Author: sectracker
Date: 2016-12-13 21:10:16 +0000 (Tue, 13 Dec 2016)
New Revision: 47038
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-13 21:07:34 UTC (rev 47037)
+++ data/CVE/list 2016-12-13 21:10:16 UTC (rev 47038)
@@ -1,3 +1,21 @@
+CVE-2016-9948
+ RESERVED
+CVE-2016-9947
+ RESERVED
+CVE-2016-9946
+ RESERVED
+CVE-2016-9945
+ RESERVED
+CVE-2016-9944
+ RESERVED
+CVE-2016-9943
+ RESERVED
+CVE-2016-9942
+ RESERVED
+CVE-2016-9941
+ RESERVED
+CVE-2016-9940
+ RESERVED
CVE-2016-XXXX [Incorrect signature verification]
- simplesamlphp 1.14.11-1
NOTE: https://simplesamlphp.org/security/201612-02
@@ -6,9 +24,11 @@
- game-music-emu <unfixed> (bug #848071)
NOTE:
http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
CVE-2016-9939 [denial-of-service in ASN1 decoder]
+ RESERVED
- libcrypto++ <unfixed> (bug #848009)
NOTE: https://github.com/weidai11/cryptopp/issues/346
CVE-2016-9932 [x86 CMPXCHG8B emulation fails to ignore operand size override]
+ RESERVED
- xen <unfixed> (bug #848081)
NOTE: https://xenbits.xen.org/xsa/advisory-200.html
CVE-2016-9931
@@ -26,12 +46,14 @@
CVE-2016-9924
RESERVED
CVE-2016-9936 [Use After Free in PHP7 unserialize()]
+ RESERVED
- php7.0 7.0.14-1
NOTE: Fixed in PHP 7.0.14 and 7.1.0
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72978
NOTE: Fixed by:
https://github.com/php/php-src/commit/b2af4e8868726a040234de113436c6e4f6372d17
NOTE: http://www.openwall.com/lists/oss-security/2016/12/12/2
CVE-2016-9935 [Invalid read when wddx decodes empty boolean element]
+ RESERVED
- php7.0 7.0.14-1
- php5 <unfixed>
NOTE: Fixed in PHP 5.6.29 and 7.0.14
@@ -39,6 +61,8 @@
NOTE: Fixed by:
https://github.com/php/php-src/commit/66fd44209d5ffcb9b3d1bc1b9fd8e35b485040c0
NOTE: http://www.openwall.com/lists/oss-security/2016/12/12/2
CVE-2016-9934 [NULL Pointer Dereference in WDDX Packet Deserialization with
PDORow]
+ RESERVED
+ {DSA-3732-1}
- php7.0 7.0.13-1
- php5 <unfixed>
NOTE: Fixed in PHP 5.6.28, 7.0.13 and 7.1.0
@@ -46,6 +70,8 @@
NOTE: Fixed by:
https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d
NOTE: http://www.openwall.com/lists/oss-security/2016/12/12/2
CVE-2016-9933 [imagefilltoborder stackoverflow on truecolor images]
+ RESERVED
+ {DSA-3732-1}
- libgd2 2.2.2-29-g3c2b605-1
NOTE:
https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e
(gd-2.2.2)
NOTE: Scope of CVE is only the missing "color < 0" test in older
versions.
@@ -56,14 +82,14 @@
NOTE: Fixed by:
https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1
NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
NOTE: http://www.openwall.com/lists/oss-security/2016/12/12/2
-CVE-2016-9937 [AST-2016-008]
+CVE-2016-9937 (An issue was discovered in Asterisk Open Source 13.12.x and
13.13.x ...)
- asterisk <not-affected> (Introduced in 13.12.0 but fixed with first
version to unstable based on 13.12.1)
NOTE: Vulnerability introduced in 13.12.0, but the first upload to
unstable
NOTE: versioned as 1:13.12.1~dfsg-1 via opus.patch removed the offending
NOTE: function. Thus Debian was never vulnerable.
NOTE: http://downloads.asterisk.org/pub/security/AST-2016-008.html
NOTE: Cf. https://bugs.debian.org/847666
-CVE-2016-9938 [AST-2016-009]
+CVE-2016-9938 (An issue was discovered in Asterisk Open Source 11.x before
11.25.1, ...)
- asterisk <unfixed> (bug #847668)
[jessie] - asterisk <no-dsa> (Minor issue)
NOTE: http://downloads.asterisk.org/pub/security/AST-2016-009.html
@@ -2024,6 +2050,7 @@
NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
CVE-2016-9844 [zipinfo buffer overflow]
RESERVED
+ {DLA-741-1}
- unzip 6.0-21 (bug #847486)
[jessie] - unzip <no-dsa> (Minor issue)
NOTE: https://launchpad.net/bugs/1643750
@@ -2031,6 +2058,7 @@
NOTE: Proposed patch in
http://www.openwall.com/lists/oss-security/2016/12/05/19
CVE-2014-9913 [Buffer overflow in "unzip -l" via list_files() in list.c]
RESERVED
+ {DLA-741-1}
- unzip 6.0-21 (bug #847485)
[jessie] - unzip <no-dsa> (Minor issue)
NOTE: Upstream bug:
http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450
@@ -10732,6 +10760,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/10/18/11
CVE-2016-9138 [Issues from Upstream bug #73147 still unfixed in 5.6.27 and
7.0.12]
RESERVED
+ {DSA-3732-1}
- php7.0 <unfixed>
- php5 <unfixed>
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73147
@@ -22528,6 +22557,7 @@
NOTE: Fixed by:
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/8d175c4edfe7
CVE-2016-5240
RESERVED
+ {DLA-547-1}
- graphicsmagick 1.3.24-1
NOTE: Fixed by:
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ddc999ec896c
CVE-2016-5237
@@ -34855,7 +34885,7 @@
[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-167.html
CVE-2016-1567 (chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer
...)
- {DLA-414-1}
+ {DLA-742-1 DLA-414-1}
- chrony 2.2.1-1 (low; bug #812923)
[jessie] - chrony 1.30-2+deb8u2
NOTE: http://www.talosintel.com/reports/TALOS-2016-0071/
@@ -36107,6 +36137,7 @@
RESERVED
CVE-2016-1252
RESERVED
+ {DSA-3733-1}
- apt 1.4~beta2
[wheezy] - apt <not-affected> (Issue introduced in apt >= 0.9.8)
NOTE: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1647467
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
