Author: sectracker
Date: 2017-01-31 21:10:13 +0000 (Tue, 31 Jan 2017)
New Revision: 48632
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-31 20:46:30 UTC (rev 48631)
+++ data/CVE/list 2017-01-31 21:10:13 UTC (rev 48632)
@@ -1,8 +1,10 @@
CVE-2017-5666 [invalid free in free_options (options_manager.c)]
+ RESERVED
- mp3splt <unfixed>
NOTE:
https://blogs.gentoo.org/ago/2017/01/29/mp3splt-invalid-free-in-free_options-options_manager-c
NOTE: https://sourceforge.net/p/mp3splt/bugs/209/
CVE-2017-5665 [NULL pointer dereference in splt_cue_export_to_file (cue.c)]
+ RESERVED
- mp3splt <unfixed> (unimportant)
NOTE:
https://blogs.gentoo.org/ago/2017/01/29/mp3splt-null-pointer-dereference-in-splt_cue_export_to_file-cue-c
NOTE: https://sourceforge.net/p/mp3splt/bugs/209/
@@ -110,6 +112,7 @@
CVE-2017-5602
RESERVED
CVE-2017-5601 (An error in the lha_read_file_header_1() function ...)
+ {DLA-810-1}
- libarchive 3.2.1-6 (bug #853278)
[jessie] - libarchive <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/libarchive/libarchive/commit/98dcbbf0bf4854bf987557e55e55fff7abbf3ea9
@@ -143,12 +146,14 @@
CVE-2004-2778
RESERVED
CVE-2017-5667 [sd: sdhci OOB access during multi block SDMA transfer]
+ RESERVED
- qemu <unfixed>
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06191.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1417559
NOTE: http://www.openwall.com/lists/oss-security/2017/01/30/2
CVE-2017-5668 [Incomplete fix for "Null pointer dereference with file transfer
request from unknown contacts"]
+ RESERVED
- bitlbee <unfixed> (bug #853282)
[jessie] - bitlbee <not-affected> (Incomplete fix for CVE-2016-10189
not applied)
[wheezy] - bitlbee <not-affected> (Incomplete fix for CVE-2016-10189
not applied)
@@ -157,6 +162,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/01/30/4
NOTE: This CVE exists because of an incomplete fix for CVE-2016-10189
CVE-2016-10189 [Null pointer dereference with file transfer request from
unknown contacts]
+ RESERVED
- bitlbee 3.5-1
NOTE: https://bugs.bitlbee.org/ticket/1282
NOTE: Fixed by:
https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f
(3.5)
@@ -165,6 +171,7 @@
NOTE:
https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441
NOTE: to not open CVE-2017-5668
CVE-2016-10188 [bitlbee-libpurple: Use after free when expiring file transfer
requests]
+ RESERVED
- bitlbee 3.5-1
NOTE: https://bugs.bitlbee.org/ticket/1281
NOTE: Fixed by:
https://github.com/bitlbee/bitlbee/commit/ea902752503fc5b356d6513911081ec932d804f2
(3.5)
@@ -178,6 +185,7 @@
NOTE:
https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863
(0.9.44.6)
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2017/01/29/4
CVE-2016-10187 [javascript in books can access files on the computer using
XMLHttpRequest]
+ RESERVED
- calibre 2.75.1+dfsg-1 (bug #853004)
NOTE: Upstream report: https://launchpad.net/bugs/1651728
NOTE: Upstream fix:
https://github.com/kovidgoyal/calibre/commit/3a89718664cb8cce0449d1758eee585ed0d0433c
@@ -245,7 +253,7 @@
RESERVED
CVE-2016-10173 [directory traversal vulnerability]
RESERVED
- {DLA-808-1}
+ {DSA-3778-1 DLA-808-1}
- ruby-minitar 0.5.4-3.1 (bug #853075)
- ruby-archive-tar-minitar <removed> (bug #853249)
NOTE: https://github.com/halostatue/minitar/issues/16
@@ -277,13 +285,14 @@
NOTE: Fixed by:
https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc
(5.1.0)
CVE-2016-10166 [Fix potential unsigned underflow]
RESERVED
+ {DSA-3777-1}
- libgd2 2.2.4-1
[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35
NOTE: http://www.openwall.com/lists/oss-security/2017/01/26/1
CVE-2016-10167 [Fix DOS vulnerability in gdImageCreateFromGd2Ctx()]
RESERVED
- {DLA-804-1}
+ {DSA-3777-1 DLA-804-1}
- php7.1 7.1.1-1 (unimportant)
- php7.0 7.0.15-1 (unimportant)
- php5 <removed> (unimportant)
@@ -294,7 +303,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/01/26/1
CVE-2016-10168 [Fix #354: Signed Integer Overflow gd_io.c]
RESERVED
- {DLA-804-1}
+ {DSA-3777-1 DLA-804-1}
- php7.1 7.1.1-1 (unimportant)
- php7.0 7.0.15-1 (unimportant)
- php5 <removed> (unimportant)
@@ -463,6 +472,7 @@
CVE-2017-5553 (Cross-site scripting (XSS) vulnerability in ...)
- b2evolution <removed>
CVE-2017-5545 (The main function in plistutil.c in libimobiledevice libplist
through ...)
+ {DLA-811-1}
- libplist <unfixed> (low; bug #852385)
[jessie] - libplist <no-dsa> (Minor issue)
NOTE: https://github.com/libimobiledevice/libplist/issues/87
@@ -719,19 +729,19 @@
CVE-2017-5494 (Multiple cross-site scripting (XSS) vulnerabilities in the file
types ...)
- b2evolution <removed>
CVE-2017-5486 (The ISO CLNS parser in tcpdump before 4.9.0 has a buffer
overflow in ...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2017-5485 (The ISO CLNS parser in tcpdump before 4.9.0 has a buffer
overflow in ...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2017-5484 (The ATM parser in tcpdump before 4.9.0 has a buffer overflow in
...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2017-5483 (The SNMP parser in tcpdump before 4.9.0 has a buffer overflow
in ...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2017-5482 (The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow
in ...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2017-5481
RESERVED
@@ -1282,10 +1292,10 @@
CVE-2017-5343
RESERVED
CVE-2017-5342 (In tcpdump before 4.9.0, a bug in multiple protocol parsers
(Geneve, ...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2017-5341 (The OTV parser in tcpdump before 4.9.0 has a buffer overflow in
...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-10141 (An integer overflow vulnerability was observed in the regemit
function ...)
NOT-FOR-US: MuJS
@@ -1549,21 +1559,22 @@
CVE-2017-5210
RESERVED
CVE-2017-5209 (The base64decode function in base64.c in libimobiledevice
libplist ...)
+ {DLA-811-1}
- libplist <unfixed> (low; bug #851196)
[jessie] - libplist <no-dsa> (Minor issue)
NOTE: Upstream bug:
https://github.com/libimobiledevice/libplist/issues/84
NOTE:
https://github.com/libimobiledevice/libplist/commit/3a55ddd3c4c11ce75a86afbefd085d8d397ff957
CVE-2017-5205 (The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow
in ...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2017-5204 (The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow
in ...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2017-5203 (The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow
in ...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2017-5202 (The ISO CLNS parser in tcpdump before 4.9.0 has a buffer
overflow in ...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2017-5201
RESERVED
@@ -2094,76 +2105,91 @@
RESERVED
CVE-2017-5026
RESERVED
+ {DSA-3776-1}
[experimental] - chromium-browser 56.0.2924.76-1
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5025
RESERVED
+ {DSA-3776-1}
- chromium-browser 44.0.2403.157-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
- ffmpeg <unfixed>
CVE-2017-5024
RESERVED
+ {DSA-3776-1}
- chromium-browser 44.0.2403.157-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
- ffmpeg <unfixed>
CVE-2017-5023
RESERVED
+ {DSA-3776-1}
[experimental] - chromium-browser 56.0.2924.76-1
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5022
RESERVED
+ {DSA-3776-1}
[experimental] - chromium-browser 56.0.2924.76-1
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5021
RESERVED
+ {DSA-3776-1}
[experimental] - chromium-browser 56.0.2924.76-1
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5020
RESERVED
+ {DSA-3776-1}
[experimental] - chromium-browser 56.0.2924.76-1
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5019
RESERVED
+ {DSA-3776-1}
[experimental] - chromium-browser 56.0.2924.76-1
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5018
RESERVED
+ {DSA-3776-1}
[experimental] - chromium-browser 56.0.2924.76-1
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5017
RESERVED
+ {DSA-3776-1}
[experimental] - chromium-browser 56.0.2924.76-1
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5016
RESERVED
+ {DSA-3776-1}
[experimental] - chromium-browser 56.0.2924.76-1
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5015
RESERVED
+ {DSA-3776-1}
[experimental] - chromium-browser 56.0.2924.76-1
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5014
RESERVED
+ {DSA-3776-1}
[experimental] - chromium-browser 56.0.2924.76-1
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5013
RESERVED
+ {DSA-3776-1}
[experimental] - chromium-browser 56.0.2924.76-1
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5012
RESERVED
+ {DSA-3776-1}
[experimental] - chromium-browser 56.0.2924.76-1
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -2171,31 +2197,37 @@
NOTE: libv8 not covered by security support
CVE-2017-5011
RESERVED
+ {DSA-3776-1}
[experimental] - chromium-browser 56.0.2924.76-1
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5010
RESERVED
+ {DSA-3776-1}
[experimental] - chromium-browser 56.0.2924.76-1
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5009
RESERVED
+ {DSA-3776-1}
[experimental] - chromium-browser 56.0.2924.76-1
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5008
RESERVED
+ {DSA-3776-1}
[experimental] - chromium-browser 56.0.2924.76-1
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5007
RESERVED
+ {DSA-3776-1}
[experimental] - chromium-browser 56.0.2924.76-1
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5006
RESERVED
+ {DSA-3776-1}
[experimental] - chromium-browser 56.0.2924.76-1
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -4550,8 +4582,7 @@
RESERVED
CVE-2017-3895
RESERVED
-CVE-2016-10087 [NULL pointer dereference]
- RESERVED
+CVE-2016-10087 (The png_set_text_2 function in libpng 0.71 before 1.0.67,
1.2.x before ...)
- libpng1.6 1.6.27-1 (bug #849799)
- libpng <removed>
[jessie] - libpng 1.2.50-2+deb8u3
@@ -4873,7 +4904,7 @@
NOTE: https://ikiwiki.info/security/#cve-2016-9645
CVE-2016-10026 [authorization bypass when reverting changes]
RESERVED
- {DSA-3760-1}
+ {DSA-3760-1 DLA-812-1}
- ikiwiki 3.20161219
NOTE:
http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/
NOTE: Fix:
http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=9cada49ed6ad24556dbe9861ad5b0a9f526167f9
@@ -5327,8 +5358,7 @@
NOTE: https://simplesamlphp.org/security/201612-02
NOTE:
https://github.com/simplesamlphp/simplesamlphp/commit/a2326d75dd14accaac162dd2cb30aaefcc1f9205
NOTE: http://www.openwall.com/lists/oss-security/2016/12/14/7
-CVE-2016-9939 [denial-of-service in ASN1 decoder]
- RESERVED
+CVE-2016-9939 (Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug
in its ...)
{DSA-3748-1 DLA-766-1}
- libcrypto++ 5.6.4-5 (bug #848009)
NOTE: https://github.com/weidai11/cryptopp/issues/346
@@ -13138,7 +13168,7 @@
NOTE: https://gitlab.com/iucode-tool/iucode-tool/issues/3
CVE-2017-0356 [Authentication bypass via repeated parameters]
RESERVED
- {DSA-3760-1}
+ {DSA-3760-1 DLA-812-1}
- ikiwiki 3.20170111
NOTE: https://ikiwiki.info/security/#cve-2017-0356
CVE-2016-9772 [OPENAFS-SA-2016-003 - directory information leaks]
@@ -13163,7 +13193,7 @@
RESERVED
CVE-2016-9646 [commit metadata forgery]
RESERVED
- {DSA-3760-1}
+ {DSA-3760-1 DLA-812-1}
- ikiwiki 3.20161229
NOTE: https://ikiwiki.info/security/#cve-2016-9646
CVE-2016-9643
@@ -14643,7 +14673,7 @@
NOTE: The reason is that the correction is to introduce a new option
that can be specified if this new behaviour
NOTE: is wanted. It is not enforced by default.
CVE-2016-9317 (The gdImageCreate function in the GD Graphics Library (aka
libgd) ...)
- {DLA-804-1}
+ {DSA-3777-1 DLA-804-1}
- libgd2 2.2.4-1
NOTE:
https://github.com/libgd/libgd/commit/6944ea10cb730d5071620439c6c2e823e6caeff1
NOTE: https://github.com/libgd/libgd/issues/340
@@ -14915,8 +14945,8 @@
RESERVED
CVE-2016-9250
RESERVED
-CVE-2016-9249
- RESERVED
+CVE-2016-9249 (An undisclosed traffic pattern received by a BIG-IP Virtual
Server ...)
+ TODO: check
CVE-2016-9248
RESERVED
CVE-2016-9247 (Under certain conditions for BIG-IP systems using a virtual
server ...)
@@ -15230,8 +15260,7 @@
NOT-FOR-US: Exponent CMS
CVE-2016-9133
RESERVED
-CVE-2016-9132 [Integer overflow in BER decoder]
- RESERVED
+CVE-2016-9132 (In Botan 1.8.0 through 1.11.33, when decoding BER data an
integer ...)
{DLA-786-1}
- botan1.10 1.10.14-1
[jessie] - botan1.10 <no-dsa> (Minor issue)
@@ -15281,8 +15310,7 @@
- linux 4.6.1-1 (unimportant)
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by:
https://git.kernel.org/linus/9590232bb4f4cc824f3425a6e1349afbe6d6d2b7 (v4.6-rc1)
-CVE-2016-9119 [XSS in GUI editor's link dialogue]
- RESERVED
+CVE-2016-9119 (Cross-site scripting (XSS) vulnerability in the link dialogue
in GUI ...)
{DSA-3715-1 DLA-717-1}
- moin 1.9.9-1 (bug #844338)
NOTE: Fixed by: http://hg.moinmo.in/moin/1.9/rev/3bddf075fdbd
@@ -17040,10 +17068,10 @@
NOTE: https://github.com/appc/docker2aci/issues/203
NOTE:
https://github.com/lucab/docker2aci/commit/54331ec7020e102935c31096f336d31f6400064f
CVE-2016-8575 (The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow
in ...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-8574 (The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow
in ...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-8573
RESERVED
@@ -19176,10 +19204,10 @@
- qemu-kvm <not-affected> (Vulnerable code introduced in 2.4.0-rc0)
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg04129.html
CVE-2016-7993 (A bug in util-print.c:relts_print() in tcpdump before 4.9.0
could cause ...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-7992 (The Classical IP over ATM parser in tcpdump before 4.9.0 has a
buffer ...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-7991 (On Samsung Galaxy S4 through S7 devices, the "omacp"
app ignores ...)
NOT-FOR-US: Samsung
@@ -19192,16 +19220,16 @@
CVE-2016-7987
RESERVED
CVE-2016-7986 (The GeoNetworking parser in tcpdump before 4.9.0 has a buffer
overflow ...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-7985 (The CALM FAST parser in tcpdump before 4.9.0 has a buffer
overflow in ...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-7984 (The TFTP parser in tcpdump before 4.9.0 has a buffer overflow
in ...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-7983 (The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow
in ...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-7982 (Directory traversal vulnerability in
ecrire/exec/valider_xml.php in ...)
{DLA-695-1}
@@ -19240,13 +19268,13 @@
NOTE: https://core.spip.net/projects/spip/repository/revisions/23202
(3.0)
NOTE: reproducible in Wheezy (2.1.17-1+deb7u5) and Jessie
(3.0.17-2+deb8u2)
CVE-2016-7975 (The TCP parser in tcpdump before 4.9.0 has a buffer overflow in
...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-7974 (The IP parser in tcpdump before 4.9.0 has a buffer overflow in
...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-7973 (The AppleTalk parser in tcpdump before 4.9.0 has a buffer
overflow in ...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-7972
RESERVED
@@ -19402,61 +19430,61 @@
CVE-2016-7941
RESERVED
CVE-2016-7940 (The STP parser in tcpdump before 4.9.0 has a buffer overflow in
...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-7939 (The GRE parser in tcpdump before 4.9.0 has a buffer overflow in
...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-7938 (The ZeroMQ parser in tcpdump before 4.9.0 has an integer
overflow in ...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-7937 (The VAT parser in tcpdump before 4.9.0 has a buffer overflow in
...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-7936 (The UDP parser in tcpdump before 4.9.0 has a buffer overflow in
...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-7935 (The RTP parser in tcpdump before 4.9.0 has a buffer overflow in
...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-7934 (The RTCP parser in tcpdump before 4.9.0 has a buffer overflow
in ...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-7933 (The PPP parser in tcpdump before 4.9.0 has a buffer overflow in
...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-7932 (The PIM parser in tcpdump before 4.9.0 has a buffer overflow in
...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-7931 (The MPLS parser in tcpdump before 4.9.0 has a buffer overflow
in ...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-7930 (The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer
overflow in ...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-7929 (The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a
buffer ...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-7928 (The IPComp parser in tcpdump before 4.9.0 has a buffer overflow
in ...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-7927 (The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer
overflow in ...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-7926 (The Ethernet parser in tcpdump before 4.9.0 has a buffer
overflow in ...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-7925 (The compressed SLIP parser in tcpdump before 4.9.0 has a buffer
...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-7924 (The ATM parser in tcpdump before 4.9.0 has a buffer overflow in
...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-7923 (The ARP parser in tcpdump before 4.9.0 has a buffer overflow in
...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-7922 (The AH parser in tcpdump before 4.9.0 has a buffer overflow in
...)
- {DSA-3775-1}
+ {DSA-3775-1 DLA-809-1}
- tcpdump 4.9.0-1
CVE-2016-7920
RESERVED
@@ -19753,8 +19781,7 @@
- imagemagick 8:6.9.6.2+dfsg-2 (bug #840437)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/280
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/a7bb158b7bedd1449a34432feb3a67c8f1873bfa
-CVE-2016-7798 [IV Reuse in GCM Mode]
- RESERVED
+CVE-2016-7798 (The openssl gem for Ruby uses the same initialization vector
(IV) in ...)
- ruby2.3 <unfixed> (bug #842432)
- ruby2.1 <removed> (bug #842544)
[jessie] - ruby2.1 <no-dsa> (Minor issue)
@@ -20367,8 +20394,7 @@
NOTE: Marked as exception as not-affected, although the source is
affected but the built
NOTE: binary packages do not contain the sandbox binary. We cannot use
'unimportant'
NOTE: severity here since the unstable version builts a binary package
which contains it.
-CVE-2016-7544
- RESERVED
+CVE-2016-7544 (Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based
_malloca and ...)
- libcrypto++ <not-affected> (Vulnerable code intorduced in 5.6.4, only
affects Windows and Microsoft compilers)
CVE-2016-7543 (Bash before 4.4 allows local users to execute arbitrary
commands with ...)
{DLA-680-1}
@@ -22255,6 +22281,7 @@
CVE-2016-6913 (Cross-site scripting (XSS) vulnerability in AlienVault OSSIM
before ...)
NOT-FOR-US: OSSIM
CVE-2016-6912 (Double free vulnerability in the gdImageWebPtr function in the
GD ...)
+ {DSA-3777-1}
- libgd2 2.2.4-1
[wheezy] - libgd2 <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2
@@ -22268,6 +22295,7 @@
RESERVED
CVE-2016-6906 [OOB reads of the TGA decompression buffer]
RESERVED
+ {DSA-3777-1}
- libgd2 2.2.4-1
[wheezy] - libgd2 <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by:
https://github.com/libgd/libgd/commit/fb0e0cce0b9f25389ab56604c3547351617e1415
@@ -23246,8 +23274,7 @@
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-29/
CVE-2016-6605
RESERVED
-CVE-2016-6604
- RESERVED
+CVE-2016-6604 (NULL pointer dereference in Samsung Exynos fimg2d driver for
Android ...)
NOT-FOR-US: Samsung
CVE-2016-7513 [off-by-one error leading to segfault]
RESERVED
@@ -24495,16 +24522,16 @@
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6271 (The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows ...)
TODO: check
-CVE-2016-6270
- RESERVED
-CVE-2016-6269
- RESERVED
-CVE-2016-6268
- RESERVED
-CVE-2016-6267
- RESERVED
-CVE-2016-6266
- RESERVED
+CVE-2016-6270 (The handle_certificate function in ...)
+ TODO: check
+CVE-2016-6269 (Multiple directory traversal vulnerabilities in Trend Micro
Smart ...)
+ TODO: check
+CVE-2016-6268 (Trend Micro Smart Protection Server 2.5 before build 2200, 2.6
before ...)
+ TODO: check
+CVE-2016-6267 (SnmpUtils in Trend Micro Smart Protection Server 2.5 before
build ...)
+ TODO: check
+CVE-2016-6266 (ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5
before ...)
+ TODO: check
CVE-2016-6260
RESERVED
CVE-2016-6259 (Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access
...)
@@ -25218,8 +25245,8 @@
RESERVED
CVE-2016-6168
RESERVED
-CVE-2016-6167
- RESERVED
+CVE-2016-6167 (Multiple untrusted search path vulnerabilities in Putty beta
0.67 ...)
+ TODO: check
CVE-2016-6166
RESERVED
CVE-2016-6165
@@ -27268,8 +27295,7 @@
NOTE: https://bugs.python.org/issue26171
CVE-2016-5433 (Citrix iOS Receiver before 7.0 allows attackers to cause TLS
...)
NOT-FOR-US: Citrix
-CVE-2016-5434
- RESERVED
+CVE-2016-5434 (libalpm, as used in pacman 5.0.1, allows remote attackers to
cause a ...)
NOT-FOR-US: libalpm (Arch Linux Package Management (ALPM) library)
CVE-2016-5432 (The ovirt-engine-provisiondb utility in Red Hat Enterprise ...)
NOT-FOR-US: ovirt-engine
@@ -29730,8 +29756,7 @@
[jessie] - dwarfutils <no-dsa> (Minor issue)
[wheezy] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1330237
-CVE-2016-5026 [unsafe handling of temporary directory]
- RESERVED
+CVE-2016-5026 (hs.py in OnionShare before 0.9.1 allows local users to modify
the ...)
- onionshare 0.8.1-2 (unimportant)
[jessie] - onionshare <not-affected> (Vulnerable code not present)
NOTE: Neutralised by kernel hardening (also contrib and non-free not
supported)
@@ -36883,25 +36908,21 @@
NOTE: Fixed versions: 2.0.2, 1.12.10
CVE-2016-2520
RESERVED
-CVE-2016-2519 [ctl_getitem() return value not always checked]
- RESERVED
+CVE-2016-2519 (ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows
remote ...)
- ntp 1:4.2.8p7+dfsg-1
[jessie] - ntp <no-dsa> (Minor issue)
[wheezy] - ntp <no-dsa> (Minor issue)
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
-CVE-2016-2518 [Crafted addpeer with hmode > 7 causes out-of-bounds reference]
- RESERVED
+CVE-2016-2518 (The MATCH_ASSOC function in NTP before version 4.2.8p9 and
4.3.x ...)
{DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
-CVE-2016-2517 [Remote configuration trustedkey/requestkey/controlkey values
are not properly validated]
- RESERVED
+CVE-2016-2517 (NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote
attackers to ...)
- ntp 1:4.2.8p7+dfsg-1 (unimportant)
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
NOTE: not a security issue, anyone with the privileges for remote
configuration can
NOTE: cause trouble anyway
-CVE-2016-2516 [Duplicate IPs on unconfig directives will cause an assertion
failure]
- RESERVED
+CVE-2016-2516 (NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is
enabled, ...)
{DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
@@ -37164,15 +37185,14 @@
NOTE: https://github.com/beanshell/beanshell/releases/tag/2.0b6
NOTE:
https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49
NOTE:
https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced
-CVE-2016-2402
- RESERVED
+CVE-2016-2402 (OkHttp before 2.7.4 and 3.x before 3.1.2 allows
man-in-the-middle ...)
NOT-FOR-US: OkHttp
CVE-2016-2401
RESERVED
CVE-2016-2400
RESERVED
-CVE-2016-2399
- RESERVED
+CVE-2016-2399 (Integer overflow in the quicktime_read_pascal function in
libquicktime ...)
+ TODO: check
CVE-2016-2398 (Comcast XFINITY Home Security System does not properly maintain
...)
NOT-FOR-US: XFINITY
CVE-2016-2397 (The cliserver implementation in Dell SonicWALL GMS, Analyzer,
and UMA ...)
@@ -38519,8 +38539,7 @@
NOTE:
https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
NOTE: https://core.trac.wordpress.org/changeset/36435
NOTE: http://www.openwall.com/lists/oss-security/2016/02/04/4
-CVE-2016-2217 [Socat security advisory 7 - Created new 2048bit DH modulus]
- RESERVED
+CVE-2016-2217 (The OpenSSL address implementation in Socat 1.7.3.0 and
2.0.0-b8 does ...)
- socat 1.7.3.1-1 (bug #813536)
[jessie] - socat <not-affected> (Broken 1024bit DH parameter generated
in 1.7.3.0)
[wheezy] - socat <not-affected> (Broken 1024bit DH parameter generated
in 1.7.3.0)
@@ -46574,8 +46593,7 @@
RESERVED
CVE-2015-8159
RESERVED
-CVE-2015-8158 [Potential Infinite Loop in ntpq]
- RESERVED
+CVE-2015-8158 (The getresponse function in ntpq in NTP versions before 4.2.8p9
and ...)
{DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
@@ -46610,24 +46628,21 @@
RESERVED
CVE-2015-8141
RESERVED
-CVE-2015-8140 [ntpq vulnerable to replay attacks]
- RESERVED
+CVE-2015-8140 (The ntpq protocol in NTP before 4.2.8p7 allows remote attackers
to ...)
- ntp 1:4.2.8p7+dfsg-1
[jessie] - ntp <no-dsa> (Minor issue, no code fix by upstream and
mitigation exists)
[wheezy] - ntp <no-dsa> (Minor issue)
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
NOTE: http://support.ntp.org/bin/view/Main/NtpBug2947
NOTE: Mitigated in 4.2.8p6
-CVE-2015-8139 [Origin Leak: ntpq and ntpdc, disclose origin]
- RESERVED
+CVE-2015-8139 (ntpq in NTP before 4.2.8p7 allows remote attackers to obtain
origin ...)
- ntp 1:4.2.8p7+dfsg-1
[jessie] - ntp <no-dsa> (Minor issue, no code fix by upstream and
mitigation exists)
[wheezy] - ntp <no-dsa> (Minor issue)
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
NOTE: http://support.ntp.org/bin/view/Main/NtpBug2946
NOTE: Mitigated in 4.2.8p6
-CVE-2015-8138 [ntp: missing check for zero originate timestamp]
- RESERVED
+CVE-2015-8138 (NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote
attackers to ...)
{DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1
NOTE: http://www.talosintel.com/reports/TALOS-2016-0077/
@@ -46962,8 +46977,7 @@
[squeeze] - polarssl <not-affected> (Vulnerable code introduced later)
NOTE: support for session tickets added in 1.3.0.
NOTE:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01
-CVE-2015-8034 [information leak from state.sls cache data stored as
world-readable]
- RESERVED
+CVE-2015-8034 (The state.sls function in Salt before 2015.8.3 uses weak
permissions ...)
- salt 2015.8.3+ds-1 (bug #807356)
[jessie] - salt <no-dsa> (Minor issue)
NOTE: For jessie: /var/cache/salt/minion is created with restricted
permissions on
@@ -47138,29 +47152,25 @@
- linux-2.6 <removed>
NOTE: https://lkml.org/lkml/2015/10/16/530
NOTE: http://www.openwall.com/lists/oss-security/2015/10/27/5
-CVE-2015-7979 [Off-path Denial of Service (DoS) attack on authenticated
broadcast mode]
- RESERVED
+CVE-2015-7979 (NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote
attackers to ...)
{DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
NOTE: http://support.ntp.org/bin/view/Main/NtpBug2942
NOTE:
https://github.com/ntp-project/ntp/commit/fe46889f7baa75fc8e6c0fcde87706d396ce1461
-CVE-2015-7978 [Stack exhaustion in recursive traversal of restriction list]
- RESERVED
+CVE-2015-7978 (NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote
attackers ...)
{DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
NOTE: http://support.ntp.org/bin/view/Main/NtpBug2940
NOTE:
https://github.com/ntp-project/ntp/commit/8a0c765f3c47633fa262356b0818788d1cf249b1
-CVE-2015-7977 [reslist NULL pointer dereference]
- RESERVED
+CVE-2015-7977 (ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows
remote ...)
{DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
NOTE: http://support.ntp.org/bin/view/Main/NtpBug2939
NOTE:
https://github.com/ntp-project/ntp/commit/8a0c765f3c47633fa262356b0818788d1cf249b1
-CVE-2015-7976 [ntpq saveconfig command allows dangerous characters in
filenames]
- RESERVED
+CVE-2015-7976 (The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6,
4.3, ...)
- ntp 1:4.2.8p7+dfsg-1 (low)
[jessie] - ntp <no-dsa> (Minor issue, mitigation exists)
[wheezy] - ntp <no-dsa> (Minor issue, can be fixed along in a future
update)
@@ -47168,8 +47178,7 @@
NOTE: http://support.ntp.org/bin/view/Main/NtpBug2938
NOTE:
https://github.com/ntp-project/ntp/commit/3680c2e4d5f88905ce062c7b43305d610a2c9796
NOTE:
https://github.com/ntp-project/ntp/commit/7fe04606062ed674db3b9553d32dedad29504d61
-CVE-2015-7975 [nextvar() missing length check]
- RESERVED
+CVE-2015-7975 (The nextvar function in NTP before 4.2.8p6 and 4.3.x before
4.3.90 ...)
- ntp 1:4.2.8p7+dfsg-1
[jessie] - ntp <not-affected> (Introduced in 4.2.8)
[wheezy] - ntp <not-affected> (Introduced in 4.2.8)
@@ -47180,8 +47189,7 @@
- ntp 1:4.2.8p7+dfsg-1 (low)
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
NOTE: http://support.ntp.org/bin/view/Main/NtpBug2936
-CVE-2015-7973 [Deja Vu: Replay attack on authenticated broadcast mode]
- RESERVED
+CVE-2015-7973 (NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in
...)
- ntp 1:4.2.8p7+dfsg-1 (low)
[jessie] - ntp <no-dsa> (Minor issue, can be fixed along in a future
update)
[wheezy] - ntp <no-dsa> (Minor issue, can be fixed along in a future
update)
@@ -49183,8 +49191,7 @@
RESERVED
CVE-2015-7332
RESERVED
-CVE-2015-7331
- RESERVED
+CVE-2015-7331 (The mcollective-puppet-agent plugin before 1.11.1 for Puppet
allows ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
NOTE: https://puppet.com/security/cve/cve-2015-7331
CVE-2015-7330 (Puppet Enterprise 2015.3 before 2015.3.1 allows remote
attackers to ...)
@@ -64112,15 +64119,13 @@
NOT-FOR-US: ZeusCart
CVE-2015-2182 (Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart
4 ...)
NOT-FOR-US: ZeusCart
-CVE-2015-2181 [buffer overflows in the roundcube DBMail driver for the
password plugin]
- RESERVED
+CVE-2015-2181 (Multiple buffer overflows in the DBMail driver in the Password
plugin ...)
- roundcube 1.1.1+dfsg.1-2
[wheezy] - roundcube <not-affected> (variable and chgdbmailusers.c does
not exist)
NOTE: http://trac.roundcube.net/ticket/1490261
NOTE: http://advisories.mageia.org/MGASA-2015-0400.html
NOTE: http://lists.opensuse.org/opensuse-updates/2015-07/msg00032.html
-CVE-2015-2180 [execute arbitrary shell commands as root from the roundcube
DBMail driver for the password plugin]
- RESERVED
+CVE-2015-2180 (The DBMail driver in the Password plugin in Roundcube before
1.1.0 ...)
- roundcube 1.1.1+dfsg.1-2
[wheezy] - roundcube <not-affected> (dbmail driver does not exist)
NOTE: http://trac.roundcube.net/ticket/1490261
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
