Author: sectracker Date: 2017-03-23 21:10:13 +0000 (Thu, 23 Mar 2017) New Revision: 49978
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-03-23 20:46:32 UTC (rev 49977) +++ data/CVE/list 2017-03-23 21:10:13 UTC (rev 49978) @@ -1,3 +1,39 @@ +CVE-2017-7243 + RESERVED +CVE-2017-7242 (Multiple Cross-Site Scripting (XSS) were discovered in admin/modules ...) + TODO: check +CVE-2017-7241 + RESERVED +CVE-2017-7240 + RESERVED +CVE-2017-7239 + RESERVED +CVE-2017-7238 + RESERVED +CVE-2017-7237 + RESERVED +CVE-2017-7236 + RESERVED +CVE-2016-10265 + RESERVED +CVE-2016-10264 + RESERVED +CVE-2016-10263 + RESERVED +CVE-2016-10262 + RESERVED +CVE-2016-10261 + RESERVED +CVE-2016-10260 + RESERVED +CVE-2016-10259 + RESERVED +CVE-2016-10258 + RESERVED +CVE-2016-10257 + RESERVED +CVE-2016-10256 + RESERVED CVE-2017-7235 (An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A ...) NOT-FOR-US: cloudflare-scrape CVE-2017-7234 @@ -48,16 +84,14 @@ RESERVED CVE-2017-7216 RESERVED -CVE-2016-10255 [memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c)] - RESERVED +CVE-2016-10255 (The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils ...) - elfutils 0.168-0.2 (low) [jessie] - elfutils <no-dsa> (Minor issue) [wheezy] - elfutils <no-dsa> (Minor issue) NOTE: 0.168-0.2 first version uploaded to unstable NOTE: https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/ NOTE: https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=09ec02ec7f7e6913d10943148e2a898264345b07 -CVE-2016-10254 [memory allocation failure in allocate_elf (common.h)] - RESERVED +CVE-2016-10254 (The allocate_elf function in common.h in elfutils before 0.168 allows ...) - elfutils 0.168-0.2 (low) [jessie] - elfutils <no-dsa> (Minor issue) [wheezy] - elfutils <no-dsa> (Minor issue) @@ -113,8 +147,8 @@ NOT-FOR-US: SLiMS CVE-2017-7201 RESERVED -CVE-2017-7199 - RESERVED +CVE-2017-7199 (Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions ...) + TODO: check CVE-2017-7200 (An SSRF issue was discovered in OpenStack Glance before Newton. The ...) - glance 2:13.0.0-1 [jessie] - glance <no-dsa> (Minor issue, too intrusive to backport) @@ -653,8 +687,8 @@ REJECTED CVE-2017-6951 (The keyring_search_aux function in security/keys/keyring.c in the Linux ...) - linux 4.0.2-1 -CVE-2017-6950 - RESERVED +CVE-2017-6950 (SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended ...) + TODO: check CVE-2017-6949 (An issue was discovered in CHICKEN Scheme through 4.12.0. When using a ...) - chicken <unfixed> (bug #858057) [jessie] - chicken <no-dsa> (Minor issue) @@ -733,8 +767,8 @@ RESERVED CVE-2017-6912 RESERVED -CVE-2017-6911 - RESERVED +CVE-2017-6911 (USB Pratirodh is prone to sensitive information disclosure. It stores ...) + TODO: check CVE-2017-6910 RESERVED CVE-2017-6909 (An issue was discovered in Shimmie <= 2.5.1. The vulnerability exists ...) @@ -763,8 +797,8 @@ RESERVED CVE-2017-6896 (Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 ...) NOT-FOR-US: DIGISOL DG-HR1400 1.00.02 wireless router -CVE-2017-6895 - RESERVED +CVE-2017-6895 (USB Pratirodh allows remote attackers to conduct XML External Entity ...) + TODO: check CVE-2017-6894 RESERVED CVE-2017-6893 @@ -859,71 +893,71 @@ CVE-2017-6853 RESERVED CVE-2017-6839 (Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka ...) - {DSA-3814-1} + {DSA-3814-1 DLA-867-1} - audiofile 0.3.6-4 (bug #857651) NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/ NOTE: https://github.com/mpruett/audiofile/issues/41 NOTE: https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9 CVE-2017-6838 (Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka ...) - {DSA-3814-1} + {DSA-3814-1 DLA-867-1} - audiofile 0.3.6-4 (bug #857651) NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/ NOTE: https://github.com/mpruett/audiofile/issues/41 NOTE: https://github.com/antlarr/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7 CVE-2017-6837 (WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote ...) - {DSA-3814-1} + {DSA-3814-1 DLA-867-1} - audiofile 0.3.6-4 (bug #857651) NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/ NOTE: https://github.com/mpruett/audiofile/issues/41 NOTE: https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0 CVE-2017-6836 (Heap-based buffer overflow in the Expand3To4Module::run function in ...) - {DSA-3814-1} + {DSA-3814-1 DLA-867-1} - audiofile 0.3.6-4 (bug #857651) NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h NOTE: https://github.com/mpruett/audiofile/issues/40 NOTE: https://github.com/mpruett/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7 CVE-2017-6835 (The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio ...) - {DSA-3814-1} + {DSA-3814-1 DLA-867-1} - audiofile 0.3.6-4 (bug #857651) NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp NOTE: https://github.com/mpruett/audiofile/issues/39 NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0 CVE-2017-6834 (Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp ...) - {DSA-3814-1} + {DSA-3814-1 DLA-867-1} - audiofile 0.3.6-4 (bug #857651) NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp NOTE: https://github.com/mpruett/audiofile/issues/38 NOTE: https://github.com/mpruett/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7 CVE-2017-6833 (The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio ...) - {DSA-3814-1} + {DSA-3814-1 DLA-867-1} - audiofile 0.3.6-4 (bug #857651) NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp NOTE: https://github.com/mpruett/audiofile/issues/37 NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0 CVE-2017-6832 (Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio ...) - {DSA-3814-1} + {DSA-3814-1 DLA-867-1} - audiofile 0.3.6-4 (bug #857651) NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp NOTE: https://github.com/mpruett/audiofile/issues/36 NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0 CVE-2017-6831 (Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp ...) - {DSA-3814-1} + {DSA-3814-1 DLA-867-1} - audiofile 0.3.6-4 (bug #857651) NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp NOTE: https://github.com/mpruett/audiofile/issues/35 NOTE: https://github.com/antlarr/audiofile/commit/a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6 CVE-2017-6830 (Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp ...) - {DSA-3814-1} + {DSA-3814-1 DLA-867-1} - audiofile 0.3.6-4 (bug #857651) NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp NOTE: https://github.com/mpruett/audiofile/issues/34 NOTE: https://github.com/mpruett/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7 CVE-2017-6829 (The decodeSample function in IMA.cpp in Audio File Library (aka ...) - {DSA-3814-1} + {DSA-3814-1 DLA-867-1} - audiofile 0.3.6-4 (bug #857651) NOTE: https://github.com/mpruett/audiofile/issues/33 NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp @@ -1602,8 +1636,8 @@ RESERVED CVE-2017-6518 (Cross-site scripting (XSS) vulnerability in /sanadata/seo/index.asp in ...) NOT-FOR-US: SanaCMS -CVE-2017-6517 - RESERVED +CVE-2017-6517 (Microsoft Skype 7.16.0.102 contains a vulnerability that could allow ...) + TODO: check CVE-2017-6516 (A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo ...) NOT-FOR-US: MagniComp CVE-2017-6515 @@ -2223,12 +2257,12 @@ RESERVED CVE-2017-6362 RESERVED -CVE-2017-6361 - RESERVED -CVE-2017-6360 - RESERVED -CVE-2017-6359 - RESERVED +CVE-2017-6361 (QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute ...) + TODO: check +CVE-2017-6360 (QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain ...) + TODO: check +CVE-2017-6359 (QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain ...) + TODO: check CVE-2017-6358 RESERVED CVE-2017-6357 @@ -2701,8 +2735,8 @@ RESERVED CVE-2017-6192 RESERVED -CVE-2017-6191 - RESERVED +CVE-2017-6191 (Buffer overflow in APNGDis 2.8 and below allows a remote attacker to ...) + TODO: check CVE-2017-6190 RESERVED CVE-2017-6189 (Untrusted search path vulnerability in Amazon Kindle for PC before ...) @@ -3485,8 +3519,7 @@ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-02/msg01075.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1419699 NOTE: http://git.qemu-project.org/?p=qemu.git;a=commit;h=c7dfbf322595ded4e70b626bf83158a9f3807c6a -CVE-2017-5897 - RESERVED +CVE-2017-5897 (The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel ...) {DSA-3791-1} - linux 4.9.13-1 [wheezy] - linux <not-affected> (Vulnerable code introduced later) @@ -4838,11 +4871,9 @@ [jessie] - linux <not-affected> (freelist randomisation introduced in 4.7) [wheezy] - linux <not-affected> (freelist randomisation introduced in 4.7) NOTE: Fixed by: https://git.kernel.org/linus/c4e490cf148e85ead0d1b1c2caaba833f1d5b29f (v4.10-rc4) -CVE-2017-5538 - RESERVED +CVE-2017-5538 (The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c ...) NOT-FOR-US: Samsung Exynos -CVE-2017-5524 - RESERVED +CVE-2017-5524 (Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers ...) NOT-FOR-US: Plone CVE-2017-5537 (The password reset form in Weblate before 2.10.1 provides different ...) - weblate <itp> (bug #745661) @@ -5816,8 +5847,8 @@ NOT-FOR-US: Rapid7 CVE-2017-5228 (All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 ...) NOT-FOR-US: Rapid7 -CVE-2017-5227 - RESERVED +CVE-2017-5227 (QNAP QTS before 4.2.4 Build 20170313 allows attackers to obtain ...) + TODO: check CVE-2017-5225 (LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the ...) {DLA-795-1} - tiff 4.0.7-5 (bug #851297) @@ -5964,14 +5995,12 @@ RESERVED - bubblewrap 0.1.5-2 (bug #850702) NOTE: https://github.com/projectatomic/bubblewrap/issues/142 -CVE-2017-5207 [Root shell via --bandwidth and --shell] - RESERVED +CVE-2017-5207 (Firejail before 0.9.44.4, when running a bandwidth command, allows ...) - firejail 0.9.44.4-1 (bug #850528) NOTE: https://github.com/netblue30/firejail/issues/1023 NOTE: Fixed by: https://github.com/netblue30/firejail/commit/5d43fdcd215203868d440ffc42036f5f5ffc89fc NOTE: http://www.openwall.com/lists/oss-security/2017/01/07/3 -CVE-2017-5206 - RESERVED +CVE-2017-5206 (Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, ...) - firejail 0.9.44.4-1 (bug #850558) NOTE: Fixed by: https://github.com/netblue30/firejail/commit/6b8dba29d73257311564ee7f27b9b14758cc693e CVE-2017-5199 @@ -6453,7 +6482,7 @@ NOTE: libv8 not covered by security support CVE-2017-5029 RESERVED - {DSA-3810-1} + {DSA-3810-1 DLA-866-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) - libxslt <unfixed> (bug #858546) @@ -12753,6 +12782,7 @@ NOTE: Qemu upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html CVE-2017-2619 RESERVED + {DSA-3816-1} - samba 2:4.5.6+dfsg-2 NOTE: https://www.samba.org/samba/security/CVE-2017-2619.html CVE-2017-2618 [selinux: fix off-by-one in setprocattr] @@ -17540,8 +17570,7 @@ - linux 4.8.15-1 [jessie] - linux 3.16.39-1 NOTE: Fixed by: https://git.kernel.org/linus/b98b0bc8c431e3ceb4b26b0dfc8db509518fb290 -CVE-2016-9775 [tomcat8: privilege escalation during package removal] - RESERVED +CVE-2016-9775 (The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 ...) {DSA-3739-1 DSA-3738-1 DLA-729-1 DLA-728-1} - tomcat8 8.5.8-2 (bug #845385) - tomcat7 7.0.72-3 @@ -17549,8 +17578,7 @@ - tomcat6 6.0.41-3 NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie NOTE: http://www.openwall.com/lists/oss-security/2016/12/02/5 -CVE-2016-9774 [tomcat8: privilege escalation during package upgrade] - RESERVED +CVE-2016-9774 (The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 ...) {DSA-3739-1 DSA-3738-1 DLA-753-1 DLA-746-1} - tomcat8 8.5.8-2 (bug #845393) - tomcat7 7.0.72-3 @@ -18531,8 +18559,7 @@ [wheezy] - dwarfutils <no-dsa> (Minor issue) NOTE: https://blogs.gentoo.org/ago/2016/11/19/libdwarf-negation-overflow-in-dwarf_leb-c NOTE: Fixed by: https://sourceforge.net/p/libdwarf/code/ci/4f19e1050cd8e9ddf2cb6caa061ff2fec4c9b5f9/#diff-5 -CVE-2016-9557 [signed integer overflow in jas_image.c] - RESERVED +CVE-2016-9557 (Integer overflow in jas_image.c in JasPer before 1.900.25 allows ...) - jasper <removed> [jessie] - jasper <no-dsa> (Minor issue) [wheezy] - jasper <no-dsa> (the fix is too invasive) @@ -18668,8 +18695,7 @@ NOTE: https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556/ NOTE: https://github.com/ImageMagick/ImageMagick/issues/312 NOTE: Upstream statement: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31045 -CVE-2016-9556 [Heap buffer overflow in heap-buffer-overflow in IsPixelGray] - RESERVED +CVE-2016-9556 (The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick ...) {DSA-3726-1 DLA-756-1} - imagemagick 8:6.9.6.5+dfsg-1 (bug #845242) NOTE: https://github.com/ImageMagick/ImageMagick/issues/301 @@ -18681,8 +18707,7 @@ NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797 NOTE: https://github.com/ImageMagick/ImageMagick/commit/56d6e20de489113617cbbddaf41e92600a34db22 NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3 -CVE-2016-10058 [Fixed memory leak in psd file handling] - RESERVED +CVE-2016-10058 (Memory leak in the ReadPSDLayers function in coders/psd.c in ...) - imagemagick 8:6.9.6.5+dfsg-1 (bug #845239) [jessie] - imagemagick <not-affected> (Vulnerable code using layer_info[i].info introduced later) [wheezy] - imagemagick <not-affected> (Vulnerable code using layer_info[i].info introduced later) @@ -18741,8 +18766,7 @@ NOTE: https://github.com/ImageMagick/ImageMagick/commit/933e96f01a8c889c7bf5ffd30020e86a02a046e7 NOTE: https://github.com/ImageMagick/ImageMagick/issues/196 NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3 -CVE-2016-10059 [Imagemagick (jessie and older) buffer overflow] - RESERVED +CVE-2016-10059 (Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows ...) {DSA-3726-1 DLA-756-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #845195) NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410 @@ -19107,77 +19131,64 @@ NOTE: Upstream bash considers this issue only to be a bug. NOTE: Proposed patch: https://lists.gnu.org/archive/html/bug-bash/2016-11/msg00116.html NOTE: Fixed by (4.4): https://ftp.gnu.org/pub/gnu/bash/bash-4.4-patches/bash44-006 -CVE-2016-9399 [jpc_dec.c:1650: void calcstepsizes(uint_fast16_t, int, uint_fast16_t *): Assertion `!((expn + (numrlvls - 1) - (numrlvls - 1 - ((bandno > 0) ? ((bandno + 2) / 3) : (0)))) & (~0x1f))' failed.] - RESERVED +CVE-2016-9399 (The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows ...) - jasper <removed> (unimportant) NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00044-jasper-assert-calcstepsizes NOTE: Negligable security impact -CVE-2016-9398 [jpc_math.c:94: int jpc_floorlog2(int): Assertion `x > 0' failed.] - RESERVED +CVE-2016-9398 (The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 ...) - jasper <removed> (unimportant) NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00023-jasper-assert-jpc_floorlog2 NOTE: Negligable security impact -CVE-2016-9397 [jpc_dec.c:1817: void jpc_dequantize(jas_matrix_t *, jpc_fix_t): Assertion `absstepsize >= 0' failed.] - RESERVED +CVE-2016-9397 (The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows ...) - jasper <removed> (unimportant) NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00010-jasper-assert-jpc_dequantize NOTE: Negligable security impact -CVE-2016-9396 [jpc_t1cod.c:144: int JPC_NOMINALGAIN(int, int, int, int): Assertion `qmfbid == 0x01' failed.] - RESERVED +CVE-2016-9396 (The JPC_NOMINALGAIN function in jpc_t1cod.c in JasPer before 1.900.12 ...) - jasper <removed> (unimportant) NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00004-jasper-assert-JPC_NOMINALGAIN NOTE: Negligable security impact -CVE-2016-9395 [jas_seq.c:90: jas_matrix_t *jas_seq2d_create(int, int, int, int): Assertion `xstart <= xend && ystart <= yend' failed.] - RESERVED +CVE-2016-9395 (The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 ...) - jasper <removed> (unimportant) NOTE: Fix: https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00043-jasper-assert-jas_matrix_t NOTE: Negligable security impact -CVE-2016-9394 - RESERVED +CVE-2016-9394 (The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 ...) - jasper <removed> (unimportant) NOTE: Fix: https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330 NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00016-jasper-assert-jas_matrix_t NOTE: Negligable security impact -CVE-2016-9393 - RESERVED +CVE-2016-9393 (The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 ...) - jasper <removed> (unimportant) NOTE: Fix: https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330 NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00013-jasper-assert-jpc_pi_nextrpcl NOTE: Negligable security impact -CVE-2016-9392 - RESERVED +CVE-2016-9392 (The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 ...) - jasper <removed> (unimportant) NOTE: Fix: https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330 NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00012-jasper-assert-calcstepsizes NOTE: Negligable security impact -CVE-2016-9391 [jpc_bs.c:197: long jpc_bitstream_getbits(jpc_bitstream_t *, int): Assertion `n >= 0 && n < 32' failed.] - RESERVED +CVE-2016-9391 (The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 ...) - jasper <removed> (unimportant) NOTE: Fix: https://github.com/mdadams/jasper/commit/1e84674d95353c64e5c4c0e7232ae86fd6ea813b NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00014-jasper-assert-jpc_bitstream_getbits NOTE: Negligable security impact -CVE-2016-9390 [jas_seq.c:90: jas_matrix_t *jas_seq2d_create(int, int, int, int): Assertion `xstart <= xend && ystart <= yend' failed.] - RESERVED +CVE-2016-9390 (The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 ...) - jasper <removed> (unimportant) NOTE: Fix: https://github.com/mdadams/jasper/commit/ba2b9d000660313af7b692542afbd374c5685865 NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00007-jasper-assert-jas_matrix_t NOTE: Negligable security impact -CVE-2016-9389 - RESERVED +CVE-2016-9389 (The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before ...) - jasper <removed> (unimportant) NOTE: Fix: https://github.com/mdadams/jasper/commit/dee11ec440d7908d1daf69f40a3324b27cf213ba NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00006-jasper-assert-jpc_irct NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00008-jasper-assert-jpc_iict NOTE: Negligable security impact -CVE-2016-9388 [ras_dec.c:330: int ras_getcmap(jas_stream_t *, ras_hdr_t *, ras_cmap_t *): Assertion `numcolors <= 256' failed.] - RESERVED +CVE-2016-9388 (The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows ...) - jasper <removed> (unimportant) NOTE: Fix: https://github.com/mdadams/jasper/commit/411a4068f8c464e883358bf403a3e25158863823 NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00005-jasper-assert-ras_getcmap NOTE: Negligable security impact -CVE-2016-9387 [jas_seq.c:90: jas_matrix<= yend' failed.] - RESERVED +CVE-2016-9387 (Integer overflow in the jpc_dec_process_siz function in ...) - jasper <removed> (unimportant) NOTE: Fix: https://github.com/mdadams/jasper/commit/d91198abd00fc435a397fe6bad906a4c1748e9cf NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00003-jasper-assert-jas_matrix_t @@ -19436,16 +19447,14 @@ NOT-FOR-US: Samsung Exynos fimg2d driver for Android CVE-2016-9278 (The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, ...) NOT-FOR-US: Samsung Exynos fimg2d driver for Android -CVE-2016-9276 [heap-based buffer overflow in dwarf_get_aranges_list (dwarf_arange.c)] - RESERVED +CVE-2016-9276 (The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf ...) - dwarfutils 20161124-1 (bug #844011) [jessie] - dwarfutils <no-dsa> (Minor issue) [wheezy] - dwarfutils <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/ NOTE: https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-dwarf_get_aranges_list-dwarf_arange-c NOTE: Same commit as for CVE-2016-9275. Needs the dwarf_arange.c part of the commit. -CVE-2016-9275 [heap-based buffer overflow in _dwarf_skim_forms (dwarf_macro5.c)] - RESERVED +CVE-2016-9275 (Heap-based buffer overflow in the _dwarf_skim_forms function in ...) - dwarfutils 20161124-1 (bug #844012) [jessie] - dwarfutils <not-affected> (Vulnerable code not present) [wheezy] - dwarfutils <not-affected> (Vulnerable code not present) @@ -19477,26 +19486,22 @@ RESERVED CVE-2017-0301 RESERVED -CVE-2016-9266 [left shift in listmp3.c] - RESERVED +CVE-2016-9266 (listmp3.c in libming 0.4.7 allows remote attackers to unspecified ...) {DLA-799-1} - ming <removed> (bug #843928) NOTE: https://blogs.gentoo.org/ago/2016/11/09/libming-listmp3-left-shift-in-listmp3-c NOTE: https://github.com/libming/libming/issues/53 -CVE-2016-9265 [divide-by-zero in printMP3Headers (listmp3.c)] - RESERVED +CVE-2016-9265 (The printMP3Headers function in listmp3.c in Libming 0.4.7 allows ...) {DLA-799-1} - ming <removed> (bug #843928) NOTE: https://blogs.gentoo.org/ago/2016/11/09/libming-listmp3-divide-by-zero-in-printmp3headers-list NOTE: https://github.com/libming/libming/issues/52 -CVE-2016-9264 [global-buffer-overflow in printMP3Headers (listmp3.c)] - RESERVED +CVE-2016-9264 (Buffer overflow in the printMP3Headers function in listmp3.c in ...) {DLA-799-1} - ming <removed> (bug #843928) NOTE: https://blogs.gentoo.org/ago/2016/11/07/libming-listmp3-global-buffer-overflow-in-printmp3headers-listmp3-c NOTE: https://github.com/libming/libming/issues/51 -CVE-2016-9262 [use after free in jas_realloc (jas_malloc.c)] - RESERVED +CVE-2016-9262 (Multiple integer overflows in the (1) jas_realloc function in ...) - jasper <removed> [jessie] - jasper <not-affected> (Vulnerable code introduced later) [wheezy] - jasper <not-affected> (Vulnerable code introduced later) @@ -20466,8 +20471,7 @@ - firejail 0.9.44-1 NOTE: https://github.com/netblue30/firejail/commit/46dc2b34f1fbbc4597b4ff9f6a3cb28b2d500d1b NOTE: http://www.openwall.com/lists/oss-security/2016/10/25/3 -CVE-2016-9011 [memory allocation failure in wmf_malloc (api.c)] - RESERVED +CVE-2016-9011 (The wmf_malloc function in api.c in libwmf 0.2.8.4 allows remote ...) {DLA-694-1} - libwmf 0.2.8.4-10.6 (bug #842090) [jessie] - libwmf 0.2.8.4-10.3+deb8u2 @@ -20990,8 +20994,7 @@ - jasper <not-affected> (Incomplete fix for CVE-206-8887 not applied) NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00002-jasper-NULLptr-jp2_colr_destroy NOTE: https://blogs.gentoo.org/ago/2016/10/23/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c-incomplete-fix-for-cve-2016-8887 -CVE-2016-8887 [NULL pointer dereference in jp2_colr_destroy (jp2_cod.c)] - RESERVED +CVE-2016-8887 (The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer ...) {DLA-739-1} - jasper <removed> (unimportant) NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c @@ -21000,8 +21003,7 @@ NOTE: https://blogs.gentoo.org/ago/2016/10/23/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c-incomplete-fix-for-cve-2016-8887 NOTE: and include the fix to not make jasper vulnerable to the incomplete fix. NOTE: Not suitable for code injection, hardly denial of service -CVE-2016-8886 [memory allocation failure in jas_malloc (jas_malloc.c)] - RESERVED +CVE-2016-8886 (The jas_malloc function in libjasper/base/jas_malloc.c in JasPer ...) - jasper <removed> (low) [jessie] - jasper <no-dsa> (Minor issue) [wheezy] - jasper <no-dsa> (Minor issue) @@ -21011,8 +21013,7 @@ [jessie] - sendmail <no-dsa> (Minor issue) [wheezy] - sendmail <no-dsa> (Minor issue) NOTE: no unprivileged user should be in smmsp group and there is no known vulnerability to gain smmsp group membership -CVE-2016-8885 - RESERVED +CVE-2016-8885 (The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before ...) - jasper <not-affected> (Incomplete fix for CVE-2016-8690 not applied) NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690 CVE-2016-8884 @@ -25061,8 +25062,8 @@ RESERVED CVE-2016-7469 RESERVED -CVE-2016-7468 - RESERVED +CVE-2016-7468 (An unauthenticated remote attacker may be able to disrupt services on ...) + TODO: check CVE-2016-7467 RESERVED CVE-2016-7465 @@ -26199,32 +26200,27 @@ [jessie] - linux 3.16.39-1 [wheezy] - linux <not-affected> (Vulnerable code not present; arm64 introduced in 3.7) NOTE: Fixed by: https://git.kernel.org/linus/8fff105e13041e49b82f92eef034f363a6b1c071 (4.1-rc1) -CVE-2016-10057 - RESERVED +CVE-2016-10057 (Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ...) {DSA-3675-1 DLA-731-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #836172) NOTE: https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1 NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3 -CVE-2016-10056 - RESERVED +CVE-2016-10056 (Buffer overflow in the sixel_decode function in coders/sixel.c in ...) {DSA-3675-1 DLA-731-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #836172) NOTE: https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1 NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3 -CVE-2016-10055 - RESERVED +CVE-2016-10055 (Buffer overflow in the WritePDBImage function in coders/pdb.c in ...) {DSA-3675-1 DLA-731-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #836172) NOTE: https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1 NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3 -CVE-2016-10054 - RESERVED +CVE-2016-10054 (Buffer overflow in the WriteMAPImage function in coders/map.c in ...) {DSA-3675-1 DLA-731-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #836172) NOTE: https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1 NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3 -CVE-2016-10053 [TIFF divide by zero] - RESERVED +CVE-2016-10053 (The WriteTIFFImage function in coders/tiff.c in ImageMagick before ...) {DSA-3675-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #836171) [wheezy] - imagemagick <not-affected> (Vulnerability likely introduced in a version after 6.7.7.10) @@ -27172,8 +27168,7 @@ {DSA-3652-1 DLA-731-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #834504) NOTE: https://github.com/ImageMagick/ImageMagick/commit/4cc6ec8a4197d4c008577127736bf7985d632323 -CVE-2016-10052 [Out-of-bound in exif (jpeg) reader] - RESERVED +CVE-2016-10052 (Buffer overflow in the WriteProfile function in coders/jpeg.c in ...) {DSA-3652-1 DLA-731-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #834501) NOTE: https://github.com/ImageMagick/ImageMagick/commit/9e187b73a8a1290bb0e1a1c878f8be1917aa8742 @@ -27437,8 +27432,7 @@ [jessie] - linux 3.16.7-ckt17-1 [wheezy] - linux <not-affected> (Vulnerable code not present; arm64 introduced in 3.7) NOTE: Fixed by: https://git.kernel.org/linus/6829e274a623187c24f7cfc0e3d35f25d087fcc5 (4.1-rc2) -CVE-2016-10051 [Double free] - RESERVED +CVE-2016-10051 (Use-after-free vulnerability in the ReadPWPImage function in ...) {DSA-3652-1 DLA-731-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #834183) NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30245 @@ -27590,35 +27584,30 @@ NOT-FOR-US: Pivotal CVE-2016-1000038 RESERVED -CVE-2016-10050 [RLE check for pixel offset less than 0] - RESERVED +CVE-2016-10050 (Heap-based buffer overflow in the ReadRLEImage function in ...) {DSA-3652-1 DLA-731-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #833744) NOTE: https://github.com/ImageMagick/ImageMagick/commit/73fb0aac5b958521e1511e179ecc0ad49f70ebaf NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3 -CVE-2016-10049 [Segfault in ReadRLEImage] - RESERVED +CVE-2016-10049 (Buffer overflow in the ReadRLEImage function in coders/rle.c in ...) {DSA-3652-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #833743) [wheezy] - imagemagick <not-affected> (Vulnerability likely introduced in a version after 6.7.7.10) NOTE: https://github.com/ImageMagick/ImageMagick/commit/3e9165285eda6e1bb71172031d3048b51bb443a4 NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=29710 NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3 -CVE-2016-10048 [Coder path transversal] - RESERVED +CVE-2016-10048 (Directory traversal vulnerability in magick/module.c in ImageMagick ...) {DSA-3652-1 DLA-731-1} - imagemagick 8:6.9.5.7+dfsg-1 (bug #833735) NOTE: https://github.com/ImageMagick/ImageMagick/commit/fc6080f1321fd21e86ef916195cc110b05d9effb NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3 -CVE-2016-10047 [memory leak] - RESERVED +CVE-2016-10047 (Memory leak in the NewXMLTree function in magick/xml-tree.c in ...) {DSA-3652-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #833732) [wheezy] - imagemagick <not-affected> (Vulnerable code not present in version 6.7.7.10) NOTE: https://github.com/ImageMagick/ImageMagick/commit/fc6080f1321fd21e86ef916195cc110b05d9effb NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3 -CVE-2016-10046 [Buffer overflow in draw.c] - RESERVED +CVE-2016-10046 (Heap-based buffer overflow in the DrawImage function in magick/draw.c ...) {DSA-3652-1 DLA-731-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #833730) NOTE: https://github.com/ImageMagick/ImageMagick/commit/989f9f88ea6db09b99d25586e912c921c0da8d3f @@ -29388,8 +29377,7 @@ RESERVED CVE-2016-6226 RESERVED -CVE-2016-6225 [Encryption IV not being set properly] - RESERVED +CVE-2016-6225 (xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does ...) - percona-xtrabackup <unfixed> (bug #851244) NOTE: https://www.percona.com/blog/2017/01/12/cve-2016-6225-percona-xtrabackup-encryption-iv-not-set-properly NOTE: https://github.com/percona/percona-xtrabackup/pull/266 @@ -46547,8 +46535,8 @@ - gajim 0.16.5-0.1 (bug #809900) NOTE: http://gultsch.de/gajim_roster_push_and_message_interception.html NOTE: https://trac.gajim.org/changeset/af78b7c068904d78c5dfb802826aae99f26a8947/ -CVE-2015-8687 - RESERVED +CVE-2015-8687 (Multiple cross-site scripting (XSS) vulnerabilities in the Management ...) + TODO: check CVE-2015-8686 RESERVED CVE-2015-8685 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ...) @@ -47134,42 +47122,35 @@ NOTE: https://nghttp2.org/blog/2015/12/23/nghttp2-v1-6-0/ NOTE: Fixed by: https://github.com/tatsuhiro-t/nghttp2/commit/f8c30d022982d089fb90543c0cd5628b161d065d NOTE: Introduced at least after: https://github.com/tatsuhiro-t/nghttp2/commit/b2fb888363c08e98aae0638db62cdf7d164ea1d1 -CVE-2015-8628 - RESERVED +CVE-2015-8628 (The (1) Special:MyPage, (2) Special:MyTalk, (3) ...) - mediawiki 1:1.25.5-1 (low) [wheezy] - mediawiki <no-dsa> (Minor issue) [squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS) NOTE: https://phabricator.wikimedia.org/T109724 -CVE-2015-8627 - RESERVED +CVE-2015-8627 (MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, ...) - mediawiki 1:1.25.5-1 (low) [wheezy] - mediawiki <no-dsa> (Minor issue) [squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS) NOTE: https://phabricator.wikimedia.org/T97897 -CVE-2015-8626 - RESERVED +CVE-2015-8626 (The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x ...) - mediawiki 1:1.25.5-1 (low) [wheezy] - mediawiki <no-dsa> (Minor issue) [squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS) NOTE: https://phabricator.wikimedia.org/T115522 -CVE-2015-8625 - RESERVED +CVE-2015-8625 (MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, ...) - mediawiki <not-affected> (Vulnerable code not present) NOTE: https://phabricator.wikimedia.org/T118032 -CVE-2015-8624 - RESERVED +CVE-2015-8624 (The User::matchEditToken function in includes/User.php in MediaWiki ...) - mediawiki 1:1.25.5-1 (low) [wheezy] - mediawiki <no-dsa> (Minor issue) [squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS) NOTE: https://phabricator.wikimedia.org/T119309 -CVE-2015-8623 - RESERVED +CVE-2015-8623 (The User::matchEditToken function in includes/User.php in MediaWiki ...) - mediawiki 1:1.25.5-1 (low) [wheezy] - mediawiki <no-dsa> (Minor issue) [squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS) NOTE: https://gerrit.wikimedia.org/r/#/c/156336/5/includes/User.php -CVE-2015-8622 [XSS from wikitext] - RESERVED +CVE-2015-8622 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, ...) - mediawiki 1:1.25.5-1 (low) [wheezy] - mediawiki <no-dsa> (Minor issue) [squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS) @@ -57598,8 +57579,8 @@ NOT-FOR-US: Fortinet CVE-2015-5735 (The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) ...) NOT-FOR-US: Fortinet -CVE-2015-5729 - RESERVED +CVE-2015-5729 (The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, ...) + TODO: check CVE-2015-5728 RESERVED CVE-2015-5727 (The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before ...) @@ -62299,8 +62280,8 @@ RESERVED CVE-2015-4168 RESERVED -CVE-2015-4166 - RESERVED +CVE-2015-4166 (Cloudera Key Trustee Server before 5.4.3 does not store keys ...) + TODO: check CVE-2015-4165 [unspecified arbitrary files modification vulnerability] RESERVED - elasticsearch 1.6.0+dfsg-1 (bug #788471) @@ -62589,8 +62570,8 @@ NOT-FOR-US: Kankun Smart Socket device and mobile application CVE-2015-4079 RESERVED -CVE-2015-4078 - RESERVED +CVE-2015-4078 (Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include ...) + TODO: check CVE-2015-4077 (The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) ...) NOT-FOR-US: Fortinet CVE-2015-4076 @@ -68262,8 +68243,8 @@ NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49204 CVE-2015-2264 (Multiple untrusted search path vulnerabilities in (1) ...) NOT-FOR-US: Telerik Analytics Monitor Library -CVE-2015-2263 - RESERVED +CVE-2015-2263 (Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x ...) + TODO: check CVE-2015-2262 RESERVED CVE-2015-2261 @@ -73114,8 +73095,7 @@ CVE-2015-0856 (daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the ...) - sddm 0.12.0-5 (bug #803336; low) NOTE: https://github.com/sddm/sddm/commit/4cfed6b0a625593 -CVE-2015-0855 [Insecure use of os.system()] - RESERVED +CVE-2015-0855 (The _mediaLibraryPlayCb function in mainwindow.py in pitivi before ...) - pitivi 0.95-1 [jessie] - pitivi <no-dsa> (Minor issue) [squeeze] - pitivi <not-affected> (Vulnerable code not present (no os.system())) @@ -78138,8 +78118,7 @@ NOTE: Upstream patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee81d47f708e7b0bbf57da10ad42 CVE-2014-8732 (Cross-site scripting (XSS) vulnerability in phpMemcachedAdmin 1.2.2 ...) NOT-FOR-US: phpMemcachedAdmin -CVE-2014-8731 [remote code execution flaw] - RESERVED +CVE-2014-8731 (PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute ...) NOT-FOR-US: phpMemcachedAdmin CVE-2014-8716 [crafted jpeg file could lead to DOS] RESERVED @@ -78511,8 +78490,7 @@ [wheezy] - tnftp <no-dsa> (Minor issue) [squeeze] - tnftp <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2014/10/28/4 -CVE-2014-9915 [Off-by-one count when parsing an 8BIM profile] - RESERVED +CVE-2014-9915 (Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers ...) - imagemagick 8:6.8.9.9-1 (bug #767240) [wheezy] - imagemagick <not-affected> (Vulnerable code not present) [squeeze] - imagemagick <not-affected> (Vulnerable code not present) @@ -81672,8 +81650,8 @@ NOT-FOR-US: Tenda A32 Router CVE-2014-7280 (Cross-site scripting (XSS) vulnerability in the Web UI before 2.3.4 ...) NOT-FOR-US: Nessus Web UI -CVE-2014-7279 - RESERVED +CVE-2014-7279 (The Konke Smart Plug K does not require authentication for TELNET ...) + TODO: check CVE-2014-7284 (The net_get_random_once implementation in net/core/utils.c in the ...) - linux 3.16.2-1 [wheezy] - linux <not-affected> (Vulnerable code introduced in 3.13) @@ -100700,8 +100678,8 @@ NOTE: tomcat6 in jessie only builds the servlet API classes NOTE: https://svn.apache.org/viewvc?view=revision&revision=1603781 (7.x) NOTE: https://svn.apache.org/viewvc?view=revision&revision=1659537 (6.x) -CVE-2014-0229 - RESERVED +CVE-2014-0229 (Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in ...) + TODO: check CVE-2014-0228 (Apache Hive before 0.13.1, when in SQL standards based authorization ...) NOT-FOR-US: Apache Hive CVE-2014-0227 (java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in ...) @@ -102852,8 +102830,8 @@ NOT-FOR-US: JBoss Seam CVE-2013-6447 (Multiple XML External Entity (XXE) vulnerabilities in the (1) ...) NOT-FOR-US: JBoss Seam -CVE-2013-6446 - RESERVED +CVE-2013-6446 (The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before ...) + TODO: check CVE-2013-6445 (Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG ...) NOT-FOR-US: Cumin CVE-2013-6444 (PyWBEM 0.7 and earlier does not verify that the server hostname ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits