Author: sectracker Date: 2016-05-03 21:10:13 +0000 (Tue, 03 May 2016) New Revision: 41397
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-05-03 19:23:01 UTC (rev 41396) +++ data/CVE/list 2016-05-03 21:10:13 UTC (rev 41397) @@ -2540,17 +2540,17 @@ CVE-2016-3428 (Unspecified vulnerability in the Oracle Agile Engineering Data ...) TODO: check CVE-2016-3427 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; ...) - {DSA-3558-1} + {DSA-3558-1 DLA-451-1} - openjdk-8 8u91-b14-1 - openjdk-7 <removed> - openjdk-6 <removed> CVE-2016-3426 (Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded ...) - {DSA-3558-1} + {DSA-3558-1 DLA-451-1} - openjdk-8 8u91-b14-1 - openjdk-7 <removed> - openjdk-6 <removed> CVE-2016-3425 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; ...) - {DSA-3558-1} + {DSA-3558-1 DLA-451-1} - openjdk-8 8u91-b14-1 - openjdk-7 <removed> - openjdk-6 <removed> @@ -3953,11 +3953,13 @@ [squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS) CVE-2016-3178 RESERVED + {DLA-454-1} - minissdpd <unfixed> (bug #816759) NOTE: https://speirofr.appspot.com/files/advisory/SPADV-2016-02.md NOTE: https://github.com/miniupnp/miniupnp/commit/b238cade9a173c6f751a34acf8ccff838a62aa47 CVE-2016-3179 RESERVED + {DLA-454-1} - minissdpd <unfixed> (bug #816759) NOTE: https://speirofr.appspot.com/files/advisory/SPADV-2016-02.md NOTE: https://github.com/miniupnp/miniupnp/commit/140ee8d2204b383279f854802b27bdb41c1d5d1a @@ -6304,6 +6306,7 @@ RESERVED CVE-2016-2176 [EBCDIC overread] RESERVED + {DSA-3566-1 DLA-456-1} - openssl <not-affected> (Only affects EBCDIC systems) - openssl 1.0.2h-1 NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ea96ad5a206b7b5f25dad230333e8ff032df3219 @@ -6504,24 +6507,29 @@ NOTE: https://www.samba.org/samba/security/CVE-2016-2110.html CVE-2016-2109 [ASN.1 BIO excessive memory allocation] RESERVED + {DSA-3566-1 DLA-456-1} - openssl 1.0.2h-1 NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807 NOTE: https://www.openssl.org/news/secadv/20160503.txt CVE-2016-2108 [Memory corruption in the ASN.1 encoder] RESERVED + {DSA-3566-1 DLA-456-1} - openssl 1.0.2c-1 NOTE: https://www.openssl.org/news/secadv/20160503.txt CVE-2016-2107 [Padding oracle in AES-NI CBC MAC check] RESERVED + {DSA-3566-1 DLA-456-1} - openssl 1.0.2h-1 NOTE: https://www.openssl.org/news/secadv/20160503.txt CVE-2016-2106 [EVP_EncryptUpdate overflow] RESERVED + {DSA-3566-1 DLA-456-1} - openssl 1.0.2h-1 NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=3f3582139fbb259a1c3cbb0a25236500a409bf26 NOTE: https://www.openssl.org/news/secadv/20160503.txt CVE-2016-2105 [EVP_EncodeUpdate overflow] RESERVED + {DSA-3566-1 DLA-456-1} - openssl 1.0.2h-1 NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ee1e3cac2e83abc77bcc8ff98729ca1e10fcc920 NOTE: https://www.openssl.org/news/secadv/20160503.txt @@ -11634,7 +11642,7 @@ CVE-2016-0696 (Unspecified vulnerability in the Oracle WebLogic Server component in ...) TODO: check CVE-2016-0695 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; ...) - {DSA-3558-1} + {DSA-3558-1 DLA-451-1} - openjdk-8 8u91-b14-1 - openjdk-7 <removed> - openjdk-6 <removed> @@ -11653,12 +11661,12 @@ CVE-2016-0688 (Unspecified vulnerability in the Oracle WebLogic Server component in ...) TODO: check CVE-2016-0687 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and ...) - {DSA-3558-1} + {DSA-3558-1 DLA-451-1} - openjdk-8 8u91-b14-1 - openjdk-7 <removed> - openjdk-6 <removed> CVE-2016-0686 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and ...) - {DSA-3558-1} + {DSA-3558-1 DLA-451-1} - openjdk-8 8u91-b14-1 - openjdk-7 <removed> - openjdk-6 <removed> @@ -11853,7 +11861,7 @@ CVE-2016-0637 RESERVED CVE-2016-0636 (Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 ...) - {DSA-3558-1} + {DSA-3558-1 DLA-451-1} - openjdk-8 8u77-b03-1 [experimental] - openjdk-7 7u95-2.6.4-3 - openjdk-7 <removed> @@ -29321,6 +29329,7 @@ NOTE: Patch: http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9Ypygg NOTE: http://www.openwall.com/lists/oss-security/2015/04/09/5 CVE-2015-3008 (Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x ...) + {DLA-455-1} - asterisk 1:13.7.2~dfsg-1 (bug #782411) [squeeze] - asterisk <end-of-life> (Not supported in Squeeze LTS) NOTE: http://downloads.asterisk.org/pub/security/AST-2015-003.html @@ -36466,7 +36475,7 @@ CVE-2015-0897 RESERVED CVE-2015-0896 (Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer ...) - {DLA-296-1} + {DLA-453-1 DLA-296-1} - extplorer <removed> (bug #783231) NOTE: Upstream fixes: http://extplorer.net/projects/extplorer/repository/revisions/240 CVE-2015-0895 (Cross-site request forgery (CSRF) vulnerability in the All In One WP ...) @@ -42203,6 +42212,7 @@ CVE-2014-8419 (Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read ...) NOT-FOR-US: Wibu-Systems CodeMeter Runtime CVE-2014-8418 (The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, ...) + {DLA-455-1} - asterisk 1:13.1.0~dfsg-1 (bug #771463) [jessie] - asterisk 1:11.13.1~dfsg-2 [squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts) @@ -42244,6 +42254,7 @@ NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24531 NOTE: http://downloads.digium.com/pub/security/AST-2014-013.html CVE-2014-8412 (The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager ...) + {DLA-455-1} - asterisk 1:13.1.0~dfsg-1 (bug #771463) [jessie] - asterisk 1:11.13.1~dfsg-2 [squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts) @@ -42450,6 +42461,7 @@ CVE-2013-7406 (SQL injection vulnerability in the MRBS module for Drupal allows ...) NOT-FOR-US: Drupal module MRBS CVE-2014-8350 (Smarty before 3.1.21 allows remote attackers to bypass the secure mode ...) + {DLA-452-1} - smarty3 3.1.21-1 (bug #765920) - smarty <not-affected> (Only affects 3.x series) [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts) @@ -46659,6 +46671,7 @@ [wheezy] - twisted <not-affected> (Only affects 14.0 series) [squeeze] - twisted <not-affected> (Only affects 14.0 series) CVE-2014-6610 (Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and ...) + {DLA-455-1} - asterisk 1:11.12.1~dfsg-1 (medium; bug #762164) [squeeze] - asterisk <not-affected> (Vulnerable code not present) NOTE: http://downloads.asterisk.org/pub/security/AST-2014-010.html @@ -52955,6 +52968,7 @@ [squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts) NOTE: http://downloads.asterisk.org/pub/security/AST-2014-007.html CVE-2014-4046 (Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and ...) + {DLA-455-1} - asterisk 1:11.10.2~dfsg-1 (low) [squeeze] - asterisk <not-affected> (Vulnerable code not present) NOTE: http://downloads.asterisk.org/pub/security/AST-2014-006.html @@ -57946,6 +57960,7 @@ - asterisk 1:11.8.1~dfsg-1 (bug #741313) [squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts) CVE-2014-2286 (main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x ...) + {DLA-455-1} - asterisk 1:11.8.1~dfsg-1 (bug #741313) [squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts) CVE-2014-2283 (epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits