[Secure-testing-commits] r40081 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Mar 1 09:10:18 UTC 2016
Author: sectracker
Date: 2016-03-01 09:10:18 +0000 (Tue, 01 Mar 2016)
New Revision: 40081
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-01 07:19:20 UTC (rev 40080)
+++ data/CVE/list 2016-03-01 09:10:18 UTC (rev 40081)
@@ -1,3 +1,418 @@
+CVE-2016-2783
+ RESERVED
+CVE-2016-2780
+ RESERVED
+CVE-2016-2778
+ RESERVED
+CVE-2016-2777
+ REJECTED
+ TODO: check
+CVE-2016-2776
+ RESERVED
+CVE-2016-2775
+ RESERVED
+CVE-2016-2774
+ RESERVED
+CVE-2016-2773
+ RESERVED
+CVE-2016-2772
+ RESERVED
+CVE-2016-2771
+ RESERVED
+CVE-2016-2770
+ RESERVED
+CVE-2016-2769
+ RESERVED
+CVE-2016-2768
+ RESERVED
+CVE-2016-2767
+ RESERVED
+CVE-2016-2766
+ RESERVED
+CVE-2016-2765
+ RESERVED
+CVE-2016-2764
+ RESERVED
+CVE-2016-2763
+ RESERVED
+CVE-2016-2762
+ RESERVED
+CVE-2016-2761
+ RESERVED
+CVE-2016-2760
+ RESERVED
+CVE-2016-2759
+ RESERVED
+CVE-2016-2758
+ RESERVED
+CVE-2016-2757
+ RESERVED
+CVE-2016-2756
+ RESERVED
+CVE-2016-2755
+ RESERVED
+CVE-2016-2754
+ RESERVED
+CVE-2016-2753
+ RESERVED
+CVE-2016-2752
+ RESERVED
+CVE-2016-2751
+ RESERVED
+CVE-2016-2750
+ RESERVED
+CVE-2016-2749
+ RESERVED
+CVE-2016-2748
+ RESERVED
+CVE-2016-2747
+ RESERVED
+CVE-2016-2746
+ RESERVED
+CVE-2016-2745
+ RESERVED
+CVE-2016-2744
+ RESERVED
+CVE-2016-2743
+ RESERVED
+CVE-2016-2742
+ RESERVED
+CVE-2016-2741
+ RESERVED
+CVE-2016-2740
+ RESERVED
+CVE-2016-2739
+ RESERVED
+CVE-2016-2738
+ RESERVED
+CVE-2016-2737
+ RESERVED
+CVE-2016-2736
+ RESERVED
+CVE-2016-2735
+ RESERVED
+CVE-2016-2734
+ RESERVED
+CVE-2016-2733
+ RESERVED
+CVE-2016-2732
+ RESERVED
+CVE-2016-2731
+ RESERVED
+CVE-2016-2730
+ RESERVED
+CVE-2016-2729
+ RESERVED
+CVE-2016-2728
+ RESERVED
+CVE-2016-2727
+ RESERVED
+CVE-2016-2726
+ RESERVED
+CVE-2016-2725
+ RESERVED
+CVE-2016-2724
+ RESERVED
+CVE-2016-2723
+ RESERVED
+CVE-2016-2722
+ RESERVED
+CVE-2016-2721
+ RESERVED
+CVE-2016-2720
+ RESERVED
+CVE-2016-2719
+ RESERVED
+CVE-2016-2718
+ RESERVED
+CVE-2016-2717
+ RESERVED
+CVE-2016-2716
+ RESERVED
+CVE-2016-2715
+ RESERVED
+CVE-2016-2714
+ RESERVED
+CVE-2016-2713
+ RESERVED
+CVE-2016-2712
+ RESERVED
+CVE-2016-2711
+ RESERVED
+CVE-2016-2710
+ RESERVED
+CVE-2016-2709
+ RESERVED
+CVE-2016-2708
+ RESERVED
+CVE-2016-2707
+ RESERVED
+CVE-2016-2706
+ RESERVED
+CVE-2016-2705
+ RESERVED
+CVE-2016-2704
+ RESERVED
+CVE-2016-2703
+ RESERVED
+CVE-2016-2702
+ RESERVED
+CVE-2016-2701
+ RESERVED
+CVE-2016-2700
+ RESERVED
+CVE-2016-2699
+ RESERVED
+CVE-2016-2698
+ RESERVED
+CVE-2016-2697
+ RESERVED
+CVE-2016-2696
+ RESERVED
+CVE-2016-2695
+ RESERVED
+CVE-2016-2694
+ RESERVED
+CVE-2016-2693
+ RESERVED
+CVE-2016-2692
+ RESERVED
+CVE-2016-2691
+ RESERVED
+CVE-2016-2690
+ RESERVED
+CVE-2016-2689
+ RESERVED
+CVE-2016-2688
+ RESERVED
+CVE-2016-2687
+ RESERVED
+CVE-2016-2686
+ RESERVED
+CVE-2016-2685
+ RESERVED
+CVE-2016-2684
+ RESERVED
+CVE-2016-2683
+ RESERVED
+CVE-2016-2682
+ RESERVED
+CVE-2016-2681
+ RESERVED
+CVE-2016-2680
+ RESERVED
+CVE-2016-2679
+ RESERVED
+CVE-2016-2678
+ RESERVED
+CVE-2016-2677
+ RESERVED
+CVE-2016-2676
+ RESERVED
+CVE-2016-2675
+ RESERVED
+CVE-2016-2674
+ RESERVED
+CVE-2016-2673
+ RESERVED
+CVE-2016-2672
+ RESERVED
+CVE-2016-2671
+ RESERVED
+CVE-2016-2670
+ RESERVED
+CVE-2016-2669
+ RESERVED
+CVE-2016-2668
+ RESERVED
+CVE-2016-2667
+ RESERVED
+CVE-2016-2666
+ RESERVED
+CVE-2016-2665
+ RESERVED
+CVE-2016-2664
+ RESERVED
+CVE-2016-2663
+ RESERVED
+CVE-2016-2662
+ RESERVED
+CVE-2016-2661
+ RESERVED
+CVE-2016-2660
+ RESERVED
+CVE-2016-2659
+ RESERVED
+CVE-2016-2658
+ RESERVED
+CVE-2016-2657
+ RESERVED
+CVE-2016-2656
+ RESERVED
+CVE-2016-2655
+ RESERVED
+CVE-2016-2654
+ RESERVED
+CVE-2016-2653
+ RESERVED
+CVE-2016-2652
+ RESERVED
+CVE-2016-2651
+ RESERVED
+CVE-2016-2650
+ RESERVED
+CVE-2016-2649
+ RESERVED
+CVE-2016-2648
+ RESERVED
+CVE-2016-2647
+ RESERVED
+CVE-2016-2646
+ RESERVED
+CVE-2016-2645
+ RESERVED
+CVE-2016-2644
+ RESERVED
+CVE-2016-2643
+ RESERVED
+CVE-2016-2642
+ RESERVED
+CVE-2016-2641
+ RESERVED
+CVE-2016-2640
+ RESERVED
+CVE-2016-2639
+ RESERVED
+CVE-2016-2638
+ RESERVED
+CVE-2016-2637
+ RESERVED
+CVE-2016-2636
+ RESERVED
+CVE-2016-2635
+ RESERVED
+CVE-2016-2634
+ RESERVED
+CVE-2016-2633
+ RESERVED
+CVE-2016-2632
+ RESERVED
+CVE-2016-2631
+ RESERVED
+CVE-2016-2630
+ RESERVED
+CVE-2016-2629
+ RESERVED
+CVE-2016-2628
+ RESERVED
+CVE-2016-2627
+ RESERVED
+CVE-2016-2626
+ RESERVED
+CVE-2016-2625
+ RESERVED
+CVE-2016-2624
+ RESERVED
+CVE-2016-2623
+ RESERVED
+CVE-2016-2622
+ RESERVED
+CVE-2016-2621
+ RESERVED
+CVE-2016-2620
+ RESERVED
+CVE-2016-2619
+ RESERVED
+CVE-2016-2618
+ RESERVED
+CVE-2016-2617
+ RESERVED
+CVE-2016-2616
+ RESERVED
+CVE-2016-2615
+ RESERVED
+CVE-2016-2614
+ RESERVED
+CVE-2016-2613
+ RESERVED
+CVE-2016-2612
+ RESERVED
+CVE-2016-2611
+ RESERVED
+CVE-2016-2610
+ RESERVED
+CVE-2016-2609
+ RESERVED
+CVE-2016-2608
+ RESERVED
+CVE-2016-2607
+ RESERVED
+CVE-2016-2606
+ RESERVED
+CVE-2016-2605
+ RESERVED
+CVE-2016-2604
+ RESERVED
+CVE-2016-2603
+ RESERVED
+CVE-2016-2602
+ RESERVED
+CVE-2016-2601
+ RESERVED
+CVE-2016-2600
+ RESERVED
+CVE-2016-2599
+ RESERVED
+CVE-2016-2598
+ RESERVED
+CVE-2016-2597
+ RESERVED
+CVE-2016-2596
+ RESERVED
+CVE-2016-2595
+ RESERVED
+CVE-2016-2594
+ RESERVED
+CVE-2016-2593
+ RESERVED
+CVE-2016-2592
+ RESERVED
+CVE-2016-2591
+ RESERVED
+CVE-2016-2590
+ RESERVED
+CVE-2016-2589
+ RESERVED
+CVE-2016-2588
+ RESERVED
+CVE-2016-2587
+ RESERVED
+CVE-2016-2586
+ RESERVED
+CVE-2016-2585
+ RESERVED
+CVE-2016-2584
+ RESERVED
+CVE-2016-2583
+ RESERVED
+CVE-2016-2582
+ RESERVED
+CVE-2016-2581
+ RESERVED
+CVE-2016-2580
+ RESERVED
+CVE-2016-2579
+ RESERVED
+CVE-2016-2578
+ RESERVED
+CVE-2016-2577
+ RESERVED
+CVE-2016-2576
+ RESERVED
+CVE-2016-2575
+ RESERVED
+CVE-2016-2574
+ RESERVED
CVE-2016-XXXX [read out-of-bounds in TextEndsWithNewline]
- tidy-html5 <itp> (bug #770129)
NOTE: https://github.com/htacg/tidy-html5/issues/379
@@ -21,12 +436,15 @@
NOTE: nodejs not covered by security support
TODO: File bug
CVE-2016-2782
+ RESERVED
- linux 4.4.2-1
- linux-2.6 <removed>
NOTE: Upstream commit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0 (v4.5-rc2)
CVE-2016-2781 [nonpriv session can escape to the parent session by using the TIOCSTI ioctl]
+ RESERVED
- coreutils <unfixed> (bug #816320)
CVE-2016-2779 [runuser tty hijacking via TIOCSTI ioctl]
+ RESERVED
- util-linux <unfixed> (bug #815922)
[wheezy] - util-linux <not-affected> (runuser[.c] not yet present)
[squeeze] - util-linux <not-affected> (runuser[.c] not yet present)
@@ -68,22 +486,20 @@
[squeeze] - cpio <no-dsa> (Minor issue)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/25/8
NOTE: Disputed if it will recieve a CVE
-CVE-2016-2572
- RESERVED
+CVE-2016-2572 (http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after ...)
- squid3 <not-affected> (Only affects 4.x)
- squid <not-affected> (Only affects 4.x)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch
-CVE-2016-2571
- RESERVED
+CVE-2016-2571 (http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with ...)
+ {DLA-445-1}
- squid3 <unfixed> (bug #816011)
- squid <not-affected> (Vulnerable code not present)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13990.patch
NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch
NOTE: Upstream confirmed it does not affect squid 2.7.x
-CVE-2016-2570
- RESERVED
+CVE-2016-2570 (The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x ...)
- squid3 <unfixed> (bug #816011)
- squid <not-affected> (Vulnerable code not present)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
@@ -91,8 +507,8 @@
NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14549.patch
NOTE: Upstream confirmed it does not affect squid 2.7.x
NOTE: It's maybe too instrusive to fix in 3.1 (squeeze and wheezy).
-CVE-2016-2569
- RESERVED
+CVE-2016-2569 (Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append ...)
+ {DLA-445-1}
- squid3 <unfixed> (bug #816011)
- squid <not-affected> (Vulnerable code not present)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
@@ -308,64 +724,55 @@
NOTE: Affected versions: 2.0.0 to 2.0.1
NOTE: Fixed versions: 2.0.2
TODO: check
-CVE-2016-2532
- RESERVED
+CVE-2016-2532 (The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c ...)
- wireshark 2.0.2+ga16e22e-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-11.html
NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
NOTE: Fixed versions: 2.0.2, 1.12.10
TODO: check
-CVE-2016-2531
- RESERVED
+CVE-2016-2531 (Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector ...)
- wireshark 2.0.2+ga16e22e-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-10.html
NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
NOTE: Fixed versions: 2.0.2, 1.12.10
TODO: check
-CVE-2016-2530
- RESERVED
+CVE-2016-2530 (The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c ...)
- wireshark 2.0.2+ga16e22e-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-10.html
NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
NOTE: Fixed versions: 2.0.2, 1.12.10
TODO: check
-CVE-2016-2529
- RESERVED
+CVE-2016-2529 (The iseries_check_file_type function in wiretap/iseries.c in the ...)
- wireshark 2.0.2+ga16e22e-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-09.html
NOTE: Affected versions: 2.0.0 to 2.0.1
NOTE: Fixed versions: 2.0.2
TODO: check
-CVE-2016-2528
- RESERVED
+CVE-2016-2528 (The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in ...)
- wireshark 2.0.2+ga16e22e-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-08.html
NOTE: Affected versions: 2.0.0 to 2.0.1
NOTE: Fixed versions: 2.0.2
TODO: check
-CVE-2016-2527
- RESERVED
+CVE-2016-2527 (wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser ...)
- wireshark 2.0.2+ga16e22e-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-07.html
NOTE: Affected versions: 2.0.0 to 2.0.1
NOTE: Fixed versions: 2.0.2
TODO: check
-CVE-2016-2526
- RESERVED
+CVE-2016-2526 (epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark ...)
- wireshark 2.0.2+ga16e22e-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-06.html
NOTE: Affected versions: 2.0.0 to 2.0.1
NOTE: Fixed versions: 2.0.2
TODO: check
-CVE-2016-2525
- RESERVED
+CVE-2016-2525 (epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark ...)
- wireshark 2.0.2+ga16e22e-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-05.html
NOTE: Affected versions: 2.0.0 to 2.0.1
NOTE: Fixed versions: 2.0.2
TODO: check
-CVE-2016-2524
- RESERVED
+CVE-2016-2524 (epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark ...)
- wireshark 2.0.2+ga16e22e-1
[jessie] - wireshark <not-affected> (Only affects 2.0.x)
[wheezy] - wireshark <not-affected> (Only affects 2.0.x)
@@ -373,15 +780,13 @@
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-04.html
NOTE: Affected versions: 2.0.0 to 2.0.1
NOTE: Fixed versions: 2.0.2
-CVE-2016-2523
- RESERVED
+CVE-2016-2523 (The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in ...)
- wireshark 2.0.2+ga16e22e-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-03.html
NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
NOTE: Fixed versions: 2.0.2, 1.12.10
TODO: check
-CVE-2016-2522
- RESERVED
+CVE-2016-2522 (The dissect_ber_constrained_bitstring function in ...)
- wireshark 2.0.2+ga16e22e-1
[jessie] - wireshark <not-affected> (Only affects 2.0.x)
[wheezy] - wireshark <not-affected> (Only affects 2.0.x)
@@ -389,8 +794,7 @@
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-02.html
NOTE: Affected versions: 2.0.0 to 2.0.1
NOTE: Fixed versions: 2.0.2
-CVE-2016-2521
- RESERVED
+CVE-2016-2521 (Untrusted search path vulnerability in the WiresharkApplication class ...)
- wireshark 2.0.2+ga16e22e-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-01.html
NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
@@ -653,6 +1057,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/02/19/4
CVE-2016-2510 [remote code execution vulnerability]
RESERVED
+ {DLA-443-1}
- bsh 2.0b4-16
NOTE: https://github.com/beanshell/beanshell/releases/tag/2.0b6
NOTE: https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49
@@ -891,8 +1296,8 @@
- php5 5.6.18+dfsg-1
- php5.6 5.6.18+dfsg-1
- php7.0 7.0.3-1
- [squeeze] - php5 5.3.3.1-7+squeeze29
- NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
+ [squeeze] - php5 5.3.3.1-7+squeeze29
+ NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
NOTE: https://bugs.php.net/bug.php?id=71039
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305494
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=c527549e899bf211aac7d8ab5ceb1bdfedf07f14
@@ -901,16 +1306,16 @@
- php5 5.6.18+dfsg-1
- php5.6 5.6.18+dfsg-1
- php7.0 7.0.3-1
- [squeeze] - php5 5.3.3.1-7+squeeze29
- NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
+ [squeeze] - php5 5.3.3.1-7+squeeze29
+ NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
NOTE: https://bugs.php.net/bug.php?id=71089
NOTE: Fixed in 5.6.18, 7.0.3
CVE-2016-XXXX [round() segfault on 64-bit builds]
- php5 5.6.18+dfsg-1
- php5.6 5.6.18+dfsg-1
- php7.0 7.0.3-1
- [squeeze] - php5 5.3.3.1-7+squeeze29
- NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
+ [squeeze] - php5 5.3.3.1-7+squeeze29
+ NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
NOTE: https://bugs.php.net/bug.php?id=71201
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305504
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=0d822f6df946764f3f0348b82efae2e1eaa83aa0
@@ -928,8 +1333,8 @@
- php5 5.6.18+dfsg-1
- php5.6 5.6.18+dfsg-1
- php7.0 7.0.3-1
- [squeeze] - php5 5.3.3.1-7+squeeze29
- NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
+ [squeeze] - php5 5.3.3.1-7+squeeze29
+ NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
NOTE: https://bugs.php.net/bug.php?id=71459
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305518
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=54c210d2ea9b8539edcde1888b1104b96b38e886
@@ -938,8 +1343,8 @@
- php5 5.6.18+dfsg-1
- php5.6 5.6.18+dfsg-1
- php7.0 7.0.3-1
- [squeeze] - php5 5.3.3.1-7+squeeze29
- NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
+ [squeeze] - php5 5.3.3.1-7+squeeze29
+ NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
NOTE: https://bugs.php.net/bug.php?id=71354
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305536
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=13ad4d3e971807f9a58ab5933182907dc2958539
@@ -948,8 +1353,8 @@
- php5 5.6.18+dfsg-1
- php5.6 5.6.18+dfsg-1
- php7.0 7.0.3-1
- [squeeze] - php5 5.3.3.1-7+squeeze29
- NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
+ [squeeze] - php5 5.3.3.1-7+squeeze29
+ NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
NOTE: https://bugs.php.net/bug.php?id=71391
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305540
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=1c1b8b69982375700d4b011eb89ea48b66dbd5aa
@@ -985,8 +1390,8 @@
- php5 5.6.18+dfsg-1
- php5.6 5.6.18+dfsg-1
- php7.0 7.0.3-1
- [squeeze] - php5 5.3.3.1-7+squeeze29
- NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
+ [squeeze] - php5 5.3.3.1-7+squeeze29
+ NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
NOTE: https://bugs.php.net/bug.php?id=70979
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305551
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=4308c868f94df1f2b99e80038ba5ea1076d919a7
@@ -7407,12 +7812,12 @@
RESERVED
CVE-2016-0246
RESERVED
-CVE-2016-0245
- RESERVED
-CVE-2016-0244
- RESERVED
-CVE-2016-0243
- RESERVED
+CVE-2016-0245 (The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and ...)
+ TODO: check
+CVE-2016-0244 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal ...)
+ TODO: check
+CVE-2016-0243 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal ...)
+ TODO: check
CVE-2016-0242
RESERVED
CVE-2016-0241
@@ -7447,8 +7852,8 @@
RESERVED
CVE-2016-0226
RESERVED
-CVE-2016-0225
- RESERVED
+CVE-2016-0225 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.9 ...)
+ TODO: check
CVE-2016-0224
RESERVED
CVE-2016-0223
@@ -7465,16 +7870,16 @@
RESERVED
CVE-2016-0217
RESERVED
-CVE-2016-0216
- RESERVED
+CVE-2016-0216 (Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 ...)
+ TODO: check
CVE-2016-0215
RESERVED
CVE-2016-0214
RESERVED
-CVE-2016-0213
- RESERVED
-CVE-2016-0212
- RESERVED
+CVE-2016-0213 (Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 ...)
+ TODO: check
+CVE-2016-0212 (Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 ...)
+ TODO: check
CVE-2016-0211
RESERVED
CVE-2016-0210
@@ -7524,8 +7929,8 @@
RESERVED
CVE-2015-8525
RESERVED
-CVE-2015-8524
- RESERVED
+CVE-2015-8524 (Cross-site scripting (XSS) vulnerability in Process Portal in IBM ...)
+ TODO: check
CVE-2015-8523
RESERVED
CVE-2015-8522
@@ -11213,8 +11618,8 @@
RESERVED
CVE-2015-7492 (Cross-site scripting (XSS) vulnerability in Reference Data Management ...)
TODO: check
-CVE-2015-7491
- RESERVED
+CVE-2015-7491 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x ...)
+ TODO: check
CVE-2015-7490
RESERVED
CVE-2015-7489 (IBM SPSS Statistics 22.0.0.2 before IF10 and 23.0.0.2 before IF7 uses ...)
@@ -11281,12 +11686,12 @@
RESERVED
CVE-2015-7458
RESERVED
-CVE-2015-7457
- RESERVED
+CVE-2015-7457 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x ...)
+ TODO: check
CVE-2015-7456 (IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote ...)
TODO: check
-CVE-2015-7455
- RESERVED
+CVE-2015-7455 (IBM WebSphere Portal 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 ...)
+ TODO: check
CVE-2015-7454
RESERVED
CVE-2015-7453
@@ -11339,8 +11744,8 @@
TODO: check
CVE-2015-7429 (The Data Protection extension in the VMware GUI in IBM Tivoli Storage ...)
TODO: check
-CVE-2015-7428
- RESERVED
+CVE-2015-7428 (Open redirect vulnerability in IBM WebSphere Portal 8.0.x before ...)
+ TODO: check
CVE-2015-7427 (IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, ...)
NOT-FOR-US: IBM
CVE-2015-7426 (The Data Protection extension in the VMware GUI in IBM Tivoli Storage ...)
@@ -11715,10 +12120,10 @@
RESERVED
CVE-2015-7263
RESERVED
-CVE-2015-7262
- RESERVED
-CVE-2015-7261
- RESERVED
+CVE-2015-7262 (QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage ...)
+ TODO: check
+CVE-2015-7261 (The FTP service in QNAP iArtist Lite before 1.4.54, as distributed ...)
+ TODO: check
CVE-2015-7260
RESERVED
CVE-2015-7259
@@ -14752,8 +15157,8 @@
NOT-FOR-US: Microsoft
CVE-2015-6037 (Cross-site scripting (XSS) vulnerability in Microsoft Excel Services ...)
NOT-FOR-US: Microsoft
-CVE-2015-6036
- RESERVED
+CVE-2015-6036 (QNAP Signage Station before 2.0.1 allows remote attackers to bypass ...)
+ TODO: check
CVE-2015-6035
RESERVED
CVE-2015-6034 (EPSON Network Utility 4.10 uses weak permissions (Everyone: Full ...)
@@ -14783,8 +15188,8 @@
RESERVED
CVE-2015-6023
RESERVED
-CVE-2015-6022
- RESERVED
+CVE-2015-6022 (Unrestricted file upload vulnerability in QNAP Signage Station before ...)
+ TODO: check
CVE-2015-6021
RESERVED
CVE-2015-6020 (ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote ...)
@@ -25800,7 +26205,7 @@
NOTE: Patch: https://git.samba.org/?p=jelmer/dulwich.git;a=commitdiff;h=091638be3c89f46f42c3b1d57dc1504af5729176
NOTE: http://www.openwall.com/lists/oss-security/2015/03/21/1
CVE-2015-2348 (The move_uploaded_file implementation in ...)
- {DSA-3198-1}
+ {DSA-3198-1 DLA-444-1}
- php5 5.6.7+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=69207
CVE-2015-2347 (Cross-site scripting (XSS) vulnerability in Huawei SEQ Analyst before ...)
@@ -28179,7 +28584,7 @@
CVE-2015-1569 (Fortinet FortiClient 5.2.028 for iOS does not validate certificates, ...)
NOT-FOR-US: Fortinet FortiClient
CVE-2015-2305 (Integer overflow in the regcomp implementation in the Henry Spencer ...)
- {DSA-3195-1 DLA-233-1}
+ {DSA-3195-1 DLA-444-1 DLA-233-1}
- php5 5.6.6+dfsg-1 (low; bug #778389)
- olsrd <not-affected> (only when building on Android, see bug #778390)
- llvm-toolchain-3.4 <removed> (low; bug #778391)
@@ -29133,7 +29538,7 @@
NOTE: http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/
NOTE: https://bugs.launchpad.net/ubuntu/+source/man-db/+bug/1482786
CVE-2015-1335 (lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local ...)
- {DSA-3400-1}
+ {DSA-3400-1 DLA-442-1}
- lxc 1:1.0.8-1 (bug #800471)
NOTE: https://launchpad.net/bugs/1476662
NOTE: https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be
@@ -60771,6 +61176,7 @@
[wheezy] - samba4 4.0.0~beta2+dfsg1-3.2+deb7u1
NOTE: http://www.samba.org/samba/security/CVE-2013-6442
CVE-2013-6441 (The lxc-sshd template (templates/lxc-sshd.in) in LXC before ...)
+ {DLA-442-1}
- lxc 1.0.0-1 (unimportant)
NOTE: getting root on host, if not using unprivileged containers or
NOTE: restricting the containers with apparmor or selinux.
More information about the Secure-testing-commits
mailing list