[Secure-testing-commits] r44930 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Sep 27 21:10:15 UTC 2016
Author: sectracker
Date: 2016-09-27 21:10:14 +0000 (Tue, 27 Sep 2016)
New Revision: 44930
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-27 18:42:18 UTC (rev 44929)
+++ data/CVE/list 2016-09-27 21:10:14 UTC (rev 44930)
@@ -1,3 +1,103 @@
+CVE-2016-8330
+ RESERVED
+CVE-2016-8329
+ RESERVED
+CVE-2016-8328
+ RESERVED
+CVE-2016-8327
+ RESERVED
+CVE-2016-8326
+ RESERVED
+CVE-2016-8325
+ RESERVED
+CVE-2016-8324
+ RESERVED
+CVE-2016-8323
+ RESERVED
+CVE-2016-8322
+ RESERVED
+CVE-2016-8321
+ RESERVED
+CVE-2016-8320
+ RESERVED
+CVE-2016-8319
+ RESERVED
+CVE-2016-8318
+ RESERVED
+CVE-2016-8317
+ RESERVED
+CVE-2016-8316
+ RESERVED
+CVE-2016-8315
+ RESERVED
+CVE-2016-8314
+ RESERVED
+CVE-2016-8313
+ RESERVED
+CVE-2016-8312
+ RESERVED
+CVE-2016-8311
+ RESERVED
+CVE-2016-8310
+ RESERVED
+CVE-2016-8309
+ RESERVED
+CVE-2016-8308
+ RESERVED
+CVE-2016-8307
+ RESERVED
+CVE-2016-8306
+ RESERVED
+CVE-2016-8305
+ RESERVED
+CVE-2016-8304
+ RESERVED
+CVE-2016-8303
+ RESERVED
+CVE-2016-8302
+ RESERVED
+CVE-2016-8301
+ RESERVED
+CVE-2016-8300
+ RESERVED
+CVE-2016-8299
+ RESERVED
+CVE-2016-8298
+ RESERVED
+CVE-2016-8297
+ RESERVED
+CVE-2016-8296
+ RESERVED
+CVE-2016-8295
+ RESERVED
+CVE-2016-8294
+ RESERVED
+CVE-2016-8293
+ RESERVED
+CVE-2016-8292
+ RESERVED
+CVE-2016-8291
+ RESERVED
+CVE-2016-8290
+ RESERVED
+CVE-2016-8289
+ RESERVED
+CVE-2016-8288
+ RESERVED
+CVE-2016-8287
+ RESERVED
+CVE-2016-8286
+ RESERVED
+CVE-2016-8285
+ RESERVED
+CVE-2016-8284
+ RESERVED
+CVE-2016-8283
+ RESERVED
+CVE-2016-8282
+ RESERVED
+CVE-2016-8281
+ RESERVED
CVE-2016-1000244
RESERVED
CVE-2016-1000243
@@ -71,8 +171,8 @@
TODO: check if older versions are affected even due to lack of usb_xhci_exit
CVE-2016-8280
RESERVED
-CVE-2016-8279
- RESERVED
+CVE-2016-8279 (The video driver in Huawei Mate S smartphones with software CRR-TL00 ...)
+ TODO: check
CVE-2016-8278
RESERVED
CVE-2016-8277
@@ -2156,7 +2256,7 @@
CVE-2016-7555
RESERVED
CVE-2016-7554 [overread end of atom 'stsd' by 4294967134 bytes]
- RESERVED
+ REJECTED
- ffmpeg <unfixed>
NOTE: Reproducer as in afl source ffmpeg-h264-call-stack-overflow.mp4
NOTE: http://www.openwall.com/lists/oss-security/2016/09/25/2
@@ -3114,8 +3214,7 @@
NOTE: Not affected versions: libcurl < 7.11.1 and libcurl >= 7.50.3
CVE-2016-7165
RESERVED
-CVE-2016-7162
- RESERVED
+CVE-2016-7162 (The _g_file_remove_directory function in file-utils.c in File Roller ...)
- file-roller 3.20.3-1
[jessie] - file-roller <no-dsa> (Minor issue)
[wheezy] - file-roller <not-affected> (Vulnerable code introduced in 3.5.4)
@@ -3273,8 +3372,7 @@
[wheezy] - charybdis <no-dsa> (unsupported)
NOTE: charybdis patch: https://github.com/charybdis-ircd/charybdis/commit/818a3fda944b26d4814132cee14cfda4ea4aa824
NOTE: http://www.openwall.com/lists/oss-security/2016/09/04/3
-CVE-2016-7142 [certificate fingerprint spoofing through crafted SASL messages]
- RESERVED
+CVE-2016-7142 (The m_sasl module in InspIRCd before 2.0.23, when used with a service ...)
{DSA-3662-1}
- inspircd 2.0.23-1 (bug #836706)
NOTE: http://www.inspircd.org/2016/09/03/v2023-released.html
@@ -3468,8 +3566,7 @@
NOTE: http://xenbits.xen.org/xsa/advisory-185.html
CVE-2016-7090
RESERVED
-CVE-2016-7098 [files rejected by access list are kept on the disk for the duration of HTTP connection]
- RESERVED
+CVE-2016-7098 (Race condition in wget 1.17 and earlier, when used in recursive or ...)
- wget <unfixed> (low; bug #836503)
[jessie] - wget <no-dsa> (Minor issue)
[wheezy] - wget <no-dsa> (Minor issue)
@@ -3564,8 +3661,7 @@
RESERVED
CVE-2016-7053
RESERVED
-CVE-2016-7052
- RESERVED
+CVE-2016-7052 (crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to ...)
- openssl 1.0.2j-1
[wheezy] - openssl <not-affected> (Introduced in 1.0.2i)
[jessie] - openssl <not-affected> (Introduced in 1.0.2i)
@@ -3727,8 +3823,8 @@
RESERVED
CVE-2016-6981
RESERVED
-CVE-2016-6980
- RESERVED
+CVE-2016-6980 (Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 ...)
+ TODO: check
CVE-2016-6979
RESERVED
CVE-2016-6978
@@ -3863,8 +3959,8 @@
RESERVED
CVE-2016-6914
RESERVED
-CVE-2016-6913
- RESERVED
+CVE-2016-6913 (Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before ...)
+ TODO: check
CVE-2016-6912
RESERVED
CVE-2016-6911
@@ -3881,8 +3977,8 @@
RESERVED
CVE-2016-6904
RESERVED
-CVE-2016-6901
- RESERVED
+CVE-2016-6901 (Format string vulnerability in Huawei AR100, AR120, AR150, AR200, ...)
+ TODO: check
CVE-2016-6900 (The Intelligent Baseboard Management Controller (iBMC) in Huawei ...)
TODO: check
CVE-2016-6899 (The Intelligent Baseboard Management Controller (iBMC) in Huawei ...)
@@ -4012,18 +4108,18 @@
RESERVED
CVE-2016-6841
RESERVED
-CVE-2016-6840
- RESERVED
+CVE-2016-6840 (Cross-site scripting (XSS) vulnerability in the management interface ...)
+ TODO: check
CVE-2016-6839 (CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 ...)
TODO: check
CVE-2016-6838 (Huawei X6800 and XH620 V3 servers with software before ...)
TODO: check
CVE-2016-6829
RESERVED
-CVE-2016-6827
- RESERVED
-CVE-2016-6826
- RESERVED
+CVE-2016-6827 (Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES ...)
+ TODO: check
+CVE-2016-6826 (Huawei AnyMail before 2.6.0301.0060 allows remote attackers to cause a ...)
+ TODO: check
CVE-2016-6825 (Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before ...)
TODO: check
CVE-2016-6824 (Huawei AC6003, AC6005, AC6605, and ACU2 access controllers with ...)
@@ -4147,7 +4243,7 @@
[jessie] - shiro <no-dsa> (Minor issue)
TODO: check if affecting versions in Debian, issue fixed upstream with 1.3.2 release,
CVE-2016-6801 (Cross-site request forgery (CSRF) vulnerability in the CSRF ...)
- {DLA-629-1}
+ {DSA-3679-1 DLA-629-1}
- jackrabbit 2.12.4-1 (bug #838204)
NOTE: http://svn.apache.org/r1758791 (2.4.x)
NOTE: http://svn.apache.org/r1758771 (2.6.x)
@@ -5248,8 +5344,8 @@
CVE-2016-6519 [persistent XSS in metadata field]
RESERVED
- manila-ui <unfixed> (bug #838017)
-CVE-2016-6518
- RESERVED
+CVE-2016-6518 (Memory leak in Huawei S9300, S5300, S5700, S6700, S7700, S9700, and ...)
+ TODO: check
CVE-2016-6517
RESERVED
CVE-2016-6515 (The auth_password function in auth-passwd.c in sshd in OpenSSH before ...)
@@ -5869,38 +5965,32 @@
CVE-2016-6310
RESERVED
NOT-FOR-US: ovirt-engine
-CVE-2016-6309
- RESERVED
+CVE-2016-6309 (statem/statem.c in OpenSSL 1.1.0a does not consider memory-block ...)
[experimental] - openssl 1.1.0b-1
- openssl <not-affected> (Only affects 1.1)
NOTE: https://www.openssl.org/news/secadv/20160926.txt
-CVE-2016-6308
- RESERVED
+CVE-2016-6308 (statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 ...)
[experimental] - openssl 1.1.0a-1
- openssl <not-affected> (Only affects 1.1)
NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=48c054fec3506417b2598837b8062aae7114c200
NOTE: https://www.openssl.org/news/secadv/20160922.txt
-CVE-2016-6307
- RESERVED
+CVE-2016-6307 (The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a ...)
[experimental] - openssl 1.1.0a-1
- openssl <not-affected> (Only affects 1.1)
NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=c1ef7c971d0bbf117c3c80f65b5875e2e7b024b1
NOTE: https://www.openssl.org/news/secadv/20160922.txt
-CVE-2016-6306
- RESERVED
+CVE-2016-6306 (The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before ...)
{DSA-3673-1 DLA-637-1}
- openssl 1.0.2i-1
NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=ff553f837172ecb2b5c8eca257ec3c5619a4b299
NOTE: https://www.openssl.org/news/secadv/20160922.txt
NOTE: Fixed in 1.0.2i, 1.0.1u
-CVE-2016-6305 [SSL_peek() hang on empty record]
- RESERVED
+CVE-2016-6305 (The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 ...)
[experimental] - openssl 1.1.0a-1
- openssl <not-affected> (Only affects 1.1)
NOTE: https://www.openssl.org/news/secadv/20160922.txt
NOTE: Fixed in 1.1.0a
-CVE-2016-6304 [OCSP Status Request extension unbounded memory growth]
- RESERVED
+CVE-2016-6304 (Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 ...)
{DSA-3673-1 DLA-637-1}
[experimental] - openssl 1.1.0a-1
- openssl 1.0.2i-1
@@ -5986,8 +6076,8 @@
RESERVED
CVE-2016-6277
RESERVED
-CVE-2016-6276
- RESERVED
+CVE-2016-6276 (Citrix Linux Virtual Delivery Agent (aka VDA, formerly Linux Virtual ...)
+ TODO: check
CVE-2016-6275
RESERVED
CVE-2016-6274
@@ -6810,8 +6900,7 @@
- nsd <unfixed> (bug #830806)
[jessie] - nsd <no-dsa> (Minor issue)
NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790
-CVE-2016-6172
- RESERVED
+CVE-2016-6172 (PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote ...)
{DSA-3664-1 DLA-627-1}
- pdns 4.0.1-1 (bug #830808)
NOTE: https://github.com/PowerDNS/pdns/issues/4128
@@ -6873,14 +6962,14 @@
NOT-FOR-US: SAP TREX
CVE-2016-6146
RESERVED
-CVE-2016-6145 (The SQL interface in SAP HANA provides different error messages for ...)
+CVE-2016-6145 (The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides ...)
NOT-FOR-US: SAP HANA
CVE-2016-6144 (The SQL interface in SAP HANA before Revision 102 does not limit the ...)
NOT-FOR-US: SAP HANA
CVE-2016-6143
RESERVED
-CVE-2016-6142
- RESERVED
+CVE-2016-6142 (SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers ...)
+ TODO: check
CVE-2016-6141
RESERVED
CVE-2016-6140 (SAP TREX 7.10 Revision 63 allows remote attackers to write to ...)
@@ -6913,8 +7002,7 @@
[jessie] - tcpreplay 3.4.4-2+deb8u1
CVE-2016-6133
RESERVED
-CVE-2016-6153 [SQLite Tempdir Selection Vulnerability]
- RESERVED
+CVE-2016-6153 (os_unix.c in SQLite before 3.13.0 improperly implements the temporary ...)
{DLA-543-1}
- sqlite3 3.13.0-1
[jessie] - sqlite3 3.8.7.1-1+deb8u2
@@ -7109,8 +7197,8 @@
RESERVED
CVE-2016-6039
RESERVED
-CVE-2016-6038
- RESERVED
+CVE-2016-6038 (Directory traversal vulnerability in Eclipse Help in IBM Tivoli ...)
+ TODO: check
CVE-2016-6037
RESERVED
CVE-2016-6036
@@ -7701,8 +7789,8 @@
RESERVED
CVE-2016-5747
RESERVED
-CVE-2016-5746
- RESERVED
+CVE-2016-5746 (libstorage, libstorage-ng, and yast-storage improperly store ...)
+ TODO: check
CVE-2016-5745
RESERVED
CVE-2015-8945 (openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores ...)
@@ -8858,8 +8946,7 @@
NOTE: by some vendors.
CVE-2016-5407
RESERVED
-CVE-2016-5406
- RESERVED
+CVE-2016-5406 (The domain controller in Red Hat JBoss Enterprise Application Platform ...)
NOT-FOR-US: JBoss EAP
CVE-2016-5405
RESERVED
@@ -8901,8 +8988,7 @@
RESERVED
CVE-2016-5396
RESERVED
-CVE-2016-5395
- RESERVED
+CVE-2016-5395 (Cross-site scripting (XSS) vulnerability in the create user ...)
NOT-FOR-US: Apache Ranger
CVE-2016-5394
RESERVED
@@ -10657,8 +10743,7 @@
{DSA-3612-1 DLA-525-1}
- gimp 2.8.16-2.2 (bug #828179)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=767873
-CVE-2016-4993
- RESERVED
+CVE-2016-4993 (CRLF injection vulnerability in the Undertow web server in WildFly ...)
NOT-FOR-US: JBoss Enterprise Application Platform
CVE-2016-4992 [Information disclosure via repeated use of LDAP ADD operation]
RESERVED
@@ -10728,8 +10813,7 @@
- gcc-mingw-w64 <unfixed>
[jessie] - gcc-mingw-w64 <no-dsa> (Minor issue)
- mingw32 <removed>
-CVE-2016-4972 [RCE vulnerability in Openstack Murano using insecure YAML tags]
- RESERVED
+CVE-2016-4972 (OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), ...)
- murano 1:2.0.1-1 (bug #828062)
NOTE: Affects: Murano: <=2015.1.1; <=1.0.2; ==2.0.0
- murano-dashboard 1:2.0.0-5 (bug #828064)
@@ -12928,8 +13012,7 @@
RESERVED
CVE-2016-4304
RESERVED
-CVE-2016-4303 [JSON parsing vulnerability]
- RESERVED
+CVE-2016-4303 (The parse_string function in cjson.c in the cJSON library mishandles ...)
- iperf3 3.1.3-1 (bug #827116)
[jessie] - iperf3 <no-dsa> (Minor issue)
NOTE: https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc
@@ -14852,8 +14935,8 @@
RESERVED
CVE-2016-3640 (The Extended Application Services (aka XS or XS Engine) in SAP HANA DB ...)
TODO: check
-CVE-2016-3639
- RESERVED
+CVE-2016-3639 (SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain ...)
+ TODO: check
CVE-2016-3638
RESERVED
CVE-2016-3637
@@ -16114,8 +16197,7 @@
CVE-2016-3111
RESERVED
NOT-FOR-US: Pulp (Red Hat)
-CVE-2016-3110
- RESERVED
+CVE-2016-3110 (mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote ...)
- libapache2-mod-cluster <itp> (bug #731410)
CVE-2016-3109
RESERVED
@@ -17352,8 +17434,10 @@
REJECTED
CVE-2016-2776 [BIND assertion failure due to crafted query]
RESERVED
+ {DSA-3680-1}
- bind9 <unfixed> (bug #839010)
CVE-2016-2775 (ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x ...)
+ {DSA-3680-1}
- bind9 <unfixed> (bug #831796)
[wheezy] - bind9 <no-dsa> (Minor issue; lwresd not commonly used)
NOTE: https://kb.isc.org/article/AA-01393/74/CVE-2016-2775
More information about the Secure-testing-commits
mailing list