[Secure-testing-commits] r44971 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Sun Oct 2 21:38:06 UTC 2016


Author: jmm
Date: 2016-10-02 21:38:06 +0000 (Sun, 02 Oct 2016)
New Revision: 44971

Modified:
   data/CVE/list
Log:
new mpg123 issue
new systemd issues
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-10-02 21:10:12 UTC (rev 44970)
+++ data/CVE/list	2016-10-02 21:38:06 UTC (rev 44971)
@@ -1,3 +1,7 @@
+CVE-2016-XXXX [mpg123 memory overread]
+	- mpg123 <unfixed> (low)
+	[jessie] - mpg123 <no-dsa> (Minor issue)
+	NOTE: http://mpg123.org/bugs/240 
 CVE-2016-XXXX [nspr, nss: unprotected environment variables]
 	- nspr 2:4.12-1 (low)
 	- nss 2:3.23-1 (low)
@@ -302,7 +306,7 @@
 CVE-2016-8280
 	RESERVED
 CVE-2016-8279 (The video driver in Huawei Mate S smartphones with software CRR-TL00 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2016-8278
 	RESERVED
 CVE-2016-8277
@@ -1907,8 +1911,13 @@
 	NOTE: https://github.com/ClusterLabs/pacemaker/commit/5ec24a26
 CVE-2016-7796
 	RESERVED
+	- systemd 231-9
+	NOTE: https://github.com/systemd/systemd/issues/4234
 CVE-2016-7795
 	RESERVED
+	- systemd 231-9
+	[jessie] - systemd <not-affected> (Introduced in 219)
+	[wheezy] - systemd <not-affected> (Introduced in 219)
 CVE-2016-7794
 	RESERVED
 	- git-hub <unfixed> (bug #839284)
@@ -2774,7 +2783,6 @@
 	{DSA-3678-1}
 	- python-django 1:1.10-1 (low)
 	NOTE: https://www.djangoproject.com/weblog/2016/sep/26/security-releases/
-	TODO: check older versions
 CVE-2016-7400
 	RESERVED
 	NOT-FOR-US: Exponent CMS
@@ -3193,7 +3201,7 @@
 CVE-2016-7192
 	RESERVED
 CVE-2016-7191 (The Microsoft Azure Active Directory Passport (aka Passport-Azure-AD) ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Azure Active Directory Passport
 CVE-2016-7190
 	RESERVED
 CVE-2016-7189
@@ -3235,7 +3243,6 @@
 	NOTE: https://code.wireshark.org/review/17289
 	NOTE: Affected versions: 2.0.0 to 2.0.5
 	NOTE: Fixed versions: 2.0.6
-	TODO: double-check older version
 CVE-2016-7179 (Stack-based buffer overflow in ...)
 	{DSA-3671-1 DLA-632-1}
 	- wireshark 2.2.0~rc1+g438c022-1
@@ -3244,7 +3251,6 @@
 	NOTE: https://code.wireshark.org/review/17095
 	NOTE: Affected versions: 2.0.0 to 2.0.5
 	NOTE: Fixed versions: 2.0.6
-	TODO: double-check older version
 CVE-2016-7178 (epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark ...)
 	{DSA-3671-1 DLA-632-1}
 	- wireshark 2.2.0~rc1+g438c022-1
@@ -3253,7 +3259,6 @@
 	NOTE: https://code.wireshark.org/review/17094
 	NOTE: Affected versions: 2.0.0 to 2.0.5
 	NOTE: Fixed versions: 2.0.6
-	TODO: double-check older version
 CVE-2016-7177 (epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 ...)
 	{DSA-3671-1 DLA-632-1}
 	- wireshark 2.2.0~rc1+g438c022-1
@@ -3262,7 +3267,6 @@
 	NOTE: https://code.wireshark.org/review/17096
 	NOTE: Affected versions: 2.0.0 to 2.0.5
 	NOTE: Fixed versions: 2.0.6
-	TODO: double-check older version
 CVE-2016-7176 (epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x ...)
 	{DSA-3671-1 DLA-632-1}
 	- wireshark 2.2.0~rc1+g438c022-1
@@ -3271,7 +3275,6 @@
 	NOTE: https://code.wireshark.org/review/16852
 	NOTE: Affected versions: 2.0.0 to 2.0.5
 	NOTE: Fixed versions: 2.0.6
-	TODO: double-check older version
 CVE-2016-7175 (epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark ...)
 	- wireshark 2.2.0~rc1+g438c022-1
 	[jessie] - wireshark <not-affected> (Vulnerable code not present)
@@ -3281,7 +3284,6 @@
 	NOTE: https://code.wireshark.org/review/16965
 	NOTE: Affected versions: 2.0.0 to 2.0.5
 	NOTE: Fixed versions: 2.0.6
-	TODO: double-check older version
 CVE-2016-1000222
 	RESERVED
 	- logstash <itp> (bug #664841)
@@ -3706,7 +3708,7 @@
 	- xen <unfixed>
 	NOTE: http://xenbits.xen.org/xsa/advisory-185.html
 CVE-2016-7090 (The integrated web server on Siemens SCALANCE M-800 and S615 modules ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2016-7098 (Race condition in wget 1.17 and earlier, when used in recursive or ...)
 	- wget 1.18-4 (low; bug #836503)
 	[jessie] - wget <no-dsa> (Minor issue)
@@ -3964,7 +3966,7 @@
 CVE-2016-6981
 	RESERVED
 CVE-2016-6980 (Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2016-6979
 	RESERVED
 CVE-2016-6978
@@ -4048,11 +4050,11 @@
 CVE-2016-6939
 	RESERVED
 CVE-2016-6938 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2016-6937 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2016-6936 (Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2016-6935
 	RESERVED
 CVE-2016-6934
@@ -4100,7 +4102,7 @@
 CVE-2016-6914
 	RESERVED
 CVE-2016-6913 (Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before ...)
-	TODO: check
+	NOT-FOR-US: OSSIM
 CVE-2016-6912
 	RESERVED
 CVE-2016-6911
@@ -4189,7 +4191,7 @@
 CVE-2016-6877
 	RESERVED
 CVE-2016-6876 (The RESOLV::lookup iRule command in F5 BIG-IP LTM, APM, ASM, and Link ...)
-	TODO: check
+	NOT-FOR-US: F5
 CVE-2016-6869
 	RESERVED
 CVE-2016-6868
@@ -4785,7 +4787,7 @@
 CVE-2016-6652
 	RESERVED
 CVE-2016-6651 (The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before ...)
-	TODO: check
+	NOT-FOR-US: Pivotal
 CVE-2016-6650
 	RESERVED
 CVE-2016-6649
@@ -4793,19 +4795,19 @@
 CVE-2016-6648
 	RESERVED
 CVE-2016-6647 (Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 ...)
-	TODO: check
+	NOT-FOR-US: EMC
 CVE-2016-6646
 	RESERVED
 CVE-2016-6645
 	RESERVED
 CVE-2016-6644 (EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows ...)
-	TODO: check
+	NOT-FOR-US: EMC
 CVE-2016-6643 (Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 ...)
-	TODO: check
+	NOT-FOR-US: EMC
 CVE-2016-6642 (Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before ...)
-	TODO: check
+	NOT-FOR-US: EMC
 CVE-2016-6641 (Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 ...)
-	TODO: check
+	NOT-FOR-US: EMC
 CVE-2016-6640
 	RESERVED
 CVE-2016-6639 (Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP ...)
@@ -4813,9 +4815,9 @@
 CVE-2016-6638
 	RESERVED
 CVE-2016-6637 (Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal ...)
-	TODO: check
+	NOT-FOR-US: Pivotal
 CVE-2016-6636 (The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) ...)
-	TODO: check
+	NOT-FOR-US: Pivotal
 CVE-2016-1000038
 	RESERVED
 CVE-2016-XXXX [RLE check for pixel offset less than 0]
@@ -5440,21 +5442,21 @@
 CVE-2016-6538
 	RESERVED
 CVE-2016-6537 (AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store ...)
-	TODO: check
+	NOT-FOR-US: AVer
 CVE-2016-6536 (The /setup URI on AVer Information EH6108H+ devices with firmware ...)
-	TODO: check
+	NOT-FOR-US: AVer
 CVE-2016-6535 (AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have ...)
-	TODO: check
+	NOT-FOR-US: AVer
 CVE-2016-6534
 	RESERVED
 CVE-2016-6533
 	RESERVED
 CVE-2016-6532 (DEXIS Imaging Suite 10 has a hardcoded password for the sa account, ...)
-	TODO: check
+	NOT-FOR-US: DEXIS
 CVE-2016-6531 (** DISPUTED ** Open Dental 16.1 and earlier has a hardcoded MySQL root ...)
-	TODO: check
+	NOT-FOR-US: Open Dental
 CVE-2016-6530 (Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default ...)
-	TODO: check
+	NOT-FOR-US: Dentsply Sirona
 CVE-2016-6529
 	RESERVED
 CVE-2016-6528
@@ -5489,7 +5491,7 @@
 	RESERVED
 	- manila-ui <unfixed> (bug #838017)
 CVE-2016-6518 (Memory leak in Huawei S9300, S5300, S5700, S6700, S7700, S9700, and ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2016-6517
 	RESERVED
 CVE-2016-6515 (The auth_password function in auth-passwd.c in sshd in OpenSSH before ...)
@@ -5826,49 +5828,49 @@
 CVE-2016-6416
 	RESERVED
 CVE-2016-6415 (The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2016-6414 (iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2016-6413 (The installation procedure on Cisco Application Policy Infrastructure ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2016-6412 (The Cisco Application-hosting Framework (CAF) component in Cisco IOS ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2016-6411 (Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2016-6410 (The Cisco Application-hosting Framework (CAF) component in Cisco IOS ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2016-6409 (The Data in Motion (DMo) component in Cisco IOS 15.6(1)T and IOS XE, ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2016-6408 (Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2016-6407 (Cisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2016-6406 (Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2016-6405 (Cisco Fog Director 1.0(0) for IOx allows remote authenticated users to ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2016-6404 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2016-6403 (The Data in Motion (DMo) application in Cisco IOS 15.6(1)T and IOS XE, ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2016-6402 (UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2016-6401 (Cisco Carrier Routing System (CRS) 5.1 and 5.1.4, as used in CRS ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2016-6400
 	RESERVED
 CVE-2016-6399 (Cisco ACE30 Application Control Engine Module through A5 3.3 and ACE ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2016-6398 (The PPTP server in Cisco IOS 15.5(3)M does not properly initialize ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2016-6397
 	RESERVED
 CVE-2016-6396 (Cisco Firepower Management Center before 6.1 and FireSIGHT System ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2016-6395 (Cross-site scripting (XSS) vulnerability in the web-based management ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2016-6394 (Session fixation vulnerability in Cisco Firepower Management Center ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2016-6393
 	RESERVED
 CVE-2016-6392
@@ -6176,7 +6178,6 @@
 	[wheezy] - flex <not-affected> (Issue introduced with 2.5.36)
 	NOTE: Intorduced by: https://github.com/westes/flex/commit/9ba3187a537d6a58d345f2874d06087fd4050399 (flex-2-5-36)
 	NOTE: Fixed by: https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466 (v2.6.1)
-	TODO: It needs to be evaluated which reverse reverse build-dependencies or sources using the generated code needs fixing/rebuild
 CVE-2016-6351 (The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), ...)
 	{DLA-574-1 DLA-573-1}
 	- qemu 1:2.6+dfsg-3.1 (bug #832621)
@@ -6220,7 +6221,7 @@
 CVE-2016-6277
 	RESERVED
 CVE-2016-6276 (Citrix Linux Virtual Delivery Agent (aka VDA, formerly Linux Virtual ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2016-6275
 	RESERVED
 CVE-2016-6274
@@ -7076,9 +7077,9 @@
 	NOTE: https://github.com/libgd/libgd/issues/209
 	NOTE: https://github.com/libgd/libgd/commit/82b80dcb70a7ca8986125ff412bceddafc896842 (gd-2.2.0)
 CVE-2016-6159 (The management interface of Huawei WS331a routers with software before ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2016-6158 (Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2016-6157
 	RESERVED
 CVE-2016-6156 (Race condition in the ec_device_ioctl_xcmd function in ...)
@@ -7104,7 +7105,7 @@
 CVE-2016-6147 (An unspecified interface in SAP TREX 7.10 Revision 63 allows remote ...)
 	NOT-FOR-US: SAP TREX
 CVE-2016-6146 (The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: SAP 
 CVE-2016-6145 (The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides ...)
 	NOT-FOR-US: SAP HANA
 CVE-2016-6144 (The SQL interface in SAP HANA before Revision 102 does not limit the ...)
@@ -7112,7 +7113,7 @@
 CVE-2016-6143
 	RESERVED
 CVE-2016-6142 (SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers ...)
-	TODO: check
+ 	NOT-FOR-US: SAP 
 CVE-2016-6141
 	RESERVED
 CVE-2016-6140 (SAP TREX 7.10 Revision 63 allows remote attackers to write to ...)
@@ -7122,7 +7123,7 @@
 CVE-2016-6138 (Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows ...)
 	NOT-FOR-US: SAP TREX
 CVE-2016-6137 (An unspecified function in SAP TREX 7.10 Revision 63 allows remote ...)
-	TODO: check
+ 	NOT-FOR-US: SAP 
 CVE-2016-6136 (Race condition in the audit_log_single_execve_arg function in ...)
 	{DSA-3659-1 DLA-609-1}
 	- linux 4.7.2-1
@@ -7341,7 +7342,7 @@
 CVE-2016-6039
 	RESERVED
 CVE-2016-6038 (Directory traversal vulnerability in Eclipse Help in IBM Tivoli ...)
-	TODO: check
+	NOT-FOR-US: Tivoli
 CVE-2016-6037
 	RESERVED
 CVE-2016-6036
@@ -7423,9 +7424,9 @@
 CVE-2016-5998
 	RESERVED
 CVE-2016-5997 (The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 ...)
-	TODO: check
+	NOT-FOR-US: IBM Tealeaf Customer Experience
 CVE-2016-5996 (The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 ...)
-	TODO: check
+	NOT-FOR-US: IBM Tealeaf Customer Experience
 CVE-2016-5995
 	RESERVED
 CVE-2016-5994
@@ -7463,9 +7464,9 @@
 CVE-2016-5978 (Cross-site scripting (XSS) vulnerability in the Web UI in the web ...)
 	TODO: check
 CVE-2016-5977 (Open redirect vulnerability in the web portal in IBM Tealeaf Customer ...)
-	TODO: check
+	NOT-FOR-US: IBM Tealeaf Customer Experience
 CVE-2016-5976 (The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 ...)
-	TODO: check
+	NOT-FOR-US: IBM Tealeaf Customer Experience
 CVE-2016-5975 (Cross-site scripting (XSS) vulnerability in the Web UI in the web ...)
 	TODO: check
 CVE-2016-5974 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security ...)
@@ -7473,11 +7474,11 @@
 CVE-2016-5973
 	RESERVED
 CVE-2016-5972 (IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x ...)
-	TODO: check
+	NOT-FOR-US: IBM Security Privileged Identity Manager
 CVE-2016-5971 (IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x ...)
-	TODO: check
+	NOT-FOR-US: IBM Security Privileged Identity Manager
 CVE-2016-5970 (Directory traversal vulnerability in IBM Security Privileged Identity ...)
-	TODO: check
+	NOT-FOR-US: IBM Security Privileged Identity Manager
 CVE-2016-5969
 	RESERVED
 CVE-2016-5968




More information about the Secure-testing-commits mailing list