automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@41784 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: security tracker role <sectracker@debian.org> 2016-05-16 21:10:11 +0000
committer: security tracker role <sectracker@debian.org> 2016-05-16 21:10:11 +0000
commit: 140c3ad2b48cf5ce5c9df6d1c9d6e8a174f008a5 (patch)
tree: f07b97e212eec7c37201395538e19d5cad143f0c /data
parent: 1b7f712b9dfeb6af51c99474caac9b3fd74c884b (diff)
6 files changed, 132 insertions, 156 deletions
diff --git a/data/CVE/2001.list b/data/CVE/2001.list
index 47a335bd9e..22b030ba71 100644
--- a/data/CVE/2001.list
+++ b/data/CVE/2001.list
@@ -2434,7 +2434,7 @@ CVE-2001-0783 (Cisco TFTP server 1.1 allows remote attackers to read arbitrary f
 	NOT-FOR-US: Cisco
 CVE-2001-0782 (KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-2001-0781 (Buffer overflow in SpoonFTP 1.0.0.12 allows remote attacker to execute ...)
+CVE-2001-0781 (Buffer overflow in SpoonFTP 1.0.0.12 allows remote attackers to ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2001-0780 (Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
diff --git a/data/CVE/2005.list b/data/CVE/2005.list
index 772069673f..c9d3e5e4d4 100644
--- a/data/CVE/2005.list
+++ b/data/CVE/2005.list
@@ -4324,7 +4324,7 @@ CVE-2005-3067 (Cross-site scripting (XSS) vulnerability in perldiver.cgi in Perl
 	NOT-FOR-US: PerlDiver
 CVE-2005-3066 (Cross-site scripting (XSS) vulnerability in perldiver.pl in PerlDiver ...)
 	NOT-FOR-US: PerlDiver
-CVE-2005-3065 (MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers cause a ...)
+CVE-2005-3065 (MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers to ...)
 	NOT-FOR-US: MultiTheftAuto
 CVE-2005-3064 (MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client ...)
 	NOT-FOR-US: MultiTheftAuto
diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index f57b65f1b7..736d5c5a41 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -1,5 +1,4 @@
-CVE-2011-5326 [divide-by-zero on 2x1 ellipse]
-	RESERVED
+CVE-2011-5326 (imlib2 before 1.4.9 allows remote attackers to cause a denial of ...)
 	{DSA-3555-1}
 	- imlib2 1.4.8-1 (bug #639414)
 	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c94d83ccab15d5ef02f88d42dce38ed3f0892882
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index 2d8c1f13ac..3e1f8b1dd0 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -14,8 +14,7 @@ CVE-2014-9773 [A remote attacker could change Atheme's behavior by registering/d
 	NOTE: http://www.openwall.com/lists/oss-security/2016/05/02/2
 CVE-2014-9772
 	RESERVED
-CVE-2014-9771 [exploitable integer overflow in _imlib_SaveImage]
-	RESERVED
+CVE-2014-9771 (Integer overflow in imlib2 before 1.4.7 allows remote attackers to ...)
 	{DSA-3555-1}
 	- imlib2 1.4.7-1 (bug #820206)
 	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=143f299
@@ -59,18 +58,15 @@ CVE-2014-XXXX [LFI posting internal files externally abusing default parameter]
 	- tcpdf <undetermined> (bug #814030)
 	NOTE: https://sourceforge.net/p/tcpdf/bugs/1005/ (not public)
 	NOTE: According to upstream fixed in 6.2.0, but not details available
-CVE-2014-9764 [Fix segfault when opening input/queue/id:000007,src:000000,op:flip1,pos:51 with feh]
-	RESERVED
+CVE-2014-9764 (imlib2 before 1.4.7 allows remote attackers to cause a denial of ...)
 	{DSA-3537-1 DLA-401-1}
 	- imlib2 1.4.7-1
 	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?h=v1.4.7&id=1f9b0b32728803a1578e658cd0955df773e34f49
-CVE-2014-9763 [Prevent division-by-zero crashes]
-	RESERVED
+CVE-2014-9763 (imlib2 before 1.4.7 allows remote attackers to cause a denial of ...)
 	{DSA-3537-1 DLA-401-1}
 	- imlib2 1.4.7-1
 	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?h=v1.4.7&id=c21beaf1780cf3ca291735ae7d58a3dde63277a2
-CVE-2014-9762 GIF loader: Fix segv on images without colormap]
-	RESERVED
+CVE-2014-9762 (imlib2 before 1.4.7 allows remote attackers to cause a denial of ...)
 	{DSA-3537-1 DLA-401-1}
 	- imlib2 1.4.7-1
 	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?h=v1.4.7&id=39641e74a560982fbf93f29bf96b37d27803cb56
@@ -167,8 +163,7 @@ CVE-2014-9743 (Cross-site scripting (XSS) vulnerability in the httpd_HtmlError .
 	- vlc 2.2.0~rc2-1
 	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
 	[wheezy] - vlc <end-of-life> (Unsupported in wheezy-lts)
-CVE-2014-9742 [Insufficient randomness in Miller-Rabin primality check]
-	RESERVED
+CVE-2014-9742 (The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x ...)
 	{DLA-449-1}
 	- botan1.10 1.10.8-1
 	NOTE: Introduced in 1.8.3, fixed in 1.10.8 and 1.11.9
@@ -24434,8 +24429,7 @@ CVE-2014-0237 (The cdf_unpack_summary_info function in cdf.c in the Fileinfo ...
 	NOTE: https://github.com/file/file/commit/b8acc83781d5a24cc5101e525d15efe0482c280d
 	- php5 5.6.0~beta4+dfsg-1 (low)
 	NOTE: https://bugs.php.net/bug.php?id=67328
-CVE-2014-0236 [root_storage NULL pointer deference flaw in CDF parser]
-	RESERVED
+CVE-2014-0236 (file before 5.18, as used in the Fileinfo component in PHP before ...)
 	- file 1:5.19-1
 	[wheezy] - file <not-affected> (Introduced in 5.18)
 	[squeeze] - file <not-affected> (Introduced in 5.18)
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index 8ceca544a2..1a8722495d 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -1,4 +1,9 @@
+CVE-2015-8874 (Stack consumption vulnerability in GD in PHP before 5.6.12 allows ...)
+	TODO: check
+CVE-2015-8873 (Stack consumption vulnerability in Zend/zend_exceptions.c in PHP ...)
+	TODO: check
 CVE-2015-8872
+	RESERVED
 	{DLA-474-1}
 	- dosfstools 4.0-1
 	[jessie] - dosfstools <no-dsa> (Minor issue)
@@ -162,8 +167,7 @@ CVE-2015-8839 (Multiple race conditions in the ext4 filesystem implementation in
 	NOTE: https://git.kernel.org/linus/32ebffd3bbb4162da5ff88f9a35dd32d0a28ea70 (v4.5-rc1)
 	NOTE: https://git.kernel.org/linus/011278485ecc3cd2a3954b5d4c73101d919bf1fa (v4.5-rc1)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=972174
-CVE-2015-8838
-	RESERVED
+CVE-2015-8838 (ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and ...)
 	- php5 5.6.11+dfsg-1
 	[jessie] - php5 5.6.12+dfsg-0+deb8u1
 	[wheezy] - php5 5.4.44-0+deb7u1
@@ -177,8 +181,7 @@ CVE-2015-XXXX [php_url_parse_ex() buffer overflow read]
 	NOTE: https://bugs.php.net/bug.php?id=70480
 	NOTE: https://github.com/facebook/hhvm/commit/3fa7e73055855c409d48e8aa1dc416a76d3dd764
 	NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=629e4da7cc8b174acdeab84969cbfc606a019b31
-CVE-2015-8835
-	RESERVED
+CVE-2015-8835 (The make_http_soap_request function in ext/soap/php_http.c in PHP ...)
 	- php5 5.6.12+dfsg-1
 	[jessie] - php5 5.6.12+dfsg-0+deb8u1
 	[wheezy] - php5 5.4.44-0+deb7u1
@@ -1612,8 +1615,8 @@ CVE-2015-8532
 	RESERVED
 CVE-2015-8531 (Cross-site scripting (XSS) vulnerability in IBM Security Access ...)
 	NOT-FOR-US: IBM
-CVE-2015-8530
-	RESERVED
+CVE-2015-8530 (Stack-based buffer overflow in the Initialize function in an ActiveX ...)
+	TODO: check
 CVE-2015-8529
 	RESERVED
 CVE-2015-8528
@@ -2267,8 +2270,7 @@ CVE-2015-8313 [fail to check the first byte of the padding in CBC modes]
 	- gnutls28 <not-affected> (Vulnerable code not present)
 	- gnutls26 <removed>
 	NOTE: https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.html
-CVE-2015-8312
-	RESERVED
+CVE-2015-8312 (Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow ...)
 	{DSA-3569-1}
 	- openafs 1.6.17-1
 	NOTE: http://git.openafs.org/?p=openafs.git;a=commitdiff;h=2ef863720da4d9f368aaca0461c672a3008195ca
@@ -2662,8 +2664,8 @@ CVE-2015-8158 [Potential Infinite Loop in ntpq]
 	TODO: check
 CVE-2015-8157
 	RESERVED
-CVE-2015-8156
-	RESERVED
+CVE-2015-8156 (Unquoted Windows search path vulnerability in EEDService in Symantec ...)
+	TODO: check
 CVE-2015-8155
 	RESERVED
 CVE-2015-8154 (The SysPlant.sys driver in the Application and Device Control (ADC) ...)
@@ -2854,8 +2856,8 @@ CVE-2015-8102
 	RESERVED
 CVE-2015-8101
 	RESERVED
-CVE-2015-8099
-	RESERVED
+CVE-2015-8099 (F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM ...)
+	TODO: check
 CVE-2015-8098 (F5 BIG-IP APM 11.4.1 before 11.4.1 HF9, 11.5.x before 11.5.3, and ...)
 	NOT-FOR-US: BIG-IP
 CVE-2015-8097
@@ -3751,8 +3753,7 @@ CVE-2015-7829 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0
 	NOT-FOR-US: Adobe
 CVE-2015-7828 (SAP HANA Database 1.00 SPS10 and earlier do not require ...)
 	NOT-FOR-US: SAP HANA
-CVE-2015-7827 [PKCS #1 v1.5 decoding was not constant time]
-	RESERVED
+CVE-2015-7827 (Botan before 1.10.13 and 1.11.x before 1.11.22 makes it easier for ...)
 	{DSA-3565-1 DLA-449-1}
 	- botan1.10 <unfixed> (bug #817932)
 	NOTE: Fixed in 1.11.22. Affected all previous versions
@@ -6560,8 +6561,7 @@ CVE-2015-XXXX [hardening for RSA-CRT leak]
 	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=b85c8d6645039fc9d403791750510e439731d479
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/08/5
 	NOTE: Thread on oss-security to clarify if this should be CVE-2015-5738 or a new CVE
-CVE-2015-6838 [NULL pointer dereference]
-	RESERVED
+CVE-2015-6838 (The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP ...)
 	{DSA-3358-1 DLA-341-1}
 	- php5 5.6.13+dfsg-1
 	- hhvm 3.12.1+dfsg-1
@@ -6569,8 +6569,7 @@ CVE-2015-6838 [NULL pointer dereference]
 	NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5
 	NOTE: Fixed in 5.5.45 and 5.6.13
 	NOTE: https://github.com/facebook/hhvm/commit/f358ec0e905df41feaa9dc75f4dee814cfe5a60a
-CVE-2015-6837 [NULL pointer dereference]
-	RESERVED
+CVE-2015-6837 (The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP ...)
 	{DSA-3358-1 DLA-341-1}
 	- php5 5.6.13+dfsg-1
 	NOTE: https://bugs.php.net/bug.php?id=69782
@@ -6582,16 +6581,14 @@ CVE-2015-6836 (The SoapClient __call method in ext/soap/soap.c in PHP before 5.4
 	NOTE: https://bugs.php.net/bug.php?id=70388
 	NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5
 	NOTE: Fixed in 5.5.45 and 5.6.13
-CVE-2015-6835 [Use after free vulnerability in session deserializer]
-	RESERVED
+CVE-2015-6835 (The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, ...)
 	{DSA-3358-1}
 	- php5 5.6.13+dfsg-1
 	[squeeze] - php5 <no-dsa> (Too intrusive to backport)
 	NOTE: https://bugs.php.net/bug.php?id=70219
 	NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5
 	NOTE: Fixed in 5.5.45 and 5.6.13
-CVE-2015-6834 [Vulnerability in unserialize(), discoverer taoguangchen@icloud.com]
-	RESERVED
+CVE-2015-6834 (Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x ...)
 	{DSA-3358-1 DLA-341-1}
 	- php5 5.6.13+dfsg-1
 	NOTE: https://bugs.php.net/bug.php?id=70172
@@ -9214,14 +9211,12 @@ CVE-2015-5729
 	RESERVED
 CVE-2015-5728
 	RESERVED
-CVE-2015-5727 [Excess memory allocation in BER decoder]
-	RESERVED
+CVE-2015-5727 (The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before ...)
 	{DSA-3565-1 DLA-449-1}
 	- botan1.10 1.10.10-1
 	NOTE: Fixed in 1.11.19 and 1.10.10, affected all previous versions of 1.10 and 1.11
 	NOTE: http://botan.randombit.net/security.html
-CVE-2015-5726 [Crash in BER decoder]
-	RESERVED
+CVE-2015-5726 (The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before ...)
 	{DSA-3565-1 DLA-449-1}
 	- botan1.10 1.10.10-1
 	NOTE: Fixed in 1.11.19 and 1.10.10, affected all previous versions of 1.10 and 1.11
@@ -9969,8 +9964,7 @@ CVE-2015-5590 (Stack-based buffer overflow in the phar_fix_filepath function in
 	NOTE: https://bugs.php.net/bug.php?id=69923
 	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f
 	NOTE: Fixed in 5.6.11, 5.4.43
-CVE-2015-5589 [Segfault in Phar::convertToData on invalid file]
-	RESERVED
+CVE-2015-5589 (The phar_convert_to_other function in ext/phar/phar_object.c in PHP ...)
 	{DSA-3344-1 DLA-307-1}
 	- php5 5.6.11+dfsg-1
 	NOTE: https://bugs.php.net/bug.php?id=69958
@@ -12672,22 +12666,19 @@ CVE-2015-4645
 	[jessie] - squashfs-tools <no-dsa> (Minor issue)
 	[wheezy] - squashfs-tools <no-dsa> (Minor issue)
 	[squeeze] - squashfs-tools <no-dsa> (Minor issue)
-CVE-2015-4642 [OS command injection vulnerability in escapeshellarg]
-	RESERVED
+CVE-2015-4642 (The escapeshellarg function in ext/standard/exec.c in PHP before ...)
 	- php5 <not-affected> (Windows specific)
 	NOTE: https://bugs.php.net/bug.php?id=69646
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=d2ac264ffea5ca2e85640b6736e0c7cd4ee9a4a9
 	NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3
-CVE-2015-4643 [Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow)]
-	RESERVED
+CVE-2015-4643 (Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP ...)
 	{DSA-3344-1 DLA-307-1}
 	- php5 5.6.11+dfsg-1
 	NOTE: Fixed in 5.6.10 / 5.5.26 / 5.4.42
 	NOTE: https://bugs.php.net/bug.php?id=69545#1431550655
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2
 	NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3
-CVE-2015-4644 [Fixed bug #69667 (segfault in php_pgsql_meta_data)]
-	RESERVED
+CVE-2015-4644 (The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka ...)
 	{DSA-3344-1 DLA-307-1}
 	- php5 5.6.11+dfsg-1
 	NOTE: Fixed in 5.6.10 / 5.5.26 / 5.4.42
@@ -13170,46 +13161,40 @@ CVE-2015-4459
 	RESERVED
 CVE-2015-4458 (The TLS implementation in the Cavium cryptographic-module firmware, as ...)
 	NOT-FOR-US: Cisco
-CVE-2015-4603 [exception::getTraceAsString issue]
-	RESERVED
+CVE-2015-4603 (The exception::getTraceAsString function in Zend/zend_exceptions.c in ...)
 	- php5 5.6.9+dfsg-1
 	[jessie] - php5 5.6.9+dfsg-0+deb8u1
 	[wheezy] - php5 5.4.41-0+deb7u1
 	NOTE: https://bugs.php.net/bug.php?id=69152 [2015-03-03 04:30 UTC]
-CVE-2015-4602
-	RESERVED
+CVE-2015-4602 (The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c ...)
 	{DLA-307-1}
 	- php5 5.6.9+dfsg-1
 	[jessie] - php5 5.6.9+dfsg-0+deb8u1
 	[wheezy] - php5 5.4.41-0+deb7u1
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=fb83c76deec58f1fab17c350f04c9f042e5977d1
 	NOTE: https://bugs.php.net/bug.php?id=69152
-CVE-2015-4601
-	RESERVED
+CVE-2015-4601 (PHP before 5.6.7 might allow remote attackers to cause a denial of ...)
 	{DLA-307-1}
 	- php5 5.6.9+dfsg-1
 	[jessie] - php5 5.6.9+dfsg-0+deb8u1
 	[wheezy] - php5 5.4.41-0+deb7u1
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8
 	NOTE: https://bugs.php.net/bug.php?id=69152
-CVE-2015-4600
-	RESERVED
+CVE-2015-4600 (The SoapClient implementation in PHP before 5.4.40, 5.5.x before ...)
 	{DLA-307-1}
 	- php5 5.6.9+dfsg-1
 	[jessie] - php5 5.6.9+dfsg-0+deb8u1
 	[wheezy] - php5 5.4.41-0+deb7u1
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8
 	NOTE: https://bugs.php.net/bug.php?id=69152
-CVE-2015-4599 [Type confusion vulnerability in exception::getTraceAsString]
-	RESERVED
+CVE-2015-4599 (The SoapFault::__toString method in ext/soap/soap.c in PHP before ...)
 	{DLA-307-1}
 	- php5 5.6.9+dfsg-1
 	[jessie] - php5 5.6.9+dfsg-0+deb8u1
 	[wheezy] - php5 5.4.41-0+deb7u1
 	NOTE: https://bugs.php.net/bug.php?id=69152
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=51856a76f87ecb24fe1385342be43610fb6c86e4
-CVE-2015-4598 [Incorrect handling of paths with NULs]
-	RESERVED
+CVE-2015-4598 (PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does ...)
 	{DSA-3344-1 DLA-307-1}
 	- php5 5.6.11+dfsg-1
 	NOTE: https://bugs.php.net/bug.php?id=69719
@@ -14029,8 +14014,8 @@ CVE-2015-4118 (SQL injection vulnerability in monitor/show_sys_state.php in ISPC
 	NOT-FOR-US: ISPConfig
 CVE-2015-4117
 	RESERVED
-CVE-2015-4116
-	RESERVED
+CVE-2015-4116 (Use-after-free vulnerability in the spl_ptr_heap_insert function in ...)
+	TODO: check
 CVE-2015-4115
 	RESERVED
 CVE-2015-4114
@@ -15918,8 +15903,7 @@ CVE-2015-3413
 	RESERVED
 	- hhvm 3.11.0+dfsg-1
 	NOTE: https://github.com/facebook/hhvm/commit/02a7a8f086c9181002fca0f0d9cef42963fdf46a
-CVE-2015-3412
-	RESERVED
+CVE-2015-3412 (PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does ...)
 	{DLA-307-1}
 	- php5 5.6.9+dfsg-1
 	[jessie] - php5 5.6.9+dfsg-0+deb8u1
@@ -15927,8 +15911,7 @@ CVE-2015-3412
 	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=52b93f0cfd3cba7ff98cc5198df6ca4f23865f80
 	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=4435b9142ff9813845d5c97ab29a5d637bedb257
 	NOTE: https://bugs.php.net/bug.php?id=69353
-CVE-2015-3411
-	RESERVED
+CVE-2015-3411 (PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does ...)
 	{DLA-307-1}
 	- php5 5.6.9+dfsg-1
 	[jessie] - php5 5.6.9+dfsg-0+deb8u1
@@ -16190,8 +16173,7 @@ CVE-2015-3340 (Xen 4.2.x through 4.5.x does not initialize certain fields, which
 	[wheezy] - xen 4.1.4-3+deb7u8
 	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: http://xenbits.xen.org/xsa/advisory-132.html
-CVE-2015-4605 [denial of service when processing a crafted file with Fileinfo -- 2015-02-09 17:10 UTC]
-	RESERVED
+CVE-2015-4605 (The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo ...)
 	{DLA-307-1}
 	- php5 5.6.9+dfsg-1 (bug #783099)
 	[jessie] - php5 5.6.9+dfsg-0+deb8u1
@@ -16199,8 +16181,7 @@ CVE-2015-4605 [denial of service when processing a crafted file with Fileinfo --
 	- file <not-affected> (Not reproducible with file, see #783108)
 	NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=f938112c495b0d26572435c0be73ac0bfe642ecd
 	NOTE: https://bugs.php.net/bug.php?id=68819
-CVE-2015-4604 [denial of service when processing a crafted file with Fileinfo -- 2015-02-05 13:53 UTC]
-	RESERVED
+CVE-2015-4604 (The mget function in softmagic.c in file 5.x, as used in the Fileinfo ...)
 	{DLA-307-1}
 	- php5 5.6.9+dfsg-1 (bug #783099)
 	[jessie] - php5 5.6.9+dfsg-0+deb8u1
@@ -16959,8 +16940,7 @@ CVE-2015-3153 (The default configuration for cURL and libcurl before 7.42.1 send
 	[wheezy] - curl <no-dsa> (Too intrusive to backport)
 	[squeeze] - curl <no-dsa> (Too intrusive to backport)
 	NOTE: http://curl.haxx.se/docs/adv_20150429.html
-CVE-2015-3152 [MySQL SSL/TLS downgrade]
-	RESERVED
+CVE-2015-3152 (Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka ...)
 	{DSA-3311-1}
 	- mariadb-10.0 10.0.20-1
 	- percona-xtradb-cluster-5.5 <removed>
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index 7c52e5827d..6cd59f138b 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -1,10 +1,26 @@
+CVE-2016-4808
+	RESERVED
+CVE-2016-4807
+	RESERVED
+CVE-2016-4806
+	RESERVED
+CVE-2016-4803
+	RESERVED
+CVE-2016-4802
+	RESERVED
+CVE-2016-4801
+	RESERVED
+CVE-2016-4800
+	RESERVED
 CVE-2016-XXXX [moodle issues fixed in 2.7.14]
 	- moodle 2.7.14+dfsg-1
 CVE-2016-4805 [ppp: take reference on channels netns]
+	RESERVED
 	- linux 4.5.2-1
 	NOTE: Fixed by: https://git.kernel.org/linus/1f461dcdd296eecedaffffc6bae2bfa90bd7eb89 (v4.6-rc1)
 	NOTE: Introduced by: https://git.kernel.org/linus/273ec51dd7ceaa76e038875d85061ec856d8905e (v2.6.30)
 CVE-2016-4804
+	RESERVED
 	{DLA-474-1}
 	- dosfstools 4.0-1
 	[jessie] - dosfstools <no-dsa> (Minor issue)
@@ -588,12 +604,14 @@ CVE-2016-4557 [UAF via double-fdput() in bpf(BPF_PROG_LOAD) error path]
 	NOTE: Exploitable since: https://git.kernel.org/linus/1be7f75d1668d6296b80bf35dcf6762393530afc (v4.4-rc1)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/05/06/4
 CVE-2016-4556 (Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x ...)
+	{DLA-478-1}
 	- squid3 3.5.19-1 (bug #823968)
 	- squid <not-affected> (Does not affect 2.x)
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_9.txt
 	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch
 	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch
 CVE-2016-4555 (client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before ...)
+	{DLA-478-1}
 	- squid3 3.5.19-1 (bug #823968)
 	[wheezy] - squid3 <not-affected> (3.1 not vulnerable)
 	- squid <not-affected> (Does not affect 2.x)
@@ -601,6 +619,7 @@ CVE-2016-4555 (client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before
 	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch
 	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch
 CVE-2016-4554 (mime_header.cc in Squid before 3.5.18 allows remote attackers to ...)
+	{DLA-478-1}
 	- squid3 3.5.19-1 (bug #823968)
 	- squid <removed>
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_8.txt
@@ -879,8 +898,7 @@ CVE-2016-4544 [issue in which "Invalid TIFF start" validation was added]
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=082aecfc3a753ad03be82cf14f03ac065723ec92
 	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
 	NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
-CVE-2016-4536 [various client functionality leak stack data onto the wire in the clear]
-	RESERVED
+CVE-2016-4536 (The client in OpenAFS before 1.6.17 does not properly initialize the ...)
 	- openafs 1.6.17-1
 	[jessie] - openafs <no-dsa> (Minor issue, can be included in a future DSA or via jessie-pu)
 	NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt
@@ -1217,8 +1235,8 @@ CVE-2016-4327
 	RESERVED
 CVE-2016-4326
 	RESERVED
-CVE-2016-4325
-	RESERVED
+CVE-2016-4325 (Lantronix xPrintServer devices with firmware before 5.0.1-65 have ...)
+	TODO: check
 CVE-2016-4324
 	RESERVED
 CVE-2016-4323
@@ -1812,6 +1830,7 @@ CVE-2016-4056
 	- typo3-src <removed>
 	[wheezy] - typo3-src <end-of-life> (See DSA 3314)
 CVE-2016-4054 (Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows ...)
+	{DLA-478-1}
 	- squid3 3.5.17-1
 	- squid <not-affected> (Squid 2.x are not vulnerable)
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_6.txt
@@ -1820,6 +1839,7 @@ CVE-2016-4054 (Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 a
 	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4)
 	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5)
 CVE-2016-4053 (Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to ...)
+	{DLA-478-1}
 	- squid3 3.5.17-1
 	- squid <not-affected> (Squid 2.x are not vulnerable)
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_6.txt
@@ -1828,6 +1848,7 @@ CVE-2016-4053 (Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attacke
 	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4)
 	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5)
 CVE-2016-4052 (Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and ...)
+	{DLA-478-1}
 	- squid3 3.5.17-1
 	- squid <not-affected> (Squid 2.x are not vulnerable)
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_6.txt
@@ -1836,6 +1857,7 @@ CVE-2016-4052 (Multiple stack-based buffer overflows in Squid 3.x before 3.5.17
 	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4)
 	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5)
 CVE-2016-4051 (Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and ...)
+	{DLA-478-1}
 	- squid3 3.5.17-1
 	- squid <removed>
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_5.txt
@@ -1939,8 +1961,7 @@ CVE-2016-4010
 	RESERVED
 CVE-2016-4007 (Multiple unspecified vulnerabilities in the obs-service-extract_file ...)
 	NOT-FOR-US: obs-service-extract_file
-CVE-2016-4024 [integer overflow resulting in insufficient heap allocation]
-	RESERVED
+CVE-2016-4024 (Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows ...)
 	{DSA-3555-1}
 	- imlib2 1.4.8-1 (bug #821732)
 	NOTE: Upstream fix: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=7eba2e4c8ac0e20838947f10f29d0efe1add8227
@@ -2049,8 +2070,7 @@ CVE-2016-3995 [Timing Attack Counter Measure AES]
 	NOTE: https://github.com/weidai11/cryptopp/issues/146
 	NOTE: http://www.openwall.com/lists/oss-security/2016/04/10/6
 	NOTE: Initial upload in 5.6.3-5 was incomplete
-CVE-2016-3994 [GIF loader: out-of-bounds read]
-	RESERVED
+CVE-2016-3994 (The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause ...)
 	{DSA-3555-1}
 	- imlib2 1.4.8-1 (bug #785369)
 	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8
@@ -2189,8 +2209,7 @@ CVE-2016-3945 [Out-of-bounds Write in the tiff2rgba tool]
 	- tiff3 <removed> (unimportant)
 	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2545
-CVE-2016-3993 [off-by-one OOB read in __imlib_MergeUpdate]
-	RESERVED
+CVE-2016-3993 (Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c ...)
 	{DSA-3555-1}
 	- imlib2 1.4.8-1 (bug #819818)
 	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=ce94edca1ccfbe314cb7cd9453433fad404ec7ef
@@ -2679,22 +2698,27 @@ CVE-2016-3720 [XmlMapper is vulnerable to XXE attack]
 CVE-2016-3719
 	RESERVED
 CVE-2016-3718 (The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x ...)
+	{DSA-3580-1}
 	- imagemagick <unfixed>
 	- graphicsmagick <unfixed>
 	NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
 CVE-2016-3717 (The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 ...)
+	{DSA-3580-1}
 	- imagemagick <unfixed>
 	- graphicsmagick <unfixed>
 	NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
 CVE-2016-3716 (The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 ...)
+	{DSA-3580-1}
 	- imagemagick <unfixed>
 	- graphicsmagick <unfixed>
 	NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
 CVE-2016-3715 (The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before ...)
+	{DSA-3580-1}
 	- imagemagick <unfixed>
 	- graphicsmagick <unfixed>
 	NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
 CVE-2016-3714 (The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, ...)
+	{DSA-3580-1}
 	- imagemagick <unfixed>
 	NOTE: Workaround: https://bugzilla.redhat.com/show_bug.cgi?id=1332492#c3
 	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
@@ -3904,8 +3928,7 @@ CVE-2016-3186 (Buffer overflow in the readextension function in gif2tiff.c in Li
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1319503
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2536
 	NOTE: Proposed patch from Red Hat: https://bugzilla.redhat.com/attachment.cgi?id=1144235&action=diff
-CVE-2016-3185 [Type Confusion Vulnerability - SOAP / make_http_soap_request()]
-	RESERVED
+CVE-2016-3185 (The make_http_soap_request function in ext/soap/php_http.c in PHP ...)
 	- php7.0 7.0.4-1
 	NOTE: https://bugs.php.net/bug.php?id=71610
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=eaf4e77190d402ea014207e9a7d5da1a4f3727ba
@@ -4686,8 +4709,7 @@ CVE-2016-2862
 	RESERVED
 CVE-2016-2861
 	RESERVED
-CVE-2016-2860
-	RESERVED
+CVE-2016-2860 (The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 ...)
 	{DSA-3569-1}
 	- openafs 1.6.17-1
 	NOTE: http://git.openafs.org/?p=openafs.git;a=commitdiff;h=396240cf070a806b91fea81131d034e1399af1e0
@@ -4761,12 +4783,10 @@ CVE-2016-2851 (Integer overflow in proto.c in libotr before 4.1.1 on 64-bit plat
 	- libotr 4.1.1-1 (bug #817799)
 	NOTE: https://lists.cypherpunks.ca/pipermail/otr-announce/2016-March/000062.html
 	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/
-CVE-2016-2850
-	RESERVED
+CVE-2016-2850 (Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) ...)
 	- botan1.10 <not-affected> (Introduced in 1.11.0)
 	NOTE: Introduced in 1.11.0, fixed in 1.11.29
-CVE-2016-2849 [ECDSA side channel attack]
-	RESERVED
+CVE-2016-2849 (Botan before 1.10.13 and 1.11.x before 1.11.29 does not use a ...)
 	{DSA-3565-1 DLA-449-1}
 	- botan1.10 <unfixed> (bug #822698)
 	NOTE: http://botan.randombit.net/security.html
@@ -6503,8 +6523,7 @@ CVE-2016-XXXX [NULL Pointer Dereference in phar_tar_setupmetadata()]
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305540
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=1c1b8b69982375700d4b011eb89ea48b66dbd5aa
 	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
-CVE-2016-2554 [Stack overflow when decompressing tar archives]
-	RESERVED
+CVE-2016-2554 (Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, ...)
 	- php5 5.6.18+dfsg-1
 	[jessie] - php5 5.6.19+dfsg-0+deb8u1
 	[wheezy] - php5 <no-dsa> (Minor issue, can be fixed in next update round)
@@ -6618,12 +6637,12 @@ CVE-2016-2300 (Ecava IntegraXor before 5.0 build 4522 allows remote attackers to
 	NOT-FOR-US: Ecava IntegraXor
 CVE-2016-2299 (SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 ...)
 	NOT-FOR-US: Ecava IntegraXor
-CVE-2016-2298
-	RESERVED
-CVE-2016-2297
-	RESERVED
-CVE-2016-2296
-	RESERVED
+CVE-2016-2298 (Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows ...)
+	TODO: check
+CVE-2016-2297 (Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows ...)
+	TODO: check
+CVE-2016-2296 (Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not ...)
+	TODO: check
 CVE-2016-2295
 	RESERVED
 CVE-2016-2294 (The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and ...)
@@ -6910,19 +6929,16 @@ CVE-2016-2213 (The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in
 	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <not-affected> (Vulnerable code not present)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0aada30510d809bccfd539a90ea37b61188f2cb4
-CVE-2016-2196 [Overwrite in P-521 reduction]
-	RESERVED
+CVE-2016-2196 (Heap-based buffer overflow in the P-521 reduction function in Botan ...)
 	- botan1.10 <not-affected> (Introduced in 1.11.10)
 	NOTE: Introduced in 1.11.10, fixed in 1.11.27
 	NOTE: http://botan.randombit.net/security.html
-CVE-2016-2195 [Heap overflow on invalid ECC point]
-	RESERVED
+CVE-2016-2195 (Integer overflow in the PointGFp constructor in Botan before 1.10.11 ...)
 	{DSA-3565-1 DLA-449-1}
 	- botan1.10 1.10.12-1
 	NOTE: Introduced in 1.9.18, fixed in 1.11.27 and 1.10.11
 	NOTE: http://botan.randombit.net/security.html
-CVE-2016-2194 [Infinite loop in modulur square root algorithm]
-	RESERVED
+CVE-2016-2194 (The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 ...)
 	{DSA-3565-1 DLA-449-1}
 	- botan1.10 1.10.12-1
 	NOTE: Introduced in 1.7.15, fixed in 1.11.27 and 1.10.11
@@ -7226,8 +7242,7 @@ CVE-2016-2101
 CVE-2016-2100
 	RESERVED
 	- foreman <itp> (bug #663101)
-CVE-2016-2099 [use-after-free]
-	RESERVED
+CVE-2016-2099 (Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in ...)
 	{DSA-3579-1 DLA-467-1}
 	- xerces-c 3.1.3+debian-2 (bug #823863)
 	NOTE: https://issues.apache.org/jira/browse/XERCESC-2066
@@ -7583,10 +7598,10 @@ CVE-2016-2018
 	RESERVED
 CVE-2016-2017
 	RESERVED
-CVE-2016-2016
-	RESERVED
-CVE-2016-2015
-	RESERVED
+CVE-2016-2016 (Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 ...)
+	TODO: check
+CVE-2016-2015 (HPE System Management Homepage before 7.5.5 allows local users to ...)
+	TODO: check
 CVE-2016-2014 (HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and ...)
 	TODO: check
 CVE-2016-2013 (HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and ...)
@@ -8595,62 +8610,50 @@ CVE-2016-1673
 	RESERVED
 CVE-2016-1672
 	RESERVED
-CVE-2016-1671
-	RESERVED
+CVE-2016-1671 (Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and ...)
 	- chromium-browser <not-affected> (Android-specific)
-CVE-2016-1670
-	RESERVED
+CVE-2016-1670 (Race condition in the ResourceDispatcherHostImpl::BeginRequest ...)
 	- chromium-browser <unfixed>
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1669
-	RESERVED
+CVE-2016-1669 (The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as ...)
 	- chromium-browser <unfixed>
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 	- libv8 <unfixed> (unimportant)
 	NOTE: libv8 not covered by security support
-CVE-2016-1668
-	RESERVED
+CVE-2016-1668 (The forEachForBinding function in ...)
 	- chromium-browser <unfixed>
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 	TODO: check, possibly as well libv8
-CVE-2016-1667
-	RESERVED
+CVE-2016-1667 (The TreeScope::adoptIfNeeded function in ...)
 	- chromium-browser <unfixed>
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1666
-	RESERVED
+CVE-2016-1666 (Multiple unspecified vulnerabilities in Google Chrome before ...)
 	{DSA-3564-1}
 	- chromium-browser 50.0.2661.94-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1665
-	RESERVED
+CVE-2016-1665 (The JSGenericLowering class in compiler/js-generic-lowering.cc in ...)
 	{DSA-3564-1}
 	- chromium-browser 50.0.2661.94-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 	- libv8 <unfixed> (unimportant)
 	NOTE: libv8 not covered by security support
-CVE-2016-1664
-	RESERVED
+CVE-2016-1664 (The HistoryController::UpdateForCommit function in ...)
 	{DSA-3564-1}
 	- chromium-browser 50.0.2661.94-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1663
-	RESERVED
+CVE-2016-1663 (The SerializedScriptValue::transferArrayBuffers function in ...)
 	{DSA-3564-1}
 	- chromium-browser 50.0.2661.94-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1662
-	RESERVED
+CVE-2016-1662 (extensions/renderer/gc_callback.cc in Google Chrome before ...)
 	{DSA-3564-1}
 	- chromium-browser 50.0.2661.94-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1661
-	RESERVED
+CVE-2016-1661 (Blink, as used in Google Chrome before 50.0.2661.94, does not ensure ...)
 	{DSA-3564-1}
 	- chromium-browser 50.0.2661.94-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-1660
-	RESERVED
+CVE-2016-1660 (Blink, as used in Google Chrome before 50.0.2661.94, mishandles ...)
 	{DSA-3564-1}
 	- chromium-browser 50.0.2661.94-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -8946,12 +8949,12 @@ CVE-2016-1582
 	RESERVED
 CVE-2016-1581
 	RESERVED
-CVE-2016-1580
-	RESERVED
+CVE-2016-1580 (The setup_snappy_os_mounts function in the ubuntu-core-launcher ...)
+	TODO: check
 CVE-2016-1579
 	RESERVED
-CVE-2016-1578
-	RESERVED
+CVE-2016-1578 (Use-after-free vulnerability in Oxide allows remote attackers to cause ...)
+	TODO: check
 CVE-2016-1577 (Double free vulnerability in the jas_iccattrval_destroy function in ...)
 	{DSA-3508-1}
 	- jasper <unfixed> (bug #816625)
@@ -9449,8 +9452,8 @@ CVE-2016-1401
 	RESERVED
 CVE-2016-1400
 	RESERVED
-CVE-2016-1399
-	RESERVED
+CVE-2016-1399 (The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, ...)
+	TODO: check
 CVE-2016-1398
 	RESERVED
 CVE-2016-1397
@@ -9870,14 +9873,14 @@ CVE-2016-1211
 	RESERVED
 CVE-2016-1210
 	RESERVED
-CVE-2016-1209
-	RESERVED
-CVE-2016-1208
-	RESERVED
-CVE-2016-1207
-	RESERVED
-CVE-2016-1206
-	RESERVED
+CVE-2016-1209 (The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote ...)
+	TODO: check
+CVE-2016-1208 (The server in Apple FileMaker before 14.0.4 on OS X allows remote ...)
+	TODO: check
+CVE-2016-1207 (Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R ...)
+	TODO: check
+CVE-2016-1206 (The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, ...)
+	TODO: check
 CVE-2016-1205 (Cross-site scripting (XSS) vulnerability in the shiro8 (1) ...)
 	TODO: check
 CVE-2016-1204
@@ -11937,8 +11940,8 @@ CVE-2016-0392
 	RESERVED
 CVE-2016-0391
 	RESERVED
-CVE-2016-0390
-	RESERVED
+CVE-2016-0390 (Cross-site scripting (XSS) vulnerability in IBM Algorithmics Algo One ...)
+	TODO: check
 CVE-2016-0389
 	RESERVED
 CVE-2016-0388
@@ -11955,8 +11958,8 @@ CVE-2016-0383
 	RESERVED
 CVE-2016-0382
 	RESERVED
-CVE-2016-0381
-	RESERVED
+CVE-2016-0381 (IBM Cognos TM1 10.2.2 before FP5, when the host/pmhub/pm/admin ...)
+	TODO: check
 CVE-2016-0380
 	RESERVED
 CVE-2016-0379
@@ -12035,8 +12038,8 @@ CVE-2016-0343
 	RESERVED
 CVE-2016-0342
 	RESERVED
-CVE-2016-0341
-	RESERVED
+CVE-2016-0341 (IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B ...)
+	TODO: check
 CVE-2016-0340
 	RESERVED
 CVE-2016-0339
author	security tracker role <sectracker@debian.org>	2016-05-16 21:10:11 +0000
committer	security tracker role <sectracker@debian.org>	2016-05-16 21:10:11 +0000
commit	140c3ad2b48cf5ce5c9df6d1c9d6e8a174f008a5 (patch)
tree	f07b97e212eec7c37201395538e19d5cad143f0c /data
parent	1b7f712b9dfeb6af51c99474caac9b3fd74c884b (diff)