diff options
author | security tracker role <sectracker@debian.org> | 2016-05-16 21:10:11 +0000 |
---|---|---|
committer | security tracker role <sectracker@debian.org> | 2016-05-16 21:10:11 +0000 |
commit | 140c3ad2b48cf5ce5c9df6d1c9d6e8a174f008a5 (patch) | |
tree | f07b97e212eec7c37201395538e19d5cad143f0c /data | |
parent | 1b7f712b9dfeb6af51c99474caac9b3fd74c884b (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@41784 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2001.list | 2 | ||||
-rw-r--r-- | data/CVE/2005.list | 2 | ||||
-rw-r--r-- | data/CVE/2011.list | 3 | ||||
-rw-r--r-- | data/CVE/2014.list | 18 | ||||
-rw-r--r-- | data/CVE/2015.list | 96 | ||||
-rw-r--r-- | data/CVE/2016.list | 167 |
6 files changed, 132 insertions, 156 deletions
diff --git a/data/CVE/2001.list b/data/CVE/2001.list index 47a335bd9e..22b030ba71 100644 --- a/data/CVE/2001.list +++ b/data/CVE/2001.list @@ -2434,7 +2434,7 @@ CVE-2001-0783 (Cisco TFTP server 1.1 allows remote attackers to read arbitrary f NOT-FOR-US: Cisco CVE-2001-0782 (KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2001-0781 (Buffer overflow in SpoonFTP 1.0.0.12 allows remote attacker to execute ...) +CVE-2001-0781 (Buffer overflow in SpoonFTP 1.0.0.12 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-0780 (Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl ...) NOT-FOR-US: Data pre-dating the Security Tracker diff --git a/data/CVE/2005.list b/data/CVE/2005.list index 772069673f..c9d3e5e4d4 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -4324,7 +4324,7 @@ CVE-2005-3067 (Cross-site scripting (XSS) vulnerability in perldiver.cgi in Perl NOT-FOR-US: PerlDiver CVE-2005-3066 (Cross-site scripting (XSS) vulnerability in perldiver.pl in PerlDiver ...) NOT-FOR-US: PerlDiver -CVE-2005-3065 (MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers cause a ...) +CVE-2005-3065 (MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers to ...) NOT-FOR-US: MultiTheftAuto CVE-2005-3064 (MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client ...) NOT-FOR-US: MultiTheftAuto diff --git a/data/CVE/2011.list b/data/CVE/2011.list index f57b65f1b7..736d5c5a41 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -1,5 +1,4 @@ -CVE-2011-5326 [divide-by-zero on 2x1 ellipse] - RESERVED +CVE-2011-5326 (imlib2 before 1.4.9 allows remote attackers to cause a denial of ...) {DSA-3555-1} - imlib2 1.4.8-1 (bug #639414) NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c94d83ccab15d5ef02f88d42dce38ed3f0892882 diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 2d8c1f13ac..3e1f8b1dd0 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -14,8 +14,7 @@ CVE-2014-9773 [A remote attacker could change Atheme's behavior by registering/d NOTE: http://www.openwall.com/lists/oss-security/2016/05/02/2 CVE-2014-9772 RESERVED -CVE-2014-9771 [exploitable integer overflow in _imlib_SaveImage] - RESERVED +CVE-2014-9771 (Integer overflow in imlib2 before 1.4.7 allows remote attackers to ...) {DSA-3555-1} - imlib2 1.4.7-1 (bug #820206) NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=143f299 @@ -59,18 +58,15 @@ CVE-2014-XXXX [LFI posting internal files externally abusing default parameter] - tcpdf <undetermined> (bug #814030) NOTE: https://sourceforge.net/p/tcpdf/bugs/1005/ (not public) NOTE: According to upstream fixed in 6.2.0, but not details available -CVE-2014-9764 [Fix segfault when opening input/queue/id:000007,src:000000,op:flip1,pos:51 with feh] - RESERVED +CVE-2014-9764 (imlib2 before 1.4.7 allows remote attackers to cause a denial of ...) {DSA-3537-1 DLA-401-1} - imlib2 1.4.7-1 NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?h=v1.4.7&id=1f9b0b32728803a1578e658cd0955df773e34f49 -CVE-2014-9763 [Prevent division-by-zero crashes] - RESERVED +CVE-2014-9763 (imlib2 before 1.4.7 allows remote attackers to cause a denial of ...) {DSA-3537-1 DLA-401-1} - imlib2 1.4.7-1 NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?h=v1.4.7&id=c21beaf1780cf3ca291735ae7d58a3dde63277a2 -CVE-2014-9762 GIF loader: Fix segv on images without colormap] - RESERVED +CVE-2014-9762 (imlib2 before 1.4.7 allows remote attackers to cause a denial of ...) {DSA-3537-1 DLA-401-1} - imlib2 1.4.7-1 NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?h=v1.4.7&id=39641e74a560982fbf93f29bf96b37d27803cb56 @@ -167,8 +163,7 @@ CVE-2014-9743 (Cross-site scripting (XSS) vulnerability in the httpd_HtmlError . - vlc 2.2.0~rc2-1 [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts) [wheezy] - vlc <end-of-life> (Unsupported in wheezy-lts) -CVE-2014-9742 [Insufficient randomness in Miller-Rabin primality check] - RESERVED +CVE-2014-9742 (The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x ...) {DLA-449-1} - botan1.10 1.10.8-1 NOTE: Introduced in 1.8.3, fixed in 1.10.8 and 1.11.9 @@ -24434,8 +24429,7 @@ CVE-2014-0237 (The cdf_unpack_summary_info function in cdf.c in the Fileinfo ... NOTE: https://github.com/file/file/commit/b8acc83781d5a24cc5101e525d15efe0482c280d - php5 5.6.0~beta4+dfsg-1 (low) NOTE: https://bugs.php.net/bug.php?id=67328 -CVE-2014-0236 [root_storage NULL pointer deference flaw in CDF parser] - RESERVED +CVE-2014-0236 (file before 5.18, as used in the Fileinfo component in PHP before ...) - file 1:5.19-1 [wheezy] - file <not-affected> (Introduced in 5.18) [squeeze] - file <not-affected> (Introduced in 5.18) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 8ceca544a2..1a8722495d 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -1,4 +1,9 @@ +CVE-2015-8874 (Stack consumption vulnerability in GD in PHP before 5.6.12 allows ...) + TODO: check +CVE-2015-8873 (Stack consumption vulnerability in Zend/zend_exceptions.c in PHP ...) + TODO: check CVE-2015-8872 + RESERVED {DLA-474-1} - dosfstools 4.0-1 [jessie] - dosfstools <no-dsa> (Minor issue) @@ -162,8 +167,7 @@ CVE-2015-8839 (Multiple race conditions in the ext4 filesystem implementation in NOTE: https://git.kernel.org/linus/32ebffd3bbb4162da5ff88f9a35dd32d0a28ea70 (v4.5-rc1) NOTE: https://git.kernel.org/linus/011278485ecc3cd2a3954b5d4c73101d919bf1fa (v4.5-rc1) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=972174 -CVE-2015-8838 - RESERVED +CVE-2015-8838 (ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and ...) - php5 5.6.11+dfsg-1 [jessie] - php5 5.6.12+dfsg-0+deb8u1 [wheezy] - php5 5.4.44-0+deb7u1 @@ -177,8 +181,7 @@ CVE-2015-XXXX [php_url_parse_ex() buffer overflow read] NOTE: https://bugs.php.net/bug.php?id=70480 NOTE: https://github.com/facebook/hhvm/commit/3fa7e73055855c409d48e8aa1dc416a76d3dd764 NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=629e4da7cc8b174acdeab84969cbfc606a019b31 -CVE-2015-8835 - RESERVED +CVE-2015-8835 (The make_http_soap_request function in ext/soap/php_http.c in PHP ...) - php5 5.6.12+dfsg-1 [jessie] - php5 5.6.12+dfsg-0+deb8u1 [wheezy] - php5 5.4.44-0+deb7u1 @@ -1612,8 +1615,8 @@ CVE-2015-8532 RESERVED CVE-2015-8531 (Cross-site scripting (XSS) vulnerability in IBM Security Access ...) NOT-FOR-US: IBM -CVE-2015-8530 - RESERVED +CVE-2015-8530 (Stack-based buffer overflow in the Initialize function in an ActiveX ...) + TODO: check CVE-2015-8529 RESERVED CVE-2015-8528 @@ -2267,8 +2270,7 @@ CVE-2015-8313 [fail to check the first byte of the padding in CBC modes] - gnutls28 <not-affected> (Vulnerable code not present) - gnutls26 <removed> NOTE: https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.html -CVE-2015-8312 - RESERVED +CVE-2015-8312 (Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow ...) {DSA-3569-1} - openafs 1.6.17-1 NOTE: http://git.openafs.org/?p=openafs.git;a=commitdiff;h=2ef863720da4d9f368aaca0461c672a3008195ca @@ -2662,8 +2664,8 @@ CVE-2015-8158 [Potential Infinite Loop in ntpq] TODO: check CVE-2015-8157 RESERVED -CVE-2015-8156 - RESERVED +CVE-2015-8156 (Unquoted Windows search path vulnerability in EEDService in Symantec ...) + TODO: check CVE-2015-8155 RESERVED CVE-2015-8154 (The SysPlant.sys driver in the Application and Device Control (ADC) ...) @@ -2854,8 +2856,8 @@ CVE-2015-8102 RESERVED CVE-2015-8101 RESERVED -CVE-2015-8099 - RESERVED +CVE-2015-8099 (F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM ...) + TODO: check CVE-2015-8098 (F5 BIG-IP APM 11.4.1 before 11.4.1 HF9, 11.5.x before 11.5.3, and ...) NOT-FOR-US: BIG-IP CVE-2015-8097 @@ -3751,8 +3753,7 @@ CVE-2015-7829 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0 NOT-FOR-US: Adobe CVE-2015-7828 (SAP HANA Database 1.00 SPS10 and earlier do not require ...) NOT-FOR-US: SAP HANA -CVE-2015-7827 [PKCS #1 v1.5 decoding was not constant time] - RESERVED +CVE-2015-7827 (Botan before 1.10.13 and 1.11.x before 1.11.22 makes it easier for ...) {DSA-3565-1 DLA-449-1} - botan1.10 <unfixed> (bug #817932) NOTE: Fixed in 1.11.22. Affected all previous versions @@ -6560,8 +6561,7 @@ CVE-2015-XXXX [hardening for RSA-CRT leak] NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=b85c8d6645039fc9d403791750510e439731d479 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/08/5 NOTE: Thread on oss-security to clarify if this should be CVE-2015-5738 or a new CVE -CVE-2015-6838 [NULL pointer dereference] - RESERVED +CVE-2015-6838 (The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP ...) {DSA-3358-1 DLA-341-1} - php5 5.6.13+dfsg-1 - hhvm 3.12.1+dfsg-1 @@ -6569,8 +6569,7 @@ CVE-2015-6838 [NULL pointer dereference] NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5 NOTE: Fixed in 5.5.45 and 5.6.13 NOTE: https://github.com/facebook/hhvm/commit/f358ec0e905df41feaa9dc75f4dee814cfe5a60a -CVE-2015-6837 [NULL pointer dereference] - RESERVED +CVE-2015-6837 (The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP ...) {DSA-3358-1 DLA-341-1} - php5 5.6.13+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=69782 @@ -6582,16 +6581,14 @@ CVE-2015-6836 (The SoapClient __call method in ext/soap/soap.c in PHP before 5.4 NOTE: https://bugs.php.net/bug.php?id=70388 NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5 NOTE: Fixed in 5.5.45 and 5.6.13 -CVE-2015-6835 [Use after free vulnerability in session deserializer] - RESERVED +CVE-2015-6835 (The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, ...) {DSA-3358-1} - php5 5.6.13+dfsg-1 [squeeze] - php5 <no-dsa> (Too intrusive to backport) NOTE: https://bugs.php.net/bug.php?id=70219 NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5 NOTE: Fixed in 5.5.45 and 5.6.13 -CVE-2015-6834 [Vulnerability in unserialize(), discoverer taoguangchen@icloud.com] - RESERVED +CVE-2015-6834 (Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x ...) {DSA-3358-1 DLA-341-1} - php5 5.6.13+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=70172 @@ -9214,14 +9211,12 @@ CVE-2015-5729 RESERVED CVE-2015-5728 RESERVED -CVE-2015-5727 [Excess memory allocation in BER decoder] - RESERVED +CVE-2015-5727 (The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before ...) {DSA-3565-1 DLA-449-1} - botan1.10 1.10.10-1 NOTE: Fixed in 1.11.19 and 1.10.10, affected all previous versions of 1.10 and 1.11 NOTE: http://botan.randombit.net/security.html -CVE-2015-5726 [Crash in BER decoder] - RESERVED +CVE-2015-5726 (The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before ...) {DSA-3565-1 DLA-449-1} - botan1.10 1.10.10-1 NOTE: Fixed in 1.11.19 and 1.10.10, affected all previous versions of 1.10 and 1.11 @@ -9969,8 +9964,7 @@ CVE-2015-5590 (Stack-based buffer overflow in the phar_fix_filepath function in NOTE: https://bugs.php.net/bug.php?id=69923 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f NOTE: Fixed in 5.6.11, 5.4.43 -CVE-2015-5589 [Segfault in Phar::convertToData on invalid file] - RESERVED +CVE-2015-5589 (The phar_convert_to_other function in ext/phar/phar_object.c in PHP ...) {DSA-3344-1 DLA-307-1} - php5 5.6.11+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=69958 @@ -12672,22 +12666,19 @@ CVE-2015-4645 [jessie] - squashfs-tools <no-dsa> (Minor issue) [wheezy] - squashfs-tools <no-dsa> (Minor issue) [squeeze] - squashfs-tools <no-dsa> (Minor issue) -CVE-2015-4642 [OS command injection vulnerability in escapeshellarg] - RESERVED +CVE-2015-4642 (The escapeshellarg function in ext/standard/exec.c in PHP before ...) - php5 <not-affected> (Windows specific) NOTE: https://bugs.php.net/bug.php?id=69646 NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=d2ac264ffea5ca2e85640b6736e0c7cd4ee9a4a9 NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3 -CVE-2015-4643 [Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow)] - RESERVED +CVE-2015-4643 (Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP ...) {DSA-3344-1 DLA-307-1} - php5 5.6.11+dfsg-1 NOTE: Fixed in 5.6.10 / 5.5.26 / 5.4.42 NOTE: https://bugs.php.net/bug.php?id=69545#1431550655 NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2 NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3 -CVE-2015-4644 [Fixed bug #69667 (segfault in php_pgsql_meta_data)] - RESERVED +CVE-2015-4644 (The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka ...) {DSA-3344-1 DLA-307-1} - php5 5.6.11+dfsg-1 NOTE: Fixed in 5.6.10 / 5.5.26 / 5.4.42 @@ -13170,46 +13161,40 @@ CVE-2015-4459 RESERVED CVE-2015-4458 (The TLS implementation in the Cavium cryptographic-module firmware, as ...) NOT-FOR-US: Cisco -CVE-2015-4603 [exception::getTraceAsString issue] - RESERVED +CVE-2015-4603 (The exception::getTraceAsString function in Zend/zend_exceptions.c in ...) - php5 5.6.9+dfsg-1 [jessie] - php5 5.6.9+dfsg-0+deb8u1 [wheezy] - php5 5.4.41-0+deb7u1 NOTE: https://bugs.php.net/bug.php?id=69152 [2015-03-03 04:30 UTC] -CVE-2015-4602 - RESERVED +CVE-2015-4602 (The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c ...) {DLA-307-1} - php5 5.6.9+dfsg-1 [jessie] - php5 5.6.9+dfsg-0+deb8u1 [wheezy] - php5 5.4.41-0+deb7u1 NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=fb83c76deec58f1fab17c350f04c9f042e5977d1 NOTE: https://bugs.php.net/bug.php?id=69152 -CVE-2015-4601 - RESERVED +CVE-2015-4601 (PHP before 5.6.7 might allow remote attackers to cause a denial of ...) {DLA-307-1} - php5 5.6.9+dfsg-1 [jessie] - php5 5.6.9+dfsg-0+deb8u1 [wheezy] - php5 5.4.41-0+deb7u1 NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8 NOTE: https://bugs.php.net/bug.php?id=69152 -CVE-2015-4600 - RESERVED +CVE-2015-4600 (The SoapClient implementation in PHP before 5.4.40, 5.5.x before ...) {DLA-307-1} - php5 5.6.9+dfsg-1 [jessie] - php5 5.6.9+dfsg-0+deb8u1 [wheezy] - php5 5.4.41-0+deb7u1 NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8 NOTE: https://bugs.php.net/bug.php?id=69152 -CVE-2015-4599 [Type confusion vulnerability in exception::getTraceAsString] - RESERVED +CVE-2015-4599 (The SoapFault::__toString method in ext/soap/soap.c in PHP before ...) {DLA-307-1} - php5 5.6.9+dfsg-1 [jessie] - php5 5.6.9+dfsg-0+deb8u1 [wheezy] - php5 5.4.41-0+deb7u1 NOTE: https://bugs.php.net/bug.php?id=69152 NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=51856a76f87ecb24fe1385342be43610fb6c86e4 -CVE-2015-4598 [Incorrect handling of paths with NULs] - RESERVED +CVE-2015-4598 (PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does ...) {DSA-3344-1 DLA-307-1} - php5 5.6.11+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=69719 @@ -14029,8 +14014,8 @@ CVE-2015-4118 (SQL injection vulnerability in monitor/show_sys_state.php in ISPC NOT-FOR-US: ISPConfig CVE-2015-4117 RESERVED -CVE-2015-4116 - RESERVED +CVE-2015-4116 (Use-after-free vulnerability in the spl_ptr_heap_insert function in ...) + TODO: check CVE-2015-4115 RESERVED CVE-2015-4114 @@ -15918,8 +15903,7 @@ CVE-2015-3413 RESERVED - hhvm 3.11.0+dfsg-1 NOTE: https://github.com/facebook/hhvm/commit/02a7a8f086c9181002fca0f0d9cef42963fdf46a -CVE-2015-3412 - RESERVED +CVE-2015-3412 (PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does ...) {DLA-307-1} - php5 5.6.9+dfsg-1 [jessie] - php5 5.6.9+dfsg-0+deb8u1 @@ -15927,8 +15911,7 @@ CVE-2015-3412 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=52b93f0cfd3cba7ff98cc5198df6ca4f23865f80 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=4435b9142ff9813845d5c97ab29a5d637bedb257 NOTE: https://bugs.php.net/bug.php?id=69353 -CVE-2015-3411 - RESERVED +CVE-2015-3411 (PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does ...) {DLA-307-1} - php5 5.6.9+dfsg-1 [jessie] - php5 5.6.9+dfsg-0+deb8u1 @@ -16190,8 +16173,7 @@ CVE-2015-3340 (Xen 4.2.x through 4.5.x does not initialize certain fields, which [wheezy] - xen 4.1.4-3+deb7u8 [squeeze] - xen <end-of-life> (Not supported in Squeeze LTS) NOTE: http://xenbits.xen.org/xsa/advisory-132.html -CVE-2015-4605 [denial of service when processing a crafted file with Fileinfo -- 2015-02-09 17:10 UTC] - RESERVED +CVE-2015-4605 (The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo ...) {DLA-307-1} - php5 5.6.9+dfsg-1 (bug #783099) [jessie] - php5 5.6.9+dfsg-0+deb8u1 @@ -16199,8 +16181,7 @@ CVE-2015-4605 [denial of service when processing a crafted file with Fileinfo -- - file <not-affected> (Not reproducible with file, see #783108) NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=f938112c495b0d26572435c0be73ac0bfe642ecd NOTE: https://bugs.php.net/bug.php?id=68819 -CVE-2015-4604 [denial of service when processing a crafted file with Fileinfo -- 2015-02-05 13:53 