Author: sectracker Date: 2017-02-03 21:10:13 +0000 (Fri, 03 Feb 2017) New Revision: 48691
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-02-03 17:56:05 UTC (rev 48690) +++ data/CVE/list 2017-02-03 21:10:13 UTC (rev 48691) @@ -772,6 +772,7 @@ NOT-FOR-US: MuJS CVE-2017-5617 [SSRF issue] RESERVED + {DLA-816-1} - svgsalamander 1.1.1+dfsg-2 (bug #853134) NOTE: https://github.com/blackears/svgSalamander/issues/11 NOTE: http://www.openwall.com/lists/oss-security/2017/01/27/3 @@ -924,8 +925,7 @@ CVE-2017-XXXX [phpMyAdmin PMASA-2017-1 - PMASA-2017-7] - phpmyadmin 4:4.6.6-1 (unimportant) NOTE: all minor issues -CVE-2016-10165 [heap OOB read parsing crafted ICC profile] - RESERVED +CVE-2016-10165 (The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) ...) {DSA-3774-1 DLA-803-1} - lcms2 2.8-4 (bug #852627) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1367357 @@ -5368,44 +5368,44 @@ RESERVED CVE-2017-3825 RESERVED -CVE-2017-3824 - RESERVED +CVE-2017-3824 (A vulnerability in the handling of list headers in Cisco cBR Series ...) + TODO: check CVE-2017-3823 (An issue was discovered in the Cisco WebEx Extension before 1.0.7 on ...) NOT-FOR-US: Cisco -CVE-2017-3822 - RESERVED +CVE-2017-3822 (A vulnerability in the logging subsystem of the Cisco Firepower Threat ...) + TODO: check CVE-2017-3821 RESERVED -CVE-2017-3820 - RESERVED +CVE-2017-3820 (A vulnerability in Simple Network Management Protocol (SNMP) functions ...) + TODO: check CVE-2017-3819 RESERVED -CVE-2017-3818 - RESERVED +CVE-2017-3818 (A vulnerability in the Multipurpose Internet Mail Extensions (MIME) ...) + TODO: check CVE-2017-3817 RESERVED CVE-2017-3816 RESERVED CVE-2017-3815 RESERVED -CVE-2017-3814 - RESERVED +CVE-2017-3814 (A vulnerability in Cisco Firepower System Software could allow an ...) + TODO: check CVE-2017-3813 RESERVED -CVE-2017-3812 - RESERVED +CVE-2017-3812 (A vulnerability in the implementation of Common Industrial Protocol ...) + TODO: check CVE-2017-3811 RESERVED -CVE-2017-3810 - RESERVED -CVE-2017-3809 - RESERVED +CVE-2017-3810 (A vulnerability in the web framework of Cisco Prime Service Catalog ...) + TODO: check +CVE-2017-3809 (A vulnerability in the Policy deployment module of the Cisco Firepower ...) + TODO: check CVE-2017-3808 RESERVED CVE-2017-3807 RESERVED -CVE-2017-3806 - RESERVED +CVE-2017-3806 (A vulnerability in CLI command processing in the Cisco Firepower 4100 ...) + TODO: check CVE-2017-3805 (A vulnerability in the web-based management interface of Cisco IOS and ...) NOT-FOR-US: Cisco IOS CVE-2017-3804 (A vulnerability in Intermediate System-to-Intermediate System (IS-IS) ...) @@ -7269,12 +7269,11 @@ REJECTED CVE-2016-9874 REJECTED -CVE-2016-9873 - RESERVED -CVE-2016-9872 - RESERVED -CVE-2016-9871 - RESERVED +CVE-2016-9873 (EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a ...) + TODO: check +CVE-2016-9872 (EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has ...) + TODO: check +CVE-2016-9871 (EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC ...) NOT-FOR-US: EMC Isilon CVE-2016-9870 (EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC ...) NOT-FOR-US: EMC @@ -8579,12 +8578,11 @@ RESERVED CVE-2017-2769 RESERVED -CVE-2017-2768 - RESERVED -CVE-2017-2767 - RESERVED -CVE-2017-2766 - RESERVED +CVE-2017-2768 (EMC Network Configuration Manager (NCM) 9.3.x, EMC Network ...) + TODO: check +CVE-2017-2767 (EMC Network Configuration Manager (NCM) 9.3.x, EMC Network ...) + TODO: check +CVE-2017-2766 (EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 ...) NOT-FOR-US: EMC Documentum eRoom CVE-2017-2765 RESERVED @@ -13816,8 +13814,8 @@ - webkitgtk <unfixed> (unimportant) NOTE: Not covered by security support NOTE: http://www.openwall.com/lists/oss-security/2016/11/26/2 -CVE-2016-9642 - RESERVED +CVE-2016-9642 (JavaScriptCore in WebKit allows attackers to cause a denial of service ...) + TODO: check CVE-2016-9641 RESERVED CVE-2016-9640 @@ -15993,8 +15991,7 @@ NOTE: Fixed by: https://git.kernel.org/linus/76cc404bfdc0d419c720de4daaf2584542734f42 (v4.4-rc8) CVE-2016-9109 (Artifex Software MuJS allows attackers to cause a denial of service ...) NOT-FOR-US: MuJS -CVE-2016-9108 - RESERVED +CVE-2016-9108 (Integer overflow in the js_regcomp function in regexp.c in Artifex ...) NOT-FOR-US: MuJS CVE-2016-9107 (The OTR plugin for Gajim sends information in cleartext when using ...) - gajim-otr <itp> (bug #722130) @@ -16222,8 +16219,7 @@ NOT-FOR-US: Joyent SmartOS CVE-2016-9031 (An exploitable integer overflow exists in the Joyent SmartOS ...) NOT-FOR-US: Joyent SmartOS -CVE-2016-9085 [Several integer overflows] - RESERVED +CVE-2016-9085 (Multiple integer overflows in libwebp allows attackers to have ...) - libwebp <unfixed> (bug #842714) [wheezy] - libwebp <not-affected> (vulnerable code not present) NOTE: https://chromium.googlesource.com/webm/libwebp/+/e2affacc35f1df6cc3b1a9fa0ceff5ce2d0cce83 @@ -16243,8 +16239,7 @@ [wheezy] - linux <not-affected> (Vulnerable code not present) NOTE: https://patchwork.kernel.org/patch/9373631/ NOTE: Fixed by: https://git.kernel.org/linus/05692d7005a364add85c6e25a6c4447ce08f913a (v4.9-rc4) -CVE-2016-9082 [Out of bounds read in read_png/write_png in cairo-png.c] - RESERVED +CVE-2016-9082 (Integer overflow in the write_png function in cairo 1.14.6 allows ...) {DLA-688-1} - cairo 1.14.6-1.1 (bug #842289) [jessie] - cairo 1.14.0-2.1+deb8u2 @@ -17945,13 +17940,11 @@ - qemu-kvm <removed> NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01265.html NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=05f43d44e4bc26611ce25fd7d726e483f73363ce -CVE-2016-8569 [DoS using a null pointer dereference in git_commit_message] - RESERVED +CVE-2016-8569 (The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows ...) - libgit2 0.24.2-2 (bug #840227) [jessie] - libgit2 <no-dsa> (Minor issue) NOTE: https://github.com/libgit2/libgit2/issues/3937 -CVE-2016-8568 [Read out-of-bounds in git_oid_nfmt] - RESERVED +CVE-2016-8568 (The git_commit_message function in oid.c in libgit2 before 0.24.3 ...) - libgit2 0.24.5-1 (bug #840227) [jessie] - libgit2 <no-dsa> (Minor issue) NOTE: https://github.com/libgit2/libgit2/issues/3936 @@ -18724,10 +18717,9 @@ RESERVED CVE-2016-8218 RESERVED -CVE-2016-8217 - RESERVED -CVE-2016-8216 - RESERVED +CVE-2016-8217 (EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing ...) + TODO: check +CVE-2016-8216 (EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) ...) NOT-FOR-US: EMC CVE-2016-8215 (EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for a ...) NOT-FOR-US: RSA Security Analytics @@ -18735,10 +18727,10 @@ NOT-FOR-US: EMC Avamar CVE-2016-8213 (EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, ...) NOT-FOR-US: EMC Documentum -CVE-2016-8212 - RESERVED -CVE-2016-8211 - RESERVED +CVE-2016-8212 (An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to ...) + TODO: check +CVE-2016-8211 (EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC ...) + TODO: check CVE-2016-8210 RESERVED CVE-2016-8209 @@ -23662,11 +23654,9 @@ NOT-FOR-US: Pivotal CVE-2016-6650 RESERVED -CVE-2016-6649 - RESERVED +CVE-2016-6649 (EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for ...) NOT-FOR-US: EMC -CVE-2016-6648 - RESERVED +CVE-2016-6648 (EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for ...) NOT-FOR-US: EMC CVE-2016-6647 (Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 ...) NOT-FOR-US: EMC @@ -24331,8 +24321,8 @@ RESERVED CVE-2016-6501 (JFrog Artifactory before 4.11 allows remote attackers to execute ...) TODO: check -CVE-2016-6500 - RESERVED +CVE-2016-6500 (Unspecified methods in the RACF Connector component before 1.1.1.0 in ...) + TODO: check CVE-2016-6499 RESERVED CVE-2016-6498 @@ -25795,8 +25785,7 @@ NOTE: Fix SOGo v2: https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225 (SOGo-2.3.12) NOTE: Fix SOGo v3: https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d (SOGo-3.1.1) NOTE: https://sogo.nu/bugs/view.php?id=3695 -CVE-2016-6188 [DOS attack through uploading malicious attachments] - RESERVED +CVE-2016-6188 (Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of ...) - sogo 3.2.4-0.2 [wheezy] - sogo <end-of-life> (not supported in Wheezy LTS) NOTE: http://github.com/inverse-inc/sogo/commit/32bb1456e23a32c7f45079c3985bf732dd0d276d (SOGo-2.3.9) @@ -25894,8 +25883,7 @@ [wheezy] - bind9 <no-dsa> (Minor issue) NOTE: Fixed by https://github.com/sischkg/xfer-limit/blob/master/bind-9.10.3-xfer-limit-0.0.1.patch NOTE: Fixed by https://github.com/sischkg/xfer-limit/blob/master/bind-9.9.9-P1-xfer-limit-0.0.1.patch -CVE-2016-6163 [read out-of-bounds in librsvg2 (a dependency of gdk-pixbuf used to render svg images).] - RESERVED +CVE-2016-6163 (The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in ...) - librsvg 2.40.9-2 [jessie] - librsvg <no-dsa> (Minor issue) [wheezy] - librsvg <not-affected> (vulnerable code not present, no segfault) @@ -28929,8 +28917,7 @@ - xen 4.8.0~rc3-1 [wheezy] - xen <not-affected> (arm not supported) NOTE: http://xenbits.xen.org/xsa/advisory-181.html -CVE-2016-5241 - RESERVED +CVE-2016-5241 (magick/render.c in GraphicsMagick before 1.3.24 allows remote ...) {DLA-547-1} - graphicsmagick 1.3.24-1 NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/8d175c4edfe7 @@ -29810,8 +29797,7 @@ NOTE: PHP bug: https://bugs.php.net/bug.php?id=72115 NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd NOTE: http://www.openwall.com/lists/oss-security/2016/05/29/3 -CVE-2016-5115 - RESERVED +CVE-2016-5115 (The avcodec_decode_audio4 function in libavcodec in libavformat ...) - mplayer <undetermined> NOTE: https://trac.mplayerhq.hu/ticket/2298 TODO: probably not affected since orig.tar.gz of src:mplayer does not include libavcodec, ffmpeg/libav affected? @@ -31292,16 +31278,14 @@ NOT-FOR-US: Huawei CVE-2016-4575 (Cross-site scripting (XSS) vulnerability in the email APP in Huawei ...) NOT-FOR-US: Huawei -CVE-2016-4796 [OpenJPEG Heap Buffer Overflow in function color_cmyk_to_rgb of color.c] - RESERVED +CVE-2016-4796 (Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c ...) - openjpeg2 2.1.1-1 [jessie] - openjpeg2 <not-affected> (Vulnerable code not yet present in 2.1.0) - openjpeg <removed> [jessie] - openjpeg <not-affected> (Vulnerable code not present) [wheezy] - openjpeg <not-affected> (Vulnerable code not present) NOTE: https://github.com/uclouvain/openjpeg/commit/162f6199c0cd3ec1c6c6dc65e41b2faab92b2d91 -CVE-2016-4797 [OpenJPEG division-by-zero in function opj_tcd_init_tile of tcd.c] - RESERVED +CVE-2016-4797 (Divide-by-zero vulnerability in the opj_tcd_init_tile function in ...) - openjpeg2 2.1.1-1 [jessie] - openjpeg2 <not-affected> (Vulnerable code not yet present in 2.1.0) NOTE: https://github.com/uclouvain/openjpeg/commit/8f9cc62b3f9a1da9712329ddcedb9750d585505c @@ -31404,14 +31388,12 @@ CVE-2016-4546 RESERVED NOT-FOR-US: Samsung Android component -CVE-2016-4570 [Recursion using mxmlDelete at mxml-node.c:217 (stack-exhaustion-1.xml)] - RESERVED +CVE-2016-4570 (The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly ...) - mxml 2.9-1 (bug #825855) [jessie] - mxml <no-dsa> (Minor issue) [wheezy] - mxml <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/8 -CVE-2016-4571 [Recursion using mxml_write_node at mxml-file.c:2739 (stack-exhaustion-2.xml)] - RESERVED +CVE-2016-4571 (The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and ...) - mxml 2.9-2 (bug #825855) [jessie] - mxml <no-dsa> (Minor issue) [wheezy] - mxml <no-dsa> (Minor issue) @@ -32158,8 +32140,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2016/04/30/2 CVE-2016-4349 (Untrusted search path vulnerability in Cisco WebEx Productivity Tools ...) NOT-FOR-US: Cisco -CVE-2016-4352 [Mplayer/Mencoder integer overflow parsing gif files] - RESERVED +CVE-2016-4352 (Integer overflow in the demuxer function in libmpdemux/demux_gif.c in ...) {DLA-458-1 DLA-457-1} - mplayer 2:1.3.0-2 (bug #823723) - mplayer2 <removed> (low) @@ -35647,8 +35628,7 @@ [wheezy] - flashrom <no-dsa> (Minor issue) NOTE: https://www.flashrom.org/pipermail/flashrom/2016-March/014523.html NOTE: Neutralised by hardening -CVE-2016-3183 [Out-Of-Bounds Read in sycc422_to_rgb function] - RESERVED +CVE-2016-3183 (The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 ...) - openjpeg2 2.1.1-1 (low; bug #818399) [jessie] - openjpeg2 <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/14 @@ -38275,13 +38255,11 @@ - cgit <not-affected> (path_name function from embedded git is not called) CVE-2016-2314 (GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices ...) NOT-FOR-US: Huawei -CVE-2016-2318 - RESERVED +CVE-2016-2318 (GraphicsMagick 1.3.23 allows remote attackers to cause a denial of ...) {DSA-3746-1 DLA-484-1} - graphicsmagick 1.3.24-1 (bug #814732) NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/e797bb0aec31 -CVE-2016-2317 - RESERVED +CVE-2016-2317 (Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote ...) {DSA-3746-1 DLA-484-1} - graphicsmagick 1.3.24-1 (bug #814732) NOTE: FIX http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/98394eb235a6 @@ -43462,8 +43440,7 @@ NOT-FOR-US: EMC Avamar CVE-2016-0920 (Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar ...) NOT-FOR-US: EMC Avamar -CVE-2016-0919 - RESERVED +CVE-2016-0919 (EMC RSA Web Threat Detection version 5.0, RSA Web Threat Detection ...) NOT-FOR-US: RSA Web Threat Detection CVE-2016-0918 (EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x ...) NOT-FOR-US: EMC RSA Identity Governance and Lifecycle @@ -43521,8 +43498,7 @@ NOT-FOR-US: EMC CVE-2016-0891 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: EMC ViPR SRM -CVE-2016-0890 - RESERVED +CVE-2016-0890 (EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtual ...) NOT-FOR-US: EMC CVE-2016-0889 (An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual ...) NOT-FOR-US: EMC @@ -58883,8 +58859,8 @@ CVE-2015-4053 (The admin command in ceph-deploy before 1.5.25 uses world-readable ...) - ceph-deploy <itp> (bug #694013) NOTE: http://tracker.ceph.com/issues/11694 -CVE-2015-4049 - RESERVED +CVE-2015-4049 (Unisys Libra 43xx, 63xx, and 83xx, and FS600 class systems with ...) + TODO: check CVE-2015-4048 RESERVED CVE-2012-6691 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits