[Secure-testing-commits] r47359 - data/CVE

security tracker role Thu, 22 Dec 2016 13:11:35 -0800

Author: sectracker
Date: 2016-12-22 21:10:24 +0000 (Thu, 22 Dec 2016)
New Revision: 47359


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-12-22 19:52:26 UTC (rev 47358)
+++ data/CVE/list       2016-12-22 21:10:24 UTC (rev 47359)
@@ -687,7 +687,7 @@
        NOTE: http://www.openwall.com/lists/oss-security/2016/12/12/2
 CVE-2016-9933 [imagefilltoborder stackoverflow on truecolor images]
        RESERVED
-       {DSA-3732-1}
+       {DSA-3732-1 DLA-758-1}
        - libgd2 2.2.2-29-g3c2b605-1 (bug #849038)
        NOTE: This problem could be seen as a programmer fault but the fix is 
easy and
        NOTE: the effect is rather dramatic so it should be fixed anyway.
@@ -8775,6 +8775,7 @@
        NOTE: PHP workaround for CVE-2014-9911 in icu
        TODO: double-check first fixing version in unstable
 CVE-2016-4412 (An issue was discovered in phpMyAdmin. A user can be tricked 
into ...)
+       {DLA-757-1}
        - phpmyadmin 4:4.1.7-1
        NOTE: https://www.phpmyadmin.net/security/PMASA-2016-57/
        NOTE: may affect wheezy only.
@@ -8787,9 +8788,11 @@
        NOTE: https://www.phpmyadmin.net/security/PMASA-2016-59/
        NOTE: disabled by default, debugging setting required
 CVE-2016-9849 (An issue was discovered in phpMyAdmin. It is possible to bypass 
...)
+       {DLA-757-1}
        - phpmyadmin 4:4.6.5.1-1
        NOTE: https://www.phpmyadmin.net/security/PMASA-2016-60/
 CVE-2016-9850 (An issue was discovered in phpMyAdmin. Username matching for 
the ...)
+       {DLA-757-1}
        - phpmyadmin 4:4.6.5.1-1 (low)
        NOTE: https://www.phpmyadmin.net/security/PMASA-2016-61/
 CVE-2016-9851 (An issue was discovered in phpMyAdmin. With a crafted request 
...)
@@ -8829,6 +8832,7 @@
        - phpmyadmin 4:4.6.5.1-1 (unimportant)
        NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/
 CVE-2016-9861 (An issue was discovered in phpMyAdmin. Due to the limitation in 
URL ...)
+       {DLA-757-1}
        - phpmyadmin 4:4.6.5.1-1 (low)
        NOTE: https://www.phpmyadmin.net/security/PMASA-2016-66/
 CVE-2016-9862 (An issue was discovered in phpMyAdmin. With a crafted login 
request it ...)
@@ -8842,9 +8846,11 @@
        [wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
        NOTE: https://www.phpmyadmin.net/security/PMASA-2016-68/
 CVE-2016-9864 (An issue was discovered in phpMyAdmin. With a crafted username 
or a ...)
+       {DLA-757-1}
        - phpmyadmin 4:4.6.5.1-1
        NOTE: https://www.phpmyadmin.net/security/PMASA-2016-69/
 CVE-2016-9865 (An issue was discovered in phpMyAdmin. Due to a bug in 
serialized ...)
+       {DLA-757-1}
        - phpmyadmin 4:4.6.5.1-1
        NOTE: https://www.phpmyadmin.net/security/PMASA-2016-70/
 CVE-2016-9866 (An issue was discovered in phpMyAdmin. When the arg_separator 
is ...)
@@ -9165,7 +9171,7 @@
        NOTE: Upstream statement: 
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31045
 CVE-2016-9556 [Heap buffer overflow in heap-buffer-overflow in IsPixelGray]
        RESERVED
-       {DSA-3726-1}
+       {DSA-3726-1 DLA-756-1}
        - imagemagick 8:6.9.6.5+dfsg-1 (bug #845242)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/301
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/174de08d7c81ce147689f3b1c73fadd6bf1c023c
@@ -11386,6 +11392,7 @@
        REJECTED
 CVE-2016-8707 [ImageMagick Convert Tiff Adobe Deflate Code Execution 
Vulnerability]
        RESERVED
+       {DLA-756-1}
        [experimental] - imagemagick 8:6.9.7.0+dfsg-1
        - imagemagick <unfixed> (bug #848139)
        NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0216/
@@ -11502,6 +11509,7 @@
        NOTE: https://github.com/mdadams/jasper/issues/28
 CVE-2016-8866 [memory allocation failure in AcquireMagickMemory (memory.c) 
(incomplete fix for CVE-2016-8862)]
        RESERVED
+       {DLA-756-1}
        - imagemagick <not-affected>
        NOTE: For incomplete fix of CVE-2016-8862
        NOTE: 
https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/
@@ -11525,7 +11533,7 @@
        NOTE: Only thing the attacker could do here is self-dos own connection
 CVE-2016-8862 [imagemagick: memory allocation failure in AcquireMagickMemory 
(memory.c)]
        RESERVED
-       {DSA-3726-1}
+       {DSA-3726-1 DLA-756-1}
        - imagemagick 8:6.9.6.6+dfsg-1 (bug #845634)
        NOTE: 
https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/aea6c6507f55632829e6432f8177a084a57c9fcc
@@ -14814,7 +14822,7 @@
        NOTE: 
https://sourceforge.net/p/graphicsmagick/code/ci/5c7b6d6094a25e99c57f8b18343914ebfd8213ef/
 CVE-2016-7799 [mogrify global buffer overflow]
        RESERVED
-       {DSA-3726-1}
+       {DSA-3726-1 DLA-756-1}
        - imagemagick 8:6.9.6.2+dfsg-2 (bug #840437)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/280
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/a7bb158b7bedd1449a34432feb3a67c8f1873bfa
@@ -16371,8 +16379,8 @@
        RESERVED
 CVE-2016-7173
        RESERVED
-CVE-2016-7172
-       RESERVED
+CVE-2016-7172 (NetApp Snap Creator Framework before 4.3.1 discloses sensitive 
...)
+       TODO: check
 CVE-2016-7171 (NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 
makes use ...)
        TODO: check
 CVE-2016-7170 (The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU 
(aka ...)
@@ -18167,6 +18175,7 @@
        [wheezy] - phpmyadmin <no-dsa> (Not critical enough)
        NOTE: https://www.phpmyadmin.net/security/PMASA-2016-50/
 CVE-2016-6626 (An issue was discovered in phpMyAdmin. An attacker could 
redirect a ...)
+       {DLA-757-1}
        - phpmyadmin 4:4.6.4+dfsg1-1
        [wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
        NOTE: https://www.phpmyadmin.net/security/PMASA-2016-49/
@@ -20998,8 +21007,7 @@
        [jessie] - php-pecl-http <not-affected> (Vulnerable code not present)
        NOTE: https://bugs.php.net/bug.php?id=71719
        NOTE: 
https://github.com/m6w6/ext-http/commit/3724cd76a28be1d6049b5537232e97ac567ae1f5/def
-CVE-2016-5851 [XXE]
-       RESERVED
+CVE-2016-5851 (python-docx before 0.8.6 allows context-dependent attackers to 
conduct ...)
        NOT-FOR-US: python-docx
 CVE-2016-5849 (Siemens SICAM PAS through 8.07 allows local users to obtain 
sensitive ...)
        NOT-FOR-US: Siemens SICAM PAS
@@ -32567,8 +32575,8 @@
        NOT-FOR-US: Accellion
 CVE-2016-2350 (Multiple cross-site scripting (XSS) vulnerabilities on the 
Accellion ...)
        NOT-FOR-US: Accellion
-CVE-2016-2349
-       RESERVED
+CVE-2016-2349 (Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, 
and 9.1 ...)
+       TODO: check
 CVE-2016-2348
        RESERVED
 CVE-2016-2347 [decode_level3_header heap corruption vulnerability]


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r47359 - data/CVE

Reply via email to