diff options
author | security tracker role <sectracker@debian.org> | 2016-09-28 21:10:13 +0000 |
---|---|---|
committer | security tracker role <sectracker@debian.org> | 2016-09-28 21:10:13 +0000 |
commit | 91d2375e5ed2ec8ee8ffaae539f020c0e7e55aae (patch) | |
tree | aa7ca86bddf891c0cfee0f17774556ba90558665 | |
parent | c739fb9ed01b26050a233d00af40b03cb72e1ea9 (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@44933 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rw-r--r-- | data/CVE/2005.list | 2 | ||||
-rw-r--r-- | data/CVE/2015.list | 2 | ||||
-rw-r--r-- | data/CVE/2016.list | 56 |
3 files changed, 37 insertions, 23 deletions
diff --git a/data/CVE/2005.list b/data/CVE/2005.list index 15e1f933fd..d03d4a2168 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -4068,7 +4068,7 @@ CVE-2005-3156 (Directory traversal vulnerability in printfaq.php in EasyGuppy (G NOT-FOR-US: EasyGuppy CVE-2005-3155 (Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and ...) NOT-FOR-US: MailEnable Enterprise -CVE-2005-3154 (Format string vulnerability in the logging funtionality in BitDefender ...) +CVE-2005-3154 (Format string vulnerability in the logging functionality in ...) NOT-FOR-US: Bitdefender Antivirus CVE-2005-3153 (login.php in myBloggie 2.1.3 beta and earlier allows remote attackers ...) NOT-FOR-US: MyBloggie diff --git a/data/CVE/2015.list b/data/CVE/2015.list index a44958a667..8dc30fc1d6 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -181,7 +181,7 @@ CVE-2015-8923 (The process_extra function in libarchive before 3.2.0 uses the si - libarchive 3.2.0-2 NOTE: https://github.com/libarchive/libarchive/issues/514 NOTE: Fixed by https://github.com/libarchive/libarchive/commit/9e0689c -CVE-2015-8922 (The read_CodersInfo cuntion in archive_read_support_format_7zip.c in ...) +CVE-2015-8922 (The read_CodersInfo function in archive_read_support_format_7zip.c in ...) {DSA-3657-1 DLA-554-1} - libarchive 3.2.0-2 NOTE: https://github.com/libarchive/libarchive/issues/513 diff --git a/data/CVE/2016.list b/data/CVE/2016.list index ab90179dc1..84e6a65792 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -1,3 +1,23 @@ +CVE-2016-8340 + RESERVED +CVE-2016-8339 + RESERVED +CVE-2016-8338 + RESERVED +CVE-2016-8337 + RESERVED +CVE-2016-8336 + RESERVED +CVE-2016-8335 + RESERVED +CVE-2016-8334 + RESERVED +CVE-2016-8333 + RESERVED +CVE-2016-8332 + RESERVED +CVE-2016-8331 + RESERVED CVE-2016-8330 RESERVED CVE-2016-8329 @@ -360,8 +380,7 @@ CVE-2016-8202 RESERVED CVE-2016-8201 RESERVED -CVE-2016-7444 [GNUTLS-SA-2016-3: missing OCSP response serial length check] - RESERVED +CVE-2016-7444 (The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS ...) - gnutls28 3.5.3-4 [jessie] - gnutls28 <no-dsa> (Minor issue) NOTE: https://gnutls.org/security.html#GNUTLS-SA-2016-3 @@ -1739,8 +1758,7 @@ CVE-2016-7499 RESERVED - libav <removed> (unimportant) NOTE: https://blogs.gentoo.org/ago/2016/09/21/libav-divide-by-zero-in-sbr_make_f_master-aacsbr-c/ -CVE-2016-7498 - RESERVED +CVE-2016-7498 (OpenStack Compute (nova) 13.0.0 does not properly delete instances ...) - nova 2:13.1.0-1 [jessie] - nova <not-affected> (Vulnerable code (re)introduced later) [wheezy] - nova <not-affected> (Vulnerable code (re)introduced later) @@ -3072,14 +3090,12 @@ CVE-2016-7046 [Long URL proxy request lead to java.nio.BufferOverflowException a RESERVED - undertow 1.4.3-1 (bug #838600) NOTE: https://github.com/undertow-io/undertow/commit/c518b5a1784061d807efedcef0a03fcd35a53de2 -CVE-2016-7045 - RESERVED +CVE-2016-7045 (The format_send_to_gui function in the format parsing code in Irssi ...) {DSA-3672-1} - irssi 0.8.20-1 [wheezy] - irssi <not-affected> (Introduced in 0.8.17-beta) NOTE: http://irssi.org/security/irssi_sa_2016.txt -CVE-2016-7044 - RESERVED +CVE-2016-7044 (The unformat_24bit_color function in the format parsing code in Irssi ...) {DSA-3672-1} - irssi 0.8.20-1 [wheezy] - irssi <not-affected> (Introduced in 0.8.17-beta) @@ -5196,8 +5212,7 @@ CVE-2016-6331 - mediawiki 1:1.27.1-1 [wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS) NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html -CVE-2016-6330 - RESERVED +CVE-2016-6330 (The server in Red Hat JBoss Operations Network (JON), when SSL ...) NOT-FOR-US: Red Hat / JBoss Operations Network server CVE-2016-6329 RESERVED @@ -6259,8 +6274,8 @@ CVE-2016-6148 (SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a NOT-FOR-US: SAP HANA CVE-2016-6147 (An unspecified interface in SAP TREX 7.10 Revision 63 allows remote ...) NOT-FOR-US: SAP TREX -CVE-2016-6146 - RESERVED +CVE-2016-6146 (The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to ...) + TODO: check CVE-2016-6145 (The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides ...) NOT-FOR-US: SAP HANA CVE-2016-6144 (The SQL interface in SAP HANA before Revision 102 does not limit the ...) @@ -6277,8 +6292,8 @@ CVE-2016-6139 (SAP TREX 7.10 Revision 63 allows remote attackers to read arbitra NOT-FOR-US: SAP TREX CVE-2016-6138 (Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows ...) NOT-FOR-US: SAP TREX -CVE-2016-6137 - RESERVED +CVE-2016-6137 (An unspecified function in SAP TREX 7.10 Revision 63 allows remote ...) + TODO: check CVE-2016-6136 (Race condition in the audit_log_single_execve_arg function in ...) {DSA-3659-1 DLA-609-1} - linux 4.7.2-1 @@ -7323,7 +7338,7 @@ CVE-2016-5724 RESERVED CVE-2016-5723 (Huawei FusionInsight HD before V100R002C60SPC200 allows local users to ...) NOT-FOR-US: Huawei -CVE-2016-5722 (OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and ...) +CVE-2016-5722 (Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 ...) NOT-FOR-US: OceanStor CVE-2016-5721 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra ...) TODO: check @@ -9481,8 +9496,8 @@ CVE-2016-4979 (The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and [wheezy] - apache2 <not-affected> (Vulnerable code not present) NOTE: HTTP/2 support introduced in 2.4.17 NOTE: Upstream fix: https://svn.apache.org/r1750779 -CVE-2016-4978 - RESERVED +CVE-2016-4978 (The getObject method of the javax.jms.ObjectMessage class in the (1) ...) + TODO: check CVE-2016-4977 RESERVED CVE-2016-4976 @@ -12159,8 +12174,8 @@ CVE-2016-4076 (epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wiresh [jessie] - wireshark <not-affected> (Only affects 2.x) [wheezy] - wireshark <not-affected> (Only affects 2.x) NOTE: https://www.wireshark.org/security/wnpa-sec-2016-19.html -CVE-2016-4058 - RESERVED +CVE-2016-4058 (Cross-site scripting (XSS) vulnerability in Huawei Policy Center ...) + TODO: check CVE-2016-4057 (Huawei FusionCompute before V100R005C10SPC700 allows remote ...) TODO: check CVE-2016-6479 @@ -15736,8 +15751,7 @@ CVE-2016-2778 RESERVED CVE-2016-2777 REJECTED -CVE-2016-2776 [BIND assertion failure due to crafted query] - RESERVED +CVE-2016-2776 (buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before ...) {DSA-3680-1} - bind9 <unfixed> (bug #839010) CVE-2016-2775 (ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x ...) |