[Secure-testing-commits] r47038 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Dec 13 21:10:16 UTC 2016 

Author: sectracker
Date: 2016-12-13 21:10:16 +0000 (Tue, 13 Dec 2016)
New Revision: 47038

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-12-13 21:07:34 UTC (rev 47037)
+++ data/CVE/list	2016-12-13 21:10:16 UTC (rev 47038)
@@ -1,3 +1,21 @@
+CVE-2016-9948
+	RESERVED
+CVE-2016-9947
+	RESERVED
+CVE-2016-9946
+	RESERVED
+CVE-2016-9945
+	RESERVED
+CVE-2016-9944
+	RESERVED
+CVE-2016-9943
+	RESERVED
+CVE-2016-9942
+	RESERVED
+CVE-2016-9941
+	RESERVED
+CVE-2016-9940
+	RESERVED
 CVE-2016-XXXX [Incorrect signature verification]
 	- simplesamlphp 1.14.11-1
 	NOTE: https://simplesamlphp.org/security/201612-02
@@ -6,9 +24,11 @@
 	- game-music-emu <unfixed> (bug #848071)
 	NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
 CVE-2016-9939 [denial-of-service in ASN1 decoder]
+	RESERVED
 	- libcrypto++ <unfixed> (bug #848009)
 	NOTE: https://github.com/weidai11/cryptopp/issues/346
 CVE-2016-9932 [x86 CMPXCHG8B emulation fails to ignore operand size override]
+	RESERVED
 	- xen <unfixed> (bug #848081)
 	NOTE: https://xenbits.xen.org/xsa/advisory-200.html
 CVE-2016-9931
@@ -26,12 +46,14 @@
 CVE-2016-9924
 	RESERVED
 CVE-2016-9936 [Use After Free in PHP7 unserialize()]
+	RESERVED
 	- php7.0 7.0.14-1
 	NOTE: Fixed in PHP 7.0.14 and 7.1.0
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72978
 	NOTE: Fixed by: https://github.com/php/php-src/commit/b2af4e8868726a040234de113436c6e4f6372d17
 	NOTE: http://www.openwall.com/lists/oss-security/2016/12/12/2
 CVE-2016-9935 [Invalid read when wddx decodes empty boolean element]
+	RESERVED
 	- php7.0 7.0.14-1
 	- php5 <unfixed>
 	NOTE: Fixed in PHP 5.6.29 and 7.0.14
@@ -39,6 +61,8 @@
 	NOTE: Fixed by: https://github.com/php/php-src/commit/66fd44209d5ffcb9b3d1bc1b9fd8e35b485040c0
 	NOTE: http://www.openwall.com/lists/oss-security/2016/12/12/2
 CVE-2016-9934 [NULL Pointer Dereference in WDDX Packet Deserialization with PDORow]
+	RESERVED
+	{DSA-3732-1}
 	- php7.0 7.0.13-1
 	- php5 <unfixed>
 	NOTE: Fixed in PHP 5.6.28, 7.0.13 and 7.1.0
@@ -46,6 +70,8 @@
 	NOTE: Fixed by: https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d
 	NOTE: http://www.openwall.com/lists/oss-security/2016/12/12/2
 CVE-2016-9933 [imagefilltoborder stackoverflow on truecolor images]
+	RESERVED
+	{DSA-3732-1}
 	- libgd2 2.2.2-29-g3c2b605-1
 	NOTE: https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e (gd-2.2.2)
 	NOTE: Scope of CVE is only the missing "color < 0" test in older versions.
@@ -56,14 +82,14 @@
 	NOTE: Fixed by: https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1
 	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
 	NOTE: http://www.openwall.com/lists/oss-security/2016/12/12/2
-CVE-2016-9937 [AST-2016-008]
+CVE-2016-9937 (An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x ...)
 	- asterisk <not-affected> (Introduced in 13.12.0 but fixed with first version to unstable based on 13.12.1)
 	NOTE: Vulnerability introduced in 13.12.0, but the first upload to unstable
 	NOTE: versioned as 1:13.12.1~dfsg-1 via opus.patch removed the offending
 	NOTE: function. Thus Debian was never vulnerable.
 	NOTE: http://downloads.asterisk.org/pub/security/AST-2016-008.html
 	NOTE: Cf. https://bugs.debian.org/847666
-CVE-2016-9938 [AST-2016-009]
+CVE-2016-9938 (An issue was discovered in Asterisk Open Source 11.x before 11.25.1, ...)
 	- asterisk <unfixed> (bug #847668)
 	[jessie] - asterisk <no-dsa> (Minor issue)
 	NOTE: http://downloads.asterisk.org/pub/security/AST-2016-009.html
@@ -2024,6 +2050,7 @@
 	NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
 CVE-2016-9844 [zipinfo buffer overflow]
 	RESERVED
+	{DLA-741-1}
 	- unzip 6.0-21 (bug #847486)
 	[jessie] - unzip <no-dsa> (Minor issue)
 	NOTE: https://launchpad.net/bugs/1643750
@@ -2031,6 +2058,7 @@
 	NOTE: Proposed patch in http://www.openwall.com/lists/oss-security/2016/12/05/19
 CVE-2014-9913 [Buffer overflow in "unzip -l" via list_files() in list.c]
 	RESERVED
+	{DLA-741-1}
 	- unzip 6.0-21 (bug #847485)
 	[jessie] - unzip <no-dsa> (Minor issue)
 	NOTE: Upstream bug: http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450
@@ -10732,6 +10760,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/10/18/11
 CVE-2016-9138 [Issues from Upstream bug #73147 still unfixed in 5.6.27 and 7.0.12]
 	RESERVED
+	{DSA-3732-1}
 	- php7.0 <unfixed>
 	- php5 <unfixed>
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73147
@@ -22528,6 +22557,7 @@
 	NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/8d175c4edfe7
 CVE-2016-5240
 	RESERVED
+	{DLA-547-1}
 	- graphicsmagick 1.3.24-1
 	NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ddc999ec896c
 CVE-2016-5237
@@ -34855,7 +34885,7 @@
 	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
 	NOTE: http://xenbits.xen.org/xsa/advisory-167.html
 CVE-2016-1567 (chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer ...)
-	{DLA-414-1}
+	{DLA-742-1 DLA-414-1}
 	- chrony 2.2.1-1 (low; bug #812923)
 	[jessie] - chrony 1.30-2+deb8u2
 	NOTE: http://www.talosintel.com/reports/TALOS-2016-0071/
@@ -36107,6 +36137,7 @@
 	RESERVED
 CVE-2016-1252
 	RESERVED
+	{DSA-3733-1}
 	- apt 1.4~beta2
 	[wheezy] - apt <not-affected> (Issue introduced in apt >= 0.9.8)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1647467

More information about the Secure-testing-commits mailing list