[Secure-testing-commits] r47678 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Jan 2 21:10:12 UTC 2017
Author: sectracker
Date: 2017-01-02 21:10:12 +0000 (Mon, 02 Jan 2017)
New Revision: 47678
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-02 20:44:11 UTC (rev 47677)
+++ data/CVE/list 2017-01-02 21:10:12 UTC (rev 47678)
@@ -1,3 +1,13 @@
+CVE-2016-10098
+ RESERVED
+CVE-2016-10097 (XML External Entity (XXE) Vulnerability in ...)
+ TODO: check
+CVE-2016-10096 (SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 ...)
+ TODO: check
+CVE-2016-10090
+ RESERVED
+CVE-2016-10086
+ RESERVED
CVE-2017-5004
RESERVED
CVE-2017-5003
@@ -99,21 +109,26 @@
CVE-2017-4955
RESERVED
CVE-2016-10095 [stack-buffer-overflow in tiffsplit]
+ RESERVED
- tiff <unfixed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2625
CVE-2016-10094 [off-by-one error in tiff2pdf]
+ RESERVED
- tiff 4.0.7-4
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2640
NOTE: Fixed by: https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76b0969235c
CVE-2016-10093 [uint32 underflow/overflow that can cause heap-based buffer overflow in tiffcp]
+ RESERVED
- tiff 4.0.7-2
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2610
NOTE: Fixed by: https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec
CVE-2016-10092 [heap-buffer-overflow in tiffcrop]
+ RESERVED
- tiff 4.0.7-2
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
NOTE: Fixed by: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
CVE-2016-10091 [stack-based buffer overflows in cmd_* functions]
+ RESERVED
- unrtf 0.21.9-clean-3 (bug #849705)
[jessie] - unrtf <no-dsa> (Minor issue)
[wheezy] - unrtf <no-dsa> (Minor issue)
@@ -2262,6 +2277,7 @@
CVE-2017-3895
RESERVED
CVE-2016-10087 [NULL pointer dereference]
+ RESERVED
- libpng1.6 1.6.27-1 (bug #849799)
- libpng <removed>
[jessie] - libpng <no-dsa> (Minor issue)
@@ -2274,8 +2290,7 @@
RESERVED
- tqdm <unfixed> (bug #849632)
NOTE: https://github.com/tqdm/tqdm/issues/328
-CVE-2016-10074 [Remote Code Execution]
- RESERVED
+CVE-2016-10074 (The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer ...)
- libphp-swiftmailer <unfixed> (bug #849626)
NOTE: https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html
CVE-2016-10073
@@ -2306,8 +2321,7 @@
RESERVED
CVE-2016-10035
RESERVED
-CVE-2016-10034
- RESERVED
+CVE-2016-10034 (The setFrom function in the Sendmail adapter in the zend-mail ...)
- zendframework <undetermined>
NOTE: https://framework.zend.com/security/advisory/ZF2016-04
NOTE: https://github.com/zendframework/zendframework/commit/7c1e89815f5a9c016f4b8088e59b07cb2bf99dc0
@@ -2315,12 +2329,10 @@
TODO: check if 1.x series is affected as well
CVE-2014-9914
RESERVED
-CVE-2016-10045 [Bypass of the CVE-2016-10033 patch]
- RESERVED
+CVE-2016-10045 (The isMail transport in PHPMailer before 5.2.20, when the Sender ...)
- libphp-phpmailer <not-affected> (Incomplete fix not applied)
NOTE: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
-CVE-2016-10033 [remote code execution]
- RESERVED
+CVE-2016-10033 (The mailSend function in the isMail transport in PHPMailer before ...)
{DSA-3750-1 DLA-770-1}
- libphp-phpmailer 5.2.14+dfsg-2.1 (bug #849365)
NOTE: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
@@ -2981,10 +2993,10 @@
RESERVED
CVE-2016-9943
RESERVED
-CVE-2016-9942
- RESERVED
-CVE-2016-9941
- RESERVED
+CVE-2016-9942 (Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer ...)
+ TODO: check
+CVE-2016-9941 (Heap-based buffer overflow in rfbproto.c in LibVNCClient in ...)
+ TODO: check
CVE-2016-9940
RESERVED
CVE-2016-9955 [Incorrect signature verification]
@@ -10982,7 +10994,7 @@
RESERVED
CVE-2016-9577
RESERVED
-CVE-2016-10088 [Issue which remains after a0ac402cfcdc904f9772e1762b3fda112dcc56a0]
+CVE-2016-10088 (The sg implementation in the Linux kernel through 4.9 does not ...)
{DLA-772-1}
- linux <unfixed>
NOTE: Fixed by: https://git.kernel.org/linus/128394eff343fc6d2f32172f03e24829539c5835 (v4.10-rc1)
@@ -14314,6 +14326,7 @@
- moodle 2.7.17+dfsg-1
NOTE: https://moodle.org/mod/forum/discuss.php?d=343275
CVE-2016-10089
+ RESERVED
- nagios3 <not-affected> (Vulnerable code not present)
NOTE: Flaw in upstream damon-init.in. Debian package installs an own init-skript.
CVE-2016-8641
@@ -19865,14 +19878,14 @@
RESERVED
CVE-2016-6860
RESERVED
-CVE-2016-6859
- RESERVED
-CVE-2016-6858
- RESERVED
-CVE-2016-6857
- RESERVED
-CVE-2016-6856
- RESERVED
+CVE-2016-6859 (Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote ...)
+ TODO: check
+CVE-2016-6858 (Cross-site scripting (XSS) vulnerability in the Create Employee ...)
+ TODO: check
+CVE-2016-6857 (Cross-site scripting (XSS) vulnerability in the Create Catalogue ...)
+ TODO: check
+CVE-2016-6856 (Cross-site scripting (XSS) vulnerability in the Inbox Search feature ...)
+ TODO: check
CVE-2016-6855 (Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, ...)
{DLA-605-1}
- eog 3.20.4-1
@@ -35389,47 +35402,47 @@
CVE-2016-2268 (Dell SecureWorks app before 2.1 for iOS does not validate SSL ...)
NOT-FOR-US: Dell
CVE-2016-2267
- RESERVED
+ REJECTED
CVE-2016-2266
- RESERVED
+ REJECTED
CVE-2016-2265
- RESERVED
+ REJECTED
CVE-2016-2264
- RESERVED
+ REJECTED
CVE-2016-2263
- RESERVED
+ REJECTED
CVE-2016-2262
- RESERVED
+ REJECTED
CVE-2016-2261
- RESERVED
+ REJECTED
CVE-2016-2260
- RESERVED
+ REJECTED
CVE-2016-2259
- RESERVED
+ REJECTED
CVE-2016-2258
- RESERVED
+ REJECTED
CVE-2016-2257
- RESERVED
+ REJECTED
CVE-2016-2256
- RESERVED
+ REJECTED
CVE-2016-2255
- RESERVED
+ REJECTED
CVE-2016-2254
- RESERVED
+ REJECTED
CVE-2016-2253
- RESERVED
+ REJECTED
CVE-2016-2252
- RESERVED
+ REJECTED
CVE-2016-2251
- RESERVED
+ REJECTED
CVE-2016-2250
- RESERVED
+ REJECTED
CVE-2016-2249
- RESERVED
+ REJECTED
CVE-2016-2248
- RESERVED
+ REJECTED
CVE-2016-2247
- RESERVED
+ REJECTED
CVE-2016-2246 (HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control ...)
TODO: check
CVE-2016-2245 (HP Support Assistant before 8.1.52.1 allows remote attackers to bypass ...)
@@ -35924,7 +35937,7 @@
NOTE: https://www.samba.org/samba/security/CVE-2016-2126.html
CVE-2016-2125 [Unconditional privilege delegation to Kerberos servers in trusted realms]
RESERVED
- {DSA-3740-1}
+ {DSA-3740-1 DLA-776-1}
- samba 2:4.5.2+dfsg-2
NOTE: https://www.samba.org/samba/security/CVE-2016-2125.html
NOTE: Patch (with some more) here: https://download.samba.org/pub/samba/patches/security/samba-4.3.12-security-20016-12-19.patch
@@ -40179,9 +40192,9 @@
CVE-2016-1005 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...)
NOT-FOR-US: Adobe Flash
CVE-2016-1004
- RESERVED
+ REJECTED
CVE-2016-1003
- RESERVED
+ REJECTED
CVE-2016-1002 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...)
NOT-FOR-US: Adobe Flash
CVE-2016-1001 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and ...)
@@ -63134,7 +63147,7 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1709 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2015-1708 (Microsoft Internet Explorer 7 and 8 allows remote attackers to execute ...)
+CVE-2015-1708 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1707
RESERVED
More information about the Secure-testing-commits
mailing list