Author: sectracker Date: 2017-02-14 21:10:15 +0000 (Tue, 14 Feb 2017) New Revision: 48939
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-02-14 19:59:19 UTC (rev 48938) +++ data/CVE/list 2017-02-14 21:10:15 UTC (rev 48939) @@ -1,8 +1,10 @@ CVE-2017-5987 [sd: infinite loop issue in multi block transfers] + RESERVED - qemu <unfixed> - qemu-kvm <removed> NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg02776.html CVE-2017-5986 [Reachable BUG_ON from userspace in sctp_wait_for_sndbuf()] + RESERVED - linux <unfixed> NOTE: Fixed by: https://git.kernel.org/linus/2dcab598484185dea7ec22219c76dcdd59e3cb90 CVE-2017-5985 @@ -15304,27 +15306,27 @@ [jessie] - xen <not-affected> (Only 4.5 onwards vulnerable) [wheezy] - xen <not-affected> (Only 4.5 onwards vulnerable) NOTE: https://xenbits.xen.org/xsa/advisory-196.html -CVE-2016-9371 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort ...) +CVE-2016-9371 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, ...) TODO: check CVE-2016-9370 RESERVED -CVE-2016-9369 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort ...) +CVE-2016-9369 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, ...) TODO: check CVE-2016-9368 RESERVED -CVE-2016-9367 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort ...) +CVE-2016-9367 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, ...) TODO: check -CVE-2016-9366 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort ...) +CVE-2016-9366 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, ...) TODO: check -CVE-2016-9365 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort ...) +CVE-2016-9365 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, ...) TODO: check CVE-2016-9364 (An issue was discovered in Fidelix FX-20 series controllers, versions ...) TODO: check -CVE-2016-9363 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort ...) +CVE-2016-9363 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, ...) TODO: check CVE-2016-9362 (An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released ...) TODO: check -CVE-2016-9361 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort ...) +CVE-2016-9361 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, ...) TODO: check CVE-2016-9360 (An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX ...) TODO: check @@ -15350,7 +15352,7 @@ RESERVED CVE-2016-9349 (An issue was discovered in Advantech SUISAccess Server Version 3.0 and ...) TODO: check -CVE-2016-9348 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort ...) +CVE-2016-9348 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, ...) TODO: check CVE-2016-9347 (An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O ...) TODO: check @@ -27213,81 +27215,81 @@ CVE-2014-9901 (The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9900 (The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel ...) - - linux <unfixed> (low) + - linux <unfixed> (low) CVE-2014-9899 (drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9898 (arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9897 (sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9896 (drivers/char/adsprpc.c in the Qualcomm components in Android before ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9895 (drivers/media/media-device.c in the Linux kernel before 3.11, as used ...) - - linux 3.11.5-1 + - linux 3.11.5-1 CVE-2014-9894 (drivers/misc/qseecom.c in the Qualcomm components in Android before ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9893 (drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9892 (The snd_compr_tstamp function in sound/core/compress_offload.c in the ...) - linux <unfixed> CVE-2014-9891 (drivers/misc/qseecom.c in the Qualcomm components in Android before ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9890 (Off-by-one error in ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9889 (drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9888 (arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM ...) - - linux 3.13.4-1 + - linux 3.13.4-1 CVE-2014-9887 (drivers/misc/qseecom.c in the Qualcomm components in Android before ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9886 (arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9885 (Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9884 (drivers/misc/qseecom.c in the Qualcomm components in Android before ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9883 (Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9882 (Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9881 (drivers/media/radio/radio-iris.c in the Qualcomm components in Android ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9880 (drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9879 (The mdss mdp3 driver in the Qualcomm components in Android before ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9878 (drivers/mmc/card/mmc_block_test.c in the Qualcomm components in ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9877 (drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9876 (drivers/char/diag/diagfwd.c in the Qualcomm components in Android ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9875 (drivers/char/diag/diag_dci.c in the Qualcomm components in Android ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9874 (Buffer overflow in the Qualcomm components in Android before ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9873 (Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9872 (The diag driver in the Qualcomm components in Android before ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9871 (Multiple buffer overflows in ...) TODO: check CVE-2014-9870 (The Linux kernel before 3.11 on ARM platforms, as used in Android ...) TODO: check CVE-2014-9869 (drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9868 (drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9867 (drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9866 (drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9865 (drivers/misc/qseecom.c in the Qualcomm components in Android before ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9864 (drivers/misc/qseecom.c in the Qualcomm components in Android before ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2014-9863 (Integer underflow in the diag driver in the Qualcomm components in ...) - - linux <not-affected> (Android-specific driver) + - linux <not-affected> (Android-specific driver) CVE-2016-5844 (Integer overflow in the ISO parser in libarchive before 3.2.1 allows ...) {DSA-3657-1 DLA-554-1} - libarchive 3.2.1-1 @@ -48273,6 +48275,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2015/10/27/10 NOTE: https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617 (v1.1.29-rc1) CVE-2015-8982 [multiple overflows in strxfrm()] + RESERVED - glibc 2.21-1 (bug #803927) [jessie] - glibc 2.19-18+deb8u2 [wheezy] - eglibc 2.13-38+deb7u9 @@ -65406,10 +65409,13 @@ CVE-2014-9685 (Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums ...) NOT-FOR-US: Vanilla Forums CVE-2015-8985 [potential denial of service in pop_fail_stack()] + RESERVED - glibc <unfixed> (bug #779392) - eglibc <removed> NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21163 CVE-2015-8984 [potential application crash due to overread in fnmatch] + RESERVED + {DLA-316-1} - glibc 2.21-1 (bug #779587) [jessie] - glibc 2.19-18+deb8u2 - eglibc <removed> @@ -65507,6 +65513,8 @@ CVE-2015-2039 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) NOT-FOR-US: Acobot Live Chat & Contact Form plugin for WordPress CVE-2015-8983 [_IO_wstr_overflow integer overflow] + RESERVED + {DLA-316-1} - eglibc <removed> [wheezy] - eglibc 2.13-38+deb7u9 - glibc 2.21-1 (bug #779587) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits