Author: sectracker
Date: 2017-01-10 21:10:13 +0000 (Tue, 10 Jan 2017)
New Revision: 47883
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-10 20:40:09 UTC (rev 47882)
+++ data/CVE/list 2017-01-10 21:10:13 UTC (rev 47883)
@@ -1,3 +1,259 @@
+CVE-2017-5329
+ RESERVED
+CVE-2017-5328
+ RESERVED
+CVE-2017-5327
+ RESERVED
+CVE-2017-5326
+ RESERVED
+CVE-2017-5325
+ RESERVED
+CVE-2017-5324
+ RESERVED
+CVE-2017-5323
+ RESERVED
+CVE-2017-5322
+ RESERVED
+CVE-2017-5321
+ RESERVED
+CVE-2017-5320
+ RESERVED
+CVE-2017-5319
+ RESERVED
+CVE-2017-5318
+ RESERVED
+CVE-2017-5317
+ RESERVED
+CVE-2017-5316
+ RESERVED
+CVE-2017-5315
+ RESERVED
+CVE-2017-5314
+ RESERVED
+CVE-2017-5313
+ RESERVED
+CVE-2017-5312
+ RESERVED
+CVE-2017-5311
+ RESERVED
+CVE-2017-5310
+ RESERVED
+CVE-2017-5309
+ RESERVED
+CVE-2017-5308
+ RESERVED
+CVE-2017-5307
+ RESERVED
+CVE-2017-5306
+ RESERVED
+CVE-2017-5305
+ RESERVED
+CVE-2017-5304
+ RESERVED
+CVE-2017-5303
+ RESERVED
+CVE-2017-5302
+ RESERVED
+CVE-2017-5301
+ RESERVED
+CVE-2017-5300
+ RESERVED
+CVE-2017-5299
+ RESERVED
+CVE-2017-5298
+ RESERVED
+CVE-2017-5297
+ RESERVED
+CVE-2017-5296
+ RESERVED
+CVE-2017-5295
+ RESERVED
+CVE-2017-5294
+ RESERVED
+CVE-2017-5293
+ RESERVED
+CVE-2017-5292
+ RESERVED
+CVE-2017-5291
+ RESERVED
+CVE-2017-5290
+ RESERVED
+CVE-2017-5289
+ RESERVED
+CVE-2017-5288
+ RESERVED
+CVE-2017-5287
+ RESERVED
+CVE-2017-5286
+ RESERVED
+CVE-2017-5285
+ RESERVED
+CVE-2017-5284
+ RESERVED
+CVE-2017-5283
+ RESERVED
+CVE-2017-5282
+ RESERVED
+CVE-2017-5281
+ RESERVED
+CVE-2017-5280
+ RESERVED
+CVE-2017-5279
+ RESERVED
+CVE-2017-5278
+ RESERVED
+CVE-2017-5277
+ RESERVED
+CVE-2017-5276
+ RESERVED
+CVE-2017-5275
+ RESERVED
+CVE-2017-5274
+ RESERVED
+CVE-2017-5273
+ RESERVED
+CVE-2017-5272
+ RESERVED
+CVE-2017-5271
+ RESERVED
+CVE-2017-5270
+ RESERVED
+CVE-2017-5269
+ RESERVED
+CVE-2017-5268
+ RESERVED
+CVE-2017-5267
+ RESERVED
+CVE-2017-5266
+ RESERVED
+CVE-2017-5265
+ RESERVED
+CVE-2017-5264
+ RESERVED
+CVE-2017-5263
+ RESERVED
+CVE-2017-5262
+ RESERVED
+CVE-2017-5261
+ RESERVED
+CVE-2017-5260
+ RESERVED
+CVE-2017-5259
+ RESERVED
+CVE-2017-5258
+ RESERVED
+CVE-2017-5257
+ RESERVED
+CVE-2017-5256
+ RESERVED
+CVE-2017-5255
+ RESERVED
+CVE-2017-5254
+ RESERVED
+CVE-2017-5253
+ RESERVED
+CVE-2017-5252
+ RESERVED
+CVE-2017-5251
+ RESERVED
+CVE-2017-5250
+ RESERVED
+CVE-2017-5249
+ RESERVED
+CVE-2017-5248
+ RESERVED
+CVE-2017-5247
+ RESERVED
+CVE-2017-5246
+ RESERVED
+CVE-2017-5245
+ RESERVED
+CVE-2017-5244
+ RESERVED
+CVE-2017-5243
+ RESERVED
+CVE-2017-5242
+ RESERVED
+CVE-2017-5241
+ RESERVED
+CVE-2017-5240
+ RESERVED
+CVE-2017-5239
+ RESERVED
+CVE-2017-5238
+ RESERVED
+CVE-2017-5237
+ RESERVED
+CVE-2017-5236
+ RESERVED
+CVE-2017-5235
+ RESERVED
+CVE-2017-5234
+ RESERVED
+CVE-2017-5233
+ RESERVED
+CVE-2017-5232
+ RESERVED
+CVE-2017-5231
+ RESERVED
+CVE-2017-5230
+ RESERVED
+CVE-2017-5229
+ RESERVED
+CVE-2017-5228
+ RESERVED
+CVE-2017-5227
+ RESERVED
+CVE-2017-5225
+ RESERVED
+CVE-2017-5224
+ RESERVED
+CVE-2017-5223
+ RESERVED
+CVE-2017-5222
+ RESERVED
+CVE-2017-5221
+ RESERVED
+CVE-2017-5220
+ RESERVED
+CVE-2017-5219
+ RESERVED
+CVE-2017-5218
+ RESERVED
+CVE-2017-5217 (Installing a zero-permission Android application on certain
Samsung ...)
+ TODO: check
+CVE-2017-5216 (Stack-based buffer overflow vulnerability in Netop Remote
Control ...)
+ TODO: check
+CVE-2017-5215
+ RESERVED
+CVE-2017-5214
+ RESERVED
+CVE-2017-5213
+ RESERVED
+CVE-2017-5212
+ RESERVED
+CVE-2017-5211
+ RESERVED
+CVE-2017-5210
+ RESERVED
+CVE-2017-5209
+ RESERVED
+CVE-2017-5205
+ RESERVED
+CVE-2017-5204
+ RESERVED
+CVE-2017-5203
+ RESERVED
+CVE-2017-5202
+ RESERVED
+CVE-2017-5201
+ RESERVED
+CVE-2017-5200
+ RESERVED
+CVE-2016-10126 (Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x
before ...)
+ TODO: check
+CVE-2016-10125 (D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a
hardcoded ...)
+ TODO: check
CVE-2017-XXXX [XML external entity attack]
- python-pysaml2 3.0.0-5 (bug #850716)
NOTE: https://github.com/rohe/pysaml2/pull/379
@@ -7,17 +263,21 @@
- w3m 0.5.3-34 (bug #850432)
[jessie] - w3m <no-dsa> (Minor issues)
CVE-2017-5330 [unintended execution of scripts and executable files]
+ RESERVED
- ark <unfixed> (bug #850874)
NOTE: Fixed by:
https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a117fa625b68784735a40f9065
CVE-2017-5226 [escape via TIOCSTI ioctl]
+ RESERVED
- bubblewrap 0.1.5-2 (bug #850702)
NOTE: https://github.com/projectatomic/bubblewrap/issues/142
CVE-2017-5207 [Root shell via --bandwidth and --shell]
+ RESERVED
- firejail 0.9.44.4-1 (bug #850528)
NOTE: https://github.com/netblue30/firejail/issues/1023
NOTE: Fixed by:
https://github.com/netblue30/firejail/commit/5d43fdcd215203868d440ffc42036f5f5ffc89fc
NOTE: http://www.openwall.com/lists/oss-security/2017/01/07/3
CVE-2017-5206
+ RESERVED
- firejail 0.9.44.4-1 (bug #850558)
NOTE: Fixed by:
https://github.com/netblue30/firejail/commit/6b8dba29d73257311564ee7f27b9b14758cc693e
CVE-2017-5199
@@ -170,7 +430,7 @@
RESERVED
CVE-2017-5136
RESERVED
-CVE-2016-10124 [Escaping to parent session using TIOCSTI ioctl in lxc-attach]
+CVE-2016-10124 (An issue was discovered in Linux Containers (LXC) before
2016-02-22. ...)
- lxc 1:2.0.0-1
[jessie] - lxc <no-dsa> (Minor issue)
NOTE:
https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6
@@ -528,6 +788,7 @@
NOTE: Fixed by:
http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=4fbe9222fd79ee31b7ec031b0be070a9a400d1d3
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2017/01/10/4
CVE-2017-5208 [wrestool: exploitable crash]
+ RESERVED
{DSA-3756-1}
- icoutils 0.31.0-4 (bug #850017)
NOTE: Fixed by:
http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=0d569f458f306b88f60156d60c9cf058125cf173
@@ -4792,9 +5053,9 @@
CVE-2016-9887
RESERVED
CVE-2016-9886
- RESERVED
-CVE-2016-9885
- RESERVED
+ REJECTED
+CVE-2016-9885 (An issue was discovered in Pivotal GemFire for PCF 1.6.x
versions prior ...)
+ TODO: check
CVE-2016-9884
RESERVED
CVE-2016-9883
@@ -4805,8 +5066,7 @@
RESERVED
CVE-2016-9880
RESERVED
-CVE-2016-9879
- RESERVED
+CVE-2016-9879 (An issue was discovered in Pivotal Spring Security before
3.2.10, 4.1.x ...)
- libspring-security-java <itp> (bug #582181)
NOTE: https://pivotal.io/security/cve-2016-9879
CVE-2016-9878 (An issue was discovered in Pivotal Spring Framework before
3.2.18, ...)
@@ -4825,11 +5085,11 @@
NOTE: https://github.com/rabbitmq/rabbitmq-mqtt/issues/96
NOTE: https://github.com/rabbitmq/rabbitmq-mqtt/pull/98
CVE-2016-9876
- RESERVED
+ REJECTED
CVE-2016-9875
- RESERVED
+ REJECTED
CVE-2016-9874
- RESERVED
+ REJECTED
CVE-2016-9873
RESERVED
CVE-2016-9872
@@ -4838,14 +5098,11 @@
RESERVED
CVE-2016-9870
RESERVED
-CVE-2016-9869
- RESERVED
+CVE-2016-9869 (An issue was discovered in EMC ScaleIO versions before 2.0.1.1.
...)
NOT-FOR-US: EMC ScaleIO
-CVE-2016-9868
- RESERVED
+CVE-2016-9868 (An issue was discovered in EMC ScaleIO versions before 2.0.1.1.
A ...)
NOT-FOR-US: EMC ScaleIO
-CVE-2016-9867
- RESERVED
+CVE-2016-9867 (An issue was discovered in EMC ScaleIO versions before 2.0.1.1.
A ...)
NOT-FOR-US: EMC ScaleIO
CVE-2016-9919 (The icmp6_send function in net/ipv6/icmp.c in the Linux kernel
through ...)
- linux 4.8.15-1
@@ -14403,20 +14660,17 @@
- imagemagick 8:6.9.7.0+dfsg-2 (bug #848139)
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0216/
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/e5fd9ab1b70b2edd06de8efb606e04482cb9a2f0
(7.0.3-9)
-CVE-2016-8706
- RESERVED
+CVE-2016-8706 (An integer overflow in process_bin_sasl_auth function in
Memcached, ...)
{DSA-3704-1 DLA-701-1}
- memcached 1.4.33-1 (bug #842814)
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0221/
NOTE: upstream fix
https://github.com/memcached/memcached/commit/bd578fc34b96abe0f8d99c1409814a09f51ee71c
-CVE-2016-8705
- RESERVED
+CVE-2016-8705 (Multiple integer overflows in process_bin_update function in
...)
{DSA-3704-1 DLA-701-1}
- memcached 1.4.33-1 (bug #842812)
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0220/
NOTE: upstream fix
https://github.com/memcached/memcached/commit/bd578fc34b96abe0f8d99c1409814a09f51ee71c
-CVE-2016-8704
- RESERVED
+CVE-2016-8704 (An integer overflow in the process_bin_append_prepend function
in ...)
{DSA-3704-1 DLA-701-1}
- memcached 1.4.33-1 (bug #842811)
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0219/
@@ -15794,8 +16048,8 @@
RESERVED
CVE-2016-8335 (An exploitable stack based buffer overflow vulnerability exists
in the ...)
NOT-FOR-US: Iceni Argus
-CVE-2016-8334
- RESERVED
+CVE-2016-8334 (A large out-of-bounds read on the heap vulnerability in Foxit
PDF ...)
+ TODO: check
CVE-2016-8333 (An exploitable stack-based buffer overflow vulnerability exists
in the ...)
NOT-FOR-US: Iceni Argus
CVE-2016-8332 (A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code
execution ...)
@@ -16991,8 +17245,8 @@
RESERVED
CVE-2016-8107
RESERVED
-CVE-2016-8106
- RESERVED
+CVE-2016-8106 (A Denial of Service in Intel Ethernet Controller's X710/XL710
with ...)
+ TODO: check
CVE-2016-8105
RESERVED
CVE-2016-8104 (Buffer overflow in Intel PROSet/Wireless Software and Drivers
in ...)
@@ -24544,8 +24798,7 @@
TODO: check
CVE-2016-5685 (Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40
allow ...)
TODO: check
-CVE-2016-5684 [XMP Image Handling Code Execution Vulnerability]
- RESERVED
+CVE-2016-5684 (An exploitable out-of-bounds write vulnerability exists in the
XMP ...)
{DSA-3692-1 DLA-647-1}
- freeimage 3.17.0+ds1-3 (bug #839827)
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0189/
@@ -24613,8 +24866,7 @@
NOT-FOR-US: Misys
CVE-2016-5653 (Multiple SQL injection vulnerabilities in Misys FusionCapital
Opics ...)
NOT-FOR-US: Misys
-CVE-2016-5652 [heap based buffer overflow in LibTIFFs TIFF2PDF tool]
- RESERVED
+CVE-2016-5652 (An exploitable heap-based buffer overflow exists in the
handling of ...)
{DLA-693-1}
- tiff 4.0.6-3 (bug #842361)
- tiff3 <removed>
@@ -24632,8 +24884,8 @@
NOT-FOR-US: Acer Portal Android application
CVE-2016-5647 (The igdkmd64 module in the Intel Graphics Driver through
15.33.42.435, ...)
TODO: check
-CVE-2016-5646
- RESERVED
+CVE-2016-5646 (An exploitable heap overflow vulnerability exists in the
Compound ...)
+ TODO: check
CVE-2016-5645 (Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA,
1766-L32AWA, ...)
NOT-FOR-US: Rockwell
CVE-2016-5644
@@ -29561,10 +29813,10 @@
NOTE: https://support.zabbix.com/browse/ZBX-10741
CVE-2016-4337
RESERVED
-CVE-2016-4336
- RESERVED
-CVE-2016-4335
- RESERVED
+CVE-2016-4336 (An exploitable out-of-bounds write exists in the Bzip2 parsing
of the ...)
+ TODO: check
+CVE-2016-4335 (An exploitable buffer overflow exists in the XLS parsing of the
...)
+ TODO: check
CVE-2016-4334
RESERVED
CVE-2016-4333 (The HDF5 1.8.16 library allocating space for the array using a
value ...)
@@ -29590,8 +29842,8 @@
- hdf5 1.10.0-patch1+docs-1 (bug #845301)
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0176/
NOTE: Fixed by:
https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/2e7e1899d3d7131bcbad65233ba713f6b79e2d69
-CVE-2016-4329
- RESERVED
+CVE-2016-4329 (A local denial of service vulnerability exists in window
broadcast ...)
+ TODO: check
CVE-2016-4328 (MEDHOST Perioperative Information Management System (aka PIMS
or ...)
TODO: check
CVE-2016-4327
@@ -29605,8 +29857,7 @@
- libreoffice 1:5.1.4~rc1-1
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2016-4324/
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0126/
-CVE-2016-4323 [MXIT Splash Image Arbitrary File Overwrite Vulnerability]
- RESERVED
+CVE-2016-4323 (A directory traversal exists in the handling of the MXIT
protocol in ...)
{DSA-3620-1 DLA-542-1}
- pidgin 2.11.0-1
NOTE: http://www.talosintel.com/reports/TALOS-2016-0128/
@@ -29643,14 +29894,14 @@
NOT-FOR-US: Symphony CMS
CVE-2016-4308
RESERVED
-CVE-2016-4307
- RESERVED
-CVE-2016-4306
- RESERVED
-CVE-2016-4305
- RESERVED
-CVE-2016-4304
- RESERVED
+CVE-2016-4307 (A denial of service vulnerability exists in the IOCTL handling
...)
+ TODO: check
+CVE-2016-4306 (Multiple information leaks exist in various IOCTL handlers of
the ...)
+ TODO: check
+CVE-2016-4305 (A denial of service vulnerability exists in the syscall
filtering ...)
+ TODO: check
+CVE-2016-4304 (A denial of service vulnerability exists in the syscall
filtering ...)
+ TODO: check
CVE-2016-4303 (The parse_string function in cjson.c in the cJSON library
mishandles ...)
- iperf3 3.1.3-1 (bug #827116)
[jessie] - iperf3 <no-dsa> (Minor issue)
@@ -29686,28 +29937,28 @@
NOTE: 1000000, making exploitation more difficult but not impossible.
CVE-2016-4299
RESERVED
-CVE-2016-4298
- RESERVED
+CVE-2016-4298 (When opening a Hangul HShow Document (.hpt) and processing a
structure ...)
+ TODO: check
CVE-2016-4297
RESERVED
-CVE-2016-4296
- RESERVED
-CVE-2016-4295
- RESERVED
-CVE-2016-4294
- RESERVED
+CVE-2016-4296 (When opening a Hangul Hcell Document (.cell) and processing a
record ...)
+ TODO: check
+CVE-2016-4295 (When opening a Hangul Hcell Document (.cell) and processing a
...)
+ TODO: check
+CVE-2016-4294 (When opening a Hangul Hcell Document (.cell) and processing a
property ...)
+ TODO: check
CVE-2016-4293
RESERVED
-CVE-2016-4292
- RESERVED
-CVE-2016-4291
- RESERVED
-CVE-2016-4290
- RESERVED
+CVE-2016-4292 (When opening a Hangul HShow Document (.hpt) and processing a
structure ...)
+ TODO: check
+CVE-2016-4291 (When opening a Hangul HShow Document (.hpt) and processing a
structure ...)
+ TODO: check
+CVE-2016-4290 (When opening a Hangul HShow Document (.hpt) and processing a
structure ...)
+ TODO: check
CVE-2016-4289
RESERVED
-CVE-2016-4288
- RESERVED
+CVE-2016-4288 (A local privilege escalation vulnerability exists in BlueStacks
App ...)
+ TODO: check
CVE-2016-4287 (Integer overflow in Adobe Flash Player before 18.0.0.375 and
19.x ...)
NOT-FOR-US: Adobe Flash
CVE-2016-4286 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x
before ...)
@@ -35282,8 +35533,7 @@
{DSA-3501-1}
- perl 5.22.1-8
NOTE:
http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076
-CVE-2016-2380 [MXIT mxit_convert_markup_tx Information Leak Vulnerability]
- RESERVED
+CVE-2016-2380 (An information leak exists in the handling of the MXIT protocol
in ...)
{DSA-3620-1 DLA-542-1}
- pidgin 2.11.0-1
NOTE: http://www.talosintel.com/reports/TALOS-2016-0123/
@@ -35292,50 +35542,43 @@
CVE-2016-2379
RESERVED
NOTE: Mentioned at http://www.pidgin.im/news/security/?id=96 without
further details
-CVE-2016-2378 [MXIT get_utf8_string Code Execution Vulnerability]
- RESERVED
+CVE-2016-2378 (A buffer overflow vulnerability exists in the handling of the
MXIT ...)
{DSA-3620-1 DLA-542-1}
- pidgin 2.11.0-1
NOTE: http://www.talosintel.com/reports/TALOS-2016-0120/
NOTE: http://www.pidgin.im/news/security/?id=94
NOTE: https://bitbucket.org/pidgin/main/commits/06278419c703
-CVE-2016-2377 [MXIT HTTP Content-Length Buffer Overflow Vulnerability]
- RESERVED
+CVE-2016-2377 (A buffer overflow vulnerability exists in the handling of the
MXIT ...)
{DSA-3620-1 DLA-542-1}
- pidgin 2.11.0-1
NOTE: http://www.talosintel.com/reports/TALOS-2016-0119/
NOTE: http://www.pidgin.im/news/security/?id=93
NOTE: https://bitbucket.org/pidgin/main/commits/0f94ef13ab37
-CVE-2016-2376 [MXIT read stage 0x3 Code Execution Vulnerability]
- RESERVED
+CVE-2016-2376 (A buffer overflow vulnerability exists in the handling of the
MXIT ...)
{DSA-3620-1 DLA-542-1}
- pidgin 2.11.0-1
NOTE: http://www.talosintel.com/reports/TALOS-2016-0118/
NOTE: http://www.pidgin.im/news/security/?id=92
NOTE: https://bitbucket.org/pidgin/main/commits/19f89eda8587
-CVE-2016-2375 [MXIT Suggested Contacts Memory Disclosure Vulnerability]
- RESERVED
+CVE-2016-2375 (An exploitable out-of-bounds read exists in the handling of the
MXIT ...)
{DSA-3620-1 DLA-542-1}
- pidgin 2.11.0-1
NOTE: http://www.talosintel.com/reports/TALOS-2016-0143/
NOTE: http://www.pidgin.im/news/security/?id=108
NOTE: https://bitbucket.org/pidgin/main/commits/b786e9814536
-CVE-2016-2374 [MXIT MultiMX Message Code Execution Vulnerability]
- RESERVED
+CVE-2016-2374 (An exploitable memory corruption vulnerability exists in the
handling ...)
{DSA-3620-1 DLA-542-1}
- pidgin 2.11.0-1
NOTE: http://www.talosintel.com/reports/TALOS-2016-0142/
NOTE: http://www.pidgin.im/news/security/?id=107
NOTE: https://bitbucket.org/pidgin/main/commits/f6c08d962618
-CVE-2016-2373 [MXIT Contact Mood Denial of Service Vulnerability]
- RESERVED
+CVE-2016-2373 (A denial of service vulnerability exists in the handling of the
MXIT ...)
{DSA-3620-1 DLA-542-1}
- pidgin 2.11.0-1
NOTE: http://www.talosintel.com/reports/TALOS-2016-0141/
NOTE: http://www.pidgin.im/news/security/?id=106
NOTE: https://bitbucket.org/pidgin/main/commits/e6159ad42c4c
-CVE-2016-2372 [MXIT File Transfer Length Memory Disclosure Vulnerability]
- RESERVED
+CVE-2016-2372 (An information leak exists in the handling of the MXIT protocol
in ...)
{DSA-3620-1 DLA-542-1}
- pidgin 2.11.0-1
NOTE: http://www.talosintel.com/reports/TALOS-2016-0140/
@@ -35343,15 +35586,13 @@
NOTE: https://bitbucket.org/pidgin/main/commits/5e3601f8bde4
NOTE: https://bitbucket.org/pidgin/main/commits/1c5197a66760
NOTE: https://bitbucket.org/pidgin/main/commits/648f667a679c
-CVE-2016-2371 [MXIT Extended Profiles Code Execution Vulnerability]
- RESERVED
+CVE-2016-2371 (An out-of-bounds write vulnerability exists in the handling of
the ...)
{DSA-3620-1 DLA-542-1}
- pidgin 2.11.0-1
NOTE: http://www.talosintel.com/reports/TALOS-2016-0139/
NOTE: http://www.pidgin.im/news/security/?id=104
NOTE:
https://bitbucket.org/pidgin/main/commits/f0287378203fbf496a9890bf273d96adefb93b74
-CVE-2016-2370 [MXIT Custom Resource Denial of Service Vulnerability]
- RESERVED
+CVE-2016-2370 (A denial of service vulnerability exists in the handling of the
MXIT ...)
{DSA-3620-1 DLA-542-1}
- pidgin 2.11.0-1
NOTE: http://www.talosintel.com/reports/TALOS-2016-0138/
@@ -35359,22 +35600,19 @@
NOTE: https://bitbucket.org/pidgin/main/commits/5e3601f8bde4
NOTE: https://bitbucket.org/pidgin/main/commits/1c5197a66760
NOTE: https://bitbucket.org/pidgin/main/commits/648f667a679c
-CVE-2016-2369 [MXIT CP_SOCK_REC_TERM Denial of Service Vulnerability]
- RESERVED
+CVE-2016-2369 (A NULL pointer dereference vulnerability exists in the handling
of the ...)
{DSA-3620-1 DLA-542-1}
- pidgin 2.11.0-1
NOTE: http://www.talosintel.com/reports/TALOS-2016-0137/
NOTE: http://www.pidgin.im/news/security/?id=102
-CVE-2016-2368 [MXIT g_snprintf Multiple Buffer Overflow Vulnerabilities]
- RESERVED
+CVE-2016-2368 (Multiple memory corruption vulnerabilities exist in the
handling of ...)
{DSA-3620-1 DLA-542-1}
- pidgin 2.11.0-1
NOTE: http://www.talosintel.com/reports/TALOS-2016-0136/
NOTE: http://www.pidgin.im/news/security/?id=101
NOTE: https://bitbucket.org/pidgin/main/commits/60f95045db42
NOTE: https://bitbucket.org/pidgin/main/commits/f6efc254e947
-CVE-2016-2367 [MXIT Avatar Length Memory Disclosure Vulnerability]
- RESERVED
+CVE-2016-2367 (An information leak exists in the handling of the MXIT protocol
in ...)
{DSA-3620-1 DLA-542-1}
- pidgin 2.11.0-1
NOTE: http://www.talosintel.com/reports/TALOS-2016-0135/
@@ -35382,15 +35620,13 @@
NOTE: https://bitbucket.org/pidgin/main/commits/5e3601f8bde4
NOTE: https://bitbucket.org/pidgin/main/commits/1c5197a66760
NOTE: https://bitbucket.org/pidgin/main/commits/648f667a679c
-CVE-2016-2366 [MXIT Table Command Denial of Service Vulnerability]
- RESERVED
+CVE-2016-2366 (A denial of service vulnerability exists in the handling of the
MXIT ...)
{DSA-3620-1 DLA-542-1}
- pidgin 2.11.0-1
NOTE: http://www.talosintel.com/reports/TALOS-2016-0134/
NOTE: http://www.pidgin.im/news/security/?id=99
NOTE: https://bitbucket.org/pidgin/main/commits/abdc3025f6b8
-CVE-2016-2365 [MXIT Markup Command Denial of Service Vulnerability]
- RESERVED
+CVE-2016-2365 (A denial of service vulnerability exists in the handling of the
MXIT ...)
{DSA-3620-1 DLA-542-1}
- pidgin 2.11.0-1
NOTE: http://www.talosintel.com/reports/TALOS-2016-0133/
@@ -35452,14 +35688,14 @@
RESERVED
CVE-2016-2340 (The AMF framework in Granite Data Services 3.1.1-SNAPSHOT
allows ...)
NOT-FOR-US: Granite
-CVE-2016-2339
- RESERVED
+CVE-2016-2339 (An exploitable heap overflow vulnerability exists in the ...)
+ TODO: check
CVE-2016-2338
RESERVED
-CVE-2016-2337
- RESERVED
-CVE-2016-2336
- RESERVED
+CVE-2016-2337 (Type confusion exists in _cancel_eval Ruby's TclTkIp class
method. ...)
+ TODO: check
+CVE-2016-2336 (Type confusion exists in two methods of Ruby's WIN32OLE class,
...)
+ TODO: check
CVE-2016-2335 (The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in
7zip ...)
{DSA-3599-1 DLA-510-1}
- p7zip 15.14.1+dfsg-2 (bug #824160)
@@ -38627,24 +38863,20 @@
RESERVED
- ntp <not-affected> (Does not affect Linux or FreeBSD)
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
-CVE-2016-1550 [Timing attack for authenticated packets]
- RESERVED
+CVE-2016-1550 (An exploitable vulnerability exists in the message
authentication ...)
{DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
-CVE-2016-1549 [Sybil attack with trustedkey]
- RESERVED
+CVE-2016-1549 (A malicious authenticated peer can create arbitrarily-many
ephemeral ...)
- ntp 1:4.2.8p7+dfsg-1
[jessie] - ntp <no-dsa> (Minor issue)
[wheezy] - ntp <no-dsa> (Minor issue)
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
-CVE-2016-1548 [Change the time of an ntpd client or deny service to an ntpd
client by forcing it to change from basic client/server mode to interleaved
symmetric mode.]
- RESERVED
+CVE-2016-1548 (An attacker can spoof a packet from a legitimate ntpd server
with an ...)
{DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
-CVE-2016-1547 [Validate crypto-NAKs]
- RESERVED
+CVE-2016-1547 (An off-path attacker can cause a preemptible client association
to be ...)
{DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
@@ -38755,10 +38987,10 @@
RESERVED
CVE-2016-1516
RESERVED
-CVE-2016-1515
- RESERVED
-CVE-2016-1514
- RESERVED
+CVE-2016-1515 (A use-after-free / double-free vulnerability can occur in
libebml ...)
+ TODO: check
+CVE-2016-1514 (A specially crafted unicode string in libebml master branch can
cause ...)
+ TODO: check
CVE-2016-1513 (The Impress tool in Apache OpenOffice 4.1.2 and earlier allows
remote ...)
{DLA-591-1}
- libreoffice 1:4.3.3-1
@@ -45596,8 +45828,7 @@
[squeeze] - ntp <not-affected> (Bug introduced in 4.2.7p262)
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
NOTE:
https://github.com/ntp-project/ntp/commit/9c22e66c8f2be6aa0c846f0d9804db20f93c105d
-CVE-2015-7848
- RESERVED
+CVE-2015-7848 (An integer overflow can occur in NTP-dev.4.3.70 leading to an
...)
- ntp 1:4.2.8p4+dfsg-1
[jessie] - ntp <not-affected> (Bug introduced in 4.2.7p131)
[wheezy] - ntp <not-affected> (Bug introduced in 4.2.7p131)
@@ -59784,10 +60015,10 @@
NOT-FOR-US: Chiyu fingerprint access-control devices
CVE-2015-2869 (The FileInfo plugin before 2.22 for Ghisler Total Commander
allows ...)
NOT-FOR-US: Ghisler Total Commander
-CVE-2015-2868
- RESERVED
-CVE-2015-2867
- RESERVED
+CVE-2015-2868 (An exploitable remote code execution vulnerability exists in
the Trane ...)
+ TODO: check
+CVE-2015-2867 (A design flaw in the Trane ComfortLink II SCC firmware version
2.0.2 ...)
+ TODO: check
CVE-2015-2866 (SQL injection vulnerability on the Grandstream GXV3611_HD
camera with ...)
NOT-FOR-US: Grandstream camera
CVE-2015-2865
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
