Author: sectracker
Date: 2016-11-07 21:10:12 +0000 (Mon, 07 Nov 2016)
New Revision: 46050
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-07 20:58:13 UTC (rev 46049)
+++ data/CVE/list 2016-11-07 21:10:12 UTC (rev 46050)
@@ -1,15 +1,121 @@
+CVE-2016-9242 (Multiple SQL injection vulnerabilities in the update method in
...)
+ TODO: check
+CVE-2016-9241
+ RESERVED
+CVE-2016-9240
+ RESERVED
+CVE-2016-9239
+ RESERVED
+CVE-2016-9238
+ RESERVED
+CVE-2016-9237
+ RESERVED
+CVE-2016-9236
+ RESERVED
+CVE-2016-9235
+ RESERVED
+CVE-2016-9234
+ RESERVED
+CVE-2016-9233
+ RESERVED
+CVE-2016-9232
+ RESERVED
+CVE-2016-9231
+ RESERVED
+CVE-2016-9230
+ RESERVED
+CVE-2016-9229
+ RESERVED
+CVE-2016-9228
+ RESERVED
+CVE-2016-9227
+ RESERVED
+CVE-2016-9226
+ RESERVED
+CVE-2016-9225
+ RESERVED
+CVE-2016-9224
+ RESERVED
+CVE-2016-9223
+ RESERVED
+CVE-2016-9222
+ RESERVED
+CVE-2016-9221
+ RESERVED
+CVE-2016-9220
+ RESERVED
+CVE-2016-9219
+ RESERVED
+CVE-2016-9218
+ RESERVED
+CVE-2016-9217
+ RESERVED
+CVE-2016-9216
+ RESERVED
+CVE-2016-9215
+ RESERVED
+CVE-2016-9214
+ RESERVED
+CVE-2016-9213
+ RESERVED
+CVE-2016-9212
+ RESERVED
+CVE-2016-9211
+ RESERVED
+CVE-2016-9210
+ RESERVED
+CVE-2016-9209
+ RESERVED
+CVE-2016-9208
+ RESERVED
+CVE-2016-9207
+ RESERVED
+CVE-2016-9206
+ RESERVED
+CVE-2016-9205
+ RESERVED
+CVE-2016-9204
+ RESERVED
+CVE-2016-9203
+ RESERVED
+CVE-2016-9202
+ RESERVED
+CVE-2016-9201
+ RESERVED
+CVE-2016-9200
+ RESERVED
+CVE-2016-9199
+ RESERVED
+CVE-2016-9198
+ RESERVED
+CVE-2016-9197
+ RESERVED
+CVE-2016-9196
+ RESERVED
+CVE-2016-9195
+ RESERVED
+CVE-2016-9194
+ RESERVED
+CVE-2016-9193
+ RESERVED
+CVE-2016-9192
+ RESERVED
CVE-2015-8971 [Escape Sequence Command Execution vulnerability]
+ RESERVED
- terminology <unfixed> (bug #843434)
NOTE:
https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5
NOTE: http://www.openwall.com/lists/oss-security/2016/11/04/12
CVE-2016-9191 [local DoS with cgroup offline code]
+ RESERVED
- linux <unfixed>
CVE-2016-9190 (Pillow before 3.3.2 allows context-dependent attackers to
execute ...)
+ {DLA-705-1}
- pillow 3.4.2-1
- python-imaging <removed>
NOTE: https://github.com/python-pillow/Pillow/issues/2105
NOTE:
https://github.com/python-pillow/Pillow/pull/2146/commits/5d8a0be45aad78c5a22c8d099118ee26ef8144af
CVE-2016-9189 (Pillow before 3.3.2 allows context-dependent attackers to
obtain ...)
+ {DLA-705-1}
- pillow 3.4.2-1
- python-imaging <removed>
NOTE: https://github.com/python-pillow/Pillow/issues/2105
@@ -219,8 +325,8 @@
CVE-2016-9112 (Floating Point Exception (aka FPE or divide by zero) in ...)
- openjpeg2 <unfixed>
NOTE: https://github.com/uclouvain/openjpeg/issues/855
-CVE-2016-9111
- RESERVED
+CVE-2016-9111 (Incorrect access control mechanisms in Citrix Receiver Desktop
Lock 4.5 ...)
+ TODO: check
CVE-2016-9110
RESERVED
CVE-2016-9100
@@ -787,10 +893,10 @@
RESERVED
CVE-2016-8871 (In Botan 1.11.29 through 1.11.32, RSA decryption with certain
padding ...)
TODO: check
-CVE-2016-8870
- RESERVED
-CVE-2016-8869
- RESERVED
+CVE-2016-8870 (The register method in the UsersModelRegistration class in ...)
+ TODO: check
+CVE-2016-8869 (The register method in the UsersModelRegistration class in ...)
+ TODO: check
CVE-2016-8868
RESERVED
CVE-2016-8867 (Docker Engine 1.12.2 enabled ambient capabilities with
misconfigured ...)
@@ -1142,8 +1248,7 @@
RESERVED
CVE-2016-1000032 (TGCaptcha2 version 0.3.0 is vulnerable to a replay attack
due to a ...)
TODO: check
-CVE-2016-8910 [net: rtl8139: infinite loop while transmit in C+ mode]
- RESERVED
+CVE-2016-8910 (The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU
(aka ...)
{DLA-698-1 DLA-689-1}
- qemu <unfixed> (bug #841955)
- qemu-kvm <removed>
@@ -1151,8 +1256,7 @@
NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05495.html
NOTE: http://www.openwall.com/lists/oss-security/2016/10/24/2
-CVE-2016-8909 [audio: intel-hda: infinite loop in processing dma buffer
stream]
- RESERVED
+CVE-2016-8909 (The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU
(aka Quick ...)
{DLA-698-1 DLA-689-1}
- qemu <unfixed> (bug #841950)
- qemu-kvm <removed>
@@ -1433,8 +1537,7 @@
RESERVED
- matrixssl <not-affected> (Incomplete fix for CVE-2016-6887 not
applied)
NOTE:
https://blog.fuzzing-project.org/54-Update-on-MatrixSSL-miscalculation-incomplete-fix-for-CVE-2016-6887.html
-CVE-2016-8669 [char: divide by zero error in serial_update_parameters]
- RESERVED
+CVE-2016-8669 (The serial_update_parameters function in hw/char/serial.c in
QEMU (aka ...)
{DLA-679-1 DLA-678-1}
- qemu <unfixed> (bug #840945)
- qemu-kvm <removed>
@@ -1443,8 +1546,7 @@
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02461.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1384909
NOTE:
http://git.qemu.org/?p=qemu.git;a=commit;h=3592fe0c919cf27a81d8e9f9b4f269553418bb01
-CVE-2016-8668 [net: OOB buffer access in rocker switch emulation]
- RESERVED
+CVE-2016-8668 (The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU
(aka ...)
- qemu <unfixed> (bug #840948)
[jessie] - qemu <not-affected> (Vulnerable code introduced after
v2.4.0-rc0)
[wheezy] - qemu <not-affected> (Vulnerable code introduced after
v2.4.0-rc0)
@@ -1454,8 +1556,7 @@
NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02501.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1384896
-CVE-2016-8667 [dma: rc4030 divide by zero error in set_next_tick]
- RESERVED
+CVE-2016-8667 (The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick
...)
- qemu <unfixed> (bug #840950)
[wheezy] - qemu <no-dsa> (minor issue)
- qemu-kvm <removed>
@@ -1999,8 +2100,7 @@
RESERVED
- linux <not-affected> (Vulnerable code introduced later in 4.8
development)
NOTE:
https://gist.github.com/marcograss/40850adb3c599ac38e0beac31617d56b
-CVE-2016-8578 [9pfs: potential NULL dereferencein 9pfs routines]
- RESERVED
+CVE-2016-8578 (The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in
QEMU ...)
{DLA-679-1 DLA-678-1}
- qemu <unfixed> (bug #840340)
- qemu-kvm <removed>
@@ -2009,8 +2109,7 @@
NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07143.html
NOTE:
http://git.qemu.org/?p=qemu.git;a=commit;h=ba42ebb863ab7d40adc79298422ed9596df8f73a
-CVE-2016-8577 [9pfs: host memory leakage in v9fs_read]
- RESERVED
+CVE-2016-8577 (Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU
(aka ...)
{DLA-679-1 DLA-678-1}
- qemu <unfixed> (bug #840341)
- qemu-kvm <removed>
@@ -2019,8 +2118,7 @@
NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07127.html
NOTE:
http://git.qemu.org/?p=qemu.git;a=commit;h=e95c9a493a5a8d6f969e86c9f19f80ffe6587e19
-CVE-2016-8576 [usb: xHCI: infinite loop vulnerability in xhci_ring_fetch]
- RESERVED
+CVE-2016-8576 (The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka
Quick ...)
{DLA-679-1 DLA-678-1}
- qemu <unfixed> (bug #840343)
- qemu-kvm <removed>
@@ -11418,7 +11516,7 @@
NOTE: "administrators should plan on patching for CVE-2016-6304,
CVE-2016-5598 and CVE-2010-5312 as they are remotely exploitable"
NOTE:
https://blog.qualys.com/laws-of-vulnerabilities/2016/10/18/oracle-october-2016-critical-patch-update
CVE-2016-5597 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111,
8u102; and ...)
- {DLA-704-1}
+ {DSA-3707-1 DLA-704-1}
- openjdk-8 8u111-b14-1
[experimental] - openjdk-7 7u111-2.6.7-2
- openjdk-7 <removed>
@@ -11458,7 +11556,7 @@
CVE-2016-5583 (Unspecified vulnerability in the Oracle One-to-One Fulfillment
...)
TODO: check
CVE-2016-5582 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111,
8u102; and ...)
- {DLA-704-1}
+ {DSA-3707-1 DLA-704-1}
- openjdk-8 8u111-b14-1
[experimental] - openjdk-7 7u111-2.6.7-2
- openjdk-7 <removed>
@@ -11481,7 +11579,7 @@
CVE-2016-5574 (Unspecified vulnerability in the Oracle Outside In Technology
...)
TODO: check
CVE-2016-5573 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111,
8u102; and ...)
- {DLA-704-1}
+ {DSA-3707-1 DLA-704-1}
- openjdk-8 8u111-b14-1
[experimental] - openjdk-7 7u111-2.6.7-2
- openjdk-7 <removed>
@@ -11528,7 +11626,7 @@
CVE-2016-5555 (Unspecified vulnerability in the OJVM component in Oracle
Database ...)
TODO: check
CVE-2016-5554 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111,
8u102; and ...)
- {DLA-704-1}
+ {DSA-3707-1 DLA-704-1}
- openjdk-8 8u111-b14-1
[experimental] - openjdk-7 7u111-2.6.7-2
- openjdk-7 <removed>
@@ -11557,7 +11655,7 @@
CVE-2016-5543 (Unspecified vulnerability in the Oracle FLEXCUBE Enterprise
Limits and ...)
TODO: check
CVE-2016-5542 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111,
8u102; and ...)
- {DLA-704-1}
+ {DSA-3707-1 DLA-704-1}
- openjdk-8 8u111-b14-1
[experimental] - openjdk-7 7u111-2.6.7-2
- openjdk-7 <removed>
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
