Author: sectracker
Date: 2017-03-01 21:10:12 +0000 (Wed, 01 Mar 2017)
New Revision: 49348
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-01 19:14:08 UTC (rev 49347)
+++ data/CVE/list 2017-03-01 21:10:12 UTC (rev 49348)
@@ -1,8 +1,26 @@
+CVE-2017-6422
+ RESERVED
+CVE-2017-6421
+ RESERVED
+CVE-2017-6420
+ RESERVED
+CVE-2017-6419
+ RESERVED
+CVE-2017-6418
+ RESERVED
+CVE-2017-6417
+ RESERVED
+CVE-2017-6416
+ RESERVED
+CVE-2017-6415
+ RESERVED
CVE-2017-6414 [libcacard: host memory leakage while creating new APDU]
+ RESERVED
- libcacard <unfixed> (bug #856501)
NOTE: Fixed by:
https://cgit.freedesktop.org/spice/libcacard/commit/?id=9113dc6a303604a2d9812ac70c17d076ef11886c
TODO: check
CVE-2017-6413 [does not scrub headers for "AuthType oauth20"]
+ RESERVED
- libapache2-mod-auth-openidc 2.1.6-1
NOTE:
https://github.com/pingidentity/mod_auth_openidc/commit/21e3728a825c41ab41efa75e664108051bb9665e
CVE-2017-6412
@@ -220,26 +238,21 @@
NOTE:
https://blogs.gentoo.org/ago/2017/02/25/pax-utils-scanelf-out-of-bounds-read-in-scanelf_file_get_symtabs-scanelf-c-2/
NOTE:
https://github.com/gentoo/pax-utils/commit/e577c5b7e230c52e5fc4fa40e4e9014c634b3c1d
NOTE:
https://github.com/gentoo/pax-utils/commit/858939ea6ad63f1acb4ec74bba705c197a67d559
-CVE-2017-6353 [sctp: deny peeloff operation on asocs with threads sleeping on
it]
- RESERVED
+CVE-2017-6353 (net/sctp/socket.c in the Linux kernel through 4.10.1 does not
properly ...)
- linux 4.9.13-1
NOTE: https://marc.info/?l=linux-netdev&m=148785309416337&w=2
-CVE-2017-6348 [irda: Fix lockdep annotations in hashbin_delete().]
- RESERVED
+CVE-2017-6348 (The hashbin_delete function in net/irda/irqueue.c in the Linux
kernel ...)
- linux 4.9.13-1
NOTE: Fixed by:
https://git.kernel.org/linus/4c03b862b12f980456f9de92db6d508a4999b788
-CVE-2017-6347 [ip: fix IP_CHECKSUM handling]
- RESERVED
+CVE-2017-6347 (The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in
the ...)
- linux 4.9.13-1
[jessie] - linux <not-affected> (Vulnerable code introduced in 4.0)
[wheezy] - linux <not-affected> (Vulnerable code introduced in 4.0)
NOTE: Fixed by:
https://git.kernel.org/linus/ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32
-CVE-2017-6346 [packet: fix races in fanout_add()]
- RESERVED
+CVE-2017-6346 (Race condition in net/packet/af_packet.c in the Linux kernel
before ...)
- linux 4.9.13-1
NOTE: Fixed by:
https://git.kernel.org/linus/d199fab63c11998a602205f7ee7ff7c05c97164b
-CVE-2017-6345 [net/llc: avoid BUG_ON() in skb_orphan()]
- RESERVED
+CVE-2017-6345 (The LLC subsystem in the Linux kernel before 4.9.13 does not
ensure ...)
- linux 4.9.13-1
NOTE: Fixed by:
https://git.kernel.org/linus/8b74d439e1697110c5e5c600643e823eb1dd0762
CVE-2017-6321
@@ -815,6 +828,7 @@
CVE-2017-6077 (ping.cgi on NETGEAR DGN2200 devices with firmware through
10.0.0.50 ...)
NOT-FOR-US: NETGEAR
CVE-2016-10228 [glibc iconv program can hang when invoked with the -c option]
+ RESERVED
- glibc <unfixed> (bug #856503)
[jessie] - glibc <no-dsa> (Minor issue)
- eglibc <removed>
@@ -1010,8 +1024,8 @@
NOT-FOR-US: SAP Message Server
CVE-2017-5996
RESERVED
-CVE-2017-5995
- RESERVED
+CVE-2017-5995 (The NetApp ONTAP Select Deploy administration utility 2.0
through ...)
+ TODO: check
CVE-2017-XXXX [XSA-207: memory leak when destroying guest without PT devices]
- xen <unfixed> (bug #856229)
[jessie] - xen <no-dsa> (Minor issue)
@@ -1067,41 +1081,33 @@
- tomcat7 7.0.72-3 (bug #854551)
NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=57544
-CVE-2017-5981 [assertion failure in seeko.c]
- RESERVED
+CVE-2017-5981 (seeko.c in zziplib 0.13.62 allows remote attackers to cause a
denial ...)
- zziplib <unfixed> (bug #854727)
NOTE:
http://blogs.gentoo.org/ago/2017/02/09/zziplib-assertion-failure-in-seeko-c/
-CVE-2017-5980
- RESERVED
+CVE-2017-5980 (The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62
allows ...)
- zziplib <unfixed> (bug #854727)
NOTE:
http://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-zzip_mem_entry_new-memdisk-c/
-CVE-2017-5979
- RESERVED
+CVE-2017-5979 (The prescan_entry function in fseeko.c in zziplib 0.13.62
allows ...)
- zziplib <unfixed> (bug #854727)
NOTE:
http://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-prescan_entry-fseeko-c/
-CVE-2017-5978
- RESERVED
+CVE-2017-5978 (The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62
allows ...)
- zziplib <unfixed> (bug #854727)
NOTE:
http://blogs.gentoo.org/ago/2017/02/09/zziplib-out-of-bounds-read-in-zzip_mem_entry_new-memdisk-c/
-CVE-2017-5977
- RESERVED
+CVE-2017-5977 (The zzip_mem_entry_extra_block function in memdisk.c in zziplib
...)
- zziplib <unfixed> (bug #854727)
NOTE:
http://blogs.gentoo.org/ago/2017/02/09/zziplib-invalid-memory-read-in-zzip_mem_entry_extra_block-memdisk-c/
-CVE-2017-5976
- RESERVED
+CVE-2017-5976 (Heap-based buffer overflow in the zzip_mem_entry_extra_block
function ...)
- zziplib <unfixed> (bug #854727)
NOTE:
http://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-zzip_mem_entry_extra_block-memdisk-c/
-CVE-2017-5975
- RESERVED
+CVE-2017-5975 (Heap-based buffer overflow in the __zzip_get64 function in
fetch.c in ...)
- zziplib <unfixed> (bug #854727)
NOTE:
http://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get64-fetch-c/
-CVE-2017-5974
- RESERVED
+CVE-2017-5974 (Heap-based buffer overflow in the __zzip_get32 function in
fetch.c in ...)
- zziplib <unfixed> (bug #854727)
NOTE:
http://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get32-fetch-c/
CVE-2017-5973 [Qemu: usb: infinite loop while doing control transfer in
xhci_kick_epctx]
RESERVED
- {DLA-842-1}
+ {DLA-845-1 DLA-842-1}
- qemu 1:2.8+dfsg-3 (bug #855611)
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html
@@ -1351,7 +1357,7 @@
RESERVED
CVE-2017-5898 [Qemu: usb: integer overflow in emulated_apdu_from_guest]
RESERVED
- {DLA-842-1}
+ {DLA-845-1 DLA-842-1}
- qemu 1:2.8+dfsg-3 (bug #854729)
[jessie] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
@@ -1467,8 +1473,7 @@
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by:
https://github.com/torvalds/linux/commit/3a4b77cd47bb837b8557595ec7425f281f2ca1fe
(4.10-rc1)
NOTE: Introduced by:
https://github.com/torvalds/linux/commit/952fc18ef9ec707ebdc16c0786ec360295e5ff15
(3.6-rc1)
-CVE-2017-5886 [podofo: heap-based buffer overflow in
PoDoFo::PdfTokenizer::GetNextToken (PdfTokenizer.cpp)]
- RESERVED
+CVE-2017-5886 (Heap-based buffer overflow in the
PoDoFo::PdfTokenizer::GetNextToken ...)
- libpodofo <unfixed> (bug #854604)
NOTE:
https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp
NOTE:
https://sourceforge.net/p/podofo/mailman/podofo-users/thread/1623824.EtgW9yDooZ%40blackgate/#msg35644693
@@ -1945,8 +1950,7 @@
- libav <undetermined>
NOTE: Patch:
https://github.com/FFmpeg/FFmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa
NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/12
-CVE-2017-5851 [mp3splt: NULL pointer dereference in free_options]
- RESERVED
+CVE-2017-5851 (The free_options function in options_manager.c in mp3splt 2.6.2
allows ...)
- mp3splt <unfixed> (unimportant)
NOTE:
https://github.com/asarubbo/poc/blob/master/00127-mp3splt-nullptr-free_options
NOTE:
https://blogs.gentoo.org/ago/2017/02/01/mp3splt-null-pointer-dereference-in-free_options-options_manager-c
@@ -1998,29 +2002,25 @@
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/podofo/mailman/message/34205419/
NOTE: https://sourceforge.net/p/podofo/code/1672
-CVE-2017-5855 [NULL pointer dereference in
PoDoFo::PdfParser::ReadXRefSubsection]
- RESERVED
+CVE-2017-5855 (The PoDoFo::PdfParser::ReadXRefSubsection function in
PdfParser.cpp in ...)
- libpodofo <unfixed> (bug #854603)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE:
https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-podofopdfparserreadxrefsubsection-pdfparser-cpp
NOTE:
https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
-CVE-2017-5854 [NULL pointer dereference in PdfOutputStream.cpp]
- RESERVED
+CVE-2017-5854 (base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote
attackers to ...)
- libpodofo <unfixed> (bug #854602)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE:
https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp
NOTE:
https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
-CVE-2017-5853 [Signed integer overflow in PdfParser.cpp]
- RESERVED
+CVE-2017-5853 (Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows
remote ...)
- libpodofo <unfixed> (bug #854601)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE:
https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-integer-overflow-in-pdfparser-cpp
NOTE:
https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
-CVE-2017-5852 [Infinite loop in PoDoFo::PdfPage::GetInheritedKeyFromObject]
- RESERVED
+CVE-2017-5852 (The PoDoFo::PdfPage::GetInheritedKeyFromObject function in ...)
- libpodofo <unfixed> (bug #854600)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
@@ -2062,13 +2062,11 @@
CVE-2017-5669 (The do_shmat function in ipc/shm.c in the Linux kernel through
4.9.12 ...)
- linux 4.9.13-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=192931
-CVE-2017-5666 [invalid free in free_options (options_manager.c)]
- RESERVED
+CVE-2017-5666 (The free_options function in options_manager.c in mp3splt 2.6.2
allows ...)
- mp3splt <unfixed> (bug #854278)
NOTE:
https://blogs.gentoo.org/ago/2017/01/29/mp3splt-invalid-free-in-free_options-options_manager-c
NOTE: https://sourceforge.net/p/mp3splt/bugs/209/
-CVE-2017-5665 [NULL pointer dereference in splt_cue_export_to_file (cue.c)]
- RESERVED
+CVE-2017-5665 (The splt_cue_export_to_file function in cue.c in libmp3splt
0.9.2 ...)
- mp3splt <unfixed> (unimportant)
NOTE:
https://blogs.gentoo.org/ago/2017/01/29/mp3splt-null-pointer-dereference-in-splt_cue_export_to_file-cue-c
NOTE: https://sourceforge.net/p/mp3splt/bugs/209/
@@ -2668,8 +2666,7 @@
[jessie] - hesiod <no-dsa> (Minor issue)
NOTE: https://github.com/achernya/hesiod/pull/10
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1332493
-CVE-2016-10151 [Weak SUID check allowing privilege elevation]
- RESERVED
+CVE-2016-10151 (The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1
compares EUID ...)
{DLA-796-1}
- hesiod <unfixed> (low; bug #852094)
[jessie] - hesiod <no-dsa> (Minor issue)
@@ -3203,46 +3200,39 @@
NOTE:
https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-read-in-jas_matrix_asl-jas_seq-c
NOTE: https://github.com/mdadams/jasper/issues/88
NOTE: Not suitable for code injection, hardly denial of service
-CVE-2017-5504
- RESERVED
+CVE-2017-5504 (The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer
...)
- jasper <removed> (unimportant)
NOTE:
https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-read-in-jpc_undo_roi-jpc_dec-c
NOTE: https://github.com/mdadams/jasper/issues/89
NOTE: Not suitable for code injection, hardly denial of service
-CVE-2017-5503
- RESERVED
+CVE-2017-5503 (The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer
...)
- jasper <removed>
NOTE:
https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-write-in-dec_clnpass-jpc_t1dec-c
NOTE: https://github.com/mdadams/jasper/issues/90
-CVE-2017-5502
- RESERVED
+CVE-2017-5502 (libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote
attackers to ...)
- jasper <removed> (unimportant)
NOTE: Reproducer:
https://github.com/asarubbo/poc/blob/master/00030-jasper-leftshift-jp2_dec_c
NOTE:
http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
NOTE: https://github.com/mdadams/jasper/issues/76
NOTE: Not suitable for code injection, hardly denial of service
-CVE-2017-5501
- RESERVED
+CVE-2017-5501 (Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17
allows ...)
- jasper <removed>
NOTE: Reproducer:
https://github.com/asarubbo/poc/blob/master/00022-jasper-signedintoverflow-jpc_tsfb_c
NOTE:
http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
NOTE: https://github.com/mdadams/jasper/issues/70
-CVE-2017-5500
- RESERVED
+CVE-2017-5500 (libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote
attackers to ...)
- jasper <removed> (unimportant)
NOTE: Triggers an assert. Not suitable for code injection, hardly
denial of service
NOTE: Reproducer:
https://github.com/asarubbo/poc/blob/master/00019-jasper-leftshift-jpc_dec_c
NOTE:
http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
NOTE: https://github.com/mdadams/jasper/issues/64
-CVE-2017-5499
- RESERVED
+CVE-2017-5499 (Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17
allows ...)
- jasper <removed> (unimportant)
NOTE: Reproducer:
https://github.com/asarubbo/poc/blob/master/00018-jasper-signedintoverflow-jpc_dec_c
NOTE:
http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
NOTE: https://github.com/mdadams/jasper/issues/63
NOTE: Triggers an assert. Not suitable for code injection, hardly
denial of service
-CVE-2017-5498
- RESERVED
+CVE-2017-5498 (libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows
remote ...)
- jasper <removed> (unimportant)
NOTE: Triggers an assert. Not suitable for code injection, hardly
denial of service
NOTE: Reproducer:
https://github.com/asarubbo/poc/blob/master/00017-jasper-leftshift-jas_math_h
@@ -4469,28 +4459,24 @@
RESERVED
CVE-2017-4955
RESERVED
-CVE-2016-10095 [stack-based buffer overflow in _TIFFVGetField (tif_dir.c)]
- RESERVED
+CVE-2016-10095 (Stack-based buffer overflow in the _TIFFVGetField function in
...)
- tiff <unfixed> (bug #850316)
[wheezy] - tiff 4.0.2-6+deb7u7
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2625
NOTE: probably preemptively fixed in 4.0.2-6+deb7u7 wheezy upload, as
test case doesn't trigger issue
NOTE: similar to CVE-2015-7554 and CVE-2016-5318
-CVE-2016-10094 [off-by-one error in tiff2pdf]
- RESERVED
+CVE-2016-10094 (Off-by-one error in the t2p_readwrite_pdf_image_tile function
in ...)
{DSA-3762-1}
- tiff 4.0.7-4
[wheezy] - tiff <not-affected> (vulnerable code introduced later)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2640
NOTE: Fixed by:
https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76b0969235c
-CVE-2016-10093 [uint32 underflow/overflow that can cause heap-based buffer
overflow in tiffcp]
- RESERVED
+CVE-2016-10093 (Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7 allows
remote ...)
{DSA-3762-1 DLA-795-1}
- tiff 4.0.7-2
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2610
NOTE: Fixed by:
https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec
-CVE-2016-10092 [heap-buffer-overflow in tiffcrop]
- RESERVED
+CVE-2016-10092 (Heap-based buffer overflow in the readContigStripsIntoBuffer
function ...)
{DSA-3762-1 DLA-795-1}
- tiff 4.0.7-2
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
@@ -9675,8 +9661,7 @@
{DLA-799-1}
- ming <removed>
NOTE:
https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_rgba-parser-c
-CVE-2016-9830 [memory allocation failure in MagickRealloc]
- RESERVED
+CVE-2016-9830 (The MagickRealloc function in memory.c in Graphicsmagick 1.3.25
allows ...)
{DSA-3746-1}
- graphicsmagick 1.3.25-6 (bug #847055)
[wheezy] - graphicsmagick <no-dsa> (fix too intrusive, depends on jan
15th magickresources changes)
@@ -9695,28 +9680,23 @@
{DLA-799-1}
- ming <removed>
NOTE:
https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-_iprintf-outputtxt-c
-CVE-2016-9826
- RESERVED
+CVE-2016-9826 (libavcodec/ituh263dec.c in libav 11.8 allows remote attackers
to cause ...)
- libav <removed> (unimportant)
NOTE:
https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
NOTE:
https://github.com/asarubbo/poc/blob/master/00041-libav-leftshift-ituh263dec_c
-CVE-2016-9825
- RESERVED
+CVE-2016-9825 (libswscale/utils.c in libav 11.8 allows remote attackers to
cause a ...)
- libav <removed> (unimportant)
NOTE:
https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
NOTE:
https://github.com/asarubbo/poc/blob/master/00040-libav-leftshift-utils_c
-CVE-2016-9824
- RESERVED
+CVE-2016-9824 (Integer overflow in libswscale/x86/swscale.c in libav 11.8
allows ...)
- libav <removed>
NOTE:
https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
NOTE:
https://github.com/asarubbo/poc/blob/master/00039-libav-signedintoverflow-swscale_c
-CVE-2016-9823
- RESERVED
+CVE-2016-9823 (libavcodec/x86/mpegvideo.c in libav 11.8 allows remote
attackers to ...)
- libav <removed>
NOTE:
https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
NOTE:
https://github.com/asarubbo/poc/blob/master/00038-libav-uint8_t64-outofbounds-mpegvideo
-CVE-2016-9822
- RESERVED
+CVE-2016-9822 (Integer overflow in libavcodec/mpeg12dec.c in libav 11.8 allows
remote ...)
{DLA-791-1}
- libav <removed>
NOTE:
https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
@@ -9724,8 +9704,7 @@
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=981
NOTE:
https://git.libav.org/?p=libav.git;a=commit;h=9f0193c778175cea3fb43f17acf9b90b4d862d33
(pre 11.9)
NOTE:
https://git.libav.org/?p=libav.git;a=commit;h=15e1af0006354d6bbf0e433c5d1e8ef13c93d6d0
(pre 11.9)
-CVE-2016-9821
- RESERVED
+CVE-2016-9821 (Integer overflow in libavcodec/mpegvideo_parser.c in libav 11.8
allows ...)
{DLA-791-1}
- libav <removed>
NOTE:
https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
@@ -9733,8 +9712,7 @@
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=981
NOTE:
https://git.libav.org/?p=libav.git;a=commit;h=9f0193c778175cea3fb43f17acf9b90b4d862d33
(pre 11.9)
NOTE:
https://git.libav.org/?p=libav.git;a=commit;h=15e1af0006354d6bbf0e433c5d1e8ef13c93d6d0
(pre 11.9)
-CVE-2016-9820
- RESERVED
+CVE-2016-9820 (libavcodec/mpegvideo_motion.c in libav 11.8 allows remote
attackers to ...)
{DLA-791-1}
- libav <removed> (unimportant)
NOTE:
https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
@@ -9742,8 +9720,7 @@
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=980
NOTE:
https://git.libav.org/?p=libav.git;a=commit;h=e17bcfbecc268ba00cb55025095d70b1025e6c7d
(pre 11.9)
NOTE:
https://git.libav.org/?p=libav.git;a=commit;h=f106f74206e69e9056130da8bddffc39f3878ac3
(pre 11.9)
-CVE-2016-9819
- RESERVED
+CVE-2016-9819 (libavcodec/mpegvideo.c in libav 11.8 allows remote attackers to
cause ...)
{DLA-791-1}
- libav <removed> (unimportant)
NOTE:
https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
@@ -10263,8 +10240,8 @@
RESERVED
CVE-2017-2686
RESERVED
-CVE-2017-2685
- RESERVED
+CVE-2017-2685 (Siemens SINUMERIK Integrate Operate Clients between
2.0.3.00.016 ...)
+ TODO: check
CVE-2017-2684 (Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an
...)
NOT-FOR-US: Siemens
CVE-2017-2683 (A non-privileged user of the Siemens web application RUGGEDCOM
NMS < ...)
@@ -10438,7 +10415,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420990
CVE-2017-2620 [display: cirrus: out-of-bounds access issue while in
cirrus_bitblt_cputovideo]
RESERVED
- {DLA-842-1}
+ {DLA-845-1 DLA-842-1}
- qemu 1:2.8+dfsg-3 (bug #855791)
- qemu-kvm <removed>
- xen 4.4.0-1
@@ -10468,7 +10445,7 @@
NOTE: and not installed by default since 2007.
CVE-2017-2615
RESERVED
- {DLA-842-1}
+ {DLA-845-1 DLA-842-1}
- qemu 1:2.8+dfsg-3 (low; bug #854731)
[jessie] - qemu <no-dsa> (Minor issue)
NOTE: Introduced with:
http://git.qemu.org/?p=qemu.git;a=commit;h=d3532a0db02296e687711b8cdc7791924efccea0
(which was the fix for CVE-2014-8106)
@@ -16325,8 +16302,7 @@
- imagemagick 8:6.9.6.2+dfsg-2 (bug #845244)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/8a370f9ab120faf182aa160900ba692ba8e2bcf0
NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
-CVE-2016-9559 [null pointer passed as argument 2, which is declared to never
be null]
- RESERVED
+CVE-2016-9559 (coders/tiff.c in ImageMagick before 7.0.3.7 allows remote
attackers to ...)
{DSA-3726-1 DLA-756-1}
- imagemagick 8:6.9.6.5+dfsg-1 (bug #845243)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/1c795ce9fe1d6feac8bc36c2e6c5ba7110b671b1
@@ -19445,10 +19421,10 @@
REJECTED
CVE-2016-8509
REJECTED
-CVE-2016-8508
- RESERVED
-CVE-2016-8507
- RESERVED
+CVE-2016-8508 (Yandex Browser for desktop before 17.1.1.227 does not show
Protect ...)
+ TODO: check
+CVE-2016-8507 (Yandex Browser for iOS before 16.10.0.2357 does not properly
restrict ...)
+ TODO: check
CVE-2016-8506 (XSS in Yandex Browser Translator in Yandex browser for desktop
for ...)
NOT-FOR-US: Yandex Browser
CVE-2016-8505 (XSS in Yandex Browser BookReader in Yandex browser for desktop
for ...)
@@ -25981,8 +25957,8 @@
NOTE: Additionally needed:
https://git.lysator.liu.se/nettle/nettle/commit/52b9223126b3f997c00d399166c006ae28669068
NOTE: GnuTLS needs an update when/before src:nettle is fixed to
continue working with patched src:nettle for CVE-2016-6489
NOTE: but not a vulnerability in GnuTLS. Needs
https://gitlab.com/gnutls/gnutls/commit/186dc9c2012003587a38d7f4d03edd8da5fe989f
-CVE-2016-6485
- RESERVED
+CVE-2016-6485 (The __construct function in Framework/Encryption/Crypt.php in
Magento ...)
+ TODO: check
CVE-2016-6484 (CRLF injection vulnerability in Infoblox Network Automation
NetMRI ...)
NOT-FOR-US: Infoblox Network Automation NetMR
CVE-2016-6513 (epan/dissectors/packet-wbxml.c in the WBXML dissector in
Wireshark 2.x ...)
@@ -29723,8 +29699,8 @@
RESERVED
CVE-2016-5375
RESERVED
-CVE-2016-5374
- RESERVED
+CVE-2016-5374 (NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote
authenticated ...)
+ TODO: check
CVE-2016-5373
RESERVED
CVE-2016-5372 (Cross-site request forgery (CSRF) vulnerability in NetApp Snap
Creator ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
