[Secure-testing-commits] r46050 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Mon Nov 7 21:10:12 UTC 2016 

Author: sectracker
Date: 2016-11-07 21:10:12 +0000 (Mon, 07 Nov 2016)
New Revision: 46050

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-11-07 20:58:13 UTC (rev 46049)
+++ data/CVE/list	2016-11-07 21:10:12 UTC (rev 46050)
@@ -1,15 +1,121 @@
+CVE-2016-9242 (Multiple SQL injection vulnerabilities in the update method in ...)
+	TODO: check
+CVE-2016-9241
+	RESERVED
+CVE-2016-9240
+	RESERVED
+CVE-2016-9239
+	RESERVED
+CVE-2016-9238
+	RESERVED
+CVE-2016-9237
+	RESERVED
+CVE-2016-9236
+	RESERVED
+CVE-2016-9235
+	RESERVED
+CVE-2016-9234
+	RESERVED
+CVE-2016-9233
+	RESERVED
+CVE-2016-9232
+	RESERVED
+CVE-2016-9231
+	RESERVED
+CVE-2016-9230
+	RESERVED
+CVE-2016-9229
+	RESERVED
+CVE-2016-9228
+	RESERVED
+CVE-2016-9227
+	RESERVED
+CVE-2016-9226
+	RESERVED
+CVE-2016-9225
+	RESERVED
+CVE-2016-9224
+	RESERVED
+CVE-2016-9223
+	RESERVED
+CVE-2016-9222
+	RESERVED
+CVE-2016-9221
+	RESERVED
+CVE-2016-9220
+	RESERVED
+CVE-2016-9219
+	RESERVED
+CVE-2016-9218
+	RESERVED
+CVE-2016-9217
+	RESERVED
+CVE-2016-9216
+	RESERVED
+CVE-2016-9215
+	RESERVED
+CVE-2016-9214
+	RESERVED
+CVE-2016-9213
+	RESERVED
+CVE-2016-9212
+	RESERVED
+CVE-2016-9211
+	RESERVED
+CVE-2016-9210
+	RESERVED
+CVE-2016-9209
+	RESERVED
+CVE-2016-9208
+	RESERVED
+CVE-2016-9207
+	RESERVED
+CVE-2016-9206
+	RESERVED
+CVE-2016-9205
+	RESERVED
+CVE-2016-9204
+	RESERVED
+CVE-2016-9203
+	RESERVED
+CVE-2016-9202
+	RESERVED
+CVE-2016-9201
+	RESERVED
+CVE-2016-9200
+	RESERVED
+CVE-2016-9199
+	RESERVED
+CVE-2016-9198
+	RESERVED
+CVE-2016-9197
+	RESERVED
+CVE-2016-9196
+	RESERVED
+CVE-2016-9195
+	RESERVED
+CVE-2016-9194
+	RESERVED
+CVE-2016-9193
+	RESERVED
+CVE-2016-9192
+	RESERVED
 CVE-2015-8971 [Escape Sequence Command Execution vulnerability]
+	RESERVED
 	- terminology <unfixed> (bug #843434)
 	NOTE: https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5
 	NOTE: http://www.openwall.com/lists/oss-security/2016/11/04/12
 CVE-2016-9191 [local DoS with cgroup offline code]
+	RESERVED
 	- linux <unfixed>
 CVE-2016-9190 (Pillow before 3.3.2 allows context-dependent attackers to execute ...)
+	{DLA-705-1}
 	- pillow 3.4.2-1
 	- python-imaging <removed>
 	NOTE: https://github.com/python-pillow/Pillow/issues/2105
 	NOTE: https://github.com/python-pillow/Pillow/pull/2146/commits/5d8a0be45aad78c5a22c8d099118ee26ef8144af
 CVE-2016-9189 (Pillow before 3.3.2 allows context-dependent attackers to obtain ...)
+	{DLA-705-1}
 	- pillow 3.4.2-1
 	- python-imaging <removed>
 	NOTE: https://github.com/python-pillow/Pillow/issues/2105
@@ -219,8 +325,8 @@
 CVE-2016-9112 (Floating Point Exception (aka FPE or divide by zero) in ...)
 	- openjpeg2 <unfixed>
 	NOTE: https://github.com/uclouvain/openjpeg/issues/855
-CVE-2016-9111
-	RESERVED
+CVE-2016-9111 (Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 ...)
+	TODO: check
 CVE-2016-9110
 	RESERVED
 CVE-2016-9100
@@ -787,10 +893,10 @@
 	RESERVED
 CVE-2016-8871 (In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding ...)
 	TODO: check
-CVE-2016-8870
-	RESERVED
-CVE-2016-8869
-	RESERVED
+CVE-2016-8870 (The register method in the UsersModelRegistration class in ...)
+	TODO: check
+CVE-2016-8869 (The register method in the UsersModelRegistration class in ...)
+	TODO: check
 CVE-2016-8868
 	RESERVED
 CVE-2016-8867 (Docker Engine 1.12.2 enabled ambient capabilities with misconfigured ...)
@@ -1142,8 +1248,7 @@
 	RESERVED
 CVE-2016-1000032 (TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due to a ...)
 	TODO: check
-CVE-2016-8910 [net: rtl8139: infinite loop while transmit in C+  mode]
-	RESERVED
+CVE-2016-8910 (The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka ...)
 	{DLA-698-1 DLA-689-1}
 	- qemu <unfixed> (bug #841955)
 	- qemu-kvm <removed>
@@ -1151,8 +1256,7 @@
 	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05495.html
 	NOTE: http://www.openwall.com/lists/oss-security/2016/10/24/2
-CVE-2016-8909 [audio: intel-hda: infinite loop in processing dma  buffer stream]
-	RESERVED
+CVE-2016-8909 (The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick ...)
 	{DLA-698-1 DLA-689-1}
 	- qemu <unfixed> (bug #841950)
 	- qemu-kvm <removed>
@@ -1433,8 +1537,7 @@
 	RESERVED
 	- matrixssl <not-affected> (Incomplete fix for CVE-2016-6887 not applied)
 	NOTE: https://blog.fuzzing-project.org/54-Update-on-MatrixSSL-miscalculation-incomplete-fix-for-CVE-2016-6887.html
-CVE-2016-8669 [char: divide by zero error in serial_update_parameters]
-	RESERVED
+CVE-2016-8669 (The serial_update_parameters function in hw/char/serial.c in QEMU (aka ...)
 	{DLA-679-1 DLA-678-1}
 	- qemu <unfixed> (bug #840945)
 	- qemu-kvm <removed>
@@ -1443,8 +1546,7 @@
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02461.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1384909
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=3592fe0c919cf27a81d8e9f9b4f269553418bb01
-CVE-2016-8668 [net: OOB buffer access in rocker switch emulation]
-	RESERVED
+CVE-2016-8668 (The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka ...)
 	- qemu <unfixed> (bug #840948)
 	[jessie] - qemu <not-affected> (Vulnerable code introduced after v2.4.0-rc0)
 	[wheezy] - qemu <not-affected> (Vulnerable code introduced after v2.4.0-rc0)
@@ -1454,8 +1556,7 @@
 	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02501.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1384896
-CVE-2016-8667 [dma: rc4030 divide by zero error in set_next_tick]
-	RESERVED
+CVE-2016-8667 (The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick ...)
 	- qemu <unfixed> (bug #840950)
 	[wheezy] - qemu <no-dsa> (minor issue)
 	- qemu-kvm <removed>
@@ -1999,8 +2100,7 @@
 	RESERVED
 	- linux <not-affected> (Vulnerable code introduced later in 4.8 development)
 	NOTE: https://gist.github.com/marcograss/40850adb3c599ac38e0beac31617d56b
-CVE-2016-8578 [9pfs: potential NULL dereferencein 9pfs routines]
-	RESERVED
+CVE-2016-8578 (The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU ...)
 	{DLA-679-1 DLA-678-1}
 	- qemu <unfixed> (bug #840340)
 	- qemu-kvm <removed>
@@ -2009,8 +2109,7 @@
 	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07143.html
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ba42ebb863ab7d40adc79298422ed9596df8f73a
-CVE-2016-8577 [9pfs: host memory leakage in v9fs_read]
-	RESERVED
+CVE-2016-8577 (Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka ...)
 	{DLA-679-1 DLA-678-1}
 	- qemu <unfixed> (bug #840341)
 	- qemu-kvm <removed>
@@ -2019,8 +2118,7 @@
 	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07127.html
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=e95c9a493a5a8d6f969e86c9f19f80ffe6587e19
-CVE-2016-8576 [usb: xHCI: infinite loop vulnerability in xhci_ring_fetch]
-	RESERVED
+CVE-2016-8576 (The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick ...)
 	{DLA-679-1 DLA-678-1}
 	- qemu <unfixed> (bug #840343)
 	- qemu-kvm <removed>
@@ -11418,7 +11516,7 @@
 	NOTE: "administrators should plan on patching for CVE-2016-6304, CVE-2016-5598 and CVE-2010-5312 as they are remotely exploitable"
 	NOTE: https://blog.qualys.com/laws-of-vulnerabilities/2016/10/18/oracle-october-2016-critical-patch-update
 CVE-2016-5597 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and ...)
-	{DLA-704-1}
+	{DSA-3707-1 DLA-704-1}
 	- openjdk-8 8u111-b14-1
 	[experimental] - openjdk-7 7u111-2.6.7-2
 	- openjdk-7 <removed>
@@ -11458,7 +11556,7 @@
 CVE-2016-5583 (Unspecified vulnerability in the Oracle One-to-One Fulfillment ...)
 	TODO: check
 CVE-2016-5582 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and ...)
-	{DLA-704-1}
+	{DSA-3707-1 DLA-704-1}
 	- openjdk-8 8u111-b14-1
 	[experimental] - openjdk-7 7u111-2.6.7-2
 	- openjdk-7 <removed>
@@ -11481,7 +11579,7 @@
 CVE-2016-5574 (Unspecified vulnerability in the Oracle Outside In Technology ...)
 	TODO: check
 CVE-2016-5573 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and ...)
-	{DLA-704-1}
+	{DSA-3707-1 DLA-704-1}
 	- openjdk-8 8u111-b14-1
 	[experimental] - openjdk-7 7u111-2.6.7-2
 	- openjdk-7 <removed>
@@ -11528,7 +11626,7 @@
 CVE-2016-5555 (Unspecified vulnerability in the OJVM component in Oracle Database ...)
 	TODO: check
 CVE-2016-5554 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and ...)
-	{DLA-704-1}
+	{DSA-3707-1 DLA-704-1}
 	- openjdk-8 8u111-b14-1
 	[experimental] - openjdk-7 7u111-2.6.7-2
 	- openjdk-7 <removed>
@@ -11557,7 +11655,7 @@
 CVE-2016-5543 (Unspecified vulnerability in the Oracle FLEXCUBE Enterprise Limits and ...)
 	TODO: check
 CVE-2016-5542 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and ...)
-	{DLA-704-1}
+	{DSA-3707-1 DLA-704-1}
 	- openjdk-8 8u111-b14-1
 	[experimental] - openjdk-7 7u111-2.6.7-2
 	- openjdk-7 <removed>

More information about the Secure-testing-commits mailing list