[Secure-testing-commits] r40648 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Mar 29 21:10:14 UTC 2016 

Author: sectracker
Date: 2016-03-29 21:10:14 +0000 (Tue, 29 Mar 2016)
New Revision: 40648

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-03-29 19:46:31 UTC (rev 40647)
+++ data/CVE/list	2016-03-29 21:10:14 UTC (rev 40648)
@@ -1,6 +1,24 @@
+CVE-2016-3682
+	RESERVED
+CVE-2016-3681
+	RESERVED
+CVE-2016-3680
+	RESERVED
+CVE-2016-3679 (Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, ...)
+	TODO: check
+CVE-2016-3678
+	RESERVED
+CVE-2016-3677
+	RESERVED
+CVE-2016-3676
+	RESERVED
+CVE-2016-3675
+	RESERVED
+CVE-2016-3673
+	RESERVED
 CVE-2016-3672
 	RESERVED
-CVE-2014-9769 [Segmentation fault on certain input to regular expressions with nested alternatives when JIT is used]
+CVE-2014-9769 (pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to ...)
 	- pcre3 2:8.38-1 (bug #819050)
 	[jessie] - pcre3 <no-dsa> (Minor issue, can be fixed via point release)
 	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
@@ -8,6 +26,7 @@
 	NOTE: Introduced in: http://vcs.pcre.org/pcre?view=revision&revision=1434 (8.35)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/03/26/1
 CVE-2016-3674 [XXE vulnerability]
+	RESERVED
 	- libxstream-java 1.4.9-1 (bug #819455)
 	NOTE: http://x-stream.github.io/changes.html#1.4.9
 CVE-2016-3671
@@ -3489,8 +3508,8 @@
 	RESERVED
 CVE-2016-2345 (Stack-based buffer overflow in dwrcs.exe in the dwmrcs daemon in ...)
 	TODO: check
-CVE-2016-2344
-	RESERVED
+CVE-2016-2344 (Stack-based buffer overflow in manager.exe in Backburner Manager in ...)
+	TODO: check
 CVE-2016-2343
 	RESERVED
 CVE-2016-2342 (The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI ...)
@@ -3522,6 +3541,7 @@
 	RESERVED
 CVE-2016-2385 [SEAS Module Heap overflow]
 	RESERVED
+	{DSA-3535-1}
 	- kamailio 4.3.4-2 (bug #815178)
 	NOTE: https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643
 CVE-2016-2384 [Double-free in snd-usbmidi-lib triggered by invalid USB descriptor]
@@ -5897,28 +5917,23 @@
 	RESERVED
 CVE-2016-1651
 	RESERVED
-CVE-2016-1650
-	RESERVED
+CVE-2016-1650 (The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in ...)
 	{DSA-3531-1}
 	- chromium-browser 49.0.2623.108-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1649
-	RESERVED
+CVE-2016-1649 (The Program::getUniformInternal function in Program.cpp in libANGLE, ...)
 	{DSA-3531-1}
 	- chromium-browser 49.0.2623.108-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1648
-	RESERVED
+CVE-2016-1648 (Use-after-free vulnerability in the GetLoadTimes function in ...)
 	{DSA-3531-1}
 	- chromium-browser 49.0.2623.108-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1647
-	RESERVED
+CVE-2016-1647 (Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy ...)
 	{DSA-3531-1}
 	- chromium-browser 49.0.2623.108-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1646
-	RESERVED
+CVE-2016-1646 (The Array.prototype.concat implementation in builtins.cc in Google V8, ...)
 	{DSA-3531-1}
 	- chromium-browser 49.0.2623.108-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -6855,8 +6870,8 @@
 	NOT-FOR-US: Cisco
 CVE-2016-1315 (The proxy engine in Cisco Advanced Malware Protection (AMP), when used ...)
 	NOT-FOR-US: Cisco
-CVE-2016-1314
-	RESERVED
+CVE-2016-1314 (Cross-site scripting (XSS) vulnerability in Cisco Unified ...)
+	TODO: check
 CVE-2016-1313
 	RESERVED
 CVE-2016-1312 (The HTTPS inspection engine in the Content Security and Control ...)
@@ -10455,8 +10470,8 @@
 	RESERVED
 CVE-2016-0227 (Cross-site scripting (XSS) vulnerability in the document-list control ...)
 	NOT-FOR-US: IBM
-CVE-2016-0226
-	RESERVED
+CVE-2016-0226 (The client implementation in IBM Informix Dynamic Server 11.70.xCn on ...)
+	TODO: check
 CVE-2016-0225 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.9 ...)
 	NOT-FOR-US: IBM
 CVE-2016-0224
@@ -11273,18 +11288,19 @@
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=07343eab681bf8c22a2b31d978569a5f65253171 (v3.2.19)
 CVE-2012-6700
 	RESERVED
-	{DLA-362-1}
+	{DSA-3534-1 DLA-362-1}
 	- dhcpcd <removed>
 	NOTE: https://launchpadlibrarian.net/228152582/dhcp.c.patch
 	NOTE: original ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226
 CVE-2012-6699
 	RESERVED
+	{DSA-3534-1}
 	- dhcpcd <removed>
 	NOTE: https://launchpadlibrarian.net/228152582/dhcp.c.patch
 	NOTE: original ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226
 CVE-2012-6698
 	RESERVED
-	{DLA-362-1}
+	{DSA-3534-1 DLA-362-1}
 	- dhcpcd <removed>
 	NOTE: https://launchpadlibrarian.net/228152582/dhcp.c.patch
 	NOTE: original ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226

More information about the Secure-testing-commits mailing list