Author: sectracker
Date: 2016-11-03 21:10:11 +0000 (Thu, 03 Nov 2016)
New Revision: 45954
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-03 21:00:26 UTC (rev 45953)
+++ data/CVE/list 2016-11-03 21:10:11 UTC (rev 45954)
@@ -1,3 +1,9 @@
+CVE-2016-9147
+ RESERVED
+CVE-2015-8969 (git-fastclone before 1.0.5 passes user modifiable strings
directly to a ...)
+ TODO: check
+CVE-2015-8968 (git-fastclone before 1.0.1 permits arbitrary shell command
execution ...)
+ TODO: check
CVE-2016-XXXX [crypto: GPF in lrw_crypt caused by null-deref]
- linux 4.4.2-1
NOTE:
https://groups.google.com/forum/#!msg/syzkaller/frb2XrB5aWk/xCXzkIBcDAAJ
@@ -38,12 +44,12 @@
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=118097
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1379553
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/11/02/1
-CVE-2016-9136
- RESERVED
-CVE-2016-9135
- RESERVED
-CVE-2016-9134
- RESERVED
+CVE-2016-9136 (Artifex Software, Inc. MuJS before ...)
+ TODO: check
+CVE-2016-9135 (Exponent CMS 2.3.9 suffers from a SQL injection vulnerability
in ...)
+ TODO: check
+CVE-2016-9134 (Exponent CMS 2.3.9 suffers from a SQL injection vulnerability
in ...)
+ TODO: check
CVE-2016-9133
RESERVED
CVE-2016-9132
@@ -156,7 +162,7 @@
RESERVED
CVE-2016-9106 [9pfs: memory leakage in v9fs_write]
RESERVED
- {DLA-689-1}
+ {DLA-698-1 DLA-689-1}
- qemu <unfixed> (bug #842463)
- qemu-kvm <removed>
- xen 4.4.0-1
@@ -166,7 +172,7 @@
NOTE:
http://git.qemu.org/?p=qemu.git;a=commit;h=fdfcc9aeea1492f4b819a24c94dfb678145b1bf9
CVE-2016-9105 [memory leakage in v9fs_link]
RESERVED
- {DLA-689-1}
+ {DLA-698-1 DLA-689-1}
- qemu <unfixed> (bug #842463)
- qemu-kvm <removed>
- xen 4.4.0-1
@@ -176,7 +182,7 @@
NOTE:
http://git.qemu.org/?p=qemu.git;a=commit;h=4c1586787ff43c9acd18a56c12d720e3e6be9f7c
CVE-2016-9104 [9pfs: integer overflow leading to OOB access]
RESERVED
- {DLA-689-1}
+ {DLA-698-1 DLA-689-1}
- qemu <unfixed> (bug #842463)
- qemu-kvm <removed>
- xen 4.4.0-1
@@ -185,7 +191,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/2
CVE-2016-9103 [9pfs: information leakage via xattribute]
RESERVED
- {DLA-689-1}
+ {DLA-698-1 DLA-689-1}
- qemu <unfixed> (bug #842463)
- qemu-kvm <removed>
- xen 4.4.0-1
@@ -195,7 +201,7 @@
NOTE:
http://git.qemu.org/?p=qemu.git;a=commit;h=eb687602853b4ae656e9236ee4222609f3a6887d
CVE-2016-9102 [memory leakage when creating extended attribute]
RESERVED
- {DLA-689-1}
+ {DLA-698-1 DLA-689-1}
- qemu <unfixed> (bug #842463)
- qemu-kvm <removed>
- xen 4.4.0-1
@@ -206,7 +212,7 @@
NOTE:
http://git.qemu.org/?p=qemu.git;a=commit;h=ff55e94d23ae94c8628b0115320157c763eb3e06
CVE-2016-9101 [net: eepro100 memory leakage at device unplug]
RESERVED
- {DLA-689-1}
+ {DLA-698-1 DLA-689-1}
- qemu <unfixed> (bug #842455)
- qemu-kvm <removed>
- xen 4.4.0-1
@@ -219,8 +225,8 @@
CVE-2016-9087
RESERVED
NOT-FOR-US: Exponent CMS
-CVE-2016-9086
- RESERVED
+CVE-2016-9086 (GitLab versions 8.9.x and above contain a critical security
flaw in the ...)
+ TODO: check
CVE-2016-9081
RESERVED
CVE-2016-9080
@@ -681,8 +687,7 @@
NOTE: docker.io not directly affected but will need to be updated to
include new runc version
CVE-2016-8865
RESERVED
-CVE-2016-8864 [A problem handling responses containing a DNAME answer can lead
to an assertion failure]
- RESERVED
+CVE-2016-8864 (named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4,
and ...)
{DSA-3703-1 DLA-696-1}
- bind9 <unfixed> (bug #842858)
NOTE: https://kb.isc.org/article/AA-01434
@@ -998,16 +1003,19 @@
RESERVED
CVE-2016-8706
RESERVED
+ {DSA-3704-1}
- memcached <unfixed> (bug #842814)
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0221/
NOTE: upstream fix
https://github.com/memcached/memcached/commit/bd578fc34b96abe0f8d99c1409814a09f51ee71c
CVE-2016-8705
RESERVED
+ {DSA-3704-1}
- memcached <unfixed> (bug #842812)
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0220/
NOTE: upstream fix
https://github.com/memcached/memcached/commit/bd578fc34b96abe0f8d99c1409814a09f51ee71c
CVE-2016-8704
RESERVED
+ {DSA-3704-1}
- memcached <unfixed> (bug #842811)
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0219/
NOTE: upstream fix
https://github.com/memcached/memcached/commit/bd578fc34b96abe0f8d99c1409814a09f51ee71c
@@ -1021,14 +1029,14 @@
TODO: check
CVE-2016-8910 [net: rtl8139: infinite loop while transmit in C+ mode]
RESERVED
- {DLA-689-1}
+ {DLA-698-1 DLA-689-1}
- qemu <unfixed> (bug #841955)
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05495.html
NOTE: http://www.openwall.com/lists/oss-security/2016/10/24/2
CVE-2016-8909 [audio: intel-hda: infinite loop in processing dma buffer
stream]
RESERVED
- {DLA-689-1}
+ {DLA-698-1 DLA-689-1}
- qemu <unfixed> (bug #841950)
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04717.html
@@ -3989,7 +3997,7 @@
CVE-2016-7910
RESERVED
CVE-2016-7909 (The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka
Quick ...)
- {DLA-689-1}
+ {DLA-698-1 DLA-689-1}
- qemu <unfixed> (bug #839834)
[jessie] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
@@ -4326,6 +4334,7 @@
CVE-2016-7778
RESERVED
CVE-2016-7777 (Xen 4.7.x and earlier does not properly honor CR0.TS and
CR0.EM, which ...)
+ {DLA-699-1}
- xen <unfixed>
NOTE: http://xenbits.xen.org/xsa/advisory-190.html
CVE-2016-7776
@@ -4977,11 +4986,9 @@
RESERVED
CVE-2016-7454
RESERVED
-CVE-2016-7453
- RESERVED
+CVE-2016-7453 (The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch
2 could ...)
NOT-FOR-US: Exponent CMS
-CVE-2016-7452
- RESERVED
+CVE-2016-7452 (The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch
2 could ...)
NOT-FOR-US: Exponent CMS
CVE-2016-7451
RESERVED
@@ -5188,8 +5195,8 @@
RESERVED
CVE-2016-7403
RESERVED
-CVE-2016-7402
- RESERVED
+CVE-2016-7402 (SAP ASE 16.0 SP02 PL03 and prior versions allow attackers who
own ...)
+ TODO: check
CVE-2016-7401 (The cookie parsing code in Django before 1.8.15 and 1.9.x
before ...)
{DSA-3678-1 DLA-649-1}
- python-django 1:1.10-1 (low)
@@ -5796,8 +5803,7 @@
- qemu-kvm <removed>
NOTE:
http://git.qemu.org/?p=qemu.git;a=commit;h=a0d1cbdacff5df4ded16b753b38fdd9da6092968
(2.7.0-rc3)
NOTE: http://patchwork.ozlabs.org/patch/657076/
-CVE-2016-7160
- RESERVED
+CVE-2016-7160 (A vulnerability on Samsung Mobile L(5.0/5.1) and M(6.0) devices
with ...)
NOT-FOR-US: Samsumg
CVE-2016-7159
RESERVED
@@ -6121,8 +6127,8 @@
NOTE: 4.x:
https://github.com/nodejs/node/commit/3ff82deb2c3bd580d64be75dbafe460393c952fb
CVE-2016-7096
RESERVED
-CVE-2016-7095
- RESERVED
+CVE-2016-7095 (Exponent CMS before 2.3.9 is vulnerable to an attacker
uploading a ...)
+ TODO: check
CVE-2016-7111
RESERVED
- mantis <not-affected> (Vulnerable code introduced in 1.3.0-rc.2)
@@ -11894,6 +11900,7 @@
CVE-2016-5339
RESERVED
CVE-2014-9862 (Integer signedness error in bspatch.c in bspatch in bsdiff, as
used in ...)
+ {DLA-697-1}
- bsdiff 4.3-17
[jessie] - bsdiff <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=372525
@@ -16548,8 +16555,8 @@
RESERVED
CVE-2016-4026
RESERVED
-CVE-2016-4025
- RESERVED
+CVE-2016-4025 (Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier
...)
+ TODO: check
CVE-2016-4023
RESERVED
CVE-2016-4022
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
