[Secure-testing-commits] r40377 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Mar 14 21:10:11 UTC 2016
Author: sectracker
Date: 2016-03-14 21:10:11 +0000 (Mon, 14 Mar 2016)
New Revision: 40377
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-14 20:44:45 UTC (rev 40376)
+++ data/CVE/list 2016-03-14 21:10:11 UTC (rev 40377)
@@ -1,3 +1,135 @@
+CVE-2016-3133
+ RESERVED
+CVE-2016-3132
+ RESERVED
+CVE-2016-3131
+ RESERVED
+CVE-2016-3130
+ RESERVED
+CVE-2016-3129
+ RESERVED
+CVE-2016-3128
+ RESERVED
+CVE-2016-3127
+ RESERVED
+CVE-2016-3126
+ RESERVED
+CVE-2016-3124
+ RESERVED
+CVE-2016-3123
+ RESERVED
+CVE-2016-3122
+ RESERVED
+CVE-2016-3121
+ RESERVED
+CVE-2016-3120
+ RESERVED
+CVE-2016-3119
+ RESERVED
+CVE-2016-3118
+ RESERVED
+CVE-2016-3117
+ RESERVED
+CVE-2016-3114
+ RESERVED
+CVE-2016-3113
+ RESERVED
+CVE-2016-3112
+ RESERVED
+CVE-2016-3111
+ RESERVED
+CVE-2016-3110
+ RESERVED
+CVE-2016-3109
+ RESERVED
+CVE-2016-3108
+ RESERVED
+CVE-2016-3107
+ RESERVED
+CVE-2016-3106
+ RESERVED
+CVE-2016-3105
+ RESERVED
+CVE-2016-3104
+ RESERVED
+CVE-2016-3103
+ RESERVED
+CVE-2016-3102
+ RESERVED
+CVE-2016-3101
+ RESERVED
+CVE-2016-3100
+ RESERVED
+CVE-2016-3099
+ RESERVED
+CVE-2016-3098
+ RESERVED
+CVE-2016-3097
+ RESERVED
+CVE-2016-3096
+ RESERVED
+CVE-2016-3095
+ RESERVED
+CVE-2016-3094
+ RESERVED
+CVE-2016-3093
+ RESERVED
+CVE-2016-3092
+ RESERVED
+CVE-2016-3091
+ RESERVED
+CVE-2016-3090
+ RESERVED
+CVE-2016-3089
+ RESERVED
+CVE-2016-3088
+ RESERVED
+CVE-2016-3087
+ RESERVED
+CVE-2016-3086
+ RESERVED
+CVE-2016-3085
+ RESERVED
+CVE-2016-3084
+ RESERVED
+CVE-2016-3083
+ RESERVED
+CVE-2016-3082
+ RESERVED
+CVE-2016-3081
+ RESERVED
+CVE-2016-3080
+ RESERVED
+CVE-2016-3079
+ RESERVED
+CVE-2016-3078
+ RESERVED
+CVE-2016-3077
+ RESERVED
+CVE-2016-3076
+ RESERVED
+CVE-2016-3075
+ RESERVED
+CVE-2016-3074
+ RESERVED
+CVE-2016-3073
+ RESERVED
+CVE-2016-3072
+ RESERVED
+CVE-2016-3071
+ RESERVED
+CVE-2016-3070
+ RESERVED
+CVE-2016-3069
+ RESERVED
+CVE-2016-3068
+ RESERVED
+CVE-2016-3067
+ RESERVED
+CVE-2016-3066
+ RESERVED
+CVE-2016-3065
+ RESERVED
CVE-2016-XXXX [fscanf format string security bug in flashrom layout code]
- flashrom 0.9.9+r1954-1
[jessie] - flashrom <no-dsa> (Minor issue)
@@ -31,32 +163,38 @@
NOTE: https://github.com/proftpd/proftpd/commit/d9f9d469ce1da09c7935f509797d488fa2d08697
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/11/12
CVE-2016-3140 [crash on invalid USB device descriptors (digi_acceleport driver)]
+ RESERVED
- linux <unfixed>
NOTE: http://seclists.org/bugtraq/2016/Mar/61
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283378
TODO: check
CVE-2016-3139 [crash on invalid USB device descriptors (wacom driver)]
+ RESERVED
- linux <unfixed>
NOTE: http://seclists.org/bugtraq/2016/Mar/60
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283375
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283377
TODO: check
CVE-2016-3138 [crash on invalid USB device descriptors (cdc_acm driver)]
+ RESERVED
- linux <unfixed>
NOTE: http://seclists.org/bugtraq/2016/Mar/54
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283366
TODO: check
CVE-2016-3137 [crash on invalid USB device descriptors (cypress_m8 driver)]
+ RESERVED
- linux <unfixed>
NOTE: http://seclists.org/bugtraq/2016/Mar/55
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283368
TODO: check
CVE-2016-3136 [crash on invalid USB device descriptors (mct_u232 driver)]
+ RESERVED
- linux <unfixed>
NOTE: http://seclists.org/bugtraq/2016/Mar/57
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283370
TODO: check
CVE-2016-3125 [TLSDHParamFile directive ignored]
+ RESERVED
- proftpd-dfsg <unfixed>
NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4230
NOTE: Fixed in 1.3.6rc2, 1.3.5b.
@@ -483,12 +621,14 @@
NOTE: http://bugs.cacti.net/view.php?id=2667
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/10/13
CVE-2016-3116 [Validate X11 forwarding input]
+ RESERVED
- dropbear 2016.72-1
[jessie] - dropbear <no-dsa> (Minor issue)
[wheezy] - dropbear <no-dsa> (Minor issue)
NOTE: https://matt.ucc.asn.au/dropbear/CHANGES
NOTE: Fixed in 2016.72 upstream
CVE-2016-3115 [xauth command injection]
+ RESERVED
- openssh 1:7.2p2-1
[jessie] - openssh <no-dsa> (Minor issue)
[wheezy] - openssh <no-dsa> (Minor issue)
@@ -497,6 +637,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/8
NOTE: Upstream fix: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&sortby=date&f=h
CVE-2016-3134 [netfilter IPT_SO_SET_REPLACE memory corruption]
+ RESERVED
- linux <unfixed>
NOTE: https://code.google.com/p/google-security-research/issues/detail?id=758
NOTE: https://patchwork.ozlabs.org/patch/595575/
@@ -505,6 +646,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/7
TODO: check
CVE-2016-3135 [unsigned integer overflow on 32bit kernels]
+ RESERVED
- linux <unfixed>
NOTE: http://marc.info/?l=netfilter-devel&m=145757136822750&w=2
NOTE: https://patchwork.ozlabs.org/patch/595576/
@@ -570,6 +712,7 @@
- openssl 1.0.2g-1
NOTE: split from CVE-2016-0799
CVE-2016-3142 [Out-of-Bound Read in phar_parse_zipfile()]
+ RESERVED
- php5 5.6.19+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=71498
NOTE: Fixed in 5.5.33, 5.6.19
@@ -577,6 +720,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/03/13/2
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=a6fdc5bb27b20d889de0cd29318b3968aabb57bd
CVE-2016-3141 [Use-After-Free / Double-Free in WDDX Deserialize]
+ RESERVED
- php5 5.6.19+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=71587
NOTE: Fixed in 5.5.33, 5.6.19
@@ -716,104 +860,91 @@
RESERVED
CVE-2016-2803
RESERVED
-CVE-2016-2802
- RESERVED
+CVE-2016-2802 (The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in ...)
{DSA-3515-1 DSA-3510-1}
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
- graphite2 1.3.6-1
-CVE-2016-2801
- RESERVED
+CVE-2016-2801 (The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp ...)
{DSA-3515-1 DSA-3510-1}
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
- graphite2 1.3.6-1
-CVE-2016-2800
- RESERVED
+CVE-2016-2800 (The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before ...)
{DSA-3515-1 DSA-3510-1}
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
- graphite2 1.3.6-1
-CVE-2016-2799
- RESERVED
+CVE-2016-2799 (Heap-based buffer overflow in the graphite2::Slot::setAttr function in ...)
{DSA-3515-1 DSA-3510-1}
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
- graphite2 1.3.6-1
-CVE-2016-2798
- RESERVED
+CVE-2016-2798 (The graphite2::GlyphCache::Loader::Loader function in Graphite 2 ...)
{DSA-3515-1 DSA-3510-1}
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
- graphite2 1.3.6-1
-CVE-2016-2797
- RESERVED
+CVE-2016-2797 (The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 ...)
{DSA-3515-1 DSA-3510-1}
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
- graphite2 1.3.6-1
-CVE-2016-2796
- RESERVED
+CVE-2016-2796 (Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code ...)
{DSA-3515-1 DSA-3510-1}
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
- graphite2 1.3.6-1
-CVE-2016-2795
- RESERVED
+CVE-2016-2795 (The graphite2::FileFace::get_table_fn function in Graphite 2 before ...)
{DSA-3515-1 DSA-3510-1}
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
- graphite2 1.3.6-1
-CVE-2016-2794
- RESERVED
+CVE-2016-2794 (The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in ...)
{DSA-3515-1 DSA-3510-1}
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
- graphite2 1.3.6-1
-CVE-2016-2793
- RESERVED
+CVE-2016-2793 (CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox ...)
{DSA-3515-1 DSA-3510-1}
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
- graphite2 1.3.6-1
-CVE-2016-2792
- RESERVED
+CVE-2016-2792 (The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before ...)
{DSA-3515-1 DSA-3510-1}
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
- graphite2 1.3.6-1
-CVE-2016-2791
- RESERVED
+CVE-2016-2791 (The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, ...)
{DSA-3515-1 DSA-3510-1}
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
- graphite2 1.3.6-1
-CVE-2016-2790
- RESERVED
+CVE-2016-2790 (The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before ...)
{DSA-3515-1 DSA-3510-1}
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
@@ -3521,8 +3652,7 @@
NOT-FOR-US: Harman AMX devices
CVE-2016-1980
RESERVED
-CVE-2016-1979
- RESERVED
+CVE-2016-1979 (Use-after-free vulnerability in the ...)
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
@@ -3531,8 +3661,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-36/
- nss 2:3.21-1
TODO: check if really fixed already in 3.21 upstream or only in 3.21.1
-CVE-2016-1978 [Use-after-free in NSS during SSL connections in low memory]
- RESERVED
+CVE-2016-1978 (Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange ...)
- iceweasel 44.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
@@ -3541,48 +3670,39 @@
NOTE: unstable though used the system library.
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-15/
- nss 2:3.21-1
-CVE-2016-1977
- RESERVED
+CVE-2016-1977 (The Machine::Code::decoder::analysis::set_ref function in Graphite 2 ...)
{DSA-3515-1 DSA-3510-1}
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
- graphite2 1.3.6-1
-CVE-2016-1976
- RESERVED
+CVE-2016-1976 (Use-after-free vulnerability in the DesktopDisplayDevice class in the ...)
- iceweasel <not-affected> (Windows-specific)
-CVE-2016-1975
- RESERVED
+CVE-2016-1975 (Multiple race conditions in dom/media/systemservices/CamerasChild.cpp ...)
- iceweasel <not-affected> (Windows-specific)
-CVE-2016-1974
- RESERVED
+CVE-2016-1974 (The nsScannerString::AppendUnicodeTo fynction in Mozilla Firefox ...)
{DSA-3510-1}
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-34/
-CVE-2016-1973
- RESERVED
+CVE-2016-1973 (Race condition in the GetStaticInstance function in the WebRTC ...)
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-33/
-CVE-2016-1972
- RESERVED
+CVE-2016-1972 (Race condition in libvpx in Mozilla Firefox before 45.0 on Windows ...)
- iceweasel <not-affected> (Windows-specific)
-CVE-2016-1971
- RESERVED
+CVE-2016-1971 (The I420VideoFrame::CreateFrame function in the WebRTC implementation ...)
- iceweasel <not-affected> (Windows-specific)
-CVE-2016-1970
- RESERVED
+CVE-2016-1970 (Integer underflow in the srtp_unprotect function in the WebRTC ...)
- iceweasel <not-affected> (Windows-specific)
-CVE-2016-1969
- RESERVED
-CVE-2016-1968
- RESERVED
+CVE-2016-1969 (The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla ...)
+ TODO: check
+CVE-2016-1968 (Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, ...)
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
@@ -3591,119 +3711,103 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-30/
- brotli <unfixed> (bug #817233)
NOTE: https://github.com/google/brotli/commit/37a320dd81db8d546cd24a45b4c61d87b45dcade
-CVE-2016-1967
- RESERVED
+CVE-2016-1967 (Mozilla Firefox before 45.0 does not properly restrict the ...)
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-29/
-CVE-2016-1966
- RESERVED
+CVE-2016-1966 (The nsNPObjWrapper::GetNewOrUsed function in ...)
{DSA-3510-1}
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-31/
-CVE-2016-1965
- RESERVED
+CVE-2016-1965 (Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle ...)
{DSA-3510-1}
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-28/
-CVE-2016-1964
- RESERVED
+CVE-2016-1964 (Use-after-free vulnerability in the AtomicBaseIncDec function in ...)
{DSA-3510-1}
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-27/
-CVE-2016-1963
- RESERVED
+CVE-2016-1963 (The FileReader class in Mozilla Firefox before 45.0 allows local users ...)
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-26/
-CVE-2016-1962
- RESERVED
+CVE-2016-1962 (Use-after-free vulnerability in the ...)
{DSA-3510-1}
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-25/
-CVE-2016-1961
- RESERVED
+CVE-2016-1961 (Use-after-free vulnerability in the nsHTMLDocument::SetBody function ...)
{DSA-3510-1}
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-24/
-CVE-2016-1960
- RESERVED
+CVE-2016-1960 (Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string ...)
{DSA-3510-1}
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-23/
-CVE-2016-1959
- RESERVED
+CVE-2016-1959 (The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows ...)
- firefox-esr 45.0esr-1
- firefox 45.0-1
- iceweasel <unfixed>
[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-22/
-CVE-2016-1958
- RESERVED
+CVE-2016-1958 (browser/base/content/browser.js in Mozilla Firefox before 45.0 and ...)
{DSA-3510-1}
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-21/
-CVE-2016-1957
- RESERVED
+CVE-2016-1957 (Memory leak in libstagefright in Mozilla Firefox before 45.0 and ...)
{DSA-3510-1}
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-20/
-CVE-2016-1956
- RESERVED
+CVE-2016-1956 (Mozilla Firefox before 45.0 on Linux, when an Intel video driver is ...)
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/
-CVE-2016-1955
- RESERVED
+CVE-2016-1955 (Mozilla Firefox before 45.0 allows remote attackers to bypass the Same ...)
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/
-CVE-2016-1954
- RESERVED
+CVE-2016-1954 (The nsCSPContext::SendReports function in ...)
{DSA-3510-1}
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-17/
-CVE-2016-1953
- RESERVED
+CVE-2016-1953 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
- firefox 45.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/
-CVE-2016-1952
- RESERVED
+CVE-2016-1952 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
{DSA-3510-1}
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
@@ -3711,8 +3815,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/
CVE-2016-1951
RESERVED
-CVE-2016-1950
- RESERVED
+CVE-2016-1950 (Heap-based buffer overflow in Mozilla Network Security Services (NSS) ...)
{DSA-3510-1}
- iceweasel <unfixed>
- firefox-esr 45.0esr-1
@@ -4320,8 +4423,8 @@
RESERVED
CVE-2016-1732
RESERVED
-CVE-2016-1731
- RESERVED
+CVE-2016-1731 (Apple Software Update before 2.2 on Windows does not use HTTPS, which ...)
+ TODO: check
CVE-2016-1730 (WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or ...)
NOT-FOR-US: Apple iOS
CVE-2016-1729 (Untrusted search path vulnerability in OSA Scripts in Apple OS X ...)
@@ -4562,18 +4665,15 @@
RESERVED
CVE-2016-1646
RESERVED
-CVE-2016-1645
- RESERVED
+CVE-2016-1645 (Multiple integer signedness errors in the opj_j2k_update_image_data ...)
{DSA-3513-1}
- chromium-browser 49.0.2623.87-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1644
- RESERVED
+CVE-2016-1644 (WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google ...)
{DSA-3513-1}
- chromium-browser 49.0.2623.87-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1643
- RESERVED
+CVE-2016-1643 (The ImageInputType::ensurePrimaryContent function in ...)
{DSA-3513-1}
- chromium-browser 49.0.2623.87-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -4688,8 +4788,8 @@
- chromium-browser 48.0.2564.116-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
-CVE-2016-1621
- RESERVED
+CVE-2016-1621 (libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 ...)
+ TODO: check
CVE-2016-1620 (Multiple unspecified vulnerabilities in Google Chrome before ...)
{DSA-3456-1}
- chromium-browser 48.0.2564.82-1
@@ -4922,8 +5022,8 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/01/09/1
CVE-2016-1563
RESERVED
-CVE-2016-1562
- RESERVED
+CVE-2016-1562 (The REST API in the DTE Energy Insight application before 1.7.8 for ...)
+ TODO: check
CVE-2016-1561
RESERVED
CVE-2016-1560
@@ -5399,10 +5499,10 @@
RESERVED
CVE-2016-1362
RESERVED
-CVE-2016-1361
- RESERVED
-CVE-2016-1360
- RESERVED
+CVE-2016-1361 (Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 ...)
+ TODO: check
+CVE-2016-1360 (Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same ...)
+ TODO: check
CVE-2016-1359 (Cisco Prime Infrastructure 3.0 allows remote authenticated users to ...)
NOT-FOR-US: Cisco
CVE-2016-1358 (Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote ...)
@@ -5445,8 +5545,8 @@
RESERVED
CVE-2016-1339
RESERVED
-CVE-2016-1338
- RESERVED
+CVE-2016-1338 (Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 ...)
+ TODO: check
CVE-2016-1337
RESERVED
CVE-2016-1336
@@ -6731,8 +6831,8 @@
RESERVED
CVE-2016-1011
RESERVED
-CVE-2016-1010
- RESERVED
+CVE-2016-1010 (Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x ...)
+ TODO: check
CVE-2016-1009 (Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC ...)
NOT-FOR-US: Adobe
CVE-2016-1008 (Untrusted search path vulnerability in Adobe Reader and Acrobat before ...)
@@ -6741,46 +6841,46 @@
NOT-FOR-US: Adobe
CVE-2016-1006
RESERVED
-CVE-2016-1005
- RESERVED
+CVE-2016-1005 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...)
+ TODO: check
CVE-2016-1004
RESERVED
CVE-2016-1003
RESERVED
-CVE-2016-1002
- RESERVED
-CVE-2016-1001
- RESERVED
-CVE-2016-1000
- RESERVED
-CVE-2016-0999
- RESERVED
-CVE-2016-0998
- RESERVED
-CVE-2016-0997
- RESERVED
-CVE-2016-0996
- RESERVED
-CVE-2016-0995
- RESERVED
-CVE-2016-0994
- RESERVED
-CVE-2016-0993
- RESERVED
-CVE-2016-0992
- RESERVED
-CVE-2016-0991
- RESERVED
-CVE-2016-0990
- RESERVED
-CVE-2016-0989
- RESERVED
-CVE-2016-0988
- RESERVED
-CVE-2016-0987
- RESERVED
-CVE-2016-0986
- RESERVED
+CVE-2016-1002 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...)
+ TODO: check
+CVE-2016-1001 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and ...)
+ TODO: check
+CVE-2016-1000 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...)
+ TODO: check
+CVE-2016-0999 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...)
+ TODO: check
+CVE-2016-0998 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...)
+ TODO: check
+CVE-2016-0997 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...)
+ TODO: check
+CVE-2016-0996 (Use-after-free vulnerability in the setInterval method in Adobe Flash ...)
+ TODO: check
+CVE-2016-0995 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...)
+ TODO: check
+CVE-2016-0994 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...)
+ TODO: check
+CVE-2016-0993 (Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x ...)
+ TODO: check
+CVE-2016-0992 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...)
+ TODO: check
+CVE-2016-0991 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...)
+ TODO: check
+CVE-2016-0990 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...)
+ TODO: check
+CVE-2016-0989 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...)
+ TODO: check
+CVE-2016-0988 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...)
+ TODO: check
+CVE-2016-0987 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...)
+ TODO: check
+CVE-2016-0986 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...)
+ TODO: check
CVE-2016-0985 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
NOT-FOR-US: Adobe
CVE-2016-0984 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 ...)
@@ -6825,14 +6925,14 @@
NOT-FOR-US: Adobe
CVE-2016-0964 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
NOT-FOR-US: Adobe
-CVE-2016-0963
- RESERVED
-CVE-2016-0962
- RESERVED
-CVE-2016-0961
- RESERVED
-CVE-2016-0960
- RESERVED
+CVE-2016-0963 (Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x ...)
+ TODO: check
+CVE-2016-0962 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...)
+ TODO: check
+CVE-2016-0961 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...)
+ TODO: check
+CVE-2016-0960 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...)
+ TODO: check
CVE-2016-0959
RESERVED
CVE-2016-0958 (Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote ...)
@@ -7299,42 +7399,42 @@
RESERVED
CVE-2016-0833
RESERVED
-CVE-2016-0832
- RESERVED
-CVE-2016-0831
- RESERVED
-CVE-2016-0830
- RESERVED
-CVE-2016-0829
- RESERVED
-CVE-2016-0828
- RESERVED
-CVE-2016-0827
- RESERVED
-CVE-2016-0826
- RESERVED
-CVE-2016-0825
- RESERVED
-CVE-2016-0824
- RESERVED
-CVE-2016-0823
- RESERVED
-CVE-2016-0822
- RESERVED
-CVE-2016-0821
- RESERVED
-CVE-2016-0820
- RESERVED
-CVE-2016-0819
- RESERVED
-CVE-2016-0818
- RESERVED
+CVE-2016-0832 (Setup Wizard in Android 5.1.x before LMY49H and 6.x before 2016-03-01 ...)
+ TODO: check
+CVE-2016-0831 (The getDeviceIdForPhone function in ...)
+ TODO: check
+CVE-2016-0830 (btif_config.c in Bluetooth in Android 6.x before 2016-03-01 allows ...)
+ TODO: check
+CVE-2016-0829 (The BnGraphicBufferProducer::onTransact function in ...)
+ TODO: check
+CVE-2016-0828 (The BnGraphicBufferConsumer::onTransact function in ...)
+ TODO: check
+CVE-2016-0827 (Multiple integer overflows in libeffects in mediaserver in Android 4.x ...)
+ TODO: check
+CVE-2016-0826 (libcameraservice in mediaserver in Android 4.x before 4.4.4, 5.x ...)
+ TODO: check
+CVE-2016-0825 (The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 ...)
+ TODO: check
+CVE-2016-0824 (libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows ...)
+ TODO: check
+CVE-2016-0823 (The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel ...)
+ TODO: check
+CVE-2016-0822 (The MediaTek connectivity kernel driver in Android 6.0.1 before ...)
+ TODO: check
+CVE-2016-0821 (The LIST_POISON feature in include/linux/poison.h in the Linux kernel ...)
+ TODO: check
+CVE-2016-0820 (The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 ...)
+ TODO: check
+CVE-2016-0819 (The Qualcomm performance component in Android 4.x before 4.4.4, 5.x ...)
+ TODO: check
+CVE-2016-0818 (The caching functionality in the TrustManagerImpl class in ...)
+ TODO: check
CVE-2016-0817
RESERVED
-CVE-2016-0816
- RESERVED
-CVE-2016-0815
- RESERVED
+CVE-2016-0816 (mediaserver in Android 6.x before 2016-03-01 allows remote attackers ...)
+ TODO: check
+CVE-2016-0815 (The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in ...)
+ TODO: check
CVE-2016-0814
RESERVED
CVE-2016-0813 (packages/SystemUI/src/com/android/systemui/recents/AlternateRecentsComponent.java ...)
@@ -7478,8 +7578,7 @@
NOTE: http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=3bb3f42f3749d40b8d4de65871e8d828b18d4a45
CVE-2016-0772
RESERVED
-CVE-2016-0771 [Out-of-bounds read in internal DNS server]
- RESERVED
+CVE-2016-0771 (The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before ...)
{DSA-3514-1}
- samba 2:4.3.6+dfsg-1
[wheezy] - samba <not-affected> (Vulnerable code not present)
@@ -8997,8 +9096,8 @@
RESERVED
CVE-2016-0263
RESERVED
-CVE-2016-0262
- RESERVED
+CVE-2016-0262 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
+ TODO: check
CVE-2016-0261
RESERVED
CVE-2016-0260
@@ -9077,8 +9176,8 @@
RESERVED
CVE-2016-0223
RESERVED
-CVE-2016-0222
- RESERVED
+CVE-2016-0222 (IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote ...)
+ TODO: check
CVE-2016-0221
RESERVED
CVE-2016-0220
@@ -9105,8 +9204,8 @@
RESERVED
CVE-2016-0209 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 ...)
NOT-FOR-US: IBM
-CVE-2016-0208
- RESERVED
+CVE-2016-0208 (IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and ...)
+ TODO: check
CVE-2016-0207
RESERVED
CVE-2016-0206
@@ -12573,8 +12672,7 @@
RESERVED
CVE-2015-7561
RESERVED
-CVE-2015-7560 [Incorrect ACL get/set allowed on symlink path]
- RESERVED
+CVE-2015-7560 (The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, ...)
{DSA-3514-1}
- samba 2:4.3.6+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2015-7560.html
@@ -12953,12 +13051,12 @@
NOT-FOR-US: IBM
CVE-2015-7449
RESERVED
-CVE-2015-7448
- RESERVED
+CVE-2015-7448 (SQL injection vulnerability in IBM Maximo Asset Management 7.1 through ...)
+ TODO: check
CVE-2015-7447 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
NOT-FOR-US: IBM
-CVE-2015-7446
- RESERVED
+CVE-2015-7446 (Cross-site request forgery (CSRF) vulnerability in IBM Flash System ...)
+ TODO: check
CVE-2015-7445 (IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B ...)
NOT-FOR-US: IBM
CVE-2015-7444 (The Update Installer in IBM WebSphere Commerce Enterprise 7.0.0.8 and ...)
@@ -13027,8 +13125,8 @@
NOT-FOR-US: IBM
CVE-2015-7412 (The GatewayScript modules on IBM DataPower Gateways with software ...)
NOT-FOR-US: IBM
-CVE-2015-7411
- RESERVED
+CVE-2015-7411 (The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, ...)
+ TODO: check
CVE-2015-7410 (The Health Check tool in IBM Sterling B2B Integrator 5.2 does not ...)
NOT-FOR-US: IBM
CVE-2015-7409 (Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM ...)
@@ -15508,8 +15606,8 @@
RESERVED
CVE-2015-6486 (SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices ...)
TODO: check
-CVE-2015-6485
- RESERVED
+CVE-2015-6485 (Schneider Electric Telvent Sage 2300 RTUs with firmware before ...)
+ TODO: check
CVE-2015-6484 (3S-Smart CODESYS Gateway Server before 2.3.9.48 allows remote ...)
TODO: check
CVE-2015-6483
@@ -73508,8 +73606,7 @@
- tpp 1.3.1-3 (low; bug #706644)
[squeeze] - tpp <no-dsa> (Minor issue)
[wheezy] - tpp <no-dsa> (Minor issue)
-CVE-2016-2856
- RESERVED
+CVE-2016-2856 (pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie ...)
- eglibc <removed>
[squeeze] - eglibc <no-dsa> (Minor issue)
[wheezy] - eglibc <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list