[Secure-testing-commits] r50866 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Thu Apr 20 21:10:12 UTC 2017


Author: sectracker
Date: 2017-04-20 21:10:12 +0000 (Thu, 20 Apr 2017)
New Revision: 50866

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-20 21:03:06 UTC (rev 50865)
+++ data/CVE/list	2017-04-20 21:10:12 UTC (rev 50866)
@@ -1,3 +1,9 @@
+CVE-2017-7982 (Integer overflow in the plist_from_bin function in bplist.c in ...)
+	TODO: check
+CVE-2017-7981
+	RESERVED
+CVE-2017-7980
+	RESERVED
 CVE-2017-7978 (Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software ...)
 	TODO: check
 CVE-2017-7979 (The cookie feature in the packet action API implementation in ...)
@@ -108,8 +114,8 @@
 	NOT-FOR-US: ImageWorsener
 CVE-2017-7939 (The read_next_pam_token function in imagew-pnm.c in libimageworsener.a ...)
 	NOT-FOR-US: ImageWorsener
-CVE-2017-7938
-	RESERVED
+CVE-2017-7938 (Stack-based buffer overflow in DMitry (Deepmagic Information Gathering ...)
+	TODO: check
 CVE-2017-7937
 	RESERVED
 CVE-2017-7936
@@ -772,8 +778,7 @@
 	RESERVED
 CVE-2017-7719 (SQL injection in the Spider Event Calendar (aka spider-event-calendar) ...)
 	NOT-FOR-US: Spider Event Calendar
-CVE-2017-7718 [display: cirrus: OOB read access issue]
-	RESERVED
+CVE-2017-7718 (hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allow local ...)
 	- qemu 1:2.8+dfsg-4
 	- qemu-kvm <removed>
 	NOTE: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=215902d7b6fb50c6fc216fc74f770858278ed904
@@ -866,8 +871,7 @@
 	NOT-FOR-US: Symphony CMS
 CVE-2017-7693
 	RESERVED
-CVE-2017-7692
-	RESERVED
+CVE-2017-7692 (SquirrelMail 1.4.22 allows post-authentication remote code execution ...)
 	- squirrelmail <removed>
 	NOTE: http://www.openwall.com/lists/oss-security/2017/04/19/6
 CVE-2017-7691 (A code injection vulnerability exists in SAP TREX / Business Warehouse ...)
@@ -5777,6 +5781,7 @@
 CVE-2017-5952
 	RESERVED
 CVE-2017-5951 (The mem_get_bits_rectangle function in base/gdevmem.c in Artifex ...)
+	{DLA-905-1}
 	- ghostscript <unfixed> (bug #859696)
 	[jessie] - ghostscript <no-dsa> (Minor issue)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697548
@@ -5814,11 +5819,13 @@
 	- mupdf <not-affected> (Vulnerable code not yet present)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697400
 CVE-2016-10220 (The gs_makewordimagedevice function in base/gsdevmem.c in Artifex ...)
+	{DLA-905-1}
 	- ghostscript <unfixed> (bug #859694)
 	[jessie] - ghostscript <no-dsa> (Minor issue)
 	NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?daf85701dab05f17e924a48a81edc9195b4a04e8
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697450
 CVE-2016-10219 (The intersect function in base/gxfill.c in Artifex Software, Inc. ...)
+	{DLA-905-1}
 	- ghostscript <unfixed> (bug #859666)
 	[jessie] - ghostscript <no-dsa> (Minor issue)
 	NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?4bef1a1d32e29b68855616020dbff574b9cda08f
@@ -7745,7 +7752,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5411
 CVE-2017-5410
 	RESERVED
-	{DSA-3805-1 DLA-896-1 DLA-852-1}
+	{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
 	- firefox 52.0-1
 	- firefox-esr 45.8.0esr-1
 	- icedove 1:45.8.0-1
@@ -7760,7 +7767,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5409
 CVE-2017-5408
 	RESERVED
-	{DSA-3805-1 DLA-896-1 DLA-852-1}
+	{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
 	- firefox 52.0-1
 	- firefox-esr 45.8.0esr-1
 	- icedove 1:45.8.0-1
@@ -7769,7 +7776,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5408
 CVE-2017-5407
 	RESERVED
-	{DSA-3805-1 DLA-896-1 DLA-852-1}
+	{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
 	- firefox 52.0-1
 	- firefox-esr 45.8.0esr-1
 	- icedove 1:45.8.0-1
@@ -7782,7 +7789,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5406
 CVE-2017-5405
 	RESERVED
-	{DSA-3805-1 DLA-896-1 DLA-852-1}
+	{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
 	- firefox 52.0-1
 	- firefox-esr 45.8.0esr-1
 	- icedove 1:45.8.0-1
@@ -7791,7 +7798,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5405
 CVE-2017-5404
 	RESERVED
-	{DSA-3805-1 DLA-896-1 DLA-852-1}
+	{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
 	- firefox 52.0-1
 	- firefox-esr 45.8.0esr-1
 	- icedove 1:45.8.0-1
@@ -7804,7 +7811,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5403
 CVE-2017-5402
 	RESERVED
-	{DSA-3805-1 DLA-896-1 DLA-852-1}
+	{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
 	- firefox 52.0-1
 	- firefox-esr 45.8.0esr-1
 	- icedove 1:45.8.0-1
@@ -7813,7 +7820,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5402
 CVE-2017-5401
 	RESERVED
-	{DSA-3805-1 DLA-896-1 DLA-852-1}
+	{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
 	- firefox 52.0-1
 	- firefox-esr 45.8.0esr-1
 	- icedove 1:45.8.0-1
@@ -7822,7 +7829,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5401
 CVE-2017-5400
 	RESERVED
-	{DSA-3805-1 DLA-896-1 DLA-852-1}
+	{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
 	- firefox 52.0-1
 	- firefox-esr 45.8.0esr-1
 	- icedove 1:45.8.0-1
@@ -7835,7 +7842,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5399
 CVE-2017-5398
 	RESERVED
-	{DSA-3805-1 DLA-896-1 DLA-852-1}
+	{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
 	- firefox 52.0-1
 	- firefox-esr 45.8.0esr-1
 	- icedove 1:45.8.0-1
@@ -7848,7 +7855,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-04/#CVE-2017-5397
 CVE-2017-5396
 	RESERVED
-	{DSA-3771-1 DLA-896-1 DLA-800-1}
+	{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
 	- firefox 51.0-1
 	- firefox-esr 45.7.0esr-1
 	- icedove 1:45.7.1-1
@@ -7879,7 +7886,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5391
 CVE-2017-5390
 	RESERVED
-	{DSA-3771-1 DLA-896-1 DLA-800-1}
+	{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
 	- firefox 51.0-1
 	- firefox-esr 45.7.0esr-1
 	- icedove 1:45.7.1-1
@@ -7920,7 +7927,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5384
 CVE-2017-5383
 	RESERVED
-	{DSA-3771-1 DLA-896-1 DLA-800-1}
+	{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
 	- firefox 51.0-1
 	- firefox-esr 45.7.0esr-1
 	- icedove 1:45.7.1-1
@@ -7939,7 +7946,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5381
 CVE-2017-5380
 	RESERVED
-	{DSA-3771-1 DLA-896-1 DLA-800-1}
+	{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
 	- firefox 51.0-1
 	- firefox-esr 45.7.0esr-1
 	- icedove 1:45.7.1-1
@@ -7953,7 +7960,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5379
 CVE-2017-5378
 	RESERVED
-	{DSA-3771-1 DLA-896-1 DLA-800-1}
+	{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
 	- firefox 51.0-1
 	- firefox-esr 45.7.0esr-1
 	- icedove 1:45.7.1-1
@@ -7967,7 +7974,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5377
 CVE-2017-5376
 	RESERVED
-	{DSA-3771-1 DLA-896-1 DLA-800-1}
+	{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
 	- firefox 51.0-1
 	- firefox-esr 45.7.0esr-1
 	- icedove 1:45.7.1-1
@@ -7976,7 +7983,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5376
 CVE-2017-5375
 	RESERVED
-	{DSA-3771-1 DLA-896-1 DLA-800-1}
+	{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
 	- firefox 51.0-1
 	- firefox-esr 45.7.0esr-1
 	- icedove 1:45.7.1-1
@@ -7990,7 +7997,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5374
 CVE-2017-5373
 	RESERVED
-	{DSA-3771-1 DLA-896-1 DLA-800-1}
+	{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
 	- firefox 51.0-1
 	- firefox-esr 45.7.0esr-1
 	- icedove 1:45.7.1-1
@@ -8602,8 +8609,8 @@
 	- salt 2016.11.2+ds-1
 CVE-2017-5191
 	RESERVED
-CVE-2017-5190
-	RESERVED
+CVE-2017-5190 (NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when ...)
+	TODO: check
 CVE-2017-5189
 	RESERVED
 CVE-2017-5188
@@ -8616,12 +8623,12 @@
 	NOT-FOR-US: NetIQ Sentinel
 CVE-2017-5184 (A vulnerability was discovered in NetIQ Sentinel Server 8.0 before ...)
 	NOT-FOR-US: NetIQ Sentinel
-CVE-2017-5183
-	RESERVED
+CVE-2017-5183 (NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as ...)
+	TODO: check
 CVE-2017-5182 (Remote Manager in Open Enterprise Server (OES) allows unauthenticated ...)
 	NOT-FOR-US: Open Enterprise Server
 CVE-2017-5181
-	RESERVED
+	REJECTED
 	- squirrelmail <removed>
 	NOTE: Same as CVE-2017-7692 one of the CVEs should be REJECTED
 	NOTE: http://www.openwall.com/lists/oss-security/2017/04/19/7
@@ -8691,16 +8698,16 @@
 	NOT-FOR-US: BINOM3
 CVE-2017-5161 (An issue was discovered in Sielco Sistemi Winlog Lite SCADA Software, ...)
 	NOT-FOR-US: Sielco Sistemi
-CVE-2017-5160
-	RESERVED
+CVE-2017-5160 (An Inadequate Encryption Strength issue was discovered in Schneider ...)
+	TODO: check
 CVE-2017-5159 (An issue was discovered on Phoenix Contact mGuard devices that have ...)
 	NOT-FOR-US: Phoenix Contact mGuard
-CVE-2017-5158
-	RESERVED
+CVE-2017-5158 (An Information Exposure issue was discovered in Schneider Electric ...)
+	TODO: check
 CVE-2017-5157 (An issue was discovered in Schneider Electric homeLYnk Controller, ...)
 	NOT-FOR-US: Schneider
-CVE-2017-5156
-	RESERVED
+CVE-2017-5156 (A Cross-Site Request Forgery issue was discovered in Schneider Electric ...)
+	TODO: check
 CVE-2017-5155 (An issue was discovered in Schneider Electric Wonderware Historian 2014 ...)
 	NOT-FOR-US: Schneider
 CVE-2017-5154 (An issue was discovered in Advantech WebAccess Version 8.1. To be able ...)
@@ -15048,8 +15055,8 @@
 	RESERVED
 CVE-2017-2807
 	RESERVED
-CVE-2017-2806
-	RESERVED
+CVE-2017-2806 (An exploitable arbitrary read exists in the XLS parsing of the Lexmark ...)
+	TODO: check
 CVE-2017-2805
 	RESERVED
 CVE-2017-2804
@@ -15095,8 +15102,7 @@
 	NOT-FOR-US: Pharos PopUp Printer Client
 CVE-2017-2785 (An exploitable buffer overflow exists in the psnotifyd application of ...)
 	NOT-FOR-US: Pharos PopUp Printer Client
-CVE-2017-2784
-	RESERVED
+CVE-2017-2784 (An exploitable free of a stack pointer vulnerability exists in the ...)
 	- mbedtls 2.4.2-1 (bug #857560)
 	- polarssl <removed> (bug #857561)
 	[jessie] - polarssl <no-dsa> (Minor issue)
@@ -23748,8 +23754,8 @@
 	NOT-FOR-US: Moxa
 CVE-2016-8722 (An exploitable Information Disclosure vulnerability exists in the Web ...)
 	NOT-FOR-US: Moxa
-CVE-2016-8721
-	RESERVED
+CVE-2016-8721 (An exploitable OS Command Injection vulnerability exists in the web ...)
+	TODO: check
 CVE-2016-8720 (An exploitable HTTP Header Injection vulnerability exists in the Web ...)
 	NOT-FOR-US: Moxa
 CVE-2016-8719 (An exploitable reflected Cross-Site Scripting vulnerability exists in ...)
@@ -30629,14 +30635,12 @@
 	NOT-FOR-US: Impala
 CVE-2016-6604 (NULL pointer dereference in Samsung Exynos fimg2d driver for Android ...)
 	NOT-FOR-US: Samsung
-CVE-2016-7513 [off-by-one error leading to segfault]
-	RESERVED
+CVE-2016-7513 (Off-by-one error in magick/cache.c in ImageMagick allows remote ...)
 	{DSA-3652-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832455)
 	[wheezy] - imagemagick <not-affected> (Affected code does not exist in version 6.7.7.10)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a54fe0e8600eaf3dc6fe717d3c0398001507f723
-CVE-2016-7514 [out-of-bounds read in coders/psd.c]
-	RESERVED
+CVE-2016-7514 (The ReadPSDChannelPixels function in coders/psd.c in ImageMagick ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832457)
 	NOTE: https://bugs.launchpad.net/bugs/1533442
@@ -30653,8 +30657,7 @@
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/82
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/2ad6d33493750a28a5a655d319a8e0b16c392de1
 	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2015-8957 [buffer overflow in sun file handling]
-	RESERVED
+CVE-2015-8957 (Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832464)
 	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26838
@@ -30662,8 +30665,7 @@
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/bd96074b254c6607a0f7731e59f923ad19d5a46d
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/450bd716ed3b9186dd10f9e60f630a3d9eeea2a4
 	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2015-8958 [potential DOS in sun file handling due to malformed files]
-	RESERVED
+CVE-2015-8958 (coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832465)
 	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26857
@@ -30672,22 +30674,19 @@
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/6b4aff0f117b978502ee5bcd6e753c17aec5a961
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/8ea44b48a182dd46d018f4b4f09a5e2ee9638105
 	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7516 [out of bunds problem in rle, pict, viff and sun files]
-	RESERVED
+CVE-2016-7516 (The ReadVIFFImage function in coders/viff.c in ImageMagick allows ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
 	NOTE: https://bugs.launchpad.net/bugs/1533452
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/77
 	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7517
-	RESERVED
+CVE-2016-7517 (The EncodeImage function in coders/pict.c in ImageMagick allows remote ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
 	NOTE: https://bugs.launchpad.net/bugs/1533449
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/80
 	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7518
-	RESERVED
+CVE-2016-7518 (The ReadSUNImage function in coders/sun.c in ImageMagick allows remote ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
 	NOTE: https://bugs.launchpad.net/bugs/1533447
@@ -30699,16 +30698,14 @@
 	NOTE: https://bugs.launchpad.net/bugs/1533445
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/82
 	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7520 [heap overflow in hdr file handling]
-	RESERVED
+CVE-2016-7520 (Heap-based buffer overflow in coders/hdr.c in ImageMagick allows ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832469)
 	NOTE: https://bugs.launchpad.net/bugs/1537213
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/90
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/14e606db148d6ebcaae20f1e1d6d71903ca4a556
 	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7521 [heap buffer overflow in psd file handling]
-	RESERVED
+CVE-2016-7521 (Heap-based buffer overflow in coders/psd.c in ImageMagick allows ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832474)
 	NOTE: https://bugs.launchpad.net/bugs/1537418
@@ -30735,8 +30732,7 @@
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832478)
 	NOTE: https://bugs.launchpad.net/bugs/1537422
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/96
-CVE-2016-7525 [heap buffer overflow in psd file coder]
-	RESERVED
+CVE-2016-7525 (Heap-based buffer overflow in coders/psd.c in ImageMagick allows ...)
 	{DSA-3652-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832480)
 	[wheezy] - imagemagick <not-affected> (The affected function, GetPSDRowSize, does not exist in version 6.7.7.10)
@@ -30744,8 +30740,7 @@
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/98
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/5f16640725b1225e6337c62526e6577f0f88edb8
 	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7526 [out of bound access in wpg file coder]
-	RESERVED
+CVE-2016-7526 (coders/wpg.c in ImageMagick allows remote attackers to cause a denial ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832482)
 	NOTE: https://bugs.launchpad.net/bugs/1539050
@@ -30753,8 +30748,7 @@
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599
 	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7527
-	RESERVED
+CVE-2016-7527 (coders/wpg.c in ImageMagick allows remote attackers to cause a denial ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832482)
 	NOTE: https://bugs.launchpad.net/bugs/1542115
@@ -30777,8 +30771,7 @@
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/103
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a2e1064f288a353bc5fef7f79ccb7683759e775c
 	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7530 [out of bound in quantum handling]
-	RESERVED
+CVE-2016-7530 (The quantum handling code in ImageMagick allows remote attackers to ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832506)
 	NOTE: https://bugs.launchpad.net/bugs/1539067
@@ -30796,8 +30789,7 @@
 	NOTE: https://bugs.launchpad.net/bugs/1542112
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/107
 	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7532 [Fix handling of corrupted psd file]
-	RESERVED
+CVE-2016-7532 (coders/psd.c in ImageMagick allows remote attackers to cause a denial ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832776)
 	NOTE: https://bugs.launchpad.net/bugs/1539066
@@ -30810,23 +30802,20 @@
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/120
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/bef1e4f637d8f665bc133a9c6d30df08d983bc3a
 	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7534 [out of bound access in generic decoder]
-	RESERVED
+CVE-2016-7534 (The generic decoder in ImageMagick allows remote attackers to cause a ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832785)
 	NOTE: https://bugs.launchpad.net/bugs/1542785
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/126
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/430403b0029b37decf216d57f810899cab2317dd
 	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7535 [out of bound access for corrupted psd file]
-	RESERVED
+CVE-2016-7535 (coders/psd.c in ImageMagick allows remote attackers to cause a denial ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832787)
 	NOTE: https://bugs.launchpad.net/bugs/1545180
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/128
 	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7536 [SEGV reported in corrupted profile handling]
-	RESERVED
+CVE-2016-7536 (magick/profile.c in ImageMagick allows remote attackers to cause a ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832789)
 	NOTE: https://bugs.launchpad.net/bugs/1545367
@@ -30840,16 +30829,14 @@
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/143
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/424d40ebfcde48bb872eba75179d3d73704fdf1f
 	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7538 [SIGABRT for corrupted pdb file]
-	RESERVED
+CVE-2016-7538 (coders/psd.c in ImageMagick allows remote attackers to cause a denial ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832793)
 	NOTE: https://bugs.launchpad.net/bugs/1556273
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/148
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/53c1dcd34bed85181b901bfce1a2322f85a59472
 	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2015-8959 [DOS due to corrupted DDS files]
-	RESERVED
+CVE-2015-8959 (coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832944)
 	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26861
@@ -30870,8 +30857,7 @@
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/4e81ce8b07219c69a9aeccb0f7f7b927ca6db74c
 	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=2&t=28946
 	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
-CVE-2016-7540 [writing to rgf format aborts]
-	RESERVED
+CVE-2016-7540 (coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to ...)
 	{DSA-3652-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #827643)
 	[wheezy] - imagemagick <not-affected> (RGF coder is not present in version 6.7.7.10)
@@ -31517,8 +31503,7 @@
 CVE-2016-6348 (JacksonJsonpInterceptor in RESTEasy might allow remote attackers to ...)
 	- resteasy <unfixed> (low; bug #837170)
 	[jessie] - resteasy <no-dsa> (Minor issue)
-CVE-2016-6347
-	RESERVED
+CVE-2016-6347 (Cross-site scripting (XSS) vulnerability in the default exception ...)
 	- resteasy <unfixed> (low; bug #837170)
 	[jessie] - resteasy <no-dsa> (Minor issue)
 CVE-2016-6346 (RESTEasy enables GZIPInterceptor, which allows remote attackers to ...)
@@ -31538,48 +31523,39 @@
 	[jessie] - elog 2.9.2+2014.05.11git44800a7-2+deb8u1
 	NOTE: https://bitbucket.org/ritt/elog/commits/2f6a300572bd6048351af8c45394ae62230c83d9
 	NOTE: https://bitbucket.org/ritt/elog/commits/9ca611aca2b1860efac15f806bf907cc2e6f870a/
-CVE-2016-6341
-	RESERVED
+CVE-2016-6341 (oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list ...)
 	NOT-FOR-US: ovirt-engine
 CVE-2016-6340 (The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces ...)
 	NOT-FOR-US: Red Hat QCI
 CVE-2016-6339
 	REJECTED
-CVE-2016-6338
-	RESERVED
+CVE-2016-6338 (ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization ...)
 	NOT-FOR-US: ovirt-engine
-CVE-2016-6337
-	RESERVED
+CVE-2016-6337 (MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass ...)
 	- mediawiki 1:1.27.1-1
 	[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
-CVE-2016-6336
-	RESERVED
+CVE-2016-6336 (MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before ...)
 	- mediawiki 1:1.27.1-1
 	[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
-CVE-2016-6335
-	RESERVED
+CVE-2016-6335 (MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before ...)
 	- mediawiki 1:1.27.1-1
 	[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
-CVE-2016-6334
-	RESERVED
+CVE-2016-6334 (Cross-site scripting (XSS) vulnerability in the ...)
 	[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
 	- mediawiki 1:1.27.1-1
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
-CVE-2016-6333
-	RESERVED
+CVE-2016-6333 (Cross-site scripting (XSS) vulnerability in the CSS user subpage ...)
 	[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
 	- mediawiki 1:1.27.1-1
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
-CVE-2016-6332
-	RESERVED
+CVE-2016-6332 (MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before ...)
 	[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
 	- mediawiki 1:1.27.1-1
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
-CVE-2016-6331
-	RESERVED
+CVE-2016-6331 (ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x ...)
 	- mediawiki 1:1.27.1-1
 	[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
@@ -33433,12 +33409,12 @@
 	NOT-FOR-US: Micro Focus Rumba
 CVE-2016-5763 (Vulnerability in Novell Open Enterprise Server (OES2015 SP1 before ...)
 	NOT-FOR-US: Novell Open Enterprise Server
-CVE-2016-5762
-	RESERVED
-CVE-2016-5761
-	RESERVED
-CVE-2016-5760
-	RESERVED
+CVE-2016-5762 (Integer overflow in the Post Office Agent in Novell GroupWise before ...)
+	TODO: check
+CVE-2016-5761 (Cross-site scripting (XSS) vulnerability in Novell GroupWise before ...)
+	TODO: check
+CVE-2016-5760 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+	TODO: check
 CVE-2016-5759
 	RESERVED
 CVE-2016-5758 (A cross site request forgery protection mechanism in NetIQ Access ...)
@@ -34751,8 +34727,7 @@
 	- firewalld 0.4.3.3-1 (bug #834529)
 	[jessie] - firewalld <no-dsa> (Minor issue)
 	NOTE: Introduced by: https://github.com/t-woerner/firewalld/commit/6b9867cd5c5e2c83adeec42666521a420e59ef11
-CVE-2016-5409
-	RESERVED
+CVE-2016-5409 (Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a ...)
 	NOT-FOR-US: OpenShift Enterprise
 CVE-2016-5408 (Stack-based buffer overflow in the munge_other_line function in ...)
 	{DLA-556-1}
@@ -36682,8 +36657,7 @@
 	[wheezy] - util-linux <no-dsa> (Minor issue)
 	NOTE: https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=7164a1c34d18831ac61c6744ad14ce916d389b3f
 	NOTE: https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=50d1594c2e6142a3b51d2143c74027480df082e0
-CVE-2016-5010 [Out-of-bounds read when processing crafted tiff file]
-	RESERVED
+CVE-2016-5010 (coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to ...)
 	{DSA-3652-1 DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832968)
 	NOTE: Fixed by: http://git.imagemagick.org/repos/ImageMagick/commit/c20de102cc57f3739a8870f79e728e3b0bea18c0
@@ -37309,8 +37283,8 @@
 	RESERVED
 CVE-2016-4863
 	RESERVED
-CVE-2016-4862
-	RESERVED
+CVE-2016-4862 (Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with ...)
+	TODO: check
 CVE-2016-4861 (The (1) order and (2) group methods in Zend_Db_Select in the Zend ...)
 	{DLA-646-1}
 	- zendframework 1.12.20+dfsg-1
@@ -37345,24 +37319,24 @@
 	NOT-FOR-US: YoruFukurou
 CVE-2016-4851 (Cross-site scripting (XSS) vulnerability in Let's PHP! simple chat ...)
 	NOT-FOR-US: Let's PHP! simple chat
-CVE-2016-4850
-	RESERVED
-CVE-2016-4849
-	RESERVED
+CVE-2016-4850 (LINE for Windows before 4.8.3 allows man-in-the-middle attackers to ...)
+	TODO: check
+CVE-2016-4849 (Multiple cross-site scripting (XSS) vulnerabilities in Geeklog IVYWE ...)
+	TODO: check
 CVE-2016-4848 (Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 ...)
 	NOT-FOR-US: ClipBucket
-CVE-2016-4847
-	RESERVED
+CVE-2016-4847 (Cross-site scripting (XSS) vulnerability in site/search.php in OSSEC ...)
+	TODO: check
 CVE-2016-4846
 	RESERVED
 CVE-2016-4845 (Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ...)
 	NOT-FOR-US: I-O DATA
-CVE-2016-4844
-	RESERVED
-CVE-2016-4843
-	RESERVED
-CVE-2016-4842
-	RESERVED
+CVE-2016-4844 (Cybozu Mailwise before 5.4.0 allows remote attackers to conduct ...)
+	TODO: check
+CVE-2016-4843 (Cybozu Mailwise before 5.4.0 allows remote attackers to obtain ...)
+	TODO: check
+CVE-2016-4842 (Cybozu Mailwise before 5.4.0 allows remote attackers to obtain ...)
+	TODO: check
 CVE-2016-4841
 	RESERVED
 CVE-2016-4840
@@ -37409,8 +37383,8 @@
 	NOT-FOR-US: I-O DATA
 CVE-2016-4819 (The printfDx function in Takumi Yamada DX Library for Borland C++ ...)
 	NOT-FOR-US: Borland
-CVE-2016-4818
-	RESERVED
+CVE-2016-4818 (DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for ...)
+	TODO: check
 CVE-2016-4817 (lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5 ...)
 	NOT-FOR-US: H2O
 CVE-2016-4816 (BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and ...)
@@ -37823,8 +37797,8 @@
 	NOT-FOR-US: Apple
 CVE-2016-4651 (Cross-site scripting (XSS) vulnerability in the WebKit JavaScript ...)
 	NOT-FOR-US: Webkit as used by Apple
-CVE-2016-4650
-	RESERVED
+CVE-2016-4650 (Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, ...)
+	TODO: check
 CVE-2016-4649 (Audio in Apple OS X before 10.11.6 allows local users to cause a ...)
 	NOT-FOR-US: Apple
 CVE-2016-4648 (Audio in Apple OS X before 10.11.6 allows local users to obtain ...)
@@ -38987,8 +38961,8 @@
 	NOT-FOR-US: Hancom Office
 CVE-2016-4294 (When opening a Hangul Hcell Document (.cell) and processing a property ...)
 	NOT-FOR-US: Hancom Office
-CVE-2016-4293
-	RESERVED
+CVE-2016-4293 (Multiple heap-based buffer overflows in the (1) ...)
+	TODO: check
 CVE-2016-4292 (When opening a Hangul HShow Document (.hpt) and processing a structure ...)
 	NOT-FOR-US: Hancom Office
 CVE-2016-4291 (When opening a Hangul HShow Document (.hpt) and processing a structure ...)
@@ -49168,22 +49142,22 @@
 	NOT-FOR-US: Kobe Beauty
 CVE-2016-1221
 	RESERVED
-CVE-2016-1220
-	RESERVED
-CVE-2016-1219
-	RESERVED
-CVE-2016-1218
-	RESERVED
-CVE-2016-1217
-	RESERVED
-CVE-2016-1216
-	RESERVED
-CVE-2016-1215
-	RESERVED
-CVE-2016-1214
-	RESERVED
-CVE-2016-1213
-	RESERVED
+CVE-2016-1220 (Cybozu Garoon before 4.2.2 does not properly restrict access. ...)
+	TODO: check
+CVE-2016-1219 (Cybozu Garoon before 4.2.2 allows remote attackers to bypass login ...)
+	TODO: check
+CVE-2016-1218 (SQL injection vulnerability in Cybozu Garoon before 4.2.2. ...)
+	TODO: check
+CVE-2016-1217 (Cross-site scripting (XSS) vulnerability in the "Check available ...)
+	TODO: check
+CVE-2016-1216 (Cross-site scripting (XSS) vulnerability in the "New appointment" ...)
+	TODO: check
+CVE-2016-1215 (Cross-site scripting (XSS) vulnerability in the "User details" ...)
+	TODO: check
+CVE-2016-1214 (Cross-site scripting (XSS) vulnerability in the "Response request" ...)
+	TODO: check
+CVE-2016-1213 (The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote ...)
+	TODO: check
 CVE-2016-1212 (Directory traversal vulnerability in futomi MP Form Mail CGI ...)
 	NOT-FOR-US: futomi MP Form Mail CGI Professional Edition
 CVE-2016-1211 (Cross-site scripting (XSS) vulnerability in Epoch Web Mailing List ...)




More information about the Secure-testing-commits mailing list