[Secure-testing-commits] r41622 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue May 10 21:10:11 UTC 2016 

Author: sectracker
Date: 2016-05-10 21:10:11 +0000 (Tue, 10 May 2016)
New Revision: 41622

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-05-10 20:15:14 UTC (rev 41621)
+++ data/CVE/list	2016-05-10 21:10:11 UTC (rev 41622)
@@ -1,3 +1,5 @@
+CVE-2016-4572
+	RESERVED
 CVE-2016-4574 [incomplete fix for CVE-2016-4356]
 	- libksba 1.3.4-3
 	[jessie] - libksba <not-affected> (Incomplete fix not applied)
@@ -5,6 +7,7 @@
 	NOTE: Fixed by: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=6be61daac047d8e6aa941eb103f8e71a1d4e3c75
 	NOTE: Introduced by: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3
 CVE-2016-4569 [information leak]
+	RESERVED
 	- linux <unfixed>
 	NOTE: http://comments.gmane.org/gmane.linux.kernel/2214250
 CVE-2016-4564
@@ -72,9 +75,11 @@
 	RESERVED
 	NOT-FOR-US: Samsung Android component
 CVE-2016-4570 [Recursion using mxmlDelete at mxml-node.c:217 (stack-exhaustion-1.xml)]
+	RESERVED
 	- mxml <unfixed>
 	NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/8
 CVE-2016-4571 [Recursion using mxml_write_node at mxml-file.c:2739 (stack-exhaustion-2.xml]
+	RESERVED
 	- mxml <unfixed>
 	NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/8
 CVE-2016-XXXX [invalid pointer read]
@@ -661,8 +666,8 @@
 	RESERVED
 CVE-2016-4351 (SQL injection vulnerability in the authentication functionality in ...)
 	NOT-FOR-US: Trend Micro
-CVE-2016-4350
-	RESERVED
+CVE-2016-4350 (Multiple SQL injection vulnerabilities in the Web Services web server ...)
+	TODO: check
 CVE-2014-9773 [A remote attacker could change Atheme's behavior by registering/dropping certain accounts/nicks]
 	RESERVED
 	- atheme-services 7.0.7-2
@@ -3781,8 +3786,7 @@
 CVE-2016-3106
 	RESERVED
 	NOT-FOR-US: Pulp (Red Hat)
-CVE-2016-3105
-	RESERVED
+CVE-2016-3105 (The convert extension in Mercurial before 3.8 might allow ...)
 	{DSA-3570-1 DLA-459-1}
 	- mercurial 3.8.1-1
 	NOTE: https://selenic.com/hg/rev/a56296f55a5e
@@ -9199,6 +9203,7 @@
 CVE-2016-1542
 	RESERVED
 CVE-2016-1541 (Heap-based buffer overflow in the zip_read_mac_metadata function in ...)
+	{DSA-3574-1}
 	[experimental] - libarchive 3.2.0-1
 	- libarchive <unfixed> (bug #823893)
 	[wheezy] - libarchive <not-affected> (Vulnerable code not present)
@@ -23504,11 +23509,9 @@
 	NOT-FOR-US: Apache Ambari
 CVE-2015-5209
 	RESERVED
-CVE-2015-5208
-	RESERVED
+CVE-2015-5208 (Apache Cordova iOS before 4.0.0 allows remote attackers to execute ...)
 	NOT-FOR-US: Apache Cordova
-CVE-2015-5207
-	RESERVED
+CVE-2015-5207 (Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL ...)
 	NOT-FOR-US: Apache Cordova
 CVE-2015-5206
 	RESERVED
@@ -34496,6 +34499,7 @@
 CVE-2015-1483 (Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and UNIX ...)
 	NOT-FOR-US: Symantec NetBackup OpsCenter
 CVE-2014-9676 (The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 ...)
+	{DLA-464-1}
 	- ffmpeg <not-affected> (Vulnerable code not present in a ffmpeg version in the archive)
 	- libav 6:11.2-1
 	NOTE: Patch in http://www.openwall.com/lists/oss-security/2015/01/04/10 seem to apply for libav

More information about the Secure-testing-commits mailing list