UTC] - RESERVED +CVE-2015-4604 (The mget function in softmagic.c in file 5.x, as used in the Fileinfo ...) {DLA-307-1} - php5 5.6.9+dfsg-1 (bug #783099) [jessie] - php5 5.6.9+dfsg-0+deb8u1 @@ -16959,8 +16940,7 @@ CVE-2015-3153 (The default configuration for cURL and libcurl before 7.42.1 send [wheezy] - curl <no-dsa> (Too intrusive to backport) [squeeze] - curl <no-dsa> (Too intrusive to backport) NOTE: http://curl.haxx.se/docs/adv_20150429.html -CVE-2015-3152 [MySQL SSL/TLS downgrade] - RESERVED +CVE-2015-3152 (Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka ...) {DSA-3311-1} - mariadb-10.0 10.0.20-1 - percona-xtradb-cluster-5.5 <removed> diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 7c52e5827d..6cd59f138b 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -1,10 +1,26 @@ +CVE-2016-4808 + RESERVED +CVE-2016-4807 + RESERVED +CVE-2016-4806 + RESERVED +CVE-2016-4803 + RESERVED +CVE-2016-4802 + RESERVED +CVE-2016-4801 + RESERVED +CVE-2016-4800 + RESERVED CVE-2016-XXXX [moodle issues fixed in 2.7.14] - moodle 2.7.14+dfsg-1 CVE-2016-4805 [ppp: take reference on channels netns] + RESERVED - linux 4.5.2-1 NOTE: Fixed by: https://git.kernel.org/linus/1f461dcdd296eecedaffffc6bae2bfa90bd7eb89 (v4.6-rc1) NOTE: Introduced by: https://git.kernel.org/linus/273ec51dd7ceaa76e038875d85061ec856d8905e (v2.6.30) CVE-2016-4804 + RESERVED {DLA-474-1} - dosfstools 4.0-1 [jessie] - dosfstools <no-dsa> (Minor issue) @@ -588,12 +604,14 @@ CVE-2016-4557 [UAF via double-fdput() in bpf(BPF_PROG_LOAD) error path] NOTE: Exploitable since: https://git.kernel.org/linus/1be7f75d1668d6296b80bf35dcf6762393530afc (v4.4-rc1) NOTE: http://www.openwall.com/lists/oss-security/2016/05/06/4 CVE-2016-4556 (Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x ...) + {DLA-478-1} - squid3 3.5.19-1 (bug #823968) - squid <not-affected> (Does not affect 2.x) NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_9.txt NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch CVE-2016-4555 (client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before ...) + {DLA-478-1} - squid3 3.5.19-1 (bug #823968) [wheezy] - squid3 <not-affected> (3.1 not vulnerable) - squid <not-affected> (Does not affect 2.x) @@ -601,6 +619,7 @@ CVE-2016-4555 (client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch CVE-2016-4554 (mime_header.cc in Squid before 3.5.18 allows remote attackers to ...) + {DLA-478-1} - squid3 3.5.19-1 (bug #823968) - squid <removed> NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_8.txt @@ -879,8 +898,7 @@ CVE-2016-4544 [issue in which "Invalid TIFF start" validation was added] NOTE: https://git.php.net/?p=php-src.git;a=commit;h=082aecfc3a753ad03be82cf14f03ac065723ec92 NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35 NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21 -CVE-2016-4536 [various client functionality leak stack data onto the wire in the clear] - RESERVED +CVE-2016-4536 (The client in OpenAFS before 1.6.17 does not properly initialize the ...) - openafs 1.6.17-1 [jessie] - openafs <no-dsa> (Minor issue, can be included in a future DSA or via jessie-pu) NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt @@ -1217,8 +1235,8 @@ CVE-2016-4327 RESERVED CVE-2016-4326 RESERVED -CVE-2016-4325 - RESERVED +CVE-2016-4325 (Lantronix xPrintServer devices with firmware before 5.0.1-65 have ...) + TODO: check CVE-2016-4324 RESERVED CVE-2016-4323 @@ -1812,6 +1830,7 @@ CVE-2016-4056 - typo3-src <removed> [wheezy] - typo3-src <end-of-life> (See DSA 3314) CVE-2016-4054 (Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows ...) + {DLA-478-1} - squid3 3.5.17-1 - squid <not-affected> (Squid 2.x are not vulnerable) NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_6.txt @@ -1820,6 +1839,7 @@ CVE-2016-4054 (Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 a NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4) NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5) CVE-2016-4053 (Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to ...) + {DLA-478-1} - squid3 3.5.17-1 - squid <not-affected> (Squid 2.x are not vulnerable) NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_6.txt @@ -1828,6 +1848,7 @@ CVE-2016-4053 (Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attacke NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4) NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5) CVE-2016-4052 (Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and ...) + {DLA-478-1} - squid3 3.5.17-1 - squid <not-affected> (Squid 2.x are not vulnerable) NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_6.txt @@ -1836,6 +1857,7 @@ CVE-2016-4052 (Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4) NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5) CVE-2016-4051 (Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and ...) + {DLA-478-1} - squid3 3.5.17-1 - squid <removed> NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_5.txt @@ -1939,8 +1961,7 @@ CVE-2016-4010 RESERVED CVE-2016-4007 (Multiple unspecified vulnerabilities in the obs-service-extract_file ...) NOT-FOR-US: obs-service-extract_file -CVE-2016-4024 [integer overflow resulting in insufficient heap allocation] - RESERVED +CVE-2016-4024 (Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows ...) {DSA-3555-1} - imlib2 1.4.8-1 (bug #821732) NOTE: Upstream fix: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=7eba2e4c8ac0e20838947f10f29d0efe1add8227 @@ -2049,8 +2070,7 @@ CVE-2016-3995 [Timing Attack Counter Measure AES] NOTE: https://github.com/weidai11/cryptopp/issues/146 NOTE: http://www.openwall.com/lists/oss-security/2016/04/10/6 NOTE: Initial upload in 5.6.3-5 was incomplete -CVE-2016-3994 [GIF loader: out-of-bounds read] - RESERVED +CVE-2016-3994 (The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause ...) {DSA-3555-1} - imlib2 1.4.8-1 (bug #785369) NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8 @@ -2189,8 +2209,7 @@ CVE-2016-3945 [Out-of-bounds Write in the tiff2rgba tool] - tiff3 <removed> (unimportant) NOTE: src:tiff3: built binary packages do not contain the TIFF tools NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2545 -CVE-2016-3993 [off-by-one OOB read in __imlib_MergeUpdate] - RESERVED +CVE-2016-3993 (Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c ...) {DSA-3555-1} - imlib2 1.4.8-1 (bug #819818) NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=ce94edca1ccfbe314cb7cd9453433fad404ec7ef @@ -2679,22 +2698,27 @@ CVE-2016-3720 [XmlMapper is vulnerable to XXE attack] CVE-2016-3719 RESERVED CVE-2016-3718 (The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x ...) + {DSA-3580-1} - imagemagick <unfixed> - graphicsmagick <unfixed> NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/ CVE-2016-3717 (The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 ...) + {DSA-3580-1} - imagemagick <unfixed> - graphicsmagick <unfixed> NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/ CVE-2016-3716 (The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 ...) + {DSA-3580-1} - imagemagick <unfixed> - graphicsmagick <unfixed> NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/ CVE-2016-3715 (The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before ...) + {DSA-3580-1} - imagemagick <unfixed> - graphicsmagick <unfixed> NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/ CVE-2016-3714 (The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, ...) + {DSA-3580-1} - imagemagick <unfixed> NOTE: Workaround: https://bugzilla.redhat.com/show_bug.cgi?id=1332492#c3 NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588 @@ -3904,8 +3928,7 @@ CVE-2016-3186 (Buffer overflow in the readextension function in gif2tiff.c in Li NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1319503 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2536 NOTE: Proposed patch from Red Hat: https://bugzilla.redhat.com/attachment.cgi?id=1144235&action=diff -CVE-2016-3185 [Type Confusion Vulnerability - SOAP / make_http_soap_request()] - RESERVED +CVE-2016-3185 (The make_http_soap_request function in ext/soap/php_http.c in PHP ...) - php7.0 7.0.4-1 NOTE: https://bugs.php.net/bug.php?id=71610 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=eaf4e77190d402ea014207e9a7d5da1a4f3727ba @@ -4686,8 +4709,7 @@ CVE-2016-2862 RESERVED CVE-2016-2861 RESERVED -CVE-2016-2860 - RESERVED +CVE-2016-2860 (The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 ...) {DSA-3569-1} - openafs 1.6.17-1 NOTE: http://git.openafs.org/?p=openafs.git;a=commitdiff;h=396240cf070a806b91fea81131d034e1399af1e0 @@ -4761,12 +4783,10 @@ CVE-2016-2851 (Integer overflow in proto.c in libotr before 4.1.1 on 64-bit plat - libotr 4.1.1-1 (bug #817799) NOTE: https://lists.cypherpunks.ca/pipermail/otr-announce/2016-March/000062.html NOTE: https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/ -CVE-2016-2850 - RESERVED +CVE-2016-2850 (Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) ...) - botan1.10 <not-affected> (Introduced in 1.11.0) NOTE: Introduced in 1.11.0, fixed in 1.11.29 -CVE-2016-2849 [ECDSA side channel attack] - RESERVED +CVE-2016-2849 (Botan before 1.10.13 and 1.11.x before 1.11.29 does not use a ...) {DSA-3565-1 DLA-449-1} - botan1.10 <unfixed> (bug #822698) NOTE: http://botan.randombit.net/security.html @@ -6503,8 +6523,7 @@ CVE-2016-XXXX [NULL Pointer Dereference in phar_tar_setupmetadata()] NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305540 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=1c1b8b69982375700d4b011eb89ea48b66dbd5aa NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3 -CVE-2016-2554 [Stack overflow when decompressing tar archives] - RESERVED +CVE-2016-2554 (Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, ...) - php5 5.6.18+dfsg-1 [jessie] - php5 5.6.19+dfsg-0+deb8u1 [wheezy] - php5 <no-dsa> (Minor issue, can be fixed in next update round) @@ -6618,12 +6637,12 @@ CVE-2016-2300 (Ecava IntegraXor before 5.0 build 4522 allows remote attackers to NOT-FOR-US: Ecava IntegraXor CVE-2016-2299 (SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 ...) NOT-FOR-US: Ecava IntegraXor -CVE-2016-2298 - RESERVED -CVE-2016-2297 - RESERVED -CVE-2016-2296 - RESERVED +CVE-2016-2298 (Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows ...) + TODO: check +CVE-2016-2297 (Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows ...) + TODO: check +CVE-2016-2296 (Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not ...) + TODO: check CVE-2016-2295 RESERVED CVE-2016-2294 (The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and ...) @@ -6910,19 +6929,16 @@ CVE-2016-2213 (The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in [squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS) - libav <not-affected> (Vulnerable code not present) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0aada30510d809bccfd539a90ea37b61188f2cb4 -CVE-2016-2196 [Overwrite in P-521 reduction] - RESERVED +CVE-2016-2196 (Heap-based buffer overflow in the P-521 reduction function in Botan ...) - botan1.10 <not-affected> (Introduced in 1.11.10) NOTE: Introduced in 1.11.10, fixed in 1.11.27 NOTE: http://botan.randombit.net/security.html -CVE-2016-2195 [Heap overflow on invalid ECC point] - RESERVED +CVE-2016-2195 (Integer overflow in the PointGFp constructor in Botan before 1.10.11 ...) {DSA-3565-1 DLA-449-1} - botan1.10 1.10.12-1 NOTE: Introduced in 1.9.18, fixed in 1.11.27 and 1.10.11 NOTE: http://botan.randombit.net/security.html -CVE-2016-2194 [Infinite loop in modulur square root algorithm] - RESERVED +CVE-2016-2194 (The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 ...) {DSA-3565-1 DLA-449-1} - botan1.10 1.10.12-1 NOTE: Introduced in 1.7.15, fixed in 1.11.27 and 1.10.11 @@ -7226,8 +7242,7 @@ CVE-2016-2101 CVE-2016-2100 RESERVED - foreman <itp> (bug #663101) -CVE-2016-2099 [use-after-free] - RESERVED +CVE-2016-2099 (Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in ...) {DSA-3579-1 DLA-467-1} - xerces-c 3.1.3+debian-2 (bug #823863) NOTE: https://issues.apache.org/jira/browse/XERCESC-2066 @@ -7583,10 +7598,10 @@ CVE-2016-2018 RESERVED CVE-2016-2017 RESERVED -CVE-2016-2016 - RESERVED -CVE-2016-2015 - RESERVED +CVE-2016-2016 (Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 ...) + TODO: check +CVE-2016-2015 (HPE System Management Homepage before 7.5.5 allows local users to ...) + TODO: check CVE-2016-2014 (HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and ...) TODO: check CVE-2016-2013 (HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and ...) @@ -8595,62 +8610,50 @@ CVE-2016-1673 RESERVED CVE-2016-1672 RESERVED -CVE-2016-1671 - RESERVED +CVE-2016-1671 (Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and ...) - chromium-browser <not-affected> (Android-specific) -CVE-2016-1670 - RESERVED +CVE-2016-1670 (Race condition in the ResourceDispatcherHostImpl::BeginRequest ...) - chromium-browser <unfixed> [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2016-1669 - RESERVED +CVE-2016-1669 (The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as ...) - chromium-browser <unfixed> [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) - libv8 <unfixed> (unimportant) NOTE: libv8 not covered by security support -CVE-2016-1668 - RESERVED +CVE-2016-1668 (The forEachForBinding function in ...) - chromium-browser <unfixed> [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) TODO: check, possibly as well libv8 -CVE-2016-1667 - RESERVED +CVE-2016-1667 (The TreeScope::adoptIfNeeded function in ...) - chromium-browser <unfixed> [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2016-1666 - RESERVED +CVE-2016-1666 (Multiple unspecified vulnerabilities in Google Chrome before ...) {DSA-3564-1} - chromium-browser 50.0.2661.94-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2016-1665 - RESERVED +CVE-2016-1665 (The JSGenericLowering class in compiler/js-generic-lowering.cc in ...) {DSA-3564-1} - chromium-browser 50.0.2661.94-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) - libv8 <unfixed> (unimportant) NOTE: libv8 not covered by security support -CVE-2016-1664 - RESERVED +CVE-2016-1664 (The HistoryController::UpdateForCommit function in ...) {DSA-3564-1} - chromium-browser 50.0.2661.94-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2016-1663 - RESERVED +CVE-2016-1663 (The SerializedScriptValue::transferArrayBuffers function in ...) {DSA-3564-1} - chromium-browser 50.0.2661.94-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2016-1662 - RESERVED +CVE-2016-1662 (extensions/renderer/gc_callback.cc in Google Chrome before ...) {DSA-3564-1} - chromium-browser 50.0.2661.94-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2016-1661 - RESERVED +CVE-2016-1661 (Blink, as used in Google Chrome before 50.0.2661.94, does not ensure ...) {DSA-3564-1} - chromium-browser 50.0.2661.94-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2016-1660 - RESERVED +CVE-2016-1660 (Blink, as used in Google Chrome before 50.0.2661.94, mishandles ...) {DSA-3564-1} - chromium-browser 50.0.2661.94-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) @@ -8946,12 +8949,12 @@ CVE-2016-1582 RESERVED CVE-2016-1581 RESERVED -CVE-2016-1580 - RESERVED +CVE-2016-1580 (The setup_snappy_os_mounts function in the ubuntu-core-launcher ...) + TODO: check CVE-2016-1579 RESERVED -CVE-2016-1578 - RESERVED +CVE-2016-1578 (Use-after-free vulnerability in Oxide allows remote attackers to cause ...) + TODO: check CVE-2016-1577 (Double free vulnerability in the jas_iccattrval_destroy function in ...) {DSA-3508-1} - jasper <unfixed> (bug #816625) @@ -9449,8 +9452,8 @@ CVE-2016-1401 RESERVED CVE-2016-1400 RESERVED -CVE-2016-1399 - RESERVED +CVE-2016-1399 (The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, ...) + TODO: check CVE-2016-1398 RESERVED CVE-2016-1397 @@ -9870,14 +9873,14 @@ CVE-2016-1211 RESERVED CVE-2016-1210 RESERVED -CVE-2016-1209 - RESERVED -CVE-2016-1208 - RESERVED -CVE-2016-1207 - RESERVED -CVE-2016-1206 - RESERVED +CVE-2016-1209 (The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote ...) + TODO: check +CVE-2016-1208 (The server in Apple FileMaker before 14.0.4 on OS X allows remote ...) + TODO: check +CVE-2016-1207 (Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R ...) + TODO: check +CVE-2016-1206 (The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, ...) + TODO: check CVE-2016-1205 (Cross-site scripting (XSS) vulnerability in the shiro8 (1) ...) TODO: check CVE-2016-1204 @@ -11937,8 +11940,8 @@ CVE-2016-0392 RESERVED CVE-2016-0391 RESERVED -CVE-2016-0390 - RESERVED +CVE-2016-0390 (Cross-site scripting (XSS) vulnerability in IBM Algorithmics Algo One ...) + TODO: check CVE-2016-0389 RESERVED CVE-2016-0388 @@ -11955,8 +11958,8 @@ CVE-2016-0383 RESERVED CVE-2016-0382 RESERVED -CVE-2016-0381 - RESERVED +CVE-2016-0381 (IBM Cognos TM1 10.2.2 before FP5, when the host/pmhub/pm/admin ...) + TODO: check CVE-2016-0380 RESERVED CVE-2016-0379 @@ -12035,8 +12038,8 @@ CVE-2016-0343 RESERVED CVE-2016-0342 RESERVED -CVE-2016-0341 - RESERVED +CVE-2016-0341 (IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B ...) + TODO: check CVE-2016-0340 RESERVED CVE-2016-0339 |