diff options
author | security tracker role <sectracker@debian.org> | 2016-05-06 09:10:12 +0000 |
---|---|---|
committer | security tracker role <sectracker@debian.org> | 2016-05-06 09:10:12 +0000 |
commit | 325969cdbf403714c29dbeb45c2e62f6f2a9ec9f (patch) | |
tree | 23d3fc7043266e69f6ccf7cf0fd39618aa2cc567 /data | |
parent | e897cb2288920e0a559c46bbe816c8a9e8ee3233 (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@41472 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2000.list | 2 | ||||
-rw-r--r-- | data/CVE/2015.list | 2 | ||||
-rw-r--r-- | data/CVE/2016.list | 146 |
3 files changed, 118 insertions, 32 deletions
diff --git a/data/CVE/2000.list b/data/CVE/2000.list index a7986d2bc1..908780e126 100644 --- a/data/CVE/2000.list +++ b/data/CVE/2000.list @@ -1,4 +1,4 @@ -CVE-2000-1254 +CVE-2000-1254 (crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C ...) - openssl 0.9.6-1 NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=db82b8f9bd432a59aea8e1014694e15fc457c2bb CVE-2000-1253 diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 46cd895ebb..ebf4cf9165 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -18377,7 +18377,7 @@ CVE-2015-2668 (ClamAV before 0.98.7 allows remote attackers to cause a denial of - clamav 0.98.7+dfsg-1 [wheezy] - clamav 0.98.7+dfsg-0+deb7u1 [jessie] - clamav 0.98.7+dfsg-0+deb8u1 -CVE-2015-2667 (Untrusted search path vulnerability in GNS3 before 1.2.3 allows local ...) +CVE-2015-2667 (Untrusted search path vulnerability in GNS3 1.2.3 allows local users ...) - gns3 <not-affected> (Windows specific) CVE-2015-2665 (Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows ...) {DSA-3295-1 DLA-255-1} diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 274e482db6..7c1a526bf8 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -1,3 +1,101 @@ +CVE-2016-4535 (Integer signedness error in the AV engine before DAT 8145, as used in ...) + TODO: check +CVE-2016-4534 (The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan ...) + TODO: check +CVE-2016-4533 + RESERVED +CVE-2016-4532 + RESERVED +CVE-2016-4531 + RESERVED +CVE-2016-4530 + RESERVED +CVE-2016-4529 + RESERVED +CVE-2016-4528 + RESERVED +CVE-2016-4527 + RESERVED +CVE-2016-4526 + RESERVED +CVE-2016-4525 + RESERVED +CVE-2016-4524 + RESERVED +CVE-2016-4523 + RESERVED +CVE-2016-4522 + RESERVED +CVE-2016-4521 + RESERVED +CVE-2016-4520 + RESERVED +CVE-2016-4519 + RESERVED +CVE-2016-4518 + RESERVED +CVE-2016-4517 + RESERVED +CVE-2016-4516 + RESERVED +CVE-2016-4515 + RESERVED +CVE-2016-4514 + RESERVED +CVE-2016-4513 + RESERVED +CVE-2016-4512 + RESERVED +CVE-2016-4511 + RESERVED +CVE-2016-4510 + RESERVED +CVE-2016-4509 + RESERVED +CVE-2016-4508 + RESERVED +CVE-2016-4507 + RESERVED +CVE-2016-4506 + RESERVED +CVE-2016-4505 + RESERVED +CVE-2016-4504 + RESERVED +CVE-2016-4503 + RESERVED +CVE-2016-4502 + RESERVED +CVE-2016-4501 + RESERVED +CVE-2016-4500 + RESERVED +CVE-2016-4499 + RESERVED +CVE-2016-4498 + RESERVED +CVE-2016-4497 + RESERVED +CVE-2016-4496 + RESERVED +CVE-2016-4495 + RESERVED +CVE-2016-4494 + RESERVED +CVE-2016-4493 + RESERVED +CVE-2016-4492 + RESERVED +CVE-2016-4491 + RESERVED +CVE-2016-4490 + RESERVED +CVE-2016-4489 + RESERVED +CVE-2016-4488 + RESERVED +CVE-2016-4487 + RESERVED CVE-2016-4539 [xml_parse_into_struct segmentation fault] - php7.0 7.0.6-1 - php5 5.6.21+dfsg-1 @@ -59,10 +157,12 @@ CVE-2016-4536 [various client functionality leak stack data onto the wire in the [jessie] - openafs <no-dsa> (Minor issue, can be included in a future DSA or via jessie-pu) NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt CVE-2016-4486 [information leak vulnerability in rtnetlink] + RESERVED - linux <unfixed> NOTE: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6 NOTE: Not yet merged in Linus' tree CVE-2016-4485 [information leak vulnerability in llc module] + RESERVED - linux <unfixed> NOTE: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=b8670c09f37bdf2847cc44f36511a53afc6161fd NOTE: Not yet merged in Linus' tree @@ -311,8 +411,8 @@ CVE-2016-4358 RESERVED CVE-2016-4357 RESERVED -CVE-2016-4351 - RESERVED +CVE-2016-4351 (SQL injection vulnerability in the authentication functionality in ...) + TODO: check CVE-2016-4350 RESERVED CVE-2016-4478 [denial of service due to a buffer overflow in the XMLRPC response encoding code] @@ -1208,8 +1308,7 @@ CVE-2016-4001 [net: buffer overflow in stellaris_enet emulator] NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01334.html NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=3a15cc0e1ee7168db0782133d2607a6bfa422d66 (v2.6.0-rc2) NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/4 -CVE-2016-4008 [Infinite loops parsing malicious DER certificates] - RESERVED +CVE-2016-4008 (The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 ...) {DSA-3568-1} - libtasn1-6 4.8-1 - libtasn1-3 <removed> @@ -1845,20 +1944,15 @@ CVE-2016-3720 [XmlMapper is vulnerable to XXE attack] TODO: check CVE-2016-3719 RESERVED -CVE-2016-3718 [SSRF] - RESERVED +CVE-2016-3718 (The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x ...) - imagemagick <unfixed> -CVE-2016-3717 [Local file read] - RESERVED +CVE-2016-3717 (The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 ...) - imagemagick <unfixed> -CVE-2016-3716 [File moving] - RESERVED +CVE-2016-3716 (The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 ...) - imagemagick <unfixed> -CVE-2016-3715 [File deletion] - RESERVED +CVE-2016-3715 (The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before ...) - imagemagick <unfixed> -CVE-2016-3714 [Insufficient filtering for filename passed to delegate's command allows remote code execution during conversion of several file formats] - RESERVED +CVE-2016-3714 (The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, ...) - imagemagick <unfixed> NOTE: Workaround: https://bugzilla.redhat.com/show_bug.cgi?id=1332492#c3 NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588 @@ -6109,8 +6203,7 @@ CVE-2016-2178 RESERVED CVE-2016-2177 RESERVED -CVE-2016-2176 [EBCDIC overread] - RESERVED +CVE-2016-2176 (The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL ...) - openssl <not-affected> (Only applies to EBCDIC systems) NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ea96ad5a206b7b5f25dad230333e8ff032df3219 NOTE: https://www.openssl.org/news/secadv/20160503.txt @@ -6129,13 +6222,11 @@ CVE-2016-2170 (Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 NOT-FOR-US: Apache OFBiz CVE-2016-2169 RESERVED -CVE-2016-2168 - RESERVED +CVE-2016-2168 (The req_check_access function in the mod_authz_svn module in the httpd ...) {DSA-3561-1 DLA-448-1} - subversion 1.9.4-1 NOTE: https://subversion.apache.org/security/CVE-2016-2168-advisory.txt -CVE-2016-2167 - RESERVED +CVE-2016-2167 (The canonicalize_username function in svnserve/cyrus_auth.c in Apache ...) {DSA-3561-1 DLA-448-1} - subversion 1.9.4-1 NOTE: https://subversion.apache.org/security/CVE-2016-2167-advisory.txt @@ -6308,30 +6399,25 @@ CVE-2016-2110 (The NTLMSSP authentication implementation in Samba 3.x and 4.x be {DSA-3548-1} - samba 2:4.3.7+dfsg-1 NOTE: https://www.samba.org/samba/security/CVE-2016-2110.html -CVE-2016-2109 [ASN.1 BIO excessive memory allocation] - RESERVED +CVE-2016-2109 (The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 ...) {DSA-3566-1 DLA-456-1} - openssl 1.0.2h-1 NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807 NOTE: https://www.openssl.org/news/secadv/20160503.txt -CVE-2016-2108 [Memory corruption in the ASN.1 encoder] - RESERVED +CVE-2016-2108 (The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before ...) {DSA-3566-1 DLA-456-1} - openssl 1.0.2c-1 NOTE: https://www.openssl.org/news/secadv/20160503.txt -CVE-2016-2107 [Padding oracle in AES-NI CBC MAC check] - RESERVED +CVE-2016-2107 (The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before ...) {DSA-3566-1 DLA-456-1} - openssl 1.0.2h-1 NOTE: https://www.openssl.org/news/secadv/20160503.txt -CVE-2016-2106 [EVP_EncryptUpdate overflow] - RESERVED +CVE-2016-2106 (Integer overflow in the EVP_EncryptUpdate function in ...) {DSA-3566-1 DLA-456-1} - openssl 1.0.2h-1 NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=3f3582139fbb259a1c3cbb0a25236500a409bf26 NOTE: https://www.openssl.org/news/secadv/20160503.txt -CVE-2016-2105 [EVP_EncodeUpdate overflow] - RESERVED +CVE-2016-2105 (Integer overflow in the EVP_EncodeUpdate function in ...) {DSA-3566-1 DLA-456-1} - openssl 1.0.2h-1 NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ee1e3cac2e83abc77bcc8ff98729ca1e10fcc920 |