[Secure-testing-commits] r41397 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue May 3 21:10:13 UTC 2016
Author: sectracker
Date: 2016-05-03 21:10:13 +0000 (Tue, 03 May 2016)
New Revision: 41397
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-05-03 19:23:01 UTC (rev 41396)
+++ data/CVE/list 2016-05-03 21:10:13 UTC (rev 41397)
@@ -2540,17 +2540,17 @@
CVE-2016-3428 (Unspecified vulnerability in the Oracle Agile Engineering Data ...)
TODO: check
CVE-2016-3427 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; ...)
- {DSA-3558-1}
+ {DSA-3558-1 DLA-451-1}
- openjdk-8 8u91-b14-1
- openjdk-7 <removed>
- openjdk-6 <removed>
CVE-2016-3426 (Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded ...)
- {DSA-3558-1}
+ {DSA-3558-1 DLA-451-1}
- openjdk-8 8u91-b14-1
- openjdk-7 <removed>
- openjdk-6 <removed>
CVE-2016-3425 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; ...)
- {DSA-3558-1}
+ {DSA-3558-1 DLA-451-1}
- openjdk-8 8u91-b14-1
- openjdk-7 <removed>
- openjdk-6 <removed>
@@ -3953,11 +3953,13 @@
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-3178
RESERVED
+ {DLA-454-1}
- minissdpd <unfixed> (bug #816759)
NOTE: https://speirofr.appspot.com/files/advisory/SPADV-2016-02.md
NOTE: https://github.com/miniupnp/miniupnp/commit/b238cade9a173c6f751a34acf8ccff838a62aa47
CVE-2016-3179
RESERVED
+ {DLA-454-1}
- minissdpd <unfixed> (bug #816759)
NOTE: https://speirofr.appspot.com/files/advisory/SPADV-2016-02.md
NOTE: https://github.com/miniupnp/miniupnp/commit/140ee8d2204b383279f854802b27bdb41c1d5d1a
@@ -6304,6 +6306,7 @@
RESERVED
CVE-2016-2176 [EBCDIC overread]
RESERVED
+ {DSA-3566-1 DLA-456-1}
- openssl <not-affected> (Only affects EBCDIC systems)
- openssl 1.0.2h-1
NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ea96ad5a206b7b5f25dad230333e8ff032df3219
@@ -6504,24 +6507,29 @@
NOTE: https://www.samba.org/samba/security/CVE-2016-2110.html
CVE-2016-2109 [ASN.1 BIO excessive memory allocation]
RESERVED
+ {DSA-3566-1 DLA-456-1}
- openssl 1.0.2h-1
NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807
NOTE: https://www.openssl.org/news/secadv/20160503.txt
CVE-2016-2108 [Memory corruption in the ASN.1 encoder]
RESERVED
+ {DSA-3566-1 DLA-456-1}
- openssl 1.0.2c-1
NOTE: https://www.openssl.org/news/secadv/20160503.txt
CVE-2016-2107 [Padding oracle in AES-NI CBC MAC check]
RESERVED
+ {DSA-3566-1 DLA-456-1}
- openssl 1.0.2h-1
NOTE: https://www.openssl.org/news/secadv/20160503.txt
CVE-2016-2106 [EVP_EncryptUpdate overflow]
RESERVED
+ {DSA-3566-1 DLA-456-1}
- openssl 1.0.2h-1
NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=3f3582139fbb259a1c3cbb0a25236500a409bf26
NOTE: https://www.openssl.org/news/secadv/20160503.txt
CVE-2016-2105 [EVP_EncodeUpdate overflow]
RESERVED
+ {DSA-3566-1 DLA-456-1}
- openssl 1.0.2h-1
NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ee1e3cac2e83abc77bcc8ff98729ca1e10fcc920
NOTE: https://www.openssl.org/news/secadv/20160503.txt
@@ -11634,7 +11642,7 @@
CVE-2016-0696 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
TODO: check
CVE-2016-0695 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; ...)
- {DSA-3558-1}
+ {DSA-3558-1 DLA-451-1}
- openjdk-8 8u91-b14-1
- openjdk-7 <removed>
- openjdk-6 <removed>
@@ -11653,12 +11661,12 @@
CVE-2016-0688 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
TODO: check
CVE-2016-0687 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and ...)
