Author: sectracker
Date: 2016-04-26 21:10:13 +0000 (Tue, 26 Apr 2016)
New Revision: 41219
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-04-26 20:28:35 UTC (rev 41218)
+++ data/CVE/list 2016-04-26 21:10:13 UTC (rev 41219)
@@ -185,8 +185,7 @@
RESERVED
- typo3-src <removed>
[wheezy] - typo3-src <end-of-life> (See DSA 3314)
-CVE-2016-4054
- RESERVED
+CVE-2016-4054 (Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9
allows ...)
- squid3 3.5.17-1
- squid <not-affected> (Squid 2.x are not vulnerable)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_6.txt
@@ -195,8 +194,7 @@
NOTE:
http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch
(Squid 3.4)
NOTE:
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch
(Squid 3.5)
TODO: check
-CVE-2016-4053
- RESERVED
+CVE-2016-4053 (Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote
attackers to ...)
- squid3 3.5.17-1
- squid <removed>
- squid <not-affected> (Squid 2.x are not vulnerable)
@@ -206,8 +204,7 @@
NOTE:
http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch
(Squid 3.4)
NOTE:
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch
(Squid 3.5)
TODO: check
-CVE-2016-4052
- RESERVED
+CVE-2016-4052 (Multiple stack-based buffer overflows in Squid 3.x before
3.5.17 and ...)
- squid3 3.5.17-1
- squid <not-affected> (Squid 2.x are not vulnerable)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_6.txt
@@ -216,8 +213,7 @@
NOTE:
http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch
(Squid 3.4)
NOTE:
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch
(Squid 3.5)
TODO: check
-CVE-2016-4051
- RESERVED
+CVE-2016-4051 (Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before
3.5.17, and ...)
- squid3 3.5.17-1
- squid <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_5.txt
@@ -1845,14 +1841,17 @@
CVE-2016-3428 (Unspecified vulnerability in the Oracle Agile Engineering Data
...)
TODO: check
CVE-2016-3427 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and
8u77; ...)
+ {DSA-3558-1}
- openjdk-8 8u91-b14-1
- openjdk-7 <removed>
- openjdk-6 <removed>
CVE-2016-3426 (Unspecified vulnerability in Oracle Java SE 8u77 and Java SE
Embedded ...)
+ {DSA-3558-1}
- openjdk-8 8u91-b14-1
- openjdk-7 <removed>
- openjdk-6 <removed>
CVE-2016-3425 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and
8u77; ...)
+ {DSA-3558-1}
- openjdk-8 8u91-b14-1
- openjdk-7 <removed>
- openjdk-6 <removed>
@@ -4074,8 +4073,7 @@
RESERVED
CVE-2016-2574
RESERVED
-CVE-2015-8852 [HTTP Smuggling issues: Double Content Length and bad EOL]
- RESERVED
+CVE-2015-8852 (Varnish 3.x before 3.0.7, when used in certain stacked
installations, ...)
{DSA-3553-1}
- varnish 4.0.0-1 (bug #783510)
NOTE: http://www.openwall.com/lists/oss-security/2016/04/16/1
@@ -4957,8 +4955,8 @@
{DSA-3540-1}
- lhasa 0.3.1-1
NOTE: http://www.talosintel.com/reports/TALOS-2016-0095/
-CVE-2016-2346
- RESERVED
+CVE-2016-2346 (Allround Automations PL/SQL Developer 11 before 11.0.6 relies
on ...)
+ TODO: check
CVE-2016-2345 (Stack-based buffer overflow in dwrcs.exe in the dwmrcs daemon
in ...)
NOT-FOR-US: SolarWinds DameWare Mini Remote Control
CVE-2016-2344 (Stack-based buffer overflow in manager.exe in Backburner
Manager in ...)
@@ -4986,12 +4984,12 @@
RESERVED
CVE-2016-2334
RESERVED
-CVE-2016-2333
- RESERVED
-CVE-2016-2332
- RESERVED
-CVE-2016-2331
- RESERVED
+CVE-2016-2333 (SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway
devices with ...)
+ TODO: check
+CVE-2016-2332 (flu.cgi in the web interface on SysLINK SL-1000
Machine-to-Machine ...)
+ TODO: check
+CVE-2016-2331 (The web interface on SysLINK SL-1000 Machine-to-Machine (M2M)
Modular ...)
+ TODO: check
CVE-2016-2385 (Heap-based buffer overflow in the encode_msg function in
encode_msg.c ...)
{DSA-3535-1}
- kamailio 4.3.4-2 (bug #815178)
@@ -6274,7 +6272,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/2
NOTE: https://github.com/openid/php-openid/issues/128
CVE-2016-2047 (The ssl_verify_server_cert function in sql-common/client.c in
MariaDB ...)
- {DSA-3453-1}
+ {DSA-3557-1 DSA-3453-1}
- mariadb-10.0 10.0.23-1
NOTE: https://mariadb.atlassian.net/browse/MDEV-9212
NOTE:
https://github.com/MariaDB/server/commit/f0d774d48416bb06063184380b684380ca005a41
@@ -9045,8 +9043,8 @@
RESERVED
CVE-2016-1203
RESERVED
-CVE-2016-1202
- RESERVED
+CVE-2016-1202 (Untrusted search path vulnerability in Atom Electron before
0.33.5 ...)
+ TODO: check
CVE-2016-1201
RESERVED
CVE-2016-1200
@@ -9079,8 +9077,8 @@
RESERVED
CVE-2016-1186
RESERVED
-CVE-2016-1185
- RESERVED
+CVE-2016-1185 (The Cybozu kintone mobile application 1.x before 1.0.6 for
Android ...)
+ TODO: check
CVE-2016-1184
RESERVED
CVE-2016-1183
@@ -10887,6 +10885,7 @@
CVE-2016-0696 (Unspecified vulnerability in the Oracle WebLogic Server
component in ...)
TODO: check
CVE-2016-0695 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and
8u77; ...)
+ {DSA-3558-1}
- openjdk-8 8u91-b14-1
- openjdk-7 <removed>
- openjdk-6 <removed>
@@ -10905,10 +10904,12 @@
CVE-2016-0688 (Unspecified vulnerability in the Oracle WebLogic Server
component in ...)
TODO: check
CVE-2016-0687 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and
8u77 and ...)
+ {DSA-3558-1}
- openjdk-8 8u91-b14-1
- openjdk-7 <removed>
- openjdk-6 <removed>
CVE-2016-0686 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and
8u77 and ...)
+ {DSA-3558-1}
- openjdk-8 8u91-b14-1
- openjdk-7 <removed>
- openjdk-6 <removed>
@@ -10957,6 +10958,7 @@
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
NOTE:
http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0666 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier,
5.6.29 ...)
+ {DSA-3557-1}
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 <removed> (bug #821100)
- mariadb-10.0 <unfixed>
@@ -11026,16 +11028,19 @@
- mariadb-10.0 10.0.23-1
NOTE:
http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0650 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier,
5.6.28 ...)
+ {DSA-3557-1}
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 <removed> (bug #821100)
- mariadb-10.0 10.0.24-1
NOTE:
http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0649 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier,
5.6.28 ...)
+ {DSA-3557-1}
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 <removed> (bug #821100)
- mariadb-10.0 10.0.24-1
NOTE:
http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0648 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier,
5.6.29 ...)
+ {DSA-3557-1}
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 <removed> (bug #821100)
- mariadb-10.0 <unfixed>
@@ -11043,6 +11048,7 @@
NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/
NOTE:
http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0647 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier,
5.6.29 ...)
+ {DSA-3557-1}
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 <removed> (bug #821100)
- mariadb-10.0 <unfixed>
@@ -11050,6 +11056,7 @@
NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/
NOTE:
http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0646 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier,
5.6.28 ...)
+ {DSA-3557-1}
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 <removed> (bug #821100)
- mariadb-10.0 10.0.24-1
@@ -11057,11 +11064,13 @@
CVE-2016-0645
RESERVED
CVE-2016-0644 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier,
5.6.28 ...)
+ {DSA-3557-1}
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 <removed> (bug #821100)
- mariadb-10.0 10.0.24-1
NOTE:
http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0643 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier,
5.6.29 ...)
+ {DSA-3557-1}
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 <removed> (bug #821100)
- mariadb-10.0 <unfixed>
@@ -11069,16 +11078,19 @@
NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/
NOTE:
http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0642 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier,
5.6.29 ...)
+ {DSA-3557-1}
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 <removed> (bug #821100)
- mariadb-10.0 10.0.23-1
NOTE:
http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0641 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier,
5.6.28 ...)
+ {DSA-3557-1}
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 <removed> (bug #821100)
- mariadb-10.0 10.0.24-1
NOTE:
http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0640 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier,
5.6.28 ...)
+ {DSA-3557-1}
- mysql-5.6 5.6.30-1 (bug #821094)
- mysql-5.5 <removed> (bug #821100)
- mariadb-10.0 10.0.24-1
@@ -11092,6 +11104,7 @@
CVE-2016-0637
RESERVED
CVE-2016-0636 (Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and
8u74 ...)
+ {DSA-3558-1}
- openjdk-8 8u77-b03-1
[experimental] - openjdk-7 7u95-2.6.4-3
- openjdk-7 <removed>
@@ -26698,13 +26711,13 @@
CVE-2015-3573
RESERVED
CVE-2015-3572
- RESERVED
+ REJECTED
CVE-2015-3571
- RESERVED
+ REJECTED
CVE-2015-3570
RESERVED
CVE-2015-3569
- RESERVED
+ REJECTED
CVE-2015-3568
RESERVED
CVE-2015-3567
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
