Author: sectracker
Date: 2017-02-09 21:10:19 +0000 (Thu, 09 Feb 2017)
New Revision: 48807
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-09 21:06:19 UTC (rev 48806)
+++ data/CVE/list 2017-02-09 21:10:19 UTC (rev 48807)
@@ -1,3 +1,5 @@
+CVE-2017-5941 (An issue was discovered in the node-serialize package 0.0.4 for
...)
+ TODO: check
CVE-2017-5939
RESERVED
CVE-2017-5936
@@ -170,6 +172,7 @@
RESERVED
CVE-2017-5938 [viewc Cross-Site Scripting (XSS) vulnerability]
RESERVED
+ {DSA-3784-1}
- viewvc 1.1.26-1 (bug #854681)
NOTE: http://www.openwall.com/lists/oss-security/2017/02/08/7
NOTE:
https://github.com/viewvc/viewvc/commit/9dcfc7daa4c940992920d3b2fbd317da20e44aad
@@ -599,106 +602,89 @@
- libevent <unfixed> (bug #854092)
NOTE: https://github.com/libevent/libevent/issues/317
NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/17
-CVE-2017-5848 [gst-plugins-bad/mpegdemux: Invalid memory read in
gst_ps_demux_parse_psm]
- RESERVED
+CVE-2017-5848 (The gst_ps_demux_parse_psm function in
gst/mpegdemux/gstmpegdemux.c in ...)
- gst-plugins-bad1.0 <unfixed> (low)
- gst-plugins-bad0.10 <undetermined>
NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777957
-CVE-2017-5847 [gst-plugins-ugly/asfdemux: out of bounds read in
gst_asf_demux_process_ext_content_desc]
- RESERVED
+CVE-2017-5847 (The gst_asf_demux_process_ext_content_desc function in ...)
- gst-plugins-ugly1.0 <unfixed> (low)
- gst-plugins-ugly0.10 <undetermined>
NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777955
-CVE-2017-5846 [gst-plugins-ugly/asfdemux: invalid memory read in
gst_asf_demux_process_ext_stream_props()]
- RESERVED
+CVE-2017-5846 (The gst_asf_demux_process_ext_stream_props function in ...)
- gst-plugins-ugly1.0 1.10.3-1 (low)
- gst-plugins-ugly0.10 <undetermined>
NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777937
-CVE-2017-5845 [gst-plugins-good/avidemux: invalid memory read in
gst_avi_demux_parse_ncdt]
- RESERVED
+CVE-2017-5845 (The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c
in ...)
- gst-plugins-good1.0 1.10.3-1 (low)
- gst-plugins-good0.10 <undetermined>
NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777532
-CVE-2017-5844 [gst-plugins-base: floating point exception in
gst_riff_create_audio_caps (another one)]
- RESERVED
+CVE-2017-5844 (The gst_riff_create_audio_caps function in ...)
- gst-plugins-base1.0 1.10.3-1 (low)
- gst-plugins-base0.10 <undetermined>
NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777525
-CVE-2017-5843 [gst-plugins-bad/mxfdemux: use after free in
gst_mini_object_unref / gst_tag_list_unref /
gst_mxf_demux_update_essence_tracks]
- RESERVED
+CVE-2017-5843 (Multiple use-after-free vulnerabilities in the (1) ...)
- gst-plugins-bad1.0 1.10.3-1
- gst-plugins-bad0.10 <undetermined>
NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777503
-CVE-2017-5842 [gst-plugins-base/samiparse: heap oob in
html_context_handle_element]
- RESERVED
+CVE-2017-5842 (The html_context_handle_element function in
gst/subparse/samiparse.c ...)
- gst-plugins-base1.0 1.10.3-1
- gst-plugins-base0.10 <undetermined>
NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777502
-CVE-2017-5841 [gst-plugins-good/avidemux: gst_avi_demux_parse_ncdt heap out of
bounds read]
- RESERVED
+CVE-2017-5841 (The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c
in ...)
- gst-plugins-good1.0 1.10.3-1 (low)
- gst-plugins-good0.10 <undetermined>
NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777500
-CVE-2017-5840 [gst-plugins-good/qtdemux: out of bounds heap read in
qtdemux_parse_samples]
- RESERVED
+CVE-2017-5840 (The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in
...)
- gst-plugins-good1.0 1.10.3-1 (low)
- gst-plugins-good0.10 <undetermined>
NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777469
-CVE-2017-5839 [gst-plugins-base/riff: stack overflow in
gst_riff_create_audio_caps]
- RESERVED
+CVE-2017-5839 (The gst_riff_create_audio_caps function in ...)
- gst-plugins-base1.0 1.10.3-1
- gst-plugins-base0.10 <undetermined>
NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777265
-CVE-2017-5838 [gstreamer core/datetime: out of bounds read in
gst_date_time_new_from_iso8601_string()]
- RESERVED
+CVE-2017-5838 (The gst_date_time_new_from_iso8601_string function in ...)
- gstreamer1.0 1.10.3-1 (low)
- gstreamer0.10 <undetermined>
NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777263
-CVE-2017-5837 [gst-plugins-base/riff-media: floating point exception in
gst_riff_create_audio_caps]
- RESERVED
+CVE-2017-5837 (The gst_riff_create_audio_caps function in ...)
- gst-plugins-base1.0 1.10.3-1 (low)
- gst-plugins-base0.10 <undetermined>
NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777262
-CVE-2016-10199 [gst-plugins-good/qtdemux: out of bounds read in
qtdemux_tag_add_str_full]
- RESERVED
+CVE-2016-10199 (The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c
in ...)
- gst-plugins-good1.0 1.10.3-1 (low)
- gst-plugins-good0.10 <undetermined>
NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775451
-CVE-2016-10198 [gstreamer invalid memory read in gst_aac_parse_sink_setcaps]
- RESERVED
+CVE-2016-10198 (The gst_aac_parse_sink_setcaps function in ...)
- gst-plugins-good1.0 1.10.3-1 (low)
- gst-plugins-good0.10 <undetermined>
NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775450
CVE-2016-XXXX [iio-sensor-proxy: insecure dbus policy]
- iio-sensor-proxy 2.0-4 (bug #853951)
-CVE-2016-10192 [ffmpeg ffserver.c]
- RESERVED
+CVE-2016-10192 (Heap-based buffer overflow in ffserver.c in FFmpeg before
2.8.10, ...)
- ffmpeg 7:3.2.2-1
- libav <undetermined>
NOTE: Patch:
https://github.com/FFmpeg/FFmpeg/commit/a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156
NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/12
-CVE-2016-10191 [ffmpeg libavformat/rtmppkt.c]
- RESERVED
+CVE-2016-10191 (Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg
before ...)
- ffmpeg 7:3.2.2-1
- libav <undetermined>
NOTE: Patch:
https://github.com/FFmpeg/FFmpeg/commit/7d57ca4d9a75562fa32e40766211de150f8b3ee7
NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/12
-CVE-2016-10190 [ffmpeg libavformat/http.c]
- RESERVED
+CVE-2016-10190 (Heap-based buffer overflow in libavformat/http.c in FFmpeg
before ...)
- ffmpeg 7:3.2.2-1
- libav <undetermined>
NOTE: Patch:
https://github.com/FFmpeg/FFmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa
@@ -876,8 +862,8 @@
RESERVED
CVE-2017-5635
RESERVED
-CVE-2017-5634
- RESERVED
+CVE-2017-5634 (The Norwegian Air Shuttle (aka norwegian.com) airline kiosk
allows ...)
+ TODO: check
CVE-2017-5633
RESERVED
CVE-2017-5632 (An issue was discovered on the ASUS RT-N56U Wireless Router
with ...)
@@ -986,7 +972,7 @@
NOTE: https://bugs.bitlbee.org/ticket/1281
NOTE: Fixed by:
https://github.com/bitlbee/bitlbee/commit/ea902752503fc5b356d6513911081ec932d804f2
(3.5)
NOTE: http://www.openwall.com/lists/oss-security/2017/01/30/4
-CVE-2017-5940 [Incomplete fix for CVE-2017-5180]
+CVE-2017-5940 (Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS
does not ...)
- firejail 0.9.44.6-1
NOTE: Changelog mentions the new fix for CVE-2017-5180 in RELNOTES for
0.9.44.6
NOTE: an needs series of commits after 0.9.44.4
@@ -2712,8 +2698,7 @@
RESERVED
CVE-2016-10110
RESERVED
-CVE-2017-5180 [firejail local root exploit]
- RESERVED
+CVE-2017-5180 (Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS
does not ...)
- firejail 0.9.44.2-3 (bug #850160)
NOTE: http://www.openwall.com/lists/oss-security/2017/01/04/1
NOTE: https://github.com/netblue30/firejail/issues/1020
@@ -5637,8 +5622,8 @@
RESERVED
CVE-2017-3814 (A vulnerability in Cisco Firepower System Software could allow
an ...)
NOT-FOR-US: Cisco Firepower System Software
-CVE-2017-3813
- RESERVED
+CVE-2017-3813 (A vulnerability in the Start Before Logon (SBL) module of Cisco
...)
+ TODO: check
CVE-2017-3812 (A vulnerability in the implementation of Common Industrial
Protocol ...)
NOT-FOR-US: Cisco Industrial Ethernet 2000 Series Switches
CVE-2017-3811
@@ -5649,8 +5634,8 @@
NOT-FOR-US: Cisco Firepower Management Center
CVE-2017-3808
RESERVED
-CVE-2017-3807
- RESERVED
+CVE-2017-3807 (A vulnerability in Common Internet Filesystem (CIFS) code in
the ...)
+ TODO: check
CVE-2017-3806 (A vulnerability in CLI command processing in the Cisco
Firepower 4100 ...)
NOT-FOR-US: Cisco Firepower
CVE-2017-3805 (A vulnerability in the web-based management interface of Cisco
IOS and ...)
@@ -15849,8 +15834,7 @@
RESERVED
CVE-2016-9245
RESERVED
-CVE-2016-9244
- RESERVED
+CVE-2016-9244 (A BIG-IP virtual server configured with a Client SSL profile
that has ...)
NOT-FOR-US: F5 TLS stack
NOTE: https://ticketbleed.com/
CVE-2016-9243 [HKDF might return an empty byte-string]
@@ -18123,8 +18107,8 @@
RESERVED
CVE-2016-8495
RESERVED
-CVE-2016-8494
- RESERVED
+CVE-2016-8494 (Insufficient verification of uploaded files allows attackers
with ...)
+ TODO: check
CVE-2016-8493
RESERVED
CVE-2016-8492 (The implementation of an ANSI X9.31 RNG in Fortinet FortiWLC
allows ...)
@@ -26133,8 +26117,7 @@
CVE-2016-1000004
RESERVED
- hhvm 3.12.11+dfsg-1
-CVE-2016-6173
- RESERVED
+CVE-2016-6173 (NSD before 4.1.11 allows remote DNS master servers to cause a
denial ...)
- nsd <unfixed> (unimportant; bug #830806)
NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790
NOTE: Not considered a security issue due to trust relationship, see
#830806
@@ -26144,8 +26127,7 @@
NOTE: https://github.com/PowerDNS/pdns/issues/4128
NOTE: Master: https://github.com/PowerDNS/pdns/pull/4133
NOTE: 3.4.x: https://github.com/PowerDNS/pdns/pull/4134
-CVE-2016-6171
- RESERVED
+CVE-2016-6171 (Knot DNS before 2.3.0 allows remote DNS servers to cause a
denial of ...)
- knot 2.3.0-1 (bug #830809)
[jessie] - knot <no-dsa> (Minor issue)
NOTE: https://gitlab.labs.nic.cz/labs/knot/merge_requests/541
@@ -27357,8 +27339,7 @@
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Upstream fix:
https://git.kernel.org/linus/9bf292bfca94694a721449e3fd752493856710f6 (v4.7-rc1)
NOTE: Introduced in:
https://git.kernel.org/linux/f69bcbf3b4c4b333dcd7a48eaf868bf0c88edab5
(v3.13-rc1)
-CVE-2015-8936 [squidguard reflected XSS]
- RESERVED
+CVE-2015-8936 (Cross-site scripting (XSS) vulnerability in squidGuard.cgi in
...)
{DLA-524-1}
- squidguard 1.5-5 (unimportant)
NOTE: Only affects an example script
@@ -27556,11 +27537,9 @@
NOTE: No further information provided, but this is very likely a dupe
of CVE-2016-8710
CVE-2016-1000003 (Mirror Manager version 0.7.2 and older is vulnerable to
remote code ...)
TODO: check
-CVE-2016-5727
- RESERVED
+CVE-2016-5727 (LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote
...)
NOT-FOR-US: Simple Machines Forum
-CVE-2016-5726
- RESERVED
+CVE-2016-5726 (Packages.php in Simple Machines Forum (SMF) 2.1 allows remote
...)
NOT-FOR-US: Simple Machines Forum
CVE-2016-5691 (The DCM reader in ImageMagick before 6.9.4-5 and 7.x before
7.0.1-7 ...)
{DSA-3652-1 DLA-731-1}
@@ -30346,16 +30325,13 @@
CVE-2016-4989
RESERVED
NOT-FOR-US: setroubleshoot
-CVE-2016-4988
- RESERVED
+CVE-2016-4988 (Cross-site scripting (XSS) vulnerability in the Build Failure
Analyzer ...)
NOT-FOR-US: Jenkins plugin
NOTE:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20
-CVE-2016-4987
- RESERVED
+CVE-2016-4987 (Directory traversal vulnerability in the Image Gallery plugin
before ...)
NOT-FOR-US: Jenkins plugin
NOTE:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20
-CVE-2016-4986
- RESERVED
+CVE-2016-4986 (Directory traversal vulnerability in the TAP plugin before 1.25
in ...)
NOT-FOR-US: Jenkins plugin
NOTE:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20
CVE-2016-4985 (The ironic-api service in OpenStack Ironic before 4.2.5
(Liberty) and ...)
@@ -35744,11 +35720,9 @@
NOTE: to 2.6, and did not complete a full upgrade
CVE-2016-3103
RESERVED
-CVE-2016-3102
- RESERVED
+CVE-2016-3102 (The Script Security plugin before 1.18.1 in Jenkins might allow
remote ...)
- jenkins <removed>
-CVE-2016-3101
- RESERVED
+CVE-2016-3101 (Cross-site scripting (XSS) vulnerability in the Extra Columns
plugin ...)
- jenkins <removed>
CVE-2016-3100 (kinit in KDE Frameworks before 5.23.0 uses weak permissions
(644) for ...)
- kinit 5.23.0-1 (bug #827476)
@@ -36545,15 +36519,13 @@
NOTE: Introduced in:
http://git.qemu.org/?p=qemu.git;a=commit;h=a9b7b2ad7b075dba5495271706670e5c6b1304bc
(v1.3.0-rc0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1314676
NOTE: http://www.openwall.com/lists/oss-security/2016/03/04/1
-CVE-2015-8832 [media exclusion control enforcement]
- RESERVED
+CVE-2015-8832 (Multiple incomplete blacklist vulnerabilities in ...)
- dotclear <removed> (bug #815979)
NOTE: https://hg.dotclear.org/dotclear/rev/198580bc3d80
NOTE: https://dotclear.org/blog/post/2015/10/25/Dotclear-2.8.2
NOTE: Fixed upstream in 2.8.2
NOTE: http://www.openwall.com/lists/oss-security/2016/03/05/4
-CVE-2015-8831 [potential XSS vulnerability in comments's list]
- RESERVED
+CVE-2015-8831 (Cross-site scripting (XSS) vulnerability in admin/comments.php
in ...)
- dotclear <removed> (bug #815979)
NOTE: https://hg.dotclear.org/dotclear/rev/65e65154dadf
NOTE: https://dotclear.org/blog/post/2015/10/25/Dotclear-2.8.2
@@ -39104,14 +39076,12 @@
- spice 0.12.6-4.1 (bug #826584)
CVE-2016-2149 (Red Hat OpenShift Enterprise 3.2 allows remote authenticated
users to ...)
NOT-FOR-US: OpenShift
-CVE-2016-2148 [heap overflow in OPTION_6RD parsing]
- RESERVED
+CVE-2016-2148 (Heap-based buffer overflow in the DHCP client (udhcpc) in
BusyBox ...)
- busybox <unfixed> (bug #818497)
[jessie] - busybox <no-dsa> (Minor issue)
[wheezy] - busybox <no-dsa> (Minor issue)
NOTE:
https://git.busybox.net/busybox/commit/?id=352f79acbd759c14399e39baef21fc4ffe180ac2
-CVE-2016-2147 [OOB heap write due to integer underflow]
- RESERVED
+CVE-2016-2147 (Integer overflow in the DHCP client (udhcpc) in BusyBox before
1.25.0 ...)
- busybox <unfixed> (bug #818499)
[jessie] - busybox <no-dsa> (Minor issue)
[wheezy] - busybox <no-dsa> (Minor issue)
@@ -53275,10 +53245,10 @@
RESERVED
CVE-2015-6025
RESERVED
-CVE-2015-6024
- RESERVED
-CVE-2015-6023
- RESERVED
+CVE-2015-6024 (ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with
...)
+ TODO: check
+CVE-2015-6023 (ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with
...)
+ TODO: check
CVE-2015-6022 (Unrestricted file upload vulnerability in QNAP Signage Station
before ...)
NOT-FOR-US: QNAP Signage Station
CVE-2015-6021
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
