Author: sectracker
Date: 2016-12-14 21:10:13 +0000 (Wed, 14 Dec 2016)
New Revision: 47073
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-14 20:51:59 UTC (rev 47072)
+++ data/CVE/list 2016-12-14 21:10:13 UTC (rev 47073)
@@ -136,11 +136,13 @@
RESERVED
CVE-2016-9905
RESERVED
+ {DSA-3734-1}
- firefox <not-affected> (Only affects Firefox 45 ESR series)
- firefox-esr 45.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9905
CVE-2016-9904
RESERVED
+ {DSA-3734-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9904
@@ -151,31 +153,37 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9903
CVE-2016-9902
RESERVED
+ {DSA-3734-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9902
CVE-2016-9901
RESERVED
+ {DSA-3734-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9901
CVE-2016-9900
RESERVED
+ {DSA-3734-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9900
CVE-2016-9899
RESERVED
+ {DSA-3734-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9899
CVE-2016-9898
RESERVED
+ {DSA-3734-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9898
CVE-2016-9897
RESERVED
+ {DSA-3734-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9897
@@ -186,6 +194,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9896
CVE-2016-9895
RESERVED
+ {DSA-3734-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9895
@@ -196,6 +205,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9894
CVE-2016-9893
RESERVED
+ {DSA-3734-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9893
@@ -9378,42 +9388,42 @@
RESERVED
CVE-2016-9216
RESERVED
-CVE-2016-9215
- RESERVED
-CVE-2016-9214
- RESERVED
+CVE-2016-9215 (A vulnerability in Cisco IOS XR Software could allow an
authenticated, ...)
+ TODO: check
+CVE-2016-9214 (Cisco Identity Services Engine (ISE) contains a vulnerability
that ...)
+ TODO: check
CVE-2016-9213
RESERVED
-CVE-2016-9212
- RESERVED
-CVE-2016-9211
- RESERVED
-CVE-2016-9210
- RESERVED
-CVE-2016-9209
- RESERVED
-CVE-2016-9208
- RESERVED
-CVE-2016-9207
- RESERVED
-CVE-2016-9206
- RESERVED
-CVE-2016-9205
- RESERVED
-CVE-2016-9204
- RESERVED
-CVE-2016-9203
- RESERVED
-CVE-2016-9202
- RESERVED
-CVE-2016-9201
- RESERVED
-CVE-2016-9200
- RESERVED
-CVE-2016-9199
- RESERVED
-CVE-2016-9198
- RESERVED
+CVE-2016-9212 (A vulnerability in the Decrypt for End-User Notification
configuration ...)
+ TODO: check
+CVE-2016-9211 (A vulnerability in TCP port management in Cisco ONS 15454
Series ...)
+ TODO: check
+CVE-2016-9210 (A vulnerability in the Cisco Unified Reporting upload tool
accessed via ...)
+ TODO: check
+CVE-2016-9209 (A vulnerability in TCP processing in Cisco FirePOWER system
software ...)
+ TODO: check
+CVE-2016-9208 (A vulnerability in the File Management Utility, the Download
File form, ...)
+ TODO: check
+CVE-2016-9207 (A vulnerability in the HTTP traffic server component of Cisco
...)
+ TODO: check
+CVE-2016-9206 (A vulnerability in the ccmadmin page of Cisco Unified
Communications ...)
+ TODO: check
+CVE-2016-9205 (A vulnerability in the HTTP 2.0 request handling code of Cisco
IOS XR ...)
+ TODO: check
+CVE-2016-9204 (A vulnerability in the Cisco Intercloud Fabric (ICF) Director
could ...)
+ TODO: check
+CVE-2016-9203 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2)
feature ...)
+ TODO: check
+CVE-2016-9202 (A vulnerability in the web-based management interface of Cisco
Email ...)
+ TODO: check
+CVE-2016-9201 (A vulnerability in the Zone-Based Firewall feature of Cisco IOS
and ...)
+ TODO: check
+CVE-2016-9200 (A vulnerability in the web framework code of Cisco Prime
Collaboration ...)
+ TODO: check
+CVE-2016-9199 (A vulnerability in the Cisco application-hosting framework
(CAF) of ...)
+ TODO: check
+CVE-2016-9198 (A vulnerability in the Active Directory integration component
of Cisco ...)
+ TODO: check
CVE-2016-9197
RESERVED
CVE-2016-9196
@@ -9422,10 +9432,10 @@
RESERVED
CVE-2016-9194
RESERVED
-CVE-2016-9193
- RESERVED
-CVE-2016-9192
- RESERVED
+CVE-2016-9193 (A vulnerability in the malicious file detection and blocking
features ...)
+ TODO: check
+CVE-2016-9192 (A vulnerability in Cisco AnyConnect Secure Mobility Client for
Windows ...)
+ TODO: check
CVE-2015-8972 [user input buffer overflow]
RESERVED
- gnuchess 6.2.4-1 (unimportant)
@@ -13681,76 +13691,64 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/10/04/5
NOTE: There is no plan (yet) from upstream to address this for bundler
1.x
NOTE: due to lockfile format.
-CVE-2016-7953
- RESERVED
+CVE-2016-7953 (Buffer underflow in X.org libXvMC before 1.0.10 allows remote X
...)
{DLA-671-1}
- libxvmc 2:1.0.10-1 (low; bug #840445)
[jessie] - libxvmc <no-dsa> (Minor issue, will be fixed in a point
release)
NOTE:
https://cgit.freedesktop.org/xorg/lib/libXvMC/commit/?id=2cd95e7da8367cccdcdd5c9b160012d1dec5cbdb
-CVE-2016-7952 [for all of the other mishandling of the reply data]
- RESERVED
+CVE-2016-7952 (X.org libXtst before 1.2.3 allows remote X servers to cause a
denial ...)
{DLA-686-1}
- libxtst 2:1.2.3-1 (low; bug #840444)
[jessie] - libxtst <no-dsa> (Minor issue, will be fixed in a point
release)
NOTE:
https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af3129ec4a7a4f4b54a0d59701beeae3
-CVE-2016-7951 [for all of the integer overflows]
- RESERVED
+CVE-2016-7951 (Multiple integer overflows in X.org libXtst before 1.2.3 allow
remote ...)
{DLA-686-1}
- libxtst 2:1.2.3-1 (low; bug #840444)
[jessie] - libxtst <no-dsa> (Minor issue, will be fixed in a point
release)
NOTE:
https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af3129ec4a7a4f4b54a0d59701beeae3
-CVE-2016-7950
- RESERVED
+CVE-2016-7950 (The XRenderQueryFilters function in X.org libXrender before
0.9.10 ...)
{DLA-664-1}
- libxrender 1:0.9.10-1 (low; bug #840443)
[jessie] - libxrender <no-dsa> (Minor issue, will be fixed in a point
release)
NOTE:
https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=8fad00b0b647ee662ce4737ca15be033b7a21714
-CVE-2016-7949
- RESERVED
+CVE-2016-7949 (Multiple buffer overflows in the (1) XvQueryAdaptors and (2)
...)
{DLA-664-1}
- libxrender 1:0.9.10-1 (low; bug #840443)
[jessie] - libxrender <no-dsa> (Minor issue, will be fixed in a point
release)
NOTE:
https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=9362c7ddd1af3b168953d0737877bc52d79c94f4
-CVE-2016-7948 [for all of the other mishandling of the reply data]
- RESERVED
+CVE-2016-7948 (X.org libXrandr before 1.5.1 allows remote X servers to trigger
...)
{DLA-660-1}
- libxrandr 2:1.5.1-1 (low; bug #840441)
[jessie] - libxrandr <no-dsa> (Minor issue, will be fixed in a point
release)
NOTE:
https://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=a0df3e1c7728205e5c7650b2e6dce684139254a6
-CVE-2016-7947 [for all of the integer overflows]
- RESERVED
+CVE-2016-7947 (Multiple integer overflows in X.org libXrandr before 1.5.1
allow ...)
{DLA-660-1}
- libxrandr 2:1.5.1-1 (low; bug #840441)
[jessie] - libxrandr <no-dsa> (Minor issue, will be fixed in a point
release)
NOTE:
https://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=a0df3e1c7728205e5c7650b2e6dce684139254a6
-CVE-2016-7946 [for all of the other mishandling of the reply data]
- RESERVED
+CVE-2016-7946 (X.org libXi before 1.7.7 allows remote X servers to cause a
denial of ...)
{DLA-685-1}
- libxi 2:1.7.8-1 (low; bug #840440)
[jessie] - libxi <no-dsa> (Minor issue, will be fixed in a point
release)
NOTE:
https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5
NOTE: Regression: https://bugs.freedesktop.org/98204
-CVE-2016-7945 [or all of the integer overflows]
- RESERVED
+CVE-2016-7945 (Multiple integer overflows in X.org libXi before 1.7.7 allow
remote X ...)
{DLA-685-1}
- libxi 2:1.7.8-1 (low; bug #840440)
[jessie] - libxi <no-dsa> (Minor issue, will be fixed in a point
release)
NOTE:
https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5
NOTE: Regression: https://bugs.freedesktop.org/98204
-CVE-2016-7944
- RESERVED
+CVE-2016-7944 (Integer overflow in X.org libXfixes before 5.0.3 on 32-bit
platforms ...)
{DLA-654-1}
- libxfixes 1:5.0.3-1 (low; bug #840442)
[jessie] - libxfixes <no-dsa> (Minor issue, will be fixed in a point
release)
NOTE:
https://cgit.freedesktop.org/xorg/lib/libXfixes/commit/?id=61c1039ee23a2d1de712843bed3480654d7ef42e
-CVE-2016-7943
- RESERVED
+CVE-2016-7943 (The XListFonts function in X.org libX11 before 1.6.4 might
allow ...)
{DLA-684-1}
- libx11 2:1.6.4-1 (low; bug #840439)
[jessie] - libx11 <no-dsa> (Minor issue, will be fixed in a point
release)
NOTE:
https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9
-CVE-2016-7942
- RESERVED
+CVE-2016-7942 (The XGetImage function in X.org libX11 before 1.6.4 might allow
remote ...)
{DLA-684-1}
- libx11 2:1.6.4-1 (low; bug #840439)
[jessie] - libx11 <no-dsa> (Minor issue, will be fixed in a point
release)
@@ -14905,18 +14903,17 @@
NOT-FOR-US: Sophos UTM
CVE-2016-7441
RESERVED
-CVE-2016-7440
- RESERVED
+CVE-2016-7440 (The C software implementation of AES Encryption and Decryption
in ...)
{DSA-3711-1 DSA-3706-1 DLA-708-1}
- mariadb-10.0 10.0.28-1
- mysql-5.7 5.7.16-1 (bug #841163)
- mysql-5.6 5.6.34-1 (bug #841049)
- mysql-5.5 <removed> (bug #841050)
NOTE: Fixed in MariaDB 5.5.53, MariaDB 10.0.28
-CVE-2016-7439
- RESERVED
-CVE-2016-7438
- RESERVED
+CVE-2016-7439 (The C software implementation of RSA in wolfSSL (formerly
CyaSSL) ...)
+ TODO: check
+CVE-2016-7438 (The C software implementation of ECC in wolfSSL (formerly
CyaSSL) ...)
+ TODO: check
CVE-2016-7437 (SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events
in the ...)
NOT-FOR-US: SAP Netweaver
CVE-2016-7436
@@ -17088,12 +17085,12 @@
TODO: check
CVE-2016-6723 (A denial of service vulnerability in Proxy Auto Config in
Android 4.x ...)
TODO: check
-CVE-2016-6722
- RESERVED
+CVE-2016-6722 (An information disclosure vulnerability in libstagefright in
...)
+ TODO: check
CVE-2016-6721 (An information disclosure vulnerability in Mediaserver in
Android 6.x ...)
TODO: check
-CVE-2016-6720
- RESERVED
+CVE-2016-6720 (An information disclosure vulnerability in libstagefright in
...)
+ TODO: check
CVE-2016-6719 (An elevation of privilege vulnerability in the Bluetooth
component in ...)
TODO: check
CVE-2016-6718 (An elevation of privilege vulnerability in the Account Manager
Service ...)
@@ -17108,10 +17105,10 @@
TODO: check
CVE-2016-6713 (A remote denial of service vulnerability in Mediaserver in
Android 6.x ...)
TODO: check
-CVE-2016-6712
- RESERVED
-CVE-2016-6711
- RESERVED
+CVE-2016-6712 (A remote denial of service vulnerability in libvpx in
Mediaserver in ...)
+ TODO: check
+CVE-2016-6711 (A remote denial of service vulnerability in libvpx in
Mediaserver in ...)
+ TODO: check
CVE-2016-6710 (An information disclosure vulnerability in the download manager
in ...)
TODO: check
CVE-2016-6709 (An information disclosure vulnerability in Conscrypt and
BoringSSL in ...)
@@ -17120,8 +17117,8 @@
TODO: check
CVE-2016-6707 (An elevation of privilege vulnerability in System Server in
Android ...)
TODO: check
-CVE-2016-6706
- RESERVED
+CVE-2016-6706 (An elevation of privilege vulnerability in libstagefright in
...)
+ TODO: check
CVE-2016-6705 (An elevation of privilege vulnerability in Mediaserver in
Android ...)
TODO: check
CVE-2016-6704 (An elevation of privilege vulnerability in Mediaserver in
Android 4.x ...)
@@ -17134,8 +17131,8 @@
TODO: check
CVE-2016-6700 (An elevation of privilege vulnerability in libzipfile in
Android 4.x ...)
TODO: check
-CVE-2016-6699
- RESERVED
+CVE-2016-6699 (A remote code execution vulnerability in libstagefright in
Mediaserver ...)
+ TODO: check
CVE-2016-6698 (An information disclosure vulnerability in Qualcomm components
...)
TODO: check
CVE-2016-6697
@@ -17260,8 +17257,7 @@
RESERVED
CVE-2016-6665
RESERVED
-CVE-2016-6664
- RESERVED
+CVE-2016-6664 (mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through
5.6.32, and ...)
- mariadb-10.0 <unfixed> (bug #842895)
- mysql-5.7 5.7.15-1
- mysql-5.6 5.6.34-1 (bug #841049)
@@ -17272,8 +17268,7 @@
NOTE: Possible fixed by:
https://github.com/MariaDB/server/commit/684a165f28b3718160a3e4c5ebd18a465d85e97c
NOTE: Duplicate CVE from Oracle: CVE-2016-5617
NOTE:
https://mariadb.com/blog/update-security-vulnerabilities-cve-2016-6663-and-cve-2016-6664-related-mariadb-server
-CVE-2016-6663
- RESERVED
+CVE-2016-6663 (Race condition in Oracle MySQL before 5.5.52, 5.6.x before
5.6.33, ...)
{DSA-3711-1}
- mariadb-10.0 10.0.28-1
- mysql-5.7 5.7.15-1
@@ -18028,8 +18023,7 @@
CVE-2016-6521
RESERVED
- grails <itp> (bug #473213)
-CVE-2016-6520 [buffer overflow]
- RESERVED
+CVE-2016-6520 (Buffer overflow in MagickCore/enhance.c in ImageMagick before
7.0.2-7 ...)
- imagemagick <not-affected> (Only affects imagemagick 7, which isn't
packaged yet, bug #833485)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/76401e172ea3a55182be2b8e2aca4d07270f6da6
NOTE:
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30259&p=136359#p136359
@@ -18065,8 +18059,7 @@
- mongodb 1:2.6.12-3 (bug #832908)
[jessie] - mongodb <no-dsa> (Minor issue, can be fixed via point
release)
NOTE: http://www.openwall.com/lists/oss-security/2016/07/29/4
-CVE-2016-6491 [Buffer overflow]
- RESERVED
+CVE-2016-6491 (Buffer overflow in the Get8BIMProperty function in ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #833099)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/dd84447b63a71fa8c3f47071b09454efc667767b
@@ -18209,28 +18202,28 @@
RESERVED
CVE-2016-6475
RESERVED
-CVE-2016-6474
- RESERVED
-CVE-2016-6473
- RESERVED
+CVE-2016-6474 (A vulnerability in the implementation of X.509 Version 3 for
SSH ...)
+ TODO: check
+CVE-2016-6473 (A vulnerability in Cisco IOS on Catalyst Switches and Nexus
9300 Series ...)
+ TODO: check
CVE-2016-6472 (A vulnerability in several parameters of the ccmivr page of
Cisco ...)
TODO: check
-CVE-2016-6471
- RESERVED
-CVE-2016-6470
- RESERVED
-CVE-2016-6469
- RESERVED
-CVE-2016-6468
- RESERVED
-CVE-2016-6467
- RESERVED
+CVE-2016-6471 (A vulnerability in the web-based management interface of Cisco
...)
+ TODO: check
+CVE-2016-6470 (A vulnerability in the installation procedure of the Cisco
Hybrid Media ...)
+ TODO: check
+CVE-2016-6469 (A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco
Web ...)
+ TODO: check
+CVE-2016-6468 (A vulnerability in the web-based management interface of Cisco
...)
+ TODO: check
+CVE-2016-6467 (A vulnerability in IPv6 packet fragment reassembly of StarOS
for Cisco ...)
+ TODO: check
CVE-2016-6466 (A vulnerability in the IPsec component of StarOS for Cisco ASR
5000 ...)
TODO: check
-CVE-2016-6465
- RESERVED
-CVE-2016-6464
- RESERVED
+CVE-2016-6465 (A vulnerability in the content filtering functionality of Cisco
AsyncOS ...)
+ TODO: check
+CVE-2016-6464 (A vulnerability in the web management interface of the Cisco
Unified ...)
+ TODO: check
CVE-2016-6463 (A vulnerability in the email filtering functionality of Cisco
AsyncOS ...)
TODO: check
CVE-2016-6462 (A vulnerability in the email filtering functionality of Cisco
AsyncOS ...)
@@ -18259,8 +18252,8 @@
NOT-FOR-US: Cisco
CVE-2016-6450 (A vulnerability in the package unbundle utility of Cisco IOS XE
...)
TODO: check
-CVE-2016-6449
- RESERVED
+CVE-2016-6449 (A vulnerability in the system management of certain FireAMP
system ...)
+ TODO: check
CVE-2016-6448 (A vulnerability in the Session Description Protocol (SDP)
parser of ...)
NOT-FOR-US: Cisco
CVE-2016-6447 (A vulnerability in Cisco Meeting Server and Meeting App could
allow an ...)
@@ -18590,8 +18583,7 @@
RESERVED
CVE-2016-6314
RESERVED
-CVE-2016-6313 [libgcrypt: PRNG output is predictable]
- RESERVED
+CVE-2016-6313 (The mixing functions in the random number generator in
Libgcrypt ...)
{DSA-3650-1 DSA-3649-1 DLA-602-1 DLA-600-1}
- gnupg2 <not-affected> (Uses system libgcrypt)
- gnupg1 1.4.21-1 (bug #834894)
@@ -20572,15 +20564,13 @@
- libarchive 3.2.1-1
NOTE: Upstream ticket:
https://github.com/libarchive/libarchive/issues/717
NOTE: Upstream fix:
https://github.com/libarchive/libarchive/commit/3ad08e01b4d253c66ae56414886089684155af22
(v3.2.1)
-CVE-2016-5842
- RESERVED
+CVE-2016-5842 (MagickCore/property.c in ImageMagick before 7.0.2-1 allows
remote ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #831034)
NOTE: Details: http://www.openwall.com/lists/oss-security/2016/06/23/1
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b
NOTE: Reproducer http://bugs.fi/media/afl/imagemagick/CVE-2016-5842.jpg
-CVE-2016-5841
- RESERVED
+CVE-2016-5841 (Integer overflow in MagickCore/profile.c in ImageMagick before
7.0.2-1 ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #831034)
NOTE: Details: http://www.openwall.com/lists/oss-security/2016/06/23/1
@@ -20965,8 +20955,8 @@
CVE-2016-5648
RESERVED
NOT-FOR-US: Acer Portal Android application
-CVE-2016-5647
- RESERVED
+CVE-2016-5647 (The igdkmd64 module in the Intel Graphics Driver through
15.33.42.435, ...)
+ TODO: check
CVE-2016-5646
RESERVED
CVE-2016-5645 (Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA,
1766-L32AWA, ...)
@@ -20995,30 +20985,25 @@
CVE-2016-5726
RESERVED
NOT-FOR-US: Simple Machines Forum
-CVE-2016-5691 [lack of validation of pixel.red, pixel.green, and pixel.blue]
- RESERVED
+CVE-2016-5691 (The DCM reader in ImageMagick before 6.9.4-5 and 7.x before
7.0.1-7 ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #833044)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
-CVE-2016-5690 [error in the for statement in the "Compute pixel scaling table"
part of the ReadDCMImage function]
- RESERVED
+CVE-2016-5690 (The ReadDCMImage function in DCM reader in ImageMagick before
6.9.4-5 ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #833043)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
-CVE-2016-5689 [lack of required NULL pointer checks]
- RESERVED
+CVE-2016-5689 (The DCM reader in ImageMagick before 6.9.4-5 and 7.x before
7.0.1-7 ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #833042)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
NOTE: Will be fixed in a 6.9.4-3 based version
-CVE-2016-5688 [issues in WPG parser]
- RESERVED
+CVE-2016-5688 (The WPG parser in ImageMagick before 6.9.4-4 and 7.x before
7.0.1-5, ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #833003)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/fc43974d34318c834fbf78570ca1a3764ed8c7d7
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/aecd0ada163a4d6c769cec178955d5f3e9316f2f
-CVE-2016-5687 [out of bounds memory read]
- RESERVED
+CVE-2016-5687 (The VerticalFilter function in the DDS coder in ImageMagick
before ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832890)
NOTE:
https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG,-DDS,-DCM.html
@@ -21110,7 +21095,8 @@
TODO: check
CVE-2016-5618 (Unspecified vulnerability in the Oracle Data Integrator
component in ...)
TODO: check
-CVE-2016-5617 (Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier,
5.6.32 ...)
+CVE-2016-5617
+ REJECTED
- mariadb-10.0 <unfixed> (bug #842895)
- mysql-5.7 5.7.15-1
- mysql-5.6 5.6.34-1 (bug #841049)
@@ -21118,7 +21104,8 @@
[jessie] - mysql-5.5 5.5.52-0+deb8u1
[wheezy] - mysql-5.5 5.5.52-0+deb7u1
NOTE: This is a Oracle assigned duplicate for CVE-2016-6664
-CVE-2016-5616 (Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier,
5.6.32 ...)
+CVE-2016-5616
+ REJECTED
{DSA-3711-1}
- mariadb-10.0 10.0.28-1
- mysql-5.7 5.7.15-1
@@ -21714,8 +21701,7 @@
- squid3 <not-affected> (Incomplete fix for CVE-2016-4051 not applied)
NOTE: CVE is specific for the incomplete fix of CVE-2016-4051 as applied
NOTE: by some vendors.
-CVE-2016-5407 [Insufficient validation of server responses results in out-of
bounds accesses]
- RESERVED
+CVE-2016-5407 (The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in
X.org ...)
{DLA-667-1}
- libxv 2:1.0.11-1 (low; bug #840438)
[jessie] - libxv <no-dsa> (Minor issue, will be fixed in a point
release)
@@ -23665,8 +23651,8 @@
TODO: check
CVE-2016-5061 (Multiple cross-site scripting (XSS) vulnerabilities in the web
server ...)
TODO: check
-CVE-2016-5060
- RESERVED
+CVE-2016-5060 (Multiple cross-site scripting (XSS) vulnerabilities in nGrinder
before ...)
