[Secure-testing-commits] r44150 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Thu Aug 25 21:10:12 UTC 2016 

Author: sectracker
Date: 2016-08-25 21:10:11 +0000 (Thu, 25 Aug 2016)
New Revision: 44150

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-08-25 21:00:00 UTC (rev 44149)
+++ data/CVE/list	2016-08-25 21:10:11 UTC (rev 44150)
@@ -1,3 +1,5 @@
+CVE-2016-7089 (WatchGuard RapidStream appliances allow local users to gain privileges ...)
+	TODO: check
 CVE-2016-7088
 	RESERVED
 CVE-2016-7087
@@ -354,8 +356,8 @@
 	RESERVED
 CVE-2016-6910
 	RESERVED
-CVE-2016-6909
-	RESERVED
+CVE-2016-6909 (Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before ...)
+	TODO: check
 CVE-2016-6908
 	RESERVED
 CVE-2016-6907
@@ -1612,6 +1614,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/07/29/4
 CVE-2016-6491 [Buffer overflow]
 	RESERVED
+	{DSA-3652-1}
 	- imagemagick <unfixed> (bug #833099)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/dd84447b63a71fa8c3f47071b09454efc667767b
 CVE-2016-6489 [RSA code is vulnerable to cache sharing related attacks]
@@ -2097,6 +2100,7 @@
 	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package and introduced in 4.2 anyway)
 CVE-2016-6316 [Possible XSS Vulnerability in Action View]
 	RESERVED
+	{DSA-3651-1}
 	- rails 2:4.2.7.1-1 (low; bug #834155)
 	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
 	TODO: Rails in wheezy uses several split source packages
@@ -4057,12 +4061,14 @@
 	NOTE: Upstream fix: https://github.com/libarchive/libarchive/commit/3ad08e01b4d253c66ae56414886089684155af22 (v3.2.1)
 CVE-2016-5842
 	RESERVED
+	{DSA-3652-1}
 	- imagemagick <unfixed> (bug #831034)
 	NOTE: Details: http://www.openwall.com/lists/oss-security/2016/06/23/1
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b
 	NOTE: Reproducer http://bugs.fi/media/afl/imagemagick/CVE-2016-5842.jpg
 CVE-2016-5841
 	RESERVED
+	{DSA-3652-1}
 	- imagemagick <unfixed> (bug #831034)
 	NOTE: Details: http://www.openwall.com/lists/oss-security/2016/06/23/1
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b
@@ -4457,24 +4463,29 @@
 	NOT-FOR-US: Simple Machines Forum
 CVE-2016-5691 [lack of validation of pixel.red, pixel.green, and pixel.blue]
 	RESERVED
+	{DSA-3652-1}
 	- imagemagick <unfixed> (bug #833044)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
 CVE-2016-5690 [error in the for statement in the "Compute pixel scaling table" part of the ReadDCMImage function]
 	RESERVED
+	{DSA-3652-1}
 	- imagemagick <unfixed> (bug #833043)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
 CVE-2016-5689 [lack of required NULL pointer checks]
 	RESERVED
+	{DSA-3652-1}
 	- imagemagick <unfixed> (bug #833042)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
 	NOTE: Will be fixed in a 6.9.4-3 based version
 CVE-2016-5688 [issues in WPG parser]
 	RESERVED
+	{DSA-3652-1}
 	- imagemagick <unfixed> (bug #833003)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/fc43974d34318c834fbf78570ca1a3764ed8c7d7
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/aecd0ada163a4d6c769cec178955d5f3e9316f2f
 CVE-2016-5687 [out of bounds memory read]
 	RESERVED
+	{DSA-3652-1}
 	- imagemagick <unfixed> (bug #832890)
 	NOTE: https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG,-DDS,-DCM.html
 	TODO: check, referenced fix does not seem the one fixing the issue
@@ -6635,6 +6646,7 @@
 	NOTE: https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=50d1594c2e6142a3b51d2143c74027480df082e0
 CVE-2016-5010 [Out-of-bounds read when processing crafted tiff file]
 	RESERVED
+	{DSA-3652-1}
 	- imagemagick <unfixed> (bug #832968)
 	NOTE: Fixed by: http://git.imagemagick.org/repos/ImageMagick/commit/c20de102cc57f3739a8870f79e728e3b0bea18c0
 CVE-2016-5009 (The handle_command function in mon/Monitor.cc in Ceph allows remote ...)
@@ -7956,13 +7968,15 @@
 	NOTE: http://comments.gmane.org/gmane.linux.kernel/2214250
 	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e
 CVE-2016-4564 (The DrawImage function in MagickCore/draw.c in ImageMagick before ...)
+	{DSA-3652-1}
 	- imagemagick <unfixed> (bug #832888)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
 CVE-2016-4563 (The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick ...)
-	{DLA-517-1}
+	{DSA-3652-1 DLA-517-1}
 	- imagemagick <unfixed> (bug #832887)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
 CVE-2016-4562 (The DrawDashPolygon function in MagickCore/draw.c in ImageMagick ...)
+	{DSA-3652-1}
 	- imagemagick <unfixed> (bug #832885)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
 CVE-2016-4560 (Untrusted search path vulnerability in Flexera InstallAnywhere allows ...)

More information about the Secure-testing-commits mailing list