[Secure-testing-commits] r44282 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Sep 2 21:10:12 UTC 2016 

Author: sectracker
Date: 2016-09-02 21:10:12 +0000 (Fri, 02 Sep 2016)
New Revision: 44282

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-09-02 20:53:05 UTC (rev 44281)
+++ data/CVE/list	2016-09-02 21:10:12 UTC (rev 44282)
@@ -1,3 +1,5 @@
+CVE-2016-7120
+	RESERVED
 CVE-2016-7134 [Heap overflow in curl_escape]
 	- php7.0 7.0.10-1
 	- php5 <not-affected> (Only affects PHP 7)
@@ -55,7 +57,7 @@
 CVE-2016-7127 [imagegammacorrect allows arbitrary write access]
 	- libgd2 <unfixed>
 	- php7.0 7.0.10-1 (unimportant)
-        - php5 <unfixed> (unimportant)
+	- php5 <unfixed> (unimportant)
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72730
 	NOTE: Fixed in 7.0.10, 5.6.25
 	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
@@ -63,7 +65,7 @@
 CVE-2016-7126 [select_colors write out-of-bounds]
 	- libgd2 <unfixed>
 	- php7.0 7.0.10-1 (unimportant)
-        - php5 <unfixed> (unimportant)
+	- php5 <unfixed> (unimportant)
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72697
 	NOTE: Fixed in 7.0.10, 5.6.25
 	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
@@ -109,6 +111,7 @@
 CVE-2016-XXXX [TIFF divide by zero]
 	- imagemagick <unfixed> (bug #836171)
 CVE-2016-7118 (fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image ...)
+	{DLA-609-1}
 	- linux <not-affected>
 	[wheezy] - linux <unfixed>
 	NOTE: Bit of complicated tracking information. For jessie the affected version is not in any yet
@@ -776,6 +779,7 @@
 	NOTE: http://bugs.call-cc.org/ticket/1308
 CVE-2016-6828 [Linux tcp_xmit_retransmit_queue use after free]
 	RESERVED
+	{DLA-609-1}
 	- linux 4.7.2-1
 CVE-2016-6822
 	RESERVED
@@ -1970,8 +1974,7 @@
 	[wheezy] - qemu-kvm <not-affected> (Issue introduced later)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-07/msg06246.html
 	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=3b3b0628217e2726069990ff9942a5d6d9816bd7 (v2.6.0-rc0)
-CVE-2016-6483
-	RESERVED
+CVE-2016-6483 (The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, ...)
 	NOT-FOR-US: vBulletin
 CVE-2016-6482
 	RESERVED
@@ -1982,6 +1985,7 @@
 	- redis 2:3.2.1-4 (bug #832460)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/1
 CVE-2016-6480 (Race condition in the ioctl_send_fib function in ...)
+	{DLA-609-1}
 	- linux 4.7.2-1
 CVE-2016-6478
 	RESERVED
@@ -2187,8 +2191,8 @@
 	RESERVED
 CVE-2016-6377
 	RESERVED
-CVE-2016-6376
-	RESERVED
+CVE-2016-6376 (The Adaptive Wireless Intrusion Prevention System (wIPS) feature on ...)
+	TODO: check
 CVE-2016-6375
 	RESERVED
 CVE-2016-6374
@@ -2421,8 +2425,7 @@
 	REJECTED
 CVE-2016-6299
 	RESERVED
-CVE-2016-6298
-	RESERVED
+CVE-2016-6298 (The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in ...)
 	- python-jwcrypto <undetermined>
 	NOTE: https://github.com/latchset/jwcrypto/issues/65
 	NOTE: https://github.com/latchset/jwcrypto/pull/66
@@ -3391,6 +3394,7 @@
 CVE-2016-6137
 	RESERVED
 CVE-2016-6136 (Race condition in the audit_log_single_execve_arg function in ...)
+	{DLA-609-1}
 	- linux 4.7.2-1
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=120681
 	NOTE: https://github.com/linux-audit/audit-kernel/issues/18
@@ -4341,7 +4345,7 @@
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b
 	NOTE: Reproducer http://bugs.fi/media/afl/imagemagick/CVE-2016-5841.jpg
 CVE-2016-5829 (Multiple heap-based buffer overflows in the hiddev_ioctl_usage ...)
-	{DSA-3616-1}
+	{DSA-3616-1 DLA-609-1}
 	- linux 4.6.3-1
 	NOTE: Fixed by: https://git.kernel.org/linus/93a2001bdfd5376c3dc2158653034c20392d15c5
 CVE-2016-5828 (The start_thread function in arch/powerpc/kernel/process.c in the ...)
@@ -5375,6 +5379,7 @@
 CVE-2016-5390 (Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote ...)
 	- foreman <itp> (bug #663101)
 CVE-2016-5696 (net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly ...)
+	{DLA-609-1}
 	- linux 4.7.2-1
 	NOTE: Introduced by: https://github.com/torvalds/linux/commit/282f23c6ee343126156dd41218b22ece96d747e3
 	NOTE: Fixed by: https://github.com/torvalds/linux/commit/75ff39ccc1bd5d3c455b6822ab09e533c551f758
@@ -7646,18 +7651,18 @@
 	RESERVED
 CVE-2016-4854
 	RESERVED
-CVE-2016-4853
-	RESERVED
+CVE-2016-4853 (AKABEi SOFT2 games allow remote attackers to execute arbitrary OS ...)
+	TODO: check
 CVE-2016-4852
 	RESERVED
-CVE-2016-4851
-	RESERVED
+CVE-2016-4851 (Cross-site scripting (XSS) vulnerability in Let's PHP! simple chat ...)
+	TODO: check
 CVE-2016-4850
 	RESERVED
 CVE-2016-4849
 	RESERVED
-CVE-2016-4848
-	RESERVED
+CVE-2016-4848 (Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 ...)
+	TODO: check
 CVE-2016-4847
 	RESERVED
 CVE-2016-4846
@@ -8833,7 +8838,7 @@
 	RESERVED
 	NOT-FOR-US: Red Hat CloudForms
 CVE-2016-4470 (The key_reject_and_link function in security/keys/key.c in the Linux ...)
-	{DSA-3607-1}
+	{DSA-3607-1 DLA-609-1}
 	- linux 4.6.2-2
 	NOTE: Fixed by: https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a
 CVE-2016-4469 (Multiple cross-site request forgery (CSRF) vulnerabilities in Apache ...)
@@ -9402,8 +9407,8 @@
 	NOT-FOR-US: Adobe
 CVE-2016-4265 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
 	NOT-FOR-US: Adobe
-CVE-2016-4264
-	RESERVED
+CVE-2016-4264 (The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before ...)
+	TODO: check
 CVE-2016-4263
 	RESERVED
 CVE-2016-4262
@@ -10629,6 +10634,7 @@
 CVE-2016-3858
 	RESERVED
 CVE-2016-3857 (The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices ...)
+	{DLA-609-1}
 	- linux 4.7.2-1 (unimportant)
 	NOTE: Fixed by: https://git.kernel.org/linus/7de249964f5578e67b99699c5f0b405738d820a2 (v4.8-rc2)
 	NOTE: CONFIG_OABI_COMPAT disabled in 3.13.4-1, cf. #728975
@@ -18493,14 +18499,14 @@
 	RESERVED
 CVE-2016-1474 (Cisco Prime Infrastructure 2.2(2) does not properly restrict use of ...)
 	TODO: check
-CVE-2016-1473
-	RESERVED
-CVE-2016-1472
-	RESERVED
-CVE-2016-1471
-	RESERVED
-CVE-2016-1470
-	RESERVED
+CVE-2016-1473 (Cisco Small Business 220 devices with firmware before 1.0.1.1 have a ...)
+	TODO: check
+CVE-2016-1472 (The web-based management interface on Cisco Small Business 220 devices ...)
+	TODO: check
+CVE-2016-1471 (Cross-site scripting (XSS) vulnerability in the web-based management ...)
+	TODO: check
+CVE-2016-1470 (Cross-site request forgery (CSRF) vulnerability in the web-based ...)
+	TODO: check
 CVE-2016-1469
 	RESERVED
 CVE-2016-1468 (The administrative web interface in Cisco TelePresence Video ...)

More information about the Secure-testing-commits mailing list