[Secure-testing-commits] r41641 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed May 11 18:02:50 UTC 2016 

Author: jmm
Date: 2016-05-11 18:02:50 +0000 (Wed, 11 May 2016)
New Revision: 41641

Modified:
   data/CVE/list
Log:
older linux issue fixed
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-05-11 17:35:05 UTC (rev 41640)
+++ data/CVE/list	2016-05-11 18:02:50 UTC (rev 41641)
@@ -1911,10 +1911,9 @@
 	- squid3 3.5.16-1 (bug #819784)
 	[jessie] - squid3 <no-dsa> (Minor issue; needs substantial backporting; too intrusive to backport)
 	[wheezy] - squid3 <no-dsa> (Minor issue; needs substantial backporting; too intrusive to backport)
-	- squid <undetermined>
+	- squid <removed>
 	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_4.txt
-	TODO: check src:squid, possibly as wel not-affected since CVE-2016-2569 was as well
 CVE-2016-3947 (Heap-based buffer overflow in the Icmp6::Recv function in ...)
 	- squid3 3.5.16-1 (bug #819783)
 	[jessie] - squid3 <no-dsa> (Minor issue)
@@ -1926,7 +1925,7 @@
 CVE-2016-3944
 	RESERVED
 CVE-2016-3943 (Panda Endpoint Administration Agent before 7.50.00, as used in Panda ...)
-	TODO: check
+	NOT-FOR-US: Panda
 CVE-2016-3942
 	RESERVED
 CVE-2016-3940
@@ -2404,7 +2403,6 @@
 	- graphicsmagick <unfixed>
 	NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
 	NOTE: https://sourceforge.net/p/graphicsmagick/code/ci/45998a25992d1142df201d8cf024b6c948b40748/
-	TODO: check if other packages are affected
 CVE-2016-3713
 	RESERVED
 CVE-2016-3712 [Out-of-bounds read when creating weird vga screen surface]
@@ -2577,18 +2575,17 @@
 	NOTE: http://bugs.cacti.net/view.php?id=2673
 CVE-2016-3658 [Illegal read occurs in the TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c when using tiffset command]
 	RESERVED
-	- tiff <unfixed>
-	- tiff3 <removed>
-	TODO: check
+	- tiff <unfixed> (low)
+	- tiff3 <removed> (low)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2546
 CVE-2016-3657 (Buffer overflow in the GlobalProtect Portal in Palo Alto Networks ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2016-3656 (The GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2016-3655 (The management web interface in Palo Alto Networks PAN-OS before ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2016-3654 (The device management command line interface (CLI) in Palo Alto ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2016-3653
 	RESERVED
 CVE-2016-3652
@@ -3034,32 +3031,31 @@
 CVE-2016-3467
 	RESERVED
 CVE-2016-3466 (Unspecified vulnerability in the Oracle Field Service component in ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-3465 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...)
 	NOT-FOR-US: Solaris
 CVE-2016-3464 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-3463 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-3462 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...)
 	NOT-FOR-US: Solaris
 CVE-2016-3461 (Unspecified vulnerability in the MySQL Enterprise Monitor component in ...)
 	TODO: check
 CVE-2016-3460 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component ...)
-	TODO: check
 	NOT-FOR-US: PeopleSoft
 CVE-2016-3459
 	RESERVED
 CVE-2016-3458
 	RESERVED
 CVE-2016-3457 (Unspecified vulnerability in the PeopleSoft Enterprise HCM ...)
-	TODO: check
+	NOT-FOR-US: PeopleSoft
 CVE-2016-3456 (Unspecified vulnerability in the Oracle Complex Maintenance, Repair, ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-3455 (Unspecified vulnerability in the Oracle Outside In Technology ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-3454 (Unspecified vulnerability in the Java VM component in Oracle Database ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-3453
 	RESERVED
 CVE-2016-3452
@@ -3075,7 +3071,7 @@
 CVE-2016-3448
 	RESERVED
 CVE-2016-3447 (Unspecified vulnerability in the Oracle Applications Framework ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-3446
 	RESERVED
 CVE-2016-3445
@@ -3087,29 +3083,28 @@
 	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
 	- openjdk-8 <not-affected> (Specific to Oracle Java, not present in IcedTea)
 CVE-2016-3442 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
-	TODO: check
+	NOT-FOR-US: PeopleSoft
 CVE-2016-3441 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows ...)
 	NOT-FOR-US: Solaris
 CVE-2016-3440
 	RESERVED
 CVE-2016-3439 (Unspecified vulnerability in the Oracle CRM Wireless component in ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-3438 (Unspecified vulnerability in the Oracle Configurator component in ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-3437 (Unspecified vulnerability in the Oracle CRM Wireless component in ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-3436 (Unspecified vulnerability in the Oracle Common Applications Calendar ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-3435 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
-	TODO: check
+	NOT-FOR-US: PeopleSoft
 CVE-2016-3434 (Unspecified vulnerability in the Oracle Application Object Library ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-3433
 	RESERVED
 CVE-2016-3432
 	RESERVED
 CVE-2016-3431 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
-	TODO: check
 	NOT-FOR-US: Oracle
 CVE-2016-3430
 	RESERVED
@@ -3135,23 +3130,23 @@
 CVE-2016-3424
 	RESERVED
 CVE-2016-3423 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
-	TODO: check
+	NOT-FOR-US: PeopleSoft
 CVE-2016-3422 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 ...)
 	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
 	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
 	- openjdk-8 <not-affected> (Specific to Oracle Java, not present in IcedTea)
 CVE-2016-3421 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
-	TODO: check
+	NOT-FOR-US: PeopleSoft
 CVE-2016-3420 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-3419 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows ...)
 	NOT-FOR-US: Solaris
 CVE-2016-3418 (Unspecified vulnerability in the DataStore component in Oracle ...)
 	NOT-FOR-US: Oracle Berkeley DB (later closed source releases)
 CVE-2016-3417 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
-	TODO: check
+	NOT-FOR-US: PeopleSoft
 CVE-2016-3416 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2016-3415
 	RESERVED
 CVE-2016-3414
@@ -26883,12 +26878,13 @@
 CVE-2015-4005
 	RESERVED
 CVE-2015-4004 (The OZWPAN driver in the Linux kernel through 4.0.5 relies on an ...)
-	- linux <unfixed> (unimportant)
+	- linux 4.3-1 (unimportant)
 	NOTE: ozwpan driver not built
 	[wheezy] - linux <not-affected> (ozwpan driver not present)
 	- linux-2.6 <not-affected> (ozwpan driver not present)
 	NOTE: https://lkml.org/lkml/2015/5/13/739
 	NOTE: Not enabled in Debian kernels; staging drivers are not supported
+	NOTE: Driver was removed in Linux 4.3
 CVE-2015-4003 (The oz_usb_handle_ep_data function in ...)
 	- linux 4.1.3-1 (unimportant)
 	NOTE: ozwpan driver not built

More information about the Secure-testing-commits mailing list