Author: sectracker Date: 2016-12-08 21:10:19 +0000 (Thu, 08 Dec 2016) New Revision: 46916
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-12-08 20:16:21 UTC (rev 46915) +++ data/CVE/list 2016-12-08 21:10:19 UTC (rev 46916) @@ -1,3 +1,35 @@ +CVE-2016-9918 (In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" ...) + TODO: check +CVE-2016-9917 (In BlueZ 5.42, a buffer overflow was observed in "read_n" function in ...) + TODO: check +CVE-2016-9906 + RESERVED +CVE-2016-9905 + RESERVED +CVE-2016-9904 + RESERVED +CVE-2016-9903 + RESERVED +CVE-2016-9902 + RESERVED +CVE-2016-9901 + RESERVED +CVE-2016-9900 + RESERVED +CVE-2016-9899 + RESERVED +CVE-2016-9898 + RESERVED +CVE-2016-9897 + RESERVED +CVE-2016-9896 + RESERVED +CVE-2016-9895 + RESERVED +CVE-2016-9894 + RESERVED +CVE-2016-9893 + RESERVED CVE-2017-3729 RESERVED CVE-2017-3728 @@ -1006,8 +1038,8 @@ RESERVED CVE-2016-9889 RESERVED -CVE-2016-9888 - RESERVED +CVE-2016-9888 (An error within the "tar_directory_for_file()" function ...) + TODO: check CVE-2016-9887 RESERVED CVE-2016-9886 @@ -1055,6 +1087,7 @@ NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=189851 NOTE: Fixed by: https://git.kernel.org/linus/79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2 (v4.9-rc8) CVE-2016-9912 [display: virtio-gpu: memory leakage when destroying gpu resource] + RESERVED - qemu <unfixed> (bug #847391) [jessie] - qemu <not-affected> (Vulnerable code not present) [wheezy] - qemu <not-affected> (Vulnerable code not present) @@ -1062,6 +1095,7 @@ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05043.html NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/12 CVE-2016-9916 [9pfs: add cleanup operation for proxy backend driver] + RESERVED - qemu <unfixed> (bug #847496) - qemu-kvm <removed> NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html @@ -1069,6 +1103,7 @@ NOTE: Proxy filesystem driver introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=4c793dda22213a7aba8e4d9a814e8f368a5f8bf7 (v1.0-rc0) NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11 CVE-2016-9915 [9pfs: add cleanup operation for handle backend driver] + RESERVED - qemu <unfixed> (bug #847496) - qemu-kvm <removed> NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html @@ -1076,12 +1111,14 @@ NOTE: handle based fs driver introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=5f5422258e1f50f871bafcc5bfb2b498f414a310 (v1.0-rc0) NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11 CVE-2016-9914 [9pfs: add cleanup operation in FileOperations] + RESERVED - qemu <unfixed> (bug #847496) - qemu-kvm <removed> NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=702dbcc274e2ca43be20ba64c758c0ca57dab91d (v2.8.0-rc2) NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11 CVE-2016-9913 [9pfs: adjust the order of resource cleanup in device unrealize] + RESERVED - qemu <unfixed> (bug #847496) [wheezy] - qemu <not-affected> (Vulnerable code not present) - qemu-kvm <removed> @@ -1090,17 +1127,20 @@ NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=4774718e5c194026ba5ee7a28d9be49be3080e42 (v2.8.0-rc2) NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11 CVE-2016-9911 [usb: ehci: memory leakage in ehci_init_transfer] + RESERVED - qemu <unfixed> - qemu-kvm <removed> NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=791f97758e223de3290592d169f (v2.8.0-rc0) NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/10 CVE-2016-9907 [usb: redirector: memory leakage when destroying redirector] + RESERVED - qemu <unfixed> - qemu-kvm <removed> NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg01379.html NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=07b026fd82d6cf11baf7d7c603c4f5f6070b35bf NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/3 CVE-2016-9908 [display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset] + RESERVED - qemu <unfixed> (bug #847400) [jessie] - qemu <not-affected> (Vulnerable code not present) [wheezy] - qemu <not-affected> (Vulnerable code not present) @@ -1268,17 +1308,20 @@ CVE-2017-3150 RESERVED CVE-2016-9920 [Command Execution via Email] + {DLA-737-1} - roundcube <unfixed> (bug #847287) NOTE: https://blog.ripstech.com/2016/roundcube-command-execution-via-email/ NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/f84233785ddeed01445fc855f3ae1e8a62f167e1 NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/aa6bf38843f51a0fc7205acc98a7b84f3c4c9c4f CVE-2016-9910 [for the mishandling of all of the other mentioned characters in attribute values] + RESERVED - html5lib 0.999999999-1 [jessie] - html5lib <no-dsa> (Minor issue) NOTE: Fixed by: https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7 NOTE: https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068 NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/5 CVE-2016-9909 [for the mishandling of the '<' character in attribute values] + RESERVED - html5lib 0.999999999-1 [jessie] - html5lib <no-dsa> (Minor issue) NOTE: Fixed by: https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7 @@ -1734,8 +1777,7 @@ RESERVED CVE-2017-2925 RESERVED -CVE-2016-9839 - RESERVED +CVE-2016-9839 (In MapServer before 7.0.3, OGR driver error messages are too verbose ...) {DLA-734-1} - mapserver 7.0.3-1 [jessie] - mapserver <no-dsa> (Minor issue) @@ -9289,6 +9331,7 @@ CVE-2016-9153 RESERVED CVE-2016-9152 (Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in ...) + {DLA-738-1} - spip <unfixed> (bug #847156) NOTE: https://core.spip.net/projects/spip/repository/revisions/23290 CVE-2016-9151 (Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x ...) @@ -10795,8 +10838,7 @@ CVE-2016-8656 RESERVED NOT-FOR-US: Red Hat JBoss; jbossas init script -CVE-2016-8655 [af_packet.c race condition (local root)] - RESERVED +CVE-2016-8655 (Race condition in net/packet/af_packet.c in the Linux kernel through ...) - linux <unfixed> NOTE: http://seclists.org/oss-sec/2016/q4/607 NOTE: Introduced by: https://git.kernel.org/linus/f6fb8f100b807378fda19e83e5ac6828b638603a (v3.2-rc1) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits