[Secure-testing-commits] r44971 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Sun Oct 2 21:38:06 UTC 2016
Author: jmm
Date: 2016-10-02 21:38:06 +0000 (Sun, 02 Oct 2016)
New Revision: 44971
Modified:
data/CVE/list
Log:
new mpg123 issue
new systemd issues
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-02 21:10:12 UTC (rev 44970)
+++ data/CVE/list 2016-10-02 21:38:06 UTC (rev 44971)
@@ -1,3 +1,7 @@
+CVE-2016-XXXX [mpg123 memory overread]
+ - mpg123 <unfixed> (low)
+ [jessie] - mpg123 <no-dsa> (Minor issue)
+ NOTE: http://mpg123.org/bugs/240
CVE-2016-XXXX [nspr, nss: unprotected environment variables]
- nspr 2:4.12-1 (low)
- nss 2:3.23-1 (low)
@@ -302,7 +306,7 @@
CVE-2016-8280
RESERVED
CVE-2016-8279 (The video driver in Huawei Mate S smartphones with software CRR-TL00 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2016-8278
RESERVED
CVE-2016-8277
@@ -1907,8 +1911,13 @@
NOTE: https://github.com/ClusterLabs/pacemaker/commit/5ec24a26
CVE-2016-7796
RESERVED
+ - systemd 231-9
+ NOTE: https://github.com/systemd/systemd/issues/4234
CVE-2016-7795
RESERVED
+ - systemd 231-9
+ [jessie] - systemd <not-affected> (Introduced in 219)
+ [wheezy] - systemd <not-affected> (Introduced in 219)
CVE-2016-7794
RESERVED
- git-hub <unfixed> (bug #839284)
@@ -2774,7 +2783,6 @@
{DSA-3678-1}
- python-django 1:1.10-1 (low)
NOTE: https://www.djangoproject.com/weblog/2016/sep/26/security-releases/
- TODO: check older versions
CVE-2016-7400
RESERVED
NOT-FOR-US: Exponent CMS
@@ -3193,7 +3201,7 @@
CVE-2016-7192
RESERVED
CVE-2016-7191 (The Microsoft Azure Active Directory Passport (aka Passport-Azure-AD) ...)
- TODO: check
+ NOT-FOR-US: Microsoft Azure Active Directory Passport
CVE-2016-7190
RESERVED
CVE-2016-7189
@@ -3235,7 +3243,6 @@
NOTE: https://code.wireshark.org/review/17289
NOTE: Affected versions: 2.0.0 to 2.0.5
NOTE: Fixed versions: 2.0.6
- TODO: double-check older version
CVE-2016-7179 (Stack-based buffer overflow in ...)
{DSA-3671-1 DLA-632-1}
- wireshark 2.2.0~rc1+g438c022-1
@@ -3244,7 +3251,6 @@
NOTE: https://code.wireshark.org/review/17095
NOTE: Affected versions: 2.0.0 to 2.0.5
NOTE: Fixed versions: 2.0.6
- TODO: double-check older version
CVE-2016-7178 (epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark ...)
{DSA-3671-1 DLA-632-1}
- wireshark 2.2.0~rc1+g438c022-1
@@ -3253,7 +3259,6 @@
NOTE: https://code.wireshark.org/review/17094
NOTE: Affected versions: 2.0.0 to 2.0.5
NOTE: Fixed versions: 2.0.6
- TODO: double-check older version
CVE-2016-7177 (epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 ...)
{DSA-3671-1 DLA-632-1}
- wireshark 2.2.0~rc1+g438c022-1
@@ -3262,7 +3267,6 @@
NOTE: https://code.wireshark.org/review/17096
NOTE: Affected versions: 2.0.0 to 2.0.5
NOTE: Fixed versions: 2.0.6
- TODO: double-check older version
CVE-2016-7176 (epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x ...)
{DSA-3671-1 DLA-632-1}
- wireshark 2.2.0~rc1+g438c022-1
@@ -3271,7 +3275,6 @@
NOTE: https://code.wireshark.org/review/16852
NOTE: Affected versions: 2.0.0 to 2.0.5
NOTE: Fixed versions: 2.0.6
- TODO: double-check older version
CVE-2016-7175 (epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark ...)
- wireshark 2.2.0~rc1+g438c022-1
[jessie] - wireshark <not-affected> (Vulnerable code not present)
@@ -3281,7 +3284,6 @@
NOTE: https://code.wireshark.org/review/16965
NOTE: Affected versions: 2.0.0 to 2.0.5
NOTE: Fixed versions: 2.0.6
- TODO: double-check older version
CVE-2016-1000222
RESERVED
- logstash <itp> (bug #664841)
@@ -3706,7 +3708,7 @@
- xen <unfixed>
NOTE: http://xenbits.xen.org/xsa/advisory-185.html
CVE-2016-7090 (The integrated web server on Siemens SCALANCE M-800 and S615 modules ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2016-7098 (Race condition in wget 1.17 and earlier, when used in recursive or ...)
- wget 1.18-4 (low; bug #836503)
[jessie] - wget <no-dsa> (Minor issue)
@@ -3964,7 +3966,7 @@
CVE-2016-6981
RESERVED
CVE-2016-6980 (Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-6979
RESERVED
CVE-2016-6978
@@ -4048,11 +4050,11 @@
CVE-2016-6939
RESERVED
CVE-2016-6938 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-6937 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-6936 (Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-6935
RESERVED
CVE-2016-6934
@@ -4100,7 +4102,7 @@
CVE-2016-6914
RESERVED
CVE-2016-6913 (Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before ...)
- TODO: check
+ NOT-FOR-US: OSSIM
CVE-2016-6912
RESERVED
CVE-2016-6911
@@ -4189,7 +4191,7 @@
CVE-2016-6877
RESERVED
CVE-2016-6876 (The RESOLV::lookup iRule command in F5 BIG-IP LTM, APM, ASM, and Link ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2016-6869
RESERVED
CVE-2016-6868
@@ -4785,7 +4787,7 @@
CVE-2016-6652
RESERVED
CVE-2016-6651 (The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before ...)
- TODO: check
+ NOT-FOR-US: Pivotal
CVE-2016-6650
RESERVED
CVE-2016-6649
@@ -4793,19 +4795,19 @@
CVE-2016-6648
RESERVED
CVE-2016-6647 (Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2016-6646
RESERVED
CVE-2016-6645
RESERVED
CVE-2016-6644 (EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2016-6643 (Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2016-6642 (Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2016-6641 (Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2016-6640
RESERVED
CVE-2016-6639 (Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP ...)
@@ -4813,9 +4815,9 @@
CVE-2016-6638
RESERVED
CVE-2016-6637 (Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal ...)
- TODO: check
+ NOT-FOR-US: Pivotal
CVE-2016-6636 (The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) ...)
- TODO: check
+ NOT-FOR-US: Pivotal
CVE-2016-1000038
RESERVED
CVE-2016-XXXX [RLE check for pixel offset less than 0]
@@ -5440,21 +5442,21 @@
CVE-2016-6538
RESERVED
CVE-2016-6537 (AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store ...)
- TODO: check
+ NOT-FOR-US: AVer
CVE-2016-6536 (The /setup URI on AVer Information EH6108H+ devices with firmware ...)
- TODO: check
+ NOT-FOR-US: AVer
CVE-2016-6535 (AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have ...)
- TODO: check
+ NOT-FOR-US: AVer
CVE-2016-6534
RESERVED
CVE-2016-6533
RESERVED
CVE-2016-6532 (DEXIS Imaging Suite 10 has a hardcoded password for the sa account, ...)
- TODO: check
+ NOT-FOR-US: DEXIS
CVE-2016-6531 (** DISPUTED ** Open Dental 16.1 and earlier has a hardcoded MySQL root ...)
- TODO: check
+ NOT-FOR-US: Open Dental
CVE-2016-6530 (Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default ...)
- TODO: check
+ NOT-FOR-US: Dentsply Sirona
CVE-2016-6529
RESERVED
CVE-2016-6528
@@ -5489,7 +5491,7 @@
RESERVED
- manila-ui <unfixed> (bug #838017)
CVE-2016-6518 (Memory leak in Huawei S9300, S5300, S5700, S6700, S7700, S9700, and ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2016-6517
RESERVED
CVE-2016-6515 (The auth_password function in auth-passwd.c in sshd in OpenSSH before ...)
@@ -5826,49 +5828,49 @@
CVE-2016-6416
RESERVED
CVE-2016-6415 (The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-6414 (iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-6413 (The installation procedure on Cisco Application Policy Infrastructure ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-6412 (The Cisco Application-hosting Framework (CAF) component in Cisco IOS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-6411 (Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-6410 (The Cisco Application-hosting Framework (CAF) component in Cisco IOS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-6409 (The Data in Motion (DMo) component in Cisco IOS 15.6(1)T and IOS XE, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-6408 (Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-6407 (Cisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-6406 (Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-6405 (Cisco Fog Director 1.0(0) for IOx allows remote authenticated users to ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-6404 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-6403 (The Data in Motion (DMo) application in Cisco IOS 15.6(1)T and IOS XE, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-6402 (UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-6401 (Cisco Carrier Routing System (CRS) 5.1 and 5.1.4, as used in CRS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-6400
RESERVED
CVE-2016-6399 (Cisco ACE30 Application Control Engine Module through A5 3.3 and ACE ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-6398 (The PPTP server in Cisco IOS 15.5(3)M does not properly initialize ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-6397
RESERVED
CVE-2016-6396 (Cisco Firepower Management Center before 6.1 and FireSIGHT System ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-6395 (Cross-site scripting (XSS) vulnerability in the web-based management ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-6394 (Session fixation vulnerability in Cisco Firepower Management Center ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-6393
RESERVED
CVE-2016-6392
@@ -6176,7 +6178,6 @@
[wheezy] - flex <not-affected> (Issue introduced with 2.5.36)
NOTE: Intorduced by: https://github.com/westes/flex/commit/9ba3187a537d6a58d345f2874d06087fd4050399 (flex-2-5-36)
NOTE: Fixed by: https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466 (v2.6.1)
- TODO: It needs to be evaluated which reverse reverse build-dependencies or sources using the generated code needs fixing/rebuild
CVE-2016-6351 (The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), ...)
{DLA-574-1 DLA-573-1}
- qemu 1:2.6+dfsg-3.1 (bug #832621)
@@ -6220,7 +6221,7 @@
CVE-2016-6277
RESERVED
CVE-2016-6276 (Citrix Linux Virtual Delivery Agent (aka VDA, formerly Linux Virtual ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2016-6275
RESERVED
CVE-2016-6274
@@ -7076,9 +7077,9 @@
NOTE: https://github.com/libgd/libgd/issues/209
NOTE: https://github.com/libgd/libgd/commit/82b80dcb70a7ca8986125ff412bceddafc896842 (gd-2.2.0)
CVE-2016-6159 (The management interface of Huawei WS331a routers with software before ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2016-6158 (Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2016-6157
RESERVED
CVE-2016-6156 (Race condition in the ec_device_ioctl_xcmd function in ...)
@@ -7104,7 +7105,7 @@
CVE-2016-6147 (An unspecified interface in SAP TREX 7.10 Revision 63 allows remote ...)
NOT-FOR-US: SAP TREX
CVE-2016-6146 (The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2016-6145 (The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides ...)
NOT-FOR-US: SAP HANA
CVE-2016-6144 (The SQL interface in SAP HANA before Revision 102 does not limit the ...)
@@ -7112,7 +7113,7 @@
CVE-2016-6143
RESERVED
CVE-2016-6142 (SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2016-6141
RESERVED
CVE-2016-6140 (SAP TREX 7.10 Revision 63 allows remote attackers to write to ...)
@@ -7122,7 +7123,7 @@
CVE-2016-6138 (Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows ...)
NOT-FOR-US: SAP TREX
CVE-2016-6137 (An unspecified function in SAP TREX 7.10 Revision 63 allows remote ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2016-6136 (Race condition in the audit_log_single_execve_arg function in ...)
{DSA-3659-1 DLA-609-1}
- linux 4.7.2-1
@@ -7341,7 +7342,7 @@
CVE-2016-6039
RESERVED
CVE-2016-6038 (Directory traversal vulnerability in Eclipse Help in IBM Tivoli ...)
- TODO: check
+ NOT-FOR-US: Tivoli
CVE-2016-6037
RESERVED
CVE-2016-6036
@@ -7423,9 +7424,9 @@
CVE-2016-5998
RESERVED
CVE-2016-5997 (The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 ...)
- TODO: check
+ NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2016-5996 (The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 ...)
- TODO: check
+ NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2016-5995
RESERVED
CVE-2016-5994
@@ -7463,9 +7464,9 @@
CVE-2016-5978 (Cross-site scripting (XSS) vulnerability in the Web UI in the web ...)
TODO: check
CVE-2016-5977 (Open redirect vulnerability in the web portal in IBM Tealeaf Customer ...)
- TODO: check
+ NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2016-5976 (The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 ...)
- TODO: check
+ NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2016-5975 (Cross-site scripting (XSS) vulnerability in the Web UI in the web ...)
TODO: check
CVE-2016-5974 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security ...)
@@ -7473,11 +7474,11 @@
CVE-2016-5973
RESERVED
CVE-2016-5972 (IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x ...)
- TODO: check
+ NOT-FOR-US: IBM Security Privileged Identity Manager
CVE-2016-5971 (IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x ...)
- TODO: check
+ NOT-FOR-US: IBM Security Privileged Identity Manager
CVE-2016-5970 (Directory traversal vulnerability in IBM Security Privileged Identity ...)
- TODO: check
+ NOT-FOR-US: IBM Security Privileged Identity Manager
CVE-2016-5969
RESERVED
CVE-2016-5968
More information about the Secure-testing-commits
mailing list