automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@44933 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: security tracker role <sectracker@debian.org> 2016-09-28 21:10:13 +0000
committer: security tracker role <sectracker@debian.org> 2016-09-28 21:10:13 +0000
commit: 91d2375e5ed2ec8ee8ffaae539f020c0e7e55aae (patch)
tree: aa7ca86bddf891c0cfee0f17774556ba90558665
parent: c739fb9ed01b26050a233d00af40b03cb72e1ea9 (diff)
3 files changed, 37 insertions, 23 deletions
diff --git a/data/CVE/2005.list b/data/CVE/2005.list
index 15e1f933fd..d03d4a2168 100644
--- a/data/CVE/2005.list
+++ b/data/CVE/2005.list
@@ -4068,7 +4068,7 @@ CVE-2005-3156 (Directory traversal vulnerability in printfaq.php in EasyGuppy (G
 	NOT-FOR-US: EasyGuppy
 CVE-2005-3155 (Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and ...)
 	NOT-FOR-US: MailEnable Enterprise
-CVE-2005-3154 (Format string vulnerability in the logging funtionality in BitDefender ...)
+CVE-2005-3154 (Format string vulnerability in the logging functionality in ...)
 	NOT-FOR-US: Bitdefender Antivirus
 CVE-2005-3153 (login.php in myBloggie 2.1.3 beta and earlier allows remote attackers ...)
 	NOT-FOR-US: MyBloggie
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index a44958a667..8dc30fc1d6 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -181,7 +181,7 @@ CVE-2015-8923 (The process_extra function in libarchive before 3.2.0 uses the si
 	- libarchive 3.2.0-2
 	NOTE: https://github.com/libarchive/libarchive/issues/514
 	NOTE: Fixed by https://github.com/libarchive/libarchive/commit/9e0689c
-CVE-2015-8922 (The read_CodersInfo cuntion in archive_read_support_format_7zip.c in ...)
+CVE-2015-8922 (The read_CodersInfo function in archive_read_support_format_7zip.c in ...)
 	{DSA-3657-1 DLA-554-1}
 	- libarchive 3.2.0-2
 	NOTE: https://github.com/libarchive/libarchive/issues/513
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index ab90179dc1..84e6a65792 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -1,3 +1,23 @@
+CVE-2016-8340
+	RESERVED
+CVE-2016-8339
+	RESERVED
+CVE-2016-8338
+	RESERVED
+CVE-2016-8337
+	RESERVED
+CVE-2016-8336
+	RESERVED
+CVE-2016-8335
+	RESERVED
+CVE-2016-8334
+	RESERVED
+CVE-2016-8333
+	RESERVED
+CVE-2016-8332
+	RESERVED
+CVE-2016-8331
+	RESERVED
 CVE-2016-8330
 	RESERVED
 CVE-2016-8329
@@ -360,8 +380,7 @@ CVE-2016-8202
 	RESERVED
 CVE-2016-8201
 	RESERVED
-CVE-2016-7444 [GNUTLS-SA-2016-3: missing OCSP response serial length check]
-	RESERVED
+CVE-2016-7444 (The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS ...)
 	- gnutls28 3.5.3-4
 	[jessie] - gnutls28 <no-dsa> (Minor issue)
 	NOTE: https://gnutls.org/security.html#GNUTLS-SA-2016-3
@@ -1739,8 +1758,7 @@ CVE-2016-7499
 	RESERVED
 	- libav <removed> (unimportant)
 	NOTE: https://blogs.gentoo.org/ago/2016/09/21/libav-divide-by-zero-in-sbr_make_f_master-aacsbr-c/
-CVE-2016-7498
-	RESERVED
+CVE-2016-7498 (OpenStack Compute (nova) 13.0.0 does not properly delete instances ...)
 	- nova 2:13.1.0-1
 	[jessie] - nova <not-affected> (Vulnerable code (re)introduced later)
 	[wheezy] - nova <not-affected> (Vulnerable code (re)introduced later)
@@ -3072,14 +3090,12 @@ CVE-2016-7046 [Long URL proxy request lead to java.nio.BufferOverflowException a
 	RESERVED
 	- undertow 1.4.3-1 (bug #838600)
 	NOTE: https://github.com/undertow-io/undertow/commit/c518b5a1784061d807efedcef0a03fcd35a53de2
-CVE-2016-7045
-	RESERVED
+CVE-2016-7045 (The format_send_to_gui function in the format parsing code in Irssi ...)
 	{DSA-3672-1}
 	- irssi 0.8.20-1
 	[wheezy] - irssi <not-affected> (Introduced in 0.8.17-beta)
 	NOTE: http://irssi.org/security/irssi_sa_2016.txt
-CVE-2016-7044
-	RESERVED
+CVE-2016-7044 (The unformat_24bit_color function in the format parsing code in Irssi ...)
 	{DSA-3672-1}
 	- irssi 0.8.20-1
 	[wheezy] - irssi <not-affected> (Introduced in 0.8.17-beta)
@@ -5196,8 +5212,7 @@ CVE-2016-6331
 	- mediawiki 1:1.27.1-1
 	[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
-CVE-2016-6330
-	RESERVED
+CVE-2016-6330 (The server in Red Hat JBoss Operations Network (JON), when SSL ...)
 	NOT-FOR-US: Red Hat / JBoss Operations Network server
 CVE-2016-6329
 	RESERVED
@@ -6259,8 +6274,8 @@ CVE-2016-6148 (SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a
 	NOT-FOR-US: SAP HANA
 CVE-2016-6147 (An unspecified interface in SAP TREX 7.10 Revision 63 allows remote ...)
 	NOT-FOR-US: SAP TREX
-CVE-2016-6146
-	RESERVED
+CVE-2016-6146 (The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to ...)
+	TODO: check
 CVE-2016-6145 (The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides ...)
 	NOT-FOR-US: SAP HANA
 CVE-2016-6144 (The SQL interface in SAP HANA before Revision 102 does not limit the ...)
@@ -6277,8 +6292,8 @@ CVE-2016-6139 (SAP TREX 7.10 Revision 63 allows remote attackers to read arbitra
 	NOT-FOR-US: SAP TREX
 CVE-2016-6138 (Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows ...)
 	NOT-FOR-US: SAP TREX
-CVE-2016-6137
-	RESERVED
+CVE-2016-6137 (An unspecified function in SAP TREX 7.10 Revision 63 allows remote ...)
+	TODO: check
 CVE-2016-6136 (Race condition in the audit_log_single_execve_arg function in ...)
 	{DSA-3659-1 DLA-609-1}
 	- linux 4.7.2-1
@@ -7323,7 +7338,7 @@ CVE-2016-5724
 	RESERVED
 CVE-2016-5723 (Huawei FusionInsight HD before V100R002C60SPC200 allows local users to ...)
 	NOT-FOR-US: Huawei
-CVE-2016-5722 (OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and ...)
+CVE-2016-5722 (Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 ...)
 	NOT-FOR-US: OceanStor
 CVE-2016-5721 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra ...)
 	TODO: check
@@ -9481,8 +9496,8 @@ CVE-2016-4979 (The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and
 	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
 	NOTE: HTTP/2 support introduced in 2.4.17
 	NOTE: Upstream fix: https://svn.apache.org/r1750779
-CVE-2016-4978
-	RESERVED
+CVE-2016-4978 (The getObject method of the javax.jms.ObjectMessage class in the (1) ...)
+	TODO: check
 CVE-2016-4977
 	RESERVED
 CVE-2016-4976
@@ -12159,8 +12174,8 @@ CVE-2016-4076 (epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wiresh
 	[jessie] - wireshark <not-affected> (Only affects 2.x)
 	[wheezy] - wireshark <not-affected> (Only affects 2.x)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-19.html
-CVE-2016-4058
-	RESERVED
+CVE-2016-4058 (Cross-site scripting (XSS) vulnerability in Huawei Policy Center ...)
+	TODO: check
 CVE-2016-4057 (Huawei FusionCompute before V100R005C10SPC700 allows remote ...)
 	TODO: check
 CVE-2016-6479
@@ -15736,8 +15751,7 @@ CVE-2016-2778
 	RESERVED
 CVE-2016-2777
 	REJECTED
-CVE-2016-2776 [BIND assertion failure due to crafted query]
-	RESERVED
+CVE-2016-2776 (buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before ...)
 	{DSA-3680-1}
 	- bind9 <unfixed> (bug #839010)
 CVE-2016-2775 (ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x ...)
author	security tracker role <sectracker@debian.org>	2016-09-28 21:10:13 +0000
committer	security tracker role <sectracker@debian.org>	2016-09-28 21:10:13 +0000
commit	91d2375e5ed2ec8ee8ffaae539f020c0e7e55aae (patch)
tree	aa7ca86bddf891c0cfee0f17774556ba90558665
parent	c739fb9ed01b26050a233d00af40b03cb72e1ea9 (diff)