[Secure-testing-commits] r46942 - data/CVE

security tracker role Fri, 09 Dec 2016 13:18:28 -0800

Author: sectracker
Date: 2016-12-09 21:10:12 +0000 (Fri, 09 Dec 2016)
New Revision: 46942


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-12-09 20:44:12 UTC (rev 46941)
+++ data/CVE/list       2016-12-09 21:10:12 UTC (rev 46942)
@@ -8,11 +8,13 @@
        NOTE: http://downloads.asterisk.org/pub/security/AST-2016-009.html
        NOTE: Only applicable if a proxy is in use.
 CVE-2016-9923 [char: use after free issue in char backend]
+       RESERVED
        - qemu <unfixed>
        - qemu-kvm <removed>
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05597.html
        NOTE: Fixed by: 
http://git.qemu.org/?p=qemu.git;a=commit;h=a4afa548fc6dd9842ed86639b4d37d4d1c4ad480
 (v2.8.0-rc0)
 CVE-2016-9922 [display: cirrus_vga: a divide by zero in cirrus_do_copy]
+       RESERVED
        - qemu <unfixed>
        - qemu-kvm <removed>
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html
@@ -20,13 +22,14 @@
        NOTE: Fixed by: 
http://git.qemu.org/?p=qemu.git;a=commit;h=4299b90e9ba9ce5ca9024572804ba751aa1a7e70
 (v2.8.0-rc3)
        NOTE: CVE for the "blit pitch values" issue.
 CVE-2016-9921 [display: cirrus_vga: a divide by zero in cirrus_do_copy]
+       RESERVED
        - qemu <unfixed>
        - qemu-kvm <removed>
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1334398
        NOTE: Fixed by: 
http://git.qemu.org/?p=qemu.git;a=commit;h=4299b90e9ba9ce5ca9024572804ba751aa1a7e70
 (v2.8.0-rc3)
        NOTE: CVE for the "'cirrus_get_bpp' returns zero(0), which could lead 
to a divide by zero" issue.
-CVE-2016-9918 (In BlueZ 5.42, an out-of-bounds read fwas identified in 
&quot;packet_hexdump&quot; ...)
+CVE-2016-9918 (In BlueZ 5.42, an out-of-bounds read was identified in 
&quot;packet_hexdump&quot; ...)
        - bluez <unfixed>
        NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68898.html
 CVE-2016-9917 (In BlueZ 5.42, a buffer overflow was observed in 
&quot;read_n&quot; function in ...)
@@ -1113,7 +1116,7 @@
        RESERVED
 CVE-2016-9867
        RESERVED
-CVE-2016-9919 [panic on fragemented IPv6 traffic (icmp6_send)]
+CVE-2016-9919 (The icmp6_send function in net/ipv6/icmp.c in the Linux kernel 
through ...)
        - linux <unfixed>
        NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=189851
        NOTE: Fixed by: 
https://git.kernel.org/linus/79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2 (v4.9-rc8)
@@ -1338,7 +1341,7 @@
        RESERVED
 CVE-2017-3150
        RESERVED
-CVE-2016-9920 [Command Execution via Email]
+CVE-2016-9920 (steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x 
before ...)
        {DLA-737-1}
        - roundcube <unfixed> (bug #847287)
        NOTE: 
https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
@@ -1827,8 +1830,8 @@
        RESERVED
 CVE-2016-9833
        RESERVED
-CVE-2016-9832
-       RESERVED
+CVE-2016-9832 (PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security 
allows ...)
+       TODO: check
 CVE-2016-9805
        RESERVED
 CVE-2016-9796 (Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different 
ORBs ...)
@@ -9516,8 +9519,8 @@
        NOTE: 
https://www.otrs.com/security-advisory-2016-02-security-update-otrs/
        NOTE: http://www.openwall.com/lists/oss-security/2016/11/01/5
        NOTE: upstream fix likely 
https://github.com/OTRS/otrs/commit/6578a8bcf82529461302291ab3fcb500363b005a
-CVE-2016-9120
-       RESERVED
+CVE-2016-9120 (Race condition in the ion_ioctl function in ...)
+       TODO: check
 CVE-2016-9119 [XSS in GUI editor's link dialogue]
        RESERVED
        {DSA-3715-1 DLA-717-1}
@@ -9572,10 +9575,10 @@
        RESERVED
 CVE-2016-9089
        RESERVED
-CVE-2015-8967
-       RESERVED
-CVE-2015-8966
-       RESERVED
+CVE-2015-8967 (arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows 
local ...)
+       TODO: check
+CVE-2015-8966 (arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 
4.4 ...)
+       TODO: check
 CVE-2016-9109
        RESERVED
        NOT-FOR-US: MuJS
@@ -10636,8 +10639,7 @@
        NOTE: http://www.openwall.com/lists/oss-security/2016/10/19/1
        NOTE: other issues may still be present in tre after this: 
https://github.com/laurikari/tre/issues/37
        NOTE: musl patch: 
http://git.musl-libc.org/cgit/musl/commit/?id=c3edc06d1e1360f3570db9155d6b318ae0d0f0f7,
 not released yet
-CVE-2016-8858 [Memory exhaustion due to unregistered KEXINIT handler after 
receiving message]
-       RESERVED
+CVE-2016-8858 (** DISPUTED ** The kex_input_kexinit function in kex.c in 
OpenSSH 6.x ...)
        - openssh 1:7.3p1-2 (bug #841884)
        [jessie] - openssh <no-dsa> (Minor issue)
        [wheezy] - openssh <no-dsa> (Minor issue)
@@ -13112,12 +13114,12 @@
        RESERVED
 CVE-2016-8105
        RESERVED
-CVE-2016-8104
-       RESERVED
-CVE-2016-8103
-       RESERVED
-CVE-2016-8102
-       RESERVED
+CVE-2016-8104 (Buffer overflow in Intel PROSet/Wireless Software and Drivers 
in ...)
+       TODO: check
+CVE-2016-8103 (SMM call out in all Intel Branded NUC Kits allows a local 
privileged ...)
+       TODO: check
+CVE-2016-8102 (Unquoted service path vulnerability in Intel Wireless Bluetooth 
...)
+       TODO: check
 CVE-2016-8101 (The updater subsystem in Intel SSD Toolbox before 3.3.7 allows 
local ...)
        NOT-FOR-US: Intel SSD Toolbox
 CVE-2016-8100 (Intel Integrated Performance Primitives (aka IPP) Cryptography 
before ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46942 - data/CVE

Reply via email to