[Secure-testing-commits] r41622 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue May 10 21:10:11 UTC 2016
Author: sectracker
Date: 2016-05-10 21:10:11 +0000 (Tue, 10 May 2016)
New Revision: 41622
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-05-10 20:15:14 UTC (rev 41621)
+++ data/CVE/list 2016-05-10 21:10:11 UTC (rev 41622)
@@ -1,3 +1,5 @@
+CVE-2016-4572
+ RESERVED
CVE-2016-4574 [incomplete fix for CVE-2016-4356]
- libksba 1.3.4-3
[jessie] - libksba <not-affected> (Incomplete fix not applied)
@@ -5,6 +7,7 @@
NOTE: Fixed by: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=6be61daac047d8e6aa941eb103f8e71a1d4e3c75
NOTE: Introduced by: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3
CVE-2016-4569 [information leak]
+ RESERVED
- linux <unfixed>
NOTE: http://comments.gmane.org/gmane.linux.kernel/2214250
CVE-2016-4564
@@ -72,9 +75,11 @@
RESERVED
NOT-FOR-US: Samsung Android component
CVE-2016-4570 [Recursion using mxmlDelete at mxml-node.c:217 (stack-exhaustion-1.xml)]
+ RESERVED
- mxml <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/8
CVE-2016-4571 [Recursion using mxml_write_node at mxml-file.c:2739 (stack-exhaustion-2.xml]
+ RESERVED
- mxml <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/8
CVE-2016-XXXX [invalid pointer read]
@@ -661,8 +666,8 @@
RESERVED
CVE-2016-4351 (SQL injection vulnerability in the authentication functionality in ...)
NOT-FOR-US: Trend Micro
-CVE-2016-4350
- RESERVED
+CVE-2016-4350 (Multiple SQL injection vulnerabilities in the Web Services web server ...)
+ TODO: check
CVE-2014-9773 [A remote attacker could change Atheme's behavior by registering/dropping certain accounts/nicks]
RESERVED
- atheme-services 7.0.7-2
@@ -3781,8 +3786,7 @@
CVE-2016-3106
RESERVED
NOT-FOR-US: Pulp (Red Hat)
-CVE-2016-3105
- RESERVED
+CVE-2016-3105 (The convert extension in Mercurial before 3.8 might allow ...)
{DSA-3570-1 DLA-459-1}
- mercurial 3.8.1-1
NOTE: https://selenic.com/hg/rev/a56296f55a5e
@@ -9199,6 +9203,7 @@
CVE-2016-1542
RESERVED
CVE-2016-1541 (Heap-based buffer overflow in the zip_read_mac_metadata function in ...)
+ {DSA-3574-1}
[experimental] - libarchive 3.2.0-1
- libarchive <unfixed> (bug #823893)
[wheezy] - libarchive <not-affected> (Vulnerable code not present)
@@ -23504,11 +23509,9 @@
NOT-FOR-US: Apache Ambari
CVE-2015-5209
RESERVED
-CVE-2015-5208
- RESERVED
+CVE-2015-5208 (Apache Cordova iOS before 4.0.0 allows remote attackers to execute ...)
NOT-FOR-US: Apache Cordova
-CVE-2015-5207
- RESERVED
+CVE-2015-5207 (Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL ...)
NOT-FOR-US: Apache Cordova
CVE-2015-5206
RESERVED
@@ -34496,6 +34499,7 @@
CVE-2015-1483 (Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and UNIX ...)
NOT-FOR-US: Symantec NetBackup OpsCenter
CVE-2014-9676 (The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 ...)
+ {DLA-464-1}
- ffmpeg <not-affected> (Vulnerable code not present in a ffmpeg version in the archive)
- libav 6:11.2-1
NOTE: Patch in http://www.openwall.com/lists/oss-security/2015/01/04/10 seem to apply for libav
More information about the Secure-testing-commits
mailing list