[Secure-testing-commits] r42066 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Thu May 26 21:10:12 UTC 2016


Author: sectracker
Date: 2016-05-26 21:10:11 +0000 (Thu, 26 May 2016)
New Revision: 42066

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-05-26 20:37:54 UTC (rev 42065)
+++ data/CVE/list	2016-05-26 21:10:11 UTC (rev 42066)
@@ -1,3 +1,217 @@
+CVE-2016-5090
+	RESERVED
+CVE-2016-5089
+	RESERVED
+CVE-2016-5088
+	RESERVED
+CVE-2016-5087
+	RESERVED
+CVE-2016-5086
+	RESERVED
+CVE-2016-5085
+	RESERVED
+CVE-2016-5084
+	RESERVED
+CVE-2016-5083
+	RESERVED
+CVE-2016-5082
+	RESERVED
+CVE-2016-5081
+	RESERVED
+CVE-2016-5080
+	RESERVED
+CVE-2016-5079
+	RESERVED
+CVE-2016-5078
+	RESERVED
+CVE-2016-5077
+	RESERVED
+CVE-2016-5076
+	RESERVED
+CVE-2016-5075
+	RESERVED
+CVE-2016-5074
+	RESERVED
+CVE-2016-5073
+	RESERVED
+CVE-2016-5072
+	RESERVED
+CVE-2016-5071
+	RESERVED
+CVE-2016-5070
+	RESERVED
+CVE-2016-5069
+	RESERVED
+CVE-2016-5068
+	RESERVED
+CVE-2016-5067
+	RESERVED
+CVE-2016-5066
+	RESERVED
+CVE-2016-5065
+	RESERVED
+CVE-2016-5064
+	RESERVED
+CVE-2016-5063
+	RESERVED
+CVE-2016-5062
+	RESERVED
+CVE-2016-5061
+	RESERVED
+CVE-2016-5060
+	RESERVED
+CVE-2016-5059
+	RESERVED
+CVE-2016-5058
+	RESERVED
+CVE-2016-5057
+	RESERVED
+CVE-2016-5056
+	RESERVED
+CVE-2016-5055
+	RESERVED
+CVE-2016-5054
+	RESERVED
+CVE-2016-5053
+	RESERVED
+CVE-2016-5052
+	RESERVED
+CVE-2016-5051
+	RESERVED
+CVE-2016-5050
+	RESERVED
+CVE-2016-5049
+	RESERVED
+CVE-2016-5048
+	RESERVED
+CVE-2016-5047
+	RESERVED
+CVE-2016-5046
+	RESERVED
+CVE-2016-5045
+	RESERVED
+CVE-2016-5025
+	RESERVED
+CVE-2016-5024
+	RESERVED
+CVE-2016-5023
+	RESERVED
+CVE-2016-5022
+	RESERVED
+CVE-2016-5021
+	RESERVED
+CVE-2016-5020
+	RESERVED
+CVE-2016-5019
+	RESERVED
+CVE-2016-5018
+	RESERVED
+CVE-2016-5017
+	RESERVED
+CVE-2016-5016
+	RESERVED
+CVE-2016-5015
+	RESERVED
+CVE-2016-5014
+	RESERVED
+CVE-2016-5013
+	RESERVED
+CVE-2016-5012
+	RESERVED
+CVE-2016-5011
+	RESERVED
+CVE-2016-5010
+	RESERVED
+CVE-2016-5009
+	RESERVED
+CVE-2016-5008
+	RESERVED
+CVE-2016-5007
+	RESERVED
+CVE-2016-5006
+	RESERVED
+CVE-2016-5005
+	RESERVED
+CVE-2016-5004
+	RESERVED
+CVE-2016-5003
+	RESERVED
+CVE-2016-5002
+	RESERVED
+CVE-2016-5001
+	RESERVED
+CVE-2016-5000
+	RESERVED
+CVE-2016-4999
+	RESERVED
+CVE-2016-4998
+	RESERVED
+CVE-2016-4997
+	RESERVED
+CVE-2016-4996
+	RESERVED
+CVE-2016-4995
+	RESERVED
+CVE-2016-4994
+	RESERVED
+CVE-2016-4993
+	RESERVED
+CVE-2016-4992
+	RESERVED
+CVE-2016-4991
+	RESERVED
+CVE-2016-4990
+	RESERVED
+CVE-2016-4989
+	RESERVED
+CVE-2016-4988
+	RESERVED
+CVE-2016-4987
+	RESERVED
+CVE-2016-4986
+	RESERVED
+CVE-2016-4985
+	RESERVED
+CVE-2016-4984
+	RESERVED
+CVE-2016-4983
+	RESERVED
+CVE-2016-4982
+	RESERVED
+CVE-2016-4981
+	RESERVED
+CVE-2016-4980
+	RESERVED
+CVE-2016-4979
+	RESERVED
+CVE-2016-4978
+	RESERVED
+CVE-2016-4977
+	RESERVED
+CVE-2016-4976
+	RESERVED
+CVE-2016-4975
+	RESERVED
+CVE-2016-4974
+	RESERVED
+CVE-2016-4973
+	RESERVED
+CVE-2016-4972
+	RESERVED
+CVE-2016-4971
+	RESERVED
+CVE-2016-4970
+	RESERVED
+CVE-2016-4969
+	RESERVED
+CVE-2016-4968
+	RESERVED
+CVE-2016-4967
+	RESERVED
+CVE-2016-4966
+	RESERVED
+CVE-2016-4965
+	RESERVED
 CVE-2016-XXXX [AST-2016-005]
 	- asterisk 1:13.8.2~dfsg-1
 	[jessie] - asterisk <not-affected> (Only affects 13.x)
@@ -62,80 +276,100 @@
 	NOTE: Fixed in 7.0.7, 5.6.22, 5.5.36
 	NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
 CVE-2016-5091
+	RESERVED
 	- typo3-src <removed>
 CVE-2016-5044
+	RESERVED
 	- dwarfutils 20160507-1
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
 CVE-2016-5043
+	RESERVED
 	- dwarfutils 20160507-1
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
 CVE-2016-5042
