[Secure-testing-commits] r44899 - data/CVE

Sun Sep 25 21:10:16 UTC 2016

Author: sectracker
Date: 2016-09-25 21:10:15 +0000 (Sun, 25 Sep 2016)
New Revision: 44899

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-09-25 18:31:10 UTC (rev 44898)
+++ data/CVE/list	2016-09-25 21:10:15 UTC (rev 44899)
@@ -2169,6 +2169,7 @@
 	RESERVED
 CVE-2016-7545 [SELinux sandbox escape via TIOCSTI ioctl]
 	RESERVED
+	{DLA-638-1}
 	- policycoreutils <unfixed> (bug #838599)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1378577
 	NOTE: Upstream mailing list discussion: https://marc.info/?t=147463464400001&r=1&w=2
@@ -3145,7 +3146,7 @@
 	NOTE: Only affects Xen 4.4, as workaround it is marked as fixed in the first xen version entering unstable
 	NOTE: after the 4.4 series.
 CVE-2016-7166 (libarchive before 3.2.0 does not limit the number of recursive ...)
-	{DLA-617-1}
+	{DSA-3677-1 DLA-617-1}
 	- libarchive 3.2.0-2
 	NOTE: https://github.com/libarchive/libarchive/issues/660
 	NOTE: (with reproducer) https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207362
@@ -3362,6 +3363,7 @@
 CVE-2016-7117
 	RESERVED
 CVE-2016-7115 (Buffer overflow in the handle_packet function in mactelnet.c in the ...)
+	{DLA-639-1}
 	- mactelnet <unfixed> (bug #836320)
 	[jessie] - mactelnet <no-dsa> (Minor issue, can be fixed via point release)
 	NOTE: https://github.com/haakonnessjoen/MAC-Telnet/commit/b69d11727d4f0f8cf719c79e3fb700f55ca03e9a
@@ -5865,7 +5867,7 @@
 	NOTE: https://www.openssl.org/news/secadv/20160922.txt
 CVE-2016-6306
 	RESERVED
-	{DSA-3673-1}
+	{DSA-3673-1 DLA-637-1}
 	- openssl 1.0.2i-1
 	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=ff553f837172ecb2b5c8eca257ec3c5619a4b299
 	NOTE: https://www.openssl.org/news/secadv/20160922.txt
@@ -5878,19 +5880,19 @@
 	NOTE: Fixed in 1.1.0a
 CVE-2016-6304 [OCSP Status Request extension unbounded memory growth]
 	RESERVED
-	{DSA-3673-1}
+	{DSA-3673-1 DLA-637-1}
 	[experimental] - openssl 1.1.0a-1
 	- openssl 1.0.2i-1
 	NOTE: https://www.openssl.org/news/secadv/20160922.txt
 	NOTE: Fixed in 1.1.0a, 1.0.2i, 1.0.1u
 CVE-2016-6303 (Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c ...)
-	{DSA-3673-1}
+	{DSA-3673-1 DLA-637-1}
 	- openssl 1.0.2i-1
 	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=55d83bf7c10c7b205fffa23fa7c3977491e56c07
 	NOTE: https://www.openssl.org/news/secadv/20160922.txt
 	NOTE: Fixed in 1.0.2i, 1.0.1u
 CVE-2016-6302 (The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before ...)
-	{DSA-3673-1}
+	{DSA-3673-1 DLA-637-1}
 	- openssl 1.0.2i-1
 	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=e97763c92c655dcf4af2860b3abd2bc4c8a267f9
 	NOTE: https://www.openssl.org/news/secadv/20160922.txt
@@ -6351,7 +6353,7 @@
 	NOTE: util-vserver (jessie, sid), mksh (sid, experimental)
 	NOTE: http://news.gmane.org/find-root.php?message_id=alpine.DEB.2.20.1607181048300.24083%40tglase.lan.tarent.de
 CVE-2016-6250 (Integer overflow in the ISO9660 writer in libarchive before 3.2.1 ...)
-	{DLA-554-1}
+	{DSA-3677-1 DLA-554-1}
 	- libarchive 3.2.1-1 (low)
 	NOTE: https://github.com/libarchive/libarchive/issues/711
 	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/3014e19820ea53c15c90f9d447ca3e668a0b76c6 (v3.2.1)
@@ -8777,6 +8779,7 @@
 	NOTE: Fixed by https://curl.haxx.se/CVE-2016-5419.patch
 	NOTE: Wheezy: vulnerable code is in lib/sslgen.c
 CVE-2016-5418 (The sandboxing code in libarchive 3.2.0 and earlier mishandles ...)
+	{DSA-3677-1}
 	- libarchive <unfixed> (bug #837714)
 	NOTE: Centos patch: https://git.centos.org/blob/rpms!libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES!libarchive-3.1.2-CVE-2016-5418.patch;jsessionid=1dexz8h9qdewibih5aonbu3
 	NOTE: Centos additional patch: https://git.centos.org/blob/rpms!libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES!libarchive-3.1.2-CVE-2016-5418-variation.patch;jsessionid=1dexz8h9qdewibih5aonbu3
@@ -19409,38 +19412,38 @@
 	NOTE: Python issue: https://bugs.python.org/issue27850
 	TODO: not clear if this should be assigned to individual source, like openssl and nss (openpvn got a own CVE)
 CVE-2016-2182 (The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 ...)
-	{DSA-3673-1}
+	{DSA-3673-1 DLA-637-1}
 	- openssl 1.0.2i-1
 	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=07bed46f332fce8c1d157689a2cdf915a982ae34
 	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=099e2968ed3c7d256cda048995626664082b1b30
 	NOTE: https://www.openssl.org/news/secadv/20160922.txt
 	NOTE: Fixed in 1.0.2i, 1.0.1u
 CVE-2016-2181 (The Anti-Replay feature in the DTLS implementation in OpenSSL before ...)
-	{DSA-3673-1}
+	{DSA-3673-1 DLA-637-1}
 	- openssl 1.0.2i-1
 	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=1fb9fdc3027b27d8eb6a1e6a846435b070980770
 	NOTE: https://www.openssl.org/news/secadv/20160922.txt
 	NOTE: Fixed in 1.0.2i, 1.0.1u
 CVE-2016-2180 (The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 ...)
-	{DSA-3673-1}
+	{DSA-3673-1 DLA-637-1}
 	- openssl 1.0.2i-1
 	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=0ed26acce328ec16a3aa635f1ca37365e8c7403a
 	NOTE: https://www.openssl.org/news/secadv/20160922.txt
 	NOTE: Fixed in 1.0.2i, 1.0.1u
 CVE-2016-2179 (The DTLS implementation in OpenSSL before 1.1.0 does not properly ...)
-	{DSA-3673-1}
+	{DSA-3673-1 DLA-637-1}
 	- openssl 1.0.2i-1
 	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=f5c7f5dfbaf0d2f7d946d0fe86f08e6bcb36ed0d
 	NOTE: https://www.openssl.org/news/secadv/20160922.txt
 	NOTE: Fixed in 1.0.2i, 1.0.1u
 CVE-2016-2178 (The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL ...)
-	{DSA-3673-1}
+	{DSA-3673-1 DLA-637-1}
 	- openssl 1.0.2i-1 (low)
 	NOTE: Fixed in master branch in https://git.openssl.org/?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2
 	NOTE: https://www.openssl.org/news/secadv/20160922.txt
 	NOTE: Fixed in 1.0.2i, 1.0.1u
 CVE-2016-2177 (OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for ...)
-	{DSA-3673-1}
+	{DSA-3673-1 DLA-637-1}
 	- openssl 1.0.2i-1 (low)
 	NOTE: Fixed in 1.0.2 branch in https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7
 	NOTE: https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/


