automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@41361 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: security tracker role <sectracker@debian.org> 2016-05-02 21:10:11 +0000
committer: security tracker role <sectracker@debian.org> 2016-05-02 21:10:11 +0000
commit: f14dd7f229b4545766ebf3186b1d93e458e359ee (patch)
tree: a391601895609c1612082ca0c6be366f1d13f92e
parent: 158a8e3377e972f426b8e069310cd39cdcf55621 (diff)
7 files changed, 208 insertions, 126 deletions
diff --git a/data/CVE/2003.list b/data/CVE/2003.list
index d63de5326c..8f530ed5e5 100644
--- a/data/CVE/2003.list
+++ b/data/CVE/2003.list
@@ -1,7 +1,6 @@
 CVE-2003-1603 (GE Healthcare Discovery VH has a default password of (1) interfile for ...)
 	NOT-FOR-US: GE Healthcare Discovery VH
-CVE-2003-1604 [oops in ipt_REDIRECT]
-	RESERVED
+CVE-2003-1604 (The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in ...)
 	- linux <not-affected> (Fixed before rename to src:linux)
 	- linux-2.6 <not-affected> (Fixed before initial upload of linux-2.6 in Debian)
 	NOTE: https://marc.info/?l=netfilter-devel&m=106668497403047&w=2
diff --git a/data/CVE/2008.list b/data/CVE/2008.list
index ed9b7721bb..2f53fd1564 100644
--- a/data/CVE/2008.list
+++ b/data/CVE/2008.list
@@ -1,5 +1,4 @@
-CVE-2008-7316
-	RESERVED
+CVE-2008-7316 (mm/filemap.c in the Linux kernel before 2.6.25 allows local users to ...)
 	- linux <not-affected> (Issue fixed before the src:linux-2.6 rename)
 	- linux-2.6 2.6.25-1
 	NOTE: https://git.kernel.org/linus/124d3b7041f9a0ca7c43a6293e1cae4576c32fd5 (v2.6.25-rc1)
diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index ab5b8d711c..f57b65f1b7 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -16,8 +16,7 @@ CVE-2011-5323 (GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly o
 	NOT-FOR-US: GE Healthcare Centricity PACS-IW
 CVE-2011-5322 (GE Healthcare Centricity Analytics Server 1.1 has a default password ...)
 	NOT-FOR-US: GE Healthcare Centricity Analytics Server
-CVE-2011-5321 [tty: kobject reference leakage in tty_open]
-	RESERVED
+CVE-2011-5321 (The tty_open function in drivers/tty/tty_io.c in the Linux kernel ...)
 	{DLA-246-1}
 	- linux 3.2.20-1
 	- linux-2.6 3.2.1-1
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 68e3f620aa..47c484cb75 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -1,7 +1,6 @@
 CVE-2012-XXXX [Option -localhost seems to fail to restrict ipv6 access]
 	- x11vnc <unfixed> (bug #672435)
-CVE-2012-6701 [vfs: make AIO use the proper rw_verify_area() area helpers]
-	RESERVED
+CVE-2012-6701 (Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows ...)
 	- linux <not-affected> (Fixed in v3.2.19; which was before src:linux rename)
 	- linux-2.6 3.2.19-1
 	NOTE: https://git.kernel.org/linus/a70b52ec1aaeaf60f4739edb1b422827cb6f3893 (v3.5-rc1)
@@ -47,8 +46,7 @@ CVE-2012-6690
 	RESERVED
 CVE-2012-6688
 	RESERVED
-CVE-2012-6689 [incorrect validation of netlink message origin allows attackers to spoof netlink messages]
-	RESERVED
+CVE-2012-6689 (The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux ...)
 	{DLA-246-1}
 	- linux 3.6.4-1
 	[wheezy] - linux 3.2.30-1
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index 7ddf7d9393..c039be38c5 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -241,8 +241,7 @@ CVE-2014-9721 (libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attacker
 	NOTE: https://github.com/zeromq/libzmq/issues/1273
 	NOTE: https://github.com/zeromq/zeromq4-x/commit/b6e3e0f601e2c1ec1f3aac880ed6a3fe63043e51
 	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/8
-CVE-2014-9717 [USERNS allows circumventing MNT_LOCKED]
-	RESERVED
+CVE-2014-9717 (fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH ...)
 	- linux 4.0.2-1 (low)
 	[jessie] - linux <no-dsa> (Too intrusive to backport)
 	[wheezy] - linux <not-affected> (user namespaces known broken before 3.5, see kernel-sec info)
@@ -3978,7 +3977,7 @@ CVE-2014-8488 (Cross-site scripting (XSS) vulnerability in the administrator pan
 CVE-2014-8487 (Kony Management (aka Enterprise Mobile Management or EMM) 1.2 and ...)
 	NOT-FOR-US: Kony Management
 CVE-2014-8486
-	RESERVED
+	REJECTED
 CVE-2014-8482
 	RESERVED
 CVE-2014-8479 (The FTP server on Siemens SCALANCE X-300 switches with firmware before ...)
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index 76b4f89ec3..7eeae253ff 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -1,4 +1,5 @@
 CVE-2015-8869 [buffer overflow and information leak]
+	RESERVED
 	- ocaml <unfixed>
 	NOTE: https://github.com/ocaml/ocaml/commit/659615c7b100a89eafe6253e7a5b9d84d0e8df74#diff-a97df53e3ebc59bb457191b496c90762
 	NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/1
@@ -143,8 +144,7 @@ CVE-2015-8865 [Buffer over-write in finfo_open with malformed magic file]
 	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e
 	NOTE: PHP fixed in 7.0.5, 5.6.20, 5.5.34
 	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
-CVE-2015-8839 [ext4 data corruption due to punch hole races]
-	RESERVED
+CVE-2015-8839 (Multiple race conditions in the ext4 filesystem implementation in the ...)
 	- linux 4.5.1-1
 	NOTE: https://git.kernel.org/linus/ea3d7209ca01da209cda6f0dea8be9cc4b7a933b (v4.5-rc1)
 	NOTE: https://git.kernel.org/linus/17048e8a083fec7ad841d88ef0812707fbc7e39f (v4.5-rc1)
@@ -289,8 +289,7 @@ CVE-2015-XXXX [SQL injection due to unescaped object keys]
 	NOTE: https://github.com/felixge/node-mysql/issues/342
 	NOTE: https://nodesecurity.io/advisories/66
 	NOTE: nodejs not covered by security support
-CVE-2015-8830 [aio write triggers integer overflow in some network protocols]
-	RESERVED
+CVE-2015-8830 (Integer overflow in the aio_setup_single_vector function in fs/aio.c ...)
 	- linux 4.1.3-1
 	[jessie] - linux 3.16.7-ckt20-1+deb8u4
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
@@ -609,8 +608,7 @@ CVE-2015-8748 (Radicale before 1.1 allows remote authenticated users to bypass .
 CVE-2015-8747 (The multifilesystem storage backend in Radicale before 1.1 allows ...)
 	{DSA-3462-1 DLA-403-1}
 	- radicale 1.1.1-1 (bug #809920)
-CVE-2015-8746 [when NFSv4 migration is executed, kernel oops occurs at NFS client]
-	RESERVED
+CVE-2015-8746 (fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 ...)
 	- linux 4.3.1-1
 	[jessie] - linux 3.16.7-ckt20-1
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
@@ -2162,8 +2160,7 @@ CVE-2015-8327 (Incomplete blacklist vulnerability in util.c in foomatic-rip in .
 	- cups-filters 1.2.0-1
 	[wheezy] - cups-filters <not-affected> (Vulnerable code not present; introduced in 1.0.42)
 	- foomatic-filters 4.0.17-7 (bug #806886)
-CVE-2015-8325 [ignore PAM environment vars when UseLogin=yes]
-	RESERVED
+CVE-2015-8325 (The do_setup_env function in session.c in sshd in OpenSSH through ...)
 	{DSA-3550-1}
 	- openssh 1:7.2p2-3
 	NOTE: Upstream fix: https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755
@@ -2281,8 +2278,7 @@ CVE-2015-8302
 	RESERVED
 CVE-2015-8301
 	RESERVED
-CVE-2015-8324 [Null pointer dereference when mounting ext4 filesystem]
-	RESERVED
+CVE-2015-8324 (The ext4 implementation in the Linux kernel before 2.6.34 does not ...)
 	{DLA-360-1}
 	- linux 2.6.37-1
 	- linux-2.6 <removed>
@@ -3190,8 +3186,7 @@ CVE-2015-XXXX [buffer overflow with handling pop3_deleted_flag setting]
 	[squeeze] - dovecot <not-affected> (Bug with pop3_deleted_flag introduced in 2.2.10)
 	NOTE: http://hg.dovecot.org/dovecot-2.2/rev/05e0700daea3
 	TODO: The link in the previous line is broken. Please, consider replacing it. Error: 404
-CVE-2015-8019 [Buffer overflow when copying data from skbuff to userspace]
-	RESERVED
+CVE-2015-8019 (The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c ...)
 	- linux <not-affected> (Vulnerable code not present)
 	- linux-2.6 <not-affected> (Vulnerable code not present)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/10/27/11
@@ -3743,7 +3738,7 @@ CVE-2015-7828 (SAP HANA Database 1.00 SPS10 and earlier do not require ...)
 	NOT-FOR-US: SAP HANA
 CVE-2015-7827 [PKCS #1 v1.5 decoding was not constant time]
 	RESERVED
-	{DLA-449-1}
+	{DSA-3565-1 DLA-449-1}
 	- botan1.10 <unfixed> (bug #817932)
 	NOTE: Fixed in 1.11.22. Affected all previous versions
 	NOTE: http://botan.randombit.net/security.html
@@ -9195,13 +9190,13 @@ CVE-2015-5728
 	RESERVED
 CVE-2015-5727 [Excess memory allocation in BER decoder]
 	RESERVED
-	{DLA-449-1}
+	{DSA-3565-1 DLA-449-1}
 	- botan1.10 1.10.10-1
 	NOTE: Fixed in 1.11.19 and 1.10.10, affected all previous versions of 1.10 and 1.11
 	NOTE: http://botan.randombit.net/security.html
 CVE-2015-5726 [Crash in BER decoder]
 	RESERVED
-	{DLA-449-1}
+	{DSA-3565-1 DLA-449-1}
 	- botan1.10 1.10.10-1
 	NOTE: Fixed in 1.11.19 and 1.10.10, affected all previous versions of 1.10 and 1.11
 	NOTE: http://botan.randombit.net/security.html
@@ -13840,8 +13835,7 @@ CVE-2015-6593
 CVE-2015-4179
 	RESERVED
 	NOT-FOR-US: WordPress plugin codestyling-localization
-CVE-2015-4176
-	RESERVED
+CVE-2015-4176 (fs/namespace.c in the Linux kernel before 4.0.2 does not properly ...)
 	- linux <not-affected> (Introducing commit was applied to 4.0.2 but e0c9c0afd2fc958ffa34b697972721d81df8a56f as well backported into 4.0.2)
 	- linux-2.6 <not-affected> (Introduced and fixed in 4.1-rc1 upstream)
 	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce07d891a0891d3c0d0c2d73d577490486b809e1 (v4.1-rc1)
@@ -13968,8 +13962,7 @@ CVE-2015-4128
 	RESERVED
 CVE-2015-4127 (Cross-site scripting (XSS) vulnerability in the church_admin plugin ...)
 	NOT-FOR-US: church_admin plugin for WordPress
-CVE-2015-4178 [ns: user namespaces panic -- lack of internal consistency of a data structure]
-	RESERVED
+CVE-2015-4178 (The fs_pin implementation in the Linux kernel before 4.0.5 does not ...)
 	- linux <not-affected> (Commit was applied to 4.0.2 as well but fixed in Debian by two subsequent commits)
 	NOTE: Debian both applies "mnt: Fail collect_mounts when applied to unmounted mounts"
 	NOTE: and "fs_pin: Allow for the possibility that m_list or s_list go unused." in
@@ -13978,8 +13971,7 @@ CVE-2015-4178 [ns: user namespaces panic -- lack of internal consistency of a da
 	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce07d891a0891d3c0d0c2d73d577490486b809e1 (v4.1-rc1)
 	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=820f9f147dcce2602eefd9b575bbbd9ea14f0953 (v4.1-rc1)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/05/29/5
-CVE-2015-4177 [ns: user namespaces panic -- lack of state identification]
-	RESERVED
+CVE-2015-4177 (The collect_mounts function in fs/namespace.c in the Linux kernel ...)
 	- linux <not-affected> (Commit was applied to 4.0.2 as well but fixed in Debian by two subsequent commits)
 	NOTE: Debian both applies "mnt: Fail collect_mounts when applied to unmounted mounts"
 	NOTE: and "fs_pin: Allow for the possibility that m_list or s_list go unused." in
@@ -14169,8 +14161,7 @@ CVE-2015-4082 [encrypted backups attack]
 	NOTE: https://github.com/jborg/attic/issues/271
 	NOTE: https://github.com/jborg/attic/commit/78f9ad1faba7193ca7f0acccbc13b1ff6ebf9072
 	NOTE: http://www.openwall.com/lists/oss-security/2015/05/25/3
-CVE-2015-4170 [vulnerability in the kernel tty subsystem]
-	RESERVED
+CVE-2015-4170 (Race condition in the ldsem_cmpxchg function in ...)
 	- linux 3.13.4-1
 	[wheezy] - linux <not-affected> (commit 4898e640caf03fdbaf2122d5a33949bf3e4a5b34 not backported)
 	- linux-2.6 <not-affected> (commit 4898e640caf03fdbaf2122d5a33949bf3e4a5b34 not backported)
@@ -19127,8 +19118,7 @@ CVE-2015-2350 (Cross-site request forgery (CSRF) vulnerability in MikroTik Route
 	NOT-FOR-US: MikroTik RouterOS
 CVE-2015-2349 (Cross-site scripting (XSS) vulnerability in defaultnewsletter.php in ...)
 	NOT-FOR-US: SuperWebMailer
-CVE-2015-2686 [sys_sendto/sys_recvfrom does not validate the user provided ubuf pointer]
-	RESERVED
+CVE-2015-2686 (net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate ...)
 	- linux <not-affected> (Introduced in 3.19, never uploaded to unstable)
 	- linux-2.6 <not-affected> (Introduced in 3.19, never uploaded to unstable)
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4de930efc23b92ddf88ce91c405ee645fe6e27ea
@@ -19319,8 +19309,7 @@ CVE-2015-2684 (Shibboleth Service Provider (SP) before 2.5.4 allows remote ...)
 	{DSA-3207-1 DLA-259-1}
 	- shibboleth-sp2 2.5.3+dfsg-2
 	NOTE: http://shibboleth.net/community/advisories/secadv_20150319.txt
-CVE-2015-2672 [unprivileged denial-of-service due to mis-protected xsave/xrstor instructions]
-	RESERVED
+CVE-2015-2672 (The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the ...)
 	- linux <not-affected>
 	- linux-2.6 <not-affected>
 	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f31a9f7c71691569359fa7fb8b0acaa44bce0324 (v3.17-rc1)
@@ -21600,8 +21589,7 @@ CVE-2015-1484 (Unquoted Windows search path vulnerability in the agent in Symant
 	NOT-FOR-US: Symantec Workspace Streaming
 CVE-2015-1483 (Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and UNIX ...)
 	NOT-FOR-US: Symantec NetBackup OpsCenter
-CVE-2015-1573 [nft flush ruleset crashes kernel]
-	RESERVED
+CVE-2015-1573 (The nft_flush_table function in net/netfilter/nf_tables_api.c in the ...)
 	- linux <not-affected> (Vulnerable code introduced in v3.18-rc1, never in the archive outside of experimental)
 	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/pablo/nf.git/commit/?id=a2f18db0c68fec96631c10cad9384c196e9008ac (v3.19-rc5)
 	NOTE: Introduced by http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9ac12ef099707f405d7478009564302d7ed8393 (v3.18-rc1)
@@ -23086,8 +23074,7 @@ CVE-2015-1195 (The V2 API in OpenStack Image Registry and Delivery Service (Glan
 	- glance 2014.1.3-11 (bug #775926)
 	[wheezy] - glance <not-affected> (Vulnerable code not present)
 	NOTE: up to 2014.1.3 and 2014.2 versions up to 2014.2.1
-CVE-2015-1350 [chown removes security.capability xattr on other users' files]
-	RESERVED
+CVE-2015-1350 (The VFS subsystem in the Linux kernel 3.x provides an incomplete set ...)
 	- linux <unfixed> (bug #770492)
 	- linux-2.6 <removed>
 CVE-2015-1164 (Open redirect vulnerability in the serve-static plugin before 1.7.2 ...)
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index d118097734..cb41a1c6ac 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -1,3 +1,121 @@
+CVE-2016-4413
+	RESERVED
+CVE-2016-4412
+	RESERVED
+CVE-2016-4411
+	RESERVED
+CVE-2016-4410
+	RESERVED
+CVE-2016-4409
+	RESERVED
+CVE-2016-4408
+	RESERVED
+CVE-2016-4407
+	RESERVED
+CVE-2016-4406
+	RESERVED
+CVE-2016-4405
+	RESERVED
+CVE-2016-4404
+	RESERVED
+CVE-2016-4403
+	RESERVED
+CVE-2016-4402
+	RESERVED
+CVE-2016-4401
+	RESERVED
+CVE-2016-4400
+	RESERVED
+CVE-2016-4399
+	RESERVED
+CVE-2016-4398
+	RESERVED
+CVE-2016-4397
+	RESERVED
+CVE-2016-4396
+	RESERVED
+CVE-2016-4395
+	RESERVED
+CVE-2016-4394
+	RESERVED
+CVE-2016-4393
+	RESERVED
+CVE-2016-4392
+	RESERVED
+CVE-2016-4391
+	RESERVED
+CVE-2016-4390
+	RESERVED
+CVE-2016-4389
+	RESERVED
+CVE-2016-4388
+	RESERVED
+CVE-2016-4387
+	RESERVED
+CVE-2016-4386
+	RESERVED
+CVE-2016-4385
+	RESERVED
+CVE-2016-4384
+	RESERVED
+CVE-2016-4383
+	RESERVED
+CVE-2016-4382
+	RESERVED
+CVE-2016-4381
+	RESERVED
+CVE-2016-4380
+	RESERVED
+CVE-2016-4379
+	RESERVED
+CVE-2016-4378
+	RESERVED
+CVE-2016-4377
+	RESERVED
+CVE-2016-4376
+	RESERVED
+CVE-2016-4375
+	RESERVED
+CVE-2016-4374
+	RESERVED
+CVE-2016-4373
+	RESERVED
+CVE-2016-4372
+	RESERVED
+CVE-2016-4371
+	RESERVED
+CVE-2016-4370
+	RESERVED
+CVE-2016-4369
+	RESERVED
+CVE-2016-4368
+	RESERVED
+CVE-2016-4367
+	RESERVED
+CVE-2016-4366
+	RESERVED
+CVE-2016-4365
+	RESERVED
+CVE-2016-4364
+	RESERVED
+CVE-2016-4363
+	RESERVED
+CVE-2016-4362
+	RESERVED
+CVE-2016-4361
+	RESERVED
+CVE-2016-4360
+	RESERVED
+CVE-2016-4359
+	RESERVED
+CVE-2016-4358
+	RESERVED
+CVE-2016-4357
+	RESERVED
+CVE-2016-4351
+	RESERVED
+CVE-2016-4350
+	RESERVED
 CVE-2016-XXXX [A remote attacker could change Atheme's behavior by registering/dropping certain accounts/nicks]
 	- atheme-services <unfixed>
 	NOTE: https://github.com/atheme/atheme/issues/397
@@ -12,11 +130,13 @@ CVE-2016-4425 [stack exhaustion parsing a JSON file]
 	NOTE: https://github.com/akheron/jansson/issues/282
 	NOTE: http://www.openwall.com/lists/oss-security/2016/05/01/5
 CVE-2016-4422 [local root privilege escalation]
+	RESERVED
 	- libpam-sshauth 0.4.1-2
 	NOTE: Introduced in: https://bazaar.launchpad.net/~ltsp-upstream/ltsp/libpam-sshauth/revision/93/src/pam_sshauth.c
 	NOTE: Fixed in: https://bazaar.launchpad.net/~ltsp-upstream/ltsp/libpam-sshauth/revision/114
 	NOTE: http://www.openwall.com/lists/oss-security/2016/05/01/2
 CVE-2016-4414 [denial of service]
+	RESERVED
 	- quassel 1:0.12.4-2
 	[wheezy] - quassel <not-affected> (Vulnerable code introduced with 0.10.0)
 	NOTE: https://github.com/quassel/quassel/blob/f64ac93/src/core/coreauthhandler.cpp#L100
@@ -26,6 +146,7 @@ CVE-2016-4414 [denial of service]
 CVE-2016-4349 (Untrusted search path vulnerability in Cisco WebEx Productivity Tools ...)
 	NOT-FOR-US: Cisco
 CVE-2016-4352 [Mplayer/Mencoder integer overflow parsing gif files]
+	RESERVED
 	- mplayer <unfixed>
 	NOTE: https://trac.mplayerhq.hu/ticket/2295
 	NOTE: Fixed in Revision r37857 upstream
@@ -1014,8 +1135,7 @@ CVE-2016-3953
 	RESERVED
 CVE-2016-3952
 	RESERVED
-CVE-2016-3951 [usbnet: memory corruption triggered by invalid USB descriptor]
-	RESERVED
+CVE-2016-3951 (Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux ...)
 	- linux 4.5.1-1
 	NOTE: https://git.kernel.org/linus/4d06dd537f95683aba3651098ae288b7cbff8274 (v4.5)
 	NOTE: https://git.kernel.org/linus/1666984c8625b3db19a9abc298931d35ab7bc64b (v4.5)
@@ -1602,8 +1722,7 @@ CVE-2016-3684
 	RESERVED
 CVE-2016-3683
 	RESERVED
-CVE-2016-3689 [crash on invalid USB device descriptors (ims-pcu driver)]
-	RESERVED
+CVE-2016-3689 (The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in ...)
 	- linux 4.5.1-1
 	NOTE: Upstream fix: https://git.kernel.org/linus/a0ad220c96692eda76b2e3fd7279f3dcd1d8a8ff (v4.6-rc1)
 	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=971628
@@ -3031,8 +3150,7 @@ CVE-2016-XXXX [A missing null termination of a string causes an out of bounds me
 	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4193
 	NOTE: https://github.com/proftpd/proftpd/commit/d9f9d469ce1da09c7935f509797d488fa2d08697
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/11/12
-CVE-2016-3140 [crash on invalid USB device descriptors (digi_acceleport driver)]
-	RESERVED
+CVE-2016-3140 (The digi_port_init function in drivers/usb/serial/digi_acceleport.c in ...)
 	- linux 4.5.1-1 (low)
 	[jessie] - linux <no-dsa> (Minor issue)
 	[wheezy] - linux <no-dsa> (Minor issue)
@@ -3044,23 +3162,20 @@ CVE-2016-3139 (The wacom_probe function in drivers/input/tablet/wacom_sys.c in t
 	NOTE: http://seclists.org/bugtraq/2016/Mar/60
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283375
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283377
-CVE-2016-3138 [crash on invalid USB device descriptors (cdc_acm driver)]
-	RESERVED
+CVE-2016-3138 (The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux ...)
 	- linux 4.5.1-1 (low)
 	[jessie] - linux <no-dsa> (Minor issue)
 	[wheezy] - linux <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/bugtraq/2016/Mar/54
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283366
 	NOTE: http://marc.info/?l=linux-usb&m=145803342320160&w=2
-CVE-2016-3137 [crash on invalid USB device descriptors (cypress_m8 driver)]
-	RESERVED
+CVE-2016-3137 (drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 ...)
 	- linux 4.5.1-1 (low)
 	[jessie] - linux <no-dsa> (Minor issue)
 	[wheezy] - linux <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/bugtraq/2016/Mar/55
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283368
-CVE-2016-3136 [crash on invalid USB device descriptors (mct_u232 driver)]
-	RESERVED
+CVE-2016-3136 (The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in ...)
 	- linux 4.5.1-1 (low)
 	[jessie] - linux <no-dsa> (Minor issue)
 	[wheezy] - linux <no-dsa> (Minor issue)
@@ -3559,7 +3674,7 @@ CVE-2016-2850
 	NOTE: Introduced in 1.11.0, fixed in 1.11.29
 CVE-2016-2849 [ECDSA side channel attack]
 	RESERVED
-	{DLA-449-1}
+	{DSA-3565-1 DLA-449-1}
 	- botan1.10 <unfixed> (bug #822698)
 	NOTE: http://botan.randombit.net/security.html
 	NOTE: Introduced in 1.7.15, fixed in 1.11.29
@@ -3645,14 +3760,12 @@ CVE-2016-2857 (The net_checksum_calculate function in net/checksum.c in QEMU all
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-03/msg00671.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1296567
 	NOTE: http://www.openwall.com/lists/oss-security/2016/03/03/9
-CVE-2016-2854 [AUFS Xattr Setgid Privilege Escalation]
-	RESERVED
+CVE-2016-2854 (The aufs module for the Linux kernel 3.x and 4.x does not properly ...)
 	- linux <unfixed>
 	NOTE: http://www.halfdog.net/Security/2016/AufsPrivilegeEscalationInUserNamespaces/
 	NOTE: https://sourceforge.net/p/aufs/mailman/message/34864744/
 	TODO: doublecheck with Ben, aufs is available as udebs, but not as a standard kernel module (possibly only in use for live images)
-CVE-2016-2853 [AUFS Over Fuse: Loss of Nosuid]
-	RESERVED
+CVE-2016-2853 (The aufs module for the Linux kernel 3.x and 4.x does not properly ...)
 	- linux <unfixed>
 	NOTE: http://www.halfdog.net/Security/2016/AufsPrivilegeEscalationInUserNamespaces/
 	NOTE: https://sourceforge.net/p/aufs/mailman/message/34864744/
@@ -3695,8 +3808,7 @@ CVE-2016-2822
 	RESERVED
 CVE-2016-2821
 	RESERVED
-CVE-2016-2820
-	RESERVED
+CVE-2016-2820 (The Firefox Health Reports (aka FHR or about:healthreport) feature in ...)
 	- iceweasel <not-affected> (Only Firefox 46)
 	- firefox-esr <not-affected> (Only Firefox 46)
 	- firefox 46.0-1
@@ -3705,86 +3817,73 @@ CVE-2016-2819
 	RESERVED
 CVE-2016-2818
 	RESERVED
-CVE-2016-2817
-	RESERVED
+CVE-2016-2817 (The WebExtension sandbox feature in ...)
 	- iceweasel <not-affected> (Only Firefox 46)
 	- firefox-esr <not-affected> (Only Firefox 46)
 	- firefox 46.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-46/
-CVE-2016-2816
-	RESERVED
+CVE-2016-2816 (Mozilla Firefox before 46.0 allows remote attackers to bypass the ...)
 	- iceweasel <not-affected> (Only Firefox 46)
 	- firefox-esr <not-affected> (Only Firefox 46)
 	- firefox 46.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-45/
 CVE-2016-2815
 	RESERVED
-CVE-2016-2814
-	RESERVED
+CVE-2016-2814 (Heap-based buffer overflow in the ...)
 	{DSA-3559-1}
 	- iceweasel <removed>
 	- firefox-esr 45.1.0esr-1
 	- firefox 46.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-44/
-CVE-2016-2813
-	RESERVED
+CVE-2016-2813 (Mozilla Firefox before 46.0 on Android does not properly restrict ...)
 	- iceweasel <not-affected> (Only Firefox on Android)
 	- firefox-esr <not-affected> (Only Firefox on Android)
 	- firefox <not-affected> (Only Firefox on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-43/
-CVE-2016-2812
-	RESERVED
+CVE-2016-2812 (Race condition in the get implementation in the ServiceWorkerManager ...)
 	- iceweasel <not-affected> (Only Firefox 46)
 	- firefox-esr <not-affected> (Only Firefox 46)
 	- firefox 46.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-42/
-CVE-2016-2811
-	RESERVED
+CVE-2016-2811 (Use-after-free vulnerability in the ServiceWorkerInfo class in the ...)
 	- iceweasel <not-affected> (Only Firefox 46)
 	- firefox-esr <not-affected> (Only Firefox 46)
 	- firefox 46.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-42/
-CVE-2016-2810
-	RESERVED
+CVE-2016-2810 (Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to ...)
 	- iceweasel <not-affected> (Only Firefox on Android)
 	- firefox-esr <not-affected> (Only Firefox on Android)
 	- firefox <not-affected> (Only Firefox on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-41/
-CVE-2016-2809
-	RESERVED
+CVE-2016-2809 (The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 ...)
 	- iceweasel <not-affected> (Only Firefox on Windows)
 	- firefox-esr <not-affected> (Only Firefox on Windows)
 	- firefox <not-affected> (Only Firefox on Windows)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-40/
-CVE-2016-2808
-	RESERVED
+CVE-2016-2808 (The watch implementation in the JavaScript engine in Mozilla Firefox ...)
 	{DSA-3559-1}
 	- iceweasel <removed>
 	- firefox-esr 45.1.0esr-1
 	- firefox 46.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-47/
-CVE-2016-2807 [Memory safety bugs fixed in Firefox ESR 45.1, Firefox ESR 38.8 and Firefox 46]
-	RESERVED
+CVE-2016-2807 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	{DSA-3559-1}
 	- iceweasel <removed>
 	- firefox-esr 45.1.0esr-1
 	- firefox 46.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/
-CVE-2016-2806 [Memory safety bugs fixed in Firefox ESR 45.1 and Firefox 46]
-	RESERVED
+CVE-2016-2806 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- iceweasel <not-affected> (Only Firefox 45.x)
 	- firefox-esr 45.1.0esr-1
 	- firefox 46.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/
-CVE-2016-2805 [Memory safety bug fixed in Firefox ESR 38.8]
-	RESERVED
+CVE-2016-2805 (Unspecified vulnerability in the browser engine in Mozilla Firefox ESR ...)
 	{DSA-3559-1}
 	- iceweasel <removed>
 	- firefox-esr <not-affected> (Only affects Firefox ESR 38.x)
 	- firefox <not-affected> (Only affects Firefox ESR 38.x)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/
-CVE-2016-2804 [Memory safety bugs fixed in Firefox 46]
-	RESERVED
+CVE-2016-2804 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- iceweasel <not-affected> (Only Firefox 46)
 	- firefox-esr <not-affected> (Only Firefox 46)
 	- firefox 46.0-1
@@ -4620,46 +4719,46 @@ CVE-2016-2535
 	RESERVED
 CVE-2016-2534
 	RESERVED
-CVE-2016-4421 [another ASN.1 BER dissector crash]
+CVE-2016-4421 (epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark ...)
 	{DSA-3516-1}
 	- wireshark 2.0.2+ga16e22e-1
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-18.html
 	NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
 	NOTE: Fixed versions: 2.0.2, 1.12.10
-CVE-2016-4420 [NFS dissector crash]
+CVE-2016-4420 (The NFS dissector in Wireshark 2.x before 2.0.2 allows remote ...)
 	- wireshark 2.0.2+ga16e22e-1
 	[jessie] - wireshark <not-affected> (Vulnerable code not present)
 	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-17.html
 	NOTE: Affected versions: 2.0.0 to 2.0.1
 	NOTE: Fixed versions: 2.0.2
-CVE-2016-4419 [SPICE dissector large loop]
+CVE-2016-4419 (epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x ...)
 	- wireshark 2.0.2+ga16e22e-1
 	[jessie] - wireshark <not-affected> (Vulnerable code not present)
 	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-16.html
 	NOTE: Affected versions: 2.0.0 to 2.0.1
 	NOTE: Fixed versions: 2.0.2
-CVE-2016-4418 [ASN.1 BER dissector crash]
+CVE-2016-4418 (epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark ...)
 	{DSA-3516-1}
 	- wireshark 2.0.2+ga16e22e-1
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-15.html
 	NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
 	NOTE: Fixed versions: 2.0.2, 1.12.10
-CVE-2016-4417 [GSM A-bis OML dissector crash]
+CVE-2016-4417 (Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM ...)
 	{DSA-3516-1}
 	- wireshark 2.0.2+ga16e22e-1
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-14.html
 	NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
 	NOTE: Fixed versions: 2.0.2, 1.12.10
-CVE-2016-4416 [IEEE 802.11 dissector crash]
+CVE-2016-4416 (epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in ...)
 	- wireshark 2.0.2+ga16e22e-1
 	[jessie] - wireshark <not-affected> (Vulnerable code not present)
 	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-13.html
 	NOTE: Affected versions: 2.0.0 to 2.0.1
 	NOTE: Fixed versions: 2.0.2
-CVE-2016-4415 [Ixia IxVeriWave file parser crash]
+CVE-2016-4415 (wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x ...)
 	- wireshark 2.0.2+ga16e22e-1
 	[jessie] - wireshark <not-affected> (Vulnerable code not present)
 	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
@@ -5698,13 +5797,13 @@ CVE-2016-2196 [Overwrite in P-521 reduction]
 	NOTE: http://botan.randombit.net/security.html
 CVE-2016-2195 [Heap overflow on invalid ECC point]
 	RESERVED
-	{DLA-449-1}
+	{DSA-3565-1 DLA-449-1}
 	- botan1.10 1.10.12-1
 	NOTE: Introduced in 1.9.18, fixed in 1.11.27 and 1.10.11
 	NOTE: http://botan.randombit.net/security.html
 CVE-2016-2194 [Infinite loop in modulur square root algorithm]
 	RESERVED
-	{DLA-449-1}
+	{DSA-3565-1 DLA-449-1}
 	- botan1.10 1.10.12-1
 	NOTE: Introduced in 1.7.15, fixed in 1.11.27 and 1.10.11
 	NOTE: http://botan.randombit.net/security.html
@@ -5727,8 +5826,7 @@ CVE-2016-2190 [MSA-16-0011: Add no referrer to links with _blank target attribut
 	- moodle 2.7.13+dfsg-1
 CVE-2016-2189
 	RESERVED
-CVE-2016-2188 [Kernel panic on invalid USB device descriptor (iowarrior driver)]
-	RESERVED
+CVE-2016-2188 (The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the ...)
 	- linux <unfixed>
 	[jessie] - linux <no-dsa> (Minor issue)
 	[wheezy] - linux <no-dsa> (Minor issue)
@@ -5736,13 +5834,11 @@ CVE-2016-2188 [Kernel panic on invalid USB device descriptor (iowarrior driver)]
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283390
 	NOTE: http://seclists.org/bugtraq/2016/Mar/87
 	NOTE: http://marc.info/?l=linux-usb&m=145796659429788&w=2
-CVE-2016-2187 [Kernel panic on invalid USB device descriptor (gtco driver)]
-	RESERVED
+CVE-2016-2187 (The gtco_probe function in drivers/input/tablet/gtco.c in the Linux ...)
 	- linux 4.5.2-1
 	NOTE: Upstream commit: https://git.kernel.org/linus/162f98dea487206d9ab79fc12ed64700667a894d (v4.6-rc5)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1317017
-CVE-2016-2186 [Kernel panic on invalid USB device descriptor (powermate driver)]
-	RESERVED
+CVE-2016-2186 (The powermate_probe function in drivers/input/misc/powermate.c in the ...)
 	- linux 4.5.1-1 (low)
 	[jessie] - linux <no-dsa> (Minor issue)
 	[wheezy] - linux <no-dsa> (Minor issue)
@@ -5750,8 +5846,7 @@ CVE-2016-2186 [Kernel panic on invalid USB device descriptor (powermate driver)]
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283384
 	NOTE: http://seclists.org/bugtraq/2016/Mar/85
 	NOTE: http://marc.info/?l=linux-usb&m=145796479528669&w=2
-CVE-2016-2185 [Kernel panic on invalid USB device descriptor (ati_remote2 driver)]
-	RESERVED
+CVE-2016-2185 (The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in ...)
 	- linux 4.5.1-1 (low)
 	[jessie] - linux <no-dsa> (Minor issue)
 	[wheezy] - linux <no-dsa> (Minor issue)
@@ -5940,8 +6035,7 @@ CVE-2016-2118 (The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and
 	- samba 2:4.3.7+dfsg-1
 	NOTE: https://www.samba.org/samba/security/CVE-2016-2118.html
 	NOTE: http://badlock.org/
-CVE-2016-2117 [memory disclosure to ethernet due to unchecked scatter/gather IO]
-	RESERVED
+CVE-2016-2117 (The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in ...)
 	- linux 4.5.2-1
 	[wheezy] - linux <not-affected> (Issue introduced with v3.10-rc1)
 	NOTE: Introduced in https://git.kernel.org/linus/ec5f061564238892005257c83565a0b58ec79295 (v3.10-rc1)
@@ -6176,8 +6270,7 @@ CVE-2016-2073 (The htmlParseNameComplex function in HTMLparser.c in libxml2 allo
 	- libxml2 <unfixed> (bug #812807)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/25/6
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/26/8 has details
-CVE-2016-2070 [division by zero in TCP code]
-	RESERVED
+CVE-2016-2070 (The tcp_cwnd_reduction function in net/ipv4/tcp_input.c in the Linux ...)
 	- linux 4.3.5-1
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
 	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
@@ -6295,8 +6388,7 @@ CVE-2016-2069 (Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/25/1
 	NOTE: https://git.kernel.org/linus/71b3c126e61177eb693423f2e18a1914205b165e (v4.5-rc1)
 	NOTE: https://git.kernel.org/linus/4eaffdd5a5fe6ff9f95e1ab4de1ac904d5e0fa8b (v4.5-rc1)
-CVE-2016-2053 [Denial of service with specially crafted key file]
-	RESERVED
+CVE-2016-2053 (The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux ...)
 	- linux 4.3.1-1
 	[jessie] - linux <no-dsa> (Vulnerable code not built in Debian configuration)
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
@@ -7367,32 +7459,39 @@ CVE-2016-1667
 	RESERVED
 CVE-2016-1666
 	RESERVED
+	{DSA-3564-1}
 	- chromium-browser 50.0.2661.94-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 CVE-2016-1665
 	RESERVED
+	{DSA-3564-1}
 	- chromium-browser 50.0.2661.94-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 	- libv8 <unfixed> (unimportant)
 	NOTE: libv8 not covered by security support
 CVE-2016-1664
 	RESERVED
+	{DSA-3564-1}
 	- chromium-browser 50.0.2661.94-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 CVE-2016-1663
 	RESERVED
+	{DSA-3564-1}
 	- chromium-browser 50.0.2661.94-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 CVE-2016-1662
 	RESERVED
+	{DSA-3564-1}
 	- chromium-browser 50.0.2661.94-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 CVE-2016-1661
 	RESERVED
+	{DSA-3564-1}
 	- chromium-browser 50.0.2661.94-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 CVE-2016-1660
 	RESERVED
+	{DSA-3564-1}
 	- chromium-browser 50.0.2661.94-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 CVE-2016-1659 (Multiple unspecified vulnerabilities in Google Chrome before ...)
@@ -7697,16 +7796,14 @@ CVE-2016-1577 (Double free vulnerability in the jas_iccattrval_destroy function
 	{DSA-3508-1}
 	- jasper <unfixed> (bug #816625)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/03/03/12
-CVE-2016-1576
-	RESERVED
+CVE-2016-1576 (The overlayfs implementation in the Linux kernel through 4.5.2 does ...)
 	- linux <unfixed>
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	- linux-2.6 <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1535150
 	NOTE: http://www.halfdog.net/Security/2016/OverlayfsOverFusePrivilegeEscalation/
-CVE-2016-1575
-	RESERVED
+CVE-2016-1575 (The overlayfs implementation in the Linux kernel through 4.5.2 does ...)
 	- linux <unfixed>
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
@@ -8296,8 +8393,8 @@ CVE-2016-1345 (Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with
 	NOT-FOR-US: Cisco Firepower
 CVE-2016-1344 (The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 ...)
 	NOT-FOR-US: Cisco IOS
-CVE-2016-1343
-	RESERVED
+CVE-2016-1343 (The XML parser in Cisco Information Server (CIS) 6.2 allows remote ...)
+	TODO: check
 CVE-2016-1342 (The device login page in Cisco FirePOWER Management Center 5.3 through ...)
 	NOT-FOR-US: Cisco
 CVE-2016-1341 (Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 ...)
@@ -8619,12 +8716,12 @@ CVE-2016-1203
 	RESERVED
 CVE-2016-1202 (Untrusted search path vulnerability in Atom Electron before 0.33.5 ...)
 	TODO: check
-CVE-2016-1201
-	RESERVED
-CVE-2016-1200
-	RESERVED
-CVE-2016-1199
-	RESERVED
+CVE-2016-1201 (Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE ...)
+	TODO: check
+CVE-2016-1200 (The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows ...)
+	TODO: check
+CVE-2016-1199 (The login page in the management screen in LOCKON EC-CUBE 3.0.0 ...)
+	TODO: check
 CVE-2016-1198
 	RESERVED
 CVE-2016-1197
@@ -8799,8 +8896,8 @@ CVE-2016-1113
 	RESERVED
 CVE-2016-1112
 	RESERVED
-CVE-2016-1111
-	RESERVED
+CVE-2016-1111 (Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, ...)
+	TODO: check
 CVE-2016-1110
 	RESERVED
 CVE-2016-1109
@@ -11445,6 +11542,7 @@ CVE-2016-0002 (The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.
 CVE-2016-0001
 	RESERVED
 CVE-2016-4353 [denial of service due to stack overflow in src/ber-decoder.c]
+	RESERVED
 	- libksba 1.3.3-1 (low)
 	[squeeze] - libksba <no-dsa> (Minor issue)
 	[wheezy] - libksba <no-dsa> (Minor issue)
@@ -11453,6 +11551,7 @@ CVE-2016-4353 [denial of service due to stack overflow in src/ber-decoder.c]
 	NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/5
 	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=07116a314f4dcd4d96990bbd74db95a03a9f650a
 CVE-2016-4355
+	RESERVED
 	- libksba 1.3.3-1 (low)
 	[squeeze] - libksba <no-dsa> (Minor issue)
 	[wheezy] - libksba <no-dsa> (Minor issue)
@@ -11461,6 +11560,7 @@ CVE-2016-4355
 	NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/5
 	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=aea7b6032865740478ca4b706850a5217f1c3887
 CVE-2016-4354
+	RESERVED
 	- libksba 1.3.3-1 (low)
 	[squeeze] - libksba <no-dsa> (Minor issue)
 	[wheezy] - libksba <no-dsa> (Minor issue)
@@ -11469,6 +11569,7 @@ CVE-2016-4354
 	NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/5
 	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=aea7b6032865740478ca4b706850a5217f1c3887
 CVE-2016-4356
+	RESERVED
 	- libksba 1.3.3-1 (low)
 	[squeeze] - libksba <no-dsa> (Minor issue)
 	[wheezy] - libksba <no-dsa> (Minor issue)
author	security tracker role <sectracker@debian.org>	2016-05-02 21:10:11 +0000
committer	security tracker role <sectracker@debian.org>	2016-05-02 21:10:11 +0000
commit	f14dd7f229b4545766ebf3186b1d93e458e359ee (patch)
tree	a391601895609c1612082ca0c6be366f1d13f92e
parent	158a8e3377e972f426b8e069310cd39cdcf55621 (diff)