Author: sectracker Date: 2017-01-25 21:10:12 +0000 (Wed, 25 Jan 2017) New Revision: 48381
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-01-25 18:19:49 UTC (rev 48380) +++ data/CVE/list 2017-01-25 21:10:12 UTC (rev 48381) @@ -1,3 +1,17 @@ +CVE-2017-5588 + RESERVED +CVE-2017-5587 + RESERVED +CVE-2017-5586 + RESERVED +CVE-2017-5585 + RESERVED +CVE-2017-5584 + RESERVED +CVE-2017-5583 + RESERVED +CVE-2017-5582 + RESERVED CVE-2017-XXXX [jasper: heap-based buffer overflow in jpc_dec_decodepkt (jpc_t2dec.c)] - jasper <unfixed> NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/114 @@ -36,40 +50,48 @@ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1367357 NOTE: https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2 CVE-2016-10164 [heap overflow] + RESERVED - libxpm 1:3.5.12-1 NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXpm/commit/?id=d1167418f0fd02a27f617ec5afd6db053afbe185 NOTE: http://www.openwall.com/lists/oss-security/2017/01/22/2 CVE-2016-10163 [host memory leakage when creating decode context] + RESERVED - virglrenderer <unfixed> (bug #852603) NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=747a293ff6055203e529f083896b823e22523fe7 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415944 CVE-2017-5581 + RESERVED - tigervnc <unfixed> (bug #852213) NOTE: https://github.com/TigerVNC/tigervnc/pull/399 NOTE: https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba CVE-2017-5580 [OOB access while parsing texture instruction] + RESERVED - virglrenderer <unfixed> (bug #852604) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415986 NOTE: https://lists.freedesktop.org/archives/virglrenderer-devel/2017-January/000105.html CVE-2017-5579 [serial: host memory leakage in 16550A UART emulation] + RESERVED - qemu <unfixed> - qemu-kvm <removed> NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1416157 TODO: check CVE-2017-5578 [display: virtio-gpu: host memory leakage in virtio_gpu_resource_attach_backing] + RESERVED - qemu <unfixed> - qemu-kvm <removed> NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=204f01b30975923c64006f8067f0937b91eea68b NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415795 TODO: check affected versions CVE-2017-5577 [drm/vc4: Return -EINVAL on the overflow checks failing] + RESERVED - linux <unfixed> [jessie] - linux <not-affected> (Vulnerable code introduced later) [wheezy] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://lkml.org/lkml/2017/1/17/759 NOTE: Introduced by: https://github.com/torvalds/linux/commit/d5b1a78a772f1e31a94f8babfa964152ec5e9aa5 (4.5-rc1) CVE-2017-5576 [drm/vc4: Fix an integer overflow in temporary allocation layout] + RESERVED - linux <unfixed> [jessie] - linux <not-affected> (Vulnerable code introduced later) [wheezy] - linux <not-affected> (Vulnerable code introduced later) @@ -85,10 +107,10 @@ RESERVED CVE-2017-5571 RESERVED -CVE-2017-5570 - RESERVED -CVE-2017-5569 - RESERVED +CVE-2017-5570 (An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. ...) + TODO: check +CVE-2017-5569 (An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. ...) + TODO: check CVE-2017-5568 RESERVED CVE-2017-5567 @@ -160,30 +182,30 @@ RESERVED CVE-2017-5527 RESERVED -CVE-2016-10162 [NULL Pointer Dereference while unserialize php object] +CVE-2016-10162 (The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x ...) - php7.1 <unfixed> - php7.0 7.0.15-1 NOTE: PHP Bug: http://bugs.php.net/73831 NOTE: Fixed in 7.0.15, 7.1.1 -CVE-2016-10161 [Heap out of bounds read on unserialize in finish_nested_data()] +CVE-2016-10161 (The object_common1 function in ext/standard/var_unserializer.c in PHP ...) - php7.1 <unfixed> - php7.0 7.0.15-1 - php5 <removed> NOTE: PHP Bug: http://bugs.php.net/73825 NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1 -CVE-2016-10160 [Memory corruption when loading hostile phar] +CVE-2016-10160 (Off-by-one error in the phar_parse_pharfile function in ...) - php7.1 <unfixed> - php7.0 7.0.15-1 - php5 <removed> NOTE: PHP Bug: http://bugs.php.net/73768 NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1 -CVE-2016-10159 [Crash while loading hostile phar archive] +CVE-2016-10159 (Integer overflow in the phar_parse_pharfile function in ...) - php7.1 <unfixed> - php7.0 7.0.15-1 - php5 <removed> NOTE: PHP Bug: http://bugs.php.net/73764 NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1 -CVE-2016-10158 [FPE when parsing a tag format] +CVE-2016-10158 (The exif_convert_any_to_int function in ext/exif/exif.c in PHP before ...) - php7.1 <unfixed> - php7.0 7.0.15-1 - php5 <removed> @@ -360,8 +382,7 @@ RESERVED CVE-2017-5496 RESERVED -CVE-2017-5495 [Telnet interface input buffer allocates unbounded amounts of memory] - RESERVED +CVE-2017-5495 (All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an ...) - quagga <unfixed> (bug #852454) [jessie] - quagga <no-dsa> (Minor issue) NOTE: http://savannah.nongnu.org/forum/forum.php?forum_id=8783 @@ -681,10 +702,10 @@ - firefox-esr 45.7.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5373 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5373 -CVE-2017-5372 - RESERVED -CVE-2017-5371 - RESERVED +CVE-2017-5372 (The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE ...) + TODO: check +CVE-2017-5371 (Odata Server in SAP Adaptive Server Enterprise (ASE) 16 allows remote ...) + TODO: check CVE-2017-5370 RESERVED CVE-2017-5369 @@ -1286,8 +1307,8 @@ RESERVED CVE-2017-5183 RESERVED -CVE-2017-5182 - RESERVED +CVE-2017-5182 (Remote Manager in Open Enterprise Server (OES) allows unauthenticated ...) + TODO: check CVE-2017-5181 RESERVED CVE-2017-5196 [Out of bounds read in certain incomplete character sequences] @@ -4142,7 +4163,7 @@ NOTE: http://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.html CVE-2014-9914 RESERVED -CVE-2016-10045 (The isMail transport in PHPMailer before 5.2.20, when the Sender ...) +CVE-2016-10045 (The isMail transport in PHPMailer before 5.2.20 might allow remote ...) - libphp-phpmailer <not-affected> (Incomplete fix not applied) NOTE: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html CVE-2016-10033 (The mailSend function in the isMail transport in PHPMailer before ...) @@ -6917,12 +6938,12 @@ RESERVED CVE-2017-2973 RESERVED -CVE-2017-2972 - RESERVED -CVE-2017-2971 - RESERVED -CVE-2017-2970 - RESERVED +CVE-2017-2972 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2971 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check +CVE-2017-2970 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) + TODO: check CVE-2017-2969 RESERVED CVE-2017-2968 @@ -7003,8 +7024,8 @@ NOT-FOR-US: Adobe Flash CVE-2017-2930 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash -CVE-2017-2929 - RESERVED +CVE-2017-2929 (Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a ...) + TODO: check CVE-2017-2928 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash CVE-2017-2927 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) @@ -13790,13 +13811,11 @@ RESERVED CVE-2016-9402 RESERVED -CVE-2016-9386 [x86 null segments not always treated as unusable] - RESERVED +CVE-2016-9386 (The x86 emulator in Xen does not properly treat x86 NULL segments as ...) {DSA-3729-1 DLA-720-1} - xen 4.8.0-1 (bug #845663) NOTE: https://xenbits.xen.org/xsa/advisory-191.html -CVE-2016-9385 [x86 segment base write emulation lacking canonical address checks] - RESERVED +CVE-2016-9385 (The x86 segment base write emulation functionality in Xen 4.4.x ...) {DSA-3729-1} - xen 4.8.0-1 (bug #845665) [wheezy] - xen <not-affected> (Only affects Xen >= 4.4) @@ -13807,29 +13826,24 @@ [jessie] - xen <not-affected> (Only affects Xen >= 4.7) [wheezy] - xen <not-affected> (Only affects Xen >= 4.7) NOTE: https://xenbits.xen.org/xsa/advisory-194.html -CVE-2016-9383 [x86 64-bit bit test instruction emulation broken] - RESERVED +CVE-2016-9383 (Xen, when running on a 64-bit hypervisor, allows local x86 guest OS ...) {DSA-3729-1 DLA-720-1} - xen 4.8.0-1 (bug #845668) NOTE: https://xenbits.xen.org/xsa/advisory-195.html -CVE-2016-9382 [x86 task switch to VM86 mode mis-handled] - RESERVED +CVE-2016-9382 (Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, ...) {DSA-3729-1 DLA-720-1} - xen 4.8.0-1 (bug #845664) NOTE: https://xenbits.xen.org/xsa/advisory-192.html -CVE-2016-9381 [qemu incautious about shared ring processing] - RESERVED +CVE-2016-9381 (Race condition in QEMU in Xen allows local x86 HVM guest OS ...) {DLA-720-1} - xen 4.4.0-1 NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://xenbits.xen.org/xsa/advisory-197.html -CVE-2016-9380 [delimiter injection vulnerabilities in pygrub] - RESERVED +CVE-2016-9380 (The pygrub boot loader emulator in Xen, when nul-delimited output ...) {DSA-3729-1 DLA-720-1} - xen 4.8.0-1 (bug #845670) NOTE: https://xenbits.xen.org/xsa/advisory-198.html -CVE-2016-9379 [delimiter injection vulnerabilities in pygrub] - RESERVED +CVE-2016-9379 (The pygrub boot loader emulator in Xen, when S-expression output ...) {DSA-3729-1 DLA-720-1} - xen 4.8.0-1 (bug #845670) NOTE: https://xenbits.xen.org/xsa/advisory-198.html @@ -13959,16 +13973,14 @@ NOTE: TIFFReadDirectory: Warning, Unknown field with tag 3 (0x3) encountered. NOTE: TIFFReadDirectory: IO error during reading of "BitsPerSample". NOTE: tiff2pdf: Can't open input file ./CVE-2016-9453.tiff for reading. -CVE-2016-9446 [gstreamer 0.10 VMNC code execution #2] - RESERVED +CVE-2016-9446 (The vmnc decoder in the gstreamer does not initialize the render ...) {DSA-3717-1 DLA-712-1} - gst-plugins-bad0.10 <removed> - gst-plugins-bad1.0 1.10.1-1 NOTE: http://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html NOTE: Upstream Bug: https://bugzilla.gnome.org/show_bug.cgi?id=774533 NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe -CVE-2016-9445 [gstreamer 0.10 VMNC code execution] - RESERVED +CVE-2016-9445 (Integer overflow in the vmnc decoder in the gstreamer allows remote ...) {DSA-3717-1 DLA-712-1} - gst-plugins-bad0.10 <removed> - gst-plugins-bad1.0 1.10.1-1 @@ -14112,8 +14124,7 @@ [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m <no-dsa> (Minor issue) NOTE: https://github.com/tats/w3m/issues/8 -CVE-2016-9401 [popd controlled free] - RESERVED +CVE-2016-9401 (popd in bash might allow local users to bypass the restricted shell ...) - bash 4.4-3 (bug #844727) [jessie] - bash <no-dsa> (Minor issue) [wheezy] - bash <no-dsa> (Minor issue) @@ -14359,8 +14370,7 @@ RESERVED CVE-2016-9263 RESERVED -CVE-2016-9447 [gstreamer 0.10 NSF code execution] - RESERVED +CVE-2016-9447 (The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote ...) {DSA-3713-1 DLA-712-1} - gst-plugins-bad0.10 <removed> NOTE: http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html @@ -14654,14 +14664,12 @@ NOT-FOR-US: Cisco CVE-2016-9192 (A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows ...) NOT-FOR-US: Cisco -CVE-2015-8972 [user input buffer overflow] - RESERVED +CVE-2015-8972 (Stack-based buffer overflow in the ValidateMove function in ...) - gnuchess 6.2.4-1 (unimportant) NOTE: Built with hardening flags, no security impact NOTE: http://lists.gnu.org/archive/html/bug-gnu-chess/2015-10/msg00002.html NOTE: http://svn.savannah.gnu.org/viewvc?view=rev&root=chess&revision=134 -CVE-2015-8971 [Escape Sequence Command Execution vulnerability] - RESERVED +CVE-2015-8971 (Terminology 0.7.0 allows remote attackers to execute arbitrary ...) {DSA-3712-1} - terminology 0.7.0-2 (bug #843434) NOTE: https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5 @@ -15035,8 +15043,8 @@ - gitlab 8.13.3+dfsg1-2 (bug #843519) NOTE: https://hackerone.com/reports/178152 NOTE: https://about.gitlab.com/2016/11/02/cve-2016-9086-patches/ -CVE-2016-9081 - RESERVED +CVE-2016-9081 (Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, ...) + TODO: check CVE-2016-9080 RESERVED - firefox 50.1.0-1 @@ -15168,7 +15176,7 @@ CVE-2016-9042 RESERVED CVE-2016-9041 - RESERVED + REJECTED CVE-2016-9040 RESERVED CVE-2016-9039 @@ -15271,8 +15279,8 @@ [wheezy] - python-django <no-dsa> (Minor issue; specific to Oracle) NOTE: https://www.djangoproject.com/weblog/2016/nov/01/security-releases/ NOTE: https://github.com/django/django/commit/da7910d4834726eca596af0a830762fa5fb2dfd9 -CVE-2016-9012 - RESERVED +CVE-2016-9012 (CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated ...) + TODO: check CVE-2016-9010 RESERVED CVE-2016-9009 @@ -17732,11 +17740,9 @@ RESERVED CVE-2016-8216 RESERVED -CVE-2016-8215 - RESERVED +CVE-2016-8215 (EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for a ...) NOT-FOR-US: RSA Security Analytics -CVE-2016-8214 - RESERVED +CVE-2016-8214 (EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions ...) NOT-FOR-US: EMC Avamar CVE-2016-8213 (EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, ...) NOT-FOR-US: EMC Documentum @@ -19403,8 +19409,8 @@ - git-hub 0.10.2-2 (bug #839284) CVE-2016-7793 (sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to ...) - git-hub 0.10.2-2 (bug #839284) -CVE-2016-7792 - RESERVED +CVE-2016-7792 (Ubiquiti Networks UniFi 5.2.7 does not restrict access to the ...) + TODO: check CVE-2016-7791 (Exponent CMS 2.3.9 suffers from a remote code execution vulnerability ...) NOT-FOR-US: Exponent CMS CVE-2016-7790 (Exponent CMS 2.3.9 suffers from a remote code execution vulnerability ...) @@ -19928,8 +19934,7 @@ [jessie] - php5 5.6.27+dfsg-0+deb8u1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73003 NOTE: https://github.com/php/php-src/commit/c18263e0e0769faee96a5d0ee04b750c442783c6 -CVE-2016-7567 - RESERVED +CVE-2016-7567 (Buffer overflow in the SLPFoldWhiteSpace function in ...) - openslp-dfsg <not-affected> (Only affects openslp 2) NOTE: https://sourceforge.net/p/openslp/mercurial/ci/34fb3aa5e6b4997fa21cb614e480de36da5dbc9a/ CVE-2016-7566 @@ -20359,8 +20364,7 @@ NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73052 NOTE: Fixed in 5.6.26 NOTE: https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43?w=1 -CVE-2016-7410 [Heap buffer overflow in _dwarf_read_loc_section] - RESERVED +CVE-2016-7410 (The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf ...) - dwarfutils 20160923-1 (bug #838019) [jessie] - dwarfutils <not-affected> (Vulnerable code introduced in later version) [wheezy] - dwarfutils <not-affected> (Vulnerable code introduced in later version) @@ -21339,8 +21343,8 @@ RESERVED CVE-2016-7104 RESERVED -CVE-2016-7102 - RESERVED +CVE-2016-7102 (ownCloud Desktop before 2.2.3 allows local users to execute arbitrary ...) + TODO: check CVE-2016-7101 (The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers ...) {DLA-731-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #836776) @@ -21601,10 +21605,10 @@ NOTE: Intorduced by: https://git.kernel.org/linus/66e5133f19e901a044fa5eaeeb6ecff4545839e5 (v4.2-rc1) CVE-2016-7038 (In Moodle 2.x and 3.x, web service tokens are not invalidated when the ...) - moodle 2.7.16+dfsg-1 -CVE-2016-7037 - RESERVED -CVE-2016-7036 - RESERVED +CVE-2016-7037 (The verify function in Encryption/Symmetric.php in Malcolm Fell jwt ...) + TODO: check +CVE-2016-7036 (python-jose before 1.3.2 allows attackers to have unspecified impact ...) + TODO: check CVE-2016-7035 [improper IPC guarding] RESERVED - pacemaker 1.1.15-3 (bug #843041) @@ -21854,8 +21858,7 @@ NOT-FOR-US: Adobe Flash CVE-2016-6921 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 ...) NOT-FOR-US: Adobe Flash -CVE-2016-6920 [exr file Heap Overflow] - RESERVED +CVE-2016-6920 (Heap-based buffer overflow in the decode_block function in ...) - ffmpeg 7:3.1.3-1 - libav <undetermined> CVE-2016-6919 @@ -22560,8 +22563,8 @@ NOT-FOR-US: Huawei CVE-2016-6669 (Buffer overflow in the Authentication, Authorization and Accounting ...) NOT-FOR-US: Huawei -CVE-2016-6668 - RESERVED +CVE-2016-6668 (The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 ...) + TODO: check CVE-2016-6667 RESERVED CVE-2016-6666 @@ -23117,14 +23120,14 @@ NOTE: https://bugs.launchpad.net/bugs/1594060 NOTE: https://github.com/ImageMagick/ImageMagick/pull/223 NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1 -CVE-2016-6603 - RESERVED -CVE-2016-6602 - RESERVED -CVE-2016-6601 - RESERVED -CVE-2016-6600 - RESERVED +CVE-2016-6603 (ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to ...) + TODO: check +CVE-2016-6602 (ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm ...) + TODO: check +CVE-2016-6601 (Directory traversal vulnerability in the file download functionality ...) + TODO: check +CVE-2016-6600 (Directory traversal vulnerability in the file upload functionality in ...) + TODO: check CVE-2016-6599 RESERVED CVE-2016-6598 @@ -23159,8 +23162,7 @@ RESERVED CVE-2016-6583 RESERVED -CVE-2016-6582 [Doorkeeper does not revoke tokens and wrong auth/auth method] - RESERVED +CVE-2016-6582 (The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers ...) - ruby-doorkeeper 4.2.0-3 (bug #834843) NOTE: https://github.com/doorkeeper-gem/doorkeeper/commit/fb938051777a3c9cb071e96fc66458f8f615bd53 NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/875 @@ -23294,8 +23296,8 @@ - manila-ui 2.5.1-0 (bug #838017) CVE-2016-6518 (Memory leak in Huawei S9300, S5300, S5700, S6700, S7700, S9700, and ...) NOT-FOR-US: Huawei -CVE-2016-6517 - RESERVED +CVE-2016-6517 (Directory traversal vulnerability in Liferay 5.1.0 allows remote ...) + TODO: check CVE-2016-6515 (The auth_password function in auth-passwd.c in sshd in OpenSSH before ...) {DLA-594-1} - openssh 1:7.3p1-1 (bug #833823) @@ -23328,8 +23330,7 @@ CVE-2016-6522 RESERVED NOT-FOR-US: OpenBSD -CVE-2016-6521 - RESERVED +CVE-2016-6521 (Cross-site request forgery (CSRF) vulnerability in Grails console (aka ...) - grails <itp> (bug #473213) CVE-2016-6520 (Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 ...) - imagemagick <not-affected> (Only affects imagemagick 7, which isn't packaged yet, bug #833485) @@ -23384,8 +23385,8 @@ NOTE: but not a vulnerability in GnuTLS. Needs https://gitlab.com/gnutls/gnutls/commit/186dc9c2012003587a38d7f4d03edd8da5fe989f CVE-2016-6485 RESERVED -CVE-2016-6484 - RESERVED +CVE-2016-6484 (CRLF injection vulnerability in Infoblox Network Automation NetMRI ...) + TODO: check CVE-2016-6513 (epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x ...) - wireshark 2.0.5+ga3be9c6-1 [jessie] - wireshark <not-affected> (Only affects 2.x) @@ -24723,8 +24724,7 @@ NOTE: https://github.com/libgd/libgd/commit/10ef1dca63d62433fda13309b4a228782db823f7 NOTE: Different issue than CVE-2016-6132 NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/5 -CVE-2016-6223 [tiff: information leak in libtiff/tif_read.c] - RESERVED +CVE-2016-6223 (The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in ...) {DSA-3762-1 DLA-693-1 DLA-610-1} - tiff 4.0.6-2 (bug #842270) - tiff3 <removed> @@ -24838,8 +24838,8 @@ RESERVED CVE-2016-6165 RESERVED -CVE-2016-6164 - RESERVED +CVE-2016-6164 (Integer overflow in the mov_build_index function in libavformat/mov.c ...) + TODO: check CVE-2016-1000101 REJECTED CVE-2016-1000100 @@ -24953,8 +24953,7 @@ CVE-2016-1000007 (Pagure 2.2.1 XSS in raw file endpoint ...) - pagure <itp> (bug #829046) NOTE: https://pagure.io/pagure/c/070d63983fe5daef92005ea33d3b8c693c224c77 -CVE-2016-6160 [segfault upon huge frames, missing size check] - RESERVED +CVE-2016-6160 (tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause ...) {DLA-544-1} - tcpreplay 3.4.4-3 (bug #829350) [jessie] - tcpreplay 3.4.4-2+deb8u1 @@ -25521,8 +25520,8 @@ [wheezy] - php5 <not-affected> (Vulnerable code not present) NOTE: PHP bug: https://bugs.php.net/bug.php?id=72494 NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd -CVE-2016-5876 - RESERVED +CVE-2016-5876 (ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery ...) + TODO: check CVE-2016-5875 [tiff: heap-based buffer overflow when using the PixarLog compression format] RESERVED {DSA-3762-1 DLA-610-1 DLA-606-1} @@ -25581,8 +25580,7 @@ TODO: check CVE-2016-5850 (Cross-site scripting (XSS) vulnerability in the volume backup service ...) NOT-FOR-US: Huawei -CVE-2016-5873 - RESERVED +CVE-2016-5873 (Buffer overflow in the HTTP URL parsing functions in pecl_http before ...) - php-pecl-http 3.0.1-0.1 [jessie] - php-pecl-http <not-affected> (Vulnerable code not present) NOTE: https://bugs.php.net/bug.php?id=71719 @@ -26070,8 +26068,7 @@ CVE-2016-5730 (phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x ...) - phpmyadmin 4:4.6.3-1 (unimportant) NOTE: path disclosure irrelevant in Debian -CVE-2016-5742 [SQL injection in MovableType xml-rpc interface] - RESERVED +CVE-2016-5742 (SQL injection vulnerability in the XML-RPC interface in Movable Type ...) {DLA-532-1} - movabletype-opensource <removed> NOTE: https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html @@ -26107,8 +26104,8 @@ NOT-FOR-US: OceanStor CVE-2016-5721 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra ...) NOT-FOR-US: Zimbra -CVE-2016-5720 - RESERVED +CVE-2016-5720 (Multiple untrusted search path vulnerabilities in Microsoft Skype ...) + TODO: check CVE-2016-5719 RESERVED CVE-2016-5718 @@ -26163,8 +26160,7 @@ NOT-FOR-US: F5 BIG-IP CVE-2016-5698 RESERVED -CVE-2016-5697 [signature wrapping attack vulnerability] - RESERVED +CVE-2016-5697 (Ruby-saml before 1.3.0 allows attackers to perform XML signature ...) - ruby-saml 1.3.0-1 (bug #828076) NOTE: https://github.com/onelogin/ruby-saml/commit/a571f52171e6bfd87db59822d1d9e8c38fb3b995 CVE-2016-5695 @@ -27940,8 +27936,8 @@ - graphicsmagick 1.3.24-1 NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ddc999ec896c NOTE: DLA-547-1 didn't fix this properly -CVE-2016-5237 - RESERVED +CVE-2016-5237 (Valve Steam 3.42.16.13 uses weak permissions for the files in the ...) + TODO: check CVE-2016-5236 RESERVED CVE-2016-5235 @@ -28749,8 +28745,7 @@ RESERVED CVE-2016-5120 RESERVED -CVE-2016-5119 - RESERVED +CVE-2016-5119 (The automatic update feature in KeePass 2.33 and earlier allows ...) - keepass2 2.18+dfsg-1 NOTE: autoupdate dialog disabled in Debian via patch, but basically not-affected CVE-2016-5113 @@ -29248,8 +29243,7 @@ NOTE: PHP bug: https://bugs.php.net/bug.php?id=72227 NOTE: Fixed in 7.0.7, 5.6.22, 5.5.36 NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3 -CVE-2016-5091 - RESERVED +CVE-2016-5091 (Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 ...) - typo3-src <removed> [wheezy] - typo3-src <end-of-life> (Not supported in Wheezy LTS) CVE-2016-5044 @@ -29844,8 +29838,8 @@ RESERVED CVE-2016-4795 RESERVED -CVE-2016-4793 - RESERVED +CVE-2016-4793 (The clientIp function in CakePHP 3.2.4 and earlier allows remote ...) + TODO: check CVE-2016-4792 (Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to ...) NOT-FOR-US: Pulse Connect Secure CVE-2016-4791 (The administrative user interface in Pulse Connect Secure (PCS) 8.2 ...) @@ -30767,8 +30761,7 @@ {DSA-3607-1 DLA-516-1} - linux 4.5.4-1 NOTE: https://git.kernel.org/linus/b8670c09f37bdf2847cc44f36511a53afc6161fd -CVE-2016-4484 - RESERVED +CVE-2016-4484 (The Debian initrd script for the cryptsetup package 2:1.7.3-2 and ...) - cryptsetup 2:1.7.3-2 (unimportant) NOTE: http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html NOTE: Negligable security impact @@ -31183,8 +31176,7 @@ RESERVED CVE-2016-4339 RESERVED -CVE-2016-4338 [zabbix-agent: mysql.size shell command injection] - RESERVED +CVE-2016-4338 (The mysql user parameter configuration script ...) - zabbix 1:3.0.3+dfsg-1 (bug #823329) [jessie] - zabbix 1:2.2.7+dfsg-2+deb8u1 NOTE: http://seclists.org/bugtraq/2016/May/11 @@ -31737,8 +31729,7 @@ NOT-FOR-US: Adobe Reader and Acrobat CVE-2016-4088 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...) NOT-FOR-US: Adobe Reader and Acrobat -CVE-2016-4340 [Privilege escalation via "impersonate" feature] - RESERVED +CVE-2016-4340 (The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 ...) - gitlab 8.8.2+dfsg-1 (bug #823290) NOTE: https://about.gitlab.com/2016/05/02/cve-2016-4340-patches/ CVE-2016-4087 (Huawei S12700 switches with software before V200R008C00SPC500 and ...) @@ -31853,8 +31844,7 @@ NOT-FOR-US: Huawei FusionCompute CVE-2016-6479 REJECTED -CVE-2016-4055 - RESERVED +CVE-2016-4055 (The duration function in the moment package before 2.11.2 for Node.js ...) - node-moment <unfixed> (unimportant) NOTE: nodejs not covered by security support CVE-2016-4050 @@ -31872,43 +31862,38 @@ TODO: check CVE-2016-4045 (An issue was discovered in Open-Xchange OX App Suite before ...) TODO: check -CVE-2015-8862 - RESERVED +CVE-2015-8862 (mustache package before 2.2.1 for Node.js allows remote attackers to ...) - mustache.js <unfixed> (unimportant) NOTE: node-handlebars only in experimental for now, fixed in 4.0.0 NOTE: libv8 is not covered by security support -CVE-2015-8861 - RESERVED +CVE-2015-8861 (The handlebars package before 4.0.0 for Node.js allows remote ...) - mustache.js <unfixed> (unimportant) NOTE: node-handlebars only in experimental for now, fixed in 4.0.0 NOTE: libv8 is not covered by security support -CVE-2015-8860 - RESERVED +CVE-2015-8860 (The tar package before 2.0.0 for Node.js allows remote attackers to ...) - node-tar <unfixed> (unimportant) NOTE: libv8 is not covered by security support -CVE-2015-8859 - RESERVED -CVE-2015-8858 - RESERVED +CVE-2015-8859 (The send package before 0.11.1 for Node.js allows attackers to obtain ...) + TODO: check +CVE-2015-8858 (The uglify-js package before 2.6.0 for Node.js allows attackers to ...) - uglifyjs <unfixed> (unimportant) NOTE: libv8 is not covered by security support NOTE: https://nodesecurity.io/advisories/48 -CVE-2015-8854 [marked: regular expression denial of service] - RESERVED +CVE-2015-8854 (The marked package before 0.3.4 for Node.js allows attackers to cause ...) - node-marked <unfixed> (unimportant) NOTE: https://nodesecurity.io/advisories/marked_redos NOTE: https://github.com/chjj/marked/issues/497 NOTE: libv8 is not covered by security support -CVE-2014-9772 - RESERVED -CVE-2013-7454 - RESERVED -CVE-2013-7453 - RESERVED -CVE-2013-7452 - RESERVED -CVE-2013-7451 - RESERVED +CVE-2014-9772 (The validator package before 2.0.0 for Node.js allows remote attackers ...) + TODO: check +CVE-2013-7454 (The validator module before 1.1.0 for Node.js allows remote attackers ...) + TODO: check +CVE-2013-7453 (The validator module before 1.1.0 for Node.js allows remote attackers ...) + TODO: check +CVE-2013-7452 (The validator module before 1.1.0 for Node.js allows remote attackers ...) + TODO: check +CVE-2013-7451 (The validator module before 1.1.0 for Node.js allows remote attackers ...) + TODO: check CVE-2015-8866 (ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when ...) {DLA-499-1} - php5 5.6.6+dfsg-1 @@ -31928,8 +31913,7 @@ NOTE: http://git.php.net/?p=php-src.git;a=commit;h=16023f3e3b9c06cf677c3c980e8d574e4c162827 NOTE: Fixed in 7.0.0, 5.6.12, 5.5.28, 5.5.44 NOTE: http://www.openwall.com/lists/oss-security/2016/04/21/8 -CVE-2016-4056 - RESERVED +CVE-2016-4056 (Cross-site scripting (XSS) vulnerability in the Backend component in ...) - typo3-src <removed> [wheezy] - typo3-src <end-of-life> (See DSA 3314) CVE-2016-4054 (Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows ...) @@ -32081,8 +32065,7 @@ RESERVED CVE-2016-4011 RESERVED -CVE-2016-4010 - RESERVED +CVE-2016-4010 (Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP ...) NOT-FOR-US: Magento NOTE: https://magento.com/security/patches/magento-206-security-update NOTE: http://www.netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/ @@ -34328,8 +34311,7 @@ - torbrowser-launcher 0.2.4-1 [jessie] - torbrowser-launcher 0.1.9-1+deb8u3 NOTE: https://github.com/micahflee/torbrowser-launcher/issues/229 -CVE-2016-3177 [gifcolor: use-after-free in EGifCloseFile] - RESERVED +CVE-2016-3177 (Multiple use-after-free and double-free vulnerabilities in gifcolor.c ...) - giflib <unfixed> (unimportant) NOTE: https://sourceforge.net/p/giflib/bugs/83/ NOTE: Issue only in gifcolor utility, not installed into giflib-tools @@ -34405,8 +34387,8 @@ TODO: check CVE-2016-3148 RESERVED -CVE-2016-3147 - RESERVED +CVE-2016-3147 (Buffer overflow in the collector.exe listener of the Landesk ...) + TODO: check CVE-2016-3146 RESERVED CVE-2016-3145 (Lexmark printers with firmware ATL before ATL.021.063, CB before ...) @@ -35683,8 +35665,8 @@ NOTE: https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.html NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=23820dbfc79d1c9dce090b4c555994f2bb6a69b3 (v2.4.0-rc0) TODO: check again after the CVE id split -CVE-2016-2783 - RESERVED +CVE-2016-2783 (Avaya Fabric Connect Virtual Services Platform (VSP) Operating System ...) + TODO: check CVE-2016-2780 (Untrusted search path vulnerability in Huawei UTPS before ...) NOT-FOR-US: Huawei UTPS CVE-2016-2778 @@ -36827,8 +36809,7 @@ NOT-FOR-US: SAP CVE-2016-2386 (SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE ...) NOT-FOR-US: SAP -CVE-2015-8857 [incorrect handling of non-boolean comparisons during minification] - RESERVED +CVE-2015-8857 (The uglify-js package before 2.4.24 for Node.js does not properly ...) - uglifyjs <unfixed> (unimportant) NOTE: fixed in 2.4.24 NOTE: https://zyan.scripts.mit.edu/blog/backdooring-js/ @@ -37481,8 +37462,8 @@ NOTE: https://bugs.exim.org/show_bug.cgi?id=1780 NOTE: Possibly introduced after http://vcs.pcre.org/pcre?view=revision&revision=1266 NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1638 (8.39) -CVE-2016-2242 - RESERVED +CVE-2016-2242 (Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to ...) + TODO: check CVE-2016-2241 RESERVED CVE-2016-2240 @@ -39019,8 +39000,7 @@ [jessie] - imagemagick 8:6.8.9.9-5+deb8u1 [wheezy] - imagemagick 8:6.7.7.10-5+deb7u4 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/22/4 -CVE-2016-1925 [Improper handling of length parameter inconsitency] - RESERVED +CVE-2016-1925 (Integer underflow in header.c in lha allows remote attackers to have ...) - lha <removed> (unimportant) NOTE: Non-free not supported CVE-2016-1924 (The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote ...) @@ -40625,8 +40605,8 @@ TODO: check CVE-2016-1418 (Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 1850e, ...) TODO: check -CVE-2016-1417 - RESERVED +CVE-2016-1417 (Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows ...) + TODO: check CVE-2016-1416 (Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) ...) NOT-FOR-US: Cisco Prime CVE-2016-1415 (Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, ...) @@ -40966,8 +40946,8 @@ NOTE: http://www.openwall.com/lists/oss-security/2016/01/04/8 CVE-2016-1282 RESERVED -CVE-2016-1281 - RESERVED +CVE-2016-1281 (Untrusted search path vulnerability in the installer for TrueCrypt 7.2 ...) + TODO: check CVE-2015-8742 (The dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c ...) - wireshark 2.0.1+g59ea380-1 [jessie] - wireshark <not-affected> (Only affects 2.x) @@ -42907,8 +42887,8 @@ NOTE: https://www.samba.org/samba/security/CVE-2016-0771.html CVE-2016-0770 RESERVED -CVE-2016-0769 - RESERVED +CVE-2016-0769 (Multiple SQL injection vulnerabilities in eshop-orders.php in the ...) + TODO: check CVE-2016-0768 RESERVED CVE-2016-0767 @@ -42919,8 +42899,8 @@ - postgresql-9.4 <unfixed> - postgresql-9.1 <removed> [jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl) -CVE-2016-0765 - RESERVED +CVE-2016-0765 (Multiple cross-site scripting (XSS) vulnerabilities in ...) + TODO: check CVE-2016-0764 [Race conditions that could disclose connection secrets to authenticated local users] RESERVED - network-manager 1.1.91-1 (bug #820354) @@ -45812,8 +45792,7 @@ TODO: check CVE-2015-8318 (Heap-based buffer overflow in the HIFI driver in Huawei P8 smartphones ...) TODO: check -CVE-2015-8315 - RESERVED +CVE-2015-8315 (The ms package before 0.7.1 for Node.js allows attackers to cause a ...) NOT-FOR-US: ms for Node.js CVE-2015-8314 RESERVED @@ -46610,9 +46589,9 @@ NOTE: https://sources.debian.net/src/salt/2014.1.13%2Bds-3/salt/utils/verify.py/#L207 NOTE: https://github.com/cachedout/salt/commit/097838ec0c52b1e96f7f761e5fb3cd7e79808741 NOTE: https://github.com/saltstack/salt/issues/28455 -CVE-2014-9755 (The hardware VPN client in Viprinet MultichannelVPN Router 300 verison ...) +CVE-2014-9755 (The hardware VPN client in Viprinet MultichannelVPN Router 300 version ...) TODO: check -CVE-2014-9754 (The hardware VPN client in Viprinet MultichannelVPN Router 300 verison ...) +CVE-2014-9754 (The hardware VPN client in Viprinet MultichannelVPN Router 300 version ...) TODO: check CVE-2015-8075 REJECTED @@ -47569,8 +47548,8 @@ - mariadb-10.0 10.0.22-1 [jessie] - mariadb-10.0 10.0.22-0+deb8u1 NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL -CVE-2015-7743 - RESERVED +CVE-2015-7743 (XML external entity vulnerability in PRTG Network Monitor before ...) + TODO: check CVE-2015-7742 RESERVED CVE-2015-7741 @@ -56364,8 +56343,8 @@ - limesurvey <itp> (bug #472802) CVE-2015-4627 RESERVED -CVE-2015-4626 - RESERVED +CVE-2015-4626 (B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, ...) + TODO: check CVE-2015-4624 RESERVED CVE-2015-4623 @@ -61525,8 +61504,7 @@ - ownclound-contacts <itp> (bug #779055) NOTE: owncloud-contacts fixed in 0.3.0.18+8.0.0+dfsg-1 NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-001 -CVE-2015-8855 [Regular Expression Denial of Service] - RESERVED +CVE-2015-8855 (The semver package before 4.3.2 for Node.js allows attackers to cause ...) - node-semver <unfixed> (unimportant) NOTE: https://nodesecurity.io/advisories/semver_redos NOTE: https://github.com/npm/npm/releases/tag/v2.7.5 @@ -63296,8 +63274,7 @@ CVE-2015-2310 [Integer overflow in pointer validation] RESERVED - capnproto 0.4.1-3 (bug #780565) -CVE-2015-8856 [XSS via filename] - RESERVED +CVE-2015-8856 (Cross-site scripting (XSS) vulnerability in the serve-index package ...) - node-serve-index <unfixed> (unimportant) NOTE: libv8 is not covered by security support NOTE: https://nodesecurity.io/advisories/serve-static-xss @@ -74123,8 +74100,7 @@ NOT-FOR-US: WordPress plugin wpSS CVE-2014-8363 (SQL injection vulnerability in ss_handler.php in the WordPress ...) NOT-FOR-US: WordPress plugin wpSS -CVE-2014-8362 - RESERVED +CVE-2014-8362 (Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable ...) NOT-FOR-US: Vivint Sky Control Panel CVE-2014-8361 (The miniigd SOAP service in Realtek SDK allows remote attackers to ...) NOT-FOR-US: Realtek SDK @@ -90412,7 +90388,7 @@ - owncloud 6.0.2+dfsg-1 CVE-2014-2046 (cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 ...) NOT-FOR-US: Broadcom Ltd PIPA C211 -CVE-2014-2045 (Multiple cross-site scripting (XSS) vulnerabilities in the 'old' and ...) +CVE-2014-2045 (Multiple cross-site scripting (XSS) vulnerabilities in the old and new ...) TODO: check CVE-2014-2044 (Incomplete blacklist vulnerability in ajax/upload.php in ownCloud ...) - owncloud <not-affected> (Windows-specific) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits