[Secure-testing-commits] r42406 - data/CVE
Author: carnil Date: 2016-06-09 04:58:47 + (Thu, 09 Jun 2016) New Revision: 42406 Modified: data/CVE/list Log: Add CVE-2016-5337/qemu Modified: data/CVE/list === --- data/CVE/list 2016-06-09 04:53:29 UTC (rev 42405) +++ data/CVE/list 2016-06-09 04:58:47 UTC (rev 42406) @@ -4,6 +4,13 @@ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1343323 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec +CVE-2016-5337 [scsi: megasas: information leakage in megasas_ctrl_get_info] + - qemu + [wheezy] - qemu (Vulnerable code not present) + - qemu-kvm (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1343909 + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01969.html + NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=844864fbae66935951529408831c2f22367a57b6 CVE-2016-5336 RESERVED CVE-2016-5335 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42405 - data/CVE
Author: carnil Date: 2016-06-09 04:53:29 + (Thu, 09 Jun 2016) New Revision: 42405 Modified: data/CVE/list Log: Add CVE-2016-5338/qemu Modified: data/CVE/list === --- data/CVE/list 2016-06-08 21:10:11 UTC (rev 42404) +++ data/CVE/list 2016-06-09 04:53:29 UTC (rev 42405) @@ -1,3 +1,9 @@ +CVE-2016-5338 [scsi: esp: OOB r/w access while processing ESP_FIFO] + - qemu + - qemu-kvm + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1343323 + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html + NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec CVE-2016-5336 RESERVED CVE-2016-5335 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42404 - data/CVE
Author: sectracker Date: 2016-06-08 21:10:11 + (Wed, 08 Jun 2016) New Revision: 42404 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2016-06-08 20:34:20 UTC (rev 42403) +++ data/CVE/list 2016-06-08 21:10:11 UTC (rev 42404) @@ -1,3 +1,27 @@ +CVE-2016-5336 + RESERVED +CVE-2016-5335 + RESERVED +CVE-2016-5334 + RESERVED +CVE-2016-5333 + RESERVED +CVE-2016-5332 + RESERVED +CVE-2016-5331 + RESERVED +CVE-2016-5330 + RESERVED +CVE-2016-5329 + RESERVED +CVE-2016-5328 + RESERVED +CVE-2016-5327 + RESERVED +CVE-2016-5326 + RESERVED +CVE-2016-5325 + RESERVED CVE-2016- [wnpa-sec-2016-38] - wireshark 2.0 NOTE: Only affects 1.12, marking 2.0 as fixed @@ -1343,7 +1367,7 @@ - onionshare 0.8.1-2 (unimportant) [jessie] - onionshare (Vulnerable code not present) NOTE: Neutralised by kernel hardening (also contrib and non-free not supported) -CVE-2016-4963 (The libxl device-handling in Xen through 4.6.x allows local OS guest ...) +CVE-2016-4963 (The libxl device-handling in Xen through 4.6.x allows local guest OS ...) - xen [jessie] - xen (Minor issue, too intrusive to backport) NOTE: http://xenbits.xen.org/xsa/advisory-178.html @@ -2328,8 +2352,8 @@ RESERVED CVE-2016-4548 RESERVED -CVE-2016-4545 - RESERVED +CVE-2016-4545 (Virtual servers in F5 BIG-IP 11.5.4, when SSL profiles are enabled, ...) + TODO: check CVE-2016-4561 (Cross-site scripting (XSS) vulnerability in the cgierror function in ...) {DSA-3571-1 DLA-463-1} - ikiwiki 3.20160506 @@ -6222,8 +6246,7 @@ NOT-FOR-US: Pulp (Red Hat) CVE-2016-3094 (PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker ...) NOT-FOR-US: Apache Qpid Java Broker -CVE-2016-3093 - RESERVED +CVE-2016-3093 (Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method ...) - libstruts1.2-java (Only affects Struts 2.x) NOTE: https://struts.apache.org/docs/s2-034.html CVE-2016-3092 @@ -6239,8 +6262,7 @@ [jessie] - activemq (file server was only enabled in 5.13.2+dfsg-2) [wheezy] - activemq (file server was only enabled in 5.13.2+dfsg-2) NOTE: http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt -CVE-2016-3087 - RESERVED +CVE-2016-3087 (Apache Struts 2.3.20.x before 2.3.20.3, 2.3.24.x before 2.3.24.3, and ...) - libstruts1.2-java (Only affects Struts 2.x) NOTE: https://struts.apache.org/docs/s2-033.html CVE-2016-3086 @@ -6300,8 +6322,7 @@ TODO: check (texlive, libwmf) CVE-2016-3073 RESERVED -CVE-2016-3072 - RESERVED +CVE-2016-3072 (Multiple SQL injection vulnerabilities in the scoped_search function ...) NOT-FOR-US: Katello CVE-2016-3071 (Libreswan 3.16 might allow remote attackers to cause a denial of ...) - libreswan (bug #773459) @@ -19138,8 +19159,7 @@ CVE-2015-7696 (Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of ...) {DSA-3386-1 DLA-330-1} - unzip 6.0-19 (bug #802162) -CVE-2015-7695 [ZF2015-08: Potential SQL injection vector using null byte for PDO (MsSql, SQLite)] - RESERVED +CVE-2015-7695 (The PDO adapters in Zend Framework before 1.12.16 do not filer null ...) {DSA-3369-1 DLA-326-1} - zendframework 1.12.16+dfsg-1 NOTE: http://framework.zend.com/security/advisory/ZF2015-08 @@ -19406,8 +19426,7 @@ - owncloud 7.0.9~dfsg-1 NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-018 NOTE: https://github.com/owncloud/core/commit/b05e178bbf884b120d1106e6a28f35aa50d6d06f -CVE-2015-7611 - RESERVED +CVE-2015-7611 (Apache James Server 2.3.2, when configured with file-based user ...) NOT-FOR-US: Apache James CVE-2015-7604 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk ...) NOT-FOR-US: Splunk @@ -21430,8 +21449,7 @@ NOTE: https://savannah.nongnu.org/bugs/?41590 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=df14e6c0b9592cbb24d5381dfc6106b14f915e75 (VER-2-5-3) NOTE: http://www.openwall.com/lists/oss-security/2015/09/11/4 -CVE-2014-9746 [use of uninitialized data] - RESERVED +CVE-2014-9746 (The (1) t1_parse_font_matrix function in type1/t1load.c, (2) ...) {DSA-3370-1 DLA-319-1} - freetype 2.6-1 (bug #798619) NOTE: https://launchpad.net/bugs/1449225 @@ -21439,8 +21457,7 @@ NOTE: https://savannah.nongnu.org/bugs/?41309 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 (VER-2-5-3) NOTE: http://www.openwall.com/lists/oss-security/2015/09/11/4 -CVE-2014-9747 [t42parse.c vulnerability] -
[Secure-testing-commits] r42403 - in data: . CVE
Author: alteholz Date: 2016-06-08 20:34:20 + (Wed, 08 Jun 2016) New Revision: 42403 Modified: data/CVE/list data/dla-needed.txt Log: mark mxml as in Wheezy like in Jessie Modified: data/CVE/list === --- data/CVE/list 2016-06-08 14:50:02 UTC (rev 42402) +++ data/CVE/list 2016-06-08 20:34:20 UTC (rev 42403) @@ -2345,11 +2345,13 @@ RESERVED - mxml (bug #825855) [jessie] - mxml (Minor issue) + [wheezy] - mxml (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/8 CVE-2016-4571 [Recursion using mxml_write_node at mxml-file.c:2739 (stack-exhaustion-2.xml] RESERVED - mxml (bug #825855) [jessie] - mxml (Minor issue) + [wheezy] - mxml (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/8 CVE-2016-4558 (The BPF subsystem in the Linux kernel before 4.5.5 mishandles ...) - linux 4.5.3-1 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-08 14:50:02 UTC (rev 42402) +++ data/dla-needed.txt 2016-06-08 20:34:20 UTC (rev 42403) @@ -44,8 +44,6 @@ -- mat -- -mxml --- mysql-connector-java -- ntp (Santiago R.R.) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42402 - data
Author: carnil Date: 2016-06-08 14:50:02 + (Wed, 08 Jun 2016) New Revision: 42402 Modified: data/dsa-needed.txt Log: Add p7zip to dsa-needed list Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2016-06-08 13:39:04 UTC (rev 42401) +++ data/dsa-needed.txt 2016-06-08 14:50:02 UTC (rev 42402) @@ -36,6 +36,9 @@ openssl wait for next openssl update round -- +p7zip + Test packages: https://people.debian.org/~carnil/tmp/p7zip/jessie/ +-- php5 -- phpmyadmin (thijs) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42401 - data/CVE
Author: santiago Date: 2016-06-08 13:39:04 + (Wed, 08 Jun 2016) New Revision: 42401 Modified: data/CVE/list Log: CVE-2016-0749/spice: wheezy not-affected Modified: data/CVE/list === --- data/CVE/list 2016-06-08 12:07:08 UTC (rev 42400) +++ data/CVE/list 2016-06-08 13:39:04 UTC (rev 42401) @@ -14426,6 +14426,7 @@ RESERVED {DSA-3596-1} - spice (bug #826585) + [wheezy] - spice (Vulnerable code not present. Configured with --disable-smartcard) CVE-2016-0748 RESERVED CVE-2016-0747 (The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42400 - data/CVE
Author: carnil Date: 2016-06-08 12:07:08 + (Wed, 08 Jun 2016) New Revision: 42400 Modified: data/CVE/list Log: Mark firefox issues fixed in unstable, CVE-2016-2834 is actually in nss Modified: data/CVE/list === --- data/CVE/list 2016-06-08 12:01:33 UTC (rev 42399) +++ data/CVE/list 2016-06-08 12:07:08 UTC (rev 42400) @@ -7043,29 +7043,30 @@ RESERVED - nss - firefox-esr (Doesn't apply to Firefox ESR) - - firefox + - firefox 47.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-61/ CVE-2016-2833 RESERVED - firefox-esr (Doesn't apply to Firefox ESR) - - firefox + - firefox 47.0-1 CVE-2016-2832 RESERVED - firefox-esr (Doesn't apply to Firefox ESR) - - firefox + - firefox 47.0-1 CVE-2016-2831 RESERVED - firefox-esr 45.2.0esr-1 - - firefox + - firefox 47.0-1 CVE-2016-2830 RESERVED CVE-2016-2829 RESERVED - firefox-esr (Doesn't apply to Firefox ESR) - - firefox + - firefox 47.0-1 CVE-2016-2828 RESERVED - firefox-esr 45.2.0esr-1 - - firefox + - firefox 47.0-1 CVE-2016-2827 RESERVED CVE-2016-2826 @@ -7075,7 +7076,7 @@ CVE-2016-2825 RESERVED - firefox-esr (Doesn't apply to Firefox ESR) - - firefox + - firefox 47.0-1 CVE-2016-2824 RESERVED - firefox-esr (Only affects Windows) @@ -7085,11 +7086,11 @@ CVE-2016-2822 RESERVED - firefox-esr 45.2.0esr-1 - - firefox + - firefox 47.0-1 CVE-2016-2821 RESERVED - firefox-esr 45.2.0esr-1 - - firefox + - firefox 47.0-1 CVE-2016-2820 (The Firefox Health Reports (aka FHR or about:healthreport) feature in ...) - iceweasel (Only Firefox 46) - firefox-esr (Only Firefox 46) @@ -7098,11 +7099,11 @@ CVE-2016-2819 RESERVED - firefox-esr 45.2.0esr-1 - - firefox + - firefox 47.0-1 CVE-2016-2818 RESERVED - firefox-esr 45.2.0esr-1 - - firefox + - firefox 47.0-1 CVE-2016-2817 (The WebExtension sandbox feature in ...) - iceweasel (Only Firefox 46) - firefox-esr (Only Firefox 46) @@ -7116,7 +7117,7 @@ CVE-2016-2815 RESERVED - firefox-esr (Doesn't apply to Firefox ESR) - - firefox + - firefox 47.0-1 CVE-2016-2814 (Heap-based buffer overflow in the ...) {DSA-3559-1} - iceweasel ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42399 - data/CVE
Author: carnil Date: 2016-06-08 12:01:33 + (Wed, 08 Jun 2016) New Revision: 42399 Modified: data/CVE/list Log: firefox-esr fixed in unstable Modified: data/CVE/list === --- data/CVE/list 2016-06-08 09:42:28 UTC (rev 42398) +++ data/CVE/list 2016-06-08 12:01:33 UTC (rev 42399) @@ -7054,7 +7054,7 @@ - firefox CVE-2016-2831 RESERVED - - firefox-esr + - firefox-esr 45.2.0esr-1 - firefox CVE-2016-2830 RESERVED @@ -7064,7 +7064,7 @@ - firefox CVE-2016-2828 RESERVED - - firefox-esr + - firefox-esr 45.2.0esr-1 - firefox CVE-2016-2827 RESERVED @@ -7084,11 +7084,11 @@ RESERVED CVE-2016-2822 RESERVED - - firefox-esr + - firefox-esr 45.2.0esr-1 - firefox CVE-2016-2821 RESERVED - - firefox-esr + - firefox-esr 45.2.0esr-1 - firefox CVE-2016-2820 (The Firefox Health Reports (aka FHR or about:healthreport) feature in ...) - iceweasel (Only Firefox 46) @@ -7097,11 +7097,11 @@ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-48/ CVE-2016-2819 RESERVED - - firefox-esr + - firefox-esr 45.2.0esr-1 - firefox CVE-2016-2818 RESERVED - - firefox-esr + - firefox-esr 45.2.0esr-1 - firefox CVE-2016-2817 (The WebExtension sandbox feature in ...) - iceweasel (Only Firefox 46) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42398 - data
Author: apo Date: 2016-06-08 09:42:28 + (Wed, 08 Jun 2016) New Revision: 42398 Modified: data/dla-needed.txt Log: Claim libtorrent-rasterbar in dla-needed.txt Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-08 09:30:42 UTC (rev 42397) +++ data/dla-needed.txt 2016-06-08 09:42:28 UTC (rev 42398) @@ -36,7 +36,7 @@ The JSON/JaF doesn't appear to be present in wheezy but the content-disposition stuff might be. -- -libtorrent-rasterbar +libtorrent-rasterbar (Markus Koschany) -- libxslt (Emilio Pozuelo) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42397 - data
Author: apo Date: 2016-06-08 09:30:42 + (Wed, 08 Jun 2016) New Revision: 42397 Modified: data/dla-needed.txt Log: Remove libpdfbox-java and libxstream-java from dla-needed.txt again Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-08 09:10:11 UTC (rev 42396) +++ data/dla-needed.txt 2016-06-08 09:30:42 UTC (rev 42397) @@ -32,8 +32,6 @@ -- libjackson-json-java -- -libpdfbox-java (Markus Koschany) --- libspring-java The JSON/JaF doesn't appear to be present in wheezy but the content-disposition stuff might be. @@ -42,8 +40,6 @@ -- libxslt (Emilio Pozuelo) -- -libxstream-java (Markus Koschany) --- linux -- mat ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42396 - data/CVE
Author: sectracker Date: 2016-06-08 09:10:11 + (Wed, 08 Jun 2016) New Revision: 42396 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2016-06-08 08:32:26 UTC (rev 42395) +++ data/CVE/list 2016-06-08 09:10:11 UTC (rev 42396) @@ -271,7 +271,7 @@ NOTE: https://github.com/arvidn/libtorrent/pull/782 CVE-2016-5300 [use of too little entropy] RESERVED - {DSA-3597-1} + {DSA-3597-1 DLA-508-1} - expat 2.1.1-3 CVE-2016-5244 [rds: fix an infoleak in rds_inc_info_copy] RESERVED @@ -16851,7 +16851,7 @@ NOTE: http://sourceforge.net/p/gdcm/gdcm/ci/e0dd1114c82d372dd905c029ddbee4e81ed01a89/ CVE-2012-6702 [unanticipated internal calls to srand] RESERVED - {DSA-3597-1} + {DSA-3597-1 DLA-508-1} - expat 2.1.1-3 CVE-2012-6701 (Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows ...) - linux (Fixed in v3.2.19; which was before src:linux rename) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42395 - in data: . DLA
Author: apo Date: 2016-06-08 08:32:26 + (Wed, 08 Jun 2016) New Revision: 42395 Modified: data/DLA/list data/dla-needed.txt Log: Reserve DLA-508-1 for expat Modified: data/DLA/list === --- data/DLA/list 2016-06-08 07:57:17 UTC (rev 42394) +++ data/DLA/list 2016-06-08 08:32:26 UTC (rev 42395) @@ -1,3 +1,6 @@ +[08 Jun 2016] DLA-508-1 expat - security update + {CVE-2012-6702 CVE-2016-5300} + [wheezy] - expat 2.1.0-1+deb7u4 [07 Jun 2016] DLA-507-1 nss - security update {CVE-2015-4000} [wheezy] - nss 2:3.14.5-1+deb7u7 Modified: data/dla-needed.txt === --- data/dla-needed.txt 2016-06-08 07:57:17 UTC (rev 42394) +++ data/dla-needed.txt 2016-06-08 08:32:26 UTC (rev 42395) @@ -18,8 +18,6 @@ cakephp NOTE: CVE-2015-8379 No official solution is currently available, 20160425 -- -expat (Markus Koschany) --- extplorer NOTE: 20160529, no fix yet -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42394 - data/CVE
Author: jmm Date: 2016-06-08 07:57:17 + (Wed, 08 Jun 2016) New Revision: 42394 Modified: data/CVE/list Log: new wireshark issues Modified: data/CVE/list === --- data/CVE/list 2016-06-08 06:24:49 UTC (rev 42393) +++ data/CVE/list 2016-06-08 07:57:17 UTC (rev 42394) @@ -1,3 +1,38 @@ +CVE-2016- [wnpa-sec-2016-38] + - wireshark 2.0 + NOTE: Only affects 1.12, marking 2.0 as fixed + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-38.html +CVE-2016- [wnpa-sec-2016-37] + - wireshark + [jessie] - wireshark (Only affects 2.0) + [wheezy] - wireshark (Only affects 2.0) + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-37.html +CVE-2016- [wnpa-sec-2016-36] + - wireshark + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-36.html +CVE-2016- [wnpa-sec-2016-35] + - wireshark + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-35.html +CVE-2016- [wnpa-sec-2016-34] + - wireshark + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-34.html +CVE-2016- [wnpa-sec-2016-33] + - wireshark + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-33.html +CVE-2016- [wnpa-sec-2016-32] + - wireshark + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-32.html +CVE-2016- [wnpa-sec-2016-31] + - wireshark + [jessie] - wireshark (Only affects 2.0) + [wheezy] - wireshark (Only affects 2.0) + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-31.html +CVE-2016- [wnpa-sec-2016-30] + - wireshark + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-30.html +CVE-2016- [wnpa-sec-2016-29] + - wireshark + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-29.html CVE-2016-5324 RESERVED CVE-2016-5323 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42393 - data/CVE
Author: carnil Date: 2016-06-08 06:24:49 + (Wed, 08 Jun 2016) New Revision: 42393 Modified: data/CVE/list Log: Add CVE-2016-1182 Modified: data/CVE/list === --- data/CVE/list 2016-06-08 06:20:59 UTC (rev 42392) +++ data/CVE/list 2016-06-08 06:24:49 UTC (rev 42393) @@ -13003,8 +13003,11 @@ RESERVED CVE-2016-1183 RESERVED -CVE-2016-1182 +CVE-2016-1182 [Improper input validation in Validator] RESERVED + - libstruts1.2-java + NOTE: https://jvn.jp/en/jp/JVN65044642/ + NOTE: Probably a duplicate of CVE-2015-0899 CVE-2016-1181 [Vulnerability in ActionForm allows unintended remote operations against components on server memory] RESERVED - libstruts1.2-java ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42392 - data/CVE
Author: carnil Date: 2016-06-08 06:20:59 + (Wed, 08 Jun 2016) New Revision: 42392 Modified: data/CVE/list Log: Update CVE-2016-1181 Modified: data/CVE/list === --- data/CVE/list 2016-06-08 06:10:25 UTC (rev 42391) +++ data/CVE/list 2016-06-08 06:20:59 UTC (rev 42392) @@ -13007,8 +13007,9 @@ RESERVED CVE-2016-1181 [Vulnerability in ActionForm allows unintended remote operations against components on server memory] RESERVED + - libstruts1.2-java NOTE: https://jvn.jp/en/jp/JVN03188560/ - TODO: check + NOTE: Probably a duplicate of CVE-2015-0899 CVE-2016-1180 (Cross-site scripting (XSS) vulnerability in the Cyber-Will ...) TODO: check CVE-2016-1179 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42391 - data/CVE
Author: jmm Date: 2016-06-08 06:10:25 + (Wed, 08 Jun 2016) New Revision: 42391 Modified: data/CVE/list Log: new firefox issues drop pycurl entry, no evidence of being exploitable Modified: data/CVE/list === --- data/CVE/list 2016-06-08 06:04:14 UTC (rev 42390) +++ data/CVE/list 2016-06-08 06:10:25 UTC (rev 42391) @@ -7006,32 +7006,55 @@ RESERVED CVE-2016-2834 RESERVED + - nss + - firefox-esr (Doesn't apply to Firefox ESR) + - firefox CVE-2016-2833 RESERVED + - firefox-esr (Doesn't apply to Firefox ESR) + - firefox CVE-2016-2832 RESERVED + - firefox-esr (Doesn't apply to Firefox ESR) + - firefox CVE-2016-2831 RESERVED + - firefox-esr + - firefox CVE-2016-2830 RESERVED CVE-2016-2829 RESERVED + - firefox-esr (Doesn't apply to Firefox ESR) + - firefox CVE-2016-2828 RESERVED + - firefox-esr + - firefox CVE-2016-2827 RESERVED CVE-2016-2826 RESERVED + - firefox-esr (Only affects Windows) + - firefox (Only affects Windows) CVE-2016-2825 RESERVED + - firefox-esr (Doesn't apply to Firefox ESR) + - firefox CVE-2016-2824 RESERVED + - firefox-esr (Only affects Windows) + - firefox (Only affects Windows) CVE-2016-2823 RESERVED CVE-2016-2822 RESERVED + - firefox-esr + - firefox CVE-2016-2821 RESERVED + - firefox-esr + - firefox CVE-2016-2820 (The Firefox Health Reports (aka FHR or about:healthreport) feature in ...) - iceweasel (Only Firefox 46) - firefox-esr (Only Firefox 46) @@ -7039,8 +7062,12 @@ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-48/ CVE-2016-2819 RESERVED + - firefox-esr + - firefox CVE-2016-2818 RESERVED + - firefox-esr + - firefox CVE-2016-2817 (The WebExtension sandbox feature in ...) - iceweasel (Only Firefox 46) - firefox-esr (Only Firefox 46) @@ -7053,6 +7080,8 @@ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-45/ CVE-2016-2815 RESERVED + - firefox-esr (Doesn't apply to Firefox ESR) + - firefox CVE-2016-2814 (Heap-based buffer overflow in the ...) {DSA-3559-1} - iceweasel @@ -17933,13 +17962,6 @@ RESERVED CVE-2014-9754 RESERVED -CVE-2015- [use afer free] - - pycurl - [wheezy] - pycurl (Vulnerable code introduced later) - [squeeze] - pycurl (Vulnerable code introduced later) - NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/11/03/4 - NOTE: Upstream commit: https://github.com/pycurl/pycurl/commit/602f8e364634d386524f0396e962c2c9de0536a9 - NOTE: support for BUFFER and BUFFERPTR form parameters added with https://github.com/clintclayton/pycurl/commit/642f87afc14fc79c202c3b10b95ad35e97aa8615 CVE-2015-8075 REJECTED CVE-2015-8033 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42390 - data/CVE
Author: fgeek-guest Date: 2016-06-08 06:04:14 + (Wed, 08 Jun 2016) New Revision: 42390 Modified: data/CVE/list Log: CVE-2016-1181 Modified: data/CVE/list === --- data/CVE/list 2016-06-08 05:01:10 UTC (rev 42389) +++ data/CVE/list 2016-06-08 06:04:14 UTC (rev 42390) @@ -12976,8 +12976,10 @@ RESERVED CVE-2016-1182 RESERVED -CVE-2016-1181 +CVE-2016-1181 [Vulnerability in ActionForm allows unintended remote operations against components on server memory] RESERVED + NOTE: https://jvn.jp/en/jp/JVN03188560/ + TODO: check CVE-2016-1180 (Cross-site scripting (XSS) vulnerability in the Cyber-Will ...) TODO: check CVE-2016-1179 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits