[Secure-testing-commits] r41722 - data/CVE

Salvatore Bonaccorso Sat, 14 May 2016 09:31:15 -0700

Author: carnil
Date: 2016-05-14 16:29:50 +0000 (Sat, 14 May 2016)
New Revision: 41722


Modified:
   data/CVE/list
Log:
Use correct brackets for temporary descriptions

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-05-14 15:33:37 UTC (rev 41721)
+++ data/CVE/list       2016-05-14 16:29:50 UTC (rev 41722)
@@ -6250,23 +6250,23 @@
        NOTE: Fixed versions: 2.0.2, 1.12.10
 CVE-2016-2520
        RESERVED
-CVE-2016-2519 (ctl_getitem() return value not always checked)
+CVE-2016-2519 [ctl_getitem() return value not always checked]
        RESERVED
        - ntp 1:4.2.8p7+dfsg-1
        NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
        TODO: check
-CVE-2016-2518 (Crafted addpeer with hmode > 7 causes out-of-bounds reference)
+CVE-2016-2518 [Crafted addpeer with hmode > 7 causes out-of-bounds reference]
        RESERVED
        - ntp 1:4.2.8p7+dfsg-1
        NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
        TODO: check
-CVE-2016-2517 (Remote configuration trustedkey/requestkey/controlkey values 
are not properly validated)
+CVE-2016-2517 [Remote configuration trustedkey/requestkey/controlkey values 
are not properly validated]
        RESERVED
        - ntp 1:4.2.8p7+dfsg-1
        NOTE: CVE-2016-2517 is for a regression caused by the patch for 
CVE-2016-2516
        NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
        TODO: check
-CVE-2016-2516 (Duplicate IPs on unconfig directives will cause an assertion 
failure)
+CVE-2016-2516 [Duplicate IPs on unconfig directives will cause an assertion 
failure]
        RESERVED
        - ntp 1:4.2.8p7+dfsg-1
        NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
@@ -9692,27 +9692,27 @@
        NOTE: 
https://github.com/facebook/hhvm/commit/979b5b312ffbd56126c52f3dcb6cf8fcab89664f
        NOTE: 
https://github.com/facebook/hhvm/commit/604689e1565ea6361f9d81f839cd56bdda3b45ed
        NOTE: 
https://github.com/facebook/hhvm/commit/f21dccdde582c61d5a9b52dd821bcb1f08169d28
-CVE-2016-1551 (Refclock packets can come from the network)
+CVE-2016-1551 [Refclock packets can come from the network]
        RESERVED
        - ntp 1:4.2.8p7+dfsg-1
        NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
        TODO: check
-CVE-2016-1550 (Timing attack for authenticated packets)
+CVE-2016-1550 [Timing attack for authenticated packets]
        RESERVED
        - ntp 1:4.2.8p7+dfsg-1
        NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
        TODO: check
-CVE-2016-1549 (Sybil attack with trustedkey)
+CVE-2016-1549 [Sybil attack with trustedkey]
        RESERVED
        - ntp 1:4.2.8p7+dfsg-1
        NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
        TODO: check
-CVE-2016-1548 (Change the time of an ntpd client or deny service to an ntpd 
client by forcing it to change from basic client/server mode to interleaved 
symmetric mode.)
+CVE-2016-1548 [Change the time of an ntpd client or deny service to an ntpd 
client by forcing it to change from basic client/server mode to interleaved 
symmetric mode.]
        RESERVED
        - ntp 1:4.2.8p7+dfsg-1
        NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
        TODO: check
-CVE-2016-1547 (Validate crypto-NAKs)
+CVE-2016-1547 [Validate crypto-NAKs]
        RESERVED
        - ntp 1:4.2.8p7+dfsg-1
        NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
@@ -17041,7 +17041,7 @@
        [wheezy] - gvfs <no-dsa> (Minor issue)
        [jessie] - gvfs <no-dsa> (Minor issue)
        NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2015/10/06/3
-CVE-2015-7705 (An attacker can forge packets that claim to be from the target 
and send them to servers often enough that a server that implements KoD rate 
limiting will send the target machine a KoD response to attempt to reduce the 
rate of incoming packets)
+CVE-2015-7705 [An attacker can forge packets that claim to be from the target 
and send them to servers often enough that a server that implements KoD rate 
limiting will send the target machine a KoD response to attempt to reduce the 
rate of incoming packets]
        RESERVED
        - ntp <unfixed>
        [squeeze] - ntp <no-dsa> (Default config not affected)
@@ -17050,7 +17050,7 @@
        NOTE: 
http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
        NOTE: 
https://github.com/ntp-project/ntp/commit/21d57dc336dbe9a975baca5ce5ae4da5b71ff123
        NOTE: 
https://github.com/ntp-project/ntp/commit/492758c3d0690d3ccf7130fabfcf670997f12f7b
-CVE-2015-7704 (An ntpd client that honors Kiss-of-Death responses will honor 
KoD messages that have been forged by an attacker, causing it to delay or stop 
querying its servers for time updates.)
+CVE-2015-7704 [An ntpd client that honors Kiss-of-Death responses will honor 
KoD messages that have been forged by an attacker, causing it to delay or stop 
querying its servers for time updates.]
        RESERVED
        {DSA-3388-1 DLA-335-1}
        - ntp 1:4.2.8p4+dfsg-3


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r41722 - data/CVE

Reply via email to