diff options
author | security tracker role <sectracker@debian.org> | 2016-12-06 21:10:11 +0000 |
---|---|---|
committer | security tracker role <sectracker@debian.org> | 2016-12-06 21:10:11 +0000 |
commit | 99a45996f5af2e08a84179b7485c113dfa1ee4a9 (patch) | |
tree | ef993477acc16f53e445aa8f1d67d78b6f0747c4 /data | |
parent | 14f9cfcb43925107fc0cfcbf8bb99eda9e106862 (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@46834 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2004.list | 4 | ||||
-rw-r--r-- | data/CVE/2014.list | 1 | ||||
-rw-r--r-- | data/CVE/2016.list | 68 | ||||
-rw-r--r-- | data/CVE/2017.list | 160 |
4 files changed, 220 insertions, 13 deletions
diff --git a/data/CVE/2004.list b/data/CVE/2004.list index a7c831828c..5d109a4f73 100644 --- a/data/CVE/2004.list +++ b/data/CVE/2004.list @@ -905,7 +905,7 @@ CVE-2004-2350 (SQL injection vulnerability in search.php for phpBB 1.0 through 2 - phpbb2 2.0.8 (low) CVE-2004-2349 (Multiple SQL injection vulnerabilities in Tunez before 1.20-pre2 allow ...) NOT-FOR-US: Tunez -CVE-2004-2348 (Sybari AntiGen for Domino 7.0 Build 722 SR2 alows remote attackers to ...) +CVE-2004-2348 (Sybari AntiGen for Domino 7.0 Build 722 SR2 allows remote attackers to ...) NOT-FOR-US: Sybari AntiGen for Domino CVE-2004-2347 (blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote ...) NOT-FOR-US: Leif M. Wright Web Blog @@ -3504,7 +3504,7 @@ CVE-2004-1122 (Safari 1.x to 1.2.4, and possibly other versions, allows inactive NOT-FOR-US: Safari CVE-2004-1121 (Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the ...) NOT-FOR-US: Safari -CVE-2004-1120 (Mulitple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c ...) +CVE-2004-1120 (Multiple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c ...) {DSA-663-1} - prozilla 1:1.3.7.3-1 CVE-2004-1119 (Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and ...) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index a84461ab11..bbce36de73 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -1,4 +1,5 @@ CVE-2014-9913 + RESERVED - unzip <unfixed> NOTE: http://www.openwall.com/lists/oss-security/2014/11/03/5 CVE-2014-9912 [stack buffer overflow in locale_get_display_name] diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 8a13443c5e..5f560a1132 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -1,3 +1,43 @@ +CVE-2016-9866 + RESERVED +CVE-2016-9865 + RESERVED +CVE-2016-9864 + RESERVED +CVE-2016-9863 + RESERVED +CVE-2016-9862 + RESERVED +CVE-2016-9861 + RESERVED +CVE-2016-9860 + RESERVED +CVE-2016-9859 + RESERVED +CVE-2016-9858 + RESERVED +CVE-2016-9857 + RESERVED +CVE-2016-9856 + RESERVED +CVE-2016-9855 + RESERVED +CVE-2016-9854 + RESERVED +CVE-2016-9853 + RESERVED +CVE-2016-9852 + RESERVED +CVE-2016-9851 + RESERVED +CVE-2016-9850 + RESERVED +CVE-2016-9849 + RESERVED +CVE-2016-9848 + RESERVED +CVE-2016-9847 + RESERVED CVE-2016-XXXX [cross-site scripting vulnerability] - html5lib 0.999999999-1 [jessie] - html5lib <no-dsa> (Minor issue) @@ -5,6 +45,7 @@ CVE-2016-XXXX [cross-site scripting vulnerability] NOTE: https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/06/5 CVE-2016-9839 + RESERVED - mapserver 7.0.3-1 [jessie] - mapserver <no-dsa> (Minor issue) NOTE: https://lists.osgeo.org/pipermail/mapserver-dev/2016-December/014979.html @@ -14,8 +55,8 @@ CVE-2016-9838 RESERVED CVE-2016-9837 RESERVED -CVE-2016-9836 - RESERVED +CVE-2016-9836 (The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! ...) + TODO: check CVE-2016-9835 (Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x ...) TODO: check CVE-2016-9834 @@ -91,6 +132,7 @@ CVE-2016-9758 CVE-2016-9757 RESERVED CVE-2016-9846 [display: virtio-gpu: memory leakage while updating cursor] + RESERVED - qemu <unfixed> [wheezy] - qemu <not-affected> (Vulnerable code not present) - qemu-kvm <removed> @@ -98,6 +140,7 @@ CVE-2016-9846 [display: virtio-gpu: memory leakage while updating cursor] NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00029.html TODO: check affected versions CVE-2016-9845 [display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset_info] + RESERVED - qemu <unfixed> [wheezy] - qemu <not-affected> (Vulnerable code not present) - qemu-kvm <removed> @@ -105,18 +148,23 @@ CVE-2016-9845 [display: virtio-gpu-3d: information leakage in virgl_cmd_get_caps NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00019.html TODO: check affected versions CVE-2016-9843 + RESERVED - zlib <unfixed> NOTE: https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811 CVE-2016-9842 + RESERVED - zlib <unfixed> (bug #847274) NOTE: https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958 CVE-2016-9841 + RESERVED - zlib <unfixed> (bug #847270) NOTE: https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb CVE-2016-9840 + RESERVED - zlib <unfixed> (bug #847270) NOTE: https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0 CVE-2016-9844 [zipinfo buffer overflow] + RESERVED - unzip <unfixed> NOTE: https://launchpad.net/bugs/1643750 NOTE: http://www.openwall.com/lists/oss-security/2016/12/05/13 @@ -556,7 +604,7 @@ CVE-2016-9637 [qemu ioport array overflow] - qemu <not-affected> (Vulnerability specific to Xen) - qemu-kvm <not-affected> (Vulnerability specific to Xen) - xen 4.4.0-1 - NOTE: Xen switched to qemu-system in 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://xenbits.xen.org/xsa/advisory-199.html CVE-2016-9620 RESERVED @@ -2195,8 +2243,7 @@ CVE-2016-9154 RESERVED CVE-2016-9153 RESERVED -CVE-2016-9152 [cross-site scripting] - RESERVED +CVE-2016-9152 (Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in ...) - spip <unfixed> (bug #847156) NOTE: https://core.spip.net/projects/spip/repository/revisions/23290 CVE-2016-9151 (Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x ...) @@ -3215,8 +3262,7 @@ CVE-2016-8742 RESERVED CVE-2016-8741 RESERVED -CVE-2016-8740 - RESERVED +CVE-2016-8740 (The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, ...) - apache2 <unfixed> (bug #847124) [jessie] - apache2 <not-affected> (Vulnerable code not present) [wheezy] - apache2 <not-affected> (Vulnerable code not present) @@ -7655,8 +7701,8 @@ CVE-2016-7173 RESERVED CVE-2016-7172 RESERVED -CVE-2016-7171 - RESERVED +CVE-2016-7171 (NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use ...) + TODO: check CVE-2016-7170 [vmware_vga: OOB stack memory access when processing svga command] RESERVED {DLA-653-1 DLA-652-1} @@ -13696,8 +13742,8 @@ CVE-2016-5343 (drivers/soc/qcom/qdsp6v2/voice_svc.c in the QDSP6v2 Voice Service TODO: check CVE-2016-5342 (Heap-based buffer overflow in the wcnss_wlan_write function in ...) TODO: check -CVE-2016-5341 - RESERVED +CVE-2016-5341 (The GPS component in Android before 2016-12-05 allows ...) + TODO: check CVE-2016-5340 (The is_ashmem_file function in drivers/staging/android/ashmem.c in a ...) TODO: check CVE-2016-5339 diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 9fe9cdeaac..ce477ec3e6 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -1,3 +1,163 @@ +CVE-2017-3229 + RESERVED +CVE-2017-3228 + RESERVED +CVE-2017-3227 + RESERVED +CVE-2017-3226 + RESERVED +CVE-2017-3225 + RESERVED +CVE-2017-3224 + RESERVED +CVE-2017-3223 + RESERVED +CVE-2017-3222 + RESERVED +CVE-2017-3221 + RESERVED +CVE-2017-3220 + RESERVED +CVE-2017-3219 + RESERVED +CVE-2017-3218 + RESERVED +CVE-2017-3217 + RESERVED +CVE-2017-3216 + RESERVED +CVE-2017-3215 + RESERVED +CVE-2017-3214 + RESERVED +CVE-2017-3213 + RESERVED +CVE-2017-3212 + RESERVED +CVE-2017-3211 + RESERVED +CVE-2017-3210 + RESERVED +CVE-2017-3209 + RESERVED +CVE-2017-3208 + RESERVED +CVE-2017-3207 + RESERVED +CVE-2017-3206 + RESERVED +CVE-2017-3205 + RESERVED +CVE-2017-3204 + RESERVED +CVE-2017-3203 + RESERVED +CVE-2017-3202 + RESERVED +CVE-2017-3201 + RESERVED +CVE-2017-3200 + RESERVED +CVE-2017-3199 + RESERVED +CVE-2017-3198 + RESERVED +CVE-2017-3197 + RESERVED +CVE-2017-3196 + RESERVED +CVE-2017-3195 + RESERVED +CVE-2017-3194 + RESERVED +CVE-2017-3193 + RESERVED +CVE-2017-3192 + RESERVED +CVE-2017-3191 + RESERVED +CVE-2017-3190 + RESERVED +CVE-2017-3189 + RESERVED +CVE-2017-3188 + RESERVED +CVE-2017-3187 + RESERVED +CVE-2017-3186 + RESERVED +CVE-2017-3185 + RESERVED +CVE-2017-3184 + RESERVED +CVE-2017-3183 + RESERVED +CVE-2017-3182 + RESERVED +CVE-2017-3181 + RESERVED +CVE-2017-3180 + RESERVED +CVE-2017-3179 + RESERVED +CVE-2017-3178 + RESERVED +CVE-2017-3177 + RESERVED +CVE-2017-3176 + RESERVED +CVE-2017-3175 + RESERVED +CVE-2017-3174 + RESERVED +CVE-2017-3173 + RESERVED +CVE-2017-3172 + RESERVED +CVE-2017-3171 + RESERVED +CVE-2017-3170 + RESERVED +CVE-2017-3169 + RESERVED +CVE-2017-3168 + RESERVED +CVE-2017-3167 + RESERVED +CVE-2017-3166 + RESERVED +CVE-2017-3165 + RESERVED +CVE-2017-3164 + RESERVED +CVE-2017-3163 + RESERVED +CVE-2017-3162 + RESERVED +CVE-2017-3161 + RESERVED +CVE-2017-3160 + RESERVED +CVE-2017-3159 + RESERVED +CVE-2017-3158 + RESERVED +CVE-2017-3157 + RESERVED +CVE-2017-3156 + RESERVED +CVE-2017-3155 + RESERVED +CVE-2017-3154 + RESERVED +CVE-2017-3153 + RESERVED +CVE-2017-3152 + RESERVED +CVE-2017-3151 + RESERVED +CVE-2017-3150 + RESERVED CVE-2017-3149 RESERVED CVE-2017-3148 |