Author: sectracker
Date: 2017-03-02 09:10:13 +0000 (Thu, 02 Mar 2017)
New Revision: 49357
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-02 08:36:51 UTC (rev 49356)
+++ data/CVE/list 2017-03-02 09:10:13 UTC (rev 49357)
@@ -1,80 +1,165 @@
-CVE-2017-6422
+CVE-2017-6426
RESERVED
-CVE-2017-6421
+CVE-2017-6425
RESERVED
-CVE-2017-6420
+CVE-2017-6424
RESERVED
-CVE-2017-6419
+CVE-2017-6423
RESERVED
-CVE-2017-6418
+CVE-2016-10242
RESERVED
-CVE-2017-6417
+CVE-2016-10241
RESERVED
-CVE-2017-6416
+CVE-2016-10240
RESERVED
-CVE-2017-6415
+CVE-2016-10239
RESERVED
-CVE-2017-6414 [libcacard: host memory leakage while creating new APDU]
+CVE-2016-10238
RESERVED
- - libcacard <unfixed> (bug #856501)
- NOTE: Fixed by:
https://cgit.freedesktop.org/spice/libcacard/commit/?id=9113dc6a303604a2d9812ac70c17d076ef11886c
- TODO: check
-CVE-2017-6413 [does not scrub headers for "AuthType oauth20"]
+CVE-2016-10237
RESERVED
- - libapache2-mod-auth-openidc 2.1.6-1
- NOTE:
https://github.com/pingidentity/mod_auth_openidc/commit/21e3728a825c41ab41efa75e664108051bb9665e
-CVE-2017-6412
+CVE-2016-10236
RESERVED
-CVE-2017-6411
+CVE-2016-10235
RESERVED
-CVE-2017-6410
+CVE-2016-10234
RESERVED
-CVE-2017-6409
+CVE-2016-10233
RESERVED
-CVE-2017-6408
+CVE-2016-10232
RESERVED
-CVE-2017-6407
+CVE-2016-10231
RESERVED
-CVE-2017-6406
+CVE-2016-10230
RESERVED
-CVE-2017-6405
+CVE-2016-10229
RESERVED
-CVE-2017-6404
+CVE-2015-9003
RESERVED
-CVE-2017-6403
+CVE-2015-9002
RESERVED
-CVE-2017-6402
+CVE-2015-9001
RESERVED
-CVE-2017-6401
+CVE-2015-9000
RESERVED
-CVE-2017-6400
+CVE-2015-8999
RESERVED
-CVE-2017-6399
+CVE-2015-8998
RESERVED
-CVE-2017-6398
+CVE-2015-8997
RESERVED
-CVE-2017-6397
+CVE-2015-8996
RESERVED
-CVE-2017-6396
+CVE-2015-8995
RESERVED
-CVE-2017-6395
+CVE-2014-9937
RESERVED
-CVE-2017-6394
+CVE-2014-9936
RESERVED
-CVE-2017-6393
+CVE-2014-9935
RESERVED
-CVE-2017-6392
+CVE-2014-9934
RESERVED
-CVE-2017-6391
+CVE-2014-9933
RESERVED
-CVE-2017-6390
+CVE-2014-9932
RESERVED
+CVE-2014-9931
+ RESERVED
+CVE-2014-9930
+ RESERVED
+CVE-2014-9929
+ RESERVED
+CVE-2014-9928
+ RESERVED
+CVE-2014-9927
+ RESERVED
+CVE-2014-9926
+ RESERVED
+CVE-2014-9925
+ RESERVED
+CVE-2014-9924
+ RESERVED
+CVE-2014-9923
+ RESERVED
+CVE-2014-9922
+ RESERVED
+CVE-2017-6422
+ RESERVED
+CVE-2017-6421
+ RESERVED
+CVE-2017-6420
+ RESERVED
+CVE-2017-6419
+ RESERVED
+CVE-2017-6418
+ RESERVED
+CVE-2017-6417
+ RESERVED
+CVE-2017-6416
+ RESERVED
+CVE-2017-6415 (The dex_parse_debug_item function in libr/bin/p/bin_dex.c in
radare2 ...)
+ TODO: check
+CVE-2017-6414 [libcacard: host memory leakage while creating new APDU]
+ RESERVED
+ - libcacard <unfixed> (bug #856501)
+ NOTE: Fixed by:
https://cgit.freedesktop.org/spice/libcacard/commit/?id=9113dc6a303604a2d9812ac70c17d076ef11886c
+ TODO: check
+CVE-2017-6413 (The "OpenID Connect Relying Party and OAuth 2.0 Resource
Server" (aka ...)
+ - libapache2-mod-auth-openidc 2.1.6-1
+ NOTE:
https://github.com/pingidentity/mod_auth_openidc/commit/21e3728a825c41ab41efa75e664108051bb9665e
+CVE-2017-6412
+ RESERVED
+CVE-2017-6411
+ RESERVED
+CVE-2017-6410 (kpac/script.cpp in KDE kio before 5.32 and kdelibs before
4.14.30 calls ...)
+ TODO: check
+CVE-2017-6409 (An issue was discovered in Veritas NetBackup 8.0 and earlier
and ...)
+ TODO: check
+CVE-2017-6408 (An issue was discovered in Veritas NetBackup 8.0 and earlier
and ...)
+ TODO: check
+CVE-2017-6407 (An issue was discovered in Veritas NetBackup Before 7.7.2 and
NetBackup ...)
+ TODO: check
+CVE-2017-6406 (An issue was discovered in Veritas NetBackup Before 7.7.2 and
NetBackup ...)
+ TODO: check
+CVE-2017-6405 (An issue was discovered in Veritas NetBackup 8.0 and earlier
and ...)
+ TODO: check
+CVE-2017-6404 (An issue was discovered in Veritas NetBackup Before 7.7 and
NetBackup ...)
+ TODO: check
+CVE-2017-6403 (An issue was discovered in Veritas NetBackup Before 8.0 and
NetBackup ...)
+ TODO: check
+CVE-2017-6402 (An issue was discovered in Veritas NetBackup 8.0 and earlier
and ...)
+ TODO: check
+CVE-2017-6401 (An issue was discovered in Veritas NetBackup before 8.0 and
NetBackup ...)
+ TODO: check
+CVE-2017-6400 (An issue was discovered in Veritas NetBackup Before 7.7.2 and
NetBackup ...)
+ TODO: check
+CVE-2017-6399 (An issue was discovered in Veritas NetBackup Before 7.7.2 and
NetBackup ...)
+ TODO: check
+CVE-2017-6398
+ RESERVED
+CVE-2017-6397 (An issue was discovered in FlightAirMap v1.0-beta.10. The
vulnerability ...)
+ TODO: check
+CVE-2017-6396 (An issue was discovered in WPO-Foundation WebPageTest 3.0. The
...)
+ TODO: check
+CVE-2017-6395 (An issue was discovered in HashOver 2.0. The vulnerability
exists due ...)
+ TODO: check
+CVE-2017-6394 (An issue was discovered in OpenEMR 5.0.1-dev. The vulnerability
exists ...)
+ TODO: check
+CVE-2017-6393 (An issue was discovered in NagVis 1.9b12. The vulnerability
exists due ...)
+ TODO: check
+CVE-2017-6392 (An issue was discovered in Kaltura server Lynx-12.11.0. The ...)
+ TODO: check
+CVE-2017-6391 (An issue was discovered in Kaltura server Lynx-12.11.0. The ...)
+ TODO: check
+CVE-2017-6390 (An issue was discovered in whatanime.ga before ...)
+ TODO: check
CVE-2017-6389
RESERVED
CVE-2017-6388
RESERVED
-CVE-2017-6387
- RESERVED
+CVE-2017-6387 (The dex_loadcode function in libr/bin/p/bin_dex.c in radare2
1.2.1 ...)
+ TODO: check
CVE-2017-6386 [memory leakage while in vrend_create_vertex_elements_state]
RESERVED
- virglrenderer <unfixed>
@@ -137,8 +222,7 @@
RESERVED
CVE-2017-6356
RESERVED
-CVE-2015-8994 [check cached files permissions]
- RESERVED
+CVE-2015-8994 (An issue was discovered in PHP 5.x and 7.x, when the
configuration ...)
- php7.1 <not-affected> (Fixed before initial upload to Debian)
- php7.0 7.0.14-1
- php5 <removed>
@@ -259,8 +343,8 @@
RESERVED
CVE-2017-6320
RESERVED
-CVE-2017-6319
- RESERVED
+CVE-2017-6319 (The dex_parse_debug_item function in libr/bin/p/bin_dex.c in
radare2 ...)
+ TODO: check
CVE-2017-6318 [saned: SANE_NET_CONTROL_OPTION response packet may contain
memory contents of the server]
RESERVED
- sane-backends <unfixed> (bug #854804)
@@ -773,8 +857,7 @@
RESERVED
CVE-2017-6102
RESERVED
-CVE-2017-6384 [atheme: memory leak could lead to DOS]
- RESERVED
+CVE-2017-6384 (Memory leak in the login_user function in saslserv/main.c in
...)
- atheme-services 7.2.9-1 (bug #855588)
[jessie] - atheme-services <not-affected> (versions prior to 7.2.7 not
vulnerable)
NOTE: 7.2.7 vulnerable, fixed in 7.2.8, but the fix introduced another
DOS, fixed in 7.2.9
@@ -827,8 +910,7 @@
NOT-FOR-US: FastStone MaxView
CVE-2017-6077 (ping.cgi on NETGEAR DGN2200 devices with firmware through
10.0.0.50 ...)
NOT-FOR-US: NETGEAR
-CVE-2016-10228 [glibc iconv program can hang when invoked with the -c option]
- RESERVED
+CVE-2016-10228 (The iconv program in the GNU C Library (aka glibc or libc6)
2.25 and ...)
- glibc <unfixed> (bug #856503)
[jessie] - glibc <no-dsa> (Minor issue)
- eglibc <removed>
@@ -1432,8 +1514,7 @@
RESERVED
- libapache2-mod-auth-openidc 2.1.5-1
NOTE: https://github.com/pingidentity/mod_auth_openidc/issues/212
-CVE-2017-6062 [OIDCUnAuthAction pass does not scrub request headers]
- RESERVED
+CVE-2017-6062 (The "OpenID Connect Relying Party and OAuth 2.0 Resource
Server" (aka ...)
- libapache2-mod-auth-openidc 2.1.5-1
[jessie] - libapache2-mod-auth-openidc <not-affected> (support for
OIDCUnAuthAction added in 1.8.5rc1)
NOTE: https://github.com/pingidentity/mod_auth_openidc/issues/222
@@ -3244,27 +3325,27 @@
NOTE: https://github.com/mdadams/jasper/issues/62
CVE-2017-5506 [double free in profile]
RESERVED
- {DLA-807-1}
+ {DSA-3799-1 DLA-807-1}
- imagemagick 8:6.9.7.4+dfsg-1 (bug #851383)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/354
NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/6235f1f7a9f7b0f83b197f6cd0073dbb6602d0fb
CVE-2017-5507 [memory leak in MPC file handling]
RESERVED
- {DLA-807-1}
+ {DSA-3799-1 DLA-807-1}
- imagemagick 8:6.9.7.4+dfsg-1 (bug #851382)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/4493d9ca1124564da17f9b628ef9d0f1a6be9738
NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
CVE-2017-5508 [Crash - PushQuantumPixel - Heap-Buffer-Overflow (TIFF)]
RESERVED
- {DLA-807-1}
+ {DSA-3799-1 DLA-807-1}
- imagemagick 8:6.9.7.4+dfsg-1 (bug #851381)
NOTE:
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31161
NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/379e21cd32483df6e128147af3bc4ce1f82eb9c4
CVE-2016-10146 [memory leak in caption and label handling]
RESERVED
- {DLA-807-1}
+ {DSA-3799-1 DLA-807-1}
- imagemagick 8:6.9.7.0+dfsg-2 (bug #851380)
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/aeff00de228bc5a158c2a975ab47845d8a1db456
NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
@@ -3283,27 +3364,27 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
CVE-2017-5510 [memory corruption heap overflow, psb file related, another one]
RESERVED
- {DLA-807-1}
+ {DSA-3799-1 DLA-807-1}
- imagemagick 8:6.9.7.4+dfsg-1 (bug #851376)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/348
NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/e87af64b1ff1635a32d9b6162f1b0e260fb54ed9
CVE-2017-5511 [memory corruption heap overflow, psb file related]
RESERVED
- {DLA-807-1}
+ {DSA-3799-1 DLA-807-1}
- imagemagick 8:6.9.7.4+dfsg-1 (bug #851374)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/347
NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/7d65a814ac76bd04760072c33e452371692ee790
CVE-2016-10144 [ipl file missing malloc check]
RESERVED
- {DLA-807-1}
+ {DSA-3799-1 DLA-807-1}
- imagemagick 8:6.9.7.4+dfsg-1 (bug #851485)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/97566cf2806c0a5a86e884c96831a0c3b1ec6c20
NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
CVE-2016-10145 [wpg file off by one]
RESERVED
- {DLA-807-1}
+ {DSA-3799-1 DLA-807-1}
- imagemagick 8:6.9.7.4+dfsg-1 (bug #851483)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/d23beebe7b1179fb75db1e85fbca3100e49593d9
NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
@@ -6849,8 +6930,8 @@
NOT-FOR-US: Cisco
CVE-2017-3827 (A vulnerability in the Multipurpose Internet Mail Extensions
(MIME) ...)
NOT-FOR-US: Cisco
-CVE-2017-3826
- RESERVED
+CVE-2017-3826 (A vulnerability in the Stream Control Transmission Protocol
(SCTP) ...)
+ TODO: check
CVE-2017-3825
RESERVED
CVE-2017-3824 (A vulnerability in the handling of list headers in Cisco cBR
Series ...)
@@ -7136,12 +7217,12 @@
RESERVED
CVE-2016-9995
RESERVED
-CVE-2016-9994
- RESERVED
-CVE-2016-9993
- RESERVED
-CVE-2016-9992
- RESERVED
+CVE-2016-9994 (IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable
to SQL ...)
+ TODO: check
+CVE-2016-9993 (IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable
to SQL ...)
+ TODO: check
+CVE-2016-9992 (IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable
to SQL ...)
+ TODO: check
CVE-2016-9991
RESERVED
CVE-2016-9990
@@ -16373,6 +16454,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10062 [fwrite issue in ReadGROUP4Image]
RESERVED
+ {DSA-3799-1}
- imagemagick 8:6.9.7.4+dfsg-1 (bug #849439)
[wheezy] - imagemagick <no-dsa> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/196
@@ -18583,7 +18665,7 @@
CVE-2016-8708
REJECTED
CVE-2016-8707 (An exploitable out of bounds write exists in the handling of
...)
- {DLA-756-1}
+ {DSA-3799-1 DLA-756-1}
- imagemagick 8:6.9.7.0+dfsg-2 (bug #848139)
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0216/
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/e5fd9ab1b70b2edd06de8efb606e04482cb9a2f0
(7.0.3-9)
@@ -20267,10 +20349,10 @@
RESERVED
CVE-2016-8234
RESERVED
-CVE-2016-8233
- RESERVED
-CVE-2016-8232
- RESERVED
+CVE-2016-8233 (Log files generated by Lenovo XClarity Administrator (LXCA)
versions ...)
+ TODO: check
+CVE-2016-8232 (Document Object Model-(DOM) based cross-site scripting
vulnerability ...)
+ TODO: check
CVE-2016-8231
RESERVED
CVE-2016-8230
@@ -27925,8 +28007,8 @@
NOT-FOR-US: IBM
CVE-2016-5933
RESERVED
-CVE-2016-5932
- RESERVED
+CVE-2016-5932 (IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to
cross-site ...)
+ TODO: check
CVE-2016-5931
RESERVED
CVE-2016-5930
@@ -37586,10 +37668,10 @@
NOT-FOR-US: IBM
CVE-2016-2881 (IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7
and ...)
NOT-FOR-US: IBM
-CVE-2016-2880
- RESERVED
-CVE-2016-2879
- RESERVED
+CVE-2016-2880 (IBM QRadar 7.2 stores the encryption key used to encrypt the
service ...)
+ TODO: check
+CVE-2016-2879 (IBM QRadar 7.2 uses outdated hashing algorithms to hash certain
...)
+ TODO: check
CVE-2016-2878 (Multiple cross-site request forgery (CSRF) vulnerabilities in
IBM ...)
NOT-FOR-US: IBM
CVE-2016-2877 (IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7
uses weak ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
