[Midnightbsd-cvs] mports [20922] trunk/security/vuxml/vuln.xml: update security list based on freebsd ports.
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Mon Feb 1 09:50:17 EST 2016
Revision: 20922
http://svnweb.midnightbsd.org/mports/?rev=20922
Author: laffer1
Date: 2016-02-01 09:47:17 -0500 (Mon, 01 Feb 2016)
Log Message:
-----------
update security list based on freebsd ports.
Modified Paths:
--------------
trunk/security/vuxml/vuln.xml
Modified: trunk/security/vuxml/vuln.xml
===================================================================
--- trunk/security/vuxml/vuln.xml 2016-02-01 14:45:31 UTC (rev 20921)
+++ trunk/security/vuxml/vuln.xml 2016-02-01 14:47:17 UTC (rev 20922)
@@ -28,7 +28,7 @@
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- $FreeBSD: head/security/vuxml/vuln.xml 395225 2015-08-25 09:57:04Z jbeich $
+ $FreeBSD: head/security/vuxml/vuln.xml 407689 2016-02-01 07:37:58Z jbeich $
QUICK GUIDE TO ADDING A NEW ENTRY
@@ -42,8 +42,8 @@
6. profit!
Additional tests can be done this way:
- $ env PKG_DBDIR=/usr/ports/security/vuxml pkg audit py26-django-1.6
- $ env PKG_DBDIR=/usr/ports/security/vuxml pkg audit py27-django-1.6.1
+ $ pkg audit -f ./vuln.xml py26-django-1.6
+ $ pkg audit -f ./vuln.xml py27-django-1.6.1
Extensive documentation of the format and help with writing and verifying
a new entry is available in The Porter's Handbook at:
@@ -58,6 +58,5894 @@
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="4f00dac0-1e18-4481-95af-7aaad63fd303">
+ <topic>mozilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <name>linux-firefox</name>
+ <range><lt>44.0,1</lt></range>
+ </package>
+ <package>
+ <name>seamonkey</name>
+ <name>linux-seamonkey</name>
+ <range><lt>2.41</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>38.6.0,1</lt></range>
+ </package>
+ <package>
+ <name>libxul</name>
+ <name>thunderbird</name>
+ <name>linux-thunderbird</name>
+ <range><lt>38.6.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox44">
+ <p>MFSA 2016-01 Miscellaneous memory safety hazards (rv:44.0
+ / rv:38.6)</p>
+ <p>MFSA 2016-02 Out of Memory crash when parsing GIF format
+ images</p>
+ <p>MFSA 2016-03 Buffer overflow in WebGL after out of memory
+ allocation</p>
+ <p>MFSA 2016-04 Firefox allows for control characters to be
+ set in cookie names</p>
+ <p>MFSA 2016-06 Missing delay following user click events in
+ protocol handler dialog</p>
+ <p>MFSA 2016-07 Errors in mp_div and mp_exptmod
+ cryptographic functions in NSS</p>
+ <p>MFSA 2016-09 Addressbar spoofing attacks</p>
+ <p>MFSA 2016-10 Unsafe memory manipulation found through
+ code inspection</p>
+ <p>MFSA 2016-11 Application Reputation service disabled in
+ Firefox 43</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7208</cvename>
+ <cvename>CVE-2016-1930</cvename>
+ <cvename>CVE-2016-1931</cvename>
+ <cvename>CVE-2016-1933</cvename>
+ <cvename>CVE-2016-1935</cvename>
+ <cvename>CVE-2016-1937</cvename>
+ <cvename>CVE-2016-1938</cvename>
+ <cvename>CVE-2016-1939</cvename>
+ <cvename>CVE-2016-1942</cvename>
+ <cvename>CVE-2016-1943</cvename>
+ <cvename>CVE-2016-1944</cvename>
+ <cvename>CVE-2016-1945</cvename>
+ <cvename>CVE-2016-1946</cvename>
+ <cvename>CVE-2016-1947</cvename>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-01/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-02/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-03/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-04/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-06/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-07/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-09/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-10/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-11/</url>
+ </references>
+ <dates>
+ <discovery>2016-01-26</discovery>
+ <entry>2016-02-01</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e00d8b94-c88a-11e5-b5fe-002590263bf5">
+ <topic>gdcm -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>gdcm</name>
+ <range><lt>2.6.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>CENSUS S.A. reports:</p>
+ <blockquote cite="http://census-labs.com/news/2016/01/11/gdcm-buffer-overflow-imageregionreaderreadintobuffer/">
+ <p>GDCM versions 2.6.0 and 2.6.1 (and possibly previous versions) are
+ prone to an integer overflow vulnerability which leads to a buffer
+ overflow and potentially to remote code execution.</p>
+ </blockquote>
+ <blockquote cite="http://census-labs.com/news/2016/01/11/gdcm-out-bounds-read-jpeglscodec-decodeextent/">
+ <p>GDCM versions 2.6.0 and 2.6.1 (and possibly previous versions) are
+ prone to an out-of-bounds read vulnerability due to missing checks.
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8396</cvename>
+ <cvename>CVE-2015-8397</cvename>
+ <url>http://census-labs.com/news/2016/01/11/gdcm-buffer-overflow-imageregionreaderreadintobuffer/</url>
+ <url>http://census-labs.com/news/2016/01/11/gdcm-out-bounds-read-jpeglscodec-decodeextent/</url>
+ </references>
+ <dates>
+ <discovery>2015-12-23</discovery>
+ <entry>2016-02-01</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="c1c18ee1-c711-11e5-96d6-14dae9d210b8">
+ <topic>nginx -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>nginx</name>
+ <range><lt>1.8.1,2</lt></range>
+ </package>
+ <package>
+ <name>nginx-devel</name>
+ <range><lt>1.9.10</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Maxim Dounin reports:</p>
+ <blockquote cite="http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html">
+ <p>Several problems in nginx resolver were identified, which
+ might allow an attacker to cause worker process crash, or might have
+ potential other impact if the "resolver" directive
+ is used in a configuration file.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html</url>
+ <cvename>CVE-2016-0742</cvename>
+ <cvename>CVE-2016-0746</cvename>
+ <cvename>CVE-2016-0747</cvename>
+ </references>
+ <dates>
+ <discovery>2016-01-26</discovery>
+ <entry>2016-01-30</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a0d77bc8-c6a7-11e5-96d6-14dae9d210b8">
+ <topic>typo3 -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>typo3</name>
+ <range><lt>7.6.1</lt></range>
+ </package>
+ <package>
+ <name>typo3-lts</name>
+ <range><lt>6.2.16</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>TYPO3 Security Team reports:</p>
+ <blockquote cite="http://lists.typo3.org/pipermail/typo3-announce/2015/000351.html">
+ <p>It has been discovered that TYPO3 CMS is susceptible to
+ Cross-Site Scripting and Cross-Site Flashing.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://lists.typo3.org/pipermail/typo3-announce/2015/000351.html</url>
+ <url>https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-010/</url>
+ <url>https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011/</url>
+ <url>https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012/</url>
+ <url>https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013/</url>
+ <url>https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-014/</url>
+ <url>https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-015/</url>
+ </references>
+ <dates>
+ <discovery>2015-12-15</discovery>
+ <entry>2016-01-29</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="93eadedb-c6a6-11e5-96d6-14dae9d210b8">
+ <topic>nghttp2 -- use after free</topic>
+ <affects>
+ <package>
+ <name>nghttp2</name>
+ <range><lt>1.6.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>nghttp2 reports:</p>
+ <blockquote cite="https://nghttp2.org/blog/2015/12/23/nghttp2-v1-6-0/">
+ <p>This release fixes heap-use-after-free bug in idle stream
+ handling code. We strongly recommend to upgrade the older installation
+ to this latest version as soon as possible.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://nghttp2.org/blog/2015/12/23/nghttp2-v1-6-0/</url>
+ <cvename>CVE-2015-8659</cvename>
+ </references>
+ <dates>
+ <discovery>2015-12-23</discovery>
+ <entry>2016-01-29</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="3166222b-c6a4-11e5-96d6-14dae9d210b8">
+ <topic>owncloud -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>owncloud</name>
+ <range><lt>8.2.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Owncloud reports:</p>
+ <blockquote cite="https://owncloud.org/blog/owncloud-8-2-2-8-1-5-8-0-10-and-7-0-12-here-with-sharing-ldap-fixes/">
+ <ul>
+ <li><p>Reflected XSS in OCS provider discovery
+ (oC-SA-2016-001)</p></li>
+ <li><p>Information Exposure Through Directory Listing in the
+ file scanner (oC-SA-2016-002)</p></li>
+ <li><p>Disclosure of files that begin with ".v" due to
+ unchecked return value (oC-SA-2016-003)</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://owncloud.org/blog/owncloud-8-2-2-8-1-5-8-0-10-and-7-0-12-here-with-sharing-ldap-fixes/</url>
+ <url>https://owncloud.org/security/advisory/?id=oc-sa-2016-001</url>
+ <url>https://owncloud.org/security/advisory/?id=oc-sa-2016-002</url>
+ <url>https://owncloud.org/security/advisory/?id=oc-sa-2016-003</url>
+ <cvename>CVE-2016-1498</cvename>
+ <cvename>CVE-2016-1499</cvename>
+ <cvename>CVE-2016-1500</cvename>
+ </references>
+ <dates>
+ <discovery>2015-12-23</discovery>
+ <entry>2016-01-29</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="ff824eea-c69c-11e5-96d6-14dae9d210b8">
+ <topic>radicale -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>py27-radicale</name>
+ <name>py32-radicale</name>
+ <name>py33-radicale</name>
+ <name>py34-radicale</name>
+ <range><lt>1.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Radicale reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2016/01/06/4">
+ <p>The multifilesystem backend allows access to arbitrary
+ files on all platforms.</p>
+ <p>Prevent regex injection in rights management.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.openwall.com/lists/oss-security/2016/01/06/4</url>
+ <cvename>CVE-2015-8747</cvename>
+ <cvename>CVE-2015-8748</cvename>
+ </references>
+ <dates>
+ <discovery>2015-12-24</discovery>
+ <entry>2016-01-29</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7a59e283-c60b-11e5-bf36-6805ca0b3d42">
+ <topic>phpmyadmin -- XSS vulnerability in SQL editor</topic>
+ <affects>
+ <package>
+ <name>phpmyadmin</name>
+ <range><ge>4.5.0</ge><lt>4.5.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The phpMyAdmin development team reports:</p>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-9/">
+ <p>With a crafted SQL query, it is possible to trigger an
+ XSS attack in the SQL editor.</p>
+ <p>We consider this vulnerability to be non-critical.</p>
+ <p>This vulnerability can be triggered only by someone who is
+ logged in to phpMyAdmin, as the usual token protection
+ prevents non-logged-in users from accessing the required
+ pages.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-9/</url>
+ <cvename>CVE-2016-2045</cvename>
+ </references>
+ <dates>
+ <discovery>2016-01-28</discovery>
+ <entry>2016-01-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="78b4ebfb-c60b-11e5-bf36-6805ca0b3d42">
+ <topic>phpmyadmin -- Full path disclosure vulnerability in SQL parser</topic>
+ <affects>
+ <package>
+ <name>phpmyadmin</name>
+ <range><ge>4.5.0</ge><lt>4.5.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The phpMyAdmin development team reports:</p>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-8/">
+ <p>By calling a particular script that is part of phpMyAdmin
+ in an unexpected way, it is possible to trigger phpMyAdmin
+ to display a PHP error message which contains the full path
+ of the directory where phpMyAdmin is installed.</p>
+ <p>We consider this vulnerability to be non-critical.</p>
+ <p>This path disclosure is possible on servers where the
+ recommended setting of the PHP configuration directive
+ display_errors is set to on, which is against the
+ recommendations given in the PHP manual for a production
+ server.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-8/</url>
+ <cvename>CVE-2016-2044</cvename>
+ </references>
+ <dates>
+ <discovery>2016-01-28</discovery>
+ <entry>2016-01-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7694927f-c60b-11e5-bf36-6805ca0b3d42">
+ <topic>phpmyadmin -- XSS vulnerability in normalization page</topic>
+ <affects>
+ <package>
+ <name>phpmyadmin</name>
+ <range><ge>4.5.0</ge><lt>4.5.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The phpMyAdmin development team reports:</p>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-7/">
+ <p>With a crafted table name it is possible to trigger an
+ XSS attack in the database normalization page.</p>
+ <p>We consider this vulnerability to be non-critical.</p>
+ <p>This vulnerability can be triggered only by someone who is
+ logged in to phpMyAdmin, as the usual token protection
+ prevents non-logged-in users from accessing the required page.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-7/</url>
+ <cvename>CVE-2016-2043</cvename>
+ </references>
+ <dates>
+ <discovery>2016-01-28</discovery>
+ <entry>2016-01-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="740badcb-c60b-11e5-bf36-6805ca0b3d42">
+ <topic>phpmyadmin -- Multiple full path disclosure vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>phpmyadmin</name>
+ <range><ge>4.5.0</ge><lt>4.5.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The phpMyAdmin development team reports:</p>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-6/">
+ <p>By calling some scripts that are part of phpMyAdmin in an
+ unexpected way, it is possible to trigger phpMyAdmin to
+ display a PHP error message which contains the full path of
+ the directory where phpMyAdmin is installed.</p>
+ <p>We consider these vulnerabilities to be non-critical.</p>
+ <p>This path disclosure is possible on servers where the
+ recommended setting of the PHP configuration directive
+ display_errors is set to on, which is against the
+ recommendations given in the PHP manual for a production
+ server.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-6/</url>
+ <cvename>CVE-2016-2042</cvename>
+ </references>
+ <dates>
+ <discovery>2016-01-28</discovery>
+ <entry>2016-01-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="71b24d99-c60b-11e5-bf36-6805ca0b3d42">
+ <topic>phpmyadmin -- Unsafe comparison of XSRF/CSRF token</topic>
+ <affects>
+ <package>
+ <name>phpmyadmin</name>
+ <range><ge>4.5.0</ge><lt>4.5.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The phpMyAdmin development team reports:</p>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-5/">
+ <p>The comparison of the XSRF/CSRF token parameter with the
+ value saved in the session is vulnerable to timing
+ attacks. Moreover, the comparison could be bypassed if the
+ XSRF/CSRF token matches a particular pattern.</p>
+ <p>We consider this vulnerability to be serious.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-5/</url>
+ <cvename>CVE-2016-2041</cvename>
+ </references>
+ <dates>
+ <discovery>2016-01-28</discovery>
+ <entry>2016-01-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6f0c2d1b-c60b-11e5-bf36-6805ca0b3d42">
+ <topic>phpmyadmin -- Insecure password generation in JavaScript</topic>
+ <affects>
+ <package>
+ <name>phpmyadmin</name>
+ <range><ge>4.5.0</ge><lt>4.5.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The phpMyAdmin development team reports:</p>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-4/">
+ <p>Password suggestion functionality uses Math.random()
+ which does not provide cryptographically secure random
+ numbers.</p>
+ <p>We consider this vulnerability to be non-critical.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-4/</url>
+ <cvename>CVE-2016-1927</cvename>
+ </references>
+ <dates>
+ <discovery>2016-01-28</discovery>
+ <entry>2016-01-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6cc06eec-c60b-11e5-bf36-6805ca0b3d42">
+ <topic>phpmyadmin -- Multiple XSS vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>phpmyadmin</name>
+ <range><ge>4.5.0</ge><lt>4.5.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The phpMyAdmin development team reports:</p>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-3/">
+ <ul>
+ <li>With a crafted table name it is possible to trigger
+ an XSS attack in the database search page.</li>
+ <li>With a crafted SET value or a crafted search query, it
+ is possible to trigger an XSS attacks in the zoom search
+ page.</li>
+ <li>With a crafted hostname header, it is possible to
+ trigger an XSS attacks in the home page.</li>
+ </ul>
+ <p>We consider these vulnerabilities to be non-critical.</p>
+ <p>These vulnerabilities can be triggered only by someone
+ who is logged in to phpMyAdmin, as the usual token
+ protection prevents non-logged-in users from accessing the
+ required pages.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-3/</url>
+ <cvename>CVE-2016-2040</cvename>
+ </references>
+ <dates>
+ <discovery>2016-01-28</discovery>
+ <entry>2016-01-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="60ab0e93-c60b-11e5-bf36-6805ca0b3d42">
+ <topic>phpmyadmin -- Unsafe generation of XSRF/CSRF token</topic>
+ <affects>
+ <package>
+ <name>phpmyadmin</name>
+ <range><ge>4.5.0</ge><lt>4.5.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The phpMyAdmin development team reports:</p>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-2/">
+ <p>The XSRF/CSRF token is generated with a weak algorithm
+ using functions that do not return cryptographically secure
+ values.</p>
+ <p>We consider this vulnerability to be non-critical.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-2/</url>
+ <cvename>CVE-2016-2039</cvename>
+ </references>
+ <dates>
+ <discovery>2016-01-28</discovery>
+ <entry>2016-01-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="5d6a204f-c60b-11e5-bf36-6805ca0b3d42">
+ <topic>phpmyadmin -- Multiple full path disclosure vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>phpmyadmin</name>
+ <range><ge>4.5.0</ge><lt>4.5.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The phpMyAdmin development team reports:</p>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-1/">
+ <p>By calling some scripts that are part of phpMyAdmin in an
+ unexpected way, it is possible to trigger phpMyAdmin to
+ display a PHP error message which contains the full path of
+ the directory where phpMyAdmin is installed.</p>
+ <p>We consider these vulnerabilities to be non-critical.</p>
+ <p>This path disclosure is possible on servers where the
+ recommended setting of the PHP configuration directive
+ display_errors is set to on, which is against the
+ recommendations given in the PHP manual for a production
+ server.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-1/</url>
+ <cvename>CVE-2016-2038</cvename>
+ </references>
+ <dates>
+ <discovery>2016-01-28</discovery>
+ <entry>2016-01-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="50394bc9-c5fa-11e5-96a5-d93b343d1ff7">
+ <topic>prosody -- user impersonation vulnerability</topic>
+ <affects>
+ <package>
+ <name>prosody</name>
+ <range><lt>0.9.10</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Prosody team reports:</p>
+ <blockquote cite="https://prosody.im/security/advisory_20160127/">
+ <p>Adopt key generation algorithm from XEP-0185, to
+ prevent impersonation attacks (CVE-2016-0756)</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <freebsdpr>ports/206707</freebsdpr>
+ <cvename>CVE-2016-0756</cvename>
+ <url>https://prosody.im/security/advisory_20160127/</url>
+ </references>
+ <dates>
+ <discovery>2016-01-27</discovery>
+ <entry>2016-01-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="3679fd10-c5d1-11e5-b85f-0018fe623f2b">
+ <topic>openssl -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>openssl</name>
+ <range><lt>1.0.2_7</lt></range>
+ </package>
+ <package>
+ <name>mingw32-openssl</name>
+ <range><ge>1.0.1</ge><lt>1.0.2f</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>OpenSSL project reports:</p>
+ <blockquote cite="https://www.openssl.org/news/secadv/20160128.txt">
+ <ol>
+ <li>Historically OpenSSL only ever generated DH parameters based on "safe"
+ primes. More recently (in version 1.0.2) support was provided for
+ generating X9.42 style parameter files such as those required for RFC 5114
+ support. The primes used in such files may not be "safe". Where an
+ application is using DH configured with parameters based on primes that are
+ not "safe" then an attacker could use this fact to find a peer's private
+ DH exponent. This attack requires that the attacker complete multiple
+ handshakes in which the peer uses the same private DH exponent. For example
+ this could be used to discover a TLS server's private DH exponent if it's
+ reusing the private DH exponent or it's using a static DH ciphersuite.
+ OpenSSL provides the option SSL_OP_SINGLE_DH_USE for ephemeral DH (DHE) in
+ TLS. It is not on by default. If the option is not set then the server
+ reuses the same private DH exponent for the life of the server process and
+ would be vulnerable to this attack. It is believed that many popular
+ applications do set this option and would therefore not be at risk.
+ (CVE-2016-0701)</li>
+ <li>A malicious client can negotiate SSLv2 ciphers that have been disabled on
+ the server and complete SSLv2 handshakes even if all SSLv2 ciphers have
+ been disabled, provided that the SSLv2 protocol was not also disabled via
+ SSL_OP_NO_SSLv2.
+ (CVE-2015-3197)</li>
+ </ol>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-0701</cvename>
+ <cvename>CVE-2015-3197</cvename>
+ <url>https://www.openssl.org/news/secadv/20160128.txt</url>
+ </references>
+ <dates>
+ <discovery>2016-01-22</discovery>
+ <entry>2016-01-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="8b27f1bc-c509-11e5-a95f-b499baebfeaf">
+ <topic>curl -- Credentials not checked</topic>
+ <affects>
+ <package>
+ <name>curl</name>
+ <range><ge>7.10.0</ge><lt>7.47.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The cURL project reports:</p>
+ <blockquote cite="http://curl.haxx.se/docs/adv_20160127A.html">
+ <p>libcurl will reuse NTLM-authenticated proxy connections
+ without properly making sure that the connection was
+ authenticated with the same credentials as set for this
+ transfer.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://curl.haxx.se/docs/adv_20160127A.html</url>
+ <cvename>CVE-2016-0755</cvename>
+ </references>
+ <dates>
+ <discovery>2016-01-27</discovery>
+ <entry>2016-01-27</entry>
+ <modified>2016-01-30</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="fb754341-c3e2-11e5-b5fe-002590263bf5">
+ <topic>wordpress -- XSS vulnerability</topic>
+ <affects>
+ <package>
+ <name>wordpress</name>
+ <range><lt>4.4.1,1</lt></range>
+ </package>
+ <package>
+ <name>de-wordpress</name>
+ <name>ja-wordpress</name>
+ <name>ru-wordpress</name>
+ <name>zh-wordpress-zh_CN</name>
+ <name>zh-wordpress-zh_TW</name>
+ <range><lt>4.4.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Aaron Jorbin reports:</p>
+ <blockquote cite="INSERT URL HERE">
+ <p>WordPress 4.4.1 is now available. This is a security release for
+ all previous versions and we strongly encourage you to update your
+ sites immediately.</p>
+ <p>WordPress versions 4.4 and earlier are affected by a cross-site
+ scripting vulnerability that could allow a site to be compromised.
+ This was reported by Crtc4L.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1564</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2016/01/08/3</url>
+ <url>https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/</url>
+ </references>
+ <dates>
+ <discovery>2016-01-06</discovery>
+ <entry>2016-01-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a763a0e7-c3d9-11e5-b5fe-002590263bf5">
+ <topic>privoxy -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>privoxy</name>
+ <range><lt>3.0.24</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Privoxy Developers reports:</p>
+ <blockquote cite="http://www.privoxy.org/3.0.24/user-manual/whatsnew.html">
+ <p>Prevent invalid reads in case of corrupt chunk-encoded content.
+ CVE-2016-1982. Bug discovered with afl-fuzz and AddressSanitizer.
+ </p>
+ <p>Remove empty Host headers in client requests. Previously they
+ would result in invalid reads. CVE-2016-1983. Bug discovered with
+ afl-fuzz and AddressSanitizer.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1982</cvename>
+ <cvename>CVE-2016-1983</cvename>
+ <freebsdpr>ports/206504</freebsdpr>
+ <url>http://www.privoxy.org/3.0.24/user-manual/whatsnew.html</url>
+ <url>http://www.openwall.com/lists/oss-security/2016/01/21/4</url>
+ </references>
+ <dates>
+ <discovery>2016-01-22</discovery>
+ <entry>2016-01-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="d9e1b569-c3d8-11e5-b5fe-002590263bf5">
+ <topic>privoxy -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>privoxy</name>
+ <range><lt>3.0.23</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Privoxy Developers reports:</p>
+ <blockquote cite="http://www.privoxy.org/3.0.23/user-manual/whatsnew.html">
+ <p>Fixed a DoS issue in case of client requests with incorrect
+ chunk-encoded body. When compiled with assertions enabled (the
+ default) they could previously cause Privoxy to abort(). Reported
+ by Matthew Daley. CVE-2015-1380.</p>
+ <p>Fixed multiple segmentation faults and memory leaks in the pcrs
+ code. This fix also increases the chances that an invalid pcrs
+ command is rejected as such. Previously some invalid commands would
+ be loaded without error. Note that Privoxy's pcrs sources (action
+ and filter files) are considered trustworthy input and should not be
+ writable by untrusted third-parties. CVE-2015-1381.</p>
+ <p>Fixed an 'invalid read' bug which could at least theoretically
+ cause Privoxy to crash. So far, no crashes have been observed.
+ CVE-2015-1382.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-1380</cvename>
+ <cvename>CVE-2015-1381</cvename>
+ <cvename>CVE-2015-1382</cvename>
+ <freebsdpr>ports/197089</freebsdpr>
+ <url>http://www.privoxy.org/3.0.23/user-manual/whatsnew.html</url>
+ <url>http://www.openwall.com/lists/oss-security/2015/01/26/4</url>
+ </references>
+ <dates>
+ <discovery>2015-01-26</discovery>
+ <entry>2016-01-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="89d4ed09-c3d7-11e5-b5fe-002590263bf5">
+ <topic>privoxy -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>privoxy</name>
+ <range><lt>3.0.22</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Privoxy Developers reports:</p>
+ <blockquote cite="http://www.privoxy.org/3.0.22/user-manual/whatsnew.html">
+ <p>Fixed a memory leak when rejecting client connections due to the
+ socket limit being reached (CID 66382). This affected Privoxy 3.0.21
+ when compiled with IPv6 support (on most platforms this is the
+ default).</p>
+ <p>Fixed an immediate-use-after-free bug (CID 66394) and two
+ additional unconfirmed use-after-free complaints made by Coverity
+ scan (CID 66391, CID 66376).</p>
+ </blockquote>
+ <p>MITRE reports:</p>
+ <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1201">
+ <p>Privoxy before 3.0.22 allows remote attackers to cause a denial
+ of service (file descriptor consumption) via unspecified vectors.
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-1030</cvename>
+ <cvename>CVE-2015-1031</cvename>
+ <cvename>CVE-2015-1201</cvename>
+ <freebsdpr>ports/195468</freebsdpr>
+ <url>http://www.privoxy.org/3.0.22/user-manual/whatsnew.html</url>
+ <url>http://www.openwall.com/lists/oss-security/2015/01/11/1</url>
+ </references>
+ <dates>
+ <discovery>2015-01-10</discovery>
+ <entry>2016-01-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="ad82b0e9-c3d6-11e5-b5fe-002590263bf5">
+ <topic>privoxy -- malicious server spoofing as proxy vulnerability</topic>
+ <affects>
+ <package>
+ <name>privoxy</name>
+ <range><lt>3.0.21</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Privoxy Developers reports:</p>
+ <blockquote cite="http://www.privoxy.org/3.0.21/user-manual/whatsnew.html">
+ <p>Proxy authentication headers are removed unless the new directive
+ enable-proxy-authentication-forwarding is used. Forwarding the
+ headers potentially allows malicious sites to trick the user into
+ providing them with login information. Reported by Chris John Riley.
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2013-2503</cvename>
+ <freebsdpr>ports/176813</freebsdpr>
+ <url>http://www.privoxy.org/3.0.21/user-manual/whatsnew.html</url>
+ </references>
+ <dates>
+ <discovery>2013-03-07</discovery>
+ <entry>2016-01-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="2e8cdd36-c3cc-11e5-b5fe-002590263bf5">
+ <topic>sudo -- potential privilege escalation via symlink misconfiguration</topic>
+ <affects>
+ <package>
+ <name>sudo</name>
+ <range><lt>1.8.15</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>MITRE reports:</p>
+ <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5602">
+ <p>sudoedit in Sudo before 1.8.15 allows local users to gain
+ privileges via a symlink attack on a file whose full path is defined
+ using multiple wildcards in /etc/sudoers, as demonstrated by
+ "/home/*/*/file.txt."</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-5602</cvename>
+ <freebsdpr>ports/206590</freebsdpr>
+ <url>https://www.exploit-db.com/exploits/37710/</url>
+ <url>https://bugzilla.sudo.ws/show_bug.cgi?id=707</url>
+ <url>http://www.sudo.ws/stable.html#1.8.15</url>
+ </references>
+ <dates>
+ <discovery>2015-11-17</discovery>
+ <entry>2016-01-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="99d3a8a5-c13c-11e5-96d6-14dae9d210b8">
+ <topic>imlib2 -- denial of service vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>imlib2</name>
+ <range><lt>1.4.7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Enlightenment reports:</p>
+ <blockquote cite="https://git.enlightenment.org/legacy/imlib2.git/tree/ChangeLog">
+ <p>GIF loader: Fix segv on images without colormap</p>
+ <p>Prevent division-by-zero crashes.</p>
+ <p>Fix segfault when opening input/queue/id:000007,src:000000,op:flip1,pos:51 with feh</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://git.enlightenment.org/legacy/imlib2.git/tree/ChangeLog</url>
+ <url>http://seclists.org/oss-sec/2016/q1/162</url>
+ <cvename>CVE-2014-9762</cvename>
+ <cvename>CVE-2014-9763</cvename>
+ <cvename>CVE-2014-9764</cvename>
+ </references>
+ <dates>
+ <discovery>2013-12-21</discovery>
+ <entry>2016-01-22</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="b4578647-c12b-11e5-96d6-14dae9d210b8">
+ <topic>bind -- denial of service vulnerability</topic>
+ <affects>
+ <package>
+ <name>bind99</name>
+ <range><lt>9.9.8P3</lt></range>
+ </package>
+ <package>
+ <name>bind910</name>
+ <range><lt>9.10.3P3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>ISC reports:</p>
+ <blockquote cite="https://kb.isc.org/article/AA-01335">
+ <p>Specific APL data could trigger an INSIST in apl_42.c</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://kb.isc.org/article/AA-01335</url>
+ <cvename>CVE-2015-8704</cvename>
+ </references>
+ <dates>
+ <discovery>2016-01-19</discovery>
+ <entry>2016-01-22</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="371bbea9-3836-4832-9e70-e8e928727f8c">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <name>chromium-npapi</name>
+ <name>chromium-pulse</name>
+ <range><lt>48.0.2564.82</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="http://googlechromereleases.blogspot.de/2016/01/stable-channel-update_20.html">
+ <p>This update includes 37 security fixes, including:</p>
+ <ul>
+ <li>[497632] High CVE-2016-1612: Bad cast in V8.</li>
+ <li>[572871] High CVE-2016-1613: Use-after-free in PDFium.</li>
+ <li>[544691] Medium CVE-2016-1614: Information leak in Blink.</li>
+ <li>[468179] Medium CVE-2016-1615: Origin confusion in Omnibox.</li>
+ <li>[541415] Medium CVE-2016-1616: URL Spoofing.</li>
+ <li>[544765] Medium CVE-2016-1617: History sniffing with HSTS and
+ CSP.</li>
+ <li>[552749] Medium CVE-2016-1618: Weak random number generator in
+ Blink.</li>
+ <li>[557223] Medium CVE-2016-1619: Out-of-bounds read in
+ PDFium.</li>
+ <li>[579625] CVE-2016-1620: Various fixes from internal audits,
+ fuzzing and other initiatives.</li>
+ <li>Multiple vulnerabilities in V8 fixed at the tip of the 4.8
+ branch.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1612</cvename>
+ <cvename>CVE-2016-1613</cvename>
+ <cvename>CVE-2016-1614</cvename>
+ <cvename>CVE-2016-1615</cvename>
+ <cvename>CVE-2016-1616</cvename>
+ <cvename>CVE-2016-1617</cvename>
+ <cvename>CVE-2016-1618</cvename>
+ <cvename>CVE-2016-1619</cvename>
+ <cvename>CVE-2016-1620</cvename>
+ <url>http://googlechromereleases.blogspot.de/2016/01/stable-channel-update_20.html</url>
+ </references>
+ <dates>
+ <discovery>2016-01-20</discovery>
+ <entry>2016-01-21</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="5237f5d7-c020-11e5-b397-d050996490d0">
+ <topic>ntp -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>ntp</name>
+ <range><lt>4.2.8p6</lt></range>
+ </package>
+ <package>
+ <name>ntp-devel</name>
+ <range><lt>4.3.90</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Network Time Foundation reports:</p>
+ <blockquote cite="http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit">
+ <p>NTF's NTP Project has been notified of the following low-
+ and medium-severity vulnerabilities that are fixed in
+ ntp-4.2.8p6, released on Tuesday, 19 January 2016:</p>
+ <ul>
+ <li>Bug 2948 / CVE-2015-8158: Potential Infinite Loop
+ in ntpq. Reported by Cisco ASIG.</li>
+ <li>Bug 2945 / CVE-2015-8138: origin: Zero Origin
+ Timestamp Bypass. Reported by Cisco ASIG.</li>
+ <li>Bug 2942 / CVE-2015-7979: Off-path Denial of
+ Service (DoS) attack on authenticated broadcast
+ mode. Reported by Cisco ASIG.</li>
+ <li>Bug 2940 / CVE-2015-7978: Stack exhaustion in
+ recursive traversal of restriction list.
+ Reported by Cisco ASIG.</li>
+ <li>Bug 2939 / CVE-2015-7977: reslist NULL pointer
+ dereference. Reported by Cisco ASIG.</li>
+ <li>Bug 2938 / CVE-2015-7976: ntpq saveconfig command
+ allows dangerous characters in filenames.
+ Reported by Cisco ASIG.</li>
+ <li>Bug 2937 / CVE-2015-7975: nextvar() missing length
+ check. Reported by Cisco ASIG.</li>
+ <li>Bug 2936 / CVE-2015-7974: Skeleton Key: Missing
+ key check allows impersonation between authenticated
+ peers. Reported by Cisco ASIG.</li>
+ <li>Bug 2935 / CVE-2015-7973: Deja Vu: Replay attack on
+ authenticated broadcast mode. Reported by Cisco ASIG.</li>
+ </ul>
+ <p>Additionally, mitigations are published for the following
+ two issues:</p>
+ <ul>
+ <li>Bug 2947 / CVE-2015-8140: ntpq vulnerable to replay
+ attacks. Reported by Cisco ASIG.</li>
+ <li>Bug 2946 / CVE-2015-8139: Origin Leak: ntpq and ntpdc,
+ disclose origin. Reported by Cisco ASIG.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7973</cvename>
+ <cvename>CVE-2015-7974</cvename>
+ <cvename>CVE-2015-7975</cvename>
+ <cvename>CVE-2015-7976</cvename>
+ <cvename>CVE-2015-7977</cvename>
+ <cvename>CVE-2015-7978</cvename>
+ <cvename>CVE-2015-7979</cvename>
+ <cvename>CVE-2015-8138</cvename>
+ <cvename>CVE-2015-8139</cvename>
+ <cvename>CVE-2015-8140</cvename>
+ <cvename>CVE-2015-8158</cvename>
+ <url>http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit</url>
+ </references>
+ <dates>
+ <discovery>2016-01-20</discovery>
+ <entry>2016-01-21</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="62c0dbbd-bfce-11e5-b5fe-002590263bf5">
+ <topic>cgit -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>cgit</name>
+ <range><lt>0.12</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jason A. Donenfeld reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2016/01/14/6">
+ <p>Reflected Cross Site Scripting and Header Injection in Mimetype
+ Query String.</p>
+ <p>Stored Cross Site Scripting and Header Injection in Filename
+ Parameter.</p>
+ <p>Integer Overflow resulting in Buffer Overflow.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1899</cvename>
+ <cvename>CVE-2016-1900</cvename>
+ <cvename>CVE-2016-1901</cvename>
+ <freebsdpr>ports/206417</freebsdpr>
+ <url>http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html</url>
+ <url>http://www.openwall.com/lists/oss-security/2016/01/14/6</url>
+ </references>
+ <dates>
+ <discovery>2016-01-14</discovery>
+ <entry>2016-01-20</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="314830d8-bf91-11e5-96d6-14dae9d210b8">
+ <topic>bind -- denial of service vulnerability</topic>
+ <affects>
+ <package>
+ <name>bind910</name>
+ <range><lt>9.10.3P3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>ISC reports:</p>
+ <blockquote cite="https://kb.isc.org/article/AA-01336">
+ <p>Problems converting OPT resource records and ECS options to
+ text format can cause BIND to terminate</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://kb.isc.org/article/AA-01336</url>
+ <cvename>CVE-2015-8705</cvename>
+ </references>
+ <dates>
+ <discovery>2016-01-19</discovery>
+ <entry>2016-01-20</entry>
+ <modified>2016-01-22</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="51358314-bec8-11e5-82cd-bcaec524bf84">
+ <topic>claws-mail -- no bounds checking on the output buffer in conv_jistoeuc, conv_euctojis, conv_sjistoeuc</topic>
+ <affects>
+ <package>
+ <name>claws-mail</name>
+ <range><lt>3.13.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>DrWhax reports:</p>
+ <blockquote cite="http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557">
+ <p>So in codeconv.c there is a function for japanese character set
+ conversion called conv_jistoeuc(). There is no bounds checking on
+ the output buffer, which is created on the stack with alloca()
+ Bug can be triggered by sending an email to TAILS_luser at riseup.net
+ or whatever.
+
+ Since my C is completely rusty, you might be able to make a better
+ judgement on the severity of this issue. Marking critical for now.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8614</cvename>
+ <url>https://security-tracker.debian.org/tracker/CVE-2015-8614</url>
+ </references>
+ <dates>
+ <discovery>2015-11-04</discovery>
+ <entry>2016-01-19</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7c63775e-be31-11e5-b5fe-002590263bf5">
+ <topic>libarchive -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>libarchive</name>
+ <range><lt>3.1.2_5,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>MITRE reports:</p>
+ <blockquote cite="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0211">
+ <p>Integer signedness error in the archive_write_zip_data function in
+ archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when
+ running on 64-bit machines, allows context-dependent attackers to
+ cause a denial of service (crash) via unspecified vectors, which
+ triggers an improper conversion between unsigned and signed types,
+ leading to a buffer overflow.</p>
+ </blockquote>
+ <blockquote cite="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2304">
+ <p>Absolute path traversal vulnerability in bsdcpio in libarchive
+ 3.1.2 and earlier allows remote attackers to write to arbitrary
+ files via a full pathname in an archive.</p>
+ </blockquote>
+ <p>Libarchive issue tracker reports:</p>
+ <blockquote cite="https://github.com/libarchive/libarchive/issues/502">
+ <p>Using a crafted tar file bsdtar can perform an out-of-bounds memory
+ read which will lead to a SEGFAULT. The issue exists when the
+ executable skips data in the archive. The amount of data to skip is
+ defined in byte offset [16-19] If ASLR is disabled, the issue can
+ lead to an infinite loop.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2013-0211</cvename>
+ <cvename>CVE-2015-2304</cvename>
+ <freebsdpr>ports/200176</freebsdpr>
+ <url>https://github.com/libarchive/libarchive/pull/110</url>
+ <url>https://github.com/libarchive/libarchive/commit/5935715</url>
+ <url>https://github.com/libarchive/libarchive/commit/2253154</url>
+ <url>https://github.com/libarchive/libarchive/issues/502</url>
+ <url>https://github.com/libarchive/libarchive/commit/3865cf2</url>
+ <url>https://github.com/libarchive/libarchive/commit/e6c9668</url>
+ <url>https://github.com/libarchive/libarchive/commit/24f5de6</url>
+ </references>
+ <dates>
+ <discovery>2012-12-06</discovery>
+ <entry>2016-01-18</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6809c6db-bdeb-11e5-b5fe-002590263bf5">
+ <topic>go -- information disclosure vulnerability</topic>
+ <affects>
+ <package>
+ <name>go</name>
+ <range><ge>1.5,1</ge><lt>1.5.3,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jason Buberel reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2016/01/13/7">
+ <p>A security-related issue has been reported in Go's math/big
+ package. The issue was introduced in Go 1.5. We recommend that all
+ users upgrade to Go 1.5.3, which fixes the issue. Go programs must
+ be recompiled with Go 1.5.3 in order to receive the fix.</p>
+ <p>The Go team would like to thank Nick Craig-Wood for identifying the
+ issue.</p>
+ <p>This issue can affect RSA computations in crypto/rsa, which is used
+ by crypto/tls. TLS servers on 32-bit systems could plausibly leak
+ their RSA private key due to this issue. Other protocol
+ implementations that create many RSA signatures could also be
+ impacted in the same way.</p>
+ <p>Specifically, incorrect results in one part of the RSA Chinese
+ Remainder computation can cause the result to be incorrect in such a
+ way that it leaks one of the primes. While RSA blinding should
+ prevent an attacker from crafting specific inputs that trigger the
+ bug, on 32-bit systems the bug can be expected to occur at random
+ around one in 2^26 times. Thus collecting around 64 million
+ signatures (of known data) from an affected server should be enough
+ to extract the private key used.</p>
+ <p>On 64-bit systems, the frequency of the bug is so low (less than
+ one in 2^50) that it would be very difficult to exploit.
+ Nonetheless, everyone is strongly encouraged to upgrade.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8618</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2016/01/13/7</url>
+ <url>https://go-review.googlesource.com/#/c/17672/</url>
+ <url>https://go-review.googlesource.com/#/c/18491/</url>
+ </references>
+ <dates>
+ <discovery>2016-01-13</discovery>
+ <entry>2016-01-18</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="05eeb7e9-b987-11e5-83ef-14dae9d210b8">
+ <topic>isc-dhcpd -- Denial of Service</topic>
+ <affects>
+ <package>
+ <name>isc-dhcp41-server</name>
+ <range><lt>4.1.e_10,2</lt></range>
+ </package>
+ <package>
+ <name>isc-dhcp41-client</name>
+ <range><lt>4.1.e_3,2</lt></range>
+ </package>
+ <package>
+ <name>isc-dhcp41-relay</name>
+ <range><lt>4.1.e_6,2</lt></range>
+ </package>
+ <package>
+ <name>isc-dhcp42-client</name>
+ <name>isc-dhcp42-server</name>
+ <name>isc-dhcp42-relay</name>
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>isc-dhcp43-client</name>
+ <name>isc-dhcp43-server</name>
+ <name>isc-dhcp43-relay</name>
+ <range><lt>4.3.3.p1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>ISC reports:</p>
+ <blockquote cite="https://kb.isc.org/article/AA-01334">
+ <p>A badly formed packet with an invalid IPv4 UDP length field
+ can cause a DHCP server, client, or relay program to terminate
+ abnormally.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://kb.isc.org/article/AA-01334</url>
+ <cvename>CVE-2015-8605</cvename>
+ </references>
+ <dates>
+ <discovery>2016-01-05</discovery>
+ <entry>2016-01-12</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="3b5c2362-bd07-11e5-b7ef-5453ed2e2b49">
+ <topic>libproxy -- stack-based buffer overflow</topic>
+ <affects>
+ <!-- libproxy-python is not affected. It only installs a .py file that
+ dlopen()s libproxy.so. -->
+ <package>
+ <name>libproxy</name>
+ <range><ge>0.4.0</ge><lt>0.4.6_1</lt></range>
+ </package>
+ <package>
+ <name>libproxy-gnome</name>
+ <range><ge>0.4.0</ge><lt>0.4.6_2</lt></range>
+ </package>
+ <package>
+ <name>libproxy-kde</name>
+ <range><ge>0.4.0</ge><lt>0.4.6_6</lt></range>
+ </package>
+ <package>
+ <name>libproxy-perl</name>
+ <range><ge>0.4.0</ge><lt>0.4.6_3</lt></range>
+ </package>
+ <package>
+ <name>libproxy-webkit</name>
+ <range><ge>0.4.0</ge><lt>0.4.6_4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Tomas Hoger reports:</p>
+ <blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=864417#c0">
+ <p>A buffer overflow flaw was discovered in the libproxy's
+ url::get_pac() used to download proxy.pac proxy auto-configuration
+ file. A malicious host hosting proxy.pac, or a man in the middle
+ attacker, could use this flaw to trigger a stack-based buffer
+ overflow in an application using libproxy, if proxy configuration
+ instructed it to download proxy.pac file from a remote HTTP
+ server.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2012-4504</cvename>
+ <url>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504</url>
+ <mlist>http://www.openwall.com/lists/oss-security/2012/10/12/1</mlist>
+ <url>https://github.com/libproxy/libproxy/commit/c440553c12836664afd24a24fb3a4d10a2facd2c</url>
+ <url>https://bugzilla.redhat.com/show_bug.cgi?id=864417</url>
+ <mlist>https://groups.google.com/forum/?fromgroups=#!topic/libproxy/VxZ8No7mT0E</mlist>
+ </references>
+ <dates>
+ <discovery>2012-10-10</discovery>
+ <entry>2016-01-17</entry>
+ <modified>2016-01-18</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="046fedd1-bd01-11e5-bbf4-5404a68ad561">
+ <topic>ffmpeg -- remote attacker can access local files</topic>
+ <affects>
+ <package>
+ <name>ffmpeg</name>
+ <range>
+ <gt>2.0,1</gt>
+ <lt>2.8.5,1</lt>
+ </range>
+ </package>
+ <package>
+ <name>mplayer</name>
+ <name>mencoder</name>
+ <range>
+ <lt>1.2.r20151219_2</lt>
+ </range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Arch Linux reports:</p>
+ <blockquote cite="https://bugs.archlinux.org/task/47738">
+ <p>ffmpeg has a vulnerability in the current version that allows the
+ attacker to create a specially crafted video file, downloading which
+ will send files from a user PC to a remote attacker server. The
+ attack does not even require the user to open that file — for
+ example, KDE Dolphin thumbnail generation is enough.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1897</cvename>
+ <cvename>CVE-2016-1898</cvename>
+ <freebsdpr>ports/206282</freebsdpr>
+ <url>https://www.ffmpeg.org/security.html</url>
+ </references>
+ <dates>
+ <discovery>2016-01-13</discovery>
+ <entry>2016-01-17</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6c808811-bb9a-11e5-a65c-485d605f4717">
+ <topic>h2o -- directory traversal vulnerability</topic>
+ <affects>
+ <package>
+ <name>h2o</name>
+ <range><lt>1.6.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Yakuzo OKU reports:</p>
+ <blockquote cite="http://h2o.examp1e.net/vulnerabilities.html">
+ <p>When redirect directive is used, this flaw allows a remote
+ attacker to inject response headers into an HTTP redirect response.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1133</cvename>
+ <url>https://h2o.examp1e.net/vulnerabilities.html</url>
+ </references>
+ <dates>
+ <discovery>2016-01-13</discovery>
+ <entry>2016-01-15</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="dfe0cdc1-baf2-11e5-863a-b499baebfeaf">
+ <topic>openssh -- information disclosure</topic>
+ <affects>
+ <package>
+ <name>openssh-portable</name>
+ <range>
+ <gt>5.4.p0,1</gt>
+ <lt>7.1.p2,1</lt>
+ </range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>OpenSSH reports:</p>
+ <blockquote cite="http://www.openssh.com/security.html">
+ <p>OpenSSH clients between versions 5.4 and 7.1 are vulnerable to
+ information disclosure that may allow a malicious server to retrieve
+ information including under some circumstances, user's private keys.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.openssh.com/security.html</url>
+ <cvename>CVE-2016-0777</cvename>
+ <cvename>CVE-2016-0778</cvename>
+ </references>
+ <dates>
+ <discovery>2016-01-14</discovery>
+ <entry>2016-01-14</entry>
+ <modified>2016-01-15</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="842cd117-ba54-11e5-9728-002590263bf5">
+ <topic>prosody -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>prosody</name>
+ <range><lt>0.9.9</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Prosody Team reports:</p>
+ <blockquote cite="http://blog.prosody.im/prosody-0-9-9-security-release/">
+ <p>Fix path traversal vulnerability in mod_http_files
+ (CVE-2016-1231)</p>
+ <p>Fix use of weak PRNG in generation of dialback secrets
+ (CVE-2016-1232)</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1231</cvename>
+ <cvename>CVE-2016-1232</cvename>
+ <freebsdpr>ports/206150</freebsdpr>
+ <url>http://blog.prosody.im/prosody-0-9-9-security-release/</url>
+ </references>
+ <dates>
+ <discovery>2016-01-08</discovery>
+ <entry>2016-01-14</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a7a4e96c-ba50-11e5-9728-002590263bf5">
+ <topic>kibana4 -- XSS vulnerability</topic>
+ <affects>
+ <package>
+ <name>kibana4</name>
+ <name>kibana41</name>
+ <range><lt>4.1.4</lt></range>
+ </package>
+ <package>
+ <name>kibana42</name>
+ <range><lt>4.2.2</lt></range>
+ </package>
+ <package>
+ <name>kibana43</name>
+ <range><lt>4.3.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Elastic reports:</p>
+ <blockquote cite="https://www.elastic.co/blog/kibana-4-3-1-and-4-2-2-and-4-1-4">
+ <p>Fixes XSS vulnerability (CVE pending) - Thanks to Vladimir Ivanov
+ for responsibly reporting.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <freebsdpr>ports/205961</freebsdpr>
+ <freebsdpr>ports/205962</freebsdpr>
+ <freebsdpr>ports/205963</freebsdpr>
+ <url>https://www.elastic.co/blog/kibana-4-3-1-and-4-2-2-and-4-1-4</url>
+ </references>
+ <dates>
+ <discovery>2015-12-17</discovery>
+ <entry>2016-01-13</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="333f655a-b93a-11e5-9efa-5453ed2e2b49">
+ <topic>p5-PathTools -- File::Spec::canonpath loses taint</topic>
+ <affects>
+ <package>
+ <name>p5-PathTools</name>
+ <range>
+ <gt>3.4000</gt>
+ <lt>3.6200</lt>
+ </range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Ricardo Signes reports:</p>
+ <blockquote>
+ <p>Beginning in PathTools 3.47 and/or perl 5.20.0, the
+ File::Spec::canonpath() routine returned untained strings even if
+ passed tainted input. This defect undermines the guarantee of taint
+ propagation, which is sometimes used to ensure that unvalidated
+ user input does not reach sensitive code.</p>
+ <p>This defect was found and reported by David Golden of MongoDB.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8607</cvename>
+ <url>https://rt.perl.org/Public/Bug/Display.html?id=126862</url>
+ </references>
+ <dates>
+ <discovery>2016-01-11</discovery>
+ <entry>2016-01-12</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6b771fe2-b84e-11e5-92f9-485d605f4717">
+ <topic>php -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>php55</name>
+ <name>php55-gd</name>
+ <name>php55-wddx</name>
+ <name>php55-xmlrpc</name>
+ <range><lt>5.5.31</lt></range>
+ </package>
+ <package>
+ <name>php56</name>
+ <name>php56-gd</name>
+ <name>php56-soap</name>
+ <name>php56-wddx</name>
+ <name>php56-xmlrpc</name>
+ <range><lt>5.6.17</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>PHP reports:</p>
+ <blockquote cite="http://www.php.net/ChangeLog-5.php#5.5.31">
+ <ul><li>Core:
+ <ul>
+ <li>Fixed bug #70755 (fpm_log.c memory leak and buffer overflow).</li>
+ </ul></li>
+ <li>GD:
+ <ul>
+ <li>Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array
+ Index Out of Bounds).</li>
+ </ul></li>
+ <li>SOAP:
+ <ul>
+ <li>Fixed bug #70900 (SoapClient systematic out of memory error).</li>
+ </ul></li>
+ <li>Wddx
+ <ul>
+ <li>Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet
+ Deserialization).</li>
+ <li>Fixed bug #70741 (Session WDDX Packet Deserialization Type
+ Confusion Vulnerability).</li>
+ </ul></li>
+ <li>XMLRPC:
+ <ul>
+ <li>Fixed bug #70728 (Type Confusion Vulnerability in
+ PHP_to_XMLRPC_worker()).</li>
+ </ul></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.php.net/ChangeLog-5.php#5.5.31</url>
+ <url>http://www.php.net/ChangeLog-5.php#5.6.17</url>
+ </references>
+ <dates>
+ <discovery>2016-01-07</discovery>
+ <entry>2016-01-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="5f276780-b6ce-11e5-9731-5453ed2e2b49">
+ <topic>pygments -- shell injection vulnerability</topic>
+ <affects>
+ <package>
+ <name>py27-pygments</name>
+ <name>py32-pygments</name>
+ <name>py33-pygments</name>
+ <name>py34-pygments</name>
+ <name>py35-pygments</name>
+ <range><lt>2.0.2_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>NVD reports:</p>
+ <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8557">
+ <p>The FontManager._get_nix_font_path function in formatters/img.py
+ in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute
+ arbitrary commands via shell metacharacters in a font name.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8557</cvename>
+ <mlist>http://seclists.org/fulldisclosure/2015/Oct/4</mlist>
+ <url>https://bitbucket.org/birkenfeld/pygments-main/commits/0036ab1c99e256298094505e5e92fdacdfc5b0a8</url>
+ </references>
+ <dates>
+ <discovery>2015-09-28</discovery>
+ <entry>2016-01-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="631fc042-b636-11e5-83ef-14dae9d210b8">
+ <topic>polkit -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>polkit</name>
+ <range><lt>0.113</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Colin Walters reports:</p>
+ <blockquote cite="http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html">
+ <ul>
+ <li><p>Integer overflow in the
+ authentication_agent_new_cookie function in PolicyKit (aka polkit)
+ before 0.113 allows local users to gain privileges by creating a large
+ number of connections, which triggers the issuance of a duplicate cookie
+ value.</p></li>
+ <li><p>The authentication_agent_new function in
+ polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka
+ polkit) before 0.113 allows local users to cause a denial of service
+ (NULL pointer dereference and polkitd daemon crash) by calling
+ RegisterAuthenticationAgent with an invalid object path.</p></li>
+ <li><p>The polkit_backend_action_pool_init function in
+ polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before
+ 0.113 might allow local users to gain privileges via duplicate action
+ IDs in action descriptions.</p></li>
+ <li><p>PolicyKit (aka polkit) before 0.113 allows local
+ users to cause a denial of service (memory corruption and polkitd daemon
+ crash) and possibly gain privileges via unspecified vectors, related to
+ "javascript rule evaluation."</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html</url>
+ <cvename>CVE-2015-4625</cvename>
+ <cvename>CVE-2015-3218</cvename>
+ <cvename>CVE-2015-3255</cvename>
+ <cvename>CVE-2015-3256</cvename>
+ </references>
+ <dates>
+ <discovery>2015-06-03</discovery>
+ <entry>2016-01-08</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="b22b016b-b633-11e5-83ef-14dae9d210b8">
+ <topic>librsync -- collision vulnerability</topic>
+ <affects>
+ <package>
+ <name>librsync</name>
+ <range><lt>1.0.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Michael Samuel reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2014/07/28/1">
+ <p>librsync before 1.0.0 uses a truncated MD4 checksum to
+ match blocks, which makes it easier for remote attackers to modify
+ transmitted data via a birthday attack.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.openwall.com/lists/oss-security/2014/07/28/1</url>
+ <cvename>CVE-2014-8242</cvename>
+ </references>
+ <dates>
+ <discovery>2014-07-28</discovery>
+ <entry>2016-01-08</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="4eae4f46-b5ce-11e5-8a2b-d050996490d0">
+ <topic>ntp -- denial of service vulnerability</topic>
+ <affects>
+ <package>
+ <name>ntp</name>
+ <range><lt>4.2.8p5</lt></range>
+ </package>
+ <package>
+ <name>ntp-devel</name>
+ <range><lt>4.3.78</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Network Time Foundation reports:</p>
+ <blockquote cite="http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit">
+ <p>NTF's NTP Project has been notified of the following
+ 1 medium-severity vulnerability that is fixed in
+ ntp-4.2.8p5, released on Thursday, 7 January 2016:</p>
+ <p>NtpBug2956: Small-step/Big-step CVE-2015-5300</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-5300</cvename>
+ <url>https://www.cs.bu.edu/~goldbe/NTPattack.html</url>
+ <url>http://support.ntp.org/bin/view/Main/NtpBug2956</url>
+ <url>http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit</url>
+ </references>
+ <dates>
+ <discovery>2015-10-21</discovery>
+ <entry>2016-01-08</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="df587aa2-b5a5-11e5-9728-002590263bf5">
+ <topic>dhcpcd -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>dhcpcd</name>
+ <range><lt>6.10.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Nico Golde reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2016/01/07/3">
+ <p>heap overflow via malformed dhcp responses later in print_option
+ (via dhcp_envoption1) due to incorrect option length values.
+ Exploitation is non-trivial, but I'd love to be proven wrong.</p>
+ <p>invalid read/crash via malformed dhcp responses. not exploitable
+ beyond DoS as far as I can judge.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1503</cvename>
+ <cvename>CVE-2016-1504</cvename>
+ <freebsdpr>ports/206015</freebsdpr>
+ <url>http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9def1300d7ba990679571fa30</url>
+ <url>http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d8fabf33059aa4689cca17403</url>
+ <url>http://www.openwall.com/lists/oss-security/2016/01/07/3</url>
+ </references>
+ <dates>
+ <discovery>2016-01-04</discovery>
+ <entry>2016-01-08</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="4084168e-b531-11e5-a98c-0011d823eebd">
+ <topic>mbedTLS/PolarSSL -- SLOTH attack on TLS 1.2 server authentication</topic>
+ <affects>
+ <package>
+ <name>polarssl13</name>
+ <range><lt>1.3.16</lt></range>
+ </package>
+ <package>
+ <name>mbedtls</name>
+ <range><lt>2.2.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>ARM Limited reports:</p>
+ <blockquote cite="https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl.1.2.19-released">
+ <p>MD5 handshake signatures in TLS 1.2 are vulnerable to the SLOTH attack
+ on TLS 1.2 server authentication. They have been disabled by default.
+ Other attacks from the SLOTH paper do not apply to any version of mbed
+ TLS or PolarSSL.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl.1.2.19-released</url>
+ </references>
+ <dates>
+ <discovery>2016-01-04</discovery>
+ <entry>2016-01-07</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6aa2d135-b40e-11e5-9728-002590263bf5">
+ <topic>xen-kernel -- ioreq handling possibly susceptible to multiple read issue</topic>
+ <affects>
+ <package>
+ <name>xen-kernel</name>
+ <range><lt>4.5.2_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-166.html">
+ <p>Single memory accesses in source code can be translated to multiple
+ ones in machine code by the compiler, requiring special caution when
+ accessing shared memory. Such precaution was missing from the
+ hypervisor code inspecting the state of I/O requests sent to the
+ device model for assistance.</p>
+ <p>Due to the offending field being a bitfield, it is however believed
+ that there is no issue in practice, since compilers, at least when
+ optimizing (which is always the case for non-debug builds), should find
+ it more expensive to extract the bit field value twice than to keep the
+ calculated value in a register.</p>
+ <p>This vulnerability is exposed to malicious device models. In
+ conventional Xen systems this means the qemu which service an HVM
+ domain. On such systems this vulnerability can only be exploited if
+ the attacker has gained control of the device model qemu via another
+ vulnerability.</p>
+ <p>Privilege escalation, host crash (Denial of Service), and leaked
+ information all cannot be excluded.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <freebsdpr>ports/205841</freebsdpr>
+ <url>http://xenbits.xen.org/xsa/advisory-166.html</url>
+ </references>
+ <dates>
+ <discovery>2015-12-17</discovery>
+ <entry>2016-01-06</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e839ca04-b40d-11e5-9728-002590263bf5">
+ <topic>xen-kernel -- information leak in legacy x86 FPU/XMM initialization</topic>
+ <affects>
+ <package>
+ <name>xen-kernel</name>
+ <range><lt>4.5.2_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-165.html">
+ <p>When XSAVE/XRSTOR are not in use by Xen to manage guest extended
+ register state, the initial values in the FPU stack and XMM
+ registers seen by the guest upon first use are those left there by
+ the previous user of those registers.</p>
+ <p>A malicious domain may be able to leverage this to obtain sensitive
+ information such as cryptographic keys from another domain.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8555</cvename>
+ <freebsdpr>ports/205841</freebsdpr>
+ <url>http://xenbits.xen.org/xsa/advisory-165.html</url>
+ </references>
+ <dates>
+ <discovery>2015-12-17</discovery>
+ <entry>2016-01-06</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="5d1d4473-b40d-11e5-9728-002590263bf5">
+ <topic>xen-tools -- libxl leak of pv kernel and initrd on error</topic>
+ <affects>
+ <package>
+ <name>xen-tools</name>
+ <range><ge>4.1</ge><lt>4.5.2_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-160.html">
+ <p>When constructing a guest which is configured to use a PV
+ bootloader which runs as a userspace process in the toolstack domain
+ (e.g. pygrub) libxl creates a mapping of the files to be used as
+ kernel and initial ramdisk when building the guest domain.</p>
+ <p>However if building the domain subsequently fails these mappings
+ would not be released leading to a leak of virtual address space in
+ the calling process, as well as preventing the recovery of the
+ temporary disk files containing the kernel and initial ramdisk.</p>
+ <p>For toolstacks which manage multiple domains within the same
+ process, an attacker who is able to repeatedly start a suitable
+ domain (or many such domains) can cause an out-of-memory condition in the
+ toolstack process, leading to a denial of service.</p>
+ <p>Under the same circumstances an attacker can also cause files to
+ accumulate on the toolstack domain filesystem (usually under /var in
+ dom0) used to temporarily store the kernel and initial ramdisk,
+ perhaps leading to a denial of service against arbitrary other
+ services using that filesystem.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8341</cvename>
+ <freebsdpr>ports/205841</freebsdpr>
+ <url>http://xenbits.xen.org/xsa/advisory-160.html</url>
+ </references>
+ <dates>
+ <discovery>2015-12-08</discovery>
+ <entry>2016-01-06</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="bcad3faa-b40c-11e5-9728-002590263bf5">
+ <topic>xen-kernel -- XENMEM_exchange error handling issues</topic>
+ <affects>
+ <package>
+ <name>xen-kernel</name>
+ <range><lt>4.5.2_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-159.html">
+ <p>Error handling in the operation may involve handing back pages to
+ the domain. This operation may fail when in parallel the domain gets
+ torn down. So far this failure unconditionally resulted in the host
+ being brought down due to an internal error being assumed. This is
+ CVE-2015-8339.</p>
+ <p>Furthermore error handling so far wrongly included the release of a
+ lock. That lock, however, was either not acquired or already released
+ on all paths leading to the error handling sequence. This is
+ CVE-2015-8340.</p>
+ <p>A malicious guest administrator may be able to deny service by
+ crashing the host or causing a deadlock.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8339</cvename>
+ <cvename>CVE-2015-8340</cvename>
+ <freebsdpr>ports/205841</freebsdpr>
+ <url>http://xenbits.xen.org/xsa/advisory-159.html</url>
+ </references>
+ <dates>
+ <discovery>2015-12-08</discovery>
+ <entry>2016-01-06</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="b65e4914-b3bc-11e5-8255-5453ed2e2b49">
+ <topic>tiff -- out-of-bounds read in CIE Lab image format</topic>
+ <affects>
+ <package>
+ <name>tiff</name>
+ <range><le>4.0.6</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>zzf of Alibaba discovered an out-of-bounds vulnerability in the code
+ processing the LogLUV and CIE Lab image format files. An attacker
+ could create a specially-crafted TIFF file that could cause libtiff
+ to crash.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8683</cvename>
+ <mlist>http://www.openwall.com/lists/oss-security/2015/12/25/2</mlist>
+ </references>
+ <dates>
+ <discovery>2015-12-25</discovery>
+ <entry>2016-01-05</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="bd349f7a-b3b9-11e5-8255-5453ed2e2b49">
+ <topic>tiff -- out-of-bounds read in tif_getimage.c</topic>
+ <affects>
+ <package>
+ <name>tiff</name>
+ <range><le>4.0.6</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>LMX of Qihoo 360 Codesafe Team discovered an out-of-bounds read in
+ tif_getimage.c. An attacker could create a specially-crafted TIFF
+ file that could cause libtiff to crash.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8665</cvename>
+ <mlist>http://www.openwall.com/lists/oss-security/2015/12/24/2</mlist>
+ </references>
+ <dates>
+ <discovery>2015-12-24</discovery>
+ <entry>2016-01-05</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="86c3c66e-b2f5-11e5-863a-b499baebfeaf">
+ <topic>unzip -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>unzip</name>
+ <range><lt>6.0_7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Gustavo Grieco reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/09/07/4">
+ <p>Two issues were found in unzip 6.0:</p>
+ <p> * A heap overflow triggered by unzipping a file with password
+ (e.g unzip -p -P x sigsegv.zip).</p>
+ <p> * A denegation of service with a file that never finishes unzipping
+ (e.g. unzip sigxcpu.zip).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.openwall.com/lists/oss-security/2015/09/07/4</url>
+ <freebsdpr>ports/204413</freebsdpr>
+ <cvename>CVE-2015-7696</cvename>
+ <cvename>CVE-2015-7697</cvename>
+ </references>
+ <dates>
+ <discovery>2015-09-26</discovery>
+ <entry>2016-01-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="bb961ff3-b3a4-11e5-8255-5453ed2e2b49">
+ <topic>cacti -- SQL injection vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>cacti</name>
+ <range><le>0.8.8f_1</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>NVD reports:</p>
+ <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8369">
+ <p>SQL injection vulnerability in include/top_graph_header.php in
+ Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary
+ SQL commands via the rra_id parameter in a properties action to
+ graph.php.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8369</cvename>
+ <url>http://bugs.cacti.net/view.php?id=2646</url>
+ <url>http://svn.cacti.net/viewvc?view=rev&revision=7767</url>
+ <mlist>http://seclists.org/fulldisclosure/2015/Dec/8</mlist>
+ </references>
+ <dates>
+ <discovery>2015-12-05</discovery>
+ <entry>2016-01-05</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="59e7eb28-b309-11e5-af83-80ee73b5dcf5">
+ <topic>kea -- unexpected termination while handling a malformed packet</topic>
+ <affects>
+ <package>
+ <name>kea</name>
+ <range><ge>0.9.2</ge><lt>1.0.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>ISC Support reports:</p>
+ <blockquote cite="https://kb.isc.org/article/AA-01318/0/CVE-2015-8373-ISC-Kea%3A-unexpected-termination-while-handling-a-malformed-packet.html">
+ <p>ISC Kea may terminate unexpectedly (crash) while handling
+ a malformed client packet. Related defects in the kea-dhcp4
+ and kea-dhcp6 servers can cause the server to crash during
+ option processing if a client sends a malformed packet.
+ An attacker sending a crafted malformed packet can cause
+ an ISC Kea server providing DHCP services to IPv4 or IPv6
+ clients to exit unexpectedly.</p>
+ <ul>
+ <li><p>The kea-dhcp4 server is vulnerable only in versions
+ 0.9.2 and 1.0.0-beta, and furthermore only when logging
+ at debug level 40 or higher. Servers running kea-dhcp4
+ versions 0.9.1 or lower, and servers which are not
+ logging or are logging at debug level 39 or below are
+ not vulnerable.</p></li>
+ <li><p>The kea-dhcp6 server is vulnerable only in versions
+ 0.9.2 and 1.0.0-beta, and furthermore only when
+ logging at debug level 45 or higher. Servers running
+ kea-dhcp6 versions 0.9.1 or lower, and servers
+ which are not logging or are logging at debug level 44
+ or below are not vulnerable.</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8373</cvename>
+ <url>https://kb.isc.org/article/AA-01318/0/CVE-2015-8373-ISC-Kea%3A-unexpected-termination-while-handling-a-malformed-packet.html</url>
+ </references>
+ <dates>
+ <discovery>2015-12-15</discovery>
+ <entry>2016-01-04</entry>
+ <modified>2016-01-05</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="84dc49b0-b267-11e5-8a5b-00262d5ed8ee">
+ <topic>mini_httpd -- buffer overflow via snprintf</topic>
+ <affects>
+ <package>
+ <name>mini_httpd</name>
+ <range><lt>1.23</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>ACME Updates reports:</p>
+ <blockquote cite="https://cxsecurity.com/acveshow/CVE-2015-1548">
+ <p>mini_httpd 1.21 and earlier allows remote attackers to obtain
+ sensitive information from process memory via an HTTP request with
+ a long protocol string, which triggers an incorrect response size
+ calculation and an out-of-bounds read.</p>
+ <p>(rene) ACME, the author, claims that the vulnerability is fixed
+ *after* version 1.22, released on 2015-12-28</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-1548</cvename>
+ <url>https://cxsecurity.com/cveshow/CVE-2015-1548</url>
+ <url>http://acme.com/updates/archive/192.html</url>
+ </references>
+ <dates>
+ <discovery>2015-02-10</discovery>
+ <entry>2016-01-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="1384f2fd-b1be-11e5-9728-002590263bf5">
+ <topic>qemu -- denial of service vulnerability in Rocker switch emulation</topic>
+ <affects>
+ <package>
+ <name>qemu</name>
+ <name>qemu-devel</name>
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>qemu-sbruno</name>
+ <name>qemu-user-static</name>
+ <range><ge>0</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Prasad J Pandit, Red Hat Product Security Team, reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/12/28/6">
+ <p>Qemu emulator built with the Rocker switch emulation support is
+ vulnerable to an off-by-one error. It happens while processing
+ transmit(tx) descriptors in 'tx_consume' routine, if a descriptor
+ was to have more than allowed (ROCKER_TX_FRAGS_MAX=16) fragments.
+ </p>
+ <p>A privileged user inside guest could use this flaw to cause memory
+ leakage on the host or crash the Qemu process instance resulting in
+ DoS issue.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8701</cvename>
+ <freebsdpr>ports/205813</freebsdpr>
+ <freebsdpr>ports/205814</freebsdpr>
+ <url>http://www.openwall.com/lists/oss-security/2015/12/28/6</url>
+ <url>https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg04629.html</url>
+ </references>
+ <dates>
+ <discovery>2015-12-28</discovery>
+ <entry>2016-01-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="152acff3-b1bd-11e5-9728-002590263bf5">
+ <topic>qemu -- denial of service vulnerability in Q35 chipset emulation</topic>
+ <affects>
+ <package>
+ <name>qemu</name>
+ <name>qemu-devel</name>
+ <range><lt>2.5.0</lt></range>
+ </package>
+ <package>
+ <name>qemu-sbruno</name>
+ <name>qemu-user-static</name>
+ <range><lt>2.5.50.g20151224</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Prasad J Pandit, Red Hat Product Security Team, reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/12/24/1">
+ <p>Qemu emulator built with the Q35 chipset based pc system emulator
+ is vulnerable to a heap based buffer overflow. It occurs during VM
+ guest migration, as more(16 bytes) data is moved into allocated
+ (8 bytes) memory area.</p>
+ <p>A privileged guest user could use this issue to corrupt the VM
+ guest image, potentially leading to a DoS. This issue affects q35
+ machine types.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8666</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2015/12/24/1</url>
+ <url>http://git.qemu.org/?p=qemu.git;a=commit;h=d9a3b33d2c9f996537b7f1d0246dee2d0120cefb</url>
+ <url>https://github.com/seanbruno/qemu-bsd-user/commit/d9a3b33d2c9f996537b7f1d0246dee2d0120cefb</url>
+ </references>
+ <dates>
+ <discovery>2015-11-19</discovery>
+ <entry>2016-01-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="62ab8707-b1bc-11e5-9728-002590263bf5">
+ <topic>qemu -- denial of service vulnerability in Human Monitor Interface support</topic>
+ <affects>
+ <package>
+ <name>qemu</name>
+ <name>qemu-devel</name>
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>qemu-sbruno</name>
+ <name>qemu-user-static</name>
+ <range><ge>0</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Prasad J Pandit, Red Hat Product Security Team, reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/12/22/8">
+ <p>Qemu emulator built with the Human Monitor Interface(HMP) support
+ is vulnerable to an OOB write issue. It occurs while processing
+ 'sendkey' command in hmp_sendkey routine, if the command argument is
+ longer than the 'keyname_buf' buffer size.</p>
+ <p>A user/process could use this flaw to crash the Qemu process
+ instance resulting in DoS.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8619</cvename>
+ <freebsdpr>ports/205813</freebsdpr>
+ <freebsdpr>ports/205814</freebsdpr>
+ <url>http://www.openwall.com/lists/oss-security/2015/12/22/8</url>
+ <url>https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02930.html</url>
+ </references>
+ <dates>
+ <discovery>2015-12-23</discovery>
+ <entry>2016-01-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="b3f9f8ef-b1bb-11e5-9728-002590263bf5">
+ <topic>qemu -- denial of service vulnerability in MegaRAID SAS HBA emulation</topic>
+ <affects>
+ <package>
+ <name>qemu</name>
+ <name>qemu-devel</name>
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>qemu-sbruno</name>
+ <name>qemu-user-static</name>
+ <range><ge>0</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Prasad J Pandit, Red Hat Product Security Team, reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/12/21/7">
+ <p>Qemu emulator built with the SCSI MegaRAID SAS HBA emulation
+ support is vulnerable to a stack buffer overflow issue. It occurs
+ while processing the SCSI controller's CTRL_GET_INFO command. A
+ privileged guest user could use this flaw to crash the Qemu process
+ instance resulting in DoS.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8613</cvename>
+ <freebsdpr>ports/205813</freebsdpr>
+ <freebsdpr>ports/205814</freebsdpr>
+ <url>http://www.openwall.com/lists/oss-security/2015/12/21/7</url>
+ <url>https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg03737.html</url>
+ </references>
+ <dates>
+ <discovery>2015-12-21</discovery>
+ <entry>2016-01-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="9ad8993e-b1ba-11e5-9728-002590263bf5">
+ <topic>qemu -- denial of service vulnerability in VMWARE VMXNET3 NIC support</topic>
+ <affects>
+ <package>
+ <name>qemu</name>
+ <name>qemu-devel</name>
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>qemu-sbruno</name>
+ <name>qemu-user-static</name>
+ <range><ge>0</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Prasad J Pandit, Red Hat Product Security Team, reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/12/15/4">
+ <p>Qemu emulator built with a VMWARE VMXNET3 paravirtual NIC emulator
+ support is vulnerable to a memory leakage flaw. It occurs when a
+ guest repeatedly tries to activate the vmxnet3 device.</p>
+ <p>A privileged guest user could use this flaw to leak host memory,
+ resulting in DoS on the host.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8567</cvename>
+ <cvename>CVE-2015-8568</cvename>
+ <freebsdpr>ports/205813</freebsdpr>
+ <freebsdpr>ports/205814</freebsdpr>
+ <url>http://www.openwall.com/lists/oss-security/2015/12/15/4</url>
+ <url>https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html</url>
+ </references>
+ <dates>
+ <discovery>2015-12-15</discovery>
+ <entry>2016-01-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="60cb2055-b1b8-11e5-9728-002590263bf5">
+ <topic>qemu -- denial of service vulnerability in USB EHCI emulation support</topic>
+ <affects>
+ <package>
+ <name>qemu</name>
+ <name>qemu-devel</name>
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>qemu-sbruno</name>
+ <name>qemu-user-static</name>
+ <range><lt>2.5.50.g20151224</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Prasad J Pandit, Red Hat Product Security Team, reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/12/14/9">
+ <p>Qemu emulator built with the USB EHCI emulation support is
+ vulnerable to an infinite loop issue. It occurs during communication
+ between host controller interface(EHCI) and a respective device
+ driver. These two communicate via a isochronous transfer descriptor
+ list(iTD) and an infinite loop unfolds if there is a closed loop in
+ this list.</p>
+ <p>A privileges user inside guest could use this flaw to consume
+ excessive CPU cycles & resources on the host.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8558</cvename>
+ <freebsdpr>ports/205814</freebsdpr>
+ <url>http://www.openwall.com/lists/oss-security/2015/12/14/9</url>
+ <url>http://git.qemu.org/?p=qemu.git;a=commit;h=156a2e4dbffa85997636a7a39ef12da6f1b40254</url>
+ <url>https://github.com/seanbruno/qemu-bsd-user/commit/156a2e4dbffa85997636a7a39ef12da6f1b40254</url>
+ </references>
+ <dates>
+ <discovery>2015-12-14</discovery>
+ <entry>2016-01-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="3fb06284-b1b7-11e5-9728-002590263bf5">
+ <topic>qemu -- denial of service vulnerability in MSI-X support</topic>
+ <affects>
+ <package>
+ <name>qemu</name>
+ <name>qemu-devel</name>
+ <range><lt>2.5.0</lt></range>
+ </package>
+ <package>
+ <name>qemu-sbruno</name>
+ <name>qemu-user-static</name>
+ <range><lt>2.5.50.g20151224</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Prasad J Pandit, Red Hat Product Security Team, reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/12/14/2">
+ <p>Qemu emulator built with the PCI MSI-X support is vulnerable to
+ null pointer dereference issue. It occurs when the controller
+ attempts to write to the pending bit array(PBA) memory region.
+ Because the MSI-X MMIO support did not define the .write method.</p>
+ <p>A privileges used inside guest could use this flaw to crash the
+ Qemu process resulting in DoS issue.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7549</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2015/12/14/2</url>
+ <url>http://git.qemu.org/?p=qemu.git;a=commit;h=43b11a91dd861a946b231b89b7542856ade23d1b</url>
+ <url>https://github.com/seanbruno/qemu-bsd-user/commit/43b11a91dd861a946b231b89b7542856ade23d1b</url>
+ </references>
+ <dates>
+ <discovery>2015-06-26</discovery>
+ <entry>2016-01-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="67feba97-b1b5-11e5-9728-002590263bf5">
+ <topic>qemu -- denial of service vulnerability in VNC</topic>
+ <affects>
+ <package>
+ <name>qemu</name>
+ <name>qemu-devel</name>
+ <range><lt>2.5.0</lt></range>
+ </package>
+ <package>
+ <name>qemu-sbruno</name>
+ <name>qemu-user-static</name>
+ <range><lt>2.5.50.g20151224</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Prasad J Pandit, Red Hat Product Security Team, reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/12/08/4">
+ <p>Qemu emulator built with the VNC display driver support is
+ vulnerable to an arithmetic exception flaw. It occurs on the VNC
+ server side while processing the 'SetPixelFormat' messages from a
+ client.</p>
+ <p>A privileged remote client could use this flaw to crash the guest
+ resulting in DoS.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8504</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2015/12/08/4</url>
+ <url>http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4c65fed8bdf96780735dbdb92a8bd0d6b6526cc3</url>
+ <url>https://github.com/seanbruno/qemu-bsd-user/commit/4c65fed8bdf96780735dbdb92a8bd0d6b6526cc3</url>
+ </references>
+ <dates>
+ <discovery>2015-12-08</discovery>
+ <entry>2016-01-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="405446f4-b1b3-11e5-9728-002590263bf5">
+ <topic>qemu and xen-tools -- denial of service vulnerabilities in AMD PC-Net II NIC support</topic>
+ <affects>
+ <package>
+ <name>qemu</name>
+ <name>qemu-devel</name>
+ <range><lt>2.5.0</lt></range>
+ </package>
+ <package>
+ <name>qemu-sbruno</name>
+ <name>qemu-user-static</name>
+ <range><lt>2.5.50.g20151224</lt></range>
+ </package>
+ <package>
+ <name>xen-tools</name>
+ <range><lt>4.5.2_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Prasad J Pandit, Red Hat Product Security Team, reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/11/30/2">
+ <p>Qemu emulator built with the AMD PC-Net II Ethernet Controller
+ support is vulnerable to a heap buffer overflow flaw. While
+ receiving packets in the loopback mode, it appends CRC code to the
+ receive buffer. If the data size given is same as the receive buffer
+ size, the appended CRC code overwrites 4 bytes beyond this
+ 's->buffer' array.</p>
+ <p>A privileged(CAP_SYS_RAWIO) user inside guest could use this flaw
+ to crash the Qemu instance resulting in DoS or potentially execute
+ arbitrary code with privileges of the Qemu process on the host.</p>
+ </blockquote>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/11/30/3">
+ <p>The AMD PC-Net II emulator(hw/net/pcnet.c), while receiving packets
+ from a remote host(non-loopback mode), fails to validate the
+ received data size, thus resulting in a buffer overflow issue. It
+ could potentially lead to arbitrary code execution on the host, with
+ privileges of the Qemu process. It requires the guest NIC to have
+ larger MTU limit.</p>
+ <p>A remote user could use this flaw to crash the guest instance
+ resulting in DoS or potentially execute arbitrary code on a remote
+ host with privileges of the Qemu process.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7504</cvename>
+ <cvename>CVE-2015-7512</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2015/11/30/2</url>
+ <url>http://www.openwall.com/lists/oss-security/2015/11/30/3</url>
+ <url>http://git.qemu.org/?p=qemu.git;a=commit;h=837f21aacf5a714c23ddaadbbc5212f9b661e3f7</url>
+ <url>http://git.qemu.org/?p=qemu.git;a=commit;h=8b98a2f07175d46c3f7217639bd5e03f2ec56343</url>
+ <url>https://github.com/seanbruno/qemu-bsd-user/commit/837f21aacf5a714c23ddaadbbc5212f9b661e3f7</url>
+ <url>https://github.com/seanbruno/qemu-bsd-user/commit/8b98a2f07175d46c3f7217639bd5e03f2ec56343</url>
+ <url>http://xenbits.xen.org/xsa/advisory-162.html</url>
+ </references>
+ <dates>
+ <discovery>2015-11-30</discovery>
+ <entry>2016-01-03</entry>
+ <modified>2016-01-06</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="b56fe6bb-b1b1-11e5-9728-002590263bf5">
+ <topic>qemu -- denial of service vulnerabilities in eepro100 NIC support</topic>
+ <affects>
+ <package>
+ <name>qemu</name>
+ <name>qemu-devel</name>
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>qemu-sbruno</name>
+ <name>qemu-user-static</name>
+ <range><ge>0</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Prasad J Pandit, Red Hat Product Security Team, reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/11/25/3">
+ <p>Qemu emulator built with the i8255x (PRO100) emulation support is
+ vulnerable to an infinite loop issue. It could occur while
+ processing a chain of commands located in the Command Block List
+ (CBL). Each Command Block(CB) points to the next command in the
+ list. An infinite loop unfolds if the link to the next CB points
+ to the same block or there is a closed loop in the chain.</p>
+ <p>A privileged(CAP_SYS_RAWIO) user inside guest could use this flaw
+ to crash the Qemu instance resulting in DoS.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8345</cvename>
+ <freebsdpr>ports/205813</freebsdpr>
+ <freebsdpr>ports/205814</freebsdpr>
+ <url>http://www.openwall.com/lists/oss-security/2015/11/25/3</url>
+ <url>https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg03911.html</url>
+ </references>
+ <dates>
+ <discovery>2015-10-16</discovery>
+ <entry>2016-01-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="42cbd1e8-b152-11e5-9728-002590263bf5">
+ <topic>qemu -- denial of service vulnerability in virtio-net support</topic>
+ <affects>
+ <package>
+ <name>qemu</name>
+ <name>qemu-devel</name>
+ <range><lt>2.4.1</lt></range>
+ </package>
+ <package>
+ <name>qemu-sbruno</name>
+ <name>qemu-user-static</name>
+ <range><lt>2.5.50.g20151224</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Prasad J Pandit, Red Hat Product Security Team, reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/09/18/5">
+ <p>Qemu emulator built with the Virtual Network Device(virtio-net)
+ support is vulnerable to a DoS issue. It could occur while receiving
+ large packets over the tuntap/macvtap interfaces and when guest's
+ virtio-net driver did not support big/mergeable receive buffers.</p>
+ <p>An attacker on the local network could use this flaw to disable
+ guest's networking by sending a large number of jumbo frames to the
+ guest, exhausting all receive buffers and thus leading to a DoS
+ situation.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7295</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2015/09/18/5</url>
+ <url>http://git.qemu.org/?p=qemu.git;a=commit;h=696317f1895e836d53b670c7b77b7be93302ba08</url>
+ <url>https://github.com/seanbruno/qemu-bsd-user/commit/0cf33fb6b49a19de32859e2cdc6021334f448fb3</url>
+ </references>
+ <dates>
+ <discovery>2015-09-18</discovery>
+ <entry>2016-01-02</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6aa3322f-b150-11e5-9728-002590263bf5">
+ <topic>qemu -- denial of service vulnerabilities in NE2000 NIC support</topic>
+ <affects>
+ <package>
+ <name>qemu</name>
+ <name>qemu-devel</name>
+ <range><lt>2.4.0.1</lt></range>
+ </package>
+ <package>
+ <name>qemu-sbruno</name>
+ <name>qemu-user-static</name>
+ <range><lt>2.5.50.g20151224</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Prasad J Pandit, Red Hat Product Security Team, reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/09/15/2">
+ <p>Qemu emulator built with the NE2000 NIC emulation support is
+ vulnerable to an infinite loop issue. It could occur when receiving
+ packets over the network.</p>
+ <p>A privileged user inside guest could use this flaw to crash the
+ Qemu instance resulting in DoS.</p>
+ </blockquote>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/09/15/3">
+ <p>Qemu emulator built with the NE2000 NIC emulation support is
+ vulnerable to a heap buffer overflow issue. It could occur when
+ receiving packets over the network.</p>
+ <p>A privileged user inside guest could use this flaw to crash the
+ Qemu instance or potentially execute arbitrary code on the host.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-5278</cvename>
+ <cvename>CVE-2015-5279</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2015/09/15/2</url>
+ <url>http://www.openwall.com/lists/oss-security/2015/09/15/3</url>
+ <url>http://git.qemu.org/?p=qemu.git;a=commit;h=5a1ccdfe44946e726b4c6fda8a4493b3931a68c1</url>
+ <url>https://github.com/seanbruno/qemu-bsd-user/commit/737d2b3c41d59eb8f94ab7eb419b957938f24943</url>
+ <url>http://git.qemu.org/?p=qemu.git;a=commit;h=7aa2bcad0ca837dd6d4bf4fa38a80314b4a6b755</url>
+ <url>https://github.com/seanbruno/qemu-bsd-user/commit/9bbdbc66e5765068dce76e9269dce4547afd8ad4</url>
+ </references>
+ <dates>
+ <discovery>2015-09-15</discovery>
+ <entry>2016-01-02</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="bbc97005-b14e-11e5-9728-002590263bf5">
+ <topic>qemu -- denial of service vulnerability in IDE disk/CD/DVD-ROM emulation</topic>
+ <affects>
+ <package>
+ <name>qemu</name>
+ <name>qemu-devel</name>
+ <range><lt>2.4.1</lt></range>
+ </package>
+ <package>
+ <name>qemu-sbruno</name>
+ <name>qemu-user-static</name>
+ <range><lt>2.5.50.g20151224</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Prasad J Pandit, Red Hat Product Security Team, reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/09/10/1">
+ <p>Qemu emulator built with the IDE disk and CD/DVD-ROM emulation
+ support is vulnerable to a divide by zero issue. It could occur
+ while executing an IDE command WIN_READ_NATIVE_MAX to determine
+ the maximum size of a drive.</p>
+ <p>A privileged user inside guest could use this flaw to crash the
+ Qemu instance resulting in DoS.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-6855</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2015/09/10/1</url>
+ <url>http://git.qemu.org/?p=qemu.git;a=commit;h=63d761388d6fea994ca498c6e7a210851a99ad93</url>
+ <url>https://github.com/seanbruno/qemu-bsd-user/commit/d9033e1d3aa666c5071580617a57bd853c5d794a</url>
+ </references>
+ <dates>
+ <discovery>2015-09-09</discovery>
+ <entry>2016-01-02</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="10bf8eed-b14d-11e5-9728-002590263bf5">
+ <topic>qemu -- denial of service vulnerability in e1000 NIC support</topic>
+ <affects>
+ <package>
+ <name>qemu</name>
+ <name>qemu-devel</name>
+ <range><lt>2.4.0.1</lt></range>
+ </package>
+ <package>
+ <name>qemu-sbruno</name>
+ <name>qemu-user-static</name>
+ <range><lt>2.5.50.g20151224</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Prasad J Pandit, Red Hat Product Security Team, reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/09/04/4">
+ <p>Qemu emulator built with the e1000 NIC emulation support is
+ vulnerable to an infinite loop issue. It could occur while
+ processing transmit descriptor data when sending a network packet.
+ </p>
+ <p>A privileged user inside guest could use this flaw to crash the
+ Qemu instance resulting in DoS.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-6815</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2015/09/04/4</url>
+ <url>http://git.qemu.org/?p=qemu.git;a=commit;h=3a56af1fbc17ff453f6e90fb08ce0c0e6fd0b61b</url>
+ <url>https://github.com/seanbruno/qemu-bsd-user/commit/b947ac2bf26479e710489739c465c8af336599e7</url>
+ </references>
+ <dates>
+ <discovery>2015-09-04</discovery>
+ <entry>2016-01-02</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="8a560bcf-b14b-11e5-9728-002590263bf5">
+ <topic>qemu -- denial of service vulnerability in VNC</topic>
+ <affects>
+ <package>
+ <name>qemu</name>
+ <name>qemu-devel</name>
+ <range><lt>2.1.0</lt></range>
+ </package>
+ <package>
+ <name>qemu-sbruno</name>
+ <name>qemu-user-static</name>
+ <range><lt>2.2.50.g20141230</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Prasad J Pandit, Red Hat Product Security Team, reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/09/02/7">
+ <p>Qemu emulator built with the VNC display driver is vulnerable to an
+ infinite loop issue. It could occur while processing a
+ CLIENT_CUT_TEXT message with specially crafted payload message.</p>
+ <p>A privileged guest user could use this flaw to crash the Qemu
+ process on the host, resulting in DoS.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-5239</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2015/09/02/7</url>
+ <url>http://git.qemu.org/?p=qemu.git;a=commit;h=f9a70e79391f6d7c2a912d785239ee8effc1922d</url>
+ <url>https://github.com/seanbruno/qemu-bsd-user/commit/f9a70e79391f6d7c2a912d785239ee8effc1922d</url>
+ </references>
+ <dates>
+ <discovery>2014-06-30</discovery>
+ <entry>2016-01-02</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="2b3b4c27-b0c7-11e5-8d13-bc5ff45d0f28">
+ <topic>qemu -- buffer overflow vulnerability in VNC</topic>
+ <affects>
+ <package>
+ <name>qemu</name>
+ <name>qemu-devel</name>
+ <range><lt>2.4.0.1</lt></range>
+ </package>
+ <package>
+ <name>qemu-sbruno</name>
+ <name>qemu-user-static</name>
+ <range><lt>2.4.50.g20151011</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Prasad J Pandit, Red Hat Product Security Team, reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/08/21/6">
+ <p>Qemu emulator built with the VNC display driver support is
+ vulnerable to a buffer overflow flaw leading to a heap memory
+ corruption issue. It could occur while refreshing the server
+ display surface via routine vnc_refresh_server_surface().</p>
+ <p>A privileged guest user could use this flaw to corrupt the heap
+ memory and crash the Qemu process instance OR potentially use it
+ to execute arbitrary code on the host.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-5225</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2015/08/21/6</url>
+ <url>http://git.qemu.org/?p=qemu.git;a=commit;h=efec4dcd2552e85ed57f276b58f09fc385727450</url>
+ <url>https://github.com/seanbruno/qemu-bsd-user/commit/eb8934b0418b3b1d125edddc4fc334a54334a49b</url>
+ </references>
+ <dates>
+ <discovery>2015-08-17</discovery>
+ <entry>2016-01-01</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="21e5abe3-b0c6-11e5-8d13-bc5ff45d0f28">
+ <topic>qemu -- buffer overflow vulnerability in virtio-serial message exchanges</topic>
+ <affects>
+ <package>
+ <name>qemu</name>
+ <name>qemu-devel</name>
+ <range><lt>2.4.0</lt></range>
+ </package>
+ <package>
+ <name>qemu-sbruno</name>
+ <name>qemu-user-static</name>
+ <range><lt>2.4.50.g20150814</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Prasad J Pandit, Red Hat Product Security Team, reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/08/06/3">
+ <p>Qemu emulator built with the virtio-serial vmchannel support is
+ vulnerable to a buffer overflow issue. It could occur while
+ exchanging virtio control messages between guest and the host.</p>
+ <p>A malicious guest could use this flaw to corrupt few bytes of Qemu
+ memory area, potentially crashing the Qemu process.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-5745</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2015/08/06/5</url>
+ <url>http://git.qemu.org/?p=qemu.git;a=commit;h=7882080388be5088e72c425b02223c02e6cb4295</url>
+ <url>https://github.com/seanbruno/qemu-bsd-user/commit/7882080388be5088e72c425b02223c02e6cb4295</url>
+ </references>
+ <dates>
+ <discovery>2015-08-06</discovery>
+ <entry>2016-01-01</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a267cd6c-b0c4-11e5-8d13-bc5ff45d0f28">
+ <topic>qemu -- stack buffer overflow while parsing SCSI commands</topic>
+ <affects>
+ <package>
+ <name>qemu</name>
+ <name>qemu-devel</name>
+ <range><lt>2.4.0</lt></range>
+ </package>
+ <package>
+ <name>qemu-sbruno</name>
+ <name>qemu-user-static</name>
+ <range><lt>2.4.50.g20150814</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Prasad J Pandit, Red Hat Product Security Team, reports:</p>
+ <blockquote cite="http://openwall.com/lists/oss-security/2015/07/23/6">
+ <p>Qemu emulator built with the SCSI device emulation support is
+ vulnerable to a stack buffer overflow issue. It could occur while
+ parsing SCSI command descriptor block with an invalid operation
+ code.</p>
+ <p>A privileged(CAP_SYS_RAWIO) user inside guest could use this flaw
+ to crash the Qemu instance resulting in DoS.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-5158</cvename>
+ <url>http://openwall.com/lists/oss-security/2015/07/23/6</url>
+ <url>http://git.qemu.org/?p=qemu.git;a=commit;h=c170aad8b057223b1139d72e5ce7acceafab4fa9</url>
+ <url>https://github.com/seanbruno/qemu-bsd-user/commit/c170aad8b057223b1139d72e5ce7acceafab4fa9</url>
+ </references>
+ <dates>
+ <discovery>2015-07-23</discovery>
+ <entry>2016-01-01</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="aea8d90e-b0c1-11e5-8d13-bc5ff45d0f28">
+ <topic>qemu -- code execution on host machine</topic>
+ <affects>
+ <package>
+ <name>qemu</name>
+ <name>qemu-devel</name>
+ <range><lt>2.4.0</lt></range>
+ </package>
+ <package>
+ <name>qemu-sbruno</name>
+ <name>qemu-user-static</name>
+ <range><lt>2.4.50.g20150814</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Petr Matousek of Red Hat Inc. reports:</p>
+ <blockquote cite="http://openwall.com/lists/oss-security/2015/06/17/5">
+ <p>Due converting PIO to the new memory read/write api we no longer
+ provide separate I/O region lenghts for read and write operations.
+ As a result, reading from PIT Mode/Command register will end with
+ accessing pit->channels with invalid index and potentially cause
+ memory corruption and/or minor information leak.</p>
+ <p>A privileged guest user in a guest with QEMU PIT emulation enabled
+ could potentially (tough unlikely) use this flaw to execute
+ arbitrary code on the host with the privileges of the hosting QEMU
+ process.</p>
+ <p>Please note that by default QEMU/KVM guests use in-kernel (KVM) PIT
+ emulation and are thus not vulnerable to this issue.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-3214</cvename>
+ <url>http://openwall.com/lists/oss-security/2015/06/17/5</url>
+ <url>http://git.qemu.org/?p=qemu.git;a=commit;h=d4862a87e31a51de9eb260f25c9e99a75efe3235</url>
+ <url>https://github.com/seanbruno/qemu-bsd-user/commit/d4862a87e31a51de9eb260f25c9e99a75efe3235</url>
+ </references>
+ <dates>
+ <discovery>2015-06-17</discovery>
+ <entry>2016-01-01</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="4b3a7e70-afce-11e5-b864-14dae9d210b8">
+ <topic>mono -- DoS and code execution</topic>
+ <affects>
+ <package>
+ <name>mono</name>
+ <range><lt>4.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>NCC Group reports:</p>
+ <blockquote cite="http://seclists.org/oss-sec/2015/q4/543">
+ <p>An attacker who can cause a carefully-chosen string to be
+ converted to a floating-point number can cause a crash and potentially
+ induce arbitrary code execution.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://seclists.org/oss-sec/2015/q4/543</url>
+ <cvename>CVE-2009-0689</cvename>
+ </references>
+ <dates>
+ <discovery>2015-12-19</discovery>
+ <entry>2015-12-31</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="84c7ea88-bf04-4bdc-973b-36744bf540ab">
+ <topic>flash -- multiple vulnabilities</topic>
+ <affects>
+ <package>
+ <name>linux-c6-flashplugin</name>
+ <name>linux-f10-flashplugin</name>
+ <name>linux-c6_64-flashplugin</name>
+ <range><lt>11.2r202.559</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Adobe reports:</p>
+ <blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb16-01.html">
+ <p>These updates resolve a type confusion vulnerability that
+ could lead to code execution (CVE-2015-8644).</p>
+
+ <p>These updates resolve an integer overflow vulnerability
+ that could lead to code execution (CVE-2015-8651).</p>
+
+ <p>These updates resolve use-after-free vulnerabilities that
+ could lead to code execution (CVE-2015-8634, CVE-2015-8635,
+ CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641,
+ CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647,
+ CVE-2015-8648, CVE-2015-8649, CVE-2015-8650).</p>
+
+ <p>These updates resolve memory corruption vulnerabilities
+ that could lead to code execution (CVE-2015-8459,
+ CVE-2015-8460, CVE-2015-8636, CVE-2015-8645).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8459</cvename>
+ <cvename>CVE-2015-8460</cvename>
+ <cvename>CVE-2015-8634</cvename>
+ <cvename>CVE-2015-8636</cvename>
+ <cvename>CVE-2015-8638</cvename>
+ <cvename>CVE-2015-8639</cvename>
+ <cvename>CVE-2015-8640</cvename>
+ <cvename>CVE-2015-8641</cvename>
+ <cvename>CVE-2015-8642</cvename>
+ <cvename>CVE-2015-8643</cvename>
+ <cvename>CVE-2015-8644</cvename>
+ <cvename>CVE-2015-8645</cvename>
+ <cvename>CVE-2015-8646</cvename>
+ <cvename>CVE-2015-8647</cvename>
+ <cvename>CVE-2015-8648</cvename>
+ <cvename>CVE-2015-8649</cvename>
+ <cvename>CVE-2015-8650</cvename>
+ <cvename>CVE-2015-8651</cvename>
+ <url>https://helpx.adobe.com/security/products/flash-player/apsb16-01.html</url>
+ </references>
+ <dates>
+ <discovery>2015-12-28</discovery>
+ <entry>2015-12-29</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="b808c3a8-ae30-11e5-b864-14dae9d210b8">
+ <topic>inspircd -- DoS</topic>
+ <affects>
+ <package>
+ <name>inspircd</name>
+ <range><lt>2.0.19</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Inspircd reports:</p>
+ <blockquote cite="http://www.inspircd.org/2015/04/16/v2019-released.html">
+ <p>This release fixes the issues discovered since 2.0.18,
+ containing multiple important stability and correctness related
+ improvements, including a fix for a bug which allowed malformed DNS
+ records to cause netsplits on a network.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.inspircd.org/2015/04/16/v2019-released.html</url>
+ <url>https://github.com/inspircd/inspircd/commit/6058483d9fbc1b904d5ae7cfea47bfcde5c5b559</url>
+ <url>http://comments.gmane.org/gmane.comp.security.oss.general/18464</url>
+ <cvename>CVE-2015-8702</cvename>
+ </references>
+ <dates>
+ <discovery>2015-04-16</discovery>
+ <entry>2015-12-29</entry>
+ <modified>2015-12-29</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="4bae544d-06a3-4352-938c-b3bcbca89298">
+ <topic>ffmpeg -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>libav</name>
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>gstreamer-ffmpeg</name>
+ <!-- gst-ffmpeg-0.10.13 has libav-0.7.2 (0.7.7 in freebsd port) -->
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>handbrake</name>
+ <!-- handbrake-0.10.2 has libav-10.1 -->
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>ffmpeg</name>
+ <range><ge>2.8,1</ge><lt>2.8.4,1</lt></range>
+ <range><lt>2.7.4,1</lt></range>
+ </package>
+ <package>
+ <name>ffmpeg26</name>
+ <range><lt>2.6.6</lt></range>
+ </package>
+ <package>
+ <name>ffmpeg25</name>
+ <range><lt>2.5.9</lt></range>
+ </package>
+ <package>
+ <name>ffmpeg24</name>
+ <range><lt>2.4.12</lt></range>
+ </package>
+ <package>
+ <name>ffmpeg-devel</name>
+ <name>ffmpeg23</name>
+ <name>ffmpeg2</name>
+ <name>ffmpeg1</name>
+ <name>ffmpeg-011</name>
+ <name>ffmpeg0</name>
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>avidemux</name>
+ <name>avidemux2</name>
+ <name>avidemux26</name>
+ <!-- avidemux-2.6.10 has ffmpeg-2.6.1 -->
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>kodi</name>
+ <!-- kodi-15.2 has ffmpeg-2.6.4 -->
+ <range><lt>16.0</lt></range>
+ </package>
+ <package>
+ <name>mplayer</name>
+ <name>mencoder</name>
+ <!-- mplayer-1.2.r20151219 has ffmpeg-2.8.3 -->
+ <range><lt>1.2.r20151219_1</lt></range>
+ </package>
+ <package>
+ <name>mythtv</name>
+ <name>mythtv-frontend</name>
+ <!-- mythtv-0.27.0.20140121 has ffmpeg-1.2.2+ (snapshot, f9c8726) -->
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>plexhometheater</name>
+ <!-- plexhometheater-1.4.1 has ffmpeg-0.10.2 fork -->
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>NVD reports:</p>
+ <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8662">
+ <p>The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in
+ FFmpeg before 2.8.4 does not validate the number of
+ decomposition levels before proceeding with Discrete Wavelet
+ Transform decoding, which allows remote attackers to cause a
+ denial of service (out-of-bounds array access) or possibly
+ have unspecified other impact via crafted JPEG 2000
+ data.</p>
+ </blockquote>
+ <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8663">
+ <p>The ff_get_buffer function in libavcodec/utils.c in
+ FFmpeg before 2.8.4 preserves width and height values after
+ a failure, which allows remote attackers to cause a denial
+ of service (out-of-bounds array access) or possibly have
+ unspecified other impact via a crafted .mov file.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8662</cvename>
+ <cvename>CVE-2015-8663</cvename>
+ <url>https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=75422280fbcdfbe9dc56bde5525b4d8b280f1bc5</url>
+ <url>https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=abee0a1c60612e8638640a8a3738fffb65e16dbf</url>
+ <url>https://ffmpeg.org/security.html</url>
+ </references>
+ <dates>
+ <discovery>2015-12-20</discovery>
+ <entry>2015-12-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="10f7bc76-0335-4a88-b391-0b05b3a8ce1c">
+ <topic>NSS -- MD5 downgrade in TLS 1.2 signatures</topic>
+ <affects>
+ <package>
+ <name>nss</name>
+ <name>linux-c6-nss</name>
+ <range><ge>3.20</ge><lt>3.20.2</lt></range>
+ <range><lt>3.19.2.2</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>43.0.2,1</lt></range>
+ </package>
+ <package>
+ <name>linux-thunderbird</name>
+ <range><lt>38.5.1</lt></range>
+ </package>
+ <package>
+ <name>linux-seamonkey</name>
+ <range><lt>2.40</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Mozilla Project reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2015-150/">
+ <p>Security researcher Karthikeyan Bhargavan reported an
+ issue in Network Security Services (NSS) where MD5
+ signatures in the server signature within the TLS 1.2
+ ServerKeyExchange message are still accepted. This is an
+ issue since NSS has officially disallowed the accepting MD5
+ as a hash algorithm in signatures since 2011. This issues
+ exposes NSS based clients such as Firefox to theoretical
+ collision-based forgery attacks.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7575</cvename>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-150/</url>
+ <url>https://hg.mozilla.org/projects/nss/rev/94e1157f3fbb</url>
+ </references>
+ <dates>
+ <discovery>2015-12-22</discovery>
+ <entry>2015-12-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="88f75070-abcf-11e5-83d3-6805ca0b3d42">
+ <topic>phpMyAdmin -- path disclosure vulnerability</topic>
+ <affects>
+ <package>
+ <name>phpMyAdmin</name>
+ <range><ge>4.5.0</ge><lt>4.5.3.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The phpMyAdmin development team reports:</p>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2015-6/">
+ <p>By calling some scripts that are part of phpMyAdmin in an
+ unexpected way, it is possible to trigger phpMyAdmin to
+ display a PHP error message which contains the full path of
+ the directory where phpMyAdmin is installed.</p>
+ <p>We consider these vulnerabilities to be non-critical.</p>
+ <p>This path disclosure is possible on servers where the
+ recommended setting of the PHP configuration directive
+ display_errors is set to on, which is against the
+ recommendations given in the PHP manual for a production
+ server.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.phpmyadmin.net/security/PMASA-2015-6/</url>
+ <cvename>CVE-2015-8669</cvename>
+ </references>
+ <dates>
+ <discovery>2015-12-25</discovery>
+ <entry>2015-12-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="876768aa-ab1e-11e5-8a30-5453ed2e2b49">
+ <topic>dpkg -- stack-based buffer overflow</topic>
+ <affects>
+ <package>
+ <name>dpkg</name>
+ <range><lt>1.16.17</lt></range>
+ <range><lt>1.17.26</lt></range>
+ <range><lt>1.18.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Salvatore Bonaccorso reports:</p>
+ <blockquote cite="https://lists.debian.org/debian-security-announce/2015/msg00312.html">
+ <p>Hanno Boeck discovered a stack-based buffer overflow in the
+ dpkg-deb component of dpkg, the Debian package management system.
+ This flaw could potentially lead to arbitrary code execution if a
+ user or an automated system were tricked into processing a specially
+ crafted Debian binary package (.deb) in the old style Debian binary
+ package format.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-0860</cvename>
+ <url>http://openwall.com/lists/oss-security/2015/11/26/3</url>
+ <url>https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/?id=f1aac7d933819569bf6f347c3c0d5a64a90bbce0</url>
+ </references>
+ <dates>
+ <discovery>2015-11-26</discovery>
+ <entry>2015-12-25</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e1b5318c-aa4d-11e5-8f5c-002590263bf5">
+ <topic>mantis -- information disclosure vulnerability</topic>
+ <affects>
+ <package>
+ <name>mantis</name>
+ <range><lt>1.2.19_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mantis reports:</p>
+ <blockquote cite="https://mantisbt.org/bugs/view.php?id=19873">
+ <p>CVE-2015-5059: documentation in private projects can be seen by
+ every user</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-5059</cvename>
+ <freebsdpr>ports/201106</freebsdpr>
+ <url>https://mantisbt.org/bugs/view.php?id=19873</url>
+ <url>http://openwall.com/lists/oss-security/2015/06/25/3</url>
+ </references>
+ <dates>
+ <discovery>2015-06-23</discovery>
+ <entry>2015-12-24</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f36bbd66-aa44-11e5-8f5c-002590263bf5">
+ <topic>mediawiki -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>mediawiki123</name>
+ <range><lt>1.23.12</lt></range>
+ </package>
+ <package>
+ <name>mediawiki124</name>
+ <range><lt>1.24.5</lt></range>
+ </package>
+ <package>
+ <name>mediawiki125</name>
+ <range><lt>1.25.4</lt></range>
+ </package>
+ <package>
+ <name>mediawiki126</name>
+ <range><lt>1.26.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>MediaWiki reports:</p>
+ <blockquote cite="https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html">
+ <p>(T117899) SECURITY: $wgArticlePath can no longer be set to relative
+ paths that do not begin with a slash. This enabled trivial XSS
+ attacks. Configuration values such as "http://my.wiki.com/wiki/$1"
+ are fine, as are "/wiki/$1". A value such as "$1" or "wiki/$1" is
+ not and will now throw an error.</p>
+ <p>(T119309) SECURITY: Use hash_compare() for edit token comparison.
+ </p>
+ <p>(T118032) SECURITY: Don't allow cURL to interpret POST parameters
+ starting with '@' as file uploads.</p>
+ <p>(T115522) SECURITY: Passwords generated by User::randomPassword()
+ can no longer be shorter than $wgMinimalPasswordLength.</p>
+ <p>(T97897) SECURITY: Improve IP parsing and trimming. Previous
+ behavior could result in improper blocks being issued.</p>
+ <p>(T109724) SECURITY: Special:MyPage, Special:MyTalk,
+ Special:MyContributions and related pages no longer use HTTP
+ redirects and are now redirected by MediaWiki.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8622</cvename>
+ <cvename>CVE-2015-8623</cvename>
+ <cvename>CVE-2015-8624</cvename>
+ <cvename>CVE-2015-8625</cvename>
+ <cvename>CVE-2015-8626</cvename>
+ <cvename>CVE-2015-8627</cvename>
+ <cvename>CVE-2015-8628</cvename>
+ <url>https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html</url>
+ <url>https://phabricator.wikimedia.org/T117899</url>
+ <url>https://phabricator.wikimedia.org/T119309</url>
+ <url>https://phabricator.wikimedia.org/T118032</url>
+ <url>https://phabricator.wikimedia.org/T115522</url>
+ <url>https://phabricator.wikimedia.org/T97897</url>
+ <url>https://phabricator.wikimedia.org/T109724</url>
+ <url>http://www.openwall.com/lists/oss-security/2015/12/23/7</url>
+ </references>
+ <dates>
+ <discovery>2015-12-18</discovery>
+ <entry>2015-12-24</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="3b50881d-1860-4721-aab1-503290e23f6c">
+ <topic>Ruby -- unsafe tainted string vulnerability</topic>
+ <affects>
+ <package>
+ <name>ruby</name>
+ <range><ge>2.0.0,1</ge><lt>2.0.0.648,1</lt></range>
+ <range><ge>2.1.0,1</ge><lt>2.1.8,1</lt></range>
+ <range><ge>2.2.0,1</ge><lt>2.2.4,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Ruby developer reports:</p>
+ <blockquote cite="https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/">
+ <p>There is an unsafe tainted string vulnerability in Fiddle and DL.
+ This issue was originally reported and fixed with CVE-2009-5147 in
+ DL, but reappeared after DL was reimplemented using Fiddle and
+ libffi.</p>
+ <p>And, about DL, CVE-2009-5147 was fixed at Ruby 1.9.1, but not
+ fixed at other branches, then rubies which bundled DL except Ruby
+ 1.9.1 are still vulnerable.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/</url>
+ <cvename>CVE-2015-7551</cvename>
+ </references>
+ <dates>
+ <discovery>2015-12-16</discovery>
+ <entry>2015-12-23</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="54075861-a95a-11e5-8b40-20cf30e32f6d">
+ <topic>Bugzilla security issues</topic>
+ <affects>
+ <package>
+ <name>bugzilla44</name>
+ <range><lt>4.4.11</lt></range>
+ </package>
+ <package>
+ <name>bugzilla50</name>
+ <range><lt>5.0.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Bugzilla Security Advisory</p>
+ <blockquote cite="https://www.bugzilla.org/security/4.2.15/">
+ <p>During the generation of a dependency graph, the code for
+ the HTML image map is generated locally if a local dot
+ installation is used. With escaped HTML characters in a bug
+ summary, it is possible to inject unfiltered HTML code in
+ the map file which the CreateImagemap function generates.
+ This could be used for a cross-site scripting attack.</p>
+ <p>If an external HTML page contains a <script> element with
+ its src attribute pointing to a buglist in CSV format, some
+ web browsers incorrectly try to parse the CSV file as valid
+ JavaScript code. As the buglist is generated based on the
+ privileges of the user logged into Bugzilla, the external
+ page could collect confidential data contained in the CSV
+ file.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8508</cvename>
+ <cvename>CVE-2015-8509</cvename>
+ <url>https://bugzilla.mozilla.org/show_bug.cgi?id=1221518</url>
+ <url>https://bugzilla.mozilla.org/show_bug.cgi?id=1232785</url>
+ </references>
+ <dates>
+ <discovery>2015-12-22</discovery>
+ <entry>2015-12-23</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="d6c51737-a84b-11e5-8f5c-002590263bf5">
+ <topic>librsvg2 -- denial of service vulnerability</topic>
+ <affects>
+ <package>
+ <name>librsvg2</name>
+ <range><lt>2.40.12</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Adam Maris, Red Hat Product Security, reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/12/21/5">
+ <p>CVE-2015-7558: Stack exhaustion due to cyclic dependency causing to
+ crash an application was found in librsvg2 while parsing SVG file.
+ It has been fixed in 2.40.12 by many commits that has rewritten the
+ checks for cyclic references.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7558</cvename>
+ <freebsdpr>ports/205502</freebsdpr>
+ <url>http://www.openwall.com/lists/oss-security/2015/12/21/5</url>
+ <url>https://bugzilla.redhat.com/1268243</url>
+ </references>
+ <dates>
+ <discovery>2015-10-02</discovery>
+ <entry>2015-12-22</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="da634091-a84a-11e5-8f5c-002590263bf5">
+ <topic>librsvg2 -- denial of service vulnerability</topic>
+ <affects>
+ <package>
+ <name>librsvg2</name>
+ <range><lt>2.40.7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Adam Maris, Red Hat Product Security, reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/12/21/5">
+ <p>CVE-2015-7557: Out-of-bounds heap read in librsvg2 was found when
+ parsing SVG file.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7557</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2015/12/21/5</url>
+ <url>https://git.gnome.org/browse/librsvg/commit/rsvg-shapes.c?id=40af93e6eb1c94b90c3b9a0b87e0840e126bb8df</url>
+ </references>
+ <dates>
+ <discovery>2015-02-06</discovery>
+ <entry>2015-12-22</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="9e7306b9-a5c3-11e5-b864-14dae9d210b8">
+ <topic>quassel -- remote denial of service</topic>
+ <affects>
+ <package>
+ <name>quassel</name>
+ <range><lt>0.12.2_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Pierre Schweitzer reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/12/12/1">
+ <p>Any client sending the command "/op *" in a query will
+ cause the Quassel core to crash.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.openwall.com/lists/oss-security/2015/12/12/1</url>
+ <cvename>CVE-2015-8547</cvename>
+ </references>
+ <dates>
+ <discovery>2015-11-22</discovery>
+ <entry>2015-12-18</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f714b4c9-a6c1-11e5-88d7-047d7b492d07">
+ <topic>libvirt -- ACL bypass using ../ to access beyond storage pool</topic>
+ <affects>
+ <package>
+ <name>libvirt</name>
+ <range><ge>1.1.0</ge><lt>1.2.19_2</lt></range>
+ <range><ge>1.2.20</ge><lt>1.3.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Libvit development team reports:</p>
+ <blockquote cite="http://security.libvirt.org/2015/0004.html">
+ <p>Various virStorageVol* API operate on user-supplied volume names by
+ concatenating the volume name to the pool location. Note that the
+ virStoragePoolListVolumes API, when used on a storage pool backed by
+ a directory in a file system, will only list volumes immediately in
+ that directory (there is no traversal into subdirectories). However,
+ other APIs such as virStorageVolCreateXML were not checking if a
+ potential volume name represented one of the volumes that could be
+ returned by virStoragePoolListVolumes; because they were not rejecting
+ the use of '/' in a volume name.</p>
+ <p>Because no checking was done on volume names, a user could supply
+ a potential volume name of something like '../../../etc/passwd' to
+ attempt to access a file not belonging to the storage pool. When
+ fine-grained Access Control Lists (ACL) are in effect, a user with
+ storage_vol:create ACL permission but lacking domain:write permssion
+ could thus abuse virStorageVolCreateXML and similar APIs to gain
+ access to files not normally permitted to that user. Fortunately, it
+ appears that the only APIs that could leak information or corrupt
+ files require read-write connection to libvirtd; and when ACLs are not
+ in use (the default without any further configuration), a user with
+ read-write access can already be considered to have full access to the
+ machine, and without an escalation of privilege there is no security
+ problem.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-5313</cvename>
+ <url>http://security.libvirt.org/2015/0004.html</url>
+ </references>
+ <dates>
+ <discovery>2015-10-30</discovery>
+ <entry>2015-12-20</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="ef434839-a6a4-11e5-8275-000c292e4fd8">
+ <topic>samba -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>samba36</name>
+ <range><ge>3.6.0</ge><le>3.6.25</le></range>
+ </package>
+ <package>
+ <name>samba4</name>
+ <range><ge>4.0.0</ge><le>4.0.26</le></range>
+ </package>
+ <package>
+ <name>samba41</name>
+ <range><ge>4.1.0</ge><lt>4.1.22</lt></range>
+ </package>
+ <package>
+ <name>samba42</name>
+ <range><ge>4.2.0</ge><lt>4.2.7</lt></range>
+ </package>
+ <package>
+ <name>samba43</name>
+ <range><ge>4.3.0</ge><lt>4.3.3</lt></range>
+ </package>
+ <package>
+ <name>ldb</name>
+ <range><ge>1.0.0</ge><lt>1.1.24</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Samba team reports:</p>
+ <blockquote cite="https://www.samba.org/samba/latest_news.html#4.3.3">
+ <p>[CVE-2015-3223] Malicious request can cause Samba LDAP server to hang, spinning using CPU.</p>
+ <p>[CVE-2015-5330] Malicious request can cause Samba LDAP server
+ to return uninitialized memory that should not be part of the reply.</p>
+ <p>[CVE-2015-5296] Requesting encryption should also request
+ signing when setting up the connection to protect against man-in-the-middle attacks.</p>
+ <p>[CVE-2015-5299] A missing access control check in the VFS
+ shadow_copy2 module could allow unauthorized users to access snapshots.</p>
+ <p>[CVE-2015-7540] Malicious request can cause Samba LDAP server to return crash.</p>
+ <p>[CVE-2015-8467] Samba can expose Windows DCs to MS15-096
+ Denial of service via the creation of multiple machine accounts(The Microsoft issue is CVE-2015-2535).</p>
+ <p>[CVE-2015-5252] Insufficient symlink verification could allow data access outside share path.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-3223</cvename>
+ <url>https://www.samba.org/samba/security/CVE-2015-3223.html</url>
+ <cvename>CVE-2015-5252</cvename>
+ <url>https://www.samba.org/samba/security/CVE-2015-5252.html</url>
+ <cvename>CVE-2015-5296</cvename>
+ <url>https://www.samba.org/samba/security/CVE-2015-5296.html</url>
+ <cvename>CVE-2015-5299</cvename>
+ <url>https://www.samba.org/samba/security/CVE-2015-5299.html</url>
+ <cvename>CVE-2015-5330</cvename>
+ <url>https://www.samba.org/samba/security/CVE-2015-5330.html</url>
+ <cvename>CVE-2015-7540</cvename>
+ <url>https://www.samba.org/samba/security/CVE-2015-7540.html</url>
+ <cvename>CVE-2015-8467</cvename>
+ <url>https://www.samba.org/samba/security/CVE-2015-8467.html</url>
+ </references>
+ <dates>
+ <discovery>2015-12-16</discovery>
+ <entry>2015-12-19</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="bb7d4791-a5bf-11e5-a0e5-00262d5ed8ee">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <name>chromium-npapi</name>
+ <name>chromium-pulse</name>
+ <range><lt>47.0.2526.106</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="http://googlechromereleases.blogspot.nl/2015/12/stable-channel-update_15.html">
+ <p>2 security fixes in this release, including:</p>
+ <ul>
+ <li>[569486] CVE-2015-6792: Fixes from internal audits and
+ fuzzing.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-6792</cvename>
+ <url>http://googlechromereleases.blogspot.nl/2015/12/stable-channel-update_15.html</url>
+ </references>
+ <dates>
+ <discovery>2015-12-16</discovery>
+ <entry>2015-12-18</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7329938b-a4e6-11e5-b864-14dae9d210b8">
+ <topic>cups-filters -- code execution</topic>
+ <affects>
+ <package>
+ <name>cups-filters</name>
+ <range><lt>1.4.0</lt></range>
+ </package>
+ <package>
+ <name>foomatic-filters</name>
+ <range><lt>4.0.17_4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Till Kamppeter reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/12/14/13">
+ <p>Cups Filters/Foomatic Filters does not consider semicolon
+ as an illegal escape character.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.openwall.com/lists/oss-security/2015/12/14/13</url>
+ <cvename>CVE-2015-8560</cvename>
+ </references>
+ <dates>
+ <discovery>2015-12-12</discovery>
+ <entry>2015-12-17</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6dbae1a8-a4e6-11e5-b864-14dae9d210b8">
+ <topic>cups-filters -- code execution</topic>
+ <affects>
+ <package>
+ <name>cups-filters</name>
+ <range><lt>1.2.0</lt></range>
+ </package>
+ <package>
+ <name>foomatic-filters</name>
+ <range><lt>4.0.17_4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Salvatore Bonaccorso reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/12/13/2">
+ <p>Cups Filters/Foomatic Filters does not consider backtick
+ as an illegal escape character.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.openwall.com/lists/oss-security/2015/12/13/2</url>
+ <cvename>CVE-2015-8327</cvename>
+ </references>
+ <dates>
+ <discovery>2015-10-30</discovery>
+ <entry>2015-12-17</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="1fbd6db1-a4e4-11e5-b864-14dae9d210b8">
+ <topic>py-amf -- input sanitization errors</topic>
+ <affects>
+ <package>
+ <name>py27-amf</name>
+ <name>py32-amf</name>
+ <name>py33-amf</name>
+ <name>py34-amf</name>
+ <range><lt>0.8.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>oCERT reports:</p>
+ <blockquote cite="http://www.ocert.org/advisories/ocert-2015-011.html">
+ <p>A specially crafted AMF payload, containing malicious
+ references to XML external entities, can be used to trigger Denial of
+ Service (DoS) conditions or arbitrarily return the contents of files
+ that are accessible with the running application privileges.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.ocert.org/advisories/ocert-2015-011.html</url>
+ <cvename>CVE-2015-8549</cvename>
+ </references>
+ <dates>
+ <discovery>2015-12-01</discovery>
+ <entry>2015-12-17</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a9f60ce8-a4e0-11e5-b864-14dae9d210b8">
+ <topic>joomla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>joomla3</name>
+ <range><lt>3.4.6</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Joomla! reports:</p>
+ <blockquote cite="https://www.joomla.org/announcements/release-news/5641-joomla-3-4-6-released.html">
+ <p>Joomla! 3.4.6 is now available. This is a security release
+ for the 3.x series of Joomla which addresses a critical security
+ vulnerability and 4 low level security vulnerabilities. We strongly
+ recommend that you update your sites immediately.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.joomla.org/announcements/release-news/5641-joomla-3-4-6-released.html</url>
+ <cvename>CVE-2015-8562</cvename>
+ <cvename>CVE-2015-8563</cvename>
+ <cvename>CVE-2015-8564</cvename>
+ <cvename>CVE-2015-8565</cvename>
+ </references>
+ <dates>
+ <discovery>2015-12-14</discovery>
+ <entry>2015-12-17</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a8ec4db7-a398-11e5-85e9-14dae9d210b8">
+ <topic>bind -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>bind99</name>
+ <range><lt>9.9.8P2</lt></range>
+ </package>
+ <package>
+ <name>bind910</name>
+ <range><lt>9.10.3P2</lt></range>
+ </package>
+ <package>
+ <name>bind9-devel</name>
+ <range><lt>9.11.0.a20151215</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>ISC reports:</p>
+ <blockquote cite="https://kb.isc.org/article/AA-01328/0/BIND-9.10.3-P2-Release-Notes.html">
+ <p>Named is potentially vulnerable to the OpenSSL vulnerabilty described in CVE-2015-3193.</p>
+ <p>Incorrect reference counting could result in an INSIST
+ failure if a socket error occurred while performing a lookup. This flaw
+ is disclosed in CVE-2015-8461. [RT#40945]</p>
+ <p>Insufficient testing when parsing a message allowed records
+ with an incorrect class to be be accepted, triggering a REQUIRE failure
+ when those records were subsequently cached. This flaw is disclosed in
+ CVE-2015-8000. [RT #40987]</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://kb.isc.org/article/AA-01328/0/BIND-9.10.3-P2-Release-Notes.html</url>
+ <url>https://kb.isc.org/article/AA-01317/0/CVE-2015-8000%3A-Responses-with-a-malformed-class-attribute-can-trigger-an-assertion-failure-in-db.c.html</url>
+ <url>https://kb.isc.org/article/AA-01319/0/CVE-2015-8461%3A-A-race-condition-when-handling-socket-errors-can-lead-to-an-assertion-failure-in-resolver.c.html</url>
+ <cvename>CVE-2015-3193</cvename>
+ <cvename>CVE-2015-8000</cvename>
+ <cvename>CVE-2015-8461</cvename>
+ </references>
+ <dates>
+ <discovery>2015-11-24</discovery>
+ <entry>2015-12-16</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="2c2d1c39-1396-459a-91f5-ca03ee7c64c6">
+ <topic>mozilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>43.0,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>43.0,1</lt></range>
+ </package>
+ <package>
+ <name>seamonkey</name>
+ <range><lt>2.40</lt></range>
+ </package>
+ <package>
+ <name>linux-seamonkey</name>
+ <range><lt>2.40</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>38.5.0,1</lt></range>
+ </package>
+ <package>
+ <name>libxul</name>
+ <range><lt>38.5.0</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><lt>38.5.0</lt></range>
+ </package>
+ <package>
+ <name>linux-thunderbird</name>
+ <range><lt>38.5.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Mozilla Project reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/">
+ <p>MFSA 2015-134 Miscellaneous memory safety hazards
+ (rv:43.0 / rv:38.5)</p>
+ <p>MFSA 2015-135 Crash with JavaScript variable assignment
+ with unboxed objects</p>
+ <p>MFSA 2015-136 Same-origin policy violation using
+ perfomance.getEntries and history navigation</p>
+ <p>MFSA 2015-137 Firefox allows for control characters to be
+ set in cookies</p>
+ <p>MFSA 2015-138 Use-after-free in WebRTC when datachannel
+ is used after being destroyed</p>
+ <p>MFSA 2015-139 Integer overflow allocating extremely large
+ textures</p>
+ <p>MFSA 2015-140 Cross-origin information leak through web
+ workers error events</p>
+ <p>MFSA 2015-141 Hash in data URI is incorrectly parsed</p>
+ <p>MFSA 2015-142 DOS due to malformed frames in HTTP/2</p>
+ <p>MFSA 2015-143 Linux file chooser crashes on malformed
+ images due to flaws in Jasper library</p>
+ <p>MFSA 2015-144 Buffer overflows found through code
+ inspection</p>
+ <p>MFSA 2015-145 Underflow through code inspection</p>
+ <p>MFSA 2015-146 Integer overflow in MP4 playback in 64-bit
+ versions</p>
+ <p>MFSA 2015-147 Integer underflow and buffer overflow
+ processing MP4 metadata in libstagefright</p>
+ <p>MFSA 2015-148 Privilege escalation vulnerabilities in
+ WebExtension APIs</p>
+ <p>MFSA 2015-149 Cross-site reading attack through data and
+ view-source URIs</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7201</cvename>
+ <cvename>CVE-2015-7202</cvename>
+ <cvename>CVE-2015-7203</cvename>
+ <cvename>CVE-2015-7204</cvename>
+ <cvename>CVE-2015-7205</cvename>
+ <cvename>CVE-2015-7207</cvename>
+ <cvename>CVE-2015-7208</cvename>
+ <cvename>CVE-2015-7210</cvename>
+ <cvename>CVE-2015-7211</cvename>
+ <cvename>CVE-2015-7212</cvename>
+ <cvename>CVE-2015-7213</cvename>
+ <cvename>CVE-2015-7214</cvename>
+ <cvename>CVE-2015-7215</cvename>
+ <cvename>CVE-2015-7216</cvename>
+ <cvename>CVE-2015-7217</cvename>
+ <cvename>CVE-2015-7218</cvename>
+ <cvename>CVE-2015-7219</cvename>
+ <cvename>CVE-2015-7220</cvename>
+ <cvename>CVE-2015-7221</cvename>
+ <cvename>CVE-2015-7222</cvename>
+ <cvename>CVE-2015-7223</cvename>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-134/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-135/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-136/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-137/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-138/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-139/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-140/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-141/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-142/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-143/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-144/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-145/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-146/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-147/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-148/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-149/</url>
+ </references>
+ <dates>
+ <discovery>2015-12-15</discovery>
+ <entry>2015-12-15</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a5934ba8-a376-11e5-85e9-14dae9d210b8">
+ <topic>java -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>openjdk8</name>
+ <name>openjdk8-jre</name>
+ <range><lt>8.66.17</lt></range>
+ </package>
+ <package>
+ <name>openjdk7</name>
+ <name>openjdk7-jre</name>
+ <range><lt>7.91.02,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Oracle reports:</p>
+ <blockquote cite="http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA">
+ <p>This Critical Patch Update contains 25 new security fixes
+ for Oracle Java SE. 24 of these vulnerabilities may be remotely
+ exploitable without authentication, i.e., may be exploited over a
+ network without the need for a username and password.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA</url>
+ <cvename>CVE-2015-4835</cvename>
+ <cvename>CVE-2015-4881</cvename>
+ <cvename>CVE-2015-4843</cvename>
+ <cvename>CVE-2015-4883</cvename>
+ <cvename>CVE-2015-4860</cvename>
+ <cvename>CVE-2015-4805</cvename>
+ <cvename>CVE-2015-4844</cvename>
+ <cvename>CVE-2015-4901</cvename>
+ <cvename>CVE-2015-4868</cvename>
+ <cvename>CVE-2015-4810</cvename>
+ <cvename>CVE-2015-4806</cvename>
+ <cvename>CVE-2015-4871</cvename>
+ <cvename>CVE-2015-4902</cvename>
+ <cvename>CVE-2015-4840</cvename>
+ <cvename>CVE-2015-4882</cvename>
+ <cvename>CVE-2015-4842</cvename>
+ <cvename>CVE-2015-4734</cvename>
+ <cvename>CVE-2015-4903</cvename>
+ <cvename>CVE-2015-4803</cvename>
+ <cvename>CVE-2015-4893</cvename>
+ <cvename>CVE-2015-4911</cvename>
+ <cvename>CVE-2015-4872</cvename>
+ <cvename>CVE-2015-4906</cvename>
+ <cvename>CVE-2015-4916</cvename>
+ <cvename>CVE-2015-4908</cvename>
+ </references>
+ <dates>
+ <discovery>2015-10-20</discovery>
+ <entry>2015-12-15</entry>
+ <modified>2016-01-08</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="daadef86-a366-11e5-8b40-20cf30e32f6d">
+ <topic>subversion -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>subversion17</name>
+ <range><ge>1.7.0</ge><lt>1.7.22_1</lt></range>
+ </package>
+ <package>
+ <name>subversion18</name>
+ <range><ge>1.8.0</ge><lt>1.8.15</lt></range>
+ </package>
+ <package>
+ <name>subversion</name>
+ <range><ge>1.9.0</ge><lt>1.9.3</lt></range>
+ </package>
+ <package>
+ <name>mod_dav_svn</name>
+ <range><ge>1.7.0</ge><lt>1.7.22_1</lt></range>
+ <range><ge>1.8.0</ge><lt>1.8.15</lt></range>
+ <range><ge>1.9.0</ge><lt>1.9.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Subversion Project reports:</p>
+ <blockquote cite="http://subversion.apache.org/security/">
+ <p>Remotely triggerable heap overflow and out-of-bounds read caused
+ by integer overflow in the svn:// protocol parser.</p>
+ <p>Remotely triggerable heap overflow and out-of-bounds read in
+ mod_dav_svn caused by integer overflow when parsing skel-encoded
+ request bodies.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-5343</cvename>
+ <url>http://subversion.apache.org/security/CVE-2015-5343-advisory.txt</url>
+ <cvename>CVE-2015-5259</cvename>
+ <url>http://subversion.apache.org/security/CVE-2015-5259-advisory.txt</url>
+ </references>
+ <dates>
+ <discovery>2015-11-14</discovery>
+ <entry>2015-12-15</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="72c145df-a1e0-11e5-8ad0-00262d5ed8ee">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <!--pcbsd-->
+ <name>chromium-npapi</name>
+ <name>chromium-pulse</name>
+ <range><lt>47.0.2526.80</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="http://googlechromereleases.blogspot.nl/2015/12/stable-channel-update_8.html">
+ <p>7 security fixes in this release, including:</p>
+ <ul>
+ <li>[548273] High CVE-2015-6788: Type confusion in extensions.
+ Credit to anonymous.</li>
+ <li>[557981] High CVE-2015-6789: Use-after-free in Blink. Credit to
+ cloudfuzzer.</li>
+ <li>[542054] Medium CVE-2015-6790: Escaping issue in saved pages.
+ Credit to Inti De Ceukelaire.</li>
+ <li>[567513] CVE-2015-6791: Various fixes from internal audits,
+ fuzzing and other initiatives.</li>
+ <li>Multiple vulnerabilities in V8 fixed at the tip of the 4.7
+ branch (currently 4.7.80.23).</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-6788</cvename>
+ <cvename>CVE-2015-6789</cvename>
+ <cvename>CVE-2015-6790</cvename>
+ <cvename>CVE-2015-6791</cvename>
+ <url>http://googlechromereleases.blogspot.nl/2015/12/stable-channel-update_8.html</url>
+ </references>
+ <dates>
+ <discovery>2015-12-08</discovery>
+ <entry>2015-12-13</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="33459061-a1d6-11e5-8794-bcaec565249c">
+ <topic>freeimage -- multiple integer overflows</topic>
+ <affects>
+ <package>
+ <name>freeimage</name>
+ <range><lt>3.16.0_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Pcheng pcheng reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/08/28/1">
+ <p>An integer overflow issue in the FreeImage project was
+ reported and fixed recently.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-0852</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2015/08/28/1</url>
+ </references>
+ <dates>
+ <discovery>2015-08-28</discovery>
+ <entry>2015-12-13</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="21bc4d71-9ed8-11e5-8f5c-002590263bf5">
+ <topic>redmine -- information leak vulnerability</topic>
+ <affects>
+ <package>
+ <name>redmine</name>
+ <range><lt>2.6.9</lt></range>
+ <range><ge>3.0.0</ge><lt>3.0.7</lt></range>
+ <range><ge>3.1.0</ge><lt>3.1.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Redmine reports:</p>
+ <blockquote cite="http://www.redmine.org/projects/redmine/wiki/Security_Advisories">
+ <p>Data disclosure in atom feed.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8537</cvename>
+ <url>http://www.redmine.org/projects/redmine/wiki/Security_Advisories</url>
+ </references>
+ <dates>
+ <discovery>2015-12-05</discovery>
+ <entry>2015-12-10</entry>
+ <modified>2015-12-11</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="be63533c-9ed7-11e5-8f5c-002590263bf5">
+ <topic>redmine -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>redmine</name>
+ <range><lt>2.6.8</lt></range>
+ <range><ge>3.0.0</ge><lt>3.0.6</lt></range>
+ <range><ge>3.1.0</ge><lt>3.1.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Redmine reports:</p>
+ <blockquote cite="http://www.redmine.org/projects/redmine/wiki/Security_Advisories">
+ <p>Potential changeset message disclosure in issues API.</p>
+ <p>Data disclosure on the time logging form</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8346</cvename>
+ <cvename>CVE-2015-8473</cvename>
+ <url>http://www.redmine.org/projects/redmine/wiki/Security_Advisories</url>
+ <url>http://www.openwall.com/lists/oss-security/2015/11/25/12</url>
+ <url>http://www.openwall.com/lists/oss-security/2015/12/03/7</url>
+ </references>
+ <dates>
+ <discovery>2015-11-14</discovery>
+ <entry>2015-12-10</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="3ec2e0bc-9ed7-11e5-8f5c-002590263bf5">
+ <topic>redmine -- open redirect vulnerability</topic>
+ <affects>
+ <package>
+ <name>redmine</name>
+ <range><ge>2.5.1</ge><lt>2.6.7</lt></range>
+ <range><ge>3.0.0</ge><lt>3.0.5</lt></range>
+ <range><eq>3.1.0</eq></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Redmine reports:</p>
+ <blockquote cite="http://www.redmine.org/projects/redmine/wiki/Security_Advisories">
+ <p>Open Redirect vulnerability.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8474</cvename>
+ <url>http://www.redmine.org/projects/redmine/wiki/Security_Advisories</url>
+ <url>http://www.openwall.com/lists/oss-security/2015/12/04/1</url>
+ </references>
+ <dates>
+ <discovery>2015-09-20</discovery>
+ <entry>2015-12-10</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="939a7086-9ed6-11e5-8f5c-002590263bf5">
+ <topic>redmine -- potential XSS vulnerability</topic>
+ <affects>
+ <package>
+ <name>redmine</name>
+ <range><lt>2.6.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Redmine reports:</p>
+ <blockquote cite="http://www.redmine.org/projects/redmine/wiki/Security_Advisories">
+ <p>Potential XSS vulnerability when rendering some flash messages.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8477</cvename>
+ <url>http://www.redmine.org/projects/redmine/wiki/Security_Advisories</url>
+ <url>http://www.openwall.com/lists/oss-security/2015/12/05/6</url>
+ </references>
+ <dates>
+ <discovery>2015-02-19</discovery>
+ <entry>2015-12-10</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="49def4b7-9ed6-11e5-8f5c-002590263bf5">
+ <topic>redmine -- information leak vulnerability</topic>
+ <affects>
+ <package>
+ <name>redmine</name>
+ <range><lt>2.4.6</lt></range>
+ <range><ge>2.5.0</ge><lt>2.5.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Redmine reports:</p>
+ <blockquote cite="http://www.redmine.org/projects/redmine/wiki/Security_Advisories">
+ <p>Potential data leak (project names) in the invalid form
+ authenticity token error screen.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.redmine.org/projects/redmine/wiki/Security_Advisories</url>
+ </references>
+ <dates>
+ <discovery>2014-07-06</discovery>
+ <entry>2015-12-10</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="c2efcd46-9ed5-11e5-8f5c-002590263bf5">
+ <topic>redmine -- open redirect vulnerability</topic>
+ <affects>
+ <package>
+ <name>redmine</name>
+ <range><lt>2.4.5</lt></range>
+ <range><eq>2.5.0</eq></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Redmine reports:</p>
+ <blockquote cite="http://www.redmine.org/projects/redmine/wiki/Security_Advisories">
+ <p>Open Redirect vulnerability</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-1985</cvename>
+ <url>http://www.redmine.org/projects/redmine/wiki/Security_Advisories</url>
+ <url>https://jvn.jp/en/jp/JVN93004610/index.html</url>
+ </references>
+ <dates>
+ <discovery>2014-03-29</discovery>
+ <entry>2015-12-10</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="66ba5931-9ed5-11e5-8f5c-002590263bf5">
+ <topic>redmine -- XSS vulnerability</topic>
+ <affects>
+ <package>
+ <name>redmine</name>
+ <range><ge>2.1.0</ge><lt>2.1.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Redmine reports:</p>
+ <blockquote cite="http://www.redmine.org/projects/redmine/wiki/Security_Advisories">
+ <p>XSS vulnerability</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.redmine.org/projects/redmine/wiki/Security_Advisories</url>
+ </references>
+ <dates>
+ <discovery>2012-09-30</discovery>
+ <entry>2015-12-10</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0e0385d1-9ed5-11e5-8f5c-002590263bf5">
+ <topic>redmine -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>redmine</name>
+ <range><lt>1.3.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Redmine reports:</p>
+ <blockquote cite="http://www.redmine.org/projects/redmine/wiki/Security_Advisories">
+ <p>Mass-assignemnt vulnerability that would allow an attacker to
+ bypass part of the security checks.</p>
+ <p>Persistent XSS vulnerability</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2012-0327</cvename>
+ <url>http://www.redmine.org/projects/redmine/wiki/Security_Advisories</url>
+ <url>http://jvn.jp/en/jp/JVN93406632/</url>
+ </references>
+ <dates>
+ <discovery>2012-03-11</discovery>
+ <entry>2015-12-10</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="ae377aeb-9ed4-11e5-8f5c-002590263bf5">
+ <topic>redmine -- CSRF protection bypass</topic>
+ <affects>
+ <package>
+ <name>redmine</name>
+ <range><lt>1.3.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Redmine reports:</p>
+ <blockquote cite="http://www.redmine.org/projects/redmine/wiki/Security_Advisories">
+ <p>Vulnerability that would allow an attacker to bypass the CSRF
+ protection.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.redmine.org/projects/redmine/wiki/Security_Advisories</url>
+ </references>
+ <dates>
+ <discovery>2011-12-10</discovery>
+ <entry>2015-12-10</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="23af0425-9eac-11e5-b937-00e0814cab4e">
+ <topic>jenkins -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>jenkins</name>
+ <range><le>1.641</le></range>
+ </package>
+ <package>
+ <name>jenkins-lts</name>
+ <range><le>1.625.3</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jenkins Security Advisory:</p>
+ <blockquote cite="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09">
+ <h1>Description</h1>
+ <h5>SECURITY-95 / CVE-2015-7536 (Stored XSS vulnerability through workspace files and archived artifacts)</h5>
+ <p>In certain configurations, low privilege users were able to
+ create e.g. HTML files in workspaces and archived artifacts that
+ could result in XSS when accessed by other users. Jenkins now sends
+ Content-Security-Policy headers that enables sandboxing and
+ prohibits script execution by default.</p>
+ <h5>SECURITY-225 / CVE-2015-7537 (CSRF vulnerability in some administrative actions)</h5>
+ <p>Several administration/configuration related URLs could be
+ accessed using GET, which allowed attackers to circumvent CSRF
+ protection.</p>
+ <h5>SECURITY-233 / CVE-2015-7538 (CSRF protection ineffective)</h5>
+ <p>Malicious users were able to circumvent CSRF protection on any
+ URL by sending specially crafted POST requests.</p>
+ <h5>SECURITY-234 / CVE-2015-7539 (Jenkins plugin manager vulnerable to MITM attacks)</h5>
+ <p>While the Jenkins update site data is digitally signed, and the
+ signature verified by Jenkins, Jenkins did not verify the provided
+ SHA-1 checksums for the plugin files referenced in the update site
+ data. This enabled MITM attacks on the plugin manager, resulting
+ in installation of attacker-provided plugins.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09</url>
+ </references>
+ <dates>
+ <discovery>2015-12-09</discovery>
+ <entry>2015-12-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="c8842a84-9ddd-11e5-8c2f-c485083ca99c">
+ <topic>flash -- multiple vulnabilities</topic>
+ <affects>
+ <package>
+ <name>linux-c6-flashplugin</name>
+ <name>linux-f10-flashplugin</name>
+ <name>linux-c6_64-flashplugin</name>
+ <range><lt>11.2r202.554</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Adobe reports:</p>
+ <blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb15-32.html">
+ <p>
+ These updates resolve heap buffer overflow vulnerabilities that
+ could lead to code execution (CVE-2015-8438, CVE-2015-8446).</p>
+
+ <p>
+ These updates resolve memory corruption vulnerabilities that
+ could lead to code execution (CVE-2015-8444, CVE-2015-8443,
+ CVE-2015-8417, CVE-2015-8416, CVE-2015-8451, CVE-2015-8047,
+ CVE-2015-8053, CVE-2015-8045, CVE-2015-8051, CVE-2015-8060,
+ CVE-2015-8419, CVE-2015-8408).</p>
+
+ <p>
+ These updates resolve security bypass vulnerabilities
+ (CVE-2015-8453, CVE-2015-8440, CVE-2015-8409).</p>
+
+ <p>
+ These updates resolve a stack overflow vulnerability that
+ could lead to code execution (CVE-2015-8407).</p>
+
+ <p>
+ These updates resolve a type confusion vulnerability that
+ could lead to code execution (CVE-2015-8439).</p>
+
+ <p>
+ These updates resolve an integer overflow vulnerability
+ that could lead to code execution (CVE-2015-8445).</p>
+
+ <p>
+ These updates resolve a buffer overflow vulnerability that
+ could lead to code execution (CVE-2015-8415).</p>
+
+ <p>
+ These updates resolve use-after-free vulnerabilities that
+ could lead to code execution (CVE-2015-8050, CVE-2015-8049,
+ CVE-2015-8437, CVE-2015-8450, CVE-2015-8449, CVE-2015-8448,
+ CVE-2015-8436, CVE-2015-8452, CVE-2015-8048, CVE-2015-8413,
+ CVE-2015-8412, CVE-2015-8410, CVE-2015-8411, CVE-2015-8424,
+ CVE-2015-8422, CVE-2015-8420, CVE-2015-8421, CVE-2015-8423,
+ CVE-2015-8425, CVE-2015-8433, CVE-2015-8432, CVE-2015-8431,
+ CVE-2015-8426, CVE-2015-8430, CVE-2015-8427, CVE-2015-8428,
+ CVE-2015-8429, CVE-2015-8434, CVE-2015-8435, CVE-2015-8414,
+ CVE-2015-8052, CVE-2015-8059, CVE-2015-8058, CVE-2015-8055,
+ CVE-2015-8057, CVE-2015-8056, CVE-2015-8061, CVE-2015-8067,
+ CVE-2015-8066, CVE-2015-8062, CVE-2015-8068, CVE-2015-8064,
+ CVE-2015-8065, CVE-2015-8063, CVE-2015-8405, CVE-2015-8404,
+ CVE-2015-8402, CVE-2015-8403, CVE-2015-8071, CVE-2015-8401,
+ CVE-2015-8406, CVE-2015-8069, CVE-2015-8070, CVE-2015-8441,
+ CVE-2015-8442, CVE-2015-8447).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://helpx.adobe.com/security/products/flash-player/apsb15-32.html</url>
+ <cvename>CVE-2015-8045</cvename>
+ <cvename>CVE-2015-8047</cvename>
+ <cvename>CVE-2015-8048</cvename>
+ <cvename>CVE-2015-8049</cvename>
+ <cvename>CVE-2015-8050</cvename>
+ <cvename>CVE-2015-8051</cvename>
+ <cvename>CVE-2015-8052</cvename>
+ <cvename>CVE-2015-8053</cvename>
+ <cvename>CVE-2015-8054</cvename>
+ <cvename>CVE-2015-8055</cvename>
+ <cvename>CVE-2015-8056</cvename>
+ <cvename>CVE-2015-8057</cvename>
+ <cvename>CVE-2015-8058</cvename>
+ <cvename>CVE-2015-8059</cvename>
+ <cvename>CVE-2015-8060</cvename>
+ <cvename>CVE-2015-8061</cvename>
+ <cvename>CVE-2015-8062</cvename>
+ <cvename>CVE-2015-8063</cvename>
+ <cvename>CVE-2015-8064</cvename>
+ <cvename>CVE-2015-8065</cvename>
+ <cvename>CVE-2015-8066</cvename>
+ <cvename>CVE-2015-8067</cvename>
+ <cvename>CVE-2015-8068</cvename>
+ <cvename>CVE-2015-8069</cvename>
+ <cvename>CVE-2015-8070</cvename>
+ <cvename>CVE-2015-8071</cvename>
+ <cvename>CVE-2015-8401</cvename>
+ <cvename>CVE-2015-8402</cvename>
+ <cvename>CVE-2015-8403</cvename>
+ <cvename>CVE-2015-8404</cvename>
+ <cvename>CVE-2015-8405</cvename>
+ <cvename>CVE-2015-8406</cvename>
+ <cvename>CVE-2015-8407</cvename>
+ <cvename>CVE-2015-8408</cvename>
+ <cvename>CVE-2015-8409</cvename>
+ <cvename>CVE-2015-8410</cvename>
+ <cvename>CVE-2015-8411</cvename>
+ <cvename>CVE-2015-8412</cvename>
+ <cvename>CVE-2015-8413</cvename>
+ <cvename>CVE-2015-8414</cvename>
+ <cvename>CVE-2015-8415</cvename>
+ <cvename>CVE-2015-8416</cvename>
+ <cvename>CVE-2015-8417</cvename>
+ <cvename>CVE-2015-8419</cvename>
+ <cvename>CVE-2015-8420</cvename>
+ <cvename>CVE-2015-8421</cvename>
+ <cvename>CVE-2015-8422</cvename>
+ <cvename>CVE-2015-8423</cvename>
+ <cvename>CVE-2015-8424</cvename>
+ <cvename>CVE-2015-8425</cvename>
+ <cvename>CVE-2015-8426</cvename>
+ <cvename>CVE-2015-8427</cvename>
+ <cvename>CVE-2015-8428</cvename>
+ <cvename>CVE-2015-8429</cvename>
+ <cvename>CVE-2015-8430</cvename>
+ <cvename>CVE-2015-8431</cvename>
+ <cvename>CVE-2015-8432</cvename>
+ <cvename>CVE-2015-8433</cvename>
+ <cvename>CVE-2015-8434</cvename>
+ <cvename>CVE-2015-8435</cvename>
+ <cvename>CVE-2015-8436</cvename>
+ <cvename>CVE-2015-8437</cvename>
+ <cvename>CVE-2015-8438</cvename>
+ <cvename>CVE-2015-8439</cvename>
+ <cvename>CVE-2015-8440</cvename>
+ <cvename>CVE-2015-8441</cvename>
+ <cvename>CVE-2015-8442</cvename>
+ <cvename>CVE-2015-8443</cvename>
+ <cvename>CVE-2015-8444</cvename>
+ <cvename>CVE-2015-8445</cvename>
+ <cvename>CVE-2015-8446</cvename>
+ <cvename>CVE-2015-8447</cvename>
+ <cvename>CVE-2015-8448</cvename>
+ <cvename>CVE-2015-8449</cvename>
+ <cvename>CVE-2015-8450</cvename>
+ <cvename>CVE-2015-8451</cvename>
+ <cvename>CVE-2015-8452</cvename>
+ <cvename>CVE-2015-8453</cvename>
+ </references>
+ <dates>
+ <discovery>2015-12-08</discovery>
+ <entry>2015-12-08</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="215e740e-9c56-11e5-90e7-b499baebfeaf">
+ <topic>libressl -- NULL pointer dereference</topic>
+ <affects>
+ <package>
+ <name>libressl</name>
+ <range><lt>2.2.5</lt></range>
+ <range><ge>2.3.0</ge><lt>2.3.1_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The OpenBSD project reports:</p>
+ <blockquote cite="https://marc.info/?l=openbsd-announce&t=144920914600002">
+ <p>A NULL pointer deference could be triggered by a crafted
+ certificate sent to services configured to verify client
+ certificates on TLS/SSL connections.
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://marc.info/?l=openbsd-announce&t=144920914600002</url>
+ <cvename>CVE-2015-3194</cvename>
+ </references>
+ <dates>
+ <discovery>2015-12-03</discovery>
+ <entry>2015-12-08</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="918a5d1f-9d40-11e5-8f5c-002590263bf5">
+ <topic>KeePassX -- information disclosure</topic>
+ <affects>
+ <package>
+ <name>KeePassX</name>
+ <range><lt>0.4.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Yves-Alexis Perez reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/11/30/4">
+ <p>Starting an export (using File / Export to / KeepassX XML file) and
+ cancelling it leads to KeepassX saving a cleartext XML file in
+ ~/.xml without any warning.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8378</cvename>
+ <freebsdpr>ports/205105</freebsdpr>
+ <url>http://www.openwall.com/lists/oss-security/2015/11/30/4</url>
+ </references>
+ <dates>
+ <discovery>2015-07-08</discovery>
+ <entry>2015-12-08</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="84fdd1bb-9d37-11e5-8f5c-002590263bf5">
+ <topic>passenger -- client controlled header overwriting</topic>
+ <affects>
+ <package>
+ <name>rubygem-passenger</name>
+ <range><ge>5.0.0</ge><lt>5.0.22</lt></range>
+ <range><lt>4.0.60</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Daniel Knoppel reports:</p>
+ <blockquote cite="https://blog.phusion.nl/2015/12/07/cve-2015-7519/">
+ <p>It was discovered by the SUSE security team that it was possible,
+ in some cases, for clients to overwrite headers set by the server,
+ resulting in a medium level security issue. CVE-2015-7519 has been
+ assigned to this issue.</p>
+ <p>Affected use-cases:</p>
+ <p>Header overwriting may occur if all of the following conditions are met:</p>
+ <ul>
+ <li>Apache integration mode, or standalone+builtin engine without
+ a filtering proxy</li>
+ <li>Ruby or Python applications only (Passenger 5); or any
+ application (Passenger 4)</li>
+ <li>The app depends on a request header containing a dash (-)</li>
+ <li>The header is supposed to be trusted (set by the server)</li>
+ <li>The client correctly guesses the header name</li>
+ </ul>
+ <p>This vulnerability has been fixed by filtering out client headers
+ that do not consist of alphanumeric/dash characters (Nginx already
+ did this, so Passenger+Nginx was not affected). If your application
+ depends on headers that don't conform to this, you can add a
+ workaround in Apache specifically for those to convert them to a
+ dash-based format.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7519</cvename>
+ <url>https://blog.phusion.nl/2015/12/07/cve-2015-7519/</url>
+ </references>
+ <dates>
+ <discovery>2015-12-07</discovery>
+ <entry>2015-12-07</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e6b974ab-9d35-11e5-8f5c-002590263bf5">
+ <topic>Salt -- information disclosure</topic>
+ <affects>
+ <package>
+ <name>py27-salt</name>
+ <range><lt>2015.8.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Salt release notes report:</p>
+ <blockquote cite="https://docs.saltstack.com/en/latest/topics/releases/2015.8.3.html">
+ <p>CVE-2015-8034: Saving state.sls cache data to disk with insecure
+ permissions</p>
+ <p>This affects users of the state.sls function. The state run cache
+ on the minion was being created with incorrect permissions. This
+ file could potentially contain sensitive data that was inserted via
+ jinja into the state SLS files. The permissions for this file are
+ now being set correctly. Thanks to @zmalone for bringing this issue
+ to our attention.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8034</cvename>
+ <url>https://docs.saltstack.com/en/latest/topics/releases/2015.8.3.html</url>
+ </references>
+ <dates>
+ <discovery>2015-11-25</discovery>
+ <entry>2015-12-07</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6bc6eed2-9cca-11e5-8c2b-c335fa8985d7">
+ <topic>libraw -- memory objects not properly initialized</topic>
+ <affects>
+ <package>
+ <name>libraw</name>
+ <range><lt>0.17.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>ChenQin reports:</p>
+ <blockquote cite="http://seclists.org/fulldisclosure/2015/Nov/108">
+ <p>The LibRaw raw image decoder has multiple vulnerabilities that can
+ cause memory errors which may lead to code execution or other
+ problems.</p>
+ <p>In CVE-2015-8367, LibRaw's phase_one_correct function does not
+ handle memory initialization correctly, which may cause other
+ problems.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.libraw.org/news/libraw-0-17-1</url>
+ <url>https://github.com/LibRaw/LibRaw/commit/490ef94d1796f730180039e80997efe5c58db780</url>
+ <mlist>http://seclists.org/fulldisclosure/2015/Nov/108</mlist>
+ <cvename>CVE-2015-8367</cvename>
+ </references>
+ <dates>
+ <discovery>2015-11-30</discovery>
+ <entry>2015-12-07</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="db04bf07-9cc8-11e5-8c2b-c335fa8985d7">
+ <topic>libraw -- index overflow in smal_decode_segment</topic>
+ <affects>
+ <package>
+ <name>libraw</name>
+ <range><lt>0.17.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>ChenQin reports:</p>
+ <blockquote cite="http://seclists.org/fulldisclosure/2015/Nov/108">
+ <p>The LibRaw raw image decoder has multiple vulnerabilities that can
+ cause memory errors which may lead to code execution or other
+ problems.</p>
+ <p>In CVE-2015-8366, LibRaw's smal_decode_segment function does not
+ handle indexes carefully, which can cause an index overflow.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.libraw.org/news/libraw-0-17-1</url>
+ <url>https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2</url>
+ <mlist>http://seclists.org/fulldisclosure/2015/Nov/108</mlist>
+ <cvename>CVE-2015-8366</cvename>
+ </references>
+ <dates>
+ <discovery>2015-11-30</discovery>
+ <entry>2015-12-07</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="4c8d1d72-9b38-11e5-aece-d050996490d0">
+ <topic>openssl -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>openssl</name>
+ <range><lt>1.0.2_5</lt></range>
+ </package>
+ <package>
+ <name>mingw32-openssl</name>
+ <range><ge>1.0.1</ge><lt>1.0.2e</lt></range>
+ </package>
+ <package>
+ <name>linux-c6-openssl</name>
+ <range><lt>1.0.1e_7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>OpenSSL project reports:</p>
+ <blockquote cite="https://www.openssl.org/news/secadv/20151203.txt">
+ <ol>
+ <li>BN_mod_exp may produce incorrect results on x86_64
+ (CVE-2015-3193)</li>
+ <li>Certificate verify crash with missing PSS parameter
+ (CVE-2015-3194)</li>
+ <li>X509_ATTRIBUTE memory leak (CVE-2015-3195)</li>
+ <li>Race condition handling PSK identify hint
+ (CVE-2015-3196)</li>
+ <li>Anon DH ServerKeyExchange with 0 p parameter
+ (CVE-2015-1794)</li>
+ </ol>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-1794</cvename>
+ <cvename>CVE-2015-3193</cvename>
+ <cvename>CVE-2015-3194</cvename>
+ <cvename>CVE-2015-3195</cvename>
+ <cvename>CVE-2015-3196</cvename>
+ <url>https://www.openssl.org/news/secadv/20151203.txt</url>
+ </references>
+ <dates>
+ <discovery>2015-12-03</discovery>
+ <entry>2015-12-05</entry>
+ <modified>2016-01-31</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="8a90dc87-89f9-11e5-a408-00248c0c745d">
+ <topic>PHPmailer -- SMTP injection vulnerability</topic>
+ <affects>
+ <package>
+ <name>phpmailer</name>
+ <range><lt>5.2.14</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>PHPMailer changelog reports:</p>
+ <blockquote cite="https://github.com/PHPMailer/PHPMailer/blob/v5.2.14/changelog.md">
+ <p>Fix vulnerability that allowed email addresses with
+ line breaks (valid in RFC5322) to pass to SMTP, permitting
+ message injection at the SMTP level. Mitigated in both
+ the address validator and in the lower-level SMTP class.
+ Thanks to Takeshi Terada.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/PHPMailer/PHPMailer/blob/v5.2.14/changelog.md</url>
+ </references>
+ <dates>
+ <discovery>2015-11-05</discovery>
+ <entry>2015-12-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="b0da85af-21a3-4c15-a137-fe9e4bc86002">
+ <topic>ffmpeg -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>libav</name>
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>gstreamer-ffmpeg</name>
+ <!-- gst-ffmpeg-0.10.13 has libav-0.7.2 (0.7.7 in freebsd port) -->
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>handbrake</name>
+ <!-- handbrake-0.10.2 has libav-10.1 -->
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>ffmpeg</name>
+ <range><ge>2.8,1</ge><lt>2.8.3,1</lt></range>
+ <range><lt>2.7.3,1</lt></range>
+ </package>
+ <package>
+ <name>ffmpeg26</name>
+ <range><lt>2.6.5</lt></range>
+ </package>
+ <package>
+ <name>ffmpeg25</name>
+ <range><lt>2.5.9</lt></range>
+ </package>
+ <package>
+ <name>ffmpeg24</name>
+ <range><lt>2.4.12</lt></range>
+ </package>
+ <package>
+ <name>ffmpeg-devel</name>
+ <name>ffmpeg23</name>
+ <name>ffmpeg2</name>
+ <name>ffmpeg1</name>
+ <name>ffmpeg-011</name>
+ <name>ffmpeg0</name>
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>avidemux</name>
+ <name>avidemux2</name>
+ <name>avidemux26</name>
+ <!-- avidemux-2.6.10 has ffmpeg-2.6.1 -->
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>kodi</name>
+ <!-- kodi-15.2 has ffmpeg-2.6.4 -->
+ <range><lt>16.0</lt></range>
+ </package>
+ <package>
+ <name>mplayer</name>
+ <name>mencoder</name>
+ <!-- mplayer-1.1.r20150822_6 has ffmpeg-2.8.2 -->
+ <range><lt>1.1.r20150822_7</lt></range>
+ </package>
+ <package>
+ <name>mythtv</name>
+ <name>mythtv-frontend</name>
+ <!-- mythtv-0.27.0.20140121 has ffmpeg-1.2.2+ (snapshot, f9c8726) -->
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>plexhometheater</name>
+ <!-- plexhometheater-1.4.1 has ffmpeg-0.10.2 fork -->
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>NVD reports:</p>
+ <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6761">
+ <p>The update_dimensions function in libavcodec/vp8.c in
+ FFmpeg through 2.8.1, as used in Google Chrome before
+ 46.0.2490.71 and other products, relies on a
+ coefficient-partition count during multi-threaded operation,
+ which allows remote attackers to cause a denial of service
+ (race condition and memory corruption) or possibly have
+ unspecified other impact via a crafted WebM file.</p>
+ </blockquote>
+ <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8216">
+ <p>The ljpeg_decode_yuv_scan function in
+ libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain
+ width and height checks, which allows remote attackers to
+ cause a denial of service (out-of-bounds array access) or
+ possibly have unspecified other impact via crafted MJPEG
+ data.</p>
+ </blockquote>
+ <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8217">
+ <p>The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in
+ FFmpeg before 2.8.2 does not validate the Chroma Format
+ Indicator, which allows remote attackers to cause a denial
+ of service (out-of-bounds array access) or possibly have
+ unspecified other impact via crafted High Efficiency Video
+ Coding (HEVC) data.</p>
+ </blockquote>
+ <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8218">
+ <p>The decode_uncompressed function in libavcodec/faxcompr.c
+ in FFmpeg before 2.8.2 does not validate uncompressed runs,
+ which allows remote attackers to cause a denial of service
+ (out-of-bounds array access) or possibly have unspecified
+ other impact via crafted CCITT FAX data.</p>
+ </blockquote>
+ <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8219">
+ <p>The init_tile function in libavcodec/jpeg2000dec.c in
+ FFmpeg before 2.8.2 does not enforce minimum-value and
+ maximum-value constraints on tile coordinates, which allows
+ remote attackers to cause a denial of service (out-of-bounds
+ array access) or possibly have unspecified other impact via
+ crafted JPEG 2000 data.</p>
+ </blockquote>
+ <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8363">
+ <p>The jpeg2000_read_main_headers function in
+ libavcodec/jpeg2000dec.c in FFmpeg before 2.6.5, 2.7.x
+ before 2.7.3, and 2.8.x through 2.8.2 does not enforce
+ uniqueness of the SIZ marker in a JPEG 2000 image, which
+ allows remote attackers to cause a denial of service
+ (out-of-bounds heap-memory access) or possibly have
+ unspecified other impact via a crafted image with two or
+ more of these markers.</p>
+ </blockquote>
+ <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8364">
+ <p>Integer overflow in the ff_ivi_init_planes function in
+ libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3,
+ and 2.8.x through 2.8.2 allows remote attackers to cause a
+ denial of service (out-of-bounds heap-memory access) or
+ possibly have unspecified other impact via crafted image
+ dimensions in Indeo Video Interactive data.</p>
+ </blockquote>
+ <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8365">
+ <p>The smka_decode_frame function in libavcodec/smacker.c in
+ FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through
+ 2.8.2 does not verify that the data size is consistent with
+ the number of channels, which allows remote attackers to
+ cause a denial of service (out-of-bounds array access) or
+ possibly have unspecified other impact via crafted Smacker
+ data.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-6761</cvename>
+ <cvename>CVE-2015-8216</cvename>
+ <cvename>CVE-2015-8217</cvename>
+ <cvename>CVE-2015-8218</cvename>
+ <cvename>CVE-2015-8219</cvename>
+ <cvename>CVE-2015-8363</cvename>
+ <cvename>CVE-2015-8364</cvename>
+ <cvename>CVE-2015-8365</cvename>
+ <url>https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=dabea74d0e82ea80cd344f630497cafcb3ef872c</url>
+ <url>https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d24888ef19ba38b787b11d1ee091a3d94920c76a</url>
+ <url>https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=93f30f825c08477fe8f76be00539e96014cc83c8</url>
+ <url>https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d4a731b84a08f0f3839eaaaf82e97d8d9c67da46</url>
+ <url>https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=43492ff3ab68a343c1264801baa1d5a02de10167</url>
+ <url>https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=44a7f17d0b20e6f8d836b2957e3e357b639f19a2</url>
+ <url>https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=df91aa034b82b77a3c4e01791f4a2b2ff6c82066</url>
+ <url>https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4a9af07a49295e014b059c1ab624c40345af5892</url>
+ <url>https://ffmpeg.org/security.html</url>
+ </references>
+ <dates>
+ <discovery>2015-11-27</discovery>
+ <entry>2015-12-02</entry>
+ <modified>2015-12-28</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="548f74bd-993c-11e5-956b-00262d5ed8ee">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <!--pcbsd-->
+ <name>chromium-npapi</name>
+ <name>chromium-pulse</name>
+ <range><lt>47.0.2526.73</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="http://googlechromereleases.blogspot.nl/2015/12/stable-channel-update.html">
+ <p>41 security fixes in this release, inclduding:</p>
+ <ul>
+ <li>[558589] Critical CVE-2015-6765: Use-after-free in AppCache.
+ Credit to anonymous.</li>
+ <li>[551044] High CVE-2015-6766: Use-after-free in AppCache.
+ Credit to anonymous.</li>
+ <li>[554908] High CVE-2015-6767: Use-after-free in AppCache.
+ Credit to anonymous.</li>
+ <li>[556724] High CVE-2015-6768: Cross-origin bypass in DOM.
+ Credit to Mariusz Mlynski.</li>
+ <li>[534923] High CVE-2015-6769: Cross-origin bypass in core.
+ Credit to Mariusz Mlynski.</li>
+ <li>[541206] High CVE-2015-6770: Cross-origin bypass in DOM.
+ Credit to Mariusz Mlynski.</li>
+ <li>[544991] High CVE-2015-6771: Out of bounds access in v8.
+ Credit to anonymous.</li>
+ <li>[546545] High CVE-2015-6772: Cross-origin bypass in DOM.
+ Credit to Mariusz Mlynski.</li>
+ <li>[554946] High CVE-2015-6764: Out of bounds access in v8.
+ Credit to Guang Gong of Qihoo 360 via pwn2own.</li>
+ <li>[491660] High CVE-2015-6773: Out of bounds access in Skia.
+ Credit to cloudfuzzer.</li>
+ <li>[549251] High CVE-2015-6774: Use-after-free in Extensions.
+ Credit to anonymous.</li>
+ <li>[529012] High CVE-2015-6775: Type confusion in PDFium.
+ Credit to Atte Kettunen of OUSPG.</li>
+ <li>[457480] High CVE-2015-6776: Out of bounds access in PDFium.
+ Credit to Hanno Böck.</li>
+ <li>[544020] High CVE-2015-6777: Use-after-free in DOM.
+ Credit to Long Liu of Qihoo 360Vulcan Team.</li>
+ <li>[514891] Medium CVE-2015-6778: Out of bounds access in PDFium.
+ Credit to Karl Skomski.</li>
+ <li>[528505] Medium CVE-2015-6779: Scheme bypass in PDFium.
+ Credit to Til Jasper Ullrich.</li>
+ <li>[490492] Medium CVE-2015-6780: Use-after-free in Infobars.
+ Credit to Khalil Zhani.</li>
+ <li>[497302] Medium CVE-2015-6781: Integer overflow in Sfntly.
+ Credit to miaubiz.</li>
+ <li>[536652] Medium CVE-2015-6782: Content spoofing in Omnibox.
+ Credit to Luan Herrera.</li>
+ <li>[537205] Medium CVE-2015-6783: Signature validation issue in
+ Android Crazy Linker. Credit to Michal Bednarski.</li>
+ <li>[503217] Low CVE-2015-6784: Escaping issue in saved pages.
+ Credit to Inti De Ceukelaire.</li>
+ <li>[534542] Low CVE-2015-6785: Wildcard matching issue in CSP.
+ Credit to Michael Ficarra / Shape Security.</li>
+ <li>[534570] Low CVE-2015-6786: Scheme bypass in CSP. Credit to
+ Michael Ficarra / Shape Security.</li>
+ <li>[563930] CVE-2015-6787: Various fixes from internal audits,
+ fuzzing and other initiatives.</li>
+ <li> Multiple vulnerabilities in V8 fixed at the tip of the 4.7
+ branch (currently 4.7.80.23).</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-6765</cvename>
+ <cvename>CVE-2015-6766</cvename>
+ <cvename>CVE-2015-6767</cvename>
+ <cvename>CVE-2015-6768</cvename>
+ <cvename>CVE-2015-6769</cvename>
+ <cvename>CVE-2015-6770</cvename>
+ <cvename>CVE-2015-6771</cvename>
+ <cvename>CVE-2015-6772</cvename>
+ <cvename>CVE-2015-6773</cvename>
+ <cvename>CVE-2015-6774</cvename>
+ <cvename>CVE-2015-6775</cvename>
+ <cvename>CVE-2015-6776</cvename>
+ <cvename>CVE-2015-6777</cvename>
+ <cvename>CVE-2015-6778</cvename>
+ <cvename>CVE-2015-6779</cvename>
+ <cvename>CVE-2015-6780</cvename>
+ <cvename>CVE-2015-6781</cvename>
+ <cvename>CVE-2015-6782</cvename>
+ <cvename>CVE-2015-6783</cvename>
+ <cvename>CVE-2015-6784</cvename>
+ <cvename>CVE-2015-6785</cvename>
+ <cvename>CVE-2015-6786</cvename>
+ <cvename>CVE-2015-6787</cvename>
+ <url>http://googlechromereleases.blogspot.nl/2015/12/stable-channel-update.html</url>
+ </references>
+ <dates>
+ <discovery>2015-12-01</discovery>
+ <entry>2015-12-02</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="11351c82-9909-11e5-a9c8-14dae9d5a9d2">
+ <topic>piwik -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>piwik</name>
+ <range><lt>2.15.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Piwik changelog reports:</p>
+ <blockquote cite="http://piwik.org/changelog/piwik-2-15-0/">
+ <p>This release is rated critical.
+
+ We are grateful for Security researchers who disclosed
+ security issues privately to the Piwik Security Response
+ team: Elamaran Venkatraman, Egidio Romano and Dmitriy
+ Shcherbatov. The following vulnerabilities were fixed:
+ XSS, CSRF, possible file inclusion in older PHP versions
+ (low impact), possible Object Injection Vulnerability
+ (low impact).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7815</cvename>
+ <cvename>CVE-2015-7816</cvename>
+ <url>http://piwik.org/changelog/piwik-2-15-0/</url>
+ </references>
+ <dates>
+ <discovery>2015-11-17</discovery>
+ <entry>2015-12-02</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="d62ec98e-97d8-11e5-8c0e-080027b00c2e">
+ <topic>cyrus-imapd -- integer overflow in the start_octet addition</topic>
+ <affects>
+ <package>
+ <name>cyrus-imapd25</name>
+ <range><ge>2.5.0</ge><lt>2.5.7</lt></range>
+ </package>
+ <package>
+ <name>cyrus-imapd24</name>
+ <range><ge>2.4.0</ge><lt>2.4.18_2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Cyrus IMAP 2.5.7 Release Note states:</p>
+ <blockquote cite="https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.7.html">
+ <p>CVE-2015-8077, CVE-2015-8078: protect against integer overflow in urlfetch range checks</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8078</cvename>
+ <url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8078</url>
+ <url>http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8078.html</url>
+ <url>https://security-tracker.debian.org/tracker/CVE-2015-8078</url>
+ <cvename>CVE-2015-8077</cvename>
+ <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8077</url>
+ <url>http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8077.html</url>
+ <url>https://security-tracker.debian.org/tracker/CVE-2015-8077</url>
+ </references>
+ <dates>
+ <discovery>2015-11-04</discovery>
+ <entry>2015-12-01</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="11c52bc6-97aa-11e5-b8df-14dae9d210b8">
+ <topic>django -- information leak vulnerability</topic>
+ <affects>
+ <package>
+ <name>py27-django</name>
+ <name>py32-django</name>
+ <name>py33-django</name>
+ <name>py34-django</name>
+ <range><lt>1.8.7</lt></range>
+ </package>
+ <package>
+ <name>py27-django18</name>
+ <name>py32-django18</name>
+ <name>py33-django18</name>
+ <name>py34-django18</name>
+ <range><lt>1.8.7</lt></range>
+ </package>
+ <package>
+ <name>py27-django17</name>
+ <name>py32-django17</name>
+ <name>py33-django17</name>
+ <name>py34-django17</name>
+ <range><lt>1.7.11</lt></range>
+ </package>
+ <package>
+ <name>py27-django-devel</name>
+ <name>py32-django-devel</name>
+ <name>py33-django-devel</name>
+ <name>py34-django-devel</name>
+ <range><le>20150709,1</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Tim Graham reports:</p>
+ <blockquote cite="https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/">
+ <p>If an application allows users to specify an unvalidated
+ format for dates and passes this format to the date filter, e.g. {{
+ last_updated|date:user_date_format }}, then a malicious user could
+ obtain any secret in the application's settings by specifying a settings
+ key instead of a date format. e.g. "SECRET_KEY" instead of "j/m/Y".</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/</url>
+ <cvename>CVE-2015-8213</cvename>
+ </references>
+ <dates>
+ <discovery>2015-11-24</discovery>
+ <entry>2015-11-30</entry>
+ <modified>2015-12-24</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="fb2475c2-9125-11e5-bd18-002590263bf5">
+ <topic>kibana4 -- CSRF vulnerability</topic>
+ <affects>
+ <package>
+ <name>kibana4</name>
+ <name>kibana41</name>
+ <range><ge>4.0.0</ge><lt>4.1.3</lt></range>
+ </package>
+ <package>
+ <name>kibana42</name>
+ <range><ge>4.2.0</ge><lt>4.2.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Elastic reports:</p>
+ <blockquote cite="https://www.elastic.co/community/security/">
+ <p>Vulnerability Summary: Kibana versions prior to 4.1.3 and 4.2.1
+ are vulnerable to a CSRF attack.</p>
+ <p>Remediation Summary: Users should upgrade to 4.1.3 or 4.2.1.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8131</cvename>
+ <url>https://www.elastic.co/community/security/</url>
+ </references>
+ <dates>
+ <discovery>2015-11-17</discovery>
+ <entry>2015-11-22</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e359051d-90bd-11e5-bd18-002590263bf5">
+ <topic>a2ps -- format string vulnerability</topic>
+ <affects>
+ <package>
+ <name>a2ps</name>
+ <range><lt>4.13b_8</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jong-Gwon Kim reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/11/16/4">
+ <p>When user runs a2ps with malicious crafted pro(a2ps prologue) file,
+ an attacker can execute arbitrary code.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8107</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2015/11/16/4</url>
+ </references>
+ <dates>
+ <discovery>2015-11-16</discovery>
+ <entry>2015-11-22</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="ecc268f2-8fc2-11e5-918c-bcaec565249c">
+ <topic>libxslt -- DoS vulnability due to type confusing error</topic>
+ <affects>
+ <package>
+ <name>libsxlt</name>
+ <range><lt>1.1.28_8</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>libxslt maintainer reports:</p>
+ <blockquote cite="https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617">
+ <p>CVE-2015-7995:
+ http://www.openwall.com/lists/oss-security/2015/10/27/10
+ We need to check that the parent node is an element before
+ dereferencing its namespace.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7995</cvename>
+ <url>https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617</url>
+ </references>
+ <dates>
+ <discovery>2015-10-29</discovery>
+ <entry>2015-11-20</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e5423caf-8fb8-11e5-918c-bcaec565249c">
+ <topic>libxml2 -- multiple vulnabilities</topic>
+ <affects>
+ <package>
+ <name>libxml2</name>
+ <range><lt>2.9.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>reports:</p>
+ <blockquote cite="http://xmlsoft.org/news.html">
+ <p>CVE-2015-5312 Another entity expansion issue (David Drysdale).</p>
+ <p>CVE-2015-7497 Avoid an heap buffer overflow in
+ xmlDictComputeFastQKey (David Drysdale).</p>
+ <p>CVE-2015-7498 Avoid processing entities after encoding
+ conversion failures (Daniel Veillard).</p>
+ <p>CVE-2015-7499 (1) Add xmlHaltParser() to stop the parser
+ (Daniel Veillard).</p>
+ <p>CVE-2015-7499 (2) Detect incoherency on GROW (Daniel
+ Veillard).</p>
+ <p>CVE-2015-7500 Fix memory access error due to incorrect
+ entities boundaries (Daniel Veillard).</p>
+ <p>CVE-2015-7941 (1) Stop parsing on entities boundaries
+ errors (Daniel Veillard).</p>
+ <p>CVE-2015-7941 (2) Cleanup conditional section error
+ handling (Daniel Veillard).</p>
+ <p>CVE-2015-7942 Another variation of overflow in
+ Conditional sections (Daniel Veillard).</p>
+ <p>CVE-2015-7942 (2) Fix an error in previous Conditional
+ section patch (Daniel Veillard).</p>
+ <p>CVE-2015-8035 Fix XZ compression support loop
+ (Daniel Veillard).</p>
+ <p>CVE-2015-8242 Buffer overead with HTML parser in push
+ mode (Hugh Davenport)</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-5312</cvename>
+ <cvename>CVE-2015-7497</cvename>
+ <cvename>CVE-2015-7498</cvename>
+ <cvename>CVE-2015-7499</cvename>
+ <cvename>CVE-2015-7500</cvename>
+ <cvename>CVE-2015-7941</cvename>
+ <cvename>CVE-2015-7942</cvename>
+ <cvename>CVE-2015-8035</cvename>
+ <cvename>CVE-2015-8241</cvename>
+ <cvename>CVE-2015-8242</cvename>
+ <url>http://xmlsoft.org/news.html</url>
+ <url>http://www.openwall.com/lists/oss-security/2015/11/18/23</url>
+ </references>
+ <dates>
+ <discovery>2015-11-20</discovery>
+ <entry>2015-11-20</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="9d04936c-75f1-4a2c-9ade-4c1708be5df9">
+ <topic>mozilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>nspr</name>
+ <range><lt>4.10.10</lt></range>
+ </package>
+ <package>
+ <name>nss</name>
+ <range><ge>3.20</ge><lt>3.20.1</lt></range>
+ <range><ge>3.19.3</ge><lt>3.19.4</lt></range>
+ <range><lt>3.19.2.1</lt></range>
+ </package>
+ <package>
+ <name>firefox</name>
+ <range><lt>42.0,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>42.0,1</lt></range>
+ </package>
+ <package>
+ <name>seamonkey</name>
+ <range><lt>2.39</lt></range>
+ </package>
+ <package>
+ <name>linux-seamonkey</name>
+ <range><lt>2.39</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>38.4.0,1</lt></range>
+ </package>
+ <package>
+ <name>libxul</name>
+ <range><lt>38.4.0</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><lt>38.4.0</lt></range>
+ </package>
+ <package>
+ <name>linux-thunderbird</name>
+ <range><lt>38.4.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Mozilla Project reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/">
+ <p>MFSA 2015-133 NSS and NSPR memory corruption issues</p>
+ <p>MFSA 2015-132 Mixed content WebSocket policy bypass
+ through workers</p>
+ <p>MFSA 2015-131 Vulnerabilities found through code
+ inspection</p>
+ <p>MFSA 2015-130 JavaScript garbage collection crash with
+ Java applet</p>
+ <p>MFSA 2015-129 Certain escaped characters in host of
+ Location-header are being treated as non-escaped</p>
+ <p>MFSA 2015-128 Memory corruption in libjar through zip
+ files</p>
+ <p>MFSA 2015-127 CORS preflight is bypassed when
+ non-standard Content-Type headers are received</p>
+ <p>MFSA 2015-126 Crash when accessing HTML tables with
+ accessibility tools on OS X</p>
+ <p>MFSA 2015-125 XSS attack through intents on Firefox for
+ Android</p>
+ <p>MFSA 2015-124 Android intents can be used on Firefox for
+ Android to open privileged files</p>
+ <p>MFSA 2015-123 Buffer overflow during image interactions
+ in canvas</p>
+ <p>MFSA 2015-122 Trailing whitespace in IP address hostnames
+ can bypass same-origin policy</p>
+ <p>MFSA 2015-121 Disabling scripts in Add-on SDK panels has
+ no effect</p>
+ <p>MFSA 2015-120 Reading sensitive profile files through
+ local HTML file on Android</p>
+ <p>MFSA 2015-119 Firefox for Android addressbar can be
+ removed after fullscreen mode</p>
+ <p>MFSA 2015-118 CSP bypass due to permissive Reader mode
+ whitelist</p>
+ <p>MFSA 2015-117 Information disclosure through NTLM
+ authentication</p>
+ <p>MFSA 2015-116 Miscellaneous memory safety hazards
+ (rv:42.0 / rv:38.4)</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-4513</cvename>
+ <cvename>CVE-2015-4514</cvename>
+ <cvename>CVE-2015-4515</cvename>
+ <cvename>CVE-2015-4518</cvename>
+ <cvename>CVE-2015-7181</cvename>
+ <cvename>CVE-2015-7182</cvename>
+ <cvename>CVE-2015-7183</cvename>
+ <cvename>CVE-2015-7185</cvename>
+ <cvename>CVE-2015-7186</cvename>
+ <cvename>CVE-2015-7187</cvename>
+ <cvename>CVE-2015-7188</cvename>
+ <cvename>CVE-2015-7189</cvename>
+ <cvename>CVE-2015-7190</cvename>
+ <cvename>CVE-2015-7191</cvename>
+ <cvename>CVE-2015-7192</cvename>
+ <cvename>CVE-2015-7193</cvename>
+ <cvename>CVE-2015-7194</cvename>
+ <cvename>CVE-2015-7195</cvename>
+ <cvename>CVE-2015-7196</cvename>
+ <cvename>CVE-2015-7197</cvename>
+ <cvename>CVE-2015-7198</cvename>
+ <cvename>CVE-2015-7199</cvename>
+ <cvename>CVE-2015-7200</cvename>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-116/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-117/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-118/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-119/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-120/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-121/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-122/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-123/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-124/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-125/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-126/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-127/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-128/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-129/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-130/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-131/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-132/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2015-133/</url>
+ </references>
+ <dates>
+ <discovery>2015-11-03</discovery>
+ <entry>2015-11-19</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="68847b20-8ddc-11e5-b69c-c86000169601">
+ <topic>gdm -- lock screen bypass when holding escape key</topic>
+ <affects>
+ <package>
+ <name>gdm</name>
+ <range><lt>3.16.2_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Ray Strode reports:</p>
+ <blockquote cite="https://mail.gnome.org/archives/ftp-release-list/2015-November/msg00074.html">
+ <p>CVE-2015-7496 - lock screen bypass when holding escape key.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7496</cvename>
+ <url>https://mail.gnome.org/archives/ftp-release-list/2015-November/msg00074.html</url>
+ <url>https://bugzilla.gnome.org/show_bug.cgi?id=758032</url>
+ </references>
+ <dates>
+ <discovery>2015-11-12</discovery>
+ <entry>2015-11-18</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="3eb0ccc2-8c6a-11e5-8519-005056ac623e">
+ <topic>strongswan -- authentication bypass vulnerability in the eap-mschapv2 plugin</topic>
+ <affects>
+ <package>
+ <name>strongswan</name>
+ <range><lt>5.3.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Strongswan Release Notes reports:</p>
+ <blockquote cite="https://github.com/strongswan/strongswan/blob/master/NEWS">
+ <p>Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin that
+ was caused by insufficient verification of the internal state when handling
+ MSCHAPv2 Success messages received by the client.
+ This vulnerability has been registered as CVE-2015-8023.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8023</cvename>
+ <url>https://github.com/strongswan/strongswan/commit/453e204ac40dfff2e0978e8f84a5f8ff0cbc45e2</url>
+ </references>
+ <dates>
+ <discovery>2015-11-16</discovery>
+ <entry>2015-11-16</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="82b3ca2a-8c07-11e5-bd18-002590263bf5">
+ <topic>moodle -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>moodle27</name>
+ <range><lt>2.7.11</lt></range>
+ </package>
+ <package>
+ <name>moodle28</name>
+ <range><lt>2.8.9</lt></range>
+ </package>
+ <package>
+ <name>moodle29</name>
+ <range><lt>2.9.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Moodle Release Notes report:</p>
+ <blockquote cite="https://docs.moodle.org/dev/Moodle_2.9.3_release_notes">
+ <p>MSA-15-0037 Possible to send a message to a user who blocked
+ messages from non contacts</p>
+ <p>MSA-15-0038 DDoS possibility in Atto</p>
+ <p>MSA-15-0039 CSRF in site registration form</p>
+ <p>MSA-15-0040 Student XSS in survey</p>
+ <p>MSA-15-0041 XSS in flash video player</p>
+ <p>MSA-15-0042 CSRF in lesson login form</p>
+ <p>MSA-15-0043 Web service core_enrol_get_enrolled_users does not
+ respect course group mode</p>
+ <p>MSA-15-0044 Capability to view available badges is not
+ respected</p>
+ <p>MSA-15-0045 SCORM module allows to bypass access restrictions based
+ on date</p>
+ <p>MSA-15-0046 Choice module closing date can be bypassed</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://docs.moodle.org/dev/Moodle_2.7.11_release_notes</url>
+ <url>https://docs.moodle.org/dev/Moodle_2.8.9_release_notes</url>
+ <url>https://docs.moodle.org/dev/Moodle_2.9.3_release_notes</url>
+ </references>
+ <dates>
+ <discovery>2015-11-09</discovery>
+ <entry>2015-11-16</entry>
+ <modified>2015-12-21</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="2cabfbab-8bfb-11e5-bd18-002590263bf5">
+ <topic>xen-kernel -- CPU lockup during exception delivery</topic>
+ <affects>
+ <package>
+ <name>xen-kernel</name>
+ <range><lt>4.5.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-156.html">
+ <p>A malicious HVM guest administrator can cause a denial of service.
+ Specifically, prevent use of a physical CPU for a significant,
+ perhaps indefinite period. If a host watchdog (Xen or dom0) is in
+ use, this can lead to a watchdog timeout and consequently a reboot
+ of the host. If another, innocent, guest, is configured with a
+ watchdog, this issue can lead to a reboot of such a guest.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-5307</cvename>
+ <cvename>CVE-2015-8104</cvename>
+ <url>http://xenbits.xen.org/xsa/advisory-156.html</url>
+ </references>
+ <dates>
+ <discovery>2015-11-10</discovery>
+ <entry>2015-11-16</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="1886e195-8b87-11e5-90e7-b499baebfeaf">
+ <topic>libpng buffer overflow in png_set_PLTE</topic>
+ <affects>
+ <package>
+ <name>png</name>
+ <range><lt>1.6.20</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>libpng reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/11/12/2">
+ <p>CVE for a vulnerability in libpng, all versions, in the
+ png_set_PLTE/png_get_PLTE functions. These functions failed to check for
+ an out-of-range palette when reading or writing PNG files with a bit_depth
+ less than 8. Some applications might read the bit depth from the IHDR
+ chunk and allocate memory for a 2^N entry palette, while libpng can return
+ a palette with up to 256 entries even when the bit depth is less than 8.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.openwall.com/lists/oss-security/2015/11/12/2</url>
+ <url>http://www.openwall.com/lists/oss-security/2015/12/03/6</url>
+ <cvename>CVE-2015-8126</cvename>
+ <cvename>CVE-2015-8472</cvename>
+ </references>
+ <dates>
+ <discovery>2015-11-15</discovery>
+ <entry>2015-11-15</entry>
+ <modified>2015-12-08</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="547fbd98-8b1f-11e5-b48b-bcaec565249c">
+ <topic>flash -- multiple vulnabilities</topic>
+ <affects>
+ <package>
+ <name>linux-c6-flashplugin</name>
+ <name>linux-f10-flashplugin</name>
+ <name>linux-c6_64-flashplugin</name>
+ <range><lt>11.2r202.548</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Adobe reports:</p>
+ <blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb15-28.html">
+ <p>These updates resolve a type confusion vulnerability that
+ could lead to code execution (CVE-2015-7659).</p>
+
+ <p>These updates resolve a security bypass vulnerability that
+ could be exploited to write arbitrary data to the file
+ system under user permissions (CVE-2015-7662).</p>
+
+ <p>These updates resolve use-after-free vulnerabilities that
+ could lead to code execution (CVE-2015-7651, CVE-2015-7652,
+ CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656,
+ CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661,
+ CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044,
+ CVE-2015-8046).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://helpx.adobe.com/security/products/flash-player/apsb15-28.html</url>
+ <cvename>CVE-2015-7651</cvename>
+ <cvename>CVE-2015-7652</cvename>
+ <cvename>CVE-2015-7653</cvename>
+ <cvename>CVE-2015-7654</cvename>
+ <cvename>CVE-2015-7655</cvename>
+ <cvename>CVE-2015-7656</cvename>
+ <cvename>CVE-2015-7657</cvename>
+ <cvename>CVE-2015-7658</cvename>
+ <cvename>CVE-2015-7659</cvename>
+ <cvename>CVE-2015-7660</cvename>
+ <cvename>CVE-2015-7661</cvename>
+ <cvename>CVE-2015-7662</cvename>
+ <cvename>CVE-2015-7663</cvename>
+ <cvename>CVE-2015-8043</cvename>
+ <cvename>CVE-2015-8044</cvename>
+ <cvename>CVE-2015-8046</cvename>
+ </references>
+ <dates>
+ <discovery>2015-11-10</discovery>
+ <entry>2015-11-14</entry>
+ </dates>
+ </vuln>
+
<vuln vid="f0b9049f-88c4-11e5-aed7-00262d5ed8ee">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>
@@ -1207,6 +7095,15 @@
</body>
</description>
<references>
+ <cvename>CVE-2015-8001</cvename>
+ <cvename>CVE-2015-8002</cvename>
+ <cvename>CVE-2015-8003</cvename>
+ <cvename>CVE-2015-8004</cvename>
+ <cvename>CVE-2015-8005</cvename>
+ <cvename>CVE-2015-8006</cvename>
+ <cvename>CVE-2015-8007</cvename>
+ <cvename>CVE-2015-8008</cvename>
+ <cvename>CVE-2015-8009</cvename>
<url>https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html</url>
<url>https://phabricator.wikimedia.org/T91203</url>
<url>https://phabricator.wikimedia.org/T91205</url>
@@ -1213,10 +7110,12 @@
<url>https://phabricator.wikimedia.org/T91850</url>
<url>https://phabricator.wikimedia.org/T95589</url>
<url>https://phabricator.wikimedia.org/T108616</url>
+ <url>http://www.openwall.com/lists/oss-security/2015/10/29/14</url>
</references>
<dates>
<discovery>2015-10-16</discovery>
<entry>2015-10-23</entry>
+ <modified>2015-12-24</modified>
</dates>
</vuln>
@@ -1372,11 +7271,14 @@
</body>
</description>
<references>
+ <cvename>CVE-2015-7545</cvename>
<url>https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.6.1.txt</url>
+ <url>http://www.openwall.com/lists/oss-security/2015/12/11/7</url>
</references>
<dates>
<discovery>2015-09-23</discovery>
<entry>2015-10-19</entry>
+ <modified>2015-12-12</modified>
</dates>
</vuln>
@@ -4387,7 +10289,7 @@
<affects>
<package>
<name>openssh-portable</name>
- <range><lt>7.0p1,1</lt></range>
+ <range><lt>7.0.p1,1</lt></range>
</package>
</affects>
<description>
@@ -4411,6 +10313,7 @@
<dates>
<discovery>2015-08-11</discovery>
<entry>2015-08-21</entry>
+ <modified>2016-01-15</modified>
</dates>
</vuln>
@@ -5016,14 +10919,27 @@
</body>
</description>
<references>
+ <cvename>CVE-2015-6727</cvename>
+ <cvename>CVE-2013-7444</cvename>
+ <cvename>CVE-2015-6728</cvename>
+ <cvename>CVE-2015-6729</cvename>
+ <cvename>CVE-2015-6730</cvename>
+ <cvename>CVE-2015-6731</cvename>
+ <cvename>CVE-2015-6733</cvename>
+ <cvename>CVE-2015-6734</cvename>
+ <cvename>CVE-2015-6735</cvename>
+ <cvename>CVE-2015-6736</cvename>
+ <cvename>CVE-2015-6737</cvename>
<url>https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html</url>
<url>https://phabricator.wikimedia.org/T106893</url>
<url>https://phabricator.wikimedia.org/T94116</url>
<url>https://phabricator.wikimedia.org/T97391</url>
+ <url>http://www.openwall.com/lists/oss-security/2015/08/27/6</url>
</references>
<dates>
<discovery>2015-08-10</discovery>
<entry>2015-08-14</entry>
+ <modified>2015-12-24</modified>
</dates>
</vuln>
@@ -6380,6 +12296,10 @@
<topic>php-phar -- multiple vulnerabilities</topic>
<affects>
<package>
+ <name>php56-phar</name>
+ <range><lt>5.6.11</lt></range>
+ </package>
+ <package>
<name>php55-phar</name>
<range><lt>5.5.27</lt></range>
</package>
@@ -6409,6 +12329,7 @@
<dates>
<discovery>2015-06-24</discovery>
<entry>2015-07-18</entry>
+ <modified>2015-12-18</modified>
</dates>
</vuln>
@@ -8569,7 +14490,7 @@
</package>
<package>
<name>linux-c6-libxml2</name>
- <range><ge>*</ge></range>
+ <range><lt>2.7.6_5</lt></range>
</package>
<package>
<name>linux-f10-libxml2</name>
@@ -8595,7 +14516,7 @@
<dates>
<discovery>2015-04-14</discovery>
<entry>2015-07-01</entry>
- <modified>2015-07-15</modified>
+ <modified>2016-01-31</modified>
</dates>
</vuln>
@@ -11610,8 +17531,7 @@
</package>
<package>
<name>exact-image</name>
- <!-- no known fixed version -->
- <range><ge>0</ge></range>
+ <range><lt>0.9.1</lt></range>
</package>
<package>
<name>flphoto</name>
@@ -11620,8 +17540,7 @@
</package>
<package>
<name>freeimage</name>
- <!-- no known fixed version -->
- <range><ge>3.13.0</ge></range>
+ <range><ge>3.13.0</ge><lt>3.16.0_1</lt></range>
</package>
<package>
<name>kodi</name>
@@ -11678,7 +17597,7 @@
<dates>
<discovery>2015-04-24</discovery>
<entry>2015-05-15</entry>
- <modified>2015-09-18</modified>
+ <modified>2016-01-08</modified>
</dates>
</vuln>
@@ -13452,6 +19371,10 @@
<name>x86_64-pc-mingw32-binutils</name>
<range><lt>2.25</lt></range>
</package>
+ <package>
+ <name>m6811-binutils</name>
+ <range><lt>2.25</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -13491,6 +19414,7 @@
<dates>
<discovery>2014-12-09</discovery>
<entry>2015-03-24</entry>
+ <modified>2016-01-08</modified>
</dates>
</vuln>
@@ -13680,11 +19604,11 @@
</package>
<package>
<name>linux-c6-xorg-libs</name>
- <range><ge>*</ge></range>
+ <range><lt>7.4_4</lt></range>
</package>
<package>
<name>linux-f10-xorg-libs</name>
- <range><ge>*</ge></range>
+ <range><lt>7.4_4</lt></range>
</package>
</affects>
<description>
@@ -13715,7 +19639,7 @@
<dates>
<discovery>2015-03-17</discovery>
<entry>2015-03-18</entry>
- <modified>2015-07-15</modified>
+ <modified>2016-01-31</modified>
</dates>
</vuln>
More information about the Midnightbsd-cvs
mailing list