[Secure-testing-commits] r42197 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue May 31 21:10:09 UTC 2016
Author: sectracker
Date: 2016-05-31 21:10:09 +0000 (Tue, 31 May 2016)
New Revision: 42197
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-05-31 21:05:07 UTC (rev 42196)
+++ data/CVE/list 2016-05-31 21:10:09 UTC (rev 42197)
@@ -1,4 +1,43 @@
+CVE-2016-5125
+ RESERVED
+CVE-2016-5124
+ RESERVED
+CVE-2016-5123
+ RESERVED
+CVE-2016-5122
+ RESERVED
+CVE-2016-5121
+ RESERVED
+CVE-2016-5120
+ RESERVED
+CVE-2016-5119
+ RESERVED
+CVE-2016-5113
+ RESERVED
+CVE-2016-5112
+ RESERVED
+CVE-2016-5111
+ RESERVED
+CVE-2016-5110
+ RESERVED
+CVE-2016-5109
+ RESERVED
+CVE-2015-8887
+ RESERVED
+CVE-2015-8886
+ RESERVED
+CVE-2015-8885
+ RESERVED
+CVE-2015-8884
+ RESERVED
+CVE-2015-8883
+ RESERVED
+CVE-2015-8882
+ RESERVED
+CVE-2015-8881
+ RESERVED
CVE-2016-5126 [block: iscsi: buffer overflow in iscsi_aio_ioctl]
+ RESERVED
- qemu <unfixed>
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-block/2016-05/msg00779.html
@@ -17,10 +56,12 @@
NOTE: https://sourceforge.net/p/postfixadmin/bugs/372/
NOTE: Fixed by: https://sourceforge.net/p/postfixadmin/code/1842
CVE-2016-5118 [popen() shell vulnerability via filename]
+ RESERVED
- imagemagick <unfixed> (bug #825799)
- graphicsmagick 1.3.24-1 (bug #825800)
NOTE: fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ae3928faa858
CVE-2016-5116 [xbm: avoid stack overflow (read) with large names]
+ RESERVED
- libgd2 2.2.1-1
[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://github.com/libgd/libgd/commit/4dc1a2d7931017d3625f2d7cff70a17ce58b53b4 (gd-2.2.0)
@@ -31,6 +72,7 @@
NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
NOTE: http://www.openwall.com/lists/oss-security/2016/05/29/3
CVE-2016-5115
+ RESERVED
- mplayer <undetermined>
NOTE: https://trac.mplayerhq.hu/ticket/2298
TODO: probably not affected since orig.tar.gz of src:mplayer does not include libavcodec, ffmpeg/libav affected?
@@ -58,6 +100,7 @@
CVE-2016-5092
RESERVED
CVE-2016-5108 [crash and potential code execution when processing QuickTime IMA files]
+ RESERVED
- vlc 2.2.3-2 (bug #825728)
NOTE: Details: http://www.openwall.com/lists/oss-security/2016/05/27/3
NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=458ed62bbeb9d1bddf7b8df104e14936408a3db9
@@ -498,6 +541,7 @@
CVE-2016-4953
RESERVED
CVE-2016-5117 [OpenNTPD not verifying CN during HTTPS constraints request]
+ RESERVED
- openntpd <unfixed> (bug #825856)
[jessie] - openntpd <not-affected> (Vulnerable code introduced later)
[wheezy] - openntpd <not-affected> (Vulnerable code introduced later)
@@ -528,12 +572,14 @@
NOTE: Fixed in PHP 7.0.1
TODO: check, probably only PHP 7.x
CVE-2015-8879 (The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 ...)
+ {DLA-499-1}
- php5 5.6.12+dfsg-1
[jessie] - php5 5.6.12+dfsg-0+deb8u1
- php7.0 7.0.0-1
NOTE: Fixed in PHP 5.6.12, 7.0.0
NOTE: PHP bug: https://bugs.php.net/bug.php?id=69975
CVE-2015-8878 (main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before ...)
+ {DLA-499-1}
- php5 5.6.12+dfsg-1
[jessie] - php5 5.6.12+dfsg-0+deb8u1
NOTE: Fixed in PHP 5.6.12, 5.5.28
@@ -934,10 +980,10 @@
RESERVED
CVE-2010-5326 (The Invoker Servlet on SAP NetWeaver Application Server Java ...)
NOT-FOR-US: SAP
-CVE-2016-4785
- RESERVED
-CVE-2016-4784
- RESERVED
+CVE-2016-4785 (The integrated web server in the EN100 Ethernet module before 4.27 on ...)
+ TODO: check
+CVE-2016-4784 (The integrated web server in the EN100 Ethernet module before 4.27 on ...)
+ TODO: check
CVE-2016-4783 (Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before ...)
NOT-FOR-US: Lenovo
CVE-2016-4782 (Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote ...)
@@ -1535,8 +1581,8 @@
RESERVED
CVE-2016-4522
RESERVED
-CVE-2016-4521
- RESERVED
+CVE-2016-4521 (Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before ...)
+ TODO: check
CVE-2016-4520
RESERVED
CVE-2016-4519
@@ -1565,18 +1611,18 @@
RESERVED
CVE-2016-4507
RESERVED
-CVE-2016-4506
- RESERVED
-CVE-2016-4505
- RESERVED
+CVE-2016-4506 (Cross-site request forgery (CSRF) vulnerability on Resource Data ...)
+ TODO: check
+CVE-2016-4505 (Resource Data Management (RDM) Intuitive 650 TDB Controller devices ...)
+ TODO: check
CVE-2016-4504
RESERVED
CVE-2016-4503
RESERVED
-CVE-2016-4502
- RESERVED
-CVE-2016-4501
- RESERVED
+CVE-2016-4502 (Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and ...)
+ TODO: check
+CVE-2016-4501 (Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and ...)
+ TODO: check
CVE-2016-4500
RESERVED
CVE-2016-4499 (Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x ...)
@@ -1706,6 +1752,7 @@
NOTE: https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html
TODO: check
CVE-2016-4539 (The xml_parse_into_struct function in ext/xml/xml.c in PHP before ...)
+ {DLA-499-1}
- php7.0 7.0.6-1
- php5 5.6.21+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=72099
@@ -1713,6 +1760,7 @@
NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4537 (The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, ...)
+ {DLA-499-1}
- php7.0 7.0.6-1
- php5 5.6.21+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=72093
@@ -1727,6 +1775,7 @@
NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4540 (The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c ...)
+ {DLA-499-1}
- php7.0 7.0.6-1
- php5 5.6.21+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=72061
@@ -1734,6 +1783,7 @@
NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4541 (The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in ...)
+ {DLA-499-1}
- php7.0 7.0.6-1
- php5 5.6.21+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=72061
@@ -1741,6 +1791,7 @@
NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4542 (The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before ...)
+ {DLA-499-1}
- php7.0 7.0.6-1
- php5 5.6.21+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=72094
@@ -1748,6 +1799,7 @@
NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4543 (The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before ...)
+ {DLA-499-1}
- php7.0 7.0.6-1
- php5 5.6.21+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=72094
@@ -1755,6 +1807,7 @@
NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4544 (The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP ...)
+ {DLA-499-1}
- php7.0 7.0.6-1
- php5 5.6.21+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=72094
@@ -2604,8 +2657,8 @@
RESERVED
CVE-2016-4119
RESERVED
-CVE-2016-4118
- RESERVED
+CVE-2016-4118 (Untrusted search path vulnerability in the add-in installer in Adobe ...)
+ TODO: check
CVE-2016-4117 (Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to ...)
NOT-FOR-US: Adobe Flash Player
CVE-2016-4116 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and ...)
@@ -2721,7 +2774,7 @@
NOTE: https://github.com/roundcube/roundcubemail/commit/7bbefdb63b12e2344cf1cb87aeb6e3933b4063e0 (release-1.1)
NOTE: http://www.openwall.com/lists/oss-security/2016/04/23/3
CVE-2016-4085 (Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in ...)
- {DSA-3585-1}
+ {DSA-3585-1 DLA-497-1}
- wireshark 2.0.0~rc2+g74e5b56-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-28.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12293
@@ -2738,23 +2791,23 @@
[wheezy] - wireshark <not-affected> (Only affects 2.x)
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-27.html
CVE-2016-4082 (epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in ...)
- {DSA-3585-1}
+ {DSA-3585-1 DLA-497-1}
- wireshark 2.0.3+geed34f0-1 (low)
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-26.html
CVE-2016-4006 (epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 ...)
- {DSA-3585-1}
+ {DSA-3585-1 DLA-497-1}
- wireshark 2.0.3+geed34f0-1 (low)
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-25.html
CVE-2016-4081 (epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark ...)
- {DSA-3585-1}
+ {DSA-3585-1 DLA-497-1}
- wireshark 2.0.3+geed34f0-1 (low)
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-24.html
CVE-2016-4080 (epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark ...)
- {DSA-3585-1}
+ {DSA-3585-1 DLA-497-1}
- wireshark 2.0.3+geed34f0-1 (low)
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-23.html
CVE-2016-4079 (epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark ...)
- {DSA-3585-1}
+ {DSA-3585-1 DLA-497-1}
- wireshark 2.0.3+geed34f0-1 (low)
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-22.html
CVE-2016-4078 (The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x ...)
@@ -2844,6 +2897,7 @@
NOTE: upstream fixed in 2.1
NOTE: https://bugs.gentoo.org/show_bug.cgi?id=564400
CVE-2015-8866 (ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when ...)
+ {DLA-499-1}
- php5 5.6.6+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=64938
NOTE: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1509817
@@ -3168,7 +3222,7 @@
NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8
NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/6
CVE-2016-4070 (** DISPUTED ** Integer overflow in the php_raw_url_encode function in ...)
- {DSA-3560-1}
+ {DSA-3560-1 DLA-499-1}
- php7.0 7.0.5-1
- php5 5.6.20+dfsg-1
NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
@@ -3176,7 +3230,7 @@
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=95433e8e339dbb6b5d5541473c1661db6ba2c451
NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
CVE-2016-4071 (Format string vulnerability in the php_snmp_error function in ...)
- {DSA-3560-1}
+ {DSA-3560-1 DLA-499-1}
- php7.0 7.0.5-1
- php5 5.6.20+dfsg-1
NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
@@ -3184,7 +3238,7 @@
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=6e25966544fb1d2f3d7596e060ce9c9269bbdcf8
NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
CVE-2016-4072 (The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x ...)
- {DSA-3560-1}
+ {DSA-3560-1 DLA-499-1}
- php7.0 7.0.5-1
- php5 5.6.20+dfsg-1
NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
@@ -3193,7 +3247,7 @@
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=1e9b175204e3286d64dfd6c9f09151c31b5e099a
NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
CVE-2016-4073 (Multiple integer overflows in the mbfl_strcut function in ...)
- {DSA-3560-1}
+ {DSA-3560-1 DLA-499-1}
- php7.0 7.0.5-1
- php5 5.6.20+dfsg-1
NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
@@ -3317,7 +3371,7 @@
NOTE: src:tiff3: built binary packages do not contain the TIFF tools
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2545
CVE-2015-8865 (The file_check_mem function in funcs.c in file before 5.23, as used in ...)
- {DSA-3560-1 DLA-460-1}
+ {DSA-3560-1 DLA-499-1 DLA-460-1}
- php7.0 7.0.5-1
- php5 5.6.20+dfsg-1
- file 1:5.24-1
@@ -7839,6 +7893,7 @@
- php5 <undetermined>
NOTE: https://bugs.php.net/bug.php?id=71637
CVE-2016-4343 (The phar_make_dirstream function in ext/phar/dirstream.c in PHP before ...)
+ {DLA-499-1}
- php7.0 7.0.3-1
- php5 5.6.18+dfsg-1
[jessie] - php5 5.6.18+dfsg-0+deb8u1
@@ -7961,12 +8016,12 @@
NOTE: FIX http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/52b59d2ef4a1
NOTE: FIX http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ed8318ba6a
TODO: check other versions (newest 1.3.23 is vulnerable according to reporter)
-CVE-2016-2311
- RESERVED
+CVE-2016-2311 (Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ...)
+ TODO: check
CVE-2016-2310
RESERVED
-CVE-2016-2309
- RESERVED
+CVE-2016-2309 (iRZ RUH2 before 2b does not validate firmware patches, which allows ...)
+ TODO: check
CVE-2016-2308
RESERVED
CVE-2016-2307
@@ -7993,8 +8048,8 @@
TODO: check
CVE-2016-2296 (Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not ...)
TODO: check
-CVE-2016-2295
- RESERVED
+CVE-2016-2295 (Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, ...)
+ TODO: check
CVE-2016-2294 (The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and ...)
TODO: check
CVE-2016-2293 (The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and ...)
@@ -8012,10 +8067,10 @@
NOT-FOR-US: Cogent DataHub
CVE-2016-2287 (Cross-site scripting (XSS) vulnerability in XZERES 442SR OS on 442SR ...)
NOT-FOR-US: XZERES
-CVE-2016-2286
- RESERVED
-CVE-2016-2285
- RESERVED
+CVE-2016-2286 (Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, ...)
+ TODO: check
+CVE-2016-2285 (Cross-site request forgery (CSRF) vulnerability on Moxa ...)
+ TODO: check
CVE-2016-2284
RESERVED
CVE-2016-2283 (Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration ...)
@@ -8787,6 +8842,7 @@
NOTE: https://bugs.php.net/bug.php?id=70661
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/03/3
CVE-2016-5114
+ RESERVED
- php5 5.6.17+dfsg-1
[jessie] - php5 5.6.17+dfsg-0+deb8u1
[squeeze] - php5 <not-affected> (vulnerable code not present)
@@ -9119,12 +9175,12 @@
RESERVED
CVE-2016-2026
RESERVED
-CVE-2016-2025
- RESERVED
+CVE-2016-2025 (HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 ...)
+ TODO: check
CVE-2016-2024
RESERVED
-CVE-2016-2023
- RESERVED
+CVE-2016-2023 (HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive ...)
+ TODO: check
CVE-2016-2022
RESERVED
CVE-2016-2021
@@ -9171,8 +9227,8 @@
NOT-FOR-US: HPE Universal CMDB
CVE-2016-2000 (HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem ...)
NOT-FOR-US: HPE Asset Manager
-CVE-2016-1999
- RESERVED
+CVE-2016-1999 (The server in HP Release Control 9.13, 9.20, and 9.21 allows remote ...)
+ TODO: check
CVE-2016-1998 (HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 ...)
NOT-FOR-US: HPE Service Manager
CVE-2016-1997 (HPE Operations Orchestration 10.x before 10.51 and Operations ...)
@@ -11146,16 +11202,16 @@
RESERVED
CVE-2016-1414
RESERVED
-CVE-2016-1413
- RESERVED
+CVE-2016-1413 (The web interface in Cisco Firepower Management Center 5.4.0 through ...)
+ TODO: check
CVE-2016-1412
RESERVED
CVE-2016-1411
RESERVED
-CVE-2016-1410
- RESERVED
-CVE-2016-1409
- RESERVED
+CVE-2016-1410 (Cisco WebEx Meeting Center Original Release Base allows remote ...)
+ TODO: check
+CVE-2016-1409 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...)
+ TODO: check
CVE-2016-1408
RESERVED
CVE-2016-1407 (Cisco IOS XR through 5.3.2 mishandles Local Packet Transport Services ...)
@@ -11164,8 +11220,8 @@
TODO: check
CVE-2016-1405
RESERVED
-CVE-2016-1404
- RESERVED
+CVE-2016-1404 (Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and ...)
+ TODO: check
CVE-2016-1403
RESERVED
CVE-2016-1402 (The Active Directory (AD) integration component in Cisco Identity ...)
@@ -11214,8 +11270,8 @@
TODO: check
CVE-2016-1380 (Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) ...)
TODO: check
-CVE-2016-1379
- RESERVED
+CVE-2016-1379 (Cisco Adaptive Security Appliance (ASA) Software 9.0 through 9.5.1 ...)
+ TODO: check
CVE-2016-1378 (Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote ...)
NOT-FOR-US: Cisco IOS
CVE-2016-1377 (Cross-site scripting (XSS) vulnerability in Cisco Unity Connection ...)
@@ -12939,8 +12995,8 @@
RESERVED
CVE-2016-0908
RESERVED
-CVE-2016-0907
- RESERVED
+CVE-2016-0907 (EMC Isilon OneFS 7.1.x anxd 7.2.x before 7.2.1.3 and 8.0.x before ...)
+ TODO: check
CVE-2016-0906
RESERVED
CVE-2016-0905
@@ -13057,16 +13113,16 @@
NOTE: https://lkml.org/lkml/2015/12/12/259
CVE-2016-0880
RESERVED
-CVE-2016-0879
- RESERVED
-CVE-2016-0878
- RESERVED
-CVE-2016-0877
- RESERVED
-CVE-2016-0876
- RESERVED
-CVE-2016-0875
- RESERVED
+CVE-2016-0879 (Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies ...)
+ TODO: check
+CVE-2016-0878 (Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote ...)
+ TODO: check
+CVE-2016-0877 (Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 ...)
+ TODO: check
+CVE-2016-0876 (Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote ...)
+ TODO: check
+CVE-2016-0875 (Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote ...)
+ TODO: check
CVE-2016-0874
RESERVED
CVE-2016-0873
@@ -13405,7 +13461,7 @@
- curl <not-affected> (Windows only)
NOTE: http://curl.haxx.se/docs/adv_20160127B.html
CVE-2016-0753 (Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before ...)
- {DSA-3464-1}
+ {DSA-3464-1 DLA-498-1}
- rails 2:4.2.5.1-1
[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
@@ -22560,7 +22616,7 @@
[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-22.html
CVE-2015-6243 (The dissector-table implementation in epan/packet.c in Wireshark ...)
- {DSA-3367-1}
+ {DSA-3367-1 DLA-497-1}
- wireshark 1.12.7+g7fc8978-1
[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-23.html
@@ -22577,7 +22633,7 @@
[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-25.html
CVE-2015-6246 (The dissect_wa_payload function in epan/dissectors/packet-waveagent.c ...)
- {DSA-3367-1}
+ {DSA-3367-1 DLA-497-1}
- wireshark 1.12.7+g7fc8978-1
[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-26.html
@@ -22588,7 +22644,7 @@
[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-27.html
CVE-2015-6248 (The ptvcursor_add function in the ptvcursor implementation in ...)
- {DSA-3367-1}
+ {DSA-3367-1 DLA-497-1}
- wireshark 1.12.7+g7fc8978-1
[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-28.html
@@ -65543,6 +65599,7 @@
NOTE: https://www.wireshark.org/security/wnpa-sec-2013-67.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9488
CVE-2013-7112 (The dissect_sip_common function in epan/dissectors/packet-sip.c in the ...)
+ {DLA-497-1}
- wireshark 1.10.4-1 (unimportant)
NOTE: https://www.wireshark.org/security/wnpa-sec-2013-66.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9388
@@ -68949,6 +69006,7 @@
- wireshark 1.10.3-1
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9263
CVE-2013-6339 (The dissect_openwire_type function in ...)
+ {DLA-497-1}
- wireshark 1.10.3-1 (unimportant)
[squeeze] - wireshark <not-affected> (OpenWire dissector introduced in 1.8.0)
NOTE: Not suitable for code injection
@@ -70385,6 +70443,7 @@
- wireshark 1.10.2-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2013-59.html
CVE-2013-5721 (The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ ...)
+ {DLA-497-1}
- wireshark 1.10.2-1 (unimportant)
NOTE: Not suitable for code injection
NOTE: https://www.wireshark.org/security/wnpa-sec-2013-58.html
@@ -70393,6 +70452,7 @@
- wireshark 1.10.2-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2013-57.html
CVE-2013-5719 (epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark ...)
+ {DLA-497-1}
- wireshark 1.10.2-1 (unimportant)
NOTE: Not suitable for code injection
NOTE: https://www.wireshark.org/security/wnpa-sec-2013-56.html
@@ -72275,6 +72335,7 @@
{DSA-2734-1}
- wireshark 1.10.1-1
CVE-2013-4931 (epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 ...)
+ {DLA-497-1}
- wireshark 1.10.1-1 (unimportant)
NOTE: Not suitable for code injection
CVE-2013-4930 (The dissect_dvbci_tpdu_hdr function in epan/dissectors/packet-dvbci.c ...)
@@ -72282,6 +72343,7 @@
- wireshark 1.10.1-1
[squeeze] - wireshark <not-affected> (Affected dissector not yet present)
CVE-2013-4929 (The parseFields function in epan/dissectors/packet-dis-pdus.c in the ...)
+ {DLA-497-1}
- wireshark 1.10.1-1 (unimportant)
NOTE: Not suitable for code injection
CVE-2013-4928 (Integer signedness error in the dissect_headers function in ...)
@@ -72290,6 +72352,7 @@
[squeeze] - wireshark <not-affected> (Only affects 1.10.x)
NOTE: Not suitable for code injection
CVE-2013-4927 (Integer signedness error in the get_type_length function in ...)
+ {DLA-497-1}
- wireshark 1.10.1-1 (unimportant)
NOTE: Not suitable for code injection
CVE-2013-4926 (epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator ...)
@@ -74973,11 +75036,13 @@
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8733
NOTE: Not suitable for code injection
CVE-2013-4080 (The dissect_r3_upstreamcommand_queryconfig function in ...)
+ {DLA-497-1}
- wireshark 1.10.0-1 (unimportant; bug #711918)
NOTE: no code injection, not treated as a security issue, see README.Debian.security
[squeeze] - wireshark <not-affected> (Only affects 1.8+)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8764
CVE-2013-4079 (The dissect_schedule_message function in ...)
+ {DLA-497-1}
- wireshark 1.10.0-1 (unimportant; bug #711918)
NOTE: no code injection, not treated as a security issue, see README.Debian.security
[squeeze] - wireshark <not-affected> (Only affects 1.8+)
@@ -78782,6 +78847,7 @@
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8380
NOTE: Versions affected: 1.8.0 to 1.8.X, 1.6.0 to 1.6.X
CVE-2013-2487 (epan/dissectors/packet-reload.c in the REsource LOcation And Discovery ...)
+ {DLA-497-1}
- wireshark 1.8.6-1 (unimportant)
[squeeze] - wireshark <not-affected> (only 1.8.x series)
NOTE: http://www.wireshark.org/security/wnpa-sec-2013-21.html
@@ -78789,6 +78855,7 @@
NOTE: Versions affected: 1.8.0 to 1.8.5
NOTE: Not suitable for code injection
CVE-2013-2486 (The dissect_diagnosticrequest function in ...)
+ {DLA-497-1}
- wireshark 1.8.6-1 (unimportant)
[squeeze] - wireshark <not-affected> (only 1.8.x series)
NOTE: http://www.wireshark.org/security/wnpa-sec-2013-21.html
@@ -78796,6 +78863,7 @@
NOTE: Versions affected: 1.8.0 to 1.8.5
NOTE: Not suitable for code injection
CVE-2013-2485 (The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before ...)
+ {DLA-497-1}
- wireshark 1.8.6-1 (unimportant)
NOTE: http://www.wireshark.org/security/wnpa-sec-2013-20.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8359
@@ -78817,6 +78885,7 @@
NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13
NOTE: Not suitable for code injection
CVE-2013-2482 (The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before ...)
+ {DLA-497-1}
- wireshark 1.8.6-1 (unimportant)
NOTE: http://www.wireshark.org/security/wnpa-sec-2013-17.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8337
@@ -78838,6 +78907,7 @@
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8332
NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13
CVE-2013-2479 (The dissect_mpls_echo_tlv_dd_map function in ...)
+ {DLA-497-1}
- wireshark 1.8.6-1 (unimportant)
[squeeze] - wireshark <not-affected> (only affecting 1.8.x)
NOTE: http://www.wireshark.org/security/wnpa-sec-2013-14.html
@@ -78859,6 +78929,7 @@
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8383
NOTE: Versions affected: 1.8.0 to 1.8.5
CVE-2013-2476 (The dissect_hartip function in epan/dissectors/packet-hartip.c in the ...)
+ {DLA-497-1}
- wireshark 1.8.6-1 (unimportant)
[squeeze] - wireshark <not-affected> (only affecting 1.8.x)
NOTE: http://www.wireshark.org/security/wnpa-sec-2013-11.html
@@ -82279,33 +82350,43 @@
CVE-2010-5287 (SQL injection vulnerability in default.php in Cornerstone Technologies ...)
NOT-FOR-US: Cornerstone Technologies webConductor
CVE-2013-1581 (The dissect_pft_fec_detailed function in ...)
+ {DLA-497-1}
- wireshark 1.8.6-1 (unimportant)
NOTE: Not suitable for code injection
CVE-2013-1580 (The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c ...)
+ {DLA-497-1}
- wireshark 1.8.6-1 (unimportant)
NOTE: Not suitable for code injection
CVE-2013-1579 (The rtps_util_add_bitmap function in epan/dissectors/packet-rtps.c in ...)
+ {DLA-497-1}
- wireshark 1.8.6-1 (unimportant)
NOTE: Not suitable for code injection
CVE-2013-1578 (The dissect_pw_eth_heuristic function in ...)
+ {DLA-497-1}
- wireshark 1.8.6-1 (unimportant)
NOTE: Not suitable for code injection
CVE-2013-1577 (The dissect_sip_p_charging_func_addresses function in ...)
+ {DLA-497-1}
- wireshark 1.8.6-1 (unimportant)
NOTE: Not suitable for code injection
CVE-2013-1576 (The dissect_sdp_media_attribute function in ...)
+ {DLA-497-1}
- wireshark 1.8.6-1 (unimportant)
NOTE: Not suitable for code injection
CVE-2013-1575 (The dissect_r3_cmd_alarmconfigure function in ...)
+ {DLA-497-1}
- wireshark 1.8.6-1 (unimportant)
NOTE: Not suitable for code injection
CVE-2013-1574 (The dissect_bthci_eir_ad_data function in ...)
+ {DLA-497-1}
- wireshark 1.8.6-1 (unimportant)
NOTE: Not suitable for code injection
CVE-2013-1573 (The csnStreamDissector function in epan/dissectors/packet-csn1.c in ...)
+ {DLA-497-1}
- wireshark 1.8.6-1 (unimportant)
NOTE: Not suitable for code injection
CVE-2013-1572 (The dissect_oampdu_event_notification function in ...)
+ {DLA-497-1}
- wireshark 1.8.6-1 (unimportant)
NOTE: Not suitable for code injection
CVE-2013-1470 (Cross-site scripting (XSS) vulnerability in calendar/index.php in the ...)
@@ -87043,36 +87124,47 @@
NOTE: https://red.libssh.org/issues/84
NOTE: http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=4d8420f3282ed07fc99fc5e930c17df27ef1e9b2
CVE-2012-6062 (The dissect_rtcp_app function in epan/dissectors/packet-rtcp.c in the ...)
+ {DLA-497-1}
- wireshark 1.8.6-1 (unimportant)
NOTE: not suitable for code injection
CVE-2012-6061 (The dissect_wtp_common function in epan/dissectors/packet-wtp.c in the ...)
+ {DLA-497-1}
- wireshark 1.8.6-1 (unimportant)
NOTE: not suitable for code injection
CVE-2012-6060 (Integer overflow in the dissect_iscsi_pdu function in ...)
+ {DLA-497-1}
- wireshark 1.8.6-1 (unimportant)
NOTE: not suitable for code injection
CVE-2012-6059 (The dissect_isakmp function in epan/dissectors/packet-isakmp.c in the ...)
+ {DLA-497-1}
- wireshark 1.8.6-1 (unimportant)
NOTE: not suitable for code injection
CVE-2012-6058 (Integer overflow in the dissect_icmpv6 function in ...)
+ {DLA-497-1}
- wireshark 1.8.6-1 (unimportant)
NOTE: not suitable for code injection
CVE-2012-6057 (The dissect_eigrp_metric_comm function in ...)
+ {DLA-497-1}
- wireshark 1.8.6-1 (unimportant)
NOTE: not suitable for code injection
CVE-2012-6056 (Integer overflow in the dissect_sack_chunk function in ...)
+ {DLA-497-1}
- wireshark 1.8.6-1 (unimportant)
NOTE: not suitable for code injection
CVE-2012-6055 (epan/dissectors/packet-3g-a11.c in the 3GPP2 A11 dissector in ...)
+ {DLA-497-1}
- wireshark 1.8.6-1 (unimportant)
NOTE: not suitable for code injection
CVE-2012-6054 (The dissect_sflow_245_address_type function in ...)
+ {DLA-497-1}
- wireshark 1.8.6-1 (unimportant)
NOTE: not suitable for code injection
CVE-2012-6053 (epan/dissectors/packet-usb.c in the USB dissector in Wireshark 1.6.x ...)
+ {DLA-497-1}
- wireshark 1.8.6-1 (unimportant)
NOTE: not suitable for code injection
CVE-2012-6052 (Wireshark 1.8.x before 1.8.4 allows remote attackers to obtain ...)
+ {DLA-497-1}
- wireshark 1.8.6-1 (unimportant)
NOTE: not suitable for code injection
NOTE: Upstream patch: http://anonsvn.wireshark.org/viewvc?view=revision&revision=45511
More information about the Secure-testing-commits
mailing list