Author: sectracker
Date: 2017-01-12 21:10:11 +0000 (Thu, 12 Jan 2017)
New Revision: 47957
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-12 21:02:27 UTC (rev 47956)
+++ data/CVE/list 2017-01-12 21:10:11 UTC (rev 47957)
@@ -1,3 +1,35 @@
+CVE-2017-5355
+ RESERVED
+CVE-2017-5354
+ RESERVED
+CVE-2017-5353
+ RESERVED
+CVE-2017-5352
+ RESERVED
+CVE-2017-5351 (Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0)
software ...)
+ TODO: check
+CVE-2017-5350 (Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0)
software allow ...)
+ TODO: check
+CVE-2017-5349
+ RESERVED
+CVE-2017-5348
+ RESERVED
+CVE-2017-5347 (SQL injection vulnerability in inc/mod/newsletter/options.php
in ...)
+ TODO: check
+CVE-2017-5346 (SQL injection vulnerability in ...)
+ TODO: check
+CVE-2017-5345 (SQL injection vulnerability in ...)
+ TODO: check
+CVE-2017-5344
+ RESERVED
+CVE-2017-5343
+ RESERVED
+CVE-2017-5342
+ RESERVED
+CVE-2017-5341
+ RESERVED
+CVE-2016-10131 (system/libraries/Email.php in CodeIgniter before 3.1.3 allows
remote ...)
+ TODO: check
CVE-2017-XXXX [ed invalid free]
- ed <unfixed> (low; bug #851159)
[jessie] - ed <no-dsa> (Minor issue)
@@ -208,8 +240,7 @@
RESERVED
CVE-2017-5227
RESERVED
-CVE-2017-5225 [Heap-buffer overflow in tools/tiffcp via crafted BitsPerSample
value]
- RESERVED
+CVE-2017-5225 (LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow
in the ...)
- tiff <unfixed>
NOTE: Fixed by:
https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2656
@@ -244,8 +275,7 @@
RESERVED
CVE-2017-5210
RESERVED
-CVE-2017-5209 [base64decode buffer over-read via split encoded Apple Property
List data]
- RESERVED
+CVE-2017-5209 (The base64decode function in base64.c in libimobiledevice
libplist ...)
- libplist <unfixed>
NOTE: Upstream bug:
https://github.com/libimobiledevice/libplist/issues/84
NOTE:
https://github.com/libimobiledevice/libplist/commit/3a55ddd3c4c11ce75a86afbefd085d8d397ff957
@@ -262,18 +292,23 @@
CVE-2017-5200
RESERVED
CVE-2017-5339
+ RESERVED
- libgit2 <unfixed>
NOTE:
https://github.com/libgit2/libgit2/commit/3829ba2e710553893faf6336cc6b2f3fc17a293e
CVE-2017-5338
+ RESERVED
- libgit2 <unfixed>
NOTE:
https://github.com/libgit2/libgit2/commit/98d66240ecb7765e191da19b535c75c92ccc90fe
CVE-2016-10130
+ RESERVED
- libgit2 <unfixed>
NOTE:
https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22
CVE-2016-10129
+ RESERVED
- libgit2 <unfixed>
NOTE:
https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a
CVE-2016-10128
+ RESERVED
- libgit2 <unfixed>
NOTE:
https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834
CVE-2016-10126 (Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x
before ...)
@@ -281,6 +316,7 @@
CVE-2016-10125 (D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a
hardcoded ...)
NOT-FOR-US: D-Link
CVE-2016-10127 [XML external entity attack]
+ RESERVED
{DSA-3759-1}
- python-pysaml2 3.0.0-5 (bug #850716)
NOTE: https://github.com/rohe/pysaml2/pull/379
@@ -294,18 +330,22 @@
NOTE: https://support.zabbix.com/browse/ZBX-11023
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2017/01/12/4
CVE-2017-5337
+ RESERVED
- gnutls28 3.5.8-1
NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-2
NOTE:
https://gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1a
CVE-2017-5336
+ RESERVED
- gnutls28 3.5.8-1
NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-2
NOTE:
https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732
CVE-2017-5335
+ RESERVED
- gnutls28 3.5.8-1
NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-2
NOTE:
https://gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3a
CVE-2017-5334
+ RESERVED
- gnutls28 3.5.8-1
NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-1
NOTE:
https://gitlab.com/gnutls/gnutls/commit/c5aaa488a3d6df712dc8dff23a049133cab5ec1b
@@ -828,11 +868,13 @@
- borgbackup 1.0.9-1
NOTE:
https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability
CVE-2017-5333
+ RESERVED
- icoutils 0.31.1-1
NOTE: Fixed by:
http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1a108713ac26215c7568353f6e02e727e6d4b24a
NOTE: CVE for "the separate vulnerability fixed by the introduction of
the "size >= sizeof(uint16_t)*2" test in
NOTE: 1a108713ac26215c7568353f6e02e727e6d4b24a"
CVE-2017-5332
+ RESERVED
- icoutils 0.31.1-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1249276
NOTE: Fixed by:
http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a
@@ -841,6 +883,7 @@
NOTE: CVE for "all of 1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a and also
the index correction in
NOTE: 1a108713ac26215c7568353f6e02e727e6d4b24a."
CVE-2017-5331 [make check_offset more stringent]
+ RESERVED
- icoutils 0.31.1-1
NOTE: Fixed by:
http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=4fbe9222fd79ee31b7ec031b0be070a9a400d1d3
NOTE: http://www.openwall.com/lists/oss-security/2017/01/10/4
@@ -850,7 +893,7 @@
- icoutils 0.31.0-4 (bug #850017)
NOTE: Fixed by:
http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=0d569f458f306b88f60156d60c9cf058125cf173
NOTE: http://www.openwall.com/lists/oss-security/2017/01/08/1
-CVE-2017-5340 [Use of uninitialized memory in unserialize()]
+CVE-2017-5340 (Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1
mishandles ...)
- php7.0 <unfixed> (bug #850158)
- php5 <unfixed>
NOTE: https://bugs.php.net/bug.php?id=73832
@@ -3456,6 +3499,7 @@
NOTE: https://ikiwiki.info/security/#cve-2016-9645
CVE-2016-10026 [authorization bypass when reverting changes]
RESERVED
+ {DSA-3760-1}
- ikiwiki 3.20161219
NOTE:
http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/
NOTE: Fix:
http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=9cada49ed6ad24556dbe9861ad5b0a9f526167f9
@@ -5784,104 +5828,91 @@
RESERVED
CVE-2017-2968
RESERVED
-CVE-2017-2967
- RESERVED
-CVE-2017-2966
- RESERVED
-CVE-2017-2965
- RESERVED
-CVE-2017-2964
- RESERVED
-CVE-2017-2963
- RESERVED
-CVE-2017-2962
- RESERVED
-CVE-2017-2961
- RESERVED
-CVE-2017-2960
- RESERVED
-CVE-2017-2959
- RESERVED
-CVE-2017-2958
- RESERVED
-CVE-2017-2957
- RESERVED
-CVE-2017-2956
- RESERVED
-CVE-2017-2955
- RESERVED
-CVE-2017-2954
- RESERVED
-CVE-2017-2953
- RESERVED
-CVE-2017-2952
- RESERVED
-CVE-2017-2951
- RESERVED
-CVE-2017-2950
- RESERVED
-CVE-2017-2949
- RESERVED
-CVE-2017-2948
- RESERVED
-CVE-2017-2947
- RESERVED
-CVE-2017-2946
- RESERVED
-CVE-2017-2945
- RESERVED
-CVE-2017-2944
- RESERVED
-CVE-2017-2943
- RESERVED
-CVE-2017-2942
- RESERVED
-CVE-2017-2941
- RESERVED
-CVE-2017-2940
- RESERVED
-CVE-2017-2939
- RESERVED
-CVE-2017-2938
- RESERVED
+CVE-2017-2967 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
+CVE-2017-2966 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
+CVE-2017-2965 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
+CVE-2017-2964 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
+CVE-2017-2963 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
+CVE-2017-2962 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
+CVE-2017-2961 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
+CVE-2017-2960 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
+CVE-2017-2959 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
+CVE-2017-2958 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
+CVE-2017-2957 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
+CVE-2017-2956 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
+CVE-2017-2955 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
+CVE-2017-2954 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
+CVE-2017-2953 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
+CVE-2017-2952 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
+CVE-2017-2951 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
+CVE-2017-2950 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
+CVE-2017-2949 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
+CVE-2017-2948 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
+CVE-2017-2947 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
+CVE-2017-2946 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
+CVE-2017-2945 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
+CVE-2017-2944 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
+CVE-2017-2943 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
+CVE-2017-2942 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
+CVE-2017-2941 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
+CVE-2017-2940 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
+CVE-2017-2939 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
+ TODO: check
+CVE-2017-2938 (Adobe Flash Player versions 24.0.0.186 and earlier have a
security ...)
NOT-FOR-US: Adobe Flash
-CVE-2017-2937
- RESERVED
+CVE-2017-2937 (Adobe Flash Player versions 24.0.0.186 and earlier have an
exploitable ...)
NOT-FOR-US: Adobe Flash
-CVE-2017-2936
- RESERVED
+CVE-2017-2936 (Adobe Flash Player versions 24.0.0.186 and earlier have an
exploitable ...)
NOT-FOR-US: Adobe Flash
-CVE-2017-2935
- RESERVED
+CVE-2017-2935 (Adobe Flash Player versions 24.0.0.186 and earlier have an
exploitable ...)
NOT-FOR-US: Adobe Flash
-CVE-2017-2934
- RESERVED
+CVE-2017-2934 (Adobe Flash Player versions 24.0.0.186 and earlier have an
exploitable ...)
NOT-FOR-US: Adobe Flash
-CVE-2017-2933
- RESERVED
+CVE-2017-2933 (Adobe Flash Player versions 24.0.0.186 and earlier have an
exploitable ...)
NOT-FOR-US: Adobe Flash
-CVE-2017-2932
- RESERVED
+CVE-2017-2932 (Adobe Flash Player versions 24.0.0.186 and earlier have an
exploitable ...)
NOT-FOR-US: Adobe Flash
-CVE-2017-2931
- RESERVED
+CVE-2017-2931 (Adobe Flash Player versions 24.0.0.186 and earlier have an
exploitable ...)
NOT-FOR-US: Adobe Flash
-CVE-2017-2930
- RESERVED
+CVE-2017-2930 (Adobe Flash Player versions 24.0.0.186 and earlier have an
exploitable ...)
NOT-FOR-US: Adobe Flash
CVE-2017-2929
RESERVED
-CVE-2017-2928
- RESERVED
+CVE-2017-2928 (Adobe Flash Player versions 24.0.0.186 and earlier have an
exploitable ...)
NOT-FOR-US: Adobe Flash
-CVE-2017-2927
- RESERVED
+CVE-2017-2927 (Adobe Flash Player versions 24.0.0.186 and earlier have an
exploitable ...)
NOT-FOR-US: Adobe Flash
-CVE-2017-2926
- RESERVED
+CVE-2017-2926 (Adobe Flash Player versions 24.0.0.186 and earlier have an
exploitable ...)
NOT-FOR-US: Adobe Flash
-CVE-2017-2925
- RESERVED
+CVE-2017-2925 (Adobe Flash Player versions 24.0.0.186 and earlier have an
exploitable ...)
NOT-FOR-US: Adobe Flash
CVE-2016-9839 (In MapServer before 7.0.3, OGR driver error messages are too
verbose ...)
{DLA-734-1}
@@ -11591,6 +11622,7 @@
RESERVED
CVE-2017-0356 [Authentication bypass via repeated parameters]
RESERVED
+ {DSA-3760-1}
- ikiwiki 3.20170111
NOTE: https://ikiwiki.info/security/#cve-2017-0356
CVE-2016-9772 [OPENAFS-SA-2016-003 - directory information leaks]
@@ -11615,6 +11647,7 @@
RESERVED
CVE-2016-9646 [commit metadata forgery]
RESERVED
+ {DSA-3760-1}
- ikiwiki 3.20161229
NOTE: https://ikiwiki.info/security/#cve-2016-9646
CVE-2016-9643
@@ -12427,8 +12460,7 @@
RESERVED
CVE-2016-9454
RESERVED
-CVE-2016-9444 [An unusually-formed DS record response could cause an assertion
failure]
- RESERVED
+CVE-2016-9444 (named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5,
and ...)
{DSA-3758-1}
- bind9 <unfixed> (bug #851062)
NOTE: https://kb.isc.org/article/AA-01441/0
@@ -13367,8 +13399,8 @@
RESERVED
CVE-2016-9248
RESERVED
-CVE-2016-9247
- RESERVED
+CVE-2016-9247 (Under certain conditions for BIG-IP systems using a virtual
server ...)
+ TODO: check
CVE-2016-9246
RESERVED
CVE-2016-9245
@@ -13588,8 +13620,7 @@
NOT-FOR-US: PAN-OS
CVE-2016-9148
RESERVED
-CVE-2016-9147 [An error handling a query response containing inconsistent
DNSSEC information could cause an assertion failure]
- RESERVED
+CVE-2016-9147 (named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1
allows ...)
{DSA-3758-1}
- bind9 <unfixed> (bug #851063)
NOTE: https://kb.isc.org/article/AA-01440/0
@@ -13679,8 +13710,7 @@
NOTE: Fixed in 1.10.14 and 1.11.34, all prior versions affected.
NOTE: Fixed by:
https://github.com/randombit/botan/commit/987ad747db6d0d7e36f840398f3cf02e2fbfd90f
NOTE: Not believed to be exploitable in practice
-CVE-2016-9131 [A malformed response to an ANY query can cause an assertion
failure during recursion]
- RESERVED
+CVE-2016-9131 (named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5,
and ...)
{DSA-3758-1}
- bind9 <unfixed> (bug #851065)
NOTE: https://kb.isc.org/article/AA-01439/0
@@ -14072,8 +14102,7 @@
NOT-FOR-US: RealPlayer
CVE-2016-9017 (Artifex Software, Inc. MuJS before ...)
NOT-FOR-US: MuJS
-CVE-2016-9015 [certificate verification failure]
- RESERVED
+CVE-2016-9015 (Versions 1.17 and 1.18 of the Python urllib3 library suffer
from a ...)
- python-urllib3 <not-affected> (Issue only present in 1.17 and 1.18
releases)
CVE-2016-9014 (Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and
1.10.x ...)
{DLA-706-1}
@@ -17138,12 +17167,12 @@
RESERVED
CVE-2017-0005
RESERVED
-CVE-2017-0004
- RESERVED
-CVE-2017-0003
- RESERVED
-CVE-2017-0002
- RESERVED
+CVE-2017-0004 (The Local Security Authority Subsystem Service (LSASS) in
Microsoft ...)
+ TODO: check
+CVE-2017-0003 (Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow
remote ...)
+ TODO: check
+CVE-2017-0002 (Microsoft Edge allows remote attackers to bypass the Same
Origin ...)
+ TODO: check
CVE-2017-0001
RESERVED
CVE-2016-8200
@@ -18823,19 +18852,16 @@
RESERVED
CVE-2016-7481
RESERVED
-CVE-2016-7480
- RESERVED
+CVE-2016-7480 (The SplObjectStorage unserialize implementation in ...)
- php7.0 7.0.12-1
- php5 <undetermined>
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73257
NOTE: Fixed in 7.0.12
-CVE-2016-7479
- RESERVED
+CVE-2016-7479 (In all versions of PHP 7, during the unserialization process,
resizing ...)
- php7.0 <unfixed>
- php5 <unfixed>
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73092
-CVE-2016-7478
- RESERVED
+CVE-2016-7478 (Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and
7.x ...)
- php7.0 <unfixed>
- php5 <unfixed>
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73093
@@ -19017,7 +19043,7 @@
NOTE: http://marc.info/?l=linux-scsi&m=147394713328707&w=2
NOTE: Upstream commit:
https://git.kernel.org/linus/7bc2b55a5c030685b399bb65b6baa9ccc3d1f167
CVE-2016-7424 (The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c
in libav ...)
- {DSA-3685-1}
+ {DSA-3685-1 DLA-780-1}
- libav <removed>
- ffmpeg <not-affected> (Fixed before introduction into the archive)
NOTE: Fixed by:
https://git.libav.org/?p=libav.git;a=commit;h=136f55207521f0b03194ef5b55ba70f1635d6aee
@@ -20802,8 +20828,7 @@
NOTE: and with the patch readpw(dpy, pws) is not called anymore, and
NOTE: thus in readpw, not calling crypt(passwd, pws) with a possibly
NOTE: empty pws.
-CVE-2016-6837 [XSS in view_all_bug_page.php]
- RESERVED
+CVE-2016-6837 (Cross-site scripting (XSS) vulnerability in MantisBT Filter API
in ...)
- mantis <removed>
[wheezy] - mantis <end-of-life> (unsupported)
NOTE: https://mantisbt.org/bugs/view.php?id=21611
@@ -20815,14 +20840,12 @@
NOTE:
https://blogs.gentoo.org/ago/2016/08/07/libav-heap-based-buffer-overflow-in-ff_audio_resample-resample-c/
NOTE:
https://git.libav.org/?p=libav.git;a=commit;h=0ac8ff618c5e6d878c547a8877e714ed728950ce
NOTE: Claimed to not affect ffmpeg
-CVE-2016-6831 [Memory leak in CHICKEN Scheme's process-execute and
process-spawn procedures]
- RESERVED
+CVE-2016-6831 (The "process-execute" and "process-spawn"
procedures did not free ...)
{DLA-643-1}
- chicken <unfixed> (bug #834845)
[jessie] - chicken <no-dsa> (Minor issue)
NOTE: Fixed in the same upstream patch which is provided for
CVE-2016-6830
-CVE-2016-6830 [Buffer overrun in CHICKEN Scheme's "process-execute" and
"process-spawn" procedures from the posix unit]
- RESERVED
+CVE-2016-6830 (The "process-execute" and "process-spawn"
procedures in CHICKEN Scheme ...)
{DLA-643-1}
- chicken <unfixed> (bug #834845)
[jessie] - chicken <no-dsa> (Minor issue)
@@ -20837,8 +20860,8 @@
RESERVED
CVE-2016-6821
RESERVED
-CVE-2016-6820
- RESERVED
+CVE-2016-6820 (MetroCluster Tiebreaker for clustered Data ONTAP in versions
before ...)
+ TODO: check
CVE-2016-6819
RESERVED
CVE-2016-6818
@@ -22007,12 +22030,10 @@
CVE-2016-6595 (** DISPUTED ** The SwarmKit toolkit 1.12.0 for Docker allows
remote ...)
- docker.io <not-affected> (Only affects Docker 1.12)
NOTE: http://seclists.org/oss-sec/2016/q3/198
-CVE-2016-6581 [HPACK Bomb]
- RESERVED
+CVE-2016-6581 (A HTTP/2 implementation built using any version of the Python
HPACK ...)
- python-hpack 2.3.0-1 (bug #833467)
NOTE: https://github.com/python-hyper/hpack/pull/56
-CVE-2016-6580
- RESERVED
+CVE-2016-6580 (A HTTP/2 implementation built using any version of the Python
priority ...)
NOT-FOR-US: Python Priority
NOTE: https://github.com/python-hyper/priority/pull/23
CVE-2016-6519 [persistent XSS in metadata field]
@@ -22735,10 +22756,10 @@
NOTE: https://github.com/systemd/systemd/issues/3815
NOTE: The problem as well only arises with docker fork in RedHat, not
with upstream docker
NOTE: https://github.com/projectatomic/oci-register-machine/pull/22
-CVE-2016-6287
- RESERVED
-CVE-2016-6286
- RESERVED
+CVE-2016-6287 (The "http-client" egg always used a HTTP_PROXY
environment variable to ...)
+ TODO: check
+CVE-2016-6286 (The "spiffy-cgi-handlers" egg would convert a
nonexistent "Proxy" ...)
+ TODO: check
CVE-2016-6285
RESERVED
CVE-2016-6284
@@ -23771,7 +23792,7 @@
CVE-2016-6092
RESERVED
CVE-2016-6091
- RESERVED
+ REJECTED
CVE-2016-6090
RESERVED
CVE-2016-6089
@@ -28518,12 +28539,12 @@
- libarchive 3.2.1-1
NOTE: https://github.com/libarchive/libarchive/issues/705
NOTE: Fixed by:
https://github.com/libarchive/libarchive/commit/fd7e0c02e272913a0a8b6d492c7260dfca0b1408
(v3.2.1)
-CVE-2016-4808
- RESERVED
-CVE-2016-4807
- RESERVED
-CVE-2016-4806
- RESERVED
+CVE-2016-4808 (Web2py versions 2.14.5 and below was affected by CSRF (Cross
Site ...)
+ TODO: check
+CVE-2016-4807 (Web2py versions 2.14.5 and below was affected by Reflected XSS
...)
+ TODO: check
+CVE-2016-4806 (Web2py versions 2.14.5 and below was affected by Local File
Inclusion ...)
+ TODO: check
CVE-2016-4803 (CRLF injection vulnerability in the send email functionality in
dotCMS ...)
NOT-FOR-US: dotCMS
CVE-2016-4802 (Multiple untrusted search path vulnerabilities in cURL and
libcurl ...)
@@ -45375,8 +45396,8 @@
NOT-FOR-US: F5 BIG-IP
CVE-2015-8021 (Incomplete blacklist vulnerability in the Configuration utility
in F5 ...)
NOT-FOR-US: F5 BIG-IP
-CVE-2015-8020
- RESERVED
+CVE-2015-8020 (Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a
default ...)
+ TODO: check
CVE-2015-8018
RESERVED
CVE-2015-8017
@@ -55134,14 +55155,14 @@
RESERVED
CVE-2015-4595
RESERVED
-CVE-2015-4594
- RESERVED
-CVE-2015-4593
- RESERVED
-CVE-2015-4592
- RESERVED
-CVE-2015-4591
- RESERVED
+CVE-2015-4594 (eClinicalWorks Population Health (CCMR) suffers from a session
...)
+ TODO: check
+CVE-2015-4593 (eClinicalWorks Population Health (CCMR) suffers from a
cross-site ...)
+ TODO: check
+CVE-2015-4592 (eClinicalWorks Population Health (CCMR) suffers from an SQL
injection ...)
+ TODO: check
+CVE-2015-4591 (eClinicalWorks Population Health (CCMR) suffers from a cross
site ...)
+ TODO: check
CVE-2015-4590 (The extractFrom function in Internals/QuotedString.cpp in
Arduino JSON ...)
NOT-FOR-US: Arduino JSON
CVE-2015-4589
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
