Author: sectracker
Date: 2015-12-07 21:10:17 +0000 (Mon, 07 Dec 2015)
New Revision: 38157
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-12-07 21:07:01 UTC (rev 38156)
+++ data/CVE/list 2015-12-07 21:10:17 UTC (rev 38157)
@@ -1,3 +1,425 @@
+CVE-2016-0200
+ RESERVED
+CVE-2016-0199
+ RESERVED
+CVE-2016-0198
+ RESERVED
+CVE-2016-0197
+ RESERVED
+CVE-2016-0196
+ RESERVED
+CVE-2016-0195
+ RESERVED
+CVE-2016-0194
+ RESERVED
+CVE-2016-0193
+ RESERVED
+CVE-2016-0192
+ RESERVED
+CVE-2016-0191
+ RESERVED
+CVE-2016-0190
+ RESERVED
+CVE-2016-0189
+ RESERVED
+CVE-2016-0188
+ RESERVED
+CVE-2016-0187
+ RESERVED
+CVE-2016-0186
+ RESERVED
+CVE-2016-0185
+ RESERVED
+CVE-2016-0184
+ RESERVED
+CVE-2016-0183
+ RESERVED
+CVE-2016-0182
+ RESERVED
+CVE-2016-0181
+ RESERVED
+CVE-2016-0180
+ RESERVED
+CVE-2016-0179
+ RESERVED
+CVE-2016-0178
+ RESERVED
+CVE-2016-0177
+ RESERVED
+CVE-2016-0176
+ RESERVED
+CVE-2016-0175
+ RESERVED
+CVE-2016-0174
+ RESERVED
+CVE-2016-0173
+ RESERVED
+CVE-2016-0172
+ RESERVED
+CVE-2016-0171
+ RESERVED
+CVE-2016-0170
+ RESERVED
+CVE-2016-0169
+ RESERVED
+CVE-2016-0168
+ RESERVED
+CVE-2016-0167
+ RESERVED
+CVE-2016-0166
+ RESERVED
+CVE-2016-0165
+ RESERVED
+CVE-2016-0164
+ RESERVED
+CVE-2016-0163
+ RESERVED
+CVE-2016-0162
+ RESERVED
+CVE-2016-0161
+ RESERVED
+CVE-2016-0160
+ RESERVED
+CVE-2016-0159
+ RESERVED
+CVE-2016-0158
+ RESERVED
+CVE-2016-0157
+ RESERVED
+CVE-2016-0156
+ RESERVED
+CVE-2016-0155
+ RESERVED
+CVE-2016-0154
+ RESERVED
+CVE-2016-0153
+ RESERVED
+CVE-2016-0152
+ RESERVED
+CVE-2016-0151
+ RESERVED
+CVE-2016-0150
+ RESERVED
+CVE-2016-0149
+ RESERVED
+CVE-2016-0148
+ RESERVED
+CVE-2016-0147
+ RESERVED
+CVE-2016-0146
+ RESERVED
+CVE-2016-0145
+ RESERVED
+CVE-2016-0144
+ RESERVED
+CVE-2016-0143
+ RESERVED
+CVE-2016-0142
+ RESERVED
+CVE-2016-0141
+ RESERVED
+CVE-2016-0140
+ RESERVED
+CVE-2016-0139
+ RESERVED
+CVE-2016-0138
+ RESERVED
+CVE-2016-0137
+ RESERVED
+CVE-2016-0136
+ RESERVED
+CVE-2016-0135
+ RESERVED
+CVE-2016-0134
+ RESERVED
+CVE-2016-0133
+ RESERVED
+CVE-2016-0132
+ RESERVED
+CVE-2016-0131
+ RESERVED
+CVE-2016-0130
+ RESERVED
+CVE-2016-0129
+ RESERVED
+CVE-2016-0128
+ RESERVED
+CVE-2016-0127
+ RESERVED
+CVE-2016-0126
+ RESERVED
+CVE-2016-0125
+ RESERVED
+CVE-2016-0124
+ RESERVED
+CVE-2016-0123
+ RESERVED
+CVE-2016-0122
+ RESERVED
+CVE-2016-0121
+ RESERVED
+CVE-2016-0120
+ RESERVED
+CVE-2016-0119
+ RESERVED
+CVE-2016-0118
+ RESERVED
+CVE-2016-0117
+ RESERVED
+CVE-2016-0116
+ RESERVED
+CVE-2016-0115
+ RESERVED
+CVE-2016-0114
+ RESERVED
+CVE-2016-0113
+ RESERVED
+CVE-2016-0112
+ RESERVED
+CVE-2016-0111
+ RESERVED
+CVE-2016-0110
+ RESERVED
+CVE-2016-0109
+ RESERVED
+CVE-2016-0108
+ RESERVED
+CVE-2016-0107
+ RESERVED
+CVE-2016-0106
+ RESERVED
+CVE-2016-0105
+ RESERVED
+CVE-2016-0104
+ RESERVED
+CVE-2016-0103
+ RESERVED
+CVE-2016-0102
+ RESERVED
+CVE-2016-0101
+ RESERVED
+CVE-2016-0100
+ RESERVED
+CVE-2016-0099
+ RESERVED
+CVE-2016-0098
+ RESERVED
+CVE-2016-0097
+ RESERVED
+CVE-2016-0096
+ RESERVED
+CVE-2016-0095
+ RESERVED
+CVE-2016-0094
+ RESERVED
+CVE-2016-0093
+ RESERVED
+CVE-2016-0092
+ RESERVED
+CVE-2016-0091
+ RESERVED
+CVE-2016-0090
+ RESERVED
+CVE-2016-0089
+ RESERVED
+CVE-2016-0088
+ RESERVED
+CVE-2016-0087
+ RESERVED
+CVE-2016-0086
+ RESERVED
+CVE-2016-0085
+ RESERVED
+CVE-2016-0084
+ RESERVED
+CVE-2016-0083
+ RESERVED
+CVE-2016-0082
+ RESERVED
+CVE-2016-0081
+ RESERVED
+CVE-2016-0080
+ RESERVED
+CVE-2016-0079
+ RESERVED
+CVE-2016-0078
+ RESERVED
+CVE-2016-0077
+ RESERVED
+CVE-2016-0076
+ RESERVED
+CVE-2016-0075
+ RESERVED
+CVE-2016-0074
+ RESERVED
+CVE-2016-0073
+ RESERVED
+CVE-2016-0072
+ RESERVED
+CVE-2016-0071
+ RESERVED
+CVE-2016-0070
+ RESERVED
+CVE-2016-0069
+ RESERVED
+CVE-2016-0068
+ RESERVED
+CVE-2016-0067
+ RESERVED
+CVE-2016-0066
+ RESERVED
+CVE-2016-0065
+ RESERVED
+CVE-2016-0064
+ RESERVED
+CVE-2016-0063
+ RESERVED
+CVE-2016-0062
+ RESERVED
+CVE-2016-0061
+ RESERVED
+CVE-2016-0060
+ RESERVED
+CVE-2016-0059
+ RESERVED
+CVE-2016-0058
+ RESERVED
+CVE-2016-0057
+ RESERVED
+CVE-2016-0056
+ RESERVED
+CVE-2016-0055
+ RESERVED
+CVE-2016-0054
+ RESERVED
+CVE-2016-0053
+ RESERVED
+CVE-2016-0052
+ RESERVED
+CVE-2016-0051
+ RESERVED
+CVE-2016-0050
+ RESERVED
+CVE-2016-0049
+ RESERVED
+CVE-2016-0048
+ RESERVED
+CVE-2016-0047
+ RESERVED
+CVE-2016-0046
+ RESERVED
+CVE-2016-0045
+ RESERVED
+CVE-2016-0044
+ RESERVED
+CVE-2016-0043
+ RESERVED
+CVE-2016-0042
+ RESERVED
+CVE-2016-0041
+ RESERVED
+CVE-2016-0040
+ RESERVED
+CVE-2016-0039
+ RESERVED
+CVE-2016-0038
+ RESERVED
+CVE-2016-0037
+ RESERVED
+CVE-2016-0036
+ RESERVED
+CVE-2016-0035
+ RESERVED
+CVE-2016-0034
+ RESERVED
+CVE-2016-0033
+ RESERVED
+CVE-2016-0032
+ RESERVED
+CVE-2016-0031
+ RESERVED
+CVE-2016-0030
+ RESERVED
+CVE-2016-0029
+ RESERVED
+CVE-2016-0028
+ RESERVED
+CVE-2016-0027
+ RESERVED
+CVE-2016-0026
+ RESERVED
+CVE-2016-0025
+ RESERVED
+CVE-2016-0024
+ RESERVED
+CVE-2016-0023
+ RESERVED
+CVE-2016-0022
+ RESERVED
+CVE-2016-0021
+ RESERVED
+CVE-2016-0020
+ RESERVED
+CVE-2016-0019
+ RESERVED
+CVE-2016-0018
+ RESERVED
+CVE-2016-0017
+ RESERVED
+CVE-2016-0016
+ RESERVED
+CVE-2016-0015
+ RESERVED
+CVE-2016-0014
+ RESERVED
+CVE-2016-0013
+ RESERVED
+CVE-2016-0012
+ RESERVED
+CVE-2016-0011
+ RESERVED
+CVE-2016-0010
+ RESERVED
+CVE-2016-0009
+ RESERVED
+CVE-2016-0008
+ RESERVED
+CVE-2016-0007
+ RESERVED
+CVE-2016-0006
+ RESERVED
+CVE-2016-0005
+ RESERVED
+CVE-2016-0004
+ RESERVED
+CVE-2016-0003
+ RESERVED
+CVE-2016-0002
+ RESERVED
+CVE-2016-0001
+ RESERVED
+CVE-2015-8480 (The VideoFramePool::PoolImpl::CreateFrame function in ...)
+ TODO: check
+CVE-2015-8479 (Use-after-free vulnerability in the ...)
+ TODO: check
+CVE-2015-8478 (Multiple unspecified vulnerabilities in Google V8 before
4.7.80.23, as ...)
+ TODO: check
+CVE-2015-8475
+ RESERVED
+CVE-2015-8471
+ RESERVED
+CVE-2015-8470
+ RESERVED
+CVE-2015-8469
+ RESERVED
+CVE-2015-8468
+ RESERVED
+CVE-2015-8467
+ RESERVED
+CVE-2015-8466
+ RESERVED
+CVE-2014-9758
+ RESERVED
CVE-2015-XXXX [uses non-random tempdir /tmp/tmprepo.0/.git/]
- git-repair <unfixed> (bug #807341)
CVE-2015-XXXX [Data disclosure in atom feed]
@@ -14,10 +436,12 @@
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/12/04/4
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=754488
CVE-2015-8476 [PHPMailer Message Injection Vulnerability]
+ RESERVED
- libphp-phpmailer 5.2.14+dfsg-1 (bug #807265)
NOTE:
https://github.com/PHPMailer/PHPMailer/commit/6687a96a18b8f12148881e4ddde795ae477284b0
(v5.2.14)
TODO: check wheezy version
CVE-2015-8474 [Open Redirect vulnerability]
+ RESERVED
- redmine <unfixed> (bug #807272)
NOTE: http://www.redmine.org/projects/redmine/wiki/Security_Advisories
NOTE: https://www.redmine.org/issues/19577 (private)
@@ -25,6 +449,7 @@
NOTE: upstream fixed in 2.6.7, 3.0.5 and 3.1.1
NOTE: http://www.openwall.com/lists/oss-security/2015/12/04/1
CVE-2015-8473 [Issues API may disclose changeset messages that are not visible]
+ RESERVED
- redmine <unfixed> (bug #807345)
NOTE: https://www.redmine.org/projects/redmine/wiki/Changelog_3_0
NOTE: https://www.redmine.org/issues/21136
@@ -953,6 +1378,7 @@
NOTE: latex2rtf compiled with -D_FORTIFY_SOURCE=2
NOTE: Rendered non-exploitable by toolchain hardening
CVE-2015-8472 [Incomplete fix for CVE-2015-8126]
+ RESERVED
- libpng <unfixed> (bug #807112)
NOTE: Fixed in 1.6.20, 1.5.25, 1.4.18, 1.2.55, and 1.0.65
CVE-2015-8126 (Multiple buffer overflows in the (1) png_set_PLTE and (2)
png_get_PLTE ...)
@@ -4224,8 +4650,7 @@
RESERVED
CVE-2015-6850
RESERVED
-CVE-2015-6849
- RESERVED
+CVE-2015-6849 (EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x
before ...)
NOT-FOR-US: EMC
CVE-2015-6848 (EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3,
and ...)
NOT-FOR-US: EMC
@@ -4513,127 +4938,103 @@
RESERVED
CVE-2015-6788
RESERVED
-CVE-2015-6787
- RESERVED
+CVE-2015-6787 (Multiple unspecified vulnerabilities in Google Chrome before
...)
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-6786
- RESERVED
+CVE-2015-6786 (The CSPSourceList::matches function in ...)
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-6785
- RESERVED
+CVE-2015-6785 (The CSPSource::hostMatches function in ...)
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-6784
- RESERVED
+CVE-2015-6784 (The page serializer in Google Chrome before 47.0.2526.73
mishandles ...)
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-6783
- RESERVED
+CVE-2015-6783 (The FindStartOffsetOfFileInZipFile function in
crazy_linker_zip.cpp in ...)
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-6782
- RESERVED
+CVE-2015-6782 (The Document::open function in
WebKit/Source/core/dom/Document.cpp in ...)
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-6781
- RESERVED
+CVE-2015-6781 (Integer overflow in the FontData::Bound function in
data/font_data.cc ...)
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-6780
- RESERVED
+CVE-2015-6780 (Use-after-free vulnerability in the Infobars implementation in
Google ...)
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-6779
- RESERVED
+CVE-2015-6779 (PDFium, as used in Google Chrome before 47.0.2526.73, does not
...)
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-6778
- RESERVED
+CVE-2015-6778 (The CJBig2_SymbolDict class in
fxcodec/jbig2/JBig2_SymbolDict.cpp in ...)
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-6777
- RESERVED
+CVE-2015-6777 (Use-after-free vulnerability in the ...)
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-6776
- RESERVED
+CVE-2015-6776 (The opj_dwt_decode_1* functions in dwt.c in OpenJPEG, as used
in ...)
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-6775
- RESERVED
+CVE-2015-6775 (fpdfsdk/src/jsapi/fxjs_v8.cpp in PDFium, as used in Google
Chrome ...)
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-6774
- RESERVED
+CVE-2015-6774 (Use-after-free vulnerability in the GetLoadTimes function in
...)
- libv8-3.14 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-6773
- RESERVED
+CVE-2015-6773 (The convolution implementation in Skia, as used in Google
Chrome ...)
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-6772
- RESERVED
+CVE-2015-6772 (The DOM implementation in Blink, as used in Google Chrome
before ...)
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-6771
- RESERVED
+CVE-2015-6771 (js/array.js in Google V8, as used in Google Chrome before ...)
- libv8-3.14 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-6770
- RESERVED
+CVE-2015-6770 (The DOM implementation in Google Chrome before 47.0.2526.73
allows ...)
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-6769
- RESERVED
+CVE-2015-6769 (The provisional-load commit implementation in ...)
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-6768
- RESERVED
+CVE-2015-6768 (The DOM implementation in Google Chrome before 47.0.2526.73
allows ...)
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-6767
- RESERVED
+CVE-2015-6767 (Use-after-free vulnerability in ...)
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-6766
- RESERVED
+CVE-2015-6766 (Use-after-free vulnerability in the AppCache implementation in
Google ...)
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-6765
- RESERVED
+CVE-2015-6765 (Use-after-free vulnerability in ...)
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-6764 [V8 out-of-bounds access vulnerability]
- RESERVED
+CVE-2015-6764 (The BasicJsonStringifier::SerializeJSArray function in ...)
- libv8-3.14 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
- nodejs 4.2.3~dfsg-1 (bug #806385)
@@ -5511,28 +5912,28 @@
RESERVED
CVE-2015-6395
RESERVED
-CVE-2015-6394
- RESERVED
+CVE-2015-6394 (The kernel in Cisco NX-OS 5.2(9)N1(1) on Nexus 5000 devices
allows ...)
+ TODO: check
CVE-2015-6393
RESERVED
CVE-2015-6392
RESERVED
-CVE-2015-6391
- RESERVED
+CVE-2015-6391 (Cisco Unified SIP 3905 phones allow remote attackers to cause a
denial ...)
+ TODO: check
CVE-2015-6390 (Cross-site scripting (XSS) vulnerability in the management
interface ...)
TODO: check
CVE-2015-6389
RESERVED
-CVE-2015-6388
- RESERVED
-CVE-2015-6387
- RESERVED
+CVE-2015-6388 (Cisco Unified Computing System (UCS) Central software 1.3(0.1)
allows ...)
+ TODO: check
+CVE-2015-6387 (Cross-site scripting (XSS) vulnerability in Cisco Unified
Computing ...)
+ TODO: check
CVE-2015-6386 (The passthrough FTP feature on Cisco Web Security Appliance
(WSA) ...)
TODO: check
CVE-2015-6385 (The publish-event event-manager feature in Cisco IOS 15.5(2)S
and ...)
TODO: check
-CVE-2015-6384
- RESERVED
+CVE-2015-6384 (The Cisco WebEx Meetings application before 8.5.1 for Android
...)
+ TODO: check
CVE-2015-6383 (Cisco IOS XE 15.4(3)S on ASR 1000 devices improperly loads
software ...)
TODO: check
CVE-2015-6382 (Cisco ASR 5000 devices with software 16.0(900) allow remote
attackers ...)
@@ -14615,24 +15016,20 @@
NOT-FOR-US: Undertow module of WildFly / JBOSS
CVE-2015-3197
RESERVED
-CVE-2015-3196
- RESERVED
+CVE-2015-3196 (ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before
1.0.1p, and ...)
{DSA-3413-1}
- openssl 1.0.2d-1
[squeeze] - openssl <not-affected> (Only affects 1.0.0 to 1.0.2)
-CVE-2015-3195
- RESERVED
+CVE-2015-3195 (The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c
in ...)
{DSA-3413-1 DLA-358-1}
- openssl 1.0.2e-1
NOTE: https://www.openssl.org/news/secadv/20151203.txt
-CVE-2015-3194
- RESERVED
+CVE-2015-3194 (crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2
before ...)
{DSA-3413-1}
- openssl 1.0.2e-1
[squeeze] - openssl <not-affected> (Only affects 1.0.1 and 1.0.2)
NOTE: https://www.openssl.org/news/secadv/20151203.txt
-CVE-2015-3193
- RESERVED
+CVE-2015-3193 (The Montgomery squaring implementation in ...)
- openssl 1.0.2e-1
[jessie] - openssl <not-affected> (Only affects 1.0.2)
[wheezy] - openssl <not-affected> (Only affects 1.0.2)
@@ -18263,6 +18660,7 @@
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/02/22/15
NOTE: Added workaround entry for DLA-316-1 until CVE assigned.
CVE-2015-8477 [Potential XSS vulnerability when rendering some flash messages]
+ RESERVED
- redmine 3.0~20140825-5 (low)
[wheezy] - redmine <no-dsa> (Minor issue)
[squeeze] - redmine <no-dsa> (Minor issue)
@@ -18915,8 +19313,7 @@
CVE-2015-1795
RESERVED
- glusterfs <not-affected> (Vulnerable code specific to glusterfs.spec
and not present in source in Debian)
-CVE-2015-1794
- RESERVED
+CVE-2015-1794 (The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL
1.0.2 ...)
- openssl 1.0.2e-1
[jessie] - openssl <not-affected> (Vulnerable code not present)
[wheezy] - openssl <not-affected> (Vulnerable code not present)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
