[Secure-testing-commits] r42598 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Jun 17 09:10:22 UTC 2016 

Author: sectracker
Date: 2016-06-17 09:10:22 +0000 (Fri, 17 Jun 2016)
New Revision: 42598

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-06-17 08:30:00 UTC (rev 42597)
+++ data/CVE/list	2016-06-17 09:10:22 UTC (rev 42598)
@@ -411,7 +411,7 @@
 	- drupal7 7.44-1
 	[jessie] - drupal7 7.32-1+deb8u7
 	NOTE: https://www.drupal.org/SA-CORE-2016-002
-        NOTE: workaround for DSA-3604-1
+	NOTE: workaround for DSA-3604-1
 CVE-2016-5636 [heap overflow in Python zipimport module]
 	RESERVED
 	- python3.5 3.5.2~rc1-1
@@ -993,10 +993,12 @@
 	- expat 2.1.1-3
 CVE-2016-5244 [rds: fix an infoleak in rds_inc_info_copy]
 	RESERVED
+	{DLA-516-1}
 	- linux 4.6.2-1
 	NOTE: https://patchwork.ozlabs.org/patch/629110/
 CVE-2016-5243 [tipc: an infoleak in tipc_nl_compat_link_dump]
 	RESERVED
+	{DLA-516-1}
 	- linux 4.6.2-1
 	NOTE: https://patchwork.ozlabs.org/patch/629100/
 CVE-2016-5242 (The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x ...)
@@ -2468,6 +2470,7 @@
 CVE-2016-4810 (Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR ...)
 	NOT-FOR-US: Citrix
 CVE-2016-4913 (The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux ...)
+	{DLA-516-1}
 	- linux 4.5.4-1
 	NOTE: Fixed by: https://git.kernel.org/linus/99d825822eade8d827a1817357cbf3f889a552d6 (v4.6)
 CVE-2016-4912
@@ -2968,6 +2971,7 @@
 CVE-2016-4582
 	RESERVED
 CVE-2016-4580 (The x25_negotiate_facilities function in net/x25/x25_facilities.c in ...)
+	{DLA-516-1}
 	- linux 4.5.5-1
 	NOTE: Fixed by: https://git.kernel.org/linus/79e48650320e6fba48369fccf13fd045315b19b8 (v4.6)
 CVE-2016-4577 (Buffer overflow in the Smart DNS functionality in the Huawei NGFW ...)
@@ -3013,11 +3017,13 @@
 	NOTE: Fixed by: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=6be61daac047d8e6aa941eb103f8e71a1d4e3c75
 	NOTE: Introduced by: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3
 CVE-2016-4578 (sound/core/timer.c in the Linux kernel through 4.6 does not initialize ...)
+	{DLA-516-1}
 	- linux 4.5.5-1
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/tiwai/sound.git/commit/?h=for-next&id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/tiwai/sound.git/commit/?h=for-next&id=e4ec8cc8039a7063e24204299b462bd1383184a5
 	NOTE: Both commits not yet in Linus tree
 CVE-2016-4569 (The snd_timer_user_params function in sound/core/timer.c in the Linux ...)
+	{DLA-516-1}
 	- linux 4.5.5-1
 	NOTE: http://comments.gmane.org/gmane.linux.kernel/2214250
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/tiwai/sound.git/commit/?h=for-next&id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e (not yet merged in Linus tree)
@@ -3025,6 +3031,7 @@
 	- imagemagick <unfixed>
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
 CVE-2016-4563 (The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick ...)
+	{DLA-517-1}
 	- imagemagick <unfixed>
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
 CVE-2016-4562 (The DrawDashPolygon function in MagickCore/draw.c in ImageMagick ...)
@@ -3057,6 +3064,7 @@
 	NOTE: Fixed by: https://git.kernel.org/linus/2c1f6951a8a82e6de0d82b1158b5e493fc6c54ab (v4.6-rc6)
 	NOTE: Introduced by: https://git.kernel.org/linus/b0e0e1f83de31aa0428c38b692c590cc0ecd3f03 (v4.4-rc1)
 CVE-2016-4565 (The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 ...)
+	{DLA-516-1}
 	- linux 4.5.3-1
 	NOTE: Fixed by: https://git.kernel.org/linus/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3 (v4.6-rc6)
 CVE-2016-4551
@@ -3411,9 +3419,11 @@
 	[jessie] - openafs <no-dsa> (Minor issue, can be included in a future DSA or via jessie-pu)
 	NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt
 CVE-2016-4486 (The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux ...)
+	{DLA-516-1}
 	- linux 4.5.4-1
 	NOTE: https://git.kernel.org/linus/5f8e44741f9f216e33736ea4ec65ca9ac03036e6
 CVE-2016-4485 (The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel ...)
+	{DLA-516-1}
 	- linux 4.5.4-1
 	NOTE: https://git.kernel.org/linus/b8670c09f37bdf2847cc44f36511a53afc6161fd
 CVE-2016-4484
@@ -3612,6 +3622,7 @@
 	[jessie] - dotclear <no-dsa> (Minor issue)
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/05/04/9
 CVE-2016-4482 (The proc_connectinfo function in drivers/usb/core/devio.c in the Linux ...)
+	{DLA-516-1}
 	- linux 4.5.5-1
 	NOTE: http://www.spinics.net/lists/linux-usb/msg140243.html
 	NOTE: http://www.openwall.com/lists/oss-security/2016/05/04/2
@@ -4579,6 +4590,7 @@
 	NOTE: World readable files in /etc/quagga as well in Debian
 CVE-2016-3955 [remote buffer overflow in usbip]
 	RESERVED
+	{DLA-516-1}
 	- linux 4.5.2-1
 	NOTE: Upstream commit: https://git.kernel.org/linus/b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb (v4.6-rc3)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/04/19/1
@@ -4925,6 +4937,7 @@
 CVE-2016-3962
 	RESERVED
 CVE-2016-3961 (Xen and the Linux kernel through 4.5.x do not properly suppress ...)
+	{DLA-516-1}
 	- linux 4.5.2-1
 	NOTE: http://xenbits.xen.org/xsa/advisory-174.html
 CVE-2016-3960 (Integer overflow in the x86 shadow pagetable code in Xen allows local ...)
@@ -4942,6 +4955,7 @@
 CVE-2016-3952
 	RESERVED
 CVE-2016-3951 (Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux ...)
+	{DLA-516-1}
 	- linux 4.5.1-1
 	NOTE: https://git.kernel.org/linus/4d06dd537f95683aba3651098ae288b7cbff8274 (v4.5)
 	NOTE: https://git.kernel.org/linus/1666984c8625b3db19a9abc298931d35ab7bc64b (v4.5)
@@ -5645,6 +5659,7 @@
 CVE-2016-3673
 	RESERVED
 CVE-2016-3672 (The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux ...)
+	{DLA-516-1}
 	- linux 4.5.1-1
 	NOTE: http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html
 	NOTE: Upstream fix: https://git.kernel.org/linus/8b8addf891de8a00e4d39fc32f93f7c5eb8feceb (v4.6-rc1)
@@ -6819,6 +6834,7 @@
 	NOTE: on later versions).  Ie for the second hunk in xsa172.patch (the only
 	NOTE: hunk in xsa172-4.3.patch), which patches the function xrstor.
 CVE-2016-3157 (The __switch_to function in arch/x86/kernel/process_64.c in the Linux ...)
+	{DLA-516-1}
 	- linux 4.5.1-1
 	NOTE: http://xenbits.xen.org/xsa/advisory-171.html
 	NOTE: https://git.kernel.org/linus/b7a584598aea7ca73140cb87b40319944dd3393f
@@ -7121,6 +7137,7 @@
 	NOTE: https://github.com/proftpd/proftpd/commit/d9f9d469ce1da09c7935f509797d488fa2d08697
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/11/12
 CVE-2016-3140 (The digi_port_init function in drivers/usb/serial/digi_acceleport.c in ...)
+	{DLA-516-1}
 	- linux 4.5.1-1 (low)
 	[jessie] - linux <no-dsa> (Minor issue)
 	[wheezy] - linux <no-dsa> (Minor issue)
@@ -7135,6 +7152,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283375
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283377
 CVE-2016-3138 (The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux ...)
+	{DLA-516-1}
 	- linux 4.5.1-1 (low)
 	[jessie] - linux <no-dsa> (Minor issue)
 	[wheezy] - linux <no-dsa> (Minor issue)
@@ -7142,12 +7160,14 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283366
 	NOTE: http://marc.info/?l=linux-usb&m=145803342320160&w=2
 CVE-2016-3137 (drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 ...)
+	{DLA-516-1}
 	- linux 4.5.1-1 (low)
 	[jessie] - linux <no-dsa> (Minor issue)
 	[wheezy] - linux <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/bugtraq/2016/Mar/55
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283368
 CVE-2016-3136 (The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in ...)
+	{DLA-516-1}
 	- linux 4.5.1-1 (low)
 	[jessie] - linux <no-dsa> (Minor issue)
 	[wheezy] - linux <no-dsa> (Minor issue)
@@ -7613,6 +7633,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/8
 	NOTE: Upstream fix: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&sortby=date&f=h
 CVE-2016-3134 (The netfilter subsystem in the Linux kernel through 4.5.2 does not ...)
+	{DLA-516-1}
 	- linux 4.5.1-1
 	[wheezy] - linux <no-dsa> (Minor issue)
 	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=758
@@ -10070,10 +10091,12 @@
 	NOTE: http://seclists.org/bugtraq/2016/Mar/87
 	NOTE: http://marc.info/?l=linux-usb&m=145796659429788&w=2
 CVE-2016-2187 (The gtco_probe function in drivers/input/tablet/gtco.c in the Linux ...)
+	{DLA-516-1}
 	- linux 4.5.2-1
 	NOTE: Upstream commit: https://git.kernel.org/linus/162f98dea487206d9ab79fc12ed64700667a894d (v4.6-rc5)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1317017
 CVE-2016-2186 (The powermate_probe function in drivers/input/misc/powermate.c in the ...)
+	{DLA-516-1}
 	- linux 4.5.1-1 (low)
 	[jessie] - linux <no-dsa> (Minor issue)
 	[wheezy] - linux <no-dsa> (Minor issue)
@@ -10082,6 +10105,7 @@
 	NOTE: http://seclists.org/bugtraq/2016/Mar/85
 	NOTE: http://marc.info/?l=linux-usb&m=145796479528669&w=2
 CVE-2016-2185 (The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in ...)
+	{DLA-516-1}
 	- linux 4.5.1-1 (low)
 	[jessie] - linux <no-dsa> (Minor issue)
 	[wheezy] - linux <no-dsa> (Minor issue)
@@ -10089,6 +10113,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283362
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283363
 CVE-2016-2184 (The create_fixed_stream_quirk function in sound/usb/quirks.c in the ...)
+	{DLA-516-1}
 	- linux 4.5.1-1 (low)
 	[jessie] - linux <no-dsa> (Minor issue)
 	[wheezy] - linux <no-dsa> (Minor issue)
@@ -10206,6 +10231,7 @@
 CVE-2016-2144
 	REJECTED
 CVE-2016-2143 (The fork implementation in the Linux kernel before 4.5 on s390 ...)
+	{DLA-516-1}
 	- linux 4.4.6-1
 	[wheezy] - linux <no-dsa> (Architecture not supported in Wheezy LTS)
 	NOTE: Fixed by: https://git.kernel.org/linus/3446c13b268af86391d06611327006b059b8bab1 (v4.5)
@@ -12365,6 +12391,7 @@
 	RESERVED
 CVE-2016-1583
 	RESERVED
+	{DLA-516-1}
 	- linux 4.6.2-1
 CVE-2016-1582 (LXD before 2.0.2 does not properly set permissions when switching an ...)
 	- lxd <itp> (bug #768073)
@@ -14935,6 +14962,7 @@
 CVE-2016-0822 (The MediaTek connectivity kernel driver in Android 6.0.1 before ...)
 	TODO: check
 CVE-2016-0821 (The LIST_POISON feature in include/linux/poison.h in the Linux kernel ...)
+	{DLA-516-1}
 	- linux 4.3.1-1
 	NOTE: Upstream patch: https://git.kernel.org/linus/8a5e5e02fc83aaf67053ab53b359af08c6c49aaf (v4.3-rc1)
 CVE-2016-0820 (The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 ...)

More information about the Secure-testing-commits mailing list