Author: sectracker
Date: 2016-09-16 21:10:16 +0000 (Fri, 16 Sep 2016)
New Revision: 44661

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-09-16 17:40:28 UTC (rev 44660)
+++ data/CVE/list       2016-09-16 21:10:16 UTC (rev 44661)
@@ -1,4 +1,5 @@
 CVE-2016-7423 [scsi: mptsas: OOB access when freeing MPTSASRequest object]
+       RESERVED
        - qemu <unfixed>
        [jessie] - qemu <not-affected> (Vulnerable code introduced later)
        [wheezy] - qemu <not-affected> (Vulnerable code introduced later)
@@ -10,6 +11,7 @@
        NOTE: 
http://git.qemu.org/?p=qemu.git;a=commit;h=e351b82611293683c4cabe4b69b7552bde5d4e2a
 (v2.6.0-rc0)
        NOTE: Fixed by: 
http://git.qemu.org/?p=qemu.git;a=commit;h=670e56d3ed2918b3861d9216f2c0540d9e9ae0d5
 CVE-2016-7422 [virtio: null pointer dereference in virtqueue_map_desc]
+       RESERVED
        - qemu <unfixed>
        [jessie] - qemu <not-affected> (Vulnerable code introduced later)
        [wheezy] - qemu <not-affected> (Vulnerable code introduced later)
@@ -19,6 +21,7 @@
        NOTE: Introduced by: 
http://git.qemu.org/?p=qemu.git;a=commit;h=3b3b0628217e2726069990ff9942a5d6d9816bd7
 (v2.6.0-rc0)
        NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/4
 CVE-2016-7421 [scsi: pvscsi: infinite loop when processing IO requests]
+       RESERVED
        - qemu <unfixed>
        [wheezy] - qemu <not-affected> (Vulnerable code not present, introduced 
after 1.5)
        - qemu-kvm <not-affected> (Vulnerable code not present, introduced 
after 1.5)
@@ -2219,8 +2222,7 @@
        RESERVED
 CVE-2016-7424
        RESERVED
-CVE-2016-7420 [Library documentation lacks treatment of -DNDEBUG and Static 
Initialization]
-       RESERVED
+CVE-2016-7420 (Crypto++ (aka cryptopp) through 5.6.4 does not document the ...)
        - libcrypto++ <unfixed>
        NOTE: https://github.com/weidai11/cryptopp/issues/277
 CVE-2016-7419
@@ -3555,8 +3557,8 @@
        RESERVED
 CVE-2016-6937
        RESERVED
-CVE-2016-6936
-       RESERVED
+CVE-2016-6936 (Adobe AIR SDK &amp; Compiler before 23.0.0.257 on Windows does 
not support ...)
+       TODO: check
 CVE-2016-6935
        RESERVED
 CVE-2016-6934
@@ -4242,7 +4244,7 @@
        RESERVED
 CVE-2016-6662 [privilege escalation through ld_preload hijacking and my.cnf 
rewrite]
        RESERVED
-       {DSA-3666-1}
+       {DSA-3666-1 DLA-624-1}
        - mariadb-10.0 10.0.27-1
        - mysql-5.6 <unfixed>
        - mysql-5.5 <removed>
@@ -5503,13 +5505,11 @@
        RESERVED
 CVE-2016-6304
        RESERVED
-CVE-2016-6303
-       RESERVED
+CVE-2016-6303 (Integer overflow in the MDC2_Update function in 
crypto/mdc2/mdc2dgst.c ...)
        - openssl <unfixed>
        [jessie] - openssl <no-dsa> (Wait until next openssl update round)
        NOTE: 
https://git.openssl.org/?p=openssl.git;a=commit;h=55d83bf7c10c7b205fffa23fa7c3977491e56c07
-CVE-2016-6302
-       RESERVED
+CVE-2016-6302 (The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL 
before ...)
        - openssl <unfixed>
        [jessie] - openssl <no-dsa> (Wait until next openssl update round)
        NOTE: 
https://git.openssl.org/?p=openssl.git;a=commit;h=e97763c92c655dcf4af2860b3abd2bc4c8a267f9
@@ -12577,22 +12577,22 @@
        NOT-FOR-US: Adobe
 CVE-2016-4264 (The Office Open XML (OOXML) feature in Adobe ColdFusion 10 
before ...)
        TODO: check
-CVE-2016-4263
-       RESERVED
-CVE-2016-4262
-       RESERVED
-CVE-2016-4261
-       RESERVED
-CVE-2016-4260
-       RESERVED
-CVE-2016-4259
-       RESERVED
-CVE-2016-4258
-       RESERVED
-CVE-2016-4257
-       RESERVED
-CVE-2016-4256
-       RESERVED
+CVE-2016-4263 (Use-after-free vulnerability in Adobe Digital Editions before 
4.5.2 ...)
+       TODO: check
+CVE-2016-4262 (Adobe Digital Editions before 4.5.2 allows attackers to execute 
...)
+       TODO: check
+CVE-2016-4261 (Adobe Digital Editions before 4.5.2 allows attackers to execute 
...)
+       TODO: check
+CVE-2016-4260 (Adobe Digital Editions before 4.5.2 allows attackers to execute 
...)
+       TODO: check
+CVE-2016-4259 (Adobe Digital Editions before 4.5.2 allows attackers to execute 
...)
+       TODO: check
+CVE-2016-4258 (Adobe Digital Editions before 4.5.2 allows attackers to execute 
...)
+       TODO: check
+CVE-2016-4257 (Adobe Digital Editions before 4.5.2 allows attackers to execute 
...)
+       TODO: check
+CVE-2016-4256 (Adobe Digital Editions before 4.5.2 allows attackers to execute 
...)
+       TODO: check
 CVE-2016-4255 (Use-after-free vulnerability in Adobe Reader and Acrobat before 
...)
        NOT-FOR-US: Adobe
 CVE-2016-4254 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat 
Reader DC ...)
@@ -18964,13 +18964,11 @@
        NOTE: What was done in OpenSSL: 
https://www.openssl.org/blog/blog/2016/08/24/sweet32/
        NOTE: Python issue: https://bugs.python.org/issue27850
        TODO: not clear if this should be assigned to individual source, like 
openssl and nss (openpvn got a own CVE)
-CVE-2016-2182
-       RESERVED
+CVE-2016-2182 (The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL 
before 1.1.0 ...)
        - openssl <unfixed>
        [jessie] - openssl <no-dsa> (Wait until next openssl update round)
        NOTE: 
https://git.openssl.org/?p=openssl.git;a=commit;h=07bed46f332fce8c1d157689a2cdf915a982ae34
-CVE-2016-2181
-       RESERVED
+CVE-2016-2181 (The Anti-Replay feature in the DTLS implementation in OpenSSL 
before ...)
        - openssl <unfixed>
        [jessie] - openssl <no-dsa> (Wait until next openssl update round)
        NOTE: 
https://git.openssl.org/?p=openssl.git;a=commit;h=1fb9fdc3027b27d8eb6a1e6a846435b070980770
@@ -18978,8 +18976,7 @@
        - openssl <unfixed>
        [jessie] - openssl <no-dsa> (Wait until next openssl update round)
        NOTE: 
https://git.openssl.org/?p=openssl.git;a=commit;h=0ed26acce328ec16a3aa635f1ca37365e8c7403a
-CVE-2016-2179
-       RESERVED
+CVE-2016-2179 (The DTLS implementation in OpenSSL before 1.1.0 does not 
properly ...)
        - openssl <unfixed>
        [jessie] - openssl <no-dsa> (Wait until next openssl update round)
        NOTE: 
https://git.openssl.org/?p=openssl.git;a=commit;h=f5c7f5dfbaf0d2f7d946d0fe86f08e6bcb36ed0d
@@ -62616,7 +62613,7 @@
        NOT-FOR-US: innovaphone PBX
 CVE-2014-5334
        RESERVED
-CVE-2014-5332 (Race condition in NVMap in NVIDIA Tegra Linux Kernel 3.10 
alllows ...)
+CVE-2014-5332 (Race condition in NVMap in NVIDIA Tegra Linux Kernel 3.10 
allows local ...)
        - linux <not-affected> (drivers/video/tegra not present)
        NOTE: 
http://googleprojectzero.blogspot.de/2015/01/exploiting-nvmap-to-escape-chrome.html
 CVE-2014-5331 (Cross-site scripting (XSS) vulnerability in Aflax allows remote 
...)
@@ -229796,7 +229793,7 @@
        NOT-FOR-US: Linux Directory Penguin
 CVE-2002-0484 (move_uploaded_file in PHP does not does not check for the base 
...)
        NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-2002-0473 (db.php in phBB 2.0 (aka phBB2) RC-3 and earlier allows remote 
...)
+CVE-2002-0473 (db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote 
...)
        NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2002-0464 (Directory traversal vulnerability in Hosting Controller 1.4.1 
and ...)
        NOT-FOR-US: Hosting Controller
@@ -230397,7 +230394,7 @@
        NOT-FOR-US: Cisco
 CVE-2001-1096 (Buffer overflows in muxatmd in AIX 4 allows an attacker to 
cause a ...)
        NOT-FOR-US: AIX
-CVE-2001-1095 (Buffer overflow in uuq in AIX 4 could alllow local users to 
execute ...)
+CVE-2001-1095 (Buffer overflow in uuq in AIX 4 could allow local users to 
execute ...)
        NOT-FOR-US: AIX
 CVE-2001-1089 (libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote 
attackers to ...)
        NOT-FOR-US: Data pre-dating the Security Tracker
@@ -232814,7 +232811,7 @@
        NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2000-0215 (Vulnerability in SCO cu program in UnixWare 7.x allows local 
users to ...)
        NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-2000-0212 (InterAccess TelnetID Server 4.0 allows remote attackers to 
conduct a ...)
+CVE-2000-0212 (InterAccess TelnetD Server 4.0 allows remote attackers to 
conduct a ...)
        NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2000-0211 (The Windows Media server allows remote attackers to cause a 
denial of ...)
        NOT-FOR-US: Data pre-dating the Security Tracker
@@ -233856,7 +233853,7 @@
        NOT-FOR-US: Cisco
 CVE-1999-0733 (Buffer overflow in VMWare 1.0.1 for Linux via a long HOME ...)
        NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0732 (The logging facilitity of the Debian smtp-refuser package 
allows local ...)
+CVE-1999-0732 (The logging facility of the Debian smtp-refuser package allows 
local ...)
        NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-1999-0731 (The KDE klock program allows local users to unlock a session 
using ...)
        NOT-FOR-US: Data pre-dating the Security Tracker


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to