[Secure-testing-commits] r42000 - data/CVE

Tue May 24 21:10:11 UTC 2016

Author: sectracker
Date: 2016-05-24 21:10:11 +0000 (Tue, 24 May 2016)
New Revision: 42000

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-05-24 20:21:47 UTC (rev 41999)
+++ data/CVE/list	2016-05-24 21:10:11 UTC (rev 42000)
@@ -1,3 +1,25 @@
+CVE-2016-4963
+	RESERVED
+CVE-2016-4962
+	RESERVED
+CVE-2016-4961
+	RESERVED
+CVE-2016-4960
+	RESERVED
+CVE-2016-4959
+	RESERVED
+CVE-2016-4958
+	RESERVED
+CVE-2016-4957
+	RESERVED
+CVE-2016-4956
+	RESERVED
+CVE-2016-4955
+	RESERVED
+CVE-2016-4954
+	RESERVED
+CVE-2016-4953
+	RESERVED
 CVE-2016-XXXX [OpenNTPD not verifying CN during HTTPS constraints request]
 	- openntpd <unfixed>
 	[jessie] - openntpd <not-affected> (Vulnerable code introduced later)
@@ -59,6 +81,7 @@
 	- mediawiki <removed>
 	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-May/000188.html
 CVE-2016-4952 [scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines]
+	RESERVED
 	- qemu <unfixed> (bug #825210)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <not-affected> (VMWare PVSCSI paravirtual device implementation introduced later)
@@ -431,10 +454,10 @@
 	RESERVED
 CVE-2016-4784
 	RESERVED
-CVE-2016-4783
-	RESERVED
-CVE-2016-4782
-	RESERVED
+CVE-2016-4783 (Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before ...)
+	TODO: check
+CVE-2016-4782 (Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote ...)
+	TODO: check
 CVE-2016-4781
 	RESERVED
 CVE-2016-4780
@@ -838,10 +861,10 @@
 CVE-2016-4580 (The x25_negotiate_facilities function in net/x25/x25_facilities.c in ...)
 	- linux <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/79e48650320e6fba48369fccf13fd045315b19b8 (v4.6)
-CVE-2016-4577
-	RESERVED
-CVE-2016-4576
-	RESERVED
+CVE-2016-4577 (Buffer overflow in the Smart DNS functionity in the Huawei NGFW Module ...)
+	TODO: check
+CVE-2016-4576 (Buffer overflow in the Application Specific Packet Filtering (ASPF) ...)
+	TODO: check
 CVE-2016-4575
 	RESERVED
 CVE-2016-4796 [OpenJPEG Heap Buffer Overflow in function color_cmyk_to_rgb of color.c]
@@ -2135,8 +2158,8 @@
 	RESERVED
 	- gitlab <unfixed> (bug #823290)
 	NOTE: https://about.gitlab.com/2016/05/02/cve-2016-4340-patches/
-CVE-2016-4087
-	RESERVED
+CVE-2016-4087 (Huawei S12700 switches with software before V200R008C00SPC500 and ...)
+	TODO: check
 CVE-2016-4086
 	RESERVED
 CVE-2016-4075
@@ -2250,8 +2273,7 @@
 	NOTE: nodejs not covered by security support
 CVE-2016-4050
 	RESERVED
-CVE-2016-4049 [Missing size check in bgp_dump_routes_func in bgpd/bgp_dump.c allowing DoS]
-	RESERVED
+CVE-2016-4049 (The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does ...)
 	- quagga <unfixed> (bug #822787)
 	NOTE: https://lists.quagga.net/pipermail/quagga-dev/2016-January/014699.html
 	NOTE: https://lists.quagga.net/pipermail/quagga-dev/2016-April/015241.html
@@ -2415,8 +2437,7 @@
 	RESERVED
 CVE-2016-4031
 	RESERVED
-CVE-2016-4037 [usb: Infinite loop vulnerability in usb_ehci using siTD process]
-	RESERVED
+CVE-2016-4037 (The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows ...)
 	- qemu 1:2.6+dfsg-1 (bug #822344)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <no-dsa> (Minor issue)
@@ -2602,8 +2623,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1326082
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01131.html
 	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/6
-CVE-2016-4001 [net: buffer overflow in stellaris_enet emulator]
-	RESERVED
+CVE-2016-4001 (Buffer overflow in the stellaris_enet_receive function in ...)
 	- qemu 1:2.6+dfsg-1 (bug #821038)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <no-dsa> (Minor issue)
@@ -2769,14 +2789,12 @@
 	NOT-FOR-US: Huawei AR3200 routers
 CVE-2016-3949
 	RESERVED
-CVE-2016-3959
-	RESERVED
+CVE-2016-3959 (The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x ...)
 	- golang 2:1.6.1-1 (bug #820369)
 	[jessie] - golang <no-dsa> (Minor issue)
 	[wheezy] - golang <no-dsa> (Minor issue)
 	NOTE: https://golang.org/cl/21533
-CVE-2016-3958
-	RESERVED
+CVE-2016-3958 (Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x ...)
 	- golang <not-affected> (Only affects Go on Windows)
 	NOTE: https://golang.org/cl/21428
 CVE-2016-3946
@@ -3497,8 +3515,8 @@
 	RESERVED
 CVE-2016-3665
 	RESERVED
-CVE-2016-3664
-	RESERVED
+CVE-2016-3664 (Trend Micro Mobile Security for iOS before 3.2.1188 does not verify ...)
+	TODO: check
 CVE-2016-3663
 	RESERVED
 CVE-2016-3662
@@ -5454,8 +5472,8 @@
 	NOTE: Fixed upstream in 1.14.1
 	NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/952027dd7f794ff4b2d4f5eddf549c5b5070fa38
 	NOTE: http://www.openwall.com/lists/oss-security/2016/03/08/4
-CVE-2016-2855
-	RESERVED
+CVE-2016-2855 (The Huawei Mobile Broadband HL Service 22.001.25.00.03 and earlier ...)
+	TODO: check
 CVE-2016-2852
 	RESERVED
 CVE-2016-2851 (Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms ...)
@@ -13172,8 +13190,7 @@
 	NOTE: https://github.com/chef/chef/issues/3871
 	NOTE: http://www.openwall.com/lists/oss-security/2015/12/14/10
 	NOTE: Workaround: use validatorless bootstrapping
-CVE-2015-8558 [usb: infinite loop in ehci_advance_state results in DoS]
-	RESERVED
+CVE-2015-8558 (The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows ...)
 	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
 	- qemu 1:2.5+dfsg-2 (bug #808144)
 	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)


