Author: sectracker
Date: 2017-01-17 21:10:12 +0000 (Tue, 17 Jan 2017)
New Revision: 48141

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-01-17 20:41:41 UTC (rev 48140)
+++ data/CVE/list       2017-01-17 21:10:12 UTC (rev 48141)
@@ -1,108 +1,426 @@
+CVE-2017-5521 (An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, 
R7300, ...)
+       TODO: check
+CVE-2017-5520 (The media rename feature in GeniXCMS through 0.0.8 does not 
consider ...)
+       TODO: check
+CVE-2017-5519 (SQL injection vulnerability in Posts.class.php in GeniXCMS 
through ...)
+       TODO: check
+CVE-2017-5518 (The media-file upload feature in GeniXCMS through 0.0.8 allows 
remote ...)
+       TODO: check
+CVE-2017-5517 (SQL injection vulnerability in author.control.php in GeniXCMS 
through ...)
+       TODO: check
+CVE-2017-5516 (Multiple cross-site scripting (XSS) vulnerabilities in the user 
forms ...)
+       TODO: check
+CVE-2017-5515 (Cross-site scripting (XSS) vulnerability in the user prompt 
function in ...)
+       TODO: check
+CVE-2017-5514
+       RESERVED
+CVE-2017-5513
+       RESERVED
+CVE-2017-5512
+       RESERVED
+CVE-2017-5497
+       RESERVED
+CVE-2017-5496
+       RESERVED
+CVE-2017-5495
+       RESERVED
+CVE-2017-5494 (Multiple cross-site scripting (XSS) vulnerabilities in the file 
types ...)
+       TODO: check
+CVE-2017-5486
+       RESERVED
+CVE-2017-5485
+       RESERVED
+CVE-2017-5484
+       RESERVED
+CVE-2017-5483
+       RESERVED
+CVE-2017-5482
+       RESERVED
+CVE-2017-5481
+       RESERVED
+CVE-2017-5480 (Directory traversal vulnerability in inc/files/files.ctrl.php 
in ...)
+       TODO: check
+CVE-2017-5479
+       RESERVED
+CVE-2017-5478
+       RESERVED
+CVE-2017-5477
+       RESERVED
+CVE-2017-5476 (Serendipity through 2.0.5 allows CSRF for the installation of 
an event ...)
+       TODO: check
+CVE-2017-5475 (comment.php in Serendipity through 2.0.5 allows CSRF in 
deleting any ...)
+       TODO: check
+CVE-2017-5474 (Open redirect vulnerability in comment.php in Serendipity 
through 2.0.5 ...)
+       TODO: check
+CVE-2017-5473 (Cross-site request forgery (CSRF) vulnerability in ntopng 
through 2.4 ...)
+       TODO: check
+CVE-2017-5472
+       RESERVED
+CVE-2017-5471
+       RESERVED
+CVE-2017-5470
+       RESERVED
+CVE-2017-5469
+       RESERVED
+CVE-2017-5468
+       RESERVED
+CVE-2017-5467
+       RESERVED
+CVE-2017-5466
+       RESERVED
+CVE-2017-5465
+       RESERVED
+CVE-2017-5464
+       RESERVED
+CVE-2017-5463
+       RESERVED
+CVE-2017-5462
+       RESERVED
+CVE-2017-5461
+       RESERVED
+CVE-2017-5460
+       RESERVED
+CVE-2017-5459
+       RESERVED
+CVE-2017-5458
+       RESERVED
+CVE-2017-5457
+       RESERVED
+CVE-2017-5456
+       RESERVED
+CVE-2017-5455
+       RESERVED
+CVE-2017-5454
+       RESERVED
+CVE-2017-5453
+       RESERVED
+CVE-2017-5452
+       RESERVED
+CVE-2017-5451
+       RESERVED
+CVE-2017-5450
+       RESERVED
+CVE-2017-5449
+       RESERVED
+CVE-2017-5448
+       RESERVED
+CVE-2017-5447
+       RESERVED
+CVE-2017-5446
+       RESERVED
+CVE-2017-5445
+       RESERVED
+CVE-2017-5444
+       RESERVED
+CVE-2017-5443
+       RESERVED
+CVE-2017-5442
+       RESERVED
+CVE-2017-5441
+       RESERVED
+CVE-2017-5440
+       RESERVED
+CVE-2017-5439
+       RESERVED
+CVE-2017-5438
+       RESERVED
+CVE-2017-5437
+       RESERVED
+CVE-2017-5436
+       RESERVED
+CVE-2017-5435
+       RESERVED
+CVE-2017-5434
+       RESERVED
+CVE-2017-5433
+       RESERVED
+CVE-2017-5432
+       RESERVED
+CVE-2017-5431
+       RESERVED
+CVE-2017-5430
+       RESERVED
+CVE-2017-5429
+       RESERVED
+CVE-2017-5428
+       RESERVED
+CVE-2017-5427
+       RESERVED
+CVE-2017-5426
+       RESERVED
+CVE-2017-5425
+       RESERVED
+CVE-2017-5424
+       RESERVED
+CVE-2017-5423
+       RESERVED
+CVE-2017-5422
+       RESERVED
+CVE-2017-5421
+       RESERVED
+CVE-2017-5420
+       RESERVED
+CVE-2017-5419
+       RESERVED
+CVE-2017-5418
+       RESERVED
+CVE-2017-5417
+       RESERVED
+CVE-2017-5416
+       RESERVED
+CVE-2017-5415
+       RESERVED
+CVE-2017-5414
+       RESERVED
+CVE-2017-5413
+       RESERVED
+CVE-2017-5412
+       RESERVED
+CVE-2017-5411
+       RESERVED
+CVE-2017-5410
+       RESERVED
+CVE-2017-5409
+       RESERVED
+CVE-2017-5408
+       RESERVED
+CVE-2017-5407
+       RESERVED
+CVE-2017-5406
+       RESERVED
+CVE-2017-5405
+       RESERVED
+CVE-2017-5404
+       RESERVED
+CVE-2017-5403
+       RESERVED
+CVE-2017-5402
+       RESERVED
+CVE-2017-5401
+       RESERVED
+CVE-2017-5400
+       RESERVED
+CVE-2017-5399
+       RESERVED
+CVE-2017-5398
+       RESERVED
+CVE-2017-5397
+       RESERVED
+CVE-2017-5396
+       RESERVED
+CVE-2017-5395
+       RESERVED
+CVE-2017-5394
+       RESERVED
+CVE-2017-5393
+       RESERVED
+CVE-2017-5392
+       RESERVED
+CVE-2017-5391
+       RESERVED
+CVE-2017-5390
+       RESERVED
+CVE-2017-5389
+       RESERVED
+CVE-2017-5388
+       RESERVED
+CVE-2017-5387
+       RESERVED
+CVE-2017-5386
+       RESERVED
+CVE-2017-5385
+       RESERVED
+CVE-2017-5384
+       RESERVED
+CVE-2017-5383
+       RESERVED
+CVE-2017-5382
+       RESERVED
+CVE-2017-5381
+       RESERVED
+CVE-2017-5380
+       RESERVED
+CVE-2017-5379
+       RESERVED
+CVE-2017-5378
+       RESERVED
+CVE-2017-5377
+       RESERVED
+CVE-2017-5376
+       RESERVED
+CVE-2017-5375
+       RESERVED
+CVE-2017-5374
+       RESERVED
+CVE-2017-5373
+       RESERVED
+CVE-2017-5372
+       RESERVED
+CVE-2017-5371
+       RESERVED
+CVE-2017-5370
+       RESERVED
+CVE-2017-5369
+       RESERVED
+CVE-2017-5368
+       RESERVED
+CVE-2017-5367
+       RESERVED
+CVE-2017-5366
+       RESERVED
+CVE-2017-5365
+       RESERVED
+CVE-2017-5364 (Memory Corruption Vulnerability in Foxit PDF Toolkit v1.3 
allows an ...)
+       TODO: check
+CVE-2017-5363
+       RESERVED
+CVE-2017-5362
+       RESERVED
+CVE-2017-5361
+       RESERVED
+CVE-2017-5360
+       RESERVED
+CVE-2017-5359
+       RESERVED
+CVE-2017-5358
+       RESERVED
+CVE-2016-10143
+       RESERVED
+CVE-2016-10142 (An issue was discovered in the IPv6 protocol specification, 
related to ...)
+       TODO: check
+CVE-2016-10139 (An issue was discovered on BLU R1 HD devices with Shanghai 
Adups ...)
+       TODO: check
+CVE-2016-10138 (An issue was discovered on BLU Advance 5.0 and BLU R1 HD 
devices with ...)
+       TODO: check
+CVE-2016-10137 (An issue was discovered on BLU R1 HD devices with Shanghai 
Adups ...)
+       TODO: check
+CVE-2016-10136 (An issue was discovered on BLU R1 HD devices with Shanghai 
Adups ...)
+       TODO: check
+CVE-2016-10135 (An issue was discovered on LG devices using the MTK chipset 
with ...)
+       TODO: check
 CVE-2017-5505
+       RESERVED
        - jasper <removed>
        NOTE: 
https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-read-in-jas_matrix_asl-jas_seq-c
 CVE-2017-5504
+       RESERVED
        - jasper <removed>
        NOTE: 
https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-read-in-jpc_undo_roi-jpc_dec-c
 CVE-2017-5503
+       RESERVED
        - jasper <removed>
        NOTE: 
https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-write-in-dec_clnpass-jpc_t1dec-c
 CVE-2017-5502
+       RESERVED
        - jasper <removed>
        NOTE: Reproducer: 
https://github.com/asarubbo/poc/blob/master/00030-jasper-leftshift-jp2_dec_c
        NOTE: 
http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
 CVE-2017-5501
+       RESERVED
        - jasper <removed>
        NOTE: Reproducer: 
https://github.com/asarubbo/poc/blob/master/00022-jasper-signedintoverflow-jpc_tsfb_c
        NOTE: 
http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
 CVE-2017-5500
+       RESERVED
        - jasper <removed>
        NOTE: Reproducer: 
https://github.com/asarubbo/poc/blob/master/00019-jasper-leftshift-jpc_dec_c
        NOTE: 
http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
 CVE-2017-5499
+       RESERVED
        - jasper <removed>
        NOTE: Reproducer: 
https://github.com/asarubbo/poc/blob/master/00018-jasper-signedintoverflow-jpc_dec_c
        NOTE: 
http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
 CVE-2017-5498
+       RESERVED
        - jasper <removed>
        NOTE: Reproducer: 
https://github.com/asarubbo/poc/blob/master/00017-jasper-leftshift-jas_math_h
        NOTE: 
http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
 CVE-2017-5506 [double free in profile]
+       RESERVED
        - imagemagick <unfixed> (bug #851383)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/354
        NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
 CVE-2017-5507 [memory leak in MPC file handling]
+       RESERVED
        - imagemagick <unfixed> (bug #851382)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/4493d9ca1124564da17f9b628ef9d0f1a6be9738
        NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
 CVE-2017-5508 [Crash - PushQuantumPixel - Heap-Buffer-Overflow (TIFF)]
+       RESERVED
        - imagemagick <unfixed> (bug #851381)
        NOTE: 
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31161
        NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
 CVE-2016-10146 [memory leak in caption and label handling]
+       RESERVED
        - imagemagick 8:6.9.7.0+dfsg-2 (bug #851380)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/aeff00de228bc5a158c2a975ab47845d8a1db456
        NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
-CVE-2016-10140 [Information disclosure and authentication bypass]
+CVE-2016-10140 (Information disclosure and authentication bypass vulnerability 
exists ...)
        - zoneminder <unfixed> (bug #851710)
        NOTE: https://github.com/ZoneMinder/ZoneMinder/pull/1697
        NOTE: 
https://github.com/ZoneMinder/ZoneMinder/commit/6361f143878ce00659f64ce42593951d773e4e63
        NOTE: 
https://github.com/ZoneMinder/ZoneMinder/commit/aa0a4d1f5ad2c493f2bed175991e92c466ac3dc4
 CVE-2017-5509 [out of bound in psd file handling]
+       RESERVED
        - imagemagick <unfixed> (bug #851377)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/350
        NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
 CVE-2017-5510 [memory corruption heap overflow, psb file related, another one]
+       RESERVED
        - imagemagick <unfixed> (bug #851376)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/348
        NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
 CVE-2017-5511 [memory corruption heap overflow, psb file related]
+       RESERVED
        - imagemagick <unfixed> (bug #851374)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/347
        NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
 CVE-2016-10144 [ipl file missing malloc check]
+       RESERVED
        - imagemagick <unfixed> (bug #851485)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/97566cf2806c0a5a86e884c96831a0c3b1ec6c20
        NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
 CVE-2016-10145 [wpg file off by one]
+       RESERVED
        - imagemagick <unfixed> (bug #851483)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/d23beebe7b1179fb75db1e85fbca3100e49593d9
        NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
-CVE-2017-5487 [WordPress 4.7 - User Information Disclosure via REST API]
+CVE-2017-5487 
(wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in ...)
        - wordpress 4.7.1+dfsg-1 (bug #851310)
        NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
        NOTE: https://wpvulndb.com/vulnerabilities/8715
        NOTE: 
https://github.com/WordPress/WordPress/commit/daf358983cc1ce0c77bf6d2de2ebbb43df2add60
-CVE-2017-5488 [WordPress 2.9-4.7 - Authenticated Cross-Site scripting (XSS) in 
update-core.php]
+CVE-2017-5488 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
        - wordpress 4.7.1+dfsg-1 (bug #851310)
        NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
        NOTE: https://wpvulndb.com/vulnerabilities/8716
        NOTE: 
https://github.com/WordPress/WordPress/blob/c9ea1de1441bb3bda133bf72d513ca9de66566c2/wp-admin/update-core.php
-CVE-2017-5489 [WordPress 4.7 - Cross-Site Request Forgery (CSRF) via Flash 
Upload]
+CVE-2017-5489 (Cross-site request forgery (CSRF) vulnerability in WordPress 
before ...)
        - wordpress 4.7.1+dfsg-1 (bug #851310)
        NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
        NOTE: https://wpvulndb.com/vulnerabilities/8717
-CVE-2017-5490 [WordPress 3.4-4.7 - Stored Cross-Site Scripting (XSS) via Theme 
Name fallback]
+CVE-2017-5490 (Cross-site scripting (XSS) vulnerability in the theme-name 
fallback ...)
        - wordpress 4.7.1+dfsg-1 (bug #851310)
        NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
        NOTE: https://wpvulndb.com/vulnerabilities/8718
        NOTE: 
https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359
-CVE-2017-5491 [WordPress <= 4.7 - Post via Email Checks mail.example.com by 
Default]
+CVE-2017-5491 (wp-mail.php in WordPress before 4.7.1 might allow remote 
attackers to ...)
        - wordpress 4.7.1+dfsg-1 (bug #851310)
        NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
        NOTE: https://wpvulndb.com/vulnerabilities/8719
        NOTE: 
https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
-CVE-2017-5492 [WordPress 2.8-4.7 - Accessibility Mode Cross-Site Request 
Forgery (CSRF)]
+CVE-2017-5492 (Cross-site request forgery (CSRF) vulnerability in the 
widget-editing ...)
        - wordpress 4.7.1+dfsg-1 (bug #851310)
        NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
        NOTE: https://wpvulndb.com/vulnerabilities/8720
        NOTE: 
https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
-CVE-2017-5493 [WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number 
Generator (PRNG)]
+CVE-2017-5493 (wp-includes/ms-functions.php in the Multisite WordPress API in 
...)
        - wordpress 4.7.1+dfsg-1 (bug #851310)
        NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
        NOTE: https://wpvulndb.com/vulnerabilities/8721
        NOTE: 
https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
 CVE-2017-5356 [Irssi out of bounds read in format string]
+       RESERVED
        - irssi 0.8.21-1 (low)
        [jessie] - irssi <no-dsa> (Minor issue)
        [wheezy] - irssi <no-dsa> (Minor issue)
@@ -138,15 +456,18 @@
        RESERVED
 CVE-2017-5341
        RESERVED
-CVE-2016-10141
+CVE-2016-10141 (An integer overflow vulnerability was observed in the regemit 
function ...)
        NOT-FOR-US: MuJS
 CVE-2016-10133
+       RESERVED
        NOT-FOR-US: MuJS
 CVE-2016-10132
+       RESERVED
        NOT-FOR-US: MuJS
 CVE-2016-10131 (system/libraries/Email.php in CodeIgniter before 3.1.3 allows 
remote ...)
        NOT-FOR-US: CodeIgniter
 CVE-2017-5357 [ed invalid free]
+       RESERVED
        - ed <not-affected> (Vulnerable code not present, cf #851159)
        NOTE: http://www.openwall.com/lists/oss-security/2017/01/12/5
        NOTE: The issue is only present from 1.14 onwards, and prior to 1.14.1 
since upstream
@@ -365,8 +686,8 @@
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2657
 CVE-2017-5224
        RESERVED
-CVE-2017-5223
-       RESERVED
+CVE-2017-5223 (An issue was discovered in PHPMailer before 5.2.22. PHPMailer's 
msgHTML ...)
+       TODO: check
 CVE-2017-5222
        RESERVED
 CVE-2017-5221
@@ -451,6 +772,7 @@
        [jessie] - w3m <no-dsa> (Minor issues)
        [wheezy] - w3m <no-dsa> (Minor issues)
 CVE-2016-10134 [SQL injection vulnerabilities in "Latest data"]
+       RESERVED
        - zabbix 1:3.0.4+dfsg-1 (bug #850936)
        NOTE: https://support.zabbix.com/browse/ZBX-11023
        NOTE: http://www.openwall.com/lists/oss-security/2017/01/12/4
@@ -995,7 +1317,7 @@
        NOTE: 
https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability
 CVE-2017-5333
        RESERVED
-       {DSA-3765-1}
+       {DSA-3765-1 DLA-789-1}
        - icoutils 0.31.1-1
        NOTE: Fixed by: 
http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1a108713ac26215c7568353f6e02e727e6d4b24a
        NOTE: CVE for "the separate vulnerability fixed by the introduction of 
the "size >= sizeof(uint16_t)*2" test in
@@ -1003,7 +1325,7 @@
        NOTE: http://seclists.org/oss-sec/2017/q1/56
 CVE-2017-5332
        RESERVED
-       {DSA-3765-1}
+       {DSA-3765-1 DLA-789-1}
        - icoutils 0.31.1-1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1249276
        NOTE: Fixed by: 
http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a
@@ -1013,13 +1335,13 @@
        NOTE: 1a108713ac26215c7568353f6e02e727e6d4b24a."
 CVE-2017-5331 [make check_offset more stringent]
        RESERVED
-       {DSA-3765-1}
+       {DSA-3765-1 DLA-789-1}
        - icoutils 0.31.1-1
        NOTE: Fixed by: 
http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=4fbe9222fd79ee31b7ec031b0be070a9a400d1d3
        NOTE: http://www.openwall.com/lists/oss-security/2017/01/10/4
 CVE-2017-5208 [wrestool: exploitable crash]
        RESERVED
-       {DSA-3756-1}
+       {DSA-3756-1 DLA-789-1}
        - icoutils 0.31.0-4 (bug #850017)
        NOTE: Fixed by: 
http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=0d569f458f306b88f60156d60c9cf058125cf173
        NOTE: http://www.openwall.com/lists/oss-security/2017/01/08/1
@@ -3401,8 +3723,8 @@
        RESERVED
 CVE-2017-3891
        RESERVED
-CVE-2017-3890
-       RESERVED
+CVE-2017-3890 (A reflected cross-site scripting vulnerability in the 
BlackBerry ...)
+       TODO: check
 CVE-2017-3889
        RESERVED
 CVE-2017-3888
@@ -3605,8 +3927,7 @@
        RESERVED
 CVE-2016-5103
        REJECTED
-CVE-2016-10027
-       RESERVED
+CVE-2016-10027 (Race condition in the XMPP library in Smack before 4.1.9, when 
the ...)
        - libsmack-java <itp> (bug #640873)
 CVE-2016-10023
        RESERVED
@@ -5292,8 +5613,8 @@
        RESERVED
 CVE-2016-9883
        RESERVED
-CVE-2016-9882
-       RESERVED
+CVE-2016-9882 (An issue was discovered in Cloud Foundry Foundation cf-release 
versions ...)
+       TODO: check
 CVE-2016-9881
        RESERVED
 CVE-2016-9880
@@ -6978,8 +7299,7 @@
        RESERVED
 CVE-2017-2585
        RESERVED
-CVE-2017-2584 [kvm: use after free in complete_emulated_mmio]
-       RESERVED
+CVE-2017-2584 (arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows 
local ...)
        - linux <unfixed>
        [wheezy] - linux <not-affected> (Vulnerable code introduced in 3.6-rc1)
        NOTE: Upstream patch: https://www.spinics.net/lists/kvm/msg143571.html
@@ -11488,54 +11808,53 @@
        RESERVED
 CVE-2017-0405
        RESERVED
-CVE-2017-0404
-       RESERVED
-CVE-2017-0403
-       RESERVED
-CVE-2017-0402
-       RESERVED
-CVE-2017-0401
-       RESERVED
-CVE-2017-0400
-       RESERVED
-CVE-2017-0399
-       RESERVED
-CVE-2017-0398
-       RESERVED
-CVE-2017-0397
-       RESERVED
-CVE-2017-0396
-       RESERVED
-CVE-2017-0395
-       RESERVED
-CVE-2017-0394
-       RESERVED
-CVE-2017-0393
-       RESERVED
-CVE-2017-0392
-       RESERVED
-CVE-2017-0391
-       RESERVED
-CVE-2017-0390
-       RESERVED
-CVE-2017-0389
-       RESERVED
-CVE-2017-0388
-       RESERVED
-CVE-2017-0387
-       RESERVED
-CVE-2017-0386
-       RESERVED
-CVE-2017-0385
-       RESERVED
-CVE-2017-0384
-       RESERVED
-CVE-2017-0383
-       RESERVED
-CVE-2017-0382
-       RESERVED
-CVE-2017-0381 [Memory corruption during media file and data processing]
-       RESERVED
+CVE-2017-0404 (An elevation of privilege vulnerability in the kernel sound 
subsystem ...)
+       TODO: check
+CVE-2017-0403 (An elevation of privilege vulnerability in the kernel 
performance ...)
+       TODO: check
+CVE-2017-0402 (An information disclosure vulnerability in ...)
+       TODO: check
+CVE-2017-0401 (An information disclosure vulnerability in ...)
+       TODO: check
+CVE-2017-0400 (An information disclosure vulnerability in ...)
+       TODO: check
+CVE-2017-0399 (An information disclosure vulnerability in ...)
+       TODO: check
+CVE-2017-0398 (An information disclosure vulnerability in Audioserver could 
enable a ...)
+       TODO: check
+CVE-2017-0397 (An information disclosure vulnerability in id3/ID3.cpp in ...)
+       TODO: check
+CVE-2017-0396 (An information disclosure vulnerability in ...)
+       TODO: check
+CVE-2017-0395 (An elevation of privilege vulnerability in Contacts could 
enable a ...)
+       TODO: check
+CVE-2017-0394 (A denial of service vulnerability in Telephony could enable a 
remote ...)
+       TODO: check
+CVE-2017-0393 (A denial of service vulnerability in libvpx in Mediaserver 
could ...)
+       TODO: check
+CVE-2017-0392 (A denial of service vulnerability in VBRISeeker.cpp in 
libstagefright ...)
+       TODO: check
+CVE-2017-0391 (A denial of service vulnerability in decoder/ihevcd_decode.c in 
...)
+       TODO: check
+CVE-2017-0390 (A denial of service vulnerability in Tremolo/dpen.s in 
Mediaserver ...)
+       TODO: check
+CVE-2017-0389 (A denial of service vulnerability in core networking could 
enable a ...)
+       TODO: check
+CVE-2017-0388 (An elevation of privilege vulnerability in the External Storage 
...)
+       TODO: check
+CVE-2017-0387 (An elevation of privilege vulnerability in Mediaserver could 
enable a ...)
+       TODO: check
+CVE-2017-0386 (An elevation of privilege vulnerability in the libnl library 
could ...)
+       TODO: check
+CVE-2017-0385 (An elevation of privilege vulnerability in Audioserver could 
enable a ...)
+       TODO: check
+CVE-2017-0384 (An elevation of privilege vulnerability in ...)
+       TODO: check
+CVE-2017-0383 (An elevation of privilege vulnerability in the Framework APIs 
could ...)
+       TODO: check
+CVE-2017-0382 (A remote code execution vulnerability in the Framesequence 
library ...)
+       TODO: check
+CVE-2017-0381 (A remote code execution vulnerability in silk/NLSF_stabilize.c 
in ...)
        - opus <unfixed> (bug #851612)
        NOTE: Fixed by: 
https://github.com/xiph/opus/commit/79e8f527b0344b0897a65be35e77f7885bd99409 
(v1.2-alpha)
 CVE-2016-9804 (In BlueZ 5.42, a buffer overflow was observed in 
&quot;commands_dump&quot; ...)
@@ -12374,44 +12693,38 @@
        - salt 2016.3.0+ds-1
        [jessie] - salt <no-dsa> (Minor issue)
        NOTE: http://www.openwall.com/lists/oss-security/2016/11/25/2
-CVE-2016-9813 [null pointer deref (segfault) in mpegts decoder / _parse_pat]
-       RESERVED
+CVE-2016-9813 (The _parse_pat function in the mpegts parser in GStreamer 
before ...)
        - gst-plugins-bad1.0 1.10.2-1 (low)
        [jessie] - gst-plugins-bad1.0 <no-dsa> (Minor issue)
        - gst-plugins-bad0.10 <not-affected> (Vulnerable code introduced in 
1.1.1 of 1.0 series)
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775120
-CVE-2016-9812 [2 byte heap out of bounds read in gst_mpegts_section_new]
-       RESERVED
+CVE-2016-9812 (The gst_mpegts_section_new function in the mpegts decoder in 
GStreamer ...)
        - gst-plugins-bad1.0 1.10.2-1 (low)
        [jessie] - gst-plugins-bad1.0 <no-dsa> (Minor issue)
        - gst-plugins-bad0.10 <not-affected> (Vulnerable code introduced in 
1.1.1 of 1.0 series)
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775048
-CVE-2016-9811 [4 byte heap out of bounds read in windows_icon_typefind]
-       RESERVED
+CVE-2016-9811 (The windows_icon_typefind function in gst-plugins-base in 
GStreamer ...)
        {DLA-735-1}
        - gst-plugins-base1.0 1.10.2-1
        [jessie] - gst-plugins-base1.0 <no-dsa> (Minor issue, can be fixed via 
point release)
        - gst-plugins-base0.10 <removed>
        [jessie] - gst-plugins-base0.10 <no-dsa> (Minor issue, can be fixed via 
point release)
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774902
-CVE-2016-9810 [Invalid memory read in glib caused by one invalid unref call in 
the flxdec decoder]
-       RESERVED
+CVE-2016-9810 (The gst_decode_chain_free_internal function in the flxdex 
decoder in ...)
        - gst-plugins-good1.0 1.10.1-2
        [jessie] - gst-plugins-good1.0 1.4.4-2+deb8u2
        - gst-plugins-good0.10 <removed>
        [jessie] - gst-plugins-good0.10 0.10.31-3+nmu4+deb8u2
        [wheezy] - gst-plugins-good0.10 0.10.31-3+nmu1+deb7u1
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774897
-CVE-2016-9809 [h264: one byte heap off by one read in gst_h264_parse_set_caps]
-       RESERVED
+CVE-2016-9809 (Off-by-one error in the gst_h264_parse_set_caps function in 
GStreamer ...)
        {DLA-736-1}
        - gst-plugins-bad1.0 1.10.2-1
        [jessie] - gst-plugins-bad1.0 <no-dsa> (Minor issue, can be fixed via 
point release)
        - gst-plugins-bad0.10 <removed>
        [jessie] - gst-plugins-bad0.10 <no-dsa> (Minor issue, can be fixed via 
point release)
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774896
-CVE-2016-9808
-       RESERVED
+CVE-2016-9808 (The FLIC decoder in GStreamer before 1.10.2 allows remote 
attackers to ...)
        - gst-plugins-good1.0 1.10.1-2
        [jessie] - gst-plugins-good1.0 1.4.4-2+deb8u2
        - gst-plugins-good0.10 <removed>
@@ -12420,8 +12733,7 @@
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774859
        NOTE: 
https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
        NOTE: 
https://scarybeastsecurity.blogspot.dk/2016/11/0day-poc-incorrect-fix-for-gstreamer.html
-CVE-2016-9807
-       RESERVED
+CVE-2016-9807 (The flx_decode_chunks function in gst/flx/gstflxdec.c in 
GStreamer ...)
        - gst-plugins-good1.0 1.10.1-2
        [jessie] - gst-plugins-good1.0 1.4.4-2+deb8u2
        - gst-plugins-good0.10 <removed>
@@ -13303,21 +13615,18 @@
        [wheezy] - linux <not-affected> (Vulnerable code introduced later)
        NOTE: Fixed by: 
https://git.kernel.org/linus/7df3e59c3d1df4f87fe874c7956ef7a3d2f4d5fb (v4.9-rc3)
        NOTE: Introduced by: 
https://git.kernel.org/linus/13100a72f40f5748a04017e0ab3df4cf27c809ef (v4.7-rc1)
-CVE-2016-9312
-       RESERVED
+CVE-2016-9312 (ntpd in NTP before 4.2.8p9, when running on Windows, allows 
remote ...)
        - ntp <not-affected> (Only ntpd on Windows)
        NOTE: http://support.ntp.org/bin/view/Main/NtpBug3110
        NOTE: Only relevant for ntpd on Windows, but fixed source-wise in 
1:4.2.8p9+dfsg-1
-CVE-2016-9311
-       RESERVED
+CVE-2016-9311 (ntpd in NTP before 4.2.8p9, when the trap service is enabled, 
allows ...)
        - ntp 1:4.2.8p9+dfsg-1
        [jessie] - ntp <no-dsa> (Minor issue)
        NOTE: http://support.ntp.org/bin/view/Main/NtpBug3119
        NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0204/
        NOTE: Can be considered for a non-dsa for LTS as it is about a service
        NOTE: not normally enabled. Should be judged in more details.
-CVE-2016-9310
-       RESERVED
+CVE-2016-9310 (The control mode (mode 6) functionality in ntpd in NTP before 
4.2.8p9 ...)
        - ntp 1:4.2.8p9+dfsg-1
        [jessie] - ntp <no-dsa> (Minor issue)
        NOTE: http://support.ntp.org/bin/view/Main/NtpBug3118
@@ -13393,8 +13702,7 @@
        {DSA-3713-1 DLA-712-1}
        - gst-plugins-bad0.10 <removed>
        NOTE: 
http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html
-CVE-2016-9299 [jenkins: unauthenticated remote code execution]
-       RESERVED
+CVE-2016-9299 (The remoting module in Jenkins before 2.32 and LTS before 
2.19.3 ...)
        - jenkins <removed>
        NOTE: http://www.openwall.com/lists/oss-security/2016/11/12/4
 CVE-2016-9298 [heap overflow in WaveletDenoiseImage()]
@@ -13447,7 +13755,6 @@
        - tiff 4.0.7-1
        NOTE: 
https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5173a9b3b48146e4fd86d7b9b346115e
 CVE-2016-9535 (tif_predict.h and tif_predict.c in libtiff 4.0.6 have 
assertions that ...)
-       {DSA-3762-1}
        - tiff 4.0.7-1
        NOTE: 
https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1
        NOTE: 
https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33
@@ -14007,8 +14314,7 @@
 CVE-2016-9108
        RESERVED
        NOT-FOR-US: MuJS
-CVE-2016-9107 [gajim: otr plugin cleartext leak]
-       RESERVED
+CVE-2016-9107 (The OTR plugin for Gajim sends information in cleartext when 
using ...)
        - gajim-otr <itp> (bug #722130)
        NOTE: Upstream bug: https://trac-plugins.gajim.org/ticket/145
        NOTE: Upstream fix: 
https://trac-plugins.gajim.org/changeset/c7c2e519ed63377bc943dd01c4661b0fe49321ae
@@ -15048,25 +15354,23 @@
        RESERVED
        - jasper <not-affected> (Incomplete fix for CVE-2016-8690 not applied)
        NOTE: 
https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690
-CVE-2016-8883 [assert in jpc_dec_tiledecode()]
-       RESERVED
+CVE-2016-8883 (The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 
1.900.8 ...)
        {DLA-739-1}
        - jasper <removed>
        NOTE: https://github.com/mdadams/jasper/issues/32
        NOTE: 
https://github.com/mdadams/jasper/commit/33cc2cfa51a8d0fc3116d16cc1d8fc581b3f9e8d
-CVE-2016-8882 [segfault / null pointer access in jpc_pi_destroy]
-       RESERVED
+CVE-2016-8882 (The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in 
JasPer ...)
        {DLA-739-1}
        - jasper <removed>
        NOTE: https://github.com/mdadams/jasper/issues/30
        NOTE: 
https://github.com/mdadams/jasper/commit/69a1439a5381e42b06ec6a06ed2675eb793babee
 (version-1.900.8)
 CVE-2016-8881 [Heap overflow in jpc_getuint16()]
-       RESERVED
+       REJECTED
        - jasper 1.900.1-13
        NOTE: https://github.com/mdadams/jasper/issues/29
        NOTE: Duplicate of CVE-2011-4517, cf 
https://github.com/mdadams/jasper/issues/29#issuecomment-267322934
 CVE-2016-8880 [Heap overflow in jpc_dec_cp_setfromcox()]
-       RESERVED
+       REJECTED
        - jasper 1.900.1-13
        NOTE: https://github.com/mdadams/jasper/issues/28
        NOTE: Duplicate of CVE-2011-4516, cf 
https://github.com/mdadams/jasper/issues/28#issuecomment-267053875
@@ -15294,8 +15598,7 @@
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73280
        NOTE: 
https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9
        NOTE: http://www.openwall.com/lists/oss-security/2016/10/15/1
-CVE-2016-8671 [Incomplete fix for CVE-2016-6887]
-       RESERVED
+CVE-2016-8671 (The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does 
not ...)
        - matrixssl <not-affected> (Incomplete fix for CVE-2016-6887 not 
applied)
        NOTE: 
https://blog.fuzzing-project.org/54-Update-on-MatrixSSL-miscalculation-incomplete-fix-for-CVE-2016-6887.html
 CVE-2016-8669 (The serial_update_parameters function in hw/char/serial.c in 
QEMU (aka ...)
@@ -15644,15 +15947,13 @@
        [jessie] - linux 3.16.39-1
        [wheezy] - linux <not-affected> (Vulnerable code introduced later in 
3.7)
        NOTE: Fixed by: 
https://git.kernel.org/linus/ded89912156b1a47d940a0c954c43afbabd0c42c (v4.8-rc8)
-CVE-2016-8606 [REPL server vulnerable to HTTP inter-protocol attacks]
-       RESERVED
+CVE-2016-8606 (The REPL server (--listen) in GNU Guile 2.0.12 allows an 
attacker to ...)
        {DLA-666-1}
        - guile-2.0 2.0.13+1-1 (low; bug #840555)
        [jessie] - guile-2.0 <no-dsa> (Minor issue)
        - guile-1.8 <not-affected> (repl server introduced in 2.0)
        NOTE: Patch: 
http://git.savannah.gnu.org/cgit/guile.git/commit/?h=stable-2.0&id=08c021916dbd3a235a9f9cc33df4c418c0724e03
-CVE-2016-8605 [Thread-unsafe umask modification]
-       RESERVED
+CVE-2016-8605 (The mkdir procedure of GNU Guile temporarily changed the 
process' ...)
        {DLA-666-1}
        - guile-2.0 2.0.13+1-1 (low; bug #840556)
        [jessie] - guile-2.0 <no-dsa> (Minor issue)
@@ -15999,114 +16300,114 @@
        RESERVED
 CVE-2016-8476
        RESERVED
-CVE-2016-8475
-       RESERVED
-CVE-2016-8474
-       RESERVED
-CVE-2016-8473
-       RESERVED
-CVE-2016-8472
-       RESERVED
-CVE-2016-8471
-       RESERVED
-CVE-2016-8470
-       RESERVED
-CVE-2016-8469
-       RESERVED
-CVE-2016-8468
-       RESERVED
-CVE-2016-8467
-       RESERVED
-CVE-2016-8466
-       RESERVED
-CVE-2016-8465
-       RESERVED
-CVE-2016-8464
-       RESERVED
-CVE-2016-8463
-       RESERVED
-CVE-2016-8462
-       RESERVED
-CVE-2016-8461
-       RESERVED
-CVE-2016-8460
-       RESERVED
-CVE-2016-8459
-       RESERVED
-CVE-2016-8458
-       RESERVED
-CVE-2016-8457
-       RESERVED
-CVE-2016-8456
-       RESERVED
-CVE-2016-8455
-       RESERVED
-CVE-2016-8454
-       RESERVED
-CVE-2016-8453
-       RESERVED
-CVE-2016-8452
-       RESERVED
-CVE-2016-8451
-       RESERVED
-CVE-2016-8450
-       RESERVED
-CVE-2016-8449
-       RESERVED
-CVE-2016-8448
-       RESERVED
-CVE-2016-8447
-       RESERVED
-CVE-2016-8446
-       RESERVED
-CVE-2016-8445
-       RESERVED
-CVE-2016-8444
-       RESERVED
-CVE-2016-8443
-       RESERVED
-CVE-2016-8442
-       RESERVED
-CVE-2016-8441
-       RESERVED
-CVE-2016-8440
-       RESERVED
-CVE-2016-8439
-       RESERVED
-CVE-2016-8438
-       RESERVED
-CVE-2016-8437
-       RESERVED
-CVE-2016-8436
-       RESERVED
-CVE-2016-8435
-       RESERVED
-CVE-2016-8434
-       RESERVED
-CVE-2016-8433
-       RESERVED
-CVE-2016-8432
-       RESERVED
-CVE-2016-8431
-       RESERVED
-CVE-2016-8430
-       RESERVED
-CVE-2016-8429
-       RESERVED
-CVE-2016-8428
-       RESERVED
-CVE-2016-8427
-       RESERVED
-CVE-2016-8426
-       RESERVED
-CVE-2016-8425
-       RESERVED
-CVE-2016-8424
-       RESERVED
-CVE-2016-8423
-       RESERVED
-CVE-2016-8422
-       RESERVED
+CVE-2016-8475 (An information disclosure vulnerability in the HTC input driver 
could ...)
+       TODO: check
+CVE-2016-8474 (An information disclosure vulnerability in the 
STMicroelectronics ...)
+       TODO: check
+CVE-2016-8473 (An information disclosure vulnerability in the 
STMicroelectronics ...)
+       TODO: check
+CVE-2016-8472 (An information disclosure vulnerability in the MediaTek driver 
could ...)
+       TODO: check
+CVE-2016-8471 (An information disclosure vulnerability in the MediaTek driver 
could ...)
+       TODO: check
+CVE-2016-8470 (An information disclosure vulnerability in the MediaTek driver 
could ...)
+       TODO: check
+CVE-2016-8469 (An information disclosure vulnerability in the camera driver 
could ...)
+       TODO: check
+CVE-2016-8468 (An elevation of privilege vulnerability in Binder could enable 
a local ...)
+       TODO: check
+CVE-2016-8467 (An elevation of privilege vulnerability in the bootloader could 
enable ...)
+       TODO: check
+CVE-2016-8466 (An elevation of privilege vulnerability in the Broadcom Wi-Fi 
driver ...)
+       TODO: check
+CVE-2016-8465 (An elevation of privilege vulnerability in the Broadcom Wi-Fi 
driver ...)
+       TODO: check
+CVE-2016-8464 (An elevation of privilege vulnerability in the Broadcom Wi-Fi 
driver ...)
+       TODO: check
+CVE-2016-8463 (A denial of service vulnerability in the Qualcomm FUSE file 
system ...)
+       TODO: check
+CVE-2016-8462 (An information disclosure vulnerability in the bootloader could 
enable ...)
+       TODO: check
+CVE-2016-8461 (An information disclosure vulnerability in the bootloader could 
enable ...)
+       TODO: check
+CVE-2016-8460 (An information disclosure vulnerability in the NVIDIA video 
driver ...)
+       TODO: check
+CVE-2016-8459 (Possible buffer overflow in storage subsystem. Bad parameters 
as part ...)
+       TODO: check
+CVE-2016-8458 (An elevation of privilege vulnerability in the Synaptics 
touchscreen ...)
+       TODO: check
+CVE-2016-8457 (An elevation of privilege vulnerability in the Broadcom Wi-Fi 
driver ...)
+       TODO: check
+CVE-2016-8456 (An elevation of privilege vulnerability in the Broadcom Wi-Fi 
driver ...)
+       TODO: check
+CVE-2016-8455 (An elevation of privilege vulnerability in the Broadcom Wi-Fi 
driver ...)
+       TODO: check
+CVE-2016-8454 (An elevation of privilege vulnerability in the Broadcom Wi-Fi 
driver ...)
+       TODO: check
+CVE-2016-8453 (An elevation of privilege vulnerability in the Broadcom Wi-Fi 
driver ...)
+       TODO: check
+CVE-2016-8452 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi 
driver ...)
+       TODO: check
+CVE-2016-8451 (An elevation of privilege vulnerability in the Synaptics 
touchscreen ...)
+       TODO: check
+CVE-2016-8450 (An elevation of privilege vulnerability in the Qualcomm sound 
driver ...)
+       TODO: check
+CVE-2016-8449 (An elevation of privilege vulnerability in the NVIDIA GPU 
driver could ...)
+       TODO: check
+CVE-2016-8448 (An elevation of privilege vulnerability in MediaTek components, 
...)
+       TODO: check
+CVE-2016-8447 (An elevation of privilege vulnerability in MediaTek components, 
...)
+       TODO: check
+CVE-2016-8446 (An elevation of privilege vulnerability in MediaTek components, 
...)
+       TODO: check
+CVE-2016-8445 (An elevation of privilege vulnerability in MediaTek components, 
...)
+       TODO: check
+CVE-2016-8444 (An elevation of privilege vulnerability in the Qualcomm camera 
could ...)
+       TODO: check
+CVE-2016-8443 (Possible unauthorized memory access in the hypervisor. 
Incorrect ...)
+       TODO: check
+CVE-2016-8442 (Possible unauthorized memory access in the hypervisor. Lack of 
input ...)
+       TODO: check
+CVE-2016-8441 (Possible buffer overflow in the hypervisor. Inappropriate usage 
of a ...)
+       TODO: check
+CVE-2016-8440 (Possible buffer overflow in SMMU system call. Improper input 
...)
+       TODO: check
+CVE-2016-8439 (Possible buffer overflow in trust zone access control API. 
Buffer ...)
+       TODO: check
+CVE-2016-8438 (Integer overflow leading to a TOCTOU condition in hypervisor 
PIL. An ...)
+       TODO: check
+CVE-2016-8437 (Improper input validation in Access Control APIs. Access 
control API ...)
+       TODO: check
+CVE-2016-8436 (An elevation of privilege vulnerability in the Qualcomm video 
driver ...)
+       TODO: check
+CVE-2016-8435 (An elevation of privilege vulnerability in the NVIDIA GPU 
driver could ...)
+       TODO: check
+CVE-2016-8434 (An elevation of privilege vulnerability in the Qualcomm GPU 
driver ...)
+       TODO: check
+CVE-2016-8433 (An elevation of privilege vulnerability in the MediaTek driver 
could ...)
+       TODO: check
+CVE-2016-8432 (An elevation of privilege vulnerability in the NVIDIA GPU 
driver could ...)
+       TODO: check
+CVE-2016-8431 (An elevation of privilege vulnerability in the NVIDIA GPU 
driver could ...)
+       TODO: check
+CVE-2016-8430 (An elevation of privilege vulnerability in the NVIDIA GPU 
driver could ...)
+       TODO: check
+CVE-2016-8429 (An elevation of privilege vulnerability in the NVIDIA GPU 
driver could ...)
+       TODO: check
+CVE-2016-8428 (An elevation of privilege vulnerability in the NVIDIA GPU 
driver could ...)
+       TODO: check
+CVE-2016-8427 (An elevation of privilege vulnerability in the NVIDIA GPU 
driver could ...)
+       TODO: check
+CVE-2016-8426 (An elevation of privilege vulnerability in the NVIDIA GPU 
driver could ...)
+       TODO: check
+CVE-2016-8425 (An elevation of privilege vulnerability in the NVIDIA GPU 
driver could ...)
+       TODO: check
+CVE-2016-8424 (An elevation of privilege vulnerability in the NVIDIA GPU 
driver could ...)
+       TODO: check
+CVE-2016-8423 (An elevation of privilege vulnerability in the Qualcomm 
bootloader ...)
+       TODO: check
+CVE-2016-8422 (An elevation of privilege vulnerability in the Qualcomm 
bootloader ...)
+       TODO: check
 CVE-2016-8421
        RESERVED
 CVE-2016-8420
@@ -16119,60 +16420,59 @@
        RESERVED
 CVE-2016-8416
        RESERVED
-CVE-2016-8415
-       RESERVED
+CVE-2016-8415 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi 
driver ...)
+       TODO: check
 CVE-2016-8414
        RESERVED
 CVE-2016-8413
        RESERVED
-CVE-2016-8412
-       RESERVED
+CVE-2016-8412 (An elevation of privilege vulnerability in the Qualcomm camera 
could ...)
+       TODO: check
 CVE-2016-8411
        RESERVED
-CVE-2016-8410
-       RESERVED
-CVE-2016-8409
-       RESERVED
-CVE-2016-8408
-       RESERVED
-CVE-2016-8407
-       RESERVED
-CVE-2016-8406
-       RESERVED
-CVE-2016-8405
-       RESERVED
-CVE-2016-8404
-       RESERVED
-CVE-2016-8403
-       RESERVED
-CVE-2016-8402
-       RESERVED
-CVE-2016-8401
-       RESERVED
-CVE-2016-8400
-       RESERVED
-CVE-2016-8399
-       RESERVED
+CVE-2016-8410 (An information disclosure vulnerability in the Qualcomm sound 
driver ...)
+       TODO: check
+CVE-2016-8409 (An information disclosure vulnerability in the NVIDIA video 
driver ...)
+       TODO: check
+CVE-2016-8408 (An information disclosure vulnerability in the NVIDIA video 
driver ...)
+       TODO: check
+CVE-2016-8407 (An information disclosure vulnerability in kernel components 
including ...)
+       TODO: check
+CVE-2016-8406 (An information disclosure vulnerability in kernel components 
including ...)
+       TODO: check
+CVE-2016-8405 (An information disclosure vulnerability in kernel components 
including ...)
+       TODO: check
+CVE-2016-8404 (An information disclosure vulnerability in kernel components 
including ...)
+       TODO: check
+CVE-2016-8403 (An information disclosure vulnerability in kernel components 
including ...)
+       TODO: check
+CVE-2016-8402 (An information disclosure vulnerability in kernel components 
including ...)
+       TODO: check
+CVE-2016-8401 (An information disclosure vulnerability in kernel components 
including ...)
+       TODO: check
+CVE-2016-8400 (An information disclosure vulnerability in the NVIDIA librm 
library ...)
+       TODO: check
+CVE-2016-8399 (An elevation of privilege vulnerability in the kernel 
networking ...)
        {DLA-772-1}
        - linux 4.8.15-1
        [jessie] - linux 3.16.39-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/0eab121ef8750a5c8637d51534d5e9143fb0633f
-CVE-2016-8398
-       RESERVED
-CVE-2016-8397
-       RESERVED
-CVE-2016-8396
-       RESERVED
-CVE-2016-8395
-       RESERVED
-CVE-2016-8394
-       RESERVED
-CVE-2016-8393
-       RESERVED
-CVE-2016-8392
-       RESERVED
-CVE-2016-8391
-       RESERVED
+CVE-2016-8398 (Unauthenticated messages processed by the UE. Certain NAS 
messages are ...)
+       TODO: check
+CVE-2016-8397 (An information disclosure vulnerability in the NVIDIA video 
driver ...)
+       TODO: check
+CVE-2016-8396 (An information disclosure vulnerability in the MediaTek video 
driver ...)
+       TODO: check
+CVE-2016-8395 (A denial of service vulnerability in the NVIDIA camera driver 
could ...)
+       TODO: check
+CVE-2016-8394 (An elevation of privilege vulnerability in the Synaptics 
touchscreen ...)
+       TODO: check
+CVE-2016-8393 (An elevation of privilege vulnerability in the Synaptics 
touchscreen ...)
+       TODO: check
+CVE-2016-8392 (An elevation of privilege vulnerability in the Qualcomm sound 
driver ...)
+       TODO: check
+CVE-2016-8391 (An elevation of privilege vulnerability in the Qualcomm sound 
driver ...)
+       TODO: check
 CVE-2016-1000246
        RESERVED
 CVE-2016-1000245
@@ -16697,8 +16997,8 @@
        NOT-FOR-US: Lenovo
 CVE-2016-8222 (A vulnerability has been identified in a signed kernel driver 
for the ...)
        NOT-FOR-US: Lenovo
-CVE-2016-8221
-       RESERVED
+CVE-2016-8221 (Privilege Escalation in Lenovo XClarity Administrator earlier 
than ...)
+       TODO: check
 CVE-2016-7423 (The mptsas_process_scsi_io_request function in QEMU (aka Quick 
...)
        - qemu 1:2.7+dfsg-1 (bug #838145)
        [jessie] - qemu <not-affected> (Vulnerable code introduced later)
@@ -16753,20 +17053,20 @@
        RESERVED
 CVE-2016-8208
        RESERVED
-CVE-2016-8207
-       RESERVED
-CVE-2016-8206
-       RESERVED
-CVE-2016-8205
-       RESERVED
-CVE-2016-8204
-       RESERVED
+CVE-2016-8207 (A Directory Traversal vulnerability in CliMonitorReportServlet 
in the ...)
+       TODO: check
+CVE-2016-8206 (A Directory Traversal vulnerability in servlet 
SoftwareImageUpload in ...)
+       TODO: check
+CVE-2016-8205 (A Directory Traversal vulnerability in 
DashboardFileReceiveServlet in ...)
+       TODO: check
+CVE-2016-8204 (A Directory Traversal vulnerability in FileReceiveServlet in 
the ...)
+       TODO: check
 CVE-2016-8203 (A memory corruption in the IPsec code path of Brocade NetIron 
OS on ...)
        NOT-FOR-US: Brocade
 CVE-2016-8202
        RESERVED
-CVE-2016-8201
-       RESERVED
+CVE-2016-8201 (A CSRF vulnerability in Brocade Virtual Traffic Manager 
versions ...)
+       TODO: check
 CVE-2016-7444 (The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in 
GnuTLS ...)
        - gnutls28 3.5.3-4
        [jessie] - gnutls28 3.3.8-6+deb8u4
@@ -18158,8 +18458,7 @@
 CVE-2016-7905 (The read_gab2_sub function in libavformat/avidec.c in FFmpeg 
before ...)
        - ffmpeg 7:3.1.4-1 (bug #840434)
        NOTE: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/622ccbd8ab894e3ac6cdf607e3d4f39e406786e9
 (n3.1.4)
-CVE-2016-7904
-       RESERVED
+CVE-2016-7904 (Cross-site request forgery (CSRF) vulnerability in CMS Made 
Simple ...)
        NOT-FOR-US: CMS Made Simple
 CVE-2016-7903 (Dotclear before 2.10.3, when the Host header is not part of the 
web ...)
        - dotclear <removed>
@@ -18420,11 +18719,9 @@
        - git-hub 0.10.2-2 (bug #839284)
 CVE-2016-7792
        RESERVED
-CVE-2016-7791
-       RESERVED
+CVE-2016-7791 (Exponent CMS 2.3.9 suffers from a remote code execution 
vulnerability ...)
        NOT-FOR-US: Exponent CMS
-CVE-2016-7790
-       RESERVED
+CVE-2016-7790 (Exponent CMS 2.3.9 suffers from a remote code execution 
vulnerability ...)
        NOT-FOR-US: Exponent CMS
 CVE-2016-7789
        RESERVED
@@ -19198,14 +19495,12 @@
        RESERVED
 CVE-2016-7435 (The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) 
SCTC_REFRESH_CHECK_ENV, and ...)
        NOT-FOR-US: SAP Netweaver
-CVE-2016-7434
-       RESERVED
+CVE-2016-7434 (The read_mru_list function in NTP before 4.2.8p9 allows remote 
...)
        - ntp 1:4.2.8p9+dfsg-1
        [jessie] - ntp <not-affected> (mrulist introduced in ntp-4.2.7p22, 
vulnerable code not present)
        NOTE: http://support.ntp.org/bin/view/Main/NtpBug3082
        NOTE: Only possible to trigger from hosts in allow mrulist query.
-CVE-2016-7433
-       RESERVED
+CVE-2016-7433 (NTP before 4.2.8p9 does not properly perform the initial sync 
...)
        - ntp 1:4.2.8p9+dfsg-1
        [jessie] - ntp <not-affected> (Vulnerable code introduced in 
ntp-4.2.7p385)
        [wheezy] - ntp <not-affected> (Vulnerable code introduced in 
ntp-4.2.7p385)
@@ -19215,22 +19510,19 @@
        NOTE: itself in general is incorrect in all version of ntp-4 until 
ntp-4.2.8p9
 CVE-2016-7432
        RESERVED
-CVE-2016-7431
-       RESERVED
+CVE-2016-7431 (NTP before 4.2.8p9 allows remote attackers to bypass the origin 
...)
        - ntp 1:4.2.8p9+dfsg-1
        [jessie] - ntp <not-affected> (Vulnerable code not present)
        [wheezy] - ntp <not-affected> (Vulnerable code introduced later)
        NOTE: http://support.ntp.org/bin/view/Main/NtpBug3102
 CVE-2016-7430
        RESERVED
-CVE-2016-7429
-       RESERVED
+CVE-2016-7429 (NTP before 4.2.8p9 changes the peer structure to the interface 
it ...)
        - ntp 1:4.2.8p9+dfsg-1
        [jessie] - ntp <no-dsa> (Minor issue)
        [wheezy] - ntp <no-dsa> (Minor issue, only possible if rp_filter is 0)
        NOTE: http://support.ntp.org/bin/view/Main/NtpBug3072
-CVE-2016-7428
-       RESERVED
+CVE-2016-7428 (ntpd in NTP before 4.2.8p9 allows remote attackers to cause a 
denial ...)
        - ntp 1:4.2.8p9+dfsg-1
        [jessie] - ntp <not-affected> (Vulnerable code not present)
        [wheezy] - ntp <not-affected> (Vulnerable code not present)
@@ -19239,8 +19531,7 @@
        NOTE: The fixes for CVE-2015-7973 have added several new integrity 
checks on incoming
        NOTE: broadcast mode packets and issue got introduced with code changes 
to fix that
        NOTE: issue.
-CVE-2016-7427
-       RESERVED
+CVE-2016-7427 (The broadcast mode replay prevention functionality in ntpd in 
NTP ...)
        - ntp 1:4.2.8p9+dfsg-1
        [jessie] - ntp <not-affected> (Vulnerable code not present)
        [wheezy] - ntp <not-affected> (Vulnerable code not present)
@@ -19249,8 +19540,7 @@
        NOTE: The fixes for CVE-2015-7973 have added several new integrity 
checks on incoming
        NOTE: broadcast mode packets and issue got introduced with code changes 
to fix that
        NOTE: issue.
-CVE-2016-7426
-       RESERVED
+CVE-2016-7426 (NTP before 4.2.8p9 rate limits responses received from the 
configured ...)
        - ntp 1:4.2.8p9+dfsg-1
        [jessie] - ntp <no-dsa> (Minor issue)
        NOTE: http://support.ntp.org/bin/view/Main/NtpBug3071
@@ -19921,8 +20211,8 @@
        TODO: check
 CVE-2016-1000213 (Ruckus Wireless H500 web management interface CSRF ...)
        TODO: check
-CVE-2010-5327
-       RESERVED
+CVE-2010-5327 (Liferay Portal through 6.2.10 allows remote authenticated users 
to ...)
+       TODO: check
 CVE-2016-7551 [AST-2016-007]
        RESERVED
        {DSA-3700-1 DLA-781-1}
@@ -21249,82 +21539,82 @@
        NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-6792
        RESERVED
-CVE-2016-6791
-       RESERVED
-CVE-2016-6790
-       RESERVED
-CVE-2016-6789
-       RESERVED
-CVE-2016-6788
-       RESERVED
+CVE-2016-6791 (An elevation of privilege vulnerability in the Qualcomm sound 
driver ...)
+       TODO: check
+CVE-2016-6790 (An elevation of privilege vulnerability in the NVIDIA libomx 
library ...)
+       TODO: check
+CVE-2016-6789 (An elevation of privilege vulnerability in the NVIDIA libomx 
library ...)
+       TODO: check
+CVE-2016-6788 (An elevation of privilege vulnerability in the MediaTek I2C 
driver ...)
+       TODO: check
 CVE-2016-6787 (kernel/events/core.c in the performance subsystem in the Linux 
kernel ...)
        - linux 4.0.2-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/f63a8daa5812afef4f06c962351687e1ff9ccb2b (v4.0-rc1)
 CVE-2016-6786 (kernel/events/core.c in the performance subsystem in the Linux 
kernel ...)
        - linux 4.0.2-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/f63a8daa5812afef4f06c962351687e1ff9ccb2b (v4.0-rc1)
-CVE-2016-6785
-       RESERVED
-CVE-2016-6784
-       RESERVED
-CVE-2016-6783
-       RESERVED
-CVE-2016-6782
-       RESERVED
-CVE-2016-6781
-       RESERVED
-CVE-2016-6780
-       RESERVED
-CVE-2016-6779
-       RESERVED
-CVE-2016-6778
-       RESERVED
-CVE-2016-6777
-       RESERVED
-CVE-2016-6776
-       RESERVED
-CVE-2016-6775
-       RESERVED
-CVE-2016-6774
-       RESERVED
-CVE-2016-6773
-       RESERVED
-CVE-2016-6772
-       RESERVED
-CVE-2016-6771
-       RESERVED
-CVE-2016-6770
-       RESERVED
-CVE-2016-6769
-       RESERVED
-CVE-2016-6768
-       RESERVED
-CVE-2016-6767
-       RESERVED
-CVE-2016-6766
-       RESERVED
-CVE-2016-6765
-       RESERVED
-CVE-2016-6764
-       RESERVED
-CVE-2016-6763
-       RESERVED
-CVE-2016-6762
-       RESERVED
-CVE-2016-6761
-       RESERVED
-CVE-2016-6760
-       RESERVED
-CVE-2016-6759
-       RESERVED
-CVE-2016-6758
-       RESERVED
-CVE-2016-6757
-       RESERVED
-CVE-2016-6756
-       RESERVED
-CVE-2016-6755
-       RESERVED
+CVE-2016-6785 (An elevation of privilege vulnerability in the MediaTek driver 
could ...)
+       TODO: check
+CVE-2016-6784 (An elevation of privilege vulnerability in the MediaTek driver 
could ...)
+       TODO: check
+CVE-2016-6783 (An elevation of privilege vulnerability in the MediaTek driver 
could ...)
+       TODO: check
+CVE-2016-6782 (An elevation of privilege vulnerability in the MediaTek driver 
could ...)
+       TODO: check
+CVE-2016-6781 (An elevation of privilege vulnerability in the MediaTek driver 
could ...)
+       TODO: check
+CVE-2016-6780 (An elevation of privilege vulnerability in the HTC sound codec 
driver ...)
+       TODO: check
+CVE-2016-6779 (An elevation of privilege vulnerability in the HTC sound codec 
driver ...)
+       TODO: check
+CVE-2016-6778 (An elevation of privilege vulnerability in the HTC sound codec 
driver ...)
+       TODO: check
+CVE-2016-6777 (An elevation of privilege vulnerability in the NVIDIA GPU 
driver could ...)
+       TODO: check
+CVE-2016-6776 (An elevation of privilege vulnerability in the NVIDIA GPU 
driver could ...)
+       TODO: check
+CVE-2016-6775 (An elevation of privilege vulnerability in the NVIDIA GPU 
driver could ...)
+       TODO: check
+CVE-2016-6774 (An information disclosure vulnerability in Package Manager 
could ...)
+       TODO: check
+CVE-2016-6773 (An information disclosure vulnerability in the ih264d decoder 
in ...)
+       TODO: check
+CVE-2016-6772 (An elevation of privilege vulnerability in Wi-Fi could enable a 
local ...)
+       TODO: check
+CVE-2016-6771 (An elevation of privilege vulnerability in Telephony could 
enable a ...)
+       TODO: check
+CVE-2016-6770 (An elevation of privilege vulnerability in the Framework API 
could ...)
+       TODO: check
+CVE-2016-6769 (An elevation of privilege vulnerability in Smart Lock could 
enable a ...)
+       TODO: check
+CVE-2016-6768 (A remote code execution vulnerability in the Framesequence 
library ...)
+       TODO: check
+CVE-2016-6767 (A denial of service vulnerability in Mediaserver could enable 
an ...)
+       TODO: check
+CVE-2016-6766 (A denial of service vulnerability in libmedia and 
libstagefright in ...)
+       TODO: check
+CVE-2016-6765 (A denial of service vulnerability in libstagefright in 
Mediaserver ...)
+       TODO: check
+CVE-2016-6764 (A denial of service vulnerability in Mediaserver could enable 
an ...)
+       TODO: check
+CVE-2016-6763 (A denial of service vulnerability in Telephony could enable a 
local ...)
+       TODO: check
+CVE-2016-6762 (An elevation of privilege vulnerability in the libziparchive 
library ...)
+       TODO: check
+CVE-2016-6761 (An elevation of privilege vulnerability in Qualcomm media 
codecs could ...)
+       TODO: check
+CVE-2016-6760 (An elevation of privilege vulnerability in Qualcomm media 
codecs could ...)
+       TODO: check
+CVE-2016-6759 (An elevation of privilege vulnerability in Qualcomm media 
codecs could ...)
+       TODO: check
+CVE-2016-6758 (An elevation of privilege vulnerability in Qualcomm media 
codecs could ...)
+       TODO: check
+CVE-2016-6757 (An information disclosure vulnerability in Qualcomm components 
...)
+       TODO: check
+CVE-2016-6756 (An information disclosure vulnerability in Qualcomm components 
...)
+       TODO: check
+CVE-2016-6755 (An elevation of privilege vulnerability in the Qualcomm camera 
driver ...)
+       TODO: check
 CVE-2016-6754 (A remote code execution vulnerability in Webview in Android 
5.0.x ...)
        TODO: check
 CVE-2016-6753 (An information disclosure vulnerability in kernel components, 
...)
@@ -21681,16 +21971,13 @@
        - imagemagick 8:6.9.6.2+dfsg-2 (bug #833730)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/989f9f88ea6db09b99d25586e912c921c0da8d3f
        NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
-CVE-2016-6887 [... wrong calculation result ...]
-       RESERVED
+CVE-2016-6887 (The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does 
not ...)
        - matrixssl <removed>
        [wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
-CVE-2016-6886 [... crash issue ...]
-       RESERVED
+CVE-2016-6886 (The pstm_reverse function in MatrixSSL before 3.8.4 allows 
remote ...)
        - matrixssl <removed>
        [wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
-CVE-2016-6885 [... Testing MatrixSSL's pstm_exptmod with base zero ...]
-       RESERVED
+CVE-2016-6885 (The pstm_exptmod function in MatrixSSL before 3.8.4 allows 
remote ...)
        - matrixssl <removed>
        [wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
 CVE-2016-6884 [Access Violation on Malicious TLS Record]
@@ -22338,8 +22625,7 @@
        NOTE: Fixed in experimental 1:2.6.11-1, first version in unstable 
1:2.6.12-1
        NOTE: https://jira.mongodb.org/browse/SERVER-9476
        NOTE: Fixed by: 
https://github.com/mongodb/mongo/commit/f85ceb17b37210eef71e8113162c41368bfd5c12
-CVE-2016-6492
-       RESERVED
+CVE-2016-6492 (The MT6573FDVT_SetRegHW function in camera_fdvt.c in the 
MediaTek ...)
        NOT-FOR-US: Out of tree driver from 
https://github.com/jawad6233/MT6795.kernel
 CVE-2016-6488
        RESERVED
@@ -25063,8 +25349,7 @@
        NOTE: 
https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html
        NOTE: http://www.openwall.com/lists/oss-security/2016/06/22/3
        NOTE: 
https://github.com/movabletype/movabletype/commit/42113544e7d8ebf6064b7b01b921734b667a1682
-CVE-2016-5737
-       RESERVED
+CVE-2016-5737 (The Gerrit configuration in the Openstack Puppet module for 
Gerrit ...)
        NOT-FOR-US: Openstack-infra puppet-gerrit module
 CVE-2016-5729 (Lenovo BIOS EFI Driver allows local administrators to execute 
...)
        NOT-FOR-US: Lenovo
@@ -25105,8 +25390,8 @@
        RESERVED
 CVE-2016-5716
        RESERVED
-CVE-2016-5715
-       RESERVED
+CVE-2016-5715 (Open redirect vulnerability in the Console in Puppet Enterprise 
2015.x ...)
+       TODO: check
 CVE-2016-5714
        RESERVED
 CVE-2016-5713
@@ -33391,14 +33676,14 @@
        NOTE: https://bugs.php.net/bug.php?id=70350
        NOTE: https://bugs.php.net/bug.php?id=67996
        NOTE: 
https://github.com/facebook/hhvm/commit/65c95a01541dd2fbc9c978ac53bed235b5376686
-CVE-2016-3152
-       RESERVED
-CVE-2016-3151
-       RESERVED
-CVE-2016-3150
-       RESERVED
-CVE-2016-3149
-       RESERVED
+CVE-2016-3152 (Barco ClickShare CSC-1 devices with firmware before 01.09.03 
allow ...)
+       TODO: check
+CVE-2016-3151 (Directory traversal vulnerability in the wallpaper parsing ...)
+       TODO: check
+CVE-2016-3150 (Cross-site scripting (XSS) vulnerability in wallpaper.php in 
the Base ...)
+       TODO: check
+CVE-2016-3149 (Barco ClickShare CSC-1 devices with firmware before 01.09.03 
and CSM-1 ...)
+       TODO: check
 CVE-2016-3148
        RESERVED
 CVE-2016-3147
@@ -33424,12 +33709,12 @@
        NOTE: 
http://git.php.net/?p=php-src.git;a=commit;h=28a6ed9f9a36b9c517e4a8a429baf4dd382fc5d5
 CVE-2016-3131
        RESERVED
-CVE-2016-3130
-       RESERVED
+CVE-2016-3130 (An information disclosure vulnerability in the Core and 
Management ...)
+       TODO: check
 CVE-2016-3129 (A remote shell execution vulnerability in the BlackBerry Good 
...)
        TODO: check
-CVE-2016-3128
-       RESERVED
+CVE-2016-3128 (A spoofing vulnerability in the Core of BlackBerry Enterprise 
Server ...)
+       TODO: check
 CVE-2016-3127
        RESERVED
 CVE-2016-3126 (Cross-site scripting (XSS) vulnerability in the Management 
Console in ...)
@@ -37238,8 +37523,7 @@
        [jessie] - dwarfutils 20120410-2+deb8u1
        NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/3
        NOTE: Fixed by 
http://sourceforge.net/p/libdwarf/code/ci/9565964f26966d8391fe2cfa8e6e8e59278c5f91
-CVE-2016-2090 [Heap buffer overflow in fgetwln function of libbsd]
-       RESERVED
+CVE-2016-2090 (Off-by-one vulnerability in the fgetwln function in libbsd 
before ...)
        - libbsd 0.8.2-1
        [jessie] - libbsd <no-dsa> (Minor issue)
        [wheezy] - libbsd <not-affected> (Vulnerable code not present)
@@ -41472,7 +41756,7 @@
        RESERVED
 CVE-2016-0918 (EMC RSA Identity Management and Governance before 6.8.1 P25 and 
6.9.x ...)
        NOT-FOR-US: EMC RSA Identity Governance and Lifecycle
-CVE-2016-0917 (The SMB service in EMC VNXe, VNX1 File OE before 7.1.80.3, and 
VNX2 ...)
+CVE-2016-0917 (The SMB service in EMC VNXe (VNXe3200 Operating Environment 
prior to ...)
        NOT-FOR-US: EMC VNX
 CVE-2016-0916 (EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 
...)
        NOT-FOR-US: EMC NetWorker
@@ -50085,8 +50369,8 @@
        RESERVED
 CVE-2015-6502
        RESERVED
-CVE-2015-6501
-       RESERVED
+CVE-2015-6501 (Open redirect vulnerability in the Console in Puppet Enterprise 
before ...)
+       TODO: check
 CVE-2015-6500 (Directory traversal vulnerability in ownCloud Server before 
8.0.6 and ...)
        {DSA-3373-1}
        - owncloud 7.0.10~dfsg-2 (bug #800126)
@@ -59517,8 +59801,7 @@
        RESERVED
 CVE-2015-3189
        RESERVED
-CVE-2015-3188
-       RESERVED
+CVE-2015-3188 (The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows 
remote ...)
        NOT-FOR-US: Apache Storm
 CVE-2015-3187 (The svn_repos_trace_node_locations function in Apache 
Subversion ...)
        {DSA-3331-1 DLA-293-1}


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to