[Secure-testing-commits] r46916 - data/CVE

security tracker role Thu, 08 Dec 2016 13:11:01 -0800

Author: sectracker
Date: 2016-12-08 21:10:19 +0000 (Thu, 08 Dec 2016)
New Revision: 46916


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-12-08 20:16:21 UTC (rev 46915)
+++ data/CVE/list       2016-12-08 21:10:19 UTC (rev 46916)
@@ -1,3 +1,35 @@
+CVE-2016-9918 (In BlueZ 5.42, an out-of-bounds read was identified in 
&quot;packet_hexdump&quot; ...)
+       TODO: check
+CVE-2016-9917 (In BlueZ 5.42, a buffer overflow was observed in 
&quot;read_n&quot; function in ...)
+       TODO: check
+CVE-2016-9906
+       RESERVED
+CVE-2016-9905
+       RESERVED
+CVE-2016-9904
+       RESERVED
+CVE-2016-9903
+       RESERVED
+CVE-2016-9902
+       RESERVED
+CVE-2016-9901
+       RESERVED
+CVE-2016-9900
+       RESERVED
+CVE-2016-9899
+       RESERVED
+CVE-2016-9898
+       RESERVED
+CVE-2016-9897
+       RESERVED
+CVE-2016-9896
+       RESERVED
+CVE-2016-9895
+       RESERVED
+CVE-2016-9894
+       RESERVED
+CVE-2016-9893
+       RESERVED
 CVE-2017-3729
        RESERVED
 CVE-2017-3728
@@ -1006,8 +1038,8 @@
        RESERVED
 CVE-2016-9889
        RESERVED
-CVE-2016-9888
-       RESERVED
+CVE-2016-9888 (An error within the &quot;tar_directory_for_file()&quot; 
function ...)
+       TODO: check
 CVE-2016-9887
        RESERVED
 CVE-2016-9886
@@ -1055,6 +1087,7 @@
        NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=189851
        NOTE: Fixed by: 
https://git.kernel.org/linus/79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2 (v4.9-rc8)
 CVE-2016-9912 [display: virtio-gpu: memory leakage when destroying gpu 
resource]
+       RESERVED
        - qemu <unfixed> (bug #847391)
        [jessie] - qemu <not-affected> (Vulnerable code not present)
        [wheezy] - qemu <not-affected> (Vulnerable code not present)
@@ -1062,6 +1095,7 @@
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05043.html
        NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/12
 CVE-2016-9916 [9pfs: add cleanup operation for proxy backend driver]
+       RESERVED
        - qemu <unfixed> (bug #847496)
        - qemu-kvm <removed>
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
@@ -1069,6 +1103,7 @@
        NOTE: Proxy filesystem driver introduced in: 
http://git.qemu.org/?p=qemu.git;a=commit;h=4c793dda22213a7aba8e4d9a814e8f368a5f8bf7
 (v1.0-rc0)
        NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11
 CVE-2016-9915 [9pfs: add cleanup operation for handle backend driver]
+       RESERVED
        - qemu <unfixed> (bug #847496)
        - qemu-kvm <removed>
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
@@ -1076,12 +1111,14 @@
        NOTE: handle based fs driver introduced in: 
http://git.qemu.org/?p=qemu.git;a=commit;h=5f5422258e1f50f871bafcc5bfb2b498f414a310
 (v1.0-rc0)
        NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11
 CVE-2016-9914 [9pfs: add cleanup operation in FileOperations]
+       RESERVED
        - qemu <unfixed> (bug #847496)
        - qemu-kvm <removed>
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
        NOTE: Fixed by: 
http://git.qemu.org/?p=qemu.git;a=commit;h=702dbcc274e2ca43be20ba64c758c0ca57dab91d
 (v2.8.0-rc2)
        NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11
 CVE-2016-9913 [9pfs: adjust the order of resource cleanup in device unrealize]
+       RESERVED
        - qemu <unfixed> (bug #847496)
        [wheezy] - qemu <not-affected> (Vulnerable code not present)
        - qemu-kvm <removed>
@@ -1090,17 +1127,20 @@
        NOTE: Fixed by: 
http://git.qemu.org/?p=qemu.git;a=commit;h=4774718e5c194026ba5ee7a28d9be49be3080e42
 (v2.8.0-rc2)
        NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11
 CVE-2016-9911 [usb: ehci: memory leakage in ehci_init_transfer]
+       RESERVED
        - qemu <unfixed>
        - qemu-kvm <removed>
        NOTE: 
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=791f97758e223de3290592d169f 
(v2.8.0-rc0)
        NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/10
 CVE-2016-9907 [usb: redirector: memory leakage when destroying redirector]
+       RESERVED
        - qemu <unfixed>
        - qemu-kvm <removed>
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg01379.html
        NOTE: 
http://git.qemu.org/?p=qemu.git;a=commit;h=07b026fd82d6cf11baf7d7c603c4f5f6070b35bf
        NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/3
 CVE-2016-9908 [display: virtio-gpu-3d: information leakage in 
virgl_cmd_get_capset]
+       RESERVED
        - qemu <unfixed> (bug #847400)
        [jessie] - qemu <not-affected> (Vulnerable code not present)
        [wheezy] - qemu <not-affected> (Vulnerable code not present)
@@ -1268,17 +1308,20 @@
 CVE-2017-3150
        RESERVED
 CVE-2016-9920 [Command Execution via Email]
+       {DLA-737-1}
        - roundcube <unfixed> (bug #847287)
        NOTE: 
https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
        NOTE: Fixed by: 
https://github.com/roundcube/roundcubemail/commit/f84233785ddeed01445fc855f3ae1e8a62f167e1
        NOTE: Fixed by: 
https://github.com/roundcube/roundcubemail/commit/aa6bf38843f51a0fc7205acc98a7b84f3c4c9c4f
 CVE-2016-9910 [for the mishandling of all of the other mentioned characters in 
attribute values]
+       RESERVED
        - html5lib 0.999999999-1
        [jessie] - html5lib <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7
        NOTE: 
https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068
        NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/5
 CVE-2016-9909 [for the mishandling of the '<' character in attribute values]
+       RESERVED
        - html5lib 0.999999999-1
        [jessie] - html5lib <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7
@@ -1734,8 +1777,7 @@
        RESERVED
 CVE-2017-2925
        RESERVED
-CVE-2016-9839
-       RESERVED
+CVE-2016-9839 (In MapServer before 7.0.3, OGR driver error messages are too 
verbose ...)
        {DLA-734-1}
        - mapserver 7.0.3-1
        [jessie] - mapserver <no-dsa> (Minor issue)
@@ -9289,6 +9331,7 @@
 CVE-2016-9153
        RESERVED
 CVE-2016-9152 (Cross-site scripting (XSS) vulnerability in 
ecrire/exec/plonger.php in ...)
+       {DLA-738-1}
        - spip <unfixed> (bug #847156)
        NOTE: https://core.spip.net/projects/spip/repository/revisions/23290
 CVE-2016-9151 (Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 
6.0.x ...)
@@ -10795,8 +10838,7 @@
 CVE-2016-8656
        RESERVED
        NOT-FOR-US: Red Hat JBoss; jbossas init script
-CVE-2016-8655 [af_packet.c race condition (local root)]
-       RESERVED
+CVE-2016-8655 (Race condition in net/packet/af_packet.c in the Linux kernel 
through ...)
        - linux <unfixed>
        NOTE: http://seclists.org/oss-sec/2016/q4/607
        NOTE: Introduced by: 
https://git.kernel.org/linus/f6fb8f100b807378fda19e83e5ac6828b638603a (v3.2-rc1)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46916 - data/CVE

Reply via email to