[Secure-testing-commits] r46916 - data/CVE

Thu Dec 8 21:10:19 UTC 2016

Author: sectracker
Date: 2016-12-08 21:10:19 +0000 (Thu, 08 Dec 2016)
New Revision: 46916

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-12-08 20:16:21 UTC (rev 46915)
+++ data/CVE/list	2016-12-08 21:10:19 UTC (rev 46916)
@@ -1,3 +1,35 @@
+CVE-2016-9918 (In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" ...)
+	TODO: check
+CVE-2016-9917 (In BlueZ 5.42, a buffer overflow was observed in "read_n" function in ...)
+	TODO: check
+CVE-2016-9906
+	RESERVED
+CVE-2016-9905
+	RESERVED
+CVE-2016-9904
+	RESERVED
+CVE-2016-9903
+	RESERVED
+CVE-2016-9902
+	RESERVED
+CVE-2016-9901
+	RESERVED
+CVE-2016-9900
+	RESERVED
+CVE-2016-9899
+	RESERVED
+CVE-2016-9898
+	RESERVED
+CVE-2016-9897
+	RESERVED
+CVE-2016-9896
+	RESERVED
+CVE-2016-9895
+	RESERVED
+CVE-2016-9894
+	RESERVED
+CVE-2016-9893
+	RESERVED
 CVE-2017-3729
 	RESERVED
 CVE-2017-3728
@@ -1006,8 +1038,8 @@
 	RESERVED
 CVE-2016-9889
 	RESERVED
-CVE-2016-9888
-	RESERVED
+CVE-2016-9888 (An error within the "tar_directory_for_file()" function ...)
+	TODO: check
 CVE-2016-9887
 	RESERVED
 CVE-2016-9886
@@ -1055,6 +1087,7 @@
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=189851
 	NOTE: Fixed by: https://git.kernel.org/linus/79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2 (v4.9-rc8)
 CVE-2016-9912 [display: virtio-gpu: memory leakage when destroying gpu resource]
+	RESERVED
 	- qemu <unfixed> (bug #847391)
 	[jessie] - qemu <not-affected> (Vulnerable code not present)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
@@ -1062,6 +1095,7 @@
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05043.html
 	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/12
 CVE-2016-9916 [9pfs: add cleanup operation for proxy backend driver]
+	RESERVED
 	- qemu <unfixed> (bug #847496)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
@@ -1069,6 +1103,7 @@
 	NOTE: Proxy filesystem driver introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=4c793dda22213a7aba8e4d9a814e8f368a5f8bf7 (v1.0-rc0)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11
 CVE-2016-9915 [9pfs: add cleanup operation for handle backend driver]
+	RESERVED
 	- qemu <unfixed> (bug #847496)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
@@ -1076,12 +1111,14 @@
 	NOTE: handle based fs driver introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=5f5422258e1f50f871bafcc5bfb2b498f414a310 (v1.0-rc0)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11
 CVE-2016-9914 [9pfs: add cleanup operation in FileOperations]
+	RESERVED
 	- qemu <unfixed> (bug #847496)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=702dbcc274e2ca43be20ba64c758c0ca57dab91d (v2.8.0-rc2)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11
 CVE-2016-9913 [9pfs: adjust the order of resource cleanup in device unrealize]
+	RESERVED
 	- qemu <unfixed> (bug #847496)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <removed>
@@ -1090,17 +1127,20 @@
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=4774718e5c194026ba5ee7a28d9be49be3080e42 (v2.8.0-rc2)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11
 CVE-2016-9911 [usb: ehci: memory leakage in ehci_init_transfer]
+	RESERVED
 	- qemu <unfixed>
 	- qemu-kvm <removed>
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=791f97758e223de3290592d169f (v2.8.0-rc0)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/10
 CVE-2016-9907 [usb: redirector: memory leakage when destroying redirector]
+	RESERVED
 	- qemu <unfixed>
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg01379.html
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=07b026fd82d6cf11baf7d7c603c4f5f6070b35bf
 	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/3
 CVE-2016-9908 [display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset]
+	RESERVED
 	- qemu <unfixed> (bug #847400)
 	[jessie] - qemu <not-affected> (Vulnerable code not present)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
@@ -1268,17 +1308,20 @@
 CVE-2017-3150
 	RESERVED
 CVE-2016-9920 [Command Execution via Email]
+	{DLA-737-1}
 	- roundcube <unfixed> (bug #847287)
 	NOTE: https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
 	NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/f84233785ddeed01445fc855f3ae1e8a62f167e1
 	NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/aa6bf38843f51a0fc7205acc98a7b84f3c4c9c4f
 CVE-2016-9910 [for the mishandling of all of the other mentioned characters in attribute values]
+	RESERVED
 	- html5lib 0.999999999-1
 	[jessie] - html5lib <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7
 	NOTE: https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068
 	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/5
 CVE-2016-9909 [for the mishandling of the '<' character in attribute values]
+	RESERVED
 	- html5lib 0.999999999-1
 	[jessie] - html5lib <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7
@@ -1734,8 +1777,7 @@
 	RESERVED
 CVE-2017-2925
 	RESERVED
-CVE-2016-9839
-	RESERVED
+CVE-2016-9839 (In MapServer before 7.0.3, OGR driver error messages are too verbose ...)
 	{DLA-734-1}
 	- mapserver 7.0.3-1
 	[jessie] - mapserver <no-dsa> (Minor issue)
@@ -9289,6 +9331,7 @@
 CVE-2016-9153
 	RESERVED
 CVE-2016-9152 (Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in ...)
+	{DLA-738-1}
 	- spip <unfixed> (bug #847156)
 	NOTE: https://core.spip.net/projects/spip/repository/revisions/23290
 CVE-2016-9151 (Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x ...)
@@ -10795,8 +10838,7 @@
 CVE-2016-8656
 	RESERVED
 	NOT-FOR-US: Red Hat JBoss; jbossas init script
-CVE-2016-8655 [af_packet.c race condition (local root)]
-	RESERVED
+CVE-2016-8655 (Race condition in net/packet/af_packet.c in the Linux kernel through ...)
 	- linux <unfixed>
 	NOTE: http://seclists.org/oss-sec/2016/q4/607
 	NOTE: Introduced by: https://git.kernel.org/linus/f6fb8f100b807378fda19e83e5ac6828b638603a (v3.2-rc1)


