Author: sectracker Date: 2017-01-31 21:10:13 +0000 (Tue, 31 Jan 2017) New Revision: 48632
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-01-31 20:46:30 UTC (rev 48631) +++ data/CVE/list 2017-01-31 21:10:13 UTC (rev 48632) @@ -1,8 +1,10 @@ CVE-2017-5666 [invalid free in free_options (options_manager.c)] + RESERVED - mp3splt <unfixed> NOTE: https://blogs.gentoo.org/ago/2017/01/29/mp3splt-invalid-free-in-free_options-options_manager-c NOTE: https://sourceforge.net/p/mp3splt/bugs/209/ CVE-2017-5665 [NULL pointer dereference in splt_cue_export_to_file (cue.c)] + RESERVED - mp3splt <unfixed> (unimportant) NOTE: https://blogs.gentoo.org/ago/2017/01/29/mp3splt-null-pointer-dereference-in-splt_cue_export_to_file-cue-c NOTE: https://sourceforge.net/p/mp3splt/bugs/209/ @@ -110,6 +112,7 @@ CVE-2017-5602 RESERVED CVE-2017-5601 (An error in the lha_read_file_header_1() function ...) + {DLA-810-1} - libarchive 3.2.1-6 (bug #853278) [jessie] - libarchive <no-dsa> (Minor issue) NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/98dcbbf0bf4854bf987557e55e55fff7abbf3ea9 @@ -143,12 +146,14 @@ CVE-2004-2778 RESERVED CVE-2017-5667 [sd: sdhci OOB access during multi block SDMA transfer] + RESERVED - qemu <unfixed> - qemu-kvm <removed> NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06191.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1417559 NOTE: http://www.openwall.com/lists/oss-security/2017/01/30/2 CVE-2017-5668 [Incomplete fix for "Null pointer dereference with file transfer request from unknown contacts"] + RESERVED - bitlbee <unfixed> (bug #853282) [jessie] - bitlbee <not-affected> (Incomplete fix for CVE-2016-10189 not applied) [wheezy] - bitlbee <not-affected> (Incomplete fix for CVE-2016-10189 not applied) @@ -157,6 +162,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2017/01/30/4 NOTE: This CVE exists because of an incomplete fix for CVE-2016-10189 CVE-2016-10189 [Null pointer dereference with file transfer request from unknown contacts] + RESERVED - bitlbee 3.5-1 NOTE: https://bugs.bitlbee.org/ticket/1282 NOTE: Fixed by: https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f (3.5) @@ -165,6 +171,7 @@ NOTE: https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441 NOTE: to not open CVE-2017-5668 CVE-2016-10188 [bitlbee-libpurple: Use after free when expiring file transfer requests] + RESERVED - bitlbee 3.5-1 NOTE: https://bugs.bitlbee.org/ticket/1281 NOTE: Fixed by: https://github.com/bitlbee/bitlbee/commit/ea902752503fc5b356d6513911081ec932d804f2 (3.5) @@ -178,6 +185,7 @@ NOTE: https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863 (0.9.44.6) NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/01/29/4 CVE-2016-10187 [javascript in books can access files on the computer using XMLHttpRequest] + RESERVED - calibre 2.75.1+dfsg-1 (bug #853004) NOTE: Upstream report: https://launchpad.net/bugs/1651728 NOTE: Upstream fix: https://github.com/kovidgoyal/calibre/commit/3a89718664cb8cce0449d1758eee585ed0d0433c @@ -245,7 +253,7 @@ RESERVED CVE-2016-10173 [directory traversal vulnerability] RESERVED - {DLA-808-1} + {DSA-3778-1 DLA-808-1} - ruby-minitar 0.5.4-3.1 (bug #853075) - ruby-archive-tar-minitar <removed> (bug #853249) NOTE: https://github.com/halostatue/minitar/issues/16 @@ -277,13 +285,14 @@ NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0) CVE-2016-10166 [Fix potential unsigned underflow] RESERVED + {DSA-3777-1} - libgd2 2.2.4-1 [wheezy] - libgd2 <not-affected> (Vulnerable code not present) NOTE: https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35 NOTE: http://www.openwall.com/lists/oss-security/2017/01/26/1 CVE-2016-10167 [Fix DOS vulnerability in gdImageCreateFromGd2Ctx()] RESERVED - {DLA-804-1} + {DSA-3777-1 DLA-804-1} - php7.1 7.1.1-1 (unimportant) - php7.0 7.0.15-1 (unimportant) - php5 <removed> (unimportant) @@ -294,7 +303,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2017/01/26/1 CVE-2016-10168 [Fix #354: Signed Integer Overflow gd_io.c] RESERVED - {DLA-804-1} + {DSA-3777-1 DLA-804-1} - php7.1 7.1.1-1 (unimportant) - php7.0 7.0.15-1 (unimportant) - php5 <removed> (unimportant) @@ -463,6 +472,7 @@ CVE-2017-5553 (Cross-site scripting (XSS) vulnerability in ...) - b2evolution <removed> CVE-2017-5545 (The main function in plistutil.c in libimobiledevice libplist through ...) + {DLA-811-1} - libplist <unfixed> (low; bug #852385) [jessie] - libplist <no-dsa> (Minor issue) NOTE: https://github.com/libimobiledevice/libplist/issues/87 @@ -719,19 +729,19 @@ CVE-2017-5494 (Multiple cross-site scripting (XSS) vulnerabilities in the file types ...) - b2evolution <removed> CVE-2017-5486 (The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2017-5485 (The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2017-5484 (The ATM parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2017-5483 (The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2017-5482 (The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2017-5481 RESERVED @@ -1282,10 +1292,10 @@ CVE-2017-5343 RESERVED CVE-2017-5342 (In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2017-5341 (The OTV parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-10141 (An integer overflow vulnerability was observed in the regemit function ...) NOT-FOR-US: MuJS @@ -1549,21 +1559,22 @@ CVE-2017-5210 RESERVED CVE-2017-5209 (The base64decode function in base64.c in libimobiledevice libplist ...) + {DLA-811-1} - libplist <unfixed> (low; bug #851196) [jessie] - libplist <no-dsa> (Minor issue) NOTE: Upstream bug: https://github.com/libimobiledevice/libplist/issues/84 NOTE: https://github.com/libimobiledevice/libplist/commit/3a55ddd3c4c11ce75a86afbefd085d8d397ff957 CVE-2017-5205 (The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2017-5204 (The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2017-5203 (The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2017-5202 (The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2017-5201 RESERVED @@ -2094,76 +2105,91 @@ RESERVED CVE-2017-5026 RESERVED + {DSA-3776-1} [experimental] - chromium-browser 56.0.2924.76-1 - chromium-browser <unfixed> [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) CVE-2017-5025 RESERVED + {DSA-3776-1} - chromium-browser 44.0.2403.157-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) - ffmpeg <unfixed> CVE-2017-5024 RESERVED + {DSA-3776-1} - chromium-browser 44.0.2403.157-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) - ffmpeg <unfixed> CVE-2017-5023 RESERVED + {DSA-3776-1} [experimental] - chromium-browser 56.0.2924.76-1 - chromium-browser <unfixed> [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) CVE-2017-5022 RESERVED + {DSA-3776-1} [experimental] - chromium-browser 56.0.2924.76-1 - chromium-browser <unfixed> [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) CVE-2017-5021 RESERVED + {DSA-3776-1} [experimental] - chromium-browser 56.0.2924.76-1 - chromium-browser <unfixed> [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) CVE-2017-5020 RESERVED + {DSA-3776-1} [experimental] - chromium-browser 56.0.2924.76-1 - chromium-browser <unfixed> [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) CVE-2017-5019 RESERVED + {DSA-3776-1} [experimental] - chromium-browser 56.0.2924.76-1 - chromium-browser <unfixed> [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) CVE-2017-5018 RESERVED + {DSA-3776-1} [experimental] - chromium-browser 56.0.2924.76-1 - chromium-browser <unfixed> [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) CVE-2017-5017 RESERVED + {DSA-3776-1} [experimental] - chromium-browser 56.0.2924.76-1 - chromium-browser <unfixed> [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) CVE-2017-5016 RESERVED + {DSA-3776-1} [experimental] - chromium-browser 56.0.2924.76-1 - chromium-browser <unfixed> [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) CVE-2017-5015 RESERVED + {DSA-3776-1} [experimental] - chromium-browser 56.0.2924.76-1 - chromium-browser <unfixed> [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) CVE-2017-5014 RESERVED + {DSA-3776-1} [experimental] - chromium-browser 56.0.2924.76-1 - chromium-browser <unfixed> [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) CVE-2017-5013 RESERVED + {DSA-3776-1} [experimental] - chromium-browser 56.0.2924.76-1 - chromium-browser <unfixed> [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) CVE-2017-5012 RESERVED + {DSA-3776-1} [experimental] - chromium-browser 56.0.2924.76-1 - chromium-browser <unfixed> [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) @@ -2171,31 +2197,37 @@ NOTE: libv8 not covered by security support CVE-2017-5011 RESERVED + {DSA-3776-1} [experimental] - chromium-browser 56.0.2924.76-1 - chromium-browser <unfixed> [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) CVE-2017-5010 RESERVED + {DSA-3776-1} [experimental] - chromium-browser 56.0.2924.76-1 - chromium-browser <unfixed> [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) CVE-2017-5009 RESERVED + {DSA-3776-1} [experimental] - chromium-browser 56.0.2924.76-1 - chromium-browser <unfixed> [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) CVE-2017-5008 RESERVED + {DSA-3776-1} [experimental] - chromium-browser 56.0.2924.76-1 - chromium-browser <unfixed> [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) CVE-2017-5007 RESERVED + {DSA-3776-1} [experimental] - chromium-browser 56.0.2924.76-1 - chromium-browser <unfixed> [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) CVE-2017-5006 RESERVED + {DSA-3776-1} [experimental] - chromium-browser 56.0.2924.76-1 - chromium-browser <unfixed> [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) @@ -4550,8 +4582,7 @@ RESERVED CVE-2017-3895 RESERVED -CVE-2016-10087 [NULL pointer dereference] - RESERVED +CVE-2016-10087 (The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before ...) - libpng1.6 1.6.27-1 (bug #849799) - libpng <removed> [jessie] - libpng 1.2.50-2+deb8u3 @@ -4873,7 +4904,7 @@ NOTE: https://ikiwiki.info/security/#cve-2016-9645 CVE-2016-10026 [authorization bypass when reverting changes] RESERVED - {DSA-3760-1} + {DSA-3760-1 DLA-812-1} - ikiwiki 3.20161219 NOTE: http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/ NOTE: Fix: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=9cada49ed6ad24556dbe9861ad5b0a9f526167f9 @@ -5327,8 +5358,7 @@ NOTE: https://simplesamlphp.org/security/201612-02 NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/a2326d75dd14accaac162dd2cb30aaefcc1f9205 NOTE: http://www.openwall.com/lists/oss-security/2016/12/14/7 -CVE-2016-9939 [denial-of-service in ASN1 decoder] - RESERVED +CVE-2016-9939 (Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ...) {DSA-3748-1 DLA-766-1} - libcrypto++ 5.6.4-5 (bug #848009) NOTE: https://github.com/weidai11/cryptopp/issues/346 @@ -13138,7 +13168,7 @@ NOTE: https://gitlab.com/iucode-tool/iucode-tool/issues/3 CVE-2017-0356 [Authentication bypass via repeated parameters] RESERVED - {DSA-3760-1} + {DSA-3760-1 DLA-812-1} - ikiwiki 3.20170111 NOTE: https://ikiwiki.info/security/#cve-2017-0356 CVE-2016-9772 [OPENAFS-SA-2016-003 - directory information leaks] @@ -13163,7 +13193,7 @@ RESERVED CVE-2016-9646 [commit metadata forgery] RESERVED - {DSA-3760-1} + {DSA-3760-1 DLA-812-1} - ikiwiki 3.20161229 NOTE: https://ikiwiki.info/security/#cve-2016-9646 CVE-2016-9643 @@ -14643,7 +14673,7 @@ NOTE: The reason is that the correction is to introduce a new option that can be specified if this new behaviour NOTE: is wanted. It is not enforced by default. CVE-2016-9317 (The gdImageCreate function in the GD Graphics Library (aka libgd) ...) - {DLA-804-1} + {DSA-3777-1 DLA-804-1} - libgd2 2.2.4-1 NOTE: https://github.com/libgd/libgd/commit/6944ea10cb730d5071620439c6c2e823e6caeff1 NOTE: https://github.com/libgd/libgd/issues/340 @@ -14915,8 +14945,8 @@ RESERVED CVE-2016-9250 RESERVED -CVE-2016-9249 - RESERVED +CVE-2016-9249 (An undisclosed traffic pattern received by a BIG-IP Virtual Server ...) + TODO: check CVE-2016-9248 RESERVED CVE-2016-9247 (Under certain conditions for BIG-IP systems using a virtual server ...) @@ -15230,8 +15260,7 @@ NOT-FOR-US: Exponent CMS CVE-2016-9133 RESERVED -CVE-2016-9132 [Integer overflow in BER decoder] - RESERVED +CVE-2016-9132 (In Botan 1.8.0 through 1.11.33, when decoding BER data an