Author: sectracker
Date: 2016-10-17 21:10:18 +0000 (Mon, 17 Oct 2016)
New Revision: 45409

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-10-17 20:29:18 UTC (rev 45408)
+++ data/CVE/list       2016-10-17 21:10:18 UTC (rev 45409)
@@ -1,3 +1,17 @@
+CVE-2016-8673
+       RESERVED
+CVE-2016-8672
+       RESERVED
+CVE-2005-4900 (SHA-1 is not collision resistant, which makes it easier for ...)
+       TODO: check
+CVE-2005-4899
+       RESERVED
+CVE-2005-4898
+       RESERVED
+CVE-2005-4897
+       RESERVED
+CVE-2005-4896
+       RESERVED
 CVE-2016-6911 [invalid read in gdImageCreateFromTiffPtr()]
        RESERVED
        {DSA-3693-1}
@@ -4,66 +18,84 @@
        - libgd2 <unfixed> (bug #840806)
        NOTE: Corresponds to the 
0020-Fix-invalid-read-in-gdImageCreateFromTiffPtr.patch patch
 CVE-2016-8703
+       RESERVED
        - potrace 1.13-1
        NOTE: 
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
        TODO: check
 CVE-2016-8702
+       RESERVED
        - potrace 1.13-1
        NOTE: 
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
        TODO: check
 CVE-2016-8701
+       RESERVED
        - potrace 1.13-1
        NOTE: 
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
        TODO: check
 CVE-2016-8700
+       RESERVED
        - potrace 1.13-1
        NOTE: 
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
        TODO: check
 CVE-2016-8699
+       RESERVED
        - potrace 1.13-1
        NOTE: 
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
        TODO: check
 CVE-2016-8698
+       RESERVED
        - potrace 1.13-1
        NOTE: 
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
        TODO: check
 CVE-2016-8697 [AddressSanitizer: FPE on unknown address 0x508d51 in bm_new ... 
bitmap.h]
+       RESERVED
        - potrace 1.13-1
        NOTE: 
https://blogs.gentoo.org/ago/2016/08/08/potrace-divide-by-zero-in-bm_new-bitmap-h/
        TODO: check
 CVE-2016-8696
+       RESERVED
        - potrace 1.13-1
        NOTE: 
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/
        TODO: check
 CVE-2016-8695
+       RESERVED
        - potrace 1.13-1
        NOTE: 
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/
        TODO: check
 CVE-2016-8694
+       RESERVED
        - potrace 1.13-1
        NOTE: 
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/
        TODO: check
 CVE-2016-8693 [attempting double-free ... mem_close ... jas_stream.c]
+       RESERVED
        - jasper <unfixed> (bug #841110)
        NOTE: 
https://blogs.gentoo.org/ago/2016/10/16/jasper-double-free-in-mem_close-jas_stream-c/
 CVE-2016-8692 [FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c]
+       RESERVED
        - jasper <unfixed> (bug #841111)
        NOTE: 
https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/
        NOTE: Fixed by: 
https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020
 (version-1.900.4)
 CVE-2016-8691 [FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c]
+       RESERVED
        - jasper <unfixed> (bug #841111)
        NOTE: 
https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/
        NOTE: Fixed by: 
https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020
 (version-1.900.4)
 CVE-2016-8690 [SEGV on unknown address ... bmp_getdata ... bmp_dec.c]
+       RESERVED
        - jasper <unfixed> (bug #841112)
        NOTE: CVE ID for the first and fifth items of 
http://www.openwall.com/lists/oss-security/2016/08/23/6 post
        NOTE: 
https://blogs.gentoo.org/ago/2016/10/16/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c/
 CVE-2016-8689
+       RESERVED
+       {DLA-661-1}
        - libarchive 3.2.1-5 (bug #840934)
        NOTE: 
https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-read_header-archive_read_support_format_7zip-c/
        NOTE: https://github.com/libarchive/libarchive/issues/761
        NOTE: Fixed by: 
https://github.com/libarchive/libarchive/commit/7f17c791dcfd8c0416e2cd2485b19410e47ef126
 CVE-2016-8688
+       RESERVED
+       {DLA-661-1}
        - libarchive 3.2.1-5 (bug #840935)
        NOTE: 
https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-detect_form-archive_read_support_format_mtree-c/
        NOTE: 
https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-memory-corruptionunknown-crash-in-bid_entry-archive_read_support_format_mtree-c/
@@ -72,34 +104,42 @@
        NOTE: 
https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-use-after-free-in-detect_form-archive_read_support_format_mtree-c/
        NOTE: Fixed by: 
https://github.com/libarchive/libarchive/commit/eec077f52bfa2d3f7103b4b74d52572ba8a15aca
 CVE-2016-8687
+       RESERVED
+       {DLA-661-1}
        - libarchive 3.2.1-5 (bug #840936)
        NOTE: 
https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-stack-based-buffer-overflow-in-bsdtar_expand_char-util-c/
        NOTE: Fixed by: 
https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a
        NOTE: https://github.com/libarchive/libarchive/issues/767
 CVE-2016-8678 [heap-based buffer overflow in IsPixelMonochrome]
+       RESERVED
        - imagemagick <unfixed>
        NOTE: 
https://blogs.gentoo.org/ago/2016/10/07/imagemagick-heap-based-buffer-overflow-in-ispixelmonochrome-pixel-accessor-h/
        TODO: check
 CVE-2016-8677 [memory allocate failure in AcquireQuantumPixels]
+       RESERVED
        - imagemagick <unfixed>
        NOTE: 
https://blogs.gentoo.org/ago/2016/10/07/imagemagick-memory-allocate-failure-in-acquirequantumpixels-quantum-c/
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/6e48aa92ff4e6e95424300ecd52a9ea453c19c60
        TODO: check
 CVE-2016-8676 [Issue that remains after addressing CVE-2016-8675 with 
e5b019725f53b79159931d3a7317107cbbfd0860]
+       RESERVED
        - libav <removed>
        NOTE: 
https://blogs.gentoo.org/ago/2016/09/07/libav-null-pointer-dereference-in-get_vlc2_get_bits_h/
 CVE-2016-8675
+       RESERVED
        - libav <removed>
        NOTE: 
https://blogs.gentoo.org/ago/2016/09/07/libav-null-pointer-dereference-in-get_vlc2_get_bits_h/
        NOTE: Fixed by: 
https://github.com/libav/libav/commit/e5b019725f53b79159931d3a7317107cbbfd0860
        NOTE: Cf. CVE-2016-8676 as well which remain unfixed after 
e5b019725f53b79159931d3a7317107cbbfd0860
 CVE-2016-8674
+       RESERVED
        - mupdf <unfixed> (bug #840957)
        NOTE: Fixed by: 
http://git.ghostscript.com/?p=mupdf.git;h=1e03c06456d997435019fb3526fa2d4be7dbc6ec
        NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697015
        NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697019
        NOTE: (Wheezy) Crash is not reproducible with reprocuder. Needs 
clarification from upstream.
 CVE-2016-8670 [Stack Buffer Overflow in GD dynamicGetbuf]
+       RESERVED
        {DSA-3693-1}
        - libgd2 <unfixed> (bug #840805)
        NOTE: Workaround entry for DSA-3693-1 until CVE assigned
@@ -107,14 +147,17 @@
        NOTE: 
https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9
        NOTE: http://www.openwall.com/lists/oss-security/2016/10/15/1
 CVE-2016-8671 [Incomplete fix for CVE-2016-6887]
+       RESERVED
        - matrixssl <not-affected> (Incomplete fix for CVE-2016-6887 not 
applied)
        NOTE: 
https://blog.fuzzing-project.org/54-Update-on-MatrixSSL-miscalculation-incomplete-fix-for-CVE-2016-6887.html
 CVE-2016-8669 [char: divide by zero error in serial_update_parameters]
+       RESERVED
        - qemu <unfixed> (bug #840945)
        - qemu-kvm <removed>
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02461.html
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1384909
 CVE-2016-8668 [net: OOB buffer access in rocker switch emulation]
+       RESERVED
        - qemu <unfixed> (bug #840948)
        [jessie] - qemu <not-affected> (Vulnerable code introduced after 
v2.4.0-rc0)
        [wheezy] - qemu <not-affected> (Vulnerable code introduced after 
v2.4.0-rc0)
@@ -122,6 +165,7 @@
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02501.html
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1384896
 CVE-2016-8667 [dma: rc4030 divide by zero error in set_next_tick]
+       RESERVED
        - qemu <unfixed> (bug #840950)
        - qemu-kvm <removed>
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02577.html
@@ -255,23 +299,20 @@
        RESERVED
 CVE-2016-8594
        RESERVED
-CVE-2016-8666 [tunnels: Don't apply GRO to multiple layers of encapsulation]
-       RESERVED
+CVE-2016-8666 (The IP stack in the Linux kernel before 4.6 allows remote 
attackers to ...)
        - linux 4.6.1-1
        [jessie] - linux 3.6.36-1
        [wheezy] - linux <not-affected> (Vulnerable code introduced later)
        NOTE: Fixed by: 
https://git.kernel.org/linus/fac8e0f579695a3ecbc4d3cac369139d7f819971
        NOTE: Introduced by: 
htttps://git.kernel.org/linus/bf5a755f5e9186406bbf50f4087100af5bd68e40
        NOTE: http://www.openwall.com/lists/oss-security/2016/10/13/11
-CVE-2016-8660 [local DoS due to a page lock order bug in the XFS seek 
hole/data implementation]
-       RESERVED
+CVE-2016-8660 (The XFS subsystem in the Linux kernel through 4.8.2 allows 
local users ...)
        - linux <unfixed>
 CVE-2016-8659 [privilege escalation via ptrace]
        RESERVED
        - bubblewrap 0.1.2-2 (bug #840605)
        NOTE: https://github.com/projectatomic/bubblewrap/issues/107
-CVE-2016-8658 [Broadcom Wifi Driver Brcmfmac brcmf_cfg80211_start_ap Buffer 
Overflow]
-       RESERVED
+CVE-2016-8658 (Stack-based buffer overflow in the brcmf_cfg80211_start_ap 
function in ...)
        - linux 4.7.5-1
        [wheezy] - linux <not-affected> (Vulnerable code introduced later in 
3.7)
        NOTE: Fixed by: 
https://git.kernel.org/linus/ded89912156b1a47d940a0c954c43afbabd0c42c (v4.8-rc8)
@@ -506,34 +547,42 @@
        NOTE: already have root privileges could induce systemd to send messages
        NOTE: that would trigger the format string vulnerability.
 CVE-2016-8686 [memory allocation failure]
+       RESERVED
        - potrace <unfixed>
        NOTE: 
https://blogs.gentoo.org/ago/2016/08/29/potrace-memory-allocation-failure
 CVE-2016-8685 [invalid memory access in findnext (decompose.c)]
+       RESERVED
        - potrace <unfixed>
        NOTE: 
https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/
 CVE-2016-8684 [memory allocation failure in MagickMalloc (memory.c)]
+       RESERVED
        - graphicsmagick <unfixed>
        NOTE: 
https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-memory-allocation-failure-in-magickmalloc-memory-c/
        NOTE: Fixed by: 
http://hg.code.sf.net/p/graphicsmagick/code/rev/c53725cb5449
 CVE-2016-8683 [memory allocation failure in ReadPCXImage (pcx.c)]
+       RESERVED
        - graphicsmagick <unfixed>
        NOTE: 
https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-memory-allocation-failure-in-readpcximage-pcx-c/
        NOTE: Fixed by: 
http://hg.code.sf.net/p/graphicsmagick/code/rev/b9edafd479b9
 CVE-2016-8682 [stack-based buffer overflow in ReadSCTImage (sct.c)]
+       RESERVED
        - graphicsmagick <unfixed>
        NOTE: 
https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-stack-based-buffer-overflow-in-readsctimage-sct-c/
        NOTE: Fixed by: 
http://hg.code.sf.net/p/graphicsmagick/code/rev/0a0dfa81906d
 CVE-2016-8679 [dwarf_util.c: heap-based buffer overflow in 
_dwarf_get_size_of_val]
+       RESERVED
        - dwarfutils <unfixed> (bug #840958)
        NOTE: http://www.openwall.com/lists/oss-security/2016/10/08/11
        NOTE: 
https://sourceforge.net/p/libdwarf/code/ci/2d14a7792889e33bc542c28d0f3792964c46214f/#diff-13
        NOTE: 
https://sourceforge.net/p/libdwarf/code/ci/efe48cad0693d6994d9a7b561e1c3833b073a624/#diff-2
        NOTE: Same fix as CVE-2016-8681 but different issue
 CVE-2016-8680 [dwarf_util.c: heap-based buffer overflow in 
_dwarf_get_abbrev_for_code]
+       RESERVED
        - dwarfutils <unfixed> (bug #840960)
        NOTE: http://www.openwall.com/lists/oss-security/2016/10/08/12
        NOTE: 
https://sourceforge.net/p/libdwarf/code/ci/268c1f18d1d28612af3b72d7c670076b1b88e51c/tree/libdwarf/dwarf_util.c?diff=0b28b923c3bd9827d1d904feed2abadde4fa5de2
 CVE-2016-8681 [dwarf_util.c: heap-based buffer overflow in 
_dwarf_get_abbrev_for_code second one]
+       RESERVED
        - dwarfutils <unfixed> (bug #840961)
        NOTE: 
https://sourceforge.net/p/libdwarf/code/ci/2d14a7792889e33bc542c28d0f3792964c46214f/#diff-13
        NOTE: 
https://sourceforge.net/p/libdwarf/code/ci/efe48cad0693d6994d9a7b561e1c3833b073a624/#diff-2
@@ -2513,10 +2562,12 @@
        NOTE: 
https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=9362c7ddd1af3b168953d0737877bc52d79c94f4
 CVE-2016-7948 [for all of the other mishandling of the reply data]
        RESERVED
+       {DLA-660-1}
        - libxrandr <unfixed> (bug #840441)
        NOTE: 
https://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=a0df3e1c7728205e5c7650b2e6dce684139254a6
 CVE-2016-7947 [for all of the integer overflows]
        RESERVED
+       {DLA-660-1}
        - libxrandr <unfixed> (bug #840441)
        NOTE: 
https://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=a0df3e1c7728205e5c7650b2e6dce684139254a6
 CVE-2016-7946 [for all of the other mishandling of the reply data]
@@ -3664,8 +3715,7 @@
        RESERVED
 CVE-2016-7426
        RESERVED
-CVE-2016-7425 [SCSI arcmsr driver: buffer overflow in 
arcmsr_iop_message_xfer()]
-       RESERVED
+CVE-2016-7425 (The arcmsr_iop_message_xfer function in ...)
        - linux <unfixed>
        NOTE: http://marc.info/?l=linux-scsi&m=147394713328707&w=2
        NOTE: Upstream commit: 
https://git.kernel.org/linus/7bc2b55a5c030685b399bb65b6baa9ccc3d1f167
@@ -4736,8 +4786,7 @@
        [wheezy] - wget <no-dsa> (Minor issue)
        NOTE: 
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=9ffb64ba6a8121909b01e984deddce8d096c498d
        NOTE: 
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=690c47e3b18c099843cdf557a0425d701fca4957
-CVE-2016-7097 [Setting a POSIX ACL via setxattr doesn't clear the setgid bit]
-       RESERVED
+CVE-2016-7097 (The filesystem implementation in the Linux kernel through 4.8.2 
...)
        - linux <unfixed>
        NOTE: http://www.spinics.net/lists/linux-fsdevel/msg98328.html
        NOTE: http://marc.info/?l=linux-fsdevel&m=147162313630259&w=2
@@ -4862,8 +4911,7 @@
        NOTE: http://irssi.org/security/irssi_sa_2016.txt
 CVE-2016-7043
        RESERVED
-CVE-2016-7042 [Stack corruption while reading /proc/keys]
-       RESERVED
+CVE-2016-7042 (The proc_keys_show function in security/keys/proc.c in the 
Linux ...)
        - linux <unfixed>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373966
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373499 (not yet 
opened)
@@ -4871,8 +4919,7 @@
        RESERVED
 CVE-2016-7040 (Red Hat CloudForms Management Engine 4.1 does not properly 
handle ...)
        NOT-FOR-US: Red Hat CloudForms
-CVE-2016-7039 [net: add recursion limit to GRO]
-       RESERVED
+CVE-2016-7039 (The IP stack in the Linux kernel through 4.8.2 allows remote 
attackers ...)
        - linux <unfixed>
        [jessie] - linux <not-affected> (Vulnerable code introduced later)
        [wheezy] - linux <not-affected> (Vulnerable code introduced later)
@@ -5379,8 +5426,7 @@
        NOTE: 
http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html
        NOTE: 
https://lists.nongnu.org/archive/html/chicken-hackers/2016-07/txtSWHYeFeG0R.txt
        NOTE: http://bugs.call-cc.org/ticket/1308
-CVE-2016-6828 [Linux tcp_xmit_retransmit_queue use after free]
-       RESERVED
+CVE-2016-6828 (The tcp_check_send_head function in include/net/tcp.h in the 
Linux ...)
        {DSA-3659-1 DLA-609-1}
        - linux 4.7.2-1
        NOTE: Fixed by: 
https://github.com/torvalds/linux/commit/bb1fceca22492109be12640d49f5ea5a544c6bb4
@@ -5460,14 +5506,12 @@
        [wheezy] - suricata <no-dsa> (Minor issue)
        [squeeze] - suricata <no-dsa> (Minor issue)
        NOTE: https://redmine.openinfosecfoundation.org/issues/1364
-CVE-2015-8953
-       RESERVED
+CVE-2015-8953 (fs/overlayfs/copy_up.c in the Linux kernel before 4.2.6 uses an 
...)
        - linux 4.2.6-1
        [jessie] - linux <not-affected> (Vulnerable code not present)
        [wheezy] - linux <not-affected> (Vulnerable code not present)
        NOTE: Fixed by: 
https://git.kernel.org/linus/ab79efab0a0ba01a74df782eb7fa44b044dae8b5 (v4.3)
-CVE-2015-8952
-       RESERVED
+CVE-2015-8952 (The mbcache feature in the ext2 and ext4 filesystem 
implementations in ...)
        - linux 4.6.1-1 (low)
        [jessie] - linux <no-dsa> (Minor issue and too intrusive to backport, 
workaround exists with the no_mbcache mount flag)
        NOTE: 
https://git.kernel.org/linus/f9a61eb4e2471c56a63cd804c7474128138c38ac (v4.6-rc1)
@@ -7041,8 +7085,7 @@
        NOTE: This is a generic cryptographic weakness, not a vulnerability in 
OpenVPN per se
 CVE-2016-6328
        RESERVED
-CVE-2016-6327
-       RESERVED
+CVE-2016-6327 (drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel 
before 4.5.1 ...)
        - linux 4.6.1-1
        [wheezy] - linux <not-affected> (Vulnerable code introduced later)
        NOTE: Fixed by: 
https://git.kernel.org/linus/51093254bf879bc9ce96590400a87897c7498463 (4.6-rc1)
@@ -10839,7 +10882,7 @@
        - firefox-esr 45.3.0esr-1
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/
 CVE-2016-5257 (Multiple unspecified vulnerabilities in the browser engine in 
Mozilla ...)
-       {DSA-3690-1 DSA-3674-1 DLA-636-1 DLA-658-1}
+       {DSA-3690-1 DSA-3674-1 DLA-658-1 DLA-636-1}
        - firefox 49.0-1
        - firefox-esr 45.4.0esr-1
        - icedove 1:45.4.0-1
@@ -25281,8 +25324,8 @@
        TODO: check
 CVE-2016-0925 (Cross-site scripting (XSS) vulnerability in the Case Management 
...)
        NOT-FOR-US: EMC RSA Adaptive Authentication
-CVE-2016-0924 (The TLS 1.2 implementation in EMC RSA BSAFE Micro Edition Suite 
(MES) ...)
-       TODO: check
+CVE-2016-0924
+       REJECTED
 CVE-2016-0923 (The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x 
before ...)
        TODO: check
 CVE-2016-0922 (EMC ViPR SRM before 3.7.2 does not restrict the number of ...)
@@ -27410,8 +27453,8 @@
        RESERVED
 CVE-2016-0250
        RESERVED
-CVE-2016-0249
-       RESERVED
+CVE-2016-0249 (SQL injection vulnerability in IBM Security Guardium Database 
Activity ...)
+       TODO: check
 CVE-2016-0248 (IBM Security Guardium 9.0 before p700 and 10.0 before p100 
allows ...)
        TODO: check
 CVE-2016-0247
@@ -27500,8 +27543,8 @@
        RESERVED
 CVE-2016-0205
        RESERVED
-CVE-2016-0204
-       RESERVED
+CVE-2016-0204 (Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x 
before ...)
+       TODO: check
 CVE-2016-0203
        RESERVED
 CVE-2016-0202
@@ -42878,8 +42921,7 @@
        - glance 2015.1.0-4 (bug #793896)
        [jessie] - glance <not-affected> (Vulnerable code introduced later)
        [wheezy] - glance <not-affected> (Vulnerable code introduced later)
-CVE-2015-3288 [zero page memory arbitrary modification]
-       RESERVED
+CVE-2015-3288 (mm/memory.c in the Linux kernel before 4.1.4 mishandles 
anonymous ...)
        - linux 4.2-1
        [jessie] - linux 3.16.7-ckt17-1
        [wheezy] - linux 3.2.71-1


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to