[Secure-testing-commits] r41835 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Wed May 18 09:10:11 UTC 2016 

Author: sectracker
Date: 2016-05-18 09:10:11 +0000 (Wed, 18 May 2016)
New Revision: 41835

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-05-18 08:17:24 UTC (rev 41834)
+++ data/CVE/list	2016-05-18 09:10:11 UTC (rev 41835)
@@ -7140,12 +7140,12 @@
 CVE-2016-2272 (Eaton Lighting EG2 Web Control 4.04P and earlier allows remote ...)
 	TODO: check
 CVE-2016-2271 (VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows ...)
-	{DSA-3519-1}
+	{DSA-3519-1 DLA-479-1}
 	- xen <unfixed> (bug #823620)
 	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
 	NOTE: http://xenbits.xen.org/xsa/advisory-170.html
 CVE-2016-2270 (Xen 4.6.x and earlier allows local guest administrators to cause a ...)
-	{DSA-3519-1}
+	{DSA-3519-1 DLA-479-1}
 	- xen <unfixed>
 	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
 	NOTE: http://xenbits.xen.org/xsa/advisory-154.html
@@ -9671,12 +9671,12 @@
 	NOTE: https://bugs.launchpad.net/ecryptfs/+bug/1530566
 	NOTE: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/870
 CVE-2016-1571 (The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x ...)
-	{DSA-3519-1}
+	{DSA-3519-1 DLA-479-1}
 	- xen <unfixed> (bug #823620)
 	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
 	NOTE: http://xenbits.xen.org/xsa/advisory-168.html
 CVE-2016-1570 (The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, ...)
-	{DSA-3519-1}
+	{DSA-3519-1 DLA-479-1}
 	- xen <unfixed> (bug #823620)
 	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
 	NOTE: http://xenbits.xen.org/xsa/advisory-167.html
@@ -11878,6 +11878,7 @@
 	NOTE: Introduced in 1.5 release. Fixed in 1.5.3 upstream.
 	NOTE: http://www.openwall.com/lists/oss-security/2015/12/21/6
 CVE-2015-8615 (The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 ...)
+	{DLA-479-1}
 	- xen <unfixed> (bug #823620)
 	[jessie] - xen <not-affected> (Only affects 4.6)
 	[wheezy] - xen <not-affected> (Only affects 4.6)
@@ -12572,6 +12573,7 @@
 	RESERVED
 CVE-2016-0718
 	RESERVED
+	{DSA-3582-1}
 	- expat <unfixed>
 CVE-2016-0717
 	REJECTED
@@ -12698,11 +12700,12 @@
 CVE-2015-8561 (The F1BookView ActiveX control in F1 Bookview in Schneider Electric ...)
 	NOT-FOR-US: F1BookView
 CVE-2015-8555 (Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU ...)
-	{DSA-3519-1}
+	{DSA-3519-1 DLA-479-1}
 	- xen <unfixed> (bug #823620)
 	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
 	NOTE: http://xenbits.xen.org/xsa/advisory-165.html
 CVE-2015-8554 (Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using ...)
+	{DLA-479-1}
 	- xen 4.4.0-1
 	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
 	NOTE: http://xenbits.xen.org/xsa/advisory-164.html
@@ -12741,7 +12744,7 @@
 	NOTE: https://git.kernel.org/linus/7cfb905b9638982862f0331b36ccaaca5d383b49
 	NOTE: https://git.kernel.org/linus/408fb0e5aa7fda0059db282ff58c3b2a4278baa0
 CVE-2015-8550 (Xen, when used on a system providing PV backends, allows local guest ...)
-	{DSA-3519-1 DSA-3471-1 DSA-3434-1}
+	{DSA-3519-1 DSA-3471-1 DSA-3434-1 DLA-479-1}
 	[experimental] - linux 4.4~rc6-1~exp1
 	- linux 4.3.3-3
 	- linux-2.6 <removed>
@@ -15062,12 +15065,12 @@
 	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: http://xenbits.xen.org/xsa/advisory-160.html
 CVE-2015-8340 (The memory_exchange function in common/memory.c in Xen 3.2.x through ...)
-	{DSA-3519-1}
+	{DSA-3519-1 DLA-479-1}
 	- xen <unfixed> (bug #823620)
 	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: http://xenbits.xen.org/xsa/advisory-159.html
 CVE-2015-8339 (The memory_exchange function in common/memory.c in Xen 3.2.x through ...)
-	{DSA-3519-1}
+	{DSA-3519-1 DLA-479-1}
 	- xen <unfixed> (bug #823620)
 	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: http://xenbits.xen.org/xsa/advisory-159.html
@@ -15837,7 +15840,7 @@
 CVE-2015-8090 (The Web Server component in TIBCO LogLogic Unity before 1.1.1 allows ...)
 	NOT-FOR-US: TIBCO
 CVE-2015-8104 (The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x ...)
-	{DSA-3454-1 DSA-3426-1 DSA-3414-1}
+	{DSA-3454-1 DSA-3426-1 DSA-3414-1 DLA-479-1}
 	- linux 4.2.6-2
 	- linux-2.6 <removed>
 	- xen <unfixed> (bug #823620)
@@ -16241,24 +16244,24 @@
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
 	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2935
 CVE-2015-7972 (The (1) libxl_set_memory_target function in tools/libxl/libxl.c and ...)
-	{DSA-3414-1}
+	{DSA-3414-1 DLA-479-1}
 	- xen 4.6.0-1
 	[wheezy] - xen <no-dsa> (Minor issue, xl not used in wheezy)
 	[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
 	NOTE: http://xenbits.xen.org/xsa/advisory-153.html
 CVE-2015-7971 (Xen 3.2.x through 4.6.x does not limit the number of printk console ...)
-	{DSA-3414-1}
+	{DSA-3414-1 DLA-479-1}
 	- xen 4.6.0-1
 	[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
 	NOTE: http://xenbits.xen.org/xsa/advisory-152.html
 CVE-2015-7970 (The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen ...)
-	{DSA-3414-1}
+	{DSA-3414-1 DLA-479-1}
 	- xen 4.6.0-1
 	[wheezy] - xen <no-dsa> (Minor issue, too intrusive to backport)
 	[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
 	NOTE: http://xenbits.xen.org/xsa/advisory-150.html
 CVE-2015-7969 (Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest ...)
-	{DSA-3414-1}
+	{DSA-3414-1 DLA-479-1}
 	- xen 4.6.0-1
 	[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
 	NOTE: http://xenbits.xen.org/xsa/advisory-149.html
@@ -23733,7 +23736,7 @@
 CVE-2015-5308 (Multiple SQL injection vulnerabilities in cs_admin_users.php in the ...)
 	NOT-FOR-US: wp-championship plugin for WordPress
 CVE-2015-5307 (The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x ...)
-	{DSA-3454-1 DSA-3414-1 DSA-3396-1}
+	{DSA-3454-1 DSA-3414-1 DSA-3396-1 DLA-479-1}
 	- linux 4.2.6-1
 	- linux-2.6 <removed>
 	- xen <unfixed> (bug #823620)
@@ -24317,7 +24320,7 @@
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=6cd387833d05e8ad31829d97e474dc420625aed9 (v2.4.0-rc4)
 	NOTE: http://xenbits.xen.org/xsa/advisory-139.html
 CVE-2015-5165 (The C+ mode offload emulation in the RTL8139 network card device model ...)
-	{DSA-3349-1 DSA-3348-1}
+	{DSA-3349-1 DSA-3348-1 DLA-479-1}
 	- qemu 1:2.4+dfsg-1a (bug #794610)
 	[wheezy] - qemu 1.1.2+dfsg-6a+deb7u9
 	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
@@ -31313,7 +31316,7 @@
 	- arj 3.10.22-13 (bug #774015)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/03/28/5
 CVE-2015-2756 (QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict ...)
-	{DSA-3259-1}
+	{DSA-3259-1 DLA-479-1}
 	- xen 4.2.0~rc2-1 (bug #781620)
 	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
 	- qemu 1:2.3+dfsg-3
@@ -31324,6 +31327,7 @@
 CVE-2015-2755 (Multiple cross-site request forgery (CSRF) vulnerabilities in the AB ...)
 	NOT-FOR-US: AB Google Map Travel (AB-MAP) plugin for WordPress
 CVE-2015-2752 (The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, ...)
+	{DLA-479-1}
 	- xen 4.4.1-9 (bug #781620)
 	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: http://xenbits.xen.org/xsa/advisory-125.html

More information about the Secure-testing-commits mailing list