[Secure-testing-commits] r49357 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Thu Mar 2 09:10:13 UTC 2017 

Author: sectracker
Date: 2017-03-02 09:10:13 +0000 (Thu, 02 Mar 2017)
New Revision: 49357

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-03-02 08:36:51 UTC (rev 49356)
+++ data/CVE/list	2017-03-02 09:10:13 UTC (rev 49357)
@@ -1,80 +1,165 @@
-CVE-2017-6422
+CVE-2017-6426
 	RESERVED
-CVE-2017-6421
+CVE-2017-6425
 	RESERVED
-CVE-2017-6420
+CVE-2017-6424
 	RESERVED
-CVE-2017-6419
+CVE-2017-6423
 	RESERVED
-CVE-2017-6418
+CVE-2016-10242
 	RESERVED
-CVE-2017-6417
+CVE-2016-10241
 	RESERVED
-CVE-2017-6416
+CVE-2016-10240
 	RESERVED
-CVE-2017-6415
+CVE-2016-10239
 	RESERVED
-CVE-2017-6414 [libcacard: host memory leakage while creating new APDU]
+CVE-2016-10238
 	RESERVED
-	- libcacard <unfixed> (bug #856501)
-	NOTE: Fixed by: https://cgit.freedesktop.org/spice/libcacard/commit/?id=9113dc6a303604a2d9812ac70c17d076ef11886c
-	TODO: check
-CVE-2017-6413 [does not scrub headers for "AuthType oauth20"]
+CVE-2016-10237
 	RESERVED
-	- libapache2-mod-auth-openidc 2.1.6-1
-	NOTE: https://github.com/pingidentity/mod_auth_openidc/commit/21e3728a825c41ab41efa75e664108051bb9665e
-CVE-2017-6412
+CVE-2016-10236
 	RESERVED
-CVE-2017-6411
+CVE-2016-10235
 	RESERVED
-CVE-2017-6410
+CVE-2016-10234
 	RESERVED
-CVE-2017-6409
+CVE-2016-10233
 	RESERVED
-CVE-2017-6408
+CVE-2016-10232
 	RESERVED
-CVE-2017-6407
+CVE-2016-10231
 	RESERVED
-CVE-2017-6406
+CVE-2016-10230
 	RESERVED
-CVE-2017-6405
+CVE-2016-10229
 	RESERVED
-CVE-2017-6404
+CVE-2015-9003
 	RESERVED
-CVE-2017-6403
+CVE-2015-9002
 	RESERVED
-CVE-2017-6402
+CVE-2015-9001
 	RESERVED
-CVE-2017-6401
+CVE-2015-9000
 	RESERVED
-CVE-2017-6400
+CVE-2015-8999
 	RESERVED
-CVE-2017-6399
+CVE-2015-8998
 	RESERVED
-CVE-2017-6398
+CVE-2015-8997
 	RESERVED
-CVE-2017-6397
+CVE-2015-8996
 	RESERVED
-CVE-2017-6396
+CVE-2015-8995
 	RESERVED
-CVE-2017-6395
+CVE-2014-9937
 	RESERVED
-CVE-2017-6394
+CVE-2014-9936
 	RESERVED
-CVE-2017-6393
+CVE-2014-9935
 	RESERVED
-CVE-2017-6392
+CVE-2014-9934
 	RESERVED
-CVE-2017-6391
+CVE-2014-9933
 	RESERVED
-CVE-2017-6390
+CVE-2014-9932
 	RESERVED
+CVE-2014-9931
+	RESERVED
+CVE-2014-9930
+	RESERVED
+CVE-2014-9929
+	RESERVED
+CVE-2014-9928
+	RESERVED
+CVE-2014-9927
+	RESERVED
+CVE-2014-9926
+	RESERVED
+CVE-2014-9925
+	RESERVED
+CVE-2014-9924
+	RESERVED
+CVE-2014-9923
+	RESERVED
+CVE-2014-9922
+	RESERVED
+CVE-2017-6422
+	RESERVED
+CVE-2017-6421
+	RESERVED
+CVE-2017-6420
+	RESERVED
+CVE-2017-6419
+	RESERVED
+CVE-2017-6418
+	RESERVED
+CVE-2017-6417
+	RESERVED
+CVE-2017-6416
+	RESERVED
+CVE-2017-6415 (The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 ...)
+	TODO: check
+CVE-2017-6414 [libcacard: host memory leakage while creating new APDU]
+	RESERVED
+	- libcacard <unfixed> (bug #856501)
+	NOTE: Fixed by: https://cgit.freedesktop.org/spice/libcacard/commit/?id=9113dc6a303604a2d9812ac70c17d076ef11886c
+	TODO: check
+CVE-2017-6413 (The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka ...)
+	- libapache2-mod-auth-openidc 2.1.6-1
+	NOTE: https://github.com/pingidentity/mod_auth_openidc/commit/21e3728a825c41ab41efa75e664108051bb9665e
+CVE-2017-6412
+	RESERVED
+CVE-2017-6411
+	RESERVED
+CVE-2017-6410 (kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls ...)
+	TODO: check
+CVE-2017-6409 (An issue was discovered in Veritas NetBackup 8.0 and earlier and ...)
+	TODO: check
+CVE-2017-6408 (An issue was discovered in Veritas NetBackup 8.0 and earlier and ...)
+	TODO: check
+CVE-2017-6407 (An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup ...)
+	TODO: check
+CVE-2017-6406 (An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup ...)
+	TODO: check
+CVE-2017-6405 (An issue was discovered in Veritas NetBackup 8.0 and earlier and ...)
+	TODO: check
+CVE-2017-6404 (An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup ...)
+	TODO: check
+CVE-2017-6403 (An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup ...)
+	TODO: check
+CVE-2017-6402 (An issue was discovered in Veritas NetBackup 8.0 and earlier and ...)
+	TODO: check
+CVE-2017-6401 (An issue was discovered in Veritas NetBackup before 8.0 and NetBackup ...)
+	TODO: check
+CVE-2017-6400 (An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup ...)
+	TODO: check
+CVE-2017-6399 (An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup ...)
+	TODO: check
+CVE-2017-6398
+	RESERVED
+CVE-2017-6397 (An issue was discovered in FlightAirMap v1.0-beta.10. The vulnerability ...)
+	TODO: check
+CVE-2017-6396 (An issue was discovered in WPO-Foundation WebPageTest 3.0. The ...)
+	TODO: check
+CVE-2017-6395 (An issue was discovered in HashOver 2.0. The vulnerability exists due ...)
+	TODO: check
+CVE-2017-6394 (An issue was discovered in OpenEMR 5.0.1-dev. The vulnerability exists ...)
+	TODO: check
+CVE-2017-6393 (An issue was discovered in NagVis 1.9b12. The vulnerability exists due ...)
+	TODO: check
+CVE-2017-6392 (An issue was discovered in Kaltura server Lynx-12.11.0. The ...)
+	TODO: check
+CVE-2017-6391 (An issue was discovered in Kaltura server Lynx-12.11.0. The ...)
+	TODO: check
+CVE-2017-6390 (An issue was discovered in whatanime.ga before ...)
+	TODO: check
 CVE-2017-6389
 	RESERVED
 CVE-2017-6388
 	RESERVED
-CVE-2017-6387
-	RESERVED
+CVE-2017-6387 (The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 ...)
+	TODO: check
 CVE-2017-6386 [memory leakage while in vrend_create_vertex_elements_state]
 	RESERVED
 	- virglrenderer <unfixed>
@@ -137,8 +222,7 @@
 	RESERVED
 CVE-2017-6356
 	RESERVED
-CVE-2015-8994 [check cached files permissions]
-	RESERVED
+CVE-2015-8994 (An issue was discovered in PHP 5.x and 7.x, when the configuration ...)
 	- php7.1 <not-affected> (Fixed before initial upload to Debian)
 	- php7.0 7.0.14-1
 	- php5 <removed>
@@ -259,8 +343,8 @@
 	RESERVED
 CVE-2017-6320
 	RESERVED
-CVE-2017-6319
-	RESERVED
+CVE-2017-6319 (The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 ...)
+	TODO: check
 CVE-2017-6318 [saned: SANE_NET_CONTROL_OPTION response packet may contain memory contents of the server]
 	RESERVED
 	- sane-backends <unfixed> (bug #854804)
@@ -773,8 +857,7 @@
 	RESERVED
 CVE-2017-6102
 	RESERVED
-CVE-2017-6384 [atheme: memory leak could lead to DOS]
-	RESERVED
+CVE-2017-6384 (Memory leak in the login_user function in saslserv/main.c in ...)
 	- atheme-services 7.2.9-1 (bug #855588)
 	[jessie] - atheme-services <not-affected> (versions prior to 7.2.7 not vulnerable)
 	NOTE: 7.2.7 vulnerable, fixed in 7.2.8, but the fix introduced another DOS, fixed in 7.2.9
@@ -827,8 +910,7 @@
 	NOT-FOR-US: FastStone MaxView
 CVE-2017-6077 (ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 ...)
 	NOT-FOR-US: NETGEAR
-CVE-2016-10228 [glibc iconv program can hang when invoked with the -c option]
-	RESERVED
+CVE-2016-10228 (The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and ...)
 	- glibc <unfixed> (bug #856503)
 	[jessie] - glibc <no-dsa> (Minor issue)
 	- eglibc <removed>
@@ -1432,8 +1514,7 @@
 	RESERVED
 	- libapache2-mod-auth-openidc 2.1.5-1
 	NOTE: https://github.com/pingidentity/mod_auth_openidc/issues/212
-CVE-2017-6062 [OIDCUnAuthAction pass does not scrub request headers]
-	RESERVED
+CVE-2017-6062 (The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka ...)
 	- libapache2-mod-auth-openidc 2.1.5-1
 	[jessie] - libapache2-mod-auth-openidc <not-affected> (support for OIDCUnAuthAction added in 1.8.5rc1)
 	NOTE: https://github.com/pingidentity/mod_auth_openidc/issues/222
@@ -3244,27 +3325,27 @@
 	NOTE: https://github.com/mdadams/jasper/issues/62
 CVE-2017-5506 [double free in profile]
 	RESERVED
-	{DLA-807-1}
+	{DSA-3799-1 DLA-807-1}
 	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851383)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/354
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/6235f1f7a9f7b0f83b197f6cd0073dbb6602d0fb
 CVE-2017-5507 [memory leak in MPC file handling]
 	RESERVED
-	{DLA-807-1}
+	{DSA-3799-1 DLA-807-1}
 	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851382)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4493d9ca1124564da17f9b628ef9d0f1a6be9738
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
 CVE-2017-5508 [Crash - PushQuantumPixel - Heap-Buffer-Overflow (TIFF)]
 	RESERVED
-	{DLA-807-1}
+	{DSA-3799-1 DLA-807-1}
 	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851381)
 	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31161
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/379e21cd32483df6e128147af3bc4ce1f82eb9c4
 CVE-2016-10146 [memory leak in caption and label handling]
 	RESERVED
-	{DLA-807-1}
+	{DSA-3799-1 DLA-807-1}
 	- imagemagick 8:6.9.7.0+dfsg-2 (bug #851380)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/aeff00de228bc5a158c2a975ab47845d8a1db456
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
@@ -3283,27 +3364,27 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
 CVE-2017-5510 [memory corruption heap overflow, psb file related, another one]
 	RESERVED
-	{DLA-807-1}
+	{DSA-3799-1 DLA-807-1}
 	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851376)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/348
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/e87af64b1ff1635a32d9b6162f1b0e260fb54ed9
 CVE-2017-5511 [memory corruption heap overflow, psb file related]
 	RESERVED
-	{DLA-807-1}
+	{DSA-3799-1 DLA-807-1}
 	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851374)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/347
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d65a814ac76bd04760072c33e452371692ee790
 CVE-2016-10144 [ipl file missing malloc check]
 	RESERVED
-	{DLA-807-1}
+	{DSA-3799-1 DLA-807-1}
 	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851485)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/97566cf2806c0a5a86e884c96831a0c3b1ec6c20
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
 CVE-2016-10145 [wpg file off by one]
 	RESERVED
-	{DLA-807-1}
+	{DSA-3799-1 DLA-807-1}
 	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851483)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/d23beebe7b1179fb75db1e85fbca3100e49593d9
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
@@ -6849,8 +6930,8 @@
 	NOT-FOR-US: Cisco
 CVE-2017-3827 (A vulnerability in the Multipurpose Internet Mail Extensions (MIME) ...)
 	NOT-FOR-US: Cisco
-CVE-2017-3826
-	RESERVED
+CVE-2017-3826 (A vulnerability in the Stream Control Transmission Protocol (SCTP) ...)
+	TODO: check
 CVE-2017-3825
 	RESERVED
 CVE-2017-3824 (A vulnerability in the handling of list headers in Cisco cBR Series ...)
@@ -7136,12 +7217,12 @@
 	RESERVED
 CVE-2016-9995
 	RESERVED
-CVE-2016-9994
-	RESERVED
-CVE-2016-9993
-	RESERVED
-CVE-2016-9992
-	RESERVED
+CVE-2016-9994 (IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL ...)
+	TODO: check
+CVE-2016-9993 (IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL ...)
+	TODO: check
+CVE-2016-9992 (IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL ...)
+	TODO: check
 CVE-2016-9991
 	RESERVED
 CVE-2016-9990
@@ -16373,6 +16454,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-10062 [fwrite issue in ReadGROUP4Image]
 	RESERVED
+	{DSA-3799-1}
 	- imagemagick 8:6.9.7.4+dfsg-1 (bug #849439)
 	[wheezy] - imagemagick <no-dsa> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/196
@@ -18583,7 +18665,7 @@
 CVE-2016-8708
 	REJECTED
 CVE-2016-8707 (An exploitable out of bounds write exists in the handling of ...)
-	{DLA-756-1}
+	{DSA-3799-1 DLA-756-1}
 	- imagemagick 8:6.9.7.0+dfsg-2 (bug #848139)
 	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0216/
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/e5fd9ab1b70b2edd06de8efb606e04482cb9a2f0 (7.0.3-9)
@@ -20267,10 +20349,10 @@
 	RESERVED
 CVE-2016-8234
 	RESERVED
-CVE-2016-8233
-	RESERVED
-CVE-2016-8232
-	RESERVED
+CVE-2016-8233 (Log files generated by Lenovo XClarity Administrator (LXCA) versions ...)
+	TODO: check
+CVE-2016-8232 (Document Object Model-(DOM) based cross-site scripting vulnerability ...)
+	TODO: check
 CVE-2016-8231
 	RESERVED
 CVE-2016-8230
@@ -27925,8 +28007,8 @@
 	NOT-FOR-US: IBM
 CVE-2016-5933
 	RESERVED
-CVE-2016-5932
-	RESERVED
+CVE-2016-5932 (IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site ...)
+	TODO: check
 CVE-2016-5931
 	RESERVED
 CVE-2016-5930
@@ -37586,10 +37668,10 @@
 	NOT-FOR-US: IBM
 CVE-2016-2881 (IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 and ...)
 	NOT-FOR-US: IBM
-CVE-2016-2880
-	RESERVED
-CVE-2016-2879
-	RESERVED
+CVE-2016-2880 (IBM QRadar 7.2 stores the encryption key used to encrypt the service ...)
+	TODO: check
+CVE-2016-2879 (IBM QRadar 7.2 uses outdated hashing algorithms to hash certain ...)
+	TODO: check
 CVE-2016-2878 (Multiple cross-site request forgery (CSRF) vulnerabilities in IBM ...)
 	NOT-FOR-US: IBM
 CVE-2016-2877 (IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses weak ...)

More information about the Secure-testing-commits mailing list