Author: sectracker
Date: 2017-02-03 21:10:13 +0000 (Fri, 03 Feb 2017)
New Revision: 48691
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-03 17:56:05 UTC (rev 48690)
+++ data/CVE/list 2017-02-03 21:10:13 UTC (rev 48691)
@@ -772,6 +772,7 @@
NOT-FOR-US: MuJS
CVE-2017-5617 [SSRF issue]
RESERVED
+ {DLA-816-1}
- svgsalamander 1.1.1+dfsg-2 (bug #853134)
NOTE: https://github.com/blackears/svgSalamander/issues/11
NOTE: http://www.openwall.com/lists/oss-security/2017/01/27/3
@@ -924,8 +925,7 @@
CVE-2017-XXXX [phpMyAdmin PMASA-2017-1 - PMASA-2017-7]
- phpmyadmin 4:4.6.6-1 (unimportant)
NOTE: all minor issues
-CVE-2016-10165 [heap OOB read parsing crafted ICC profile]
- RESERVED
+CVE-2016-10165 (The Type_MLU_Read function in cmstypes.c in Little CMS (aka
lcms2) ...)
{DSA-3774-1 DLA-803-1}
- lcms2 2.8-4 (bug #852627)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1367357
@@ -5368,44 +5368,44 @@
RESERVED
CVE-2017-3825
RESERVED
-CVE-2017-3824
- RESERVED
+CVE-2017-3824 (A vulnerability in the handling of list headers in Cisco cBR
Series ...)
+ TODO: check
CVE-2017-3823 (An issue was discovered in the Cisco WebEx Extension before
1.0.7 on ...)
NOT-FOR-US: Cisco
-CVE-2017-3822
- RESERVED
+CVE-2017-3822 (A vulnerability in the logging subsystem of the Cisco Firepower
Threat ...)
+ TODO: check
CVE-2017-3821
RESERVED
-CVE-2017-3820
- RESERVED
+CVE-2017-3820 (A vulnerability in Simple Network Management Protocol (SNMP)
functions ...)
+ TODO: check
CVE-2017-3819
RESERVED
-CVE-2017-3818
- RESERVED
+CVE-2017-3818 (A vulnerability in the Multipurpose Internet Mail Extensions
(MIME) ...)
+ TODO: check
CVE-2017-3817
RESERVED
CVE-2017-3816
RESERVED
CVE-2017-3815
RESERVED
-CVE-2017-3814
- RESERVED
+CVE-2017-3814 (A vulnerability in Cisco Firepower System Software could allow
an ...)
+ TODO: check
CVE-2017-3813
RESERVED
-CVE-2017-3812
- RESERVED
+CVE-2017-3812 (A vulnerability in the implementation of Common Industrial
Protocol ...)
+ TODO: check
CVE-2017-3811
RESERVED
-CVE-2017-3810
- RESERVED
-CVE-2017-3809
- RESERVED
+CVE-2017-3810 (A vulnerability in the web framework of Cisco Prime Service
Catalog ...)
+ TODO: check
+CVE-2017-3809 (A vulnerability in the Policy deployment module of the Cisco
Firepower ...)
+ TODO: check
CVE-2017-3808
RESERVED
CVE-2017-3807
RESERVED
-CVE-2017-3806
- RESERVED
+CVE-2017-3806 (A vulnerability in CLI command processing in the Cisco
Firepower 4100 ...)
+ TODO: check
CVE-2017-3805 (A vulnerability in the web-based management interface of Cisco
IOS and ...)
NOT-FOR-US: Cisco IOS
CVE-2017-3804 (A vulnerability in Intermediate System-to-Intermediate System
(IS-IS) ...)
@@ -7269,12 +7269,11 @@
REJECTED
CVE-2016-9874
REJECTED
-CVE-2016-9873
- RESERVED
-CVE-2016-9872
- RESERVED
-CVE-2016-9871
- RESERVED
+CVE-2016-9873 (EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6
has a ...)
+ TODO: check
+CVE-2016-9872 (EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6
has ...)
+ TODO: check
+CVE-2016-9871 (EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x,
EMC ...)
NOT-FOR-US: EMC Isilon
CVE-2016-9870 (EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2,
EMC ...)
NOT-FOR-US: EMC
@@ -8579,12 +8578,11 @@
RESERVED
CVE-2017-2769
RESERVED
-CVE-2017-2768
- RESERVED
-CVE-2017-2767
- RESERVED
-CVE-2017-2766
- RESERVED
+CVE-2017-2768 (EMC Network Configuration Manager (NCM) 9.3.x, EMC Network ...)
+ TODO: check
+CVE-2017-2767 (EMC Network Configuration Manager (NCM) 9.3.x, EMC Network ...)
+ TODO: check
+CVE-2017-2766 (EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom
version 7.4.4 ...)
NOT-FOR-US: EMC Documentum eRoom
CVE-2017-2765
RESERVED
@@ -13816,8 +13814,8 @@
- webkitgtk <unfixed> (unimportant)
NOTE: Not covered by security support
NOTE: http://www.openwall.com/lists/oss-security/2016/11/26/2
-CVE-2016-9642
- RESERVED
+CVE-2016-9642 (JavaScriptCore in WebKit allows attackers to cause a denial of
service ...)
+ TODO: check
CVE-2016-9641
RESERVED
CVE-2016-9640
@@ -15993,8 +15991,7 @@
NOTE: Fixed by:
https://git.kernel.org/linus/76cc404bfdc0d419c720de4daaf2584542734f42 (v4.4-rc8)
CVE-2016-9109 (Artifex Software MuJS allows attackers to cause a denial of
service ...)
NOT-FOR-US: MuJS
-CVE-2016-9108
- RESERVED
+CVE-2016-9108 (Integer overflow in the js_regcomp function in regexp.c in
Artifex ...)
NOT-FOR-US: MuJS
CVE-2016-9107 (The OTR plugin for Gajim sends information in cleartext when
using ...)
- gajim-otr <itp> (bug #722130)
@@ -16222,8 +16219,7 @@
NOT-FOR-US: Joyent SmartOS
CVE-2016-9031 (An exploitable integer overflow exists in the Joyent SmartOS
...)
NOT-FOR-US: Joyent SmartOS
-CVE-2016-9085 [Several integer overflows]
- RESERVED
+CVE-2016-9085 (Multiple integer overflows in libwebp allows attackers to have
...)
- libwebp <unfixed> (bug #842714)
[wheezy] - libwebp <not-affected> (vulnerable code not present)
NOTE:
https://chromium.googlesource.com/webm/libwebp/+/e2affacc35f1df6cc3b1a9fa0ceff5ce2d0cce83
@@ -16243,8 +16239,7 @@
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: https://patchwork.kernel.org/patch/9373631/
NOTE: Fixed by:
https://git.kernel.org/linus/05692d7005a364add85c6e25a6c4447ce08f913a (v4.9-rc4)
-CVE-2016-9082 [Out of bounds read in read_png/write_png in cairo-png.c]
- RESERVED
+CVE-2016-9082 (Integer overflow in the write_png function in cairo 1.14.6
allows ...)
{DLA-688-1}
- cairo 1.14.6-1.1 (bug #842289)
[jessie] - cairo 1.14.0-2.1+deb8u2
@@ -17945,13 +17940,11 @@
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01265.html
NOTE:
http://git.qemu.org/?p=qemu.git;a=commit;h=05f43d44e4bc26611ce25fd7d726e483f73363ce
-CVE-2016-8569 [DoS using a null pointer dereference in git_commit_message]
- RESERVED
+CVE-2016-8569 (The git_oid_nfmt function in commit.c in libgit2 before 0.24.3
allows ...)
- libgit2 0.24.2-2 (bug #840227)
[jessie] - libgit2 <no-dsa> (Minor issue)
NOTE: https://github.com/libgit2/libgit2/issues/3937
-CVE-2016-8568 [Read out-of-bounds in git_oid_nfmt]
- RESERVED
+CVE-2016-8568 (The git_commit_message function in oid.c in libgit2 before
0.24.3 ...)
- libgit2 0.24.5-1 (bug #840227)
[jessie] - libgit2 <no-dsa> (Minor issue)
NOTE: https://github.com/libgit2/libgit2/issues/3936
@@ -18724,10 +18717,9 @@
RESERVED
CVE-2016-8218
RESERVED
-CVE-2016-8217
- RESERVED
-CVE-2016-8216
- RESERVED
+CVE-2016-8217 (EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12
Timing ...)
+ TODO: check
+CVE-2016-8216 (EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS
(DD OS) ...)
NOT-FOR-US: EMC
CVE-2016-8215 (EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for
a ...)
NOT-FOR-US: RSA Security Analytics
@@ -18735,10 +18727,10 @@
NOT-FOR-US: EMC Avamar
CVE-2016-8213 (EMC Documentum WebTop Version 6.8, prior to P18 and Version
6.8.1, ...)
NOT-FOR-US: EMC Documentum
-CVE-2016-8212
- RESERVED
-CVE-2016-8211
- RESERVED
+CVE-2016-8212 (An issue was discovered in EMC RSA BSAFE Crypto-J versions
prior to ...)
+ TODO: check
+CVE-2016-8211 (EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor
6.2, EMC ...)
+ TODO: check
CVE-2016-8210
RESERVED
CVE-2016-8209
@@ -23662,11 +23654,9 @@
NOT-FOR-US: Pivotal
CVE-2016-6650
RESERVED
-CVE-2016-6649
- RESERVED
+CVE-2016-6649 (EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint
for ...)
NOT-FOR-US: EMC
-CVE-2016-6648
- RESERVED
+CVE-2016-6648 (EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint
for ...)
NOT-FOR-US: EMC
CVE-2016-6647 (Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before
4.0.1 ...)
NOT-FOR-US: EMC
@@ -24331,8 +24321,8 @@
RESERVED
CVE-2016-6501 (JFrog Artifactory before 4.11 allows remote attackers to
execute ...)
TODO: check
-CVE-2016-6500
- RESERVED
+CVE-2016-6500 (Unspecified methods in the RACF Connector component before
1.1.1.0 in ...)
+ TODO: check
CVE-2016-6499
RESERVED
CVE-2016-6498
@@ -25795,8 +25785,7 @@
NOTE: Fix SOGo v2:
https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225
(SOGo-2.3.12)
NOTE: Fix SOGo v3:
https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d
(SOGo-3.1.1)
NOTE: https://sogo.nu/bugs/view.php?id=3695
-CVE-2016-6188 [DOS attack through uploading malicious attachments]
- RESERVED
+CVE-2016-6188 (Memory leak in SOGo 2.3.7 allows remote attackers to cause a
denial of ...)
- sogo 3.2.4-0.2
[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
NOTE:
http://github.com/inverse-inc/sogo/commit/32bb1456e23a32c7f45079c3985bf732dd0d276d
(SOGo-2.3.9)
@@ -25894,8 +25883,7 @@
[wheezy] - bind9 <no-dsa> (Minor issue)
NOTE: Fixed by
https://github.com/sischkg/xfer-limit/blob/master/bind-9.10.3-xfer-limit-0.0.1.patch
NOTE: Fixed by
https://github.com/sischkg/xfer-limit/blob/master/bind-9.9.9-P1-xfer-limit-0.0.1.patch
-CVE-2016-6163 [read out-of-bounds in librsvg2 (a dependency of gdk-pixbuf used
to render svg images).]
- RESERVED
+CVE-2016-6163 (The rsvg_pattern_fix_fallback function in rsvg-paint_server.c
in ...)
- librsvg 2.40.9-2
[jessie] - librsvg <no-dsa> (Minor issue)
[wheezy] - librsvg <not-affected> (vulnerable code not present, no
segfault)
@@ -28929,8 +28917,7 @@
- xen 4.8.0~rc3-1
[wheezy] - xen <not-affected> (arm not supported)
NOTE: http://xenbits.xen.org/xsa/advisory-181.html
-CVE-2016-5241
- RESERVED
+CVE-2016-5241 (magick/render.c in GraphicsMagick before 1.3.24 allows remote
...)
{DLA-547-1}
- graphicsmagick 1.3.24-1
NOTE: Fixed by:
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/8d175c4edfe7
@@ -29810,8 +29797,7 @@
NOTE: PHP bug: https://bugs.php.net/bug.php?id=72115
NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
NOTE: http://www.openwall.com/lists/oss-security/2016/05/29/3
-CVE-2016-5115
- RESERVED
+CVE-2016-5115 (The avcodec_decode_audio4 function in libavcodec in libavformat
...)
- mplayer <undetermined>
NOTE: https://trac.mplayerhq.hu/ticket/2298
TODO: probably not affected since orig.tar.gz of src:mplayer does not
include libavcodec, ffmpeg/libav affected?
@@ -31292,16 +31278,14 @@
NOT-FOR-US: Huawei
CVE-2016-4575 (Cross-site scripting (XSS) vulnerability in the email APP in
Huawei ...)
NOT-FOR-US: Huawei
-CVE-2016-4796 [OpenJPEG Heap Buffer Overflow in function color_cmyk_to_rgb of
color.c]
- RESERVED
+CVE-2016-4796 (Heap-based buffer overflow in the color_cmyk_to_rgb in
common/color.c ...)
- openjpeg2 2.1.1-1
[jessie] - openjpeg2 <not-affected> (Vulnerable code not yet present in
2.1.0)
- openjpeg <removed>
[jessie] - openjpeg <not-affected> (Vulnerable code not present)
[wheezy] - openjpeg <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/uclouvain/openjpeg/commit/162f6199c0cd3ec1c6c6dc65e41b2faab92b2d91
-CVE-2016-4797 [OpenJPEG division-by-zero in function opj_tcd_init_tile of
tcd.c]
- RESERVED
+CVE-2016-4797 (Divide-by-zero vulnerability in the opj_tcd_init_tile function
in ...)
- openjpeg2 2.1.1-1
[jessie] - openjpeg2 <not-affected> (Vulnerable code not yet present in
2.1.0)
NOTE:
https://github.com/uclouvain/openjpeg/commit/8f9cc62b3f9a1da9712329ddcedb9750d585505c
@@ -31404,14 +31388,12 @@
CVE-2016-4546
RESERVED
NOT-FOR-US: Samsung Android component
-CVE-2016-4570 [Recursion using mxmlDelete at mxml-node.c:217
(stack-exhaustion-1.xml)]
- RESERVED
+CVE-2016-4570 (The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and
possibly ...)
- mxml 2.9-1 (bug #825855)
[jessie] - mxml <no-dsa> (Minor issue)
[wheezy] - mxml <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/8
-CVE-2016-4571 [Recursion using mxml_write_node at mxml-file.c:2739
(stack-exhaustion-2.xml)]
- RESERVED
+CVE-2016-4571 (The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7,
and ...)
- mxml 2.9-2 (bug #825855)
[jessie] - mxml <no-dsa> (Minor issue)
[wheezy] - mxml <no-dsa> (Minor issue)
@@ -32158,8 +32140,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/04/30/2
CVE-2016-4349 (Untrusted search path vulnerability in Cisco WebEx Productivity
Tools ...)
NOT-FOR-US: Cisco
-CVE-2016-4352 [Mplayer/Mencoder integer overflow parsing gif files]
- RESERVED
+CVE-2016-4352 (Integer overflow in the demuxer function in
libmpdemux/demux_gif.c in ...)
{DLA-458-1 DLA-457-1}
- mplayer 2:1.3.0-2 (bug #823723)
- mplayer2 <removed> (low)
@@ -35647,8 +35628,7 @@
[wheezy] - flashrom <no-dsa> (Minor issue)
NOTE: https://www.flashrom.org/pipermail/flashrom/2016-March/014523.html
NOTE: Neutralised by hardening
-CVE-2016-3183 [Out-Of-Bounds Read in sycc422_to_rgb function]
- RESERVED
+CVE-2016-3183 (The sycc422_t_rgb function in common/color.c in OpenJPEG before
2.1.1 ...)
- openjpeg2 2.1.1-1 (low; bug #818399)
[jessie] - openjpeg2 <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/14
@@ -38275,13 +38255,11 @@
- cgit <not-affected> (path_name function from embedded git is not
called)
CVE-2016-2314 (GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882
devices ...)
NOT-FOR-US: Huawei
-CVE-2016-2318
- RESERVED
+CVE-2016-2318 (GraphicsMagick 1.3.23 allows remote attackers to cause a denial
of ...)
{DSA-3746-1 DLA-484-1}
- graphicsmagick 1.3.24-1 (bug #814732)
NOTE: Fixed by:
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/e797bb0aec31
-CVE-2016-2317
- RESERVED
+CVE-2016-2317 (Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote
...)
{DSA-3746-1 DLA-484-1}
- graphicsmagick 1.3.24-1 (bug #814732)
NOTE: FIX
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/98394eb235a6
@@ -43462,8 +43440,7 @@
NOT-FOR-US: EMC Avamar
CVE-2016-0920 (Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC
Avamar ...)
NOT-FOR-US: EMC Avamar
-CVE-2016-0919
- RESERVED
+CVE-2016-0919 (EMC RSA Web Threat Detection version 5.0, RSA Web Threat
Detection ...)
NOT-FOR-US: RSA Web Threat Detection
CVE-2016-0918 (EMC RSA Identity Management and Governance before 6.8.1 P25 and
6.9.x ...)
NOT-FOR-US: EMC RSA Identity Governance and Lifecycle
@@ -43521,8 +43498,7 @@
NOT-FOR-US: EMC
CVE-2016-0891 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
NOT-FOR-US: EMC ViPR SRM
-CVE-2016-0890
- RESERVED
+CVE-2016-0890 (EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath
Virtual ...)
NOT-FOR-US: EMC
CVE-2016-0889 (An HTTP servlet in vApp Manager in EMC Unisphere for VMAX
Virtual ...)
NOT-FOR-US: EMC
@@ -58883,8 +58859,8 @@
CVE-2015-4053 (The admin command in ceph-deploy before 1.5.25 uses
world-readable ...)
- ceph-deploy <itp> (bug #694013)
NOTE: http://tracker.ceph.com/issues/11694
-CVE-2015-4049
- RESERVED
+CVE-2015-4049 (Unisys Libra 43xx, 63xx, and 83xx, and FS600 class systems with
...)
+ TODO: check
CVE-2015-4048
RESERVED
CVE-2012-6691 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
