Author: sectracker
Date: 2016-06-13 21:10:15 +0000 (Mon, 13 Jun 2016)
New Revision: 42512
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-06-13 17:52:44 UTC (rev 42511)
+++ data/CVE/list 2016-06-13 21:10:15 UTC (rev 42512)
@@ -1,3 +1,103 @@
+CVE-2016-5432
+ RESERVED
+CVE-2016-5431
+ RESERVED
+CVE-2016-5430
+ RESERVED
+CVE-2016-5429
+ RESERVED
+CVE-2016-5428
+ RESERVED
+CVE-2016-5427
+ RESERVED
+CVE-2016-5426
+ RESERVED
+CVE-2016-5425
+ RESERVED
+CVE-2016-5424
+ RESERVED
+CVE-2016-5423
+ RESERVED
+CVE-2016-5422
+ RESERVED
+CVE-2016-5421
+ RESERVED
+CVE-2016-5420
+ RESERVED
+CVE-2016-5419
+ RESERVED
+CVE-2016-5418
+ RESERVED
+CVE-2016-5417
+ RESERVED
+CVE-2016-5416
+ RESERVED
+CVE-2016-5415
+ RESERVED
+CVE-2016-5414
+ RESERVED
+CVE-2016-5413
+ RESERVED
+CVE-2016-5412
+ RESERVED
+CVE-2016-5411
+ RESERVED
+CVE-2016-5410
+ RESERVED
+CVE-2016-5409
+ RESERVED
+CVE-2016-5408
+ RESERVED
+CVE-2016-5407
+ RESERVED
+CVE-2016-5406
+ RESERVED
+CVE-2016-5405
+ RESERVED
+CVE-2016-5404
+ RESERVED
+CVE-2016-5403
+ RESERVED
+CVE-2016-5402
+ RESERVED
+CVE-2016-5401
+ RESERVED
+CVE-2016-5400
+ RESERVED
+CVE-2016-5399
+ RESERVED
+CVE-2016-5398
+ RESERVED
+CVE-2016-5397
+ RESERVED
+CVE-2016-5396
+ RESERVED
+CVE-2016-5395
+ RESERVED
+CVE-2016-5394
+ RESERVED
+CVE-2016-5393
+ RESERVED
+CVE-2016-5392
+ RESERVED
+CVE-2016-5391
+ RESERVED
+CVE-2016-5390
+ RESERVED
+CVE-2016-5389
+ RESERVED
+CVE-2016-5388
+ RESERVED
+CVE-2016-5387
+ RESERVED
+CVE-2016-5386
+ RESERVED
+CVE-2016-5385
+ RESERVED
+CVE-2016-5384
+ RESERVED
+CVE-2016-5383
+ RESERVED
CVE-2016-5382
RESERVED
CVE-2016-5381
@@ -239,6 +339,7 @@
CVE-2016-5302
RESERVED
CVE-2015-8914
+ RESERVED
- neutron <unfixed>
NOTE: https://bugs.launchpad.net/bugs/1502933
TODO: check
@@ -645,8 +746,8 @@
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg00150.html
CVE-2016-5234
RESERVED
-CVE-2016-5233
- RESERVED
+CVE-2016-5233 (Huawei Mate 8 smartphones with software NXT-AL10 before ...)
+ TODO: check
CVE-2016-5232
RESERVED
CVE-2016-5231
@@ -1036,8 +1137,7 @@
NOTE: http://seclists.org/fulldisclosure/2016/May/59
NOTE: https://sourceforge.net/p/postfixadmin/bugs/372/
NOTE: Fixed by: https://sourceforge.net/p/postfixadmin/code/1842
-CVE-2016-5118 [popen() shell vulnerability via filename]
- RESERVED
+CVE-2016-5118 (The OpenBlob function in blob.c in GraphicsMagick before 1.3.24
and ...)
{DSA-3591-1 DLA-502-1 DLA-500-1}
- imagemagick 8:6.8.9.9-7.1 (bug #825799)
- graphicsmagick 1.3.24-1 (bug #825800)
@@ -3001,8 +3101,7 @@
RESERVED
CVE-2016-4430
RESERVED
-CVE-2016-4429 [stack (frame) overflow in Sun RPC clntudp_call()]
- RESERVED
+CVE-2016-4429 (Stack-based buffer overflow in the clntudp_call function in ...)
- glibc 2.22-10
[jessie] - glibc <no-dsa> (Minor issue)
- eglibc <removed>
@@ -4903,8 +5002,7 @@
CVE-2016-3721 (Jenkins before 2.3 and LTS before 1.651.2 might allow remote
...)
- jenkins <removed>
NOTE:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
-CVE-2016-3720 [XmlMapper is vulnerable to XXE attack]
- RESERVED
+CVE-2016-3720 (XML external entity (XXE) vulnerability in XmlMapper in the
Data ...)
- jackson-dataformat-xml 2.7.4-1 (bug #823703)
NOTE:
https://github.com/FasterXML/jackson-dataformat-xml/commit/f0f19a4c924d9db9a1e2830434061c8640092cc0
(2.7.4)
CVE-2016-3719
@@ -4983,8 +5081,7 @@
NOTE: more details in kernel-sec repository.
NOTE: https://lwn.net/Articles/448790/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1327484
-CVE-2016-3706
- RESERVED
+CVE-2016-3706 (Stack-based buffer overflow in the getaddrinfo function in ...)
{DLA-494-1}
- glibc 2.22-8
[jessie] - glibc <no-dsa> (Minor issue, can be fixed via point release)
@@ -6424,8 +6521,8 @@
NOTE: https://struts.apache.org/docs/s2-033.html
CVE-2016-3086
RESERVED
-CVE-2016-3085
- RESERVED
+CVE-2016-3085 (Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1,
4.7.x ...)
+ TODO: check
CVE-2016-3084
RESERVED
CVE-2016-3083
@@ -7223,22 +7320,18 @@
RESERVED
CVE-2016-2835
RESERVED
-CVE-2016-2834
- RESERVED
+CVE-2016-2834 (Mozilla Network Security Services (NSS) before 3.23, as used in
...)
- nss <unfixed>
- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
- firefox 47.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-61/
-CVE-2016-2833
- RESERVED
+CVE-2016-2833 (Mozilla Firefox before 47.0 ignores Content Security Policy
(CSP) ...)
- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
- firefox 47.0-1
-CVE-2016-2832
- RESERVED
+CVE-2016-2832 (Mozilla Firefox before 47.0 allows remote attackers to discover
the ...)
- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
- firefox 47.0-1
-CVE-2016-2831
- RESERVED
+CVE-2016-2831 (Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do
not ...)
{DSA-3600-1}
- firefox-esr 45.2.0esr-1
- firefox 47.0-1
@@ -7246,38 +7339,31 @@
RESERVED
NOTE: Contacted Red Hat to clarify entry at Red Hat's bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1342897
NOTE: Possibly a different issue than CVE-2016-2831 for Mozilla products
-CVE-2016-2829
- RESERVED
+CVE-2016-2829 (Mozilla Firefox before 47.0 allows remote attackers to spoof
...)
- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
- firefox 47.0-1
-CVE-2016-2828
- RESERVED
+CVE-2016-2828 (Use-after-free vulnerability in Mozilla Firefox before 47.0 and
...)
{DSA-3600-1}
- firefox-esr 45.2.0esr-1
- firefox 47.0-1
CVE-2016-2827
RESERVED
-CVE-2016-2826
- RESERVED
+CVE-2016-2826 (The maintenance service in Mozilla Firefox before 47.0 and
Firefox ESR ...)
- firefox-esr <not-affected> (Only affects Windows)
- firefox <not-affected> (Only affects Windows)
-CVE-2016-2825
- RESERVED
+CVE-2016-2825 (Mozilla Firefox before 47.0 allows remote attackers to bypass
the Same ...)
- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
- firefox 47.0-1
-CVE-2016-2824
- RESERVED
+CVE-2016-2824 (The TSymbolTableLevel class in ANGLE, as used in Mozilla
Firefox ...)
- firefox-esr <not-affected> (Only affects Windows)
- firefox <not-affected> (Only affects Windows)
CVE-2016-2823
RESERVED
-CVE-2016-2822
- RESERVED
+CVE-2016-2822 (Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2
allow ...)
{DSA-3600-1}
- firefox-esr 45.2.0esr-1
- firefox 47.0-1
-CVE-2016-2821
- RESERVED
+CVE-2016-2821 (Use-after-free vulnerability in the mozilla::dom::Element class
in ...)
{DSA-3600-1}
- firefox-esr 45.2.0esr-1
- firefox 47.0-1
@@ -7286,13 +7372,11 @@
- firefox-esr <not-affected> (Only Firefox 46)
- firefox 46.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-48/
-CVE-2016-2819
- RESERVED
+CVE-2016-2819 (Heap-based buffer overflow in Mozilla Firefox before 47.0 and
Firefox ...)
{DSA-3600-1}
- firefox-esr 45.2.0esr-1
- firefox 47.0-1
-CVE-2016-2818
- RESERVED
+CVE-2016-2818 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
{DSA-3600-1}
- firefox-esr 45.2.0esr-1
- firefox 47.0-1
@@ -7306,8 +7390,7 @@
- firefox-esr <not-affected> (Only Firefox 46)
- firefox 46.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-45/
-CVE-2016-2815
- RESERVED
+CVE-2016-2815 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
- firefox 47.0-1
CVE-2016-2814 (Heap-based buffer overflow in the ...)
@@ -7517,12 +7600,10 @@
RESERVED
CVE-2016-2787
RESERVED
-CVE-2016-2786
- RESERVED
+CVE-2016-2786 (The pxp-agent component in Puppet Enterprise 2015.3.x before
2015.3.3 ...)
- puppet <not-affected> (pxp-agent not packaged in Debian)
NOTE: https://puppet.com/security/cve/cve-2016-2786
-CVE-2016-2785 [incorrect URL decoding]
- RESERVED
+CVE-2016-2785 (Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x
before ...)
- puppet <not-affected> (Vulnerable code only in 4.x)
NOTE: https://puppet.com/security/cve/cve-2016-2785
NOTE:
https://github.com/puppetlabs/puppet/pull/4921/commits/8d2ce797db265720f0a20d1d46ee2757b4e4f6b2
@@ -8455,82 +8536,82 @@
RESERVED
CVE-2016-2501
RESERVED
-CVE-2016-2500
- RESERVED
-CVE-2016-2499
- RESERVED
-CVE-2016-2498
- RESERVED
+CVE-2016-2500 (Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before
5.1.1, ...)
+ TODO: check
+CVE-2016-2499 (AudioSource.cpp in libstagefright in mediaserver in Android 4.x
before ...)
+ TODO: check
+CVE-2016-2498 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus
7 ...)
+ TODO: check
CVE-2016-2497
RESERVED
-CVE-2016-2496
- RESERVED
-CVE-2016-2495
- RESERVED
-CVE-2016-2494
- RESERVED
-CVE-2016-2493
- RESERVED
-CVE-2016-2492
- RESERVED
-CVE-2016-2491
- RESERVED
-CVE-2016-2490
- RESERVED
-CVE-2016-2489
- RESERVED
-CVE-2016-2488
- RESERVED
-CVE-2016-2487
- RESERVED
-CVE-2016-2486
- RESERVED
-CVE-2016-2485
- RESERVED
-CVE-2016-2484
- RESERVED
-CVE-2016-2483
- RESERVED
-CVE-2016-2482
- RESERVED
-CVE-2016-2481
- RESERVED
-CVE-2016-2480
- RESERVED
-CVE-2016-2479
- RESERVED
-CVE-2016-2478
- RESERVED
-CVE-2016-2477
- RESERVED
-CVE-2016-2476
- RESERVED
-CVE-2016-2475
- RESERVED
-CVE-2016-2474
- RESERVED
-CVE-2016-2473
- RESERVED
-CVE-2016-2472
- RESERVED
-CVE-2016-2471
- RESERVED
-CVE-2016-2470
- RESERVED
-CVE-2016-2469
- RESERVED
-CVE-2016-2468
- RESERVED
-CVE-2016-2467
- RESERVED
-CVE-2016-2466
- RESERVED
-CVE-2016-2465
- RESERVED
-CVE-2016-2464
- RESERVED
-CVE-2016-2463
- RESERVED
+CVE-2016-2496 (The Framework UI permission-dialog implementation in Android
6.x ...)
+ TODO: check
+CVE-2016-2495 (SampleTable.cpp in libstagefright in mediaserver in Android 4.x
before ...)
+ TODO: check
+CVE-2016-2494 (Off-by-one error in sdcard/sdcard.c in Android 4.x before
4.4.4, 5.0.x ...)
+ TODO: check
+CVE-2016-2493 (The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus
5, ...)
+ TODO: check
+CVE-2016-2492 (The MediaTek power-management driver in Android before
2016-06-01 on ...)
+ TODO: check
+CVE-2016-2491 (The NVIDIA camera driver in Android before 2016-06-01 on Nexus
9 ...)
+ TODO: check
+CVE-2016-2490 (The NVIDIA camera driver in Android before 2016-06-01 on Nexus
9 ...)
+ TODO: check
+CVE-2016-2489 (The Qualcomm video driver in Android before 2016-06-01 on Nexus
5, 5X, ...)
+ TODO: check
+CVE-2016-2488 (The Qualcomm camera driver in Android before 2016-06-01 on
Nexus 5, ...)
+ TODO: check
+CVE-2016-2487 (libstagefright in mediaserver in Android 4.x before 4.4.4,
5.0.x ...)
+ TODO: check
+CVE-2016-2486 (mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android
4.x ...)
+ TODO: check
+CVE-2016-2485 (libstagefright in mediaserver in Android 4.x before 4.4.4,
5.0.x ...)
+ TODO: check
+CVE-2016-2484 (libstagefright in mediaserver in Android 4.x before 4.4.4,
5.0.x ...)
+ TODO: check
+CVE-2016-2483 (The mm-video-v4l2 venc component in mediaserver in Android 4.x
before ...)
+ TODO: check
+CVE-2016-2482 (The mm-video-v4l2 vdec component in mediaserver in Android 4.x
before ...)
+ TODO: check
+CVE-2016-2481 (The mm-video-v4l2 venc component in mediaserver in Android 4.x
before ...)
+ TODO: check
+CVE-2016-2480 (The mm-video-v4l2 vidc component in mediaserver in Android 4.x
before ...)
+ TODO: check
+CVE-2016-2479 (The mm-video-v4l2 vdec component in mediaserver in Android 4.x
before ...)
+ TODO: check
+CVE-2016-2478 (mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver
in ...)
+ TODO: check
+CVE-2016-2477 (mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver
in ...)
+ TODO: check
+CVE-2016-2476 (mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2,
5.1.x ...)
+ TODO: check
+CVE-2016-2475 (The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus
5, ...)
+ TODO: check
+CVE-2016-2474 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus
5X ...)
+ TODO: check
+CVE-2016-2473 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus
7 ...)
+ TODO: check
+CVE-2016-2472 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus
7 ...)
+ TODO: check
+CVE-2016-2471 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus
7 ...)
+ TODO: check
+CVE-2016-2470 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus
7 ...)
+ TODO: check
+CVE-2016-2469 (The Qualcomm sound driver in Android before 2016-06-01 on Nexus
5, 6, ...)
+ TODO: check
+CVE-2016-2468 (The Qualcomm GPU driver in Android before 2016-06-01 on Nexus
5, 5X, ...)
+ TODO: check
+CVE-2016-2467 (The Qualcomm sound driver in Android before 2016-06-01 on Nexus
5 ...)
+ TODO: check
+CVE-2016-2466 (The Qualcomm sound driver in Android before 2016-06-01 on Nexus
6 ...)
+ TODO: check
+CVE-2016-2465 (The Qualcomm video driver in Android before 2016-06-01 on Nexus
5, 5X, ...)
+ TODO: check
+CVE-2016-2464 (libvpx in libwebm in mediaserver in Android 4.x before 4.4.4,
5.0.x ...)
+ TODO: check
+CVE-2016-2463 (Multiple integer overflows in the h264dec component in
libstagefright ...)
+ TODO: check
CVE-2016-2462 (OpenSSLCipher.java in Conscrypt in Android 6.x before
2016-05-01 ...)
NOT-FOR-US: Android
CVE-2016-2461 (OpenSSLCipher.java in Conscrypt in Android 6.x before
2016-05-01 ...)
@@ -10074,8 +10155,8 @@
RESERVED
CVE-2016-2067
RESERVED
-CVE-2016-2066
- RESERVED
+CVE-2016-2066 (Integer signedness error in the MSM QDSP6 audio driver for the
Linux ...)
+ TODO: check
CVE-2016-2065
RESERVED
CVE-2016-2064
@@ -10084,8 +10165,8 @@
RESERVED
CVE-2016-2062 (The adreno_perfcounter_query_group function in ...)
TODO: check
-CVE-2016-2061
- RESERVED
+CVE-2016-2061 (Integer signedness error in the MSM V4L2 video driver for the
Linux ...)
+ TODO: check
CVE-2016-2060 (server/TetherController.cpp in the tethering controller in
netd, as ...)
NOT-FOR-US: Android
CVE-2016-2059 (The msm_ipc_router_bind_control_port function in ...)
@@ -168475,7 +168556,7 @@
NOTE: http://marc.info/?l=maradns-list&m=118842373527534&w=2
CVE-2007-4630 (Cross-site scripting (XSS) vulnerability in xlaapmview.asp in
Absolute ...)
NOT-FOR-US: Absolute Poll Manager
-CVE-2007-4629 (Buffer overflow in the processLine funtion in maptemplate.c in
...)
+CVE-2007-4629 (Buffer overflow in the processLine function in maptemplate.c in
...)
{DSA-1539-1}
- mapserver 4.10.3-1
CVE-2007-4628 (SQL injection vulnerability in shownews.php in phpns 1.1 allows
remote ...)
@@ -188430,7 +188511,7 @@
NOT-FOR-US: bbsengine
CVE-2006-3307 (Multiple SQL injection vulnerabilities in Project EROS
bbsengine ...)
NOT-FOR-US: bbsengine
-CVE-2006-3306 (Cross-site scripting (XSS) vulnerability in the preparestring
funtion ...)
+CVE-2006-3306 (Cross-site scripting (XSS) vulnerability in the preparestring
function ...)
NOT-FOR-US: bbsengine
CVE-2006-3305 (Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau
...)
NOT-FOR-US: UebiMiau
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
