[Secure-testing-commits] r47010 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Mon Dec 12 21:10:11 UTC 2016


Author: sectracker
Date: 2016-12-12 21:10:11 +0000 (Mon, 12 Dec 2016)
New Revision: 47010

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-12-12 21:06:08 UTC (rev 47009)
+++ data/CVE/list	2016-12-12 21:10:11 UTC (rev 47010)
@@ -1,3 +1,17 @@
+CVE-2016-9931
+	RESERVED
+CVE-2016-9930
+	RESERVED
+CVE-2016-9929
+	RESERVED
+CVE-2016-9927
+	RESERVED
+CVE-2016-9926
+	RESERVED
+CVE-2016-9925
+	RESERVED
+CVE-2016-9924
+	RESERVED
 CVE-2016-9936 [Use After Free in PHP7 unserialize()]
 	- php7.0 7.0.14-1
 	NOTE: Fixed in PHP 7.0.14 and 7.1.0
@@ -7973,101 +7987,80 @@
 	NOTE: Upstream patch: https://bugs.php.net/patch-display.php?bug_id=67397&patch=bug67397-patch&revision=latest
 	NOTE: PHP workaround for CVE-2014-9911 in icu
 	TODO: double-check first fixing version in unstable
-CVE-2016-4412 [phpMyAdmin PMASA-2016-57]
-	RESERVED
+CVE-2016-4412 (An issue was discovered in phpMyAdmin. A user can be tricked into ...)
 	- phpmyadmin 4:4.1.7-1
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-57/
 	NOTE: may affect wheezy only.
-CVE-2016-9847 [phpMyAdmin PMASA-2016-58]
-	RESERVED
+CVE-2016-9847 (An issue was discovered in phpMyAdmin. When the user does not specify ...)
 	- phpmyadmin 4:4.6.5.1-1 (unimportant)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-58/
 	NOTE: Debian packaging generates blowfish secret
-CVE-2016-9848 [phpMyAdmin PMASA-2016-59]
-	RESERVED
+CVE-2016-9848 (An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP ...)
 	- phpmyadmin 4:4.6.5.1-1 (unimportant)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-59/
 	NOTE: disabled by default, debugging setting required
-CVE-2016-9849 [phpMyAdmin PMASA-2016-60]
-	RESERVED
+CVE-2016-9849 (An issue was discovered in phpMyAdmin. It is possible to bypass ...)
 	- phpmyadmin 4:4.6.5.1-1
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-60/
-CVE-2016-9850 [phpMyAdmin PMASA-2016-61]
-	RESERVED
+CVE-2016-9850 (An issue was discovered in phpMyAdmin. Username matching for the ...)
 	- phpmyadmin 4:4.6.5.1-1 (low)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-61/
-CVE-2016-9851 [phpMyAdmin PMASA-2016-62]
-	RESERVED
+CVE-2016-9851 (An issue was discovered in phpMyAdmin. With a crafted request ...)
 	- phpmyadmin 4:4.6.5.1-1 (unimportant)
 	[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
 	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-62/
-CVE-2016-9852 [phpMyAdmin PMASA-2016-63]
-	RESERVED
+CVE-2016-9852 (An issue was discovered in phpMyAdmin. By calling some scripts that ...)
 	- phpmyadmin 4:4.6.5.1-1 (unimportant)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/
 	NOTE: path disclosure not relevant in Debian
-CVE-2016-9853 [phpMyAdmin PMASA-2016-63]
-	RESERVED
+CVE-2016-9853 (An issue was discovered in phpMyAdmin. By calling some scripts that ...)
 	- phpmyadmin 4:4.6.5.1-1 (unimportant)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/
 	NOTE: path disclosure not relevant in Debian
-CVE-2016-9854 [phpMyAdmin PMASA-2016-63]
-	RESERVED
+CVE-2016-9854 (An issue was discovered in phpMyAdmin. By calling some scripts that ...)
 	- phpmyadmin 4:4.6.5.1-1 (unimportant)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/
 	NOTE: path disclosure not relevant in Debian
-CVE-2016-9855 [phpMyAdmin PMASA-2016-63]
-	RESERVED
+CVE-2016-9855 (An issue was discovered in phpMyAdmin. By calling some scripts that ...)
 	- phpmyadmin 4:4.6.5.1-1 (unimportant)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/
 	NOTE: path disclosure not relevant in Debian
-CVE-2016-9856 [phpMyAdmin PMASA-2016-64]
-	RESERVED
+CVE-2016-9856 (An XSS issue was discovered in phpMyAdmin because of an improper fix ...)
 	- phpmyadmin 4:4.6.5.1-1 (unimportant)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-64/
-CVE-2016-9857 [phpMyAdmin PMASA-2016-64]
-	RESERVED
+CVE-2016-9857 (An issue was discovered in phpMyAdmin. XSS is possible because of a ...)
 	- phpmyadmin 4:4.6.5.1-1 (unimportant)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-64/
-CVE-2016-9858 [phpMyAdmin PMASA-2016-65]
-	RESERVED
+CVE-2016-9858 (An issue was discovered in phpMyAdmin. With a crafted request ...)
 	- phpmyadmin 4:4.6.5.1-1 (unimportant)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/
-CVE-2016-9859 [phpMyAdmin PMASA-2016-65]
-	RESERVED
+CVE-2016-9859 (An issue was discovered in phpMyAdmin. With a crafted request ...)
 	- phpmyadmin 4:4.6.5.1-1 (unimportant)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/
-CVE-2016-9860 [phpMyAdmin PMASA-2016-65]
-	RESERVED
+CVE-2016-9860 (An issue was discovered in phpMyAdmin. An unauthenticated user can ...)
 	- phpmyadmin 4:4.6.5.1-1 (unimportant)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/
-CVE-2016-9861 [phpMyAdmin PMASA-2016-66]
-	RESERVED
+CVE-2016-9861 (An issue was discovered in phpMyAdmin. Due to the limitation in URL ...)
 	- phpmyadmin 4:4.6.5.1-1 (low)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-66/
-CVE-2016-9862 [phpMyAdmin PMASA-2016-67]
-	RESERVED
+CVE-2016-9862 (An issue was discovered in phpMyAdmin. With a crafted login request it ...)
 	- phpmyadmin 4:4.6.5.1-1
 	[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
 	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-67/
-CVE-2016-9863 [phpMyAdmin PMASA-2016-68]
-	RESERVED
+CVE-2016-9863 (An issue was discovered in phpMyAdmin. With a very large request to ...)
 	- phpmyadmin 4:4.6.5.1-1 (unimportant)
 	[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
 	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-68/
-CVE-2016-9864 [phpMyAdmin PMASA-2016-69]
-	RESERVED
+CVE-2016-9864 (An issue was discovered in phpMyAdmin. With a crafted username or a ...)
 	- phpmyadmin 4:4.6.5.1-1
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-69/
-CVE-2016-9865 [phpMyAdmin PMASA-2016-70]
-	RESERVED
+CVE-2016-9865 (An issue was discovered in phpMyAdmin. Due to a bug in serialized ...)
 	- phpmyadmin 4:4.6.5.1-1
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-70/
-CVE-2016-9866 [phpMyAdmin PMASA-2016-71]
-	RESERVED
+CVE-2016-9866 (An issue was discovered in phpMyAdmin. When the arg_separator is ...)
 	- phpmyadmin 4:4.6.5.1-1 (unimportant)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-71/
 	NOTE: unlikely PHP configuration required, unclear impact
@@ -8173,75 +8166,63 @@
 	NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2
 	NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9
 	NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
-CVE-2016-9633
-	RESERVED
+CVE-2016-9633 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-33
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/23
-CVE-2016-9632
-	RESERVED
+CVE-2016-9632 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-33
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/43
-CVE-2016-9631
-	RESERVED
+CVE-2016-9631 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-33
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/42
-CVE-2016-9630
-	RESERVED
+CVE-2016-9630 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-33
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/41
-CVE-2016-9629
-	RESERVED
+CVE-2016-9629 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-33
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/40
-CVE-2016-9628
-	RESERVED
+CVE-2016-9628 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-33
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/39
-CVE-2016-9627
-	RESERVED
+CVE-2016-9627 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-33
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/38
 	NOTE: https://github.com/tats/w3m/commit/0c3f5d0e0d9269ad47b8f4b061d7818993913189
-CVE-2016-9626
-	RESERVED
+CVE-2016-9626 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-33
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/37
-CVE-2016-9625
-	RESERVED
+CVE-2016-9625 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-33
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/36
-CVE-2016-9624
-	RESERVED
+CVE-2016-9624 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-33
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/35
-CVE-2016-9623
-	RESERVED
+CVE-2016-9623 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-33
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/33
-CVE-2016-9622
-	RESERVED
+CVE-2016-9622 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-33
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
@@ -8340,6 +8321,7 @@
 CVE-2016-9444
 	RESERVED
 CVE-2016-9928 [MCabber before 1.0.4 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza]
+	RESERVED
 	{DLA-724-1}
 	- mcabber <unfixed> (bug #845258)
 	[jessie] - mcabber <no-dsa> (Minor issue)
@@ -8682,44 +8664,37 @@
 	- drupal7 7.52-1
 	NOTE: https://www.drupal.org/SA-CORE-2016-005
 	NOTE: http://www.openwall.com/lists/oss-security/2016/11/18/8
-CVE-2016-9443
-	RESERVED
+CVE-2016-9443 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-30
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/28
-CVE-2016-9442
-	RESERVED
+CVE-2016-9442 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-30
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/commit/d43527cfa0dbb3ccefec4a6f7b32c1434739aa29
-CVE-2016-9441
-	RESERVED
+CVE-2016-9441 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-30
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/24
-CVE-2016-9440
-	RESERVED
+CVE-2016-9440 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-30
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/22
-CVE-2016-9439
-	RESERVED
+CVE-2016-9439 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-33 (bug #844726)
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/20
-CVE-2016-9438
-	RESERVED
+CVE-2016-9438 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-30
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/18
-CVE-2016-9437
-	RESERVED
+CVE-2016-9437 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-30
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
@@ -8738,50 +8713,42 @@
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/16
 	NOTE: Fixed by: https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd
-CVE-2016-9434
-	RESERVED
+CVE-2016-9434 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-30
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/15
-CVE-2016-9433
-	RESERVED
+CVE-2016-9433 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-30
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/14
-CVE-2016-9432
-	RESERVED
+CVE-2016-9432 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-30
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/13
-CVE-2016-9431
-	RESERVED
+CVE-2016-9431 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-30
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/10
-CVE-2016-9430
-	RESERVED
+CVE-2016-9430 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-30
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/7
-CVE-2016-9429
-	RESERVED
+CVE-2016-9429 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-30
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/29
-CVE-2016-9428
-	RESERVED
+CVE-2016-9428 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-30
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/26
-CVE-2016-9427
-	RESERVED
+CVE-2016-9427 (Integer overflow vulnerability in bdwgc before 2016-09-27 allows ...)
 	{DLA-721-1}
 	[experimental] - libgc 1:7.4.4-1
 	- libgc <unfixed> (bug #844771)
@@ -8789,32 +8756,27 @@
 	NOTE: Fixed by https://github.com/ivmai/bdwgc/commit/4e1a6f9d8f2a49403bbd00b8c8e5324048fb84d4
 	NOTE: Fixed by https://github.com/ivmai/bdwgc/commit/7292c02fac2066d39dd1bcc37d1a7054fd1e32ee
 	NOTE: Fixed by https://github.com/ivmai/bdwgc/commit/552ad0834672fed86ada6430150ef9ebdd3f54d7
-CVE-2016-9426
-	RESERVED
+CVE-2016-9426 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-30
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/25
-CVE-2016-9425
-	RESERVED
+CVE-2016-9425 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-30
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/21
-CVE-2016-9424
-	RESERVED
+CVE-2016-9424 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-30
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/12
-CVE-2016-9423
-	RESERVED
+CVE-2016-9423 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-30
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/9
-CVE-2016-9422
-	RESERVED
+CVE-2016-9422 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
 	- w3m 0.5.3-30
 	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
@@ -9665,8 +9627,7 @@
 	RESERVED
 CVE-2014-9909
 	RESERVED
-CVE-2016-9106 [9pfs: memory leakage in v9fs_write]
-	RESERVED
+CVE-2016-9106 (Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka ...)
 	{DLA-698-1 DLA-689-1}
 	- qemu <unfixed> (bug #842463)
 	- qemu-kvm <removed>
@@ -9676,8 +9637,7 @@
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02623.html
 	NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/4
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=fdfcc9aeea1492f4b819a24c94dfb678145b1bf9
-CVE-2016-9105 [memory leakage in v9fs_link]
-	RESERVED
+CVE-2016-9105 (Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka ...)
 	{DLA-698-1 DLA-689-1}
 	- qemu <unfixed> (bug #842463)
 	- qemu-kvm <removed>
@@ -9687,8 +9647,7 @@
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02608.html
 	NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/3
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=4c1586787ff43c9acd18a56c12d720e3e6be9f7c
-CVE-2016-9104 [9pfs: integer overflow leading to OOB access]
-	RESERVED
+CVE-2016-9104 (Multiple integer overflows in the (1) v9fs_xattr_read and (2) ...)
 	{DLA-698-1 DLA-689-1}
 	- qemu <unfixed> (bug #842463)
 	- qemu-kvm <removed>
@@ -9697,8 +9656,7 @@
 	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.html
 	NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/2
-CVE-2016-9103 [9pfs: information leakage via xattribute]
-	RESERVED
+CVE-2016-9103 (The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick ...)
 	{DLA-698-1 DLA-689-1}
 	- qemu <unfixed> (bug #842463)
 	- qemu-kvm <removed>
@@ -9708,8 +9666,7 @@
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01790.html
 	NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/1
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=eb687602853b4ae656e9236ee4222609f3a6887d
-CVE-2016-9102 [memory leakage when creating extended attribute]
-	RESERVED
+CVE-2016-9102 (Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU ...)
 	{DLA-698-1 DLA-689-1}
 	- qemu <unfixed> (bug #842463)
 	- qemu-kvm <removed>
@@ -9720,8 +9677,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1389550
 	NOTE: http://www.openwall.com/lists/oss-security/2016/10/27/15
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ff55e94d23ae94c8628b0115320157c763eb3e06
-CVE-2016-9101 [net: eepro100 memory leakage at device unplug]
-	RESERVED
+CVE-2016-9101 (Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows ...)
 	{DLA-698-1 DLA-689-1}
 	- qemu <unfixed> (bug #842455)
 	- qemu-kvm <removed>
@@ -9946,15 +9902,13 @@
 CVE-2016-9015 [certificate verification failure]
 	RESERVED
 	- python-urllib3 <not-affected> (Issue only present in 1.17 and 1.18 releases)
-CVE-2016-9014 [DNS rebinding vulnerability when DEBUG=True]
-	RESERVED
+CVE-2016-9014 (Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x ...)
 	{DLA-706-1}
 	- python-django 1:1.10.3-1 (bug #842856)
 	[jessie] - python-django <no-dsa> (Minor issue; can be updated via point release)
 	NOTE: https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
 	NOTE: https://github.com/django/django/commit/7fe2d8d940fdddd1a02c4754008a27060c4a03e9
-CVE-2016-9013 [User with hardcoded password created when running tests on Oracle]
-	RESERVED
+CVE-2016-9013 (Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before ...)
 	- python-django 1:1.10.3-1 (bug #842856)
 	[jessie] - python-django <no-dsa> (Minor issue; can be updated via point release)
 	[wheezy] - python-django <no-dsa> (Minor issue; specific to Oracle)
@@ -12188,8 +12142,7 @@
 	NOTE: Apache say that issue needs to be fixed in any vendor/product using Apache Commons FileUpload
 	NOTE: DiskFileItem as described in the given advisory.
 	NOTE: Thus we are not going to diverge from Apache upstream here.
-CVE-2016-7466 [usb: xhci memory leakage during device unplug]
-	RESERVED
+CVE-2016-7466 (Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU ...)
 	- qemu 1:2.7+dfsg-1 (bug #838687)
 	[jessie] - qemu <no-dsa> (Minor issue, needs qemu monitor access to unplug nec-xhci controller)
 	[wheezy] - qemu <no-dsa> (Minor issue, needs qemu monitor access to unplug nec-xhci controller)
@@ -12337,8 +12290,7 @@
 	NOTE: LSI SAS1068 (mptsas) device support added in
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=e351b82611293683c4cabe4b69b7552bde5d4e2a (v2.6.0-rc0)
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=670e56d3ed2918b3861d9216f2c0540d9e9ae0d5
-CVE-2016-7422 [virtio: null pointer dereference in virtqueue_map_desc]
-	RESERVED
+CVE-2016-7422 (The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka ...)
 	- qemu 1:2.7+dfsg-1 (bug #838146)
 	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
 	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
@@ -12350,8 +12302,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1376755
 	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=3b3b0628217e2726069990ff9942a5d6d9816bd7 (v2.6.0-rc0)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/4
-CVE-2016-7421 [scsi: pvscsi: infinite loop when processing IO requests]
-	RESERVED
+CVE-2016-7421 (The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU ...)
 	- qemu 1:2.7+dfsg-1 (bug #838147)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after 1.5)
 	- qemu-kvm <not-affected> (Vulnerable code not present, introduced after 1.5)
@@ -13442,8 +13393,7 @@
 	NOTE: 1.3.21-2 the build is done with --with-quantum-depth=16 switching
 	NOTE: away from the default with QuantumDepth=8
 	NOTE: patch for this and CVE-2016-7997 at: http://openwall.com/lists/oss-security/2016/10/07/4
-CVE-2016-7995 [usb: hcd-ehci: memory leak in ehci_process_itd]
-	RESERVED
+CVE-2016-7995 (Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in ...)
 	- qemu <unfixed> (bug #840236)
 	[jessie] - qemu <not-affected> (Vulnerable code introduced in v2.6.0-rc0)
 	[wheezy] - qemu <not-affected> (Vulnerable code introduced in v2.6.0-rc0)
@@ -13457,8 +13407,7 @@
 	NOTE: Though this commit fixed an OOB read access issue which might need
 	NOTE: potentially a new separate CVE id if it does not have one yet.
 	TODO: double-check notes and analysis
-CVE-2016-7994 [virtio-gpu: memory leak in virtio_gpu_resource_create_2d]
-	RESERVED
+CVE-2016-7994 (Memory leak in the virtio_gpu_resource_create_2d function in ...)
 	- qemu <unfixed> (bug #840228)
 	[jessie] - qemu <not-affected> (Vulnerable code introduced in 2.4.0-rc0)
 	[wheezy] - qemu <not-affected> (Vulnerable code introduced in 2.4.0-rc0)
@@ -15586,8 +15535,7 @@
 	RESERVED
 CVE-2016-7171 (NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use ...)
 	TODO: check
-CVE-2016-7170 [vmware_vga: OOB stack memory access when processing svga command]
-	RESERVED
+CVE-2016-7170 (The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka ...)
 	{DLA-653-1 DLA-652-1}
 	- qemu <unfixed> (bug #837316)
 	- qemu-kvm <removed>
@@ -15709,8 +15657,7 @@
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ed38046c5c2e3b310980be32287179895c83e0d8 (n3.1.4)
 CVE-2016-7121
 	RESERVED
-CVE-2016-7155 [scsi: pvscsi: OOB read and infinite loop while setting descriptor rings]
-	RESERVED
+CVE-2016-7155 (hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest ...)
 	- qemu 1:2.6+dfsg-3.1 (bug #837174)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after v1.5)
@@ -15723,8 +15670,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373462
 	NOTE: http://www.openwall.com/lists/oss-security/2016/09/06/2
 	NOTE: Vulnerable code introduced after version 1.5: http://wiki.qemu.org/ChangeLog/1.5
-CVE-2016-7156 [scsi: pvscsi: infintie loop when building SG list]
-	RESERVED
+CVE-2016-7156 (The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU ...)
 	- qemu 1:2.6+dfsg-3.1 (bug #837339)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after v1.5)
@@ -15737,8 +15683,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373478
 	NOTE: http://www.openwall.com/lists/oss-security/2016/09/06/3
 	NOTE: Vulnerable code introduced after version 1.5: http://wiki.qemu.org/ChangeLog/1.5
-CVE-2016-7157 [mptsas: invalid memory access while building  configuration pages]
-	RESERVED
+CVE-2016-7157 (The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 ...)
 	- qemu 1:2.6+dfsg-3.1 (bug #837603)
 	[jessie] - qemu <not-affected> (Vulnerable code not present, introduced after v2.6)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after v2.6)
@@ -15941,8 +15886,7 @@
 	NOTE: Bit of complicated tracking information. For jessie the affected version is not in any yet
 	NOTE: released version, thus should be n/a. wheezy OTOH, has already the issue in a released version. Issue then was fixed in 3.2.81-2 in DLA-609-1
 	NOTE: http://www.openwall.com/lists/oss-security/2016/08/31/1
-CVE-2016-7116 [9p: directory traversal flaw in 9p virtio backend]
-	RESERVED
+CVE-2016-7116 (Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick ...)
 	{DLA-619-1 DLA-618-1}
 	- qemu 1:2.6+dfsg-3.1 (bug #836502)
 	[jessie] - qemu <no-dsa> (Minor issue)
@@ -16627,8 +16571,8 @@
 	NOT-FOR-US: Huawei FusionAccess
 CVE-2016-6838 (Huawei X6800 and XH620 V3 servers with software before ...)
 	NOT-FOR-US: Huawei FusionServer
-CVE-2016-6829
-	RESERVED
+CVE-2016-6829 (The trove service user in (1) Openstack deployment (aka ...)
+	TODO: check
 CVE-2016-6827 (Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES ...)
 	NOT-FOR-US: Huawei FusionCompute
 CVE-2016-6826 (Huawei AnyMail before 2.6.0301.0060 allows remote attackers to cause a ...)
@@ -16637,8 +16581,7 @@
 	NOT-FOR-US: Huawei FusionServer Node
 CVE-2016-6824 (Huawei AC6003, AC6005, AC6605, and ACU2 access controllers with ...)
 	NOT-FOR-US: Huawei Campus Switch
-CVE-2016-6888 [net: vmxnet: integer overflow in packet initialisation]
-	RESERVED
+CVE-2016-6888 (Integer overflow in the net_tx_pkt_init function in ...)
 	- qemu 1:2.6+dfsg-3.1 (bug #834902)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
@@ -17118,8 +17061,7 @@
 	[wheezy] - imagemagick 8:6.7.7.10-5+deb7u8
 	NOTE: Workaround entry for DLA-731-1 until CVE is assigned
 	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30245
-CVE-2016-6833 [net: vmxnet3: use after free while writing]
-	RESERVED
+CVE-2016-6833 (Use-after-free vulnerability in the vmxnet3_io_bar0_write function in ...)
 	- qemu 1:2.6+dfsg-3.1 (bug #834904)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
 	- qemu-kvm <removed>
@@ -17130,8 +17072,7 @@
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=6c352ca9b4ee3e1e286ea9e8434bd8e69ac7d0d8
 	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01602.html
 	NOTE: http://www.openwall.com/lists/oss-security/2016/08/12/1
-CVE-2016-6834 [an infinite loop during packet fragmentation]
-	RESERVED
+CVE-2016-6834 (The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in ...)
 	- qemu 1:2.6+dfsg-3.1 (bug #834905)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present, packet abstraction introduced in 1.5)
@@ -17143,8 +17084,7 @@
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05
 	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01601.html
 	NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/8
-CVE-2016-6835 [buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device emulation]
-	RESERVED
+CVE-2016-6835 (The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in ...)
 	- qemu 1:2.6+dfsg-3.1 (bug #835031)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
 	- qemu-kvm <removed>
@@ -17154,8 +17094,7 @@
 	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-stable/2016-08/msg00077.html
 	NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/7
-CVE-2016-6836 [Information leak in vmxnet3_complete_packet]
-	RESERVED
+CVE-2016-6836 (The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka ...)
 	- qemu 1:2.6+dfsg-3.1 (bug #834944)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
@@ -17346,47 +17285,38 @@
 	NOTE: http://codex.wordpress.org/Version_4.5
 	NOTE: Fixed by: https://core.trac.wordpress.org/changeset/37124
 	NOTE: Fixed by: https://github.com/WordPress/WordPress/commit/cb2b3ed3c7d68f6505bfb5c90257e6aaa3e5fcb9
-CVE-2016-6633
-	RESERVED
+CVE-2016-6633 (An issue was discovered in phpMyAdmin. phpMyAdmin can be used to ...)
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
-CVE-2016-6632
-	RESERVED
+CVE-2016-6632 (An issue was discovered in phpMyAdmin where, under certain conditions, ...)
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-55/
-CVE-2016-6631
-	RESERVED
+CVE-2016-6631 (An issue was discovered in phpMyAdmin. A user can execute a remote ...)
 	{DLA-626-1}
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-54/
-CVE-2016-6630
-	RESERVED
+CVE-2016-6630 (An issue was discovered in phpMyAdmin. An authenticated user can ...)
 	{DLA-626-1}
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-53/
-CVE-2016-6629
-	RESERVED
+CVE-2016-6629 (An issue was discovered in phpMyAdmin involving the ...)
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-52/
-CVE-2016-6628
-	RESERVED
+CVE-2016-6628 (An issue was discovered in phpMyAdmin. An attacker may be able to ...)
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-51/
-CVE-2016-6627
-	RESERVED
+CVE-2016-6627 (An issue was discovered in phpMyAdmin. An attacker can determine the ...)
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	[wheezy] - phpmyadmin <no-dsa> (Not critical enough)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-50/
-CVE-2016-6626
-	RESERVED
+CVE-2016-6626 (An issue was discovered in phpMyAdmin. An attacker could redirect a ...)
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-49/
-CVE-2016-6625
-	RESERVED
+CVE-2016-6625 (An issue was discovered in phpMyAdmin. An attacker can determine ...)
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	[wheezy] - phpmyadmin <no-dsa> (Not critical enough)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-48/
@@ -17396,18 +17326,15 @@
 	NOTE: printing can show more information than what should be used in
 	NOTE: a production environment. This is the motivation that it is not
 	NOTE: solved for wheezy.
-CVE-2016-6624
-	RESERVED
+CVE-2016-6624 (An issue was discovered in phpMyAdmin involving improper enforcement ...)
 	{DLA-626-1}
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-47/
-CVE-2016-6623
-	RESERVED
+CVE-2016-6623 (An issue was discovered in phpMyAdmin. An authorized user can cause a ...)
 	{DLA-626-1}
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-46/
-CVE-2016-6622
-	RESERVED
+CVE-2016-6622 (An issue was discovered in phpMyAdmin. An unauthenticated user is able ...)
 	{DLA-626-1}
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-45/
@@ -17419,78 +17346,63 @@
 	NOTE: The issue is not public yet, upstream does not want to
 	NOTE: disclose details until fix ready
 	TODO: wait for upstream to release the PMASA-2016-44
-CVE-2016-6620
-	RESERVED
+CVE-2016-6620 (An issue was discovered in phpMyAdmin. Some data is passed to the PHP ...)
 	{DLA-626-1}
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-43/
-CVE-2016-6619
-	RESERVED
+CVE-2016-6619 (An issue was discovered in phpMyAdmin. In the user interface ...)
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-42/
-CVE-2016-6618
-	RESERVED
+CVE-2016-6618 (An issue was discovered in phpMyAdmin. The transformation feature ...)
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-41/
-CVE-2016-6617
-	RESERVED
+CVE-2016-6617 (An issue was discovered in phpMyAdmin. A specially crafted database ...)
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	[jessie] - phpmyadmin <not-affected> (Only affects 4.6.x)
 	[wheezy] - phpmyadmin <not-affected> (Only affects 4.6.x)
-CVE-2016-6616
-	RESERVED
+CVE-2016-6616 (An issue was discovered in phpMyAdmin. In the "User group" and ...)
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	[wheezy] - phpmyadmin <not-affected> (Only affects 4.4.x onward)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-39/
-CVE-2016-6615
-	RESERVED
+CVE-2016-6615 (XSS issues were discovered in phpMyAdmin. This affects navigation pane ...)
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-38/
-CVE-2016-6614
-	RESERVED
+CVE-2016-6614 (An issue was discovered in phpMyAdmin involving the %u username ...)
 	{DLA-626-1}
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-37/
-CVE-2016-6613
-	RESERVED
+CVE-2016-6613 (An issue was discovered in phpMyAdmin. A user can specially craft a ...)
 	{DLA-626-1}
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-36/
-CVE-2016-6612
-	RESERVED
+CVE-2016-6612 (An issue was discovered in phpMyAdmin. A user can exploit the LOAD ...)
 	{DLA-626-1}
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-35/
-CVE-2016-6611
-	RESERVED
+CVE-2016-6611 (An issue was discovered in phpMyAdmin. A specially crafted database ...)
 	{DLA-626-1}
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-34/
-CVE-2016-6610
-	RESERVED
+CVE-2016-6610 (A full path disclosure vulnerability was discovered in phpMyAdmin ...)
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-33/
-CVE-2016-6609
-	RESERVED
+CVE-2016-6609 (An issue was discovered in phpMyAdmin. A specially crafted database ...)
 	{DLA-626-1}
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-32/
-CVE-2016-6608
-	RESERVED
+CVE-2016-6608 (XSS issues were discovered in phpMyAdmin. This affects the database ...)
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	[jessie] - phpmyadmin <not-affected> (Only affects 4.6.x)
 	[wheezy] - phpmyadmin <not-affected> (Only affects 4.6.x)
-CVE-2016-6607
-	RESERVED
+CVE-2016-6607 (XSS issues were discovered in phpMyAdmin. This affects Zoom search ...)
 	{DLA-626-1}
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-30/
-CVE-2016-6606
-	RESERVED
+CVE-2016-6606 (An issue was discovered in cookie encryption in phpMyAdmin. The ...)
 	{DLA-626-1}
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-29/
@@ -17950,8 +17862,8 @@
 	RESERVED
 CVE-2016-6502
 	RESERVED
-CVE-2016-6501
-	RESERVED
+CVE-2016-6501 (JFrog Artifactory before 4.11 allows remote attackers to execute ...)
+	TODO: check
 CVE-2016-6500
 	RESERVED
 CVE-2016-6499
@@ -17960,15 +17872,14 @@
 	RESERVED
 CVE-2016-6497
 	RESERVED
-CVE-2016-6496
-	RESERVED
+CVE-2016-6496 (The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x ...)
+	TODO: check
 CVE-2016-6525 (Heap-based buffer overflow in the pdf_load_mesh_params function in ...)
 	{DSA-3655-1 DLA-589-1}
 	- mupdf 1.9a+ds1-1.2 (bug #833417)
 	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696954
 	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e
-CVE-2016-6523 [reflected XSS vulnerabilities in media manager]
-	RESERVED
+CVE-2016-6523 (Multiple cross-site scripting (XSS) vulnerabilities in the media ...)
 	- dotclear <removed>
 	[jessie] - dotclear <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://hg.dotclear.org/dotclear/rev/40d0207e520d
@@ -18126,8 +18037,7 @@
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12495
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=581a17af40b84ef0c9e7f41ed0795af345b61ce1
 	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
-CVE-2016-6490 [virtio: infinite loop in virtqueue_pop]
-	RESERVED
+CVE-2016-6490 (The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka ...)
 	- qemu 1:2.6+dfsg-3.1 (bug #832767)
 	[jessie] - qemu <not-affected> (Vulnerable code not present)
 	[wheezy] - qemu <not-affected> (Issue introduced later)
@@ -18504,8 +18414,7 @@
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617
 CVE-2016-6322 (Red Hat QuickStart Cloud Installer (QCI) uses world-readable ...)
 	NOT-FOR-US: ovirt-engine
-CVE-2016-6321 [Bypassing the extract path name]
-	RESERVED
+CVE-2016-6321 (Directory traversal vulnerability in the safer_name_suffix function in ...)
 	{DSA-3702-1 DLA-690-1}
 	- tar 1.29b-1.1 (bug #842339)
 	NOTE: https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt
@@ -18612,8 +18521,7 @@
 	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=e97763c92c655dcf4af2860b3abd2bc4c8a267f9
 	NOTE: https://www.openssl.org/news/secadv/20160922.txt
 	NOTE: Fixed in 1.0.2i, 1.0.1u
-CVE-2016-6301 [NTP server denial of service flaw]
-	RESERVED
+CVE-2016-6301 (The recv_and_process_client_pkt function in networking/ntpd.c in ...)
 	- busybox <unfixed> (unimportant; bug #833442)
 	NOTE: NTP server not enabled by default in debian/config/pkg/* via CONFIG_NTPD
 	NOTE: Fixed by: https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71
@@ -21574,8 +21482,7 @@
 	- tomcat7 <not-affected> (Red Hat and derivatives packaging specific)
 	- tomcat6 <not-affected> (Red Hat and derivatives packaging specific)
 	NOTE: http://legalhackers.com/advisories/Tomcat-RedHat-Pkgs-Root-PrivEsc-Exploit-CVE-2016-5425.html
-CVE-2016-5424 [Fix client programs' handling of special characters in database and role names]
-	RESERVED
+CVE-2016-5424 (PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, ...)
 	{DSA-3646-1 DLA-592-1}
 	- postgresql-9.5 9.5.4-1
 	- postgresql-9.4 <removed>
@@ -21583,8 +21490,7 @@
 	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
 	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=fcd15f13581f6d75c63d213220d5a94889206c1b
 	NOTE: https://www.postgresql.org/about/news/1688/
-CVE-2016-5423 [possible mis-evaluation of nested CASE-WHEN expressions]
-	RESERVED
+CVE-2016-5423 (PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, ...)
 	{DSA-3646-1 DLA-592-1}
 	- postgresql-9.5 9.5.4-1
 	- postgresql-9.4 <removed>
@@ -24134,8 +24040,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/05/23/2
 	NOTE: Authenticated TLS "contraints" introduced in 2015-03-24 OpenNTPD 5.7p4
 	NOTE: Option is not enabled at buildtime.
-CVE-2016-4964 [scsi: mptsas infinite loop in mptsas_fetch_requests]
-	RESERVED
+CVE-2016-4964 (The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka ...)
 	- qemu 1:2.6+dfsg-2 (bug #825207)
 	[jessie] - qemu <not-affected> (LSI SAS1068 (mptsas) device support added later)
 	[wheezy] - qemu <not-affected> (LSI SAS1068 (mptsas) device support added later)
@@ -33080,8 +32985,8 @@
 	NOTE: Introduced by: https://git.kernel.org/linus/8b13eddfdf04cbfa561725cfc42d6868fe896f56 (v3.19-rc1)
 	NOTE: Fixed by: https://git.kernel.org/linus/94f9cd81436c85d8c3a318ba92e236ede73752fc (v4.4-rc1)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/27/6
-CVE-2015-8786
-	RESERVED
+CVE-2015-8786 (The Management plugin in RabbitMQ before 3.6.1 allows remote ...)
+	TODO: check
 CVE-2016-XXXX [out of bound read and write issues]
 	- giflib 5.1.4-0.1 (bug #820594)
 	[jessie] - giflib <no-dsa> (Minor issue)




More information about the Secure-testing-commits mailing list