Author: sectracker
Date: 2016-07-26 09:10:11 +0000 (Tue, 26 Jul 2016)
New Revision: 43484
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-07-26 09:02:45 UTC (rev 43483)
+++ data/CVE/list 2016-07-26 09:10:11 UTC (rev 43484)
@@ -8424,6 +8424,7 @@
CVE-2016-3660
RESERVED
CVE-2016-3659 (SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g
allows ...)
+ {DLA-560-1}
- cacti 0.8.8h+ds1-1 (bug #820521)
[jessie] - cacti <no-dsa> (Minor issue)
NOTE: http://bugs.cacti.net/view.php?id=2673
@@ -10389,6 +10390,7 @@
NOTE:
https://git.zx2c4.com/cgit/commit/filters/html-converters/txt2html?id=13c2d3df0440ce04273de3149631a9bd97490c6e
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/03/05/8
CVE-2016-3172 (SQL injection vulnerability in tree.php in Cacti 0.8.8g and
earlier ...)
+ {DLA-560-1}
- cacti 0.8.8g+ds1-2 (bug #818647)
[jessie] - cacti <no-dsa> (Minor issue)
NOTE: http://bugs.cacti.net/view.php?id=2667
@@ -11760,7 +11762,7 @@
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
CVE-2016-2518 [Crafted addpeer with hmode > 7 causes out-of-bounds reference]
RESERVED
- {DSA-3629-1}
+ {DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
CVE-2016-2517 [Remote configuration trustedkey/requestkey/controlkey values
are not properly validated]
@@ -11771,7 +11773,7 @@
NOTE: cause trouble anyway
CVE-2016-2516 [Duplicate IPs on unconfig directives will cause an assertion
failure]
RESERVED
- {DSA-3629-1}
+ {DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
CVE-2016-2514
@@ -12702,6 +12704,7 @@
NOTE: Fixed by:
https://git.kernel.org/linus/67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3 (v4.5-rc1)
NOTE: Introduced by:
https://git.kernel.org/linus/04b5d028f50ff05a8f9ae049ee71f8fdfcf1f5de
(v2.6.30-rc2)
CVE-2016-2313 (auth_login.php in Cacti before 0.8.8g allows remote
authenticated ...)
+ {DLA-560-1}
- cacti 0.8.8g+ds1-1 (bug #814353)
[jessie] - cacti <no-dsa> (Minor issue)
NOTE:
http://svn.cacti.net/viewvc/cacti/tags/0.8.8g/docs/CHANGELOG?revision=7788&view=markup
@@ -15447,7 +15450,7 @@
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
CVE-2016-1550 [Timing attack for authenticated packets]
RESERVED
- {DSA-3629-1}
+ {DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
TODO: check
@@ -15459,13 +15462,13 @@
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
CVE-2016-1548 [Change the time of an ntpd client or deny service to an ntpd
client by forcing it to change from basic client/server mode to interleaved
symmetric mode.]
RESERVED
- {DSA-3629-1}
+ {DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
TODO: check
CVE-2016-1547 [Validate crypto-NAKs]
RESERVED
- {DSA-3629-1}
+ {DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
TODO: check
@@ -21320,7 +21323,7 @@
RESERVED
CVE-2015-8158 [Potential Infinite Loop in ntpq]
RESERVED
- {DSA-3629-1}
+ {DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
NOTE: http://support.ntp.org/bin/view/Main/NtpBug2948
@@ -21372,7 +21375,7 @@
NOTE: Mitigated in 4.2.8p6
CVE-2015-8138 [ntp: missing check for zero originate timestamp]
RESERVED
- {DSA-3629-1}
+ {DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1
NOTE: http://www.talosintel.com/reports/TALOS-2016-0077/
NOTE:
https://github.com/ntp-project/ntp/commit/880191b72409a1965712999d248d70e6f7163af8
@@ -21898,21 +21901,21 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/10/27/5
CVE-2015-7979 [Off-path Denial of Service (DoS) attack on authenticated
broadcast mode]
RESERVED
- {DSA-3629-1}
+ {DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
NOTE: http://support.ntp.org/bin/view/Main/NtpBug2942
NOTE:
https://github.com/ntp-project/ntp/commit/fe46889f7baa75fc8e6c0fcde87706d396ce1461
CVE-2015-7978 [Stack exhaustion in recursive traversal of restriction list]
RESERVED
- {DSA-3629-1}
+ {DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
NOTE: http://support.ntp.org/bin/view/Main/NtpBug2940
NOTE:
https://github.com/ntp-project/ntp/commit/8a0c765f3c47633fa262356b0818788d1cf249b1
CVE-2015-7977 [reslist NULL pointer dereference]
RESERVED
- {DSA-3629-1}
+ {DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
NOTE: http://support.ntp.org/bin/view/Main/NtpBug2939
@@ -21934,7 +21937,7 @@
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
NOTE: http://support.ntp.org/bin/view/Main/NtpBug2937
CVE-2015-7974 (NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify
peer ...)
- {DSA-3629-1}
+ {DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1 (low)
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
NOTE: http://support.ntp.org/bin/view/Main/NtpBug2936
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
