[Secure-testing-commits] r48438 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Thu Jan 26 21:10:12 UTC 2017 

Author: sectracker
Date: 2017-01-26 21:10:11 +0000 (Thu, 26 Jan 2017)
New Revision: 48438

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-01-26 21:09:23 UTC (rev 48437)
+++ data/CVE/list	2017-01-26 21:10:11 UTC (rev 48438)
@@ -1,3 +1,17 @@
+CVE-2017-5595
+	RESERVED
+CVE-2017-5594 (An issue was discovered in Pagekit CMS before 1.0.11. In this ...)
+	TODO: check
+CVE-2017-5593
+	RESERVED
+CVE-2017-5592
+	RESERVED
+CVE-2017-5591
+	RESERVED
+CVE-2017-5590
+	RESERVED
+CVE-2017-5589
+	RESERVED
 CVE-2017-XXXX [Fix potential unsigned underflow]
 	- libgd2 2.2.4-1
 	NOTE: https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35
@@ -46,11 +60,11 @@
 	NOTE: Introduced in (screen-v4): http://git.savannah.gnu.org/cgit/screen.git/commit/?h=screen-v4&id=5460f5d28c01a9a58e021eb1dffef2965e629d58
 	NOTE: Introduced in (master): http://git.savannah.gnu.org/cgit/screen.git/commit/?id=c575c40c9bd7653470639da32e06faed0a9b2ec4
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/01/24/10
-CVE-2017-5597 [wnpa-sec-2017-02 - DHCPv6 large loop]
+CVE-2017-5597 (In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector ...)
 	- wireshark 2.2.4+gcc3dc1b-1
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-02.html
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13345
-CVE-2017-5596 [wnpa-sec-2017-01 - ASTERIX infinite loop]
+CVE-2017-5596 (In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector ...)
 	- wireshark 2.2.4+gcc3dc1b-1
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-01.html
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13344
@@ -58,11 +72,14 @@
 	- phpmyadmin 4:4.6.6-1 (unimportant)
 	NOTE: all minor issues
 CVE-2016-10165 [heap OOB read parsing crafted ICC profile]
+	RESERVED
+	{DLA-803-1}
 	- lcms2 <unfixed> (bug #852627)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1367357
 	NOTE: https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2
 CVE-2016-10164 [heap overflow]
 	RESERVED
+	{DSA-3772-1 DLA-801-1}
 	- libxpm 1:3.5.12-1
 	NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXpm/commit/?id=d1167418f0fd02a27f617ec5afd6db053afbe185
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/22/2
@@ -593,7 +610,7 @@
 	RESERVED
 CVE-2017-5396
 	RESERVED
-	{DSA-3771-1}
+	{DSA-3771-1 DLA-800-1}
 	- firefox 51.0-1
 	- firefox-esr 45.7.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5396
@@ -622,7 +639,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5391
 CVE-2017-5390
 	RESERVED
-	{DSA-3771-1}
+	{DSA-3771-1 DLA-800-1}
 	- firefox 51.0-1
 	- firefox-esr 45.7.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5390
@@ -644,7 +661,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5387
 CVE-2017-5386
 	RESERVED
-	{DSA-3771-1}
+	{DSA-3771-1 DLA-800-1}
 	- firefox 51.0-1
 	- firefox-esr 45.7.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5386
@@ -661,7 +678,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5384
 CVE-2017-5383
 	RESERVED
-	{DSA-3771-1}
+	{DSA-3771-1 DLA-800-1}
 	- firefox 51.0-1
 	- firefox-esr 45.7.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5383
@@ -678,7 +695,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5381
 CVE-2017-5380
 	RESERVED
-	{DSA-3771-1}
+	{DSA-3771-1 DLA-800-1}
 	- firefox 51.0-1
 	- firefox-esr 45.7.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5380
@@ -690,7 +707,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5379
 CVE-2017-5378
 	RESERVED
-	{DSA-3771-1}
+	{DSA-3771-1 DLA-800-1}
 	- firefox 51.0-1
 	- firefox-esr 45.7.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5378
@@ -702,14 +719,14 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5377
 CVE-2017-5376
 	RESERVED
-	{DSA-3771-1}
+	{DSA-3771-1 DLA-800-1}
 	- firefox 51.0-1
 	- firefox-esr 45.7.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5376
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5376
 CVE-2017-5375
 	RESERVED
-	{DSA-3771-1}
+	{DSA-3771-1 DLA-800-1}
 	- firefox 51.0-1
 	- firefox-esr 45.7.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5375
@@ -721,7 +738,7 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5374
 CVE-2017-5373
 	RESERVED
-	{DSA-3771-1}
+	{DSA-3771-1 DLA-800-1}
 	- firefox 51.0-1
 	- firefox-esr 45.7.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5373
@@ -4439,32 +4456,30 @@
 	RESERVED
 CVE-2017-3806
 	RESERVED
-CVE-2017-3805
-	RESERVED
+CVE-2017-3805 (A vulnerability in the web-based management interface of Cisco IOS and ...)
 	NOT-FOR-US: Cisco IOS
-CVE-2017-3804
-	RESERVED
-CVE-2017-3803
-	RESERVED
-CVE-2017-3802
-	RESERVED
+CVE-2017-3804 (A vulnerability in Intermediate System-to-Intermediate System (IS-IS) ...)
+	TODO: check
+CVE-2017-3803 (A vulnerability in the Cisco IOS Software forwarding queue of Cisco ...)
+	TODO: check
+CVE-2017-3802 (A vulnerability in Cisco Unified Communications Manager could allow an ...)
+	TODO: check
 CVE-2017-3801
 	RESERVED
-CVE-2017-3800
-	RESERVED
+CVE-2017-3800 (A vulnerability in the content scanning engine of Cisco AsyncOS ...)
 	NOT-FOR-US: Cisco Email Security Appliance
-CVE-2017-3799
-	RESERVED
-CVE-2017-3798
-	RESERVED
-CVE-2017-3797
-	RESERVED
-CVE-2017-3796
-	RESERVED
-CVE-2017-3795
-	RESERVED
-CVE-2017-3794
-	RESERVED
+CVE-2017-3799 (A vulnerability in a URL parameter of Cisco WebEx Meeting Center could ...)
+	TODO: check
+CVE-2017-3798 (A cross-site scripting (XSS) filter bypass vulnerability in the ...)
+	TODO: check
+CVE-2017-3797 (A vulnerability in Cisco WebEx Meetings Server could allow an ...)
+	TODO: check
+CVE-2017-3796 (A vulnerability in Cisco WebEx Meetings Server could allow an ...)
+	TODO: check
+CVE-2017-3795 (A vulnerability in Cisco WebEx Meetings Server could allow an ...)
+	TODO: check
+CVE-2017-3794 (A vulnerability in Cisco WebEx Meetings Server could allow an ...)
+	TODO: check
 CVE-2017-3793
 	RESERVED
 CVE-2017-3792
@@ -7280,6 +7295,7 @@
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2619
 CVE-2016-9831 [listswf: heap-based buffer overflow in parseSWF_RGBA (parser.c)]
 	RESERVED
+	{DLA-799-1}
 	- ming <removed>
 	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_rgba-parser-c
 CVE-2016-9830 [memory allocation failure in MagickRealloc]
@@ -7292,14 +7308,17 @@
 	NOTE: POC: https://github.com/asarubbo/poc/blob/master/00096-graphicsmagick-memalloc-MagickRealloc
 CVE-2016-9829 [listswf: heap-based buffer overflow in parseSWF_DEFINEFONT (parser.c)]
 	RESERVED
+	{DLA-799-1}
 	- ming <removed>
 	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_definefont-parser-c
 CVE-2016-9828 [listswf: NULL pointer dereference in dumpBuffer (read.c)]
 	RESERVED
+	{DLA-799-1}
 	- ming <removed>
 	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-null-pointer-dereference-in-dumpbuffer-read-c
 CVE-2016-9827 [listswf: heap-based buffer overflow in _iprintf (outputtxt.c)]
 	RESERVED
+	{DLA-799-1}
 	- ming <removed>
 	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-_iprintf-outputtxt-c
 CVE-2016-9826
@@ -12624,7 +12643,7 @@
 	TODO: check
 CVE-2017-0382 (A remote code execution vulnerability in the Framesequence library ...)
 	TODO: check
-CVE-2017-0381 (A remote code execution vulnerability in silk/NLSF_stabilize.c in ...)
+CVE-2017-0381 (An information disclosure vulnerability in silk/NLSF_stabilize.c in ...)
 	{DLA-793-1}
 	- opus 1.2~alpha2-1 (bug #851612)
 	NOTE: Fixed by: https://github.com/xiph/opus/commit/79e8f527b0344b0897a65be35e77f7885bd99409 (v1.2-alpha)
@@ -14403,16 +14422,16 @@
 	RESERVED
 CVE-2016-9308
 	RESERVED
-CVE-2016-9307
-	RESERVED
-CVE-2016-9306
-	RESERVED
-CVE-2016-9305
-	RESERVED
-CVE-2016-9304
-	RESERVED
-CVE-2016-9303
-	RESERVED
+CVE-2016-9307 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can ...)
+	TODO: check
+CVE-2016-9306 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can ...)
+	TODO: check
+CVE-2016-9305 (Improper handling in the Autodesk FBX-SDK before 2017.1 of type ...)
+	TODO: check
+CVE-2016-9304 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can ...)
+	TODO: check
+CVE-2016-9303 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can ...)
+	TODO: check
 CVE-2016-9295
 	RESERVED
 CVE-2016-9293
@@ -14594,16 +14613,19 @@
 	RESERVED
 CVE-2016-9266 [left shift in listmp3.c]
 	RESERVED
+	{DLA-799-1}
 	- ming <removed> (bug #843928)
 	NOTE: https://blogs.gentoo.org/ago/2016/11/09/libming-listmp3-left-shift-in-listmp3-c
 	NOTE: https://github.com/libming/libming/issues/53
 CVE-2016-9265 [divide-by-zero in printMP3Headers (listmp3.c)]
 	RESERVED
+	{DLA-799-1}
 	- ming <removed> (bug #843928)
 	NOTE: https://blogs.gentoo.org/ago/2016/11/09/libming-listmp3-divide-by-zero-in-printmp3headers-list
 	NOTE: https://github.com/libming/libming/issues/52
 CVE-2016-9264 [global-buffer-overflow in printMP3Headers (listmp3.c)]
 	RESERVED
+	{DLA-799-1}
 	- ming <removed> (bug #843928)
 	NOTE: https://blogs.gentoo.org/ago/2016/11/07/libming-listmp3-global-buffer-overflow-in-printmp3headers-listmp3-c
 	NOTE: https://github.com/libming/libming/issues/51
@@ -14695,20 +14717,19 @@
 	NOT-FOR-US: Cisco
 CVE-2016-9223 (A vulnerability in the Docker Engine configuration of Cisco ...)
 	NOT-FOR-US: Cisco
-CVE-2016-9222
-	RESERVED
-CVE-2016-9221
-	RESERVED
-CVE-2016-9220
-	RESERVED
+CVE-2016-9222 (A vulnerability in the web-based management interface of Cisco NetFlow ...)
+	TODO: check
+CVE-2016-9221 (A Denial of Service Vulnerability in 802.11 ingress connection ...)
+	TODO: check
+CVE-2016-9220 (A Denial of Service Vulnerability in 802.11 ingress packet processing ...)
+	TODO: check
 CVE-2016-9219
 	RESERVED
-CVE-2016-9218
-	RESERVED
+CVE-2016-9218 (A vulnerability in Cisco Hybrid Meeting Server could allow an ...)
+	TODO: check
 CVE-2016-9217 (A vulnerability in Cisco Intercloud Fabric for Business and Cisco ...)
 	NOT-FOR-US: Cisco
-CVE-2016-9216
-	RESERVED
+CVE-2016-9216 (An IKE Packet Parsing Denial of Service Vulnerability in the ipsecmgr ...)
 	NOT-FOR-US: Cisco ASR 5000
 CVE-2016-9215 (A vulnerability in Cisco IOS XR Software could allow an authenticated, ...)
 	NOT-FOR-US: Cisco

More information about the Secure-testing-commits mailing list