[Secure-testing-commits] r42000 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue May 24 21:10:11 UTC 2016
Author: sectracker
Date: 2016-05-24 21:10:11 +0000 (Tue, 24 May 2016)
New Revision: 42000
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-05-24 20:21:47 UTC (rev 41999)
+++ data/CVE/list 2016-05-24 21:10:11 UTC (rev 42000)
@@ -1,3 +1,25 @@
+CVE-2016-4963
+ RESERVED
+CVE-2016-4962
+ RESERVED
+CVE-2016-4961
+ RESERVED
+CVE-2016-4960
+ RESERVED
+CVE-2016-4959
+ RESERVED
+CVE-2016-4958
+ RESERVED
+CVE-2016-4957
+ RESERVED
+CVE-2016-4956
+ RESERVED
+CVE-2016-4955
+ RESERVED
+CVE-2016-4954
+ RESERVED
+CVE-2016-4953
+ RESERVED
CVE-2016-XXXX [OpenNTPD not verifying CN during HTTPS constraints request]
- openntpd <unfixed>
[jessie] - openntpd <not-affected> (Vulnerable code introduced later)
@@ -59,6 +81,7 @@
- mediawiki <removed>
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-May/000188.html
CVE-2016-4952 [scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines]
+ RESERVED
- qemu <unfixed> (bug #825210)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (VMWare PVSCSI paravirtual device implementation introduced later)
@@ -431,10 +454,10 @@
RESERVED
CVE-2016-4784
RESERVED
-CVE-2016-4783
- RESERVED
-CVE-2016-4782
- RESERVED
+CVE-2016-4783 (Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before ...)
+ TODO: check
+CVE-2016-4782 (Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote ...)
+ TODO: check
CVE-2016-4781
RESERVED
CVE-2016-4780
@@ -838,10 +861,10 @@
CVE-2016-4580 (The x25_negotiate_facilities function in net/x25/x25_facilities.c in ...)
- linux <unfixed>
NOTE: Fixed by: https://git.kernel.org/linus/79e48650320e6fba48369fccf13fd045315b19b8 (v4.6)
-CVE-2016-4577
- RESERVED
-CVE-2016-4576
- RESERVED
+CVE-2016-4577 (Buffer overflow in the Smart DNS functionity in the Huawei NGFW Module ...)
+ TODO: check
+CVE-2016-4576 (Buffer overflow in the Application Specific Packet Filtering (ASPF) ...)
+ TODO: check
CVE-2016-4575
RESERVED
CVE-2016-4796 [OpenJPEG Heap Buffer Overflow in function color_cmyk_to_rgb of color.c]
@@ -2135,8 +2158,8 @@
RESERVED
- gitlab <unfixed> (bug #823290)
NOTE: https://about.gitlab.com/2016/05/02/cve-2016-4340-patches/
-CVE-2016-4087
- RESERVED
+CVE-2016-4087 (Huawei S12700 switches with software before V200R008C00SPC500 and ...)
+ TODO: check
CVE-2016-4086
RESERVED
CVE-2016-4075
@@ -2250,8 +2273,7 @@
NOTE: nodejs not covered by security support
CVE-2016-4050
RESERVED
-CVE-2016-4049 [Missing size check in bgp_dump_routes_func in bgpd/bgp_dump.c allowing DoS]
- RESERVED
+CVE-2016-4049 (The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does ...)
- quagga <unfixed> (bug #822787)
NOTE: https://lists.quagga.net/pipermail/quagga-dev/2016-January/014699.html
NOTE: https://lists.quagga.net/pipermail/quagga-dev/2016-April/015241.html
@@ -2415,8 +2437,7 @@
RESERVED
CVE-2016-4031
RESERVED
-CVE-2016-4037 [usb: Infinite loop vulnerability in usb_ehci using siTD process]
- RESERVED
+CVE-2016-4037 (The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows ...)
- qemu 1:2.6+dfsg-1 (bug #822344)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
@@ -2602,8 +2623,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1326082
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01131.html
NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/6
-CVE-2016-4001 [net: buffer overflow in stellaris_enet emulator]
- RESERVED
+CVE-2016-4001 (Buffer overflow in the stellaris_enet_receive function in ...)
- qemu 1:2.6+dfsg-1 (bug #821038)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
@@ -2769,14 +2789,12 @@
NOT-FOR-US: Huawei AR3200 routers
CVE-2016-3949
RESERVED
-CVE-2016-3959
- RESERVED
+CVE-2016-3959 (The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x ...)
- golang 2:1.6.1-1 (bug #820369)
[jessie] - golang <no-dsa> (Minor issue)
[wheezy] - golang <no-dsa> (Minor issue)
NOTE: https://golang.org/cl/21533
-CVE-2016-3958
- RESERVED
+CVE-2016-3958 (Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x ...)
- golang <not-affected> (Only affects Go on Windows)
NOTE: https://golang.org/cl/21428
CVE-2016-3946
@@ -3497,8 +3515,8 @@
RESERVED
CVE-2016-3665
RESERVED
-CVE-2016-3664
- RESERVED
+CVE-2016-3664 (Trend Micro Mobile Security for iOS before 3.2.1188 does not verify ...)
+ TODO: check
CVE-2016-3663
RESERVED
CVE-2016-3662
@@ -5454,8 +5472,8 @@
NOTE: Fixed upstream in 1.14.1
NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/952027dd7f794ff4b2d4f5eddf549c5b5070fa38
NOTE: http://www.openwall.com/lists/oss-security/2016/03/08/4
-CVE-2016-2855
- RESERVED
+CVE-2016-2855 (The Huawei Mobile Broadband HL Service 22.001.25.00.03 and earlier ...)
+ TODO: check
CVE-2016-2852
RESERVED
CVE-2016-2851 (Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms ...)
@@ -13172,8 +13190,7 @@
NOTE: https://github.com/chef/chef/issues/3871
NOTE: http://www.openwall.com/lists/oss-security/2015/12/14/10
NOTE: Workaround: use validatorless bootstrapping
-CVE-2015-8558 [usb: infinite loop in ehci_advance_state results in DoS]
- RESERVED
+CVE-2015-8558 (The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows ...)
{DSA-3471-1 DSA-3470-1 DSA-3469-1}
- qemu 1:2.5+dfsg-2 (bug #808144)
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
More information about the Secure-testing-commits
mailing list