+	RESERVED
 	- dwarfutils 20160507-1
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
 CVE-2016-5041
+	RESERVED
 	- dwarfutils 20160507-1
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
 CVE-2016-5040
+	RESERVED
 	- dwarfutils 20160507-1
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
 CVE-2016-5039
+	RESERVED
 	- dwarfutils 20160507-1
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/eb1472afac95031d0c9dd8c11d527b865fe7deb8/
 CVE-2016-5038
+	RESERVED
 	- dwarfutils <unfixed>
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/
 CVE-2016-5037
+	RESERVED
 	- dwarfutils 20160507-1
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/b6ec2dfd850929821626ea63fb0a752076a3c08a/
 CVE-2016-5036
+	RESERVED
 	- dwarfutils <unfixed>
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/
 CVE-2016-5035
+	RESERVED
 	- dwarfutils <unfixed>
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/
 CVE-2016-5034
+	RESERVED
 	- dwarfutils <unfixed>
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/10ca310f64368dc083efacac87732c02ef560a92/
 CVE-2016-5033
+	RESERVED
 	- dwarfutils <unfixed>
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/ac6673e32f3443a5d36c2217cb814000930b2c54/
 CVE-2016-5032
+	RESERVED
 	- dwarfutils <unfixed>
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/ac6673e32f3443a5d36c2217cb814000930b2c54/
 CVE-2016-5031
+	RESERVED
 	- dwarfutils <unfixed>
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/ac6673e32f3443a5d36c2217cb814000930b2c54/
 CVE-2016-5030
+	RESERVED
 	- dwarfutils <unfixed>
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/6fa3f710ee6f21bba7966b963033a91d77c952bd/
 CVE-2016-5029
+	RESERVED
 	- dwarfutils <unfixed>
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/acae971371daa23a19358bc62204007d258fbc5e/
 CVE-2016-5028
+	RESERVED
 	- dwarfutils <unfixed>
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/a55b958926cc67f89a512ed30bb5a22b0adb10f4/
 CVE-2016-5027
+	RESERVED
 	- dwarfutils <unfixed>
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1330237
 CVE-2016-5026 [unsafe handling of temporary directory]
+	RESERVED
 	- onionshare <unfixed> (unimportant)
 	NOTE: Neutralised by kernel hardening (also contrib and non-free not supported)
 CVE-2016-4963
@@ -167,6 +401,7 @@
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/05/23/2
 	NOTE: Authenticated TLS "contraints" introduced in 2015-03-24 OpenNTPD 5.7p4
 CVE-2016-4964 [scsi: mptsas infinite loop in mptsas_fetch_requests]
+	RESERVED
 	- qemu <unfixed> (bug #825207)
 	[jessie] - qemu <not-affected> (LSI SAS1068 (mptsas) device support added later)
 	[wheezy] - qemu <not-affected> (LSI SAS1068 (mptsas) device support added later)
@@ -1001,12 +1236,12 @@
 CVE-2016-4580 (The x25_negotiate_facilities function in net/x25/x25_facilities.c in ...)
 	- linux <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/79e48650320e6fba48369fccf13fd045315b19b8 (v4.6)
-CVE-2016-4577 (Buffer overflow in the Smart DNS functionity in the Huawei NGFW Module ...)
+CVE-2016-4577 (Buffer overflow in the Smart DNS functionality in the Huawei NGFW ...)
 	TODO: check
 CVE-2016-4576 (Buffer overflow in the Application Specific Packet Filtering (ASPF) ...)
 	TODO: check
-CVE-2016-4575
-	RESERVED
+CVE-2016-4575 (Cross-site scripting (XSS) vulnerability in the email APP in Huawei ...)
+	TODO: check
 CVE-2016-4796 [OpenJPEG Heap Buffer Overflow in function color_cmyk_to_rgb of color.c]
 	RESERVED
 	- openjpeg2 <not-affected> (Vulnerable code not yet present in 2.1.0)
@@ -2553,8 +2788,7 @@
 	RESERVED
 CVE-2016-4040 (SQL injection vulnerability in the Workflow Screen in dotCMS before ...)
