[Secure-testing-commits] r42066 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu May 26 21:10:12 UTC 2016
Author: sectracker
Date: 2016-05-26 21:10:11 +0000 (Thu, 26 May 2016)
New Revision: 42066
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-05-26 20:37:54 UTC (rev 42065)
+++ data/CVE/list 2016-05-26 21:10:11 UTC (rev 42066)
@@ -1,3 +1,217 @@
+CVE-2016-5090
+ RESERVED
+CVE-2016-5089
+ RESERVED
+CVE-2016-5088
+ RESERVED
+CVE-2016-5087
+ RESERVED
+CVE-2016-5086
+ RESERVED
+CVE-2016-5085
+ RESERVED
+CVE-2016-5084
+ RESERVED
+CVE-2016-5083
+ RESERVED
+CVE-2016-5082
+ RESERVED
+CVE-2016-5081
+ RESERVED
+CVE-2016-5080
+ RESERVED
+CVE-2016-5079
+ RESERVED
+CVE-2016-5078
+ RESERVED
+CVE-2016-5077
+ RESERVED
+CVE-2016-5076
+ RESERVED
+CVE-2016-5075
+ RESERVED
+CVE-2016-5074
+ RESERVED
+CVE-2016-5073
+ RESERVED
+CVE-2016-5072
+ RESERVED
+CVE-2016-5071
+ RESERVED
+CVE-2016-5070
+ RESERVED
+CVE-2016-5069
+ RESERVED
+CVE-2016-5068
+ RESERVED
+CVE-2016-5067
+ RESERVED
+CVE-2016-5066
+ RESERVED
+CVE-2016-5065
+ RESERVED
+CVE-2016-5064
+ RESERVED
+CVE-2016-5063
+ RESERVED
+CVE-2016-5062
+ RESERVED
+CVE-2016-5061
+ RESERVED
+CVE-2016-5060
+ RESERVED
+CVE-2016-5059
+ RESERVED
+CVE-2016-5058
+ RESERVED
+CVE-2016-5057
+ RESERVED
+CVE-2016-5056
+ RESERVED
+CVE-2016-5055
+ RESERVED
+CVE-2016-5054
+ RESERVED
+CVE-2016-5053
+ RESERVED
+CVE-2016-5052
+ RESERVED
+CVE-2016-5051
+ RESERVED
+CVE-2016-5050
+ RESERVED
+CVE-2016-5049
+ RESERVED
+CVE-2016-5048
+ RESERVED
+CVE-2016-5047
+ RESERVED
+CVE-2016-5046
+ RESERVED
+CVE-2016-5045
+ RESERVED
+CVE-2016-5025
+ RESERVED
+CVE-2016-5024
+ RESERVED
+CVE-2016-5023
+ RESERVED
+CVE-2016-5022
+ RESERVED
+CVE-2016-5021
+ RESERVED
+CVE-2016-5020
+ RESERVED
+CVE-2016-5019
+ RESERVED
+CVE-2016-5018
+ RESERVED
+CVE-2016-5017
+ RESERVED
+CVE-2016-5016
+ RESERVED
+CVE-2016-5015
+ RESERVED
+CVE-2016-5014
+ RESERVED
+CVE-2016-5013
+ RESERVED
+CVE-2016-5012
+ RESERVED
+CVE-2016-5011
+ RESERVED
+CVE-2016-5010
+ RESERVED
+CVE-2016-5009
+ RESERVED
+CVE-2016-5008
+ RESERVED
+CVE-2016-5007
+ RESERVED
+CVE-2016-5006
+ RESERVED
+CVE-2016-5005
+ RESERVED
+CVE-2016-5004
+ RESERVED
+CVE-2016-5003
+ RESERVED
+CVE-2016-5002
+ RESERVED
+CVE-2016-5001
+ RESERVED
+CVE-2016-5000
+ RESERVED
+CVE-2016-4999
+ RESERVED
+CVE-2016-4998
+ RESERVED
+CVE-2016-4997
+ RESERVED
+CVE-2016-4996
+ RESERVED
+CVE-2016-4995
+ RESERVED
+CVE-2016-4994
+ RESERVED
+CVE-2016-4993
+ RESERVED
+CVE-2016-4992
+ RESERVED
+CVE-2016-4991
+ RESERVED
+CVE-2016-4990
+ RESERVED
+CVE-2016-4989
+ RESERVED
+CVE-2016-4988
+ RESERVED
+CVE-2016-4987
+ RESERVED
+CVE-2016-4986
+ RESERVED
+CVE-2016-4985
+ RESERVED
+CVE-2016-4984
+ RESERVED
+CVE-2016-4983
+ RESERVED
+CVE-2016-4982
+ RESERVED
+CVE-2016-4981
+ RESERVED
+CVE-2016-4980
+ RESERVED
+CVE-2016-4979
+ RESERVED
+CVE-2016-4978
+ RESERVED
+CVE-2016-4977
+ RESERVED
+CVE-2016-4976
+ RESERVED
+CVE-2016-4975
+ RESERVED
+CVE-2016-4974
+ RESERVED
+CVE-2016-4973
+ RESERVED
+CVE-2016-4972
+ RESERVED
+CVE-2016-4971
+ RESERVED
+CVE-2016-4970
+ RESERVED
+CVE-2016-4969
+ RESERVED
+CVE-2016-4968
+ RESERVED
+CVE-2016-4967
+ RESERVED
+CVE-2016-4966
+ RESERVED
+CVE-2016-4965
+ RESERVED
CVE-2016-XXXX [AST-2016-005]
- asterisk 1:13.8.2~dfsg-1
[jessie] - asterisk <not-affected> (Only affects 13.x)
@@ -62,80 +276,100 @@
NOTE: Fixed in 7.0.7, 5.6.22, 5.5.36
NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
CVE-2016-5091
+ RESERVED
- typo3-src <removed>
CVE-2016-5044
+ RESERVED
- dwarfutils 20160507-1
[jessie] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
CVE-2016-5043
+ RESERVED
- dwarfutils 20160507-1
[jessie] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
CVE-2016-5042
+ RESERVED
- dwarfutils 20160507-1
[jessie] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
CVE-2016-5041
+ RESERVED
- dwarfutils 20160507-1
[jessie] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
CVE-2016-5040
+ RESERVED
- dwarfutils 20160507-1
[jessie] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
CVE-2016-5039
+ RESERVED
- dwarfutils 20160507-1
[jessie] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/libdwarf/code/ci/eb1472afac95031d0c9dd8c11d527b865fe7deb8/
CVE-2016-5038
+ RESERVED
- dwarfutils <unfixed>
[jessie] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/
CVE-2016-5037
+ RESERVED
- dwarfutils 20160507-1
[jessie] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/libdwarf/code/ci/b6ec2dfd850929821626ea63fb0a752076a3c08a/
CVE-2016-5036
+ RESERVED
- dwarfutils <unfixed>
[jessie] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/
CVE-2016-5035
+ RESERVED
- dwarfutils <unfixed>
[jessie] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/
CVE-2016-5034
+ RESERVED
- dwarfutils <unfixed>
[jessie] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/libdwarf/code/ci/10ca310f64368dc083efacac87732c02ef560a92/
CVE-2016-5033
+ RESERVED
- dwarfutils <unfixed>
[jessie] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/libdwarf/code/ci/ac6673e32f3443a5d36c2217cb814000930b2c54/
CVE-2016-5032
+ RESERVED
- dwarfutils <unfixed>
[jessie] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/libdwarf/code/ci/ac6673e32f3443a5d36c2217cb814000930b2c54/
CVE-2016-5031
+ RESERVED
- dwarfutils <unfixed>
[jessie] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/libdwarf/code/ci/ac6673e32f3443a5d36c2217cb814000930b2c54/
CVE-2016-5030
+ RESERVED
- dwarfutils <unfixed>
[jessie] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/libdwarf/code/ci/6fa3f710ee6f21bba7966b963033a91d77c952bd/
CVE-2016-5029
+ RESERVED
- dwarfutils <unfixed>
[jessie] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/libdwarf/code/ci/acae971371daa23a19358bc62204007d258fbc5e/
CVE-2016-5028
+ RESERVED
- dwarfutils <unfixed>
[jessie] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/libdwarf/code/ci/a55b958926cc67f89a512ed30bb5a22b0adb10f4/
CVE-2016-5027
+ RESERVED
- dwarfutils <unfixed>
[jessie] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1330237
CVE-2016-5026 [unsafe handling of temporary directory]
+ RESERVED
- onionshare <unfixed> (unimportant)
NOTE: Neutralised by kernel hardening (also contrib and non-free not supported)
CVE-2016-4963
@@ -167,6 +401,7 @@
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/05/23/2
NOTE: Authenticated TLS "contraints" introduced in 2015-03-24 OpenNTPD 5.7p4
CVE-2016-4964 [scsi: mptsas infinite loop in mptsas_fetch_requests]
+ RESERVED
- qemu <unfixed> (bug #825207)
[jessie] - qemu <not-affected> (LSI SAS1068 (mptsas) device support added later)
[wheezy] - qemu <not-affected> (LSI SAS1068 (mptsas) device support added later)
@@ -1001,12 +1236,12 @@
CVE-2016-4580 (The x25_negotiate_facilities function in net/x25/x25_facilities.c in ...)
- linux <unfixed>
NOTE: Fixed by: https://git.kernel.org/linus/79e48650320e6fba48369fccf13fd045315b19b8 (v4.6)
-CVE-2016-4577 (Buffer overflow in the Smart DNS functionity in the Huawei NGFW Module ...)
+CVE-2016-4577 (Buffer overflow in the Smart DNS functionality in the Huawei NGFW ...)
TODO: check
CVE-2016-4576 (Buffer overflow in the Application Specific Packet Filtering (ASPF) ...)
TODO: check
-CVE-2016-4575
- RESERVED
+CVE-2016-4575 (Cross-site scripting (XSS) vulnerability in the email APP in Huawei ...)
+ TODO: check
CVE-2016-4796 [OpenJPEG Heap Buffer Overflow in function color_cmyk_to_rgb of color.c]
RESERVED
- openjpeg2 <not-affected> (Vulnerable code not yet present in 2.1.0)
@@ -2553,8 +2788,7 @@
RESERVED
CVE-2016-4040 (SQL injection vulnerability in the Workflow Screen in dotCMS before ...)
NOT-FOR-US: dotCMS
-CVE-2015-8853 [Regexp-matching "hangs" indefinitely on illegal input using binmode :utf8 using 100%CPU]
- RESERVED
+CVE-2015-8853 (The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in ...)
- perl 5.22.1-1 (bug #821848)
[jessie] - perl <no-dsa> (Minor issue, can be fixed via point release)
[wheezy] - perl <no-dsa> (Minor issue)
@@ -2676,8 +2910,7 @@
CVE-2016-4003 (Cross-site scripting (XSS) vulnerability in the URLDecoder function in ...)
- libstruts1.2-java <not-affected> (Only affects 2.x)
NOTE: http://struts.apache.org/docs/s2-028.html
-CVE-2016-4020 [i386: leakage of stack memory to guest in kvmvapic.c]
- RESERVED
+CVE-2016-4020 (The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not ...)
- qemu <unfixed> (bug #821062)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
@@ -9307,10 +9540,10 @@
RESERVED
CVE-2016-1888
RESERVED
-CVE-2016-1887
- RESERVED
-CVE-2016-1886
- RESERVED
+CVE-2016-1887 (Integer signedness error in the sockargs function in ...)
+ TODO: check
+CVE-2016-1886 (Integer signedness error in the genkbd_commonioctl function in ...)
+ TODO: check
CVE-2016-1885 (Integer signedness error in the amd64_set_ldt function in ...)
[experimental] - kfreebsd-10 10.3~svn296998-1
- kfreebsd-10 <unfixed> (unimportant; bug #818426)
@@ -10782,10 +11015,10 @@
RESERVED
CVE-2016-1408
RESERVED
-CVE-2016-1407
- RESERVED
-CVE-2016-1406
- RESERVED
+CVE-2016-1407 (Cisco IOS XR through 5.3.2 mishandles Local Packet Transport Services ...)
+ TODO: check
+CVE-2016-1406 (The API web interface in Cisco Prime Infrastructure before 3.1 and ...)
+ TODO: check
CVE-2016-1405
RESERVED
CVE-2016-1404
@@ -10796,8 +11029,8 @@
TODO: check
CVE-2016-1401 (Cross-site scripting (XSS) vulnerability in the management interface ...)
TODO: check
-CVE-2016-1400
- RESERVED
+CVE-2016-1400 (Cisco TelePresence Video Communications Server (VCS) X8.x before ...)
+ TODO: check
CVE-2016-1399 (The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, ...)
TODO: check
CVE-2016-1398
@@ -10830,14 +11063,14 @@
RESERVED
CVE-2016-1384 (The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 ...)
TODO: check
-CVE-2016-1383
- RESERVED
-CVE-2016-1382
- RESERVED
-CVE-2016-1381
- RESERVED
-CVE-2016-1380
- RESERVED
+CVE-2016-1383 (Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance ...)
+ TODO: check
+CVE-2016-1382 (Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security ...)
+ TODO: check
+CVE-2016-1381 (Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web ...)
+ TODO: check
+CVE-2016-1380 (Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) ...)
+ TODO: check
CVE-2016-1379
RESERVED
CVE-2016-1378 (Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote ...)
@@ -14599,8 +14832,7 @@
RESERVED
CVE-2016-0265
RESERVED
-CVE-2016-0264
- RESERVED
+CVE-2016-0264 (Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java ...)
NOT-FOR-US: IBM JDK
CVE-2016-0263
RESERVED
@@ -55720,8 +55952,7 @@
- linux-2.6 <removed>
[squeeze] - linux-2.6 2.6.32-48squeeze9
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9de7922bc709eee2f609cd01d98aaedc4cf5ea74 (v3.18-rc1)
-CVE-2014-3672 [Unrestricted qemu logging]
- RESERVED
+CVE-2014-3672 (The qemu implementation in libvirt before 1.3.0 and Xen allows local ...)
- qemu <unfixed>
[jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
@@ -70790,7 +71021,7 @@
NOT-FOR-US: IBM JDK
CVE-2013-5457 (Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 ...)
NOT-FOR-US: IBM JDK
-CVE-2013-5456 (Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6 allows ...)
+CVE-2013-5456 (The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 ...)
NOT-FOR-US: IBM JDK
CVE-2013-5455 (IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote ...)
NOT-FOR-US: IBM SmartCloud Provisioning
@@ -77018,7 +77249,7 @@
NOT-FOR-US: IBM JDK
CVE-2013-3010 (Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM ...)
NOT-FOR-US: IBM JDK
-CVE-2013-3009 (Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM ...)
+CVE-2013-3009 (The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before ...)
NOT-FOR-US: IBM JDK
CVE-2013-3008 (Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM ...)
NOT-FOR-US: IBM JDK
More information about the Secure-testing-commits
mailing list