[Secure-testing-commits] r40222 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Mar 8 09:10:17 UTC 2016
Author: sectracker
Date: 2016-03-08 09:10:16 +0000 (Tue, 08 Mar 2016)
New Revision: 40222
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-08 06:56:31 UTC (rev 40221)
+++ data/CVE/list 2016-03-08 09:10:16 UTC (rev 40222)
@@ -1,3 +1,23 @@
+CVE-2016-2855
+ RESERVED
+CVE-2016-2852
+ RESERVED
+CVE-2016-2851
+ RESERVED
+CVE-2016-2850
+ RESERVED
+CVE-2016-2849
+ RESERVED
+CVE-2016-2848
+ RESERVED
+CVE-2016-2846
+ RESERVED
+CVE-2016-2845 (The Content Security Policy (CSP) implementation in Blink, as used in ...)
+ TODO: check
+CVE-2016-2844 (WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google ...)
+ TODO: check
+CVE-2016-2843 (Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, ...)
+ TODO: check
CVE-2016-XXXX [malformed private keys lead to heap corruption in OpenSSL's b2i_PVK_bio]
- openssl <unfixed>
NOTE: https://wartalker.me/a/56d62d1aeff2a2688884a075
@@ -26,6 +46,7 @@
NOTE: https://github.com/htacg/tidy-html5/issues/380
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/04/2
CVE-2016-2858 [rng-random: arbitrary stack based allocation leading to corruption]
+ RESERVED
- qemu <unfixed>
- qemu-kvm <removed>
NOTE: Upstream patch: http://git.qemu.org/?p=qemu.git;a=commit;h=60253ed1e6ec6d8e5ef2efe7bf755f475dce9956
@@ -33,6 +54,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/03/04/1
TODO: check affected versions
CVE-2015-8832 [media exclusion control enforcement]
+ RESERVED
- dotclear <unfixed> (bug #815979)
[jessie] - dotclear <no-dsa> (Minor issue; workaround possible; can be fixed via a point release)
NOTE: https://hg.dotclear.org/dotclear/rev/198580bc3d80
@@ -40,6 +62,7 @@
NOTE: Fixed upstream in 2.8.2
NOTE: http://www.openwall.com/lists/oss-security/2016/03/05/4
CVE-2015-8831 [potential XSS vulnerability in comments's list]
+ RESERVED
- dotclear <unfixed> (bug #815979)
[jessie] - dotclear <no-dsa> (Minor issue; can be fixed via a point release)
NOTE: https://hg.dotclear.org/dotclear/rev/65e65154dadf
@@ -51,6 +74,7 @@
CVE-2016-2840
RESERVED
CVE-2016-2857 [net: out of bounds read in net_checksum_calculate]
+ RESERVED
- qemu <unfixed>
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-03/msg00671.html
@@ -58,11 +82,13 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/03/03/9
TODO: check affected versions
CVE-2016-2854 [AUFS Xattr Setgid Privilege Escalation]
+ RESERVED
- linux <unfixed>
NOTE: http://www.halfdog.net/Security/2016/AufsPrivilegeEscalationInUserNamespaces/
NOTE: https://sourceforge.net/p/aufs/mailman/message/34864744/
TODO: check
CVE-2016-2853 [AUFS Over Fuse: Loss of Nosuid]
+ RESERVED
- linux <unfixed>
NOTE: http://www.halfdog.net/Security/2016/AufsPrivilegeEscalationInUserNamespaces/
NOTE: https://sourceforge.net/p/aufs/mailman/message/34864744/
@@ -183,12 +209,12 @@
RESERVED
CVE-2015-8823
RESERVED
-CVE-2015-8822
- RESERVED
-CVE-2015-8821
- RESERVED
-CVE-2015-8820
- RESERVED
+CVE-2015-8822 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
+ TODO: check
+CVE-2015-8821 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
+ TODO: check
+CVE-2015-8820 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
+ TODO: check
CVE-2015-8819
RESERVED
CVE-2016-2841 [net: ne2000: infinite loop in ne2000_receive]
@@ -1782,10 +1808,10 @@
RESERVED
CVE-2016-2284
RESERVED
-CVE-2016-2283
- RESERVED
-CVE-2016-2282
- RESERVED
+CVE-2016-2283 (Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration ...)
+ TODO: check
+CVE-2016-2282 (Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration ...)
+ TODO: check
CVE-2016-2281
RESERVED
CVE-2016-2280
@@ -1864,11 +1890,9 @@
RESERVED
CVE-2016-2245
RESERVED
-CVE-2016-2244
- RESERVED
+CVE-2016-2244 (HP LaserJet printers and MFPs and OfficeJet Enterprise printers with ...)
NOT-FOR-US: HP LaserJet Printers
-CVE-2016-2243
- RESERVED
+CVE-2016-2243 (Sure Start on HP Commercial PCs 2015 allows local users to cause a ...)
NOT-FOR-US: HP Commercial PCs with Sure Start
CVE-2015-8813
RESERVED
@@ -3756,80 +3780,67 @@
RESERVED
CVE-2016-1643
RESERVED
-CVE-2016-1642
- RESERVED
+CVE-2016-1642 (Multiple unspecified vulnerabilities in Google Chrome before ...)
{DSA-3507-1}
- chromium-browser 49.0.2623.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
-CVE-2016-1641
- RESERVED
+CVE-2016-1641 (Use-after-free vulnerability in ...)
{DSA-3507-1}
- chromium-browser 49.0.2623.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
-CVE-2016-1640
- RESERVED
+CVE-2016-1640 (The Web Store inline-installer implementation in the Extensions UI in ...)
{DSA-3507-1}
- chromium-browser 49.0.2623.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
-CVE-2016-1639
- RESERVED
+CVE-2016-1639 (Use-after-free vulnerability in ...)
{DSA-3507-1}
- chromium-browser 49.0.2623.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
-CVE-2016-1638
- RESERVED
+CVE-2016-1638 (extensions/renderer/resources/platform_app.js in the Extensions ...)
{DSA-3507-1}
- chromium-browser 49.0.2623.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
-CVE-2016-1637
- RESERVED
+CVE-2016-1637 (The SkATan2_255 function in effects/gradients/SkSweepGradient.cpp in ...)
{DSA-3507-1}
- chromium-browser 49.0.2623.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
-CVE-2016-1636
- RESERVED
+CVE-2016-1636 (The PendingScript::notifyFinished function in ...)
{DSA-3507-1}
- chromium-browser 49.0.2623.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
-CVE-2016-1635
- RESERVED
+CVE-2016-1635 (extensions/renderer/render_frame_observer_natives.cc in Google Chrome ...)
{DSA-3507-1}
- chromium-browser 49.0.2623.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
-CVE-2016-1634
- RESERVED
+CVE-2016-1634 (Use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet ...)
{DSA-3507-1}
- chromium-browser 49.0.2623.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
-CVE-2016-1633
- RESERVED
+CVE-2016-1633 (Use-after-free vulnerability in Blink, as used in Google Chrome before ...)
{DSA-3507-1}
- chromium-browser 49.0.2623.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
-CVE-2016-1632
- RESERVED
+CVE-2016-1632 (The Extensions subsystem in Google Chrome before 49.0.2623.75 does not ...)
{DSA-3507-1}
- chromium-browser 49.0.2623.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
-CVE-2016-1631
- RESERVED
+CVE-2016-1631 (The PPB_Flash_MessageLoop_Impl::InternalRun function in ...)
{DSA-3507-1}
- chromium-browser 49.0.2623.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
-CVE-2016-1630
- RESERVED
+CVE-2016-1630 (The ContainerNode::parserRemoveChild function in ...)
{DSA-3507-1}
- chromium-browser 49.0.2623.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -5566,20 +5577,20 @@
- libav <undetermined>
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4ea4d2f438c9a7eba37980c9a87be4b34943e4d5
TODO: check
-CVE-2015-8658
- RESERVED
-CVE-2015-8657
- RESERVED
-CVE-2015-8656
- RESERVED
-CVE-2015-8655
- RESERVED
-CVE-2015-8654
- RESERVED
-CVE-2015-8653
- RESERVED
-CVE-2015-8652
- RESERVED
+CVE-2015-8658 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
+ TODO: check
+CVE-2015-8657 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
+ TODO: check
+CVE-2015-8656 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
+ TODO: check
+CVE-2015-8655 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
+ TODO: check
+CVE-2015-8654 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
+ TODO: check
+CVE-2015-8653 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
+ TODO: check
+CVE-2015-8652 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
+ TODO: check
CVE-2015-8651 (Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and ...)
NOT-FOR-US: Adobe Flash
CVE-2015-8650 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 ...)
@@ -67191,6 +67202,7 @@
- moodle 2.5.2-1
[squeeze] - moodle <not-affected>
CVE-2016-2847 [pipe: limit the per-user amount of pages allocated in pipes]
+ RESERVED
{DSA-3503-1}
- linux 4.3.5-1
NOTE: https://git.kernel.org/linus/759c01142a5d0f364a462346168a56de28a80f52 (v4.5-rc1)
@@ -72665,6 +72677,7 @@
[squeeze] - tpp <no-dsa> (Minor issue)
[wheezy] - tpp <no-dsa> (Minor issue)
CVE-2016-2856
+ RESERVED
- eglibc <removed>
[squeeze] - eglibc <no-dsa> (Minor issue)
[wheezy] - eglibc <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list