[Secure-testing-commits] r40455 - data/CVE
Author: jmm Date: 2016-03-18 18:52:31 + (Fri, 18 Mar 2016) New Revision: 40455 Modified: data/CVE/list Log: opam, dcraw, httpcomponents-client no-dsa NFUs Modified: data/CVE/list === --- data/CVE/list 2016-03-18 18:47:19 UTC (rev 40454) +++ data/CVE/list 2016-03-18 18:52:31 UTC (rev 40455) @@ -427,7 +427,6 @@ NOTE: https://bugs.php.net/bug.php?id=71610 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=eaf4e77190d402ea014207e9a7d5da1a4f3727ba NOTE: http://php.net/ChangeLog-7.php#7.0.4 - TODO: seems to not affect PHP 5, double check CVE-2016-3184 RESERVED CVE-2016-3180 [Signature verification bypass attack] @@ -506,6 +505,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2016/03/15/3 CVE-2016- [opam: does not verify certificate] - opam (bug #818081) + [jessie] - opam (Minor issue, can be fixed in a point update) NOTE: https://github.com/ocaml/opam/commit/3d43295df3bb9e67e60801d319bf82c2c8a84d24 CVE-2016- [moodle issues from 2.7.13] - moodle 2.7.13+dfsg-1 @@ -7420,45 +7420,45 @@ CVE-2016-1006 RESERVED CVE-2016-1005 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2016-1004 RESERVED CVE-2016-1003 RESERVED CVE-2016-1002 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2016-1001 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2016-1000 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2016-0999 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2016-0998 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2016-0997 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2016-0996 (Use-after-free vulnerability in the setInterval method in Adobe Flash ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2016-0995 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2016-0994 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2016-0993 (Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2016-0992 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2016-0991 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2016-0990 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2016-0989 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2016-0988 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2016-0987 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2016-0986 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2016-0985 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...) NOT-FOR-US: Adobe CVE-2016-0984 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 ...) @@ -7504,13 +7504,13 @@ CVE-2016-0964 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...) NOT-FOR-US: Adobe CVE-2016-0963 (Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2016-0962 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2016-0961 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2016-0960 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2016-0959 RESERVED CVE-2016-0958 (Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote ...) @@ -10668,6 +10668,7 @@ [wheezy] - libraw (Vulnerable code not present) [squeeze] - libraw (Vulnerable code not present) -
[Secure-testing-commits] r40420 - data/CVE
Author: sectracker Date: 2016-03-16 21:10:12 + (Wed, 16 Mar 2016) New Revision: 40420 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2016-03-16 20:53:37 UTC (rev 40419) +++ data/CVE/list 2016-03-16 21:10:12 UTC (rev 40420) @@ -1,3 +1,457 @@ +CVE-2016-3397 + RESERVED +CVE-2016-3396 + RESERVED +CVE-2016-3395 + RESERVED +CVE-2016-3394 + RESERVED +CVE-2016-3393 + RESERVED +CVE-2016-3392 + RESERVED +CVE-2016-3391 + RESERVED +CVE-2016-3390 + RESERVED +CVE-2016-3389 + RESERVED +CVE-2016-3388 + RESERVED +CVE-2016-3387 + RESERVED +CVE-2016-3386 + RESERVED +CVE-2016-3385 + RESERVED +CVE-2016-3384 + RESERVED +CVE-2016-3383 + RESERVED +CVE-2016-3382 + RESERVED +CVE-2016-3381 + RESERVED +CVE-2016-3380 + RESERVED +CVE-2016-3379 + RESERVED +CVE-2016-3378 + RESERVED +CVE-2016-3377 + RESERVED +CVE-2016-3376 + RESERVED +CVE-2016-3375 + RESERVED +CVE-2016-3374 + RESERVED +CVE-2016-3373 + RESERVED +CVE-2016-3372 + RESERVED +CVE-2016-3371 + RESERVED +CVE-2016-3370 + RESERVED +CVE-2016-3369 + RESERVED +CVE-2016-3368 + RESERVED +CVE-2016-3367 + RESERVED +CVE-2016-3366 + RESERVED +CVE-2016-3365 + RESERVED +CVE-2016-3364 + RESERVED +CVE-2016-3363 + RESERVED +CVE-2016-3362 + RESERVED +CVE-2016-3361 + RESERVED +CVE-2016-3360 + RESERVED +CVE-2016-3359 + RESERVED +CVE-2016-3358 + RESERVED +CVE-2016-3357 + RESERVED +CVE-2016-3356 + RESERVED +CVE-2016-3355 + RESERVED +CVE-2016-3354 + RESERVED +CVE-2016-3353 + RESERVED +CVE-2016-3352 + RESERVED +CVE-2016-3351 + RESERVED +CVE-2016-3350 + RESERVED +CVE-2016-3349 + RESERVED +CVE-2016-3348 + RESERVED +CVE-2016-3347 + RESERVED +CVE-2016-3346 + RESERVED +CVE-2016-3345 + RESERVED +CVE-2016-3344 + RESERVED +CVE-2016-3343 + RESERVED +CVE-2016-3342 + RESERVED +CVE-2016-3341 + RESERVED +CVE-2016-3340 + RESERVED +CVE-2016-3339 + RESERVED +CVE-2016-3338 + RESERVED +CVE-2016-3337 + RESERVED +CVE-2016-3336 + RESERVED +CVE-2016-3335 + RESERVED +CVE-2016-3334 + RESERVED +CVE-2016- + RESERVED +CVE-2016-3332 + RESERVED +CVE-2016-3331 + RESERVED +CVE-2016-3330 + RESERVED +CVE-2016-3329 + RESERVED +CVE-2016-3328 + RESERVED +CVE-2016-3327 + RESERVED +CVE-2016-3326 + RESERVED +CVE-2016-3325 + RESERVED +CVE-2016-3324 + RESERVED +CVE-2016-3323 + RESERVED +CVE-2016-3322 + RESERVED +CVE-2016-3321 + RESERVED +CVE-2016-3320 + RESERVED +CVE-2016-3319 + RESERVED +CVE-2016-3318 + RESERVED +CVE-2016-3317 + RESERVED +CVE-2016-3316 + RESERVED +CVE-2016-3315 + RESERVED +CVE-2016-3314 + RESERVED +CVE-2016-3313 + RESERVED +CVE-2016-3312 + RESERVED +CVE-2016-3311 + RESERVED +CVE-2016-3310 + RESERVED +CVE-2016-3309 + RESERVED +CVE-2016-3308 + RESERVED +CVE-2016-3307 + RESERVED +CVE-2016-3306 + RESERVED +CVE-2016-3305 + RESERVED +CVE-2016-3304 + RESERVED +CVE-2016-3303 + RESERVED +CVE-2016-3302 + RESERVED +CVE-2016-3301 + RESERVED +CVE-2016-3300 + RESERVED +CVE-2016-3299 + RESERVED +CVE-2016-3298 + RESERVED +CVE-2016-3297 + RESERVED +CVE-2016-3296 + RESERVED +CVE-2016-3295 + RESERVED +CVE-2016-3294 + RESERVED +CVE-2016-3293 + RESERVED +CVE-2016-3292 + RESERVED +CVE-2016-3291 + RESERVED +CVE-2016-3290 + RESERVED +CVE-2016-3289 + RESERVED +CVE-2016-3288 + RESERVED +CVE-2016-3287 + RESERVED +CVE-2016-3286 + RESERVED +CVE-2016-3285 + RESERVED +CVE-2016-3284 + RESERVED +CVE-2016-3283 + RESERVED +CVE-2016-3282 + RESERVED +CVE-2016-3281 + RESERVED +CVE-2016-3280 + RESERVED +CVE-2016-3279 + RESERVED +CVE-2016-3278 + RESERVED +CVE-2016-3277 + RESERVED +CVE-2016-3276 + RESERVED +CVE-2016-3275 + RESERVED +CVE-2016-3274 + RESERVED +CVE-2016-3273 + RESERVED +CVE-2016-3272 + RESERVED +CVE-2016-3271 + RESERVED +CVE-2016-3270 + RESERVED +CVE-2016-3269 + RESERVED +CVE-2016-3268 + RESERVED +CVE-2016-3267 + RESERVED +CVE-2016-3266 + RESERVED +CVE-2016-3265 + RESERVED +CVE-2016-3264 + RESERVED +CVE-2016-3263 + RESERVED +CVE-2016-3262 + RESERVED +CVE-2016-3261 + RESERVED +CVE-2016-3260 + RESERVED +CVE-2016-3259 + RESERVED +CVE-2016-3258 + RESERVED +CVE-2016-3257 + RESERVED +CVE-2016-3256 + RESERVED +CVE-2016-3255 + RESERVED +CVE-2016-3254 + RESERVED +CVE-2016-3253 +
[Secure-testing-commits] r40454 - data/CVE
Author: carnil Date: 2016-03-18 18:47:19 + (Fri, 18 Mar 2016) New Revision: 40454 Modified: data/CVE/list Log: Update information for CVE-2016-1504/dhcpcd Modified: data/CVE/list === --- data/CVE/list 2016-03-18 18:44:09 UTC (rev 40453) +++ data/CVE/list 2016-03-18 18:47:19 UTC (rev 40454) @@ -5783,12 +5783,11 @@ CVE-2016-1504 [invalid read/crash via malformed dhcp responses] RESERVED - dhcpcd5 (bug #810620) - - dhcpcd + - dhcpcd (Vulnerable code not present) [squeeze] - dhcpcd (Vulnerable code not present) NOTE: http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d8fabf33059aa4689cca17403 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/07/3 NOTE: dhcpcd 3.2.3- in squeeze and wheezy differ very much from dhcpcd5 in later Debian versions. - TODO: check affected versions CVE-2016- [Missing normalization] - ruby-rack-attack 4.3.1-1 NOTE: https://github.com/kickstarter/rack-attack/commit/76c2e3143099d938883ae5654527b47e9e6a8977 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40436 - data/CVE
Author: carnil Date: 2016-03-17 15:11:59 + (Thu, 17 Mar 2016) New Revision: 40436 Modified: data/CVE/list Log: Add three NFUs Modified: data/CVE/list === --- data/CVE/list 2016-03-17 14:53:37 UTC (rev 40435) +++ data/CVE/list 2016-03-17 15:11:59 UTC (rev 40436) @@ -1223,7 +1223,7 @@ CVE-2016-2848 RESERVED CVE-2016-2846 (Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers ...) - TODO: check + NOT-FOR-US: Siemens SIMATIC S7-1200 CPU devices CVE-2016-2845 (The Content Security Policy (CSP) implementation in Blink, as used in ...) {DSA-3507-1} - chromium-browser 49.0.2623.75-1 @@ -3911,7 +3911,7 @@ CVE-2016-2076 RESERVED CVE-2016-2075 (Cross-site scripting (XSS) vulnerability in VMware vRealize Business ...) - TODO: check + NOT-FOR-US: VMware vRealize Business Advanced and Enterprise CVE-2016-2074 RESERVED CVE-2016-2072 (The Administrative Web Interface in Citrix NetScaler Application ...) @@ -28147,7 +28147,7 @@ CVE-2015-2345 RESERVED CVE-2015-2344 (Cross-site scripting (XSS) vulnerability in VMware vRealize Automation ...) - TODO: check + NOT-FOR-US: VMware vRealize Automation CVE-2015-2343 RESERVED CVE-2015-2342 (The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40441 - data/CVE
Author: carnil Date: 2016-03-17 16:31:24 + (Thu, 17 Mar 2016) New Revision: 40441 Modified: data/CVE/list Log: Add bug reference for CVE-2016-2147, #818499 Modified: data/CVE/list === --- data/CVE/list 2016-03-17 16:31:15 UTC (rev 40440) +++ data/CVE/list 2016-03-17 16:31:24 UTC (rev 40441) @@ -3556,7 +3556,7 @@ NOTE: https://git.busybox.net/busybox/commit/?id=352f79acbd759c14399e39baef21fc4ffe180ac2 CVE-2016-2147 [OOB heap write due to integer underflow] RESERVED - - busybox + - busybox (bug #818499) [jessie] - busybox (Minor issue) [wheezy] - busybox (Minor issue) NOTE: https://git.busybox.net/busybox/commit/?id=d474ffc68290e0a83651c4432eeabfa62cd51e87 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40451 - data
Author: apo-guest Date: 2016-03-18 14:43:53 + (Fri, 18 Mar 2016) New Revision: 40451 Modified: data/dsa-needed.txt Log: Claim Tomcat7 in dsa-needed.txt Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-03-18 09:10:24 UTC (rev 40450) +++ data/dsa-needed.txt 2016-03-18 14:43:53 UTC (rev 40451) @@ -78,7 +78,7 @@ -- tomcat6 (Markus Koschany) -- -tomcat7 +tomcat7 (Markus Koschany) -- tomcat8 -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r40418 - data/CVE
Author: jmm Date: 2016-03-16 20:42:22 + (Wed, 16 Mar 2016) New Revision: 40418 Modified: data/CVE/list Log: three openjpeg issues CVEfied remove non-issue Modified: data/CVE/list === --- data/CVE/list 2016-03-16 17:48:52 UTC (rev 40417) +++ data/CVE/list 2016-03-16 20:42:22 UTC (rev 40418) @@ -195,16 +195,16 @@ [jessie] - flashrom (Minor issue) [wheezy] - flashrom (Minor issue) NOTE: https://www.flashrom.org/pipermail/flashrom/2016-March/014523.html -CVE-2016- [Out-Of-Bounds Read in sycc422_to_rgb function] +CVE-2016-3183 [Out-Of-Bounds Read in sycc422_to_rgb function] - openjpeg2 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/14/14 NOTE: https://github.com/uclouvain/openjpeg/issues/726 -CVE-2016- [Heap Corruption in opj_free function] +CVE-2016-3182 [Heap Corruption in opj_free function] - openjpeg2 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/14/13 NOTE: https://github.com/uclouvain/openjpeg/issues/725 TODO: check, possibly as well src:openjpeg -CVE-2016- [Out-Of-Bounds Read in opj_tcd_free_tile function] +CVE-2016-3181 [Out-Of-Bounds Read in opj_tcd_free_tile function] - openjpeg2 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/14/12 NOTE: https://github.com/uclouvain/openjpeg/issues/724 @@ -2253,10 +2253,6 @@ RESERVED CVE-2015-8814 RESERVED -CVE-2016- [open redirect] - - graphite-web - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/17/7 - NOTE: https://github.com/graphite-project/graphite-web/issues/1441 CVE-2016-2392 [usb: null pointer dereference in remote NDIS control message handling] RESERVED - qemu (bug #815008) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits