Author: sectracker
Date: 2016-12-05 21:10:13 +0000 (Mon, 05 Dec 2016)
New Revision: 46801
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-05 20:57:41 UTC (rev 46800)
+++ data/CVE/list 2016-12-05 21:10:13 UTC (rev 46801)
@@ -1,3 +1,533 @@
+CVE-2017-3149
+ RESERVED
+CVE-2017-3148
+ RESERVED
+CVE-2017-3147
+ RESERVED
+CVE-2017-3146
+ RESERVED
+CVE-2017-3145
+ RESERVED
+CVE-2017-3144
+ RESERVED
+CVE-2017-3143
+ RESERVED
+CVE-2017-3142
+ RESERVED
+CVE-2017-3141
+ RESERVED
+CVE-2017-3140
+ RESERVED
+CVE-2017-3139
+ RESERVED
+CVE-2017-3138
+ RESERVED
+CVE-2017-3137
+ RESERVED
+CVE-2017-3136
+ RESERVED
+CVE-2017-3135
+ RESERVED
+CVE-2017-3134
+ RESERVED
+CVE-2017-3133
+ RESERVED
+CVE-2017-3132
+ RESERVED
+CVE-2017-3131
+ RESERVED
+CVE-2017-3130
+ RESERVED
+CVE-2017-3129
+ RESERVED
+CVE-2017-3128
+ RESERVED
+CVE-2017-3127
+ RESERVED
+CVE-2017-3126
+ RESERVED
+CVE-2017-3125
+ RESERVED
+CVE-2017-3124
+ RESERVED
+CVE-2017-3123
+ RESERVED
+CVE-2017-3122
+ RESERVED
+CVE-2017-3121
+ RESERVED
+CVE-2017-3120
+ RESERVED
+CVE-2017-3119
+ RESERVED
+CVE-2017-3118
+ RESERVED
+CVE-2017-3117
+ RESERVED
+CVE-2017-3116
+ RESERVED
+CVE-2017-3115
+ RESERVED
+CVE-2017-3114
+ RESERVED
+CVE-2017-3113
+ RESERVED
+CVE-2017-3112
+ RESERVED
+CVE-2017-3111
+ RESERVED
+CVE-2017-3110
+ RESERVED
+CVE-2017-3109
+ RESERVED
+CVE-2017-3108
+ RESERVED
+CVE-2017-3107
+ RESERVED
+CVE-2017-3106
+ RESERVED
+CVE-2017-3105
+ RESERVED
+CVE-2017-3104
+ RESERVED
+CVE-2017-3103
+ RESERVED
+CVE-2017-3102
+ RESERVED
+CVE-2017-3101
+ RESERVED
+CVE-2017-3100
+ RESERVED
+CVE-2017-3099
+ RESERVED
+CVE-2017-3098
+ RESERVED
+CVE-2017-3097
+ RESERVED
+CVE-2017-3096
+ RESERVED
+CVE-2017-3095
+ RESERVED
+CVE-2017-3094
+ RESERVED
+CVE-2017-3093
+ RESERVED
+CVE-2017-3092
+ RESERVED
+CVE-2017-3091
+ RESERVED
+CVE-2017-3090
+ RESERVED
+CVE-2017-3089
+ RESERVED
+CVE-2017-3088
+ RESERVED
+CVE-2017-3087
+ RESERVED
+CVE-2017-3086
+ RESERVED
+CVE-2017-3085
+ RESERVED
+CVE-2017-3084
+ RESERVED
+CVE-2017-3083
+ RESERVED
+CVE-2017-3082
+ RESERVED
+CVE-2017-3081
+ RESERVED
+CVE-2017-3080
+ RESERVED
+CVE-2017-3079
+ RESERVED
+CVE-2017-3078
+ RESERVED
+CVE-2017-3077
+ RESERVED
+CVE-2017-3076
+ RESERVED
+CVE-2017-3075
+ RESERVED
+CVE-2017-3074
+ RESERVED
+CVE-2017-3073
+ RESERVED
+CVE-2017-3072
+ RESERVED
+CVE-2017-3071
+ RESERVED
+CVE-2017-3070
+ RESERVED
+CVE-2017-3069
+ RESERVED
+CVE-2017-3068
+ RESERVED
+CVE-2017-3067
+ RESERVED
+CVE-2017-3066
+ RESERVED
+CVE-2017-3065
+ RESERVED
+CVE-2017-3064
+ RESERVED
+CVE-2017-3063
+ RESERVED
+CVE-2017-3062
+ RESERVED
+CVE-2017-3061
+ RESERVED
+CVE-2017-3060
+ RESERVED
+CVE-2017-3059
+ RESERVED
+CVE-2017-3058
+ RESERVED
+CVE-2017-3057
+ RESERVED
+CVE-2017-3056
+ RESERVED
+CVE-2017-3055
+ RESERVED
+CVE-2017-3054
+ RESERVED
+CVE-2017-3053
+ RESERVED
+CVE-2017-3052
+ RESERVED
+CVE-2017-3051
+ RESERVED
+CVE-2017-3050
+ RESERVED
+CVE-2017-3049
+ RESERVED
+CVE-2017-3048
+ RESERVED
+CVE-2017-3047
+ RESERVED
+CVE-2017-3046
+ RESERVED
+CVE-2017-3045
+ RESERVED
+CVE-2017-3044
+ RESERVED
+CVE-2017-3043
+ RESERVED
+CVE-2017-3042
+ RESERVED
+CVE-2017-3041
+ RESERVED
+CVE-2017-3040
+ RESERVED
+CVE-2017-3039
+ RESERVED
+CVE-2017-3038
+ RESERVED
+CVE-2017-3037
+ RESERVED
+CVE-2017-3036
+ RESERVED
+CVE-2017-3035
+ RESERVED
+CVE-2017-3034
+ RESERVED
+CVE-2017-3033
+ RESERVED
+CVE-2017-3032
+ RESERVED
+CVE-2017-3031
+ RESERVED
+CVE-2017-3030
+ RESERVED
+CVE-2017-3029
+ RESERVED
+CVE-2017-3028
+ RESERVED
+CVE-2017-3027
+ RESERVED
+CVE-2017-3026
+ RESERVED
+CVE-2017-3025
+ RESERVED
+CVE-2017-3024
+ RESERVED
+CVE-2017-3023
+ RESERVED
+CVE-2017-3022
+ RESERVED
+CVE-2017-3021
+ RESERVED
+CVE-2017-3020
+ RESERVED
+CVE-2017-3019
+ RESERVED
+CVE-2017-3018
+ RESERVED
+CVE-2017-3017
+ RESERVED
+CVE-2017-3016
+ RESERVED
+CVE-2017-3015
+ RESERVED
+CVE-2017-3014
+ RESERVED
+CVE-2017-3013
+ RESERVED
+CVE-2017-3012
+ RESERVED
+CVE-2017-3011
+ RESERVED
+CVE-2017-3010
+ RESERVED
+CVE-2017-3009
+ RESERVED
+CVE-2017-3008
+ RESERVED
+CVE-2017-3007
+ RESERVED
+CVE-2017-3006
+ RESERVED
+CVE-2017-3005
+ RESERVED
+CVE-2017-3004
+ RESERVED
+CVE-2017-3003
+ RESERVED
+CVE-2017-3002
+ RESERVED
+CVE-2017-3001
+ RESERVED
+CVE-2017-3000
+ RESERVED
+CVE-2017-2999
+ RESERVED
+CVE-2017-2998
+ RESERVED
+CVE-2017-2997
+ RESERVED
+CVE-2017-2996
+ RESERVED
+CVE-2017-2995
+ RESERVED
+CVE-2017-2994
+ RESERVED
+CVE-2017-2993
+ RESERVED
+CVE-2017-2992
+ RESERVED
+CVE-2017-2991
+ RESERVED
+CVE-2017-2990
+ RESERVED
+CVE-2017-2989
+ RESERVED
+CVE-2017-2988
+ RESERVED
+CVE-2017-2987
+ RESERVED
+CVE-2017-2986
+ RESERVED
+CVE-2017-2985
+ RESERVED
+CVE-2017-2984
+ RESERVED
+CVE-2017-2983
+ RESERVED
+CVE-2017-2982
+ RESERVED
+CVE-2017-2981
+ RESERVED
+CVE-2017-2980
+ RESERVED
+CVE-2017-2979
+ RESERVED
+CVE-2017-2978
+ RESERVED
+CVE-2017-2977
+ RESERVED
+CVE-2017-2976
+ RESERVED
+CVE-2017-2975
+ RESERVED
+CVE-2017-2974
+ RESERVED
+CVE-2017-2973
+ RESERVED
+CVE-2017-2972
+ RESERVED
+CVE-2017-2971
+ RESERVED
+CVE-2017-2970
+ RESERVED
+CVE-2017-2969
+ RESERVED
+CVE-2017-2968
+ RESERVED
+CVE-2017-2967
+ RESERVED
+CVE-2017-2966
+ RESERVED
+CVE-2017-2965
+ RESERVED
+CVE-2017-2964
+ RESERVED
+CVE-2017-2963
+ RESERVED
+CVE-2017-2962
+ RESERVED
+CVE-2017-2961
+ RESERVED
+CVE-2017-2960
+ RESERVED
+CVE-2017-2959
+ RESERVED
+CVE-2017-2958
+ RESERVED
+CVE-2017-2957
+ RESERVED
+CVE-2017-2956
+ RESERVED
+CVE-2017-2955
+ RESERVED
+CVE-2017-2954
+ RESERVED
+CVE-2017-2953
+ RESERVED
+CVE-2017-2952
+ RESERVED
+CVE-2017-2951
+ RESERVED
+CVE-2017-2950
+ RESERVED
+CVE-2017-2949
+ RESERVED
+CVE-2017-2948
+ RESERVED
+CVE-2017-2947
+ RESERVED
+CVE-2017-2946
+ RESERVED
+CVE-2017-2945
+ RESERVED
+CVE-2017-2944
+ RESERVED
+CVE-2017-2943
+ RESERVED
+CVE-2017-2942
+ RESERVED
+CVE-2017-2941
+ RESERVED
+CVE-2017-2940
+ RESERVED
+CVE-2017-2939
+ RESERVED
+CVE-2017-2938
+ RESERVED
+CVE-2017-2937
+ RESERVED
+CVE-2017-2936
+ RESERVED
+CVE-2017-2935
+ RESERVED
+CVE-2017-2934
+ RESERVED
+CVE-2017-2933
+ RESERVED
+CVE-2017-2932
+ RESERVED
+CVE-2017-2931
+ RESERVED
+CVE-2017-2930
+ RESERVED
+CVE-2017-2929
+ RESERVED
+CVE-2017-2928
+ RESERVED
+CVE-2017-2927
+ RESERVED
+CVE-2017-2926
+ RESERVED
+CVE-2017-2925
+ RESERVED
+CVE-2016-9838
+ RESERVED
+CVE-2016-9837
+ RESERVED
+CVE-2016-9836
+ RESERVED
+CVE-2016-9835 (Directory traversal vulnerability in file "jcss.php"
in Zikula 1.3.x ...)
+ TODO: check
+CVE-2016-9834
+ RESERVED
+CVE-2016-9833
+ RESERVED
+CVE-2016-9832
+ RESERVED
+CVE-2016-9805
+ RESERVED
+CVE-2016-9796 (Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different
ORBs ...)
+ TODO: check
+CVE-2016-9795
+ RESERVED
+CVE-2016-9792
+ RESERVED
+CVE-2016-9791
+ RESERVED
+CVE-2016-9790
+ RESERVED
+CVE-2016-9789
+ RESERVED
+CVE-2016-9788
+ RESERVED
+CVE-2016-9787
+ RESERVED
+CVE-2016-9786
+ RESERVED
+CVE-2016-9785
+ RESERVED
+CVE-2016-9784
+ RESERVED
+CVE-2016-9783
+ RESERVED
+CVE-2016-9782
+ RESERVED
+CVE-2016-9781
+ RESERVED
+CVE-2016-9780
+ RESERVED
+CVE-2016-9779
+ RESERVED
+CVE-2016-9778
+ RESERVED
+CVE-2016-9771
+ RESERVED
+CVE-2016-9770
+ RESERVED
+CVE-2016-9769
+ RESERVED
+CVE-2016-9768
+ RESERVED
+CVE-2016-9767
+ RESERVED
+CVE-2016-9766
+ RESERVED
+CVE-2016-9765
+ RESERVED
+CVE-2016-9764
+ RESERVED
+CVE-2016-9763
+ RESERVED
+CVE-2016-9762
+ RESERVED
+CVE-2016-9761
+ RESERVED
+CVE-2016-9760
+ RESERVED
+CVE-2016-9759
+ RESERVED
+CVE-2016-9758
+ RESERVED
+CVE-2016-9757
+ RESERVED
CVE-2016-XXXX [zipinfo buffer overflow]
- unzip <unfixed>
NOTE: https://launchpad.net/bugs/1643750
@@ -10,74 +540,92 @@
[jessie] - tiff <no-dsa> (Minor issue)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2619
CVE-2016-9831 [listswf: heap-based buffer overflow in parseSWF_RGBA (parser.c)]
+ RESERVED
- ming <unfixed>
NOTE:
https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_rgba-parser-c
CVE-2016-9830 [memory allocation failure in MagickRealloc]
+ RESERVED
- graphicsmagick <unfixed> (bug #847055)
NOTE:
https://blogs.gentoo.org/ago/2016/12/01/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c
CVE-2016-9829 [listswf: heap-based buffer overflow in parseSWF_DEFINEFONT
(parser.c)]
+ RESERVED
- ming <unfixed>
NOTE:
https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_definefont-parser-c
CVE-2016-9828 [listswf: NULL pointer dereference in dumpBuffer (read.c)]
+ RESERVED
- ming <unfixed>
NOTE:
https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-null-pointer-dereference-in-dumpbuffer-read-c
CVE-2016-9827 [listswf: heap-based buffer overflow in _iprintf (outputtxt.c)]
+ RESERVED
- ming <unfixed>
NOTE:
https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-_iprintf-outputtxt-c
CVE-2016-9826
+ RESERVED
- libav <removed>
NOTE:
https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
NOTE:
https://github.com/asarubbo/poc/blob/master/00041-libav-leftshift-ituh263dec_c
CVE-2016-9825
+ RESERVED
- libav <removed>
NOTE:
https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
NOTE:
https://github.com/asarubbo/poc/blob/master/00040-libav-leftshift-utils_c
CVE-2016-9824
+ RESERVED
- libav <removed>
NOTE:
https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
NOTE:
https://github.com/asarubbo/poc/blob/master/00039-libav-signedintoverflow-swscale_c
CVE-2016-9823
+ RESERVED
- libav <removed>
NOTE:
https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
NOTE:
https://github.com/asarubbo/poc/blob/master/00038-libav-uint8_t64-outofbounds-mpegvideo
CVE-2016-9822
+ RESERVED
- libav <removed>
NOTE:
https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
NOTE:
https://github.com/asarubbo/poc/blob/master/00037-libav-signedintoverflow-mpegvideo_parser
CVE-2016-9821
+ RESERVED
- libav <removed>
NOTE:
https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
NOTE:
https://github.com/asarubbo/poc/blob/master/00037-libav-signedintoverflow-mpegvideo_parser
CVE-2016-9820
+ RESERVED
- libav <removed>
NOTE:
https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
NOTE:
https://github.com/asarubbo/poc/blob/master/00036-libav-leftshift-mpegvideo
CVE-2016-9819
+ RESERVED
- libav <removed>
NOTE:
https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
NOTE:
https://github.com/asarubbo/poc/blob/master/00036-libav-leftshift-mpegvideo
CVE-2016-9818
+ RESERVED
- xen <unfixed>
[wheezy] - xen <not-affected> (ARM support introduced in 4.4)
NOTE: https://xenbits.xen.org/xsa/advisory-201.html
NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-4.patch
CVE-2016-9817
+ RESERVED
- xen <unfixed>
[wheezy] - xen <not-affected> (ARM support introduced in 4.4)
NOTE: https://xenbits.xen.org/xsa/advisory-201.html
NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-3.patch
NOTE: or https://xenbits.xen.org/xsa/xsa201-3-4.7.patch
CVE-2016-9816
+ RESERVED
- xen <unfixed>
[wheezy] - xen <not-affected> (ARM support introduced in 4.4)
NOTE: https://xenbits.xen.org/xsa/advisory-201.html
NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-2.patch
CVE-2016-9815
+ RESERVED
- xen <unfixed>
[wheezy] - xen <not-affected> (ARM support introduced in 4.4)
NOTE: https://xenbits.xen.org/xsa/advisory-201.html
NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-1.patch
CVE-2016-9814 [simplesamlphp signature validation SSPSA 201612-01]
+ RESERVED
- simplesamlphp 1.14.10-1 (low)
[jessie] - simplesamlphp <no-dsa> (Minor issue)
[wheezy] - simplesamlphp <no-dsa> (Minor issue)
@@ -5314,39 +5862,42 @@
RESERVED
CVE-2017-0381
RESERVED
-CVE-2016-9804 [buffer overflow in commands_dump()]
+CVE-2016-9804 (In BlueZ 5.42, a buffer overflow was observed in
"commands_dump" ...)
- bluez <unfixed>
NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
-CVE-2016-9803 [out-of-bounds read in le_meta_ev_dump()]
+CVE-2016-9803 (In BlueZ 5.42, an out-of-bounds read was observed in
"le_meta_ev_dump" ...)
- bluez <unfixed>
NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
-CVE-2016-9802 [buffer over-read in l2cap_packet()]
+CVE-2016-9802 (In BlueZ 5.42, a buffer over-read was identified in
"l2cap_packet" ...)
- bluez <unfixed>
NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68898.html
-CVE-2016-9801 [buffer overflow in set_ext_ctrl()]
+CVE-2016-9801 (In BlueZ 5.42, a buffer overflow was observed in
"set_ext_ctrl" ...)
- bluez <unfixed>
NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
-CVE-2016-9800 [buffer overflow in pin_code_reply_dump()]
+CVE-2016-9800 (In BlueZ 5.42, a buffer overflow was observed in
"pin_code_reply_dump" ...)
- bluez <unfixed>
NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
-CVE-2016-9799 [buffer overflow in pklg_read_hci()]
+CVE-2016-9799 (In BlueZ 5.42, a buffer overflow was observed in
"pklg_read_hci" ...)
- bluez <unfixed>
NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68898.html
-CVE-2016-9798 [use-after-free in conf_opt()]
+CVE-2016-9798 (In BlueZ 5.42, a use-after-free was identified in
"conf_opt" function ...)
- bluez <unfixed>
NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
-CVE-2016-9797 [bluez: buffer over-read in l2cap_dump()]
+CVE-2016-9797 (In BlueZ 5.42, a buffer over-read was observed in
"l2cap_dump" function ...)
- bluez <unfixed>
NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
CVE-2016-9794 [Linux kernel: ALSA: use-after-free in,kill_fasync]
+ RESERVED
- linux 4.7.2-1
NOTE: https://patchwork.kernel.org/patch/8752621/
NOTE: Fixed by:
https://git.kernel.org/linus/3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4 (v4.7-rc1)
NOTE: http://seclists.org/oss-sec/2016/q4/576
CVE-2016-9793 [Linux: signed overflows for SO_{SND|RCV}BUFFORCE]
+ RESERVED
- linux <unfixed>
NOTE: Fixed by:
https://git.kernel.org/linus/b98b0bc8c431e3ceb4b26b0dfc8db509518fb290
CVE-2016-9775 [tomcat8: privilege escalation during package removal]
+ RESERVED
{DLA-729-1 DLA-728-1}
- tomcat8 8.5.8-2 (bug #845385)
- tomcat7 7.0.72-3
@@ -5355,6 +5906,7 @@
NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in
Jessie
NOTE: http://www.openwall.com/lists/oss-security/2016/12/02/5
CVE-2016-9774 [tomcat8: privilege escalation during package upgrade]
+ RESERVED
- tomcat8 <unfixed> (bug #845393)
- tomcat7 7.0.72-3
NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
@@ -5362,6 +5914,7 @@
NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in
Jessie
NOTE: http://www.openwall.com/lists/oss-security/2016/12/02/5
CVE-2016-9777 [kvm: out of bounds memory access via vcpu_id]
+ RESERVED
- linux <unfixed>
[jessie] - linux <not-affected> (Vulnerable code introduced later)
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
@@ -5370,6 +5923,7 @@
NOTE: Introduced in:
https://git.kernel.org/linus/af1bae5497b98cb99d6b0492e6981f060420a00c (v4.8-rc1)
NOTE: http://www.openwall.com/lists/oss-security/2016/12/02/2
CVE-2016-9776 [net: mcf_fec: infinite loop while receiving data in
mcf_fec_receive]
+ RESERVED
- qemu <unfixed> (bug #846797)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
@@ -5514,6 +6068,7 @@
CVE-2017-0356
RESERVED
CVE-2016-9772 [OPENAFS-SA-2016-003 - directory information leaks]
+ RESERVED
{DLA-733-1}
- openafs 1.6.20-1 (bug #846922)
[jessie] - openafs <no-dsa> (Minor issue; can be fixed in point release)
@@ -5643,8 +6198,8 @@
RESERVED
CVE-2017-0306
RESERVED
-CVE-2016-9638
- RESERVED
+CVE-2016-9638 (In BMC Patrol before 9.13.10.02, the binary
"listguests64" is ...)
+ TODO: check
CVE-2016-9637
RESERVED
CVE-2016-9620
@@ -5975,18 +6530,22 @@
- salt 2016.3.0+ds-1
NOTE: http://www.openwall.com/lists/oss-security/2016/11/25/2
CVE-2016-9813 [null pointer deref (segfault) in mpegts decoder / _parse_pat]
+ RESERVED
- gst-plugins-bad1.0 1.10.2-1
- gst-plugins-bad0.10 <removed>
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775120
CVE-2016-9812 [2 byte heap out of bounds read in gst_mpegts_section_new]
+ RESERVED
- gst-plugins-bad1.0 1.10.2-1
- gst-plugins-bad0.10 <removed>
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775048
CVE-2016-9811 [4 byte heap out of bounds read in windows_icon_typefind]
+ RESERVED
- gst-plugins-base1.0 1.10.2-1
- gst-plugins-base0.10 <removed>
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774902
CVE-2016-9810 [Invalid memory read in glib caused by one invalid unref call in
the flxdec decoder]
+ RESERVED
- gst-plugins-good1.0 1.10.1-2
[jessie] - gst-plugins-good1.0 1.4.4-2+deb8u2
- gst-plugins-good0.10 <removed>
@@ -5994,10 +6553,12 @@
[wheezy] - gst-plugins-good0.10 0.10.31-3+nmu1+deb7u1
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774897
CVE-2016-9809 [h264: one byte heap off by one read in gst_h264_parse_set_caps]
+ RESERVED
- gst-plugins-bad1.0 1.10.2-1
- gst-plugins-bad0.10 <removed>
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774896
CVE-2016-9808
+ RESERVED
- gst-plugins-good1.0 1.10.1-2
[jessie] - gst-plugins-good1.0 1.4.4-2+deb8u2
- gst-plugins-good0.10 <removed>
@@ -6007,6 +6568,7 @@
NOTE:
https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
NOTE:
https://scarybeastsecurity.blogspot.dk/2016/11/0day-poc-incorrect-fix-for-gstreamer.html
CVE-2016-9807
+ RESERVED
- gst-plugins-good1.0 1.10.1-2
[jessie] - gst-plugins-good1.0 1.4.4-2+deb8u2
- gst-plugins-good0.10 <removed>
@@ -6015,6 +6577,7 @@
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774859
NOTE:
https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
CVE-2016-9806 [double free in netlink_dump]
+ RESERVED
- linux 4.6.3-1
NOTE: Fixed by:
https://git.kernel.org/linus/92964c79b357efd980812c4de5c1fd2ec8bb5520 (v4.7-rc1)
CVE-2016-9636
@@ -6158,8 +6721,8 @@
NOTE: The code has substantially changed in libdwarf/dwarf_util.c from
older
NOTE: versions, but there seem to be still back then an unchecked
dereference
NOTE: of val_ptr.
-CVE-2016-9479
- RESERVED
+CVE-2016-9479 (The "lost password" functionality in b2evolution
before 6.7.9 allows ...)
+ TODO: check
CVE-2016-9478
RESERVED
CVE-2016-9477
@@ -6253,6 +6816,7 @@
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/b61d35eaccc0a7ddeff8a1c3abfcd0a43ccf210b
(master)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/298
CVE-2016-9773 [Incomplete fix for CVE-2016-9556]
+ RESERVED
- imagemagick <undetermined>
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/4e8c2ed53fcb54a34b3a6185b2584f26cf6874a3
NOTE:
https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556/
@@ -7317,10 +7881,10 @@
RESERVED
CVE-2016-9158
RESERVED
-CVE-2016-9157
- RESERVED
-CVE-2016-9156
- RESERVED
+CVE-2016-9157 (A vulnerability in Siemens SICAM PAS (all versions including
V8.08) ...)
+ TODO: check
+CVE-2016-9156 (A vulnerability in Siemens SICAM PAS (all versions including
V8.08) ...)
+ TODO: check
CVE-2016-9155 (The following SIEMENS branded IP Camera Models CCMW3025,
CVMW3025-IR, ...)
NOT-FOR-US: Siemens
CVE-2016-9154
@@ -8370,9 +8934,9 @@
CVE-2016-8740
RESERVED
- apache2 <unfixed> (bug #847124)
- [jessie] - apache2 <not-affected> (Vulnerable code not present)
- [wheezy] - apache2 <not-affected> (Vulnerable code not present)
- NOTE: HTTP/2 support introduced in 2.4.17
+ [jessie] - apache2 <not-affected> (Vulnerable code not present)
+ [wheezy] - apache2 <not-affected> (Vulnerable code not present)
+ NOTE: HTTP/2 support introduced in 2.4.17
CVE-2016-8739
RESERVED
CVE-2016-8738
@@ -38046,6 +38610,7 @@
NOTE:
http://sourceforge.net/p/gdcm/gdcm/ci/9cbca25ff7f20c432b61eb9f4cae43a946502b66/
NOTE:
http://sourceforge.net/p/gdcm/gdcm/ci/e0dd1114c82d372dd905c029ddbee4e81ed01a89/
CVE-2012-6704 [Linux: signed overflows for SO_SNDBUF and SO_RCVBUF that
affects "before 3.5" kernels]
+ RESERVED
- linux 3.8.11-1
NOTE: Fixed by:
https://git.kernel.org/linus/82981930125abfd39d7c8378a9cfdf5e1be2002b (v3.5-rc1)
CVE-2012-6703 (Integer overflow in the snd_compr_allocate_buffer function in
...)
@@ -214802,7 +215367,7 @@
NOT-FOR-US: EKINboard
CVE-2006-1129 (SQL injection vulnerability in config.php in EKINboard 1.0.3
allows ...)
NOT-FOR-US: EKINboard
-CVE-2005-4729 (SQL injection vulnerabilitiy in show.php in VBZooM Forum allows
remote ...)
+CVE-2005-4729 (SQL injection vulnerability in show.php in VBZooM Forum allows
remote ...)
NOT-FOR-US: VBZooM
CVE-2006-1166 (Monotone 0.25 and earlier, when a user creates a file in a
directory ...)
- monotone 0.26pre1-0.1 (low)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
