[Secure-testing-commits] r45467 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Oct 19 21:10:11 UTC 2016
Author: sectracker
Date: 2016-10-19 21:10:11 +0000 (Wed, 19 Oct 2016)
New Revision: 45467
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-19 20:28:00 UTC (rev 45466)
+++ data/CVE/list 2016-10-19 21:10:11 UTC (rev 45467)
@@ -2525,6 +2525,7 @@
RESERVED
CVE-2016-7972
RESERVED
+ {DLA-668-1}
- libass 0.13.4-1
NOTE: https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b
CVE-2016-7971
@@ -2541,6 +2542,7 @@
NOTE: Vulnerable function calc_coeff introduced in: https://github.com/libass/libass/commit/d787615845d78d8f8e6d1a4ffc3dc3eecd8a92f6 (0.13.0)
CVE-2016-7969
RESERVED
+ {DLA-668-1}
- libass 0.13.4-1
NOTE: https://github.com/libass/libass/pull/240/commits/b72b283b936a600c730e00875d7d067bded3fc26
CVE-2016-7968 [KMail: JavaScript execution in HTML Mails]
@@ -2589,6 +2591,7 @@
NOTE: due to lockfile format.
CVE-2016-7953
RESERVED
+ {DLA-671-1}
- libxvmc <unfixed> (bug #840445)
NOTE: https://cgit.freedesktop.org/xorg/lib/libXvMC/commit/?id=2cd95e7da8367cccdcdd5c9b160012d1dec5cbdb
CVE-2016-7952 [for all of the other mishandling of the reply data]
@@ -3769,6 +3772,7 @@
CVE-2016-7426
RESERVED
CVE-2016-7425 (The arcmsr_iop_message_xfer function in ...)
+ {DSA-3696-1 DLA-670-1}
- linux 4.7.8-1
NOTE: http://marc.info/?l=linux-scsi&m=147394713328707&w=2
NOTE: Upstream commit: https://git.kernel.org/linus/7bc2b55a5c030685b399bb65b6baa9ccc3d1f167
@@ -4750,6 +4754,7 @@
NOTE: Vulnerability "in the TLS documentation", not assigned to a specific source/implentation
NOTE: https://www.usenix.org/system/files/conference/woot15/woot15-paper-hlauschek.pdf
CVE-2015-8956 (The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the ...)
+ {DSA-3696-1 DLA-670-1}
- linux 4.2.1-1
NOTE: Fixed by: https://git.kernel.org/linus/951b6a0717db97ce420547222647bcc40bf1eacd (4.2-rc1)
CVE-2015-8955 (arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 ...)
@@ -4969,6 +4974,7 @@
CVE-2016-7043
RESERVED
CVE-2016-7042 (The proc_keys_show function in security/keys/proc.c in the Linux ...)
+ {DSA-3696-1 DLA-670-1}
- linux 4.7.8-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373966
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373499 (not yet opened)
@@ -10309,6 +10315,7 @@
NOTE: by some vendors.
CVE-2016-5407 [Insufficient validation of server responses results in out-of bounds accesses]
RESERVED
+ {DLA-667-1}
- libxv <unfixed> (bug #840438)
NOTE: https://cgit.freedesktop.org/xorg/lib/libXv/commit/?id=d9da580b46a28ab497de2e94fdc7b9ff953dab17
CVE-2016-5406 (The domain controller in Red Hat JBoss Enterprise Application Platform ...)
@@ -11444,6 +11451,7 @@
RESERVED
CVE-2016-5195
RESERVED
+ {DSA-3696-1 DLA-670-1}
- linux 4.7.8-1
NOTE: Fixed by: https://git.kernel.org/linus/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
CVE-2016-5194
@@ -12367,6 +12375,7 @@
NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
CVE-2016-5042
RESERVED
+ {DLA-669-1}
- dwarfutils 20160507-1
[jessie] - dwarfutils 20120410-2+deb8u1
NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
@@ -12384,11 +12393,13 @@
NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
CVE-2016-5039
RESERVED
+ {DLA-669-1}
- dwarfutils 20160507-1
[jessie] - dwarfutils 20120410-2+deb8u1
NOTE: https://sourceforge.net/p/libdwarf/code/ci/eb1472afac95031d0c9dd8c11d527b865fe7deb8/
CVE-2016-5038
RESERVED
+ {DLA-669-1}
- dwarfutils 20160507+git20160523.9086738-1
[jessie] - dwarfutils 20120410-2+deb8u1
NOTE: https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/
@@ -12400,6 +12411,7 @@
NOTE: https://sourceforge.net/p/libdwarf/code/ci/b6ec2dfd850929821626ea63fb0a752076a3c08a/
CVE-2016-5036
RESERVED
+ {DLA-669-1}
- dwarfutils 20160507+git20160523.9086738-1
[jessie] - dwarfutils 20120410-2+deb8u1
NOTE: https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/
@@ -12411,6 +12423,7 @@
NOTE: https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/
CVE-2016-5034
RESERVED
+ {DLA-669-1}
- dwarfutils 20160507+git20160523.9086738-1
[jessie] - dwarfutils 20120410-2+deb8u1
NOTE: https://sourceforge.net/p/libdwarf/code/ci/10ca310f64368dc083efacac87732c02ef560a92/
@@ -21310,6 +21323,7 @@
CVE-2015-8788
RESERVED
CVE-2016-2091 (The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf ...)
+ {DLA-669-1}
- dwarfutils 20160507-1 (bug #813148)
[jessie] - dwarfutils 20120410-2+deb8u1
NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/3
@@ -22065,6 +22079,7 @@
NOTE: Patch: https://lists.gnu.org/archive/html/bug-cpio/2016-01/msg00005.html
CVE-2016-2050 [Out-of-bounds write in get_abbrev_array_info]
RESERVED
+ {DLA-669-1}
- dwarfutils 20160507+git20160523.9086738-1 (unimportant)
[jessie] - dwarfutils 20120410-2+deb8u1
NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/9
@@ -23991,7 +24006,7 @@
NOTE: like other distribution did.
CVE-2015-8750
RESERVED
- {DLA-388-1}
+ {DLA-669-1 DLA-388-1}
- dwarfutils 20160507-1 (bug #813182)
[jessie] - dwarfutils 20120410-2+deb8u1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1294264
@@ -27731,6 +27746,7 @@
NOT-FOR-US: IBM
CVE-2015-8538 [a out of bound read bug is found in libdwarf]
RESERVED
+ {DLA-669-1}
- dwarfutils 20160507-1 (bug #807817)
[jessie] - dwarfutils 20120410-2+deb8u1
[squeeze] - dwarfutils <not-affected> (No segfault with provided test case)
More information about the Secure-testing-commits
mailing list