 	NOT-FOR-US: dotCMS
-CVE-2015-8853 [Regexp-matching "hangs" indefinitely on illegal input using binmode :utf8 using 100%CPU]
-	RESERVED
+CVE-2015-8853 (The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in ...)
 	- perl 5.22.1-1 (bug #821848)
 	[jessie] - perl <no-dsa> (Minor issue, can be fixed via point release)
 	[wheezy] - perl <no-dsa> (Minor issue)
@@ -2676,8 +2910,7 @@
 CVE-2016-4003 (Cross-site scripting (XSS) vulnerability in the URLDecoder function in ...)
 	- libstruts1.2-java <not-affected> (Only affects 2.x)
 	NOTE: http://struts.apache.org/docs/s2-028.html
-CVE-2016-4020 [i386: leakage of stack memory to guest in kvmvapic.c]
-	RESERVED
+CVE-2016-4020 (The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not ...)
 	- qemu <unfixed> (bug #821062)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <no-dsa> (Minor issue)
@@ -9307,10 +9540,10 @@
 	RESERVED
 CVE-2016-1888
 	RESERVED
-CVE-2016-1887
-	RESERVED
-CVE-2016-1886
-	RESERVED
+CVE-2016-1887 (Integer signedness error in the sockargs function in ...)
+	TODO: check
+CVE-2016-1886 (Integer signedness error in the genkbd_commonioctl function in ...)
+	TODO: check
 CVE-2016-1885 (Integer signedness error in the amd64_set_ldt function in ...)
 	[experimental] - kfreebsd-10 10.3~svn296998-1
 	- kfreebsd-10 <unfixed> (unimportant; bug #818426)
@@ -10782,10 +11015,10 @@
 	RESERVED
 CVE-2016-1408
 	RESERVED
-CVE-2016-1407
-	RESERVED
-CVE-2016-1406
-	RESERVED
+CVE-2016-1407 (Cisco IOS XR through 5.3.2 mishandles Local Packet Transport Services ...)
+	TODO: check
+CVE-2016-1406 (The API web interface in Cisco Prime Infrastructure before 3.1 and ...)
+	TODO: check
 CVE-2016-1405
 	RESERVED
 CVE-2016-1404
@@ -10796,8 +11029,8 @@
 	TODO: check
 CVE-2016-1401 (Cross-site scripting (XSS) vulnerability in the management interface ...)
 	TODO: check
-CVE-2016-1400
-	RESERVED
+CVE-2016-1400 (Cisco TelePresence Video Communications Server (VCS) X8.x before ...)
+	TODO: check
 CVE-2016-1399 (The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, ...)
 	TODO: check
 CVE-2016-1398
@@ -10830,14 +11063,14 @@
 	RESERVED
 CVE-2016-1384 (The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 ...)
 	TODO: check
-CVE-2016-1383
-	RESERVED
-CVE-2016-1382
-	RESERVED
-CVE-2016-1381
-	RESERVED
-CVE-2016-1380
-	RESERVED
+CVE-2016-1383 (Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance ...)
+	TODO: check
+CVE-2016-1382 (Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security ...)
+	TODO: check
+CVE-2016-1381 (Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web ...)
+	TODO: check
+CVE-2016-1380 (Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) ...)
+	TODO: check
 CVE-2016-1379
 	RESERVED
 CVE-2016-1378 (Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote ...)
@@ -14599,8 +14832,7 @@
 	RESERVED
 CVE-2016-0265
 	RESERVED
-CVE-2016-0264
-	RESERVED
+CVE-2016-0264 (Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java ...)
 	NOT-FOR-US: IBM JDK
 CVE-2016-0263
 	RESERVED
@@ -55720,8 +55952,7 @@
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 2.6.32-48squeeze9
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9de7922bc709eee2f609cd01d98aaedc4cf5ea74 (v3.18-rc1)
-CVE-2014-3672 [Unrestricted qemu logging]
-	RESERVED
+CVE-2014-3672 (The qemu implementation in libvirt before 1.3.0 and Xen allows local ...)
 	- qemu <unfixed>
 	[jessie] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
@@ -70790,7 +71021,7 @@
 	NOT-FOR-US: IBM JDK
 CVE-2013-5457 (Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 ...)
 	NOT-FOR-US: IBM JDK
-CVE-2013-5456 (Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6 allows ...)
+CVE-2013-5456 (The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 ...)
 	NOT-FOR-US: IBM JDK
 CVE-2013-5455 (IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote ...)
 	NOT-FOR-US: IBM SmartCloud Provisioning
@@ -77018,7 +77249,7 @@
 	NOT-FOR-US: IBM JDK
 CVE-2013-3010 (Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM ...)
 	NOT-FOR-US: IBM JDK
-CVE-2013-3009 (Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM ...)
+CVE-2013-3009 (The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before ...)
 	NOT-FOR-US: IBM JDK
 CVE-2013-3008 (Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM ...)
 	NOT-FOR-US: IBM JDK




More information about the Secure-testing-commits mailing list