[Secure-testing-commits] r42096 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Sat May 28 09:10:12 UTC 2016
Author: sectracker
Date: 2016-05-28 09:10:12 +0000 (Sat, 28 May 2016)
New Revision: 42096
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-05-28 07:55:20 UTC (rev 42095)
+++ data/CVE/list 2016-05-28 09:10:12 UTC (rev 42096)
@@ -1,3 +1,17 @@
+CVE-2016-5102
+ RESERVED
+CVE-2016-5101
+ RESERVED
+CVE-2016-5100
+ RESERVED
+CVE-2016-5099
+ RESERVED
+CVE-2016-5098
+ RESERVED
+CVE-2016-5097
+ RESERVED
+CVE-2016-5092
+ RESERVED
CVE-2016-5108 [crash and potential code execution when processing QuickTime IMA files]
- vlc <unfixed>
NOTE: Details: http://www.openwall.com/lists/oss-security/2016/05/27/3
@@ -222,6 +236,7 @@
[wheezy] - asterisk <not-affected> (Only affects 13.x)
NOTE: http://downloads.asterisk.org/pub/security/AST-2016-005.html
CVE-2016-5107 [scsi: megasas: out-of-bounds read in megasas_lookup_frame() function]
+ RESERVED
- qemu <unfixed> (bug #825616)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
@@ -230,6 +245,7 @@
NOTE: Introduced after: http://git.qemu.org/?p=qemu.git;a=commit;h=e8f943c3bcc2a578bfd30b825f2ebaf345c63a09 (v1.2.0-rc0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336461
CVE-2016-5106 [scsi: megasas: out-of-bounds write while setting controller properties]
+ RESERVED
- qemu <unfixed> (bug #825615)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
@@ -237,6 +253,7 @@
NOTE: Introduced after: http://git.qemu.org/?p=qemu.git;a=commit;h=e8f943c3bcc2a578bfd30b825f2ebaf345c63a09 (v1.2.0-rc0)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04340.html
CVE-2016-5105 [scsi: megasas: stack information leakage while reading configuration]
+ RESERVED
- qemu <unfixed> (bug #825614)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
@@ -245,39 +262,46 @@
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04419.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1339583
CVE-2016-5104
+ RESERVED
- libimobiledevice <unfixed> (bug #825553)
[wheezy] - libimobiledevice <not-affected> (Vulnerable code not present)
NOTE: https://github.com/libimobiledevice/libimobiledevice/commit/df1f5c4d70d0c19ad40072f5246ca457e7f9849e
- libusbmuxd <unfixed> (bug #825554)
NOTE: https://github.com/libimobiledevice/libusbmuxd/commit/4397b3376dc4e4cb1c991d0aed61ce6482614196
CVE-2016-5103 [XSS vulnerability in mail content page]
+ RESERVED
- roundcube 1.2.0+dfsg.1-1
NOTE: https://github.com/roundcube/roundcubemail/issues/5240
NOTE: https://github.com/roundcube/roundcubemail/pull/5241
NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/8
CVE-2016-5096 [int/size_t confusion in fread]
+ RESERVED
- php5 5.6.22+dfsg-1
NOTE: PHP bug: https://bugs.php.net/bug.php?id=72114
NOTE: Fixed in 5.6.22, 5.5.36
NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
CVE-2016-5095 [don't create strings with lengths outside int range]
+ RESERVED
- php5 5.6.22+dfsg-1
NOTE: PHP bug: https://bugs.php.net/bug.php?id=72135
NOTE: Fixed in 5.6.22, 5.5.36
NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
NOTE: For the additional issue reported in the "[2016-05-17 12:55 UTC]" comment
CVE-2016-5094 [don't create strings with lengths outside int range]
+ RESERVED
- php5 5.6.22+dfsg-1
NOTE: PHP bug: https://bugs.php.net/bug.php?id=72135
NOTE: Fixed in 5.6.22, 5.5.36
NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
CVE-2016-5093 [get_icu_value_internal out-of-bounds read]
+ RESERVED
- php7.0 7.0.7-1
- php5 5.6.22+dfsg-1
NOTE: PHP bug: https://bugs.php.net/bug.php?id=72241
NOTE: Fixed in 7.0.7, 5.6.22, 5.5.36
NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
CVE-2013-7456 [Fixed memory overrun bug in gdImageScaleTwoPass]
+ RESERVED
{DSA-3587-1}
- libgd2 2.1.1-1
NOTE: https://github.com/libgd/libgd/commit/4f65a3e4eedaffa1efcf9ee1eb08f0b504fbc31a (gd-2.1.1)
@@ -817,20 +841,20 @@
RESERVED
CVE-2016-4793
RESERVED
-CVE-2016-4792
- RESERVED
-CVE-2016-4791
- RESERVED
-CVE-2016-4790
- RESERVED
-CVE-2016-4789
- RESERVED
-CVE-2016-4788
- RESERVED
-CVE-2016-4787
- RESERVED
-CVE-2016-4786
- RESERVED
+CVE-2016-4792 (Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to ...)
+ TODO: check
+CVE-2016-4791 (The administrative user interface in Pulse Connect Secure (PCS) 8.2 ...)
+ TODO: check
+CVE-2016-4790 (Cross-site scripting (XSS) vulnerability in the administrative user ...)
+ TODO: check
+CVE-2016-4789 (Cross-site scripting (XSS) vulnerability in the system configuration ...)
+ TODO: check
+CVE-2016-4788 (Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 ...)
+ TODO: check
+CVE-2016-4787 (Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 ...)
+ TODO: check
+CVE-2016-4786 (Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 ...)
+ TODO: check
CVE-2014-9776
RESERVED
CVE-2014-9775
@@ -2869,8 +2893,7 @@
RESERVED
CVE-2016-4022
RESERVED
-CVE-2016-4021 [pgpdump: denial of service]
- RESERVED
+CVE-2016-4021 (The read_binary function in buffer.c in pgpdump before 0.30 allows ...)
- pgpdump <unfixed> (bug #773747)
[jessie] - pgpdump <no-dsa> (Minor issue)
[wheezy] - pgpdump <no-dsa> (Minor issue)
@@ -3873,10 +3896,10 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1320060
CVE-2016-3682
RESERVED
-CVE-2016-3681
- RESERVED
-CVE-2016-3680
- RESERVED
+CVE-2016-3681 (Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before ...)
+ TODO: check
+CVE-2016-3680 (Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before ...)
+ TODO: check
CVE-2016-3679 (Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, ...)
- libv8 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
@@ -6277,8 +6300,8 @@
- puppet <not-affected> (Vulnerable code only in 4.x)
NOTE: https://puppet.com/security/cve/cve-2016-2785
NOTE: https://github.com/puppetlabs/puppet/pull/4921/commits/8d2ce797db265720f0a20d1d46ee2757b4e4f6b2
-CVE-2016-2784
- RESERVED
+CVE-2016-2784 (CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty ...)
+ TODO: check
CVE-2015-8818
RESERVED
- qemu 1:2.4+dfsg-1a
@@ -11087,8 +11110,8 @@
TODO: check
CVE-2016-1386 (The API in Cisco Application Policy Infrastructure Controller ...)
TODO: check
-CVE-2016-1385
- RESERVED
+CVE-2016-1385 (The XML parser in Cisco Adaptive Security Appliance (ASA) Software ...)
+ TODO: check
CVE-2016-1384 (The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 ...)
TODO: check
CVE-2016-1383 (Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance ...)
@@ -13441,8 +13464,7 @@
NOTE: https://github.com/feist/pcs/commit/b9e7f061788c3b86a0c67d2d4158f067ec5eb625 (0.9.149)
CVE-2016-0719
REJECTED
-CVE-2016-0718
- RESERVED
+CVE-2016-0718 (Expat allows context-dependent attackers to cause a denial of service ...)
{DSA-3582-1 DLA-483-1}
- expat 2.1.1-2
CVE-2016-0717
@@ -19062,8 +19084,8 @@
TODO: check
CVE-2015-7361 (FortiOS 5.2.3, when configured to use High Availability (HA) and the ...)
NOT-FOR-US: FortiOS
-CVE-2015-7360
- RESERVED
+CVE-2015-7360 (Multiple cross-site scripting (XSS) vulnerabilities in the Web User ...)
+ TODO: check
CVE-2015-XXXX [DoS]
- libemail-address-perl 1.908-1
[jessie] - libemail-address-perl <no-dsa> (Minor issue vs. usability impact of module)
More information about the Secure-testing-commits
mailing list