[Secure-testing-commits] r41835 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed May 18 09:10:11 UTC 2016
Author: sectracker
Date: 2016-05-18 09:10:11 +0000 (Wed, 18 May 2016)
New Revision: 41835
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-05-18 08:17:24 UTC (rev 41834)
+++ data/CVE/list 2016-05-18 09:10:11 UTC (rev 41835)
@@ -7140,12 +7140,12 @@
CVE-2016-2272 (Eaton Lighting EG2 Web Control 4.04P and earlier allows remote ...)
TODO: check
CVE-2016-2271 (VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows ...)
- {DSA-3519-1}
+ {DSA-3519-1 DLA-479-1}
- xen <unfixed> (bug #823620)
[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-170.html
CVE-2016-2270 (Xen 4.6.x and earlier allows local guest administrators to cause a ...)
- {DSA-3519-1}
+ {DSA-3519-1 DLA-479-1}
- xen <unfixed>
[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-154.html
@@ -9671,12 +9671,12 @@
NOTE: https://bugs.launchpad.net/ecryptfs/+bug/1530566
NOTE: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/870
CVE-2016-1571 (The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x ...)
- {DSA-3519-1}
+ {DSA-3519-1 DLA-479-1}
- xen <unfixed> (bug #823620)
[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-168.html
CVE-2016-1570 (The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, ...)
- {DSA-3519-1}
+ {DSA-3519-1 DLA-479-1}
- xen <unfixed> (bug #823620)
[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-167.html
@@ -11878,6 +11878,7 @@
NOTE: Introduced in 1.5 release. Fixed in 1.5.3 upstream.
NOTE: http://www.openwall.com/lists/oss-security/2015/12/21/6
CVE-2015-8615 (The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 ...)
+ {DLA-479-1}
- xen <unfixed> (bug #823620)
[jessie] - xen <not-affected> (Only affects 4.6)
[wheezy] - xen <not-affected> (Only affects 4.6)
@@ -12572,6 +12573,7 @@
RESERVED
CVE-2016-0718
RESERVED
+ {DSA-3582-1}
- expat <unfixed>
CVE-2016-0717
REJECTED
@@ -12698,11 +12700,12 @@
CVE-2015-8561 (The F1BookView ActiveX control in F1 Bookview in Schneider Electric ...)
NOT-FOR-US: F1BookView
CVE-2015-8555 (Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU ...)
- {DSA-3519-1}
+ {DSA-3519-1 DLA-479-1}
- xen <unfixed> (bug #823620)
[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-165.html
CVE-2015-8554 (Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using ...)
+ {DLA-479-1}
- xen 4.4.0-1
[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-164.html
@@ -12741,7 +12744,7 @@
NOTE: https://git.kernel.org/linus/7cfb905b9638982862f0331b36ccaaca5d383b49
NOTE: https://git.kernel.org/linus/408fb0e5aa7fda0059db282ff58c3b2a4278baa0
CVE-2015-8550 (Xen, when used on a system providing PV backends, allows local guest ...)
- {DSA-3519-1 DSA-3471-1 DSA-3434-1}
+ {DSA-3519-1 DSA-3471-1 DSA-3434-1 DLA-479-1}
[experimental] - linux 4.4~rc6-1~exp1
- linux 4.3.3-3
- linux-2.6 <removed>
@@ -15062,12 +15065,12 @@
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-160.html
CVE-2015-8340 (The memory_exchange function in common/memory.c in Xen 3.2.x through ...)
- {DSA-3519-1}
+ {DSA-3519-1 DLA-479-1}
- xen <unfixed> (bug #823620)
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-159.html
CVE-2015-8339 (The memory_exchange function in common/memory.c in Xen 3.2.x through ...)
- {DSA-3519-1}
+ {DSA-3519-1 DLA-479-1}
- xen <unfixed> (bug #823620)
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-159.html
@@ -15837,7 +15840,7 @@
CVE-2015-8090 (The Web Server component in TIBCO LogLogic Unity before 1.1.1 allows ...)
NOT-FOR-US: TIBCO
CVE-2015-8104 (The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x ...)
- {DSA-3454-1 DSA-3426-1 DSA-3414-1}
+ {DSA-3454-1 DSA-3426-1 DSA-3414-1 DLA-479-1}
- linux 4.2.6-2
- linux-2.6 <removed>
- xen <unfixed> (bug #823620)
@@ -16241,24 +16244,24 @@
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
NOTE: http://support.ntp.org/bin/view/Main/NtpBug2935
CVE-2015-7972 (The (1) libxl_set_memory_target function in tools/libxl/libxl.c and ...)
- {DSA-3414-1}
+ {DSA-3414-1 DLA-479-1}
- xen 4.6.0-1
[wheezy] - xen <no-dsa> (Minor issue, xl not used in wheezy)
[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
NOTE: http://xenbits.xen.org/xsa/advisory-153.html
CVE-2015-7971 (Xen 3.2.x through 4.6.x does not limit the number of printk console ...)
- {DSA-3414-1}
+ {DSA-3414-1 DLA-479-1}
- xen 4.6.0-1
[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
NOTE: http://xenbits.xen.org/xsa/advisory-152.html
CVE-2015-7970 (The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen ...)
- {DSA-3414-1}
+ {DSA-3414-1 DLA-479-1}
- xen 4.6.0-1
[wheezy] - xen <no-dsa> (Minor issue, too intrusive to backport)
[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
NOTE: http://xenbits.xen.org/xsa/advisory-150.html
CVE-2015-7969 (Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest ...)
- {DSA-3414-1}
+ {DSA-3414-1 DLA-479-1}
- xen 4.6.0-1
[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
NOTE: http://xenbits.xen.org/xsa/advisory-149.html
@@ -23733,7 +23736,7 @@
CVE-2015-5308 (Multiple SQL injection vulnerabilities in cs_admin_users.php in the ...)
NOT-FOR-US: wp-championship plugin for WordPress
CVE-2015-5307 (The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x ...)
- {DSA-3454-1 DSA-3414-1 DSA-3396-1}
+ {DSA-3454-1 DSA-3414-1 DSA-3396-1 DLA-479-1}
- linux 4.2.6-1
- linux-2.6 <removed>
- xen <unfixed> (bug #823620)
@@ -24317,7 +24320,7 @@
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=6cd387833d05e8ad31829d97e474dc420625aed9 (v2.4.0-rc4)
NOTE: http://xenbits.xen.org/xsa/advisory-139.html
CVE-2015-5165 (The C+ mode offload emulation in the RTL8139 network card device model ...)
- {DSA-3349-1 DSA-3348-1}
+ {DSA-3349-1 DSA-3348-1 DLA-479-1}
- qemu 1:2.4+dfsg-1a (bug #794610)
[wheezy] - qemu 1.1.2+dfsg-6a+deb7u9
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
@@ -31313,7 +31316,7 @@
- arj 3.10.22-13 (bug #774015)
NOTE: http://www.openwall.com/lists/oss-security/2015/03/28/5
CVE-2015-2756 (QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict ...)
- {DSA-3259-1}
+ {DSA-3259-1 DLA-479-1}
- xen 4.2.0~rc2-1 (bug #781620)
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
- qemu 1:2.3+dfsg-3
@@ -31324,6 +31327,7 @@
CVE-2015-2755 (Multiple cross-site request forgery (CSRF) vulnerabilities in the AB ...)
NOT-FOR-US: AB Google Map Travel (AB-MAP) plugin for WordPress
CVE-2015-2752 (The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, ...)
+ {DLA-479-1}
- xen 4.4.1-9 (bug #781620)
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-125.html
More information about the Secure-testing-commits
mailing list