Author: sectracker Date: 2017-01-12 21:10:11 +0000 (Thu, 12 Jan 2017) New Revision: 47957
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-01-12 21:02:27 UTC (rev 47956) +++ data/CVE/list 2017-01-12 21:10:11 UTC (rev 47957) @@ -1,3 +1,35 @@ +CVE-2017-5355 + RESERVED +CVE-2017-5354 + RESERVED +CVE-2017-5353 + RESERVED +CVE-2017-5352 + RESERVED +CVE-2017-5351 (Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software ...) + TODO: check +CVE-2017-5350 (Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allow ...) + TODO: check +CVE-2017-5349 + RESERVED +CVE-2017-5348 + RESERVED +CVE-2017-5347 (SQL injection vulnerability in inc/mod/newsletter/options.php in ...) + TODO: check +CVE-2017-5346 (SQL injection vulnerability in ...) + TODO: check +CVE-2017-5345 (SQL injection vulnerability in ...) + TODO: check +CVE-2017-5344 + RESERVED +CVE-2017-5343 + RESERVED +CVE-2017-5342 + RESERVED +CVE-2017-5341 + RESERVED +CVE-2016-10131 (system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote ...) + TODO: check CVE-2017-XXXX [ed invalid free] - ed <unfixed> (low; bug #851159) [jessie] - ed <no-dsa> (Minor issue) @@ -208,8 +240,7 @@ RESERVED CVE-2017-5227 RESERVED -CVE-2017-5225 [Heap-buffer overflow in tools/tiffcp via crafted BitsPerSample value] - RESERVED +CVE-2017-5225 (LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the ...) - tiff <unfixed> NOTE: Fixed by: https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2656 @@ -244,8 +275,7 @@ RESERVED CVE-2017-5210 RESERVED -CVE-2017-5209 [base64decode buffer over-read via split encoded Apple Property List data] - RESERVED +CVE-2017-5209 (The base64decode function in base64.c in libimobiledevice libplist ...) - libplist <unfixed> NOTE: Upstream bug: https://github.com/libimobiledevice/libplist/issues/84 NOTE: https://github.com/libimobiledevice/libplist/commit/3a55ddd3c4c11ce75a86afbefd085d8d397ff957 @@ -262,18 +292,23 @@ CVE-2017-5200 RESERVED CVE-2017-5339 + RESERVED - libgit2 <unfixed> NOTE: https://github.com/libgit2/libgit2/commit/3829ba2e710553893faf6336cc6b2f3fc17a293e CVE-2017-5338 + RESERVED - libgit2 <unfixed> NOTE: https://github.com/libgit2/libgit2/commit/98d66240ecb7765e191da19b535c75c92ccc90fe CVE-2016-10130 + RESERVED - libgit2 <unfixed> NOTE: https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22 CVE-2016-10129 + RESERVED - libgit2 <unfixed> NOTE: https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a CVE-2016-10128 + RESERVED - libgit2 <unfixed> NOTE: https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834 CVE-2016-10126 (Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before ...) @@ -281,6 +316,7 @@ CVE-2016-10125 (D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded ...) NOT-FOR-US: D-Link CVE-2016-10127 [XML external entity attack] + RESERVED {DSA-3759-1} - python-pysaml2 3.0.0-5 (bug #850716) NOTE: https://github.com/rohe/pysaml2/pull/379 @@ -294,18 +330,22 @@ NOTE: https://support.zabbix.com/browse/ZBX-11023 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/01/12/4 CVE-2017-5337 + RESERVED - gnutls28 3.5.8-1 NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-2 NOTE: https://gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1a CVE-2017-5336 + RESERVED - gnutls28 3.5.8-1 NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-2 NOTE: https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732 CVE-2017-5335 + RESERVED - gnutls28 3.5.8-1 NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-2 NOTE: https://gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3a CVE-2017-5334 + RESERVED - gnutls28 3.5.8-1 NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-1 NOTE: https://gitlab.com/gnutls/gnutls/commit/c5aaa488a3d6df712dc8dff23a049133cab5ec1b @@ -828,11 +868,13 @@ - borgbackup 1.0.9-1 NOTE: https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability CVE-2017-5333 + RESERVED - icoutils 0.31.1-1 NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1a108713ac26215c7568353f6e02e727e6d4b24a NOTE: CVE for "the separate vulnerability fixed by the introduction of the "size >= sizeof(uint16_t)*2" test in NOTE: 1a108713ac26215c7568353f6e02e727e6d4b24a" CVE-2017-5332 + RESERVED - icoutils 0.31.1-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1249276 NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a @@ -841,6 +883,7 @@ NOTE: CVE for "all of 1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a and also the index correction in NOTE: 1a108713ac26215c7568353f6e02e727e6d4b24a." CVE-2017-5331 [make check_offset more stringent] + RESERVED - icoutils 0.31.1-1 NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=4fbe9222fd79ee31b7ec031b0be070a9a400d1d3 NOTE: http://www.openwall.com/lists/oss-security/2017/01/10/4 @@ -850,7 +893,7 @@ - icoutils 0.31.0-4 (bug #850017) NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=0d569f458f306b88f60156d60c9cf058125cf173 NOTE: http://www.openwall.com/lists/oss-security/2017/01/08/1 -CVE-2017-5340 [Use of uninitialized memory in unserialize()] +CVE-2017-5340 (Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles ...) - php7.0 <unfixed> (bug #850158) - php5 <unfixed> NOTE: https://bugs.php.net/bug.php?id=73832 @@ -3456,6 +3499,7 @@ NOTE: https://ikiwiki.info/security/#cve-2016-9645 CVE-2016-10026 [authorization bypass when reverting changes] RESERVED + {DSA-3760-1} - ikiwiki 3.20161219 NOTE: http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/ NOTE: Fix: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=9cada49ed6ad24556dbe9861ad5b0a9f526167f9 @@ -5784,104 +5828,91 @@ RESERVED CVE-2017-2968 RESERVED -CVE-2017-2967 - RESERVED -CVE-2017-2966 - RESERVED -CVE-2017-2965 - RESERVED -CVE-2017-2964 - RESERVED -CVE-2017-2963 - RESERVED -CVE-2017-2962 - RESERVED -CVE-2017-2961 - RESERVED -CVE-2017-2960 - RESERVED -CVE-2017-2959 - RESERVED -CVE-2017-2958 - RESERVED -CVE-2017-2957 - RESERVED -CVE-2017-2956 - RESERVED -CVE-2017-2955 - RESERVED -CVE-2017-2954 - RESERVED -CVE-2017-2953 - RESERVED -CVE-2017-2952 - RESERVED -CVE-2017-2951 - RESERVED -CVE-2017-2950 - RESERVED -CVE-2017-2949 - RESERVED -CVE-2017-2948 - RESERVED -CVE-2017-2947 - RESERVED -CVE-2017-2946 - RESERVED -CVE-2017-2945 - RESERVED -CVE-2017-2944 - RESERVED -CVE-2017-2943 - RESERVED -CVE-2017-2942 - RESERVED -CVE-2017-2941 - RESERVED -CVE-2017-2940 - RESERVED -CVE-2017-2939 - RESERVED -CVE-2017-2938 - RESERVED +CVE-2017-2967 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2966 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2965 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2964 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2963 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2962 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2961 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2960 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2959 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2958 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2957 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2956 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2955 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2954 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2953 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2952 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2951 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2950 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2949 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2948 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2947 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2946 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2945 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2944 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2943 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2942 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2941 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2940 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2939 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2938 (Adobe Flash Player versions 24.0.0.186 and earlier have a security ...) NOT-FOR-US: Adobe Flash -CVE-2017-2937 - RESERVED +CVE-2017-2937 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash -CVE-2017-2936 - RESERVED +CVE-2017-2936 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash -CVE-2017-2935 - RESERVED +CVE-2017-2935 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash -CVE-2017-2934 - RESERVED +CVE-2017-2934 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash -CVE-2017-2933 - RESERVED +CVE-2017-2933 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash -CVE-2017-2932 - RESERVED +CVE-2017-2932 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash -CVE-2017-2931 - RESERVED +CVE-2017-2931 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash -CVE-2017-2930 - RESERVED +CVE-2017-2930 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash CVE-2017-2929 RESERVED -CVE-2017-2928 - RESERVED +CVE-2017-2928 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash -CVE-2017-2927 - RESERVED +CVE-2017-2927 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash -CVE-2017-2926 - RESERVED +CVE-2017-2926 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash -CVE-2017-2925 - RESERVED +CVE-2017-2925 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash CVE-2016-9839 (In MapServer before 7.0.3, OGR driver error messages are too verbose ...) {DLA-734-1} @@ -11591,6 +11622,7 @@ RESERVED CVE-2017-0356 [Authentication bypass via repeated parameters] RESERVED + {DSA-3760-1} - ikiwiki 3.20170111 NOTE: https://ikiwiki.info/security/#cve-2017-0356 CVE-2016-9772 [OPENAFS-SA-2016-003 - directory information leaks] @@ -11615,6 +11647,7 @@ RESERVED CVE-2016-9646 [commit metadata forgery] RESERVED + {DSA-3760-1} - ikiwiki 3.20161229 NOTE: https://ikiwiki.info/security/#cve-2016-9646 CVE-2016-9643 @@ -12427,8 +12460,7 @@ RESERVED CVE-2016-9454 RESERVED -CVE-2016-9444 [An unusually-formed DS record response could cause an assertion failure] - RESERVED +CVE-2016-9444 (named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and ...) {DSA-3758-1} - bind9 <unfixed> (bug #851062) NOTE: https://kb.isc.org/article/AA-01441/0 @@ -13367,8 +13399,8 @@ RESERVED CVE-2016-9248 RESERVED -CVE-2016-9247 - RESERVED +CVE-2016-9247 (Under certain conditions for BIG-IP systems using a virtual server ...) + TODO: check CVE-2016-9246 RESERVED CVE-2016-9245 @@ -13588,8 +13620,7 @@ NOT-FOR-US: PAN-OS CVE-2016-9148 RESERVED -CVE-2016-9147 [An error handling a query response containing inconsistent DNSSEC information could cause an assertion failure] - RESERVED +CVE-2016-9147 (named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows ...) {DSA-3758-1} - bind9 <unfixed> (bug #851063) NOTE: https://kb.isc.org/article/AA-01440/0 @@ -13679,8 +13710,7 @@ NOTE: Fixed in 1.10.14 and 1.11.34, all prior versions affected. NOTE: Fixed by: https://github.com/randombit/botan/commit/987ad747db6d0d7e36f840398f3cf02e2fbfd90f NOTE: Not believed to be exploitable in practice -CVE-2016-9131 [A malformed response to an ANY query can cause an assertion failure during recursion] - RESERVED +CVE-2016-9131 (named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and ...) {DSA-3758-1} - bind9 <unfixed> (bug #851065) NOTE: https://kb.isc.org/article/AA-01439/0 @@ -14072,8 +14102,7 @@ NOT-FOR-US: RealPlayer CVE-2016-9017 (Artifex Software, Inc. MuJS before ...) NOT-FOR-US: MuJS -CVE-2016-9015 [certificate verification failure] - RESERVED +CVE-2016-9015 (Versions 1.17 and 1.18 of the Python urllib3 library suffer from a ...) - python-urllib3 <not-affected> (Issue only present in 1.17 and 1.18 releases) CVE-2016-9014 (Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x ...) {DLA-706-1} @@ -17138,12 +17167,12 @@ RESERVED CVE-2017-0005 RESERVED -CVE-2017-0004 - RESERVED -CVE-2017-0003 - RESERVED -CVE-2017-0002 - RESERVED +CVE-2017-0004 (The Local Security Authority Subsystem Service (LSASS) in Microsoft ...) + TODO: check +CVE-2017-0003 (Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote ...) + TODO: check +CVE-2017-0002 (Microsoft Edge allows remote attackers to bypass the Same Origin ...) + TODO: check CVE-2017-0001 RESERVED CVE-2016-8200 @@ -18823,19 +18852,16 @@ RESERVED CVE-2016-7481 RESERVED -CVE-2016-7480 - RESERVED +CVE-2016-7480 (The SplObjectStorage unserialize implementation in ...) - php7.0 7.0.12-1 - php5 <undetermined> NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73257 NOTE: Fixed in 7.0.12 -CVE-2016-7479 - RESERVED +CVE-2016-7479 (In all versions of PHP 7, during the unserialization process, resizing ...) - php7.0 <unfixed> - php5 <unfixed> NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73092 -CVE-2016-7478 - RESERVED +CVE-2016-7478 (Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x ...) - php7.0 <unfixed> - php5 <unfixed> NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73093 @@ -19017,7 +19043,7 @@ NOTE: http://marc.info/?l=linux-scsi&m=147394713328707&w=2 NOTE: Upstream commit: https://git.kernel.org/linus/7bc2b55a5c030685b399bb65b6baa9ccc3d1f167 CVE-2016-7424 (The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav ...) - {DSA-3685-1} + {DSA-3685-1 DLA-780-1} - libav <removed> - ffmpeg <not-affected> (Fixed before introduction into the archive) NOTE: Fixed by: https://git.libav.org/?p=libav.git;a=commit;h=136f55207521f0b03194ef5b55ba70f1635d6aee @@ -20802,8 +20828,7 @@ NOTE: and with the patch readpw(dpy, pws) is not called anymore, and NOTE: thus in readpw, not calling crypt(passwd, pws) with a possibly NOTE: empty pws. -CVE-2016-6837 [XSS in view_all_bug_page.php] - RESERVED +CVE-2016-6837 (Cross-site scripting (XSS) vulnerability in MantisBT Filter API in ...) - mantis <removed> [wheezy] - mantis <end-of-life> (unsupported) NOTE: https://mantisbt.org/bugs/view.php?id=21611 @@ -20815,14 +20840,12 @@ NOTE: https://blogs.gentoo.org/ago/2016/08/07/libav-heap-based-buffer-overflow-in-ff_audio_resample-resample-c/ NOTE: https://git.libav.org/?p=libav.git;a=commit;h=0ac8ff618c5e6d878c547a8877e714ed728950ce NOTE: Claimed to not affect ffmpeg -CVE-2016-6831 [Memory leak in CHICKEN Scheme's process-execute and process-spawn procedures] - RESERVED +CVE-2016-6831 (The "process-execute" and "process-spawn" procedures did not free ...) {DLA-643-1} - chicken <unfixed> (bug #834845) [jessie] - chicken <no-dsa> (Minor issue) NOTE: Fixed in the same upstream patch which is provided for CVE-2016-6830 -CVE-2016-6830 [Buffer overrun in CHICKEN Scheme's "process-execute" and "process-spawn" procedures from the posix unit] - RESERVED +CVE-2016-6830 (The "process-execute" and "process-spawn" procedures in CHICKEN Scheme ...) {DLA-643-1} - chicken <unfixed> (bug #834845) [jessie] - chicken <no-dsa> (Minor issue) @@ -20837,8 +20860,8 @@ RESERVED CVE-2016-6821 RESERVED -CVE-2016-6820 - RESERVED +CVE-2016-6820 (MetroCluster Tiebreaker for clustered Data ONTAP in versions before ...) + TODO: check CVE-2016-6819 RESERVED CVE-2016-6818 @@ -22007,12 +22030,10 @@ CVE-2016-6595 (** DISPUTED ** The SwarmKit toolkit 1.12.0 for Docker allows remote ...) - docker.io <not-affected> (Only affects Docker 1.12) NOTE: http://seclists.org/oss-sec/2016/q3/198 -CVE-2016-6581 [HPACK Bomb] - RESERVED +CVE-2016-6581 (A HTTP/2 implementation built using any version of the Python HPACK ...) - python-hpack 2.3.0-1 (bug #833467) NOTE: https://github.com/python-hyper/hpack/pull/56 -CVE-2016-6580 - RESERVED +CVE-2016-6580 (A HTTP/2 implementation built using any version of the Python priority ...) NOT-FOR-US: Python Priority NOTE: https://github.com/python-hyper/priority/pull/23 CVE-2016-6519 [persistent XSS in metadata field] @@ -22735,10 +22756,10 @@ NOTE: https://github.com/systemd/systemd/issues/3815 NOTE: The problem as well only arises with docker fork in RedHat, not with upstream docker NOTE: https://github.com/projectatomic/oci-register-machine/pull/22 -CVE-2016-6287 - RESERVED -CVE-2016-6286 - RESERVED +CVE-2016-6287 (The "http-client" egg always used a HTTP_PROXY environment variable to ...) + TODO: check +CVE-2016-6286 (The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" ...) + TODO: check CVE-2016-6285 RESERVED CVE-2016-6284 @@ -23771,7 +23792,7 @@ CVE-2016-6092 RESERVED CVE-2016-6091 - RESERVED + REJECTED CVE-2016-6090 RESERVED CVE-2016-6089 @@ -28518,12 +28539,12 @@ - libarchive 3.2.1-1 NOTE: https://github.com/libarchive/libarchive/issues/705 NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/fd7e0c02e272913a0a8b6d492c7260dfca0b1408 (v3.2.1) -CVE-2016-4808 - RESERVED -CVE-2016-4807 - RESERVED -CVE-2016-4806 - RESERVED +CVE-2016-4808 (Web2py versions 2.14.5 and below was affected by CSRF (Cross Site ...) + TODO: check +CVE-2016-4807 (Web2py versions 2.14.5 and below was affected by Reflected XSS ...) + TODO: check +CVE-2016-4806 (Web2py versions 2.14.5 and below was affected by Local File Inclusion ...) + TODO: check CVE-2016-4803 (CRLF injection vulnerability in the send email functionality in dotCMS ...) NOT-FOR-US: dotCMS CVE-2016-4802 (Multiple untrusted search path vulnerabilities in cURL and libcurl ...) @@ -45375,8 +45396,8 @@ NOT-FOR-US: F5 BIG-IP CVE-2015-8021 (Incomplete blacklist vulnerability in the Configuration utility in F5 ...) NOT-FOR-US: F5 BIG-IP -CVE-2015-8020 - RESERVED +CVE-2015-8020 (Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a default ...) + TODO: check CVE-2015-8018 RESERVED CVE-2015-8017 @@ -55134,14 +55155,14 @@ RESERVED CVE-2015-4595 RESERVED -CVE-2015-4594 - RESERVED -CVE-2015-4593 - RESERVED -CVE-2015-4592 - RESERVED -CVE-2015-4591 - RESERVED +CVE-2015-4594 (eClinicalWorks Population Health (CCMR) suffers from a session ...) + TODO: check +CVE-2015-4593 (eClinicalWorks Population Health (CCMR) suffers from a cross-site ...) + TODO: check +CVE-2015-4592 (eClinicalWorks Population Health (CCMR) suffers from an SQL injection ...) + TODO: check +CVE-2015-4591 (eClinicalWorks Population Health (CCMR) suffers from a cross site ...) + TODO: check CVE-2015-4590 (The extractFrom function in Internals/QuotedString.cpp in Arduino JSON ...) NOT-FOR-US: Arduino JSON CVE-2015-4589 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits