Author: sectracker Date: 2017-02-28 09:10:12 +0000 (Tue, 28 Feb 2017) New Revision: 49289
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-02-28 07:44:57 UTC (rev 49288) +++ data/CVE/list 2017-02-28 09:10:12 UTC (rev 49289) @@ -1,3 +1,39 @@ +CVE-2017-6372 + RESERVED +CVE-2017-6371 + RESERVED +CVE-2017-6370 + RESERVED +CVE-2017-6369 + RESERVED +CVE-2017-6368 + RESERVED +CVE-2017-6367 + RESERVED +CVE-2017-6366 + RESERVED +CVE-2017-6365 + RESERVED +CVE-2017-6364 + RESERVED +CVE-2017-6363 + RESERVED +CVE-2017-6362 + RESERVED +CVE-2017-6361 + RESERVED +CVE-2017-6360 + RESERVED +CVE-2017-6359 + RESERVED +CVE-2017-6358 + RESERVED +CVE-2017-6357 + RESERVED +CVE-2017-6356 + RESERVED +CVE-2015-8994 + RESERVED CVE-2015-8993 RESERVED CVE-2015-8992 @@ -46,7 +82,7 @@ TODO: check CVE-2017-6343 (The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware ...) NOT-FOR-US: Dahua devices -CVE-2017-6342 (Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 ...) +CVE-2017-6342 (An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR ...) NOT-FOR-US: Dahua devices CVE-2017-6341 (Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 ...) NOT-FOR-US: Dahua devices @@ -156,18 +192,22 @@ NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=778204 NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html CVE-2017-6310 (An issue was discovered in tnef before 1.4.13. Four type confusions ...) + {DLA-839-1} - tnef <unfixed> (bug #856117) NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/ NOTE: Fixed by: https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d CVE-2017-6309 (An issue was discovered in tnef before 1.4.13. Two type confusions have ...) + {DLA-839-1} - tnef <unfixed> (bug #856117) NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/ NOTE: Fixed by: https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d CVE-2017-6308 (An issue was discovered in tnef before 1.4.13. Several Integer ...) + {DLA-839-1} - tnef <unfixed> (bug #856117) NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/ NOTE: Fixed by: https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176 CVE-2017-6307 (An issue was discovered in tnef before 1.4.13. Two OOB Writes have been ...) + {DLA-839-1} - tnef <unfixed> (bug #856117) NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/ NOTE: Fixed by: https://github.com/verdammelt/tnef/commit/1a17af1ed0c791aec44dbdc9eab91218cc1e335a @@ -6828,8 +6868,7 @@ {DLA-783-1} - xen 4.8.0-1 NOTE: https://xenbits.xen.org/xsa/advisory-202.html -CVE-2016-10028 [display: virtio-gpu-3d: OOB access while reading virgl capabilities] - RESERVED +CVE-2016-10028 (The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in ...) - qemu <unfixed> (bug #849798; unimportant) [jessie] - qemu <not-affected> (Vulnerable code not present) [wheezy] - qemu <not-affected> (Vulnerable code not present) @@ -6839,8 +6878,7 @@ NOTE: Marked as unimportant, since 1:2.8+dfsg-2 reverted the support for NOTE: virtio gpu (virglrenderer) and opengl, but the affected code is NOTE: still present. -CVE-2016-10029 [display: virtio-gpu: out of bounds read in virtio_gpu_set_scanout] - RESERVED +CVE-2016-10029 (The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built ...) - qemu 1:2.7+dfsg-1 [jessie] - qemu <not-affected> (Vulnerable code not present) [wheezy] - qemu <not-affected> (Vulnerable code not present) @@ -9601,30 +9639,26 @@ NOTE: https://bugzilla.libav.org/show_bug.cgi?id=980 NOTE: https://git.libav.org/?p=libav.git;a=commit;h=e17bcfbecc268ba00cb55025095d70b1025e6c7d (pre 11.9) NOTE: https://git.libav.org/?p=libav.git;a=commit;h=f106f74206e69e9056130da8bddffc39f3878ac3 (pre 11.9) -CVE-2016-9818 - RESERVED +CVE-2016-9818 (Xen through 4.7.x allows local ARM guest OS users to cause a denial of ...) - xen 4.8.0-1 [jessie] - xen <no-dsa> (Minor issue) [wheezy] - xen <not-affected> (ARM support introduced in 4.4) NOTE: https://xenbits.xen.org/xsa/advisory-201.html NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-4.patch -CVE-2016-9817 - RESERVED +CVE-2016-9817 (Xen through 4.7.x allows local ARM guest OS users to cause a denial of ...) - xen 4.8.0-1 [jessie] - xen <no-dsa> (Minor issue) [wheezy] - xen <not-affected> (ARM support introduced in 4.4) NOTE: https://xenbits.xen.org/xsa/advisory-201.html NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-3.patch NOTE: or https://xenbits.xen.org/xsa/xsa201-3-4.7.patch -CVE-2016-9816 - RESERVED +CVE-2016-9816 (Xen through 4.7.x allows local ARM guest OS users to cause a denial of ...) - xen 4.8.0-1 [jessie] - xen <no-dsa> (Minor issue) [wheezy] - xen <not-affected> (ARM support introduced in 4.4) NOTE: https://xenbits.xen.org/xsa/advisory-201.html NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-2.patch -CVE-2016-9815 - RESERVED +CVE-2016-9815 (Xen through 4.7.x allows local ARM guest OS users to cause a denial of ...) - xen 4.8.0-1 [jessie] - xen <no-dsa> (Minor issue) [wheezy] - xen <not-affected> (ARM support introduced in 4.4) @@ -19703,12 +19737,12 @@ RESERVED CVE-2016-8388 RESERVED -CVE-2016-8387 - RESERVED -CVE-2016-8386 - RESERVED -CVE-2016-8385 - RESERVED +CVE-2016-8387 (An exploitable heap-based buffer overflow exists in Iceni Argus. When ...) + TODO: check +CVE-2016-8386 (An exploitable heap-based buffer overflow exists in Iceni Argus. When ...) + TODO: check +CVE-2016-8385 (An exploitable uninitialized variable vulnerability which leads to a ...) + TODO: check CVE-2016-8384 RESERVED CVE-2016-8383 @@ -19959,8 +19993,7 @@ RESERVED CVE-2016-1000243 RESERVED -CVE-2016-7553 [Information disclosure vulnerability in buf.pl] - RESERVED +CVE-2016-7553 (The buf.pl before 2.20 script in Irssi before 0.8.20 uses weak ...) {DLA-722-1} - irssi 0.8.20-2 (bug #838762) [jessie] - irssi 0.8.17-1+deb8u2 @@ -30335,8 +30368,7 @@ {DLA-547-1} - graphicsmagick 1.3.24-1 NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/8d175c4edfe7 -CVE-2016-5240 [negative stroke-dasharray arguments which were resulting in endless looping.] - RESERVED +CVE-2016-5240 (The DrawDashPolygon function in magick/render.c in GraphicsMagick ...) {DSA-3746-1 DLA-547-1} - graphicsmagick 1.3.24-1 NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ddc999ec896c @@ -65633,8 +65665,7 @@ NOTE: libv8 is not covered by security support NOTE: https://nodesecurity.io/advisories/serve-static-xss NOTE: https://github.com/expressjs/serve-index/issues/28 -CVE-2015-8903 [denial of service flaw in VICAR file processing] - RESERVED +CVE-2015-8903 (The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x ...) [experimental] - imagemagick 8:6.9.1.2-1 - imagemagick 8:6.8.9.9-6 (low) [jessie] - imagemagick 8:6.8.9.9-5+deb8u1 @@ -65643,8 +65674,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2015/02/20/4 NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26933 NOTE: http://web.archive.org/web/20150428140926/http://trac.imagemagick.org/changeset/17856 -CVE-2015-8902 [denial of service flaw in PDB file processing] - RESERVED +CVE-2015-8902 (The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before ...) [experimental] - imagemagick 8:6.9.1.2-1 - imagemagick 8:6.8.9.9-6 (low) [jessie] - imagemagick 8:6.8.9.9-5+deb8u1 @@ -65653,8 +65683,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2015/02/20/4 NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26932 NOTE: http://web.archive.org/web/20150428145652/http://trac.imagemagick.org/changeset/17855 -CVE-2015-8901 [denial of service flaw in MIFF file processing] - RESERVED +CVE-2015-8901 (ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a ...) [experimental] - imagemagick 8:6.9.1.2-1 - imagemagick 8:6.8.9.9-6 [jessie] - imagemagick 8:6.8.9.9-5+deb8u1 @@ -65664,8 +65693,7 @@ NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26931 NOTE: http://trac.imagemagick.org/changeset/17854 TODO: The link in the previous line is broken. Please, consider replacing it. Error: Name or service not known -CVE-2015-8900 [denial of service flaw in HDR file processing] - RESERVED +CVE-2015-8900 (The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x ...) [experimental] - imagemagick 8:6.9.1.2-1 - imagemagick 8:6.8.9.9-6 [jessie] - imagemagick 8:6.8.9.9-5+deb8u1 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits