[Secure-testing-commits] r47359 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Thu Dec 22 21:10:25 UTC 2016 

Author: sectracker
Date: 2016-12-22 21:10:24 +0000 (Thu, 22 Dec 2016)
New Revision: 47359

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-12-22 19:52:26 UTC (rev 47358)
+++ data/CVE/list	2016-12-22 21:10:24 UTC (rev 47359)
@@ -687,7 +687,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/12/12/2
 CVE-2016-9933 [imagefilltoborder stackoverflow on truecolor images]
 	RESERVED
-	{DSA-3732-1}
+	{DSA-3732-1 DLA-758-1}
 	- libgd2 2.2.2-29-g3c2b605-1 (bug #849038)
 	NOTE: This problem could be seen as a programmer fault but the fix is easy and
 	NOTE: the effect is rather dramatic so it should be fixed anyway.
@@ -8775,6 +8775,7 @@
 	NOTE: PHP workaround for CVE-2014-9911 in icu
 	TODO: double-check first fixing version in unstable
 CVE-2016-4412 (An issue was discovered in phpMyAdmin. A user can be tricked into ...)
+	{DLA-757-1}
 	- phpmyadmin 4:4.1.7-1
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-57/
 	NOTE: may affect wheezy only.
@@ -8787,9 +8788,11 @@
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-59/
 	NOTE: disabled by default, debugging setting required
 CVE-2016-9849 (An issue was discovered in phpMyAdmin. It is possible to bypass ...)
+	{DLA-757-1}
 	- phpmyadmin 4:4.6.5.1-1
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-60/
 CVE-2016-9850 (An issue was discovered in phpMyAdmin. Username matching for the ...)
+	{DLA-757-1}
 	- phpmyadmin 4:4.6.5.1-1 (low)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-61/
 CVE-2016-9851 (An issue was discovered in phpMyAdmin. With a crafted request ...)
@@ -8829,6 +8832,7 @@
 	- phpmyadmin 4:4.6.5.1-1 (unimportant)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/
 CVE-2016-9861 (An issue was discovered in phpMyAdmin. Due to the limitation in URL ...)
+	{DLA-757-1}
 	- phpmyadmin 4:4.6.5.1-1 (low)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-66/
 CVE-2016-9862 (An issue was discovered in phpMyAdmin. With a crafted login request it ...)
@@ -8842,9 +8846,11 @@
 	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-68/
 CVE-2016-9864 (An issue was discovered in phpMyAdmin. With a crafted username or a ...)
+	{DLA-757-1}
 	- phpmyadmin 4:4.6.5.1-1
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-69/
 CVE-2016-9865 (An issue was discovered in phpMyAdmin. Due to a bug in serialized ...)
+	{DLA-757-1}
 	- phpmyadmin 4:4.6.5.1-1
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-70/
 CVE-2016-9866 (An issue was discovered in phpMyAdmin. When the arg_separator is ...)
@@ -9165,7 +9171,7 @@
 	NOTE: Upstream statement: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31045
 CVE-2016-9556 [Heap buffer overflow in heap-buffer-overflow in IsPixelGray]
 	RESERVED
-	{DSA-3726-1}
+	{DSA-3726-1 DLA-756-1}
 	- imagemagick 8:6.9.6.5+dfsg-1 (bug #845242)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/301
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/174de08d7c81ce147689f3b1c73fadd6bf1c023c
@@ -11386,6 +11392,7 @@
 	REJECTED
 CVE-2016-8707 [ImageMagick Convert Tiff Adobe Deflate Code Execution Vulnerability]
 	RESERVED
+	{DLA-756-1}
 	[experimental] - imagemagick 8:6.9.7.0+dfsg-1
 	- imagemagick <unfixed> (bug #848139)
 	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0216/
@@ -11502,6 +11509,7 @@
 	NOTE: https://github.com/mdadams/jasper/issues/28
 CVE-2016-8866 [memory allocation failure in AcquireMagickMemory (memory.c) (incomplete fix for CVE-2016-8862)]
 	RESERVED
+	{DLA-756-1}
 	- imagemagick <not-affected>
 	NOTE: For incomplete fix of CVE-2016-8862
 	NOTE: https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/
@@ -11525,7 +11533,7 @@
 	NOTE: Only thing the attacker could do here is self-dos own connection
 CVE-2016-8862 [imagemagick: memory allocation failure in AcquireMagickMemory (memory.c)]
 	RESERVED
-	{DSA-3726-1}
+	{DSA-3726-1 DLA-756-1}
 	- imagemagick 8:6.9.6.6+dfsg-1 (bug #845634)
 	NOTE: https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/aea6c6507f55632829e6432f8177a084a57c9fcc
@@ -14814,7 +14822,7 @@
 	NOTE: https://sourceforge.net/p/graphicsmagick/code/ci/5c7b6d6094a25e99c57f8b18343914ebfd8213ef/
 CVE-2016-7799 [mogrify global buffer overflow]
 	RESERVED
-	{DSA-3726-1}
+	{DSA-3726-1 DLA-756-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #840437)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/280
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a7bb158b7bedd1449a34432feb3a67c8f1873bfa
@@ -16371,8 +16379,8 @@
 	RESERVED
 CVE-2016-7173
 	RESERVED
-CVE-2016-7172
-	RESERVED
+CVE-2016-7172 (NetApp Snap Creator Framework before 4.3.1 discloses sensitive ...)
+	TODO: check
 CVE-2016-7171 (NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use ...)
 	TODO: check
 CVE-2016-7170 (The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka ...)
@@ -18167,6 +18175,7 @@
 	[wheezy] - phpmyadmin <no-dsa> (Not critical enough)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-50/
 CVE-2016-6626 (An issue was discovered in phpMyAdmin. An attacker could redirect a ...)
+	{DLA-757-1}
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-49/
@@ -20998,8 +21007,7 @@
 	[jessie] - php-pecl-http <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.php.net/bug.php?id=71719
 	NOTE: https://github.com/m6w6/ext-http/commit/3724cd76a28be1d6049b5537232e97ac567ae1f5/def
-CVE-2016-5851 [XXE]
-	RESERVED
+CVE-2016-5851 (python-docx before 0.8.6 allows context-dependent attackers to conduct ...)
 	NOT-FOR-US: python-docx
 CVE-2016-5849 (Siemens SICAM PAS through 8.07 allows local users to obtain sensitive ...)
 	NOT-FOR-US: Siemens SICAM PAS
@@ -32567,8 +32575,8 @@
 	NOT-FOR-US: Accellion
 CVE-2016-2350 (Multiple cross-site scripting (XSS) vulnerabilities on the Accellion ...)
 	NOT-FOR-US: Accellion
-CVE-2016-2349
-	RESERVED
+CVE-2016-2349 (Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 ...)
+	TODO: check
 CVE-2016-2348
 	RESERVED
 CVE-2016-2347 [decode_level3_header heap corruption vulnerability]

More information about the Secure-testing-commits mailing list