[Secure-testing-commits] r44729 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Sun Sep 18 21:10:22 UTC 2016
Author: sectracker
Date: 2016-09-18 21:10:21 +0000 (Sun, 18 Sep 2016)
New Revision: 44729
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-18 18:52:46 UTC (rev 44728)
+++ data/CVE/list 2016-09-18 21:10:21 UTC (rev 44729)
@@ -70,6 +70,7 @@
CVE-2016-8201
RESERVED
CVE-2016-7444 [GNUTLS-SA-2016-3: missing OCSP response serial length check]
+ RESERVED
- gnutls28 3.5.3-4
NOTE: https://gnutls.org/security.html#GNUTLS-SA-2016-3
NOTE: http://lists.gnutls.org/pipermail/gnutls-devel/2016-September/008146.html
@@ -3927,6 +3928,7 @@
TODO: check if affecting versions in Debian, issue fixed upstream with 1.3.2 release,
CVE-2016-6801 [CSRF in Jackrabbit-Webdav using empty content-type]
RESERVED
+ {DLA-629-1}
- jackrabbit 2.12.4-1 (bug #838204)
NOTE: http://svn.apache.org/r1758791 (2.4.x)
NOTE: http://svn.apache.org/r1758771 (2.6.x)
@@ -5647,14 +5649,14 @@
CVE-2016-6272
RESERVED
CVE-2016-6297 (Integer overflow in the php_stream_zip_opener function in ...)
- {DSA-3631-1}
+ {DSA-3631-1 DLA-628-1}
- php7.0 7.0.9-1
- php5 5.6.24+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/72520
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6296 (Integer signedness error in the simplestring_addn function in ...)
- {DSA-3631-1 DLA-569-1}
+ {DSA-3631-1 DLA-628-1 DLA-569-1}
- php7.0 7.0.9-1
- php5 5.6.24+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/72606
@@ -5664,14 +5666,14 @@
[jessie] - xmlrpc-epi <no-dsa> (Can be fixed via point release, nothing depending on it in stable)
NOTE: In stretch/sid php7.0 is using the system library not the embedded one.
CVE-2016-6295 (ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x ...)
- {DSA-3631-1}
+ {DSA-3631-1 DLA-628-1}
- php7.0 7.0.9-1
- php5 5.6.24+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/72479
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=cab1c3b3708eead315e033359d07049b23b147a3
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6294 (The locale_accept_from_http function in ...)
- {DSA-3631-1}
+ {DSA-3631-1 DLA-628-1}
- php7.0 7.0.9-1
- php5 5.6.24+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/72533
@@ -5684,28 +5686,28 @@
NOTE: And possibly needs some more follow-up fixes, cf. with upstream changes
NOTE: around/later than changeset 39109.
CVE-2016-6292 (The exif_process_user_comment function in ext/exif/exif.c in PHP ...)
- {DSA-3631-1}
+ {DSA-3631-1 DLA-628-1}
- php7.0 7.0.9-1
- php5 5.6.24+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/72618
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=41131cd41d2fd2e0c2f332a27988df75659c42e4
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6291 (The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP ...)
- {DSA-3631-1}
+ {DSA-3631-1 DLA-628-1}
- php7.0 7.0.9-1
- php5 5.6.24+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/72603
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=eebcbd5de38a0f1c2876035402cb770e37476519
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6290 (ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and ...)
- {DSA-3631-1}
+ {DSA-3631-1 DLA-628-1}
- php7.0 7.0.9-1
- php5 5.6.24+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/72562
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=3798eb6fd5dddb211b01d41495072fd9858d4e32
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6289 (Integer overflow in the virtual_file_ex function in ...)
- {DSA-3631-1}
+ {DSA-3631-1 DLA-628-1}
- php7.0 7.0.9-1
- php5 5.6.24+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/72513
@@ -6463,7 +6465,7 @@
NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790
CVE-2016-6172
RESERVED
- {DSA-3664-1}
+ {DSA-3664-1 DLA-627-1}
- pdns 4.0.1-1 (bug #830808)
NOTE: https://github.com/PowerDNS/pdns/issues/4128
NOTE: Master: https://github.com/PowerDNS/pdns/pull/4133
@@ -7587,42 +7589,42 @@
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
NOTE: Fixed by: https://core.trac.wordpress.org/changeset/37773/
CVE-2016-5773 (php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before ...)
- {DSA-3618-1}
+ {DSA-3618-1 DLA-628-1}
- php7.0 7.0.8-1
- php5 5.6.23+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72434
NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=f6aef68089221c5ea047d4a74224ee3deead99a6
NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5772 (Double free vulnerability in the php_wddx_process_data function in ...)
- {DSA-3618-1}
+ {DSA-3618-1 DLA-628-1}
- php7.0 7.0.8-1
- php5 5.6.23+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72340
NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c
NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5771 (spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before ...)
- {DSA-3618-1}
+ {DSA-3618-1 DLA-628-1}
- php7.0 <not-affected> (Does not affect PHP 7.x)
- php5 5.6.23+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72433
NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c
NOTE: Fixed in 5.5.37, 5.6.23
CVE-2016-5770 (Integer overflow in the SplFileObject::fread function in ...)
- {DSA-3618-1}
+ {DSA-3618-1 DLA-628-1}
- php7.0 7.0.8-1
- php5 5.6.23+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72262
NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=7245bff300d3fa8bacbef7897ff080a6f1c23eba
NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5769 (Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP ...)
- {DSA-3618-1}
+ {DSA-3618-1 DLA-628-1}
- php7.0 7.0.8-1
- php5 5.6.23+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72455
NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=6c5211a0cef0cc2854eaa387e0eb036e012904d0
NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5768 (Double free vulnerability in the _php_mb_regex_ereg_replace_exec ...)
- {DSA-3618-1}
+ {DSA-3618-1 DLA-628-1}
- php7.0 7.0.8-1
- php5 5.6.23+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72402
@@ -8391,7 +8393,7 @@
RESERVED
CVE-2016-5427
RESERVED
- {DSA-3664-1}
+ {DSA-3664-1 DLA-627-1}
- pdns 4.0.0~alpha1-1
NOTE: Only affects PowerDNS Authoritative Server up to and including 3.4.9, 4.x not affected
NOTE: Added workaround to mark first 4.x version in unstable as fixed.
@@ -8399,7 +8401,7 @@
NOTE: https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3
CVE-2016-5426
RESERVED
- {DSA-3664-1}
+ {DSA-3664-1 DLA-627-1}
- pdns 4.0.0~alpha1-1
NOTE: Only affects PowerDNS Authoritative Server up to and including 3.4.9, 4.x not affected
NOTE: Added workaround to mark first 4.x version in unstable as fixed.
@@ -8528,7 +8530,7 @@
NOTE: Fixed by: https://git.kernel.org/linus/aa93d1fee85c890a34f2510a310e55ee76a27848 (4.7)
CVE-2016-5399 [Improper error handling in bzread()]
RESERVED
- {DSA-3631-1}
+ {DSA-3631-1 DLA-628-1}
- php7.0 7.0.9-1
- php5 5.6.24+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72613
@@ -10167,6 +10169,7 @@
RESERVED
CVE-2016-5017 [Buffer overflow vulnerability in ZooKeeper C cli shell]
RESERVED
+ {DLA-630-1}
- zookeeper 3.4.9-1
NOTE: The C cli shell is intended as a sample/example of how to use the C
NOTE: client interface, not as a production tool
@@ -11969,7 +11972,7 @@
NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4538 (The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, ...)
- {DSA-3602-1}
+ {DSA-3602-1 DLA-628-1}
- php7.0 7.0.6-1
- php5 5.6.21+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=72093
@@ -12045,6 +12048,7 @@
NOT-FOR-US: Red Hat OpenStack Overcloud image
CVE-2016-4473
RESERVED
+ {DLA-628-1}
- php5 5.6.23+dfsg-1
[jessie] - php5 5.6.23+dfsg-0+deb8u1
NOTE: The issue was introduced as part CVE-2015-6833, which was applied upstream
@@ -19439,6 +19443,7 @@
NOTE: https://bugs.php.net/bug.php?id=70661
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/03/3
CVE-2016-5114 (sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and ...)
+ {DLA-628-1}
- php5 5.6.17+dfsg-1
[jessie] - php5 5.6.17+dfsg-0+deb8u1
[squeeze] - php5 <not-affected> (vulnerable code not present)
More information about the Secure-testing-commits
mailing list