diff options
author | security tracker role <sectracker@debian.org> | 2016-06-13 21:10:15 +0000 |
---|---|---|
committer | security tracker role <sectracker@debian.org> | 2016-06-13 21:10:15 +0000 |
commit | d0b45ac12ed63b2b2edb245ea2d8887ae4155d0f (patch) | |
tree | fe3c7eb18265afd55ee9252a41c5ebc2a7e21d36 /data/CVE | |
parent | 091374d6a8361fbcd4a1068111075ef2251c2e95 (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@42512 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2006.list | 2 | ||||
-rw-r--r-- | data/CVE/2007.list | 2 | ||||
-rw-r--r-- | data/CVE/2015.list | 1 | ||||
-rw-r--r-- | data/CVE/2016.list | 324 |
4 files changed, 205 insertions, 124 deletions
diff --git a/data/CVE/2006.list b/data/CVE/2006.list index b1245c9c59..d3320ee89c 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -8863,7 +8863,7 @@ CVE-2006-3308 (Unspecified vulnerability in the wpprop code for Project EROS ... NOT-FOR-US: bbsengine CVE-2006-3307 (Multiple SQL injection vulnerabilities in Project EROS bbsengine ...) NOT-FOR-US: bbsengine -CVE-2006-3306 (Cross-site scripting (XSS) vulnerability in the preparestring funtion ...) +CVE-2006-3306 (Cross-site scripting (XSS) vulnerability in the preparestring function ...) NOT-FOR-US: bbsengine CVE-2006-3305 (Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau ...) NOT-FOR-US: UebiMiau diff --git a/data/CVE/2007.list b/data/CVE/2007.list index 9f58968679..2753067310 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -5105,7 +5105,7 @@ CVE-2007-4631 (The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 [etch] - qgit <no-dsa> (Minor issue) CVE-2007-4630 (Cross-site scripting (XSS) vulnerability in xlaapmview.asp in Absolute ...) NOT-FOR-US: Absolute Poll Manager -CVE-2007-4629 (Buffer overflow in the processLine funtion in maptemplate.c in ...) +CVE-2007-4629 (Buffer overflow in the processLine function in maptemplate.c in ...) {DSA-1539-1} - mapserver 4.10.3-1 CVE-2007-4628 (SQL injection vulnerability in shownews.php in phpns 1.1 allows remote ...) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 908ae11988..a66cbf86c1 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -1,4 +1,5 @@ CVE-2015-8914 + RESERVED - neutron <unfixed> NOTE: https://bugs.launchpad.net/bugs/1502933 TODO: check diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 81d573e621..b59f263575 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -1,3 +1,103 @@ +CVE-2016-5432 + RESERVED +CVE-2016-5431 + RESERVED +CVE-2016-5430 + RESERVED +CVE-2016-5429 + RESERVED +CVE-2016-5428 + RESERVED +CVE-2016-5427 + RESERVED +CVE-2016-5426 + RESERVED +CVE-2016-5425 + RESERVED +CVE-2016-5424 + RESERVED +CVE-2016-5423 + RESERVED +CVE-2016-5422 + RESERVED +CVE-2016-5421 + RESERVED +CVE-2016-5420 + RESERVED +CVE-2016-5419 + RESERVED +CVE-2016-5418 + RESERVED +CVE-2016-5417 + RESERVED +CVE-2016-5416 + RESERVED +CVE-2016-5415 + RESERVED +CVE-2016-5414 + RESERVED +CVE-2016-5413 + RESERVED +CVE-2016-5412 + RESERVED +CVE-2016-5411 + RESERVED +CVE-2016-5410 + RESERVED +CVE-2016-5409 + RESERVED +CVE-2016-5408 + RESERVED +CVE-2016-5407 + RESERVED +CVE-2016-5406 + RESERVED +CVE-2016-5405 + RESERVED +CVE-2016-5404 + RESERVED +CVE-2016-5403 + RESERVED +CVE-2016-5402 + RESERVED +CVE-2016-5401 + RESERVED +CVE-2016-5400 + RESERVED +CVE-2016-5399 + RESERVED +CVE-2016-5398 + RESERVED +CVE-2016-5397 + RESERVED +CVE-2016-5396 + RESERVED +CVE-2016-5395 + RESERVED +CVE-2016-5394 + RESERVED +CVE-2016-5393 + RESERVED +CVE-2016-5392 + RESERVED +CVE-2016-5391 + RESERVED +CVE-2016-5390 + RESERVED +CVE-2016-5389 + RESERVED +CVE-2016-5388 + RESERVED +CVE-2016-5387 + RESERVED +CVE-2016-5386 + RESERVED +CVE-2016-5385 + RESERVED +CVE-2016-5384 + RESERVED +CVE-2016-5383 + RESERVED CVE-2016-5382 RESERVED CVE-2016-5381 @@ -422,8 +522,8 @@ CVE-2016-5238 [scsi: esp: OOB write when using non-DMA mode in get_cmd] NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg00150.html CVE-2016-5234 RESERVED -CVE-2016-5233 - RESERVED +CVE-2016-5233 (Huawei Mate 8 smartphones with software NXT-AL10 before ...) + TODO: check CVE-2016-5232 RESERVED CVE-2016-5231 @@ -678,8 +778,7 @@ CVE-2016-XXXX [CSRF protection for POST requests] NOTE: http://seclists.org/fulldisclosure/2016/May/59 NOTE: https://sourceforge.net/p/postfixadmin/bugs/372/ NOTE: Fixed by: https://sourceforge.net/p/postfixadmin/code/1842 -CVE-2016-5118 [popen() shell vulnerability via filename] - RESERVED +CVE-2016-5118 (The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ...) {DSA-3591-1 DLA-502-1 DLA-500-1} - imagemagick 8:6.8.9.9-7.1 (bug #825799) - graphicsmagick 1.3.24-1 (bug #825800) @@ -2573,8 +2672,7 @@ CVE-2016-4431 RESERVED CVE-2016-4430 RESERVED -CVE-2016-4429 [stack (frame) overflow in Sun RPC clntudp_call()] - RESERVED +CVE-2016-4429 (Stack-based buffer overflow in the clntudp_call function in ...) - glibc 2.22-10 [jessie] - glibc <no-dsa> (Minor issue) - eglibc <removed> @@ -4275,8 +4373,7 @@ CVE-2016-3722 (Jenkins before 2.3 and LTS before 1.651.2 allow remote authentica CVE-2016-3721 (Jenkins before 2.3 and LTS before 1.651.2 might allow remote ...) - jenkins <removed> NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 -CVE-2016-3720 [XmlMapper is vulnerable to XXE attack] - RESERVED +CVE-2016-3720 (XML external entity (XXE) vulnerability in XmlMapper in the Data ...) - jackson-dataformat-xml 2.7.4-1 (bug #823703) NOTE: https://github.com/FasterXML/jackson-dataformat-xml/commit/f0f19a4c924d9db9a1e2830434061c8640092cc0 (2.7.4) CVE-2016-3719 @@ -4355,8 +4452,7 @@ CVE-2016-3707 [Sending SysRq command via ICMP echo request] NOTE: more details in kernel-sec repository. NOTE: https://lwn.net/Articles/448790/ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1327484 -CVE-2016-3706 - RESERVED +CVE-2016-3706 (Stack-based buffer overflow in the getaddrinfo function in ...) {DLA-494-1} - glibc 2.22-8 [jessie] - glibc <no-dsa> (Minor issue, can be fixed via point release) @@ -5755,8 +5851,8 @@ CVE-2016-3087 (Apache Struts 2.3.20.x before 2.3.20.3, 2.3.24.x before 2.3.24.3, NOTE: https://struts.apache.org/docs/s2-033.html CVE-2016-3086 RESERVED -CVE-2016-3085 - RESERVED +CVE-2016-3085 (Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x ...) + TODO: check CVE-2016-3084 RESERVED CVE-2016-3083 @@ -6520,22 +6616,18 @@ CVE-2016-2836 RESERVED CVE-2016-2835 RESERVED -CVE-2016-2834 - RESERVED +CVE-2016-2834 (Mozilla Network Security Services (NSS) before 3.23, as used in ...) - nss <unfixed> - firefox-esr <not-affected> (Doesn't apply to Firefox ESR) - firefox 47.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-61/ -CVE-2016-2833 - RESERVED +CVE-2016-2833 (Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) ...) - firefox-esr <not-affected> (Doesn't apply to Firefox ESR) - firefox 47.0-1 -CVE-2016-2832 - RESERVED +CVE-2016-2832 (Mozilla Firefox before 47.0 allows remote attackers to discover the ...) - firefox-esr <not-affected> (Doesn't apply to Firefox ESR) - firefox 47.0-1 -CVE-2016-2831 - RESERVED +CVE-2016-2831 (Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ...) {DSA-3600-1} - firefox-esr 45.2.0esr-1 - firefox 47.0-1 @@ -6543,38 +6635,31 @@ CVE-2016-2830 RESERVED NOTE: Contacted Red Hat to clarify entry at Red Hat's bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1342897 NOTE: Possibly a different issue than CVE-2016-2831 for Mozilla products -CVE-2016-2829 - RESERVED +CVE-2016-2829 (Mozilla Firefox before 47.0 allows remote attackers to spoof ...) - firefox-esr <not-affected> (Doesn't apply to Firefox ESR) - firefox 47.0-1 -CVE-2016-2828 - RESERVED +CVE-2016-2828 (Use-after-free vulnerability in Mozilla Firefox before 47.0 and ...) {DSA-3600-1} - firefox-esr 45.2.0esr-1 - firefox 47.0-1 CVE-2016-2827 RESERVED -CVE-2016-2826 - RESERVED +CVE-2016-2826 (The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR ...) - firefox-esr <not-affected> (Only affects Windows) - firefox <not-affected> (Only affects Windows) -CVE-2016-2825 - RESERVED +CVE-2016-2825 (Mozilla Firefox before 47.0 allows remote attackers to bypass the Same ...) - firefox-esr <not-affected> (Doesn't apply to Firefox ESR) - firefox 47.0-1 -CVE-2016-2824 - RESERVED +CVE-2016-2824 (The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox ...) - firefox-esr <not-affected> (Only affects Windows) - firefox <not-affected> (Only affects Windows) CVE-2016-2823 RESERVED -CVE-2016-2822 - RESERVED +CVE-2016-2822 (Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow ...) {DSA-3600-1} - firefox-esr 45.2.0esr-1 - firefox 47.0-1 -CVE-2016-2821 - RESERVED +CVE-2016-2821 (Use-after-free vulnerability in the mozilla::dom::Element class in ...) {DSA-3600-1} - firefox-esr 45.2.0esr-1 - firefox 47.0-1 @@ -6583,13 +6668,11 @@ CVE-2016-2820 (The Firefox Health Reports (aka FHR or about:healthreport) featur - firefox-esr <not-affected> (Only Firefox 46) - firefox 46.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-48/ -CVE-2016-2819 - RESERVED +CVE-2016-2819 (Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ...) {DSA-3600-1} - firefox-esr 45.2.0esr-1 - firefox 47.0-1 -CVE-2016-2818 - RESERVED +CVE-2016-2818 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-3600-1} - firefox-esr 45.2.0esr-1 - firefox 47.0-1 @@ -6603,8 +6686,7 @@ CVE-2016-2816 (Mozilla Firefox before 46.0 allows remote attackers to bypass the - firefox-esr <not-affected> (Only Firefox 46) - firefox 46.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-45/ -CVE-2016-2815 - RESERVED +CVE-2016-2815 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - firefox-esr <not-affected> (Doesn't apply to Firefox ESR) - firefox 47.0-1 CVE-2016-2814 (Heap-based buffer overflow in the ...) @@ -6792,12 +6874,10 @@ CVE-2016-2788 RESERVED CVE-2016-2787 RESERVED -CVE-2016-2786 - RESERVED +CVE-2016-2786 (The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 ...) - puppet <not-affected> (pxp-agent not packaged in Debian) NOTE: https://puppet.com/security/cve/cve-2016-2786 -CVE-2016-2785 [incorrect URL decoding] - RESERVED +CVE-2016-2785 (Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before ...) - puppet <not-affected> (Vulnerable code only in 4.x) NOTE: https://puppet.com/security/cve/cve-2016-2785 NOTE: https://github.com/puppetlabs/puppet/pull/4921/commits/8d2ce797db265720f0a20d1d46ee2757b4e4f6b2 @@ -7702,82 +7782,82 @@ CVE-2016-2502 RESERVED CVE-2016-2501 RESERVED -CVE-2016-2500 - RESERVED -CVE-2016-2499 - RESERVED -CVE-2016-2498 - RESERVED +CVE-2016-2500 (Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, ...) + TODO: check +CVE-2016-2499 (AudioSource.cpp in libstagefright in mediaserver in Android 4.x before ...) + TODO: check +CVE-2016-2498 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 ...) + TODO: check CVE-2016-2497 RESERVED -CVE-2016-2496 - RESERVED -CVE-2016-2495 - RESERVED -CVE-2016-2494 - RESERVED -CVE-2016-2493 - RESERVED -CVE-2016-2492 - RESERVED -CVE-2016-2491 - RESERVED -CVE-2016-2490 - RESERVED -CVE-2016-2489 - RESERVED -CVE-2016-2488 - RESERVED -CVE-2016-2487 - RESERVED -CVE-2016-2486 - RESERVED -CVE-2016-2485 - RESERVED -CVE-2016-2484 - RESERVED -CVE-2016-2483 - RESERVED -CVE-2016-2482 - RESERVED -CVE-2016-2481 - RESERVED -CVE-2016-2480 - RESERVED -CVE-2016-2479 - RESERVED -CVE-2016-2478 - RESERVED -CVE-2016-2477 - RESERVED -CVE-2016-2476 - RESERVED -CVE-2016-2475 - RESERVED -CVE-2016-2474 - RESERVED -CVE-2016-2473 - RESERVED -CVE-2016-2472 - RESERVED -CVE-2016-2471 - RESERVED -CVE-2016-2470 - RESERVED -CVE-2016-2469 - RESERVED -CVE-2016-2468 - RESERVED -CVE-2016-2467 - RESERVED -CVE-2016-2466 - RESERVED -CVE-2016-2465 - RESERVED -CVE-2016-2464 - RESERVED -CVE-2016-2463 - RESERVED +CVE-2016-2496 (The Framework UI permission-dialog implementation in Android 6.x ...) + TODO: check +CVE-2016-2495 (SampleTable.cpp in libstagefright in mediaserver in Android 4.x before ...) + TODO: check +CVE-2016-2494 (Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x ...) + TODO: check +CVE-2016-2493 (The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, ...) + TODO: check +CVE-2016-2492 (The MediaTek power-management driver in Android before 2016-06-01 on ...) + TODO: check +CVE-2016-2491 (The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 ...) + TODO: check +CVE-2016-2490 (The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 ...) + TODO: check +CVE-2016-2489 (The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, ...) + TODO: check +CVE-2016-2488 (The Qualcomm camera driver in Android before 2016-06-01 on Nexus 5, ...) + TODO: check +CVE-2016-2487 (libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x ...) + TODO: check +CVE-2016-2486 (mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x ...) + TODO: check +CVE-2016-2485 (libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x ...) + TODO: check +CVE-2016-2484 (libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x ...) + TODO: check +CVE-2016-2483 (The mm-video-v4l2 venc component in mediaserver in Android 4.x before ...) + TODO: check +CVE-2016-2482 (The mm-video-v4l2 vdec component in mediaserver in Android 4.x before ...) + TODO: check +CVE-2016-2481 (The mm-video-v4l2 venc component in mediaserver in Android 4.x before ...) + TODO: check +CVE-2016-2480 (The mm-video-v4l2 vidc component in mediaserver in Android 4.x before ...) + TODO: check +CVE-2016-2479 (The mm-video-v4l2 vdec component in mediaserver in Android 4.x before ...) + TODO: check +CVE-2016-2478 (mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in ...) + TODO: check +CVE-2016-2477 (mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in ...) + TODO: check +CVE-2016-2476 (mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x ...) + TODO: check +CVE-2016-2475 (The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, ...) + TODO: check +CVE-2016-2474 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 5X ...) + TODO: check +CVE-2016-2473 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 ...) + TODO: check +CVE-2016-2472 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 ...) + TODO: check +CVE-2016-2471 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 ...) + TODO: check +CVE-2016-2470 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 ...) + TODO: check +CVE-2016-2469 (The Qualcomm sound driver in Android before 2016-06-01 on Nexus 5, 6, ...) + TODO: check +CVE-2016-2468 (The Qualcomm GPU driver in Android before 2016-06-01 on Nexus 5, 5X, ...) + TODO: check +CVE-2016-2467 (The Qualcomm sound driver in Android before 2016-06-01 on Nexus 5 ...) + TODO: check +CVE-2016-2466 (The Qualcomm sound driver in Android before 2016-06-01 on Nexus 6 ...) + TODO: check +CVE-2016-2465 (The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, ...) + TODO: check +CVE-2016-2464 (libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x ...) + TODO: check +CVE-2016-2463 (Multiple integer overflows in the h264dec component in libstagefright ...) + TODO: check CVE-2016-2462 (OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 ...) NOT-FOR-US: Android CVE-2016-2461 (OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 ...) @@ -9103,8 +9183,8 @@ CVE-2016-2068 RESERVED CVE-2016-2067 RESERVED -CVE-2016-2066 - RESERVED +CVE-2016-2066 (Integer signedness error in the MSM QDSP6 audio driver for the Linux ...) + TODO: check CVE-2016-2065 RESERVED CVE-2016-2064 @@ -9113,8 +9193,8 @@ CVE-2016-2063 RESERVED CVE-2016-2062 (The adreno_perfcounter_query_group function in ...) TODO: check -CVE-2016-2061 - RESERVED +CVE-2016-2061 (Integer signedness error in the MSM V4L2 video driver for the Linux ...) + TODO: check CVE-2016-2060 (server/TetherController.cpp in the tethering controller in netd, as ...) NOT-FOR-US: Android CVE-2016-2059 (The msm_ipc_router_bind_control_port function in ...) |