[Secure-testing-commits] r40118 - data/CVE

Tue Mar 1 21:10:34 UTC 2016

Author: sectracker
Date: 2016-03-01 21:10:34 +0000 (Tue, 01 Mar 2016)
New Revision: 40118

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-03-01 20:28:10 UTC (rev 40117)
+++ data/CVE/list	2016-03-01 21:10:34 UTC (rev 40118)
@@ -1,3 +1,13 @@
+CVE-2016-2788
+	RESERVED
+CVE-2016-2787
+	RESERVED
+CVE-2016-2786
+	RESERVED
+CVE-2016-2785
+	RESERVED
+CVE-2016-2784
+	RESERVED
 CVE-2016-XXXX [Type registration should be required]
 	- libkryo-java <unfixed>
 	NOTE: https://github.com/EsotericSoftware/kryo/issues/398
@@ -496,21 +506,17 @@
 	RESERVED
 CVE-2016-2563
 	RESERVED
-CVE-2016-2562 [PMASA-2016-13 Vulnerability allowing man-in-the-middle attack on API call to GitHub]
-	RESERVED
+CVE-2016-2562 (The checkHTTP function in libraries/Config.class.php in phpMyAdmin ...)
 	- phpmyadmin 4:4.5.5.1-1 (unimportant)
 	[wheezy] - phpmyadmin <not-affected>
 	[jessie] - phpmyadmin <not-affected>
 	NOTE: vulnerabilty is only in the test suite
-CVE-2016-2561 [PMASA-2016-12 phpMyAdmin Multiple XSS vulnerabilities]
-	RESERVED
+CVE-2016-2561 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
 	- phpmyadmin 4:4.5.5.1-1
 	[wheezy] - phpmyadmin <not-affected>
-CVE-2016-2560 [PMASA-2016-11 phpMyAdmin Multiple XSS vulnerabilities]
-	RESERVED
+CVE-2016-2560 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
 	- phpmyadmin 4:4.5.5.1-1 (low)
-CVE-2016-2559 [PMASA-2016-10 phpMyAdmin XSS vulnerability in SQL parser]
-	RESERVED
+CVE-2016-2559 (Cross-site scripting (XSS) vulnerability in the format function in ...)
 	- phpmyadmin 4:4.5.5.1-1 (low)
 	[wheezy] - phpmyadmin <not-affected>
 	[jessie] - phpmyadmin <not-affected>
@@ -1210,6 +1216,7 @@
 	RESERVED
 CVE-2016-2381
 	RESERVED
+	{DSA-3501-1}
 	- perl 5.22.1-8
 	NOTE: http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076
 CVE-2016-2380
@@ -4305,8 +4312,8 @@
 	RESERVED
 CVE-2016-1354
 	RESERVED
-CVE-2016-1353
-	RESERVED
+CVE-2016-1353 (The TCP implementation in Cisco Videoscape Distribution Suite for ...)
+	TODO: check
 CVE-2016-1352
 	RESERVED
 CVE-2016-1351
@@ -6229,17 +6236,20 @@
 	NOTE: http://blog.cryptographyengineering.com/2016/03/attack-of-week-drown.html
 CVE-2016-0799 [Memory issues in BIO_*printf functions]
 	RESERVED
+	{DSA-3500-1}
 	- openssl 1.0.2g-1
 	NOTE: https://www.openssl.org/news/secadv/20160301.txt
 	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=a801bf263849a2ef773e5bc0c86438cbba720835
 	NOTE: https://guidovranken.wordpress.com/2016/02/27/openssl-cve-2016-0799-heap-corruption-via-bio_printf/
 CVE-2016-0798 [Memory leak in SRP database lookups]
 	RESERVED
+	{DSA-3500-1}
 	- openssl 1.0.2g-1
 	NOTE: https://www.openssl.org/news/secadv/20160301.txt
 	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=59a908f1e8380412a81392c468b83bf6071beb2a
 CVE-2016-0797 [BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption]
 	RESERVED
+	{DSA-3500-1}
 	- openssl 1.0.2g-1
 	NOTE: https://www.openssl.org/news/secadv/20160301.txt
 	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=99ba9fd02fd481eb971023a3a0a251a37eb87e4c
@@ -6568,6 +6578,7 @@
 	NOTE: Fixed in 6.0.45, 7.0.68, 8.0.32, 9.0.0.M3
 CVE-2016-0705 [Double-free in DSA code]
 	RESERVED
+	{DSA-3500-1}
 	- openssl 1.0.2g-1
 	[squeeze] - openssl <not-affected> (vulnerable code not present)
 	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ab4a81f69ec88d06c9d8de15326b9296d7f498ed
@@ -6584,6 +6595,7 @@
 	NOTE: https://www.openssl.org/news/secadv/20160301.txt
 CVE-2016-0702 [Side channel attack on modular exponentiation]
 	RESERVED
+	{DSA-3500-1}
 	- openssl 1.0.2g-1
 	NOTE: https://www.openssl.org/news/secadv/20160301.txt
 	NOTE: https://cachebleed.info


