Author: sectracker
Date: 2016-12-31 21:10:11 +0000 (Sat, 31 Dec 2016)
New Revision: 47630
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-31 20:52:34 UTC (rev 47629)
+++ data/CVE/list 2016-12-31 21:10:11 UTC (rev 47630)
@@ -2297,6 +2297,7 @@
NOTE:
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
CVE-2016-10033 [remote code execution]
RESERVED
+ {DSA-3750-1 DLA-770-1}
- libphp-phpmailer 5.2.14+dfsg-2.1 (bug #849365)
NOTE:
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
NOTE: Fixed by:
https://github.com/PHPMailer/PHPMailer/commit/4835657cd639fbd09afd33307cef164edf807cdc#diff-ace81e501931d8763b49f2410cf3094dR1449
@@ -10485,11 +10486,13 @@
[wheezy] - bluez <no-dsa> (Minor issue)
NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
CVE-2016-9794 (Race condition in the snd_pcm_period_elapsed function in ...)
+ {DLA-772-1}
- linux 4.7.2-1
NOTE: https://patchwork.kernel.org/patch/8752621/
NOTE: Fixed by:
https://git.kernel.org/linus/3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4 (v4.7-rc1)
NOTE: http://seclists.org/oss-sec/2016/q4/576
CVE-2016-9793 (The sock_setsockopt function in net/core/sock.c in the Linux
kernel ...)
+ {DLA-772-1}
- linux 4.8.15-1
NOTE: Fixed by:
https://git.kernel.org/linus/b98b0bc8c431e3ceb4b26b0dfc8db509518fb290
CVE-2016-9775 [tomcat8: privilege escalation during package removal]
@@ -10527,6 +10530,7 @@
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05324.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1400829
CVE-2016-9756 (arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does
not ...)
+ {DLA-772-1}
- linux 4.8.15-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1400468
NOTE: Fixed by:
https://git.kernel.org/linus/2117d5398c81554fbf803f5fd1dc55eb78216c0c
@@ -10941,9 +10945,11 @@
CVE-2016-9577
RESERVED
CVE-2016-10088 [Issue which remains after
a0ac402cfcdc904f9772e1762b3fda112dcc56a0]
+ {DLA-772-1}
- linux <unfixed>
NOTE: Fixed by:
https://git.kernel.org/linus/128394eff343fc6d2f32172f03e24829539c5835
(v4.10-rc1)
CVE-2016-9576 (The blk_rq_map_user_iov function in block/blk-map.c in the
Linux ...)
+ {DLA-772-1}
- linux 4.8.15-1
NOTE: https://marc.info/?l=linux-scsi&m=148010092224801&w=2
NOTE:
https://gist.githubusercontent.com/dvyukov/80cd94b4e4c288f16ee4c787d404118b/raw/10536069562444da51b758bb39655b514ff93b45/gistfile1.txt
@@ -11422,6 +11428,7 @@
NOTE:
https://blogs.gentoo.org/ago/2016/11/19/jasper-signed-integer-overflow-in-jas_image-c
NOTE: Fixed by:
https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a
CVE-2016-9555 (The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the
Linux ...)
+ {DLA-772-1}
- linux 4.8.11-1
NOTE: Fixed by:
https://git.kernel.org/linus/bf911e985d6bbaa328c20c3e05f4eb03de11fdd6 (4.9-rc4)
CVE-2016-9481 (In framework/modules/core/controllers/expCommentController.php
of ...)
@@ -12680,6 +12687,7 @@
NOTE: the 3.2 and 3.16 LTS series
NOTE: http://www.openwall.com/lists/oss-security/2016/11/03/2
CVE-2016-9178 (The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h
in the ...)
+ {DLA-772-1}
- linux 4.7.5-1
[jessie] - linux <no-dsa> (Minor issue)
[wheezy] - linux <no-dsa> (Minor issue)
@@ -14196,6 +14204,7 @@
RESERVED
NOT-FOR-US: Red Hat JBoss; jbossas init script
CVE-2016-8655 (Race condition in net/packet/af_packet.c in the Linux kernel
through ...)
+ {DLA-772-1}
- linux 4.8.15-1
[wheezy] - linux <no-dsa> (Minor issue)
NOTE: http://seclists.org/oss-sec/2016/q4/607
@@ -14250,6 +14259,7 @@
NOTE: https://lkml.org/lkml/2016/10/12/198
NOTE: Fixed by:
https://git.kernel.org/linus/4afa5f9617927453ac04b24b584f6c718dfb4f45 (v4.4-rc2)
CVE-2016-8645 (The TCP stack in the Linux kernel before 4.8.10 mishandles skb
...)
+ {DLA-772-1}
- linux 4.8.11-1
NOTE: Fixed by:
https://git.kernel.org/linus/ac6e780070e30e4c35bd395acfe9191e6268bdd3 (v4.9-rc6)
CVE-2016-8644
@@ -14304,6 +14314,7 @@
- foreman <itp> (bug #663101)
NOTE: http://projects.theforeman.org/issues/17195
CVE-2016-8633 (drivers/firewire/net.c in the Linux kernel before 4.8.7, in
certain ...)
+ {DLA-772-1}
- linux 4.8.7-1
NOTE:
https://git.kernel.org/linus/667121ace9dbafb368618dbabcf07901c962ddac
NOTE:
https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/
@@ -15008,6 +15019,7 @@
RESERVED
CVE-2016-8399
RESERVED
+ {DLA-772-1}
- linux 4.8.15-1
NOTE: Fixed by:
https://git.kernel.org/linus/0eab121ef8750a5c8637d51534d5e9143fb0633f
CVE-2016-8398
@@ -15064,13 +15076,16 @@
NOTE: Patch:
http://git.ghostscript.com/?p=ghostpdl.git;h=6d444c273da5499a4cd72f21cb6d4c9a5256807d
NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7
CVE-2015-8964 (The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c
in the ...)
+ {DLA-772-1}
- linux 4.5.1-1
NOTE: Fixed by:
https://git.kernel.org/linus/dd42bf1197144ede075a9d4793123f7689e164bc (v4.5-rc1)
CVE-2015-8963 (Race condition in kernel/events/core.c in the Linux kernel
before 4.4 ...)
+ {DLA-772-1}
- linux 4.4.2-1
NOTE: Fixed by:
https://git.kernel.org/linus/12ca6ad2e3a896256f086497a7c7406a547ee373 (v4.4)
TODO: check
CVE-2015-8962 (Double free vulnerability in the sg_common_write function in
...)
+ {DLA-772-1}
- linux 4.4.2-1
NOTE: Fixed by:
https://git.kernel.org/linus/f3951a3709ff50990bf3e188c27d346792103432 (v4.4-rc1)
CVE-2015-8961 (The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the
Linux ...)
@@ -16952,6 +16967,7 @@
[wheezy] - linux 3.2.81-1
NOTE: Fixed by:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8148a73c9901a8794a50f950083c00ccf97d43b3
CVE-2016-7915 (The hid_input_field function in drivers/hid/hid-core.c in the
Linux ...)
+ {DLA-772-1}
- linux 4.6.1-1
NOTE: Fixed by:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=50220dead1650609206efe91f0cc116132d59b3f
CVE-2016-7914 (The assoc_array_insert_into_terminal_node function in ...)
@@ -16969,9 +16985,11 @@
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38740a5b87d53ceb89eb2c970150f6e94e00373a
CVE-2016-7911 (Race condition in the get_task_ioprio function in
block/ioprio.c in ...)
+ {DLA-772-1}
- linux 4.7.2-1
NOTE: Fixed by:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8ba8682107ee2ca3347354e018865d8e1967c5f4
CVE-2016-7910 (Use-after-free vulnerability in the disk_seqf_stop function in
...)
+ {DLA-772-1}
- linux 4.7.2-1
NOTE: Fixed by:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77da160530dd1dc94f6ae15a981f24e5f0021e84
CVE-2016-7909 (The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka
Quick ...)
@@ -19236,6 +19254,7 @@
NOTE:
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=9ffb64ba6a8121909b01e984deddce8d096c498d
NOTE:
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=690c47e3b18c099843cdf557a0425d701fca4957
CVE-2016-7097 (The filesystem implementation in the Linux kernel through 4.8.2
...)
+ {DLA-772-1}
- linux 4.7.8-1
NOTE: http://www.spinics.net/lists/linux-fsdevel/msg98328.html
NOTE: http://marc.info/?l=linux-fsdevel&m=147162313630259&w=2
@@ -29077,25 +29096,25 @@
CVE-2016-4334
RESERVED
CVE-2016-4333 (The HDF5 1.8.16 library allocating space for the array using a
value ...)
- {DSA-3727-1}
+ {DSA-3727-1 DLA-771-1}
- hdf5 1.10.0-patch1+docs-1 (bug #845301)
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0179/
NOTE: Fixed by:
https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/73640612aad91d3f04e4d8f1ea71d42acbc85f6e
TODO: check if fixing commit is correct
CVE-2016-4332 (The library's failure to check if certain message types support
a ...)
- {DSA-3727-1}
+ {DSA-3727-1 DLA-771-1}
- hdf5 1.10.0-patch1+docs-1 (bug #845301)
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0178/
NOTE: Fixed by:
https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/e1d50d498a0affbbd6e088b524fd495ea95dea88
TODO: check if correct fixing commit
CVE-2016-4331 (When decoding data out of a dataset encoded with the H5Z_NBIT
...)
- {DSA-3727-1}
+ {DSA-3727-1 DLA-771-1}
- hdf5 1.10.0-patch1+docs-1 (bug #845301)
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0177/
NOTE: Fixed by:
https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/e1c4ec3d541eecda78b3afcb1a0fa071c4b52afa
NOTE: Fixed by:
https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/43ec23616697ce0ea3f99e40900fec55fe9107ef
CVE-2016-4330 (In the HDF5 1.8.16 library's failure to check if the number of
...)
- {DSA-3727-1}
+ {DSA-3727-1 DLA-771-1}
- hdf5 1.10.0-patch1+docs-1 (bug #845301)
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0176/
NOTE: Fixed by:
https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/2e7e1899d3d7131bcbad65233ba713f6b79e2d69
@@ -43434,6 +43453,7 @@
NOTE:
http://sourceforge.net/p/gdcm/gdcm/ci/9cbca25ff7f20c432b61eb9f4cae43a946502b66/
NOTE:
http://sourceforge.net/p/gdcm/gdcm/ci/e0dd1114c82d372dd905c029ddbee4e81ed01a89/
CVE-2012-6704 (The sock_setsockopt function in net/core/sock.c in the Linux
kernel ...)
+ {DLA-772-1}
- linux 3.8.11-1
NOTE: Fixed by:
https://git.kernel.org/linus/82981930125abfd39d7c8378a9cfdf5e1be2002b (v3.5-rc1)
CVE-2012-6703 (Integer overflow in the snd_compr_allocate_buffer function in
...)
@@ -65615,6 +65635,7 @@
[wheezy] - oss4 <no-dsa> (Minor issue)
[squeeze] - oss4 <no-dsa> (Minor issue)
CVE-2015-1350 (The VFS subsystem in the Linux kernel 3.x provides an
incomplete set ...)
+ {DLA-772-1}
- linux 4.8.11-1 (bug #770492)
- linux-2.6 <removed>
NOTE: Fixed by:
https://git.kernel.org/linus/030b533c4fd4d2ec3402363323de4bb2983c9cee
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
