Author: sectracker
Date: 2016-12-12 21:10:11 +0000 (Mon, 12 Dec 2016)
New Revision: 47010
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-12 21:06:08 UTC (rev 47009)
+++ data/CVE/list 2016-12-12 21:10:11 UTC (rev 47010)
@@ -1,3 +1,17 @@
+CVE-2016-9931
+ RESERVED
+CVE-2016-9930
+ RESERVED
+CVE-2016-9929
+ RESERVED
+CVE-2016-9927
+ RESERVED
+CVE-2016-9926
+ RESERVED
+CVE-2016-9925
+ RESERVED
+CVE-2016-9924
+ RESERVED
CVE-2016-9936 [Use After Free in PHP7 unserialize()]
- php7.0 7.0.14-1
NOTE: Fixed in PHP 7.0.14 and 7.1.0
@@ -7973,101 +7987,80 @@
NOTE: Upstream patch:
https://bugs.php.net/patch-display.php?bug_id=67397&patch=bug67397-patch&revision=latest
NOTE: PHP workaround for CVE-2014-9911 in icu
TODO: double-check first fixing version in unstable
-CVE-2016-4412 [phpMyAdmin PMASA-2016-57]
- RESERVED
+CVE-2016-4412 (An issue was discovered in phpMyAdmin. A user can be tricked
into ...)
- phpmyadmin 4:4.1.7-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-57/
NOTE: may affect wheezy only.
-CVE-2016-9847 [phpMyAdmin PMASA-2016-58]
- RESERVED
+CVE-2016-9847 (An issue was discovered in phpMyAdmin. When the user does not
specify ...)
- phpmyadmin 4:4.6.5.1-1 (unimportant)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-58/
NOTE: Debian packaging generates blowfish secret
-CVE-2016-9848 [phpMyAdmin PMASA-2016-59]
- RESERVED
+CVE-2016-9848 (An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php)
shows PHP ...)
- phpmyadmin 4:4.6.5.1-1 (unimportant)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-59/
NOTE: disabled by default, debugging setting required
-CVE-2016-9849 [phpMyAdmin PMASA-2016-60]
- RESERVED
+CVE-2016-9849 (An issue was discovered in phpMyAdmin. It is possible to bypass
...)
- phpmyadmin 4:4.6.5.1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-60/
-CVE-2016-9850 [phpMyAdmin PMASA-2016-61]
- RESERVED
+CVE-2016-9850 (An issue was discovered in phpMyAdmin. Username matching for
the ...)
- phpmyadmin 4:4.6.5.1-1 (low)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-61/
-CVE-2016-9851 [phpMyAdmin PMASA-2016-62]
- RESERVED
+CVE-2016-9851 (An issue was discovered in phpMyAdmin. With a crafted request
...)
- phpmyadmin 4:4.6.5.1-1 (unimportant)
[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-62/
-CVE-2016-9852 [phpMyAdmin PMASA-2016-63]
- RESERVED
+CVE-2016-9852 (An issue was discovered in phpMyAdmin. By calling some scripts
that ...)
- phpmyadmin 4:4.6.5.1-1 (unimportant)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/
NOTE: path disclosure not relevant in Debian
-CVE-2016-9853 [phpMyAdmin PMASA-2016-63]
- RESERVED
+CVE-2016-9853 (An issue was discovered in phpMyAdmin. By calling some scripts
that ...)
- phpmyadmin 4:4.6.5.1-1 (unimportant)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/
NOTE: path disclosure not relevant in Debian
-CVE-2016-9854 [phpMyAdmin PMASA-2016-63]
- RESERVED
+CVE-2016-9854 (An issue was discovered in phpMyAdmin. By calling some scripts
that ...)
- phpmyadmin 4:4.6.5.1-1 (unimportant)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/
NOTE: path disclosure not relevant in Debian
-CVE-2016-9855 [phpMyAdmin PMASA-2016-63]
- RESERVED
+CVE-2016-9855 (An issue was discovered in phpMyAdmin. By calling some scripts
that ...)
- phpmyadmin 4:4.6.5.1-1 (unimportant)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/
NOTE: path disclosure not relevant in Debian
-CVE-2016-9856 [phpMyAdmin PMASA-2016-64]
- RESERVED
+CVE-2016-9856 (An XSS issue was discovered in phpMyAdmin because of an
improper fix ...)
- phpmyadmin 4:4.6.5.1-1 (unimportant)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-64/
-CVE-2016-9857 [phpMyAdmin PMASA-2016-64]
- RESERVED
+CVE-2016-9857 (An issue was discovered in phpMyAdmin. XSS is possible because
of a ...)
- phpmyadmin 4:4.6.5.1-1 (unimportant)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-64/
-CVE-2016-9858 [phpMyAdmin PMASA-2016-65]
- RESERVED
+CVE-2016-9858 (An issue was discovered in phpMyAdmin. With a crafted request
...)
- phpmyadmin 4:4.6.5.1-1 (unimportant)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/
-CVE-2016-9859 [phpMyAdmin PMASA-2016-65]
- RESERVED
+CVE-2016-9859 (An issue was discovered in phpMyAdmin. With a crafted request
...)
- phpmyadmin 4:4.6.5.1-1 (unimportant)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/
-CVE-2016-9860 [phpMyAdmin PMASA-2016-65]
- RESERVED
+CVE-2016-9860 (An issue was discovered in phpMyAdmin. An unauthenticated user
can ...)
- phpmyadmin 4:4.6.5.1-1 (unimportant)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/
-CVE-2016-9861 [phpMyAdmin PMASA-2016-66]
- RESERVED
+CVE-2016-9861 (An issue was discovered in phpMyAdmin. Due to the limitation in
URL ...)
- phpmyadmin 4:4.6.5.1-1 (low)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-66/
-CVE-2016-9862 [phpMyAdmin PMASA-2016-67]
- RESERVED
+CVE-2016-9862 (An issue was discovered in phpMyAdmin. With a crafted login
request it ...)
- phpmyadmin 4:4.6.5.1-1
[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-67/
-CVE-2016-9863 [phpMyAdmin PMASA-2016-68]
- RESERVED
+CVE-2016-9863 (An issue was discovered in phpMyAdmin. With a very large
request to ...)
- phpmyadmin 4:4.6.5.1-1 (unimportant)
[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-68/
-CVE-2016-9864 [phpMyAdmin PMASA-2016-69]
- RESERVED
+CVE-2016-9864 (An issue was discovered in phpMyAdmin. With a crafted username
or a ...)
- phpmyadmin 4:4.6.5.1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-69/
-CVE-2016-9865 [phpMyAdmin PMASA-2016-70]
- RESERVED
+CVE-2016-9865 (An issue was discovered in phpMyAdmin. Due to a bug in
serialized ...)
- phpmyadmin 4:4.6.5.1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-70/
-CVE-2016-9866 [phpMyAdmin PMASA-2016-71]
- RESERVED
+CVE-2016-9866 (An issue was discovered in phpMyAdmin. When the arg_separator
is ...)
- phpmyadmin 4:4.6.5.1-1 (unimportant)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-71/
NOTE: unlikely PHP configuration required, unclear impact
@@ -8173,75 +8166,63 @@
NOTE: Fixed by:
https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2
NOTE: Fixed by (later followed up):
https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9
NOTE: Fixed by (later followed up):
https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
-CVE-2016-9633
- RESERVED
+CVE-2016-9633 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-33
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/23
-CVE-2016-9632
- RESERVED
+CVE-2016-9632 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-33
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/43
-CVE-2016-9631
- RESERVED
+CVE-2016-9631 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-33
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/42
-CVE-2016-9630
- RESERVED
+CVE-2016-9630 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-33
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/41
-CVE-2016-9629
- RESERVED
+CVE-2016-9629 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-33
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/40
-CVE-2016-9628
- RESERVED
+CVE-2016-9628 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-33
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/39
-CVE-2016-9627
- RESERVED
+CVE-2016-9627 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-33
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/38
NOTE:
https://github.com/tats/w3m/commit/0c3f5d0e0d9269ad47b8f4b061d7818993913189
-CVE-2016-9626
- RESERVED
+CVE-2016-9626 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-33
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/37
-CVE-2016-9625
- RESERVED
+CVE-2016-9625 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-33
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/36
-CVE-2016-9624
- RESERVED
+CVE-2016-9624 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-33
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/35
-CVE-2016-9623
- RESERVED
+CVE-2016-9623 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-33
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/33
-CVE-2016-9622
- RESERVED
+CVE-2016-9622 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-33
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
@@ -8340,6 +8321,7 @@
CVE-2016-9444
RESERVED
CVE-2016-9928 [MCabber before 1.0.4 allows remote attackers to modify the
roster and intercept messages via a crafted roster-push IQ stanza]
+ RESERVED
{DLA-724-1}
- mcabber <unfixed> (bug #845258)
[jessie] - mcabber <no-dsa> (Minor issue)
@@ -8682,44 +8664,37 @@
- drupal7 7.52-1
NOTE: https://www.drupal.org/SA-CORE-2016-005
NOTE: http://www.openwall.com/lists/oss-security/2016/11/18/8
-CVE-2016-9443
- RESERVED
+CVE-2016-9443 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/28
-CVE-2016-9442
- RESERVED
+CVE-2016-9442 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE:
https://github.com/tats/w3m/commit/d43527cfa0dbb3ccefec4a6f7b32c1434739aa29
-CVE-2016-9441
- RESERVED
+CVE-2016-9441 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/24
-CVE-2016-9440
- RESERVED
+CVE-2016-9440 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/22
-CVE-2016-9439
- RESERVED
+CVE-2016-9439 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-33 (bug #844726)
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/20
-CVE-2016-9438
- RESERVED
+CVE-2016-9438 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/18
-CVE-2016-9437
- RESERVED
+CVE-2016-9437 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
@@ -8738,50 +8713,42 @@
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/16
NOTE: Fixed by:
https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd
-CVE-2016-9434
- RESERVED
+CVE-2016-9434 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/15
-CVE-2016-9433
- RESERVED
+CVE-2016-9433 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/14
-CVE-2016-9432
- RESERVED
+CVE-2016-9432 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/13
-CVE-2016-9431
- RESERVED
+CVE-2016-9431 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/10
-CVE-2016-9430
- RESERVED
+CVE-2016-9430 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/7
-CVE-2016-9429
- RESERVED
+CVE-2016-9429 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/29
-CVE-2016-9428
- RESERVED
+CVE-2016-9428 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/26
-CVE-2016-9427
- RESERVED
+CVE-2016-9427 (Integer overflow vulnerability in bdwgc before 2016-09-27
allows ...)
{DLA-721-1}
[experimental] - libgc 1:7.4.4-1
- libgc <unfixed> (bug #844771)
@@ -8789,32 +8756,27 @@
NOTE: Fixed by
https://github.com/ivmai/bdwgc/commit/4e1a6f9d8f2a49403bbd00b8c8e5324048fb84d4
NOTE: Fixed by
https://github.com/ivmai/bdwgc/commit/7292c02fac2066d39dd1bcc37d1a7054fd1e32ee
NOTE: Fixed by
https://github.com/ivmai/bdwgc/commit/552ad0834672fed86ada6430150ef9ebdd3f54d7
-CVE-2016-9426
- RESERVED
+CVE-2016-9426 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/25
-CVE-2016-9425
- RESERVED
+CVE-2016-9425 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/21
-CVE-2016-9424
- RESERVED
+CVE-2016-9424 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/12
-CVE-2016-9423
- RESERVED
+CVE-2016-9423 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/9
-CVE-2016-9422
- RESERVED
+CVE-2016-9422 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
[wheezy] - w3m <no-dsa> (Minor issue)
@@ -9665,8 +9627,7 @@
RESERVED
CVE-2014-9909
RESERVED
-CVE-2016-9106 [9pfs: memory leakage in v9fs_write]
- RESERVED
+CVE-2016-9106 (Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU
(aka ...)
{DLA-698-1 DLA-689-1}
- qemu <unfixed> (bug #842463)
- qemu-kvm <removed>
@@ -9676,8 +9637,7 @@
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02623.html
NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/4
NOTE:
http://git.qemu.org/?p=qemu.git;a=commit;h=fdfcc9aeea1492f4b819a24c94dfb678145b1bf9
-CVE-2016-9105 [memory leakage in v9fs_link]
- RESERVED
+CVE-2016-9105 (Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU
(aka ...)
{DLA-698-1 DLA-689-1}
- qemu <unfixed> (bug #842463)
- qemu-kvm <removed>
@@ -9687,8 +9647,7 @@
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02608.html
NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/3
NOTE:
http://git.qemu.org/?p=qemu.git;a=commit;h=4c1586787ff43c9acd18a56c12d720e3e6be9f7c
-CVE-2016-9104 [9pfs: integer overflow leading to OOB access]
- RESERVED
+CVE-2016-9104 (Multiple integer overflows in the (1) v9fs_xattr_read and (2)
...)
{DLA-698-1 DLA-689-1}
- qemu <unfixed> (bug #842463)
- qemu-kvm <removed>
@@ -9697,8 +9656,7 @@
NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.html
NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/2
-CVE-2016-9103 [9pfs: information leakage via xattribute]
- RESERVED
+CVE-2016-9103 (The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka
Quick ...)
{DLA-698-1 DLA-689-1}
- qemu <unfixed> (bug #842463)
- qemu-kvm <removed>
@@ -9708,8 +9666,7 @@
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01790.html
NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/1
NOTE:
http://git.qemu.org/?p=qemu.git;a=commit;h=eb687602853b4ae656e9236ee4222609f3a6887d
-CVE-2016-9102 [memory leakage when creating extended attribute]
- RESERVED
+CVE-2016-9102 (Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in
QEMU ...)
{DLA-698-1 DLA-689-1}
- qemu <unfixed> (bug #842463)
- qemu-kvm <removed>
@@ -9720,8 +9677,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1389550
NOTE: http://www.openwall.com/lists/oss-security/2016/10/27/15
NOTE:
http://git.qemu.org/?p=qemu.git;a=commit;h=ff55e94d23ae94c8628b0115320157c763eb3e06
-CVE-2016-9101 [net: eepro100 memory leakage at device unplug]
- RESERVED
+CVE-2016-9101 (Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator)
allows ...)
{DLA-698-1 DLA-689-1}
- qemu <unfixed> (bug #842455)
- qemu-kvm <removed>
@@ -9946,15 +9902,13 @@
CVE-2016-9015 [certificate verification failure]
RESERVED
- python-urllib3 <not-affected> (Issue only present in 1.17 and 1.18
releases)
-CVE-2016-9014 [DNS rebinding vulnerability when DEBUG=True]
- RESERVED
+CVE-2016-9014 (Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and
1.10.x ...)
{DLA-706-1}
- python-django 1:1.10.3-1 (bug #842856)
[jessie] - python-django <no-dsa> (Minor issue; can be updated via
point release)
NOTE:
https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
NOTE:
https://github.com/django/django/commit/7fe2d8d940fdddd1a02c4754008a27060c4a03e9
-CVE-2016-9013 [User with hardcoded password created when running tests on
Oracle]
- RESERVED
+CVE-2016-9013 (Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x
before ...)
- python-django 1:1.10.3-1 (bug #842856)
[jessie] - python-django <no-dsa> (Minor issue; can be updated via
point release)
[wheezy] - python-django <no-dsa> (Minor issue; specific to Oracle)
@@ -12188,8 +12142,7 @@
NOTE: Apache say that issue needs to be fixed in any vendor/product
using Apache Commons FileUpload
NOTE: DiskFileItem as described in the given advisory.
NOTE: Thus we are not going to diverge from Apache upstream here.
-CVE-2016-7466 [usb: xhci memory leakage during device unplug]
- RESERVED
+CVE-2016-7466 (Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c
in QEMU ...)
- qemu 1:2.7+dfsg-1 (bug #838687)
[jessie] - qemu <no-dsa> (Minor issue, needs qemu monitor access to
unplug nec-xhci controller)
[wheezy] - qemu <no-dsa> (Minor issue, needs qemu monitor access to
unplug nec-xhci controller)
@@ -12337,8 +12290,7 @@
NOTE: LSI SAS1068 (mptsas) device support added in
NOTE:
http://git.qemu.org/?p=qemu.git;a=commit;h=e351b82611293683c4cabe4b69b7552bde5d4e2a
(v2.6.0-rc0)
NOTE: Fixed by:
http://git.qemu.org/?p=qemu.git;a=commit;h=670e56d3ed2918b3861d9216f2c0540d9e9ae0d5
-CVE-2016-7422 [virtio: null pointer dereference in virtqueue_map_desc]
- RESERVED
+CVE-2016-7422 (The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU
(aka ...)
- qemu 1:2.7+dfsg-1 (bug #838146)
[jessie] - qemu <not-affected> (Vulnerable code introduced later)
[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
@@ -12350,8 +12302,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1376755
NOTE: Introduced by:
http://git.qemu.org/?p=qemu.git;a=commit;h=3b3b0628217e2726069990ff9942a5d6d9816bd7
(v2.6.0-rc0)
NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/4
-CVE-2016-7421 [scsi: pvscsi: infinite loop when processing IO requests]
- RESERVED
+CVE-2016-7421 (The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c
in QEMU ...)
- qemu 1:2.7+dfsg-1 (bug #838147)
[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced
after 1.5)
- qemu-kvm <not-affected> (Vulnerable code not present, introduced
after 1.5)
@@ -13442,8 +13393,7 @@
NOTE: 1.3.21-2 the build is done with --with-quantum-depth=16 switching
NOTE: away from the default with QuantumDepth=8
NOTE: patch for this and CVE-2016-7997 at:
http://openwall.com/lists/oss-security/2016/10/07/4
-CVE-2016-7995 [usb: hcd-ehci: memory leak in ehci_process_itd]
- RESERVED
+CVE-2016-7995 (Memory leak in the ehci_process_itd function in
hw/usb/hcd-ehci.c in ...)
- qemu <unfixed> (bug #840236)
[jessie] - qemu <not-affected> (Vulnerable code introduced in
v2.6.0-rc0)
[wheezy] - qemu <not-affected> (Vulnerable code introduced in
v2.6.0-rc0)
@@ -13457,8 +13407,7 @@
NOTE: Though this commit fixed an OOB read access issue which might need
NOTE: potentially a new separate CVE id if it does not have one yet.
TODO: double-check notes and analysis
-CVE-2016-7994 [virtio-gpu: memory leak in virtio_gpu_resource_create_2d]
- RESERVED
+CVE-2016-7994 (Memory leak in the virtio_gpu_resource_create_2d function in
...)
- qemu <unfixed> (bug #840228)
[jessie] - qemu <not-affected> (Vulnerable code introduced in 2.4.0-rc0)
[wheezy] - qemu <not-affected> (Vulnerable code introduced in 2.4.0-rc0)
@@ -15586,8 +15535,7 @@
RESERVED
CVE-2016-7171 (NetApp Plug-in for Symantec NetBackup prior to version 2.0.1
makes use ...)
TODO: check
-CVE-2016-7170 [vmware_vga: OOB stack memory access when processing svga
command]
- RESERVED
+CVE-2016-7170 (The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU
(aka ...)
{DLA-653-1 DLA-652-1}
- qemu <unfixed> (bug #837316)
- qemu-kvm <removed>
@@ -15709,8 +15657,7 @@
NOTE:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ed38046c5c2e3b310980be32287179895c83e0d8
(n3.1.4)
CVE-2016-7121
RESERVED
-CVE-2016-7155 [scsi: pvscsi: OOB read and infinite loop while setting
descriptor rings]
- RESERVED
+CVE-2016-7155 (hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local
guest ...)
- qemu 1:2.6+dfsg-3.1 (bug #837174)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced
after v1.5)
@@ -15723,8 +15670,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373462
NOTE: http://www.openwall.com/lists/oss-security/2016/09/06/2
NOTE: Vulnerable code introduced after version 1.5:
http://wiki.qemu.org/ChangeLog/1.5
-CVE-2016-7156 [scsi: pvscsi: infintie loop when building SG list]
- RESERVED
+CVE-2016-7156 (The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in
QEMU ...)
- qemu 1:2.6+dfsg-3.1 (bug #837339)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced
after v1.5)
@@ -15737,8 +15683,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373478
NOTE: http://www.openwall.com/lists/oss-security/2016/09/06/3
NOTE: Vulnerable code introduced after version 1.5:
http://wiki.qemu.org/ChangeLog/1.5
-CVE-2016-7157 [mptsas: invalid memory access while building configuration
pages]
- RESERVED
+CVE-2016-7157 (The (1) mptsas_config_manufacturing_1 and (2)
mptsas_config_ioc_0 ...)
- qemu 1:2.6+dfsg-3.1 (bug #837603)
[jessie] - qemu <not-affected> (Vulnerable code not present, introduced
after v2.6)
[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced
after v2.6)
@@ -15941,8 +15886,7 @@
NOTE: Bit of complicated tracking information. For jessie the affected
version is not in any yet
NOTE: released version, thus should be n/a. wheezy OTOH, has already
the issue in a released version. Issue then was fixed in 3.2.81-2 in DLA-609-1
NOTE: http://www.openwall.com/lists/oss-security/2016/08/31/1
-CVE-2016-7116 [9p: directory traversal flaw in 9p virtio backend]
- RESERVED
+CVE-2016-7116 (Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka
Quick ...)
{DLA-619-1 DLA-618-1}
- qemu 1:2.6+dfsg-3.1 (bug #836502)
[jessie] - qemu <no-dsa> (Minor issue)
@@ -16627,8 +16571,8 @@
NOT-FOR-US: Huawei FusionAccess
CVE-2016-6838 (Huawei X6800 and XH620 V3 servers with software before ...)
NOT-FOR-US: Huawei FusionServer
-CVE-2016-6829
- RESERVED
+CVE-2016-6829 (The trove service user in (1) Openstack deployment (aka ...)
+ TODO: check
CVE-2016-6827 (Huawei FusionCompute before V100R005C10CP7002 stores cleartext
AES ...)
NOT-FOR-US: Huawei FusionCompute
CVE-2016-6826 (Huawei AnyMail before 2.6.0301.0060 allows remote attackers to
cause a ...)
@@ -16637,8 +16581,7 @@
NOT-FOR-US: Huawei FusionServer Node
CVE-2016-6824 (Huawei AC6003, AC6005, AC6605, and ACU2 access controllers with
...)
NOT-FOR-US: Huawei Campus Switch
-CVE-2016-6888 [net: vmxnet: integer overflow in packet initialisation]
- RESERVED
+CVE-2016-6888 (Integer overflow in the net_tx_pkt_init function in ...)
- qemu 1:2.6+dfsg-3.1 (bug #834902)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3
introduced in 1.5)
@@ -17118,8 +17061,7 @@
[wheezy] - imagemagick 8:6.7.7.10-5+deb7u8
NOTE: Workaround entry for DLA-731-1 until CVE is assigned
NOTE:
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30245
-CVE-2016-6833 [net: vmxnet3: use after free while writing]
- RESERVED
+CVE-2016-6833 (Use-after-free vulnerability in the vmxnet3_io_bar0_write
function in ...)
- qemu 1:2.6+dfsg-3.1 (bug #834904)
[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3
introduced in 1.5)
- qemu-kvm <removed>
@@ -17130,8 +17072,7 @@
NOTE:
http://git.qemu.org/?p=qemu.git;a=commit;h=6c352ca9b4ee3e1e286ea9e8434bd8e69ac7d0d8
NOTE: Upstream patch:
https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01602.html
NOTE: http://www.openwall.com/lists/oss-security/2016/08/12/1
-CVE-2016-6834 [an infinite loop during packet fragmentation]
- RESERVED
+CVE-2016-6834 (The net_tx_pkt_do_sw_fragmentation function in
hw/net/net_tx_pkt.c in ...)
- qemu 1:2.6+dfsg-3.1 (bug #834905)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present, packet
abstraction introduced in 1.5)
@@ -17143,8 +17084,7 @@
NOTE:
http://git.qemu.org/?p=qemu.git;a=commit;h=ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05
NOTE: Upstream patch:
https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01601.html
NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/8
-CVE-2016-6835 [buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3
device emulation]
- RESERVED
+CVE-2016-6835 (The vmxnet_tx_pkt_parse_headers function in
hw/net/vmxnet_tx_pkt.c in ...)
- qemu 1:2.6+dfsg-3.1 (bug #835031)
[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3
introduced in 1.5)
- qemu-kvm <removed>
@@ -17154,8 +17094,7 @@
NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Upstream patch:
https://lists.gnu.org/archive/html/qemu-stable/2016-08/msg00077.html
NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/7
-CVE-2016-6836 [Information leak in vmxnet3_complete_packet]
- RESERVED
+CVE-2016-6836 (The vmxnet3_complete_packet function in hw/net/vmxnet3.c in
QEMU (aka ...)
- qemu 1:2.6+dfsg-3.1 (bug #834944)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3
introduced in 1.5)
@@ -17346,47 +17285,38 @@
NOTE: http://codex.wordpress.org/Version_4.5
NOTE: Fixed by: https://core.trac.wordpress.org/changeset/37124
NOTE: Fixed by:
https://github.com/WordPress/WordPress/commit/cb2b3ed3c7d68f6505bfb5c90257e6aaa3e5fcb9
-CVE-2016-6633
- RESERVED
+CVE-2016-6633 (An issue was discovered in phpMyAdmin. phpMyAdmin can be used
to ...)
- phpmyadmin 4:4.6.4+dfsg1-1
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
-CVE-2016-6632
- RESERVED
+CVE-2016-6632 (An issue was discovered in phpMyAdmin where, under certain
conditions, ...)
- phpmyadmin 4:4.6.4+dfsg1-1
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-55/
-CVE-2016-6631
- RESERVED
+CVE-2016-6631 (An issue was discovered in phpMyAdmin. A user can execute a
remote ...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-54/
-CVE-2016-6630
- RESERVED
+CVE-2016-6630 (An issue was discovered in phpMyAdmin. An authenticated user
can ...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-53/
-CVE-2016-6629
- RESERVED
+CVE-2016-6629 (An issue was discovered in phpMyAdmin involving the ...)
- phpmyadmin 4:4.6.4+dfsg1-1
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-52/
-CVE-2016-6628
- RESERVED
+CVE-2016-6628 (An issue was discovered in phpMyAdmin. An attacker may be able
to ...)
- phpmyadmin 4:4.6.4+dfsg1-1
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-51/
-CVE-2016-6627
- RESERVED
+CVE-2016-6627 (An issue was discovered in phpMyAdmin. An attacker can
determine the ...)
- phpmyadmin 4:4.6.4+dfsg1-1
[wheezy] - phpmyadmin <no-dsa> (Not critical enough)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-50/
-CVE-2016-6626
- RESERVED
+CVE-2016-6626 (An issue was discovered in phpMyAdmin. An attacker could
redirect a ...)
- phpmyadmin 4:4.6.4+dfsg1-1
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-49/
-CVE-2016-6625
- RESERVED
+CVE-2016-6625 (An issue was discovered in phpMyAdmin. An attacker can
determine ...)
- phpmyadmin 4:4.6.4+dfsg1-1
[wheezy] - phpmyadmin <no-dsa> (Not critical enough)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-48/
@@ -17396,18 +17326,15 @@
NOTE: printing can show more information than what should be used in
NOTE: a production environment. This is the motivation that it is not
NOTE: solved for wheezy.
-CVE-2016-6624
- RESERVED
+CVE-2016-6624 (An issue was discovered in phpMyAdmin involving improper
enforcement ...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-47/
-CVE-2016-6623
- RESERVED
+CVE-2016-6623 (An issue was discovered in phpMyAdmin. An authorized user can
cause a ...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-46/
-CVE-2016-6622
- RESERVED
+CVE-2016-6622 (An issue was discovered in phpMyAdmin. An unauthenticated user
is able ...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-45/
@@ -17419,78 +17346,63 @@
NOTE: The issue is not public yet, upstream does not want to
NOTE: disclose details until fix ready
TODO: wait for upstream to release the PMASA-2016-44
-CVE-2016-6620
- RESERVED
+CVE-2016-6620 (An issue was discovered in phpMyAdmin. Some data is passed to
the PHP ...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-43/
-CVE-2016-6619
- RESERVED
+CVE-2016-6619 (An issue was discovered in phpMyAdmin. In the user interface
...)
- phpmyadmin 4:4.6.4+dfsg1-1
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-42/
-CVE-2016-6618
- RESERVED
+CVE-2016-6618 (An issue was discovered in phpMyAdmin. The transformation
feature ...)
- phpmyadmin 4:4.6.4+dfsg1-1
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-41/
-CVE-2016-6617
- RESERVED
+CVE-2016-6617 (An issue was discovered in phpMyAdmin. A specially crafted
database ...)
- phpmyadmin 4:4.6.4+dfsg1-1
[jessie] - phpmyadmin <not-affected> (Only affects 4.6.x)
[wheezy] - phpmyadmin <not-affected> (Only affects 4.6.x)
-CVE-2016-6616
- RESERVED
+CVE-2016-6616 (An issue was discovered in phpMyAdmin. In the "User
group" and ...)
- phpmyadmin 4:4.6.4+dfsg1-1
[wheezy] - phpmyadmin <not-affected> (Only affects 4.4.x onward)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-39/
-CVE-2016-6615
- RESERVED
+CVE-2016-6615 (XSS issues were discovered in phpMyAdmin. This affects
navigation pane ...)
- phpmyadmin 4:4.6.4+dfsg1-1
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-38/
-CVE-2016-6614
- RESERVED
+CVE-2016-6614 (An issue was discovered in phpMyAdmin involving the %u username
...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-37/
-CVE-2016-6613
- RESERVED
+CVE-2016-6613 (An issue was discovered in phpMyAdmin. A user can specially
craft a ...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-36/
-CVE-2016-6612
- RESERVED
+CVE-2016-6612 (An issue was discovered in phpMyAdmin. A user can exploit the
LOAD ...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-35/
-CVE-2016-6611
- RESERVED
+CVE-2016-6611 (An issue was discovered in phpMyAdmin. A specially crafted
database ...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-34/
-CVE-2016-6610
- RESERVED
+CVE-2016-6610 (A full path disclosure vulnerability was discovered in
phpMyAdmin ...)
- phpmyadmin 4:4.6.4+dfsg1-1
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-33/
-CVE-2016-6609
- RESERVED
+CVE-2016-6609 (An issue was discovered in phpMyAdmin. A specially crafted
database ...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-32/
-CVE-2016-6608
- RESERVED
+CVE-2016-6608 (XSS issues were discovered in phpMyAdmin. This affects the
database ...)
- phpmyadmin 4:4.6.4+dfsg1-1
[jessie] - phpmyadmin <not-affected> (Only affects 4.6.x)
[wheezy] - phpmyadmin <not-affected> (Only affects 4.6.x)
-CVE-2016-6607
- RESERVED
+CVE-2016-6607 (XSS issues were discovered in phpMyAdmin. This affects Zoom
search ...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-30/
-CVE-2016-6606
- RESERVED
+CVE-2016-6606 (An issue was discovered in cookie encryption in phpMyAdmin. The
...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-29/
@@ -17950,8 +17862,8 @@
RESERVED
CVE-2016-6502
RESERVED
-CVE-2016-6501
- RESERVED
+CVE-2016-6501 (JFrog Artifactory before 4.11 allows remote attackers to
execute ...)
+ TODO: check
CVE-2016-6500
RESERVED
CVE-2016-6499
@@ -17960,15 +17872,14 @@
RESERVED
CVE-2016-6497
RESERVED
-CVE-2016-6496
- RESERVED
+CVE-2016-6496 (The LDAP directory connector in Atlassian Crowd before 2.8.8
and 2.9.x ...)
+ TODO: check
CVE-2016-6525 (Heap-based buffer overflow in the pdf_load_mesh_params function
in ...)
{DSA-3655-1 DLA-589-1}
- mupdf 1.9a+ds1-1.2 (bug #833417)
NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696954
NOTE: Fixed by:
http://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e
-CVE-2016-6523 [reflected XSS vulnerabilities in media manager]
- RESERVED
+CVE-2016-6523 (Multiple cross-site scripting (XSS) vulnerabilities in the
media ...)
- dotclear <removed>
[jessie] - dotclear <no-dsa> (Minor issue)
NOTE: Fixed by: https://hg.dotclear.org/dotclear/rev/40d0207e520d
@@ -18126,8 +18037,7 @@
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12495
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=581a17af40b84ef0c9e7f41ed0795af345b61ce1
NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
-CVE-2016-6490 [virtio: infinite loop in virtqueue_pop]
- RESERVED
+CVE-2016-6490 (The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU
(aka ...)
- qemu 1:2.6+dfsg-3.1 (bug #832767)
[jessie] - qemu <not-affected> (Vulnerable code not present)
[wheezy] - qemu <not-affected> (Issue introduced later)
@@ -18504,8 +18414,7 @@
NOTE:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617
CVE-2016-6322 (Red Hat QuickStart Cloud Installer (QCI) uses world-readable
...)
NOT-FOR-US: ovirt-engine
-CVE-2016-6321 [Bypassing the extract path name]
- RESERVED
+CVE-2016-6321 (Directory traversal vulnerability in the safer_name_suffix
function in ...)
{DSA-3702-1 DLA-690-1}
- tar 1.29b-1.1 (bug #842339)
NOTE: https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt
@@ -18612,8 +18521,7 @@
NOTE:
https://git.openssl.org/?p=openssl.git;a=commit;h=e97763c92c655dcf4af2860b3abd2bc4c8a267f9
NOTE: https://www.openssl.org/news/secadv/20160922.txt
NOTE: Fixed in 1.0.2i, 1.0.1u
-CVE-2016-6301 [NTP server denial of service flaw]
- RESERVED
+CVE-2016-6301 (The recv_and_process_client_pkt function in networking/ntpd.c
in ...)
- busybox <unfixed> (unimportant; bug #833442)
NOTE: NTP server not enabled by default in debian/config/pkg/* via
CONFIG_NTPD
NOTE: Fixed by:
https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71
@@ -21574,8 +21482,7 @@
- tomcat7 <not-affected> (Red Hat and derivatives packaging specific)
- tomcat6 <not-affected> (Red Hat and derivatives packaging specific)
NOTE:
http://legalhackers.com/advisories/Tomcat-RedHat-Pkgs-Root-PrivEsc-Exploit-CVE-2016-5425.html
-CVE-2016-5424 [Fix client programs' handling of special characters in database
and role names]
- RESERVED
+CVE-2016-5424 (PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before
9.3.14, ...)
{DSA-3646-1 DLA-592-1}
- postgresql-9.5 9.5.4-1
- postgresql-9.4 <removed>
@@ -21583,8 +21490,7 @@
[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only
provides PL/Perl)
NOTE:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=fcd15f13581f6d75c63d213220d5a94889206c1b
NOTE: https://www.postgresql.org/about/news/1688/
-CVE-2016-5423 [possible mis-evaluation of nested CASE-WHEN expressions]
- RESERVED
+CVE-2016-5423 (PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before
9.3.14, ...)
{DSA-3646-1 DLA-592-1}
- postgresql-9.5 9.5.4-1
- postgresql-9.4 <removed>
@@ -24134,8 +24040,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/05/23/2
NOTE: Authenticated TLS "contraints" introduced in 2015-03-24 OpenNTPD
5.7p4
NOTE: Option is not enabled at buildtime.
-CVE-2016-4964 [scsi: mptsas infinite loop in mptsas_fetch_requests]
- RESERVED
+CVE-2016-4964 (The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU
(aka ...)
- qemu 1:2.6+dfsg-2 (bug #825207)
[jessie] - qemu <not-affected> (LSI SAS1068 (mptsas) device support
added later)
[wheezy] - qemu <not-affected> (LSI SAS1068 (mptsas) device support
added later)
@@ -33080,8 +32985,8 @@
NOTE: Introduced by:
https://git.kernel.org/linus/8b13eddfdf04cbfa561725cfc42d6868fe896f56
(v3.19-rc1)
NOTE: Fixed by:
https://git.kernel.org/linus/94f9cd81436c85d8c3a318ba92e236ede73752fc (v4.4-rc1)
NOTE: http://www.openwall.com/lists/oss-security/2016/01/27/6
-CVE-2015-8786
- RESERVED
+CVE-2015-8786 (The Management plugin in RabbitMQ before 3.6.1 allows remote
...)
+ TODO: check
CVE-2016-XXXX [out of bound read and write issues]
- giflib 5.1.4-0.1 (bug #820594)
[jessie] - giflib <no-dsa> (Minor issue)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
