[Secure-testing-commits] r44263 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Thu Sep 1 21:10:17 UTC 2016 

Author: sectracker
Date: 2016-09-01 21:10:15 +0000 (Thu, 01 Sep 2016)
New Revision: 44263

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-09-01 20:07:31 UTC (rev 44262)
+++ data/CVE/list	2016-09-01 21:10:15 UTC (rev 44263)
@@ -1,3 +1,5 @@
+CVE-2016-7119 (Cross-site scripting (XSS) vulnerability in the user-profile biography ...)
+	TODO: check
 CVE-2016-7117
 	RESERVED
 CVE-2016-7115 (Buffer overflow in the handle_packet function in mactelnet.c in the ...)
@@ -20,7 +22,7 @@
 	- imagemagick <unfixed> (bug #836172)
 CVE-2016-XXXX [TIFF divide by zero]
 	- imagemagick <unfixed> (bug #836171)
-CVE-2016-7118
+CVE-2016-7118 (fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image ...)
 	- linux <not-affected>
 	[wheezy] - linux <unfixed>
 	NOTE: Bit of complicated tracking information. For jessie the affected version is not in any yet
@@ -2727,7 +2729,7 @@
 	NOTE: Fixed in 1.0.16 of uClibc-ng
 CVE-2016-6263 [stringprep_utf8_nfkc_normalize reject invalid UTF-8]
 	RESERVED
-	{DLA-582-1}
+	{DSA-3658-1 DLA-582-1}
 	- libidn 1.33-1
 	NOTE: https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
 	NOTE: Test / Fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555 (libidn-1-33)
@@ -2739,7 +2741,7 @@
 	NOTE: https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156
 CVE-2015-8948 [Solve out-of-bounds-read when reading one zero byte as input]
 	RESERVED
-	{DLA-582-1}
+	{DSA-3658-1 DLA-582-1}
 	- libidn 1.33-1
 	NOTE: Fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041 (libidn-1-33)
 	NOTE: When fixing this issue, the followup fix http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60
@@ -2752,7 +2754,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/6
 CVE-2016-6261 [out-of-bounds stack read in idna_to_ascii_4i]
 	RESERVED
-	{DLA-582-1}
+	{DSA-3658-1 DLA-582-1}
 	- libidn 1.33-1
 	NOTE: https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
 	NOTE: Test: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=9a1a7e15d0706634971364493fbb06e77e74726c (libidn-1-33)
@@ -4545,20 +4547,20 @@
 	RESERVED
 CVE-2016-5681 (Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 ...)
 	NOT-FOR-US: D-Link
-CVE-2016-5680
-	RESERVED
-CVE-2016-5679
-	RESERVED
-CVE-2016-5678
-	RESERVED
-CVE-2016-5677
-	RESERVED
-CVE-2016-5676
-	RESERVED
-CVE-2016-5675
-	RESERVED
-CVE-2016-5674
-	RESERVED
+CVE-2016-5680 (Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 ...)
+	TODO: check
+CVE-2016-5679 (cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ...)
+	TODO: check
+CVE-2016-5678 (NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through ...)
+	TODO: check
+CVE-2016-5677 (NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, ...)
+	TODO: check
+CVE-2016-5676 (cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo ...)
+	TODO: check
+CVE-2016-5675 (handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO ...)
+	TODO: check
+CVE-2016-5674 (__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, ...)
+	TODO: check
 CVE-2016-5673 (UltraVNC Repeater before 1300 does not restrict destination IP ...)
 	NOT-FOR-US: UltraVNC
 CVE-2016-5672 (Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x ...)
@@ -6793,8 +6795,8 @@
 	TODO: check
 CVE-2016-5048 (SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk ...)
 	TODO: check
-CVE-2016-5047
-	RESERVED
+CVE-2016-5047 (NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote ...)
+	TODO: check
 CVE-2016-5046
 	RESERVED
 CVE-2016-5045
@@ -12573,8 +12575,8 @@
 	[wheezy] - proftpd-dfsg <no-dsa> (Minor issue; can be fixed in point release)
 	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4230
 	NOTE: Fixed in 1.3.6rc2, 1.3.5b.
-CVE-2016-3064
-	RESERVED
+CVE-2016-3064 (NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 ...)
+	TODO: check
 CVE-2016-3063
 	RESERVED
 CVE-2016-3062 (The mov_read_dref function in libavformat/mov.c in Libav before 11.7 ...)
@@ -12687,18 +12689,18 @@
 	RESERVED
 CVE-2016-3011
 	RESERVED
-CVE-2016-3010
-	RESERVED
+CVE-2016-3010 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
+	TODO: check
 CVE-2016-3009
 	RESERVED
-CVE-2016-3008
-	RESERVED
+CVE-2016-3008 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
+	TODO: check
 CVE-2016-3007
 	RESERVED
 CVE-2016-3006
 	RESERVED
-CVE-2016-3005
-	RESERVED
+CVE-2016-3005 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
+	TODO: check
 CVE-2016-3004
 	RESERVED
 CVE-2016-3003
@@ -12711,14 +12713,14 @@
 	RESERVED
 CVE-2016-2999
 	RESERVED
-CVE-2016-2998
-	RESERVED
-CVE-2016-2997
-	RESERVED
+CVE-2016-2998 (Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 ...)
+	TODO: check
+CVE-2016-2997 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
+	TODO: check
 CVE-2016-2996
 	RESERVED
-CVE-2016-2995
-	RESERVED
+CVE-2016-2995 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
+	TODO: check
 CVE-2016-2994
 	RESERVED
 CVE-2016-2993
@@ -12795,12 +12797,12 @@
 	RESERVED
 CVE-2016-2957
 	RESERVED
-CVE-2016-2956
-	RESERVED
+CVE-2016-2956 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
+	TODO: check
 CVE-2016-2955
 	RESERVED
-CVE-2016-2954
-	RESERVED
+CVE-2016-2954 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
+	TODO: check
 CVE-2016-2953
 	RESERVED
 CVE-2016-2952
@@ -15638,8 +15640,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1317012
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283355
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283358
-CVE-2016-2183
-	RESERVED
+CVE-2016-2183 (The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec ...)
 	NOTE: The CVE is assigned for the protocol flaw in the DES/3DES cipher, used as a part of the SSL/TLS protocol.
 	NOTE: What was done in OpenSSL: https://www.openssl.org/blog/blog/2016/08/24/sweet32/
 	TODO: not clear if this should be assigned to individual source, like openssl and nss (openpvn got a own CVE)
@@ -22129,8 +22130,8 @@
 	TODO: check
 CVE-2016-0386 (Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA ...)
 	TODO: check
-CVE-2016-0385
-	RESERVED
+CVE-2016-0385 (Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before ...)
+	TODO: check
 CVE-2016-0384
 	RESERVED
 CVE-2016-0383
@@ -22159,8 +22160,8 @@
 	RESERVED
 CVE-2016-0371
 	RESERVED
-CVE-2016-0370
-	RESERVED
+CVE-2016-0370 (Cross-site scripting (XSS) vulnerability in IBM Forms Experience ...)
+	TODO: check
 CVE-2016-0369
 	RESERVED
 CVE-2016-0368
@@ -22313,8 +22314,8 @@
 	RESERVED
 CVE-2016-0294
 	RESERVED
-CVE-2016-0293
-	RESERVED
+CVE-2016-0293 (Cross-site scripting (XSS) vulnerability in IBM BigFix Platform ...)
+	TODO: check
 CVE-2016-0292 (WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) ...)
 	TODO: check
 CVE-2016-0291

More information about the Secure-testing-commits mailing list