automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@41472 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: security tracker role <sectracker@debian.org> 2016-05-06 09:10:12 +0000
committer: security tracker role <sectracker@debian.org> 2016-05-06 09:10:12 +0000
commit: 325969cdbf403714c29dbeb45c2e62f6f2a9ec9f (patch)
tree: 23d3fc7043266e69f6ccf7cf0fd39618aa2cc567
parent: e897cb2288920e0a559c46bbe816c8a9e8ee3233 (diff)
3 files changed, 118 insertions, 32 deletions
diff --git a/data/CVE/2000.list b/data/CVE/2000.list
index a7986d2bc1..908780e126 100644
--- a/data/CVE/2000.list
+++ b/data/CVE/2000.list
@@ -1,4 +1,4 @@
-CVE-2000-1254
+CVE-2000-1254 (crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C ...)
 	- openssl 0.9.6-1
 	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=db82b8f9bd432a59aea8e1014694e15fc457c2bb
 CVE-2000-1253
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index 46cd895ebb..ebf4cf9165 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -18377,7 +18377,7 @@ CVE-2015-2668 (ClamAV before 0.98.7 allows remote attackers to cause a denial of
 	- clamav 0.98.7+dfsg-1
 	[wheezy] - clamav 0.98.7+dfsg-0+deb7u1
 	[jessie] - clamav 0.98.7+dfsg-0+deb8u1
-CVE-2015-2667 (Untrusted search path vulnerability in GNS3 before 1.2.3 allows local ...)
+CVE-2015-2667 (Untrusted search path vulnerability in GNS3 1.2.3 allows local users ...)
 	- gns3 <not-affected> (Windows specific)
 CVE-2015-2665 (Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows ...)
 	{DSA-3295-1 DLA-255-1}
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index 274e482db6..7c1a526bf8 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -1,3 +1,101 @@
+CVE-2016-4535 (Integer signedness error in the AV engine before DAT 8145, as used in ...)
+	TODO: check
+CVE-2016-4534 (The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan ...)
+	TODO: check
+CVE-2016-4533
+	RESERVED
+CVE-2016-4532
+	RESERVED
+CVE-2016-4531
+	RESERVED
+CVE-2016-4530
+	RESERVED
+CVE-2016-4529
+	RESERVED
+CVE-2016-4528
+	RESERVED
+CVE-2016-4527
+	RESERVED
+CVE-2016-4526
+	RESERVED
+CVE-2016-4525
+	RESERVED
+CVE-2016-4524
+	RESERVED
+CVE-2016-4523
+	RESERVED
+CVE-2016-4522
+	RESERVED
+CVE-2016-4521
+	RESERVED
+CVE-2016-4520
+	RESERVED
+CVE-2016-4519
+	RESERVED
+CVE-2016-4518
+	RESERVED
+CVE-2016-4517
+	RESERVED
+CVE-2016-4516
+	RESERVED
+CVE-2016-4515
+	RESERVED
+CVE-2016-4514
+	RESERVED
+CVE-2016-4513
+	RESERVED
+CVE-2016-4512
+	RESERVED
+CVE-2016-4511
+	RESERVED
+CVE-2016-4510
+	RESERVED
+CVE-2016-4509
+	RESERVED
+CVE-2016-4508
+	RESERVED
+CVE-2016-4507
+	RESERVED
+CVE-2016-4506
+	RESERVED
+CVE-2016-4505
+	RESERVED
+CVE-2016-4504
+	RESERVED
+CVE-2016-4503
+	RESERVED
+CVE-2016-4502
+	RESERVED
+CVE-2016-4501
+	RESERVED
+CVE-2016-4500
+	RESERVED
+CVE-2016-4499
+	RESERVED
+CVE-2016-4498
+	RESERVED
+CVE-2016-4497
+	RESERVED
+CVE-2016-4496
+	RESERVED
+CVE-2016-4495
+	RESERVED
+CVE-2016-4494
+	RESERVED
+CVE-2016-4493
+	RESERVED
+CVE-2016-4492
+	RESERVED
+CVE-2016-4491
+	RESERVED
+CVE-2016-4490
+	RESERVED
+CVE-2016-4489
+	RESERVED
+CVE-2016-4488
+	RESERVED
+CVE-2016-4487
+	RESERVED
 CVE-2016-4539 [xml_parse_into_struct segmentation fault]
 	- php7.0 7.0.6-1
 	- php5 5.6.21+dfsg-1
@@ -59,10 +157,12 @@ CVE-2016-4536 [various client functionality leak stack data onto the wire in the
 	[jessie] - openafs <no-dsa> (Minor issue, can be included in a future DSA or via jessie-pu)
 	NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt
 CVE-2016-4486 [information leak vulnerability in rtnetlink]
+	RESERVED
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6
 	NOTE: Not yet merged in Linus' tree
 CVE-2016-4485 [information leak vulnerability in llc module]
+	RESERVED
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=b8670c09f37bdf2847cc44f36511a53afc6161fd
 	NOTE: Not yet merged in Linus' tree
@@ -311,8 +411,8 @@ CVE-2016-4358
 	RESERVED
 CVE-2016-4357
 	RESERVED
-CVE-2016-4351
-	RESERVED
+CVE-2016-4351 (SQL injection vulnerability in the authentication functionality in ...)
+	TODO: check
 CVE-2016-4350
 	RESERVED
 CVE-2016-4478 [denial of service due to a buffer overflow in the XMLRPC response encoding code]
@@ -1208,8 +1308,7 @@ CVE-2016-4001 [net: buffer overflow in stellaris_enet emulator]
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01334.html
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=3a15cc0e1ee7168db0782133d2607a6bfa422d66 (v2.6.0-rc2)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/4
-CVE-2016-4008 [Infinite loops parsing malicious DER certificates]
-	RESERVED
+CVE-2016-4008 (The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 ...)
 	{DSA-3568-1}
 	- libtasn1-6 4.8-1
 	- libtasn1-3 <removed>
@@ -1845,20 +1944,15 @@ CVE-2016-3720 [XmlMapper is vulnerable to XXE attack]
 	TODO: check
 CVE-2016-3719
 	RESERVED
-CVE-2016-3718 [SSRF]
-	RESERVED
+CVE-2016-3718 (The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x ...)
 	- imagemagick <unfixed>
-CVE-2016-3717 [Local file read]
-	RESERVED
+CVE-2016-3717 (The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 ...)
 	- imagemagick <unfixed>
-CVE-2016-3716 [File moving]
-	RESERVED
+CVE-2016-3716 (The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 ...)
 	- imagemagick <unfixed>
-CVE-2016-3715 [File deletion]
-	RESERVED
+CVE-2016-3715 (The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before ...)
 	- imagemagick <unfixed>
-CVE-2016-3714 [Insufficient filtering for filename passed to delegate's command allows remote code execution during conversion of several file formats]
-	RESERVED
+CVE-2016-3714 (The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, ...)
 	- imagemagick <unfixed>
 	NOTE: Workaround: https://bugzilla.redhat.com/show_bug.cgi?id=1332492#c3
 	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
@@ -6109,8 +6203,7 @@ CVE-2016-2178
 	RESERVED
 CVE-2016-2177
 	RESERVED
-CVE-2016-2176 [EBCDIC overread]
-	RESERVED
+CVE-2016-2176 (The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL ...)
 	- openssl <not-affected> (Only applies to EBCDIC systems)
 	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ea96ad5a206b7b5f25dad230333e8ff032df3219
 	NOTE: https://www.openssl.org/news/secadv/20160503.txt
@@ -6129,13 +6222,11 @@ CVE-2016-2170 (Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03
 	NOT-FOR-US: Apache OFBiz
 CVE-2016-2169
 	RESERVED
-CVE-2016-2168
-	RESERVED
+CVE-2016-2168 (The req_check_access function in the mod_authz_svn module in the httpd ...)
 	{DSA-3561-1 DLA-448-1}
 	- subversion 1.9.4-1
 	NOTE: https://subversion.apache.org/security/CVE-2016-2168-advisory.txt
-CVE-2016-2167
-	RESERVED
+CVE-2016-2167 (The canonicalize_username function in svnserve/cyrus_auth.c in Apache ...)
 	{DSA-3561-1 DLA-448-1}
 	- subversion 1.9.4-1
 	NOTE: https://subversion.apache.org/security/CVE-2016-2167-advisory.txt
@@ -6308,30 +6399,25 @@ CVE-2016-2110 (The NTLMSSP authentication implementation in Samba 3.x and 4.x be
 	{DSA-3548-1}
 	- samba 2:4.3.7+dfsg-1
 	NOTE: https://www.samba.org/samba/security/CVE-2016-2110.html
-CVE-2016-2109 [ASN.1 BIO excessive memory allocation]
-	RESERVED
+CVE-2016-2109 (The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 ...)
 	{DSA-3566-1 DLA-456-1}
 	- openssl 1.0.2h-1
 	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807
 	NOTE: https://www.openssl.org/news/secadv/20160503.txt
-CVE-2016-2108 [Memory corruption in the ASN.1 encoder]
-	RESERVED
+CVE-2016-2108 (The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before ...)
 	{DSA-3566-1 DLA-456-1}
 	- openssl 1.0.2c-1
 	NOTE: https://www.openssl.org/news/secadv/20160503.txt
-CVE-2016-2107 [Padding oracle in AES-NI CBC MAC check]
-	RESERVED
+CVE-2016-2107 (The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before ...)
 	{DSA-3566-1 DLA-456-1}
 	- openssl 1.0.2h-1
 	NOTE: https://www.openssl.org/news/secadv/20160503.txt
-CVE-2016-2106 [EVP_EncryptUpdate overflow]
-	RESERVED
+CVE-2016-2106 (Integer overflow in the EVP_EncryptUpdate function in ...)
 	{DSA-3566-1 DLA-456-1}
 	- openssl 1.0.2h-1
 	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=3f3582139fbb259a1c3cbb0a25236500a409bf26
 	NOTE: https://www.openssl.org/news/secadv/20160503.txt
-CVE-2016-2105 [EVP_EncodeUpdate overflow]
-	RESERVED
+CVE-2016-2105 (Integer overflow in the EVP_EncodeUpdate function in ...)
 	{DSA-3566-1 DLA-456-1}
 	- openssl 1.0.2h-1
 	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ee1e3cac2e83abc77bcc8ff98729ca1e10fcc920
author	security tracker role <sectracker@debian.org>	2016-05-06 09:10:12 +0000
committer	security tracker role <sectracker@debian.org>	2016-05-06 09:10:12 +0000
commit	325969cdbf403714c29dbeb45c2e62f6f2a9ec9f (patch)
tree	23d3fc7043266e69f6ccf7cf0fd39618aa2cc567
parent	e897cb2288920e0a559c46bbe816c8a9e8ee3233 (diff)