[Secure-testing-commits] r49289 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Feb 28 09:10:12 UTC 2017
Author: sectracker
Date: 2017-02-28 09:10:12 +0000 (Tue, 28 Feb 2017)
New Revision: 49289
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-28 07:44:57 UTC (rev 49288)
+++ data/CVE/list 2017-02-28 09:10:12 UTC (rev 49289)
@@ -1,3 +1,39 @@
+CVE-2017-6372
+ RESERVED
+CVE-2017-6371
+ RESERVED
+CVE-2017-6370
+ RESERVED
+CVE-2017-6369
+ RESERVED
+CVE-2017-6368
+ RESERVED
+CVE-2017-6367
+ RESERVED
+CVE-2017-6366
+ RESERVED
+CVE-2017-6365
+ RESERVED
+CVE-2017-6364
+ RESERVED
+CVE-2017-6363
+ RESERVED
+CVE-2017-6362
+ RESERVED
+CVE-2017-6361
+ RESERVED
+CVE-2017-6360
+ RESERVED
+CVE-2017-6359
+ RESERVED
+CVE-2017-6358
+ RESERVED
+CVE-2017-6357
+ RESERVED
+CVE-2017-6356
+ RESERVED
+CVE-2015-8994
+ RESERVED
CVE-2015-8993
RESERVED
CVE-2015-8992
@@ -46,7 +82,7 @@
TODO: check
CVE-2017-6343 (The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware ...)
NOT-FOR-US: Dahua devices
-CVE-2017-6342 (Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 ...)
+CVE-2017-6342 (An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR ...)
NOT-FOR-US: Dahua devices
CVE-2017-6341 (Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 ...)
NOT-FOR-US: Dahua devices
@@ -156,18 +192,22 @@
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=778204
NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
CVE-2017-6310 (An issue was discovered in tnef before 1.4.13. Four type confusions ...)
+ {DLA-839-1}
- tnef <unfixed> (bug #856117)
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/
NOTE: Fixed by: https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d
CVE-2017-6309 (An issue was discovered in tnef before 1.4.13. Two type confusions have ...)
+ {DLA-839-1}
- tnef <unfixed> (bug #856117)
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/
NOTE: Fixed by: https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d
CVE-2017-6308 (An issue was discovered in tnef before 1.4.13. Several Integer ...)
+ {DLA-839-1}
- tnef <unfixed> (bug #856117)
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/
NOTE: Fixed by: https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176
CVE-2017-6307 (An issue was discovered in tnef before 1.4.13. Two OOB Writes have been ...)
+ {DLA-839-1}
- tnef <unfixed> (bug #856117)
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/
NOTE: Fixed by: https://github.com/verdammelt/tnef/commit/1a17af1ed0c791aec44dbdc9eab91218cc1e335a
@@ -6828,8 +6868,7 @@
{DLA-783-1}
- xen 4.8.0-1
NOTE: https://xenbits.xen.org/xsa/advisory-202.html
-CVE-2016-10028 [display: virtio-gpu-3d: OOB access while reading virgl capabilities]
- RESERVED
+CVE-2016-10028 (The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in ...)
- qemu <unfixed> (bug #849798; unimportant)
[jessie] - qemu <not-affected> (Vulnerable code not present)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
@@ -6839,8 +6878,7 @@
NOTE: Marked as unimportant, since 1:2.8+dfsg-2 reverted the support for
NOTE: virtio gpu (virglrenderer) and opengl, but the affected code is
NOTE: still present.
-CVE-2016-10029 [display: virtio-gpu: out of bounds read in virtio_gpu_set_scanout]
- RESERVED
+CVE-2016-10029 (The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built ...)
- qemu 1:2.7+dfsg-1
[jessie] - qemu <not-affected> (Vulnerable code not present)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
@@ -9601,30 +9639,26 @@
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=980
NOTE: https://git.libav.org/?p=libav.git;a=commit;h=e17bcfbecc268ba00cb55025095d70b1025e6c7d (pre 11.9)
NOTE: https://git.libav.org/?p=libav.git;a=commit;h=f106f74206e69e9056130da8bddffc39f3878ac3 (pre 11.9)
-CVE-2016-9818
- RESERVED
+CVE-2016-9818 (Xen through 4.7.x allows local ARM guest OS users to cause a denial of ...)
- xen 4.8.0-1
[jessie] - xen <no-dsa> (Minor issue)
[wheezy] - xen <not-affected> (ARM support introduced in 4.4)
NOTE: https://xenbits.xen.org/xsa/advisory-201.html
NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-4.patch
-CVE-2016-9817
- RESERVED
+CVE-2016-9817 (Xen through 4.7.x allows local ARM guest OS users to cause a denial of ...)
- xen 4.8.0-1
[jessie] - xen <no-dsa> (Minor issue)
[wheezy] - xen <not-affected> (ARM support introduced in 4.4)
NOTE: https://xenbits.xen.org/xsa/advisory-201.html
NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-3.patch
NOTE: or https://xenbits.xen.org/xsa/xsa201-3-4.7.patch
-CVE-2016-9816
- RESERVED
+CVE-2016-9816 (Xen through 4.7.x allows local ARM guest OS users to cause a denial of ...)
- xen 4.8.0-1
[jessie] - xen <no-dsa> (Minor issue)
[wheezy] - xen <not-affected> (ARM support introduced in 4.4)
NOTE: https://xenbits.xen.org/xsa/advisory-201.html
NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-2.patch
-CVE-2016-9815
- RESERVED
+CVE-2016-9815 (Xen through 4.7.x allows local ARM guest OS users to cause a denial of ...)
- xen 4.8.0-1
[jessie] - xen <no-dsa> (Minor issue)
[wheezy] - xen <not-affected> (ARM support introduced in 4.4)
@@ -19703,12 +19737,12 @@
RESERVED
CVE-2016-8388
RESERVED
-CVE-2016-8387
- RESERVED
-CVE-2016-8386
- RESERVED
-CVE-2016-8385
- RESERVED
+CVE-2016-8387 (An exploitable heap-based buffer overflow exists in Iceni Argus. When ...)
+ TODO: check
+CVE-2016-8386 (An exploitable heap-based buffer overflow exists in Iceni Argus. When ...)
+ TODO: check
+CVE-2016-8385 (An exploitable uninitialized variable vulnerability which leads to a ...)
+ TODO: check
CVE-2016-8384
RESERVED
CVE-2016-8383
@@ -19959,8 +19993,7 @@
RESERVED
CVE-2016-1000243
RESERVED
-CVE-2016-7553 [Information disclosure vulnerability in buf.pl]
- RESERVED
+CVE-2016-7553 (The buf.pl before 2.20 script in Irssi before 0.8.20 uses weak ...)
{DLA-722-1}
- irssi 0.8.20-2 (bug #838762)
[jessie] - irssi 0.8.17-1+deb8u2
@@ -30335,8 +30368,7 @@
{DLA-547-1}
- graphicsmagick 1.3.24-1
NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/8d175c4edfe7
-CVE-2016-5240 [negative stroke-dasharray arguments which were resulting in endless looping.]
- RESERVED
+CVE-2016-5240 (The DrawDashPolygon function in magick/render.c in GraphicsMagick ...)
{DSA-3746-1 DLA-547-1}
- graphicsmagick 1.3.24-1
NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ddc999ec896c
@@ -65633,8 +65665,7 @@
NOTE: libv8 is not covered by security support
NOTE: https://nodesecurity.io/advisories/serve-static-xss
NOTE: https://github.com/expressjs/serve-index/issues/28
-CVE-2015-8903 [denial of service flaw in VICAR file processing]
- RESERVED
+CVE-2015-8903 (The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x ...)
[experimental] - imagemagick 8:6.9.1.2-1
- imagemagick 8:6.8.9.9-6 (low)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
@@ -65643,8 +65674,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/02/20/4
NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26933
NOTE: http://web.archive.org/web/20150428140926/http://trac.imagemagick.org/changeset/17856
-CVE-2015-8902 [denial of service flaw in PDB file processing]
- RESERVED
+CVE-2015-8902 (The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before ...)
[experimental] - imagemagick 8:6.9.1.2-1
- imagemagick 8:6.8.9.9-6 (low)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
@@ -65653,8 +65683,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/02/20/4
NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26932
NOTE: http://web.archive.org/web/20150428145652/http://trac.imagemagick.org/changeset/17855
-CVE-2015-8901 [denial of service flaw in MIFF file processing]
- RESERVED
+CVE-2015-8901 (ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a ...)
[experimental] - imagemagick 8:6.9.1.2-1
- imagemagick 8:6.8.9.9-6
[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
@@ -65664,8 +65693,7 @@
NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26931
NOTE: http://trac.imagemagick.org/changeset/17854
TODO: The link in the previous line is broken. Please, consider replacing it. Error: Name or service not known
-CVE-2015-8900 [denial of service flaw in HDR file processing]
- RESERVED
+CVE-2015-8900 (The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x ...)
[experimental] - imagemagick 8:6.9.1.2-1
- imagemagick 8:6.8.9.9-6
[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
More information about the Secure-testing-commits
mailing list