Author: sectracker
Date: 2017-02-17 21:10:12 +0000 (Fri, 17 Feb 2017)
New Revision: 49034
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-17 21:09:28 UTC (rev 49033)
+++ data/CVE/list 2017-02-17 21:10:12 UTC (rev 49034)
@@ -1,3 +1,7 @@
+CVE-2017-6061
+ RESERVED
+CVE-2017-6060
+ RESERVED
CVE-2017-6058 [net: vmxnet3: OOB NetRxPkt::ehdr_buf access when doing vlan
stripping]
RESERVED
- qemu <unfixed>
@@ -538,6 +542,7 @@
[jessie] - gnome-keyring <no-dsa> (Minor issue)
[wheezy] - gnome-keyring <no-dsa> (Minor issue)
CVE-2017-6059 [information leak in error messages]
+ RESERVED
- libapache2-mod-auth-openidc 2.1.5-1
NOTE: https://github.com/pingidentity/mod_auth_openidc/issues/212
CVE-2017-6062 [OIDCUnAuthAction pass does not scrub request headers]
@@ -18485,7 +18490,7 @@
RESERVED
CVE-2016-8496
RESERVED
-CVE-2016-8495 (FortiManager does not properly validate TLS certificates when
probing ...)
+CVE-2016-8495 (An improper certificate validation vulnerability in Fortinet
...)
NOT-FOR-US: FortiManager
CVE-2016-8494 (Insufficient verification of uploaded files allows attackers
with ...)
NOT-FOR-US: Fortiguard
@@ -21649,8 +21654,7 @@
RESERVED
CVE-2016-7512
RESERVED
-CVE-2016-7511 [Integer Overflow]
- RESERVED
+CVE-2016-7511 (Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613
allows ...)
{DLA-635-1}
- dwarfutils 20160923-1 (bug #838757)
[jessie] - dwarfutils <no-dsa> (Minor issue, can be fixed in point
release)
@@ -21660,8 +21664,7 @@
NOTE: See though notes for CVE-2016-7410, the
3767305debcba8bd7e1c483ae48c509d25399252
NOTE: seem to be the ultimate fix upstream, introducing commit should
as well still be
NOTE: found.
-CVE-2016-7510 [Out-of-Bounds read]
- RESERVED
+CVE-2016-7510 (The read_line_table_program function in ...)
{DLA-635-1}
- dwarfutils 20160923-1 (bug #838756)
[jessie] - dwarfutils <no-dsa> (Minor issue, can be fixed in point
release)
@@ -22993,8 +22996,7 @@
RESERVED
CVE-2016-7095 (Exponent CMS before 2.3.9 is vulnerable to an attacker
uploading a ...)
NOT-FOR-US: Exponent CMS
-CVE-2016-7111
- RESERVED
+CVE-2016-7111 (MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak
Content ...)
- mantis <not-affected> (Vulnerable code introduced in 1.3.0-rc.2)
NOTE:
https://github.com/mantisbt/mantisbt/commit/b3511d2feb47eaee41feb5f69cf3c8a2c9acd229
NOTE: https://mantisbt.org/bugs/view.php?id=21263
@@ -23690,28 +23692,22 @@
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present,
vmxnet3 introduced in 1.5)
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg03176.html
NOTE:
http://git.qemu.org/?p=qemu.git;a=commit;h=47882fa4975bf0b58dd74474329fdd7154e8f04c
-CVE-2016-6875 [Fix infinite recursion in wddx]
- RESERVED
+CVE-2016-6875 (Infinite recursion in wddx in Facebook HHVM before 3.15.0
allows ...)
- hhvm 3.12.11+dfsg-1 (bug #835032)
NOTE:
https://github.com/facebook/hhvm/commit/1888810e77b446a79a7674784d5f139fcfa605e2
-CVE-2016-6874 [Fix recursion checks in array_*_recursive]
- RESERVED
+CVE-2016-6874 (The array_*_recursive functions in Facebook HHVM before 3.15.0
allows ...)
- hhvm 3.12.11+dfsg-1 (bug #835032)
NOTE:
https://github.com/facebook/hhvm/commit/05e706d98f748f609b19d8697e490eaab5007d69
-CVE-2016-6873 [Fix self recursion in compact]
- RESERVED
+CVE-2016-6873 (Self recursion in compact in Facebook HHVM before 3.15.0 allows
...)
- hhvm 3.12.11+dfsg-1 (bug #835032)
NOTE:
https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e
-CVE-2016-6872 [Fix integer overflow in StringUtil::implode]
- RESERVED
+CVE-2016-6872 (Integer overflow in StringUtil::implode in Facebook HHVM before
3.15.0 ...)
- hhvm 3.12.11+dfsg-1 (bug #835032)
NOTE:
https://github.com/facebook/hhvm/commit/2c9a8fcc73a151608634d3e712973d192027c271
-CVE-2016-6871 [Fix buffer overrun due to integer overflow in bcmath]
- RESERVED
+CVE-2016-6871 (Integer overflow in bcmath in Facebook HHVM before 3.15.0
allows ...)
- hhvm 3.12.11+dfsg-1 (bug #835032)
NOTE:
https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475
-CVE-2016-6870 [incorrect use of strndup]
- RESERVED
+CVE-2016-6870 (Out-of-bounds write in the (1) mb_detect_encoding, (2)
mb_send_mail, ...)
- hhvm 3.12.11+dfsg-1 (bug #835032)
NOTE:
https://github.com/facebook/hhvm/commit/365abe807cab2d60dc9ec307292a06181f77a9c2
CVE-2016-6866 (slock allows attackers to bypass the screen lock via vectors
involving ...)
@@ -26057,14 +26053,13 @@
NOTE: https://github.com/libarchive/libarchive/issues/711
NOTE: Fixed by:
https://github.com/libarchive/libarchive/commit/3014e19820ea53c15c90f9d447ca3e668a0b76c6
(v3.2.1)
NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/1
-CVE-2016-6252 [incorrect integer handling]
- RESERVED
+CVE-2016-6252 (Integer overflow in shadow 4.2.1 allows local users to gain
privileges ...)
- shadow 1:4.4-1 (bug #832170)
[wheezy] - shadow <not-affected> (Vulnerable code not present)
NOTE: https://github.com/shadow-maint/shadow/issues/27
NOTE: Fixed by:
https://github.com/shadow-maint/shadow/commit/1d5a926cc2d6078d23a96222b1ef3e558724dad1
(4.3.1)
CVE-2016-6251 [potentially unsafe use of getlogin]
- RESERVED
+ REJECTED
- shadow <unfixed> (unimportant)
NOTE: https://github.com/shadow-maint/shadow/issues/28
NOTE: The use of getlogin in shadow is safe, it is only used to
diferentiate
@@ -26385,21 +26380,18 @@
[jessie] - linux <not-affected> (Vulnerable code not present)
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/11f3710417d026ea2f4fcf362d866342c5274185 (v4.6-rc1)
-CVE-2016-6191 [Persistent Cross-Site Scripting in calendar]
- RESERVED
+CVE-2016-6191 (Multiple cross-site scripting (XSS) vulnerabilities in the View
Raw ...)
- sogo 3.2.4-0.2
[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
NOTE: https://sogo.nu/bugs/view.php?id=3718
NOTE:
http://github.com/inverse-inc/sogo/commit/64ce3c9c22fd9a28caabf11e76216cd53d0245aa
(SOGo-3.1.3)
-CVE-2016-6190 [Meta information can be derived from UID/DTSTAMP attributes
though "View the Date & Time" restricted access Backend Calendar]
- RESERVED
+CVE-2016-6190 (SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict
access to ...)
- sogo 3.2.4-0.2
[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
NOTE: Fix SOGo v2:
https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225
(SOGo-2.3.12)
NOTE: Fix SOGo v3:
https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d
(SOGo-3.1.1)
NOTE: https://sogo.nu/bugs/view.php?id=3696
-CVE-2016-6189 [Private information leakage through ics/XML feeds when
restricted to "View the Date & Time"]
- RESERVED
+CVE-2016-6189 (Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1
allows ...)
- sogo 3.2.4-0.2
[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
NOTE: Fix SOGo v2:
https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225
(SOGo-2.3.12)
@@ -27389,8 +27381,7 @@
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=97625
NOTE: https://github.com/perl5-dbi/DBD-mysql/pull/27
NOTE:
https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc
-CVE-2014-9905 [Script injection in calendar title]
- RESERVED
+CVE-2014-9905 (Multiple cross-site scripting (XSS) vulnerabilities in the Web
...)
- sogo 2.2.5-1
[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
NOTE:
https://github.com/inverse-inc/sogo/commit/1a7fc2a0e90a19dfb1fce292ae5ff53aa513ade9
(SOGo-2.2.0)
@@ -28787,8 +28778,7 @@
NOT-FOR-US: Huawei
CVE-2016-5365 (Stack-based buffer overflow in Huawei Honor WS851 routers with
...)
NOT-FOR-US: Huawei
-CVE-2016-5364
- RESERVED
+CVE-2016-5364 (Cross-site scripting (XSS) vulnerability in ...)
{DLA-512-1}
- mantis <removed>
NOTE: http://github.com/mantisbt/mantisbt/commit/5068df2d (1.2.x)
@@ -30849,20 +30839,17 @@
CVE-2016-5091 (Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and
8.1.1 ...)
- typo3-src <removed>
[wheezy] - typo3-src <end-of-life> (Not supported in Wheezy LTS)
-CVE-2016-5044
- RESERVED
+CVE-2016-5044 (The WRITE_UNALIGNED function in dwarf_elf_access.c in libdwarf
before ...)
- dwarfutils 20160507-1
[jessie] - dwarfutils <no-dsa> (Minor issue)
[wheezy] - dwarfutils <no-dsa> (Minor issue)
NOTE:
https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
-CVE-2016-5043
- RESERVED
+CVE-2016-5043 (The dwarf_dealloc function in libdwarf before 20160923 allows
remote ...)
- dwarfutils 20160507-1
[jessie] - dwarfutils <no-dsa> (Minor issue)
[wheezy] - dwarfutils <no-dsa> (Minor issue)
NOTE:
https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
-CVE-2016-5042
- RESERVED
+CVE-2016-5042 (The dwarf_get_aranges_list function in libdwarf before 20160923
allows ...)
{DLA-669-1}
- dwarfutils 20160507-1
[jessie] - dwarfutils 20120410-2+deb8u1
@@ -30873,80 +30860,67 @@
[jessie] - dwarfutils <no-dsa> (Minor issue)
[wheezy] - dwarfutils <no-dsa> (Minor issue)
NOTE:
https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
-CVE-2016-5040
- RESERVED
+CVE-2016-5040 (libdwarf before 20160923 allows remote attackers to cause a
denial of ...)
- dwarfutils 20160507-1
[jessie] - dwarfutils <no-dsa> (Minor issue)
[wheezy] - dwarfutils <no-dsa> (Minor issue)
NOTE:
https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
-CVE-2016-5039
- RESERVED
+CVE-2016-5039 (The get_attr_value function in libdwarf before 20160923 allows
remote ...)
{DLA-669-1}
- dwarfutils 20160507-1
[jessie] - dwarfutils 20120410-2+deb8u1
NOTE:
https://sourceforge.net/p/libdwarf/code/ci/eb1472afac95031d0c9dd8c11d527b865fe7deb8/
-CVE-2016-5038
- RESERVED
+CVE-2016-5038 (The dwarf_get_macro_startend_file function in dwarf_macro5.c in
...)
{DLA-669-1}
- dwarfutils 20160507+git20160523.9086738-1
[jessie] - dwarfutils 20120410-2+deb8u1
NOTE:
https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/
-CVE-2016-5037
- RESERVED
+CVE-2016-5037 (The _dwarf_load_section function in libdwarf before 20160923
allows ...)
- dwarfutils 20160507-1
[jessie] - dwarfutils <no-dsa> (Minor issue)
[wheezy] - dwarfutils <no-dsa> (Minor issue)
NOTE:
https://sourceforge.net/p/libdwarf/code/ci/b6ec2dfd850929821626ea63fb0a752076a3c08a/
-CVE-2016-5036
- RESERVED
+CVE-2016-5036 (The dump_block function in print_sections.c in libdwarf before
...)
{DLA-669-1}
- dwarfutils 20160507+git20160523.9086738-1
[jessie] - dwarfutils 20120410-2+deb8u1
NOTE:
https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/
-CVE-2016-5035
- RESERVED
+CVE-2016-5035 (The _dwarf_read_line_table_header function in ...)
- dwarfutils 20160507+git20160523.9086738-1
[jessie] - dwarfutils <no-dsa> (Minor issue)
[wheezy] - dwarfutils <no-dsa> (Minor issue)
NOTE:
https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/
-CVE-2016-5034
- RESERVED
+CVE-2016-5034 (dwarf_elf_access.c in libdwarf before 20160923 allows remote
attackers ...)
{DLA-669-1}
- dwarfutils 20160507+git20160523.9086738-1
[jessie] - dwarfutils 20120410-2+deb8u1
NOTE:
https://sourceforge.net/p/libdwarf/code/ci/10ca310f64368dc083efacac87732c02ef560a92/
-CVE-2016-5033
- RESERVED
+CVE-2016-5033 (The print_exprloc_content function in libdwarf before 20160923
allows ...)
- dwarfutils 20160507+git20160523.9086738-1
[jessie] - dwarfutils <no-dsa> (Minor issue)
[wheezy] - dwarfutils <no-dsa> (Minor issue)
NOTE:
https://sourceforge.net/p/libdwarf/code/ci/ac6673e32f3443a5d36c2217cb814000930b2c54/
-CVE-2016-5032
- RESERVED
+CVE-2016-5032 (The dwarf_get_xu_hash_entry function in libdwarf before
20160923 ...)
- dwarfutils 20160507+git20160523.9086738-1
[jessie] - dwarfutils <no-dsa> (Minor issue)
[wheezy] - dwarfutils <no-dsa> (Minor issue)
NOTE:
https://sourceforge.net/p/libdwarf/code/ci/ac6673e32f3443a5d36c2217cb814000930b2c54/
-CVE-2016-5031
- RESERVED
+CVE-2016-5031 (The print_frame_inst_bytes function in libdwarf before 20160923
allows ...)
- dwarfutils 20160507+git20160523.9086738-1
[jessie] - dwarfutils <no-dsa> (Minor issue)
[wheezy] - dwarfutils <no-dsa> (Minor issue)
NOTE:
https://sourceforge.net/p/libdwarf/code/ci/ac6673e32f3443a5d36c2217cb814000930b2c54/
-CVE-2016-5030
- RESERVED
+CVE-2016-5030 (The _dwarf_calculate_info_section_end_ptr function in libdwarf
before ...)
- dwarfutils 20160507+git20160523.9086738-1
[jessie] - dwarfutils <no-dsa> (Minor issue)
[wheezy] - dwarfutils <no-dsa> (Minor issue)
NOTE:
https://sourceforge.net/p/libdwarf/code/ci/6fa3f710ee6f21bba7966b963033a91d77c952bd/
-CVE-2016-5029
- RESERVED
+CVE-2016-5029 (The create_fullest_file_path function in libdwarf before
20160923 ...)
- dwarfutils 20160507+git20160523.9086738-1
[jessie] - dwarfutils <no-dsa> (Minor issue)
[wheezy] - dwarfutils <no-dsa> (Minor issue)
NOTE:
https://sourceforge.net/p/libdwarf/code/ci/acae971371daa23a19358bc62204007d258fbc5e/
-CVE-2016-5028
- RESERVED
+CVE-2016-5028 (The print_frame_inst_bytes function in libdwarf before 20160923
allows ...)
- dwarfutils 20160507+git20160523.9086738-1
[jessie] - dwarfutils <no-dsa> (Minor issue)
[wheezy] - dwarfutils <no-dsa> (Minor issue)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