+ TODO: check
CVE-2016-5059
RESERVED
CVE-2016-5058
@@ -26012,8 +25998,8 @@
- pidgin 2.11.0-1
NOTE: http://www.talosintel.com/reports/TALOS-2016-0128/
NOTE: http://www.pidgin.im/news/security/?id=97
-CVE-2016-4322
- RESERVED
+CVE-2016-4322 (BMC BladeLogic Server Automation (BSA) before 8.7 Patch 3
allows ...)
+ TODO: check
CVE-2016-4321
RESERVED
CVE-2016-4320
@@ -31906,8 +31892,7 @@
{DSA-3599-1 DLA-510-1}
- p7zip 15.14.1+dfsg-2 (bug #824160)
NOTE: http://www.talosintel.com/reports/TALOS-2016-0094/
-CVE-2016-2334 [Heap-buffer-overflow vulnerability]
- RESERVED
+CVE-2016-2334 (Heap-based buffer overflow in the ...)
- p7zip 15.14.1+dfsg-2 (bug #824160)
[jessie] - p7zip <not-affected> (Introduced in 9.32)
[wheezy] - p7zip <not-affected> (Introduced in 9.32)
@@ -35458,8 +35443,8 @@
NOT-FOR-US: Cisco
CVE-2016-1412
RESERVED
-CVE-2016-1411
- RESERVED
+CVE-2016-1411 (A vulnerability in the update functionality of Cisco AsyncOS
Software ...)
+ TODO: check
CVE-2016-1410 (Cisco WebEx Meeting Center Original Release Base allows remote
...)
NOT-FOR-US: Cisco
CVE-2016-1409 (The Neighbor Discovery (ND) protocol implementation in the IPv6
stack ...)
@@ -50032,8 +50017,7 @@
CVE-2015-5081 [CSRF]
RESERVED
- python-django-cms <itp> (bug #516183)
-CVE-2015-5073 [Heap Overflow Vulnerability in find_fixedlength()]
- RESERVED
+CVE-2015-5073 (Heap-based buffer overflow in the find_fixedlength function in
...)
- pcre3 2:8.35-7 (bug #790000)
[jessie] - pcre3 2:8.35-3.3+deb8u1
[wheezy] - pcre3 <no-dsa> (Minor issue)
@@ -54605,8 +54589,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/04/25/2
NOTE:
https://bitbucket.org/shlomif/perl-xml-libxml/commits/5962fd067580767777e94640b129ae8930a68a30
NOTE:
https://bitbucket.org/shlomif/perl-xml-libxml/commits/915f1dbaf21c5f3c21d7c519c70fd93859e47152
-CVE-2015-3418 [X server crash by client, issue introduced by fix for
CVE-2014-8092]
- RESERVED
+CVE-2015-3418 (The ProcPutImage function in dix/dispatch.c in X.Org Server
(aka ...)
{DLA-120-2}
- xorg-server 2:1.16.4-1 (bug #774308)
[wheezy] - xorg-server 2:1.12.4-6+deb7u6
@@ -55265,8 +55248,7 @@
NOTE:
http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html
NOTE: Patch:
http://cgit.freedesktop.org/polkit/commit/?id=48e646918efb2bf0b3b505747655726d7869f31c
NOTE: Introduced by:
http://cgit.freedesktop.org/polkit/commit/?id=6eeb077bc90c9c7783360a526b2f04645b1b0848
-CVE-2015-3217 [PCRE Library Call Stack Overflow Vulnerability in match()]
- RESERVED
+CVE-2015-3217 (PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group
empty ...)
- pcre3 2:8.38-1 (bug #787641)
[jessie] - pcre3 <no-dsa> (Minor issue)
[wheezy] - pcre3 <no-dsa> (Minor issue)
@@ -55311,8 +55293,7 @@
CVE-2015-3211
RESERVED
- php5 <not-affected> (Red Hat specific problem in the rpm package)
-CVE-2015-3210 [heap buffer overflow in pcre_compile2() / compile_regex()]
- RESERVED
+CVE-2015-3210 (Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2
10.10 ...)
- pcre3 2:8.35-7.2 (bug #787433)
[jessie] - pcre3 2:8.35-3.3+deb8u1
[wheezy] - pcre3 <not-affected> (Vulnerable code introduced later)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
