[Secure-testing-commits] r42297 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Jun 3 21:10:09 UTC 2016
Author: sectracker
Date: 2016-06-03 21:10:08 +0000 (Fri, 03 Jun 2016)
New Revision: 42297
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-06-03 19:44:08 UTC (rev 42296)
+++ data/CVE/list 2016-06-03 21:10:08 UTC (rev 42297)
@@ -1,3 +1,19 @@
+CVE-2016-1000002
+ RESERVED
+CVE-2014-9861
+ RESERVED
+CVE-2014-9860
+ RESERVED
+CVE-2014-9859
+ RESERVED
+CVE-2014-9858
+ RESERVED
+CVE-2014-9857
+ RESERVED
+CVE-2014-9856
+ RESERVED
+CVE-2014-9855
+ RESERVED
CVE-2016-5244 [rds: fix an infoleak in rds_inc_info_copy]
- linux <unfixed>
NOTE: https://patchwork.ozlabs.org/patch/629110/
@@ -5,9 +21,11 @@
- linux <unfixed>
NOTE: https://patchwork.ozlabs.org/patch/629100/
CVE-2016-5241
+ RESERVED
- graphicsmagick 1.3.24-1
NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/8d175c4edfe7
CVE-2016-5240
+ RESERVED
- graphicsmagick 1.3.24-1
NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ddc999ec896c
CVE-2016-5237
@@ -19,117 +37,170 @@
CVE-2014-9803
RESERVED
CVE-2014-9804 [Avoid a DOS in vision.c due to an infinite loop]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9805 [Avoid a SEGV due to a corrupted pnm file]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9806 [Do not leak fd due to corrupted file]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9807 [Fix a double free in pdb coder]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9808 [Fix a SEGV due to corrupted dpc images]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9809 [Fix a SEGV due to corrupted xwd images]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9810 [Fix a SEGV in dpx file handler]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9811 [Fix a SEGV in malformed xwd file handler]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9812 [Avoid a NULL pointer dereference in ps file handling]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9813 [Fix a crash with corrupted viff file]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9814 [Fix a NULL pointer dereference in wpg file handling]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9815 [Do not continue on corrupted wpg file]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9816 [Avoid an out of bound access in viff image]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9817 [Avoid a heap buffer overflow in pdb file handling]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9818 [Avoid an out of bound access on malformed sun file]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9819 [Avoid heap overflow in palm files]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9820 [Avoid heap overflow in pnm files]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9821 [Avoid heap overflow in xpm files]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9822 [Fix heap overflow in quantum file]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9823 [Fix heap overflow in palm file]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9824 [Fix heap overflow in psd file]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9825 [Fix handling of corrupted of psd file]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9826 [Fix handling of corrupted of sun file]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9827 [Fix handling of corrupted of xpm file]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9828 [Fix corrupted (too many colors) psd file]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9829 [Fix an out of bound access in sun file]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9830 [Fix handling of corrupted sun file]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9831 [Fix handling of corrupted wpg file]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9832 [Fix heap overflow in pcx files]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9833 [Fix heap overflow in psd files]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9834 [Fix heap overflow in pict files]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9835 [Fix heap overflow in wpf files]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9836 [DOS in xpm files]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9837 [Add additional PNM sanity checks]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9838 [Avoid a crash to out of memory in magick/cache.c]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9839 [Fix a theoretical out of bound access in magick/colormap-private.h]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9840 [Fix an out of bound access in palm file]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9841 [Fixed throwing of exceptions in psd handling]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9842 [memory leak in psd handling]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9843 [Fixed boundary checks in DecodePSDPixels]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9844 [Fix another out of bound problem in rle file]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9845 [Fix crash due to corrupted dib file]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9846 [Added checks to prevent overflow in rle file]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9847 [Don't try to handle a "previous" image in the JNG decoder]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9848 [Avoid a memory leak in quantum management]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9849 [Avoid a crash in png coder]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9850 [incorrect handling of thread limit 0]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9851 [In psd file handling fixed parsing resource block and avoid a crash]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9852 [In cache fix usage of object after it has been destroyed]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9853 [Avoid a memory leak in rle file handling]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9854 [DoS in image identification]
+ RESERVED
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2016-XXXX [doesn't remove metadata in embedded images in PDFs]
- mat <unfixed> (bug #826101)
NOTE: https://labs.riseup.net/code/issues/11067
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/06/02/5
CVE-2016-5239 [mageMagick,GraphicsMagick: Gnuplot delegate vulnerability allowing command injection]
+ RESERVED
{DSA-3580-1 DLA-486-1 DLA-484-1}
- graphicsmagick 1.3.24-1
- imagemagick <unfixed>
NOTE: http://git.imagemagick.org/repos/ImageMagick/commit/70a2cf326ed32bedee144b961005c63846541a16
CVE-2016-5238 [scsi: esp: OOB write when using non-DMA mode in get_cmd]
+ RESERVED
- qemu <unfixed> (bug #826152)
- qemu-kvm <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1341931
@@ -351,18 +422,21 @@
CVE-2016-5127
RESERVED
CVE-2015-8898 [Prevent null pointer access in magick/constitute.c]
+ RESERVED
- imagemagick 8:6.8.9.9-7
[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
[wheezy] - imagemagick 8:6.7.7.10-5+deb7u4
NOTE: https://github.com/ImageMagick/ImageMagick/pull/34
NOTE: https://github.com/ImageMagick/ImageMagick/commit/5b4bebaa91849c592a8448bc353ab25a54ff8c44
CVE-2015-8897 [Out of bounds error in SpliceImage]
+ RESERVED
- imagemagick 8:6.8.9.9-7
[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
[wheezy] - imagemagick 8:6.7.7.10-5+deb7u4
NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28466
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7b1cf5784b5bcd85aa9293ecf56769f68c037231
CVE-2015-8896 [integer truncation issue]
+ RESERVED
{DLA-353-1}
- imagemagick 8:6.8.9.9-7 (bug #806441)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
@@ -372,6 +446,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/10/07/2
NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/4
CVE-2015-8895 [pict/icon processing issues: Integer and Buffer overflow in coders/icon.c]
+ RESERVED
{DLA-353-1}
- imagemagick 8:6.8.9.9-7 (bug #806441)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
@@ -382,6 +457,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/4
NOTE: The issue is only exploitable on 32 bit architectures.
CVE-2015-8894 [tga processing issue: double free in coders/tga.c:221]
+ RESERVED
- imagemagick 8:6.8.9.9-6 (bug #806442; bug #799524)
[jessie] - imagemagick <not-affected> (Can't reproduce crash with file)
[wheezy] - imagemagick <not-affected> (Can't reproduce crash with file)
@@ -2394,7 +2470,7 @@
[wheezy] - nginx <not-affected> (Introduced in 1.3.9)
CVE-2016-4449
RESERVED
- {DSA-3593-1}
+ {DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=761430
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=b1d34de46a11323fccffa9fadeb33be670d602f5 (v2.9.4)
@@ -2409,7 +2485,7 @@
TODO: check versions, applying the two commits quite intrusive
CVE-2016-4447
RESERVED
- {DSA-3593-1}
+ {DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759573
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=00906759053986b8079985644172085f74331f83 (v2.9.4)
@@ -2515,7 +2591,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/05/04/2
CVE-2016-4483
RESERVED
- {DSA-3593-1}
+ {DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1 (bug #823405)
NOTE: Minor issue, only when using libxml2 using recovery mode
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=c97750d11bb8b6f3303e7131fe526a61ac65bcfd (v2.9.4)
@@ -4456,7 +4532,7 @@
- eglibc <removed>
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20010
CVE-2016-3705 (The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions ...)
- {DSA-3593-1}
+ {DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1 (bug #823414)
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=8f30bdff69edac9075f4663ce3b56b0c52d48ce6 (v2.9.4)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=765207
@@ -4764,7 +4840,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1319661
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1318509
CVE-2016-3627 (The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and ...)
- {DSA-3593-1}
+ {DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1 (bug #819006)
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=bdd66182ef53fe1f7209ab6535fda56366bd7ac9 (v2.9.4)
NOTE: http://www.openwall.com/lists/oss-security/2016/03/21/3
@@ -9224,7 +9300,7 @@
CVE-2016-2093
RESERVED
CVE-2015-8806 (dict.c in libxml2 allows remote attackers to cause a denial of service ...)
- {DSA-3593-1}
+ {DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1 (bug #813613)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=749115
NOTE: Same fix as CVE-2016-1839 seems to resolve the issue
@@ -9474,7 +9550,7 @@
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/26/5
NOTE: http://sourceforge.net/p/giflib/code/ci/4cc68b315ff9a378aef6664e1be6b2144ad4a5e6/
CVE-2016-2073 (The htmlParseNameComplex function in HTMLparser.c in libxml2 allows ...)
- {DSA-3593-1}
+ {DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1 (bug #812807)
NOTE: http://www.openwall.com/lists/oss-security/2016/01/25/6
NOTE: http://www.openwall.com/lists/oss-security/2016/01/26/8 has details
@@ -10350,24 +10426,24 @@
- libxslt <undetermined>
TODO: check, most likely *not* only Apple specific
CVE-2016-1840 (libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...)
- {DSA-3593-1}
+ {DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=cbb271655cadeb8dbb258a64701d9a3a0c4835b4 (v2.9.4)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=757711
CVE-2016-1839 (libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...)
- {DSA-3593-1}
+ {DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=a820dbeac29d330bae4be05d9ecd939ad6b4aa33 (v2.9.4)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758605
NOTE: https://code.google.com/p/google-security-research/issues/detail?id=637
CVE-2016-1838 (libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...)
- {DSA-3593-1}
+ {DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=db07dd613e461df93dde7902c6505629bf0734e9 (v2.9.4)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758588
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=639
CVE-2016-1837 (libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...)
- {DSA-3593-1}
+ {DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=11ed4a7a90d5ce156a18980a4ad4e53e77384852 (v2.9.4)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=760263
@@ -10380,17 +10456,17 @@
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759398
NOTE: Regression applies to Jessie, since fix backported as 0007-Fix-a-parsing-bug-on-non-ascii-element-and-CR-LF-usa.patch
CVE-2016-1835 (libxml2, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, ...)
- {DSA-3593-1}
+ {DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=38eae571111db3b43ffdeb05487c9f60551906fb (v2.9.4)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759020
CVE-2016-1834 (libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...)
- {DSA-3593-1}
+ {DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=8fbbf5513d609c1770b391b99e33314cd0742704 (v2.9.4)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=763071
CVE-2016-1833 (libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...)
- {DSA-3593-1}
+ {DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=0bcd05c5cd83dec3406c8f68b769b1d610c72f76 (v2.9.4)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758606
@@ -10535,7 +10611,7 @@
CVE-2016-1763 (Messages in Apple iOS before 9.3 does not ensure that an auto-fill ...)
TODO: check
CVE-2016-1762 (libxml2 in Apple iOS before 9.3, OS X before 10.11.4, Safari before ...)
- {DSA-3593-1}
+ {DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=a7a94612aa3b16779e2c74e1fa353b5d9786c602
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759671
@@ -11807,8 +11883,8 @@
RESERVED
CVE-2016-1389 (Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 ...)
TODO: check
-CVE-2016-1388
- RESERVED
+CVE-2016-1388 (Cisco Prime Network Analysis Module (NAM) before 6.1(1) ...)
+ TODO: check
CVE-2016-1387 (The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, ...)
TODO: check
CVE-2016-1386 (The API in Cisco Application Policy Infrastructure Controller ...)
@@ -11843,8 +11919,8 @@
RESERVED
CVE-2016-1371
RESERVED
-CVE-2016-1370
- RESERVED
+CVE-2016-1370 (Cisco Prime Network Analysis Module (NAM) before 6.2(1-b) ...)
+ TODO: check
CVE-2016-1369 (The Adaptive Security Appliance (ASA) 5585-X FirePOWER Security ...)
TODO: check
CVE-2016-1368 (Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x ...)
@@ -24848,7 +24924,7 @@
RESERVED
CVE-2015-5435 (Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 ...)
NOT-FOR-US: HP
-CVE-2015-5434 (HP H3C Comware 5 and 7 devices allow remote attackers to bypass ...)
+CVE-2015-5434 (HPE Networking Products, originally branded as Comware 5, Comware 7, ...)
NOT-FOR-US: HP H3C
CVE-2015-5433 (HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used ...)
NOT-FOR-US: HP Virtual Connect Enterprise Manager
More information about the Secure-testing-commits
mailing list