[Secure-testing-commits] r41899 - data/CVE

Thu May 19 21:10:12 UTC 2016

Author: sectracker
Date: 2016-05-19 21:10:12 +0000 (Thu, 19 May 2016)
New Revision: 41899

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-05-19 20:04:29 UTC (rev 41898)
+++ data/CVE/list	2016-05-19 21:10:12 UTC (rev 41899)
@@ -1,3 +1,69 @@
+CVE-2016-4944
+	RESERVED
+CVE-2016-4943
+	RESERVED
+CVE-2016-4942
+	RESERVED
+CVE-2016-4941
+	RESERVED
+CVE-2016-4940
+	RESERVED
+CVE-2016-4939
+	RESERVED
+CVE-2016-4938
+	RESERVED
+CVE-2016-4937
+	RESERVED
+CVE-2016-4936
+	RESERVED
+CVE-2016-4935
+	RESERVED
+CVE-2016-4934
+	RESERVED
+CVE-2016-4933
+	RESERVED
+CVE-2016-4932
+	RESERVED
+CVE-2016-4931
+	RESERVED
+CVE-2016-4930
+	RESERVED
+CVE-2016-4929
+	RESERVED
+CVE-2016-4928
+	RESERVED
+CVE-2016-4927
+	RESERVED
+CVE-2016-4926
+	RESERVED
+CVE-2016-4925
+	RESERVED
+CVE-2016-4924
+	RESERVED
+CVE-2016-4923
+	RESERVED
+CVE-2016-4922
+	RESERVED
+CVE-2016-4921
+	RESERVED
+CVE-2016-4920
+	RESERVED
+CVE-2016-4919
+	RESERVED
+CVE-2016-4918
+	RESERVED
+CVE-2016-4917
+	RESERVED
+CVE-2016-4916
+	RESERVED
+CVE-2016-4915
+	RESERVED
+CVE-2016-4914
+	RESERVED
+CVE-2016-1000001
+	RESERVED
+CVE-2016-1000000
+	RESERVED
 CVE-2016-4910
 	RESERVED
 CVE-2016-4909
@@ -201,9 +267,11 @@
 CVE-2016-4810
 	RESERVED
 CVE-2016-4913 [information leak in Rock Ridge Extensions to iso9660]
+	RESERVED
 	- linux 4.5.4-1
 	NOTE: Fixed by: https://git.kernel.org/linus/99d825822eade8d827a1817357cbf3f889a552d6 (v4.6)
 CVE-2016-4912
+	RESERVED
 	- openslp-dfsg <not-affected> (Vulnerable code not present)
 	NOTE: Issue present only in OpenSLP 2.x where the return from malloc isn't checked.
 CVE-2016-4911 [Incorrect Audit IDs in Keystone Fernet Tokens can result in revocation bypass]
@@ -229,6 +297,7 @@
 CVE-2016-4800
 	RESERVED
 CVE-2015-8874 (Stack consumption vulnerability in GD in PHP before 5.6.12 allows ...)
+	{DLA-482-1}
 	- libgd2 <unfixed> (bug #824627)
 	- php5 5.6.12+dfsg-1 (unimportant)
 	[jessie] - php5 5.6.12+dfsg-0+deb8u1
@@ -1150,8 +1219,7 @@
 	RESERVED
 CVE-2016-4481
 	RESERVED
-CVE-2016-4480 [x86 software guest page walk PS bit handling flaw]
-	RESERVED
+CVE-2016-4480 (The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen ...)
 	- xen <unfixed>
 	[jessie] - xen <no-dsa> (Minor issue, can be fixed along in a future DSA)
 	NOTE: http://xenbits.xen.org/xsa/advisory-176.html
@@ -6874,11 +6942,11 @@
 	RESERVED
 CVE-2016-2393 (Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before ...)
 	TODO: check
-CVE-2016-2389 (Directory traversal vulnerability in the Manufacturing Integration and ...)
+CVE-2016-2389 (Directory traversal vulnerability in the GetFileList function in the ...)
 	NOT-FOR-US: SAP
