[Secure-testing-commits] r50866 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Apr 20 21:10:12 UTC 2017
Author: sectracker
Date: 2017-04-20 21:10:12 +0000 (Thu, 20 Apr 2017)
New Revision: 50866
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-20 21:03:06 UTC (rev 50865)
+++ data/CVE/list 2017-04-20 21:10:12 UTC (rev 50866)
@@ -1,3 +1,9 @@
+CVE-2017-7982 (Integer overflow in the plist_from_bin function in bplist.c in ...)
+ TODO: check
+CVE-2017-7981
+ RESERVED
+CVE-2017-7980
+ RESERVED
CVE-2017-7978 (Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software ...)
TODO: check
CVE-2017-7979 (The cookie feature in the packet action API implementation in ...)
@@ -108,8 +114,8 @@
NOT-FOR-US: ImageWorsener
CVE-2017-7939 (The read_next_pam_token function in imagew-pnm.c in libimageworsener.a ...)
NOT-FOR-US: ImageWorsener
-CVE-2017-7938
- RESERVED
+CVE-2017-7938 (Stack-based buffer overflow in DMitry (Deepmagic Information Gathering ...)
+ TODO: check
CVE-2017-7937
RESERVED
CVE-2017-7936
@@ -772,8 +778,7 @@
RESERVED
CVE-2017-7719 (SQL injection in the Spider Event Calendar (aka spider-event-calendar) ...)
NOT-FOR-US: Spider Event Calendar
-CVE-2017-7718 [display: cirrus: OOB read access issue]
- RESERVED
+CVE-2017-7718 (hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allow local ...)
- qemu 1:2.8+dfsg-4
- qemu-kvm <removed>
NOTE: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=215902d7b6fb50c6fc216fc74f770858278ed904
@@ -866,8 +871,7 @@
NOT-FOR-US: Symphony CMS
CVE-2017-7693
RESERVED
-CVE-2017-7692
- RESERVED
+CVE-2017-7692 (SquirrelMail 1.4.22 allows post-authentication remote code execution ...)
- squirrelmail <removed>
NOTE: http://www.openwall.com/lists/oss-security/2017/04/19/6
CVE-2017-7691 (A code injection vulnerability exists in SAP TREX / Business Warehouse ...)
@@ -5777,6 +5781,7 @@
CVE-2017-5952
RESERVED
CVE-2017-5951 (The mem_get_bits_rectangle function in base/gdevmem.c in Artifex ...)
+ {DLA-905-1}
- ghostscript <unfixed> (bug #859696)
[jessie] - ghostscript <no-dsa> (Minor issue)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697548
@@ -5814,11 +5819,13 @@
- mupdf <not-affected> (Vulnerable code not yet present)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697400
CVE-2016-10220 (The gs_makewordimagedevice function in base/gsdevmem.c in Artifex ...)
+ {DLA-905-1}
- ghostscript <unfixed> (bug #859694)
[jessie] - ghostscript <no-dsa> (Minor issue)
NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?daf85701dab05f17e924a48a81edc9195b4a04e8
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697450
CVE-2016-10219 (The intersect function in base/gxfill.c in Artifex Software, Inc. ...)
+ {DLA-905-1}
- ghostscript <unfixed> (bug #859666)
[jessie] - ghostscript <no-dsa> (Minor issue)
NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?4bef1a1d32e29b68855616020dbff574b9cda08f
@@ -7745,7 +7752,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5411
CVE-2017-5410
RESERVED
- {DSA-3805-1 DLA-896-1 DLA-852-1}
+ {DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
- firefox 52.0-1
- firefox-esr 45.8.0esr-1
- icedove 1:45.8.0-1
@@ -7760,7 +7767,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5409
CVE-2017-5408
RESERVED
- {DSA-3805-1 DLA-896-1 DLA-852-1}
+ {DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
- firefox 52.0-1
- firefox-esr 45.8.0esr-1
- icedove 1:45.8.0-1
@@ -7769,7 +7776,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5408
CVE-2017-5407
RESERVED
- {DSA-3805-1 DLA-896-1 DLA-852-1}
+ {DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
- firefox 52.0-1
- firefox-esr 45.8.0esr-1
- icedove 1:45.8.0-1
@@ -7782,7 +7789,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5406
CVE-2017-5405
RESERVED
- {DSA-3805-1 DLA-896-1 DLA-852-1}
+ {DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
- firefox 52.0-1
- firefox-esr 45.8.0esr-1
- icedove 1:45.8.0-1
@@ -7791,7 +7798,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5405
CVE-2017-5404
RESERVED
- {DSA-3805-1 DLA-896-1 DLA-852-1}
+ {DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
- firefox 52.0-1
- firefox-esr 45.8.0esr-1
- icedove 1:45.8.0-1
@@ -7804,7 +7811,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5403
CVE-2017-5402
RESERVED
- {DSA-3805-1 DLA-896-1 DLA-852-1}
+ {DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
- firefox 52.0-1
- firefox-esr 45.8.0esr-1
- icedove 1:45.8.0-1
@@ -7813,7 +7820,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5402
CVE-2017-5401
RESERVED
- {DSA-3805-1 DLA-896-1 DLA-852-1}
+ {DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
- firefox 52.0-1
- firefox-esr 45.8.0esr-1
- icedove 1:45.8.0-1
@@ -7822,7 +7829,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5401
CVE-2017-5400
RESERVED
- {DSA-3805-1 DLA-896-1 DLA-852-1}
+ {DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
- firefox 52.0-1
- firefox-esr 45.8.0esr-1
- icedove 1:45.8.0-1
@@ -7835,7 +7842,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5399
CVE-2017-5398
RESERVED
- {DSA-3805-1 DLA-896-1 DLA-852-1}
+ {DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
- firefox 52.0-1
- firefox-esr 45.8.0esr-1
- icedove 1:45.8.0-1
@@ -7848,7 +7855,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-04/#CVE-2017-5397
CVE-2017-5396
RESERVED
- {DSA-3771-1 DLA-896-1 DLA-800-1}
+ {DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
- icedove 1:45.7.1-1
@@ -7879,7 +7886,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5391
CVE-2017-5390
RESERVED
- {DSA-3771-1 DLA-896-1 DLA-800-1}
+ {DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
- icedove 1:45.7.1-1
@@ -7920,7 +7927,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5384
CVE-2017-5383
RESERVED
- {DSA-3771-1 DLA-896-1 DLA-800-1}
+ {DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
- icedove 1:45.7.1-1
@@ -7939,7 +7946,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5381
CVE-2017-5380
RESERVED
- {DSA-3771-1 DLA-896-1 DLA-800-1}
+ {DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
- icedove 1:45.7.1-1
@@ -7953,7 +7960,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5379
CVE-2017-5378
RESERVED
- {DSA-3771-1 DLA-896-1 DLA-800-1}
+ {DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
- icedove 1:45.7.1-1
@@ -7967,7 +7974,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5377
CVE-2017-5376
RESERVED
- {DSA-3771-1 DLA-896-1 DLA-800-1}
+ {DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
- icedove 1:45.7.1-1
@@ -7976,7 +7983,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5376
CVE-2017-5375
RESERVED
- {DSA-3771-1 DLA-896-1 DLA-800-1}
+ {DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
- icedove 1:45.7.1-1
@@ -7990,7 +7997,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5374
CVE-2017-5373
RESERVED
- {DSA-3771-1 DLA-896-1 DLA-800-1}
+ {DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
- icedove 1:45.7.1-1
@@ -8602,8 +8609,8 @@
- salt 2016.11.2+ds-1
CVE-2017-5191
RESERVED
-CVE-2017-5190
- RESERVED
+CVE-2017-5190 (NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when ...)
+ TODO: check
CVE-2017-5189
RESERVED
CVE-2017-5188
@@ -8616,12 +8623,12 @@
NOT-FOR-US: NetIQ Sentinel
CVE-2017-5184 (A vulnerability was discovered in NetIQ Sentinel Server 8.0 before ...)
NOT-FOR-US: NetIQ Sentinel
-CVE-2017-5183
- RESERVED
+CVE-2017-5183 (NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as ...)
+ TODO: check
CVE-2017-5182 (Remote Manager in Open Enterprise Server (OES) allows unauthenticated ...)
NOT-FOR-US: Open Enterprise Server
CVE-2017-5181
- RESERVED
+ REJECTED
- squirrelmail <removed>
NOTE: Same as CVE-2017-7692 one of the CVEs should be REJECTED
NOTE: http://www.openwall.com/lists/oss-security/2017/04/19/7
@@ -8691,16 +8698,16 @@
NOT-FOR-US: BINOM3
CVE-2017-5161 (An issue was discovered in Sielco Sistemi Winlog Lite SCADA Software, ...)
NOT-FOR-US: Sielco Sistemi
-CVE-2017-5160
- RESERVED
+CVE-2017-5160 (An Inadequate Encryption Strength issue was discovered in Schneider ...)
+ TODO: check
CVE-2017-5159 (An issue was discovered on Phoenix Contact mGuard devices that have ...)
NOT-FOR-US: Phoenix Contact mGuard
-CVE-2017-5158
- RESERVED
+CVE-2017-5158 (An Information Exposure issue was discovered in Schneider Electric ...)
+ TODO: check
CVE-2017-5157 (An issue was discovered in Schneider Electric homeLYnk Controller, ...)
NOT-FOR-US: Schneider
-CVE-2017-5156
- RESERVED
+CVE-2017-5156 (A Cross-Site Request Forgery issue was discovered in Schneider Electric ...)
+ TODO: check
CVE-2017-5155 (An issue was discovered in Schneider Electric Wonderware Historian 2014 ...)
NOT-FOR-US: Schneider
CVE-2017-5154 (An issue was discovered in Advantech WebAccess Version 8.1. To be able ...)
@@ -15048,8 +15055,8 @@
RESERVED
CVE-2017-2807
RESERVED
-CVE-2017-2806
- RESERVED
+CVE-2017-2806 (An exploitable arbitrary read exists in the XLS parsing of the Lexmark ...)
+ TODO: check
CVE-2017-2805
RESERVED
CVE-2017-2804
@@ -15095,8 +15102,7 @@
NOT-FOR-US: Pharos PopUp Printer Client
CVE-2017-2785 (An exploitable buffer overflow exists in the psnotifyd application of ...)
NOT-FOR-US: Pharos PopUp Printer Client
-CVE-2017-2784
- RESERVED
+CVE-2017-2784 (An exploitable free of a stack pointer vulnerability exists in the ...)
- mbedtls 2.4.2-1 (bug #857560)
- polarssl <removed> (bug #857561)
[jessie] - polarssl <no-dsa> (Minor issue)
@@ -23748,8 +23754,8 @@
NOT-FOR-US: Moxa
CVE-2016-8722 (An exploitable Information Disclosure vulnerability exists in the Web ...)
NOT-FOR-US: Moxa
-CVE-2016-8721
- RESERVED
+CVE-2016-8721 (An exploitable OS Command Injection vulnerability exists in the web ...)
+ TODO: check
CVE-2016-8720 (An exploitable HTTP Header Injection vulnerability exists in the Web ...)
NOT-FOR-US: Moxa
CVE-2016-8719 (An exploitable reflected Cross-Site Scripting vulnerability exists in ...)
@@ -30629,14 +30635,12 @@
NOT-FOR-US: Impala
CVE-2016-6604 (NULL pointer dereference in Samsung Exynos fimg2d driver for Android ...)
NOT-FOR-US: Samsung
-CVE-2016-7513 [off-by-one error leading to segfault]
- RESERVED
+CVE-2016-7513 (Off-by-one error in magick/cache.c in ImageMagick allows remote ...)
{DSA-3652-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832455)
[wheezy] - imagemagick <not-affected> (Affected code does not exist in version 6.7.7.10)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/a54fe0e8600eaf3dc6fe717d3c0398001507f723
-CVE-2016-7514 [out-of-bounds read in coders/psd.c]
- RESERVED
+CVE-2016-7514 (The ReadPSDChannelPixels function in coders/psd.c in ImageMagick ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832457)
NOTE: https://bugs.launchpad.net/bugs/1533442
@@ -30653,8 +30657,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/82
NOTE: https://github.com/ImageMagick/ImageMagick/commit/2ad6d33493750a28a5a655d319a8e0b16c392de1
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2015-8957 [buffer overflow in sun file handling]
- RESERVED
+CVE-2015-8957 (Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832464)
NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26838
@@ -30662,8 +30665,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/commit/bd96074b254c6607a0f7731e59f923ad19d5a46d
NOTE: https://github.com/ImageMagick/ImageMagick/commit/450bd716ed3b9186dd10f9e60f630a3d9eeea2a4
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2015-8958 [potential DOS in sun file handling due to malformed files]
- RESERVED
+CVE-2015-8958 (coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832465)
NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26857
@@ -30672,22 +30674,19 @@
NOTE: https://github.com/ImageMagick/ImageMagick/commit/6b4aff0f117b978502ee5bcd6e753c17aec5a961
NOTE: https://github.com/ImageMagick/ImageMagick/commit/8ea44b48a182dd46d018f4b4f09a5e2ee9638105
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7516 [out of bunds problem in rle, pict, viff and sun files]
- RESERVED
+CVE-2016-7516 (The ReadVIFFImage function in coders/viff.c in ImageMagick allows ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
NOTE: https://bugs.launchpad.net/bugs/1533452
NOTE: https://github.com/ImageMagick/ImageMagick/issues/77
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7517
- RESERVED
+CVE-2016-7517 (The EncodeImage function in coders/pict.c in ImageMagick allows remote ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
NOTE: https://bugs.launchpad.net/bugs/1533449
NOTE: https://github.com/ImageMagick/ImageMagick/issues/80
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7518
- RESERVED
+CVE-2016-7518 (The ReadSUNImage function in coders/sun.c in ImageMagick allows remote ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
NOTE: https://bugs.launchpad.net/bugs/1533447
@@ -30699,16 +30698,14 @@
NOTE: https://bugs.launchpad.net/bugs/1533445
NOTE: https://github.com/ImageMagick/ImageMagick/issues/82
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7520 [heap overflow in hdr file handling]
- RESERVED
+CVE-2016-7520 (Heap-based buffer overflow in coders/hdr.c in ImageMagick allows ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832469)
NOTE: https://bugs.launchpad.net/bugs/1537213
NOTE: https://github.com/ImageMagick/ImageMagick/issues/90
NOTE: https://github.com/ImageMagick/ImageMagick/commit/14e606db148d6ebcaae20f1e1d6d71903ca4a556
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7521 [heap buffer overflow in psd file handling]
- RESERVED
+CVE-2016-7521 (Heap-based buffer overflow in coders/psd.c in ImageMagick allows ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832474)
NOTE: https://bugs.launchpad.net/bugs/1537418
@@ -30735,8 +30732,7 @@
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832478)
NOTE: https://bugs.launchpad.net/bugs/1537422
NOTE: https://github.com/ImageMagick/ImageMagick/issues/96
-CVE-2016-7525 [heap buffer overflow in psd file coder]
- RESERVED
+CVE-2016-7525 (Heap-based buffer overflow in coders/psd.c in ImageMagick allows ...)
{DSA-3652-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832480)
[wheezy] - imagemagick <not-affected> (The affected function, GetPSDRowSize, does not exist in version 6.7.7.10)
@@ -30744,8 +30740,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/98
NOTE: https://github.com/ImageMagick/ImageMagick/commit/5f16640725b1225e6337c62526e6577f0f88edb8
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7526 [out of bound access in wpg file coder]
- RESERVED
+CVE-2016-7526 (coders/wpg.c in ImageMagick allows remote attackers to cause a denial ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832482)
NOTE: https://bugs.launchpad.net/bugs/1539050
@@ -30753,8 +30748,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7527
- RESERVED
+CVE-2016-7527 (coders/wpg.c in ImageMagick allows remote attackers to cause a denial ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832482)
NOTE: https://bugs.launchpad.net/bugs/1542115
@@ -30777,8 +30771,7 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/103
NOTE: https://github.com/ImageMagick/ImageMagick/commit/a2e1064f288a353bc5fef7f79ccb7683759e775c
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7530 [out of bound in quantum handling]
- RESERVED
+CVE-2016-7530 (The quantum handling code in ImageMagick allows remote attackers to ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832506)
NOTE: https://bugs.launchpad.net/bugs/1539067
@@ -30796,8 +30789,7 @@
NOTE: https://bugs.launchpad.net/bugs/1542112
NOTE: https://github.com/ImageMagick/ImageMagick/issues/107
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7532 [Fix handling of corrupted psd file]
- RESERVED
+CVE-2016-7532 (coders/psd.c in ImageMagick allows remote attackers to cause a denial ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832776)
NOTE: https://bugs.launchpad.net/bugs/1539066
@@ -30810,23 +30802,20 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/120
NOTE: https://github.com/ImageMagick/ImageMagick/commit/bef1e4f637d8f665bc133a9c6d30df08d983bc3a
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7534 [out of bound access in generic decoder]
- RESERVED
+CVE-2016-7534 (The generic decoder in ImageMagick allows remote attackers to cause a ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832785)
NOTE: https://bugs.launchpad.net/bugs/1542785
NOTE: https://github.com/ImageMagick/ImageMagick/issues/126
NOTE: https://github.com/ImageMagick/ImageMagick/commit/430403b0029b37decf216d57f810899cab2317dd
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7535 [out of bound access for corrupted psd file]
- RESERVED
+CVE-2016-7535 (coders/psd.c in ImageMagick allows remote attackers to cause a denial ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832787)
NOTE: https://bugs.launchpad.net/bugs/1545180
NOTE: https://github.com/ImageMagick/ImageMagick/issues/128
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7536 [SEGV reported in corrupted profile handling]
- RESERVED
+CVE-2016-7536 (magick/profile.c in ImageMagick allows remote attackers to cause a ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832789)
NOTE: https://bugs.launchpad.net/bugs/1545367
@@ -30840,16 +30829,14 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/143
NOTE: https://github.com/ImageMagick/ImageMagick/commit/424d40ebfcde48bb872eba75179d3d73704fdf1f
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7538 [SIGABRT for corrupted pdb file]
- RESERVED
+CVE-2016-7538 (coders/psd.c in ImageMagick allows remote attackers to cause a denial ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832793)
NOTE: https://bugs.launchpad.net/bugs/1556273
NOTE: https://github.com/ImageMagick/ImageMagick/issues/148
NOTE: https://github.com/ImageMagick/ImageMagick/commit/53c1dcd34bed85181b901bfce1a2322f85a59472
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2015-8959 [DOS due to corrupted DDS files]
- RESERVED
+CVE-2015-8959 (coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832944)
NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26861
@@ -30870,8 +30857,7 @@
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/4e81ce8b07219c69a9aeccb0f7f7b927ca6db74c
NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=2&t=28946
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7540 [writing to rgf format aborts]
- RESERVED
+CVE-2016-7540 (coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to ...)
{DSA-3652-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #827643)
[wheezy] - imagemagick <not-affected> (RGF coder is not present in version 6.7.7.10)
@@ -31517,8 +31503,7 @@
CVE-2016-6348 (JacksonJsonpInterceptor in RESTEasy might allow remote attackers to ...)
- resteasy <unfixed> (low; bug #837170)
[jessie] - resteasy <no-dsa> (Minor issue)
-CVE-2016-6347
- RESERVED
+CVE-2016-6347 (Cross-site scripting (XSS) vulnerability in the default exception ...)
- resteasy <unfixed> (low; bug #837170)
[jessie] - resteasy <no-dsa> (Minor issue)
CVE-2016-6346 (RESTEasy enables GZIPInterceptor, which allows remote attackers to ...)
@@ -31538,48 +31523,39 @@
[jessie] - elog 2.9.2+2014.05.11git44800a7-2+deb8u1
NOTE: https://bitbucket.org/ritt/elog/commits/2f6a300572bd6048351af8c45394ae62230c83d9
NOTE: https://bitbucket.org/ritt/elog/commits/9ca611aca2b1860efac15f806bf907cc2e6f870a/
-CVE-2016-6341
- RESERVED
+CVE-2016-6341 (oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list ...)
NOT-FOR-US: ovirt-engine
CVE-2016-6340 (The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces ...)
NOT-FOR-US: Red Hat QCI
CVE-2016-6339
REJECTED
-CVE-2016-6338
- RESERVED
+CVE-2016-6338 (ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization ...)
NOT-FOR-US: ovirt-engine
-CVE-2016-6337
- RESERVED
+CVE-2016-6337 (MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass ...)
- mediawiki 1:1.27.1-1
[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
-CVE-2016-6336
- RESERVED
+CVE-2016-6336 (MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before ...)
- mediawiki 1:1.27.1-1
[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
-CVE-2016-6335
- RESERVED
+CVE-2016-6335 (MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before ...)
- mediawiki 1:1.27.1-1
[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
-CVE-2016-6334
- RESERVED
+CVE-2016-6334 (Cross-site scripting (XSS) vulnerability in the ...)
[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
- mediawiki 1:1.27.1-1
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
-CVE-2016-6333
- RESERVED
+CVE-2016-6333 (Cross-site scripting (XSS) vulnerability in the CSS user subpage ...)
[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
- mediawiki 1:1.27.1-1
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
-CVE-2016-6332
- RESERVED
+CVE-2016-6332 (MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before ...)
[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
- mediawiki 1:1.27.1-1
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
-CVE-2016-6331
- RESERVED
+CVE-2016-6331 (ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x ...)
- mediawiki 1:1.27.1-1
[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
@@ -33433,12 +33409,12 @@
NOT-FOR-US: Micro Focus Rumba
CVE-2016-5763 (Vulnerability in Novell Open Enterprise Server (OES2015 SP1 before ...)
NOT-FOR-US: Novell Open Enterprise Server
-CVE-2016-5762
- RESERVED
-CVE-2016-5761
- RESERVED
-CVE-2016-5760
- RESERVED
+CVE-2016-5762 (Integer overflow in the Post Office Agent in Novell GroupWise before ...)
+ TODO: check
+CVE-2016-5761 (Cross-site scripting (XSS) vulnerability in Novell GroupWise before ...)
+ TODO: check
+CVE-2016-5760 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+ TODO: check
CVE-2016-5759
RESERVED
CVE-2016-5758 (A cross site request forgery protection mechanism in NetIQ Access ...)
@@ -34751,8 +34727,7 @@
- firewalld 0.4.3.3-1 (bug #834529)
[jessie] - firewalld <no-dsa> (Minor issue)
NOTE: Introduced by: https://github.com/t-woerner/firewalld/commit/6b9867cd5c5e2c83adeec42666521a420e59ef11
-CVE-2016-5409
- RESERVED
+CVE-2016-5409 (Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a ...)
NOT-FOR-US: OpenShift Enterprise
CVE-2016-5408 (Stack-based buffer overflow in the munge_other_line function in ...)
{DLA-556-1}
@@ -36682,8 +36657,7 @@
[wheezy] - util-linux <no-dsa> (Minor issue)
NOTE: https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=7164a1c34d18831ac61c6744ad14ce916d389b3f
NOTE: https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=50d1594c2e6142a3b51d2143c74027480df082e0
-CVE-2016-5010 [Out-of-bounds read when processing crafted tiff file]
- RESERVED
+CVE-2016-5010 (coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832968)
NOTE: Fixed by: http://git.imagemagick.org/repos/ImageMagick/commit/c20de102cc57f3739a8870f79e728e3b0bea18c0
@@ -37309,8 +37283,8 @@
RESERVED
CVE-2016-4863
RESERVED
-CVE-2016-4862
- RESERVED
+CVE-2016-4862 (Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with ...)
+ TODO: check
CVE-2016-4861 (The (1) order and (2) group methods in Zend_Db_Select in the Zend ...)
{DLA-646-1}
- zendframework 1.12.20+dfsg-1
@@ -37345,24 +37319,24 @@
NOT-FOR-US: YoruFukurou
CVE-2016-4851 (Cross-site scripting (XSS) vulnerability in Let's PHP! simple chat ...)
NOT-FOR-US: Let's PHP! simple chat
-CVE-2016-4850
- RESERVED
-CVE-2016-4849
- RESERVED
+CVE-2016-4850 (LINE for Windows before 4.8.3 allows man-in-the-middle attackers to ...)
+ TODO: check
+CVE-2016-4849 (Multiple cross-site scripting (XSS) vulnerabilities in Geeklog IVYWE ...)
+ TODO: check
CVE-2016-4848 (Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 ...)
NOT-FOR-US: ClipBucket
-CVE-2016-4847
- RESERVED
+CVE-2016-4847 (Cross-site scripting (XSS) vulnerability in site/search.php in OSSEC ...)
+ TODO: check
CVE-2016-4846
RESERVED
CVE-2016-4845 (Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ...)
NOT-FOR-US: I-O DATA
-CVE-2016-4844
- RESERVED
-CVE-2016-4843
- RESERVED
-CVE-2016-4842
- RESERVED
+CVE-2016-4844 (Cybozu Mailwise before 5.4.0 allows remote attackers to conduct ...)
+ TODO: check
+CVE-2016-4843 (Cybozu Mailwise before 5.4.0 allows remote attackers to obtain ...)
+ TODO: check
+CVE-2016-4842 (Cybozu Mailwise before 5.4.0 allows remote attackers to obtain ...)
+ TODO: check
CVE-2016-4841
RESERVED
CVE-2016-4840
@@ -37409,8 +37383,8 @@
NOT-FOR-US: I-O DATA
CVE-2016-4819 (The printfDx function in Takumi Yamada DX Library for Borland C++ ...)
NOT-FOR-US: Borland
-CVE-2016-4818
- RESERVED
+CVE-2016-4818 (DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for ...)
+ TODO: check
CVE-2016-4817 (lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5 ...)
NOT-FOR-US: H2O
CVE-2016-4816 (BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and ...)
@@ -37823,8 +37797,8 @@
NOT-FOR-US: Apple
CVE-2016-4651 (Cross-site scripting (XSS) vulnerability in the WebKit JavaScript ...)
NOT-FOR-US: Webkit as used by Apple
-CVE-2016-4650
- RESERVED
+CVE-2016-4650 (Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, ...)
+ TODO: check
CVE-2016-4649 (Audio in Apple OS X before 10.11.6 allows local users to cause a ...)
NOT-FOR-US: Apple
CVE-2016-4648 (Audio in Apple OS X before 10.11.6 allows local users to obtain ...)
@@ -38987,8 +38961,8 @@
NOT-FOR-US: Hancom Office
CVE-2016-4294 (When opening a Hangul Hcell Document (.cell) and processing a property ...)
NOT-FOR-US: Hancom Office
-CVE-2016-4293
- RESERVED
+CVE-2016-4293 (Multiple heap-based buffer overflows in the (1) ...)
+ TODO: check
CVE-2016-4292 (When opening a Hangul HShow Document (.hpt) and processing a structure ...)
NOT-FOR-US: Hancom Office
CVE-2016-4291 (When opening a Hangul HShow Document (.hpt) and processing a structure ...)
@@ -49168,22 +49142,22 @@
NOT-FOR-US: Kobe Beauty
CVE-2016-1221
RESERVED
-CVE-2016-1220
- RESERVED
-CVE-2016-1219
- RESERVED
-CVE-2016-1218
- RESERVED
-CVE-2016-1217
- RESERVED
-CVE-2016-1216
- RESERVED
-CVE-2016-1215
- RESERVED
-CVE-2016-1214
- RESERVED
-CVE-2016-1213
- RESERVED
+CVE-2016-1220 (Cybozu Garoon before 4.2.2 does not properly restrict access. ...)
+ TODO: check
+CVE-2016-1219 (Cybozu Garoon before 4.2.2 allows remote attackers to bypass login ...)
+ TODO: check
+CVE-2016-1218 (SQL injection vulnerability in Cybozu Garoon before 4.2.2. ...)
+ TODO: check
+CVE-2016-1217 (Cross-site scripting (XSS) vulnerability in the "Check available ...)
+ TODO: check
+CVE-2016-1216 (Cross-site scripting (XSS) vulnerability in the "New appointment" ...)
+ TODO: check
+CVE-2016-1215 (Cross-site scripting (XSS) vulnerability in the "User details" ...)
+ TODO: check
+CVE-2016-1214 (Cross-site scripting (XSS) vulnerability in the "Response request" ...)
+ TODO: check
+CVE-2016-1213 (The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote ...)
+ TODO: check
CVE-2016-1212 (Directory traversal vulnerability in futomi MP Form Mail CGI ...)
NOT-FOR-US: futomi MP Form Mail CGI Professional Edition
CVE-2016-1211 (Cross-site scripting (XSS) vulnerability in Epoch Web Mailing List ...)
More information about the Secure-testing-commits
mailing list