[Secure-testing-commits] r48993 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Feb 16 09:10:12 UTC 2017
Author: sectracker
Date: 2017-02-16 09:10:12 +0000 (Thu, 16 Feb 2017)
New Revision: 48993
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-16 07:59:46 UTC (rev 48992)
+++ data/CVE/list 2017-02-16 09:10:12 UTC (rev 48993)
@@ -1,4 +1,35 @@
+CVE-2017-6012
+ RESERVED
+CVE-2017-6011
+ RESERVED
+CVE-2017-6010
+ RESERVED
+CVE-2017-6009
+ RESERVED
+CVE-2017-6008
+ RESERVED
+CVE-2017-6007
+ RESERVED
+CVE-2017-6006
+ RESERVED
+CVE-2017-6005
+ RESERVED
+CVE-2017-6004
+ RESERVED
+CVE-2017-6003
+ RESERVED
+CVE-2017-6002
+ RESERVED
+CVE-2014-9919
+ RESERVED
+CVE-2014-9918
+ RESERVED
+CVE-2014-9917
+ RESERVED
+CVE-2014-9916
+ RESERVED
CVE-2017-6001 [Incomplete fix for CVE-2016-6786]
+ RESERVED
- linux <unfixed>
NOTE: Fixed by: https://git.kernel.org/linus/321027c1fe77f892f4ea07846aeae08cefbbb290
CVE-2017-6000 [crypto: memory leakage in qcrypto_ivgen_essiv_init]
@@ -121,6 +152,7 @@
- linux <unfixed>
TODO: check/investigate, further triage first in kernel-sec
CVE-2016-10225
+ RESERVED
NOT-FOR-US: sunxi-debug driver in Allwinner kernel
CVE-2016-10224 (An issue was discovered in Sauter NovaWeb web HMI. The application uses ...)
NOT-FOR-US: Sauter NovaWeb
@@ -5885,8 +5917,8 @@
NOT-FOR-US: Cisco
CVE-2017-3802 (A vulnerability in Cisco Unified Communications Manager could allow an ...)
NOT-FOR-US: Cisco
-CVE-2017-3801
- RESERVED
+CVE-2017-3801 (A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and ...)
+ TODO: check
CVE-2017-3800 (A vulnerability in the content scanning engine of Cisco AsyncOS ...)
NOT-FOR-US: Cisco Email Security Appliance
CVE-2017-3799 (A vulnerability in a URL parameter of Cisco WebEx Meeting Center could ...)
@@ -14414,40 +14446,40 @@
RESERVED
CVE-2017-0325
RESERVED
-CVE-2017-0324
- RESERVED
-CVE-2017-0323
- RESERVED
-CVE-2017-0322
- RESERVED
-CVE-2017-0321
- RESERVED
-CVE-2017-0320
- RESERVED
-CVE-2017-0319
- RESERVED
-CVE-2017-0318
- RESERVED
-CVE-2017-0317
- RESERVED
+CVE-2017-0324 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
+ TODO: check
+CVE-2017-0323 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
+ TODO: check
+CVE-2017-0322 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
+ TODO: check
+CVE-2017-0321 (All versions of NVIDIA GPU Display Driver contain a vulnerability in ...)
+ TODO: check
+CVE-2017-0320 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
+ TODO: check
+CVE-2017-0319 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
+ TODO: check
+CVE-2017-0318 (All versions of NVIDIA Linux GPU Display Driver contain a ...)
+ TODO: check
+CVE-2017-0317 (All versions of NVIDIA GPU and GeForce Experience installer contain a ...)
+ TODO: check
CVE-2017-0316
RESERVED
-CVE-2017-0315
- RESERVED
-CVE-2017-0314
- RESERVED
-CVE-2017-0313
- RESERVED
-CVE-2017-0312
- RESERVED
-CVE-2017-0311
- RESERVED
-CVE-2017-0310
- RESERVED
-CVE-2017-0309
- RESERVED
-CVE-2017-0308
- RESERVED
+CVE-2017-0315 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
+ TODO: check
+CVE-2017-0314 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
+ TODO: check
+CVE-2017-0313 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
+ TODO: check
+CVE-2017-0312 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
+ TODO: check
+CVE-2017-0311 (NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel ...)
+ TODO: check
+CVE-2017-0310 (All versions of NVIDIA GPU Display Driver contain a vulnerability in ...)
+ TODO: check
+CVE-2017-0309 (All versions of NVIDIA GPU Display Driver contain a vulnerability in ...)
+ TODO: check
+CVE-2017-0308 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
+ TODO: check
CVE-2017-0307
RESERVED
CVE-2017-0306
@@ -17766,30 +17798,25 @@
NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-stack-based-buffer-overflow-in-bsdtar_expand_char-util-c/
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a
NOTE: https://github.com/libarchive/libarchive/issues/767
-CVE-2016-8678 [heap-based buffer overflow in IsPixelMonochrome]
- RESERVED
+CVE-2016-8678 (The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ...)
- imagemagick <unfixed> (unimportant; bug #845204)
NOTE: https://blogs.gentoo.org/ago/2016/10/07/imagemagick-heap-based-buffer-overflow-in-ispixelmonochrome-pixel-accessor-h/
NOTE: unimportant: Only an issue with a QuantumDepth=64 build, thus not affecting the binary packages
NOTE: https://github.com/ImageMagick/ImageMagick/issues/272
-CVE-2016-8677 [memory allocate failure in AcquireQuantumPixels]
- RESERVED
+CVE-2016-8677 (The AcquireQuantumPixels function in MagickCore/quantum.c in ...)
{DSA-3726-1 DLA-756-1}
- imagemagick 8:6.9.6.2+dfsg-1 (bug #845206)
NOTE: https://blogs.gentoo.org/ago/2016/10/07/imagemagick-memory-allocate-failure-in-acquirequantumpixels-quantum-c/
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/6e48aa92ff4e6e95424300ecd52a9ea453c19c60
-CVE-2016-8676 [Issue that remains after addressing CVE-2016-8675 with e5b019725f53b79159931d3a7317107cbbfd0860]
- RESERVED
+CVE-2016-8676 (The get_vlc2 function in get_bits.h in Libav 11.9 allows remote ...)
- libav <removed> (unimportant)
NOTE: https://blogs.gentoo.org/ago/2016/09/07/libav-null-pointer-dereference-in-get_vlc2_get_bits_h/
-CVE-2016-8675
- RESERVED
+CVE-2016-8675 (The get_vlc2 function in get_bits.h in Libav before 11.9 allows remote ...)
- libav <removed> (unimportant)
NOTE: https://blogs.gentoo.org/ago/2016/09/07/libav-null-pointer-dereference-in-get_vlc2_get_bits_h/
NOTE: Fixed by: https://github.com/libav/libav/commit/e5b019725f53b79159931d3a7317107cbbfd0860
NOTE: Cf. CVE-2016-8676 as well which remain unfixed after e5b019725f53b79159931d3a7317107cbbfd0860
-CVE-2016-8674
- RESERVED
+CVE-2016-8674 (The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows ...)
- mupdf 1.9a+ds1-2 (bug #840957)
[jessie] - mupdf <no-dsa> (Minor issue)
[wheezy] - mupdf <not-affected> (Crash is not reproducible with reprocuder. Needs clarification from upstream.)
@@ -18415,8 +18442,7 @@
- graphicsmagick 1.3.25-5
NOTE: https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-stack-based-buffer-overflow-in-readsctimage-sct-c/
NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/0a0dfa81906d
-CVE-2016-8679 [dwarf_util.c: heap-based buffer overflow in _dwarf_get_size_of_val]
- RESERVED
+CVE-2016-8679 (The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in ...)
- dwarfutils 20161001-2 (bug #840958)
[jessie] - dwarfutils <no-dsa> (Minor issue)
[wheezy] - dwarfutils <no-dsa> (Minor issue)
@@ -18424,15 +18450,13 @@
NOTE: https://sourceforge.net/p/libdwarf/code/ci/2d14a7792889e33bc542c28d0f3792964c46214f/#diff-13
NOTE: https://sourceforge.net/p/libdwarf/code/ci/efe48cad0693d6994d9a7b561e1c3833b073a624/#diff-2
NOTE: Same fix as CVE-2016-8681 but different issue
-CVE-2016-8680 [dwarf_util.c: heap-based buffer overflow in _dwarf_get_abbrev_for_code]
- RESERVED
+CVE-2016-8680 (The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf ...)
- dwarfutils 20161001-2 (bug #840960)
[jessie] - dwarfutils <no-dsa> (Minor issue)
[wheezy] - dwarfutils <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2016/10/08/12
NOTE: https://sourceforge.net/p/libdwarf/code/ci/268c1f18d1d28612af3b72d7c670076b1b88e51c/tree/libdwarf/dwarf_util.c?diff=0b28b923c3bd9827d1d904feed2abadde4fa5de2
-CVE-2016-8681 [dwarf_util.c: heap-based buffer overflow in _dwarf_get_abbrev_for_code second one]
- RESERVED
+CVE-2016-8681 (The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf ...)
- dwarfutils 20161001-2 (bug #840961)
[jessie] - dwarfutils <no-dsa> (Minor issue)
[wheezy] - dwarfutils <no-dsa> (Minor issue)
@@ -21578,8 +21602,7 @@
NOT-FOR-US: Oracle
CVE-2016-7500
RESERVED
-CVE-2016-7499
- RESERVED
+CVE-2016-7499 (The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote ...)
- libav <removed> (unimportant)
NOTE: https://blogs.gentoo.org/ago/2016/09/21/libav-divide-by-zero-in-sbr_make_f_master-aacsbr-c/
CVE-2016-7498 (OpenStack Compute (nova) 13.0.0 does not properly delete instances ...)
@@ -21638,8 +21661,7 @@
- php5 <removed>
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73093
NOTE: Patch for 5.6.x: http://git.php.net/?p=php-src.git;a=commit;h=40e7baab3c90001beee4c8f0ed0ef79ad18ee0d6 (5.6.28)
-CVE-2016-7477
- RESERVED
+CVE-2016-7477 (The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 ...)
- libav <removed> (unimportant)
NOTE: https://blogs.gentoo.org/ago/2016/09/20/libav-null-pointer-dereference-in-ff_put_pixels8_xy2_mmx-rnd_template-c/
CVE-2016-7476
@@ -22382,16 +22404,14 @@
NOT-FOR-US: Microsoft
CVE-2016-7181 (Microsoft Edge allows remote attackers to execute arbitrary code or ...)
NOT-FOR-US: Microsoft
-CVE-2016-7393 [stack-based buffer overflow in aac_sync (aac_parser.c)]
- RESERVED
+CVE-2016-7393 (Stack-based buffer overflow in the aac_sync function in aac_parser.c ...)
{DLA-644-1}
- ffmpeg 7:2.4-1
- libav <removed>
[jessie] - libav 6:11.6-1~deb8u1
NOTE: https://blogs.gentoo.org/ago/2016/08/20/libav-stack-based-buffer-overflow-in-aac_sync-aac_parser-c/
NOTE: https://git.libav.org/?p=libav.git;a=commit;h=fb1473080223a634b8ac2cca48a632d037a0a69d
-CVE-2016-7392 [heap-based buffer overflow in pstoedit_suffix_table_init (output-pstoedit.c)]
- RESERVED
+CVE-2016-7392 (Heap-based buffer overflow in the pstoedit_suffix_table_init function ...)
{DLA-621-1}
- autotrace 0.31.1-17 (bug #837599)
NOTE: https://blogs.gentoo.org/ago/2016/09/10/autotrace-heap-based-buffer-overflow-in-pstoedit_suffix_table_init-output-pstoedit-c/
More information about the Secure-testing-commits
mailing list