[Secure-testing-commits] r46422 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Nov 22 09:11:11 UTC 2016
Author: sectracker
Date: 2016-11-22 09:11:11 +0000 (Tue, 22 Nov 2016)
New Revision: 46422
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-22 09:09:18 UTC (rev 46421)
+++ data/CVE/list 2016-11-22 09:11:11 UTC (rev 46422)
@@ -1,3 +1,61 @@
+CVE-2016-9481
+ RESERVED
+CVE-2016-9480
+ RESERVED
+CVE-2016-9479
+ RESERVED
+CVE-2016-9478
+ RESERVED
+CVE-2016-9477
+ RESERVED
+CVE-2016-9476
+ RESERVED
+CVE-2016-9475
+ RESERVED
+CVE-2016-9474
+ RESERVED
+CVE-2016-9473
+ RESERVED
+CVE-2016-9472
+ RESERVED
+CVE-2016-9471
+ RESERVED
+CVE-2016-9470
+ RESERVED
+CVE-2016-9469
+ RESERVED
+CVE-2016-9468
+ RESERVED
+CVE-2016-9467
+ RESERVED
+CVE-2016-9466
+ RESERVED
+CVE-2016-9465
+ RESERVED
+CVE-2016-9464
+ RESERVED
+CVE-2016-9463
+ RESERVED
+CVE-2016-9462
+ RESERVED
+CVE-2016-9461
+ RESERVED
+CVE-2016-9460
+ RESERVED
+CVE-2016-9459
+ RESERVED
+CVE-2016-9458
+ RESERVED
+CVE-2016-9457
+ RESERVED
+CVE-2016-9456
+ RESERVED
+CVE-2016-9455
+ RESERVED
+CVE-2016-9454
+ RESERVED
+CVE-2016-9444
+ RESERVED
CVE-2016-XXXX [MCabber before 1.0.4 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza]
- mcabber <unfixed> (bug #845258)
NOTE: https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033/raw
@@ -65,6 +123,7 @@
- imagemagick <unfixed> (bug #845195)
TODO: check
CVE-2016-9448 [invalid read of size 1 in TIFFFetchNormalTag]
+ RESERVED
- tiff <not-affected> (Vulnerable code introduced by fix for CVE-2016-9297)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2593
NOTE: Regression introduced by previous fix done on 2016-11-11 for CVE-2016-9297
@@ -219,12 +278,14 @@
CVE-2015-8973
RESERVED
CVE-2016-9453 [tiff2pdf: out-of-bounds write memcpy]
+ RESERVED
- tiff 4.0.6-3
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2579
NOTE: https://github.com/vadz/libtiff/commit/d2955714a4a0b8ca10941550cfbf64c7e111fbf1
NOTE: For unstable this fix was included in the fix for TALOS-CAN-0187 / CVE-2016-5652
NOTE: and included in patches/09-CVE-2016-5652.patch
CVE-2016-9446 [gstreamer 0.10 VMNC code execution #2]
+ RESERVED
{DSA-3717-1 DLA-712-1}
- gst-plugins-bad0.10 <removed>
- gst-plugins-bad1.0 1.10.1-1
@@ -232,6 +293,7 @@
NOTE: Upstream Bug: https://bugzilla.gnome.org/show_bug.cgi?id=774533
NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe
CVE-2016-9445 [gstreamer 0.10 VMNC code execution]
+ RESERVED
{DSA-3717-1 DLA-712-1}
- gst-plugins-bad0.10 <removed>
- gst-plugins-bad1.0 1.10.1-1
@@ -239,22 +301,26 @@
NOTE: Upstream Bug: https://bugzilla.gnome.org/show_bug.cgi?id=774533
NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe
CVE-2016-9452 [Denial of service via transliterate mechanism]
+ RESERVED
- drupal8 <itp> (bug #756305)
- drupal7 <not-affected> (Only affects Drupal 8)
NOTE: https://www.drupal.org/SA-CORE-2016-005
NOTE: http://www.openwall.com/lists/oss-security/2016/11/18/8
CVE-2016-9451 [Confirmation forms allow external URLs to be injected]
- {DSA-3718-1}
+ RESERVED
+ {DSA-3718-1 DLA-715-1}
- drupal7 7.52-1
NOTE: https://www.drupal.org/SA-CORE-2016-005
NOTE: http://www.openwall.com/lists/oss-security/2016/11/18/8
CVE-2016-9450 [Incorrect cache context on password reset page]
+ RESERVED
- drupal8 <itp> (bug #756305)
- drupal7 <not-affected> (Only affects Drupal 8)
NOTE: https://www.drupal.org/SA-CORE-2016-005
NOTE: http://www.openwall.com/lists/oss-security/2016/11/18/8
CVE-2016-9449 [Inconsistent name for term access query]
- {DSA-3718-1}
+ RESERVED
+ {DSA-3718-1 DLA-715-1}
- drupal8 <itp> (bug #756305)
- drupal7 7.52-1
NOTE: https://www.drupal.org/SA-CORE-2016-005
@@ -483,22 +549,22 @@
NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-58.html
CVE-2016-9373 (In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector ...)
- {DSA-3719-1}
+ {DSA-3719-1 DLA-714-1}
- wireshark 2.2.2+g9c5aae3-1
NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-61.html
CVE-2016-9374 (In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector ...)
- {DSA-3719-1}
+ {DSA-3719-1 DLA-714-1}
- wireshark 2.2.2+g9c5aae3-1
NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-59.html
CVE-2016-9375 (In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could ...)
- {DSA-3719-1}
+ {DSA-3719-1 DLA-714-1}
- wireshark 2.2.2+g9c5aae3-1
NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-62.html
CVE-2016-9376 (In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector ...)
- {DSA-3719-1}
+ {DSA-3719-1 DLA-714-1}
- wireshark 2.2.2+g9c5aae3-1
NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-60.html
@@ -631,6 +697,7 @@
CVE-2016-9263
RESERVED
CVE-2016-9447 [gstreamer 0.10 NSF code execution]
+ RESERVED
{DSA-3713-1 DLA-712-1}
- gst-plugins-bad0.10 <removed>
NOTE: http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html
@@ -972,12 +1039,12 @@
RESERVED
CVE-2016-9152
RESERVED
-CVE-2016-9151
- RESERVED
-CVE-2016-9150
- RESERVED
-CVE-2016-9149
- RESERVED
+CVE-2016-9151 (Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x ...)
+ TODO: check
+CVE-2016-9150 (Buffer overflow in the management web interface in Palo Alto Networks ...)
+ TODO: check
+CVE-2016-9149 (The Addresses Object parser in Palo Alto Networks PAN-OS before ...)
+ TODO: check
CVE-2016-9148
RESERVED
CVE-2016-9147
@@ -2750,10 +2817,10 @@
NOT-FOR-US: Siemens Automation License Manager
CVE-2016-8563 (Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 ...)
NOT-FOR-US: Siemens Automation License Manager
-CVE-2016-8562
- RESERVED
-CVE-2016-8561
- RESERVED
+CVE-2016-8562 (Siemens SIMATIC CP 1543-1 before 2.0.28, when SNMPv3 write access or ...)
+ TODO: check
+CVE-2016-8561 (Siemens SIMATIC CP 1543-1 before 2.0.28 allows remote authenticated ...)
+ TODO: check
CVE-2016-8560
RESERVED
CVE-2016-8559
@@ -8148,6 +8215,7 @@
RESERVED
CVE-2016-6797 [Apache Tomcat Unrestricted Access to Global Resources]
RESERVED
+ {DSA-3721-1 DSA-3720-1}
- tomcat8 8.0.37-1 (low)
- tomcat7 7.0.72-1 (low; bug #842666)
- tomcat6 6.0.41-3 (low)
@@ -8158,6 +8226,7 @@
NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1757285 (6.0.x)
CVE-2016-6796 [Apache Tomcat Security Manager Bypass]
RESERVED
+ {DSA-3721-1 DSA-3720-1}
- tomcat8 8.0.37-1 (low)
- tomcat7 7.0.72-1 (low; bug #842665)
- tomcat6 6.0.41-3 (low)
@@ -8170,6 +8239,7 @@
RESERVED
CVE-2016-6794 [Apache Tomcat System Property Disclosure]
RESERVED
+ {DSA-3721-1 DSA-3720-1}
- tomcat8 8.0.37-1 (low)
- tomcat7 7.0.72-1 (low; bug #842664)
- tomcat6 6.0.41-3 (low)
@@ -9495,8 +9565,8 @@
RESERVED
CVE-2016-6473
RESERVED
-CVE-2016-6472
- RESERVED
+CVE-2016-6472 (A vulnerability in several parameters of the ccmivr page of Cisco ...)
+ TODO: check
CVE-2016-6471
RESERVED
CVE-2016-6470
@@ -9507,26 +9577,26 @@
RESERVED
CVE-2016-6467
RESERVED
-CVE-2016-6466
- RESERVED
+CVE-2016-6466 (A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 ...)
+ TODO: check
CVE-2016-6465
RESERVED
CVE-2016-6464
RESERVED
-CVE-2016-6463
- RESERVED
-CVE-2016-6462
- RESERVED
-CVE-2016-6461
- RESERVED
-CVE-2016-6460
- RESERVED
-CVE-2016-6459
- RESERVED
-CVE-2016-6458
- RESERVED
-CVE-2016-6457
- RESERVED
+CVE-2016-6463 (A vulnerability in the email filtering functionality of Cisco AsyncOS ...)
+ TODO: check
+CVE-2016-6462 (A vulnerability in the email filtering functionality of Cisco AsyncOS ...)
+ TODO: check
+CVE-2016-6461 (A vulnerability in the HTTP web-based management interface of the Cisco ...)
+ TODO: check
+CVE-2016-6460 (A vulnerability in the FTP Representational State Transfer Application ...)
+ TODO: check
+CVE-2016-6459 (Cisco TelePresence endpoints running either CE or TC software contain a ...)
+ TODO: check
+CVE-2016-6458 (A vulnerability in the content filtering functionality of Cisco AsyncOS ...)
+ TODO: check
+CVE-2016-6457 (A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches ...)
+ TODO: check
CVE-2016-6456
RESERVED
CVE-2016-6455 (A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series ...)
@@ -9539,8 +9609,8 @@
NOT-FOR-US: Cisco
CVE-2016-6451 (Multiple vulnerabilities in the web framework code of the Cisco Prime ...)
NOT-FOR-US: Cisco
-CVE-2016-6450
- RESERVED
+CVE-2016-6450 (A vulnerability in the package unbundle utility of Cisco IOS XE ...)
+ TODO: check
CVE-2016-6449
RESERVED
CVE-2016-6448 (A vulnerability in the Session Description Protocol (SDP) parser of ...)
@@ -14854,6 +14924,7 @@
NOT-FOR-US: Apache MyFaces Trinidad
CVE-2016-5018 [Apache Tomcat Security Manager Bypass]
RESERVED
+ {DSA-3721-1 DSA-3720-1}
- tomcat8 8.0.37-1 (low)
- tomcat7 7.0.72-1 (low; bug #842663)
- tomcat6 6.0.41-3 (low)
@@ -17108,14 +17179,14 @@
RESERVED
CVE-2016-4334
RESERVED
-CVE-2016-4333
- RESERVED
-CVE-2016-4332
- RESERVED
-CVE-2016-4331
- RESERVED
-CVE-2016-4330
- RESERVED
+CVE-2016-4333 (The HDF5 1.8.16 library allocating space for the array using a value ...)
+ TODO: check
+CVE-2016-4332 (The library's failure to check if certain message types support a ...)
+ TODO: check
+CVE-2016-4331 (When decoding data out of a dataset encoded with the H5Z_NBIT ...)
+ TODO: check
+CVE-2016-4330 (In the HDF5 1.8.16 library's failure to check if the number of ...)
+ TODO: check
CVE-2016-4329
RESERVED
CVE-2016-4328 (MEDHOST Perioperative Information Management System (aka PIMS or ...)
@@ -28885,6 +28956,7 @@
NOTE: Fixed in 6.0.45, 7.0.68, 8.0.32, 9.0.0.M3
CVE-2016-0762 [Apache Tomcat Realm Timing Attack]
RESERVED
+ {DSA-3721-1 DSA-3720-1}
- tomcat8 8.0.37-1 (low)
- tomcat7 7.0.72-1 (low; bug #842662)
- tomcat6 6.0.41-3 (low)
@@ -72500,7 +72572,7 @@
NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-06/msg05283.html
NOTE: Upstream fix: http://git.qemu.org/?p=qemu.git;a=commit;h=554f802da3f8b09b16b9a84ad5847b2eb0e9ad2b (v2.1.0-rc0)
- NOTE: PCIe support introduced in v1.3: http://wiki.qemu.org/ChangeLog/1.3
+ NOTE: PCIe support introduced in v1.3: http://wiki.qemu.org/ChangeLog/1.3
CVE-2014-3470 (The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL ...)
{DSA-2950-1 DLA-0003-1}
- openssl 1.0.1h-1 (bug #750665)
More information about the Secure-testing-commits
mailing list