[Secure-testing-commits] r44933 - data/CVE

Wed Sep 28 21:10:14 UTC 2016

Author: sectracker
Date: 2016-09-28 21:10:13 +0000 (Wed, 28 Sep 2016)
New Revision: 44933

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-09-28 19:18:14 UTC (rev 44932)
+++ data/CVE/list	2016-09-28 21:10:13 UTC (rev 44933)
@@ -1,3 +1,23 @@
+CVE-2016-8340
+	RESERVED
+CVE-2016-8339
+	RESERVED
+CVE-2016-8338
+	RESERVED
+CVE-2016-8337
+	RESERVED
+CVE-2016-8336
+	RESERVED
+CVE-2016-8335
+	RESERVED
+CVE-2016-8334
+	RESERVED
+CVE-2016-8333
+	RESERVED
+CVE-2016-8332
+	RESERVED
+CVE-2016-8331
+	RESERVED
 CVE-2016-8330
 	RESERVED
 CVE-2016-8329
@@ -360,8 +380,7 @@
 	RESERVED
 CVE-2016-8201
 	RESERVED
-CVE-2016-7444 [GNUTLS-SA-2016-3: missing OCSP response serial length check]
-	RESERVED
+CVE-2016-7444 (The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS ...)
 	- gnutls28 3.5.3-4
 	[jessie] - gnutls28 <no-dsa> (Minor issue)
 	NOTE: https://gnutls.org/security.html#GNUTLS-SA-2016-3
@@ -2339,8 +2358,7 @@
 	RESERVED
 	- libav <removed> (unimportant)
 	NOTE: https://blogs.gentoo.org/ago/2016/09/21/libav-divide-by-zero-in-sbr_make_f_master-aacsbr-c/
-CVE-2016-7498
-	RESERVED
+CVE-2016-7498 (OpenStack Compute (nova) 13.0.0 does not properly delete instances ...)
 	- nova 2:13.1.0-1
 	[jessie] - nova <not-affected> (Vulnerable code (re)introduced later)
 	[wheezy] - nova <not-affected> (Vulnerable code (re)introduced later)
@@ -3681,14 +3699,12 @@
 	RESERVED
 	- undertow 1.4.3-1 (bug #838600)
 	NOTE: https://github.com/undertow-io/undertow/commit/c518b5a1784061d807efedcef0a03fcd35a53de2
-CVE-2016-7045
-	RESERVED
+CVE-2016-7045 (The format_send_to_gui function in the format parsing code in Irssi ...)
 	{DSA-3672-1}
 	- irssi 0.8.20-1
 	[wheezy] - irssi <not-affected> (Introduced in 0.8.17-beta)
 	NOTE: http://irssi.org/security/irssi_sa_2016.txt
-CVE-2016-7044
-	RESERVED
+CVE-2016-7044 (The unformat_24bit_color function in the format parsing code in Irssi ...)
 	{DSA-3672-1}
 	- irssi 0.8.20-1
 	[wheezy] - irssi <not-affected> (Introduced in 0.8.17-beta)
@@ -5874,8 +5890,7 @@
 	- mediawiki 1:1.27.1-1
 	[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
-CVE-2016-6330
-	RESERVED
+CVE-2016-6330 (The server in Red Hat JBoss Operations Network (JON), when SSL ...)
 	NOT-FOR-US: Red Hat / JBoss Operations Network server
 CVE-2016-6329
 	RESERVED
@@ -6960,8 +6975,8 @@
 	NOT-FOR-US: SAP HANA
 CVE-2016-6147 (An unspecified interface in SAP TREX 7.10 Revision 63 allows remote ...)
 	NOT-FOR-US: SAP TREX
-CVE-2016-6146
-	RESERVED
+CVE-2016-6146 (The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to ...)
+	TODO: check
 CVE-2016-6145 (The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides ...)
 	NOT-FOR-US: SAP HANA
 CVE-2016-6144 (The SQL interface in SAP HANA before Revision 102 does not limit the ...)
@@ -6978,8 +6993,8 @@
 	NOT-FOR-US: SAP TREX
 CVE-2016-6138 (Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows ...)
 	NOT-FOR-US: SAP TREX
-CVE-2016-6137
-	RESERVED
+CVE-2016-6137 (An unspecified function in SAP TREX 7.10 Revision 63 allows remote ...)
+	TODO: check
 CVE-2016-6136 (Race condition in the audit_log_single_execve_arg function in ...)
 	{DSA-3659-1 DLA-609-1}
 	- linux 4.7.2-1
@@ -8155,7 +8170,7 @@
 	RESERVED
 CVE-2016-5723 (Huawei FusionInsight HD before V100R002C60SPC200 allows local users to ...)
 	NOT-FOR-US: Huawei
-CVE-2016-5722 (OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and ...)
+CVE-2016-5722 (Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 ...)
 	NOT-FOR-US: OceanStor
 CVE-2016-5721 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra ...)
 	TODO: check
@@ -9422,7 +9437,7 @@
 	- libarchive 3.2.0-2
 	NOTE: https://github.com/libarchive/libarchive/issues/514
 	NOTE: Fixed by https://github.com/libarchive/libarchive/commit/9e0689c
-CVE-2015-8922 (The read_CodersInfo cuntion in archive_read_support_format_7zip.c in ...)
+CVE-2015-8922 (The read_CodersInfo function in archive_read_support_format_7zip.c in ...)
 	{DSA-3657-1 DLA-554-1}
 	- libarchive 3.2.0-2
 	NOTE: https://github.com/libarchive/libarchive/issues/513
@@ -10794,8 +10809,8 @@
 	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
 	NOTE: HTTP/2 support introduced in 2.4.17
 	NOTE: Upstream fix: https://svn.apache.org/r1750779
-CVE-2016-4978
-	RESERVED
+CVE-2016-4978 (The getObject method of the javax.jms.ObjectMessage class in the (1) ...)
+	TODO: check
 CVE-2016-4977
 	RESERVED
 CVE-2016-4976
@@ -13579,8 +13594,8 @@
 	[jessie] - wireshark <not-affected> (Only affects 2.x)
 	[wheezy] - wireshark <not-affected> (Only affects 2.x)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-19.html
-CVE-2016-4058
-	RESERVED
+CVE-2016-4058 (Cross-site scripting (XSS) vulnerability in Huawei Policy Center ...)
+	TODO: check
 CVE-2016-4057 (Huawei FusionCompute before V100R005C10SPC700 allows remote ...)
 	TODO: check
 CVE-2016-6479
@@ -17432,8 +17447,7 @@
 	RESERVED
 CVE-2016-2777
 	REJECTED
-CVE-2016-2776 [BIND assertion failure due to crafted query]
-	RESERVED
+CVE-2016-2776 (buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before ...)
 	{DSA-3680-1}
 	- bind9 <unfixed> (bug #839010)
 CVE-2016-2775 (ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x ...)
@@ -210756,7 +210770,7 @@
 	NOT-FOR-US: EasyGuppy
 CVE-2005-3155 (Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and ...)
 	NOT-FOR-US: MailEnable Enterprise
-CVE-2005-3154 (Format string vulnerability in the logging funtionality in BitDefender ...)
+CVE-2005-3154 (Format string vulnerability in the logging functionality in ...)
 	NOT-FOR-US: Bitdefender Antivirus
 CVE-2005-3153 (login.php in myBloggie 2.1.3 beta and earlier allows remote attackers ...)
 	NOT-FOR-US: MyBloggie


