[Secure-testing-commits] r41018 - data/CVE
Author: fgeek-guest Date: 2016-04-20 05:04:50 + (Wed, 20 Apr 2016) New Revision: 41018 Modified: data/CVE/list Log: CVE-2016-4021/pgpdump Modified: data/CVE/list === --- data/CVE/list 2016-04-20 04:42:15 UTC (rev 41017) +++ data/CVE/list 2016-04-20 05:04:50 UTC (rev 41018) @@ -47,8 +47,10 @@ RESERVED CVE-2016-4022 RESERVED -CVE-2016-4021 +CVE-2016-4021 [pgpdump: denial of service] RESERVED + - pgpdump + NOTE: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-030.txt CVE-2016-4019 RESERVED CVE-2016-4018 (The Data Provisioning Agent (aka DP Agent) in SAP HANA does not ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41017 - data
Author: carnil Date: 2016-04-20 04:42:15 + (Wed, 20 Apr 2016) New Revision: 41017 Modified: data/dsa-needed.txt Log: Add back samba to dsa-needed for various regression updates Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-04-20 04:40:08 UTC (rev 41016) +++ data/dsa-needed.txt 2016-04-20 04:42:15 UTC (rev 41017) @@ -60,6 +60,9 @@ -- pdns/oldstable (Mike Gabriel) -- +samba + Samba maintainers are preparing updates for regressions +-- smarty3/oldstable NOTE: https://lists.debian.org/debian-lts/2016/03/msg0.html Version bump to package version in jessie recommended. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41016 - data/CVE
Author: carnil Date: 2016-04-20 04:40:08 + (Wed, 20 Apr 2016) New Revision: 41016 Modified: data/CVE/list Log: Remove CVE request annotation for opam, will not get a CVE assigned Modified: data/CVE/list === --- data/CVE/list 2016-04-20 04:38:06 UTC (rev 41015) +++ data/CVE/list 2016-04-20 04:40:08 UTC (rev 41016) @@ -2186,7 +2186,8 @@ - opam 1.2.2-5 (bug #818081) [jessie] - opam (Minor issue, can be fixed in a point update) NOTE: https://github.com/ocaml/opam/commit/3d43295df3bb9e67e60801d319bf82c2c8a84d24 - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/18/12 + NOTE: http://www.openwall.com/lists/oss-security/2016/04/18/12 + NOTE: Will not get a CVE identifier assigned CVE-2016-3133 RESERVED CVE-2016-3132 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41015 - data/CVE
Author: carnil Date: 2016-04-20 04:38:06 + (Wed, 20 Apr 2016) New Revision: 41015 Modified: data/CVE/list Log: Expand note/todo for gdk-pixbuf issue Modified: data/CVE/list === --- data/CVE/list 2016-04-20 04:23:26 UTC (rev 41014) +++ data/CVE/list 2016-04-20 04:38:06 UTC (rev 41015) @@ -15238,7 +15238,7 @@ - gdk-pixbuf 2.32.0-1 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=958963 NOTE: This was fixed by one of the commits between 2.31.6 and 2.32.0. - TODO: check versions + TODO: check versions, confirmed on jessie CVE-2015-7551 (The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby ...) - ruby1.9.1 [wheezy] - ruby1.9.1 (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41014 - data/CVE
Author: carnil Date: 2016-04-20 04:23:26 + (Wed, 20 Apr 2016) New Revision: 41014 Modified: data/CVE/list Log: Update information for CVE-2015-7552/gdk-pixbuf Modified: data/CVE/list === --- data/CVE/list 2016-04-20 04:23:17 UTC (rev 41013) +++ data/CVE/list 2016-04-20 04:23:26 UTC (rev 41014) @@ -15235,7 +15235,10 @@ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1288934 NOTE: Related to an incomplete RHEL backport of https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8ac2bde2a4a05c38e2bd733bea94507cb1461e06 CVE-2015-7552 (Heap-based buffer overflow in the gdk_pixbuf_flip function in ...) - TODO: check + - gdk-pixbuf 2.32.0-1 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=958963 + NOTE: This was fixed by one of the commits between 2.31.6 and 2.32.0. + TODO: check versions CVE-2015-7551 (The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby ...) - ruby1.9.1 [wheezy] - ruby1.9.1 (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41012 - data/CVE
Author: carnil Date: 2016-04-20 04:22:50 + (Wed, 20 Apr 2016) New Revision: 41012 Modified: data/CVE/list Log: Mark CVE-2016-3950 as NFU Modified: data/CVE/list === --- data/CVE/list 2016-04-19 21:10:12 UTC (rev 41011) +++ data/CVE/list 2016-04-20 04:22:50 UTC (rev 41012) @@ -368,7 +368,7 @@ NOTE: https://git.kernel.org/linus/1666984c8625b3db19a9abc298931d35ab7bc64b (v4.5) NOTE: https://www.spinics.net/lists/netdev/msg367669.html CVE-2016-3950 (Huawei AR3200 routers with software before V200R006C10SPC300 allow ...) - TODO: check + NOT-FOR-US: Huawei AR3200 routers CVE-2016-3949 RESERVED CVE-2016-3959 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41013 - data/CVE
Author: carnil Date: 2016-04-20 04:23:17 + (Wed, 20 Apr 2016) New Revision: 41013 Modified: data/CVE/list Log: Add information for CVE-2016-3071 Modified: data/CVE/list === --- data/CVE/list 2016-04-20 04:22:50 UTC (rev 41012) +++ data/CVE/list 2016-04-20 04:23:17 UTC (rev 41013) @@ -2323,7 +2323,8 @@ CVE-2016-3072 RESERVED CVE-2016-3071 (Libreswan 3.16 might allow remote attackers to cause a denial of ...) - TODO: check + - libreswan (bug #773459) + TODO: check other implementations CVE-2016-3070 RESERVED CVE-2016-3069 (Mercurial before 3.7.3 allows remote attackers to execute arbitrary ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41011 - data/CVE
Author: sectracker Date: 2016-04-19 21:10:12 + (Tue, 19 Apr 2016) New Revision: 41011 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2016-04-19 20:01:27 UTC (rev 41010) +++ data/CVE/list 2016-04-19 21:10:12 UTC (rev 41011) @@ -1,8 +1,14 @@ +CVE-2016-4039 + RESERVED +CVE-2016-4036 (openSUSE and SUSE Linux Enterprise Server 11 SP 1 use weak permissions ...) + TODO: check CVE-2016-3955 [remote buffer overflow in usbip] + RESERVED - linux NOTE: Upstream commit: https://git.kernel.org/linus/b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb (v4.6-rc3) NOTE: http://www.openwall.com/lists/oss-security/2016/04/19/1 CVE-2016-4038 + RESERVED NOT-FOR-US: Samsung Android driver CVE-2016-4035 RESERVED @@ -15,6 +21,7 @@ CVE-2016-4031 RESERVED CVE-2016-4037 [usb: Infinite loop vulnerability in usb_ehci using siTD process] + RESERVED - qemu [jessie] - qemu (Minor issue) [wheezy] - qemu (Minor issue) @@ -272,10 +279,10 @@ NOT-FOR-US: SAP CVE-2016-3973 (The chat feature in the Real-Time Collaboration (RTC) services in SAP ...) NOT-FOR-US: SAP -CVE-2016-3972 - RESERVED -CVE-2016-3971 - RESERVED +CVE-2016-3972 (Directory traversal vulnerability in the dotTailLogServlet in dotCMS ...) + TODO: check +CVE-2016-3971 (Cross-site scripting (XSS) vulnerability in lucene_search.jsp in ...) + TODO: check CVE-2016-3970 RESERVED CVE-2015-8840 (The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does ...) @@ -360,8 +367,8 @@ NOTE: https://git.kernel.org/linus/4d06dd537f95683aba3651098ae288b7cbff8274 (v4.5) NOTE: https://git.kernel.org/linus/1666984c8625b3db19a9abc298931d35ab7bc64b (v4.5) NOTE: https://www.spinics.net/lists/netdev/msg367669.html -CVE-2016-3950 - RESERVED +CVE-2016-3950 (Huawei AR3200 routers with software before V200R006C10SPC300 allow ...) + TODO: check CVE-2016-3949 RESERVED CVE-2016-3959 @@ -417,8 +424,8 @@ NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_3.txt CVE-2016-3944 RESERVED -CVE-2016-3943 - RESERVED +CVE-2016-3943 (Panda Endpoint Administration Agent before 7.50.00, as used in Panda ...) + TODO: check CVE-2016-3942 RESERVED CVE-2016-3940 @@ -923,8 +930,7 @@ RESERVED CVE-2016-3690 RESERVED -CVE-2016-3941 [Heap overflow processing wav files] - RESERVED +CVE-2016-3941 (Buffer overflow in the AStreamPeekStream function in input/stream.c in ...) - vlc 2.2.1-1 NOTE: https://bugs.launchpad.net/bugs/1533633 NOTE: It is unclear when this was fixed exactly, marking the version in jessie as fixed for now @@ -2316,8 +2322,8 @@ RESERVED CVE-2016-3072 RESERVED -CVE-2016-3071 - RESERVED +CVE-2016-3071 (Libreswan 3.16 might allow remote attackers to cause a denial of ...) + TODO: check CVE-2016-3070 RESERVED CVE-2016-3069 (Mercurial before 3.7.3 allows remote attackers to execute arbitrary ...) @@ -3704,6 +3710,7 @@ CVE-2016-2574 RESERVED CVE-2015-8852 [HTTP Smuggling issues: Double Content Length and bad EOL] + RESERVED - varnish 4.0.0-1 (bug #783510) NOTE: http://www.openwall.com/lists/oss-security/2016/04/16/1 NOTE: fixed in 3.0.7 upstream, mark as fixed with first 4.x version in unstable @@ -4383,6 +4390,7 @@ CVE-2016-2403 RESERVED CVE-2013-7450 + RESERVED NOT-FOR-US: Pulp (Red Hat) CVE-2013-7448 (Directory traversal vulnerability in wiki.c in didiwiki allows remote ...) {DSA-3485-1 DLA-424-1} @@ -13353,8 +13361,7 @@ - a2ps 1:4.14-1.2 [wheezy] - a2ps (Minor issue) [squeeze] - a2ps (Minor issue) -CVE-2015-8106 [format string vulnerability] - RESERVED +CVE-2015-8106 (Format string vulnerability in the CmdKeywords function in funct1.c in ...) - latex2rtf 2.3.10-1 (unimportant; bug #805398) [wheezy] - latex2rtf (Vulnerable code introduced later) [squeeze] - latex2rtf (Vulnerable code introduced later) @@ -15226,8 +15233,8 @@ - linux (RHEL-specific backport bug) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1288934 NOTE: Related to an incomplete RHEL backport of https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8ac2bde2a4a05c38e2bd733bea94507cb1461e06 -CVE-2015-7552 - RESERVED +CVE-2015-7552 (Heap-based buffer overflow in the gdk_pixbuf_flip function in ...) + TODO: check CVE-2015-7551 (The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby ...) - ruby1.9.1 [wheezy] - ruby1.9.1 (Minor issue) @@ -15713,8 +15720,8 @@ RESERVED CVE-2015-7379 RESERVED -CVE-2015-7378 - RESERVED +CVE-2015-7378 (Panda
[Secure-testing-commits] r41010 - data
Author: carnil Date: 2016-04-19 20:01:27 + (Tue, 19 Apr 2016) New Revision: 41010 Modified: data/dsa-needed.txt Log: Add mysql-5.5 to dsa-needed list Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-04-19 19:58:25 UTC (rev 41009) +++ data/dsa-needed.txt 2016-04-19 20:01:27 UTC (rev 41010) @@ -50,6 +50,8 @@ minissdpd NOTE: debdiff sent by Thorsten Alteholz to the Security Team on 2016-03-28 -- +mysql-5.5 (carnil) +-- nss -- ntp ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41009 - data/CVE
Author: carnil Date: 2016-04-19 19:58:25 + (Tue, 19 Apr 2016) New Revision: 41009 Modified: data/CVE/list Log: Add bug reference for mysql-5.5, #821100 Modified: data/CVE/list === --- data/CVE/list 2016-04-19 19:54:02 UTC (rev 41008) +++ data/CVE/list 2016-04-19 19:58:25 UTC (rev 41009) @@ -5878,7 +5878,7 @@ NOTE: https://mariadb.atlassian.net/browse/MDEV-9212 NOTE: https://github.com/MariaDB/server/commit/f0d774d48416bb06063184380b684380ca005a41 - mysql-5.6 (bug #821094) - - mysql-5.5 + - mysql-5.5 (bug #821100) [squeeze] - mysql-5.5 (will be fixed along with an upcoming Oracle CPU) NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-2035 @@ -10548,7 +10548,7 @@ CVE-2016-0666 RESERVED - mysql-5.6 (bug #821094) - - mysql-5.5 + - mysql-5.5 (bug #821100) - mariadb-10.0 NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0665 @@ -10626,31 +10626,31 @@ CVE-2016-0650 RESERVED - mysql-5.6 (bug #821094) - - mysql-5.5 + - mysql-5.5 (bug #821100) - mariadb-10.0 NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0649 RESERVED - mysql-5.6 (bug #821094) - - mysql-5.5 + - mysql-5.5 (bug #821100) - mariadb-10.0 NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0648 RESERVED - mysql-5.6 (bug #821094) - - mysql-5.5 + - mysql-5.5 (bug #821100) - mariadb-10.0 NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0647 RESERVED - mysql-5.6 (bug #821094) - - mysql-5.5 + - mysql-5.5 (bug #821100) - mariadb-10.0 NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0646 RESERVED - mysql-5.6 (bug #821094) - - mysql-5.5 + - mysql-5.5 (bug #821100) - mariadb-10.0 NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0645 @@ -10658,31 +10658,31 @@ CVE-2016-0644 RESERVED - mysql-5.6 (bug #821094) - - mysql-5.5 + - mysql-5.5 (bug #821100) - mariadb-10.0 NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0643 RESERVED - mysql-5.6 (bug #821094) - - mysql-5.5 + - mysql-5.5 (bug #821100) - mariadb-10.0 NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0642 RESERVED - mysql-5.6 (bug #821094) - - mysql-5.5 + - mysql-5.5 (bug #821100) - mariadb-10.0 NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0641 RESERVED - mysql-5.6 (bug #821094) - - mysql-5.5 + - mysql-5.5 (bug #821100) - mariadb-10.0 NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0640 RESERVED - mysql-5.6 (bug #821094) - - mysql-5.5 + - mysql-5.5 (bug #821100) - mariadb-10.0 NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0639 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41007 - data/CVE
Author: carnil Date: 2016-04-19 19:47:03 + (Tue, 19 Apr 2016) New Revision: 41007 Modified: data/CVE/list Log: Add more CVEs for MySQL Modified: data/CVE/list === --- data/CVE/list 2016-04-19 19:42:40 UTC (rev 41006) +++ data/CVE/list 2016-04-19 19:47:03 UTC (rev 41007) @@ -10537,16 +10537,32 @@ NOT-FOR-US: Solaris CVE-2016-0668 RESERVED + - mysql-5.6 + - mysql-5.5 (Only affects MySQL 5.6 and MySQL 5.7) + NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0667 RESERVED + - mysql-5.6 (Only affects MySQL 5.7) + - mysql-5.5 (Only affects MySQL 5.7) + NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0666 RESERVED + - mysql-5.6 + - mysql-5.5 + - mariadb-10.0 + NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0665 RESERVED + - mysql-5.6 + - mysql-5.5 (Only affects MySQL 5.6 and MySQL 5.7) + NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0664 RESERVED CVE-2016-0663 RESERVED + - mysql-5.6 (Only affects MySQL 5.7) + - mysql-5.5 (Only affects MySQL 5.7) + NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0662 RESERVED - mysql-5.6 (Only affects MySQL 5.7) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41006 - data/CVE
Author: carnil Date: 2016-04-19 19:42:40 + (Tue, 19 Apr 2016) New Revision: 41006 Modified: data/CVE/list Log: Add another batch of CVEs for MySQL Modified: data/CVE/list === --- data/CVE/list 2016-04-19 19:33:20 UTC (rev 41005) +++ data/CVE/list 2016-04-19 19:42:40 UTC (rev 41006) @@ -10549,28 +10549,64 @@ RESERVED CVE-2016-0662 RESERVED + - mysql-5.6 (Only affects MySQL 5.7) + - mysql-5.5 (Only affects MySQL 5.7) + NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0661 RESERVED + - mysql-5.6 + - mysql-5.5 (Only affects MySQL 5.6 and MySQL 5.7) + NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0660 RESERVED CVE-2016-0659 RESERVED + - mysql-5.6 (Only affects MySQL 5.7) + - mysql-5.5 (Only affects MySQL 5.7) + NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0658 RESERVED + - mysql-5.6 (Only affects MySQL 5.7) + - mysql-5.5 (Only affects MySQL 5.7) + NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0657 RESERVED + - mysql-5.6 (Only affects MySQL 5.7) + - mysql-5.5 (Only affects MySQL 5.7) + NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0656 RESERVED + - mysql-5.6 (Only affects MySQL 5.7) + - mysql-5.5 (Only affects MySQL 5.7) + NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0655 RESERVED + - mysql-5.6 + - mysql-5.5 (Only affects MySQL 5.6 and MySQL 5.7) + NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0654 RESERVED + - mysql-5.6 (Only affects MySQL 5.7) + - mysql-5.5 (Only affects MySQL 5.7) + NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0653 RESERVED + - mysql-5.6 (Only affects MySQL 5.7) + - mysql-5.5 (Only affects MySQL 5.7) + NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0652 RESERVED + - mysql-5.6 (Only affects MySQL 5.7) + - mysql-5.5 (Only affects MySQL 5.7) + NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0651 RESERVED + - mysql-5.6 (Only affects MySQL 5.5) + - mysql-5.5 + [jessie] - mysql-5.5 5.5.47-0+deb8u1 + [wheezy] - mysql-5.5 5.5.47-0+deb7u1 + - mariadb-10.0 + NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0650 RESERVED - mysql-5.6 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41005 - data/CVE
Author: carnil Date: 2016-04-19 19:33:20 + (Tue, 19 Apr 2016) New Revision: 41005 Modified: data/CVE/list Log: More MySQL CVE identifiers added Modified: data/CVE/list === --- data/CVE/list 2016-04-19 19:33:05 UTC (rev 41004) +++ data/CVE/list 2016-04-19 19:33:20 UTC (rev 41005) @@ -10573,22 +10573,54 @@ RESERVED CVE-2016-0650 RESERVED + - mysql-5.6 + - mysql-5.5 + - mariadb-10.0 + NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0649 RESERVED + - mysql-5.6 + - mysql-5.5 + - mariadb-10.0 + NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0648 RESERVED + - mysql-5.6 + - mysql-5.5 + - mariadb-10.0 + NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0647 RESERVED + - mysql-5.6 + - mysql-5.5 + - mariadb-10.0 + NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0646 RESERVED + - mysql-5.6 + - mysql-5.5 + - mariadb-10.0 + NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0645 RESERVED CVE-2016-0644 RESERVED + - mysql-5.6 + - mysql-5.5 + - mariadb-10.0 + NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0643 RESERVED + - mysql-5.6 + - mysql-5.5 + - mariadb-10.0 + NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0642 RESERVED + - mysql-5.6 + - mysql-5.5 + - mariadb-10.0 + NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0641 RESERVED - mysql-5.6 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41004 - data/CVE
Author: carnil Date: 2016-04-19 19:33:05 + (Tue, 19 Apr 2016) New Revision: 41004 Modified: data/CVE/list Log: Add CPU reference Modified: data/CVE/list === --- data/CVE/list 2016-04-19 19:25:40 UTC (rev 41003) +++ data/CVE/list 2016-04-19 19:33:05 UTC (rev 41004) @@ -5879,9 +5879,8 @@ NOTE: https://github.com/MariaDB/server/commit/f0d774d48416bb06063184380b684380ca005a41 - mysql-5.6 - mysql-5.5 - [jessie] - mysql-5.5 (will be fixed along with an upcoming Oracle CPU) - [wheezy] - mysql-5.5 (will be fixed along with an upcoming Oracle CPU) [squeeze] - mysql-5.5 (will be fixed along with an upcoming Oracle CPU) + NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-2035 RESERVED CVE-2016-2034 @@ -10595,15 +10594,18 @@ - mysql-5.6 - mysql-5.5 - mariadb-10.0 + NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0640 RESERVED - mysql-5.6 - mysql-5.5 - mariadb-10.0 + NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0639 RESERVED - mysql-5.6 - mysql-5.5 (Only affects MySQL 5.6 and 5.7) + NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0638 RESERVED CVE-2016-0637 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41003 - data/CVE
Author: carnil Date: 2016-04-19 19:25:40 + (Tue, 19 Apr 2016) New Revision: 41003 Modified: data/CVE/list Log: Add first CVE's for mysql Modified: data/CVE/list === --- data/CVE/list 2016-04-19 18:49:57 UTC (rev 41002) +++ data/CVE/list 2016-04-19 19:25:40 UTC (rev 41003) @@ -10592,10 +10592,18 @@ RESERVED CVE-2016-0641 RESERVED + - mysql-5.6 + - mysql-5.5 + - mariadb-10.0 CVE-2016-0640 RESERVED + - mysql-5.6 + - mysql-5.5 + - mariadb-10.0 CVE-2016-0639 RESERVED + - mysql-5.6 + - mysql-5.5 (Only affects MySQL 5.6 and 5.7) CVE-2016-0638 RESERVED CVE-2016-0637 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41002 - data/CVE
Author: carnil Date: 2016-04-19 18:49:57 + (Tue, 19 Apr 2016) New Revision: 41002 Modified: data/CVE/list Log: Remove no-dsa annotation for XSA-172 issues Modified: data/CVE/list === --- data/CVE/list 2016-04-19 18:46:28 UTC (rev 41001) +++ data/CVE/list 2016-04-19 18:49:57 UTC (rev 41002) @@ -2116,7 +2116,6 @@ RESERVED CVE-2016-3159 (The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not ...) - xen - [jessie] - xen (Minor issue, can be fixed along in a future DSA) NOTE: http://xenbits.xen.org/xsa/advisory-172.html NOTE: CVE-2016-3159 is for the code change which is applicable for later NOTE: versions only, but which must always be combined with the code change @@ -2124,7 +2123,6 @@ NOTE: patches the function fpu_fxrstor. CVE-2016-3158 (The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly ...) - xen - [jessie] - xen (Minor issue, can be fixed along in a future DSA) NOTE: http://xenbits.xen.org/xsa/advisory-172.html NOTE: CVE-2016-3158 is for the code change which is required for all NOTE: versions (but which is sufficient only on Xen 4.3.x, and insufficient ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41001 - data
Author: carnil Date: 2016-04-19 18:46:28 + (Tue, 19 Apr 2016) New Revision: 41001 Modified: data/dsa-needed.txt Log: Add xen to dsa-needed list for XSA-172 and XSA-173 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-04-19 18:11:12 UTC (rev 41000) +++ data/dsa-needed.txt 2016-04-19 18:46:28 UTC (rev 41001) @@ -71,5 +71,8 @@ -- tomcat8 -- +xen/stable (carnil) + https://people.debian.org/~carnil/tmp/xen/jessie/ +-- varnish/oldstable (seb) http://permalink.gmane.org/gmane.comp.security.oss.general/19316 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r41000 - data/CVE
Author: jmm Date: 2016-04-19 18:11:12 + (Tue, 19 Apr 2016) New Revision: 41000 Modified: data/CVE/list Log: new openjdk issues Solaris NFUs Modified: data/CVE/list === --- data/CVE/list 2016-04-19 17:56:26 UTC (rev 40999) +++ data/CVE/list 2016-04-19 18:11:12 UTC (rev 41000) @@ -1483,12 +1483,14 @@ RESERVED CVE-2016-3465 RESERVED + NOT-FOR-US: Solaris CVE-2016-3464 RESERVED CVE-2016-3463 RESERVED CVE-2016-3462 RESERVED + NOT-FOR-US: Solaris CVE-2016-3461 RESERVED CVE-2016-3460 @@ -1515,6 +1517,9 @@ RESERVED CVE-2016-3449 RESERVED + - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) + - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) + - openjdk-8 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2016-3448 RESERVED CVE-2016-3447 @@ -1527,10 +1532,14 @@ RESERVED CVE-2016-3443 RESERVED + - openjdk-8 + - openjdk-7 + - openjdk-6 CVE-2016-3442 RESERVED CVE-2016-3441 RESERVED + NOT-FOR-US: Solaris CVE-2016-3440 RESERVED CVE-2016-3439 @@ -1559,22 +1568,35 @@ RESERVED CVE-2016-3427 RESERVED + - openjdk-8 + - openjdk-7 + - openjdk-6 CVE-2016-3426 RESERVED + - openjdk-8 + - openjdk-7 + - openjdk-6 CVE-2016-3425 RESERVED + - openjdk-8 + - openjdk-7 + - openjdk-6 CVE-2016-3424 RESERVED CVE-2016-3423 RESERVED CVE-2016-3422 RESERVED + - openjdk-8 + - openjdk-7 + - openjdk-6 CVE-2016-3421 RESERVED CVE-2016-3420 RESERVED CVE-2016-3419 RESERVED + NOT-FOR-US: Solaris CVE-2016-3418 RESERVED CVE-2016-3417 @@ -10452,10 +10474,14 @@ RESERVED CVE-2016-0695 RESERVED + - openjdk-8 + - openjdk-7 + - openjdk-6 CVE-2016-0694 RESERVED CVE-2016-0693 RESERVED + NOT-FOR-US: Solaris CVE-2016-0692 RESERVED CVE-2016-0691 @@ -10468,8 +10494,14 @@ RESERVED CVE-2016-0687 RESERVED + - openjdk-8 + - openjdk-7 + - openjdk-6 CVE-2016-0686 RESERVED + - openjdk-8 + - openjdk-7 + - openjdk-6 CVE-2016-0685 RESERVED CVE-2016-0684 @@ -10490,6 +10522,7 @@ RESERVED CVE-2016-0676 RESERVED + NOT-FOR-US: Solaris CVE-2016-0675 RESERVED CVE-2016-0674 @@ -10504,6 +10537,7 @@ RESERVED CVE-2016-0669 RESERVED + NOT-FOR-US: Solaris CVE-2016-0668 RESERVED CVE-2016-0667 @@ -10602,6 +10636,7 @@ RESERVED CVE-2016-0623 RESERVED + NOT-FOR-US: Solaris CVE-2016-0622 RESERVED CVE-2016-0621 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Banco do Brasil - Chamado 332016501 (Comunicado) (64695)
Title: Documento sem título Banco do Brasil Comunicado Prezado(a) Cliente, O Banco do Brasil vem mudando para melhorar sua vida, e está disponibilizando mais uma solução para suas realizações oferecendo-lhe mais conforto e praticidade. Conheça o Novo Banco do Brasil O Banco do Brasil é o segmento para clientes de grande potencial, com maiores linhas de créditos, atendimento e agências exclusivas e seu gerente disponível 24 horas por dia na central de relacionamento. O que inclui nessa nova versão? - Melhorias no sistema de segurança; - Correção de falhas em seu certificado de segurança; - Acesso às agências exclusivas sem filas; - Insenção de taxas para cartão de crédito e conta-corrente; - Cartões de Crédito (MasterCard® Black e Visa Infinite) sem taxa de adesão e anunidade; - Aumento de limites de cheque especial com juros de 1,2% ao mês; - Crédito Imobiliário com juros de 6% ao ano e carência de até 12 meses para começar a pagar; - Financiamentos com juros de 6% ao ano e carência de até 12 meses para começar a pagar. Essa nova modalidade já está liberada para você, basta apenas confirmar a solicitação. Confirmar Mais Informações ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40998 - data/CVE
Author: apo Date: 2016-04-19 17:00:37 + (Tue, 19 Apr 2016) New Revision: 40998 Modified: data/CVE/list Log: Mark CVE-2016-0737 and CVE-2016-0738 as in Wheezy. Vulnerable code not present. Modified: data/CVE/list === --- data/CVE/list 2016-04-19 16:58:17 UTC (rev 40997) +++ data/CVE/list 2016-04-19 17:00:37 UTC (rev 40998) @@ -10077,10 +10077,12 @@ NOTE: Upstream fix: https://git.libssh.org/projects/libssh.git/commit/?h=v0-7=f8d0026c65fc8a55748ae481758e2cf376c26c86 CVE-2016-0738 (OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x ...) - swift 2.5.0-3 (bug #812984) + [wheezy] - swift (Vulnerable code not present) NOTE: Swift: >=2.2.1 <= 2.3.0, >= 2.4.0 <= 2.5.0 TODO: check CVE-2016-0737 (OpenStack Object Storage (Swift) before 2.4.0 does not properly close ...) - swift 2.4.0-1 + [wheezy] - swift (Vulnerable code not present) NOTE: Swift: >=2.2.1 <= 2.3.0 TODO: check, not exaclty clear if it really only was introduced in 2.2.1 CVE-2016-0736 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40997 - data/CVE
Author: apo Date: 2016-04-19 16:58:17 + (Tue, 19 Apr 2016) New Revision: 40997 Modified: data/CVE/list Log: Mark CVE-2015-7496 as in Wheezy. Vulnerable code not present. Unreproducible. Steps to reproduce 1. Lock screen (Super +L) 2. Hold ESC key. Modified: data/CVE/list === --- data/CVE/list 2016-04-19 14:57:36 UTC (rev 40996) +++ data/CVE/list 2016-04-19 16:58:17 UTC (rev 40997) @@ -15336,6 +15336,7 @@ CVE-2015-7496 (GNOME Display Manager (gdm) before 3.18.2 allows physically proximate ...) - gdm3 3.18.2-1 [squeeze] - gdm3 (Vulnerable code not present) + [wheezy] - gdm3 (Vulnerable code not present, unreproducible) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758032 NOTE: https://git.gnome.org/browse/gdm/commit/?id=5ac2246 NOTE: https://git.gnome.org/browse/gdm/commit/?id=05e5fc2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40996 - data/CVE
Author: carnil Date: 2016-04-19 14:57:36 + (Tue, 19 Apr 2016) New Revision: 40996 Modified: data/CVE/list Log: Remove note for CVE-2016-3955, CVE confirmed Modified: data/CVE/list === --- data/CVE/list 2016-04-19 14:20:50 UTC (rev 40995) +++ data/CVE/list 2016-04-19 14:57:36 UTC (rev 40996) @@ -2,8 +2,6 @@ - linux NOTE: Upstream commit: https://git.kernel.org/linus/b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb (v4.6-rc3) NOTE: http://www.openwall.com/lists/oss-security/2016/04/19/1 - NOTE: This CVE id is a bit unclear since the first oss-security post is done as CVE request but the - NOTE: SuSE bugzilla already references the id. CVE-2016-4038 NOT-FOR-US: Samsung Android driver CVE-2016-4035 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40994 - data/CVE
Author: carnil Date: 2016-04-19 13:09:25 + (Tue, 19 Apr 2016) New Revision: 40994 Modified: data/CVE/list Log: Add one note for CVE-2016-3955, wait for clarification Modified: data/CVE/list === --- data/CVE/list 2016-04-19 11:06:08 UTC (rev 40993) +++ data/CVE/list 2016-04-19 13:09:25 UTC (rev 40994) @@ -2,6 +2,8 @@ - linux NOTE: Upstream commit: https://git.kernel.org/linus/b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb (v4.6-rc3) NOTE: http://www.openwall.com/lists/oss-security/2016/04/19/1 + NOTE: This CVE id is a bit unclear since the first oss-security post is done as CVE request but the + NOTE: SuSE bugzilla already references the id. CVE-2016-4038 NOT-FOR-US: Samsung Android driver CVE-2016-4035 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40993 - data/CVE
Author: carnil Date: 2016-04-19 11:06:08 + (Tue, 19 Apr 2016) New Revision: 40993 Modified: data/CVE/list Log: According to oss-security post CVE-2016-3955/linux assigned Modified: data/CVE/list === --- data/CVE/list 2016-04-19 10:22:00 UTC (rev 40992) +++ data/CVE/list 2016-04-19 11:06:08 UTC (rev 40993) @@ -1,7 +1,7 @@ -CVE-2016- [remote buffer overflow in usbip] +CVE-2016-3955 [remote buffer overflow in usbip] - linux NOTE: Upstream commit: https://git.kernel.org/linus/b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb (v4.6-rc3) - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/19/1 + NOTE: http://www.openwall.com/lists/oss-security/2016/04/19/1 CVE-2016-4038 NOT-FOR-US: Samsung Android driver CVE-2016-4035 @@ -348,8 +348,6 @@ RESERVED CVE-2016-3956 RESERVED -CVE-2016-3955 - RESERVED CVE-2016-3954 RESERVED CVE-2016-3953 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40992 - data/CVE
Author: carnil Date: 2016-04-19 10:22:00 + (Tue, 19 Apr 2016) New Revision: 40992 Modified: data/CVE/list Log: Add new linux issue Modified: data/CVE/list === --- data/CVE/list 2016-04-19 08:59:18 UTC (rev 40991) +++ data/CVE/list 2016-04-19 10:22:00 UTC (rev 40992) @@ -1,3 +1,7 @@ +CVE-2016- [remote buffer overflow in usbip] + - linux + NOTE: Upstream commit: https://git.kernel.org/linus/b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb (v4.6-rc3) + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/19/1 CVE-2016-4038 NOT-FOR-US: Samsung Android driver CVE-2016-4035 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40991 - data/CVE
Author: jmm Date: 2016-04-19 08:59:18 + (Tue, 19 Apr 2016) New Revision: 40991 Modified: data/CVE/list Log: pulp NFU Modified: data/CVE/list === --- data/CVE/list 2016-04-19 08:52:10 UTC (rev 40990) +++ data/CVE/list 2016-04-19 08:59:18 UTC (rev 40991) @@ -2210,6 +2210,7 @@ RESERVED CVE-2016-3106 RESERVED + NOT-FOR-US: Pulp (Red Hat) CVE-2016-3105 RESERVED CVE-2016-3104 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40990 - data/CVE
Author: jmm Date: 2016-04-19 08:52:10 + (Tue, 19 Apr 2016) New Revision: 40990 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list === --- data/CVE/list 2016-04-19 07:58:46 UTC (rev 40989) +++ data/CVE/list 2016-04-19 08:52:10 UTC (rev 40990) @@ -11764,55 +11764,56 @@ CVE-2016-0168 RESERVED CVE-2016-0167 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2016-0166 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) + NOT-FOR-US: Microsoft Internet Explorer TODO: check CVE-2016-0165 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2016-0164 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2016-0163 RESERVED CVE-2016-0162 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2016-0161 (Microsoft Edge allows remote attackers to bypass the Same Origin ...) - TODO: check + NOT-FOR-US: Microsoft Edge CVE-2016-0160 (Microsoft Internet Explorer 11 mishandles DLL loading, which allows ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2016-0159 (Microsoft Internet Explorer 9 allows remote attackers to execute ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2016-0158 (Microsoft Edge allows remote attackers to bypass the Same Origin ...) - TODO: check + NOT-FOR-US: Microsoft Edge CVE-2016-0157 (Microsoft Edge allows remote attackers to execute arbitrary code or ...) - TODO: check + NOT-FOR-US: Microsoft Edge CVE-2016-0156 (Microsoft Edge allows remote attackers to execute arbitrary code or ...) - TODO: check + NOT-FOR-US: Microsoft Edge CVE-2016-0155 (Microsoft Edge allows remote attackers to execute arbitrary code or ...) - TODO: check + NOT-FOR-US: Microsoft Edge CVE-2016-0154 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2016-0153 (OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2016-0152 RESERVED CVE-2016-0151 (The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2016-0150 (HTTP.sys in Microsoft Windows 10 Gold and 1511 allows remote attackers ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2016-0149 RESERVED CVE-2016-0148 (Microsoft .NET Framework 4.6 and 4.6.1 mishandles library loading, ...) - TODO: check + NOT-FOR-US: Microsoft .NET CVE-2016-0147 (Microsoft XML Core Services 3.0 allows remote attackers to execute ...) - TODO: check + NOT-FOR-US: Microsoft XML Core Services CVE-2016-0146 RESERVED CVE-2016-0145 (The font library in Microsoft Windows Vista SP2; Windows Server 2008 ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2016-0144 RESERVED CVE-2016-0143 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2016-0142 RESERVED CVE-2016-0141 @@ -11820,15 +11821,15 @@ CVE-2016-0140 RESERVED CVE-2016-0139 (Microsoft Excel 2010 SP2, Word for Mac 2011, and Excel Viewer allow ...) - TODO: check + NOT-FOR-US: Microsoft Excel CVE-2016-0138 RESERVED CVE-2016-0137 RESERVED CVE-2016-0136 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack ...) - TODO: check + NOT-FOR-US: Microsoft Excel CVE-2016-0135 (The Secondary Logon Service in Microsoft Windows 10 Gold and 1511 ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2016-0134 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...) NOT-FOR-US: Microsoft CVE-2016-0133 (The USB Mass Storage Class driver in Microsoft Windows Vista SP2, ...) @@ -11842,9 +11843,9 @@ CVE-2016-0129 (Microsoft Edge allows remote attackers to execute arbitrary code or ...) NOT-FOR-US: Microsoft CVE-2016-0128 (The SAM and LSAD protocol implementations in Microsoft Windows Vista ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2016-0127 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...) - TODO: check + NOT-FOR-US: Microsoft Word CVE-2016-0126 RESERVED CVE-2016-0125 (Microsoft Edge mishandles the Referer policy, which allows remote ...) ___
[Secure-testing-commits] r40989 - data/CVE
Author: jmm Date: 2016-04-19 07:58:46 + (Tue, 19 Apr 2016) New Revision: 40989 Modified: data/CVE/list Log: qemu no-dsa Modified: data/CVE/list === --- data/CVE/list 2016-04-19 06:46:27 UTC (rev 40988) +++ data/CVE/list 2016-04-19 07:58:46 UTC (rev 40989) @@ -12,7 +12,10 @@ RESERVED CVE-2016-4037 [usb: Infinite loop vulnerability in usb_ehci using siTD process] - qemu + [jessie] - qemu (Minor issue) + [wheezy] - qemu (Minor issue) - qemu-kvm + [wheezy] - qemu-kvm (Minor issue) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02691.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1325129 NOTE: http://www.openwall.com/lists/oss-security/2016/04/18/3 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits