[Secure-testing-commits] r42385 - data/CVE

security tracker role Tue, 07 Jun 2016 14:11:21 -0700

Author: sectracker
Date: 2016-06-07 21:10:12 +0000 (Tue, 07 Jun 2016)
New Revision: 42385


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-06-07 20:33:42 UTC (rev 42384)
+++ data/CVE/list       2016-06-07 21:10:12 UTC (rev 42385)
@@ -1,3 +1,93 @@
+CVE-2016-5324
+       RESERVED
+CVE-2016-5323
+       RESERVED
+CVE-2016-5322
+       RESERVED
+CVE-2016-5321
+       RESERVED
+CVE-2016-5320
+       RESERVED
+CVE-2016-5317
+       RESERVED
+CVE-2016-5316
+       RESERVED
+CVE-2016-5315
+       RESERVED
+CVE-2016-5314
+       RESERVED
+CVE-2016-5313
+       RESERVED
+CVE-2016-5312
+       RESERVED
+CVE-2016-5311
+       RESERVED
+CVE-2016-5310
+       RESERVED
+CVE-2016-5309
+       RESERVED
+CVE-2016-5308
+       RESERVED
+CVE-2016-5307
+       RESERVED
+CVE-2016-5306
+       RESERVED
+CVE-2016-5305
+       RESERVED
+CVE-2016-5304
+       RESERVED
+CVE-2016-5303
+       RESERVED
+CVE-2016-5302
+       RESERVED
+CVE-2015-8913
+       RESERVED
+CVE-2015-8912
+       RESERVED
+CVE-2015-8911
+       RESERVED
+CVE-2015-8910
+       RESERVED
+CVE-2015-8909
+       RESERVED
+CVE-2015-8908
+       RESERVED
+CVE-2015-8907
+       RESERVED
+CVE-2015-8906
+       RESERVED
+CVE-2015-8905
+       RESERVED
+CVE-2015-8904
+       RESERVED
+CVE-2015-1000013
+       RESERVED
+CVE-2015-1000012
+       RESERVED
+CVE-2015-1000011
+       RESERVED
+CVE-2015-1000010
+       RESERVED
+CVE-2015-1000009
+       RESERVED
+CVE-2015-1000008
+       RESERVED
+CVE-2015-1000007
+       RESERVED
+CVE-2015-1000006
+       RESERVED
+CVE-2015-1000005
+       RESERVED
+CVE-2015-1000004
+       RESERVED
+CVE-2015-1000003
+       RESERVED
+CVE-2015-1000002
+       RESERVED
+CVE-2015-1000001
+       RESERVED
+CVE-2015-1000000
+       RESERVED
 CVE-2016-5299
        RESERVED
 CVE-2016-5298
@@ -109,6 +199,7 @@
 CVE-2016-5245
        RESERVED
 CVE-2016-4456 [GNUTLS-SA-2016-1]
+       RESERVED
        - gnutls28 3.4.13-1
        [jessie] - gnutls28 <not-affected> (Introduced in 3.4.12)
        NOTE: http://gnutls.org/security.html#GNUTLS-SA-2016-1
@@ -130,9 +221,11 @@
 CVE-2014-9855
        RESERVED
 CVE-2016-5319 [bmp2tiff: PackBitsEncode heap buffer overflow]
+       RESERVED
        - tiff <unfixed>
        - tiff3 <removed>
 CVE-2016-5318 [thumbnail: stack buffer overflow in _TIFFVGetField function]
+       RESERVED
        - tiff <unfixed>
        - tiff3 <removed>
        NOTE: Upstream will remove thumbnail from 4.0.7 release
@@ -143,6 +236,7 @@
        NOTE: https://github.com/arvidn/libtorrent/pull/782
 CVE-2016-5300 [use of too little entropy]
        RESERVED
+       {DSA-3597-1}
        - expat 2.1.1-3
 CVE-2016-5244 [rds: fix an infoleak in rds_inc_info_copy]
        RESERVED
@@ -152,8 +246,7 @@
        RESERVED
        - linux <unfixed>
        NOTE: https://patchwork.ozlabs.org/patch/629100/
-CVE-2016-5242 [arm: Host crash caused by VMID exhaustion]
-       RESERVED
+CVE-2016-5242 (The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x 
through 4.6.x ...)
        - xen <unfixed>
        [jessie] - xen <no-dsa> (Minor issue, can be fixed along in a future 
DSA)
        NOTE: http://xenbits.xen.org/xsa/advisory-181.html
@@ -795,6 +888,7 @@
        RESERVED
 CVE-2016-5108 [crash and potential code execution when processing QuickTime 
IMA files]
        RESERVED
+       {DSA-3598-1}
        - vlc 2.2.3-2 (bug #825728)
        [wheezy] - vlc <end-of-life> (Unsupported in wheezy-lts)
        NOTE: Details: http://www.openwall.com/lists/oss-security/2016/05/27/3
@@ -1214,13 +1308,11 @@
        - onionshare 0.8.1-2 (unimportant)
        [jessie] - onionshare <not-affected> (Vulnerable code not present)
        NOTE: Neutralised by kernel hardening (also contrib and non-free not 
supported)
-CVE-2016-4963 [Unsanitised driver domain input in libxl device handling]
-       RESERVED
+CVE-2016-4963 (The libxl device-handling in Xen through 4.6.x allows local OS 
guest ...)
        - xen <unfixed>
        [jessie] - xen <no-dsa> (Minor issue, too intrusive to backport)
        NOTE: http://xenbits.xen.org/xsa/advisory-178.html
-CVE-2016-4962 [Unsanitised guest input in libxl device handling code]
-       RESERVED
+CVE-2016-4962 (The libxl device-handling in Xen 4.6.x and earlier allows local 
OS ...)
        - xen <unfixed>
        [jessie] - xen <no-dsa> (Minor issue, can be fixed along in a future 
DSA)
        NOTE: http://xenbits.xen.org/xsa/advisory-175.html
@@ -2619,8 +2711,7 @@
 CVE-2016-4451
        RESERVED
        - foreman <itp> (bug #663101)
-CVE-2016-4450
-       RESERVED
+CVE-2016-4450 (os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 
1.11.1 ...)
        {DSA-3592-1}
        - nginx 1.10.1-1 (bug #825960)
        [wheezy] - nginx <not-affected> (Introduced in 1.3.9)
@@ -2680,8 +2771,7 @@
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337502
 CVE-2016-4438
        RESERVED
-CVE-2016-4437 [information disclosure]
-       RESERVED
+CVE-2016-4437 (Apache Shiro before 1.2.5, when a cipher key has not been 
configured ...)
        - shiro <unfixed> (bug #826653)
        [jessie] - shiro <no-dsa> (Minor issue)
 CVE-2016-4436
@@ -8535,8 +8625,7 @@
        RESERVED
 CVE-2016-2336
        RESERVED
-CVE-2016-2335 [Out-of-bounds read vuilerability]
-       RESERVED
+CVE-2016-2335 (The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 
7zip ...)
        - p7zip 15.14.1+dfsg-2 (bug #824160)
        NOTE: http://www.talosintel.com/reports/TALOS-2016-0094/
 CVE-2016-2334 [Heap-buffer-overflow vulnerability]
@@ -8613,7 +8702,7 @@
        - librsvg 2.40.12-1
        NOTE: 
https://git.gnome.org/browse/librsvg/commit/?id=d1c9191949747f6dcfd207831d15dd4ba00e31f2
 (2.40.12)
 CVE-2016-4347
-       RESERVED
+       REJECTED
        NOTE: Will be rejected
 CVE-2016-4346 (Integer overflow in the str_pad function in 
ext/standard/string.c in ...)
        - php7.0 7.0.4-1
@@ -16693,6 +16782,7 @@
        NOTE: 
http://sourceforge.net/p/gdcm/gdcm/ci/e0dd1114c82d372dd905c029ddbee4e81ed01a89/
 CVE-2012-6702 [unanticipated internal calls to srand]
        RESERVED
+       {DSA-3597-1}
        - expat 2.1.1-3
 CVE-2012-6701 (Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 
allows ...)
        - linux <not-affected> (Fixed in v3.2.19; which was before src:linux 
rename)
@@ -26451,8 +26541,7 @@
        NOT-FOR-US: IBM Security Guardium
 CVE-2015-5042 (IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 
...)
        TODO: check
-CVE-2015-5041
-       RESERVED
+CVE-2015-5041 (The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 
FP20, 6 ...)
        NOT-FOR-US: IBM JDK
 CVE-2015-5040 (Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 
FP6 ...)
        NOT-FOR-US: IBM Domino
@@ -29335,7 +29424,7 @@
        NOTE: https://lkml.org/lkml/2015/5/13/744
        NOTE: Not enabled in Debian kernels; staging drivers are not supported
 CVE-2015-4000 (The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite 
is ...)
-       {DSA-3339-1 DSA-3324-1 DSA-3316-1 DSA-3300-1 DSA-3287-1 DLA-303-1 
DLA-247-1}
+       {DSA-3339-1 DSA-3324-1 DSA-3316-1 DSA-3300-1 DSA-3287-1 DLA-507-1 
DLA-303-1 DLA-247-1}
        - openssl 1.0.2b-1
        - nss 2:3.19.1-1
        [squeeze] - nss <no-dsa> (no point in switching min key size so close 
to EOL)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r42385 - data/CVE

Reply via email to