Author: sectracker Date: 2016-05-16 21:10:11 +0000 (Mon, 16 May 2016) New Revision: 41784
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-05-16 21:08:56 UTC (rev 41783) +++ data/CVE/list 2016-05-16 21:10:11 UTC (rev 41784) @@ -1,10 +1,30 @@ +CVE-2016-4808 + RESERVED +CVE-2016-4807 + RESERVED +CVE-2016-4806 + RESERVED +CVE-2016-4803 + RESERVED +CVE-2016-4802 + RESERVED +CVE-2016-4801 + RESERVED +CVE-2016-4800 + RESERVED +CVE-2015-8874 (Stack consumption vulnerability in GD in PHP before 5.6.12 allows ...) + TODO: check +CVE-2015-8873 (Stack consumption vulnerability in Zend/zend_exceptions.c in PHP ...) + TODO: check CVE-2016-XXXX [moodle issues fixed in 2.7.14] - moodle 2.7.14+dfsg-1 CVE-2016-4805 [ppp: take reference on channels netns] + RESERVED - linux 4.5.2-1 NOTE: Fixed by: https://git.kernel.org/linus/1f461dcdd296eecedaffffc6bae2bfa90bd7eb89 (v4.6-rc1) NOTE: Introduced by: https://git.kernel.org/linus/273ec51dd7ceaa76e038875d85061ec856d8905e (v2.6.30) CVE-2016-4804 + RESERVED {DLA-474-1} - dosfstools 4.0-1 [jessie] - dosfstools <no-dsa> (Minor issue) @@ -596,12 +616,14 @@ NOTE: Exploitable since: https://git.kernel.org/linus/1be7f75d1668d6296b80bf35dcf6762393530afc (v4.4-rc1) NOTE: http://www.openwall.com/lists/oss-security/2016/05/06/4 CVE-2016-4556 (Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x ...) + {DLA-478-1} - squid3 3.5.19-1 (bug #823968) - squid <not-affected> (Does not affect 2.x) NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_9.txt NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch CVE-2016-4555 (client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before ...) + {DLA-478-1} - squid3 3.5.19-1 (bug #823968) [wheezy] - squid3 <not-affected> (3.1 not vulnerable) - squid <not-affected> (Does not affect 2.x) @@ -609,6 +631,7 @@ NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch CVE-2016-4554 (mime_header.cc in Squid before 3.5.18 allows remote attackers to ...) + {DLA-478-1} - squid3 3.5.19-1 (bug #823968) - squid <removed> NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_8.txt @@ -887,8 +910,7 @@ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=082aecfc3a753ad03be82cf14f03ac065723ec92 NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35 NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21 -CVE-2016-4536 [various client functionality leak stack data onto the wire in the clear] - RESERVED +CVE-2016-4536 (The client in OpenAFS before 1.6.17 does not properly initialize the ...) - openafs 1.6.17-1 [jessie] - openafs <no-dsa> (Minor issue, can be included in a future DSA or via jessie-pu) NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt @@ -1016,6 +1038,7 @@ NOTE: https://github.com/symfony/symfony/pull/18733 NOTE: https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session CVE-2015-8872 + RESERVED {DLA-474-1} - dosfstools 4.0-1 [jessie] - dosfstools <no-dsa> (Minor issue) @@ -1254,8 +1277,8 @@ RESERVED CVE-2016-4326 RESERVED -CVE-2016-4325 - RESERVED +CVE-2016-4325 (Lantronix xPrintServer devices with firmware before 5.0.1-65 have ...) + TODO: check CVE-2016-4324 RESERVED CVE-2016-4323 @@ -1923,6 +1946,7 @@ - typo3-src <removed> [wheezy] - typo3-src <end-of-life> (See DSA 3314) CVE-2016-4054 (Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows ...) + {DLA-478-1} - squid3 3.5.17-1 - squid <not-affected> (Squid 2.x are not vulnerable) NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_6.txt @@ -1931,6 +1955,7 @@ NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4) NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5) CVE-2016-4053 (Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to ...) + {DLA-478-1} - squid3 3.5.17-1 - squid <not-affected> (Squid 2.x are not vulnerable) NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_6.txt @@ -1939,6 +1964,7 @@ NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4) NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5) CVE-2016-4052 (Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and ...) + {DLA-478-1} - squid3 3.5.17-1 - squid <not-affected> (Squid 2.x are not vulnerable) NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_6.txt @@ -1947,6 +1973,7 @@ NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4) NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5) CVE-2016-4051 (Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and ...) + {DLA-478-1} - squid3 3.5.17-1 - squid <removed> NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_5.txt @@ -2075,8 +2102,7 @@ RESERVED CVE-2015-8843 (The Foxit Cloud Update Service (FoxitCloudUpdateService) in Foxit ...) NOT-FOR-US: Foxit Reader -CVE-2016-4024 [integer overflow resulting in insufficient heap allocation] - RESERVED +CVE-2016-4024 (Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows ...) {DSA-3555-1} - imlib2 1.4.8-1 (bug #821732) NOTE: Upstream fix: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=7eba2e4c8ac0e20838947f10f29d0efe1add8227 @@ -2207,8 +2233,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/3 NOTE: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=f435825c0f527a8e52e6ffbc3ad0bc60531d537e NOTE: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625 -CVE-2011-5326 [divide-by-zero on 2x1 ellipse] - RESERVED +CVE-2011-5326 (imlib2 before 1.4.9 allows remote attackers to cause a denial of ...) {DSA-3555-1} - imlib2 1.4.8-1 (bug #639414) NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c94d83ccab15d5ef02f88d42dce38ed3f0892882 @@ -2221,8 +2246,7 @@ NOTE: https://github.com/weidai11/cryptopp/issues/146 NOTE: http://www.openwall.com/lists/oss-security/2016/04/10/6 NOTE: Initial upload in 5.6.3-5 was incomplete -CVE-2016-3994 [GIF loader: out-of-bounds read] - RESERVED +CVE-2016-3994 (The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause ...) {DSA-3555-1} - imlib2 1.4.8-1 (bug #785369) NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8 @@ -2281,8 +2305,7 @@ RESERVED CVE-2015-8840 (The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does ...) NOT-FOR-US: SAP -CVE-2014-9771 [exploitable integer overflow in _imlib_SaveImage] - RESERVED +CVE-2014-9771 (Integer overflow in imlib2 before 1.4.7 allows remote attackers to ...) {DSA-3555-1} - imlib2 1.4.7-1 (bug #820206) NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=143f299 @@ -2396,8 +2419,7 @@ NOTE: http://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e NOTE: PHP fixed in 7.0.5, 5.6.20, 5.5.34 NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7 -CVE-2016-3993 [off-by-one OOB read in __imlib_MergeUpdate] - RESERVED +CVE-2016-3993 (Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c ...) {DSA-3555-1} - imlib2 1.4.8-1 (bug #819818) NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=ce94edca1ccfbe314cb7cd9453433fad404ec7ef @@ -2889,22 +2911,27 @@ CVE-2016-3719 RESERVED CVE-2016-3718 (The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x ...) + {DSA-3580-1} - imagemagick <unfixed> - graphicsmagick <unfixed> NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/ CVE-2016-3717 (The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 ...) + {DSA-3580-1} - imagemagick <unfixed> - graphicsmagick <unfixed> NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/ CVE-2016-3716 (The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 ...) + {DSA-3580-1} - imagemagick <unfixed> - graphicsmagick <unfixed> NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/ CVE-2016-3715 (The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before ...) + {DSA-3580-1} - imagemagick <unfixed> - graphicsmagick <unfixed> NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/ CVE-2016-3714 (The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, ...) + {DSA-3580-1} - imagemagick <unfixed> NOTE: Workaround: https://bugzilla.redhat.com/show_bug.cgi?id=1332492#c3 NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588 @@ -3079,8 +3106,7 @@ NOTE: https://git.kernel.org/linus/32ebffd3bbb4162da5ff88f9a35dd32d0a28ea70 (v4.5-rc1) NOTE: https://git.kernel.org/linus/011278485ecc3cd2a3954b5d4c73101d919bf1fa (v4.5-rc1) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=972174 -CVE-2015-8838 - RESERVED +CVE-2015-8838 (ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and ...) - php5 5.6.11+dfsg-1 [jessie] - php5 5.6.12+dfsg-0+deb8u1 [wheezy] - php5 5.4.44-0+deb7u1 @@ -4139,8 +4165,7 @@ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1319503 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2536 NOTE: Proposed patch from Red Hat: https://bugzilla.redhat.com/attachment.cgi?id=1144235&action=diff -CVE-2016-3185 [Type Confusion Vulnerability - SOAP / make_http_soap_request()] - RESERVED +CVE-2016-3185 (The make_http_soap_request function in ext/soap/php_http.c in PHP ...) - php7.0 7.0.4-1 NOTE: https://bugs.php.net/bug.php?id=71610 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=eaf4e77190d402ea014207e9a7d5da1a4f3727ba @@ -4936,8 +4961,7 @@ RESERVED CVE-2016-2861 RESERVED -CVE-2016-2860 - RESERVED +CVE-2016-2860 (The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 ...) {DSA-3569-1} - openafs 1.6.17-1 NOTE: http://git.openafs.org/?p=openafs.git;a=commitdiff;h=396240cf070a806b91fea81131d034e1399af1e0 @@ -4991,8 +5015,7 @@ NOTE: http://marc.info/?l=netfilter-devel&m=145757136822750&w=2 NOTE: https://patchwork.ozlabs.org/patch/595576/ NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/7 -CVE-2015-8835 - RESERVED +CVE-2015-8835 (The make_http_soap_request function in ext/soap/php_http.c in PHP ...) - php5 5.6.12+dfsg-1 [jessie] - php5 5.6.12+dfsg-0+deb8u1 [wheezy] - php5 5.4.44-0+deb7u1 @@ -5030,12 +5053,10 @@ - libotr 4.1.1-1 (bug #817799) NOTE: https://lists.cypherpunks.ca/pipermail/otr-announce/2016-March/000062.html NOTE: https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/ -CVE-2016-2850 - RESERVED +CVE-2016-2850 (Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) ...) - botan1.10 <not-affected> (Introduced in 1.11.0) NOTE: Introduced in 1.11.0, fixed in 1.11.29 -CVE-2016-2849 [ECDSA side channel attack] - RESERVED +CVE-2016-2849 (Botan before 1.10.13 and 1.11.x before 1.11.29 does not use a ...) {DSA-3565-1 DLA-449-1} - botan1.10 <unfixed> (bug #822698) NOTE: http://botan.randombit.net/security.html @@ -6898,8 +6919,7 @@ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305540 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=1c1b8b69982375700d4b011eb89ea48b66dbd5aa NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3 -CVE-2016-2554 [Stack overflow when decompressing tar archives] - RESERVED +CVE-2016-2554 (Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, ...) - php5 5.6.18+dfsg-1 [jessie] - php5 5.6.19+dfsg-0+deb8u1 [wheezy] - php5 <no-dsa> (Minor issue, can be fixed in next update round) @@ -7013,12 +7033,12 @@ NOT-FOR-US: Ecava IntegraXor CVE-2016-2299 (SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 ...) NOT-FOR-US: Ecava IntegraXor -CVE-2016-2298 - RESERVED -CVE-2016-2297 - RESERVED -CVE-2016-2296 - RESERVED +CVE-2016-2298 (Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows ...) + TODO: check +CVE-2016-2297 (Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows ...) + TODO: check +CVE-2016-2296 (Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not ...) + TODO: check CVE-2016-2295 RESERVED CVE-2016-2294 (The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and ...) @@ -7356,19 +7376,16 @@ [squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS) - libav <not-affected> (Vulnerable code not present) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0aada30510d809bccfd539a90ea37b61188f2cb4 -CVE-2016-2196 [Overwrite in P-521 reduction] - RESERVED +CVE-2016-2196 (Heap-based buffer overflow in the P-521 reduction function in Botan ...) - botan1.10 <not-affected> (Introduced in 1.11.10) NOTE: Introduced in 1.11.10, fixed in 1.11.27 NOTE: http://botan.randombit.net/security.html -CVE-2016-2195 [Heap overflow on invalid ECC point] - RESERVED +CVE-2016-2195 (Integer overflow in the PointGFp constructor in Botan before 1.10.11 ...) {DSA-3565-1 DLA-449-1} - botan1.10 1.10.12-1 NOTE: Introduced in 1.9.18, fixed in 1.11.27 and 1.10.11 NOTE: http://botan.randombit.net/security.html -CVE-2016-2194 [Infinite loop in modulur square root algorithm] - RESERVED +CVE-2016-2194 (The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 ...) {DSA-3565-1 DLA-449-1} - botan1.10 1.10.12-1 NOTE: Introduced in 1.7.15, fixed in 1.11.27 and 1.10.11 @@ -7672,8 +7689,7 @@ CVE-2016-2100 RESERVED - foreman <itp> (bug #663101) -CVE-2016-2099 [use-after-free] - RESERVED +CVE-2016-2099 (Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in ...) {DSA-3579-1 DLA-467-1} - xerces-c 3.1.3+debian-2 (bug #823863) NOTE: https://issues.apache.org/jira/browse/XERCESC-2066 @@ -8170,10 +8186,10 @@ RESERVED CVE-2016-2017 RESERVED -CVE-2016-2016 - RESERVED -CVE-2016-2015 - RESERVED +CVE-2016-2016 (Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 ...) + TODO: check +CVE-2016-2015 (HPE System Management Homepage before 7.5.5 allows local users to ...) + TODO: check CVE-2016-2014 (HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and ...) TODO: check CVE-2016-2013 (HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and ...) @@ -9229,62 +9245,50 @@ RESERVED CVE-2016-1672 RESERVED -CVE-2016-1671 - RESERVED +CVE-2016-1671 (Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and ...) - chromium-browser <not-affected> (Android-specific) -CVE-2016-1670 - RESERVED +CVE-2016-1670 (Race condition in the ResourceDispatcherHostImpl::BeginRequest ...) - chromium-browser <unfixed> [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2016-1669 - RESERVED +CVE-2016-1669 (The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as ...) - chromium-browser <unfixed> [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) - libv8 <unfixed> (unimportant) NOTE: libv8 not covered by security support -CVE-2016-1668 - RESERVED +CVE-2016-1668 (The forEachForBinding function in ...) - chromium-browser <unfixed> [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) TODO: check, possibly as well libv8 -CVE-2016-1667 - RESERVED +CVE-2016-1667 (The TreeScope::adoptIfNeeded function in ...) - chromium-browser <unfixed> [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2016-1666 - RESERVED +CVE-2016-1666 (Multiple unspecified vulnerabilities in Google Chrome before ...) {DSA-3564-1} - chromium-browser 50.0.2661.94-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2016-1665 - RESERVED +CVE-2016-1665 (The JSGenericLowering class in compiler/js-generic-lowering.cc in ...) {DSA-3564-1} - chromium-browser 50.0.2661.94-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) - libv8 <unfixed> (unimportant) NOTE: libv8 not covered by security support -CVE-2016-1664 - RESERVED +CVE-2016-1664 (The HistoryController::UpdateForCommit function in ...) {DSA-3564-1} - chromium-browser 50.0.2661.94-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2016-1663 - RESERVED +CVE-2016-1663 (The SerializedScriptValue::transferArrayBuffers function in ...) {DSA-3564-1} - chromium-browser 50.0.2661.94-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2016-1662 - RESERVED +CVE-2016-1662 (extensions/renderer/gc_callback.cc in Google Chrome before ...) {DSA-3564-1} - chromium-browser 50.0.2661.94-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2016-1661 - RESERVED +CVE-2016-1661 (Blink, as used in Google Chrome before 50.0.2661.94, does not ensure ...) {DSA-3564-1} - chromium-browser 50.0.2661.94-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2016-1660 - RESERVED +CVE-2016-1660 (Blink, as used in Google Chrome before 50.0.2661.94, mishandles ...) {DSA-3564-1} - chromium-browser 50.0.2661.94-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) @@ -9580,12 +9584,12 @@ RESERVED CVE-2016-1581 RESERVED -CVE-2016-1580 - RESERVED +CVE-2016-1580 (The setup_snappy_os_mounts function in the ubuntu-core-launcher ...) + TODO: check CVE-2016-1579 RESERVED -CVE-2016-1578 - RESERVED +CVE-2016-1578 (Use-after-free vulnerability in Oxide allows remote attackers to cause ...) + TODO: check CVE-2016-1577 (Double free vulnerability in the jas_iccattrval_destroy function in ...) {DSA-3508-1} - jasper <unfixed> (bug #816625) @@ -10125,8 +10129,8 @@ RESERVED CVE-2016-1400 RESERVED -CVE-2016-1399 - RESERVED +CVE-2016-1399 (The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, ...) + TODO: check CVE-2016-1398 RESERVED CVE-2016-1397 @@ -10717,18 +10721,15 @@ NOTE: https://github.com/htacg/tidy-html5/issues/341 NOTE: https://github.com/htacg/tidy-html5/pull/368 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/03/4 -CVE-2014-9764 [Fix segfault when opening input/queue/id:000007,src:000000,op:flip1,pos:51 with feh] - RESERVED +CVE-2014-9764 (imlib2 before 1.4.7 allows remote attackers to cause a denial of ...) {DSA-3537-1 DLA-401-1} - imlib2 1.4.7-1 NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?h=v1.4.7&id=1f9b0b32728803a1578e658cd0955df773e34f49 -CVE-2014-9763 [Prevent division-by-zero crashes] - RESERVED +CVE-2014-9763 (imlib2 before 1.4.7 allows remote attackers to cause a denial of ...) {DSA-3537-1 DLA-401-1} - imlib2 1.4.7-1 NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?h=v1.4.7&id=c21beaf1780cf3ca291735ae7d58a3dde63277a2 -CVE-2014-9762 GIF loader: Fix segv on images without colormap] - RESERVED +CVE-2014-9762 (imlib2 before 1.4.7 allows remote attackers to cause a denial of ...) {DSA-3537-1 DLA-401-1} - imlib2 1.4.7-1 NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?h=v1.4.7&id=39641e74a560982fbf93f29bf96b37d27803cb56 @@ -10951,14 +10952,14 @@ RESERVED CVE-2016-1210 RESERVED -CVE-2016-1209 - RESERVED -CVE-2016-1208 - RESERVED -CVE-2016-1207 - RESERVED -CVE-2016-1206 - RESERVED +CVE-2016-1209 (The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote ...) + TODO: check +CVE-2016-1208 (The server in Apple FileMaker before 14.0.4 on OS X allows remote ...) + TODO: check +CVE-2016-1207 (Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R ...) + TODO: check +CVE-2016-1206 (The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, ...) + TODO: check CVE-2016-1205 (Cross-site scripting (XSS) vulnerability in the shiro8 (1) ...) TODO: check CVE-2016-1204 @@ -13667,8 +13668,8 @@ RESERVED CVE-2016-0391 RESERVED -CVE-2016-0390 - RESERVED +CVE-2016-0390 (Cross-site scripting (XSS) vulnerability in IBM Algorithmics Algo One ...) + TODO: check CVE-2016-0389 RESERVED CVE-2016-0388 @@ -13685,8 +13686,8 @@ RESERVED CVE-2016-0382 RESERVED -CVE-2016-0381 - RESERVED +CVE-2016-0381 (IBM Cognos TM1 10.2.2 before FP5, when the host/pmhub/pm/admin ...) + TODO: check CVE-2016-0380 RESERVED CVE-2016-0379 @@ -13765,8 +13766,8 @@ RESERVED CVE-2016-0342 RESERVED -CVE-2016-0341 - RESERVED +CVE-2016-0341 (IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B ...) + TODO: check CVE-2016-0340 RESERVED CVE-2016-0339 @@ -14063,8 +14064,8 @@ RESERVED CVE-2015-8531 (Cross-site scripting (XSS) vulnerability in IBM Security Access ...) NOT-FOR-US: IBM -CVE-2015-8530 - RESERVED +CVE-2015-8530 (Stack-based buffer overflow in the Initialize function in an ActiveX ...) + TODO: check CVE-2015-8529 RESERVED CVE-2015-8528 @@ -15143,8 +15144,7 @@ - gnutls28 <not-affected> (Vulnerable code not present) - gnutls26 <removed> NOTE: https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.html -CVE-2015-8312 - RESERVED +CVE-2015-8312 (Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow ...) {DSA-3569-1} - openafs 1.6.17-1 NOTE: http://git.openafs.org/?p=openafs.git;a=commitdiff;h=2ef863720da4d9f368aaca0461c672a3008195ca @@ -15540,8 +15540,8 @@ TODO: check CVE-2015-8157 RESERVED -CVE-2015-8156 - RESERVED +CVE-2015-8156 (Unquoted Windows search path vulnerability in EEDService in Symantec ...) + TODO: check CVE-2015-8155 RESERVED CVE-2015-8154 (The SysPlant.sys driver in the Application and Device Control (ADC) ...) @@ -15751,8 +15751,8 @@ RESERVED CVE-2015-8101 RESERVED -CVE-2015-8099 - RESERVED +CVE-2015-8099 (F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM ...) + TODO: check CVE-2015-8098 (F5 BIG-IP APM 11.4.1 before 11.4.1 HF9, 11.5.x before 11.5.3, and ...) NOT-FOR-US: BIG-IP CVE-2015-8097 @@ -16652,8 +16652,7 @@ NOT-FOR-US: Adobe CVE-2015-7828 (SAP HANA Database 1.00 SPS10 and earlier do not require ...) NOT-FOR-US: SAP HANA -CVE-2015-7827 [PKCS #1 v1.5 decoding was not constant time] - RESERVED +CVE-2015-7827 (Botan before 1.10.13 and 1.11.x before 1.11.22 makes it easier for ...) {DSA-3565-1 DLA-449-1} - botan1.10 <unfixed> (bug #817932) NOTE: Fixed in 1.11.22. Affected all previous versions @@ -19532,8 +19531,7 @@ NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=b85c8d6645039fc9d403791750510e439731d479 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/08/5 NOTE: Thread on oss-security to clarify if this should be CVE-2015-5738 or a new CVE -CVE-2015-6838 [NULL pointer dereference] - RESERVED +CVE-2015-6838 (The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP ...) {DSA-3358-1 DLA-341-1} - php5 5.6.13+dfsg-1 - hhvm 3.12.1+dfsg-1 @@ -19541,8 +19539,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5 NOTE: Fixed in 5.5.45 and 5.6.13 NOTE: https://github.com/facebook/hhvm/commit/f358ec0e905df41feaa9dc75f4dee814cfe5a60a -CVE-2015-6837 [NULL pointer dereference] - RESERVED +CVE-2015-6837 (The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP ...) {DSA-3358-1 DLA-341-1} - php5 5.6.13+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=69782 @@ -19554,16 +19551,14 @@ NOTE: https://bugs.php.net/bug.php?id=70388 NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5 NOTE: Fixed in 5.5.45 and 5.6.13 -CVE-2015-6835 [Use after free vulnerability in session deserializer] - RESERVED +CVE-2015-6835 (The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, ...) {DSA-3358-1} - php5 5.6.13+dfsg-1 [squeeze] - php5 <no-dsa> (Too intrusive to backport) NOTE: https://bugs.php.net/bug.php?id=70219 NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5 NOTE: Fixed in 5.5.45 and 5.6.13 -CVE-2015-6834 [Vulnerability in unserialize(), discoverer taoguangc...@icloud.com] - RESERVED +CVE-2015-6834 (Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x ...) {DSA-3358-1 DLA-341-1} - php5 5.6.13+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=70172 @@ -22201,22 +22196,19 @@ RESERVED CVE-2015-5728 RESERVED -CVE-2015-5727 [Excess memory allocation in BER decoder] - RESERVED +CVE-2015-5727 (The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before ...) {DSA-3565-1 DLA-449-1} - botan1.10 1.10.10-1 NOTE: Fixed in 1.11.19 and 1.10.10, affected all previous versions of 1.10 and 1.11 NOTE: http://botan.randombit.net/security.html -CVE-2015-5726 [Crash in BER decoder] - RESERVED +CVE-2015-5726 (The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before ...) {DSA-3565-1 DLA-449-1} - botan1.10 1.10.10-1 NOTE: Fixed in 1.11.19 and 1.10.10, affected all previous versions of 1.10 and 1.11 NOTE: http://botan.randombit.net/security.html CVE-2015-5725 RESERVED -CVE-2014-9742 [Insufficient randomness in Miller-Rabin primality check] - RESERVED +CVE-2014-9742 (The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x ...) {DLA-449-1} - botan1.10 1.10.8-1 NOTE: Introduced in 1.8.3, fixed in 1.10.8 and 1.11.9 @@ -22966,8 +22958,7 @@ NOTE: https://bugs.php.net/bug.php?id=69923 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f NOTE: Fixed in 5.6.11, 5.4.43 -CVE-2015-5589 [Segfault in Phar::convertToData on invalid file] - RESERVED +CVE-2015-5589 (The phar_convert_to_other function in ext/phar/phar_object.c in PHP ...) {DSA-3344-1 DLA-307-1} - php5 5.6.11+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=69958 @@ -25723,22 +25714,19 @@ [jessie] - squashfs-tools <no-dsa> (Minor issue) [wheezy] - squashfs-tools <no-dsa> (Minor issue) [squeeze] - squashfs-tools <no-dsa> (Minor issue) -CVE-2015-4642 [OS command injection vulnerability in escapeshellarg] - RESERVED +CVE-2015-4642 (The escapeshellarg function in ext/standard/exec.c in PHP before ...) - php5 <not-affected> (Windows specific) NOTE: https://bugs.php.net/bug.php?id=69646 NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=d2ac264ffea5ca2e85640b6736e0c7cd4ee9a4a9 NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3 -CVE-2015-4643 [Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow)] - RESERVED +CVE-2015-4643 (Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP ...) {DSA-3344-1 DLA-307-1} - php5 5.6.11+dfsg-1 NOTE: Fixed in 5.6.10 / 5.5.26 / 5.4.42 NOTE: https://bugs.php.net/bug.php?id=69545#1431550655 NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2 NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3 -CVE-2015-4644 [Fixed bug #69667 (segfault in php_pgsql_meta_data)] - RESERVED +CVE-2015-4644 (The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka ...) {DSA-3344-1 DLA-307-1} - php5 5.6.11+dfsg-1 NOTE: Fixed in 5.6.10 / 5.5.26 / 5.4.42 @@ -26223,46 +26211,40 @@ NOT-FOR-US: Cisco CVE-2014-9733 RESERVED -CVE-2015-4603 [exception::getTraceAsString issue] - RESERVED +CVE-2015-4603 (The exception::getTraceAsString function in Zend/zend_exceptions.c in ...) - php5 5.6.9+dfsg-1 [jessie] - php5 5.6.9+dfsg-0+deb8u1 [wheezy] - php5 5.4.41-0+deb7u1 NOTE: https://bugs.php.net/bug.php?id=69152 [2015-03-03 04:30 UTC] -CVE-2015-4602 - RESERVED +CVE-2015-4602 (The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c ...) {DLA-307-1} - php5 5.6.9+dfsg-1 [jessie] - php5 5.6.9+dfsg-0+deb8u1 [wheezy] - php5 5.4.41-0+deb7u1 NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=fb83c76deec58f1fab17c350f04c9f042e5977d1 NOTE: https://bugs.php.net/bug.php?id=69152 -CVE-2015-4601 - RESERVED +CVE-2015-4601 (PHP before 5.6.7 might allow remote attackers to cause a denial of ...) {DLA-307-1} - php5 5.6.9+dfsg-1 [jessie] - php5 5.6.9+dfsg-0+deb8u1 [wheezy] - php5 5.4.41-0+deb7u1 NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8 NOTE: https://bugs.php.net/bug.php?id=69152 -CVE-2015-4600 - RESERVED +CVE-2015-4600 (The SoapClient implementation in PHP before 5.4.40, 5.5.x before ...) {DLA-307-1} - php5 5.6.9+dfsg-1 [jessie] - php5 5.6.9+dfsg-0+deb8u1 [wheezy] - php5 5.4.41-0+deb7u1 NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8 NOTE: https://bugs.php.net/bug.php?id=69152 -CVE-2015-4599 [Type confusion vulnerability in exception::getTraceAsString] - RESERVED +CVE-2015-4599 (The SoapFault::__toString method in ext/soap/soap.c in PHP before ...) {DLA-307-1} - php5 5.6.9+dfsg-1 [jessie] - php5 5.6.9+dfsg-0+deb8u1 [wheezy] - php5 5.4.41-0+deb7u1 NOTE: https://bugs.php.net/bug.php?id=69152 NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=51856a76f87ecb24fe1385342be43610fb6c86e4 -CVE-2015-4598 [Incorrect handling of paths with NULs] - RESERVED +CVE-2015-4598 (PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does ...) {DSA-3344-1 DLA-307-1} - php5 5.6.11+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=69719 @@ -27124,8 +27106,8 @@ NOT-FOR-US: ISPConfig CVE-2015-4117 RESERVED -CVE-2015-4116 - RESERVED +CVE-2015-4116 (Use-after-free vulnerability in the spl_ptr_heap_insert function in ...) + TODO: check CVE-2015-4115 RESERVED CVE-2015-4114 @@ -29062,8 +29044,7 @@ RESERVED - hhvm 3.11.0+dfsg-1 NOTE: https://github.com/facebook/hhvm/commit/02a7a8f086c9181002fca0f0d9cef42963fdf46a -CVE-2015-3412 - RESERVED +CVE-2015-3412 (PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does ...) {DLA-307-1} - php5 5.6.9+dfsg-1 [jessie] - php5 5.6.9+dfsg-0+deb8u1 @@ -29071,8 +29052,7 @@ NOTE: http://git.php.net/?p=php-src.git;a=commit;h=52b93f0cfd3cba7ff98cc5198df6ca4f23865f80 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=4435b9142ff9813845d5c97ab29a5d637bedb257 NOTE: https://bugs.php.net/bug.php?id=69353 -CVE-2015-3411 - RESERVED +CVE-2015-3411 (PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does ...) {DLA-307-1} - php5 5.6.9+dfsg-1 [jessie] - php5 5.6.9+dfsg-0+deb8u1 @@ -29334,8 +29314,7 @@ [wheezy] - xen 4.1.4-3+deb7u8 [squeeze] - xen <end-of-life> (Not supported in Squeeze LTS) NOTE: http://xenbits.xen.org/xsa/advisory-132.html -CVE-2015-4605 [denial of service when processing a crafted file with Fileinfo -- 2015-02-09 17:10 UTC] - RESERVED +CVE-2015-4605 (The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo ...) {DLA-307-1} - php5 5.6.9+dfsg-1 (bug #783099) [jessie] - php5 5.6.9+dfsg-0+deb8u1 @@ -29343,8 +29322,7 @@ - file <not-affected> (Not reproducible with file, see #783108) NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=f938112c495b0d26572435c0be73ac0bfe642ecd NOTE: https://bugs.php.net/bug.php?id=68819 -CVE-2015-4604 [denial of service when processing a crafted file with Fileinfo -- 2015-02-05 13:53 UTC] - RESERVED +CVE-2015-4604 (The mget function in softmagic.c in file 5.x, as used in the Fileinfo ...) {DLA-307-1} - php5 5.6.9+dfsg-1 (bug #783099) [jessie] - php5 5.6.9+dfsg-0+deb8u1 @@ -30112,8 +30090,7 @@ [wheezy] - curl <no-dsa> (Too intrusive to backport) [squeeze] - curl <no-dsa> (Too intrusive to backport) NOTE: http://curl.haxx.se/docs/adv_20150429.html -CVE-2015-3152 [MySQL SSL/TLS downgrade] - RESERVED +CVE-2015-3152 (Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka ...) {DSA-3311-1} - mariadb-10.0 10.0.20-1 - percona-xtradb-cluster-5.5 <removed> @@ -65326,8 +65303,7 @@ NOTE: https://github.com/file/file/commit/b8acc83781d5a24cc5101e525d15efe0482c280d - php5 5.6.0~beta4+dfsg-1 (low) NOTE: https://bugs.php.net/bug.php?id=67328 -CVE-2014-0236 [root_storage NULL pointer deference flaw in CDF parser] - RESERVED +CVE-2014-0236 (file before 5.18, as used in the Fileinfo component in PHP before ...) - file 1:5.19-1 [wheezy] - file <not-affected> (Introduced in 5.18) [squeeze] - file <not-affected> (Introduced in 5.18) @@ -198673,7 +198649,7 @@ NOT-FOR-US: PerlDiver CVE-2005-3066 (Cross-site scripting (XSS) vulnerability in perldiver.pl in PerlDiver ...) NOT-FOR-US: PerlDiver -CVE-2005-3065 (MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers cause a ...) +CVE-2005-3065 (MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers to ...) NOT-FOR-US: MultiTheftAuto CVE-2005-3064 (MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client ...) NOT-FOR-US: MultiTheftAuto @@ -224515,7 +224491,7 @@ NOT-FOR-US: Cisco CVE-2001-0782 (KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2001-0781 (Buffer overflow in SpoonFTP 1.0.0.12 allows remote attacker to execute ...) +CVE-2001-0781 (Buffer overflow in SpoonFTP 1.0.0.12 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0780 (Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl ...) NOT-FOR-US: Data pre-dating the Security Tracker _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits