Author: sectracker Date: 2017-01-29 21:10:13 +0000 (Sun, 29 Jan 2017) New Revision: 48541
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-01-29 20:50:48 UTC (rev 48540) +++ data/CVE/list 2017-01-29 21:10:13 UTC (rev 48541) @@ -90,6 +90,7 @@ NOTE: https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35 NOTE: http://www.openwall.com/lists/oss-security/2017/01/26/1 CVE-2016-10167 [Fix DOS vulnerability in gdImageCreateFromGd2Ctx()] + {DLA-804-1} - php7.1 7.1.1-1 (unimportant) - php7.0 7.0.15-1 (unimportant) - php5 <removed> (unimportant) @@ -99,6 +100,7 @@ NOTE: https://github.com/libgd/libgd/commit/fe9ed49dafa993e3af96b6a5a589efeea9bfb36f NOTE: http://www.openwall.com/lists/oss-security/2017/01/26/1 CVE-2016-10168 [Fix #354: Signed Integer Overflow gd_io.c] + {DLA-804-1} - php7.1 7.1.1-1 (unimportant) - php7.0 7.0.15-1 (unimportant) - php5 <removed> (unimportant) @@ -158,7 +160,7 @@ NOTE: all minor issues CVE-2016-10165 [heap OOB read parsing crafted ICC profile] RESERVED - {DLA-803-1} + {DSA-3774-1 DLA-803-1} - lcms2 2.8-4 (bug #852627) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1367357 NOTE: https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2 @@ -515,18 +517,23 @@ - b2evolution <removed> CVE-2017-5486 [buffer overflow in print-isoclns.c:clnp_print()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2017-5485 [buffer overflow in addrtoname.c:lookup_nsap()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2017-5484 [buffer overflow in print-atm.c:sig_print()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2017-5483 [buffer overflow in print-snmp.c:asn1_parse()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2017-5482 [buffer overflow in print-fr.c:q933_print()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2017-5481 RESERVED @@ -954,6 +961,7 @@ NOTE: https://github.com/ImageMagick/ImageMagick/commit/aeff00de228bc5a158c2a975ab47845d8a1db456 NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6 CVE-2016-10140 (Information disclosure and authentication bypass vulnerability exists ...) + {DLA-806-1} - zoneminder <unfixed> (bug #851710) NOTE: https://github.com/ZoneMinder/ZoneMinder/pull/1697 NOTE: https://github.com/ZoneMinder/ZoneMinder/commit/6361f143878ce00659f64ce42593951d773e4e63 @@ -1053,9 +1061,11 @@ RESERVED CVE-2017-5342 [bug in multiple protocol parsers could cause buffer overflow in print-ether.c:ether_print()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2017-5341 [buffer overflow in print-otv.c:otv_print()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-10141 (An integer overflow vulnerability was observed in the regemit function ...) NOT-FOR-US: MuJS @@ -1323,15 +1333,19 @@ NOTE: https://github.com/libimobiledevice/libplist/commit/3a55ddd3c4c11ce75a86afbefd085d8d397ff957 CVE-2017-5205 [buffer overflow in print-isakmp.c:ikev2_e_print()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2017-5204 [buffer overflow in print-ip6.c:ip6_print()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2017-5203 [buffer overflow in print-bootp.c:bootp_print()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2017-5202 [buffer overflow in print-isoclns.c:clnp_print()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2017-5201 RESERVED @@ -13750,7 +13764,7 @@ CVE-2016-9454 RESERVED CVE-2016-9444 (named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and ...) - {DSA-3758-1} + {DSA-3758-1 DLA-805-1} [experimental] - bind9 1:9.10.4-P5-1 - bind9 1:9.10.3.dfsg.P4-11 (bug #851062) NOTE: https://kb.isc.org/article/AA-01441/0 @@ -14405,6 +14419,7 @@ NOTE: The reason is that the correction is to introduce a new option that can be specified if this new behaviour NOTE: is wanted. It is not enforced by default. CVE-2016-9317 (The gdImageCreate function in the GD Graphics Library (aka libgd) ...) + {DLA-804-1} - libgd2 2.2.4-1 NOTE: https://github.com/libgd/libgd/commit/6944ea10cb730d5071620439c6c2e823e6caeff1 NOTE: https://github.com/libgd/libgd/issues/340 @@ -14907,7 +14922,7 @@ CVE-2016-9148 RESERVED CVE-2016-9147 (named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows ...) - {DSA-3758-1} + {DSA-3758-1 DLA-805-1} [experimental] - bind9 1:9.10.4-P5-1 - bind9 1:9.10.3.dfsg.P4-11 (bug #851063) NOTE: https://kb.isc.org/article/AA-01440/0 @@ -15000,7 +15015,7 @@ NOTE: Fixed by: https://github.com/randombit/botan/commit/987ad747db6d0d7e36f840398f3cf02e2fbfd90f NOTE: Not believed to be exploitable in practice CVE-2016-9131 (named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and ...) - {DSA-3758-1} + {DSA-3758-1 DLA-805-1} [experimental] - bind9 1:9.10.4-P5-1 - bind9 1:9.10.3.dfsg.P4-11 (bug #851065) NOTE: https://kb.isc.org/article/AA-01439/0 @@ -16799,9 +16814,11 @@ NOTE: https://github.com/lucab/docker2aci/commit/54331ec7020e102935c31096f336d31f6400064f CVE-2016-8575 [buffer overflow in print-fr.c:q933_print()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-8574 [buffer overflow in print-fr.c:frf15_print()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-8573 RESERVED @@ -18934,9 +18951,11 @@ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg04129.html CVE-2016-7993 [buffer overflow in multiple protocol parsers] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-7992 [buffer overflow in print-cip.c:cip_if_print()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-7991 (On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores ...) NOT-FOR-US: Samsung @@ -18950,15 +18969,19 @@ RESERVED CVE-2016-7986 [buffer overflow in print-geonet.c, multiple functions] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-7985 [buffer overflow in print-calm-fast.c:calm_fast_print()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-7984 [buffer overflow in print-tftp.c:tftp_print()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-7983 [buffer overflow in print-bootp.c:bootp_print()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-7982 (Directory traversal vulnerability in ecrire/exec/valider_xml.php in ...) {DLA-695-1} @@ -18998,12 +19021,15 @@ NOTE: reproducible in Wheezy (2.1.17-1+deb7u5) and Jessie (3.0.17-2+deb8u2) CVE-2016-7975 [buffer overflow in print-tcp.c:tcp_print()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-7974 [buffer overflow in print-ip.c, multiple functions] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-7973 [buffer overflow in print-atalk.c, multiple functions] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-7972 RESERVED @@ -19160,60 +19186,79 @@ RESERVED CVE-2016-7940 [buffer overflow in print-stp.c, multiple functions] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-7939 [buffer overflow in print-gre.c, multiple functions] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-7938 [integer overflow in print-zeromq.c:zmtp1_print_frame()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-7937 [buffer overflow in print-udp.c:vat_print()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-7936 [buffer overflow in print-udp.c:udp_print()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-7935 [buffer overflow in print-udp.c:rtp_print()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-7934 [buffer overflow in print-udp.c:rtcp_print()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-7933 [buffer overflow in print-ppp.c:ppp_hdlc_if_print()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-7932 [buffer overflow in print-pim.c:pimv2_check_checksum()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-7931 [buffer overflow in print-mpls.c:mpls_print()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-7930 [buffer overflow in print-llc.c:llc_print()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-7929 [buffer overflow in print-juniper.c:juniper_parse_header()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-7928 [buffer overflow in print-ipcomp.c:ipcomp_print()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-7927 [buffer overflow in print-802_11.c:ieee802_11_radio_print()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-7926 [buffer overflow in print-ether.c:ethertype_print()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-7925 [buffer overflow in print-sl.c:sl_if_print()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-7924 [buffer overflow in print-atm.c:oam_print()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-7923 [buffer overflow in print-arp.c:arp_print()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-7922 [buffer overflow in print-ah.c:ah_print()] RESERVED + {DSA-3775-1} - tcpdump 4.9.0-1 CVE-2016-7920 RESERVED _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits