[Secure-testing-commits] r40185 - data/CVE
Author: carnil Date: 2016-03-06 06:20:33 + (Sun, 06 Mar 2016) New Revision: 40185 Modified: data/CVE/list Log: Add temporary item for minissdpd Modified: data/CVE/list === --- data/CVE/list 2016-03-05 21:10:12 UTC (rev 40184) +++ data/CVE/list 2016-03-06 06:20:33 UTC (rev 40185) @@ -1,3 +1,6 @@ +CVE-2016- [improper validation of array index vulnerability] + - minissdpd (bug #816759) + NOTE: https://speirofr.appspot.com/files/advisory/SPADV-2016-02.md CVE-2016-2842 (The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 ...) TODO: check CVE-2016- [Out-of-Bound Read in phar_parse_zipfile()] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40182 - data
Author: luciano Date: 2016-03-05 20:53:13 + (Sat, 05 Mar 2016) New Revision: 40182 Modified: data/dsa-needed.txt Log: rails dsa-needed Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-03-05 16:43:27 UTC (rev 40181) +++ data/dsa-needed.txt 2016-03-05 20:53:13 UTC (rev 40182) @@ -62,8 +62,7 @@ -- python-django -- -rails - TODO: check, maintainer proposed to do an update via jessie-security +rails (luciano) -- samba (carnil) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40184 - data/CVE
Author: sectracker
Date: 2016-03-05 21:10:12 + (Sat, 05 Mar 2016)
New Revision: 40184
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2016-03-05 20:58:57 UTC (rev 40183)
+++ data/CVE/list 2016-03-05 21:10:12 UTC (rev 40184)
@@ -3732,66 +3732,79 @@
RESERVED
CVE-2016-1642
RESERVED
+ {DSA-3507-1}
- chromium-browser 49.0.2623.75-1
[wheezy] - chromium-browser (Not supported in Wheezy)
[squeeze] - chromium-browser (Not supported in Squeeze
LTS)
CVE-2016-1641
RESERVED
+ {DSA-3507-1}
- chromium-browser 49.0.2623.75-1
[wheezy] - chromium-browser (Not supported in Wheezy)
[squeeze] - chromium-browser (Not supported in Squeeze
LTS)
CVE-2016-1640
RESERVED
+ {DSA-3507-1}
- chromium-browser 49.0.2623.75-1
[wheezy] - chromium-browser (Not supported in Wheezy)
[squeeze] - chromium-browser (Not supported in Squeeze
LTS)
CVE-2016-1639
RESERVED
+ {DSA-3507-1}
- chromium-browser 49.0.2623.75-1
[wheezy] - chromium-browser (Not supported in Wheezy)
[squeeze] - chromium-browser (Not supported in Squeeze
LTS)
CVE-2016-1638
RESERVED
+ {DSA-3507-1}
- chromium-browser 49.0.2623.75-1
[wheezy] - chromium-browser (Not supported in Wheezy)
[squeeze] - chromium-browser (Not supported in Squeeze
LTS)
CVE-2016-1637
RESERVED
+ {DSA-3507-1}
- chromium-browser 49.0.2623.75-1
[wheezy] - chromium-browser (Not supported in Wheezy)
[squeeze] - chromium-browser (Not supported in Squeeze
LTS)
CVE-2016-1636
RESERVED
+ {DSA-3507-1}
- chromium-browser 49.0.2623.75-1
[wheezy] - chromium-browser (Not supported in Wheezy)
[squeeze] - chromium-browser (Not supported in Squeeze
LTS)
CVE-2016-1635
RESERVED
+ {DSA-3507-1}
- chromium-browser 49.0.2623.75-1
[wheezy] - chromium-browser (Not supported in Wheezy)
[squeeze] - chromium-browser (Not supported in Squeeze
LTS)
CVE-2016-1634
RESERVED
+ {DSA-3507-1}
- chromium-browser 49.0.2623.75-1
[wheezy] - chromium-browser (Not supported in Wheezy)
[squeeze] - chromium-browser (Not supported in Squeeze
LTS)
CVE-2016-1633
RESERVED
+ {DSA-3507-1}
- chromium-browser 49.0.2623.75-1
[wheezy] - chromium-browser (Not supported in Wheezy)
[squeeze] - chromium-browser (Not supported in Squeeze
LTS)
CVE-2016-1632
RESERVED
+ {DSA-3507-1}
- chromium-browser 49.0.2623.75-1
[wheezy] - chromium-browser (Not supported in Wheezy)
[squeeze] - chromium-browser (Not supported in Squeeze
LTS)
CVE-2016-1631
RESERVED
+ {DSA-3507-1}
- chromium-browser 49.0.2623.75-1
[wheezy] - chromium-browser (Not supported in Wheezy)
[squeeze] - chromium-browser (Not supported in Squeeze
LTS)
CVE-2016-1630
RESERVED
+ {DSA-3507-1}
- chromium-browser 49.0.2623.75-1
[wheezy] - chromium-browser (Not supported in Wheezy)
[squeeze] - chromium-browser (Not supported in Squeeze
LTS)
@@ -9894,7 +9907,7 @@
NOTE:
https://github.com/glennrp/libpng/commit/4488a96126bbefda51d07835411d8e847a88b2b7
NOTE:
https://github.com/glennrp/libpng/commit/ad224c6907e8a274f2679eae4c2e3085fdc7e8c8
CVE-2015-8126 (Multiple buffer overflows in the (1) png_set_PLTE and (2)
png_get_PLTE ...)
- {DSA-3399-1 DLA-410-1 DLA-343-1}
+ {DSA-3507-1 DSA-3399-1 DLA-410-1 DLA-343-1}
- libpng 1.2.54-1 (bug #805113)
NOTE: http://www.openwall.com/lists/oss-security/2015/11/12/2
NOTE: Fixed in 1.6.19, 1.5.24, 1.4.17, 1.2.54, and 1.0.64
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40183 - in data: . DSA
Author: mgilbert
Date: 2016-03-05 20:58:57 + (Sat, 05 Mar 2016)
New Revision: 40183
Modified:
data/DSA/list
data/dsa-needed.txt
Log:
chromium dsa
Modified: data/DSA/list
===
--- data/DSA/list 2016-03-05 20:53:13 UTC (rev 40182)
+++ data/DSA/list 2016-03-05 20:58:57 UTC (rev 40183)
@@ -1,3 +1,6 @@
+[05 Mar 2016] DSA-3507-1 chromium-browser - security update
+ {CVE-2015-8126 CVE-2016-1630 CVE-2016-1631 CVE-2016-1632 CVE-2016-1633
CVE-2016-1634 CVE-2016-1635 CVE-2016-1636 CVE-2016-1637 CVE-2016-1638
CVE-2016-1639 CVE-2016-1640 CVE-2016-1641 CVE-2016-1642}
+ [jessie] - chromium-browser 49.0.2623.75-1~deb8u1
[04 Mar 2016] DSA-3506-1 libav - security update
{CVE-2016-1897 CVE-2016-1898 CVE-2016-2326}
[wheezy] - libav 6:0.8.17-2
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-03-05 20:53:13 UTC (rev 40182)
+++ data/dsa-needed.txt 2016-03-05 20:58:57 UTC (rev 40183)
@@ -21,8 +21,6 @@
--
botan1.10
--
-chromium-browser
---
exim4
--
gosa/oldstable (Mike Gabriel)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40181 - data/CVE
Author: santiago Date: 2016-03-05 16:43:27 + (Sat, 05 Mar 2016) New Revision: 40181 Modified: data/CVE/list Log: CVE-2016-2569/squid3 add notes on needed additional patches Modified: data/CVE/list === --- data/CVE/list 2016-03-05 14:24:22 UTC (rev 40180) +++ data/CVE/list 2016-03-05 16:43:27 UTC (rev 40181) @@ -738,6 +738,8 @@ - squid (Vulnerable code not present) NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patch + NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13998.patch + NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13999.patch NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14552.patch NOTE: Upstream confirmed it does not affect squid 2.7.x CVE-2016-2568 [Program run via pkexec as unprivileged user can escape to parent session via TIOCSTI ioctl] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40180 - data/CVE
Author: carnil Date: 2016-03-05 14:24:22 + (Sat, 05 Mar 2016) New Revision: 40180 Modified: data/CVE/list Log: Mark dotclear issues as no-dsa Modified: data/CVE/list === --- data/CVE/list 2016-03-05 13:50:50 UTC (rev 40179) +++ data/CVE/list 2016-03-05 14:24:22 UTC (rev 40180) @@ -26,12 +26,14 @@ TODO: check affected versions CVE-2015- [media exclusion control enforcement] - dotclear (bug #815979) + [jessie] - dotclear (Minor issue; workaround possible; can be fixed via a point release) NOTE: https://hg.dotclear.org/dotclear/rev/198580bc3d80 NOTE: https://dotclear.org/blog/post/2015/10/25/Dotclear-2.8.2 NOTE: Fixed upstream in 2.8.2 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/05/4 CVE-2015- [potential XSS vulnerability in comments's list] - dotclear (bug #815979) + [jessie] - dotclear (Minor issue; can be fixed via a point release) NOTE: https://hg.dotclear.org/dotclear/rev/65e65154dadf NOTE: https://dotclear.org/blog/post/2015/10/25/Dotclear-2.8.2 NOTE: Fixed upstream in 2.8.2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40179 - data/CVE
Author: carnil Date: 2016-03-05 13:50:50 + (Sat, 05 Mar 2016) New Revision: 40179 Modified: data/CVE/list Log: Add more information for dotclear issues Modified: data/CVE/list === --- data/CVE/list 2016-03-05 13:46:07 UTC (rev 40178) +++ data/CVE/list 2016-03-05 13:50:50 UTC (rev 40179) @@ -24,10 +24,18 @@ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1314676 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/04/1 TODO: check affected versions +CVE-2015- [media exclusion control enforcement] + - dotclear (bug #815979) + NOTE: https://hg.dotclear.org/dotclear/rev/198580bc3d80 + NOTE: https://dotclear.org/blog/post/2015/10/25/Dotclear-2.8.2 + NOTE: Fixed upstream in 2.8.2 + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/05/4 CVE-2015- [potential XSS vulnerability in comments's list] - dotclear (bug #815979) + NOTE: https://hg.dotclear.org/dotclear/rev/65e65154dadf NOTE: https://dotclear.org/blog/post/2015/10/25/Dotclear-2.8.2 NOTE: Fixed upstream in 2.8.2 + NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/05/4 CVE-2016-8000 REJECTED CVE-2016-2840 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40178 - data/CVE
Author: fgeek-guest Date: 2016-03-05 13:46:07 + (Sat, 05 Mar 2016) New Revision: 40178 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2016-03-05 13:36:10 UTC (rev 40177) +++ data/CVE/list 2016-03-05 13:46:07 UTC (rev 40178) @@ -27716,7 +27716,7 @@ CVE-2015-2013 (IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to ...) NOT-FOR-US: IBM CVE-2015-2012 (The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before ...) - TODO: check + NOT-FOR-US: IBM CVE-2015-2011 (The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Patch ...) NOT-FOR-US: IBM CVE-2015-2010 @@ -27724,13 +27724,13 @@ CVE-2015-2009 RESERVED CVE-2015-2008 (IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x ...) - TODO: check + NOT-FOR-US: IBM Security QRadar SIEM CVE-2015-2007 (Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x ...) NOT-FOR-US: IBM Security QRadar SIEM CVE-2015-2006 RESERVED CVE-2015-2005 (IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x ...) - TODO: check + NOT-FOR-US: IBM Security QRadar SIEM CVE-2015-2004 RESERVED CVE-2015-2003 @@ -36161,7 +36161,7 @@ CVE-2014-8913 (Cross-site scripting (XSS) vulnerability in the Process Portal in IBM ...) NOT-FOR-US: IBM CVE-2014-8912 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...) - TODO: check + NOT-FOR-US: IBM WebSphere Portal CVE-2014-8911 (Cross-site scripting (XSS) vulnerability in IBM Content Navigator ...) NOT-FOR-US: IBM Content Navigator CVE-2014-8910 (IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40177 - data/CVE
Author: fgeek-guest Date: 2016-03-05 13:36:10 + (Sat, 05 Mar 2016) New Revision: 40177 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2016-03-05 09:53:14 UTC (rev 40176) +++ data/CVE/list 2016-03-05 13:36:10 UTC (rev 40177) @@ -4588,19 +4588,19 @@ CVE-2016-1336 RESERVED CVE-2016-1335 (The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x ...) - TODO: check + NOT-FOR-US: Cisco StarOS CVE-2016-1334 (Cisco Small Business 500 Wireless Access Point devices with firmware ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-1333 (Cisco IOS 15.5(3)M and 15.6(1)T0a on Cisco 1000 Connected Grid routers ...) - TODO: check + NOT-FOR-US: Cisco IOS CVE-2016-1332 RESERVED CVE-2016-1331 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency ...) - TODO: check + NOT-FOR-US: Cisco Emergency Responder CVE-2016-1330 (Cisco IOS 15.2(4)E on Industrial Ethernet 2000 devices allows remote ...) - TODO: check + NOT-FOR-US: Cisco IOS CVE-2016-1329 (Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and ...) - TODO: check + NOT-FOR-US: Cisco Nexus CVE-2016-1328 RESERVED CVE-2016-1327 @@ -4610,25 +4610,25 @@ CVE-2016-1325 RESERVED CVE-2016-1324 (The REST interface in Cisco Spark 2015-06 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Cisco Spark CVE-2016-1323 (The REST interface in Cisco Spark 2015-06 allows remote authenticated ...) - TODO: check + NOT-FOR-US: Cisco Spark CVE-2016-1322 (The REST interface in Cisco Spark 2015-07-04 allows remote attackers ...) - TODO: check + NOT-FOR-US: Cisco Spark CVE-2016-1321 (Cisco Universal Small Cell devices with firmware R2.12 through R3.5 ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-1320 (The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-1319 (Cisco Unified Communications Manager (aka CallManager) ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-1318 (Cross-site scripting (XSS) vulnerability in Cisco Application Policy ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-1317 (Cisco Unified Communications Manager 11.5(0.98000.480) allows remote ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-1316 (Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-1315 (The proxy engine in Cisco Advanced Malware Protection (AMP), when used ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-1314 RESERVED CVE-2016-1313 @@ -4682,7 +4682,7 @@ CVE-2016-1289 RESERVED CVE-2016-1288 (The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x ...) - TODO: check + NOT-FOR-US: Cisco Web Security Appliance CVE-2016-1287 (Buffer overflow in the IKEv1 and IKEv2 implementations in Cisco ASA ...) NOT-FOR-US: Cisco ASA CVE-2016-1286 @@ -15061,7 +15061,7 @@ CVE-2015-6261 (Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 ...) NOT-FOR-US: Cisco CVE-2015-6260 (Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not ...) - TODO: check + NOT-FOR-US: Cisco CVE-2015-6259 (The JavaServer Pages (JSP) component in Cisco Integrated Management ...) NOT-FOR-US: Cisco CVE-2015-6258 (The Internet Access Point Protocol (IAPP) module on Cisco Wireless LAN ...) @@ -32285,7 +32285,7 @@ CVE-2015-0719 RESERVED CVE-2015-0718 (Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and ...) - TODO: check + NOT-FOR-US: Cisco NX-OS CVE-2015-0717 (Cisco Unified Communications Manager 10.0(1.1.12) allows local ...) NOT-FOR-US: Cisco CVE-2015-0716 (Cross-site request forgery (CSRF) vulnerability in the CUCReports page ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40176 - data/CVE
Author: rbalint
Date: 2016-03-05 09:53:14 + (Sat, 05 Mar 2016)
New Revision: 40176
Modified:
data/CVE/list
Log:
wireshark's CVE-2015-8731 is at least partially fixed in 2.0.1
Modified: data/CVE/list
===
--- data/CVE/list 2016-03-05 09:10:15 UTC (rev 40175)
+++ data/CVE/list 2016-03-05 09:53:14 UTC (rev 40176)
@@ -4844,12 +4844,12 @@
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11830
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-50.html
CVE-2015-8731 (The dissct_rsl_ipaccess_msg function in
epan/dissectors/packet-rsl.c ...)
- - wireshark
+ - wireshark 2.0.1+g59ea380-1
[squeeze] - wireshark (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2930d3105c3ff2bfb1278b34ad10e2e71c3b8fb0
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11829
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-49.html
- NOTE: fix released in 2.0.1 is incomplete
+ NOTE: fix released in 2.0.1 is incomplete, but the rest is tracked
under CVE-2016-2530
CVE-2015-8730 (epan/dissectors/packet-nbap.c in the NBAP dissector in
Wireshark ...)
{DSA-3505-1}
- wireshark 2.0.1+g59ea380-1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40175 - data/CVE
Author: sectracker
Date: 2016-03-05 09:10:15 + (Sat, 05 Mar 2016)
New Revision: 40175
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2016-03-05 08:40:07 UTC (rev 40174)
+++ data/CVE/list 2016-03-05 09:10:15 UTC (rev 40175)
@@ -1,3 +1,5 @@
+CVE-2016-2842 (The doapr_outch function in crypto/bio/b_print.c in OpenSSL
1.0.1 ...)
+ TODO: check
CVE-2016- [Out-of-Bound Read in phar_parse_zipfile()]
- php5
NOTE: https://bugs.php.net/bug.php?id=71498
@@ -4537,18 +4539,18 @@
RESERVED
CVE-2016-1360
RESERVED
-CVE-2016-1359
- RESERVED
-CVE-2016-1358
- RESERVED
-CVE-2016-1357
- RESERVED
-CVE-2016-1356
- RESERVED
-CVE-2016-1355
- RESERVED
-CVE-2016-1354
- RESERVED
+CVE-2016-1359 (Cisco Prime Infrastructure 3.0 allows remote authenticated
users to ...)
+ TODO: check
+CVE-2016-1358 (Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote
...)
+ TODO: check
+CVE-2016-1357 (The password-management administration component in Cisco
Policy Suite ...)
+ TODO: check
+CVE-2016-1356 (Cisco FireSIGHT System Software 6.1.0 does not use a
constant-time ...)
+ TODO: check
+CVE-2016-1355 (Cross-site scripting (XSS) vulnerability in the Device
Management UI ...)
+ TODO: check
+CVE-2016-1354 (Cross-site scripting (XSS) vulnerability in Cisco Unified ...)
+ TODO: check
CVE-2016-1353 (The TCP implementation in Cisco Videoscape Distribution Suite
for ...)
NOT-FOR-US: Cisco Videoscape Distribution Suite
CVE-2016-1352
@@ -4679,8 +4681,8 @@
RESERVED
CVE-2016-1289
RESERVED
-CVE-2016-1288
- RESERVED
+CVE-2016-1288 (The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and
9.x ...)
+ TODO: check
CVE-2016-1287 (Buffer overflow in the IKEv1 and IKEv2 implementations in Cisco
ASA ...)
NOT-FOR-US: Cisco ASA
CVE-2016-1286
@@ -5367,8 +5369,8 @@
RESERVED
CVE-2016-1159
RESERVED
-CVE-2016-1158
- RESERVED
+CVE-2016-1158 (Cross-site request forgery (CSRF) vulnerability on Corega
CG-WLBARGMH ...)
+ TODO: check
CVE-2016-1157 (Cross-site scripting (XSS) vulnerability in log_chat.cgi in
Script* ...)
TODO: check
CVE-2016-1156 (LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on
OS X ...)
@@ -6493,21 +6495,18 @@
NOTE: https://www.drownattack.com/
NOTE: GNUTLS never implemented SSLv2
NOTE:
http://blog.cryptographyengineering.com/2016/03/attack-of-week-drown.html
-CVE-2016-0799 [Memory issues in BIO_*printf functions]
- RESERVED
+CVE-2016-0799 (The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1
before ...)
{DSA-3500-1}
- openssl 1.0.2g-1
NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: Fixed in master in
https://git.openssl.org/?p=openssl.git;a=commit;h=a801bf263849a2ef773e5bc0c86438cbba720835
NOTE:
https://guidovranken.wordpress.com/2016/02/27/openssl-cve-2016-0799-heap-corruption-via-bio_printf/
-CVE-2016-0798 [Memory leak in SRP database lookups]
- RESERVED
+CVE-2016-0798 (Memory leak in the SRP_VBASE_get_by_user implementation in
OpenSSL ...)
{DSA-3500-1}
- openssl 1.0.2g-1
NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: Fixed in master in
https://git.openssl.org/?p=openssl.git;a=commit;h=59a908f1e8380412a81392c468b83bf6071beb2a
-CVE-2016-0797 [BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption]
- RESERVED
+CVE-2016-0797 (Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and
1.0.2 ...)
{DSA-3500-1}
- openssl 1.0.2g-1
NOTE: https://www.openssl.org/news/secadv/20160301.txt
@@ -6838,8 +6837,7 @@
- tomcat6 6.0.41-3
NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
NOTE: Fixed in 6.0.45, 7.0.68, 8.0.32, 9.0.0.M3
-CVE-2016-0705 [Double-free in DSA code]
- RESERVED
+CVE-2016-0705 (Double free vulnerability in the dsa_priv_decode function in
...)
{DSA-3500-1}
- openssl 1.0.2g-1
[squeeze] - openssl (vulnerable code not present)
@@ -6853,8 +6851,7 @@
- openssl 1.0.0c-2
NOTE: 1.0.0c-2 dropped SSLv2 support
NOTE: https://www.openssl.org/news/secadv/20160301.txt
-CVE-2016-0702 [Side channel attack on modular exponentiation]
- RESERVED
+CVE-2016-0702 (The MOD_EXP_CTIME_COPY_FROM_PREBUF function in
crypto/bn/bn_exp.c in ...)
{DSA-3500-1}
- openssl 1.0.2g-1
NOTE: https://www.openssl.org/news/secadv/20160301.txt
@@ -8182,8 +8179,8 @@
RESERVED
CVE-2016-0228
RESERVED
-CVE-2016-0227
- RESERVED
+CVE-2016-0227 (Cross-site scripting (XSS) vulnerability in the document-list
control ...)
+ TODO: check
CVE-2016-0226
RESERVED
CVE-2016-0225 (IBM WebSphere Commerce 6.x through
[Secure-testing-commits] r40174 - data/packages
Author: sectracker Date: 2016-03-05 08:40:07 + (Sat, 05 Mar 2016) New Revision: 40174 Modified: data/packages/removed-packages Log: These packages have been removed Modified: data/packages/removed-packages === --- data/packages/removed-packages 2016-03-05 08:05:15 UTC (rev 40173) +++ data/packages/removed-packages 2016-03-05 08:40:07 UTC (rev 40174) @@ -461,3 +461,4 @@ dtc php-symfony2-yaml phpdocx +php5.6 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40173 - data/CVE
Author: carnil
Date: 2016-03-05 08:05:15 + (Sat, 05 Mar 2016)
New Revision: 40173
Modified:
data/CVE/list
Log:
Add bug reference for CVE-2014-6276/roundup
Modified: data/CVE/list
===
--- data/CVE/list 2016-03-05 07:59:24 UTC (rev 40172)
+++ data/CVE/list 2016-03-05 08:05:15 UTC (rev 40173)
@@ -42850,7 +42850,7 @@
CVE-2014-6276
RESERVED
{DSA-3502-1}
- - roundup
+ - roundup (bug #816780)
NOTE: http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9
CVE-2014-6275
RESERVED
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
