Author: sectracker
Date: 2017-01-26 21:10:11 +0000 (Thu, 26 Jan 2017)
New Revision: 48438
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-26 21:09:23 UTC (rev 48437)
+++ data/CVE/list 2017-01-26 21:10:11 UTC (rev 48438)
@@ -1,3 +1,17 @@
+CVE-2017-5595
+ RESERVED
+CVE-2017-5594 (An issue was discovered in Pagekit CMS before 1.0.11. In this
...)
+ TODO: check
+CVE-2017-5593
+ RESERVED
+CVE-2017-5592
+ RESERVED
+CVE-2017-5591
+ RESERVED
+CVE-2017-5590
+ RESERVED
+CVE-2017-5589
+ RESERVED
CVE-2017-XXXX [Fix potential unsigned underflow]
- libgd2 2.2.4-1
NOTE:
https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35
@@ -46,11 +60,11 @@
NOTE: Introduced in (screen-v4):
http://git.savannah.gnu.org/cgit/screen.git/commit/?h=screen-v4&id=5460f5d28c01a9a58e021eb1dffef2965e629d58
NOTE: Introduced in (master):
http://git.savannah.gnu.org/cgit/screen.git/commit/?id=c575c40c9bd7653470639da32e06faed0a9b2ec4
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2017/01/24/10
-CVE-2017-5597 [wnpa-sec-2017-02 - DHCPv6 large loop]
+CVE-2017-5597 (In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6
dissector ...)
- wireshark 2.2.4+gcc3dc1b-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-02.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13345
-CVE-2017-5596 [wnpa-sec-2017-01 - ASTERIX infinite loop]
+CVE-2017-5596 (In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX
dissector ...)
- wireshark 2.2.4+gcc3dc1b-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-01.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13344
@@ -58,11 +72,14 @@
- phpmyadmin 4:4.6.6-1 (unimportant)
NOTE: all minor issues
CVE-2016-10165 [heap OOB read parsing crafted ICC profile]
+ RESERVED
+ {DLA-803-1}
- lcms2 <unfixed> (bug #852627)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1367357
NOTE:
https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2
CVE-2016-10164 [heap overflow]
RESERVED
+ {DSA-3772-1 DLA-801-1}
- libxpm 1:3.5.12-1
NOTE: Fixed by:
https://cgit.freedesktop.org/xorg/lib/libXpm/commit/?id=d1167418f0fd02a27f617ec5afd6db053afbe185
NOTE: http://www.openwall.com/lists/oss-security/2017/01/22/2
@@ -593,7 +610,7 @@
RESERVED
CVE-2017-5396
RESERVED
- {DSA-3771-1}
+ {DSA-3771-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5396
@@ -622,7 +639,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5391
CVE-2017-5390
RESERVED
- {DSA-3771-1}
+ {DSA-3771-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5390
@@ -644,7 +661,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5387
CVE-2017-5386
RESERVED
- {DSA-3771-1}
+ {DSA-3771-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5386
@@ -661,7 +678,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5384
CVE-2017-5383
RESERVED
- {DSA-3771-1}
+ {DSA-3771-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5383
@@ -678,7 +695,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5381
CVE-2017-5380
RESERVED
- {DSA-3771-1}
+ {DSA-3771-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5380
@@ -690,7 +707,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5379
CVE-2017-5378
RESERVED
- {DSA-3771-1}
+ {DSA-3771-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5378
@@ -702,14 +719,14 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5377
CVE-2017-5376
RESERVED
- {DSA-3771-1}
+ {DSA-3771-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5376
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5376
CVE-2017-5375
RESERVED
- {DSA-3771-1}
+ {DSA-3771-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5375
@@ -721,7 +738,7 @@
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5374
CVE-2017-5373
RESERVED
- {DSA-3771-1}
+ {DSA-3771-1 DLA-800-1}
- firefox 51.0-1
- firefox-esr 45.7.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5373
@@ -4439,32 +4456,30 @@
RESERVED
CVE-2017-3806
RESERVED
-CVE-2017-3805
- RESERVED
+CVE-2017-3805 (A vulnerability in the web-based management interface of Cisco
IOS and ...)
NOT-FOR-US: Cisco IOS
-CVE-2017-3804
- RESERVED
-CVE-2017-3803
- RESERVED
-CVE-2017-3802
- RESERVED
+CVE-2017-3804 (A vulnerability in Intermediate System-to-Intermediate System
(IS-IS) ...)
+ TODO: check
+CVE-2017-3803 (A vulnerability in the Cisco IOS Software forwarding queue of
Cisco ...)
+ TODO: check
+CVE-2017-3802 (A vulnerability in Cisco Unified Communications Manager could
allow an ...)
+ TODO: check
CVE-2017-3801
RESERVED
-CVE-2017-3800
- RESERVED
+CVE-2017-3800 (A vulnerability in the content scanning engine of Cisco AsyncOS
...)
NOT-FOR-US: Cisco Email Security Appliance
-CVE-2017-3799
- RESERVED
-CVE-2017-3798
- RESERVED
-CVE-2017-3797
- RESERVED
-CVE-2017-3796
- RESERVED
-CVE-2017-3795
- RESERVED
-CVE-2017-3794
- RESERVED
+CVE-2017-3799 (A vulnerability in a URL parameter of Cisco WebEx Meeting
Center could ...)
+ TODO: check
+CVE-2017-3798 (A cross-site scripting (XSS) filter bypass vulnerability in the
...)
+ TODO: check
+CVE-2017-3797 (A vulnerability in Cisco WebEx Meetings Server could allow an
...)
+ TODO: check
+CVE-2017-3796 (A vulnerability in Cisco WebEx Meetings Server could allow an
...)
+ TODO: check
+CVE-2017-3795 (A vulnerability in Cisco WebEx Meetings Server could allow an
...)
+ TODO: check
+CVE-2017-3794 (A vulnerability in Cisco WebEx Meetings Server could allow an
...)
+ TODO: check
CVE-2017-3793
RESERVED
CVE-2017-3792
@@ -7280,6 +7295,7 @@
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2619
CVE-2016-9831 [listswf: heap-based buffer overflow in parseSWF_RGBA (parser.c)]
RESERVED
+ {DLA-799-1}
- ming <removed>
NOTE:
https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_rgba-parser-c
CVE-2016-9830 [memory allocation failure in MagickRealloc]
@@ -7292,14 +7308,17 @@
NOTE: POC:
https://github.com/asarubbo/poc/blob/master/00096-graphicsmagick-memalloc-MagickRealloc
CVE-2016-9829 [listswf: heap-based buffer overflow in parseSWF_DEFINEFONT
(parser.c)]
RESERVED
+ {DLA-799-1}
- ming <removed>
NOTE:
https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_definefont-parser-c
CVE-2016-9828 [listswf: NULL pointer dereference in dumpBuffer (read.c)]
RESERVED
+ {DLA-799-1}
- ming <removed>
NOTE:
https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-null-pointer-dereference-in-dumpbuffer-read-c
CVE-2016-9827 [listswf: heap-based buffer overflow in _iprintf (outputtxt.c)]
RESERVED
+ {DLA-799-1}
- ming <removed>
NOTE:
https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-_iprintf-outputtxt-c
CVE-2016-9826
@@ -12624,7 +12643,7 @@
TODO: check
CVE-2017-0382 (A remote code execution vulnerability in the Framesequence
library ...)
TODO: check
-CVE-2017-0381 (A remote code execution vulnerability in silk/NLSF_stabilize.c
in ...)
+CVE-2017-0381 (An information disclosure vulnerability in
silk/NLSF_stabilize.c in ...)
{DLA-793-1}
- opus 1.2~alpha2-1 (bug #851612)
NOTE: Fixed by:
https://github.com/xiph/opus/commit/79e8f527b0344b0897a65be35e77f7885bd99409
(v1.2-alpha)
@@ -14403,16 +14422,16 @@
RESERVED
CVE-2016-9308
RESERVED
-CVE-2016-9307
- RESERVED
-CVE-2016-9306
- RESERVED
-CVE-2016-9305
- RESERVED
-CVE-2016-9304
- RESERVED
-CVE-2016-9303
- RESERVED
+CVE-2016-9307 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1
can ...)
+ TODO: check
+CVE-2016-9306 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1
can ...)
+ TODO: check
+CVE-2016-9305 (Improper handling in the Autodesk FBX-SDK before 2017.1 of type
...)
+ TODO: check
+CVE-2016-9304 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1
can ...)
+ TODO: check
+CVE-2016-9303 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1
can ...)
+ TODO: check
CVE-2016-9295
RESERVED
CVE-2016-9293
@@ -14594,16 +14613,19 @@
RESERVED
CVE-2016-9266 [left shift in listmp3.c]
RESERVED
+ {DLA-799-1}
- ming <removed> (bug #843928)
NOTE:
https://blogs.gentoo.org/ago/2016/11/09/libming-listmp3-left-shift-in-listmp3-c
NOTE: https://github.com/libming/libming/issues/53
CVE-2016-9265 [divide-by-zero in printMP3Headers (listmp3.c)]
RESERVED
+ {DLA-799-1}
- ming <removed> (bug #843928)
NOTE:
https://blogs.gentoo.org/ago/2016/11/09/libming-listmp3-divide-by-zero-in-printmp3headers-list
NOTE: https://github.com/libming/libming/issues/52
CVE-2016-9264 [global-buffer-overflow in printMP3Headers (listmp3.c)]
RESERVED
+ {DLA-799-1}
- ming <removed> (bug #843928)
NOTE:
https://blogs.gentoo.org/ago/2016/11/07/libming-listmp3-global-buffer-overflow-in-printmp3headers-listmp3-c
NOTE: https://github.com/libming/libming/issues/51
@@ -14695,20 +14717,19 @@
NOT-FOR-US: Cisco
CVE-2016-9223 (A vulnerability in the Docker Engine configuration of Cisco ...)
NOT-FOR-US: Cisco
-CVE-2016-9222
- RESERVED
-CVE-2016-9221
- RESERVED
-CVE-2016-9220
- RESERVED
+CVE-2016-9222 (A vulnerability in the web-based management interface of Cisco
NetFlow ...)
+ TODO: check
+CVE-2016-9221 (A Denial of Service Vulnerability in 802.11 ingress connection
...)
+ TODO: check
+CVE-2016-9220 (A Denial of Service Vulnerability in 802.11 ingress packet
processing ...)
+ TODO: check
CVE-2016-9219
RESERVED
-CVE-2016-9218
- RESERVED
+CVE-2016-9218 (A vulnerability in Cisco Hybrid Meeting Server could allow an
...)
+ TODO: check
CVE-2016-9217 (A vulnerability in Cisco Intercloud Fabric for Business and
Cisco ...)
NOT-FOR-US: Cisco
-CVE-2016-9216
- RESERVED
+CVE-2016-9216 (An IKE Packet Parsing Denial of Service Vulnerability in the
ipsecmgr ...)
NOT-FOR-US: Cisco ASR 5000
CVE-2016-9215 (A vulnerability in Cisco IOS XR Software could allow an
authenticated, ...)
NOT-FOR-US: Cisco
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
