[Secure-testing-commits] r42406 - data/CVE
Author: carnil Date: 2016-06-09 04:58:47 + (Thu, 09 Jun 2016) New Revision: 42406 Modified: data/CVE/list Log: Add CVE-2016-5337/qemu Modified: data/CVE/list === --- data/CVE/list 2016-06-09 04:53:29 UTC (rev 42405) +++ data/CVE/list 2016-06-09 04:58:47 UTC (rev 42406) @@ -4,6 +4,13 @@ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1343323 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec +CVE-2016-5337 [scsi: megasas: information leakage in megasas_ctrl_get_info] + - qemu + [wheezy] - qemu (Vulnerable code not present) + - qemu-kvm (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1343909 + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01969.html + NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=844864fbae66935951529408831c2f22367a57b6 CVE-2016-5336 RESERVED CVE-2016-5335 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42405 - data/CVE
Author: carnil Date: 2016-06-09 04:53:29 + (Thu, 09 Jun 2016) New Revision: 42405 Modified: data/CVE/list Log: Add CVE-2016-5338/qemu Modified: data/CVE/list === --- data/CVE/list 2016-06-08 21:10:11 UTC (rev 42404) +++ data/CVE/list 2016-06-09 04:53:29 UTC (rev 42405) @@ -1,3 +1,9 @@ +CVE-2016-5338 [scsi: esp: OOB r/w access while processing ESP_FIFO] + - qemu + - qemu-kvm + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1343323 + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html + NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec CVE-2016-5336 RESERVED CVE-2016-5335 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42404 - data/CVE
Author: sectracker
Date: 2016-06-08 21:10:11 + (Wed, 08 Jun 2016)
New Revision: 42404
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-08 20:34:20 UTC (rev 42403)
+++ data/CVE/list 2016-06-08 21:10:11 UTC (rev 42404)
@@ -1,3 +1,27 @@
+CVE-2016-5336
+ RESERVED
+CVE-2016-5335
+ RESERVED
+CVE-2016-5334
+ RESERVED
+CVE-2016-5333
+ RESERVED
+CVE-2016-5332
+ RESERVED
+CVE-2016-5331
+ RESERVED
+CVE-2016-5330
+ RESERVED
+CVE-2016-5329
+ RESERVED
+CVE-2016-5328
+ RESERVED
+CVE-2016-5327
+ RESERVED
+CVE-2016-5326
+ RESERVED
+CVE-2016-5325
+ RESERVED
CVE-2016- [wnpa-sec-2016-38]
- wireshark 2.0
NOTE: Only affects 1.12, marking 2.0 as fixed
@@ -1343,7 +1367,7 @@
- onionshare 0.8.1-2 (unimportant)
[jessie] - onionshare (Vulnerable code not present)
NOTE: Neutralised by kernel hardening (also contrib and non-free not
supported)
-CVE-2016-4963 (The libxl device-handling in Xen through 4.6.x allows local OS
guest ...)
+CVE-2016-4963 (The libxl device-handling in Xen through 4.6.x allows local
guest OS ...)
- xen
[jessie] - xen (Minor issue, too intrusive to backport)
NOTE: http://xenbits.xen.org/xsa/advisory-178.html
@@ -2328,8 +2352,8 @@
RESERVED
CVE-2016-4548
RESERVED
-CVE-2016-4545
- RESERVED
+CVE-2016-4545 (Virtual servers in F5 BIG-IP 11.5.4, when SSL profiles are
enabled, ...)
+ TODO: check
CVE-2016-4561 (Cross-site scripting (XSS) vulnerability in the cgierror
function in ...)
{DSA-3571-1 DLA-463-1}
- ikiwiki 3.20160506
@@ -6222,8 +6246,7 @@
NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3094 (PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the
broker ...)
NOT-FOR-US: Apache Qpid Java Broker
-CVE-2016-3093
- RESERVED
+CVE-2016-3093 (Apache Struts 2.0.0 through 2.3.24.1 does not properly cache
method ...)
- libstruts1.2-java (Only affects Struts 2.x)
NOTE: https://struts.apache.org/docs/s2-034.html
CVE-2016-3092
@@ -6239,8 +6262,7 @@
[jessie] - activemq (file server was only enabled in
5.13.2+dfsg-2)
[wheezy] - activemq (file server was only enabled in
5.13.2+dfsg-2)
NOTE:
http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt
-CVE-2016-3087
- RESERVED
+CVE-2016-3087 (Apache Struts 2.3.20.x before 2.3.20.3, 2.3.24.x before
2.3.24.3, and ...)
- libstruts1.2-java (Only affects Struts 2.x)
NOTE: https://struts.apache.org/docs/s2-033.html
CVE-2016-3086
@@ -6300,8 +6322,7 @@
TODO: check (texlive, libwmf)
CVE-2016-3073
RESERVED
-CVE-2016-3072
- RESERVED
+CVE-2016-3072 (Multiple SQL injection vulnerabilities in the scoped_search
function ...)
NOT-FOR-US: Katello
CVE-2016-3071 (Libreswan 3.16 might allow remote attackers to cause a denial
of ...)
- libreswan (bug #773459)
@@ -19138,8 +19159,7 @@
CVE-2015-7696 (Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of
...)
{DSA-3386-1 DLA-330-1}
- unzip 6.0-19 (bug #802162)
-CVE-2015-7695 [ZF2015-08: Potential SQL injection vector using null byte for
PDO (MsSql, SQLite)]
- RESERVED
+CVE-2015-7695 (The PDO adapters in Zend Framework before 1.12.16 do not filer
null ...)
{DSA-3369-1 DLA-326-1}
- zendframework 1.12.16+dfsg-1
NOTE: http://framework.zend.com/security/advisory/ZF2015-08
@@ -19406,8 +19426,7 @@
- owncloud 7.0.9~dfsg-1
NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-018
NOTE:
https://github.com/owncloud/core/commit/b05e178bbf884b120d1106e6a28f35aa50d6d06f
-CVE-2015-7611
- RESERVED
+CVE-2015-7611 (Apache James Server 2.3.2, when configured with file-based user
...)
NOT-FOR-US: Apache James
CVE-2015-7604 (Cross-site scripting (XSS) vulnerability in Splunk Web in
Splunk ...)
NOT-FOR-US: Splunk
@@ -21430,8 +21449,7 @@
NOTE: https://savannah.nongnu.org/bugs/?41590
NOTE:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=df14e6c0b9592cbb24d5381dfc6106b14f915e75
(VER-2-5-3)
NOTE: http://www.openwall.com/lists/oss-security/2015/09/11/4
-CVE-2014-9746 [use of uninitialized data]
- RESERVED
+CVE-2014-9746 (The (1) t1_parse_font_matrix function in type1/t1load.c, (2)
...)
{DSA-3370-1 DLA-319-1}
- freetype 2.6-1 (bug #798619)
NOTE: https://launchpad.net/bugs/1449225
@@ -21439,8 +21457,7 @@
NOTE: https://savannah.nongnu.org/bugs/?41309
NOTE:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1
(VER-2-5-3)
NOTE: http://www.openwall.com/lists/oss-security/2015/09/11/4
-CVE-2014-9747 [t42parse.c vulnerability]
-
[Secure-testing-commits] r42403 - in data: . CVE
Author: alteholz Date: 2016-06-08 20:34:20 + (Wed, 08 Jun 2016) New Revision: 42403 Modified: data/CVE/list data/dla-needed.txt Log: mark mxml as in Wheezy like in Jessie Modified: data/CVE/list === --- data/CVE/list 2016-06-08 14:50:02 UTC (rev 42402) +++ data/CVE/list 2016-06-08 20:34:20 UTC (rev 42403) @@ -2345,11 +2345,13 @@ RESERVED - mxml (bug #825855) [jessie] - mxml (Minor issue) + [wheezy] - mxml (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/8 CVE-2016-4571 [Recursion using mxml_write_node at mxml-file.c:2739 (stack-exhaustion-2.xml] RESERVED - mxml (bug #825855) [jessie] - mxml (Minor issue) + [wheezy] - mxml (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/8 CVE-2016-4558 (The BPF subsystem in the Linux kernel before 4.5.5 mishandles ...) - linux 4.5.3-1 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-08 14:50:02 UTC (rev 42402) +++ data/dla-needed.txt 2016-06-08 20:34:20 UTC (rev 42403) @@ -44,8 +44,6 @@ -- mat -- -mxml --- mysql-connector-java -- ntp (Santiago R.R.) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42402 - data
Author: carnil Date: 2016-06-08 14:50:02 + (Wed, 08 Jun 2016) New Revision: 42402 Modified: data/dsa-needed.txt Log: Add p7zip to dsa-needed list Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-06-08 13:39:04 UTC (rev 42401) +++ data/dsa-needed.txt 2016-06-08 14:50:02 UTC (rev 42402) @@ -36,6 +36,9 @@ openssl wait for next openssl update round -- +p7zip + Test packages: https://people.debian.org/~carnil/tmp/p7zip/jessie/ +-- php5 -- phpmyadmin (thijs) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42401 - data/CVE
Author: santiago
Date: 2016-06-08 13:39:04 + (Wed, 08 Jun 2016)
New Revision: 42401
Modified:
data/CVE/list
Log:
CVE-2016-0749/spice: wheezy not-affected
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-08 12:07:08 UTC (rev 42400)
+++ data/CVE/list 2016-06-08 13:39:04 UTC (rev 42401)
@@ -14426,6 +14426,7 @@
RESERVED
{DSA-3596-1}
- spice (bug #826585)
+ [wheezy] - spice (Vulnerable code not present.
Configured with --disable-smartcard)
CVE-2016-0748
RESERVED
CVE-2016-0747 (The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does
not ...)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42400 - data/CVE
Author: carnil
Date: 2016-06-08 12:07:08 + (Wed, 08 Jun 2016)
New Revision: 42400
Modified:
data/CVE/list
Log:
Mark firefox issues fixed in unstable, CVE-2016-2834 is actually in nss
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-08 12:01:33 UTC (rev 42399)
+++ data/CVE/list 2016-06-08 12:07:08 UTC (rev 42400)
@@ -7043,29 +7043,30 @@
RESERVED
- nss
- firefox-esr (Doesn't apply to Firefox ESR)
- - firefox
+ - firefox 47.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-61/
CVE-2016-2833
RESERVED
- firefox-esr (Doesn't apply to Firefox ESR)
- - firefox
+ - firefox 47.0-1
CVE-2016-2832
RESERVED
- firefox-esr (Doesn't apply to Firefox ESR)
- - firefox
+ - firefox 47.0-1
CVE-2016-2831
RESERVED
- firefox-esr 45.2.0esr-1
- - firefox
+ - firefox 47.0-1
CVE-2016-2830
RESERVED
CVE-2016-2829
RESERVED
- firefox-esr (Doesn't apply to Firefox ESR)
- - firefox
+ - firefox 47.0-1
CVE-2016-2828
RESERVED
- firefox-esr 45.2.0esr-1
- - firefox
+ - firefox 47.0-1
CVE-2016-2827
RESERVED
CVE-2016-2826
@@ -7075,7 +7076,7 @@
CVE-2016-2825
RESERVED
- firefox-esr (Doesn't apply to Firefox ESR)
- - firefox
+ - firefox 47.0-1
CVE-2016-2824
RESERVED
- firefox-esr (Only affects Windows)
@@ -7085,11 +7086,11 @@
CVE-2016-2822
RESERVED
- firefox-esr 45.2.0esr-1
- - firefox
+ - firefox 47.0-1
CVE-2016-2821
RESERVED
- firefox-esr 45.2.0esr-1
- - firefox
+ - firefox 47.0-1
CVE-2016-2820 (The Firefox Health Reports (aka FHR or about:healthreport)
feature in ...)
- iceweasel (Only Firefox 46)
- firefox-esr (Only Firefox 46)
@@ -7098,11 +7099,11 @@
CVE-2016-2819
RESERVED
- firefox-esr 45.2.0esr-1
- - firefox
+ - firefox 47.0-1
CVE-2016-2818
RESERVED
- firefox-esr 45.2.0esr-1
- - firefox
+ - firefox 47.0-1
CVE-2016-2817 (The WebExtension sandbox feature in ...)
- iceweasel (Only Firefox 46)
- firefox-esr (Only Firefox 46)
@@ -7116,7 +7117,7 @@
CVE-2016-2815
RESERVED
- firefox-esr (Doesn't apply to Firefox ESR)
- - firefox
+ - firefox 47.0-1
CVE-2016-2814 (Heap-based buffer overflow in the ...)
{DSA-3559-1}
- iceweasel
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42399 - data/CVE
Author: carnil Date: 2016-06-08 12:01:33 + (Wed, 08 Jun 2016) New Revision: 42399 Modified: data/CVE/list Log: firefox-esr fixed in unstable Modified: data/CVE/list === --- data/CVE/list 2016-06-08 09:42:28 UTC (rev 42398) +++ data/CVE/list 2016-06-08 12:01:33 UTC (rev 42399) @@ -7054,7 +7054,7 @@ - firefox CVE-2016-2831 RESERVED - - firefox-esr + - firefox-esr 45.2.0esr-1 - firefox CVE-2016-2830 RESERVED @@ -7064,7 +7064,7 @@ - firefox CVE-2016-2828 RESERVED - - firefox-esr + - firefox-esr 45.2.0esr-1 - firefox CVE-2016-2827 RESERVED @@ -7084,11 +7084,11 @@ RESERVED CVE-2016-2822 RESERVED - - firefox-esr + - firefox-esr 45.2.0esr-1 - firefox CVE-2016-2821 RESERVED - - firefox-esr + - firefox-esr 45.2.0esr-1 - firefox CVE-2016-2820 (The Firefox Health Reports (aka FHR or about:healthreport) feature in ...) - iceweasel (Only Firefox 46) @@ -7097,11 +7097,11 @@ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-48/ CVE-2016-2819 RESERVED - - firefox-esr + - firefox-esr 45.2.0esr-1 - firefox CVE-2016-2818 RESERVED - - firefox-esr + - firefox-esr 45.2.0esr-1 - firefox CVE-2016-2817 (The WebExtension sandbox feature in ...) - iceweasel (Only Firefox 46) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42398 - data
Author: apo Date: 2016-06-08 09:42:28 + (Wed, 08 Jun 2016) New Revision: 42398 Modified: data/dla-needed.txt Log: Claim libtorrent-rasterbar in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-08 09:30:42 UTC (rev 42397) +++ data/dla-needed.txt 2016-06-08 09:42:28 UTC (rev 42398) @@ -36,7 +36,7 @@ The JSON/JaF doesn't appear to be present in wheezy but the content-disposition stuff might be. -- -libtorrent-rasterbar +libtorrent-rasterbar (Markus Koschany) -- libxslt (Emilio Pozuelo) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42397 - data
Author: apo Date: 2016-06-08 09:30:42 + (Wed, 08 Jun 2016) New Revision: 42397 Modified: data/dla-needed.txt Log: Remove libpdfbox-java and libxstream-java from dla-needed.txt again Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-08 09:10:11 UTC (rev 42396) +++ data/dla-needed.txt 2016-06-08 09:30:42 UTC (rev 42397) @@ -32,8 +32,6 @@ -- libjackson-json-java -- -libpdfbox-java (Markus Koschany) --- libspring-java The JSON/JaF doesn't appear to be present in wheezy but the content-disposition stuff might be. @@ -42,8 +40,6 @@ -- libxslt (Emilio Pozuelo) -- -libxstream-java (Markus Koschany) --- linux -- mat ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42396 - data/CVE
Author: sectracker
Date: 2016-06-08 09:10:11 + (Wed, 08 Jun 2016)
New Revision: 42396
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-08 08:32:26 UTC (rev 42395)
+++ data/CVE/list 2016-06-08 09:10:11 UTC (rev 42396)
@@ -271,7 +271,7 @@
NOTE: https://github.com/arvidn/libtorrent/pull/782
CVE-2016-5300 [use of too little entropy]
RESERVED
- {DSA-3597-1}
+ {DSA-3597-1 DLA-508-1}
- expat 2.1.1-3
CVE-2016-5244 [rds: fix an infoleak in rds_inc_info_copy]
RESERVED
@@ -16851,7 +16851,7 @@
NOTE:
http://sourceforge.net/p/gdcm/gdcm/ci/e0dd1114c82d372dd905c029ddbee4e81ed01a89/
CVE-2012-6702 [unanticipated internal calls to srand]
RESERVED
- {DSA-3597-1}
+ {DSA-3597-1 DLA-508-1}
- expat 2.1.1-3
CVE-2012-6701 (Integer overflow in fs/aio.c in the Linux kernel before 3.4.1
allows ...)
- linux (Fixed in v3.2.19; which was before src:linux
rename)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42395 - in data: . DLA
Author: apo
Date: 2016-06-08 08:32:26 + (Wed, 08 Jun 2016)
New Revision: 42395
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-508-1 for expat
Modified: data/DLA/list
===
--- data/DLA/list 2016-06-08 07:57:17 UTC (rev 42394)
+++ data/DLA/list 2016-06-08 08:32:26 UTC (rev 42395)
@@ -1,3 +1,6 @@
+[08 Jun 2016] DLA-508-1 expat - security update
+ {CVE-2012-6702 CVE-2016-5300}
+ [wheezy] - expat 2.1.0-1+deb7u4
[07 Jun 2016] DLA-507-1 nss - security update
{CVE-2015-4000}
[wheezy] - nss 2:3.14.5-1+deb7u7
Modified: data/dla-needed.txt
===
--- data/dla-needed.txt 2016-06-08 07:57:17 UTC (rev 42394)
+++ data/dla-needed.txt 2016-06-08 08:32:26 UTC (rev 42395)
@@ -18,8 +18,6 @@
cakephp
NOTE: CVE-2015-8379 No official solution is currently available, 20160425
--
-expat (Markus Koschany)
---
extplorer
NOTE: 20160529, no fix yet
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42394 - data/CVE
Author: jmm Date: 2016-06-08 07:57:17 + (Wed, 08 Jun 2016) New Revision: 42394 Modified: data/CVE/list Log: new wireshark issues Modified: data/CVE/list === --- data/CVE/list 2016-06-08 06:24:49 UTC (rev 42393) +++ data/CVE/list 2016-06-08 07:57:17 UTC (rev 42394) @@ -1,3 +1,38 @@ +CVE-2016- [wnpa-sec-2016-38] + - wireshark 2.0 + NOTE: Only affects 1.12, marking 2.0 as fixed + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-38.html +CVE-2016- [wnpa-sec-2016-37] + - wireshark + [jessie] - wireshark (Only affects 2.0) + [wheezy] - wireshark (Only affects 2.0) + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-37.html +CVE-2016- [wnpa-sec-2016-36] + - wireshark + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-36.html +CVE-2016- [wnpa-sec-2016-35] + - wireshark + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-35.html +CVE-2016- [wnpa-sec-2016-34] + - wireshark + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-34.html +CVE-2016- [wnpa-sec-2016-33] + - wireshark + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-33.html +CVE-2016- [wnpa-sec-2016-32] + - wireshark + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-32.html +CVE-2016- [wnpa-sec-2016-31] + - wireshark + [jessie] - wireshark (Only affects 2.0) + [wheezy] - wireshark (Only affects 2.0) + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-31.html +CVE-2016- [wnpa-sec-2016-30] + - wireshark + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-30.html +CVE-2016- [wnpa-sec-2016-29] + - wireshark + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-29.html CVE-2016-5324 RESERVED CVE-2016-5323 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42393 - data/CVE
Author: carnil Date: 2016-06-08 06:24:49 + (Wed, 08 Jun 2016) New Revision: 42393 Modified: data/CVE/list Log: Add CVE-2016-1182 Modified: data/CVE/list === --- data/CVE/list 2016-06-08 06:20:59 UTC (rev 42392) +++ data/CVE/list 2016-06-08 06:24:49 UTC (rev 42393) @@ -13003,8 +13003,11 @@ RESERVED CVE-2016-1183 RESERVED -CVE-2016-1182 +CVE-2016-1182 [Improper input validation in Validator] RESERVED + - libstruts1.2-java + NOTE: https://jvn.jp/en/jp/JVN65044642/ + NOTE: Probably a duplicate of CVE-2015-0899 CVE-2016-1181 [Vulnerability in ActionForm allows unintended remote operations against components on server memory] RESERVED - libstruts1.2-java ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42392 - data/CVE
Author: carnil Date: 2016-06-08 06:20:59 + (Wed, 08 Jun 2016) New Revision: 42392 Modified: data/CVE/list Log: Update CVE-2016-1181 Modified: data/CVE/list === --- data/CVE/list 2016-06-08 06:10:25 UTC (rev 42391) +++ data/CVE/list 2016-06-08 06:20:59 UTC (rev 42392) @@ -13007,8 +13007,9 @@ RESERVED CVE-2016-1181 [Vulnerability in ActionForm allows unintended remote operations against components on server memory] RESERVED + - libstruts1.2-java NOTE: https://jvn.jp/en/jp/JVN03188560/ - TODO: check + NOTE: Probably a duplicate of CVE-2015-0899 CVE-2016-1180 (Cross-site scripting (XSS) vulnerability in the Cyber-Will ...) TODO: check CVE-2016-1179 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42391 - data/CVE
Author: jmm
Date: 2016-06-08 06:10:25 + (Wed, 08 Jun 2016)
New Revision: 42391
Modified:
data/CVE/list
Log:
new firefox issues
drop pycurl entry, no evidence of being exploitable
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-08 06:04:14 UTC (rev 42390)
+++ data/CVE/list 2016-06-08 06:10:25 UTC (rev 42391)
@@ -7006,32 +7006,55 @@
RESERVED
CVE-2016-2834
RESERVED
+ - nss
+ - firefox-esr (Doesn't apply to Firefox ESR)
+ - firefox
CVE-2016-2833
RESERVED
+ - firefox-esr (Doesn't apply to Firefox ESR)
+ - firefox
CVE-2016-2832
RESERVED
+ - firefox-esr (Doesn't apply to Firefox ESR)
+ - firefox
CVE-2016-2831
RESERVED
+ - firefox-esr
+ - firefox
CVE-2016-2830
RESERVED
CVE-2016-2829
RESERVED
+ - firefox-esr (Doesn't apply to Firefox ESR)
+ - firefox
CVE-2016-2828
RESERVED
+ - firefox-esr
+ - firefox
CVE-2016-2827
RESERVED
CVE-2016-2826
RESERVED
+ - firefox-esr (Only affects Windows)
+ - firefox (Only affects Windows)
CVE-2016-2825
RESERVED
+ - firefox-esr (Doesn't apply to Firefox ESR)
+ - firefox
CVE-2016-2824
RESERVED
+ - firefox-esr (Only affects Windows)
+ - firefox (Only affects Windows)
CVE-2016-2823
RESERVED
CVE-2016-2822
RESERVED
+ - firefox-esr
+ - firefox
CVE-2016-2821
RESERVED
+ - firefox-esr
+ - firefox
CVE-2016-2820 (The Firefox Health Reports (aka FHR or about:healthreport)
feature in ...)
- iceweasel (Only Firefox 46)
- firefox-esr (Only Firefox 46)
@@ -7039,8 +7062,12 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-48/
CVE-2016-2819
RESERVED
+ - firefox-esr
+ - firefox
CVE-2016-2818
RESERVED
+ - firefox-esr
+ - firefox
CVE-2016-2817 (The WebExtension sandbox feature in ...)
- iceweasel (Only Firefox 46)
- firefox-esr (Only Firefox 46)
@@ -7053,6 +7080,8 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-45/
CVE-2016-2815
RESERVED
+ - firefox-esr (Doesn't apply to Firefox ESR)
+ - firefox
CVE-2016-2814 (Heap-based buffer overflow in the ...)
{DSA-3559-1}
- iceweasel
@@ -17933,13 +17962,6 @@
RESERVED
CVE-2014-9754
RESERVED
-CVE-2015- [use afer free]
- - pycurl
- [wheezy] - pycurl (Vulnerable code introduced later)
- [squeeze] - pycurl (Vulnerable code introduced later)
- NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/11/03/4
- NOTE: Upstream commit:
https://github.com/pycurl/pycurl/commit/602f8e364634d386524f0396e962c2c9de0536a9
- NOTE: support for BUFFER and BUFFERPTR form parameters added with
https://github.com/clintclayton/pycurl/commit/642f87afc14fc79c202c3b10b95ad35e97aa8615
CVE-2015-8075
REJECTED
CVE-2015-8033
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42390 - data/CVE
Author: fgeek-guest Date: 2016-06-08 06:04:14 + (Wed, 08 Jun 2016) New Revision: 42390 Modified: data/CVE/list Log: CVE-2016-1181 Modified: data/CVE/list === --- data/CVE/list 2016-06-08 05:01:10 UTC (rev 42389) +++ data/CVE/list 2016-06-08 06:04:14 UTC (rev 42390) @@ -12976,8 +12976,10 @@ RESERVED CVE-2016-1182 RESERVED -CVE-2016-1181 +CVE-2016-1181 [Vulnerability in ActionForm allows unintended remote operations against components on server memory] RESERVED + NOTE: https://jvn.jp/en/jp/JVN03188560/ + TODO: check CVE-2016-1180 (Cross-site scripting (XSS) vulnerability in the Cyber-Will ...) TODO: check CVE-2016-1179 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
