[Secure-testing-commits] r44947 - data/CVE

Fri Sep 30 21:10:12 UTC 2016

Author: sectracker
Date: 2016-09-30 21:10:12 +0000 (Fri, 30 Sep 2016)
New Revision: 44947

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-09-30 20:03:47 UTC (rev 44946)
+++ data/CVE/list	2016-09-30 21:10:12 UTC (rev 44947)
@@ -1,3 +1,23 @@
+CVE-2016-8390
+	RESERVED
+CVE-2016-8389
+	RESERVED
+CVE-2016-8388
+	RESERVED
+CVE-2016-8387
+	RESERVED
+CVE-2016-8386
+	RESERVED
+CVE-2016-8385
+	RESERVED
+CVE-2016-8384
+	RESERVED
+CVE-2016-8383
+	RESERVED
+CVE-2016-8382
+	RESERVED
+CVE-2016-8381
+	RESERVED
 CVE-2016-8380
 	RESERVED
 CVE-2016-8379
@@ -4279,11 +4299,13 @@
 	NOTE: Claimed to not affect ffmpeg
 CVE-2016-6831 [Memory leak in CHICKEN Scheme's process-execute and process-spawn procedures]
 	RESERVED
+	{DLA-643-1}
 	- chicken <unfixed> (bug #834845)
 	[jessie] - chicken <no-dsa> (Minor issue)
 	NOTE: Fixed in the same upstream patch which is provided for CVE-2016-6830
 CVE-2016-6830 [Buffer overrun in CHICKEN Scheme's "process-execute" and "process-spawn" procedures from the posix unit]
 	RESERVED
+	{DLA-643-1}
 	- chicken <unfixed> (bug #834845)
 	[jessie] - chicken <no-dsa> (Minor issue)
 	NOTE: http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html
@@ -4736,16 +4758,16 @@
 	RESERVED
 CVE-2016-6652
 	RESERVED
-CVE-2016-6651
-	RESERVED
+CVE-2016-6651 (The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before ...)
+	TODO: check
 CVE-2016-6650
 	RESERVED
 CVE-2016-6649
 	RESERVED
 CVE-2016-6648
 	RESERVED
-CVE-2016-6647
-	RESERVED
+CVE-2016-6647 (Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 ...)
+	TODO: check
 CVE-2016-6646
 	RESERVED
 CVE-2016-6645
@@ -4764,10 +4786,10 @@
 	TODO: check
 CVE-2016-6638
 	RESERVED
-CVE-2016-6637
-	RESERVED
-CVE-2016-6636
-	RESERVED
+CVE-2016-6637 (Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal ...)
+	TODO: check
+CVE-2016-6636 (The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) ...)
+	TODO: check
 CVE-2016-1000038
 	RESERVED
 CVE-2016-XXXX [RLE check for pixel offset less than 0]
@@ -10195,6 +10217,7 @@
 	RESERVED
 CVE-2016-5180 [c-ares: OOB write in ares_create_query and ares_mkquery]
 	RESERVED
+	{DSA-3682-1}
 	- c-ares 1.12.0-1 (medium; bug #839151)
 	NOTE: https://c-ares.haxx.se/adv_20160929.html
 	NOTE: https://c-ares.haxx.se/CVE-2016-5180.patch
@@ -10827,7 +10850,7 @@
 	- linux 4.6.2-2
 	[wheezy] - linux <no-dsa> (Only exploitable by privileged user; too many changes to backport)
 	NOTE: Non-privileged user namespaces disabled by default, only vulnerable with sysctl kernel.unprivileged_userns_clone=1
-CVE-2016-4997 (The compat IPT_SO_SET_REPLACE setsockopt implementation in the ...)
+CVE-2016-4997 (The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt ...)
 	{DSA-3607-1}
 	- linux 4.6.2-2
 	[wheezy] - linux <no-dsa> (Only exploitable by privileged user; too many changes to backport)
@@ -12908,10 +12931,10 @@
 	RESERVED
 CVE-2016-4387
 	RESERVED
-CVE-2016-4386
-	RESERVED
-CVE-2016-4385
-	RESERVED
+CVE-2016-4386 (HPE Network Automation Software 10.10 allows local users to write to ...)
+	TODO: check
+CVE-2016-4385 (HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, ...)
+	TODO: check
 CVE-2016-4384 (HPE Performance Center before 12.50 and LoadRunner before 12.50 allow ...)
 	TODO: check
 CVE-2016-4383
@@ -24788,7 +24811,7 @@
 	- curl <not-affected> (Windows only)
 	NOTE: http://curl.haxx.se/docs/adv_20160127B.html
 CVE-2016-0753 (Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before ...)
-	{DSA-3464-1 DLA-498-1}
+	{DSA-3464-1 DLA-642-1 DLA-641-1 DLA-498-1}
 	- rails 2:4.2.5.1-1
 	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
 	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)


