Author: sectracker Date: 2017-01-27 21:10:15 +0000 (Fri, 27 Jan 2017) New Revision: 48459
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-01-27 20:54:49 UTC (rev 48458) +++ data/CVE/list 2017-01-27 21:10:15 UTC (rev 48459) @@ -1,3 +1,9 @@ +CVE-2017-5600 + RESERVED +CVE-2017-5599 (An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. ...) + TODO: check +CVE-2017-5598 (An issue was discovered in eClinicalWorks healow@work 8.0 build 8. This ...) + TODO: check CVE-2017-XXXX [XSS in the posts list table] - wordpress <unfixed> (bug #852767) NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/01/27/2 @@ -987,10 +993,10 @@ NOTE: The issue is only present from 1.14 onwards, and prior to 1.14.1 since upstream NOTE: changed a malloc'ed buffer for a static one. NOTE: https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00001.html -CVE-2017-5329 - RESERVED -CVE-2017-5328 - RESERVED +CVE-2017-5329 (Palo Alto Networks Terminal Services Agent before 7.0.7 allows local ...) + TODO: check +CVE-2017-5328 (Palo Alto Networks Terminal Services Agent before 7.0.7 allows ...) + TODO: check CVE-2017-5327 RESERVED CVE-2017-5326 @@ -4540,14 +4546,12 @@ NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/7 NOTE: When fixing this issue make sure to apply the complete correct fix to NOTE: not open ikiwiki to be vulnerable for CVE-2016-9645. -CVE-2016-10025 [x86: missing NULL pointer check in VMFUNC emulation] - RESERVED +CVE-2016-10025 (VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD ...) - xen 4.8.0-1 [jessie] - xen <not-affected> (Vulnerable code introduced later) [wheezy] - xen <not-affected> (Vulnerable code introduced later) NOTE: https://xenbits.xen.org/xsa/advisory-203.html -CVE-2016-10024 [x86 PV guests may be able to mask interrupts] - RESERVED +CVE-2016-10024 (Xen through 4.8.x allows local x86 PV guest OS kernel administrators ...) {DLA-783-1} - xen 4.8.0-1 NOTE: https://xenbits.xen.org/xsa/advisory-202.html @@ -4691,6 +4695,7 @@ NOTE: https://www.openssl.org/news/secadv/20170126.txt CVE-2017-3731 RESERVED + {DSA-3773-1} - openssl 1.1.0d-1 - openssl1.0 1.0.2k-1 NOTE: https://www.openssl.org/news/secadv/20170126.txt @@ -4803,8 +4808,7 @@ RESERVED CVE-2016-10000 RESERVED -CVE-2016-10013 [x86: Mishandling of SYSCALL singlestep during emulation] - RESERVED +CVE-2016-10013 (Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain ...) {DLA-783-1} - xen 4.8.0-1 (bug #848713) NOTE: https://xenbits.xen.org/xsa/advisory-204.html @@ -4856,8 +4860,7 @@ NOTE: http://zeroscience.mk/en/vulnerabilities/ZSL-2016-5384.php NOTE: Fixed by: https://github.com/commontk/DCMTK/commit/1b6bb76 NOTE: http://www.openwall.com/lists/oss-security/2016/12/17/2 -CVE-2016-10003 [Issue #2, cookie headers and other client-specific private infformation leak] - RESERVED +CVE-2016-10003 (Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 ...) - squid3 3.5.23-1 (bug #848491) [jessie] - squid3 <not-affected> (Does not affect Squid versions before 3.5.0.1) [wheezy] - squid3 <not-affected> (Does not affect Squid versions before 3.5.0.1) @@ -4871,8 +4874,7 @@ NOTE: 3.5.0.1 up to and including 3.5.22 NOTE: 4.0.1 up to and including 4.0.16 NOTE: http://www.openwall.com/lists/oss-security/2016/12/17/1 -CVE-2016-10002 [Issue #1, cookie headers and other client-specific private infformation leak] - RESERVED +CVE-2016-10002 (Incorrect processing of responses to If-None-Modified HTTP conditional ...) {DSA-3745-1 DLA-763-1} - squid3 3.5.23-1 (bug #848493) NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_11.txt @@ -4992,8 +4994,7 @@ {DSA-3748-1 DLA-766-1} - libcrypto++ 5.6.4-5 (bug #848009) NOTE: https://github.com/weidai11/cryptopp/issues/346 -CVE-2016-9932 [x86 CMPXCHG8B emulation fails to ignore operand size override] - RESERVED +CVE-2016-9932 (CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows ...) - xen 4.8.0~rc3-1 (bug #848081) NOTE: https://xenbits.xen.org/xsa/advisory-200.html CVE-2016-9931 @@ -5763,334 +5764,299 @@ RESERVED CVE-2017-3444 RESERVED -CVE-2017-3443 - RESERVED +CVE-2017-3443 (Vulnerability in the Oracle Common Applications component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3442 - RESERVED -CVE-2017-3441 - RESERVED -CVE-2017-3440 - RESERVED +CVE-2017-3442 (Vulnerability in the Oracle Customer Interaction History component of ...) + TODO: check +CVE-2017-3441 (Vulnerability in the Oracle Customer Interaction History component of ...) + TODO: check +CVE-2017-3440 (Vulnerability in the Oracle Customer Interaction History component of ...) NOT-FOR-US: Oracle -CVE-2017-3439 - RESERVED -CVE-2017-3438 - RESERVED -CVE-2017-3437 - RESERVED -CVE-2017-3436 - RESERVED -CVE-2017-3435 - RESERVED +CVE-2017-3439 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + TODO: check +CVE-2017-3438 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + TODO: check +CVE-2017-3437 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + TODO: check +CVE-2017-3436 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + TODO: check +CVE-2017-3435 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + TODO: check CVE-2017-3434 RESERVED -CVE-2017-3433 - RESERVED +CVE-2017-3433 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + TODO: check CVE-2017-3432 RESERVED -CVE-2017-3431 - RESERVED -CVE-2017-3430 - RESERVED -CVE-2017-3429 - RESERVED -CVE-2017-3428 - RESERVED -CVE-2017-3427 - RESERVED -CVE-2017-3426 - RESERVED -CVE-2017-3425 - RESERVED -CVE-2017-3424 - RESERVED -CVE-2017-3423 - RESERVED -CVE-2017-3422 - RESERVED -CVE-2017-3421 - RESERVED +CVE-2017-3431 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + TODO: check +CVE-2017-3430 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + TODO: check +CVE-2017-3429 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + TODO: check +CVE-2017-3428 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + TODO: check +CVE-2017-3427 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + TODO: check +CVE-2017-3426 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + TODO: check +CVE-2017-3425 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + TODO: check +CVE-2017-3424 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + TODO: check +CVE-2017-3423 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + TODO: check +CVE-2017-3422 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + TODO: check +CVE-2017-3421 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3420 - RESERVED -CVE-2017-3419 - RESERVED -CVE-2017-3418 - RESERVED +CVE-2017-3420 (Vulnerability in the Oracle CRM Technical Foundation component of ...) + TODO: check +CVE-2017-3419 (Vulnerability in the Oracle CRM Technical Foundation component of ...) + TODO: check +CVE-2017-3418 (Vulnerability in the Oracle CRM Technical Foundation component of ...) NOT-FOR-US: Oracle -CVE-2017-3417 - RESERVED -CVE-2017-3416 - RESERVED -CVE-2017-3415 - RESERVED +CVE-2017-3417 (Vulnerability in the Oracle Universal Work Queue component of Oracle ...) + TODO: check +CVE-2017-3416 (Vulnerability in the Oracle Universal Work Queue component of Oracle ...) + TODO: check +CVE-2017-3415 (Vulnerability in the Oracle Universal Work Queue component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3414 - RESERVED -CVE-2017-3413 - RESERVED -CVE-2017-3412 - RESERVED -CVE-2017-3411 - RESERVED -CVE-2017-3410 - RESERVED -CVE-2017-3409 - RESERVED -CVE-2017-3408 - RESERVED -CVE-2017-3407 - RESERVED -CVE-2017-3406 - RESERVED -CVE-2017-3405 - RESERVED -CVE-2017-3404 - RESERVED -CVE-2017-3403 - RESERVED -CVE-2017-3402 - RESERVED -CVE-2017-3401 - RESERVED -CVE-2017-3400 - RESERVED -CVE-2017-3399 - RESERVED -CVE-2017-3398 - RESERVED -CVE-2017-3397 - RESERVED -CVE-2017-3396 - RESERVED -CVE-2017-3395 - RESERVED -CVE-2017-3394 - RESERVED +CVE-2017-3414 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3413 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3412 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3411 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3410 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3409 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3408 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3407 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3406 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3405 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3404 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3403 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3402 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3401 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3400 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3399 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3398 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3397 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3396 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3395 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3394 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check CVE-2017-3393 RESERVED -CVE-2017-3392 - RESERVED -CVE-2017-3391 - RESERVED -CVE-2017-3390 - RESERVED -CVE-2017-3389 - RESERVED -CVE-2017-3388 - RESERVED -CVE-2017-3387 - RESERVED +CVE-2017-3392 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3391 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3390 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3389 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3388 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3387 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) NOT-FOR-US: Oracle -CVE-2017-3386 - RESERVED -CVE-2017-3385 - RESERVED -CVE-2017-3384 - RESERVED -CVE-2017-3383 - RESERVED -CVE-2017-3382 - RESERVED -CVE-2017-3381 - RESERVED -CVE-2017-3380 - RESERVED -CVE-2017-3379 - RESERVED -CVE-2017-3378 - RESERVED -CVE-2017-3377 - RESERVED -CVE-2017-3376 - RESERVED -CVE-2017-3375 - RESERVED -CVE-2017-3374 - RESERVED -CVE-2017-3373 - RESERVED +CVE-2017-3386 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3385 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3384 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3383 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3382 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3381 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3380 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3379 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3378 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3377 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3376 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3375 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3374 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) + TODO: check +CVE-2017-3373 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) NOT-FOR-US: Oracle -CVE-2017-3372 - RESERVED +CVE-2017-3372 (Vulnerability in the Oracle Interaction Blending component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3371 - RESERVED -CVE-2017-3370 - RESERVED -CVE-2017-3369 - RESERVED +CVE-2017-3371 (Vulnerability in the Oracle iSupport component of Oracle E-Business ...) + TODO: check +CVE-2017-3370 (Vulnerability in the Oracle iSupport component of Oracle E-Business ...) + TODO: check +CVE-2017-3369 (Vulnerability in the Oracle iSupport component of Oracle E-Business ...) NOT-FOR-US: Oracle -CVE-2017-3368 - RESERVED +CVE-2017-3368 (Vulnerability in the Oracle iStore component of Oracle E-Business ...) NOT-FOR-US: Oracle -CVE-2017-3367 - RESERVED -CVE-2017-3366 - RESERVED -CVE-2017-3365 - RESERVED -CVE-2017-3364 - RESERVED -CVE-2017-3363 - RESERVED -CVE-2017-3362 - RESERVED +CVE-2017-3367 (Vulnerability in the Oracle Knowledge Management component of Oracle ...) + TODO: check +CVE-2017-3366 (Vulnerability in the Oracle Knowledge Management component of Oracle ...) + TODO: check +CVE-2017-3365 (Vulnerability in the Oracle Knowledge Management component of Oracle ...) + TODO: check +CVE-2017-3364 (Vulnerability in the Oracle Knowledge Management component of Oracle ...) + TODO: check +CVE-2017-3363 (Vulnerability in the Oracle Knowledge Management component of Oracle ...) + TODO: check +CVE-2017-3362 (Vulnerability in the Oracle Knowledge Management component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3361 - RESERVED +CVE-2017-3361 (Vulnerability in the Oracle Installed Base component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3360 - RESERVED -CVE-2017-3359 - RESERVED +CVE-2017-3360 (Vulnerability in the Oracle Customer Intelligence component of Oracle ...) + TODO: check +CVE-2017-3359 (Vulnerability in the Oracle Customer Intelligence component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3358 - RESERVED -CVE-2017-3357 - RESERVED +CVE-2017-3358 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) + TODO: check +CVE-2017-3357 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) + TODO: check CVE-2017-3356 RESERVED CVE-2017-3355 RESERVED -CVE-2017-3354 - RESERVED -CVE-2017-3353 - RESERVED -CVE-2017-3352 - RESERVED -CVE-2017-3351 - RESERVED -CVE-2017-3350 - RESERVED -CVE-2017-3349 - RESERVED -CVE-2017-3348 - RESERVED +CVE-2017-3354 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) + TODO: check +CVE-2017-3353 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) + TODO: check +CVE-2017-3352 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) + TODO: check +CVE-2017-3351 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) + TODO: check +CVE-2017-3350 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) + TODO: check +CVE-2017-3349 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) + TODO: check +CVE-2017-3348 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) + TODO: check CVE-2017-3347 RESERVED -CVE-2017-3346 - RESERVED +CVE-2017-3346 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) + TODO: check CVE-2017-3345 RESERVED -CVE-2017-3344 - RESERVED -CVE-2017-3343 - RESERVED +CVE-2017-3344 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) + TODO: check +CVE-2017-3343 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) + TODO: check CVE-2017-3342 RESERVED -CVE-2017-3341 - RESERVED -CVE-2017-3340 - RESERVED -CVE-2017-3339 - RESERVED -CVE-2017-3338 - RESERVED +CVE-2017-3341 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) + TODO: check +CVE-2017-3340 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) + TODO: check +CVE-2017-3339 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) + TODO: check +CVE-2017-3338 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) + TODO: check CVE-2017-3337 RESERVED -CVE-2017-3336 - RESERVED -CVE-2017-3335 - RESERVED -CVE-2017-3334 - RESERVED -CVE-2017-3333 - RESERVED +CVE-2017-3336 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) + TODO: check +CVE-2017-3335 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) + TODO: check +CVE-2017-3334 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) + TODO: check +CVE-2017-3333 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) NOT-FOR-US: Oracle -CVE-2017-3332 - RESERVED +CVE-2017-3332 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...) - virtualbox 5.1.14-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) [wheezy] - virtualbox <end-of-life> (DSA 3454) CVE-2017-3331 RESERVED -CVE-2017-3330 - RESERVED +CVE-2017-3330 (Vulnerability in the Siebel UI Framework component of Oracle Siebel ...) NOT-FOR-US: Oracle Siebel CVE-2017-3329 RESERVED -CVE-2017-3328 - RESERVED +CVE-2017-3328 (Vulnerability in the Oracle Common Applications component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3327 - RESERVED +CVE-2017-3327 (Vulnerability in the Oracle Common Applications component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3326 - RESERVED +CVE-2017-3326 (Vulnerability in the Oracle Common Applications component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3325 - RESERVED +CVE-2017-3325 (Vulnerability in the Siebel UI Framework component of Oracle Siebel ...) NOT-FOR-US: Oracle Siebel -CVE-2017-3324 - RESERVED +CVE-2017-3324 (Vulnerability in the Primavera P6 Enterprise Project Portfolio ...) NOT-FOR-US: Oracle Primavera -CVE-2017-3323 - RESERVED +CVE-2017-3323 (Vulnerability in the MySQL Cluster component of Oracle MySQL ...) NOT-FOR-US: MySQL Cluster -CVE-2017-3322 - RESERVED +CVE-2017-3322 (Vulnerability in the MySQL Cluster component of Oracle MySQL ...) NOT-FOR-US: MySQL Cluster -CVE-2017-3321 - RESERVED +CVE-2017-3321 (Vulnerability in the MySQL Cluster component of Oracle MySQL ...) NOT-FOR-US: MySQL Cluster -CVE-2017-3320 - RESERVED +CVE-2017-3320 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.7 <unfixed> (bug #851235) - mysql-5.6 <not-affected> (Only affects MySQL 5.7) - mysql-5.5 <not-affected> (Only affects MySQL 5.7) -CVE-2017-3319 - RESERVED +CVE-2017-3319 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.7 <unfixed> (bug #851235) - mysql-5.6 <not-affected> (Only affects MySQL 5.7) - mysql-5.5 <not-affected> (Only affects MySQL 5.7) -CVE-2017-3318 - RESERVED +CVE-2017-3318 (Vulnerability in the MySQL Server component of Oracle MySQL ...) {DSA-3770-1 DSA-3767-1 DLA-797-1} - mariadb-10.1 10.1.21-1 (bug #851759) - mariadb-10.0 <unfixed> (bug #851755) - mysql-5.7 <unfixed> (bug #851235) - mysql-5.6 5.6.35-1 (bug #851234) - mysql-5.5 <removed> (bug #851233) -CVE-2017-3317 - RESERVED +CVE-2017-3317 (Vulnerability in the MySQL Server component of Oracle MySQL ...) {DSA-3770-1 DSA-3767-1 DLA-797-1} - mariadb-10.1 10.1.21-1 (bug #851759) - mariadb-10.0 <unfixed> (bug #851755) - mysql-5.7 <unfixed> (bug #851235) - mysql-5.6 5.6.35-1 (bug #851234) - mysql-5.5 <removed> (bug #851233) -CVE-2017-3316 - RESERVED +CVE-2017-3316 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...) - virtualbox 5.1.14-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) [wheezy] - virtualbox <end-of-life> (DSA 3454) -CVE-2017-3315 - RESERVED +CVE-2017-3315 (Vulnerability in the PeolpeSoft Enterprise HCM ePerformance component ...) NOT-FOR-US: Oracle PeopleSoft -CVE-2017-3314 - RESERVED +CVE-2017-3314 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...) NOT-FOR-US: Oracle FLEXCUBE -CVE-2017-3313 - RESERVED +CVE-2017-3313 (Vulnerability in the MySQL Server component of Oracle MySQL ...) {DSA-3767-1 DLA-797-1} - mysql-5.7 <unfixed> (bug #851235) - mysql-5.6 5.6.35-1 (bug #851234) - mysql-5.5 <removed> (bug #851233) -CVE-2017-3312 - RESERVED +CVE-2017-3312 (Vulnerability in the MySQL Server component of Oracle MySQL ...) {DSA-3770-1 DSA-3767-1 DLA-797-1} - mariadb-10.1 10.1.21-1 (bug #851759) - mariadb-10.0 <unfixed> (bug #851755) - mysql-5.7 <unfixed> (bug #851235) - mysql-5.6 5.6.35-1 (bug #851234) - mysql-5.5 <removed> (bug #851233) -CVE-2017-3311 - RESERVED +CVE-2017-3311 (Vulnerability in the Application Testing Suite component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3310 - RESERVED +CVE-2017-3310 (Vulnerability in the OJVM component of Oracle Database Server. ...) NOT-FOR-US: Oracle CVE-2017-3309 RESERVED @@ -6104,257 +6070,194 @@ RESERVED CVE-2017-3304 RESERVED -CVE-2017-3303 - RESERVED +CVE-2017-3303 (Vulnerability in the Oracle XML Gateway component of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2017-3302 RESERVED -CVE-2017-3301 - RESERVED +CVE-2017-3301 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) NOT-FOR-US: Solaris -CVE-2017-3300 - RESERVED +CVE-2017-3300 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...) NOT-FOR-US: Oracle PeopleSoft -CVE-2017-3299 - RESERVED +CVE-2017-3299 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...) NOT-FOR-US: Oracle PeopleSoft -CVE-2017-3298 - RESERVED +CVE-2017-3298 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...) NOT-FOR-US: Oracle PeopleSoft -CVE-2017-3297 - RESERVED +CVE-2017-3297 (Vulnerability in the Oracle FLEXCUBE Direct Banking component of ...) NOT-FOR-US: Oracle FLEXCUBE -CVE-2017-3296 - RESERVED +CVE-2017-3296 (Vulnerability in the Oracle Commerce Platform component of Oracle ...) NOT-FOR-US: Oracle Commerce -CVE-2017-3295 - RESERVED +CVE-2017-3295 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3294 - RESERVED +CVE-2017-3294 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3293 - RESERVED +CVE-2017-3293 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3292 - RESERVED +CVE-2017-3292 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...) NOT-FOR-US: Oracle PeopleSoft -CVE-2017-3291 - RESERVED +CVE-2017-3291 (Vulnerability in the MySQL Server component of Oracle MySQL ...) {DSA-3770-1 DSA-3767-1 DLA-797-1} - mariadb-10.1 10.1.21-1 (bug #851759) - mariadb-10.0 <unfixed> (bug #851755) - mysql-5.7 <unfixed> (bug #851235) - mysql-5.6 5.6.35-1 (bug #851234) - mysql-5.5 <removed> (bug #851233) -CVE-2017-3290 - RESERVED +CVE-2017-3290 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...) - virtualbox 5.1.14-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) [wheezy] - virtualbox <end-of-life> (DSA 3454) -CVE-2017-3289 - RESERVED +CVE-2017-3289 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - openjdk-8 8u121-b13-1 - openjdk-7 <removed> CVE-2017-3288 RESERVED -CVE-2017-3287 - RESERVED +CVE-2017-3287 (Vulnerability in the Oracle iStore component of Oracle E-Business ...) NOT-FOR-US: Oracle -CVE-2017-3286 - RESERVED +CVE-2017-3286 (Vulnerability in the Oracle Applications DBA component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3285 - RESERVED +CVE-2017-3285 (Vulnerability in the Oracle Service Fulfillment Manager component of ...) NOT-FOR-US: Oracle -CVE-2017-3284 - RESERVED +CVE-2017-3284 (Vulnerability in the Oracle Fulfillment Manager component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3283 - RESERVED +CVE-2017-3283 (Vulnerability in the Oracle Partner Management component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3282 - RESERVED +CVE-2017-3282 (Vulnerability in the Oracle Partner Management component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3281 - RESERVED +CVE-2017-3281 (Vulnerability in the Oracle Partner Management component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3280 - RESERVED +CVE-2017-3280 (Vulnerability in the Oracle Partner Management component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3279 - RESERVED +CVE-2017-3279 (Vulnerability in the Oracle Leads Management component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3278 - RESERVED +CVE-2017-3278 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3277 - RESERVED +CVE-2017-3277 (Vulnerability in the Oracle Applications Manager component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3276 - RESERVED +CVE-2017-3276 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) NOT-FOR-US: Solaris -CVE-2017-3275 - RESERVED +CVE-2017-3275 (Vulnerability in the Oracle Email Center component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3274 - RESERVED +CVE-2017-3274 (Vulnerability in the Oracle Email Center component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3273 - RESERVED +CVE-2017-3273 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.7 <unfixed> (bug #851235) - mysql-5.6 5.6.35-1 (bug #851234) - mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7) -CVE-2017-3272 - RESERVED +CVE-2017-3272 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - openjdk-8 8u121-b13-1 - openjdk-7 <removed> - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> -CVE-2017-3271 - RESERVED +CVE-2017-3271 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3270 - RESERVED +CVE-2017-3270 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3269 - RESERVED +CVE-2017-3269 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3268 - RESERVED +CVE-2017-3268 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3267 - RESERVED +CVE-2017-3267 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3266 - RESERVED +CVE-2017-3266 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle -CVE-2017-3265 - RESERVED +CVE-2017-3265 (Vulnerability in the MySQL Server component of Oracle MySQL ...) {DSA-3770-1 DSA-3767-1 DLA-797-1} - mariadb-10.1 10.1.21-1 (bug #851759) - mariadb-10.0 <unfixed> (bug #851755) - mysql-5.7 <unfixed> (bug #851235) - mysql-5.6 5.6.35-1 (bug #851234) - mysql-5.5 <removed> (bug #851233) -CVE-2017-3264 - RESERVED +CVE-2017-3264 (Vulnerability in the Siebel UI Framework component of Oracle Siebel ...) NOT-FOR-US: Oracle Siebel -CVE-2017-3263 - RESERVED +CVE-2017-3263 (Vulnerability in the Primavera P6 Enterprise Project Portfolio ...) NOT-FOR-US: Oracle Primavera -CVE-2017-3262 - RESERVED +CVE-2017-3262 (Vulnerability in the Java SE component of Oracle Java SE ...) - openjdk-8 <not-affected> (specific to Oracle Java) -CVE-2017-3261 - RESERVED +CVE-2017-3261 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - openjdk-8 8u121-b13-1 - openjdk-7 <removed> - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> -CVE-2017-3260 - RESERVED +CVE-2017-3260 (Vulnerability in the Java SE component of Oracle Java SE ...) - openjdk-8 8u121-b13-1 - openjdk-7 <removed> -CVE-2017-3259 - RESERVED +CVE-2017-3259 (Vulnerability in the Java SE component of Oracle Java SE ...) - openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java) -CVE-2017-3258 - RESERVED +CVE-2017-3258 (Vulnerability in the MySQL Server component of Oracle MySQL ...) {DSA-3770-1 DSA-3767-1 DLA-797-1} - mariadb-10.1 10.1.21-1 (bug #851759) - mariadb-10.0 <unfixed> (bug #851755) - mysql-5.7 <unfixed> (bug #851235) - mysql-5.6 5.6.35-1 (bug #851234) - mysql-5.5 <removed> (bug #851233) -CVE-2017-3257 - RESERVED +CVE-2017-3257 (Vulnerability in the MySQL Server component of Oracle MySQL ...) {DSA-3770-1} - mariadb-10.1 10.1.21-1 (bug #851759) - mariadb-10.0 <unfixed> (bug #851755) - mysql-5.7 <unfixed> (bug #851235) - mysql-5.6 5.6.35-1 (bug #851234) - mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7) -CVE-2017-3256 - RESERVED +CVE-2017-3256 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.7 <unfixed> (bug #851235) - mysql-5.6 <not-affected> (Only affects MySQL 5.7) - mysql-5.5 <not-affected> (Only affects MySQL 5.7) -CVE-2017-3255 - RESERVED +CVE-2017-3255 (Vulnerability in the Oracle JDeveloper component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-3254 RESERVED -CVE-2017-3253 - RESERVED +CVE-2017-3253 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - openjdk-8 8u121-b13-1 - openjdk-7 <removed> - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> -CVE-2017-3252 - RESERVED +CVE-2017-3252 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - openjdk-8 8u121-b13-1 - openjdk-7 <removed> - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> -CVE-2017-3251 - RESERVED +CVE-2017-3251 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.7 <unfixed> (bug #851235) - mysql-5.6 <not-affected> (Only affects MySQL 5.7) - mysql-5.5 <not-affected> (Only affects MySQL 5.7) -CVE-2017-3250 - RESERVED +CVE-2017-3250 (Vulnerability in the Oracle GlassFish Server component of Oracle ...) - glassfish <unfixed> -CVE-2017-3249 - RESERVED +CVE-2017-3249 (Vulnerability in the Oracle GlassFish Server component of Oracle ...) - glassfish <unfixed> -CVE-2017-3248 - RESERVED +CVE-2017-3248 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle -CVE-2017-3247 - RESERVED +CVE-2017-3247 (Vulnerability in the Oracle GlassFish Server component of Oracle ...) - glassfish <unfixed> -CVE-2017-3246 - RESERVED +CVE-2017-3246 (Vulnerability in the Oracle Application Object Library component of ...) NOT-FOR-US: Oracle -CVE-2017-3245 - RESERVED +CVE-2017-3245 (Vulnerability in the Oracle FLEXCUBE Direct Banking component of ...) NOT-FOR-US: Oracle FLEXCUBE -CVE-2017-3244 - RESERVED +CVE-2017-3244 (Vulnerability in the MySQL Server component of Oracle MySQL ...) {DSA-3770-1 DSA-3767-1 DLA-797-1} - mariadb-10.1 10.1.21-1 (bug #851759) - mariadb-10.0 <unfixed> (bug #851755) - mysql-5.7 <unfixed> (bug #851235) - mysql-5.6 5.6.35-1 (bug #851234) - mysql-5.5 <removed> (bug #851233) -CVE-2017-3243 - RESERVED +CVE-2017-3243 (Vulnerability in the MySQL Server component of Oracle MySQL ...) {DSA-3770-1 DSA-3767-1 DLA-797-1} - mariadb-10.1 10.1.21-1 (bug #851759) - mariadb-10.0 <unfixed> (bug #851755) - mysql-5.7 <not-affected> (Only affects MySQL 5.5) - mysql-5.6 <not-affected> (Only affects MySQL 5.5) - mysql-5.5 <removed> (bug #851233) -CVE-2017-3242 - RESERVED +CVE-2017-3242 (Vulnerability in the Oracle VM Server for Sparc component of Oracle ...) NOT-FOR-US: Solaris -CVE-2017-3241 - RESERVED +CVE-2017-3241 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - openjdk-8 8u121-b13-1 - openjdk-7 <removed> - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> -CVE-2017-3240 - RESERVED +CVE-2017-3240 (Vulnerability in the RDBMS Security component of Oracle Database ...) NOT-FOR-US: Oracle -CVE-2017-3239 - RESERVED +CVE-2017-3239 (Vulnerability in the Oracle GlassFish Server component of Oracle ...) - glassfish <not-affected> (Only affects 3.x) -CVE-2017-3238 - RESERVED +CVE-2017-3238 (Vulnerability in the MySQL Server component of Oracle MySQL ...) {DSA-3770-1 DSA-3767-1 DLA-797-1} - mariadb-10.1 10.1.21-1 (bug #851759) - mariadb-10.0 <unfixed> (bug #851755) @@ -6363,11 +6266,9 @@ - mysql-5.5 <removed> (bug #851233) CVE-2017-3237 RESERVED -CVE-2017-3236 - RESERVED +CVE-2017-3236 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...) NOT-FOR-US: Oracle FLEXCUBE -CVE-2017-3235 - RESERVED +CVE-2017-3235 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...) NOT-FOR-US: Oracle FLEXCUBE CVE-2017-3234 RESERVED @@ -6375,8 +6276,7 @@ RESERVED CVE-2017-3232 RESERVED -CVE-2017-3231 - RESERVED +CVE-2017-3231 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - openjdk-8 8u121-b13-1 - openjdk-7 <removed> - openjdk-6 <removed> @@ -7182,8 +7082,8 @@ RESERVED CVE-2016-9796 (Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs ...) NOT-FOR-US: Alcatel-Lucent OmniVista -CVE-2016-9795 - RESERVED +CVE-2016-9795 (The casrvc program in CA Common Services, as used in CA Client ...) + TODO: check CVE-2016-9792 RESERVED CVE-2016-9791 @@ -13556,8 +13456,7 @@ [jessie] - linux 3.16.39-1 [wheezy] - linux <not-affected> (Introduced in 3.12) NOTE: Fixed by: https://git.kernel.org/linus/92964c79b357efd980812c4de5c1fd2ec8bb5520 (v4.7-rc1) -CVE-2016-9636 - RESERVED +CVE-2016-9636 (Heap-based buffer overflow in the flx_decode_delta_fli function in ...) {DSA-3724-1 DSA-3723-1 DLA-727-1} - gst-plugins-good1.0 1.10.1-2 (bug #845375) - gst-plugins-good0.10 <removed> @@ -13567,8 +13466,7 @@ NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2 NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9 NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff -CVE-2016-9635 - RESERVED +CVE-2016-9635 (Heap-based buffer overflow in the flx_decode_delta_fli function in ...) {DSA-3724-1 DSA-3723-1 DLA-727-1} - gst-plugins-good1.0 1.10.1-2 (bug #845375) - gst-plugins-good0.10 <removed> @@ -13578,8 +13476,7 @@ NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2 NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9 NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff -CVE-2016-9634 - RESERVED +CVE-2016-9634 (Heap-based buffer overflow in the flx_decode_delta_fli function in ...) {DSA-3724-1 DSA-3723-1 DLA-727-1} - gst-plugins-good1.0 1.10.1-2 (bug #845375) - gst-plugins-good0.10 <removed> @@ -13892,8 +13789,7 @@ - imagemagick 8:6.9.6.2+dfsg-2 (bug #845195) NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410 NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3 -CVE-2016-9448 [invalid read of size 1 in TIFFFetchNormalTag] - RESERVED +CVE-2016-9448 (The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote ...) - tiff <not-affected> (Vulnerable code introduced by fix for CVE-2016-9297) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2593 NOTE: Regression introduced by previous fix done on 2016-11-11 for CVE-2016-9297 @@ -14081,8 +13977,7 @@ RESERVED CVE-2015-8973 RESERVED -CVE-2016-9453 [tiff2pdf: out-of-bounds write memcpy] - RESERVED +CVE-2016-9453 (The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote ...) {DSA-3762-1} - tiff 4.0.6-3 [wheezy] - tiff 4.0.2-6+deb7u7 @@ -14400,8 +14295,7 @@ NOTE: For wheezy it is probably not worth the effort to fix this problem. NOTE: The reason is that the correction is to introduce a new option that can be specified if this new behaviour NOTE: is wanted. It is not enforced by default. -CVE-2016-9317 - RESERVED +CVE-2016-9317 (The gdImageCreate function in the GD Graphics Library (aka libgd) ...) - libgd2 2.2.4-1 NOTE: https://github.com/libgd/libgd/commit/6944ea10cb730d5071620439c6c2e823e6caeff1 NOTE: https://github.com/libgd/libgd/issues/340 @@ -14506,8 +14400,7 @@ CVE-2016-9299 (The remoting module in Jenkins before 2.32 and LTS before 2.19.3 ...) - jenkins <removed> NOTE: http://www.openwall.com/lists/oss-security/2016/11/12/4 -CVE-2016-9298 [heap overflow in WaveletDenoiseImage()] - RESERVED +CVE-2016-9298 (Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c ...) - imagemagick 8:6.9.6.5+dfsg-1 (bug #844211) [jessie] - imagemagick <not-affected> (Vulnerable code not present) [wheezy] - imagemagick <not-affected> (Vulnerable code not present) @@ -15282,16 +15175,16 @@ RESERVED CVE-2016-9055 RESERVED -CVE-2016-9054 - RESERVED +CVE-2016-9054 (An exploitable stack-based buffer overflow vulnerability exists in the ...) + TODO: check CVE-2016-9053 RESERVED -CVE-2016-9052 - RESERVED +CVE-2016-9052 (An exploitable stack-based buffer overflow vulnerability exists in the ...) + TODO: check CVE-2016-9051 RESERVED -CVE-2016-9050 - RESERVED +CVE-2016-9050 (An exploitable out-of-bounds read vulnerability exists in the client ...) + TODO: check CVE-2016-9049 RESERVED CVE-2016-9048 @@ -16062,8 +15955,8 @@ RESERVED CVE-2016-8711 RESERVED -CVE-2016-8710 - RESERVED +CVE-2016-8710 (An exploitable heap write out of bounds vulnerability exists in the ...) + TODO: check CVE-2016-8709 RESERVED CVE-2016-8708 @@ -16241,8 +16134,7 @@ RESERVED CVE-2005-4896 RESERVED -CVE-2016-6911 [invalid read in gdImageCreateFromTiffPtr()] - RESERVED +CVE-2016-6911 (The dynamicGetbuf function in the GD Graphics Library (aka libgd) ...) {DSA-3693-1 DLA-665-1} - libgd2 2.2.3-87-gd0fec80-2 (bug #840806) NOTE: Corresponds to the 0020-Fix-invalid-read-in-gdImageCreateFromTiffPtr.patch patch @@ -16689,6 +16581,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2016/10/27/16 CVE-2016-8610 [SSL/TLS SSL3_AL_WARNING undefined alert DoS] RESERVED + {DSA-3773-1} - openssl 1.0.2j-1 NOTE: http://www.openwall.com/lists/oss-security/2016/10/24/3 NOTE: Fixed by: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401 @@ -17228,8 +17121,8 @@ RESERVED CVE-2016-8412 (An elevation of privilege vulnerability in the Qualcomm camera could ...) NOT-FOR-US: Qualcomm component for Android -CVE-2016-8411 - RESERVED +CVE-2016-8411 (Buffer overflow vulnerability while processing QMI QOS TLVs. Product: ...) + TODO: check CVE-2016-8410 (An information disclosure vulnerability in the Qualcomm sound driver ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-8409 (An information disclosure vulnerability in the NVIDIA video driver ...) @@ -17484,109 +17377,77 @@ NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0190/ NOTE: thumbnail(1) was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package NOTE: From the backtrace shared in the report, we can see that the crash is triggered though the thumbnail tool which has been dropped upstream. -CVE-2016-8330 - RESERVED +CVE-2016-8330 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) NOT-FOR-US: Solaris -CVE-2016-8329 - RESERVED +CVE-2016-8329 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...) NOT-FOR-US: Oracle PeopleSoft -CVE-2016-8328 - RESERVED +CVE-2016-8328 (Vulnerability in the Java SE component of Oracle Java SE ...) - openjdk-8 <not-affected> (specific to Oracle Java) -CVE-2016-8327 - RESERVED +CVE-2016-8327 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.7 <unfixed> (bug #851235) - mysql-5.6 5.6.35-1 (bug #851234) - mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7) CVE-2016-8326 RESERVED -CVE-2016-8325 - RESERVED +CVE-2016-8325 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle -CVE-2016-8324 - RESERVED +CVE-2016-8324 (Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle ...) NOT-FOR-US: Oracle FLEXCUBE -CVE-2016-8323 - RESERVED +CVE-2016-8323 (Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle ...) NOT-FOR-US: Oracle FLEXCUBE -CVE-2016-8322 - RESERVED +CVE-2016-8322 (Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle ...) NOT-FOR-US: Oracle FLEXCUBE CVE-2016-8321 RESERVED -CVE-2016-8320 - RESERVED +CVE-2016-8320 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...) NOT-FOR-US: Oracle FLEXCUBE -CVE-2016-8319 - RESERVED +CVE-2016-8319 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...) NOT-FOR-US: Oracle FLEXCUBE -CVE-2016-8318 - RESERVED +CVE-2016-8318 (Vulnerability in the MySQL Server component of Oracle MySQL ...) - mysql-5.7 <unfixed> (bug #851235) - mysql-5.6 5.6.35-1 (bug #851234) - mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7) -CVE-2016-8317 - RESERVED +CVE-2016-8317 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...) NOT-FOR-US: Oracle FLEXCUBE -CVE-2016-8316 - RESERVED +CVE-2016-8316 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...) NOT-FOR-US: Oracle FLEXCUBE -CVE-2016-8315 - RESERVED +CVE-2016-8315 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...) NOT-FOR-US: Oracle FLEXCUBE -CVE-2016-8314 - RESERVED +CVE-2016-8314 (Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle ...) NOT-FOR-US: Oracle FLEXCUBE -CVE-2016-8313 - RESERVED +CVE-2016-8313 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...) NOT-FOR-US: Oracle FLEXCUBE -CVE-2016-8312 - RESERVED +CVE-2016-8312 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...) NOT-FOR-US: Oracle FLEXCUBE -CVE-2016-8311 - RESERVED +CVE-2016-8311 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...) NOT-FOR-US: Oracle FLEXCUBE -CVE-2016-8310 - RESERVED +CVE-2016-8310 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...) NOT-FOR-US: Oracle FLEXCUBE -CVE-2016-8309 - RESERVED +CVE-2016-8309 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...) NOT-FOR-US: Oracle FLEXCUBE -CVE-2016-8308 - RESERVED +CVE-2016-8308 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...) NOT-FOR-US: Oracle FLEXCUBE -CVE-2016-8307 - RESERVED +CVE-2016-8307 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...) NOT-FOR-US: Oracle FLEXCUBE -CVE-2016-8306 - RESERVED +CVE-2016-8306 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...) NOT-FOR-US: Oracle FLEXCUBE -CVE-2016-8305 - RESERVED +CVE-2016-8305 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...) NOT-FOR-US: Oracle FLEXCUBE -CVE-2016-8304 - RESERVED +CVE-2016-8304 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...) NOT-FOR-US: Oracle FLEXCUBE -CVE-2016-8303 - RESERVED +CVE-2016-8303 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...) NOT-FOR-US: Oracle FLEXCUBE -CVE-2016-8302 - RESERVED +CVE-2016-8302 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...) NOT-FOR-US: Oracle FLEXCUBE -CVE-2016-8301 - RESERVED +CVE-2016-8301 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...) NOT-FOR-US: Oracle FLEXCUBE -CVE-2016-8300 - RESERVED +CVE-2016-8300 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...) NOT-FOR-US: Oracle FLEXCUBE -CVE-2016-8299 - RESERVED +CVE-2016-8299 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...) NOT-FOR-US: Oracle FLEXCUBE -CVE-2016-8298 - RESERVED +CVE-2016-8298 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...) NOT-FOR-US: Oracle FLEXCUBE -CVE-2016-8297 - RESERVED +CVE-2016-8297 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...) NOT-FOR-US: Oracle FLEXCUBE CVE-2016-8296 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: PeopleSoft @@ -17635,8 +17496,7 @@ [jessie] - mysql-5.5 5.5.52-0+deb8u1 [wheezy] - mysql-5.5 5.5.52-0+deb7u1 NOTE: Fixed in MariaDB 5.5.52, MariaDB 10.1.18, MariaDB 10.0.28 -CVE-2016-8282 - RESERVED +CVE-2016-8282 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...) NOT-FOR-US: Oracle FLEXCUBE CVE-2016-8281 (Unspecified vulnerability in the Oracle Platform Security for Java ...) NOT-FOR-US: Oracle @@ -17824,12 +17684,12 @@ RESERVED CVE-2016-8228 RESERVED -CVE-2016-8227 - RESERVED -CVE-2016-8226 - RESERVED -CVE-2016-8225 - RESERVED +CVE-2016-8227 (Privilege escalation vulnerability in Lenovo Transition application ...) + TODO: check +CVE-2016-8226 (The BIOS in Lenovo System X M5, M6, and X6 systems allows ...) + TODO: check +CVE-2016-8225 (Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB ...) + TODO: check CVE-2016-8224 (A vulnerability has been identified in some Lenovo Notebook and ...) NOT-FOR-US: Lenovo CVE-2016-8223 (During an internal security review, Lenovo identified a local ...) @@ -20084,8 +19944,7 @@ - drupal7 <not-affected> (Only affects Drupal 8) CVE-2016-7570 (Drupal 8.x before 8.1.10 does not properly check for "Administer ...) - drupal7 <not-affected> (Only affects Drupal 8) -CVE-2016-7569 - RESERVED +CVE-2016-7569 (Directory traversal vulnerability in docker2aci before 0.13.0 allows ...) - golang-github-appc-docker2aci 0.14.0+dfsg-1 (bug #839282) NOTE: https://github.com/appc/docker2aci/issues/201 CVE-2016-7568 (Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD ...) @@ -21686,6 +21545,7 @@ RESERVED CVE-2016-7056 [ECDSA P-256 timing attack key recovery] RESERVED + {DSA-3773-1} - openssl 1.0.2a-1 - openssl1.0 <not-affected> (Fixed before initial upload to Debian) NOTE: https://eprint.iacr.org/2016/1195.pdf @@ -22039,16 +21899,15 @@ RESERVED CVE-2016-6913 (Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before ...) NOT-FOR-US: OSSIM -CVE-2016-6912 - RESERVED +CVE-2016-6912 (Double free vulnerability in the gdImageWebPtr function in the GD ...) - libgd2 2.2.4-1 NOTE: https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2 CVE-2016-6910 (The non-existent notification listener vulnerability was introduced in ...) TODO: check CVE-2016-6909 (Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before ...) NOT-FOR-US: Fortinet -CVE-2016-6908 - RESERVED +CVE-2016-6908 (Characters from languages are such as Arabic, Hebrew are displayed ...) + TODO: check CVE-2016-6907 RESERVED CVE-2016-6906 [OOB reads of the TGA decompression buffer] @@ -24531,8 +24390,7 @@ NOTE: thus the issue could possibly be presend already before. The code in 1.5-1 looks NOTE: quite similar, although the reproducer does not lead to a heap-use-after-free in NOTE: the 1.5-1 case. -CVE-2016-6264 - RESERVED +CVE-2016-6264 (Integer signedness error in libc/string/arm/memset.S in uClibc and ...) {DLA-561-1} - uclibc-ng <itp> (bug #811275) - uclibc <unfixed> (unimportant) @@ -25778,8 +25636,8 @@ RESERVED CVE-2016-5830 RESERVED -CVE-2016-5822 - RESERVED +CVE-2016-5822 (Huawei Oceanstor 5800 before V300R002C10SPC100 allows remote attackers ...) + TODO: check CVE-2016-5821 (Huawei HiSuite before 4.0.4.204_ove (Out of China) and before ...) NOT-FOR-US: Huawei HiSuite CVE-2016-5820 @@ -26561,8 +26419,7 @@ [jessie] - mysql-5.5 5.5.52-0+deb8u1 [wheezy] - mysql-5.5 5.5.52-0+deb7u1 NOTE: Fixed in MariaDB 5.5.52, MariaDB 10.1.18, MariaDB 10.0.28 -CVE-2016-5623 - RESERVED +CVE-2016-5623 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...) NOT-FOR-US: Oracle FLEXCUBE CVE-2016-5622 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...) NOT-FOR-US: Oracle FLEXCUBE @@ -26580,8 +26437,7 @@ REJECTED CVE-2016-5615 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...) NOT-FOR-US: Solaris -CVE-2016-5614 - RESERVED +CVE-2016-5614 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...) NOT-FOR-US: Oracle FLEXCUBE CVE-2016-5613 (Unspecified vulnerability in the Oracle VM VirtualBox component before ...) - virtualbox 5.1.8-dfsg-1 @@ -26654,8 +26510,7 @@ NOT-FOR-US: Oracle CVE-2016-5591 (Unspecified vulnerability in the Oracle Customer Interaction History ...) NOT-FOR-US: Oracle -CVE-2016-5590 - RESERVED +CVE-2016-5590 (Vulnerability in the MySQL Enterprise Monitor component of Oracle ...) NOT-FOR-US: MySQL Enterprise Monitor CVE-2016-5589 (Unspecified vulnerability in the Oracle CRM Technical Foundation ...) NOT-FOR-US: Oracle @@ -26758,8 +26613,7 @@ [wheezy] - openjdk-6 <end-of-life> CVE-2016-5553 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows ...) NOT-FOR-US: Solaris -CVE-2016-5552 - RESERVED +CVE-2016-5552 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - openjdk-8 8u121-b13-1 - openjdk-7 <removed> - openjdk-6 <removed> @@ -26768,28 +26622,23 @@ RESERVED CVE-2016-5550 RESERVED -CVE-2016-5549 - RESERVED +CVE-2016-5549 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - openjdk-8 8u121-b13-1 - openjdk-7 <removed> -CVE-2016-5548 - RESERVED +CVE-2016-5548 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...) - openjdk-8 8u121-b13-1 - openjdk-7 <removed> - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> -CVE-2016-5547 - RESERVED +CVE-2016-5547 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - openjdk-8 8u121-b13-1 - openjdk-7 <removed> -CVE-2016-5546 - RESERVED +CVE-2016-5546 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...) - openjdk-8 8u121-b13-1 - openjdk-7 <removed> - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> -CVE-2016-5545 - RESERVED +CVE-2016-5545 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...) - virtualbox 5.1.14-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) [wheezy] - virtualbox <end-of-life> (DSA 3454) @@ -26805,8 +26654,7 @@ NOTE: #841692 tracks openjdk-7 - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> -CVE-2016-5541 - RESERVED +CVE-2016-5541 (Vulnerability in the MySQL Cluster component of Oracle MySQL ...) NOT-FOR-US: MySQL Cluster CVE-2016-5540 (Unspecified vulnerability in the Oracle Retail Xstore Payment ...) TODO: check @@ -26835,8 +26683,7 @@ TODO: check CVE-2016-5529 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) TODO: check -CVE-2016-5528 - RESERVED +CVE-2016-5528 (Vulnerability in the Oracle GlassFish Server component of Oracle ...) - glassfish <unfixed> CVE-2016-5527 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...) NOT-FOR-US: Oracle @@ -26874,8 +26721,7 @@ NOT-FOR-US: Oracle CVE-2016-5510 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...) NOT-FOR-US: Oracle -CVE-2016-5509 - RESERVED +CVE-2016-5509 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...) NOT-FOR-US: Oracle FLEXCUBE CVE-2016-5508 (Unspecified vulnerability in the Solaris Cluster component in Oracle ...) NOT-FOR-US: Solaris @@ -32320,8 +32166,8 @@ NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=b3425dd3261679958cd56c0f71995c15d2124433 NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=93476 NOTE: http://www.openwall.com/lists/oss-security/2016/04/12/1 -CVE-2016-3996 - RESERVED +CVE-2016-3996 (ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly ...) + TODO: check CVE-2016-3991 (Heap-based buffer overflow in the loadImage function in the tiffcrop ...) {DSA-3762-1 DLA-610-1 DLA-606-1} - tiff 4.0.7-1 @@ -39186,11 +39032,9 @@ CVE-2016-1923 (Heap-based buffer overflow in the opj_j2k_update_image_data function ...) - openjpeg2 2.1.1-1 (bug #818399) [jessie] - openjpeg2 <no-dsa> (Minor issue, too intrusive to backport) -CVE-2016-1920 [VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3] - RESERVED +CVE-2016-1920 (Samsung KNOX 1.0.0 uses the shared certificate on Android, which ...) NOT-FOR-US: KNOX 1.0 / Android 4.3 -CVE-2016-1919 [Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3] - RESERVED +CVE-2016-1919 (Samsung KNOX 1.0 uses a weak eCryptFS Key generation algorithm, which ...) NOT-FOR-US: KNOX 1.0 / Android 4.3 CVE-2016-1902 (The nextBytes function in the SecureRandom class in Symfony before ...) {DSA-3588-1} @@ -40412,8 +40256,7 @@ NOTE: https://github.com/facebook/hhvm/commit/979b5b312ffbd56126c52f3dcb6cf8fcab89664f NOTE: https://github.com/facebook/hhvm/commit/604689e1565ea6361f9d81f839cd56bdda3b45ed NOTE: https://github.com/facebook/hhvm/commit/f21dccdde582c61d5a9b52dd821bcb1f08169d28 -CVE-2016-1551 [Refclock packets can come from the network] - RESERVED +CVE-2016-1551 (ntpd in NTP 4.2.8p3 and NTPsec ...) - ntp <not-affected> (Does not affect Linux or FreeBSD) NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security CVE-2016-1550 (An exploitable vulnerability exists in the message authentication ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits