Author: carnil
Date: 2016-01-21 21:41:50 +0000 (Thu, 21 Jan 2016)
New Revision: 39072
Modified:
data/CVE/list
Log:
More ntp CVEs added
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-21 21:36:05 UTC (rev 39071)
+++ data/CVE/list 2016-01-21 21:41:50 UTC (rev 39072)
@@ -6346,8 +6346,12 @@
RESERVED
CVE-2015-8159
RESERVED
-CVE-2015-8158
+CVE-2015-8158 [Potential Infinite Loop in ntpq]
RESERVED
+ - ntp <unfixed>
+ NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
+ NOTE: http://support.ntp.org/bin/view/Main/NtpBug2948
+ TODO: check
CVE-2015-8157
RESERVED
CVE-2015-8156
@@ -6900,20 +6904,48 @@
- linux-2.6 <removed>
NOTE: https://lkml.org/lkml/2015/10/16/530
NOTE: http://www.openwall.com/lists/oss-security/2015/10/27/5
-CVE-2015-7979
+CVE-2015-7979 [Off-path Denial of Service (DoS) attack on authenticated
broadcast mode]
RESERVED
-CVE-2015-7978
+ - ntp <unfixed>
+ NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
+ NOTE: http://support.ntp.org/bin/view/Main/NtpBug2942
+ TODO: check
+CVE-2015-7978 [Stack exhaustion in recursive traversal of restriction list]
RESERVED
-CVE-2015-7977
+ - ntp <unfixed>
+ NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
+ NOTE: http://support.ntp.org/bin/view/Main/NtpBug2940
+ TODO: check
+CVE-2015-7977 [reslist NULL pointer dereference]
RESERVED
-CVE-2015-7976
+ - ntp <unfixed>
+ NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
+ NOTE: http://support.ntp.org/bin/view/Main/NtpBug2939
+ TODO: check
+CVE-2015-7976 [ntpq saveconfig command allows dangerous characters in
filenames]
RESERVED
-CVE-2015-7975
+ - ntp <unfixed>
+ NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
+ NOTE: http://support.ntp.org/bin/view/Main/NtpBug2938
+ TODO: check
+CVE-2015-7975 [nextvar() missing length check]
RESERVED
-CVE-2015-7974
+ - ntp <unfixed>
+ NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
+ NOTE: http://support.ntp.org/bin/view/Main/NtpBug2937
+ TODO: check
+CVE-2015-7974 [Skeleton Key: Missing key check allows impersonation between
authenticated peers]
RESERVED
-CVE-2015-7973
+ - ntp <unfixed>
+ NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
+ NOTE: http://support.ntp.org/bin/view/Main/NtpBug2936
+ TODO: check
+CVE-2015-7973 [Deja Vu: Replay attack on authenticated broadcast mode]
RESERVED
+ - ntp <unfixed>
+ NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
+ NOTE: http://support.ntp.org/bin/view/Main/NtpBug2935
+ TODO: check
CVE-2015-7972 (The (1) libxl_set_memory_target function in tools/libxl/libxl.c
and ...)
{DSA-3414-1}
- xen 4.6.0-1
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
