Author: sectracker Date: 2016-11-24 21:10:11 +0000 (Thu, 24 Nov 2016) New Revision: 46516
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-11-24 20:55:03 UTC (rev 46515) +++ data/CVE/list 2016-11-24 21:10:11 UTC (rev 46516) @@ -1,4 +1,5 @@ CVE-2016-9636 + {DSA-3724-1 DSA-3723-1} - gst-plugins-good1.0 1.10.1-2 (bug #845375) - gst-plugins-good0.10 <removed> NOTE: https://scarybeastsecurity.blogspot.ch/2016/11/0day-exploit-advancing-exploitation.html @@ -8,6 +9,7 @@ NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9 NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff CVE-2016-9635 + {DSA-3724-1 DSA-3723-1} - gst-plugins-good1.0 1.10.1-2 (bug #845375) - gst-plugins-good0.10 <removed> NOTE: https://scarybeastsecurity.blogspot.ch/2016/11/0day-exploit-advancing-exploitation.html @@ -17,6 +19,7 @@ NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9 NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff CVE-2016-9634 + {DSA-3724-1 DSA-3723-1} - gst-plugins-good1.0 1.10.1-2 (bug #845375) - gst-plugins-good0.10 <removed> NOTE: https://scarybeastsecurity.blogspot.ch/2016/11/0day-exploit-advancing-exploitation.html @@ -263,6 +266,7 @@ RESERVED CVE-2016-9386 [x86 null segments not always treated as unusable] RESERVED + {DLA-720-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-191.html CVE-2016-9385 [x86 segment base write emulation lacking canonical address checks] @@ -277,23 +281,28 @@ NOTE: https://xenbits.xen.org/xsa/advisory-194.html CVE-2016-9383 [x86 64-bit bit test instruction emulation broken] RESERVED + {DLA-720-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-195.html CVE-2016-9382 [x86 task switch to VM86 mode mis-handled] RESERVED + {DLA-720-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-192.html CVE-2016-9381 [qemu incautious about shared ring processing] RESERVED + {DLA-720-1} - xen <undetermined> NOTE: https://xenbits.xen.org/xsa/advisory-197.html TODO: check (as well qemu) CVE-2016-9380 [delimiter injection vulnerabilities in pygrub] RESERVED + {DLA-720-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-198.html CVE-2016-9379 [delimiter injection vulnerabilities in pygrub] RESERVED + {DLA-720-1} - xen <unfixed> NOTE: https://xenbits.xen.org/xsa/advisory-198.html CVE-2016-9378 [x86 software interrupt injection mis-handled] @@ -74814,7 +74823,7 @@ [wheezy] - xen <not-affected> (Vulnerable code introduced in 0.11.50, embedded version is 0.10.2) NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: Upstream fix https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html - NOTE: Vulnerable code introduced in 0.11.50: http://git.qemu.org/?p=qemu.git;a=commit;h=e8b54394950f975c1b31d2359cf58ca4d9f51b00 + NOTE: Vulnerable code introduced in 0.11.50: http://git.qemu.org/?p=qemu.git;a=commit;h=e8b54394950f975c1b31d2359cf58ca4d9f51b00 CVE-2014-2855 (The check_secret function in authenticate.c in rsync 3.1.0 and earlier ...) - rsync 3.1.0-3 (bug #744791) [wheezy] - rsync <not-affected> (Introduced in 3.1.0) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits