Author: sectracker
Date: 2016-07-30 09:10:09 +0000 (Sat, 30 Jul 2016)
New Revision: 43640
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-07-30 08:50:19 UTC (rev 43639)
+++ data/CVE/list 2016-07-30 09:10:09 UTC (rev 43640)
@@ -1,3 +1,11 @@
+CVE-2016-6492
+ RESERVED
+CVE-2016-6488
+ RESERVED
+CVE-2016-6487
+ RESERVED
+CVE-2016-6486
+ RESERVED
CVE-2016-6494 [world-readable .dbshell history file]
- mongodb <unfixed> (bug #832908)
NOTE: http://www.openwall.com/lists/oss-security/2016/07/29/4
@@ -2,5 +10,7 @@
CVE-2016-6491 [Buffer overflow]
+ RESERVED
- imagemagick <unfixed>
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/dd84447b63a71fa8c3f47071b09454efc667767b
CVE-2016-6489 [RSA code is vulnerable to cache sharing related attacks]
+ RESERVED
- nettle <unfixed>
@@ -80,6 +90,7 @@
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12495
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6490 [virtio: infinite loop in virtqueue_pop]
+ RESERVED
- qemu <unfixed> (bug #832767)
[jessie] - qemu <not-affected> (Vulnerable code not present)
[wheezy] - qemu <not-affected> (Issue introduced later)
@@ -94,6 +105,7 @@
CVE-2016-6481
RESERVED
CVE-2013-7458 [World readable .rediscli_history]
+ RESERVED
{DSA-3634-1}
- redis 2:3.2.1-4 (bug #832460)
NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/1
@@ -523,7 +535,7 @@
NOTE:
http://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6296 (Integer signedness error in the simplestring_addn function in
...)
- {DSA-3631-1}
+ {DSA-3631-1 DLA-569-1}
- php7.0 7.0.9-1
- php5 5.6.24+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/72606
@@ -598,7 +610,7 @@
NOTE: http://xenbits.xen.org/xsa/advisory-183.html
CVE-2016-6258 [x86: Privilege escalation in PV guests]
RESERVED
- {DSA-3633-1}
+ {DSA-3633-1 DLA-571-1}
- xen <unfixed>
NOTE: http://xenbits.xen.org/xsa/advisory-182.html
CVE-2016-6257
@@ -607,6 +619,7 @@
RESERVED
CVE-2016-6254
RESERVED
+ {DSA-3636-1}
- collectd 5.5.2-1 (bug #832507)
NOTE:
https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18
NOTE:
https://github.com/collectd/collectd/commit/8b4fed9940e02138b7e273e56863df03d1a39ef7
@@ -1018,6 +1031,7 @@
NOTE:
https://github.com/zendframework/zf1/commit/bf3f40605be3d8f136a07ae991079a7dcb34d967
CVE-2016-6232
RESERVED
+ {DLA-570-1}
- karchive 5.24.0-1
- kde4libs <unfixed> (bug #832620)
NOTE: The fix for 4:4.14.22-1 was incomplete, cf.
@@ -4830,8 +4844,8 @@
TODO: check affected versions
CVE-2016-5006
RESERVED
-CVE-2016-5005
- RESERVED
+CVE-2016-5005 (Cross-site scripting (XSS) vulnerability in Apache Archiva
1.3.9 and ...)
+ TODO: check
CVE-2016-5004
RESERVED
NOT-FOR-US: Apache Archiva
@@ -6633,7 +6647,7 @@
CVE-2016-4481
RESERVED
CVE-2016-4480 (The guest_walk_tables function in arch/x86/mm/guest_walk.c in
Xen ...)
- {DSA-3633-1}
+ {DSA-3633-1 DLA-571-1}
- xen <unfixed>
NOTE: http://xenbits.xen.org/xsa/advisory-176.html
CVE-2016-4479
@@ -6655,8 +6669,7 @@
{DSA-3607-1}
- linux 4.6.2-2
NOTE: Fixed by:
https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a
-CVE-2016-4469
- RESERVED
+CVE-2016-4469 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Apache ...)
NOT-FOR-US: Apache Archiva
CVE-2016-4468
RESERVED
@@ -8199,7 +8212,7 @@
- linux 4.5.2-1
NOTE: http://xenbits.xen.org/xsa/advisory-174.html
CVE-2016-3960 (Integer overflow in the x86 shadow pagetable code in Xen allows
local ...)
- {DSA-3554-1}
+ {DSA-3554-1 DLA-571-1}
- xen <unfixed> (bug #823620)
NOTE: http://xenbits.xen.org/xsa/advisory-173.html
CVE-2016-3957
@@ -8790,7 +8803,7 @@
NOTE: Introduced by:
https://git.kernel.org/linus/910a6aae4e2e45855efc4a268e43eed2d8445575 (v4.2-rc1)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1332139
CVE-2016-3712 (Integer overflow in the VGA module in QEMU allows local guest
OS users ...)
- {DSA-3573-1 DLA-540-1 DLA-539-1}
+ {DSA-3573-1 DLA-571-1 DLA-540-1 DLA-539-1}
- qemu 1:2.6+dfsg-1 (bug #823830)
- qemu-kvm <removed>
- xen 4.4.0-1
@@ -8801,7 +8814,7 @@
CVE-2016-3711 (HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift
Origin ...)
NOT-FOR-US: OpenShift
CVE-2016-3710 (The VGA module in QEMU improperly performs bounds checking on
banked ...)
- {DSA-3573-1 DLA-540-1 DLA-539-1}
+ {DSA-3573-1 DLA-571-1 DLA-540-1 DLA-539-1}
- qemu 1:2.6+dfsg-1 (bug #823830)
- qemu-kvm <removed>
- xen 4.4.0-1
@@ -10143,7 +10156,7 @@
CVE-2016-3160
RESERVED
CVE-2016-3159 (The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not
...)
- {DSA-3554-1}
+ {DSA-3554-1 DLA-571-1}
- xen <unfixed> (bug #823620)
NOTE: http://xenbits.xen.org/xsa/advisory-172.html
NOTE: CVE-2016-3159 is for the code change which is applicable for later
@@ -10151,7 +10164,7 @@
NOTE: for CVE-2016-3158. Ie for the first hunk in xsa172.patch, which
NOTE: patches the function fpu_fxrstor.
CVE-2016-3158 (The xrstor function in arch/x86/xstate.c in Xen 4.x does not
properly ...)
- {DSA-3554-1}
+ {DSA-3554-1 DLA-571-1}
- xen <unfixed> (bug #823620)
NOTE: http://xenbits.xen.org/xsa/advisory-172.html
NOTE: CVE-2016-3158 is for the code change which is required for all
@@ -61327,6 +61340,7 @@
[squeeze] - linux-2.6 2.6.32-48squeeze9
NOTE: Upstream commit:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9de7922bc709eee2f609cd01d98aaedc4cf5ea74
(v3.18-rc1)
CVE-2014-3672 (The qemu implementation in libvirt before 1.3.0 and Xen allows
local ...)
+ {DLA-571-1}
- qemu <unfixed>
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
