Author: sectracker Date: 2016-12-22 21:10:24 +0000 (Thu, 22 Dec 2016) New Revision: 47359
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-12-22 19:52:26 UTC (rev 47358) +++ data/CVE/list 2016-12-22 21:10:24 UTC (rev 47359) @@ -687,7 +687,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2016/12/12/2 CVE-2016-9933 [imagefilltoborder stackoverflow on truecolor images] RESERVED - {DSA-3732-1} + {DSA-3732-1 DLA-758-1} - libgd2 2.2.2-29-g3c2b605-1 (bug #849038) NOTE: This problem could be seen as a programmer fault but the fix is easy and NOTE: the effect is rather dramatic so it should be fixed anyway. @@ -8775,6 +8775,7 @@ NOTE: PHP workaround for CVE-2014-9911 in icu TODO: double-check first fixing version in unstable CVE-2016-4412 (An issue was discovered in phpMyAdmin. A user can be tricked into ...) + {DLA-757-1} - phpmyadmin 4:4.1.7-1 NOTE: https://www.phpmyadmin.net/security/PMASA-2016-57/ NOTE: may affect wheezy only. @@ -8787,9 +8788,11 @@ NOTE: https://www.phpmyadmin.net/security/PMASA-2016-59/ NOTE: disabled by default, debugging setting required CVE-2016-9849 (An issue was discovered in phpMyAdmin. It is possible to bypass ...) + {DLA-757-1} - phpmyadmin 4:4.6.5.1-1 NOTE: https://www.phpmyadmin.net/security/PMASA-2016-60/ CVE-2016-9850 (An issue was discovered in phpMyAdmin. Username matching for the ...) + {DLA-757-1} - phpmyadmin 4:4.6.5.1-1 (low) NOTE: https://www.phpmyadmin.net/security/PMASA-2016-61/ CVE-2016-9851 (An issue was discovered in phpMyAdmin. With a crafted request ...) @@ -8829,6 +8832,7 @@ - phpmyadmin 4:4.6.5.1-1 (unimportant) NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/ CVE-2016-9861 (An issue was discovered in phpMyAdmin. Due to the limitation in URL ...) + {DLA-757-1} - phpmyadmin 4:4.6.5.1-1 (low) NOTE: https://www.phpmyadmin.net/security/PMASA-2016-66/ CVE-2016-9862 (An issue was discovered in phpMyAdmin. With a crafted login request it ...) @@ -8842,9 +8846,11 @@ [wheezy] - phpmyadmin <not-affected> (Vulnerable code not present) NOTE: https://www.phpmyadmin.net/security/PMASA-2016-68/ CVE-2016-9864 (An issue was discovered in phpMyAdmin. With a crafted username or a ...) + {DLA-757-1} - phpmyadmin 4:4.6.5.1-1 NOTE: https://www.phpmyadmin.net/security/PMASA-2016-69/ CVE-2016-9865 (An issue was discovered in phpMyAdmin. Due to a bug in serialized ...) + {DLA-757-1} - phpmyadmin 4:4.6.5.1-1 NOTE: https://www.phpmyadmin.net/security/PMASA-2016-70/ CVE-2016-9866 (An issue was discovered in phpMyAdmin. When the arg_separator is ...) @@ -9165,7 +9171,7 @@ NOTE: Upstream statement: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31045 CVE-2016-9556 [Heap buffer overflow in heap-buffer-overflow in IsPixelGray] RESERVED - {DSA-3726-1} + {DSA-3726-1 DLA-756-1} - imagemagick 8:6.9.6.5+dfsg-1 (bug #845242) NOTE: https://github.com/ImageMagick/ImageMagick/issues/301 NOTE: https://github.com/ImageMagick/ImageMagick/commit/174de08d7c81ce147689f3b1c73fadd6bf1c023c @@ -11386,6 +11392,7 @@ REJECTED CVE-2016-8707 [ImageMagick Convert Tiff Adobe Deflate Code Execution Vulnerability] RESERVED + {DLA-756-1} [experimental] - imagemagick 8:6.9.7.0+dfsg-1 - imagemagick <unfixed> (bug #848139) NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0216/ @@ -11502,6 +11509,7 @@ NOTE: https://github.com/mdadams/jasper/issues/28 CVE-2016-8866 [memory allocation failure in AcquireMagickMemory (memory.c) (incomplete fix for CVE-2016-8862)] RESERVED + {DLA-756-1} - imagemagick <not-affected> NOTE: For incomplete fix of CVE-2016-8862 NOTE: https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/ @@ -11525,7 +11533,7 @@ NOTE: Only thing the attacker could do here is self-dos own connection CVE-2016-8862 [imagemagick: memory allocation failure in AcquireMagickMemory (memory.c)] RESERVED - {DSA-3726-1} + {DSA-3726-1 DLA-756-1} - imagemagick 8:6.9.6.6+dfsg-1 (bug #845634) NOTE: https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/ NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/aea6c6507f55632829e6432f8177a084a57c9fcc @@ -14814,7 +14822,7 @@ NOTE: https://sourceforge.net/p/graphicsmagick/code/ci/5c7b6d6094a25e99c57f8b18343914ebfd8213ef/ CVE-2016-7799 [mogrify global buffer overflow] RESERVED - {DSA-3726-1} + {DSA-3726-1 DLA-756-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #840437) NOTE: https://github.com/ImageMagick/ImageMagick/issues/280 NOTE: https://github.com/ImageMagick/ImageMagick/commit/a7bb158b7bedd1449a34432feb3a67c8f1873bfa @@ -16371,8 +16379,8 @@ RESERVED CVE-2016-7173 RESERVED -CVE-2016-7172 - RESERVED +CVE-2016-7172 (NetApp Snap Creator Framework before 4.3.1 discloses sensitive ...) + TODO: check CVE-2016-7171 (NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use ...) TODO: check CVE-2016-7170 (The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka ...) @@ -18167,6 +18175,7 @@ [wheezy] - phpmyadmin <no-dsa> (Not critical enough) NOTE: https://www.phpmyadmin.net/security/PMASA-2016-50/ CVE-2016-6626 (An issue was discovered in phpMyAdmin. An attacker could redirect a ...) + {DLA-757-1} - phpmyadmin 4:4.6.4+dfsg1-1 [wheezy] - phpmyadmin <not-affected> (Vulnerable code not present) NOTE: https://www.phpmyadmin.net/security/PMASA-2016-49/ @@ -20998,8 +21007,7 @@ [jessie] - php-pecl-http <not-affected> (Vulnerable code not present) NOTE: https://bugs.php.net/bug.php?id=71719 NOTE: https://github.com/m6w6/ext-http/commit/3724cd76a28be1d6049b5537232e97ac567ae1f5/def -CVE-2016-5851 [XXE] - RESERVED +CVE-2016-5851 (python-docx before 0.8.6 allows context-dependent attackers to conduct ...) NOT-FOR-US: python-docx CVE-2016-5849 (Siemens SICAM PAS through 8.07 allows local users to obtain sensitive ...) NOT-FOR-US: Siemens SICAM PAS @@ -32567,8 +32575,8 @@ NOT-FOR-US: Accellion CVE-2016-2350 (Multiple cross-site scripting (XSS) vulnerabilities on the Accellion ...) NOT-FOR-US: Accellion -CVE-2016-2349 - RESERVED +CVE-2016-2349 (Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 ...) + TODO: check CVE-2016-2348 RESERVED CVE-2016-2347 [decode_level3_header heap corruption vulnerability] _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits