Author: sectracker
Date: 2016-12-30 21:10:34 +0000 (Fri, 30 Dec 2016)
New Revision: 47592
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-30 21:05:00 UTC (rev 47591)
+++ data/CVE/list 2016-12-30 21:10:34 UTC (rev 47592)
@@ -1,3 +1,123 @@
+CVE-2017-5004
+ RESERVED
+CVE-2017-5003
+ RESERVED
+CVE-2017-5002
+ RESERVED
+CVE-2017-5001
+ RESERVED
+CVE-2017-5000
+ RESERVED
+CVE-2017-4999
+ RESERVED
+CVE-2017-4998
+ RESERVED
+CVE-2017-4997
+ RESERVED
+CVE-2017-4996
+ RESERVED
+CVE-2017-4995
+ RESERVED
+CVE-2017-4994
+ RESERVED
+CVE-2017-4993
+ RESERVED
+CVE-2017-4992
+ RESERVED
+CVE-2017-4991
+ RESERVED
+CVE-2017-4990
+ RESERVED
+CVE-2017-4989
+ RESERVED
+CVE-2017-4988
+ RESERVED
+CVE-2017-4987
+ RESERVED
+CVE-2017-4986
+ RESERVED
+CVE-2017-4985
+ RESERVED
+CVE-2017-4984
+ RESERVED
+CVE-2017-4983
+ RESERVED
+CVE-2017-4982
+ RESERVED
+CVE-2017-4981
+ RESERVED
+CVE-2017-4980
+ RESERVED
+CVE-2017-4979
+ RESERVED
+CVE-2017-4978
+ RESERVED
+CVE-2017-4977
+ RESERVED
+CVE-2017-4976
+ RESERVED
+CVE-2017-4975
+ RESERVED
+CVE-2017-4974
+ RESERVED
+CVE-2017-4973
+ RESERVED
+CVE-2017-4972
+ RESERVED
+CVE-2017-4971
+ RESERVED
+CVE-2017-4970
+ RESERVED
+CVE-2017-4969
+ RESERVED
+CVE-2017-4968
+ RESERVED
+CVE-2017-4967
+ RESERVED
+CVE-2017-4966
+ RESERVED
+CVE-2017-4965
+ RESERVED
+CVE-2017-4964
+ RESERVED
+CVE-2017-4963
+ RESERVED
+CVE-2017-4962
+ RESERVED
+CVE-2017-4961
+ RESERVED
+CVE-2017-4960
+ RESERVED
+CVE-2017-4959
+ RESERVED
+CVE-2017-4958
+ RESERVED
+CVE-2017-4957
+ RESERVED
+CVE-2017-4956
+ RESERVED
+CVE-2017-4955
+ RESERVED
+CVE-2016-10085 (admin/languages.php in Piwigo through 2.8.3 allows remote
authenticated ...)
+ TODO: check
+CVE-2016-10084 (admin/batch_manager.php in Piwigo through 2.8.3 allows remote
...)
+ TODO: check
+CVE-2016-10083 (Cross-site scripting (XSS) vulnerability in admin/plugin.php
in Piwigo ...)
+ TODO: check
+CVE-2016-10082 (include/functions_installer.inc.php in Serendipity through
2.0.5 is ...)
+ TODO: check
+CVE-2016-10081 (/usr/bin/shutter in Shutter through 0.93.1 allows
user-assisted remote ...)
+ TODO: check
+CVE-2016-10080
+ RESERVED
+CVE-2016-10079
+ RESERVED
+CVE-2016-10078
+ RESERVED
+CVE-2016-10077
+ RESERVED
+CVE-2016-10076
+ RESERVED
CVE-2017-4954
RESERVED
CVE-2017-4953
@@ -2123,6 +2243,7 @@
- libpng <removed>
NOTE: Fixed in 1.0.67, 1.2.57, 1.4.20, 1.5.28, 1.6.27
CVE-2016-10075 [insecure use of git]
+ RESERVED
- tqdm <unfixed> (bug #849632)
NOTE: https://github.com/tqdm/tqdm/issues/328
CVE-2016-10074 [Remote Code Execution]
@@ -4039,8 +4160,8 @@
RESERVED
CVE-2016-9892
RESERVED
-CVE-2016-9891
- RESERVED
+CVE-2016-9891 (Cross-site scripting (XSS) vulnerability in admin/media.php and
...)
+ TODO: check
CVE-2016-9890
RESERVED
CVE-2016-9889 (Some forms with the parameter geo_zoomlevel_to_found_location
in Tiki ...)
@@ -4068,8 +4189,7 @@
RESERVED
CVE-2016-9879
RESERVED
-CVE-2016-9878 [Directory Traversal in the Spring Framework ResourceServlet]
- RESERVED
+CVE-2016-9878 (An issue was discovered in Pivotal Spring Framework before
3.2.18, ...)
- libspring-java 4.3.5-1 (bug #849167)
[jessie] - libspring-java <no-dsa> (Minor issue)
[wheezy] - libspring-java <no-dsa> (Minor issue)
@@ -4078,8 +4198,8 @@
NOTE: Fixed by:
https://github.com/spring-projects/spring-framework/commit/43bf008fbcd0d7945e2fcd5e30039bc4d74c7a98
(4.2.x branch)
NOTE: Fixed by:
https://github.com/spring-projects/spring-framework/commit/a7dc48534ea501525f11369d369178a60c2f47d0
(3.2.x branch)
NOTE: https://jira.spring.io/browse/SPR-14946
-CVE-2016-9877
- RESERVED
+CVE-2016-9877 (An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8
and 3.6.x ...)
+ TODO: check
CVE-2016-9876
RESERVED
CVE-2016-9875
@@ -4116,8 +4236,7 @@
NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05043.html
NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/12
-CVE-2016-9916 [9pfs: add cleanup operation for proxy backend driver]
- RESERVED
+CVE-2016-9916 (Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator)
allows ...)
- qemu 1:2.8+dfsg-1 (bug #847496)
[wheezy] - qemu <no-dsa> (Minor issue, virtfs-proxy-helper not present)
- qemu-kvm <removed>
@@ -4130,8 +4249,7 @@
NOTE: Proxy filesystem driver introduced in:
http://git.qemu.org/?p=qemu.git;a=commit;h=4c793dda22213a7aba8e4d9a814e8f368a5f8bf7
(v1.0-rc0)
NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11
NOTE: Minor issue, virtfs-proxy-helper not present in wheezy, see
debian-lts ML: https://lists.debian.org/debian-lts/2016/12/msg00136.html
-CVE-2016-9915 [9pfs: add cleanup operation for handle backend driver]
- RESERVED
+CVE-2016-9915 (Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator)
allows ...)
- qemu 1:2.8+dfsg-1 (bug #847496)
[wheezy] - qemu <no-dsa> (handle driver not included during compilation)
- qemu-kvm <removed>
@@ -4144,8 +4262,7 @@
NOTE: handle based fs driver introduced in:
http://git.qemu.org/?p=qemu.git;a=commit;h=5f5422258e1f50f871bafcc5bfb2b498f414a310
(v1.0-rc0)
NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11
NOTE: proxy driver not included during compilation in wheezy, see
debian-lts ML: https://lists.debian.org/debian-lts/2016/12/msg00136.html
-CVE-2016-9914 [9pfs: add cleanup operation in FileOperations]
- RESERVED
+CVE-2016-9914 (Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows
local ...)
- qemu 1:2.8+dfsg-1 (bug #847496)
[wheezy] - qemu <no-dsa> (proxy and handle drivers not included during
compilation)
- qemu-kvm <removed>
@@ -4158,8 +4275,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11
NOTE: proxy and handle drivers not included during compilation in
wheezy, so the cleanup function is never implemented:
NOTE: see debian-lts ML:
https://lists.debian.org/debian-lts/2016/12/msg00136.html
-CVE-2016-9913 [9pfs: adjust the order of resource cleanup in device unrealize]
- RESERVED
+CVE-2016-9913 (Memory leak in the v9fs_device_unrealize_common function in ...)
- qemu 1:2.8+dfsg-1 (bug #847496)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
@@ -4921,15 +5037,13 @@
RESERVED
CVE-2016-9757 (In the Create Tags page of the Rapid7 Nexpose version 6.4.12
user ...)
TODO: check
-CVE-2016-9846 [display: virtio-gpu: memory leakage while updating cursor]
- RESERVED
+CVE-2016-9846 (QEMU (aka Quick Emulator) built with the Virtio GPU Device
emulator ...)
- qemu 1:2.8+dfsg-1 (bug #847382)
[jessie] - qemu <not-affected> (Vulnerable code not present)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00029.html
-CVE-2016-9845 [display: virtio-gpu-3d: information leakage in
virgl_cmd_get_capset_info]
- RESERVED
+CVE-2016-9845 (QEMU (aka Quick Emulator) built with the Virtio GPU Device
emulator ...)
- qemu 1:2.8+dfsg-1 (bug #847381)
[jessie] - qemu <not-affected> (Vulnerable code not present)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
@@ -10356,14 +10470,12 @@
[jessie] - bluez <no-dsa> (Minor issue)
[wheezy] - bluez <no-dsa> (Minor issue)
NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
-CVE-2016-9794 [Linux kernel: ALSA: use-after-free in,kill_fasync]
- RESERVED
+CVE-2016-9794 (Race condition in the snd_pcm_period_elapsed function in ...)
- linux 4.7.2-1
NOTE: https://patchwork.kernel.org/patch/8752621/
NOTE: Fixed by:
https://git.kernel.org/linus/3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4 (v4.7-rc1)
NOTE: http://seclists.org/oss-sec/2016/q4/576
-CVE-2016-9793 [Linux: signed overflows for SO_{SND|RCV}BUFFORCE]
- RESERVED
+CVE-2016-9793 (The sock_setsockopt function in net/core/sock.c in the Linux
kernel ...)
- linux 4.8.15-1
NOTE: Fixed by:
https://git.kernel.org/linus/b98b0bc8c431e3ceb4b26b0dfc8db509518fb290
CVE-2016-9775 [tomcat8: privilege escalation during package removal]
@@ -10384,8 +10496,7 @@
- tomcat6 6.0.41-3
NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in
Jessie
NOTE: http://www.openwall.com/lists/oss-security/2016/12/02/5
-CVE-2016-9777 [kvm: out of bounds memory access via vcpu_id]
- RESERVED
+CVE-2016-9777 (KVM in the Linux kernel before 4.8.12, when I/O APIC is
enabled, does ...)
- linux 4.8.15-1
[jessie] - linux <not-affected> (Vulnerable code introduced later)
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
@@ -10393,8 +10504,7 @@
NOTE: Fixed by:
https://git.kernel.org/linus/81cdb259fb6d8c1c4ecfeea389ff5a73c07f5755 (v4.9-rc7)
NOTE: Introduced in:
https://git.kernel.org/linus/af1bae5497b98cb99d6b0492e6981f060420a00c (v4.8-rc1)
NOTE: http://www.openwall.com/lists/oss-security/2016/12/02/2
-CVE-2016-9776 [net: mcf_fec: infinite loop while receiving data in
mcf_fec_receive]
- RESERVED
+CVE-2016-9776 (QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet
...)
- qemu 1:2.8+dfsg-1 (bug #846797)
[jessie] - qemu <no-dsa> (Minor issue)
[wheezy] - qemu <no-dsa> (Minor issue)
@@ -10402,13 +10512,11 @@
[wheezy] - qemu-kvm <not-affected> (Coldfire is not emulated by kvm)
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05324.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1400829
-CVE-2016-9756 [kvm: stack memory information leakage]
- RESERVED
+CVE-2016-9756 (arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does
not ...)
- linux 4.8.15-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1400468
NOTE: Fixed by:
https://git.kernel.org/linus/2117d5398c81554fbf803f5fd1dc55eb78216c0c
-CVE-2016-9755 [net: out-of-bounds due do a signedness issue when defragging
ipv6]
- RESERVED
+CVE-2016-9755 (The netfilter subsystem in the Linux kernel before 4.9
mishandles IPv6 ...)
- linux 4.8.15-1
[jessie] - linux <not-affected> (Vulnerable code introduced later)
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
@@ -10552,8 +10660,7 @@
NOTE: Upstream patch:
https://www.openafs.org/pages/security/openafs-sa-2016-003-master.patch (master)
NOTE: Upstream patch:
https://www.openafs.org/pages/security/openafs-sa-2016-003.patch
NOTE: http://www.openwall.com/lists/oss-security/2016/12/01/12
-CVE-2016-9685 [memory leak in xfs attribute mechanism]
- RESERVED
+CVE-2016-9685 (Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c
in the ...)
- linux 4.5.1-1
[jessie] - linux 3.16.36-1
[wheezy] - linux 3.2.81-1
@@ -10768,8 +10875,7 @@
RESERVED
CVE-2016-9589
RESERVED
-CVE-2016-9588 [kvm: nVMX: uncaught software exceptions in L1 guest lead to DoS]
- RESERVED
+CVE-2016-9588 (arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages
the #BP ...)
- linux <unfixed>
NOTE: https://www.spinics.net/lists/kvm/msg142495.html
NOTE: Fixed by:
https://git.kernel.org/linus/ef85b67385436ddc1998f45f1d6a210f935b3388
@@ -10823,8 +10929,7 @@
CVE-2016-10088 [Issue which remains after
a0ac402cfcdc904f9772e1762b3fda112dcc56a0]
- linux <unfixed>
NOTE: Fixed by:
https://git.kernel.org/linus/128394eff343fc6d2f32172f03e24829539c5835
(v4.10-rc1)
-CVE-2016-9576 [Memory corruption in SCSI generic device interface]
- RESERVED
+CVE-2016-9576 (The blk_rq_map_user_iov function in block/blk-map.c in the
Linux ...)
- linux 4.8.15-1
NOTE: https://marc.info/?l=linux-scsi&m=148010092224801&w=2
NOTE:
https://gist.githubusercontent.com/dvyukov/80cd94b4e4c288f16ee4c787d404118b/raw/10536069562444da51b758bb39655b514ff93b45/gistfile1.txt
@@ -11183,8 +11288,7 @@
[wheezy] - gst-plugins-good0.10 0.10.31-3+nmu1+deb7u1
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774859
NOTE:
https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
-CVE-2016-9806 [double free in netlink_dump]
- RESERVED
+CVE-2016-9806 (Race condition in the netlink_dump function in ...)
- linux 4.6.3-1
[wheezy] - linux <not-affected> (Introduced in 3.12)
NOTE: Fixed by:
https://git.kernel.org/linus/92964c79b357efd980812c4de5c1fd2ec8bb5520 (v4.7-rc1)
@@ -11422,7 +11526,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-9559 [null pointer passed as argument 2, which is declared to never
be null]
RESERVED
- {DSA-3726-1}
+ {DSA-3726-1 DLA-756-1}
- imagemagick 8:6.9.6.5+dfsg-1 (bug #845243)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/1c795ce9fe1d6feac8bc36c2e6c5ba7110b671b1
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/b61d35eaccc0a7ddeff8a1c3abfcd0a43ccf210b
(master)
@@ -12359,7 +12463,7 @@
RESERVED
CVE-2016-9224 (A vulnerability in the Cisco Jabber Guest Server could allow an
...)
NOT-FOR-US: Cisco
-CVE-2016-9223 (A vulnerability in the Docker Engine configuration of Cisco
CloudCenter ...)
+CVE-2016-9223 (A vulnerability in the Docker Engine configuration of Cisco ...)
NOT-FOR-US: Cisco
CVE-2016-9222
RESERVED
@@ -14001,7 +14105,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/272
CVE-2016-8677 [memory allocate failure in AcquireQuantumPixels]
RESERVED
- {DSA-3726-1}
+ {DSA-3726-1 DLA-756-1}
- imagemagick 8:6.9.6.2+dfsg-1 (bug #845206)
NOTE:
https://blogs.gentoo.org/ago/2016/10/07/imagemagick-memory-allocate-failure-in-acquirequantumpixels-quantum-c/
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/6e48aa92ff4e6e95424300ecd52a9ea453c19c60
@@ -17834,22 +17938,22 @@
RESERVED
CVE-2016-7464
RESERVED
-CVE-2016-7463
- RESERVED
-CVE-2016-7462
- RESERVED
-CVE-2016-7461
- RESERVED
-CVE-2016-7460
- RESERVED
-CVE-2016-7459
- RESERVED
-CVE-2016-7458
- RESERVED
-CVE-2016-7457
- RESERVED
-CVE-2016-7456
- RESERVED
+CVE-2016-7463 (Cross-site scripting (XSS) vulnerability in the Host Client in
VMware ...)
+ TODO: check
+CVE-2016-7462 (The Suite REST API in VMware vRealize Operations (aka vROps)
6.x ...)
+ TODO: check
+CVE-2016-7461 (The drag-and-drop (aka DnD) function in VMware Workstation Pro
12.x ...)
+ TODO: check
+CVE-2016-7460 (The Single Sign-On feature in VMware vCenter Server 5.5 before
U3e and ...)
+ TODO: check
+CVE-2016-7459 (VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows
remote ...)
+ TODO: check
+CVE-2016-7458 (VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows
remote ...)
+ TODO: check
+CVE-2016-7457 (VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows
remote ...)
+ TODO: check
+CVE-2016-7456 (VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an
SSH ...)
+ TODO: check
CVE-2016-7455
RESERVED
CVE-2016-7454 (CSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco
dpc3941T) ...)
@@ -19131,24 +19235,24 @@
NOT-FOR-US: WatchGuard
CVE-2016-7088
RESERVED
-CVE-2016-7087
- RESERVED
-CVE-2016-7086
- RESERVED
-CVE-2016-7085
- RESERVED
-CVE-2016-7084
- RESERVED
-CVE-2016-7083
- RESERVED
-CVE-2016-7082
- RESERVED
-CVE-2016-7081
- RESERVED
-CVE-2016-7080
- RESERVED
-CVE-2016-7079
- RESERVED
+CVE-2016-7087 (Directory traversal vulnerability in the Connection Server in
VMware ...)
+ TODO: check
+CVE-2016-7086 (The installer in VMware Workstation Pro 12.x before 12.5.0 and
VMware ...)
+ TODO: check
+CVE-2016-7085 (Untrusted search path vulnerability in the installer in VMware
...)
+ TODO: check
+CVE-2016-7084 (tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and
VMware ...)
+ TODO: check
+CVE-2016-7083 (VMware Workstation Pro 12.x before 12.5.0 and VMware
Workstation ...)
+ TODO: check
+CVE-2016-7082 (VMware Workstation Pro 12.x before 12.5.0 and VMware
Workstation ...)
+ TODO: check
+CVE-2016-7081 (Multiple heap-based buffer overflows in VMware Workstation Pro
12.x ...)
+ TODO: check
+CVE-2016-7080 (The graphic acceleration functions in VMware Tools 9.x and 10.x
before ...)
+ TODO: check
+CVE-2016-7079 (The graphic acceleration functions in VMware Tools 9.x and 10.x
before ...)
+ TODO: check
CVE-2016-7078
RESERVED
- foreman <itp> (bug #663101)
@@ -19972,12 +20076,10 @@
RESERVED
CVE-2016-6788
RESERVED
-CVE-2016-6787
- RESERVED
+CVE-2016-6787 (kernel/events/core.c in the performance subsystem in the Linux
kernel ...)
- linux 4.0.2-1
NOTE: Fixed by:
https://git.kernel.org/linus/f63a8daa5812afef4f06c962351687e1ff9ccb2b (v4.0-rc1)
-CVE-2016-6786
- RESERVED
+CVE-2016-6786 (kernel/events/core.c in the performance subsystem in the Linux
kernel ...)
- linux 4.0.2-1
NOTE: Fixed by:
https://git.kernel.org/linus/f63a8daa5812afef4f06c962351687e1ff9ccb2b (v4.0-rc1)
CVE-2016-6785
@@ -21214,6 +21316,7 @@
CVE-2016-6481
RESERVED
CVE-2013-7459 [Buffer overflow]
+ RESERVED
- python-crypto 2.6.1-7 (bug #849495)
[jessie] - python-crypto <no-dsa> (Minor issue)
NOTE: https://github.com/dlitz/pycrypto/issues/176
@@ -22455,8 +22558,7 @@
NOTE: https://nodesecurity.io/advisories/118
NOTE:
https://github.com/isaacs/minimatch/commit/6944abf9e0694bd22fd9dad293faa40c2bc8a955
NOTE: libv8 is not covered by security support
-CVE-2016-6213
- RESERVED
+CVE-2016-6213 (fs/namespace.c in the Linux kernel before 4.9 does not restrict
how ...)
- linux 4.8.11-1
NOTE: https://lkml.org/lkml/2016/8/28/269
NOTE: Fixed by:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d29216842a85c7970c536108e093963f02714498
@@ -24954,8 +25056,8 @@
TODO: check
CVE-2016-5335 (VMware Identity Manager 2.x before 2.7 and vRealize Automation
7.0.x ...)
TODO: check
-CVE-2016-5334
- RESERVED
+CVE-2016-5334 (VMware Identity Manager 2.x before 2.7.1 and vRealize
Automation 7.x ...)
+ TODO: check
CVE-2016-5333 (VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH
public ...)
TODO: check
CVE-2016-5332 (Directory traversal vulnerability in VMware vRealize Log
Insight 2.x ...)
@@ -24964,10 +25066,10 @@
NOT-FOR-US: VMware
CVE-2016-5330 (Untrusted search path vulnerability in the HGFS (aka Shared
Folders) ...)
NOT-FOR-US: VMware
-CVE-2016-5329
- RESERVED
-CVE-2016-5328
- RESERVED
+CVE-2016-5329 (VMware Fusion 8.x before 8.5 on OS X, when System Integrity
Protection ...)
+ TODO: check
+CVE-2016-5328 (VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System
Integrity ...)
+ TODO: check
CVE-2016-5327
RESERVED
CVE-2016-5326
@@ -33452,8 +33554,7 @@
NOTE:
https://github.com/puppetlabs/puppet/pull/4921/commits/8d2ce797db265720f0a20d1d46ee2757b4e4f6b2
CVE-2016-2784 (CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when
Smarty ...)
NOT-FOR-US: CMS Made Simple
-CVE-2015-8818
- RESERVED
+CVE-2015-8818 (The cpu_physical_memory_write_rom_internal function in exec.c
in QEMU ...)
- qemu 1:2.4+dfsg-1a
[jessie] - qemu <no-dsa> (Minor issue; can be fixed along with a future
DSA)
[wheezy] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <=
2.3.1)
@@ -33465,8 +33566,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/03/01/10
NOTE:
http://git.qemu.org/?p=qemu.git;a=commit;h=b242e0e0e2969c044a318e56f7988bbd84de1f63
(v2.4.0-rc0)
TODO: check again after the CVE id split
-CVE-2015-8817
- RESERVED
+CVE-2015-8817 (QEMU (aka Quick Emulator) built to use
'address_space_translate' to ...)
- qemu 1:2.4+dfsg-1a
[jessie] - qemu <no-dsa> (Minor issue; can be fixed along with a future
DSA)
[wheezy] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <=
2.3.1)
@@ -35241,8 +35341,8 @@
RESERVED
CVE-2016-2247
RESERVED
-CVE-2016-2246
- RESERVED
+CVE-2016-2246 (HP ThinPro 4.4 through 6.1 mishandles the keyboard layout
control ...)
+ TODO: check
CVE-2016-2245 (HP Support Assistant before 8.1.52.1 allows remote attackers to
bypass ...)
NOT-FOR-US: HP Support Assistant
CVE-2016-2244 (HP LaserJet printers and MFPs and OfficeJet Enterprise printers
with ...)
@@ -36001,8 +36101,7 @@
REJECTED
CVE-2016-2092
RESERVED
-CVE-2016-2198 [usb: ehci null pointer dereference in ehci_caps_write]
- RESERVED
+CVE-2016-2198 (QEMU (aka Quick Emulator) built with the USB EHCI emulation
support is ...)
- qemu 1:2.6+dfsg-1 (bug #813193)
[jessie] - qemu <no-dsa> (Minor issue; Can be fixed along with a future
DSA)
[wheezy] - qemu <not-affected> (Introduced after v1.2.0)
@@ -36013,8 +36112,7 @@
NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Fixed by:
http://git.qemu.org/?p=qemu.git;a=commit;h=dff0367cf66f489aa772320fa2937a8cac1ca30d
(v2.6.0-rc0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1301643
-CVE-2016-2197 [ide: ahci null pointer dereference when using FIS CLB engines]
- RESERVED
+CVE-2016-2197 (QEMU (aka Quick Emulator) built with an IDE AHCI emulation
support is ...)
- qemu 1:2.6+dfsg-1 (bug #813194)
[jessie] - qemu <not-affected> (Vulnerable code introduced later)
[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
@@ -36790,8 +36888,7 @@
NOT-FOR-US: McAfee
CVE-2015-8772 (McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total
...)
NOT-FOR-US: McAfee
-CVE-2016-1981 [net: e1000 infinite loop in start_xmit and e1000_receive_iov
routines]
- RESERVED
+CVE-2016-1981 (QEMU (aka Quick Emulator) built with the e1000 NIC emulation
support ...)
{DSA-3471-1 DSA-3470-1 DSA-3469-1}
- qemu 1:2.5+dfsg-5 (bug #812307)
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
@@ -39041,8 +39138,7 @@
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-31.html
CVE-2015-8707
RESERVED
-CVE-2015-8744 [net: vmxnet3: incorrect l2 header validation leads to a crash]
- RESERVED
+CVE-2015-8744 (QEMU (aka Quick Emulator) built with a VMWARE VMXNET3
paravirtual NIC ...)
{DSA-3471-1}
- qemu 1:2.5+dfsg-1
[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
@@ -39053,8 +39149,7 @@
NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Fixed by:
http://git.qemu.org/?p=qemu.git;a=commit;h=a7278b36fcab9af469563bd7b9dadebe2ae25e48
(v2.5.0-rc0)
NOTE: VMXNET3 device implementation introduced in
http://git.qemu.org/?p=qemu.git;a=commit;h=786fd2b0f87baded8c9e55307b99719eea3e016e
(v1.5.0-rc0)
-CVE-2015-8745 [net: vmxnet3: reading IMR registers leads to a crash]
- RESERVED
+CVE-2015-8745 (QEMU (aka Quick Emulator) built with a VMWARE VMXNET3
paravirtual NIC ...)
{DSA-3471-1}
- qemu 1:2.5+dfsg-1
[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
@@ -39065,8 +39160,7 @@
NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: Fixed by:
http://git.qemu.org/?p=qemu.git;a=commit;h=c6048f849c7e3f009786df76206e895a69de032c
(v2.5.0-rc0)
NOTE: VMXNET3 device implementation introduced in
http://git.qemu.org/?p=qemu.git;a=commit;h=786fd2b0f87baded8c9e55307b99719eea3e016e
(v1.5.0-rc0)
-CVE-2015-8743 [net: ne2000: OOB r/w in ioport operations]
- RESERVED
+CVE-2015-8743 (QEMU (aka Quick Emulator) built with the NE2000 device
emulation ...)
{DSA-3471-1 DSA-3470-1 DSA-3469-1}
- qemu 1:2.5+dfsg-2 (bug #810519)
[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
@@ -39188,8 +39282,7 @@
- inspircd 2.0.20-1
NOTE:
https://github.com/inspircd/inspircd/commit/6058483d9fbc1b904d5ae7cfea47bfcde5c5b559
NOTE: http://www.inspircd.org/2015/04/16/v2019-released.html
-CVE-2015-8701 [net: rocker: fix an incorrect array bounds check]
- RESERVED
+CVE-2015-8701 (QEMU (aka Quick Emulator) built with the Rocker switch
emulation ...)
- qemu 1:2.5+dfsg-3 (bug #809313)
[jessie] - qemu <not-affected> (Vulnerable code introduced after qemu
2.3)
[wheezy] - qemu <not-affected> (Vulnerable code introduced after qemu
2.3)
@@ -40281,8 +40374,7 @@
NOTE: According maintainer in https://bugs.debian.org/809237#17
introduced after 1.2
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02930.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283926
-CVE-2016-1922 [i386: null pointer dereference in vapic_write()]
- RESERVED
+CVE-2016-1922 (QEMU (aka Quick Emulator) built with the TPR optimization for
32-bit ...)
{DSA-3471-1 DSA-3470-1 DSA-3469-1}
- qemu 1:2.5+dfsg-4 (bug #811201)
[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
@@ -43319,8 +43411,7 @@
NOTE:
http://sourceforge.net/p/gdcm/gdcm/ci/92cd6d7fe0d01c61cf68ac4ef65ef388ee252415/
NOTE:
http://sourceforge.net/p/gdcm/gdcm/ci/9cbca25ff7f20c432b61eb9f4cae43a946502b66/
NOTE:
http://sourceforge.net/p/gdcm/gdcm/ci/e0dd1114c82d372dd905c029ddbee4e81ed01a89/
-CVE-2012-6704 [Linux: signed overflows for SO_SNDBUF and SO_RCVBUF that
affects "before 3.5" kernels]
- RESERVED
+CVE-2012-6704 (The sock_setsockopt function in net/core/sock.c in the Linux
kernel ...)
- linux 3.8.11-1
NOTE: Fixed by:
https://git.kernel.org/linus/82981930125abfd39d7c8378a9cfdf5e1be2002b (v3.5-rc1)
CVE-2012-6703 (Integer overflow in the snd_compr_allocate_buffer function in
...)
@@ -66251,8 +66342,7 @@
[squeeze] - pitivi <not-affected> (Vulnerable code not present (no
os.system()))
[wheezy] - pitivi <not-affected> (Vulnerable code not present (no
os.system()))
NOTE:
https://git.gnome.org/browse/pitivi/commit/?id=45a4c84edb3b4343f199bba1c65502e3f49f5bb2
(RELEASE-0_95_0)
-CVE-2015-0854 [Insecure use of system()]
- RESERVED
+CVE-2015-0854 (App/HelperFunctions.pm in Shutter through 0.93.1 allows
user-assisted ...)
- shutter 0.93.1-1 (low; bug #798862)
[jessie] - shutter <no-dsa> (Minor issue)
[squeeze] - shutter <no-dsa> (Minor issue)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
