[Secure-testing-commits] r42132 - data/CVE

Sun May 29 21:10:11 UTC 2016

Author: sectracker
Date: 2016-05-29 21:10:10 +0000 (Sun, 29 May 2016)
New Revision: 42132

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-05-29 20:07:53 UTC (rev 42131)
+++ data/CVE/list	2016-05-29 21:10:10 UTC (rev 42132)
@@ -1719,6 +1719,7 @@
 	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
 	NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
 CVE-2016-4536 (The client in OpenAFS before 1.6.17 does not properly initialize the ...)
+	{DLA-493-1}
 	- openafs 1.6.17-1
 	[jessie] - openafs <no-dsa> (Minor issue, can be included in a future DSA or via jessie-pu)
 	NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt
@@ -1884,6 +1885,7 @@
 	RESERVED
 CVE-2016-4423 [Large username storage in session]
 	RESERVED
+	{DSA-3588-1}
 	- symfony 2.8.6+dfsg-1
 	NOTE: https://github.com/symfony/symfony/pull/18733
 	NOTE: https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session
@@ -3847,6 +3849,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1327484
 CVE-2016-3706
 	RESERVED
+	{DLA-494-1}
 	- glibc 2.22-8
 	[jessie] - glibc <no-dsa> (Minor issue, can be fixed via point release)
 	- eglibc <removed>
@@ -5309,6 +5312,7 @@
 	NOTE: not built against openjpeg by default
 CVE-2016-3075 [Stack overflow in nss_dns_getnetbyname_r]
 	RESERVED
+	{DLA-494-1}
 	- glibc 2.22-6
 	[jessie] - glibc <no-dsa> (Minor issue, can be fixed via point release)
 	- eglibc <removed>
@@ -5852,7 +5856,7 @@
 CVE-2016-2861
 	RESERVED
 CVE-2016-2860 (The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 ...)
-	{DSA-3569-1}
+	{DSA-3569-1 DLA-493-1}
 	- openafs 1.6.17-1
 	NOTE: http://git.openafs.org/?p=openafs.git;a=commitdiff;h=396240cf070a806b91fea81131d034e1399af1e0
 	NOTE: http://rt.central.org/rt/Ticket/Display.html?id=132822 (currently not public)
@@ -9560,6 +9564,7 @@
 	NOT-FOR-US: KNOX 1.0 / Android 4.3
 CVE-2016-1902 [SecureRandom's fallback not secure when OpenSSL fails]
 	RESERVED
+	{DSA-3588-1}
 	- symfony 2.7.9+dfsg-1
 	NOTE: http://symfony.com/blog/cve-2016-1902-securerandom-s-fallback-not-secure-when-openssl-fails
 	NOTE: https://github.com/symfony/symfony/pull/17359
@@ -11874,6 +11879,7 @@
 	NOTE: https://raw.githubusercontent.com/oar-team/oar/ce77ffed620fdce94881c9b35064507777c24a1c/debian/patches/004-fix-oarsh-security-issue
 CVE-2016-1234
 	RESERVED
+	{DLA-494-1}
 	- glibc 2.22-8
 	[jessie] - glibc <no-dsa> (Minor issue, can be fixed in a point update)
 	- eglibc <removed>
@@ -16138,7 +16144,7 @@
 	- gnutls26 <removed>
 	NOTE: https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.html
 CVE-2015-8312 (Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow ...)
-	{DSA-3569-1}
+	{DSA-3569-1 DLA-493-1}
 	- openafs 1.6.17-1
 	NOTE: http://git.openafs.org/?p=openafs.git;a=commitdiff;h=2ef863720da4d9f368aaca0461c672a3008195ca
 	NOTE: http://rt.central.org/rt/Ticket/Display.html?id=132256
@@ -47511,6 +47517,7 @@
 	RESERVED
 CVE-2014-7210 [pdns in Debian creates too privileged MySQL user]
 	RESERVED
+	{DLA-492-1}
 	- pdns 3.3.1-1
 	[squeeze] - pdns <not-affected> (Vulnerabile code not present)
 	NOTE: Debian packaging specific.


