automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@45326 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: security tracker role <sectracker@debian.org> 2016-10-14 21:10:14 +0000
committer: security tracker role <sectracker@debian.org> 2016-10-14 21:10:14 +0000
commit: a2af18d6314042c69744e018ea2c76254447cb2b (patch)
tree: c399f2f61bb7985558b754833136076bd36797fd
parent: 1b5a54fb94e6e5b7625aba14a879e247c7d38ecb (diff)
4 files changed, 396 insertions, 275 deletions
diff --git a/data/CVE/2004.list b/data/CVE/2004.list
index 84f53288dc..5aa8f09e69 100644
--- a/data/CVE/2004.list
+++ b/data/CVE/2004.list
@@ -2474,7 +2474,7 @@ CVE-2004-1583 (Directory traversal vulnerability in the FTP server in TriDComm 1
 	NOT-FOR-US: FTP server in TriDComm
 CVE-2004-1582 (PHP remote file inclusion vulnerability in BlackBoard 1.5.1 allows ...)
 	NOT-FOR-US: BlackBoard
-CVE-2004-1581 (BlackBoard 1.5.1 allows remote attackers to gains sensitive ...)
+CVE-2004-1581 (BlackBoard 1.5.1 allows remote attackers to gain sensitive information ...)
 	NOT-FOR-US: BlackBoard
 CVE-2004-1580 (SQL injection vulnerability in index.php in CubeCart 2.0.1 allows ...)
 	NOT-FOR-US: CubeCart
diff --git a/data/CVE/2005.list b/data/CVE/2005.list
index d03d4a2168..82d784a32b 100644
--- a/data/CVE/2005.list
+++ b/data/CVE/2005.list
@@ -8108,7 +8108,7 @@ CVE-2005-1487 (** DISPUTED ** ...)
 	NOT-FOR-US: FishCart
 CVE-2005-1486 (Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow ...)
 	NOT-FOR-US: FishCart
-CVE-2005-1485 (Golden FTP Server Pro allows 2.52 allows remote attackers to obtain ...)
+CVE-2005-1485 (Golden FTP Server Pro 2.52 allows remote attackers to obtain sensitive ...)
 	NOT-FOR-US: Golden FTP Server Pro
 CVE-2005-1484 (Directory traversal vulnerability in Golden FTP server pro 2.52 allows ...)
 	NOT-FOR-US: Golden FTP Server Pro
diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index 3f55e120f7..b27f699614 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -14619,7 +14619,7 @@ CVE-2006-0799 (Microsoft Internet Explorer allows remote attackers to spoof a ..
 	NOT-FOR-US: Microsoft
 CVE-2006-0798 (Multiple directory traversal vulnerabilities in the IMAP service in ...)
 	NOT-FOR-US: Macallan Mail Solution
-CVE-2006-0797 (Nokia N70 cell phone allows remote attackers to caues a denial of ...)
+CVE-2006-0797 (Nokia N70 cell phone allows remote attackers to cause a denial of ...)
 	NOT-FOR-US: Nokia cell phone
 CVE-2006-0796 (Cross-site scripting (XSS) vulnerability in default.php in Clever Copy ...)
