[Secure-testing-commits] r46516 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Thu Nov 24 21:10:11 UTC 2016


Author: sectracker
Date: 2016-11-24 21:10:11 +0000 (Thu, 24 Nov 2016)
New Revision: 46516

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-11-24 20:55:03 UTC (rev 46515)
+++ data/CVE/list	2016-11-24 21:10:11 UTC (rev 46516)
@@ -1,4 +1,5 @@
 CVE-2016-9636
+	{DSA-3724-1 DSA-3723-1}
 	- gst-plugins-good1.0 1.10.1-2 (bug #845375)
 	- gst-plugins-good0.10 <removed>
 	NOTE: https://scarybeastsecurity.blogspot.ch/2016/11/0day-exploit-advancing-exploitation.html
@@ -8,6 +9,7 @@
 	NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9
 	NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
 CVE-2016-9635
+	{DSA-3724-1 DSA-3723-1}
 	- gst-plugins-good1.0 1.10.1-2 (bug #845375)
 	- gst-plugins-good0.10 <removed>
 	NOTE: https://scarybeastsecurity.blogspot.ch/2016/11/0day-exploit-advancing-exploitation.html
@@ -17,6 +19,7 @@
 	NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9
 	NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
 CVE-2016-9634
+	{DSA-3724-1 DSA-3723-1}
 	- gst-plugins-good1.0 1.10.1-2 (bug #845375)
 	- gst-plugins-good0.10 <removed>
 	NOTE: https://scarybeastsecurity.blogspot.ch/2016/11/0day-exploit-advancing-exploitation.html
@@ -263,6 +266,7 @@
 	RESERVED
 CVE-2016-9386 [x86 null segments not always treated as unusable]
 	RESERVED
+	{DLA-720-1}
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-191.html
 CVE-2016-9385 [x86 segment base write emulation lacking canonical address checks]
@@ -277,23 +281,28 @@
 	NOTE: https://xenbits.xen.org/xsa/advisory-194.html
 CVE-2016-9383 [x86 64-bit bit test instruction emulation broken]
 	RESERVED
+	{DLA-720-1}
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-195.html
 CVE-2016-9382 [x86 task switch to VM86 mode mis-handled]
 	RESERVED
+	{DLA-720-1}
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-192.html
 CVE-2016-9381 [qemu incautious about shared ring processing]
 	RESERVED
+	{DLA-720-1}
 	- xen <undetermined>
 	NOTE: https://xenbits.xen.org/xsa/advisory-197.html
 	TODO: check (as well qemu)
 CVE-2016-9380 [delimiter injection vulnerabilities in pygrub]
 	RESERVED
+	{DLA-720-1}
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-198.html
 CVE-2016-9379 [delimiter injection vulnerabilities in pygrub]
 	RESERVED
+	{DLA-720-1}
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-198.html
 CVE-2016-9378 [x86 software interrupt injection mis-handled]
@@ -74814,7 +74823,7 @@
 	[wheezy] - xen <not-affected> (Vulnerable code introduced in 0.11.50, embedded version is 0.10.2)
 	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: Upstream fix https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html
-        NOTE: Vulnerable code introduced in 0.11.50: http://git.qemu.org/?p=qemu.git;a=commit;h=e8b54394950f975c1b31d2359cf58ca4d9f51b00
+	NOTE: Vulnerable code introduced in 0.11.50: http://git.qemu.org/?p=qemu.git;a=commit;h=e8b54394950f975c1b31d2359cf58ca4d9f51b00
 CVE-2014-2855 (The check_secret function in authenticate.c in rsync 3.1.0 and earlier ...)
 	- rsync 3.1.0-3 (bug #744791)
 	[wheezy] - rsync <not-affected> (Introduced in 3.1.0)




More information about the Secure-testing-commits mailing list