integer ...) {DLA-786-1} - botan1.10 1.10.14-1 [jessie] - botan1.10 <no-dsa> (Minor issue) @@ -15281,8 +15310,7 @@ - linux 4.6.1-1 (unimportant) [wheezy] - linux <not-affected> (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/9590232bb4f4cc824f3425a6e1349afbe6d6d2b7 (v4.6-rc1) -CVE-2016-9119 [XSS in GUI editor's link dialogue] - RESERVED +CVE-2016-9119 (Cross-site scripting (XSS) vulnerability in the link dialogue in GUI ...) {DSA-3715-1 DLA-717-1} - moin 1.9.9-1 (bug #844338) NOTE: Fixed by: http://hg.moinmo.in/moin/1.9/rev/3bddf075fdbd @@ -17040,10 +17068,10 @@ NOTE: https://github.com/appc/docker2aci/issues/203 NOTE: https://github.com/lucab/docker2aci/commit/54331ec7020e102935c31096f336d31f6400064f CVE-2016-8575 (The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-8574 (The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-8573 RESERVED @@ -19176,10 +19204,10 @@ - qemu-kvm <not-affected> (Vulnerable code introduced in 2.4.0-rc0) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg04129.html CVE-2016-7993 (A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-7992 (The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-7991 (On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores ...) NOT-FOR-US: Samsung @@ -19192,16 +19220,16 @@ CVE-2016-7987 RESERVED CVE-2016-7986 (The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-7985 (The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-7984 (The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-7983 (The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-7982 (Directory traversal vulnerability in ecrire/exec/valider_xml.php in ...) {DLA-695-1} @@ -19240,13 +19268,13 @@ NOTE: https://core.spip.net/projects/spip/repository/revisions/23202 (3.0) NOTE: reproducible in Wheezy (2.1.17-1+deb7u5) and Jessie (3.0.17-2+deb8u2) CVE-2016-7975 (The TCP parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-7974 (The IP parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-7973 (The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-7972 RESERVED @@ -19402,61 +19430,61 @@ CVE-2016-7941 RESERVED CVE-2016-7940 (The STP parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-7939 (The GRE parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-7938 (The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-7937 (The VAT parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-7936 (The UDP parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-7935 (The RTP parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-7934 (The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-7933 (The PPP parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-7932 (The PIM parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-7931 (The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-7930 (The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-7929 (The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-7928 (The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-7927 (The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-7926 (The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-7925 (The compressed SLIP parser in tcpdump before 4.9.0 has a buffer ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-7924 (The ATM parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-7923 (The ARP parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-7922 (The AH parser in tcpdump before 4.9.0 has a buffer overflow in ...) - {DSA-3775-1} + {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-7920 RESERVED @@ -19753,8 +19781,7 @@ - imagemagick 8:6.9.6.2+dfsg-2 (bug #840437) NOTE: https://github.com/ImageMagick/ImageMagick/issues/280 NOTE: https://github.com/ImageMagick/ImageMagick/commit/a7bb158b7bedd1449a34432feb3a67c8f1873bfa -CVE-2016-7798 [IV Reuse in GCM Mode] - RESERVED +CVE-2016-7798 (The openssl gem for Ruby uses the same initialization vector (IV) in ...) - ruby2.3 <unfixed> (bug #842432) - ruby2.1 <removed> (bug #842544) [jessie] - ruby2.1 <no-dsa> (Minor issue) @@ -20367,8 +20394,7 @@ NOTE: Marked as exception as not-affected, although the source is affected but the built NOTE: binary packages do not contain the sandbox binary. We cannot use 'unimportant' NOTE: severity here since the unstable version builts a binary package which contains it. -CVE-2016-7544 - RESERVED +CVE-2016-7544 (Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and ...) - libcrypto++ <not-affected> (Vulnerable code intorduced in 5.6.4, only affects Windows and Microsoft compilers) CVE-2016-7543 (Bash before 4.4 allows local users to execute arbitrary commands with ...) {DLA-680-1} @@ -22255,6 +22281,7 @@ CVE-2016-6913 (Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before ...) NOT-FOR-US: OSSIM CVE-2016-6912 (Double free vulnerability in the gdImageWebPtr function in the GD ...) + {DSA-3777-1} - libgd2 2.2.4-1 [wheezy] - libgd2 <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2 @@ -22268,6 +22295,7 @@ RESERVED CVE-2016-6906 [OOB reads of the TGA decompression buffer] RESERVED + {DSA-3777-1} - libgd2 2.2.4-1 [wheezy] - libgd2 <not-affected> (Vulnerable code introduced later) NOTE: Fixed by: https://github.com/libgd/libgd/commit/fb0e0cce0b9f25389ab56604c3547351617e1415 @@ -23246,8 +23274,7 @@ NOTE: https://www.phpmyadmin.net/security/PMASA-2016-29/ CVE-2016-6605 RESERVED -CVE-2016-6604 - RESERVED +CVE-2016-6604 (NULL pointer dereference in Samsung Exynos fimg2d driver for Android ...) NOT-FOR-US: Samsung CVE-2016-7513 [off-by-one error leading to segfault] RESERVED @@ -24495,16 +24522,16 @@ NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 CVE-2016-6271 (The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows ...) TODO: check -CVE-2016-6270 - RESERVED -CVE-2016-6269 - RESERVED -CVE-2016-6268 - RESERVED -CVE-2016-6267 - RESERVED -CVE-2016-6266 - RESERVED +CVE-2016-6270 (The handle_certificate function in ...) + TODO: check +CVE-2016-6269 (Multiple directory traversal vulnerabilities in Trend Micro Smart ...) + TODO: check +CVE-2016-6268 (Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before ...) + TODO: check +CVE-2016-6267 (SnmpUtils in Trend Micro Smart Protection Server 2.5 before build ...) + TODO: check +CVE-2016-6266 (ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before ...) + TODO: check CVE-2016-6260 RESERVED CVE-2016-6259 (Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access ...) @@ -25218,8 +25245,8 @@ RESERVED CVE-2016-6168 RESERVED -CVE-2016-6167 - RESERVED +CVE-2016-6167 (Multiple untrusted search path vulnerabilities in Putty beta 0.67 ...) + TODO: check CVE-2016-6166 RESERVED CVE-2016-6165 @@ -27268,8 +27295,7 @@ NOTE: https://bugs.python.org/issue26171 CVE-2016-5433 (Citrix iOS Receiver before 7.0 allows attackers to cause TLS ...) NOT-FOR-US: Citrix -CVE-2016-5434 - RESERVED +CVE-2016-5434 (libalpm, as used in pacman 5.0.1, allows remote attackers to cause a ...) NOT-FOR-US: libalpm (Arch Linux Package Management (ALPM) library) CVE-2016-5432 (The ovirt-engine-provisiondb utility in Red Hat Enterprise ...) NOT-FOR-US: ovirt-engine @@ -29730,8 +29756,7 @@ [jessie] - dwarfutils <no-dsa> (Minor issue) [wheezy] - dwarfutils <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1330237 -CVE-2016-5026 [unsafe handling of temporary directory] - RESERVED +CVE-2016-5026 (hs.py in OnionShare before 0.9.1 allows local users to modify the ...) - onionshare 0.8.1-2 (unimportant) [jessie] - onionshare <not-affected> (Vulnerable code not present) NOTE: Neutralised by kernel hardening (also contrib and non-free not supported) @@ -36883,25 +36908,21 @@ NOTE: Fixed versions: 2.0.2, 1.12.10 CVE-2016-2520 RESERVED -CVE-2016-2519 [ctl_getitem() return value not always checked] - RESERVED +CVE-2016-2519 (ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote ...) - ntp 1:4.2.8p7+dfsg-1 [jessie] - ntp <no-dsa> (Minor issue) [wheezy] - ntp <no-dsa> (Minor issue) NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security -CVE-2016-2518 [Crafted addpeer with hmode > 7 causes out-of-bounds reference] - RESERVED +CVE-2016-2518 (The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x ...) {DSA-3629-1 DLA-559-1} - ntp 1:4.2.8p7+dfsg-1 NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security -CVE-2016-2517 [Remote configuration trustedkey/requestkey/controlkey values are not properly validated] - RESERVED +CVE-2016-2517 (NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to ...) - ntp 1:4.2.8p7+dfsg-1 (unimportant) NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security NOTE: not a security issue, anyone with the privileges for remote configuration can NOTE: cause trouble anyway -CVE-2016-2516 [Duplicate IPs on unconfig directives will cause an assertion failure] - RESERVED +CVE-2016-2516 (NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, ...) {DSA-3629-1 DLA-559-1} - ntp 1:4.2.8p7+dfsg-1 NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security @@ -37164,15 +37185,14 @@ NOTE: https://github.com/beanshell/beanshell/releases/tag/2.0b6 NOTE: https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49 NOTE: https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced -CVE-2016-2402 - RESERVED +CVE-2016-2402 (OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle ...) NOT-FOR-US: OkHttp CVE-2016-2401 RESERVED CVE-2016-2400 RESERVED -CVE-2016-2399 - RESERVED +CVE-2016-2399 (Integer overflow in the quicktime_read_pascal function in libquicktime ...) + TODO: check CVE-2016-2398 (Comcast XFINITY Home Security System does not properly maintain ...) NOT-FOR-US: XFINITY CVE-2016-2397 (The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA ...) @@ -38519,8 +38539,7 @@ NOTE: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/ NOTE: https://core.trac.wordpress.org/changeset/36435 NOTE: http://www.openwall.com/lists/oss-security/2016/02/04/4 -CVE-2016-2217 [Socat security advisory 7 - Created new 2048bit DH modulus] - RESERVED +CVE-2016-2217 (The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does ...) - socat 1.7.3.1-1 (bug #813536) [jessie] - socat <not-affected> (Broken 1024bit DH parameter generated in 1.7.3.0) [wheezy] - socat <not-affected> (Broken 1024bit DH parameter generated in 1.7.3.0) @@ -46574,8 +46593,7 @@ RESERVED CVE-2015-8159 RESERVED -CVE-2015-8158 [Potential Infinite Loop in ntpq] - RESERVED +CVE-2015-8158 (The getresponse function in ntpq in NTP versions before 4.2.8p9 and ...) {DSA-3629-1 DLA-559-1} - ntp 1:4.2.8p7+dfsg-1 NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit @@ -46610,24 +46628,21 @@ RESERVED CVE-2015-8141 RESERVED -CVE-2015-8140 [ntpq vulnerable to replay attacks] - RESERVED +CVE-2015-8140 (The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to ...) - ntp 1:4.2.8p7+dfsg-1 [jessie] - ntp <no-dsa> (Minor issue, no code fix by upstream and mitigation exists) [wheezy] - ntp <no-dsa> (Minor issue) NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit NOTE: http://support.ntp.org/bin/view/Main/NtpBug2947 NOTE: Mitigated in 4.2.8p6 -CVE-2015-8139 [Origin Leak: ntpq and ntpdc, disclose origin] - RESERVED +CVE-2015-8139 (ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin ...) - ntp 1:4.2.8p7+dfsg-1 [jessie] - ntp <no-dsa> (Minor issue, no code fix by upstream and mitigation exists) [wheezy] - ntp <no-dsa> (Minor issue) NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit NOTE: http://support.ntp.org/bin/view/Main/NtpBug2946 NOTE: Mitigated in 4.2.8p6 -CVE-2015-8138 [ntp: missing check for zero originate timestamp] - RESERVED +CVE-2015-8138 (NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to ...) {DSA-3629-1 DLA-559-1} - ntp 1:4.2.8p7+dfsg-1 NOTE: http://www.talosintel.com/reports/TALOS-2016-0077/ @@ -46962,8 +46977,7 @@ [squeeze] - polarssl <not-affected> (Vulnerable code introduced later) NOTE: support for session tickets added in 1.3.0. NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01 -CVE-2015-8034 [information leak from state.sls cache data stored as world-readable] - RESERVED +CVE-2015-8034 (The state.sls function in Salt before 2015.8.3 uses weak permissions ...) - salt 2015.8.3+ds-1 (bug #807356) [jessie] - salt <no-dsa> (Minor issue) NOTE: For jessie: /var/cache/salt/minion is created with restricted permissions on @@ -47138,29 +47152,25 @@ - linux-2.6 <removed> NOTE: https://lkml.org/lkml/2015/10/16/530 NOTE: http://www.openwall.com/lists/oss-security/2015/10/27/5 -CVE-2015-7979 [Off-path Denial of Service (DoS) attack on authenticated broadcast mode] - RESERVED +CVE-2015-7979 (NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to ...) {DSA-3629-1 DLA-559-1} - ntp 1:4.2.8p7+dfsg-1 NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit NOTE: http://support.ntp.org/bin/view/Main/NtpBug2942 NOTE: https://github.com/ntp-project/ntp/commit/fe46889f7baa75fc8e6c0fcde87706d396ce1461 -CVE-2015-7978 [Stack exhaustion in recursive traversal of restriction list] - RESERVED +CVE-2015-7978 (NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers ...) {DSA-3629-1 DLA-559-1} - ntp 1:4.2.8p7+dfsg-1 NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit NOTE: http://support.ntp.org/bin/view/Main/NtpBug2940 NOTE: https://github.com/ntp-project/ntp/commit/8a0c765f3c47633fa262356b0818788d1cf249b1 -CVE-2015-7977 [reslist NULL pointer dereference] - RESERVED +CVE-2015-7977 (ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote ...) {DSA-3629-1 DLA-559-1} - ntp 1:4.2.8p7+dfsg-1 NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit NOTE: http://support.ntp.org/bin/view/Main/NtpBug2939 NOTE: https://github.com/ntp-project/ntp/commit/8a0c765f3c47633fa262356b0818788d1cf249b1 -CVE-2015-7976 [ntpq saveconfig command allows dangerous characters in filenames] - RESERVED +CVE-2015-7976 (The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, ...) - ntp 1:4.2.8p7+dfsg-1 (low) [jessie] - ntp <no-dsa> (Minor issue, mitigation exists) [wheezy] - ntp <no-dsa> (Minor issue, can be fixed along in a future update) @@ -47168,8 +47178,7 @@ NOTE: http://support.ntp.org/bin/view/Main/NtpBug2938 NOTE: https://github.com/ntp-project/ntp/commit/3680c2e4d5f88905ce062c7b43305d610a2c9796 NOTE: https://github.com/ntp-project/ntp/commit/7fe04606062ed674db3b9553d32dedad29504d61 -CVE-2015-7975 [nextvar() missing length check] - RESERVED +CVE-2015-7975 (The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 ...) - ntp 1:4.2.8p7+dfsg-1 [jessie] - ntp <not-affected> (Introduced in 4.2.8) [wheezy] - ntp <not-affected> (Introduced in 4.2.8) @@ -47180,8 +47189,7 @@ - ntp 1:4.2.8p7+dfsg-1 (low) NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit NOTE: http://support.ntp.org/bin/view/Main/NtpBug2936 -CVE-2015-7973 [Deja Vu: Replay attack on authenticated broadcast mode] - RESERVED +CVE-2015-7973 (NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in ...) - ntp 1:4.2.8p7+dfsg-1 (low) [jessie] - ntp <no-dsa> (Minor issue, can be fixed along in a future update) [wheezy] - ntp <no-dsa> (Minor issue, can be fixed along in a future update) @@ -49183,8 +49191,7 @@ RESERVED CVE-2015-7332 RESERVED -CVE-2015-7331 - RESERVED +CVE-2015-7331 (The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows ...) - puppet <not-affected> (Only affects Puppet Enterprise) NOTE: https://puppet.com/security/cve/cve-2015-7331 CVE-2015-7330 (Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to ...) @@ -64112,15 +64119,13 @@ NOT-FOR-US: ZeusCart CVE-2015-2182 (Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 ...) NOT-FOR-US: ZeusCart -CVE-2015-2181 [buffer overflows in the roundcube DBMail driver for the password plugin] - RESERVED +CVE-2015-2181 (Multiple buffer overflows in the DBMail driver in the Password plugin ...) - roundcube 1.1.1+dfsg.1-2 [wheezy] - roundcube <not-affected> (variable and chgdbmailusers.c does not exist) NOTE: http://trac.roundcube.net/ticket/1490261 NOTE: http://advisories.mageia.org/MGASA-2015-0400.html NOTE: http://lists.opensuse.org/opensuse-updates/2015-07/msg00032.html -CVE-2015-2180 [execute arbitrary shell commands as root from the roundcube DBMail driver for the password plugin] - RESERVED +CVE-2015-2180 (The DBMail driver in the Password plugin in Roundcube before 1.1.0 ...) - roundcube 1.1.1+dfsg.1-2 [wheezy] - roundcube <not-affected> (dbmail driver does not exist) NOTE: http://trac.roundcube.net/ticket/1490261 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits