Author: sectracker
Date: 2017-01-13 21:10:23 +0000 (Fri, 13 Jan 2017)
New Revision: 48002
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-13 19:04:45 UTC (rev 48001)
+++ data/CVE/list 2017-01-13 21:10:23 UTC (rev 48002)
@@ -1030,16 +1030,19 @@
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2625
CVE-2016-10094 [off-by-one error in tiff2pdf]
RESERVED
+ {DSA-3762-1}
- tiff 4.0.7-4
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2640
NOTE: Fixed by:
https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76b0969235c
CVE-2016-10093 [uint32 underflow/overflow that can cause heap-based buffer
overflow in tiffcp]
RESERVED
+ {DSA-3762-1}
- tiff 4.0.7-2
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2610
NOTE: Fixed by:
https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec
CVE-2016-10092 [heap-buffer-overflow in tiffcrop]
RESERVED
+ {DSA-3762-1}
- tiff 4.0.7-2
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
NOTE: Fixed by:
https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
@@ -3524,6 +3527,7 @@
NOTE: https://xenbits.xen.org/xsa/advisory-203.html
CVE-2016-10024 [x86 PV guests may be able to mask interrupts]
RESERVED
+ {DLA-783-1}
- xen 4.8.0-1
NOTE: https://xenbits.xen.org/xsa/advisory-202.html
CVE-2016-10028 [display: virtio-gpu-3d: OOB access while reading virgl
capabilities]
@@ -3763,6 +3767,7 @@
RESERVED
CVE-2016-10013 [x86: Mishandling of SYSCALL singlestep during emulation]
RESERVED
+ {DLA-783-1}
- xen 4.8.0-1 (bug #848713)
NOTE: https://xenbits.xen.org/xsa/advisory-204.html
CVE-2016-10012 (The shared memory manager (associated with pre-authentication
...)
@@ -4051,7 +4056,7 @@
RESERVED
CVE-2016-9905
RESERVED
- {DSA-3757-1 DSA-3734-1 DLA-743-1}
+ {DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
- firefox <not-affected> (Only affects Firefox 45 ESR series)
- firefox-esr 45.6.0esr-1
[experimental] - icedove 1:45.6.0-1
@@ -4061,7 +4066,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9905
CVE-2016-9904
RESERVED
- {DSA-3757-1 DSA-3734-1 DLA-743-1}
+ {DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
[experimental] - icedove 1:45.6.0-1
@@ -4088,7 +4093,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9901
CVE-2016-9900
RESERVED
- {DSA-3757-1 DSA-3734-1 DLA-743-1}
+ {DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
[experimental] - icedove 1:45.6.0-1
@@ -4098,7 +4103,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9900
CVE-2016-9899
RESERVED
- {DSA-3757-1 DSA-3734-1 DLA-743-1}
+ {DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
[experimental] - icedove 1:45.6.0-1
@@ -4108,7 +4113,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9899
CVE-2016-9898
RESERVED
- {DSA-3757-1 DSA-3734-1 DLA-743-1}
+ {DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
[experimental] - icedove 1:45.6.0-1
@@ -4118,7 +4123,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9898
CVE-2016-9897
RESERVED
- {DSA-3757-1 DSA-3734-1 DLA-743-1}
+ {DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
[experimental] - icedove 1:45.6.0-1
@@ -4133,7 +4138,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9896
CVE-2016-9895
RESERVED
- {DSA-3757-1 DSA-3734-1 DLA-743-1}
+ {DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
[experimental] - icedove 1:45.6.0-1
@@ -4148,7 +4153,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9894
CVE-2016-9893
RESERVED
- {DSA-3757-1 DSA-3734-1 DLA-743-1}
+ {DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
- firefox 50.1.0-1
- firefox-esr 45.6.0esr-1
[experimental] - icedove 1:45.6.0-1
@@ -5199,6 +5204,7 @@
NOTE: Fixed by:
https://github.com/spring-projects/spring-framework/commit/a7dc48534ea501525f11369d369178a60c2f47d0
(3.2.x branch)
NOTE: https://jira.spring.io/browse/SPR-14946
CVE-2016-9877 (An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8
and 3.6.x ...)
+ {DSA-3761-1}
- rabbitmq-server 3.6.6-1 (bug #849849)
[wheezy] - rabbitmq-server <not-affected> (Vulnerable code introduced
later)
NOTE: https://pivotal.io/security/cve-2016-9877
@@ -12831,6 +12837,7 @@
RESERVED
CVE-2016-9453 [tiff2pdf: out-of-bounds write memcpy]
RESERVED
+ {DSA-3762-1}
- tiff 4.0.6-3
[wheezy] - tiff 4.0.2-6+deb7u7
NOTE: CVE-2016-9453 for wheezy fixed via CVE-2016-5652
@@ -13274,7 +13281,7 @@
REJECTED
CVE-2016-9297 [libtiff/tif_dirread.c read outside buffer in _TIFFPrintField()]
RESERVED
- {DLA-716-1}
+ {DSA-3762-1 DLA-716-1}
- tiff 4.0.7-1 (bug #844226)
- tiff3 <removed>
[wheezy] - tiff3 <not-affected> (Unreproducible)
@@ -13288,6 +13295,7 @@
NOTE: Fix in 4.0.7 is complete.
NOTE: Patch CVE-2016-9448:
https://github.com/vadz/libtiff/commit/89406285f318ffad27af4b200204394b2ee6ba5e
CVE-2016-9540 (tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on
tiled ...)
+ {DSA-3762-1}
- tiff 4.0.7-1
NOTE:
https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3
CVE-2016-9539 (tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in
...)
@@ -13295,27 +13303,33 @@
NOTE:
https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53
NOTE: Crash in CLI tool, no security impact
CVE-2016-9538 (tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in
...)
+ {DSA-3762-1}
- tiff 4.0.7-1
[wheezy] - tiff <no-dsa> (Minor issue)
NOTE:
https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b#diff-c8b4b355f9b5c06d585b23138e1c185f
CVE-2016-9537 (tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write ...)
+ {DSA-3762-1}
- tiff 4.0.7-1
NOTE:
https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-c8b4b355f9b5c06d585b23138e1c185f
CVE-2016-9536 (tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write ...)
+ {DSA-3762-1}
- tiff 4.0.7-1
NOTE:
https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5173a9b3b48146e4fd86d7b9b346115e
CVE-2016-9535 (tif_predict.h and tif_predict.c in libtiff 4.0.6 have
assertions that ...)
+ {DSA-3762-1}
- tiff 4.0.7-1
NOTE:
https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5be5ce02d0dea67050d5b2a10102d1ba
CVE-2016-9534 (tif_write.c in libtiff 4.0.6 has an issue in the error code
path of ...)
+ {DSA-3762-1}
- tiff 4.0.7-1
NOTE:
https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5be5ce02d0dea67050d5b2a10102d1ba
CVE-2016-9533 (tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write
vulnerabilities ...)
+ {DSA-3762-1}
- tiff 4.0.7-1
NOTE:
https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-bdc795f6afeb9558c1012b3cfae729ef
CVE-2016-9532 [tiffcrop: heap buffer overflow via writeBufferToSeparateStrips]
RESERVED
- {DLA-716-1}
+ {DSA-3762-1 DLA-716-1}
- tiff 4.0.7-1 (bug #844057)
- tiff3 <removed>
[wheezy] - tiff3 <not-affected> (Tools not shipped by tiff3)
@@ -13354,7 +13368,7 @@
NOTE: Same commit as for CVE-2016-9276. Needs the dwarf_macro5.c part
of the commit.
CVE-2016-9273 [libtiff heap overflow]
RESERVED
- {DLA-716-1}
+ {DSA-3762-1 DLA-716-1}
- tiff 4.0.7-1 (bug #844013)
- tiff3 <removed>
[wheezy] - tiff3 <not-affected> (Unreproducible)
@@ -20246,6 +20260,7 @@
NOTE: kubernetes entered experimental only so far
CVE-2016-7074
RESERVED
+ {DSA-3764-1}
- pdns 4.0.2-1
- pdns-recursor <unfixed>
[jessie] - pdns-recursor <not-affected> (Only >= 4.0.0 affected)
@@ -20253,6 +20268,7 @@
NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/
CVE-2016-7073
RESERVED
+ {DSA-3764-1}
- pdns 4.0.2-1
- pdns-recursor <unfixed>
[jessie] - pdns-recursor <not-affected> (Only >= 4.0.0 affected)
@@ -20260,6 +20276,7 @@
NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/
CVE-2016-7072
RESERVED
+ {DSA-3764-1}
- pdns 4.0.2-1
NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/
CVE-2016-7071
@@ -20271,6 +20288,7 @@
RESERVED
CVE-2016-7068
RESERVED
+ {DSA-3764-1 DSA-3763-1}
- pdns 4.0.2-1
- pdns-recursor <unfixed>
NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/
@@ -23520,7 +23538,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/5
CVE-2016-6223 [tiff: information leak in libtiff/tif_read.c]
RESERVED
- {DLA-693-1 DLA-610-1}
+ {DSA-3762-1 DLA-693-1 DLA-610-1}
- tiff 4.0.6-2 (bug #842270)
- tiff3 <removed>
NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/3
@@ -24316,7 +24334,7 @@
RESERVED
CVE-2016-5875 [tiff: heap-based buffer overflow when using the PixarLog
compression format]
RESERVED
- {DLA-610-1 DLA-606-1}
+ {DSA-3762-1 DLA-610-1 DLA-606-1}
- tiff 4.0.6-2 (bug #830700)
- tiff3 <removed>
NOTE: Upstream fix:
https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2
@@ -25040,7 +25058,7 @@
CVE-2016-5653 (Multiple SQL injection vulnerabilities in Misys FusionCapital
Opics ...)
NOT-FOR-US: Misys
CVE-2016-5652 (An exploitable heap-based buffer overflow exists in the
handling of ...)
- {DLA-693-1}
+ {DSA-3762-1 DLA-693-1}
- tiff 4.0.6-3 (bug #842361)
- tiff3 <removed>
[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
@@ -26112,7 +26130,7 @@
RESERVED
CVE-2016-5323 [tiffcrop _TIFFFax3fillruns(): NULL pointer dereference]
RESERVED
- {DLA-610-1 DLA-606-1}
+ {DSA-3762-1 DLA-610-1 DLA-606-1}
- tiff 4.0.6-2 (unimportant)
- tiff3 <removed> (unimportant)
NOTE: Upstream fix http://bugzilla.maptools.org/show_bug.cgi?id=2559#c3
@@ -26121,7 +26139,7 @@
NOTE: No security impact, just a crash in a CLI tool
CVE-2016-5322 [extractContigSamplesBytes: out-of-bounds read]
RESERVED
- {DLA-610-1 DLA-606-1}
+ {DSA-3762-1 DLA-610-1 DLA-606-1}
- tiff 4.0.7-1
- tiff3 <removed> (unimportant)
NOTE: src:tiff3: built binary packages do not contain the TIFF tools
@@ -26129,7 +26147,7 @@
NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=658
CVE-2016-5321 [DumpModeDecode(): Ddos]
RESERVED
- {DLA-610-1 DLA-606-1}
+ {DSA-3762-1 DLA-610-1 DLA-606-1}
- tiff 4.0.6-2
- tiff3 <removed>
NOTE: Upstream fix http://bugzilla.maptools.org/show_bug.cgi?id=2558#c2
@@ -26137,13 +26155,13 @@
NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=657
CVE-2016-5320 [rgb2ycbcr: command excution]
RESERVED
- {DLA-610-1 DLA-606-1}
+ {DSA-3762-1 DLA-610-1 DLA-606-1}
- tiff 4.0.6-2 (bug #830700)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2554#c1
CVE-2016-5317 [GNOME nautilus: crash occurs when generating a thumbnail for a
crafted TIFF image]
RESERVED
- {DLA-610-1 DLA-606-1}
+ {DSA-3762-1 DLA-610-1 DLA-606-1}
- tiff 4.0.6-2 (bug #830700)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2557
@@ -26151,7 +26169,7 @@
NOTE: Upstream marked this duplicate of bug
http://bugzilla.maptools.org/show_bug.cgi?id=2554
CVE-2016-5316 [tif_pixarlog.c: PixarLogCleanup() Segmentation fault]
RESERVED
- {DLA-610-1 DLA-606-1}
+ {DSA-3762-1 DLA-610-1 DLA-606-1}
- tiff 4.0.6-2 (bug #830700)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2556
@@ -26159,7 +26177,7 @@
NOTE: Upstream marked this duplicate of bug
http://bugzilla.maptools.org/show_bug.cgi?id=2554
CVE-2016-5315 [tif_dir.c: setByteArray() Read access violation]
RESERVED
- {DLA-610-1 DLA-606-1}
+ {DSA-3762-1 DLA-610-1 DLA-606-1}
- tiff 4.0.6-2 (bug #830700)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2555
@@ -26169,7 +26187,7 @@
NOTE: Upstream marked this duplicate of
http://bugzilla.maptools.org/show_bug.cgi?id=2554
CVE-2016-5314 [PixarLogDecode() out-of-bound writes]
RESERVED
- {DLA-610-1 DLA-606-1}
+ {DSA-3762-1 DLA-610-1 DLA-606-1}
- tiff 4.0.6-2 (bug #830700)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2554
@@ -30960,14 +30978,14 @@
CVE-2016-3996
RESERVED
CVE-2016-3991 (Heap-based buffer overflow in the loadImage function in the
tiffcrop ...)
- {DLA-610-1 DLA-606-1}
+ {DSA-3762-1 DLA-610-1 DLA-606-1}
- tiff 4.0.7-1
- tiff3 <removed> (unimportant)
NOTE: src:tiff3: built binary packages do not contain the TIFF tools
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2543
NOTE: Reproducer http://bugs.fi/media/afl/libtiff/CVE-2016-3991.tif
CVE-2016-3990 (Heap-based buffer overflow in the horizontalDifference8
function in ...)
- {DLA-610-1}
+ {DSA-3762-1 DLA-610-1}
- tiff 4.0.7-1 (bug #836570)
[wheezy] - tiff <no-dsa> (Minor issue)
- tiff3 <removed> (unimportant)
@@ -31191,7 +31209,7 @@
CVE-2016-3946 (SAP Console (aka SAPConsole) 7.30 allows local users to
discover SAP ...)
TODO: check
CVE-2016-3945 (Multiple integer overflows in the (1) cvt_by_strip and (2)
cvt_by_tile ...)
- {DLA-610-1}
+ {DSA-3762-1 DLA-610-1}
- tiff 4.0.7-1
[wheezy] - tiff <no-dsa> (Minor issue)
- tiff3 <removed> (unimportant)
@@ -32067,18 +32085,20 @@
NOTE: CVE probably should/needs to be rejected, since upstream is as
well unable to
NOTE: reproduce the issue. Might have been a problem on reporter from
id=2566
CVE-2016-3624 (The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6
and ...)
+ {DSA-3762-1}
- tiff 4.0.6-3
[wheezy] - tiff <no-dsa> (Minor issue)
- tiff3 <not-affected> (tiff tools not built)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2568
NOTE: Upstream marked this duplicate of bug 2569
CVE-2016-3623 (The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote
...)
- {DLA-610-1}
+ {DSA-3762-1 DLA-610-1}
- tiff 4.0.6-3 (unimportant)
- tiff3 <removed> (unimportant)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2569
NOTE: No security impact, just triggers a crash in a CLI tool
CVE-2016-3622 (The fpAcc function in tif_predict.c in the tiff2rgba tool in
LibTIFF ...)
+ {DSA-3762-1}
- tiff 4.0.7-1 (low; bug #820365)
[wheezy] - tiff <no-dsa> (Minor issue)
- tiff3 <not-affected> (tiff tools not built)
@@ -36747,6 +36767,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1374700
CVE-2016-2120 [Crafted zone record can cause a denial of service]
RESERVED
+ {DSA-3764-1}
- pdns 4.0.2-1
NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-05/
CVE-2016-2119 (libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x
before ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
