Author: sectracker
Date: 2016-11-01 21:10:11 +0000 (Tue, 01 Nov 2016)
New Revision: 45856
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-01 20:53:02 UTC (rev 45855)
+++ data/CVE/list 2016-11-01 21:10:11 UTC (rev 45856)
@@ -1,3 +1,35 @@
+CVE-2016-9136
+ RESERVED
+CVE-2016-9135
+ RESERVED
+CVE-2016-9134
+ RESERVED
+CVE-2016-9133
+ RESERVED
+CVE-2016-9132
+ RESERVED
+CVE-2016-9131
+ RESERVED
+CVE-2016-9130
+ RESERVED
+CVE-2016-9129
+ RESERVED
+CVE-2016-9128
+ RESERVED
+CVE-2016-9127
+ RESERVED
+CVE-2016-9126
+ RESERVED
+CVE-2016-9125
+ RESERVED
+CVE-2016-9124
+ RESERVED
+CVE-2016-9123
+ RESERVED
+CVE-2016-9122
+ RESERVED
+CVE-2016-9121
+ RESERVED
CVE-2016-9140 [RCE]
- zabbix <unfixed>
NOTE: https://www.exploit-db.com/exploits/39937/
@@ -1049,6 +1081,7 @@
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73147
NOTE: http://www.openwall.com/lists/oss-security/2016/11/01/7
CVE-2016-9137 [Use After Free in unserialize()]
+ {DSA-3698-1}
- php7.0 7.0.12-1
- php5 <unfixed>
NOTE: Workaround entry for DSA-3698-1 until CVE assigned
@@ -2505,8 +2538,8 @@
RESERVED
CVE-2016-8204
RESERVED
-CVE-2016-8203
- RESERVED
+CVE-2016-8203 (A memory corruption in the IPsec code path of Brocade NetIron
OS on ...)
+ TODO: check
CVE-2016-8202
RESERVED
CVE-2016-8201
@@ -8378,7 +8411,7 @@
NOT-FOR-US: ovirt-engine
CVE-2016-6321 [Bypassing the extract path name]
RESERVED
- {DLA-690-1}
+ {DSA-3702-1 DLA-690-1}
- tar 1.29b-1.1 (bug #842339)
NOTE: https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt
NOTE: POC in https://sintonen.fi/advisories/tar-poc.tar (etc/shadow
should not be extracted when asking for etc/motd)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
