Author: sectracker
Date: 2017-01-27 21:10:15 +0000 (Fri, 27 Jan 2017)
New Revision: 48459
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-27 20:54:49 UTC (rev 48458)
+++ data/CVE/list 2017-01-27 21:10:15 UTC (rev 48459)
@@ -1,3 +1,9 @@
+CVE-2017-5600
+ RESERVED
+CVE-2017-5599 (An issue was discovered in eClinicalWorks Patient Portal 7.0
build 13. ...)
+ TODO: check
+CVE-2017-5598 (An issue was discovered in eClinicalWorks healow@work 8.0 build
8. This ...)
+ TODO: check
CVE-2017-XXXX [XSS in the posts list table]
- wordpress <unfixed> (bug #852767)
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2017/01/27/2
@@ -987,10 +993,10 @@
NOTE: The issue is only present from 1.14 onwards, and prior to 1.14.1
since upstream
NOTE: changed a malloc'ed buffer for a static one.
NOTE: https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00001.html
-CVE-2017-5329
- RESERVED
-CVE-2017-5328
- RESERVED
+CVE-2017-5329 (Palo Alto Networks Terminal Services Agent before 7.0.7 allows
local ...)
+ TODO: check
+CVE-2017-5328 (Palo Alto Networks Terminal Services Agent before 7.0.7 allows
...)
+ TODO: check
CVE-2017-5327
RESERVED
CVE-2017-5326
@@ -4540,14 +4546,12 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/7
NOTE: When fixing this issue make sure to apply the complete correct
fix to
NOTE: not open ikiwiki to be vulnerable for CVE-2016-9645.
-CVE-2016-10025 [x86: missing NULL pointer check in VMFUNC emulation]
- RESERVED
+CVE-2016-10025 (VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems
using AMD ...)
- xen 4.8.0-1
[jessie] - xen <not-affected> (Vulnerable code introduced later)
[wheezy] - xen <not-affected> (Vulnerable code introduced later)
NOTE: https://xenbits.xen.org/xsa/advisory-203.html
-CVE-2016-10024 [x86 PV guests may be able to mask interrupts]
- RESERVED
+CVE-2016-10024 (Xen through 4.8.x allows local x86 PV guest OS kernel
administrators ...)
{DLA-783-1}
- xen 4.8.0-1
NOTE: https://xenbits.xen.org/xsa/advisory-202.html
@@ -4691,6 +4695,7 @@
NOTE: https://www.openssl.org/news/secadv/20170126.txt
CVE-2017-3731
RESERVED
+ {DSA-3773-1}
- openssl 1.1.0d-1
- openssl1.0 1.0.2k-1
NOTE: https://www.openssl.org/news/secadv/20170126.txt
@@ -4803,8 +4808,7 @@
RESERVED
CVE-2016-10000
RESERVED
-CVE-2016-10013 [x86: Mishandling of SYSCALL singlestep during emulation]
- RESERVED
+CVE-2016-10013 (Xen through 4.8.x allows local 64-bit x86 HVM guest OS users
to gain ...)
{DLA-783-1}
- xen 4.8.0-1 (bug #848713)
NOTE: https://xenbits.xen.org/xsa/advisory-204.html
@@ -4856,8 +4860,7 @@
NOTE: http://zeroscience.mk/en/vulnerabilities/ZSL-2016-5384.php
NOTE: Fixed by: https://github.com/commontk/DCMTK/commit/1b6bb76
NOTE: http://www.openwall.com/lists/oss-security/2016/12/17/2
-CVE-2016-10003 [Issue #2, cookie headers and other client-specific private
infformation leak]
- RESERVED
+CVE-2016-10003 (Incorrect HTTP Request header comparison in Squid HTTP Proxy
3.5.0.1 ...)
- squid3 3.5.23-1 (bug #848491)
[jessie] - squid3 <not-affected> (Does not affect Squid versions before
3.5.0.1)
[wheezy] - squid3 <not-affected> (Does not affect Squid versions before
3.5.0.1)
@@ -4871,8 +4874,7 @@
NOTE: 3.5.0.1 up to and including 3.5.22
NOTE: 4.0.1 up to and including 4.0.16
NOTE: http://www.openwall.com/lists/oss-security/2016/12/17/1
-CVE-2016-10002 [Issue #1, cookie headers and other client-specific private
infformation leak]
- RESERVED
+CVE-2016-10002 (Incorrect processing of responses to If-None-Modified HTTP
conditional ...)
{DSA-3745-1 DLA-763-1}
- squid3 3.5.23-1 (bug #848493)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_11.txt
@@ -4992,8 +4994,7 @@
{DSA-3748-1 DLA-766-1}
- libcrypto++ 5.6.4-5 (bug #848009)
NOTE: https://github.com/weidai11/cryptopp/issues/346
-CVE-2016-9932 [x86 CMPXCHG8B emulation fails to ignore operand size override]
- RESERVED
+CVE-2016-9932 (CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems
allows ...)
- xen 4.8.0~rc3-1 (bug #848081)
NOTE: https://xenbits.xen.org/xsa/advisory-200.html
CVE-2016-9931
@@ -5763,334 +5764,299 @@
RESERVED
CVE-2017-3444
RESERVED
-CVE-2017-3443
- RESERVED
+CVE-2017-3443 (Vulnerability in the Oracle Common Applications component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-3442
- RESERVED
-CVE-2017-3441
- RESERVED
-CVE-2017-3440
- RESERVED
+CVE-2017-3442 (Vulnerability in the Oracle Customer Interaction History
component of ...)
+ TODO: check
+CVE-2017-3441 (Vulnerability in the Oracle Customer Interaction History
component of ...)
+ TODO: check
+CVE-2017-3440 (Vulnerability in the Oracle Customer Interaction History
component of ...)
NOT-FOR-US: Oracle
-CVE-2017-3439
- RESERVED
-CVE-2017-3438
- RESERVED
-CVE-2017-3437
- RESERVED
-CVE-2017-3436
- RESERVED
-CVE-2017-3435
- RESERVED
+CVE-2017-3439 (Vulnerability in the Oracle One-to-One Fulfillment component of
Oracle ...)
+ TODO: check
+CVE-2017-3438 (Vulnerability in the Oracle One-to-One Fulfillment component of
Oracle ...)
+ TODO: check
+CVE-2017-3437 (Vulnerability in the Oracle One-to-One Fulfillment component of
Oracle ...)
+ TODO: check
+CVE-2017-3436 (Vulnerability in the Oracle One-to-One Fulfillment component of
Oracle ...)
+ TODO: check
+CVE-2017-3435 (Vulnerability in the Oracle One-to-One Fulfillment component of
Oracle ...)
+ TODO: check
CVE-2017-3434
RESERVED
-CVE-2017-3433
- RESERVED
+CVE-2017-3433 (Vulnerability in the Oracle One-to-One Fulfillment component of
Oracle ...)
+ TODO: check
CVE-2017-3432
RESERVED
-CVE-2017-3431
- RESERVED
-CVE-2017-3430
- RESERVED
-CVE-2017-3429
- RESERVED
-CVE-2017-3428
- RESERVED
-CVE-2017-3427
- RESERVED
-CVE-2017-3426
- RESERVED
-CVE-2017-3425
- RESERVED
-CVE-2017-3424
- RESERVED
-CVE-2017-3423
- RESERVED
-CVE-2017-3422
- RESERVED
-CVE-2017-3421
- RESERVED
+CVE-2017-3431 (Vulnerability in the Oracle One-to-One Fulfillment component of
Oracle ...)
+ TODO: check
+CVE-2017-3430 (Vulnerability in the Oracle One-to-One Fulfillment component of
Oracle ...)
+ TODO: check
+CVE-2017-3429 (Vulnerability in the Oracle One-to-One Fulfillment component of
Oracle ...)
+ TODO: check
+CVE-2017-3428 (Vulnerability in the Oracle One-to-One Fulfillment component of
Oracle ...)
+ TODO: check
+CVE-2017-3427 (Vulnerability in the Oracle One-to-One Fulfillment component of
Oracle ...)
+ TODO: check
+CVE-2017-3426 (Vulnerability in the Oracle One-to-One Fulfillment component of
Oracle ...)
+ TODO: check
+CVE-2017-3425 (Vulnerability in the Oracle One-to-One Fulfillment component of
Oracle ...)
+ TODO: check
+CVE-2017-3424 (Vulnerability in the Oracle One-to-One Fulfillment component of
Oracle ...)
+ TODO: check
+CVE-2017-3423 (Vulnerability in the Oracle One-to-One Fulfillment component of
Oracle ...)
+ TODO: check
+CVE-2017-3422 (Vulnerability in the Oracle One-to-One Fulfillment component of
Oracle ...)
+ TODO: check
+CVE-2017-3421 (Vulnerability in the Oracle One-to-One Fulfillment component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-3420
- RESERVED
-CVE-2017-3419
- RESERVED
-CVE-2017-3418
- RESERVED
+CVE-2017-3420 (Vulnerability in the Oracle CRM Technical Foundation component
of ...)
+ TODO: check
+CVE-2017-3419 (Vulnerability in the Oracle CRM Technical Foundation component
of ...)
+ TODO: check
+CVE-2017-3418 (Vulnerability in the Oracle CRM Technical Foundation component
of ...)
NOT-FOR-US: Oracle
-CVE-2017-3417
- RESERVED
-CVE-2017-3416
- RESERVED
-CVE-2017-3415
- RESERVED
+CVE-2017-3417 (Vulnerability in the Oracle Universal Work Queue component of
Oracle ...)
+ TODO: check
+CVE-2017-3416 (Vulnerability in the Oracle Universal Work Queue component of
Oracle ...)
+ TODO: check
+CVE-2017-3415 (Vulnerability in the Oracle Universal Work Queue component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-3414
- RESERVED
-CVE-2017-3413
- RESERVED
-CVE-2017-3412
- RESERVED
-CVE-2017-3411
- RESERVED
-CVE-2017-3410
- RESERVED
-CVE-2017-3409
- RESERVED
-CVE-2017-3408
- RESERVED
-CVE-2017-3407
- RESERVED
-CVE-2017-3406
- RESERVED
-CVE-2017-3405
- RESERVED
-CVE-2017-3404
- RESERVED
-CVE-2017-3403
- RESERVED
-CVE-2017-3402
- RESERVED
-CVE-2017-3401
- RESERVED
-CVE-2017-3400
- RESERVED
-CVE-2017-3399
- RESERVED
-CVE-2017-3398
- RESERVED
-CVE-2017-3397
- RESERVED
-CVE-2017-3396
- RESERVED
-CVE-2017-3395
- RESERVED
-CVE-2017-3394
- RESERVED
+CVE-2017-3414 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3413 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3412 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3411 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3410 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3409 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3408 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3407 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3406 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3405 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3404 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3403 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3402 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3401 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3400 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3399 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3398 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3397 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3396 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3395 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3394 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
CVE-2017-3393
RESERVED
-CVE-2017-3392
- RESERVED
-CVE-2017-3391
- RESERVED
-CVE-2017-3390
- RESERVED
-CVE-2017-3389
- RESERVED
-CVE-2017-3388
- RESERVED
-CVE-2017-3387
- RESERVED
+CVE-2017-3392 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3391 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3390 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3389 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3388 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3387 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
NOT-FOR-US: Oracle
-CVE-2017-3386
- RESERVED
-CVE-2017-3385
- RESERVED
-CVE-2017-3384
- RESERVED
-CVE-2017-3383
- RESERVED
-CVE-2017-3382
- RESERVED
-CVE-2017-3381
- RESERVED
-CVE-2017-3380
- RESERVED
-CVE-2017-3379
- RESERVED
-CVE-2017-3378
- RESERVED
-CVE-2017-3377
- RESERVED
-CVE-2017-3376
- RESERVED
-CVE-2017-3375
- RESERVED
-CVE-2017-3374
- RESERVED
-CVE-2017-3373
- RESERVED
+CVE-2017-3386 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3385 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3384 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3383 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3382 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3381 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3380 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3379 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3378 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3377 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3376 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3375 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3374 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
+ TODO: check
+CVE-2017-3373 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
NOT-FOR-US: Oracle
-CVE-2017-3372
- RESERVED
+CVE-2017-3372 (Vulnerability in the Oracle Interaction Blending component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-3371
- RESERVED
-CVE-2017-3370
- RESERVED
-CVE-2017-3369
- RESERVED
+CVE-2017-3371 (Vulnerability in the Oracle iSupport component of Oracle
E-Business ...)
+ TODO: check
+CVE-2017-3370 (Vulnerability in the Oracle iSupport component of Oracle
E-Business ...)
+ TODO: check
+CVE-2017-3369 (Vulnerability in the Oracle iSupport component of Oracle
E-Business ...)
NOT-FOR-US: Oracle
-CVE-2017-3368
- RESERVED
+CVE-2017-3368 (Vulnerability in the Oracle iStore component of Oracle
E-Business ...)
NOT-FOR-US: Oracle
-CVE-2017-3367
- RESERVED
-CVE-2017-3366
- RESERVED
-CVE-2017-3365
- RESERVED
-CVE-2017-3364
- RESERVED
-CVE-2017-3363
- RESERVED
-CVE-2017-3362
- RESERVED
+CVE-2017-3367 (Vulnerability in the Oracle Knowledge Management component of
Oracle ...)
+ TODO: check
+CVE-2017-3366 (Vulnerability in the Oracle Knowledge Management component of
Oracle ...)
+ TODO: check
+CVE-2017-3365 (Vulnerability in the Oracle Knowledge Management component of
Oracle ...)
+ TODO: check
+CVE-2017-3364 (Vulnerability in the Oracle Knowledge Management component of
Oracle ...)
+ TODO: check
+CVE-2017-3363 (Vulnerability in the Oracle Knowledge Management component of
Oracle ...)
+ TODO: check
+CVE-2017-3362 (Vulnerability in the Oracle Knowledge Management component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-3361
- RESERVED
+CVE-2017-3361 (Vulnerability in the Oracle Installed Base component of Oracle
...)
NOT-FOR-US: Oracle
-CVE-2017-3360
- RESERVED
-CVE-2017-3359
- RESERVED
+CVE-2017-3360 (Vulnerability in the Oracle Customer Intelligence component of
Oracle ...)
+ TODO: check
+CVE-2017-3359 (Vulnerability in the Oracle Customer Intelligence component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-3358
- RESERVED
-CVE-2017-3357
- RESERVED
+CVE-2017-3358 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
+ TODO: check
+CVE-2017-3357 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
+ TODO: check
CVE-2017-3356
RESERVED
CVE-2017-3355
RESERVED
-CVE-2017-3354
- RESERVED
-CVE-2017-3353
- RESERVED
-CVE-2017-3352
- RESERVED
-CVE-2017-3351
- RESERVED
-CVE-2017-3350
- RESERVED
-CVE-2017-3349
- RESERVED
-CVE-2017-3348
- RESERVED
+CVE-2017-3354 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
+ TODO: check
+CVE-2017-3353 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
+ TODO: check
+CVE-2017-3352 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
+ TODO: check
+CVE-2017-3351 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
+ TODO: check
+CVE-2017-3350 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
+ TODO: check
+CVE-2017-3349 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
+ TODO: check
+CVE-2017-3348 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
+ TODO: check
CVE-2017-3347
RESERVED
-CVE-2017-3346
- RESERVED
+CVE-2017-3346 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
+ TODO: check
CVE-2017-3345
RESERVED
-CVE-2017-3344
- RESERVED
-CVE-2017-3343
- RESERVED
+CVE-2017-3344 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
+ TODO: check
+CVE-2017-3343 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
+ TODO: check
CVE-2017-3342
RESERVED
-CVE-2017-3341
- RESERVED
-CVE-2017-3340
- RESERVED
-CVE-2017-3339
- RESERVED
-CVE-2017-3338
- RESERVED
+CVE-2017-3341 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
+ TODO: check
+CVE-2017-3340 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
+ TODO: check
+CVE-2017-3339 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
+ TODO: check
+CVE-2017-3338 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
+ TODO: check
CVE-2017-3337
RESERVED
-CVE-2017-3336
- RESERVED
-CVE-2017-3335
- RESERVED
-CVE-2017-3334
- RESERVED
-CVE-2017-3333
- RESERVED
+CVE-2017-3336 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
+ TODO: check
+CVE-2017-3335 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
+ TODO: check
+CVE-2017-3334 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
+ TODO: check
+CVE-2017-3333 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
NOT-FOR-US: Oracle
-CVE-2017-3332
- RESERVED
+CVE-2017-3332 (Vulnerability in the Oracle VM VirtualBox component of Oracle
...)
- virtualbox 5.1.14-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-3331
RESERVED
-CVE-2017-3330
- RESERVED
+CVE-2017-3330 (Vulnerability in the Siebel UI Framework component of Oracle
Siebel ...)
NOT-FOR-US: Oracle Siebel
CVE-2017-3329
RESERVED
-CVE-2017-3328
- RESERVED
+CVE-2017-3328 (Vulnerability in the Oracle Common Applications component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-3327
- RESERVED
+CVE-2017-3327 (Vulnerability in the Oracle Common Applications component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-3326
- RESERVED
+CVE-2017-3326 (Vulnerability in the Oracle Common Applications component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-3325
- RESERVED
+CVE-2017-3325 (Vulnerability in the Siebel UI Framework component of Oracle
Siebel ...)
NOT-FOR-US: Oracle Siebel
-CVE-2017-3324
- RESERVED
+CVE-2017-3324 (Vulnerability in the Primavera P6 Enterprise Project Portfolio
...)
NOT-FOR-US: Oracle Primavera
-CVE-2017-3323
- RESERVED
+CVE-2017-3323 (Vulnerability in the MySQL Cluster component of Oracle MySQL
...)
NOT-FOR-US: MySQL Cluster
-CVE-2017-3322
- RESERVED
+CVE-2017-3322 (Vulnerability in the MySQL Cluster component of Oracle MySQL
...)
NOT-FOR-US: MySQL Cluster
-CVE-2017-3321
- RESERVED
+CVE-2017-3321 (Vulnerability in the MySQL Cluster component of Oracle MySQL
...)
NOT-FOR-US: MySQL Cluster
-CVE-2017-3320
- RESERVED
+CVE-2017-3320 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #851235)
- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
-CVE-2017-3319
- RESERVED
+CVE-2017-3319 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #851235)
- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
-CVE-2017-3318
- RESERVED
+CVE-2017-3318 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-3770-1 DSA-3767-1 DLA-797-1}
- mariadb-10.1 10.1.21-1 (bug #851759)
- mariadb-10.0 <unfixed> (bug #851755)
- mysql-5.7 <unfixed> (bug #851235)
- mysql-5.6 5.6.35-1 (bug #851234)
- mysql-5.5 <removed> (bug #851233)
-CVE-2017-3317
- RESERVED
+CVE-2017-3317 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-3770-1 DSA-3767-1 DLA-797-1}
- mariadb-10.1 10.1.21-1 (bug #851759)
- mariadb-10.0 <unfixed> (bug #851755)
- mysql-5.7 <unfixed> (bug #851235)
- mysql-5.6 5.6.35-1 (bug #851234)
- mysql-5.5 <removed> (bug #851233)
-CVE-2017-3316
- RESERVED
+CVE-2017-3316 (Vulnerability in the Oracle VM VirtualBox component of Oracle
...)
- virtualbox 5.1.14-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
[wheezy] - virtualbox <end-of-life> (DSA 3454)
-CVE-2017-3315
- RESERVED
+CVE-2017-3315 (Vulnerability in the PeolpeSoft Enterprise HCM ePerformance
component ...)
NOT-FOR-US: Oracle PeopleSoft
-CVE-2017-3314
- RESERVED
+CVE-2017-3314 (Vulnerability in the Oracle FLEXCUBE Universal Banking
component of ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2017-3313
- RESERVED
+CVE-2017-3313 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-3767-1 DLA-797-1}
- mysql-5.7 <unfixed> (bug #851235)
- mysql-5.6 5.6.35-1 (bug #851234)
- mysql-5.5 <removed> (bug #851233)
-CVE-2017-3312
- RESERVED
+CVE-2017-3312 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-3770-1 DSA-3767-1 DLA-797-1}
- mariadb-10.1 10.1.21-1 (bug #851759)
- mariadb-10.0 <unfixed> (bug #851755)
- mysql-5.7 <unfixed> (bug #851235)
- mysql-5.6 5.6.35-1 (bug #851234)
- mysql-5.5 <removed> (bug #851233)
-CVE-2017-3311
- RESERVED
+CVE-2017-3311 (Vulnerability in the Application Testing Suite component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-3310
- RESERVED
+CVE-2017-3310 (Vulnerability in the OJVM component of Oracle Database Server.
...)
NOT-FOR-US: Oracle
CVE-2017-3309
RESERVED
@@ -6104,257 +6070,194 @@
RESERVED
CVE-2017-3304
RESERVED
-CVE-2017-3303
- RESERVED
+CVE-2017-3303 (Vulnerability in the Oracle XML Gateway component of Oracle
E-Business ...)
NOT-FOR-US: Oracle
CVE-2017-3302
RESERVED
-CVE-2017-3301
- RESERVED
+CVE-2017-3301 (Vulnerability in the Solaris component of Oracle Sun Systems
Products ...)
NOT-FOR-US: Solaris
-CVE-2017-3300
- RESERVED
+CVE-2017-3300 (Vulnerability in the PeopleSoft Enterprise PeopleTools
component of ...)
NOT-FOR-US: Oracle PeopleSoft
-CVE-2017-3299
- RESERVED
+CVE-2017-3299 (Vulnerability in the PeopleSoft Enterprise PeopleTools
component of ...)
NOT-FOR-US: Oracle PeopleSoft
-CVE-2017-3298
- RESERVED
+CVE-2017-3298 (Vulnerability in the PeopleSoft Enterprise PeopleTools
component of ...)
NOT-FOR-US: Oracle PeopleSoft
-CVE-2017-3297
- RESERVED
+CVE-2017-3297 (Vulnerability in the Oracle FLEXCUBE Direct Banking component
of ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2017-3296
- RESERVED
+CVE-2017-3296 (Vulnerability in the Oracle Commerce Platform component of
Oracle ...)
NOT-FOR-US: Oracle Commerce
-CVE-2017-3295
- RESERVED
+CVE-2017-3295 (Vulnerability in the Oracle Outside In Technology component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-3294
- RESERVED
+CVE-2017-3294 (Vulnerability in the Oracle Outside In Technology component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-3293
- RESERVED
+CVE-2017-3293 (Vulnerability in the Oracle Outside In Technology component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-3292
- RESERVED
+CVE-2017-3292 (Vulnerability in the PeopleSoft Enterprise PeopleTools
component of ...)
NOT-FOR-US: Oracle PeopleSoft
-CVE-2017-3291
- RESERVED
+CVE-2017-3291 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-3770-1 DSA-3767-1 DLA-797-1}
- mariadb-10.1 10.1.21-1 (bug #851759)
- mariadb-10.0 <unfixed> (bug #851755)
- mysql-5.7 <unfixed> (bug #851235)
- mysql-5.6 5.6.35-1 (bug #851234)
- mysql-5.5 <removed> (bug #851233)
-CVE-2017-3290
- RESERVED
+CVE-2017-3290 (Vulnerability in the Oracle VM VirtualBox component of Oracle
...)
- virtualbox 5.1.14-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
[wheezy] - virtualbox <end-of-life> (DSA 3454)
-CVE-2017-3289
- RESERVED
+CVE-2017-3289 (Vulnerability in the Java SE, Java SE Embedded component of
Oracle ...)
- openjdk-8 8u121-b13-1
- openjdk-7 <removed>
CVE-2017-3288
RESERVED
-CVE-2017-3287
- RESERVED
+CVE-2017-3287 (Vulnerability in the Oracle iStore component of Oracle
E-Business ...)
NOT-FOR-US: Oracle
-CVE-2017-3286
- RESERVED
+CVE-2017-3286 (Vulnerability in the Oracle Applications DBA component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-3285
- RESERVED
+CVE-2017-3285 (Vulnerability in the Oracle Service Fulfillment Manager
component of ...)
NOT-FOR-US: Oracle
-CVE-2017-3284
- RESERVED
+CVE-2017-3284 (Vulnerability in the Oracle Fulfillment Manager component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-3283
- RESERVED
+CVE-2017-3283 (Vulnerability in the Oracle Partner Management component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-3282
- RESERVED
+CVE-2017-3282 (Vulnerability in the Oracle Partner Management component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-3281
- RESERVED
+CVE-2017-3281 (Vulnerability in the Oracle Partner Management component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-3280
- RESERVED
+CVE-2017-3280 (Vulnerability in the Oracle Partner Management component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-3279
- RESERVED
+CVE-2017-3279 (Vulnerability in the Oracle Leads Management component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-3278
- RESERVED
+CVE-2017-3278 (Vulnerability in the Oracle One-to-One Fulfillment component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-3277
- RESERVED
+CVE-2017-3277 (Vulnerability in the Oracle Applications Manager component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-3276
- RESERVED
+CVE-2017-3276 (Vulnerability in the Solaris component of Oracle Sun Systems
Products ...)
NOT-FOR-US: Solaris
-CVE-2017-3275
- RESERVED
+CVE-2017-3275 (Vulnerability in the Oracle Email Center component of Oracle
...)
NOT-FOR-US: Oracle
-CVE-2017-3274
- RESERVED
+CVE-2017-3274 (Vulnerability in the Oracle Email Center component of Oracle
...)
NOT-FOR-US: Oracle
-CVE-2017-3273
- RESERVED
+CVE-2017-3273 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #851235)
- mysql-5.6 5.6.35-1 (bug #851234)
- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
-CVE-2017-3272
- RESERVED
+CVE-2017-3272 (Vulnerability in the Java SE, Java SE Embedded component of
Oracle ...)
- openjdk-8 8u121-b13-1
- openjdk-7 <removed>
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
-CVE-2017-3271
- RESERVED
+CVE-2017-3271 (Vulnerability in the Oracle Outside In Technology component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-3270
- RESERVED
+CVE-2017-3270 (Vulnerability in the Oracle Outside In Technology component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-3269
- RESERVED
+CVE-2017-3269 (Vulnerability in the Oracle Outside In Technology component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-3268
- RESERVED
+CVE-2017-3268 (Vulnerability in the Oracle Outside In Technology component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-3267
- RESERVED
+CVE-2017-3267 (Vulnerability in the Oracle Outside In Technology component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-3266
- RESERVED
+CVE-2017-3266 (Vulnerability in the Oracle Outside In Technology component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2017-3265
- RESERVED
+CVE-2017-3265 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-3770-1 DSA-3767-1 DLA-797-1}
- mariadb-10.1 10.1.21-1 (bug #851759)
- mariadb-10.0 <unfixed> (bug #851755)
- mysql-5.7 <unfixed> (bug #851235)
- mysql-5.6 5.6.35-1 (bug #851234)
- mysql-5.5 <removed> (bug #851233)
-CVE-2017-3264
- RESERVED
+CVE-2017-3264 (Vulnerability in the Siebel UI Framework component of Oracle
Siebel ...)
NOT-FOR-US: Oracle Siebel
-CVE-2017-3263
- RESERVED
+CVE-2017-3263 (Vulnerability in the Primavera P6 Enterprise Project Portfolio
...)
NOT-FOR-US: Oracle Primavera
-CVE-2017-3262
- RESERVED
+CVE-2017-3262 (Vulnerability in the Java SE component of Oracle Java SE ...)
- openjdk-8 <not-affected> (specific to Oracle Java)
-CVE-2017-3261
- RESERVED
+CVE-2017-3261 (Vulnerability in the Java SE, Java SE Embedded component of
Oracle ...)
- openjdk-8 8u121-b13-1
- openjdk-7 <removed>
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
-CVE-2017-3260
- RESERVED
+CVE-2017-3260 (Vulnerability in the Java SE component of Oracle Java SE ...)
- openjdk-8 8u121-b13-1
- openjdk-7 <removed>
-CVE-2017-3259
- RESERVED
+CVE-2017-3259 (Vulnerability in the Java SE component of Oracle Java SE ...)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK,
only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK,
only present in Oracle Java)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK,
only present in Oracle Java)
-CVE-2017-3258
- RESERVED
+CVE-2017-3258 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-3770-1 DSA-3767-1 DLA-797-1}
- mariadb-10.1 10.1.21-1 (bug #851759)
- mariadb-10.0 <unfixed> (bug #851755)
- mysql-5.7 <unfixed> (bug #851235)
- mysql-5.6 5.6.35-1 (bug #851234)
- mysql-5.5 <removed> (bug #851233)
-CVE-2017-3257
- RESERVED
+CVE-2017-3257 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-3770-1}
- mariadb-10.1 10.1.21-1 (bug #851759)
- mariadb-10.0 <unfixed> (bug #851755)
- mysql-5.7 <unfixed> (bug #851235)
- mysql-5.6 5.6.35-1 (bug #851234)
- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
-CVE-2017-3256
- RESERVED
+CVE-2017-3256 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #851235)
- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
-CVE-2017-3255
- RESERVED
+CVE-2017-3255 (Vulnerability in the Oracle JDeveloper component of Oracle
Fusion ...)
NOT-FOR-US: Oracle
CVE-2017-3254
RESERVED
-CVE-2017-3253
- RESERVED
+CVE-2017-3253 (Vulnerability in the Java SE, Java SE Embedded, JRockit
component of ...)
- openjdk-8 8u121-b13-1
- openjdk-7 <removed>
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
-CVE-2017-3252
- RESERVED
+CVE-2017-3252 (Vulnerability in the Java SE, Java SE Embedded, JRockit
component of ...)
- openjdk-8 8u121-b13-1
- openjdk-7 <removed>
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
-CVE-2017-3251
- RESERVED
+CVE-2017-3251 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #851235)
- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
-CVE-2017-3250
- RESERVED
+CVE-2017-3250 (Vulnerability in the Oracle GlassFish Server component of
Oracle ...)
- glassfish <unfixed>
-CVE-2017-3249
- RESERVED
+CVE-2017-3249 (Vulnerability in the Oracle GlassFish Server component of
Oracle ...)
- glassfish <unfixed>
-CVE-2017-3248
- RESERVED
+CVE-2017-3248 (Vulnerability in the Oracle WebLogic Server component of Oracle
Fusion ...)
NOT-FOR-US: Oracle
-CVE-2017-3247
- RESERVED
+CVE-2017-3247 (Vulnerability in the Oracle GlassFish Server component of
Oracle ...)
- glassfish <unfixed>
-CVE-2017-3246
- RESERVED
+CVE-2017-3246 (Vulnerability in the Oracle Application Object Library
component of ...)
NOT-FOR-US: Oracle
-CVE-2017-3245
- RESERVED
+CVE-2017-3245 (Vulnerability in the Oracle FLEXCUBE Direct Banking component
of ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2017-3244
- RESERVED
+CVE-2017-3244 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-3770-1 DSA-3767-1 DLA-797-1}
- mariadb-10.1 10.1.21-1 (bug #851759)
- mariadb-10.0 <unfixed> (bug #851755)
- mysql-5.7 <unfixed> (bug #851235)
- mysql-5.6 5.6.35-1 (bug #851234)
- mysql-5.5 <removed> (bug #851233)
-CVE-2017-3243
- RESERVED
+CVE-2017-3243 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-3770-1 DSA-3767-1 DLA-797-1}
- mariadb-10.1 10.1.21-1 (bug #851759)
- mariadb-10.0 <unfixed> (bug #851755)
- mysql-5.7 <not-affected> (Only affects MySQL 5.5)
- mysql-5.6 <not-affected> (Only affects MySQL 5.5)
- mysql-5.5 <removed> (bug #851233)
-CVE-2017-3242
- RESERVED
+CVE-2017-3242 (Vulnerability in the Oracle VM Server for Sparc component of
Oracle ...)
NOT-FOR-US: Solaris
-CVE-2017-3241
- RESERVED
+CVE-2017-3241 (Vulnerability in the Java SE, Java SE Embedded, JRockit
component of ...)
- openjdk-8 8u121-b13-1
- openjdk-7 <removed>
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
-CVE-2017-3240
- RESERVED
+CVE-2017-3240 (Vulnerability in the RDBMS Security component of Oracle
Database ...)
NOT-FOR-US: Oracle
-CVE-2017-3239
- RESERVED
+CVE-2017-3239 (Vulnerability in the Oracle GlassFish Server component of
Oracle ...)
- glassfish <not-affected> (Only affects 3.x)
-CVE-2017-3238
- RESERVED
+CVE-2017-3238 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DSA-3770-1 DSA-3767-1 DLA-797-1}
- mariadb-10.1 10.1.21-1 (bug #851759)
- mariadb-10.0 <unfixed> (bug #851755)
@@ -6363,11 +6266,9 @@
- mysql-5.5 <removed> (bug #851233)
CVE-2017-3237
RESERVED
-CVE-2017-3236
- RESERVED
+CVE-2017-3236 (Vulnerability in the Oracle FLEXCUBE Universal Banking
component of ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2017-3235
- RESERVED
+CVE-2017-3235 (Vulnerability in the Oracle FLEXCUBE Universal Banking
component of ...)
NOT-FOR-US: Oracle FLEXCUBE
CVE-2017-3234
RESERVED
@@ -6375,8 +6276,7 @@
RESERVED
CVE-2017-3232
RESERVED
-CVE-2017-3231
- RESERVED
+CVE-2017-3231 (Vulnerability in the Java SE, Java SE Embedded component of
Oracle ...)
- openjdk-8 8u121-b13-1
- openjdk-7 <removed>
- openjdk-6 <removed>
@@ -7182,8 +7082,8 @@
RESERVED
CVE-2016-9796 (Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different
ORBs ...)
NOT-FOR-US: Alcatel-Lucent OmniVista
-CVE-2016-9795
- RESERVED
+CVE-2016-9795 (The casrvc program in CA Common Services, as used in CA Client
...)
+ TODO: check
CVE-2016-9792
RESERVED
CVE-2016-9791
@@ -13556,8 +13456,7 @@
[jessie] - linux 3.16.39-1
[wheezy] - linux <not-affected> (Introduced in 3.12)
NOTE: Fixed by:
https://git.kernel.org/linus/92964c79b357efd980812c4de5c1fd2ec8bb5520 (v4.7-rc1)
-CVE-2016-9636
- RESERVED
+CVE-2016-9636 (Heap-based buffer overflow in the flx_decode_delta_fli function
in ...)
{DSA-3724-1 DSA-3723-1 DLA-727-1}
- gst-plugins-good1.0 1.10.1-2 (bug #845375)
- gst-plugins-good0.10 <removed>
@@ -13567,8 +13466,7 @@
NOTE: Fixed by:
https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2
NOTE: Fixed by (later followed up):
https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9
NOTE: Fixed by (later followed up):
https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
-CVE-2016-9635
- RESERVED
+CVE-2016-9635 (Heap-based buffer overflow in the flx_decode_delta_fli function
in ...)
{DSA-3724-1 DSA-3723-1 DLA-727-1}
- gst-plugins-good1.0 1.10.1-2 (bug #845375)
- gst-plugins-good0.10 <removed>
@@ -13578,8 +13476,7 @@
NOTE: Fixed by:
https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2
NOTE: Fixed by (later followed up):
https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9
NOTE: Fixed by (later followed up):
https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
-CVE-2016-9634
- RESERVED
+CVE-2016-9634 (Heap-based buffer overflow in the flx_decode_delta_fli function
in ...)
{DSA-3724-1 DSA-3723-1 DLA-727-1}
- gst-plugins-good1.0 1.10.1-2 (bug #845375)
- gst-plugins-good0.10 <removed>
@@ -13892,8 +13789,7 @@
- imagemagick 8:6.9.6.2+dfsg-2 (bug #845195)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410
NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
-CVE-2016-9448 [invalid read of size 1 in TIFFFetchNormalTag]
- RESERVED
+CVE-2016-9448 (The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote
...)
- tiff <not-affected> (Vulnerable code introduced by fix for
CVE-2016-9297)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2593
NOTE: Regression introduced by previous fix done on 2016-11-11 for
CVE-2016-9297
@@ -14081,8 +13977,7 @@
RESERVED
CVE-2015-8973
RESERVED
-CVE-2016-9453 [tiff2pdf: out-of-bounds write memcpy]
- RESERVED
+CVE-2016-9453 (The t2p_readwrite_pdf_image_tile function in LibTIFF allows
remote ...)
{DSA-3762-1}
- tiff 4.0.6-3
[wheezy] - tiff 4.0.2-6+deb7u7
@@ -14400,8 +14295,7 @@
NOTE: For wheezy it is probably not worth the effort to fix this
problem.
NOTE: The reason is that the correction is to introduce a new option
that can be specified if this new behaviour
NOTE: is wanted. It is not enforced by default.
-CVE-2016-9317
- RESERVED
+CVE-2016-9317 (The gdImageCreate function in the GD Graphics Library (aka
libgd) ...)
- libgd2 2.2.4-1
NOTE:
https://github.com/libgd/libgd/commit/6944ea10cb730d5071620439c6c2e823e6caeff1
NOTE: https://github.com/libgd/libgd/issues/340
@@ -14506,8 +14400,7 @@
CVE-2016-9299 (The remoting module in Jenkins before 2.32 and LTS before
2.19.3 ...)
- jenkins <removed>
NOTE: http://www.openwall.com/lists/oss-security/2016/11/12/4
-CVE-2016-9298 [heap overflow in WaveletDenoiseImage()]
- RESERVED
+CVE-2016-9298 (Heap overflow in the WaveletDenoiseImage function in
MagickCore/fx.c ...)
- imagemagick 8:6.9.6.5+dfsg-1 (bug #844211)
[jessie] - imagemagick <not-affected> (Vulnerable code not present)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
@@ -15282,16 +15175,16 @@
RESERVED
CVE-2016-9055
RESERVED
-CVE-2016-9054
- RESERVED
+CVE-2016-9054 (An exploitable stack-based buffer overflow vulnerability exists
in the ...)
+ TODO: check
CVE-2016-9053
RESERVED
-CVE-2016-9052
- RESERVED
+CVE-2016-9052 (An exploitable stack-based buffer overflow vulnerability exists
in the ...)
+ TODO: check
CVE-2016-9051
RESERVED
-CVE-2016-9050
- RESERVED
+CVE-2016-9050 (An exploitable out-of-bounds read vulnerability exists in the
client ...)
+ TODO: check
CVE-2016-9049
RESERVED
CVE-2016-9048
@@ -16062,8 +15955,8 @@
RESERVED
CVE-2016-8711
RESERVED
-CVE-2016-8710
- RESERVED
+CVE-2016-8710 (An exploitable heap write out of bounds vulnerability exists in
the ...)
+ TODO: check
CVE-2016-8709
RESERVED
CVE-2016-8708
@@ -16241,8 +16134,7 @@
RESERVED
CVE-2005-4896
RESERVED
-CVE-2016-6911 [invalid read in gdImageCreateFromTiffPtr()]
- RESERVED
+CVE-2016-6911 (The dynamicGetbuf function in the GD Graphics Library (aka
libgd) ...)
{DSA-3693-1 DLA-665-1}
- libgd2 2.2.3-87-gd0fec80-2 (bug #840806)
NOTE: Corresponds to the
0020-Fix-invalid-read-in-gdImageCreateFromTiffPtr.patch patch
@@ -16689,6 +16581,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/10/27/16
CVE-2016-8610 [SSL/TLS SSL3_AL_WARNING undefined alert DoS]
RESERVED
+ {DSA-3773-1}
- openssl 1.0.2j-1
NOTE: http://www.openwall.com/lists/oss-security/2016/10/24/3
NOTE: Fixed by:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401
@@ -17228,8 +17121,8 @@
RESERVED
CVE-2016-8412 (An elevation of privilege vulnerability in the Qualcomm camera
could ...)
NOT-FOR-US: Qualcomm component for Android
-CVE-2016-8411
- RESERVED
+CVE-2016-8411 (Buffer overflow vulnerability while processing QMI QOS TLVs.
Product: ...)
+ TODO: check
CVE-2016-8410 (An information disclosure vulnerability in the Qualcomm sound
driver ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8409 (An information disclosure vulnerability in the NVIDIA video
driver ...)
@@ -17484,109 +17377,77 @@
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0190/
NOTE: thumbnail(1) was removed in 4.0.6-3 and DSA 3762, marking as
fixed although technically still present in the source package
NOTE: From the backtrace shared in the report, we can see that the
crash is triggered though the thumbnail tool which has been dropped upstream.
-CVE-2016-8330
- RESERVED
+CVE-2016-8330 (Vulnerability in the Solaris component of Oracle Sun Systems
Products ...)
NOT-FOR-US: Solaris
-CVE-2016-8329
- RESERVED
+CVE-2016-8329 (Vulnerability in the PeopleSoft Enterprise PeopleTools
component of ...)
NOT-FOR-US: Oracle PeopleSoft
-CVE-2016-8328
- RESERVED
+CVE-2016-8328 (Vulnerability in the Java SE component of Oracle Java SE ...)
- openjdk-8 <not-affected> (specific to Oracle Java)
-CVE-2016-8327
- RESERVED
+CVE-2016-8327 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #851235)
- mysql-5.6 5.6.35-1 (bug #851234)
- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2016-8326
RESERVED
-CVE-2016-8325
- RESERVED
+CVE-2016-8325 (Vulnerability in the Oracle One-to-One Fulfillment component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2016-8324
- RESERVED
+CVE-2016-8324 (Vulnerability in the Oracle FLEXCUBE Core Banking component of
Oracle ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2016-8323
- RESERVED
+CVE-2016-8323 (Vulnerability in the Oracle FLEXCUBE Core Banking component of
Oracle ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2016-8322
- RESERVED
+CVE-2016-8322 (Vulnerability in the Oracle FLEXCUBE Core Banking component of
Oracle ...)
NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8321
RESERVED
-CVE-2016-8320
- RESERVED
+CVE-2016-8320 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and
Collateral ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2016-8319
- RESERVED
+CVE-2016-8319 (Vulnerability in the Oracle FLEXCUBE Investor Servicing
component of ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2016-8318
- RESERVED
+CVE-2016-8318 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 <unfixed> (bug #851235)
- mysql-5.6 5.6.35-1 (bug #851234)
- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
-CVE-2016-8317
- RESERVED
+CVE-2016-8317 (Vulnerability in the Oracle FLEXCUBE Investor Servicing
component of ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2016-8316
- RESERVED
+CVE-2016-8316 (Vulnerability in the Oracle FLEXCUBE Investor Servicing
component of ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2016-8315
- RESERVED
+CVE-2016-8315 (Vulnerability in the Oracle FLEXCUBE Investor Servicing
component of ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2016-8314
- RESERVED
+CVE-2016-8314 (Vulnerability in the Oracle FLEXCUBE Core Banking component of
Oracle ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2016-8313
- RESERVED
+CVE-2016-8313 (Vulnerability in the Oracle FLEXCUBE Private Banking component
of ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2016-8312
- RESERVED
+CVE-2016-8312 (Vulnerability in the Oracle FLEXCUBE Private Banking component
of ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2016-8311
- RESERVED
+CVE-2016-8311 (Vulnerability in the Oracle FLEXCUBE Universal Banking
component of ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2016-8310
- RESERVED
+CVE-2016-8310 (Vulnerability in the Oracle FLEXCUBE Universal Banking
component of ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2016-8309
- RESERVED
+CVE-2016-8309 (Vulnerability in the Oracle FLEXCUBE Investor Servicing
component of ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2016-8308
- RESERVED
+CVE-2016-8308 (Vulnerability in the Oracle FLEXCUBE Private Banking component
of ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2016-8307
- RESERVED
+CVE-2016-8307 (Vulnerability in the Oracle FLEXCUBE Universal Banking
component of ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2016-8306
- RESERVED
+CVE-2016-8306 (Vulnerability in the Oracle FLEXCUBE Investor Servicing
component of ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2016-8305
- RESERVED
+CVE-2016-8305 (Vulnerability in the Oracle FLEXCUBE Universal Banking
component of ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2016-8304
- RESERVED
+CVE-2016-8304 (Vulnerability in the Oracle FLEXCUBE Universal Banking
component of ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2016-8303
- RESERVED
+CVE-2016-8303 (Vulnerability in the Oracle FLEXCUBE Universal Banking
component of ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2016-8302
- RESERVED
+CVE-2016-8302 (Vulnerability in the Oracle FLEXCUBE Universal Banking
component of ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2016-8301
- RESERVED
+CVE-2016-8301 (Vulnerability in the Oracle FLEXCUBE Universal Banking
component of ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2016-8300
- RESERVED
+CVE-2016-8300 (Vulnerability in the Oracle FLEXCUBE Private Banking component
of ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2016-8299
- RESERVED
+CVE-2016-8299 (Vulnerability in the Oracle FLEXCUBE Universal Banking
component of ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2016-8298
- RESERVED
+CVE-2016-8298 (Vulnerability in the Oracle FLEXCUBE Private Banking component
of ...)
NOT-FOR-US: Oracle FLEXCUBE
-CVE-2016-8297
- RESERVED
+CVE-2016-8297 (Vulnerability in the Oracle FLEXCUBE Universal Banking
component of ...)
NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8296 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
NOT-FOR-US: PeopleSoft
@@ -17635,8 +17496,7 @@
[jessie] - mysql-5.5 5.5.52-0+deb8u1
[wheezy] - mysql-5.5 5.5.52-0+deb7u1
NOTE: Fixed in MariaDB 5.5.52, MariaDB 10.1.18, MariaDB 10.0.28
-CVE-2016-8282
- RESERVED
+CVE-2016-8282 (Vulnerability in the Oracle FLEXCUBE Private Banking component
of ...)
NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8281 (Unspecified vulnerability in the Oracle Platform Security for
Java ...)
NOT-FOR-US: Oracle
@@ -17824,12 +17684,12 @@
RESERVED
CVE-2016-8228
RESERVED
-CVE-2016-8227
- RESERVED
-CVE-2016-8226
- RESERVED
-CVE-2016-8225
- RESERVED
+CVE-2016-8227 (Privilege escalation vulnerability in Lenovo Transition
application ...)
+ TODO: check
+CVE-2016-8226 (The BIOS in Lenovo System X M5, M6, and X6 systems allows ...)
+ TODO: check
+CVE-2016-8225 (Unquoted service path vulnerability in Lenovo Edge and Lenovo
Slim USB ...)
+ TODO: check
CVE-2016-8224 (A vulnerability has been identified in some Lenovo Notebook and
...)
NOT-FOR-US: Lenovo
CVE-2016-8223 (During an internal security review, Lenovo identified a local
...)
@@ -20084,8 +19944,7 @@
- drupal7 <not-affected> (Only affects Drupal 8)
CVE-2016-7570 (Drupal 8.x before 8.1.10 does not properly check for
"Administer ...)
- drupal7 <not-affected> (Only affects Drupal 8)
-CVE-2016-7569
- RESERVED
+CVE-2016-7569 (Directory traversal vulnerability in docker2aci before 0.13.0
allows ...)
- golang-github-appc-docker2aci 0.14.0+dfsg-1 (bug #839282)
NOTE: https://github.com/appc/docker2aci/issues/201
CVE-2016-7568 (Integer overflow in the gdImageWebpCtx function in gd_webp.c in
the GD ...)
@@ -21686,6 +21545,7 @@
RESERVED
CVE-2016-7056 [ECDSA P-256 timing attack key recovery]
RESERVED
+ {DSA-3773-1}
- openssl 1.0.2a-1
- openssl1.0 <not-affected> (Fixed before initial upload to Debian)
NOTE: https://eprint.iacr.org/2016/1195.pdf
@@ -22039,16 +21899,15 @@
RESERVED
CVE-2016-6913 (Cross-site scripting (XSS) vulnerability in AlienVault OSSIM
before ...)
NOT-FOR-US: OSSIM
-CVE-2016-6912
- RESERVED
+CVE-2016-6912 (Double free vulnerability in the gdImageWebPtr function in the
GD ...)
- libgd2 2.2.4-1
NOTE:
https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2
CVE-2016-6910 (The non-existent notification listener vulnerability was
introduced in ...)
TODO: check
CVE-2016-6909 (Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x
before ...)
NOT-FOR-US: Fortinet
-CVE-2016-6908
- RESERVED
+CVE-2016-6908 (Characters from languages are such as Arabic, Hebrew are
displayed ...)
+ TODO: check
CVE-2016-6907
RESERVED
CVE-2016-6906 [OOB reads of the TGA decompression buffer]
@@ -24531,8 +24390,7 @@
NOTE: thus the issue could possibly be presend already before. The code
in 1.5-1 looks
NOTE: quite similar, although the reproducer does not lead to a
heap-use-after-free in
NOTE: the 1.5-1 case.
-CVE-2016-6264
- RESERVED
+CVE-2016-6264 (Integer signedness error in libc/string/arm/memset.S in uClibc
and ...)
{DLA-561-1}
- uclibc-ng <itp> (bug #811275)
- uclibc <unfixed> (unimportant)
@@ -25778,8 +25636,8 @@
RESERVED
CVE-2016-5830
RESERVED
-CVE-2016-5822
- RESERVED
+CVE-2016-5822 (Huawei Oceanstor 5800 before V300R002C10SPC100 allows remote
attackers ...)
+ TODO: check
CVE-2016-5821 (Huawei HiSuite before 4.0.4.204_ove (Out of China) and before
...)
NOT-FOR-US: Huawei HiSuite
CVE-2016-5820
@@ -26561,8 +26419,7 @@
[jessie] - mysql-5.5 5.5.52-0+deb8u1
[wheezy] - mysql-5.5 5.5.52-0+deb7u1
NOTE: Fixed in MariaDB 5.5.52, MariaDB 10.1.18, MariaDB 10.0.28
-CVE-2016-5623
- RESERVED
+CVE-2016-5623 (Vulnerability in the Oracle FLEXCUBE Private Banking component
of ...)
NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-5622 (Unspecified vulnerability in the Oracle FLEXCUBE Universal
Banking ...)
NOT-FOR-US: Oracle FLEXCUBE
@@ -26580,8 +26437,7 @@
REJECTED
CVE-2016-5615 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows
local ...)
NOT-FOR-US: Solaris
-CVE-2016-5614
- RESERVED
+CVE-2016-5614 (Vulnerability in the Oracle FLEXCUBE Private Banking component
of ...)
NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-5613 (Unspecified vulnerability in the Oracle VM VirtualBox component
before ...)
- virtualbox 5.1.8-dfsg-1
@@ -26654,8 +26510,7 @@
NOT-FOR-US: Oracle
CVE-2016-5591 (Unspecified vulnerability in the Oracle Customer Interaction
History ...)
NOT-FOR-US: Oracle
-CVE-2016-5590
- RESERVED
+CVE-2016-5590 (Vulnerability in the MySQL Enterprise Monitor component of
Oracle ...)
NOT-FOR-US: MySQL Enterprise Monitor
CVE-2016-5589 (Unspecified vulnerability in the Oracle CRM Technical
Foundation ...)
NOT-FOR-US: Oracle
@@ -26758,8 +26613,7 @@
[wheezy] - openjdk-6 <end-of-life>
CVE-2016-5553 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3
allows ...)
NOT-FOR-US: Solaris
-CVE-2016-5552
- RESERVED
+CVE-2016-5552 (Vulnerability in the Java SE, Java SE Embedded, JRockit
component of ...)
- openjdk-8 8u121-b13-1
- openjdk-7 <removed>
- openjdk-6 <removed>
@@ -26768,28 +26622,23 @@
RESERVED
CVE-2016-5550
RESERVED
-CVE-2016-5549
- RESERVED
+CVE-2016-5549 (Vulnerability in the Java SE, Java SE Embedded component of
Oracle ...)
- openjdk-8 8u121-b13-1
- openjdk-7 <removed>
-CVE-2016-5548
- RESERVED
+CVE-2016-5548 (Vulnerability in the Java SE, Java SE Embedded component of
Oracle ...)
- openjdk-8 8u121-b13-1
- openjdk-7 <removed>
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
-CVE-2016-5547
- RESERVED
+CVE-2016-5547 (Vulnerability in the Java SE, Java SE Embedded, JRockit
component of ...)
- openjdk-8 8u121-b13-1
- openjdk-7 <removed>
-CVE-2016-5546
- RESERVED
+CVE-2016-5546 (Vulnerability in the Java SE, Java SE Embedded, JRockit
component of ...)
- openjdk-8 8u121-b13-1
- openjdk-7 <removed>
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
-CVE-2016-5545
- RESERVED
+CVE-2016-5545 (Vulnerability in the Oracle VM VirtualBox component of Oracle
...)
- virtualbox 5.1.14-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
[wheezy] - virtualbox <end-of-life> (DSA 3454)
@@ -26805,8 +26654,7 @@
NOTE: #841692 tracks openjdk-7
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
-CVE-2016-5541
- RESERVED
+CVE-2016-5541 (Vulnerability in the MySQL Cluster component of Oracle MySQL
...)
NOT-FOR-US: MySQL Cluster
CVE-2016-5540 (Unspecified vulnerability in the Oracle Retail Xstore Payment
...)
TODO: check
@@ -26835,8 +26683,7 @@
TODO: check
CVE-2016-5529 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
TODO: check
-CVE-2016-5528
- RESERVED
+CVE-2016-5528 (Vulnerability in the Oracle GlassFish Server component of
Oracle ...)
- glassfish <unfixed>
CVE-2016-5527 (Unspecified vulnerability in the Oracle Agile PLM component in
Oracle ...)
NOT-FOR-US: Oracle
@@ -26874,8 +26721,7 @@
NOT-FOR-US: Oracle
CVE-2016-5510 (Unspecified vulnerability in the Oracle Agile PLM component in
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2016-5509
- RESERVED
+CVE-2016-5509 (Vulnerability in the Oracle FLEXCUBE Investor Servicing
component of ...)
NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-5508 (Unspecified vulnerability in the Solaris Cluster component in
Oracle ...)
NOT-FOR-US: Solaris
@@ -32320,8 +32166,8 @@
NOTE:
https://cgit.freedesktop.org/poppler/poppler/commit/?id=b3425dd3261679958cd56c0f71995c15d2124433
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=93476
NOTE: http://www.openwall.com/lists/oss-security/2016/04/12/1
-CVE-2016-3996
- RESERVED
+CVE-2016-3996 (ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not
properly ...)
+ TODO: check
CVE-2016-3991 (Heap-based buffer overflow in the loadImage function in the
tiffcrop ...)
{DSA-3762-1 DLA-610-1 DLA-606-1}
- tiff 4.0.7-1
@@ -39186,11 +39032,9 @@
CVE-2016-1923 (Heap-based buffer overflow in the opj_j2k_update_image_data
function ...)
- openjpeg2 2.1.1-1 (bug #818399)
[jessie] - openjpeg2 <no-dsa> (Minor issue, too intrusive to backport)
-CVE-2016-1920 [VPN Man-in-the-Middle due to shared certificate store on KNOX
1.0 / Android 4.3]
- RESERVED
+CVE-2016-1920 (Samsung KNOX 1.0.0 uses the shared certificate on Android,
which ...)
NOT-FOR-US: KNOX 1.0 / Android 4.3
-CVE-2016-1919 [Weak eCryptFS Key generation from user password on KNOX 1.0 /
Android 4.3]
- RESERVED
+CVE-2016-1919 (Samsung KNOX 1.0 uses a weak eCryptFS Key generation algorithm,
which ...)
NOT-FOR-US: KNOX 1.0 / Android 4.3
CVE-2016-1902 (The nextBytes function in the SecureRandom class in Symfony
before ...)
{DSA-3588-1}
@@ -40412,8 +40256,7 @@
NOTE:
https://github.com/facebook/hhvm/commit/979b5b312ffbd56126c52f3dcb6cf8fcab89664f
NOTE:
https://github.com/facebook/hhvm/commit/604689e1565ea6361f9d81f839cd56bdda3b45ed
NOTE:
https://github.com/facebook/hhvm/commit/f21dccdde582c61d5a9b52dd821bcb1f08169d28
-CVE-2016-1551 [Refclock packets can come from the network]
- RESERVED
+CVE-2016-1551 (ntpd in NTP 4.2.8p3 and NTPsec ...)
- ntp <not-affected> (Does not affect Linux or FreeBSD)
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
CVE-2016-1550 (An exploitable vulnerability exists in the message
authentication ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
