Author: sectracker Date: 2017-03-03 21:10:12 +0000 (Fri, 03 Mar 2017) New Revision: 49397
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-03-03 20:52:56 UTC (rev 49396) +++ data/CVE/list 2017-03-03 21:10:12 UTC (rev 49397) @@ -1,3 +1,11 @@ +CVE-2017-6450 + RESERVED +CVE-2017-6449 + RESERVED +CVE-2017-6448 + RESERVED +CVE-2017-6447 + RESERVED CVE-2017-6446 RESERVED CVE-2017-6445 @@ -1630,28 +1638,22 @@ - irssi 1.0.1-1 (unimportant) NOTE: Patch: https://github.com/irssi/irssi/pull/619/commits/677fb1f55ca52d0e43c93f7d8361d333ff5bffd6 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/02/05/8 -CVE-2016-10206 - RESERVED +CVE-2016-10206 (Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and ...) - zoneminder <unfixed> (bug #854272) [jessie] - zoneminder <no-dsa> (Minor issue) -CVE-2016-10205 - RESERVED +CVE-2016-10205 (Session fixation vulnerability in Zoneminder 1.30 and earlier allows ...) - zoneminder <unfixed> (bug #854272) [jessie] - zoneminder <no-dsa> (Minor issue) -CVE-2016-10204 - RESERVED +CVE-2016-10204 (SQL injection vulnerability in Zoneminder 1.30 and earlier allows ...) - zoneminder <unfixed> (bug #854272) [jessie] - zoneminder <no-dsa> (Minor issue) -CVE-2016-10203 - RESERVED +CVE-2016-10203 (Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and ...) - zoneminder <unfixed> (bug #854272) [jessie] - zoneminder <no-dsa> (Minor issue) -CVE-2016-10202 - RESERVED +CVE-2016-10202 (Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and ...) - zoneminder <unfixed> (bug #854272) [jessie] - zoneminder <no-dsa> (Minor issue) -CVE-2016-10201 - RESERVED +CVE-2016-10201 (Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and ...) - zoneminder <unfixed> (bug #854272) [jessie] - zoneminder <no-dsa> (Minor issue) CVE-2016-10208 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel ...) @@ -1684,12 +1686,12 @@ RESERVED CVE-2017-5868 RESERVED -CVE-2017-5867 - RESERVED -CVE-2017-5866 - RESERVED -CVE-2017-5865 - RESERVED +CVE-2017-5867 (ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, ...) + TODO: check +CVE-2017-5866 (The autocomplete feature in the E-Mail share dialog in ownCloud Server ...) + TODO: check +CVE-2017-5865 (The password reset functionality in ownCloud Server before 8.1.11, ...) + TODO: check CVE-2017-5864 RESERVED CVE-2017-5863 @@ -1704,20 +1706,17 @@ RESERVED CVE-2017-5858 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...) NOT-FOR-US: converse.js -CVE-2017-5836 [issue in plist_free_data plist.c:185] - RESERVED +CVE-2017-5836 (The plist_free_data function in plist.c in libplist allows attackers ...) - libplist <unfixed> (bug #854000) [wheezy] - libplist <no-dsa> (pointers are not incorrectly freed and non-string key nodes are officially allowed) NOTE: https://github.com/libimobiledevice/libplist/issues/86 NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/6 -CVE-2017-5835 [memory allocation error in plist_from_bin] - RESERVED +CVE-2017-5835 (libplist allows attackers to cause a denial of service (large memory ...) {DLA-840-1} - libplist <unfixed> (bug #854000) NOTE: https://github.com/libimobiledevice/libplist/issues/88 NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/6 -CVE-2017-5834 [heap-buffer-overflow in parse_dict_node] - RESERVED +CVE-2017-5834 (The parse_dict_node function in bplist.c in libplist allows attackers ...) {DLA-840-1} - libplist <unfixed> (bug #854000) NOTE: https://github.com/libimobiledevice/libplist/issues/89 @@ -2169,11 +2168,9 @@ NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/19 NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=765a707000e838c30b18d712fe6cb3dd8e0435f3 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1418342 -CVE-2016-10193 - RESERVED +CVE-2016-10193 (The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to ...) NOT-FOR-US: espeak-ruby Ruby gem -CVE-2016-10194 - RESERVED +CVE-2016-10194 (The festivaltts4r gem for Ruby allows remote attackers to execute ...) NOT-FOR-US: festivaltts4r CVE-2017-XXXX [podofo: NULL pointer dereference in PdfInfo::GuessFormat (pdfinfo.cpp)] - libpodofo <unfixed> (bug #854605) @@ -2222,17 +2219,13 @@ CVE-2017-5850 RESERVED NOT-FOR-US: OpenBSD httpd -CVE-2017-5833 - RESERVED +CVE-2017-5833 (Cross-site scripting (XSS) vulnerability in the invocation code ...) NOT-FOR-US: Revive Adserver -CVE-2017-5832 - RESERVED +CVE-2017-5832 (Cross-site scripting (XSS) vulnerability in Revive Adserver before ...) NOT-FOR-US: Revive Adserver -CVE-2017-5831 - RESERVED +CVE-2017-5831 (Session fixation vulnerability in the forgot password mechanism in ...) NOT-FOR-US: Revive Adserver -CVE-2017-5830 - RESERVED +CVE-2017-5830 (Revive Adserver before 4.0.1 allows remote attackers to execute ...) NOT-FOR-US: Revive Adserver CVE-2017-5675 RESERVED @@ -2688,8 +2681,8 @@ NOT-FOR-US: Citrix CVE-2017-5572 (An issue was discovered in Linux Foundation xapi in Citrix XenServer ...) NOT-FOR-US: Citrix -CVE-2017-5571 - RESERVED +CVE-2017-5571 (Open redirect vulnerability in the lmadmin component in Flexera ...) + TODO: check CVE-2017-5570 (An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. ...) NOT-FOR-US: eClinicalWorks CVE-2017-5569 (An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. ...) @@ -2808,23 +2801,19 @@ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1020601 NOTE: Fixed by: https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e (v229) NOTE: Introduced by: https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f (v228) -CVE-2017-5616 [Reflected XSS vulnerability] - RESERVED +CVE-2017-5616 (Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho ...) - cgiemail <removed> (bug #852031) [jessie] - cgiemail <no-dsa> (Will be removed in next point update) NOTE: http://www.openwall.com/lists/oss-security/2017/01/20/6 -CVE-2017-5615 [SEC-215 HTTP header injection] - RESERVED +CVE-2017-5615 (cgiemail and cgiecho allow remote attackers to inject HTTP headers via ...) - cgiemail <removed> (bug #852031) [jessie] - cgiemail <no-dsa> (Will be removed in next point update) NOTE: http://www.openwall.com/lists/oss-security/2017/01/20/6 -CVE-2017-5614 [SEC-214 Open redirect] - RESERVED +CVE-2017-5614 (Open redirect vulnerability in cgiemail and cgiecho allows remote ...) - cgiemail <removed> (bug #852031) [jessie] - cgiemail <no-dsa> (Will be removed in next point update) NOTE: http://www.openwall.com/lists/oss-security/2017/01/20/6 -CVE-2017-5613 [SEC-212 Format string injection] - RESERVED +CVE-2017-5613 (Format string vulnerability in cgiemail and cgiecho allows remote ...) - cgiemail <removed> (bug #852031) [jessie] - cgiemail <no-dsa> (Will be removed in next point update) NOTE: http://www.openwall.com/lists/oss-security/2017/01/20/6 @@ -3534,8 +3523,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1 NOTE: https://wpvulndb.com/vulnerabilities/8721 NOTE: https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4 -CVE-2017-5356 [Irssi out of bounds read in format string] - RESERVED +CVE-2017-5356 (Irssi before 0.8.21 allows remote attackers to cause a denial of ...) - irssi 0.8.21-1 (low) [jessie] - irssi <no-dsa> (Minor issue) [wheezy] - irssi <no-dsa> (Minor issue) @@ -3886,8 +3874,7 @@ NOT-FOR-US: Splunk CVE-2016-10125 (D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded ...) NOT-FOR-US: D-Link -CVE-2016-10127 [XML external entity attack] - RESERVED +CVE-2016-10127 (PySAML2 allows remote attackers to conduct XML external entity (XXE) ...) - python-pysaml2 <unfixed> NOTE: https://github.com/rohe/pysaml2/issues/366 NOTE: A proper fix for this issue would be to fix the underlying issue in src:libxml2 @@ -3982,32 +3969,28 @@ NOT-FOR-US: Open Enterprise Server CVE-2017-5181 RESERVED -CVE-2017-5196 [Out of bounds read in certain incomplete character sequences] - RESERVED +CVE-2017-5196 (Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a denial ...) - irssi 0.8.21-1 (bug #850403) [jessie] - irssi <not-affected> (Affects only 0.8.18 and later) [wheezy] - irssi <not-affected> (Affects only 0.8.18 and later) NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/2 NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d NOTE: https://irssi.org/security/irssi_sa_2017_01.txt -CVE-2017-5195 [Out of bounds read in certain incomplete control codes] - RESERVED +CVE-2017-5195 (Irssi 0.8.17 before 0.8.21 allows remote attackers to cause a denial ...) - irssi 0.8.21-1 (bug #850403) [jessie] - irssi 0.8.17-1+deb8u3 [wheezy] - irssi <not-affected> (Affects only 0.8.17 and later) NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/2 NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d NOTE: https://irssi.org/security/irssi_sa_2017_01.txt -CVE-2017-5194 [Use after free when receiving invalid nick message] - RESERVED +CVE-2017-5194 (Use-after-free vulnerability in Irssi before 0.8.21 allows remote ...) - irssi 0.8.21-1 (bug #850403) [jessie] - irssi 0.8.17-1+deb8u3 [wheezy] - irssi <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/2 NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d NOTE: https://irssi.org/security/irssi_sa_2017_01.txt -CVE-2017-5193 [NULL pointer dereference in the nickcmp function] - RESERVED +CVE-2017-5193 (The nickcmp function in Irssi before 0.8.21 allows remote attackers to ...) - irssi 0.8.21-1 (bug #850403) [jessie] - irssi 0.8.17-1+deb8u3 [wheezy] - irssi <no-dsa> (Minor issue) @@ -11369,8 +11352,8 @@ RESERVED CVE-2017-2291 RESERVED -CVE-2017-2290 - RESERVED +CVE-2017-2290 (On Windows installations of the mcollective-puppet-agent plugin, ...) + TODO: check CVE-2017-2289 RESERVED CVE-2017-2288 @@ -16486,8 +16469,7 @@ NOTE: https://github.com/ImageMagick/ImageMagick/issues/131 NOTE: https://github.com/ImageMagick/ImageMagick/commit/f3b483e8b054c50149912523b4773687e18afe25 NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3 -CVE-2016-10070 [mat file out of bound] - RESERVED +CVE-2016-10070 (Heap-based buffer overflow in the CalcMinMax function in coders/mat.c ...) {DSA-3726-1 DLA-756-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #845246) NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545366 @@ -16536,14 +16518,12 @@ - imagemagick 8:6.9.6.2+dfsg-2 (bug #845213) NOTE: https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76 NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3 -CVE-2016-10066 - RESERVED +CVE-2016-10066 (Buffer overflow in the ReadVIFFImage function in coders/viff.c in ...) {DSA-3726-1 DLA-756-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #845213) NOTE: https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76 NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3 -CVE-2016-10065 [Fix out of bound read in viff file handling] - RESERVED +CVE-2016-10065 (The ReadVIFFImage function in coders/viff.c in ImageMagick before ...) {DSA-3726-1 DLA-756-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #845212) NOTE: https://github.com/ImageMagick/ImageMagick/issues/129 @@ -16573,8 +16553,7 @@ NOTE: 4e914bbe371433f0590cefdf3bd5f3a5710069f9 upstream. It is not the same NOTE: as the fputc issue in ReadGROUP4Image. NOTE: https://github.com/ImageMagick/ImageMagick/commit/41e955984b034777903cfa61e500a0b922eb9cbd -CVE-2016-10061 - RESERVED +CVE-2016-10061 (The ReadGROUP4Image function in coders/tiff.c in ImageMagick before ...) {DSA-3726-1 DLA-756-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #845196) NOTE: https://github.com/ImageMagick/ImageMagick/commit/4e914bbe371433f0590cefdf3bd5f3a5710069f9 @@ -20457,8 +20436,8 @@ RESERVED CVE-2016-8237 RESERVED -CVE-2016-8236 - RESERVED +CVE-2016-8236 (Reset to default settings may occur in Lenovo ThinkServer TSM RD350, ...) + TODO: check CVE-2016-8235 RESERVED CVE-2016-8234 @@ -21683,14 +21662,13 @@ CVE-2016-7973 (The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in ...) {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 -CVE-2016-7972 - RESERVED +CVE-2016-7972 (The check_allocations function in libass/ass_shaper.c in libass before ...) {DLA-668-1} - libass 0.13.4-1 [jessie] - libass <no-dsa> (Minor issue) NOTE: https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b CVE-2016-7971 - RESERVED + REJECTED - libass <unfixed> (bug #840338; unimportant) NOTE: The "third issue" is the DoS issue as per https://github.com/libass/libass/pull/240 with NOTE: "id:000248,sig:11,src:004326,op:havoc,rep:16" which does not have fix upstream @@ -21700,15 +21678,13 @@ NOTE: it would have been compiled with ASAN. NOTE: Only leads to a crash when compiled with ASAN, otherwise takes a long time, NOTE: but still finished parsing the input. -CVE-2016-7970 - RESERVED +CVE-2016-7970 (Buffer overflow in the calc_coeff function in libass/ass_blur.c in ...) - libass 0.13.4-1 [jessie] - libass <not-affected> (Vulnerable code introduced later) [wheezy] - libass <not-affected> (Vulnerable code first introduced in July 2015) NOTE: Fixed by: https://github.com/libass/libass/pull/240/commits/08e754612019ed84d1db0d1fc4f5798248decd75 NOTE: Vulnerable function calc_coeff introduced in: https://github.com/libass/libass/commit/d787615845d78d8f8e6d1a4ffc3dc3eecd8a92f6 (0.13.0) -CVE-2016-7969 - RESERVED +CVE-2016-7969 (The wrap_lines_smart function in ass_render.c in libass before 0.13.4 ...) {DLA-668-1} - libass 0.13.4-1 [jessie] - libass <no-dsa> (Minor issue) @@ -23158,26 +23134,22 @@ NOTE: https://sourceforge.net/p/libdwarf/code/ci/e12f6c0b69c20f58dccc4505309cf7f974c34dc2 NOTE: with final fix/follow up: https://sourceforge.net/p/libdwarf/code/ci/3767305debcba8bd7e1c483ae48c509d25399252 NOTE: Introduced by (as confirmed by upstream): https://sourceforge.net/p/libdwarf/code/ci/b446e23dc21704ccd3b76d8945aaf39e4aca8c27 -CVE-2016-7409 - RESERVED +CVE-2016-7409 (The dbclient and server in Dropbear SSH before 2016.74, when compiled ...) - dropbear 2016.74-1 (unimportant) NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/6a14b1f6dc04 NOTE: Not an issue for the the Debian binary package since we do not NOTE: compile with DEBUG_TRACE. -CVE-2016-7408 - RESERVED +CVE-2016-7408 (The dbclient in Dropbear SSH before 2016.74 allows remote attackers to ...) - dropbear 2016.74-1 [jessie] - dropbear <no-dsa> (Minor issue) [wheezy] - dropbear <not-affected> (Vulnerable code not present) NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6 -CVE-2016-7407 - RESERVED +CVE-2016-7407 (The dropbearconvert command in Dropbear SSH before 2016.74 allows ...) {DLA-634-1} - dropbear 2016.74-1 [jessie] - dropbear <no-dsa> (Minor issue) NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e -CVE-2016-7406 - RESERVED +CVE-2016-7406 (Format string vulnerability in Dropbear SSH before 2016.74 allows ...) {DLA-634-1} - dropbear 2016.74-1 [jessie] - dropbear <no-dsa> (Minor issue) @@ -25497,16 +25469,13 @@ CVE-2016-6885 (The pstm_exptmod function in MatrixSSL before 3.8.4 allows remote ...) - matrixssl <removed> [wheezy] - matrixssl <end-of-life> (not supported in Wheezy) -CVE-2016-6884 [Access Violation on Malicious TLS Record] - RESERVED +CVE-2016-6884 (TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL before ...) - matrixssl <removed> [wheezy] - matrixssl <end-of-life> (not supported in Wheezy) -CVE-2016-6883 [Side Channel Vulnerability on RSA Cipher Suites] - RESERVED +CVE-2016-6883 (MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote ...) - matrixssl <removed> [wheezy] - matrixssl <end-of-life> (not supported in Wheezy) -CVE-2016-6882 [Validation of RSA Signature Creation] - RESERVED +CVE-2016-6882 (MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is ...) - matrixssl <removed> [wheezy] - matrixssl <end-of-life> (not supported in Wheezy) CVE-2016-6635 (Cross-site request forgery (CSRF) vulnerability in the ...) @@ -37131,8 +37100,8 @@ NOT-FOR-US: BlackBerry CVE-2016-3128 (A spoofing vulnerability in the Core of BlackBerry Enterprise Server ...) NOT-FOR-US: BlackBerry -CVE-2016-3127 - RESERVED +CVE-2016-3127 (An information disclosure vulnerability in the logging implementation ...) + TODO: check CVE-2016-3126 (Cross-site scripting (XSS) vulnerability in the Management Console in ...) NOT-FOR-US: BlackBerry CVE-2016-3123 @@ -39566,10 +39535,10 @@ - linux 4.4.2-1 - linux-2.6 <removed> NOTE: Fixed by: https://git.kernel.org/linus/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea (v4.4-rc6) -CVE-2015-8815 - RESERVED -CVE-2015-8814 - RESERVED +CVE-2015-8815 (Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before ...) + TODO: check +CVE-2015-8814 (Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery ...) + TODO: check CVE-2016-2392 (The is_rndis function in the USB Net device emulator ...) - qemu 1:2.6+dfsg-1 (bug #815008) [jessie] - qemu <no-dsa> (Minor issue) @@ -40139,8 +40108,7 @@ NOT-FOR-US: HP LaserJet Printers CVE-2016-2243 (Sure Start on HP Commercial PCs 2015 allows local users to cause a ...) NOT-FOR-US: HP Commercial PCs with Sure Start -CVE-2015-8813 - RESERVED +CVE-2015-8813 (The Page_Load function in ...) NOT-FOR-US: Umbraco CVE-2015-8812 (drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 ...) {DSA-3503-1 DLA-439-1} @@ -64058,8 +64026,7 @@ RESERVED CVE-2015-2878 RESERVED -CVE-2015-2877 [Cross-VM ASL INtrospection (CAIN)] - RESERVED +CVE-2015-2877 (** DISPUTED ** Kernel Samepage Merging (KSM) in the Linux kernel ...) - linux <unfixed> (unimportant) - linux-2.6 <removed> (unimportant) NOTE: https://www.usenix.org/conference/woot15/workshop-program/presentation/barresi _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits