[Midnightbsd-cvs] mports [22428] trunk/security/vuxml/vuln.xml: update the list of vulnerabilities through march
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Fri May 12 16:30:00 EDT 2017
Revision: 22428
http://svnweb.midnightbsd.org/mports/?rev=22428
Author: laffer1
Date: 2017-05-12 16:29:59 -0400 (Fri, 12 May 2017)
Log Message:
-----------
update the list of vulnerabilities through march
Modified Paths:
--------------
trunk/security/vuxml/vuln.xml
Modified: trunk/security/vuxml/vuln.xml
===================================================================
--- trunk/security/vuxml/vuln.xml 2017-05-12 20:29:11 UTC (rev 22427)
+++ trunk/security/vuxml/vuln.xml 2017-05-12 20:29:59 UTC (rev 22428)
@@ -28,7 +28,7 @@
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- $FreeBSD: head/security/vuxml/vuln.xml 425272 2016-11-03 20:34:34Z rene $
+ $FreeBSD: head/security/vuxml/vuln.xml 436409 2017-03-18 13:57:40Z riggs $
QUICK GUIDE TO ADDING A NEW ENTRY
@@ -58,6 +58,6552 @@
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="06f931c0-0be0-11e7-b4bf-5404a68ad561">
+ <topic>irssi -- use-after-free potential code execution</topic>
+ <affects>
+ <package>
+ <name>irssi</name>
+ <range><gt>0.8.21,1</gt><lt>1.0.2,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The irssi project reports:</p>
+ <blockquote cite="https://irssi.org/security/irssi_sa_2017_03.txt">
+ <p>Use after free while producing list of netjoins (CWE-416).
+ This issue was found and reported to us by APic.
+ This issue usually leads to segmentation faults.
+ Targeted code execution should be difficult.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://irssi.org/security/irssi_sa_2017_03.txt</url>
+ </references>
+ <dates>
+ <discovery>2017-03-11</discovery>
+ <entry>2017-03-18</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7c27192f-0bc3-11e7-9940-b499baebfeaf">
+ <topic>mysql -- denial of service vulnerability</topic>
+ <affects>
+ <package>
+ <name>mariadb55-client</name>
+ <range><le>5.5.54</le></range>
+ </package>
+ <package>
+ <name>mariadb100-client</name>
+ <range><lt>10.0.30</lt></range>
+ </package>
+ <package>
+ <name>mariadb101-client</name>
+ <range><lt>10.1.22</lt></range>
+ </package>
+ <package>
+ <name>mysql55-client</name>
+ <range><le>5.5.54</le></range>
+ </package>
+ <package>
+ <name>mysql56-client</name>
+ <range><lt>5.6.21</lt></range>
+ </package>
+ <package>
+ <name>mysql57-client</name>
+ <range><lt>5.7.5</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Openwall reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2017/02/11/11">
+ <p>C client library for MySQL (libmysqlclient.so) has
+ use-after-free defect which can cause crash of applications
+ using that MySQL client.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.openwall.com/lists/oss-security/2017/02/11/11</url>
+ <cvename>CVE-2017-3302</cvename>
+ </references>
+ <dates>
+ <discovery>2017-01-27</discovery>
+ <entry>2017-03-18</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="5f453b69-abab-4e76-b6e5-2ed0bafcaee3">
+ <topic>firefox -- integer overflow in createImageBitmap()</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>52.0.1,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-08/">
+ <p>An integer overflow in createImageBitmap() was reported
+ through the Pwn2Own contest. The fix for this vulnerability
+ disables the experimental extensions to the
+ createImageBitmap API. This function runs in the content
+ sandbox, requiring a second vulnerability to compromise a
+ user's computer.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-5428</cvename>
+ <url>https://www.mozilla.org/security/advisories/mfsa2017-08/</url>
+ </references>
+ <dates>
+ <discovery>2017-03-17</discovery>
+ <entry>2017-03-18</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="df45b4bd-0b7f-11e7-970f-002590263bf5">
+ <topic>moodle -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>moodle29</name>
+ <range><le>2.9.9</le></range>
+ </package>
+ <package>
+ <name>moodle30</name>
+ <range><lt>3.0.9</lt></range>
+ </package>
+ <package>
+ <name>moodle31</name>
+ <range><lt>3.1.5</lt></range>
+ </package>
+ <package>
+ <name>moodle32</name>
+ <range><lt>3.2.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Marina Glancy reports:</p>
+ <blockquote cite="https://moodle.org/news/#p1408104">
+ <p>In addition to a number of bug fixes and small improvements,
+ security vulnerabilities have been discovered and fixed. We highly
+ recommend that you upgrade your sites as soon as possible.
+ Upgrading should be very straightforward. As per our usual policy,
+ admins of all registered Moodle sites will be notified of security
+ issue details directly via email and we'll publish details more
+ widely in a week.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://moodle.org/news/#p1408104</url>
+ </references>
+ <dates>
+ <discovery>2017-03-13</discovery>
+ <entry>2017-03-18</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f72d98d1-0b7e-11e7-970f-002590263bf5">
+ <topic>moodle -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>moodle29</name>
+ <range><le>2.9.9</le></range>
+ </package>
+ <package>
+ <name>moodle30</name>
+ <range><lt>3.0.8</lt></range>
+ </package>
+ <package>
+ <name>moodle31</name>
+ <range><lt>3.1.4</lt></range>
+ </package>
+ <package>
+ <name>moodle32</name>
+ <range><lt>3.2.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Marina Glancy reports:</p>
+ <blockquote cite="https://moodle.org/security/">
+ <ul>
+ <li><p>MSA-17-0001: System file inclusion when adding own preset
+ file in Boost theme</p></li>
+ <li><p>MSA-17-0002: Incorrect sanitation of attributes in forums
+ </p></li>
+ <li><p>MSA-17-0003: PHPMailer vulnerability in no-reply address
+ </p></li>
+ <li><p>MSA-17-0004: XSS in assignment submission page</p></li>
+ </ul>
+ <p>.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-2576</cvename>
+ <cvename>CVE-2017-2578</cvename>
+ <cvename>CVE-2016-10045</cvename>
+ <url>https://moodle.org/security/</url>
+ </references>
+ <dates>
+ <discovery>2017-01-17</discovery>
+ <entry>2017-03-18</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="2730c668-0b1c-11e7-8d52-6cf0497db129">
+ <topic>drupal8 -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>drupal8</name>
+ <range><lt>8.2.7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Drupal Security Team reports:</p>
+ <blockquote cite="https://www.drupal.org/SA-2017-001">
+ <p>CVE-2017-6377: Editor module incorrectly checks access to inline private files</p>
+ <p>CVE-2017-6379: Some admin paths were not protected with a CSRF token</p>
+ <p>CVE-2017-6381: Remote code execution</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-6377</cvename>
+ <cvename>CVE-2017-6379</cvename>
+ <cvename>CVE-2017-6381</cvename>
+ <url>https://www.drupal.org/SA-2017-001</url>
+ </references>
+ <dates>
+ <discovery>2017-03-15</discovery>
+ <entry>2017-03-17</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="9b973e97-0a99-11e7-ace7-080027ef73ec">
+ <topic>PuTTY -- integer overflow permits memory overwrite by forwarded ssh-agent connections</topic>
+ <affects>
+ <package>
+ <name>putty</name>
+ <range><lt>0.68</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Simon G. Tatham reports:</p>
+ <blockquote cite="http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html">
+ <p>Many versions of PuTTY prior to 0.68 have a heap-corrupting integer
+ overflow bug in the ssh_agent_channel_data function which processes
+ messages sent by remote SSH clients to a forwarded agent connection. [...]</p>
+ <p>This bug is only exploitable at all if you have enabled SSH
+ agent forwarding, which is turned off by default. Moreover, an
+ attacker able to exploit this bug would have to have already be able
+ to connect to the Unix-domain socket representing the forwarded
+ agent connection. Since any attacker with that capability would
+ necessarily already be able to generate signatures with your agent's
+ stored private keys, you should in normal circumstances be defended
+ against this vulnerability by the same precautions you and your
+ operating system were already taking to prevent untrusted people
+ from accessing your SSH agent.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html</url>
+ <cvename>CVE-2017-6542</cvename>
+ </references>
+ <dates>
+ <discovery>2017-01-29</discovery>
+ <entry>2017-03-16</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="4ffb633c-0a3b-11e7-a9f2-0011d823eebd">
+ <topic>Flash Player -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>linux-flashplayer</name>
+ <range><lt>25.0.0.127</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Adobe reports:</p>
+ <blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb17-07.html">
+ <ul>
+ <li>These updates resolve a buffer overflow vulnerability that
+ could lead to code execution (CVE-2017-2997).</li>
+ <li>These updates resolve memory corruption vulnerabilities that
+ could lead to code execution (CVE-2017-2998, CVE-2017-2999).</li>
+ <li>These updates resolve a random number generator vulnerability
+ used for constant blinding that could lead to information
+ disclosure (CVE-2017-3000).</li>
+ <li>These updates resolve use-after-free vulnerabilities that
+ could lead to code execution (CVE-2017-3001, CVE-2017-3002,
+ CVE-2017-3003).</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-2997</cvename>
+ <cvename>CVE-2017-2998</cvename>
+ <cvename>CVE-2017-2999</cvename>
+ <cvename>CVE-2017-3000</cvename>
+ <cvename>CVE-2017-3001</cvename>
+ <cvename>CVE-2017-3002</cvename>
+ <cvename>CVE-2017-3003</cvename>
+ <url>https://helpx.adobe.com/security/products/flash-player/apsb17-07.html</url>
+ </references>
+ <dates>
+ <discovery>2017-03-14</discovery>
+ <entry>2017-03-16</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f41e3e54-076b-11e7-a9f2-0011d823eebd">
+ <topic>mbed TLS (PolarSSL) -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>mbedtls</name>
+ <range><lt>2.4.2</lt></range>
+ </package>
+ <package>
+ <name>polarssl13</name>
+ <range><lt>1.3.19</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Janos Follath reports:</p>
+ <blockquote cite="https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01">
+ <ul>
+ <li>If a malicious peer supplies a certificate with a specially
+ crafted secp224k1 public key, then an attacker can cause the
+ server or client to attempt to free block of memory held on
+ stack. Depending on the platform, this could result in a Denial
+ of Service (client crash) or potentially could be exploited to
+ allow remote code execution with the same privileges as the host
+ application.</li>
+ <li>If the client and the server both support MD5 and the client
+ can be tricked to authenticate to a malicious server, then the
+ malicious server can impersonate the client. To launch this man
+ in the middle attack, the adversary has to compute a
+ chosen-prefix MD5 collision in real time. This is very expensive
+ computationally, but can be practical. Depending on the
+ platform, this could result in a Denial of Service (client crash)
+ or potentially could be exploited to allow remote code execution
+ with the same privileges as the host application.</li>
+ <li>A bug in the logic of the parsing of a PEM encoded Certificate
+ Revocation List in mbedtls_x509_crl_parse() can result in an
+ infinite loop. In versions before 1.3.10 the same bug results in
+ an infinite recursion stack overflow that usually crashes the
+ application. Methods and means of acquiring the CRLs is not part
+ of the TLS handshake and in the strict TLS setting this
+ vulnerability cannot be triggered remotely. The vulnerability
+ cannot be triggered unless the application explicitely calls
+ mbedtls_x509_crl_parse() or mbedtls_x509_crl_parse_file()on a PEM
+ formatted CRL of untrusted origin. In which case the
+ vulnerability can be exploited to launch a denial of service
+ attack against the application.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01</url>
+ </references>
+ <dates>
+ <discovery>2017-03-11</discovery>
+ <entry>2017-03-12</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a505d397-0758-11e7-8d8b-e8e0b747a45a">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <name>chromium-npapi</name>
+ <name>chromium-pulse</name>
+ <range><lt>57.0.2987.98</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html">
+ <p>36 security fixes in this release, including:</p>
+ <ul>
+ <li>[682194] High CVE-2017-5030: Memory corruption in V8. Credit to
+ Brendon Tiszka</li>
+ <li>[682020] High CVE-2017-5031: Use after free in ANGLE. Credit to
+ Looben Yang</li>
+ <li>[668724] High CVE-2017-5032: Out of bounds write in PDFium. Credit to
+ Ashfaq Ansari - Project Srishti</li>
+ <li>[676623] High CVE-2017-5029: Integer overflow in libxslt. Credit to
+ Holger Fuhrmannek</li>
+ <li>[678461] High CVE-2017-5034: Use after free in PDFium. Credit to
+ Ke Liu of Tencent's Xuanwu Lab</li>
+ <li>[688425] High CVE-2017-5035: Incorrect security UI in Omnibox. Credit to
+ Enzo Aguado</li>
+ <li>[691371] High CVE-2017-5036: Use after free in PDFium. Credit to
+ Anonymous</li>
+ <li>[679640] High CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer.
+ Credit to Yongke Wang of Tecent's Xuanwu Lab</li>
+ <li>[679649] High CVE-2017-5039: Use after free in PDFium. Credit to
+ jinmo123</li>
+ <li>[691323] Medium CVE-2017-5040: Information disclosure in V8. Credit to
+ Choongwoo Han</li>
+ <li>[642490] Medium CVE-2017-5041: Address spoofing in Omnibox. Credit to
+ Jordi Chancel</li>
+ <li>[669086] Medium CVE-2017-5033: Bypass of Content Security Policy in Blink.
+ Credit to Nicolai Grodum</li>
+ <li>[671932] Medium CVE-2017-5042: Incorrect handling of cookies in Cast.
+ Credit to Mike Ruddy</li>
+ <li>[695476] Medium CVE-2017-5038: Use after free in GuestView. Credit to
+ Anonymous</li>
+ <li>[683523] Medium CVE-2017-5043: Use after free in GuestView. Credit to
+ Anonymous</li>
+ <li>[688987] Medium CVE-2017-5044: Heap overflow in Skia. Credit to
+ Kushal Arvind Shah of Fortinet's FortiGuard Labs</li>
+ <li>[667079] Medium CVE-2017-5045: Information disclosure in XSS Auditor.
+ Credit to Dhaval Kapil</li>
+ <li>[680409] Medium CVE-2017-5046: Information disclosure in Blink. Credit to
+ Masato Kinugawa</li>
+ <li>[699618] Various fixes from internal audits, fuzzing and other initiatives</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-5030</cvename>
+ <cvename>CVE-2017-5031</cvename>
+ <cvename>CVE-2017-5032</cvename>
+ <cvename>CVE-2017-5029</cvename>
+ <cvename>CVE-2017-5034</cvename>
+ <cvename>CVE-2017-5035</cvename>
+ <cvename>CVE-2017-5036</cvename>
+ <cvename>CVE-2017-5037</cvename>
+ <cvename>CVE-2017-5039</cvename>
+ <cvename>CVE-2017-5040</cvename>
+ <cvename>CVE-2017-5041</cvename>
+ <cvename>CVE-2017-5033</cvename>
+ <cvename>CVE-2017-5042</cvename>
+ <cvename>CVE-2017-5038</cvename>
+ <cvename>CVE-2017-5043</cvename>
+ <cvename>CVE-2017-5044</cvename>
+ <cvename>CVE-2017-5045</cvename>
+ <cvename>CVE-2017-5046</cvename>
+ <url>https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html</url>
+ </references>
+ <dates>
+ <discovery>2017-03-09</discovery>
+ <entry>2017-03-12</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="89cf8cd2-0698-11e7-aa3f-001b216d295b">
+ <topic>Several Security Defects in the Bouncy Castle Crypto APIs</topic>
+ <affects>
+ <package>
+ <name>bouncycastle15</name>
+ <range><ge>1.51</ge><lt>1.56</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Legion of the Bouncy Castle reports:</p>
+ <blockquote cite="https://www.bouncycastle.org/releasenotes.html">
+ <p>Release: 1.56</p>
+ <p>2.1.4 Security Related Changes and CVE's Addressed by this Release: (multiple)</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <freebsdpr>ports/215507</freebsdpr>
+ <url>https://www.bouncycastle.org/releasenotes.html</url>
+ </references>
+ <dates>
+ <discovery>2016-12-23</discovery>
+ <entry>2017-03-12</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="41fe4724-06a2-11e7-8e3e-5453ed2e2b49">
+ <topic>kde-runtime -- kdesu: displayed command truncated by unicode string terminator</topic>
+ <affects>
+ <package>
+ <name>kde-runtime</name>
+ <range><lt>4.14.3_5</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Albert Aastals Cid reports:</p>
+ <blockquote cite="https://www.kde.org/info/security/advisory-20160930-1.txt">
+ <p>A maliciously crafted command line for kdesu can result in the
+ user only seeing part of the commands that will actually get executed
+ as super user.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-7787</cvename>
+ <mlist>http://www.openwall.com/lists/oss-security/2016/09/29/7</mlist>
+ <url>https://www.kde.org/info/security/advisory-20160930-1.txt</url>
+ </references>
+ <dates>
+ <discovery>2016-09-30</discovery>
+ <entry>2017-03-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e550fc62-069a-11e7-8e3e-5453ed2e2b49">
+ <topic>kdepimlibs -- directory traversal on KTNEF</topic>
+ <affects>
+ <package>
+ <name>kdepimlibs</name>
+ <range><lt>4.14.10_7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Albert Aastals Cid reports:</p>
+ <blockquote cite="https://www.kde.org/info/security/advisory-20170227-1.txt">
+ <p>A directory traversal issue was found in KTNEF which can be
+ exploited by tricking a user into opening a malicious winmail.dat
+ file. The issue allows to write files with the permission of the user
+ opening the winmail.dat file during extraction.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.kde.org/info/security/advisory-20170227-1.txt</url>
+ </references>
+ <dates>
+ <discovery>2017-02-27</discovery>
+ <entry>2017-03-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f714d8ab-028e-11e7-8042-50e549ebab6c">
+ <topic>kio: Information Leak when accessing https when using a malicious PAC file</topic>
+ <affects>
+ <package>
+ <name>kdelibs</name>
+ <range><lt>4.14.29_10</lt></range>
+ </package>
+ <package>
+ <name>kf5-kio</name>
+ <range><lt>5.31.0_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Albert Astals Cid reports:</p>
+ <blockquote cite="https://www.kde.org/info/security/advisory-20170228-1.txt">
+ <p>Using a malicious PAC file, and then using exfiltration methods in the PAC
+ function FindProxyForURL() enables the attacker to expose full https URLs.</p>
+ <p>This is a security issue since https URLs may contain sensitive
+ information in the URL authentication part (user:password at host), and in the
+ path and the query (e.g. access tokens).</p>
+ <p>This attack can be carried out remotely (over the LAN) since proxy settings
+ allow "Detect Proxy Configuration Automatically".
+ This setting uses WPAD to retrieve the PAC file, and an attacker who has access
+ to the victim's LAN can interfere with the WPAD protocols (DHCP/DNS+HTTP)
+ and inject his/her own malicious PAC instead of the legitimate one.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.kde.org/info/security/advisory-20170228-1.txt</url>
+ </references>
+ <dates>
+ <discovery>2017-02-28</discovery>
+ <entry>2017-03-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="82752070-0349-11e7-b48d-00e04c1ea73d">
+ <topic>wordpress -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>wordpress</name>
+ <range><lt>4.7.3,1</lt></range>
+ </package>
+ <package>
+ <name>de-wordpress</name>
+ <name>ja-wordpress</name>
+ <name>ru-wordpress</name>
+ <name>zh-wordpress-zh_CN</name>
+ <name>zh-wordpress-zh_TW</name>
+ <range><lt>4.7.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <blockquote cite="https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/">
+ <p>WordPress versions 4.7.2 and earlier are affected by six security issues.</p>
+ <ul>
+ <li>Cross-site scripting (XSS) via media file metadata.</li>
+ <li>Control characters can trick redirect URL validation.</li>
+ <li>Unintended files can be deleted by administrators using the
+ plugin deletion functionality.</li>
+ <li>Cross-site scripting (XSS) via video URL in YouTube embeds.</li>
+ <li>Cross-site scripting (XSS) via taxonomy term names.</li>
+ <li>Cross-site request forgery (CSRF) in Press This leading to
+ excessive use of server resources.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.openwall.com/lists/oss-security/2017/03/07/3</url>
+ <url>https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/</url>
+ </references>
+ <dates>
+ <discovery>2017-03-07</discovery>
+ <entry>2017-03-07</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="96eca031-1313-4daf-9be2-9d6e1c4f1eb5">
+ <topic>mozilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>52.0_1,1</lt></range>
+ </package>
+ <package>
+ <name>seamonkey</name>
+ <name>linux-seamonkey</name>
+ <range><lt>2.49</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><ge>46.0,1</ge><lt>52.0,1</lt></range>
+ <range><lt>45.8.0_1,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><ge>46.0,2</ge><lt>52.0,2</lt></range>
+ <range><lt>45.8.0_1,2</lt></range>
+ </package>
+ <package>
+ <name>libxul</name>
+ <range><ge>46.0</ge><lt>52.0</lt></range>
+ <range><lt>45.8.0_1</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <name>linux-thunderbird</name>
+ <range><ge>46.0</ge><lt>52.0</lt></range>
+ <range><lt>45.8.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/">
+ <p>CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP</p>
+ <p>CVE-2017-5401: Memory Corruption when handling ErrorResult</p>
+ <p>CVE-2017-5402: Use-after-free working with events in FontFace objects</p>
+ <p>CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object</p>
+ <p>CVE-2017-5404: Use-after-free working with ranges in selections</p>
+ <p>CVE-2017-5406: Segmentation fault in Skia with canvas operations</p>
+ <p>CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters</p>
+ <p>CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping</p>
+ <p>CVE-2017-5411: Use-after-free in Buffer Storage in libGLES</p>
+ <p>CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service</p>
+ <p>CVE-2017-5408: Cross-origin reading of video captions in violation of CORS</p>
+ <p>CVE-2017-5412: Buffer overflow read in SVG filters</p>
+ <p>CVE-2017-5413: Segmentation fault during bidirectional operations</p>
+ <p>CVE-2017-5414: File picker can choose incorrect default directory</p>
+ <p>CVE-2017-5415: Addressbar spoofing through blob URL</p>
+ <p>CVE-2017-5416: Null dereference crash in HttpChannel</p>
+ <p>CVE-2017-5417: Addressbar spoofing by draging and dropping URLs</p>
+ <p>CVE-2017-5425: Overly permissive Gecko Media Plugin sandbox regular expression access</p>
+ <p>CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running</p>
+ <p>CVE-2017-5427: Non-existent chrome.manifest file loaded during startup</p>
+ <p>CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses</p>
+ <p>CVE-2017-5419: Repeated authentication prompts lead to DOS attack</p>
+ <p>CVE-2017-5420: Javascript: URLs can obfuscate addressbar location</p>
+ <p>CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports</p>
+ <p>CVE-2017-5421: Print preview spoofing</p>
+ <p>CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink</p>
+ <p>CVE-2017-5399: Memory safety bugs fixed in Firefox 52</p>
+ <p>CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-5400</cvename>
+ <cvename>CVE-2017-5401</cvename>
+ <cvename>CVE-2017-5402</cvename>
+ <cvename>CVE-2017-5403</cvename>
+ <cvename>CVE-2017-5404</cvename>
+ <cvename>CVE-2017-5406</cvename>
+ <cvename>CVE-2017-5407</cvename>
+ <cvename>CVE-2017-5410</cvename>
+ <cvename>CVE-2017-5411</cvename>
+ <cvename>CVE-2017-5409</cvename>
+ <cvename>CVE-2017-5408</cvename>
+ <cvename>CVE-2017-5412</cvename>
+ <cvename>CVE-2017-5413</cvename>
+ <cvename>CVE-2017-5414</cvename>
+ <cvename>CVE-2017-5415</cvename>
+ <cvename>CVE-2017-5416</cvename>
+ <cvename>CVE-2017-5417</cvename>
+ <cvename>CVE-2017-5425</cvename>
+ <cvename>CVE-2017-5426</cvename>
+ <cvename>CVE-2017-5427</cvename>
+ <cvename>CVE-2017-5418</cvename>
+ <cvename>CVE-2017-5419</cvename>
+ <cvename>CVE-2017-5420</cvename>
+ <cvename>CVE-2017-5405</cvename>
+ <cvename>CVE-2017-5421</cvename>
+ <cvename>CVE-2017-5422</cvename>
+ <cvename>CVE-2017-5399</cvename>
+ <cvename>CVE-2017-5398</cvename>
+ <url>https://www.mozilla.org/security/advisories/mfsa2017-05/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2017-06/</url>
+ </references>
+ <dates>
+ <discovery>2017-03-07</discovery>
+ <entry>2017-03-07</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="71ebbc50-01c1-11e7-ae1b-002590263bf5">
+ <topic>codeigniter -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>codeigniter</name>
+ <range><lt>3.1.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The CodeIgniter changelog reports:</p>
+ <blockquote cite="https://www.codeigniter.com/user_guide/changelog.html">
+ <p>Fixed an XSS vulnerability in Security Library method xss_clean().
+ </p>
+ <p>Fixed a possible file inclusion vulnerability in Loader Library
+ method vars().</p>
+ <p>Fixed a possible remote code execution vulnerability in the Email
+ Library when ‘mail’ or ‘sendmail’ are used (thanks to Paul Buonopane
+ from NamePros).</p>
+ <p>Added protection against timing side-channel attacks in Security
+ Library method csrf_verify().</p>
+ <p>Added protection against BREACH attacks targeting the CSRF token
+ field generated by Form Helper function form_open().</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.codeigniter.com/user_guide/changelog.html</url>
+ </references>
+ <dates>
+ <discovery>2017-01-09</discovery>
+ <entry>2017-03-05</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7b35a77a-0151-11e7-ae1b-002590263bf5">
+ <topic>ikiwiki -- authentication bypass vulnerability</topic>
+ <affects>
+ <package>
+ <name>ikiwiki</name>
+ <range><lt>3.20170111</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>ikiwiki reports:</p>
+ <blockquote cite="https://ikiwiki.info/security/#index48h2">
+ <p>The ikiwiki maintainers discovered further flaws similar to
+ CVE-2016-9646 in the passwordauth plugin's use of
+ CGI::FormBuilder, with a more serious impact:</p>
+ <p>An attacker who can log in to a site with a password can log in as
+ a different and potentially more privileged user.</p>
+ <p>An attacker who can create a new account can set arbitrary fields
+ in the user database for that account</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-0356</cvename>
+ <url>https://ikiwiki.info/security/#index48h2</url>
+ </references>
+ <dates>
+ <discovery>2017-01-11</discovery>
+ <entry>2017-03-05</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="5ed094a0-0150-11e7-ae1b-002590263bf5">
+ <topic>ikiwiki -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>ikiwiki</name>
+ <range><lt>3.20161229</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mitre reports:</p>
+ <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10026">
+ <p>ikiwiki 3.20161219 does not properly check if a revision changes
+ the access permissions for a page on sites with the git and
+ recentchanges plugins and the CGI interface enabled, which allows
+ remote attackers to revert certain changes by leveraging permissions
+ to change the page before the revision was made.</p>
+ </blockquote>
+ <blockquote cite="https://ikiwiki.info/security/#index47h2">
+ <p>When CGI::FormBuilder->field("foo") is called in list context
+ (and in particular in the arguments to a subroutine that takes named
+ arguments), it can return zero or more values for foo from the CGI
+ request, rather than the expected single value. This breaks the
+ usual Perl parsing convention for named arguments, similar to
+ CVE-2014-1572 in Bugzilla (which was caused by a similar API design
+ issue in CGI.pm).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-10026</cvename>
+ <cvename>CVE-2016-9645</cvename>
+ <cvename>CVE-2016-9646</cvename>
+ <url>https://ikiwiki.info/security/#index46h2</url>
+ <url>https://ikiwiki.info/security/#index47h2</url>
+ </references>
+ <dates>
+ <discovery>2016-12-19</discovery>
+ <entry>2017-03-05</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f4eb9a25-fde0-11e6-9ad0-b8aeed92ecc4">
+ <topic>potrace -- multiple memory failure</topic>
+ <affects>
+ <package>
+ <name>potrace</name>
+ <range><lt>1.13</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>potrace reports:</p>
+ <blockquote cite="https://sourceforge.net/p/potrace/news/2017/02/potrace-114-released/">
+ <p>CVE-2016-8685: invalid memory access in findnext</p>
+ <p>CVE-2016-8686: memory allocation failure</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://sourceforge.net/p/potrace/news/2017/02/potrace-114-released/</url>
+ <cvename>CVE-2016-8685</cvename>
+ <cvename>CVE-2016-8686</cvename>
+ </references>
+ <dates>
+ <discovery>2016-10-15</discovery>
+ <entry>2017-02-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="765d165b-fbfe-11e6-aae7-5404a68ad561">
+ <topic>MPD -- buffer overflows in http output</topic>
+ <affects>
+ <package>
+ <name>musicpd</name>
+ <range><lt>0.20.5</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The MPD project reports:</p>
+ <blockquote cite="http://git.musicpd.org/cgit/master/mpd.git/plain/NEWS?h=v0.20.5">
+ <p>httpd: fix two buffer overflows in IcyMetaData length calculation</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://git.musicpd.org/cgit/master/mpd.git/plain/NEWS?h=v0.20.5</url>
+ </references>
+ <dates>
+ <discovery>2017-02-18</discovery>
+ <entry>2017-02-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="311e4b1c-f8ee-11e6-9940-b499baebfeaf">
+ <topic>cURL -- ocsp status validation error</topic>
+ <affects>
+ <package>
+ <name>curl</name>
+ <range><ge>7.52.0</ge><lt>7.53.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The cURL project reports:</p>
+ <blockquote cite="https://curl.haxx.se/docs/adv_20170222.html">
+ <p>SSL_VERIFYSTATUS ignored<br/>
+ curl and libcurl support "OCSP stapling", also known as the TLS
+ Certificate Status Request extension (using the
+ CURLOPT_SSL_VERIFYSTATUS option). When telling curl to use this
+ feature, it uses that TLS extension to ask for a fresh proof of
+ the server's certificate's validity. If the server doesn't support
+ the extension, or fails to provide said proof, curl is expected to
+ return an error.<br/>
+ Due to a coding mistake, the code that checks for a test success or
+ failure, ends up always thinking there's valid proof, even when
+ there is none or if the server doesn't support the TLS extension in
+ question. Contrary to how it used to function and contrary to how
+ this feature is documented to work.<br/>
+ This could lead to users not detecting when a server's certificate
+ goes invalid or otherwise be mislead that the server is in a better
+ shape than it is in reality.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://curl.haxx.se/docs/adv_20170222.html</url>
+ <cvename>CVE-2017-2629</cvename>
+ </references>
+ <dates>
+ <discovery>2017-02-22</discovery>
+ <entry>2017-02-22</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="8cbd9c08-f8b9-11e6-ae1b-002590263bf5">
+ <topic>xen-tools -- cirrus_bitblt_cputovideo does not check if memory region is safe</topic>
+ <affects>
+ <package>
+ <name>xen-tools</name>
+ <range><lt>4.7.1_4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-209.html">
+ <p>In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine
+ cirrus_bitblt_cputovideo fails to check wethehr the specified
+ memory region is safe. A malicious guest administrator can cause
+ an out of bounds memory write, very likely exploitable as a
+ privilege escalation.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-2620</cvename>
+ <url>http://xenbits.xen.org/xsa/advisory-209.html</url>
+ </references>
+ <dates>
+ <discovery>2017-02-21</discovery>
+ <entry>2017-02-22</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="786a7d87-f826-11e6-9436-14dae9d5a9d2">
+ <topic>fbsdmon -- information disclosure vulnerability</topic>
+ <affects>
+ <package>
+ <name>fbsdmon</name>
+ <range><ge>0</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Alan Somers reports:</p>
+ <blockquote cite="https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=217099">
+ <p>The web site used by this port, http://fbsdmon.org, has been taken over by cybersquatters. That means that users are sending their system info to an unknown party.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=217099</url>
+ </references>
+ <dates>
+ <discovery>2017-02-14</discovery>
+ <entry>2017-02-21</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f1075415-f5e9-11e6-a4e2-5404a68ad561">
+ <topic>wavpack -- multiple invalid memory reads</topic>
+ <affects>
+ <package>
+ <name>wavpack</name>
+ <range><lt>5.1.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>David Bryant reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2017/01/23/4">
+ <p>global buffer overread in read_code / read_words.c</p>
+ <p>heap out of bounds read in WriteCaffHeader / caff.c</p>
+ <p>heap out of bounds read in unreorder_channels / wvunpack.c</p>
+ <p>heap oob read in read_new_config_info / open_utils.c</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.openwall.com/lists/oss-security/2017/01/23/4</url>
+ <cvename>CVE-2016-10169</cvename>
+ <cvename>CVE-2016-10170</cvename>
+ <cvename>CVE-2016-10171</cvename>
+ <cvename>CVE-2016-10172</cvename>
+ <url>https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc</url>
+ </references>
+ <dates>
+ <discovery>2017-01-21</discovery>
+ <entry>2017-02-18</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="8fedf75c-ef2f-11e6-900e-003048f78448">
+ <topic>optipng -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>optipng</name>
+ <range><lt>0.7.6</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7802">
+ <p>ifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file.</p>
+ </blockquote>
+ <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2191">
+ <p>The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.</p>
+ </blockquote>
+ <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3981">
+ <p>Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file.</p>
+ </blockquote>
+ <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3982">
+ <p>Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-7802</cvename>
+ <cvename>CVE-2016-2191</cvename>
+ <cvename>CVE-2016-3981</cvename>
+ <cvename>CVE-2016-3982</cvename>
+ </references>
+ <dates>
+ <discovery>2015-10-09</discovery>
+ <entry>2017-02-16</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="1a802ba9-f444-11e6-9940-b499baebfeaf">
+ <topic>openssl -- crash on handshake</topic>
+ <affects>
+ <package>
+ <name>openssl-devel</name>
+ <range><lt>1.1.0e</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The OpenSSL project reports:</p>
+ <blockquote cite="https://www.openssl.org/news/secadv/20170216.txt">
+ <p>Severity: High<br/>
+ During a renegotiation handshake if the Encrypt-Then-Mac
+ extension is negotiated where it was not in the original
+ handshake (or vice-versa) then this can cause OpenSSL to
+ crash (dependent on ciphersuite). Both clients and servers
+ are affected.<br/>
+ This issue does not affect OpenSSL version 1.0.2.
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.openssl.org/news/secadv/20170216.txt</url>
+ <cvename>CVE-2017-3733</cvename>
+ </references>
+ <dates>
+ <discovery>2017-02-16</discovery>
+ <entry>2017-02-16</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="077bbadf-f2f4-11e6-92a7-902b34361349">
+ <topic>diffoscope -- arbitrary file write</topic>
+ <affects>
+ <package>
+ <name>py34-diffoscope</name>
+ <name>py35-diffoscope</name>
+ <name>py36-diffoscope</name>
+ <range><ge>67</ge><lt>76</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Ximin Luo reports:</p>
+ <blockquote cite="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854723">
+ <p>[v67] introduced a security hole where diffoscope may write to
+ arbitrary locations on disk depending on the contents of an
+ untrusted archive.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-0359</cvename>
+ <url>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854723</url>
+ </references>
+ <dates>
+ <discovery>2017-02-09</discovery>
+ <entry>2017-02-14</entry>
+ <modified>2017-02-16</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="7f9b696f-f11b-11e6-b50e-5404a68ad561">
+ <topic>ffmpeg -- heap overflow in lavf/mov.c</topic>
+ <affects>
+ <package>
+ <name>ffmpeg</name>
+ <range><lt>3.2.4,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>FFmpeg security reports:</p>
+ <blockquote cite="https://www.ffmpeg.org/security.html">
+ <p>FFmpeg 3.2.4 fixes the following vulnerabilities:
+ CVE-2017-5024, CVE-2017-5025</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-5024</cvename>
+ <url>https://www.ffmpeg.org/security.html</url>
+ <url>https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html</url>
+ <cvename>CVE-2017-5025</cvename>
+ <url>https://www.ffmpeg.org/security.html</url>
+ <url>https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html</url>
+ </references>
+ <dates>
+ <discovery>2017-01-25</discovery>
+ <entry>2017-02-12</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="79bbb8f8-f049-11e6-8a6a-bcaec565249c">
+ <topic>gtk-vnc -- bounds checking vulnabilities</topic>
+ <affects>
+ <package>
+ <name>gtk-vnc</name>
+ <range><lt>0.7.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Daniel P. Berrange reports:</p>
+ <blockquote cite="https://mail.gnome.org/archives/ftp-release-list/2017-February/msg00015.html">
+ <p>CVE-2017-5884 - fix bounds checking for RRE, hextile and
+ copyrect encodings</p>
+ <p>CVE-2017-5885 - fix color map index bounds checking.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://mail.gnome.org/archives/ftp-release-list/2017-February/msg00015.html</url>
+ <cvename>CVE-2017-5884</cvename>
+ <cvename>CVE-2017-5885</cvename>
+ </references>
+ <dates>
+ <discovery>2017-02-09</discovery>
+ <entry>2017-02-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a73aba9a-effe-11e6-ae1b-002590263bf5">
+ <topic>xen-tools -- oob access in cirrus bitblt copy</topic>
+ <affects>
+ <package>
+ <name>xen-tools</name>
+ <range><lt>4.7.1_2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-208.html">
+ <p>When doing bitblt copy backwards, qemu should negate the blit
+ width. This avoids an oob access before the start of video
+ memory.</p>
+ <p>A malicious guest administrator can cause an out of bounds memory
+ access, possibly leading to information disclosure or privilege
+ escalation.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-2615</cvename>
+ <url>http://xenbits.xen.org/xsa/advisory-208.html</url>
+ </references>
+ <dates>
+ <discovery>2017-02-10</discovery>
+ <entry>2017-02-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="fb74eacc-ec8a-11e6-bc8a-0011d823eebd">
+ <topic>tiff -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>tiff</name>
+ <range><lt>4.0.7</lt></range>
+ </package>
+ <package>
+ <name>linux-c6-libtiff</name>
+ <name>linux-c6-tiff</name>
+ <range><lt>3.9.4_5</lt></range>
+ </package>
+ <package>
+ <name>linux-c7-libtiff</name>
+ <name>linux-c7-tiff</name>
+ <range><lt>4.0.3_3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>libtiff project reports:</p>
+ <blockquote cite="http://simplesystems.org/libtiff/v4.0.7.html">
+ <p>Multiple flaws have been discovered in libtiff library and
+ utilities.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://simplesystems.org/libtiff/v4.0.7.html</url>
+ <cvename>CVE-2016-9533</cvename>
+ <cvename>CVE-2016-9534</cvename>
+ <cvename>CVE-2016-9535</cvename>
+ <cvename>CVE-2015-8870</cvename>
+ <cvename>CVE-2016-5652</cvename>
+ <cvename>CVE-2016-9540</cvename>
+ <cvename>CVE-2016-9537</cvename>
+ <cvename>CVE-2016-9536</cvename>
+ </references>
+ <dates>
+ <discovery>2016-11-19</discovery>
+ <entry>2017-02-06</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="2b63e964-eb04-11e6-9ac1-a4badb2f4699">
+ <topic>mantis -- XSS vulnerability</topic>
+ <affects>
+ <package>
+ <name>mantis</name>
+ <range><lt>1.2.19</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>wdollman reports:</p>
+ <blockquote cite="https://mantisbt.org/bugs/view.php?id=21611">
+ <p>The value of the view_type parameter on the
+ view_all_bug_page.php page is not encoded before being displayed on the
+ page.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://mantisbt.org/bugs/view.php?id=21611</url>
+ <cvename>CVE-2016-6837</cvename>
+ <freebsdpr>ports/216662</freebsdpr>
+ </references>
+ <dates>
+ <discovery>2016-08-15</discovery>
+ <entry>2017-02-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="b4ecf774-eb01-11e6-9ac1-a4badb2f4699">
+ <topic>guile2 -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>guile2</name>
+ <range><lt>2.0.13</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Ludovic Courtès reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2016/10/11/1">
+ <p>The REPL server is vulnerable to
+ the HTTP inter-protocol attack</p>
+ <p>The ‘mkdir’ procedure of GNU Guile, an implementation of
+ the Scheme programming language, temporarily changed the process’ umask
+ to zero. During that time window, in a multithreaded application, other
+ threads could end up creating files with insecure permissions.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.openwall.com/lists/oss-security/2016/10/11/1</url>
+ <url>http://www.openwall.com/lists/oss-security/2016/10/12/2</url>
+ <cvename>CVE-2016-8605</cvename>
+ <cvename>CVE-2016-8606</cvename>
+ <freebsdpr>ports/216663</freebsdpr>
+ </references>
+ <dates>
+ <discovery>2016-10-12</discovery>
+ <entry>2017-02-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="c6932dd4-eaff-11e6-9ac1-a4badb2f4699">
+ <topic>chicken -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chicken</name>
+ <range><lt>4.12,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Peter Bex reports:</p>
+ <blockquote cite="http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html">
+ <p>A buffer overflow error was found in the POSIX unit's procedures
+ process-execute and process-spawn.</p>
+ <p>Additionally, a memory leak existed in this code, which would be
+ triggered when an error is raised during argument and environment
+ processing.</p>
+ </blockquote>
+ <blockquote cite="http://lists.nongnu.org/archive/html/chicken-announce/2016-12/msg00000.html">
+ <p>Irregex versions before 0.9.6 contain a resource exhaustion
+ vulnerability: when compiling deeply nested regexes containing the
+ "+" operator due to exponential expansion behaviour.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html</url>
+ <cvename>CVE-2016-6830</cvename>
+ <cvename>CVE-2016-6831</cvename>
+ <cvename>CVE-2016-9954</cvename>
+ <freebsdpr>ports/216661</freebsdpr>
+ </references>
+ <dates>
+ <discovery>2016-08-12</discovery>
+ <entry>2017-02-04</entry>
+ <modified>2017-03-05</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="a130bd8c-eafe-11e6-9ac1-a4badb2f4699">
+ <topic>libebml -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>libebml</name>
+ <range><lt>1.3.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mortiz Bunkus reports:</p>
+ <blockquote cite="https://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html">
+ <p>Multiple invalid memory accesses vulnerabilities.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html</url>
+ <cvename>CVE-2015-8789</cvename>
+ <cvename>CVE-2015-8790</cvename>
+ <cvename>CVE-2015-8791</cvename>
+ <freebsdpr>ports/216659</freebsdpr>
+ </references>
+ <dates>
+ <discovery>2015-10-20</discovery>
+ <entry>2017-02-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="5b1631dc-eafd-11e6-9ac1-a4badb2f4699">
+ <topic>freeimage -- code execution vulnerability</topic>
+ <affects>
+ <package>
+ <name>freeimage</name>
+ <range><ge>0</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>TALOS reports:</p>
+ <blockquote cite="http://www.talosintelligence.com/reports/TALOS-2016-0189/">
+ <p>An exploitable out-of-bounds write vulnerability exists in
+ the XMP image handling functionality of the FreeImage library.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.talosintelligence.com/reports/TALOS-2016-0189/</url>
+ <cvename>CVE-2016-5684</cvename>
+ <freebsdpr>ports/216657</freebsdpr>
+ </references>
+ <dates>
+ <discovery>2016-10-03</discovery>
+ <entry>2017-02-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="5a9b3d70-48e2-4267-b196-83064cb14fe0">
+ <topic>shotwell -- failure to encrypt authentication</topic>
+ <affects>
+ <package>
+ <name>shotwell</name>
+ <range><lt>0.24.5</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jens Georg reports:</p>
+ <blockquote cite="https://mail.gnome.org/archives/shotwell-list/2017-January/msg00048.html">
+ <p>I have just released Shotwell 0.24.5 and 0.25.4 which turn
+ on HTTPS encyption all over the publishing plugins.</p>
+ <p>Users using Tumblr and Yandex.Fotki publishing are strongly
+ advised to change their passwords and reauthenticate Shotwell
+ to those services after upgrade.</p>
+ <p>Users of Picasa and Youtube publishing are strongly advised
+ to reauthenticate (Log out and back in) Shotwell to those
+ services after upgrade.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://mail.gnome.org/archives/shotwell-list/2017-January/msg00048.html</url>
+ </references>
+ <dates>
+ <discovery>2017-01-31</discovery>
+ <entry>2017-02-01</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="5cfa9d0c-73d7-4642-af4f-28fbed9e9404">
+ <topic>jenkins -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>jenkins</name>
+ <range><lt>2.44</lt></range>
+ </package>
+ <package>
+ <name>jenkins-lts</name>
+ <range><lt>2.32.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jenkins Security Advisory:</p>
+ <blockquote cite="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2017-02-01">
+ <h1>Description</h1>
+ <h5>SECURITY-304 / CVE-2017-2598</h5>
+ <p>Use of AES ECB block cipher mode without IV for encrypting secrets</p>
+ <h5>SECURITY-321 / CVE-2017-2599</h5>
+ <p>Items could be created with same name as existing item</p>
+ <h5>SECURITY-343 / CVE-2017-2600</h5>
+ <p>Node monitor data could be viewed by low privilege users</p>
+ <h5>SECURITY-349 / CVE-2011-4969</h5>
+ <p>Possible cross-site scripting vulnerability in jQuery bundled with timeline widget</p>
+ <h5>SECURITY-353 / CVE-2017-2601</h5>
+ <p>Persisted cross-site scripting vulnerability in parameter names and descriptions</p>
+ <h5>SECURITY-354 / CVE-2015-0886</h5>
+ <p>Outdated jbcrypt version bundled with Jenkins</p>
+ <h5>SECURITY-358 / CVE-2017-2602</h5>
+ <p>Pipeline metadata files not blacklisted in agent-to-master security subsystem</p>
+ <h5>SECURITY-362 / CVE-2017-2603</h5>
+ <p>User data leak in disconnected agents' config.xml API</p>
+ <h5>SECURITY-371 / CVE-2017-2604</h5>
+ <p>Low privilege users were able to act on administrative monitors</p>
+ <h5>SECURITY-376 / CVE-2017-2605</h5>
+ <p>Re-key admin monitor leaves behind unencrypted credentials in upgraded installations</p>
+ <h5>SECURITY-380 / CVE-2017-2606</h5>
+ <p>Internal API allowed access to item names that should not be visible</p>
+ <h5>SECURITY-382 / CVE-2017-2607</h5>
+ <p>Persisted cross-site scripting vulnerability in console notes</p>
+ <h5>SECURITY-383 / CVE-2017-2608</h5>
+ <p>XStream remote code execution vulnerability</p>
+ <h5>SECURITY-385 / CVE-2017-2609</h5>
+ <p>Information disclosure vulnerability in search suggestions</p>
+ <h5>SECURITY-388 / CVE-2017-2610</h5>
+ <p>Persisted cross-site scripting vulnerability in search suggestions</p>
+ <h5>SECURITY-389 / CVE-2017-2611</h5>
+ <p>Insufficient permission check for periodic processes</p>
+ <h5>SECURITY-392 / CVE-2017-2612</h5>
+ <p>Low privilege users were able to override JDK download credentials</p>
+ <h5>SECURITY-406 / CVE-2017-2613</h5>
+ <p>User creation CSRF using GET by admins</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-2598</cvename>
+ <cvename>CVE-2017-2599</cvename>
+ <cvename>CVE-2017-2600</cvename>
+ <cvename>CVE-2011-4969</cvename>
+ <cvename>CVE-2017-2601</cvename>
+ <cvename>CVE-2015-0886</cvename>
+ <cvename>CVE-2017-2602</cvename>
+ <cvename>CVE-2017-2603</cvename>
+ <cvename>CVE-2017-2604</cvename>
+ <cvename>CVE-2017-2605</cvename>
+ <cvename>CVE-2017-2606</cvename>
+ <cvename>CVE-2017-2607</cvename>
+ <cvename>CVE-2017-2608</cvename>
+ <cvename>CVE-2017-2609</cvename>
+ <cvename>CVE-2017-2610</cvename>
+ <cvename>CVE-2017-2611</cvename>
+ <cvename>CVE-2017-2612</cvename>
+ <cvename>CVE-2017-2613</cvename>
+ <url>https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2017-02-01</url>
+ </references>
+ <dates>
+ <discovery>2017-02-01</discovery>
+ <entry>2017-02-01</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="14ea4458-e5cd-11e6-b56d-38d547003487">
+ <topic>wordpress -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>wordpress</name>
+ <range><lt>4.7.2,1</lt></range>
+ </package>
+ <package>
+ <name>de-wordpress</name>
+ <name>ja-wordpress</name>
+ <name>ru-wordpress</name>
+ <name>zh-wordpress-zh_CN</name>
+ <name>zh-wordpress-zh_TW</name>
+ <range><lt>4.7.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Aaron D. Campbell reports:</p>
+ <blockquote cite="https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/">
+ <p>WordPress versions 4.7.1 and earlier are affected by three security
+ issues:</p>
+ <ul>
+ <li>The user interface for assigning taxonomy terms in Press This is
+ shown to users who do not have permissions to use it.</li>
+ <li>WP_Query is vulnerable to a SQL injection (SQLi) when passing
+ unsafe data. WordPress core is not directly vulnerable to this
+ issue, but we’ve added hardening to prevent plugins and
+ themes from accidentally causing a vulnerability.</li>
+ <li>A cross-site scripting (XSS) vulnerability was discovered in the
+ posts list table.</li>
+ <li>An unauthenticated privilege escalation vulnerability was
+ discovered in a REST API endpoint.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-5610</cvename>
+ <cvename>CVE-2017-5611</cvename>
+ <cvename>CVE-2017-5612</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2017/01/28/5</url>
+ <url>https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/</url>
+ <url>https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/</url>
+ </references>
+ <dates>
+ <discovery>2017-01-26</discovery>
+ <entry>2017-01-29</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6e83b2f3-e4e3-11e6-9ac1-a4badb2f4699">
+ <topic>nfsen -- remote command execution</topic>
+ <affects>
+ <package>
+ <name>nfsen</name>
+ <range><lt>1.3.7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Peter Haag reports:</p>
+ <blockquote cite="https://sourceforge.net/p/nfsen/mailman/message/35623845/">
+ <p>A remote attacker with access to the web interface to
+ execute arbitrary commands on the host operating system.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://sourceforge.net/p/nfsen/mailman/message/35623845/</url>
+ </references>
+ <dates>
+ <discovery>2017-01-24</discovery>
+ <entry>2017-01-27</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="4b9ca994-e3d9-11e6-813d-e8e0b747a45a">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <name>chromium-npapi</name>
+ <name>chromium-pulse</name>
+ <range><lt>56.0.2924.76</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html">
+ <p>51 security fixes in this release, including:</p>
+ <ul>
+ <li>[671102] High CVE-2017-5007: Universal XSS in Blink. Credit to
+ Mariusz Mlynski</li>
+ <li>[673170] High CVE-2017-5006: Universal XSS in Blink. Credit to
+ Mariusz Mlynski</li>
+ <li>[668552] High CVE-2017-5008: Universal XSS in Blink. Credit to
+ Mariusz Mlynski</li>
+ <li>[663476] High CVE-2017-5010: Universal XSS in Blink. Credit to
+ Mariusz Mlynski</li>
+ <li>[662859] High CVE-2017-5011: Unauthorised file access in Devtools.
+ Credit to Khalil Zhani</li>
+ <li>[667504] High CVE-2017-5009: Out of bounds memory access in WebRTC.
+ Credit to Sean Stanek and Chip Bradford</li>
+ <li>[681843] High CVE-2017-5012: Heap overflow in V8. Credit to
+ Gergely Nagy (Tresorit)</li>
+ <li>[677716] Medium CVE-2017-5013: Address spoofing in Omnibox.
+ Credit to Haosheng Wang (@gnehsoah)</li>
+ <li>[675332] Medium CVE-2017-5014: Heap overflow in Skia. Credit to
+ sweetchip</li>
+ <li>[673971] Medium CVE-2017-5015: Address spoofing in Omnibox.
+ Credit to Armin Razmdjou</li>
+ <li>[666714] Medium CVE-2017-5019: Use after free in Renderer.
+ Credit to Wadih Matar</li>
+ <li>[673163] Medium CVE-2017-5016: UI spoofing in Blink. Credit to
+ Haosheng Wang (@gnehsoah)</li>
+ <li>[676975] Medium CVE-2017-5017: Uninitialised memory access in webm video.
+ Credit to danberm</li>
+ <li>[668665] Medium CVE-2017-5018: Universal XSS in chrome://apps.
+ Credit to Rob Wu</li>
+ <li>[668653] Medium CVE-2017-5020: Universal XSS in chrome://downloads.
+ Credit to Rob Wu</li>
+ <li>[663726] Low CVE-2017-5021: Use after free in Extensions. Credit to
+ Rob Wu</li>
+ <li>[663620] Low CVE-2017-5022: Bypass of Content Security Policy in Blink.
+ Credit to Pujun Li of PKAV Team</li>
+ <li>[651443] Low CVE-2017-5023: Type confunsion in metrics. Credit to the
+ UK's National Cyber Security Centre (NCSC)</li>
+ <li>[643951] Low CVE-2017-5024: Heap overflow in FFmpeg. Credit to
+ Paul Mehta</li>
+ <li>[643950] Low CVE-2017-5025: Heap overflow in FFmpeg. Credit to
+ Paul Mehta</li>
+ <li>[634108] Low CVE-2017-5026: UI spoofing. Credit to Ronni Skansing</li>
+ <li>[685349] Various fixes from internal audits, fuzzing and other initiatives</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-5007</cvename>
+ <cvename>CVE-2017-5006</cvename>
+ <cvename>CVE-2017-5008</cvename>
+ <cvename>CVE-2017-5010</cvename>
+ <cvename>CVE-2017-5011</cvename>
+ <cvename>CVE-2017-5009</cvename>
+ <cvename>CVE-2017-5012</cvename>
+ <cvename>CVE-2017-5013</cvename>
+ <cvename>CVE-2017-5014</cvename>
+ <cvename>CVE-2017-5015</cvename>
+ <cvename>CVE-2017-5019</cvename>
+ <cvename>CVE-2017-5016</cvename>
+ <cvename>CVE-2017-5017</cvename>
+ <cvename>CVE-2017-5018</cvename>
+ <cvename>CVE-2017-2020</cvename>
+ <cvename>CVE-2017-2021</cvename>
+ <cvename>CVE-2017-2022</cvename>
+ <cvename>CVE-2017-2023</cvename>
+ <cvename>CVE-2017-2024</cvename>
+ <cvename>CVE-2017-2025</cvename>
+ <cvename>CVE-2017-2026</cvename>
+ <url>https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html</url>
+ </references>
+ <dates>
+ <discovery>2017-01-25</discovery>
+ <entry>2017-01-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="d455708a-e3d3-11e6-9940-b499baebfeaf">
+ <topic>OpenSSL -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>openssl</name>
+ <range><lt>1.0.2k,1</lt></range>
+ </package>
+ <package>
+ <name>openssl-devel</name>
+ <range><lt>1.1.0d</lt></range>
+ </package>
+ <package>
+ <name>linux-c6-openssl</name>
+ <range><lt>1.0.1e_13</lt></range>
+ </package>
+ <package>
+ <name>linux-c7-openssl-libs</name>
+ <range><lt>1.0.1e_3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The OpenSSL project reports:</p>
+ <blockquote cite="https://www.openssl.org/news/secadv/20170126.txt">
+ <ul>
+ <li>Truncated packet could crash via OOB read (CVE-2017-3731)<br/>
+ Severity: Moderate<br/>
+ If an SSL/TLS server or client is running on a 32-bit host, and a specific
+ cipher is being used, then a truncated packet can cause that server or client
+ to perform an out-of-bounds read, usually resulting in a crash.</li>
+ <li>Bad (EC)DHE parameters cause a client crash (CVE-2017-3730)<br/>
+ Severity: Moderate<br/>
+ If a malicious server supplies bad parameters for a DHE or ECDHE key exchange
+ then this can result in the client attempting to dereference a NULL pointer
+ leading to a client crash. This could be exploited in a Denial of Service
+ attack.</li>
+ <li>BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)<br/>
+ Severity: Moderate<br/>
+ There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No
+ EC algorithms are affected. Analysis suggests that attacks against RSA and DSA
+ as a result of this defect would be very difficult to perform and are not
+ believed likely. Attacks against DH are considered just feasible (although very
+ difficult) because most of the work necessary to deduce information
+ about a private key may be performed offline. The amount of resources
+ required for such an attack would be very significant and likely only
+ accessible to a limited number of attackers. An attacker would
+ additionally need online access to an unpatched system using the target
+ private key in a scenario with persistent DH parameters and a private
+ key that is shared between multiple clients. For example this can occur by
+ default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very
+ similar to CVE-2015-3193 but must be treated as a separate problem.</li>
+ <li>Montgomery multiplication may produce incorrect results (CVE-2016-7055)<br/>
+ Severity: Low<br/>
+ There is a carry propagating bug in the Broadwell-specific Montgomery
+ multiplication procedure that handles input lengths divisible by, but
+ longer than 256 bits. (OpenSSL 1.0.2 only)<br/>
+ This issue was previously fixed in 1.1.0c</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.openssl.org/news/secadv/20170126.txt</url>
+ <cvename>CVE-2016-7055</cvename>
+ <cvename>CVE-2017-3730</cvename>
+ <cvename>CVE-2017-3731</cvename>
+ <cvename>CVE-2017-3732</cvename>
+ </references>
+ <dates>
+ <discovery>2017-01-26</discovery>
+ <entry>2017-01-26</entry>
+ <modified>2017-02-22</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="e60169c4-aa86-46b0-8ae2-0d81f683df09">
+ <topic>mozilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>51.0_1,1</lt></range>
+ </package>
+ <package>
+ <name>seamonkey</name>
+ <name>linux-seamonkey</name>
+ <range><lt>2.48</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>45.7.0,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>45.7.0,2</lt></range>
+ </package>
+ <package>
+ <name>libxul</name>
+ <name>thunderbird</name>
+ <name>linux-thunderbird</name>
+ <range><lt>45.7.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/">
+ <p>CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7</p>
+ <p>CVE-2017-5374: Memory safety bugs fixed in Firefox 51</p>
+ <p>CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP</p>
+ <p>CVE-2017-5376: Use-after-free in XSL</p>
+ <p>CVE-2017-5377: Memory corruption with transforms to create gradients in Skia</p>
+ <p>CVE-2017-5378: Pointer and frame data leakage of Javascript objects</p>
+ <p>CVE-2017-5379: Use-after-free in Web Animations</p>
+ <p>CVE-2017-5380: Potential use-after-free during DOM manipulations</p>
+ <p>CVE-2017-5381: Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations</p>
+ <p>CVE-2017-5382: Feed preview can expose privileged content errors and exceptions</p>
+ <p>CVE-2017-5383: Location bar spoofing with unicode characters</p>
+ <p>CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)</p>
+ <p>CVE-2017-5385: Data sent in multipart channels ignores referrer-policy response headers</p>
+ <p>CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions</p>
+ <p>CVE-2017-5387: Disclosure of local file existence through TRACK tag error messages</p>
+ <p>CVE-2017-5388: WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks</p>
+ <p>CVE-2017-5389: WebExtensions can install additional add-ons via modified host requests</p>
+ <p>CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer</p>
+ <p>CVE-2017-5391: Content about: pages can load privileged about: pages</p>
+ <p>CVE-2017-5392: Weak references using multiple threads on weak proxy objects lead to unsafe memory usage</p>
+ <p>CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for mozAddonManager</p>
+ <p>CVE-2017-5394: Android location bar spoofing using fullscreen and JavaScript events</p>
+ <p>CVE-2017-5395: Android location bar spoofing during scrolling</p>
+ <p>CVE-2017-5396: Use-after-free with Media Decoder</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-5373</cvename>
+ <cvename>CVE-2017-5374</cvename>
+ <cvename>CVE-2017-5375</cvename>
+ <cvename>CVE-2017-5376</cvename>
+ <cvename>CVE-2017-5377</cvename>
+ <cvename>CVE-2017-5378</cvename>
+ <cvename>CVE-2017-5379</cvename>
+ <cvename>CVE-2017-5380</cvename>
+ <cvename>CVE-2017-5381</cvename>
+ <cvename>CVE-2017-5382</cvename>
+ <cvename>CVE-2017-5383</cvename>
+ <cvename>CVE-2017-5384</cvename>
+ <cvename>CVE-2017-5385</cvename>
+ <cvename>CVE-2017-5386</cvename>
+ <cvename>CVE-2017-5387</cvename>
+ <cvename>CVE-2017-5388</cvename>
+ <cvename>CVE-2017-5389</cvename>
+ <cvename>CVE-2017-5390</cvename>
+ <cvename>CVE-2017-5391</cvename>
+ <cvename>CVE-2017-5392</cvename>
+ <cvename>CVE-2017-5393</cvename>
+ <cvename>CVE-2017-5394</cvename>
+ <cvename>CVE-2017-5395</cvename>
+ <cvename>CVE-2017-5396</cvename>
+ <url>https://www.mozilla.org/security/advisories/mfsa2017-01/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2017-02/</url>
+ </references>
+ <dates>
+ <discovery>2017-01-24</discovery>
+ <entry>2017-01-24</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7721562b-e20a-11e6-b2e2-6805ca0b3d42">
+ <topic>phpMyAdmin -- Multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>phpMyAdmin</name>
+ <range><ge>4.6.0</ge><lt>4.6.6</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The phpMyAdmin development team reports:</p>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2017-1/">
+ <h3>Summary</h3>
+ <p>Open redirect</p>
+ <h3>Description</h3>
+ <p>It was possible to trick phpMyAdmin to redirect to
+ insecure using special request path.</p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be non critical.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2017-2/">
+ <h3>Summary</h3>
+ <p>php-gettext code execution</p>
+ <h3>Description</h3>
+ <p>The php-gettext library can suffer to code
+ execution. However there is no way to trigger this inside
+ phpMyAdmin.</p>
+ <h3>Severity</h3>
+ <p>We consider this to be minor.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2017-3/">
+ <h3>Summary</h3>
+ <p>DOS vulnerabiltiy in table editing</p>
+ <h3>Description</h3>
+ <p>It was possible to trigger recursive include operation by
+ crafter parameters when editing table data.</p>
+ <h3>Severity</h3>
+ <p>We consider this to be non critical.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2017-4/">
+ <h3>Summary</h3>
+ <p>CSS injection in themes</p>
+ <h3>Description</h3>
+ <p>It was possible to cause CSS injection in themes by
+ crafted cookie parameters.</p>
+ <h3>Severity</h3>
+ <p>We consider this to be non critical.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2017-5/">
+ <h3>Summary</h3>
+ <p>Cookie attribute injection attack</p>
+ <h3>Description</h3>
+ <p>A vulnerability was found where, under some
+ circumstances, an attacker can inject arbitrary values in
+ the browser cookies. This was incompletely fixed in <a href="https://www.phpmyadmin.net/security/PMASA-2016-18/">PMASA-2016-18</a>.</p>
+ <h3>Severity</h3>
+ <p>We consider this to be non-critical.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2017-6/">
+ <h3>Summary</h3>
+ <p>SSRF in replication</p>
+ <h3>Description</h3>
+ <p>For a user with appropriate MySQL privileges it was
+ possible to connect to arbitrary host.</p>
+ <h3>Severity</h3>
+ <p>We consider this to be non-critical.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2017-7/">
+ <h3>Summary</h3>
+ <p>DOS in replication status</p>
+ <h3>Description</h3>
+ <p>It was possible to trigger DOS in replication status by
+ specially crafted table name.</p>
+ <h3>Severity</h3>
+ <p>We consider this to be non critical.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.phpmyadmin.net/security/PMASA-2017-1</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2017-2</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2017-3</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2017-4</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2017-5</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2017-6</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2017-7</url>
+ <cvename>CVE-2015-8980</cvename>
+ </references>
+ <dates>
+ <discovery>2017-01-24</discovery>
+ <entry>2017-01-24</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a4b7def1-e165-11e6-9d84-90e2ba9881c8">
+ <topic>Intel(R) NVMUpdate -- Intel(R) Ethernet Controller X710/XL710 NVM Security Vulnerability</topic>
+ <affects>
+ <package>
+ <name>intel-nvmupdate</name>
+ <range><lt>5.05</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Intel Corporaion reports:</p>
+ <blockquote cite="https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00063&languageid=en-fr">
+ <p>A security vulnerability in the Intel(R) Ethernet Controller X710
+ and Intel(R) Ethernet Controller XL710 family of products
+ (Fortville) has been found in the Non-Volatile Flash Memory (NVM)
+ image.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00063&languageid=en-fr</url>
+ <cvename>CVE-2016-8106</cvename>
+ </references>
+ <dates>
+ <discovery>2017-01-09</discovery>
+ <entry>2017-01-23</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="709e025a-de8b-11e6-a9a5-b499baebfeaf">
+ <topic>PHP -- undisclosed vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>php56</name>
+ <range><lt>5.6.30</lt></range>
+ </package>
+ <package>
+ <name>php70</name>
+ <range><lt>7.0.15</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The PHP project reports:</p>
+ <blockquote cite="http://php.net/archive/2017.php#id2017-01-19-2">
+ <p>The PHP development team announces the immediate availability of
+ PHP 7.0.15. This is a security release. Several security bugs were
+ fixed in this release.</p>
+ </blockquote>
+ <blockquote cite="http://php.net/archive/2017.php#id2017-01-19-3">
+ <p>The PHP development team announces the immediate availability of
+ PHP 5.6.30. This is a security release. Several security bugs were
+ fixed in this release.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://php.net/archive/2017.php#id2017-01-19-2</url>
+ <url>http://php.net/archive/2017.php#id2017-01-19-3</url>
+ </references>
+ <dates>
+ <discovery>2017-01-19</discovery>
+ <entry>2017-01-19</entry>
+ <modified>2017-01-20</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="57facd35-ddf6-11e6-915d-001b3856973b">
+ <topic>icoutils -- check_offset overflow on 64-bit systems</topic>
+ <affects>
+ <package>
+ <name>icoutils</name>
+ <range><lt>0.31.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Choongwoo Han reports:</p>
+ <blockquote cite="http://seclists.org/oss-sec/2017/q1/38">
+ <p>An exploitable crash exists in the wrestool utility on 64-bit systems
+ where the result of subtracting two pointers exceeds the size of int.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-5208</cvename>
+ <cvename>CVE-2017-5331</cvename>
+ <cvename>CVE-2017-5332</cvename>
+ <cvename>CVE-2017-5333</cvename>
+ <url>http://seclists.org/oss-sec/2017/q1/38</url>
+ </references>
+ <dates>
+ <discovery>2017-01-03</discovery>
+ <entry>2017-01-19</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="4d2f9d09-ddb7-11e6-a9a5-b499baebfeaf">
+ <topic>mysql -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>mariadb55-server</name>
+ <range><lt>5.5.54</lt></range>
+ </package>
+ <package>
+ <name>mariadb100-server</name>
+ <range><lt>10.0.30</lt></range>
+ </package>
+ <package>
+ <name>mariadb101-server</name>
+ <range><lt>10.1.22</lt></range>
+ </package>
+ <package>
+ <name>mysql55-server</name>
+ <range><lt>5.5.54</lt></range>
+ </package>
+ <package>
+ <name>mysql56-server</name>
+ <range><lt>5.6.35</lt></range>
+ </package>
+ <package>
+ <name>mysql57-server</name>
+ <range><lt>5.7.17</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Oracle reports:</p>
+ <blockquote cite="http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL">
+ <p>No further details have been provided in the Critical Patch Update</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL</url>
+ <cvename>CVE-2016-8318</cvename>
+ <cvename>CVE-2017-3312</cvename>
+ <cvename>CVE-2017-3258</cvename>
+ <cvename>CVE-2017-3273</cvename>
+ <cvename>CVE-2017-3244</cvename>
+ <cvename>CVE-2017-3257</cvename>
+ <cvename>CVE-2017-3238</cvename>
+ <cvename>CVE-2017-3256</cvename>
+ <cvename>CVE-2017-3291</cvename>
+ <cvename>CVE-2017-3265</cvename>
+ <cvename>CVE-2017-3251</cvename>
+ <cvename>CVE-2017-3313</cvename>
+ <cvename>CVE-2017-3243</cvename>
+ <cvename>CVE-2016-8327</cvename>
+ <cvename>CVE-2017-3317</cvename>
+ <cvename>CVE-2017-3318</cvename>
+ <cvename>CVE-2017-3319</cvename>
+ <cvename>CVE-2017-3320</cvename>
+ </references>
+ <dates>
+ <discovery>2017-01-18</discovery>
+ <entry>2017-01-18</entry>
+ <modified>2017-03-14</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="e3200958-dd6c-11e6-ae1b-002590263bf5">
+ <topic>powerdns -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>powerdns</name>
+ <range><lt>3.4.11</lt></range>
+ <range><ge>4.0.0</ge><lt>4.0.2</lt></range>
+ </package>
+ <package>
+ <name>powerdns-recursor</name>
+ <range><lt>3.7.4</lt></range>
+ <range><ge>4.0.0</ge><lt>4.0.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>PowerDNS reports:</p>
+ <blockquote cite="https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/">
+ <p>2016-02: Crafted queries can cause abnormal CPU usage</p>
+ </blockquote>
+ <blockquote cite="https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/">
+ <p>2016-03: Denial of service via the web server</p>
+ </blockquote>
+ <blockquote cite="https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/">
+ <p>2016-04: Insufficient validation of TSIG signatures</p>
+ </blockquote>
+ <blockquote cite="https://doc.powerdns.com/md/security/powerdns-advisory-2016-05/">
+ <p>2016-05: Crafted zone record can cause a denial of service</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-7068</cvename>
+ <cvename>CVE-2016-7072</cvename>
+ <cvename>CVE-2016-7073</cvename>
+ <cvename>CVE-2016-7074</cvename>
+ <cvename>CVE-2016-2120</cvename>
+ <freebsdpr>ports/216135</freebsdpr>
+ <freebsdpr>ports/216136</freebsdpr>
+ <url>https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/</url>
+ <url>https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/</url>
+ <url>https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/</url>
+ <url>https://doc.powerdns.com/md/security/powerdns-advisory-2016-05/</url>
+ <url>https://blog.powerdns.com/2017/01/13/powerdns-authoritative-server-4-0-2-released/</url>
+ <url>https://blog.powerdns.com/2017/01/13/powerdns-recursor-4-0-4-released/</url>
+ </references>
+ <dates>
+ <discovery>2016-12-15</discovery>
+ <entry>2017-01-18</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="4af92a40-db33-11e6-ae1b-002590263bf5">
+ <topic>groovy -- remote execution of untrusted code/DoS vulnerability</topic>
+ <affects>
+ <package>
+ <name>groovy</name>
+ <range><ge>1.7.0</ge><lt>2.4.8</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Apache Groovy project reports:</p>
+ <blockquote cite="http://groovy-lang.org/security.html">
+ <p>When an application with Groovy on classpath uses standard Java
+ serialization mechanisms, e.g. to communicate between servers or to
+ store local data, it is possible for an attacker to bake a special
+ serialized object that will execute code directly when deserialized.
+ All applications which rely on serialization and do not isolate the
+ code which deserializes objects are subject to this vulnerability.
+ This is similar to CVE-2015-3253 but this exploit involves extra
+ wrapping of objects and catching of exceptions which are now safe
+ guarded against.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-6814</cvename>
+ <url>http://groovy-lang.org/security.html</url>
+ </references>
+ <dates>
+ <discovery>2016-09-20</discovery>
+ <entry>2017-01-15</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6aa956fb-d97f-11e6-a071-001e67f15f5a">
+ <topic>RabbitMQ -- Authentication vulnerability</topic>
+ <affects>
+ <package>
+ <name>rabbitmq</name>
+ <range><ge>3.0.0</ge><lt>3.5.8</lt></range>
+ <range><ge>3.6.0</ge><lt>3.6.6</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Pivotal.io reports:</p>
+ <blockquote cite="https://pivotal.io/security/cve-2016-9877">
+ <p>MQTT (MQ Telemetry Transport) connection authentication with a
+ username/password pair succeeds if an existing username is
+ provided but the password is omitted from the connection
+ request. Connections that use TLS with a client-provided
+ certificate are not affected.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-9877</cvename>
+ <url>https://pivotal.io/security/cve-2016-9877</url>
+ <url>https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_6</url>
+ </references>
+ <dates>
+ <discovery>2016-12-06</discovery>
+ <entry>2017-01-15</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="b180d1fb-dac6-11e6-ae1b-002590263bf5">
+ <topic>wordpress -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>wordpress</name>
+ <range><lt>4.7.1,1</lt></range>
+ </package>
+ <package>
+ <name>de-wordpress</name>
+ <name>ja-wordpress</name>
+ <name>ru-wordpress</name>
+ <name>zh-wordpress-zh_CN</name>
+ <name>zh-wordpress-zh_TW</name>
+ <range><lt>4.7.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Aaron D. Campbell reports:</p>
+ <blockquote cite="https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/">
+ <p>WordPress versions 4.7 and earlier are affected by eight security
+ issues...</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-5487</cvename>
+ <cvename>CVE-2017-5488</cvename>
+ <cvename>CVE-2017-5489</cvename>
+ <cvename>CVE-2017-5490</cvename>
+ <cvename>CVE-2017-5491</cvename>
+ <cvename>CVE-2017-5492</cvename>
+ <cvename>CVE-2017-5493</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2017/01/14/6</url>
+ <url>https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/</url>
+ </references>
+ <dates>
+ <discovery>2017-01-11</discovery>
+ <entry>2017-01-15</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e5186c65-d729-11e6-a9a5-b499baebfeaf">
+ <topic>mysql -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>mysql57-client</name>
+ <name>mysql57-server</name>
+ <range><lt>5.7.15</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Oracle reports:</p>
+ <blockquote cite="http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html">
+ <p>Local security vulnerability in 'Server: Packaging' sub component.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <bid>93617</bid>
+ <cvename>CVE-2016-5625</cvename>
+ <url>http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html</url>
+ </references>
+ <dates>
+ <discovery>2016-10-18</discovery>
+ <entry>2017-01-14</entry>
+ <modified>2017-01-15</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="22373c43-d728-11e6-a9a5-b499baebfeaf">
+ <topic>MySQL -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>mariadb55-client</name>
+ <name>mariadb55-server</name>
+ <range><lt>5.5.52</lt></range>
+ </package>
+ <package>
+ <name>mariadb100-client</name>
+ <name>mariadb100-server</name>
+ <range><lt>10.0.28</lt></range>
+ </package>
+ <package>
+ <name>mariadb101-client</name>
+ <name>mariadb101-server</name>
+ <range><lt>10.1.18</lt></range>
+ </package>
+ <package>
+ <name>mysql55-client</name>
+ <name>mysql55-server</name>
+ <range><lt>5.5.52</lt></range>
+ </package>
+ <package>
+ <name>mysql56-client</name>
+ <name>mysql56-server</name>
+ <range><lt>5.6.33</lt></range>
+ </package>
+ <package>
+ <name>mysql57-client</name>
+ <name>mysql57-server</name>
+ <range><lt>5.7.15</lt></range>
+ </package>
+ <package>
+ <name>percona55-client</name>
+ <name>percona55-server</name>
+ <range><lt>5.5.51.38.2</lt></range>
+ </package>
+ <package>
+ <name>percona56-client</name>
+ <name>percona56-server</name>
+ <range><lt>5.6.32.78.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The MySQL project reports:</p>
+ <blockquote cite="http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixMSQL">
+ <ul>
+ <li>CVE-2016-3492: Remote security vulnerability in 'Server: Optimizer'
+ sub component.</li>
+ <li>CVE-2016-5616, CVE-2016-6663: Race condition allows local users with
+ certain permissions to gain privileges by leveraging use of my_copystat
+ by REPAIR TABLE to repair a MyISAM table.</li>
+ <li>CVE-2016-5617, CVE-2016-6664: mysqld_safe, when using file-based
+ logging, allows local users with access to the mysql account to gain
+ root privileges via a symlink attack on error logs and possibly other
+ files.</li>
+ <li>CVE-2016-5624: Remote security vulnerability in 'Server: DML' sub
+ component.</li>
+ <li>CVE-2016-5626: Remote security vulnerability in 'Server: GIS' sub
+ component.</li>
+ <li>CVE-2016-5629: Remote security vulnerability in 'Server: Federated'
+ sub component.</li>
+ <li>CVE-2016-8283: Remote security vulnerability in 'Server: Types' sub
+ component.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixMSQL</url>
+ <url>https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/</url>
+ <url>https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/</url>
+ <url>https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/</url>
+ <cvename>CVE-2016-3492</cvename>
+ <cvename>CVE-2016-5616</cvename>
+ <cvename>CVE-2016-5617</cvename>
+ <cvename>CVE-2016-5624</cvename>
+ <cvename>CVE-2016-5626</cvename>
+ <cvename>CVE-2016-5629</cvename>
+ <cvename>CVE-2016-6663</cvename>
+ <cvename>CVE-2016-6664</cvename>
+ <cvename>CVE-2016-8283</cvename>
+ </references>
+ <dates>
+ <discovery>2016-09-13</discovery>
+ <entry>2017-01-14</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a93c3287-d8fd-11e6-be5c-001fbc0f280f">
+ <topic>Ansible -- Command execution on Ansible controller from host</topic>
+ <affects>
+ <package>
+ <name>ansible</name>
+ <range><gt>1.9.6_1</gt><lt>2.2.0.0_2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Computest reports:</p>
+ <blockquote cite="https://www.computest.nl/advisories/CT-2017-0109_Ansible.txt">
+ <p>Computest found and exploited several issues
+ that allow a compromised host to execute commands
+ on the Ansible controller and thus gain access
+ to other hosts controlled by that controller.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-9587</cvename>
+ <url>https://www.computest.nl/advisories/CT-2017-0109_Ansible.txt</url>
+ <url>https://lwn.net/Articles/711357/</url>
+ </references>
+ <dates>
+ <discovery>2017-01-09</discovery>
+ <entry>2017-01-12</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7ae0be99-d8bb-11e6-9b7f-d43d7e971a1b">
+ <topic>phpmailer -- Remote Code Execution</topic>
+ <affects>
+ <package>
+ <name>phpmailer</name>
+ <range><lt>5.2.22</lt></range>
+ </package>
+ <package>
+ <name>tt-rss</name>
+ <range><lt>2017.01.16</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>SecurityFocus reports:</p>
+ <blockquote cite="http://www.securityfocus.com/bid/95328/discuss">
+ <p>PHPMailer is prone to an local information-disclosure vulnerability.
+ Attackers can exploit this issue to obtain sensitive information
+ that may aid in launching further attacks.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.securityfocus.com/bid/95328/discuss</url>
+ <cvename>CVE-2017-5223</cvename>
+ </references>
+ <dates>
+ <discovery>2017-01-10</discovery>
+ <entry>2017-01-12</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="d4c7e9a9-d893-11e6-9b4d-d050996490d0">
+ <topic>BIND -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>bind99</name>
+ <range><lt>9.9.9P5</lt></range>
+ </package>
+ <package>
+ <name>bind910</name>
+ <range><lt>9.10.4P5</lt></range>
+ </package>
+ <package>
+ <name>bind911</name>
+ <range><lt>9.11.0P2</lt></range>
+ </package>
+ <package>
+ <name>bind9-devel</name>
+ <range><le>9.12.0.a.2016.12.28</le></range>
+ </package>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>9.3</ge><lt>10.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>ISC reports:</p>
+ <blockquote cite="https://kb.isc.org/article/AA-01439/0">
+ <p>A malformed query response received by a recursive
+ server in response to a query of RTYPE ANY could
+ trigger an assertion failure while named is attempting
+ to add the RRs in the query response to the cache.</p>
+ </blockquote>
+ <blockquote cite="https://kb.isc.org/article/AA-01440/0">
+ <p>Depending on the type of query and the EDNS options
+ in the query they receive, DNSSEC-enabled authoritative
+ servers are expected to include RRSIG and other RRsets
+ in their responses to recursive servers.
+ DNSSEC-validating servers will also make specific queries
+ for DS and other RRsets.
+ Whether DNSSEC-validating or not, an error in processing
+ malformed query responses that contain DNSSEC-related
+ RRsets that are inconsistent with other RRsets in the
+ same query response can trigger an assertion failure.
+ Although the combination of properties which triggers
+ the assertion should not occur in normal traffic, it
+ is potentially possible for the assertion to be triggered
+ deliberately by an attacker sending a specially-constructed
+ answer.</p>
+ </blockquote>
+ <blockquote cite="https://kb.isc.org/article/AA-01441/0">
+ <p>An unusually-formed answer containing a DS resource
+ record could trigger an assertion failure. While the
+ combination of properties which triggers the assertion
+ should not occur in normal traffic, it is potentially
+ possible for the assertion to be triggered deliberately
+ by an attacker sending a specially-constructed answer
+ having the required properties.</p>
+ </blockquote>
+ <blockquote cite="https://kb.isc.org/article/AA-01442/0">
+ <p>An error in handling certain queries can cause an
+ assertion failure when a server is using the
+ nxdomain-redirect feature to cover a zone for which
+ it is also providing authoritative service.
+ A vulnerable server could be intentionally stopped
+ by an attacker if it was using a configuration that
+ met the criteria for the vulnerability and if the
+ attacker could cause it to accept a query that
+ possessed the required attributes.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-9131</cvename>
+ <cvename>CVE-2016-9147</cvename>
+ <cvename>CVE-2016-9444</cvename>
+ <cvename>CVE-2016-9778</cvename>
+ <url>https://kb.isc.org/article/AA-01439/0</url>
+ <url>https://kb.isc.org/article/AA-01440/0</url>
+ <url>https://kb.isc.org/article/AA-01441/0</url>
+ <url>https://kb.isc.org/article/AA-01442/0</url>
+ </references>
+ <dates>
+ <discovery>2017-01-11</discovery>
+ <entry>2017-01-12</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="2c948527-d823-11e6-9171-14dae9d210b8">
+ <topic>FreeBSD -- OpenSSH multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>openssh-portable</name>
+ <range><lt>7.3.p1_5,1</lt></range>
+ </package>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>11.0</ge><lt>11.0_7</lt></range>
+ <range><ge>10.3</ge><lt>10.3_16</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>The ssh-agent(1) agent supports loading a PKCS#11 module
+ from outside a trusted whitelist. An attacker can request
+ loading of a PKCS#11 module across forwarded agent-socket.
+ [CVE-2016-10009]</p>
+ <p>When privilege separation is disabled, forwarded Unix
+ domain sockets would be created by sshd(8) with the privileges
+ of 'root' instead of the authenticated user. [CVE-2016-10010]</p>
+ <h1>Impact:</h1>
+ <p>A remote attacker who have control of a forwarded
+ agent-socket on a remote system and have the ability to
+ write files on the system running ssh-agent(1) agent can
+ run arbitrary code under the same user credential. Because
+ the attacker must already have some control on both systems,
+ it is relatively hard to exploit this vulnerability in a
+ practical attack. [CVE-2016-10009]</p>
+ <p>When privilege separation is disabled (on FreeBSD,
+ privilege separation is enabled by default and has to be
+ explicitly disabled), an authenticated attacker can potentially
+ gain root privileges on systems running OpenSSH server.
+ [CVE-2016-10010]</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-10009</cvename>
+ <cvename>CVE-2016-10010</cvename>
+ <freebsdsa>SA-17:01.openssh</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2017-01-11</discovery>
+ <entry>2017-01-11</entry>
+ <modified>2017-01-13</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="7caebe30-d7f1-11e6-a9a5-b499baebfeaf">
+ <topic>openssl -- timing attack vulnerability</topic>
+ <affects>
+ <package>
+ <name>openssl</name>
+ <range><lt>1.0.2</lt></range>
+ </package>
+ <package>
+ <name>libressl</name>
+ <range><lt>2.4.4_1</lt></range>
+ </package>
+ <package>
+ <name>libressl-devel</name>
+ <range><lt>2.5.0_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Cesar Pereida Garcia reports:</p>
+ <blockquote cite="http://seclists.org/oss-sec/2017/q1/52">
+ <p>The signing function in crypto/ecdsa/ecdsa_ossl.c in certain OpenSSL
+ versions and forks is vulnerable to timing attacks when signing with the
+ standardized elliptic curve P-256 despite featuring constant-time curve
+ operations and modular inversion. A software defect omits setting the
+ BN_FLG_CONSTTIME flag for nonces, failing to take a secure code path in
+ the BN_mod_inverse method and therefore resulting in a cache-timing attack
+ vulnerability.<br/>
+ A malicious user with local access can recover ECDSA P-256 private keys.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://seclists.org/oss-sec/2017/q1/52</url>
+ <cvename>CVE-2016-7056</cvename>
+ </references>
+ <dates>
+ <discovery>2017-01-10</discovery>
+ <entry>2017-01-11</entry>
+ <modified>2017-01-11</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="2a7bdc56-d7a3-11e6-ae1b-002590263bf5">
+ <topic>flash -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>linux-flashplayer</name>
+ <range><lt>24.0.0.194</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Adobe reports:</p>
+ <blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb17-02.html">
+ <p>These updates resolve a security bypass vulnerability that could
+ lead to information disclosure (CVE-2017-2938).</p>
+ <p>These updates resolve use-after-free vulnerabilities that could
+ lead to code execution (CVE-2017-2932, CVE-2017-2936,
+ CVE-2017-2937).</p>
+ <p>These updates resolve heap buffer overflow vulnerabilities that
+ could lead to code execution (CVE-2017-2927, CVE-2017-2933,
+ CVE-2017-2934, CVE-2017-2935).</p>
+ <p>These updates resolve memory corruption vulnerabilities that could
+ lead to code execution (CVE-2017-2925, CVE-2017-2926, CVE-2017-2928,
+ CVE-2017-2930, CVE-2017-2931).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-2925</cvename>
+ <cvename>CVE-2017-2926</cvename>
+ <cvename>CVE-2017-2927</cvename>
+ <cvename>CVE-2017-2928</cvename>
+ <cvename>CVE-2017-2930</cvename>
+ <cvename>CVE-2017-2931</cvename>
+ <cvename>CVE-2017-2932</cvename>
+ <cvename>CVE-2017-2933</cvename>
+ <cvename>CVE-2017-2934</cvename>
+ <cvename>CVE-2017-2935</cvename>
+ <cvename>CVE-2017-2936</cvename>
+ <cvename>CVE-2017-2937</cvename>
+ <cvename>CVE-2017-2938</cvename>
+ <url>https://helpx.adobe.com/security/products/flash-player/apsb17-02.html</url>
+ </references>
+ <dates>
+ <discovery>2017-01-10</discovery>
+ <entry>2017-01-11</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="ab804e60-d693-11e6-9171-14dae9d210b8">
+ <topic>moinmoin -- XSS vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>moinmoin</name>
+ <range><lt>1.9.9</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Thomas Waldmann reports:</p>
+ <blockquote cite="http://hg.moinmo.in/moin/1.9/file/1.9.9/docs/CHANGES">
+ <ul>
+ <li><p>fix XSS in AttachFile view (multifile related) CVE-2016-7148</p></li>
+ <li><p>fix XSS in GUI editor's attachment dialogue CVE-2016-7146</p></li>
+ <li><p>fix XSS in GUI editor's link dialogue CVE-2016-9119</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://hg.moinmo.in/moin/1.9/file/1.9.9/docs/CHANGES</url>
+ <cvename>CVE-2016-7148</cvename>
+ <cvename>CVE-2016-7146</cvename>
+ <cvename>CVE-2016-9119</cvename>
+ <freebsdpr>ports/214937</freebsdpr>
+ </references>
+ <dates>
+ <discovery>2016-10-31</discovery>
+ <entry>2017-01-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="64be967a-d379-11e6-a071-001e67f15f5a">
+ <topic>libvncserver -- multiple buffer overflows</topic>
+ <affects>
+ <package>
+ <name>libvncserver</name>
+ <range><lt>0.9.11</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>libvnc server reports:</p>
+ <blockquote cite="https://github.com/LibVNC/libvncserver/pull/137">
+ <p>Two unrelated buffer overflows can be used by a malicious server to overwrite parts of the heap and crash the client (or possibly execute arbitrary code).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/LibVNC/libvncserver/pull/137</url>
+ <cvename>CVE-2016-9941</cvename>
+ <cvename>CVE-2016-9942</cvename>
+ <freebsdpr>ports/215805</freebsdpr>
+ </references>
+ <dates>
+ <discovery>2016-11-24</discovery>
+ <entry>2017-01-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="83041ca7-d690-11e6-9171-14dae9d210b8">
+ <topic>libdwarf -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>libdwarf</name>
+ <range><lt>20161124</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Christian Rebischke reports:</p>
+ <blockquote cite="https://lwn.net/Articles/708092/">
+ <p>libdwarf is vulnerable to multiple issues including
+ arbitrary code execution, information disclosure and denial of
+ service.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://lwn.net/Articles/708092/</url>
+ <cvename>CVE-2016-5027</cvename>
+ <cvename>CVE-2016-5028</cvename>
+ <cvename>CVE-2016-5029</cvename>
+ <cvename>CVE-2016-5030</cvename>
+ <cvename>CVE-2016-5031</cvename>
+ <cvename>CVE-2016-5032</cvename>
+ <cvename>CVE-2016-5033</cvename>
+ <cvename>CVE-2016-5035</cvename>
+ <cvename>CVE-2016-5037</cvename>
+ <cvename>CVE-2016-5040</cvename>
+ <cvename>CVE-2016-5041</cvename>
+ <cvename>CVE-2016-5043</cvename>
+ <cvename>CVE-2016-5044</cvename>
+ <cvename>CVE-2016-7510</cvename>
+ <cvename>CVE-2016-7511</cvename>
+ <cvename>CVE-2016-8679</cvename>
+ <cvename>CVE-2016-8680</cvename>
+ <cvename>CVE-2016-8681</cvename>
+ <cvename>CVE-2016-9275</cvename>
+ <cvename>CVE-2016-9276</cvename>
+ <cvename>CVE-2016-9480</cvename>
+ <cvename>CVE-2016-9558</cvename>
+ </references>
+ <dates>
+ <discovery>2016-12-04</discovery>
+ <entry>2017-01-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="03532a19-d68e-11e6-9171-14dae9d210b8">
+ <topic>lynx -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>lynx</name>
+ <range><lt>2.8.8.2_5,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Oracle reports:</p>
+ <blockquote>
+ <p>Lynx is vulnerable to POODLE by still supporting vulnerable
+ version of SSL. Lynx is also vulnerable to URL attacks by incorrectly
+ parsing hostnames ending with an '?'.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://hg.java.net/hg/solaris-userland~gate/file/bc5351dcb9ac/components/lynx/patches/02-init-openssl.patch</url>
+ <url>https://hg.java.net/hg/solaris-userland~gate/file/0a979060f73b/components/lynx/patches/05-fix-CVE-2016-9179.patch</url>
+ <cvename>CVE-2014-3566</cvename>
+ <cvename>CVE-2016-9179</cvename>
+ <freebsdpr>ports/215464</freebsdpr>
+ </references>
+ <dates>
+ <discovery>2016-10-26</discovery>
+ <entry>2017-01-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="91e039ed-d689-11e6-9171-14dae9d210b8">
+ <topic>hdf5 -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>hdf5</name>
+ <range><lt>1.10.0</lt></range>
+ </package>
+ <package>
+ <name>hdf5-18</name>
+ <range><lt>1.8.18</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Talos Security reports:</p>
+ <blockquote cite="http://blog.talosintel.com/2016/11/hdf5-vulns.html">
+ <ul>
+ <li><p>CVE-2016-4330 (TALOS-2016-0176) - HDF5 Group libhdf5 H5T_ARRAY Code Execution Vulnerability</p></li>
+ <li><p>CVE-2016-4331 (TALOS-2016-0177) - HDF5 Group libhdf5 H5Z_NBIT Code Execution Vulnerability</p></li>
+ <li><p>CVE-2016-4332 (TALOS-2016-0178) - HDF5 Group libhdf5 Shareable Message Type Code Execution Vulnerability</p></li>
+ <li><p>CVE-2016-4333 (TALOS-2016-0179) - HDF5 Group libhdf5 H5T_COMPOUND Code Execution Vulnerability</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://blog.talosintel.com/2016/11/hdf5-vulns.html</url>
+ <cvename>CVE-2016-4330</cvename>
+ <cvename>CVE-2016-4331</cvename>
+ <cvename>CVE-2016-4332</cvename>
+ <cvename>CVE-2016-4333</cvename>
+ </references>
+ <dates>
+ <discovery>2016-11-17</discovery>
+ <entry>2017-01-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e1ff4c5e-d687-11e6-9171-14dae9d210b8">
+ <topic>End of Life Ports</topic>
+ <affects>
+ <package>
+ <name>py27-django16</name>
+ <name>py33-django16</name>
+ <name>py34-django16</name>
+ <name>py35-django16</name>
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>drupal6</name>
+ <range><ge>0</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>These packages have reached End of Life status and/or have
+ been removed from the Ports Tree. They may contain undocumented
+ security issues. Please take caution and find alternative
+ software as soon as possible.</p>
+ </body>
+ </description>
+ <references>
+ <freebsdpr>ports/211975</freebsdpr>
+ </references>
+ <dates>
+ <discovery>2017-01-06</discovery>
+ <entry>2017-01-06</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="c218873d-d444-11e6-84ef-f0def167eeea">
+ <topic>Use-After-Free Vulnerability in pcsc-lite</topic>
+ <affects>
+ <package>
+ <name>pcsc-lite</name>
+ <range><ge>1.6.0</ge><lt>1.8.20</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Peter Wu on Openwall mailing-list reports:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2017/01/03/2">
+ <p>The issue allows a local attacker to cause a Denial of Service,
+ but can potentially result in Privilege Escalation since
+ the daemon is running as root. while any local user can
+ connect to the Unix socket.
+ Fixed by patch which is released with hpcsc-lite 1.8.20.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-10109</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2017/01/03/2</url>
+ </references>
+ <dates>
+ <discovery>2017-01-03</discovery>
+ <entry>2017-01-06</entry>
+ <modified>2017-01-10</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="0c5369fc-d671-11e6-a9a5-b499baebfeaf">
+ <topic>GnuTLS -- Memory corruption vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>gnutls</name>
+ <range><lt>3.5.8</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The GnuTLS project reports:</p>
+ <blockquote cite="http://www.gnutls.org/news.html#2017-01-09">
+ <ul>
+ <li>It was found using the OSS-FUZZ fuzzer infrastructure that
+ decoding a specially crafted OpenPGP certificate could lead
+ to heap and stack overflows. (GNUTLS-SA-2017-2)</li>
+ <li>It was found using the OSS-FUZZ fuzzer infrastructure that
+ decoding a specially crafted X.509 certificate with Proxy
+ Certificate Information extension present could lead to a
+ double free. (GNUTLS-SA-2017-1)</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.gnutls.org/news.html#2017-01-09</url>
+ <url>http://www.gnutls.org/security.html#GNUTLS-SA-2017-2</url>
+ <url>http://www.gnutls.org/security.html#GNUTLS-SA-2017-1</url>
+ </references>
+ <dates>
+ <discovery>2017-01-09</discovery>
+ <entry>2017-01-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e5ec2767-d529-11e6-ae1b-002590263bf5">
+ <topic>tomcat -- information disclosure vulnerability</topic>
+ <affects>
+ <package>
+ <name>tomcat</name>
+ <range><lt>6.0.49</lt></range>
+ </package>
+ <package>
+ <name>tomcat7</name>
+ <range><lt>7.0.74</lt></range>
+ </package>
+ <package>
+ <name>tomcat8</name>
+ <range><lt>8.0.40</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Apache Software Foundation reports:</p>
+ <blockquote cite="http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.40">
+ <p>Important: Information Disclosure CVE-2016-8745</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-8745</cvename>
+ <freebsdpr>ports/215865</freebsdpr>
+ <url>http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.49</url>
+ <url>http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.74</url>
+ <url>http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.40</url>
+ </references>
+ <dates>
+ <discovery>2017-01-05</discovery>
+ <entry>2017-01-07</entry>
+ <modified>2017-03-18</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="0b9af110-d529-11e6-ae1b-002590263bf5">
+ <topic>tomcat -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>tomcat</name>
+ <range><lt>6.0.48</lt></range>
+ </package>
+ <package>
+ <name>tomcat7</name>
+ <range><lt>7.0.73</lt></range>
+ </package>
+ <package>
+ <name>tomcat8</name>
+ <range><lt>8.0.39</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Apache Software Foundation reports:</p>
+ <blockquote cite="http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39">
+ <p>Important: Remote Code Execution CVE-2016-8735</p>
+ <p>Important: Information Disclosure CVE-2016-6816</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-8735</cvename>
+ <cvename>CVE-2016-6816</cvename>
+ <freebsdpr>ports/214599</freebsdpr>
+ <url>http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48</url>
+ <url>http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73</url>
+ <url>http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39</url>
+ </references>
+ <dates>
+ <discovery>2016-11-22</discovery>
+ <entry>2017-01-07</entry>
+ <modified>2017-03-18</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="3ae106e2-d521-11e6-ae1b-002590263bf5">
+ <topic>tomcat -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>tomcat</name>
+ <range><lt>6.0.47</lt></range>
+ </package>
+ <package>
+ <name>tomcat7</name>
+ <range><lt>7.0.72</lt></range>
+ </package>
+ <package>
+ <name>tomcat8</name>
+ <range><lt>8.0.37</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Apache Software Foundation reports:</p>
+ <blockquote cite="http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37">
+ <p>Low: Unrestricted Access to Global Resources CVE-2016-6797</p>
+ <p>Low: Security Manager Bypass CVE-2016-6796</p>
+ <p>Low: System Property Disclosure CVE-2016-6794</p>
+ <p>Low: Security Manager Bypass CVE-2016-5018</p>
+ <p>Low: Timing Attack CVE-2016-0762</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-6797</cvename>
+ <cvename>CVE-2016-6796</cvename>
+ <cvename>CVE-2016-6794</cvename>
+ <cvename>CVE-2016-5018</cvename>
+ <cvename>CVE-2016-0762</cvename>
+ <url>http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47</url>
+ <url>http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72</url>
+ <url>http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37</url>
+ </references>
+ <dates>
+ <discovery>2016-10-27</discovery>
+ <entry>2017-01-07</entry>
+ <modified>2017-03-18</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="3d6be69b-d365-11e6-a071-001e67f15f5a">
+ <topic>Irssi -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>irssi</name>
+ <range><lt>0.8.21</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Irssi reports:</p>
+ <blockquote cite="https://irssi.org/security/irssi_sa_2017_01.txt">
+ <p>Five vulnerabilities have been located in Irssi</p>
+ <ul>
+ <li>A NULL pointer dereference in the nickcmp function found by
+ Joseph Bisch. (CWE-690)</li>
+ <li>Use after free when receiving invalid nick message (Issue #466,
+ CWE-146)</li>
+ <li>Out of bounds read in certain incomplete control codes found
+ by Joseph Bisch. (CWE-126)</li>
+ <li>Out of bounds read in certain incomplete character sequences
+ found by Hanno Böck and independently by J. Bisch. (CWE-126)</li>
+ <li>Out of bounds read when Printing the value '%['. Found by
+ Hanno Böck. (CWE-126)</li>
+ </ul>
+ <p>These issues may result in denial of service (remote crash).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-5193</cvename>
+ <cvename>CVE-2017-5194</cvename>
+ <cvename>CVE-2017-5195</cvename>
+ <cvename>CVE-2017-5196</cvename>
+ <cvename>CVE-2017-5356</cvename>
+ <freebsdpr>ports/215800</freebsdpr>
+ <url>https://irssi.org/security/irssi_sa_2017_01.txt</url>
+ </references>
+ <dates>
+ <discovery>2017-01-03</discovery>
+ <entry>2017-01-05</entry>
+ <modified>2017-01-15</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="496160d3-d3be-11e6-ae1b-002590263bf5">
+ <topic>codeigniter -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>codeigniter</name>
+ <range><lt>3.1.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The CodeIgniter changelog reports:</p>
+ <blockquote cite="https://www.codeigniter.com/user_guide/changelog.html">
+ <p>Fixed a number of new vulnerabilities in Security Library method
+ xss_clean().</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.codeigniter.com/user_guide/changelog.html</url>
+ </references>
+ <dates>
+ <discovery>2016-10-28</discovery>
+ <entry>2017-01-06</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="5e439ee7-d3bd-11e6-ae1b-002590263bf5">
+ <topic>codeigniter -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>codeigniter</name>
+ <range><lt>3.1.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The CodeIgniter changelog reports:</p>
+ <blockquote cite="https://www.codeigniter.com/user_guide/changelog.html">
+ <p>Fixed an SQL injection in the ‘odbc’ database driver.</p>
+ <p>Updated set_realpath() Path Helper function to filter-out php://
+ wrapper inputs.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.codeigniter.com/user_guide/changelog.html</url>
+ </references>
+ <dates>
+ <discovery>2016-07-26</discovery>
+ <entry>2017-01-06</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="eafa3aec-211b-4dd4-9b8a-a664a3f0917a">
+ <topic>w3m -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>w3m</name>
+ <name>w3m-img</name>
+ <name>ja-w3m</name>
+ <name>ja-w3m-img</name>
+ <range><lt>0.5.3.20170102</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Multiple remote code execution and denial of service conditions present.</p>
+ </body>
+ </description>
+ <references>
+ <url>http://seclists.org/oss-sec/2016/q4/452</url>
+ <url>http://seclists.org/oss-sec/2016/q4/516</url>
+ <cvename>CVE-2016-9422</cvename>
+ <cvename>CVE-2016-9423</cvename>
+ <cvename>CVE-2016-9424</cvename>
+ <cvename>CVE-2016-9425</cvename>
+ <cvename>CVE-2016-9426</cvename>
+ <cvename>CVE-2016-9428</cvename>
+ <cvename>CVE-2016-9429</cvename>
+ <cvename>CVE-2016-9430</cvename>
+ <cvename>CVE-2016-9431</cvename>
+ <cvename>CVE-2016-9432</cvename>
+ <cvename>CVE-2016-9433</cvename>
+ <cvename>CVE-2016-9434</cvename>
+ <cvename>CVE-2016-9435</cvename>
+ <cvename>CVE-2016-9436</cvename>
+ <cvename>CVE-2016-9437</cvename>
+ <cvename>CVE-2016-9438</cvename>
+ <cvename>CVE-2016-9439</cvename>
+ <cvename>CVE-2016-9440</cvename>
+ <cvename>CVE-2016-9441</cvename>
+ <cvename>CVE-2016-9442</cvename>
+ <cvename>CVE-2016-9443</cvename>
+ <cvename>CVE-2016-9622</cvename>
+ <cvename>CVE-2016-9623</cvename>
+ <cvename>CVE-2016-9624</cvename>
+ <cvename>CVE-2016-9625</cvename>
+ <cvename>CVE-2016-9626</cvename>
+ <cvename>CVE-2016-9627</cvename>
+ <cvename>CVE-2016-9628</cvename>
+ <cvename>CVE-2016-9629</cvename>
+ <cvename>CVE-2016-9630</cvename>
+ <cvename>CVE-2016-9631</cvename>
+ <cvename>CVE-2016-9632</cvename>
+ <cvename>CVE-2016-9633</cvename>
+ </references>
+ <dates>
+ <discovery>2016-11-03</discovery>
+ <entry>2017-01-01</entry>
+ <modified>2017-01-09</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="d0b12952-cb86-11e6-906f-0cc47a065786">
+ <topic>h2o -- Use-after-free vulnerability</topic>
+ <affects>
+ <package>
+ <name>h2o</name>
+ <range><lt>2.0.4_2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Kazuho Oku reports:</p>
+ <blockquote cite="https://github.com/h2o/h2o/issues?q=label%3Avulnerability">
+ <p>A use-after-free vulnerability exists in H2O up to and including
+ version 2.0.4 / 2.1.0-beta3 that can be used by a remote attacker to
+ mount DoS attacks and / or information theft.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/h2o/h2o/releases/tag/v2.0.5</url>
+ <url>https://github.com/h2o/h2o/issues/1144</url>
+ </references>
+ <dates>
+ <discovery>2016-09-09</discovery>
+ <entry>2016-12-29</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="1b61ecef-cdb9-11e6-a9a5-b499baebfeaf">
+ <topic>PHP -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>php70</name>
+ <range><lt>7.0.14</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Check Point reports:</p>
+ <blockquote cite="http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7/">
+ <p>... discovered 3 fresh and previously unknown vulnerabilities
+ (CVE-2016-7479, CVE-2016-7480, CVE-2016-7478) in the PHP 7
+ unserialize mechanism.</p>
+ <p>The first two vulnerabilities allow attackers to take full control
+ over servers, allowing them to do anything they want with the
+ website, from spreading malware to defacing it or stealing customer
+ data.</p>
+ <p>The last vulnerability generates a Denial of Service attack which
+ basically hangs the website, exhausts its memory consumption, and
+ shuts it down.</p>
+ <p>The PHP security team issued fixes for two of the vulnerabilities
+ on the 13th of October and 1st of December.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7/</url>
+ <cvename>CVE-2016-7478</cvename>
+ <cvename>CVE-2016-7479</cvename>
+ <cvename>CVE-2016-7480</cvename>
+ </references>
+ <dates>
+ <discovery>2016-12-27</discovery>
+ <entry>2016-12-29</entry>
+ <modified>2017-01-04</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="6972668d-cdb7-11e6-a9a5-b499baebfeaf">
+ <topic>PHP -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>php70</name>
+ <range><lt>7.0.14</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The PHP project reports:</p>
+ <blockquote cite="http://php.net/ChangeLog-7.php#7.0.14">
+ <ul>
+ <li>Use After Free Vulnerability in unserialize() (CVE-2016-9936)</li>
+ <li>Invalid read when wddx decodes empty boolean element
+ (CVE-2016-9935)</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://php.net/ChangeLog-7.php#7.0.14</url>
+ <cvename>CVE-2016-9935</cvename>
+ <cvename>CVE-2016-9936</cvename>
+ </references>
+ <dates>
+ <discovery>2016-12-08</discovery>
+ <entry>2016-12-29</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="3c4693de-ccf7-11e6-a9a5-b499baebfeaf">
+ <topic>phpmailer -- Remote Code Execution</topic>
+ <affects>
+ <package>
+ <name>phpmailer</name>
+ <range><lt>5.2.20</lt></range>
+ </package>
+ <package>
+ <name>tt-rss</name>
+ <range><lt>29.12.2016.04.37</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Legal Hackers reports:</p>
+ <blockquote cite="https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html">
+ <p>An independent research uncovered a critical vulnerability in
+ PHPMailer that could potentially be used by (unauthenticated)
+ remote attackers to achieve remote arbitrary code execution in
+ the context of the web server user and remotely compromise the
+ target web application.</p>
+ <p>To exploit the vulnerability an attacker could target common
+ website components such as contact/feedback forms, registration
+ forms, password email resets and others that send out emails with
+ the help of a vulnerable version of the PHPMailer class.</p>
+ <p>The first patch of the vulnerability CVE-2016-10033 was incomplete.
+ This advisory demonstrates the bypass of the patch. The bypass allows
+ to carry out Remote Code Execution on all current versions (including
+ 5.2.19).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html</url>
+ <cvename>CVE-2016-10045</cvename>
+ </references>
+ <dates>
+ <discovery>2016-12-28</discovery>
+ <entry>2016-12-28</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e4bc323f-cc73-11e6-b704-000c292e4fd8">
+ <topic>samba -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>samba36</name>
+ <range><ge>3.6.0</ge><le>3.6.25_4</le></range>
+ </package>
+ <package>
+ <name>samba4</name>
+ <range><ge>4.0.0</ge><le>4.0.26</le></range>
+ </package>
+ <package>
+ <name>samba41</name>
+ <range><ge>4.1.0</ge><le>4.1.23</le></range>
+ </package>
+ <package>
+ <name>samba42</name>
+ <range><ge>4.2.0</ge><le>4.2.14</le></range>
+ </package>
+ <package>
+ <name>samba43</name>
+ <range><ge>4.3.0</ge><lt>4.3.13</lt></range>
+ </package>
+ <package>
+ <name>samba44</name>
+ <range><ge>4.4.0</ge><lt>4.4.8</lt></range>
+ </package>
+ <package>
+ <name>samba45</name>
+ <range><ge>4.5.0</ge><lt>4.5.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Samba team reports:</p>
+ <blockquote cite="https://www.samba.org/samba/latest_news.html#4.5.3">
+ <p>[CVE-2016-2123] Authenicated users can supply malicious dnsRecord attributes
+ on DNS objects and trigger a controlled memory corruption.</p>
+ <p>[CVE-2016-2125] Samba client code always requests a forwardable ticket
+ when using Kerberos authentication. This means the target server, which must be in the current or trusted
+ domain/realm, is given a valid general purpose Kerberos "Ticket Granting Ticket" (TGT), which can be used to
+ fully impersonate the authenticated user or service.</p>
+ <p>[CVE-2016-2126] A remote, authenticated, attacker can cause the winbindd process
+ to crash using a legitimate Kerberos ticket due to incorrect handling of the PAC checksum.
+ A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-2123</cvename>
+ <url>https://www.samba.org/samba/security/CVE-2016-2123.html</url>
+ <cvename>CVE-2016-2125</cvename>
+ <url>https://www.samba.org/samba/security/CVE-2016-2125.html</url>
+ <cvename>CVE-2016-2126</cvename>
+ <url>https://www.samba.org/samba/security/CVE-2016-2126.html</url>
+ </references>
+ <dates>
+ <discovery>2016-12-19</discovery>
+ <entry>2016-12-26</entry>
+ <modified>2016-12-26</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="244c8288-cc4a-11e6-a475-bcaec524bf84">
+ <topic>upnp -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>upnp</name>
+ <range><lt>1.6.21</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Matthew Garett reports:</p>
+ <blockquote cite="https://twitter.com/mjg59/status/755062278513319936">
+ <p>Reported this to upstream 8 months ago without response,
+ so: libupnp's default behaviour allows anyone to write to your
+ filesystem. Seriously. Find a device running a libupnp based server
+ (Shodan says there's rather a lot), and POST a file to /testfile.
+ Then GET /testfile ... and yeah if the server is running as root
+ (it is) and is using / as the web root (probably not, but maybe)
+ this gives full host fs access.</p>
+ </blockquote>
+ <p>Scott Tenaglia reports:</p>
+ <blockquote cite="https://sourceforge.net/p/pupnp/bugs/133/">
+ <p>There is a heap buffer overflow vulnerability in the
+ create_url_list function in upnp/src/gena/gena_device.c.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://twitter.com/mjg59/status/755062278513319936</url>
+ <url>https://sourceforge.net/p/pupnp/bugs/133/</url>
+ <cvename>CVE-2016-6255</cvename>
+ <cvename>CVE-2016-8863</cvename>
+ </references>
+ <dates>
+ <discovery>2016-02-23</discovery>
+ <entry>2016-12-27</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="c7656d4c-cb60-11e6-a9a5-b499baebfeaf">
+ <topic>phpmailer -- Remote Code Execution</topic>
+ <affects>
+ <package>
+ <name>phpmailer</name>
+ <range><lt>5.2.18</lt></range>
+ </package>
+ <package>
+ <name>tt-rss</name>
+ <range><lt>26.12.2016.07.29</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Legal Hackers reports:</p>
+ <blockquote cite="http://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html">
+ <p>An independent research uncovered a critical vulnerability in
+ PHPMailer that could potentially be used by (unauthenticated)
+ remote attackers to achieve remote arbitrary code execution in
+ the context of the web server user and remotely compromise the
+ target web application.</p>
+ <p>To exploit the vulnerability an attacker could target common
+ website components such as contact/feedback forms, registration
+ forms, password email resets and others that send out emails with
+ the help of a vulnerable version of the PHPMailer class.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html</url>
+ <url>https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md</url>
+ <cvename>CVE-2016-10033</cvename>
+ </references>
+ <dates>
+ <discovery>2016-12-26</discovery>
+ <entry>2016-12-26</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e7002b26-caaa-11e6-a76a-9f7324e5534e">
+ <topic>exim -- DKIM private key leak</topic>
+ <affects>
+ <package>
+ <name>exim</name>
+ <range><gt>4.69</gt><lt>4.87.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Exim project reports:</p>
+ <blockquote cite="https://exim.org/static/doc/CVE-2016-9963.txt">
+ <p>Exim leaks the private DKIM signing key to the log files.
+ Additionally, if the build option EXPERIMENTAL_DSN_INFO=yes is used,
+ the key material is included in the bounce message.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://exim.org/static/doc/CVE-2016-9963.txt</url>
+ <cvename>CVE-2016-9963</cvename>
+ </references>
+ <dates>
+ <discovery>2016-12-15</discovery>
+ <entry>2016-12-25</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="2aedd15f-ca8b-11e6-a9a5-b499baebfeaf">
+ <cancelled superseded="2c948527-d823-11e6-9171-14dae9d210b8"/>
+ </vuln>
+
+ <vuln vid="c40ca16c-4d9f-4d70-8b6c-4d53aeb8ead4">
+ <topic>cURL -- uninitialized random vulnerability</topic>
+ <affects>
+ <package>
+ <name>curl</name>
+ <range><ge>7.52.0</ge><lt>7.52.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Project curl Security Advisory:</p>
+ <blockquote cite="https://curl.haxx.se/docs/adv_20161223.html">
+ <p>libcurl's (new) internal function that returns a good 32bit
+ random value was implemented poorly and overwrote the pointer
+ instead of writing the value into the buffer the pointer
+ pointed to.</p>
+ <p>This random value is used to generate nonces for Digest and
+ NTLM authentication, for generating boundary strings in HTTP
+ formposts and more. Having a weak or virtually non-existent
+ random there makes these operations vulnerable.</p>
+ <p>This function is brand new in 7.52.0 and is the result of an
+ overhaul to make sure libcurl uses strong random as much as
+ possible - provided by the backend TLS crypto libraries when
+ present. The faulty function was introduced in this commit.</p>
+ <p>We are not aware of any exploit of this flaw.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://curl.haxx.se/docs/adv_20161223.html</url>
+ <cvename>CVE-2016-9594</cvename>
+ </references>
+ <dates>
+ <discovery>2016-12-23</discovery>
+ <entry>2016-12-24</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="41f8af15-c8b9-11e6-ae1b-002590263bf5">
+ <topic>squid -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>squid</name>
+ <range><ge>3.1</ge><lt>3.5.23</lt></range>
+ </package>
+ <package>
+ <name>squid-devel</name>
+ <range><ge>4.0</ge><lt>4.0.17</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Squid security advisory 2016:10 reports:</p>
+ <blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2016_10.txt">
+ <p>Due to incorrect comparsion of request headers Squid can deliver
+ responses containing private data to clients it should not have
+ reached.</p>
+ <p>This problem allows a remote attacker to discover private and
+ sensitive information about another clients browsing session.
+ Potentially including credentials which allow access to further
+ sensitive resources. This problem only affects Squid configured
+ to use the Collapsed Forwarding feature. It is of particular
+ importance for HTTPS reverse-proxy sites with Collapsed
+ Forwarding.</p>
+ </blockquote>
+ <p>Squid security advisory 2016:11 reports:</p>
+ <blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2016_11.txt">
+ <p>Due to incorrect HTTP conditional request handling Squid can
+ deliver responses containing private data to clients it should not
+ have reached.</p>
+ <p>This problem allows a remote attacker to discover private and
+ sensitive information about another clients browsing session.
+ Potentially including credentials which allow access to further
+ sensitive resources..</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-10002</cvename>
+ <cvename>CVE-2016-10003</cvename>
+ <freebsdpr>ports/215416</freebsdpr>
+ <freebsdpr>ports/215418</freebsdpr>
+ <url>http://www.squid-cache.org/Advisories/SQUID-2016_10.txt</url>
+ <url>http://www.squid-cache.org/Advisories/SQUID-2016_11.txt</url>
+ </references>
+ <dates>
+ <discovery>2016-12-16</discovery>
+ <entry>2016-12-23</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="c11629d3-c8ad-11e6-ae1b-002590263bf5">
+ <topic>vim -- arbitrary command execution</topic>
+ <affects>
+ <package>
+ <name>vim</name>
+ <name>vim-lite</name>
+ <range><lt>8.0.0056</lt></range>
+ </package>
+ <package>
+ <name>neovim</name>
+ <range><lt>0.1.7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mitre reports:</p>
+ <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1248">
+ <p>vim before patch 8.0.0056 does not properly validate values for the
+ 'filetype', 'syntax' and 'keymap' options, which may result in the
+ execution of arbitrary code if a file with a specially crafted
+ modeline is opened.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1248</cvename>
+ <bid>94478</bid>
+ <url>https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a</url>
+ <url>https://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040</url>
+ </references>
+ <dates>
+ <discovery>2016-11-22</discovery>
+ <entry>2016-12-23</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="c290f093-c89e-11e6-821e-68f7288bdf41">
+ <topic>Pligg CMS -- XSS Vulnerability</topic>
+ <affects>
+ <package>
+ <name>pligg</name>
+ <range><le>2.0.2,1</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Netsparker reports: </p>
+ <blockquote cite="https://www.netsparker.com/web-applications-advisories/ns-15-011-xss-vulnerability-identified-in-pligg-cms/">
+ <p>Proof of Concept URL for XSS in Pligg CMS:</p>
+ <p>Page: groups.php</p>
+ <p>Parameter Name: keyword</p>
+ <p>Parameter Type: GET</p>
+ <p>Attack Pattern: http://example.com/pligg-cms-2.0.2/groups.php?view=search&keyword='+alert(0x000D82)+'</p>
+ <p>For more information on cross-site scripting vulnerabilities read the article Cross-site Scripting (XSS).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.netsparker.com/web-applications-advisories/ns-15-011-xss-vulnerability-identified-in-pligg-cms/</url>
+ </references>
+ <dates>
+ <discovery>2015-05-13</discovery>
+ <entry>2016-12-22</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="fcedcdbb-c86e-11e6-b1cf-14dae9d210b8">
+ <topic>FreeBSD -- Multiple vulnerabilities of ntp</topic>
+ <affects>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>11.0</ge><lt>11.0_6</lt></range>
+ <range><ge>10.3</ge><lt>10.3_15</lt></range>
+ <range><ge>10.2</ge><lt>10.2_28</lt></range>
+ <range><ge>10.1</ge><lt>10.1_45</lt></range>
+ <range><ge>9.3</ge><lt>9.3_53</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>Multiple vulnerabilities have been discovered in the NTP
+ suite:</p>
+ <p>CVE-2016-9311: Trap crash, Reported by Matthew Van Gundy
+ of Cisco ASIG.</p>
+ <p>CVE-2016-9310: Mode 6 unauthenticated trap information
+ disclosure and DDoS vector. Reported by Matthew Van Gundy
+ of Cisco ASIG.</p>
+ <p>CVE-2016-7427: Broadcast Mode Replay Prevention DoS.
+ Reported by Matthew Van Gundy of Cisco ASIG.</p>
+ <p>CVE-2016-7428: Broadcast Mode Poll Interval Enforcement
+ DoS. Reported by Matthew Van Gundy of Cisco ASIG.</p>
+ <p>CVE-2016-7431: Regression: 010-origin: Zero Origin
+ Timestamp Bypass. Reported by Sharon Goldberg and Aanchal
+ Malhotra of Boston University.</p>
+ <p>CVE-2016-7434: Null pointer dereference in
+ _IO_str_init_static_internal(). Reported by Magnus Stubman.</p>
+ <p>CVE-2016-7426: Client rate limiting and server responses.
+ Reported by Miroslav Lichvar of Red Hat.</p>
+ <p>CVE-2016-7433: Reboot sync calculation problem. Reported
+ independently by Brian Utterback of Oracle, and by Sharon
+ Goldberg and Aanchal Malhotra of Boston University.</p>
+ <h1>Impact:</h1>
+ <p>A remote attacker who can send a specially crafted packet
+ to cause a NULL pointer dereference that will crash ntpd,
+ resulting in a Denial of Service. [CVE-2016-9311]</p>
+ <p>An exploitable configuration modification vulnerability
+ exists in the control mode (mode 6) functionality of ntpd.
+ If, against long-standing BCP recommendations, "restrict
+ default noquery ..." is not specified, a specially crafted
+ control mode packet can set ntpd traps, providing information
+ disclosure and DDoS amplification, and unset ntpd traps,
+ disabling legitimate monitoring by an attacker from remote.
+ [CVE-2016-9310]</p>
+ <p>An attacker with access to the NTP broadcast domain can
+ periodically inject specially crafted broadcast mode NTP
+ packets into the broadcast domain which, while being logged
+ by ntpd, can cause ntpd to reject broadcast mode packets
+ from legitimate NTP broadcast servers. [CVE-2016-7427]</p>
+ <p>An attacker with access to the NTP broadcast domain can
+ send specially crafted broadcast mode NTP packets to the
+ broadcast domain which, while being logged by ntpd, will
+ cause ntpd to reject broadcast mode packets from legitimate
+ NTP broadcast servers. [CVE-2016-7428]</p>
+ <p>Origin timestamp problems were fixed in ntp 4.2.8p6.
+ However, subsequent timestamp validation checks introduced
+ a regression in the handling of some Zero origin timestamp
+ checks. [CVE-2016-7431]</p>
+ <p>If ntpd is configured to allow mrulist query requests
+ from a server that sends a crafted malicious packet, ntpd
+ will crash on receipt of that crafted malicious mrulist
+ query packet. [CVE-2016-7434]</p>
+ <p>An attacker who knows the sources (e.g., from an IPv4
+ refid in server response) and knows the system is (mis)configured
+ in this way can periodically send packets with spoofed
+ source address to keep the rate limiting activated and
+ prevent ntpd from accepting valid responses from its sources.
+ [CVE-2016-7426]</p>
+ <p>Ntp Bug 2085 described a condition where the root delay
+ was included twice, causing the jitter value to be higher
+ than expected. Due to a misinterpretation of a small-print
+ variable in The Book, the fix for this problem was incorrect,
+ resulting in a root distance that did not include the peer
+ dispersion. The calculations and formulas have been reviewed
+ and reconciled, and the code has been updated accordingly.
+ [CVE-2016-7433]</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-7426</cvename>
+ <cvename>CVE-2016-7427</cvename>
+ <cvename>CVE-2016-7428</cvename>
+ <cvename>CVE-2016-7431</cvename>
+ <cvename>CVE-2016-7433</cvename>
+ <cvename>CVE-2016-7434</cvename>
+ <cvename>CVE-2016-9310</cvename>
+ <cvename>CVE-2016-9311</cvename>
+ <freebsdsa>SA-16:39.ntp</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2016-12-22</discovery>
+ <entry>2016-12-22</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="42880202-c81c-11e6-a9a5-b499baebfeaf">
+ <topic>cURL -- buffer overflow</topic>
+ <affects>
+ <package>
+ <name>curl</name>
+ <range><ge>7.1</ge><lt>7.52</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The cURL project reports:</p>
+ <blockquote cite="https://curl.haxx.se/docs/vuln-7.51.0.html">
+ <h2>printf floating point buffer overflow</h2>
+ <p>libcurl's implementation of the printf() functions triggers a
+ buffer overflow when doing a large floating point output. The bug
+ occurs whenthe conversion outputs more than 255 bytes.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://curl.haxx.se/docs/vuln-7.51.0.html</url>
+ <cvename>CVE-2016-9586</cvename>
+ </references>
+ <dates>
+ <discovery>2016-12-21</discovery>
+ <entry>2016-12-22</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="624b45c0-c7f3-11e6-ae1b-002590263bf5">
+ <topic>Joomla! -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>joomla3</name>
+ <range><ge>1.6.0</ge><lt>3.6.5</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The JSST and the Joomla! Security Center report:</p>
+ <blockquote cite="https://developer.joomla.org/security-centre/664-20161201-core-elevated-privileges.html">
+ <h2>[20161201] - Core - Elevated Privileges</h2>
+ <p>Incorrect use of unfiltered data stored to the session on a form
+ validation failure allows for existing user accounts to be modified;
+ to include resetting their username, password, and user group
+ assignments.</p>
+ </blockquote>
+ <blockquote cite="https://developer.joomla.org/security-centre/665-20161202-core-shell-upload.html">
+ <h2>[20161202] - Core - Shell Upload</h2>
+ <p>Inadequate filesystem checks allowed files with alternative PHP
+ file extensions to be uploaded.</p>
+ </blockquote>
+ <blockquote cite="https://developer.joomla.org/security-centre/666-20161203-core-information-disclosure.html">
+ <h2>[20161203] - Core - Information Disclosure</h2>
+ <p>Inadequate ACL checks in the Beez3 com_content article layout
+ override enables a user to view restricted content.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-9836</cvename>
+ <cvename>CVE-2016-9837</cvename>
+ <cvename>CVE-2016-9838</cvename>
+ <url>https://developer.joomla.org/security-centre/664-20161201-core-elevated-privileges.html</url>
+ <url>https://developer.joomla.org/security-centre/665-20161202-core-shell-upload.html</url>
+ <url>https://developer.joomla.org/security-centre/666-20161203-core-information-disclosure.html</url>
+ <url>https://www.joomla.org/announcements/release-news/5693-joomla-3-6-5-released.html</url>
+ </references>
+ <dates>
+ <discovery>2016-12-06</discovery>
+ <entry>2016-12-22</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a27d234a-c7f2-11e6-ae1b-002590263bf5">
+ <topic>Joomla! -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>joomla3</name>
+ <range><ge>3.4.4</ge><lt>3.6.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The JSST and the Joomla! Security Center report:</p>
+ <blockquote cite="https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html">
+ <h2>[20161001] - Core - Account Creation</h2>
+ <p>Inadequate checks allows for users to register on a site when
+ registration has been disabled.</p>
+ </blockquote>
+ <blockquote cite="https://developer.joomla.org/security-centre/660-20161002-core-elevated-privileges.html">
+ <h2>[20161002] - Core - Elevated Privilege</h2>
+ <p>Incorrect use of unfiltered data allows for users to register on a
+ site with elevated privileges.</p>
+ </blockquote>
+ <blockquote cite="https://developer.joomla.org/security-centre/661-20161003-core-account-modifications.html">
+ <h2>[20161003] - Core - Account Modifications</h2>
+ <p>Incorrect use of unfiltered data allows for existing user accounts
+ to be modified; to include resetting their username, password, and
+ user group assignments.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-8869</cvename>
+ <cvename>CVE-2016-8870</cvename>
+ <cvename>CVE-2016-9081</cvename>
+ <url>https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html</url>
+ <url>https://developer.joomla.org/security-centre/660-20161002-core-elevated-privileges.html</url>
+ <url>https://developer.joomla.org/security-centre/661-20161003-core-account-modifications.html</url>
+ <url>https://www.joomla.org/announcements/release-news/5678-joomla-3-6-4-released.html</url>
+ </references>
+ <dates>
+ <discovery>2016-10-25</discovery>
+ <entry>2016-12-22</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f0806cad-c7f1-11e6-ae1b-002590263bf5">
+ <topic>Joomla! -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>joomla3</name>
+ <range><ge>1.6.0</ge><lt>3.6.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The JSST and the Joomla! Security Center report:</p>
+ <blockquote cite="https://developer.joomla.org/security-centre/652-20160801-core-core-acl-violations.html">
+ <h2>[20160801] - Core - ACL Violation</h2>
+ <p>Inadequate ACL checks in com_content provide potential read access
+ to data which should be access restricted to users with edit_own
+ level.</p>
+ </blockquote>
+ <blockquote cite="https://developer.joomla.org/security-centre/653-20160802-core-xss-vulnerability.html">
+ <h2>[20160802] - Core - XSS Vulnerability</h2>
+ <p>Inadequate escaping leads to XSS vulnerability in mail component.
+ </p>
+ </blockquote>
+ <blockquote cite="https://developer.joomla.org/security-centre/654-20160803-core-csrf.html">
+ <h2>[20160803] - Core - CSRF</h2>
+ <p>Add additional CSRF hardening in com_joomlaupdate.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://developer.joomla.org/security-centre/652-20160801-core-core-acl-violations.html</url>
+ <url>https://developer.joomla.org/security-centre/653-20160802-core-xss-vulnerability.html</url>
+ <url>https://developer.joomla.org/security-centre/654-20160803-core-csrf.html</url>
+ <url>https://www.joomla.org/announcements/release-news/5665-joomla-3-6-1-released.html</url>
+ </references>
+ <dates>
+ <discovery>2016-08-03</discovery>
+ <entry>2016-12-22</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="c0ef061a-c7f0-11e6-ae1b-002590263bf5">
+ <topic>Joomla! -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>joomla3</name>
+ <range><ge>1.5.0</ge><lt>3.4.7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The JSST and the Joomla! Security Center report:</p>
+ <blockquote cite="https://developer.joomla.org/security-centre/639-20151206-core-session-hardening.html">
+ <h2>[20151206] - Core - Session Hardening</h2>
+ <p>The Joomla Security Strike team has been following up on the
+ critical security vulnerability patched last week. Since the recent
+ update it has become clear that the root cause is a bug in PHP
+ itself. This was fixed by PHP in September of 2015 with the releases
+ of PHP 5.4.45, 5.5.29, 5.6.13 (Note that this is fixed in all
+ versions of PHP 7 and has been back-ported in some specific Linux
+ LTS versions of PHP 5.3). This fixes the bug across all supported
+ PHP versions.</p>
+ </blockquote>
+ <blockquote cite="https://developer.joomla.org/security-centre/640-20151207-core-sql-injection.html">
+ <h2>[20151207] - Core - SQL Injection</h2>
+ <p>Inadequate filtering of request data leads to a SQL Injection
+ vulnerability.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://developer.joomla.org/security-centre/639-20151206-core-session-hardening.html</url>
+ <url>https://developer.joomla.org/security-centre/640-20151207-core-sql-injection.html</url>
+ <url>https://www.joomla.org/announcements/release-news/5643-joomla-3-4-7.html</url>
+ </references>
+ <dates>
+ <discovery>2015-12-21</discovery>
+ <entry>2016-12-22</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="3ae078ca-c7eb-11e6-ae1b-002590263bf5">
+ <topic>xen-kernel -- x86 PV guests may be able to mask interrupts</topic>
+ <affects>
+ <package>
+ <name>xen-kernel</name>
+ <range><lt>4.7.1_3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="https://xenbits.xen.org/xsa/advisory-202.html">
+ <p>Certain PV guest kernel operations (page table writes in
+ particular) need emulation, and use Xen's general x86 instruction
+ emulator. This allows a malicious guest kernel which asynchronously
+ modifies its instruction stream to effect the clearing of EFLAGS.IF
+ from the state used to return to guest context.</p>
+ <p>A malicious guest kernel administrator can cause a host hang or
+ crash, resulting in a Denial of Service.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-10024</cvename>
+ <url>https://xenbits.xen.org/xsa/advisory-202.html</url>
+ </references>
+ <dates>
+ <discovery>2016-12-21</discovery>
+ <entry>2016-12-22</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="862d6ab3-c75e-11e6-9f98-20cf30e32f6d">
+ <topic>Apache httpd -- several vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>apache24</name>
+ <range><lt>2.4.25</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Apache Software Foundation reports:</p>
+ <blockquote cite="http://httpd.apache.org/security/vulnerabilities_24.html">
+ <ul>
+ <li>Important: Apache HTTP Request Parsing Whitespace Defects CVE-2016-8743<br/>
+ Apache HTTP Server, prior to release 2.4.25, accepted a broad
+ pattern of unusual whitespace patterns from the user-agent,
+ including bare CR, FF, VTAB in parsing the request line and
+ request header lines, as well as HTAB in parsing the request line.
+ Any bare CR present in request lines was treated as whitespace and
+ remained in the request field member "the_request", while a bare
+ CR in the request header field name would be honored as
+ whitespace, and a bare CR in the request header field value was
+ retained the input headers array. Implied additional whitespace
+ was accepted in the request line and prior to the
+ ':' delimiter of any request header lines.<br/><br/>
+ RFC7230 Section 3.5 calls out some of these whitespace exceptions,
+ and section 3.2.3 eliminated and clarified the role of implied
+ whitespace in the grammer of this specification. Section 3.1.1
+ requires exactly one single SP between the method and
+ request-target, and between the request-target and HTTP-version,
+ followed immediately by a CRLF sequence. None of these
+ fields permit any (unencoded) CTL character whatsoever. Section
+ 3.2.4 explicitly disallowed any whitespace from the request header
+ field prior to the ':' character, while Section 3.2 disallows all
+ CTL characters in the request header line other than the HTAB
+ character as whitespace.<br/><br/>
+ These defects represent a security concern when httpd is
+ participating in any chain of proxies or interacting with back-end
+ application servers, either through mod_proxy or using conventional
+ CGI mechanisms. In each case where one agent accepts such CTL
+ characters and does not treat them as whitespace, there is the
+ possiblity in a proxy chain of generating two responses from a
+ server behind the uncautious proxy agent. In a sequence of two
+ requests, this results in request A to the first proxy being
+ interpreted as requests A + A' by the backend server, and if
+ requests A and B were submitted to the first proxy in a keepalive
+ connection, the proxy may interpret response A' as the response to
+ request B, polluting the cache or potentially serving the A' content
+ to a different downstream user-agent.<br/><br/>
+ These defects are addressed with the release of Apache HTTP Server
+ 2.4.25 and coordinated by a new directive<br/>
+ HttpProtocolOptions Strict<br/>
+ </li>
+ </ul><ul>
+ <li>low: DoS vulnerability in mod_auth_digest CVE-2016-2161<br/>
+ Malicious input to mod_auth_digest will cause the server to crash,
+ and each instance continues to crash even for subsequently valid
+ requests.<br/>
+ </li>
+ </ul><ul>
+ <li>low: Padding Oracle in Apache mod_session_crypto CVE-2016-0736<br/>
+ Authenticate the session data/cookie presented to mod_session_crypto
+ with a MAC (SipHash) to prevent deciphering or tampering with a
+ padding oracle attack.<br/>
+ </li>
+ </ul><ul>
+ <li>low: Padding Oracle in Apache mod_session_crypto CVE-2016-0736<br/>
+ Authenticate the session data/cookie presented to mod_session_crypto
+ with a MAC (SipHash) to prevent deciphering or tampering with a
+ padding oracle attack.<br/>
+ </li>
+ </ul><ul>
+ <li>low: HTTP/2 CONTINUATION denial of service CVE-2016-8740<br/>
+ The HTTP/2 protocol implementation (mod_http2) had an incomplete
+ handling of the LimitRequestFields directive. This allowed an
+ attacker to inject unlimited request headers into the server,
+ leading to eventual memory exhaustion.<br/>
+ </li>
+ </ul><ul>
+ <li>n/a: HTTP_PROXY environment variable "httpoxy" mitigation CVE-2016-5387<br/>
+ HTTP_PROXY is a well-defined environment variable in a CGI process,
+ which collided with a number of libraries which failed to avoid
+ colliding with this CGI namespace. A mitigation is provided for the
+ httpd CGI environment to avoid populating the "HTTP_PROXY" variable
+ from a "Proxy:" header, which has never been registered by IANA.
+ </li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://httpd.apache.org/security/vulnerabilities_24.html</url>
+ <cvename>CVE-2016-8743</cvename>
+ <cvename>CVE-2016-2161</cvename>
+ <cvename>CVE-2016-0736</cvename>
+ <cvename>CVE-2016-8740</cvename>
+ <cvename>CVE-2016-5387</cvename>
+ </references>
+ <dates>
+ <discovery>2016-12-20</discovery>
+ <entry>2016-12-21</entry>
+ <modified>2016-12-22</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="942433db-c661-11e6-ae1b-002590263bf5">
+ <topic>xen-kernel -- x86: Mishandling of SYSCALL singlestep during emulation</topic>
+ <affects>
+ <package>
+ <name>xen-kernel</name>
+ <range><lt>4.7.1_2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-204.html">
+ <p>The typical behaviour of singlestepping exceptions is determined at
+ the start of the instruction, with a #DB trap being raised at the
+ end of the instruction. SYSCALL (and SYSRET, although we don't
+ implement it) behave differently because the typical behaviour
+ allows userspace to escalate its privilege. (This difference in
+ behaviour seems to be undocumented.) Xen wrongly raised the
+ exception based on the flags at the start of the instruction.</p>
+ <p>Guest userspace which can invoke the instruction emulator can use
+ this flaw to escalate its privilege to that of the guest kernel.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-10013</cvename>
+ <url>http://xenbits.xen.org/xsa/advisory-204.html</url>
+ </references>
+ <dates>
+ <discovery>2016-12-19</discovery>
+ <entry>2016-12-20</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e47ab5db-c333-11e6-ae1b-002590263bf5">
+ <topic>atheme-services -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>atheme-services</name>
+ <range><lt>7.2.7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mitre reports:</p>
+ <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9773">
+ <p>modules/chanserv/flags.c in Atheme before 7.2.7 allows remote
+ attackers to modify the Anope FLAGS behavior by registering and
+ dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks.</p>
+ </blockquote>
+ <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4478">
+ <p>Buffer overflow in the xmlrpc_char_encode function in
+ modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows
+ remote attackers to cause a denial of service via vectors related
+ to XMLRPC response encoding.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <freebsdpr>ports/209217</freebsdpr>
+ <cvename>CVE-2014-9773</cvename>
+ <cvename>CVE-2016-4478</cvename>
+ <url>https://github.com/atheme/atheme/commit/87580d767868360d2fed503980129504da84b63e</url>
+ <url>https://github.com/atheme/atheme/commit/c597156adc60a45b5f827793cd420945f47bc03b</url>
+ </references>
+ <dates>
+ <discovery>2016-01-09</discovery>
+ <entry>2016-12-16</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="512c0ffd-cd39-4da4-b2dc-81ff4ba8e238">
+ <topic>mozilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>50.1.0_1,1</lt></range>
+ </package>
+ <package>
+ <name>seamonkey</name>
+ <name>linux-seamonkey</name>
+ <range><lt>2.47</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>45.6.0,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>45.6.0,2</lt></range>
+ </package>
+ <package>
+ <name>libxul</name>
+ <name>thunderbird</name>
+ <name>linux-thunderbird</name>
+ <range><lt>45.6.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/">
+ <p>CVE-2016-9894: Buffer overflow in SkiaGL</p>
+ <p>CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements</p>
+ <p>CVE-2016-9895: CSP bypass using marquee tag</p>
+ <p>CVE-2016-9896: Use-after-free with WebVR</p>
+ <p>CVE-2016-9897: Memory corruption in libGLES</p>
+ <p>CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees</p>
+ <p>CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs</p>
+ <p>CVE-2016-9904: Cross-origin information leak in shared atoms</p>
+ <p>CVE-2016-9901: Data from Pocket server improperly sanitized before execution</p>
+ <p>CVE-2016-9902: Pocket extension does not validate the origin of events</p>
+ <p>CVE-2016-9903: XSS injection vulnerability in add-ons SDK</p>
+ <p>CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1</p>
+ <p>CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-9894</cvename>
+ <cvename>CVE-2016-9899</cvename>
+ <cvename>CVE-2016-9895</cvename>
+ <cvename>CVE-2016-9896</cvename>
+ <cvename>CVE-2016-9897</cvename>
+ <cvename>CVE-2016-9898</cvename>
+ <cvename>CVE-2016-9900</cvename>
+ <cvename>CVE-2016-9904</cvename>
+ <cvename>CVE-2016-9901</cvename>
+ <cvename>CVE-2016-9902</cvename>
+ <cvename>CVE-2016-9903</cvename>
+ <cvename>CVE-2016-9080</cvename>
+ <cvename>CVE-2016-9893</cvename>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-94/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-95/</url>
+ </references>
+ <dates>
+ <discovery>2016-12-13</discovery>
+ <entry>2016-12-14</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="54e50cd9-c1a8-11e6-ae1b-002590263bf5">
+ <topic>wordpress -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>wordpress</name>
+ <range><lt>4.6.1,1</lt></range>
+ </package>
+ <package>
+ <name>de-wordpress</name>
+ <name>ja-wordpress</name>
+ <name>ru-wordpress</name>
+ <name>zh-wordpress-zh_CN</name>
+ <name>zh-wordpress-zh_TW</name>
+ <range><lt>4.6.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jeremy Felt reports:</p>
+ <blockquote cite="https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/">
+ <p>WordPress versions 4.6 and earlier are affected by two security
+ issues: a cross-site scripting vulnerability via image filename,
+ reported by SumOfPwn researcher Cengiz Han Sahin; and a path
+ traversal vulnerability in the upgrade package uploader, reported
+ by Dominik Schilling from the WordPress security team.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/</url>
+ </references>
+ <dates>
+ <discovery>2016-09-07</discovery>
+ <entry>2016-12-14</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="80a897a2-c1a6-11e6-ae1b-002590263bf5">
+ <topic>xen-kernel -- x86 CMPXCHG8B emulation fails to ignore operand size override</topic>
+ <affects>
+ <package>
+ <name>xen-kernel</name>
+ <range><lt>4.7.1_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="http://xenbits.xen.org/xsa/advisory-200.html">
+ <p>The x86 instruction CMPXCHG8B is supposed to ignore legacy operand
+ size overrides; it only honors the REX.W override (making it
+ CMPXCHG16B). So, the operand size is always 8 or 16. When support
+ for CMPXCHG16B emulation was added to the instruction emulator,
+ this restriction on the set of possible operand sizes was relied on
+ in some parts of the emulation; but a wrong, fully general, operand
+ size value was used for other parts of the emulation. As a result,
+ if a guest uses a supposedly-ignored operand size prefix, a small
+ amount of hypervisor stack data is leaked to the guests: a 96 bit
+ leak to guests running in 64-bit mode; or, a 32 bit leak to other
+ guests.</p>
+ <p>A malicious unprivileged guest may be able to obtain sensitive
+ information from the host.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-9932</cvename>
+ <url>http://xenbits.xen.org/xsa/advisory-200.html</url>
+ </references>
+ <dates>
+ <discovery>2016-12-13</discovery>
+ <entry>2016-12-14</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="2d56308b-c0a8-11e6-a9a5-b499baebfeaf">
+ <topic>PHP -- Multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>php56</name>
+ <range><lt>5.6.29</lt></range>
+ </package>
+ <package>
+ <name>php70</name>
+ <range><lt>7.0.14</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The PHP project reports:</p>
+ <blockquote cite="http://php.net/archive/2016.php#id2016-12-08-1">
+ <p>This is a security release. Several security bugs were fixed in
+ this release.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://php.net/archive/2016.php#id2016-12-08-1</url>
+ <url>http://php.net/archive/2016.php#id2016-12-08-2</url>
+ </references>
+ <dates>
+ <discovery>2016-12-12</discovery>
+ <entry>2016-12-12</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="c0b13887-be44-11e6-b04f-001999f8d30b">
+ <topic>asterisk -- Authentication Bypass</topic>
+ <affects>
+ <package>
+ <name>asterisk11</name>
+ <range><lt>11.25.1</lt></range>
+ </package>
+ <package>
+ <name>asterisk13</name>
+ <range><lt>13.13.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Asterisk project reports:</p>
+ <blockquote cite="http://www.asterisk.org/downloads/security-advisories">
+ <p>The chan_sip channel driver has a liberal definition
+ for whitespace when attempting to strip the content between
+ a SIP header name and a colon character. Rather than
+ following RFC 3261 and stripping only spaces and horizontal
+ tabs, Asterisk treats any non-printable ASCII character
+ as if it were whitespace.</p>
+ <p>This mostly does not pose a problem until Asterisk is
+ placed in tandem with an authenticating SIP proxy. In
+ such a case, a crafty combination of valid and invalid
+ To headers can cause a proxy to allow an INVITE request
+ into Asterisk without authentication since it believes
+ the request is an in-dialog request. However, because of
+ the bug described above, the request will look like an
+ out-of-dialog request to Asterisk. Asterisk will then
+ process the request as a new call. The result is that
+ Asterisk can process calls from unvetted sources without
+ any authentication.</p>
+ <p>If you do not use a proxy for authentication, then
+ this issue does not affect you.</p>
+ <p>If your proxy is dialog-aware (meaning that the proxy
+ keeps track of what dialogs are currently valid), then
+ this issue does not affect you.</p>
+ <p>If you use chan_pjsip instead of chan_sip, then this
+ issue does not affect you.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://downloads.digium.com/pub/security/ASTERISK-2016-009.html</url>
+ </references>
+ <dates>
+ <discovery>2016-11-28</discovery>
+ <entry>2016-12-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="9e6640fe-be3a-11e6-b04f-001999f8d30b">
+ <topic>asterisk -- Crash on SDP offer or answer from endpoint using Opus</topic>
+ <affects>
+ <package>
+ <name>asterisk13</name>
+ <range><ge>13.12.0</ge><lt>13.13.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Asterisk project reports:</p>
+ <blockquote cite="http://www.asterisk.org/downloads/security-advisories">
+ <p>If an SDP offer or answer is received with the Opus
+ codec and with the format parameters separated using a
+ space the code responsible for parsing will recursively
+ call itself until it crashes. This occurs as the code
+ does not properly handle spaces separating the parameters.
+ This does NOT require the endpoint to have Opus configured
+ in Asterisk. This also does not require the endpoint to
+ be authenticated. If guest is enabled for chan_sip or
+ anonymous in chan_pjsip an SDP offer or answer is still
+ processed and the crash occurs.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://downloads.asterisk.org/pub/security/AST-2016-008.html</url>
+ </references>
+ <dates>
+ <discovery>2016-11-11</discovery>
+ <entry>2016-12-09</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="eab68cff-bc0c-11e6-b2ca-001b3856973b">
+ <topic>cryptopp -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>cryptopp</name>
+ <range><lt>5.6.5</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Multiple sources report:</p>
+ <blockquote cite="https://eprint.iacr.org/2015/368">
+ <p>CVE-2015-2141: The InvertibleRWFunction::CalculateInverse function
+ in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key
+ operations for the Rabin-Williams digital signature algorithm, which
+ allows remote attackers to obtain private keys via a timing attack.
+ Fixed in 5.6.3.</p>
+ </blockquote>
+ <blockquote cite="https://github.com/weidai11/cryptopp/issues/146">
+ <p>CVE-2016-3995: Incorrect implementation of Rijndael timing attack
+ countermeasure. Fixed in 5.6.4.</p>
+ </blockquote>
+ <blockquote cite="https://github.com/weidai11/cryptopp/issues/277">
+ <p>CVE-2016-7420: Library built without -DNDEBUG could egress sensitive
+ information to the filesystem via a core dump if an assert was triggered.
+ Fixed in 5.6.5.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://eprint.iacr.org/2015/368</url>
+ <url>https://github.com/weidai11/cryptopp/issues/146</url>
+ <url>https://github.com/weidai11/cryptopp/issues/277</url>
+ <cvename>CVE-2015-2141</cvename>
+ <cvename>CVE-2016-3995</cvename>
+ <cvename>CVE-2016-7420</cvename>
+ </references>
+ <dates>
+ <discovery>2015-02-27</discovery>
+ <entry>2016-12-06</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e722e3c6-bbee-11e6-b1cf-14dae9d210b8">
+ <topic>FreeBSD -- bhyve(8) virtual machine escape</topic>
+ <affects>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>11.0</ge><lt>11.0_4</lt></range>
+ <range><ge>10.3</ge><lt>10.3_13</lt></range>
+ <range><ge>10.2</ge><lt>10.2_26</lt></range>
+ <range><ge>10.1</ge><lt>10.1_43</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>The bounds checking of accesses to guest memory greater
+ than 4GB by device emulations is subject to integer
+ overflow.</p>
+ <h1>Impact:</h1>
+ <p>For a bhyve virtual machine with more than 3GB of guest
+ memory configured, a malicious guest could craft device
+ descriptors that could give it access to the heap of the
+ bhyve process. Since the bhyve process is running as root,
+ this may allow guests to obtain full control of the hosts
+ they're running on.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1889</cvename>
+ <freebsdsa>SA-16:38.bhyve</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2016-12-06</discovery>
+ <entry>2016-12-06</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="0282269d-bbee-11e6-b1cf-14dae9d210b8">
+ <topic>FreeBSD -- link_ntoa(3) buffer overflow</topic>
+ <affects>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>11.0</ge><lt>11.0_5</lt></range>
+ <range><ge>10.3</ge><lt>10.3_14</lt></range>
+ <range><ge>10.2</ge><lt>10.2_27</lt></range>
+ <range><ge>10.1</ge><lt>10.1_44</lt></range>
+ <range><ge>9.3</ge><lt>9.3_52</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>A specially crafted argument can trigger a static buffer
+ overflow in the library, with possibility to rewrite following
+ static buffers that belong to other library functions.</p>
+ <h1>Impact:</h1>
+ <p>Due to very limited use of the function in the existing
+ applications, and limited length of the overflow, exploitation
+ of the vulnerability does not seem feasible. None of the
+ utilities and daemons in the base system are known to be
+ vulnerable. However, careful review of third party software
+ that may use the function was not performed.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-6559</cvename>
+ <freebsdsa>SA-16:37.libc</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2016-12-06</discovery>
+ <entry>2016-12-06</entry>
+ <modified>2016-12-08</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="e00304d2-bbed-11e6-b1cf-14dae9d210b8">
+ <topic>FreeBSD -- Possible login(1) argument injection in telnetd(8)</topic>
+ <affects>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>11.0</ge><lt>11.0_4</lt></range>
+ <range><ge>10.3</ge><lt>10.3_13</lt></range>
+ <range><ge>10.2</ge><lt>10.2_26</lt></range>
+ <range><ge>10.1</ge><lt>10.1_43</lt></range>
+ <range><ge>9.3</ge><lt>9.3_51</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>An unexpected sequence of memory allocation failures
+ combined with insufficient error checking could result in
+ the construction and execution of an argument sequence that
+ was not intended.</p>
+ <h1>Impact:</h1>
+ <p>An attacker who controls the sequence of memory allocation
+ failures and success may cause login(1) to run without
+ authentication and may be able to cause misbehavior of
+ login(1) replacements.</p>
+ <p>No practical way of controlling these memory allocation
+ failures is known at this time.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1888</cvename>
+ <freebsdsa>SA-16:36.telnetd</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2016-12-06</discovery>
+ <entry>2016-12-06</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="cb0bf1ec-bb92-11e6-a9a5-b499baebfeaf">
+ <topic>Apache httpd -- denial of service in HTTP/2</topic>
+ <affects>
+ <package>
+ <name>apache24</name>
+ <range><ge>2.4.17</ge><le>2.4.23_1</le></range>
+ </package>
+ <package>
+ <name>mod_http2-devel</name>
+ <range><lt>1.8.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>mod_http2 reports:</p>
+ <blockquote cite="http://mail-archives.apache.org/mod_mbox/httpd-announce/201612.mbox/%3C1A097A43-7CCB-4BA1-861F-E0C7EEE83A4B%40apache.org%3E">
+ <p>The Apache HTTPD web server (from 2.4.17-2.4.23) did not apply
+ limitations on request headers correctly when experimental module
+ for the HTTP/2 protocol is used to access a resource.</p>
+ <p>The net result is that a the server allocates too much memory
+ instead of denying the request. This can lead to memory exhaustion
+ of the server by a properly crafted request.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://mail-archives.apache.org/mod_mbox/httpd-announce/201612.mbox/%3C1A097A43-7CCB-4BA1-861F-E0C7EEE83A4B%40apache.org%3E</url>
+ <url>https://github.com/icing/mod_h2/releases/tag/v1.8.3</url>
+ <cvename>CVE-2016-8740</cvename>
+ </references>
+ <dates>
+ <discovery>2016-12-06</discovery>
+ <entry>2016-12-06</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="603fe0a1-bb26-11e6-8e5a-3065ec8fd3ec">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <name>chromium-npapi</name>
+ <name>chromium-pulse</name>
+ <range><lt>55.0.2883.75</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="https://googlechromereleases.blogspot.nl/2016/12/stable-channel-update-for-desktop.html">
+ <p>36 security fixes in this release, including:</p>
+ <ul>
+ <li>[664411] High CVE-2016-9651: Private property access in V8.
+ Credit to Guang Gong of Alpha Team Of Qihoo 360</li>
+ <li>[658535] High CVE-2016-5208: Universal XSS in Blink. Credit to
+ Mariusz Mlynski</li>
+ <li>[655904] High CVE-2016-5207: Universal XSS in Blink. Credit to
+ Mariusz Mlynski</li>
+ <li>[653749] High CVE-2016-5206: Same-origin bypass in PDFium.
+ Credit to Rob Wu (robwu.nl)</li>
+ <li>[646610] High CVE-2016-5205: Universal XSS in Blink. Credit to
+ Anonymous</li>
+ <li>[630870] High CVE-2016-5204: Universal XSS in Blink. Credit to
+ Mariusz Mlynski</li>
+ <li>[664139] High CVE-2016-5209: Out of bounds write in Blink.
+ Credit to Giwan Go of STEALIEN</li>
+ <li>[644219] High CVE-2016-5203: Use after free in PDFium. Credit
+ to Anonymous</li>
+ <li>[654183] High CVE-2016-5210: Out of bounds write in PDFium.
+ Credit to Ke Liu of Tencent's Xuanwu LAB</li>
+ <li>[653134] High CVE-2016-5212: Local file disclosure in DevTools.
+ Credit to Khalil Zhani</li>
+ <li>[649229] High CVE-2016-5211: Use after free in PDFium. Credit
+ to Anonymous</li>
+ <li>[652548] High CVE-2016-5213: Use after free in V8. Credit to
+ Khalil Zhani</li>
+ <li>[601538] Medium CVE-2016-5214: File download protection bypass.
+ Credit to Jonathan Birch and MSVR</li>
+ <li>[653090] Medium CVE-2016-5216: Use after free in PDFium. Credit
+ to Anonymous</li>
+ <li>[619463] Medium CVE-2016-5215: Use after free in Webaudio.
+ Credit to Looben Yang</li>
+ <li>[654280] Medium CVE-2016-5217: Use of unvalidated data in
+ PDFium. Credit to Rob Wu (robwu.nl)</li>
+ <li>[660498] Medium CVE-2016-5218: Address spoofing in Omnibox.
+ Credit to Abdulrahman Alqabandi (@qab)</li>
+ <li>[657568] Medium CVE-2016-5219: Use after free in V8. Credit to
+ Rob Wu (robwu.nl)</li>
+ <li>[660854] Medium CVE-2016-5221: Integer overflow in ANGLE.
+ Credit to Tim Becker of ForAllSecure</li>
+ <li>[654279] Medium CVE-2016-5220: Local file access in PDFium.
+ Credit to Rob Wu (robwu.nl)</li>
+ <li>[657720] Medium CVE-2016-5222: Address spoofing in Omnibox.
+ Credit to xisigr of Tencent's Xuanwu Lab</li>
+ <li>[653034] Low CVE-2016-9650: CSP Referrer disclosure. Credit to
+ Jakub Żoczek</li>
+ <li>[652038] Low CVE-2016-5223: Integer overflow in PDFium. Credit
+ to Hwiwon Lee</li>
+ <li>[639750] Low CVE-2016-5226: Limited XSS in Blink. Credit to Jun
+ Kokatsu (@shhnjk)</li>
+ <li>[630332] Low CVE-2016-5225: CSP bypass in Blink. Credit to
+ Scott Helme (@Scott_Helme, scotthelme.co.uk)</li>
+ <li>[615851] Low CVE-2016-5224: Same-origin bypass in SVG. Credit
+ to Roeland Krak</li>
+ <li>[669928] CVE-2016-9652: Various fixes from internal audits,
+ fuzzing and other initiatives</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-9651</cvename>
+ <cvename>CVE-2016-5208</cvename>
+ <cvename>CVE-2016-5207</cvename>
+ <cvename>CVE-2016-5206</cvename>
+ <cvename>CVE-2016-5205</cvename>
+ <cvename>CVE-2016-5204</cvename>
+ <cvename>CVE-2016-5209</cvename>
+ <cvename>CVE-2016-5203</cvename>
+ <cvename>CVE-2016-5210</cvename>
+ <cvename>CVE-2016-5212</cvename>
+ <cvename>CVE-2016-5211</cvename>
+ <cvename>CVE-2016-5213</cvename>
+ <cvename>CVE-2016-5214</cvename>
+ <cvename>CVE-2016-5216</cvename>
+ <cvename>CVE-2016-5215</cvename>
+ <cvename>CVE-2016-5217</cvename>
+ <cvename>CVE-2016-5218</cvename>
+ <cvename>CVE-2016-5219</cvename>
+ <cvename>CVE-2016-5221</cvename>
+ <cvename>CVE-2016-5220</cvename>
+ <cvename>CVE-2016-5222</cvename>
+ <cvename>CVE-2016-9650</cvename>
+ <cvename>CVE-2016-5223</cvename>
+ <cvename>CVE-2016-5226</cvename>
+ <cvename>CVE-2016-5225</cvename>
+ <cvename>CVE-2016-5224</cvename>
+ <cvename>CVE-2016-9652</cvename>
+ <url>https://googlechromereleases.blogspot.nl/2016/12/stable-channel-update-for-desktop.html</url>
+ </references>
+ <dates>
+ <discovery>2016-12-01</discovery>
+ <entry>2016-12-05</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e1f67063-aab4-11e6-b2d3-60a44ce6887b">
+ <topic>ImageMagick7 -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>ImageMagick7</name>
+ <name>ImageMagick7-nox11</name>
+ <range><lt>7.0.3.6</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Multiple sources report:</p>
+ <blockquote cite="https://github.com/ImageMagick/ImageMagick/issues/296">
+ <p>CVE-2016-9298: heap overflow in WaveletDenoiseImage(), fixed in ImageMagick7-7.0.3.6, discovered 2016-10-31</p>
+ </blockquote>
+ <blockquote cite="https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/">
+ <p>CVE-2016-8866: memory allocation failure in AcquireMagickMemory (incomplete previous fix for CVE-2016-8862), not fixed yet with the release of this announcement, re-discovered 2016-10-13.</p>
+ </blockquote>
+ <blockquote cite="https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/">
+ <p>CVE-2016-8862: memory allocation failure in AcquireMagickMemory, initially partially fixed in ImageMagick7-7.0.3.3, discovered 2016-09-14.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/ImageMagick/ImageMagick/issues/296</url>
+ <url>https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/</url>
+ <url>https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/</url>
+ <cvename>CVE-2016-9298</cvename>
+ <cvename>CVE-2016-8866</cvename>
+ <cvename>CVE-2016-8862</cvename>
+ <freebsdpr>ports/214514</freebsdpr>
+ </references>
+ <dates>
+ <discovery>2016-09-14</discovery>
+ <entry>2016-12-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="bc4898d5-a794-11e6-b2d3-60a44ce6887b">
+ <topic>Pillow -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>py27-pillow</name>
+ <name>py33-pillow</name>
+ <name>py34-pillow</name>
+ <name>py35-pillow</name>
+ <range><lt>3.3.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Pillow reports:</p>
+ <blockquote cite="http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html">
+ <p>Pillow prior to 3.3.2 may experience integer overflow
+ errors in map.c when reading specially crafted image files. This may
+ lead to memory disclosure or corruption.</p>
+ <p>Pillow prior to 3.3.2 and PIL 1.1.7 (at least) do not check
+ for negative image sizes in ImagingNew in Storage.c. A negative image
+ size can lead to a smaller allocation than expected, leading to arbi
+ trary writes.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html</url>
+ <url>https://github.com/python-pillow/Pillow/issues/2105</url>
+ <cvename>CVE-2016-9189</cvename>
+ <cvename>CVE-2016-9190</cvename>
+ <freebsdpr>ports/214410</freebsdpr>
+ </references>
+ <dates>
+ <discovery>2016-09-06</discovery>
+ <entry>2016-12-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="19d35b0f-ba73-11e6-b1cf-14dae9d210b8">
+ <topic>ImageMagick -- heap overflow vulnerability</topic>
+ <affects>
+ <package>
+ <name>ImageMagick</name>
+ <name>ImageMagick-nox11</name>
+ <range><lt>6.9.6.4,1</lt></range>
+ </package>
+ <package>
+ <name>ImageMagick7</name>
+ <name>ImageMagick7-nox11</name>
+ <range><lt>7.0.3.7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Bastien Roucaries reports:</p>
+ <blockquote cite="http://seclists.org/oss-sec/2016/q4/413">
+ <p>Imagemagick before 3cbfb163cff9e5b8cdeace8312e9bfee810ed02b
+ suffer from a heap overflow in WaveletDenoiseImage(). This problem is
+ easelly trigerrable from a perl script.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://seclists.org/oss-sec/2016/q4/413</url>
+ <url>https://github.com/ImageMagick/ImageMagick/issues/296</url>
+ <cvename>CVE-2016-9298</cvename>
+ <freebsdpr>ports/214517</freebsdpr>
+ <freebsdpr>ports/214511</freebsdpr>
+ <freebsdpr>ports/214520</freebsdpr>
+ </references>
+ <dates>
+ <discovery>2016-11-13</discovery>
+ <entry>2016-12-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="e5dcb942-ba6f-11e6-b1cf-14dae9d210b8">
+ <topic>py-cryptography -- vulnerable HKDF key generation</topic>
+ <affects>
+ <package>
+ <name>py27-cryptography</name>
+ <name>py33-cryptography</name>
+ <name>py34-cryptography</name>
+ <name>py35-cryptography</name>
+ <range><lt>1.5.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Alex Gaynor reports:</p>
+ <blockquote cite="https://github.com/pyca/cryptography/commit/b94cacf2ae6e75e4007a79709bbf5360435b512d">
+ <p>Fixed a bug where ``HKDF`` would return an empty
+ byte-string if used with a ``length`` less than
+ ``algorithm.digest_size``.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/pyca/cryptography/commit/b94cacf2ae6e75e4007a79709bbf5360435b512d</url>
+ <cvename>CVE-2016-9243</cvename>
+ <freebsdpr>ports/214915</freebsdpr>
+ </references>
+ <dates>
+ <discovery>2016-11-05</discovery>
+ <entry>2016-12-04</entry>
+ <modified>2016-12-06</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="a228c7a0-ba66-11e6-b1cf-14dae9d210b8">
+ <topic>qemu -- denial of service vulnerability</topic>
+ <affects>
+ <package>
+ <name>qemu</name>
+ <name>qemu-devel</name>
+ <name>qemu-sbruno</name>
+ <range><lt>2.3.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Daniel P. Berrange reports:</p>
+ <blockquote cite="https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04895.html">
+ <p>The VNC server websockets decoder will read and buffer data
+ from websockets clients until it sees the end of the HTTP headers,
+ as indicated by \r\n\r\n. In theory this allows a malicious to
+ trick QEMU into consuming an arbitrary amount of RAM.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04895.html</url>
+ <cvename>CVE-2015-1779</cvename>
+ <freebsdpr>ports/206725</freebsdpr>
+ </references>
+ <dates>
+ <discovery>2015-03-23</discovery>
+ <entry>2016-12-04</entry>
+ <modified>2016-12-06</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="59f79c99-ba4d-11e6-ae1b-002590263bf5">
+ <topic>xen-tools -- delimiter injection vulnerabilities in pygrub</topic>
+ <affects>
+ <package>
+ <name>xen-tools</name>
+ <range><lt>4.7.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="https://xenbits.xen.org/xsa/advisory-198.html">
+ <p>pygrub, the boot loader emulator, fails to quote (or sanity check)
+ its results when reporting them to its caller.</p>
+ <p>A malicious guest administrator can obtain the contents of
+ sensitive host files (an information leak). Additionally, a
+ malicious guest administrator can cause files on the host to be
+ removed, causing a denial of service. In some unusual host
+ configurations, ability to remove certain files may be useable for
+ privilege escalation.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-9379</cvename>
+ <cvename>CVE-2016-9380</cvename>
+ <freebsdpr>ports/214936</freebsdpr>
+ <url>https://xenbits.xen.org/xsa/advisory-198.html</url>
+ </references>
+ <dates>
+ <discovery>2016-11-22</discovery>
+ <entry>2016-12-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="58685e23-ba4d-11e6-ae1b-002590263bf5">
+ <topic>xen-tools -- qemu incautious about shared ring processing</topic>
+ <affects>
+ <package>
+ <name>xen-tools</name>
+ <range><lt>4.7.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="https://xenbits.xen.org/xsa/advisory-197.html">
+ <p>The compiler can emit optimizations in qemu which can lead to
+ double fetch vulnerabilities. Specifically data on the rings shared
+ between qemu and the hypervisor (which the guest under control can
+ obtain mappings of) can be fetched twice (during which time the
+ guest can alter the contents) possibly leading to arbitrary code
+ execution in qemu.</p>
+ <p>Malicious administrators can exploit this vulnerability to take
+ over the qemu process, elevating its privilege to that of the qemu
+ process.</p>
+ <p>In a system not using a device model stub domain (or other
+ techniques for deprivileging qemu), malicious guest administrators
+ can thus elevate their privilege to that of the host.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-9381</cvename>
+ <freebsdpr>ports/214936</freebsdpr>
+ <url>https://xenbits.xen.org/xsa/advisory-197.html</url>
+ </references>
+ <dates>
+ <discovery>2016-11-22</discovery>
+ <entry>2016-12-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="56f0f11e-ba4d-11e6-ae1b-002590263bf5">
+ <topic>xen-kernel -- x86 64-bit bit test instruction emulation broken</topic>
+ <affects>
+ <package>
+ <name>xen-kernel</name>
+ <range><lt>4.7.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="https://xenbits.xen.org/xsa/advisory-195.html">
+ <p>The x86 instructions BT, BTC, BTR, and BTS, when used with a
+ destination memory operand and a source register rather than an
+ immediate operand, access a memory location offset from that
+ specified by the memory operand as specified by the high bits of
+ the register source.</p>
+ <p>A malicious guest can modify arbitrary memory, allowing for
+ arbitrary code execution (and therefore privilege escalation
+ affecting the whole host), a crash of the host (leading to a DoS),
+ or information leaks. The vulnerability is sometimes exploitable
+ by unprivileged guest user processes.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-9383</cvename>
+ <freebsdpr>ports/214936</freebsdpr>
+ <url>https://xenbits.xen.org/xsa/advisory-195.html</url>
+ </references>
+ <dates>
+ <discovery>2016-11-22</discovery>
+ <entry>2016-12-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="5555120d-ba4d-11e6-ae1b-002590263bf5">
+ <topic>xen-kernel -- guest 32-bit ELF symbol table load leaking host data</topic>
+ <affects>
+ <package>
+ <name>xen-kernel</name>
+ <range><ge>4.7</ge><lt>4.7.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="https://xenbits.xen.org/xsa/advisory-194.html">
+ <p>Along with their main kernel binary, unprivileged guests may
+ arrange to have their Xen environment load (kernel) symbol tables
+ for their use. The ELF image metadata created for this purpose has a
+ few unused bytes when the symbol table binary is in 32-bit ELF
+ format. These unused bytes were not properly cleared during symbol
+ table loading.</p>
+ <p>A malicious unprivileged guest may be able to obtain sensitive
+ information from the host.</p>
+ <p>The information leak is small and not under the control of the
+ guest, so effectively exploiting this vulnerability is probably
+ difficult.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-9384</cvename>
+ <freebsdpr>ports/214936</freebsdpr>
+ <url>https://xenbits.xen.org/xsa/advisory-194.html</url>
+ </references>
+ <dates>
+ <discovery>2016-11-22</discovery>
+ <entry>2016-12-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="53dbd096-ba4d-11e6-ae1b-002590263bf5">
+ <topic>xen-kernel -- x86 segment base write emulation lacking canonical address checks</topic>
+ <affects>
+ <package>
+ <name>xen-kernel</name>
+ <range><ge>4.4</ge><lt>4.7.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="https://xenbits.xen.org/xsa/advisory-193.html">
+ <p>Both writes to the FS and GS register base MSRs as well as the
+ WRFSBASE and WRGSBASE instructions require their input values to be
+ canonical, or a #GP fault will be raised. When the use of those
+ instructions by the hypervisor was enabled, the previous guard
+ against #GP faults (having recovery code attached) was accidentally
+ removed.</p>
+ <p>A malicious guest administrator can crash the host, leading to a
+ DoS.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-9385</cvename>
+ <freebsdpr>ports/214936</freebsdpr>
+ <url>https://xenbits.xen.org/xsa/advisory-193.html</url>
+ </references>
+ <dates>
+ <discovery>2016-11-22</discovery>
+ <entry>2016-12-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="523bb0b7-ba4d-11e6-ae1b-002590263bf5">
+ <topic>xen-kernel -- x86 task switch to VM86 mode mis-handled</topic>
+ <affects>
+ <package>
+ <name>xen-kernel</name>
+ <range><lt>4.7.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="https://xenbits.xen.org/xsa/advisory-192.html">
+ <p>LDTR, just like TR, is purely a protected mode facility. Hence even
+ when switching to a VM86 mode task, LDTR loading needs to follow
+ protected mode semantics. This was violated by the code.</p>
+ <p>On SVM (AMD hardware): a malicious unprivileged guest process can
+ escalate its privilege to that of the guest operating system.</p>
+ <p>On both SVM and VMX (Intel hardware): a malicious unprivileged
+ guest process can crash the guest.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-9382</cvename>
+ <freebsdpr>ports/214936</freebsdpr>
+ <url>https://xenbits.xen.org/xsa/advisory-192.html</url>
+ </references>
+ <dates>
+ <discovery>2016-11-22</discovery>
+ <entry>2016-12-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="50ac2e96-ba4d-11e6-ae1b-002590263bf5">
+ <topic>xen-kernel -- x86 null segments not always treated as unusable</topic>
+ <affects>
+ <package>
+ <name>xen-kernel</name>
+ <range><lt>4.7.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="https://xenbits.xen.org/xsa/advisory-191.html">
+ <p>The Xen x86 emulator erroneously failed to consider the unusability
+ of segments when performing memory accesses.</p>
+ <p> The intended behaviour is as follows: The user data segment (%ds,
+ %es, %fs and %gs) selectors may be NULL in 32-bit to prevent access.
+ In 64-bit, NULL has a special meaning for user segments, and there
+ is no way of preventing access. However, in both 32-bit and 64-bit,
+ a NULL LDT system segment is intended to prevent access.</p>
+ <p>On Intel hardware, loading a NULL selector zeros the base as well
+ as most attributes, but sets the limit field to its largest possible
+ value. On AMD hardware, loading a NULL selector zeros the attributes,
+ leaving the stale base and limit intact.</p>
+ <p>Xen may erroneously permit the access using unexpected base/limit
+ values.</p>
+ <p>Ability to exploit this vulnerability on Intel is easy, but on AMD
+ depends in a complicated way on how the guest kernel manages LDTs.
+ </p>
+ <p>An unprivileged guest user program may be able to elevate its
+ privilege to that of the guest operating system.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-9386</cvename>
+ <freebsdpr>ports/214936</freebsdpr>
+ <url>https://xenbits.xen.org/xsa/advisory-191.html</url>
+ </references>
+ <dates>
+ <discovery>2016-11-22</discovery>
+ <entry>2016-12-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="4d7cf654-ba4d-11e6-ae1b-002590263bf5">
+ <topic>xen-kernel -- CR0.TS and CR0.EM not always honored for x86 HVM guests</topic>
+ <affects>
+ <package>
+ <name>xen-kernel</name>
+ <range><lt>4.7.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="https://xenbits.xen.org/xsa/advisory-190.html">
+ <p>Instructions touching FPU, MMX, or XMM registers are required to
+ raise a Device Not Available Exception (#NM) when either CR0.EM or
+ CR0.TS are set. (Their AVX or AVX-512 extensions would consider only
+ CR0.TS.) While during normal operation this is ensured by the
+ hardware, if a guest modifies instructions while the hypervisor is
+ preparing to emulate them, the #NM delivery could be missed.</p>
+ <p>Guest code in one task may thus (unintentionally or maliciously)
+ read or modify register state belonging to another task in the same
+ VM.</p>
+ <p>A malicious unprivileged guest user may be able to obtain or
+ corrupt sensitive information (including cryptographic material) in
+ other programs in the same guest.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-7777</cvename>
+ <freebsdpr>ports/214936</freebsdpr>
+ <url>https://xenbits.xen.org/xsa/advisory-190.html</url>
+ </references>
+ <dates>
+ <discovery>2016-10-04</discovery>
+ <entry>2016-12-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="4bf57137-ba4d-11e6-ae1b-002590263bf5">
+ <topic>xen-kernel -- use after free in FIFO event channel code</topic>
+ <affects>
+ <package>
+ <name>xen-kernel</name>
+ <range><ge>4.4</ge><lt>4.5</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="https://xenbits.xen.org/xsa/advisory-188.html">
+ <p>When the EVTCHNOP_init_control operation is called with a bad guest
+ frame number, it takes an error path which frees a control structure
+ without also clearing the corresponding pointer. Certain subsequent
+ operations (EVTCHNOP_expand_array or another EVTCHNOP_init_control),
+ upon finding the non-NULL pointer, continue operation assuming it
+ points to allocated memory.</p>
+ <p>A malicious guest administrator can crash the host, leading to a
+ DoS. Arbitrary code execution (and therefore privilege escalation),
+ and information leaks, cannot be excluded.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-7154</cvename>
+ <freebsdpr>ports/214936</freebsdpr>
+ <url>https://xenbits.xen.org/xsa/advisory-188.html</url>
+ </references>
+ <dates>
+ <discovery>2016-09-08</discovery>
+ <entry>2016-12-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="4aae54be-ba4d-11e6-ae1b-002590263bf5">
+ <topic>xen-kernel -- x86 HVM: Overflow of sh_ctxt->seg_reg[]</topic>
+ <affects>
+ <package>
+ <name>xen-kernel</name>
+ <range><lt>4.7.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="https://xenbits.xen.org/xsa/advisory-187.html">
+ <p>x86 HVM guests running with shadow paging use a subset of the x86
+ emulator to handle the guest writing to its own pagetables. There
+ are situations a guest can provoke which result in exceeding the
+ space allocated for internal state.</p>
+ <p>A malicious HVM guest administrator can cause Xen to fail a bug
+ check, causing a denial of service to the host.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-7094</cvename>
+ <freebsdpr>ports/214936</freebsdpr>
+ <url>https://xenbits.xen.org/xsa/advisory-187.html</url>
+ </references>
+ <dates>
+ <discovery>2016-09-08</discovery>
+ <entry>2016-12-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="49211361-ba4d-11e6-ae1b-002590263bf5">
+ <topic>xen-kernel -- x86: Mishandling of instruction pointer truncation during emulation</topic>
+ <affects>
+ <package>
+ <name>xen-kernel</name>
+ <range><eq>4.5.3</eq></range>
+ <range><eq>4.6.3</eq></range>
+ <range><ge>4.7.0</ge><lt>4.7.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="https://xenbits.xen.org/xsa/advisory-186.html">
+ <p>When emulating HVM instructions, Xen uses a small i-cache for
+ fetches from guest memory. The code that handles cache misses does
+ not check if the address from which it fetched lies within the cache
+ before blindly writing to it. As such it is possible for the guest
+ to overwrite hypervisor memory.</p>
+ <p>It is currently believed that the only way to trigger this bug is
+ to use the way that Xen currently incorrectly wraps CS:IP in 16 bit
+ modes. The included patch prevents such wrapping.</p>
+ <p>A malicious HVM guest administrator can escalate their privilege to
+ that of the host.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-7093</cvename>
+ <freebsdpr>ports/214936</freebsdpr>
+ <url>https://xenbits.xen.org/xsa/advisory-186.html</url>
+ </references>
+ <dates>
+ <discovery>2016-09-08</discovery>
+ <entry>2016-12-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="45ca25b5-ba4d-11e6-ae1b-002590263bf5">
+ <topic>xen-kernel -- x86: Disallow L3 recursive pagetable for 32-bit PV guests</topic>
+ <affects>
+ <package>
+ <name>xen-kernel</name>
+ <range><lt>4.7.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Xen Project reports:</p>
+ <blockquote cite="https://xenbits.xen.org/xsa/advisory-185.html">
+ <p>On real hardware, a 32-bit PAE guest must leave the USER and RW bit
+ clear in L3 pagetable entries, but the pagetable walk behaves as if
+ they were set. (The L3 entries are cached in processor registers,
+ and don't actually form part of the pagewalk.)</p>
+ <p>When running a 32-bit PV guest on a 64-bit Xen, Xen must always OR
+ in the USER and RW bits for L3 updates for the guest to observe
+ architectural behaviour. This is unsafe in combination with
+ recursive pagetables.</p>
+ <p>As there is no way to construct an L3 recursive pagetable in native
+ 32-bit PAE mode, disallow this option in 32-bit PV guests.</p>
+ <p>A malicious 32-bit PV guest administrator can escalate their
+ privilege to that of the host.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-7092</cvename>
+ <freebsdpr>ports/214936</freebsdpr>
+ <url>https://xenbits.xen.org/xsa/advisory-185.html</url>
+ </references>
+ <dates>
+ <discovery>2016-09-08</discovery>
+ <entry>2016-12-04</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7fff2b16-b0ee-11e6-86b8-589cfc054129">
+ <topic>wireshark -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>tshark</name>
+ <range><lt>2.2.2</lt></range>
+ </package>
+ <package>
+ <name>tshark-lite</name>
+ <range><lt>2.2.2</lt></range>
+ </package>
+ <package>
+ <name>wireshark</name>
+ <range><lt>2.2.2</lt></range>
+ </package>
+ <package>
+ <name>wireshark-lite</name>
+ <range><lt>2.2.2</lt></range>
+ </package>
+ <package>
+ <name>wireshark-qt5</name>
+ <range><lt>2.2.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Wireshark project reports:</p>
+ <blockquote cite="://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html">
+ <p>Wireshark project is releasing Wireshark 2.2.2, which addresses:</p>
+ <ul>
+ <li>wnpa-sec-2016-58: Profinet I/O long loop - CVE-2016-9372</li>
+ <li>wnpa-sec-2016-59: AllJoyn crash - CVE-2016-9374</li>
+ <li>wnpa-sec-2016-60: OpenFlow crash - CVE-2016-9376</li>
+ <li>wnpa-sec-2016-61: DCERPC crash - CVE-2016-9373</li>
+ <li>wnpa-sec-2016-62: DTN infinite loop - CVE-2016-9375</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html</url>
+ <cvename>CVE-2016-9372</cvename>
+ <cvename>CVE-2016-9373</cvename>
+ <cvename>CVE-2016-9374</cvename>
+ <cvename>CVE-2016-9375</cvename>
+ <cvename>CVE-2016-9376</cvename>
+ </references>
+ <dates>
+ <discovery>2016-11-16</discovery>
+ <entry>2016-12-01</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="18f39fb6-7400-4063-acaf-0806e92c094f">
+ <topic>Mozilla -- SVG Animation Remote Code Execution</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>50.0.2,1</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>45.5.1,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>45.5.1,2</lt></range>
+ </package>
+ <package>
+ <name>seamonkey</name>
+ <range><lt>2.46</lt></range>
+ </package>
+ <package>
+ <name>linux-seamonkey</name>
+ <range><lt>2.46</lt></range>
+ </package>
+ <package>
+ <name>libxul</name>
+ <range><lt>45.5.1</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><lt>45.5.1</lt></range>
+ </package>
+ <package>
+ <name>linux-thunderbird</name>
+ <range><lt>45.5.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/">
+ <p>A use-after-free vulnerability in SVG Animation has been
+ discovered. An exploit built on this vulnerability has been
+ discovered in the wild targeting Firefox and Tor Browser
+ users on Windows.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-9079</cvename>
+ <url>https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/</url>
+ </references>
+ <dates>
+ <discovery>2016-11-30</discovery>
+ <entry>2016-12-01</entry>
+ <modified>2016-12-16</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="479c5b91-b6cc-11e6-a04e-3417eb99b9a0">
+ <topic>wget -- Access List Bypass / Race Condition</topic>
+ <affects>
+ <package>
+ <name>wget</name>
+ <range><le>1.17</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Dawid Golunski reports:</p>
+ <blockquote cite="https://legalhackers.com/advisories/Wget-Exploit-ACL-bypass-RaceCond-CVE-2016-7098.html">
+ <p>GNU wget in version 1.17 and earlier, when used in
+ mirroring/recursive mode, is affected by a Race Condition
+ vulnerability that might allow remote attackers to bypass intended
+ wget access list restrictions specified with -A parameter.
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7098</url>
+ <cvename>CVE-2016-7098</cvename>
+ </references>
+ <dates>
+ <discovery>2016-11-24</discovery>
+ <entry>2016-11-30</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="48e83187-b6e9-11e6-b6cf-5453ed2e2b49">
+ <topic>p7zip -- Null pointer dereference</topic>
+ <affects>
+ <package>
+ <name>p7zip</name>
+ <range><lt>15.14_2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>MITRE reports:</p>
+ <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9296">
+ <p>A null pointer dereference bug affects the 16.02 and many old
+ versions of p7zip. A lack of null pointer check for the variable
+ <code>folders.PackPositions</code> in function
+ <code>CInArchive::ReadAndDecodePackedStreams</code>, as used in
+ the 7z.so library and in 7z applications, will cause a crash and a
+ denial of service when decoding malformed 7z files.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-9296</cvename>
+ <url>https://sourceforge.net/p/p7zip/discussion/383043/thread/648d34db/</url>
+ <url>https://sourceforge.net/p/p7zip/bugs/185/</url>
+ <url>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9296</url>
+ </references>
+ <dates>
+ <discovery>2016-07-17</discovery>
+ <entry>2016-11-30</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="ac256985-b6a9-11e6-a3bf-206a8a720317">
+ <topic>subversion -- Unrestricted XML entity expansion in mod_dontdothat and Subversionclients using http(s)</topic>
+ <affects>
+ <package>
+ <name>subversion18</name>
+ <range><lt>1.8.17</lt></range>
+ </package>
+ <package>
+ <name>subversion</name>
+ <range><lt>1.9.5</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Apache Software Foundation reports:</p>
+ <blockquote cite="http://subversion.apache.org/security/CVE-2016-8734-advisory.txt">
+ <p>The mod_dontdothat module of subversion and subversion clients using
+ http(s):// are vulnerable to a denial-of-service attack, caused by
+ exponential XML entity expansion. The attack targets XML parsers
+ causing targeted process to consume excessive amounts of resources.
+ The attack is also known as the "billions of laughs attack."</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://subversion.apache.org/security/CVE-2016-8734-advisory.txt</url>
+ <cvename>CVE-2016-8734</cvename>
+ </references>
+ <dates>
+ <discovery>2016-11-29</discovery>
+ <entry>2016-11-29</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="18449f92-ab39-11e6-8011-005056925db4">
+ <topic>libwww -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>libwww</name>
+ <range><lt>5.4.0_6</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mitre reports:</p>
+ <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3183">
+ <p>The HTBoundary_put_block function in HTBound.c for W3C libwww
+ (w3c-libwww) allows remote servers to cause a denial of service
+ (segmentation fault) via a crafted multipart/byteranges MIME message
+ that triggers an out-of-bounds read.</p>
+ </blockquote>
+ <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560">
+ <p>The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1,
+ as used in the XML-Twig module for Perl, allows context-dependent
+ attackers to cause a denial of service (application crash) via an XML
+ document with malformed UTF-8 sequences that trigger a buffer
+ over-read, related to the doProlog function in lib/xmlparse.c, a
+ different vulnerability than CVE-2009-2625 and CVE-2009-3720.</p>
+ </blockquote>
+ <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720">
+ <p>The updatePosition function in lib/xmltok_impl.c in libexpat in
+ Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other
+ software, allows context-dependent attackers to cause a denial of
+ service (application crash) via an XML document with crafted UTF-8
+ sequences that trigger a buffer over-read, a different vulnerability
+ than CVE-2009-2625.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <bid>15035</bid>
+ <cvename>CVE-2005-3183</cvename>
+ <cvename>CVE-2009-3560</cvename>
+ <cvename>CVE-2009-3720</cvename>
+ <freebsdpr>ports/214546</freebsdpr>
+ <url>https://bugzilla.redhat.com/show_bug.cgi?id=170518</url>
+ </references>
+ <dates>
+ <discovery>2005-10-12</discovery>
+ <entry>2016-11-29</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f90fce70-ecfa-4f4d-9ee8-c476dbf4bf0e">
+ <topic>mozilla -- data: URL can inherit wrong origin after an HTTP redirect</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>50.0.1,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-91/">
+ <p>Redirection from an HTTP connection to a data: URL
+ assigns the referring site's origin to the data: URL in some
+ circumstances. This can result in same-origin violations
+ against a domain if it loads resources from malicious
+ sites. Cross-origin setting of cookies has been demonstrated
+ without the ability to read them.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-9078</cvename>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-91/</url>
+ </references>
+ <dates>
+ <discovery>2016-11-28</discovery>
+ <entry>2016-11-29</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="125f5958-b611-11e6-a9a5-b499baebfeaf">
+ <topic>Roundcube -- arbitrary command execution</topic>
+ <affects>
+ <package>
+ <name>roundcube</name>
+ <range><lt>1.2.3,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Roundcube project reports</p>
+ <blockquote cite="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-9920">
+ <p>steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before
+ 1.2.3, when no SMTP server is configured and the sendmail program is
+ enabled, does not properly restrict the use of custom envelope-from
+ addresses on the sendmail command line, which allows remote
+ authenticated users to execute arbitrary code via a modified HTTP
+ request that sends a crafted e-mail message.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-9920</cvename>
+ <bid>94858</bid>
+ <url>http://www.openwall.com/lists/oss-security/2016/12/08/17</url>
+ <url>https://github.com/roundcube/roundcubemail/wiki/Changelog#release-123</url>
+ </references>
+ <dates>
+ <discovery>2016-11-29</discovery>
+ <entry>2016-11-29</entry>
+ <modified>2016-12-14</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="8db24888-b2f5-11e6-8153-00248c0c745d">
+ <topic>Drupal Code -- Multiple Vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>drupal7</name>
+ <range><ge>7.0</ge><lt>7.52</lt></range>
+ </package>
+ <package>
+ <name>drupal8</name>
+ <range><ge>8.0.0</ge><lt>8.2.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Drupal development team reports:</p>
+ <blockquote cite="https://www.drupal.org/SA-CORE-2016-005">
+ <h3>Inconsistent name for term access query (Less critical - Drupal
+ 7 and Drupal 8)</h3>
+ <p>Drupal provides a mechanism to alter database SELECT queries before
+ they are executed. Contributed and custom modules may use this
+ mechanism to restrict access to certain entities by implementing
+ hook_query_alter() or hook_query_TAG_alter() in order to add
+ additional conditions. Queries can be distinguished by means of
+ query tags. As the documentation on EntityFieldQuery::addTag()
+ suggests, access-tags on entity queries normally follow the form
+ ENTITY_TYPE_access (e.g. node_access). However, the taxonomy
+ module's access query tag predated this system and used term_access
+ as the query tag instead of taxonomy_term_access.</p>
+ <p>As a result, before this security release modules wishing to
+ restrict access to taxonomy terms may have implemented an
+ unsupported tag, or needed to look for both tags (term_access and
+ taxonomy_term_access) in order to be compatible with queries
+ generated both by Drupal core as well as those generated by
+ contributed modules like Entity Reference. Otherwise information
+ on taxonomy terms might have been disclosed to unprivileged users.
+ </p>
+ <h3>Incorrect cache context on password reset page (Less critical -
+ Drupal 8)</h3>
+ <p>The user password reset form does not specify a proper cache
+ context, which can lead to cache poisoning and unwanted content on
+ the page.</p>
+ <h3>Confirmation forms allow external URLs to be injected (Moderately
+ critical - Drupal 7)</h3>
+ <p>Under certain circumstances, malicious users could construct a URL
+ to a confirmation form that would trick users into being redirected
+ to a 3rd party website after interacting with the form, thereby
+ exposing the users to potential social engineering attacks.</p>
+ <h3>Denial of service via transliterate mechanism (Moderately critical
+ - Drupal 8)</h3>
+ <p>A specially crafted URL can cause a denial of service via the
+ transliterate mechanism.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-9449</cvename>
+ <cvename>CVE-2016-9450</cvename>
+ <cvename>CVE-2016-9451</cvename>
+ <cvename>CVE-2016-9452</cvename>
+ </references>
+ <dates>
+ <discovery>2016-11-16</discovery>
+ <entry>2016-11-25</entry>
+ <modified>2016-11-27</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="6fe72178-b2e3-11e6-8b2a-6805ca0b3d42">
+ <topic>phpMyAdmin -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>phpMyAdmin</name>
+ <range><ge>4.6.0</ge><lt>4.6.5</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The phpMYAdmin development team reports:</p>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-57/">
+ <h3>Summary</h3>
+ <p>Open redirection</p>
+ <h3>Description</h3>
+ <p>A vulnerability was discovered where a user can be
+ tricked in to following a link leading to phpMyAdmin,
+ which after authentication redirects to another
+ malicious site.</p>
+ <p>The attacker must sniff the user's valid phpMyAdmin
+ token.</p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be of moderate
+ severity.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-58/">
+ <h3>Summary</h3>
+ <p>Unsafe generation of blowfish secret</p>
+ <h3>Description</h3>
+ <p>When the user does not specify a blowfish_secret key
+ for encrypting cookies, phpMyAdmin generates one at
+ runtime. A vulnerability was reported where the way this
+ value is created using a weak algorithm.</p>
+ <p>This could allow an attacker to determine the user's
+ blowfish_secret and potentially decrypt their
+ cookies.</p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be of moderate
+ severity.</p>
+ <h3>Mitigation factor</h3>
+ <p>This vulnerability only affects cookie
+ authentication and only when a user has not
+ defined a $cfg['blowfish_secret'] in
+ their config.inc.php</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-59/">
+ <h3>Summary</h3>
+ <p>phpinfo information leak value of sensitive
+ (HttpOnly) cookies</p>
+ <h3>Description</h3>
+ <p>phpinfo (phpinfo.php) shows PHP information
+ including values of HttpOnly cookies.</p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be
+ non-critical.</p>
+ <h3>Mitigation factor</h3>
+ <p>phpinfo in disabled by default and needs
+ to be enabled explicitly.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-60/">
+ <h3>Summary</h3>
+ <p>Username deny rules bypass (AllowRoot & Others)
+ by using Null Byte</p>
+ <h3>Description</h3>
+ <p>It is possible to bypass AllowRoot restriction
+ ($cfg['Servers'][$i]['AllowRoot']) and deny rules
+ for username by using Null Byte in the username.</p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be
+ severe.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-61/">
+ <h3>Summary</h3>
+ <p>Username rule matching issues</p>
+ <h3>Description</h3>
+ <p>A vulnerability in username matching for the
+ allow/deny rules may result in wrong matches and
+ detection of the username in the rule due to
+ non-constant execution time.</p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be severe.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-62/">
+ <h3>Summary</h3>
+ <p>Bypass logout timeout</p>
+ <h3>Description</h3>
+ <p>With a crafted request parameter value it is possible
+ to bypass the logout timeout.</p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be of moderate
+ severity.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-63/">
+ <h3>Summary</h3>
+ <p>Multiple full path disclosure vulnerabilities</p>
+ <h3>Description</h3>
+ <p>By calling some scripts that are part of phpMyAdmin in an
+ unexpected way, it is possible to trigger phpMyAdmin to
+ display a PHP error message which contains the full path of
+ the directory where phpMyAdmin is installed. During an
+ execution timeout in the export functionality, the errors
+ containing the full path of the directory of phpMyAdmin is
+ written to the export file.</p>
+ <h3>Severity</h3>
+ <p>We consider these vulnerability to be
+ non-critical.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-64/">
+ <h3>Summary</h3>
+ <p>Multiple XSS vulnerabilities</p>
+ <h3>Description</h3>
+ <p>Several XSS vulnerabilities have been reported, including
+ an improper fix for <a href="https://www.phpmyadmin.net/security/PMASA-2016-10/">PMASA-2016-10</a> and a weakness in a regular expression
+ using in some JavaScript processing.</p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be
+ non-critical.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-65/">
+ <h3>Summary</h3>
+ <p>Multiple DOS vulnerabilities</p>
+ <h3>Description</h3>
+ <p>With a crafted request parameter value it is possible
+ to initiate a denial of service attack in saved searches
+ feature.</p>
+ <p>With a crafted request parameter value it is possible
+ to initiate a denial of service attack in import
+ feature.</p>
+ <p>An unauthenticated user can execute a denial of
+ service attack when phpMyAdmin is running with
+ <code>$cfg['AllowArbitraryServer']=true;</code>.</p>
+ <h3>Severity</h3>
+ <p>We consider these vulnerabilities to be of
+ moderate severity.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-66/">
+ <h3>Summary</h3>
+ <p>Bypass white-list protection for URL redirection</p>
+ <h3>Description</h3>
+ <p>Due to the limitation in URL matching, it was
+ possible to bypass the URL white-list protection.</p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be of moderate
+ severity.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-67/">
+ <h3>Summary</h3>
+ <p>BBCode injection vulnerability</p>
+ <h3>Description</h3>
+ <p>With a crafted login request it is possible to inject
+ BBCode in the login page.</p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be severe.</p>
+ <h3>Mitigation factor</h3>
+ <p>This exploit requires phpMyAdmin to be configured
+ with the "cookie" auth_type; other
+ authentication methods are not affected.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-68/">
+ <h3>Summary</h3>
+ <p>DOS vulnerability in table partitioning</p>
+ <h3>Description</h3>
+ <p>With a very large request to table partitioning
+ function, it is possible to invoke a Denial of Service
+ (DOS) attack.</p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be of moderate
+ severity.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-69/">
+ <h3>Summary</h3>
+ <p>Multiple SQL injection vulnerabilities</p>
+ <h3>Description</h3>
+ <p>With a crafted username or a table name, it was possible
+ to inject SQL statements in the tracking functionality that
+ would run with the privileges of the control user. This
+ gives read and write access to the tables of the
+ configuration storage database, and if the control user has
+ the necessary privileges, read access to some tables of the
+ mysql database.</p>
+ <h3>Severity</h3>
+ <p>We consider these vulnerabilities to be serious.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-70/">
+ <h3>Summary</h3>
+ <p>Incorrect serialized string parsing</p>
+ <h3>Description</h3>
+ <p>Due to a bug in serialized string parsing, it was
+ possible to bypass the protection offered by
+ PMA_safeUnserialize() function.</p>
+ <h3>Severity</h3>
+ <p>We consider this vulnerability to be severe.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-71/">
+ <h3>Summary</h3>
+ <p>CSRF token not stripped from the URL</p>
+ <h3>Description</h3>
+ <p>When the <code>arg_separator</code> is different from its
+ default value of <code>&</code>, the token was not
+ properly stripped from the return URL of the preference
+ import action.</p>
+ <h3>Severity</h3>
+ <p>We have not yet determined a severity for this issue.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-57/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-58/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-59/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-60/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-61/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-62/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-63/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-64/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-65/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-66/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-67/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-68/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-69/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-70/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-71/</url>
+ <cvename>CVE-2016-6632</cvename>
+ <cvename>CVE-2016-6633</cvename>
+ <cvename>CVE-2016-4412</cvename>
+ </references>
+ <dates>
+ <discovery>2016-11-25</discovery>
+ <entry>2016-11-25</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="dc596a17-7a9e-11e6-b034-f0def167eeea">
+ <topic>Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662</topic>
+ <affects>
+ <package>
+ <name>mysql57-client</name>
+ <name>mysql57-server</name>
+ <range><lt>5.7.15</lt></range>
+ </package>
+ <package>
+ <name>mysql56-client</name>
+ <name>mysql56-server</name>
+ <range><lt>5.6.33</lt></range>
+ </package>
+ <package>
+ <name>mysql55-client</name>
+ <name>mysql55-server</name>
+ <range><lt>5.5.52</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>LegalHackers' reports:</p>
+ <blockquote cite="http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html">
+ <p>RCE Bugs discovered in MySQL and its variants like MariaDB.
+ It works by manupulating my.cnf files and using --malloc-lib.
+ The bug seems fixed in MySQL5.7.15 by Oracle</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html</url>
+ <url>https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html</url>
+ </references>
+ <dates>
+ <discovery>2016-09-12</discovery>
+ <entry>2016-11-24</entry>
+ <modified>2016-11-24</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="8db8d62a-b08b-11e6-8eba-d050996490d0">
+ <topic>ntp -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>ntp</name>
+ <range><lt>4.2.8p9</lt></range>
+ </package>
+ <package>
+ <name>ntp-devel</name>
+ <range><gt>0</gt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Network Time Foundation reports:</p>
+ <blockquote cite="http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se">
+ <p>NTF's NTP Project is releasing ntp-4.2.8p9, which addresses:</p>
+ <ul>
+ <li>1 HIGH severity vulnerability that only affects Windows</li>
+ <li>2 MEDIUM severity vulnerabilities</li>
+ <li>2 MEDIUM/LOW severity vulnerabilities</li>
+ <li>5 LOW severity vulnerabilities</li>
+ <li>28 other non-security fixes and improvements</li>
+ </ul>
+ <p>All of the security issues in this release are listed in
+ <a href="http://www.kb.cert.org/vuls/id/633847">VU#633847</a>.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-7426</cvename>
+ <cvename>CVE-2016-7427</cvename>
+ <cvename>CVE-2016-7428</cvename>
+ <cvename>CVE-2016-7429</cvename>
+ <cvename>CVE-2016-7431</cvename>
+ <cvename>CVE-2016-7433</cvename>
+ <cvename>CVE-2016-7434</cvename>
+ <cvename>CVE-2016-9310</cvename>
+ <cvename>CVE-2016-9311</cvename>
+ <cvename>CVE-2016-9312</cvename>
+ <url>http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se</url>
+ <url>http://www.kb.cert.org/vuls/id/633847</url>
+ </references>
+ <dates>
+ <discovery>2016-11-21</discovery>
+ <entry>2016-11-22</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="81fc7705-b002-11e6-b20a-14dae9d5a9d2">
+ <topic>teeworlds -- Remote code execution</topic>
+ <affects>
+ <package>
+ <name>teeworlds</name>
+ <range><lt>0.6.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Teeworlds project reports:</p>
+ <blockquote cite="https://www.teeworlds.com/?page=news&id=12086">
+ <p>Attacker controlled memory-writes and possibly arbitrary code
+ execution on the client, abusable by any server the client joins</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.teeworlds.com/?page=news&id=12086</url>
+ </references>
+ <dates>
+ <discovery>2016-11-13</discovery>
+ <entry>2016-11-21</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="27eee66d-9474-44a5-b830-21ec12a1c307">
+ <topic>jenkins -- Remote code execution vulnerability in remoting module</topic>
+ <affects>
+ <package>
+ <name>jenkins</name>
+ <range><le>2.31</le></range>
+ </package>
+ <package>
+ <name>jenkins-lts</name>
+ <range><le>2.19.2</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jenkins Security Advisory:</p>
+ <blockquote cite="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-11-16">
+ <p>An unauthenticated remote code execution vulnerability allowed
+ attackers to transfer a serialized Java object to the Jenkins CLI,
+ making Jenkins connect to an attacker-controlled LDAP server, which
+ in turn can send a serialized payload leading to code execution,
+ bypassing existing protection mechanisms.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-9299</cvename>
+ <url>https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-11-16</url>
+ </references>
+ <dates>
+ <discovery>2016-11-11</discovery>
+ <entry>2016-11-16</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f6565fbf-ab9e-11e6-ae1b-002590263bf5">
+ <topic>moodle -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>moodle29</name>
+ <range><lt>2.9.9</lt></range>
+ </package>
+ <package>
+ <name>moodle30</name>
+ <range><lt>3.0.7</lt></range>
+ </package>
+ <package>
+ <name>moodle31</name>
+ <range><lt>3.1.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Marina Glancy reports:</p>
+ <blockquote cite="https://moodle.org/security/">
+ <ul>
+ <li><p>MSA-16-0023: Question engine allows access to files that
+ should not be available</p></li>
+ <li><p>MSA-16-0024: Non-admin site managers may accidentally edit
+ admins via web services</p></li>
+ <li><p>MSA-16-0025: Capability to view course notes is checked in
+ the wrong context</p></li>
+ <li><p>MSA-16-0026: When debugging is enabled, error exceptions
+ returned from webservices could contain private data</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-8642</cvename>
+ <cvename>CVE-2016-8643</cvename>
+ <cvename>CVE-2016-8644</cvename>
+ <url>https://moodle.org/security/</url>
+ </references>
+ <dates>
+ <discovery>2016-11-14</discovery>
+ <entry>2016-11-16</entry>
+ <modified>2016-11-27</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="ab02f981-ab9e-11e6-ae1b-002590263bf5">
+ <topic>moodle -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>moodle29</name>
+ <range><lt>2.9.8</lt></range>
+ </package>
+ <package>
+ <name>moodle30</name>
+ <range><lt>3.0.6</lt></range>
+ </package>
+ <package>
+ <name>moodle31</name>
+ <range><lt>3.1.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Marina Glancy reports:</p>
+ <blockquote cite="https://moodle.org/security/">
+ <ul>
+ <li><p>MSA-16-0022: Web service tokens should be invalidated when
+ the user password is changed or forced to be changed.</p></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-7038</cvename>
+ <url>https://moodle.org/security/</url>
+ </references>
+ <dates>
+ <discovery>2016-09-12</discovery>
+ <entry>2016-11-16</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="d1853110-07f4-4645-895b-6fd462ad0589">
+ <topic>mozilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>50.0_1,1</lt></range>
+ </package>
+ <package>
+ <name>seamonkey</name>
+ <name>linux-seamonkey</name>
+ <range><lt>2.47</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>45.5.0,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>45.5.0,2</lt></range>
+ </package>
+ <package>
+ <name>libxul</name>
+ <name>thunderbird</name>
+ <name>linux-thunderbird</name>
+ <range><lt>45.5.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/">
+ <p>CVE-2016-5289: Memory safety bugs fixed in Firefox 50</p>
+ <p>CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5</p>
+ <p>CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file</p>
+ <p>CVE-2016-5292: URL parsing causes crash</p>
+ <p>CVE-2016-5293: Write to arbitrary file with updater and moz maintenance service using updater.log h</p>
+ <p>CVE-2016-5294: Arbitrary target directory for result files of update process</p>
+ <p>CVE-2016-5295: Mozilla Maintenance Service: Ability to read arbitrary files as SYSTEM</p>
+ <p>CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1</p>
+ <p>CVE-2016-5297: Incorrect argument length checking in Javascript</p>
+ <p>CVE-2016-5298: SSL indicator can mislead the user about the real URL visited</p>
+ <p>CVE-2016-5299: Firefox AuthToken in broadcast protected with signature-level permission can be accessed by an app</p>
+ <p>CVE-2016-9061: API Key (glocation) in broadcast protected with signature-level permission can be accessed by an a</p>
+ <p>CVE-2016-9062: Private browsing browser traces (android) in browser.db and wal file</p>
+ <p>CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in expat</p>
+ <p>CVE-2016-9064: Addons update must verify IDs match between current and new versions</p>
+ <p>CVE-2016-9065: Firefox for Android location bar spoofing using fullscreen</p>
+ <p>CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler</p>
+ <p>CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore</p>
+ <p>CVE-2016-9068: heap-use-after-free in nsRefreshDriver</p>
+ <p>CVE-2016-9070: Sidebar bookmark can have reference to chrome window</p>
+ <p>CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP</p>
+ <p>CVE-2016-9072: 64-bit NPAPI sandbox isn't enabled on fresh profile</p>
+ <p>CVE-2016-9073: windows.create schema doesn't specify "format": "relativeUrl"</p>
+ <p>CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler</p>
+ <p>CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges</p>
+ <p>CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s</p>
+ <p>CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing atta</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-5289</cvename>
+ <cvename>CVE-2016-5290</cvename>
+ <cvename>CVE-2016-5291</cvename>
+ <cvename>CVE-2016-5292</cvename>
+ <cvename>CVE-2016-5293</cvename>
+ <cvename>CVE-2016-5294</cvename>
+ <cvename>CVE-2016-5295</cvename>
+ <cvename>CVE-2016-5296</cvename>
+ <cvename>CVE-2016-5297</cvename>
+ <cvename>CVE-2016-5298</cvename>
+ <cvename>CVE-2016-5299</cvename>
+ <cvename>CVE-2016-9061</cvename>
+ <cvename>CVE-2016-9062</cvename>
+ <cvename>CVE-2016-9063</cvename>
+ <cvename>CVE-2016-9064</cvename>
+ <cvename>CVE-2016-9065</cvename>
+ <cvename>CVE-2016-9066</cvename>
+ <cvename>CVE-2016-9067</cvename>
+ <cvename>CVE-2016-9068</cvename>
+ <cvename>CVE-2016-9070</cvename>
+ <cvename>CVE-2016-9071</cvename>
+ <cvename>CVE-2016-9072</cvename>
+ <cvename>CVE-2016-9073</cvename>
+ <cvename>CVE-2016-9074</cvename>
+ <cvename>CVE-2016-9075</cvename>
+ <cvename>CVE-2016-9076</cvename>
+ <cvename>CVE-2016-9077</cvename>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-89/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2016-90/</url>
+ </references>
+ <dates>
+ <discovery>2016-11-15</discovery>
+ <entry>2016-11-16</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a8e9d834-a916-11e6-b9b4-bcaec524bf84">
+ <topic>lives -- insecure files permissions</topic>
+ <affects>
+ <package>
+ <name>lives</name>
+ <range><lt>2.8.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Debian reports:</p>
+ <blockquote cite="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756565">
+ <p>smogrify script creates insecure temporary files.</p>
+ </blockquote>
+ <blockquote cite="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798043">
+ <p>lives creates and uses world-writable directory.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756565</url>
+ <url>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798043</url>
+ </references>
+ <dates>
+ <discovery>2016-07-30</discovery>
+ <entry>2016-11-12</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="50751310-a763-11e6-a881-b499baebfeaf">
+ <topic>openssl -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>openssl-devel</name>
+ <range><lt>1.1.0c</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>OpenSSL reports:</p>
+ <blockquote cite="https://www.openssl.org/news/secadv/20161110.txt">
+ <ul>
+ <li>ChaCha20/Poly1305 heap-buffer-overflow (CVE-2016-7054)<br/>
+ Severity: High<br/>
+ TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS
+ attack by corrupting larger payloads. This can result in an OpenSSL crash. This
+ issue is not considered to be exploitable beyond a DoS.</li>
+ <li>CMS Null dereference (CVE-2016-7053)<br/>
+ Severity: Medium<br/>
+ Applications parsing invalid CMS structures can crash with a NULL pointer
+ dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type
+ in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure
+ callback if an attempt is made to free certain invalid encodings. Only CHOICE
+ structures using a callback which do not handle NULL value are affected.</li>
+ <li>Montgomery multiplication may produce incorrect results (CVE-2016-7055)i<br/>
+ Severity: Low<br/>
+ There is a carry propagating bug in the Broadwell-specific Montgomery
+ multiplication procedure that handles input lengths divisible by, but
+ longer than 256 bits.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.openssl.org/news/secadv/20161110.txt</url>
+ <cvename>CVE-2016-7054</cvename>
+ <cvename>CVE-2016-7053</cvename>
+ <cvename>CVE-2016-7055</cvename>
+ </references>
+ <dates>
+ <discovery>2016-11-10</discovery>
+ <entry>2016-11-10</entry>
+ <modified>2016-11-11</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="a3473f5a-a739-11e6-afaa-e8e0b747a45a">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <name>chromium-npapi</name>
+ <name>chromium-pulse</name>
+ <range><lt>54.0.2840.100</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="https://googlechromereleases.blogspot.nl/2016/11/stable-channel-update-for-desktop_9.html">
+ <p>4 security fixes in this release, including:</p>
+ <ul>
+ <li>[643948] High CVE-2016-5199: Heap corruption in FFmpeg. Credit to
+ Paul Mehta</li>
+ <li>[658114] High CVE-2016-5200: Out of bounds memory access in V8. Credit to
+ Choongwoo Han</li>
+ <li>[660678] Medium CVE-2016-5201: Info leak in extensions. Credit to
+ Rob Wu</li>
+ <li>[662843] CVE-2016-5202: Various fixes from internal audits,
+ fuzzing and other initiatives</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-5199</cvename>
+ <cvename>CVE-2016-5200</cvename>
+ <cvename>CVE-2016-5201</cvename>
+ <cvename>CVE-2016-5202</cvename>
+ <url>https://googlechromereleases.blogspot.nl/2016/11/stable-channel-update-for-desktop_9.html</url>
+ </references>
+ <dates>
+ <discovery>2016-11-9</discovery>
+ <entry>2016-11-10</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="96f6bf10-a731-11e6-95ca-0011d823eebd">
+ <topic>flash -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>linux-c6-flashplugin</name>
+ <name>linux-c7-flashplugin</name>
+ <name>linux-f10-flashplugin</name>
+ <range><lt>11.2r202.644</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Adobe reports:</p>
+ <blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb16-37.html">
+ <ul>
+ <li>These updates resolve type confusion vulnerabilities that
+ could lead to code execution (CVE-2016-7860, CVE-2016-7861,
+ CVE-2016-7865).</li>
+ <li>These updates resolve use-after-free vulnerabilities that
+ could lead to code execution (CVE-2016-7857, CVE-2016-7858,
+ CVE-2016-7859, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864).</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://helpx.adobe.com/security/products/flash-player/apsb16-37.html</url>
+ <cvename>CVE-2016-7857</cvename>
+ <cvename>CVE-2016-7858</cvename>
+ <cvename>CVE-2016-7859</cvename>
+ <cvename>CVE-2016-7860</cvename>
+ <cvename>CVE-2016-7861</cvename>
+ <cvename>CVE-2016-7862</cvename>
+ <cvename>CVE-2016-7863</cvename>
+ <cvename>CVE-2016-7864</cvename>
+ <cvename>CVE-2016-7865</cvename>
+ </references>
+ <dates>
+ <discovery>2016-11-08</discovery>
+ <entry>2016-11-10</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="10968dfd-a687-11e6-b2d3-60a44ce6887b">
+ <topic>gitlab -- Directory traversal via "import/export" feature</topic>
+ <affects>
+ <package>
+ <name>rubygem-gitlab</name>
+ <range><ge>8.10.0</ge><le>8.10.12</le></range>
+ <range><ge>8.11.0</ge><le>8.11.9</le></range>
+ <range><ge>8.12.0</ge><le>8.12.7</le></range>
+ <range><ge>8.13.0</ge><le>8.13.2</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>GitLab reports:</p>
+ <blockquote cite="https://about.gitlab.com/2016/11/02/cve-2016-9086-patches/">
+ <p>The import/export feature did not properly check for symbolic links
+ in user-provided archives and therefore it was possible for an
+ authenticated user to retrieve the contents of any file
+ accessible to the GitLab service account. This included
+ sensitive files such as those that contain secret tokens used
+ by the GitLab service to authenticate users.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://about.gitlab.com/2016/11/02/cve-2016-9086-patches/</url>
+ <cvename>CVE-2016-9086</cvename>
+ <freebsdpr>ports/214360</freebsdpr>
+ </references>
+ <dates>
+ <discovery>2016-11-02</discovery>
+ <entry>2016-11-09</entry>
+ </dates>
+ </vuln>
+
<vuln vid="ae9cb9b8-a203-11e6-a265-3065ec8fd3ec">
<topic>chromium -- out-of-bounds memory access</topic>
<affects>
@@ -106,6 +6652,14 @@
<name>openssl-devel</name>
<range><lt>1.1.0a</lt></range>
</package>
+ <package>
+ <name>linux-c6-openssl</name>
+ <range><lt>1.0.1e_13</lt></range>
+ </package>
+ <package>
+ <name>linux-c7-openssl-libs</name>
+ <range><lt>1.0.1e_3</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -129,6 +6683,7 @@
<dates>
<discovery>2016-11-02</discovery>
<entry>2016-11-02</entry>
+ <modified>2017-02-22</modified>
</dates>
</vuln>
@@ -2967,6 +9522,14 @@
<name>libgcrypt</name>
<range><lt>1.7.3</lt></range>
</package>
+ <package>
+ <name>linux-c6-libgcrypt</name>
+ <range><lt>1.4.5_4</lt></range>
+ </package>
+ <package>
+ <name>linux-c7-libgcrypt</name>
+ <range><lt>1.5.3_1</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -2986,7 +9549,7 @@
<dates>
<discovery>2016-08-17</discovery>
<entry>2016-08-18</entry>
- <modified>2016-08-18</modified>
+ <modified>2016-11-30</modified>
</dates>
</vuln>
@@ -6641,7 +13204,7 @@
<topic>Apache Commons FileUpload -- denial of service</topic>
<affects>
<package>
- <name>tomcat6</name>
+ <name>tomcat</name>
<range><ge>0</ge></range>
</package>
<package>
@@ -6675,7 +13238,7 @@
<dates>
<discovery>2016-06-21</discovery>
<entry>2016-07-15</entry>
- <modified>2016-07-15</modified>
+ <modified>2017-03-18</modified>
</dates>
</vuln>
@@ -7711,7 +14274,7 @@
<topic>expat2 -- denial of service</topic>
<affects>
<package>
- <name>expat2</name>
+ <name>expat</name>
<range><lt>2.1.1_2</lt></range>
</package>
</affects>
@@ -7733,6 +14296,7 @@
<dates>
<discovery>2016-06-09</discovery>
<entry>2016-06-30</entry>
+ <modified>2016-11-30</modified>
</dates>
</vuln>
@@ -8644,10 +15208,6 @@
<range><lt>1.0.2_13</lt></range>
</package>
<package>
- <name>openssl-devel</name>
- <range><ge>0</ge></range>
- </package>
- <package>
<name>libressl</name>
<range><lt>2.2.9</lt></range>
<range><ge>2.3.0</ge><lt>2.3.6</lt></range>
@@ -8677,7 +15237,7 @@
<dates>
<discovery>2016-06-09</discovery>
<entry>2016-06-09</entry>
- <modified>2016-06-19</modified>
+ <modified>2016-12-20</modified>
</dates>
</vuln>
@@ -8688,11 +15248,6 @@
<name>expat</name>
<range><lt>2.1.1_1</lt></range>
</package>
- <package>
- <name>linux-c6-expat</name>
- <name>linux-f10-expat</name>
- <range><ge>0</ge></range>
- </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -8716,6 +15271,7 @@
<dates>
<discovery>2016-03-18</discovery>
<entry>2016-06-09</entry>
+ <modified>2016-11-06</modified>
</dates>
</vuln>
@@ -8785,8 +15341,12 @@
<affects>
<package>
<name>nss</name>
+ <range><lt>3.23</lt></range>
+ </package>
+ <package>
<name>linux-c6-nss</name>
- <range><ge>3.22</ge><lt>3.23</lt></range>
+ <name>linux-c7-nss</name>
+ <range><lt>3.21.3</lt></range>
</package>
<package>
<name>linux-seamonkey</name>
@@ -8815,7 +15375,7 @@
<dates>
<discovery>2016-06-07</discovery>
<entry>2016-06-07</entry>
- <modified>2016-06-10</modified>
+ <modified>2016-11-23</modified>
</dates>
</vuln>
@@ -9581,11 +16141,11 @@
</package>
<package>
<name>linux-c6-expat</name>
- <range><lt>2.1.1</lt></range>
+ <range><lt>2.0.1_3</lt></range>
</package>
<package>
- <name>linux-f10-expat</name>
- <range><lt>2.1.1</lt></range>
+ <name>linux-c7-expat</name>
+ <range><lt>2.1.0_1</lt></range>
</package>
</affects>
<description>
@@ -9609,7 +16169,7 @@
<dates>
<discovery>2016-05-17</discovery>
<entry>2016-05-20</entry>
- <modified>2016-06-05</modified>
+ <modified>2016-11-30</modified>
</dates>
</vuln>
@@ -13545,7 +20105,7 @@
<topic>tomcat -- multiple vulnerabilities</topic>
<affects>
<package>
- <name>tomcat6</name>
+ <name>tomcat</name>
<range><lt>6.0.45</lt></range>
</package>
<package>
@@ -13581,7 +20141,7 @@
<dates>
<discovery>2016-02-22</discovery>
<entry>2016-02-28</entry>
- <modified>2016-02-28</modified>
+ <modified>2017-03-18</modified>
</dates>
</vuln>
@@ -16011,15 +22571,6 @@
<name>curl</name>
<range><ge>7.10.0</ge><lt>7.47.0</lt></range>
</package>
- <package>
- <name>linux-c6-curl</name>
- <name>linux-c6_64-curl</name>
- <range><ge>7.10.0</ge></range>
- </package>
- <package>
- <name>linux-f10-curl</name>
- <range><ge>0</ge></range>
- </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -16039,7 +22590,7 @@
<dates>
<discovery>2016-01-27</discovery>
<entry>2016-01-27</entry>
- <modified>2016-02-02</modified>
+ <modified>2017-02-06</modified>
</dates>
</vuln>
@@ -19315,13 +25866,28 @@
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Joomla! reports:</p>
- <blockquote cite="https://www.joomla.org/announcements/release-news/5641-joomla-3-4-6-released.html">
- <p>Joomla! 3.4.6 is now available. This is a security release
- for the 3.x series of Joomla which addresses a critical security
- vulnerability and 4 low level security vulnerabilities. We strongly
- recommend that you update your sites immediately.</p>
+ <p>The JSST and the Joomla! Security Center report:</p>
+ <blockquote cite="https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html">
+ <h2>[20151201] - Core - Remote Code Execution Vulnerability</h2>
+ <p>Browser information is not filtered properly while saving the
+ session values into the database which leads to a Remote Code
+ Execution vulnerability.</p>
</blockquote>
+ <blockquote cite="https://developer.joomla.org/security-centre/633-20151214-core-csrf-hardening.html">
+ <h2>[20151202] - Core - CSRF Hardening</h2>
+ <p>Add additional CSRF hardening in com_templates.</p>
+ </blockquote>
+ <blockquote cite="https://developer.joomla.org/security-centre/634-20151214-core-directory-traversal.html">
+ <h2>[20151203] - Core - Directory Traversal</h2>
+ <p>Failure to properly sanitise input data from the XML install file
+ located within an extension's package archive allows for directory
+ traversal.</p>
+ </blockquote>
+ <blockquote cite="https://developer.joomla.org/security-centre/635-20151214-core-directory-traversal-2.html">
+ <h2>[20151204] - Core - Directory Traversal</h2>
+ <p>Inadequate filtering of request data leads to a Directory Traversal
+ vulnerability.</p>
+ </blockquote>
</body>
</description>
<references>
@@ -19330,10 +25896,15 @@
<cvename>CVE-2015-8563</cvename>
<cvename>CVE-2015-8564</cvename>
<cvename>CVE-2015-8565</cvename>
+ <url>https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html</url>
+ <url>https://developer.joomla.org/security-centre/633-20151214-core-csrf-hardening.html</url>
+ <url>https://developer.joomla.org/security-centre/634-20151214-core-directory-traversal.html</url>
+ <url>https://developer.joomla.org/security-centre/635-20151214-core-directory-traversal-2.html</url>
</references>
<dates>
<discovery>2015-12-14</discovery>
<entry>2015-12-17</entry>
+ <modified>2016-12-22</modified>
</dates>
</vuln>
@@ -31135,7 +37706,7 @@
<topic>tomcat -- multiple vulnerabilities</topic>
<affects>
<package>
- <name>tomcat6</name>
+ <name>tomcat</name>
<range><lt>6.0.44</lt></range>
</package>
<package>
@@ -31185,7 +37756,7 @@
<dates>
<discovery>2015-05-12</discovery>
<entry>2015-06-16</entry>
- <modified>2015-07-13</modified>
+ <modified>2017-03-18</modified>
</dates>
</vuln>
@@ -37077,6 +43648,7 @@
<package>
<name>libevent</name>
<range><lt>1.4.15</lt></range>
+ <range><ge>2.0</ge><lt>2.0.22</lt></range>
</package>
<package>
<name>libevent2</name>
@@ -37105,6 +43677,7 @@
<dates>
<discovery>2015-01-05</discovery>
<entry>2015-01-11</entry>
+ <modified>2017-02-20</modified>
</dates>
</vuln>
@@ -40711,7 +47284,7 @@
<topic>tomcat -- multiple vulnerabilities</topic>
<affects>
<package>
- <name>tomcat6</name>
+ <name>tomcat</name>
<range><lt>6.0.40</lt></range>
</package>
<package>
@@ -40753,6 +47326,7 @@
<dates>
<discovery>2014-05-23</discovery>
<entry>2014-07-23</entry>
+ <modified>2017-03-18</modified>
</dates>
</vuln>
@@ -54455,7 +61029,7 @@
<topic>tomcat -- bypass of CSRF prevention filter</topic>
<affects>
<package>
- <name>tomcat6</name>
+ <name>tomcat</name>
<range><ge>6.0.0</ge><le>6.0.35</le></range>
</package>
<package>
@@ -54480,6 +61054,7 @@
<dates>
<discovery>2012-12-04</discovery>
<entry>2012-12-04</entry>
+ <modified>2017-03-18</modified>
</dates>
</vuln>
@@ -54487,7 +61062,7 @@
<topic>tomcat -- denial of service</topic>
<affects>
<package>
- <name>tomcat6</name>
+ <name>tomcat</name>
<range><ge>6.0.0</ge><le>6.0.35</le></range>
</package>
<package>
@@ -54513,6 +61088,7 @@
<dates>
<discovery>2012-12-04</discovery>
<entry>2012-12-04</entry>
+ <modified>2017-03-18</modified>
</dates>
</vuln>
@@ -54520,7 +61096,7 @@
<topic>tomcat -- bypass of security constraints</topic>
<affects>
<package>
- <name>tomcat6</name>
+ <name>tomcat</name>
<range><ge>6.0.0</ge><le>6.0.35</le></range>
</package>
<package>
@@ -54548,7 +61124,7 @@
<dates>
<discovery>2012-12-04</discovery>
<entry>2012-12-04</entry>
- <modified>2012-12-29</modified>
+ <modified>2017-03-18</modified>
</dates>
</vuln>
More information about the Midnightbsd-cvs
mailing list