Author: carnil
Date: 2016-04-12 17:41:53 +0000 (Tue, 12 Apr 2016)
New Revision: 40899
Modified:
data/CVE/list
Log:
Add descriptions for samba issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-04-12 17:36:46 UTC (rev 40898)
+++ data/CVE/list 2016-04-12 17:41:53 UTC (rev 40899)
@@ -5237,29 +5237,29 @@
{DSA-3508-1}
- jasper <unfixed> (bug #816626)
NOTE: http://www.openwall.com/lists/oss-security/2016/03/03/12
-CVE-2016-2115
+CVE-2016-2115 [SMB client connections for IPC traffic are not integrity
protected]
RESERVED
- samba <unfixed>
NOTE: https://www.samba.org/samba/security/CVE-2016-2115.html
-CVE-2016-2114
+CVE-2016-2114 ["server signing = mandatory" not enforced]
RESERVED
- samba <unfixed>
[wheezy] - samba <not-affected> (Affects Samba 4.0.0 to 4.4.0)
NOTE: https://www.samba.org/samba/security/CVE-2016-2114.html
-CVE-2016-2113
+CVE-2016-2113 [Missing TLS certificate validation allows man in the middle
attacks]
RESERVED
- samba <unfixed>
[wheezy] - samba <not-affected> (Affects Samba 4.0.0 to 4.4.0)
NOTE: https://www.samba.org/samba/security/CVE-2016-2113.html
-CVE-2016-2112
+CVE-2016-2112 [The LDAP client and server don't enforce integrity protection]
RESERVED
- samba <unfixed>
NOTE: https://www.samba.org/samba/security/CVE-2016-2112.html
-CVE-2016-2111
+CVE-2016-2111 [NETLOGON Spoofing Vulnerability]
RESERVED
- samba <unfixed>
NOTE: https://www.samba.org/samba/security/CVE-2016-2111.html
-CVE-2016-2110
+CVE-2016-2110 [an in the middle attacks possible with NTLMSSP]
RESERVED
- samba <unfixed>
NOTE: https://www.samba.org/samba/security/CVE-2016-2110.html
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
