[Secure-testing-commits] r41563 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon May 9 16:25:54 UTC 2016
Author: jmm
Date: 2016-05-09 16:25:54 +0000 (Mon, 09 May 2016)
New Revision: 41563
Modified:
data/CVE/list
Log:
tiff no-dsa
NFUs
cleared some TODOs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-05-09 14:13:53 UTC (rev 41562)
+++ data/CVE/list 2016-05-09 16:25:54 UTC (rev 41563)
@@ -624,7 +624,7 @@
CVE-2016-4357
RESERVED
CVE-2016-4351 (SQL injection vulnerability in the authentication functionality in ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2016-4350
RESERVED
CVE-2014-9773 [A remote attacker could change Atheme's behavior by registering/dropping certain accounts/nicks]
@@ -1388,17 +1388,14 @@
NOTE: http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12697.patch (Squid 3.3)
NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4)
NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5)
- TODO: check
CVE-2016-4053 (Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to ...)
- squid3 3.5.17-1
- - squid <removed>
- squid <not-affected> (Squid 2.x are not vulnerable)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_6.txt
NOTE: http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11841.patch (Squid 3.2)
NOTE: http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12697.patch (Squid 3.3)
NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4)
NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5)
- TODO: check
CVE-2016-4052 (Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and ...)
- squid3 3.5.17-1
- squid <not-affected> (Squid 2.x are not vulnerable)
@@ -1407,7 +1404,6 @@
NOTE: http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12697.patch (Squid 3.3)
NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4)
NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5)
- TODO: check
CVE-2016-4051 (Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and ...)
- squid3 3.5.17-1
- squid <removed>
@@ -1425,7 +1421,7 @@
CVE-2016-4041
RESERVED
CVE-2016-4040 (SQL injection vulnerability in the Workflow Screen in dotCMS before ...)
- TODO: check
+ NOT-FOR-US: dotCMS
CVE-2015-8853 [Regexp-matching "hangs" indefinitely on illegal input using binmode :utf8 using 100%CPU]
RESERVED
- perl 5.22.1-1 (bug #821848)
@@ -1549,9 +1545,8 @@
CVE-2016-4004 (Directory traversal vulnerability in Dell OpenManage Server ...)
NOT-FOR-US: Dell
CVE-2016-4003 (Cross-site scripting (XSS) vulnerability in the URLDecoder function in ...)
- - libstruts1.2-java <undetermined>
+ - libstruts1.2-java <not-affected> (Only affects 2.x)
NOTE: http://struts.apache.org/docs/s2-028.html
- TODO: check, possibly only 2.x
CVE-2016-4020 [i386: leakage of stack memory to guest in kvmvapic.c]
RESERVED
- qemu <unfixed> (bug #821062)
@@ -1745,9 +1740,9 @@
CVE-2016-3973 (The chat feature in the Real-Time Collaboration (RTC) services in SAP ...)
NOT-FOR-US: SAP
CVE-2016-3972 (Directory traversal vulnerability in the dotTailLogServlet in dotCMS ...)
- TODO: check
+ NOT-FOR-US: dotCMS
CVE-2016-3971 (Cross-site scripting (XSS) vulnerability in lucene_search.jsp in ...)
- TODO: check
+ NOT-FOR-US: dotCMS
CVE-2016-3970
RESERVED
CVE-2015-8840 (The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does ...)
@@ -1848,8 +1843,10 @@
CVE-2016-3945 [Out-of-bounds Write in the tiff2rgba tool]
RESERVED
- tiff <unfixed>
- - tiff3 <removed>
- TODO: check
+ [jessie] - tiff <no-dsa> (Minor issue)
+ [wheezy] - tiff <no-dsa> (Minor issue)
+ - tiff3 <removed> (unimportant)
+ NOTE: src:tiff3: built binary packages do not contain the TIFF tools
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2545
CVE-2015-8865 [Buffer over-write in finfo_open with malformed magic file]
RESERVED
@@ -2442,7 +2439,7 @@
NOTE: https://bugs.launchpad.net/bugs/1533633
NOTE: It is unclear when this was fixed exactly, marking the version in jessie as fixed for now
CVE-2016-3688 (SQL injection vulnerability in dotCMS before 3.5 allows remote ...)
- TODO: check
+ NOT-FOR-US: dotCMS
CVE-2016-3687
RESERVED
CVE-2016-3686 (The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 ...)
More information about the Secure-testing-commits
mailing list