site scripting (XSS) vulnerability in Epoch Web Mailing List ...)
+	TODO: check
 CVE-2016-1210
 	RESERVED
 CVE-2016-1209 (The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote ...)
@@ -13665,8 +13745,8 @@
 	RESERVED
 CVE-2016-0909
 	RESERVED
-CVE-2016-0908
-	RESERVED
+CVE-2016-0908 (EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows ...)
+	TODO: check
 CVE-2016-0907 (EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before ...)
 	TODO: check
 CVE-2016-0906
@@ -14165,6 +14245,7 @@
 	RESERVED
 CVE-2016-0749 [heap-based memory corruption within smartcard handling]
 	RESERVED
+	{DSA-3596-1}
 	- spice <unfixed> (bug #826585)
 CVE-2016-0748
 	RESERVED
@@ -15224,7 +15305,7 @@
 	NOT-FOR-US: Oracle
 CVE-2016-0484 (Unspecified vulnerability in the Oracle Application Testing Suite ...)
 	NOT-FOR-US: Oracle
-CVE-2016-0483 (Unspecified vulnerability in the Java SE, Java SE Embedded, and ...)
+CVE-2016-0483 (Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; ...)
 	{DSA-3465-1 DSA-3458-1 DLA-410-1}
 	- openjdk-8 8u72-b15-1
 	- openjdk-7 7u95-2.6.4-1
@@ -15483,8 +15564,8 @@
 	RESERVED
 CVE-2016-0377
 	RESERVED
-CVE-2016-0376
-	RESERVED
+CVE-2016-0376 (The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java ...)
+	TODO: check
 CVE-2016-0375
 	RESERVED
 CVE-2016-0374
@@ -15509,8 +15590,8 @@
 	RESERVED
 CVE-2016-0364
 	RESERVED
-CVE-2016-0363
-	RESERVED
+CVE-2016-0363 (The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java ...)
+	TODO: check
 CVE-2016-0362
 	RESERVED
 CVE-2016-0361
@@ -16591,6 +16672,7 @@
 	NOTE: http://sourceforge.net/p/gdcm/gdcm/ci/9cbca25ff7f20c432b61eb9f4cae43a946502b66/
 	NOTE: http://sourceforge.net/p/gdcm/gdcm/ci/e0dd1114c82d372dd905c029ddbee4e81ed01a89/
 CVE-2012-6702 [unanticipated internal calls to srand]
+	RESERVED
 	- expat 2.1.1-3
 CVE-2012-6701 (Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows ...)
 	- linux <not-affected> (Fixed in v3.2.19; which was before src:linux rename)
@@ -34477,6 +34559,7 @@
 	NOTE: https://nodesecurity.io/advisories/serve-static-xss
 	NOTE: https://github.com/expressjs/serve-index/issues/28
 CVE-2015-8903 [denial of service flaw in VICAR file processing]
+	RESERVED
 	[experimental] - imagemagick 8:6.9.1.2-1
 	- imagemagick 8:6.8.9.9-6 (low)
 	[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
@@ -34486,6 +34569,7 @@
 	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26933
 	NOTE: http://web.archive.org/web/20150428140926/http://trac.imagemagick.org/changeset/17856
 CVE-2015-8902 [denial of service flaw in PDB file processing]
+	RESERVED
 	[experimental] - imagemagick 8:6.9.1.2-1
 	- imagemagick 8:6.8.9.9-6 (low)
 	[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
@@ -34495,6 +34579,7 @@
 	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26932
 	NOTE: http://web.archive.org/web/20150428145652/http://trac.imagemagick.org/changeset/17855
 CVE-2015-8901 [denial of service flaw in MIFF file processing]
+	RESERVED
 	[experimental] - imagemagick 8:6.9.1.2-1
 	- imagemagick 8:6.8.9.9-6
 	[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
@@ -34505,6 +34590,7 @@
 	NOTE: http://trac.imagemagick.org/changeset/17854
 	TODO: The link in the previous line is broken. Please, consider replacing it. Error: Name or service not known
 CVE-2015-8900 [denial of service flaw in HDR file processing]
+	RESERVED
 	[experimental] - imagemagick 8:6.9.1.2-1
 	- imagemagick 8:6.8.9.9-6
 	[jessie] - imagemagick 8:6.8.9.9-5+deb8u1




More information about the Secure-testing-commits mailing list