Author: sectracker Date: 2016-12-15 21:10:30 +0000 (Thu, 15 Dec 2016) New Revision: 47118
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-12-15 21:07:24 UTC (rev 47117) +++ data/CVE/list 2016-12-15 21:10:30 UTC (rev 47118) @@ -1,20 +1,28 @@ +CVE-2016-582384 + REJECTED + TODO: check CVE-2016-9961 + {DSA-3735-1} - game-music-emu 0.6.0-4 (bug #848071) NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1 CVE-2016-9960 + {DSA-3735-1} - game-music-emu 0.6.0-4 (bug #848071) NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1 CVE-2016-9959 + {DSA-3735-1} - game-music-emu 0.6.0-4 (bug #848071) NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1 CVE-2016-9958 + {DSA-3735-1} - game-music-emu 0.6.0-4 (bug #848071) NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1 CVE-2016-9957 + {DSA-3735-1} - game-music-emu 0.6.0-4 (bug #848071) NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1 @@ -22,16 +30,19 @@ - flightgear 1:2016.4.3+dfsg-1 (bug #848114) NOTE: http://www.openwall.com/lists/oss-security/2016/12/14/11 CVE-2016-9951 + RESERVED [experimental] - apport 2.20.4-1 (bug #848213) NOTE: apport only in experimental, so we cannot track this in security-tracker NOTE: add it, as we have an explicit (bug) reference for apport NOTE: https://bugs.launchpad.net/apport/+bug/1648806 CVE-2016-9950 + RESERVED [experimental] - apport 2.20.4-1 (bug #848213) NOTE: apport only in experimental, so we cannot track this in security-tracker NOTE: add it, as we have an explicit (bug) reference for apport NOTE: https://bugs.launchpad.net/apport/+bug/1648806 CVE-2016-9949 + RESERVED [experimental] - apport 2.20.4-1 (bug #848213) NOTE: apport only in experimental, so we cannot track this in security-tracker NOTE: add it, as we have an explicit (bug) reference for apport @@ -173,13 +184,13 @@ RESERVED CVE-2016-9905 RESERVED - {DSA-3734-1} + {DSA-3734-1 DLA-743-1} - firefox <not-affected> (Only affects Firefox 45 ESR series) - firefox-esr 45.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9905 CVE-2016-9904 RESERVED - {DSA-3734-1} + {DSA-3734-1 DLA-743-1} - firefox 50.1.0-1 - firefox-esr 45.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9904 @@ -190,37 +201,37 @@ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9903 CVE-2016-9902 RESERVED - {DSA-3734-1} + {DSA-3734-1 DLA-743-1} - firefox 50.1.0-1 - firefox-esr 45.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9902 CVE-2016-9901 RESERVED - {DSA-3734-1} + {DSA-3734-1 DLA-743-1} - firefox 50.1.0-1 - firefox-esr 45.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9901 CVE-2016-9900 RESERVED - {DSA-3734-1} + {DSA-3734-1 DLA-743-1} - firefox 50.1.0-1 - firefox-esr 45.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9900 CVE-2016-9899 RESERVED - {DSA-3734-1} + {DSA-3734-1 DLA-743-1} - firefox 50.1.0-1 - firefox-esr 45.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9899 CVE-2016-9898 RESERVED - {DSA-3734-1} + {DSA-3734-1 DLA-743-1} - firefox 50.1.0-1 - firefox-esr 45.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9898 CVE-2016-9897 RESERVED - {DSA-3734-1} + {DSA-3734-1 DLA-743-1} - firefox 50.1.0-1 - firefox-esr 45.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9897 @@ -231,7 +242,7 @@ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9896 CVE-2016-9895 RESERVED - {DSA-3734-1} + {DSA-3734-1 DLA-743-1} - firefox 50.1.0-1 - firefox-esr 45.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9895 @@ -242,7 +253,7 @@ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9894 CVE-2016-9893 RESERVED - {DSA-3734-1} + {DSA-3734-1 DLA-743-1} - firefox 50.1.0-1 - firefox-esr 45.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9893 @@ -10018,16 +10029,16 @@ RESERVED CVE-2016-9036 RESERVED -CVE-2016-9035 - RESERVED -CVE-2016-9034 - RESERVED -CVE-2016-9033 - RESERVED -CVE-2016-9032 - RESERVED -CVE-2016-9031 - RESERVED +CVE-2016-9035 (An exploitable buffer overflow exists in the Joyent SmartOS ...) + TODO: check +CVE-2016-9034 (An exploitable buffer overflow exists in the Joyent SmartOS ...) + TODO: check +CVE-2016-9033 (An exploitable buffer overflow exists in the Joyent SmartOS ...) + TODO: check +CVE-2016-9032 (An exploitable buffer overflow exists in the Joyent SmartOS ...) + TODO: check +CVE-2016-9031 (An exploitable integer overflow exists in the Joyent SmartOS ...) + TODO: check CVE-2016-9085 [Several integer overflows] RESERVED - libwebp <unfixed> (bug #842714) @@ -10685,8 +10696,8 @@ NOTE: library), though source is. (unimporant) for individual lines is not supported, thus workaround by marking NOTE: as no-dsa. NOTE: https://subversion.apache.org/security/CVE-2016-8734-advisory.txt -CVE-2016-8733 - RESERVED +CVE-2016-8733 (An exploitable integer overflow exists in the Joyent SmartOS ...) + TODO: check CVE-2016-8732 RESERVED CVE-2016-8731 @@ -13968,77 +13979,60 @@ RESERVED CVE-2016-7893 RESERVED -CVE-2016-7892 - RESERVED +CVE-2016-7892 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...) NOT-FOR-US: Adobe Flash -CVE-2016-7891 - RESERVED -CVE-2016-7890 - RESERVED +CVE-2016-7891 (Adobe RoboHelp version 2015.0.3 and earlier, RoboHelp 11 and earlier ...) + TODO: check +CVE-2016-7890 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...) NOT-FOR-US: Adobe Flash -CVE-2016-7889 - RESERVED -CVE-2016-7888 - RESERVED -CVE-2016-7887 - RESERVED -CVE-2016-7886 - RESERVED -CVE-2016-7885 - RESERVED -CVE-2016-7884 - RESERVED -CVE-2016-7883 - RESERVED -CVE-2016-7882 - RESERVED -CVE-2016-7881 - RESERVED +CVE-2016-7889 (Adobe Digital Editions versions 4.5.2 and earlier has an issue with ...) + TODO: check +CVE-2016-7888 (Adobe Digital Editions versions 4.5.2 and earlier has an important ...) + TODO: check +CVE-2016-7887 (Adobe ColdFusion Builder versions 2016 update 2 and earlier, 3.0.3 and ...) + TODO: check +CVE-2016-7886 (Adobe InDesign version 11.4.1 and earlier, Adobe InDesign Server 11.0.0 ...) + TODO: check +CVE-2016-7885 (Adobe Experience Manager versions 6.2 and earlier have a vulnerability ...) + TODO: check +CVE-2016-7884 (Adobe Experience Manager versions 6.1 and earlier have an input ...) + TODO: check +CVE-2016-7883 (Adobe Experience Manager version 6.2 has an input validation issue in ...) + TODO: check +CVE-2016-7882 (Adobe Experience Manager versions 6.2 and earlier have an input ...) + TODO: check +CVE-2016-7881 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...) NOT-FOR-US: Adobe Flash -CVE-2016-7880 - RESERVED +CVE-2016-7880 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...) NOT-FOR-US: Adobe Flash -CVE-2016-7879 - RESERVED +CVE-2016-7879 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...) NOT-FOR-US: Adobe Flash -CVE-2016-7878 - RESERVED +CVE-2016-7878 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...) NOT-FOR-US: Adobe Flash -CVE-2016-7877 - RESERVED +CVE-2016-7877 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...) NOT-FOR-US: Adobe Flash -CVE-2016-7876 - RESERVED +CVE-2016-7876 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...) NOT-FOR-US: Adobe Flash -CVE-2016-7875 - RESERVED +CVE-2016-7875 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...) NOT-FOR-US: Adobe Flash -CVE-2016-7874 - RESERVED +CVE-2016-7874 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...) NOT-FOR-US: Adobe Flash -CVE-2016-7873 - RESERVED +CVE-2016-7873 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...) NOT-FOR-US: Adobe Flash -CVE-2016-7872 - RESERVED +CVE-2016-7872 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...) NOT-FOR-US: Adobe Flash -CVE-2016-7871 - RESERVED +CVE-2016-7871 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...) NOT-FOR-US: Adobe Flash -CVE-2016-7870 - RESERVED +CVE-2016-7870 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...) NOT-FOR-US: Adobe Flash -CVE-2016-7869 - RESERVED +CVE-2016-7869 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...) NOT-FOR-US: Adobe Flash -CVE-2016-7868 - RESERVED +CVE-2016-7868 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...) NOT-FOR-US: Adobe Flash -CVE-2016-7867 - RESERVED +CVE-2016-7867 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...) NOT-FOR-US: Adobe Flash -CVE-2016-7866 - RESERVED +CVE-2016-7866 (Adobe Animate versions 15.2.1.95 and earlier have an exploitable memory ...) + TODO: check CVE-2016-7865 (Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and ...) NOT-FOR-US: Adobe Flash CVE-2016-7864 (Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and ...) @@ -14057,8 +14051,8 @@ NOT-FOR-US: Adobe Flash CVE-2016-7857 (Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and ...) NOT-FOR-US: Adobe Flash -CVE-2016-7856 - RESERVED +CVE-2016-7856 (Adobe DNG Converter versions 9.7 and earlier have an exploitable memory ...) + TODO: check CVE-2016-7855 (Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 ...) NOT-FOR-US: Adobe Flash CVE-2016-7854 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...) @@ -16566,10 +16560,10 @@ NOT-FOR-US: Adobe CVE-2016-6935 (Unquoted Windows search path vulnerability in Adobe Creative Cloud ...) NOT-FOR-US: Adobe -CVE-2016-6934 - RESERVED -CVE-2016-6933 - RESERVED +CVE-2016-6934 (Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle ...) + TODO: check +CVE-2016-6933 (Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle ...) + TODO: check CVE-2016-6932 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 ...) NOT-FOR-US: Adobe Flash CVE-2016-6931 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 ...) @@ -16740,32 +16734,32 @@ [jessie] - eog <no-dsa> (Minor issue) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=770143 NOTE: https://git.gnome.org/browse/eog/commit/?id=e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4 -CVE-2016-6854 - RESERVED -CVE-2016-6853 - RESERVED -CVE-2016-6852 - RESERVED -CVE-2016-6851 - RESERVED -CVE-2016-6850 - RESERVED +CVE-2016-6854 (An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. ...) + TODO: check +CVE-2016-6853 (An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. ...) + TODO: check +CVE-2016-6852 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...) + TODO: check +CVE-2016-6851 (An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. ...) + TODO: check +CVE-2016-6850 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...) + TODO: check CVE-2016-6849 RESERVED -CVE-2016-6848 - RESERVED -CVE-2016-6847 - RESERVED +CVE-2016-6848 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...) + TODO: check +CVE-2016-6847 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...) + TODO: check CVE-2016-6846 RESERVED -CVE-2016-6845 - RESERVED -CVE-2016-6844 - RESERVED -CVE-2016-6843 - RESERVED -CVE-2016-6842 - RESERVED +CVE-2016-6845 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...) + TODO: check +CVE-2016-6844 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...) + TODO: check +CVE-2016-6843 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...) + TODO: check +CVE-2016-6842 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...) + TODO: check CVE-2016-6841 RESERVED CVE-2016-6840 (Cross-site scripting (XSS) vulnerability in the management interface ...) @@ -18791,8 +18785,8 @@ RESERVED CVE-2016-6278 RESERVED -CVE-2016-6277 - RESERVED +CVE-2016-6277 (NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 ...) + TODO: check CVE-2016-6276 (Citrix Linux Virtual Delivery Agent (aka VDA, formerly Linux Virtual ...) NOT-FOR-US: Citrix CVE-2016-6275 @@ -19021,8 +19015,7 @@ RESERVED CVE-2016-1000157 RESERVED -CVE-2016-1000156 - RESERVED +CVE-2016-1000156 (Mailcwp remote file upload vulnerability incomplete fix v1.100 ...) NOT-FOR-US: WordPress plugin mailcwp CVE-2016-1000155 (Reflected XSS in wordpress plugin wpsolr-search-engine v7.6 ...) NOT-FOR-US: Wordpress plugin wpsolr-search-engine @@ -20800,8 +20793,8 @@ NOTE: https://github.com/libgd/libgd/commit/aba3db8ba159465ecec1089027a24835a6da9cc0 CVE-2016-5741 RESERVED -CVE-2016-5740 - RESERVED +CVE-2016-5740 (An issue was discovered in Open-Xchange OX App Suite before ...) + TODO: check CVE-2016-5739 (The Transformation implementation in phpMyAdmin 4.0.x before ...) {DSA-3627-1 DLA-551-1} - phpmyadmin 4:4.6.3-1 @@ -23543,8 +23536,7 @@ TODO: check CVE-2016-5125 RESERVED -CVE-2016-5124 - RESERVED +CVE-2016-5124 (An issue was discovered in Open-Xchange OX App Suite before ...) - open-xchange <itp> (bug #269329) CVE-2016-5123 RESERVED @@ -25716,8 +25708,7 @@ CVE-2016-4444 RESERVED NOT-FOR-US: setroubleshoot -CVE-2016-4443 - RESERVED +CVE-2016-4443 (Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local ...) NOT-FOR-US: org.ovirt.engine-root / engine-setup (Red Hat) CVE-2016-4442 RESERVED @@ -26697,14 +26688,14 @@ - quagga 1.0.20160315-2 (bug #822787) NOTE: https://lists.quagga.net/pipermail/quagga-dev/2016-January/014699.html NOTE: https://lists.quagga.net/pipermail/quagga-dev/2016-April/015241.html -CVE-2016-4048 - RESERVED -CVE-2016-4047 - RESERVED -CVE-2016-4046 - RESERVED -CVE-2016-4045 - RESERVED +CVE-2016-4048 (An issue was discovered in Open-Xchange OX App Suite before ...) + TODO: check +CVE-2016-4047 (An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. ...) + TODO: check +CVE-2016-4046 (An issue was discovered in Open-Xchange OX App Suite before ...) + TODO: check +CVE-2016-4045 (An issue was discovered in Open-Xchange OX App Suite before ...) + TODO: check CVE-2015-8862 RESERVED - mustache.js <unfixed> (unimportant) @@ -26876,12 +26867,12 @@ NOTE: Fixed by: https://core.trac.wordpress.org/changeset/37115 NOTE: Fixed by: https://github.com/WordPress/WordPress/commit/af9f0520875eda686fd13a427fd3914d7aded049 NOTE: Release notes: https://codex.wordpress.org/Version_4.5 -CVE-2016-4028 - RESERVED -CVE-2016-4027 - RESERVED -CVE-2016-4026 - RESERVED +CVE-2016-4028 (An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX ...) + TODO: check +CVE-2016-4027 (An issue was discovered in Open-Xchange OX App Suite before ...) + TODO: check +CVE-2016-4026 (An issue was discovered in Open-Xchange OX App Suite before ...) + TODO: check CVE-2016-4025 (Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier ...) TODO: check CVE-2016-4023 @@ -27894,10 +27885,10 @@ TODO: check CVE-2016-3686 (The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 ...) NOT-FOR-US: F5 BIG-IP APM -CVE-2016-3685 - RESERVED -CVE-2016-3684 - RESERVED +CVE-2016-3685 (SAP Download Manager 2.1.142 and earlier generates an encryption key ...) + TODO: check +CVE-2016-3684 (SAP Download Manager 2.1.142 and earlier uses a hardcoded encryption ...) + TODO: check CVE-2016-3683 RESERVED CVE-2016-3689 (The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in ...) @@ -29187,10 +29178,10 @@ NOTE: Fixed in 2015.5.10/2015.8.8 upstream CVE-2016-3175 RESERVED -CVE-2016-3174 - RESERVED -CVE-2016-3173 - RESERVED +CVE-2016-3174 (An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. ...) + TODO: check +CVE-2016-3173 (An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. ...) + TODO: check CVE-2016-3161 (For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and ...) TODO: check CVE-2016-3160 @@ -30170,8 +30161,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2016/03/05/4 CVE-2016-8000 REJECTED -CVE-2016-2840 - RESERVED +CVE-2016-2840 (An issue was discovered in Open-Xchange Server 6 / OX AppSuite before ...) - open-xchange <itp> (bug #269329) CVE-2016-2857 (The net_checksum_calculate function in net/checksum.c in QEMU allows ...) {DLA-574-1 DLA-573-1} @@ -38307,8 +38297,8 @@ RESERVED CVE-2015-8544 RESERVED -CVE-2015-8542 - RESERVED +CVE-2015-8542 (An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The ...) + TODO: check CVE-2015-8556 [Local Privilege Escalation in QEMU virtfs-proxy-helper] RESERVED - qemu <not-affected> (Issue specific to virtfs-proxy-helper in Gentoo installed suid) @@ -70030,8 +70020,7 @@ [jessie] - librsync <no-dsa> (Minor issue, too instrusive to backport) [wheezy] - librsync <no-dsa> (Minor issue, too instrusive to backport) [squeeze] - librsync <no-dsa> (Minor issue, too instrusive to backport) -CVE-2014-8241 - RESERVED +CVE-2014-8241 (XRegion in TigerVNC allows remote VNC servers to cause a denial of ...) - tigervnc <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1151312 NOTE: Patch applied in Red Hat https://bugzilla.redhat.com/attachment.cgi?id=946490 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits