[Secure-testing-commits] r49034 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Feb 17 21:10:12 UTC 2017 

Author: sectracker
Date: 2017-02-17 21:10:12 +0000 (Fri, 17 Feb 2017)
New Revision: 49034

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-02-17 21:09:28 UTC (rev 49033)
+++ data/CVE/list	2017-02-17 21:10:12 UTC (rev 49034)
@@ -1,3 +1,7 @@
+CVE-2017-6061
+	RESERVED
+CVE-2017-6060
+	RESERVED
 CVE-2017-6058 [net: vmxnet3: OOB NetRxPkt::ehdr_buf access when doing vlan stripping]
 	RESERVED
 	- qemu <unfixed>
@@ -538,6 +542,7 @@
 	[jessie] - gnome-keyring <no-dsa> (Minor issue)
 	[wheezy] - gnome-keyring <no-dsa> (Minor issue)
 CVE-2017-6059 [information leak in error messages]
+	RESERVED
 	- libapache2-mod-auth-openidc 2.1.5-1
 	NOTE: https://github.com/pingidentity/mod_auth_openidc/issues/212
 CVE-2017-6062 [OIDCUnAuthAction pass does not scrub request headers]
@@ -18485,7 +18490,7 @@
 	RESERVED
 CVE-2016-8496
 	RESERVED
-CVE-2016-8495 (FortiManager does not properly validate TLS certificates when probing ...)
+CVE-2016-8495 (An improper certificate validation vulnerability in Fortinet ...)
 	NOT-FOR-US: FortiManager
 CVE-2016-8494 (Insufficient verification of uploaded files allows attackers with ...)
 	NOT-FOR-US: Fortiguard
@@ -21649,8 +21654,7 @@
 	RESERVED
 CVE-2016-7512
 	RESERVED
-CVE-2016-7511 [Integer Overflow]
-	RESERVED
+CVE-2016-7511 (Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows ...)
 	{DLA-635-1}
 	- dwarfutils 20160923-1 (bug #838757)
 	[jessie] - dwarfutils <no-dsa> (Minor issue, can be fixed in point release)
@@ -21660,8 +21664,7 @@
 	NOTE: See though notes for CVE-2016-7410, the 3767305debcba8bd7e1c483ae48c509d25399252
 	NOTE: seem to be the ultimate fix upstream, introducing commit should as well still be
 	NOTE: found.
-CVE-2016-7510 [Out-of-Bounds read]
-	RESERVED
+CVE-2016-7510 (The read_line_table_program function in ...)
 	{DLA-635-1}
 	- dwarfutils 20160923-1 (bug #838756)
 	[jessie] - dwarfutils <no-dsa> (Minor issue, can be fixed in point release)
@@ -22993,8 +22996,7 @@
 	RESERVED
 CVE-2016-7095 (Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a ...)
 	NOT-FOR-US: Exponent CMS
-CVE-2016-7111
-	RESERVED
+CVE-2016-7111 (MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content ...)
 	- mantis <not-affected> (Vulnerable code introduced in 1.3.0-rc.2)
 	NOTE: https://github.com/mantisbt/mantisbt/commit/b3511d2feb47eaee41feb5f69cf3c8a2c9acd229
 	NOTE: https://mantisbt.org/bugs/view.php?id=21263
@@ -23690,28 +23692,22 @@
 	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg03176.html
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=47882fa4975bf0b58dd74474329fdd7154e8f04c
-CVE-2016-6875 [Fix infinite recursion in wddx]
-	RESERVED
+CVE-2016-6875 (Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows ...)
 	- hhvm 3.12.11+dfsg-1 (bug #835032)
 	NOTE: https://github.com/facebook/hhvm/commit/1888810e77b446a79a7674784d5f139fcfa605e2
-CVE-2016-6874 [Fix recursion checks in array_*_recursive]
-	RESERVED
+CVE-2016-6874 (The array_*_recursive functions in Facebook HHVM before 3.15.0 allows ...)
 	- hhvm 3.12.11+dfsg-1 (bug #835032)
 	NOTE: https://github.com/facebook/hhvm/commit/05e706d98f748f609b19d8697e490eaab5007d69
-CVE-2016-6873 [Fix self recursion in compact]
-	RESERVED
+CVE-2016-6873 (Self recursion in compact in Facebook HHVM before 3.15.0 allows ...)
 	- hhvm 3.12.11+dfsg-1 (bug #835032)
 	NOTE: https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e
-CVE-2016-6872 [Fix integer overflow in StringUtil::implode]
-	RESERVED
+CVE-2016-6872 (Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 ...)
 	- hhvm 3.12.11+dfsg-1 (bug #835032)
 	NOTE: https://github.com/facebook/hhvm/commit/2c9a8fcc73a151608634d3e712973d192027c271
-CVE-2016-6871 [Fix buffer overrun due to integer overflow in bcmath]
-	RESERVED
+CVE-2016-6871 (Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows ...)
 	- hhvm 3.12.11+dfsg-1 (bug #835032)
 	NOTE: https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475
-CVE-2016-6870 [incorrect use of strndup]
-	RESERVED
+CVE-2016-6870 (Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, ...)
 	- hhvm 3.12.11+dfsg-1 (bug #835032)
 	NOTE: https://github.com/facebook/hhvm/commit/365abe807cab2d60dc9ec307292a06181f77a9c2
 CVE-2016-6866 (slock allows attackers to bypass the screen lock via vectors involving ...)
@@ -26057,14 +26053,13 @@
 	NOTE: https://github.com/libarchive/libarchive/issues/711
 	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/3014e19820ea53c15c90f9d447ca3e668a0b76c6 (v3.2.1)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/1
-CVE-2016-6252 [incorrect integer handling]
-	RESERVED
+CVE-2016-6252 (Integer overflow in shadow 4.2.1 allows local users to gain privileges ...)
 	- shadow 1:4.4-1 (bug #832170)
 	[wheezy] - shadow <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/shadow-maint/shadow/issues/27
 	NOTE: Fixed by: https://github.com/shadow-maint/shadow/commit/1d5a926cc2d6078d23a96222b1ef3e558724dad1 (4.3.1)
 CVE-2016-6251 [potentially unsafe use of getlogin]
-	RESERVED
+	REJECTED
 	- shadow <unfixed> (unimportant)
 	NOTE: https://github.com/shadow-maint/shadow/issues/28
 	NOTE: The use of getlogin in shadow is safe, it is only used to diferentiate
@@ -26385,21 +26380,18 @@
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/11f3710417d026ea2f4fcf362d866342c5274185 (v4.6-rc1)
-CVE-2016-6191 [Persistent Cross-Site Scripting in calendar]
-	RESERVED
+CVE-2016-6191 (Multiple cross-site scripting (XSS) vulnerabilities in the View Raw ...)
 	- sogo 3.2.4-0.2
 	[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
 	NOTE: https://sogo.nu/bugs/view.php?id=3718
 	NOTE: http://github.com/inverse-inc/sogo/commit/64ce3c9c22fd9a28caabf11e76216cd53d0245aa (SOGo-3.1.3)
-CVE-2016-6190 [Meta information can be derived from UID/DTSTAMP attributes though "View the Date & Time" restricted access Backend Calendar]
-	RESERVED
+CVE-2016-6190 (SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to ...)
 	- sogo 3.2.4-0.2
 	[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
 	NOTE: Fix SOGo v2: https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225 (SOGo-2.3.12)
 	NOTE: Fix SOGo v3: https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d (SOGo-3.1.1)
 	NOTE: https://sogo.nu/bugs/view.php?id=3696
-CVE-2016-6189 [Private information leakage through ics/XML feeds when restricted to "View the Date & Time"]
-	RESERVED
+CVE-2016-6189 (Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows ...)
 	- sogo 3.2.4-0.2
 	[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
 	NOTE: Fix SOGo v2: https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225 (SOGo-2.3.12)
@@ -27389,8 +27381,7 @@
 	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=97625
 	NOTE: https://github.com/perl5-dbi/DBD-mysql/pull/27
 	NOTE: https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc
-CVE-2014-9905 [Script injection in calendar title]
-	RESERVED
+CVE-2014-9905 (Multiple cross-site scripting (XSS) vulnerabilities in the Web ...)
 	- sogo 2.2.5-1
 	[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
 	NOTE: https://github.com/inverse-inc/sogo/commit/1a7fc2a0e90a19dfb1fce292ae5ff53aa513ade9 (SOGo-2.2.0)
@@ -28787,8 +28778,7 @@
 	NOT-FOR-US: Huawei
 CVE-2016-5365 (Stack-based buffer overflow in Huawei Honor WS851 routers with ...)
 	NOT-FOR-US: Huawei
-CVE-2016-5364
-	RESERVED
+CVE-2016-5364 (Cross-site scripting (XSS) vulnerability in ...)
 	{DLA-512-1}
 	- mantis <removed>
 	NOTE: http://github.com/mantisbt/mantisbt/commit/5068df2d (1.2.x)
@@ -30849,20 +30839,17 @@
 CVE-2016-5091 (Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 ...)
 	- typo3-src <removed>
 	[wheezy] - typo3-src <end-of-life> (Not supported in Wheezy LTS)
-CVE-2016-5044
-	RESERVED
+CVE-2016-5044 (The WRITE_UNALIGNED function in dwarf_elf_access.c in libdwarf before ...)
 	- dwarfutils 20160507-1
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	[wheezy] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
-CVE-2016-5043
-	RESERVED
+CVE-2016-5043 (The dwarf_dealloc function in libdwarf before 20160923 allows remote ...)
 	- dwarfutils 20160507-1
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	[wheezy] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
-CVE-2016-5042
-	RESERVED
+CVE-2016-5042 (The dwarf_get_aranges_list function in libdwarf before 20160923 allows ...)
 	{DLA-669-1}
 	- dwarfutils 20160507-1
 	[jessie] - dwarfutils 20120410-2+deb8u1
@@ -30873,80 +30860,67 @@
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	[wheezy] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
-CVE-2016-5040
-	RESERVED
+CVE-2016-5040 (libdwarf before 20160923 allows remote attackers to cause a denial of ...)
 	- dwarfutils 20160507-1
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	[wheezy] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
-CVE-2016-5039
-	RESERVED
+CVE-2016-5039 (The get_attr_value function in libdwarf before 20160923 allows remote ...)
 	{DLA-669-1}
 	- dwarfutils 20160507-1
 	[jessie] - dwarfutils 20120410-2+deb8u1
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/eb1472afac95031d0c9dd8c11d527b865fe7deb8/
-CVE-2016-5038
-	RESERVED
+CVE-2016-5038 (The dwarf_get_macro_startend_file function in dwarf_macro5.c in ...)
 	{DLA-669-1}
 	- dwarfutils 20160507+git20160523.9086738-1
 	[jessie] - dwarfutils 20120410-2+deb8u1
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/
-CVE-2016-5037
-	RESERVED
+CVE-2016-5037 (The _dwarf_load_section function in libdwarf before 20160923 allows ...)
 	- dwarfutils 20160507-1
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	[wheezy] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/b6ec2dfd850929821626ea63fb0a752076a3c08a/
-CVE-2016-5036
-	RESERVED
+CVE-2016-5036 (The dump_block function in print_sections.c in libdwarf before ...)
 	{DLA-669-1}
 	- dwarfutils 20160507+git20160523.9086738-1
 	[jessie] - dwarfutils 20120410-2+deb8u1
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/
-CVE-2016-5035
-	RESERVED
+CVE-2016-5035 (The _dwarf_read_line_table_header function in ...)
 	- dwarfutils 20160507+git20160523.9086738-1
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	[wheezy] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/
-CVE-2016-5034
-	RESERVED
+CVE-2016-5034 (dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers ...)
 	{DLA-669-1}
 	- dwarfutils 20160507+git20160523.9086738-1
 	[jessie] - dwarfutils 20120410-2+deb8u1
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/10ca310f64368dc083efacac87732c02ef560a92/
-CVE-2016-5033
-	RESERVED
+CVE-2016-5033 (The print_exprloc_content function in libdwarf before 20160923 allows ...)
 	- dwarfutils 20160507+git20160523.9086738-1
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	[wheezy] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/ac6673e32f3443a5d36c2217cb814000930b2c54/
-CVE-2016-5032
-	RESERVED
+CVE-2016-5032 (The dwarf_get_xu_hash_entry function in libdwarf before 20160923 ...)
 	- dwarfutils 20160507+git20160523.9086738-1
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	[wheezy] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/ac6673e32f3443a5d36c2217cb814000930b2c54/
-CVE-2016-5031
-	RESERVED
+CVE-2016-5031 (The print_frame_inst_bytes function in libdwarf before 20160923 allows ...)
 	- dwarfutils 20160507+git20160523.9086738-1
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	[wheezy] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/ac6673e32f3443a5d36c2217cb814000930b2c54/
-CVE-2016-5030
-	RESERVED
+CVE-2016-5030 (The _dwarf_calculate_info_section_end_ptr function in libdwarf before ...)
 	- dwarfutils 20160507+git20160523.9086738-1
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	[wheezy] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/6fa3f710ee6f21bba7966b963033a91d77c952bd/
-CVE-2016-5029
-	RESERVED
+CVE-2016-5029 (The create_fullest_file_path function in libdwarf before 20160923 ...)
 	- dwarfutils 20160507+git20160523.9086738-1
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	[wheezy] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/acae971371daa23a19358bc62204007d258fbc5e/
-CVE-2016-5028
-	RESERVED
+CVE-2016-5028 (The print_frame_inst_bytes function in libdwarf before 20160923 allows ...)
 	- dwarfutils 20160507+git20160523.9086738-1
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	[wheezy] - dwarfutils <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list