[Secure-testing-commits] r41249 - data/CVE

security tracker role Wed, 27 Apr 2016 14:10:33 -0700

Author: sectracker
Date: 2016-04-27 21:10:13 +0000 (Wed, 27 Apr 2016)
New Revision: 41249


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-04-27 19:53:18 UTC (rev 41248)
+++ data/CVE/list       2016-04-27 21:10:13 UTC (rev 41249)
@@ -1,3 +1,7 @@
+CVE-2016-4087
+       RESERVED
+CVE-2016-4086
+       RESERVED
 CVE-2016-XXXX [cadence_uart: bounds check write offset]
        - qemu <unfixed>
        - qemu-kvm <removed>
@@ -256,7 +260,7 @@
        NOTE: http://www.openwall.com/lists/oss-security/2016/04/23/1
 CVE-2016-4039
        RESERVED
-CVE-2016-4036 (openSUSE and SUSE Linux Enterprise Server 11 SP 1 use weak 
permissions ...)
+CVE-2016-4036 (The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE 
Linux ...)
        TODO: check
 CVE-2016-3955 [remote buffer overflow in usbip]
        RESERVED
@@ -456,8 +460,7 @@
        NOT-FOR-US: FortiOS
 CVE-2015-8841 (Heap-based buffer overflow in the Archive support module in 
ESET NOD32 ...)
        NOT-FOR-US: ESET NOD32
-CVE-2016-4002 [net: buffer overflow in MIPSnet emulator]
-       RESERVED
+CVE-2016-4002 (Buffer overflow in the mipsnet_receive function in 
hw/net/mipsnet.c in ...)
        - qemu <unfixed> (bug #821061)
        [jessie] - qemu <no-dsa> (Minor issue)
        [wheezy] - qemu <no-dsa> (Minor issue)
@@ -510,6 +513,7 @@
        NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/6
 CVE-2016-4070 [Integer overflow in php_raw_url_encode]
        RESERVED
+       {DSA-3560-1}
        - php7.0 7.0.5-1
        - php5 5.6.20+dfsg-1
        NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
@@ -518,6 +522,7 @@
        NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
 CVE-2016-4071 [Format string vulnerability in php_snmp_error()]
        RESERVED
+       {DSA-3560-1}
        - php7.0 7.0.5-1
        - php5 5.6.20+dfsg-1
        NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
@@ -526,6 +531,7 @@
        NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
 CVE-2016-4072 [Invalid memory write in phar on filename containing \0 inside 
name]
        RESERVED
+       {DSA-3560-1}
        - php7.0 7.0.5-1
        - php5 5.6.20+dfsg-1
        NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
@@ -535,6 +541,7 @@
        NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
 CVE-2016-4073 [Negative size parameter in memcpy]
        RESERVED
+       {DSA-3560-1}
        - php7.0 7.0.5-1
        - php5 5.6.20+dfsg-1
        NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
@@ -659,6 +666,7 @@
        TODO: check
 CVE-2015-8865 [Buffer over-write in finfo_open with malformed magic file]
        RESERVED
+       {DSA-3560-1}
        - php7.0 7.0.5-1
        - php5 5.6.20+dfsg-1
        - file 1:5.24-1
@@ -2572,10 +2580,10 @@
        RESERVED
 CVE-2016-3083
        RESERVED
-CVE-2016-3082
-       RESERVED
-CVE-2016-3081
-       RESERVED
+CVE-2016-3082 (XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x 
before ...)
+       TODO: check
+CVE-2016-3081 (Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, 
and ...)
+       TODO: check
 CVE-2016-3080
        RESERVED
        NOT-FOR-US: Red Hat Satellite / Spacewalk / spacewalk-monitoring
@@ -2600,8 +2608,7 @@
        - eglibc <removed>
        [wheezy] - eglibc <no-dsa> (Minor issue, can be fixed via point release)
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=19879
-CVE-2016-3074 [Signedness vulnerability causing heap overflow]
-       RESERVED
+CVE-2016-3074 (Integer signedness error in GD Graphics Library 2.1.1 (aka 
libgd or ...)
        {DSA-3556-1}
        - libgd2 2.1.1-4.1 (bug #822242)
        - php5 <unfixed> (unimportant)
@@ -3412,6 +3419,7 @@
        RESERVED
 CVE-2016-2814
        RESERVED
+       {DSA-3559-1}
        - iceweasel <removed>
        - firefox-esr 45.1.0esr-1
        - firefox 46.0-1
@@ -3448,12 +3456,14 @@
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-40/
 CVE-2016-2808
        RESERVED
+       {DSA-3559-1}
        - iceweasel <removed>
        - firefox-esr 45.1.0esr-1
        - firefox 46.0-1
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-47/
 CVE-2016-2807 [Memory safety bugs fixed in Firefox ESR 45.1, Firefox ESR 38.8 
and Firefox 46]
        RESERVED
+       {DSA-3559-1}
        - iceweasel <removed>
        - firefox-esr 45.1.0esr-1
        - firefox 46.0-1
@@ -3466,6 +3476,7 @@
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/
 CVE-2016-2805 [Memory safety bug fixed in Firefox ESR 38.8]
        RESERVED
+       {DSA-3559-1}
        - iceweasel <removed>
        - firefox-esr <not-affected> (Only affects Firefox ESR 38.x)
        - firefox <not-affected> (Only affects Firefox ESR 38.x)
@@ -7647,8 +7658,8 @@
        RESERVED
 CVE-2016-1602
        RESERVED
-CVE-2016-1601
-       RESERVED
+CVE-2016-1601 (yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 
SP1, ...)
+       TODO: check
 CVE-2016-1600
        RESERVED
 CVE-2016-1599 (Cross-site scripting (XSS) vulnerability in NetIQ Self Service 
...)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41249 - data/CVE

Reply via email to