[Secure-testing-commits] r49193 - data/CVE

Fri Feb 24 21:10:12 UTC 2017

Author: sectracker
Date: 2017-02-24 21:10:12 +0000 (Fri, 24 Feb 2017)
New Revision: 49193

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-02-24 21:05:32 UTC (rev 49192)
+++ data/CVE/list	2017-02-24 21:10:12 UTC (rev 49193)
@@ -1,3 +1,9 @@
+CVE-2017-6318
+	RESERVED
+CVE-2017-6316
+	RESERVED
+CVE-2017-6315
+	RESERVED
 CVE-2017-XXXX [out of bounds access when reading CMYKA tiff]
 	- graphicsmagick 1.3.25-8
 	NOTE: Fixed by: https://sourceforge.net/p/graphicsmagick/code/ci/6156b4c2992d855ece6079653b3b93c3229fc4b8/
@@ -2,2 +8,3 @@
 CVE-2017-6317 [memory leakage issue in add_shader_program]
+	RESERVED
 	- virglrenderer <unfixed>
@@ -1753,8 +1760,8 @@
 	RESERVED
 CVE-2017-5670
 	RESERVED
-CVE-2017-5669
-	RESERVED
+CVE-2017-5669 (The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 ...)
+	TODO: check
 CVE-2017-5666 [invalid free in free_options (options_manager.c)]
 	RESERVED
 	- mp3splt <unfixed> (bug #854278)
@@ -6874,8 +6881,8 @@
 	RESERVED
 CVE-2016-9976
 	RESERVED
-CVE-2016-9975
-	RESERVED
+CVE-2016-9975 (IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to ...)
+	TODO: check
 CVE-2016-9974
 	RESERVED
 CVE-2016-9973
@@ -8714,6 +8721,7 @@
 	RESERVED
 CVE-2017-3157
 	RESERVED
+	{DSA-3792-1}
 	- libreoffice 1:5.2.3-1
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/
 CVE-2017-3156
@@ -10135,6 +10143,7 @@
 	NOT-FOR-US: hawtio
 CVE-2017-2616 [Sending SIGKILL to other processes with root privileges via su]
 	RESERVED
+	{DSA-3793-1}
 	- shadow 1:4.4-4 (bug #855943)
 	NOTE: https://github.com/shadow-maint/shadow/commit/08fd4b69e84364677a10e519ccb25b71710ee686
 	- util-linux <unfixed> (unimportant)
@@ -17607,8 +17616,8 @@
 	NOT-FOR-US: CloudVision Portal
 CVE-2016-9010 (IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote ...)
 	NOT-FOR-US: IBM
-CVE-2016-9009
-	RESERVED
+CVE-2016-9009 (IBM WebSphere MQ 8.0 could allow an authenticated user with authority ...)
+	TODO: check
 CVE-2016-9008 (IBM UrbanCode Deploy could allow a malicious user to access the Agent ...)
 	NOT-FOR-US: IBM
 CVE-2016-9007
@@ -17629,8 +17638,8 @@
 	NOT-FOR-US: IBM
 CVE-2016-8999 (IBM InfoSphere Information Server contains a Path-relative stylesheet ...)
 	NOT-FOR-US: IBM
-CVE-2016-8998
-	RESERVED
+CVE-2016-8998 (IBM Tivoli Storage Manager Server 7.1 could allow an authenticated ...)
+	TODO: check
 CVE-2016-8997
 	RESERVED
 CVE-2016-8996
@@ -26687,6 +26696,7 @@
 	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/3014e19820ea53c15c90f9d447ca3e668a0b76c6 (v3.2.1)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/1
 CVE-2016-6252 (Integer overflow in shadow 4.2.1 allows local users to gain privileges ...)
+	{DSA-3793-1}
 	- shadow 1:4.4-1 (bug #832170)
 	[wheezy] - shadow <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/shadow-maint/shadow/issues/27
@@ -31556,8 +31566,7 @@
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	[wheezy] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/libdwarf/code/ci/a55b958926cc67f89a512ed30bb5a22b0adb10f4/
-CVE-2016-5027
-	RESERVED
+CVE-2016-5027 (dwarf_form.c in libdwarf 20160115 allows remote attackers to cause a ...)
 	- dwarfutils 20160507+git20160523.9086738-1
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	[wheezy] - dwarfutils <no-dsa> (Minor issue)
@@ -32044,6 +32053,7 @@
 CVE-2016-4795
 	RESERVED
 CVE-2016-4793 (The clientIp function in CakePHP 3.2.4 and earlier allows remote ...)
+	{DLA-835-1}
 	- cakephp 2.8.3-1
 	NOTE: http://legalhackers.com/advisories/CakePHP-IP-Spoofing-Vulnerability.txt
 	NOTE: https://bakery.cakephp.org/2016/03/13/cakephp_2613_2711_282_3017_3112_325_released.html
@@ -32749,8 +32759,7 @@
 	NOT-FOR-US: KMC
 CVE-2016-4494 (Cross-site request forgery (CSRF) vulnerability on KMC Controls ...)
 	NOT-FOR-US: KMC
-CVE-2016-4493 [Read access violations]
-	RESERVED
+CVE-2016-4493 (The demangle_template_value_parm and do_hpacc_template_literal ...)
 	{DLA-552-1}
 	- valgrind <unfixed> (low)
 	[jessie] - valgrind <no-dsa> (Minor issue)
@@ -32768,8 +32777,7 @@
 	[wheezy] - libiberty <no-dsa> (Minor issue)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926
 	NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=238313
-CVE-2016-4492 [Write access violations]
-	RESERVED
+CVE-2016-4492 (Buffer overflow in the do_type function in cplus-dem.c in libiberty ...)
 	{DLA-552-1}
 	- valgrind <unfixed> (low)
 	[jessie] - valgrind <no-dsa> (Minor issue)
@@ -32787,8 +32795,7 @@
 	[wheezy] - libiberty <no-dsa> (Minor issue)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926
 	NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=238313
-CVE-2016-4491 [Stack overflow due to infinite recursion in d_print_comp]
-	RESERVED
+CVE-2016-4491 (The d_print_comp function in cp-demangle.c in libiberty allows remote ...)
 	- valgrind <unfixed> (low)
 	[jessie] - valgrind <no-dsa> (Minor issue)
 	[wheezy] - valgrind <no-dsa> (Minor issue)
@@ -32806,8 +32813,7 @@
 	[wheezy] - libiberty <no-dsa> (Minor issue)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909
 	NOTE: https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html
-CVE-2016-4490 [Write access violation]
-	RESERVED
+CVE-2016-4490 (Integer overflow in cp-demangle.c in libiberty allows remote attackers ...)
 	{DLA-552-1}
 	- valgrind <unfixed> (low)
 	[jessie] - valgrind <no-dsa> (Minor issue)
@@ -32825,8 +32831,7 @@
 	[wheezy] - libiberty <no-dsa> (Minor issue)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498
 	NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=235767
-CVE-2016-4489 [Invalid write due to integer overflow]
-	RESERVED
+CVE-2016-4489 (Integer overflow in the gnu_special function in libiberty allows ...)
 	{DLA-552-1}
 	- valgrind <unfixed> (low)
 	[jessie] - valgrind <no-dsa> (Minor issue)
@@ -32844,8 +32849,7 @@
 	[wheezy] - libiberty <no-dsa> (Minor issue)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492
 	NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=234828
-CVE-2016-4488 [Invalid write due to a use-after-free to array ktypevec]
-	RESERVED
+CVE-2016-4488 (Use-after-free vulnerability in libiberty allows remote attackers to ...)
 	{DLA-552-1}
 	- valgrind <unfixed> (low)
 	[jessie] - valgrind <no-dsa> (Minor issue)
@@ -32863,8 +32867,7 @@
 	[wheezy] - libiberty <no-dsa> (Minor issue)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481
 	NOTE: https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html
-CVE-2016-4487 [Invalid write due to a use-after-free to array btypevec]
-	RESERVED
+CVE-2016-4487 (Use-after-free vulnerability in libiberty allows remote attackers to ...)
 	{DLA-552-1}
 	- valgrind <unfixed> (low)
 	[jessie] - valgrind <no-dsa> (Minor issue)
@@ -34157,14 +34160,11 @@
 	NOTE: Fixed in wheezy by DLA-556-1, c.f. CVE-2016-5408
 CVE-2016-4044
 	RESERVED
-CVE-2016-4043
-	RESERVED
+CVE-2016-4043 (Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote ...)
 	NOT-FOR-US: Plone
-CVE-2016-4042
-	RESERVED
+CVE-2016-4042 (Plone 3.3 through 5.1a1 allows remote attackers to obtain information ...)
 	NOT-FOR-US: Plone
-CVE-2016-4041
-	RESERVED
+CVE-2016-4041 (Plone 4.0 through 5.1a1 does not have security declarations for ...)
 	NOT-FOR-US: Plone
 CVE-2016-4040 (SQL injection vulnerability in the Workflow Screen in dotCMS before ...)
 	NOT-FOR-US: dotCMS
@@ -39697,8 +39697,7 @@
 	RESERVED
 CVE-2016-2227
 	RESERVED
-CVE-2016-2226 [Exploitable buffer overflow]
-	RESERVED
+CVE-2016-2226 (Integer overflow in the string_appends function in cplus-dem.c in ...)
 	{DLA-552-1}
 	- valgrind <unfixed> (low)
 	[jessie] - valgrind <no-dsa> (Minor issue)


