date:20160318

[Secure-testing-commits] r40455 - data/CVE

2016-03-18 Thread Moritz Muehlenhoff

Author: jmm
Date: 2016-03-18 18:52:31 + (Fri, 18 Mar 2016)
New Revision: 40455

Modified:
   data/CVE/list
Log:
opam, dcraw, httpcomponents-client no-dsa
NFUs


Modified: data/CVE/list
===
--- data/CVE/list   2016-03-18 18:47:19 UTC (rev 40454)
+++ data/CVE/list   2016-03-18 18:52:31 UTC (rev 40455)
@@ -427,7 +427,6 @@
NOTE: https://bugs.php.net/bug.php?id=71610
NOTE: 
https://git.php.net/?p=php-src.git;a=commit;h=eaf4e77190d402ea014207e9a7d5da1a4f3727ba
NOTE: http://php.net/ChangeLog-7.php#7.0.4
-   TODO: seems to not affect PHP 5, double check
 CVE-2016-3184
RESERVED
 CVE-2016-3180 [Signature verification bypass attack]
@@ -506,6 +505,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/03/15/3
 CVE-2016- [opam: does not verify certificate]
- opam  (bug #818081)
+   [jessie] - opam  (Minor issue, can be fixed in a point update)
NOTE: 
https://github.com/ocaml/opam/commit/3d43295df3bb9e67e60801d319bf82c2c8a84d24
 CVE-2016- [moodle issues from 2.7.13]
- moodle 2.7.13+dfsg-1
@@ -7420,45 +7420,45 @@
 CVE-2016-1006
RESERVED
 CVE-2016-1005 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x 
before ...)
-   TODO: check
+   NOT-FOR-US: Adobe Flash
 CVE-2016-1004
RESERVED
 CVE-2016-1003
RESERVED
 CVE-2016-1002 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x 
before ...)
-   TODO: check
+   NOT-FOR-US: Adobe Flash
 CVE-2016-1001 (Heap-based buffer overflow in Adobe Flash Player before 
18.0.0.333 and ...)
-   TODO: check
+   NOT-FOR-US: Adobe Flash
 CVE-2016-1000 (Use-after-free vulnerability in Adobe Flash Player before 
18.0.0.333 ...)
-   TODO: check
+   NOT-FOR-US: Adobe Flash
 CVE-2016-0999 (Use-after-free vulnerability in Adobe Flash Player before 
18.0.0.333 ...)
-   TODO: check
+   NOT-FOR-US: Adobe Flash
 CVE-2016-0998 (Use-after-free vulnerability in Adobe Flash Player before 
18.0.0.333 ...)
-   TODO: check
+   NOT-FOR-US: Adobe Flash
 CVE-2016-0997 (Use-after-free vulnerability in Adobe Flash Player before 
18.0.0.333 ...)
-   TODO: check
+   NOT-FOR-US: Adobe Flash
 CVE-2016-0996 (Use-after-free vulnerability in the setInterval method in Adobe 
Flash ...)
-   TODO: check
+   NOT-FOR-US: Adobe Flash
 CVE-2016-0995 (Use-after-free vulnerability in Adobe Flash Player before 
18.0.0.333 ...)
-   TODO: check
+   NOT-FOR-US: Adobe Flash
 CVE-2016-0994 (Use-after-free vulnerability in Adobe Flash Player before 
18.0.0.333 ...)
-   TODO: check
+   NOT-FOR-US: Adobe Flash
 CVE-2016-0993 (Integer overflow in Adobe Flash Player before 18.0.0.333 and 
19.x ...)
-   TODO: check
+   NOT-FOR-US: Adobe Flash
 CVE-2016-0992 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x 
before ...)
-   TODO: check
+   NOT-FOR-US: Adobe Flash
 CVE-2016-0991 (Use-after-free vulnerability in Adobe Flash Player before 
18.0.0.333 ...)
-   TODO: check
+   NOT-FOR-US: Adobe Flash
 CVE-2016-0990 (Use-after-free vulnerability in Adobe Flash Player before 
18.0.0.333 ...)
-   TODO: check
+   NOT-FOR-US: Adobe Flash
 CVE-2016-0989 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x 
before ...)
-   TODO: check
+   NOT-FOR-US: Adobe Flash
 CVE-2016-0988 (Use-after-free vulnerability in Adobe Flash Player before 
18.0.0.333 ...)
-   TODO: check
+   NOT-FOR-US: Adobe Flash
 CVE-2016-0987 (Use-after-free vulnerability in Adobe Flash Player before 
18.0.0.333 ...)
-   TODO: check
+   NOT-FOR-US: Adobe Flash
 CVE-2016-0986 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x 
before ...)
-   TODO: check
+   NOT-FOR-US: Adobe Flash
 CVE-2016-0985 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 
...)
NOT-FOR-US: Adobe
 CVE-2016-0984 (Use-after-free vulnerability in Adobe Flash Player before 
18.0.0.329 ...)
@@ -7504,13 +7504,13 @@
 CVE-2016-0964 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 
...)
NOT-FOR-US: Adobe
 CVE-2016-0963 (Integer overflow in Adobe Flash Player before 18.0.0.333 and 
19.x ...)
-   TODO: check
+   NOT-FOR-US: Adobe Flash
 CVE-2016-0962 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x 
before ...)
-   TODO: check
+   NOT-FOR-US: Adobe Flash
 CVE-2016-0961 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x 
before ...)
-   TODO: check
+   NOT-FOR-US: Adobe Flash
 CVE-2016-0960 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x 
before ...)
-   TODO: check
+   NOT-FOR-US: Adobe Flash
 CVE-2016-0959
RESERVED
 CVE-2016-0958 (Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow 
remote ...)
@@ -10668,6 +10668,7 @@
[wheezy] - libraw  (Vulnerable code not present)
[squeeze] - libraw  (Vulnerable code not present)
-

[Secure-testing-commits] r40420 - data/CVE

2016-03-18 Thread security tracker role

Author: sectracker
Date: 2016-03-16 21:10:12 + (Wed, 16 Mar 2016)
New Revision: 40420

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2016-03-16 20:53:37 UTC (rev 40419)
+++ data/CVE/list   2016-03-16 21:10:12 UTC (rev 40420)
@@ -1,3 +1,457 @@
+CVE-2016-3397
+   RESERVED
+CVE-2016-3396
+   RESERVED
+CVE-2016-3395
+   RESERVED
+CVE-2016-3394
+   RESERVED
+CVE-2016-3393
+   RESERVED
+CVE-2016-3392
+   RESERVED
+CVE-2016-3391
+   RESERVED
+CVE-2016-3390
+   RESERVED
+CVE-2016-3389
+   RESERVED
+CVE-2016-3388
+   RESERVED
+CVE-2016-3387
+   RESERVED
+CVE-2016-3386
+   RESERVED
+CVE-2016-3385
+   RESERVED
+CVE-2016-3384
+   RESERVED
+CVE-2016-3383
+   RESERVED
+CVE-2016-3382
+   RESERVED
+CVE-2016-3381
+   RESERVED
+CVE-2016-3380
+   RESERVED
+CVE-2016-3379
+   RESERVED
+CVE-2016-3378
+   RESERVED
+CVE-2016-3377
+   RESERVED
+CVE-2016-3376
+   RESERVED
+CVE-2016-3375
+   RESERVED
+CVE-2016-3374
+   RESERVED
+CVE-2016-3373
+   RESERVED
+CVE-2016-3372
+   RESERVED
+CVE-2016-3371
+   RESERVED
+CVE-2016-3370
+   RESERVED
+CVE-2016-3369
+   RESERVED
+CVE-2016-3368
+   RESERVED
+CVE-2016-3367
+   RESERVED
+CVE-2016-3366
+   RESERVED
+CVE-2016-3365
+   RESERVED
+CVE-2016-3364
+   RESERVED
+CVE-2016-3363
+   RESERVED
+CVE-2016-3362
+   RESERVED
+CVE-2016-3361
+   RESERVED
+CVE-2016-3360
+   RESERVED
+CVE-2016-3359
+   RESERVED
+CVE-2016-3358
+   RESERVED
+CVE-2016-3357
+   RESERVED
+CVE-2016-3356
+   RESERVED
+CVE-2016-3355
+   RESERVED
+CVE-2016-3354
+   RESERVED
+CVE-2016-3353
+   RESERVED
+CVE-2016-3352
+   RESERVED
+CVE-2016-3351
+   RESERVED
+CVE-2016-3350
+   RESERVED
+CVE-2016-3349
+   RESERVED
+CVE-2016-3348
+   RESERVED
+CVE-2016-3347
+   RESERVED
+CVE-2016-3346
+   RESERVED
+CVE-2016-3345
+   RESERVED
+CVE-2016-3344
+   RESERVED
+CVE-2016-3343
+   RESERVED
+CVE-2016-3342
+   RESERVED
+CVE-2016-3341
+   RESERVED
+CVE-2016-3340
+   RESERVED
+CVE-2016-3339
+   RESERVED
+CVE-2016-3338
+   RESERVED
+CVE-2016-3337
+   RESERVED
+CVE-2016-3336
+   RESERVED
+CVE-2016-3335
+   RESERVED
+CVE-2016-3334
+   RESERVED
+CVE-2016-
+   RESERVED
+CVE-2016-3332
+   RESERVED
+CVE-2016-3331
+   RESERVED
+CVE-2016-3330
+   RESERVED
+CVE-2016-3329
+   RESERVED
+CVE-2016-3328
+   RESERVED
+CVE-2016-3327
+   RESERVED
+CVE-2016-3326
+   RESERVED
+CVE-2016-3325
+   RESERVED
+CVE-2016-3324
+   RESERVED
+CVE-2016-3323
+   RESERVED
+CVE-2016-3322
+   RESERVED
+CVE-2016-3321
+   RESERVED
+CVE-2016-3320
+   RESERVED
+CVE-2016-3319
+   RESERVED
+CVE-2016-3318
+   RESERVED
+CVE-2016-3317
+   RESERVED
+CVE-2016-3316
+   RESERVED
+CVE-2016-3315
+   RESERVED
+CVE-2016-3314
+   RESERVED
+CVE-2016-3313
+   RESERVED
+CVE-2016-3312
+   RESERVED
+CVE-2016-3311
+   RESERVED
+CVE-2016-3310
+   RESERVED
+CVE-2016-3309
+   RESERVED
+CVE-2016-3308
+   RESERVED
+CVE-2016-3307
+   RESERVED
+CVE-2016-3306
+   RESERVED
+CVE-2016-3305
+   RESERVED
+CVE-2016-3304
+   RESERVED
+CVE-2016-3303
+   RESERVED
+CVE-2016-3302
+   RESERVED
+CVE-2016-3301
+   RESERVED
+CVE-2016-3300
+   RESERVED
+CVE-2016-3299
+   RESERVED
+CVE-2016-3298
+   RESERVED
+CVE-2016-3297
+   RESERVED
+CVE-2016-3296
+   RESERVED
+CVE-2016-3295
+   RESERVED
+CVE-2016-3294
+   RESERVED
+CVE-2016-3293
+   RESERVED
+CVE-2016-3292
+   RESERVED
+CVE-2016-3291
+   RESERVED
+CVE-2016-3290
+   RESERVED
+CVE-2016-3289
+   RESERVED
+CVE-2016-3288
+   RESERVED
+CVE-2016-3287
+   RESERVED
+CVE-2016-3286
+   RESERVED
+CVE-2016-3285
+   RESERVED
+CVE-2016-3284
+   RESERVED
+CVE-2016-3283
+   RESERVED
+CVE-2016-3282
+   RESERVED
+CVE-2016-3281
+   RESERVED
+CVE-2016-3280
+   RESERVED
+CVE-2016-3279
+   RESERVED
+CVE-2016-3278
+   RESERVED
+CVE-2016-3277
+   RESERVED
+CVE-2016-3276
+   RESERVED
+CVE-2016-3275
+   RESERVED
+CVE-2016-3274
+   RESERVED
+CVE-2016-3273
+   RESERVED
+CVE-2016-3272
+   RESERVED
+CVE-2016-3271
+   RESERVED
+CVE-2016-3270
+   RESERVED
+CVE-2016-3269
+   RESERVED
+CVE-2016-3268
+   RESERVED
+CVE-2016-3267
+   RESERVED
+CVE-2016-3266
+   RESERVED
+CVE-2016-3265
+   RESERVED
+CVE-2016-3264
+   RESERVED
+CVE-2016-3263
+   RESERVED
+CVE-2016-3262
+   RESERVED
+CVE-2016-3261
+   RESERVED
+CVE-2016-3260
+   RESERVED
+CVE-2016-3259
+   RESERVED
+CVE-2016-3258
+   RESERVED
+CVE-2016-3257
+   RESERVED
+CVE-2016-3256
+   RESERVED
+CVE-2016-3255
+   RESERVED
+CVE-2016-3254
+   RESERVED
+CVE-2016-3253
+

[Secure-testing-commits] r40454 - data/CVE

2016-03-18 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-03-18 18:47:19 + (Fri, 18 Mar 2016)
New Revision: 40454

Modified:
   data/CVE/list
Log:
Update information for CVE-2016-1504/dhcpcd

Modified: data/CVE/list
===
--- data/CVE/list   2016-03-18 18:44:09 UTC (rev 40453)
+++ data/CVE/list   2016-03-18 18:47:19 UTC (rev 40454)
@@ -5783,12 +5783,11 @@
 CVE-2016-1504 [invalid read/crash via malformed dhcp responses]
RESERVED
- dhcpcd5  (bug #810620)
-   - dhcpcd 
+   - dhcpcd  (Vulnerable code not present)
[squeeze] - dhcpcd  (Vulnerable code not present)
NOTE: 
http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d8fabf33059aa4689cca17403
NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/01/07/3
NOTE: dhcpcd 3.2.3- in squeeze and wheezy differ very much from 
dhcpcd5 in later Debian versions.
-   TODO: check affected versions
 CVE-2016- [Missing normalization]
- ruby-rack-attack 4.3.1-1
NOTE: 
https://github.com/kickstarter/rack-attack/commit/76c2e3143099d938883ae5654527b47e9e6a8977


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40436 - data/CVE

2016-03-18 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-03-17 15:11:59 + (Thu, 17 Mar 2016)
New Revision: 40436

Modified:
   data/CVE/list
Log:
Add three NFUs

Modified: data/CVE/list
===
--- data/CVE/list   2016-03-17 14:53:37 UTC (rev 40435)
+++ data/CVE/list   2016-03-17 15:11:59 UTC (rev 40436)
@@ -1223,7 +1223,7 @@
 CVE-2016-2848
RESERVED
 CVE-2016-2846 (Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote 
attackers ...)
-   TODO: check
+   NOT-FOR-US: Siemens SIMATIC S7-1200 CPU devices
 CVE-2016-2845 (The Content Security Policy (CSP) implementation in Blink, as 
used in ...)
{DSA-3507-1}
- chromium-browser 49.0.2623.75-1
@@ -3911,7 +3911,7 @@
 CVE-2016-2076
RESERVED
 CVE-2016-2075 (Cross-site scripting (XSS) vulnerability in VMware vRealize 
Business ...)
-   TODO: check
+   NOT-FOR-US: VMware vRealize Business Advanced and Enterprise
 CVE-2016-2074
RESERVED
 CVE-2016-2072 (The Administrative Web Interface in Citrix NetScaler 
Application ...)
@@ -28147,7 +28147,7 @@
 CVE-2015-2345
RESERVED
 CVE-2015-2344 (Cross-site scripting (XSS) vulnerability in VMware vRealize 
Automation ...)
-   TODO: check
+   NOT-FOR-US: VMware vRealize Automation
 CVE-2015-2343
RESERVED
 CVE-2015-2342 (The JMX RMI service in VMware vCenter Server 5.0 before u3e, 
5.1 ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40441 - data/CVE

2016-03-18 Thread Salvatore Bonaccorso

Author: carnil
Date: 2016-03-17 16:31:24 + (Thu, 17 Mar 2016)
New Revision: 40441

Modified:
   data/CVE/list
Log:
Add bug reference for CVE-2016-2147, #818499

Modified: data/CVE/list
===
--- data/CVE/list   2016-03-17 16:31:15 UTC (rev 40440)
+++ data/CVE/list   2016-03-17 16:31:24 UTC (rev 40441)
@@ -3556,7 +3556,7 @@
NOTE: 
https://git.busybox.net/busybox/commit/?id=352f79acbd759c14399e39baef21fc4ffe180ac2
 CVE-2016-2147 [OOB heap write due to integer underflow]
RESERVED
-   - busybox 
+   - busybox  (bug #818499)
[jessie] - busybox  (Minor issue)
[wheezy] - busybox  (Minor issue)
NOTE: 
https://git.busybox.net/busybox/commit/?id=d474ffc68290e0a83651c4432eeabfa62cd51e87


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40451 - data

2016-03-18 Thread Markus Koschany

Author: apo-guest
Date: 2016-03-18 14:43:53 + (Fri, 18 Mar 2016)
New Revision: 40451

Modified:
   data/dsa-needed.txt
Log:
Claim Tomcat7 in dsa-needed.txt

Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2016-03-18 09:10:24 UTC (rev 40450)
+++ data/dsa-needed.txt 2016-03-18 14:43:53 UTC (rev 40451)
@@ -78,7 +78,7 @@
 --
 tomcat6 (Markus Koschany)
 --
-tomcat7
+tomcat7 (Markus Koschany)
 --
 tomcat8
 --


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40418 - data/CVE

2016-03-18 Thread Moritz Muehlenhoff

Author: jmm
Date: 2016-03-16 20:42:22 + (Wed, 16 Mar 2016)
New Revision: 40418

Modified:
   data/CVE/list
Log:
three openjpeg issues CVEfied
remove non-issue


Modified: data/CVE/list
===
--- data/CVE/list   2016-03-16 17:48:52 UTC (rev 40417)
+++ data/CVE/list   2016-03-16 20:42:22 UTC (rev 40418)
@@ -195,16 +195,16 @@
[jessie] - flashrom  (Minor issue)
[wheezy] - flashrom  (Minor issue)
NOTE: https://www.flashrom.org/pipermail/flashrom/2016-March/014523.html
-CVE-2016- [Out-Of-Bounds Read in sycc422_to_rgb function]
+CVE-2016-3183 [Out-Of-Bounds Read in sycc422_to_rgb function]
- openjpeg2 
NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/03/14/14
NOTE: https://github.com/uclouvain/openjpeg/issues/726
-CVE-2016- [Heap Corruption in opj_free function]
+CVE-2016-3182 [Heap Corruption in opj_free function]
- openjpeg2 
NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/03/14/13
NOTE: https://github.com/uclouvain/openjpeg/issues/725
TODO: check, possibly as well src:openjpeg
-CVE-2016- [Out-Of-Bounds Read in opj_tcd_free_tile function]
+CVE-2016-3181 [Out-Of-Bounds Read in opj_tcd_free_tile function]
- openjpeg2 
NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/03/14/12
NOTE: https://github.com/uclouvain/openjpeg/issues/724
@@ -2253,10 +2253,6 @@
RESERVED
 CVE-2015-8814
RESERVED
-CVE-2016- [open redirect]
-   - graphite-web 
-   NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/02/17/7
-   NOTE: https://github.com/graphite-project/graphite-web/issues/1441
 CVE-2016-2392 [usb: null pointer dereference in remote NDIS control message 
handling]
RESERVED
- qemu  (bug #815008)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40455 - data/CVE

[Secure-testing-commits] r40420 - data/CVE

[Secure-testing-commits] r40454 - data/CVE

[Secure-testing-commits] r40436 - data/CVE

[Secure-testing-commits] r40441 - data/CVE

[Secure-testing-commits] r40451 - data

[Secure-testing-commits] r40418 - data/CVE

7 matches

Site Navigation

Mail list logo

Footer information