[Secure-testing-commits] r45559 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Oct 24 21:10:12 UTC 2016
Author: sectracker
Date: 2016-10-24 21:10:12 +0000 (Mon, 24 Oct 2016)
New Revision: 45559
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-24 20:09:23 UTC (rev 45558)
+++ data/CVE/list 2016-10-24 21:10:12 UTC (rev 45559)
@@ -1,3 +1,395 @@
+CVE-2016-8908
+ RESERVED
+CVE-2016-8907
+ RESERVED
+CVE-2016-8906
+ RESERVED
+CVE-2016-8905
+ RESERVED
+CVE-2016-8904
+ RESERVED
+CVE-2016-8903
+ RESERVED
+CVE-2016-8902
+ RESERVED
+CVE-2016-8901
+ RESERVED
+CVE-2016-8900
+ RESERVED
+CVE-2016-8899
+ RESERVED
+CVE-2016-8898
+ RESERVED
+CVE-2016-8897
+ RESERVED
+CVE-2016-8896
+ RESERVED
+CVE-2016-8895
+ RESERVED
+CVE-2016-8894
+ RESERVED
+CVE-2016-8893
+ RESERVED
+CVE-2016-8892
+ RESERVED
+CVE-2016-8891
+ RESERVED
+CVE-2016-8890
+ RESERVED
+CVE-2016-8889
+ RESERVED
+CVE-2016-8888
+ RESERVED
+CVE-2016-8879
+ RESERVED
+CVE-2016-8878
+ RESERVED
+CVE-2016-8877
+ RESERVED
+CVE-2016-8876
+ RESERVED
+CVE-2016-8875
+ RESERVED
+CVE-2016-8874
+ RESERVED
+CVE-2016-8873
+ RESERVED
+CVE-2016-8872
+ RESERVED
+CVE-2016-8871
+ RESERVED
+CVE-2016-8870
+ RESERVED
+CVE-2016-8869
+ RESERVED
+CVE-2016-8868
+ RESERVED
+CVE-2016-8867
+ RESERVED
+CVE-2016-8865
+ RESERVED
+CVE-2016-8864
+ RESERVED
+CVE-2016-8863
+ RESERVED
+CVE-2016-8861
+ RESERVED
+CVE-2016-8857
+ RESERVED
+CVE-2016-8856
+ RESERVED
+CVE-2016-8855
+ RESERVED
+CVE-2016-8854
+ RESERVED
+CVE-2016-8853
+ RESERVED
+CVE-2016-8852
+ RESERVED
+CVE-2016-8851
+ RESERVED
+CVE-2016-8850
+ RESERVED
+CVE-2016-8849
+ RESERVED
+CVE-2016-8848
+ RESERVED
+CVE-2016-8847
+ RESERVED
+CVE-2016-8846
+ RESERVED
+CVE-2016-8845
+ RESERVED
+CVE-2016-8844
+ RESERVED
+CVE-2016-8843
+ RESERVED
+CVE-2016-8842
+ RESERVED
+CVE-2016-8841
+ RESERVED
+CVE-2016-8840
+ RESERVED
+CVE-2016-8839
+ RESERVED
+CVE-2016-8838
+ RESERVED
+CVE-2016-8837
+ RESERVED
+CVE-2016-8836
+ RESERVED
+CVE-2016-8835
+ RESERVED
+CVE-2016-8834
+ RESERVED
+CVE-2016-8833
+ RESERVED
+CVE-2016-8832
+ RESERVED
+CVE-2016-8831
+ RESERVED
+CVE-2016-8830
+ RESERVED
+CVE-2016-8829
+ RESERVED
+CVE-2016-8828
+ RESERVED
+CVE-2016-8827
+ RESERVED
+CVE-2016-8826
+ RESERVED
+CVE-2016-8825
+ RESERVED
+CVE-2016-8824
+ RESERVED
+CVE-2016-8823
+ RESERVED
+CVE-2016-8822
+ RESERVED
+CVE-2016-8821
+ RESERVED
+CVE-2016-8820
+ RESERVED
+CVE-2016-8819
+ RESERVED
+CVE-2016-8818
+ RESERVED
+CVE-2016-8817
+ RESERVED
+CVE-2016-8816
+ RESERVED
+CVE-2016-8815
+ RESERVED
+CVE-2016-8814
+ RESERVED
+CVE-2016-8813
+ RESERVED
+CVE-2016-8812
+ RESERVED
+CVE-2016-8811
+ RESERVED
+CVE-2016-8810
+ RESERVED
+CVE-2016-8809
+ RESERVED
+CVE-2016-8808
+ RESERVED
+CVE-2016-8807
+ RESERVED
+CVE-2016-8806
+ RESERVED
+CVE-2016-8805
+ RESERVED
+CVE-2016-8804
+ RESERVED
+CVE-2016-8803
+ RESERVED
+CVE-2016-8802
+ RESERVED
+CVE-2016-8801
+ RESERVED
+CVE-2016-8800
+ RESERVED
+CVE-2016-8799
+ RESERVED
+CVE-2016-8798
+ RESERVED
+CVE-2016-8797
+ RESERVED
+CVE-2016-8796
+ RESERVED
+CVE-2016-8795
+ RESERVED
+CVE-2016-8794
+ RESERVED
+CVE-2016-8793
+ RESERVED
+CVE-2016-8792
+ RESERVED
+CVE-2016-8791
+ RESERVED
+CVE-2016-8790
+ RESERVED
+CVE-2016-8789
+ RESERVED
+CVE-2016-8788
+ RESERVED
+CVE-2016-8787
+ RESERVED
+CVE-2016-8786
+ RESERVED
+CVE-2016-8785
+ RESERVED
+CVE-2016-8784
+ RESERVED
+CVE-2016-8783
+ RESERVED
+CVE-2016-8782
+ RESERVED
+CVE-2016-8781
+ RESERVED
+CVE-2016-8780
+ RESERVED
+CVE-2016-8779
+ RESERVED
+CVE-2016-8778
+ RESERVED
+CVE-2016-8777
+ RESERVED
+CVE-2016-8776
+ RESERVED
+CVE-2016-8775
+ RESERVED
+CVE-2016-8774
+ RESERVED
+CVE-2016-8773
+ RESERVED
+CVE-2016-8772
+ RESERVED
+CVE-2016-8771
+ RESERVED
+CVE-2016-8770
+ RESERVED
+CVE-2016-8769
+ RESERVED
+CVE-2016-8768
+ RESERVED
+CVE-2016-8767
+ RESERVED
+CVE-2016-8766
+ RESERVED
+CVE-2016-8765
+ RESERVED
+CVE-2016-8764
+ RESERVED
+CVE-2016-8763
+ RESERVED
+CVE-2016-8762
+ RESERVED
+CVE-2016-8761
+ RESERVED
+CVE-2016-8760
+ RESERVED
+CVE-2016-8759
+ RESERVED
+CVE-2016-8758
+ RESERVED
+CVE-2016-8757
+ RESERVED
+CVE-2016-8756
+ RESERVED
+CVE-2016-8755
+ RESERVED
+CVE-2016-8754
+ RESERVED
+CVE-2016-8753
+ RESERVED
+CVE-2016-8752
+ RESERVED
+CVE-2016-8751
+ RESERVED
+CVE-2016-8750
+ RESERVED
+CVE-2016-8749
+ RESERVED
+CVE-2016-8748
+ RESERVED
+CVE-2016-8747
+ RESERVED
+CVE-2016-8746
+ RESERVED
+CVE-2016-8745
+ RESERVED
+CVE-2016-8744
+ RESERVED
+CVE-2016-8743
+ RESERVED
+CVE-2016-8742
+ RESERVED
+CVE-2016-8741
+ RESERVED
+CVE-2016-8740
+ RESERVED
+CVE-2016-8739
+ RESERVED
+CVE-2016-8738
+ RESERVED
+CVE-2016-8737
+ RESERVED
+CVE-2016-8736
+ RESERVED
+CVE-2016-8735
+ RESERVED
+CVE-2016-8734
+ RESERVED
+CVE-2016-8733
+ RESERVED
+CVE-2016-8732
+ RESERVED
+CVE-2016-8731
+ RESERVED
+CVE-2016-8730
+ RESERVED
+CVE-2016-8729
+ RESERVED
+CVE-2016-8728
+ RESERVED
+CVE-2016-8727
+ RESERVED
+CVE-2016-8726
+ RESERVED
+CVE-2016-8725
+ RESERVED
+CVE-2016-8724
+ RESERVED
+CVE-2016-8723
+ RESERVED
+CVE-2016-8722
+ RESERVED
+CVE-2016-8721
+ RESERVED
+CVE-2016-8720
+ RESERVED
+CVE-2016-8719
+ RESERVED
+CVE-2016-8718
+ RESERVED
+CVE-2016-8717
+ RESERVED
+CVE-2016-8716
+ RESERVED
+CVE-2016-8715
+ RESERVED
+CVE-2016-8714
+ RESERVED
+CVE-2016-8713
+ RESERVED
+CVE-2016-8712
+ RESERVED
+CVE-2016-8711
+ RESERVED
+CVE-2016-8710
+ RESERVED
+CVE-2016-8709
+ RESERVED
+CVE-2016-8708
+ RESERVED
+CVE-2016-8707
+ RESERVED
+CVE-2016-8706
+ RESERVED
+CVE-2016-8705
+ RESERVED
+CVE-2016-8704
+ RESERVED
+CVE-2016-1000036
+ RESERVED
+CVE-2016-1000035
+ RESERVED
+CVE-2016-1000034
+ RESERVED
+CVE-2016-1000032
+ RESERVED
CVE-2016-8910 [net: rtl8139: infinite loop while transmit in C+ mode]
- qemu <unfixed> (bug #841955)
- qemu-kvm <removed>
@@ -26,6 +418,7 @@
NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00002-jasper-NULLptr-jp2_colr_destroy
NOTE: https://blogs.gentoo.org/ago/2016/10/23/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c-incomplete-fix-for-cve-2016-8887
CVE-2016-8887 [NULL pointer dereference in jp2_colr_destroy (jp2_cod.c)]
+ RESERVED
- jasper <unfixed>
NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c
NOTE: Fixed by: https://github.com/mdadams/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d (version-1.900.10)
@@ -33,50 +426,62 @@
NOTE: https://blogs.gentoo.org/ago/2016/10/23/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c-incomplete-fix-for-cve-2016-8887
NOTE: and include the fix to not make jasper vulnerable to the incomplete fix.
CVE-2016-8886 [memory allocation failure in jas_malloc (jas_malloc.c)]
+ RESERVED
- jasper <unfixed>
NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-memory-allocation-failure-in-jas_malloc-jas_malloc-c
CVE-2016-XXXX [sendmail: Privilege escalation from group smmsp to root]
- sendmail <unfixed> (bug #841257)
CVE-2016-8885
+ RESERVED
- jasper <not-affected> (Incomplete fix for CVE-2016-8690 not applied)
NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690
CVE-2016-8884
+ RESERVED
- jasper <not-affected> (Incomplete fix for CVE-2016-8690 not applied)
NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690
CVE-2016-8883 [assert in jpc_dec_tiledecode()]
+ RESERVED
- jasper <unfixed>
NOTE: https://github.com/mdadams/jasper/issues/32
CVE-2016-8882 [segfault / null pointer access in jpc_pi_destroy]
+ RESERVED
- jasper <unfixed>
NOTE: https://github.com/mdadams/jasper/issues/30
NOTE: https://github.com/mdadams/jasper/commit/69a1439a5381e42b06ec6a06ed2675eb793babee (version-1.900.8)
CVE-2016-8881 [Heap overflow in jpc_getuint16()]
+ RESERVED
- jasper <unfixed>
NOTE: https://github.com/mdadams/jasper/issues/29
CVE-2016-8880 [Heap overflow in jpc_dec_cp_setfromcox()]
+ RESERVED
- jasper <unfixed>
NOTE: https://github.com/mdadams/jasper/issues/28
CVE-2016-8866 [memory allocation failure in AcquireMagickMemory (memory.c) (incomplete fix for CVE-2016-8862)]
+ RESERVED
- imagemagick <not-affected>
NOTE: For incomplete fix of CVE-2016-8862
NOTE: https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/
CVE-2016-8859
+ RESERVED
- tre <unfixed>
- musl <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2016/10/19/1
NOTE: Also check lib/tre-match-parallel.c
CVE-2016-8858 [Memory exhaustion due to unregistered KEXINIT handler after receiving message]
+ RESERVED
- openssh 1:7.3p1-2 (bug #841884)
[jessie] - openssh <no-dsa> (Minor issue)
[wheezy] - openssh <no-dsa> (Minor issue)
NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c?rev=1.127&content-type=text/x-cvsweb-markup
CVE-2016-8862 [imagemagick: memory allocation failure in AcquireMagickMemory (memory.c)]
+ RESERVED
- imagemagick <unfixed>
NOTE: https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/
NOTE: that the initial patch was incomplete and resulted in CVE-2016-8866. So when fixing
NOTE: this CVE make sure to fix it completely to not open up CVE-2016-8866.
NOTE: http://www.openwall.com/lists/oss-security/2016/10/17/4
CVE-2016-8860 [tor DoS]
+ RESERVED
{DSA-3694-1 DLA-663-1}
- tor 0.2.8.9-1
NOTE: https://trac.torproject.org/projects/tor/ticket/20384
@@ -252,7 +657,7 @@
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02461.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1384909
- NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=3592fe0c919cf27a81d8e9f9b4f269553418bb01
+ NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=3592fe0c919cf27a81d8e9f9b4f269553418bb01
CVE-2016-8668 [net: OOB buffer access in rocker switch emulation]
RESERVED
- qemu <unfixed> (bug #840948)
@@ -2940,12 +3345,12 @@
RESERVED
CVE-2016-7855
RESERVED
-CVE-2016-7854
- RESERVED
-CVE-2016-7853
- RESERVED
-CVE-2016-7852
- RESERVED
+CVE-2016-7854 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+ TODO: check
+CVE-2016-7853 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+ TODO: check
+CVE-2016-7852 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+ TODO: check
CVE-2016-7851
RESERVED
CVE-2016-7850
@@ -7749,16 +8154,16 @@
RESERVED
CVE-2016-1000120
RESERVED
-CVE-2016-1000119
- RESERVED
-CVE-2016-1000118
- RESERVED
-CVE-2016-1000117
- RESERVED
-CVE-2016-1000116
- RESERVED
-CVE-2016-1000115
- RESERVED
+CVE-2016-1000119 (SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla ...)
+ TODO: check
+CVE-2016-1000118 (XSS & SQLi in HugeIT slideshow v1.0.4 ...)
+ TODO: check
+CVE-2016-1000117 (XSS & SQLi in HugeIT slideshow v1.0.4 ...)
+ TODO: check
+CVE-2016-1000116 (Huge-IT Portfolio Gallery manager v1.1.5 SQL Injection and XSS ...)
+ TODO: check
+CVE-2016-1000115 (Huge-IT Portfolio Gallery manager v1.1.5 SQL Injection and XSS ...)
+ TODO: check
CVE-2016-1000114 (XSS in huge IT gallery v1.1.5 for Joomla ...)
TODO: check
CVE-2016-1000113 (XSS and SQLi in huge IT gallery v1.1.5 for Joomla ...)
@@ -7819,6 +8224,7 @@
CVE-2016-6249
RESERVED
CVE-2016-1000037
+ RESERVED
- pagure <itp> (bug #829046)
CVE-2016-1000030 [X.509 Certificates Improperly Imported]
RESERVED
@@ -18441,8 +18847,7 @@
NOTE: http://botan.randombit.net/security.html
NOTE: Introduced in 1.7.15, fixed in 1.11.29
NOTE: FIX https://github.com/randombit/botan/commit/bcf13fa153a11b3e0ad54e2af6962441cea3adf1
-CVE-2016-2848 [A packet with malformed options can trigger an assertion failure]
- RESERVED
+CVE-2016-2848 (ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows ...)
{DLA-672-1}
- bind9 1:9.9.3.dfsg.P2-1 (bug #839051)
NOTE: https://kb.isc.org/article/AA-01433
@@ -27528,8 +27933,8 @@
TODO: check
CVE-2016-0378
RESERVED
-CVE-2016-0377
- RESERVED
+CVE-2016-0377 (The Administrative Console in IBM WebSphere Application Server (WAS) ...)
+ TODO: check
CVE-2016-0376 (The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java ...)
NOT-FOR-US: IBM
CVE-2016-0375 (JMS Client in IBM MessageSight 1.1.x through 1.1.0.1, 1.2.x through ...)
@@ -27626,12 +28031,12 @@
TODO: check
CVE-2016-0329
RESERVED
-CVE-2016-0328
- RESERVED
+CVE-2016-0328 (IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x ...)
+ TODO: check
CVE-2016-0327
RESERVED
-CVE-2016-0326
- RESERVED
+CVE-2016-0326 (IBM Rational Quality Manager (RQM) and Rational Collaborative ...)
+ TODO: check
CVE-2016-0325
RESERVED
CVE-2016-0324
@@ -27788,30 +28193,30 @@
TODO: check
CVE-2016-0248 (IBM Security Guardium 9.0 before p700 and 10.0 before p100 allows ...)
TODO: check
-CVE-2016-0247
- RESERVED
-CVE-2016-0246
- RESERVED
+CVE-2016-0247 (IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, ...)
+ TODO: check
+CVE-2016-0246 (Cross-site scripting (XSS) vulnerability in IBM Security Guardium 8.2 ...)
+ TODO: check
CVE-2016-0245 (The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and ...)
NOT-FOR-US: IBM
CVE-2016-0244 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal ...)
NOT-FOR-US: IBM
CVE-2016-0243 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal ...)
NOT-FOR-US: IBM
-CVE-2016-0242
- RESERVED
-CVE-2016-0241
- RESERVED
-CVE-2016-0240
- RESERVED
-CVE-2016-0239
- RESERVED
+CVE-2016-0242 (IBM Security Guardium 10.x through 10.1 before p100 allows remote ...)
+ TODO: check
+CVE-2016-0241 (IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x ...)
+ TODO: check
+CVE-2016-0240 (IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x ...)
+ TODO: check
+CVE-2016-0239 (IBM Security Guardium Database Activity Monitor 9.x through 9.5 before ...)
+ TODO: check
CVE-2016-0238
RESERVED
CVE-2016-0237
RESERVED
-CVE-2016-0236
- RESERVED
+CVE-2016-0236 (IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x ...)
+ TODO: check
CVE-2016-0235
RESERVED
CVE-2016-0234
@@ -28456,6 +28861,7 @@
NOTE: upstream fixed in 2.6.9, 3.0.6 and 3.1.3
NOTE: http://www.openwall.com/lists/oss-security/2015/12/08/8
CVE-2016-1000033 [Shotwell does not verify TLS certificates]
+ RESERVED
- shotwell 0.22.0-3 (low; bug #807110)
[jessie] - shotwell <no-dsa> (Minor issue)
[wheezy] - shotwell <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list