[Secure-testing-commits] r44661 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Sep 16 21:10:16 UTC 2016
Author: sectracker
Date: 2016-09-16 21:10:16 +0000 (Fri, 16 Sep 2016)
New Revision: 44661
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-16 17:40:28 UTC (rev 44660)
+++ data/CVE/list 2016-09-16 21:10:16 UTC (rev 44661)
@@ -1,4 +1,5 @@
CVE-2016-7423 [scsi: mptsas: OOB access when freeing MPTSASRequest object]
+ RESERVED
- qemu <unfixed>
[jessie] - qemu <not-affected> (Vulnerable code introduced later)
[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
@@ -10,6 +11,7 @@
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=e351b82611293683c4cabe4b69b7552bde5d4e2a (v2.6.0-rc0)
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=670e56d3ed2918b3861d9216f2c0540d9e9ae0d5
CVE-2016-7422 [virtio: null pointer dereference in virtqueue_map_desc]
+ RESERVED
- qemu <unfixed>
[jessie] - qemu <not-affected> (Vulnerable code introduced later)
[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
@@ -19,6 +21,7 @@
NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=3b3b0628217e2726069990ff9942a5d6d9816bd7 (v2.6.0-rc0)
NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/4
CVE-2016-7421 [scsi: pvscsi: infinite loop when processing IO requests]
+ RESERVED
- qemu <unfixed>
[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after 1.5)
- qemu-kvm <not-affected> (Vulnerable code not present, introduced after 1.5)
@@ -2219,8 +2222,7 @@
RESERVED
CVE-2016-7424
RESERVED
-CVE-2016-7420 [Library documentation lacks treatment of -DNDEBUG and Static Initialization]
- RESERVED
+CVE-2016-7420 (Crypto++ (aka cryptopp) through 5.6.4 does not document the ...)
- libcrypto++ <unfixed>
NOTE: https://github.com/weidai11/cryptopp/issues/277
CVE-2016-7419
@@ -3555,8 +3557,8 @@
RESERVED
CVE-2016-6937
RESERVED
-CVE-2016-6936
- RESERVED
+CVE-2016-6936 (Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support ...)
+ TODO: check
CVE-2016-6935
RESERVED
CVE-2016-6934
@@ -4242,7 +4244,7 @@
RESERVED
CVE-2016-6662 [privilege escalation through ld_preload hijacking and my.cnf rewrite]
RESERVED
- {DSA-3666-1}
+ {DSA-3666-1 DLA-624-1}
- mariadb-10.0 10.0.27-1
- mysql-5.6 <unfixed>
- mysql-5.5 <removed>
@@ -5503,13 +5505,11 @@
RESERVED
CVE-2016-6304
RESERVED
-CVE-2016-6303
- RESERVED
+CVE-2016-6303 (Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c ...)
- openssl <unfixed>
[jessie] - openssl <no-dsa> (Wait until next openssl update round)
NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=55d83bf7c10c7b205fffa23fa7c3977491e56c07
-CVE-2016-6302
- RESERVED
+CVE-2016-6302 (The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before ...)
- openssl <unfixed>
[jessie] - openssl <no-dsa> (Wait until next openssl update round)
NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=e97763c92c655dcf4af2860b3abd2bc4c8a267f9
@@ -12577,22 +12577,22 @@
NOT-FOR-US: Adobe
CVE-2016-4264 (The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before ...)
TODO: check
-CVE-2016-4263
- RESERVED
-CVE-2016-4262
- RESERVED
-CVE-2016-4261
- RESERVED
-CVE-2016-4260
- RESERVED
-CVE-2016-4259
- RESERVED
-CVE-2016-4258
- RESERVED
-CVE-2016-4257
- RESERVED
-CVE-2016-4256
- RESERVED
+CVE-2016-4263 (Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 ...)
+ TODO: check
+CVE-2016-4262 (Adobe Digital Editions before 4.5.2 allows attackers to execute ...)
+ TODO: check
+CVE-2016-4261 (Adobe Digital Editions before 4.5.2 allows attackers to execute ...)
+ TODO: check
+CVE-2016-4260 (Adobe Digital Editions before 4.5.2 allows attackers to execute ...)
+ TODO: check
+CVE-2016-4259 (Adobe Digital Editions before 4.5.2 allows attackers to execute ...)
+ TODO: check
+CVE-2016-4258 (Adobe Digital Editions before 4.5.2 allows attackers to execute ...)
+ TODO: check
+CVE-2016-4257 (Adobe Digital Editions before 4.5.2 allows attackers to execute ...)
+ TODO: check
+CVE-2016-4256 (Adobe Digital Editions before 4.5.2 allows attackers to execute ...)
+ TODO: check
CVE-2016-4255 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
NOT-FOR-US: Adobe
CVE-2016-4254 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
@@ -18964,13 +18964,11 @@
NOTE: What was done in OpenSSL: https://www.openssl.org/blog/blog/2016/08/24/sweet32/
NOTE: Python issue: https://bugs.python.org/issue27850
TODO: not clear if this should be assigned to individual source, like openssl and nss (openpvn got a own CVE)
-CVE-2016-2182
- RESERVED
+CVE-2016-2182 (The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 ...)
- openssl <unfixed>
[jessie] - openssl <no-dsa> (Wait until next openssl update round)
NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=07bed46f332fce8c1d157689a2cdf915a982ae34
-CVE-2016-2181
- RESERVED
+CVE-2016-2181 (The Anti-Replay feature in the DTLS implementation in OpenSSL before ...)
- openssl <unfixed>
[jessie] - openssl <no-dsa> (Wait until next openssl update round)
NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=1fb9fdc3027b27d8eb6a1e6a846435b070980770
@@ -18978,8 +18976,7 @@
- openssl <unfixed>
[jessie] - openssl <no-dsa> (Wait until next openssl update round)
NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=0ed26acce328ec16a3aa635f1ca37365e8c7403a
-CVE-2016-2179
- RESERVED
+CVE-2016-2179 (The DTLS implementation in OpenSSL before 1.1.0 does not properly ...)
- openssl <unfixed>
[jessie] - openssl <no-dsa> (Wait until next openssl update round)
NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=f5c7f5dfbaf0d2f7d946d0fe86f08e6bcb36ed0d
@@ -62616,7 +62613,7 @@
NOT-FOR-US: innovaphone PBX
CVE-2014-5334
RESERVED
-CVE-2014-5332 (Race condition in NVMap in NVIDIA Tegra Linux Kernel 3.10 alllows ...)
+CVE-2014-5332 (Race condition in NVMap in NVIDIA Tegra Linux Kernel 3.10 allows local ...)
- linux <not-affected> (drivers/video/tegra not present)
NOTE: http://googleprojectzero.blogspot.de/2015/01/exploiting-nvmap-to-escape-chrome.html
CVE-2014-5331 (Cross-site scripting (XSS) vulnerability in Aflax allows remote ...)
@@ -229796,7 +229793,7 @@
NOT-FOR-US: Linux Directory Penguin
CVE-2002-0484 (move_uploaded_file in PHP does not does not check for the base ...)
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-2002-0473 (db.php in phBB 2.0 (aka phBB2) RC-3 and earlier allows remote ...)
+CVE-2002-0473 (db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0464 (Directory traversal vulnerability in Hosting Controller 1.4.1 and ...)
NOT-FOR-US: Hosting Controller
@@ -230397,7 +230394,7 @@
NOT-FOR-US: Cisco
CVE-2001-1096 (Buffer overflows in muxatmd in AIX 4 allows an attacker to cause a ...)
NOT-FOR-US: AIX
-CVE-2001-1095 (Buffer overflow in uuq in AIX 4 could alllow local users to execute ...)
+CVE-2001-1095 (Buffer overflow in uuq in AIX 4 could allow local users to execute ...)
NOT-FOR-US: AIX
CVE-2001-1089 (libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to ...)
NOT-FOR-US: Data pre-dating the Security Tracker
@@ -232814,7 +232811,7 @@
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0215 (Vulnerability in SCO cu program in UnixWare 7.x allows local users to ...)
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-2000-0212 (InterAccess TelnetID Server 4.0 allows remote attackers to conduct a ...)
+CVE-2000-0212 (InterAccess TelnetD Server 4.0 allows remote attackers to conduct a ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0211 (The Windows Media server allows remote attackers to cause a denial of ...)
NOT-FOR-US: Data pre-dating the Security Tracker
@@ -233856,7 +233853,7 @@
NOT-FOR-US: Cisco
CVE-1999-0733 (Buffer overflow in VMWare 1.0.1 for Linux via a long HOME ...)
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0732 (The logging facilitity of the Debian smtp-refuser package allows local ...)
+CVE-1999-0732 (The logging facility of the Debian smtp-refuser package allows local ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0731 (The KDE klock program allows local users to unlock a session using ...)
NOT-FOR-US: Data pre-dating the Security Tracker
More information about the Secure-testing-commits
mailing list