[Secure-testing-commits] r49289 - data/CVE

security tracker role Tue, 28 Feb 2017 01:10:45 -0800

Author: sectracker
Date: 2017-02-28 09:10:12 +0000 (Tue, 28 Feb 2017)
New Revision: 49289


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-02-28 07:44:57 UTC (rev 49288)
+++ data/CVE/list       2017-02-28 09:10:12 UTC (rev 49289)
@@ -1,3 +1,39 @@
+CVE-2017-6372
+       RESERVED
+CVE-2017-6371
+       RESERVED
+CVE-2017-6370
+       RESERVED
+CVE-2017-6369
+       RESERVED
+CVE-2017-6368
+       RESERVED
+CVE-2017-6367
+       RESERVED
+CVE-2017-6366
+       RESERVED
+CVE-2017-6365
+       RESERVED
+CVE-2017-6364
+       RESERVED
+CVE-2017-6363
+       RESERVED
+CVE-2017-6362
+       RESERVED
+CVE-2017-6361
+       RESERVED
+CVE-2017-6360
+       RESERVED
+CVE-2017-6359
+       RESERVED
+CVE-2017-6358
+       RESERVED
+CVE-2017-6357
+       RESERVED
+CVE-2017-6356
+       RESERVED
+CVE-2015-8994
+       RESERVED
 CVE-2015-8993
        RESERVED
 CVE-2015-8992
@@ -46,7 +82,7 @@
        TODO: check
 CVE-2017-6343 (The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR 
Firmware ...)
        NOT-FOR-US: Dahua devices
-CVE-2017-6342 (Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 
...)
+CVE-2017-6342 (An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with 
NVR ...)
        NOT-FOR-US: Dahua devices
 CVE-2017-6341 (Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 
...)
        NOT-FOR-US: Dahua devices
@@ -156,18 +192,22 @@
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=778204
        NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
 CVE-2017-6310 (An issue was discovered in tnef before 1.4.13. Four type 
confusions ...)
+       {DLA-839-1}
        - tnef <unfixed> (bug #856117)
        NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/
        NOTE: Fixed by: 
https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d
 CVE-2017-6309 (An issue was discovered in tnef before 1.4.13. Two type 
confusions have ...)
+       {DLA-839-1}
        - tnef <unfixed> (bug #856117)
        NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/
        NOTE: Fixed by: 
https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d
 CVE-2017-6308 (An issue was discovered in tnef before 1.4.13. Several Integer 
...)
+       {DLA-839-1}
        - tnef <unfixed> (bug #856117)
        NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/
        NOTE: Fixed by: 
https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176
 CVE-2017-6307 (An issue was discovered in tnef before 1.4.13. Two OOB Writes 
have been ...)
+       {DLA-839-1}
        - tnef <unfixed> (bug #856117)
        NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/
        NOTE: Fixed by: 
https://github.com/verdammelt/tnef/commit/1a17af1ed0c791aec44dbdc9eab91218cc1e335a
@@ -6828,8 +6868,7 @@
        {DLA-783-1}
        - xen 4.8.0-1
        NOTE: https://xenbits.xen.org/xsa/advisory-202.html
-CVE-2016-10028 [display: virtio-gpu-3d: OOB access while reading virgl 
capabilities]
-       RESERVED
+CVE-2016-10028 (The virgl_cmd_get_capset function in 
hw/display/virtio-gpu-3d.c in ...)
        - qemu <unfixed> (bug #849798; unimportant)
        [jessie] - qemu <not-affected> (Vulnerable code not present)
        [wheezy] - qemu <not-affected> (Vulnerable code not present)
@@ -6839,8 +6878,7 @@
        NOTE: Marked as unimportant, since 1:2.8+dfsg-2 reverted the support for
        NOTE: virtio gpu (virglrenderer) and opengl, but the affected code is
        NOTE: still present.
-CVE-2016-10029 [display: virtio-gpu: out of bounds read in 
virtio_gpu_set_scanout]
-       RESERVED
+CVE-2016-10029 (The virtio_gpu_set_scanout function in QEMU (aka Quick 
Emulator) built ...)
        - qemu 1:2.7+dfsg-1
        [jessie] - qemu <not-affected> (Vulnerable code not present)
        [wheezy] - qemu <not-affected> (Vulnerable code not present)
@@ -9601,30 +9639,26 @@
        NOTE: https://bugzilla.libav.org/show_bug.cgi?id=980
        NOTE: 
https://git.libav.org/?p=libav.git;a=commit;h=e17bcfbecc268ba00cb55025095d70b1025e6c7d
 (pre 11.9)
        NOTE: 
https://git.libav.org/?p=libav.git;a=commit;h=f106f74206e69e9056130da8bddffc39f3878ac3
 (pre 11.9)
-CVE-2016-9818
-       RESERVED
+CVE-2016-9818 (Xen through 4.7.x allows local ARM guest OS users to cause a 
denial of ...)
        - xen 4.8.0-1
        [jessie] - xen <no-dsa> (Minor issue)
        [wheezy] - xen <not-affected> (ARM support introduced in 4.4)
        NOTE: https://xenbits.xen.org/xsa/advisory-201.html
        NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-4.patch
-CVE-2016-9817
-       RESERVED
+CVE-2016-9817 (Xen through 4.7.x allows local ARM guest OS users to cause a 
denial of ...)
        - xen 4.8.0-1
        [jessie] - xen <no-dsa> (Minor issue)
        [wheezy] - xen <not-affected> (ARM support introduced in 4.4)
        NOTE: https://xenbits.xen.org/xsa/advisory-201.html
        NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-3.patch
        NOTE: or https://xenbits.xen.org/xsa/xsa201-3-4.7.patch
-CVE-2016-9816
-       RESERVED
+CVE-2016-9816 (Xen through 4.7.x allows local ARM guest OS users to cause a 
denial of ...)
        - xen 4.8.0-1
        [jessie] - xen <no-dsa> (Minor issue)
        [wheezy] - xen <not-affected> (ARM support introduced in 4.4)
        NOTE: https://xenbits.xen.org/xsa/advisory-201.html
        NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-2.patch
-CVE-2016-9815
-       RESERVED
+CVE-2016-9815 (Xen through 4.7.x allows local ARM guest OS users to cause a 
denial of ...)
        - xen 4.8.0-1
        [jessie] - xen <no-dsa> (Minor issue)
        [wheezy] - xen <not-affected> (ARM support introduced in 4.4)
@@ -19703,12 +19737,12 @@
        RESERVED
 CVE-2016-8388
        RESERVED
-CVE-2016-8387
-       RESERVED
-CVE-2016-8386
-       RESERVED
-CVE-2016-8385
-       RESERVED
+CVE-2016-8387 (An exploitable heap-based buffer overflow exists in Iceni 
Argus. When ...)
+       TODO: check
+CVE-2016-8386 (An exploitable heap-based buffer overflow exists in Iceni 
Argus. When ...)
+       TODO: check
+CVE-2016-8385 (An exploitable uninitialized variable vulnerability which leads 
to a ...)
+       TODO: check
 CVE-2016-8384
        RESERVED
 CVE-2016-8383
@@ -19959,8 +19993,7 @@
        RESERVED
 CVE-2016-1000243
        RESERVED
-CVE-2016-7553 [Information disclosure vulnerability in buf.pl]
-       RESERVED
+CVE-2016-7553 (The buf.pl before 2.20 script in Irssi before 0.8.20 uses weak 
...)
        {DLA-722-1}
        - irssi 0.8.20-2 (bug #838762)
        [jessie] - irssi 0.8.17-1+deb8u2
@@ -30335,8 +30368,7 @@
        {DLA-547-1}
        - graphicsmagick 1.3.24-1
        NOTE: Fixed by: 
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/8d175c4edfe7
-CVE-2016-5240 [negative stroke-dasharray arguments which were resulting in 
endless looping.]
-       RESERVED
+CVE-2016-5240 (The DrawDashPolygon function in magick/render.c in 
GraphicsMagick ...)
        {DSA-3746-1 DLA-547-1}
        - graphicsmagick 1.3.24-1
        NOTE: Fixed by: 
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ddc999ec896c
@@ -65633,8 +65665,7 @@
        NOTE: libv8 is not covered by security support
        NOTE: https://nodesecurity.io/advisories/serve-static-xss
        NOTE: https://github.com/expressjs/serve-index/issues/28
-CVE-2015-8903 [denial of service flaw in VICAR file processing]
-       RESERVED
+CVE-2015-8903 (The ReadVICARImage function in coders/vicar.c in ImageMagick 
6.x ...)
        [experimental] - imagemagick 8:6.9.1.2-1
        - imagemagick 8:6.8.9.9-6 (low)
        [jessie] - imagemagick 8:6.8.9.9-5+deb8u1
@@ -65643,8 +65674,7 @@
        NOTE: http://www.openwall.com/lists/oss-security/2015/02/20/4
        NOTE: 
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26933
        NOTE: 
http://web.archive.org/web/20150428140926/http://trac.imagemagick.org/changeset/17856
-CVE-2015-8902 [denial of service flaw in PDB file processing]
-       RESERVED
+CVE-2015-8902 (The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x 
before ...)
        [experimental] - imagemagick 8:6.9.1.2-1
        - imagemagick 8:6.8.9.9-6 (low)
        [jessie] - imagemagick 8:6.8.9.9-5+deb8u1
@@ -65653,8 +65683,7 @@
        NOTE: http://www.openwall.com/lists/oss-security/2015/02/20/4
        NOTE: 
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26932
        NOTE: 
http://web.archive.org/web/20150428145652/http://trac.imagemagick.org/changeset/17855
-CVE-2015-8901 [denial of service flaw in MIFF file processing]
-       RESERVED
+CVE-2015-8901 (ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to 
cause a ...)
        [experimental] - imagemagick 8:6.9.1.2-1
        - imagemagick 8:6.8.9.9-6
        [jessie] - imagemagick 8:6.8.9.9-5+deb8u1
@@ -65664,8 +65693,7 @@
        NOTE: 
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26931
        NOTE: http://trac.imagemagick.org/changeset/17854
        TODO: The link in the previous line is broken. Please, consider 
replacing it. Error: Name or service not known
-CVE-2015-8900 [denial of service flaw in HDR file processing]
-       RESERVED
+CVE-2015-8900 (The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x 
and 7.x ...)
        [experimental] - imagemagick 8:6.9.1.2-1
        - imagemagick 8:6.8.9.9-6
        [jessie] - imagemagick 8:6.8.9.9-5+deb8u1


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r49289 - data/CVE

Reply via email to