[Secure-testing-commits] r49136 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Feb 22 21:10:13 UTC 2017
Author: sectracker
Date: 2017-02-22 21:10:13 +0000 (Wed, 22 Feb 2017)
New Revision: 49136
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-22 20:41:39 UTC (rev 49135)
+++ data/CVE/list 2017-02-22 21:10:13 UTC (rev 49136)
@@ -1,3 +1,19 @@
+CVE-2017-6194
+ RESERVED
+CVE-2017-6193
+ RESERVED
+CVE-2017-6192
+ RESERVED
+CVE-2017-6191
+ RESERVED
+CVE-2017-6190
+ RESERVED
+CVE-2017-6189
+ RESERVED
+CVE-2017-6187
+ RESERVED
+CVE-2017-6186
+ RESERVED
CVE-2017-6185
RESERVED
CVE-2017-6184
@@ -114,7 +130,7 @@
RESERVED
CVE-2017-6128
RESERVED
-CVE-2017-6188 [munin-cgi-graph local file write vulnerability]
+CVE-2017-6188 (Munin before 2.999.6 has a local file write vulnerability when CGI ...)
- munin <unfixed> (bug #855705)
NOTE: https://github.com/munin-monitoring/munin/issues/721
CVE-2017-6127 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
@@ -231,6 +247,7 @@
CVE-2017-6075
RESERVED
CVE-2017-6074 (The dccp_rcv_state_process function in net/dccp/input.c in the Linux ...)
+ {DSA-3791-1 DLA-833-1}
- linux <unfixed>
NOTE: Fixed by: https://git.kernel.org/linus/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
CVE-2017-6073
@@ -400,6 +417,7 @@
CVE-2014-9916
RESERVED
CVE-2017-6001 (Race condition in kernel/events/core.c in the Linux kernel before ...)
+ {DSA-3791-1 DLA-833-1}
- linux 4.9.10-1
NOTE: Fixed by: https://git.kernel.org/linus/321027c1fe77f892f4ea07846aeae08cefbbb290
CVE-2017-6000
@@ -521,6 +539,7 @@
CVE-2017-5971
RESERVED
CVE-2017-5970 (The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the ...)
+ {DSA-3791-1}
- linux 4.9.10-1
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://github.com/torvalds/linux/commit/34b2cef20f19c87999fff3da4071e66937db9644 (v4.10-rc8)
@@ -750,6 +769,7 @@
NOTE: http://git.qemu-project.org/?p=qemu.git;a=commit;h=c7dfbf322595ded4e70b626bf83158a9f3807c6a
CVE-2017-5897
RESERVED
+ {DSA-3791-1}
- linux <unfixed>
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=7892032cfe67f4bde6fc2ee967e45a8fbaf33756
@@ -1762,11 +1782,9 @@
RESERVED
CVE-2017-5587
RESERVED
-CVE-2017-5586
- RESERVED
+CVE-2017-5586 (OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote ...)
NOT-FOR-US: OpenText Documentum D2
-CVE-2017-5585
- RESERVED
+CVE-2017-5585 (OpenText Documentum Content Server (formerly EMC Documentum Content ...)
NOT-FOR-US: OpenText Documentum Content Server
CVE-2017-5584
RESERVED
@@ -2076,6 +2094,7 @@
NOTE: virtio gpu (virglrenderer) and opengl, but the affected code is
NOTE: still present.
CVE-2017-5551 (The simple_set_acl function in fs/posix_acl.c in the Linux kernel ...)
+ {DSA-3791-1}
- linux 4.9.6-1
[wheezy] - linux 3.2.84-1
NOTE: Backported fix for CVE-2016-7097 already covered this CVE for wheezy
@@ -2087,6 +2106,7 @@
NOTE: Fixed by: https://git.kernel.org/linus/b9dc6f65bc5e232d1c05fe34b5daadc7e8bbf1fb (4.10-rc4)
NOTE: Introduced by: https://github.com/torvalds/linux/commit/241699cd72a8489c9446ae3910ddd243e9b9061b (4.9-rc1)
CVE-2017-5549 (The klsi_105_get_line_state function in ...)
+ {DSA-3791-1 DLA-833-1}
- linux 4.9.6-1
NOTE: Fixed by: https://git.kernel.org/linus/146cc8a17a3b4996f6805ee5c080e7101277c410 (4.10-rc4)
CVE-2017-5548 (drivers/net/ieee802154/atusb.c in the Linux kernel 4.9.x before 4.9.6 ...)
@@ -6731,8 +6751,7 @@
- game-music-emu 0.6.0-4 (bug #848071)
NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1
-CVE-2016-9956 [Allows the route manager to overwrite arbitrary files]
- RESERVED
+CVE-2016-9956 (The route manager in FlightGear before 2016.4.4 allows remote ...)
{DSA-3742-1}
- flightgear 1:2016.4.3+dfsg-1 (bug #848114)
NOTE: http://www.openwall.com/lists/oss-security/2016/12/14/11
@@ -8416,16 +8435,14 @@
NOTE: https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/f84233785ddeed01445fc855f3ae1e8a62f167e1
NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/aa6bf38843f51a0fc7205acc98a7b84f3c4c9c4f
-CVE-2016-9910 [for the mishandling of all of the other mentioned characters in attribute values]
- RESERVED
+CVE-2016-9910 (The serializer in html5lib before 0.99999999 might allow remote ...)
- html5lib 0.999999999-1
[jessie] - html5lib <no-dsa> (Minor issue)
[wheezy] - html5lib <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7
NOTE: https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068
NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/5
-CVE-2016-9909 [for the mishandling of the '<' character in attribute values]
- RESERVED
+CVE-2016-9909 (The serializer in html5lib before 0.99999999 might allow remote ...)
- html5lib 0.999999999-1
[jessie] - html5lib <no-dsa> (Minor issue)
[wheezy] - html5lib <no-dsa> (Minor issue)
@@ -9805,6 +9822,7 @@
RESERVED
CVE-2017-2618 [selinux: fix off-by-one in setprocattr]
RESERVED
+ {DSA-3791-1}
- linux 4.9.10-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://github.com/torvalds/linux/commit/0c461cb727d146c9ef2d3e86214f498b78b7d125
@@ -9891,6 +9909,7 @@
CVE-2017-2597
RESERVED
CVE-2017-2596 (The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux ...)
+ {DSA-3791-1}
- linux <unfixed>
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.spinics.net/lists/kvm/msg144319.html
@@ -9930,11 +9949,13 @@
CVE-2017-2585
RESERVED
CVE-2017-2584 (arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local ...)
+ {DSA-3791-1}
- linux 4.9.6-1
[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.6-rc1)
NOTE: Upstream patch: https://www.spinics.net/lists/kvm/msg143571.html
NOTE: Fixed by: https://git.kernel.org/linus/129a72a0d3c8e139a04512325384fe5ac119e74d
CVE-2017-2583 (The load_segment_descriptor implementation in arch/x86/kvm/emulate.c ...)
+ {DSA-3791-1}
- linux 4.9.6-1
[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.6-rc1)
NOTE: Fixed by: https://git.kernel.org/linus/33ab91103b3415e12457e3104f0e4517ce12d0f3
@@ -15820,8 +15841,7 @@
- xen 4.8.0-1 (bug #845665)
[wheezy] - xen <not-affected> (Only affects Xen >= 4.4)
NOTE: https://xenbits.xen.org/xsa/advisory-193.html
-CVE-2016-9384 [guest 32-bit ELF symbol table load leaking host data]
- RESERVED
+CVE-2016-9384 (Xen 4.7 allows local guest OS users to obtain sensitive host ...)
- xen 4.8.0-1 (bug #845667)
[jessie] - xen <not-affected> (Only affects Xen >= 4.7)
[wheezy] - xen <not-affected> (Only affects Xen >= 4.7)
@@ -15847,14 +15867,12 @@
{DSA-3729-1 DLA-720-1}
- xen 4.8.0-1 (bug #845670)
NOTE: https://xenbits.xen.org/xsa/advisory-198.html
-CVE-2016-9378 [x86 software interrupt injection mis-handled]
- RESERVED
+CVE-2016-9378 (Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when ...)
- xen 4.8.0-1 (bug #845669)
[jessie] - xen <not-affected> (Only 4.5 onwards vulnerable)
[wheezy] - xen <not-affected> (Only 4.5 onwards vulnerable)
NOTE: https://xenbits.xen.org/xsa/advisory-196.html
-CVE-2016-9377 [x86 software interrupt injection mis-handled]
- RESERVED
+CVE-2016-9377 (Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when ...)
- xen 4.8.0-1 (bug #845669)
[jessie] - xen <not-affected> (Only 4.5 onwards vulnerable)
[wheezy] - xen <not-affected> (Only 4.5 onwards vulnerable)
@@ -16251,8 +16269,7 @@
RESERVED
CVE-2016-9322
RESERVED
-CVE-2016-9400 [possible remote code execution on the client]
- RESERVED
+CVE-2016-9400 (The CClient::ProcessServerPacket method in engine/client/client.cpp in ...)
- teeworlds 0.6.4+dfsg-1 (bug #844546)
[jessie] - teeworlds <no-dsa> (Minor issue; can be fixed via point release)
[wheezy] - teeworlds <end-of-life> (Games are not supported in Wheezy)
@@ -16678,6 +16695,7 @@
NOTE: https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5
NOTE: http://www.openwall.com/lists/oss-security/2016/11/04/12
CVE-2016-9191 (The cgroup offline implementation in the Linux kernel through 4.8.11 ...)
+ {DSA-3791-1}
- linux 4.9.6-1
[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.11-rc1)
NOTE: Fixed by: https://git.kernel.org/linus/93362fa47fe98b62e4a34ab408c4a418432e7939 (v4.10-rc4)
@@ -17327,8 +17345,8 @@
RESERVED
CVE-2016-8987
RESERVED
-CVE-2016-8986
- RESERVED
+CVE-2016-8986 (IBM WebSphere MQ 8.0 could allow an authenticated user with access to ...)
+ TODO: check
CVE-2016-8985
RESERVED
CVE-2016-8984
@@ -17469,8 +17487,8 @@
RESERVED
CVE-2016-8916
RESERVED
-CVE-2016-8915
- RESERVED
+CVE-2016-8915 (IBM WebSphere MQ 8.0 could allow an authenticated user with access to ...)
+ TODO: check
CVE-2016-8914
RESERVED
CVE-2016-8913 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote ...)
@@ -18388,8 +18406,7 @@
[wheezy] - dracut <not-affected> (Introduced in 030 upstream)
NOTE: Fixed by: http://git.kernel.org/cgit/boot/dracut/dracut.git/commit/?id=0db98910a11c12a454eac4c8e86dc7a7bbc764a4
NOTE: Introduced by: http://git.kernel.org/cgit/boot/dracut/dracut.git/commit/?id=5f2c30d9bcd614d546d5c55c6897e33f88b9ab90 (030)
-CVE-2016-8636 [mem_check_range integer overflow]
- RESERVED
+CVE-2016-8636 (Integer overflow in the mem_check_range function in ...)
- linux 4.9.10-1
[jessie] - linux <not-affected> (Vulnerable code not present)
[wheezy] - linux <not-affected> (Vulnerable code not present)
@@ -19088,6 +19105,7 @@
CVE-2016-8406 (An information disclosure vulnerability in kernel components including ...)
- linux <not-affected> (Android-specific Linux components)
CVE-2016-8405 (An information disclosure vulnerability in kernel components including ...)
+ {DSA-3791-1 DLA-833-1}
- linux 4.9.6-1
NOTE: Fixed by: https://git.kernel.org/linus/2dc705a9930b4806250fbf5a76e55266e59389f2
CVE-2016-8404 (An information disclosure vulnerability in kernel components including ...)
@@ -24218,9 +24236,11 @@
CVE-2016-6788 (An elevation of privilege vulnerability in the MediaTek I2C driver ...)
NOT-FOR-US: MediaTek driver for Android
CVE-2016-6787 (kernel/events/core.c in the performance subsystem in the Linux kernel ...)
+ {DSA-3791-1 DLA-833-1}
- linux 4.0.2-1
NOTE: Fixed by: https://git.kernel.org/linus/f63a8daa5812afef4f06c962351687e1ff9ccb2b (v4.0-rc1)
CVE-2016-6786 (kernel/events/core.c in the performance subsystem in the Linux kernel ...)
+ {DSA-3791-1 DLA-833-1}
- linux 4.0.2-1
NOTE: Fixed by: https://git.kernel.org/linus/f63a8daa5812afef4f06c962351687e1ff9ccb2b (v4.0-rc1)
CVE-2016-6785 (An elevation of privilege vulnerability in the MediaTek driver could ...)
@@ -27712,6 +27732,7 @@
CVE-2014-9896 (drivers/char/adsprpc.c in the Qualcomm components in Android before ...)
- linux <not-affected> (Android-specific driver)
CVE-2014-9895 (drivers/media/media-device.c in the Linux kernel before 3.11, as used ...)
+ {DLA-833-1}
- linux 3.11.5-1
CVE-2014-9894 (drivers/misc/qseecom.c in the Qualcomm components in Android before ...)
- linux <not-affected> (Android-specific driver)
@@ -27726,6 +27747,7 @@
CVE-2014-9889 (drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the ...)
- linux <not-affected> (Android-specific driver)
CVE-2014-9888 (arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM ...)
+ {DLA-833-1}
- linux 3.13.4-1
CVE-2014-9887 (drivers/misc/qseecom.c in the Qualcomm components in Android before ...)
- linux <not-affected> (Android-specific driver)
@@ -36595,8 +36617,8 @@
NOT-FOR-US: IBM
CVE-2016-3053 (IBM AIX contains an unspecified vulnerability that would allow a ...)
NOT-FOR-US: IBM
-CVE-2016-3052
- RESERVED
+CVE-2016-3052 (IBM WebSphere MQ 8.0, under nonstandard configurations, sends password ...)
+ TODO: check
CVE-2016-3051
RESERVED
CVE-2016-3050
@@ -36677,8 +36699,8 @@
RESERVED
CVE-2016-3014 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...)
NOT-FOR-US: IBM
-CVE-2016-3013
- RESERVED
+CVE-2016-3013 (IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ ...)
+ TODO: check
CVE-2016-3012 (IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 ...)
NOT-FOR-US: IBM
CVE-2016-3011
@@ -85007,8 +85029,8 @@
RESERVED
CVE-2014-4679
RESERVED
-CVE-2014-4677
- RESERVED
+CVE-2014-4677 (The installPackage function in the installerHelper subcomponent in ...)
+ TODO: check
CVE-2014-4676
RESERVED
CVE-2014-4675
More information about the Secure-testing-commits
mailing list