Author: sectracker
Date: 2016-12-19 21:10:11 +0000 (Mon, 19 Dec 2016)
New Revision: 47234
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-19 20:27:02 UTC (rev 47233)
+++ data/CVE/list 2016-12-19 21:10:11 UTC (rev 47234)
@@ -1,3 +1,211 @@
+CVE-2017-3789
+ RESERVED
+CVE-2017-3788
+ RESERVED
+CVE-2017-3787
+ RESERVED
+CVE-2017-3786
+ RESERVED
+CVE-2017-3785
+ RESERVED
+CVE-2017-3784
+ RESERVED
+CVE-2017-3783
+ RESERVED
+CVE-2017-3782
+ RESERVED
+CVE-2017-3781
+ RESERVED
+CVE-2017-3780
+ RESERVED
+CVE-2017-3779
+ RESERVED
+CVE-2017-3778
+ RESERVED
+CVE-2017-3777
+ RESERVED
+CVE-2017-3776
+ RESERVED
+CVE-2017-3775
+ RESERVED
+CVE-2017-3774
+ RESERVED
+CVE-2017-3773
+ RESERVED
+CVE-2017-3772
+ RESERVED
+CVE-2017-3771
+ RESERVED
+CVE-2017-3770
+ RESERVED
+CVE-2017-3769
+ RESERVED
+CVE-2017-3768
+ RESERVED
+CVE-2017-3767
+ RESERVED
+CVE-2017-3766
+ RESERVED
+CVE-2017-3765
+ RESERVED
+CVE-2017-3764
+ RESERVED
+CVE-2017-3763
+ RESERVED
+CVE-2017-3762
+ RESERVED
+CVE-2017-3761
+ RESERVED
+CVE-2017-3760
+ RESERVED
+CVE-2017-3759
+ RESERVED
+CVE-2017-3758
+ RESERVED
+CVE-2017-3757
+ RESERVED
+CVE-2017-3756
+ RESERVED
+CVE-2017-3755
+ RESERVED
+CVE-2017-3754
+ RESERVED
+CVE-2017-3753
+ RESERVED
+CVE-2017-3752
+ RESERVED
+CVE-2017-3751
+ RESERVED
+CVE-2017-3750
+ RESERVED
+CVE-2017-3749
+ RESERVED
+CVE-2017-3748
+ RESERVED
+CVE-2017-3747
+ RESERVED
+CVE-2017-3746
+ RESERVED
+CVE-2017-3745
+ RESERVED
+CVE-2017-3744
+ RESERVED
+CVE-2017-3743
+ RESERVED
+CVE-2017-3742
+ RESERVED
+CVE-2017-3741
+ RESERVED
+CVE-2017-3740
+ RESERVED
+CVE-2017-3739
+ RESERVED
+CVE-2017-3738
+ RESERVED
+CVE-2017-3737
+ RESERVED
+CVE-2017-3736
+ RESERVED
+CVE-2017-3735
+ RESERVED
+CVE-2017-3734
+ RESERVED
+CVE-2017-3733
+ RESERVED
+CVE-2017-3732
+ RESERVED
+CVE-2017-3731
+ RESERVED
+CVE-2017-3730
+ RESERVED
+CVE-2016-9999
+ RESERVED
+CVE-2016-9996
+ RESERVED
+CVE-2016-9995
+ RESERVED
+CVE-2016-9994
+ RESERVED
+CVE-2016-9993
+ RESERVED
+CVE-2016-9992
+ RESERVED
+CVE-2016-9991
+ RESERVED
+CVE-2016-9990
+ RESERVED
+CVE-2016-9989
+ RESERVED
+CVE-2016-9988
+ RESERVED
+CVE-2016-9987
+ RESERVED
+CVE-2016-9986
+ RESERVED
+CVE-2016-9985
+ RESERVED
+CVE-2016-9984
+ RESERVED
+CVE-2016-9983
+ RESERVED
+CVE-2016-9982
+ RESERVED
+CVE-2016-9981
+ RESERVED
+CVE-2016-9980
+ RESERVED
+CVE-2016-9979
+ RESERVED
+CVE-2016-9978
+ RESERVED
+CVE-2016-9977
+ RESERVED
+CVE-2016-9976
+ RESERVED
+CVE-2016-9975
+ RESERVED
+CVE-2016-9974
+ RESERVED
+CVE-2016-9973
+ RESERVED
+CVE-2016-9972
+ RESERVED
+CVE-2016-9971
+ RESERVED
+CVE-2016-9970
+ RESERVED
+CVE-2016-9969
+ RESERVED
+CVE-2016-9968
+ RESERVED
+CVE-2016-9967 (Lack of appropriate exception handling in some receivers of the
Telecom ...)
+ TODO: check
+CVE-2016-9966 (Lack of appropriate exception handling in some receivers of the
Telecom ...)
+ TODO: check
+CVE-2016-9965 (Lack of appropriate exception handling in some receivers of the
Telecom ...)
+ TODO: check
+CVE-2016-9962
+ RESERVED
+CVE-2016-9954
+ RESERVED
+CVE-2016-9953
+ RESERVED
+CVE-2016-9952
+ RESERVED
+CVE-2016-10008
+ RESERVED
+CVE-2016-10007
+ RESERVED
+CVE-2016-10006
+ RESERVED
+CVE-2016-10005 (Webdynpro in SAP Solman 7.1 through 7.31 allows remote
attackers to ...)
+ TODO: check
+CVE-2016-10004
+ RESERVED
+CVE-2016-10001
+ RESERVED
+CVE-2016-10000
+ RESERVED
CVE-2016-10013 [x86: Mishandling of SYSCALL singlestep during emulation]
- xen <unfixed> (bug #848713)
NOTE: https://xenbits.xen.org/xsa/advisory-204.html
@@ -26,19 +234,21 @@
NOTE:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh-agent.c
NOTE: https://www.openssh.com/txt/release-7.4
TODO: check affected versions
-CVE-2016-9998 ['plugin' parameter in '/ecrire/exec/info_plugin.php' XSS]
+CVE-2016-9998 (SPIP 3.1.x suffer from a Reflected Cross Site Scripting
Vulnerability ...)
- spip <unfixed> (bug #848641)
NOTE: https://core.spip.net/projects/spip/repository/revisions/23288
-CVE-2016-9997 ['id' parameter in '/ecrire/exec/puce_statut.php' XSS]
+CVE-2016-9997 (SPIP 3.1.x suffers from a Reflected Cross Site Scripting
Vulnerability ...)
- spip <unfixed> (bug #848641)
NOTE: https://core.spip.net/projects/spip/repository/revisions/23288
CVE-2015-8979 [remote stack buffer overflow]
+ RESERVED
- dcmtk 3.6.1~20160216-2
NOTE: 3.6.1~20160216-2 is the first version in unstable containing the
fix
NOTE: http://zeroscience.mk/en/vulnerabilities/ZSL-2016-5384.php
NOTE: Fixed by: https://github.com/commontk/DCMTK/commit/1b6bb76
NOTE: http://www.openwall.com/lists/oss-security/2016/12/17/2
CVE-2016-10003 [Issue #2, cookie headers and other client-specific private
infformation leak]
+ RESERVED
- squid3 3.5.23-1 (bug #848491)
[jessie] - squid3 <not-affected> (Does not affect Squid versions before
3.5.0.1)
[wheezy] - squid3 <not-affected> (Does not affect Squid versions before
3.5.0.1)
@@ -53,6 +263,7 @@
NOTE: 4.0.1 up to and including 4.0.16
NOTE: http://www.openwall.com/lists/oss-security/2016/12/17/1
CVE-2016-10002 [Issue #1, cookie headers and other client-specific private
infformation leak]
+ RESERVED
- squid3 3.5.23-1 (bug #848493)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_11.txt
NOTE: http://bugs.squid-cache.org/show_bug.cgi?id=4169
@@ -69,58 +280,62 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/12/17/1
CVE-2016-582384
REJECTED
-CVE-2016-9964 [redirect() doesn't filter "\r\n" which allows for CRLF attack]
+CVE-2016-9964 (redirect() in bottle.py in bottle 0.12.10 doesn't filter a
"\r\n" ...)
- python-bottle 0.12.11-1 (bug #848392)
NOTE: Upstream bug: https://github.com/bottlepy/bottle/issues/913
NOTE: Upstream patch:
https://github.com/bottlepy/bottle/commit/6d7e13da0f998820800ecb3fe9ccee4189aefb54
CVE-2016-9963 [disclosure of private information]
+ RESERVED
- exim4 <unfixed>
NOTE: https://bugs.exim.org/show_bug.cgi?id=1996
NOTE: http://www.openwall.com/lists/oss-security/2016/12/16/1
CVE-2016-9961
+ RESERVED
{DSA-3735-1 DLA-750-1}
- game-music-emu 0.6.0-4 (bug #848071)
NOTE:
http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1
CVE-2016-9960
+ RESERVED
{DSA-3735-1 DLA-750-1}
- game-music-emu 0.6.0-4 (bug #848071)
NOTE:
http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1
CVE-2016-9959
+ RESERVED
{DSA-3735-1 DLA-750-1}
- game-music-emu 0.6.0-4 (bug #848071)
NOTE:
http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1
CVE-2016-9958
+ RESERVED
{DSA-3735-1 DLA-750-1}
- game-music-emu 0.6.0-4 (bug #848071)
NOTE:
http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1
CVE-2016-9957
+ RESERVED
{DSA-3735-1 DLA-750-1}
- game-music-emu 0.6.0-4 (bug #848071)
NOTE:
http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1
CVE-2016-9956 [Allows the route manager to overwrite arbitrary files]
+ RESERVED
- flightgear 1:2016.4.3+dfsg-1 (bug #848114)
NOTE: http://www.openwall.com/lists/oss-security/2016/12/14/11
-CVE-2016-9951
- RESERVED
+CVE-2016-9951 (An issue was discovered in Apport before 2.20.4. A malicious
Apport ...)
[experimental] - apport 2.20.4-1 (bug #848213)
NOTE: apport only in experimental, so we cannot track this in
security-tracker
NOTE: add it, as we have an explicit (bug) reference for apport
NOTE: https://bugs.launchpad.net/apport/+bug/1648806
NOTE: https://donncha.is/2016/12/compromising-ubuntu-desktop/
-CVE-2016-9950
- RESERVED
+CVE-2016-9950 (An issue was discovered in Apport before 2.20.4. There is a
path ...)
[experimental] - apport 2.20.4-1 (bug #848213)
NOTE: apport only in experimental, so we cannot track this in
security-tracker
NOTE: add it, as we have an explicit (bug) reference for apport
NOTE: https://bugs.launchpad.net/apport/+bug/1648806
NOTE: https://donncha.is/2016/12/compromising-ubuntu-desktop/
-CVE-2016-9949
- RESERVED
+CVE-2016-9949 (An issue was discovered in Apport before 2.20.4. In
apport/ui.py, ...)
[experimental] - apport 2.20.4-1 (bug #848213)
NOTE: apport only in experimental, so we cannot track this in
security-tracker
NOTE: add it, as we have an explicit (bug) reference for apport
@@ -145,6 +360,7 @@
CVE-2016-9940
RESERVED
CVE-2016-9955 [Incorrect signature verification]
+ RESERVED
- simplesamlphp 1.14.11-1 (low)
[jessie] - simplesamlphp <no-dsa> (Minor issue)
[wheezy] - simplesamlphp <no-dsa> (Minor issue)
@@ -2113,10 +2329,10 @@
NOTE:
https://lists.osgeo.org/pipermail/mapserver-dev/2016-December/014979.html
NOTE: https://github.com/mapserver/mapserver/pull/4928
NOTE: https://github.com/mapserver/mapserver/pull/5356
-CVE-2016-9838
- RESERVED
-CVE-2016-9837
- RESERVED
+CVE-2016-9838 (An issue was discovered in
components/com_users/models/registration.php ...)
+ TODO: check
+CVE-2016-9837 (An issue was discovered in ...)
+ TODO: check
CVE-2016-9836 (The file scanning mechanism of JFilterInput::isFileSafe() in
Joomla! ...)
TODO: check
CVE-2016-9835 (Directory traversal vulnerability in file "jcss.php"
in Zikula 1.3.x ...)
@@ -8105,15 +8321,13 @@
RESERVED
CVE-2016-9567 (The mDNIe system service on Samsung Mobile S7 devices with
M(6.0) ...)
NOT-FOR-US: Samsung
-CVE-2016-9566 [privilege escalation]
- RESERVED
+CVE-2016-9566 (base/logging.c in Nagios Core before 4.2.4 allows local users
with ...)
{DLA-751-1}
- nagios3 <removed>
NOTE:
https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4
NOTE:
https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html
NOTE: nagios < 3.5 is not vulnerable through the regular logfile, but
through the debug logfile
-CVE-2016-9565 [Curl Command Injection]
- RESERVED
+CVE-2016-9565 (MagpieRSS, as used in the front-end component in Nagios Core
before ...)
{DLA-751-1}
- nagios3 3.5.1-1
NOTE:
https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html
@@ -9681,12 +9895,12 @@
RESERVED
CVE-2016-9161
RESERVED
-CVE-2016-9160
- RESERVED
-CVE-2016-9159
- RESERVED
-CVE-2016-9158
- RESERVED
+CVE-2016-9160 (A vulnerability in SIEMENS SIMATIC WinCC (All versions <
SIMATIC WinCC ...)
+ TODO: check
+CVE-2016-9159 (A vulnerability in SIEMENS SIMATIC S7-300 PN CPUs (all versions
...)
+ TODO: check
+CVE-2016-9158 (A vulnerability in SIEMENS SIMATIC S7-300 PN CPUs (all versions
...)
+ TODO: check
CVE-2016-9157 (A vulnerability in Siemens SICAM PAS (all versions including
V8.08) ...)
TODO: check
CVE-2016-9156 (A vulnerability in Siemens SICAM PAS (all versions including
V8.08) ...)
@@ -10576,10 +10790,9 @@
RESERVED
CVE-2016-8828
RESERVED
-CVE-2016-8827
- RESERVED
-CVE-2016-8826 [DoS via GPU interrupt storm]
- RESERVED
+CVE-2016-8827 (NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a
...)
+ TODO: check
+CVE-2016-8826 (All versions of NVIDIA GPU Display Driver contain a
vulnerability in ...)
- nvidia-graphics-drivers 375.26-1 (bug #848195)
[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -10588,33 +10801,32 @@
[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not
supported)
[wheezy] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not
supported)
NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/4278
-CVE-2016-8825
- RESERVED
-CVE-2016-8824
- RESERVED
-CVE-2016-8823
- RESERVED
+CVE-2016-8825 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
+ TODO: check
+CVE-2016-8824 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
+ TODO: check
+CVE-2016-8823 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
NOT-FOR-US: Nvidia Windows driver
-CVE-2016-8822
- RESERVED
-CVE-2016-8821
- RESERVED
-CVE-2016-8820
- RESERVED
-CVE-2016-8819
- RESERVED
-CVE-2016-8818
- RESERVED
-CVE-2016-8817
- RESERVED
-CVE-2016-8816
- RESERVED
-CVE-2016-8815
- RESERVED
-CVE-2016-8814
- RESERVED
-CVE-2016-8813
- RESERVED
+CVE-2016-8822 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
+ TODO: check
+CVE-2016-8821 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
+ TODO: check
+CVE-2016-8820 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
+ TODO: check
+CVE-2016-8819 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
+ TODO: check
+CVE-2016-8818 (All versions of NVIDIA Windows GPU Display contain a
vulnerability in ...)
+ TODO: check
+CVE-2016-8817 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
+ TODO: check
+CVE-2016-8816 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
+ TODO: check
+CVE-2016-8815 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
+ TODO: check
+CVE-2016-8814 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
+ TODO: check
+CVE-2016-8813 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
+ TODO: check
CVE-2016-8812 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA
GeForce ...)
NOT-FOR-US: Nvidia Windows driver
CVE-2016-8811 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA
Windows GPU ...)
@@ -10851,7 +11063,7 @@
CVE-2016-8709
RESERVED
CVE-2016-8708
- RESERVED
+ REJECTED
CVE-2016-8707 [ImageMagick Convert Tiff Adobe Deflate Code Execution
Vulnerability]
RESERVED
- imagemagick <unfixed> (bug #848139)
@@ -15025,8 +15237,8 @@
RESERVED
CVE-2016-7455
RESERVED
-CVE-2016-7454
- RESERVED
+CVE-2016-7454 (CSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco
dpc3941T) ...)
+ TODO: check
CVE-2016-7453 (The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch
2 could ...)
NOT-FOR-US: Exponent CMS
CVE-2016-7452 (The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch
2 could ...)
@@ -17485,10 +17697,10 @@
RESERVED
CVE-2016-6658
RESERVED
-CVE-2016-6657
- RESERVED
-CVE-2016-6656
- RESERVED
+CVE-2016-6657 (An open redirect vulnerability has been detected with some
Pivotal ...)
+ TODO: check
+CVE-2016-6656 (An issue was discovered in Pivotal Greenplum before 4.3.10.0.
Creation ...)
+ TODO: check
CVE-2016-6655
RESERVED
CVE-2016-6654
@@ -23237,68 +23449,55 @@
{DSA-3731-1}
- chromium-browser 54.0.2840.101-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5193
- RESERVED
+CVE-2016-5193 (Google Chrome prior to 54.0 for iOS had insufficient validation
of URLs ...)
{DSA-3731-1}
- chromium-browser 54.0.2840.101-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5192
- RESERVED
+CVE-2016-5192 (Blink in Google Chrome prior to 54.0.2840.59 for Windows missed
a CORS ...)
{DSA-3731-1}
- chromium-browser 54.0.2840.101-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5191
- RESERVED
+CVE-2016-5191 (Bookmark handling in Google Chrome prior to 54.0.2840.59 for
Windows, ...)
{DSA-3731-1}
- chromium-browser 54.0.2840.101-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5190
- RESERVED
+CVE-2016-5190 (Google Chrome prior to 54.0.2840.59 for Windows, Mac, and
Linux; ...)
{DSA-3731-1}
- chromium-browser 54.0.2840.101-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5189
- RESERVED
+CVE-2016-5189 (Google Chrome prior to 54.0.2840.59 for Windows, Mac, and
Linux; ...)
{DSA-3731-1}
- chromium-browser 54.0.2840.101-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5188
- RESERVED
+CVE-2016-5188 (Multiple issues in Blink in Google Chrome prior to 54.0.2840.59
for ...)
{DSA-3731-1}
- chromium-browser 54.0.2840.101-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5187
- RESERVED
+CVE-2016-5187 (Google Chrome prior to 54.0.2840.85 for Android incorrectly
handled ...)
{DSA-3731-1}
- chromium-browser 54.0.2840.101-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5186
- RESERVED
+CVE-2016-5186 (Devtools in Google Chrome prior to 54.0.2840.59 for Windows,
Mac, and ...)
{DSA-3731-1}
- chromium-browser 54.0.2840.101-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5185
- RESERVED
+CVE-2016-5185 (Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac,
and ...)
{DSA-3731-1}
- chromium-browser 54.0.2840.101-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5184
- RESERVED
+CVE-2016-5184 (PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac,
and ...)
{DSA-3731-1}
- chromium-browser 54.0.2840.101-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5183
- RESERVED
+CVE-2016-5183 (A heap use after free in PDFium in Google Chrome prior to
54.0.2840.59 ...)
{DSA-3731-1}
- chromium-browser 54.0.2840.101-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5182
- RESERVED
+CVE-2016-5182 (Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac,
and ...)
{DSA-3731-1}
- chromium-browser 54.0.2840.101-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2016-5181
- RESERVED
+CVE-2016-5181 (Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac,
and ...)
{DSA-3731-1}
- chromium-browser 54.0.2840.101-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -29379,8 +29578,8 @@
RESERVED
CVE-2016-3130
RESERVED
-CVE-2016-3129
- RESERVED
+CVE-2016-3129 (A remote shell execution vulnerability in the BlackBerry Good
...)
+ TODO: check
CVE-2016-3128
RESERVED
CVE-2016-3127
@@ -32909,17 +33108,20 @@
RESERVED
CVE-2016-2126 [Flaws in Kerberos PAC validation can trigger privilege
elevation]
RESERVED
+ {DSA-3740-1}
- samba 2:4.5.2+dfsg-2
[wheezy] - samba <not-affected> (Affects only Samba 4.0.0 to 4.5.2)
NOTE: https://www.samba.org/samba/security/CVE-2016-2126.html
CVE-2016-2125 [Unconditional privilege delegation to Kerberos servers in
trusted realms]
RESERVED
+ {DSA-3740-1}
- samba 2:4.5.2+dfsg-2
NOTE: https://www.samba.org/samba/security/CVE-2016-2125.html
CVE-2016-2124
RESERVED
CVE-2016-2123 [Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer Overflow
Remote Code Execution Vulnerability]
RESERVED
+ {DSA-3740-1}
- samba 2:4.5.2+dfsg-2
[wheezy] - samba <not-affected> (Affects only Samba 4.0.0 to 4.5.2)
NOTE: https://www.samba.org/samba/security/CVE-2016-2123.html
@@ -32935,6 +33137,7 @@
CVE-2016-2120
RESERVED
CVE-2016-2119 (libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x
before ...)
+ {DSA-3740-1}
- samba 2:4.4.5+dfsg-1 (bug #830195)
[wheezy] - samba <not-affected> (Affects Samba 4.0.0 to 4.4.0)
NOTE: https://www.samba.org/samba/security/CVE-2016-2119.html
@@ -45935,8 +46138,8 @@
NOT-FOR-US: Atlassian Bamboo
CVE-2015-6575 (SampleTable.cpp in libstagefright in Android before 5.1.1
LMY48I does ...)
NOT-FOR-US: libstagefright in Android
-CVE-2015-6574
- RESERVED
+CVE-2015-6574 (The SNAP Lite component in certain SISCO MMS-EASE and AX-S4
ICCP ...)
+ TODO: check
CVE-2015-6573
RESERVED
CVE-2015-6572
@@ -55204,8 +55407,7 @@
- moodle 2.7.9+dfsg-1 (bug #792242)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE:
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688
-CVE-2015-3271 [information disclosure]
- RESERVED
+CVE-2015-3271 (Apache Tika server (aka tika-server) in Apache Tika 1.9 might
allow ...)
- tika <not-affected> (The server isn't shipped in the Debian package)
NOTE: https://marc.info/?l=oss-security&m=143948566828051&w=2
CVE-2015-3270 (Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote
...)
@@ -107162,8 +107364,7 @@
CVE-2013-1431 (The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x
before ...)
{DSA-2702-1}
- telepathy-gabble 0.16.6-1
-CVE-2013-1430 [xrdp create ~/.vnc/sesman_${username}_passwd with (equivalent
of) clear text password of user]
- RESERVED
+CVE-2013-1430 (An issue was discovered in xrdp before 0.9.1. When successfully
logging ...)
- xrdp 0.9.1~2016121126+git5171fa7-1
NOTE: https://github.com/neutrinolabs/xrdp/pull/497
NOTE: When successfully logging in using RDP into a xrdp session, the
file
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
