[Secure-testing-commits] r46333 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Nov 18 21:10:13 UTC 2016
Author: sectracker
Date: 2016-11-18 21:10:13 +0000 (Fri, 18 Nov 2016)
New Revision: 46333
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-18 21:08:54 UTC (rev 46332)
+++ data/CVE/list 2016-11-18 21:10:13 UTC (rev 46333)
@@ -1,3 +1,153 @@
+CVE-2016-9421
+ RESERVED
+CVE-2016-9420
+ RESERVED
+CVE-2016-9419
+ RESERVED
+CVE-2016-9418
+ RESERVED
+CVE-2016-9417
+ RESERVED
+CVE-2016-9416
+ RESERVED
+CVE-2016-9415
+ RESERVED
+CVE-2016-9414
+ RESERVED
+CVE-2016-9413
+ RESERVED
+CVE-2016-9412
+ RESERVED
+CVE-2016-9411
+ RESERVED
+CVE-2016-9410
+ RESERVED
+CVE-2016-9409
+ RESERVED
+CVE-2016-9408
+ RESERVED
+CVE-2016-9407
+ RESERVED
+CVE-2016-9406
+ RESERVED
+CVE-2016-9405
+ RESERVED
+CVE-2016-9404
+ RESERVED
+CVE-2016-9403
+ RESERVED
+CVE-2016-9402
+ RESERVED
+CVE-2016-9386
+ RESERVED
+CVE-2016-9385
+ RESERVED
+CVE-2016-9384
+ RESERVED
+CVE-2016-9383
+ RESERVED
+CVE-2016-9382
+ RESERVED
+CVE-2016-9381
+ RESERVED
+CVE-2016-9380
+ RESERVED
+CVE-2016-9379
+ RESERVED
+CVE-2016-9378
+ RESERVED
+CVE-2016-9377
+ RESERVED
+CVE-2016-9371
+ RESERVED
+CVE-2016-9370
+ RESERVED
+CVE-2016-9369
+ RESERVED
+CVE-2016-9368
+ RESERVED
+CVE-2016-9367
+ RESERVED
+CVE-2016-9366
+ RESERVED
+CVE-2016-9365
+ RESERVED
+CVE-2016-9364
+ RESERVED
+CVE-2016-9363
+ RESERVED
+CVE-2016-9362
+ RESERVED
+CVE-2016-9361
+ RESERVED
+CVE-2016-9360
+ RESERVED
+CVE-2016-9359
+ RESERVED
+CVE-2016-9358
+ RESERVED
+CVE-2016-9357
+ RESERVED
+CVE-2016-9356
+ RESERVED
+CVE-2016-9355
+ RESERVED
+CVE-2016-9354
+ RESERVED
+CVE-2016-9353
+ RESERVED
+CVE-2016-9352
+ RESERVED
+CVE-2016-9351
+ RESERVED
+CVE-2016-9350
+ RESERVED
+CVE-2016-9349
+ RESERVED
+CVE-2016-9348
+ RESERVED
+CVE-2016-9347
+ RESERVED
+CVE-2016-9346
+ RESERVED
+CVE-2016-9345
+ RESERVED
+CVE-2016-9344
+ RESERVED
+CVE-2016-9343
+ RESERVED
+CVE-2016-9342
+ RESERVED
+CVE-2016-9341
+ RESERVED
+CVE-2016-9340
+ RESERVED
+CVE-2016-9339
+ RESERVED
+CVE-2016-9338
+ RESERVED
+CVE-2016-9337
+ RESERVED
+CVE-2016-9336
+ RESERVED
+CVE-2016-9335
+ RESERVED
+CVE-2016-9334
+ RESERVED
+CVE-2016-9333
+ RESERVED
+CVE-2016-9332
+ RESERVED
+CVE-2015-8977
+ RESERVED
+CVE-2015-8976
+ RESERVED
+CVE-2015-8975
+ RESERVED
+CVE-2015-8974
+ RESERVED
+CVE-2015-8973
+ RESERVED
CVE-2016-XXXX [tiff2pdf: out-of-bounds write memcpy]
- tiff 4.0.6-3
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2579
@@ -36,181 +186,217 @@
NOTE: https://www.drupal.org/SA-CORE-2016-005
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/11/18/8
CVE-2016-9443
+ RESERVED
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/28
CVE-2016-9442
+ RESERVED
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/commit/d43527cfa0dbb3ccefec4a6f7b32c1434739aa29
CVE-2016-9441
+ RESERVED
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/24
CVE-2016-9440
+ RESERVED
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/22
CVE-2016-9439
+ RESERVED
- w3m <unfixed> (bug #844726)
[jessie] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/20
CVE-2016-9438
+ RESERVED
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/18
CVE-2016-9437
+ RESERVED
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/17
CVE-2016-9436 [problem fixed by the new "tagname[0] = '\0'" line in parsetagx.c]
+ RESERVED
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/16
NOTE: Fixed by: https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd
CVE-2016-9435 [for the problem fixed by the new conditional PUSH_ENV(HTML_DL) call in file.c]
+ RESERVED
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/16
NOTE: Fixed by: https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd
CVE-2016-9434
+ RESERVED
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/15
CVE-2016-9433
+ RESERVED
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/14
CVE-2016-9432
+ RESERVED
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/13
CVE-2016-9431
+ RESERVED
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/10
CVE-2016-9430
+ RESERVED
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/7
CVE-2016-9429
+ RESERVED
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/29
CVE-2016-9428
+ RESERVED
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/26
CVE-2016-9427
+ RESERVED
- libgc <unfixed>
NOTE: https://github.com/ivmai/bdwgc/issues/135
TODO: check
CVE-2016-9426
+ RESERVED
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/25
CVE-2016-9425
+ RESERVED
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/21
CVE-2016-9424
+ RESERVED
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/12
CVE-2016-9423
+ RESERVED
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/9
CVE-2016-9422
+ RESERVED
- w3m 0.5.3-30
[jessie] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/8
CVE-2016-9401 [popd controlled free]
+ RESERVED
- bash <unfixed> (bug #844727)
[jessie] - bash <no-dsa> (Minor issue)
[wheezy] - bash <no-dsa> (Minor issue)
NOTE: Upstream bash considers this issue only to be a bug.
CVE-2016-9399 [jpc_dec.c:1650: void calcstepsizes(uint_fast16_t, int, uint_fast16_t *): Assertion `!((expn + (numrlvls - 1) - (numrlvls - 1 - ((bandno > 0) ? ((bandno + 2) / 3) : (0)))) & (~0x1f))' failed.]
+ RESERVED
- jasper <removed> (unimportant)
NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00044-jasper-assert-calcstepsizes
NOTE: Negligable security impact
CVE-2016-9398 [jpc_math.c:94: int jpc_floorlog2(int): Assertion `x > 0' failed.]
+ RESERVED
- jasper <removed> (unimportant)
NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00023-jasper-assert-jpc_floorlog2
NOTE: Negligable security impact
CVE-2016-9397 [jpc_dec.c:1817: void jpc_dequantize(jas_matrix_t *, jpc_fix_t): Assertion `absstepsize >= 0' failed.]
+ RESERVED
- jasper <removed> (unimportant)
NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00010-jasper-assert-jpc_dequantize
NOTE: Negligable security impact
CVE-2016-9396 [jpc_t1cod.c:144: int JPC_NOMINALGAIN(int, int, int, int): Assertion `qmfbid == 0x01' failed.]
+ RESERVED
- jasper <removed> (unimportant)
NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00004-jasper-assert-JPC_NOMINALGAIN
NOTE: Negligable security impact
CVE-2016-9395 [jas_seq.c:90: jas_matrix_t *jas_seq2d_create(int, int, int, int): Assertion `xstart <= xend && ystart <= yend' failed.]
+ RESERVED
- jasper <removed> (unimportant)
NOTE: Fix: https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a
NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00043-jasper-assert-jas_matrix_t
NOTE: Negligable security impact
CVE-2016-9394
+ RESERVED
- jasper <removed> (unimportant)
NOTE: Fix: https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330
NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00016-jasper-assert-jas_matrix_t
NOTE: Negligable security impact
CVE-2016-9393
+ RESERVED
- jasper <removed> (unimportant)
NOTE: Fix: https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330
NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00013-jasper-assert-jpc_pi_nextrpcl
NOTE: Negligable security impact
CVE-2016-9392
+ RESERVED
- jasper <removed> (unimportant)
NOTE: Fix: https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330
NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00012-jasper-assert-calcstepsizes
NOTE: Negligable security impact
CVE-2016-9391 [jpc_bs.c:197: long jpc_bitstream_getbits(jpc_bitstream_t *, int): Assertion `n >= 0 && n < 32' failed.]
+ RESERVED
- jasper <removed> (unimportant)
NOTE: Fix: https://github.com/mdadams/jasper/commit/1e84674d95353c64e5c4c0e7232ae86fd6ea813b
NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00014-jasper-assert-jpc_bitstream_getbits
NOTE: Negligable security impact
CVE-2016-9390 [jas_seq.c:90: jas_matrix_t *jas_seq2d_create(int, int, int, int): Assertion `xstart <= xend && ystart <= yend' failed.]
+ RESERVED
- jasper <removed> (unimportant)
NOTE: Fix: https://github.com/mdadams/jasper/commit/ba2b9d000660313af7b692542afbd374c5685865
NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00007-jasper-assert-jas_matrix_t
NOTE: Negligable security impact
CVE-2016-9389
+ RESERVED
- jasper <removed> (unimportant)
NOTE: Fix: https://github.com/mdadams/jasper/commit/dee11ec440d7908d1daf69f40a3324b27cf213ba
NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00006-jasper-assert-jpc_irct
NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00008-jasper-assert-jpc_iict
NOTE: Negligable security impact
CVE-2016-9388 [ras_dec.c:330: int ras_getcmap(jas_stream_t *, ras_hdr_t *, ras_cmap_t *): Assertion `numcolors <= 256' failed.]
+ RESERVED
- jasper <removed> (unimportant)
NOTE: Fix: https://github.com/mdadams/jasper/commit/411a4068f8c464e883358bf403a3e25158863823
NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00005-jasper-assert-ras_getcmap
NOTE: Negligable security impact
CVE-2016-9387 [jas_seq.c:90: jas_matrix<= yend' failed.]
+ RESERVED
- jasper <removed> (unimportant)
NOTE: Fix: https://github.com/mdadams/jasper/commit/d91198abd00fc435a397fe6bad906a4c1748e9cf
NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00003-jasper-assert-jas_matrix_t
NOTE: Negligable security impact
-CVE-2016-9372 [Profinet I/O long loop]
+CVE-2016-9372 (In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop ...)
- wireshark 2.2.2+g9c5aae3-1
[jessie] - wireshark <not-affected> (Only affects 2.2.x)
[wheezy] - wireshark <not-affected> (Only affects 2.2.x)
NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-58.html
-CVE-2016-9373 [DCERPC dissector crash]
+CVE-2016-9373 (In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector ...)
- wireshark 2.2.2+g9c5aae3-1
NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-61.html
-CVE-2016-9374 [AllJoyn dissector crash]
+CVE-2016-9374 (In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector ...)
- wireshark 2.2.2+g9c5aae3-1
NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-59.html
-CVE-2016-9375 [DTN dissector infinite loop]
+CVE-2016-9375 (In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could ...)
- wireshark 2.2.2+g9c5aae3-1
NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-62.html
-CVE-2016-9376 [OpenFlow dissector crash]
+CVE-2016-9376 (In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector ...)
- wireshark 2.2.2+g9c5aae3-1
NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-60.html
@@ -235,6 +421,7 @@
CVE-2016-9322
RESERVED
CVE-2016-9400 [possible remote code execution on the client]
+ RESERVED
- teeworlds 0.6.4+dfsg-1 (bug #844546)
[jessie] - teeworlds <no-dsa> (Minor issue; can be fixed via point release)
[wheezy] - teeworlds <end-of-life> (Games are not supported in Wheezy)
@@ -6680,7 +6867,7 @@
NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=a0d1cbdacff5df4ded16b753b38fdd9da6092968 (2.7.0-rc3)
NOTE: http://patchwork.ozlabs.org/patch/657076/
-CVE-2016-7160 (A vulnerability on Samsung Mobile L(5.0/5.1) and M(6.0) devices with ...)
+CVE-2016-7160 (A vulnerability on Samsung Mobile M(6.0) devices exists because ...)
NOT-FOR-US: Samsumg
CVE-2016-7159
RESERVED
More information about the Secure-testing-commits
mailing list