Author: sectracker Date: 2016-10-19 21:10:11 +0000 (Wed, 19 Oct 2016) New Revision: 45467
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-10-19 20:28:00 UTC (rev 45466) +++ data/CVE/list 2016-10-19 21:10:11 UTC (rev 45467) @@ -2525,6 +2525,7 @@ RESERVED CVE-2016-7972 RESERVED + {DLA-668-1} - libass 0.13.4-1 NOTE: https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b CVE-2016-7971 @@ -2541,6 +2542,7 @@ NOTE: Vulnerable function calc_coeff introduced in: https://github.com/libass/libass/commit/d787615845d78d8f8e6d1a4ffc3dc3eecd8a92f6 (0.13.0) CVE-2016-7969 RESERVED + {DLA-668-1} - libass 0.13.4-1 NOTE: https://github.com/libass/libass/pull/240/commits/b72b283b936a600c730e00875d7d067bded3fc26 CVE-2016-7968 [KMail: JavaScript execution in HTML Mails] @@ -2589,6 +2591,7 @@ NOTE: due to lockfile format. CVE-2016-7953 RESERVED + {DLA-671-1} - libxvmc <unfixed> (bug #840445) NOTE: https://cgit.freedesktop.org/xorg/lib/libXvMC/commit/?id=2cd95e7da8367cccdcdd5c9b160012d1dec5cbdb CVE-2016-7952 [for all of the other mishandling of the reply data] @@ -3769,6 +3772,7 @@ CVE-2016-7426 RESERVED CVE-2016-7425 (The arcmsr_iop_message_xfer function in ...) + {DSA-3696-1 DLA-670-1} - linux 4.7.8-1 NOTE: http://marc.info/?l=linux-scsi&m=147394713328707&w=2 NOTE: Upstream commit: https://git.kernel.org/linus/7bc2b55a5c030685b399bb65b6baa9ccc3d1f167 @@ -4750,6 +4754,7 @@ NOTE: Vulnerability "in the TLS documentation", not assigned to a specific source/implentation NOTE: https://www.usenix.org/system/files/conference/woot15/woot15-paper-hlauschek.pdf CVE-2015-8956 (The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the ...) + {DSA-3696-1 DLA-670-1} - linux 4.2.1-1 NOTE: Fixed by: https://git.kernel.org/linus/951b6a0717db97ce420547222647bcc40bf1eacd (4.2-rc1) CVE-2015-8955 (arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 ...) @@ -4969,6 +4974,7 @@ CVE-2016-7043 RESERVED CVE-2016-7042 (The proc_keys_show function in security/keys/proc.c in the Linux ...) + {DSA-3696-1 DLA-670-1} - linux 4.7.8-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373966 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373499 (not yet opened) @@ -10309,6 +10315,7 @@ NOTE: by some vendors. CVE-2016-5407 [Insufficient validation of server responses results in out-of bounds accesses] RESERVED + {DLA-667-1} - libxv <unfixed> (bug #840438) NOTE: https://cgit.freedesktop.org/xorg/lib/libXv/commit/?id=d9da580b46a28ab497de2e94fdc7b9ff953dab17 CVE-2016-5406 (The domain controller in Red Hat JBoss Enterprise Application Platform ...) @@ -11444,6 +11451,7 @@ RESERVED CVE-2016-5195 RESERVED + {DSA-3696-1 DLA-670-1} - linux 4.7.8-1 NOTE: Fixed by: https://git.kernel.org/linus/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619 CVE-2016-5194 @@ -12367,6 +12375,7 @@ NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/ CVE-2016-5042 RESERVED + {DLA-669-1} - dwarfutils 20160507-1 [jessie] - dwarfutils 20120410-2+deb8u1 NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/ @@ -12384,11 +12393,13 @@ NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/ CVE-2016-5039 RESERVED + {DLA-669-1} - dwarfutils 20160507-1 [jessie] - dwarfutils 20120410-2+deb8u1 NOTE: https://sourceforge.net/p/libdwarf/code/ci/eb1472afac95031d0c9dd8c11d527b865fe7deb8/ CVE-2016-5038 RESERVED + {DLA-669-1} - dwarfutils 20160507+git20160523.9086738-1 [jessie] - dwarfutils 20120410-2+deb8u1 NOTE: https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/ @@ -12400,6 +12411,7 @@ NOTE: https://sourceforge.net/p/libdwarf/code/ci/b6ec2dfd850929821626ea63fb0a752076a3c08a/ CVE-2016-5036 RESERVED + {DLA-669-1} - dwarfutils 20160507+git20160523.9086738-1 [jessie] - dwarfutils 20120410-2+deb8u1 NOTE: https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/ @@ -12411,6 +12423,7 @@ NOTE: https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/ CVE-2016-5034 RESERVED + {DLA-669-1} - dwarfutils 20160507+git20160523.9086738-1 [jessie] - dwarfutils 20120410-2+deb8u1 NOTE: https://sourceforge.net/p/libdwarf/code/ci/10ca310f64368dc083efacac87732c02ef560a92/ @@ -21310,6 +21323,7 @@ CVE-2015-8788 RESERVED CVE-2016-2091 (The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf ...) + {DLA-669-1} - dwarfutils 20160507-1 (bug #813148) [jessie] - dwarfutils 20120410-2+deb8u1 NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/3 @@ -22065,6 +22079,7 @@ NOTE: Patch: https://lists.gnu.org/archive/html/bug-cpio/2016-01/msg00005.html CVE-2016-2050 [Out-of-bounds write in get_abbrev_array_info] RESERVED + {DLA-669-1} - dwarfutils 20160507+git20160523.9086738-1 (unimportant) [jessie] - dwarfutils 20120410-2+deb8u1 NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/9 @@ -23991,7 +24006,7 @@ NOTE: like other distribution did. CVE-2015-8750 RESERVED - {DLA-388-1} + {DLA-669-1 DLA-388-1} - dwarfutils 20160507-1 (bug #813182) [jessie] - dwarfutils 20120410-2+deb8u1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1294264 @@ -27731,6 +27746,7 @@ NOT-FOR-US: IBM CVE-2015-8538 [a out of bound read bug is found in libdwarf] RESERVED + {DLA-669-1} - dwarfutils 20160507-1 (bug #807817) [jessie] - dwarfutils 20120410-2+deb8u1 [squeeze] - dwarfutils <not-affected> (No segfault with provided test case) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits