Author: sectracker Date: 2017-01-23 21:10:12 +0000 (Mon, 23 Jan 2017) New Revision: 48310
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-01-23 21:03:36 UTC (rev 48309) +++ data/CVE/list 2017-01-23 21:10:12 UTC (rev 48310) @@ -1,3 +1,87 @@ +CVE-2017-5575 (SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS ...) + TODO: check +CVE-2017-5574 (SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 ...) + TODO: check +CVE-2017-5573 + RESERVED +CVE-2017-5572 + RESERVED +CVE-2017-5571 + RESERVED +CVE-2017-5570 + RESERVED +CVE-2017-5569 + RESERVED +CVE-2017-5568 + RESERVED +CVE-2017-5567 + RESERVED +CVE-2017-5566 + RESERVED +CVE-2017-5565 + RESERVED +CVE-2017-5564 + RESERVED +CVE-2017-5563 (LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in ...) + TODO: check +CVE-2017-5562 + RESERVED +CVE-2017-5561 + RESERVED +CVE-2017-5560 + RESERVED +CVE-2017-5559 + RESERVED +CVE-2017-5558 + RESERVED +CVE-2017-5557 + RESERVED +CVE-2017-5556 (The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF ...) + TODO: check +CVE-2017-5555 + RESERVED +CVE-2017-5554 (An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before ...) + TODO: check +CVE-2017-5553 (Cross-site scripting (XSS) vulnerability in ...) + TODO: check +CVE-2017-5545 (The main function in plistutil.c in libimobiledevice libplist through ...) + TODO: check +CVE-2017-5544 (An issue was discovered on FiberHome Fengine S5800 switches V210R240. ...) + TODO: check +CVE-2017-5543 (includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote ...) + TODO: check +CVE-2017-5542 (Cross-site scripting (XSS) vulnerability in ...) + TODO: check +CVE-2017-5541 (Directory traversal vulnerability in ...) + TODO: check +CVE-2017-5540 + RESERVED +CVE-2017-5539 (The patch for directory traversal (CVE-2017-5480) in b2evolution ...) + TODO: check +CVE-2017-5536 + RESERVED +CVE-2017-5535 + RESERVED +CVE-2017-5534 + RESERVED +CVE-2017-5533 + RESERVED +CVE-2017-5532 + RESERVED +CVE-2017-5531 + RESERVED +CVE-2017-5530 + RESERVED +CVE-2017-5529 + RESERVED +CVE-2017-5528 + RESERVED +CVE-2017-5527 + RESERVED +CVE-2016-10157 (Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to ...) + TODO: check +CVE-2016-10156 (A flaw in systemd v228 in /src/basic/fs-util.c caused world writable ...) + TODO: check CVE-2017-XXXX [Reflected XSS vulnerability] - cgiemail <unfixed> (bug #852031) NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/01/20/6 @@ -11,6 +95,7 @@ - cgiemail <unfixed> (bug #852031) NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/01/20/6 CVE-2016-10155 [watchdog: memory leakage in virtual hardware watchdog wdt_i6300esb; CVE for the memory consumption issue, not an information disclosure issue] + RESERVED - qemu 1:2.8+dfsg-2 (bug #852232) - qemu-kvm <removed> NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2016-12/msg03104.html @@ -18,22 +103,27 @@ NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=eb7a20a3616085d46aa6b4b4224e15587ec67e6e TODO: check affected versions CVE-2016-10154 [cifs: Fix smbencrypt() to stop pointing a scatterlist at the stack] + RESERVED - linux 4.9.2-1 NOTE: Fixed by: https://git.kernel.org/linus/06deeec77a5a689cc94b21a8a91a76e42176685d (v4.10-rc1) CVE-2016-10153 [libceph: introduce ceph_crypt() for in-place en/decryption] + RESERVED - linux <unfixed> NOTE: Fixed by: https://git.kernel.org/linus/a45f795c65b479b4ba107b6ccde29b896d51ee98 (v4.10-rc1) CVE-2016-10152 [Use of hard-coded DNS domain if configuration file cannot be read] + RESERVED - hesiod <unfixed> (low; bug #852093) [jessie] - hesiod <no-dsa> (Minor issue) NOTE: https://github.com/achernya/hesiod/pull/10 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1332493 CVE-2016-10151 [Weak SUID check allowing privilege elevation] + RESERVED - hesiod <unfixed> (low; bug #852094) [jessie] - hesiod <no-dsa> (Minor issue) NOTE: https://github.com/achernya/hesiod/pull/9 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1332508 CVE-2016-10150 [kvm: use-after-free issue while creating devices] + RESERVED - linux 4.8.15-1 [jessie] - linux <not-affected> (Vulnerable code introduced later) [wheezy] - linux <not-affected> (Vulnerable code introduced later) @@ -47,6 +137,7 @@ NOTE: https://core.trac.wordpress.org/ticket/37490 NOTE: https://core.trac.wordpress.org/changeset/38168 CVE-2017-5552 [display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing; CVE for the memory consumption issue, not an information disclosure issue] + RESERVED - qemu 1:2.8+dfsg-2 (bug #852119) [jessie] - qemu <not-affected> (Vulnerable code not present) [wheezy] - qemu <not-affected> (Vulnerable code not present) @@ -55,33 +146,41 @@ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415281 NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=33243031dad02d161225ba99d782616da133f689 CVE-2017-5551 [sgid bit not cleared on tmpfs] + RESERVED - linux <unfixed> NOTE: Fixed by: https://git.kernel.org/linus/497de07d89c1410d76a15bec2bb41f24a2a89f31 (4.10-rc4) CVE-2017-5550 [fix a fencepost error in pipe_advance()] + RESERVED - linux <unfixed> NOTE: Fixed by: https://git.kernel.org/linus/b9dc6f65bc5e232d1c05fe34b5daadc7e8bbf1fb (4.10-rc4) CVE-2017-5549 [USB: serial: kl5kusb105: fix line-state error handling] + RESERVED - linux <unfixed> NOTE: Fixed by: https://git.kernel.org/linus/146cc8a17a3b4996f6805ee5c080e7101277c410 (4.10-rc4) CVE-2017-5548 [ieee802154: atusb: do not use the stack for buffers to make them DMA able] + RESERVED - linux <unfixed> NOTE: Fixed by: https://git.kernel.org/linus/05a974efa4bdf6e2a150e3f27dc6fcf0a9ad5655 CVE-2017-5547 [HID: corsair: fix DMA buffers on stack] + RESERVED - linux <unfixed> [jessie] - linux <not-affected> (Vulnerable code introduced in v4.4-rc1) [wheezy] - linux <not-affected> (Vulnerable code introduced in v4.4-rc1) NOTE: Fixed by: https://git.kernel.org/linus/6d104af38b570d37aa32a5803b04c354f8ed513d CVE-2017-5546 [mm/slab.c: fix SLAB freelist randomization duplicate entries] + RESERVED - linux <unfixed> [jessie] - linux <not-affected> (freelist randomisation introduced in 4.7) [wheezy] - linux <not-affected> (freelist randomisation introduced in 4.7) NOTE: Fixed by: https://git.kernel.org/linus/c4e490cf148e85ead0d1b1c2caaba833f1d5b29f (v4.10-rc4) CVE-2017-5538 + RESERVED NOT-FOR-US: Samsung Exynos CVE-2017-5524 RESERVED NOT-FOR-US: Plone CVE-2017-5537 [weblate information leak] + RESERVED - weblate <itp> (bug #745661) NOTE: http://www.openwall.com/lists/oss-security/2017/01/18/11 CVE-2017-5526 [audio: memory leakage in es1370 device; CVE for the memory consumption issue] @@ -107,12 +206,10 @@ - mapserver 7.0.4-1 NOTE: https://lists.osgeo.org/pipermail/mapserver-dev/2017-January/015007.html NOTE: https://github.com/mapserver/mapserver/commit/e52a436c0e1c5e9f7ef13428dba83194a800f4df -CVE-2017-2578 - RESERVED +CVE-2017-2578 (In Moodle 3.x, there is XSS in the assignment submission page. ...) - moodle 2.7.18+dfsg-1 NOTE: https://moodle.org/mod/forum/discuss.php?d=345915 -CVE-2017-2576 - RESERVED +CVE-2017-2576 (In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in ...) - moodle 2.7.18+dfsg-1 NOTE: https://moodle.org/mod/forum/discuss.php?d=345912 CVE-2017-5521 (An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, ...) @@ -406,8 +503,8 @@ CVE-2016-10147 (crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users ...) - linux 4.8.15-1 NOTE: Fixed by: https://git.kernel.org/linus/48a992727d82cb7db076fa15d372178743b1f4cd (v4.9) -CVE-2016-10143 - RESERVED +CVE-2016-10143 (A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to ...) + TODO: check CVE-2016-10142 (An issue was discovered in the IPv6 protocol specification, related to ...) NOTE: Generic IPv6 issue CVE-2016-10139 (An issue was discovered on BLU R1 HD devices with Shanghai Adups ...) @@ -896,6 +993,7 @@ - python-pysaml2 <unfixed> NOTE: https://github.com/rohe/pysaml2/issues/366 CVE-2016-10149 [CWE-776 (Entity Expansion)] + RESERVED {DSA-3759-1} - python-pysaml2 3.0.0-5 (bug #850716) NOTE: NOTE: https://github.com/rohe/pysaml2/pull/379 @@ -1434,14 +1532,14 @@ NOT-FOR-US: NETGEAR devices CVE-2016-10105 (admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections ...) - piwigo <removed> -CVE-2016-10104 - RESERVED -CVE-2016-10103 - RESERVED -CVE-2016-10102 - RESERVED -CVE-2016-10101 - RESERVED +CVE-2016-10104 (Information Disclosure can occur in sshProfiles.jsd in Hitek Software's ...) + TODO: check +CVE-2016-10103 (Information Disclosure can occur in encryptionProfiles.jsd in Hitek ...) + TODO: check +CVE-2016-10102 (hitek.jar in Hitek Software's Automize uses weak encryption when ...) + TODO: check +CVE-2016-10101 (Information Disclosure can occur in Hitek Software's Automize 10.x and ...) + TODO: check CVE-2016-10100 (Borg (aka BorgBackup) before 1.0.9 has a flaw in the way duplicate ...) - borgbackup 1.0.9-1 NOTE: https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability @@ -3786,8 +3884,7 @@ NOTE: https://sourceforge.net/p/libpng/code/ci/243d4e5f3fe71740d52a53cf3dd77cc83a3430ba NOTE: https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb (libpng16) NOTE: https://sourceforge.net/p/libpng/code/ci/794a15fad6add4d636369d0b46f603a02995b2e2/ (libpng12) -CVE-2016-10075 [insecure use of git] - RESERVED +CVE-2016-10075 (The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local ...) - tqdm <unfixed> (bug #849632) NOTE: https://github.com/tqdm/tqdm/issues/328 CVE-2016-10074 (The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer ...) @@ -5991,8 +6088,8 @@ RESERVED CVE-2016-9871 RESERVED -CVE-2016-9870 - RESERVED +CVE-2016-9870 (EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC ...) + TODO: check CVE-2016-9869 (An issue was discovered in EMC ScaleIO versions before 2.0.1.1. ...) NOT-FOR-US: EMC ScaleIO CVE-2016-9868 (An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A ...) @@ -13722,15 +13819,13 @@ [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m <no-dsa> (Minor issue) NOTE: https://github.com/tats/w3m/issues/17 -CVE-2016-9436 [problem fixed by the new "tagname[0] = '\0'" line in parsetagx.c] - RESERVED +CVE-2016-9436 (parsetagx.c in w3m before 0.5.3+git20161009 does not properly ...) - w3m 0.5.3-30 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m <no-dsa> (Minor issue) NOTE: https://github.com/tats/w3m/issues/16 NOTE: Fixed by: https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd -CVE-2016-9435 [for the problem fixed by the new conditional PUSH_ENV(HTML_DL) call in file.c] - RESERVED +CVE-2016-9435 (The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 ...) - w3m 0.5.3-30 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m <no-dsa> (Minor issue) @@ -15165,8 +15260,7 @@ RESERVED CVE-2016-8911 RESERVED -CVE-2016-9016 [sandbox escape (similar to CVE-2016-7545] - RESERVED +CVE-2016-9016 (Firejail 0.9.38.4 allows local users to execute arbitrary commands ...) - firejail 0.9.44-1 NOTE: https://github.com/netblue30/firejail/commit/46dc2b34f1fbbc4597b4ff9f6a3cb28b2d500d1b NOTE: http://www.openwall.com/lists/oss-security/2016/10/25/3 @@ -16051,16 +16145,13 @@ - linux 4.8.11-1 [jessie] - linux 3.16.39-1 NOTE: Fixed by: https://git.kernel.org/linus/ac6e780070e30e4c35bd395acfe9191e6268bdd3 (v4.9-rc6) -CVE-2016-8644 - RESERVED +CVE-2016-8644 (In Moodle 2.x and 3.x, the capability to view course notes is checked ...) - moodle 2.7.17+dfsg-1 NOTE: https://moodle.org/mod/forum/discuss.php?d=343277 -CVE-2016-8643 - RESERVED +CVE-2016-8643 (In Moodle 2.x and 3.x, non-admin site managers may accidentally edit ...) - moodle 2.7.17+dfsg-1 NOTE: https://moodle.org/mod/forum/discuss.php?d=343276 -CVE-2016-8642 - RESERVED +CVE-2016-8642 (In Moodle 2.x and 3.x, the question engine allows access to files that ...) - moodle 2.7.17+dfsg-1 NOTE: https://moodle.org/mod/forum/discuss.php?d=343275 CVE-2016-10089 @@ -17432,8 +17523,8 @@ RESERVED CVE-2016-8214 RESERVED -CVE-2016-8213 - RESERVED +CVE-2016-8213 (EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, ...) + TODO: check CVE-2016-8212 RESERVED CVE-2016-8211 @@ -19093,11 +19184,9 @@ NOTE: https://github.com/systemd/systemd/commit/531ac2b2349da02acc9c382849758e07eb92b020 NOTE: Originally fixed in 231-8 but caused a regression fixed in 231-9 NOTE: https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet -CVE-2016-7794 - RESERVED +CVE-2016-7794 (sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to ...) - git-hub 0.10.2-2 (bug #839284) -CVE-2016-7793 - RESERVED +CVE-2016-7793 (sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to ...) - git-hub 0.10.2-2 (bug #839284) CVE-2016-7792 RESERVED @@ -19669,8 +19758,7 @@ RESERVED CVE-2016-7546 RESERVED -CVE-2016-7545 [SELinux sandbox escape via TIOCSTI ioctl] - RESERVED +CVE-2016-7545 (SELinux policycoreutils allows local users to execute arbitrary ...) {DLA-638-1} - policycoreutils 2.5-3 (bug #838599) [jessie] - policycoreutils <not-affected> ("sandbox" executable not packaged in this version) @@ -19683,8 +19771,7 @@ CVE-2016-7544 RESERVED - libcrypto++ <not-affected> (Vulnerable code intorduced in 5.6.4, only affects Windows and Microsoft compilers) -CVE-2016-7543 - RESERVED +CVE-2016-7543 (Bash before 4.4 allows local users to execute arbitrary commands with ...) {DLA-680-1} - bash 4.4-1 [jessie] - bash 4.3-11+deb8u1 @@ -20639,6 +20726,7 @@ CVE-2016-1000213 (Ruckus Wireless H500 web management interface CSRF ...) TODO: check CVE-2010-5328 [process with pgid zero able to crash] + RESERVED - linux <not-affected> (Fixed before the src:linux-2.6 -> src:linux rename) - linux-2.6 2.6.37-1 CVE-2010-5327 (Liferay Portal through 6.2.10 allows remote authenticated users to ...) @@ -21296,8 +21384,7 @@ NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fcd91dd449867c6bfe56a81cabba76b829fd05cd NOTE: Introduced by: https://git.kernel.org/linus/9b174d88c257150562b0101fcc6cb6c3cb74275c (v4.0-rc1) NOTE: Intorduced by: https://git.kernel.org/linus/66e5133f19e901a044fa5eaeeb6ecff4545839e5 (v4.2-rc1) -CVE-2016-7038 - RESERVED +CVE-2016-7038 (In Moodle 2.x and 3.x, web service tokens are not invalidated when the ...) - moodle 2.7.16+dfsg-1 CVE-2016-7037 RESERVED @@ -23835,8 +23922,8 @@ - collectd 5.5.2-1 (bug #832507) NOTE: https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18 NOTE: https://github.com/collectd/collectd/commit/8b4fed9940e02138b7e273e56863df03d1a39ef7 -CVE-2016-6253 - RESERVED +CVE-2016-6253 (mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, ...) + TODO: check CVE-2016-1000218 RESERVED - kibana <itp> (bug #700337) @@ -25793,8 +25880,7 @@ NOTE: Only affects an example script NOTE: Fix applied: 16_XSS-security-bugfix.patch in 1.5-5 NOTE: http://www.openwall.com/lists/oss-security/2016/06/20/2 -CVE-2016-5725 - RESERVED +CVE-2016-5725 (Directory traversal vulnerability in JCraft JSch before 0.1.54 on ...) {DLA-611-1} - jsch 0.1.54-1 (low) [jessie] - jsch <no-dsa> (Minor issue) @@ -27046,8 +27132,7 @@ NOTE: https://github.com/wireshark/wireshark/commit/b4d16b4495b732888e12baf5b8a7e9bf2665e22b CVE-2016-5324 RESERVED -CVE-2016-5323 [tiffcrop _TIFFFax3fillruns(): NULL pointer dereference] - RESERVED +CVE-2016-5323 (The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote ...) {DSA-3762-1 DLA-610-1 DLA-606-1} - tiff 4.0.6-2 (unimportant) - tiff3 <removed> (unimportant) @@ -27063,8 +27148,7 @@ NOTE: src:tiff3: built binary packages do not contain the TIFF tools NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2560 NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=658 -CVE-2016-5321 [DumpModeDecode(): Ddos] - RESERVED +CVE-2016-5321 (The DumpModeDecode function in libtiff 4.0.6 and earlier allows ...) {DSA-3762-1 DLA-610-1 DLA-606-1} - tiff 4.0.6-2 - tiff3 <removed> @@ -27077,16 +27161,14 @@ - tiff 4.0.6-2 (bug #830700) - tiff3 <removed> NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2554#c1 -CVE-2016-5317 [GNOME nautilus: crash occurs when generating a thumbnail for a crafted TIFF image] - RESERVED +CVE-2016-5317 (Buffer overflow in the PixarLogDecode function in libtiff.so in the ...) {DSA-3762-1 DLA-610-1 DLA-606-1} - tiff 4.0.6-2 (bug #830700) - tiff3 <removed> NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2557 NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=653 NOTE: Upstream marked this duplicate of bug http://bugzilla.maptools.org/show_bug.cgi?id=2554 -CVE-2016-5316 [tif_pixarlog.c: PixarLogCleanup() Segmentation fault] - RESERVED +CVE-2016-5316 (Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c ...) {DSA-3762-1 DLA-610-1 DLA-606-1} - tiff 4.0.6-2 (bug #830700) - tiff3 <removed> @@ -27590,8 +27672,7 @@ RESERVED CVE-2014-9855 RESERVED -CVE-2016-5319 [libtiff: PackBitsEncode heap buffer overflow] - RESERVED +CVE-2016-5319 (Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and ...) {DLA-693-1} - tiff 4.0.6-3 (bug #842046) - tiff3 <removed> @@ -27602,8 +27683,7 @@ NOTE: Utility bmp2tiff has been removed from upstream LibTIFF NOTE: No patch available. Marked as wontfix by upstream. NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package -CVE-2016-5318 [libtiff: stack buffer overflow in _TIFFVGetField function] - RESERVED +CVE-2016-5318 (Stack-based buffer overflow in the _TIFFVGetField function in libtiff ...) {DLA-693-1 DLA-692-1} - tiff <unfixed> (bug #842043) - tiff3 <removed> @@ -28693,13 +28773,12 @@ RESERVED CVE-2016-5015 RESERVED -CVE-2016-5014 - RESERVED -CVE-2016-5013 - RESERVED +CVE-2016-5014 (In Moodle 2.x and 3.x, an unenrolled user still receives event monitor ...) + TODO: check +CVE-2016-5013 (In Moodle 2.x and 3.x, text injection can occur in email headers, ...) - moodle 2.7.15+dfsg-1 -CVE-2016-5012 - RESERVED +CVE-2016-5012 (In Moodle 3.x, glossary search displays entries without checking user ...) + TODO: check CVE-2016-5011 [Extended partition loop in MBR partition table leads to DoS] RESERVED - util-linux 2.28.1-1 (bug #830802) @@ -45809,8 +45888,7 @@ NOTE: https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4 (master) NOTE: https://github.com/django/django/commit/8a01c6b53169ee079cb21ac5919fdafcc8c5e172 (1.7.x) NOTE: https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/ -CVE-2015-8212 [bozohttpd CGI handlers potential remote code execution] - RESERVED +CVE-2015-8212 (CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 ...) {DLA-490-1} - bozohttpd <removed> NOTE: FIX http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/httpd/bozohttpd.c.diff?r1=1.79&r2=1.80&only_with_tag=MAIN @@ -46318,10 +46396,10 @@ NOTE: https://sources.debian.net/src/salt/2014.1.13%2Bds-3/salt/utils/verify.py/#L207 NOTE: https://github.com/cachedout/salt/commit/097838ec0c52b1e96f7f761e5fb3cd7e79808741 NOTE: https://github.com/saltstack/salt/issues/28455 -CVE-2014-9755 - RESERVED -CVE-2014-9754 - RESERVED +CVE-2014-9755 (The hardware VPN client in Viprinet MultichannelVPN Router 300 verison ...) + TODO: check +CVE-2014-9754 (The hardware VPN client in Viprinet MultichannelVPN Router 300 verison ...) + TODO: check CVE-2015-8075 REJECTED CVE-2015-8033 @@ -90120,8 +90198,8 @@ - owncloud 6.0.2+dfsg-1 CVE-2014-2046 (cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 ...) NOT-FOR-US: Broadcom Ltd PIPA C211 -CVE-2014-2045 - RESERVED +CVE-2014-2045 (Multiple cross-site scripting (XSS) vulnerabilities in the 'old' and ...) + TODO: check CVE-2014-2044 (Incomplete blacklist vulnerability in ajax/upload.php in ownCloud ...) - owncloud <not-affected> (Windows-specific) CVE-2014-2043 (SQL injection vulnerability in Resources/System/Templates/Data.aspx in ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits