[Secure-testing-commits] r48206 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Jan 19 21:10:12 UTC 2017
Author: sectracker
Date: 2017-01-19 21:10:12 +0000 (Thu, 19 Jan 2017)
New Revision: 48206
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-19 20:43:00 UTC (rev 48205)
+++ data/CVE/list 2017-01-19 21:10:12 UTC (rev 48206)
@@ -1,9 +1,13 @@
+CVE-2016-10148 (The wp_ajax_update_plugin function in ...)
+ TODO: check
CVE-2017-5524
+ RESERVED
NOT-FOR-US: Plone
CVE-2017-XXXX [weblate information leak]
- weblate <itp> (bug #745661)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/01/18/11
CVE-2017-5526 [audio: memory leakage in es1370 device; CVE for the memory consumption issue]
+ RESERVED
- qemu <unfixed>
- qemu-kvm <removed>
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01742.html
@@ -11,6 +15,7 @@
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da
TODO: check affected versions
CVE-2017-5525 [audio: memory leakage in ac97 device; CVE for the memory consumption issue]
+ RESERVED
- qemu <unfixed>
- qemu-kvm <removed>
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01740.html
@@ -25,9 +30,11 @@
NOTE: https://lists.osgeo.org/pipermail/mapserver-dev/2017-January/015007.html
NOTE: https://github.com/mapserver/mapserver/commit/e52a436c0e1c5e9f7ef13428dba83194a800f4df
CVE-2017-2578
+ RESERVED
- moodle 2.7.18+dfsg-1
NOTE: https://moodle.org/mod/forum/discuss.php?d=345915
CVE-2017-2576
+ RESERVED
- moodle 2.7.18+dfsg-1
NOTE: https://moodle.org/mod/forum/discuss.php?d=345912
CVE-2017-5521 (An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, ...)
@@ -316,8 +323,7 @@
RESERVED
CVE-2017-5358
RESERVED
-CVE-2016-10147 [crash by spawning mcrypt(alg) with incompatible algorithm]
- RESERVED
+CVE-2016-10147 (crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users ...)
- linux 4.8.15-1
NOTE: Fixed by: https://git.kernel.org/linus/48a992727d82cb7db076fa15d372178743b1f4cd (v4.9)
CVE-2016-10143
@@ -805,9 +811,11 @@
CVE-2016-10125 (D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded ...)
NOT-FOR-US: D-Link
CVE-2016-10127 [XML external entity attack]
+ RESERVED
- python-pysaml2 <unfixed>
NOTE: https://github.com/rohe/pysaml2/issues/366
CVE-2016-10149 [CWE-776 (Entity Expansion)]
+ {DSA-3759-1}
- python-pysaml2 3.0.0-5 (bug #850716)
NOTE: NOTE: https://github.com/rohe/pysaml2/pull/379
NOTE: https://github.com/rohe/pysaml2/commit/6e09a25d9b4b7aa7a506853210a9a14100b8bc9b
@@ -1409,8 +1417,8 @@
NOT-FOR-US: GenixCMS
CVE-2016-10090
RESERVED
-CVE-2016-10086
- RESERVED
+CVE-2016-10086 (RESTful web services in CA Service Desk Manager 12.9 and CA Service ...)
+ TODO: check
CVE-2017-5004
RESERVED
CVE-2017-5003
@@ -3701,6 +3709,7 @@
- tqdm <unfixed> (bug #849632)
NOTE: https://github.com/tqdm/tqdm/issues/328
CVE-2016-10074 (The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer ...)
+ {DLA-792-1}
- libphp-swiftmailer 5.4.2-1.1 (bug #849626)
NOTE: https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html
NOTE: https://github.com/swiftmailer/swiftmailer/issues/844
@@ -5500,6 +5509,7 @@
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3318
RESERVED
+ {DSA-3767-1}
- mariadb-10.1 10.1.21-1 (bug #851759)
- mariadb-10.0 <unfixed> (bug #851755)
- mysql-5.7 <unfixed> (bug #851235)
@@ -5507,6 +5517,7 @@
- mysql-5.5 <removed> (bug #851233)
CVE-2017-3317
RESERVED
+ {DSA-3767-1}
- mariadb-10.1 10.1.21-1 (bug #851759)
- mariadb-10.0 <unfixed> (bug #851755)
- mysql-5.7 <unfixed> (bug #851235)
@@ -5525,11 +5536,13 @@
NOT-FOR-US: Oracle FLEXCUBE
CVE-2017-3313
RESERVED
+ {DSA-3767-1}
- mysql-5.7 <unfixed> (bug #851235)
- mysql-5.6 <unfixed> (bug #851234)
- mysql-5.5 <removed> (bug #851233)
CVE-2017-3312
RESERVED
+ {DSA-3767-1}
- mariadb-10.1 10.1.21-1 (bug #851759)
- mariadb-10.0 <unfixed> (bug #851755)
- mysql-5.7 <unfixed> (bug #851235)
@@ -5590,6 +5603,7 @@
NOT-FOR-US: Oracle PeopleSoft
CVE-2017-3291
RESERVED
+ {DSA-3767-1}
- mariadb-10.1 10.1.21-1 (bug #851759)
- mariadb-10.0 <unfixed> (bug #851755)
- mysql-5.7 <unfixed> (bug #851235)
@@ -5679,6 +5693,7 @@
NOT-FOR-US: Oracle
CVE-2017-3265
RESERVED
+ {DSA-3767-1}
- mariadb-10.1 10.1.21-1 (bug #851759)
- mariadb-10.0 <unfixed> (bug #851755)
- mysql-5.7 <unfixed> (bug #851235)
@@ -5710,6 +5725,7 @@
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2017-3258
RESERVED
+ {DSA-3767-1}
- mariadb-10.1 10.1.21-1 (bug #851759)
- mariadb-10.0 <unfixed> (bug #851755)
- mysql-5.7 <unfixed> (bug #851235)
@@ -5769,6 +5785,7 @@
NOT-FOR-US: Oracle FLEXCUBE
CVE-2017-3244
RESERVED
+ {DSA-3767-1}
- mariadb-10.1 10.1.21-1 (bug #851759)
- mariadb-10.0 <unfixed> (bug #851755)
- mysql-5.7 <unfixed> (bug #851235)
@@ -5776,6 +5793,7 @@
- mysql-5.5 <removed> (bug #851233)
CVE-2017-3243
RESERVED
+ {DSA-3767-1}
- mariadb-10.1 10.1.21-1 (bug #851759)
- mariadb-10.0 <unfixed> (bug #851755)
- mysql-5.7 <not-affected> (Only affects MySQL 5.5)
@@ -5798,6 +5816,7 @@
- glassfish <not-affected> (Only affects 3.x)
CVE-2017-3238
RESERVED
+ {DSA-3767-1}
- mariadb-10.1 10.1.21-1 (bug #851759)
- mariadb-10.0 <unfixed> (bug #851755)
- mysql-5.7 <unfixed> (bug #851235)
@@ -6727,16 +6746,14 @@
[wheezy] - zlib <no-dsa> (Minor issue)
NOTE: https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0
NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
-CVE-2016-9844 [zipinfo buffer overflow]
- RESERVED
+CVE-2016-9844 (Buffer overflow in the zi_short function in zipinfo.c in Info-Zip ...)
{DLA-741-1}
- unzip 6.0-21 (bug #847486)
[jessie] - unzip <no-dsa> (Minor issue)
NOTE: https://launchpad.net/bugs/1643750
NOTE: http://www.openwall.com/lists/oss-security/2016/12/05/13
NOTE: Proposed patch in http://www.openwall.com/lists/oss-security/2016/12/05/19
-CVE-2014-9913 [Buffer overflow in "unzip -l" via list_files() in list.c]
- RESERVED
+CVE-2014-9913 (Buffer overflow in the list_files function in list.c in Info-Zip UnZip ...)
{DLA-741-1}
- unzip 6.0-21 (bug #847485)
[jessie] - unzip <no-dsa> (Minor issue)
@@ -6798,21 +6815,25 @@
NOTE: https://github.com/asarubbo/poc/blob/master/00038-libav-uint8_t64-outofbounds-mpegvideo
CVE-2016-9822
RESERVED
+ {DLA-791-1}
- libav <removed>
NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
NOTE: https://github.com/asarubbo/poc/blob/master/00037-libav-signedintoverflow-mpegvideo_parser
CVE-2016-9821
RESERVED
+ {DLA-791-1}
- libav <removed>
NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
NOTE: https://github.com/asarubbo/poc/blob/master/00037-libav-signedintoverflow-mpegvideo_parser
CVE-2016-9820
RESERVED
+ {DLA-791-1}
- libav <removed>
NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
NOTE: https://github.com/asarubbo/poc/blob/master/00036-libav-leftshift-mpegvideo
CVE-2016-9819
RESERVED
+ {DLA-791-1}
- libav <removed>
NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
NOTE: https://github.com/asarubbo/poc/blob/master/00036-libav-leftshift-mpegvideo
@@ -12204,16 +12225,16 @@
RESERVED
CVE-2016-9681 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity ...)
- serendipity <removed>
-CVE-2016-9680
- RESERVED
-CVE-2016-9679
- RESERVED
-CVE-2016-9678
- RESERVED
-CVE-2016-9677
- RESERVED
-CVE-2016-9676
- RESERVED
+CVE-2016-9680 (Citrix Provisioning Services before 7.12 allows attackers to obtain ...)
+ TODO: check
+CVE-2016-9679 (Citrix Provisioning Services before 7.12 allows attackers to execute ...)
+ TODO: check
+CVE-2016-9678 (Use-after-free vulnerability in Citrix Provisioning Services before ...)
+ TODO: check
+CVE-2016-9677 (Citrix Provisioning Services before 7.12 allows attackers to obtain ...)
+ TODO: check
+CVE-2016-9676 (Buffer overflow in Citrix Provisioning Services before 7.12 allows ...)
+ TODO: check
CVE-2016-9674
RESERVED
CVE-2016-9673
@@ -12270,8 +12291,7 @@
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
- libv8 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
-CVE-2016-9650
- RESERVED
+CVE-2016-9650 (Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and ...)
{DSA-3731-1}
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -12587,8 +12607,7 @@
CVE-2016-9585
RESERVED
NOT-FOR-US: JMX endpoint of Red Hat JBoss EAP 5
-CVE-2016-9584 [heap use-after-free]
- RESERVED
+CVE-2016-9584 (libical allows remote attackers to cause a denial of service ...)
- libical <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/5
CVE-2016-9583 [Out of bounds heap read in jpc_pi_nextpcrl()]
@@ -13959,8 +13978,7 @@
REJECTED
CVE-2016-9302
REJECTED
-CVE-2016-9297 [libtiff/tif_dirread.c read outside buffer in _TIFFPrintField()]
- RESERVED
+CVE-2016-9297 (The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote ...)
{DSA-3762-1 DLA-716-1}
- tiff 4.0.7-1 (bug #844226)
- tiff3 <removed>
@@ -14023,11 +14041,9 @@
NOTE: no security impact
CVE-2016-9294 (Artifex Software, Inc. MuJS before ...)
NOT-FOR-US: MuJS
-CVE-2016-9279
- RESERVED
+CVE-2016-9279 (Use-after-free vulnerability in the Samsung Exynos fimg2d driver for ...)
NOT-FOR-US: Samsung Exynos fimg2d driver for Android
-CVE-2016-9278
- RESERVED
+CVE-2016-9278 (The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, ...)
NOT-FOR-US: Samsung Exynos fimg2d driver for Android
CVE-2016-9276 [heap-based buffer overflow in dwarf_get_aranges_list (dwarf_arange.c)]
RESERVED
@@ -14045,8 +14061,7 @@
NOTE: https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/
NOTE: https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-_dwarf_skim_forms-dwarf_macro5-c
NOTE: Same commit as for CVE-2016-9276. Needs the dwarf_macro5.c part of the commit.
-CVE-2016-9273 [libtiff heap overflow]
- RESERVED
+CVE-2016-9273 (tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial ...)
{DSA-3762-1 DLA-716-1}
- tiff 4.0.7-1 (bug #844013)
- tiff3 <removed>
@@ -14548,8 +14563,7 @@
[jessie] - linux 3.16.7-ckt25-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/linus/76cc404bfdc0d419c720de4daaf2584542734f42 (v4.4-rc8)
-CVE-2016-9109
- RESERVED
+CVE-2016-9109 (Artifex Software MuJS allows attackers to cause a denial of service ...)
NOT-FOR-US: MuJS
CVE-2016-9108
RESERVED
@@ -14559,10 +14573,10 @@
NOTE: Upstream bug: https://trac-plugins.gajim.org/ticket/145
NOTE: Upstream fix: https://trac-plugins.gajim.org/changeset/c7c2e519ed63377bc943dd01c4661b0fe49321ae
NOTE: http://www.openwall.com/lists/oss-security/2016/10/30/2
-CVE-2014-9910
- RESERVED
-CVE-2014-9909
- RESERVED
+CVE-2014-9910 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...)
+ TODO: check
+CVE-2014-9909 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...)
+ TODO: check
CVE-2016-9106 (Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka ...)
{DLA-698-1 DLA-689-1}
- qemu 1:2.8+dfsg-1 (bug #842463)
@@ -18352,8 +18366,7 @@
RESERVED
CVE-2016-8001
RESERVED
-CVE-2016-7999 [Server Side Request Forgery]
- RESERVED
+CVE-2016-7999 (ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote ...)
{DLA-695-1}
- spip 3.1.3-1
NOTE: http://seclists.org/fulldisclosure/2016/Oct/78
@@ -18361,8 +18374,7 @@
NOTE: https://core.spip.net/projects/spip/repository/revisions/23182 (3.1)
NOTE: https://core.spip.net/projects/spip/repository/revisions/23184 (3.0)
NOTE: reproducible in Wheezy (2.1.17-1+deb7u5) and Jessie (3.0.17-2+deb8u2)
-CVE-2016-7998 [Template Compiler/Composer PHP Code Execution]
- RESERVED
+CVE-2016-7998 (The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows ...)
{DLA-695-1}
- spip 3.1.3-1
NOTE: http://seclists.org/fulldisclosure/2016/Oct/76
@@ -18370,13 +18382,11 @@
NOTE: https://core.spip.net/projects/spip/repository/revisions/23189 (3.1)
NOTE: https://core.spip.net/projects/spip/repository/revisions/23192 (3.0)
NOTE: reproducible in Jessie (3.0.17-2+deb8u2)
-CVE-2016-7997 [denial of service via a crash due to an assertion]
- RESERVED
+CVE-2016-7997 (The WPG format reader in GraphicsMagick 1.3.25 and earlier allows ...)
{DSA-3746-1 DLA-683-1}
- graphicsmagick 1.3.25-4
NOTE: patch for this and CVE-2016-7996 at: http://openwall.com/lists/oss-security/2016/10/07/4
-CVE-2016-7996 [missing check that the provided colormap is not larger than 256 entries resulting in potential heap overflow]
- RESERVED
+CVE-2016-7996 (Heap-based buffer overflow in the WPG format reader in GraphicsMagick ...)
{DSA-3746-1 DLA-683-1}
- graphicsmagick 1.3.21-2
NOTE: The patch addressing CVE-2016-7996 applied is in 1.3.25-4, but in
@@ -18423,8 +18433,7 @@
RESERVED
CVE-2016-7983
RESERVED
-CVE-2016-7982 [File Enumeration / Path Traversal]
- RESERVED
+CVE-2016-7982 (Directory traversal vulnerability in ecrire/exec/valider_xml.php in ...)
{DLA-695-1}
- spip 3.1.3-1
NOTE: http://seclists.org/fulldisclosure/2016/Oct/73
@@ -18444,8 +18453,7 @@
NOTE: https://core.spip.net/projects/spip/repository/revisions/23207 (3.1)
NOTE: https://core.spip.net/projects/spip/repository/revisions/23208 (3.0)
NOTE: reproducible in Wheezy (2.1.17-1+deb7u5) and Jessie (3.0.17-2+deb8u2)
-CVE-2016-7981 [Reflected Cross-Site Scripting]
- RESERVED
+CVE-2016-7981 (Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP ...)
{DLA-695-1}
- spip 3.1.3-1
NOTE: http://seclists.org/fulldisclosure/2016/Oct/68
@@ -18453,8 +18461,7 @@
NOTE: https://core.spip.net/projects/spip/repository/revisions/23201 (3.1.x)
NOTE: https://core.spip.net/projects/spip/repository/revisions/23202 (3.0.x)
NOTE: reproducible in Wheezy (2.1.17-1+deb7u5) and Jessie (3.0.17-2+deb8u2)
-CVE-2016-7980 [Cross-Site Request Forgery]
- RESERVED
+CVE-2016-7980 (Cross-site request forgery (CSRF) vulnerability in ...)
{DLA-695-1}
- spip 3.1.3-1
NOTE: http://seclists.org/fulldisclosure/2016/Oct/67
@@ -18725,8 +18732,7 @@
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05556.html
NOTE: i.MX Fast Ethernet Controller emulation introduced in v2.5.0-rc0 with
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=fcbd8018e645f3ab1ef9af94dc88a0d3272926d3 (v2.5.0-rc0)
-CVE-2016-7906 [mogrify use after free]
- RESERVED
+CVE-2016-7906 (magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to ...)
{DSA-3726-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #840435)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
@@ -18950,8 +18956,7 @@
{DSA-3746-1 DLA-651-1}
- graphicsmagick 1.3.25-3
NOTE: https://sourceforge.net/p/graphicsmagick/code/ci/5c7b6d6094a25e99c57f8b18343914ebfd8213ef/
-CVE-2016-7799 [mogrify global buffer overflow]
- RESERVED
+CVE-2016-7799 (MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote ...)
{DSA-3726-1 DLA-756-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #840437)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/280
@@ -19484,11 +19489,9 @@
CVE-2016-7565
RESERVED
NOT-FOR-US: Exponent CMS
-CVE-2016-7564
- RESERVED
+CVE-2016-7564 (Heap-based buffer overflow in the Fp_toString function in jsfunction.c ...)
NOT-FOR-US: MuJS
-CVE-2016-7563
- RESERVED
+CVE-2016-7563 (The chartorune function in Artifex Software MuJS allows attackers to ...)
NOT-FOR-US: MuJS
CVE-2016-7562 (The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before ...)
- ffmpeg 7:3.1.4-1 (bug #840434)
@@ -20600,11 +20603,9 @@
NOTE: CVE assigned for the HTTP/2 protocol issue
CVE-2016-7151
RESERVED
-CVE-2016-7150
- RESERVED
+CVE-2016-7150 (Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and ...)
NOT-FOR-US: b2evolution
-CVE-2016-7149
- RESERVED
+CVE-2016-7149 (Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and ...)
NOT-FOR-US: b2evolution
CVE-2016-7148 (MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript ...)
{DSA-3715-1}
@@ -20682,8 +20683,7 @@
CVE-2016-7145 [certificate fingerprint spoofing through crafted SASL messages]
RESERVED
NOT-FOR-US: Nefarious 2
-CVE-2016-7144 [certificate fingerprint spoofing through crafted SASL messages]
- RESERVED
+CVE-2016-7144 (The m_authenticate function in modules/m_sasl.c in UnrealIRCd before ...)
- unrealircd <itp> (bug #515130)
NOTE: http://www.openwall.com/lists/oss-security/2016/09/04/3
NOTE: unrealircd reportedly vulnerable, and ircd-seven reportedly not vulnerable
@@ -20889,8 +20889,7 @@
RESERVED
CVE-2016-7102
RESERVED
-CVE-2016-7101 [SGI security bug]
- RESERVED
+CVE-2016-7101 (The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers ...)
{DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #836776)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u5
@@ -21482,16 +21481,14 @@
[wheezy] - lshell <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ghantoos/lshell/issues/149
NOTE: http://www.openwall.com/lists/oss-security/2016/08/22/15
-CVE-2016-6897 [CSRF]
- RESERVED
+CVE-2016-6897 (Cross-site request forgery (CSRF) vulnerability in the ...)
- wordpress 4.6.1+dfsg-1 (bug #837090)
[jessie] - wordpress <not-affected> (wp_ajax_update_plugin function introduced in 4.2)
[wheezy] - wordpress <not-affected> (wp_ajax_update_plugin function introduced in 4.2)
NOTE: http://seclists.org/oss-sec/2016/q3/347
NOTE: https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html
NOTE: https://core.trac.wordpress.org/changeset/38168
-CVE-2016-6896 [directory traversal vulnerability]
- RESERVED
+CVE-2016-6896 (Directory traversal vulnerability in the wp_ajax_update_plugin ...)
- wordpress 4.6.1+dfsg-1 (bug #837090)
[jessie] - wordpress <not-affected> (wp_ajax_update_plugin function introduced in 4.2)
[wheezy] - wordpress <not-affected> (wp_ajax_update_plugin function introduced in 4.2)
@@ -21806,8 +21803,7 @@
NOTE: https://git.kernel.org/linus/be0726d33cb8f411945884664924bed3cb8c70ee (v4.6-rc1)
CVE-2015-8951 (Multiple use-after-free vulnerabilities in ...)
TODO: check
-CVE-2016-6823 [Buffer overflow in bmp file reader]
- RESERVED
+CVE-2016-6823 (Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #834504)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/4cc6ec8a4197d4c008577127736bf7985d632323
@@ -22825,12 +22821,10 @@
RESERVED
CVE-2008-7317
RESERVED
-CVE-2016-6527
- RESERVED
+CVE-2016-6527 (The SmartCall Activity component in Telecom application on Samsung ...)
NOT-FOR-US: Samsung
NOTE: http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016
-CVE-2016-6526
- RESERVED
+CVE-2016-6526 (The SpamCall Activity component in Telecom application on Samsung Note ...)
NOT-FOR-US: Samsung
NOTE: http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016
CVE-2016-6595 (** DISPUTED ** The SwarmKit toolkit 1.12.0 for Docker allows remote ...)
@@ -22866,8 +22860,8 @@
RESERVED
CVE-2016-6498
RESERVED
-CVE-2016-6497
- RESERVED
+CVE-2016-6497 (main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP ...)
+ TODO: check
CVE-2016-6496 (The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x ...)
TODO: check
CVE-2016-6525 (Heap-based buffer overflow in the pdf_load_mesh_params function in ...)
@@ -23568,8 +23562,8 @@
RESERVED
CVE-2016-6284
RESERVED
-CVE-2016-6283
- RESERVED
+CVE-2016-6283 (Cross-site scripting (XSS) vulnerability in Atlassian Confluence ...)
+ TODO: check
CVE-2016-6282
RESERVED
CVE-2016-6281
@@ -23658,8 +23652,8 @@
NOTE: PHP Bug: https://bugs.php.net/72513
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=0218acb7e756a469099c4ccfb22bce6c2bd1ef87
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
-CVE-2016-6271
- RESERVED
+CVE-2016-6271 (The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows ...)
+ TODO: check
CVE-2016-6270
RESERVED
CVE-2016-6269
@@ -26013,7 +26007,7 @@
CVE-2016-5600 (Unspecified vulnerability in the PeopleSoft Enterprise SCM Services ...)
TODO: check
CVE-2016-5599 (Unspecified vulnerability in the Oracle Advanced Supply Chain Planning ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5598 (Unspecified vulnerability in the MySQL Connector component 2.1.3 and ...)
- mysql-connector-python 2.1.5-1 (bug #841677)
NOTE: https://blog.qualys.com/laws-of-vulnerabilities/2016/10/18/oracle-october-2016-critical-patch-update
@@ -26026,30 +26020,30 @@
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2016-5596 (Unspecified vulnerability in the Oracle CRM Technical Foundation ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5595 (Unspecified vulnerability in the Oracle Customer Interaction History ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5594 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
TODO: check
CVE-2016-5593 (Unspecified vulnerability in the Oracle Customer Interaction History ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5592 (Unspecified vulnerability in the Oracle Customer Interaction History ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5591 (Unspecified vulnerability in the Oracle Customer Interaction History ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5590
RESERVED
NOT-FOR-US: MySQL Enterprise Monitor
CVE-2016-5589 (Unspecified vulnerability in the Oracle CRM Technical Foundation ...)
NOT-FOR-US: Oracle
CVE-2016-5588 (Unspecified vulnerability in the Oracle Outside In Technology ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5587 (Unspecified vulnerability in the Oracle Customer Interaction History ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5586 (Unspecified vulnerability in the Oracle Email Center component in ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5585 (Unspecified vulnerability in the Oracle Interaction Center ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5584 (Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 ...)
{DSA-3711-1 DSA-3706-1 DLA-708-1}
- mariadb-10.0 10.0.28-1
@@ -26058,7 +26052,7 @@
- mysql-5.5 <removed> (bug #841050)
NOTE: Fixed in MariaDB 5.5.53, MariaDB 10.0.28
CVE-2016-5583 (Unspecified vulnerability in the Oracle One-to-One Fulfillment ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5582 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and ...)
{DSA-3707-1 DLA-704-1}
- openjdk-8 8u111-b14-1
@@ -26068,13 +26062,13 @@
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2016-5581 (Unspecified vulnerability in the Oracle iRecruitment component in ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5580 (Unspecified vulnerability in the Secure Global Desktop component in ...)
NOT-FOR-US: Secure Global Desktop
CVE-2016-5579 (Unspecified vulnerability in the Oracle Outside In Technology ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5578 (Unspecified vulnerability in the Oracle Outside In Technology ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5577 (Unspecified vulnerability in the Oracle Outside In Technology ...)
NOT-FOR-US: Oracle
CVE-2016-5576 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...)
@@ -26094,9 +26088,9 @@
CVE-2016-5572 (Unspecified vulnerability in the Kernel PDB component in Oracle ...)
NOT-FOR-US: Oracle
CVE-2016-5571 (Unspecified vulnerability in the Oracle Applications DBA component in ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5570 (Unspecified vulnerability in the Oracle Applications DBA component in ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5569 (Unspecified vulnerability in the Oracle FLEXCUBE Enterprise Limits and ...)
TODO: check
CVE-2016-5568 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 ...)
@@ -26104,7 +26098,7 @@
- openjdk-7 <not-affected> (Only affects Windows)
- openjdk-6 <not-affected> (Only affects Windows)
CVE-2016-5567 (Unspecified vulnerability in the Oracle Applications DBA component in ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5566 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote ...)
NOT-FOR-US: Solaris
CVE-2016-5565 (Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property ...)
@@ -26114,7 +26108,7 @@
CVE-2016-5563 (Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property ...)
TODO: check
CVE-2016-5562 (Unspecified vulnerability in the Oracle iProcurement component in ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5561 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote ...)
NOT-FOR-US: Solaris
CVE-2016-5560 (Unspecified vulnerability in the Siebel UI Framework component in ...)
@@ -26210,7 +26204,7 @@
CVE-2016-5533 (Unspecified vulnerability in the Primavera P6 Enterprise Project ...)
TODO: check
CVE-2016-5532 (Unspecified vulnerability in the Oracle Shipping Execution component ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5531 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
NOT-FOR-US: Oracle
CVE-2016-5530 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
@@ -26221,41 +26215,41 @@
RESERVED
- glassfish <unfixed>
CVE-2016-5527 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5526 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5525 (Unspecified vulnerability in the Solaris Cluster component in Oracle ...)
TODO: check
CVE-2016-5524 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5523 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5522 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5521 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5520
RESERVED
CVE-2016-5519 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
- glassfish <unfixed>
CVE-2016-5518 (Unspecified vulnerability in the Oracle Agile Engineering Data ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5517 (Unspecified vulnerability in the Oracle Applications DBA component in ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5516 (Unspecified vulnerability in the Kernel PDB component in Oracle ...)
NOT-FOR-US: Oracle
CVE-2016-5515 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5514 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5513 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5512 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5511 (Unspecified vulnerability in the Oracle WebCenter Sites component in ...)
NOT-FOR-US: Oracle
CVE-2016-5510 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5509
RESERVED
NOT-FOR-US: Oracle FLEXCUBE
@@ -26270,7 +26264,7 @@
CVE-2016-5505 (Unspecified vulnerability in the RDBMS Programmable Interface ...)
NOT-FOR-US: Oracle
CVE-2016-5504 (Unspecified vulnerability in the Oracle Agile Product Lifecycle ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5503 (Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) ...)
TODO: check
CVE-2016-5502 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
@@ -26302,7 +26296,7 @@
CVE-2016-5490 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
TODO: check
CVE-2016-5489 (Unspecified vulnerability in the Oracle iStore component in Oracle ...)
- NOT-FOR-US: Oracle
+ NOT-FOR-US: Oracle
CVE-2016-5488 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
NOT-FOR-US: Oracle
CVE-2016-5487 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...)
@@ -27752,127 +27746,103 @@
NOT-FOR-US: Rumba
CVE-2016-5227
RESERVED
-CVE-2016-5226
- RESERVED
+CVE-2016-5226 (Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and ...)
{DSA-3731-1}
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5225
- RESERVED
+CVE-2016-5225 (Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and ...)
{DSA-3731-1}
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5224
- RESERVED
+CVE-2016-5224 (A timing attack on denormalized floating point arithmetic in SVG ...)
{DSA-3731-1}
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5223
- RESERVED
+CVE-2016-5223 (Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for ...)
{DSA-3731-1}
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5222
- RESERVED
+CVE-2016-5222 (Incorrect handling of invalid URLs in Google Chrome prior to ...)
{DSA-3731-1}
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5221
- RESERVED
+CVE-2016-5221 (Type confusion in libGLESv2 in ANGLE in Google Chrome prior to ...)
{DSA-3731-1}
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5220
- RESERVED
+CVE-2016-5220 (PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and ...)
{DSA-3731-1}
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5219
- RESERVED
+CVE-2016-5219 (A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for ...)
{DSA-3731-1}
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
- libv8 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
-CVE-2016-5218
- RESERVED
+CVE-2016-5218 (The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, ...)
{DSA-3731-1}
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5217
- RESERVED
+CVE-2016-5217 (The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, ...)
{DSA-3731-1}
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5216
- RESERVED
+CVE-2016-5216 (A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for ...)
{DSA-3731-1}
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5215
- RESERVED
+CVE-2016-5215 (A use after free in webaudio in Google Chrome prior to 55.0.2883.75 ...)
{DSA-3731-1}
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5214
- RESERVED
+CVE-2016-5214 (Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded ...)
{DSA-3731-1}
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5213
- RESERVED
+CVE-2016-5213 (A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, ...)
{DSA-3731-1}
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
- libv8 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
-CVE-2016-5212
- RESERVED
+CVE-2016-5212 (Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and ...)
{DSA-3731-1}
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5211
- RESERVED
+CVE-2016-5211 (A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for ...)
{DSA-3731-1}
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5210
- RESERVED
+CVE-2016-5210 (Heap buffer overflow during TIFF image parsing in PDFium in Google ...)
{DSA-3731-1}
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5209
- RESERVED
+CVE-2016-5209 (Bad casting in bitmap manipulation in Blink in Google Chrome prior to ...)
{DSA-3731-1}
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5208
- RESERVED
+CVE-2016-5208 (Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, ...)
{DSA-3731-1}
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5207
- RESERVED
+CVE-2016-5207 (In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and ...)
{DSA-3731-1}
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5206
- RESERVED
+CVE-2016-5206 (The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows ...)
{DSA-3731-1}
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5205
- RESERVED
+CVE-2016-5205 (Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and ...)
{DSA-3731-1}
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5204
- RESERVED
+CVE-2016-5204 (Leaking of an SVG shadow tree leading to corruption of the DOM tree in ...)
{DSA-3731-1}
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5203
- RESERVED
+CVE-2016-5203 (A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for ...)
{DSA-3731-1}
- chromium-browser 55.0.2883.75-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -27881,20 +27851,17 @@
{DSA-3731-1}
- chromium-browser 54.0.2840.101-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5201 [info leak in extensions]
- RESERVED
+CVE-2016-5201 (A leak of privateClass in the extensions API in Google Chrome prior to ...)
{DSA-3731-1}
- chromium-browser 54.0.2840.101-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5200 [out of bounds memory access in v8]
- RESERVED
+CVE-2016-5200 (V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 ...)
{DSA-3731-1}
- chromium-browser 54.0.2840.101-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
- libv8 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
-CVE-2016-5199 [heap corruption in ffmpeg]
- RESERVED
+CVE-2016-5199 (An off by one error resulting in an allocation of zero size in FFmpeg ...)
{DSA-3731-1}
- chromium-browser 44.0.2403.157-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -27902,17 +27869,16 @@
- libav <undetermined>
NOTE: https://chromium-review.googlesource.com/383956
NOTE: https://github.com/FFmpeg/FFmpeg/commit/347cb14b7cba7560e53f4434b419b9d8800253e7
-CVE-2016-5198
- RESERVED
+CVE-2016-5198 (V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 ...)
{DSA-3731-1}
- chromium-browser 54.0.2840.101-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
- libv8 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
-CVE-2016-5197
- RESERVED
-CVE-2016-5196
- RESERVED
+CVE-2016-5197 (The content view client in Google Chrome prior to 54.0.2840.85 for ...)
+ TODO: check
+CVE-2016-5196 (The content renderer client in Google Chrome prior to 54.0.2840.85 for ...)
+ TODO: check
CVE-2016-5195 (Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before ...)
{DSA-3696-1 DLA-670-1}
- linux 4.7.8-1
@@ -31640,8 +31606,8 @@
[jessie] - pgpdump 0.28-1+deb8u1
NOTE: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-030.txt
NOTE: https://github.com/kazu-yamamoto/pgpdump/pull/16
-CVE-2016-4019
- RESERVED
+CVE-2016-4019 (Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows ...)
+ TODO: check
CVE-2016-4018 (The Data Provisioning Agent (aka DP Agent) in SAP HANA does not ...)
NOT-FOR-US: SAP
CVE-2016-4017 (The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote ...)
@@ -31726,8 +31692,8 @@
NOTE: Introduced by: https://git.kernel.org/linus/fb09692e71f13af7298eb603a1975850b1c7a8d8 (v3.9-rc1)
CVE-2016-4000
RESERVED
-CVE-2016-3999
- RESERVED
+CVE-2016-3999 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra ...)
+ TODO: check
CVE-2016-3998
RESERVED
CVE-2016-3997
@@ -33419,37 +33385,37 @@
NOT-FOR-US: PeopleSoft
CVE-2016-3416 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
NOT-FOR-US: Oracle
-CVE-2016-3415
- RESERVED
-CVE-2016-3414
- RESERVED
-CVE-2016-3413
- RESERVED
-CVE-2016-3412
- RESERVED
-CVE-2016-3411
- RESERVED
-CVE-2016-3410
- RESERVED
-CVE-2016-3409
- RESERVED
-CVE-2016-3408
- RESERVED
-CVE-2016-3407
- RESERVED
-CVE-2016-3406
- RESERVED
-CVE-2016-3405
- RESERVED
-CVE-2016-3404
- RESERVED
+CVE-2016-3415 (Zimbra Collaboration before 8.7.0 allows remote attackers to conduct ...)
+ TODO: check
+CVE-2016-3414 (Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 ...)
+ TODO: check
+CVE-2016-3413 (Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows ...)
+ TODO: check
+CVE-2016-3412 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra ...)
+ TODO: check
+CVE-2016-3411 (Cross-site scripting (XSS) vulnerability in Zimbra Collaboration ...)
+ TODO: check
+CVE-2016-3410 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra ...)
+ TODO: check
+CVE-2016-3409 (Cross-site scripting (XSS) vulnerability in Zimbra Collaboration ...)
+ TODO: check
+CVE-2016-3408 (Cross-site scripting (XSS) vulnerability in Zimbra Collaboration ...)
+ TODO: check
+CVE-2016-3407 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra ...)
+ TODO: check
+CVE-2016-3406 (Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra ...)
+ TODO: check
+CVE-2016-3405 (Multiple unspecified vulnerabilities in Zimbra Collaboration before ...)
+ TODO: check
+CVE-2016-3404 (Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows ...)
+ TODO: check
CVE-2016-3403
RESERVED
NOT-FOR-US: Zimbra
-CVE-2016-3402
- RESERVED
-CVE-2016-3401
- RESERVED
+CVE-2016-3402 (Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows ...)
+ TODO: check
+CVE-2016-3401 (Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows ...)
+ TODO: check
CVE-2016-3400
RESERVED
CVE-2016-3399
@@ -37079,8 +37045,7 @@
RESERVED
CVE-2016-2234
RESERVED
-CVE-2016-2233
- RESERVED
+CVE-2016-2233 (Stack-based buffer overflow in the inbound_cap_ls function in ...)
- hexchat <unfixed>
NOTE: https://www.exploit-db.com/exploits/39657/
CVE-2016-2231 (The Windows-based Host Interface Program (WHIP) service on Huawei ...)
@@ -37801,8 +37766,7 @@
CVE-2016-2088 (resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS ...)
- bind9 <not-affected> (Introduced in Bind 9.10)
NOTE: https://kb.isc.org/article/AA-01351
-CVE-2016-2087
- RESERVED
+CVE-2016-2087 (Directory traversal vulnerability in the client in HexChat 2.11.0 ...)
- hexchat <unfixed>
NOTE: https://www.exploit-db.com/exploits/39656/
CVE-2016-2086 (Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before ...)
@@ -39958,12 +39922,14 @@
RESERVED
CVE-2016-1516
RESERVED
-CVE-2016-1515 (A use-after-free / double-free vulnerability can occur in libebml ...)
+CVE-2016-1515
+ REJECTED
{DSA-3538-1}
- libebml 1.3.3-1
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0037/
NOTE: Duplicate of CVE-2015-8789 / DSA-3538-1
-CVE-2016-1514 (A specially crafted unicode string in libebml master branch can cause ...)
+CVE-2016-1514
+ REJECTED
{DSA-3538-1}
- libebml 1.3.3-1
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0036/
@@ -41329,8 +41295,8 @@
[jessie] - dolibarr 3.5.5+dfsg1-1+deb8u1
NOTE: https://github.com/Dolibarr/dolibarr/issues/4291
NOTE: https://github.com/GPCsolutions/dolibarr/commit/0d3181324c816bdf664ca5e1548dfe8eb05c54f8
-CVE-2015-8684
- RESERVED
+CVE-2015-8684 (Exponent CMS before 2.3.7 does not properly restrict the types of ...)
+ TODO: check
CVE-2015-8682 (The Video0 driver in Huawei P8 smartphones with software GRA-UL00 ...)
TODO: check
CVE-2015-8681 (The ovisp driver in Huawei P8 smartphones with software GRA-TL00 ...)
@@ -41357,8 +41323,8 @@
RESERVED
CVE-2015-8670
RESERVED
-CVE-2015-8667
- RESERVED
+CVE-2015-8667 (Cross-site scripting (XSS) vulnerability in Reset Your Password module ...)
+ TODO: check
CVE-2015-8664 (Integer overflow in the WebCursor::Deserialize function in ...)
- chromium-browser 47.0.2526.111-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
More information about the Secure-testing-commits
mailing list