Author: sectracker
Date: 2016-11-24 21:10:11 +0000 (Thu, 24 Nov 2016)
New Revision: 46516

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-11-24 20:55:03 UTC (rev 46515)
+++ data/CVE/list       2016-11-24 21:10:11 UTC (rev 46516)
@@ -1,4 +1,5 @@
 CVE-2016-9636
+       {DSA-3724-1 DSA-3723-1}
        - gst-plugins-good1.0 1.10.1-2 (bug #845375)
        - gst-plugins-good0.10 <removed>
        NOTE: 
https://scarybeastsecurity.blogspot.ch/2016/11/0day-exploit-advancing-exploitation.html
@@ -8,6 +9,7 @@
        NOTE: Fixed by (later followed up): 
https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9
        NOTE: Fixed by (later followed up): 
https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
 CVE-2016-9635
+       {DSA-3724-1 DSA-3723-1}
        - gst-plugins-good1.0 1.10.1-2 (bug #845375)
        - gst-plugins-good0.10 <removed>
        NOTE: 
https://scarybeastsecurity.blogspot.ch/2016/11/0day-exploit-advancing-exploitation.html
@@ -17,6 +19,7 @@
        NOTE: Fixed by (later followed up): 
https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9
        NOTE: Fixed by (later followed up): 
https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
 CVE-2016-9634
+       {DSA-3724-1 DSA-3723-1}
        - gst-plugins-good1.0 1.10.1-2 (bug #845375)
        - gst-plugins-good0.10 <removed>
        NOTE: 
https://scarybeastsecurity.blogspot.ch/2016/11/0day-exploit-advancing-exploitation.html
@@ -263,6 +266,7 @@
        RESERVED
 CVE-2016-9386 [x86 null segments not always treated as unusable]
        RESERVED
+       {DLA-720-1}
        - xen <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-191.html
 CVE-2016-9385 [x86 segment base write emulation lacking canonical address 
checks]
@@ -277,23 +281,28 @@
        NOTE: https://xenbits.xen.org/xsa/advisory-194.html
 CVE-2016-9383 [x86 64-bit bit test instruction emulation broken]
        RESERVED
+       {DLA-720-1}
        - xen <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-195.html
 CVE-2016-9382 [x86 task switch to VM86 mode mis-handled]
        RESERVED
+       {DLA-720-1}
        - xen <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-192.html
 CVE-2016-9381 [qemu incautious about shared ring processing]
        RESERVED
+       {DLA-720-1}
        - xen <undetermined>
        NOTE: https://xenbits.xen.org/xsa/advisory-197.html
        TODO: check (as well qemu)
 CVE-2016-9380 [delimiter injection vulnerabilities in pygrub]
        RESERVED
+       {DLA-720-1}
        - xen <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-198.html
 CVE-2016-9379 [delimiter injection vulnerabilities in pygrub]
        RESERVED
+       {DLA-720-1}
        - xen <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-198.html
 CVE-2016-9378 [x86 software interrupt injection mis-handled]
@@ -74814,7 +74823,7 @@
        [wheezy] - xen <not-affected> (Vulnerable code introduced in 0.11.50, 
embedded version is 0.10.2)
        NOTE: Xen switched to qemu-system in 4.4.0-1
        NOTE: Upstream fix 
https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html
-        NOTE: Vulnerable code introduced in 0.11.50: 
http://git.qemu.org/?p=qemu.git;a=commit;h=e8b54394950f975c1b31d2359cf58ca4d9f51b00
+       NOTE: Vulnerable code introduced in 0.11.50: 
http://git.qemu.org/?p=qemu.git;a=commit;h=e8b54394950f975c1b31d2359cf58ca4d9f51b00
 CVE-2014-2855 (The check_secret function in authenticate.c in rsync 3.1.0 and 
earlier ...)
        - rsync 3.1.0-3 (bug #744791)
        [wheezy] - rsync <not-affected> (Introduced in 3.1.0)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to