Author: sectracker Date: 2017-02-16 09:10:12 +0000 (Thu, 16 Feb 2017) New Revision: 48993
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-02-16 07:59:46 UTC (rev 48992) +++ data/CVE/list 2017-02-16 09:10:12 UTC (rev 48993) @@ -1,4 +1,35 @@ +CVE-2017-6012 + RESERVED +CVE-2017-6011 + RESERVED +CVE-2017-6010 + RESERVED +CVE-2017-6009 + RESERVED +CVE-2017-6008 + RESERVED +CVE-2017-6007 + RESERVED +CVE-2017-6006 + RESERVED +CVE-2017-6005 + RESERVED +CVE-2017-6004 + RESERVED +CVE-2017-6003 + RESERVED +CVE-2017-6002 + RESERVED +CVE-2014-9919 + RESERVED +CVE-2014-9918 + RESERVED +CVE-2014-9917 + RESERVED +CVE-2014-9916 + RESERVED CVE-2017-6001 [Incomplete fix for CVE-2016-6786] + RESERVED - linux <unfixed> NOTE: Fixed by: https://git.kernel.org/linus/321027c1fe77f892f4ea07846aeae08cefbbb290 CVE-2017-6000 [crypto: memory leakage in qcrypto_ivgen_essiv_init] @@ -121,6 +152,7 @@ - linux <unfixed> TODO: check/investigate, further triage first in kernel-sec CVE-2016-10225 + RESERVED NOT-FOR-US: sunxi-debug driver in Allwinner kernel CVE-2016-10224 (An issue was discovered in Sauter NovaWeb web HMI. The application uses ...) NOT-FOR-US: Sauter NovaWeb @@ -5885,8 +5917,8 @@ NOT-FOR-US: Cisco CVE-2017-3802 (A vulnerability in Cisco Unified Communications Manager could allow an ...) NOT-FOR-US: Cisco -CVE-2017-3801 - RESERVED +CVE-2017-3801 (A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and ...) + TODO: check CVE-2017-3800 (A vulnerability in the content scanning engine of Cisco AsyncOS ...) NOT-FOR-US: Cisco Email Security Appliance CVE-2017-3799 (A vulnerability in a URL parameter of Cisco WebEx Meeting Center could ...) @@ -14414,40 +14446,40 @@ RESERVED CVE-2017-0325 RESERVED -CVE-2017-0324 - RESERVED -CVE-2017-0323 - RESERVED -CVE-2017-0322 - RESERVED -CVE-2017-0321 - RESERVED -CVE-2017-0320 - RESERVED -CVE-2017-0319 - RESERVED -CVE-2017-0318 - RESERVED -CVE-2017-0317 - RESERVED +CVE-2017-0324 (All versions of NVIDIA Windows GPU Display Driver contain a ...) + TODO: check +CVE-2017-0323 (All versions of NVIDIA Windows GPU Display Driver contain a ...) + TODO: check +CVE-2017-0322 (All versions of NVIDIA Windows GPU Display Driver contain a ...) + TODO: check +CVE-2017-0321 (All versions of NVIDIA GPU Display Driver contain a vulnerability in ...) + TODO: check +CVE-2017-0320 (All versions of NVIDIA Windows GPU Display Driver contain a ...) + TODO: check +CVE-2017-0319 (All versions of NVIDIA Windows GPU Display Driver contain a ...) + TODO: check +CVE-2017-0318 (All versions of NVIDIA Linux GPU Display Driver contain a ...) + TODO: check +CVE-2017-0317 (All versions of NVIDIA GPU and GeForce Experience installer contain a ...) + TODO: check CVE-2017-0316 RESERVED -CVE-2017-0315 - RESERVED -CVE-2017-0314 - RESERVED -CVE-2017-0313 - RESERVED -CVE-2017-0312 - RESERVED -CVE-2017-0311 - RESERVED -CVE-2017-0310 - RESERVED -CVE-2017-0309 - RESERVED -CVE-2017-0308 - RESERVED +CVE-2017-0315 (All versions of NVIDIA Windows GPU Display Driver contain a ...) + TODO: check +CVE-2017-0314 (All versions of NVIDIA Windows GPU Display Driver contain a ...) + TODO: check +CVE-2017-0313 (All versions of NVIDIA Windows GPU Display Driver contain a ...) + TODO: check +CVE-2017-0312 (All versions of NVIDIA Windows GPU Display Driver contain a ...) + TODO: check +CVE-2017-0311 (NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel ...) + TODO: check +CVE-2017-0310 (All versions of NVIDIA GPU Display Driver contain a vulnerability in ...) + TODO: check +CVE-2017-0309 (All versions of NVIDIA GPU Display Driver contain a vulnerability in ...) + TODO: check +CVE-2017-0308 (All versions of NVIDIA Windows GPU Display Driver contain a ...) + TODO: check CVE-2017-0307 RESERVED CVE-2017-0306 @@ -17766,30 +17798,25 @@ NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-stack-based-buffer-overflow-in-bsdtar_expand_char-util-c/ NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a NOTE: https://github.com/libarchive/libarchive/issues/767 -CVE-2016-8678 [heap-based buffer overflow in IsPixelMonochrome] - RESERVED +CVE-2016-8678 (The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ...) - imagemagick <unfixed> (unimportant; bug #845204) NOTE: https://blogs.gentoo.org/ago/2016/10/07/imagemagick-heap-based-buffer-overflow-in-ispixelmonochrome-pixel-accessor-h/ NOTE: unimportant: Only an issue with a QuantumDepth=64 build, thus not affecting the binary packages NOTE: https://github.com/ImageMagick/ImageMagick/issues/272 -CVE-2016-8677 [memory allocate failure in AcquireQuantumPixels] - RESERVED +CVE-2016-8677 (The AcquireQuantumPixels function in MagickCore/quantum.c in ...) {DSA-3726-1 DLA-756-1} - imagemagick 8:6.9.6.2+dfsg-1 (bug #845206) NOTE: https://blogs.gentoo.org/ago/2016/10/07/imagemagick-memory-allocate-failure-in-acquirequantumpixels-quantum-c/ NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/6e48aa92ff4e6e95424300ecd52a9ea453c19c60 -CVE-2016-8676 [Issue that remains after addressing CVE-2016-8675 with e5b019725f53b79159931d3a7317107cbbfd0860] - RESERVED +CVE-2016-8676 (The get_vlc2 function in get_bits.h in Libav 11.9 allows remote ...) - libav <removed> (unimportant) NOTE: https://blogs.gentoo.org/ago/2016/09/07/libav-null-pointer-dereference-in-get_vlc2_get_bits_h/ -CVE-2016-8675 - RESERVED +CVE-2016-8675 (The get_vlc2 function in get_bits.h in Libav before 11.9 allows remote ...) - libav <removed> (unimportant) NOTE: https://blogs.gentoo.org/ago/2016/09/07/libav-null-pointer-dereference-in-get_vlc2_get_bits_h/ NOTE: Fixed by: https://github.com/libav/libav/commit/e5b019725f53b79159931d3a7317107cbbfd0860 NOTE: Cf. CVE-2016-8676 as well which remain unfixed after e5b019725f53b79159931d3a7317107cbbfd0860 -CVE-2016-8674 - RESERVED +CVE-2016-8674 (The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows ...) - mupdf 1.9a+ds1-2 (bug #840957) [jessie] - mupdf <no-dsa> (Minor issue) [wheezy] - mupdf <not-affected> (Crash is not reproducible with reprocuder. Needs clarification from upstream.) @@ -18415,8 +18442,7 @@ - graphicsmagick 1.3.25-5 NOTE: https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-stack-based-buffer-overflow-in-readsctimage-sct-c/ NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/0a0dfa81906d -CVE-2016-8679 [dwarf_util.c: heap-based buffer overflow in _dwarf_get_size_of_val] - RESERVED +CVE-2016-8679 (The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in ...) - dwarfutils 20161001-2 (bug #840958) [jessie] - dwarfutils <no-dsa> (Minor issue) [wheezy] - dwarfutils <no-dsa> (Minor issue) @@ -18424,15 +18450,13 @@ NOTE: https://sourceforge.net/p/libdwarf/code/ci/2d14a7792889e33bc542c28d0f3792964c46214f/#diff-13 NOTE: https://sourceforge.net/p/libdwarf/code/ci/efe48cad0693d6994d9a7b561e1c3833b073a624/#diff-2 NOTE: Same fix as CVE-2016-8681 but different issue -CVE-2016-8680 [dwarf_util.c: heap-based buffer overflow in _dwarf_get_abbrev_for_code] - RESERVED +CVE-2016-8680 (The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf ...) - dwarfutils 20161001-2 (bug #840960) [jessie] - dwarfutils <no-dsa> (Minor issue) [wheezy] - dwarfutils <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2016/10/08/12 NOTE: https://sourceforge.net/p/libdwarf/code/ci/268c1f18d1d28612af3b72d7c670076b1b88e51c/tree/libdwarf/dwarf_util.c?diff=0b28b923c3bd9827d1d904feed2abadde4fa5de2 -CVE-2016-8681 [dwarf_util.c: heap-based buffer overflow in _dwarf_get_abbrev_for_code second one] - RESERVED +CVE-2016-8681 (The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf ...) - dwarfutils 20161001-2 (bug #840961) [jessie] - dwarfutils <no-dsa> (Minor issue) [wheezy] - dwarfutils <no-dsa> (Minor issue) @@ -21578,8 +21602,7 @@ NOT-FOR-US: Oracle CVE-2016-7500 RESERVED -CVE-2016-7499 - RESERVED +CVE-2016-7499 (The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote ...) - libav <removed> (unimportant) NOTE: https://blogs.gentoo.org/ago/2016/09/21/libav-divide-by-zero-in-sbr_make_f_master-aacsbr-c/ CVE-2016-7498 (OpenStack Compute (nova) 13.0.0 does not properly delete instances ...) @@ -21638,8 +21661,7 @@ - php5 <removed> NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73093 NOTE: Patch for 5.6.x: http://git.php.net/?p=php-src.git;a=commit;h=40e7baab3c90001beee4c8f0ed0ef79ad18ee0d6 (5.6.28) -CVE-2016-7477 - RESERVED +CVE-2016-7477 (The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 ...) - libav <removed> (unimportant) NOTE: https://blogs.gentoo.org/ago/2016/09/20/libav-null-pointer-dereference-in-ff_put_pixels8_xy2_mmx-rnd_template-c/ CVE-2016-7476 @@ -22382,16 +22404,14 @@ NOT-FOR-US: Microsoft CVE-2016-7181 (Microsoft Edge allows remote attackers to execute arbitrary code or ...) NOT-FOR-US: Microsoft -CVE-2016-7393 [stack-based buffer overflow in aac_sync (aac_parser.c)] - RESERVED +CVE-2016-7393 (Stack-based buffer overflow in the aac_sync function in aac_parser.c ...) {DLA-644-1} - ffmpeg 7:2.4-1 - libav <removed> [jessie] - libav 6:11.6-1~deb8u1 NOTE: https://blogs.gentoo.org/ago/2016/08/20/libav-stack-based-buffer-overflow-in-aac_sync-aac_parser-c/ NOTE: https://git.libav.org/?p=libav.git;a=commit;h=fb1473080223a634b8ac2cca48a632d037a0a69d -CVE-2016-7392 [heap-based buffer overflow in pstoedit_suffix_table_init (output-pstoedit.c)] - RESERVED +CVE-2016-7392 (Heap-based buffer overflow in the pstoedit_suffix_table_init function ...) {DLA-621-1} - autotrace 0.31.1-17 (bug #837599) NOTE: https://blogs.gentoo.org/ago/2016/09/10/autotrace-heap-based-buffer-overflow-in-pstoedit_suffix_table_init-output-pstoedit-c/ _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits