Author: sectracker Date: 2016-04-26 21:10:13 +0000 (Tue, 26 Apr 2016) New Revision: 41219
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-04-26 20:28:35 UTC (rev 41218) +++ data/CVE/list 2016-04-26 21:10:13 UTC (rev 41219) @@ -185,8 +185,7 @@ RESERVED - typo3-src <removed> [wheezy] - typo3-src <end-of-life> (See DSA 3314) -CVE-2016-4054 - RESERVED +CVE-2016-4054 (Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows ...) - squid3 3.5.17-1 - squid <not-affected> (Squid 2.x are not vulnerable) NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_6.txt @@ -195,8 +194,7 @@ NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4) NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5) TODO: check -CVE-2016-4053 - RESERVED +CVE-2016-4053 (Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to ...) - squid3 3.5.17-1 - squid <removed> - squid <not-affected> (Squid 2.x are not vulnerable) @@ -206,8 +204,7 @@ NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4) NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5) TODO: check -CVE-2016-4052 - RESERVED +CVE-2016-4052 (Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and ...) - squid3 3.5.17-1 - squid <not-affected> (Squid 2.x are not vulnerable) NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_6.txt @@ -216,8 +213,7 @@ NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4) NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5) TODO: check -CVE-2016-4051 - RESERVED +CVE-2016-4051 (Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and ...) - squid3 3.5.17-1 - squid <removed> NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_5.txt @@ -1845,14 +1841,17 @@ CVE-2016-3428 (Unspecified vulnerability in the Oracle Agile Engineering Data ...) TODO: check CVE-2016-3427 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; ...) + {DSA-3558-1} - openjdk-8 8u91-b14-1 - openjdk-7 <removed> - openjdk-6 <removed> CVE-2016-3426 (Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded ...) + {DSA-3558-1} - openjdk-8 8u91-b14-1 - openjdk-7 <removed> - openjdk-6 <removed> CVE-2016-3425 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; ...) + {DSA-3558-1} - openjdk-8 8u91-b14-1 - openjdk-7 <removed> - openjdk-6 <removed> @@ -4074,8 +4073,7 @@ RESERVED CVE-2016-2574 RESERVED -CVE-2015-8852 [HTTP Smuggling issues: Double Content Length and bad EOL] - RESERVED +CVE-2015-8852 (Varnish 3.x before 3.0.7, when used in certain stacked installations, ...) {DSA-3553-1} - varnish 4.0.0-1 (bug #783510) NOTE: http://www.openwall.com/lists/oss-security/2016/04/16/1 @@ -4957,8 +4955,8 @@ {DSA-3540-1} - lhasa 0.3.1-1 NOTE: http://www.talosintel.com/reports/TALOS-2016-0095/ -CVE-2016-2346 - RESERVED +CVE-2016-2346 (Allround Automations PL/SQL Developer 11 before 11.0.6 relies on ...) + TODO: check CVE-2016-2345 (Stack-based buffer overflow in dwrcs.exe in the dwmrcs daemon in ...) NOT-FOR-US: SolarWinds DameWare Mini Remote Control CVE-2016-2344 (Stack-based buffer overflow in manager.exe in Backburner Manager in ...) @@ -4986,12 +4984,12 @@ RESERVED CVE-2016-2334 RESERVED -CVE-2016-2333 - RESERVED -CVE-2016-2332 - RESERVED -CVE-2016-2331 - RESERVED +CVE-2016-2333 (SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with ...) + TODO: check +CVE-2016-2332 (flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine ...) + TODO: check +CVE-2016-2331 (The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular ...) + TODO: check CVE-2016-2385 (Heap-based buffer overflow in the encode_msg function in encode_msg.c ...) {DSA-3535-1} - kamailio 4.3.4-2 (bug #815178) @@ -6274,7 +6272,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/2 NOTE: https://github.com/openid/php-openid/issues/128 CVE-2016-2047 (The ssl_verify_server_cert function in sql-common/client.c in MariaDB ...) - {DSA-3453-1} + {DSA-3557-1 DSA-3453-1} - mariadb-10.0 10.0.23-1 NOTE: https://mariadb.atlassian.net/browse/MDEV-9212 NOTE: https://github.com/MariaDB/server/commit/f0d774d48416bb06063184380b684380ca005a41 @@ -9045,8 +9043,8 @@ RESERVED CVE-2016-1203 RESERVED -CVE-2016-1202 - RESERVED +CVE-2016-1202 (Untrusted search path vulnerability in Atom Electron before 0.33.5 ...) + TODO: check CVE-2016-1201 RESERVED CVE-2016-1200 @@ -9079,8 +9077,8 @@ RESERVED CVE-2016-1186 RESERVED -CVE-2016-1185 - RESERVED +CVE-2016-1185 (The Cybozu kintone mobile application 1.x before 1.0.6 for Android ...) + TODO: check CVE-2016-1184 RESERVED CVE-2016-1183 @@ -10887,6 +10885,7 @@ CVE-2016-0696 (Unspecified vulnerability in the Oracle WebLogic Server component in ...) TODO: check CVE-2016-0695 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; ...) + {DSA-3558-1} - openjdk-8 8u91-b14-1 - openjdk-7 <removed> - openjdk-6 <removed> @@ -10905,10 +10904,12 @@ CVE-2016-0688 (Unspecified vulnerability in the Oracle WebLogic Server component in ...) TODO: check CVE-2016-0687 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and ...) + {DSA-3558-1} - openjdk-8 8u91-b14-1 - openjdk-7 <removed> - openjdk-6 <removed> CVE-2016-0686 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and ...) + {DSA-3558-1} - openjdk-8 8u91-b14-1 - openjdk-7 <removed> - openjdk-6 <removed> @@ -10957,6 +10958,7 @@ - mysql-5.5 <not-affected> (Only affects MySQL 5.7) NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0666 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 ...) + {DSA-3557-1} - mysql-5.6 5.6.30-1 (bug #821094) - mysql-5.5 <removed> (bug #821100) - mariadb-10.0 <unfixed> @@ -11026,16 +11028,19 @@ - mariadb-10.0 10.0.23-1 NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0650 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 ...) + {DSA-3557-1} - mysql-5.6 5.6.30-1 (bug #821094) - mysql-5.5 <removed> (bug #821100) - mariadb-10.0 10.0.24-1 NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0649 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 ...) + {DSA-3557-1} - mysql-5.6 5.6.30-1 (bug #821094) - mysql-5.5 <removed> (bug #821100) - mariadb-10.0 10.0.24-1 NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0648 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 ...) + {DSA-3557-1} - mysql-5.6 5.6.30-1 (bug #821094) - mysql-5.5 <removed> (bug #821100) - mariadb-10.0 <unfixed> @@ -11043,6 +11048,7 @@ NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0647 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 ...) + {DSA-3557-1} - mysql-5.6 5.6.30-1 (bug #821094) - mysql-5.5 <removed> (bug #821100) - mariadb-10.0 <unfixed> @@ -11050,6 +11056,7 @@ NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0646 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 ...) + {DSA-3557-1} - mysql-5.6 5.6.30-1 (bug #821094) - mysql-5.5 <removed> (bug #821100) - mariadb-10.0 10.0.24-1 @@ -11057,11 +11064,13 @@ CVE-2016-0645 RESERVED CVE-2016-0644 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 ...) + {DSA-3557-1} - mysql-5.6 5.6.30-1 (bug #821094) - mysql-5.5 <removed> (bug #821100) - mariadb-10.0 10.0.24-1 NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0643 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 ...) + {DSA-3557-1} - mysql-5.6 5.6.30-1 (bug #821094) - mysql-5.5 <removed> (bug #821100) - mariadb-10.0 <unfixed> @@ -11069,16 +11078,19 @@ NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0642 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 ...) + {DSA-3557-1} - mysql-5.6 5.6.30-1 (bug #821094) - mysql-5.5 <removed> (bug #821100) - mariadb-10.0 10.0.23-1 NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0641 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 ...) + {DSA-3557-1} - mysql-5.6 5.6.30-1 (bug #821094) - mysql-5.5 <removed> (bug #821100) - mariadb-10.0 10.0.24-1 NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html CVE-2016-0640 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 ...) + {DSA-3557-1} - mysql-5.6 5.6.30-1 (bug #821094) - mysql-5.5 <removed> (bug #821100) - mariadb-10.0 10.0.24-1 @@ -11092,6 +11104,7 @@ CVE-2016-0637 RESERVED CVE-2016-0636 (Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 ...) + {DSA-3558-1} - openjdk-8 8u77-b03-1 [experimental] - openjdk-7 7u95-2.6.4-3 - openjdk-7 <removed> @@ -26698,13 +26711,13 @@ CVE-2015-3573 RESERVED CVE-2015-3572 - RESERVED + REJECTED CVE-2015-3571 - RESERVED + REJECTED CVE-2015-3570 RESERVED CVE-2015-3569 - RESERVED + REJECTED CVE-2015-3568 RESERVED CVE-2015-3567 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits