Author: sectracker
Date: 2017-01-23 21:10:12 +0000 (Mon, 23 Jan 2017)
New Revision: 48310
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-23 21:03:36 UTC (rev 48309)
+++ data/CVE/list 2017-01-23 21:10:12 UTC (rev 48310)
@@ -1,3 +1,87 @@
+CVE-2017-5575 (SQL injection vulnerability in inc/lib/Options.class.php in
GeniXCMS ...)
+ TODO: check
+CVE-2017-5574 (SQL injection vulnerability in register.php in GeniXCMS before
1.0.0 ...)
+ TODO: check
+CVE-2017-5573
+ RESERVED
+CVE-2017-5572
+ RESERVED
+CVE-2017-5571
+ RESERVED
+CVE-2017-5570
+ RESERVED
+CVE-2017-5569
+ RESERVED
+CVE-2017-5568
+ RESERVED
+CVE-2017-5567
+ RESERVED
+CVE-2017-5566
+ RESERVED
+CVE-2017-5565
+ RESERVED
+CVE-2017-5564
+ RESERVED
+CVE-2017-5563 (LibTIFF version 4.0.7 is vulnerable to a heap-based buffer
over-read in ...)
+ TODO: check
+CVE-2017-5562
+ RESERVED
+CVE-2017-5561
+ RESERVED
+CVE-2017-5560
+ RESERVED
+CVE-2017-5559
+ RESERVED
+CVE-2017-5558
+ RESERVED
+CVE-2017-5557
+ RESERVED
+CVE-2017-5556 (The ConvertToPDF plugin in Foxit Reader before 8.2 and
PhantomPDF ...)
+ TODO: check
+CVE-2017-5555
+ RESERVED
+CVE-2017-5554 (An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS
before ...)
+ TODO: check
+CVE-2017-5553 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2017-5545 (The main function in plistutil.c in libimobiledevice libplist
through ...)
+ TODO: check
+CVE-2017-5544 (An issue was discovered on FiberHome Fengine S5800 switches
V210R240. ...)
+ TODO: check
+CVE-2017-5543 (includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows
remote ...)
+ TODO: check
+CVE-2017-5542 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2017-5541 (Directory traversal vulnerability in ...)
+ TODO: check
+CVE-2017-5540
+ RESERVED
+CVE-2017-5539 (The patch for directory traversal (CVE-2017-5480) in
b2evolution ...)
+ TODO: check
+CVE-2017-5536
+ RESERVED
+CVE-2017-5535
+ RESERVED
+CVE-2017-5534
+ RESERVED
+CVE-2017-5533
+ RESERVED
+CVE-2017-5532
+ RESERVED
+CVE-2017-5531
+ RESERVED
+CVE-2017-5530
+ RESERVED
+CVE-2017-5529
+ RESERVED
+CVE-2017-5528
+ RESERVED
+CVE-2017-5527
+ RESERVED
+CVE-2016-10157 (Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it
tries to ...)
+ TODO: check
+CVE-2016-10156 (A flaw in systemd v228 in /src/basic/fs-util.c caused world
writable ...)
+ TODO: check
CVE-2017-XXXX [Reflected XSS vulnerability]
- cgiemail <unfixed> (bug #852031)
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2017/01/20/6
@@ -11,6 +95,7 @@
- cgiemail <unfixed> (bug #852031)
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2017/01/20/6
CVE-2016-10155 [watchdog: memory leakage in virtual hardware watchdog
wdt_i6300esb; CVE for the memory consumption issue, not an information
disclosure issue]
+ RESERVED
- qemu 1:2.8+dfsg-2 (bug #852232)
- qemu-kvm <removed>
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2016-12/msg03104.html
@@ -18,22 +103,27 @@
NOTE: Fixed by:
http://git.qemu.org/?p=qemu.git;a=commit;h=eb7a20a3616085d46aa6b4b4224e15587ec67e6e
TODO: check affected versions
CVE-2016-10154 [cifs: Fix smbencrypt() to stop pointing a scatterlist at the
stack]
+ RESERVED
- linux 4.9.2-1
NOTE: Fixed by:
https://git.kernel.org/linus/06deeec77a5a689cc94b21a8a91a76e42176685d
(v4.10-rc1)
CVE-2016-10153 [libceph: introduce ceph_crypt() for in-place en/decryption]
+ RESERVED
- linux <unfixed>
NOTE: Fixed by:
https://git.kernel.org/linus/a45f795c65b479b4ba107b6ccde29b896d51ee98
(v4.10-rc1)
CVE-2016-10152 [Use of hard-coded DNS domain if configuration file cannot be
read]
+ RESERVED
- hesiod <unfixed> (low; bug #852093)
[jessie] - hesiod <no-dsa> (Minor issue)
NOTE: https://github.com/achernya/hesiod/pull/10
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1332493
CVE-2016-10151 [Weak SUID check allowing privilege elevation]
+ RESERVED
- hesiod <unfixed> (low; bug #852094)
[jessie] - hesiod <no-dsa> (Minor issue)
NOTE: https://github.com/achernya/hesiod/pull/9
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1332508
CVE-2016-10150 [kvm: use-after-free issue while creating devices]
+ RESERVED
- linux 4.8.15-1
[jessie] - linux <not-affected> (Vulnerable code introduced later)
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
@@ -47,6 +137,7 @@
NOTE: https://core.trac.wordpress.org/ticket/37490
NOTE: https://core.trac.wordpress.org/changeset/38168
CVE-2017-5552 [display: virtio-gpu-3d: memory leakage in
virgl_resource_attach_backing; CVE for the memory consumption issue, not an
information disclosure issue]
+ RESERVED
- qemu 1:2.8+dfsg-2 (bug #852119)
[jessie] - qemu <not-affected> (Vulnerable code not present)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
@@ -55,33 +146,41 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415281
NOTE: Fixed by:
http://git.qemu.org/?p=qemu.git;a=commit;h=33243031dad02d161225ba99d782616da133f689
CVE-2017-5551 [sgid bit not cleared on tmpfs]
+ RESERVED
- linux <unfixed>
NOTE: Fixed by:
https://git.kernel.org/linus/497de07d89c1410d76a15bec2bb41f24a2a89f31 (4.10-rc4)
CVE-2017-5550 [fix a fencepost error in pipe_advance()]
+ RESERVED
- linux <unfixed>
NOTE: Fixed by:
https://git.kernel.org/linus/b9dc6f65bc5e232d1c05fe34b5daadc7e8bbf1fb (4.10-rc4)
CVE-2017-5549 [USB: serial: kl5kusb105: fix line-state error handling]
+ RESERVED
- linux <unfixed>
NOTE: Fixed by:
https://git.kernel.org/linus/146cc8a17a3b4996f6805ee5c080e7101277c410 (4.10-rc4)
CVE-2017-5548 [ieee802154: atusb: do not use the stack for buffers to make
them DMA able]
+ RESERVED
- linux <unfixed>
NOTE: Fixed by:
https://git.kernel.org/linus/05a974efa4bdf6e2a150e3f27dc6fcf0a9ad5655
CVE-2017-5547 [HID: corsair: fix DMA buffers on stack]
+ RESERVED
- linux <unfixed>
[jessie] - linux <not-affected> (Vulnerable code introduced in v4.4-rc1)
[wheezy] - linux <not-affected> (Vulnerable code introduced in v4.4-rc1)
NOTE: Fixed by:
https://git.kernel.org/linus/6d104af38b570d37aa32a5803b04c354f8ed513d
CVE-2017-5546 [mm/slab.c: fix SLAB freelist randomization duplicate entries]
+ RESERVED
- linux <unfixed>
[jessie] - linux <not-affected> (freelist randomisation introduced in
4.7)
[wheezy] - linux <not-affected> (freelist randomisation introduced in
4.7)
NOTE: Fixed by:
https://git.kernel.org/linus/c4e490cf148e85ead0d1b1c2caaba833f1d5b29f
(v4.10-rc4)
CVE-2017-5538
+ RESERVED
NOT-FOR-US: Samsung Exynos
CVE-2017-5524
RESERVED
NOT-FOR-US: Plone
CVE-2017-5537 [weblate information leak]
+ RESERVED
- weblate <itp> (bug #745661)
NOTE: http://www.openwall.com/lists/oss-security/2017/01/18/11
CVE-2017-5526 [audio: memory leakage in es1370 device; CVE for the memory
consumption issue]
@@ -107,12 +206,10 @@
- mapserver 7.0.4-1
NOTE:
https://lists.osgeo.org/pipermail/mapserver-dev/2017-January/015007.html
NOTE:
https://github.com/mapserver/mapserver/commit/e52a436c0e1c5e9f7ef13428dba83194a800f4df
-CVE-2017-2578
- RESERVED
+CVE-2017-2578 (In Moodle 3.x, there is XSS in the assignment submission page.
...)
- moodle 2.7.18+dfsg-1
NOTE: https://moodle.org/mod/forum/discuss.php?d=345915
-CVE-2017-2576
- RESERVED
+CVE-2017-2576 (In Moodle 2.x and 3.x, there is incorrect sanitization of
attributes in ...)
- moodle 2.7.18+dfsg-1
NOTE: https://moodle.org/mod/forum/discuss.php?d=345912
CVE-2017-5521 (An issue was discovered on NETGEAR R8500, R8300, R7000, R6400,
R7300, ...)
@@ -406,8 +503,8 @@
CVE-2016-10147 (crypto/mcryptd.c in the Linux kernel before 4.8.15 allows
local users ...)
- linux 4.8.15-1
NOTE: Fixed by:
https://git.kernel.org/linus/48a992727d82cb7db076fa15d372178743b1f4cd (v4.9)
-CVE-2016-10143
- RESERVED
+CVE-2016-10143 (A vulnerability in Tiki Wiki CMS 15.2 could allow a remote
attacker to ...)
+ TODO: check
CVE-2016-10142 (An issue was discovered in the IPv6 protocol specification,
related to ...)
NOTE: Generic IPv6 issue
CVE-2016-10139 (An issue was discovered on BLU R1 HD devices with Shanghai
Adups ...)
@@ -896,6 +993,7 @@
- python-pysaml2 <unfixed>
NOTE: https://github.com/rohe/pysaml2/issues/366
CVE-2016-10149 [CWE-776 (Entity Expansion)]
+ RESERVED
{DSA-3759-1}
- python-pysaml2 3.0.0-5 (bug #850716)
NOTE: NOTE: https://github.com/rohe/pysaml2/pull/379
@@ -1434,14 +1532,14 @@
NOT-FOR-US: NETGEAR devices
CVE-2016-10105 (admin/plugin.php in Piwigo through 2.8.3 doesn't validate the
sections ...)
- piwigo <removed>
-CVE-2016-10104
- RESERVED
-CVE-2016-10103
- RESERVED
-CVE-2016-10102
- RESERVED
-CVE-2016-10101
- RESERVED
+CVE-2016-10104 (Information Disclosure can occur in sshProfiles.jsd in Hitek
Software's ...)
+ TODO: check
+CVE-2016-10103 (Information Disclosure can occur in encryptionProfiles.jsd in
Hitek ...)
+ TODO: check
+CVE-2016-10102 (hitek.jar in Hitek Software's Automize uses weak encryption
when ...)
+ TODO: check
+CVE-2016-10101 (Information Disclosure can occur in Hitek Software's Automize
10.x and ...)
+ TODO: check
CVE-2016-10100 (Borg (aka BorgBackup) before 1.0.9 has a flaw in the way
duplicate ...)
- borgbackup 1.0.9-1
NOTE:
https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability
@@ -3786,8 +3884,7 @@
NOTE:
https://sourceforge.net/p/libpng/code/ci/243d4e5f3fe71740d52a53cf3dd77cc83a3430ba
NOTE:
https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb
(libpng16)
NOTE:
https://sourceforge.net/p/libpng/code/ci/794a15fad6add4d636369d0b46f603a02995b2e2/
(libpng12)
-CVE-2016-10075 [insecure use of git]
- RESERVED
+CVE-2016-10075 (The tqdm._version module in tqdm versions 4.4.1 and 4.10
allows local ...)
- tqdm <unfixed> (bug #849632)
NOTE: https://github.com/tqdm/tqdm/issues/328
CVE-2016-10074 (The mail transport (aka Swift_Transport_MailTransport) in
Swift Mailer ...)
@@ -5991,8 +6088,8 @@
RESERVED
CVE-2016-9871
RESERVED
-CVE-2016-9870
- RESERVED
+CVE-2016-9870 (EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2,
EMC ...)
+ TODO: check
CVE-2016-9869 (An issue was discovered in EMC ScaleIO versions before 2.0.1.1.
...)
NOT-FOR-US: EMC ScaleIO
CVE-2016-9868 (An issue was discovered in EMC ScaleIO versions before 2.0.1.1.
A ...)
@@ -13722,15 +13819,13 @@
[jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/17
-CVE-2016-9436 [problem fixed by the new "tagname[0] = '\0'" line in
parsetagx.c]
- RESERVED
+CVE-2016-9436 (parsetagx.c in w3m before 0.5.3+git20161009 does not properly
...)
- w3m 0.5.3-30
[jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/16
NOTE: Fixed by:
https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd
-CVE-2016-9435 [for the problem fixed by the new conditional PUSH_ENV(HTML_DL)
call in file.c]
- RESERVED
+CVE-2016-9435 (The HTMLtagproc1 function in file.c in w3m before
0.5.3+git20161009 ...)
- w3m 0.5.3-30
[jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
@@ -15165,8 +15260,7 @@
RESERVED
CVE-2016-8911
RESERVED
-CVE-2016-9016 [sandbox escape (similar to CVE-2016-7545]
- RESERVED
+CVE-2016-9016 (Firejail 0.9.38.4 allows local users to execute arbitrary
commands ...)
- firejail 0.9.44-1
NOTE:
https://github.com/netblue30/firejail/commit/46dc2b34f1fbbc4597b4ff9f6a3cb28b2d500d1b
NOTE: http://www.openwall.com/lists/oss-security/2016/10/25/3
@@ -16051,16 +16145,13 @@
- linux 4.8.11-1
[jessie] - linux 3.16.39-1
NOTE: Fixed by:
https://git.kernel.org/linus/ac6e780070e30e4c35bd395acfe9191e6268bdd3 (v4.9-rc6)
-CVE-2016-8644
- RESERVED
+CVE-2016-8644 (In Moodle 2.x and 3.x, the capability to view course notes is
checked ...)
- moodle 2.7.17+dfsg-1
NOTE: https://moodle.org/mod/forum/discuss.php?d=343277
-CVE-2016-8643
- RESERVED
+CVE-2016-8643 (In Moodle 2.x and 3.x, non-admin site managers may accidentally
edit ...)
- moodle 2.7.17+dfsg-1
NOTE: https://moodle.org/mod/forum/discuss.php?d=343276
-CVE-2016-8642
- RESERVED
+CVE-2016-8642 (In Moodle 2.x and 3.x, the question engine allows access to
files that ...)
- moodle 2.7.17+dfsg-1
NOTE: https://moodle.org/mod/forum/discuss.php?d=343275
CVE-2016-10089
@@ -17432,8 +17523,8 @@
RESERVED
CVE-2016-8214
RESERVED
-CVE-2016-8213
- RESERVED
+CVE-2016-8213 (EMC Documentum WebTop Version 6.8, prior to P18 and Version
6.8.1, ...)
+ TODO: check
CVE-2016-8212
RESERVED
CVE-2016-8211
@@ -19093,11 +19184,9 @@
NOTE:
https://github.com/systemd/systemd/commit/531ac2b2349da02acc9c382849758e07eb92b020
NOTE: Originally fixed in 231-8 but caused a regression fixed in 231-9
NOTE: https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet
-CVE-2016-7794
- RESERVED
+CVE-2016-7794 (sociomantic-tsunami git-hub before 0.10.3 allows remote
attackers to ...)
- git-hub 0.10.2-2 (bug #839284)
-CVE-2016-7793
- RESERVED
+CVE-2016-7793 (sociomantic-tsunami git-hub before 0.10.3 allows remote
attackers to ...)
- git-hub 0.10.2-2 (bug #839284)
CVE-2016-7792
RESERVED
@@ -19669,8 +19758,7 @@
RESERVED
CVE-2016-7546
RESERVED
-CVE-2016-7545 [SELinux sandbox escape via TIOCSTI ioctl]
- RESERVED
+CVE-2016-7545 (SELinux policycoreutils allows local users to execute arbitrary
...)
{DLA-638-1}
- policycoreutils 2.5-3 (bug #838599)
[jessie] - policycoreutils <not-affected> ("sandbox" executable not
packaged in this version)
@@ -19683,8 +19771,7 @@
CVE-2016-7544
RESERVED
- libcrypto++ <not-affected> (Vulnerable code intorduced in 5.6.4, only
affects Windows and Microsoft compilers)
-CVE-2016-7543
- RESERVED
+CVE-2016-7543 (Bash before 4.4 allows local users to execute arbitrary
commands with ...)
{DLA-680-1}
- bash 4.4-1
[jessie] - bash 4.3-11+deb8u1
@@ -20639,6 +20726,7 @@
CVE-2016-1000213 (Ruckus Wireless H500 web management interface CSRF ...)
TODO: check
CVE-2010-5328 [process with pgid zero able to crash]
+ RESERVED
- linux <not-affected> (Fixed before the src:linux-2.6 -> src:linux
rename)
- linux-2.6 2.6.37-1
CVE-2010-5327 (Liferay Portal through 6.2.10 allows remote authenticated users
to ...)
@@ -21296,8 +21384,7 @@
NOTE: Fixed by:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fcd91dd449867c6bfe56a81cabba76b829fd05cd
NOTE: Introduced by:
https://git.kernel.org/linus/9b174d88c257150562b0101fcc6cb6c3cb74275c (v4.0-rc1)
NOTE: Intorduced by:
https://git.kernel.org/linus/66e5133f19e901a044fa5eaeeb6ecff4545839e5 (v4.2-rc1)
-CVE-2016-7038
- RESERVED
+CVE-2016-7038 (In Moodle 2.x and 3.x, web service tokens are not invalidated
when the ...)
- moodle 2.7.16+dfsg-1
CVE-2016-7037
RESERVED
@@ -23835,8 +23922,8 @@
- collectd 5.5.2-1 (bug #832507)
NOTE:
https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18
NOTE:
https://github.com/collectd/collectd/commit/8b4fed9940e02138b7e273e56863df03d1a39ef7
-CVE-2016-6253
- RESERVED
+CVE-2016-6253 (mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through
6.1.5, ...)
+ TODO: check
CVE-2016-1000218
RESERVED
- kibana <itp> (bug #700337)
@@ -25793,8 +25880,7 @@
NOTE: Only affects an example script
NOTE: Fix applied: 16_XSS-security-bugfix.patch in 1.5-5
NOTE: http://www.openwall.com/lists/oss-security/2016/06/20/2
-CVE-2016-5725
- RESERVED
+CVE-2016-5725 (Directory traversal vulnerability in JCraft JSch before 0.1.54
on ...)
{DLA-611-1}
- jsch 0.1.54-1 (low)
[jessie] - jsch <no-dsa> (Minor issue)
@@ -27046,8 +27132,7 @@
NOTE:
https://github.com/wireshark/wireshark/commit/b4d16b4495b732888e12baf5b8a7e9bf2665e22b
CVE-2016-5324
RESERVED
-CVE-2016-5323 [tiffcrop _TIFFFax3fillruns(): NULL pointer dereference]
- RESERVED
+CVE-2016-5323 (The _TIFFFax3fillruns function in libtiff before 4.0.6 allows
remote ...)
{DSA-3762-1 DLA-610-1 DLA-606-1}
- tiff 4.0.6-2 (unimportant)
- tiff3 <removed> (unimportant)
@@ -27063,8 +27148,7 @@
NOTE: src:tiff3: built binary packages do not contain the TIFF tools
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2560
NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=658
-CVE-2016-5321 [DumpModeDecode(): Ddos]
- RESERVED
+CVE-2016-5321 (The DumpModeDecode function in libtiff 4.0.6 and earlier allows
...)
{DSA-3762-1 DLA-610-1 DLA-606-1}
- tiff 4.0.6-2
- tiff3 <removed>
@@ -27077,16 +27161,14 @@
- tiff 4.0.6-2 (bug #830700)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2554#c1
-CVE-2016-5317 [GNOME nautilus: crash occurs when generating a thumbnail for a
crafted TIFF image]
- RESERVED
+CVE-2016-5317 (Buffer overflow in the PixarLogDecode function in libtiff.so in
the ...)
{DSA-3762-1 DLA-610-1 DLA-606-1}
- tiff 4.0.6-2 (bug #830700)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2557
NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=653
NOTE: Upstream marked this duplicate of bug
http://bugzilla.maptools.org/show_bug.cgi?id=2554
-CVE-2016-5316 [tif_pixarlog.c: PixarLogCleanup() Segmentation fault]
- RESERVED
+CVE-2016-5316 (Out-of-bounds read in the PixarLogCleanup function in
tif_pixarlog.c ...)
{DSA-3762-1 DLA-610-1 DLA-606-1}
- tiff 4.0.6-2 (bug #830700)
- tiff3 <removed>
@@ -27590,8 +27672,7 @@
RESERVED
CVE-2014-9855
RESERVED
-CVE-2016-5319 [libtiff: PackBitsEncode heap buffer overflow]
- RESERVED
+CVE-2016-5319 (Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6
and ...)
{DLA-693-1}
- tiff 4.0.6-3 (bug #842046)
- tiff3 <removed>
@@ -27602,8 +27683,7 @@
NOTE: Utility bmp2tiff has been removed from upstream LibTIFF
NOTE: No patch available. Marked as wontfix by upstream.
NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed
although technically still present in the source package
-CVE-2016-5318 [libtiff: stack buffer overflow in _TIFFVGetField function]
- RESERVED
+CVE-2016-5318 (Stack-based buffer overflow in the _TIFFVGetField function in
libtiff ...)
{DLA-693-1 DLA-692-1}
- tiff <unfixed> (bug #842043)
- tiff3 <removed>
@@ -28693,13 +28773,12 @@
RESERVED
CVE-2016-5015
RESERVED
-CVE-2016-5014
- RESERVED
-CVE-2016-5013
- RESERVED
+CVE-2016-5014 (In Moodle 2.x and 3.x, an unenrolled user still receives event
monitor ...)
+ TODO: check
+CVE-2016-5013 (In Moodle 2.x and 3.x, text injection can occur in email
headers, ...)
- moodle 2.7.15+dfsg-1
-CVE-2016-5012
- RESERVED
+CVE-2016-5012 (In Moodle 3.x, glossary search displays entries without
checking user ...)
+ TODO: check
CVE-2016-5011 [Extended partition loop in MBR partition table leads to DoS]
RESERVED
- util-linux 2.28.1-1 (bug #830802)
@@ -45809,8 +45888,7 @@
NOTE:
https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4
(master)
NOTE:
https://github.com/django/django/commit/8a01c6b53169ee079cb21ac5919fdafcc8c5e172
(1.7.x)
NOTE:
https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/
-CVE-2015-8212 [bozohttpd CGI handlers potential remote code execution]
- RESERVED
+CVE-2015-8212 (CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1
...)
{DLA-490-1}
- bozohttpd <removed>
NOTE: FIX
http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/httpd/bozohttpd.c.diff?r1=1.79&r2=1.80&only_with_tag=MAIN
@@ -46318,10 +46396,10 @@
NOTE:
https://sources.debian.net/src/salt/2014.1.13%2Bds-3/salt/utils/verify.py/#L207
NOTE:
https://github.com/cachedout/salt/commit/097838ec0c52b1e96f7f761e5fb3cd7e79808741
NOTE: https://github.com/saltstack/salt/issues/28455
-CVE-2014-9755
- RESERVED
-CVE-2014-9754
- RESERVED
+CVE-2014-9755 (The hardware VPN client in Viprinet MultichannelVPN Router 300
verison ...)
+ TODO: check
+CVE-2014-9754 (The hardware VPN client in Viprinet MultichannelVPN Router 300
verison ...)
+ TODO: check
CVE-2015-8075
REJECTED
CVE-2015-8033
@@ -90120,8 +90198,8 @@
- owncloud 6.0.2+dfsg-1
CVE-2014-2046 (cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA
C211 ...)
NOT-FOR-US: Broadcom Ltd PIPA C211
-CVE-2014-2045
- RESERVED
+CVE-2014-2045 (Multiple cross-site scripting (XSS) vulnerabilities in the
'old' and ...)
+ TODO: check
CVE-2014-2044 (Incomplete blacklist vulnerability in ajax/upload.php in
ownCloud ...)
- owncloud <not-affected> (Windows-specific)
CVE-2014-2043 (SQL injection vulnerability in
Resources/System/Templates/Data.aspx in ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
