[Secure-testing-commits] r45813 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Oct 31 21:10:26 UTC 2016
Author: sectracker
Date: 2016-10-31 21:10:26 +0000 (Mon, 31 Oct 2016)
New Revision: 45813
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-31 20:19:51 UTC (rev 45812)
+++ data/CVE/list 2016-10-31 21:10:26 UTC (rev 45813)
@@ -1,8 +1,61 @@
+CVE-2016-9120
+ RESERVED
+CVE-2016-9119
+ RESERVED
+CVE-2016-9118 (Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of ...)
+ TODO: check
+CVE-2016-9117 (NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in ...)
+ TODO: check
+CVE-2016-9116 (NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in ...)
+ TODO: check
+CVE-2016-9115 (Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in ...)
+ TODO: check
+CVE-2016-9114 (There is a NULL Pointer Access in function imagetopnm of ...)
+ TODO: check
+CVE-2016-9113 (There is a NULL pointer dereference in function imagetobmp of ...)
+ TODO: check
+CVE-2016-9112 (Floating Point Exception (aka FPE or divide by zero) in ...)
+ TODO: check
+CVE-2016-9111
+ RESERVED
+CVE-2016-9110
+ RESERVED
+CVE-2016-9100
+ RESERVED
+CVE-2016-9099
+ RESERVED
+CVE-2016-9098
+ RESERVED
+CVE-2016-9097
+ RESERVED
+CVE-2016-9096
+ RESERVED
+CVE-2016-9095
+ RESERVED
+CVE-2016-9094
+ RESERVED
+CVE-2016-9093
+ RESERVED
+CVE-2016-9092
+ RESERVED
+CVE-2016-9091
+ RESERVED
+CVE-2016-9090
+ RESERVED
+CVE-2016-9089
+ RESERVED
+CVE-2015-8967
+ RESERVED
+CVE-2015-8966
+ RESERVED
CVE-2016-9109
+ RESERVED
NOT-FOR-US: MuJS
CVE-2016-9108
+ RESERVED
NOT-FOR-US: MuJS
CVE-2016-9107 [gajim: otr plugin cleartext leak]
+ RESERVED
- gajim-otr <itp> (bug #722130)
NOTE: Upstream bug: https://trac-plugins.gajim.org/ticket/145
NOTE: Upstream fix: https://trac-plugins.gajim.org/changeset/c7c2e519ed63377bc943dd01c4661b0fe49321ae
@@ -12,6 +65,7 @@
CVE-2014-9909
RESERVED
CVE-2016-9106 [9pfs: memory leakage in v9fs_write]
+ RESERVED
{DLA-689-1}
- qemu <unfixed> (bug #842463)
- qemu-kvm <removed>
@@ -21,6 +75,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/4
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=fdfcc9aeea1492f4b819a24c94dfb678145b1bf9
CVE-2016-9105 [memory leakage in v9fs_link]
+ RESERVED
{DLA-689-1}
- qemu <unfixed> (bug #842463)
- qemu-kvm <removed>
@@ -30,6 +85,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/3
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=4c1586787ff43c9acd18a56c12d720e3e6be9f7c
CVE-2016-9104 [9pfs: integer overflow leading to OOB access]
+ RESERVED
{DLA-689-1}
- qemu <unfixed> (bug #842463)
- qemu-kvm <removed>
@@ -38,6 +94,7 @@
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.html
NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/2
CVE-2016-9103 [9pfs: information leakage via xattribute]
+ RESERVED
{DLA-689-1}
- qemu <unfixed> (bug #842463)
- qemu-kvm <removed>
@@ -47,6 +104,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/1
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=eb687602853b4ae656e9236ee4222609f3a6887d
CVE-2016-9102 [memory leakage when creating extended attribute]
+ RESERVED
{DLA-689-1}
- qemu <unfixed> (bug #842463)
- qemu-kvm <removed>
@@ -57,6 +115,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/10/27/15
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ff55e94d23ae94c8628b0115320157c763eb3e06
CVE-2016-9101 [net: eepro100 memory leakage at device unplug]
+ RESERVED
{DLA-689-1}
- qemu <unfixed> (bug #842455)
- qemu-kvm <removed>
@@ -198,8 +257,8 @@
RESERVED
CVE-2016-9029
RESERVED
-CVE-2016-9028
- RESERVED
+CVE-2016-9028 (Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 ...)
+ TODO: check
CVE-2016-9027
RESERVED
CVE-2016-9026
@@ -218,10 +277,10 @@
RESERVED
CVE-2016-9019
RESERVED
-CVE-2016-9018
- RESERVED
-CVE-2016-9017
- RESERVED
+CVE-2016-9018 (Improper handling of a repeating VRAT chunk in qcpfformat.dll allows ...)
+ TODO: check
+CVE-2016-9017 (Artifex Software, Inc. MuJS before ...)
+ TODO: check
CVE-2016-9015 [certificate verification failure]
RESERVED
- python-urllib3 <not-affected> (Issue only present in 1.17 and 1.18 releases)
@@ -482,36 +541,36 @@
RESERVED
CVE-2016-8890
RESERVED
-CVE-2016-8889
- RESERVED
+CVE-2016-8889 (In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 ...)
+ TODO: check
CVE-2016-8888
RESERVED
-CVE-2016-8879
- RESERVED
-CVE-2016-8878
- RESERVED
-CVE-2016-8877
- RESERVED
-CVE-2016-8876
- RESERVED
-CVE-2016-8875
- RESERVED
+CVE-2016-8879 (The thumbnail shell extension plugin (FoxitThumbnailHndlr_x86.dll) in ...)
+ TODO: check
+CVE-2016-8878 (Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before ...)
+ TODO: check
+CVE-2016-8877 (Heap buffer overflow (Out-of-Bounds write) vulnerability in Foxit ...)
+ TODO: check
+CVE-2016-8876 (Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before ...)
+ TODO: check
+CVE-2016-8875 (The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 8.1 on ...)
+ TODO: check
CVE-2016-8874
RESERVED
CVE-2016-8873
RESERVED
CVE-2016-8872
RESERVED
-CVE-2016-8871
- RESERVED
+CVE-2016-8871 (In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding ...)
+ TODO: check
CVE-2016-8870
RESERVED
CVE-2016-8869
RESERVED
CVE-2016-8868
RESERVED
-CVE-2016-8867
- RESERVED
+CVE-2016-8867 (Docker Engine 1.12.2 enabled ambient capabilities with misconfigured ...)
+ TODO: check
CVE-2016-8865
RESERVED
CVE-2016-8864
@@ -525,8 +584,8 @@
RESERVED
CVE-2016-8857
RESERVED
-CVE-2016-8856
- RESERVED
+CVE-2016-8856 (Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux ...)
+ TODO: check
CVE-2016-8855
RESERVED
CVE-2016-8854
@@ -1265,16 +1324,16 @@
RESERVED
CVE-2016-8603
RESERVED
-CVE-2016-8600
- RESERVED
+CVE-2016-8600 (In dotCMS 3.2.1, attacker can load captcha once, fill it with correct ...)
+ TODO: check
CVE-2016-8599
RESERVED
-CVE-2016-8598
- RESERVED
-CVE-2016-8597
- RESERVED
-CVE-2016-8596
- RESERVED
+CVE-2016-8598 (Buffer overflow in the zmq interface in csp_if_zmqhub.c in the libcsp ...)
+ TODO: check
+CVE-2016-8597 (Buffer overflow in the csp_sfp_recv_fp in csp_sfp.c in the libcsp ...)
+ TODO: check
+CVE-2016-8596 (Buffer overflow in the csp_can_process_frame in csp_if_can.c in the ...)
+ TODO: check
CVE-2016-8595
RESERVED
CVE-2016-8594
@@ -1335,16 +1394,15 @@
RESERVED
CVE-2016-8584
RESERVED
-CVE-2016-8583
- RESERVED
-CVE-2016-8582
- RESERVED
-CVE-2016-8581
- RESERVED
-CVE-2016-8580
- RESERVED
-CVE-2016-8579 [infinite loop in deps walking]
- RESERVED
+CVE-2016-8583 (Multiple GET parameters in the vulnerability scan scheduler of ...)
+ TODO: check
+CVE-2016-8582 (A vulnerability exists in gauge.php of AlienVault OSSIM and USM before ...)
+ TODO: check
+CVE-2016-8581 (A persistent XSS vulnerability exists in the User-Agent header of the ...)
+ TODO: check
+CVE-2016-8580 (PHP object injection vulnerabilities exist in multiple widget files in ...)
+ TODO: check
+CVE-2016-8579 (docker2aci <= 0.12.3 has an infinite loop when handling local images ...)
- golang-github-appc-docker2aci 0.12.3+dfsg-2 (bug #840711)
NOTE: https://github.com/appc/docker2aci/issues/203
NOTE: https://github.com/lucab/docker2aci/commit/54331ec7020e102935c31096f336d31f6400064f
@@ -1987,8 +2045,7 @@
RESERVED
CVE-2016-8340
RESERVED
-CVE-2016-8339
- RESERVED
+CVE-2016-8339 (A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code ...)
- redis 3:3.2.4-1
[jessie] - redis <not-affected> (Vulnerable code introduced later)
[wheezy] - redis <not-affected> (Vulnerable code not present)
@@ -2001,19 +2058,17 @@
RESERVED
CVE-2016-8336
RESERVED
-CVE-2016-8335
- RESERVED
+CVE-2016-8335 (An exploitable stack based buffer overflow vulnerability exists in the ...)
+ TODO: check
CVE-2016-8334
RESERVED
-CVE-2016-8333
- RESERVED
-CVE-2016-8332
- RESERVED
+CVE-2016-8333 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
+ TODO: check
+CVE-2016-8332 (A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution ...)
- openjpeg2 2.1.2-1
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0193/
NOTE: https://github.com/uclouvain/openjpeg/pull/820
-CVE-2016-8331 [type confusion vulnerability resulting in remote code execution]
- RESERVED
+CVE-2016-8331 (An exploitable remote code execution vulnerability exists in the ...)
- tiff <unfixed>
- tiff3 <removed>
[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
@@ -3459,14 +3514,14 @@
RESERVED
CVE-2016-7992
RESERVED
-CVE-2016-7991
- RESERVED
-CVE-2016-7990
- RESERVED
-CVE-2016-7989
- RESERVED
-CVE-2016-7988
- RESERVED
+CVE-2016-7991 (On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores ...)
+ TODO: check
+CVE-2016-7990 (On Samsung Galaxy S4 through S7 devices, an integer overflow condition ...)
+ TODO: check
+CVE-2016-7989 (On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS ...)
+ TODO: check
+CVE-2016-7988 (On Samsung Galaxy S4 through S7 devices, absence of permissions on the ...)
+ TODO: check
CVE-2016-7987
RESERVED
CVE-2016-7986
@@ -3560,10 +3615,10 @@
- kdepimlibs 4:4.14.10-7 (bug #840546)
- kcoreaddons 5.26.0-3 (bug #840547)
NOTE: https://www.kde.org/info/security/advisory-20161006-1.txt
-CVE-2016-7965
- RESERVED
-CVE-2016-7964
- RESERVED
+CVE-2016-7965 (DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the ...)
+ TODO: check
+CVE-2016-7964 (The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php ...)
+ TODO: check
CVE-2016-7963
RESERVED
CVE-2016-7962
@@ -3706,8 +3761,8 @@
RESERVED
CVE-2016-7920
RESERVED
-CVE-2016-7919
- RESERVED
+CVE-2016-7919 (** DISPUTED ** Moodle 3.1.2 allows remote attackers to obtain ...)
+ TODO: check
CVE-2016-7918
RESERVED
CVE-2016-7917
@@ -4595,12 +4650,12 @@
RESERVED
CVE-2016-7507
RESERVED
-CVE-2016-7506
- RESERVED
-CVE-2016-7505
- RESERVED
-CVE-2016-7504
- RESERVED
+CVE-2016-7506 (An out-of-bounds read vulnerability was observed in Sp_replace_regexp ...)
+ TODO: check
+CVE-2016-7505 (A buffer overflow vulnerability was observed in divby function of ...)
+ TODO: check
+CVE-2016-7504 (A use-after-free vulnerability was observed in Rp_toString function of ...)
+ TODO: check
CVE-2016-7503
RESERVED
CVE-2016-7502
@@ -8261,6 +8316,7 @@
NOT-FOR-US: ovirt-engine
CVE-2016-6321 [Bypassing the extract path name]
RESERVED
+ {DLA-690-1}
- tar 1.29b-1.1 (bug #842339)
NOTE: https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt
NOTE: POC in https://sintonen.fi/advisories/tar-poc.tar (etc/shadow should not be extracted when asking for etc/motd)
@@ -9791,8 +9847,8 @@
RESERVED
CVE-2016-5921
RESERVED
-CVE-2016-5920
- RESERVED
+CVE-2016-5920 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
+ TODO: check
CVE-2016-5919
RESERVED
CVE-2016-5918
@@ -12814,7 +12870,7 @@
- chromium-browser 52.0.2743.82-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5131 (Use-after-free vulnerability in libxml2 through 2.9.4, as used in ...)
- {DSA-3637-1}
+ {DSA-3637-1 DLA-691-1}
- chromium-browser 52.0.2743.82-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
- libxml2 2.9.4+dfsg1-2.1 (bug #840554)
@@ -14342,6 +14398,7 @@
CVE-2016-4659
RESERVED
CVE-2016-4658 (libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and ...)
+ {DLA-691-1}
- libxml2 2.9.4+dfsg1-2.1 (bug #840553)
NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b
CVE-2016-4657 (WebKit in Apple iOS before 9.3.5 allows remote attackers to execute ...)
@@ -15251,14 +15308,14 @@
RESERVED
CVE-2016-4397
RESERVED
-CVE-2016-4396
- RESERVED
-CVE-2016-4395
- RESERVED
-CVE-2016-4394
- RESERVED
-CVE-2016-4393
- RESERVED
+CVE-2016-4396 (HPE System Management Homepage before v7.6 allows remote attackers to ...)
+ TODO: check
+CVE-2016-4395 (HPE System Management Homepage before v7.6 allows remote attackers to ...)
+ TODO: check
+CVE-2016-4394 (HPE System Management Homepage before v7.6 allows remote attackers to ...)
+ TODO: check
+CVE-2016-4393 (HPE System Management Homepage before v7.6 allows "remote ...)
+ TODO: check
CVE-2016-4392
RESERVED
CVE-2016-4391
@@ -18916,8 +18973,8 @@
NOTE: https://github.com/FFmpeg/FFmpeg/commit/689e59b7ffed34eba6159dcc78e87133862e3746 (n0.11)
CVE-2016-3061
RESERVED
-CVE-2016-3060
- RESERVED
+CVE-2016-3060 (Payments Director in IBM Financial Transaction Manager (FTM) for ACH ...)
+ TODO: check
CVE-2016-3059 (IBM Tivoli Storage Manager for Databases: Data Protection for ...)
TODO: check
CVE-2016-3058
More information about the Secure-testing-commits
mailing list