[Secure-testing-commits] r40581 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Mar 25 21:10:12 UTC 2016
Author: sectracker
Date: 2016-03-25 21:10:11 +0000 (Fri, 25 Mar 2016)
New Revision: 40581
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-25 18:32:02 UTC (rev 40580)
+++ data/CVE/list 2016-03-25 21:10:11 UTC (rev 40581)
@@ -1,3 +1,25 @@
+CVE-2016-3671
+ RESERVED
+CVE-2016-3670
+ RESERVED
+CVE-2016-3669
+ RESERVED
+CVE-2016-3668
+ RESERVED
+CVE-2016-3667
+ RESERVED
+CVE-2016-3666
+ RESERVED
+CVE-2016-3665
+ RESERVED
+CVE-2016-3664
+ RESERVED
+CVE-2016-3663
+ RESERVED
+CVE-2016-3662
+ RESERVED
+CVE-2015-8834
+ RESERVED
CVE-2016-3661
RESERVED
CVE-2016-3660
@@ -6678,8 +6700,8 @@
RESERVED
CVE-2016-1367
RESERVED
-CVE-2016-1366
- RESERVED
+CVE-2016-1366 (The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on ...)
+ TODO: check
CVE-2016-1365
RESERVED
CVE-2016-1364
@@ -6716,8 +6738,8 @@
RESERVED
CVE-2016-1348
RESERVED
-CVE-2016-1347
- RESERVED
+CVE-2016-1347 (The Wide Area Application Services (WAAS) Express implementation in ...)
+ TODO: check
CVE-2016-1346
RESERVED
CVE-2016-1345
@@ -8805,7 +8827,7 @@
CVE-2016-0764
RESERVED
CVE-2016-0763 (The setGlobalContext method in ...)
- {DLA-435-1}
+ {DSA-3530-1 DLA-435-1}
- tomcat9 <itp> (bug #802312)
- tomcat8 8.0.32-1
- tomcat7 7.0.68-1
@@ -8996,7 +9018,7 @@
CVE-2016-0715
RESERVED
CVE-2016-0714 (The session-persistence implementation in Apache Tomcat 6.x before ...)
- {DLA-435-1}
+ {DSA-3530-1 DLA-435-1}
- tomcat9 <itp> (bug #802312)
- tomcat8 8.0.32-1
- tomcat7 7.0.68-1
@@ -9020,7 +9042,7 @@
CVE-2016-0707
RESERVED
CVE-2016-0706 (Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, ...)
- {DLA-435-1}
+ {DSA-3530-1 DLA-435-1}
- tomcat9 <itp> (bug #802312)
- tomcat8 8.0.32-1
- tomcat7 7.0.68-1
@@ -9419,8 +9441,7 @@
RESERVED
CVE-2016-0637
RESERVED
-CVE-2016-0636
- RESERVED
+CVE-2016-0636 (Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 ...)
- openjdk-8 <unfixed>
[experimental] - openjdk-7 7u95-2.6.4-3
- openjdk-7 <unfixed>
@@ -19809,7 +19830,7 @@
CVE-2015-5353 (Directory traversal vulnerability in Novius OS 5.0.1 (Elche) allows ...)
NOT-FOR-US: Novius OS
CVE-2015-5351 (The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x ...)
- {DLA-435-1}
+ {DSA-3530-1 DLA-435-1}
- tomcat9 <itp> (bug #802312)
- tomcat8 8.0.32-1
- tomcat7 7.0.68-1
@@ -19830,6 +19851,7 @@
CVE-2015-5347
RESERVED
CVE-2015-5346 (Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x ...)
+ {DSA-3530-1}
- tomcat9 <itp> (bug #802312)
- tomcat8 8.0.30-1
- tomcat7 7.0.68-1
@@ -19842,7 +19864,7 @@
NOTE: http://svn.apache.org/viewvc?view=revision&revision=1713185
NOTE: http://svn.apache.org/viewvc?view=revision&revision=1723506
CVE-2015-5345 (The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before ...)
- {DLA-435-1}
+ {DSA-3530-1 DLA-435-1}
- tomcat9 <itp> (bug #802312)
- tomcat8 8.0.30-1
- tomcat7 7.0.68-1
@@ -20556,7 +20578,7 @@
RESERVED
NOT-FOR-US: Apache CXF Fediz
CVE-2015-5174 (Directory traversal vulnerability in RequestUtil.java in Apache Tomcat ...)
- {DLA-435-1}
+ {DSA-3530-1 DLA-435-1}
- tomcat8 8.0.28-1
- tomcat7 7.0.68-1
- tomcat6 6.0.41-3
@@ -41590,7 +41612,7 @@
CVE-2014-7811 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and ...)
NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2014-7810 (The Expression Language (EL) implementation in Apache Tomcat 6.x ...)
- {DSA-3447-1 DSA-3428-1 DLA-232-1}
+ {DSA-3530-1 DSA-3447-1 DSA-3428-1 DLA-232-1}
- tomcat6 6.0.41-3 (bug #787010)
NOTE: Marked as fixed in 6.0.41-3 which only builds the libservlet2.5-java and libservlet2.5-java-doc packages
- tomcat7 7.0.61-1
@@ -61613,7 +61635,7 @@
{DSA-2989-1 DLA-66-1}
- apache2 2.4.10-1
CVE-2014-0230 (Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before ...)
- {DLA-232-1}
+ {DSA-3530-1 DLA-232-1}
- tomcat6 6.0.41-3 (bug #785316)
- tomcat7 7.0.55-1
[wheezy] - tomcat7 7.0.28-4+deb7u3
@@ -61626,7 +61648,7 @@
CVE-2014-0228 (Apache Hive before 0.13.1, when in SQL standards based authorization ...)
NOT-FOR-US: Apache Hive
CVE-2014-0227 (java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in ...)
- {DLA-232-1}
+ {DSA-3530-1 DLA-232-1}
- tomcat6 6.0.41-3 (bug #785312)
NOTE: Fixed in https://svn.apache.org/viewvc?view=revision&revision=1603628 (6.x)
NOTE: Marked as fixed in 6.0.41-3 which only builds the libservlet2.5-java and libservlet2.5-java-doc packages
@@ -62047,6 +62069,7 @@
RESERVED
NOT-FOR-US: hawtio-karaf-terminal
CVE-2014-0119 (Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 ...)
+ {DSA-3530-1}
- tomcat8 8.0.8-1
- tomcat7 7.0.54-1
- tomcat6 6.0.41-1
@@ -62127,6 +62150,7 @@
NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3ef0eb0db4bf92c6d2510fe5c4dc51852746f206
NOTE: http://patchwork.ozlabs.org/patch/325844/
CVE-2014-0099 (Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in ...)
+ {DSA-3530-1}
- tomcat8 8.0.5-1
- tomcat7 7.0.53-1
[wheezy] - tomcat7 7.0.28-4+deb7u3
@@ -62141,6 +62165,7 @@
RESERVED
- libspring-java <not-affected> (ActiveDirectoryLdapAuthenticator not yet present, introduced in 3.1)
CVE-2014-0096 (java/org/apache/catalina/servlets/DefaultServlet.java in the default ...)
+ {DSA-3530-1}
- tomcat8 8.0.5-1
- tomcat7 7.0.53-1
- tomcat6 6.0.41-1
@@ -62223,6 +62248,7 @@
[squeeze] - openssl 0.9.8o-4squeeze15
NOTE: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f9b6c0ba4c02497782f801e3c45688f3efaac55c
CVE-2014-0075 (Integer overflow in the parseChunkHeader function in ...)
+ {DSA-3530-1}
- tomcat8 8.0.5-1
- tomcat7 7.0.53-1
[wheezy] - tomcat7 7.0.28-4+deb7u3
@@ -62380,7 +62406,7 @@
CVE-2014-0034 (The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x ...)
NOT-FOR-US: Apache CFX
CVE-2014-0033 (org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat ...)
- {DLA-91-1}
+ {DSA-3530-1 DLA-91-1}
- tomcat6 6.0.39
CVE-2014-0032 (The get_resource function in repos.c in the mod_dav_svn module in ...)
{DLA-207-1}
@@ -68302,7 +68328,7 @@
NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=12d6e7538e2d418c08f082b1b44ffa5fb7270ed8
NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e40f193f5bb022e927a57a4f5d5194e4f12ddb74
CVE-2013-4590 (Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before ...)
- {DLA-91-1}
+ {DSA-3530-1 DLA-91-1}
- tomcat6 6.0.39 (low)
[squeeze] - tomcat6 <no-dsa> (Minor issue)
- tomcat7 7.0.50 (low)
@@ -69345,7 +69371,7 @@
CVE-2013-4323
RESERVED
CVE-2013-4322 (Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before ...)
- {DSA-2897-1 DLA-91-1}
+ {DSA-3530-1 DSA-2897-1 DLA-91-1}
- tomcat6 6.0.39
- tomcat7 7.0.50
- tomcat8 8.0.0
@@ -69484,7 +69510,7 @@
NOTE: Non-issue, you trust the site providing the gem with installing arbitrary code, allowing
NOTE: it a potential elevated CPU consumption doesn't add any extra harm
CVE-2013-4286 (Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before ...)
- {DSA-2897-1 DLA-91-1}
+ {DSA-3530-1 DSA-2897-1 DLA-91-1}
- tomcat6 6.0.39
- tomcat7 7.0.47
- tomcat8 8.0.0
More information about the Secure-testing-commits
mailing list