diff options
author | security tracker role <sectracker@debian.org> | 2016-09-16 21:10:16 +0000 |
---|---|---|
committer | security tracker role <sectracker@debian.org> | 2016-09-16 21:10:16 +0000 |
commit | dd92bd2f915669329d36ccbc8b4f2b2bc92ba4e3 (patch) | |
tree | 11e7a3930d638952d2d80143fed1790fe6290ac0 | |
parent | 1183f6fb79530a6f7c49812c38cba0dc80d93457 (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@44661 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rw-r--r-- | data/CVE/1999.list | 2 | ||||
-rw-r--r-- | data/CVE/2000.list | 2 | ||||
-rw-r--r-- | data/CVE/2001.list | 2 | ||||
-rw-r--r-- | data/CVE/2002.list | 2 | ||||
-rw-r--r-- | data/CVE/2014.list | 2 | ||||
-rw-r--r-- | data/CVE/2016.list | 59 |
6 files changed, 33 insertions, 36 deletions
diff --git a/data/CVE/1999.list b/data/CVE/1999.list index a9537f9688..430656ea1e 100644 --- a/data/CVE/1999.list +++ b/data/CVE/1999.list @@ -835,7 +835,7 @@ CVE-1999-0734 (A default configuration of CiscoSecure Access Control Server (ACS NOT-FOR-US: Cisco CVE-1999-0733 (Buffer overflow in VMWare 1.0.1 for Linux via a long HOME ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-1999-0732 (The logging facilitity of the Debian smtp-refuser package allows local ...) +CVE-1999-0732 (The logging facility of the Debian smtp-refuser package allows local ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-1999-0731 (The KDE klock program allows local users to unlock a session using ...) NOT-FOR-US: Data pre-dating the Security Tracker diff --git a/data/CVE/2000.list b/data/CVE/2000.list index 908780e126..6be4aed838 100644 --- a/data/CVE/2000.list +++ b/data/CVE/2000.list @@ -1438,7 +1438,7 @@ CVE-2000-0217 (The default configuration of SSH allows X forwarding, which could NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0215 (Vulnerability in SCO cu program in UnixWare 7.x allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2000-0212 (InterAccess TelnetID Server 4.0 allows remote attackers to conduct a ...) +CVE-2000-0212 (InterAccess TelnetD Server 4.0 allows remote attackers to conduct a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-0211 (The Windows Media server allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker diff --git a/data/CVE/2001.list b/data/CVE/2001.list index 22b030ba71..f429579bd1 100644 --- a/data/CVE/2001.list +++ b/data/CVE/2001.list @@ -578,7 +578,7 @@ CVE-2001-1098 (Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password NOT-FOR-US: Cisco CVE-2001-1096 (Buffer overflows in muxatmd in AIX 4 allows an attacker to cause a ...) NOT-FOR-US: AIX -CVE-2001-1095 (Buffer overflow in uuq in AIX 4 could alllow local users to execute ...) +CVE-2001-1095 (Buffer overflow in uuq in AIX 4 could allow local users to execute ...) NOT-FOR-US: AIX CVE-2001-1089 (libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker diff --git a/data/CVE/2002.list b/data/CVE/2002.list index 71d09e280a..f71a3834b2 100644 --- a/data/CVE/2002.list +++ b/data/CVE/2002.list @@ -3976,7 +3976,7 @@ CVE-2002-0488 (Linux Directory Penguin traceroute.pl CGI script 1.0 allows remot NOT-FOR-US: Linux Directory Penguin CVE-2002-0484 (move_uploaded_file in PHP does not does not check for the base ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-0473 (db.php in phBB 2.0 (aka phBB2) RC-3 and earlier allows remote ...) +CVE-2002-0473 (db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0464 (Directory traversal vulnerability in Hosting Controller 1.4.1 and ...) NOT-FOR-US: Hosting Controller diff --git a/data/CVE/2014.list b/data/CVE/2014.list index ba4d3a8722..0a3332fa31 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -11872,7 +11872,7 @@ CVE-2014-5335 (Multiple cross-site request forgery (CSRF) vulnerabilities in ... NOT-FOR-US: innovaphone PBX CVE-2014-5334 RESERVED -CVE-2014-5332 (Race condition in NVMap in NVIDIA Tegra Linux Kernel 3.10 alllows ...) +CVE-2014-5332 (Race condition in NVMap in NVIDIA Tegra Linux Kernel 3.10 allows local ...) - linux <not-affected> (drivers/video/tegra not present) NOTE: http://googleprojectzero.blogspot.de/2015/01/exploiting-nvmap-to-escape-chrome.html CVE-2014-5331 (Cross-site scripting (XSS) vulnerability in Aflax allows remote ...) diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 62bcc4488d..cef88748b1 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -1,4 +1,5 @@ CVE-2016-7423 [scsi: mptsas: OOB access when freeing MPTSASRequest object] + RESERVED - qemu <unfixed> [jessie] - qemu <not-affected> (Vulnerable code introduced later) [wheezy] - qemu <not-affected> (Vulnerable code introduced later) @@ -10,6 +11,7 @@ CVE-2016-7423 [scsi: mptsas: OOB access when freeing MPTSASRequest object] NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=e351b82611293683c4cabe4b69b7552bde5d4e2a (v2.6.0-rc0) NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=670e56d3ed2918b3861d9216f2c0540d9e9ae0d5 CVE-2016-7422 [virtio: null pointer dereference in virtqueue_map_desc] + RESERVED - qemu <unfixed> [jessie] - qemu <not-affected> (Vulnerable code introduced later) [wheezy] - qemu <not-affected> (Vulnerable code introduced later) @@ -19,6 +21,7 @@ CVE-2016-7422 [virtio: null pointer dereference in virtqueue_map_desc] NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=3b3b0628217e2726069990ff9942a5d6d9816bd7 (v2.6.0-rc0) NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/4 CVE-2016-7421 [scsi: pvscsi: infinite loop when processing IO requests] + RESERVED - qemu <unfixed> [wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after 1.5) - qemu-kvm <not-affected> (Vulnerable code not present, introduced after 1.5) @@ -1619,8 +1622,7 @@ CVE-2016-7425 RESERVED CVE-2016-7424 RESERVED -CVE-2016-7420 [Library documentation lacks treatment of -DNDEBUG and Static Initialization] - RESERVED +CVE-2016-7420 (Crypto++ (aka cryptopp) through 5.6.4 does not document the ...) - libcrypto++ <unfixed> NOTE: https://github.com/weidai11/cryptopp/issues/277 CVE-2016-7419 @@ -2949,8 +2951,8 @@ CVE-2016-6938 RESERVED CVE-2016-6937 RESERVED -CVE-2016-6936 - RESERVED +CVE-2016-6936 (Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support ...) + TODO: check CVE-2016-6935 RESERVED CVE-2016-6934 @@ -3613,7 +3615,7 @@ CVE-2016-6663 RESERVED CVE-2016-6662 [privilege escalation through ld_preload hijacking and my.cnf rewrite] RESERVED - {DSA-3666-1} + {DSA-3666-1 DLA-624-1} - mariadb-10.0 10.0.27-1 - mysql-5.6 <unfixed> - mysql-5.5 <removed> @@ -4866,13 +4868,11 @@ CVE-2016-6305 RESERVED CVE-2016-6304 RESERVED -CVE-2016-6303 - RESERVED +CVE-2016-6303 (Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c ...) - openssl <unfixed> [jessie] - openssl <no-dsa> (Wait until next openssl update round) NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=55d83bf7c10c7b205fffa23fa7c3977491e56c07 -CVE-2016-6302 - RESERVED +CVE-2016-6302 (The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before ...) - openssl <unfixed> [jessie] - openssl <no-dsa> (Wait until next openssl update round) NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=e97763c92c655dcf4af2860b3abd2bc4c8a267f9 @@ -11189,22 +11189,22 @@ CVE-2016-4265 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Read NOT-FOR-US: Adobe CVE-2016-4264 (The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before ...) TODO: check -CVE-2016-4263 - RESERVED -CVE-2016-4262 - RESERVED -CVE-2016-4261 - RESERVED -CVE-2016-4260 - RESERVED -CVE-2016-4259 - RESERVED -CVE-2016-4258 - RESERVED -CVE-2016-4257 - RESERVED -CVE-2016-4256 - RESERVED +CVE-2016-4263 (Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 ...) + TODO: check +CVE-2016-4262 (Adobe Digital Editions before 4.5.2 allows attackers to execute ...) + TODO: check +CVE-2016-4261 (Adobe Digital Editions before 4.5.2 allows attackers to execute ...) + TODO: check +CVE-2016-4260 (Adobe Digital Editions before 4.5.2 allows attackers to execute ...) + TODO: check +CVE-2016-4259 (Adobe Digital Editions before 4.5.2 allows attackers to execute ...) + TODO: check +CVE-2016-4258 (Adobe Digital Editions before 4.5.2 allows attackers to execute ...) + TODO: check +CVE-2016-4257 (Adobe Digital Editions before 4.5.2 allows attackers to execute ...) + TODO: check +CVE-2016-4256 (Adobe Digital Editions before 4.5.2 allows attackers to execute ...) + TODO: check CVE-2016-4255 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...) NOT-FOR-US: Adobe CVE-2016-4254 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...) @@ -17176,13 +17176,11 @@ CVE-2016-2183 (The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSe NOTE: What was done in OpenSSL: https://www.openssl.org/blog/blog/2016/08/24/sweet32/ NOTE: Python issue: https://bugs.python.org/issue27850 TODO: not clear if this should be assigned to individual source, like openssl and nss (openpvn got a own CVE) -CVE-2016-2182 - RESERVED +CVE-2016-2182 (The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 ...) - openssl <unfixed> [jessie] - openssl <no-dsa> (Wait until next openssl update round) NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=07bed46f332fce8c1d157689a2cdf915a982ae34 -CVE-2016-2181 - RESERVED +CVE-2016-2181 (The Anti-Replay feature in the DTLS implementation in OpenSSL before ...) - openssl <unfixed> [jessie] - openssl <no-dsa> (Wait until next openssl update round) NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=1fb9fdc3027b27d8eb6a1e6a846435b070980770 @@ -17190,8 +17188,7 @@ CVE-2016-2180 (The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 - openssl <unfixed> [jessie] - openssl <no-dsa> (Wait until next openssl update round) NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=0ed26acce328ec16a3aa635f1ca37365e8c7403a -CVE-2016-2179 - RESERVED +CVE-2016-2179 (The DTLS implementation in OpenSSL before 1.1.0 does not properly ...) - openssl <unfixed> [jessie] - openssl <no-dsa> (Wait until next openssl update round) NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=f5c7f5dfbaf0d2f7d946d0fe86f08e6bcb36ed0d |