[Secure-testing-commits] r41472 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri May 6 09:10:12 UTC 2016
Author: sectracker
Date: 2016-05-06 09:10:12 +0000 (Fri, 06 May 2016)
New Revision: 41472
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-05-06 09:03:00 UTC (rev 41471)
+++ data/CVE/list 2016-05-06 09:10:12 UTC (rev 41472)
@@ -1,3 +1,101 @@
+CVE-2016-4535 (Integer signedness error in the AV engine before DAT 8145, as used in ...)
+ TODO: check
+CVE-2016-4534 (The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan ...)
+ TODO: check
+CVE-2016-4533
+ RESERVED
+CVE-2016-4532
+ RESERVED
+CVE-2016-4531
+ RESERVED
+CVE-2016-4530
+ RESERVED
+CVE-2016-4529
+ RESERVED
+CVE-2016-4528
+ RESERVED
+CVE-2016-4527
+ RESERVED
+CVE-2016-4526
+ RESERVED
+CVE-2016-4525
+ RESERVED
+CVE-2016-4524
+ RESERVED
+CVE-2016-4523
+ RESERVED
+CVE-2016-4522
+ RESERVED
+CVE-2016-4521
+ RESERVED
+CVE-2016-4520
+ RESERVED
+CVE-2016-4519
+ RESERVED
+CVE-2016-4518
+ RESERVED
+CVE-2016-4517
+ RESERVED
+CVE-2016-4516
+ RESERVED
+CVE-2016-4515
+ RESERVED
+CVE-2016-4514
+ RESERVED
+CVE-2016-4513
+ RESERVED
+CVE-2016-4512
+ RESERVED
+CVE-2016-4511
+ RESERVED
+CVE-2016-4510
+ RESERVED
+CVE-2016-4509
+ RESERVED
+CVE-2016-4508
+ RESERVED
+CVE-2016-4507
+ RESERVED
+CVE-2016-4506
+ RESERVED
+CVE-2016-4505
+ RESERVED
+CVE-2016-4504
+ RESERVED
+CVE-2016-4503
+ RESERVED
+CVE-2016-4502
+ RESERVED
+CVE-2016-4501
+ RESERVED
+CVE-2016-4500
+ RESERVED
+CVE-2016-4499
+ RESERVED
+CVE-2016-4498
+ RESERVED
+CVE-2016-4497
+ RESERVED
+CVE-2016-4496
+ RESERVED
+CVE-2016-4495
+ RESERVED
+CVE-2016-4494
+ RESERVED
+CVE-2016-4493
+ RESERVED
+CVE-2016-4492
+ RESERVED
+CVE-2016-4491
+ RESERVED
+CVE-2016-4490
+ RESERVED
+CVE-2016-4489
+ RESERVED
+CVE-2016-4488
+ RESERVED
+CVE-2016-4487
+ RESERVED
CVE-2016-4539 [xml_parse_into_struct segmentation fault]
- php7.0 7.0.6-1
- php5 5.6.21+dfsg-1
@@ -59,10 +157,12 @@
[jessie] - openafs <no-dsa> (Minor issue, can be included in a future DSA or via jessie-pu)
NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt
CVE-2016-4486 [information leak vulnerability in rtnetlink]
+ RESERVED
- linux <unfixed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6
NOTE: Not yet merged in Linus' tree
CVE-2016-4485 [information leak vulnerability in llc module]
+ RESERVED
- linux <unfixed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=b8670c09f37bdf2847cc44f36511a53afc6161fd
NOTE: Not yet merged in Linus' tree
@@ -318,8 +418,8 @@
RESERVED
CVE-2016-4357
RESERVED
-CVE-2016-4351
- RESERVED
+CVE-2016-4351 (SQL injection vulnerability in the authentication functionality in ...)
+ TODO: check
CVE-2016-4350
RESERVED
CVE-2014-9773 [A remote attacker could change Atheme's behavior by registering/dropping certain accounts/nicks]
@@ -1359,8 +1459,7 @@
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01334.html
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=3a15cc0e1ee7168db0782133d2607a6bfa422d66 (v2.6.0-rc2)
NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/4
-CVE-2016-4008 [Infinite loops parsing malicious DER certificates]
- RESERVED
+CVE-2016-4008 (The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 ...)
{DSA-3568-1}
- libtasn1-6 4.8-1
- libtasn1-3 <removed>
@@ -2038,20 +2137,15 @@
TODO: check
CVE-2016-3719
RESERVED
-CVE-2016-3718 [SSRF]
- RESERVED
+CVE-2016-3718 (The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x ...)
- imagemagick <unfixed>
-CVE-2016-3717 [Local file read]
- RESERVED
+CVE-2016-3717 (The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 ...)
- imagemagick <unfixed>
-CVE-2016-3716 [File moving]
- RESERVED
+CVE-2016-3716 (The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 ...)
- imagemagick <unfixed>
-CVE-2016-3715 [File deletion]
- RESERVED
+CVE-2016-3715 (The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before ...)
- imagemagick <unfixed>
-CVE-2016-3714 [Insufficient filtering for filename passed to delegate's command allows remote code execution during conversion of several file formats]
- RESERVED
+CVE-2016-3714 (The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, ...)
- imagemagick <unfixed>
NOTE: Workaround: https://bugzilla.redhat.com/show_bug.cgi?id=1332492#c3
NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
@@ -6538,8 +6632,7 @@
RESERVED
CVE-2016-2177
RESERVED
-CVE-2016-2176 [EBCDIC overread]
- RESERVED
+CVE-2016-2176 (The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL ...)
- openssl <not-affected> (Only applies to EBCDIC systems)
NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ea96ad5a206b7b5f25dad230333e8ff032df3219
NOTE: https://www.openssl.org/news/secadv/20160503.txt
@@ -6558,13 +6651,11 @@
NOT-FOR-US: Apache OFBiz
CVE-2016-2169
RESERVED
-CVE-2016-2168
- RESERVED
+CVE-2016-2168 (The req_check_access function in the mod_authz_svn module in the httpd ...)
{DSA-3561-1 DLA-448-1}
- subversion 1.9.4-1
NOTE: https://subversion.apache.org/security/CVE-2016-2168-advisory.txt
-CVE-2016-2167
- RESERVED
+CVE-2016-2167 (The canonicalize_username function in svnserve/cyrus_auth.c in Apache ...)
{DSA-3561-1 DLA-448-1}
- subversion 1.9.4-1
NOTE: https://subversion.apache.org/security/CVE-2016-2167-advisory.txt
@@ -6737,30 +6828,25 @@
{DSA-3548-1}
- samba 2:4.3.7+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2016-2110.html
-CVE-2016-2109 [ASN.1 BIO excessive memory allocation]
- RESERVED
+CVE-2016-2109 (The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 ...)
{DSA-3566-1 DLA-456-1}
- openssl 1.0.2h-1
NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807
NOTE: https://www.openssl.org/news/secadv/20160503.txt
-CVE-2016-2108 [Memory corruption in the ASN.1 encoder]
- RESERVED
+CVE-2016-2108 (The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before ...)
{DSA-3566-1 DLA-456-1}
- openssl 1.0.2c-1
NOTE: https://www.openssl.org/news/secadv/20160503.txt
-CVE-2016-2107 [Padding oracle in AES-NI CBC MAC check]
- RESERVED
+CVE-2016-2107 (The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before ...)
{DSA-3566-1 DLA-456-1}
- openssl 1.0.2h-1
NOTE: https://www.openssl.org/news/secadv/20160503.txt
-CVE-2016-2106 [EVP_EncryptUpdate overflow]
- RESERVED
+CVE-2016-2106 (Integer overflow in the EVP_EncryptUpdate function in ...)
{DSA-3566-1 DLA-456-1}
- openssl 1.0.2h-1
NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=3f3582139fbb259a1c3cbb0a25236500a409bf26
NOTE: https://www.openssl.org/news/secadv/20160503.txt
-CVE-2016-2105 [EVP_EncodeUpdate overflow]
- RESERVED
+CVE-2016-2105 (Integer overflow in the EVP_EncodeUpdate function in ...)
{DSA-3566-1 DLA-456-1}
- openssl 1.0.2h-1
NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ee1e3cac2e83abc77bcc8ff98729ca1e10fcc920
@@ -30688,7 +30774,7 @@
- clamav 0.98.7+dfsg-1
[wheezy] - clamav 0.98.7+dfsg-0+deb7u1
[jessie] - clamav 0.98.7+dfsg-0+deb8u1
-CVE-2015-2667 (Untrusted search path vulnerability in GNS3 before 1.2.3 allows local ...)
+CVE-2015-2667 (Untrusted search path vulnerability in GNS3 1.2.3 allows local users ...)
- gns3 <not-affected> (Windows specific)
CVE-2015-2665 (Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows ...)
{DSA-3295-1 DLA-255-1}
@@ -45622,7 +45708,7 @@
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1594 (GE Healthcare eNTEGRA P&R has a password of (1) entegra for the ...)
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-2000-1254
+CVE-2000-1254 (crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C ...)
- openssl 0.9.6-1
NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=db82b8f9bd432a59aea8e1014694e15fc457c2bb
CVE-2000-1253
More information about the Secure-testing-commits
mailing list