[Secure-testing-commits] r49129 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Feb 22 17:42:32 UTC 2017
Author: jmm
Date: 2017-02-22 17:42:32 +0000 (Wed, 22 Feb 2017)
New Revision: 49129
Modified:
data/CVE/list
Log:
NFUs
"new" important node module issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-22 15:49:47 UTC (rev 49128)
+++ data/CVE/list 2017-02-22 17:42:32 UTC (rev 49129)
@@ -31919,74 +31919,74 @@
CVE-2016-4694 (The Apache HTTP Server in Apple OS X before 10.12 and OS X Server ...)
TODO: check
CVE-2016-4693 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4692 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
- webkit2gtk 2.14.3-1 (unimportant)
NOTE: Not covered by security support
CVE-2016-4691 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4690 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4689 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4688 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4687
RESERVED
CVE-2016-4686 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4685 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4684
RESERVED
CVE-2016-4683 (An issue was discovered in certain Apple products. macOS before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4682 (An issue was discovered in certain Apple products. macOS before 10.12 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4681 (An issue was discovered in certain Apple products. macOS before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4680 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4679 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4678 (An issue was discovered in certain Apple products. macOS before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4677 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4676
RESERVED
CVE-2016-4675 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4674 (An issue was discovered in certain Apple products. macOS before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4673 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4672
RESERVED
CVE-2016-4671 (An issue was discovered in certain Apple products. macOS before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4670 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4669 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4668
RESERVED
CVE-2016-4667 (An issue was discovered in certain Apple products. macOS before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4666 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4665 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4664 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4663 (An issue was discovered in certain Apple products. macOS before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4662 (An issue was discovered in certain Apple products. macOS before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4661 (An issue was discovered in certain Apple products. macOS before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4660 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4659
RESERVED
CVE-2016-4658 (libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and ...)
@@ -32074,7 +32074,7 @@
CVE-2016-4618 (Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS ...)
NOT-FOR-US: Apple
CVE-2016-4617 (An issue was discovered in certain Apple products. macOS before 10.12 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4616 (libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...)
TODO: check
CVE-2016-4615 (libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...)
@@ -32082,7 +32082,7 @@
CVE-2016-4614 (libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...)
TODO: check
CVE-2016-4613 (An issue was discovered in certain Apple products. Safari before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4612 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...)
TODO: check
CVE-2016-4611 (WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 ...)
@@ -32356,11 +32356,11 @@
CVE-2016-4521 (Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before ...)
NOT-FOR-US: Sixnet
CVE-2016-4520 (Schneider Electric Pelco Digital Sentry Video Management System with ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2016-4519 (Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before ...)
- TODO: check
+ NOT-FOR-US: Unitronics VisiLogic
CVE-2016-4518 (OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated ...)
- TODO: check
+ NOT-FOR-US: OSIsoft PI AF Server
CVE-2016-4517
RESERVED
CVE-2016-4516 (ABB PCM600 before 2.7 improperly stores the main application password ...)
@@ -32368,21 +32368,21 @@
CVE-2016-4515
RESERVED
CVE-2016-4514 (Moxa PT-7728 devices with software 3.4 build 15081113 allow remote ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2016-4513 (Cross-site scripting (XSS) vulnerability in the Schneider Electric ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2016-4512 (Stack-based buffer overflow in ELCSimulator in Eaton ELCSoft 2.4.01 ...)
- TODO: check
+ NOT-FOR-US: Eaton ELCSoft
CVE-2016-4511 (ABB PCM600 before 2.7 uses an improper hash algorithm for the main ...)
NOT-FOR-US: ABB PCM600
CVE-2016-4510 (The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x ...)
- TODO: check
+ NOT-FOR-US: Trihedral VTScada
CVE-2016-4509 (Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and ...)
- TODO: check
+ NOT-FOR-US: Eaton ELCSoft
CVE-2016-4508 (Cross-site scripting (XSS) vulnerability in Rexroth Bosch ...)
- TODO: check
+ NOT-FOR-US: Rexroth Bosch
CVE-2016-4507 (SQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 ...)
- TODO: check
+ NOT-FOR-US: Rexroth Bosch
CVE-2016-4506 (Cross-site request forgery (CSRF) vulnerability on Resource Data ...)
NOT-FOR-US: Resource Data Management
CVE-2016-4505 (Resource Data Management (RDM) Intuitive 650 TDB Controller devices ...)
@@ -32390,7 +32390,7 @@
CVE-2016-4504
RESERVED
CVE-2016-4503 (Moxa Device Server Web Console 5232-N allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2016-4502 (Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and ...)
NOT-FOR-US: Environmental Systems Corporation
CVE-2016-4501 (Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and ...)
@@ -32406,9 +32406,9 @@
CVE-2016-4496 (Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to ...)
NOT-FOR-US: Panasonic FPWIN Pro
CVE-2016-4495 (KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow ...)
- TODO: check
+ NOT-FOR-US: KMC
CVE-2016-4494 (Cross-site request forgery (CSRF) vulnerability on KMC Controls ...)
- TODO: check
+ NOT-FOR-US: KMC
CVE-2016-4493 [Read access violations]
RESERVED
{DLA-552-1}
@@ -33733,7 +33733,9 @@
- node-tar <unfixed> (unimportant)
NOTE: libv8 is not covered by security support
CVE-2015-8859 (The send package before 0.11.1 for Node.js allows attackers to obtain ...)
- TODO: check
+ - node-send <unfixed> (unimportant)
+ NOTE: libv8 is not covered by security support
+ NOTE: https://nodesecurity.io/advisories/56
CVE-2015-8858 (The uglify-js package before 2.6.0 for Node.js allows attackers to ...)
- uglifyjs <unfixed> (unimportant)
NOTE: libv8 is not covered by security support
@@ -34223,7 +34225,7 @@
CVE-2016-3950 (Huawei AR3200 routers with software before V200R006C10SPC300 allow ...)
NOT-FOR-US: Huawei AR3200 routers
CVE-2016-3949 (Siemens SIMATIC S7-300 Profinet-enabled CPU devices with firmware ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2016-3959 (The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x ...)
- golang 2:1.6.1-1 (bug #820369)
[jessie] - golang <no-dsa> (Minor issue)
@@ -34233,7 +34235,7 @@
- golang <not-affected> (Only affects Go on Windows)
NOTE: https://golang.org/cl/21428
CVE-2016-3946 (SAP Console (aka SAPConsole) 7.30 allows local users to discover SAP ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2016-3945 (Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile ...)
{DSA-3762-1 DLA-795-1 DLA-610-1}
- tiff 4.0.7-1
@@ -34288,13 +34290,13 @@
CVE-2016-3940 (The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus ...)
TODO: check
CVE-2016-3939 (drivers/video/msm/mdss/mdss_debug.c in the Qualcomm video driver in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3938 (drivers/video/msm/mdss/mdss_mdp_overlay.c in the Qualcomm video driver ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3937 (The MediaTek video driver in Android before 2016-10-05 allows ...)
- TODO: check
+ NOT-FOR-US: MediaTek driver for Android
CVE-2016-3936 (The MediaTek video driver in Android before 2016-10-05 allows ...)
- TODO: check
+ NOT-FOR-US: MediaTek driver for Android
CVE-2016-3935 (Multiple integer overflows in drivers/crypto/msm/qcedev.c in the ...)
TODO: check
CVE-2016-3934 (drivers/media/platform/msm/camera_v2/sensor/io/msm_camera_cci_i2c.c in ...)
@@ -34304,17 +34306,17 @@
CVE-2016-3932 (mediaserver in Android before 2016-10-05 allows attackers to gain ...)
TODO: check
CVE-2016-3931 (drivers/misc/qseecom.c in the Qualcomm QSEE Communicator driver in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3930 (The NVIDIA MMC test driver in Android before 2016-10-05 on Nexus 9 ...)
- TODO: check
+ NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3929 (Unspecified vulnerability in a Qualcomm component in Android before ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3928 (The MediaTek video driver in Android before 2016-10-05 allows ...)
- TODO: check
+ NOT-FOR-US: MediaTek driver for Android
CVE-2016-3927 (Unspecified vulnerability in a Qualcomm component in Android before ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3926 (Unspecified vulnerability in a Qualcomm component in Android before ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3925 (server/wifi/anqp/ANQPFactory.java in Android 6.x before 2016-10-01 and ...)
TODO: check
CVE-2016-3924 (services/audioflinger/Effects.cpp in mediaserver in Android 4.x before ...)
@@ -34356,13 +34358,13 @@
CVE-2016-3906 (An information disclosure vulnerability in Qualcomm components ...)
TODO: check
CVE-2016-3905 (CORE/HDD/src/wlan_hdd_main.c in the Qualcomm Wi-Fi driver in Android ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3904 (An elevation of privilege vulnerability in the Qualcomm bus driver in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3903 (drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the ...)
TODO: check
CVE-2016-3902 (drivers/platform/msm/ipa/ipa_qmi_service.c in the Qualcomm IPA driver ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3901 (Multiple integer overflows in drivers/crypto/msm/qcedev.c in the ...)
TODO: check
CVE-2016-3900 (cmds/servicemanager/service_manager.c in ServiceManager in Android ...)
@@ -34378,11 +34380,11 @@
CVE-2016-3895 (Integer overflow in the Region::unflatten function in ...)
TODO: check
CVE-2016-3894 (The Qualcomm DMA component in Android before 2016-09-05 on Nexus 6 ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3893 (The wcdcal_hwdep_ioctl_shared function in ...)
TODO: check
CVE-2016-3892 (The Qualcomm SPMI driver in Android before 2016-09-05 on Nexus 5, 5X, ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3891
RESERVED
CVE-2016-3890 (The Java Debug Wire Protocol (JDWP) implementation in adb/sockets.cpp ...)
@@ -34418,7 +34420,7 @@
CVE-2016-3875 (server/wm/WindowManagerService.java in Android 6.x before 2016-09-01 ...)
TODO: check
CVE-2016-3874 (CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3873 (The NVIDIA kernel in Android before 2016-09-05 on Nexus 9 devices ...)
TODO: check
CVE-2016-3872 (Buffer overflow in codecs/on2/dec/SoftVPX.cpp in libstagefright in ...)
@@ -34430,15 +34432,15 @@
CVE-2016-3869 (The Broadcom Wi-Fi driver in Android before 2016-09-05 on Nexus 5, ...)
TODO: check
CVE-2016-3868 (The Qualcomm power driver in Android before 2016-09-05 on Nexus 5X and ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3867 (The Qualcomm IPA driver in Android before 2016-09-05 on Nexus 5X and ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3866 (The Qualcomm sound driver in Android before 2016-09-05 on Nexus 5X, 6, ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3865 (The Synaptics touchscreen driver in Android before 2016-09-05 on Nexus ...)
TODO: check
CVE-2016-3864 (The Qualcomm radio interface layer in Android before 2016-09-05 on ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3863 (Multiple stack-based buffer overflows in the AVCC reassembly ...)
TODO: check
CVE-2016-3862 (media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, ...)
@@ -34540,19 +34542,19 @@
CVE-2016-3817
RESERVED
CVE-2016-3816 (The MediaTek display driver in Android before 2016-07-05 on Android ...)
- TODO: check
+ NOT-FOR-US: MediaTek driver for Android
CVE-2016-3815 (The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 ...)
- TODO: check
+ NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3814 (The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 ...)
- TODO: check
+ NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3813 (The Qualcomm USB driver in Android before 2016-07-05 on Nexus 5, 5X, ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3812 (The MediaTek video codec driver in Android before 2016-07-05 on ...)
- TODO: check
+ NOT-FOR-US: MediaTek driver for Android
CVE-2016-3811 (The kernel video driver in Android before 2016-07-05 on Nexus 9 ...)
TODO: check
CVE-2016-3810 (The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One ...)
- TODO: check
+ NOT-FOR-US: MediaTek driver for Android
CVE-2016-3809 (The networking component in Android before 2016-07-05 on Android One, ...)
TODO: check
CVE-2016-3808 (The serial peripheral interface driver in Android before 2016-07-05 on ...)
@@ -34560,35 +34562,35 @@
CVE-2016-3807 (The serial peripheral interface driver in Android before 2016-07-05 on ...)
TODO: check
CVE-2016-3806 (The MediaTek display driver in Android before 2016-07-05 on Android ...)
- TODO: check
+ NOT-FOR-US: MediaTek driver for Android
CVE-2016-3805 (The MediaTek power management driver in Android before 2016-07-05 on ...)
- TODO: check
+ NOT-FOR-US: MediaTek driver for Android
CVE-2016-3804 (The MediaTek power management driver in Android before 2016-07-05 on ...)
- TODO: check
+ NOT-FOR-US: MediaTek driver for Android
CVE-2016-3803 (The kernel filesystem implementation in Android before 2016-07-05 on ...)
TODO: check
CVE-2016-3802 (The kernel filesystem implementation in Android before 2016-07-05 on ...)
TODO: check
CVE-2016-3801 (The MediaTek GPS driver in Android before 2016-07-05 on Android One ...)
- TODO: check
+ NOT-FOR-US: MediaTek driver for Android
CVE-2016-3800 (The MediaTek video driver in Android before 2016-07-05 on Android One ...)
- TODO: check
+ NOT-FOR-US: MediaTek driver for Android
CVE-2016-3799 (The MediaTek video driver in Android before 2016-07-05 on Android One ...)
- TODO: check
+ NOT-FOR-US: MediaTek driver for Android
CVE-2016-3798 (The MediaTek hardware sensor driver in Android before 2016-07-05 on ...)
- TODO: check
+ NOT-FOR-US: MediaTek driver for Android
CVE-2016-3797 (The Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 5X ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3796 (The MediaTek power driver in Android before 2016-07-05 on Android One ...)
- TODO: check
+ NOT-FOR-US: MediaTek driver for Android
CVE-2016-3795 (The MediaTek power driver in Android before 2016-07-05 on Android One ...)
- TODO: check
+ NOT-FOR-US: MediaTek driver for Android
CVE-2016-3794
REJECTED
CVE-2016-3793 (The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 ...)
- TODO: check
+ NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3792 (CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3791
RESERVED
CVE-2016-3790
@@ -36129,13 +36131,13 @@
CVE-2016-3198 (Microsoft Edge allows remote attackers to bypass the Content Security ...)
NOT-FOR-US: Microsoft
CVE-2016-3196 (Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2016-3195 (Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Fortinet
CVE-2016-3194 (Cross-site scripting (XSS) vulnerability in the address added page in ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2016-3193 (Cross-site scripting (XSS) vulnerability in the appliance ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2016-3192
RESERVED
CVE-2016-3190 (The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c ...)
@@ -36276,11 +36278,11 @@
CVE-2016-3131
RESERVED
CVE-2016-3130 (An information disclosure vulnerability in the Core and Management ...)
- TODO: check
+ NOT-FOR-US: BlackBerry
CVE-2016-3129 (A remote shell execution vulnerability in the BlackBerry Good ...)
- TODO: check
+ NOT-FOR-US: BlackBerry
CVE-2016-3128 (A spoofing vulnerability in the Core of BlackBerry Enterprise Server ...)
- TODO: check
+ NOT-FOR-US: BlackBerry
CVE-2016-3127
RESERVED
CVE-2016-3126 (Cross-site scripting (XSS) vulnerability in the Management Console in ...)
@@ -36559,9 +36561,9 @@
NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4230
NOTE: Fixed in 1.3.6rc2, 1.3.5b.
CVE-2016-3064 (NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 ...)
- TODO: check
+ NOT-FOR-US: NetApp
CVE-2016-3063 (Multiple functions in NetApp OnCommand System Manager before 8.3.2 do ...)
- TODO: check
+ NOT-FOR-US: NetApp
CVE-2016-3062 (The mov_read_dref function in libavformat/mov.c in Libav before 11.7 ...)
{DSA-3603-1 DLA-515-1}
- libav <removed>
@@ -38422,19 +38424,19 @@
CVE-2016-2505 (mpeg2ts/ATSParser.cpp in libstagefright in mediaserver in Android 6.x ...)
NOT-FOR-US: libstagefright
CVE-2016-2504 (The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2503 (The Qualcomm GPU driver in Android before 2016-07-05 on Nexus 5X and ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2502 (drivers/usb/gadget/f_serial.c in the Qualcomm USB driver in Android ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2501 (The Qualcomm camera driver in Android before 2016-07-05 on Nexus 5X, ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2500 (Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, ...)
TODO: check
CVE-2016-2499 (AudioSource.cpp in libstagefright in mediaserver in Android 4.x before ...)
NOT-FOR-US: libstagefright
CVE-2016-2498 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2497 (services/core/java/com/android/server/pm/PackageManagerService.java in ...)
TODO: check
CVE-2016-2496 (The Framework UI permission-dialog implementation in Android 6.x ...)
@@ -38444,17 +38446,17 @@
CVE-2016-2494 (Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x ...)
TODO: check
CVE-2016-2493 (The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, ...)
- TODO: check
+ NOT-FOR-US: Broadcom driver for Android
CVE-2016-2492 (The MediaTek power-management driver in Android before 2016-06-01 on ...)
- TODO: check
+ NOT-FOR-US: MediaTek driver for Android
CVE-2016-2491 (The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 ...)
- TODO: check
+ NOT-FOR-US: NVIDIA driver for Android
CVE-2016-2490 (The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 ...)
- TODO: check
+ NOT-FOR-US: NVIDIA driver for Android
CVE-2016-2489 (The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2488 (The Qualcomm camera driver in Android before 2016-06-01 on Nexus 5, ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2487 (libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x ...)
NOT-FOR-US: libstagefright
CVE-2016-2486 (mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x ...)
@@ -38849,11 +38851,11 @@
NOTE: http://www.pidgin.im/news/security/?id=98
NOTE: https://bitbucket.org/pidgin/main/commits/1c4acc6977a8686ad980e5b820327c9c47dbeaca
CVE-2016-2364 (The Chrome HUDweb plugin before 2016-05-05 for Fonality (previously ...)
- TODO: check
+ NOT-FOR-US: Fonality
CVE-2016-2363 (Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 ...)
- TODO: check
+ NOT-FOR-US: Fonality
CVE-2016-2362 (Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 ...)
- TODO: check
+ NOT-FOR-US: Fonality
CVE-2016-2361
RESERVED
CVE-2016-2360
@@ -38867,7 +38869,7 @@
CVE-2016-2356
RESERVED
CVE-2016-2355 (SQL injection vulnerability in the REST API in dotCMS before 3.3.2 ...)
- TODO: check
+ NOT-FOR-US: dotCMS
CVE-2016-2354 (The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver ...)
NOT-FOR-US: Lemur Vehicle Monitors BlueDriver
CVE-2016-2353 (The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows ...)
@@ -39148,9 +39150,9 @@
CVE-2016-2309 (iRZ RUH2 before 2b does not validate firmware patches, which allows ...)
NOT-FOR-US: iRZ RUH2
CVE-2016-2308 (American Auto-Matrix Aspect-Nexus Building Automation Front-End ...)
- TODO: check
+ NOT-FOR-US: American Auto-Matrix
CVE-2016-2307 (American Auto-Matrix Aspect-Nexus Building Automation Front-End ...)
- TODO: check
+ NOT-FOR-US: American Auto-Matrix
CVE-2016-2306 (The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows ...)
NOT-FOR-US: Ecava IntegraXor
CVE-2016-2305 (Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before ...)
@@ -39217,7 +39219,7 @@
CVE-2016-2275 (The web interface on Advantech/B+B SmartWorx VESP211-EU devices with ...)
NOT-FOR-US: SmartWorx
CVE-2016-2274 (An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base ...)
- TODO: check
+ NOT-FOR-US: Adcon
CVE-2016-2273
RESERVED
CVE-2016-2272 (Eaton Lighting EG2 Web Control 4.04P and earlier allows remote ...)
@@ -39442,9 +39444,9 @@
CVE-2016-2207 (The AntiVirus Decomposer engine in Symantec Advanced Threat Protection ...)
NOT-FOR-US: Symantec
CVE-2016-2206 (The management console in Symantec Workspace Streaming (SWS) 7.5.x ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2016-2205 (Directory traversal vulnerability in the file-download configuration ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2016-2204 (The management console on Symantec Messaging Gateway (SMG) Appliance ...)
NOT-FOR-US: Symantec
CVE-2016-2203 (The management console on Symantec Messaging Gateway (SMG) Appliance ...)
@@ -39458,7 +39460,7 @@
CVE-2015-8802
RESERVED
CVE-2015-8801 (Race condition in the client in Symantec Endpoint Protection (SEP) ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2015-8800 (Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x ...)
NOT-FOR-US: Symantec
CVE-2015-8799 (Directory traversal vulnerability in the Management Server in Symantec ...)
@@ -40120,13 +40122,13 @@
CVE-2016-2083
RESERVED
CVE-2016-2082 (Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2016-2081 (Cross-site scripting (XSS) vulnerability in VMware vRealize Log ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2016-2080
RESERVED
CVE-2016-2079 (VMware NSX Edge 6.1 before 6.1.7 and 6.2 before 6.2.3 and vCNS Edge ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2016-2078 (Cross-site scripting (XSS) vulnerability in the Web Client in VMware ...)
NOT-FOR-US: VMware
CVE-2016-2077 (VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before ...)
@@ -40422,7 +40424,7 @@
CVE-2016-2000 (HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem ...)
NOT-FOR-US: HPE Asset Manager
CVE-2016-1999 (The server in HP Release Control 9.13, 9.20, and 9.21 allows remote ...)
- TODO: check
+ NOT-FOR-US: HP Release Control
CVE-2016-1998 (HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 ...)
NOT-FOR-US: HPE Service Manager
CVE-2016-1997 (HPE Operations Orchestration 10.x before 10.51 and Operations ...)
@@ -40922,7 +40924,7 @@
CVE-2016-1895
RESERVED
CVE-2016-1894 (NetApp OnCommand Workflow Automation before 3.1P2 allows remote ...)
- TODO: check
+ NOT-FOR-US: NetApp
CVE-2016-1893
RESERVED
CVE-2016-1892
@@ -40997,17 +40999,17 @@
[jessie] - salt <not-affected> (affects only the 2015.8.x releases of Salt)
NOTE: https://docs.saltstack.com/en/latest/topics/releases/2015.8.5.html
CVE-2016-1865 (The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1864 (The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari ...)
TODO: check
CVE-2016-1863 (The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1862 (Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1861 (The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1860 (Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1859 (The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari ...)
TODO: check
CVE-2016-1858 (WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and ...)
@@ -41023,29 +41025,29 @@
CVE-2016-1854 (WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and ...)
TODO: check
CVE-2016-1853 (Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1852 (Siri in Apple iOS before 9.3.2 does not block data detectors within ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1851 (The Screen Lock feature in Apple OS X before 10.11.5 mishandles ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1850 (SceneKit in Apple OS X before 10.11.5 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1849 (The "Clear History and Website Data" feature in Apple Safari before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1848 (QuickTime in Apple OS X before 10.11.5 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1847 (OpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1846 (The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1845
RESERVED
CVE-2016-1844 (The Messages component in Apple OS X before 10.11.5 mishandles roster ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1843 (The Messages component in Apple OS X before 10.11.5 mishandles ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1842 (MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1841 (libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...)
- libxslt 1.1.29-1
[jessie] - libxslt 1.1.28-2+deb8u1
@@ -41385,7 +41387,7 @@
CVE-2016-1713
RESERVED
CVE-2016-1712 (Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2015-8779 (Stack-based buffer overflow in the catopen function in the GNU C ...)
{DSA-3481-1 DSA-3480-1 DLA-411-1}
- glibc 2.21-7 (bug #812455)
@@ -41909,13 +41911,13 @@
CVE-2016-1597
RESERVED
CVE-2016-1596 (Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus ...)
- TODO: check
+ NOT-FOR-US: Micro Focus
CVE-2016-1595 (LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in ...)
- TODO: check
+ NOT-FOR-US: Micro Focus
CVE-2016-1594 (Micro Focus Novell Service Desk before 7.2 allows remote authenticated ...)
- TODO: check
+ NOT-FOR-US: Micro Focus
CVE-2016-1593 (Directory traversal vulnerability in the import users feature in Micro ...)
- TODO: check
+ NOT-FOR-US: Micro Focus
CVE-2016-1592 (XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote ...)
TODO: check
CVE-2016-1591
@@ -41946,7 +41948,7 @@
CVE-2016-1579
RESERVED
CVE-2016-1578 (Use-after-free vulnerability in Oxide allows remote attackers to cause ...)
- TODO: check
+ NOT-FOR-US: Oxide
CVE-2016-1577 (Double free vulnerability in the jas_iccattrval_destroy function in ...)
{DSA-3508-1}
- jasper <removed> (bug #816625)
@@ -42064,7 +42066,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1288532
NOTE: http://www.openwall.com/lists/oss-security/2016/01/09/1
CVE-2016-1563 (NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 ...)
- TODO: check
+ NOT-FOR-US: NetApp
CVE-2016-1562 (The REST API in the DTE Energy Insight application before 1.7.8 for ...)
NOT-FOR-US: DTE Energy Insight
CVE-2016-1561
@@ -42128,9 +42130,9 @@
NOTE: Commits between 1.7.0 and 1.7.1 seem almost limited to this issue, cf.
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1308461#c3
CVE-2016-1543 (The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) ...)
- TODO: check
+ NOT-FOR-US: BMC
CVE-2016-1542 (The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) ...)
- TODO: check
+ NOT-FOR-US: BMC
CVE-2016-1541 (Heap-based buffer overflow in the zip_read_mac_metadata function in ...)
{DSA-3574-1}
[experimental] - libarchive 3.2.0-1
@@ -42245,7 +42247,7 @@
CVE-2016-1506
RESERVED
CVE-2016-1502 (NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: NetApp
CVE-2016-1497 (The Configuration utility in F5 BIG-IP systems 11.0.x, 11.1.x, 11.2.x ...)
NOT-FOR-US: F5 BIG-IP
CVE-2016-1496 (The graphics driver in Huawei P8 smartphones with software GRA-TL00 ...)
More information about the Secure-testing-commits
mailing list