[Midnightbsd-cvs] mports [21041] trunk/security/vuxml/vuln.xml: update vulnerability list
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Tue Mar 1 16:15:58 EST 2016
Revision: 21041
http://svnweb.midnightbsd.org/mports/?rev=21041
Author: laffer1
Date: 2016-03-01 16:15:58 -0500 (Tue, 01 Mar 2016)
Log Message:
-----------
update vulnerability list
Modified Paths:
--------------
trunk/security/vuxml/vuln.xml
Modified: trunk/security/vuxml/vuln.xml
===================================================================
--- trunk/security/vuxml/vuln.xml 2016-03-01 21:14:55 UTC (rev 21040)
+++ trunk/security/vuxml/vuln.xml 2016-03-01 21:15:58 UTC (rev 21041)
@@ -28,7 +28,7 @@
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- $FreeBSD: head/security/vuxml/vuln.xml 407689 2016-02-01 07:37:58Z jbeich $
+ $FreeBSD: head/security/vuxml/vuln.xml 409851 2016-03-01 07:30:20Z matthew $
QUICK GUIDE TO ADDING A NEW ENTRY
@@ -53,11 +53,2038 @@
Help is also available from ports-security at freebsd.org.
Notes:
+
* Please add new entries to the beginning of this file.
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="f682a506-df7c-11e5-81e4-6805ca0b3d42">
+ <topic>phpmyadmin -- multiple XSS and a man-in-the-middle vulnerability</topic>
+ <affects>
+ <package>
+ <name>phpmyadmin</name>
+ <range><ge>4.5.0</ge><lt>4.5.5.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The phpMyAdmin development team reports:</p>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-10/">
+ <p>XSS vulnerability in SQL parser.</p>
+ <p>Using a crafted SQL query, it is possible to trigger an XSS
+ attack through the SQL query page.</p>
+ <p>We consider this vulnerability to be non-critical.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-11/">
+ <p>Multiple XSS vulnerabilities.</p>
+ <p>By sending a specially crafted URL as part of the HOST
+ header, it is possible to trigger an XSS attack.</p>
+ <p>A weakness was found that allows an XSS attack with Internet
+ Explorer versions older than 8 and Safari on Windows using a
+ specially crafted URL.</p>
+ <p>Using a crafted SQL query, it is possible to trigger an XSS
+ attack through the SQL query page.</p>
+ <p>Using a crafted parameter value, it is possible to trigger
+ an XSS attack in user accounts page.</p>
+ <p>Using a crafted parameter value, it is possible to trigger
+ an XSS attack in zoom search page.</p>
+ <p>We consider this vulnerability to be non-critical.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-12/">
+ <p>Multiple XSS vulnerabilities.</p>
+ <p>With a crafted table/column name it is possible to trigger
+ an XSS attack in the database normalization page.</p>
+ <p>With a crafted parameter it is possible to trigger an XSS
+ attack in the database structure page.</p>
+ <p>With a crafted parameter it is possible to trigger an XSS
+ attack in central columns page.</p>
+ <p>We consider this vulnerability to be non-critical.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-13/">
+ <p>Vulnerability allowing man-in-the-middle attack on API
+ call to GitHub.</p>
+ <p>A vulnerability in the API call to GitHub can be exploited
+ to perform a man-in-the-middle attack.</p>
+ <p>We consider this vulnerability to be serious.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-10/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-11/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-12/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-13/</url>
+ <cvename>CVE-2016-2559</cvename>
+ <cvename>CVE-2016-2560</cvename>
+ <cvename>CVE-2016-2561</cvename>
+ <cvename>CVE-2016-2562</cvename>
+ </references>
+ <dates>
+ <discovery>2016-02-29</discovery>
+ <entry>2016-03-01</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="45117749-df55-11e5-b2bd-002590263bf5">
+ <topic>wireshark -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>wireshark</name>
+ <name>wireshark-lite</name>
+ <name>wireshark-qt5</name>
+ <name>tshark</name>
+ <name>tshark-lite</name>
+ <range><lt>2.0.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Wireshark development team reports:</p>
+ <blockquote cite="https://www.wireshark.org/docs/relnotes/wireshark-2.0.2.html">
+ <p>The following vulnerabilities have been fixed:</p>
+ <ul>
+ <li><p>wnpa-sec-2016-02</p>
+ <p>ASN.1 BER dissector crash. (Bug 11828) CVE-2016-2522</p></li>
+ <li><p>wnpa-sec-2016-03</p>
+ <p>DNP dissector infinite loop. (Bug 11938) CVE-2016-2523</p></li>
+ <li><p>wnpa-sec-2016-04</p>
+ <p>X.509AF dissector crash. (Bug 12002) CVE-2016-2524</p></li>
+ <li><p>wnpa-sec-2016-05</p>
+ <p>HTTP/2 dissector crash. (Bug 12077) CVE-2016-2525</p></li>
+ <li><p>wnpa-sec-2016-06</p>
+ <p>HiQnet dissector crash. (Bug 11983) CVE-2016-2526</p></li>
+ <li><p>wnpa-sec-2016-07</p>
+ <p>3GPP TS 32.423 Trace file parser crash. (Bug 11982)
+ </p>CVE-2016-2527</li>
+ <li><p>wnpa-sec-2016-08</p>
+ <p>LBMC dissector crash. (Bug 11984) CVE-2016-2528</p></li>
+ <li><p>wnpa-sec-2016-09</p>
+ <p>iSeries file parser crash. (Bug 11985) CVE-2016-2529</p></li>
+ <li><p>wnpa-sec-2016-10</p>
+ <p>RSL dissector crash. (Bug 11829) CVE-2016-2530
+ CVE-2016-2531</p></li>
+ <li><p>wnpa-sec-2016-11</p>
+ <p>LLRP dissector crash. (Bug 12048) CVE-2016-2532</p></li>
+ <li><p>wnpa-sec-2016-12</p>
+ <p>Ixia IxVeriWave file parser crash. (Bug 11795)</p></li>
+ <li><p>wnpa-sec-2016-13</p>
+ <p>IEEE 802.11 dissector crash. (Bug 11818)</p></li>
+ <li><p>wnpa-sec-2016-14</p>
+ <p>GSM A-bis OML dissector crash. (Bug 11825)</p></li>
+ <li><p>wnpa-sec-2016-15</p>
+ <p>ASN.1 BER dissector crash. (Bug 12106)</p></li>
+ <li><p>wnpa-sec-2016-16</p>
+ <p>SPICE dissector large loop. (Bug 12151)</p></li>
+ <li><p>wnpa-sec-2016-17</p>
+ <p>NFS dissector crash.</p></li>
+ <li><p>wnpa-sec-2016-18</p>
+ <p>ASN.1 BER dissector crash. (Bug 11822)</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2522</cvename>
+ <cvename>CVE-2016-2523</cvename>
+ <cvename>CVE-2016-2524</cvename>
+ <cvename>CVE-2016-2525</cvename>
+ <cvename>CVE-2016-2526</cvename>
+ <cvename>CVE-2016-2527</cvename>
+ <cvename>CVE-2016-2528</cvename>
+ <cvename>CVE-2016-2529</cvename>
+ <cvename>CVE-2016-2530</cvename>
+ <cvename>CVE-2016-2531</cvename>
+ <cvename>CVE-2016-2532</cvename>
+ <url>https://www.wireshark.org/docs/relnotes/wireshark-2.0.1.html</url>
+ </references>
+ <dates>
+ <discovery>2016-02-26</discovery>
+ <entry>2016-03-01</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="42c2c422-df55-11e5-b2bd-002590263bf5">
+ <topic>wireshark -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>wireshark</name>
+ <name>wireshark-lite</name>
+ <name>wireshark-qt5</name>
+ <name>tshark</name>
+ <name>tshark-lite</name>
+ <range><lt>2.0.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Wireshark development team reports:</p>
+ <blockquote cite="https://www.wireshark.org/docs/relnotes/wireshark-2.0.1.html">
+ <p>The following vulnerabilities have been fixed:</p>
+ <ul>
+ <li><p>wnpa-sec-2015-31</p>
+ <p>NBAP dissector crashes. (Bug 11602, Bug 11835, Bug 11841)</p>
+ </li>
+ <li><p>wnpa-sec-2015-37</p>
+ <p>NLM dissector crash.</p></li>
+ <li><p>wnpa-sec-2015-39</p>
+ <p>BER dissector crash.</p></li>
+ <li><p>wnpa-sec-2015-40</p>
+ <p>Zlib decompression crash. (Bug 11548)</p></li>
+ <li><p>wnpa-sec-2015-41</p>
+ <p>SCTP dissector crash. (Bug 11767)</p></li>
+ <li><p>wnpa-sec-2015-42</p>
+ <p>802.11 decryption crash. (Bug 11790, Bug 11826)</p></li>
+ <li><p>wnpa-sec-2015-43</p>
+ <p>DIAMETER dissector crash. (Bug 11792)</p></li>
+ <li><p>wnpa-sec-2015-44</p>
+ <p>VeriWave file parser crashes. (Bug 11789, Bug 11791)</p></li>
+ <li><p>wnpa-sec-2015-45</p>
+ <p>RSVP dissector crash. (Bug 11793)</p></li>
+ <li><p>wnpa-sec-2015-46</p>
+ <p>ANSI A and GSM A dissector crashes. (Bug 11797)</p></li>
+ <li><p>wnpa-sec-2015-47</p>
+ <p>Ascend file parser crash. (Bug 11794)</p></li>
+ <li><p>wnpa-sec-2015-48</p>
+ <p>NBAP dissector crash. (Bug 11815)</p></li>
+ <li><p>wnpa-sec-2015-49</p>
+ <p>RSL dissector crash. (Bug 11829)</p></li>
+ <li><p>wnpa-sec-2015-50</p>
+ <p>ZigBee ZCL dissector crash. (Bug 11830)</p></li>
+ <li><p>wnpa-sec-2015-51</p>
+ <p>Sniffer file parser crash. (Bug 11827)</p></li>
+ <li><p>wnpa-sec-2015-52</p>
+ <p>NWP dissector crash. (Bug 11726)</p></li>
+ <li><p>wnpa-sec-2015-53</p>
+ <p>BT ATT dissector crash. (Bug 11817)</p></li>
+ <li><p>wnpa-sec-2015-54</p>
+ <p>MP2T file parser crash. (Bug 11820)</p></li>
+ <li><p>wnpa-sec-2015-55</p>
+ <p>MP2T file parser crash. (Bug 11821)</p></li>
+ <li><p>wnpa-sec-2015-56</p>
+ <p>S7COMM dissector crash. (Bug 11823)</p></li>
+ <li><p>wnpa-sec-2015-57</p>
+ <p>IPMI dissector crash. (Bug 11831)</p></li>
+ <li><p>wnpa-sec-2015-58</p>
+ <p>TDS dissector crash. (Bug 11846)</p></li>
+ <li><p>wnpa-sec-2015-59</p>
+ <p>PPI dissector crash. (Bug 11876)</p></li>
+ <li><p>wnpa-sec-2015-60</p>
+ <p>MS-WSP dissector crash. (Bug 11931)</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.wireshark.org/docs/relnotes/wireshark-2.0.1.html</url>
+ </references>
+ <dates>
+ <discovery>2015-12-29</discovery>
+ <entry>2016-03-01</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7bbc3016-de63-11e5-8fa8-14dae9d210b8">
+ <topic>tomcat -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>tomcat7</name>
+ <range><lt>7.0.68</lt></range>
+ </package>
+ <package>
+ <name>tomcat8</name>
+ <range><lt>8.0.30</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mark Thomas reports:</p>
+ <blockquote cite="http://mail-archives.apache.org/mod_mbox/www-announce/201602.mbox/%3c56CAEF96.7070701@apache.org%3e">
+ <ul>
+ <li><p>CVE-2015-5346 Apache Tomcat Session fixation</p></li>
+ <li><p>CVE-2015-5351 Apache Tomcat CSRF token leak</p></li>
+ <li><p>CVE-2016-0763 Apache Tomcat Security Manager Bypass</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://mail-archives.apache.org/mod_mbox/www-announce/201602.mbox/%3c56CAEF96.7070701@apache.org%3e</url>
+ <url>http://mail-archives.apache.org/mod_mbox/www-announce/201602.mbox/%3c56CAEF7B.1010901@apache.org%3e</url>
+ <url>http://mail-archives.apache.org/mod_mbox/www-announce/201602.mbox/%3c56CAEFB2.9030605@apache.org%3e</url>
+ <cvename>CVE-2015-5346</cvename>
+ <cvename>CVE-2015-5351</cvename>
+ <cvename>CVE-2016-0763</cvename>
+ </references>
+ <dates>
+ <discovery>2016-02-22</discovery>
+ <entry>2016-02-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="1f1124fe-de5c-11e5-8fa8-14dae9d210b8">
+ <topic>tomcat -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>tomcat6</name>
+ <range><lt>6.0.45</lt></range>
+ </package>
+ <package>
+ <name>tomcat7</name>
+ <range><lt>7.0.68</lt></range>
+ </package>
+ <package>
+ <name>tomcat8</name>
+ <range><lt>8.0.30</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mark Thomas reports:</p>
+ <blockquote cite="http://mail-archives.apache.org/mod_mbox/www-announce/201602.mbox/%3c56CAEF96.7070701@apache.org%3e">
+ <ul>
+ <li><p>CVE-2015-5345 Apache Tomcat Directory disclosure</p></li>
+ <li><p>CVE-2016-0706 Apache Tomcat Security Manager bypass</p></li>
+ <li><p>CVE-2016-0714 Apache Tomcat Security Manager Bypass</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://mail-archives.apache.org/mod_mbox/www-announce/201602.mbox/%3c56CAEF96.7070701@apache.org%3e</url>
+ <url>http://mail-archives.apache.org/mod_mbox/www-announce/201602.mbox/%3c56CAEF6A.70703@apache.org%3e</url>
+ <url>http://mail-archives.apache.org/mod_mbox/www-announce/201602.mbox/%3c56CAEF4F.5090003@apache.org%3e</url>
+ <cvename>CVE-2015-5345</cvename>
+ <cvename>CVE-2015-5346</cvename>
+ <cvename>CVE-2016-0706</cvename>
+ <cvename>CVE-2016-0714</cvename>
+ </references>
+ <dates>
+ <discovery>2016-02-22</discovery>
+ <entry>2016-02-28</entry>
+ <modified>2016-02-28</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="a7f2e9c6-de20-11e5-8458-6cc21735f730">
+ <topic>xerces-c3 -- Parser Crashes on Malformed Input</topic>
+ <affects>
+ <package>
+ <name>xerces-c3</name>
+ <range><lt>3.1.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Apache Software Foundation reports:</p>
+ <blockquote cite="http://xerces.apache.org/xerces-c/secadv/CVE-2016-0729.txt">
+ <p>The Xerces-C XML parser mishandles certain kinds of malformed input
+ documents, resulting in buffer overlows during processing and error
+ reporting. The overflows can manifest as a segmentation fault or as
+ memory corruption during a parse operation. The bugs allow for a
+ denial of service attack in many applications by an unauthenticated
+ attacker, and could conceivably result in remote code execution.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-0729</cvename>
+ <url>http://xerces.apache.org/xerces-c/secadv/CVE-2016-0729.txt</url>
+ </references>
+ <dates>
+ <discovery>2016-02-25</discovery>
+ <entry>2016-02-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6b1d8a39-ddb3-11e5-8fa8-14dae9d210b8">
+ <topic>django -- regression in permissions model</topic>
+ <affects>
+ <package>
+ <name>py27-django19</name>
+ <name>py33-django19</name>
+ <name>py34-django19</name>
+ <name>py35-django19</name>
+ <range><lt>1.9.2</lt></range>
+ </package>
+ <package>
+ <name>py27-django-devel</name>
+ <name>py33-django-devel</name>
+ <name>py34-django-devel</name>
+ <name>py35-django-devel</name>
+ <range><le>20150709,1</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Tim Graham reports:</p>
+ <blockquote cite="https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189/">
+ <p>User with "change" but not "add" permission can create
+ objects for ModelAdmin’s with save_as=True</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189/</url>
+ <cvename>CVE-2016-2048</cvename>
+ </references>
+ <dates>
+ <discovery>2016-02-01</discovery>
+ <entry>2016-02-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="81f9d6a4-ddaf-11e5-b2bd-002590263bf5">
+ <topic>xen-kernel -- VMX: guest user mode may crash guest with non-canonical RIP</topic>
+ <affects>
+ <package>
+ <name>xen-kernel</name>
+ <range><lt>4.5.2_2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-170.html">
+ <p>VMX refuses attempts to enter a guest with an instruction pointer
+ which doesn't satisfy certain requirements. In particular, the
+ instruction pointer needs to be canonical when entering a guest
+ currently in 64-bit mode. This is the case even if the VM entry
+ information specifies an exception to be injected immediately (in
+ which case the bad instruction pointer would possibly never get used
+ for other than pushing onto the exception handler's stack).
+ Provided the guest OS allows user mode to map the virtual memory
+ space immediately below the canonical/non-canonical address
+ boundary, a non-canonical instruction pointer can result even from
+ normal user mode execution. VM entry failure, however, is fatal to
+ the guest.</p>
+ <p>Malicious HVM guest user mode code may be able to crash the
+ guest.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2271</cvename>
+ <url>http://xenbits.xen.org/xsa/advisory-170.html</url>
+ </references>
+ <dates>
+ <discovery>2016-02-17</discovery>
+ <entry>2016-02-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="80adc394-ddaf-11e5-b2bd-002590263bf5">
+ <topic>xen-kernel -- VMX: intercept issue with INVLPG on non-canonical address</topic>
+ <affects>
+ <package>
+ <name>xen-kernel</name>
+ <range><ge>3.3</ge><lt>4.5.2_2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-168.html">
+ <p>While INVLPG does not cause a General Protection Fault when used on
+ a non-canonical address, INVVPID in its "individual address"
+ variant, which is used to back the intercepted INVLPG in certain
+ cases, fails in such cases. Failure of INVVPID results in a
+ hypervisor bug check.</p>
+ <p>A malicious guest can crash the host, leading to a Denial of
+ Service.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1571</cvename>
+ <url>http://xenbits.xen.org/xsa/advisory-168.html</url>
+ </references>
+ <dates>
+ <discovery>2016-01-20</discovery>
+ <entry>2016-02-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7ed7c36f-ddaf-11e5-b2bd-002590263bf5">
+ <topic>xen-kernel -- PV superpage functionality missing sanity checks</topic>
+ <affects>
+ <package>
+ <name>xen-kernel</name>
+ <range><eq>3.4.0</eq></range>
+ <range><eq>3.4.1</eq></range>
+ <range><ge>4.1</ge><lt>4.5.2_2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-167.html">
+ <p>The PV superpage functionality lacks certain validity checks on
+ data being passed to the hypervisor by guests. This is the case
+ for the page identifier (MFN) passed to MMUEXT_MARK_SUPER and
+ MMUEXT_UNMARK_SUPER sub-ops of the HYPERVISOR_mmuext_op hypercall as
+ well as for various forms of page table updates.</p>
+ <p>Use of the feature, which is disabled by default, may have unknown
+ effects, ranging from information leaks through Denial of Service to
+ privilege escalation.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1570</cvename>
+ <url>http://xenbits.xen.org/xsa/advisory-167.html</url>
+ </references>
+ <dates>
+ <discovery>2016-01-20</discovery>
+ <entry>2016-02-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="2d299950-ddb0-11e5-8fa8-14dae9d210b8">
+ <topic>moodle -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>moodle28</name>
+ <range><lt>2.8.10</lt></range>
+ </package>
+ <package>
+ <name>moodle29</name>
+ <range><lt>2.9.4</lt></range>
+ </package>
+ <package>
+ <name>moodle30</name>
+ <range><lt>3.0.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Marina Glancy reports:</p>
+ <blockquote cite="https://moodle.org/security/">
+ <ul>
+ <li><p>MSA-16-0001: Two enrolment-related web services don't
+ check course visibility</p></li>
+ <li><p>MSA-16-0002: XSS Vulnerability in course management
+ search</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://moodle.org/security/</url>
+ <cvename>CVE-2016-0724</cvename>
+ <cvename>CVE-2016-0725</cvename>
+ </references>
+ <dates>
+ <discovery>2016-01-18</discovery>
+ <entry>2016-02-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6540c8f0-dca3-11e5-8fa8-14dae9d210b8">
+ <topic>pitivi -- code execution</topic>
+ <affects>
+ <package>
+ <name>pitivi</name>
+ <range><lt>0.95</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Luke Farone reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2015/12/23/8">
+ <p>Double-clicking a file in the user's media library with a
+ specially-crafted path or filename allows for arbitrary code execution
+ with the permissions of the user running Pitivi.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.openwall.com/lists/oss-security/2015/12/23/8</url>
+ <url>https://git.gnome.org/browse/pitivi/commit/?id=45a4c84edb3b4343f199bba1c65502e3f49f5bb2</url>
+ <cvename>CVE-2015-0855</cvename>
+ </references>
+ <dates>
+ <discovery>2015-09-13</discovery>
+ <entry>2016-02-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="90c8385a-dc9f-11e5-8fa8-14dae9d210b8">
+ <topic>giflib -- heap overflow</topic>
+ <affects>
+ <package>
+ <name>giflib</name>
+ <range><lt>5.1.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Hans Jerry Illikainen reports:</p>
+ <blockquote cite="http://seclists.org/bugtraq/2015/Dec/114">
+ <p>A heap overflow may occur in the giffix utility included in
+ giflib-5.1.1 when processing records of the type
+ `IMAGE_DESC_RECORD_TYPE' due to the allocated size of `LineBuffer'
+ equaling the value of the logical screen width, `GifFileIn->SWidth',
+ while subsequently having `GifFileIn->Image.Width' bytes of data written
+ to it.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://seclists.org/bugtraq/2015/Dec/114</url>
+ <cvename>CVE-2015-7555</cvename>
+ </references>
+ <dates>
+ <discovery>2015-12-21</discovery>
+ <entry>2016-02-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="59a0af97-dbd4-11e5-8fa8-14dae9d210b8">
+ <topic>drupal -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>drupal6</name>
+ <range><lt>6.38</lt></range>
+ </package>
+ <package>
+ <name>drupal7</name>
+ <range><lt>7.43</lt></range>
+ </package>
+ <package>
+ <name>drupal8</name>
+ <range><lt>8.0.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Drupal Security Team reports:</p>
+ <blockquote cite="https://www.drupal.org/SA-CORE-2016-001">
+ <ul>
+ <li><p>File upload access bypass and denial of service (File
+ module - Drupal 7 and 8 - Moderately Critical)</p></li>
+ <li><p>Brute force amplification attacks via XML-RPC (XML-RPC
+ server - Drupal 6 and 7 - Moderately Critical)</p></li>
+ <li><p>Open redirect via path manipulation (Base system -
+ Drupal 6, 7 and 8 - Moderately Critical) </p></li>
+ <li><p>Form API ignores access restrictions on submit buttons
+ (Form API - Drupal 6 - Critical)</p></li>
+ <li><p>HTTP header injection using line breaks (Base system -
+ Drupal 6 - Moderately Critical)</p></li>
+ <li><p>Open redirect via double-encoded 'destination'
+ parameter (Base system - Drupal 6 - Moderately Critical)</p></li>
+ <li><p>Reflected file download vulnerability (System module -
+ Drupal 6 and 7 - Moderately Critical)</p></li>
+ <li><p>Saving user accounts can sometimes grant the user all
+ roles (User module - Drupal 6 and 7 - Less Critical)</p></li>
+ <li><p>Email address can be matched to an account (User module
+ - Drupal 7 and 8 - Less Critical)</p></li>
+ <li><p>Session data truncation can lead to unserialization of
+ user provided data (Base system - Drupal 6 - Less Critical)</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.drupal.org/SA-CORE-2016-001</url>
+ </references>
+ <dates>
+ <discovery>2016-02-24</discovery>
+ <entry>2016-02-25</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7e01df39-db7e-11e5-b937-00e0814cab4e">
+ <topic>jenkins -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>jenkins</name>
+ <range><le>1.650</le></range>
+ </package>
+ <package>
+ <name>jenkins-lts</name>
+ <range><le>1.642.2</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jenkins Security Advisory:</p>
+ <blockquote cite="https://wiki.jenkins-ci.org/display/SECURITY/Security+Advisory+2016-02-24">
+ <h1>Description</h1>
+ <h5>SECURITY-232 / CVE-2016-0788(Remote code execution vulnerability in remoting module)</h5>
+ <p>A vulnerability in the Jenkins remoting module allowed
+ unauthenticated remote attackers to open a JRMP listener on the
+ server hosting the Jenkins master process, which allowed arbitrary
+ code execution.</p>
+ <h5>SECURITY-238 / CVE-2016-0789(HTTP response splitting vulnerability)</h5>
+ <p>An HTTP response splitting vulnerability in the CLI command
+ documentation allowed attackers to craft Jenkins URLs that serve
+ malicious content.</p>
+ <h5>SECURITY-241 / CVE-2016-0790(Non-constant time comparison of API token)</h5>
+ <p>The verification of user-provided API tokens with the expected
+ value did not use a constant-time comparison algorithm, potentially
+ allowing attackers to use statistical methods to determine valid
+ API tokens using brute-force methods.</p>
+ <h5>SECURITY-245 / CVE-2016-0791(Non-constant time comparison of CSRF crumbs)</h5>
+ <p>The verification of user-provided CSRF crumbs with the expected
+ value did not use a constant-time comparison algorithm, potentially
+ allowing attackers to use statistical methods to determine valid
+ CSRF crumbs using brute-force methods.</p>
+ <h5>SECURITY-247 / CVE-2016-0792(Remote code execution through remote API)</h5>
+ <p>Jenkins has several API endpoints that allow low-privilege users
+ to POST XML files that then get deserialized by Jenkins.
+ Maliciously crafted XML files sent to these API endpoints could
+ result in arbitrary code execution.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://wiki.jenkins-ci.org/display/SECURITY/Security+Advisory+2016-02-24</url>
+ </references>
+ <dates>
+ <discovery>2016-02-24</discovery>
+ <entry>2016-02-25</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="660ebbf5-daeb-11e5-b2bd-002590263bf5">
+ <topic>squid -- remote DoS in HTTP response processing</topic>
+ <affects>
+ <package>
+ <name>squid</name>
+ <range><lt>3.5.15</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Squid security advisory 2016:2 reports:</p>
+ <blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2016_2.txt">
+ <p>Due to incorrect bounds checking Squid is vulnerable to a denial
+ of service attack when processing HTTP responses.</p>
+ <p>These problems allow remote servers delivering certain unusual
+ HTTP response syntax to trigger a denial of service for all
+ clients accessing the Squid service.</p>
+ <p>HTTP responses containing malformed headers that trigger this
+ issue are becoming common. We are not certain at this time if
+ that is a sign of malware or just broken server scripting.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2569</cvename>
+ <cvename>CVE-2016-2570</cvename>
+ <cvename>CVE-2016-2571</cvename>
+ <freebsdpr>ports/207454</freebsdpr>
+ <url>http://www.squid-cache.org/Advisories/SQUID-2016_2.txt</url>
+ <url>http://www.openwall.com/lists/oss-security/2016/02/24/12</url>
+ </references>
+ <dates>
+ <discovery>2016-02-24</discovery>
+ <entry>2016-02-24</entry>
+ <modified>2016-02-28</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="9e5bbffc-d8ac-11e5-b2bd-002590263bf5">
+ <topic>bsh -- remote code execution vulnerability</topic>
+ <affects>
+ <package>
+ <name>bsh</name>
+ <range><lt>2.0.b6</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Stian Soiland-Reyes reports:</p>
+ <blockquote cite="https://github.com/beanshell/beanshell/releases/tag/2.0b6">
+ <p>This release fixes a remote code execution vulnerability that was
+ identified in BeanShell by Alvaro Muñoz and Christian Schneider.
+ The BeanShell team would like to thank them for their help and
+ contributions to this fix!</p>
+ <p>An application that includes BeanShell on the classpath may be
+ vulnerable if another part of the application uses Java
+ serialization or XStream to deserialize data from an untrusted
+ source.</p>
+ <p>A vulnerable application could be exploited for remote code
+ execution, including executing arbitrary shell commands.</p>
+ <p>This update fixes the vulnerability in BeanShell, but it is worth
+ noting that applications doing such deserialization might still be
+ insecure through other libraries. It is recommended that application
+ developers take further measures such as using a restricted class
+ loader when deserializing. See notes on Java serialization security
+ XStream security and How to secure deserialization from untrusted
+ input without using encryption or sealing.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2510</cvename>
+ <freebsdpr>ports/207334</freebsdpr>
+ <url>https://github.com/beanshell/beanshell/releases/tag/2.0b6</url>
+ </references>
+ <dates>
+ <discovery>2016-02-18</discovery>
+ <entry>2016-02-21</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6171eb07-d8a9-11e5-b2bd-002590263bf5">
+ <topic>libsrtp -- DoS via crafted RTP header vulnerability</topic>
+ <affects>
+ <package>
+ <name>libsrtp</name>
+ <range><lt>1.5.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>libsrtp reports:</p>
+ <blockquote cite="https://github.com/cisco/libsrtp/commit/704a31774db0dd941094fd2b47c21638b8dc3de2">
+ <p>Prevent potential DoS attack due to lack of bounds checking on RTP
+ header CSRC count and extension header length. Credit goes to
+ Randell Jesup and the Firefox team for reporting this issue.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-6360</cvename>
+ <freebsdpr>ports/207003</freebsdpr>
+ <url>https://github.com/cisco/libsrtp/releases/tag/v1.5.3</url>
+ <url>https://github.com/cisco/libsrtp/commit/704a31774db0dd941094fd2b47c21638b8dc3de2</url>
+ <url>https://github.com/cisco/libsrtp/commit/be95365fbb4788b688cab7af61c65b7989055fb4</url>
+ <url>https://github.com/cisco/libsrtp/commit/be06686c8e98cc7bd934e10abb6f5e971d03f8ee</url>
+ <url>https://github.com/cisco/libsrtp/commit/cdc69f2acde796a4152a250f869271298abc233f</url>
+ </references>
+ <dates>
+ <discovery>2015-11-02</discovery>
+ <entry>2016-02-21</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="006e3b7c-d7d7-11e5-b85f-0018fe623f2b">
+ <topic>jasper -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>jasper</name>
+ <range><lt>1.900.1_16</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>oCERT reports:</p>
+ <blockquote cite="http://www.ocert.org/advisories/ocert-2014-012.html">
+ <p>The library is affected by a double-free vulnerability in function
+ jas_iccattrval_destroy()
+ as well as a heap-based buffer overflow in function jp2_decode().
+ A specially crafted jp2 file can be used to trigger the vulnerabilities.</p>
+ </blockquote>
+ <p>oCERT reports:</p>
+ <blockquote cite="http://www.ocert.org/advisories/ocert-2015-001.html">
+ <p>The library is affected by an off-by-one error in a buffer boundary check
+ in jpc_dec_process_sot(), leading to a heap based buffer overflow, as well
+ as multiple unrestricted stack memory use issues in jpc_qmfb.c, leading to
+ stack overflow.
+ A specially crafted jp2 file can be used to trigger the vulnerabilities.</p>
+ </blockquote>
+ <p>oCERT reports:</p>
+ <blockquote cite="http://www.ocert.org/advisories/ocert-2014-009.html">
+ <p>Multiple off-by-one flaws, leading to heap-based buffer overflows, were
+ found in the way JasPer decoded JPEG 2000 files. A specially crafted file
+ could cause an application using JasPer to crash or,
+ possibly, execute arbitrary code.</p>
+ </blockquote>
+ <p>limingxing reports:</p>
+ <blockquote cite="http://seclists.org/oss-sec/2016/q1/233">
+ <p>A vulnerability was found in the way the JasPer's jas_matrix_clip()
+ function parses certain JPEG 2000 image files. A specially crafted file
+ could cause an application using JasPer to crash.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.ocert.org/advisories/ocert-2014-012.html</url>
+ <url>https://bugzilla.redhat.com/show_bug.cgi?id=1173157</url>
+ <url>https://bugzilla.redhat.com/show_bug.cgi?id=1173162</url>
+ <url>http://www.ocert.org/advisories/ocert-2015-001.html</url>
+ <url>https://bugzilla.redhat.com/show_bug.cgi?id=1179282</url>
+ <url>http://www.ocert.org/advisories/ocert-2014-009.html</url>
+ <url>https://bugzilla.redhat.com/show_bug.cgi?id=1167537</url>
+ <url>http://seclists.org/oss-sec/2016/q1/233</url>
+ <url>https://bugzilla.redhat.com/show_bug.cgi?id=1302636</url>
+ <cvename>CVE-2014-8137</cvename>
+ <cvename>CVE-2014-8138</cvename>
+ <cvename>CVE-2014-8157</cvename>
+ <cvename>CVE-2014-8158</cvename>
+ <cvename>CVE-2014-9029</cvename>
+ <cvename>CVE-2016-2089</cvename>
+ </references>
+ <dates>
+ <discovery>2014-12-10</discovery>
+ <entry>2016-02-20</entry>
+ <modified>2016-02-24</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="368993bb-d685-11e5-8858-00262d5ed8ee">
+ <topic>chromium -- same origin bypass</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <name>chromium-npapi</name>
+ <name>chromium-pulse</name>
+ <range><lt>48.0.2564.116</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="http://googlechromereleases.blogspot.nl/2016/02/stable-channel-update_18.html">
+ <p>[583431] Critical CVE-2016-1629: Same-origin bypass in Blink
+ and Sandbox escape in Chrome. Credit to anonymous.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1629</cvename>
+ <url>http://googlechromereleases.blogspot.nl/2016/02/stable-channel-update_18.html</url>
+ </references>
+ <dates>
+ <discovery>2016-02-18</discovery>
+ <entry>2016-02-18</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="2dd7e97e-d5e8-11e5-bcbd-bc5ff45d0f28">
+ <topic>glibc -- getaddrinfo stack-based buffer overflow</topic>
+ <affects>
+ <package>
+ <name>linux_base-c6</name>
+ <name>linux_base-c6_64</name>
+ <range><lt>6.7_1</lt></range>
+ </package>
+ <package>
+ <name>linux_base-f10</name>
+ <range><ge>0</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Fabio Olive Leite reports:</p>
+ <blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7547">
+ <p>A stack-based buffer overflow was found in libresolv when invoked
+ from nss_dns, allowing specially crafted DNS responses to seize
+ control of EIP in the DNS client. The buffer overflow occurs in the
+ functions send_dg (send datagram) and send_vc (send TCP) for the
+ NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC
+ family, or in some cases AF_INET6 family. The use of AF_UNSPEC (or
+ AF_INET6 in some cases) triggers the low-level resolver code to
+ send out two parallel queries for A and AAAA. A mismanagement of
+ the buffers used for those queries could result in the response of
+ a query writing beyond the alloca allocated buffer created by
+ __res_nquery.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7547</cvename>
+ <freebsdpr>ports/207272</freebsdpr>
+ <url>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7547</url>
+ <url>https://blog.des.no/2016/02/freebsd-and-cve-2015-7547/</url>
+ <url>https://googleonlinesecurity.blogspot.no/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html</url>
+ <url>https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html</url>
+ </references>
+ <dates>
+ <discovery>2016-02-16</discovery>
+ <entry>2016-02-18</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="56562efb-d5e4-11e5-b2bd-002590263bf5">
+ <topic>squid -- SSL/TLS processing remote DoS</topic>
+ <affects>
+ <package>
+ <name>squid</name>
+ <range><ge>3.5.13</ge><lt>3.5.14</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Squid security advisory 2016:1 reports:</p>
+ <blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2016_1.txt">
+ <p>Due to incorrectly handling server errors Squid is vulnerable to a
+ denial of service attack when connecting to TLS or SSL servers.</p>
+ <p>This problem allows any trusted client to perform a denial of
+ service attack on the Squid service regardless of whether TLS or
+ SSL is configured for use in the proxy.</p>
+ <p>Misconfigured client or server software may trigger this issue
+ to perform a denial of service unintentionally.</p>
+ <p>However, the bug is exploitable only if Squid is built using the
+ --with-openssl option.</p>
+ </blockquote>
+ <p>The FreeBSD port does not use SSL by default and is not vulnerable
+ in the default configuration.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2390</cvename>
+ <freebsdpr>ports/207294</freebsdpr>
+ <url>http://www.squid-cache.org/Advisories/SQUID-2016_1.txt</url>
+ </references>
+ <dates>
+ <discovery>2016-02-16</discovery>
+ <entry>2016-02-18</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="dd563930-d59a-11e5-8fa8-14dae9d210b8">
+ <topic>adminer -- remote code execution</topic>
+ <affects>
+ <package>
+ <name>adminer</name>
+ <range><lt>4.2.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jakub Vrana reports:</p>
+ <blockquote cite="https://github.com/vrana/adminer/commit/e5352cc5acad21513bb02677e2021b80bf7e7b8b">
+ <p>Fix remote code execution in SQLite query</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/vrana/adminer/commit/e5352cc5acad21513bb02677e2021b80bf7e7b8b</url>
+ </references>
+ <dates>
+ <discovery>2016-02-06</discovery>
+ <entry>2016-02-17</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="18201a1c-d59a-11e5-8fa8-14dae9d210b8">
+ <topic>adminer -- XSS vulnerability</topic>
+ <affects>
+ <package>
+ <name>adminer</name>
+ <range><lt>4.2.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jakub Vrana reports:</p>
+ <blockquote cite="https://github.com/vrana/adminer/commit/4be0b6655e0bf415960659db2a6dd4e60eebbd66">
+ <p>Fix XSS in indexes (non-MySQL only)</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/vrana/adminer/commit/4be0b6655e0bf415960659db2a6dd4e60eebbd66</url>
+ </references>
+ <dates>
+ <discovery>2015-11-08</discovery>
+ <entry>2016-02-17</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="ad91ee9b-d599-11e5-8fa8-14dae9d210b8">
+ <topic>adminer -- XSS vulnerability</topic>
+ <affects>
+ <package>
+ <name>adminer</name>
+ <range><lt>4.2.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jakub Vrana reports:</p>
+ <blockquote cite="https://github.com/vrana/adminer/commit/596f8df373cd3efe5bcb6013858bd7a6bb5ecb2c">
+ <p>Fix XSS in alter table</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/vrana/adminer/commit/596f8df373cd3efe5bcb6013858bd7a6bb5ecb2c</url>
+ </references>
+ <dates>
+ <discovery>2015-08-05</discovery>
+ <entry>2016-02-17</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="8cf54d73-d591-11e5-8fa8-14dae9d210b8">
+ <topic>adminer -- XSS vulnerability</topic>
+ <affects>
+ <package>
+ <name>adminer</name>
+ <range><lt>4.2.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jakub Vrana reports:</p>
+ <blockquote cite="https://github.com/vrana/adminer/commit/c990de3b3ee1816afb130bd0e1570577bf54a8e5">
+ <p>Fix XSS in login form</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/vrana/adminer/commit/c990de3b3ee1816afb130bd0e1570577bf54a8e5</url>
+ <url>https://sourceforge.net/p/adminer/bugs-and-features/436/</url>
+ </references>
+ <dates>
+ <discovery>2015-01-30</discovery>
+ <entry>2016-02-17</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="95b92e3b-d451-11e5-9794-e8e0b747a45a">
+ <topic>libgcrypt -- side-channel attack on ECDH</topic>
+ <affects>
+ <package>
+ <name>libgcrypt</name>
+ <range><lt>1.6.5</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>GnuPG reports:</p>
+ <blockquote cite="https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html">
+ <p>Mitigate side-channel attack on ECDH with Weierstrass curves.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7511</cvename>
+ <url>https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html</url>
+ </references>
+ <dates>
+ <discovery>2016-02-09</discovery>
+ <entry>2016-02-16</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f1bf28c5-d447-11e5-b2bd-002590263bf5">
+ <topic>xdelta3 -- buffer overflow vulnerability</topic>
+ <affects>
+ <package>
+ <name>xdelta3</name>
+ <range><lt>3.0.9,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Stepan Golosunov reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2016/02/08/1">
+ <p>Buffer overflow was found and fixed in xdelta3 binary diff tool
+ that allows arbitrary code execution from input files at least on
+ some systems.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-9765</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2016/02/08/1</url>
+ <url>https://github.com/jmacd/xdelta-devel/commit/ef93ff74203e030073b898c05e8b4860b5d09ef2</url>
+ </references>
+ <dates>
+ <discovery>2014-10-08</discovery>
+ <entry>2016-02-16</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="172b22cb-d3f6-11e5-ac9e-485d605f4717">
+ <topic>firefox -- Same-origin-policy violation using Service Workers with plugins</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>44.0.2,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>44.0.2,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox44.0.2">
+ <p>MFSA 2016-13 Jason Pang of OneSignal reported that service workers intercept
+ responses to plugin network requests made through the browser. Plugins which
+ make security decisions based on the content of network requests can have these
+ decisions subverted if a service worker forges responses to those requests. For
+ example, a forged crossdomain.xml could allow a malicious site to violate the
+ same-origin policy using the Flash plugin.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1949</cvename>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-13/</url>
+ </references>
+ <dates>
+ <discovery>2016-02-11</discovery>
+ <entry>2016-02-15</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="07718e2b-d29d-11e5-a95f-b499baebfeaf">
+ <topic>nghttp2 -- Out of memory in nghttpd, nghttp, and libnghttp2_asio</topic>
+ <affects>
+ <package>
+ <name>nghttp2</name>
+ <range><lt>1.7.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Nghttp2 reports:</p>
+ <blockquote cite="https://nghttp2.org/blog/2016/02/11/nghttp2-v1-7-1/">
+ <p>Out of memory in nghttpd, nghttp, and libnghttp2_asio applications
+ due to unlimited incoming HTTP header fields.</p>
+ <p>nghttpd, nghttp, and libnghttp2_asio applications do not limit the memory usage
+ for the incoming HTTP header field. If peer sends specially crafted HTTP/2
+ HEADERS frames and CONTINUATION frames, they will crash with out of memory
+ error.</p>
+ <p>Note that libnghttp2 itself is not affected by this vulnerability.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://nghttp2.org/blog/2016/02/11/nghttp2-v1-7-1/</url>
+ <cvename>CVE-2016-1544</cvename>
+ </references>
+ <dates>
+ <discovery>2016-02-03</discovery>
+ <entry>2016-02-13</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="3aa8b781-d2c4-11e5-b2bd-002590263bf5">
+ <topic>horde -- XSS vulnerabilies</topic>
+ <affects>
+ <package>
+ <name>horde</name>
+ <range><lt>5.2.9</lt></range>
+ </package>
+ <package>
+ <name>pear-Horde_Core</name>
+ <range><lt>2.22.6</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Horde Team reports:</p>
+ <blockquote cite="http://lists.horde.org/archives/announce/2016/001149.html">
+ <p>Fixed XSS vulnerabilities in menu bar and form renderer.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8807</cvename>
+ <cvename>CVE-2016-2228</cvename>
+ <url>https://github.com/horde/horde/commit/11d74fa5a22fe626c5e5a010b703cd46a136f253</url>
+ <url>https://bugs.horde.org/ticket/14213</url>
+ <url>https://github.com/horde/horde/commit/f03301cf6edcca57121a15e80014c4d0f29d99a0</url>
+ <url>https://github.com/horde/horde/commit/ab07a1b447de34e13983b4d7ceb18b58c3a358d8</url>
+ <url>http://www.openwall.com/lists/oss-security/2016/02/06/4</url>
+ <url>http://lists.horde.org/archives/announce/2016/001149.html</url>
+ </references>
+ <dates>
+ <discovery>2016-02-02</discovery>
+ <entry>2016-02-14</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e8b6605b-d29f-11e5-8458-6cc21735f730">
+ <topic>PostgreSQL -- Security Fixes for Regular Expressions, PL/Java.</topic>
+ <affects>
+ <package>
+ <name>postgresql91-server</name>
+ <range><ge>9.1.0</ge><lt>9.1.20</lt></range>
+ </package>
+ <package>
+ <name>postgresql92-server</name>
+ <range><ge>9.2.0</ge><lt>9.2.15</lt></range>
+ </package>
+ <package>
+ <name>postgresql93-server</name>
+ <range><ge>9.3.0</ge><lt>9.3.11</lt></range>
+ </package>
+ <package>
+ <name>postgresql94-server</name>
+ <range><ge>9.4.0</ge><lt>9.4.6</lt></range>
+ </package>
+ <package>
+ <name>postgresql95-server</name>
+ <range><ge>9.5.0</ge><lt>9.5.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>PostgreSQL project reports:</p>
+ <blockquote cite="http://www.postgresql.org/about/news/1644/">
+ <p>
+ Security Fixes for Regular Expressions, PL/Java
+ </p>
+ <ul>
+ <li>CVE-2016-0773: This release closes security hole CVE-2016-0773,
+ an issue with regular expression (regex) parsing. Prior code allowed
+ users to pass in expressions which included out-of-range Unicode
+ characters, triggering a backend crash. This issue is critical for
+ PostgreSQL systems with untrusted users or which generate regexes
+ based on user input.
+ </li>
+ <li>CVE-2016-0766: The update also fixes CVE-2016-0766, a privilege
+ escalation issue for users of PL/Java. Certain custom configuration
+ settings (GUCS) for PL/Java will now be modifiable only by the
+ database superuser
+ </li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-0773</cvename>
+ <cvename>CVE-2016-0766</cvename>
+ </references>
+ <dates>
+ <discovery>2016-02-08</discovery>
+ <entry>2016-02-12</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="5d8e56c3-9e67-4d5b-81c9-3a409dfd705f">
+ <topic>flash -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>linux-c6-flashplugin</name>
+ <name>linux-f10-flashplugin</name>
+ <name>linux-c6_64-flashplugin</name>
+ <range><lt>11.2r202.569</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Adobe reports:</p>
+ <blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb16-04.html">
+ <p>These updates resolve a type confusion vulnerability that
+ could lead to code execution (CVE-2016-0985).</p>
+ <p>These updates resolve use-after-free vulnerabilities that
+ could lead to code execution (CVE-2016-0973, CVE-2016-0974,
+ CVE-2016-0975, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984).</p>
+ <p>These updates resolve a heap buffer overflow vulnerability
+ that could lead to code execution (CVE-2016-0971).</p>
+ <p>These updates resolve memory corruption vulnerabilities
+ that could lead to code execution (CVE-2016-0964,
+ CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968,
+ CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976,
+ CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980,
+ CVE-2016-0981).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-0964</cvename>
+ <cvename>CVE-2016-0965</cvename>
+ <cvename>CVE-2016-0966</cvename>
+ <cvename>CVE-2016-0967</cvename>
+ <cvename>CVE-2016-0968</cvename>
+ <cvename>CVE-2016-0969</cvename>
+ <cvename>CVE-2016-0970</cvename>
+ <cvename>CVE-2016-0971</cvename>
+ <cvename>CVE-2016-0972</cvename>
+ <cvename>CVE-2016-0973</cvename>
+ <cvename>CVE-2016-0974</cvename>
+ <cvename>CVE-2016-0975</cvename>
+ <cvename>CVE-2016-0976</cvename>
+ <cvename>CVE-2016-0977</cvename>
+ <cvename>CVE-2016-0978</cvename>
+ <cvename>CVE-2016-0979</cvename>
+ <cvename>CVE-2016-0980</cvename>
+ <cvename>CVE-2016-0981</cvename>
+ <cvename>CVE-2016-0982</cvename>
+ <cvename>CVE-2016-0983</cvename>
+ <cvename>CVE-2016-0984</cvename>
+ <cvename>CVE-2016-0985</cvename>
+ <url>https://helpx.adobe.com/security/products/flash-player/apsb16-04.html</url>
+ </references>
+ <dates>
+ <discovery>2016-02-09</discovery>
+ <entry>2016-02-10</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="515b4327-cf8a-11e5-96d6-14dae9d210b8">
+ <topic>dnscrypt-proxy -- code execution</topic>
+ <affects>
+ <package>
+ <name>dnscrypt-proxy</name>
+ <range><ge>1.1.0</ge><lt>1.6.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Frank Denis reports:</p>
+ <blockquote cite="https://github.com/jedisct1/dnscrypt-proxy/blob/1d129f7d5f0d469308967cbe4eacb4a6919f1fa1/NEWS#L2-L8">
+ <p>Malformed packets could lead to denial of service or code
+ execution.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/jedisct1/dnscrypt-proxy/blob/1d129f7d5f0d469308967cbe4eacb4a6919f1fa1/NEWS#L2-L8</url>
+ </references>
+ <dates>
+ <discovery>2016-02-02</discovery>
+ <entry>2016-02-10</entry>
+ <modified>2016-02-14</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="36034227-cf81-11e5-9c2b-00262d5ed8ee">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <name>chromium-npapi</name>
+ <name>chromium-pulse</name>
+ <range><lt>48.0.2564.109</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="http://googlechromereleases.blogspot.nl/2016/02/stable-channel-update_9.html">
+ <p>6 security fixes in this release, including:</p>
+ <ul>
+ <li>[546677] High CVE-2016-1622: Same-origin bypass in Extensions.
+ Credit to anonymous.</li>
+ <li>[577105] High CVE-2016-1623: Same-origin bypass in DOM. Credit
+ to Mariusz Mlynski.</li>
+ <li>[583607] High CVE-2016-1624: Buffer overflow in Brotli. Credit
+ to lukezli.</li>
+ <li>[509313] Medium CVE-2016-1625: Navigation bypass in Chrome
+ Instant. Credit to Jann Horn.</li>
+ <li>[571480] Medium CVE-2016-1626: Out-of-bounds read in PDFium.
+ Credit to anonymous, working with HP's Zero Day Initiative.</li>
+ <li>[585517] CVE-2016-1627: Various fixes from internal audits,
+ fuzzing and other initiatives.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1622</cvename>
+ <cvename>CVE-2016-1623</cvename>
+ <cvename>CVE-2016-1624</cvename>
+ <cvename>CVE-2016-1625</cvename>
+ <cvename>CVE-2016-1626</cvename>
+ <cvename>CVE-2016-1627</cvename>
+ <url>http://googlechromereleases.blogspot.nl/2016/02/stable-channel-update_9.html</url>
+ </references>
+ <dates>
+ <discovery>2016-02-08</discovery>
+ <entry>2016-02-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="8f10fa04-cf6a-11e5-96d6-14dae9d210b8">
+ <topic>graphite2 -- code execution vulnerability</topic>
+ <affects>
+ <package>
+ <name>graphite2</name>
+ <range><lt>1.3.5</lt></range>
+ </package>
+ <package>
+ <name>silgraphite</name>
+ <range><lt>2.3.1_4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Talos reports:</p>
+ <blockquote cite="http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html">
+ <ul>
+ <li><p>An exploitable denial of service vulnerability exists
+ in the font handling of Libgraphite. A specially crafted font can cause
+ an out-of-bounds read potentially resulting in an information leak or
+ denial of service.</p></li>
+ <li><p>A specially crafted font can cause a buffer overflow
+ resulting in potential code execution.</p></li>
+ <li><p>An exploitable NULL pointer dereference exists in the
+ bidirectional font handling functionality of Libgraphite. A specially
+ crafted font can cause a NULL pointer dereference resulting in a
+ crash.</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html</url>
+ <cvename>CVE-2016-1521</cvename>
+ <cvename>CVE-2016-1522</cvename>
+ <cvename>CVE-2016-1523</cvename>
+ <cvename>CVE-2016-1526</cvename>
+ </references>
+ <dates>
+ <discovery>2016-02-05</discovery>
+ <entry>2016-02-09</entry>
+ <modified>2016-02-18</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="1cecd5e0-c372-11e5-96d6-14dae9d210b8">
+ <topic>xymon-server -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>xymon-server</name>
+ <range><lt>4.3.25</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>J.C. Cleaver reports:</p>
+ <blockquote cite="http://lists.xymon.com/pipermail/xymon/2016-February/042986.html">
+ <ul>
+ <li><p>CVE-2016-2054: Buffer overflow in xymond handling of
+ "config" command</p></li>
+ <li><p> CVE-2016-2055: Access to possibly confidential files
+ in the Xymon configuration directory</p></li>
+ <li><p>CVE-2016-2056: Shell command injection in the
+ "useradm" and "chpasswd" web applications</p></li>
+ <li><p>CVE-2016-2057: Incorrect permissions on IPC queues
+ used by the xymond daemon can bypass IP access filtering</p></li>
+ <li><p>CVE-2016-2058: Javascript injection in "detailed status
+ webpage" of monitoring items; XSS vulnerability via malformed
+ acknowledgment messages</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://lists.xymon.com/pipermail/xymon/2016-February/042986.html</url>
+ <cvename>CVE-2016-2054</cvename>
+ <cvename>CVE-2016-2055</cvename>
+ <cvename>CVE-2016-2056</cvename>
+ <cvename>CVE-2016-2057</cvename>
+ <cvename>CVE-2016-2058</cvename>
+ </references>
+ <dates>
+ <discovery>2016-01-19</discovery>
+ <entry>2016-02-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="85eb4e46-cf16-11e5-840f-485d605f4717">
+ <topic>php -- pcre vulnerability</topic>
+ <affects>
+ <package>
+ <name>php55</name>
+ <range><lt>5.5.32</lt></range>
+ </package>
+ <package>
+ <name>php56</name>
+ <range><lt>5.6.18</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>PHP reports:</p>
+ <blockquote cite="http://php.net/ChangeLog-5.php#5.6.18">
+ <ul><li>PCRE:
+ <ul>
+ <li>Upgraded bundled PCRE library to 8.38.(CVE-2015-8383,
+ CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390,
+ CVE-2015-8391, CVE-2015-8393, CVE-2015-8394)</li>
+ </ul></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-8383</cvename>
+ <cvename>CVE-2015-8386</cvename>
+ <cvename>CVE-2015-8387</cvename>
+ <cvename>CVE-2015-8389</cvename>
+ <cvename>CVE-2015-8390</cvename>
+ <cvename>CVE-2015-8391</cvename>
+ <cvename>CVE-2015-8393</cvename>
+ <cvename>CVE-2015-8394</cvename>
+ <url>http://php.net/ChangeLog-5.php#5.6.18</url>
+ <url>http://php.net/ChangeLog-5.php#5.5.32</url>
+ </references>
+ <dates>
+ <discovery>2016-02-04</discovery>
+ <entry>2016-02-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a8de962a-cf15-11e5-805c-5453ed2e2b49">
+ <topic>py-imaging, py-pillow -- Buffer overflow in PCD decoder</topic>
+ <affects>
+ <package>
+ <name>py27-pillow</name>
+ <name>py33-pillow</name>
+ <name>py34-pillow</name>
+ <name>py35-pillow</name>
+ <range><lt>2.9.0_1</lt></range>
+ </package>
+ <package>
+ <name>py27-imaging</name>
+ <range><lt>1.1.7_6</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Pillow maintainers report:</p>
+ <blockquote cite="https://pillow.readthedocs.org/en/3.1.x/releasenotes/3.1.1.html">
+ <p>In all versions of Pillow, dating back at least to the last PIL
+ 1.1.7 release, PcdDecode.c has a buffer overflow error.</p>
+ <p>The state.buffer for PcdDecode.c is allocated based on a 3 bytes
+ per pixel sizing, where PcdDecode.c wrote into the buffer assuming
+ 4 bytes per pixel. This writes 768 bytes beyond the end of the
+ buffer into other Python object storage. In some cases, this causes
+ a segfault, in others an internal Python malloc error.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <mlist>http://openwall.com/lists/oss-security/2016/02/02/5</mlist>
+ <url>https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4</url>
+ <url>https://github.com/python-pillow/Pillow/issues/568</url>
+ </references>
+ <dates>
+ <discovery>2016-02-02</discovery>
+ <entry>2016-02-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0519db18-cf15-11e5-805c-5453ed2e2b49">
+ <topic>py-pillow -- Integer overflow in Resample.c</topic>
+ <affects>
+ <package>
+ <name>py27-pillow</name>
+ <name>py33-pillow</name>
+ <name>py34-pillow</name>
+ <name>py35-pillow</name>
+ <range><lt>2.9.0_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Pillow maintainers report:</p>
+ <blockquote cite="https://pillow.readthedocs.org/en/3.1.x/releasenotes/3.1.1.html">
+ <p>If a large value was passed into the new size for an image, it is
+ possible to overflow an int32 value passed into malloc, leading the
+ malloc’d buffer to be undersized. These allocations are followed by
+ a loop that writes out of bounds. This can lead to corruption on
+ the heap of the Python process with attacker controlled float
+ data.</p>
+ <p>This issue was found by Ned Williamson.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/python-pillow/Pillow/commit/41fae6d9e2da741d2c5464775c7f1a609ea03798</url>
+ <url>https://github.com/python-pillow/Pillow/issues/1710</url>
+ </references>
+ <dates>
+ <discovery>2016-02-05</discovery>
+ <entry>2016-02-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6ea60e00-cf13-11e5-805c-5453ed2e2b49">
+ <topic>py-imaging, py-pillow -- Buffer overflow in FLI decoding code</topic>
+ <affects>
+ <package>
+ <name>py27-pillow</name>
+ <name>py33-pillow</name>
+ <name>py34-pillow</name>
+ <name>py35-pillow</name>
+ <range><lt>2.9.0_1</lt></range>
+ </package>
+ <package>
+ <name>py27-imaging</name>
+ <range><lt>1.1.7_6</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Pillow maintainers report:</p>
+ <blockquote cite="https://pillow.readthedocs.org/en/3.1.x/releasenotes/3.1.1.html">
+ <p>In all versions of Pillow, dating back at least to the last PIL
+ 1.1.7 release, FliDecode.c has a buffer overflow error.</p>
+ <p>There is a memcpy error where x is added to a target buffer
+ address. X is used in several internal temporary variable roles,
+ but can take a value up to the width of the image. Im->image[y]
+ is a set of row pointers to segments of memory that are the size of
+ the row. At the max y, this will write the contents of the line off
+ the end of the memory buffer, causing a segfault.</p>
+ <p>This issue was found by Alyssa Besseling at Atlassian.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-0775</cvename>
+ <url>https://github.com/python-pillow/Pillow/commit/bcaaf97f4ff25b3b5b9e8efeda364e17e80858ec</url>
+ </references>
+ <dates>
+ <discovery>2016-02-05</discovery>
+ <entry>2016-02-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="53252879-cf11-11e5-805c-5453ed2e2b49">
+ <topic>py-pillow -- Buffer overflow in TIFF decoding code</topic>
+ <affects>
+ <package>
+ <name>py27-pillow</name>
+ <name>py33-pillow</name>
+ <name>py34-pillow</name>
+ <name>py35-pillow</name>
+ <range><lt>2.9.0_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Pillow maintainers report:</p>
+ <blockquote cite="https://pillow.readthedocs.org/en/3.1.x/releasenotes/3.1.1.html">
+ <p>Pillow 3.1.0 and earlier when linked against libtiff >= 4.0.0 on
+ x64 may overflow a buffer when reading a specially crafted tiff
+ file.</p>
+ <p>Specifically, libtiff >= 4.0.0 changed the return type of
+ TIFFScanlineSize from int32 to machine dependent int32|64. If the
+ scanline is sized so that it overflows an int32, it may be
+ interpreted as a negative number, which will then pass the size check
+ in TiffDecode.c line 236. To do this, the logical scanline size has
+ to be > 2gb, and for the test file, the allocated buffer size is 64k
+ against a roughly 4gb scan line size. Any image data over 64k is
+ written over the heap, causing a segfault.</p>
+ <p>This issue was found by security researcher FourOne.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-0740</cvename>
+ <url>https://github.com/python-pillow/Pillow/commit/6dcbf5bd96b717c58d7b642949da8d323099928e</url>
+ </references>
+ <dates>
+ <discovery>2016-02-04</discovery>
+ <entry>2016-02-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6ac79ed8-ccc2-11e5-932b-5404a68ad561">
+ <topic>ffmpeg -- remote denial of service in JPEG2000 decoder</topic>
+ <affects>
+ <package>
+ <name>ffmpeg</name>
+ <range><lt>2.8.6,1</lt></range>
+ </package>
+ <package>
+ <name>mplayer</name>
+ <name>mencoder</name>
+ <range>
+ <lt>1.2.r20151219_3</lt>
+ </range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>FFmpeg security reports:</p>
+ <blockquote cite="https://www.ffmpeg.org/security.html">
+ <p>FFmpeg 2.8.6 fixes the following vulnerabilities:
+ CVE-2016-2213</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2213</cvename>
+ <url>https://www.ffmpeg.org/security.html</url>
+ </references>
+ <dates>
+ <discovery>2016-01-27</discovery>
+ <entry>2016-02-06</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="448047e9-030e-4ce4-910b-f21a3ad5d9a0">
+ <topic>shotwell -- not verifying certificates</topic>
+ <affects>
+ <package>
+ <name>shotwell</name>
+ <range><lt>0.22.0.99</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Michael Catanzaro reports:</p>
+ <blockquote cite="https://mail.gnome.org/archives/distributor-list/2016-January/msg00000.html">
+ <p>Shotwell has a serious security issue ("Shotwell does not
+ verify TLS certificates"). Upstream is no longer active and
+ I do not expect any further upstream releases unless someone
+ from the community steps up to maintain it.</p>
+
+ <p>What is the impact of the issue? If you ever used any of
+ the publish functionality (publish to Facebook, publish to
+ Flickr, etc.), your passwords may have been stolen; changing
+ them is not a bad idea.</p>
+
+ <p>What is the risk of the update? Regressions. The easiest
+ way to validate TLS certificates was to upgrade WebKit; it
+ seems to work but I don't have accounts with the online
+ services it supports, so I don't know if photo publishing
+ still works properly on all the services.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://mail.gnome.org/archives/distributor-list/2016-January/msg00000.html</url>
+ </references>
+ <dates>
+ <discovery>2016-01-06</discovery>
+ <entry>2016-02-05</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="1091d2d1-cb2e-11e5-b14b-bcaec565249c">
+ <topic>webkit -- UI spoof</topic>
+ <affects>
+ <package>
+ <name>webkit-gtk2</name>
+ <name>webkit-gtk3</name>
+ <range><lt>2.4.9_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>webkit reports:</p>
+ <blockquote cite="http://webkitgtk.org/security/WSA-2015-0002.html">
+ <p>The ScrollView::paint function in platform/scroll/ScrollView.cpp
+ in Blink, as used in Google Chrome before 35.0.1916.114, allows
+ remote attackers to spoof the UI by extending scrollbar painting
+ into the parent frame.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-1748</cvename>
+ <url>http://webkitgtk.org/security/WSA-2015-0002.html</url>
+ </references>
+ <dates>
+ <discovery>2015-12-28</discovery>
+ <entry>2016-02-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e78bfc9d-cb1e-11e5-b251-0050562a4d7b">
+ <topic>py-rsa -- Bleichenbacher'06 signature forgery vulnerability</topic>
+ <affects>
+ <package>
+ <name>py27-rsa</name>
+ <name>py32-rsa</name>
+ <name>py33-rsa</name>
+ <name>py34-rsa</name>
+ <name>py35-rsa</name>
+ <range><lt>3.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Filippo Valsorda reports:</p>
+ <blockquote cite="https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/">
+ <p>
+ python-rsa is vulnerable to a straightforward variant of the
+ Bleichenbacher'06 attack against RSA signature verification
+ with low public exponent.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1494</cvename>
+ <url>https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/</url>
+ <url>https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by</url>
+ <url>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1494</url>
+ <url>http://www.openwall.com/lists/oss-security/2016/01/05/3</url>
+ <url>http://www.openwall.com/lists/oss-security/2016/01/05/1</url>
+ </references>
+ <dates>
+ <discovery>2016-01-05</discovery>
+ <entry>2016-02-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="559f3d1b-cb1d-11e5-80a4-001999f8d30b">
+ <topic>asterisk -- Multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>asterisk</name>
+ <range><lt>1.8.32.3_5</lt></range>
+ </package>
+ <package>
+ <name>asterisk11</name>
+ <range><lt>11.21.1</lt></range>
+ </package>
+ <package>
+ <name>asterisk13</name>
+ <range><lt>13.7.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Asterisk project reports:</p>
+ <blockquote cite="http://www.asterisk.org/downloads/security-advisories">
+ <p>AST-2016-001 - BEAST vulnerability in HTTP server</p>
+ <p>AST-2016-002 - File descriptor exhaustion in chan_sip</p>
+ <p>AST-2016-003 - Remote crash vulnerability when receiving UDPTL FAX data</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://downloads.asterisk.org/pub/security/AST-2016-001.html</url>
+ <url>http://downloads.asterisk.org/pub/security/AST-2016-002.html</url>
+ <url>http://downloads.asterisk.org/pub/security/AST-2016-003.html</url>
+ </references>
+ <dates>
+ <discovery>2016-02-03</discovery>
+ <entry>2016-02-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0652005e-ca96-11e5-96d6-14dae9d210b8">
+ <topic>salt -- code execution</topic>
+ <affects>
+ <package>
+ <name>py27-salt</name>
+ <name>py32-salt</name>
+ <name>py33-salt</name>
+ <name>py34-salt</name>
+ <name>py35-salt</name>
+ <range><ge>2015.8.0</ge><lt>2015.8.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>SaltStack reports:</p>
+ <blockquote cite="https://docs.saltstack.com/en/latest/topics/releases/2015.8.4.html">
+ <p>Improper handling of clear messages on the minion, which
+ could result in executing commands not sent by the master.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://docs.saltstack.com/en/latest/topics/releases/2015.8.4.html</url>
+ <url>https://github.com/saltstack/salt/pull/30613/files</url>
+ <cvename>CVE-2016-1866</cvename>
+ </references>
+ <dates>
+ <discovery>2016-01-25</discovery>
+ <entry>2016-02-03</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="bb0ef21d-0e1b-461b-bc3d-9cba39948888">
+ <topic>rails -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>rubygem-actionpack</name>
+ <range><lt>3.2.22.1</lt></range>
+ </package>
+ <package>
+ <name>rubygem-actionpack4</name>
+ <range><lt>4.2.5.1</lt></range>
+ </package>
+ <package>
+ <name>rubygem-actionview</name>
+ <range><lt>4.2.5.1</lt></range>
+ </package>
+ <package>
+ <name>rubygem-activemodel4</name>
+ <range><lt>4.2.5.1</lt></range>
+ </package>
+ <package>
+ <name>rubygem-activerecord</name>
+ <range><lt>3.2.22.1</lt></range>
+ </package>
+ <package>
+ <name>rubygem-activerecord4</name>
+ <range><lt>4.2.5.1</lt></range>
+ </package>
+ <package>
+ <name>rubygem-rails</name>
+ <range><lt>3.2.22.1</lt></range>
+ </package>
+ <package>
+ <name>rubygem-rails-html-sanitizer</name>
+ <range><lt>1.0.3</lt></range>
+ </package>
+ <package>
+ <name>rubygem-rails4</name>
+ <range><lt>4.2.5.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Ruby on Rails blog:</p>
+ <blockquote cite="http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/">
+ <p>Rails 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, and 3.2.22.1 have been
+ released! These contain important security fixes, and it is
+ recommended that users upgrade as soon as possible.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7576</cvename>
+ <cvename>CVE-2015-7577</cvename>
+ <cvename>CVE-2015-7581</cvename>
+ <cvename>CVE-2016-0751</cvename>
+ <cvename>CVE-2016-0752</cvename>
+ <cvename>CVE-2016-0753</cvename>
+ <url>https://groups.google.com/d/msg/rubyonrails-security/ANv0HDHEC3k/mt7wNGxbFQAJ</url>
+ <url>https://groups.google.com/d/msg/rubyonrails-security/cawsWcQ6c8g/tegZtYdbFQAJ</url>
+ <url>https://groups.google.com/d/msg/rubyonrails-security/dthJ5wL69JE/YzPnFelbFQAJ</url>
+ <url>https://groups.google.com/d/msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ</url>
+ <url>https://groups.google.com/d/msg/rubyonrails-security/335P1DcLG00/OfB9_LhbFQAJ</url>
+ <url>https://groups.google.com/d/msg/rubyonrails-security/6jQVC1geukQ/8oYETcxbFQAJ</url>
+ <url>http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/</url>
+ </references>
+ <dates>
+ <discovery>2016-01-25</discovery>
+ <entry>2016-02-02</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a52a7172-c92e-11e5-96d6-14dae9d210b8">
+ <topic>socat -- diffie hellman parameter was not prime</topic>
+ <affects>
+ <package>
+ <name>socat</name>
+ <range><ge>1.7.2.5</ge><lt>1.7.3.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>socat reports:</p>
+ <blockquote cite="http://www.dest-unreach.org/socat/contrib/socat-secadv7.html">
+ <p>In the OpenSSL address implementation the hard coded 1024
+ bit DH p parameter was not prime. The effective cryptographic strength
+ of a key exchange using these parameters was weaker than the one one
+ could get by using a prime p. Moreover, since there is no indication of
+ how these parameters were chosen, the existence of a trapdoor that makes
+ possible for an eavesdropper to recover the shared secret from a key
+ exchange that uses them cannot be ruled out.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.dest-unreach.org/socat/contrib/socat-secadv7.html</url>
+ </references>
+ <dates>
+ <discovery>2016-02-01</discovery>
+ <entry>2016-02-01</entry>
+ </dates>
+ </vuln>
+
<vuln vid="4f00dac0-1e18-4481-95af-7aaad63fd303">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
@@ -724,6 +2751,15 @@
<name>curl</name>
<range><ge>7.10.0</ge><lt>7.47.0</lt></range>
</package>
+ <package>
+ <name>linux-c6-curl</name>
+ <name>linux-c6_64-curl</name>
+ <range><ge>7.10.0</ge></range>
+ </package>
+ <package>
+ <name>linux-f10-curl</name>
+ <range><ge>0</ge></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -743,7 +2779,7 @@
<dates>
<discovery>2016-01-27</discovery>
<entry>2016-01-27</entry>
- <modified>2016-01-30</modified>
+ <modified>2016-02-02</modified>
</dates>
</vuln>
@@ -2291,7 +4327,7 @@
<package>
<name>qemu-sbruno</name>
<name>qemu-user-static</name>
- <range><ge>0</ge></range>
+ <range><lt>2.5.50.g20160213</lt></range>
</package>
</affects>
<description>
@@ -2315,10 +4351,13 @@
<freebsdpr>ports/205814</freebsdpr>
<url>http://www.openwall.com/lists/oss-security/2015/12/28/6</url>
<url>https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg04629.html</url>
+ <url>http://git.qemu.org/?p=qemu.git;a=commit;h=007cd223de527b5f41278f2d886c1a4beb3e67aa</url>
+ <url>https://github.com/seanbruno/qemu-bsd-user/commit/007cd223de527b5f41278f2d886c1a4beb3e67aa</url>
</references>
<dates>
<discovery>2015-12-28</discovery>
<entry>2016-01-03</entry>
+ <modified>2016-02-13</modified>
</dates>
</vuln>
@@ -2373,7 +4412,7 @@
<package>
<name>qemu-sbruno</name>
<name>qemu-user-static</name>
- <range><ge>0</ge></range>
+ <range><lt>2.5.50.g20160213</lt></range>
</package>
</affects>
<description>
@@ -2395,10 +4434,13 @@
<freebsdpr>ports/205814</freebsdpr>
<url>http://www.openwall.com/lists/oss-security/2015/12/22/8</url>
<url>https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02930.html</url>
+ <url>http://git.qemu.org/?p=qemu.git;a=commit;h=64ffbe04eaafebf4045a3ace52a360c14959d196</url>
+ <url>https://github.com/seanbruno/qemu-bsd-user/commit/64ffbe04eaafebf4045a3ace52a360c14959d196</url>
</references>
<dates>
<discovery>2015-12-23</discovery>
<entry>2016-01-03</entry>
+ <modified>2016-02-13</modified>
</dates>
</vuln>
@@ -2413,7 +4455,7 @@
<package>
<name>qemu-sbruno</name>
<name>qemu-user-static</name>
- <range><ge>0</ge></range>
+ <range><lt>2.5.50.g20160213</lt></range>
</package>
</affects>
<description>
@@ -2434,10 +4476,13 @@
<freebsdpr>ports/205814</freebsdpr>
<url>http://www.openwall.com/lists/oss-security/2015/12/21/7</url>
<url>https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg03737.html</url>
+ <url>http://git.qemu.org/?p=qemu.git;a=commit;h=36fef36b91f7ec0435215860f1458b5342ce2811</url>
+ <url>https://github.com/seanbruno/qemu-bsd-user/commit/36fef36b91f7ec0435215860f1458b5342ce2811</url>
</references>
<dates>
<discovery>2015-12-21</discovery>
<entry>2016-01-03</entry>
+ <modified>2016-02-13</modified>
</dates>
</vuln>
@@ -2452,7 +4497,7 @@
<package>
<name>qemu-sbruno</name>
<name>qemu-user-static</name>
- <range><ge>0</ge></range>
+ <range><lt>2.5.50.g20160213</lt></range>
</package>
</affects>
<description>
@@ -2474,10 +4519,13 @@
<freebsdpr>ports/205814</freebsdpr>
<url>http://www.openwall.com/lists/oss-security/2015/12/15/4</url>
<url>https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html</url>
+ <url>http://git.qemu.org/?p=qemu.git;a=commit;h=aa4a3dce1c88ed51b616806b8214b7c8428b7470</url>
+ <url>https://github.com/seanbruno/qemu-bsd-user/commit/aa4a3dce1c88ed51b616806b8214b7c8428b7470</url>
</references>
<dates>
<discovery>2015-12-15</discovery>
<entry>2016-01-03</entry>
+ <modified>2016-02-13</modified>
</dates>
</vuln>
@@ -2675,7 +4723,7 @@
<package>
<name>qemu-sbruno</name>
<name>qemu-user-static</name>
- <range><ge>0</ge></range>
+ <range><lt>2.5.50.g20160213</lt></range>
</package>
</affects>
<description>
@@ -2699,10 +4747,13 @@
<freebsdpr>ports/205814</freebsdpr>
<url>http://www.openwall.com/lists/oss-security/2015/11/25/3</url>
<url>https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg03911.html</url>
+ <url>http://git.qemu.org/?p=qemu.git;a=commit;h=00837731d254908a841d69298a4f9f077babaf24</url>
+ <url>https://github.com/seanbruno/qemu-bsd-user/commit/00837731d254908a841d69298a4f9f077babaf24</url>
</references>
<dates>
<discovery>2015-10-16</discovery>
<entry>2016-01-03</entry>
+ <modified>2016-02-13</modified>
</dates>
</vuln>
@@ -3735,7 +5786,7 @@
<affects>
<package>
<name>samba36</name>
- <range><ge>3.6.0</ge><le>3.6.25</le></range>
+ <range><ge>3.6.0</ge><lt>3.6.25_2</lt></range>
</package>
<package>
<name>samba4</name>
@@ -3795,6 +5846,7 @@
<dates>
<discovery>2015-12-16</discovery>
<entry>2015-12-19</entry>
+ <modified>2016-02-05</modified>
</dates>
</vuln>
@@ -8894,11 +10946,13 @@
</description>
<references>
<freebsdpr>ports/203186</freebsdpr>
+ <url>http://www.squid-cache.org/Advisories/SQUID-2015_3.txt</url>
<url>http://www.openwall.com/lists/oss-security/2015/09/18/1</url>
</references>
<dates>
<discovery>2015-09-18</discovery>
<entry>2015-09-18</entry>
+ <modified>2016-02-18</modified>
</dates>
</vuln>
@@ -10295,6 +12349,10 @@
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<blockquote cite="http://www.openssh.com/txt/release-7.0">
+ <p>OpenSSH 6.8 and 6.9 incorrectly set TTYs to be world-writable.
+ Local attackers may be able to write arbitrary messages to
+ logged-in users, including terminal escape sequences. Reported
+ by Nikolay Edigaryev.</p>
<p>Fixed a privilege separation
weakness related to PAM support. Attackers who could successfully
compromise the pre-authentication process for remote code
@@ -10309,11 +12367,14 @@
</description>
<references>
<url>http://www.openssh.com/txt/release-7.0</url>
+ <cvename>CVE-2015-6563</cvename>
+ <cvename>CVE-2015-6564</cvename>
+ <cvename>CVE-2015-6565</cvename>
</references>
<dates>
<discovery>2015-08-11</discovery>
<entry>2015-08-21</entry>
- <modified>2016-01-15</modified>
+ <modified>2016-02-14</modified>
</dates>
</vuln>
@@ -10581,7 +12642,7 @@
<affects>
<package>
<name>jasper</name>
- <range><le>1.900.1_14</le></range>
+ <range><lt>1.900.1_16</lt></range>
</package>
</affects>
<description>
@@ -10611,7 +12672,7 @@
<dates>
<discovery>2015-08-17</discovery>
<entry>2015-08-18</entry>
- <modified>2015-08-20</modified>
+ <modified>2016-02-24</modified>
</dates>
</vuln>
More information about the Midnightbsd-cvs
mailing list