[Secure-testing-commits] r47678 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Mon Jan 2 21:10:12 UTC 2017


Author: sectracker
Date: 2017-01-02 21:10:12 +0000 (Mon, 02 Jan 2017)
New Revision: 47678

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-01-02 20:44:11 UTC (rev 47677)
+++ data/CVE/list	2017-01-02 21:10:12 UTC (rev 47678)
@@ -1,3 +1,13 @@
+CVE-2016-10098
+	RESERVED
+CVE-2016-10097 (XML External Entity (XXE) Vulnerability in ...)
+	TODO: check
+CVE-2016-10096 (SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 ...)
+	TODO: check
+CVE-2016-10090
+	RESERVED
+CVE-2016-10086
+	RESERVED
 CVE-2017-5004
 	RESERVED
 CVE-2017-5003
@@ -99,21 +109,26 @@
 CVE-2017-4955
 	RESERVED
 CVE-2016-10095 [stack-buffer-overflow in tiffsplit]
+	RESERVED
 	- tiff <unfixed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2625
 CVE-2016-10094 [off-by-one error in tiff2pdf]
+	RESERVED
 	- tiff 4.0.7-4
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2640
 	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76b0969235c
 CVE-2016-10093 [uint32 underflow/overflow that can cause heap-based buffer overflow in tiffcp]
+	RESERVED
 	- tiff 4.0.7-2
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2610
 	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec
 CVE-2016-10092 [heap-buffer-overflow in tiffcrop]
+	RESERVED
 	- tiff 4.0.7-2
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
 	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
 CVE-2016-10091 [stack-based buffer overflows in cmd_* functions]
+	RESERVED
 	- unrtf 0.21.9-clean-3 (bug #849705)
 	[jessie] - unrtf <no-dsa> (Minor issue)
 	[wheezy] - unrtf <no-dsa> (Minor issue)
@@ -2262,6 +2277,7 @@
 CVE-2017-3895
 	RESERVED
 CVE-2016-10087 [NULL pointer dereference]
+	RESERVED
 	- libpng1.6 1.6.27-1 (bug #849799)
 	- libpng <removed>
 	[jessie] - libpng <no-dsa> (Minor issue)
@@ -2274,8 +2290,7 @@
 	RESERVED
 	- tqdm <unfixed> (bug #849632)
 	NOTE: https://github.com/tqdm/tqdm/issues/328
-CVE-2016-10074 [Remote Code Execution]
-	RESERVED
+CVE-2016-10074 (The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer ...)
 	- libphp-swiftmailer <unfixed> (bug #849626)
 	NOTE: https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html
 CVE-2016-10073
@@ -2306,8 +2321,7 @@
 	RESERVED
 CVE-2016-10035
 	RESERVED
-CVE-2016-10034
-	RESERVED
+CVE-2016-10034 (The setFrom function in the Sendmail adapter in the zend-mail ...)
 	- zendframework <undetermined>
 	NOTE: https://framework.zend.com/security/advisory/ZF2016-04
 	NOTE: https://github.com/zendframework/zendframework/commit/7c1e89815f5a9c016f4b8088e59b07cb2bf99dc0
@@ -2315,12 +2329,10 @@
 	TODO: check if 1.x series is affected as well
 CVE-2014-9914
 	RESERVED
-CVE-2016-10045 [Bypass of the CVE-2016-10033 patch]
-	RESERVED
+CVE-2016-10045 (The isMail transport in PHPMailer before 5.2.20, when the Sender ...)
 	- libphp-phpmailer <not-affected> (Incomplete fix not applied)
 	NOTE: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
-CVE-2016-10033 [remote code execution]
-	RESERVED
+CVE-2016-10033 (The mailSend function in the isMail transport in PHPMailer before ...)
 	{DSA-3750-1 DLA-770-1}
 	- libphp-phpmailer 5.2.14+dfsg-2.1 (bug #849365)
 	NOTE: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
@@ -2981,10 +2993,10 @@
 	RESERVED
 CVE-2016-9943
 	RESERVED
-CVE-2016-9942
-	RESERVED
-CVE-2016-9941
-	RESERVED
+CVE-2016-9942 (Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer ...)
+	TODO: check
+CVE-2016-9941 (Heap-based buffer overflow in rfbproto.c in LibVNCClient in ...)
+	TODO: check
 CVE-2016-9940
 	RESERVED
 CVE-2016-9955 [Incorrect signature verification]
@@ -10982,7 +10994,7 @@
 	RESERVED
 CVE-2016-9577
 	RESERVED
-CVE-2016-10088 [Issue which remains after a0ac402cfcdc904f9772e1762b3fda112dcc56a0]
+CVE-2016-10088 (The sg implementation in the Linux kernel through 4.9 does not ...)
 	{DLA-772-1}
 	- linux <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/128394eff343fc6d2f32172f03e24829539c5835 (v4.10-rc1)
@@ -14314,6 +14326,7 @@
 	- moodle 2.7.17+dfsg-1
 	NOTE: https://moodle.org/mod/forum/discuss.php?d=343275
 CVE-2016-10089
+	RESERVED
 	- nagios3 <not-affected> (Vulnerable code not present)
 	NOTE: Flaw in upstream damon-init.in. Debian package installs an own init-skript.
 CVE-2016-8641
@@ -19865,14 +19878,14 @@
 	RESERVED
 CVE-2016-6860
 	RESERVED
-CVE-2016-6859
-	RESERVED
-CVE-2016-6858
-	RESERVED
-CVE-2016-6857
-	RESERVED
-CVE-2016-6856
-	RESERVED
+CVE-2016-6859 (Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote ...)
+	TODO: check
+CVE-2016-6858 (Cross-site scripting (XSS) vulnerability in the Create Employee ...)
+	TODO: check
+CVE-2016-6857 (Cross-site scripting (XSS) vulnerability in the Create Catalogue ...)
+	TODO: check
+CVE-2016-6856 (Cross-site scripting (XSS) vulnerability in the Inbox Search feature ...)
+	TODO: check
 CVE-2016-6855 (Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, ...)
 	{DLA-605-1}
 	- eog 3.20.4-1
@@ -35389,47 +35402,47 @@
 CVE-2016-2268 (Dell SecureWorks app before 2.1 for iOS does not validate SSL ...)
 	NOT-FOR-US: Dell
 CVE-2016-2267
-	RESERVED
+	REJECTED
 CVE-2016-2266
-	RESERVED
+	REJECTED
 CVE-2016-2265
-	RESERVED
+	REJECTED
 CVE-2016-2264
-	RESERVED
+	REJECTED
 CVE-2016-2263
-	RESERVED
+	REJECTED
 CVE-2016-2262
-	RESERVED
+	REJECTED
 CVE-2016-2261
-	RESERVED
+	REJECTED
 CVE-2016-2260
-	RESERVED
+	REJECTED
 CVE-2016-2259
-	RESERVED
+	REJECTED
 CVE-2016-2258
-	RESERVED
+	REJECTED
 CVE-2016-2257
-	RESERVED
+	REJECTED
 CVE-2016-2256
-	RESERVED
+	REJECTED
 CVE-2016-2255
-	RESERVED
+	REJECTED
 CVE-2016-2254
-	RESERVED
+	REJECTED
 CVE-2016-2253
-	RESERVED
+	REJECTED
 CVE-2016-2252
-	RESERVED
+	REJECTED
 CVE-2016-2251
-	RESERVED
+	REJECTED
 CVE-2016-2250
-	RESERVED
+	REJECTED
 CVE-2016-2249
-	RESERVED
+	REJECTED
 CVE-2016-2248
-	RESERVED
+	REJECTED
 CVE-2016-2247
-	RESERVED
+	REJECTED
 CVE-2016-2246 (HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control ...)
 	TODO: check
 CVE-2016-2245 (HP Support Assistant before 8.1.52.1 allows remote attackers to bypass ...)
@@ -35924,7 +35937,7 @@
 	NOTE: https://www.samba.org/samba/security/CVE-2016-2126.html
 CVE-2016-2125 [Unconditional privilege delegation to Kerberos servers in trusted realms]
 	RESERVED
-	{DSA-3740-1}
+	{DSA-3740-1 DLA-776-1}
 	- samba 2:4.5.2+dfsg-2
 	NOTE: https://www.samba.org/samba/security/CVE-2016-2125.html
 	NOTE: Patch (with some more) here: https://download.samba.org/pub/samba/patches/security/samba-4.3.12-security-20016-12-19.patch
@@ -40179,9 +40192,9 @@
 CVE-2016-1005 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...)
 	NOT-FOR-US: Adobe Flash
 CVE-2016-1004
-	RESERVED
+	REJECTED
 CVE-2016-1003
-	RESERVED
+	REJECTED
 CVE-2016-1002 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...)
 	NOT-FOR-US: Adobe Flash
 CVE-2016-1001 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and ...)
@@ -63134,7 +63147,7 @@
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2015-1709 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
 	NOT-FOR-US: Microsoft Internet Explorer
-CVE-2015-1708 (Microsoft Internet Explorer 7 and 8 allows remote attackers to execute ...)
+CVE-2015-1708 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2015-1707
 	RESERVED




More information about the Secure-testing-commits mailing list