Author: sectracker
Date: 2016-07-14 21:10:11 +0000 (Thu, 14 Jul 2016)
New Revision: 43203
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-07-14 20:25:38 UTC (rev 43202)
+++ data/CVE/list 2016-07-14 21:10:11 UTC (rev 43203)
@@ -1,4 +1,19 @@
+CVE-2016-6217
+ RESERVED
+CVE-2016-6216
+ RESERVED
+CVE-2016-6215
+ RESERVED
+CVE-2016-6212
+ RESERVED
+CVE-2016-6210
+ RESERVED
+CVE-2016-6208
+ RESERVED
+CVE-2016-6207
+ RESERVED
CVE-2016-6209 [Reflected XSS vulnerability and possible phishing vector]
+ RESERVED
- nagios3 <undetermined>
NOTE: http://seclists.org/fulldisclosure/2016/Jun/20
TODO: check, and check icinga as well
@@ -95,6 +110,7 @@
NOTE: Fixed by:
https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/857
NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/2
CVE-2016-6214 [read out-of-bounds issue]
+ RESERVED
- libgd2 2.2.2-29-g3c2b605-1
NOTE: https://github.com/libgd/libgd/issues/247#issuecomment-232084241
NOTE: Different issue than CVE-2016-6132
@@ -110,6 +126,7 @@
NOTE:
https://github.com/isaacs/minimatch/commit/6944abf9e0694bd22fd9dad293faa40c2bc8a955
NOTE: libv8 is not covered by security support
CVE-2016-6213
+ RESERVED
- linux <unfixed>
CVE-2016-6186
RESERVED
@@ -972,8 +989,7 @@
RESERVED
CVE-2016-5822
RESERVED
-CVE-2016-5821
- RESERVED
+CVE-2016-5821 (Huawei HiSuite before 4.0.4.204_ove (Out of China) and before
...)
NOT-FOR-US: Huawei HiSuite
CVE-2016-5820
RESERVED
@@ -1112,6 +1128,7 @@
CVE-2016-5745
RESERVED
CVE-2015-8945
+ RESERVED
NOT-FOR-US: OpenShift
CVE-2015-8944
RESERVED
@@ -1309,6 +1326,7 @@
NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
CVE-2016-5773 [ZipArchive class Use After Free Vulnerability in PHP's GC
algorithm and unserialize]
RESERVED
+ {DSA-3618-1}
- php7.0 7.0.8-1
- php5 5.6.23+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72434
@@ -1316,6 +1334,7 @@
NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5772 [Double Free Courruption in wddx_deserialize]
RESERVED
+ {DSA-3618-1}
- php7.0 7.0.8-1
- php5 5.6.23+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72340
@@ -1323,6 +1342,7 @@
NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5771 [Use After Free Vulnerability in PHP's GC algorithm and
unserialize]
RESERVED
+ {DSA-3618-1}
- php7.0 <not-affected> (Does not affect PHP 7.x)
- php5 5.6.23+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72433
@@ -1330,6 +1350,7 @@
NOTE: Fixed in 5.5.37, 5.6.23
CVE-2016-5770 [int/size_t confusion in SplFileObject::fread]
RESERVED
+ {DSA-3618-1}
- php7.0 7.0.8-1
- php5 5.6.23+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72262
@@ -1337,6 +1358,7 @@
NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5769 [Heap Overflow due to integer overflows]
RESERVED
+ {DSA-3618-1}
- php7.0 7.0.8-1
- php5 5.6.23+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72455
@@ -1344,6 +1366,7 @@
NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5768 [_php_mb_regex_ereg_replace_exec - double free]
RESERVED
+ {DSA-3618-1}
- php7.0 7.0.8-1
- php5 5.6.23+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72402
@@ -2041,6 +2064,7 @@
CVE-2016-5435 (Memory leak in Huawei IPS Module, NGFW Module, NIP6300,
NIP6600, and ...)
TODO: check
CVE-2016-6211 [SA-CORE-2016-002 -- User module -- Saving user accounts can
sometimes grant the user all roles]
+ RESERVED
{DSA-3604-1}
- drupal7 7.44-1
[jessie] - drupal7 7.32-1+deb8u7
@@ -2152,7 +2176,7 @@
- linux <unfixed>
NOTE: https://www.mail-archive.com/netdev@vger.kernel.org/msg118677.html
CVE-2016-5389
- RESERVED
+ REJECTED
CVE-2016-5388
RESERVED
CVE-2016-5387
@@ -3338,8 +3362,8 @@
RESERVED
CVE-2016-5110
RESERVED
-CVE-2016-5109
- RESERVED
+CVE-2016-5109 (Citrix Worx Home for iOS before 10.3.6 and XenMobile MDX
Toolkit for ...)
+ TODO: check
CVE-2015-8887
RESERVED
CVE-2015-8886
@@ -3421,8 +3445,8 @@
[jessie] - phpmyadmin <no-dsa> (Minor issue)
[wheezy] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-14/
-CVE-2016-5092
- RESERVED
+CVE-2016-5092 (Directory traversal vulnerability in Fortinet FortiWeb before
5.5.3 ...)
+ TODO: check
CVE-2016-5108 (Buffer overflow in the DecodeAdpcmImaQT function in ...)
{DSA-3598-1}
- vlc 2.2.3-2 (bug #825728)
@@ -3563,8 +3587,7 @@
NOTE: http://tracker.ceph.com/issues/16297
NOTE: https://github.com/ceph/ceph/pull/9700
NOTE:
https://github.com/ceph/ceph/commit/957ece7e95d8f8746191fd9629622d4457d690d6
-CVE-2016-5008 [libvirt: Setting empty VNC password allows access to
unauthorized users]
- RESERVED
+CVE-2016-5008 (libvirt before 2.0.0 improperly disables password checking when
the ...)
{DSA-3613-1 DLA-541-1}
- libvirt 2.0.0-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1180092
@@ -3677,8 +3700,7 @@
RESERVED
CVE-2016-4975
RESERVED
-CVE-2016-4974
- RESERVED
+CVE-2016-4974 (Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0)
before ...)
NOT-FOR-US: Apache Qpid Java Broker
CVE-2016-4973
RESERVED
@@ -6324,8 +6346,8 @@
RESERVED
CVE-2016-4067
RESERVED
-CVE-2016-4066
- RESERVED
+CVE-2016-4066 (Cross-site request forgery (CSRF) vulnerability in Fortinet
FortiWeb ...)
+ TODO: check
CVE-2016-4065 (The ConvertToPDF plugin in Foxit Reader and PhantomPDF before
7.3.4 on ...)
NOT-FOR-US: Foxit
CVE-2016-4064 (Use-after-free vulnerability in the XFA forms handling
functionality ...)
@@ -8965,8 +8987,7 @@
CVE-2016-3101
RESERVED
- jenkins <removed>
-CVE-2016-3100
- RESERVED
+CVE-2016-3100 (kinit in KDE Frameworks before 5.23.0 uses weak permissions
(644) for ...)
- kinit 5.23.0-1 (bug #827476)
NOTE: https://bugs.kde.org/show_bug.cgi?id=358593
NOTE: https://bugs.kde.org/show_bug.cgi?id=363140
@@ -12035,8 +12056,7 @@
- tcpdf <undetermined> (bug #814030)
NOTE: https://sourceforge.net/p/tcpdf/bugs/1005/ (not public)
NOTE: According to upstream fixed in 6.2.0, but not details available
-CVE-2015-8808 [out-of-bound read in the parsing of gif files]
- RESERVED
+CVE-2015-8808 (The DecodeImage function in coders/gif.c in GraphicsMagick
1.3.18 ...)
{DLA-484-1}
- graphicsmagick 1.3.21-2
NOTE: http://www.openwall.com/lists/oss-security/2016/02/06/1
@@ -13411,7 +13431,7 @@
NOT-FOR-US: SAP
CVE-2016-1910 (The User Management Engine (UME) in SAP NetWeaver 7.4 allows
attackers ...)
NOT-FOR-US: SAP
-CVE-2016-1909 (FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch
3.3.x ...)
+CVE-2016-1909 (Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5;
...)
NOT-FOR-US: FortiOS
CVE-2015-8775
RESERVED
@@ -15116,12 +15136,14 @@
TODO: check
CVE-2016-1372
RESERVED
+ {DLA-546-1}
- clamav 0.99.2+dfsg-1
[jessie] - clamav 0.99.2+dfsg-0+deb8u1
NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11514
NOTE:
https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/
CVE-2016-1371
RESERVED
+ {DLA-546-1}
- clamav 0.99.2+dfsg-1
[jessie] - clamav 0.99.2+dfsg-0+deb8u1
NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11514
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
