Author: sectracker
Date: 2016-06-17 09:10:22 +0000 (Fri, 17 Jun 2016)
New Revision: 42598
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-06-17 08:30:00 UTC (rev 42597)
+++ data/CVE/list 2016-06-17 09:10:22 UTC (rev 42598)
@@ -411,7 +411,7 @@
- drupal7 7.44-1
[jessie] - drupal7 7.32-1+deb8u7
NOTE: https://www.drupal.org/SA-CORE-2016-002
- NOTE: workaround for DSA-3604-1
+ NOTE: workaround for DSA-3604-1
CVE-2016-5636 [heap overflow in Python zipimport module]
RESERVED
- python3.5 3.5.2~rc1-1
@@ -993,10 +993,12 @@
- expat 2.1.1-3
CVE-2016-5244 [rds: fix an infoleak in rds_inc_info_copy]
RESERVED
+ {DLA-516-1}
- linux 4.6.2-1
NOTE: https://patchwork.ozlabs.org/patch/629110/
CVE-2016-5243 [tipc: an infoleak in tipc_nl_compat_link_dump]
RESERVED
+ {DLA-516-1}
- linux 4.6.2-1
NOTE: https://patchwork.ozlabs.org/patch/629100/
CVE-2016-5242 (The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x
through 4.6.x ...)
@@ -2468,6 +2470,7 @@
CVE-2016-4810 (Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6
LTSR ...)
NOT-FOR-US: Citrix
CVE-2016-4913 (The get_rock_ridge_filename function in fs/isofs/rock.c in the
Linux ...)
+ {DLA-516-1}
- linux 4.5.4-1
NOTE: Fixed by:
https://git.kernel.org/linus/99d825822eade8d827a1817357cbf3f889a552d6 (v4.6)
CVE-2016-4912
@@ -2968,6 +2971,7 @@
CVE-2016-4582
RESERVED
CVE-2016-4580 (The x25_negotiate_facilities function in
net/x25/x25_facilities.c in ...)
+ {DLA-516-1}
- linux 4.5.5-1
NOTE: Fixed by:
https://git.kernel.org/linus/79e48650320e6fba48369fccf13fd045315b19b8 (v4.6)
CVE-2016-4577 (Buffer overflow in the Smart DNS functionality in the Huawei
NGFW ...)
@@ -3013,11 +3017,13 @@
NOTE: Fixed by:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=6be61daac047d8e6aa941eb103f8e71a1d4e3c75
NOTE: Introduced by:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3
CVE-2016-4578 (sound/core/timer.c in the Linux kernel through 4.6 does not
initialize ...)
+ {DLA-516-1}
- linux 4.5.5-1
NOTE:
https://git.kernel.org/cgit/linux/kernel/git/tiwai/sound.git/commit/?h=for-next&id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6
NOTE:
https://git.kernel.org/cgit/linux/kernel/git/tiwai/sound.git/commit/?h=for-next&id=e4ec8cc8039a7063e24204299b462bd1383184a5
NOTE: Both commits not yet in Linus tree
CVE-2016-4569 (The snd_timer_user_params function in sound/core/timer.c in the
Linux ...)
+ {DLA-516-1}
- linux 4.5.5-1
NOTE: http://comments.gmane.org/gmane.linux.kernel/2214250
NOTE:
https://git.kernel.org/cgit/linux/kernel/git/tiwai/sound.git/commit/?h=for-next&id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e
(not yet merged in Linus tree)
@@ -3025,6 +3031,7 @@
- imagemagick <unfixed>
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
CVE-2016-4563 (The TraceStrokePolygon function in MagickCore/draw.c in
ImageMagick ...)
+ {DLA-517-1}
- imagemagick <unfixed>
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
CVE-2016-4562 (The DrawDashPolygon function in MagickCore/draw.c in
ImageMagick ...)
@@ -3057,6 +3064,7 @@
NOTE: Fixed by:
https://git.kernel.org/linus/2c1f6951a8a82e6de0d82b1158b5e493fc6c54ab (v4.6-rc6)
NOTE: Introduced by:
https://git.kernel.org/linus/b0e0e1f83de31aa0428c38b692c590cc0ecd3f03 (v4.4-rc1)
CVE-2016-4565 (The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3
...)
+ {DLA-516-1}
- linux 4.5.3-1
NOTE: Fixed by:
https://git.kernel.org/linus/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3 (v4.6-rc6)
CVE-2016-4551
@@ -3411,9 +3419,11 @@
[jessie] - openafs <no-dsa> (Minor issue, can be included in a future
DSA or via jessie-pu)
NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt
CVE-2016-4486 (The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in
the Linux ...)
+ {DLA-516-1}
- linux 4.5.4-1
NOTE:
https://git.kernel.org/linus/5f8e44741f9f216e33736ea4ec65ca9ac03036e6
CVE-2016-4485 (The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux
kernel ...)
+ {DLA-516-1}
- linux 4.5.4-1
NOTE:
https://git.kernel.org/linus/b8670c09f37bdf2847cc44f36511a53afc6161fd
CVE-2016-4484
@@ -3612,6 +3622,7 @@
[jessie] - dotclear <no-dsa> (Minor issue)
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/05/04/9
CVE-2016-4482 (The proc_connectinfo function in drivers/usb/core/devio.c in
the Linux ...)
+ {DLA-516-1}
- linux 4.5.5-1
NOTE: http://www.spinics.net/lists/linux-usb/msg140243.html
NOTE: http://www.openwall.com/lists/oss-security/2016/05/04/2
@@ -4579,6 +4590,7 @@
NOTE: World readable files in /etc/quagga as well in Debian
CVE-2016-3955 [remote buffer overflow in usbip]
RESERVED
+ {DLA-516-1}
- linux 4.5.2-1
NOTE: Upstream commit:
https://git.kernel.org/linus/b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb (v4.6-rc3)
NOTE: http://www.openwall.com/lists/oss-security/2016/04/19/1
@@ -4925,6 +4937,7 @@
CVE-2016-3962
RESERVED
CVE-2016-3961 (Xen and the Linux kernel through 4.5.x do not properly suppress
...)
+ {DLA-516-1}
- linux 4.5.2-1
NOTE: http://xenbits.xen.org/xsa/advisory-174.html
CVE-2016-3960 (Integer overflow in the x86 shadow pagetable code in Xen allows
local ...)
@@ -4942,6 +4955,7 @@
CVE-2016-3952
RESERVED
CVE-2016-3951 (Double free vulnerability in drivers/net/usb/cdc_ncm.c in the
Linux ...)
+ {DLA-516-1}
- linux 4.5.1-1
NOTE:
https://git.kernel.org/linus/4d06dd537f95683aba3651098ae288b7cbff8274 (v4.5)
NOTE:
https://git.kernel.org/linus/1666984c8625b3db19a9abc298931d35ab7bc64b (v4.5)
@@ -5645,6 +5659,7 @@
CVE-2016-3673
RESERVED
CVE-2016-3672 (The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the
Linux ...)
+ {DLA-516-1}
- linux 4.5.1-1
NOTE:
http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html
NOTE: Upstream fix:
https://git.kernel.org/linus/8b8addf891de8a00e4d39fc32f93f7c5eb8feceb (v4.6-rc1)
@@ -6819,6 +6834,7 @@
NOTE: on later versions). Ie for the second hunk in xsa172.patch (the
only
NOTE: hunk in xsa172-4.3.patch), which patches the function xrstor.
CVE-2016-3157 (The __switch_to function in arch/x86/kernel/process_64.c in the
Linux ...)
+ {DLA-516-1}
- linux 4.5.1-1
NOTE: http://xenbits.xen.org/xsa/advisory-171.html
NOTE:
https://git.kernel.org/linus/b7a584598aea7ca73140cb87b40319944dd3393f
@@ -7121,6 +7137,7 @@
NOTE:
https://github.com/proftpd/proftpd/commit/d9f9d469ce1da09c7935f509797d488fa2d08697
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/03/11/12
CVE-2016-3140 (The digi_port_init function in
drivers/usb/serial/digi_acceleport.c in ...)
+ {DLA-516-1}
- linux 4.5.1-1 (low)
[jessie] - linux <no-dsa> (Minor issue)
[wheezy] - linux <no-dsa> (Minor issue)
@@ -7135,6 +7152,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283375
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283377
CVE-2016-3138 (The acm_probe function in drivers/usb/class/cdc-acm.c in the
Linux ...)
+ {DLA-516-1}
- linux 4.5.1-1 (low)
[jessie] - linux <no-dsa> (Minor issue)
[wheezy] - linux <no-dsa> (Minor issue)
@@ -7142,12 +7160,14 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283366
NOTE: http://marc.info/?l=linux-usb&m=145803342320160&w=2
CVE-2016-3137 (drivers/usb/serial/cypress_m8.c in the Linux kernel before
4.5.1 ...)
+ {DLA-516-1}
- linux 4.5.1-1 (low)
[jessie] - linux <no-dsa> (Minor issue)
[wheezy] - linux <no-dsa> (Minor issue)
NOTE: http://seclists.org/bugtraq/2016/Mar/55
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283368
CVE-2016-3136 (The mct_u232_msr_to_state function in
drivers/usb/serial/mct_u232.c in ...)
+ {DLA-516-1}
- linux 4.5.1-1 (low)
[jessie] - linux <no-dsa> (Minor issue)
[wheezy] - linux <no-dsa> (Minor issue)
@@ -7613,6 +7633,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/8
NOTE: Upstream fix:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&sortby=date&f=h
CVE-2016-3134 (The netfilter subsystem in the Linux kernel through 4.5.2 does
not ...)
+ {DLA-516-1}
- linux 4.5.1-1
[wheezy] - linux <no-dsa> (Minor issue)
NOTE:
https://code.google.com/p/google-security-research/issues/detail?id=758
@@ -10070,10 +10091,12 @@
NOTE: http://seclists.org/bugtraq/2016/Mar/87
NOTE: http://marc.info/?l=linux-usb&m=145796659429788&w=2
CVE-2016-2187 (The gtco_probe function in drivers/input/tablet/gtco.c in the
Linux ...)
+ {DLA-516-1}
- linux 4.5.2-1
NOTE: Upstream commit:
https://git.kernel.org/linus/162f98dea487206d9ab79fc12ed64700667a894d (v4.6-rc5)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1317017
CVE-2016-2186 (The powermate_probe function in drivers/input/misc/powermate.c
in the ...)
+ {DLA-516-1}
- linux 4.5.1-1 (low)
[jessie] - linux <no-dsa> (Minor issue)
[wheezy] - linux <no-dsa> (Minor issue)
@@ -10082,6 +10105,7 @@
NOTE: http://seclists.org/bugtraq/2016/Mar/85
NOTE: http://marc.info/?l=linux-usb&m=145796479528669&w=2
CVE-2016-2185 (The ati_remote2_probe function in
drivers/input/misc/ati_remote2.c in ...)
+ {DLA-516-1}
- linux 4.5.1-1 (low)
[jessie] - linux <no-dsa> (Minor issue)
[wheezy] - linux <no-dsa> (Minor issue)
@@ -10089,6 +10113,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283362
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283363
CVE-2016-2184 (The create_fixed_stream_quirk function in sound/usb/quirks.c in
the ...)
+ {DLA-516-1}
- linux 4.5.1-1 (low)
[jessie] - linux <no-dsa> (Minor issue)
[wheezy] - linux <no-dsa> (Minor issue)
@@ -10206,6 +10231,7 @@
CVE-2016-2144
REJECTED
CVE-2016-2143 (The fork implementation in the Linux kernel before 4.5 on s390
...)
+ {DLA-516-1}
- linux 4.4.6-1
[wheezy] - linux <no-dsa> (Architecture not supported in Wheezy LTS)
NOTE: Fixed by:
https://git.kernel.org/linus/3446c13b268af86391d06611327006b059b8bab1 (v4.5)
@@ -12365,6 +12391,7 @@
RESERVED
CVE-2016-1583
RESERVED
+ {DLA-516-1}
- linux 4.6.2-1
CVE-2016-1582 (LXD before 2.0.2 does not properly set permissions when
switching an ...)
- lxd <itp> (bug #768073)
@@ -14935,6 +14962,7 @@
CVE-2016-0822 (The MediaTek connectivity kernel driver in Android 6.0.1 before
...)
TODO: check
CVE-2016-0821 (The LIST_POISON feature in include/linux/poison.h in the Linux
kernel ...)
+ {DLA-516-1}
- linux 4.3.1-1
NOTE: Upstream patch:
https://git.kernel.org/linus/8a5e5e02fc83aaf67053ab53b359af08c6c49aaf (v4.3-rc1)
CVE-2016-0820 (The MediaTek Wi-Fi kernel driver in Android 6.0.1 before
2016-03-01 ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
