[Secure-testing-commits] r42897 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Jun 29 21:10:14 UTC 2016
Author: sectracker
Date: 2016-06-29 21:10:13 +0000 (Wed, 29 Jun 2016)
New Revision: 42897
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-06-29 20:15:20 UTC (rev 42896)
+++ data/CVE/list 2016-06-29 21:10:13 UTC (rev 42897)
@@ -1,9 +1,61 @@
+CVE-2016-5876
+ RESERVED
+CVE-2016-5875
+ RESERVED
+CVE-2016-5874
+ RESERVED
+CVE-2016-5872
+ RESERVED
+CVE-2016-5871
+ RESERVED
+CVE-2016-5870
+ RESERVED
+CVE-2016-5869
+ RESERVED
+CVE-2016-5868
+ RESERVED
+CVE-2016-5867
+ RESERVED
+CVE-2016-5866
+ RESERVED
+CVE-2016-5865
+ RESERVED
+CVE-2016-5864
+ RESERVED
+CVE-2016-5863
+ RESERVED
+CVE-2016-5862
+ RESERVED
+CVE-2016-5861
+ RESERVED
+CVE-2016-5860
+ RESERVED
+CVE-2016-5859
+ RESERVED
+CVE-2016-5858
+ RESERVED
+CVE-2016-5857
+ RESERVED
+CVE-2016-5856
+ RESERVED
+CVE-2016-5855
+ RESERVED
+CVE-2016-5854
+ RESERVED
+CVE-2016-5853
+ RESERVED
+CVE-2016-5852
+ RESERVED
+CVE-2016-5850
+ RESERVED
CVE-2016-5873
+ RESERVED
- php-pecl-http 3.0.1-0.1
[jessie] - php-pecl-http <not-affected> (Vulnerable code not present)
NOTE: https://bugs.php.net/bug.php?id=71719
NOTE: https://github.com/m6w6/ext-http/commit/3724cd76a28be1d6049b5537232e97ac567ae1f5/def
CVE-2016-5851 [XXE]
+ RESERVED
NOT-FOR-US: python-docx
CVE-2016-5849
RESERVED
@@ -318,36 +370,28 @@
RESERVED
CVE-2016-5743
RESERVED
-CVE-2016-5839 [... some less secure sanitize_file_name edge cases]
- RESERVED
+CVE-2016-5839 (WordPress before 4.5.3 allows remote attackers to bypass the ...)
- wordpress 4.5.3+dfsg-1
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
-CVE-2016-5838 [password change via stolen cookie]
- RESERVED
+CVE-2016-5838 (WordPress before 4.5.3 allows remote attackers to bypass intended ...)
- wordpress 4.5.3+dfsg-1
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
-CVE-2016-5837 [unauthorized category removal from a post]
- RESERVED
+CVE-2016-5837 (WordPress before 4.5.3 allows remote attackers to bypass intended ...)
- wordpress 4.5.3+dfsg-1
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
-CVE-2016-5836 [oEmbed denial of service]
- RESERVED
+CVE-2016-5836 (The oEmbed protocol implementation in WordPress before 4.5.3 allows ...)
- wordpress 4.5.3+dfsg-1
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
-CVE-2016-5835 [revision history information disclosure]
- RESERVED
+CVE-2016-5835 (WordPress before 4.5.3 allows remote attackers to obtain sensitive ...)
- wordpress 4.5.3+dfsg-1
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
-CVE-2016-5834 [XSS problem via attachment name]
- RESERVED
+CVE-2016-5834 (Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link ...)
- wordpress 4.5.3+dfsg-1
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
-CVE-2016-5833 [XSS problem via attachment name]
- RESERVED
+CVE-2016-5833 (Cross-site scripting (XSS) vulnerability in the column_title function ...)
- wordpress 4.5.3+dfsg-1
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
-CVE-2016-5832 [redirect bypass in the customizer]
- RESERVED
+CVE-2016-5832 (The customizer in WordPress before 4.5.3 allows remote attackers to ...)
- wordpress 4.5.3+dfsg-1
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
CVE-2016-5773 [ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize]
@@ -405,6 +449,7 @@
NOTE: Fixed by: https://github.com/libgd/libgd/commit/cfee163a5e848fc3e3fb1d05a30d7557cdd36457 (GD_2_0_34RC1)
CVE-2016-5766 [Integer Overflow in _gd2GetHeader() resulting in heap overflow]
RESERVED
+ {DLA-534-1}
- php7.0 7.0.8-1 (unimportant)
- php5 5.6.23+dfsg-1 (unimportant)
NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
@@ -2406,8 +2451,8 @@
NOTE: confirmed this still crashes with latest CVS, version v4.0.6
NOTE: also confirmed this crashes v4.0.2 in wheezy
NOTE: Upstream will remove gif2tiff from 4.0.7 release
-CVE-2016-5101
- RESERVED
+CVE-2016-5101 (Unspecified vulnerability in Opera Mail before 2016-02-16 on Windows ...)
+ TODO: check
CVE-2016-5100
RESERVED
CVE-2016-5099
@@ -2739,14 +2784,14 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/8
CVE-2016-5096 [int/size_t confusion in fread]
RESERVED
- {DSA-3602-1}
+ {DSA-3602-1 DLA-533-1}
- php5 5.6.22+dfsg-1
NOTE: PHP bug: https://bugs.php.net/bug.php?id=72114
NOTE: Fixed in 5.6.22, 5.5.36
NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
CVE-2016-5095 [don't create strings with lengths outside int range]
RESERVED
- {DSA-3602-1}
+ {DSA-3602-1 DLA-533-1}
- php5 5.6.22+dfsg-1
NOTE: PHP bug: https://bugs.php.net/bug.php?id=72135
NOTE: Fixed in 5.6.22, 5.5.36
@@ -2754,14 +2799,14 @@
NOTE: For the additional issue reported in the "[2016-05-17 12:55 UTC]" comment
CVE-2016-5094 [don't create strings with lengths outside int range]
RESERVED
- {DSA-3602-1}
+ {DSA-3602-1 DLA-533-1}
- php5 5.6.22+dfsg-1
NOTE: PHP bug: https://bugs.php.net/bug.php?id=72135
NOTE: Fixed in 5.6.22, 5.5.36
NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
CVE-2016-5093 [get_icu_value_internal out-of-bounds read]
RESERVED
- {DSA-3602-1}
+ {DSA-3602-1 DLA-533-1}
- php7.0 7.0.7-1
- php5 5.6.22+dfsg-1
NOTE: PHP bug: https://bugs.php.net/bug.php?id=72241
@@ -4402,6 +4447,7 @@
RESERVED
CVE-2016-4463 [Apache Xerces-C XML Parser Crashes on Malformed DTD]
RESERVED
+ {DSA-3610-1 DLA-535-1}
- xerces-c <unfixed> (bug #828990)
NOTE: http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt
CVE-2016-4462
@@ -4800,6 +4846,7 @@
NOT-FOR-US: Lantronix xPrintServer
CVE-2016-4324
RESERVED
+ {DSA-3608-1}
- libreoffice 1:5.1.4~rc1-1
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2016-4324/
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0126/
@@ -7975,7 +8022,7 @@
NOTE: https://struts.apache.org/docs/s2-034.html
CVE-2016-3092
RESERVED
- {DLA-529-1 DLA-528-1}
+ {DSA-3609-1 DLA-529-1 DLA-528-1}
- libcommons-fileupload-java 1.3.2-1
- tomcat7 7.0.70-1
- tomcat8 8.0.36-1
@@ -14742,8 +14789,8 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/12/28/6
CVE-2015-8700
RESERVED
-CVE-2015-8699
- RESERVED
+CVE-2015-8699 (Multiple cross-site scripting (XSS) vulnerabilities in CA Release ...)
+ TODO: check
CVE-2016-1255
RESERVED
CVE-2016-1254
@@ -14780,8 +14827,7 @@
RESERVED
CVE-2016-1238
RESERVED
-CVE-2016-1237 [nfsd: any user can set a file's ACL over NFS and grant access to it]
- RESERVED
+CVE-2016-1237 (nfsd in the Linux kernel through 4.6.3 allows local users to bypass ...)
{DSA-3607-1}
- linux 4.6.2-2
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
@@ -15033,8 +15079,8 @@
RESERVED
CVE-2016-1131 (Buffer overflow in the CL_vsprintf function in Takumi Yamada DX ...)
NOT-FOR-US: Takumi Yamada
-CVE-2015-8698
- RESERVED
+CVE-2015-8698 (CA Release Automation (formerly LISA Release Automation) 5.0.2 before ...)
+ TODO: check
CVE-2015-8696
RESERVED
CVE-2015-8695
@@ -16241,7 +16287,7 @@
NOTE: Upstream fix: https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=60b7ed3bdc3941a3b7c56824fba4b7291e79041f (1.2-beta2)
NOTE: Fixed in 1.0.12 for the 1.0.x branch: https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/NEWS?h=1.0.12
CVE-2016-0763 (The setGlobalContext method in ...)
- {DSA-3552-1 DSA-3530-1 DLA-435-1}
+ {DSA-3609-1 DSA-3552-1 DSA-3530-1 DLA-435-1}
- tomcat9 <itp> (bug #802312)
- tomcat8 8.0.32-1
- tomcat7 7.0.68-1
@@ -16448,7 +16494,7 @@
CVE-2016-0715
RESERVED
CVE-2016-0714 (The session-persistence implementation in Apache Tomcat 6.x before ...)
- {DSA-3552-1 DSA-3530-1 DLA-435-1}
+ {DSA-3609-1 DSA-3552-1 DSA-3530-1 DLA-435-1}
- tomcat9 <itp> (bug #802312)
- tomcat8 8.0.32-1
- tomcat7 7.0.68-1
@@ -16470,7 +16516,7 @@
CVE-2016-0707 (The agent in Apache Ambari before 2.1.2 uses weak permissions for the ...)
NOT-FOR-US: Apache Ambari
CVE-2016-0706 (Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, ...)
- {DSA-3552-1 DSA-3530-1 DLA-435-1}
+ {DSA-3609-1 DSA-3552-1 DSA-3530-1 DLA-435-1}
- tomcat9 <itp> (bug #802312)
- tomcat8 8.0.32-1
- tomcat7 7.0.68-1
@@ -17780,8 +17826,8 @@
TODO: check
CVE-2016-0305
RESERVED
-CVE-2016-0304
- RESERVED
+CVE-2016-0304 (The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x ...)
+ TODO: check
CVE-2016-0303
RESERVED
CVE-2016-0302
@@ -17792,8 +17838,8 @@
RESERVED
CVE-2016-0299
RESERVED
-CVE-2016-0298
- RESERVED
+CVE-2016-0298 (Directory traversal vulnerability in IBM Security Guardium Database ...)
+ TODO: check
CVE-2016-0297
RESERVED
CVE-2016-0296
@@ -17854,22 +17900,22 @@
RESERVED
CVE-2016-0268
RESERVED
-CVE-2016-0267
- RESERVED
+CVE-2016-0267 (IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and ...)
+ TODO: check
CVE-2016-0266
RESERVED
CVE-2016-0265
RESERVED
CVE-2016-0264 (Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java ...)
NOT-FOR-US: IBM JDK
-CVE-2016-0263
- RESERVED
+CVE-2016-0263 (IBM Spectrum Scale 4.1 before 4.1.1.5 and 4.2 before 4.2.0.2 and ...)
+ TODO: check
CVE-2016-0262 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
TODO: check
CVE-2016-0261
RESERVED
-CVE-2016-0260
- RESERVED
+CVE-2016-0260 (Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before ...)
+ TODO: check
CVE-2016-0259 (runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to ...)
TODO: check
CVE-2016-0258
@@ -18743,7 +18789,7 @@
NOTE: http://sourceforge.net/p/gdcm/gdcm/ci/92cd6d7fe0d01c61cf68ac4ef65ef388ee252415/
NOTE: http://sourceforge.net/p/gdcm/gdcm/ci/9cbca25ff7f20c432b61eb9f4cae43a946502b66/
NOTE: http://sourceforge.net/p/gdcm/gdcm/ci/e0dd1114c82d372dd905c029ddbee4e81ed01a89/
-CVE-2012-6703
+CVE-2012-6703 (Integer overflow in the snd_compr_allocate_buffer function in ...)
- linux 3.8.11-1
NOTE: Fixed by: https://git.kernel.org/linux/b35cc8225845112a616e3a2266d2fde5ab13d3ab (3.7-rc1)
CVE-2012-6702 (Expat, when used in a parser that has not called XML_SetHashSalt or ...)
@@ -27364,7 +27410,7 @@
CVE-2015-5353 (Directory traversal vulnerability in Novius OS 5.0.1 (Elche) allows ...)
NOT-FOR-US: Novius OS
CVE-2015-5351 (The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x ...)
- {DSA-3552-1 DSA-3530-1 DLA-435-1}
+ {DSA-3609-1 DSA-3552-1 DSA-3530-1 DLA-435-1}
- tomcat9 <itp> (bug #802312)
- tomcat8 8.0.32-1
- tomcat7 7.0.68-1
@@ -27384,7 +27430,7 @@
CVE-2015-5347 (Cross-site scripting (XSS) vulnerability in the ...)
TODO: check
CVE-2015-5346 (Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x ...)
- {DSA-3552-1 DSA-3530-1}
+ {DSA-3609-1 DSA-3552-1 DSA-3530-1}
- tomcat9 <itp> (bug #802312)
- tomcat8 8.0.30-1
- tomcat7 7.0.68-1
@@ -27396,7 +27442,7 @@
NOTE: http://svn.apache.org/viewvc?view=revision&revision=1713185
NOTE: http://svn.apache.org/viewvc?view=revision&revision=1723506
CVE-2015-5345 (The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before ...)
- {DSA-3552-1 DSA-3530-1 DLA-435-1}
+ {DSA-3609-1 DSA-3552-1 DSA-3530-1 DLA-435-1}
- tomcat9 <itp> (bug #802312)
- tomcat8 8.0.30-1
- tomcat7 7.0.68-1
@@ -28115,7 +28161,7 @@
RESERVED
NOT-FOR-US: Apache CXF Fediz
CVE-2015-5174 (Directory traversal vulnerability in RequestUtil.java in Apache Tomcat ...)
- {DSA-3552-1 DSA-3530-1 DLA-435-1}
+ {DSA-3609-1 DSA-3552-1 DSA-3530-1 DLA-435-1}
- tomcat8 8.0.28-1
- tomcat7 7.0.68-1
- tomcat6 6.0.41-3
More information about the Secure-testing-commits
mailing list