 	NOT-FOR-US: Clever Copy
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index d156371b72..a506f51b92 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -1,4 +1,135 @@
+CVE-2016-8665
+	RESERVED
+CVE-2016-8664
+	RESERVED
+CVE-2016-8663
+	RESERVED
+CVE-2016-8662
+	RESERVED
+CVE-2016-8661
+	RESERVED
+CVE-2016-8657
+	RESERVED
+CVE-2016-8656
+	RESERVED
+CVE-2016-8655
+	RESERVED
+CVE-2016-8654
+	RESERVED
+CVE-2016-8653
+	RESERVED
+CVE-2016-8652
+	RESERVED
+CVE-2016-8651
+	RESERVED
+CVE-2016-8650
+	RESERVED
+CVE-2016-8649
+	RESERVED
+CVE-2016-8648
+	RESERVED
+CVE-2016-8647
+	RESERVED
+CVE-2016-8646
+	RESERVED
+CVE-2016-8645
+	RESERVED
+CVE-2016-8644
+	RESERVED
+CVE-2016-8643
+	RESERVED
+CVE-2016-8642
+	RESERVED
+CVE-2016-8641
+	RESERVED
+CVE-2016-8640
+	RESERVED
+CVE-2016-8639
+	RESERVED
+CVE-2016-8638
+	RESERVED
+CVE-2016-8637
+	RESERVED
+CVE-2016-8636
+	RESERVED
+CVE-2016-8635
+	RESERVED
+CVE-2016-8634
+	RESERVED
+CVE-2016-8633
+	RESERVED
+CVE-2016-8632
+	RESERVED
+CVE-2016-8631
+	RESERVED
+CVE-2016-8630
+	RESERVED
+CVE-2016-8629
+	RESERVED
+CVE-2016-8628
+	RESERVED
+CVE-2016-8627
+	RESERVED
+CVE-2016-8626
+	RESERVED
+CVE-2016-8625
+	RESERVED
+CVE-2016-8624
+	RESERVED
+CVE-2016-8623
+	RESERVED
+CVE-2016-8622
+	RESERVED
+CVE-2016-8621
+	RESERVED
+CVE-2016-8620
+	RESERVED
+CVE-2016-8619
+	RESERVED
+CVE-2016-8618
+	RESERVED
+CVE-2016-8617
+	RESERVED
+CVE-2016-8616
+	RESERVED
+CVE-2016-8615
+	RESERVED
+CVE-2016-8614
+	RESERVED
+CVE-2016-8613
+	RESERVED
+CVE-2016-8612
+	RESERVED
+CVE-2016-8611
+	RESERVED
+CVE-2016-8610
+	RESERVED
+CVE-2016-8609
+	RESERVED
+CVE-2016-8608
+	RESERVED
+CVE-2016-8607
+	RESERVED
+CVE-2016-8604
+	RESERVED
+CVE-2016-8603
+	RESERVED
+CVE-2016-8600
+	RESERVED
+CVE-2016-8599
+	RESERVED
+CVE-2016-8598
+	RESERVED
+CVE-2016-8597
+	RESERVED
+CVE-2016-8596
+	RESERVED
+CVE-2016-8595
+	RESERVED
+CVE-2016-8594
+	RESERVED
 CVE-2016-8666 [tunnels: Don't apply GRO to multiple layers of encapsulation]
+	RESERVED
 	- linux 4.6.1-1
 	[jessie] - linux 3.6.36-1
 	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
@@ -6,19 +137,24 @@ CVE-2016-8666 [tunnels: Don't apply GRO to multiple layers of encapsulation]
 	NOTE: Introduced by: htttps://git.kernel.org/linus/bf5a755f5e9186406bbf50f4087100af5bd68e40
 	NOTE: http://www.openwall.com/lists/oss-security/2016/10/13/11
 CVE-2016-8660 [local DoS due to a page lock order bug in the XFS seek hole/data implementation]
+	RESERVED
 	- linux <unfixed>
 CVE-2016-8659 [privilege escalation via ptrace]
+	RESERVED
 	- bubblewrap 0.1.2-2 (bug #840605)
 	NOTE: https://github.com/projectatomic/bubblewrap/issues/107
 CVE-2016-8658 [Broadcom Wifi Driver Brcmfmac brcmf_cfg80211_start_ap Buffer Overflow]
+	RESERVED
 	- linux 4.7.5-1
 	NOTE: Fixed by: https://git.kernel.org/linus/ded89912156b1a47d940a0c954c43afbabd0c42c (v4.8-rc8)
 CVE-2016-8606 [REPL server vulnerable to HTTP inter-protocol attacks]
+	RESERVED
 	- guile-2.0 <unfixed> (low; bug #840555)
 	[jessie] - guile-2.0 <no-dsa> (Minor issue)
 	- guile-1.8 <not-affected> (repl server introduced in 2.0)
 	NOTE: Patch: http://git.savannah.gnu.org/cgit/guile.git/commit/?h=stable-2.0&id=08c021916dbd3a235a9f9cc33df4c418c0724e03
 CVE-2016-8605 [Thread-unsafe umask modification]
+	RESERVED
 	- guile-2.0 <unfixed> (low; bug #840556)
 	[jessie] - guile-2.0 <no-dsa> (Minor issue)
 	- guile-1.8 <not-affected> (repl server introduced in 2.0)
@@ -73,12 +209,12 @@ CVE-2016-8567
 	RESERVED
 CVE-2016-8566
 	RESERVED
-CVE-2016-8565
-	RESERVED
-CVE-2016-8564
-	RESERVED
-CVE-2016-8563
-	RESERVED
+CVE-2016-8565 (Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote ...)
+	TODO: check
+CVE-2016-8564 (SQL injection vulnerability in Siemens Automation License Manager ...)
+	TODO: check
+CVE-2016-8563 (Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 ...)
+	TODO: check
 CVE-2016-8562
 	RESERVED
 CVE-2016-8561
@@ -248,11 +384,13 @@ CVE-2016-XXXX [dwarf_util.c: heap-based buffer overflow in _dwarf_get_abbrev_for
 	- dwarfutils <unfixed>
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/10/08/13
 CVE-2016-8602 [type confusion]
+	RESERVED
 	{DSA-3691-1}
 	- ghostscript <unfixed> (bug #840451)
 	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697203
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78
 CVE-2016-8601 [do_blockdev_direct_IO invalid memory access]
+	RESERVED
 	- linux <not-affected> (Vulnerable code introduced later in 4.8 development)
 	NOTE: https://gist.github.com/marcograss/40850adb3c599ac38e0beac31617d56b
 CVE-2016-8578 [9pfs: potential NULL dereferencein 9pfs routines]
@@ -1569,10 +1707,10 @@ CVE-2016-7962
 	RESERVED
 CVE-2016-7961
 	RESERVED
-CVE-2016-7960
-	RESERVED
-CVE-2016-7959
-	RESERVED
+CVE-2016-7960 (Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format ...)
+	TODO: check
+CVE-2016-7959 (Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores ...)
+	TODO: check
 CVE-2016-7958
 	RESERVED
 CVE-2016-7957
@@ -1967,14 +2105,12 @@ CVE-2016-7797
 	NOTE: http://bugs.clusterlabs.org/show_bug.cgi?id=5269
 	NOTE: Fixed by: https://github.com/ClusterLabs/pacemaker/commit/5ec24a2642bd0854b884d1a9b51d12371373b410 (Pacemaker-1.1.15-rc1)
 	NOTE: Vulnerable code introduced in: https://github.com/ClusterLabs/pacemaker/commit/87f40917feb5109f827d83765c924acbbd824379 (Pacemaker-1.1.12-rc1)
-CVE-2016-7796
-	RESERVED
+CVE-2016-7796 (The manager_dispatch_notify_fd function in systemd allows local users ...)
 	- systemd 231-9 (bug #839607)
 	[jessie] - systemd <no-dsa> (Proposed to be fixed via point release)
 	NOTE: https://github.com/systemd/systemd/issues/4234#issuecomment-250441246
 	NOTE: Fixed by: https://github.com/systemd/systemd/pull/4240
-CVE-2016-7795
-	RESERVED
+CVE-2016-7795 (The manager_invoke_notify_message function in systemd 231 and earlier ...)
 	- systemd 231-9 (bug #839171)
 	[jessie] - systemd <not-affected> (Introduced in 219)
 	[wheezy] - systemd <not-affected> (Introduced in 219)
@@ -2736,8 +2872,8 @@ CVE-2016-7439
 	RESERVED
 CVE-2016-7438
 	RESERVED
-CVE-2016-7437
-	RESERVED
+CVE-2016-7437 (SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the ...)
+	TODO: check
 CVE-2016-7436
 	RESERVED
 CVE-2016-7435 (The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and ...)
@@ -3263,8 +3399,8 @@ CVE-2016-7213
 	RESERVED
 CVE-2016-7212
 	RESERVED
-CVE-2016-7211
-	RESERVED
+CVE-2016-7211 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
+	TODO: check
 CVE-2016-7210
 	RESERVED
 CVE-2016-7209
@@ -3297,32 +3433,32 @@ CVE-2016-7196
 	RESERVED
 CVE-2016-7195
 	RESERVED
-CVE-2016-7194
-	RESERVED
-CVE-2016-7193
-	RESERVED
+CVE-2016-7194 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
+	TODO: check
+CVE-2016-7193 (Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT ...)
+	TODO: check
 CVE-2016-7192
 	RESERVED
 CVE-2016-7191 (The Microsoft Azure Active Directory Passport (aka Passport-Azure-AD) ...)
 	NOT-FOR-US: Microsoft Azure Active Directory Passport
-CVE-2016-7190
-	RESERVED
-CVE-2016-7189
-	RESERVED
-CVE-2016-7188
-	RESERVED
+CVE-2016-7190 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
+	TODO: check
+CVE-2016-7189 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
+	TODO: check
+CVE-2016-7188 (The Standard Collector Service in Windows Diagnostics Hub in Microsoft ...)
+	TODO: check
 CVE-2016-7187
 	RESERVED
 CVE-2016-7186
 	RESERVED
-CVE-2016-7185
-	RESERVED
+CVE-2016-7185 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
+	TODO: check
 CVE-2016-7184
 	RESERVED
 CVE-2016-7183
 	RESERVED
-CVE-2016-7182
-	RESERVED
+CVE-2016-7182 (The Graphics component in Microsoft Windows Vista SP2; Windows Server ...)
+	TODO: check
 CVE-2016-7181
 	RESERVED
 CVE-2016-7393 [stack-based buffer overflow in aac_sync (aac_parser.c)]
@@ -3888,8 +4024,7 @@ CVE-2016-7067
 	RESERVED
 CVE-2016-7066
 	RESERVED
-CVE-2016-7065
-	RESERVED
+CVE-2016-7065 (The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) ...)
 	NOT-FOR-US: Red Hat JBoss EAP
 CVE-2016-7064
 	RESERVED
@@ -4006,186 +4141,176 @@ CVE-2016-7021
 	RESERVED
 CVE-2016-7020 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 ...)
 	NOT-FOR-US: Adobe Flash Player
-CVE-2016-7019
-	RESERVED
-CVE-2016-7018
-	RESERVED
-CVE-2016-7017
-	RESERVED
-CVE-2016-7016
-	RESERVED
-CVE-2016-7015
-	RESERVED
-CVE-2016-7014
-	RESERVED
-CVE-2016-7013
-	RESERVED
-CVE-2016-7012
-	RESERVED
-CVE-2016-7011
-	RESERVED
-CVE-2016-7010
-	RESERVED
-CVE-2016-7009
-	RESERVED
-CVE-2016-7008
-	RESERVED
-CVE-2016-7007
-	RESERVED
-CVE-2016-7006
-	RESERVED
-CVE-2016-7005
-	RESERVED
-CVE-2016-7004
-	RESERVED
-CVE-2016-7003
-	RESERVED
-CVE-2016-7002
-	RESERVED
-CVE-2016-7001
-	RESERVED
-CVE-2016-7000
-	RESERVED
-CVE-2016-6999
-	RESERVED
-CVE-2016-6998
-	RESERVED
-CVE-2016-6997
-	RESERVED
-CVE-2016-6996
-	RESERVED
-CVE-2016-6995
-	RESERVED
-CVE-2016-6994
-	RESERVED
-CVE-2016-6993
-	RESERVED
-CVE-2016-6992
-	RESERVED
+CVE-2016-7019 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-7018 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-7017 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-7016 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-7015 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-7014 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-7013 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-7012 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-7011 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-7010 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-7009 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-7008 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-7007 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-7006 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-7005 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-7004 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-7003 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-7002 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-7001 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-7000 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-6999 (Integer overflow in Adobe Reader and Acrobat before 11.0.18, Acrobat ...)
+	TODO: check
+CVE-2016-6998 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-6997 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-6996 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-6995 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-6994 (Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.18, ...)
+	TODO: check
+CVE-2016-6993 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
+	TODO: check
+CVE-2016-6992 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...)
 	NOT-FOR-US: Adobe
 CVE-2016-6991
 	RESERVED
-CVE-2016-6990
-	RESERVED
+CVE-2016-6990 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...)
 	NOT-FOR-US: Adobe
-CVE-2016-6989
-	RESERVED
+CVE-2016-6989 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...)
 	NOT-FOR-US: Adobe
-CVE-2016-6988
-	RESERVED
-CVE-2016-6987
-	RESERVED
+CVE-2016-6988 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
+	TODO: check
+CVE-2016-6987 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 ...)
 	NOT-FOR-US: Adobe
-CVE-2016-6986
-	RESERVED
+CVE-2016-6986 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...)
 	NOT-FOR-US: Adobe
-CVE-2016-6985
-	RESERVED
+CVE-2016-6985 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...)
 	NOT-FOR-US: Adobe
-CVE-2016-6984
-	RESERVED
+CVE-2016-6984 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...)
 	NOT-FOR-US: Adobe
-CVE-2016-6983
-	RESERVED
+CVE-2016-6983 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...)
 	NOT-FOR-US: Adobe
-CVE-2016-6982
-	RESERVED
+CVE-2016-6982 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...)
 	NOT-FOR-US: Adobe
-CVE-2016-6981
-	RESERVED
+CVE-2016-6981 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 ...)
 	NOT-FOR-US: Adobe
 CVE-2016-6980 (Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 ...)
 	NOT-FOR-US: Adobe
-CVE-2016-6979
-	RESERVED
-CVE-2016-6978
-	RESERVED
-CVE-2016-6977
-	RESERVED
-CVE-2016-6976
-	RESERVED
-CVE-2016-6975
-	RESERVED
-CVE-2016-6974
-	RESERVED
-CVE-2016-6973
-	RESERVED
-CVE-2016-6972
-	RESERVED
-CVE-2016-6971
-	RESERVED
-CVE-2016-6970
-	RESERVED
-CVE-2016-6969
-	RESERVED
-CVE-2016-6968
-	RESERVED
-CVE-2016-6967
-	RESERVED
-CVE-2016-6966
-	RESERVED
-CVE-2016-6965
-	RESERVED
-CVE-2016-6964
-	RESERVED
-CVE-2016-6963
-	RESERVED
-CVE-2016-6962
-	RESERVED
-CVE-2016-6961
-	RESERVED
-CVE-2016-6960
-	RESERVED
-CVE-2016-6959
-	RESERVED
-CVE-2016-6958
-	RESERVED
-CVE-2016-6957
-	RESERVED
-CVE-2016-6956
-	RESERVED
-CVE-2016-6955
-	RESERVED
-CVE-2016-6954
-	RESERVED
-CVE-2016-6953
-	RESERVED
-CVE-2016-6952
-	RESERVED
-CVE-2016-6951
-	RESERVED
-CVE-2016-6950
-	RESERVED
-CVE-2016-6949
-	RESERVED
-CVE-2016-6948
-	RESERVED
-CVE-2016-6947
-	RESERVED
-CVE-2016-6946
-	RESERVED
-CVE-2016-6945
-	RESERVED
-CVE-2016-6944
-	RESERVED
-CVE-2016-6943
-	RESERVED
-CVE-2016-6942
-	RESERVED
-CVE-2016-6941
-	RESERVED
-CVE-2016-6940
-	RESERVED
-CVE-2016-6939
-	RESERVED
+CVE-2016-6979 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
+	TODO: check
+CVE-2016-6978 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-6977 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-6976 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-6975 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-6974 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-6973 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-6972 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-6971 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
+	TODO: check
+CVE-2016-6970 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-6969 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
+	TODO: check
+CVE-2016-6968 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
+	TODO: check
+CVE-2016-6967 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
+	TODO: check
+CVE-2016-6966 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-6965 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
+	TODO: check
+CVE-2016-6964 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
+	TODO: check
+CVE-2016-6963 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
+	TODO: check
+CVE-2016-6962 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
+	TODO: check
+CVE-2016-6961 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
+	TODO: check
+CVE-2016-6960 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-6959 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-6958 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-6957 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-6956 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-6955 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-6954 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-6953 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
+	TODO: check
+CVE-2016-6952 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
+	TODO: check
+CVE-2016-6951 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-6950 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-6949 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
+	TODO: check
+CVE-2016-6948 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-6947 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-6946 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
+	TODO: check
+CVE-2016-6945 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
+	TODO: check
+CVE-2016-6944 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
+	TODO: check
+CVE-2016-6943 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-6942 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-6941 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-6940 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
+	TODO: check
+CVE-2016-6939 (Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.18, ...)
+	TODO: check
 CVE-2016-6938 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
 	NOT-FOR-US: Adobe
 CVE-2016-6937 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
 	NOT-FOR-US: Adobe
 CVE-2016-6936 (Adobe AIR SDK &amp; Compiler before 23.0.0.257 on Windows does not support ...)
 	NOT-FOR-US: Adobe
-CVE-2016-6935
-	RESERVED
+CVE-2016-6935 (Unquoted Windows search path vulnerability in Adobe Creative Cloud ...)
+	TODO: check
 CVE-2016-6934
 	RESERVED
 CVE-2016-6933
@@ -6079,8 +6204,7 @@ CVE-2016-6327
 	NOTE: Introduced by: https://git.kernel.org/linus/3e4f574857eebce60bb56d7524f3f9eaa2a126d0 (v3.8-rc1)
 CVE-2016-6326
 	RESERVED
-CVE-2016-6325
-	RESERVED
+CVE-2016-6325 (The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, ...)
 	- tomcat8 <not-affected> (Red Hat and derivatives packaging specific)
 	- tomcat7 <not-affected> (Red Hat and derivatives packaging specific)
 	- tomcat6 <not-affected> (Red Hat and derivatives packaging specific)
@@ -8869,8 +8993,7 @@ CVE-2016-5426 (PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows rem
 	NOTE: Added workaround to mark first 4.x version in unstable as fixed.
 	NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/
 	NOTE: https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3
-CVE-2016-5425
-	RESERVED
+CVE-2016-5425 (The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, ...)
 	- tomcat8 <not-affected> (Red Hat and derivatives packaging specific)
 	- tomcat7 <not-affected> (Red Hat and derivatives packaging specific)
 	- tomcat6 <not-affected> (Red Hat and derivatives packaging specific)
@@ -12203,8 +12326,8 @@ CVE-2016-4409
 	RESERVED
 CVE-2016-4408
 	RESERVED
-CVE-2016-4407
-	RESERVED
+CVE-2016-4407 (The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not ...)
+	TODO: check
 CVE-2016-4406
 	RESERVED
 CVE-2016-4405
@@ -12491,8 +12614,7 @@ CVE-2016-4288
 	RESERVED
 CVE-2016-4287 (Integer overflow in Adobe Flash Player before 18.0.0.375 and 19.x ...)
 	NOT-FOR-US: Adobe Flash
-CVE-2016-4286
-	RESERVED
+CVE-2016-4286 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...)
 	NOT-FOR-US: Adobe
 CVE-2016-4285 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before ...)
 	NOT-FOR-US: Adobe Flash
@@ -12518,8 +12640,7 @@ CVE-2016-4275 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before
 	NOT-FOR-US: Adobe Flash
 CVE-2016-4274 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before ...)
 	NOT-FOR-US: Adobe Flash
-CVE-2016-4273
-	RESERVED
+CVE-2016-4273 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...)
 	NOT-FOR-US: Adobe
 CVE-2016-4272 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 ...)
 	NOT-FOR-US: Adobe Flash
@@ -13399,8 +13520,8 @@ CVE-2016-3959 (The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1
 CVE-2016-3958 (Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x ...)
 	- golang <not-affected> (Only affects Go on Windows)
 	NOTE: https://golang.org/cl/21428
-CVE-2016-3946
-	RESERVED
+CVE-2016-3946 (SAP Console (aka SAPConsole) 7.30 allows local users to discover SAP ...)
+	TODO: check
 CVE-2016-3945 (Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile ...)
 	{DLA-610-1}
 	- tiff <unfixed>
@@ -14157,14 +14278,14 @@ CVE-2016-3640 (The Extended Application Services (aka XS or XS Engine) in SAP HA
 	TODO: check
 CVE-2016-3639 (SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain ...)
 	TODO: check
-CVE-2016-3638
-	RESERVED
+CVE-2016-3638 (SAP SLD Registration Program (aka SLDREG) allows local users to cause ...)
+	TODO: check
 CVE-2016-3637
 	RESERVED
 CVE-2016-3636
 	RESERVED
-CVE-2016-3635
-	RESERVED
+CVE-2016-3635 (SAP Netweaver 7.4 allows remote authenticated users to bypass an ...)
+	TODO: check
 CVE-2016-3634 (The tagCompare function in tif_dirinfo.c in the thumbnail tool in ...)
 	- tiff <unfixed>
 	[jessie] - tiff <no-dsa> (Minor issue)
@@ -14814,36 +14935,36 @@ CVE-2016-3398
 	RESERVED
 CVE-2016-3397
 	RESERVED
-CVE-2016-3396
-	RESERVED
+CVE-2016-3396 (Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista ...)
+	TODO: check
 CVE-2016-3395
 	RESERVED
 CVE-2016-3394
 	RESERVED
-CVE-2016-3393
-	RESERVED
-CVE-2016-3392
-	RESERVED
-CVE-2016-3391
-	RESERVED
-CVE-2016-3390
-	RESERVED
-CVE-2016-3389
-	RESERVED
-CVE-2016-3388
-	RESERVED
-CVE-2016-3387
-	RESERVED
-CVE-2016-3386
-	RESERVED
-CVE-2016-3385
-	RESERVED
-CVE-2016-3384
-	RESERVED
-CVE-2016-3383
-	RESERVED
-CVE-2016-3382
-	RESERVED
+CVE-2016-3393 (Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista ...)
+	TODO: check
+CVE-2016-3392 (The Edge Content Security Policy feature in Microsoft Edge does not ...)
+	TODO: check
+CVE-2016-3391 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow ...)
+	TODO: check
+CVE-2016-3390 (The scripting engines in Microsoft Internet Explorer 11 and Microsoft ...)
+	TODO: check
+CVE-2016-3389 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
+	TODO: check
+CVE-2016-3388 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not ...)
+	TODO: check
+CVE-2016-3387 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not ...)
+	TODO: check
+CVE-2016-3386 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
+	TODO: check
+CVE-2016-3385 (The scripting engine in Microsoft Internet Explorer 9 through 11 ...)
+	TODO: check
+CVE-2016-3384 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+	TODO: check
+CVE-2016-3383 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+	TODO: check
+CVE-2016-3382 (The scripting engines in Microsoft Internet Explorer 9 through 11 and ...)
+	TODO: check
 CVE-2016-3381 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...)
 	TODO: check
 CVE-2016-3380
@@ -14854,8 +14975,8 @@ CVE-2016-3378 (Open redirect vulnerability in Microsoft Exchange Server 2013 SP1
 	TODO: check
 CVE-2016-3377 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
 	TODO: check
-CVE-2016-3376
-	RESERVED
+CVE-2016-3376 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
+	TODO: check
 CVE-2016-3375 (The OLE Automation mechanism and VBScript scripting engine in ...)
 	TODO: check
 CVE-2016-3374 (The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 ...)
@@ -14924,8 +15045,8 @@ CVE-2016-3343
 	RESERVED
 CVE-2016-3342
 	RESERVED
-CVE-2016-3341
-	RESERVED
+CVE-2016-3341 (The kernel-mode drivers in Transaction Manager in Microsoft Windows ...)
+	TODO: check
 CVE-2016-3340
 	RESERVED
 CVE-2016-3339
@@ -14944,8 +15065,8 @@ CVE-2016-3333
 	RESERVED
 CVE-2016-3332
 	RESERVED
-CVE-2016-3331
-	RESERVED
+CVE-2016-3331 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote ...)
+	TODO: check
 CVE-2016-3330 (Microsoft Edge allows remote attackers to execute arbitrary code or ...)
 	TODO: check
 CVE-2016-3329 (Microsoft Internet Explorer 9 through 11 and Edge allow remote ...)
@@ -15010,8 +15131,8 @@ CVE-2016-3300 (The Netlogon service in Microsoft Windows 8.1, Windows Server 201
 	TODO: check
 CVE-2016-3299 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
 	TODO: check
-CVE-2016-3298
-	RESERVED
+CVE-2016-3298 (Microsoft Internet Explorer 9 through 11 and the Internet Messaging ...)
+	TODO: check
 CVE-2016-3297 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...)
 	TODO: check
 CVE-2016-3296 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
@@ -15066,24 +15187,24 @@ CVE-2016-3272 (The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and
 	TODO: check
 CVE-2016-3271 (The VBScript engine in Microsoft Edge allows remote attackers to ...)
 	TODO: check
-CVE-2016-3270
-	RESERVED
+CVE-2016-3270 (The Graphics component in the kernel in Microsoft Windows Vista SP2; ...)
+	TODO: check
 CVE-2016-3269 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
 	TODO: check
 CVE-2016-3268
 	RESERVED
-CVE-2016-3267
-	RESERVED
-CVE-2016-3266
-	RESERVED
+CVE-2016-3267 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...)
+	TODO: check
+CVE-2016-3266 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
+	TODO: check
 CVE-2016-3265 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
 	TODO: check
 CVE-2016-3264 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...)
 	NOT-FOR-US: Microsoft
-CVE-2016-3263
-	RESERVED
-CVE-2016-3262
-	RESERVED
+CVE-2016-3263 (Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista ...)
+	TODO: check
+CVE-2016-3262 (Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista ...)
+	TODO: check
 CVE-2016-3261 (Microsoft Internet Explorer 11 allows remote attackers to obtain ...)
 	NOT-FOR-US: Microsoft
 CVE-2016-3260 (The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript ...)
@@ -15188,8 +15309,8 @@ CVE-2016-3211 (Microsoft Internet Explorer 9 through 11 allows remote attackers
 	NOT-FOR-US: Microsoft
 CVE-2016-3210 (The Microsoft (1) JScript and (2) VBScript engines, as used in ...)
 	TODO: check
-CVE-2016-3209
-	RESERVED
+CVE-2016-3209 (Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista ...)
+	TODO: check
 CVE-2016-3208
 	RESERVED
 CVE-2016-3207 (The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as ...)
@@ -15666,8 +15787,8 @@ CVE-2016-3058
 	RESERVED
 CVE-2016-3057
 	RESERVED
-CVE-2016-3056
-	RESERVED
+CVE-2016-3056 (Cross-site scripting (XSS) vulnerability in Business Space in IBM ...)
+	TODO: check
 CVE-2016-3055
 	RESERVED
 CVE-2016-3054 (Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace ...)
@@ -21880,12 +22001,12 @@ CVE-2016-1093 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Read
 	NOT-FOR-US: Adobe Reader and Acrobat
 CVE-2016-1092 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
 	NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2016-1091
-	RESERVED
+CVE-2016-1091 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
+	TODO: check
 CVE-2016-1090 (Untrusted search path vulnerability in Adobe Reader and Acrobat before ...)
 	NOT-FOR-US: Adobe Reader and Acrobat
-CVE-2016-1089
-	RESERVED
+CVE-2016-1089 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
+	TODO: check
 CVE-2016-1088 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
 	NOT-FOR-US: Adobe Reader and Acrobat
 CVE-2016-1087 (Untrusted search path vulnerability in Adobe Reader and Acrobat before ...)
@@ -24239,8 +24360,8 @@ CVE-2016-0144
 	RESERVED
 CVE-2016-0143 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2016-0142
-	RESERVED
+CVE-2016-0142 (Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows ...)
+	TODO: check
 CVE-2016-0141 (The Visual Basic macros in Microsoft Office 2007 SP3, 2010 SP2, 2013 ...)
 	TODO: check
 CVE-2016-0140 (Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation Services ...)
@@ -24365,26 +24486,26 @@ CVE-2016-0081
 	RESERVED
 CVE-2016-0080 (Microsoft Edge mishandles exceptions during window-message dispatch ...)
 	NOT-FOR-US: Microsoft
-CVE-2016-0079
-	RESERVED
+CVE-2016-0079 (The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local ...)
+	TODO: check
 CVE-2016-0078
 	RESERVED
 CVE-2016-0077 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge misparse ...)
 	NOT-FOR-US: Microsoft
 CVE-2016-0076
 	RESERVED
-CVE-2016-0075
-	RESERVED
+CVE-2016-0075 (The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, ...)
+	TODO: check
 CVE-2016-0074
 	RESERVED
-CVE-2016-0073
-	RESERVED
+CVE-2016-0073 (The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, ...)
+	TODO: check
 CVE-2016-0072 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
 	NOT-FOR-US: Microsoft
 CVE-2016-0071 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
 	NOT-FOR-US: Microsoft
-CVE-2016-0070
-	RESERVED
+CVE-2016-0070 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
+	TODO: check
 CVE-2016-0069 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
 	NOT-FOR-US: Microsoft
 CVE-2016-0068 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
author	security tracker role <sectracker@debian.org>	2016-10-14 21:10:14 +0000
committer	security tracker role <sectracker@debian.org>	2016-10-14 21:10:14 +0000
commit	a2af18d6314042c69744e018ea2c76254447cb2b (patch)
tree	c399f2f61bb7985558b754833136076bd36797fd
parent	1b5a54fb94e6e5b7625aba14a879e247c7d38ecb (diff)