[Secure-testing-commits] r41899 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu May 19 21:10:12 UTC 2016
Author: sectracker
Date: 2016-05-19 21:10:12 +0000 (Thu, 19 May 2016)
New Revision: 41899
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-05-19 20:04:29 UTC (rev 41898)
+++ data/CVE/list 2016-05-19 21:10:12 UTC (rev 41899)
@@ -1,3 +1,69 @@
+CVE-2016-4944
+ RESERVED
+CVE-2016-4943
+ RESERVED
+CVE-2016-4942
+ RESERVED
+CVE-2016-4941
+ RESERVED
+CVE-2016-4940
+ RESERVED
+CVE-2016-4939
+ RESERVED
+CVE-2016-4938
+ RESERVED
+CVE-2016-4937
+ RESERVED
+CVE-2016-4936
+ RESERVED
+CVE-2016-4935
+ RESERVED
+CVE-2016-4934
+ RESERVED
+CVE-2016-4933
+ RESERVED
+CVE-2016-4932
+ RESERVED
+CVE-2016-4931
+ RESERVED
+CVE-2016-4930
+ RESERVED
+CVE-2016-4929
+ RESERVED
+CVE-2016-4928
+ RESERVED
+CVE-2016-4927
+ RESERVED
+CVE-2016-4926
+ RESERVED
+CVE-2016-4925
+ RESERVED
+CVE-2016-4924
+ RESERVED
+CVE-2016-4923
+ RESERVED
+CVE-2016-4922
+ RESERVED
+CVE-2016-4921
+ RESERVED
+CVE-2016-4920
+ RESERVED
+CVE-2016-4919
+ RESERVED
+CVE-2016-4918
+ RESERVED
+CVE-2016-4917
+ RESERVED
+CVE-2016-4916
+ RESERVED
+CVE-2016-4915
+ RESERVED
+CVE-2016-4914
+ RESERVED
+CVE-2016-1000001
+ RESERVED
+CVE-2016-1000000
+ RESERVED
CVE-2016-4910
RESERVED
CVE-2016-4909
@@ -201,9 +267,11 @@
CVE-2016-4810
RESERVED
CVE-2016-4913 [information leak in Rock Ridge Extensions to iso9660]
+ RESERVED
- linux 4.5.4-1
NOTE: Fixed by: https://git.kernel.org/linus/99d825822eade8d827a1817357cbf3f889a552d6 (v4.6)
CVE-2016-4912
+ RESERVED
- openslp-dfsg <not-affected> (Vulnerable code not present)
NOTE: Issue present only in OpenSLP 2.x where the return from malloc isn't checked.
CVE-2016-4911 [Incorrect Audit IDs in Keystone Fernet Tokens can result in revocation bypass]
@@ -229,6 +297,7 @@
CVE-2016-4800
RESERVED
CVE-2015-8874 (Stack consumption vulnerability in GD in PHP before 5.6.12 allows ...)
+ {DLA-482-1}
- libgd2 <unfixed> (bug #824627)
- php5 5.6.12+dfsg-1 (unimportant)
[jessie] - php5 5.6.12+dfsg-0+deb8u1
@@ -1150,8 +1219,7 @@
RESERVED
CVE-2016-4481
RESERVED
-CVE-2016-4480 [x86 software guest page walk PS bit handling flaw]
- RESERVED
+CVE-2016-4480 (The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen ...)
- xen <unfixed>
[jessie] - xen <no-dsa> (Minor issue, can be fixed along in a future DSA)
NOTE: http://xenbits.xen.org/xsa/advisory-176.html
@@ -6874,11 +6942,11 @@
RESERVED
CVE-2016-2393 (Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before ...)
TODO: check
-CVE-2016-2389 (Directory traversal vulnerability in the Manufacturing Integration and ...)
+CVE-2016-2389 (Directory traversal vulnerability in the GetFileList function in the ...)
NOT-FOR-US: SAP
CVE-2016-2388 (The Universal Worklist Configuration in SAP NetWeaver 7.4 allows ...)
NOT-FOR-US: SAP
-CVE-2016-2387 (Cross-site scripting (XSS) vulnerability in the Java Proxy Runtime ...)
+CVE-2016-2387 (Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy ...)
NOT-FOR-US: SAP
CVE-2016-2386 (SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE ...)
NOT-FOR-US: SAP
@@ -7136,12 +7204,12 @@
NOTE: https://github.com/facebook/hhvm/commit/eae73029336e4d577707cb8a0527f22cb8a4588a
CVE-2016-4348
RESERVED
- {DLA-477-1}
+ {DSA-3584-1 DLA-477-1}
- librsvg 2.40.12-1
NOTE: https://git.gnome.org/browse/librsvg/commit/?id=d1c9191949747f6dcfd207831d15dd4ba00e31f2 (2.40.12)
CVE-2016-4347
RESERVED
- {DLA-477-1}
+ {DSA-3584-1 DLA-477-1}
- librsvg 2.40.12-1
NOTE: https://git.gnome.org/browse/librsvg/commit/?id=a51919f7e1ca9c535390a746fbf6e28c8402dc61 (2.40.12)
NOTE: Gustavo Grieco confirmed that this is probably the same issue as CVE-2015-7558
@@ -7569,8 +7637,8 @@
RESERVED
CVE-2016-2209
RESERVED
-CVE-2016-2208
- RESERVED
+CVE-2016-2208 (The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 ...)
+ TODO: check
CVE-2016-2207
RESERVED
CVE-2016-2206
@@ -8209,8 +8277,8 @@
RESERVED
CVE-2016-2078
RESERVED
-CVE-2016-2077
- RESERVED
+CVE-2016-2077 (VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before ...)
+ TODO: check
CVE-2016-2076 (Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, ...)
TODO: check
CVE-2016-2075 (Cross-site scripting (XSS) vulnerability in VMware vRealize Business ...)
@@ -12739,8 +12807,7 @@
NOT-FOR-US: Apache Ranger
CVE-2016-0732
RESERVED
-CVE-2016-0731
- RESERVED
+CVE-2016-0731 (The File Browser View in Apache Ambari before 2.2.1 allows remote ...)
NOT-FOR-US: Apache Ambari
CVE-2016-0730
RESERVED
@@ -12797,10 +12864,10 @@
NOTE: https://github.com/feist/pcs/commit/d49435de20f71bd0816c42b445ed484dd21fbe96 (0.9.149)
NOTE: https://github.com/feist/pcs/commit/b9e7f061788c3b86a0c67d2d4158f067ec5eb625 (0.9.149)
CVE-2016-0719
- RESERVED
+ REJECTED
CVE-2016-0718
RESERVED
- {DSA-3582-1}
+ {DSA-3582-1 DLA-483-1}
- expat 2.1.1-2
CVE-2016-0717
REJECTED
@@ -12828,8 +12895,8 @@
NOT-FOR-US: Apache Jetspeed
CVE-2016-0708
RESERVED
-CVE-2016-0707
- RESERVED
+CVE-2016-0707 (The agent in Apache Ambari before 2.1.2 uses weak permissions for the ...)
+ TODO: check
CVE-2016-0706 (Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, ...)
{DSA-3552-1 DSA-3530-1 DLA-435-1}
- tomcat9 <itp> (bug #802312)
@@ -17852,7 +17919,7 @@
RESERVED
CVE-2015-7558 [Stack exhaustion]
RESERVED
- {DLA-477-1}
+ {DSA-3584-1 DLA-477-1}
- librsvg 2.40.12-1
[squeeze] - librsvg <no-dsa> (Too intrusive to backport)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1268243
More information about the Secure-testing-commits
mailing list