 CVE-2016-2388 (The Universal Worklist Configuration in SAP NetWeaver 7.4 allows ...)
 	NOT-FOR-US: SAP
-CVE-2016-2387 (Cross-site scripting (XSS) vulnerability in the Java Proxy Runtime ...)
+CVE-2016-2387 (Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy ...)
 	NOT-FOR-US: SAP
 CVE-2016-2386 (SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE ...)
 	NOT-FOR-US: SAP
@@ -7136,12 +7204,12 @@
 	NOTE: https://github.com/facebook/hhvm/commit/eae73029336e4d577707cb8a0527f22cb8a4588a
 CVE-2016-4348
 	RESERVED
-	{DLA-477-1}
+	{DSA-3584-1 DLA-477-1}
 	- librsvg 2.40.12-1
 	NOTE: https://git.gnome.org/browse/librsvg/commit/?id=d1c9191949747f6dcfd207831d15dd4ba00e31f2 (2.40.12)
 CVE-2016-4347
 	RESERVED
-	{DLA-477-1}
+	{DSA-3584-1 DLA-477-1}
 	- librsvg 2.40.12-1
 	NOTE: https://git.gnome.org/browse/librsvg/commit/?id=a51919f7e1ca9c535390a746fbf6e28c8402dc61 (2.40.12)
 	NOTE: Gustavo Grieco confirmed that this is probably the same issue as CVE-2015-7558
@@ -7569,8 +7637,8 @@
 	RESERVED
 CVE-2016-2209
 	RESERVED
-CVE-2016-2208
-	RESERVED
+CVE-2016-2208 (The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 ...)
+	TODO: check
 CVE-2016-2207
 	RESERVED
 CVE-2016-2206
@@ -8209,8 +8277,8 @@
 	RESERVED
 CVE-2016-2078
 	RESERVED
-CVE-2016-2077
-	RESERVED
+CVE-2016-2077 (VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before ...)
+	TODO: check
 CVE-2016-2076 (Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, ...)
 	TODO: check
 CVE-2016-2075 (Cross-site scripting (XSS) vulnerability in VMware vRealize Business ...)
@@ -12739,8 +12807,7 @@
 	NOT-FOR-US: Apache Ranger
 CVE-2016-0732
 	RESERVED
-CVE-2016-0731
-	RESERVED
+CVE-2016-0731 (The File Browser View in Apache Ambari before 2.2.1 allows remote ...)
 	NOT-FOR-US: Apache Ambari
 CVE-2016-0730
 	RESERVED
@@ -12797,10 +12864,10 @@
 	NOTE: https://github.com/feist/pcs/commit/d49435de20f71bd0816c42b445ed484dd21fbe96 (0.9.149)
 	NOTE: https://github.com/feist/pcs/commit/b9e7f061788c3b86a0c67d2d4158f067ec5eb625 (0.9.149)
 CVE-2016-0719
-	RESERVED
+	REJECTED
 CVE-2016-0718
 	RESERVED
-	{DSA-3582-1}
+	{DSA-3582-1 DLA-483-1}
 	- expat 2.1.1-2
 CVE-2016-0717
 	REJECTED
@@ -12828,8 +12895,8 @@
 	NOT-FOR-US: Apache Jetspeed
 CVE-2016-0708
 	RESERVED
-CVE-2016-0707
-	RESERVED
+CVE-2016-0707 (The agent in Apache Ambari before 2.1.2 uses weak permissions for the ...)
+	TODO: check
 CVE-2016-0706 (Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, ...)
 	{DSA-3552-1 DSA-3530-1 DLA-435-1}
 	- tomcat9 <itp> (bug #802312)
@@ -17852,7 +17919,7 @@
 	RESERVED
 CVE-2015-7558 [Stack exhaustion]
 	RESERVED
-	{DLA-477-1}
+	{DSA-3584-1 DLA-477-1}
 	- librsvg 2.40.12-1
 	[squeeze] - librsvg <no-dsa> (Too intrusive to backport)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1268243