- {DSA-3558-1}
+ {DSA-3558-1 DLA-451-1}
- openjdk-8 8u91-b14-1
- openjdk-7 <removed>
- openjdk-6 <removed>
CVE-2016-0686 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and ...)
- {DSA-3558-1}
+ {DSA-3558-1 DLA-451-1}
- openjdk-8 8u91-b14-1
- openjdk-7 <removed>
- openjdk-6 <removed>
@@ -11853,7 +11861,7 @@
CVE-2016-0637
RESERVED
CVE-2016-0636 (Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 ...)
- {DSA-3558-1}
+ {DSA-3558-1 DLA-451-1}
- openjdk-8 8u77-b03-1
[experimental] - openjdk-7 7u95-2.6.4-3
- openjdk-7 <removed>
@@ -29321,6 +29329,7 @@
NOTE: Patch: http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9Ypygg
NOTE: http://www.openwall.com/lists/oss-security/2015/04/09/5
CVE-2015-3008 (Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x ...)
+ {DLA-455-1}
- asterisk 1:13.7.2~dfsg-1 (bug #782411)
[squeeze] - asterisk <end-of-life> (Not supported in Squeeze LTS)
NOTE: http://downloads.asterisk.org/pub/security/AST-2015-003.html
@@ -36466,7 +36475,7 @@
CVE-2015-0897
RESERVED
CVE-2015-0896 (Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer ...)
- {DLA-296-1}
+ {DLA-453-1 DLA-296-1}
- extplorer <removed> (bug #783231)
NOTE: Upstream fixes: http://extplorer.net/projects/extplorer/repository/revisions/240
CVE-2015-0895 (Cross-site request forgery (CSRF) vulnerability in the All In One WP ...)
@@ -42203,6 +42212,7 @@
CVE-2014-8419 (Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read ...)
NOT-FOR-US: Wibu-Systems CodeMeter Runtime
CVE-2014-8418 (The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, ...)
+ {DLA-455-1}
- asterisk 1:13.1.0~dfsg-1 (bug #771463)
[jessie] - asterisk 1:11.13.1~dfsg-2
[squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
@@ -42244,6 +42254,7 @@
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24531
NOTE: http://downloads.digium.com/pub/security/AST-2014-013.html
CVE-2014-8412 (The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager ...)
+ {DLA-455-1}
- asterisk 1:13.1.0~dfsg-1 (bug #771463)
[jessie] - asterisk 1:11.13.1~dfsg-2
[squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
@@ -42450,6 +42461,7 @@
CVE-2013-7406 (SQL injection vulnerability in the MRBS module for Drupal allows ...)
NOT-FOR-US: Drupal module MRBS
CVE-2014-8350 (Smarty before 3.1.21 allows remote attackers to bypass the secure mode ...)
+ {DLA-452-1}
- smarty3 3.1.21-1 (bug #765920)
- smarty <not-affected> (Only affects 3.x series)
[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
@@ -46659,6 +46671,7 @@
[wheezy] - twisted <not-affected> (Only affects 14.0 series)
[squeeze] - twisted <not-affected> (Only affects 14.0 series)
CVE-2014-6610 (Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and ...)
+ {DLA-455-1}
- asterisk 1:11.12.1~dfsg-1 (medium; bug #762164)
[squeeze] - asterisk <not-affected> (Vulnerable code not present)
NOTE: http://downloads.asterisk.org/pub/security/AST-2014-010.html
@@ -52955,6 +52968,7 @@
[squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://downloads.asterisk.org/pub/security/AST-2014-007.html
CVE-2014-4046 (Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and ...)
+ {DLA-455-1}
- asterisk 1:11.10.2~dfsg-1 (low)
[squeeze] - asterisk <not-affected> (Vulnerable code not present)
NOTE: http://downloads.asterisk.org/pub/security/AST-2014-006.html
@@ -57946,6 +57960,7 @@
- asterisk 1:11.8.1~dfsg-1 (bug #741313)
[squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-2286 (main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x ...)
+ {DLA-455-1}
- asterisk 1:11.8.1~dfsg-1 (bug #741313)
[squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-2283 (epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x ...)
More information about the Secure-testing-commits
mailing list