Author: carnil
Date: 2016-04-24 13:49:35 +0000 (Sun, 24 Apr 2016)
New Revision: 41114
Modified:
data/CVE/list
Log:
First batch of CVEs from external check added/updated
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-04-24 13:00:39 UTC (rev 41113)
+++ data/CVE/list 2016-04-24 13:49:35 UTC (rev 41114)
@@ -60,6 +60,8 @@
REJECTED
CVE-2016-4055
RESERVED
+ - node-moment <unfixed> (unimportant)
+ NOTE: nodejs not covered by security support
CVE-2016-4050
RESERVED
CVE-2016-4049
@@ -302,7 +304,9 @@
CVE-2016-4004 (Directory traversal vulnerability in Dell OpenManage Server ...)
NOT-FOR-US: Dell
CVE-2016-4003 (Cross-site scripting (XSS) vulnerability in the URLDecoder
function in ...)
- TODO: check
+ - libstruts1.2-java <undetermined>
+ NOTE: http://struts.apache.org/docs/s2-028.html
+ TODO: check, possibly only 2.x
CVE-2016-4020 [i386: leakage of stack memory to guest in kvmvapic.c]
RESERVED
- qemu <unfixed> (bug #821062)
@@ -1127,6 +1131,7 @@
TODO: check
CVE-2016-3696
RESERVED
+ NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3695
RESERVED
CVE-2016-3694
@@ -2378,7 +2383,7 @@
CVE-2016-3145 (Lexmark printers with firmware ATL before ATL.021.063, CB
before ...)
NOT-FOR-US: Lexmark printers
CVE-2016-3144 (Cross-site scripting (XSS) vulnerability in the Block Class
module ...)
- TODO: check
+ NOT-FOR-US: Drupal Block Class module
CVE-2016-3143
RESERVED
CVE-2016-3156 [ipv4: Don't do expensive useless work during inetdev destroy]
@@ -2455,16 +2460,21 @@
RESERVED
CVE-2016-3102
RESERVED
+ - jenkins <removed>
CVE-2016-3101
RESERVED
+ - jenkins <removed>
CVE-2016-3100
RESERVED
-CVE-2016-3099
+CVE-2016-3099 [Invalid handling of +CIPHER operator]
RESERVED
+ - libapache2-mod-nss <undetermined>
+ TODO: check
CVE-2016-3098
RESERVED
CVE-2016-3097
RESERVED
+ NOT-FOR-US: spacewalk-java
CVE-2016-3096 [Code execution vulnerability in ansible lxc_container]
RESERVED
- ansible 2.0.1.0-2 (bug #819676)
@@ -2504,12 +2514,14 @@
RESERVED
CVE-2016-3080
RESERVED
+ NOT-FOR-US: Red Hat Satellite / Spacewalk / spacewalk-monitoring
CVE-2016-3079 (Multiple cross-site scripting (XSS) vulnerabilities in the Web
UI in ...)
NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2016-3078
RESERVED
CVE-2016-3077
RESERVED
+ NOT-FOR-US: ovirt-engine
CVE-2016-3076 [j2k integer overflow error on encode]
RESERVED
- pillow <unfixed> (unimportant)
@@ -4216,7 +4228,7 @@
CVE-2016-2542 (Untrusted search path vulnerability in Flexera InstallShield
through ...)
NOT-FOR-US: Flexera InstallShield
CVE-2016-2537 (The is-my-json-valid package before 2.12.4 for Node.js has an
...)
- TODO: check
+ NOT-FOR-US: is-my-json-valid package for Node.js
CVE-2016-2536 (Multiple use-after-free vulnerabilities in SAP 3D Visual
Enterprise ...)
NOT-FOR-US: SAP
CVE-2016-2535
@@ -4622,6 +4634,7 @@
NOTE:
https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced
CVE-2016-2402
RESERVED
+ NOT-FOR-US: OkHttp
CVE-2016-2401
RESERVED
CVE-2016-2400
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
