Author: sectracker
Date: 2017-02-07 21:10:16 +0000 (Tue, 07 Feb 2017)
New Revision: 48762
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-07 16:53:58 UTC (rev 48761)
+++ data/CVE/list 2017-02-07 21:10:16 UTC (rev 48762)
@@ -1,3 +1,43 @@
+CVE-2017-5919
+ RESERVED
+CVE-2017-5918
+ RESERVED
+CVE-2017-5917
+ RESERVED
+CVE-2017-5916
+ RESERVED
+CVE-2017-5915
+ RESERVED
+CVE-2017-5914
+ RESERVED
+CVE-2017-5913
+ RESERVED
+CVE-2017-5912
+ RESERVED
+CVE-2017-5911
+ RESERVED
+CVE-2017-5910
+ RESERVED
+CVE-2017-5909
+ RESERVED
+CVE-2017-5908
+ RESERVED
+CVE-2017-5907
+ RESERVED
+CVE-2017-5906
+ RESERVED
+CVE-2017-5905
+ RESERVED
+CVE-2017-5904
+ RESERVED
+CVE-2017-5903
+ RESERVED
+CVE-2017-5902
+ RESERVED
+CVE-2017-5901
+ RESERVED
+CVE-2017-5900
+ RESERVED
CVE-2017-5896
RESERVED
CVE-2017-5895
@@ -1199,24 +1239,28 @@
NOTE: PHP Bug: http://bugs.php.net/73831
NOTE: Fixed in 7.0.15, 7.1.1
CVE-2016-10161 (The object_common1 function in ext/standard/var_unserializer.c
in PHP ...)
+ {DLA-818-1}
- php7.1 7.1.1-1
- php7.0 7.0.15-1
- php5 <removed>
NOTE: PHP Bug: http://bugs.php.net/73825
NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
CVE-2016-10160 (Off-by-one error in the phar_parse_pharfile function in ...)
+ {DLA-818-1}
- php7.1 7.1.1-1
- php7.0 7.0.15-1
- php5 <removed>
NOTE: PHP Bug: http://bugs.php.net/73768
NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
CVE-2016-10159 (Integer overflow in the phar_parse_pharfile function in ...)
+ {DLA-818-1}
- php7.1 7.1.1-1
- php7.0 7.0.15-1
- php5 <removed>
NOTE: PHP Bug: http://bugs.php.net/73764
NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
CVE-2016-10158 (The exif_convert_any_to_int function in ext/exif/exif.c in PHP
before ...)
+ {DLA-818-1}
- php7.1 7.1.1-1
- php7.0 7.0.15-1
- php5 <removed>
@@ -6055,7 +6099,7 @@
NOTE: Fixed by:
https://github.com/php/php-src/commit/b2af4e8868726a040234de113436c6e4f6372d17
NOTE: http://www.openwall.com/lists/oss-security/2016/12/12/2
CVE-2016-9935 (The php_wddx_push_element function in ext/wddx/wddx.c in PHP
before ...)
- {DSA-3737-1}
+ {DSA-3737-1 DLA-818-1}
- php7.0 7.0.14-1
- php5 <removed>
NOTE: Fixed in PHP 5.6.29 and 7.0.14
@@ -6063,7 +6107,7 @@
NOTE: Fixed by:
https://github.com/php/php-src/commit/66fd44209d5ffcb9b3d1bc1b9fd8e35b485040c0
NOTE: http://www.openwall.com/lists/oss-security/2016/12/12/2
CVE-2016-9934 (ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13
allows ...)
- {DSA-3732-1}
+ {DSA-3732-1 DLA-818-1}
- php7.0 7.0.13-1
- php5 <removed>
NOTE: Fixed in PHP 5.6.28, 7.0.13 and 7.1.0
@@ -14507,8 +14551,7 @@
NOTE: Fixed by: http://bugs.icu-project.org/trac/changeset/35699
NOTE: The patch addressing CVE-2014-9911 is applied in 54.1 , but the
NOTE: first fixed package version uploaded to unstable is 55.1-3 .
-CVE-2016-9639 [salt confidentiality issue]
- RESERVED
+CVE-2016-9639 (Salt before 2015.8.11 allows deleted minions to read or write
to ...)
- salt 2016.3.0+ds-1
[jessie] - salt <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2016/11/25/2
@@ -21525,8 +21568,7 @@
{DSA-3678-1 DLA-649-1}
- python-django 1:1.10-1 (low)
NOTE:
https://www.djangoproject.com/weblog/2016/sep/26/security-releases/
-CVE-2016-7400
- RESERVED
+CVE-2016-7400 (Multiple SQL injection vulnerabilities in Exponent CMS before
2.4.0 ...)
NOT-FOR-US: Exponent CMS
CVE-2016-7399 (scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x
through ...)
NOT-FOR-US: Veritas NetBackup Applianc
@@ -22156,8 +22198,7 @@
NOTE: (with reproducer)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207362
NOTE: Fixed by:
https://github.com/libarchive/libarchive/commit/6e06b1c89dd0d16f74894eac4cfc1327a06ee4a0
NOTE: Fix improved by:
https://github.com/libarchive/libarchive/commit/37649d274867edd2dd25d8a3057c3b6cd81ce83e
-CVE-2016-7164 [inflate_gzip denial of service]
- RESERVED
+CVE-2016-7164 (The construct function in puff.cpp in Libtorrent 1.1.0 allows
remote ...)
- libtorrent-rasterbar 1.1.1-1 (bug #837338)
[wheezy] - libtorrent-rasterbar <not-affected> (Vulnerable code not
present, reproducer does not crash)
NOTE: https://github.com/arvidn/libtorrent/issues/1021
@@ -23690,8 +23731,8 @@
NOT-FOR-US: Huawei
CVE-2016-6668 (The Atlassian Hipchat Integration Plugin for Bitbucket Server
6.26.0 ...)
NOT-FOR-US: Atlassian Hipchat Integration Plugin for Bitbucket Server
-CVE-2016-6667
- RESERVED
+CVE-2016-6667 (NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3
through ...)
+ TODO: check
CVE-2016-6666
RESERVED
CVE-2016-6665
@@ -24465,8 +24506,8 @@
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Introduced by:
https://git.kernel.org/linus/54dbc15172375641ef03399e8f911d7165eb90fb (v4.5-rc1)
NOTE: Fixed by:
https://git.kernel.org/linus/10eec60ce79187686e052092e5383c99b4420a20
-CVE-2016-6495
- RESERVED
+CVE-2016-6495 (NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode,
allows ...)
+ TODO: check
CVE-2016-6493 (Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and
Citrix ...)
NOT-FOR-US: Citrix
CVE-2016-XXXX [bruteforcable challenge responses in unprotected logfile]
@@ -25740,8 +25781,8 @@
RESERVED
CVE-2016-6200
RESERVED
-CVE-2016-6199
- RESERVED
+CVE-2016-6199 (ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers
to ...)
+ TODO: check
CVE-2016-6196
RESERVED
CVE-2016-6195 (SQL injection vulnerability in
forumrunner/includes/moderation.php in ...)
@@ -25934,8 +25975,7 @@
CVE-2016-6185 (The XSLoader::load method in XSLoader in Perl does not properly
locate ...)
{DSA-3628-1 DLA-565-1}
- perl 5.22.2-2 (bug #829578)
-CVE-2016-6175
- RESERVED
+CVE-2016-6175 (Eval injection vulnerability in php-gettext 1.0.12 and earlier
allows ...)
- php-gettext <unfixed> (bug #851771)
[jessie] - php-gettext <no-dsa> (Minor issue)
[wheezy] - php-gettext <no-dsa> (Minor issue)
@@ -26138,8 +26178,8 @@
RESERVED
CVE-2016-6105 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an
...)
TODO: check
-CVE-2016-6104
- RESERVED
+CVE-2016-6104 (IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a
remote ...)
+ TODO: check
CVE-2016-6103 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to
...)
TODO: check
CVE-2016-6102
@@ -26152,18 +26192,18 @@
TODO: check
CVE-2016-6098
RESERVED
-CVE-2016-6097
- RESERVED
-CVE-2016-6096
- RESERVED
+CVE-2016-6097 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web
pages ...)
+ TODO: check
+CVE-2016-6096 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is
vulnerable to ...)
+ TODO: check
CVE-2016-6095 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate
...)
TODO: check
-CVE-2016-6094
- RESERVED
+CVE-2016-6094 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates
an ...)
+ TODO: check
CVE-2016-6093
RESERVED
-CVE-2016-6092
- RESERVED
+CVE-2016-6092 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores
user ...)
+ TODO: check
CVE-2016-6091
REJECTED
CVE-2016-6090 (IBM WebSphere Commerce contains an unspecified vulnerability
that ...)
@@ -26600,8 +26640,7 @@
[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
NOTE: https://github.com/libgd/libgd/issues/247
NOTE:
https://github.com/libgd/libgd/commit/ead349e99868303b37f5e6e9d9d680c9dc71ff8d
-CVE-2016-6131
- RESERVED
+CVE-2016-6131 (The demangler in GNU Libiberty allows remote attackers to cause
a ...)
{DLA-552-1}
- libiberty 20161017-1 (low; bug #840889)
[jessie] - libiberty <no-dsa> (Minor issue)
@@ -27234,8 +27273,8 @@
RESERVED
CVE-2016-5712
RESERVED
-CVE-2016-5711
- RESERVED
+CVE-2016-5711 (NetApp Virtual Storage Console for VMware vSphere before 6.2.1
uses a ...)
+ TODO: check
CVE-2016-5710
RESERVED
CVE-2016-5709 (SolarWinds Virtualization Manager 6.3.1 and earlier uses weak
...)
@@ -28264,8 +28303,8 @@
RESERVED
CVE-2016-5373
RESERVED
-CVE-2016-5372
- RESERVED
+CVE-2016-5372 (Cross-site request forgery (CSRF) vulnerability in NetApp Snap
Creator ...)
+ TODO: check
CVE-2016-5371
RESERVED
CVE-2016-5370
@@ -32264,8 +32303,8 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/1
NOTE: Ocaml applications using the patched functions need to be
recompiled with the
NOTE: fixed ocaml version.
-CVE-2016-4341
- RESERVED
+CVE-2016-4341 (NetApp Clustered Data ONTAP before 8.3.2P7 allows remote
attackers to ...)
+ TODO: check
CVE-2016-4339
RESERVED
CVE-2016-4338 (The mysql user parameter configuration script ...)
@@ -35400,8 +35439,7 @@
NOTE: Fixed in 5.6.12, 5.5.28, 5.4.44
CVE-2016-3184
RESERVED
-CVE-2016-3180 [Signature verification bypass attack]
- RESERVED
+CVE-2016-3180 (Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4,
during ...)
- torbrowser-launcher 0.2.4-1
[jessie] - torbrowser-launcher 0.1.9-1+deb8u3
NOTE: https://github.com/micahflee/torbrowser-launcher/issues/229
@@ -35790,8 +35828,8 @@
NOTE: Fixed in 1.3.6rc2, 1.3.5b.
CVE-2016-3064 (NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before
8.3.2P2 ...)
TODO: check
-CVE-2016-3063
- RESERVED
+CVE-2016-3063 (Multiple functions in NetApp OnCommand System Manager before
8.3.2 do ...)
+ TODO: check
CVE-2016-3062 (The mov_read_dref function in libavformat/mov.c in Libav before
11.7 ...)
{DSA-3603-1 DLA-515-1}
- libav <removed>
@@ -35885,8 +35923,8 @@
TODO: check
CVE-2016-3021 (IBM Security Access Manager for Web could allow an
authenticated ...)
TODO: check
-CVE-2016-3020
- RESERVED
+CVE-2016-3020 (IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0
could ...)
+ TODO: check
CVE-2016-3019
RESERVED
CVE-2016-3018 (IBM Security Access Manager for Web is vulnerable to cross-site
...)
@@ -36283,8 +36321,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/03/09/8
CVE-2016-2859
REJECTED
-CVE-2016-3124 [Information leakage issue in the sanitycheck module]
- RESERVED
+CVE-2016-3124 (The sanitycheck module in SimpleSAMLphp before 1.14.1 allows
remote ...)
- simplesamlphp 1.14.1-1 (unimportant; bug #817162)
NOTE: https://simplesamlphp.org/security/201603-01
NOTE: Fixed upstream in 1.14.1
@@ -36350,6 +36387,7 @@
- openssl 1.0.2g-1
NOTE: split from CVE-2016-0799
CVE-2016-3142 (The phar_parse_zipfile function in zip.c in the PHAR extension
in PHP ...)
+ {DLA-818-1}
- php5 5.6.19+dfsg-1
[jessie] - php5 5.6.19+dfsg-0+deb8u1
[wheezy] - php5 <no-dsa> (Minor issue, can be fixed in next update
round)
@@ -36359,6 +36397,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/03/13/2
NOTE:
https://git.php.net/?p=php-src.git;a=commit;h=a6fdc5bb27b20d889de0cd29318b3968aabb57bd
CVE-2016-3141 (Use-after-free vulnerability in wddx.c in the WDDX extension in
PHP ...)
+ {DLA-818-1}
- php5 5.6.19+dfsg-1
[jessie] - php5 5.6.19+dfsg-0+deb8u1
[wheezy] - php5 <no-dsa> (Minor issue, can be fixed in next update
round)
@@ -37216,14 +37255,12 @@
[wheezy] - linux 3.2.78-1
- linux-2.6 <removed>
NOTE: Upstream commit:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0
(v4.5-rc2)
-CVE-2016-2781 [nonpriv session can escape to the parent session by using the
TIOCSTI ioctl]
- RESERVED
+CVE-2016-2781 (chroot in GNU coreutils, when used with --userspec, allows
local users ...)
- coreutils <unfixed> (bug #816320)
[jessie] - coreutils <no-dsa> (Minor issue)
[wheezy] - coreutils <no-dsa> (Minor issue)
NOTE: Restricting ioctl on the kernel side seems the better approach
-CVE-2016-2779 [runuser tty hijacking via TIOCSTI ioctl]
- RESERVED
+CVE-2016-2779 (runuser in util-linux allows local users to escape to the
parent ...)
- util-linux <unfixed> (bug #815922)
[jessie] - util-linux <no-dsa> (Minor issue)
NOTE: Restricting ioctl on the kernel side seems the better approach
@@ -37415,8 +37452,8 @@
RESERVED
CVE-2016-2540
RESERVED
-CVE-2016-2539
- RESERVED
+CVE-2016-2539 (Cross-site request forgery (CSRF) vulnerability in
install_modules.php ...)
+ TODO: check
CVE-2016-2550 (The Linux kernel before 4.5 allows local users to bypass ...)
{DSA-3503-1}
- linux 4.4.4-1
@@ -37857,8 +37894,7 @@
NOT-FOR-US: Huawei
CVE-2016-2404
RESERVED
-CVE-2016-2403
- RESERVED
+CVE-2016-2403 (Symfony before 2.8.6 and 3.x before 3.0.6 allows remote
attackers to ...)
- symfony 2.8.6+dfsg-1
[jessie] - symfony <not-affected> (Vulnerable code not present)
NOTE:
http://symfony.com/blog/cve-2016-2403-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password
@@ -38259,6 +38295,7 @@
NOTE: https://bugs.php.net/bug.php?id=71331
NOTE: Fixed in 7.0.3, 5.6.18
CVE-2016-4342 (ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before
5.6.18, and ...)
+ {DLA-818-1}
- php5 5.6.18+dfsg-1
[jessie] - php5 5.6.19+dfsg-0+deb8u1
[wheezy] - php5 <no-dsa> (Minor issue, can be fixed in next update
round)
@@ -38282,6 +38319,7 @@
NOTE:
https://git.php.net/?p=php-src.git;a=commit;h=1c1b8b69982375700d4b011eb89ea48b66dbd5aa
NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
CVE-2016-2554 (Stack-based buffer overflow in ext/phar/tar.c in PHP before
5.5.32, ...)
+ {DLA-818-1}
- php5 5.6.18+dfsg-1
[jessie] - php5 5.6.19+dfsg-0+deb8u1
[wheezy] - php5 <no-dsa> (Minor issue, can be fixed in next update
round)
@@ -40154,8 +40192,8 @@
NOT-FOR-US: Firmware in Lexmark printers
CVE-2016-1895
RESERVED
-CVE-2016-1894
- RESERVED
+CVE-2016-1894 (NetApp OnCommand Workflow Automation before 3.1P2 allows remote
...)
+ TODO: check
CVE-2016-1893
RESERVED
CVE-2016-1892
@@ -41480,8 +41518,8 @@
RESERVED
CVE-2016-1506
RESERVED
-CVE-2016-1502
- RESERVED
+CVE-2016-1502 (NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers
to ...)
+ TODO: check
CVE-2016-1497 (The Configuration utility in F5 BIG-IP systems 11.0.x, 11.1.x,
11.2.x ...)
NOT-FOR-US: F5 BIG-IP
CVE-2016-1496 (The graphics driver in Huawei P8 smartphones with software
GRA-TL00 ...)
@@ -41511,8 +41549,7 @@
NOTE:
http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9def1300d7ba990679571fa30
NOTE: http://www.openwall.com/lists/oss-security/2016/01/07/3
NOTE: dhcpcd 3.2.3-<rev> in squeeze and wheezy differ very much from
dhcpcd5 in later Debian versions.
-CVE-2016-1504 [invalid read/crash via malformed dhcp responses]
- RESERVED
+CVE-2016-1504 (dhcpcd before 6.10.0 allows remote attackers to cause a denial
of ...)
- dhcpcd5 6.10.1-1 (bug #810620)
[wheezy] - dhcpcd5 <not-affected> (Vulnerable code not present)
- dhcpcd <not-affected> (Vulnerable code not present)
@@ -43630,8 +43667,7 @@
RESERVED
CVE-2015-8609
RESERVED
-CVE-2015-8608 [VDir::MapPathA/W Out-of-bounds Reads and Buffer Over-reads]
- RESERVED
+CVE-2015-8608 (The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22
allow ...)
- perl <not-affected> (Only affects Perl on Windows)
NOTE: https://rt.perl.org/Public/Bug/Display.html?id=126755
CVE-2015-8607 (The canonpath function in the File::Spec module in PathTools
before ...)
@@ -44474,8 +44510,8 @@
RESERVED
CVE-2015-8545
RESERVED
-CVE-2015-8544
- RESERVED
+CVE-2015-8544 (NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1
before ...)
+ TODO: check
CVE-2015-8542 (An issue was discovered in Open-Xchange Guard before
2.2.0-rev8. The ...)
TODO: check
CVE-2015-8556 [Local Privilege Escalation in QEMU virtfs-proxy-helper]
@@ -46840,8 +46876,8 @@
NOTE: Workaround entry for DLA-390-1 (since no CVE for this issue)
CVE-2015-8323
RESERVED
-CVE-2015-8322
- RESERVED
+CVE-2015-8322 (NetApp OnCommand System Manager 8.3.x before 8.3.2 allows
remote ...)
+ TODO: check
CVE-2015-8326 [Use of predictable names for temporary files]
RESERVED
- libiptables-parse-perl 1.6-1
@@ -49085,8 +49121,8 @@
NOT-FOR-US: PCMan's FTP Server
CVE-2015-7600 (Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions
for ...)
NOT-FOR-US: Cisco VPN Client
-CVE-2015-7599
- RESERVED
+CVE-2015-7599 (Integer overflow in the _authenticate function in svc_auth.c in
Wind ...)
+ TODO: check
CVE-2015-7598
RESERVED
CVE-2015-7597
@@ -54246,8 +54282,8 @@
RESERVED
CVE-2015-5678
RESERVED
-CVE-2015-5677
- RESERVED
+CVE-2015-5677 (bsnmpd, as used in FreeBSD 9.3, 10.1, and 10.2, uses
world-readable ...)
+ TODO: check
CVE-2015-5676
RESERVED
CVE-2015-5675 [IRET privilege escalation]
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
