[Secure-testing-commits] r44729 - data/CVE

security tracker role Sun, 18 Sep 2016 14:11:06 -0700

Author: sectracker
Date: 2016-09-18 21:10:21 +0000 (Sun, 18 Sep 2016)
New Revision: 44729


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-09-18 18:52:46 UTC (rev 44728)
+++ data/CVE/list       2016-09-18 21:10:21 UTC (rev 44729)
@@ -70,6 +70,7 @@
 CVE-2016-8201
        RESERVED
 CVE-2016-7444 [GNUTLS-SA-2016-3: missing OCSP response serial length check]
+       RESERVED
        - gnutls28 3.5.3-4
        NOTE: https://gnutls.org/security.html#GNUTLS-SA-2016-3
        NOTE: 
http://lists.gnutls.org/pipermail/gnutls-devel/2016-September/008146.html
@@ -3927,6 +3928,7 @@
        TODO: check if affecting versions in Debian, issue fixed upstream with 
1.3.2 release,
 CVE-2016-6801 [CSRF in Jackrabbit-Webdav using empty content-type]
        RESERVED
+       {DLA-629-1}
        - jackrabbit 2.12.4-1 (bug #838204)
        NOTE: http://svn.apache.org/r1758791 (2.4.x)
        NOTE: http://svn.apache.org/r1758771 (2.6.x)
@@ -5647,14 +5649,14 @@
 CVE-2016-6272
        RESERVED
 CVE-2016-6297 (Integer overflow in the php_stream_zip_opener function in ...)
-       {DSA-3631-1}
+       {DSA-3631-1 DLA-628-1}
        - php7.0 7.0.9-1
        - php5 5.6.24+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/72520
        NOTE: 
http://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9
        NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
 CVE-2016-6296 (Integer signedness error in the simplestring_addn function in 
...)
-       {DSA-3631-1 DLA-569-1}
+       {DSA-3631-1 DLA-628-1 DLA-569-1}
        - php7.0 7.0.9-1
        - php5 5.6.24+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/72606
@@ -5664,14 +5666,14 @@
        [jessie] - xmlrpc-epi <no-dsa> (Can be fixed via point release, nothing 
depending on it in stable)
        NOTE: In stretch/sid php7.0 is using the system library not the 
embedded one.
 CVE-2016-6295 (ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 
7.x ...)
-       {DSA-3631-1}
+       {DSA-3631-1 DLA-628-1}
        - php7.0 7.0.9-1
        - php5 5.6.24+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/72479
        NOTE: 
http://git.php.net/?p=php-src.git;a=commit;h=cab1c3b3708eead315e033359d07049b23b147a3
        NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
 CVE-2016-6294 (The locale_accept_from_http function in ...)
-       {DSA-3631-1}
+       {DSA-3631-1 DLA-628-1}
        - php7.0 7.0.9-1
        - php5 5.6.24+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/72533
@@ -5684,28 +5686,28 @@
        NOTE: And possibly needs some more follow-up fixes, cf. with upstream 
changes
        NOTE: around/later than changeset 39109.
 CVE-2016-6292 (The exif_process_user_comment function in ext/exif/exif.c in 
PHP ...)
-       {DSA-3631-1}
+       {DSA-3631-1 DLA-628-1}
        - php7.0 7.0.9-1
        - php5 5.6.24+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/72618
        NOTE: 
http://git.php.net/?p=php-src.git;a=commit;h=41131cd41d2fd2e0c2f332a27988df75659c42e4
        NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
 CVE-2016-6291 (The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c 
in PHP ...)
-       {DSA-3631-1}
+       {DSA-3631-1 DLA-628-1}
        - php7.0 7.0.9-1
        - php5 5.6.24+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/72603
        NOTE: 
http://git.php.net/?p=php-src.git;a=commit;h=eebcbd5de38a0f1c2876035402cb770e37476519
        NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
 CVE-2016-6290 (ext/session/session.c in PHP before 5.5.38, 5.6.x before 
5.6.24, and ...)
-       {DSA-3631-1}
+       {DSA-3631-1 DLA-628-1}
        - php7.0 7.0.9-1
        - php5 5.6.24+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/72562
        NOTE: 
http://git.php.net/?p=php-src.git;a=commit;h=3798eb6fd5dddb211b01d41495072fd9858d4e32
        NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
 CVE-2016-6289 (Integer overflow in the virtual_file_ex function in ...)
-       {DSA-3631-1}
+       {DSA-3631-1 DLA-628-1}
        - php7.0 7.0.9-1
        - php5 5.6.24+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/72513
@@ -6463,7 +6465,7 @@
        NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790
 CVE-2016-6172
        RESERVED
-       {DSA-3664-1}
+       {DSA-3664-1 DLA-627-1}
        - pdns 4.0.1-1 (bug #830808)
        NOTE: https://github.com/PowerDNS/pdns/issues/4128
        NOTE: Master: https://github.com/PowerDNS/pdns/pull/4133
@@ -7587,42 +7589,42 @@
        NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
        NOTE: Fixed by: https://core.trac.wordpress.org/changeset/37773/
 CVE-2016-5773 (php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x 
before ...)
-       {DSA-3618-1}
+       {DSA-3618-1 DLA-628-1}
        - php7.0 7.0.8-1
        - php5 5.6.23+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72434
        NOTE: 
http://git.php.net/?p=php-src.git;a=commitdiff;h=f6aef68089221c5ea047d4a74224ee3deead99a6
        NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
 CVE-2016-5772 (Double free vulnerability in the php_wddx_process_data function 
in ...)
-       {DSA-3618-1}
+       {DSA-3618-1 DLA-628-1}
        - php7.0 7.0.8-1
        - php5 5.6.23+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72340
        NOTE: 
http://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c
        NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
 CVE-2016-5771 (spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x 
before ...)
-       {DSA-3618-1}
+       {DSA-3618-1 DLA-628-1}
        - php7.0 <not-affected> (Does not affect PHP 7.x)
        - php5 5.6.23+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72433
        NOTE: 
http://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c
        NOTE: Fixed in 5.5.37, 5.6.23
 CVE-2016-5770 (Integer overflow in the SplFileObject::fread function in ...)
-       {DSA-3618-1}
+       {DSA-3618-1 DLA-628-1}
        - php7.0 7.0.8-1
        - php5 5.6.23+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72262
        NOTE: 
http://git.php.net/?p=php-src.git;a=commitdiff;h=7245bff300d3fa8bacbef7897ff080a6f1c23eba
        NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
 CVE-2016-5769 (Multiple integer overflows in mcrypt.c in the mcrypt extension 
in PHP ...)
-       {DSA-3618-1}
+       {DSA-3618-1 DLA-628-1}
        - php7.0 7.0.8-1
        - php5 5.6.23+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72455
        NOTE: 
http://git.php.net/?p=php-src.git;a=commitdiff;h=6c5211a0cef0cc2854eaa387e0eb036e012904d0
        NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
 CVE-2016-5768 (Double free vulnerability in the 
_php_mb_regex_ereg_replace_exec ...)
-       {DSA-3618-1}
+       {DSA-3618-1 DLA-628-1}
        - php7.0 7.0.8-1
        - php5 5.6.23+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72402
@@ -8391,7 +8393,7 @@
        RESERVED
 CVE-2016-5427
        RESERVED
-       {DSA-3664-1}
+       {DSA-3664-1 DLA-627-1}
        - pdns 4.0.0~alpha1-1
        NOTE: Only affects PowerDNS Authoritative Server up to and including 
3.4.9, 4.x not affected
        NOTE: Added workaround to mark first 4.x version in unstable as fixed.
@@ -8399,7 +8401,7 @@
        NOTE: 
https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3
 CVE-2016-5426
        RESERVED
-       {DSA-3664-1}
+       {DSA-3664-1 DLA-627-1}
        - pdns 4.0.0~alpha1-1
        NOTE: Only affects PowerDNS Authoritative Server up to and including 
3.4.9, 4.x not affected
        NOTE: Added workaround to mark first 4.x version in unstable as fixed.
@@ -8528,7 +8530,7 @@
        NOTE: Fixed by: 
https://git.kernel.org/linus/aa93d1fee85c890a34f2510a310e55ee76a27848 (4.7)
 CVE-2016-5399 [Improper error handling in bzread()]
        RESERVED
-       {DSA-3631-1}
+       {DSA-3631-1 DLA-628-1}
        - php7.0 7.0.9-1
        - php5 5.6.24+dfsg-1
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72613
@@ -10167,6 +10169,7 @@
        RESERVED
 CVE-2016-5017 [Buffer overflow vulnerability in ZooKeeper C cli shell]
        RESERVED
+       {DLA-630-1}
        - zookeeper 3.4.9-1
        NOTE: The C cli shell is intended as a sample/example of how to use the 
C
        NOTE: client interface, not as a production tool
@@ -11969,7 +11972,7 @@
        NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
        NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
 CVE-2016-4538 (The bcpowmod function in ext/bcmath/bcmath.c in PHP before 
5.5.35, ...)
-       {DSA-3602-1}
+       {DSA-3602-1 DLA-628-1}
        - php7.0 7.0.6-1
        - php5 5.6.21+dfsg-1
        NOTE: https://bugs.php.net/bug.php?id=72093
@@ -12045,6 +12048,7 @@
        NOT-FOR-US: Red Hat OpenStack Overcloud image
 CVE-2016-4473
        RESERVED
+       {DLA-628-1}
        - php5 5.6.23+dfsg-1
        [jessie] - php5 5.6.23+dfsg-0+deb8u1
        NOTE: The issue was introduced as part CVE-2015-6833, which was applied 
upstream
@@ -19439,6 +19443,7 @@
        NOTE: https://bugs.php.net/bug.php?id=70661
        NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/02/03/3
 CVE-2016-5114 (sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 
5.6.17, and ...)
+       {DLA-628-1}
        - php5 5.6.17+dfsg-1
        [jessie] - php5 5.6.17+dfsg-0+deb8u1
        [squeeze] - php5 <not-affected> (vulnerable code not present)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r44729 - data/CVE

Reply via email to