path: root/data/CVE/2016.list

CVE-2016-11085 (php/qmn_options_questions_tab.php in the quiz-master-next plugin befor ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-11084 (An issue was discovered in Mattermost Server before 2.1.0. It allows X ...)
	NOT-FOR-US: Mattermost
CVE-2016-11083 (An issue was discovered in Mattermost Server before 2.2.0. It allows X ...)
	NOT-FOR-US: Mattermost
CVE-2016-11082 (An issue was discovered in Mattermost Server before 2.2.0. It allows X ...)
	NOT-FOR-US: Mattermost
CVE-2016-11081 (An issue was discovered in Mattermost Server before 2.2.0. It allows u ...)
	NOT-FOR-US: Mattermost
CVE-2016-11080 (An issue was discovered in Mattermost Server before 3.0.0. It offers s ...)
	NOT-FOR-US: Mattermost
CVE-2016-11079 (An issue was discovered in Mattermost Server before 3.0.0. It allows X ...)
	NOT-FOR-US: Mattermost
CVE-2016-11078 (An issue was discovered in Mattermost Server before 3.0.0. It potentia ...)
	NOT-FOR-US: Mattermost
CVE-2016-11077 (An issue was discovered in Mattermost Server before 3.0.0. It has a su ...)
	NOT-FOR-US: Mattermost
CVE-2016-11076 (An issue was discovered in Mattermost Server before 3.0.0. It does not ...)
	NOT-FOR-US: Mattermost
CVE-2016-11075 (An issue was discovered in Mattermost Server before 3.0.0. It allows a ...)
	NOT-FOR-US: Mattermost
CVE-2016-11074 (An issue was discovered in Mattermost Server before 3.0.0. A password- ...)
	NOT-FOR-US: Mattermost
CVE-2016-11073 (An issue was discovered in Mattermost Server before 3.0.0. It allows X ...)
	NOT-FOR-US: Mattermost
CVE-2016-11072 (An issue was discovered in Mattermost Server before 3.0.2. The purpose ...)
	NOT-FOR-US: Mattermost
CVE-2016-11071 (An issue was discovered in Mattermost Server before 3.1.0. It allows X ...)
	NOT-FOR-US: Mattermost
CVE-2016-11070 (An issue was discovered in Mattermost Server before 3.1.0. It allows X ...)
	NOT-FOR-US: Mattermost
CVE-2016-11069 (An issue was discovered in Mattermost Server before 3.2.0. It mishandl ...)
	NOT-FOR-US: Mattermost
CVE-2016-11068 (An issue was discovered in Mattermost Server before 3.2.0. Attackers c ...)
	NOT-FOR-US: Mattermost
CVE-2016-11067 (An issue was discovered in Mattermost Server before 3.2.0. It allowed  ...)
	NOT-FOR-US: Mattermost
CVE-2016-11066 (An issue was discovered in Mattermost Server before 3.2.0. The initial ...)
	NOT-FOR-US: Mattermost
CVE-2016-11065 (An issue was discovered in Mattermost Server before 3.3.0. An attacker ...)
	NOT-FOR-US: Mattermost
CVE-2016-11064 (An issue was discovered in Mattermost Desktop App before 3.4.0. String ...)
	NOT-FOR-US: Mattermost
CVE-2016-11063 (An issue was discovered in Mattermost Server before 3.5.1. XSS can occ ...)
	NOT-FOR-US: Mattermost
CVE-2016-11062 (An issue was discovered in Mattermost Server before 3.5.1. E-mail addr ...)
	NOT-FOR-US: Mattermost
CVE-2016-11061 (Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 7 ...)
	NOT-FOR-US: Xerox
CVE-2016-11060 (Certain NETGEAR devices are affected by insecure renegotiation. This a ...)
	NOT-FOR-US: Netgear
CVE-2016-11059 (Certain NETGEAR devices are affected by password exposure. This affect ...)
	NOT-FOR-US: Netgear
CVE-2016-11058 (The NETGEAR genie application before 2.4.34 for Android is affected by ...)
	NOT-FOR-US: Netgear
CVE-2016-11057 (Certain NETGEAR devices are affected by mishandling of repeated URL ca ...)
	NOT-FOR-US: Netgear
CVE-2016-11056 (Certain NETGEAR devices are affected by anonymous root access. This af ...)
	NOT-FOR-US: Netgear
CVE-2016-11055 (Certain NETGEAR devices are affected by CSRF. This affects CM400 befor ...)
	NOT-FOR-US: Netgear
CVE-2016-11054 (NETGEAR DGN2200v4 devices before 2017-01-06 are affected by command ex ...)
	NOT-FOR-US: Netgear
CVE-2016-11053 (An issue was discovered on Samsung mobile devices with software throug ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11052 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) soft ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11051
	REJECTED
CVE-2016-11050 (An issue was discovered on Samsung mobile devices with S3(KK), Note2(K ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11049 (An issue was discovered on Samsung mobile devices with software throug ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11048 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) (Spr ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11047 (An issue was discovered on Samsung mobile devices with JBP(4.2) and KK ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11046 (An issue was discovered on Samsung mobile devices with JBP(4.3), KK(4. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11045 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) soft ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11044 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) and  ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11043 (An issue was discovered on Samsung mobile devices with M(6.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11042 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) and  ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11041 (An issue was discovered on Samsung mobile devices with KK(4.4) softwar ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11040 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) (wit ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11039 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11038 (An issue was discovered on Samsung mobile devices with software throug ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11037
	REJECTED
CVE-2016-11036 (An issue was discovered on Samsung mobile devices with M(6.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11035 (An issue was discovered on Samsung mobile devices with software throug ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11034 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) and  ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11033 (An issue was discovered on Samsung mobile devices with M(6.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11032 (An issue was discovered on Samsung mobile devices with M(6.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11031 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11030 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11029 (An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6 ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11028 (An issue was discovered on Samsung mobile devices with software throug ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11027 (An issue was discovered on Samsung mobile devices with M(6.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11026 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11025 (An issue was discovered on Samsung mobile devices with software throug ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2016-11024 (odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: ...)
	NOT-FOR-US: odata4j
CVE-2016-11023 (odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE ...)
	NOT-FOR-US: odata4j
CVE-2016-11022 (NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35  ...)
	NOT-FOR-US: Netgear
CVE-2016-11021 (setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remot ...)
	NOT-FOR-US: D-Link
CVE-2016-11020 (Kunena before 5.0.4 does not restrict avatar file extensions to gif, j ...)
	NOT-FOR-US: Kunena
CVE-2016-11019
	RESERVED
CVE-2016-11018 (An issue was discovered in the Huge-IT gallery-images plugin before 1. ...)
	NOT-FOR-US: Huge-IT gallery-images plugin for WordPress
CVE-2016-11017 (The application login page in AKIPS Network Monitor 15.37 through 16.5 ...)
	NOT-FOR-US: AKIPS Network Monitor
CVE-2016-11016 (NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS. ...)
	NOT-FOR-US: NETGEAR
CVE-2016-11015 (NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via ...)
	NOT-FOR-US: NETGEAR
CVE-2016-11014 (NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control  ...)
	NOT-FOR-US: NETGEAR
CVE-2016-11013 (The wp-listings plugin before 2.0.2 for WordPress has includes/views/s ...)
	NOT-FOR-US: wp-listings plugin for WordPress
CVE-2016-11012 (The sola-support-tickets plugin before 3.13 for WordPress has incorrec ...)
	NOT-FOR-US: sola-support-tickets plugin for WordPress
CVE-2016-11011 (The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_o ...)
	NOT-FOR-US: wp-invoice plugin for WordPress
CVE-2016-11010 (The wp-invoice plugin before 4.1.1 for WordPress has incorrect access  ...)
	NOT-FOR-US: wp-invoice plugin for WordPress
CVE-2016-11009 (The wp-invoice plugin before 4.1.1 for WordPress has incorrect access  ...)
	NOT-FOR-US: wp-invoice plugin for WordPress
CVE-2016-11008 (The wp-invoice plugin before 4.1.1 for WordPress has incorrect access  ...)
	NOT-FOR-US: wp-invoice plugin for WordPress
CVE-2016-11007 (The wp-invoice plugin before 4.1.1 for WordPress has incorrect access  ...)
	NOT-FOR-US: wp-invoice plugin for WordPress
CVE-2016-11006 (The wp-invoice plugin before 4.1.1 for WordPress has incorrect access  ...)
	NOT-FOR-US: wp-invoice plugin for WordPress
CVE-2016-11005 (The instalinker plugin before 1.1.2 for WordPress has includes/instali ...)
	NOT-FOR-US: instalinker plugin for WordPress
CVE-2016-11004 (The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privi ...)
	NOT-FOR-US: Elegant Themes Monarch plugin for WordPress
CVE-2016-11003 (The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privile ...)
	NOT-FOR-US: Elegant Themes Bloom plugin for WordPress
CVE-2016-11002 (The Elegant Themes Extra theme before 1.2.4 for WordPress has privileg ...)
	NOT-FOR-US: Elegant Themes Extra theme for WordPress
CVE-2016-11001 (The user-submitted-posts plugin before 20160215 for WordPress has XSS  ...)
	NOT-FOR-US: user-submitted-posts plugin for WordPress
CVE-2016-11000 (The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL inje ...)
	NOT-FOR-US: wp-ultimate-exporter plugin for WordPress
CVE-2016-10999 (The Goodnews theme through 2016-02-28 for WordPress has XSS via the s  ...)
	NOT-FOR-US: Goodnews theme for WordPress
CVE-2016-10998 (The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/pl ...)
	NOT-FOR-US: ocim-mp3 plugin for WordPress
CVE-2016-10997 (The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant a ...)
	NOT-FOR-US: beauty-premium theme for WordPress
CVE-2016-10996 (The optinmonster plugin before 1.1.4.6 for WordPress has incorrect acc ...)
	NOT-FOR-US: optinmonster plugin for WordPress
CVE-2016-10995 (The Tevolution plugin before 2.3.0 for WordPress has arbitrary file up ...)
	NOT-FOR-US: Tevolution plugin for WordPress
CVE-2016-10994 (The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter. ...)
	NOT-FOR-US: Truemag theme for WordPress
CVE-2016-10993 (The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s p ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10992 (The music-store plugin before 1.0.43 for WordPress has XSS via the wp- ...)
	NOT-FOR-US: music-store plugin for WordPress
CVE-2016-10991 (The imdb-widget plugin before 1.0.9 for WordPress has Local File Inclu ...)
	NOT-FOR-US: imdb-widget plugin for WordPress
CVE-2016-10990 (The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwar ...)
	NOT-FOR-US: wp-cerber plugin for WordPress
CVE-2016-10989 (The leenkme plugin before 2.6.0 for WordPress has wp-admin/admin.php?p ...)
	NOT-FOR-US: leenkme plugin for WordPress
CVE-2016-10988 (The leenkme plugin before 2.6.0 for WordPress has stored XSS via faceb ...)
	NOT-FOR-US: leenkme plugin for WordPress
CVE-2016-10987 (The persian-woocommerce-sms plugin before 3.3.4 for WordPress has ps_s ...)
	NOT-FOR-US: persian-woocommerce-sms plugin for WordPress
CVE-2016-10986 (The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consum ...)
	NOT-FOR-US: tweet-wheel plugin for WordPress
CVE-2016-10985 (The echosign plugin before 1.2 for WordPress has XSS via the templates ...)
	NOT-FOR-US: echosign plugin for WordPress
CVE-2016-10984 (The echosign plugin before 1.2 for WordPress has XSS via the inc.php p ...)
	NOT-FOR-US: echosign plugin for WordPress
CVE-2016-10983 (The ghost plugin before 0.5.6 for WordPress has no access control for  ...)
	NOT-FOR-US: ghost plugin for WordPress
CVE-2016-10982 (The kento-post-view-counter plugin through 2.8 for WordPress has wp-ad ...)
	NOT-FOR-US: kento-post-view-counter plugin for WordPress
CVE-2016-10981 (The kento-post-view-counter plugin through 2.8 for WordPress has store ...)
	NOT-FOR-US: kento-post-view-counter plugin for WordPress
CVE-2016-10980 (The kento-post-view-counter plugin through 2.8 for WordPress has XSS v ...)
	NOT-FOR-US: kento-post-view-counter plugin for WordPress
CVE-2016-10979 (The fossura-tag-miner plugin before 1.1.5 for WordPress has XSS. ...)
	NOT-FOR-US: fossura-tag-miner plugin for WordPress
CVE-2016-10978 (The fossura-tag-miner plugin before 1.1.5 for WordPress has CSRF. ...)
	NOT-FOR-US: fossura-tag-miner plugin for WordPress
CVE-2016-10977 (The nelio-ab-testing plugin before 4.5.0 for WordPress has filename=.. ...)
	NOT-FOR-US: nelio-ab-testing plugin for WordPress
CVE-2016-10976 (The safe-editor plugin before 1.2 for WordPress has no se_save authent ...)
	NOT-FOR-US: safe-editor plugin for WordPress
CVE-2016-10975 (The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has r ...)
	NOT-FOR-US: fluid-responsive-slideshow plugin for WordPress
CVE-2016-10974 (The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has f ...)
	NOT-FOR-US: fluid-responsive-slideshow plugin for WordPress
CVE-2016-10973 (The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin ...)
	NOT-FOR-US: Brafton plugin for WordPress
CVE-2016-10972 (The newspaper theme before 6.7.2 for WordPress has a lack of options a ...)
	NOT-FOR-US: newspaper theme for WordPress
CVE-2016-10971 (The MemberSonic Lite plugin before 1.302 for WordPress has incorrect l ...)
	NOT-FOR-US: MemberSonic Lite plugin for WordPress
CVE-2016-10970 (The supportflow plugin before 0.7 for WordPress has XSS via a ticket e ...)
	NOT-FOR-US: supportflow plugin for WordPress
CVE-2016-10969 (The supportflow plugin before 0.7 for WordPress has XSS via a discussi ...)
	NOT-FOR-US: supportflow plugin for WordPress
CVE-2016-10968 (The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePre ...)
	NOT-FOR-US: peepso-core plugin for WordPress
CVE-2016-10967 (The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via the wp-c ...)
	NOT-FOR-US: real3d-flipbook-lite plugin for WordPress
CVE-2016-10966 (The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ dir ...)
	NOT-FOR-US: real3d-flipbook-lite plugin for WordPress
CVE-2016-10965 (The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ d ...)
	NOT-FOR-US: real3d-flipbook-lite plugin for WordPress
CVE-2016-10964 (The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent ...)
	NOT-FOR-US: dwnldr plugin for WordPress
CVE-2016-10963 (The icegram plugin before 1.9.19 for WordPress has XSS. ...)
	NOT-FOR-US: icegram plugin for WordPress
CVE-2016-10962 (The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-adm ...)
	NOT-FOR-US: icegram plugin for WordPress
CVE-2016-10961 (The colorway theme before 3.4.2 for WordPress has XSS via the contactN ...)
	NOT-FOR-US: colorway theme for WordPress
CVE-2016-10960 (The wsecure plugin before 2.4 for WordPress has remote code execution  ...)
	NOT-FOR-US: wsecure plugin for WordPress
CVE-2016-10959 (The estatik plugin before 2.3.1 for WordPress has authenticated arbitr ...)
	NOT-FOR-US: estatik plugin for WordPress
CVE-2016-10958 (The estatik plugin before 2.3.0 for WordPress has unauthenticated arbi ...)
	NOT-FOR-US: estatik plugin for WordPress
CVE-2016-10957 (The Akal theme through 2016-08-22 for WordPress has XSS via the framew ...)
	NOT-FOR-US: Akal theme for WordPress
CVE-2016-10956 (The mail-masta plugin 1.0 for WordPress has local file inclusion in co ...)
	NOT-FOR-US: mail-masta plugin for WordPress
CVE-2016-10955 (The cysteme-finder plugin before 1.4 for WordPress has unrestricted fi ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10954 (The Neosense theme before 1.8 for WordPress has qquploader unrestricte ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10953 (The Headway theme before 3.8.9 for WordPress has XSS via the license k ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10952 (The quotes-collection plugin before 2.0.6 for WordPress has XSS via th ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10951 (The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection vi ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10950 (The sirv plugin before 1.3.2 for WordPress has SQL injection via the i ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10949 (The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL in ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10948 (The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect han ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10947 (The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10946 (The wp-d3 plugin before 2.4.1 for WordPress has CSRF. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10945 (The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?pa ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10944 (The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10943 (The zx-csv-upload plugin 1 for WordPress has SQL injection via the id  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10942 (The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for W ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10941 (The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for W ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10940 (The zm-gallery plugin 1.0 for WordPress has SQL injection via the orde ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10939 (The xtremelocator plugin 1.5 for WordPress has SQL injection via the i ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10938 (The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10937 (IMAPFilter through 2.6.12 does not validate the hostname in an SSL cer ...)
	{DLA-1976-1}
	- imapfilter 1:2.6.13-1 (bug #939702)
	[buster] - imapfilter <no-dsa> (Minor issue)
	[stretch] - imapfilter <no-dsa> (Minor issue)
	NOTE: https://github.com/lefcha/imapfilter/issues/142
	NOTE: Patch for support for hostname validation (requrires OpenSSL 1.1.0  and later):
	NOTE: https://github.com/lefcha/imapfilter/commit/bf2515da752eddd54973adb0853c6aa289e921b6
	NOTE: Patch for support for hostname validation (for OpenSSL 1.0.2 and later):
	NOTE: https://github.com/lefcha/imapfilter/commit/3daa2692e37fc52ce630e39a3fb6faf270c054b1
CVE-2016-10936 (The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll b ...)
	NOT-FOR-US: wp-polls plugin for WordPress
CVE-2016-10935 (The woocommerce-exporter plugin before 1.8.4 for WordPress has privile ...)
	NOT-FOR-US: woocommerce-exporter plugin for WordPress
CVE-2016-10934 (The check-email plugin before 0.5.2 for WordPress has XSS. ...)
	NOT-FOR-US: check-email plugin for WordPress
CVE-2016-10933 (An issue was discovered in the portaudio crate through 0.7.0 for Rust. ...)
	NOT-FOR-US: Rust crate portaudio
CVE-2016-10932 (An issue was discovered in the hyper crate before 0.9.4 for Rust on Wi ...)
	- rust-hyper <not-affected> (Fixed before initial upload to archive and Windows-specific anyway)
	NOTE: https://rustsec.org/advisories/RUSTSEC-2016-0002.html
CVE-2016-10931 (An issue was discovered in the openssl crate before 0.9.0 for Rust. Th ...)
	- rust-openssl <not-affected> (Fixed before initial upload to archive)
	NOTE: https://rustsec.org/advisories/RUSTSEC-2016-0001.html
CVE-2016-10930 (The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for W ...)
	NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for WordPress
CVE-2016-10929 (The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no ...)
	NOT-FOR-US: advanced-ajax-page-loader plugin for WordPress
CVE-2016-10928 (The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcode ...)
	NOT-FOR-US: onelogin-saml-sso plugin for WordPress
CVE-2016-10927 (The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in aj ...)
	NOT-FOR-US: nelio-ab-testing plugin for WordPress
CVE-2016-10926 (The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in aja ...)
	NOT-FOR-US: nelio-ab-testing plugin for WordPress
CVE-2016-10925 (The peters-login-redirect plugin before 2.9.1 for WordPress has XSS du ...)
	NOT-FOR-US: peters-login-redirect plugin for WordPress
CVE-2016-10924 (The ebook-download plugin before 1.2 for WordPress has directory trave ...)
	NOT-FOR-US: ebook-download plugin for WordPress
CVE-2016-10923 (The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has pr ...)
	NOT-FOR-US: woocommerce-store-toolkit plugin for WordPress
CVE-2016-10922 (The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has pr ...)
	NOT-FOR-US: woocommerce-store-toolkit plugin for WordPress
CVE-2016-10921 (The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL in ...)
	NOT-FOR-US: gallery-photo-gallery plugin for WordPress
CVE-2016-10920 (The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS. ...)
	NOT-FOR-US: gnucommerce plugin for WordPress
CVE-2016-10919 (The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats ...)
	NOT-FOR-US: wassup plugin for WordPress
CVE-2016-10918 (The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF. ...)
	NOT-FOR-US: gallery-by-supsystic plugin for WordPress
CVE-2016-10917 (The search-everything plugin before 8.1.6 for WordPress has SQL inject ...)
	NOT-FOR-US: search-everything plugin for WordPress
CVE-2016-10916 (The appointment-booking-calendar plugin before 1.1.24 for WordPress ha ...)
	NOT-FOR-US: appointment-booking-calendar plugin for WordPress
CVE-2016-10915 (The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10914 (The add-from-server plugin before 3.3.2 for WordPress has CSRF for imp ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10913 (The wp-latest-posts plugin before 3.7.5 for WordPress has XSS. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10912 (The universal-analytics plugin before 1.3.1 for WordPress has XSS. ...)
	NOT-FOR-US: universal-analytics plugin for WordPress
CVE-2016-10911 (The profile-builder plugin before 2.4.2 for WordPress has multiple XSS ...)
	NOT-FOR-US: profile-builder plugin for WordPress
CVE-2016-10910 (The formbuilder plugin before 1.06 for WordPress has multiple XSS issu ...)
	NOT-FOR-US: formbuilder plugin for WordPress
CVE-2016-10909 (The booking-calendar-contact-form plugin before 1.0.24 for WordPress h ...)
	NOT-FOR-US: booking-calendar-contact-form plugin for WordPress
CVE-2016-10908 (The booking-calendar-contact-form plugin before 1.0.24 for WordPress h ...)
	NOT-FOR-US: booking-calendar-contact-form plugin for WordPress
CVE-2016-10907 (An issue was discovered in drivers/iio/dac/ad5755.c in the Linux kerne ...)
	- linux 4.9.2-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/9d47964bfd471f0dd4c89f28556aec68bffa0020
CVE-2016-10906 (An issue was discovered in drivers/net/ethernet/arc/emac_main.c in the ...)
	- linux 4.5.1-1
	NOTE: https://git.kernel.org/linus/c278c253f3d992c6994d08aa0efb2b6806ca396f
CVE-2016-10905 (An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4 ...)
	{DLA-1930-1}
	- linux 4.8.5-1
	NOTE: https://git.kernel.org/linus/36e4ad0316c017d5b271378ed9a1c9a4b77fab5f
CVE-2016-10904 (The olimometer plugin before 2.57 for WordPress has SQL injection. ...)
	NOT-FOR-US: olimometer plugin for WordPress
CVE-2016-10903 (The GoDaddy godaddy-email-marketing-sign-up-forms plugin before 1.1.3  ...)
	NOT-FOR-US: GoDaddy godaddy-email-marketing-sign-up-forms plugin for WordPress
CVE-2016-10902 (The wp-customer-reviews plugin before 3.0.9 for WordPress has CSRF in  ...)
	NOT-FOR-US: wp-customer-reviews plugin for WordPress
CVE-2016-10901 (The wp-customer-reviews plugin before 3.0.9 for WordPress has XSS in t ...)
	NOT-FOR-US: wp-customer-reviews plugin for WordPress
CVE-2016-10900 (The uji-countdown plugin before 2.0.7 for WordPress has XSS. ...)
	NOT-FOR-US: uji-countdown plugin for WordPress
CVE-2016-10899 (The total-security plugin before 3.4.1 for WordPress has a settings-ch ...)
	NOT-FOR-US: total-security plugin for WordPress
CVE-2016-10898 (The total-security plugin before 3.4.1 for WordPress has XSS. ...)
	NOT-FOR-US: total-security plugin for WordPress
CVE-2016-10897 (The sermon-browser plugin before 0.45.16 for WordPress has multiple XS ...)
	NOT-FOR-US: sermon-browser plugin for WordPress
CVE-2016-10896 (The seo-redirection plugin before 4.3 for WordPress has stored XSS. ...)
	NOT-FOR-US: seo-redirection plugin for WordPress
CVE-2016-10895 (The option-tree plugin before 2.6.0 for WordPress has XSS via an add_l ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10894 (xtrlock through 2.10 does not block multitouch events. Consequently, a ...)
	{DLA-1959-1}
	- xtrlock 2.12 (bug #830726)
	[buster] - xtrlock 2.8+deb10u1
	[stretch] - xtrlock 2.8+deb9u1
CVE-2016-10893 (The crayon-syntax-highlighter plugin before 2.8.4 for WordPress has mu ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10892 (The chained-quiz plugin before 1.0 for WordPress has multiple XSS issu ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10891 (The aryo-activity-log plugin before 2.3.3 for WordPress has XSS. ...)
	NOT-FOR-US: aryo-activity-log plugin for WordPress
CVE-2016-10890 (The aryo-activity-log plugin before 2.3.2 for WordPress has XSS. ...)
	NOT-FOR-US: aryo-activity-log plugin for WordPress
CVE-2016-10889 (The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injecti ...)
	NOT-FOR-US: nextgen-gallery plugin for WordPress
CVE-2016-10888 (The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPr ...)
	NOT-FOR-US: all-in-one-wp-security-and-firewall plugin for WordPress
CVE-2016-10887 (The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPr ...)
	NOT-FOR-US: all-in-one-wp-security-and-firewall plugin for WordPress
CVE-2016-10886 (The wp-editor plugin before 1.2.6 for WordPress has incorrect permissi ...)
	NOT-FOR-US: wp-editor plugin for WordPress
CVE-2016-10885 (The wp-editor plugin before 1.2.6 for WordPress has CSRF. ...)
	NOT-FOR-US: wp-editor plugin for WordPress
CVE-2016-10884 (The simple-membership plugin before 3.3.3 for WordPress has multiple C ...)
	NOT-FOR-US: simple-membership plugin for WordPress
CVE-2016-10883 (The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF ...)
	NOT-FOR-US: simple-add-pages-or-posts plugin for WordPress
CVE-2016-10882 (The google-document-embedder plugin before 2.6.2 for WordPress has CSR ...)
	NOT-FOR-US: google-document-embedder plugin for WordPress
CVE-2016-10881 (The google-document-embedder plugin before 2.6.2 for WordPress has XSS ...)
	NOT-FOR-US: google-document-embedder plugin for WordPress
CVE-2016-10880 (The google-document-embedder plugin before 2.6.1 for WordPress has XSS ...)
	NOT-FOR-US: google-document-embedder plugin for WordPress
CVE-2016-10879 (The wp-live-chat-support plugin before 6.2.02 for WordPress has XSS. ...)
	NOT-FOR-US: wp-live-chat-support plugin for WordPress
CVE-2016-10878 (The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS. ...)
	NOT-FOR-US: wp-google-map-plugin plugin for WordPress
CVE-2016-10877 (The wp-editor plugin before 1.2.6.3 for WordPress has multiple XSS iss ...)
	NOT-FOR-US: wp-editor plugin for WordPress
CVE-2016-10876 (The wp-database-backup plugin before 4.3.1 for WordPress has CSRF. ...)
	NOT-FOR-US: wp-database-backup plugin for WordPress
CVE-2016-10875 (The wp-database-backup plugin before 4.3.1 for WordPress has XSS. ...)
	NOT-FOR-US: wp-database-backup plugin for WordPress
CVE-2016-10874 (The wp-database-backup plugin before 4.3.3 for WordPress has CSRF. ...)
	NOT-FOR-US: wp-database-backup plugin for WordPress
CVE-2016-10873 (The wp-database-backup plugin before 4.3.3 for WordPress has XSS. ...)
	NOT-FOR-US: wp-database-backup plugin for WordPress
CVE-2016-10872 (The ultimate-member plugin before 1.3.40 for WordPress has XSS on the  ...)
	NOT-FOR-US: ultimate-member plugin for WordPress
CVE-2016-10871 (The mailchimp-for-wp plugin before 4.0.11 for WordPress has XSS on the ...)
	NOT-FOR-US: mailchimp-for-wp plugin for WordPress
CVE-2016-10870 (The google-language-translator plugin before 5.0.06 for WordPress has  ...)
	NOT-FOR-US: google-language-translator plugin for WordPress
CVE-2016-10869 (The contact-form-plugin plugin before 4.0.2 for WordPress has XSS. ...)
	NOT-FOR-US: contact-form-plugin plugin for WordPress
CVE-2016-10868 (The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPr ...)
	NOT-FOR-US: all-in-one-wp-security-and-firewall plugin for WordPress
CVE-2016-10867 (The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPr ...)
	NOT-FOR-US: all-in-one-wp-security-and-firewall plugin for WordPress
CVE-2016-10866 (The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPr ...)
	NOT-FOR-US: all-in-one-wp-security-and-firewall plugin for WordPress
CVE-2016-10865 (The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cros ...)
	NOT-FOR-US: Lightbox Plus Colorbox plugin for WordPress
CVE-2016-10864 (NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID. ...)
	NOT-FOR-US: NETGEAR
CVE-2016-10863 (Edimax Wi-Fi Extender devices allow goform/formwlencryptvxd CSRF with  ...)
	NOT-FOR-US: Edimax
CVE-2016-10862 (Neet AirStream NAS1.1 devices have a password of ifconfig for the root ...)
	NOT-FOR-US: Neet AirStream NAS1.1 devices
CVE-2016-10861 (Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settin ...)
	NOT-FOR-US: Neet AirStream NAS1.1 devices
CVE-2016-10860 (cPanel before 11.54.0.0 allows unauthorized zone modification via the  ...)
	NOT-FOR-US: cPanel
CVE-2016-10859 (cPanel before 11.54.0.0 allows unauthorized password changes via Webma ...)
	NOT-FOR-US: cPanel
CVE-2016-10858 (cPanel before 11.54.0.0 allows unauthenticated arbitrary code executio ...)
	NOT-FOR-US: cPanel
CVE-2016-10857 (cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (S ...)
	NOT-FOR-US: cPanel
CVE-2016-10856 (cPanel before 11.54.0.0 allows subaccounts to discover sensitive data  ...)
	NOT-FOR-US: cPanel
CVE-2016-10855 (cPanel before 11.54.0.4 allows unauthenticated arbitrary code executio ...)
	NOT-FOR-US: cPanel
CVE-2016-10854 (cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner inter ...)
	NOT-FOR-US: cPanel
CVE-2016-10853 (cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager i ...)
	NOT-FOR-US: cPanel
CVE-2016-10852 (cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsyst ...)
	NOT-FOR-US: cPanel
CVE-2016-10851 (cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration e ...)
	NOT-FOR-US: cPanel
CVE-2016-10850 (cPanel before 11.54.0.4 allows arbitrary code execution via scripts/sy ...)
	NOT-FOR-US: cPanel
CVE-2016-10849 (cPanel before 11.54.0.4 allows certain file-chmod operations in script ...)
	NOT-FOR-US: cPanel
CVE-2016-10848 (cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in  ...)
	NOT-FOR-US: cPanel
CVE-2016-10847 (cPanel before 11.54.0.4 allows arbitrary file-read and file-write oper ...)
	NOT-FOR-US: cPanel
CVE-2016-10846 (cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod ope ...)
	NOT-FOR-US: cPanel
CVE-2016-10845 (cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in  ...)
	NOT-FOR-US: cPanel
CVE-2016-10844 (The chcpass script in cPanel before 11.54.0.4 reveals a password hash  ...)
	NOT-FOR-US: cPanel
CVE-2016-10843 (cPanel before 11.54.0.4 allows code execution in the context of shared ...)
	NOT-FOR-US: cPanel
CVE-2016-10842 (cPanel before 11.54.0.4 allows certain file-read operations in bin/set ...)
	NOT-FOR-US: cPanel
CVE-2016-10841 (The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses pas ...)
	NOT-FOR-US: cPanel
CVE-2016-10840 (cPanel before 11.54.0.4 allows arbitrary code execution during locale  ...)
	NOT-FOR-US: cPanel
CVE-2016-10839 (cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usern ...)
	NOT-FOR-US: cPanel
CVE-2016-10838 (cPanel before 11.54.0.4 allows arbitrary file-read operations via the  ...)
	NOT-FOR-US: cPanel
CVE-2016-10837 (cPanel before 11.54.0.4 allows arbitrary code execution because of an  ...)
	NOT-FOR-US: cPanel
CVE-2016-10836 (cPanel before 55.9999.141 allows arbitrary file-read operations during ...)
	NOT-FOR-US: cPanel
CVE-2016-10835 (cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account  ...)
	NOT-FOR-US: cPanel
CVE-2016-10834 (cPanel before 55.9999.141 allows account-suspension bypass via ftp (SE ...)
	NOT-FOR-US: cPanel
CVE-2016-10833 (cPanel before 55.9999.141 mishandles username-based blocking for PRE r ...)
	NOT-FOR-US: cPanel
CVE-2016-10832 (cPanel before 55.9999.141 allows FTP cPHulk bypass via account name mu ...)
	NOT-FOR-US: cPanel
CVE-2016-10831 (cPanel before 55.9999.141 does not perform as two-factor authenticatio ...)
	NOT-FOR-US: cPanel
CVE-2016-10830 (cPanel before 55.9999.141 allows ACL bypass for AppConfig applications ...)
	NOT-FOR-US: cPanel
CVE-2016-10829 (cPanel before 55.9999.141 allows arbitrary file-read operations becaus ...)
	NOT-FOR-US: cPanel
CVE-2016-10828 (cPanel before 55.9999.141 allows arbitrary code execution because of a ...)
	NOT-FOR-US: cPanel
CVE-2016-10827 (cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Ma ...)
	NOT-FOR-US: cPanel
CVE-2016-10826 (cPanel before 55.9999.141 allows attackers to bypass Two Factor Authen ...)
	NOT-FOR-US: cPanel
CVE-2016-10825 (cPanel before 55.9999.141 allows attackers to bypass a Security Policy ...)
	NOT-FOR-US: cPanel
CVE-2016-10824 (cPanel before 55.9999.141 allows unauthenticated arbitrary code execut ...)
	NOT-FOR-US: cPanel
CVE-2016-10823 (cPanel before 55.9999.141 allows arbitrary code execution in the conte ...)
	NOT-FOR-US: cPanel
CVE-2016-10822 (cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Imag ...)
	NOT-FOR-US: cPanel
CVE-2016-10821 (In cPanel before 55.9999.141, Scripts/addpop reveals a command-line pa ...)
	NOT-FOR-US: cPanel
CVE-2016-10820 (cPanel before 55.9999.141 allows daemons to access their controlling T ...)
	NOT-FOR-US: cPanel
CVE-2016-10819 (In cPanel before 57.9999.54, user log files become world-readable when ...)
	NOT-FOR-US: cPanel
CVE-2016-10818 (cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsa ...)
	NOT-FOR-US: cPanel
CVE-2016-10817 (cPanel before 57.9999.54 allows SQL Injection via the ModSecurity Tail ...)
	NOT-FOR-US: cPanel
CVE-2016-10816 (cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary  ...)
	NOT-FOR-US: cPanel
CVE-2016-10815 (cPanel before 57.9999.54 allows arbitrary file-read operations for Web ...)
	NOT-FOR-US: cPanel
CVE-2016-10814 (cPanel before 57.9999.54 allows demo-mode escape via show_template.sto ...)
	NOT-FOR-US: cPanel
CVE-2016-10813 (cPanel before 57.9999.54 allows self XSS during ftp account creation u ...)
	NOT-FOR-US: cPanel
CVE-2016-10812 (In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs ( ...)
	NOT-FOR-US: cPanel
CVE-2016-10811 (In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC- ...)
	NOT-FOR-US: cPanel
CVE-2016-10810 (In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY  ...)
	NOT-FOR-US: cPanel
CVE-2016-10809 (In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to  ...)
	NOT-FOR-US: cPanel
CVE-2016-10808 (In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop expos ...)
	NOT-FOR-US: cPanel
CVE-2016-10807 (cPanel before 57.9999.54 allows certain denial-of-service outcomes via ...)
	NOT-FOR-US: cPanel
CVE-2016-10806 (cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing  ...)
	NOT-FOR-US: cPanel
CVE-2016-10805 (cPanel before 57.9999.54 allows demo accounts to execute arbitrary cod ...)
	NOT-FOR-US: cPanel
CVE-2016-10804 (The SQLite journal feature in cPanel before 57.9999.54 allows arbitrar ...)
	NOT-FOR-US: cPanel
CVE-2016-10803 (cPanel before 57.9999.105 allows newline injection via LOC records (CP ...)
	NOT-FOR-US: cPanel
CVE-2016-10802 (cPanel before 58.0.4 allows code execution in the context of other use ...)
	NOT-FOR-US: cPanel
CVE-2016-10801 (cPanel before 58.0.4 has improper session handling for shared users (S ...)
	NOT-FOR-US: cPanel
CVE-2016-10800 (cPanel before 58.0.4 allows demo-mode escape via Site Templates and Bo ...)
	NOT-FOR-US: cPanel
CVE-2016-10799 (cPanel before 58.0.4 does not set the Pear tmp directory during a PHP  ...)
	NOT-FOR-US: cPanel
CVE-2016-10798 (cPanel before 58.0.4 allows a file-ownership change (to nobody) via re ...)
	NOT-FOR-US: cPanel
CVE-2016-10797 (cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certifica ...)
	NOT-FOR-US: cPanel
CVE-2016-10796 (cPanel before 58.0.4 initially uses weak permissions for Apache HTTP S ...)
	NOT-FOR-US: cPanel
CVE-2016-10795 (cPanel before 59.9999.145 allows stored XSS in the WHM tail_upcp2.cgi  ...)
	NOT-FOR-US: cPanel
CVE-2016-10794 (cPanel before 59.9999.145 allows arbitrary file-read operations becaus ...)
	NOT-FOR-US: cPanel
CVE-2016-10793 (cPanel before 59.9999.145 allows arbitrary code execution due to an in ...)
	NOT-FOR-US: cPanel
CVE-2016-10792 (cPanel before 59.9999.145 allows code execution in the context of othe ...)
	NOT-FOR-US: cPanel
CVE-2016-10791 (cPanel before 60.0.15 does not ensure that system accounts lack a vali ...)
	NOT-FOR-US: cPanel
CVE-2016-10790 (cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpa ...)
	NOT-FOR-US: cPanel
CVE-2016-10789 (cPanel before 60.0.25 allows code execution via the cpsrvd 403 error r ...)
	NOT-FOR-US: cPanel
CVE-2016-10788 (cPanel before 60.0.25 allows arbitrary code execution via Maketext in  ...)
	NOT-FOR-US: cPanel
CVE-2016-10787 (The Host Access Control feature in cPanel before 60.0.25 mishandles ac ...)
	NOT-FOR-US: cPanel
CVE-2016-10786 (cPanel before 60.0.25 allows members of the nobody group to read Apach ...)
	NOT-FOR-US: cPanel
CVE-2016-10785 (cPanel before 60.0.25 allows attackers to discover file contents durin ...)
	NOT-FOR-US: cPanel
CVE-2016-10784 (cPanel before 60.0.25 allows self XSS in the alias upload interface (S ...)
	NOT-FOR-US: cPanel
CVE-2016-10783 (cPanel before 60.0.25 allows self stored XSS in SSL_listkeys (SEC-182) ...)
	NOT-FOR-US: cPanel
CVE-2016-10782 (cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs  ...)
	NOT-FOR-US: cPanel
CVE-2016-10781 (cPanel before 60.0.25 allows self XSS in the UI_confirm API (SEC-180). ...)
	NOT-FOR-US: cPanel
CVE-2016-10780 (cPanel before 60.0.25 allows stored XSS in the ftp_sessions API (SEC-1 ...)
	NOT-FOR-US: cPanel
CVE-2016-10779 (cPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SE ...)
	NOT-FOR-US: cPanel
CVE-2016-10778 (cPanel before 60.0.25 allows self stored XSS in the listftpstable API  ...)
	NOT-FOR-US: cPanel
CVE-2016-10777 (cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodi ...)
	NOT-FOR-US: cPanel
CVE-2016-10776 (cPanel before 60.0.25 allows stored XSS during the homedir removal pha ...)
	NOT-FOR-US: cPanel
CVE-2016-10775 (cPanel before 60.0.25 allows arbitrary file-chown operations via reass ...)
	NOT-FOR-US: cPanel
CVE-2016-10774 (cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi in ...)
	NOT-FOR-US: cPanel
CVE-2016-10773 (cPanel before 60.0.25 allows format-string injection in exception-mess ...)
	NOT-FOR-US: cPanel
CVE-2016-10772 (cPanel before 60.0.25 does not enforce feature-list restrictions when  ...)
	NOT-FOR-US: cPanel
CVE-2016-10771 (cPanel before 60.0.25 allows file-create and file-chmod operations dur ...)
	NOT-FOR-US: cPanel
CVE-2016-10770 (cPanel before 60.0.25 allows arbitrary file-overwrite operations durin ...)
	NOT-FOR-US: cPanel
CVE-2016-10769 (cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-cl ...)
	NOT-FOR-US: cPanel
CVE-2016-10768 (cPanel before 60.0.25 allows file-overwrite operations during preparat ...)
	NOT-FOR-US: cPanel
CVE-2016-10767 (cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Perm ...)
	NOT-FOR-US: cPanel
CVE-2016-10766 (edx-platform before 2016-06-06 allows CSRF. ...)
	NOT-FOR-US: Open edX
CVE-2016-10765 (edx-platform before 2016-06-10 allows account activation with a spoofe ...)
	NOT-FOR-US: Open edX
CVE-2016-10764 (In the Linux kernel before 4.9.6, there is an off by one in the driver ...)
	- linux 4.9.6-1
	NOTE: https://git.kernel.org/linus/193e87143c290ec16838f5368adc0e0bc94eb931
CVE-2016-10763 (The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS ...)
	NOT-FOR-US: CampTix Event Ticketing plugin for WordPress
CVE-2016-10762 (The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV ...)
	NOT-FOR-US: CampTix Event Ticketing plugin for WordPress
CVE-2016-10761 (Logitech Unifying devices before 2016-02-26 allow keystroke injection, ...)
	NOT-FOR-US: Logitech
CVE-2016-10760 (On Seowon Intech routers, there is a Command Injection vulnerability i ...)
	NOT-FOR-US: Seowon Intech routers
CVE-2016-10759 (The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resu ...)
	NOT-FOR-US: Xinha plugin in Precurio
CVE-2016-10758 (PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php f ...)
	NOT-FOR-US: PHPKIT
CVE-2016-10757 (In Redaxo 5.2.0, the cron management of the admin panel suffers from C ...)
	NOT-FOR-US: Redaxo
CVE-2016-10756 (Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload becaus ...)
	NOT-FOR-US: Kliqqi
CVE-2016-10755 (AbanteCart 1.2.8 allows SQL Injection via the source_language paramete ...)
	NOT-FOR-US: AbanteCart
CVE-2016-10754 (modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection ...)
	NOT-FOR-US: Vtiger CRM
CVE-2016-10753 (e107 2.1.2 allows PHP Object Injection with resultant SQL injection, b ...)
	NOT-FOR-US: e107
CVE-2016-10752 (serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote atta ...)
	- serendipity <removed>
CVE-2016-10751 (osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the  ...)
	NOT-FOR-US: osClass
CVE-2016-10750 (In Hazelcast before 3.11, the cluster join procedure is vulnerable to  ...)
	- hazelcast <itp> (bug #745640)
CVE-2016-10748
	RESERVED
CVE-2016-10747
	RESERVED
CVE-2016-10745 (In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. ...)
	- jinja2 2.9.4-1
	[stretch] - jinja2 <no-dsa> (Minor issue)
	[jessie] - jinja2 <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/pallets/jinja/commit/9b53045c34e61013dc8f09b7e52a555fa16bed16
	NOTE: Followup bugfix: https://github.com/pallets/jinja/commit/74bd64e56387f5b2931040dc7235a3509cde1611
CVE-2016-10749 (parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-r ...)
	- cjson <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/DaveGamble/cJSON/issues/30
	NOTE: https://www.openwall.com/lists/oss-security/2016/11/07/2
	NOTE: https://github.com/DaveGamble/cJSON/commit/94df772485c92866ca417d92137747b2e3b0a917
CVE-2016-10744 (In Select2 through 4.0.5, as used in Snipe-IT and other products, rich ...)
	NOT-FOR-US: Snipe-IT
CVE-2016-10743 (hostapd before 2.6 does not prevent use of the low-quality PRNG that i ...)
	{DLA-1733-1}
	- wpa 2:2.6-7 (unimportant)
	NOTE: https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389
	NOTE: There was already a 2.6 upload late in 2016 but then reverted to a 2.4 based
	NOTE: version and only reuploaded as 2:2.6-7 to unstable.
CVE-2016-10742 (Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before  ...)
	{DLA-1708-1}
	- zabbix 1:3.0.17+dfsg-1 (low)
	[stretch] - zabbix <no-dsa> (Minor issue)
	NOTE: https://support.zabbix.com/browse/ZBX-10272
	NOTE: https://support.zabbix.com/browse/ZBX-13133
CVE-2016-1000282 (Haraka version 2.8.8 and earlier comes with a plugin for processing at ...)
	NOT-FOR-US: Haraka
CVE-2016-1000276
	REJECTED
CVE-2016-1000271 (Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8. ...)
	NOT-FOR-US: Joomla extension
CVE-2016-10741 (In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users ...)
	{DLA-1731-1}
	- linux 4.9.6-1
	NOTE: Fixed by: https://git.kernel.org/linus/04197b341f23b908193308b8d63d17ff23232598
CVE-2016-10740 (Various resources in Atlassian Crowd before version 2.10.1 allow remot ...)
	NOT-FOR-US: Atlassian Crowd
CVE-2016-10739 (In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinf ...)
	- glibc 2.28-6 (bug #920047)
	[stretch] - glibc <no-dsa> (Minor issue)
	[jessie] - glibc <no-dsa> (Minor issue)
	- eglibc <removed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1347549
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20018
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=108bc4049f8ae82710aec26a92ffdb4b439c83fd
CVE-2016-10738 (Zenbership v107 has CSRF via admin/cp-functions/event-add.php. ...)
	NOT-FOR-US: Zenbership
CVE-2016-10737 (Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[bo ...)
	- serendipity <removed>
CVE-2016-10736 (The "Social Pug - Easy Social Share Buttons" plugin before 1.2.6 for W ...)
	NOT-FOR-US: WordPress plugin social-pug
CVE-2016-10735 (In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is ...)
	- twitter-bootstrap4 <not-affected> (Fixed before initial upload to Debian)
	- twitter-bootstrap3 3.4.0+dfsg-1
	[stretch] - twitter-bootstrap3 3.3.7+dfsg-2+deb9u1
	[jessie] - twitter-bootstrap3 <no-dsa> (Minor issue)
	NOTE: https://github.com/twbs/bootstrap/commit/bcad4bcb5f5a9ef079b2883a48a698b35261e083 (v4.0.0-beta.2)
	NOTE: https://github.com/twbs/bootstrap/commit/29f9237f735b90dbc89e003db0c62dec2db0b308 (v3.4.0)
	NOTE: https://github.com/twbs/bootstrap/commit/13bf8aeae3db71e28af69782328c22215795c169 (v3.4.0)
	NOTE: https://github.com/twbs/bootstrap/issues/20184
	NOTE: hhtps://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
	NOTE: https://github.com/twbs/bootstrap/pull/23679
	NOTE: https://github.com/twbs/bootstrap/pull/23687
	NOTE: https://github.com/twbs/bootstrap/pull/26460
CVE-2016-10746 (libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API ...)
	{DLA-1772-1}
	- libvirt 1.3.1-1
	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=506e9d6c2d4baaf580d489fff0690c0ff2ff588f (v1.3.1-rc1)
CVE-2016-10734 (ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Referen ...)
	NOT-FOR-US: ProjectSend
CVE-2016-10733 (ProjectSend (formerly cFTP) r582 allows directory traversal via file=. ...)
	NOT-FOR-US: ProjectSend
CVE-2016-10732 (ProjectSend (formerly cFTP) r582 allows authentication bypass via a di ...)
	NOT-FOR-US: ProjectSend
CVE-2016-10731 (ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files ...)
	NOT-FOR-US: ProjectSend
CVE-2016-10730 (An issue was discovered in Amanda 3.3.1. A user with backup privileges ...)
	- amanda <unfixed> (unimportant)
	NOTE: https://www.exploit-db.com/exploits/39244/
	NOTE: /usr/lib/amanda/application/amstar can only be run by members of the backup
	NOTE: group (which is root-equivalent due to being able to perform restores e.g.)
CVE-2016-10729 (An issue was discovered in Amanda 3.3.1. A user with backup privileges ...)
	- amanda <unfixed> (unimportant)
	NOTE: https://www.exploit-db.com/exploits/39217/
	NOTE: /usr/lib/amanda/runtar can only be run by members of the backup
	NOTE: group (which is root-equivalent due to being able to perform restores e.g.)
CVE-2016-10728 (An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error p ...)
	{DLA-1508-1}
	- suricata 3.1.2-1
	NOTE: https://redmine.openinfosecfoundation.org/issues/1880
	NOTE: https://github.com/OISF/suricata/pull/2210
CVE-2016-10727 (camel/providers/imapx/camel-imapx-server.c in the IMAPx component in G ...)
	{DLA-1443-1}
	- evolution-data-server 3.22.0-2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1334842
	NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/f26a6f67
CVE-2016-10726 (The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before ...)
	NOT-FOR-US: DSpave
CVE-2016-10725 (In Bitcoin Core before v0.13.0, a non-final alert is able to block the ...)
	- bitcoin 0.13.0-0.1
CVE-2016-10724 (Bitcoin Core before v0.13.0 allows denial of service (memory exhaustio ...)
	- bitcoin 0.13.0-0.1
CVE-2016-1000352 (In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES i ...)
	- bouncycastle 1.56-1
	[jessie] - bouncycastle <ignored> (Intrusive changes, can be mitigated by using a different mode than ECB)
	NOTE: https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f
CVE-2016-1000346 (In the Bouncy Castle JCE Provider version 1.55 and earlier the other p ...)
	{DLA-1418-1}
	- bouncycastle 1.56-1
	NOTE: https://github.com/bcgit/bc-java/commit/1127131c89021612c6eefa26dbe5714c194e7495#diff-d525a20b8acaed791ae2f0f770eb5937
CVE-2016-1000345 (In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/E ...)
	{DLA-1418-1}
	- bouncycastle 1.56-1
	NOTE: https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35#diff-4439ce586bf9a13bfec05c0d113b8098
CVE-2016-1000344 (In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES i ...)
	- bouncycastle 1.56-1
	[jessie] - bouncycastle <ignored> (Intrusive changes, can be mitigated by using a different mode than ECB)
	NOTE: https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f
CVE-2016-1000343 (In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key ...)
	{DLA-1418-1}
	- bouncycastle 1.56-1
	NOTE: https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389#diff-5578e61500abb2b87b300d3114bdfd7d
CVE-2016-1000342 (In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does  ...)
	{DLA-1418-1}
	- bouncycastle 1.56-1
	NOTE: https://github.com/bcgit/bc-java/commit/843c2e60f67d71faf81d236f448ebbe56c62c647#diff-25c3c78db788365f36839b3f2d3016b9
CVE-2016-1000341 (In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signatu ...)
	{DLA-1418-1}
	- bouncycastle 1.56-1
	NOTE: https://github.com/bcgit/bc-java/commit/acaac81f96fec91ab45bd0412beaf9c3acd8defa#diff-e75226a9ca49217a7276b29242ec59ce
CVE-2016-1000340 (In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propa ...)
	- bouncycastle 1.56-1
	[jessie] - bouncycastle <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00#diff-e5934feac8203ca0104ab291a3560a31
CVE-2016-1000339 (In the Bouncy Castle JCE Provider version 1.55 and earlier the primary ...)
	{DLA-1418-1}
	- bouncycastle 1.56-1
	NOTE: https://github.com/bcgit/bc-java/commit/413b42f4d770456508585c830cfcde95f9b0e93b#diff-54656f860db94b867ba7542430cd2ef0
	NOTE: https://github.com/bcgit/bc-java/commit/8a73f08931450c17c749af067b6a8185abdfd2c0#diff-494fb066bed02aeb76b6c005632943f2
CVE-2016-10723 (** DISPUTED ** An issue was discovered in the Linux kernel through 4.1 ...)
	- linux <unfixed> (unimportant)
	- linux-4.9 <removed> (unimportant)
	NOTE: https://patchwork.kernel.org/patch/10395909/
	NOTE: Negligible security impact, long standing limitation
CVE-2016-10722 (partclone.fat in Partclone before 0.2.88 is prone to a heap-based buff ...)
	- partclone 0.2.88-1
	[jessie] - partclone <no-dsa> (Minor issue)
	[wheezy] - partclone <no-dsa> (Minor issue)
	NOTE: https://david.gnedt.at/blog/2016/11/14/advisory-partclone-fat-bitmap-heap-overflow/
	NOTE: https://github.com/Thomas-Tsai/partclone/issues/71
CVE-2016-10721 (partclone.restore in Partclone 0.2.87 is prone to a heap-based buffer  ...)
	- partclone 0.2.88-1
	[jessie] - partclone <no-dsa> (Minor issue)
	[wheezy] - partclone <no-dsa> (Minor issue)
	NOTE: https://github.com/Thomas-Tsai/partclone/issues/82
CVE-2016-10720
	RESERVED
CVE-2016-10719 (TP-Link Archer CR-700 1.0.6 devices have an XSS vulnerability that can ...)
	NOT-FOR-US: TP-Link
CVE-2016-10718 (Brave Browser before 0.13.0 allows a tab to close itself even if the t ...)
	- brave-browser <itp> (bug #864795)
CVE-2016-10717 (A vulnerability in the encryption and permission implementation of Mal ...)
	NOT-FOR-US: Malwarebytes Anti-Malware
CVE-2016-10716 (The Mail.ru Calendar plugin before 2.5.0.61 for Atlassian Jira has XSS ...)
	NOT-FOR-US: Atlassian Jira plugin
CVE-2016-10715 (The Artezio Kanban Board plugin 1.4 revision 1914 for Atlassian Jira h ...)
	NOT-FOR-US: Atlassian Jira plugin
CVE-2016-10714 (In zsh before 5.3, an off-by-one error resulted in undersized buffers  ...)
	{DLA-1304-1}
	- zsh 5.3-1
	[jessie] - zsh <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/zsh/code/ci/a62e1640bcafbb82d86ea8d8ce057a83c4683d60
CVE-2016-10713 (An issue was discovered in GNU patch before 2.7.6. Out-of-bounds acces ...)
	- patch 2.7.6-1 (unimportant)
	NOTE: https://git.savannah.gnu.org/cgit/patch.git/commit/src/pch.c?id=a0d7fe4589651c64bd16ddaaa634030bb0455866
	NOTE: Crash in CLI tool, no security impact
CVE-2016-10711 (Apsis Pound before 2.8a allows request smuggling via crafted headers,  ...)
	{DLA-2196-1 DLA-1280-1}
	[experimental] - pound 2.8-1+patrodyne20190113
	- pound 2.8-2 (bug #888786)
	[stretch] - pound 2.7-1.3+deb9u1
	NOTE: http://www.apsis.ch/pound/pound_list/archive/2016/2016-10/1477235279000
	NOTE: https://www.suse.com/de-de/security/cve/CVE-2016-10711/
	NOTE: Fixed by https://build.opensuse.org/request/show/571084
	NOTE: Confirmed that the SUSE patch is the security relevant diff between
	NOTE: version 2.7 and 2.8a
	NOTE: an additional fix of the fix is needed to avoid that pound uses 100% CPU
	NOTE: https://github.com/graygnuorg/pound/commit/c5a95780e2233a05ab3fb8b4eb8a9550f0c3b53c
CVE-2016-10710 (Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not v ...)
	NOT-FOR-US: Biscom Secure File Transfer
CVE-2016-10709 (pfSense before 2.3 allows remote authenticated users to execute arbitr ...)
	NOT-FOR-US: pfSense
CVE-2016-10708 (sshd in OpenSSH before 7.4 allows remote attackers to cause a denial o ...)
	{DLA-1500-1 DLA-1257-1}
	- openssh 1:7.4p1-1
	NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737
	NOTE: http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html
	NOTE: Flaw is not crashing the whole sshd daemon, rather the privsep process
CVE-2016-10707 (jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to remo ...)
	- jquery <not-affected> (Vulnerable code never in unstable; only experimental)
	NOTE: https://github.com/jquery/jquery/issues/3133
	NOTE: https://github.com/jquery/jquery/pull/3134
	NOTE: https://snyk.io/vuln/npm:jquery:20160529
	NOTE: Only 3.0.0-rc1 affected: https://github.com/jquery/jquery/issues/3133#issuecomment-358978489
CVE-2016-10706 (The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vi ...)
	NOT-FOR-US: WordPress plugin jetpack
CVE-2016-10705 (The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes mo ...)
	NOT-FOR-US: WordPress plugin jetpack
CVE-2016-10704 (Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1 ...)
	NOT-FOR-US: Magento
CVE-2016-10703 (A regular expression Denial of Service (DoS) vulnerability in the file ...)
	NOT-FOR-US: ecstatic npm
CVE-2016-10702 (Pebble Smartwatch devices through 4.3 mishandle UUID storage, which al ...)
	NOT-FOR-US: Pebble
CVE-2016-10701 (In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exist ...)
	NOT-FOR-US: Hitachi Vantara Pentaho BA Platform
CVE-2016-10700 (auth_login.php in Cacti before 1.0.0 allows remote authenticated users ...)
	- cacti 0.8.8h+ds1-5 (bug #833420)
	[jessie] - cacti 0.8.8b+dfsg-8+deb8u6
	[wheezy] - cacti 0.8.8a+dfsg-5+deb7u9
	NOTE: https://web.archive.org/web/20160817090458/http://bugs.cacti.net/view.php?id=2697
	NOTE: https://github.com/Cacti/cacti/commit/69983495cd41bf0903fe02baeef84b1fa85f2846
	NOTE: Fix for the incomplete fix for CVE-2016-2313
CVE-2016-10699 (D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS  ...)
	NOT-FOR-US: D-Link devices
CVE-2016-10698 (mystem-fix is a node.js wrapper for MyStem morphology text analyzer by ...)
	NOT-FOR-US: mystem-fix
CVE-2016-10697 (react-native-baidu-voice-synthesizer is a baidu voice speech synthesiz ...)
	NOT-FOR-US: react-native-baidu-voice-synthesizer
CVE-2016-10696 (windows-latestchromedriver downloads the latest version of chromedrive ...)
	NOT-FOR-US: windows-latestchromedriver
CVE-2016-10695 (The npm-test-sqlite3-trunk module provides asynchronous, non-blocking  ...)
	NOT-FOR-US: npm-test-sqlite3-trunk
CVE-2016-10694 (alto-saxophone is a module to install and launch Chromedriver for Mac, ...)
	NOT-FOR-US: alto-saxophone
CVE-2016-10693 (pm2-kafka is a PM2 module that installs and runs a kafka server pm2-ka ...)
	NOT-FOR-US: pm2-kafka
CVE-2016-10692 (haxeshim haxe shim to deal with coexisting versions. haxeshim download ...)
	NOT-FOR-US: haxeshim
CVE-2016-10691 (windows-seleniumjar is a module that downloads the Selenium Jar file w ...)
	NOT-FOR-US: windows-seleniumjar
CVE-2016-10690 (openframe-ascii-image module is an openframe plugin which adds support ...)
	NOT-FOR-US: openframe-ascii-image
CVE-2016-10689 (The windows-iedriver module downloads fixed version of iedriverserver. ...)
	NOT-FOR-US: The windows-iedriver
CVE-2016-10688 (Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton's damoeb ...)
	NOT-FOR-US: Haxe node module, different from src:haxe
CVE-2016-10687 (windows-selenium-chromedriver is a module that downloads the Selenium  ...)
	NOT-FOR-US: windows-selenium-chromedriver
CVE-2016-10686 (fis-sass-all is another libsass wrapper for node. fis-sass-all downloa ...)
	NOT-FOR-US: fis-sass-all
CVE-2016-10685 (pk-app-wonderbox is an integration with wonderbox pk-app-wonderbox dow ...)
	NOT-FOR-US: pk-app-wonderbox
CVE-2016-10684 (healthcenter - IBM Monitoring and Diagnostic Tools health Center agent ...)
	NOT-FOR-US: IBM
CVE-2016-10683 (arcanist downloads resources over HTTP, which leaves it vulnerable to  ...)
	NOT-FOR-US: arcanist node module, different from src:arcanist
CVE-2016-10682 (massif is a Phantomjs fork massif downloads resources over HTTP, which ...)
	NOT-FOR-US: massif
CVE-2016-10681 (roslib-socketio - The standard ROS Javascript Library fork for add sup ...)
	NOT-FOR-US: roslib-socketio
CVE-2016-10680 (adamvr-geoip-lite is a light weight native JavaScript implementation o ...)
	NOT-FOR-US: adamvr-geoip-lite
CVE-2016-10679 (selenium-standalone-painful installs a start-selenium command line to  ...)
	NOT-FOR-US: selenium-standalone-painful
CVE-2016-10678 (serc.js is a Selenium RC process wrapper serc.js downloads binary reso ...)
	NOT-FOR-US: serc.js
CVE-2016-10677 (google-closure-tools-latest is a Node.js module wrapper for downloadin ...)
	NOT-FOR-US: google-closure-tools-latest
CVE-2016-10676 (rs-brightcove is a wrapper around brightcove's web api rs-brightcove d ...)
	NOT-FOR-US: rs-brightcove
CVE-2016-10675 (libsbmlsim is a module that installs linux binaries for libsbmlsim lib ...)
	NOT-FOR-US: libsbmlsim
CVE-2016-10674 (limbus-buildgen is a "build anywhere" build system. limbus-buildgen ve ...)
	NOT-FOR-US: limbus-buildgen
CVE-2016-10673 (ipip-coffee queries geolocation information from IP ipip-coffee downlo ...)
	NOT-FOR-US: ipip-coffee
CVE-2016-10672 (cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis  ...)
	NOT-FOR-US: cloudpub-redis
CVE-2016-10671 (mystem-wrapper is a Yandex mystem app wrapper module. mystem-wrapper d ...)
	NOT-FOR-US: mystem-wrapper
CVE-2016-10670 (windows-seleniumjar-mirror downloads the Selenium Jar file windows-sel ...)
	NOT-FOR-US: windows-seleniumjar-mirror
CVE-2016-10669 (soci downloads binary resources over HTTP, which leaves it vulnerable  ...)
	NOT-FOR-US: soci
CVE-2016-10668 (libsbml is a module that installs Linux binaries for libSBML libsbml d ...)
	NOT-FOR-US: libsbml node integration, different from src:libsml
CVE-2016-10667 (selenium-portal is a Selenium Testing Framework selenium-portal downlo ...)
	NOT-FOR-US: selenium-portal
CVE-2016-10666 (tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser ...)
	NOT-FOR-US: tomita-parser
CVE-2016-10665 (herbivore is a packet sniffing and crafting library. Built on libtins  ...)
	NOT-FOR-US: herbivore
CVE-2016-10664 (mystem is a Node.js wrapper for MyStem morphology text analyzer by Yan ...)
	NOT-FOR-US: mystem
CVE-2016-10663 (wixtoolset is a Node module wrapper around the wixtoolset binaries wix ...)
	NOT-FOR-US: wixtoolset
CVE-2016-10662 (tomita is a node wrapper for Yandex Tomita Parser tomita downloads bin ...)
	NOT-FOR-US: tomita
CVE-2016-10661 (phantomjs-cheniu is a Headless WebKit with JS API phantomjs-cheniu dow ...)
	NOT-FOR-US: phantomjs-cheniu
CVE-2016-10660 (fis-parser-sass-bin a plugin for fis to compile sass using node-sass-b ...)
	NOT-FOR-US: fis-parser-sass-bin
CVE-2016-10659 (poco - The POCO libraries, downloads source file resources used for co ...)
	NOT-FOR-US: nodejs poco module
CVE-2016-10658 (native-opencv is the OpenCV library installed via npm native-opencv do ...)
	NOT-FOR-US: native-opencv binding for node, different from src:opencv
CVE-2016-10657 (co-cli-installer downloads the co-cli module as part of the install pr ...)
	NOT-FOR-US: co-cli-installer
CVE-2016-10656 (qbs is a build tool that helps simplify the build process for developi ...)
	NOT-FOR-US: npm qbs (different from src:qbs)
CVE-2016-10655 (The clang-extra module installs LLVM's clang-extra tools. clang-extra  ...)
	NOT-FOR-US: npm clang-extra
CVE-2016-10654 (sfml downloads resources over HTTP, which leaves it vulnerable to MITM ...)
	NOT-FOR-US: node-sfml
CVE-2016-10653 (xd-testing is a testing library for cross-device (XD) web applications ...)
	NOT-FOR-US: node xp-testing
CVE-2016-10652 (prebuild-lwip is a module for comprehensive, fast, and simple image pr ...)
	NOT-FOR-US: node prebuild-lwip
CVE-2016-10651 (webdriver-launcher is a Node.js Selenium Webdriver Launcher. webdriver ...)
	NOT-FOR-US: webdriver-launcher
CVE-2016-10650 (ntfserver is a Network Testing Framework Server. ntfserver downloads b ...)
	NOT-FOR-US: ntfserver
CVE-2016-10649 (frames-compiler downloads binary resources over HTTP, which leaves it  ...)
	NOT-FOR-US: frames-compiler
CVE-2016-10648 (marionette-socket-host is a marionette-js-runner host for sending acti ...)
	NOT-FOR-US: marionette-socket-host
CVE-2016-10647 (node-air-sdk is an AIR SDK for nodejs. node-air-sdk downloads binary r ...)
	NOT-FOR-US: node-air-sdk
CVE-2016-10646 (resourcehacker is a Node wrapper of Resource Hacker (windows executabl ...)
	NOT-FOR-US: resourcehacker
CVE-2016-10645 (grunt-images is a grunt plugin for processing images. grunt-images dow ...)
	NOT-FOR-US: grunt-images
CVE-2016-10644 (slimerjs-edge is a npm wrapper for installing the bleeding edge versio ...)
	NOT-FOR-US: slimerjs-edge
CVE-2016-10643 (jstestdriver is a wrapper for Google's jstestdriver. jstestdriver down ...)
	NOT-FOR-US: jstestdriver
CVE-2016-10642 (cmake installs the cmake x86 linux binaries. cmake downloads binary re ...)
	NOT-FOR-US: cmake node intregration
CVE-2016-10641 (node-bsdiff-android downloads resources over HTTP, which leaves it vul ...)
	NOT-FOR-US: node-bsdiff-android
CVE-2016-10640 (node-thulac is a node binding for thulac. node-thulac downloads binary ...)
	NOT-FOR-US: node-thulac
CVE-2016-10639 (redis-srvr is a npm wrapper for redis-server. redis-srvr downloads bin ...)
	NOT-FOR-US: redis-srvr
CVE-2016-10638 (js-given is a JavaScript frontend to jgiven. js-given downloads binary ...)
	NOT-FOR-US: js-given
CVE-2016-10637 (haxe-dev is a cross-platform toolkit. haxe-dev downloads binary resour ...)
	NOT-FOR-US: haxe-dev, different from src:haxe
CVE-2016-10636 (grunt-ccompiler is a Closure Compiler Grunt Plugin. grunt-ccompiler do ...)
	NOT-FOR-US: grunt-ccompiler
CVE-2016-10635 (broccoli-closure is a Closure compiler plugin for Broccoli. broccoli-c ...)
	NOT-FOR-US: broccoli-closure
CVE-2016-10634 (scala-standalone-bin is a Binary wrapper for ScalaJS. scala-standalone ...)
	NOT-FOR-US: scala-standalone-bin
CVE-2016-10633 (dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. dwebp ...)
	NOT-FOR-US: dwebp-bin
CVE-2016-10632 (apk-parser2 is a module which extracts Android Manifest info from an A ...)
	NOT-FOR-US: apk-parser2
CVE-2016-10631 (jvminstall is a module for downloading and unpacking jvm to local syst ...)
	NOT-FOR-US: jvminstall
CVE-2016-10630 (install-g-test downloads resources over HTTP, which leaves it vulnerab ...)
	NOT-FOR-US: install-g-test
CVE-2016-10629 (nw-with-arm is a NW Installer including ARM-Build. nw-with-arm downloa ...)
	NOT-FOR-US: nw-with-arm
CVE-2016-10628 (selenium-wrapper is a selenium server wrapper, including installation  ...)
	NOT-FOR-US: selenium-wrapper
CVE-2016-10627 (scala-bin is a binary wrapper for Scala. scala-bin downloads binary re ...)
	NOT-FOR-US: scala-bin
CVE-2016-10626 (mystem3 is a NodeJS wrapper for the Yandex MyStem 3. mystem3 downloads ...)
	NOT-FOR-US: mystem3
CVE-2016-10625 (headless-browser-lite is a minimal npm installer for phantomjs and sli ...)
	NOT-FOR-US: headless-browser-lite
CVE-2016-10624 (selenium-chromedriver is a simple utility for downloading the Selenium ...)
	NOT-FOR-US: selenium-chromedriver
CVE-2016-10623 (macaca-chromedriver-zxa is a Node.js wrapper for the selenium chromedr ...)
	NOT-FOR-US: macaca-chromedriver-zxa
CVE-2016-10622 (nodeschnaps is a NodeJS compatibility layer for Java (Rhino). nodeschn ...)
	NOT-FOR-US: nodeschnaps
CVE-2016-10621 (fibjs is a runtime for javascript applictions built on google v8 JS. f ...)
	NOT-FOR-US: fibjs
CVE-2016-10620 (atom-node-module-installer installs node modules for atom-shell applic ...)
	NOT-FOR-US: atom-node-module-installer
CVE-2016-10619 (pennyworth is a natural language templating engine. pennyworth downloa ...)
	NOT-FOR-US: pennyworth
CVE-2016-10618 (node-browser is a wrapper webdriver by nodejs. node-browser downloads  ...)
	NOT-FOR-US: node-browser
CVE-2016-10617 (box2d-native downloads binary resources over HTTP, which leaves it vul ...)
	NOT-FOR-US: box2d-native (different from src:box2d)
CVE-2016-10616 (openframe-image is an Openframe extension which adds support for image ...)
	NOT-FOR-US: openframe-image
CVE-2016-10615 (curses is bindings for the native curses library, a full featured cons ...)
	NOT-FOR-US: curses node module
CVE-2016-10614 (httpsync is a port of libcurl to node.js. httpsync downloads binary re ...)
	NOT-FOR-US: httpsync node module
CVE-2016-10613 (bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra download ...)
	NOT-FOR-US: bionode-sra
CVE-2016-10612 (dalek-browser-ie-canary is Internet Explorer bindings for DalekJS. dal ...)
	NOT-FOR-US: dalek-browser-ie-canary
CVE-2016-10611 (strider-sauce is Sauce Labs / Selenium support for Strider. strider-sa ...)
	NOT-FOR-US: strider-sauce
CVE-2016-10610 (unicode-json is a unicode lookup table. unicode-json before 2.0.0 down ...)
	NOT-FOR-US: unicode-json
CVE-2016-10609 (chromedriver126 is chromedriver version 1.26 for linux OS. chromedrive ...)
	NOT-FOR-US: chromedriver126
CVE-2016-10608 (robot-js is a module for native system automation for node.js. robot-j ...)
	NOT-FOR-US: robot-js
CVE-2016-10607 (openframe-glsviewer is a Openframe extension which adds support for sh ...)
	NOT-FOR-US: openframe-glsviewer
CVE-2016-10606 (grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in ...)
	NOT-FOR-US: grunt-webdriver-qunit
CVE-2016-10605 (dalek-browser-ie is Internet Explorer bindings for DalekJS. dalek-brow ...)
	NOT-FOR-US: dalek-browser-ie
CVE-2016-10604 (dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-brow ...)
	NOT-FOR-US: dalek-browser-chrome
CVE-2016-10603 (air-sdk is a NPM wrapper for the Adobe AIR SDK. air-sdk downloads bina ...)
	NOT-FOR-US: air-sdk
CVE-2016-10602 (haxe is a cross-platform toolkit haxe downloads zipped resources over  ...)
	NOT-FOR-US: Haxe node module, different from src:haxe
CVE-2016-10601 (webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver ...)
	NOT-FOR-US: webdrvr
CVE-2016-10600 (webrtc-native uses WebRTC from chromium project. webrtc-native downloa ...)
	NOT-FOR-US: webrtc-native
CVE-2016-10599 (sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar ...)
	NOT-FOR-US: sauce-connect
CVE-2016-10598 (arrayfire-js is a module for ArrayFire for the Node.js platform. array ...)
	NOT-FOR-US: arrayfire-js
CVE-2016-10597 (cobalt-cli downloads resources over HTTP, which leaves it vulnerable t ...)
	NOT-FOR-US: cobalt-cli
CVE-2016-10596 (imageoptim is a Node.js wrapper for some images compression algorithms ...)
	NOT-FOR-US: imageoptim
CVE-2016-10595 (jdf-sass is a fork from node-sass, jdf use only. jdf-sass downloads ex ...)
	NOT-FOR-US: jdf-sass
CVE-2016-10594 (ipip is a Node.js module to query geolocation information for an IP or ...)
	NOT-FOR-US: ibip
CVE-2016-10593 (ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads  ...)
	NOT-FOR-US: ibapi
CVE-2016-10592 (jser-stat is a JSer.info stat library. jser-stat downloads data resour ...)
	NOT-FOR-US: jser-stat
CVE-2016-10591 (Prince is a Node API for executing XML/HTML to PDF renderer PrinceXML  ...)
	NOT-FOR-US: Prince Node API
CVE-2016-10590 (cue-sdk-node is a Corsair Cue SDK wrapper for node.js. cue-sdk-node do ...)
	NOT-FOR-US: cue-sdk-node
CVE-2016-10589 (selenium-binaries downloads Selenium related binaries for your OS. sel ...)
	NOT-FOR-US: selenium-binaries
CVE-2016-10588 (nw is an installer for nw.js. nw downloads zipped resources over HTTP, ...)
	NOT-FOR-US: nw
CVE-2016-10587 (wasdk is a toolkit for creating WebAssembly modules. wasdk downloads b ...)
	NOT-FOR-US: wasdk
CVE-2016-10586 (macaca-chromedriver is a Node.js wrapper for the selenium chromedriver ...)
	NOT-FOR-US: macaca-chromedriver
CVE-2016-10585 (libxl provides Node bindings for the libxl library for reading and wri ...)
	NOT-FOR-US: libxl node bindings
CVE-2016-10584 (dalek-browser-chrome-canary provides Google Chrome bindings for DalekJ ...)
	NOT-FOR-US: dalek-browser-chrome-canary
CVE-2016-10583 (closure-utils is Utilities for Closure Library based projects. closure ...)
	NOT-FOR-US: closure-utils
CVE-2016-10582 (closurecompiler is a Closure Compiler for node.js. closurecompiler dow ...)
	NOT-FOR-US: closurecompiler
CVE-2016-10581 (Steroids is PhoneGap on Steroids, providing native UI elements, multip ...)
	NOT-FOR-US: PhoneGap on Steroids
CVE-2016-10580 (nodewebkit is an installer for node-webkit. nodewebkit downloads zippe ...)
	NOT-FOR-US: nodewebkit
CVE-2016-10579 (Chromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver ...)
	NOT-FOR-US: Chromedriver
CVE-2016-10578 (unicode loads unicode data downloaded from unicode.org into nodejs. Un ...)
	NOT-FOR-US: nodejs unicode module
CVE-2016-10577 (ibm_db is an asynchronous/synchronous interface for node.js to IBM DB2 ...)
	NOT-FOR-US: ibm_db node.js module
CVE-2016-10576 (Fuseki server wrapper and management API in fuseki before 1.0.1 downlo ...)
	NOT-FOR-US: Fuseki
CVE-2016-10575 (Kindlegen is a simple Node.js wrapper of the official kindlegen progra ...)
	NOT-FOR-US: Kindlegen
CVE-2016-10574 (apk-parser3 is a module to extract Android Manifest info from an APK f ...)
	NOT-FOR-US: apk-parser3
CVE-2016-10573 (baryton-saxophone is a module to install and launch Selenium Server fo ...)
	NOT-FOR-US: baryton-saxophone
CVE-2016-10572 (mongodb-instance before 0.0.3 installs mongodb locally. mongodb-instan ...)
	NOT-FOR-US: mongodb-instance
CVE-2016-10571 (bkjs-wand is imagemagick wand support for node.js and backendjs bkjs-w ...)
	NOT-FOR-US: bkjs-wand
CVE-2016-10570 (pngcrush-installer is an installer for Pngcrush. pngcrush-installer ve ...)
	NOT-FOR-US: pngcrush-installer
CVE-2016-10569 (embedza is a module to create HTML snippets/embeds from URLs using inf ...)
	NOT-FOR-US: embedza
CVE-2016-10568 (geoip-lite-country is a stripped down version of geoip-lite, supportin ...)
	NOT-FOR-US: geoip-lite-country
CVE-2016-10567 (product-monitor is a HTML/JavaScript template for monitoring a product ...)
	NOT-FOR-US: product-monitor
CVE-2016-10566 (install-nw is a module which quickly and robustly installs and caches  ...)
	NOT-FOR-US: install-nw
CVE-2016-10565 (operadriver is a Opera Driver for Selenium. operadriver versions below ...)
	NOT-FOR-US: operadriver
CVE-2016-10564 (apk-parser is a tool to extract Android Manifest info from an APK file ...)
	NOT-FOR-US: apk-parser
CVE-2016-10563 (During the installation process, the go-ipfs-deps module before 0.4.4  ...)
	NOT-FOR-US: go-ipfs-deps
CVE-2016-10562 (iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions be ...)
	NOT-FOR-US: iedriver
CVE-2016-10561 (Bitty is a development web server tool that functions similar to `pyth ...)
	NOT-FOR-US: Bitty
CVE-2016-10560 (galenframework-cli is the node wrapper for the Galen Framework. galenf ...)
	NOT-FOR-US: galenframework-cli
CVE-2016-10559 (selenium-download downloads the latest versions of the selenium standa ...)
	NOT-FOR-US: selenium-download
CVE-2016-10558 (aerospike is an Aerospike add-on module for Node.js. aerospike version ...)
	NOT-FOR-US: aerospike
CVE-2016-10557 (appium-chromedriver is a Node.js wrapper around Chromedriver. Versions ...)
	NOT-FOR-US: appium-chromedriver
CVE-2016-10556 (sequelize is an Object-relational mapping, or a middleman to convert t ...)
	NOT-FOR-US: sequelize
CVE-2016-10555 (Since "algorithm" isn't enforced in jwt.decode()in jwt-simple 0.3.0 an ...)
	NOT-FOR-US: nodejs-jwt-simple
CVE-2016-10554 (sequelize is an Object-relational mapping, or a middleman to convert t ...)
	NOT-FOR-US: sequelize
CVE-2016-10553 (sequelize is an Object-relational mapping, or a middleman to convert t ...)
	NOT-FOR-US: sequelize
CVE-2016-10552 (igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over ...)
	NOT-FOR-US: igniteui
CVE-2016-10551 (waterline-sequel is a module that helps generate SQL statements for Wa ...)
	NOT-FOR-US: waterline-sequel
CVE-2016-10550 (sequelize is an Object-relational mapping, or a middleman to convert t ...)
	NOT-FOR-US: sequelize
CVE-2016-10549 (Sails is an MVC style framework for building realtime web applications ...)
	NOT-FOR-US: Sails
CVE-2016-10548 (Arbitrary code execution is possible in reduce-css-calc node module &l ...)
	NOT-FOR-US: reduce-css-calc
CVE-2016-10547 (Nunjucks is a full featured templating engine for JavaScript. Versions ...)
	NOT-FOR-US: Nunjucks
CVE-2016-10546 (An arbitrary code injection vector was found in PouchDB 6.0.4 and less ...)
	NOT-FOR-US: PouchDB
CVE-2016-10545
	REJECTED
CVE-2016-10544 (uws is a WebSocket server library. By sending a 256mb websocket messag ...)
	NOT-FOR-US: uws
CVE-2016-10543 (call is an HTTP router that is primarily used by the hapi framework. T ...)
	NOT-FOR-US: call HTTP router
CVE-2016-10542 (ws is a "simple to use, blazing fast and thoroughly tested websocket c ...)
	- node-ws 1.1.0+ds1.e6ddaae4-5 (bug #927671)
	[stretch] - node-ws 1.1.0+ds1.e6ddaae4-3+deb9u1
	[jessie] - node-ws <end-of-life> (Nodejs in jessie not covered by security support)
	NOTE: https://nodesecurity.io/advisories/120
	NOTE: https://github.com/nodejs/node/issues/7388
CVE-2016-10541 (The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ...)
	- node-shell-quote <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://nodesecurity.io/advisories/117
	NOTE: nodejs not covered by security support
CVE-2016-10540 (Minimatch is a minimal matching utility that works by converting glob  ...)
	- node-minimatch 3.0.3-1 (unimportant)
	NOTE: https://nodesecurity.io/advisories/118
	NOTE: https://github.com/isaacs/minimatch/commit/6944abf9e0694bd22fd9dad293faa40c2bc8a955
	NOTE: libv8 is not covered by security support
CVE-2016-10539 (negotiator is an HTTP content negotiator for Node.js and is used by ma ...)
	- node-negotiator 0.6.1-1 (unimportant)
	NOTE: https://nodesecurity.io/advisories/106
	NOTE: nodejs not covered by security support
CVE-2016-10538 (The package `node-cli` before 1.0.0 insecurely uses the lock_file and  ...)
	- node-cli <removed> (unimportant; bug #809252)
	NOTE: https://github.com/node-js-libs/cli/issues/81
	NOTE: https://nodesecurity.io/advisories/95
CVE-2016-10537 (backbone is a module that adds in structure to a JavaScript heavy appl ...)
	- backbone 0.5.3-1
	NOTE: https://nodesecurity.io/advisories/108
CVE-2016-10536 (engine.io-client is the client for engine.io, the implementation of a  ...)
	NOT-FOR-US: engine.io-client
CVE-2016-10535 (csrf-lite is a cross-site request forgery protection library for frame ...)
	NOT-FOR-US: csrf-lite
CVE-2016-10534 (electron-packager is a command line tool that packages Electron source ...)
	NOT-FOR-US: electron-packager
CVE-2016-10533 (express-restify-mongoose is a module to easily create a flexible REST  ...)
	NOT-FOR-US: express-restify-mongoose
CVE-2016-10532 (console-io is a module that allows users to implement a web console in ...)
	NOT-FOR-US: console-io
CVE-2016-10531 (marked is an application that is meant to parse and compile markdown.  ...)
	- node-marked 0.3.6+dfsg-1 (unimportant)
	NOTE: https://nodesecurity.io/advisories/101
	NOTE: nodejs not covered by security support
CVE-2016-10530 (The airbrake module 0.3.8 and earlier defaults to sending environment  ...)
	NOT-FOR-US: airbrake
CVE-2016-10529 (Droppy versions &lt;3.5.0 does not perform any verification for cross- ...)
	NOT-FOR-US: Droppy
CVE-2016-10528 (restafary is a REpresentful State Transfer API for Creating, Reading,  ...)
	NOT-FOR-US: restafary
CVE-2016-10527 (The riot-compiler version version 2.3.21 has an issue in a regex (Cata ...)
	NOT-FOR-US: riot-compiler
CVE-2016-10526 (A common setup to deploy to gh-pages on every commit via a CI system i ...)
	NOT-FOR-US: gh-pages
CVE-2016-10525 (When attempting to allow authentication mode `try` in hapi, hapi-auth- ...)
	NOT-FOR-US: hapi
CVE-2016-10524 (i18n-node-angular is a module used to interact between i18n and angula ...)
	NOT-FOR-US: i18n-node-angular
CVE-2016-10523 (MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted M ...)
	- node-mqtt-packet <not-affected> (Fixed before initial upload to the archive)
	NOTE: https://nodesecurity.io/advisories/75
CVE-2016-10522 (rails_admin ruby gem &lt;v1.1.1 is vulnerable to cross-site request fo ...)
	- ruby-rails-admin <removed> (bug #903855)
	[stretch] - ruby-rails-admin <no-dsa> (Minor issue; has regression potential)
	NOTE: https://github.com/sferik/rails_admin/commit/b13e879eb93b661204e9fb5e55f7afa4f397537a
	NOTE: Regression: https://github.com/sferik/rails_admin/issues/2830
CVE-2016-10521 (jshamcrest is vulnerable to regular expression denial of service (ReDo ...)
	NOT-FOR-US: jshamcrest
CVE-2016-10520 (jadedown is vulnerable to regular expression denial of service (ReDoS) ...)
	NOT-FOR-US: jadedown
CVE-2016-10519 (A security issue was found in bittorrent-dht before 5.1.3 that allows  ...)
	NOT-FOR-US: bittorrent-dht
CVE-2016-10518 (A vulnerability was found in the ping functionality of the ws module b ...)
	- node-ws 1.0.1+ds1.e6ddaae4-1 (unimportant)
	NOTE: https://nodesecurity.io/advisories/67
	NOTE: Nodefs not covered by security support
CVE-2016-10517 (networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" b ...)
	{DLA-1161-1}
	- redis 3:3.2.7-1
	[stretch] - redis <no-dsa> (Minor issue)
	[jessie] - redis <no-dsa> (Minor issue)
	NOTE: https://github.com/antirez/redis/commit/874804da0c014a7d704b3d285aa500098a931f50
CVE-2016-10516 (Cross-site scripting (XSS) vulnerability in the render_full function i ...)
	{DLA-1191-1}
	- python-werkzeug 0.11.11+dfsg1-1
	[jessie] - python-werkzeug <no-dsa> (Minor issue)
	NOTE: http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/
	NOTE: https://github.com/pallets/werkzeug/pull/1001
	NOTE: https://github.com/pallets/werkzeug/commit/1034edc7f901dd645ec6e462754111b39002bd65
CVE-2016-10515 (In Redmine before 3.2.3, there are stored XSS vulnerabilities affectin ...)
	- redmine 3.2.3-1
	[jessie] - redmine <end-of-life> (Not supported in Jessie-LTS)
	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: upstream fixed in 3.2.3
CVE-2016-10514 (url_check_format in include/functions.inc.php in Piwigo before 2.8.3 a ...)
	- piwigo <removed>
CVE-2016-10513 (Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted ...)
	- piwigo <removed>
CVE-2016-10512 (MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for main ...)
	NOT-FOR-US: MultiTech FaxFinder
CVE-2016-10511 (The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitt ...)
	NOT-FOR-US: Twitter iOS client
CVE-2016-10510 (Cross-site scripting (XSS) vulnerability in the Security component of  ...)
	{DLA-1241-1}
	- libkohana2-php <removed>
	[jessie] - libkohana2-php <ignored> (Minor issue)
	NOTE: https://github.com/kohana/kohana/issues/107
	NOTE: Fixed by https://github.com/kohana/core/pull/697
CVE-2016-10509 (SQL injection vulnerability in the updateAmazonOrderTracking function  ...)
	NOT-FOR-US: OpenCart
CVE-2016-10508 (Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() befo ...)
	NOT-FOR-US: phpThumb
CVE-2016-10507 (Integer overflow vulnerability in the bmp24toimage function in convert ...)
	- openjpeg2 2.1.2-1
	[jessie] - openjpeg2 <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced by: https://github.com/uclouvain/openjpeg/commit/33a0e66eb129c4e91b555a6b8dd9eab512fbfeb8 (v2.1.1)
	NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/da940424816e11d624362ce080bc026adffa26e8 (v2.1.2)
	NOTE: https://github.com/uclouvain/openjpeg/issues/833
CVE-2016-10506 (Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, op ...)
	- openjpeg2 <unfixed> (unimportant)
	NOTE: https://github.com/uclouvain/openjpeg/commit/d27ccf01c68a31ad62b33d2dc1ba2bb1eeaafe7b
	NOTE: https://github.com/uclouvain/openjpeg/issues/731
	NOTE: https://github.com/uclouvain/openjpeg/issues/732
	NOTE: https://github.com/uclouvain/openjpeg/issues/777
	NOTE: https://github.com/uclouvain/openjpeg/issues/778
	NOTE: https://github.com/uclouvain/openjpeg/issues/779
	NOTE: https://github.com/uclouvain/openjpeg/issues/780
CVE-2016-10505 (NULL pointer dereference vulnerabilities in the imagetopnm function in ...)
	- openjpeg2 <unfixed> (unimportant)
	NOTE: https://github.com/uclouvain/openjpeg/issues/776
	NOTE: https://github.com/uclouvain/openjpeg/issues/784
	NOTE: https://github.com/uclouvain/openjpeg/issues/785
	NOTE: https://github.com/uclouvain/openjpeg/issues/792
CVE-2016-10504 (Heap-based buffer overflow vulnerability in the opj_mqc_byteout functi ...)
	- openjpeg2 2.2.0-1 (bug #874113)
	[stretch] - openjpeg2 2.1.2-1.1+deb9u2
	[jessie] - openjpeg2 <not-affected> (Vulnerable code introduced later, see #874113)
	NOTE: https://github.com/uclouvain/openjpeg/commit/397f62c0a838e15d667ef50e27d5d011d2c79c04
	NOTE: https://github.com/uclouvain/openjpeg/issues/835
CVE-2016-10503 (IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated ...)
	NOT-FOR-US: IBM
CVE-2016-1000245
	RESERVED
CVE-2016-10502 (While generating trusted application id, An integer overflow can occur ...)
	NOT-FOR-US: Snapdragon
CVE-2016-10501 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10500
	REJECTED
CVE-2016-10499 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10498 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10497 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10496 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10495 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10494 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10493 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10492 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10491 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10490 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10489 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10488
	REJECTED
CVE-2016-10487 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10486 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10485 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10484 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10483 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10482 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10481 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10480 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10479 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10478 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10477 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10476 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10475 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10474 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10473 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10472 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10471 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10470
	REJECTED
CVE-2016-10469 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10468
	REJECTED
CVE-2016-10467 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10466 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10465
	REJECTED
CVE-2016-10464 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10463
	REJECTED
CVE-2016-10462 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10461 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10460 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10459 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10458 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10457 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10456 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10455 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10454 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10453
	REJECTED
CVE-2016-10452 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10451 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10450 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10449 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10448 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10447 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10446 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10445 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10444 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10443 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10442 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10441 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10440 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10439 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10438 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10437 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10436 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10435 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10434 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10433 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10432 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10431 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10430 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10429 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10428 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10427 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10426 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10425 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10424 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10423 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10422 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10421 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10420 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10419 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10418 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10417 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10416 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10415 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10414 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10413
	REJECTED
CVE-2016-10412 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10411 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10410 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10409 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10408
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10407 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10406 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10405 (Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) wi ...)
	NOT-FOR-US: D-Link
CVE-2016-10404 (XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect  ...)
	NOT-FOR-US: Liferay Portal
CVE-2016-10403 (Insufficient data validation on image data in PDFium in Google Chrome  ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-10402 (Avira Antivirus engine versions before 8.3.36.60 allow remote code exe ...)
	NOT-FOR-US: Avira
CVE-2016-10401 (ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it ...)
	NOT-FOR-US: ZyXEL
CVE-2016-10400 (Directory Traversal exists in ATutor before 2.2.2 via the icon paramet ...)
	NOT-FOR-US: ATutor
CVE-2016-10399 (Sendio versions before 8.2.1 were affected by a Local File Inclusion v ...)
	NOT-FOR-US: Sendio
CVE-2016-10398 (Android 6.0 has an authentication bypass for attackers with root and p ...)
	NOT-FOR-US: Android
CVE-2016-10397 (In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of vari ...)
	{DLA-1034-1}
	- php7.1 <not-affected> (Fixed with initial upload to unstable)
	- php7.0 7.0.13-1
	- php5 <removed>
	[jessie] - php5 5.6.28+dfsg-0+deb8u1
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=73192
	NOTE: Fixed in 7.1.0, 7.0.13, 5.6.28
	NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=b061fa909de77085d3822a89ab901b934d0362c4
	NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
CVE-2016-10396 (The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable ...)
	{DLA-1044-1}
	- ipsec-tools 1:0.8.2+20140711-9 (bug #867986)
	[stretch] - ipsec-tools 1:0.8.2+20140711-8+deb9u1
	[jessie] - ipsec-tools <no-dsa> (Will be fixed via point release)
	NOTE: NetBSD applied patch: http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c.diff?r1=1.5&r2=1.5.36.1
	NOTE: NetBSD Problem report: https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=51682
	NOTE: Patch disputed, cf. https://bugzilla.suse.com/show_bug.cgi?id=1047443#c1
	NOTE: Updated patch: https://anonscm.debian.org/cgit/pkg-ipsec-tools/pkg-ipsec-tools.git/plain/debian/patches/CVE-2016-10396.patch?id=62ac12648a4eb7c5ba5dba0f81998d1acf310d8b
CVE-2016-10395 (In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running Fle ...)
	NOT-FOR-US: FlexNet Publisher
CVE-2016-10394
	RESERVED
	NOT-FOR-US: Android Qualcomm closed-source components
CVE-2016-10393 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Android Qualcomm closed-source components
CVE-2016-10392 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10391 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10390 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10389 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10388 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10387 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10386 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10385 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10384 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10383 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10382 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10381 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10380 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10379 (The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL  ...)
	NOT-FOR-US: Joomla addon
CVE-2016-10378 (e107 2.1.1 allows SQL injection by remote authenticated administrators ...)
	NOT-FOR-US: e107
CVE-2016-10377 (In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switc ...)
	- openvswitch 2.6.1+git20161123-1
	[jessie] - openvswitch <not-affected> (Vulnerable code using tot_len introduced later)
	[wheezy] - openvswitch <not-affected> (Vulnerable code using tot_len introduced later)
	NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2016-July/319503.html
CVE-2016-10376 (Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote  ...)
	{DSA-3943-1 DLA-967-1}
	- gajim 0.16.6-1.1 (bug #863445)
	NOTE: https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc
	NOTE: https://dev.gajim.org/gajim/gajim/issues/8378
CVE-2016-10375 (Yodl before 3.07.01 has a Buffer Over-read in the queue_push function  ...)
	{DLA-2194-1 DLA-976-1}
	- yodl 3.07.01-1
	NOTE: https://github.com/fbb-git/yodl/issues/1
	NOTE: https://github.com/fbb-git/yodl/commit/fd85f8c94182558ff1480d06a236d6fb927979a3
CVE-2016-10373
	REJECTED
CVE-2016-10372 (The Eir D1000 modem does not properly restrict the TR-064 protocol, wh ...)
	NOT-FOR-US: Eir D1000 modem
CVE-2016-10374 (perltidy through 20160302, as used by perlcritic, check-all-the-things ...)
	- perltidy 20140328-2 (bug #862667)
	[jessie] - perltidy <no-dsa> (Minor issue; can be fixed via point release)
	[wheezy] - perltidy <no-dsa> (Minor issue)
CVE-2016-10371 (The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in ...)
	{DLA-969-1}
	- tiff 4.0.7-7 (low; bug #862929)
	[jessie] - tiff 4.0.3-12.3+deb8u5
	- tiff3 <removed>
	[wheezy] - tiff3 <no-dsa> (tiff tools are not built, can be fixed later)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2535
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2612
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/0abd094b6e5079c4d8be733829240491cb230f3d
CVE-2016-10370 (An issue was discovered on OnePlus devices such as the 3T. The OnePlus ...)
	NOT-FOR-US: OnePlus
CVE-2016-10369 (unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a so ...)
	{DLA-935-1}
	- lxterminal 0.3.0-2 (low; bug #862098)
	[jessie] - lxterminal 0.2.0-1+deb8u1
	NOTE: Fixed by: https://git.lxde.org/gitweb/?p=lxde/lxterminal.git;a=commit;h=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648
CVE-2016-1000393
	REJECTED
CVE-2016-1000373
	REJECTED
CVE-2016-1000372
	REJECTED
CVE-2016-1000371
	REJECTED
CVE-2016-1000370
	REJECTED
CVE-2016-1000369
	REJECTED
CVE-2016-1000368
	REJECTED
CVE-2016-1000367
	REJECTED
CVE-2016-1000366
	REJECTED
CVE-2016-1000365
	REJECTED
CVE-2016-1000364
	REJECTED
CVE-2016-1000363
	REJECTED
CVE-2016-1000362
	REJECTED
CVE-2016-1000361
	REJECTED
CVE-2016-1000360
	REJECTED
CVE-2016-1000338 (In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does no ...)
	{DLA-1418-1}
	- bouncycastle 1.56-1
	NOTE: https://github.com/bcgit/bc-java/commit/b0c3ce99d43d73a096268831d0d120ffc89eac7f#diff-3679f5a9d2b939d0d3ee1601a7774fb0
CVE-2016-10368 (Open redirect vulnerability in Opsview Monitor Pro (Prior to 5.1.0.162 ...)
	NOT-FOR-US: Opsview Monitor Pro
CVE-2016-10367 (In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475 ...)
	NOT-FOR-US: Opsview Monitor Pro
CVE-2016-10366 (Kibana versions after and including 4.3 and before 4.6.2 are vulnerabl ...)
	- kibana <itp> (bug #700337)
CVE-2016-10365 (Kibana versions before 4.6.3 and 5.0.1 have an open redirect vulnerabi ...)
	- kibana <itp> (bug #700337)
CVE-2016-10364 (With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not proper ...)
	NOT-FOR-US: Kibana addon
CVE-2016-10363 (Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, ...)
	- logstash <itp> (bug #664841)
CVE-2016-10362 (Prior to Logstash version 5.0.1, Elasticsearch Output plugin when upda ...)
	- logstash <itp> (bug #664841)
CVE-2016-10361
	REJECTED
CVE-2016-10360
	REJECTED
CVE-2016-10359
	REJECTED
CVE-2016-10358
	REJECTED
CVE-2016-10357
	REJECTED
CVE-2016-10356
	REJECTED
CVE-2016-10355
	REJECTED
CVE-2016-10354
	REJECTED
CVE-2016-10353
	REJECTED
CVE-2016-10352
	REJECTED
CVE-2016-10351 (Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesk ...)
	- telegram-desktop 1.1.19-2
	NOTE: https://github.com/telegramdesktop/tdesktop/issues/2666
CVE-2016-10350 (The archive_read_format_cab_read_header function in archive_read_suppo ...)
	{DSA-4360-1 DLA-1600-1 DLA-1006-1}
	- libarchive 3.2.2-3.1 (bug #861609)
	NOTE: https://github.com/libarchive/libarchive/issues/835
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/88eb9e1d73fef46f04677c25b1697b8e25777ed3 (v3.3.0)
CVE-2016-10349 (The archive_le32dec function in archive_endian.h in libarchive 3.2.2 a ...)
	{DSA-4360-1 DLA-1600-1 DLA-1006-1}
	- libarchive 3.2.2-3.1 (bug #861609)
	NOTE: https://github.com/libarchive/libarchive/issues/834
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/88eb9e1d73fef46f04677c25b1697b8e25777ed3 (v3.3.0)
CVE-2016-10348
	RESERVED
CVE-2016-10347 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10346 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10345 (In Phusion Passenger before 5.1.0, a known /tmp filename was used duri ...)
	- passenger <unfixed> (unimportant)
	NOTE: https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441
	NOTE: Source present, but passenger-install-nginx-module not installed
CVE-2016-10344 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10343 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10342 (In all Android releases from CAF using the Linux kernel, a buffer over ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10341 (In all Android releases from CAF using the Linux kernel, 3rd party TEE ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10340 (In all Android releases from CAF using the Linux kernel, an integer un ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10339 (In all Android releases from CAF using the Linux kernel, HLOS can over ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10338 (In all Android releases from CAF using the Linux kernel, there was an  ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10337 (In all Android releases from CAF using the Linux kernel, some validati ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10336 (In all Android releases from CAF using the Linux kernel, some regions  ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10335 (In all Android releases from CAF using the Linux kernel, libtomcrypt w ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10334 (In all Android releases from CAF using the Linux kernel, a dynamically ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10333 (In all Android releases from CAF using the Linux kernel, a sensitive s ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10332 (In all Android releases from CAF using the Linux kernel, stack protect ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10331 (Directory traversal vulnerability in download.php in Synology Photo St ...)
	NOT-FOR-US: Synology Photo Station
CVE-2016-10330 (Directory traversal vulnerability in synophoto_dsm_user, a SUID progra ...)
	NOT-FOR-US: Synology Photo Station
CVE-2016-10329 (Command injection vulnerability in login.php in Synology Photo Station ...)
	NOT-FOR-US: Synology Photo Station
CVE-2016-1000259
	REJECTED
CVE-2016-1000258
	REJECTED
CVE-2016-10328 (FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a he ...)
	- freetype <not-affected> (Only affected head for about a day, see bug #860303)
	NOTE: Introduced with: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=010e0614f2effe058855aacfc3e61c71e1cb5739
	NOTE: Fixed with http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=beecf80a6deecbaf5d264d4f864451bde4fe98b8
	NOTE: http://savannah.nongnu.org/bugs/?func=detailitem&item_id=49858
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=289
CVE-2016-10327 (LibreOffice before 2016-12-22 has an out-of-bounds write caused by a h ...)
	- libreoffice 1:5.2.5-1
	[jessie] - libreoffice <not-affected> (Vulnerable code not present)
	[wheezy] - libreoffice <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://github.com/LibreOffice/core/commit/7485fc2a1484f31631f62f97e5c64c0ae74c6416
CVE-2016-10326 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a h ...)
	{DSA-3879-1 DLA-898-1}
	- libosip2 4.1.0-2.1 (bug #860287)
	NOTE: https://savannah.gnu.org/support/index.php?109132
	NOTE: Fixed by: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=b9dd097b5b24f5ee54b0a8739e59641cd51b6ead
CVE-2016-10325 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a h ...)
	{DSA-3879-1 DLA-898-1}
	- libosip2 4.1.0-2.1 (bug #860287)
	NOTE: https://savannah.gnu.org/support/index.php?109131
	NOTE: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1d9fb1d3a71cc85ef95352e549b140c706cf8696
CVE-2016-10324 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a h ...)
	{DSA-3879-1 DLA-898-1}
	- libosip2 4.1.0-2.1 (bug #860287)
	NOTE: https://savannah.gnu.org/support/index.php?109133
	NOTE: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=7e0793e15e21f68337e130c67b031ca38edf055f
CVE-2016-10323 (Synology Photo Station before 6.3-2958 allows local users to gain priv ...)
	NOT-FOR-US: Synology Photo Station
CVE-2016-10322 (Synology Photo Station before 6.3-2958 allows remote authenticated gue ...)
	NOT-FOR-US: Synology Photo Station
CVE-2016-10320 (textract before 1.5.0 allows OS Command Injection attacks via a filena ...)
	NOT-FOR-US: textract
CVE-2016-10319 (In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC c ...)
	NOT-FOR-US: ARM
CVE-2016-1000307 (Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8 ...)
	NOT-FOR-US: ClipBucket
CVE-2016-1000306
	REJECTED
CVE-2016-7443 (Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspe ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-10318 (A missing authorization check in the fscrypt_process_policy function i ...)
	- linux 4.7.4-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2016-10317 (The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex S ...)
	- ghostscript 9.22~dfsg-2.1 (bug #860869)
	[stretch] - ghostscript 9.20~dfsg-3.2+deb9u2
	[jessie] - ghostscript 9.06~dfsg-2+deb8u7
	[wheezy] - ghostscript <no-dsa> (Not directly reproducible, to re-evaluate once the upstream fix is known)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697459
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=362ec9daadb9992b0def3520cd1dc6fa52edd1c4
	NOTE: I got the reproducer file from the bug submitter and tried to reproduce it.
	NOTE: Results are the following: sid/stretch with 9.20~dfsg-3 are
	NOTE: affected, it even segfaults. But with wheezy 9.05~dfsg-6.3+deb7u2
	NOTE: and jessie 9.06~dfsg-2+deb8u4, we have no segfault and valgrind
	NOTE: reports no buffer overrun. -- Raphael Hertzog
CVE-2016-10316 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Ai ...)
	NOT-FOR-US: Jensen of Scandinavia AS Air:Link 3G
CVE-2016-10315 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Ai ...)
	NOT-FOR-US: Jensen of Scandinavia AS Air:Link 3G
CVE-2016-10314 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Ai ...)
	NOT-FOR-US: Jensen of Scandinavia AS Air:Link 3G
CVE-2016-10313 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Ai ...)
	NOT-FOR-US: Jensen of Scandinavia AS Air:Link 3G
CVE-2016-10312 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Ai ...)
	NOT-FOR-US: Jensen of Scandinavia AS Air:Link 3G
CVE-2016-1000351
	REJECTED
CVE-2016-1000350
	REJECTED
CVE-2016-1000349
	REJECTED
CVE-2016-1000348
	REJECTED
CVE-2016-1000268
	REJECTED
CVE-2016-10311 (Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows re ...)
	NOT-FOR-US: SAP
CVE-2016-10310 (Buffer overflow in the MobiLink Synchronization Server component in SA ...)
	NOT-FOR-US: MobiLink Synchronization Server
CVE-2016-10309 (In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote a ...)
	NOT-FOR-US: Ceragon FibeAir
CVE-2016-10308 (Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built- ...)
	NOT-FOR-US: Siklu EtherHaul
CVE-2016-10307 (Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and S ...)
	NOT-FOR-US: Trango
CVE-2016-10306 (Trango Altum AC600 devices have a built-in, hidden root account, with  ...)
	NOT-FOR-US: Trango
CVE-2016-10305 (Trango Apex &lt;= 2.1.1, ApexLynx &lt; 2.0, ApexOrion &lt; 2.0, ApexPl ...)
	NOT-FOR-US: Trango
CVE-2016-10304 (The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remot ...)
	NOT-FOR-US: SAP
CVE-2016-10303
	RESERVED
CVE-2016-10302
	RESERVED
CVE-2016-10301
	RESERVED
CVE-2016-10300
	RESERVED
CVE-2016-10299 (An elevation of privilege vulnerability in Qualcomm closed source comp ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10298 (An elevation of privilege vulnerability in Qualcomm closed source comp ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10297 (In TrustZone in all Android releases from CAF using the Linux kernel,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10296 (An information disclosure vulnerability in the Qualcomm shared memory  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10295 (An information disclosure vulnerability in the Qualcomm LED driver cou ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10294 (An information disclosure vulnerability in the Qualcomm power driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10293 (An information disclosure vulnerability in the Qualcomm video driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10292 (A denial of service vulnerability in the Qualcomm Wi-Fi driver could e ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10291 (An elevation of privilege vulnerability in the Qualcomm Slimbus driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10290 (An elevation of privilege vulnerability in the Qualcomm shared memory  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10289 (An elevation of privilege vulnerability in the Qualcomm crypto driver  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10288 (An elevation of privilege vulnerability in the Qualcomm LED driver cou ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10287 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10286 (An elevation of privilege vulnerability in the Qualcomm video driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10285 (An elevation of privilege vulnerability in the Qualcomm video driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10284 (An elevation of privilege vulnerability in the Qualcomm video driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10283 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10282 (An elevation of privilege vulnerability in the MediaTek thermal driver ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2016-10281 (An elevation of privilege vulnerability in the MediaTek thermal driver ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2016-10280 (An elevation of privilege vulnerability in the MediaTek thermal driver ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2016-10279
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10278
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10277 (An elevation of privilege vulnerability in the Motorola bootloader cou ...)
	NOT-FOR-US: Motorola component for Android
CVE-2016-10276 (An elevation of privilege vulnerability in the Qualcomm bootloader cou ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10275 (An elevation of privilege vulnerability in the Qualcomm bootloader cou ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10274 (An elevation of privilege vulnerability in the MediaTek touchscreen dr ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2016-10273 (Multiple stack buffer overflow vulnerabilities in Jensen of Scandinavi ...)
	NOT-FOR-US: Jensen of Scandinavia Air:Link Routers
CVE-2016-10272 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service (he ...)
	{DSA-3762-1 DLA-795-1}
	- tiff 4.0.7-2
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (libtiff-tools not shipped by this source package)
	NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
	NOTE: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
CVE-2016-10271 (tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a d ...)
	{DSA-3762-1 DLA-795-1}
	- tiff 4.0.7-2
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (libtiff-tools not shipped by this source package)
	NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
	NOTE: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
CVE-2016-10270 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service (he ...)
	{DSA-3844-1}
	- tiff 4.0.7-2 (bug #846837)
	[wheezy] - tiff 4.0.2-6+deb7u9
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Unreproducible)
	NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
	NOTE: https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2608
CVE-2016-10269 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service (he ...)
	{DSA-3844-1 DLA-877-1}
	- tiff 4.0.7-2
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Unreproducible)
	NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
	NOTE: https://github.com/vadz/libtiff/commit/1044b43637fa7f70fb19b93593777b78bd20da86
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2604
CVE-2016-10268 (tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a den ...)
	{DLA-877-1}
	- tiff 4.0.7-2 (unimportant)
	- tiff3 <removed> (unimportant)
	[wheezy] - tiff3 <not-affected> (issue in tiffcp that is not shipped by the source package)
	NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
	NOTE: https://github.com/vadz/libtiff/commit/5397a417e61258c69209904e652a1f409ec3b9df
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2598
	NOTE: Crash in CLI tool not treated as a security issue
CVE-2016-10267 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service (di ...)
	{DSA-3844-1 DLA-877-1}
	- tiff 4.0.7-2
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Unreproducible, BigTIFF not supported by this version)
	NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-divide-by-zero/
	NOTE: https://github.com/vadz/libtiff/commit/43bc256d8ae44b92d2734a3c5bc73957a4d7c1ec
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2611
CVE-2016-10266 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service (di ...)
	{DSA-3844-1 DLA-877-1}
	- tiff 4.0.7-2
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Unreproducible)
	NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-divide-by-zero
	NOTE: https://github.com/vadz/libtiff/commit/438274f938e046d33cb0e1230b41da32ffe223e1
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2596
CVE-2016-10265
	RESERVED
CVE-2016-10264
	RESERVED
CVE-2016-10263
	RESERVED
CVE-2016-10262
	RESERVED
CVE-2016-10261
	RESERVED
CVE-2016-10260
	RESERVED
CVE-2016-10259 (Symantec SSL Visibility (SSLV) 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and ...)
	NOT-FOR-US: Blue Coat
CVE-2016-10258 (Unrestricted file upload vulnerability in the Symantec Advanced Secure ...)
	NOT-FOR-US: Symantec
CVE-2016-10257 (The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7. ...)
	NOT-FOR-US: Symantec
CVE-2016-10256 (The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6 ...)
	NOT-FOR-US: Symantec
CVE-2016-10255 (The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils  ...)
	- elfutils 0.168-0.2 (low)
	[jessie] - elfutils <no-dsa> (Minor issue)
	[wheezy] - elfutils <no-dsa> (Minor issue)
	NOTE: 0.168-0.2 first version uploaded to unstable
	NOTE: https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/
	NOTE: https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=09ec02ec7f7e6913d10943148e2a898264345b07
CVE-2016-10254 (The allocate_elf function in common.h in elfutils before 0.168 allows  ...)
	- elfutils 0.168-0.2 (low)
	[jessie] - elfutils <no-dsa> (Minor issue)
	[wheezy] - elfutils <no-dsa> (Minor issue)
	NOTE: 0.168-0.2 first version uploaded to unstable
	NOTE: https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/
	NOTE: https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=191000fdedba3fafe4d5b8cddad3f3318b49c3fb
CVE-2016-10253 (An issue was discovered in Erlang/OTP 18.x. Erlang's generation of com ...)
	- erlang 1:19.2.1+dfsg-2 (bug #858313)
	[jessie] - erlang 1:17.3-dfsg-4+deb8u1
	[wheezy] - erlang <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/erlang/otp/pull/1108
CVE-2016-10252 (Memory leak in the IsOptionMember function in MagickCore/option.c in I ...)
	{DSA-3808-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #857426)
	[wheezy] - imagemagick <not-affected> (vulnerable code not present)
	NOTE: Fixed by: http://git.imagemagick.org/repos/ImageMagick/commit/6790815c75bdea0357df5564345847856e995d6b
CVE-2016-10251 (Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in Jas ...)
	{DSA-3827-1 DLA-920-1}
	- jasper <removed>
	NOTE: https://www.openwall.com/lists/oss-security/2016/11/04/11
	NOTE: https://github.com/mdadams/jasper/commit/1f0dfe5a42911b6880a1445f13f6d615ddb55387
	NOTE: https://github.com/asarubbo/poc/blob/master/00029-jasper-uninitvalue-jpc_pi_nextcprl
CVE-2016-10248 (The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900. ...)
	- jasper <removed> (unimportant)
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/20/5
	NOTE: Not suitable for code injection, hardly denial of service
	NOTE: https://github.com/mdadams/jasper/commit/2e82fa00466ae525339754bb3ab0a0474a31d4bd
CVE-2016-10247 (Buffer overflow in the my_getline function in jstest_main.c in Mujstes ...)
	- mupdf <unfixed> (unimportant)
	[wheezy] - mupdf <not-affected> (Vulnerable code not present)
	NOTE: Although jstest_main.c compiled during build and mujstest is created
	NOTE: it is not included in the produced binary packages
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/16/19
CVE-2016-10246 (Buffer overflow in the main function in jstest_main.c in Mujstest in A ...)
	- mupdf <unfixed> (unimportant)
	[wheezy] - mupdf <not-affected> (Vulnerable code not present)
	NOTE: Although jstest_main.c compiled during build and mujstest is created
	NOTE: it is not included in the produced binary packages
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/16/20
CVE-2016-10245 (Insufficient sanitization of the query parameter in templates/html/sea ...)
	{DLA-1812-1}
	- doxygen 1.8.12-1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=762934
	NOTE: https://github.com/doxygen/doxygen/commit/1cc1adad2de03a0f013881b8960daf89aa155081 (Release_1_8_12)
CVE-2016-10244 (The parse_charstrings function in type1/t1load.c in FreeType 2 before  ...)
	{DSA-3839-1 DLA-848-1}
	[experimental] - freetype 2.7.1-0.1
	- freetype 2.6.3-3.1 (bug #856971)
	NOTE: Fixed in 2.7: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog?h=VER-2-7
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a660e3de422731b94d4a134d27555430cbb6fb39 (VER-2-7)
CVE-2016-10243 (TeX Live allows remote attackers to execute arbitrary commands by leve ...)
	{DSA-3803-1 DLA-847-1}
	- texlive-bin 2019.20190605.51237-2 (unimportant)
	- texlive-base 2016.20161130-1
	NOTE: https://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/
	NOTE: http://www.tug.org/svn/texlive?view=revision&revision=42605
CVE-2016-10242 (A time-of-check time-of-use race condition could potentially exist in  ...)
	NOT-FOR-US: Qualcomm component/driver for Android
CVE-2016-10241
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10240
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10239 (In TrustZone access control policy may potentially be bypassed in all  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10238 (In QSEE in all Android releases from CAF using the Linux kernel access ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10237 (If shared content protection memory were passed as the secure camera m ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10236 (An information disclosure vulnerability in the Qualcomm USB driver. Pr ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10235 (A denial of service vulnerability in the Qualcomm WiFi driver. Product ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10234 (An information disclosure vulnerability in the Qualcomm IPA driver. Pr ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10233 (An elevation of privilege vulnerability in the Qualcomm video driver.  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10232 (An elevation of privilege vulnerability in the Qualcomm video driver.  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10231 (An elevation of privilege vulnerability in the Qualcomm sound codec dr ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10230 (A remote code execution vulnerability in the Qualcomm crypto driver. P ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10229 (udp.c in the Linux kernel before 4.5 allows remote attackers to execut ...)
	- linux 4.5.1-1 (bug #808293)
	[jessie] - linux 3.16.7-ckt20-1+deb8u2
	[wheezy] - linux 3.2.73-2+deb7u2
	NOTE: Fixed by: https://git.kernel.org/linus/197c949e7798fbf28cfadc69d9ca0c2abbf93191 (v4.5-rc1)
CVE-2016-10228 (The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and e ...)
	- glibc 2.31-3 (low; bug #856503)
	[buster] - glibc <no-dsa> (Minor issue)
	[stretch] - glibc <no-dsa> (Minor issue)
	[jessie] - glibc <no-dsa> (Minor issue)
	- eglibc <removed>
	[wheezy] - eglibc <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=19519
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=91927b7c76437db860cd86a7714476b56bb39d07
CVE-2016-10227 (Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote ...)
	NOT-FOR-US: Zyxel
CVE-2016-10226 (JavaScriptCore in WebKit, as distributed in Safari Technology Preview  ...)
	- webkitgtk <removed> (unimportant)
	NOTE: Not covered by security support
CVE-2016-10225 (The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and ...)
	NOT-FOR-US: sunxi-debug driver in Allwinner kernel
CVE-2016-10224 (An issue was discovered in Sauter NovaWeb web HMI. The application use ...)
	NOT-FOR-US: Sauter NovaWeb
CVE-2016-10223 (An issue was discovered in BigTree CMS before 4.2.15. The vulnerabilit ...)
	NOT-FOR-US: BigTree CMS
CVE-2016-10222 (runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in  ...)
	- webkitgtk <removed> (unimportant)
	NOTE: Not covered by security support
CVE-2016-10221 (The count_entries function in pdf-layer.c in Artifex Software, Inc. Mu ...)
	- mupdf <not-affected> (Vulnerable code not yet present)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697400
CVE-2016-10220 (The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Soft ...)
	{DSA-3838-1 DLA-905-1}
	- ghostscript 9.20~dfsg-3.1 (bug #859694)
	NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?daf85701dab05f17e924a48a81edc9195b4a04e8
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697450
CVE-2016-10219 (The intersect function in base/gxfill.c in Artifex Software, Inc. Ghos ...)
	{DSA-3838-1 DLA-905-1}
	- ghostscript 9.20~dfsg-3.1 (bug #859666)
	NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?4bef1a1d32e29b68855616020dbff574b9cda08f
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697453
CVE-2016-10218 (The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF ...)
	- ghostscript <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d621292fb2c8157d9899dcd83fd04dd250e30fe4
	NOTE: Introduced by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=47294ff5b168d25bfc7db64f51572d64b8ebde91
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697444
CVE-2016-10217 (The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Gh ...)
	- ghostscript 9.20~dfsg-3.1 (bug #859662)
	[jessie] - ghostscript <not-affected> (pdf14_cleanup_parent_color_profiles not yet present)
	[wheezy] - ghostscript <not-affected> (pdf14_cleanup_parent_color_profiles not yet present)
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=90fd0c7ca3efc1ddff64a86f4104b13b3ac969eb
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697456
CVE-2016-10216 (An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The  ...)
	NOT-FOR-US: IT ITems DataBase
CVE-2016-10215 (An issue was discovered in Fastspot BigTree bigtree-form-builder befor ...)
	NOT-FOR-US: Fastspot BigTree bigtree-form-builder
CVE-2016-10214 (Memory leak in the virgl_resource_attach_backing function in virglrend ...)
	- virglrenderer 0.6.0-1 (bug #854728)
	NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=40b0e7813325b08077b6f541b3989edb2d86d837 (0.6.0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420266
CVE-2016-10213 (A10 AX1030 and possibly other devices with software before 2.7.2-P8 us ...)
	NOT-FOR-US: A10
CVE-2016-10212 (Radware devices use the same value for the first two GCM nonces, which ...)
	NOT-FOR-US: Radware devices
CVE-2016-10211 (libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a den ...)
	- yara 3.5.0+dfsg-9 (bug #859821)
	[jessie] - yara 3.1.0-2+deb8u1
	NOTE: https://github.com/VirusTotal/yara/issues/575
CVE-2016-10210 (libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denia ...)
	- yara 3.5.0+dfsg-9 (bug #859821)
	[jessie] - yara 3.1.0-2+deb8u1
	NOTE: https://github.com/VirusTotal/yara/issues/576
CVE-2016-10209 (The archive_wstring_append_from_mbs function in archive_string.c in li ...)
	{DSA-4360-1 DLA-1600-1 DLA-1006-1}
	- libarchive 3.2.2-3.1 (low; bug #859456)
	NOTE: https://github.com/libarchive/libarchive/issues/842
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/42a3408ac7df1e69bea9ea12b72e14f59f7400c0 (v3.3.0)
CVE-2016-10207 (The Xvnc server in TigerVNC allows remote attackers to cause a denial  ...)
	- tigervnc 1.7.0-1
	NOTE: https://github.com/TigerVNC/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1023012
CVE-2016-10200 (Race condition in the L2TPv3 IP Encapsulation feature in the Linux ker ...)
	{DLA-922-1}
	- linux 4.8.15-1
	[jessie] - linux 3.16.43-1
	NOTE: Fixed by: https://git.kernel.org/linus/32c231164b762dddefa13af5a0101032c70b50ef (v4.9-rc7)
CVE-2016-10206 (Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and ...)
	- zoneminder 1.30.4+dfsg-1 (bug #854272)
	[jessie] - zoneminder <no-dsa> (Minor issue)
	[wheezy] - zoneminder <no-dsa> (Minor issue)
CVE-2016-10205 (Session fixation vulnerability in Zoneminder 1.30 and earlier allows r ...)
	- zoneminder 1.30.4+dfsg-1 (bug #854272)
	[jessie] - zoneminder <no-dsa> (Minor issue)
	[wheezy] - zoneminder <no-dsa> (Minor issue)
CVE-2016-10204 (SQL injection vulnerability in Zoneminder 1.30 and earlier allows remo ...)
	- zoneminder 1.30.4+dfsg-1 (bug #854272)
	[jessie] - zoneminder <no-dsa> (Minor issue)
	[wheezy] - zoneminder <no-dsa> (Minor issue)
CVE-2016-10203 (Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlie ...)
	- zoneminder 1.30.4+dfsg-1 (bug #854272)
	[jessie] - zoneminder <no-dsa> (Minor issue)
	[wheezy] - zoneminder <no-dsa> (Minor issue)
CVE-2016-10202 (Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlie ...)
	- zoneminder 1.30.4+dfsg-1 (bug #854272)
	[jessie] - zoneminder <no-dsa> (Minor issue)
	[wheezy] - zoneminder <no-dsa> (Minor issue)
CVE-2016-10201 (Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlie ...)
	- zoneminder 1.30.4+dfsg-1 (bug #854272)
	[jessie] - zoneminder <no-dsa> (Minor issue)
	[wheezy] - zoneminder <no-dsa> (Minor issue)
CVE-2016-10208 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel th ...)
	{DLA-1200-1}
	- linux 4.9.10-1
	[jessie] - linux 3.16.43-1
	NOTE: Fixed by: https://github.com/torvalds/linux/commit/3a4b77cd47bb837b8557595ec7425f281f2ca1fe (4.10-rc1)
	NOTE: Introduced by: https://github.com/torvalds/linux/commit/952fc18ef9ec707ebdc16c0786ec360295e5ff15 (3.6-rc1)
CVE-2016-10197 (The search_make_new function in evdns.c in libevent before 2.1.6-beta  ...)
	{DSA-3789-1 DLA-824-1}
	- libevent 2.0.21-stable-3 (bug #854092)
	NOTE: https://github.com/libevent/libevent/issues/332
	NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/17
CVE-2016-10196 (Stack-based buffer overflow in the evutil_parse_sockaddr_port function ...)
	{DSA-3789-1 DLA-824-1}
	- libevent 2.0.21-stable-3 (bug #854092)
	NOTE: https://github.com/libevent/libevent/issues/318
	NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/17
CVE-2016-10195 (The name_parse function in evdns.c in libevent before 2.1.6-beta allow ...)
	{DSA-3789-1 DLA-824-1}
	- libevent 2.0.21-stable-3 (bug #854092)
	NOTE: https://github.com/libevent/libevent/issues/317
	NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/17
CVE-2016-10199 (The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-p ...)
	{DSA-3820-1}
	- gst-plugins-good1.0 1.10.3-1 (low)
	- gst-plugins-good0.10 <not-affected> (Vulnerable code not present)
	NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775451
CVE-2016-10198 (The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacpars ...)
	{DSA-3820-1 DLA-2225-1 DLA-828-1}
	- gst-plugins-good1.0 1.10.3-1 (low)
	- gst-plugins-good0.10 <removed> (low)
	NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775450
CVE-2016-XXXX [iio-sensor-proxy: insecure dbus policy]
	- iio-sensor-proxy 2.0-4 (bug #853951)
CVE-2016-10192 (Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0. ...)
	- ffmpeg 7:3.2.2-1
	- libav <not-affected> (Vulnerable code not present in libav, only in ffmpeg)
	NOTE: Patch: https://github.com/FFmpeg/FFmpeg/commit/a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156
	NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/12
CVE-2016-10191 (Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2 ...)
	{DLA-1611-1}
	- ffmpeg 7:3.2.2-1
	- libav <removed>
	NOTE: Patch: https://github.com/FFmpeg/FFmpeg/commit/7d57ca4d9a75562fa32e40766211de150f8b3ee7
	NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/12
CVE-2016-10190 (Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8. ...)
	{DLA-1611-1}
	- ffmpeg 7:3.2.2-1
	- libav <removed>
	NOTE: Patch: https://github.com/FFmpeg/FFmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa
	NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/12
CVE-2016-10193 (The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to e ...)
	NOT-FOR-US: espeak-ruby Ruby gem
CVE-2016-10194 (The festivaltts4r gem for Ruby allows remote attackers to execute arbi ...)
	NOT-FOR-US: festivaltts4r
CVE-2016-10186 (An issue was discovered on the D-Link DWR-932B router. /var/miniupnpd. ...)
	NOT-FOR-US: D-Link
CVE-2016-10185 (An issue was discovered on the D-Link DWR-932B router. A secure_mode=n ...)
	NOT-FOR-US: D-Link
CVE-2016-10184 (An issue was discovered on the D-Link DWR-932B router. qmiweb allows f ...)
	NOT-FOR-US: D-Link
CVE-2016-10183 (An issue was discovered on the D-Link DWR-932B router. qmiweb allows d ...)
	NOT-FOR-US: D-Link
CVE-2016-10182 (An issue was discovered on the D-Link DWR-932B router. qmiweb allows c ...)
	NOT-FOR-US: D-Link
CVE-2016-10181 (An issue was discovered on the D-Link DWR-932B router. qmiweb provides ...)
	NOT-FOR-US: D-Link
CVE-2016-10180 (An issue was discovered on the D-Link DWR-932B router. WPS PIN generat ...)
	NOT-FOR-US: D-Link
CVE-2016-10179 (An issue was discovered on the D-Link DWR-932B router. There is a hard ...)
	NOT-FOR-US: D-Link
CVE-2016-10178 (An issue was discovered on the D-Link DWR-932B router. HELODBG on port ...)
	NOT-FOR-US: D-Link
CVE-2016-10177 (An issue was discovered on the D-Link DWR-932B router. Undocumented TE ...)
	NOT-FOR-US: D-Link
CVE-2016-10176 (The NETGEAR WNR2000v5 router allows an administrator to perform sensit ...)
	NOT-FOR-US: Netgear
CVE-2016-10175 (The NETGEAR WNR2000v5 router leaks its serial number when performing a ...)
	NOT-FOR-US: Netgear
CVE-2016-10174 (The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_ ...)
	NOT-FOR-US: Netgear
CVE-2016-10189 (BitlBee before 3.5 allows remote attackers to cause a denial of servic ...)
	{DSA-3853-1 DLA-832-1}
	- bitlbee 3.5-1
	NOTE: https://bugs.bitlbee.org/ticket/1282
	NOTE: Fixed by: https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f (3.5)
	NOTE: https://www.openwall.com/lists/oss-security/2017/01/30/4
	NOTE: When fixing this CVE make sure to apply as well
	NOTE: https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441
	NOTE: to not open CVE-2017-5668
CVE-2016-10188 (Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows re ...)
	{DSA-3853-1 DLA-832-1}
	- bitlbee 3.5-1
	NOTE: https://bugs.bitlbee.org/ticket/1281
	NOTE: Fixed by: https://github.com/bitlbee/bitlbee/commit/ea902752503fc5b356d6513911081ec932d804f2 (3.5)
	NOTE: https://www.openwall.com/lists/oss-security/2017/01/30/4
CVE-2016-10187 (The E-book viewer in calibre before 2.75 allows remote attackers to re ...)
	{DLA-859-1}
	- calibre 2.75.1+dfsg-1 (low; bug #853004)
	[jessie] - calibre <no-dsa> (Minor issue)
	NOTE: Upstream report: https://launchpad.net/bugs/1651728
	NOTE: Upstream fix: https://github.com/kovidgoyal/calibre/commit/3a89718664cb8cce0449d1758eee585ed0d0433c
	NOTE: https://www.openwall.com/lists/oss-security/2017/01/29/8
CVE-2016-10173 (Directory traversal vulnerability in the minitar before 0.6 and archiv ...)
	{DSA-3778-1 DLA-808-1}
	- ruby-minitar 0.5.4-3.1 (bug #853075)
	- ruby-archive-tar-minitar <removed> (bug #853249)
	NOTE: https://github.com/halostatue/minitar/issues/16
	NOTE: https://github.com/halostatue/minitar/commit/e25205ecbb6277ae8a3df1e6a306d7ed4458b6e4
	NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=1021740
CVE-2016-10172 (The read_new_config_info function in open_utils.c in Wavpack before 5. ...)
	- wavpack 5.0.0-2 (bug #853076)
	[jessie] - wavpack <not-affected> (Vulnerable code not present)
	[wheezy] - wavpack <not-affected> (Vulnerable code not present)
	NOTE: https://sourceforge.net/p/wavpack/mailman/message/35561951/
	NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0)
CVE-2016-10171 (The unreorder_channels function in cli/wvunpack.c in Wavpack before 5. ...)
	- wavpack 5.0.0-2 (bug #853076)
	[jessie] - wavpack <not-affected> (Vulnerable code not present)
	[wheezy] - wavpack <not-affected> (Vulnerable code not present)
	NOTE: https://sourceforge.net/p/wavpack/mailman/message/35561939/
	NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0)
CVE-2016-10170 (The WriteCaffHeader function in cli/caff.c in Wavpack before 5.1.0 all ...)
	- wavpack 5.0.0-2 (bug #853076)
	[jessie] - wavpack <not-affected> (Vulnerable code not present)
	[wheezy] - wavpack <not-affected> (Vulnerable code not present)
	NOTE: https://sourceforge.net/p/wavpack/mailman/message/35561921/
	NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0)
CVE-2016-10169 (The read_code function in read_words.c in Wavpack before 5.1.0 allows  ...)
	- wavpack 5.0.0-2 (bug #853076)
	[jessie] - wavpack <no-dsa> (Minor issue)
	[wheezy] - wavpack <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/wavpack/mailman/message/35557889/
	NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0)
CVE-2016-10166 (Integer underflow in the _gdContributionsAlloc function in gd_interpol ...)
	{DSA-3777-1}
	- libgd2 2.2.4-1
	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35
	NOTE: https://www.openwall.com/lists/oss-security/2017/01/26/1
CVE-2016-10167 (The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Li ...)
	{DSA-3777-1 DLA-804-1}
	- php7.1 7.1.1-1 (unimportant)
	- php7.0 7.0.15-1 (unimportant)
	- php5 <removed> (unimportant)
	[jessie] - php5 5.6.30+dfsg-0+deb8u1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73868
	NOTE: Fixed in PHP 7.1.1, 7.0.15, 5.6.30
	- libgd2 2.2.4-1
	NOTE: https://github.com/libgd/libgd/commit/fe9ed49dafa993e3af96b6a5a589efeea9bfb36f
	NOTE: https://www.openwall.com/lists/oss-security/2017/01/26/1
CVE-2016-10168 (Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) bef ...)
	{DSA-3777-1 DLA-804-1}
	- php7.1 7.1.1-1 (unimportant)
	- php7.0 7.0.15-1 (unimportant)
	- php5 <removed> (unimportant)
	[jessie] - php5 5.6.30+dfsg-0+deb8u1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73869
	NOTE: Fixed in PHP 7.1.1, 7.0.15, 5.6.30
	- libgd2 2.2.4-1
	NOTE: https://github.com/libgd/libgd/commit/69d2fd2c597ffc0c217de1238b9bf4d4bceba8e6
	NOTE: https://www.openwall.com/lists/oss-security/2017/01/26/1
CVE-2016-10165 (The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) all ...)
	{DSA-3774-1 DLA-803-1}
	- lcms2 2.8-4 (bug #852627)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1367357
	NOTE: https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2
CVE-2016-10164 (Multiple integer overflows in libXpm before 3.5.12, when a program req ...)
	{DSA-3772-1 DLA-801-1}
	- libxpm 1:3.5.12-1
	NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXpm/commit/?id=d1167418f0fd02a27f617ec5afd6db053afbe185
	NOTE: https://www.openwall.com/lists/oss-security/2017/01/22/2
CVE-2016-10163 (Memory leak in the vrend_renderer_context_create_internal function in  ...)
	- virglrenderer 0.6.0-1 (bug #852603)
	NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=747a293ff6055203e529f083896b823e22523fe7 (0.6.0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415944
CVE-2016-10162 (The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x befo ...)
	- php7.1 7.1.1-1
	- php7.0 7.0.15-1
	NOTE: PHP Bug: https://bugs.php.net/73831
	NOTE: Fixed in 7.0.15, 7.1.1
CVE-2016-10161 (The object_common1 function in ext/standard/var_unserializer.c in PHP  ...)
	{DSA-3783-1 DLA-818-1}
	- php7.1 7.1.1-1
	- php7.0 7.0.15-1
	- php5 <removed>
	NOTE: PHP Bug: https://bugs.php.net/73825
	NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
CVE-2016-10160 (Off-by-one error in the phar_parse_pharfile function in ext/phar/phar. ...)
	{DSA-3783-1 DLA-818-1}
	- php7.1 7.1.1-1
	- php7.0 7.0.15-1
	- php5 <removed>
	NOTE: PHP Bug: https://bugs.php.net/73768
	NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
CVE-2016-10159 (Integer overflow in the phar_parse_pharfile function in ext/phar/phar. ...)
	{DSA-3783-1 DLA-818-1}
	- php7.1 7.1.1-1
	- php7.0 7.0.15-1
	- php5 <removed>
	NOTE: PHP Bug: https://bugs.php.net/73764
	NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
CVE-2016-10158 (The exif_convert_any_to_int function in ext/exif/exif.c in PHP before  ...)
	{DSA-3783-1 DLA-818-1}
	- php7.1 7.1.1-1
	- php7.0 7.0.15-1
	- php5 <removed>
	NOTE: PHP Bug: https://bugs.php.net/73737
	NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
CVE-2016-10157 (Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to  ...)
	NOT-FOR-US: Akamai NetSession
CVE-2016-10156 (A flaw in systemd v228 in /src/basic/fs-util.c caused world writable s ...)
	- systemd 229-1
	[jessie] - systemd <not-affected> (Vulnerability introduced in v228)
	[wheezy] - systemd <not-affected> (Vulnerability introduced in v228)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1020601
	NOTE: Fixed by: https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e (v229)
	NOTE: Introduced by: https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f (v228)
CVE-2016-10155 (Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) ...)
	{DLA-1497-1}
	- qemu 1:2.8+dfsg-2 (low; bug #852232)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2016-12/msg03104.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415199
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=eb7a20a3616085d46aa6b4b4224e15587ec67e6e
CVE-2016-10154 (The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x ...)
	- linux 4.9.2-1
	[jessie] - linux <not-affected> (Introduced in 4.9 in combination with VMAP_STACK)
	[wheezy] - linux <not-affected> (Introduced in 4.9 in combination with VMAP_STACK)
	NOTE: Fixed by: https://git.kernel.org/linus/06deeec77a5a689cc94b21a8a91a76e42176685d (v4.10-rc1)
CVE-2016-10153 (The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 inte ...)
	- linux 4.9.6-1
	[jessie] - linux <not-affected> (Introduced in 4.9 in combination with VMAP_STACK)
	[wheezy] - linux <not-affected> (Introduced in 4.9 in combination with VMAP_STACK)
	NOTE: Fixed by: https://git.kernel.org/linus/a45f795c65b479b4ba107b6ccde29b896d51ee98 (v4.10-rc1)
CVE-2016-10152 (The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls ba ...)
	{DLA-796-1}
	- hesiod 3.2.1-3.1 (low; bug #852093)
	[stretch] - hesiod <no-dsa> (Minor issue)
	[jessie] - hesiod <no-dsa> (Minor issue)
	NOTE: https://github.com/achernya/hesiod/pull/10
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1332493
CVE-2016-10151 (The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID ...)
	{DLA-796-1}
	- hesiod 3.2.1-3.1 (low; bug #852094)
	[stretch] - hesiod <no-dsa> (Minor issue)
	[jessie] - hesiod <no-dsa> (Minor issue)
	NOTE: https://github.com/achernya/hesiod/pull/9
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1332508
CVE-2016-10150 (Use-after-free vulnerability in the kvm_ioctl_create_device function i ...)
	- linux 4.8.15-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/a0f1d21c1ccb1da66629627a74059dd7f5ac9c61 (v4.9-rc8)
	NOTE: Introduced by: https://git.kernel.org/linus/a28ebea2adc4a2bef5989a5a181ec238f59fbcad (v4.8-rc2)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1414506
CVE-2016-10148 (The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.p ...)
	- wordpress 4.6.1+dfsg-1
	[jessie] - wordpress <not-affected> (wp_ajax_update_plugin function introduced in 4.2)
	[wheezy] - wordpress <not-affected> (wp_ajax_update_plugin function introduced in 4.2)
	NOTE: https://core.trac.wordpress.org/ticket/37490
	NOTE: https://core.trac.wordpress.org/changeset/38168
CVE-2016-10147 (crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users  ...)
	- linux 4.8.15-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/48a992727d82cb7db076fa15d372178743b1f4cd (v4.9)
CVE-2016-10143 (A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to ...)
	- tikiwiki <removed>
CVE-2016-10142 (An issue was discovered in the IPv6 protocol specification, related to ...)
	NOTE: Generic IPv6 issue
CVE-2016-10139 (An issue was discovered on BLU R1 HD devices with Shanghai Adups softw ...)
	NOT-FOR-US: BLU
CVE-2016-10138 (An issue was discovered on BLU Advance 5.0 and BLU R1 HD devices with  ...)
	NOT-FOR-US: BLU
CVE-2016-10137 (An issue was discovered on BLU R1 HD devices with Shanghai Adups softw ...)
	NOT-FOR-US: BLU
CVE-2016-10136 (An issue was discovered on BLU R1 HD devices with Shanghai Adups softw ...)
	NOT-FOR-US: BLU
CVE-2016-10135 (An issue was discovered on LG devices using the MTK chipset with L(5.0 ...)
	NOT-FOR-US: LG
CVE-2016-10146 (Multiple memory leaks in the caption and label handling code in ImageM ...)
	{DSA-3799-1 DLA-807-1}
	- imagemagick 8:6.9.7.0+dfsg-2 (bug #851380)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/aeff00de228bc5a158c2a975ab47845d8a1db456
	NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6
CVE-2016-10140 (Information disclosure and authentication bypass vulnerability exists  ...)
	{DLA-806-1}
	- zoneminder 1.30.4+dfsg-1 (bug #851710)
	NOTE: https://github.com/ZoneMinder/ZoneMinder/pull/1697
	NOTE: https://github.com/ZoneMinder/ZoneMinder/commit/6361f143878ce00659f64ce42593951d773e4e63
	NOTE: https://github.com/ZoneMinder/ZoneMinder/commit/aa0a4d1f5ad2c493f2bed175991e92c466ac3dc4
CVE-2016-10144 (coders/ipl.c in ImageMagick allows remote attackers to have unspecific ...)
	{DSA-3799-1 DLA-807-1}
	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851485)
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/97566cf2806c0a5a86e884c96831a0c3b1ec6c20
	NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6
CVE-2016-10145 (Off-by-one error in coders/wpg.c in ImageMagick allows remote attacker ...)
	{DSA-3799-1 DLA-807-1}
	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851483)
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/d23beebe7b1179fb75db1e85fbca3100e49593d9
	NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6
CVE-2016-10141 (An integer overflow vulnerability was observed in the regemit function ...)
	NOT-FOR-US: MuJS
CVE-2016-10133 (Heap-based buffer overflow in the js_stackoverflow function in jsrun.c ...)
	NOT-FOR-US: MuJS
CVE-2016-10132 (regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a de ...)
	NOT-FOR-US: MuJS
CVE-2016-10131 (system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote a ...)
	- codeigniter <itp> (bug #471583)
CVE-2016-10130 (The http_connect function in transports/http.c in libgit2 before 0.24. ...)
	- libgit2 0.25.1+really0.24.6-1 (bug #851406)
	[jessie] - libgit2 <not-affected> (Vulnerable code not present)
	[experimental] - cargo 0.17.0-1~exp1
	- cargo 0.17.0-1 (bug #860990)
	NOTE: https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22 (v0.25.1)
	NOTE: https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211 (v0.24.6)
CVE-2016-10129 (The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x bef ...)
	- libgit2 0.25.1+really0.24.6-1 (bug #851406)
	[jessie] - libgit2 <no-dsa> (Minor issue)
	[experimental] - cargo 0.17.0-1~exp1
	- cargo 0.17.0-1 (bug #860990)
	NOTE: https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a (v0.25.1)
	NOTE: https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037 (v0.24.6)
CVE-2016-10128 (Buffer overflow in the git_pkt_parse_line function in transports/smart ...)
	- libgit2 0.25.1+really0.24.6-1 (bug #851406)
	[jessie] - libgit2 <no-dsa> (Minor issue)
	[experimental] - cargo 0.17.0-1~exp1
	- cargo 0.17.0-1 (bug #860990)
	NOTE: https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834 (v0.25.1)
	NOTE: https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2 (v0.24.6)
CVE-2016-10126 (Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0. ...)
	NOT-FOR-US: Splunk
CVE-2016-10125 (D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded  ...)
	NOT-FOR-US: D-Link
CVE-2016-10127 (PySAML2 allows remote attackers to conduct XML external entity (XXE) a ...)
	- python-pysaml2 <unfixed> (low; bug #859135)
	[buster] - python-pysaml2 <no-dsa> (Minor issue)
	[stretch] - python-pysaml2 <no-dsa> (Minor issue)
	[jessie] - python-pysaml2 <no-dsa> (Minor issue)
	NOTE: https://github.com/rohe/pysaml2/issues/366
	NOTE: A proper fix for this issue would be to fix the underlying issue in src:libxml2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1411794#c12
	NOTE: https://www.openwall.com/lists/oss-security/2017/01/19/5 (for the scope of the CVE)
CVE-2016-10149 (XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier a ...)
	{DSA-3759-1}
	- python-pysaml2 3.0.0-5 (bug #850716)
	NOTE: https://github.com/rohe/pysaml2/pull/379
	NOTE: https://github.com/rohe/pysaml2/commit/6e09a25d9b4b7aa7a506853210a9a14100b8bc9b
CVE-2016-10134 (SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0 ...)
	{DSA-3802-1}
	- zabbix 1:3.0.4+dfsg-1 (bug #850936)
	NOTE: https://support.zabbix.com/browse/ZBX-11023
	NOTE: https://www.openwall.com/lists/oss-security/2017/01/12/4
CVE-2016-10124 (An issue was discovered in Linux Containers (LXC) before 2016-02-22. W ...)
	- lxc 1:2.0.0-1
	[jessie] - lxc <no-dsa> (Minor issue)
	[wheezy] - lxc <no-dsa> (Minor issue)
	NOTE: https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6
	NOTE: https://github.com/lxc/lxc/commit/5eacdc3dbd0e45abf3cc90cf0216a7f8ee560abf (lxc-2.0.0.rc2)
CVE-2016-10123 (Firejail allows --chroot when seccomp is not supported, which might al ...)
	- firejail 0.9.38-1
	NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4
	NOTE: https://github.com/netblue30/firejail/commit/a23ac1bf390fa4c3db4ea31e6ee6100a9c511d59 (0.9.38-rc1)
CVE-2016-10122 (Firejail does not properly clean environment variables, which allows l ...)
	- firejail 0.9.44.2-1
	NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4
	NOTE: https://github.com/netblue30/firejail/commit/3b81e1f2c331644ced87d26a943b22eed6242b8f
	NOTE: https://github.com/netblue30/firejail/commit/72bc0e145c67da24e555d868086953148c52b5fc
	NOTE: In 0.9.44-bugfixes: https://github.com/netblue30/firejail/commit/e847207df28e181a8f590ade825b5f06d4fadf17 (0.9.44.2)
	NOTE: In 0.9.44-bugfixes: https://github.com/netblue30/firejail/commit/18f6e9dc9b304f7aca291c3edce5122562b1e36c (0.9.44.2)
CVE-2016-10121 (Firejail uses weak permissions for /dev/shm/firejail and possibly othe ...)
	- firejail 0.9.38-1
	NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4
	NOTE: https://github.com/netblue30/firejail/commit/1cab02f5ae3c90c01fae4d1c16381820b757a3a6 (0.9.38)
CVE-2016-10120 (Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, ( ...)
	- firejail 0.9.38-1
	NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4
	NOTE: https://github.com/netblue30/firejail/commit/cd0ecfc7a7b30abde20db6dea505cd8c58e7c046 (0.9.38-rc1)
CVE-2016-10119 (Firejail uses 0777 permissions when mounting /tmp, which allows local  ...)
	- firejail 0.9.38-1
	NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4
	NOTE: https://github.com/netblue30/firejail/commit/aa28ac9e09557b833f194f594e2940919d940d1f (0.9.38)
CVE-2016-10118 (Firejail allows local users to truncate /etc/resolv.conf via a chroot  ...)
	- firejail 0.9.44.2-1 (low)
	NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4
	NOTE: https://github.com/netblue30/firejail/commit/6144229605177764b7f3f3450c1a47f56595dc9e
	NOTE: In 0.9.44-bugfixes: https://github.com/netblue30/firejail/commit/8b5b444c766b8d0592346decc6ed4a6d345e4f67 (0.9.44.2)
CVE-2016-10117 (Firejail does not restrict access to --tmpfs, which allows local users ...)
	- firejail 0.9.38-1
	NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4
	NOTE: https://github.com/netblue30/firejail/commit/678cd1495457318dad39178bb646ba1b96332ddb (0.9.38-rc1)
CVE-2016-10116 (NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo  ...)
	NOT-FOR-US: NETGEAR
CVE-2016-10115 (NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo  ...)
	NOT-FOR-US: NETGEAR
CVE-2016-10114 (SQL injection vulnerability in the "aWeb Cart Watching System for Virt ...)
	NOT-FOR-US: Joomla extension
CVE-2016-10113
	RESERVED
CVE-2016-10112 (Cross-site scripting (XSS) vulnerability in the WooCommerce plugin bef ...)
	NOT-FOR-US: WordPress plugin woocommerce
CVE-2016-10111
	RESERVED
CVE-2016-10110
	RESERVED
CVE-2016-10108 (Unauthenticated Remote Command injection as root occurs in the Western ...)
	NOT-FOR-US: Western Digital MyCloud NAS
CVE-2016-10107 (Unauthenticated Remote Command injection as root occurs in the Western ...)
	NOT-FOR-US: Western Digital MyCloud NAS
CVE-2016-10106 (Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR  ...)
	NOT-FOR-US: NETGEAR devices
CVE-2016-10105 (admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections ...)
	- piwigo <removed>
CVE-2016-10104 (Information Disclosure can occur in sshProfiles.jsd in Hitek Software' ...)
	NOT-FOR-US: Hitek
CVE-2016-10103 (Information Disclosure can occur in encryptionProfiles.jsd in Hitek So ...)
	NOT-FOR-US: Hitek
CVE-2016-10102 (hitek.jar in Hitek Software's Automize uses weak encryption when encry ...)
	NOT-FOR-US: Hitek
CVE-2016-10101 (Information Disclosure can occur in Hitek Software's Automize 10.x and ...)
	NOT-FOR-US: Hitek
CVE-2016-10100 (Borg (aka BorgBackup) before 1.0.9 has a flaw in the way duplicate arc ...)
	- borgbackup 1.0.9-1
	NOTE: https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability
CVE-2016-10099 (Borg (aka BorgBackup) before 1.0.9 has a flaw in the cryptographic pro ...)
	- borgbackup 1.0.9-1
	NOTE: https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability
CVE-2016-10109 (Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remot ...)
	{DSA-3752-1 DLA-778-1}
	- pcsc-lite 1.8.20-1
	NOTE: https://anonscm.debian.org/cgit/pcsclite/PCSC.git/commit/?id=697fe05967af7ea215bcd5d5774be587780c9e22
	NOTE: https://anonscm.debian.org/cgit/pcsclite/PCSC.git/commit/?id=3aaab9d998b5deb16a246cc7517e44144d281d3b
	NOTE: https://www.openwall.com/lists/oss-security/2017/01/03/2
CVE-2016-10098 (An issue was discovered on SendQuick Entera and Avera devices before 2 ...)
	NOT-FOR-US: SendQuick Entera and Avera devices
CVE-2016-10097 (XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/ ...)
	NOT-FOR-US: OpenAM
CVE-2016-10096 (SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 a ...)
	NOT-FOR-US: GenixCMS
CVE-2016-10090
	RESERVED
CVE-2016-10086 (RESTful web services in CA Service Desk Manager 12.9 and CA Service De ...)
	NOT-FOR-US: CA Service Desk Manager
CVE-2016-10095 (Stack-based buffer overflow in the _TIFFVGetField function in tif_dir. ...)
	{DLA-984-1 DLA-983-1}
	- tiff 4.0.8-2 (bug #850316)
	[jessie] - tiff 4.0.3-12.3+deb8u4
	- tiff3 <removed>
	NOTE: This is a duplicate of CVE-2015-7554, both were reported against tiffsplit
	NOTE: While the _TIFFVGetField function is a generic function, CVE IDs seem to be
	NOTE: assigned per tool using it, so CVE-2015-7554/CVE-2016-10095 refers to the
	NOTE: tiffsplit tool
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2625
	NOTE: Fixes as per http://bugzilla.maptools.org/show_bug.cgi?id=2580
CVE-2016-10094 (Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools ...)
	{DSA-3762-1}
	- tiff 4.0.7-4
	[wheezy] - tiff <not-affected> (vulnerable code introduced later)
	- tiff3 <not-affected> (vulnerable code introduced later)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2640
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76b0969235c
CVE-2016-10093 (Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7 allows remote atta ...)
	{DSA-3762-1 DLA-795-1}
	- tiff 4.0.7-2
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (libtiff-tools not shipped by this source package)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2610
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec
CVE-2016-10092 (Heap-based buffer overflow in the readContigStripsIntoBuffer function  ...)
	{DSA-3762-1 DLA-795-1}
	- tiff 4.0.7-2
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (libtiff-tools not shipped by this source package)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
CVE-2016-10091 (Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote att ...)
	- unrtf 0.21.9-clean-3 (bug #849705)
	[jessie] - unrtf 0.21.5-3+deb8u1
	[wheezy] - unrtf <no-dsa> (Minor issue)
	NOTE: http://hg.savannah.gnu.org/hgweb/unrtf/rev/3b16893a6406
CVE-2016-10085 (admin/languages.php in Piwigo through 2.8.3 allows remote authenticate ...)
	- piwigo <removed>
CVE-2016-10084 (admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenti ...)
	- piwigo <removed>
CVE-2016-10083 (Cross-site scripting (XSS) vulnerability in admin/plugin.php in Piwigo ...)
	- piwigo <removed>
CVE-2016-10082 (include/functions_installer.inc.php in Serendipity through 2.0.5 is vu ...)
	- serendipity <removed>
CVE-2016-10081 (/usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote ...)
	- shutter 0.93.1-1.3 (bug #849777)
	[jessie] - shutter 0.92-0.1+deb8u2
	[wheezy] - shutter <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/shutter/+bug/1652600
CVE-2016-10080
	RESERVED
CVE-2016-10079 (SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of ...)
	NOT-FOR-US: SAPlpd
CVE-2016-10078
	RESERVED
CVE-2016-10077
	RESERVED
CVE-2016-10076
	RESERVED
CVE-2016-10087 (The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before ...)
	- libpng1.6 1.6.27-1 (bug #849799)
	- libpng <removed>
	[jessie] - libpng 1.2.50-2+deb8u3
	[wheezy] - libpng <no-dsa> (Minor issue)
	NOTE: Fixed in 1.0.67, 1.2.57, 1.4.20, 1.5.28, 1.6.27
	NOTE: https://sourceforge.net/p/libpng/code/ci/243d4e5f3fe71740d52a53cf3dd77cc83a3430ba
	NOTE: https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb (libpng16)
	NOTE: https://sourceforge.net/p/libpng/code/ci/794a15fad6add4d636369d0b46f603a02995b2e2/ (libpng12)
CVE-2016-10075 (The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local  ...)
	- tqdm 4.11.2-1 (bug #849632)
	NOTE: https://github.com/tqdm/tqdm/issues/328
CVE-2016-10074 (The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer ...)
	{DSA-3769-1 DLA-792-1}
	- libphp-swiftmailer 5.4.2-1.1 (bug #849626)
	NOTE: https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html
	NOTE: https://github.com/swiftmailer/swiftmailer/issues/844
	NOTE: Fixed by https://github.com/swiftmailer/swiftmailer/commit/e6ccf40d856af9598b76eb313b215eed25ae9e86
CVE-2016-10073 (The from method in library/core/class.email.php in Vanilla Forums befo ...)
	NOT-FOR-US: Vanilla Forums
CVE-2016-10072 (** DISPUTED ** WampServer 3.0.6 has two files called 'wampmanager.exe' ...)
	NOT-FOR-US: WampServer
CVE-2016-10044 (The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 do ...)
	- linux 4.7.8-1
	[jessie] - linux 3.16.43-1
	[wheezy] - linux <no-dsa> (Changes required are too invasive)
CVE-2016-10043 (An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM ...)
	NOT-FOR-US: Radisys MRF Web Panel
CVE-2016-10042 (Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (ak ...)
	NOT-FOR-US: Arcadyan SLT-00 Star* devices
CVE-2016-10041 (An issue was discovered in Sprecher Automation SPRECON-E Service Progr ...)
	NOT-FOR-US: Sprecher Automation SPRECON-E Service
CVE-2016-10040 (Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows rem ...)
	- qt4-x11 4:4.8.7+dfsg-1 (low; bug #851058)
	[jessie] - qt4-x11 <ignored> (Minor issue)
	[wheezy] - qt4-x11 <ignored> (Minor issue)
	- qtbase-opensource-src 5.2.0+dfsg-7
	NOTE: CVE assignment specific to https://www.openwall.com/lists/oss-security/2016/12/24/2
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/24/1
	NOTE: https://github.com/qt/qtbase/commit/f1053d94f59f053ce4acad9320df14f1fbe4faac
CVE-2016-10039 (Directory traversal in /connectors/index.php in MODX Revolution before ...)
	NOT-FOR-US: MODX Revolution
CVE-2016-10038 (Directory traversal in /connectors/index.php in MODX Revolution before ...)
	NOT-FOR-US: MODX Revolution
CVE-2016-10037 (Directory traversal in /connectors/index.php in MODX Revolution before ...)
	NOT-FOR-US: MODX Revolution
CVE-2016-10036 (Unrestricted file upload vulnerability in ui/artifact/upload in JFrog  ...)
	NOT-FOR-US: JFrog Artifactory
CVE-2016-10035
	RESERVED
CVE-2016-10034 (The setFrom function in the Sendmail adapter in the zend-mail componen ...)
	- zendframework <not-affected> (Vulnerable code not present in ZF1, cf. #850215)
	NOTE: https://framework.zend.com/security/advisory/ZF2016-04
	NOTE: https://github.com/zendframework/zendframework/commit/7c1e89815f5a9c016f4b8088e59b07cb2bf99dc0
	NOTE: http://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.html
CVE-2016-10045 (The isMail transport in PHPMailer before 5.2.20 might allow remote att ...)
	- libphp-phpmailer <not-affected> (Incomplete fix not applied)
	NOTE: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
CVE-2016-10033 (The mailSend function in the isMail transport in PHPMailer before 5.2. ...)
	{DSA-3750-1 DLA-770-1}
	- libphp-phpmailer 5.2.14+dfsg-2.1 (bug #849365)
	NOTE: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
	NOTE: Fixed by: https://github.com/PHPMailer/PHPMailer/commit/4835657cd639fbd09afd33307cef164edf807cdc#diff-ace81e501931d8763b49f2410cf3094dR1449
	NOTE: Fix potentially incomplete, cf https://www.openwall.com/lists/oss-security/2016/12/28/1
	NOTE: When updating libphp-phpmailer for CVE-2016-10033 make sure to apply the
	NOTE: complete patch to not make libphp-phpmailer affected by CVE-2016-10045.
	NOTE: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
	NOTE: Needs followup: https://github.com/PHPMailer/PHPMailer/commit/9743ff5c7ee16e8d49187bd2e11149afb9485eae
	NOTE: Another followup: https://github.com/PHPMailer/PHPMailer/commit/833c35fe39715c3d01934508987e97af1fbc1ba0
CVE-2016-10032
	RESERVED
CVE-2016-10031 (** DISPUTED ** WampServer 3.0.6 installs two services called 'wampapac ...)
	NOT-FOR-US: WampServer
CVE-2016-10030 (The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 1 ...)
	{DLA-921-1}
	- slurm-llnl 16.05.8-1 (bug #850491)
	[jessie] - slurm-llnl 14.03.9-5+deb8u1
	NOTE: https://www.schedmd.com/news.php?id=178
	NOTE: https://github.com/SchedMD/slurm/commit/92362a92fffe60187df61f99ab11c249d44120ee
CVE-2016-5103
	REJECTED
CVE-2016-10027 (Race condition in the XMPP library in Smack before 4.1.9, when the Sec ...)
	- libsmack-java <itp> (bug #640873)
CVE-2016-10023
	REJECTED
CVE-2016-10022
	REJECTED
CVE-2016-10021
	REJECTED
CVE-2016-10020
	REJECTED
CVE-2016-10019
	REJECTED
CVE-2016-10018
	REJECTED
CVE-2016-10017
	REJECTED
CVE-2016-10016
	REJECTED
CVE-2016-10015
	REJECTED
CVE-2016-10014
	REJECTED
CVE-2016-9645 (The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in edi ...)
	- ikiwiki 3.20161229
	[jessie] - ikiwiki <not-affected> (Incomplete fix for CVE-2016-10026 not applied)
	[wheezy] - ikiwiki <not-affected> (Incomplete fix for CVE-2016-10026 not applied)
	NOTE: https://ikiwiki.info/security/#cve-2016-9645
CVE-2016-10026 (ikiwiki 3.20161219 does not properly check if a revision changes the a ...)
	{DSA-3760-1 DLA-812-1}
	- ikiwiki 3.20161219
	NOTE: http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/
	NOTE: Fix: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=9cada49ed6ad24556dbe9861ad5b0a9f526167f9
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/7
	NOTE: When fixing this issue make sure to apply the complete correct fix to
	NOTE: not open ikiwiki to be vulnerable for CVE-2016-9645.
CVE-2016-10025 (VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD v ...)
	- xen 4.8.0-1
	[jessie] - xen <not-affected> (Vulnerable code introduced later)
	[wheezy] - xen <not-affected> (Vulnerable code introduced later)
	NOTE: https://xenbits.xen.org/xsa/advisory-203.html
CVE-2016-10024 (Xen through 4.8.x allows local x86 PV guest OS kernel administrators t ...)
	{DSA-3847-1 DLA-783-1}
	- xen 4.8.0-1
	NOTE: https://xenbits.xen.org/xsa/advisory-202.html
CVE-2016-10028 (The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEM ...)
	- qemu 1:2.10.0-1 (bug #849798; unimportant)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/1
	NOTE: Marked as unimportant, since 1:2.8+dfsg-2 reverted the support for
	NOTE: virtio gpu (virglrenderer) and opengl, but the affected code is
	NOTE: still present.
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=abd7f08b2353f43274b785db8c7224f082ef4d31 (v2.9.0-rc0)
CVE-2016-10029 (The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built ...)
	- qemu 1:2.7+dfsg-1
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=acfc4846508a02cc4c83aa27799fd7 (v2.7.0-rc0)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=2fe760554eb3769d70f608a158474f (v2.7.0-rc0)
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/2
CVE-2016-9999
	RESERVED
CVE-2016-9996
	REJECTED
CVE-2016-9995
	REJECTED
CVE-2016-9994 (IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL  ...)
	NOT-FOR-US: IBM
CVE-2016-9993 (IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL  ...)
	NOT-FOR-US: IBM
CVE-2016-9992 (IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL  ...)
	NOT-FOR-US: IBM
CVE-2016-9991 (IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-s ...)
	NOT-FOR-US: IBM
CVE-2016-9990 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vul ...)
	NOT-FOR-US: IBM
CVE-2016-9989 (IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable  ...)
	NOT-FOR-US: IBM
CVE-2016-9988 (IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable  ...)
	NOT-FOR-US: IBM
CVE-2016-9987 (IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable  ...)
	NOT-FOR-US: IBM
CVE-2016-9986 (IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable  ...)
	NOT-FOR-US: IBM
CVE-2016-9985 (IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information  ...)
	NOT-FOR-US: IBM
CVE-2016-9984 (IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authentic ...)
	NOT-FOR-US: IBM
CVE-2016-9983 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authen ...)
	NOT-FOR-US: IBM
CVE-2016-9982 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authen ...)
	NOT-FOR-US: IBM
CVE-2016-9981 (IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerabili ...)
	NOT-FOR-US: IBM
CVE-2016-9980 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2016-9979 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2016-9978 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an a ...)
	NOT-FOR-US: IBM
CVE-2016-9977 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote att ...)
	NOT-FOR-US: IBM
CVE-2016-9976 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote att ...)
	NOT-FOR-US: IBM
CVE-2016-9975 (IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cro ...)
	NOT-FOR-US: IBM
CVE-2016-9974
	RESERVED
CVE-2016-9973 (IBM Jazz Foundation is vulnerable to cross-site scripting. This vulner ...)
	NOT-FOR-US: IBM
CVE-2016-9972 (IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensiti ...)
	NOT-FOR-US: IBM
CVE-2016-9971
	RESERVED
CVE-2016-9970
	RESERVED
CVE-2016-9969 (In libwebp 0.5.1, there is a double free bug in libwebpmux. ...)
	- libwebp 0.5.2-1
	[jessie] - libwebp <not-affected> (Vulnerable code not present; introduced later)
	NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=322
	NOTE: https://chromium.googlesource.com/webm/libwebp/+/5ab6d9de1fb690dc20a27e5120e4d976b96502aa
CVE-2016-9968
	RESERVED
CVE-2016-9967 (Lack of appropriate exception handling in some receivers of the Teleco ...)
	NOT-FOR-US: Samsung
CVE-2016-9966 (Lack of appropriate exception handling in some receivers of the Teleco ...)
	NOT-FOR-US: Samsung
CVE-2016-9965 (Lack of appropriate exception handling in some receivers of the Teleco ...)
	NOT-FOR-US: Samsung
CVE-2016-9962 (RunC allowed additional container processes via 'runc exec' to be ptra ...)
	- docker.io 1.13.1~ds1-2 (bug #850952)
	- runc 0.1.1+dfsg1-2 (bug #850951)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1012568
	NOTE: https://github.com/docker/docker/compare/v1.12.5...v1.12.6
	NOTE: https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5
CVE-2016-9954 (The backtrack compilation code in the Irregex package (aka IrRegular E ...)
	- chicken 4.12.0-0.2 (low; bug #851278)
	[stretch] - chicken <no-dsa> (Minor issue)
	[jessie] - chicken <no-dsa> (Minor issue)
	[wheezy] - chicken <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/14/18
	NOTE: https://github.com/ashinn/irregex/commit/a16ffc86eca15fca9e40607d41de3cea9cf868f1
	NOTE: For chicken vulnerable code in ./irregex-core.scm
CVE-2016-9953 (The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30 ...)
	- curl <not-affected> (Windows CE specific issue)
	NOTE: https://curl.haxx.se/docs/adv_20161221C.html
CVE-2016-9952 (The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30 ...)
	- curl <not-affected> (Windows CE specific issue)
	NOTE: https://curl.haxx.se/docs/adv_20161221B.html
CVE-2016-10008 (SQL injection vulnerability in the "Content Types &gt; Content Types"  ...)
	NOT-FOR-US: dotCMS
CVE-2016-10007 (SQL injection vulnerability in the "Marketing &gt; Forms" screen in do ...)
	NOT-FOR-US: dotCMS
CVE-2016-10006 (In OWASP AntiSamy before 1.5.5, by submitting a specially crafted inpu ...)
	NOT-FOR-US: OWASP AntiSamy
CVE-2016-10005 (Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to ob ...)
	NOT-FOR-US: SAP
CVE-2016-10004
	RESERVED
CVE-2016-10001
	RESERVED
CVE-2016-10000
	RESERVED
CVE-2016-10013 (Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain p ...)
	{DSA-3847-1 DLA-783-1}
	- xen 4.8.0-1 (bug #848713)
	NOTE: https://xenbits.xen.org/xsa/advisory-204.html
CVE-2016-10012 (The shared memory manager (associated with pre-authentication compress ...)
	{DLA-1500-1}
	- openssh 1:7.4p1-1 (low; bug #848717)
	[wheezy] - openssh <no-dsa> (Minor issue)
	NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4
	NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.c.diff?r1=1.165&r2=1.166
	NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.h.diff?r1=1.19&r2=1.20
CVE-2016-10011 (authfile.c in sshd in OpenSSH before 7.4 does not properly consider th ...)
	{DLA-1500-1}
	- openssh 1:7.4p1-1 (low; bug #848716)
	[wheezy] - openssh <no-dsa> (Minor issue)
	NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4
	NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/authfile.c.diff?r1=1.121&r2=1.122
CVE-2016-10010 (sshd in OpenSSH before 7.4, when privilege separation is not used, cre ...)
	- openssh 1:7.4p1-1 (unimportant; bug #848715)
	NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4
	NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/serverloop.c.diff?r1=1.188&r2=1.189
	NOTE: Privilege separation is enabled in the Debian package
CVE-2016-10009 (Untrusted search path vulnerability in ssh-agent.c in ssh-agent in Ope ...)
	{DLA-1500-1}
	- openssh 1:7.4p1-1 (low; bug #848714)
	[wheezy] - openssh <no-dsa> (Minor issue)
	NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4
	NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh-agent.c.diff?r1=1.214&r2=1.215
CVE-2016-9998 (SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability  ...)
	{DLA-760-1}
	- spip 3.1.4-2 (bug #848641)
	[jessie] - spip 3.0.17-2+deb8u3
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23288
CVE-2016-9997 (SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability ...)
	{DLA-760-1}
	- spip 3.1.4-2 (bug #848641)
	[jessie] - spip 3.0.17-2+deb8u3
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23288
CVE-2016-10003 (Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 t ...)
	- squid3 3.5.23-1 (bug #848491)
	[jessie] - squid3 <not-affected> (Does not affect Squid versions before 3.5.0.1)
	[wheezy] - squid3 <not-affected> (Does not affect Squid versions before 3.5.0.1)
	NOTE: Marked as not-affected, vulnerable vulnerability not present due to
	NOTE: the collapsed_forwarding directive beeing added in 3.5.0.1 only
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_10.txt
	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14956.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_10_a.patch (for squid-3.5 excluding 3.5.22)
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14127.patch (for squid 3.5.22 only)
	NOTE: Vulnerable Squid Versions:
	NOTE: 3.5.0.1 up to and including 3.5.22
	NOTE: 4.0.1 up to and including 4.0.16
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/17/1
CVE-2016-10002 (Incorrect processing of responses to If-None-Modified HTTP conditional ...)
	{DSA-3745-1 DLA-763-1}
	- squid3 3.5.23-1 (bug #848493)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_11.txt
	NOTE: http://bugs.squid-cache.org/show_bug.cgi?id=4169
	NOTE: http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2016_11.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_11.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_11.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_11.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_11.patch
	NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2016_11.patch
	NOTE: Vulnerable squid versions:
	NOTE: 3.1.10 up to and including 3.1.23
	NOTE: 3.2.0.3 up to and including 3.5.22
	NOTE: 4.0.1 up to and including 4.0.16
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/17/1
CVE-2016-582384
	REJECTED
CVE-2016-9964 (redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequ ...)
	{DSA-3743-1 DLA-761-1}
	- python-bottle 0.12.11-1 (bug #848392)
	NOTE: Upstream bug: https://github.com/bottlepy/bottle/issues/913
	NOTE: Upstream patch: https://github.com/bottlepy/bottle/commit/6d7e13da0f998820800ecb3fe9ccee4189aefb54
CVE-2016-9963 (Exim before 4.87.1 might allow remote attackers to obtain the private  ...)
	{DSA-3747-1 DLA-762-1}
	- exim4 4.88~RC6-2
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1996
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/16/1
	NOTE: https://exim.org/static/doc/CVE-2016-9963.txt
CVE-2016-9961 (game-music-emu before 0.6.1 mishandles unspecified integer values. ...)
	{DSA-3735-1 DLA-750-1}
	- game-music-emu 0.6.0-4 (bug #848071)
	NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/15/1
CVE-2016-9960 (game-music-emu before 0.6.1 allows local users to cause a denial of se ...)
	{DSA-3735-1 DLA-750-1}
	- game-music-emu 0.6.0-4 (bug #848071)
	NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/15/1
CVE-2016-9959 (game-music-emu before 0.6.1 allows remote attackers to generate out of ...)
	{DSA-3735-1 DLA-750-1}
	- game-music-emu 0.6.0-4 (bug #848071)
	NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/15/1
CVE-2016-9958 (game-music-emu before 0.6.1 allows remote attackers to write to arbitr ...)
	{DSA-3735-1 DLA-750-1}
	- game-music-emu 0.6.0-4 (bug #848071)
	NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/15/1
CVE-2016-9957 (Stack-based buffer overflow in game-music-emu before 0.6.1. ...)
	{DSA-3735-1 DLA-750-1}
	- game-music-emu 0.6.0-4 (bug #848071)
	NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/15/1
CVE-2016-9956 (The route manager in FlightGear before 2016.4.4 allows remote attacker ...)
	{DSA-3742-1}
	- flightgear 1:2016.4.3+dfsg-1 (bug #848114)
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/14/11
CVE-2016-9951 (An issue was discovered in Apport before 2.20.4. A malicious Apport cr ...)
	NOT-FOR-US: Apport
CVE-2016-9950 (An issue was discovered in Apport before 2.20.4. There is a path trave ...)
	NOT-FOR-US: Apport
CVE-2016-9949 (An issue was discovered in Apport before 2.20.4. In apport/ui.py, Appo ...)
	NOT-FOR-US: Apport
CVE-2016-9948
	RESERVED
CVE-2016-9947
	RESERVED
CVE-2016-9946
	RESERVED
CVE-2016-9945
	RESERVED
CVE-2016-9944
	RESERVED
CVE-2016-9943
	RESERVED
CVE-2016-9942 (Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer  ...)
	{DSA-3753-1 DLA-1979-1 DLA-777-1}
	- libvncserver 0.9.11+dfsg-1 (bug #850008)
	- italc 1:3.0.2+dfsg1-1
	- veyon 4.1.4+repack1-1
	NOTE: https://github.com/LibVNC/libvncserver/pull/137
	NOTE: https://github.com/LibVNC/libvncserver/pull/137/commits/5fff4353f66427b467eb29e5fdc1da4f2be028bb
CVE-2016-9941 (Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServ ...)
	{DSA-3753-1 DLA-1979-1 DLA-777-1}
	- libvncserver 0.9.11+dfsg-1 (bug #850007)
	- italc 1:3.0.2+dfsg1-1
	- veyon 4.1.4+repack1-1
	NOTE: https://github.com/LibVNC/libvncserver/pull/137
	NOTE: https://github.com/LibVNC/libvncserver/pull/137/commits/5418e8007c248bf9668d22a8c1fa9528149b69f2
CVE-2016-9940
	RESERVED
CVE-2016-9955 (The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before ...)
	{DLA-1298-1}
	- simplesamlphp 1.14.11-1 (low)
	[jessie] - simplesamlphp <no-dsa> (Minor issue)
	NOTE: https://simplesamlphp.org/security/201612-02
	NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/a2326d75dd14accaac162dd2cb30aaefcc1f9205
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/14/7
CVE-2016-9939 (Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its A ...)
	{DSA-3748-1 DLA-766-1}
	- libcrypto++ 5.6.4-5 (bug #848009)
	NOTE: https://github.com/weidai11/cryptopp/issues/346
CVE-2016-9932 (CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows l ...)
	{DSA-3847-1 DLA-964-1}
	- xen 4.8.0~rc3-1 (bug #848081)
	NOTE: https://xenbits.xen.org/xsa/advisory-200.html
CVE-2016-9931
	RESERVED
CVE-2016-9930
	RESERVED
CVE-2016-9929
	RESERVED
CVE-2016-9927
	RESERVED
CVE-2016-9926
	RESERVED
CVE-2016-9925
	RESERVED
CVE-2016-9924 (Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers  ...)
	NOT-FOR-US: Zimbra
CVE-2016-9936 (The unserialize implementation in ext/standard/var.c in PHP 7.x before ...)
	- php7.0 7.0.14-1
	NOTE: Fixed in PHP 7.0.14 and 7.1.0
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72978
	NOTE: Fixed by: https://github.com/php/php-src/commit/b2af4e8868726a040234de113436c6e4f6372d17
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/12/2
CVE-2016-9935 (The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5. ...)
	{DSA-3737-1 DLA-818-1}
	- php7.0 7.0.14-1
	- php5 <removed>
	NOTE: Fixed in PHP 5.6.29 and 7.0.14
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73631
	NOTE: Fixed by: https://github.com/php/php-src/commit/66fd44209d5ffcb9b3d1bc1b9fd8e35b485040c0
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/12/2
CVE-2016-9934 (ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remo ...)
	{DSA-3732-1 DLA-818-1}
	- php7.0 7.0.13-1
	- php5 <removed>
	NOTE: Fixed in PHP 5.6.28, 7.0.13 and 7.1.0
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73331
	NOTE: Fixed by: https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/12/2
CVE-2016-9933 (Stack consumption vulnerability in the gdImageFillToBorder function in ...)
	{DSA-3751-1 DSA-3732-1 DLA-758-1}
	- libgd2 2.2.2-29-g3c2b605-1 (bug #849038)
	NOTE: This problem could be seen as a programmer fault but the fix is easy and
	NOTE: the effect is rather dramatic so it should be fixed anyway.
	NOTE: https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e (gd-2.2.2)
	NOTE: Scope of CVE is only the missing "color < 0" test in older versions.
	NOTE: GD release info: https://libgd.github.io/release-2.2.2.html
	- php7.0 7.0.13-1 (unimportant)
	- php5 <removed> (unimportant)
	NOTE: Fixed in PHP 5.6.28, 7.0.13 and 7.1.0
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72696
	NOTE: Fixed by: https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1
	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/12/2
CVE-2016-9937 (An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x be ...)
	- asterisk <not-affected> (Introduced in 13.12.0 but fixed with first version to unstable based on 13.12.1)
	NOTE: Vulnerability introduced in 13.12.0, but the first upload to unstable
	NOTE: versioned as 1:13.12.1~dfsg-1 via opus.patch removed the offending
	NOTE: function. Thus Debian was never vulnerable.
	NOTE: http://downloads.asterisk.org/pub/security/AST-2016-008.html
	NOTE: Cf. https://bugs.debian.org/847666
CVE-2016-9938 (An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 1 ...)
	- asterisk 1:13.13.1~dfsg-1 (bug #847668)
	[jessie] - asterisk 1:11.13.1~dfsg-2+deb8u2
	[wheezy] - asterisk <no-dsa> (Minor issue)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2016-009.html
	NOTE: Only applicable if a proxy is in use.
CVE-2016-9923 (Quick Emulator (Qemu) built with the 'chardev' backend support is vuln ...)
	- qemu 1:2.8+dfsg-1 (bug #847957)
	[jessie] - qemu <ignored> (Minor issue; too complex to backport)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05597.html
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=a4afa548fc6dd9842ed86639b4d37d4d1c4ad480 (v2.8.0-rc0)
CVE-2016-9922 (The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Qu ...)
	{DLA-1497-1 DLA-765-1 DLA-764-1}
	- qemu 1:2.8+dfsg-1 (bug #847960)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1334398
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=4299b90e9ba9ce5ca9024572804ba751aa1a7e70 (v2.8.0-rc3)
	NOTE: CVE for the "blit pitch values" issue.
	NOTE: Should be fixed along with CVE-2014-8106
CVE-2016-9921 (Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator sup ...)
	{DLA-1497-1 DLA-765-1 DLA-764-1}
	- qemu 1:2.8+dfsg-1 (bug #847960)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1334398
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=4299b90e9ba9ce5ca9024572804ba751aa1a7e70 (v2.8.0-rc3)
	NOTE: CVE for the "'cirrus_get_bpp' returns zero(0), which could lead to a divide by zero" issue.
CVE-2016-9918 (In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump ...)
	- bluez <unfixed> (unimportant; bug #847837)
	NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68898.html
	NOTE: Crash in btmon CLI tool, no security impact
CVE-2016-9917 (In BlueZ 5.42, a buffer overflow was observed in "read_n" function in  ...)
	- bluez <unfixed> (unimportant; bug #847837)
	NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
	NOTE: Crash in hcidump CLI tool, no security impact
CVE-2016-9906
	REJECTED
CVE-2016-9905 (A potentially exploitable crash in "EnumerateSubDocuments" while addin ...)
	{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
	- firefox <not-affected> (Only affects Firefox 45 ESR series)
	- firefox-esr 45.6.0esr-1
	- icedove 1:45.6.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9905
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9905
CVE-2016-9904 (An attacker could use a JavaScript Map/Set timing attack to determine  ...)
	{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
	- firefox 50.1.0-1
	- firefox-esr 45.6.0esr-1
	- icedove 1:45.6.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9904
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9904
CVE-2016-9903 (Mozilla's add-ons SDK had a world-accessible resource with an HTML inj ...)
	- firefox 50.1.0-1
	- firefox-esr <not-affected> (Only affects Firefox 50.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9903
CVE-2016-9902 (The Pocket toolbar button, once activated, listens for events fired fr ...)
	{DSA-3734-1 DLA-743-1}
	- firefox 50.1.0-1
	- firefox-esr 45.6.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9902
CVE-2016-9901 (HTML tags received from the Pocket server will be processed without sa ...)
	{DSA-3734-1 DLA-743-1}
	- firefox 50.1.0-1
	- firefox-esr 45.6.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9901
CVE-2016-9900 (External resources that should be blocked when loaded by SVG images ca ...)
	{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
	- firefox 50.1.0-1
	- firefox-esr 45.6.0esr-1
	- icedove 1:45.6.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9900
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9900
CVE-2016-9899 (Use-after-free while manipulating DOM events and removing audio elemen ...)
	{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
	- firefox 50.1.0-1
	- firefox-esr 45.6.0esr-1
	- icedove 1:45.6.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9899
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9899
CVE-2016-9898 (Use-after-free resulting in potentially exploitable crash when manipul ...)
	{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
	- firefox 50.1.0-1
	- firefox-esr 45.6.0esr-1
	- icedove 1:45.6.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9898
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9898
CVE-2016-9897 (Memory corruption resulting in a potentially exploitable crash during  ...)
	{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
	- firefox 50.1.0-1
	- firefox-esr 45.6.0esr-1
	- icedove 1:45.6.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9897
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9897
CVE-2016-9896 (Use-after-free while manipulating the "navigator" object within WebVR. ...)
	- firefox 50.1.0-1
	- firefox-esr <not-affected> (Only affects Firefox 50.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9896
CVE-2016-9895 (Event handlers on "marquee" elements were executed despite a strict Co ...)
	{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
	- firefox 50.1.0-1
	- firefox-esr 45.6.0esr-1
	- icedove 1:45.6.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9895
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9895
CVE-2016-9894 (A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated duri ...)
	- firefox 50.1.0-1
	- firefox-esr <not-affected> (Only affects Firefox 50.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9894
CVE-2016-9893 (Memory safety bugs were reported in Thunderbird 45.5. Some of these bu ...)
	{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
	- firefox 50.1.0-1
	- firefox-esr 45.6.0esr-1
	- icedove 1:45.6.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9893
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9893
CVE-2016-9892 (The esets_daemon service in ESET Endpoint Antivirus for macOS before 6 ...)
	NOT-FOR-US: ESET
CVE-2016-9891 (Cross-site scripting (XSS) vulnerability in admin/media.php and admin/ ...)
	- dotclear <removed>
CVE-2016-9890
	RESERVED
CVE-2016-9889 (Some forms with the parameter geo_zoomlevel_to_found_location in Tiki  ...)
	NOT-FOR-US: Tiki Wiki
CVE-2016-9888 (An error within the "tar_directory_for_file()" function (gsf-infile-ta ...)
	{DLA-2183-1 DLA-740-1}
	- libgsf 1.14.41-1
	NOTE: Fixed by: https://github.com/GNOME/libgsf/commit/95a8351a75758cf10b3bf6abae0b6b461f90d9e5
CVE-2016-9887
	RESERVED
CVE-2016-9886
	REJECTED
CVE-2016-9885 (An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prio ...)
	NOT-FOR-US: Pivotal GemFire for PCF
CVE-2016-9884
	REJECTED
CVE-2016-9883
	REJECTED
CVE-2016-9882 (An issue was discovered in Cloud Foundry Foundation cf-release version ...)
	NOT-FOR-US: Cloud Foundry Foundation cf-release
CVE-2016-9881
	REJECTED
CVE-2016-9880 (The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x befo ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-9879 (An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1. ...)
	- libspring-security-java <itp> (bug #582181)
	NOTE: https://pivotal.io/security/cve-2016-9879
CVE-2016-9878 (An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2 ...)
	{DLA-1853-1}
	- libspring-java 4.3.5-1 (bug #849167)
	[wheezy] - libspring-java <no-dsa> (Minor issue)
	NOTE: https://pivotal.io/security/cve-2016-9878
	NOTE: Fixed by: https://github.com/spring-projects/spring-framework/commit/e2d6e709c3c65a4951eb096843ee75d5200cfcad (4.3.x branch)
	NOTE: Fixed by: https://github.com/spring-projects/spring-framework/commit/43bf008fbcd0d7945e2fcd5e30039bc4d74c7a98 (4.2.x branch)
	NOTE: Fixed by: https://github.com/spring-projects/spring-framework/commit/a7dc48534ea501525f11369d369178a60c2f47d0 (3.2.x branch)
	NOTE: https://jira.spring.io/browse/SPR-14946
CVE-2016-9877 (An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x ...)
	{DSA-3761-1}
	- rabbitmq-server 3.6.6-1 (bug #849849)
	[wheezy] - rabbitmq-server <not-affected> (Vulnerable code introduced later)
	NOTE: https://pivotal.io/security/cve-2016-9877
	NOTE: https://github.com/rabbitmq/rabbitmq-mqtt/issues/96
	NOTE: https://github.com/rabbitmq/rabbitmq-mqtt/pull/98
CVE-2016-9876
	REJECTED
CVE-2016-9875
	REJECTED
CVE-2016-9874
	REJECTED
CVE-2016-9873 (EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a  ...)
	NOT-FOR-US: EMC Documentum
CVE-2016-9872 (EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Re ...)
	NOT-FOR-US: EMC Documentum
CVE-2016-9871 (EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isil ...)
	NOT-FOR-US: EMC Isilon
CVE-2016-9870 (EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isil ...)
	NOT-FOR-US: EMC
CVE-2016-9869 (An issue was discovered in EMC ScaleIO versions before 2.0.1.1. Incorr ...)
	NOT-FOR-US: EMC ScaleIO
CVE-2016-9868 (An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low- ...)
	NOT-FOR-US: EMC ScaleIO
CVE-2016-9867 (An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low- ...)
	NOT-FOR-US: EMC ScaleIO
CVE-2016-9919 (The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through ...)
	- linux 4.8.15-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=189851
	NOTE: Fixed by: https://git.kernel.org/linus/79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2 (v4.9-rc8)
CVE-2016-9912 (Quick Emulator (Qemu) built with the Virtio GPU Device emulator suppor ...)
	- qemu 1:2.8+dfsg-1 (bug #847391)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05043.html
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/12
CVE-2016-9916 (Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows  ...)
	{DLA-1497-1}
	- qemu 1:2.8+dfsg-1 (bug #847496)
	[wheezy] - qemu <no-dsa> (Minor issue, virtfs-proxy-helper not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, virtfs-proxy-helper not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=898ae90a44551d25b8e956fd87372d303c82fe68 (v2.8.0-rc2)
	NOTE: Proxy filesystem driver introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=4c793dda22213a7aba8e4d9a814e8f368a5f8bf7 (v1.0-rc0)
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/11
CVE-2016-9915 (Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows ...)
	{DLA-1497-1}
	- qemu 1:2.8+dfsg-1 (bug #847496)
	[wheezy] - qemu <no-dsa> (handle driver not included during compilation)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (handle driver not included during compilation)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=971f406b77a6eb84e0ad27dcc416b663765aee30 (v2.8.0-rc2)
	NOTE: handle based fs driver introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=5f5422258e1f50f871bafcc5bfb2b498f414a310 (v1.0-rc0)
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/11
	NOTE: proxy driver not included during compilation in wheezy, see debian-lts ML: https://lists.debian.org/debian-lts/2016/12/msg00136.html
CVE-2016-9914 (Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local  ...)
	{DLA-1497-1}
	- qemu 1:2.8+dfsg-1 (bug #847496)
	[wheezy] - qemu <no-dsa> (proxy and handle drivers not included during compilation)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (proxy and handle drivers not included during compilation)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=702dbcc274e2ca43be20ba64c758c0ca57dab91d (v2.8.0-rc2)
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/11
	NOTE: proxy and handle drivers not included during compilation in wheezy, so the cleanup function is never implemented:
	NOTE: see debian-lts ML: https://lists.debian.org/debian-lts/2016/12/msg00136.html
CVE-2016-9913 (Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p ...)
	- qemu 1:2.8+dfsg-1 (bug #847496)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=4774718e5c194026ba5ee7a28d9be49be3080e42 (v2.8.0-rc2)
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/11
CVE-2016-9911 (Quick Emulator (Qemu) built with the USB EHCI Emulation support is vul ...)
	{DLA-1497-1 DLA-765-1 DLA-764-1}
	- qemu 1:2.8+dfsg-1 (bug #847951)
	- qemu-kvm <removed>
	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=791f97758e223de3290592d169f (v2.8.0-rc0)
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/10
CVE-2016-9907 (Quick Emulator (Qemu) built with the USB redirector usb-guest support  ...)
	{DLA-1497-1}
	- qemu 1:2.8+dfsg-1 (bug #847953)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg01379.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=07b026fd82d6cf11baf7d7c603c4f5f6070b35bf
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/3
	NOTE: Leakage introduced after 1.2.50: http://git.qemu.org/?p=qemu.git;a=commit;h=fc3f6e1b106abcf6b8cf487ac8f8e5fc2fd86776
CVE-2016-9908 (Quick Emulator (Qemu) built with the Virtio GPU Device emulator suppor ...)
	- qemu 1:2.8+dfsg-1 (bug #847400)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: http://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00059.html
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/2
CVE-2016-9920 (steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2 ...)
	{DLA-737-1}
	- roundcube 1.2.3+dfsg.1-1 (bug #847287)
	NOTE: https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
	NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/f84233785ddeed01445fc855f3ae1e8a62f167e1
	NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/aa6bf38843f51a0fc7205acc98a7b84f3c4c9c4f
CVE-2016-9910 (The serializer in html5lib before 0.99999999 might allow remote attack ...)
	- html5lib 0.999999999-1
	[jessie] - html5lib <no-dsa> (Minor issue)
	[wheezy] - html5lib <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7
	NOTE: https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/5
CVE-2016-9909 (The serializer in html5lib before 0.99999999 might allow remote attack ...)
	- html5lib 0.999999999-1
	[jessie] - html5lib <no-dsa> (Minor issue)
	[wheezy] - html5lib <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7
	NOTE: https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/5
CVE-2016-9839 (In MapServer before 7.0.3, OGR driver error messages are too verbose a ...)
	{DLA-734-1}
	- mapserver 7.0.3-1
	[jessie] - mapserver 6.4.1-5+deb8u1
	NOTE: https://lists.osgeo.org/pipermail/mapserver-dev/2016-December/014979.html
	NOTE: https://github.com/mapserver/mapserver/pull/4928
	NOTE: https://github.com/mapserver/mapserver/pull/5356
CVE-2016-9838 (An issue was discovered in components/com_users/models/registration.ph ...)
	NOT-FOR-US: Joomla!
CVE-2016-9837 (An issue was discovered in templates/beez3/html/com_content/article/de ...)
	NOT-FOR-US: Joomla!
CVE-2016-9836 (The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! C ...)
	NOT-FOR-US: Joomla!
CVE-2016-9835 (Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x b ...)
	NOT-FOR-US: Zikula
CVE-2016-9834 (An XSS vulnerability allows remote attackers to execute arbitrary clie ...)
	NOT-FOR-US: Sophos
CVE-2016-9833
	RESERVED
CVE-2016-9832 (PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows ...)
	NOT-FOR-US: ACE-ABAP
CVE-2016-9805
	RESERVED
CVE-2016-9796 (Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs i ...)
	NOT-FOR-US: Alcatel-Lucent OmniVista
CVE-2016-9795 (The casrvc program in CA Common Services, as used in CA Client Automat ...)
	NOT-FOR-US: CA Common Services
CVE-2016-9792
	REJECTED
CVE-2016-9791
	REJECTED
CVE-2016-9790
	REJECTED
CVE-2016-9789
	REJECTED
CVE-2016-9788
	REJECTED
CVE-2016-9787
	REJECTED
CVE-2016-9786
	REJECTED
CVE-2016-9785
	REJECTED
CVE-2016-9784
	REJECTED
CVE-2016-9783
	REJECTED
CVE-2016-9782
	REJECTED
CVE-2016-9781
	REJECTED
CVE-2016-9780
	REJECTED
CVE-2016-9779
	REJECTED
CVE-2016-9778 (An error in handling certain queries can cause an assertion failure wh ...)
	- bind9 <not-affected> (Only Supported Preview Edition/Subscription Edition and 9.11.x)
	NOTE: https://kb.isc.org/article/AA-01442/0
CVE-2016-9771
	REJECTED
CVE-2016-9770
	REJECTED
CVE-2016-9769
	REJECTED
CVE-2016-9768
	REJECTED
CVE-2016-9767
	REJECTED
CVE-2016-9766
	REJECTED
CVE-2016-9765
	REJECTED
CVE-2016-9764
	REJECTED
CVE-2016-9763
	REJECTED
CVE-2016-9762
	REJECTED
CVE-2016-9761
	REJECTED
CVE-2016-9760
	REJECTED
CVE-2016-9759
	REJECTED
CVE-2016-9758
	REJECTED
CVE-2016-9757 (In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user inte ...)
	NOT-FOR-US: Rapid7 Nexpose
CVE-2016-9846 (QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator su ...)
	- qemu 1:2.8+dfsg-1 (bug #847382)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00029.html
CVE-2016-9845 (QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator su ...)
	- qemu 1:2.8+dfsg-1 (bug #847381)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00019.html
CVE-2016-9843 (The crc32_big function in crc32.c in zlib 1.2.8 might allow context-de ...)
	{DLA-2085-1 DLA-1725-1}
	- zlib 1:1.2.8.dfsg-3 (bug #847275)
	[wheezy] - zlib <no-dsa> (Minor issue)
	- rsync 3.1.3-6 (bug #924509)
	[stretch] - rsync 3.1.2-1+deb9u2
	NOTE: https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811
	NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
CVE-2016-9842 (The inflateMark function in inflate.c in zlib 1.2.8 might allow contex ...)
	{DLA-2085-1 DLA-1725-1}
	- zlib 1:1.2.8.dfsg-3 (bug #847274)
	[wheezy] - zlib <no-dsa> (Minor issue)
	- rsync 3.1.3-6 (bug #924509)
	[stretch] - rsync 3.1.2-1+deb9u2
	NOTE: https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
	NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
CVE-2016-9841 (inffast.c in zlib 1.2.8 might allow context-dependent attackers to hav ...)
	{DLA-2085-1 DLA-1725-1}
	- zlib 1:1.2.8.dfsg-4 (bug #847270)
	[wheezy] - zlib <no-dsa> (Minor issue)
	- rsync 3.1.3-6 (bug #924509)
	[stretch] - rsync 3.1.2-1+deb9u2
	NOTE: https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb
	NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
CVE-2016-9840 (inftrees.c in zlib 1.2.8 might allow context-dependent attackers to ha ...)
	{DLA-2085-1 DLA-1725-1}
	- zlib 1:1.2.8.dfsg-3 (bug #847270)
	[wheezy] - zlib <no-dsa> (Minor issue)
	- rsync 3.1.3-6 (bug #924509)
	[stretch] - rsync 3.1.2-1+deb9u2
	NOTE: https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0
	NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
CVE-2016-9844 (Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZi ...)
	{DLA-741-1}
	- unzip 6.0-21 (bug #847486)
	[jessie] - unzip 6.0-16+deb8u3
	NOTE: https://launchpad.net/bugs/1643750
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/05/13
	NOTE: Proposed patch in https://www.openwall.com/lists/oss-security/2016/12/05/19
CVE-2016-XXXX [tiffcrop: divide-by-zero in readSeparateStripsIntoBuffer when BitsPerSample is missing]
	- tiff 4.0.7-2 (unimportant; bug #846838)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2619
CVE-2016-9831 (Heap-based buffer overflow in the parseSWF_RGBA function in parser.c i ...)
	{DLA-799-1}
	- ming <removed>
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_rgba-parser-c
CVE-2016-9830 (The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows ...)
	{DSA-3746-1}
	- graphicsmagick 1.3.25-6 (bug #847055)
	[wheezy] - graphicsmagick <no-dsa> (fix too intrusive, depends on jan 15th magickresources changes)
	NOTE: upstream patch requires major refactor from jan 2015, see https://lists.debian.org/87inpe4wgu.fsf@curie.anarc.at
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c
	NOTE: POC: https://github.com/asarubbo/poc/blob/master/00096-graphicsmagick-memalloc-MagickRealloc
CVE-2016-9829 (Heap-based buffer overflow in the parseSWF_DEFINEFONT function in pars ...)
	{DLA-799-1}
	- ming <removed>
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_definefont-parser-c
CVE-2016-9828 (The dumpBuffer function in read.c in the listswf tool in libming 0.4.7 ...)
	{DLA-799-1}
	- ming <removed>
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-null-pointer-dereference-in-dumpbuffer-read-c
CVE-2016-9827 (The _iprintf function in outputtxt.c in the listswf tool in libming 0. ...)
	{DLA-799-1}
	- ming <removed>
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-_iprintf-outputtxt-c
CVE-2016-9826 (libavcodec/ituh263dec.c in libav 11.8 allows remote attackers to cause ...)
	- libav <removed> (unimportant)
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
	NOTE: https://github.com/asarubbo/poc/blob/master/00041-libav-leftshift-ituh263dec_c
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=985
CVE-2016-9825 (libswscale/utils.c in libav 11.8 allows remote attackers to cause a de ...)
	- libav <removed> (unimportant)
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
	NOTE: https://github.com/asarubbo/poc/blob/master/00040-libav-leftshift-utils_c
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=984
CVE-2016-9824 (Integer overflow in libswscale/x86/swscale.c in libav 11.8 allows remo ...)
	- libav <removed>
	[jessie] - libav <ignored> (Minor issue, usan-only no-crash warning, no patch)
	[wheezy] - libav <ignored> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
	NOTE: https://github.com/asarubbo/poc/blob/master/00039-libav-signedintoverflow-swscale_c
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=983
CVE-2016-9823 (libavcodec/x86/mpegvideo.c in libav 11.8 allows remote attackers to ca ...)
	- libav <removed>
	[jessie] - libav <ignored> (Minor issue, usan-only no-crash warning, no patch)
	[wheezy] - libav <ignored> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
	NOTE: https://github.com/asarubbo/poc/blob/master/00038-libav-uint8_t64-outofbounds-mpegvideo
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=982
CVE-2016-9822 (Integer overflow in libavcodec/mpeg12dec.c in libav 11.8 allows remote ...)
	{DSA-3833-1 DLA-791-1}
	- libav <removed>
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
	NOTE: https://github.com/asarubbo/poc/blob/master/00037-libav-signedintoverflow-mpegvideo_parser
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=981
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=9f0193c778175cea3fb43f17acf9b90b4d862d33 (pre 11.9)
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=15e1af0006354d6bbf0e433c5d1e8ef13c93d6d0 (pre 11.9)
CVE-2016-9821 (Integer overflow in libavcodec/mpegvideo_parser.c in libav 11.8 allows ...)
	{DSA-3833-1 DLA-791-1}
	- libav <removed>
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
	NOTE: https://github.com/asarubbo/poc/blob/master/00037-libav-signedintoverflow-mpegvideo_parser
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=981
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=9f0193c778175cea3fb43f17acf9b90b4d862d33 (pre 11.9)
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=15e1af0006354d6bbf0e433c5d1e8ef13c93d6d0 (pre 11.9)
CVE-2016-9820 (libavcodec/mpegvideo_motion.c in libav 11.8 allows remote attackers to ...)
	{DLA-791-1}
	- libav <removed> (unimportant)
	[jessie] - libav <not-affected> (The fixing patches are included in the upstream version)
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
	NOTE: https://github.com/asarubbo/poc/blob/master/00036-libav-leftshift-mpegvideo
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=980
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=e17bcfbecc268ba00cb55025095d70b1025e6c7d (pre 11.9)
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=f106f74206e69e9056130da8bddffc39f3878ac3 (pre 11.9)
CVE-2016-9819 (libavcodec/mpegvideo.c in libav 11.8 allows remote attackers to cause  ...)
	{DLA-791-1}
	- libav <removed> (unimportant)
	[jessie] - libav <not-affected> (The fixing patches are included in the upstream version)
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
	NOTE: https://github.com/asarubbo/poc/blob/master/00036-libav-leftshift-mpegvideo
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=980
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=e17bcfbecc268ba00cb55025095d70b1025e6c7d (pre 11.9)
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=f106f74206e69e9056130da8bddffc39f3878ac3 (pre 11.9)
CVE-2016-9818 (Xen through 4.7.x allows local ARM guest OS users to cause a denial of ...)
	- xen 4.8.0-1
	[jessie] - xen <ignored> (Minor issue)
	[wheezy] - xen <not-affected> (ARM support introduced in 4.4)
	NOTE: https://xenbits.xen.org/xsa/advisory-201.html
	NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-4.patch
CVE-2016-9817 (Xen through 4.7.x allows local ARM guest OS users to cause a denial of ...)
	- xen 4.8.0-1
	[jessie] - xen <ignored> (Minor issue)
	[wheezy] - xen <not-affected> (ARM support introduced in 4.4)
	NOTE: https://xenbits.xen.org/xsa/advisory-201.html
	NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-3.patch
	NOTE: or https://xenbits.xen.org/xsa/xsa201-3-4.7.patch
CVE-2016-9816 (Xen through 4.7.x allows local ARM guest OS users to cause a denial of ...)
	- xen 4.8.0-1
	[jessie] - xen <ignored> (Minor issue)
	[wheezy] - xen <not-affected> (ARM support introduced in 4.4)
	NOTE: https://xenbits.xen.org/xsa/advisory-201.html
	NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-2.patch
CVE-2016-9815 (Xen through 4.7.x allows local ARM guest OS users to cause a denial of ...)
	- xen 4.8.0-1
	[jessie] - xen <ignored> (Minor issue)
	[wheezy] - xen <not-affected> (ARM support introduced in 4.4)
	NOTE: https://xenbits.xen.org/xsa/advisory-201.html
	NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-1.patch
CVE-2016-9814 (The validateSignature method in the SAML2\Utils class in SimpleSAMLphp ...)
	{DLA-1298-1}
	- simplesamlphp 1.14.10-1 (low)
	[jessie] - simplesamlphp <no-dsa> (Minor issue)
	NOTE: https://simplesamlphp.org/security/201612-01
	NOTE: https://github.com/simplesamlphp/saml2/pull/81
	NOTE: https://github.com/simplesamlphp/saml2/commit/7008b0916426212c1cc2fc238b38ab9ebff0748c
	NOTE: only exploitable in hard to achieve conditions
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/03/5
CVE-2016-9754 (The ring_buffer_resize function in kernel/trace/ring_buffer.c in the p ...)
	- linux 4.6.1-1
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/59643d1535eb220668692a5359de22545af579f6 (v4.7-rc1)
CVE-2016-9753
	RESERVED
CVE-2016-9752 (In Serendipity before 2.0.5, an attacker can bypass SSRF protection by ...)
	- serendipity <removed>
CVE-2016-9751 (Cross-site scripting (XSS) vulnerability in the search results front e ...)
	- piwigo <removed>
	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Request to mark the package as unsupported in #779104
CVE-2016-9750 (IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text  ...)
	NOT-FOR-US: IBM
CVE-2016-9749 (IBM Campaign 9.1.0, 9.1.2, 10.0, and 10.1 could allow an authenticated ...)
	NOT-FOR-US: IBM
CVE-2016-9748 (IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive inf ...)
	NOT-FOR-US: IBM
CVE-2016-9747 (IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This  ...)
	NOT-FOR-US: IBM
CVE-2016-9746 (IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site sc ...)
	NOT-FOR-US: IBM
CVE-2016-9745
	RESERVED
CVE-2016-9744
	RESERVED
CVE-2016-9743
	RESERVED
CVE-2016-9742
	RESERVED
CVE-2016-9741
	RESERVED
CVE-2016-9740 (IBM QRadar 7.2 could allow a remote attacker to consume all resources  ...)
	NOT-FOR-US: IBM
CVE-2016-9739 (IBM Security Identity Manager Virtual Appliance stores user credential ...)
	NOT-FOR-US: IBM
CVE-2016-9738 (IBM QRadar 7.2 and 7.3 does not require that users should have strong  ...)
	NOT-FOR-US: IBM
CVE-2016-9737 (IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. T ...)
	NOT-FOR-US: IBM
CVE-2016-9736 (IBM WebSphere Application Server using malformed SOAP requests could a ...)
	NOT-FOR-US: IBM
CVE-2016-9735 (IBM Jazz Foundation could allow an authenticated user to obtain sensit ...)
	NOT-FOR-US: IBM
CVE-2016-9734
	RESERVED
CVE-2016-9733 (IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site sc ...)
	NOT-FOR-US: IBM
CVE-2016-9732 (IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerabl ...)
	NOT-FOR-US: IBM
CVE-2016-9731 (IBM Business Process Manager is vulnerable to cross-site scripting. Th ...)
	NOT-FOR-US: IBM
CVE-2016-9730 (IBM QRadar Incident Forensics 7.2 is vulnerable to cross-site request  ...)
	NOT-FOR-US: IBM
CVE-2016-9729 (IBM QRadar 7.2 does not perform an authentication check for a critical ...)
	NOT-FOR-US: IBM
CVE-2016-9728 (IBM Qradar 7.2 is vulnerable to SQL injection. A remote attacker could ...)
	NOT-FOR-US: IBM
CVE-2016-9727 (IBM QRadar 7.2 could allow a remote authenticated attacker to execute  ...)
	NOT-FOR-US: IBM
CVE-2016-9726 (IBM QRadar Incident Forensics 7.2 could allow a remote authenticated a ...)
	NOT-FOR-US: IBM
CVE-2016-9725 (IBM QRadar Incident Forensics 7.2 allows for Cross-Origin Resource Sha ...)
	NOT-FOR-US: IBM
CVE-2016-9724 (IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML  ...)
	NOT-FOR-US: IBM
CVE-2016-9723 (IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerabili ...)
	NOT-FOR-US: IBM
CVE-2016-9722 (IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical r ...)
	NOT-FOR-US: IBM QRadar
CVE-2016-9721
	RESERVED
CVE-2016-9720 (IBM QRadar 7.2 discloses sensitive information to unauthorized users.  ...)
	NOT-FOR-US: IBM
CVE-2016-9719 (IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 1 ...)
	NOT-FOR-US: IBM
CVE-2016-9718 (IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 1 ...)
	NOT-FOR-US: IBM
CVE-2016-9717 (HTTP Parameter Override is identified in the IBM Infosphere Master Dat ...)
	NOT-FOR-US: IBM
CVE-2016-9716 (IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, a ...)
	NOT-FOR-US: IBM
CVE-2016-9715 (IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, a ...)
	NOT-FOR-US: IBM
CVE-2016-9714 (IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 1 ...)
	NOT-FOR-US: IBM
CVE-2016-9713
	RESERVED
CVE-2016-9712
	RESERVED
CVE-2016-9711 (IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveal ...)
	NOT-FOR-US: IBM
CVE-2016-9710 (IBM Predictive Solutions Foundation (formerly PMQ) could allow a remot ...)
	NOT-FOR-US: IBM
CVE-2016-9709
	RESERVED
CVE-2016-9708
	RESERVED
CVE-2016-9707 (IBM Jazz Foundation is vulnerable to a denial of service, caused by an ...)
	NOT-FOR-US: IBM
CVE-2016-9706 (IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLO ...)
	NOT-FOR-US: IBM
CVE-2016-9705
	RESERVED
CVE-2016-9704 (IBM Security Identity Manager Virtual Appliance is vulnerable to cross ...)
	NOT-FOR-US: IBM
CVE-2016-9703 (IBM Security Identity Manager Virtual Appliance does not invalidate se ...)
	NOT-FOR-US: IBM
CVE-2016-9702
	RESERVED
CVE-2016-9701 (IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scriptin ...)
	NOT-FOR-US: IBM
CVE-2016-9700 (IBM Jazz Foundation could allow an authenticated attacker to obtain se ...)
	NOT-FOR-US: IBM
CVE-2016-9699
	RESERVED
CVE-2016-9698 (IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service ...)
	NOT-FOR-US: IBM
CVE-2016-9697 (An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 coul ...)
	NOT-FOR-US: IBM
CVE-2016-9696 (IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A r ...)
	NOT-FOR-US: IBM
CVE-2016-9695
	RESERVED
CVE-2016-9694 (IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scriptin ...)
	NOT-FOR-US: IBM
CVE-2016-9693 (IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download cap ...)
	NOT-FOR-US: IBM
CVE-2016-9692 (IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to Ex ...)
	NOT-FOR-US: IBM
CVE-2016-9691 (IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a  ...)
	NOT-FOR-US: IBM
CVE-2016-9690
	REJECTED
CVE-2016-9689
	REJECTED
CVE-2016-9688
	REJECTED
CVE-2016-9687
	REJECTED
CVE-2016-9686 (The Puppet Communications Protocol (PCP) Broker incorrectly validates  ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2016-9804 (In BlueZ 5.42, a buffer overflow was observed in "commands_dump" funct ...)
	- bluez <unfixed> (unimportant; bug #847837)
	NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
	NOTE: Crash in hcidump CLI tool, no security impact
CVE-2016-9803 (In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" ...)
	- bluez <unfixed> (unimportant; bug #847837)
	NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
	NOTE: Crash in CLI tools, no security impact
CVE-2016-9802 (In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" fun ...)
	- bluez <unfixed> (unimportant; bug #847837)
	NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68898.html
	NOTE: Crash in btmon CLI tool, no security impact
CVE-2016-9801 (In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" functi ...)
	- bluez <unfixed> (unimportant; bug #847837)
	NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
	NOTE: Crash in CLI tools, no security impact
CVE-2016-9800 (In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" ...)
	- bluez <unfixed> (unimportant; bug #847837)
	NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
	NOTE: Crash in CLI tools, no security impact
CVE-2016-9799 (In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" funct ...)
	- bluez <unfixed> (unimportant; bug #847837)
	NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68898.html
	NOTE: Crash in btmon CLI tool, no security impact
CVE-2016-9798 (In BlueZ 5.42, a use-after-free was identified in "conf_opt" function  ...)
	- bluez <unfixed> (unimportant; bug #847837)
	NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
	NOTE: Crash in hcidump CLI tool, no security impact
CVE-2016-9797 (In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" functio ...)
	- bluez <unfixed> (unimportant; bug #847837)
	NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
	NOTE: Crash in hcidump CLI tool, no security impact
CVE-2016-9794 (Race condition in the snd_pcm_period_elapsed function in sound/core/pc ...)
	{DLA-772-1}
	- linux 4.7.2-1
	[jessie] - linux 3.16.39-1
	NOTE: https://patchwork.kernel.org/patch/8752621/
	NOTE: Fixed by: https://git.kernel.org/linus/3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4 (v4.7-rc1)
	NOTE: http://seclists.org/oss-sec/2016/q4/576
CVE-2016-9793 (The sock_setsockopt function in net/core/sock.c in the Linux kernel be ...)
	{DLA-772-1}
	- linux 4.8.15-1
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/b98b0bc8c431e3ceb4b26b0dfc8db509518fb290
CVE-2016-9775 (The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 o ...)
	{DSA-3739-1 DSA-3738-1 DLA-729-1 DLA-728-1}
	- tomcat8 8.5.8-2 (bug #845385)
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/02/5
CVE-2016-9774 (The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 ...)
	{DSA-3739-1 DSA-3738-1 DLA-753-1 DLA-746-1}
	- tomcat8 8.5.8-2 (bug #845393)
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/02/5
CVE-2016-9777 (KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does  ...)
	- linux 4.8.15-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1400804
	NOTE: Fixed by: https://git.kernel.org/linus/81cdb259fb6d8c1c4ecfeea389ff5a73c07f5755 (v4.9-rc7)
	NOTE: Introduced in: https://git.kernel.org/linus/af1bae5497b98cb99d6b0492e6981f060420a00c (v4.8-rc1)
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/02/2
CVE-2016-9776 (QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Contro ...)
	{DLA-1497-1}
	- qemu 1:2.8+dfsg-1 (bug #846797)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Coldfire is not emulated by kvm)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05324.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1400829
CVE-2016-9756 (arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not prop ...)
	{DLA-772-1}
	- linux 4.8.15-1
	[jessie] - linux 3.16.39-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1400468
	NOTE: Fixed by: https://git.kernel.org/linus/2117d5398c81554fbf803f5fd1dc55eb78216c0c
CVE-2016-9755 (The netfilter subsystem in the Linux kernel before 4.9 mishandles IPv6 ...)
	- linux 4.8.15-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b57da0630c9fd36ed7a20fc0f98dc82cc0777fa (v4.9-rc8)
	NOTE: https://groups.google.com/forum/#!topic/syzkaller/GFbGpX7nTEo
CVE-2016-9684 (The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vu ...)
	NOT-FOR-US: SonicWall
CVE-2016-9683 (The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vu ...)
	NOT-FOR-US: SonicWall
CVE-2016-9682 (The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vu ...)
	NOT-FOR-US: SonicWall
CVE-2016-9681 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity bef ...)
	- serendipity <removed>
CVE-2016-9680 (Citrix Provisioning Services before 7.12 allows attackers to obtain se ...)
	NOT-FOR-US: Citrix
CVE-2016-9679 (Citrix Provisioning Services before 7.12 allows attackers to execute a ...)
	NOT-FOR-US: Citrix
CVE-2016-9678 (Use-after-free vulnerability in Citrix Provisioning Services before 7. ...)
	NOT-FOR-US: Citrix
CVE-2016-9677 (Citrix Provisioning Services before 7.12 allows attackers to obtain se ...)
	NOT-FOR-US: Citrix
CVE-2016-9676 (Buffer overflow in Citrix Provisioning Services before 7.12 allows att ...)
	NOT-FOR-US: Citrix
CVE-2016-9674
	REJECTED
CVE-2016-9673
	REJECTED
CVE-2016-9672
	REJECTED
CVE-2016-9671
	REJECTED
CVE-2016-9670
	REJECTED
CVE-2016-9669
	REJECTED
CVE-2016-9668
	REJECTED
CVE-2016-9667
	REJECTED
CVE-2016-9666
	REJECTED
CVE-2016-9665
	REJECTED
CVE-2016-9664
	REJECTED
CVE-2016-9663
	REJECTED
CVE-2016-9662
	REJECTED
CVE-2016-9661
	REJECTED
CVE-2016-9660
	REJECTED
CVE-2016-9659
	REJECTED
CVE-2016-9658
	REJECTED
CVE-2016-9657
	REJECTED
CVE-2016-9656
	REJECTED
CVE-2016-9655
	REJECTED
CVE-2016-9654
	REJECTED
CVE-2016-9653
	REJECTED
CVE-2016-9652 (Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883 ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-9651 (A missing check for whether a property of a JS object is private in V8 ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-9650 (Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linu ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-9772 (OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive ...)
	{DLA-733-1}
	- openafs 1.6.20-1 (bug #846922)
	[jessie] - openafs 1.6.9-2+deb8u6
	NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt
	NOTE: Upstream patch: https://www.openafs.org/pages/security/openafs-sa-2016-003-master.patch (master)
	NOTE: Upstream patch: https://www.openafs.org/pages/security/openafs-sa-2016-003.patch
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/01/12
CVE-2016-9685 (Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the  ...)
	- linux 4.5.1-1
	[jessie] - linux 3.16.36-1
	[wheezy] - linux 3.2.81-1
	NOTE: Fixed by: https://git.kernel.org/linus/2e83b79b2d6c78bf1b4aa227938a214dcbddc83f (v4.6-rc1)
CVE-2016-9649
	REJECTED
CVE-2016-9648
	REJECTED
CVE-2016-9647
	REJECTED
CVE-2016-9646 (ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder-&gt; ...)
	{DSA-3760-1 DLA-812-1}
	- ikiwiki 3.20161229
	NOTE: https://ikiwiki.info/security/#cve-2016-9646
CVE-2016-9643 (The regex code in Webkit 2.4.11 allows remote attackers to cause a den ...)
	- webkitgtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://www.openwall.com/lists/oss-security/2016/11/26/2
CVE-2016-9642 (JavaScriptCore in WebKit allows attackers to cause a denial of service ...)
	- webkitgtk <removed> (unimportant)
	NOTE: Not covered by security support
CVE-2016-9641
	RESERVED
CVE-2016-9640
	RESERVED
CVE-2016-9638 (In BMC Patrol before 9.13.10.02, the binary "listguests64" is configur ...)
	NOT-FOR-US: BMC Patrol
CVE-2016-9637 (The (1) ioport_read and (2) ioport_write functions in Xen, when qemu i ...)
	{DLA-1270-1}
	- qemu <not-affected> (Vulnerability specific to Xen)
	- qemu-kvm <not-affected> (Vulnerability specific to Xen)
	- xen 4.4.0-1
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: https://xenbits.xen.org/xsa/advisory-199.html
CVE-2016-9620
	REJECTED
CVE-2016-9619
	REJECTED
CVE-2016-9618
	REJECTED
CVE-2016-9617
	REJECTED
CVE-2016-9616
	REJECTED
CVE-2016-9615
	REJECTED
CVE-2016-9614
	REJECTED
CVE-2016-9613
	REJECTED
CVE-2016-9612
	REJECTED
CVE-2016-9611
	REJECTED
CVE-2016-9610
	REJECTED
CVE-2016-9609
	REJECTED
CVE-2016-9608
	REJECTED
CVE-2016-9607
	REJECTED
CVE-2016-9606 (JBoss RESTEasy before version 3.1.2 could be forced into parsing a req ...)
	- resteasy 3.1.4-1 (bug #851430)
	[jessie] - resteasy <no-dsa> (Minor issue)
	- resteasy3.0 3.0.26-1
	NOTE: See CVE-2018-1051 to address original incomplete fix for CVE-2016-9606
CVE-2016-9605 (A flaw was found in cobbler software component version 2.6.11-1. It su ...)
	- cobbler <removed> (bug #858844)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1433950
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1399333
CVE-2016-9604 (It was discovered in the Linux kernel before 4.11-rc8 that root can ga ...)
	{DLA-922-1}
	- linux 4.9.25-1
	[jessie] - linux 3.16.43-1
	NOTE: Fixed by: https://git.kernel.org/linus/ee8f844e3c5a73b999edf733df1c529d6503ec2f
CVE-2016-9603 (A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA e ...)
	{DLA-1497-1 DLA-1270-1 DLA-1035-1 DLA-939-1}
	- qemu 1:2.8+dfsg-4 (bug #857744)
	- qemu-kvm <removed>
	- xen 4.4.0-1
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: https://xenbits.xen.org/xsa/advisory-211.html
	NOTE: https://www.openwall.com/lists/oss-security/2017/03/14/2
	NOTE: Upstream patch http://git.qemu-project.org/?p=qemu.git;a=commit;h=50628d3479e4f9aa97e323506856e394fe7ad7a6
CVE-2016-9602 (Qemu before version 2.9 is vulnerable to an improper link following wh ...)
	{DLA-1497-1 DLA-1035-1 DLA-965-1}
	- qemu 1:2.8+dfsg-3 (bug #853006)
	- qemu-kvm <removed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1413929
	NOTE: The original proposed patch does not fix the issue, cf.
	NOTE: https://www.openwall.com/lists/oss-security/2017/01/17/14
	NOTE: Upstream patchset: https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06225.html
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1035
	NOTE: If fixing this issue for older suites, then make sure not to open the
	NOTE: CVE-2017-7471 vulnerability and apply as well 9c6b899f7a46893ab3b671e341a2234e9c0c060e
	NOTE: See further details in the CVE-2017-7471 tracker entry.
CVE-2016-9601 (ghostscript before version 9.21 is vulnerable to a heap based buffer o ...)
	{DSA-3817-1 DLA-874-1}
	- jbig2dec 0.13-4 (bug #850497)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697457
	NOTE: Patch: https://git.ghostscript.com/?p=jbig2dec.git;a=commitdiff;h=e698d5c11d27212aa1098bc5b1673a3378563092
CVE-2016-9600 (JasPer before version 2.0.10 is vulnerable to a null pointer dereferen ...)
	- jasper <removed> (unimportant)
	NOTE: https://github.com/mdadams/jasper/issues/109
	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/a632c6b54bd4ffc3bebab420e00b7e7688aa3846
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2016-9599 (puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access ...)
	NOT-FOR-US: puppet-tripleo
CVE-2016-9598 (libxml2, as used in Red Hat JBoss Core Services, allows context-depend ...)
	- libxml2 <not-affected> (Red Hat specific security regressions)
CVE-2016-9597 (It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 f ...)
	- libxml2 <not-affected> (Red Hat specific security regressions)
CVE-2016-9596 (libxml2, as used in Red Hat JBoss Core Services and when in recovery m ...)
	- libxml2 <not-affected> (Red Hat specific security regressions)
CVE-2016-9595 (A flaw was found in katello-debug before 3.4.0 where certain scripts a ...)
	NOT-FOR-US: Katello
CVE-2016-9594 (curl before version 7.52.1 is vulnerable to an uninitialized random in ...)
	- curl <not-affected> (Only affects 7.52.0)
	NOTE: https://curl.haxx.se/docs/adv_20161223.html
CVE-2016-9593 (foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman ...)
	- foreman <itp> (bug #663101)
CVE-2016-9592 (openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a f ...)
	NOT-FOR-US: OpenShift
CVE-2016-9591 (JasPer before version 2.0.12 is vulnerable to a use-after-free in the  ...)
	{DSA-3827-1 DLA-920-1}
	- jasper <removed>
	NOTE: https://github.com/mdadams/jasper/issues/105
	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/03fe49ab96bf65fea784cdc256507ea88267fc7c
CVE-2016-9590 (puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an informat ...)
	- puppet-module-swift 9.4.4-1 (bug #851293)
CVE-2016-9589 (Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable  ...)
	NOT-FOR-US: Red Hat specific use of undertow in Wildfly
CVE-2016-9588 (arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP  ...)
	{DSA-3804-1 DLA-849-1}
	- linux 4.8.15-2
	NOTE: https://www.spinics.net/lists/kvm/msg142495.html
	NOTE: Fixed by: https://git.kernel.org/linus/ef85b67385436ddc1998f45f1d6a210f935b3388
CVE-2016-9587 (Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper inpu ...)
	- ansible 2.2.0.0-3 (bug #850846)
	[jessie] - ansible <not-affected> (Vulnerable code not present, way ssh commands was reworked in 2.x branch)
	NOTE: Fixed by: https://github.com/ansible/ansible/commit/ec84ff6de6eca9224bf3f22b752bb8da806611ed (v2.2.1.0-0.3.rc3)
	NOTE: Fixed by: https://github.com/ansible/ansible/commit/eb8c26c105e8457b86324b64a13fac37d8862d47 (v2.2.1.0-0.4.rc4)
	NOTE: Fixed by: https://github.com/ansible/ansible/commit/cc4634a5e73c06c6b4581f11171289ca9228391e (v2.2.1.0-0.4.rc4)
	NOTE: Fix in 2.2.0.0-2 only partially addressed the issues, and needed a follow-up, 2.2.0.0-3
CVE-2016-9586 (curl before version 7.52.0 is vulnerable to a buffer overflow when doi ...)
	{DLA-1568-1 DLA-767-1}
	- curl 7.52.1-1 (bug #848958)
	NOTE: https://curl.haxx.se/docs/adv_20161221A.html
	NOTE: Fixed by: https://github.com/curl/curl/commit/3ab3c16db6a5674f53cf23d56512a405fde0b2c9
	NOTE: There are no known vulnerable applications but as this is a
	NOTE: library it should be fixed as we do not know the full impact.
CVE-2016-9585 (Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untr ...)
	NOT-FOR-US: JMX endpoint of Red Hat JBoss EAP 5
CVE-2016-9584 (libical allows remote attackers to cause a denial of service (use-afte ...)
	{DLA-959-1}
	- libical3 3.0.1-1
	- libical <removed> (bug #852034)
	[stretch] - libical <ignored> (Minor issue)
	[jessie] - libical <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/15/5
	NOTE: Upstream ticket: https://github.com/libical/libical/issues/253
CVE-2016-9583 (An out-of-bounds heap read vulnerability was found in the jpc_pi_nextp ...)
	- jasper <removed> (unimportant)
	NOTE: https://github.com/mdadams/jasper/issues/103
	NOTE: Fixed by https://github.com/mdadams/jasper/commit/99a50593254d1b53002719bbecfc946c84b23d27
	NOTE: The issue exists due to an overflow check which is not present
	NOTE: in Wheezy and Jessie. However it makes sense to implement this check.
	NOTE: This can be done when more important issues are found [wheezy].
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2016-9582
	REJECTED
CVE-2016-9581 (An infinite loop vulnerability in tiftoimage that results in heap buff ...)
	- openjpeg2 <unfixed> (unimportant)
	NOTE: https://github.com/uclouvain/openjpeg/issues/872
	NOTE: Fixed by: https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255
	NOTE: not built into the binary packages
CVE-2016-9580 (An integer overflow vulnerability was found in tiftoimage function in  ...)
	- openjpeg2 <unfixed> (unimportant)
	NOTE: https://github.com/uclouvain/openjpeg/issues/871
	NOTE: Fixed by: https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255
	NOTE: not built into the binary packages
CVE-2016-9579 (A flaw was found in the way Ceph Object Gateway would process cross-or ...)
	- ceph 10.2.5-2 (bug #849048)
	[jessie] - ceph 0.80.7-2+deb8u2
	NOTE: http://tracker.ceph.com/issues/18187
CVE-2016-9578 (A vulnerability was discovered in SPICE before 0.13.90 in the server's ...)
	{DSA-3790-1 DLA-825-1}
	- spice 0.12.8-2.1 (bug #854336)
	NOTE: Fixed by: https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=1c6517973095a67c8cb57f3550fc1298404ab556 (0.12.x)
	NOTE: Fixed by: https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=f66dc643635518e53dfbe5262f814a64eec54e4a (0.12.x)
CVE-2016-9577 (A vulnerability was discovered in SPICE before 0.13.90 in the server's ...)
	{DSA-3790-1 DLA-825-1}
	- spice 0.12.8-2.1 (bug #854336)
	NOTE: Fixed by: https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=5f96b596353d73bdf4bb3cd2de61e48a7fd5b4c3 (0.12.x)
CVE-2016-10088 (The sg implementation in the Linux kernel through 4.9 does not properl ...)
	{DLA-772-1}
	- linux 4.8.15-2
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/128394eff343fc6d2f32172f03e24829539c5835 (v4.10-rc1)
CVE-2016-9576 (The blk_rq_map_user_iov function in block/blk-map.c in the Linux kerne ...)
	{DLA-772-1}
	- linux 4.8.15-1
	[jessie] - linux 3.16.39-1
	NOTE: https://marc.info/?l=linux-scsi&m=148010092224801&w=2
	NOTE: https://gist.githubusercontent.com/dvyukov/80cd94b4e4c288f16ee4c787d404118b/raw/10536069562444da51b758bb39655b514ff93b45/gistfile1.txt
	NOTE: Fixed by: https://git.kernel.org/linus/a0ac402cfcdc904f9772e1762b3fda112dcc56a0 (v4.9)
CVE-2016-9575 (Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not  ...)
	- freeipa 4.4.4-1 (bug #849950)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1395311
	NOTE: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=fec4c32ff15
	NOTE: https://fedorahosted.org/freeipa/ticket/6560
CVE-2016-9574 (nss before version 3.30 is vulnerable to a remote denial of service du ...)
	- nss 2:3.25-1
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1320695
	NOTE: The CVE is specific to the segfault resulting from the reproducing steps
	NOTE: as per buzilla entry, and https://bugzilla.redhat.com/show_bug.cgi?id=1397482
	NOTE: https://hg.mozilla.org/projects/nss/rev/7385cd821735
CVE-2016-9573 (An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in th ...)
	{DSA-3768-1}
	- openjpeg2 2.1.2-1.1 (bug #851422)
	NOTE: https://github.com/uclouvain/openjpeg/issues/863
	NOTE: https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d
CVE-2016-9572 (A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 de ...)
	{DSA-3768-1}
	- openjpeg2 2.1.2-1.1 (bug #851422)
	NOTE: https://github.com/uclouvain/openjpeg/issues/863
	NOTE: https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d
CVE-2016-9571
	REJECTED
CVE-2016-9570 (cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial  ...)
	NOT-FOR-US: Carbon Black
CVE-2016-9569 (The cbstream.sys driver in Carbon Black 5.1.1.60603 allows local users ...)
	NOT-FOR-US: Carbon Black
CVE-2016-9568 (A security design issue can allow an unprivileged user to interact wit ...)
	NOT-FOR-US: Carbon Black
CVE-2016-9567 (The mDNIe system service on Samsung Mobile S7 devices with M(6.0) soft ...)
	NOT-FOR-US: Samsung
CVE-2016-9566 (base/logging.c in Nagios Core before 4.2.4 allows local users with acc ...)
	{DLA-1615-1 DLA-751-1}
	- nagios3 <removed>
	[wheezy] - nagios3 <no-dsa> (Minor issue)
	NOTE: https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4
	NOTE: https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html
	NOTE: nagios < 3.5 is not vulnerable through the regular logfile, but through the debug logfile
	- icinga 1.13.4-1
	[jessie] - icinga <no-dsa> (Minor issue)
	[wheezy] - icinga <no-dsa> (Minor issue)
	NOTE: https://dev.icinga.com/issues/13709
	NOTE: https://github.com/Icinga/icinga-core/commit/a0eb8471673b6b1e9b37e1b7b91151aa00bedb65
	NOTE: https://github.com/Icinga/icinga-core/commit/e0f55bc9b17ef1db9aed7393fc34576a5b9501f0
CVE-2016-9565 (MagpieRSS, as used in the front-end component in Nagios Core before 4. ...)
	{DLA-751-1}
	- nagios3 3.5.1-1
	NOTE: https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html
	NOTE: The RSS feed and call-home was removed in src:nagios3 3.5.1-1 where the affected
	NOTE: function was removed.
	NOTE: The scope of the CVE is specific to Nagios.
	NOTE: impact lessened by the hardened permissions in Debian: files can be extracted, but no backdoor can be installed as the web root is not writable
CVE-2016-9564 (Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remot ...)
	- boa <not-affected> (the vuln was removed in 0.93.14)
	NOTE: http://www.ljcusack.io/cve-2016-9564-stack-based-buffer-overflow-in-boa-0-dot-92r
CVE-2016-9563 (BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticate ...)
	NOT-FOR-US: SAP
CVE-2016-9562 (SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of ...)
	NOT-FOR-US: SAP
CVE-2016-9561 (The che_configure function in libavcodec/aacdec_template.c in FFmpeg b ...)
	- ffmpeg 7:3.2.4-1 (unimportant)
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/08/1
	NOTE: non-issue, legitimate media file. If a server application uses libav* on untrusted media
	NOTE: files, it needs to set resource limits
CVE-2016-9554 (The Sophos Web Appliance Remote / Secure Web Gateway server (version 4 ...)
	NOT-FOR-US: Sophos
CVE-2016-9553 (The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote ...)
	NOT-FOR-US: Sophos
CVE-2016-9552
	RESERVED
CVE-2016-9551
	RESERVED
CVE-2016-9550
	RESERVED
CVE-2016-9549
	RESERVED
CVE-2016-9548
	RESERVED
CVE-2016-9547
	RESERVED
CVE-2016-9546
	RESERVED
CVE-2016-9545
	RESERVED
CVE-2016-9544
	RESERVED
CVE-2016-9543
	RESERVED
CVE-2016-9542
	RESERVED
CVE-2016-9541
	RESERVED
CVE-2016-9531
	REJECTED
CVE-2016-9530
	REJECTED
CVE-2016-9529
	REJECTED
CVE-2016-9528
	REJECTED
CVE-2016-9527
	REJECTED
CVE-2016-9526
	REJECTED
CVE-2016-9525
	REJECTED
CVE-2016-9524
	REJECTED
CVE-2016-9523
	REJECTED
CVE-2016-9522
	REJECTED
CVE-2016-9521
	REJECTED
CVE-2016-9520
	REJECTED
CVE-2016-9519
	REJECTED
CVE-2016-9518
	REJECTED
CVE-2016-9517
	REJECTED
CVE-2016-9516
	REJECTED
CVE-2016-9515
	REJECTED
CVE-2016-9514
	REJECTED
CVE-2016-9513
	REJECTED
CVE-2016-9512
	REJECTED
CVE-2016-9511
	REJECTED
CVE-2016-9510
	REJECTED
CVE-2016-9509
	REJECTED
CVE-2016-9508
	REJECTED
CVE-2016-9507
	REJECTED
CVE-2016-9506
	REJECTED
CVE-2016-9505
	REJECTED
CVE-2016-9504
	REJECTED
CVE-2016-9503
	REJECTED
CVE-2016-9502
	REJECTED
CVE-2016-9501
	REJECTED
CVE-2016-9500 (Accellion FTP server prior to version FTA_9_12_220 uses the Accusoft P ...)
	NOT-FOR-US: Accellion
CVE-2016-9499 (Accellion FTP server prior to version FTA_9_12_220 only returns the us ...)
	NOT-FOR-US: Accellion
CVE-2016-9498 (ManageEngine Applications Manager 12 and 13 before build 13200, allows ...)
	NOT-FOR-US: ManageEngine
CVE-2016-9497 (Hughes high-performance broadband satellite modems, models HN7740S DW7 ...)
	NOT-FOR-US: Hughes
CVE-2016-9496 (Hughes high-performance broadband satellite modems, models HN7740S DW7 ...)
	NOT-FOR-US: Hughes
CVE-2016-9495 (Hughes high-performance broadband satellite modems, models HN7740S DW7 ...)
	NOT-FOR-US: Hughes
CVE-2016-9494 (Hughes high-performance broadband satellite modems, models HN7740S DW7 ...)
	NOT-FOR-US: Hughes
CVE-2016-9493 (The code generated by PHP FormMail Generator prior to 17 December 2016 ...)
	NOT-FOR-US: PHP FormMail Generator
CVE-2016-9492 (The code generated by PHP FormMail Generator prior to 17 December 2016 ...)
	NOT-FOR-US: PHP FormMail Generator
CVE-2016-9491 (ManageEngine Applications Manager 12 and 13 before build 13690 allows  ...)
	NOT-FOR-US: ManageEngine
CVE-2016-9490 (ManageEngine Applications Manager versions 12 and 13 before build 1320 ...)
	NOT-FOR-US: ManageEngine Applications Manager
CVE-2016-9489 (In ManageEngine Applications Manager 12 and 13 before build 13200, an  ...)
	NOT-FOR-US: ManageEngine
CVE-2016-9488 (ManageEngine Applications Manager versions 12 and 13 before build 1320 ...)
	NOT-FOR-US: ManageEngine Applications Manager
CVE-2016-9487 (EpubCheck 4.0.1 does not properly restrict resolving external entities ...)
	NOT-FOR-US: EpubCheck
CVE-2016-9486 (On Windows endpoints, the SecureConnector agent must run under the loc ...)
	NOT-FOR-US: SecureConnector agent
CVE-2016-9485 (On Windows endpoints, the SecureConnector agent must run under the loc ...)
	NOT-FOR-US: SecureConnector agent
CVE-2016-9484 (The generated PHP form code does not properly validate user input fold ...)
	NOT-FOR-US: PHP FormMail Generator
CVE-2016-9483 (The PHP form code generated by PHP FormMail Generator deserializes unt ...)
	NOT-FOR-US: PHP FormMail Generator
CVE-2016-9482 (Code generated by PHP FormMail Generator may allow a remote unauthenti ...)
	NOT-FOR-US: PHP FormMail Generator
CVE-2016-4412 (An issue was discovered in phpMyAdmin. A user can be tricked into foll ...)
	{DLA-757-1}
	- phpmyadmin 4:4.1.7-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-57/
	NOTE: may affect wheezy only.
CVE-2016-9847 (An issue was discovered in phpMyAdmin. When the user does not specify  ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-58/
	NOTE: Debian packaging generates blowfish secret
CVE-2016-9848 (An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-59/
	NOTE: disabled by default, debugging setting required
CVE-2016-9849 (An issue was discovered in phpMyAdmin. It is possible to bypass AllowR ...)
	{DLA-1821-1 DLA-757-1}
	- phpmyadmin 4:4.6.5.1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-60/
CVE-2016-9850 (An issue was discovered in phpMyAdmin. Username matching for the allow ...)
	{DLA-1821-1 DLA-757-1}
	- phpmyadmin 4:4.6.5.1-1 (low)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-61/
CVE-2016-9851 (An issue was discovered in phpMyAdmin. With a crafted request paramete ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-62/
CVE-2016-9852 (An issue was discovered in phpMyAdmin. By calling some scripts that ar ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/
	NOTE: path disclosure not relevant in Debian
CVE-2016-9853 (An issue was discovered in phpMyAdmin. By calling some scripts that ar ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/
	NOTE: path disclosure not relevant in Debian
CVE-2016-9854 (An issue was discovered in phpMyAdmin. By calling some scripts that ar ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/
	NOTE: path disclosure not relevant in Debian
CVE-2016-9855 (An issue was discovered in phpMyAdmin. By calling some scripts that ar ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/
	NOTE: path disclosure not relevant in Debian
CVE-2016-9856 (An XSS issue was discovered in phpMyAdmin because of an improper fix f ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-64/
CVE-2016-9857 (An issue was discovered in phpMyAdmin. XSS is possible because of a we ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-64/
CVE-2016-9858 (An issue was discovered in phpMyAdmin. With a crafted request paramete ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/
CVE-2016-9859 (An issue was discovered in phpMyAdmin. With a crafted request paramete ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/
CVE-2016-9860 (An issue was discovered in phpMyAdmin. An unauthenticated user can exe ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/
CVE-2016-9861 (An issue was discovered in phpMyAdmin. Due to the limitation in URL ma ...)
	{DLA-1821-1 DLA-757-1}
	- phpmyadmin 4:4.6.5.1-1 (low)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-66/
CVE-2016-9862 (An issue was discovered in phpMyAdmin. With a crafted login request it ...)
	- phpmyadmin 4:4.6.5.1-1
	[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-67/
CVE-2016-9863 (An issue was discovered in phpMyAdmin. With a very large request to ta ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-68/
CVE-2016-9864 (An issue was discovered in phpMyAdmin. With a crafted username or a ta ...)
	{DLA-1821-1 DLA-757-1}
	- phpmyadmin 4:4.6.5.1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-69/
CVE-2016-9865 (An issue was discovered in phpMyAdmin. Due to a bug in serialized stri ...)
	{DLA-1415-1 DLA-757-1}
	- phpmyadmin 4:4.6.5.1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-70/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/17b34be (RELEASE_4_6_5)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1fc004d (MAINT_4_4_15)
CVE-2016-9866 (An issue was discovered in phpMyAdmin. When the arg_separator is diffe ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-71/
	NOTE: unlikely PHP configuration required, unclear impact
CVE-2016-9639 (Salt before 2015.8.11 allows deleted minions to read or write to minio ...)
	- salt 2016.3.0+ds-1
	[jessie] - salt <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2016/11/25/2
CVE-2016-9813 (The _parse_pat function in the mpegts parser in GStreamer before 1.10. ...)
	{DSA-3818-1}
	- gst-plugins-bad1.0 1.10.2-1 (low)
	- gst-plugins-bad0.10 <not-affected> (Vulnerable code introduced in 1.1.1 of 1.0 series)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775120
CVE-2016-9812 (The gst_mpegts_section_new function in the mpegts decoder in GStreamer ...)
	{DSA-3818-1}
	- gst-plugins-bad1.0 1.10.2-1 (low)
	- gst-plugins-bad0.10 <not-affected> (Vulnerable code introduced in 1.1.1 of 1.0 series)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775048
CVE-2016-9811 (The windows_icon_typefind function in gst-plugins-base in GStreamer be ...)
	{DSA-3819-1 DLA-2126-1 DLA-735-1}
	- gst-plugins-base1.0 1.10.2-1
	- gst-plugins-base0.10 <removed>
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774902
CVE-2016-9810 (The gst_decode_chain_free_internal function in the flxdex decoder in g ...)
	- gst-plugins-good1.0 1.10.1-2
	[jessie] - gst-plugins-good1.0 1.4.4-2+deb8u2
	- gst-plugins-good0.10 <removed>
	[jessie] - gst-plugins-good0.10 0.10.31-3+nmu4+deb8u2
	[wheezy] - gst-plugins-good0.10 0.10.31-3+nmu1+deb7u1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774897
CVE-2016-9809 (Off-by-one error in the gst_h264_parse_set_caps function in GStreamer  ...)
	{DSA-3818-1 DLA-2164-1 DLA-736-1}
	- gst-plugins-bad1.0 1.10.2-1
	- gst-plugins-bad0.10 <removed>
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774896
CVE-2016-9808 (The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to ...)
	- gst-plugins-good1.0 1.10.1-2
	[jessie] - gst-plugins-good1.0 1.4.4-2+deb8u2
	- gst-plugins-good0.10 <removed>
	[jessie] - gst-plugins-good0.10 0.10.31-3+nmu4+deb8u2
	[wheezy] - gst-plugins-good0.10 0.10.31-3+nmu1+deb7u1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774859
	NOTE: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
	NOTE: https://scarybeastsecurity.blogspot.dk/2016/11/0day-poc-incorrect-fix-for-gstreamer.html
CVE-2016-9807 (The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer bef ...)
	- gst-plugins-good1.0 1.10.1-2
	[jessie] - gst-plugins-good1.0 1.4.4-2+deb8u2
	- gst-plugins-good0.10 <removed>
	[jessie] - gst-plugins-good0.10 0.10.31-3+nmu4+deb8u2
	[wheezy] - gst-plugins-good0.10 0.10.31-3+nmu1+deb7u1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774859
	NOTE: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
CVE-2016-9806 (Race condition in the netlink_dump function in net/netlink/af_netlink. ...)
	- linux 4.6.3-1
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Introduced in 3.12)
	NOTE: Fixed by: https://git.kernel.org/linus/92964c79b357efd980812c4de5c1fd2ec8bb5520 (v4.7-rc1)
CVE-2016-9636 (Heap-based buffer overflow in the flx_decode_delta_fli function in gst ...)
	{DSA-3724-1 DSA-3723-1 DLA-727-1}
	- gst-plugins-good1.0 1.10.1-2 (bug #845375)
	- gst-plugins-good0.10 <removed>
	NOTE: https://scarybeastsecurity.blogspot.ch/2016/11/0day-exploit-advancing-exploitation.html
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774834
	NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bf43f44fcfada5ec4a3ce60cb374340486fe9fac
	NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2
	NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9
	NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
CVE-2016-9635 (Heap-based buffer overflow in the flx_decode_delta_fli function in gst ...)
	{DSA-3724-1 DSA-3723-1 DLA-727-1}
	- gst-plugins-good1.0 1.10.1-2 (bug #845375)
	- gst-plugins-good0.10 <removed>
	NOTE: https://scarybeastsecurity.blogspot.ch/2016/11/0day-exploit-advancing-exploitation.html
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774834
	NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bf43f44fcfada5ec4a3ce60cb374340486fe9fac
	NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2
	NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9
	NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
CVE-2016-9634 (Heap-based buffer overflow in the flx_decode_delta_fli function in gst ...)
	{DSA-3724-1 DSA-3723-1 DLA-727-1}
	- gst-plugins-good1.0 1.10.1-2 (bug #845375)
	- gst-plugins-good0.10 <removed>
	NOTE: https://scarybeastsecurity.blogspot.ch/2016/11/0day-exploit-advancing-exploitation.html
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774834
	NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bf43f44fcfada5ec4a3ce60cb374340486fe9fac
	NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2
	NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9
	NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
CVE-2016-9633 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/23
CVE-2016-9632 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/43
CVE-2016-9631 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/42
CVE-2016-9630 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/41
CVE-2016-9629 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/40
CVE-2016-9628 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/39
CVE-2016-9627 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/38
	NOTE: https://github.com/tats/w3m/commit/0c3f5d0e0d9269ad47b8f4b061d7818993913189
CVE-2016-9626 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/37
CVE-2016-9625 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/36
CVE-2016-9624 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/35
CVE-2016-9623 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/33
CVE-2016-9622 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/32
CVE-2016-9621
	REJECTED
CVE-2016-9560 (Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_ ...)
	{DSA-3785-1 DLA-739-1}
	- jasper <removed>
	NOTE: https://blogs.gentoo.org/ago/2016/11/20/jasper-stack-based-buffer-overflow-in-jpc_tsfb_getbands2-jpc_tsfb-c
	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/1abc2e5a401a4bf1d5ca4df91358ce5df111f495
CVE-2016-9558 ((1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf  ...)
	- dwarfutils 20161124-1 (bug #845408)
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2016/11/19/libdwarf-negation-overflow-in-dwarf_leb-c
	NOTE: Fixed by: https://sourceforge.net/p/libdwarf/code/ci/4f19e1050cd8e9ddf2cb6caa061ff2fec4c9b5f9/#diff-5
CVE-2016-9557 (Integer overflow in jas_image.c in JasPer before 1.900.25 allows remot ...)
	- jasper <removed>
	[jessie] - jasper <no-dsa> (There is no application crash unless jasper is built with ASAN)
	[wheezy] - jasper <no-dsa> (the fix is too invasive)
	NOTE: https://blogs.gentoo.org/ago/2016/11/19/jasper-signed-integer-overflow-in-jas_image-c
	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a
CVE-2016-9555 (The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kern ...)
	{DLA-772-1}
	- linux 4.8.11-1
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/bf911e985d6bbaa328c20c3e05f4eb03de11fdd6 (4.9-rc4)
CVE-2016-9481 (In framework/modules/core/controllers/expCommentController.php of Expo ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9480 (libdwarf 2016-10-21 allows context-dependent attackers to obtain sensi ...)
	- dwarfutils 20161124-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://www.prevanders.net/dwarfbug.html#DW201611-006
	NOTE: https://sourceforge.net/p/libdwarf/bugs/5/
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/5dd64de047cd5ec479fb11fe7ff2692fd819e5e5/
	NOTE: The code has substantially changed in libdwarf/dwarf_util.c from older
	NOTE: versions, but there  seem to be still back then an unchecked dereference
	NOTE: of val_ptr.
CVE-2016-9479 (The "lost password" functionality in b2evolution before 6.7.9 allows r ...)
	- b2evolution <removed>
CVE-2016-9478
	REJECTED
CVE-2016-9477
	REJECTED
CVE-2016-9476
	REJECTED
CVE-2016-9475
	REJECTED
CVE-2016-9474
	REJECTED
CVE-2016-9473 (Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and e ...)
	- brave-browser <itp> (bug #864795)
CVE-2016-9472 (Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9471 (Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element In ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9470 (Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Dow ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9469 (Multiple versions of GitLab expose a dangerous method to any authentic ...)
	- gitlab 8.13.6+dfsg2-2 (bug #847157)
	NOTE: https://about.gitlab.com/2016/12/05/cve-2016-9469/
	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/25064
CVE-2016-9468 (Nextcloud Server before 9.0.54 and 10.0.1 &amp; ownCloud Server before ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-9467 (Nextcloud Server before 9.0.54 and 10.0.1 &amp; ownCloud Server before ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-9466 (Nextcloud Server before 10.0.1 &amp; ownCloud Server before 9.0.6 and  ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-9465 (Nextcloud Server before 10.0.1 &amp; ownCloud Server before 9.0.6 and  ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-9464 (Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper aut ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-9463 (Nextcloud Server before 9.0.54 and 10.0.1 &amp; ownCloud Server before ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-9462 (Nextcloud Server before 9.0.52 &amp; ownCloud Server before 9.0.4 are  ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-9461 (Nextcloud Server before 9.0.52 &amp; ownCloud Server before 9.0.4 are  ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-9460 (Nextcloud Server before 9.0.52 &amp; ownCloud Server before 9.0.4 are  ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-9459 (Nextcloud Server before 9.0.52 &amp; ownCloud Server before 9.0.4 are  ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-9458
	REJECTED
CVE-2016-9457 (Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/st ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9456 (Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery ( ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9455 (Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery ( ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9454 (Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9444 (named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9. ...)
	{DSA-3758-1 DLA-805-1}
	[experimental] - bind9 1:9.10.4-P5-1
	- bind9 1:9.10.3.dfsg.P4-11 (bug #851062)
	NOTE: https://kb.isc.org/article/AA-01441/0
CVE-2016-9928 (MCabber before 1.0.4 is vulnerable to roster push attacks, which allow ...)
	{DLA-2260-1 DLA-724-1}
	- mcabber 0.10.2-1.1 (bug #845258)
	NOTE: https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033/raw
	NOTE: Similar issue for mcabber as for gajim in CVE-2015-8688
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/09/5
CVE-2016-XXXX [Rorster vulnerability similar to CVE-2015-8688]
	- slixmpp 1.2.2-1
	NOTE: Similar issue for mcabber as for gajim in CVE-2015-8688 (but should get a seprate CVE)
CVE-2016-XXXX [TOCTOU race condition in initscript on chown'ing JVM_TMP temporary directory]
	- tomcat8 8.0.38-1 (bug #840685)
	[jessie] - tomcat8 8.0.14-1+deb8u4
	NOTE: Workaround entry for DSA-3720-1 since no CVE assinged
	- tomcat7 7.0.72-3 (bug #841655)
	[jessie] - tomcat7 7.0.56-3+deb8u5
	[wheezy] - tomcat7 7.0.28-4+deb7u7
	NOTE: Workaround entry for DSA-3721-1 since no CVE assinged
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
CVE-2016-10071 (coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to  ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845246)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545366
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/131
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f3b483e8b054c50149912523b4773687e18afe25
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10070 (Heap-based buffer overflow in the CalcMinMax function in coders/mat.c  ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845246)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545366
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/131
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b173a352397877775c51c9a0e9d59eb6ce24c455
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10069 (coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to  ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845244)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/8a370f9ab120faf182aa160900ba692ba8e2bcf0
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-9559 (coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.5+dfsg-1 (bug #845243)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1c795ce9fe1d6feac8bc36c2e6c5ba7110b671b1
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b61d35eaccc0a7ddeff8a1c3abfcd0a43ccf210b (master)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/298
CVE-2016-9773 (Heap-based buffer overflow in the IsPixelGray function in MagickCore/p ...)
	- imagemagick <not-affected> (Affects only the ImageMagick-7 branch, cf. NOTE)
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/4e8c2ed53fcb54a34b3a6185b2584f26cf6874a3
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556/
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/312
	NOTE: Upstream statement: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31045
CVE-2016-9556 (The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.5+dfsg-1 (bug #845242)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/301
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/174de08d7c81ce147689f3b1c73fadd6bf1c023c
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ce98a7acbcfca7f0a178f4b1e7b957e419e0cc99 (master)
CVE-2016-10068 (The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attack ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.5+dfsg-1 (bug #845241)
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/56d6e20de489113617cbbddaf41e92600a34db22
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10058 (Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagi ...)
	- imagemagick 8:6.9.6.5+dfsg-1 (bug #845239)
	[jessie] - imagemagick <not-affected> (Vulnerable code using layer_info[i].info introduced later)
	[wheezy] - imagemagick <not-affected> (Vulnerable code using layer_info[i].info introduced later)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4ec444f4eab88cf4bec664fafcf9cab50bc5ff6a
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10067 (magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers  ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845213)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10066 (Buffer overflow in the ReadVIFFImage function in coders/viff.c in Imag ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845213)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10065 (The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0. ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845212)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/129
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/134463b926fa965571aa4febd61b810be5e7da05
	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545183
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10064 (Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows  ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845202)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f8877abac8e568b2f339cca70c2c3c1b6eaec288
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10063 (Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows  ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845198)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/2bb6941a2d557f26a2f2049ade466e118eeaab91
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10062 (The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not  ...)
	{DSA-3799-1 DLA-868-1}
	- imagemagick 8:6.9.7.4+dfsg-1 (bug #849439)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/196
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/352
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
	NOTE: CVE is for the fwrite issue in ReadGROUP4Image. This was
	NOTE: specifically noted at the beginning of issues/196, but not fixed in
	NOTE: either of these commits 933e96f01a8c889c7bf5ffd30020e86a02a046e7 nor
	NOTE: 4e914bbe371433f0590cefdf3bd5f3a5710069f9 upstream. It is not the same
	NOTE: as the fputc issue in ReadGROUP4Image.
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/41e955984b034777903cfa61e500a0b922eb9cbd
CVE-2016-10061 (The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7. ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845196)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4e914bbe371433f0590cefdf3bd5f3a5710069f9
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/196
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10060 (The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagi ...)
	{DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845196)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/933e96f01a8c889c7bf5ffd30020e86a02a046e7
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/196
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10059 (Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows  ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845195)
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-9448 (The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attacke ...)
	- tiff <not-affected> (Vulnerable code introduced by fix for CVE-2016-9297)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2593
	NOTE: Regression introduced by previous fix done on 2016-11-11 for CVE-2016-9297
CVE-2016-9421 (Cross-site scripting (XSS) vulnerability in the Users module in the Ad ...)
	NOT-FOR-US: MyBB
CVE-2016-9420 (MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1 ...)
	NOT-FOR-US: MyBB
CVE-2016-9419 (Cross-site scripting (XSS) vulnerability in the Admin control panel in ...)
	NOT-FOR-US: MyBB
CVE-2016-9418 (MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge Syst ...)
	NOT-FOR-US: MyBB
CVE-2016-9417 (The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1. ...)
	NOT-FOR-US: MyBB
CVE-2016-9416 (SQL injection vulnerability in the users data handler in MyBB (aka MyB ...)
	NOT-FOR-US: MyBB
CVE-2016-9415 (MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge Syst ...)
	NOT-FOR-US: MyBB
CVE-2016-9414 (MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1 ...)
	NOT-FOR-US: MyBB
CVE-2016-9413 (The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and ...)
	NOT-FOR-US: MyBB
CVE-2016-9412 (MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1 ...)
	NOT-FOR-US: MyBB
CVE-2016-9411 (The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and ...)
	NOT-FOR-US: MyBB
CVE-2016-9410 (MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1 ...)
	NOT-FOR-US: MyBB
CVE-2016-9409 (Cross-site scripting (XSS) vulnerability in the Admin control panel in ...)
	NOT-FOR-US: MyBB
CVE-2016-9408 (Cross-site scripting (XSS) vulnerability in the Mod control panel in M ...)
	NOT-FOR-US: MyBB
CVE-2016-9407 (Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) ...)
	NOT-FOR-US: MyBB
CVE-2016-9406 (Cross-site scripting (XSS) vulnerability in the User control panel in  ...)
	NOT-FOR-US: MyBB
CVE-2016-9405 (Cross-site scripting (XSS) vulnerability in member validation in MyBB  ...)
	NOT-FOR-US: MyBB
CVE-2016-9404 (Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) ...)
	NOT-FOR-US: MyBB
CVE-2016-9403 (newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge ...)
	NOT-FOR-US: MyBB
CVE-2016-9402 (SQL injection vulnerability in the moderation tool in MyBB (aka MyBull ...)
	NOT-FOR-US: MyBB
CVE-2016-9386 (The x86 emulator in Xen does not properly treat x86 NULL segments as u ...)
	{DSA-3729-1 DLA-720-1}
	- xen 4.8.0-1 (bug #845663)
	NOTE: https://xenbits.xen.org/xsa/advisory-191.html
CVE-2016-9385 (The x86 segment base write emulation functionality in Xen 4.4.x throug ...)
	{DSA-3729-1}
	- xen 4.8.0-1 (bug #845665)
	[wheezy] - xen <not-affected> (Only affects Xen >= 4.4)
	NOTE: https://xenbits.xen.org/xsa/advisory-193.html
CVE-2016-9384 (Xen 4.7 allows local guest OS users to obtain sensitive host informati ...)
	- xen 4.8.0-1 (bug #845667)
	[jessie] - xen <not-affected> (Only affects Xen >= 4.7)
	[wheezy] - xen <not-affected> (Only affects Xen >= 4.7)
	NOTE: https://xenbits.xen.org/xsa/advisory-194.html
CVE-2016-9383 (Xen, when running on a 64-bit hypervisor, allows local x86 guest OS us ...)
	{DSA-3729-1 DLA-720-1}
	- xen 4.8.0-1 (bug #845668)
	NOTE: https://xenbits.xen.org/xsa/advisory-195.html
CVE-2016-9382 (Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, whic ...)
	{DSA-3729-1 DLA-720-1}
	- xen 4.8.0-1 (bug #845664)
	NOTE: https://xenbits.xen.org/xsa/advisory-192.html
CVE-2016-9381 (Race condition in QEMU in Xen allows local x86 HVM guest OS administra ...)
	{DLA-720-1}
	- xen 4.4.0-1
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: https://xenbits.xen.org/xsa/advisory-197.html
CVE-2016-9380 (The pygrub boot loader emulator in Xen, when nul-delimited output form ...)
	{DSA-3729-1 DLA-720-1}
	- xen 4.8.0-1 (bug #845670)
	NOTE: https://xenbits.xen.org/xsa/advisory-198.html
CVE-2016-9379 (The pygrub boot loader emulator in Xen, when S-expression output forma ...)
	{DSA-3729-1 DLA-720-1}
	- xen 4.8.0-1 (bug #845670)
	NOTE: https://xenbits.xen.org/xsa/advisory-198.html
CVE-2016-9378 (Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when  ...)
	- xen 4.8.0-1 (bug #845669)
	[jessie] - xen <not-affected> (Only 4.5 onwards vulnerable)
	[wheezy] - xen <not-affected> (Only 4.5 onwards vulnerable)
	NOTE: https://xenbits.xen.org/xsa/advisory-196.html
CVE-2016-9377 (Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when  ...)
	- xen 4.8.0-1 (bug #845669)
	[jessie] - xen <not-affected> (Only 4.5 onwards vulnerable)
	[wheezy] - xen <not-affected> (Only 4.5 onwards vulnerable)
	NOTE: https://xenbits.xen.org/xsa/advisory-196.html
CVE-2016-9371 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...)
	NOT-FOR-US: Moxa
CVE-2016-9370
	REJECTED
CVE-2016-9369 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...)
	NOT-FOR-US: Moxa
CVE-2016-9368 (An issue was discovered in Eaton xComfort Ethernet Communication Inter ...)
	NOT-FOR-US: Eaton xComfort Ethernet Communication Interface
CVE-2016-9367 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...)
	NOT-FOR-US: Moxa
CVE-2016-9366 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...)
	NOT-FOR-US: Moxa
CVE-2016-9365 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...)
	NOT-FOR-US: Moxa
CVE-2016-9364 (An issue was discovered in Fidelix FX-20 series controllers, versions  ...)
	NOT-FOR-US: Moxa
CVE-2016-9363 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...)
	NOT-FOR-US: Moxa
CVE-2016-9362 (An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (release ...)
	NOT-FOR-US: WAGO
CVE-2016-9361 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...)
	NOT-FOR-US: Moxa
CVE-2016-9360 (An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFI ...)
	NOT-FOR-US: General Electric
CVE-2016-9359
	REJECTED
CVE-2016-9358 (A Hard-Coded Passwords issue was discovered in Marel Food Processing S ...)
	NOT-FOR-US: Marel
CVE-2016-9357 (An issue was discovered in certain legacy Eaton ePDUs -- the affected  ...)
	NOT-FOR-US: legacy Eaton ePDUs
CVE-2016-9356 (An issue was discovered in Moxa DACenter Versions 1.4 and older. The a ...)
	NOT-FOR-US: Moxa
CVE-2016-9355 (An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8 ...)
	NOT-FOR-US: Alaris 8015 Point of Care
CVE-2016-9354 (An issue was discovered in Moxa DACenter Versions 1.4 and older. A spe ...)
	NOT-FOR-US: Moxa
CVE-2016-9353 (An issue was discovered in Advantech SUISAccess Server Version 3.0 and ...)
	NOT-FOR-US: Advantech SUISAccess Server
CVE-2016-9352
	REJECTED
CVE-2016-9351 (An issue was discovered in Advantech SUISAccess Server Version 3.0 and ...)
	NOT-FOR-US: Advantech SUISAccess Server
CVE-2016-9350
	REJECTED
CVE-2016-9349 (An issue was discovered in Advantech SUISAccess Server Version 3.0 and ...)
	NOT-FOR-US: Advantech SUISAccess Server
CVE-2016-9348 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...)
	NOT-FOR-US: Moxa
CVE-2016-9347 (An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Ca ...)
	NOT-FOR-US: Emerson
CVE-2016-9346 (An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 ...)
	NOT-FOR-US: Moxa
CVE-2016-9345 (An issue was discovered in Emerson DeltaV Easy Security Management Del ...)
	NOT-FOR-US: Emerson
CVE-2016-9344 (An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 ...)
	NOT-FOR-US: Moxa
CVE-2016-9343 (An issue was discovered in Rockwell Automation Logix5000 Programmable  ...)
	NOT-FOR-US: Rockwell
CVE-2016-9342
	REJECTED
CVE-2016-9341
	REJECTED
CVE-2016-9340
	REJECTED
CVE-2016-9339 (An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versio ...)
	NOT-FOR-US: INTERSCHALT Maritime Systems
CVE-2016-9338 (An issue was discovered in Rockwell Automation Allen-Bradley MicroLogi ...)
	NOT-FOR-US: Rockwell
CVE-2016-9337 (An issue was discovered in Tesla Motors Model S automobile, all firmwa ...)
	NOT-FOR-US: Tesla car
CVE-2016-9336
	REJECTED
CVE-2016-9335 (A hard-coded cryptographic key vulnerability was identified in Red Lio ...)
	NOT-FOR-US: Red Lion Controls Sixnet-Managed Industrial Switches
CVE-2016-9334 (An issue was discovered in Rockwell Automation Allen-Bradley MicroLogi ...)
	NOT-FOR-US: Rockwell
CVE-2016-9333 (An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. ...)
	NOT-FOR-US: Moxa
CVE-2016-9332 (An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. ...)
	NOT-FOR-US: Moxa
CVE-2016-9453 (The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote att ...)
	{DSA-3762-1}
	- tiff 4.0.6-3
	[wheezy] - tiff 4.0.2-6+deb7u7
	NOTE: CVE-2016-9453 for wheezy fixed via CVE-2016-5652
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Tools not shipped by tiff3)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2579
	NOTE: https://github.com/vadz/libtiff/commit/d2955714a4a0b8ca10941550cfbf64c7e111fbf1
	NOTE: For unstable this fix was included in the fix for TALOS-CAN-0187 / CVE-2016-5652
	NOTE: and included in patches/09-CVE-2016-5652.patch
	NOTE: Problem not reproducible in wheezy with 4.0.2-6+deb7u7, in jessie with 4.0.3-12.3+deb8u1, in both cases I get this output (but no segfault or error with valgrind):
	NOTE: TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
	NOTE: TIFFReadDirectory: Warning, Unknown field with tag 1 (0x1) encountered.
	NOTE: TIFFReadDirectory: Warning, Unknown field with tag 3 (0x3) encountered.
	NOTE: TIFFReadDirectory: IO error during reading of "BitsPerSample".
	NOTE: tiff2pdf: Can't open input file ./CVE-2016-9453.tiff for reading.
CVE-2016-9446 (The vmnc decoder in the gstreamer does not initialize the render canva ...)
	{DSA-3717-1 DLA-712-1}
	- gst-plugins-bad0.10 <removed>
	- gst-plugins-bad1.0 1.10.1-1
	NOTE: http://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html
	NOTE: Upstream Bug: https://bugzilla.gnome.org/show_bug.cgi?id=774533
	NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe
CVE-2016-9445 (Integer overflow in the vmnc decoder in the gstreamer allows remote at ...)
	{DSA-3717-1 DLA-712-1}
	- gst-plugins-bad0.10 <removed>
	- gst-plugins-bad1.0 1.10.1-1
	NOTE: http://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html
	NOTE: Upstream Bug: https://bugzilla.gnome.org/show_bug.cgi?id=774533
	NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe
CVE-2016-9452 (The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote a ...)
	- drupal8 <itp> (bug #756305)
	- drupal7 <not-affected> (Only affects Drupal 8)
	NOTE: https://www.drupal.org/SA-CORE-2016-005
	NOTE: https://www.openwall.com/lists/oss-security/2016/11/18/8
CVE-2016-9451 (Confirmation forms in Drupal 7.x before 7.52 make it easier for remote ...)
	{DSA-3718-1 DLA-715-1}
	- drupal7 7.52-1
	NOTE: https://www.drupal.org/SA-CORE-2016-005
	NOTE: https://www.openwall.com/lists/oss-security/2016/11/18/8
CVE-2016-9450 (The user password reset form in Drupal 8.x before 8.2.3 allows remote  ...)
	- drupal8 <itp> (bug #756305)
	- drupal7 <not-affected> (Only affects Drupal 8)
	NOTE: https://www.drupal.org/SA-CORE-2016-005
	NOTE: https://www.openwall.com/lists/oss-security/2016/11/18/8
CVE-2016-9449 (The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 mig ...)
	{DSA-3718-1 DLA-715-1}
	- drupal8 <itp> (bug #756305)
	- drupal7 7.52-1
	NOTE: https://www.drupal.org/SA-CORE-2016-005
	NOTE: https://www.openwall.com/lists/oss-security/2016/11/18/8
CVE-2016-9443 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/28
CVE-2016-9442 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/commit/d43527cfa0dbb3ccefec4a6f7b32c1434739aa29
CVE-2016-9441 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/24
CVE-2016-9440 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/22
CVE-2016-9439 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-33 (bug #844726)
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/20
CVE-2016-9438 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/18
CVE-2016-9437 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/17
CVE-2016-9436 (parsetagx.c in w3m before 0.5.3+git20161009 does not properly initiali ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/16
	NOTE: Fixed by: https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd
CVE-2016-9435 (The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 do ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/16
	NOTE: Fixed by: https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd
CVE-2016-9434 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/15
CVE-2016-9433 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/14
CVE-2016-9432 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/13
CVE-2016-9431 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/10
CVE-2016-9430 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/7
CVE-2016-9429 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/29
CVE-2016-9428 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/26
CVE-2016-9427 (Integer overflow vulnerability in bdwgc before 2016-09-27 allows attac ...)
	{DLA-721-1}
	[experimental] - libgc 1:7.4.4-1
	- libgc 1:7.6.4-0.3 (bug #844771)
	[stretch] - libgc <no-dsa> (Minor issue)
	[jessie] - libgc <no-dsa> (Minor issue)
	NOTE: https://github.com/ivmai/bdwgc/issues/135
	NOTE: Fixed by https://github.com/ivmai/bdwgc/commit/4e1a6f9d8f2a49403bbd00b8c8e5324048fb84d4
	NOTE: Fixed by https://github.com/ivmai/bdwgc/commit/7292c02fac2066d39dd1bcc37d1a7054fd1e32ee
	NOTE: Fixed by https://github.com/ivmai/bdwgc/commit/552ad0834672fed86ada6430150ef9ebdd3f54d7
CVE-2016-9426 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/25
CVE-2016-9425 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/21
CVE-2016-9424 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/12
CVE-2016-9423 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/9
CVE-2016-9422 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/8
CVE-2016-9401 (popd in bash might allow local users to bypass the restricted shell an ...)
	{DLA-1726-1}
	- bash 4.4-3 (bug #844727)
	[wheezy] - bash <no-dsa> (Minor issue)
	NOTE: Upstream bash considers this issue only to be a bug.
	NOTE: Proposed patch: https://lists.gnu.org/archive/html/bug-bash/2016-11/msg00116.html
	NOTE: Fixed by (4.4): https://ftp.gnu.org/pub/gnu/bash/bash-4.4-patches/bash44-006
CVE-2016-9399 (The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remo ...)
	- jasper <removed> (unimportant)
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00044-jasper-assert-calcstepsizes
	NOTE: Negligible security impact
CVE-2016-9398 (The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 all ...)
	- jasper <removed> (unimportant)
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00023-jasper-assert-jpc_floorlog2
	NOTE: Negligible security impact
CVE-2016-9397 (The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows rem ...)
	- jasper <removed> (unimportant)
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00010-jasper-assert-jpc_dequantize
	NOTE: Negligible security impact
CVE-2016-9396 (The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0. ...)
	- jasper <removed> (unimportant)
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00004-jasper-assert-JPC_NOMINALGAIN
	NOTE: Negligible security impact
CVE-2016-9395 (The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 a ...)
	- jasper <removed> (unimportant)
	NOTE: Fix: https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00043-jasper-assert-jas_matrix_t
	NOTE: Negligible security impact
CVE-2016-9394 (The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 a ...)
	- jasper <removed> (unimportant)
	NOTE: Fix: https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00016-jasper-assert-jas_matrix_t
	NOTE: Negligible security impact
CVE-2016-9393 (The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17  ...)
	- jasper <removed> (unimportant)
	NOTE: Fix: https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00013-jasper-assert-jpc_pi_nextrpcl
	NOTE: Negligible security impact
CVE-2016-9392 (The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allo ...)
	- jasper <removed> (unimportant)
	NOTE: Fix: https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00012-jasper-assert-calcstepsizes
	NOTE: Negligible security impact
CVE-2016-9391 (The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 ...)
	- jasper <removed> (unimportant)
	NOTE: Fix: https://github.com/mdadams/jasper/commit/1e84674d95353c64e5c4c0e7232ae86fd6ea813b
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00014-jasper-assert-jpc_bitstream_getbits
	NOTE: Negligible security impact
CVE-2016-9390 (The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 a ...)
	- jasper <removed> (unimportant)
	NOTE: Fix: https://github.com/mdadams/jasper/commit/ba2b9d000660313af7b692542afbd374c5685865
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00007-jasper-assert-jas_matrix_t
	NOTE: Negligible security impact
CVE-2016-9389 (The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.90 ...)
	- jasper <removed> (unimportant)
	NOTE: Fix: https://github.com/mdadams/jasper/commit/dee11ec440d7908d1daf69f40a3324b27cf213ba
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00006-jasper-assert-jpc_irct
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00008-jasper-assert-jpc_iict
	NOTE: Negligible security impact
CVE-2016-9388 (The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows ...)
	- jasper <removed> (unimportant)
	NOTE: Fix: https://github.com/mdadams/jasper/commit/411a4068f8c464e883358bf403a3e25158863823
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00005-jasper-assert-ras_getcmap
	NOTE: Negligible security impact
CVE-2016-9387 (Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/ ...)
	- jasper <removed> (unimportant)
	NOTE: Fix: https://github.com/mdadams/jasper/commit/d91198abd00fc435a397fe6bad906a4c1748e9cf
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00003-jasper-assert-jas_matrix_t
	NOTE: Negligible security impact
CVE-2016-9372 (In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop exc ...)
	- wireshark 2.2.2+g9c5aae3-1
	[jessie] - wireshark <not-affected> (Only affects 2.2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.2.x)
	NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-58.html
CVE-2016-9373 (In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector c ...)
	{DSA-3719-1 DLA-714-1}
	- wireshark 2.2.2+g9c5aae3-1
	NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-61.html
CVE-2016-9374 (In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector  ...)
	{DSA-3719-1 DLA-714-1}
	- wireshark 2.2.2+g9c5aae3-1
	NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-59.html
CVE-2016-9375 (In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector coul ...)
	{DSA-3719-1 DLA-714-1}
	- wireshark 2.2.2+g9c5aae3-1
	NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-62.html
CVE-2016-9376 (In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector ...)
	{DSA-3719-1 DLA-714-1}
	- wireshark 2.2.2+g9c5aae3-1
	NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-60.html
CVE-2016-9331
	REJECTED
CVE-2016-9330
	REJECTED
CVE-2016-9329
	REJECTED
CVE-2016-9328
	REJECTED
CVE-2016-9327
	REJECTED
CVE-2016-9326
	REJECTED
CVE-2016-9325
	REJECTED
CVE-2016-9324
	REJECTED
CVE-2016-9323
	REJECTED
CVE-2016-9322
	REJECTED
CVE-2016-9400 (The CClient::ProcessServerPacket method in engine/client/client.cpp in ...)
	- teeworlds 0.6.4+dfsg-1 (bug #844546)
	[jessie] - teeworlds <no-dsa> (Minor issue; can be fixed via point release)
	[wheezy] - teeworlds <end-of-life> (Games are not supported in Wheezy)
	NOTE: https://www.teeworlds.com/?page=news&id=12086
	NOTE: https://github.com/teeworlds/teeworlds/commit/ff254722a2683867fcb3e67569ffd36226c4bc62 (0.6.4-release)
	NOTE: https://www.openwall.com/lists/oss-security/2016/11/16/8
CVE-2016-9321
	RESERVED
CVE-2016-9320
	RESERVED
CVE-2016-9319 (There is Missing SSL Certificate Validation in the Trend Micro Enterpr ...)
	NOT-FOR-US: Trend Micro
CVE-2016-9318 (libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and ot ...)
	[experimental] - libxml2 2.9.8+dfsg-1
	- libxml2 2.9.10+dfsg-2 (bug #844581)
	[buster] - libxml2 <ignored> (Minor issue; intrusive to backport)
	[stretch] - libxml2 <ignored> (Minor issue; intrusive to backport)
	[jessie] - libxml2 <ignored> (Minor issue; intrusive to backport)
	[wheezy] - libxml2 <no-dsa> (Minor issue)
	NOTE: Upstream Bug: https://bugzilla.gnome.org/show_bug.cgi?id=772726
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=2304078555896cf1638c628f50326aeef6f0e0d0
	NOTE: The patch introduces a new option that can be specified if this
	NOTE: behaviour is wanted. Not enforced by default.
	NOTE: The option though was reverted in https://git.gnome.org/browse/libxml2/commit/?id=030b1f7a27c22f9237eddca49ec5e620b6258d7d
	NOTE: New proposed/commited fix: https://git.gnome.org/browse/libxml2/commit/?id=ad88b54f1a28a8565964a370b5d387927b633c0d
CVE-2016-9317 (The gdImageCreate function in the GD Graphics Library (aka libgd) befo ...)
	{DSA-3777-1 DLA-804-1}
	- libgd2 2.2.4-1
	NOTE: https://github.com/libgd/libgd/commit/6944ea10cb730d5071620439c6c2e823e6caeff1
	NOTE: https://github.com/libgd/libgd/issues/340
CVE-2016-9316 (Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.tren ...)
	NOT-FOR-US: Trend Micro
CVE-2016-9315 (Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updat ...)
	NOT-FOR-US: Trend Micro
CVE-2016-9314 (Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigB ...)
	NOT-FOR-US: Trend Micro
CVE-2016-9313 (security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles un ...)
	- linux 4.8.7-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/7df3e59c3d1df4f87fe874c7956ef7a3d2f4d5fb (v4.9-rc3)
	NOTE: Introduced by: https://git.kernel.org/linus/13100a72f40f5748a04017e0ab3df4cf27c809ef (v4.7-rc1)
CVE-2016-9312 (ntpd in NTP before 4.2.8p9, when running on Windows, allows remote att ...)
	- ntp <not-affected> (Only ntpd on Windows)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3110
	NOTE: Only relevant for ntpd on Windows, but fixed source-wise in 1:4.2.8p9+dfsg-1
CVE-2016-9311 (ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows r ...)
	- ntp 1:4.2.8p9+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue, not vulnerable by default)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3119
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0204/
	NOTE: Only affects configurations that do not have "restrict noquery", Debian's default config does have that restriction.
CVE-2016-9310 (The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9  ...)
	- ntp 1:4.2.8p9+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue, not vulnerable by default)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3118
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0203/
	NOTE: Only affects configurations that do not have "restrict noquery", Debian's default config does have that restriction.
CVE-2016-9309
	RESERVED
CVE-2016-9308
	RESERVED
CVE-2016-9307 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can al ...)
	NOT-FOR-US: Autodesk
CVE-2016-9306 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can al ...)
	NOT-FOR-US: Autodesk
CVE-2016-9305 (Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismat ...)
	NOT-FOR-US: Autodesk
CVE-2016-9304 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can al ...)
	NOT-FOR-US: Autodesk
CVE-2016-9303 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can al ...)
	NOT-FOR-US: Autodesk
CVE-2016-9295
	RESERVED
CVE-2016-9293
	RESERVED
CVE-2016-9292
	RESERVED
CVE-2016-9291
	RESERVED
CVE-2016-9290
	RESERVED
CVE-2016-9289
	RESERVED
CVE-2016-9288 (In framework/modules/navigation/controllers/navigationController.php i ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9287 (In /framework/modules/notfound/controllers/notfoundController.php of E ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9286 (framework/modules/users/controllers/usersController.php in Exponent CM ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9285 (framework/modules/addressbook/controllers/addressController.php in Exp ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9284 (getUsersByJSON in framework/modules/users/controllers/usersController. ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9283 (SQL Injection in framework/core/subsystems/expRouter.php in Exponent C ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9282 (SQL Injection in framework/modules/search/controllers/searchController ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9281
	RESERVED
CVE-2016-9280
	RESERVED
CVE-2016-9277 (Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note ...)
	NOT-FOR-US: Samsung
CVE-2016-9274 (Untrusted search path vulnerability in Git 1.x for Windows allows loca ...)
	NOT-FOR-US: Git-for-Windows (Git fork containing Windows-specific patches)
CVE-2016-9272 (A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, wit ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9271 (Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x bef ...)
	NOT-FOR-US: Cloudera
CVE-2016-9270
	RESERVED
CVE-2016-9269 (Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches i ...)
	NOT-FOR-US: Trend Micro
CVE-2016-9268 (Unrestricted file upload vulnerability in the Blog appearance in the " ...)
	- dotclear <removed>
	NOTE: http://dev.dotclear.org/2.0/changeset/445e9ff79a1fa81033591761d6a340e219d159b2
	NOTE: http://dev.dotclear.org/2.0/ticket/2214
CVE-2016-9267
	RESERVED
CVE-2016-9263 (WordPress through 4.8.2, when domain-based flashmediaelement.swf sandb ...)
	{DLA-1151-1}
	- wordpress 4.1+dfsg-1
	NOTE: https://opnsec.com/2017/10/cve-2016-9263-unpatched-xsf-vulnerability-in-wordpress/
	NOTE: flashmediaelement.swf removed from source tree starting in 4.1+dfsg-1
CVE-2016-9447 (The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote a ...)
	{DSA-3713-1 DLA-712-1}
	- gst-plugins-bad0.10 <removed>
	NOTE: http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html
CVE-2016-9299 (The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allow ...)
	- jenkins <removed>
	NOTE: https://www.openwall.com/lists/oss-security/2016/11/12/4
CVE-2016-9298 (Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c i ...)
	- imagemagick 8:6.9.6.5+dfsg-1 (bug #844211)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/296
	NOTE: https://www.openwall.com/lists/oss-security/2016/11/13/1
CVE-2016-9300
	REJECTED
CVE-2016-9301
	REJECTED
CVE-2016-9302
	REJECTED
CVE-2016-9297 (The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attacke ...)
	{DSA-3762-1 DLA-716-1}
	- tiff 4.0.7-1 (bug #844226)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Unreproducible)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2590
	NOTE: https://www.openwall.com/lists/oss-security/2016/11/12/2
	NOTE: Patch https://github.com/vadz/libtiff/commit/30c9234c7fd0dd5e8b1e83ad44370c875a0270ed
	NOTE: Reproducible with valgrind in wheezy with 4.0.2-6+deb7u7
	NOTE: Reproducible with valgrind in jessie with 4.0.3-12.3+deb8u1
	NOTE: When fixing this CVE make sure to make the fix complete and not
	NOTE: introduce CVE-2016-9448 / http://bugzilla.maptools.org/show_bug.cgi?id=2593
	NOTE: Fix in 4.0.7 is complete.
	NOTE: Patch CVE-2016-9448: https://github.com/vadz/libtiff/commit/89406285f318ffad27af4b200204394b2ee6ba5e
CVE-2016-9540 (tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled im ...)
	{DSA-3762-1 DLA-795-1}
	- tiff 4.0.7-1
	- tiff3 <not-affected> (tiff3 not shipping tools)
	NOTE: https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3
CVE-2016-9539 (tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readCon ...)
	- tiff 4.0.7-1 (unimportant)
	- tiff3 <not-affected> (tiff3 not shipping tools)
	NOTE: https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53
	NOTE: Crash in CLI tool, no security impact
CVE-2016-9538 (tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readCon ...)
	{DSA-3762-1 DLA-795-1}
	- tiff 4.0.7-1
	- tiff3 <not-affected> (tiff3 not shipping tools)
	NOTE: https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b#diff-c8b4b355f9b5c06d585b23138e1c185f
CVE-2016-9537 (tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilit ...)
	{DSA-3762-1 DLA-795-1}
	- tiff 4.0.7-1
	- tiff3 <not-affected> (tiff3 not shipping tools)
	NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-c8b4b355f9b5c06d585b23138e1c185f
CVE-2016-9536 (tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilit ...)
	{DSA-3762-1 DLA-795-1}
	- tiff 4.0.7-1
	- tiff3 <not-affected> (tiff3 not shipping tools)
	NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5173a9b3b48146e4fd86d7b9b346115e
CVE-2016-9535 (tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that  ...)
	{DSA-3844-1 DLA-880-1 DLA-795-1}
	- tiff 4.0.7-1
	- tiff3 <removed>
	NOTE: https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1
	NOTE: https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33
CVE-2016-9534 (tif_write.c in libtiff 4.0.6 has an issue in the error code path of TI ...)
	{DSA-3762-1 DLA-880-1 DLA-795-1}
	- tiff 4.0.7-1
	- tiff3 <removed>
	NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5be5ce02d0dea67050d5b2a10102d1ba
CVE-2016-9533 (tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilitie ...)
	{DSA-3762-1 DLA-880-1 DLA-795-1}
	- tiff 4.0.7-1
	- tiff3 <removed>
	NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-bdc795f6afeb9558c1012b3cfae729ef
CVE-2016-9532 (Integer overflow in the writeBufferToSeparateStrips function in tiffcr ...)
	{DSA-3762-1 DLA-716-1}
	- tiff 4.0.7-1 (bug #844057)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Tools not shipped by tiff3)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2592
	NOTE: Patch: https://github.com/vadz/libtiff/commit/21d39de1002a5e69caa0574b2cc05d795d6fbfad
	NOTE: https://www.openwall.com/lists/oss-security/2016/11/11/14
CVE-2016-9296 (A null pointer dereference bug affects the 16.02 and many old versions ...)
	- p7zip 16.02+dfsg-2 (unimportant; bug #844344)
	[jessie] - p7zip <not-affected> (Vulnerable code with potential NULL pointer dereference introduced later)
	[wheezy] - p7zip <not-affected> (Vulnerable code with potential NULL pointer dereference introduced later)
	NOTE: https://sourceforge.net/p/p7zip/bugs/185/
	NOTE: no security impact
CVE-2016-9294 (Artifex Software, Inc. MuJS before 5008105780c0b0182ea6eda83ad5598f225 ...)
	NOT-FOR-US: MuJS
CVE-2016-9279 (Use-after-free vulnerability in the Samsung Exynos fimg2d driver for A ...)
	NOT-FOR-US: Samsung Exynos fimg2d driver for Android
CVE-2016-9278 (The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, o ...)
	NOT-FOR-US: Samsung Exynos fimg2d driver for Android
CVE-2016-9276 (The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf bef ...)
	- dwarfutils 20161124-1 (bug #844011)
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/
	NOTE: https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-dwarf_get_aranges_list-dwarf_arange-c
	NOTE: Same commit as for CVE-2016-9275. Needs the dwarf_arange.c part of the commit.
CVE-2016-9275 (Heap-based buffer overflow in the _dwarf_skim_forms function in libdwa ...)
	- dwarfutils 20161124-1 (bug #844012)
	[jessie] - dwarfutils <not-affected> (Vulnerable code not present)
	[wheezy] - dwarfutils <not-affected> (Vulnerable code not present)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/
	NOTE: https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-_dwarf_skim_forms-dwarf_macro5-c
	NOTE: Same commit as for CVE-2016-9276. Needs the dwarf_macro5.c part of the commit.
CVE-2016-9273 (tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial o ...)
	{DSA-3762-1 DLA-716-1}
	- tiff 4.0.7-1 (bug #844013)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Unreproducible)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2587
	NOTE: Patch: https://github.com/vadz/libtiff/commit/d651abc097d91fac57f33b5f9447d0a9183f58e7
	NOTE: Can be reproduced with valgrind in wheezy with libtiff 4.0.2-6+deb7u7
	NOTE: Can be reproduced with valgrind in jessie with libtiff 4.0.3-12.3+deb8u1
CVE-2016-9261 (Cross-site scripting (XSS) vulnerability in Tenable Log Correlation En ...)
	NOT-FOR-US: Tenable Log Correlation Engine
CVE-2016-9260 (Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9  ...)
	NOT-FOR-US: Nessus
CVE-2016-9259 (Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9. ...)
	NOT-FOR-US: Nessus
CVE-2016-9266 (listmp3.c in libming 0.4.7 allows remote attackers to unspecified impa ...)
	{DLA-799-1}
	- ming <removed> (bug #843928)
	NOTE: https://blogs.gentoo.org/ago/2016/11/09/libming-listmp3-left-shift-in-listmp3-c
	NOTE: https://github.com/libming/libming/issues/53
CVE-2016-9265 (The printMP3Headers function in listmp3.c in Libming 0.4.7 allows remo ...)
	{DLA-799-1}
	- ming <removed> (bug #843928)
	NOTE: https://blogs.gentoo.org/ago/2016/11/09/libming-listmp3-divide-by-zero-in-printmp3headers-list
	NOTE: https://github.com/libming/libming/issues/52
CVE-2016-9264 (Buffer overflow in the printMP3Headers function in listmp3.c in Libmin ...)
	{DLA-799-1}
	- ming <removed> (bug #843928)
	NOTE: https://blogs.gentoo.org/ago/2016/11/07/libming-listmp3-global-buffer-overflow-in-printmp3headers-listmp3-c
	NOTE: https://github.com/libming/libming/issues/51
CVE-2016-9262 (Multiple integer overflows in the (1) jas_realloc function in base/jas ...)
	- jasper <removed>
	[jessie] - jasper <not-affected> (Vulnerable code introduced later)
	[wheezy] - jasper <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735
	NOTE: The use-afer-free seems to be introduced in a version later tha 1.900.1 but the
	NOTE: CVE is assigned for everything fixed in the above commit, a such seems till
	NOTE: present in the 1.900.1 based versions. Still ok to mark as not-affected
	NOTE: https://blogs.gentoo.org/ago/2016/11/07/jasper-use-after-free-in-jas_realloc-jas_malloc-c
CVE-2016-9258
	REJECTED
CVE-2016-9257 (In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be ...)
	NOT-FOR-US: F5
CVE-2016-9256 (In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl c ...)
	NOT-FOR-US: F5
CVE-2016-9255
	REJECTED
CVE-2016-9254
	REJECTED
CVE-2016-9253 (In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic pattern ...)
	NOT-FOR-US: F5
CVE-2016-9252 (The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-9251 (In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be a ...)
	NOT-FOR-US: F5
CVE-2016-9250 (In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, ...)
	NOT-FOR-US: F5
CVE-2016-9249 (An undisclosed traffic pattern received by a BIG-IP Virtual Server wit ...)
	NOT-FOR-US: F5
CVE-2016-9248
	REJECTED
CVE-2016-9247 (Under certain conditions for BIG-IP systems using a virtual server wit ...)
	NOT-FOR-US: F5
CVE-2016-9246
	REJECTED
CVE-2016-9245 (In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to virtu ...)
	NOT-FOR-US: F5
CVE-2016-9244 (A BIG-IP virtual server configured with a Client SSL profile that has  ...)
	NOT-FOR-US: F5 TLS stack
	NOTE: https://ticketbleed.com/
CVE-2016-9243 (HKDF in cryptography before 1.5.2 returns an empty byte-string if used ...)
	- python-cryptography 1.5.3-1
	[jessie] - python-cryptography 0.6.1-1+deb8u1
	NOTE: Upstream bug: https://github.com/pyca/cryptography/issues/3211
	NOTE: Upstream commit: https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874
	NOTE: https://www.openwall.com/lists/oss-security/2016/11/08/6
CVE-2016-9242 (Multiple SQL injection vulnerabilities in the update method in framewo ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9241
	REJECTED
CVE-2016-9240
	REJECTED
CVE-2016-9239
	REJECTED
CVE-2016-9238
	REJECTED
CVE-2016-9237
	REJECTED
CVE-2016-9236
	REJECTED
CVE-2016-9235
	REJECTED
CVE-2016-9234
	REJECTED
CVE-2016-9233
	REJECTED
CVE-2016-9232
	REJECTED
CVE-2016-9231
	REJECTED
CVE-2016-9230
	REJECTED
CVE-2016-9229
	REJECTED
CVE-2016-9228
	REJECTED
CVE-2016-9227
	REJECTED
CVE-2016-9226
	REJECTED
CVE-2016-9225 (A vulnerability in the data plane IP fragment handler of the Cisco Ada ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2016-9224 (A vulnerability in the Cisco Jabber Guest Server could allow an unauth ...)
	NOT-FOR-US: Cisco
CVE-2016-9223 (A vulnerability in the Docker Engine configuration of Cisco CloudCente ...)
	NOT-FOR-US: Cisco
CVE-2016-9222 (A vulnerability in the web-based management interface of Cisco NetFlow ...)
	NOT-FOR-US: Cisco
CVE-2016-9221 (A Denial of Service Vulnerability in 802.11 ingress connection authent ...)
	NOT-FOR-US: Cisco
CVE-2016-9220 (A Denial of Service Vulnerability in 802.11 ingress packet processing  ...)
	NOT-FOR-US: Cisco
CVE-2016-9219 (A vulnerability with IPv6 UDP ingress packet processing in Cisco Wirel ...)
	NOT-FOR-US: Cisco
CVE-2016-9218 (A vulnerability in Cisco Hybrid Meeting Server could allow an unauthen ...)
	NOT-FOR-US: Cisco
CVE-2016-9217 (A vulnerability in Cisco Intercloud Fabric for Business and Cisco Inte ...)
	NOT-FOR-US: Cisco
CVE-2016-9216 (An IKE Packet Parsing Denial of Service Vulnerability in the ipsecmgr  ...)
	NOT-FOR-US: Cisco ASR 5000
CVE-2016-9215 (A vulnerability in Cisco IOS XR Software could allow an authenticated, ...)
	NOT-FOR-US: Cisco
CVE-2016-9214 (Cisco Identity Services Engine (ISE) contains a vulnerability that cou ...)
	NOT-FOR-US: Cisco
CVE-2016-9213
	REJECTED
CVE-2016-9212 (A vulnerability in the Decrypt for End-User Notification configuration ...)
	NOT-FOR-US: Cisco
CVE-2016-9211 (A vulnerability in TCP port management in Cisco ONS 15454 Series Multi ...)
	NOT-FOR-US: Cisco
CVE-2016-9210 (A vulnerability in the Cisco Unified Reporting upload tool accessed vi ...)
	NOT-FOR-US: Cisco
CVE-2016-9209 (A vulnerability in TCP processing in Cisco FirePOWER system software c ...)
	NOT-FOR-US: Cisco
CVE-2016-9208 (A vulnerability in the File Management Utility, the Download File form ...)
	NOT-FOR-US: Cisco
CVE-2016-9207 (A vulnerability in the HTTP traffic server component of Cisco Expressw ...)
	NOT-FOR-US: Cisco
CVE-2016-9206 (A vulnerability in the ccmadmin page of Cisco Unified Communications M ...)
	NOT-FOR-US: Cisco
CVE-2016-9205 (A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR  ...)
	NOT-FOR-US: Cisco
CVE-2016-9204 (A vulnerability in the Cisco Intercloud Fabric (ICF) Director could al ...)
	NOT-FOR-US: Cisco
CVE-2016-9203 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature ...)
	NOT-FOR-US: Cisco
CVE-2016-9202 (A vulnerability in the web-based management interface of Cisco Email S ...)
	NOT-FOR-US: Cisco
CVE-2016-9201 (A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Ci ...)
	NOT-FOR-US: Cisco
CVE-2016-9200 (A vulnerability in the web framework code of Cisco Prime Collaboration ...)
	NOT-FOR-US: Cisco
CVE-2016-9199 (A vulnerability in the Cisco application-hosting framework (CAF) of Ci ...)
	NOT-FOR-US: Cisco
CVE-2016-9198 (A vulnerability in the Active Directory integration component of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2016-9197 (A vulnerability in the CLI command parser of the Cisco Mobility Expres ...)
	NOT-FOR-US: Cisco
CVE-2016-9196 (A vulnerability in login authentication management in Cisco Aironet 18 ...)
	NOT-FOR-US: Cisco
CVE-2016-9195 (A vulnerability in RADIUS Change of Authorization (CoA) request proces ...)
	NOT-FOR-US: Cisco
CVE-2016-9194 (A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action  ...)
	NOT-FOR-US: Cisco
CVE-2016-9193 (A vulnerability in the malicious file detection and blocking features  ...)
	NOT-FOR-US: Cisco
CVE-2016-9192 (A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows ...)
	NOT-FOR-US: Cisco
CVE-2016-9191 (The cgroup offline implementation in the Linux kernel through 4.8.11 m ...)
	{DSA-3791-1}
	- linux 4.9.6-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.11-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/93362fa47fe98b62e4a34ab408c4a418432e7939 (v4.10-rc4)
	NOTE: Introduced by: https://git.kernel.org/linus/f0c3b5093addc8bfe9fe3a5b01acb7ec7969eafa (v3.11-rc1)
CVE-2016-9190 (Pillow before 3.3.2 allows context-dependent attackers to execute arbi ...)
	{DSA-3710-1 DLA-705-1}
	- pillow 3.4.2-1
	- python-imaging <removed>
	NOTE: https://github.com/python-pillow/Pillow/issues/2105
	NOTE: https://github.com/python-pillow/Pillow/pull/2146/commits/5d8a0be45aad78c5a22c8d099118ee26ef8144af
CVE-2016-9189 (Pillow before 3.3.2 allows context-dependent attackers to obtain sensi ...)
	{DSA-3710-1 DLA-705-1}
	- pillow 3.4.2-1
	- python-imaging <removed>
	NOTE: https://github.com/python-pillow/Pillow/issues/2105
	NOTE: https://github.com/python-pillow/Pillow/pull/2146/commits/c50ebe6459a131a1ea8ca531f10da616d3ceaa0f
CVE-2016-9188 (Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before  ...)
	NOTE: Moodle upstream does not believe it is a security vulnerability and the reporter
	NOTE: did not followed up on requests from upstream to provide clarification, cf. #851405
CVE-2016-9187 (Unrestricted file upload vulnerability in the double extension support ...)
	NOTE: Moodle upstream does not believe it is a security vulnerability and the reporter
	NOTE: did not followed up on requests from upstream to provide clarification, cf. #851405
CVE-2016-9186 (Unrestricted file upload vulnerability in the "legacy course files" an ...)
	NOTE: Moodle upstream does not believe it is a security vulnerability and the reporter
	NOTE: did not followed up on requests from upstream to provide clarification, cf. #851405
CVE-2016-9185 (In OpenStack Heat, by launching a new Heat stack with a local URL an a ...)
	- heat 1:7.0.0-2 (bug #843232)
	[jessie] - heat <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/ossa/+bug/1606500
CVE-2016-9184 (In /framework/modules/core/controllers/expHTMLEditorController.php of  ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9183 (In /framework/modules/ecommerce/controllers/orderController.php of Exp ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9182 (Exponent CMS 2.4 uses PHP reflection to call a method of a controller  ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9177 (Directory traversal vulnerability in Spark 2.5 allows remote attackers ...)
	NOT-FOR-US: Spark (sparkjava)
CVE-2016-9176 (Stack buffer overflow in the send.exe and receive.exe components of Mi ...)
	NOT-FOR-US: Micro Focus Rumba
CVE-2016-9175
	REJECTED
CVE-2016-9174
	REJECTED
CVE-2016-9173
	REJECTED
CVE-2016-9172
	REJECTED
CVE-2016-9171
	REJECTED
CVE-2016-9170
	REJECTED
CVE-2016-9169 (A reflected XSS vulnerability exists in the web console of the Documen ...)
	NOT-FOR-US: Novell
CVE-2016-9168 (A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in ...)
	NOT-FOR-US: Novell
CVE-2016-9167 (NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP  ...)
	NOT-FOR-US: Novell
CVE-2016-9166 (NetIQ eDirectory versions prior to 9.0.2, under some circumstances, co ...)
	NOT-FOR-US: Novell
CVE-2016-9165 (The get_sessions servlet in CA Unified Infrastructure Management (form ...)
	NOT-FOR-US: CA Unified Infrastructure Management
CVE-2016-9164 (Directory traversal vulnerability in diag.jsp file in CA Unified Infra ...)
	NOT-FOR-US: CA Unified Infrastructure Management
CVE-2016-9163
	REJECTED
CVE-2016-9162
	REJECTED
CVE-2016-9161
	REJECTED
CVE-2016-9160 (A vulnerability in SIEMENS SIMATIC WinCC (All versions &lt; SIMATIC Wi ...)
	NOT-FOR-US: Siemens SIMATIC WinCC
CVE-2016-9159 (A vulnerability has been identified in SIMATIC S7-300 CPU family (All  ...)
	NOT-FOR-US: Siemens SIMATIC
CVE-2016-9158 (A vulnerability has been identified in SIMATIC S7-300 CPU family (All  ...)
	NOT-FOR-US: Siemens SIMATIC
CVE-2016-9157 (A vulnerability in Siemens SICAM PAS (all versions before V8.09) could ...)
	NOT-FOR-US: Siemens SICAM PAS
CVE-2016-9156 (A vulnerability in Siemens SICAM PAS (all versions before V8.09) could ...)
	NOT-FOR-US: Siemens SICAM PAS
CVE-2016-9155 (The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR,  ...)
	NOT-FOR-US: Siemens
CVE-2016-9154 (Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo  ...)
	NOT-FOR-US: Siemens Desigo PX
CVE-2016-9153
	RESERVED
CVE-2016-9152 (Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in ...)
	{DLA-738-1}
	- spip 3.1.4-2 (bug #847156)
	[jessie] - spip 3.0.17-2+deb8u3
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23290
CVE-2016-9151 (Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x be ...)
	NOT-FOR-US: PAN-OS
CVE-2016-9150 (Buffer overflow in the management web interface in Palo Alto Networks  ...)
	NOT-FOR-US: PAN-OS
CVE-2016-9149 (The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20 ...)
	NOT-FOR-US: PAN-OS
CVE-2016-9148 (Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (f ...)
	NOT-FOR-US: CA Service Desk Manager
CVE-2016-9147 (named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows  ...)
	{DSA-3758-1 DLA-805-1}
	[experimental] - bind9 1:9.10.4-P5-1
	- bind9 1:9.10.3.dfsg.P4-11 (bug #851063)
	NOTE: https://kb.isc.org/article/AA-01440/0
CVE-2016-9179 (lynx: It was found that Lynx doesn't parse the authority component of  ...)
	{DLA-719-1}
	- lynx 2.8.9dev11-1 (bug #843258)
	- lynx-cur <removed>
	[jessie] - lynx-cur <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2016/11/03/4
	NOTE: Slight mitigation and documentation improvement was done in 2.8.9dev.10 upstream
	NOTE: the uplaod to unstable as 2.8.9dev10-1
CVE-2016-9644 (The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the L ...)
	- linux <not-affected> (Vulnerable code not present)
	NOTE: No incorrect backport of CVE-2016-9178 done in Debian
	NOTE: This is only an issue if 1c109fabbd51863475cd12ac206bdd249aee35af
	NOTE: (added in 4.8) is backported without also backporting
	NOTE: 548acf19234dbda5a52d5a8e7e205af46e9da840 (added in 4.6), as such
	NOTE: src:linux was never affected. 1c109fabbd5 also wasn't backported to
	NOTE: the 3.2 and 3.16 LTS series
	NOTE: https://www.openwall.com/lists/oss-security/2016/11/03/2
CVE-2016-9178 (The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the L ...)
	{DLA-772-1}
	- linux 4.7.5-1
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/1c109fabbd51863475cd12ac206bdd249aee35af (4.8-rc7)
	NOTE: If this issue is fixed for older versions be careful to not open same issue as CVE-2016-9644
CVE-2016-9146
	RESERVED
CVE-2016-9145
	REJECTED
CVE-2016-9144
	REJECTED
CVE-2016-9143
	REJECTED
CVE-2016-9142
	REJECTED
CVE-2016-9141
	REJECTED
CVE-2016-9181 (perl-Image-Info: When parsing an SVG file, external entity expansion ( ...)
	- libimage-info-perl 1.39-1 (bug #842891)
	[jessie] - libimage-info-perl <no-dsa> (Minor issue)
	[wheezy] - libimage-info-perl <no-dsa> (Minor issue)
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=118099
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1379556
	NOTE: Upstream commit: https://github.com/eserte/image-info/commit/781625b643bc05ba92127a4554de7910f3f2f8e6
	NOTE: https://www.openwall.com/lists/oss-security/2016/11/02/1
	NOTE: Older versions of libimage-info-perl only can use XML::Simple.
	NOTE: Controlling XXE processing behavior in XML::Simple is not really
	NOTE: possible (see https://rt.cpan.org/Ticket/Display.html?id=83794),
	NOTE: so as a workaround the underlying SAX parser is fixed to
	NOTE: XML::SAX::PurePerl which is uncapable of processing external entities
	NOTE: but unfortunately it is also a slow parser.
CVE-2016-9180 (perl-XML-Twig: The option to `expand_external_ents`, documented as con ...)
	- libxml-twig-perl 1:3.50-1.1 (low; bug #842893)
	[stretch] - libxml-twig-perl <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - libxml-twig-perl <no-dsa> (Minor issue; can be fixed via point release)
	[wheezy] - libxml-twig-perl <no-dsa> (Minor issue, new flag would require changes to applications too, not worth the effort)
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=118097
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1379553
	NOTE: https://www.openwall.com/lists/oss-security/2016/11/02/1
	NOTE: Release 3.50 adds a no_xxe flag which will fail to parse files with external entities.
	NOTE: 2016-12-13: The corresponding changes is not in the public git repository yet: https://github.com/mirod/xmltwig/commits/master
CVE-2016-9136 (Artifex Software, Inc. MuJS before a0ceaf5050faf419401fe1b83acfa950ec8 ...)
	NOT-FOR-US: MuJS
CVE-2016-9135 (Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/fra ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9134 (Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/exp ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9133
	RESERVED
CVE-2016-9132 (In Botan 1.8.0 through 1.11.33, when decoding BER data an integer over ...)
	{DLA-786-1}
	- botan1.10 1.10.14-1
	[jessie] - botan1.10 <ignored> (Minor issue, not believed to be exploitable in practice)
	NOTE: Fixed in 1.10.14 and 1.11.34, all prior versions affected.
	NOTE: Fixed by: https://github.com/randombit/botan/commit/987ad747db6d0d7e36f840398f3cf02e2fbfd90f
CVE-2016-9131 (named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9. ...)
	{DSA-3758-1 DLA-805-1}
	[experimental] - bind9 1:9.10.4-P5-1
	- bind9 1:9.10.3.dfsg.P4-11 (bug #851065)
	NOTE: https://kb.isc.org/article/AA-01439/0
CVE-2016-9130 (Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9129 (Revive Adserver before 3.2.3 suffers from Information Exposure Through ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9128 (Revive Adserver before 3.2.3 suffers from reflected XSS. The affiliate ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9127 (Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery ( ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9126 (Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames ar ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9125 (Revive Adserver before 3.2.3 suffers from session fixation, by allowin ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9124 (Revive Adserver before 3.2.3 suffers from Improper Restriction of Exce ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9123 (go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bi ...)
	- golang-gopkg-square-go-jose.v1 1.0.5-1
CVE-2016-9122 (go-jose before 1.0.4 suffers from multiple signatures exploitation. Th ...)
	- golang-gopkg-square-go-jose.v1 1.0.5-1
CVE-2016-9121 (go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH ...)
	- golang-gopkg-square-go-jose.v1 1.0.5-1
CVE-2016-9140
	REJECTED
CVE-2016-9139 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...)
	{DLA-787-1}
	- otrs2 5.0.14-1 (bug #843091)
	[jessie] - otrs2 3.3.18-1+deb8u1
	NOTE: https://community.otrs.com/security-advisory-2016-02-security-update-otrs
	NOTE: https://www.openwall.com/lists/oss-security/2016/11/01/5
	NOTE: upstream fix likely https://github.com/OTRS/otrs/commit/6578a8bcf82529461302291ab3fcb500363b005a
CVE-2016-9120 (Race condition in the ion_ioctl function in drivers/staging/android/io ...)
	- linux 4.6.1-1 (unimportant)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/9590232bb4f4cc824f3425a6e1349afbe6d6d2b7 (v4.6-rc1)
CVE-2016-9119 (Cross-site scripting (XSS) vulnerability in the link dialogue in GUI e ...)
	{DSA-3715-1 DLA-717-1}
	- moin 1.9.9-1 (bug #844338)
	NOTE: Fixed by: http://hg.moinmo.in/moin/1.9/rev/3bddf075fdbd
CVE-2016-9118 (Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of conve ...)
	{DSA-4013-1}
	- openjpeg2 2.1.2-1.2 (bug #844557)
	NOTE: https://github.com/uclouvain/openjpeg/issues/861
	NOTE: https://github.com/uclouvain/openjpeg/commit/c22cbd8bdf8ff2ae372f94391a4be2d322b36b41
CVE-2016-9117 (NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in O ...)
	- openjpeg2 <unfixed> (unimportant; bug #844556)
	NOTE: https://github.com/uclouvain/openjpeg/issues/860
	NOTE: No code injection, function only exposed in the CLI tool
CVE-2016-9116 (NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in O ...)
	- openjpeg2 <unfixed> (unimportant; bug #844555)
	NOTE: https://github.com/uclouvain/openjpeg/issues/859
	NOTE: No code injection, function only exposed in the CLI tool
CVE-2016-9115 (Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in  ...)
	- openjpeg2 <unfixed> (unimportant; bug #844554)
	NOTE: https://github.com/uclouvain/openjpeg/issues/858
	NOTE: No code injection, function only exposed in the CLI tool
CVE-2016-9114 (There is a NULL Pointer Access in function imagetopnm of convert.c:194 ...)
	- openjpeg2 <unfixed> (unimportant; bug #844553)
	NOTE: https://github.com/uclouvain/openjpeg/issues/857
	NOTE: No code injection, function only exposed in the CLI tool
CVE-2016-9113 (There is a NULL pointer dereference in function imagetobmp of convertb ...)
	- openjpeg2 <unfixed> (unimportant; bug #844552)
	NOTE: https://github.com/uclouvain/openjpeg/issues/856
	NOTE: No code injection, function only exposed in the CLI tool
CVE-2016-9112 (Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cp ...)
	{DLA-1851-1}
	- openjpeg2 2.1.2-1.2 (bug #844551)
	[stretch] - openjpeg2 2.1.2-1.1+deb9u4
	NOTE: https://github.com/uclouvain/openjpeg/commit/d27ccf01c68a31ad62b33d2dc1ba2bb1eeaafe7b
	NOTE: https://github.com/uclouvain/openjpeg/issues/855
CVE-2016-9111 (Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4. ...)
	NOT-FOR-US: Citrix
CVE-2016-9110
	RESERVED
CVE-2016-9100 (Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7  ...)
	NOT-FOR-US: Symantec
CVE-2016-9099 (Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1,  ...)
	NOT-FOR-US: Symantec
CVE-2016-9098
	REJECTED
CVE-2016-9097 (The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, Proxy ...)
	NOT-FOR-US: Symantec
CVE-2016-9096
	REJECTED
CVE-2016-9095
	REJECTED
CVE-2016-9094 (Symantec Endpoint Protection clients place detected malware in quarant ...)
	NOT-FOR-US: Symantec
CVE-2016-9093 (A version of the SymEvent Driver that shipped with Symantec Endpoint P ...)
	NOT-FOR-US: Symantec
CVE-2016-9092 (The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail ...)
	NOT-FOR-US: Symantec
CVE-2016-9091 (Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content ...)
	NOT-FOR-US: Blue Coat Advanced Secure Gateway
CVE-2016-9090
	RESERVED
CVE-2016-9089
	RESERVED
CVE-2016-9109 (Artifex Software MuJS allows attackers to cause a denial of service (c ...)
	NOT-FOR-US: MuJS
CVE-2016-9108 (Integer overflow in the js_regcomp function in regexp.c in Artifex Sof ...)
	NOT-FOR-US: MuJS
CVE-2016-9107 (The OTR plugin for Gajim sends information in cleartext when using XHT ...)
	- gajim-otr <itp> (bug #722130)
	NOTE: Upstream bug: https://trac-plugins.gajim.org/ticket/145
	NOTE: Upstream fix: https://trac-plugins.gajim.org/changeset/c7c2e519ed63377bc943dd01c4661b0fe49321ae
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/30/2
CVE-2016-9106 (Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Qu ...)
	{DLA-1599-1 DLA-698-1 DLA-689-1}
	- qemu 1:2.8+dfsg-1 (bug #842463)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02623.html
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/28/4
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=fdfcc9aeea1492f4b819a24c94dfb678145b1bf9
CVE-2016-9105 (Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Qui ...)
	{DLA-1599-1 DLA-698-1 DLA-689-1}
	- qemu 1:2.8+dfsg-1 (bug #842463)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02608.html
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/28/3
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=4c1586787ff43c9acd18a56c12d720e3e6be9f7c
CVE-2016-9104 (Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xat ...)
	{DLA-1599-1 DLA-698-1 DLA-689-1}
	- qemu 1:2.8+dfsg-1 (bug #842463)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.html
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/28/2
CVE-2016-9103 (The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emula ...)
	{DLA-1599-1 DLA-698-1 DLA-689-1}
	- qemu 1:2.8+dfsg-1 (bug #842463)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01790.html
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/28/1
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=eb687602853b4ae656e9236ee4222609f3a6887d
CVE-2016-9102 (Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU ( ...)
	{DLA-1599-1 DLA-698-1 DLA-689-1}
	- qemu 1:2.8+dfsg-1 (bug #842463)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01861.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1389550
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/27/15
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ff55e94d23ae94c8628b0115320157c763eb3e06
CVE-2016-9101 (Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows l ...)
	{DLA-1599-1 DLA-698-1 DLA-689-1}
	- qemu 1:2.8+dfsg-1 (bug #842455)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg03024.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1389538
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/27/14
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=2634ab7fe29b3f75d0865b719caf8f310d634aae (v2.8.0-rc0)
CVE-2016-9088
	RESERVED
CVE-2016-9087 (SQL injection vulnerability in framework/modules/filedownloads/control ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9086 (GitLab versions 8.9.x and above contain a critical security flaw in th ...)
	- gitlab 8.13.3+dfsg1-2 (bug #843519)
	NOTE: https://hackerone.com/reports/178152
	NOTE: https://about.gitlab.com/2016/11/02/cve-2016-9086-patches/
CVE-2016-9081 (Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, passwo ...)
	NOT-FOR-US: Joomla!
CVE-2016-9080 (Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs ...)
	- firefox 50.1.0-1
	- firefox-esr <not-affected> (Only affects Firefox 50.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9080
CVE-2016-9079 (A use-after-free vulnerability in SVG Animation has been discovered. A ...)
	{DSA-3730-1 DSA-3728-1 DLA-752-1 DLA-730-1}
	- firefox 50.0.2-1
	- firefox-esr 45.5.1esr-1
	- icedove 1:45.5.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/#CVE-2016-9079
CVE-2016-9078 (Redirection from an HTTP connection to a "data:" URL assigns the refer ...)
	- firefox 50.0.2-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-91/
CVE-2016-9077 (Canvas allows the use of the "feDisplacementMap" filter on images load ...)
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-9076 (An issue where a "&lt;select&gt;" dropdown menu can be used to cover l ...)
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-9075 (An issue where WebExtensions can use the mozAddonManager API to elevat ...)
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-9074 (An existing mitigation of timing side-channel attacks is insufficient  ...)
	{DSA-3730-1 DSA-3716-1 DLA-759-1 DLA-752-1}
	- nss 2:3.26.2-1
	[jessie] - nss 2:3.26-1+debu8u5
	NOTE: Fixed by (3_26_BRANCH): https://hg.mozilla.org/projects/nss/rev/d38536fcc726 (3.26.1)
	- firefox-esr 45.5.0esr-1
	- icedove 1:45.5.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/#CVE-2016-9074
CVE-2016-9073 (WebExtensions can bypass security checks to load privileged URLs and p ...)
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-9072 (When a new Firefox profile is created on 64-bit Windows installations, ...)
	- firefox <not-affected> (Only affects Firefox on Windows 64bit)
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-9071 (Content Security Policy combined with HTTP to HTTPS redirection can be ...)
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-9070 (A maliciously crafted page loaded to the sidebar through a bookmark ca ...)
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-9069 (A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operatio ...)
	- firefox 50.0-1
CVE-2016-9068 (A use-after-free during web animations when working with timelines res ...)
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-9067 (Two use-after-free errors during DOM operations resulting in potential ...)
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-9066 (A buffer overflow resulting in a potentially exploitable crash due to  ...)
	{DSA-3730-1 DSA-3716-1 DLA-752-1 DLA-730-1}
	- firefox 50.0-1
	- firefox-esr 45.5.0esr-1
	- icedove 1:45.5.0-1
CVE-2016-9065 (The location bar in Firefox for Android can be spoofed by forcing a us ...)
	- firefox <not-affected> (Only affects Firefox on Android)
CVE-2016-9064 (Add-on updates failed to verify that the add-on ID inside the signed p ...)
	{DSA-3716-1 DLA-730-1}
	- firefox 50.0-1
	- firefox-esr 45.5.0esr-1
CVE-2016-9063 (An integer overflow during the parsing of XML using the Expat library. ...)
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
	- expat 2.2.0-2
	[jessie] - expat 2.1.0-6+deb8u4
	[wheezy] - expat <no-dsa> (Minor issue)
	NOTE: Expat upstream fix: https://github.com/libexpat/libexpat/commit/d4f735b88d9932bd5039df2335eefdd0723dbe20
CVE-2016-9062 (Private browsing mode leaves metadata information, such as URLs, for s ...)
	- firefox <not-affected> (Only affects Firefox on Android)
CVE-2016-9061 (A previously installed malicious Android application which defines a s ...)
	- firefox <not-affected> (Only affects Firefox on Android)
CVE-2016-9060
	REJECTED
CVE-2016-9059
	REJECTED
CVE-2016-9058
	REJECTED
CVE-2016-9057
	REJECTED
CVE-2016-9056
	REJECTED
CVE-2016-9055
	REJECTED
CVE-2016-9054 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Aerospike Database
CVE-2016-9053 (An exploitable out-of-bounds indexing vulnerability exists within the  ...)
	NOT-FOR-US: Aerospike Database
CVE-2016-9052 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Aerospike Database
CVE-2016-9051 (An exploitable out-of-bounds write vulnerability exists in the batch t ...)
	NOT-FOR-US: Aerospike Database
CVE-2016-9050 (An exploitable out-of-bounds read vulnerability exists in the client m ...)
	NOT-FOR-US: Aerospike Database
CVE-2016-9049 (An exploitable denial-of-service vulnerability exists in the fabric-wo ...)
	NOT-FOR-US: Aerospike Database
CVE-2016-9048 (Multiple exploitable SQL Injection vulnerabilities exists in ProcessMa ...)
	NOT-FOR-US: ProcessMaker Enterprise Core
CVE-2016-9047
	REJECTED
CVE-2016-9046
	REJECTED
CVE-2016-9045 (A code execution vulnerability exists in ProcessMaker Enterprise Core  ...)
	NOT-FOR-US: ProcessMaker Enterprise Core
CVE-2016-9044 (An exploitable command execution vulnerability exists in Information B ...)
	NOT-FOR-US: Information Builders WebFOCUS Business Intelligence Porta
CVE-2016-9043 (An out of bound write vulnerability exists in the EMF parsing function ...)
	NOT-FOR-US: CorelDRAW X8
CVE-2016-9042 (An exploitable denial of service vulnerability exists in the origin ti ...)
	- ntp 1:4.2.8p10+dfsg-1
	[jessie] - ntp <not-affected> (Doesn't use the affected upstream patch)
	[wheezy] - ntp <not-affected> (Doesn't use the affected upstream patch)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0260/
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3361
	NOTE: This vulnerability affects the upstream fix for CVE-2015-8138, but Debian
	NOTE: jessie and wheezy use a less invasive patch by Miroslav Lichvar
	NOTE: of Red Hat, as available here:
	NOTE: http://pkgs.fedoraproject.org/cgit/rpms/ntp.git/tree/ntp-4.2.6p5-cve-2015-8138.patch?h=f24
CVE-2016-9041
	REJECTED
CVE-2016-9040 (An exploitable denial of service exists in the the Joyent SmartOS OS 2 ...)
	NOT-FOR-US: Joyent
CVE-2016-9039 (An exploitable denial of service exists in the Joyent SmartOS 20161110 ...)
	NOT-FOR-US: Joyent
CVE-2016-9038 (An exploitable double fetch vulnerability exists in the SboxDrv.sys dr ...)
	NOT-FOR-US: Invincea-X
CVE-2016-9037 (An exploitable out-of-bounds array access vulnerability exists in the  ...)
	- tarantool 1.7.2.385.g952d79e-1
	[jessie] - tarantool <not-affected> (Vulnerable code not present)
	[wheezy] - tarantool <not-affected> (Not vulnerable)
	NOTE: https://github.com/tarantool/tarantool/issues/1992
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0255/
CVE-2016-9036 (An exploitable incorrect return value vulnerability exists in the mp_c ...)
	- msgpuck 1.0.3-1.1 (bug #849212)
	NOTE: https://github.com/rtsisyk/msgpuck/issues/12
	- tarantool 1.7.2.385.g952d79e-1
	[jessie] - tarantool <not-affected> (Vulnerable code not present)
	[wheezy] - tarantool <not-affected> (Not vulnerable)
	NOTE: https://github.com/tarantool/tarantool/issues/1991
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0254/
CVE-2016-9035 (An exploitable buffer overflow exists in the Joyent SmartOS 20161110T0 ...)
	NOT-FOR-US: Joyent SmartOS
CVE-2016-9034 (An exploitable buffer overflow exists in the Joyent SmartOS 20161110T0 ...)
	NOT-FOR-US: Joyent SmartOS
CVE-2016-9033 (An exploitable buffer overflow exists in the Joyent SmartOS 20161110T0 ...)
	NOT-FOR-US: Joyent SmartOS
CVE-2016-9032 (An exploitable buffer overflow exists in the Joyent SmartOS 20161110T0 ...)
	NOT-FOR-US: Joyent SmartOS
CVE-2016-9031 (An exploitable integer overflow exists in the Joyent SmartOS 20161110T ...)
	NOT-FOR-US: Joyent SmartOS
CVE-2016-9085 (Multiple integer overflows in libwebp allows attackers to have unspeci ...)
	- libwebp <unfixed> (unimportant; bug #842714)
	[wheezy] - libwebp <not-affected> (vulnerable code not present)
	NOTE: https://chromium.googlesource.com/webm/libwebp/+/e2affacc35f1df6cc3b1a9fa0ceff5ce2d0cce83
	NOTE: Report: https://bugs.chromium.org/p/webp/issues/detail?id=314 (private)
	NOTE: For libwebp only in examples, but other projects seem to use the gifdec.c
	NOTE: Origin of the file seems to be from libav
	NOTE: 0.5.1-3 claims the upload fixed CVE-2016-8888 and CVE-2016-9085 but the taken patches
	NOTE: look different, needs further investigation before marking as fixed
CVE-2016-9084 (drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 m ...)
	- linux 4.8.11-1
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://patchwork.kernel.org/patch/9373631/
	NOTE: Fixed by: https://git.kernel.org/linus/05692d7005a364add85c6e25a6c4447ce08f913a (v4.9-rc4)
CVE-2016-9083 (drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows  ...)
	- linux 4.8.11-1
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://patchwork.kernel.org/patch/9373631/
	NOTE: Fixed by: https://git.kernel.org/linus/05692d7005a364add85c6e25a6c4447ce08f913a (v4.9-rc4)
CVE-2016-9082 (Integer overflow in the write_png function in cairo 1.14.6 allows remo ...)
	{DLA-688-1}
	- cairo 1.14.6-1.1 (bug #842289)
	[jessie] - cairo 1.14.0-2.1+deb8u2
	NOTE: Upstream bug: https://bugs.freedesktop.org/show_bug.cgi?id=98165
	NOTE: Proposed patch upstream: https://bugs.freedesktop.org/attachment.cgi?id=127421
CVE-2016-9030
	RESERVED
CVE-2016-9029
	RESERVED
CVE-2016-9028 (Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10. ...)
	NOT-FOR-US: Citrix
CVE-2016-9027
	RESERVED
CVE-2016-9026
	RESERVED
CVE-2016-9025
	RESERVED
CVE-2016-9024
	RESERVED
CVE-2016-9023
	RESERVED
CVE-2016-9022
	RESERVED
CVE-2016-9021
	RESERVED
CVE-2016-9020 (SQL injection vulnerability in framework/modules/help/controllers/help ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9019 (SQL injection vulnerability in the activate_address function in framew ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9018 (Improper handling of a repeating VRAT chunk in qcpfformat.dll allows a ...)
	NOT-FOR-US: RealPlayer
CVE-2016-9017 (Artifex Software, Inc. MuJS before a5c747f1d40e8d6659a37a8d25f13fb5acf ...)
	NOT-FOR-US: MuJS
CVE-2016-9015 (Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vul ...)
	- python-urllib3 <not-affected> (Issue only present in 1.17 and 1.18 releases)
CVE-2016-9014 (Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x bef ...)
	{DSA-3835-1 DLA-706-1}
	- python-django 1:1.10.3-1 (bug #842856)
	NOTE: https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
	NOTE: https://github.com/django/django/commit/7fe2d8d940fdddd1a02c4754008a27060c4a03e9
CVE-2016-9013 (Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.1 ...)
	{DSA-3835-1}
	- python-django 1:1.10.3-1 (bug #842856)
	[wheezy] - python-django <no-dsa> (Minor issue; specific to Oracle)
	NOTE: https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
	NOTE: https://github.com/django/django/commit/da7910d4834726eca596af0a830762fa5fb2dfd9
CVE-2016-9012 (CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated ...)
	NOT-FOR-US: CloudVision Portal
CVE-2016-9010 (IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacke ...)
	NOT-FOR-US: IBM
CVE-2016-9009 (IBM WebSphere MQ 8.0 could allow an authenticated user with authority  ...)
	NOT-FOR-US: IBM
CVE-2016-9008 (IBM UrbanCode Deploy could allow a malicious user to access the Agent  ...)
	NOT-FOR-US: IBM
CVE-2016-9007
	RESERVED
CVE-2016-9006 (IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2016-9005 (IBM System Storage TS3100-TS3200 Tape Library could allow an unauthent ...)
	NOT-FOR-US: IBM
CVE-2016-9004
	RESERVED
CVE-2016-9003
	RESERVED
CVE-2016-9002
	RESERVED
CVE-2016-9001
	RESERVED
CVE-2016-9000 (IBM InfoSphere DataStage is vulnerable to cross-frame scripting, cause ...)
	NOT-FOR-US: IBM
CVE-2016-8999 (IBM InfoSphere Information Server contains a Path-relative stylesheet  ...)
	NOT-FOR-US: IBM
CVE-2016-8998 (IBM Tivoli Storage Manager Server 7.1 could allow an authenticated use ...)
	NOT-FOR-US: IBM
CVE-2016-8997
	RESERVED
CVE-2016-8996
	RESERVED
CVE-2016-8995
	RESERVED
CVE-2016-8994
	RESERVED
CVE-2016-8993
	RESERVED
CVE-2016-8992
	RESERVED
CVE-2016-8991
	RESERVED
CVE-2016-8990
	RESERVED
CVE-2016-8989
	RESERVED
CVE-2016-8988
	RESERVED
CVE-2016-8987 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authentic ...)
	NOT-FOR-US: IBM
CVE-2016-8986 (IBM WebSphere MQ 8.0 could allow an authenticated user with access to  ...)
	NOT-FOR-US: IBM
CVE-2016-8985
	RESERVED
CVE-2016-8984
	RESERVED
CVE-2016-8983
	RESERVED
CVE-2016-8982 (IBM InfoSphere Information Server stores sensitive information in URL  ...)
	NOT-FOR-US: IBM
CVE-2016-8981 (IBM BigFix Inventory v9 allows web pages to be stored locally which ca ...)
	NOT-FOR-US: IBM
CVE-2016-8980 (IBM BigFix Inventory v9 is vulnerable to a denial of service, caused b ...)
	NOT-FOR-US: IBM
CVE-2016-8979
	RESERVED
CVE-2016-8978
	RESERVED
CVE-2016-8977 (IBM BigFix Inventory v9 could disclose sensitive information to an una ...)
	NOT-FOR-US: IBM
CVE-2016-8976
	RESERVED
CVE-2016-8975 (IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. Thi ...)
	NOT-FOR-US: IBM
CVE-2016-8974 (IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, ...)
	NOT-FOR-US: IBM
CVE-2016-8973 (IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability ...)
	NOT-FOR-US: IBM
CVE-2016-8972 (IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privil ...)
	NOT-FOR-US: IBM
CVE-2016-8971 (IBM WebSphere MQ 8.0 could allow an authenticated user with queue mana ...)
	NOT-FOR-US: IBM
CVE-2016-8970
	RESERVED
CVE-2016-8969
	RESERVED
CVE-2016-8968 (IBM Jazz Foundation is vulnerable to cross-site scripting. This vulner ...)
	NOT-FOR-US: IBM
CVE-2016-8967 (IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear  ...)
	NOT-FOR-US: IBM
CVE-2016-8966 (IBM BigFix Inventory v9 could allow a remote attacker to obtain sensit ...)
	NOT-FOR-US: IBM
CVE-2016-8965
	RESERVED
CVE-2016-8964 (IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting ...)
	NOT-FOR-US: IBM
CVE-2016-8963 (IBM BigFix Inventory v9 stores potentially sensitive information in lo ...)
	NOT-FOR-US: IBM
CVE-2016-8962 (IBM BigFix Inventory 9.2 does not require that users should have stron ...)
	NOT-FOR-US: IBM
CVE-2016-8961 (IBM BigFix Inventory v9 could allow a remote attacker to conduct phish ...)
	NOT-FOR-US: IBM
CVE-2016-8960 (IBM Cognos Business Intelligence 10.2 could allow a user with lower pr ...)
	NOT-FOR-US: IBM Cognos Business Intelligence
CVE-2016-8959
	RESERVED
CVE-2016-8958
	RESERVED
CVE-2016-8957
	RESERVED
CVE-2016-8956
	RESERVED
CVE-2016-8955
	RESERVED
CVE-2016-8954 (IBM dashDB Local uses hard-coded credentials that could allow a remote ...)
	NOT-FOR-US: IBM
CVE-2016-8953 (IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attack ...)
	NOT-FOR-US: IBM
CVE-2016-8952 (IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10. ...)
	NOT-FOR-US: IBM
CVE-2016-8951 (IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10. ...)
	NOT-FOR-US: IBM
CVE-2016-8950 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-8949 (IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could all ...)
	NOT-FOR-US: IBM
CVE-2016-8948 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-8947 (IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attack ...)
	NOT-FOR-US: IBM
CVE-2016-8946 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-8945
	RESERVED
CVE-2016-8944 (IBM AIX 7.1 and 7.2 allows a local user to open a file with a speciall ...)
	NOT-FOR-US: IBM
CVE-2016-8943 (IBM Tivoli Storage Productivity Center is vulnerable to cross-site scr ...)
	NOT-FOR-US: IBM
CVE-2016-8942 (IBM Tivoli Storage Productivity Center could allow an authenticated us ...)
	NOT-FOR-US: IBM
CVE-2016-8941 (IBM Tivoli Storage Productivity Center is vulnerable to cross-site req ...)
	NOT-FOR-US: IBM
CVE-2016-8940 (IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7 ...)
	NOT-FOR-US: IBM
CVE-2016-8939 (IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/ ...)
	NOT-FOR-US: IBM
CVE-2016-8938 (IBM UrbanCode Deploy could allow a user to execute code using a specia ...)
	NOT-FOR-US: IBM
CVE-2016-8937 (The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) defa ...)
	NOT-FOR-US: IBM
CVE-2016-8936 (IBM Social Rendering Templates for Digital Data Connector is vulnerabl ...)
	NOT-FOR-US: IBM
CVE-2016-8935 (IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0  ...)
	NOT-FOR-US: IBM
CVE-2016-8934 (IBM WebSphere Application Server is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2016-8933 (IBM Kenexa LMS on Cloud could allow a remote attacker to traverse dire ...)
	NOT-FOR-US: IBM
CVE-2016-8932 (IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitr ...)
	NOT-FOR-US: IBM
CVE-2016-8931 (IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitr ...)
	NOT-FOR-US: IBM
CVE-2016-8930 (IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attac ...)
	NOT-FOR-US: IBM
CVE-2016-8929 (IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attac ...)
	NOT-FOR-US: IBM
CVE-2016-8928 (IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attac ...)
	NOT-FOR-US: IBM
CVE-2016-8927 (IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is v ...)
	NOT-FOR-US: IBM
CVE-2016-8926 (IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 coul ...)
	NOT-FOR-US: IBM
CVE-2016-8925 (IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 coul ...)
	NOT-FOR-US: IBM
CVE-2016-8924 (IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote atta ...)
	NOT-FOR-US: IBM
CVE-2016-8923 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulne ...)
	NOT-FOR-US: IBM
CVE-2016-8922 (Exphox WebRadar is vulnerable to cross-site scripting. This vulnerabil ...)
	NOT-FOR-US: Exphox WebRadar
CVE-2016-8921 (IBM FileNet WorkPlace XT could allow a remote attacker to upload arbit ...)
	NOT-FOR-US: IBM
CVE-2016-8920 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross- ...)
	NOT-FOR-US: IBM
CVE-2016-8919 (IBM WebSphere Application Server may be vulnerable to a denial of serv ...)
	NOT-FOR-US: IBM
CVE-2016-8918 (IBM Integration Bus, under non default configurations, could allow a r ...)
	NOT-FOR-US: IBM
CVE-2016-8917 (IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site re ...)
	NOT-FOR-US: IBM
CVE-2016-8916 (IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password infor ...)
	NOT-FOR-US: IBM
CVE-2016-8915 (IBM WebSphere MQ 8.0 could allow an authenticated user with access to  ...)
	NOT-FOR-US: IBM
CVE-2016-8914
	RESERVED
CVE-2016-8913 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote at ...)
	NOT-FOR-US: IBM
CVE-2016-8912 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sens ...)
	NOT-FOR-US: IBM
CVE-2016-8911 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote at ...)
	NOT-FOR-US: IBM
CVE-2016-9016 (Firejail 0.9.38.4 allows local users to execute arbitrary commands out ...)
	- firejail 0.9.44-1
	NOTE: https://github.com/netblue30/firejail/commit/46dc2b34f1fbbc4597b4ff9f6a3cb28b2d500d1b
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/25/3
CVE-2016-9011 (The wmf_malloc function in api.c in libwmf 0.2.8.4 allows remote attac ...)
	{DLA-694-1}
	- libwmf 0.2.8.4-10.6 (bug #842090)
	[jessie] - libwmf 0.2.8.4-10.3+deb8u2
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/18/9
	NOTE: https://blogs.gentoo.org/ago/2016/10/18/libwmf-memory-allocation-failure-in-wmf_malloc-api-c
	NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00015-libwmf-memalloc-wmf_malloc
	NOTE: Proposed patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=842090;filename=libwmf-0.2.8.4-CVE-2016-9011-debian.patch;msg=10
CVE-2016-8908 (SQL injection vulnerability in the "Site Browser &gt; HTML pages" scre ...)
	NOT-FOR-US: dotCMS
CVE-2016-8907 (SQL injection vulnerability in the "Content Types &gt; Content Types"  ...)
	NOT-FOR-US: dotCMS
CVE-2016-8906 (SQL injection vulnerability in the "Site Browser &gt; Links pages" scr ...)
	NOT-FOR-US: dotCMS
CVE-2016-8905 (SQL injection vulnerability in the JSONTags servlet in dotCMS before 3 ...)
	NOT-FOR-US: dotCMS
CVE-2016-8904 (SQL injection vulnerability in the "Site Browser &gt; Containers pages ...)
	NOT-FOR-US: dotCMS
CVE-2016-8903 (SQL injection vulnerability in the "Site Browser &gt; Templates pages" ...)
	NOT-FOR-US: dotCMS
CVE-2016-8902 (SQL injection vulnerability in the categoriesServlet servlet in dotCMS ...)
	NOT-FOR-US: dotCMS
CVE-2016-8901 (b2evolution 6.7.6 suffer from an Object Injection vulnerability in /ht ...)
	- b2evolution <removed>
CVE-2016-8900 (Exponent CMS version 2.3.9 suffers from a Object Injection vulnerabili ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-8899 (Exponent CMS version 2.3.9 suffers from a Object Injection vulnerabili ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-8898 (Exponent CMS version 2.3.9 suffers from a sql injection vulnerability  ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-8897 (Exponent CMS version 2.3.9 suffers from a sql injection vulnerability  ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-8896
	RESERVED
CVE-2016-8895
	RESERVED
CVE-2016-8894
	RESERVED
CVE-2016-8893
	RESERVED
CVE-2016-8892
	RESERVED
CVE-2016-8891
	RESERVED
CVE-2016-8890
	RESERVED
CVE-2016-8889 (In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 (fi ...)
	NOT-FOR-US: Bitcoin Knots
CVE-2016-8888
	RESERVED
CVE-2016-8879 (The thumbnail shell extension plugin (FoxitThumbnailHndlr_x86.dll) in  ...)
	NOT-FOR-US: Foxit
CVE-2016-8878 (Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before ...)
	NOT-FOR-US: Foxit
CVE-2016-8877 (Heap buffer overflow (Out-of-Bounds write) vulnerability in Foxit Read ...)
	NOT-FOR-US: Foxit
CVE-2016-8876 (Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before ...)
	NOT-FOR-US: Foxit
CVE-2016-8875 (The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 8.1 on W ...)
	NOT-FOR-US: Foxit
CVE-2016-8874
	RESERVED
CVE-2016-8873
	RESERVED
CVE-2016-8872
	RESERVED
CVE-2016-8871 (In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding  ...)
	- botan1.10 <not-affected> (Only affects 1.11.29 through 1.11.32)
CVE-2016-8870 (The register method in the UsersModelRegistration class in controllers ...)
	NOT-FOR-US: Joomla!
CVE-2016-8869 (The register method in the UsersModelRegistration class in controllers ...)
	NOT-FOR-US: Joomla!
CVE-2016-8868
	RESERVED
CVE-2016-8867 (Docker Engine 1.12.2 enabled ambient capabilities with misconfigured c ...)
	- docker.io <not-affected> (Not built from/with a runc with "ambient capabilities")
	- runc <not-affected> ("ambient capabilities" introduced later, cf bug #853240)
	NOTE: https://github.com/docker/docker/issues/27590
	NOTE: docker: https://github.com/docker/docker/pull/27610/commits/d60a3418d0268745dff38947bc8c929fbd24f837 (1.12.3)
	NOTE: runc: https://github.com/opencontainers/runc/commit/a83f5bac28554fa0fd49bc1559a3c79f5907348f
	NOTE: docker.io not directly affected but will need to be updated to include new runc version
	NOTE: runc: "ambient capabilities" functionality added upstream with https://github.com/opencontainers/runc/pull/1086
	NOTE: and later changes.
	NOTE: The actual fix seem to be to revert the commit which introduced ambient capabilities
	NOTE: in runc.
CVE-2016-8865
	RESERVED
CVE-2016-8864 (named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9. ...)
	{DSA-3703-1 DLA-696-1}
	[experimental] - bind9 1:9.10.4-P5-1
	- bind9 1:9.10.3.dfsg.P4-11 (bug #842858)
	NOTE: https://kb.isc.org/article/AA-01434
	NOTE: upstream fix https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=8bd0c12d53bea6f299e92d20ee0a23b16a7f65bc
CVE-2016-8863 (Heap-based buffer overflow in the create_url_list function in gena/gen ...)
	{DSA-3736-1 DLA-748-1 DLA-747-1}
	- libupnp 1:1.6.19+git20160116-1.2 (bug #842093)
	- libupnp4 <removed>
	NOTE: https://sourceforge.net/p/pupnp/bugs/133/
	NOTE: Patch: https://sourceforge.net/p/pupnp/bugs/_discuss/thread/f2781a77/d8a2/attachment/0001-Fix-out-of-bound-access-in-create_url_list-CVE-2016-.patch
CVE-2016-8861
	RESERVED
CVE-2016-8857
	RESERVED
CVE-2016-8856 (Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux ...)
	NOT-FOR-US: Foxit
CVE-2016-8855 (Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Mana ...)
	NOT-FOR-US: Sitecore Experience Platform
CVE-2016-8854
	REJECTED
CVE-2016-8853
	REJECTED
CVE-2016-8852
	REJECTED
CVE-2016-8851
	REJECTED
CVE-2016-8850
	REJECTED
CVE-2016-8849
	REJECTED
CVE-2016-8848
	REJECTED
CVE-2016-8847
	REJECTED
CVE-2016-8846
	REJECTED
CVE-2016-8845
	REJECTED
CVE-2016-8844
	REJECTED
CVE-2016-8843
	REJECTED
CVE-2016-8842
	REJECTED
CVE-2016-8841
	REJECTED
CVE-2016-8840
	REJECTED
CVE-2016-8839
	REJECTED
CVE-2016-8838
	REJECTED
CVE-2016-8837
	REJECTED
CVE-2016-8836
	REJECTED
CVE-2016-8835
	REJECTED
CVE-2016-8834
	REJECTED
CVE-2016-8833
	REJECTED
CVE-2016-8832
	REJECTED
CVE-2016-8831
	REJECTED
CVE-2016-8830
	REJECTED
CVE-2016-8829
	REJECTED
CVE-2016-8828
	REJECTED
CVE-2016-8827 (NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerabi ...)
	NOT-FOR-US: NVIDIA GeForce Experience
CVE-2016-8826 (All versions of NVIDIA GPU Display Driver contain a vulnerability in t ...)
	- nvidia-graphics-drivers 375.26-1 (bug #848195)
	[jessie] - nvidia-graphics-drivers 340.101-1
	[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx 340.101-1 (bug #848196)
	- nvidia-graphics-drivers-legacy-304xx 304.134-1 (bug #848197)
	[jessie] - nvidia-graphics-drivers-legacy-304xx 304.134-0~deb8u1
	NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/4278
CVE-2016-8825 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8824 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8823 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8822 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8821 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8820 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8819 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8818 (All versions of NVIDIA Windows GPU Display contain a vulnerability in  ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8817 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8816 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8815 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8814 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8813 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8812 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Exper ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8811 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8810 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8809 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8808 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8807 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8806 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8805 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8804
	RESERVED
CVE-2016-8803 (The maintenance module in Huawei FusionStorage V100R003C30U1 allows at ...)
	NOT-FOR-US: Huawei
CVE-2016-8802 (The security policy processing module in Huawei Secospace USG6300 with ...)
	NOT-FOR-US: Huawei
CVE-2016-8801 (Huawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions allo ...)
	NOT-FOR-US: Huawei
CVE-2016-8800
	REJECTED
CVE-2016-8799
	REJECTED
CVE-2016-8798 (Huawei USG5500 with software V300R001C00 and V300R001C00 allows attack ...)
	NOT-FOR-US: Huawei
CVE-2016-8797 (Huawei AR3200 with software V200R007C00, V200R005C32, V200R005C20; S12 ...)
	NOT-FOR-US: Huawei
CVE-2016-8796 (Huawei USG9520 V300R001C01, USG9560 V300R001C01, and USG9580 V300R001C ...)
	NOT-FOR-US: Huawei
CVE-2016-8795 (Huawei CloudEngine 12800 with software V100R002C00, V100R003C00, V100R ...)
	NOT-FOR-US: Huawei
CVE-2016-8794 (Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Ve ...)
	NOT-FOR-US: Huawei
CVE-2016-8793 (Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Ve ...)
	NOT-FOR-US: Huawei
CVE-2016-8792 (Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Ve ...)
	NOT-FOR-US: Huawei
CVE-2016-8791 (Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Ve ...)
	NOT-FOR-US: Huawei
CVE-2016-8790 (Huawei CloudEngine 5800 with software before V200R001C00SPC700, CloudE ...)
	NOT-FOR-US: Huawei
CVE-2016-8789 (Huawei eSpace Integrated Access Device (IAD) with software V300R001C03 ...)
	NOT-FOR-US: Huawei
CVE-2016-8788
	REJECTED
CVE-2016-8787
	REJECTED
CVE-2016-8786 (Huawei S12700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, S570 ...)
	NOT-FOR-US: Huawei
CVE-2016-8785 (Huawei S12700 V200R007C00, V200R008C00, S5700 V200R007C00, S7700 V200R ...)
	NOT-FOR-US: Huawei
CVE-2016-8784 (Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R0 ...)
	NOT-FOR-US: Huawei
CVE-2016-8783 (Touchscreen drive in Huawei H60 (Honor 6) Versions earlier than H60-L0 ...)
	NOT-FOR-US: Huawei
CVE-2016-8782 (Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R0 ...)
	NOT-FOR-US: Huawei
CVE-2016-8781 (Huawei Secospace USG6300 with software V500R001C20 and V500R001C20SPC2 ...)
	NOT-FOR-US: Huawei
CVE-2016-8780 (Huawei CloudEngine 6800 V100R006C00, CloudEngine 7800 V100R006C00, Clo ...)
	NOT-FOR-US: Huawei
CVE-2016-8779 (Huawei FusionAccess with software V100R005C10 and V100R005C20 could al ...)
	NOT-FOR-US: Huawei
CVE-2016-8778
	REJECTED
CVE-2016-8777
	REJECTED
CVE-2016-8776 (Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA ...)
	NOT-FOR-US: Huawei
CVE-2016-8775 (Touch Panel (TP) driver in Huawei NEM phones with software Versions be ...)
	NOT-FOR-US: Huawei
CVE-2016-8774 (The HIFI driver in Huawei Mate 8 phones with software versions before  ...)
	NOT-FOR-US: Huawei
CVE-2016-8773 (Huawei S5300 with software V200R003C00, V200R007C00, V200R008C00, V200 ...)
	NOT-FOR-US: Huawei
CVE-2016-8772
	REJECTED
CVE-2016-8771
	REJECTED
CVE-2016-8770
	REJECTED
CVE-2016-8769 (Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted ...)
	NOT-FOR-US: Huawei
CVE-2016-8768 (Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions ea ...)
	NOT-FOR-US: Huawei
CVE-2016-8767
	REJECTED
CVE-2016-8766
	REJECTED
CVE-2016-8765
	REJECTED
CVE-2016-8764 (The TrustZone driver in Huawei P9 phones with software Versions earlie ...)
	NOT-FOR-US: Huawei
CVE-2016-8763 (The TrustZone driver in Huawei P9 phones with software Versions earlie ...)
	NOT-FOR-US: Huawei
CVE-2016-8762 (The TrustZone driver in Huawei P9 phones with software Versions earlie ...)
	NOT-FOR-US: Huawei
CVE-2016-8761 (Video driver in Huawei P9 phones with software versions before EVA-AL1 ...)
	NOT-FOR-US: Huawei
CVE-2016-8760 (Touchscreen driver in Huawei P9 phones with software versions before E ...)
	NOT-FOR-US: Huawei
CVE-2016-8759 (Video driver in Huawei P9 phones with software versions before EVA-AL1 ...)
	NOT-FOR-US: Huawei
CVE-2016-8758 (ION memory management module in Huawei Mate8 phones with software NXT- ...)
	NOT-FOR-US: Huawei
CVE-2016-8757 (ION memory management module in Huawei P9 phones with software EVA-AL1 ...)
	NOT-FOR-US: Huawei
CVE-2016-8756 (ION memory management module in Huawei Mate 8 phones with software NXT ...)
	NOT-FOR-US: Huawei
CVE-2016-8755
	REJECTED
CVE-2016-8754 (Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key vulnerabi ...)
	NOT-FOR-US: Huawei
CVE-2016-8753
	REJECTED
CVE-2016-8752 (Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7. ...)
	NOT-FOR-US: Apache Atlas
CVE-2016-8751 (Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Script ...)
	NOT-FOR-US: Apache Ranger
CVE-2016-8750 (Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate u ...)
	- apache-karaf <itp> (bug #881297)
CVE-2016-8749 (Apache Camel's Jackson and JacksonXML unmarshalling operation are vuln ...)
	NOT-FOR-US: Apache Camel
CVE-2016-8748 (In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-s ...)
	NOT-FOR-US: Apache NiFi
CVE-2016-8747 (An information disclosure issue was discovered in Apache Tomcat 8.5.7  ...)
	- tomcat8 8.5.9-1
	[jessie] - tomcat8 <not-affected> (Only affects 8.5.7 to 8.5.9)
	NOTE: http://svn.apache.org/r1774166
CVE-2016-8746 (Apache Ranger before 0.6.3 policy engine incorrectly matches paths in  ...)
	NOT-FOR-US: Apache Ranger
CVE-2016-8745 (A bug in the error handling of the send file code for the NIO HTTP con ...)
	{DSA-3755-1 DSA-3754-1 DLA-779-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.5.9-1
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=60409
	NOTE: Fixed by: http://svn.apache.org/r1777469 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1777471 (7.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1777472 (6.0.x)
CVE-2016-8744 (Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. Sn ...)
	NOT-FOR-US: Apache Brooklyn
CVE-2016-8743 (Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was li ...)
	{DSA-3796-1 DLA-841-2 DLA-841-1}
	- apache2 2.4.25-1
	NOTE: https://lists.apache.org/thread.html/139862b41c0dfd5e6e00ad89c00119f9faf0dd41a2f927da9c9a4076@%3Cannounce.httpd.apache.org%3E
	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
	NOTE: The fix is not fully backwards compatible so upstream have
	NOTE: created a new option to control this behaviour. This means that
	NOTE: if this is fixed the security advisory need to mention this.
	NOTE: The fix is invasive and should require some extra testing before reaching
	NOTE: stable and old-stable.
	NOTE: Affects: 2.2.0 to 2.4.23.
	NOTE: Fixed in 2.4.25.
	NOTE: For 2.2 preparation is done in http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x-merge-http-strict/
CVE-2016-8742 (The Windows installer that the Apache CouchDB team provides was vulner ...)
	NOT-FOR-US: Windows installer for Apache CouchDB
CVE-2016-8741 (The Apache Qpid Broker for Java can be configured to use different so  ...)
	- qpid-java <itp> (bug #840131)
CVE-2016-8740 (The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23,  ...)
	- apache2 2.4.25-1 (bug #847124)
	[jessie] - apache2 <not-affected> (Vulnerable code not present)
	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: HTTP/2 support introduced in 2.4.17
CVE-2016-8739 (The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1 ...)
	NOT-FOR-US: Apache CXF
CVE-2016-8738 (In Apache Struts 2.5 through 2.5.5, if an application allows entering  ...)
	- libstruts1.2-java <removed>
	[wheezy] - libstruts1.2-java <end-of-life> (no longer supported)
	NOTE: https://struts.apache.org/docs/s2-044.html
CVE-2016-8737 (In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cro ...)
	NOT-FOR-US: Apache Brooklyn
CVE-2016-8736 (Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Executio ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2016-8735 (Remote code execution is possible with Apache Tomcat before 6.0.48, 7. ...)
	{DSA-3739-1 DSA-3738-1 DLA-729-1 DLA-728-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.0.39-1
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	- tomcat6 6.0.41-3 (low)
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: Fixed by: http://svn.apache.org/r1767656 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1767676 (7.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1767684 (6.0.x)
CVE-2016-8734 (Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 throu ...)
	- subversion 1.9.5-1 (low)
	[jessie] - subversion 1.8.10-6+deb8u5
	[wheezy] - subversion <no-dsa> (Minor issue, binary packages not affected since built against Neon as HTTP library)
	NOTE: Above wheezy entry workarounded; binary packages not affected (since in wheezy build against Neon as HTTP
	NOTE: library), though source is. (unimporant) for individual lines is not supported, thus workaround by marking
	NOTE: as no-dsa.
	NOTE: https://subversion.apache.org/security/CVE-2016-8734-advisory.txt
CVE-2016-8733 (An exploitable integer overflow exists in the Joyent SmartOS 20161110T ...)
	NOT-FOR-US: Joyent SmartOS
CVE-2016-8732 (Multiple security flaws exists in InvProtectDrv.sys which is a part of ...)
	NOT-FOR-US: Invincea Dell Protected Workspace
CVE-2016-8731 (Hard-coded FTP credentials (r:r) are included in the Foscam C1 running ...)
	NOT-FOR-US: Foscam C1
CVE-2016-8730 (An of bound write / memory corruption vulnerability exists in the GIF  ...)
	NOT-FOR-US: Core PHOTO-PAINT X8
CVE-2016-8729 (An exploitable memory corruption vulnerability exists in the JBIG2 par ...)
	{DSA-3817-1 DLA-874-1}
	- jbig2dec 0.13-4 (bug #863886)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0243
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698438
	NOTE: https://git.ghostscript.com/?p=jbig2dec.git;h=e698d5c11d27212aa1098bc5b1673a3378563092
CVE-2016-8728 (An exploitable heap out of bounds write vulnerability exists in the Fi ...)
	- mupdf <not-affected> (Vulnerable code introduced in 1.10, cf. #863545)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0242%20
CVE-2016-8727 (An exploitable information disclosure vulnerability exists in the Web  ...)
	NOT-FOR-US: Moxa
CVE-2016-8726 (An exploitable null pointer dereference vulnerability exists in the We ...)
	NOT-FOR-US: Moxa
CVE-2016-8725 (An exploitable information disclosure vulnerability exists in the Web  ...)
	NOT-FOR-US: Moxa
CVE-2016-8724 (An exploitable information disclosure vulnerability exists in the serv ...)
	NOT-FOR-US: Moxa
CVE-2016-8723 (An exploitable null pointer dereference exists in the Web Application  ...)
	NOT-FOR-US: Moxa
CVE-2016-8722 (An exploitable Information Disclosure vulnerability exists in the Web  ...)
	NOT-FOR-US: Moxa
CVE-2016-8721 (An exploitable OS Command Injection vulnerability exists in the web ap ...)
	NOT-FOR-US: Moxa
CVE-2016-8720 (An exploitable HTTP Header Injection vulnerability exists in the Web A ...)
	NOT-FOR-US: Moxa
CVE-2016-8719 (An exploitable reflected Cross-Site Scripting vulnerability exists in  ...)
	NOT-FOR-US: Moxa
CVE-2016-8718 (An exploitable Cross-Site Request Forgery vulnerability exists in the  ...)
	NOT-FOR-US: Moxa
CVE-2016-8717 (An exploitable Use of Hard-coded Credentials vulnerability exists in t ...)
	NOT-FOR-US: Moxa
CVE-2016-8716 (An exploitable Cleartext Transmission of Password vulnerability exists ...)
	NOT-FOR-US: Moxa
CVE-2016-8715 (An exploitable heap corruption vulnerability exists in the loadTrailer ...)
	NOT-FOR-US: Iceni Argus
CVE-2016-8714 (An exploitable buffer overflow vulnerability exists in the LoadEncodin ...)
	{DSA-3813-1 DLA-861-1}
	- r-base 3.3.3-1 (bug #857466)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0227/
CVE-2016-8713 (A remote out of bound write / memory corruption vulnerability exists i ...)
	NOT-FOR-US: Nitro Pro
CVE-2016-8712 (An exploitable nonce reuse vulnerability exists in the Web Application ...)
	NOT-FOR-US: Moxa
CVE-2016-8711 (A potential remote code execution vulnerability exists in the PDF pars ...)
	NOT-FOR-US: Nitro Pro
CVE-2016-8710 (An exploitable heap write out of bounds vulnerability exists in the de ...)
	- ffmpeg <not-affected> (Vulnerable code wasn't part of ffmpeg according to upstream)
	NOTE: The libbpg library is not packaged in Debian but seem embedded in ffmpeg
	NOTE: http://blog.talosintel.com/2017/01/vulnerability-spotlight-libbpg-image.html
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0223/
CVE-2016-8709 (A remote out of bound write / memory corruption vulnerability exists i ...)
	NOT-FOR-US: Nitro Pro
CVE-2016-8708
	REJECTED
CVE-2016-8707 (An exploitable out of bounds write exists in the handling of compresse ...)
	{DSA-3799-1 DLA-756-1}
	- imagemagick 8:6.9.7.0+dfsg-2 (bug #848139)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0216/
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/e5fd9ab1b70b2edd06de8efb606e04482cb9a2f0 (7.0.3-9)
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/fde5f55af94f189f16958535a9c22b439d71ac93 (6.9.6-7)
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/e5dc6d628a1c6049dc95adcea5e49aaa7ef2c778 (6.9.6-7)
CVE-2016-8706 (An integer overflow in process_bin_sasl_auth function in Memcached, wh ...)
	{DSA-3704-1 DLA-701-1}
	- memcached 1.4.33-1 (bug #842814)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0221/
	NOTE: upstream fix https://github.com/memcached/memcached/commit/bd578fc34b96abe0f8d99c1409814a09f51ee71c
CVE-2016-8705 (Multiple integer overflows in process_bin_update function in Memcached ...)
	{DSA-3704-1 DLA-701-1}
	- memcached 1.4.33-1 (bug #842812)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0220/
	NOTE: upstream fix https://github.com/memcached/memcached/commit/bd578fc34b96abe0f8d99c1409814a09f51ee71c
CVE-2016-8704 (An integer overflow in the process_bin_append_prepend function in Memc ...)
	{DSA-3704-1 DLA-701-1}
	- memcached 1.4.33-1 (bug #842811)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0219/
	NOTE: upstream fix https://github.com/memcached/memcached/commit/bd578fc34b96abe0f8d99c1409814a09f51ee71c
CVE-2016-1000036
	RESERVED
CVE-2016-1000035
	RESERVED
CVE-2016-1000034
	RESERVED
CVE-2016-1000032 (TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due to a mis ...)
	NOT-FOR-US: TGCaptcha2
CVE-2016-8910 (The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Q ...)
	{DLA-1599-1 DLA-698-1 DLA-689-1}
	- qemu 1:2.8+dfsg-1 (bug #841955)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05495.html
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/24/2
CVE-2016-8909 (The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick ...)
	{DLA-1599-1 DLA-698-1 DLA-689-1}
	- qemu 1:2.8+dfsg-1 (bug #841950)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04717.html
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/24/1
CVE-2016-XXXX [Privilege escalation possible to other user than root]
	- bash <unfixed> (unimportant; bug #841856)
	NOTE: This is strongly related to the problem described in CVE-2016-7543 and the correction
	NOTE: is very similar.
	NOTE: https://lists.gnu.org/archive/html/bug-bash/2015-12/msg00112.html
CVE-2016-10249 (Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in Ja ...)
	{DSA-3827-1 DLA-739-1}
	- jasper <removed>
	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568 (version-1.900.12)
	NOTE: https://blogs.gentoo.org/ago/2016/10/23/jasper-heap-based-buffer-overflow-in-jpc_dec_tiledecode-jpc_dec-c/
	NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00001-jasper-heapoverflow-jpc_dec_tiledecode
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/23/7
CVE-2016-10250 (The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 a ...)
	- jasper <not-affected> (Incomplete fix for CVE-206-8887 not applied)
	NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00002-jasper-NULLptr-jp2_colr_destroy
	NOTE: https://blogs.gentoo.org/ago/2016/10/23/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c-incomplete-fix-for-cve-2016-8887
CVE-2016-8887 (The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer bef ...)
	{DLA-739-1}
	- jasper <removed> (unimportant)
	NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c
	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d (version-1.900.10)
	NOTE: When fixing this issue look at the followup report
	NOTE: https://blogs.gentoo.org/ago/2016/10/23/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c-incomplete-fix-for-cve-2016-8887
	NOTE: and include the fix to not make jasper vulnerable to the incomplete fix.
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2016-8886 (The jas_malloc function in libjasper/base/jas_malloc.c in JasPer befor ...)
	- jasper <removed> (low)
	[jessie] - jasper <no-dsa> (Minor issue)
	[wheezy] - jasper <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-memory-allocation-failure-in-jas_malloc-jas_malloc-c
	NOTE: The memory exhaustion has no real impact unless when jasper is compiled with ASAN.
	NOTE: Without ASAN the failure is handled gracefully. In addition the fix is marked as experimental
	NOTE: and not suitable for a backport.
CVE-2016-XXXX [sendmail: Privilege escalation from group smmsp to root]
	- sendmail 8.15.2-7 (bug #841257)
	[jessie] - sendmail 8.14.4-8+deb8u2
	[wheezy] - sendmail <no-dsa> (Minor issue)
	NOTE: no unprivileged user should be in smmsp group and there is no known vulnerability to gain smmsp group membership
CVE-2016-8885 (The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1 ...)
	- jasper <not-affected> (Incomplete fix for CVE-2016-8690 not applied)
	NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690
	NOTE: Fixed by https://github.com/mdadams/jasper/commit/5d66894d2313e3f3469f19066e149e08ff076698
CVE-2016-8884 (The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5  ...)
	- jasper <not-affected> (Incomplete fix for CVE-2016-8690 not applied)
	NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690
	NOTE: Fixed by https://github.com/mdadams/jasper/commit/5d66894d2313e3f3469f19066e149e08ff076698
CVE-2016-8883 (The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8  ...)
	{DLA-739-1}
	- jasper <removed> (unimportant)
	NOTE: https://github.com/mdadams/jasper/issues/32
	NOTE: https://github.com/mdadams/jasper/commit/33cc2cfa51a8d0fc3116d16cc1d8fc581b3f9e8d
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2016-8882 (The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer bef ...)
	{DSA-3785-1 DLA-739-1}
	- jasper <removed> (unimportant)
	NOTE: https://github.com/mdadams/jasper/issues/30
	NOTE: https://github.com/mdadams/jasper/commit/69a1439a5381e42b06ec6a06ed2675eb793babee (version-1.900.8)
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2016-8881
	REJECTED
CVE-2016-8880
	REJECTED
CVE-2016-8866 (The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick ...)
	{DLA-756-1}
	- imagemagick <not-affected>
	NOTE: For incomplete fix of CVE-2016-8862
	NOTE: https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/
	NOTE: This is not a real problem in imagemagick but caused by the "observer" (the address sanitizer), cf.
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30908#p140255 .
CVE-2016-8859 (Multiple integer overflows in the TRE library and musl libc allow atta ...)
	{DLA-687-1}
	- tre 0.8.0-5 (bug #842169)
	[jessie] - tre 0.8.0-4+deb8u1
	- musl 1.1.15-2 (bug #842171)
	[jessie] - musl 1.1.5-2+deb8u1
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/19/1
	NOTE: other issues may still be present in tre after this: https://github.com/laurikari/tre/issues/37
	NOTE: musl patch: http://git.musl-libc.org/cgit/musl/commit/?id=c3edc06d1e1360f3570db9155d6b318ae0d0f0f7, not released yet
CVE-2016-8858 (** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x  ...)
	- openssh 1:7.3p1-2 (bug #841884)
	[jessie] - openssh <ignored> (Minor issue)
	[wheezy] - openssh <no-dsa> (Minor issue)
	NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c?rev=1.127&content-type=text/x-cvsweb-markup
	NOTE: Only thing the attacker could do here is self-dos own connection
CVE-2016-8862 (The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.6+dfsg-1 (bug #845634)
	NOTE: https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/aea6c6507f55632829e6432f8177a084a57c9fcc
	NOTE: The initial patch was initiall meant to be incomplete and resulted in CVE-2016-8866. So when fixing
	NOTE: this CVE make sure to fix it completely to not open up CVE-2016-8866.
	NOTE: The "incomplete fix" though is not a real problem, cf. https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30908#p140255
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/17/4
CVE-2016-8860 (Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal funct ...)
	{DSA-3694-1 DLA-663-1}
	- tor 0.2.8.9-1
	NOTE: https://trac.torproject.org/projects/tor/ticket/20384
	NOTE: https://blog.torproject.org/blog/tor-0289-released-important-fixes
	NOTE: https://gitweb.torproject.org/tor.git/commit/?id=3cea86eb2fbb65949673eb4ba8ebb695c87a57ce
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/18/11
CVE-2016-9138 (PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modifica ...)
	{DSA-3732-1}
	- php7.0 7.0.12-1
	- php5 <removed>
	[wheezy] - php5 <not-affected> (Vulnerable code not present in version 5.4.45)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73147
	NOTE: https://www.openwall.com/lists/oss-security/2016/11/01/7
CVE-2016-9137 (Use-after-free vulnerability in the CURLFile implementation in ext/cur ...)
	{DSA-3698-1}
	- php7.0 7.0.12-1
	- php5 <removed>
	[wheezy] - php5 <not-affected> (Vulnerable code not present in version 5.4.45)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73147
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=0e6fe3a4c96be2d3e88389a5776f878021b4c59f
	NOTE: Fixed in 7.0.12, 5.6.27
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/18/1
CVE-2016-8673 (A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl ...)
	NOT-FOR-US: Siemens SIMATIC CP
CVE-2016-8672 (A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl ...)
	NOT-FOR-US: Siemens SIMATIC CP
CVE-2016-6911 (The dynamicGetbuf function in the GD Graphics Library (aka libgd) befo ...)
	{DSA-3693-1 DLA-665-1}
	- libgd2 2.2.3-87-gd0fec80-2 (bug #840806)
	NOTE: Corresponds to the 0020-Fix-invalid-read-in-gdImageCreateFromTiffPtr.patch patch
	NOTE: https://github.com/libgd/libgd/commit/4859d69e07504d4b0a4bdf9bcb4d9e3769ca35ae
CVE-2016-8703 (Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_i ...)
	{DLA-675-1}
	- potrace 1.13-1
	[jessie] - potrace 1.12-1+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8702 (Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_i ...)
	{DLA-675-1}
	- potrace 1.13-1
	[jessie] - potrace 1.12-1+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8701 (Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_i ...)
	{DLA-675-1}
	- potrace 1.13-1
	[jessie] - potrace 1.12-1+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8700 (Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_i ...)
	{DLA-675-1}
	- potrace 1.13-1
	[jessie] - potrace 1.12-1+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8699 (Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_i ...)
	{DLA-675-1}
	- potrace 1.13-1
	[jessie] - potrace 1.12-1+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8698 (Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_i ...)
	{DLA-675-1}
	- potrace 1.13-1
	[jessie] - potrace 1.12-1+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8697 (The bm_new function in bitmap.h in potrace before 1.13 allows remote a ...)
	{DLA-675-1}
	- potrace 1.13-1
	[jessie] - potrace 1.12-1+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-divide-by-zero-in-bm_new-bitmap-h/
CVE-2016-8696 (The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 all ...)
	{DLA-675-1}
	- potrace 1.13-1
	[jessie] - potrace 1.12-1+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8695 (The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 all ...)
	{DLA-675-1}
	- potrace 1.13-1
	[jessie] - potrace 1.12-1+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8694 (The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 all ...)
	{DLA-675-1}
	- potrace 1.13-1
	[jessie] - potrace 1.12-1+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8693 (Double free vulnerability in the mem_close function in jas_stream.c in ...)
	{DSA-3785-1 DLA-739-1}
	- jasper <removed> (bug #841110)
	NOTE: https://blogs.gentoo.org/ago/2016/10/16/jasper-double-free-in-mem_close-jas_stream-c/
	NOTE: https://github.com/mdadams/jasper/commit/44a524e367597af58d6265ae2014468b334d0309
CVE-2016-8692 (The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer  ...)
	{DSA-3785-1 DLA-739-1}
	- jasper <removed> (unimportant; bug #841111)
	NOTE: https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/
	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020 (version-1.900.4)
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2016-8691 (The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer  ...)
	{DSA-3785-1 DLA-739-1}
	- jasper <removed> (unimportant; bug #841111)
	NOTE: https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/
	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020 (version-1.900.4)
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2016-8690 (The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1 ...)
	{DLA-1583-1}
	- jasper <removed> (low; bug #841112)
	[wheezy] - jasper <no-dsa> (Minor issue)
	NOTE: CVE ID for the first and fifth items of https://www.openwall.com/lists/oss-security/2016/08/23/6 post
	NOTE: https://blogs.gentoo.org/ago/2016/10/16/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c/
	NOTE: The original fix is incomplete resulting in two follow ups CVE-2016-8884 and
	NOTE: CVE-2016-8885.
CVE-2016-8689 (The read_Header function in archive_read_support_format_7zip.c in liba ...)
	{DLA-1600-1 DLA-661-1}
	- libarchive 3.2.1-5 (bug #840934)
	NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-read_header-archive_read_support_format_7zip-c/
	NOTE: https://github.com/libarchive/libarchive/issues/761
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/7f17c791dcfd8c0416e2cd2485b19410e47ef126
CVE-2016-8688 (The mtree bidder in libarchive 3.2.1 does not keep track of line sizes ...)
	{DLA-1600-1 DLA-661-1}
	- libarchive 3.2.1-5 (bug #840935)
	NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-detect_form-archive_read_support_format_mtree-c/
	NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-memory-corruptionunknown-crash-in-bid_entry-archive_read_support_format_mtree-c/
	NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-bid_entry-archive_read_support_format_mtree-c/
	NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-use-after-free-in-bid_entry-archive_read_support_format_mtree-c/
	NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-use-after-free-in-detect_form-archive_read_support_format_mtree-c/
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/eec077f52bfa2d3f7103b4b74d52572ba8a15aca
CVE-2016-8687 (Stack-based buffer overflow in the safe_fprintf function in tar/util.c ...)
	{DLA-1600-1 DLA-661-1}
	- libarchive 3.2.1-5 (bug #840936)
	NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-stack-based-buffer-overflow-in-bsdtar_expand_char-util-c/
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a
	NOTE: https://github.com/libarchive/libarchive/issues/767
CVE-2016-8678 (The IsPixelMonochrome function in MagickCore/pixel-accessor.h in Image ...)
	- imagemagick <unfixed> (unimportant; bug #845204)
	NOTE: https://blogs.gentoo.org/ago/2016/10/07/imagemagick-heap-based-buffer-overflow-in-ispixelmonochrome-pixel-accessor-h/
	NOTE: unimportant: Only an issue with a QuantumDepth=64 build, thus not affecting the binary packages
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/272
CVE-2016-8677 (The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagi ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-1 (bug #845206)
	NOTE: https://blogs.gentoo.org/ago/2016/10/07/imagemagick-memory-allocate-failure-in-acquirequantumpixels-quantum-c/
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/6e48aa92ff4e6e95424300ecd52a9ea453c19c60
CVE-2016-8676 (The get_vlc2 function in get_bits.h in Libav 11.9 allows remote attack ...)
	- libav <removed> (unimportant)
	NOTE: https://blogs.gentoo.org/ago/2016/09/07/libav-null-pointer-dereference-in-get_vlc2_get_bits_h/
CVE-2016-8675 (The get_vlc2 function in get_bits.h in Libav before 11.9 allows remote ...)
	- libav <removed>
	[jessie] - libav 6:11.9-1~deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/09/07/libav-null-pointer-dereference-in-get_vlc2_get_bits_h/
	NOTE: Fixed by: https://github.com/libav/libav/commit/e5b019725f53b79159931d3a7317107cbbfd0860
	NOTE: Cf. CVE-2016-8676 as well which remain unfixed after e5b019725f53b79159931d3a7317107cbbfd0860
CVE-2016-8674 (The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows re ...)
	{DSA-3797-1}
	- mupdf 1.9a+ds1-2 (bug #840957)
	[wheezy] - mupdf <not-affected> (Crash is not reproducible with reprocuder. Needs clarification from upstream.)
	NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=1e03c06456d997435019fb3526fa2d4be7dbc6ec
	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697015
	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697019
CVE-2016-8670 (Integer signedness error in the dynamicGetbuf function in gd_io_dp.c i ...)
	{DSA-3693-1 DLA-665-1}
	- libgd2 2.2.3-87-gd0fec80-1 (bug #840805)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73280
	NOTE: https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/15/1
CVE-2016-8671 (The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not prop ...)
	- matrixssl <not-affected> (Incomplete fix for CVE-2016-6887 not applied)
	NOTE: https://blog.fuzzing-project.org/54-Update-on-MatrixSSL-miscalculation-incomplete-fix-for-CVE-2016-6887.html
CVE-2016-8669 (The serial_update_parameters function in hw/char/serial.c in QEMU (aka ...)
	{DLA-1497-1 DLA-679-1 DLA-678-1}
	- qemu 1:2.8+dfsg-1 (bug #840945)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02461.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1384909
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=3592fe0c919cf27a81d8e9f9b4f269553418bb01
CVE-2016-8668 (The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Q ...)
	- qemu 1:2.8+dfsg-1 (bug #840948)
	[jessie] - qemu <not-affected> (Vulnerable code introduced after v2.4.0-rc0)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced after v2.4.0-rc0)
	- qemu-kvm <not-affected> (Vulnerable code introduced later)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02501.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1384896
CVE-2016-8667 (The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulat ...)
	{DLA-1497-1}
	- qemu 1:2.8+dfsg-4 (bug #840950)
	[wheezy] - qemu <no-dsa> (minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Code only affects mips platform)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02577.html
CVE-2016-8665
	REJECTED
CVE-2016-8664
	REJECTED
CVE-2016-8663
	REJECTED
CVE-2016-8662
	REJECTED
CVE-2016-8661 (Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow  ...)
	NOT-FOR-US: Little Snitch
CVE-2016-8657 (It was discovered that EAP packages in certain versions of Red Hat Ent ...)
	NOT-FOR-US: Red Hat JBoss; jbossas Red Hat configuration file permissions and init script
CVE-2016-8656 (Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to ...)
	NOT-FOR-US: Red Hat JBoss; jbossas init script
CVE-2016-8655 (Race condition in net/packet/af_packet.c in the Linux kernel through 4 ...)
	{DLA-772-1}
	- linux 4.8.15-1
	[jessie] - linux 3.16.39-1
	NOTE: http://seclists.org/oss-sec/2016/q4/607
	NOTE: Introduced by: https://git.kernel.org/linus/f6fb8f100b807378fda19e83e5ac6828b638603a (v3.2-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/84ac7260236a49c79eede91617700174c2c19b0c (v4.9-rc8)
	NOTE: Non-privileged user namespaces disabled by default, only exploitable by arbitrary user if sysctl kernel.unprivileged_userns_clone=1
CVE-2016-8654 (A heap-buffer overflow vulnerability was found in QMFB code in JPC cod ...)
	{DSA-3785-1 DLA-739-1}
	- jasper <removed>
	NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/93
	NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/94
	NOTE: https://github.com/mdadams/jasper/commit/4a59cfaf9ab3d48fca4a15c0d2674bf7138e3d1a
CVE-2016-8653 (It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Ha ...)
	NOT-FOR-US: JMX endpoint of Red Hat JBoss Fuse 6 and Red Hat A-MQ 6
CVE-2016-8652 (The auth component in Dovecot before 2.2.27, when auth-policy is confi ...)
	- dovecot 1:2.2.27-1 (bug #846605)
	[jessie] - dovecot <not-affected> (Only affects 2.2.25 up and including 2.2.26.1)
	[wheezy] - dovecot <not-affected> (Only affects 2.2.25 up and including 2.2.26.1)
CVE-2016-8651 (An input validation flaw was found in the way OpenShift 3 handles requ ...)
	NOT-FOR-US: OpenShift Enterprise
CVE-2016-8650 (The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through ...)
	- linux 4.8.11-1
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: http://seclists.org/fulldisclosure/2016/Nov/76
	NOTE: Proposed fix: https://lkml.org/lkml/2016/11/23/477
	NOTE: Fixed by: https://git.kernel.org/linus/f5527fffff3f002b0a6b376163613b82f69de073
	NOTE: Introduced by https://git.kernel.org/linus/cdec9cb5167ab1113ba9c58e395f664d9d3f9acb (v3.3-rc1)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1343162 (not yet opened)
CVE-2016-8649 (lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker ...)
	- lxc 1:2.0.6-1 (bug #845465)
	[jessie] - lxc 1:1.0.6-6+deb8u5
	[wheezy] - lxc <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c
	NOTE: Details: https://launchpad.net/bugs/1639345
	NOTE: To be complete this needs as well changes to src:linux
CVE-2016-8648 (It was found that the Karaf container used by Red Hat JBoss Fuse 6.x,  ...)
	NOT-FOR-US: Karaf container uses by Red Hat products
CVE-2016-8647 (An input validation vulnerability was found in Ansible's mysql_user mo ...)
	- ansible 2.2.0.0-4 (bug #844691)
	[jessie] - ansible <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ansible/ansible-modules-core/pull/5388
CVE-2016-8646 (The hash_accept function in crypto/algif_hash.c in the Linux kernel be ...)
	- linux 4.4.2-1
	[jessie] - linux 3.16.7-ckt25-1
	[wheezy] - linux 3.2.78-1
	NOTE: https://lkml.org/lkml/2016/10/12/198
	NOTE: Fixed by: https://git.kernel.org/linus/4afa5f9617927453ac04b24b584f6c718dfb4f45 (v4.4-rc2)
CVE-2016-8645 (The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncat ...)
	{DLA-772-1}
	- linux 4.8.11-1
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/ac6e780070e30e4c35bd395acfe9191e6268bdd3 (v4.9-rc6)
CVE-2016-8644 (In Moodle 2.x and 3.x, the capability to view course notes is checked  ...)
	- moodle 2.7.17+dfsg-1
	NOTE: https://moodle.org/mod/forum/discuss.php?d=343277
CVE-2016-8643 (In Moodle 2.x and 3.x, non-admin site managers may accidentally edit a ...)
	- moodle 2.7.17+dfsg-1
	NOTE: https://moodle.org/mod/forum/discuss.php?d=343276
CVE-2016-8642 (In Moodle 2.x and 3.x, the question engine allows access to files that ...)
	- moodle 2.7.17+dfsg-1
	NOTE: https://moodle.org/mod/forum/discuss.php?d=343275
CVE-2016-10089 (Nagios 4.3.2 and earlier allows local users to gain root privileges vi ...)
	- nagios3 <not-affected> (Vulnerable code not present)
	NOTE: Flaw in upstream damon-init.in. Debian package installs an own init-skript.
CVE-2016-8641 (A privilege escalation vulnerability was found in nagios 4.2.x that oc ...)
	- nagios3 <not-affected> (Vulnerable code not present)
	NOTE: Flaw in upstream damon-init.in. Debian package installs an own init-skript.
CVE-2016-8640 (A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10 ...)
	- pycsw 2.0.2+dfsg-1
	NOTE: https://github.com/geopython/pycsw/pull/474/files
	NOTE: https://patch-diff.githubusercontent.com/raw/geopython/pycsw/pull/474.patch
CVE-2016-8639 (It was found that foreman before 1.13.0 is vulnerable to a stored XSS  ...)
	- foreman <itp> (bug #663101)
	NOTE: http://projects.theforeman.org/issues/15037
	NOTE: https://github.com/theforeman/foreman/pull/3523
CVE-2016-8638 (A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 bef ...)
	- ipsilon <itp> (bug #826838)
	NOTE: https://ipsilon-project.org/advisory/CVE-2016-8638.txt
	NOTE: https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c
CVE-2016-8637 (A local information disclosure issue was found in dracut before 045 wh ...)
	- dracut 044+189-1 (low; bug #843697)
	[jessie] - dracut <no-dsa> (Minor issue)
	[wheezy] - dracut <not-affected> (Introduced in 030 upstream)
	NOTE: Fixed by: http://git.kernel.org/cgit/boot/dracut/dracut.git/commit/?id=0db98910a11c12a454eac4c8e86dc7a7bbc764a4
	NOTE: Introduced by: http://git.kernel.org/cgit/boot/dracut/dracut.git/commit/?id=5f2c30d9bcd614d546d5c55c6897e33f88b9ab90 (030)
CVE-2016-8636 (Integer overflow in the mem_check_range function in drivers/infiniband ...)
	- linux 4.9.10-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fix https://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66
CVE-2016-8635 (It was found that Diffie Hellman Client key exchange handling in NSS 3 ...)
	- nss 2:3.25-1
	NOTE: Patch as applied in CentOS (but contains other changes):
	NOTE: https://git.centos.org/blob/rpms!nss!/aada6b10b73091276397404059605d13e7548462/SOURCES!moz-1314604.patch
	NOTE: Further info: https://bugzilla.redhat.com/show_bug.cgi?id=1391818
	NOTE: Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1314604
CVE-2016-8634 (A vulnerability was found in foreman 1.14.0. When creating an organiza ...)
	- foreman <itp> (bug #663101)
	NOTE: http://projects.theforeman.org/issues/17195
CVE-2016-8633 (drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain un ...)
	{DLA-772-1}
	- linux 4.8.7-1
	[jessie] - linux 3.16.39-1
	NOTE: https://git.kernel.org/linus/667121ace9dbafb368618dbabcf07901c962ddac
	NOTE: https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/
CVE-2016-8632 (The tipc_msg_build function in net/tipc/msg.c in the Linux kernel thro ...)
	- linux 4.8.15-1
	[jessie] - linux <not-affected> (Vulnerable code introduced in 3.17-rc1)
	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.17-rc1)
	NOTE: https://www.mail-archive.com/netdev@vger.kernel.org/msg133205.html
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3de81b758853f0b29c61e246679d20b513c4cfec (v4.9-rc8)
CVE-2016-8631 (The OpenShift Enterprise 3 router does not properly sort routes when p ...)
	NOT-FOR-US: OpenShift Enterprise
CVE-2016-8630 (The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux ke ...)
	- linux 4.8.7-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/d9092f52d7e61dd1557f2db2400ddb430e85937e (v4.9-rc4)
	NOTE: Introduced by: https://git.kernel.org/linus/41061cdb98a0bec464278b4db8e894a3121671f5 (v3.17-rc1)
CVE-2016-8629 (Red Hat Keycloak before version 2.4.0 did not correctly check permissi ...)
	NOT-FOR-US: Keycloak
CVE-2016-8628 (Ansible before version 2.2.0 fails to properly sanitize fact variables ...)
	- ansible 2.2.0.0-1 (bug #842985)
	[jessie] - ansible <not-affected> (Vulnerable code not present)
	NOTE: Fixed upstream in v2.2.0.0-1
	NOTE: Needs an attacker to compromise a controlled server.
CVE-2016-8627 (admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an ...)
	NOT-FOR-US: Red Hat JBoss EAP
CVE-2016-8626 (A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object  ...)
	- ceph 10.2.5-1 (bug #844200)
	[jessie] - ceph 0.80.7-2+deb8u2
	NOTE: http://tracker.ceph.com/issues/17635
CVE-2016-8625 (curl before version 7.51.0 uses outdated IDNA 2003 standard to handle  ...)
	- curl 7.51.0-1
	[jessie] - curl <no-dsa> (the fix is too invasive)
	[wheezy] - curl <no-dsa> (the fix is too invasive)
	NOTE: https://github.com/curl/curl/commit/9c91ec778104ae3b744b39444d544e82d5ee9ece
	NOTE: https://curl.haxx.se/docs/adv_20161102K.html
	NOTE: https://curl.haxx.se/CVE-2016-8625.patch
CVE-2016-8624 (curl before version 7.51.0 doesn't parse the authority component of th ...)
	{DSA-3705-1 DLA-711-1}
	- curl 7.51.0-1
	NOTE: https://github.com/curl/curl/commit/3bb273db7e40ebc284cff45f3ce3f0475c8339c2
	NOTE: https://curl.haxx.se/docs/adv_20161102J.html
	NOTE: https://curl.haxx.se/CVE-2016-8624.patch
CVE-2016-8623 (A flaw was found in curl before version 7.51.0. The way curl handles c ...)
	{DSA-3705-1 DLA-711-1}
	- curl 7.51.0-1
	NOTE: https://github.com/curl/curl/commit/c5be3d7267c725dbd093ff3a883e07ee8cf2a1d5
	NOTE: https://curl.haxx.se/docs/adv_20161102I.html
	NOTE: https://curl.haxx.se/CVE-2016-8623.patch
CVE-2016-8622 (The URL percent-encoding decode function in libcurl before 7.51.0 is c ...)
	{DSA-3705-1 DLA-711-1}
	- curl 7.51.0-1
	NOTE: https://github.com/curl/curl/commit/53e71e47d6b81650d26ec33a58d0dca24c7ffb2c
	NOTE: https://curl.haxx.se/docs/adv_20161102H.html
	NOTE: https://curl.haxx.se/CVE-2016-8622.patch
CVE-2016-8621 (The `curl_getdate` function in curl before version 7.51.0 is vulnerabl ...)
	{DSA-3705-1 DLA-711-1}
	- curl 7.51.0-1
	NOTE: https://github.com/curl/curl/commit/96a80b5a262fb6dd2ddcea7987296f3b9a405618
	NOTE: https://curl.haxx.se/docs/adv_20161102G.html
	NOTE: https://curl.haxx.se/CVE-2016-8621.patch
CVE-2016-8620 (The 'globbing' feature in curl before version 7.51.0 has a flaw that l ...)
	{DSA-3705-1}
	- curl 7.51.0-1
	[wheezy] - curl <not-affected> (Vulnerable code introduced in 7.34.0)
	NOTE: https://github.com/curl/curl/commit/fbb5f1aa0326d485d5a7ac643b48481897ca667f
	NOTE: https://curl.haxx.se/docs/adv_20161102F.html
	NOTE: https://curl.haxx.se/CVE-2016-8620.patch
CVE-2016-8619 (The function `read_data()` in security.c in curl before version 7.51.0 ...)
	{DSA-3705-1 DLA-711-1}
	- curl 7.51.0-1
	NOTE: https://github.com/curl/curl/commit/3d6460edeee21d7d790ec570d0887bed1f4366dd
	NOTE: https://curl.haxx.se/docs/adv_20161102E.html
	NOTE: https://curl.haxx.se/CVE-2016-8619.patch
CVE-2016-8618 (The libcurl API function called `curl_maprintf()` before version 7.51. ...)
	{DSA-3705-1 DLA-711-1}
	- curl 7.51.0-1
	NOTE: https://github.com/curl/curl/commit/8732ec40db652c53fa58cd13e2acb8eab6e40874
	NOTE: https://curl.haxx.se/docs/adv_20161102D.html
	NOTE: https://curl.haxx.se/CVE-2016-8618.patch
CVE-2016-8617 (The base64 encode function in curl before version 7.51.0 is prone to a ...)
	{DSA-3705-1 DLA-711-1}
	- curl 7.51.0-1
	NOTE: https://github.com/curl/curl/commit/efd24d57426bd77c9b5860e6b297904703750412
	NOTE: https://curl.haxx.se/docs/adv_20161102C.html
	NOTE: https://curl.haxx.se/CVE-2016-8617.patch
CVE-2016-8616 (A flaw was found in curl before version 7.51.0 When re-using a connect ...)
	{DSA-3705-1 DLA-711-1}
	- curl 7.51.0-1
	NOTE: https://github.com/curl/curl/commit/b3ee26c5df75d97f6895e6ec4538894ebaf76e48
	NOTE: https://curl.haxx.se/docs/adv_20161102B.html
	NOTE: https://curl.haxx.se/CVE-2016-8616.patch
CVE-2016-8615 (A flaw was found in curl before version 7.51. If cookie state is writt ...)
	{DSA-3705-1 DLA-711-1}
	- curl 7.51.0-1
	NOTE: https://github.com/curl/curl/commit/cff89bc088b7884098ea0c5378bbda3d49c437bc
	NOTE: https://curl.haxx.se/docs/adv_20161102A.html
	NOTE: https://curl.haxx.se/CVE-2016-8615.patch
CVE-2016-8614 (A flaw was found in Ansible before version 2.2.0. The apt_key module d ...)
	- ansible 2.2.0.0-1 (bug #842984)
	[jessie] - ansible <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed upstream in v2.2.0.0-1
	NOTE: https://github.com/ansible/ansible-modules-core/issues/5237
	NOTE: https://github.com/ansible/ansible-modules-core/pull/5353
	NOTE: https://github.com/ansible/ansible-modules-core/pull/5357
CVE-2016-8613 (A flaw was found in foreman 1.5.1. The remote execution plugin runs co ...)
	- foreman <itp> (bug #663101)
	NOTE: http://projects.theforeman.org/issues/17066/
	NOTE: https://github.com/theforeman/foreman_remote_execution/pull/208
CVE-2016-8612 (Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerab ...)
	- libapache2-mod-cluster <itp> (bug #731410)
CVE-2016-8611 (A vulnerability was found in Openstack Glance. No limits are enforced  ...)
	- glance <unfixed> (unimportant)
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/27/16
CVE-2016-8610 (A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 thro ...)
	{DSA-3773-1 DLA-814-1}
	- openssl 1.0.2j-1
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/24/3
	NOTE: Fixed by: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1384743 mentions countermeasures in gnutls
	NOTE: https://gitlab.com/gnutls/gnutls/commit/1ffb827e45721ef56982d0ffd5c5de52376c428e
CVE-2016-8609 (It was found that the keycloak before 2.3.0 did not implement authenti ...)
	NOT-FOR-US: Keycloak
CVE-2016-8608 (JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via busine ...)
	NOT-FOR-US: JBoss BPMS
CVE-2016-8607
	RESERVED
CVE-2016-8604
	RESERVED
CVE-2016-8603
	RESERVED
CVE-2016-8600 (In dotCMS 3.2.1, attacker can load captcha once, fill it with correct  ...)
	NOT-FOR-US: dotCMS
CVE-2016-8599
	RESERVED
CVE-2016-8598 (Buffer overflow in the zmq interface in csp_if_zmqhub.c in the libcsp  ...)
	- libcsp <removed> (bug #843012)
	NOTE: https://github.com/GomSpace/libcsp/pull/81/commits/4435fbed4090ff3cd090a61517430fe8a3924cd8
CVE-2016-8597 (Buffer overflow in the csp_sfp_recv_fp in csp_sfp.c in the libcsp libr ...)
	- libcsp <removed> (bug #843012)
	NOTE: https://github.com/GomSpace/libcsp/pull/81/commits/4435fbed4090ff3cd090a61517430fe8a3924cd8
CVE-2016-8596 (Buffer overflow in the csp_can_process_frame in csp_if_can.c in the li ...)
	- libcsp <removed> (bug #843012)
	NOTE: https://github.com/GomSpace/libcsp/pull/81/commits/4435fbed4090ff3cd090a61517430fe8a3924cd8
CVE-2016-8595 (The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1 ...)
	- ffmpeg 7:3.1.5-1
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/08/2
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/987690799dd86433bf98b897aaa4c8d93ade646d
CVE-2016-8594
	RESERVED
CVE-2016-8666 (The IP stack in the Linux kernel before 4.6 allows remote attackers to ...)
	- linux 4.6.1-1
	[jessie] - linux 3.6.36-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/fac8e0f579695a3ecbc4d3cac369139d7f819971
	NOTE: Introduced by: htttps://git.kernel.org/linus/bf5a755f5e9186406bbf50f4087100af5bd68e40
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/13/11
CVE-2016-8660 (The XFS subsystem in the Linux kernel through 4.8.2 allows local users ...)
	- linux <unfixed> (unimportant)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-4.9 <removed> (unimportant)
	NOTE: Not a security bug per upstream at https://marc.info/?l=linux-fsdevel&m=147639177409294&w=2
CVE-2016-8659 (Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might all ...)
	- bubblewrap 0.1.2-2 (bug #840605)
	NOTE: https://github.com/projectatomic/bubblewrap/issues/107
CVE-2016-8658 (Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in ...)
	- linux 4.7.5-1
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later in 3.7)
	NOTE: Fixed by: https://git.kernel.org/linus/ded89912156b1a47d940a0c954c43afbabd0c42c (v4.8-rc8)
CVE-2016-8606 (The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to e ...)
	{DLA-666-1}
	- guile-2.0 2.0.13+1-1 (low; bug #840555)
	[jessie] - guile-2.0 2.0.11+1-9+deb8u1
	- guile-1.8 <not-affected> (repl server introduced in 2.0)
	NOTE: Patch: http://git.savannah.gnu.org/cgit/guile.git/commit/?h=stable-2.0&id=08c021916dbd3a235a9f9cc33df4c418c0724e03
CVE-2016-8605 (The mkdir procedure of GNU Guile temporarily changed the process' umas ...)
	{DLA-666-1}
	- guile-2.0 2.0.13+1-1 (low; bug #840556)
	[jessie] - guile-2.0 2.0.11+1-9+deb8u1
	- guile-1.8 <removed> (low; bug #841494)
	[jessie] - guile-1.8 <no-dsa> (Minor issue)
	[wheezy] - guile-1.8 <no-dsa> (Minor issue)
	NOTE: http://bugs.gnu.org/24659
	NOTE: Patch: http://git.savannah.gnu.org/cgit/guile.git/commit/?h=stable-2.0&id=245608911698adb3472803856019bdd5670b6614
CVE-2016-8593 (Directory traversal vulnerability in upload.cgi in Trend Micro Threat  ...)
	NOT-FOR-US: Trend Micro
CVE-2016-8592 (log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.106 ...)
	NOT-FOR-US: Trend Micro
CVE-2016-8591 (log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and ...)
	NOT-FOR-US: Trend Micro
CVE-2016-8590 (log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 ...)
	NOT-FOR-US: Trend Micro
CVE-2016-8589 (log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 ...)
	NOT-FOR-US: Trend Micro
CVE-2016-8588 (The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.10 ...)
	NOT-FOR-US: Trend Micro
CVE-2016-8587 (dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.10 ...)
	NOT-FOR-US: Trend Micro
CVE-2016-8586 (detected_potential_files.cgi in Trend Micro Threat Discovery Appliance ...)
	NOT-FOR-US: Trend Micro
CVE-2016-8585 (admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r ...)
	NOT-FOR-US: Trend Micro
CVE-2016-8584 (Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses pre ...)
	NOT-FOR-US: Trend Micro
CVE-2016-8583 (Multiple GET parameters in the vulnerability scan scheduler of AlienVa ...)
	NOT-FOR-US: AlienVault
CVE-2016-8582 (A vulnerability exists in gauge.php of AlienVault OSSIM and USM before ...)
	NOT-FOR-US: AlienVault
CVE-2016-8581 (A persistent XSS vulnerability exists in the User-Agent header of the  ...)
	NOT-FOR-US: AlienVault
CVE-2016-8580 (PHP object injection vulnerabilities exist in multiple widget files in ...)
	NOT-FOR-US: AlienVault
CVE-2016-8579 (docker2aci &lt;= 0.12.3 has an infinite loop when handling local image ...)
	- golang-github-appc-docker2aci 0.12.3+dfsg-2 (bug #840711)
	NOTE: https://github.com/appc/docker2aci/issues/203
	NOTE: https://github.com/lucab/docker2aci/commit/54331ec7020e102935c31096f336d31f6400064f
CVE-2016-8575 (The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in prin ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-8574 (The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in pri ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-8573
	RESERVED
CVE-2016-8572
	RESERVED
CVE-2016-8571
	RESERVED
CVE-2016-8570
	RESERVED
CVE-2016-8567 (An issue was discovered in Siemens SICAM PAS before 8.00. A factory ac ...)
	NOT-FOR-US: Siemens
CVE-2016-8566 (An issue was discovered in Siemens SICAM PAS before 8.00. Because of S ...)
	NOT-FOR-US: Siemens
CVE-2016-8565 (Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote  ...)
	NOT-FOR-US: Siemens Automation License Manager
CVE-2016-8564 (SQL injection vulnerability in Siemens Automation License Manager (ALM ...)
	NOT-FOR-US: Siemens Automation License Manager
CVE-2016-8563 (Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allow ...)
	NOT-FOR-US: Siemens Automation License Manager
CVE-2016-8562 (Siemens SIMATIC CP 1543-1 before 2.0.28, when SNMPv3 write access or S ...)
	NOT-FOR-US: Siemens SIMATIC CP
CVE-2016-8561 (Siemens SIMATIC CP 1543-1 before 2.0.28 allows remote authenticated us ...)
	NOT-FOR-US: Siemens SIMATIC CP
CVE-2016-8560
	REJECTED
CVE-2016-8559
	REJECTED
CVE-2016-8558
	REJECTED
CVE-2016-8557
	REJECTED
CVE-2016-8556
	REJECTED
CVE-2016-8555
	REJECTED
CVE-2016-8554
	REJECTED
CVE-2016-8553
	REJECTED
CVE-2016-8552
	REJECTED
CVE-2016-8551
	REJECTED
CVE-2016-8550
	REJECTED
CVE-2016-8549
	REJECTED
CVE-2016-8548
	REJECTED
CVE-2016-8547
	REJECTED
CVE-2016-8546
	REJECTED
CVE-2016-8545
	REJECTED
CVE-2016-8544
	REJECTED
CVE-2016-8543
	REJECTED
CVE-2016-8542
	REJECTED
CVE-2016-8541
	REJECTED
CVE-2016-8540
	REJECTED
CVE-2016-8539
	REJECTED
CVE-2016-8538
	REJECTED
CVE-2016-8537
	REJECTED
CVE-2016-8536
	REJECTED
CVE-2016-8535 (A remote HTTP parameter Pollution vulnerability in HPE Matrix Operatin ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-8534 (A remote privilege elevation vulnerability in HPE Matrix Operating Env ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-8533 (A remote priviledge escalation vulnerability in HPE Matrix Operating E ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-8532 (A cross site scripting vulnerability in HPE Matrix Operating Environme ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-8531 (A remote information disclosure vulnerability in HPE Matrix Operating  ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-8530 (A remote denial of service vulnerability in HPE iMC PLAT version v7.2  ...)
	NOT-FOR-US: HPE iMC PLAT
CVE-2016-8529 (A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual ...)
	NOT-FOR-US: HPE StoreVirtual
CVE-2016-8528 (A Remote Escalation of Privilege vulnerability in HPE Helion Eucalyptu ...)
	NOT-FOR-US: HPE Helion Eucalyptus
CVE-2016-8527 (Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulner ...)
	NOT-FOR-US: Aruba
CVE-2016-8526 (Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulner ...)
	NOT-FOR-US: Aruba
CVE-2016-8525 (A Remote Disclosure of Information vulnerability in HPE iMC PLAT versi ...)
	NOT-FOR-US: HPE iMC PLAT
CVE-2016-8524
	REJECTED
CVE-2016-8523 (A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage A ...)
	NOT-FOR-US: HP Smart Storage Administrator
CVE-2016-8522 (A cross-site scripting vulnerability in HPE Diagnostics version 9.24 I ...)
	NOT-FOR-US: HPE Diagnostics
CVE-2016-8521 (A Remote click jacking vulnerability in HPE Diagnostics version 9.24 I ...)
	NOT-FOR-US: HPE Diagnostics
CVE-2016-8520 (HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM  ...)
	- eucalyptus <removed>
CVE-2016-8519 (A remote code execution vulnerability in HPE Operations Orchestration  ...)
	NOT-FOR-US: HPE Operations Orchestration
CVE-2016-8518 (A remote denial of service vulnerability in HPE Systems Insight Manage ...)
	NOT-FOR-US: HPE
CVE-2016-8517 (A cross site scripting vulnerability in HPE Systems Insight Manager in ...)
	NOT-FOR-US: HPE
CVE-2016-8516 (A remote denial of service vulnerability in HPE Systems Insight Manage ...)
	NOT-FOR-US: HPE
CVE-2016-8515 (A remote malicious file upload vulnerability in HPE Version Control Re ...)
	NOT-FOR-US: HPE Version Control Repository Manager
CVE-2016-8514 (A remote information disclosure in HPE Version Control Repository Mana ...)
	NOT-FOR-US: HPE Version Control Repository Manager
CVE-2016-8513 (A Cross-Site Request Forgery (CSRF) vulnerability in HPE Version Contr ...)
	NOT-FOR-US: HPE Version Control Repository Manager
CVE-2016-8512 (A Remote Code Execution vulnerability in all versions of HPE LoadRunne ...)
	NOT-FOR-US: HPE
CVE-2016-8511 (A Remote Code Execution vulnerability in HPE Network Automation using  ...)
	NOT-FOR-US: HPE
CVE-2016-8510
	REJECTED
CVE-2016-8509
	REJECTED
CVE-2016-8508 (Yandex Browser for desktop before 17.1.1.227 does not show Protect (si ...)
	NOT-FOR-US: Yandex Browser
CVE-2016-8507 (Yandex Browser for iOS before 16.10.0.2357 does not properly restrict  ...)
	NOT-FOR-US: Yandex Browser
CVE-2016-8506 (XSS in Yandex Browser Translator in Yandex browser for desktop for ver ...)
	NOT-FOR-US: Yandex Browser
CVE-2016-8505 (XSS in Yandex Browser BookReader in Yandex browser for desktop for ver ...)
	NOT-FOR-US: Yandex Browser
CVE-2016-8504 (CSRF of synchronization form in Yandex Browser for desktop before vers ...)
	NOT-FOR-US: Yandex Browser
CVE-2016-8503 (Yandex Protect Anti-phishing warning in Yandex Browser for desktop fro ...)
	NOT-FOR-US: Yandex Browser
CVE-2016-8502 (Yandex Protect Anti-phishing warning in Yandex Browser for desktop fro ...)
	NOT-FOR-US: Yandex Browser
CVE-2016-8501 (Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 all ...)
	NOT-FOR-US: Yandex Browser
CVE-2016-8500
	REJECTED
CVE-2016-8499
	REJECTED
CVE-2016-8498
	REJECTED
CVE-2016-8497
	REJECTED
CVE-2016-8496
	REJECTED
CVE-2016-8495 (An improper certificate validation vulnerability in Fortinet FortiMana ...)
	NOT-FOR-US: FortiManager
CVE-2016-8494 (Insufficient verification of uploaded files allows attackers with webu ...)
	NOT-FOR-US: Fortiguard
CVE-2016-8493 (In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privil ...)
	NOT-FOR-US: Fortiguard
CVE-2016-8492 (The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows a ...)
	NOT-FOR-US: Fortinet FortiWLC
CVE-2016-8491 (The presence of a hardcoded account named 'core' in Fortinet FortiWLC  ...)
	NOT-FOR-US: Fortinet FortiWLC
CVE-2016-XXXX [dbus format string vulnerability]
	- dbus 1.10.12-1
	[jessie] - dbus 1.8.22-0+deb8u1
	[wheezy] - dbus <no-dsa> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=98157
	NOTE: Versions affected: dbus >= 1.4.0
	NOTE: Fixed in: dbus >= 1.11.6, 1.10.x >= 1.10.12, 1.8.x >= 1.8.22
	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/10/10/9
	NOTE: In Debian CVE-2015-0245 was already fixed, and this issue is
	NOTE: not believed to be exploitable in practice, because the relevant
	NOTE: message is ignored unless it comes from the owner of the bus name
	NOTE: org.freedesktop.systemd1. On the system bus, this bus name is only
	NOTE: allowed to be owned by uid 0; it is intended to be owned by systemd,
	NOTE: and no mechanism is currently known by which an attacker who does not
	NOTE: already have root privileges could induce systemd to send messages
	NOTE: that would trigger the format string vulnerability.
CVE-2016-8686 (The bm_new function in bitmap.h in potrace 1.13 allows remote attacker ...)
	- potrace 1.14-1 (low; bug #850595)
	[stretch] - potrace <no-dsa> (Minor issue)
	[jessie] - potrace <no-dsa> (Minor issue)
	[wheezy] - potrace <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2016/08/29/potrace-memory-allocation-failure
	NOTE: http://potrace.sourceforge.net/ChangeLog claims that it's fixed in 1.14
	NOTE: but see https://lists.debian.org/debian-lts/2017/05/msg00032.html
CVE-2016-8685 (The findnext function in decompose.c in potrace 1.13 allows remote att ...)
	{DLA-889-1}
	- potrace 1.13-3 (bug #843861)
	[jessie] - potrace <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/
CVE-2016-8684 (The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25  ...)
	{DSA-3746-1 DLA-683-1}
	- graphicsmagick 1.3.25-5
	NOTE: https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-memory-allocation-failure-in-magickmalloc-memory-c/
	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/c53725cb5449
CVE-2016-8683 (The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 all ...)
	{DSA-3746-1 DLA-683-1}
	- graphicsmagick 1.3.25-5
	NOTE: https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-memory-allocation-failure-in-readpcximage-pcx-c/
	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/b9edafd479b9
CVE-2016-8682 (The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 all ...)
	{DSA-3746-1 DLA-683-1}
	- graphicsmagick 1.3.25-5
	NOTE: https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-stack-based-buffer-overflow-in-readsctimage-sct-c/
	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/0a0dfa81906d
CVE-2016-8679 (The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in Libdwa ...)
	- dwarfutils 20161001-2 (bug #840958)
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/08/11
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/2d14a7792889e33bc542c28d0f3792964c46214f/#diff-13
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/efe48cad0693d6994d9a7b561e1c3833b073a624/#diff-2
	NOTE: Same fix as CVE-2016-8681 but different issue
CVE-2016-8680 (The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20 ...)
	- dwarfutils 20161001-2 (bug #840960)
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/08/12
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/268c1f18d1d28612af3b72d7c670076b1b88e51c/tree/libdwarf/dwarf_util.c?diff=0b28b923c3bd9827d1d904feed2abadde4fa5de2
CVE-2016-8681 (The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20 ...)
	- dwarfutils 20161001-2 (bug #840961)
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/2d14a7792889e33bc542c28d0f3792964c46214f/#diff-13
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/efe48cad0693d6994d9a7b561e1c3833b073a624/#diff-2
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/08/13
CVE-2016-8602 (The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 al ...)
	{DSA-3691-1 DLA-674-1}
	- ghostscript 9.19~dfsg-3.1 (bug #840451)
	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697203
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78
CVE-2016-8601
	REJECTED
CVE-2016-8578 (The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (ak ...)
	{DLA-1599-1 DLA-679-1 DLA-678-1}
	- qemu 1:2.8+dfsg-1 (bug #840340)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07143.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ba42ebb863ab7d40adc79298422ed9596df8f73a
CVE-2016-8577 (Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Qui ...)
	{DLA-1599-1 DLA-679-1 DLA-678-1}
	- qemu 1:2.8+dfsg-1 (bug #840341)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07127.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=e95c9a493a5a8d6f969e86c9f19f80ffe6587e19
CVE-2016-8576 (The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick E ...)
	{DLA-1497-1 DLA-679-1 DLA-678-1}
	- qemu 1:2.8+dfsg-1 (bug #840343)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01265.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=05f43d44e4bc26611ce25fd7d726e483f73363ce
CVE-2016-8569 (The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows  ...)
	- libgit2 0.24.2-2 (bug #840227)
	[jessie] - libgit2 <no-dsa> (Minor issue)
	[experimental] - cargo 0.17.0-1~exp1
	- cargo 0.17.0-1 (bug #860989)
	NOTE: https://github.com/libgit2/libgit2/issues/3937
CVE-2016-8568 (The git_commit_message function in oid.c in libgit2 before 0.24.3 allo ...)
	- libgit2 0.24.5-1 (bug #840227)
	[jessie] - libgit2 <no-dsa> (Minor issue)
	[experimental] - cargo 0.17.0-1~exp1
	- cargo 0.17.0-1 (bug #860989)
	NOTE: https://github.com/libgit2/libgit2/issues/3936
CVE-2016-8490
	RESERVED
CVE-2016-8489
	REJECTED
CVE-2016-8488 (An elevation of privilege vulnerability in Qualcomm closed source comp ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-8487 (An elevation of privilege vulnerability in Qualcomm closed source comp ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-8486 (An information disclosure vulnerability in Qualcomm closed source comp ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-8485 (An information disclosure vulnerability in Qualcomm closed source comp ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-8484 (An elevation of privilege vulnerability in Qualcomm closed source comp ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-8483 (An information disclosure vulnerability in the Qualcomm power driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8482 (An elevation of privilege vulnerability in the NVIDIA GPU driver. Prod ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-8481 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8480 (An elevation of privilege vulnerability in the Qualcomm Secure Executi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8479 (An elevation of privilege vulnerability in the Qualcomm GPU driver cou ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8478 (An information disclosure vulnerability in the Qualcomm video driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8477 (An information disclosure vulnerability in the Qualcomm camera driver  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8476 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8475 (An information disclosure vulnerability in the HTC input driver could  ...)
	NOT-FOR-US: HTC driver for Android
CVE-2016-8474 (An information disclosure vulnerability in the STMicroelectronics driv ...)
	NOT-FOR-US: STMicroelectronics driver for Android
CVE-2016-8473 (An information disclosure vulnerability in the STMicroelectronics driv ...)
	NOT-FOR-US: STMicroelectronics driver for Android
CVE-2016-8472 (An information disclosure vulnerability in the MediaTek driver could e ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2016-8471 (An information disclosure vulnerability in the MediaTek driver could e ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2016-8470 (An information disclosure vulnerability in the MediaTek driver could e ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2016-8469 (An information disclosure vulnerability in the camera driver could ena ...)
	NOT-FOR-US: camera driver for Android
CVE-2016-8468 (An elevation of privilege vulnerability in Binder could enable a local ...)
	NOT-FOR-US: Android Binder
CVE-2016-8467 (An elevation of privilege vulnerability in the bootloader could enable ...)
	NOT-FOR-US: Android bootloader
CVE-2016-8466 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Broadcom Wi-Fi driver for Android
CVE-2016-8465 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Broadcom Wi-Fi driver for Android
CVE-2016-8464 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Broadcom Wi-Fi driver for Android
CVE-2016-8463 (A denial of service vulnerability in the Qualcomm FUSE file system cou ...)
	NOT-FOR-US: Qualcomm file system for Android
CVE-2016-8462 (An information disclosure vulnerability in the bootloader could enable ...)
	NOT-FOR-US: Android bootloader
CVE-2016-8461 (An information disclosure vulnerability in the bootloader could enable ...)
	NOT-FOR-US: Android bootloader
CVE-2016-8460 (An information disclosure vulnerability in the NVIDIA video driver cou ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8459 (Possible buffer overflow in storage subsystem. Bad parameters as part  ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8458 (An elevation of privilege vulnerability in the Synaptics touchscreen d ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-8457 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Broadcom Wi-Fi driver for Android
CVE-2016-8456 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Broadcom Wi-Fi driver for Android
CVE-2016-8455 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Broadcom Wi-Fi driver for Android
CVE-2016-8454 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Broadcom Wi-Fi driver for Android
CVE-2016-8453 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...)
	NOT-FOR-US: Broadcom Wi-Fi driver for Android
CVE-2016-8452 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8451 (An elevation of privilege vulnerability in the Synaptics touchscreen d ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-8450 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8449 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8448 (An elevation of privilege vulnerability in MediaTek components, includ ...)
	NOT-FOR-US: MediaTek component for Android
CVE-2016-8447 (An elevation of privilege vulnerability in MediaTek components, includ ...)
	NOT-FOR-US: MediaTek component for Android
CVE-2016-8446 (An elevation of privilege vulnerability in MediaTek components, includ ...)
	NOT-FOR-US: MediaTek component for Android
CVE-2016-8445 (An elevation of privilege vulnerability in MediaTek components, includ ...)
	NOT-FOR-US: MediaTek component for Android
CVE-2016-8444 (An elevation of privilege vulnerability in the Qualcomm camera could e ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8443 (Possible unauthorized memory access in the hypervisor. Incorrect confi ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8442 (Possible unauthorized memory access in the hypervisor. Lack of input v ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8441 (Possible buffer overflow in the hypervisor. Inappropriate usage of a s ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8440 (Possible buffer overflow in SMMU system call. Improper input validatio ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8439 (Possible buffer overflow in trust zone access control API. Buffer over ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8438 (Integer overflow leading to a TOCTOU condition in hypervisor PIL. An i ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8437 (Improper input validation in Access Control APIs. Access control API m ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8436 (An elevation of privilege vulnerability in the Qualcomm video driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8435 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8434 (An elevation of privilege vulnerability in the Qualcomm GPU driver cou ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8433 (An elevation of privilege vulnerability in the MediaTek driver could e ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-8432 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8431 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8430 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8429 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8428 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8427 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8426 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8425 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8424 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8423 (An elevation of privilege vulnerability in the Qualcomm bootloader cou ...)
	NOT-FOR-US: Qualcomm bootloader for Android
CVE-2016-8422 (An elevation of privilege vulnerability in the Qualcomm bootloader cou ...)
	NOT-FOR-US: Qualcomm bootloader for Android
CVE-2016-8421 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8420 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8419 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8418 (A remote code execution vulnerability in the Qualcomm crypto driver co ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8417 (An elevation of privilege vulnerability in the Qualcomm camera driver  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8416 (An information disclosure vulnerability in the Qualcomm video driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8415 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8414 (An information disclosure vulnerability in the Qualcomm Secure Executi ...)
	NOT-FOR-US: Qualcomm Secure Execution Environment Communicator
CVE-2016-8413 (An information disclosure vulnerability in the Qualcomm camera driver  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8412 (An elevation of privilege vulnerability in the Qualcomm camera could e ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8411 (Buffer overflow vulnerability while processing QMI QOS TLVs. Product:  ...)
	NOT-FOR-US: Android
CVE-2016-8410 (An information disclosure vulnerability in the Qualcomm sound driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8409 (An information disclosure vulnerability in the NVIDIA video driver cou ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-8408 (An information disclosure vulnerability in the NVIDIA video driver cou ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-8407 (An information disclosure vulnerability in kernel components including ...)
	- linux <not-affected> (Android-specific Linux components)
CVE-2016-8406 (An information disclosure vulnerability in kernel components including ...)
	- linux <not-affected> (Android-specific Linux components)
CVE-2016-8405 (An information disclosure vulnerability in kernel components including ...)
	{DSA-3791-1 DLA-833-1}
	- linux 4.9.6-1
	NOTE: Fixed by: https://git.kernel.org/linus/2dc705a9930b4806250fbf5a76e55266e59389f2
CVE-2016-8404 (An information disclosure vulnerability in kernel components including ...)
	- linux <not-affected> (Android-specific Linux components)
CVE-2016-8403 (An information disclosure vulnerability in kernel components including ...)
	- linux <not-affected> (Android-specific Linux components)
CVE-2016-8402 (An information disclosure vulnerability in kernel components including ...)
	- linux <not-affected> (Android-specific Linux components)
CVE-2016-8401 (An information disclosure vulnerability in kernel components including ...)
	- linux <not-affected> (Android-specific Linux components)
CVE-2016-8400 (An information disclosure vulnerability in the NVIDIA librm library (l ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-8399 (An elevation of privilege vulnerability in the kernel networking subsy ...)
	{DLA-772-1}
	- linux 4.8.15-1
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/0eab121ef8750a5c8637d51534d5e9143fb0633f
CVE-2016-8398 (Unauthenticated messages processed by the UE. Certain NAS messages are ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8397 (An information disclosure vulnerability in the NVIDIA video driver cou ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-8396 (An information disclosure vulnerability in the MediaTek video driver c ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2016-8395 (A denial of service vulnerability in the NVIDIA camera driver could en ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-8394 (An elevation of privilege vulnerability in the Synaptics touchscreen d ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-8393 (An elevation of privilege vulnerability in the Synaptics touchscreen d ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-8392 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8391 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-1000246
	RESERVED
CVE-2016-7979 (Ghostscript before 9.21 might allow remote attackers to bypass the SAF ...)
	{DSA-3691-1 DLA-674-1}
	- ghostscript 9.19~dfsg-3.1 (bug #839846)
	NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697190
	NOTE: Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697190#c0
	NOTE: Patch: https://git.ghostscript.com/?p=ghostpdl.git;h=875a0095f37626a721c7ff57d606a0f95af03913
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/05/7
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/05/19
CVE-2016-7978 (Use-after-free vulnerability in Ghostscript 9.20 might allow remote at ...)
	{DSA-3691-1 DLA-674-1}
	- ghostscript 9.19~dfsg-3.1 (bug #839845)
	NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697179
	NOTE: Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697179#c0
	NOTE: Patch: https://git.ghostscript.com/?p=ghostpdl.git;h=6f749c0c44e7b9e09737b9f29edf29925a34f0cf
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/05/7
CVE-2016-7977 (Ghostscript before 9.21 might allow remote attackers to bypass the SAF ...)
	{DSA-3691-1 DLA-674-1}
	- ghostscript 9.19~dfsg-3.1 (high; bug #839841)
	NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697169
	NOTE: Reproducer: https://www.openwall.com/lists/oss-security/2016/09/29/28
	NOTE: Patch: https://git.ghostscript.com/?p=ghostpdl.git;h=8abd22010eb4db0fb1b10e430d5f5d83e015ef70
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/05/7
CVE-2016-7976 (The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attacker ...)
	{DSA-3691-1 DLA-674-1}
	- ghostscript 9.19~dfsg-3.1 (high; bug #839260)
	NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697178
	NOTE: Reproducer: https://www.openwall.com/lists/oss-security/2016/09/30/8
	NOTE: Patch: https://git.ghostscript.com/?p=ghostpdl.git;h=6d444c273da5499a4cd72f21cb6d4c9a5256807d
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/05/7
CVE-2016-1000247 [mpg123 memory overread]
	{DLA-655-1}
	- mpg123 1.23.8-1 (low; bug #838960)
	[jessie] - mpg123 1.20.1-2+deb8u1
	NOTE: http://mpg123.org/bugs/240
CVE-2016-XXXX [nspr, nss: unprotected environment variables]
	- nspr 2:4.12-1 (low)
	[jessie] - nspr 2:4.12-1+debu8u1
	[wheezy] - nspr 2:4.12-1+deb7u1
	NOTE: Workaround entry for DSA-3687-1/DLA-676-1 until CVE is assigned
	- nss 2:3.23-1 (low)
	[jessie] - nss 2:3.26-1+debu8u1
	[wheezy] - nss 2:3.26-1+debu7u1
	NOTE: Workaround entry for DSA-3688-1/DLA-677-1 until CVE is assigned
	NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.22.1_release_notes
	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/10/02/4
CVE-2016-8390 (An exploitable out of bounds write vulnerability exists in the parsing ...)
	NOT-FOR-US: Hopper Disassembler
CVE-2016-8389 (An exploitable integer-overflow vulnerability exists within Iceni Argu ...)
	NOT-FOR-US: Iceni Argus
CVE-2016-8388 (An exploitable arbitrary heap-overwrite vulnerability exists within Ic ...)
	NOT-FOR-US: Iceni Argus
CVE-2016-8387 (An exploitable heap-based buffer overflow exists in Iceni Argus. When  ...)
	NOT-FOR-US: Iceni Argus
CVE-2016-8386 (An exploitable heap-based buffer overflow exists in Iceni Argus. When  ...)
	NOT-FOR-US: Iceni Argus
CVE-2016-8385 (An exploitable uninitialized variable vulnerability which leads to a s ...)
	NOT-FOR-US: Iceni Argus
CVE-2016-8384 (An exploitable heap corruption vulnerability exists in the DHFSummary  ...)
	NOT-FOR-US: AntennaHouse
CVE-2016-8383 (An exploitable heap corruption vulnerability exists in the Doc_GetFont ...)
	NOT-FOR-US: AntennaHouse
CVE-2016-8382 (An exploitable heap corruption vulnerability exists in the Doc_SetSumm ...)
	NOT-FOR-US: AntennaHouse
CVE-2016-8381
	REJECTED
CVE-2016-8380 (The web server in Phoenix Contact ILC PLCs allows access to read and w ...)
	NOT-FOR-US: web server in Phoenix Contact ILC PLCs
CVE-2016-8379 (An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 a ...)
	NOT-FOR-US: Moxa
CVE-2016-8378 (An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1. ...)
	NOT-FOR-US: Lynxspring
CVE-2016-8377 (An issue was discovered in Fatek Automation PLC WinProladder Version 3 ...)
	NOT-FOR-US: Fatek
CVE-2016-8376 (An issue was discovered in Kabona AB WebDatorCentral (WDC) application ...)
	NOT-FOR-US: Kabona AB WebDatorCentral
CVE-2016-8375 (An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8 ...)
	NOT-FOR-US: Alaris 8015 Point of Care
CVE-2016-8374 (An issue was discovered in Schneider Electric Magelis HMI Magelis GTO  ...)
	NOT-FOR-US: Schneider
CVE-2016-8373
	RESERVED
CVE-2016-8372 (An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 a ...)
	NOT-FOR-US: Moxa
CVE-2016-8371 (The web server in Phoenix Contact ILC PLCs can be accessed without aut ...)
	NOT-FOR-US: web server in Phoenix Contact ILC PLCs
CVE-2016-8370 (An issue was discovered in Mitsubishi Electric Automation MELSEC-Q ser ...)
	NOT-FOR-US: Mitsubishi
CVE-2016-8369 (An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1. ...)
	NOT-FOR-US: Lynxspring
CVE-2016-8368 (An issue was discovered in Mitsubishi Electric Automation MELSEC-Q ser ...)
	NOT-FOR-US: Mitsubishi
CVE-2016-8367 (An issue was discovered in Schneider Electric Magelis HMI Magelis GTO  ...)
	NOT-FOR-US: Schneider
CVE-2016-8366 (Webvisit in Phoenix Contact ILC PLCs offers a password macro to protec ...)
	NOT-FOR-US: Phoenix Contact ILC PLCs
CVE-2016-8365 (OSIsoft PI System software (Applications using PI Asset Framework (AF) ...)
	NOT-FOR-US: OSIsoft PI
CVE-2016-8364 (An issue was discovered in IBHsoftec S7-SoftPLC prior to 4.12b. Object ...)
	NOT-FOR-US: IBHsoftec
CVE-2016-8363 (An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/313 ...)
	NOT-FOR-US: Moxa
CVE-2016-8362 (An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/313 ...)
	NOT-FOR-US: Moxa
CVE-2016-8361 (An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1. ...)
	NOT-FOR-US: Lynxspring
CVE-2016-8360 (An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. ...)
	NOT-FOR-US: Moxa
CVE-2016-8359 (An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 a ...)
	NOT-FOR-US: Moxa
CVE-2016-8358 (An issue was discovered in Smiths-Medical CADD-Solis Medication Safety ...)
	NOT-FOR-US: Smiths-Medical
CVE-2016-8357 (An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1. ...)
	NOT-FOR-US: Lynxspring
CVE-2016-8356 (An issue was discovered in Kabona AB WebDatorCentral (WDC) application ...)
	NOT-FOR-US: Kabona
CVE-2016-8355 (An issue was discovered in Smiths-Medical CADD-Solis Medication Safety ...)
	NOT-FOR-US: Smiths-Medical
CVE-2016-8354 (An issue was discovered in Schneider Electric Unity PRO prior to V11.1 ...)
	NOT-FOR-US: Schneider
CVE-2016-8353 (An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). ...)
	NOT-FOR-US: OSISoft PI Web API
CVE-2016-8352 (An issue was discovered in Schneider Electric ConneXium firewalls TCSE ...)
	NOT-FOR-US: Schneider
CVE-2016-8351
	RESERVED
CVE-2016-8350 (An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 a ...)
	NOT-FOR-US: Moxa
CVE-2016-8349
	REJECTED
CVE-2016-8348 (An XML External Entity (XXE) issue was discovered in Emerson Liebert S ...)
	NOT-FOR-US: Emerson
CVE-2016-8347 (An issue was discovered in Kabona AB WebDatorCentral (WDC) application ...)
	NOT-FOR-US: Kabona
CVE-2016-8346 (An issue was discovered in Moxa EDR-810 Industrial Secure Router. By a ...)
	NOT-FOR-US: Moxa
CVE-2016-8345
	REJECTED
CVE-2016-8344 (An issue was discovered in Honeywell Experion Process Knowledge System ...)
	NOT-FOR-US: Honeywell
CVE-2016-8343 (Directory traversal vulnerability in INDAS Web SCADA before 3 allows r ...)
	NOT-FOR-US: INDAS Web SCADA
CVE-2016-8342
	REJECTED
CVE-2016-8341 (An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Eca ...)
	NOT-FOR-US: Ecava
CVE-2016-8340
	RESERVED
CVE-2016-8339 (A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code  ...)
	- redis 3:3.2.4-1
	[jessie] - redis <not-affected> (Vulnerable code introduced later)
	[wheezy] - redis <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0206/
	NOTE: CLIENT_MASTER introduced within 3.2-rc1
CVE-2016-8338
	REJECTED
CVE-2016-8337
	RESERVED
CVE-2016-8336
	RESERVED
CVE-2016-8335 (An exploitable stack based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Iceni Argus
CVE-2016-8334 (A large out-of-bounds read on the heap vulnerability in Foxit PDF Read ...)
	NOT-FOR-US: Foxit PDF
CVE-2016-8333 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Iceni Argus
CVE-2016-8332 (A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution wh ...)
	{DSA-3768-1}
	- openjpeg2 2.1.2-1
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0193/
	NOTE: https://github.com/uclouvain/openjpeg/pull/820
CVE-2016-8331 (An exploitable remote code execution vulnerability exists in the handl ...)
	{DLA-693-1}
	- tiff 4.0.6-3
	- tiff3 <removed>
	[jessie] - tiff 4.0.3-12.3+deb8u2
	[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0190/
	NOTE: thumbnail(1) was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
	NOTE: From the backtrace shared in the report, we can see that the crash is triggered though the thumbnail tool which has been dropped upstream.
CVE-2016-8330 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Solaris
CVE-2016-8329 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2016-8328 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-8 <not-affected> (specific to Oracle Java)
CVE-2016-8327 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 5.6.35-1 (bug #851234)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2016-8326
	RESERVED
CVE-2016-8325 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-8324 (Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle  ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8323 (Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle  ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8322 (Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle  ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8321
	REJECTED
CVE-2016-8320 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral  ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8319 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8318 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 5.6.35-1 (bug #851234)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2016-8317 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8316 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8315 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8314 (Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle  ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8313 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8312 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8311 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8310 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8309 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8308 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8307 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8306 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8305 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8304 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8303 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8302 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8301 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8300 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8299 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8298 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8297 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8296 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-8295 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component i ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-8294 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-8293 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-8292 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component i ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-8291 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-8290 (Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows re ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-8289 (Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows lo ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-8288 (Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.1 ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2016-8287 (Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows re ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-8286 (Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows re ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-8285 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component i ...)
	NOT-FOR-US: Oracle
CVE-2016-8284 (Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.1 ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2016-8283 (Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 a ...)
	{DSA-3711-1}
	- mariadb-10.0 10.0.28-1
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.52-0+deb8u1
	[wheezy] - mysql-5.5 5.5.52-0+deb7u1
	NOTE: Fixed in MariaDB 5.5.52, MariaDB 10.1.18, MariaDB 10.0.28
CVE-2016-8282 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8281 (Unspecified vulnerability in the Oracle Platform Security for Java com ...)
	NOT-FOR-US: Oracle
CVE-2016-1000244
	RESERVED
CVE-2016-1000243
	RESERVED
CVE-2016-7553 (The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permiss ...)
	{DLA-722-1}
	- irssi 0.8.20-2 (bug #838762)
	[jessie] - irssi 0.8.17-1+deb8u2
	NOTE: Fixed by: https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a
	NOTE: https://irssi.org/2016/09/22/buf.pl-update/
	NOTE: https://www.openwall.com/lists/oss-security/2016/09/24/1
CVE-2016-1000242
	RESERVED
CVE-2016-1000241
	RESERVED
CVE-2016-1000240
	RESERVED
CVE-2016-1000239
	RESERVED
CVE-2016-1000238
	RESERVED
CVE-2016-1000237 (sanitize-html before 1.4.3 has XSS. ...)
	NOT-FOR-US: sanitize-html
CVE-2016-1000236 (Node-cookie-signature before 1.0.6 is affected by a timing attack due  ...)
	- node-cookie-signature 1.1.0-1 (unimportant; bug #838618)
	NOTE: https://nodesecurity.io/advisories/134
	NOTE: https://github.com/tj/node-cookie-signature/commit/39791081692e9e14aa62855369e1c7f80fbfd50e
	NOTE: nodejs not covered by security support
CVE-2016-1000235
	RESERVED
CVE-2016-1000234
	RESERVED
CVE-2016-1000233
	RESERVED
CVE-2016-1000232 (NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsin ...)
	NOT-FOR-US: nodejs tough-cookie
	NOTE: https://nodesecurity.io/advisories/130
CVE-2016-1000231
	RESERVED
CVE-2016-1000230
	RESERVED
CVE-2016-1000229 (swagger-ui has XSS in key names ...)
	NOT-FOR-US: nodejs swagger-ui
	NOTE: https://github.com/swagger-api/swagger-ui/issues/1865
CVE-2016-1000228
	RESERVED
CVE-2016-1000227
	RESERVED
CVE-2016-1000226
	RESERVED
CVE-2016-1000225
	RESERVED
CVE-2016-1000224
	RESERVED
CVE-2016-1000223
	RESERVED
CVE-2016-1000031 (Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation  ...)
	- libcommons-fileupload-java <unfixed> (unimportant)
	NOTE: https://www.tenable.com/security/research/tra-2016-12
	NOTE: Marked as unimportant since even though the CVE is assigned for Apache Commons FileUpload
	NOTE: Apache say that issue needs to be fixed in any vendor/product using Apache Commons FileUpload
	NOTE: DiskFileItem as described in the given advisory.
	NOTE: Thus we are not going to diverge from Apache upstream here.
CVE-2016-7466 (Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU ...)
	- qemu 1:2.7+dfsg-1 (bug #838687)
	[jessie] - qemu <not-affected> (Vulnerable code not present. Introduced in 2.2.x)
	[wheezy] - qemu <no-dsa> (Minor issue, needs qemu monitor access to unplug nec-xhci controller)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Minor issue, needs qemu monitor access to unplug nec-xhci controller)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg02773.html
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=b53dd4495ced2432a0b652ea895e651d07336f7e
	NOTE: The usb_xhci_exit and thus the patched code was introduced in:
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=53c30545fb34c43c84d62ea1c2b0dc6b53303c34 (v2.2.0-rc0)
	NOTE: https://www.openwall.com/lists/oss-security/2016/09/19/8
CVE-2016-8280 (Directory traversal vulnerability in Huawei eSight before V300R003C20S ...)
	NOT-FOR-US: Huawei eSight UMS
CVE-2016-8279 (The video driver in Huawei Mate S smartphones with software CRR-TL00 b ...)
	NOT-FOR-US: Huawei
CVE-2016-8278 (Huawei USG9520, USG9560, and USG9580 unified security gateways with so ...)
	NOT-FOR-US: Huawei Firewalls
CVE-2016-8277 (Huawei USG9520, USG9560, and USG9580 unified security gateways with so ...)
	NOT-FOR-US: Huawei Firewalls
CVE-2016-8276 (Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) m ...)
	NOT-FOR-US: Huawei
CVE-2016-8275 (Huawei AnyOffice V200R006C00 could allow an authenticated, remote atta ...)
	NOT-FOR-US: Huawei
CVE-2016-8274 (Huawei PC client software HiSuite 4.0.5.300_OVE has a dynamic link lib ...)
	NOT-FOR-US: Huawei
CVE-2016-8273 (Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for ...)
	NOT-FOR-US: Huawei
CVE-2016-8272 (Huawei PC client software HiSuite 4.0.5.300_OVE has an information lea ...)
	NOT-FOR-US: Huawei
CVE-2016-8271 (Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an infor ...)
	NOT-FOR-US: Huawei
CVE-2016-8270
	REJECTED
CVE-2016-8269
	REJECTED
CVE-2016-8268
	REJECTED
CVE-2016-8267
	REJECTED
CVE-2016-8266
	REJECTED
CVE-2016-8265
	REJECTED
CVE-2016-8264
	REJECTED
CVE-2016-8263
	REJECTED
CVE-2016-8262
	REJECTED
CVE-2016-8261
	REJECTED
CVE-2016-8260
	REJECTED
CVE-2016-8259
	REJECTED
CVE-2016-8258
	REJECTED
CVE-2016-8257
	REJECTED
CVE-2016-8256
	REJECTED
CVE-2016-8255
	REJECTED
CVE-2016-8254
	REJECTED
CVE-2016-8253
	REJECTED
CVE-2016-8252
	REJECTED
CVE-2016-8251
	REJECTED
CVE-2016-8250
	REJECTED
CVE-2016-8249
	REJECTED
CVE-2016-8248
	REJECTED
CVE-2016-8247
	REJECTED
CVE-2016-8246
	REJECTED
CVE-2016-8245
	REJECTED
CVE-2016-8244
	REJECTED
CVE-2016-8243
	REJECTED
CVE-2016-8242
	REJECTED
CVE-2016-8241
	REJECTED
CVE-2016-8240
	REJECTED
CVE-2016-8239
	REJECTED
CVE-2016-8238
	REJECTED
CVE-2016-8237 (Remote code execution in Lenovo Updates (not Lenovo System Update) all ...)
	NOT-FOR-US: Lenovo
CVE-2016-8236 (Reset to default settings may occur in Lenovo ThinkServer TSM RD350, R ...)
	NOT-FOR-US: Lenovo
CVE-2016-8235 (Privilege escalation in Lenovo Customer Care Software Development Kit  ...)
	NOT-FOR-US: Lenovo
CVE-2016-8234
	REJECTED
CVE-2016-8233 (Log files generated by Lenovo XClarity Administrator (LXCA) versions e ...)
	NOT-FOR-US: Lenovo
CVE-2016-8232 (Document Object Model-(DOM) based cross-site scripting vulnerability i ...)
	NOT-FOR-US: Lenovo
CVE-2016-8231 (In Lenovo Service Bridge before version 4, a bug found in the signatur ...)
	NOT-FOR-US: Lenovo
CVE-2016-8230 (In Lenovo Service Bridge before version 4, an insecure HTTP connection ...)
	NOT-FOR-US: Lenovo
CVE-2016-8229 (A cross-site request forgery vulnerability in Lenovo Service Bridge be ...)
	NOT-FOR-US: Lenovo
CVE-2016-8228 (In Lenovo Service Bridge before version 4, a user with local privilege ...)
	NOT-FOR-US: Lenovo
CVE-2016-8227 (Privilege escalation vulnerability in Lenovo Transition application us ...)
	NOT-FOR-US: Lenovo
CVE-2016-8226 (The BIOS in Lenovo System X M5, M6, and X6 systems allows administrato ...)
	NOT-FOR-US: Lenovo
CVE-2016-8225 (Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB ...)
	NOT-FOR-US: Lenovo
CVE-2016-8224 (A vulnerability has been identified in some Lenovo Notebook and ThinkS ...)
	NOT-FOR-US: Lenovo
CVE-2016-8223 (During an internal security review, Lenovo identified a local privileg ...)
	NOT-FOR-US: Lenovo
CVE-2016-8222 (A vulnerability has been identified in a signed kernel driver for the  ...)
	NOT-FOR-US: Lenovo
CVE-2016-8221 (Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2 ...)
	NOT-FOR-US: Lenovo
CVE-2016-7423 (The mptsas_process_scsi_io_request function in QEMU (aka Quick Emulato ...)
	- qemu 1:2.7+dfsg-1 (bug #838145)
	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
	- qemu-kvm <not-affected> (Vulnerable code introduced later)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03604.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1376776
	NOTE: https://www.openwall.com/lists/oss-security/2016/09/16/5
	NOTE: LSI SAS1068 (mptsas) device support added in
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=e351b82611293683c4cabe4b69b7552bde5d4e2a (v2.6.0-rc0)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=670e56d3ed2918b3861d9216f2c0540d9e9ae0d5
CVE-2016-7422 (The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Qui ...)
	- qemu 1:2.7+dfsg-1 (bug #838146)
	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
	- qemu-kvm <not-affected> (Vulnerable code introduced later)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03546.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1376755
	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=3b3b0628217e2726069990ff9942a5d6d9816bd7 (v2.6.0-rc0)
	NOTE: https://www.openwall.com/lists/oss-security/2016/09/16/4
CVE-2016-7421 (The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU ...)
	{DLA-1599-1}
	- qemu 1:2.7+dfsg-1 (bug #838147)
	[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after 1.5)
	- qemu-kvm <not-affected> (Vulnerable code not present, introduced after 1.5)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03609.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1376731
	NOTE: https://www.openwall.com/lists/oss-security/2016/09/16/3
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=d251157ac1928191af851d199a9ff255d330bec9
CVE-2016-8220 (Pivotal Gemfire for PCF, versions 1.6.x prior to 1.6.5.0 and 1.7.x pri ...)
	NOT-FOR-US: Pivotal
CVE-2016-8219 (An issue was discovered in Cloud Foundry Foundation cf-release version ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-8218 (An issue was discovered in Cloud Foundry Foundation routing-release ve ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-8217 (EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing At ...)
	NOT-FOR-US: EMC RSA
CVE-2016-8216 (EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS ...)
	NOT-FOR-US: EMC
CVE-2016-8215 (EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for a Refl ...)
	NOT-FOR-US: RSA Security Analytics
CVE-2016-8214 (EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions  ...)
	NOT-FOR-US: EMC Avamar
CVE-2016-8213 (EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, pri ...)
	NOT-FOR-US: EMC Documentum
CVE-2016-8212 (An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6. ...)
	NOT-FOR-US: EMC RSA
CVE-2016-8211 (EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EM ...)
	NOT-FOR-US: EMC Data Protection Advisor
CVE-2016-8210
	RESERVED
CVE-2016-8209 (Improper checks for unusual or exceptional conditions in Brocade NetIr ...)
	NOT-FOR-US: Brocade
CVE-2016-8208
	RESERVED
CVE-2016-8207 (A Directory Traversal vulnerability in CliMonitorReportServlet in the  ...)
	NOT-FOR-US: Brocade Network Advisor
CVE-2016-8206 (A Directory Traversal vulnerability in servlet SoftwareImageUpload in  ...)
	NOT-FOR-US: Brocade Network Advisor
CVE-2016-8205 (A Directory Traversal vulnerability in DashboardFileReceiveServlet in  ...)
	NOT-FOR-US: Brocade Network Advisor
CVE-2016-8204 (A Directory Traversal vulnerability in FileReceiveServlet in the Broca ...)
	NOT-FOR-US: Brocade Network Advisor
CVE-2016-8203 (A memory corruption in the IPsec code path of Brocade NetIron OS on Br ...)
	NOT-FOR-US: Brocade
CVE-2016-8202 (A privilege escalation vulnerability in Brocade Fibre Channel SAN prod ...)
	NOT-FOR-US: Brocade
CVE-2016-8201 (A CSRF vulnerability in Brocade Virtual Traffic Manager versions relea ...)
	NOT-FOR-US: Brocade
CVE-2016-7444 (The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS b ...)
	- gnutls28 3.5.3-4
	[jessie] - gnutls28 3.3.8-6+deb8u4
	NOTE: https://gnutls.org/security.html#GNUTLS-SA-2016-3
	NOTE: http://lists.gnutls.org/pipermail/gnutls-devel/2016-September/008146.html
	NOTE: Upstream fix: https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1374266
	NOTE: https://www.openwall.com/lists/oss-security/2016/09/18/3
CVE-2016-8200
	RESERVED
CVE-2016-8199
	RESERVED
CVE-2016-8198
	RESERVED
CVE-2016-8197
	RESERVED
CVE-2016-8196
	RESERVED
CVE-2016-8195
	RESERVED
CVE-2016-8194
	RESERVED
CVE-2016-8193
	RESERVED
CVE-2016-8192
	RESERVED
CVE-2016-8191
	RESERVED
CVE-2016-8190
	RESERVED
CVE-2016-8189
	RESERVED
CVE-2016-8188
	RESERVED
CVE-2016-8187
	RESERVED
CVE-2016-8186
	RESERVED
CVE-2016-8185
	RESERVED
CVE-2016-8184
	RESERVED
CVE-2016-8183
	RESERVED
CVE-2016-8182
	RESERVED
CVE-2016-8181
	RESERVED
CVE-2016-8180
	RESERVED
CVE-2016-8179
	RESERVED
CVE-2016-8178
	RESERVED
CVE-2016-8177
	RESERVED
CVE-2016-8176
	RESERVED
CVE-2016-8175
	RESERVED
CVE-2016-8174
	RESERVED
CVE-2016-8173
	RESERVED
CVE-2016-8172
	RESERVED
CVE-2016-8171
	RESERVED
CVE-2016-8170
	RESERVED
CVE-2016-8169
	RESERVED
CVE-2016-8168
	RESERVED
CVE-2016-8167
	RESERVED
CVE-2016-8166
	RESERVED
CVE-2016-8165
	RESERVED
CVE-2016-8164
	RESERVED
CVE-2016-8163
	RESERVED
CVE-2016-8162
	RESERVED
CVE-2016-8161
	RESERVED
CVE-2016-8160
	RESERVED
CVE-2016-8159
	RESERVED
CVE-2016-8158
	RESERVED
CVE-2016-8157
	RESERVED
CVE-2016-8156
	RESERVED
CVE-2016-8155
	RESERVED
CVE-2016-8154
	RESERVED
CVE-2016-8153
	RESERVED
CVE-2016-8152
	RESERVED
CVE-2016-8151
	RESERVED
CVE-2016-8150
	RESERVED
CVE-2016-8149
	RESERVED
CVE-2016-8148
	RESERVED
CVE-2016-8147
	RESERVED
CVE-2016-8146
	RESERVED
CVE-2016-8145
	RESERVED
CVE-2016-8144
	RESERVED
CVE-2016-8143
	RESERVED
CVE-2016-8142
	RESERVED
CVE-2016-8141
	RESERVED
CVE-2016-8140
	RESERVED
CVE-2016-8139
	RESERVED
CVE-2016-8138
	RESERVED
CVE-2016-8137
	RESERVED
CVE-2016-8136
	RESERVED
CVE-2016-8135
	RESERVED
CVE-2016-8134
	RESERVED
CVE-2016-8133
	RESERVED
CVE-2016-8132
	RESERVED
CVE-2016-8131
	RESERVED
CVE-2016-8130
	RESERVED
CVE-2016-8129
	RESERVED
CVE-2016-8128
	RESERVED
CVE-2016-8127
	RESERVED
CVE-2016-8126
	RESERVED
CVE-2016-8125
	RESERVED
CVE-2016-8124
	RESERVED
CVE-2016-8123
	RESERVED
CVE-2016-8122
	RESERVED
CVE-2016-8121
	RESERVED
CVE-2016-8120
	RESERVED
CVE-2016-8119
	RESERVED
CVE-2016-8118
	RESERVED
CVE-2016-8117
	RESERVED
CVE-2016-8116
	RESERVED
CVE-2016-8115
	RESERVED
CVE-2016-8114
	RESERVED
CVE-2016-8113
	RESERVED
CVE-2016-8112
	RESERVED
CVE-2016-8111
	RESERVED
CVE-2016-8110
	RESERVED
CVE-2016-8109
	RESERVED
CVE-2016-8108
	RESERVED
CVE-2016-8107
	RESERVED
CVE-2016-8106 (A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non ...)
	NOT-FOR-US: Intel driver
CVE-2016-8105 (Drivers for the Intel Ethernet Controller X710 and Intel Ethernet Cont ...)
	NOT-FOR-US: Intel driver
CVE-2016-8104 (Buffer overflow in Intel PROSet/Wireless Software and Drivers in versi ...)
	NOT-FOR-US: Intel driver
CVE-2016-8103 (SMM call out in all Intel Branded NUC Kits allows a local privileged u ...)
	NOT-FOR-US: Intel driver
CVE-2016-8102 (Unquoted service path vulnerability in Intel Wireless Bluetooth Driver ...)
	NOT-FOR-US: Intel driver
CVE-2016-8101 (The updater subsystem in Intel SSD Toolbox before 3.3.7 allows local u ...)
	NOT-FOR-US: Intel SSD Toolbox
CVE-2016-8100 (Intel Integrated Performance Primitives (aka IPP) Cryptography before  ...)
	NOT-FOR-US: Intel
CVE-2016-8099
	REJECTED
CVE-2016-8098
	REJECTED
CVE-2016-8097
	REJECTED
CVE-2016-8096
	REJECTED
CVE-2016-8095
	REJECTED
CVE-2016-8094
	REJECTED
CVE-2016-8093
	REJECTED
CVE-2016-8092
	REJECTED
CVE-2016-8091
	REJECTED
CVE-2016-8090
	REJECTED
CVE-2016-8089
	REJECTED
CVE-2016-8088
	REJECTED
CVE-2016-8087
	REJECTED
CVE-2016-8086
	REJECTED
CVE-2016-8085
	REJECTED
CVE-2016-8084
	REJECTED
CVE-2016-8083
	REJECTED
CVE-2016-8082
	REJECTED
CVE-2016-8081
	REJECTED
CVE-2016-8080
	REJECTED
CVE-2016-8079
	REJECTED
CVE-2016-8078
	REJECTED
CVE-2016-8077
	REJECTED
CVE-2016-8076
	REJECTED
CVE-2016-8075
	REJECTED
CVE-2016-8074
	REJECTED
CVE-2016-8073
	REJECTED
CVE-2016-8072
	REJECTED
CVE-2016-8071
	REJECTED
CVE-2016-8070
	REJECTED
CVE-2016-8069
	REJECTED
CVE-2016-8068
	REJECTED
CVE-2016-8067
	REJECTED
CVE-2016-8066
	REJECTED
CVE-2016-8065
	REJECTED
CVE-2016-8064
	REJECTED
CVE-2016-8063
	REJECTED
CVE-2016-8062
	REJECTED
CVE-2016-8061
	REJECTED
CVE-2016-8060
	REJECTED
CVE-2016-8059
	REJECTED
CVE-2016-8058
	REJECTED
CVE-2016-8057
	REJECTED
CVE-2016-8056
	REJECTED
CVE-2016-8055
	REJECTED
CVE-2016-8054
	REJECTED
CVE-2016-8053
	REJECTED
CVE-2016-8052
	REJECTED
CVE-2016-8051
	REJECTED
CVE-2016-8050
	REJECTED
CVE-2016-8049
	RESERVED
CVE-2016-8048
	RESERVED
CVE-2016-8047
	RESERVED
CVE-2016-8046
	RESERVED
CVE-2016-8045
	RESERVED
CVE-2016-8044
	RESERVED
CVE-2016-8043
	RESERVED
CVE-2016-8042
	RESERVED
CVE-2016-8041
	RESERVED
CVE-2016-8040
	RESERVED
CVE-2016-8039
	REJECTED
CVE-2016-8038
	REJECTED
CVE-2016-8037
	REJECTED
CVE-2016-8036
	REJECTED
CVE-2016-8035
	REJECTED
CVE-2016-8034
	REJECTED
CVE-2016-8033
	REJECTED
CVE-2016-8032 (Software Integrity Attacks vulnerability in Intel Security Anti-Virus  ...)
	NOT-FOR-US: Intel Security Anti-Virus
CVE-2016-8031 (Software Integrity Attacks vulnerability in Intel Security Anti-Virus  ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8030 (A memory corruption vulnerability in Scriptscan COM Object in McAfee V ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8029
	REJECTED
CVE-2016-8028
	RESERVED
CVE-2016-8027 (SQL injection vulnerability in core services in Intel Security McAfee  ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8026 (Arbitrary command execution vulnerability in Intel Security McAfee Sec ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8025 (SQL injection vulnerability in Intel Security VirusScan Enterprise Lin ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8024 (Improper neutralization of CRLF sequences in HTTP headers vulnerabilit ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8023 (Authentication bypass by assumed-immutable data vulnerability in Intel ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8022 (Authentication bypass by spoofing vulnerability in Intel Security Viru ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8021 (Improper verification of cryptographic signature vulnerability in Inte ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8020 (Improper control of generation of code vulnerability in Intel Security ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8019 (Cross-site scripting (XSS) vulnerability in attributes in Intel Securi ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8018 (Cross-site request forgery (CSRF) vulnerability in Intel Security Viru ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8017 (Special element injection vulnerability in Intel Security VirusScan En ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8016 (Information exposure in Intel Security VirusScan Enterprise Linux (VSE ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8015
	RESERVED
CVE-2016-8014
	RESERVED
CVE-2016-8013
	RESERVED
CVE-2016-8012 (Access control vulnerability in Intel Security Data Loss Prevention En ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8011 (Cross-site scripting vulnerability in Intel Security McAfee Endpoint S ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8010 (Application protections bypass vulnerability in Intel Security McAfee  ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8009 (Privilege escalation vulnerability in Intel Security McAfee Applicatio ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8008 (Privilege escalation vulnerability in Windows 7 and Windows 10 in McAf ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8007 (Authentication bypass vulnerability in McAfee Host Intrusion Preventio ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8006 (Authentication bypass vulnerability in Enterprise Security Manager (ES ...)
	NOT-FOR-US: Intel Security McAfee Security Information and Event Management
CVE-2016-8005 (File extension filtering vulnerability in Intel Security McAfee Email  ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8004
	RESERVED
CVE-2016-8003
	RESERVED
CVE-2016-8002
	REJECTED
CVE-2016-8001
	RESERVED
CVE-2016-7999 (ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote at ...)
	{DLA-695-1}
	- spip 3.1.3-1
	[jessie] - spip 3.0.17-2+deb8u3
	NOTE: http://seclists.org/fulldisclosure/2016/Oct/78
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23180 (master)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23182 (3.1)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23184 (3.0)
	NOTE: reproducible in Wheezy (2.1.17-1+deb7u5) and Jessie (3.0.17-2+deb8u2)
CVE-2016-7998 (The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows r ...)
	{DLA-695-1}
	- spip 3.1.3-1
	[jessie] - spip 3.0.17-2+deb8u3
	NOTE: http://seclists.org/fulldisclosure/2016/Oct/76
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23186 (master)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23189 (3.1)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23192 (3.0)
	NOTE: reproducible in Jessie (3.0.17-2+deb8u2)
CVE-2016-7997 (The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remo ...)
	{DSA-3746-1 DLA-683-1}
	- graphicsmagick 1.3.25-4
	NOTE: patch for this and CVE-2016-7996 at: http://openwall.com/lists/oss-security/2016/10/07/4
CVE-2016-7996 (Heap-based buffer overflow in the WPG format reader in GraphicsMagick  ...)
	{DSA-3746-1 DLA-683-1}
	- graphicsmagick 1.3.21-2
	NOTE: The patch addressing CVE-2016-7996 applied is in 1.3.25-4, but in
	NOTE: the experimental upload 1.3.20-4 and later uploaded to unstable as
	NOTE: 1.3.21-2 the build is done with --with-quantum-depth=16 switching
	NOTE: away from the default with QuantumDepth=8
	NOTE: patch for this and CVE-2016-7997 at: http://openwall.com/lists/oss-security/2016/10/07/4
CVE-2016-7995 (Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in Q ...)
	- qemu 1:2.8+dfsg-1 (bug #840236)
	[jessie] - qemu <not-affected> (Vulnerable code introduced in v2.6.0-rc0)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced in v2.6.0-rc0)
	- qemu-kvm <not-affected> (Vulnerable code introduced in v2.6.0-rc0)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg06609.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1382668
	NOTE: Vulnerable code introduced in 49d925ce50383a286278143c05511d30ec41a36e
	NOTE: Though this commit fixed an OOB read access issue which might need
	NOTE: potentially a new separate CVE id if it does not have one yet.
CVE-2016-7994 (Memory leak in the virtio_gpu_resource_create_2d function in hw/displa ...)
	- qemu 1:2.8+dfsg-1 (bug #840228)
	[jessie] - qemu <not-affected> (Vulnerable code introduced in 2.4.0-rc0)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced in 2.4.0-rc0)
	- qemu-kvm <not-affected> (Vulnerable code introduced in 2.4.0-rc0)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg04129.html
CVE-2016-7993 (A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could caus ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7992 (The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer  ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7991 (On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores secur ...)
	NOT-FOR-US: Samsung
CVE-2016-7990 (On Samsung Galaxy S4 through S7 devices, an integer overflow condition ...)
	NOT-FOR-US: Samsung
CVE-2016-7989 (On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS  ...)
	NOT-FOR-US: Samsung
CVE-2016-7988 (On Samsung Galaxy S4 through S7 devices, absence of permissions on the ...)
	NOT-FOR-US: Samsung
CVE-2016-7987 (An issue was discovered in Siemens ETA4 firmware (all versions prior t ...)
	NOT-FOR-US: Siemens
CVE-2016-7986 (The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7985 (The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in  ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7984 (The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7983 (The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in prin ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7982 (Directory traversal vulnerability in ecrire/exec/valider_xml.php in SP ...)
	{DLA-695-1}
	- spip 3.1.3-1
	[jessie] - spip 3.0.17-2+deb8u3
	NOTE: http://seclists.org/fulldisclosure/2016/Oct/73
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23180 (master)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23182 (3.1)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23184 (3.0)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23185 (master)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23188 (3.1)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23191 (3.0)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23187 (master)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23190 (3.1)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23193 (3.0)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23200 (master)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23201 (3.1)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23202 (3.0)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23206 (master)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23207 (3.1)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23208 (3.0)
	NOTE: reproducible in Wheezy (2.1.17-1+deb7u5) and Jessie (3.0.17-2+deb8u2)
CVE-2016-7981 (Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3. ...)
	{DLA-695-1}
	- spip 3.1.3-1
	[jessie] - spip 3.0.17-2+deb8u3
	NOTE: http://seclists.org/fulldisclosure/2016/Oct/68
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23200 (master)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23201 (3.1.x)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23202 (3.0.x)
	NOTE: reproducible in Wheezy (2.1.17-1+deb7u5) and Jessie (3.0.17-2+deb8u2)
CVE-2016-7980 (Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider ...)
	{DLA-695-1}
	- spip 3.1.3-1
	[jessie] - spip 3.0.17-2+deb8u3
	NOTE: http://seclists.org/fulldisclosure/2016/Oct/67
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23200 (master)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23201 (3.1)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23202 (3.0)
	NOTE: reproducible in Wheezy (2.1.17-1+deb7u5) and Jessie (3.0.17-2+deb8u2)
CVE-2016-7975 (The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print- ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7974 (The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-i ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7973 (The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in  ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7972 (The check_allocations function in libass/ass_shaper.c in libass before ...)
	{DLA-668-1}
	- libass 0.13.4-1
	[jessie] - libass <no-dsa> (Minor issue)
	NOTE: https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b
CVE-2016-7971
	REJECTED
CVE-2016-7970 (Buffer overflow in the calc_coeff function in libass/ass_blur.c in lib ...)
	- libass 0.13.4-1
	[jessie] - libass <not-affected> (Vulnerable code introduced later)
	[wheezy] - libass <not-affected> (Vulnerable code first introduced in July 2015)
	NOTE: Fixed by: https://github.com/libass/libass/pull/240/commits/08e754612019ed84d1db0d1fc4f5798248decd75
	NOTE: Vulnerable function calc_coeff introduced in: https://github.com/libass/libass/commit/d787615845d78d8f8e6d1a4ffc3dc3eecd8a92f6 (0.13.0)
CVE-2016-7969 (The wrap_lines_smart function in ass_render.c in libass before 0.13.4  ...)
	{DLA-668-1}
	- libass 0.13.4-1
	[jessie] - libass <no-dsa> (Minor issue)
	NOTE: https://github.com/libass/libass/pull/240/commits/b72b283b936a600c730e00875d7d067bded3fc26
CVE-2016-7968 (KMail since version 5.3.0 used a QWebEngine based viewer that had Java ...)
	- kf5-messagelib <not-affected> (Doesn't use qtwebengine, see bug #853241)
	NOTE: https://www.kde.org/info/security/advisory-20161006-3.txt
	NOTE: Would by fixed by: https://github.com/KDE/messagelib/commit/f601f9ffb706f7d3a5893b04f067a1f75da62c99
	NOTE: and building with Qt 5.7.0.
	NOTE: Following patches partly sanitize mails but still make it possible to inject code:
	NOTE: https://github.com/KDE/messagelib/commit/3503b75e9c79c3861e182588a0737baf165abd23 (v16.08.2)
	NOTE: https://github.com/KDE/messagelib/commit/a8744798dfdf8e41dd6a378e48662c66302b0019 (v16.08.2)
	NOTE: https://github.com/KDE/messagelib/commit/77976584a4ed2797437a2423704abdd7ece7834a (v16.08.2)
	NOTE: https://github.com/KDE/messagelib/commit/fb1be09360c812d24355076da544030a67b736fc (v16.08.2)
	NOTE: https://github.com/KDE/messagelib/commit/0402c17a8ead92188971cb604d905b3072d56a73 (v16.08.2)
	NOTE: The issue is mitigated with the fixes applied for CVE-2016-7966, and a
	NOTE: user protected from this CVE by only viewing plain text mails.
CVE-2016-7967 (KMail since version 5.3.0 used a QWebEngine based viewer that had Java ...)
	- kf5-messagelib <not-affected> (Doesn't use qtwebengine, see bug #853241)
	NOTE: https://www.kde.org/info/security/advisory-20161006-2.txt
	NOTE: Fixed by: https://github.com/KDE/messagelib/commit/dfc6a86f1b25f1da04b8f1df5320fcdd7085bcc1 (16.11.80)
	NOTE: The issue is mitigated with the fixes applied for CVE-2016-7966, and a
	NOTE: user protected from this CVE by only viewing plain text mails.
CVE-2016-7966 (Through a malicious URL that contained a quote character it was possib ...)
	{DSA-3697-1 DLA-673-1}
	- kdepimlibs 4:4.14.10-7 (bug #840546)
	- kcoreaddons 5.26.0-3 (bug #840547)
	NOTE: https://www.kde.org/info/security/advisory-20161006-1.txt
CVE-2016-7965 (DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the ...)
	- dokuwiki <unfixed> (bug #844732; unimportant)
	NOTE: https://github.com/splitbrain/dokuwiki/issues/1709
	NOTE: Can be adresesd by properly configure dokuwiki as per
	NOTE: https://github.com/splitbrain/dokuwiki/issues/1709#issuecomment-262337572
CVE-2016-7964 (The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php ...)
	- dokuwiki <unfixed> (low; bug #844731)
	[buster] - dokuwiki <ignored> (Minor issue)
	[jessie] - dokuwiki <no-dsa> (Minor issue)
	[wheezy] - dokuwiki <no-dsa> (Minor issue)
	NOTE: https://github.com/splitbrain/dokuwiki/issues/1708
CVE-2016-7963
	RESERVED
CVE-2016-7962
	RESERVED
CVE-2016-7961
	RESERVED
CVE-2016-7960 (Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format  ...)
	NOT-FOR-US: Siemens
CVE-2016-7959 (Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-sh ...)
	NOT-FOR-US: Siemens
CVE-2016-7958 (In Wireshark 2.2.0, the NCP dissector could crash, triggered by packet ...)
	- wireshark 2.2.1+ga6fbd27-1
	[jessie] - wireshark <not-affected> (Introduced with "Add checkAPI calls to CMake")
	[wheezy] - wireshark <not-affected> (Introduced with "Add checkAPI calls to CMake")
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12945
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=67597cb2457fb843fa97d3f2c87b82dad6f0de07
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-57.html
CVE-2016-7957 (In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, trigger ...)
	- wireshark 2.2.1+ga6fbd27-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12825
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=355b56b1c6c545072ac0c1225730b526c6749f0a
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-56.html
CVE-2016-7956
	RESERVED
CVE-2016-7955 (The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, ...)
	NOT-FOR-US: AlienVault OSSIM
CVE-2016-7954 (Bundler 1.x might allow remote attackers to inject arbitrary Ruby code ...)
	- bundler 2.1.4-1 (bug #842504)
	[buster] - bundler <ignored> (Minor issue, too intrusive to backport)
	[stretch] - bundler <ignored> (Minor issue, too intrusive to backport)
	[jessie] - bundler <ignored> (Minor issue, too intrusive to backport)
	[wheezy] - bundler <no-dsa> (Minor issue, too intrusive to backport)
	NOTE: https://www.openwall.com/lists/oss-security/2016/10/04/5
	NOTE: There is no plan from upstream to address this for bundler 1.x
	NOTE: due to lockfile format.
CVE-2016-7953 (Buffer underflow in X.org libXvMC before 1.0.10 allows remote X server ...)
	{DLA-671-1}
	- libxvmc 2:1.0.10-1 (low; bug #840445)
	[jessie] - libxvmc 2:1.0.8-2+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXvMC/commit/?id=2cd95e7da8367cccdcdd5c9b160012d1dec5cbdb
CVE-2016-7952 (X.org libXtst before 1.2.3 allows remote X servers to cause a denial o ...)
	{DLA-686-1}
	- libxtst 2:1.2.3-1 (low; bug #840444)
	[jessie] - libxtst 2:1.2.2-1+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af3129ec4a7a4f4b54a0d59701beeae3
CVE-2016-7951 (Multiple integer overflows in X.org libXtst before 1.2.3 allow remote  ...)
	{DLA-686-1}
	- libxtst 2:1.2.3-1 (low; bug #840444)
	[jessie] - libxtst 2:1.2.2-1+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af3129ec4a7a4f4b54a0d59701beeae3
CVE-2016-7950 (The XRenderQueryFilters function in X.org libXrender before 0.9.10 all ...)
	{DLA-664-1}
	- libxrender 1:0.9.10-1 (low; bug #840443)
	[jessie] - libxrender <no-dsa> (Minor issue, will be fixed in a point release)
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=8fad00b0b647ee662ce4737ca15be033b7a21714
CVE-2016-7949 (Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEn ...)
	{DLA-664-1}
	- libxrender 1:0.9.10-1 (low; bug #840443)
	[jessie] - libxrender <no-dsa> (Minor issue, will be fixed in a point release)
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=9362c7ddd1af3b168953d0737877bc52d79c94f4
CVE-2016-7948 (X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of ...)
	{DLA-660-1}
	- libxrandr 2:1.5.1-1 (low; bug #840441)
	[jessie] - libxrandr 2:1.4.2-1+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=a0df3e1c7728205e5c7650b2e6dce684139254a6
CVE-2016-7947 (Multiple integer overflows in X.org libXrandr before 1.5.1 allow remot ...)
	{DLA-660-1}
	- libxrandr 2:1.5.1-1 (low; bug #840441)
	[jessie] - libxrandr 2:1.4.2-1+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=a0df3e1c7728205e5c7650b2e6dce684139254a6
CVE-2016-7946 (X.org libXi before 1.7.7 allows remote X servers to cause a denial of  ...)
	{DLA-685-1}
	- libxi 2:1.7.8-1 (low; bug #840440)
	[jessie] - libxi 2:1.7.4-1+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5
	NOTE: Regression: https://bugs.freedesktop.org/98204
CVE-2016-7945 (Multiple integer overflows in X.org libXi before 1.7.7 allow remote X  ...)
	{DLA-685-1}
	- libxi 2:1.7.8-1 (low; bug #840440)
	[jessie] - libxi 2:1.7.4-1+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5
	NOTE: Regression: https://bugs.freedesktop.org/98204
CVE-2016-7944 (Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms m ...)
	{DLA-654-1}
	- libxfixes 1:5.0.3-1 (low; bug #840442)
	[jessie] - libxfixes 1:5.0.1-2+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXfixes/commit/?id=61c1039ee23a2d1de712843bed3480654d7ef42e
CVE-2016-7943 (The XListFonts function in X.org libX11 before 1.6.4 might allow remot ...)
	{DLA-684-1}
	- libx11 2:1.6.4-1 (low; bug #840439)
	[jessie] - libx11 2:1.6.2-3+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9
CVE-2016-7942 (The XGetImage function in X.org libX11 before 1.6.4 might allow remote ...)
	{DLA-684-1}
	- libx11 2:1.6.4-1 (low; bug #840439)
	[jessie] - libx11 2:1.6.2-3+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8ea762f94f4c942d898fdeb590a1630c83235c17
CVE-2016-7941
	RESERVED
CVE-2016-7940 (The STP parser in tcpdump before 4.9.0 has a buffer overflow in print- ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7939 (The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print- ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7938 (The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in p ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7937 (The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print- ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7936 (The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print- ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7935 (The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print- ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7934 (The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7933 (The PPP parser in tcpdump before 4.9.0 has a buffer overflow in print- ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7932 (The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print- ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7931 (The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7930 (The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in p ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7929 (The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer over ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7928 (The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in pri ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7927 (The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow i ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7926 (The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in p ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7925 (The compressed SLIP parser in tcpdump before 4.9.0 has a buffer overfl ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7924 (The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print- ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7923 (The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print- ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7922 (The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-a ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7920
	RESERVED
CVE-2016-7919 (** DISPUTED ** Moodle 3.1.2 allows remote attackers to obtain sensitiv ...)
	NOTE: Disputed moodle non-issue
CVE-2016-7918
	RESERVED
CVE-2016-7917 (The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the L ...)
	- linux 4.5.1-1 (low)
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/c58d6c93680f28ac58984af61d0a7ebf4319c241 (v4.5-rc6)
CVE-2016-7916 (Race condition in the environ_read function in fs/proc/base.c in the L ...)
	- linux 4.5.4-1
	[jessie] - linux 3.16.36-1
	[wheezy] - linux 3.2.81-1
	NOTE: Fixed by: https://git.kernel.org/linus/8148a73c9901a8794a50f950083c00ccf97d43b3 (v4.6-rc7)
CVE-2016-7915 (The hid_input_field function in drivers/hid/hid-core.c in the Linux ke ...)
	{DLA-772-1}
	- linux 4.6.1-1
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/50220dead1650609206efe91f0cc116132d59b3f (v4.6-rc1)
CVE-2016-7914 (The assoc_array_insert_into_terminal_node function in lib/assoc_array. ...)
	- linux 4.5.3-1
	[jessie] - linux 3.16.36-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2 (v4.6-rc4)
CVE-2016-7913 (The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c  ...)
	- linux 4.6.1-1
	[jessie] - linux 3.16.36-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/8dfbcc4351a0b6d2f2d77f367552f48ffefafe18 (v4.6-rc1)
CVE-2016-7912 (Use-after-free vulnerability in the ffs_user_copy_worker function in d ...)
	- linux 4.5.3-1
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/38740a5b87d53ceb89eb2c970150f6e94e00373a (v4.6-rc5)
CVE-2016-7911 (Race condition in the get_task_ioprio function in block/ioprio.c in th ...)
	{DLA-772-1}
	- linux 4.7.2-1
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/8ba8682107ee2ca3347354e018865d8e1967c5f4 (v4.7-rc7)
CVE-2016-7910 (Use-after-free vulnerability in the disk_seqf_stop function in block/g ...)
	{DLA-772-1}
	- linux 4.7.2-1
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/77da160530dd1dc94f6ae15a981f24e5f0021e84 (v4.8-rc1)
CVE-2016-7909 (The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emul ...)
	{DLA-1599-1 DLA-698-1 DLA-689-1}
	- qemu 1:2.8+dfsg-1 (bug #839834)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07942.html
CVE-2016-7908 (The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emul ...)
	{DLA-1599-1 DLA-653-1 DLA-652-1}
	- qemu 1:2.8+dfsg-1 (bug #839835)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05557.html
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=070c4b92b8cd5390889716677a0b92444d6e087a
CVE-2016-7907 (The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emul ...)
	- qemu 1:2.8+dfsg-3 (bug #839986)
	[jessie] - qemu <not-affected> (Vulnerable code introduced after v2.5.0-rc0)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced after v2.5.0-rc0)
	- qemu-kvm <not-affected> (Vulnerable code introduced after v2.5.0-rc0)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05556.html
	NOTE: i.MX Fast Ethernet Controller emulation introduced in v2.5.0-rc0 with
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=fcbd8018e645f3ab1ef9af94dc88a0d3272926d3 (v2.5.0-rc0)
CVE-2016-7906 (magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to c ...)
	{DSA-3726-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #840435)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/281
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d63a3c5729df59f183e9e110d5d8385d17caaad0
CVE-2016-7905 (The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3. ...)
	- ffmpeg 7:3.1.4-1 (bug #840434)
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/622ccbd8ab894e3ac6cdf607e3d4f39e406786e9 (n3.1.4)
CVE-2016-7904 (Cross-site request forgery (CSRF) vulnerability in CMS Made Simple bef ...)
	NOT-FOR-US: CMS Made Simple
CVE-2016-7903 (Dotclear before 2.10.3, when the Host header is not part of the web se ...)
	- dotclear <removed>
	NOTE: Fixed by: https://hg.dotclear.org/dotclear/rev/bb06343f4247
CVE-2016-7902 (Unrestricted file upload vulnerability in the fileUnzip-&gt;unzip meth ...)
	- dotclear <removed>
	NOTE: Fixed by: https://hg.dotclear.org/dotclear/rev/a9db771a5a70
CVE-2016-7901
	REJECTED
CVE-2016-7900
	REJECTED
CVE-2016-7899
	REJECTED
CVE-2016-7898
	REJECTED
CVE-2016-7897
	REJECTED
CVE-2016-7896
	REJECTED
CVE-2016-7895
	REJECTED
CVE-2016-7894
	REJECTED
CVE-2016-7893
	REJECTED
CVE-2016-7892 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7891 (Adobe RoboHelp version 2015.0.3 and earlier, RoboHelp 11 and earlier h ...)
	NOT-FOR-US: Adobe
CVE-2016-7890 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7889 (Adobe Digital Editions versions 4.5.2 and earlier has an issue with pa ...)
	NOT-FOR-US: Adobe
CVE-2016-7888 (Adobe Digital Editions versions 4.5.2 and earlier has an important vul ...)
	NOT-FOR-US: Adobe
CVE-2016-7887 (Adobe ColdFusion Builder versions 2016 update 2 and earlier, 3.0.3 and ...)
	NOT-FOR-US: Adobe
CVE-2016-7886 (Adobe InDesign version 11.4.1 and earlier, Adobe InDesign Server 11.0. ...)
	NOT-FOR-US: Adobe
CVE-2016-7885 (Adobe Experience Manager versions 6.2 and earlier have a vulnerability ...)
	NOT-FOR-US: Adobe
CVE-2016-7884 (Adobe Experience Manager versions 6.1 and earlier have an input valida ...)
	NOT-FOR-US: Adobe
CVE-2016-7883 (Adobe Experience Manager version 6.2 has an input validation issue in  ...)
	NOT-FOR-US: Adobe
CVE-2016-7882 (Adobe Experience Manager versions 6.2 and earlier have an input valida ...)
	NOT-FOR-US: Adobe
CVE-2016-7881 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7880 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7879 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7878 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7877 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7876 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7875 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7874 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7873 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7872 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7871 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7870 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7869 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7868 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7867 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7866 (Adobe Animate versions 15.2.1.95 and earlier have an exploitable memor ...)
	NOT-FOR-US: Adobe Animate
CVE-2016-7865 (Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7864 (Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7863 (Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7862 (Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7861 (Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7860 (Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7859 (Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7858 (Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7857 (Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7856 (Adobe DNG Converter versions 9.7 and earlier have an exploitable memor ...)
	NOT-FOR-US: Adobe DNG Converter
CVE-2016-7855 (Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 o ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7854 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7853 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7852 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7851 (Adobe Connect version 9.5.6 and earlier does not adequately validate i ...)
	NOT-FOR-US: Adobe
CVE-2016-7850
	REJECTED
CVE-2016-7849
	REJECTED
CVE-2016-7848
	REJECTED
CVE-2016-7847
	REJECTED
CVE-2016-7846
	REJECTED
CVE-2016-7845 (GigaCC OFFICE ver.2.3 and earlier allows remote attackers to upload ar ...)
	NOT-FOR-US: GigaCC OFFICE
CVE-2016-7844 (GigaCC OFFICE ver.2.3 and earlier allows remote attackers to execute a ...)
	NOT-FOR-US: GigaCC OFFICE
CVE-2016-7843 (Directory traversal vulnerability in AttacheCase for Java 0.60 and ear ...)
	NOT-FOR-US: AttacheCase
CVE-2016-7842 (Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier a ...)
	NOT-FOR-US: AttacheCase
CVE-2016-7841 (Cross-site scripting vulnerability in Olive Diary DX allows remote att ...)
	NOT-FOR-US: Olive Diary DX
CVE-2016-7840 (Cross-site scripting vulnerability in WEB SCHEDULE allows remote attac ...)
	NOT-FOR-US: WEB SCHEDULE
CVE-2016-7839 (Cross-site scripting vulnerability in Olive Blog allows remote attacke ...)
	NOT-FOR-US: Olive Blog
CVE-2016-7838 (Untrusted search path vulnerability in WinSparkle versions prior to 0. ...)
	NOT-FOR-US: WinSparkle
CVE-2016-7837 (Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execut ...)
	- bluez 5.43-1
	[wheezy] - bluez <no-dsa> (Minor issue)
	NOTE: Fixed by: http://git.kernel.org/cgit/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601 (5.42)
CVE-2016-7836 (SKYSEA Client View Ver.11.221.03 and earlier allows remote code execut ...)
	NOT-FOR-US: SKYSEA Client View
CVE-2016-7835 (Use-after-free vulnerability in H2O allows remote attackers to cause a ...)
	- h2o <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/h2o/h2o/issues/1144
CVE-2016-7834 (SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, ...)
	NOT-FOR-US: SONY
CVE-2016-7833 (Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access r ...)
	NOT-FOR-US: Cybozu
CVE-2016-7832 (Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access r ...)
	NOT-FOR-US: Cybozu
CVE-2016-7831 (Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for  ...)
	NOT-FOR-US: Sleipnir
CVE-2016-7830 (Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C ...)
	NOT-FOR-US: Sony
CVE-2016-7829
	REJECTED
CVE-2016-7828
	REJECTED
CVE-2016-7827
	REJECTED
CVE-2016-7826 (Directory traversal vulnerability in Buffalo WNC01WH devices with firm ...)
	NOT-FOR-US: Buffalo
CVE-2016-7825 (Directory traversal vulnerability in Buffalo WNC01WH devices with firm ...)
	NOT-FOR-US: Buffalo
CVE-2016-7824 (Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allow ...)
	NOT-FOR-US: Buffalo
CVE-2016-7823 (Cross-site scripting vulnerability in Buffalo WNC01WH devices with fir ...)
	NOT-FOR-US: Buffalo
CVE-2016-7822 (Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH dev ...)
	NOT-FOR-US: Buffalo
CVE-2016-7821 (Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allo ...)
	NOT-FOR-US: Buffalo
CVE-2016-7820 (Buffer overflow in I-O DATA DEVICE TS-WRLP firmware version 1.01.02 an ...)
	NOT-FOR-US: I-O DATA DEVICE
CVE-2016-7819 (I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WR ...)
	NOT-FOR-US: I-O DATA DEVICE
CVE-2016-7818 (Untrusted search path vulnerability in Installers for Specification ch ...)
	NOT-FOR-US: Untrusted search path vulnerability in various installers
CVE-2016-7817 (Cross-site scripting vulnerability in Simple keitai chat 2.0 and earli ...)
	NOT-FOR-US: Simple keitai chat
CVE-2016-7816 (The Cybozu kintone mobile for Android 1.0.6 and earlier does not verif ...)
	NOT-FOR-US: Cybozu
CVE-2016-7815 (Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certifica ...)
	NOT-FOR-US: Remote Service Manager provided by Cybozu
CVE-2016-7814 (I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WR ...)
	NOT-FOR-US: I-O DATA DEVICE
CVE-2016-7813 (Cross-site scripting vulnerability in DERAEMON-CMS version 0.8.9 and e ...)
	NOT-FOR-US: DERAEMON-CMS
CVE-2016-7812 (The Bank of Tokyo-Mitsubishi UFJ, Ltd. App for Android ver5.3.1, ver5. ...)
	NOT-FOR-US: Bank of Tokyo-Mitsubishi UFJ, Ltd. App
CVE-2016-7811 (Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker o ...)
	NOT-FOR-US: Corega
CVE-2016-7810 (Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. ...)
	NOT-FOR-US: Corega
CVE-2016-7809 (Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX  ...)
	NOT-FOR-US: Corega
CVE-2016-7808 (Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARG ...)
	NOT-FOR-US: Corega
CVE-2016-7807 (I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remot ...)
	NOT-FOR-US: I-O DATA DEVICE
CVE-2016-7806 (I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remot ...)
	NOT-FOR-US: I-O DATA DEVICE
CVE-2016-7805 (The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate  ...)
	NOT-FOR-US: mobiGate App
CVE-2016-7804 (Untrusted search path vulnerability in 7 Zip for Windows 16.02 and ear ...)
	NOT-FOR-US: 7 Zip for Windows
CVE-2016-7803 (SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows ...)
	NOT-FOR-US: Cybozu
CVE-2016-7802 (Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allo ...)
	NOT-FOR-US: Cybozu
CVE-2016-7801 (Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access  ...)
	NOT-FOR-US: Cybozu
CVE-2016-7800 (Integer underflow in the parse8BIM function in coders/meta.c in Graphi ...)
	{DSA-3746-1 DLA-651-1}
	- graphicsmagick 1.3.25-3
	NOTE: https://sourceforge.net/p/graphicsmagick/code/ci/5c7b6d6094a25e99c57f8b18343914ebfd8213ef/
CVE-2016-7799 (MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attac ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #840437)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/280
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a7bb158b7bedd1449a34432feb3a67c8f1873bfa
CVE-2016-7798 (The openssl gem for Ruby uses the same initialization vector (IV) in G ...)
	{DSA-3966-1 DLA-1421-1}
	- ruby2.3 2.3.3-1+deb9u1 (bug #842432)
	- ruby2.1 <removed> (bug #842544)
	NOTE: https://github.com/ruby/openssl/issues/49
	NOTE: https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062
	- ruby-attr-encrypted 3.0.1-2
	NOTE: https://github.com/attr-encrypted/attr_encrypted/issues/203
	- ruby-encryptor 3.0.0-1
	NOTE: https://github.com/attr-encrypted/encryptor/pull/22
CVE-2016-7797 (Pacemaker before 1.1.15, when using pacemaker remote, might allow remo ...)
	- pacemaker 1.1.15~rc3-1
	[wheezy] - pacemaker <not-affected> (Vulnerable code introduced after 1.1.10)
	NOTE: http://bugs.clusterlabs.org/show_bug.cgi?id=5269
	NOTE: Fixed by: https://github.com/ClusterLabs/pacemaker/commit/5ec24a2642bd0854b884d1a9b51d12371373b410 (Pacemaker-1.1.15-rc1)
	NOTE: Vulnerable code introduced in: https://github.com/ClusterLabs/pacemaker/commit/87f40917feb5109f827d83765c924acbbd824379 (Pacemaker-1.1.12-rc1)
CVE-2016-7796 (The manager_dispatch_notify_fd function in systemd allows local users  ...)
	{DLA-659-1}
	- systemd 231-9 (bug #839607)
	[jessie] - systemd 215-17+deb8u6
	NOTE: https://github.com/systemd/systemd/issues/4234#issuecomment-250441246
	NOTE: Fixed by: https://github.com/systemd/systemd/pull/4240
CVE-2016-7795 (The manager_invoke_notify_message function in systemd 231 and earlier  ...)
	- systemd 231-9 (bug #839171)
	[jessie] - systemd <not-affected> (Introduced in 219)
	[wheezy] - systemd <not-affected> (Introduced in 219)
	NOTE: https://github.com/systemd/systemd/issues/4234
	NOTE: https://github.com/systemd/systemd/commit/531ac2b2349da02acc9c382849758e07eb92b020
	NOTE: Originally fixed in 231-8 but caused a regression fixed in 231-9
	NOTE: https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet
CVE-2016-7794 (sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to e ...)
	- git-hub 0.10.2-2 (bug #839284)
CVE-2016-7793 (sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to e ...)
	- git-hub 0.10.2-2 (bug #839284)
CVE-2016-7792 (Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database ...)
	NOT-FOR-US: Ubiquiti Networks UniFi
CVE-2016-7791 (Exponent CMS 2.3.9 suffers from a remote code execution vulnerability  ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7790 (Exponent CMS 2.3.9 suffers from a remote code execution vulnerability  ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7789 (SQL injection vulnerability in framework/core/models/expConfig.php in  ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7788 (SQL injection vulnerability in framework/modules/users/models/user.php ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7787 (A maliciously crafted command line for kdesu can result in the user on ...)
	- kde-cli-tools 4:5.8.0-1 (bug #839865)
	- kde-runtime 4:16.08.3-2 (bug #842498)
	[jessie] - kde-runtime <no-dsa> (Minor issue)
	[wheezy] - kde-runtime <not-affected> (Unicode string terminator is not interpreted)
	- kdesudo <removed> (bug #843790)
	[stretch] - kdesudo <no-dsa> (Minor issue)
	[jessie] - kdesudo <no-dsa> (Minor issue)
	[wheezy] - kdesudo <not-affected> (Unicode string terminator is not interpreted)
	NOTE: https://www.kde.org/info/security/advisory-20160930-1.txt
	NOTE: https://github.com/KDE/kde-cli-tools/commit/5eda179a099ba68a20dc21dc0da63e85a565a171
	NOTE: For kde-cli-tools fixed in 5.7.5 upstream
	NOTE: kde-runtime's affected binary is /usr/lib/kde4/libexec/kdesu-distrib/kdesu
	NOTE: kdesudo's affected binary is /usr/bin/kdesudo
CVE-2016-7786 (Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated us ...)
	NOT-FOR-US: Sophos
CVE-2016-7785 (The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3. ...)
	- ffmpeg 7:3.1.4-1 (bug #840434)
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c8c5f66b42edc37474baa5cb51460cbf6f33075b (n3.1.4)
CVE-2016-7784 (SQL injection vulnerability in the getSection function in framework/co ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7783 (SQL injection vulnerability in framework/core/models/expRecord.php in  ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7782 (SQL injection vulnerability in framework/core/models/expConfig.php in  ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7781 (SQL injection vulnerability in framework/modules/blog/controllers/blog ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7780 (SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3. ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7779
	RESERVED
CVE-2016-7778
	RESERVED
CVE-2016-7777 (Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which ...)
	{DSA-3729-1 DLA-699-1}
	- xen 4.8.0~rc3-1
	NOTE: http://xenbits.xen.org/xsa/advisory-190.html
CVE-2016-7776
	RESERVED
CVE-2016-7775
	REJECTED
CVE-2016-7774
	REJECTED
CVE-2016-7773
	REJECTED
CVE-2016-7772
	REJECTED
CVE-2016-7771
	REJECTED
CVE-2016-7770
	REJECTED
CVE-2016-7769
	REJECTED
CVE-2016-7768
	REJECTED
CVE-2016-7767
	REJECTED
CVE-2016-7766
	REJECTED
CVE-2016-7765 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7764
	REJECTED
CVE-2016-7763
	REJECTED
CVE-2016-7762 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7761 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7760
	REJECTED
CVE-2016-7759 (An issue was discovered in certain Apple products. iOS before 10 is af ...)
	NOT-FOR-US: Apple
CVE-2016-7758
	REJECTED
CVE-2016-7757
	REJECTED
CVE-2016-7756
	REJECTED
CVE-2016-7755
	REJECTED
CVE-2016-7754
	REJECTED
CVE-2016-7753
	REJECTED
CVE-2016-7752
	REJECTED
CVE-2016-7751
	REJECTED
CVE-2016-7750
	REJECTED
CVE-2016-7749
	REJECTED
CVE-2016-7748
	REJECTED
CVE-2016-7747
	REJECTED
CVE-2016-7746
	REJECTED
CVE-2016-7745
	REJECTED
CVE-2016-7744
	REJECTED
CVE-2016-7743
	REJECTED
CVE-2016-7742 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7741
	REJECTED
CVE-2016-7740
	REJECTED
CVE-2016-7739
	REJECTED
CVE-2016-7738
	REJECTED
CVE-2016-7737
	REJECTED
CVE-2016-7736
	REJECTED
CVE-2016-7735
	REJECTED
CVE-2016-7734
	REJECTED
CVE-2016-7733
	REJECTED
CVE-2016-7732
	REJECTED
CVE-2016-7731
	REJECTED
CVE-2016-7730
	REJECTED
CVE-2016-7729
	REJECTED
CVE-2016-7728
	REJECTED
CVE-2016-7727
	REJECTED
CVE-2016-7726
	REJECTED
CVE-2016-7725
	REJECTED
CVE-2016-7724
	REJECTED
CVE-2016-7723
	REJECTED
CVE-2016-7722
	REJECTED
CVE-2016-7721
	REJECTED
CVE-2016-7720
	REJECTED
CVE-2016-7719
	REJECTED
CVE-2016-7718
	REJECTED
CVE-2016-7717
	REJECTED
CVE-2016-7716
	REJECTED
CVE-2016-7715
	REJECTED
CVE-2016-7714 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7713
	REJECTED
CVE-2016-7712
	REJECTED
CVE-2016-7711
	REJECTED
CVE-2016-7710
	REJECTED
CVE-2016-7709
	REJECTED
CVE-2016-7708
	REJECTED
CVE-2016-7707
	REJECTED
CVE-2016-7706
	REJECTED
CVE-2016-7705
	REJECTED
CVE-2016-7704
	RESERVED
CVE-2016-7703
	REJECTED
CVE-2016-7702
	REJECTED
CVE-2016-7701
	REJECTED
CVE-2016-7700
	REJECTED
CVE-2016-7699
	REJECTED
CVE-2016-7698
	REJECTED
CVE-2016-7697
	REJECTED
CVE-2016-7696
	REJECTED
CVE-2016-7695
	REJECTED
CVE-2016-7694
	REJECTED
CVE-2016-7693
	REJECTED
CVE-2016-7692
	REJECTED
CVE-2016-7691
	REJECTED
CVE-2016-7690
	REJECTED
CVE-2016-7689
	REJECTED
CVE-2016-7688
	REJECTED
CVE-2016-7687
	REJECTED
CVE-2016-7686
	REJECTED
CVE-2016-7685
	REJECTED
CVE-2016-7684
	REJECTED
CVE-2016-7683
	REJECTED
CVE-2016-7682
	REJECTED
CVE-2016-7681
	REJECTED
CVE-2016-7680
	REJECTED
CVE-2016-7679
	REJECTED
CVE-2016-7678
	REJECTED
CVE-2016-7677
	REJECTED
CVE-2016-7676
	REJECTED
CVE-2016-7675
	REJECTED
CVE-2016-7674
	REJECTED
CVE-2016-7673
	REJECTED
CVE-2016-7672
	REJECTED
CVE-2016-7671
	REJECTED
CVE-2016-7670
	REJECTED
CVE-2016-7669
	REJECTED
CVE-2016-7668
	REJECTED
CVE-2016-7667 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7666 (An issue was discovered in certain Apple products. Transporter before  ...)
	NOT-FOR-US: Apple
CVE-2016-7665 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7664 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7663 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7662 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7661 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7660 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7659 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7658 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7657 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7656 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7655 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7654 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7653 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7652 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7651 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7650 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7649 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7648 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7647
	REJECTED
CVE-2016-7646 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7645 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7644 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7643 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7642 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7641 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7640 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7639 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7638 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7637 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7636 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7635 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7634 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7633 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7632 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7631
	REJECTED
CVE-2016-7630 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7629 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7628 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7627 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7626 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7625 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7624 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7623 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7622 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7621 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7620 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7619 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7618 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7617 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7616 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7615 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7614 (An issue was discovered in certain Apple products. iCloud before 6.1 i ...)
	NOT-FOR-US: Apple
CVE-2016-7613 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7612 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7611 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7610 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7609 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7608 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7607 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7606 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7605 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7604 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7603 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7602 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7601 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7600 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7599 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7598 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7597 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7596 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7595 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7594 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7593
	REJECTED
CVE-2016-7592 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7591 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7590
	REJECTED
CVE-2016-7589 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7588 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7587 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7586 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7585 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-7584 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7583 (An issue was discovered in certain Apple products. iCloud before 6.0.1 ...)
	NOT-FOR-US: Apple
CVE-2016-7582 (An issue was discovered in certain Apple products. macOS before 10.12  ...)
	NOT-FOR-US: Apple
CVE-2016-7581 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7580 (An issue was discovered in certain Apple products. macOS before 10.12  ...)
	NOT-FOR-US: Apple
CVE-2016-7579 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7578 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7577 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-7576 (In iOS before 9.3.3, a memory corruption issue existed in the kernel.  ...)
	NOT-FOR-US: Apple
CVE-2016-7574
	RESERVED
CVE-2016-7573
	RESERVED
CVE-2016-7572 (The system.temporary route in Drupal 8.x before 8.1.10 does not proper ...)
	- drupal7 <not-affected> (Only affects Drupal 8)
CVE-2016-7571 (Cross-site scripting (XSS) vulnerability in Drupal 8.x before 8.1.10 a ...)
	- drupal7 <not-affected> (Only affects Drupal 8)
CVE-2016-7570 (Drupal 8.x before 8.1.10 does not properly check for "Administer comme ...)
	- drupal7 <not-affected> (Only affects Drupal 8)
CVE-2016-7569 (Directory traversal vulnerability in docker2aci before 0.13.0 allows r ...)
	- golang-github-appc-docker2aci 0.14.0+dfsg-1 (bug #839282)
	NOTE: https://github.com/appc/docker2aci/issues/201
CVE-2016-7568 (Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD ...)
	{DSA-3693-1}
	- libgd2 2.2.3-87-gd0fec80-1 (bug #839659)
	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
	NOTE: libgd bug: https://github.com/libgd/libgd/issues/308
	NOTE: Fixed by: https://github.com/libgd/libgd/commit/2806adfdc27a94d333199345394d7c302952b95f
	- php7.0 7.0.12-1 (unimportant)
	- php5 <removed> (unimportant)
	[jessie] - php5 5.6.27+dfsg-0+deb8u1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73003
	NOTE: https://github.com/php/php-src/commit/c18263e0e0769faee96a5d0ee04b750c442783c6
CVE-2016-7567 (Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compar ...)
	- openslp-dfsg <not-affected> (Only affects openslp 2)
	NOTE: https://sourceforge.net/p/openslp/mercurial/ci/34fb3aa5e6b4997fa21cb614e480de36da5dbc9a/
CVE-2016-7566
	RESERVED
CVE-2016-7565 (install/index.php in Exponent CMS 2.3.9 allows remote attackers to exe ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7564 (Heap-based buffer overflow in the Fp_toString function in jsfunction.c ...)
	NOT-FOR-US: MuJS
CVE-2016-7563 (The chartorune function in Artifex Software MuJS allows attackers to c ...)
	NOT-FOR-US: MuJS
CVE-2016-7562 (The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before ...)
	- ffmpeg 7:3.1.4-1 (bug #840434)
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/496267f8e9ec218351e4359e1fde48722d4fc804 (n3.1.4)
CVE-2016-7561 (Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8. ...)
	NOT-FOR-US: Fortinet FortiWLC
CVE-2016-7560 (The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1,  ...)
	NOT-FOR-US: Fortinet FortiWLC
CVE-2016-7559
	RESERVED
CVE-2016-7558
	RESERVED
CVE-2016-7557
	RESERVED
CVE-2016-7556
	RESERVED
CVE-2016-7555 (The avi_read_header function in libavformat/avidec.c in FFmpeg before  ...)
	- ffmpeg 7:3.1.4-1 (bug #840434)
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/8834e080c20d3d23c3ffe779371359f9b9b835ec (n3.1.4)
CVE-2016-7554
	REJECTED
CVE-2016-7552 (On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory tr ...)
	NOT-FOR-US: Trend Micro Threat Discovery Appliance
CVE-2016-7549 (Google Chrome before 53.0.2785.113 does not ensure that the recipient  ...)
	{DSA-3667-1}
	- chromium-browser 53.0.2785.113-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-7548
	RESERVED
CVE-2016-7547 (A command execution flaw on the Trend Micro Threat Discovery Appliance ...)
	NOT-FOR-US: Trend Micro Threat Discovery Appliance
CVE-2016-7546
	RESERVED
CVE-2016-7545 (SELinux policycoreutils allows local users to execute arbitrary comman ...)
	{DLA-638-1}
	- policycoreutils 2.5-3 (bug #838599)
	[jessie] - policycoreutils <not-affected> ("sandbox" executable not packaged in this version)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1378577
	NOTE: Upstream mailing list discussion: https://marc.info/?t=147463464400001&r=1&w=2
	NOTE: Upstream fix: https://github.com/SELinuxProject/selinux/commit/acca96a135a4d2a028ba9b636886af99c0915379
	NOTE: Marked as exception as not-affected, although the source is affected but the built
	NOTE: binary packages do not contain the sandbox binary. We cannot use 'unimportant'
	NOTE: severity here since the unstable version builts a binary package which contains it.
CVE-2016-7544 (Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _ ...)
	- libcrypto++ <not-affected> (Vulnerable code intorduced in 5.6.4, only affects Windows and Microsoft compilers)
CVE-2016-7543 (Bash before 4.4 allows local users to execute arbitrary commands with  ...)
	{DLA-680-1}
	- bash 4.4-1
	[jessie] - bash 4.3-11+deb8u1
	NOTE: https://www.openwall.com/lists/oss-security/2016/09/26/9
	NOTE: Default shell is dash which is not vulnerable, but bash in Jessie and
	NOTE: Wheezy are affected.
	NOTE: Fixed by (4.3): https://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-048
CVE-2016-7542 (A read-only administrator on Fortinet devices with FortiOS 5.2.x befor ...)
	NOT-FOR-US: FortiOS
CVE-2016-7541 (Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x bef ...)
	NOT-FOR-US: FortiOS
CVE-2016-7512
	RESERVED
CVE-2016-7511 (Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows  ...)
	{DLA-635-1}
	- dwarfutils 20160923-1 (bug #838757)
	[jessie] - dwarfutils <no-dsa> (Minor issue, can be fixed in point release)
	NOTE: https://sourceforge.net/p/libdwarf/bugs/3/
	NOTE: https://www.prevanders.net/dwarfbug.html#DW201609-002
	NOTE: Fixed by: https://sourceforge.net/p/libdwarf/code/ci/3767305debcba8bd7e1c483ae48c509d25399252
	NOTE: See though notes for CVE-2016-7410, the 3767305debcba8bd7e1c483ae48c509d25399252
	NOTE: seem to be the ultimate fix upstream, introducing commit should as well still be
	NOTE: found.
CVE-2016-7510 (The read_line_table_program function in dwarf_line_table_reader_common ...)
	{DLA-635-1}
	- dwarfutils 20160923-1 (bug #838756)
	[jessie] - dwarfutils <no-dsa> (Minor issue, can be fixed in point release)
	NOTE: https://sourceforge.net/p/libdwarf/bugs/4/
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1377015
	NOTE: https://www.prevanders.net/dwarfbug.html#DW201609-004
	NOTE: Fixed by: https://sourceforge.net/p/libdwarf/code/ci/3767305debcba8bd7e1c483ae48c509d25399252
	NOTE: See though notes for CVE-2016-7410, the 3767305debcba8bd7e1c483ae48c509d25399252
	NOTE: seem to be the ultimate fix upstream, introducing commit should as well still be
	NOTE: found.
CVE-2016-7509 (Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote  ...)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2016-7508 (Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authent ...)
	- glpi <removed> (unimportant)
	NOTE: https://github.com/glpi-project/glpi/issues/1047
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2016-7507 (Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows  ...)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2016-7506 (An out-of-bounds read vulnerability was observed in Sp_replace_regexp  ...)
	NOT-FOR-US: MuJS
CVE-2016-7505 (A buffer overflow vulnerability was observed in divby function of Arti ...)
	NOT-FOR-US: MuJS
CVE-2016-7504 (A use-after-free vulnerability was observed in Rp_toString function of ...)
	NOT-FOR-US: MuJS
CVE-2016-7503
	RESERVED
CVE-2016-7502 (The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before ...)
	- ffmpeg 7:3.1.4-1 (bug #840434)
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/9d738e6968757d4e70c8e07e0b720ac0004accc4 (n3.1.4)
CVE-2016-7501
	RESERVED
	NOT-FOR-US: Oracle
CVE-2016-7500
	RESERVED
CVE-2016-7499 (The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote ...)
	- libav <removed> (unimportant)
	NOTE: https://blogs.gentoo.org/ago/2016/09/21/libav-divide-by-zero-in-sbr_make_f_master-aacsbr-c/
CVE-2016-7498 (OpenStack Compute (nova) 13.0.0 does not properly delete instances fro ...)
	- nova 2:13.1.0-1
	[jessie] - nova <not-affected> (Vulnerable code (re)introduced later)
	[wheezy] - nova <not-affected> (Vulnerable code (re)introduced later)
	NOTE: Relates to OSSA-2015-017 (CVE-2015-3280) which was previously fixed
	NOTE: and then reintroduced with 13.0.0 and refixed in 13.1.0.
CVE-2016-7497
	REJECTED
CVE-2016-7496
	REJECTED
CVE-2016-7495
	REJECTED
CVE-2016-7494
	REJECTED
CVE-2016-7493
	REJECTED
CVE-2016-7492
	REJECTED
CVE-2016-7491
	REJECTED
CVE-2016-7490 (The installation script studioexpressinstall for Teradata Studio Expre ...)
	NOT-FOR-US: Teradata Studio Express
CVE-2016-7489 (Teradata Virtual Machine Community Edition v15.10's perl script /opt/t ...)
	NOT-FOR-US: Teradata Virtual Machine Community Edition
CVE-2016-7488 (Teradata Virtual Machine Community Edition v15.10 has insecure file pe ...)
	NOT-FOR-US: Teradata Virtual Machine Community Edition
CVE-2016-7487
	REJECTED
CVE-2016-7486
	REJECTED
CVE-2016-7485
	REJECTED
CVE-2016-7484
	REJECTED
CVE-2016-7483
	REJECTED
CVE-2016-7482
	REJECTED
CVE-2016-7481
	REJECTED
CVE-2016-7480 (The SplObjectStorage unserialize implementation in ext/spl/spl_observe ...)
	- php7.0 7.0.12-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73257
	NOTE: Fixed in 7.0.12
CVE-2016-7479 (In all versions of PHP 7, during the unserialization process, resizing ...)
	{DSA-3783-1 DLA-875-1}
	- php7.1 7.1.1-1
	- php7.0 7.0.15-1
	- php5 <removed>
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72610
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73092
	NOTE: Fixed in 7.0.15
	NOTE: PHP 5.x/7.x: https://git.php.net/?p=php-src.git;a=commit;h=0426b916df396a23e5c34514e4f2f0627efdcdf0
	NOTE: PHP 7.x: https://git.php.net/?p=php-src.git;a=commit;h=b47c49d7a00bc34d7e0f3d72732f66e904da6fa7
	NOTE: The change is in 5.6+, even though the property table issue only affects
	NOTE: PHP 7, because this also prevents a wide range of other __wakeup() based
	NOTE: attacks.
CVE-2016-7478 (Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x befo ...)
	{DSA-3732-1 DLA-875-1}
	- php7.1 <not-affected> (Fixed before initial upload to Debian)
	- php7.0 7.0.13-1
	- php5 <removed>
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73093
	NOTE: Patch for 5.6.x: https://git.php.net/?p=php-src.git;a=commit;h=40e7baab3c90001beee4c8f0ed0ef79ad18ee0d6 (5.6.28)
	NOTE: backported patch for 5.4: https://lists.debian.org/87efysy07p.fsf@curie.anarc.at
CVE-2016-7477 (The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 al ...)
	- libav <removed> (unimportant)
	NOTE: https://blogs.gentoo.org/ago/2016/09/20/libav-null-pointer-dereference-in-ff_put_pixels8_xy2_mmx-rnd_template-c/
CVE-2016-7476 (The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, A ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-7475 (Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-7474 (In some cases the MCPD binary cache in F5 BIG-IP devices may allow a u ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-7473
	REJECTED
CVE-2016-7472 (F5 BIG-IP ASM version 12.1.0 - 12.1.1 may allow remote attackers to ca ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-7471
	REJECTED
CVE-2016-7470
	REJECTED
CVE-2016-7469 (A stored cross-site scripting (XSS) vulnerability in the Configuration ...)
	NOT-FOR-US: BIG-IP
CVE-2016-7468 (An unauthenticated remote attacker may be able to disrupt services on  ...)
	NOT-FOR-US: F5
CVE-2016-7467 (The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 H ...)
	NOT-FOR-US: F5
CVE-2016-7465
	REJECTED
CVE-2016-7464
	REJECTED
CVE-2016-7463 (Cross-site scripting (XSS) vulnerability in the Host Client in VMware  ...)
	NOT-FOR-US: VMware
CVE-2016-7462 (The Suite REST API in VMware vRealize Operations (aka vROps) 6.x befor ...)
	NOT-FOR-US: VMware
CVE-2016-7461 (The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x be ...)
	NOT-FOR-US: VMware
CVE-2016-7460 (The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and ...)
	NOT-FOR-US: VMware
CVE-2016-7459 (VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote  ...)
	NOT-FOR-US: VMware
CVE-2016-7458 (VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote  ...)
	NOT-FOR-US: VMware
CVE-2016-7457 (VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote  ...)
	NOT-FOR-US: VMware
CVE-2016-7456 (VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH pri ...)
	NOT-FOR-US: VMware
CVE-2016-7455
	RESERVED
CVE-2016-7454 (CSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco dpc3941T ...)
	NOT-FOR-US: Technicolor TC dpc3941T
CVE-2016-7453 (The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7452 (The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7451
	RESERVED
CVE-2016-7450 (The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3 ...)
	- ffmpeg 7:3.1.4-1 (bug #840434)
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ac8ac46641adef208485baebc3734463bf0bd266 (n3.1.4)
CVE-2016-7449 (The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 al ...)
	{DLA-1401-1 DLA-651-1}
	- graphicsmagick 1.3.25-1
	NOTE: The scope of the CVE is for all of these reported TIFF problems.
	NOTE: The ultimate vulnerability was use of:
	NOTE: strlcpy(attribute,text,Min(sizeof(attribute),(count+1)));
	NOTE: three times in coders/tiff.c, where strlcpy is not an appropriate
	NOTE: function choice for this type of scenario of untrusted-data copying.
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/eb58028dacf5
	NOTE: https://blogs.gentoo.org/ago/2016/08/23/graphicsmagick-two-heap-based-buffer-overflow-in-readtiffimage-tiff-c/
	NOTE: https://blogs.gentoo.org/ago/2016/09/07/graphicsmagick-null-pointer-dereference-in-magickstrlcpy-utility-c/
	NOTE: Fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/eb58028dacf5
CVE-2016-7448 (The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote atta ...)
	{DLA-1401-1 DLA-683-1}
	- graphicsmagick 1.3.25-1
	NOTE: Fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/30043afadb10
	NOTE: Fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d972c761b55d
CVE-2016-7447 (Heap-based buffer overflow in the EscapeParenthesis function in Graphi ...)
	{DLA-1401-1 DLA-651-1}
	- graphicsmagick 1.3.25-1
	NOTE: Fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d580e3c3c034
CVE-2016-7446 (Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1. ...)
	{DLA-1401-1 DLA-651-1}
	- graphicsmagick 1.3.25-1
	NOTE: For the http://www.graphicsmagick.org/NEWS.html#september-5-2016 case
	NOTE: which remained present in the 1.3.24 release (and was not fixed until 1.3.25)
	NOTE: Fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/6071b5820215
CVE-2016-7445 (convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a  ...)
	- openjpeg2 2.1.2-1 (unimportant; bug #838690)
	NOTE: https://github.com/uclouvain/openjpeg/issues/843
	NOTE: PoC: https://github.com/STARLABSEC/pocs/raw/master/openjpeg-nullptr-github-issue-842.ppm
	NOTE: No code injection, function only exposed in the CLI tool
CVE-2016-7442 (The Frontend component in Sophos UTM with firmware 9.405-5 and earlier ...)
	NOT-FOR-US: Sophos UTM
CVE-2016-7441
	RESERVED
CVE-2016-7440 (The C software implementation of AES Encryption and Decryption in wolf ...)
	{DSA-3711-1 DSA-3706-1 DLA-708-1}
	- mariadb-10.0 10.0.28-1
	- mysql-5.7 5.7.16-1 (bug #841163)
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <removed> (bug #841050)
	NOTE: Fixed in MariaDB 5.5.53, MariaDB 10.0.28
	- wolfssl 3.9.10+dfsg-1
CVE-2016-7439 (The C software implementation of RSA in wolfSSL (formerly CyaSSL) befo ...)
	- wolfssl 3.9.10+dfsg-1
CVE-2016-7438 (The C software implementation of ECC in wolfSSL (formerly CyaSSL) befo ...)
	- wolfssl 3.9.10+dfsg-1
CVE-2016-7437 (SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the S ...)
	NOT-FOR-US: SAP Netweaver
CVE-2016-7436
	RESERVED
CVE-2016-7435 (The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and  ...)
	NOT-FOR-US: SAP Netweaver
CVE-2016-7434 (The read_mru_list function in NTP before 4.2.8p9 allows remote attacke ...)
	- ntp 1:4.2.8p9+dfsg-1
	[jessie] - ntp <not-affected> (mrulist introduced in ntp-4.2.7p22, vulnerable code not present)
	[wheezy] - ntp <not-affected> (mrulist introduced in ntp-4.2.7p22, vulnerable code not present)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3082
	NOTE: Only possible to trigger from hosts in allow mrulist query.
CVE-2016-7433 (NTP before 4.2.8p9 does not properly perform the initial sync calculat ...)
	- ntp 1:4.2.8p9+dfsg-1
	[jessie] - ntp <not-affected> (Vulnerable code introduced in ntp-4.2.7p385)
	[wheezy] - ntp <not-affected> (Vulnerable code introduced in ntp-4.2.7p385)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3067
	NOTE: Although the CVE is only for the issue introduced by the fix for
	NOTE: http://bugs.ntp.org/show_bug.cgi?id=2085, he root-distance calculation
	NOTE: itself in general is incorrect in all version of ntp-4 until ntp-4.2.8p9
CVE-2016-7432
	RESERVED
CVE-2016-7431 (NTP before 4.2.8p9 allows remote attackers to bypass the origin timest ...)
	- ntp 1:4.2.8p9+dfsg-1
	[jessie] - ntp <not-affected> (Vulnerable code not present)
	[wheezy] - ntp <not-affected> (Vulnerable code introduced later)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3102
CVE-2016-7430
	RESERVED
CVE-2016-7429 (NTP before 4.2.8p9 changes the peer structure to the interface it rece ...)
	- ntp 1:4.2.8p9+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue, only possible if rp_filter is 0)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3072
CVE-2016-7428 (ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial o ...)
	- ntp 1:4.2.8p9+dfsg-1
	[jessie] - ntp <not-affected> (Vulnerable code not present)
	[wheezy] - ntp <not-affected> (Vulnerable code not present)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3113
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0130/
	NOTE: The fixes for CVE-2015-7973 have added several new integrity checks on incoming
	NOTE: broadcast mode packets and issue got introduced with code changes to fix that
	NOTE: issue.
CVE-2016-7427 (The broadcast mode replay prevention functionality in ntpd in NTP befo ...)
	- ntp 1:4.2.8p9+dfsg-1
	[jessie] - ntp <not-affected> (Vulnerable code not present)
	[wheezy] - ntp <not-affected> (Vulnerable code not present)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3114
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0131/
	NOTE: The fixes for CVE-2015-7973 have added several new integrity checks on incoming
	NOTE: broadcast mode packets and issue got introduced with code changes to fix that
	NOTE: issue.
CVE-2016-7426 (NTP before 4.2.8p9 rate limits responses received from the configured  ...)
	- ntp 1:4.2.8p9+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3071
CVE-2016-7425 (The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba ...)
	{DSA-3696-1 DLA-670-1}
	- linux 4.7.8-1
	NOTE: http://marc.info/?l=linux-scsi&m=147394713328707&w=2
	NOTE: Upstream commit: https://git.kernel.org/linus/7bc2b55a5c030685b399bb65b6baa9ccc3d1f167
CVE-2016-7424 (The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav ...)
	{DSA-3685-1 DLA-780-1}
	- libav <removed>
	- ffmpeg <not-affected> (Fixed before introduction into the archive)
	NOTE: Fixed by: https://git.libav.org/?p=libav.git;a=commit;h=136f55207521f0b03194ef5b55ba70f1635d6aee
	NOTE: https://blogs.gentoo.org/ago/2016/09/17/libav-null-pointer-dereference-in-put_no_rnd_pixels8_xy2_mmx-rnd_template-c/
CVE-2016-7420 (Crypto++ (aka cryptopp) through 5.6.4 does not document the requiremen ...)
	- libcrypto++ <unfixed> (unimportant)
	NOTE: https://github.com/weidai11/cryptopp/issues/277
	NOTE: The scope of this CVE is the documentation bug, lacking treatment of
	NOTE: -DNDEBUG and Static Initialization
	NOTE: Documentation added in https://github.com/weidai11/cryptopp/commit/553049ba297d89d9e8fbf2204acb40a8a53f5cd6
CVE-2016-7419 (Cross-site scripting (XSS) vulnerability in share.js in the gallery ap ...)
	- nextcloud <itp> (bug #835086)
	- owncloud <not-affected> (Vulnerable code introduced later)
	NOTE: up to version which was removed, not included, as the vulnerable code was
	NOTE: introduced later in a migration of the Gallery app to a new sharing endpoint
	NOTE: where a parameter changed from an interger to a string value, and that value
	NOTE: not beeing sanitized.
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-011
	NOTE: https://github.com/owncloud/gallery/commit/6933d27afe518967bd1b60e6a7eacd88288929fc
	NOTE: https://hackerone.com/reports/145355
CVE-2016-7418 (The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5. ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.11-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73065
	NOTE: Fixed in 7.0.11, 5.6.26
	NOTE: https://github.com/php/php-src/commit/c4cca4c20e75359c9a13a1f9a36cb7b4e9601d29?w=1
	NOTE: The scope of this CVE also includes all of the "other four similar issues"
	NOTE: in the "[2016-09-12 06:44 UTC]" comment.
CVE-2016-7417 (ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceed ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.11-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73029
	NOTE: Fixed in 7.0.11, 5.6.26
	NOTE: https://github.com/php/php-src/commit/ecb7f58a069be0dec4a6131b6351a761f808f22e?w=1
CVE-2016-7416 (ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x bef ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.11-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73007
	NOTE: Fixed in 7.0.11, 5.6.26
	NOTE: https://github.com/php/php-src/commit/6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b?w=1
CVE-2016-7415 (Stack-based buffer overflow in the Locale class in common/locid.cpp in ...)
	{DSA-3725-1 DLA-744-1}
	[experimental] - icu 58.1-1
	- icu 57.1-5 (bug #838694)
	NOTE: Related code in http://source.icu-project.org/repos/icu/icu/trunk/source/common/locid.cpp file
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73007
	NOTE: PHP fix: https://github.com/php/php-src/commit/6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b?w=1
	NOTE: Upstream bug: http://bugs.icu-project.org/trac/ticket/12745
CVE-2016-7414 (The ZIP signature-verification feature in PHP before 5.6.26 and 7.x be ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.11-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72928
	NOTE: Fixed in 7.0.11, 5.6.26
	NOTE: https://github.com/php/php-src/commit/0bfb970f43acd1e81d11be1154805f86655f15d5?w=1
CVE-2016-7413 (Use-after-free vulnerability in the wddx_stack_destroy function in ext ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.11-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72860
	NOTE: Fixed in 7.0.11, 5.6.26
	NOTE: https://github.com/php/php-src/commit/b88393f08a558eec14964a55d3c680fe67407712?w=1
CVE-2016-7412 (ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.11-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72293
	NOTE: Fixed in 7.0.11, 5.6.26
	NOTE: https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1
CVE-2016-7411 (ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles objec ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 <not-affected> (Only affects 5.x)
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73052
	NOTE: Fixed in 5.6.26
	NOTE: https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43?w=1
CVE-2016-7410 (The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 201606 ...)
	- dwarfutils 20160923-1 (bug #838019)
	[jessie] - dwarfutils <not-affected> (Vulnerable code introduced in later version)
	[wheezy] - dwarfutils <not-affected> (Vulnerable code introduced in later version)
	NOTE: https://www.prevanders.net/dwarfbug.html#DW201609-003
	NOTE: http://seclists.org/oss-sec/2016/q3/490
	NOTE: Initial addressed upstream in refactoring in:
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/e12f6c0b69c20f58dccc4505309cf7f974c34dc2
	NOTE: with final fix/follow up: https://sourceforge.net/p/libdwarf/code/ci/3767305debcba8bd7e1c483ae48c509d25399252
	NOTE: Introduced by (as confirmed by upstream): https://sourceforge.net/p/libdwarf/code/ci/b446e23dc21704ccd3b76d8945aaf39e4aca8c27
CVE-2016-7409 (The dbclient and server in Dropbear SSH before 2016.74, when compiled  ...)
	- dropbear 2016.74-1 (unimportant)
	NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/6a14b1f6dc04
	NOTE: Not an issue for the the Debian binary package since we do not
	NOTE: compile with DEBUG_TRACE.
CVE-2016-7408 (The dbclient in Dropbear SSH before 2016.74 allows remote attackers to ...)
	- dropbear 2016.74-1
	[jessie] - dropbear 2014.65-1+deb8u1
	[wheezy] - dropbear <not-affected> (Vulnerable code not present)
	NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6
CVE-2016-7407 (The dropbearconvert command in Dropbear SSH before 2016.74 allows atta ...)
	{DLA-634-1}
	- dropbear 2016.74-1
	[jessie] - dropbear 2014.65-1+deb8u1
	NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e
CVE-2016-7406 (Format string vulnerability in Dropbear SSH before 2016.74 allows remo ...)
	{DLA-634-1}
	- dropbear 2016.74-1
	[jessie] - dropbear 2014.65-1+deb8u1
	NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb
CVE-2016-7404 (OpenStack Magnum passes OpenStack credentials into the Heat templates  ...)
	- magnum 3.1.1-5 (bug #863547)
	NOTE: https://git.openstack.org/cgit/openstack/magnum/commit/?id=0bb0d6486d6771ee21bbf897a091b1aa59e01b22
CVE-2016-7403
	RESERVED
CVE-2016-7402 (SAP ASE 16.0 SP02 PL03 and prior versions allow attackers who own Sour ...)
	NOT-FOR-US: SAP ASE
CVE-2016-7401 (The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.1 ...)
	{DSA-3678-1 DLA-649-1}
	- python-django 1:1.10-1 (low)
	NOTE: https://www.djangoproject.com/weblog/2016/sep/26/security-releases/
CVE-2016-7400 (Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 al ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7399 (scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6. ...)
	NOT-FOR-US: Veritas NetBackup Applianc
CVE-2016-7398 (A type confusion vulnerability in the merge_param() function of php_ht ...)
	{DLA-1929-1}
	- php-pecl-http 3.1.0+2.6.0-1
	NOTE: https://bugs.php.net/bug.php?id=73055
	NOTE: https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83
CVE-2016-7397 (The Frontend component in Sophos UTM with firmware 9.405-5 and earlier ...)
	NOT-FOR-US: Sophos UTM
CVE-2016-7396
	RESERVED
CVE-2016-7395 (SkPath.cpp in Skia, as used in Google Chrome before 53.0.2785.89 on Wi ...)
	{DSA-3667-1}
	- chromium-browser 53.0.2785.92-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-7394 (tiki wiki cms groupware &lt;=15.2 has a xss vulnerability, allow attac ...)
	- tikiwiki <removed>
	NOTE: https://sourceforge.net/p/tikiwiki/code/59653/
CVE-2016-7391 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-7390 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-7389 (For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Di ...)
	- nvidia-graphics-drivers 367.57-1 (bug #846331)
	[jessie] - nvidia-graphics-drivers 340.101-1
	[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx 340.98-1 (bug #846332)
	- nvidia-graphics-drivers-legacy-304xx 304.132-1 (bug #846333)
	[jessie] - nvidia-graphics-drivers-legacy-304xx 304.134-0~deb8u1
	NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/4246
CVE-2016-7388 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-7387 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-7386 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-7385 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-7384 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-7383 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-7382 (For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Di ...)
	- nvidia-graphics-drivers 367.57-1 (bug #846331)
	[jessie] - nvidia-graphics-drivers 340.101-1
	[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx 340.98-1 (bug #846332)
	- nvidia-graphics-drivers-legacy-304xx 304.132-1 (bug #846333)
	[jessie] - nvidia-graphics-drivers-legacy-304xx 304.134-0~deb8u1
	NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/4246
CVE-2016-7381 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU D ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-7380
	RESERVED
CVE-2016-7379
	RESERVED
CVE-2016-7378
	RESERVED
CVE-2016-7377
	RESERVED
CVE-2016-7376
	RESERVED
CVE-2016-7375
	RESERVED
CVE-2016-7374
	RESERVED
CVE-2016-7373
	RESERVED
CVE-2016-7372
	RESERVED
CVE-2016-7371
	RESERVED
CVE-2016-7370
	RESERVED
CVE-2016-7369
	RESERVED
CVE-2016-7368
	RESERVED
CVE-2016-7367
	REJECTED
CVE-2016-7366
	REJECTED
CVE-2016-7365
	REJECTED
CVE-2016-7364
	REJECTED
CVE-2016-7363
	REJECTED
CVE-2016-7362
	REJECTED
CVE-2016-7361
	REJECTED
CVE-2016-7360
	REJECTED
CVE-2016-7359
	REJECTED
CVE-2016-7358
	REJECTED
CVE-2016-7357
	REJECTED
CVE-2016-7356
	REJECTED
CVE-2016-7355
	REJECTED
CVE-2016-7354
	REJECTED
CVE-2016-7353
	REJECTED
CVE-2016-7352
	REJECTED
CVE-2016-7351
	REJECTED
CVE-2016-7350
	REJECTED
CVE-2016-7349
	REJECTED
CVE-2016-7348
	REJECTED
CVE-2016-7347
	REJECTED
CVE-2016-7346
	REJECTED
CVE-2016-7345
	REJECTED
CVE-2016-7344
	REJECTED
CVE-2016-7343
	REJECTED
CVE-2016-7342
	REJECTED
CVE-2016-7341
	REJECTED
CVE-2016-7340
	REJECTED
CVE-2016-7339
	REJECTED
CVE-2016-7338
	REJECTED
CVE-2016-7337
	REJECTED
CVE-2016-7336
	REJECTED
CVE-2016-7335
	REJECTED
CVE-2016-7334
	REJECTED
CVE-2016-7333
	REJECTED
CVE-2016-7332
	REJECTED
CVE-2016-7331
	REJECTED
CVE-2016-7330
	REJECTED
CVE-2016-7329
	REJECTED
CVE-2016-7328
	REJECTED
CVE-2016-7327
	REJECTED
CVE-2016-7326
	REJECTED
CVE-2016-7325
	REJECTED
CVE-2016-7324
	REJECTED
CVE-2016-7323
	REJECTED
CVE-2016-7322
	REJECTED
CVE-2016-7321
	REJECTED
CVE-2016-7320
	REJECTED
CVE-2016-7319
	REJECTED
CVE-2016-7318
	REJECTED
CVE-2016-7317
	REJECTED
CVE-2016-7316
	REJECTED
CVE-2016-7315
	REJECTED
CVE-2016-7314
	REJECTED
CVE-2016-7313
	REJECTED
CVE-2016-7312
	REJECTED
CVE-2016-7311
	REJECTED
CVE-2016-7310
	REJECTED
CVE-2016-7309
	REJECTED
CVE-2016-7308
	REJECTED
CVE-2016-7307
	REJECTED
CVE-2016-7306
	REJECTED
CVE-2016-7305
	REJECTED
CVE-2016-7304
	REJECTED
CVE-2016-7303
	REJECTED
CVE-2016-7302
	REJECTED
CVE-2016-7301
	REJECTED
CVE-2016-7300 (Untrusted search path vulnerability in Microsoft Auto Updater for Mac  ...)
	NOT-FOR-US: Microsoft Auto Updater for Mac
CVE-2016-7299
	REJECTED
CVE-2016-7298 (Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for Ma ...)
	NOT-FOR-US: Microsoft
CVE-2016-7297 (The scripting engines in Microsoft Edge allow remote attackers to exec ...)
	NOT-FOR-US: Microsoft
CVE-2016-7296 (The scripting engines in Microsoft Edge allow remote attackers to exec ...)
	NOT-FOR-US: Microsoft
CVE-2016-7295 (The Common Log File System (CLFS) driver in Microsoft Windows Vista SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-7294
	REJECTED
CVE-2016-7293
	REJECTED
CVE-2016-7292 (The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-7291 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compat ...)
	NOT-FOR-US: Microsoft
CVE-2016-7290 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compat ...)
	NOT-FOR-US: Microsoft
CVE-2016-7289 (Microsoft Publisher 2010 SP2 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Microsoft
CVE-2016-7288 (The scripting engines in Microsoft Edge allow remote attackers to exec ...)
	NOT-FOR-US: Microsoft
CVE-2016-7287 (The scripting engines in Microsoft Internet Explorer 11 and Microsoft  ...)
	NOT-FOR-US: Microsoft
CVE-2016-7286 (The scripting engines in Microsoft Edge allow remote attackers to exec ...)
	NOT-FOR-US: Microsoft
CVE-2016-7285
	REJECTED
CVE-2016-7284 (Microsoft Internet Explorer 10 and 11 allows remote attackers to obtai ...)
	NOT-FOR-US: Microsoft
CVE-2016-7283 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2016-7282 (Cross-site scripting (XSS) vulnerability in Microsoft Internet Explore ...)
	NOT-FOR-US: Microsoft
CVE-2016-7281 (The Web Workers implementation in Microsoft Internet Explorer 10 and 1 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2016-7280 (Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-7279 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-7278 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ob ...)
	NOT-FOR-US: Microsoft
CVE-2016-7277 (Microsoft Office 2016 allows remote attackers to execute arbitrary cod ...)
	NOT-FOR-US: Microsoft
CVE-2016-7276 (Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office fo ...)
	NOT-FOR-US: Microsoft
CVE-2016-7275 (Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles  ...)
	NOT-FOR-US: Microsoft
CVE-2016-7274 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2016-7273 (The Graphics component in Microsoft Windows 10 Gold, 1511, and 1607 an ...)
	NOT-FOR-US: Microsoft
CVE-2016-7272 (The Graphics component in Microsoft Windows Vista SP2, Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2016-7271 (The Secure Kernel Mode implementation in Microsoft Windows 10 Gold, 15 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-7270 (The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mis ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2016-7269
	REJECTED
CVE-2016-7268 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compat ...)
	NOT-FOR-US: Microsoft
CVE-2016-7267 (Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses fi ...)
	NOT-FOR-US: Microsoft
CVE-2016-7266 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-7265 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-7264 (Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, ...)
	NOT-FOR-US: Microsoft
CVE-2016-7263 (Microsoft Excel for Mac 2011 and Excel 2016 for Mac allow remote attac ...)
	NOT-FOR-US: Microsoft
CVE-2016-7262 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-7261
	REJECTED
CVE-2016-7260 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-7259 (The Graphics Component in the kernel-mode drivers in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-7258 (The kernel in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Se ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-7257 (The GDI component in Microsoft Windows Vista SP2, Windows Server 2008  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-7256 (atmfd.dll in the Windows font library in Microsoft Windows Vista SP2,  ...)
	NOT-FOR-US: Microsoft
CVE-2016-7255 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-7254 (Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly perform a ...)
	NOT-FOR-US: Microsoft
CVE-2016-7253 (The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 S ...)
	NOT-FOR-US: Microsoft
CVE-2016-7252 (Microsoft SQL Server 2016 mishandles the FILESTREAM path, which allows ...)
	NOT-FOR-US: Microsoft
CVE-2016-7251 (Cross-site scripting (XSS) vulnerability in the MDS API in Microsoft S ...)
	NOT-FOR-US: Microsoft
CVE-2016-7250 (Microsoft SQL Server 2014 SP1, 2014 SP2, and 2016 does not properly pe ...)
	NOT-FOR-US: Microsoft
CVE-2016-7249 (Microsoft SQL Server 2016 does not properly perform a cast of an unspe ...)
	NOT-FOR-US: Microsoft
CVE-2016-7248 (Microsoft Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2016-7247 (Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-7246 (The kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft
CVE-2016-7245 (Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 20 ...)
	NOT-FOR-US: Microsoft
CVE-2016-7244 (Microsoft Office 2007 SP3 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2016-7243 (The Chakra JavaScript scripting engine in Microsoft Edge allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-7242 (The Chakra JavaScript scripting engine in Microsoft Edge allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-7241 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2016-7240 (The Chakra JavaScript scripting engine in Microsoft Edge allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-7239 (The RegEx class in the XSS filter in Microsoft Internet Explorer 9 thr ...)
	NOT-FOR-US: Microsoft
CVE-2016-7238 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft
CVE-2016-7237 (Local Security Authority Subsystem Service (LSASS) in Microsoft Window ...)
	NOT-FOR-US: Microsoft
CVE-2016-7236 (Microsoft Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, and  ...)
	NOT-FOR-US: Microsoft
CVE-2016-7235 (Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011 ...)
	NOT-FOR-US: Microsoft
CVE-2016-7234 (Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Wo ...)
	NOT-FOR-US: Microsoft
CVE-2016-7233 (Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011 ...)
	NOT-FOR-US: Microsoft
CVE-2016-7232 (Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011 ...)
	NOT-FOR-US: Microsoft
CVE-2016-7231 (Microsoft Excel 2007 SP3, Excel for Mac 2011, Office Compatibility Pac ...)
	NOT-FOR-US: Microsoft
CVE-2016-7230 (Microsoft PowerPoint 2010 SP2, PowerPoint Viewer, and Office Web Apps  ...)
	NOT-FOR-US: Microsoft
CVE-2016-7229 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-7228 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-7227 (The scripting engines in Microsoft Internet Explorer 9 through 11 and  ...)
	NOT-FOR-US: Microsoft
CVE-2016-7226 (Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Window ...)
	NOT-FOR-US: Microsoft
CVE-2016-7225 (Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Window ...)
	NOT-FOR-US: Microsoft
CVE-2016-7224 (Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 ...)
	NOT-FOR-US: Microsoft
CVE-2016-7223 (Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 ...)
	NOT-FOR-US: Microsoft
CVE-2016-7222 (Task Scheduler in Microsoft Windows 10 Gold, 1511, and 1607 and Window ...)
	NOT-FOR-US: Microsoft
CVE-2016-7221 (Input Method Editor (IME) in Microsoft Windows Vista SP2, Windows Serv ...)
	NOT-FOR-US: Microsoft
CVE-2016-7220 (Virtual Secure Mode in Microsoft Windows 10 allows local users to obta ...)
	NOT-FOR-US: Microsoft
CVE-2016-7219 (The Crypto driver in Microsoft Windows Vista SP2, Windows Server 2008  ...)
	NOT-FOR-US: Microsoft
CVE-2016-7218 (Bowser.sys in the kernel-mode drivers in Microsoft Windows Vista SP2,  ...)
	NOT-FOR-US: Microsoft
CVE-2016-7217 (Media Foundation in Microsoft Windows 8.1, Windows Server 2012 Gold an ...)
	NOT-FOR-US: Microsoft
CVE-2016-7216 (The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2016-7215 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-7214 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-7213 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-7212 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft
CVE-2016-7211 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-7210 (atmfd.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and  ...)
	NOT-FOR-US: Microsoft
CVE-2016-7209 (Microsoft Edge allows remote attackers to spoof web content via a craf ...)
	NOT-FOR-US: Mircosoft
CVE-2016-7208 (The Chakra JavaScript scripting engine in Microsoft Edge allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-7207
	REJECTED
CVE-2016-7206 (Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-7205 (Animation Manager in Microsoft Windows Server 2008 R2 SP1, Windows 7 S ...)
	NOT-FOR-US: Microsoft
CVE-2016-7204 (Microsoft Edge allows remote attackers to access arbitrary "My Documen ...)
	NOT-FOR-US: Microsoft
CVE-2016-7203 (The Chakra JavaScript scripting engine in Microsoft Edge allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-7202 (The scripting engines in Microsoft Internet Explorer 9 through 11 and  ...)
	NOT-FOR-US: Microsoft
CVE-2016-7201 (The Chakra JavaScript scripting engine in Microsoft Edge allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-7200 (The Chakra JavaScript scripting engine in Microsoft Edge allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-7199 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-7198 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-7197
	REJECTED
CVE-2016-7196 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote  ...)
	NOT-FOR-US: Microsoft
CVE-2016-7195 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-7194 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-7193 (Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT  ...)
	NOT-FOR-US: Microsoft
CVE-2016-7192
	REJECTED
CVE-2016-7191 (The Microsoft Azure Active Directory Passport (aka Passport-Azure-AD)  ...)
	NOT-FOR-US: Microsoft Azure Active Directory Passport
CVE-2016-7190 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-7189 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-7188 (The Standard Collector Service in Windows Diagnostics Hub in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2016-7187
	REJECTED
CVE-2016-7186
	REJECTED
CVE-2016-7185 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-7184 (The Common Log File System (CLFS) driver in Microsoft Windows Vista SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-7183
	REJECTED
CVE-2016-7182 (The Graphics component in Microsoft Windows Vista SP2; Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2016-7181 (Microsoft Edge allows remote attackers to execute arbitrary code or ca ...)
	NOT-FOR-US: Microsoft
CVE-2016-7393 (Stack-based buffer overflow in the aac_sync function in aac_parser.c i ...)
	{DLA-644-1}
	- ffmpeg 7:2.4-1
	- libav <removed>
	[jessie] - libav 6:11.6-1~deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/20/libav-stack-based-buffer-overflow-in-aac_sync-aac_parser-c/
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=fb1473080223a634b8ac2cca48a632d037a0a69d
CVE-2016-7392 (Heap-based buffer overflow in the pstoedit_suffix_table_init function  ...)
	{DLA-621-1}
	- autotrace 0.31.1-17 (bug #837599)
	NOTE: https://blogs.gentoo.org/ago/2016/09/10/autotrace-heap-based-buffer-overflow-in-pstoedit_suffix_table_init-output-pstoedit-c/
	NOTE: Also reproducible with valgrind
CVE-2016-7180 (epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wir ...)
	{DSA-3671-1 DLA-632-1}
	- wireshark 2.2.0~rc1+g438c022-1
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5213496250aceff086404c568e3718ebc0060934
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-55.html
	NOTE: https://code.wireshark.org/review/17289
	NOTE: Affected versions: 2.0.0 to 2.0.5
	NOTE: Fixed versions: 2.0.6
CVE-2016-7179 (Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000 ...)
	{DSA-3671-1 DLA-632-1}
	- wireshark 2.2.0~rc1+g438c022-1
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3b97fbddc23c065727b0147aab52a27c4aadffe7
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-54.html
	NOTE: https://code.wireshark.org/review/17095
	NOTE: Affected versions: 2.0.0 to 2.0.5
	NOTE: Fixed versions: 2.0.6
CVE-2016-7178 (epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark ...)
	{DSA-3671-1 DLA-632-1}
	- wireshark 2.2.0~rc1+g438c022-1
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=315bba7c645b75af24215c6303d187b188610bba
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-53.html
	NOTE: https://code.wireshark.org/review/17094
	NOTE: Affected versions: 2.0.0 to 2.0.5
	NOTE: Fixed versions: 2.0.6
CVE-2016-7177 (epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 diss ...)
	{DSA-3671-1 DLA-632-1}
	- wireshark 2.2.0~rc1+g438c022-1
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2e37b271c473e1cbd01d62ebe1f3b011fc9fe638
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-52.html
	NOTE: https://code.wireshark.org/review/17096
	NOTE: Affected versions: 2.0.0 to 2.0.5
	NOTE: Fixed versions: 2.0.6
CVE-2016-7176 (epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x  ...)
	{DSA-3671-1 DLA-632-1}
	- wireshark 2.2.0~rc1+g438c022-1
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6d8261994bb928b7e80e3a2478a3d939ea1ef373
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-51.html
	NOTE: https://code.wireshark.org/review/16852
	NOTE: Affected versions: 2.0.0 to 2.0.5
	NOTE: Fixed versions: 2.0.6
CVE-2016-7175 (epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark ...)
	- wireshark 2.2.0~rc1+g438c022-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1396f6ad555178f6b81cc1a65f9cb37b2d99aebf
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-50.html
	NOTE: https://code.wireshark.org/review/16965
	NOTE: Affected versions: 2.0.0 to 2.0.5
	NOTE: Fixed versions: 2.0.6
CVE-2016-1000222 (Logstash prior to version 2.1.2, the CSV output can be attacked via en ...)
	- logstash <itp> (bug #664841)
CVE-2016-1000221 (Logstash prior to version 2.3.4, Elasticsearch Output plugin would log ...)
	- logstash <itp> (bug #664841)
CVE-2016-1000220 (Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that wo ...)
	- kibana <itp> (bug #700337)
CVE-2016-1000219 (Kibana before 4.5.4 and 4.1.11 when a custom output is configured for  ...)
	- kibana <itp> (bug #700337)
CVE-2016-1000217 (Zotpress plugin for WordPress SQLi in zp_get_account() ...)
	NOT-FOR-US: WordPress plugin zotpress
CVE-2016-1000216 (Ruckus Wireless H500 web management interface authenticated command in ...)
	NOT-FOR-US: Ruckus Wireless H500
CVE-2016-1000215 (Ruckus Wireless H500 web management interface denial of service ...)
	NOT-FOR-US: Ruckus Wireless H500
CVE-2016-1000214 (Ruckus Wireless H500 web management interface authentication bypass ...)
	NOT-FOR-US: Ruckus Wireless H500
CVE-2016-1000213 (Ruckus Wireless H500 web management interface CSRF ...)
	NOT-FOR-US: Ruckus Wireless H500
CVE-2016-7551 (chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 ...)
	{DSA-3700-1 DLA-781-1}
	- asterisk 1:13.11.2~dfsg-1 (bug #838832)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2016-007.html
CVE-2016-7550 (asterisk 13.10.0 is affected by: denial of service issues in asterisk. ...)
	- asterisk 1:13.11.2~dfsg-1 (bug #838833)
	[jessie] - asterisk <not-affected> (Issue introduced in 13.10.0 release)
	[wheezy] - asterisk <not-affected> (Issue introduced in 13.10.0 release)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2016-006.html
CVE-2016-7174
	RESERVED
CVE-2016-7173
	RESERVED
CVE-2016-7172 (NetApp Snap Creator Framework before 4.3.1 discloses sensitive informa ...)
	NOT-FOR-US: NetApp
CVE-2016-7171 (NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use ...)
	NOT-FOR-US: NetApp
CVE-2016-7170 (The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Q ...)
	{DLA-1599-1 DLA-653-1 DLA-652-1}
	- qemu 1:2.8+dfsg-1 (bug #837316)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg01764.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=167d97a3def77ee2dbf6e908b0ecbfe2103977db
CVE-2016-7169 (Directory traversal vulnerability in the File_Upload_Upgrader class in ...)
	{DSA-3681-1 DLA-633-1}
	- wordpress 4.6.1+dfsg-1
	NOTE: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
	NOTE: Fixed in 4.6.1 release upstream
	NOTE: Fixed by: https://core.trac.wordpress.org/changeset/38524
CVE-2016-7168 (Cross-site scripting (XSS) vulnerability in the media_handle_upload fu ...)
	{DSA-3681-1 DLA-633-1}
	- wordpress 4.6.1+dfsg-1
	NOTE: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
	NOTE: Fixed in 4.6.1 release upstream
	NOTE: Fixed by: https://core.trac.wordpress.org/changeset/38538
CVE-2016-7167 (Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escap ...)
	{DLA-1568-1 DLA-625-1}
	- curl 7.51.0-1 (bug #837945)
	NOTE: Upstream advisory: https://curl.haxx.se/docs/adv_20160914.html
	NOTE: Upstream patch: https://curl.haxx.se/CVE-2016-7167.patch
	NOTE: Affected versions: libcurl 7.11.1 to and including 7.50.2
	NOTE: Not affected versions: libcurl < 7.11.1 and libcurl >= 7.50.3
CVE-2016-7165 (A vulnerability has been identified in Primary Setup Tool (PST) (All v ...)
	NOT-FOR-US: Microsoft
CVE-2016-7162 (The _g_file_remove_directory function in file-utils.c in File Roller 3 ...)
	- file-roller 3.20.3-1
	[jessie] - file-roller <no-dsa> (Minor issue)
	[wheezy] - file-roller <not-affected> (Vulnerable code introduced in 3.5.4)
	NOTE: Ubuntu Bug: https://launchpad.net/bugs/1171236
	NOTE: Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=698554
	NOTE: Introduced by: https://git.gnome.org/browse/file-roller/commit/?id=34b64f3a897c4b4e8e180c028f326bc921eb08ec (3.5.4)
	NOTE: Fixed by: https://git.gnome.org/browse/file-roller/commit/?id=f70be1f41688859ec8dbe266df35a1839ceb96c5 (3.20.3)
CVE-2016-7161 (Heap-based buffer overflow in the .receive callback of xlnx.xps-ethern ...)
	{DLA-1599-1 DLA-653-1 DLA-652-1}
	- qemu 1:2.7+dfsg-1 (bug #838850)
	- qemu-kvm <removed>
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=a0d1cbdacff5df4ded16b753b38fdd9da6092968 (2.7.0-rc3)
	NOTE: http://patchwork.ozlabs.org/patch/657076/
CVE-2016-7160 (A vulnerability on Samsung Mobile M(6.0) devices exists because extern ...)
	NOT-FOR-US: Samsumg
CVE-2016-7159
	RESERVED
CVE-2016-7158
	RESERVED
CVE-2016-7405 (The qstr method in the PDO driver in the ADOdb Library for PHP before  ...)
	{DLA-620-1}
	- libphp-adodb 5.20.6-1 (bug #837211)
	[jessie] - libphp-adodb 5.15-1+deb8u1
	NOTE: https://github.com/ADOdb/ADOdb/issues/226
	NOTE: https://github.com/ADOdb/ADOdb/commit/bd9eca9
	NOTE: Issue only with the PDO driver and only if queries built by inlining
	NOTE: the quoted string (not recommended).
	NOTE: https://www.openwall.com/lists/oss-security/2016/09/07/8
CVE-2016-7154 (Use-after-free vulnerability in the FIFO event channel code in Xen 4.4 ...)
	{DSA-3663-1}
	- xen 4.6.0-1
	[wheezy] - xen <not-affected> (Versions 4.3 and earlier are not vulnerable)
	NOTE: http://xenbits.xen.org/xsa/advisory-188.html
	NOTE: Only affects Xen 4.4, as workaround it is marked as fixed in the first xen version entering unstable
	NOTE: after the 4.4 series.
CVE-2016-7166 (libarchive before 3.2.0 does not limit the number of recursive decompr ...)
	{DSA-3677-1 DLA-617-1}
	- libarchive 3.2.0-2
	NOTE: https://github.com/libarchive/libarchive/issues/660
	NOTE: (with reproducer) https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207362
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/6e06b1c89dd0d16f74894eac4cfc1327a06ee4a0
	NOTE: Fix improved by: https://github.com/libarchive/libarchive/commit/37649d274867edd2dd25d8a3057c3b6cd81ce83e
CVE-2016-7164 (The construct function in puff.cpp in Libtorrent 1.1.0 allows remote t ...)
	- libtorrent-rasterbar 1.1.1-1 (bug #837338)
	[jessie] - libtorrent-rasterbar <no-dsa> (Minor issue)
	[wheezy] - libtorrent-rasterbar <not-affected> (Vulnerable code not present, reproducer does not crash)
	NOTE: https://github.com/arvidn/libtorrent/issues/1021
	NOTE: https://github.com/arvidn/libtorrent/pull/1022
	NOTE: https://github.com/arvidn/libtorrent/commit/debf3c6e3688aab8394fe5c47737625faffe6f9e
	NOTE: Fixed upstream in 1.1.1.
CVE-2016-7163 (Integer overflow in the opj_pi_create_decode function in pi.c in OpenJ ...)
	{DSA-3665-1}
	- openjpeg2 2.1.2-1 (bug #837604)
	NOTE: https://github.com/uclouvain/openjpeg/commit/c16bc057ba3f125051c9966cf1f5b68a05681de4
	NOTE: https://github.com/uclouvain/openjpeg/commit/ef01f18dfc6780b776d0674ed3e7415c6ef54d24
CVE-2016-7153 (The HTTP/2 protocol does not consider the role of the TCP congestion w ...)
	NOTE: CVE assigned for the HTTP/2 protocol issue
CVE-2016-7152 (The HTTPS protocol does not consider the role of the TCP congestion wi ...)
	NOTE: CVE assigned for the HTTP/2 protocol issue
CVE-2016-7151 (Capstone 3.0.4 has an out-of-bounds vulnerability (SEGV caused by a re ...)
	- capstone <unfixed> (low; bug #930002)
	[buster] - capstone <no-dsa> (Minor issue)
	[stretch] - capstone <no-dsa> (Minor issue)
	[jessie] - capstone <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/aquynh/capstone/commit/87a25bb543c8e4c09b48d4b4a6c7db31ce58df06 (4.0-alpha4)
	NOTE: https://github.com/aquynh/capstone/pull/725
CVE-2016-7150 (Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earl ...)
	NOT-FOR-US: b2evolution
CVE-2016-7149 (Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earl ...)
	NOT-FOR-US: b2evolution
CVE-2016-7148 (MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injectio ...)
	{DSA-3715-1}
	- moin 1.9.9-1 (bug #844341)
	[wheezy] - moin <not-affected> (vulnerable code not present)
	NOTE: Fixed by: http://hg.moinmo.in/moin/1.9/rev/eceb70c41ecc
	NOTE: https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html
CVE-2016-7147 (Cross-site scripting (XSS) vulnerability in the manage_findResult comp ...)
	NOT-FOR-US: Plone
CVE-2016-7146 (MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injectio ...)
	{DSA-3715-1 DLA-717-1}
	- moin 1.9.9-1 (bug #844340)
	NOTE: Fixed by: http://hg.moinmo.in/moin/1.9/rev/1563d6db198c
	NOTE: https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html
CVE-2016-7122 (The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3 ...)
	- ffmpeg 7:3.1.4-1 (bug #840434)
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ed38046c5c2e3b310980be32287179895c83e0d8 (n3.1.4)
CVE-2016-7121
	RESERVED
CVE-2016-7155 (hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest O ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-3.1 (bug #837174)
	[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after v1.5)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00050.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373462
	NOTE: https://www.openwall.com/lists/oss-security/2016/09/06/2
	NOTE: Vulnerable code introduced after version 1.5: http://wiki.qemu.org/ChangeLog/1.5
CVE-2016-7156 (The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (ak ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-3.1 (bug #837339)
	[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after v1.5)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00772.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373478
	NOTE: https://www.openwall.com/lists/oss-security/2016/09/06/3
	NOTE: Vulnerable code introduced after version 1.5: http://wiki.qemu.org/ChangeLog/1.5
CVE-2016-7157 (The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 func ...)
	- qemu 1:2.6+dfsg-3.1 (bug #837603)
	[jessie] - qemu <not-affected> (Vulnerable code not present, introduced after v2.6)
	[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after v2.6)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Upstream patches: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04295.html
	NOTE: Upstream patches: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04296.html
	NOTE: https://www.openwall.com/lists/oss-security/2016/09/06/4
	NOTE: Vulnerable code introduced after version 2.6: http://wiki.qemu.org/ChangeLog/2.6
CVE-2016-7140 (Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in ...)
	NOT-FOR-US: Plone
CVE-2016-7139 (Cross-site scripting (XSS) vulnerability in an unspecified page templa ...)
	NOT-FOR-US: Plone
CVE-2016-7138 (Cross-site scripting (XSS) vulnerability in the URL checking infrastru ...)
	NOT-FOR-US: Plone
CVE-2016-7137 (Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, ...)
	NOT-FOR-US: Plone
CVE-2016-7136 (z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows  ...)
	NOT-FOR-US: Plone
CVE-2016-7135 (Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4 ...)
	NOT-FOR-US: Plone
CVE-2016-7141 (curl and libcurl before 7.50.2, when built with NSS and the libnsspem. ...)
	{DLA-1568-1 DLA-616-1}
	- curl 7.51.0-1 (bug #836918)
	NOTE: Only affects libcurl3-nss
	NOTE: http://seclists.org/oss-sec/2016/q3/419
	NOTE: https://curl.haxx.se/docs/adv_20160907.html
CVE-2016-7145 (The m_authenticate function in ircd/m_authenticate.c in nefarious2 all ...)
	NOT-FOR-US: Nefarious 2
CVE-2016-7144 (The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3 ...)
	- unrealircd <itp> (bug #515130)
	NOTE: https://www.openwall.com/lists/oss-security/2016/09/04/3
	NOTE: unrealircd reportedly vulnerable, and ircd-seven reportedly not vulnerable
CVE-2016-7143 (The m_authenticate function in modules/m_sasl.c in Charybdis before 3. ...)
	{DSA-3661-1}
	- charybdis 3.5.3-1 (bug #836714)
	[wheezy] - charybdis <no-dsa> (unsupported)
	NOTE: charybdis patch: https://github.com/charybdis-ircd/charybdis/commit/818a3fda944b26d4814132cee14cfda4ea4aa824
	NOTE: https://www.openwall.com/lists/oss-security/2016/09/04/3
CVE-2016-7142 (The m_sasl module in InspIRCd before 2.0.23, when used with a service  ...)
	{DSA-3662-1}
	- inspircd 2.0.23-1 (bug #836706)
	[wheezy] - inspircd <end-of-life> (not supported in Wheezy)
	NOTE: http://www.inspircd.org/2016/09/03/v2023-released.html
	NOTE: https://www.openwall.com/lists/oss-security/2016/09/04/3
CVE-2016-7120
	RESERVED
CVE-2016-7134 (ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a l ...)
	- php7.0 7.0.10-1
	- php5 <not-affected> (Only affects PHP 7)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72674
	NOTE: Fixed in 7.0.10
	NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/72dbb7f416160f490c4e9987040989a10ad431c7?w=1
CVE-2016-7133 (Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabl ...)
	- php7.0 7.0.10-1
	- php5 <not-affected> (Only affects PHP 7)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72742
	NOTE: Fixed in 7.0.10
	NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/c2a13ced4272f2e65d2773e2ea6ca11c1ce4a911?w=1
CVE-2016-7132 (ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remo ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.10-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72799
	NOTE: Fixed in 7.0.10, 5.6.25
	NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/a14fdb9746262549bbbb96abb87338bacd147e1b?w=1
	NOTE: 72790 and 72799 are associated with the same commit. Not all of the
	NOTE: commit is about the pop issue in 72799.
CVE-2016-7131 (ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remo ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.10-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72790
	NOTE: Fixed in 7.0.10, 5.6.25
	NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/a14fdb9746262549bbbb96abb87338bacd147e1b?w=1
	NOTE: Cf. as well https://bugs.php.net/bug.php?id=72799
	NOTE: 72790 and 72799 are associated with the same commit. Not all of the
	NOTE: commit is about the pop issue in 72799.
CVE-2016-7130 (The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6 ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.10-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72750
	NOTE: Fixed in 7.0.10, 5.6.25
	NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/698a691724c0a949295991e5df091ce16f899e02?w=1
CVE-2016-7129 (The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5. ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.10-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72749
	NOTE: Fixed in 7.0.10, 5.6.25
	NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/426aeb2808955ee3d3f52e0cfb102834cdb836a5?w=1
CVE-2016-7128 (The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.10-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72627
	NOTE: Fixed in 7.0.10, 5.6.25
	NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/6dbb1ee46b5f4725cc6519abf91e512a2a10dfed?w=1
CVE-2016-7127 (The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and ...)
	{DSA-3689-1}
	- libgd2 <not-affected> (gamma correction is only implemented in PHP)
	- php7.0 7.0.10-1 (unimportant)
	- php5 5.6.26+dfsg-1 (unimportant)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72730
	NOTE: Fixed in 7.0.10, 5.6.25
	NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/1bd103df00f49cf4d4ade2cfe3f456ac058a4eae?w=1
CVE-2016-7126 (The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6. ...)
	{DSA-3689-1}
	- libgd2 <not-affected> (libgd upstream not affected, overflow2 function check prevents the issue)
	- php7.0 7.0.10-1 (unimportant)
	- php5 5.6.26+dfsg-1 (unimportant)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72697
	NOTE: Fixed in 7.0.10, 5.6.25
	NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/b6f13a5ef9d6280cf984826a5de012a32c396cd4?w=1
CVE-2016-7125 (ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips ...)
	{DSA-3689-1 DLA-628-1}
	- php7.0 7.0.10-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72681
	NOTE: Fixed in 7.0.10, 5.6.25
	NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/8763c6090d627d8bb0ee1d030c30e58f406be9ce?w=1
	NOTE: Scope of CVE also includes the "The similar issue also exist in session php_binary
	NOTE: handler" part of 72681.
CVE-2016-7124 (ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7. ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.10-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72663
	NOTE: Fixed in 7.0.10, 5.6.25
	NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/20ce2fe8e3c211a42fee05a461a5881be9a8790e?w=1
CVE-2016-7123 (Cross-site request forgery (CSRF) vulnerability in the admin web inter ...)
	- mailman 2.1.15-1
	NOTE: https://bugs.launchpad.net/mailman/+bug/1614841/comments/8
	NOTE: https://bugs.launchpad.net/mailman/+bug/775294
CVE-2016-7119 (Cross-site scripting (XSS) vulnerability in the user-profile biography ...)
	NOT-FOR-US: DotNetNuke
CVE-2016-7117 (Use-after-free vulnerability in the __sys_recvmmsg function in net/soc ...)
	- linux 4.5.2-1
	[jessie] - linux 3.16.36-1
	[wheezy] - linux 3.2.81-1
	NOTE: Fixed by: https://git.kernel.org/linus/34b88a68f26a75e4fded796f1a49c40f82234b7d (4.6-rc1)
CVE-2016-7115 (Buffer overflow in the handle_packet function in mactelnet.c in the cl ...)
	{DLA-639-1}
	- mactelnet 0.4.4-4 (bug #836320)
	[jessie] - mactelnet 0.4.0-1+deb8u1
	NOTE: https://github.com/haakonnessjoen/MAC-Telnet/commit/b69d11727d4f0f8cf719c79e3fb700f55ca03e9a
CVE-2016-7114 (A vulnerability has been identified in Firmware variant PROFINET IO fo ...)
	NOT-FOR-US: Siemens
CVE-2016-7113 (A vulnerability has been identified in Firmware variant PROFINET IO fo ...)
	NOT-FOR-US: Siemens
CVE-2016-7112 (A vulnerability has been identified in Firmware variant PROFINET IO fo ...)
	NOT-FOR-US: Siemens
CVE-2016-10057 (Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in I ...)
	{DSA-3675-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #836172)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10056 (Buffer overflow in the sixel_decode function in coders/sixel.c in Imag ...)
	{DSA-3675-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #836172)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10055 (Buffer overflow in the WritePDBImage function in coders/pdb.c in Image ...)
	{DSA-3675-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #836172)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10054 (Buffer overflow in the WriteMAPImage function in coders/map.c in Image ...)
	{DSA-3675-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #836172)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10053 (The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9 ...)
	{DSA-3675-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #836171)
	[wheezy] - imagemagick <not-affected> (Vulnerability likely introduced in a version after 6.7.7.10)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f983dcdf9c178e0cbc49608a78713c5669aa1bb5
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-7118 (fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image p ...)
	{DLA-609-1}
	- linux <not-affected>
	NOTE: Bit of complicated tracking information. For jessie the affected version is not in any yet
	NOTE: released version, thus should be n/a. wheezy OTOH, has already the issue in a released version. Issue then was fixed in 3.2.81-2 in DLA-609-1
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/31/1
CVE-2016-7116 (Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick E ...)
	{DLA-1599-1 DLA-619-1 DLA-618-1}
	- qemu 1:2.6+dfsg-3.1 (bug #836502)
	- qemu-kvm <removed>
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=56f101ecce0eafd09e2daf1c4eeb1377d6959261
	NOTE: May as well need: http://git.qemu.org/?p=qemu.git;a=commit;h=fff39a7ad09da07ef490de05c92c91f22f8002f2
CVE-2016-7110 (Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows ...)
	NOT-FOR-US: Huawei UMA
CVE-2016-7109 (Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows ...)
	NOT-FOR-US: Huawei UMA
CVE-2016-7108 (Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 ...)
	NOT-FOR-US: Huawei UMA
CVE-2016-7107 (Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 ...)
	NOT-FOR-US: Huawei UMA
CVE-2016-7106
	RESERVED
CVE-2016-7105
	RESERVED
CVE-2016-7104
	RESERVED
CVE-2016-7102 (ownCloud Desktop before 2.2.3 allows local users to execute arbitrary  ...)
	NOT-FOR-US: ownCloud Desktop
CVE-2016-7101 (The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers t ...)
	{DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #836776)
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u5
CVE-2016-7100
	RESERVED
CVE-2016-7099 (The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, ...)
	- nodejs 4.6.0~dfsg-1 (bug #839714; unimportant)
	NOTE: https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
	NOTE: 0.10.x: https://github.com/nodejs/node/commit/0d7e21ee7bcc79046f898f8c202d2ec87d23d711
	NOTE: 4.x: https://github.com/nodejs/node/commit/3ff82deb2c3bd580d64be75dbafe460393c952fb
CVE-2016-7096
	RESERVED
CVE-2016-7095 (Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a mal ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7111 (MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content  ...)
	- mantis <not-affected> (Vulnerable code introduced in 1.3.0-rc.2)
	NOTE: https://github.com/mantisbt/mantisbt/commit/b3511d2feb47eaee41feb5f69cf3c8a2c9acd229
	NOTE: https://mantisbt.org/bugs/view.php?id=21263
CVE-2016-7103 (Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 mi ...)
	- jqueryui 1.12.1+dfsg-1
	[jessie] - jqueryui <no-dsa> (Minor issue)
	[wheezy] - jqueryui <no-dsa> (Minor issue)
	NOTE: https://nodesecurity.io/advisories/127
	NOTE: https://github.com/jquery/jquery-ui/pull/1622
	NOTE: https://github.com/jquery/jquery-ui/pull/1632
	NOTE: https://github.com/jquery/api.jqueryui.com/issues/281
CVE-2016-7094 (Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS ...)
	{DSA-3663-1 DLA-614-1}
	- xen 4.8.0~rc3-1
	NOTE: http://xenbits.xen.org/xsa/advisory-187.html
CVE-2016-7093 (Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to ...)
	- xen <not-affected> (Affects only 4.7.0 and later; 4.6.3 and 4.5.3)
	NOTE: http://xenbits.xen.org/xsa/advisory-186.html
CVE-2016-7092 (The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32 ...)
	{DSA-3663-1 DLA-614-1}
	- xen 4.8.0~rc3-1
	NOTE: http://xenbits.xen.org/xsa/advisory-185.html
CVE-2016-7090 (The integrated web server on Siemens SCALANCE M-800 and S615 modules w ...)
	NOT-FOR-US: Siemens
CVE-2016-7098 (Race condition in wget 1.17 and earlier, when used in recursive or mir ...)
	{DLA-2086-1}
	- wget 1.18-4 (low; bug #836503)
	[wheezy] - wget <no-dsa> (Minor issue)
	NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=9ffb64ba6a8121909b01e984deddce8d096c498d
	NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=690c47e3b18c099843cdf557a0425d701fca4957
CVE-2016-7097 (The filesystem implementation in the Linux kernel through 4.8.2 preser ...)
	{DLA-772-1}
	- linux 4.7.8-1
	[jessie] - linux 3.16.39-1
	NOTE: http://www.spinics.net/lists/linux-fsdevel/msg98328.html
	NOTE: http://marc.info/?l=linux-fsdevel&m=147162313630259&w=2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1368938
	NOTE: Fixed by: https://git.kernel.org/linus/073931017b49d9458aa351605b43a7e34598caef
CVE-2016-7091 (sudo: It was discovered that the default sudo configuration on Red Hat ...)
	- sudo <not-affected> (Debian not including INPUTRC in /etc/sudoers)
	NOTE: Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1339935
	NOTE: The scope of this CVE is the entire 'INPUTRC should
	NOTE: not be included in "env_keep" at all, or else somehow restricted'
	NOTE: problem, which has both the information disclosure and segmentation
	NOTE: fault outcomes.
	NOTE: Debian does not include INPUTRC by default in /etc/sudoers
CVE-2016-7089 (WatchGuard RapidStream appliances allow local users to gain privileges ...)
	NOT-FOR-US: WatchGuard
CVE-2016-7088
	RESERVED
CVE-2016-7087 (Directory traversal vulnerability in the Connection Server in VMware H ...)
	NOT-FOR-US: VMware
CVE-2016-7086 (The installer in VMware Workstation Pro 12.x before 12.5.0 and VMware  ...)
	NOT-FOR-US: VMware
CVE-2016-7085 (Untrusted search path vulnerability in the installer in VMware Worksta ...)
	NOT-FOR-US: VMware
CVE-2016-7084 (tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Wor ...)
	NOT-FOR-US: VMware
CVE-2016-7083 (VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Playe ...)
	NOT-FOR-US: VMware
CVE-2016-7082 (VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Playe ...)
	NOT-FOR-US: VMware
CVE-2016-7081 (Multiple heap-based buffer overflows in VMware Workstation Pro 12.x be ...)
	NOT-FOR-US: VMware
CVE-2016-7080 (The graphic acceleration functions in VMware Tools 9.x and 10.x before ...)
	NOT-FOR-US: VMware
CVE-2016-7079 (The graphic acceleration functions in VMware Tools 9.x and 10.x before ...)
	NOT-FOR-US: VMware
CVE-2016-7078 (foreman before version 1.15.0 is vulnerable to an information leak thr ...)
	- foreman <itp> (bug #663101)
	NOTE: http://projects.theforeman.org/issues/16982
CVE-2016-7077 (foreman before 1.14.0 is vulnerable to an information leak. It was fou ...)
	- foreman <itp> (bug #663101)
	NOTE: http://projects.theforeman.org/issues/16971
CVE-2016-7076 (sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noe ...)
	{DLA-707-1}
	- sudo 1.8.18p1-1 (bug #842507)
	[jessie] - sudo <no-dsa> (Minor issue)
	NOTE: https://www.sudo.ws/alerts/noexec_wordexp.html
	NOTE: https://www.sudo.ws/repos/sudo/rev/e7d09243e51b
	NOTE: https://www.sudo.ws/repos/sudo/rev/7b8357b0a358
	NOTE: https://www.sudo.ws/repos/sudo/rev/167a518d8129
	NOTE: Might need as well: https://bugzilla.sudo.ws/show_bug.cgi?id=761
CVE-2016-7075 (It was found that Kubernetes as used by Openshift Enterprise 3 did not ...)
	- kubernetes 1.5.5+dfsg-1 (bug #795652)
	NOTE: https://github.com/kubernetes/kubernetes/issues/34517
CVE-2016-7074 (An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and Power ...)
	{DSA-3764-1 DLA-798-1}
	- pdns 4.0.2-1
	- pdns-recursor 4.0.4-1
	[jessie] - pdns-recursor <not-affected> (Only >= 4.0.0 affected)
	[wheezy] - pdns-recursor <not-affected> (Only >= 4.0.0 affected)
	NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/
CVE-2016-7073 (An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and Power ...)
	{DSA-3764-1 DLA-798-1}
	- pdns 4.0.2-1
	- pdns-recursor 4.0.4-1
	[jessie] - pdns-recursor <not-affected> (Only >= 4.0.0 affected)
	[wheezy] - pdns-recursor <not-affected> (Only >= 4.0.0 affected)
	NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/
CVE-2016-7072 (An issue has been found in PowerDNS Authoritative Server before 3.4.11 ...)
	{DSA-3764-1 DLA-798-1}
	- pdns 4.0.2-1
	NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/
CVE-2016-7071 (It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not p ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2016-7070 (A privilege escalation flaw was found in the Ansible Tower. When Tower ...)
	NOT-FOR-US: Ansible Tower
CVE-2016-7069 (An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT r ...)
	- dnsdist 1.2.0-1 (low; bug #872854)
	[stretch] - dnsdist 1.1.0-2+deb9u1
	NOTE: https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-01.html
	NOTE: https://downloads.powerdns.com/patches/2017-01
CVE-2016-7068 (An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and Power ...)
	{DSA-3764-1 DSA-3763-1 DLA-798-1 DLA-788-1}
	- pdns 4.0.2-1
	- pdns-recursor 4.0.4-1
	NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/
CVE-2016-7067 (Monit before version 5.20.0 is vulnerable to a cross site request forg ...)
	{DLA-732-1}
	- monit 1:5.20.0-1
	[jessie] - monit <no-dsa> (Minor issue)
	NOTE: https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987f2d863e3?at=master
	NOTE: Although configured only on localhost, the httpd service is started by
	NOTE: default and accessible.
CVE-2016-7066 (It was found that the improper default permissions on /tmp/auth direct ...)
	NOT-FOR-US: admin-cli / jboss-cli in Red Hat
CVE-2016-7065 (The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) ...)
	NOT-FOR-US: Red Hat JBoss EAP
CVE-2016-7064 (A flaw was found in pritunl-client before version 1.0.1116.6. A lack o ...)
	NOT-FOR-US: pritunl-client
CVE-2016-7063 (A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrar ...)
	NOT-FOR-US: pritunl-client
CVE-2016-7062 (rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Co ...)
	NOT-FOR-US: Red Hat rhscon-core
CVE-2016-7061 (An information disclosure vulnerability was found in JBoss Enterprise  ...)
	NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
CVE-2016-7060 (The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does ...)
	NOT-FOR-US: Red Hat QCI
CVE-2016-7059
	REJECTED
CVE-2016-7058
	REJECTED
CVE-2016-7057
	REJECTED
CVE-2016-7056 (A timing attack flaw was found in OpenSSL 1.0.1u and before that could ...)
	{DSA-3773-1 DLA-814-1}
	- openssl 1.0.2a-1
	- openssl1.0 <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://eprint.iacr.org/2016/1195.pdf
	NOTE: Fixed by: https://git.openssl.org/?p=openssl.git;a=commit;h=f54be179aa4cbbd944728771d7d59ed588158a12
	NOTE: Fixed by: https://git.openssl.org/?p=openssl.git;a=commit;h=8aed2a7548362e88e84a7feb795a3a97e8395008 (OpenSSL_1_0_2-beta3)
CVE-2016-7055 (There is a carry propagating bug in the Broadwell-specific Montgomery  ...)
	- openssl 1.1.0c-1 (low)
	[jessie] - openssl <not-affected> (Only affects 1.0.2 and 1.1.0)
	[wheezy] - openssl <not-affected> (Only affects 1.0.2 and 1.1.0)
	- openssl1.0 1.0.2k-1 (low)
	NOTE: https://www.openssl.org/news/secadv/20161110.txt
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=2fac86d9abeaa643677d1ffd0a139239fdf9406a
CVE-2016-7054 (In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1 ...)
	- openssl 1.1.0c-1
	[jessie] - openssl <not-affected> (Only affects 1.1.0)
	[wheezy] - openssl <not-affected> (Only affects 1.1.0)
	- openssl1.0 <not-affected> (Only affects 1.1.0)
	NOTE: https://www.openssl.org/news/secadv/20161110.txt
CVE-2016-7053 (In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS struc ...)
	- openssl 1.1.0c-1
	[jessie] - openssl <not-affected> (Only affects 1.1.0)
	[wheezy] - openssl <not-affected> (Only affects 1.1.0)
	- openssl1.0 <not-affected> (Only affects 1.1.0)
	NOTE: https://www.openssl.org/news/secadv/20161110.txt
CVE-2016-7052 (crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to ca ...)
	- openssl 1.0.2j-1
	[jessie] - openssl <not-affected> (Introduced in 1.0.2i)
	[wheezy] - openssl <not-affected> (Introduced in 1.0.2i)
	NOTE: https://www.openssl.org/news/secadv/20160926.txt
CVE-2016-7051 (XmlMapper in the Jackson XML dataformat component (aka jackson-datafor ...)
	- jackson-dataformat-xml 2.8.5-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1378673#c7
	NOTE: https://github.com/FasterXML/jackson-dataformat-xml/issues/211
	NOTE: https://github.com/FasterXML/jackson-dataformat-xml/commit/eeff2c312e9d4caa8c9f27b8f740c7529d00524a (2.7.8)
CVE-2016-7050 (SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7 ...)
	- resteasy 3.0.18-1
	[jessie] - resteasy <no-dsa> (Minor issue)
	- resteasy3.0 <not-affected> (Fixed before initial release to Debian)
	NOTE: The SerializableProvider has been disabled by default in 3.0.17
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1378613
CVE-2016-7049
	RESERVED
CVE-2016-7048 (The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9. ...)
	NOT-FOR-US: interactive installer used in EnterpriseDB-supplied PostgreSQL packages
CVE-2016-7047 (A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8 ...)
	NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2016-7046 (Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating  ...)
	- undertow 1.4.3-1 (bug #838600)
	NOTE: https://github.com/undertow-io/undertow/commit/c518b5a1784061d807efedcef0a03fcd35a53de2
CVE-2016-7045 (The format_send_to_gui function in the format parsing code in Irssi be ...)
	{DSA-3672-1}
	- irssi 0.8.20-1
	[wheezy] - irssi <not-affected> (Introduced in 0.8.17-beta)
	NOTE: http://irssi.org/security/irssi_sa_2016.txt
CVE-2016-7044 (The unformat_24bit_color function in the format parsing code in Irssi  ...)
	{DSA-3672-1}
	- irssi 0.8.20-1
	[wheezy] - irssi <not-affected> (Introduced in 0.8.17-beta)
	NOTE: http://irssi.org/security/irssi_sa_2016.txt
CVE-2016-7043 (It has been reported that KIE server and Busitess Central before versi ...)
	NOT-FOR-US: Kie server
CVE-2016-7042 (The proc_keys_show function in security/keys/proc.c in the Linux kerne ...)
	{DSA-3696-1 DLA-670-1}
	- linux 4.7.8-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373966
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373499
	NOTE: https://git.kernel.org/linus/03dab869b7b239c4e013ec82aea22e181e441cfc
CVE-2016-7041 (Drools Workbench contains a path traversal vulnerability. The vulnerab ...)
	NOT-FOR-US: JBoss Drolls Workbench
CVE-2016-7040 (Red Hat CloudForms Management Engine 4.1 does not properly handle regu ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2016-7039 (The IP stack in the Linux kernel through 4.8.2 allows remote attackers ...)
	- linux 4.7.8-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fcd91dd449867c6bfe56a81cabba76b829fd05cd
	NOTE: Introduced by: https://git.kernel.org/linus/9b174d88c257150562b0101fcc6cb6c3cb74275c (v4.0-rc1)
	NOTE: Intorduced by: https://git.kernel.org/linus/66e5133f19e901a044fa5eaeeb6ecff4545839e5 (v4.2-rc1)
CVE-2016-7038 (In Moodle 2.x and 3.x, web service tokens are not invalidated when the ...)
	- moodle 2.7.16+dfsg-1
CVE-2016-7037 (The verify function in Encryption/Symmetric.php in Malcolm Fell jwt be ...)
	NOT-FOR-US: Malcolm Fell jwt
CVE-2016-7036 (python-jose before 1.3.2 allows attackers to have unspecified impact b ...)
	NOT-FOR-US: Python jose
CVE-2016-7035 (An authorization flaw was found in Pacemaker before 1.1.16, where it d ...)
	- pacemaker 1.1.15-3 (bug #843041)
	[wheezy] - pacemaker <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/ClusterLabs/pacemaker/pull/1166/commits/5a20855d6054ebaae590c09262b328d957cc1fc2
CVE-2016-7034 (The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly han ...)
	NOT-FOR-US: JBoss BPMS
CVE-2016-7033 (Multiple cross-site scripting (XSS) vulnerabilities in the admin pages ...)
	NOT-FOR-US: JBoss BPMS
CVE-2016-7032 (sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users  ...)
	{DLA-707-1}
	- sudo 1.8.15-1
	[jessie] - sudo <no-dsa> (Minor issue)
	NOTE: https://www.sudo.ws/alerts/noexec_bypass.html
	NOTE: This CVE is for the bypass via system() and popen(). The wordpexp() bypass
	NOTE: is tracked under CVE-2016-7076.
	NOTE: https://www.sudo.ws/devel.html#1.8.15rc1
	NOTE: https://www.sudo.ws/repos/sudo/rev/58a5c06b5257
	NOTE: https://www.sudo.ws/repos/sudo/rev/a826cd7787e9
CVE-2016-7031 (The RGW code in Ceph before 10.0.1, when authenticated-read ACL is app ...)
	- ceph 10.2.5-1 (bug #838026)
	[jessie] - ceph 0.80.7-2+deb8u2
	NOTE: http://tracker.ceph.com/issues/13207
	NOTE: https://github.com/ceph/ceph/pull/6057
	NOTE: https://github.com/ceph/ceph/pull/11045
CVE-2016-7030 (FreeIPA uses a default password policy that locks an account after 5 u ...)
	- freeipa 4.4.4-1 (bug #849970)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1370493
	NOTE: https://fedorahosted.org/freeipa/ticket/6561
	NOTE: Upstream patch: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=6f1d92746
	NOTE: Additional dependency: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=73f33569c
CVE-2016-7029
	RESERVED
CVE-2016-7027
	REJECTED
CVE-2016-7026
	REJECTED
CVE-2016-7025
	REJECTED
CVE-2016-7024
	REJECTED
CVE-2016-7023
	REJECTED
CVE-2016-7022
	REJECTED
CVE-2016-7021
	REJECTED
CVE-2016-7020 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7019 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7018 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7017 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7016 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7015 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7014 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7013 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7012 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7011 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7010 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7009 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7008 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7007 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7006 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7005 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7004 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7003 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7002 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7001 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7000 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6999 (Integer overflow in Adobe Reader and Acrobat before 11.0.18, Acrobat a ...)
	NOT-FOR-US: Adobe
CVE-2016-6998 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6997 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6996 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6995 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6994 (Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.18, ...)
	NOT-FOR-US: Adobe
CVE-2016-6993 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6992 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-6991
	REJECTED
CVE-2016-6990 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-6989 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-6988 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6987 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 a ...)
	NOT-FOR-US: Adobe
CVE-2016-6986 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-6985 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-6984 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-6983 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-6982 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-6981 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 a ...)
	NOT-FOR-US: Adobe
CVE-2016-6980 (Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 al ...)
	NOT-FOR-US: Adobe
CVE-2016-6979 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6978 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6977 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6976 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6975 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6974 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6973 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6972 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6971 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6970 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6969 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6968 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6967 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6966 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6965 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6964 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6963 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6962 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6961 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6960 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6959 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6958 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6957 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6956 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6955 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6954 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6953 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6952 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6951 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6950 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6949 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6948 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6947 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6946 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6945 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6944 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6943 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6942 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6941 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6940 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6939 (Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.18, ...)
	NOT-FOR-US: Adobe
CVE-2016-6938 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-6937 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6936 (Adobe AIR SDK &amp; Compiler before 23.0.0.257 on Windows does not sup ...)
	NOT-FOR-US: Adobe
CVE-2016-6935 (Unquoted Windows search path vulnerability in Adobe Creative Cloud Des ...)
	NOT-FOR-US: Adobe
CVE-2016-6934 (Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11. ...)
	NOT-FOR-US: Adobe
CVE-2016-6933 (Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11. ...)
	NOT-FOR-US: Adobe
CVE-2016-6932 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6931 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6930 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6929 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6928
	REJECTED
CVE-2016-6927 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6926 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6925 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6924 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6923 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6922 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6921 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6920 (Heap-based buffer overflow in the decode_block function in libavcodec/ ...)
	- ffmpeg 7:3.1.3-1
	- libav <not-affected>
	NOTE: Vulnerable code not present in any Libav version.
CVE-2016-6919
	RESERVED
CVE-2016-6918 (Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attacke ...)
	NOT-FOR-US: Lexmark
CVE-2016-6917 (Buffer overflow in nvhost_job.c in the NVIDIA video driver for Android ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6916 (Integer overflow in nvhost_job.c in the NVIDIA video driver for Androi ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6915 (Stack-based buffer overflow in nvhost_job.c in the NVIDIA video driver ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6914 (Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions fo ...)
	NOT-FOR-US: Ubiquiti UniFi Video
CVE-2016-6913 (Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before 5. ...)
	NOT-FOR-US: OSSIM
CVE-2016-6912 (Double free vulnerability in the gdImageWebPtr function in the GD Grap ...)
	{DSA-3777-1}
	- libgd2 2.2.4-1
	[wheezy] - libgd2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2
CVE-2016-6910 (The non-existent notification listener vulnerability was introduced in ...)
	NOT-FOR-US: Android build by Samsung
CVE-2016-6909 (Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4. ...)
	NOT-FOR-US: Fortinet
CVE-2016-6908 (Characters from languages are such as Arabic, Hebrew are displayed fro ...)
	NOT-FOR-US: Opera
CVE-2016-6907
	RESERVED
CVE-2016-6906 (The read_image_tga function in gd_tga.c in the GD Graphics Library (ak ...)
	{DSA-3777-1}
	- libgd2 2.2.4-1
	[wheezy] - libgd2 <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://github.com/libgd/libgd/commit/fb0e0cce0b9f25389ab56604c3547351617e1415
	NOTE: Fixed by: https://github.com/libgd/libgd/commit/58b6dde319c301b0eae27d12e2a659e067d80558
CVE-2016-6904 (Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 cont ...)
	NOT-FOR-US: NetAPP
CVE-2016-6901 (Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR50 ...)
	NOT-FOR-US: Huawei Routers
CVE-2016-6900 (The Intelligent Baseboard Management Controller (iBMC) in Huawei RH128 ...)
	NOT-FOR-US: Huawei FusionServer
CVE-2016-6899 (The Intelligent Baseboard Management Controller (iBMC) in Huawei RH128 ...)
	NOT-FOR-US: Huawei FusionServer
CVE-2016-6898 (XML external entity (XXE) vulnerability in the Hyper Management Module ...)
	NOT-FOR-US: Huawei FusionServer
CVE-2016-6895
	REJECTED
CVE-2016-6894 (Arista EOS 4.15 before 4.15.8M, 4.16 before 4.16.7M, and 4.17 before 4 ...)
	NOT-FOR-US: Arista EOS
CVE-2016-6892 (The x509FreeExtensions function in MatrixSSL before 3.8.6 allows remot ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
	NOTE: https://www.kb.cert.org/vuls/id/396440
CVE-2016-6891 (MatrixSSL before 3.8.6 allows remote attackers to cause a denial of se ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
	NOTE: https://www.kb.cert.org/vuls/id/396440
CVE-2016-6890 (Heap-based buffer overflow in MatrixSSL before 3.8.6 allows remote att ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
	NOTE: https://www.kb.cert.org/vuls/id/396440
CVE-2016-6889
	RESERVED
CVE-2016-6881 (The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1. ...)
	- ffmpeg 7:3.1.3-1 (unimportant)
	- libav <not-affected>
	NOTE: https://www.openwall.com/lists/oss-security/2016/09/26/6
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/4770eac6
	NOTE: Vulnerable code not present in any Libav version.
CVE-2016-6902 (lshell 0.9.16 allows remote authenticated users to break out of a limi ...)
	- lshell <removed> (bug #834949)
	[wheezy] - lshell <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ghantoos/lshell/issues/147
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/22/15
	NOTE: As for 2016-08-23 https://github.com/ghantoos/lshell/issues/147#issuecomment-241366750 ist still
	NOTE: as well under the scope of CVE-2016-6902, until "there is further vendor followup
	NOTE: about issues/147" and possibly a new/additional CVE assignment.
CVE-2016-6903 (lshell 0.9.16 allows remote authenticated users to break out of a limi ...)
	- lshell <removed> (bug #834946)
	[wheezy] - lshell <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ghantoos/lshell/issues/149
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/22/15
CVE-2016-6897 (Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_ ...)
	- wordpress 4.6.1+dfsg-1 (bug #837090)
	[jessie] - wordpress <not-affected> (wp_ajax_update_plugin function introduced in 4.2)
	[wheezy] - wordpress <not-affected> (wp_ajax_update_plugin function introduced in 4.2)
	NOTE: http://seclists.org/oss-sec/2016/q3/347
	NOTE: https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html
	NOTE: https://core.trac.wordpress.org/changeset/38168
CVE-2016-6896 (Directory traversal vulnerability in the wp_ajax_update_plugin functio ...)
	- wordpress 4.6.1+dfsg-1 (bug #837090)
	[jessie] - wordpress <not-affected> (wp_ajax_update_plugin function introduced in 4.2)
	[wheezy] - wordpress <not-affected> (wp_ajax_update_plugin function introduced in 4.2)
	NOTE: http://seclists.org/oss-sec/2016/q3/347
	NOTE: https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html
	NOTE: https://core.trac.wordpress.org/changeset/38168
CVE-2016-6893 (Cross-site request forgery (CSRF) vulnerability in the user options pa ...)
	{DSA-3668-1 DLA-608-1}
	- mailman 1:2.1.23-1 (bug #835970)
	NOTE: https://mail.python.org/pipermail/mailman-announce/2016-August/000225.html
	NOTE: https://bugs.launchpad.net/mailman/+bug/1614841
	NOTE: https://mail.python.org/pipermail/mailman-announce/2016-August/000226.html
CVE-2016-6880
	RESERVED
CVE-2016-6879 (The X509_Certificate::allowed_usage function in botan 1.11.x before 1. ...)
	- botan1.10 <not-affected> (Introduced in 1.11.0)
	NOTE: Introduced in 1.11.0, fixed in 1.11.31
CVE-2016-6878 (The Curve25519 code in botan before 1.11.31, on systems without a nati ...)
	- botan1.10 <not-affected> (Introduced in 1.11.12)
	NOTE: Introduced in 1.11.12, fixed in 1.11.31
CVE-2016-6877 (** DISPUTED ** Citrix XenMobile Server before 10.5.0.24 allows man-in- ...)
	NOT-FOR-US: Citrix
CVE-2016-6876 (The RESOLV::lookup iRule command in F5 BIG-IP LTM, APM, ASM, and Link  ...)
	NOT-FOR-US: F5
CVE-2016-6869
	RESERVED
CVE-2016-6868
	RESERVED
CVE-2016-6867
	RESERVED
CVE-2016-6865
	RESERVED
CVE-2016-6864
	RESERVED
CVE-2016-6863
	RESERVED
CVE-2016-6862
	RESERVED
CVE-2016-6861
	RESERVED
CVE-2016-6860
	RESERVED
CVE-2016-6859 (Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote ...)
	NOT-FOR-US: SAP Hybris
CVE-2016-6858 (Cross-site scripting (XSS) vulnerability in the Create Employee featur ...)
	NOT-FOR-US: SAP Hybris
CVE-2016-6857 (Cross-site scripting (XSS) vulnerability in the Create Catalogue featu ...)
	NOT-FOR-US: SAP Hybris
CVE-2016-6856 (Cross-site scripting (XSS) vulnerability in the Inbox Search feature i ...)
	NOT-FOR-US: SAP Hybris
CVE-2016-6855 (Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, a ...)
	{DLA-2185-1 DLA-605-1}
	- eog 3.20.4-1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=770143
	NOTE: https://git.gnome.org/browse/eog/commit/?id=e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4
CVE-2016-6854 (An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Sc ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6853 (An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Sc ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6852 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6851 (An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Sc ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6850 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6849
	RESERVED
CVE-2016-6848 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6847 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6846 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6845 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6844 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6843 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6842 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6841
	RESERVED
CVE-2016-6840 (Cross-site scripting (XSS) vulnerability in the management interface i ...)
	NOT-FOR-US: Huawei
CVE-2016-6839 (CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 ...)
	NOT-FOR-US: Huawei FusionAccess
CVE-2016-6838 (Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC6 ...)
	NOT-FOR-US: Huawei FusionServer
CVE-2016-6829 (The trove service user in (1) Openstack deployment (aka crowbar-openst ...)
	NOT-FOR-US: Crowbar Framework
CVE-2016-6827 (Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES key ...)
	NOT-FOR-US: Huawei FusionCompute
CVE-2016-6826 (Huawei AnyMail before 2.6.0301.0060 allows remote attackers to cause a ...)
	NOT-FOR-US: Huawei AnyMail
CVE-2016-6825 (Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V ...)
	NOT-FOR-US: Huawei FusionServer Node
CVE-2016-6824 (Huawei AC6003, AC6005, AC6605, and ACU2 access controllers with softwa ...)
	NOT-FOR-US: Huawei Campus Switch
CVE-2016-6888 (Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt. ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-3.1 (bug #834902)
	[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg03176.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=47882fa4975bf0b58dd74474329fdd7154e8f04c
CVE-2016-6875 (Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attac ...)
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: https://github.com/facebook/hhvm/commit/1888810e77b446a79a7674784d5f139fcfa605e2
CVE-2016-6874 (The array_*_recursive functions in Facebook HHVM before 3.15.0 allows  ...)
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: https://github.com/facebook/hhvm/commit/05e706d98f748f609b19d8697e490eaab5007d69
CVE-2016-6873 (Self recursion in compact in Facebook HHVM before 3.15.0 allows attack ...)
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e
CVE-2016-6872 (Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 ...)
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: https://github.com/facebook/hhvm/commit/2c9a8fcc73a151608634d3e712973d192027c271
CVE-2016-6871 (Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attac ...)
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475
CVE-2016-6870 (Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, a ...)
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: https://github.com/facebook/hhvm/commit/365abe807cab2d60dc9ec307292a06181f77a9c2
CVE-2016-6866 (slock allows attackers to bypass the screen lock via vectors involving ...)
	{DLA-598-1}
	- suckless-tools 41-1
	[jessie] - suckless-tools 40-1+deb8u2
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/18/22
	NOTE: http://s1m0n.dft-labs.eu/files/slock/
	NOTE: Starting with 41-1 slock.c got patched to use PAM, cf. #739629
	NOTE: and with the patch readpw(dpy, pws) is not called anymore, and
	NOTE: thus in readpw, not calling crypt(passwd, pws) with a possibly
	NOTE: empty pws.
CVE-2016-6837 (Cross-site scripting (XSS) vulnerability in MantisBT Filter API in Man ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (unsupported)
	NOTE: https://mantisbt.org/bugs/view.php?id=21611
	NOTE: https://github.com/mantisbt/mantisbt/commit/7086c2d8b4b20ac14013b36761ac04f0abf21a4e
CVE-2016-6832 (Heap-based buffer overflow in the ff_audio_resample function in resamp ...)
	- libav 6:11.4-1
	[wheezy] - libav <not-affected> (Vulnerable code not present)
	NOTE: https://blogs.gentoo.org/ago/2016/08/07/libav-heap-based-buffer-overflow-in-ff_audio_resample-resample-c/
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=0ac8ff618c5e6d878c547a8877e714ed728950ce
	NOTE: Claimed to not affect ffmpeg
CVE-2016-6831 (The "process-execute" and "process-spawn" procedures did not free memo ...)
	{DLA-643-1}
	- chicken 4.12.0-0.2 (bug #834845)
	[stretch] - chicken <no-dsa> (Minor issue)
	[jessie] - chicken <no-dsa> (Minor issue)
	NOTE: Fixed in the same upstream patch which is provided for CVE-2016-6830
CVE-2016-6830 (The "process-execute" and "process-spawn" procedures in CHICKEN Scheme ...)
	{DLA-643-1}
	- chicken 4.12.0-0.2 (bug #834845)
	[stretch] - chicken <no-dsa> (Minor issue)
	[jessie] - chicken <no-dsa> (Minor issue)
	NOTE: http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html
	NOTE: https://lists.nongnu.org/archive/html/chicken-hackers/2016-07/txtSWHYeFeG0R.txt
	NOTE: http://bugs.call-cc.org/ticket/1308
CVE-2016-6828 (The tcp_check_send_head function in include/net/tcp.h in the Linux ker ...)
	{DSA-3659-1 DLA-609-1}
	- linux 4.7.2-1
	NOTE: Fixed by: https://github.com/torvalds/linux/commit/bb1fceca22492109be12640d49f5ea5a544c6bb4
CVE-2016-6822
	RESERVED
CVE-2016-6821
	RESERVED
CVE-2016-6820 (MetroCluster Tiebreaker for clustered Data ONTAP in versions before 1. ...)
	NOT-FOR-US: MetroCluster Tiebreaker
CVE-2016-6819
	RESERVED
CVE-2016-6818 (SQL injection vulnerability in SAP Business Intelligence platform befo ...)
	NOT-FOR-US: SAP
CVE-2016-6817 (The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8. ...)
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 <not-affected> (Only affects 9.x and 8.5.x)
	- tomcat7 <not-affected> (Only affects 9.x and 8.5.x)
	- tomcat6 <not-affected> (Only affects 9.x and 8.5.x)
CVE-2016-6816 (The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0 ...)
	{DSA-3739-1 DSA-3738-1 DLA-729-1 DLA-728-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.0.39-1
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	- tomcat6 6.0.41-3 (low)
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: Fixed by: http://svn.apache.org/r1767653 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1767675 (7.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1767683 (6.0.x)
CVE-2016-6815 (In Apache Ranger before 0.6.2, users with "keyadmin" role should not b ...)
	NOT-FOR-US: Apache Ranger
CVE-2016-6814 (When an application with unsupported Codehaus versions of Groovy from  ...)
	{DLA-794-1}
	- groovy 2.4.8-1 (bug #851408)
	[jessie] - groovy 1.8.6-4+deb8u2
	- groovy2 <removed>
	[jessie] - groovy2 2.2.2+dfsg-3+deb8u2
CVE-2016-6813 (Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call desig ...)
	NOT-FOR-US: Apache CloudStack
CVE-2016-6812 (The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prio ...)
	NOT-FOR-US: Apache CXF
CVE-2016-6811 (In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn use ...)
	- hadoop <itp> (bug #793644)
	NOTE: https://www.openwall.com/lists/oss-security/2018/05/01/2
CVE-2016-6810 (In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scri ...)
	- activemq 5.14.2+dfsg-1 (unimportant)
	NOTE: Admin console not enabled in the Debian package, see #702670
	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2016-6810-announcement.txt
	NOTE: http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000245.html
	NOTE: https://jvn.jp/en/jp/JVN78980598/index.html
CVE-2016-6809 (Apache Tika before 1.14 allows Java code execution for serialized obje ...)
	- tika 1.18-1
	[jessie] - tika <not-affected> (Matlab file parser introduced in 1.6)
	NOTE: http://seclists.org/bugtraq/2016/Nov/40
CVE-2016-6808 (Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42. ...)
	- libapache-mod-jk <not-affected> (Windows/IIS vhost handling specific issue)
	NOTE: Fixed by: http://svn.apache.org/r1762057
	NOTE: https://tomcat.apache.org/security-jk.html#Fixed_in_Apache_Tomcat_JK_Connector_1.2.42
	NOTE: This is though only Windows/IIS specific, thus marked as not-affected, cf. #840000
CVE-2016-6807 (Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2)  ...)
	NOT-FOR-US: Ambari Agent
CVE-2016-6806 (Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provid ...)
	NOT-FOR-US: Apache Wicket
CVE-2016-6805 (Apache Ignite before 1.9 allows man-in-the-middle attackers to read ar ...)
	NOT-FOR-US: Apache Ignite
CVE-2016-6804 (The Apache OpenOffice installer (versions prior to 4.1.3, including so ...)
	NOT-FOR-US: Apache OpenOffice installer for Windows
CVE-2016-6803 (An installer defect known as an "unquoted Windows search path vulnerab ...)
	NOT-FOR-US: Apache OpenOffice installer for Windows
CVE-2016-6802 (Apache Shiro before 1.3.2 allows attackers to bypass intended servlet  ...)
	- shiro 1.3.2-1
	[jessie] - shiro <no-dsa> (Minor issue)
CVE-2016-6801 (Cross-site request forgery (CSRF) vulnerability in the CSRF content-ty ...)
	{DSA-3679-1 DLA-629-1}
	- jackrabbit 2.12.4-1 (bug #838204)
	NOTE: http://svn.apache.org/r1758791 (2.4.x)
	NOTE: http://svn.apache.org/r1758771 (2.6.x)
	NOTE: http://svn.apache.org/r1758764 (2.8.x)
CVE-2016-6800 (The default configuration of the Apache OFBiz framework offers a blog  ...)
	NOT-FOR-US: Apache OFBiz
CVE-2016-6799 (Product: Apache Cordova Android 5.2.2 and earlier. The application cal ...)
	NOT-FOR-US: Apache Cordova
CVE-2016-6798 (In the XSS Protection API module before 1.0.12 in Apache Sling, the me ...)
	NOT-FOR-US: Apache Sling
CVE-2016-6797 (The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9. ...)
	{DSA-3721-1 DSA-3720-1 DLA-729-1 DLA-728-1}
	- tomcat8 8.0.37-1 (low)
	- tomcat7 7.0.72-1 (low; bug #842666)
	- tomcat6 6.0.41-3 (low)
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: http://markmail.org/message/wrku5orwxfpt5mzl?q=list:org.apache.tomcat.announce/
	NOTE: Fixed by: http://svn.apache.org/r1757273 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1757275 (7.0.x)
	NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1757285 (6.0.x)
CVE-2016-6796 (A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0 ...)
	{DSA-3721-1 DSA-3720-1 DLA-729-1 DLA-728-1}
	- tomcat8 8.0.37-1 (low)
	- tomcat7 7.0.72-1 (low; bug #842665)
	- tomcat6 6.0.41-3 (low)
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: http://markmail.org/message/hynaeawxxhpvvctu?q=list:org.apache.tomcat.announce/
	NOTE: Fixed by: http://svn.apache.org/r1758494 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1758495 (7.0.x)
	NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1758496 (6.0.x)
CVE-2016-6795 (In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5 ...)
	- libstruts1.2-java <removed>
	[wheezy] - libstruts1.2-java <end-of-life> (no longer supported)
	NOTE: https://struts.apache.org/docs/s2-042.html
CVE-2016-6794 (When a SecurityManager is configured, a web application's ability to r ...)
	{DSA-3721-1 DSA-3720-1 DLA-729-1 DLA-728-1}
	- tomcat8 8.0.37-1 (low)
	- tomcat7 7.0.72-1 (low; bug #842664)
	- tomcat6 6.0.41-3 (low)
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: http://markmail.org/message/zk7w6yly5mviocci?q=list:org.apache.tomcat.announce/
	NOTE: Fixed by: http://svn.apache.org/r1754727 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1754728 (7.0.x)
	NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1754733 (6.0.x)
CVE-2016-6793 (The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x be ...)
	NOT-FOR-US: Apache Wicket
CVE-2016-6823 (Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allow ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #834504)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4cc6ec8a4197d4c008577127736bf7985d632323
CVE-2016-10052 (Buffer overflow in the WriteProfile function in coders/jpeg.c in Image ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #834501)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/9e187b73a8a1290bb0e1a1c878f8be1917aa8742
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-6792
	RESERVED
CVE-2016-6791 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6790 (An elevation of privilege vulnerability in the NVIDIA libomx library ( ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6789 (An elevation of privilege vulnerability in the NVIDIA libomx library ( ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6788 (An elevation of privilege vulnerability in the MediaTek I2C driver cou ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-6787 (kernel/events/core.c in the performance subsystem in the Linux kernel  ...)
	{DSA-3791-1 DLA-833-1}
	- linux 4.0.2-1
	NOTE: Fixed by: https://git.kernel.org/linus/f63a8daa5812afef4f06c962351687e1ff9ccb2b (v4.0-rc1)
CVE-2016-6786 (kernel/events/core.c in the performance subsystem in the Linux kernel  ...)
	{DSA-3791-1 DLA-833-1}
	- linux 4.0.2-1
	NOTE: Fixed by: https://git.kernel.org/linus/f63a8daa5812afef4f06c962351687e1ff9ccb2b (v4.0-rc1)
CVE-2016-6785 (An elevation of privilege vulnerability in the MediaTek driver could e ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-6784 (An elevation of privilege vulnerability in the MediaTek driver could e ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-6783 (An elevation of privilege vulnerability in the MediaTek driver could e ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-6782 (An elevation of privilege vulnerability in the MediaTek driver could e ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-6781 (An elevation of privilege vulnerability in the MediaTek driver could e ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-6780 (An elevation of privilege vulnerability in the HTC sound codec driver  ...)
	NOT-FOR-US: HTC driver for Android
CVE-2016-6779 (An elevation of privilege vulnerability in the HTC sound codec driver  ...)
	NOT-FOR-US: HTC driver for Android
CVE-2016-6778 (An elevation of privilege vulnerability in the HTC sound codec driver  ...)
	NOT-FOR-US: HTC driver for Android
CVE-2016-6777 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6776 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6775 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6774 (An information disclosure vulnerability in Package Manager could enabl ...)
	NOT-FOR-US: Android
CVE-2016-6773 (An information disclosure vulnerability in the ih264d decoder in Media ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-6772 (An elevation of privilege vulnerability in Wi-Fi could enable a local  ...)
	NOT-FOR-US: Android
CVE-2016-6771 (An elevation of privilege vulnerability in Telephony could enable a lo ...)
	NOT-FOR-US: Android
CVE-2016-6770 (An elevation of privilege vulnerability in the Framework API could ena ...)
	NOT-FOR-US: Android
CVE-2016-6769 (An elevation of privilege vulnerability in Smart Lock could enable a l ...)
	NOT-FOR-US: Android
CVE-2016-6768 (A remote code execution vulnerability in the Framesequence library cou ...)
	NOT-FOR-US: Android
CVE-2016-6767 (A denial of service vulnerability in Mediaserver could enable an attac ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-6766 (A denial of service vulnerability in libmedia and libstagefright in Me ...)
	NOT-FOR-US: libstagefright
CVE-2016-6765 (A denial of service vulnerability in libstagefright in Mediaserver cou ...)
	NOT-FOR-US: libstagefright
CVE-2016-6764 (A denial of service vulnerability in Mediaserver could enable an attac ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-6763 (A denial of service vulnerability in Telephony could enable a local ma ...)
	NOT-FOR-US: Android
CVE-2016-6762 (An elevation of privilege vulnerability in the libziparchive library c ...)
	- android-platform-system-core 1:7.0.0+r1-1
	[jessie] - android-platform-system-core <not-affected> (Vulnerable code not present)
CVE-2016-6761 (An elevation of privilege vulnerability in Qualcomm media codecs could ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6760 (An elevation of privilege vulnerability in Qualcomm media codecs could ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6759 (An elevation of privilege vulnerability in Qualcomm media codecs could ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6758 (An elevation of privilege vulnerability in Qualcomm media codecs could ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6757 (An information disclosure vulnerability in Qualcomm components includi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6756 (An information disclosure vulnerability in Qualcomm components includi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6755 (An elevation of privilege vulnerability in the Qualcomm camera driver  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6754 (A remote code execution vulnerability in Webview in Android 5.0.x befo ...)
	NOT-FOR-US: Webview for Android
CVE-2016-6753 (An information disclosure vulnerability in kernel components, includin ...)
	NOT-FOR-US: Android kernel
	NOTE: https://source.android.com/security/bulletin/2016-11-01.html
CVE-2016-6752 (An information disclosure vulnerability in Qualcomm components includi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6751 (An information disclosure vulnerability in Qualcomm components includi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6750 (An information disclosure vulnerability in Qualcomm components includi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6749 (An information disclosure vulnerability in Qualcomm components includi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6748 (An information disclosure vulnerability in Qualcomm components includi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6747 (A denial of service vulnerability in Mediaserver in Android before 201 ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-6746 (An information disclosure vulnerability in the NVIDIA GPU driver in An ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6745 (An elevation of privilege vulnerability in the Synaptics touchscreen d ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-6744 (An elevation of privilege vulnerability in the Synaptics touchscreen d ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-6743 (An elevation of privilege vulnerability in the Synaptics touchscreen d ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-6742 (An elevation of privilege vulnerability in the Synaptics touchscreen d ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-6741 (An elevation of privilege vulnerability in the Qualcomm camera driver  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6740 (An elevation of privilege vulnerability in the Qualcomm camera driver  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6739 (An elevation of privilege vulnerability in the Qualcomm camera driver  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6738 (An elevation of privilege vulnerability in the Qualcomm crypto engine  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6737 (An elevation of privilege vulnerability in the kernel ION subsystem in ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6736 (An elevation of privilege vulnerability in the NVIDIA GPU driver in An ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6735 (An elevation of privilege vulnerability in the NVIDIA GPU driver in An ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6734 (An elevation of privilege vulnerability in the NVIDIA GPU driver in An ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6733 (An elevation of privilege vulnerability in the NVIDIA GPU driver in An ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6732 (An elevation of privilege vulnerability in the NVIDIA GPU driver in An ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6731 (An elevation of privilege vulnerability in the NVIDIA GPU driver in An ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6730 (An elevation of privilege vulnerability in the NVIDIA GPU driver in An ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6729 (An elevation of privilege vulnerability in the Qualcomm bootloader in  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6728 (An elevation of privilege vulnerability in the kernel ION subsystem in ...)
	NOT-FOR-US: Rowhammer hardware vulnerability on Android devices
	NOTE: https://www.vusec.net/projects/drammer/
CVE-2016-6727 (The Qualcomm GPS subsystem in Android on Android One devices allows re ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6726 (Unspecified vulnerability in Qualcomm components in Android on Nexus 6 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6725 (A remote code execution vulnerability in the Qualcomm crypto driver in ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6724 (A denial of service vulnerability in the Input Manager Service in Andr ...)
	NOT-FOR-US: Android
CVE-2016-6723 (A denial of service vulnerability in Proxy Auto Config in Android 4.x  ...)
	NOT-FOR-US: Android
CVE-2016-6722 (An information disclosure vulnerability in libstagefright in Mediaserv ...)
	NOT-FOR-US: libstagefright
CVE-2016-6721 (An information disclosure vulnerability in Mediaserver in Android 6.x  ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-6720 (An information disclosure vulnerability in libstagefright in Mediaserv ...)
	NOT-FOR-US: libstagefright
CVE-2016-6719 (An elevation of privilege vulnerability in the Bluetooth component in  ...)
	NOT-FOR-US: Android
CVE-2016-6718 (An elevation of privilege vulnerability in the Account Manager Service ...)
	NOT-FOR-US: Android
CVE-2016-6717 (An elevation of privilege vulnerability in Mediaserver in Android 4.x  ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-6716 (An elevation of privilege vulnerability in the AOSP Launcher in Androi ...)
	NOT-FOR-US: Android
CVE-2016-6715 (An elevation of privilege vulnerability in the Framework APIs in Andro ...)
	NOT-FOR-US: Android
CVE-2016-6714 (A remote denial of service vulnerability in Mediaserver in Android 6.x ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-6713 (A remote denial of service vulnerability in Mediaserver in Android 6.x ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-6712 (A remote denial of service vulnerability in libvpx in Mediaserver in A ...)
	- libvpx 1.6.1-1
	[jessie] - libvpx <ignored> (Minpr issue)
	[wheezy] - libvpx <not-affected> (Vulnerable code not present)
	NOTE: probably fixed earlier, but this was the version checked
	NOTE: https://android.googlesource.com/platform/external/libvpx/+/fdb1b40e7bb147c07bda988c9501ad223795d12d
CVE-2016-6711 (A remote denial of service vulnerability in libvpx in Mediaserver in A ...)
	- libvpx 1.6.1-1
	[jessie] - libvpx <ignored> (Minpr issue)
	[wheezy] - libvpx <no-dsa> (Minor issue)
	NOTE: probably fixed earlier, but this was the version checked
	NOTE: Wheezy is confirmed (by code inspection) to have vulnerable source.
	NOTE: https://android.googlesource.com/platform/external/libvpx/+/063be1485e0099bc81ace3a08b0ec9186dcad693
CVE-2016-6710 (An information disclosure vulnerability in the download manager in And ...)
	NOT-FOR-US: Android
CVE-2016-6709 (An information disclosure vulnerability in Conscrypt and BoringSSL in  ...)
	NOT-FOR-US: Android
CVE-2016-6708 (An elevation of privilege in the System UI in Android 7.0 before 2016- ...)
	NOT-FOR-US: Android
CVE-2016-6707 (An elevation of privilege vulnerability in System Server in Android 6. ...)
	NOT-FOR-US: Android
CVE-2016-6706 (An elevation of privilege vulnerability in libstagefright in Mediaserv ...)
	NOT-FOR-US: libstagefright
CVE-2016-6705 (An elevation of privilege vulnerability in Mediaserver in Android 5.0. ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-6704 (An elevation of privilege vulnerability in Mediaserver in Android 4.x  ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-6703 (A remote code execution vulnerability in an Android runtime library in ...)
	NOT-FOR-US: Android
CVE-2016-6702 (A remote code execution vulnerability in libjpeg in Android 4.x before ...)
	- libjpeg-turbo <not-affected> (Android-specific patch, jpeg_open_backing_store in standard releases is just a stub)
CVE-2016-6701 (A remote code execution vulnerability in libskia in Android 7.0 before ...)
	- skia <itp> (bug #818180)
CVE-2016-6700 (An elevation of privilege vulnerability in libzipfile in Android 4.x b ...)
	NOT-FOR-US: Android
CVE-2016-6699 (A remote code execution vulnerability in libstagefright in Mediaserver ...)
	NOT-FOR-US: libstagefright
CVE-2016-6698 (An information disclosure vulnerability in Qualcomm components includi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6697
	RESERVED
CVE-2016-6696 (sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 drive ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6695 (sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 drive ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6694 (sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 drive ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6693 (sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 drive ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6692 (drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm MDSS driver in An ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6691 (service/jni/com_android_server_wifi_Gbk2Utf.cpp in the Qualcomm Wi-Fi  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6690 (The sound driver in the kernel in Android before 2016-10-05 on Nexus 5 ...)
	NOT-FOR-US: Sound driver for Android
CVE-2016-6689 (Binder in the kernel in Android before 2016-10-05 on Nexus devices all ...)
	NOT-FOR-US: Android Binder
CVE-2016-6688 (The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices al ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6687 (The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices al ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6686 (The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices al ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6685 (The kernel in Android before 2016-10-05 on Nexus 6P devices allows att ...)
	NOT-FOR-US: Android kernel for Nexus devices
CVE-2016-6684 (The kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, ...)
	NOT-FOR-US: Android kernel for Nexus devices
CVE-2016-6683 (The kernel in Android before 2016-10-05 on Nexus devices allows attack ...)
	NOT-FOR-US: Android kernel for Nexus devices
CVE-2016-6682 (drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 driver i ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6681 (drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 driver i ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6680 (CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android b ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6679 (CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Androi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6678 (The Motorola USBNet driver in Android before 2016-10-05 on Nexus 6 dev ...)
	NOT-FOR-US: Motorola driver for Android
CVE-2016-6677 (The NVIDIA GPU driver in Android before 2016-10-05 on Nexus 9 devices  ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6676 (Off-by-one error in CORE/HDD/src/wlan_hdd_cfg.c in the Qualcomm Wi-Fi  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6675 (Off-by-one error in CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6674 (system_server in Android before 2016-10-05 on Nexus devices allows att ...)
	NOT-FOR-US: Android
CVE-2016-6673 (The NVIDIA camera driver in Android before 2016-10-05 on Nexus 9 devic ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6672 (The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-10051 (Use-after-free vulnerability in the ReadPWPImage function in coders/pw ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #834183)
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30245
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ecc03a2518c2b7dd375fde3a040fdae0bdf6a521
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-6833 (Use-after-free vulnerability in the vmxnet3_io_bar0_write function in  ...)
	{DLA-1497-1}
	- qemu 1:2.6+dfsg-3.1 (bug #834904)
	[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=6c352ca9b4ee3e1e286ea9e8434bd8e69ac7d0d8
	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01602.html
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/12/1
CVE-2016-6834 (The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in  ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-3.1 (bug #834905)
	[wheezy] - qemu <not-affected> (Vulnerable code not present, packet abstraction introduced in 1.5)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, packet abstraction introduced in 1.5)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05
	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01601.html
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/11/8
CVE-2016-6835 (The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in  ...)
	{DLA-1497-1}
	- qemu 1:2.6+dfsg-3.1 (bug #835031)
	[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-stable/2016-08/msg00077.html
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/11/7
CVE-2016-6836 (The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka  ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-3.1 (bug #834944)
	[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg02108.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1366369
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/11/5
CVE-2016-6671 (The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2  ...)
	- ffmpeg 7:3.1.2-1
CVE-2016-6670 (Huawei S7700, S9300, S9700, and S12700 devices with software before V2 ...)
	NOT-FOR-US: Huawei
CVE-2016-6669 (Buffer overflow in the Authentication, Authorization and Accounting (A ...)
	NOT-FOR-US: Huawei
CVE-2016-6668 (The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 b ...)
	NOT-FOR-US: Atlassian Hipchat Integration Plugin for Bitbucket Server
CVE-2016-6667 (NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through  ...)
	NOT-FOR-US: NetApp
CVE-2016-6666
	RESERVED
CVE-2016-6665
	RESERVED
CVE-2016-6664 (mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and  ...)
	{DSA-3770-1}
	- mariadb-10.1 10.1.21-1 (bug #849435; bug #851759)
	- mariadb-10.0 <removed> (bug #842895; bug #851755)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.52-0+deb8u1
	[wheezy] - mysql-5.5 5.5.52-0+deb7u1
	NOTE: http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html
	NOTE: Possible fixed by: https://github.com/MariaDB/server/commit/684a165f28b3718160a3e4c5ebd18a465d85e97c
	NOTE: https://mariadb.com/blog/update-security-vulnerabilities-cve-2016-6663-and-cve-2016-6664-related-mariadb-server
CVE-2016-6663 (Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7 ...)
	{DSA-3711-1}
	- mariadb-10.0 10.0.28-1
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.52-0+deb8u1
	[wheezy] - mysql-5.5 5.5.52-0+deb7u1
	NOTE: Fixed by: https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805
	NOTE: Fixed by: https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291
	NOTE: Fixed in MariaDB 5.5.52, MariaDB 10.1.18, MariaDB 10.0.28
	NOTE: Fixed in Oracle MySQL: 5.5.52, 5.6.33, and 5.7.15.
	NOTE: http://legalhackers.com/advisories/MySQL-MariaDB-PerconaDB-PrivEsc-Race-CVE-2016-6663-OCVE-2016-5616-Exploit.html
CVE-2016-6662 (Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5 ...)
	{DSA-3666-1 DLA-624-1}
	- mariadb-10.0 10.0.27-1
	[jessie] - mariadb-10.0 10.0.27-0+deb8u1
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1
	- mysql-5.5 <removed>
	NOTE: This will likely be split by MITRE, unclear what precisely maps to CVE-2016-6662
	NOTE: As well unclear which commits from https://bugzilla.redhat.com/show_bug.cgi?id=1375198#c5 are associated
	NOTE: yet to which CVE; those will unlikely made public before the next Oracle CPU.
	NOTE: https://marc.info/?l=oss-security&m=147367658314062&w=2
	NOTE: http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=998309
	NOTE: Fixed in upstream Oracle MySQL 5.5.52, 5.6.33 and 5.7.15
	NOTE: MariaDB: https://jira.mariadb.org/browse/MDEV-10465
	NOTE: Fixed in upstream MariaDB  5.5.51, 10.0.27, 10.1.17
	NOTE: PerconaDB: https://www.percona.com/blog/2016/09/12/database-affected-cve-2016-6662/
	NOTE: Although Oracle mentions this CVE only to be fixed in 5.5.53 this is not
	NOTE: true for src:mysql-5.5 as in Debian and other Linux distributions, so
	NOTE: this CVE should not be listed for a DSA/DLA based on 5.5.53, cf #841050
CVE-2016-6661
	RESERVED
CVE-2016-6660
	REJECTED
CVE-2016-6659 (Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, a ...)
	NOT-FOR-US: Pivotal
CVE-2016-6658 (Applications in cf-release before 245 can be configured and pushed wit ...)
	NOT-FOR-US: cf-release
CVE-2016-6657 (An open redirect vulnerability has been detected with some Pivotal Clo ...)
	NOT-FOR-US: Pivotal
CVE-2016-6656 (An issue was discovered in Pivotal Greenplum before 4.3.10.0. Creation ...)
	NOT-FOR-US: Pivotal
CVE-2016-6655 (An issue was discovered in Cloud Foundry Foundation Cloud Foundry rele ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-6654
	REJECTED
CVE-2016-6653 (The MariaDB audit_plugin component in Pivotal Cloud Foundry (PCF) cf-m ...)
	NOT-FOR-US: Pivotal
CVE-2016-6652 (SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (G ...)
	NOT-FOR-US: Pivotal Spring Data
CVE-2016-6651 (The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 24 ...)
	NOT-FOR-US: Pivotal
CVE-2016-6650 (EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtua ...)
	NOT-FOR-US: EMC
CVE-2016-6649 (EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virt ...)
	NOT-FOR-US: EMC
CVE-2016-6648 (EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virt ...)
	NOT-FOR-US: EMC
CVE-2016-6647 (Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1  ...)
	NOT-FOR-US: EMC
CVE-2016-6646 (The vApp Managers web application in EMC Unisphere for VMAX Virtual Ap ...)
	NOT-FOR-US: VMAX
CVE-2016-6645 (The vApp Managers web application in EMC Unisphere for VMAX Virtual Ap ...)
	NOT-FOR-US: VMAX
CVE-2016-6644 (EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows r ...)
	NOT-FOR-US: EMC
CVE-2016-6643 (Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2  ...)
	NOT-FOR-US: EMC
CVE-2016-6642 (Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before ...)
	NOT-FOR-US: EMC
CVE-2016-6641 (Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2  ...)
	NOT-FOR-US: EMC
CVE-2016-6640
	REJECTED
CVE-2016-6639 (Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP  ...)
	NOT-FOR-US: Pivotal
CVE-2016-6638
	REJECTED
CVE-2016-6637 (Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal  ...)
	NOT-FOR-US: Pivotal
CVE-2016-6636 (The OAuth authorization implementation in Pivotal Cloud Foundry (PCF)  ...)
	NOT-FOR-US: Pivotal
CVE-2016-1000038
	RESERVED
CVE-2016-10050 (Heap-based buffer overflow in the ReadRLEImage function in coders/rle. ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833744)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/73fb0aac5b958521e1511e179ecc0ad49f70ebaf
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10049 (Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageM ...)
	{DSA-3652-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833743)
	[wheezy] - imagemagick <not-affected> (Vulnerability likely introduced in a version after 6.7.7.10)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/3e9165285eda6e1bb71172031d3048b51bb443a4
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=29710
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10048 (Directory traversal vulnerability in magick/module.c in ImageMagick 6. ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.5.7+dfsg-1 (bug #833735)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/fc6080f1321fd21e86ef916195cc110b05d9effb
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10047 (Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMa ...)
	{DSA-3652-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833732)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present in version 6.7.7.10)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/fc6080f1321fd21e86ef916195cc110b05d9effb
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10046 (Heap-based buffer overflow in the DrawImage function in magick/draw.c  ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833730)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/989f9f88ea6db09b99d25586e912c921c0da8d3f
	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-6887 (The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not prop ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
CVE-2016-6886 (The pstm_reverse function in MatrixSSL before 3.8.4 allows remote atta ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
CVE-2016-6885 (The pstm_exptmod function in MatrixSSL before 3.8.4 allows remote atta ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
CVE-2016-6884 (TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL before ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
CVE-2016-6883 (MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
	NOTE: Fixed in 3.8.3 https://github.com/matrixssl/matrixssl/blob/master/doc/CHANGES.md#changes-in-383
	NOTE: https://robotattack.org/
CVE-2016-6882 (MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is support ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
CVE-2016-6635 (Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_comp ...)
	{DSA-3681-1 DLA-633-1}
	- wordpress 4.5+dfsg-1
	NOTE: https://github.com/WordPress/WordPress/commit/9b7a7754133c50b82bd9d976fb5b24094f658aab
	NOTE: Fixed by: https://core.trac.wordpress.org/changeset/37143
CVE-2016-6634 (Cross-site scripting (XSS) vulnerability in the network settings page  ...)
	{DSA-3681-1 DLA-633-1}
	- wordpress 4.5+dfsg-1
	NOTE: http://codex.wordpress.org/Version_4.5
	NOTE: Fixed by: https://core.trac.wordpress.org/changeset/37124
	NOTE: Fixed by: https://github.com/WordPress/WordPress/commit/cb2b3ed3c7d68f6505bfb5c90257e6aaa3e5fcb9
CVE-2016-6633 (An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigg ...)
	- phpmyadmin 4:4.6.4+dfsg1-1 (unimportant)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: dbase extension not available in Debian
CVE-2016-6632 (An issue was discovered in phpMyAdmin where, under certain conditions, ...)
	{DLA-1821-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-55/
CVE-2016-6631 (An issue was discovered in phpMyAdmin. A user can execute a remote cod ...)
	{DLA-1821-1 DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-54/
CVE-2016-6630 (An issue was discovered in phpMyAdmin. An authenticated user can trigg ...)
	{DLA-1821-1 DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-53/
CVE-2016-6629 (An issue was discovered in phpMyAdmin involving the $cfg['ArbitrarySer ...)
	- phpmyadmin 4:4.6.4+dfsg1-1
	[jessie] - phpmyadmin <postponed> (probably not affected, needs more investigation)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-52/
CVE-2016-6628 (An issue was discovered in phpMyAdmin. An attacker may be able to trig ...)
	{DLA-1821-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-51/
CVE-2016-6627 (An issue was discovered in phpMyAdmin. An attacker can determine the p ...)
	{DLA-1821-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	[wheezy] - phpmyadmin <no-dsa> (Not critical enough)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-50/
CVE-2016-6626 (An issue was discovered in phpMyAdmin. An attacker could redirect a us ...)
	{DLA-1821-1 DLA-757-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-49/
CVE-2016-6625 (An issue was discovered in phpMyAdmin. An attacker can determine wheth ...)
	- phpmyadmin 4:4.6.4+dfsg1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-48/
	NOTE: The solution is to remove a configuration option. This option
	NOTE: is by default disabled so a default installation is not
	NOTE: vulnerable. It should be fairly obvious that enabling phpinfo
	NOTE: printing can show more information than what should be used in
	NOTE: a production environment. This is the motivation that it is not
	NOTE: solved for wheezy.
CVE-2016-6624 (An issue was discovered in phpMyAdmin involving improper enforcement o ...)
	{DLA-1821-1 DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-47/
CVE-2016-6623 (An issue was discovered in phpMyAdmin. An authorized user can cause a  ...)
	{DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-46/
CVE-2016-6622 (An issue was discovered in phpMyAdmin. An unauthenticated user is able ...)
	{DLA-1415-1 DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-45/
CVE-2016-6621 (The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15. ...)
	{DLA-1415-1 DLA-834-1}
	- phpmyadmin 4:4.6.6-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-44/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/issues/12481
CVE-2016-6620 (An issue was discovered in phpMyAdmin. Some data is passed to the PHP  ...)
	{DLA-1415-1 DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-43/
CVE-2016-6619 (An issue was discovered in phpMyAdmin. In the user interface preferenc ...)
	{DLA-1415-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-42/
CVE-2016-6618 (An issue was discovered in phpMyAdmin. The transformation feature allo ...)
	{DLA-1415-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-41/
CVE-2016-6617 (An issue was discovered in phpMyAdmin. A specially crafted database an ...)
	- phpmyadmin 4:4.6.4+dfsg1-1
	[jessie] - phpmyadmin <not-affected> (Only affects 4.6.x)
	[wheezy] - phpmyadmin <not-affected> (Only affects 4.6.x)
CVE-2016-6616 (An issue was discovered in phpMyAdmin. In the "User group" and "Design ...)
	{DLA-1415-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	[wheezy] - phpmyadmin <not-affected> (Only affects 4.4.x onward)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-39/
CVE-2016-6615 (XSS issues were discovered in phpMyAdmin. This affects navigation pane ...)
	{DLA-1415-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-38/
CVE-2016-6614 (An issue was discovered in phpMyAdmin involving the %u username replac ...)
	{DLA-1415-1 DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-37/
CVE-2016-6613 (An issue was discovered in phpMyAdmin. A user can specially craft a sy ...)
	{DLA-1821-1 DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-36/
CVE-2016-6612 (An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOC ...)
	{DLA-1821-1 DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-35/
CVE-2016-6611 (An issue was discovered in phpMyAdmin. A specially crafted database an ...)
	{DLA-1821-1 DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-34/
CVE-2016-6610 (A full path disclosure vulnerability was discovered in phpMyAdmin wher ...)
	- phpmyadmin 4:4.6.4+dfsg1-1 (unimportant)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-33/
	NOTE: Not relevant to packaged version in Debian
CVE-2016-6609 (An issue was discovered in phpMyAdmin. A specially crafted database na ...)
	{DLA-1415-1 DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-32/
CVE-2016-6608 (XSS issues were discovered in phpMyAdmin. This affects the database pr ...)
	- phpmyadmin 4:4.6.4+dfsg1-1
	[jessie] - phpmyadmin <not-affected> (Only affects 4.6.x)
	[wheezy] - phpmyadmin <not-affected> (Only affects 4.6.x)
CVE-2016-6607 (XSS issues were discovered in phpMyAdmin. This affects Zoom search (sp ...)
	{DLA-1821-1 DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-30/
CVE-2016-6606 (An issue was discovered in cookie encryption in phpMyAdmin. The decryp ...)
	{DLA-1821-1 DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-29/
CVE-2016-6605 (Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to ...)
	NOT-FOR-US: Impala
CVE-2016-6604 (NULL pointer dereference in Samsung Exynos fimg2d driver for Android L ...)
	NOT-FOR-US: Samsung
CVE-2016-7513 (Off-by-one error in magick/cache.c in ImageMagick allows remote attack ...)
	{DSA-3652-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832455)
	[wheezy] - imagemagick <not-affected> (Affected code does not exist in version 6.7.7.10)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a54fe0e8600eaf3dc6fe717d3c0398001507f723
CVE-2016-7514 (The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allow ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832457)
	NOTE: https://bugs.launchpad.net/bugs/1533442
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/83
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/198fffab4daf8aea88badd9c629350e5b26ec32f
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/6f1879d498bcc5cce12fe0c5decb8dbc0f608e5d
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/e14fd0a2801f73bdc123baf4fbab97dec55919eb
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/280215b9936d145dd5ee91403738ccce1333cab1
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7515 (The ReadRLEImage function in coders/rle.c in ImageMagick allows remote ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832461)
	NOTE: https://bugs.launchpad.net/bugs/1533445
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/82
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/2ad6d33493750a28a5a655d319a8e0b16c392de1
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7516 (The ReadVIFFImage function in coders/viff.c in ImageMagick allows remo ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
	NOTE: https://bugs.launchpad.net/bugs/1533452
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/77
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7517 (The EncodeImage function in coders/pict.c in ImageMagick allows remote ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
	NOTE: https://bugs.launchpad.net/bugs/1533449
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/80
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7518 (The ReadSUNImage function in coders/sun.c in ImageMagick allows remote ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
	NOTE: https://bugs.launchpad.net/bugs/1533447
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/81
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7519 (The ReadRLEImage function in coders/rle.c in ImageMagick allows remote ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
	NOTE: https://bugs.launchpad.net/bugs/1533445
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/82
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7520 (Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remot ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832469)
	NOTE: https://bugs.launchpad.net/bugs/1537213
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/90
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/14e606db148d6ebcaae20f1e1d6d71903ca4a556
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7521 (Heap-based buffer overflow in coders/psd.c in ImageMagick allows remot ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832474)
	NOTE: https://bugs.launchpad.net/bugs/1537418
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/92
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/30eec879c8b446b0ea9a3bb0da1a441cc8482bc4
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7522 (The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832475)
	NOTE: https://bugs.launchpad.net/bugs/1537419
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/93
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4b1b9c0522628887195bad3a6723f7000b0c9a58
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7523 (coders/meta.c in ImageMagick allows remote attackers to cause a denial ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832478)
	NOTE: https://bugs.launchpad.net/bugs/1537420
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/94
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7524 (coders/meta.c in ImageMagick allows remote attackers to cause a denial ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832478)
	NOTE: https://bugs.launchpad.net/bugs/1537422
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/96
CVE-2016-7525 (Heap-based buffer overflow in coders/psd.c in ImageMagick allows remot ...)
	{DSA-3652-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832480)
	[wheezy] - imagemagick <not-affected> (The affected function, GetPSDRowSize, does not exist in version 6.7.7.10)
	NOTE: https://bugs.launchpad.net/bugs/1537424
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/98
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/5f16640725b1225e6337c62526e6577f0f88edb8
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7526 (coders/wpg.c in ImageMagick allows remote attackers to cause a denial  ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832482)
	NOTE: https://bugs.launchpad.net/bugs/1539050
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/102
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7527 (coders/wpg.c in ImageMagick allows remote attackers to cause a denial  ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832482)
	NOTE: https://bugs.launchpad.net/bugs/1542115
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/122
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a251039393f423c7858e63cab6aa98d17b8b7a41
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7528 (The ReadVIFFImage function in coders/viff.c in ImageMagick allows remo ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832483)
	NOTE: https://bugs.launchpad.net/bugs/1537425
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/99
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ca0c886abd6d3ef335eb74150cd23b89ebd17135
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7529 (coders/xcf.c in ImageMagick allows remote attackers to cause a denial  ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832504)
	NOTE: https://bugs.launchpad.net/bugs/1539051
	NOTE: https://bugs.launchpad.net/bugs/1539052
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/104
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/103
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a2e1064f288a353bc5fef7f79ccb7683759e775c
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7530 (The quantum handling code in ImageMagick allows remote attackers to ca ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832506)
	NOTE: https://bugs.launchpad.net/bugs/1539067
	NOTE: https://bugs.launchpad.net/bugs/1539053
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/105
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/63346f34f9d19179599b5b256e5e8d3dda46435c
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/c4e63ad30bc42da691f2b5f82a24516dd6b4dc70
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/110
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b5ed738f8060266bf4ae521f7e3ed145aa4498a3
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7531 (MagickCore/memory.c in ImageMagick allows remote attackers to cause a  ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832633)
	NOTE: https://bugs.launchpad.net/bugs/1539061
	NOTE: https://bugs.launchpad.net/bugs/1542112
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/107
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7532 (coders/psd.c in ImageMagick allows remote attackers to cause a denial  ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832776)
	NOTE: https://bugs.launchpad.net/bugs/1539066
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/109
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7533 (The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832780)
	NOTE: https://bugs.launchpad.net/bugs/1542114
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/120
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/bef1e4f637d8f665bc133a9c6d30df08d983bc3a
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7534 (The generic decoder in ImageMagick allows remote attackers to cause a  ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832785)
	NOTE: https://bugs.launchpad.net/bugs/1542785
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/126
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/430403b0029b37decf216d57f810899cab2317dd
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7535 (coders/psd.c in ImageMagick allows remote attackers to cause a denial  ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832787)
	NOTE: https://bugs.launchpad.net/bugs/1545180
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/128
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7536 (magick/profile.c in ImageMagick allows remote attackers to cause a den ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832789)
	NOTE: https://bugs.launchpad.net/bugs/1545367
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/130
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/478cce544fdf1de882d78381768458f397964453
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7537 (MagickCore/memory.c in ImageMagick allows remote attackers to cause a  ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832791)
	NOTE: https://bugs.launchpad.net/bugs/1553366
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/143
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/424d40ebfcde48bb872eba75179d3d73704fdf1f
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7538 (coders/psd.c in ImageMagick allows remote attackers to cause a denial  ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832793)
	NOTE: https://bugs.launchpad.net/bugs/1556273
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/148
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/53c1dcd34bed85181b901bfce1a2322f85a59472
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7539 (Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows rem ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833101)
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/4e81ce8b07219c69a9aeccb0f7f7b927ca6db74c
	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=2&t=28946
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7540 (coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to ...)
	{DSA-3652-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #827643)
	[wheezy] - imagemagick <not-affected> (RGF coder is not present in version 6.7.7.10)
	NOTE: https://bugs.launchpad.net/bugs/1594060
	NOTE: https://github.com/ImageMagick/ImageMagick/pull/223
	NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-6603 (ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypas ...)
	NOT-FOR-US: ZOHO WebNMS
CVE-2016-6602 (ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm ...)
	NOT-FOR-US: ZOHO WebNMS
CVE-2016-6601 (Directory traversal vulnerability in the file download functionality i ...)
	NOT-FOR-US: ZOHO WebNMS
CVE-2016-6600 (Directory traversal vulnerability in the file upload functionality in  ...)
	NOT-FOR-US: ZOHO WebNMS
CVE-2016-6599 (BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET rem ...)
	NOT-FOR-US: BMC Track-It!
CVE-2016-6598 (BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET rem ...)
	NOT-FOR-US: BMC Track-It!
CVE-2016-6597 (Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Tr ...)
	NOT-FOR-US: Sophos EAS Proxy
	NOTE: https://www.pallas.com/advisories/sophos_eas_open_reverse_proxy_vulnerability
CVE-2016-6596
	RESERVED
CVE-2016-6594 (Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and  ...)
	NOT-FOR-US: Blue Coat
CVE-2016-6593 (A code-execution vulnerability exists during startup in jhi.dll and ot ...)
	NOT-FOR-US: Symantec VIP Access
CVE-2016-6592 (A vulnerability was found in Symantec Norton Download Manager versions ...)
	NOT-FOR-US: Symantec
CVE-2016-6591 (A security bypass vulnerability exists in Symantec Norton App Lock 1.0 ...)
	NOT-FOR-US: Symantec
CVE-2016-6590 (A privilege escalation vulnerability exists when loading DLLs during b ...)
	NOT-FOR-US: Symantec
CVE-2016-6589 (A Denial of Service vulnerability exists in the ITMS workflow process  ...)
	NOT-FOR-US: Symantec
CVE-2016-6588 (A Cross-Site Scripting (XSS) vulnerability exists in the ITMS workflow ...)
	NOT-FOR-US: Symantec
CVE-2016-6587 (An Information Disclosure vulnerability exists in the mid.dat file sto ...)
	NOT-FOR-US: Symantec
CVE-2016-6586 (A security bypass vulnerability exists in Symantec Norton Mobile Secur ...)
	NOT-FOR-US: Symantec
CVE-2016-6585 (A Denial of Service vulnerability exists in Symantec Norton Mobile Sec ...)
	NOT-FOR-US: Symantec
CVE-2016-6584
	RESERVED
CVE-2016-6583
	RESERVED
CVE-2016-6582 (The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers  ...)
	- ruby-doorkeeper 4.2.0-3 (bug #834843)
	NOTE: https://github.com/doorkeeper-gem/doorkeeper/commit/fb938051777a3c9cb071e96fc66458f8f615bd53
	NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/875
CVE-2016-6579
	REJECTED
CVE-2016-6578 (CodeLathe FileCloud, version 13.0.0.32841 and earlier, contains a glob ...)
	NOT-FOR-US: CodeLathe FileCloud
CVE-2016-6577
	RESERVED
CVE-2016-6576
	RESERVED
CVE-2016-6575
	RESERVED
CVE-2016-6574
	RESERVED
CVE-2016-6573
	RESERVED
CVE-2016-6572
	RESERVED
CVE-2016-6571
	RESERVED
CVE-2016-6570
	RESERVED
CVE-2016-6569
	RESERVED
CVE-2016-6568
	RESERVED
CVE-2016-6567 (SHDesigns' Resident Download Manager provides firmware update capabili ...)
	NOT-FOR-US: SHDesigns
CVE-2016-6566 (The valueAsString parameter inside the JSON payload contained by the u ...)
	NOT-FOR-US: Sungard
CVE-2016-6565 (The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-6564 (Android devices with code from Ragentek contain a privileged binary th ...)
	NOT-FOR-US: Ragentek
CVE-2016-6563 (Processing malformed SOAP messages when performing the HNAP Login acti ...)
	NOT-FOR-US: HNAP
CVE-2016-6562 (On iOS and Android devices, the ShoreTel Mobility Client app version 9 ...)
	NOT-FOR-US: ShoreTel Mobility Client
CVE-2016-6561 (illumos smbsrv NULL pointer dereference allows system crash. ...)
	NOT-FOR-US: illumos
CVE-2016-6560 (illumos osnet-incorporation bcopy() and bzero() implementations make s ...)
	NOT-FOR-US: illumos
CVE-2016-6559 (Improper bounds checking of the obuf variable in the link_ntoa() funct ...)
	NOT-FOR-US: freebsd libc
CVE-2016-6558 (A command injection vulnerability exists in apply.cgi on the ASUS RP-A ...)
	NOT-FOR-US: ASUS
CVE-2016-6557 (In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possi ...)
	NOT-FOR-US: ASUS RP-AC52 access points
CVE-2016-6556
	RESERVED
CVE-2016-6555
	RESERVED
CVE-2016-6554 (Synology NAS servers DS107, firmware version 3.1-1639 and prior, and D ...)
	NOT-FOR-US: Synology
CVE-2016-6553 (Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses non-ra ...)
	NOT-FOR-US: Nuuo NT-4040 Titan
CVE-2016-6552 (Green Packet DX-350 uses non-random default credentials of: root:wimax ...)
	NOT-FOR-US: Green Packet DX-350
CVE-2016-6551 (Intellian Satellite TV antennas t-Series and v-Series, firmware versio ...)
	NOT-FOR-US: Intellian
CVE-2016-6550 (The U by BB&amp;T app 1.5.4 and earlier for iOS does not properly veri ...)
	NOT-FOR-US: BB&T
CVE-2016-6549 (The Zizai Tech Nut device allows unauthenticated Bluetooth pairing, wh ...)
	NOT-FOR-US: Zizai Tech Nut device
CVE-2016-6548 (The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS ...)
	NOT-FOR-US: Zizai Tech Nut mobile app
CVE-2016-6547 (The Zizai Tech Nut mobile app stores the account password used to auth ...)
	NOT-FOR-US: Zizai Tech Nut mobile app
CVE-2016-6546 (The iTrack Easy mobile application stores the account password used to ...)
	NOT-FOR-US: iTrack
CVE-2016-6545 (Session cookies are not used for maintaining valid sessions in iTrack  ...)
	NOT-FOR-US: iTrack
CVE-2016-6544 (getgps data in iTrack Easy can be modified without authentication by s ...)
	NOT-FOR-US: iTrack
CVE-2016-6543 (A captured MAC/device ID of an iTrack Easy can be registered under mul ...)
	NOT-FOR-US: iTrack
CVE-2016-6542 (The iTrack device tracking ID number, also called "LosserID" in the we ...)
	NOT-FOR-US: iTrack
CVE-2016-6541 (TrackR Bravo device allows unauthenticated pairing, which enables unau ...)
	NOT-FOR-US: TrackR
CVE-2016-6540 (Unauthenticated access to the cloud-based service maintained by TrackR ...)
	NOT-FOR-US: TrackR
CVE-2016-6539 (The Trackr device ID is constructed of a manufacturer identifier of fo ...)
	NOT-FOR-US: TrackR
CVE-2016-6538 (The TrackR Bravo mobile app stores the account password used to authen ...)
	NOT-FOR-US: TrackR
CVE-2016-6537 (AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store  ...)
	NOT-FOR-US: AVer
CVE-2016-6536 (The /setup URI on AVer Information EH6108H+ devices with firmware X9.0 ...)
	NOT-FOR-US: AVer
CVE-2016-6535 (AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have h ...)
	NOT-FOR-US: AVer
CVE-2016-6534 (Opmantek NMIS before 4.3.7c has command injection via man, finger, pin ...)
	NOT-FOR-US: Opmantek NMIS
CVE-2016-6533
	RESERVED
CVE-2016-6532 (DEXIS Imaging Suite 10 has a hardcoded password for the sa account, wh ...)
	NOT-FOR-US: DEXIS
CVE-2016-6531 (** DISPUTED ** Open Dental 16.1 and earlier has a hardcoded MySQL root ...)
	NOT-FOR-US: Open Dental
CVE-2016-6530 (Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default  ...)
	NOT-FOR-US: Dentsply Sirona
CVE-2016-6529
	RESERVED
CVE-2016-6528
	RESERVED
CVE-2016-6524
	RESERVED
CVE-2016-6527 (The SmartCall Activity component in Telecom application on Samsung Not ...)
	NOT-FOR-US: Samsung
	NOTE: http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016
CVE-2016-6526 (The SpamCall Activity component in Telecom application on Samsung Note ...)
	NOT-FOR-US: Samsung
	NOTE: http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016
CVE-2016-6595 (** DISPUTED ** The SwarmKit toolkit 1.12.0 for Docker allows remote au ...)
	- docker.io <not-affected> (Only affects Docker 1.12)
	NOTE: http://seclists.org/oss-sec/2016/q3/198
CVE-2016-6581 (A HTTP/2 implementation built using any version of the Python HPACK li ...)
	- python-hpack 2.3.0-1 (bug #833467)
	NOTE: https://github.com/python-hyper/hpack/pull/56
CVE-2016-6580 (A HTTP/2 implementation built using any version of the Python priority ...)
	NOT-FOR-US: Python Priority
	NOTE: https://github.com/python-hyper/priority/pull/23
CVE-2016-6519 (Cross-site scripting (XSS) vulnerability in the "Shares" overview in O ...)
	- manila-ui 2.5.1-0 (bug #838017)
CVE-2016-6518 (Memory leak in Huawei S9300, S5300, S5700, S6700, S7700, S9700, and S1 ...)
	NOT-FOR-US: Huawei
CVE-2016-6517 (Directory traversal vulnerability in Liferay 5.1.0 allows remote attac ...)
	NOT-FOR-US: Liferay
CVE-2016-6515 (The auth_password function in auth-passwd.c in sshd in OpenSSH before  ...)
	{DLA-1500-1 DLA-594-1}
	- openssh 1:7.3p1-1 (bug #833823)
	NOTE: Fixed by: https://anongit.mindrot.org/openssh.git/commit/?id=fcd135c9df440bcd2d5870405ad3311743d78d97
CVE-2016-6514
	RESERVED
CVE-2016-6502
	REJECTED
CVE-2016-6501 (JFrog Artifactory before 4.11 allows remote attackers to execute arbit ...)
	NOT-FOR-US: JFrog Artifactory
CVE-2016-6500 (Unspecified methods in the RACF Connector component before 1.1.1.0 in  ...)
	NOT-FOR-US: ForgeRock
CVE-2016-6499
	REJECTED
CVE-2016-6498
	REJECTED
CVE-2016-6497 (main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP ...)
	NOT-FOR-US: Groovy LDAP extension
CVE-2016-6496 (The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x ...)
	NOT-FOR-US: Atlassian Crowd
CVE-2016-6525 (Heap-based buffer overflow in the pdf_load_mesh_params function in pdf ...)
	{DSA-3655-1 DLA-589-1}
	- mupdf 1.9a+ds1-1.2 (bug #833417)
	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696954
	NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e
CVE-2016-6523 (Multiple cross-site scripting (XSS) vulnerabilities in the media manag ...)
	- dotclear <removed>
	NOTE: Fixed by: https://hg.dotclear.org/dotclear/rev/40d0207e520d
CVE-2016-6522 (Integer overflow in the uvm_map_isavail function in uvm/uvm_map.c in O ...)
	NOT-FOR-US: OpenBSD
CVE-2016-6521 (Cross-site request forgery (CSRF) vulnerability in Grails console (aka ...)
	- grails <itp> (bug #473213)
CVE-2016-6520 (Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7  ...)
	- imagemagick <not-affected> (Only affects imagemagick 7, which isn't packaged yet, bug #833485)
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/76401e172ea3a55182be2b8e2aca4d07270f6da6
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30259&p=136359#p136359
CVE-2016-6516 (Race condition in the ioctl_file_dedupe_range function in fs/ioctl.c i ...)
	- linux 4.7.2-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced by: https://git.kernel.org/linus/54dbc15172375641ef03399e8f911d7165eb90fb (v4.5-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/10eec60ce79187686e052092e5383c99b4420a20
CVE-2016-6495 (NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows rem ...)
	NOT-FOR-US: NetApp
CVE-2016-6493 (Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDe ...)
	NOT-FOR-US: Citrix
CVE-2016-XXXX [bruteforcable challenge responses in unprotected logfile]
	- mongodb 1:2.6.12-1 (bug #833087)
	[jessie] - mongodb 1:2.4.10-5+deb8u1
	[wheezy] - mongodb 1:2.0.6-1.1+deb7u1
	NOTE: Fixed in experimental 1:2.6.11-1, first version in unstable 1:2.6.12-1
	NOTE: https://jira.mongodb.org/browse/SERVER-9476
	NOTE: Fixed by: https://github.com/mongodb/mongo/commit/f85ceb17b37210eef71e8113162c41368bfd5c12
CVE-2016-6492 (The MT6573FDVT_SetRegHW function in camera_fdvt.c in the MediaTek driv ...)
	NOT-FOR-US: Out of tree driver from https://github.com/jawad6233/MT6795.kernel
CVE-2016-6488
	RESERVED
CVE-2016-6487
	RESERVED
CVE-2016-6486 (Siemens SINEMA Server uses weak permissions for the application folder ...)
	NOT-FOR-US: Siemens Sinema Server
	NOTE: http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-321174.pdf
CVE-2016-6494 (The client in MongoDB uses world-readable permissions on .dbshell hist ...)
	{DLA-588-1}
	- mongodb 1:2.6.12-3 (bug #832908)
	[jessie] - mongodb 1:2.4.10-5+deb8u1
	NOTE: https://www.openwall.com/lists/oss-security/2016/07/29/4
CVE-2016-6491 (Buffer overflow in the Get8BIMProperty function in MagickCore/property ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833099)
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/dd84447b63a71fa8c3f47071b09454efc667767b
CVE-2016-6489 (The RSA and DSA decryption code in Nettle makes it easier for attacker ...)
	{DLA-593-1}
	- nettle 3.3-1 (bug #832983)
	[jessie] - nettle 2.7.1-5+deb8u2
	NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2016/003093.html
	NOTE: https://git.lysator.liu.se/nettle/nettle/commit/3fe1d6549765ecfb24f0b80b2ed086fdc818bff3
	NOTE: Original patch had some unintended side effects: https://lists.lysator.liu.se/pipermail/nettle-bugs/2016/003104.html
	NOTE: Cf. https://www.openwall.com/lists/oss-security/2016/07/30/2
	NOTE: Additionally needed: https://git.lysator.liu.se/nettle/nettle/commit/52b9223126b3f997c00d399166c006ae28669068
	NOTE: GnuTLS needs an update when/before src:nettle is fixed to continue working with patched src:nettle for CVE-2016-6489
	NOTE: but not a vulnerability in GnuTLS. Needs https://gitlab.com/gnutls/gnutls/commit/186dc9c2012003587a38d7f4d03edd8da5fe989f
CVE-2016-6485 (The __construct function in Framework/Encryption/Crypt.php in Magento  ...)
	NOT-FOR-US: Magento
CVE-2016-6484 (CRLF injection vulnerability in Infoblox Network Automation NetMRI bef ...)
	NOT-FOR-US: Infoblox Network Automation NetMR
CVE-2016-6513 (epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x ...)
	- wireshark 2.0.5+ga3be9c6-1
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	NOTE: Affects 2.0.0 to 2.0.4, fixed in 2.0.5
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-49.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12663
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=347f071f1b9180563c28b0f3d0627b91eb456c72
	NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6512 (epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an ov ...)
	- wireshark 2.0.5+ga3be9c6-1
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	NOTE: Affects 2.0.0 to 2.0.4, fixed in 2.0.5.
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-48.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12661
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2193bea3212d74e2a907152055e27d409b59485e
	NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6511 (epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 a ...)
	{DSA-3648-1 DLA-595-1}
	- wireshark 2.0.5+ga3be9c6-1
	NOTE: Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-47.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12659
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=56706427f53cc64793870bf072c2c06248ae88f3
	NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6510 (Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector  ...)
	{DSA-3648-1 DLA-595-1}
	- wireshark 2.0.5+ga3be9c6-1
	NOTE: Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-46.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12664
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=47a5fa850b388fcf4ea762073806f01b459820fe
	NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6509 (epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12. ...)
	{DSA-3648-1 DLA-595-1}
	- wireshark 2.0.5+ga3be9c6-1
	NOTE: Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-45.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12662
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5a469ddc893f7c1912d0e15cc73bd3011e6cc2fb
	NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6508 (epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x  ...)
	{DSA-3648-1 DLA-595-1}
	- wireshark 2.0.5+ga3be9c6-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-44.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12660
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6cf9616df68a4db7e436bb77392586ff9ad84feb
	NOTE: Affects  2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
	NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6507 (epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12. ...)
	{DSA-3648-1 DLA-595-1}
	- wireshark 2.0
	NOTE: Only affects 1.12, marking 2.0 as fixed
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-43.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12624
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b5a10743258bd016c07ebf6479137fda3d172a0f
	NOTE: Affects 1.12.0 to 1.12.12, fixed 1.12.13
	NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6506 (epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x  ...)
	{DSA-3648-1 DLA-595-1}
	- wireshark 2.0.5+ga3be9c6-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-42.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12594
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a9d5256890c9189c7461bfce6ed6edce5d861499
	NOTE: Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12 , fixed in 2.0.5, 1.12.13
	NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6505 (epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wiresha ...)
	{DSA-3648-1 DLA-595-1}
	- wireshark 2.0.5+ga3be9c6-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-41.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12577
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=94e97e45cf614c7bb8fe90c23df52910246b2c95
	NOTE: Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
	NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6504 (epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1 ...)
	{DSA-3648-1 DLA-595-1}
	- wireshark 2.0
	NOTE: Only affects 1.12, marking 2.0 as fixed
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-40.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12576
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9eacbb4d48df647648127b9258f9e5aeeb0c7d99
	NOTE: Affects 1.12.0 to 1.12.12, fixed in 1.12.13.
	NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6503 (The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windo ...)
	- wireshark <not-affected> (Only affects Wireshark on Windows)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-39.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12495
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=581a17af40b84ef0c9e7f41ed0795af345b61ce1
	NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6490 (The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Qui ...)
	- qemu 1:2.6+dfsg-3.1 (bug #832767)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Issue introduced later)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Issue introduced later)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-07/msg06246.html
	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=3b3b0628217e2726069990ff9942a5d6d9816bd7 (v2.6.0-rc0)
CVE-2016-6483 (The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, ...)
	NOT-FOR-US: vBulletin
CVE-2016-6482
	RESERVED
CVE-2016-6481
	RESERVED
CVE-2016-6480 (Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/ ...)
	{DSA-3659-1 DLA-609-1}
	- linux 4.7.2-1
	NOTE: Fixed by: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fa00c437eef8dc2e7b25f8cd868cfa405fcc2bb3
CVE-2016-6478
	RESERVED
CVE-2016-6477
	RESERVED
CVE-2016-6476
	RESERVED
CVE-2016-6475
	RESERVED
CVE-2016-6474 (A vulnerability in the implementation of X.509 Version 3 for SSH authe ...)
	NOT-FOR-US: Cisco
CVE-2016-6473 (A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Serie ...)
	NOT-FOR-US: Cisco
CVE-2016-6472 (A vulnerability in several parameters of the ccmivr page of Cisco Unif ...)
	NOT-FOR-US: Cisco
CVE-2016-6471 (A vulnerability in the web-based management interface of Cisco Firepow ...)
	NOT-FOR-US: Cisco
CVE-2016-6470 (A vulnerability in the installation procedure of the Cisco Hybrid Medi ...)
	NOT-FOR-US: Cisco
CVE-2016-6469 (A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Sec ...)
	NOT-FOR-US: Cisco
CVE-2016-6468 (A vulnerability in the web-based management interface of Cisco Emergen ...)
	NOT-FOR-US: Cisco
CVE-2016-6467 (A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco ...)
	NOT-FOR-US: Cisco
CVE-2016-6466 (A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Se ...)
	NOT-FOR-US: Cisco
CVE-2016-6465 (A vulnerability in the content filtering functionality of Cisco AsyncO ...)
	NOT-FOR-US: Cisco
CVE-2016-6464 (A vulnerability in the web management interface of the Cisco Unified C ...)
	NOT-FOR-US: Cisco
CVE-2016-6463 (A vulnerability in the email filtering functionality of Cisco AsyncOS  ...)
	NOT-FOR-US: Cisco
CVE-2016-6462 (A vulnerability in the email filtering functionality of Cisco AsyncOS  ...)
	NOT-FOR-US: Cisco
CVE-2016-6461 (A vulnerability in the HTTP web-based management interface of the Cisc ...)
	NOT-FOR-US: Cisco
CVE-2016-6460 (A vulnerability in the FTP Representational State Transfer Application ...)
	NOT-FOR-US: Cisco
CVE-2016-6459 (Cisco TelePresence endpoints running either CE or TC software contain  ...)
	NOT-FOR-US: Cisco
CVE-2016-6458 (A vulnerability in the content filtering functionality of Cisco AsyncO ...)
	NOT-FOR-US: Cisco
CVE-2016-6457 (A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches  ...)
	NOT-FOR-US: Cisco
CVE-2016-6456
	RESERVED
CVE-2016-6455 (A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series ro ...)
	NOT-FOR-US: Cisco
CVE-2016-6454 (A cross-site request forgery (CSRF) vulnerability in the web interface ...)
	NOT-FOR-US: Cisco
CVE-2016-6453 (A vulnerability in the web framework code of Cisco Identity Services E ...)
	NOT-FOR-US: Cisco
CVE-2016-6452 (A vulnerability in the web-based graphical user interface (GUI) of Cis ...)
	NOT-FOR-US: Cisco
CVE-2016-6451 (Multiple vulnerabilities in the web framework code of the Cisco Prime  ...)
	NOT-FOR-US: Cisco
CVE-2016-6450 (A vulnerability in the package unbundle utility of Cisco IOS XE Softwa ...)
	NOT-FOR-US: Cisco
CVE-2016-6449 (A vulnerability in the system management of certain FireAMP system pro ...)
	NOT-FOR-US: Cisco
CVE-2016-6448 (A vulnerability in the Session Description Protocol (SDP) parser of Ci ...)
	NOT-FOR-US: Cisco
CVE-2016-6447 (A vulnerability in Cisco Meeting Server and Meeting App could allow an ...)
	NOT-FOR-US: Cisco Meeting Server and Meeting App
CVE-2016-6446 (A vulnerability in Web Bridge for Cisco Meeting Server could allow an  ...)
	NOT-FOR-US: Cisco
CVE-2016-6445 (A vulnerability in the Extensible Messaging and Presence Protocol (XMP ...)
	NOT-FOR-US: Cisco
CVE-2016-6444 (A vulnerability in Cisco Meeting Server could allow an unauthenticated ...)
	NOT-FOR-US: Cisco
CVE-2016-6443 (A vulnerability in the Cisco Prime Infrastructure and Evolved Programm ...)
	NOT-FOR-US: Cisco
CVE-2016-6442 (A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software ...)
	NOT-FOR-US: Cisco
CVE-2016-6441 (A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR  ...)
	NOT-FOR-US: Cisco ASR 900 Series Aggregation Services Routers
CVE-2016-6440 (The Cisco Unified Communications Manager (CUCM) may be vulnerable to d ...)
	NOT-FOR-US: Cisco
CVE-2016-6439 (A vulnerability in the detection engine reassembly of HTTP packets for ...)
	NOT-FOR-US: Cisco
CVE-2016-6438 (A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Conver ...)
	NOT-FOR-US: Cisco
CVE-2016-6437 (A vulnerability in the SSL session cache management of Cisco Wide Area ...)
	NOT-FOR-US: Cisco
CVE-2016-6436 (Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062  ...)
	NOT-FOR-US: Cisco
CVE-2016-6435 (The web console in Cisco Firepower Management Center 6.0.1 allows remo ...)
	NOT-FOR-US: Cisco
CVE-2016-6434 (Cisco Firepower Management Center 6.0.1 has hardcoded database credent ...)
	NOT-FOR-US: Cisco
CVE-2016-6433 (The Threat Management Console in Cisco Firepower Management Center 5.2 ...)
	NOT-FOR-US: Cisco
CVE-2016-6432 (A vulnerability in the Identity Firewall feature of Cisco ASA Software ...)
	NOT-FOR-US: Cisco
CVE-2016-6431 (A vulnerability in the local Certificate Authority (CA) feature of Cis ...)
	NOT-FOR-US: Cisco
CVE-2016-6430 (A vulnerability in the command-line interface of the Cisco IP Interope ...)
	NOT-FOR-US: Cisco
CVE-2016-6429 (A vulnerability in the web framework code of the Cisco IP Interoperabi ...)
	NOT-FOR-US: Cisco
CVE-2016-6428 (Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS commands ...)
	NOT-FOR-US: Cisco
CVE-2016-6427 (Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intel ...)
	NOT-FOR-US: Cisco
CVE-2016-6426 (The j_spring_security_switch_user function in Cisco Unified Intelligen ...)
	NOT-FOR-US: Cisco
CVE-2016-6425 (Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence ...)
	NOT-FOR-US: Cisco
CVE-2016-6424 (The DHCP Relay implementation in Cisco Adaptive Security Appliance (AS ...)
	NOT-FOR-US: Cisco
CVE-2016-6423 (The IKEv2 client and initiator implementations in Cisco IOS 15.5(3)M a ...)
	NOT-FOR-US: Cisco
CVE-2016-6422 (Cisco IOS 12.2(33)SXJ9 on Supervisor Engine 32 and 720 modules for 650 ...)
	NOT-FOR-US: Cisco
CVE-2016-6421 (Cisco IOS XR 5.2.2 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Cisco
CVE-2016-6420 (Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Mana ...)
	NOT-FOR-US: Cisco
CVE-2016-6419 (SQL injection vulnerability in Cisco Firepower Management Center 4.10. ...)
	NOT-FOR-US: Cisco
CVE-2016-6418 (Cross-site scripting (XSS) vulnerability in Cisco Videoscape Distribut ...)
	NOT-FOR-US: Cisco
CVE-2016-6417 (Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT Sys ...)
	NOT-FOR-US: Cisco
CVE-2016-6416 (The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) dev ...)
	NOT-FOR-US: Cisco
CVE-2016-6415 (The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15. ...)
	NOT-FOR-US: Cisco
CVE-2016-6414 (iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 ...)
	NOT-FOR-US: Cisco
CVE-2016-6413 (The installation procedure on Cisco Application Policy Infrastructure  ...)
	NOT-FOR-US: Cisco
CVE-2016-6412 (The Cisco Application-hosting Framework (CAF) component in Cisco IOS 1 ...)
	NOT-FOR-US: Cisco
CVE-2016-6411 (Cisco Firepower Management Center and FireSIGHT System Software 6.0.1  ...)
	NOT-FOR-US: Cisco
CVE-2016-6410 (The Cisco Application-hosting Framework (CAF) component in Cisco IOS 1 ...)
	NOT-FOR-US: Cisco
CVE-2016-6409 (The Data in Motion (DMo) component in Cisco IOS 15.6(1)T and IOS XE, w ...)
	NOT-FOR-US: Cisco
CVE-2016-6408 (Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Cisco
CVE-2016-6407 (Cisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) device ...)
	NOT-FOR-US: Cisco
CVE-2016-6406 (Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7 ...)
	NOT-FOR-US: Cisco
CVE-2016-6405 (Cisco Fog Director 1.0(0) for IOx allows remote authenticated users to ...)
	NOT-FOR-US: Cisco
CVE-2016-6404 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2016-6403 (The Data in Motion (DMo) application in Cisco IOS 15.6(1)T and IOS XE, ...)
	NOT-FOR-US: Cisco
CVE-2016-6402 (UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computi ...)
	NOT-FOR-US: Cisco
CVE-2016-6401 (Cisco Carrier Routing System (CRS) 5.1 and 5.1.4, as used in CRS Carri ...)
	NOT-FOR-US: Cisco
CVE-2016-6400
	RESERVED
CVE-2016-6399 (Cisco ACE30 Application Control Engine Module through A5 3.3 and ACE 4 ...)
	NOT-FOR-US: Cisco
CVE-2016-6398 (The PPTP server in Cisco IOS 15.5(3)M does not properly initialize pac ...)
	NOT-FOR-US: Cisco
CVE-2016-6397 (A vulnerability in the interdevice communications interface of the Cis ...)
	NOT-FOR-US: Cisco
CVE-2016-6396 (Cisco Firepower Management Center before 6.1 and FireSIGHT System Soft ...)
	NOT-FOR-US: Cisco
CVE-2016-6395 (Cross-site scripting (XSS) vulnerability in the web-based management i ...)
	NOT-FOR-US: Cisco
CVE-2016-6394 (Session fixation vulnerability in Cisco Firepower Management Center an ...)
	NOT-FOR-US: Cisco
CVE-2016-6393 (The AAA service in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 a ...)
	NOT-FOR-US: Cisco
CVE-2016-6392 (Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.1 through 3.9 allow  ...)
	NOT-FOR-US: Cisco
CVE-2016-6391 (Cisco IOS 12.2 and 15.0 through 15.3 allows remote attackers to cause  ...)
	NOT-FOR-US: Cisco
CVE-2016-6390
	REJECTED
CVE-2016-6389
	REJECTED
CVE-2016-6388
	REJECTED
CVE-2016-6387
	REJECTED
CVE-2016-6386 (Cisco IOS XE 3.1 through 3.17 and 16.1 on 64-bit platforms allows remo ...)
	NOT-FOR-US: Cisco
CVE-2016-6385 (Memory leak in the Smart Install client implementation in Cisco IOS 12 ...)
	NOT-FOR-US: Cisco
CVE-2016-6384 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 throu ...)
	NOT-FOR-US: Cisco
CVE-2016-6383
	REJECTED
CVE-2016-6382 (Cisco IOS 15.2 through 15.6 and IOS XE 3.6 through 3.17 and 16.1 allow ...)
	NOT-FOR-US: Cisco
CVE-2016-6381 (Cisco IOS 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.18 and 1 ...)
	NOT-FOR-US: Cisco
CVE-2016-6380 (The DNS forwarder in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 ...)
	NOT-FOR-US: Cisco
CVE-2016-6379 (Cisco IOS 12.2 and IOS XE 3.14 through 3.16 and 16.1 allow remote atta ...)
	NOT-FOR-US: Cisco
CVE-2016-6378 (Cisco IOS XE 3.1 through 3.17 and 16.1 through 16.2 allows remote atta ...)
	NOT-FOR-US: Cisco
CVE-2016-6377 (Media Origination System Suite Software 2.6 and earlier in Cisco Virtu ...)
	NOT-FOR-US: Cisco
CVE-2016-6376 (The Adaptive Wireless Intrusion Prevention System (wIPS) feature on Ci ...)
	NOT-FOR-US: Cisco
CVE-2016-6375 (Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x an ...)
	NOT-FOR-US: Cisco
CVE-2016-6374 (Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers t ...)
	NOT-FOR-US: Cisco Cloud Services Platform 2100
CVE-2016-6373 (The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allo ...)
	NOT-FOR-US: Cisco Cloud Services Platform 2100
CVE-2016-6372 (A vulnerability in the email message and content filtering for malform ...)
	NOT-FOR-US: Cisco
CVE-2016-6371 (Directory traversal vulnerability in the web interface in Cisco Hosted ...)
	NOT-FOR-US: Cisco
CVE-2016-6370 (Directory traversal vulnerability in the web interface in Cisco Hosted ...)
	NOT-FOR-US: Cisco
CVE-2016-6369 (Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x bef ...)
	NOT-FOR-US: Cisco
CVE-2016-6368 (A vulnerability in the detection engine parsing of Pragmatic General M ...)
	NOT-FOR-US: Cisco
CVE-2016-6367 (Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA  ...)
	NOT-FOR-US: Cisco
CVE-2016-6366 (Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software th ...)
	NOT-FOR-US: Cisco
CVE-2016-6365 (Cross-site scripting (XSS) vulnerability in Cisco Firepower Management ...)
	NOT-FOR-US: Cisco
CVE-2016-6364 (The User Data Services (UDS) API implementation in Cisco Unified Commu ...)
	NOT-FOR-US: Cisco
CVE-2016-6363 (The rate-limit feature in the 802.11 protocol implementation on Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2016-6362 (Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.11 ...)
	NOT-FOR-US: Cisco
CVE-2016-6361 (The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2016-6360 (A vulnerability in Advanced Malware Protection (AMP) for Cisco Email S ...)
	NOT-FOR-US: Cisco
CVE-2016-6359 (Cross-site scripting (XSS) vulnerability in Cisco Transport Gateway In ...)
	NOT-FOR-US: Cisco
CVE-2016-6358 (A vulnerability in local FTP to the Cisco Email Security Appliance (ES ...)
	NOT-FOR-US: Cisco
CVE-2016-6357 (A vulnerability in the configured security policies, including drop em ...)
	NOT-FOR-US: Cisco
CVE-2016-6356 (A vulnerability in the email message filtering feature of Cisco AsyncO ...)
	NOT-FOR-US: Cisco
CVE-2016-6355 (Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5,  ...)
	NOT-FOR-US: Cisco
CVE-2016-6353 (Cloudera Search in CDH before 5.7.0 allows unauthorized document acces ...)
	NOT-FOR-US: Cloudera
CVE-2016-6348 (JacksonJsonpInterceptor in RESTEasy might allow remote attackers to co ...)
	- resteasy <unfixed> (low; bug #837170)
	[jessie] - resteasy <no-dsa> (Minor issue)
	- resteasy3.0 <undetermined>
CVE-2016-6347 (Cross-site scripting (XSS) vulnerability in the default exception hand ...)
	- resteasy <unfixed> (low; bug #837170)
	[jessie] - resteasy <no-dsa> (Minor issue)
	- resteasy3.0 <undetermined>
CVE-2016-6346 (RESTEasy enables GZIPInterceptor, which allows remote attackers to cau ...)
	- resteasy <unfixed> (low; bug #837170)
	[jessie] - resteasy <no-dsa> (Minor issue)
	- resteasy3.0 <undetermined>
CVE-2016-6345 (RESTEasy allows remote authenticated users to obtain sensitive informa ...)
	- resteasy <unfixed> (low; bug #837170)
	[jessie] - resteasy <no-dsa> (Minor issue)
	- resteasy3.0 <undetermined>
CVE-2016-6344 (Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a  ...)
	NOT-FOR-US: Red Hat JBoss bpm Suite
CVE-2016-6343 (JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Re ...)
	NOT-FOR-US: JBoss BPMS
CVE-2016-6342 (elog 3.1.1 allows remote attackers to post data as any username in the ...)
	- elog 3.1.2-1-1 (bug #836505)
	[jessie] - elog 2.9.2+2014.05.11git44800a7-2+deb8u1
	NOTE: https://bitbucket.org/ritt/elog/commits/2f6a300572bd6048351af8c45394ae62230c83d9
	NOTE: https://bitbucket.org/ritt/elog/commits/9ca611aca2b1860efac15f806bf907cc2e6f870a/
CVE-2016-6341 (oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list ...)
	NOT-FOR-US: ovirt-engine
CVE-2016-6340 (The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces  ...)
	NOT-FOR-US: Red Hat QCI
CVE-2016-6339
	REJECTED
CVE-2016-6338 (ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Ma ...)
	NOT-FOR-US: ovirt-engine
CVE-2016-6337 (MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass  ...)
	- mediawiki 1:1.27.1-1
	[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
CVE-2016-6336 (MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27 ...)
	- mediawiki 1:1.27.1-1
	[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
CVE-2016-6335 (MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27 ...)
	- mediawiki 1:1.27.1-1
	[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
CVE-2016-6334 (Cross-site scripting (XSS) vulnerability in the Parser::replaceInterna ...)
	[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
	- mediawiki 1:1.27.1-1
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
CVE-2016-6333 (Cross-site scripting (XSS) vulnerability in the CSS user subpage previ ...)
	[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
	- mediawiki 1:1.27.1-1
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
CVE-2016-6332 (MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27 ...)
	[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
	- mediawiki 1:1.27.1-1
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
CVE-2016-6331 (ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x ...)
	- mediawiki 1:1.27.1-1
	[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
CVE-2016-6330 (The server in Red Hat JBoss Operations Network (JON), when SSL authent ...)
	NOT-FOR-US: Red Hat / JBoss Operations Network server
CVE-2016-6329 (OpenVPN, when using a 64-bit block cipher, makes it easier for remote  ...)
	- openvpn <unfixed> (unimportant)
	NOTE: https://community.openvpn.net/openvpn/wiki/SWEET32
	NOTE: This is a generic cryptographic weakness, not a vulnerability in OpenVPN per se
CVE-2016-6328 (A vulnerability was found in libexif. An integer overflow when parsing ...)
	{DLA-2214-1}
	- libexif 0.6.21-2.1 (bug #873022)
	[stretch] - libexif 0.6.21-2+deb9u2
	[wheezy] - libexif <no-dsa> (Minor issue)
	NOTE: http://libexif.cvs.sourceforge.net/viewvc/libexif/libexif/libexif/pentax/mnote-pentax-entry.c?r1=1.26&r2=1.27
CVE-2016-6327 (drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 ...)
	- linux 4.6.1-1
	[jessie] - linux 3.16.36-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/51093254bf879bc9ce96590400a87897c7498463 (4.6-rc1)
	NOTE: Introduced by: https://git.kernel.org/linus/3e4f574857eebce60bb56d7524f3f9eaa2a126d0 (v3.8-rc1)
CVE-2016-6326
	RESERVED
CVE-2016-6325 (The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBo ...)
	- tomcat8 <not-affected> (Red Hat and derivatives packaging specific)
	- tomcat7 <not-affected> (Red Hat and derivatives packaging specific)
	- tomcat6 <not-affected> (Red Hat and derivatives packaging specific)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1367447
CVE-2016-6324
	RESERVED
CVE-2016-6323 (The makecontext function in the GNU C Library (aka glibc or libc6) bef ...)
	- glibc 2.24-1 (bug #834752)
	[jessie] - glibc 2.19-18+deb8u6
	- eglibc <removed>
	[wheezy] - eglibc <not-affected> (Vulnerable code not present)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20435
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617
CVE-2016-6322 (Red Hat QuickStart Cloud Installer (QCI) uses world-readable permissio ...)
	NOT-FOR-US: ovirt-engine
CVE-2016-6321 (Directory traversal vulnerability in the safer_name_suffix function in ...)
	{DSA-3702-1 DLA-690-1}
	- tar 1.29b-1.1 (bug #842339)
	NOTE: https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt
	NOTE: POC in https://sintonen.fi/advisories/tar-poc.tar (etc/shadow should not be extracted when asking for etc/motd)
	NOTE: Proposed patch by Antoine Beaupre: https://lists.debian.org/debian-lts/2016/10/msg00206.html
	NOTE: Proposed patch upstream: http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d
CVE-2016-6320 (Cross-site scripting (XSS) vulnerability in app/assets/javascripts/hos ...)
	- foreman <itp> (bug #663101)
CVE-2016-6319 (Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb ...)
	- foreman <itp> (bug #663101)
CVE-2016-6318 (Stack-based buffer overflow in the FascistGecosUser function in lib/fa ...)
	{DLA-2220-1 DLA-599-1}
	- cracklib2 2.9.2-2 (bug #834502)
	NOTE: https://bugzilla.redhat.com/attachment.cgi?id=1188599
	NOTE: In Debian compiled with CPPFLAGS="-D_FORTIFY_SOURCE=2" so, at most application crash
CVE-2016-6317 (Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly  ...)
	- rails 2:4.2.7.1-1 (bug #834154)
	[jessie] - rails <not-affected> (Vulnerable code not present, introduced in 4.2)
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package and introduced in 4.2 anyway)
CVE-2016-6316 (Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rai ...)
	{DSA-3651-1 DLA-604-1}
	- rails 2:4.2.7.1-1 (low; bug #834155)
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
	- ruby-actionpack-3.2 <removed>
	NOTE: https://github.com/rails/rails/commit/4bcccf5ecd81a6272479537911b7d9760c5be164
CVE-2016-6315
	RESERVED
CVE-2016-6314
	RESERVED
CVE-2016-6313 (The mixing functions in the random number generator in Libgcrypt befor ...)
	{DSA-3650-1 DSA-3649-1 DLA-602-1 DLA-600-1}
	- gnupg2 <not-affected> (Uses system libgcrypt)
	- gnupg1 1.4.21-1 (bug #834894)
	- gnupg <removed> (bug #834893)
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=e23eec8c9a602eee0a09851a54db0f5d611f125c
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=c6dbfe89903d0c8191cf50ecf1abb3c8458b427a
	- libgcrypt20 1.7.3-1
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=2f62103b4bb6d6f9ce806e01afb7fdc58aa33513 (1.7)
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=8dd45ad957b54b939c288a68720137386c7f6501 (1.7)
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=190b0429b70eb4a3573377e95755d9cc13c38461 (1.6)
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=c748f87436d693f092a4484571a3cc7f650b5c81 (1.6)
	- libgcrypt11 <removed>
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=98980e2fd29ad62903c78fa6521489fce651cdda
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=6199cd963d1fba86e0b7b9e2de4b6c00b945193a
	NOTE: https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
CVE-2016-6312 (The mod_dontdothat component of the mod_dav_svn Apache module in Subve ...)
	- apr-util <not-affected> (RHEL-5.11 specific regression)
CVE-2016-6311 (Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose ...)
	NOT-FOR-US: WildFly / Red Hat JBoss EAP
CVE-2016-6310 (oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /v ...)
	NOT-FOR-US: ovirt-engine
CVE-2016-6309 (statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movem ...)
	[experimental] - openssl 1.1.0b-1
	- openssl <not-affected> (Only affects 1.1)
	NOTE: https://www.openssl.org/news/secadv/20160926.txt
CVE-2016-6308 (statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 befor ...)
	[experimental] - openssl 1.1.0a-1
	- openssl <not-affected> (Only affects 1.1)
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=48c054fec3506417b2598837b8062aae7114c200
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
CVE-2016-6307 (The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a alloca ...)
	[experimental] - openssl 1.1.0a-1
	- openssl <not-affected> (Only affects 1.1)
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=c1ef7c971d0bbf117c3c80f65b5875e2e7b024b1
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
CVE-2016-6306 (The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2 ...)
	{DSA-3673-1 DLA-637-1}
	- openssl 1.0.2i-1
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=ff553f837172ecb2b5c8eca257ec3c5619a4b299
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.0.2i, 1.0.1u
CVE-2016-6305 (The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 ...)
	[experimental] - openssl 1.1.0a-1
	- openssl <not-affected> (Only affects 1.1)
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.1.0a
CVE-2016-6304 (Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 befo ...)
	{DSA-3673-1 DLA-637-1}
	[experimental] - openssl 1.1.0a-1
	- openssl 1.0.2i-1
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.1.0a, 1.0.2i, 1.0.1u
CVE-2016-6303 (Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c ...)
	{DSA-3673-1 DLA-637-1}
	- openssl 1.0.2i-1
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=55d83bf7c10c7b205fffa23fa7c3977491e56c07
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.0.2i, 1.0.1u
CVE-2016-6302 (The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1. ...)
	{DSA-3673-1 DLA-637-1}
	- openssl 1.0.2i-1
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=e97763c92c655dcf4af2860b3abd2bc4c8a267f9
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.0.2i, 1.0.1u
CVE-2016-6301 (The recv_and_process_client_pkt function in networking/ntpd.c in busyb ...)
	- busybox 1:1.27.2-1 (unimportant; bug #833442)
	NOTE: NTP server not enabled by default in debian/config/pkg/* via CONFIG_NTPD
	NOTE: Fixed by: https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71
CVE-2016-6300
	REJECTED
CVE-2016-6299 (The scm plug-in in mock might allow attackers to bypass the intended c ...)
	- mock 1.3.2-1 (bug #850320)
	[jessie] - mock <not-affected> (Parsing is done before, after temporarily dropping super-user privileges at startup)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1375490
	NOTE: https://github.com/rpm-software-management/mock/commit/8b02f43beadacf6911200b48d94e39e891a41da9 (mock-1.2.21)
CVE-2016-6298 (The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in  ...)
	- python-jwcrypto 0.3.2-1
	NOTE: https://github.com/latchset/jwcrypto/issues/65
	NOTE: https://github.com/latchset/jwcrypto/pull/66
	NOTE: https://github.com/latchset/jwcrypto/commit/eb5be5bd94c8cae1d7f3ba9801377084d8e5a7ba
	NOTE: Code moved around in git, for 0.3.2 it is in jwe.py
CVE-2016-6354 (Heap-based buffer overflow in the yy_get_next_buffer function in Flex  ...)
	{DSA-3653-2 DSA-3653-1}
	- flex 2.6.1-1 (bug #832768)
	[wheezy] - flex <not-affected> (Issue introduced with 2.5.36)
	NOTE: Intorduced by: https://github.com/westes/flex/commit/9ba3187a537d6a58d345f2874d06087fd4050399 (flex-2-5-36)
	NOTE: Fixed by: https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466 (v2.6.1)
CVE-2016-6351 (The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), ...)
	{DLA-1599-1 DLA-574-1 DLA-573-1}
	- qemu 1:2.6+dfsg-3.1 (bug #832621)
	- qemu-kvm <removed>
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11 (v2.7.0-rc0)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=cc96677469388bad3d66479379735cf75db069e3 (v2.7.0-rc0)
	NOTE: https://www.openwall.com/lists/oss-security/2016/07/25/14
	NOTE: According to maintainer the fix relies on the fix for CVE-2016-4439
CVE-2016-6350 (OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (N ...)
	NOT-FOR-US: OpenBSD
CVE-2016-6349 (The machinectl command in oci-register-machine allows local users to l ...)
	NOT-FOR-US: oci-register-machine
	NOTE: https://www.openwall.com/lists/oss-security/2016/07/26/5
	NOTE: Requirement is that docker containers would register themselves to
	NOTE: to systemd-machined by oci-register-machine (not packaged in Debian,
	NOTE: and https://github.com/projectatomic/docker/commit/a307e90141ba31b378bc31bb7720ed141f47cd9b
	NOTE: not applied to docker.io).
	NOTE: https://github.com/systemd/systemd/issues/3815
	NOTE: The problem as well only arises with docker fork in RedHat, not with upstream docker
	NOTE: https://github.com/projectatomic/oci-register-machine/pull/22
CVE-2016-6287 (The "http-client" egg always used a HTTP_PROXY environment variable to ...)
	NOT-FOR-US: Addons for Chicken
CVE-2016-6286 (The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" head ...)
	NOT-FOR-US: Addons for Chicken
CVE-2016-6285 (Cross-site scripting (XSS) vulnerability in includes/decorators/global ...)
	NOT-FOR-US: Atlassian JIRA
CVE-2016-6284
	RESERVED
CVE-2016-6283 (Cross-site scripting (XSS) vulnerability in Atlassian Confluence befor ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2016-6282
	RESERVED
CVE-2016-6281
	RESERVED
CVE-2016-6280
	RESERVED
CVE-2016-6279
	RESERVED
CVE-2016-6278
	RESERVED
CVE-2016-6277 (NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 b ...)
	NOT-FOR-US: Netgear routers
CVE-2016-6276 (Citrix Linux Virtual Delivery Agent (aka VDA, formerly Linux Virtual D ...)
	NOT-FOR-US: Citrix
CVE-2016-6275
	RESERVED
CVE-2016-6274
	RESERVED
CVE-2016-6273 (The lmadmin component in Flexera FlexNet Publisher (aka Flex License M ...)
	NOT-FOR-US: Flexera
CVE-2016-6272 (XPath injection vulnerability in Epic MyChart allows remote attackers  ...)
	NOT-FOR-US: EPIC MyChart
CVE-2016-6297 (Integer overflow in the php_stream_zip_opener function in ext/zip/zip_ ...)
	{DSA-3631-1 DLA-628-1}
	- php7.0 7.0.9-1
	- php5 5.6.24+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/72520
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9
	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6296 (Integer signedness error in the simplestring_addn function in simplest ...)
	{DSA-3631-1 DLA-2011-1 DLA-628-1 DLA-569-1}
	- php7.0 7.0.9-1
	- php5 5.6.24+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/72606
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=e6c48213c22ed50b2b987b479fcc1ac709394caa
	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
	- xmlrpc-epi 0.54.2-1.2 (bug #832959)
	NOTE: In stretch/sid php7.0 is using the system library not the embedded one.
CVE-2016-6295 (ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x bef ...)
	{DSA-3631-1 DLA-628-1}
	- php7.0 7.0.9-1
	- php5 5.6.24+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/72479
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=cab1c3b3708eead315e033359d07049b23b147a3
	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6294 (The locale_accept_from_http function in ext/intl/locale/locale_methods ...)
	{DSA-3631-1 DLA-628-1}
	- php7.0 7.0.9-1
	- php5 5.6.24+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/72533
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4
	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6293 (The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in Interna ...)
	{DSA-3725-1 DLA-615-1}
	- icu 57.1-4
	NOTE: http://bugs.icu-project.org/trac/changeset/39109
	NOTE: http://bugs.icu-project.org/trac/ticket/12652
	NOTE: And possibly needs some more follow-up fixes, cf. with upstream changes
	NOTE: around/later than changeset 39109.
CVE-2016-6292 (The exif_process_user_comment function in ext/exif/exif.c in PHP befor ...)
	{DSA-3631-1 DLA-628-1}
	- php7.0 7.0.9-1
	- php5 5.6.24+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/72618
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=41131cd41d2fd2e0c2f332a27988df75659c42e4
	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6291 (The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP b ...)
	{DSA-3631-1 DLA-628-1}
	- php7.0 7.0.9-1
	- php5 5.6.24+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/72603
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=eebcbd5de38a0f1c2876035402cb770e37476519
	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6290 (ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7 ...)
	{DSA-3631-1 DLA-628-1}
	- php7.0 7.0.9-1
	- php5 5.6.24+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/72562
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=3798eb6fd5dddb211b01d41495072fd9858d4e32
	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6289 (Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_ ...)
	{DSA-3631-1 DLA-628-1}
	- php7.0 7.0.9-1
	- php5 5.6.24+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/72513
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=0218acb7e756a469099c4ccfb22bce6c2bd1ef87
	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6271 (The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the- ...)
	- bzrtp 1.0.2-1.2 (bug #859277)
	NOTE: Fixed by: https://github.com/BelledonneCommunications/bzrtp/commit/bbb1e6e2f467ee4bd7b9a8c800e4f07343d7d99b
CVE-2016-6270 (The handle_certificate function in /vmi/manager/engine/management/comm ...)
	NOT-FOR-US: Trend Micro
CVE-2016-6269 (Multiple directory traversal vulnerabilities in Trend Micro Smart Prot ...)
	NOT-FOR-US: Trend Micro
CVE-2016-6268 (Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before  ...)
	NOT-FOR-US: Trend Micro
CVE-2016-6267 (SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200 ...)
	NOT-FOR-US: Trend Micro
CVE-2016-6266 (ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before ...)
	NOT-FOR-US: Trend Micro
CVE-2016-6260
	RESERVED
CVE-2016-6259 (Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Preven ...)
	- xen 4.8.0~rc3-1
	[jessie] - xen <not-affected> (Only affects 4.5 and later)
	[wheezy] - xen <not-affected> (Only affects 4.5 and later)
	NOTE: http://xenbits.xen.org/xsa/advisory-183.html
CVE-2016-6258 (The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows ...)
	{DSA-3633-1 DLA-571-1}
	- xen 4.8.0~rc3-1
	NOTE: http://xenbits.xen.org/xsa/advisory-182.html
CVE-2016-6257 (The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon S ...)
	NOT-FOR-US: Lenovo
CVE-2016-6256 (SAP Business One for Android 1.2.3 allows remote attackers to conduct  ...)
	NOT-FOR-US: SAP
CVE-2016-6254 (Heap-based buffer overflow in the parse_packet function in network.c i ...)
	{DSA-3636-1 DLA-575-1}
	- collectd 5.5.2-1 (bug #832507)
	NOTE: https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18
	NOTE: https://github.com/collectd/collectd/commit/8b4fed9940e02138b7e273e56863df03d1a39ef7
CVE-2016-6253 (mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, an ...)
	NOT-FOR-US: mail.local in NetBSD
CVE-2016-1000218 (Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerab ...)
	- kibana <itp> (bug #700337)
CVE-2016-1000212 [Mitigation for HTTPoxy vulnerability]
	{DSA-3642-1 DLA-583-1}
	- lighttpd 1.4.43-1 (bug #832571)
	NOTE: https://redmine.lighttpd.net/projects/lighttpd/repository/revisions/779c133c16f9af168b004dce7a2a64f16c1cb3a4/diff
	NOTE: CVE assigned for the mitigation to identify the fix. But it is not a vulnerability in lighttpd itself.
CVE-2016-1000211
	RESERVED
CVE-2016-1000210
	RESERVED
CVE-2016-1000209
	RESERVED
CVE-2016-1000208
	RESERVED
CVE-2016-1000207
	RESERVED
CVE-2016-1000206
	RESERVED
CVE-2016-1000205
	RESERVED
CVE-2016-1000204
	RESERVED
CVE-2016-1000203
	RESERVED
CVE-2016-1000202
	RESERVED
CVE-2016-1000201
	RESERVED
CVE-2016-1000200
	RESERVED
CVE-2016-1000199
	RESERVED
CVE-2016-1000198
	RESERVED
CVE-2016-1000197
	RESERVED
CVE-2016-1000196
	RESERVED
CVE-2016-1000195
	RESERVED
CVE-2016-1000194
	RESERVED
CVE-2016-1000193
	RESERVED
CVE-2016-1000192
	RESERVED
CVE-2016-1000191
	RESERVED
CVE-2016-1000190
	RESERVED
CVE-2016-1000189
	RESERVED
CVE-2016-1000188
	RESERVED
CVE-2016-1000187
	RESERVED
CVE-2016-1000186
	RESERVED
CVE-2016-1000185
	RESERVED
CVE-2016-1000184
	RESERVED
CVE-2016-1000183
	RESERVED
CVE-2016-1000182
	RESERVED
CVE-2016-1000181
	RESERVED
CVE-2016-1000180
	RESERVED
CVE-2016-1000179
	RESERVED
CVE-2016-1000178
	RESERVED
CVE-2016-1000177
	RESERVED
CVE-2016-1000176
	RESERVED
CVE-2016-1000175
	RESERVED
CVE-2016-1000174
	RESERVED
CVE-2016-1000173
	RESERVED
CVE-2016-1000172
	RESERVED
CVE-2016-1000171
	RESERVED
CVE-2016-1000170
	RESERVED
CVE-2016-1000169
	RESERVED
CVE-2016-1000168
	RESERVED
CVE-2016-1000167
	RESERVED
CVE-2016-1000166
	RESERVED
CVE-2016-1000165
	RESERVED
CVE-2016-1000164
	RESERVED
CVE-2016-1000163
	RESERVED
CVE-2016-1000162
	RESERVED
CVE-2016-1000161
	RESERVED
CVE-2016-1000160
	RESERVED
CVE-2016-1000159
	RESERVED
CVE-2016-1000158
	RESERVED
CVE-2016-1000157
	RESERVED
CVE-2016-1000156 (Mailcwp remote file upload vulnerability incomplete fix v1.100 ...)
	NOT-FOR-US: WordPress plugin mailcwp
CVE-2016-1000155 (Reflected XSS in wordpress plugin wpsolr-search-engine v7.6 ...)
	NOT-FOR-US: Wordpress plugin wpsolr-search-engine
CVE-2016-1000154 (Reflected XSS in wordpress plugin whizz v1.0.7 ...)
	NOT-FOR-US: Wordpress plugin whizz
CVE-2016-1000153 (Reflected XSS in wordpress plugin tidio-gallery v1.1 ...)
	NOT-FOR-US: Wordpress plugin tidio-gallery
CVE-2016-1000152 (Reflected XSS in wordpress plugin tidio-form v1.0 ...)
	NOT-FOR-US: Wordpress plugin tidio-form
CVE-2016-1000151 (Reflected XSS in wordpress plugin tera-charts v1.0 ...)
	NOT-FOR-US: Wordpress plugin tera-charts
CVE-2016-1000150 (Reflected XSS in wordpress plugin simplified-content v1.0.0 ...)
	NOT-FOR-US: Wordpress plugin simplified-content
CVE-2016-1000149 (Reflected XSS in wordpress plugin simpel-reserveren v3.5.2 ...)
	NOT-FOR-US: Wordpress plugin simpel-reserveren
CVE-2016-1000148 (Reflected XSS in wordpress plugin s3-video v0.983 ...)
	NOT-FOR-US: Wordpress plugin s3-video
CVE-2016-1000147 (Reflected XSS in wordpress plugin recipes-writer v1.0.4 ...)
	NOT-FOR-US: Wordpress plugin recipes-writer
CVE-2016-1000146 (Reflected XSS in wordpress plugin pondol-formmail v1.1 ...)
	NOT-FOR-US: Wordpress plugin pondol-formmail
CVE-2016-1000145 (Reflected XSS in wordpress plugin pondol-carousel v1.0 ...)
	NOT-FOR-US: Wordpress plugin pondol-carousel
CVE-2016-1000144 (Reflected XSS in wordpress plugin photoxhibit v2.1.8 ...)
	NOT-FOR-US: Wordpress plugin photoxhibit
CVE-2016-1000143 (Reflected XSS in wordpress plugin photoxhibit v2.1.8 ...)
	NOT-FOR-US: Wordpress plugin photoxhibit
CVE-2016-1000142 (Reflected XSS in wordpress plugin parsi-font v4.2.5 ...)
	NOT-FOR-US: Wordpress plugin parsi-font
CVE-2016-1000141 (Reflected XSS in wordpress plugin page-layout-builder v1.9.3 ...)
	NOT-FOR-US: Wordpress plugin page-layout-builder
CVE-2016-1000140 (Reflected XSS in wordpress plugin new-year-firework v1.1.9 ...)
	NOT-FOR-US: Wordpress plugin new-year-firework
CVE-2016-1000139 (Reflected XSS in wordpress plugin infusionsoft v1.5.11 ...)
	NOT-FOR-US: Wordpress plugin infusionsoft
CVE-2016-1000138 (Reflected XSS in wordpress plugin indexisto v1.0.5 ...)
	NOT-FOR-US: Wordpress plugin indexisto
CVE-2016-1000137 (Reflected XSS in wordpress plugin hero-maps-pro v2.1.0 ...)
	NOT-FOR-US: Wordpress plugin hero-maps-pro
CVE-2016-1000136 (Reflected XSS in wordpress plugin heat-trackr v1.0 ...)
	NOT-FOR-US: Wordpress plugin heat-trackr
CVE-2016-1000135 (Reflected XSS in wordpress plugin hdw-tube v1.2 ...)
	NOT-FOR-US: Wordpress plugin hdw-tube
CVE-2016-1000134 (Reflected XSS in wordpress plugin hdw-tube v1.2 ...)
	NOT-FOR-US: Wordpress plugin hdw-tube
CVE-2016-1000133 (Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1. ...)
	NOT-FOR-US: Wordpress plugin forget-about-shortcode-buttons
CVE-2016-1000132 (Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8 ...)
	NOT-FOR-US: Wordpress plugin enhanced-tooltipglossary
CVE-2016-1000131 (Reflected XSS in wordpress plugin e-search v1.0 ...)
	NOT-FOR-US: Wordpress plugin e-search
CVE-2016-1000130 (Reflected XSS in wordpress plugin e-search v1.0 ...)
	NOT-FOR-US: Wordpress plugin e-search
CVE-2016-1000129 (Reflected XSS in wordpress plugin defa-online-image-protector v3.3 ...)
	NOT-FOR-US: Wordpress plugin defa-online-image-protector
CVE-2016-1000128 (Reflected XSS in wordpress plugin anti-plagiarism v3.60 ...)
	NOT-FOR-US: Wordpress plugin anti-plagiarism
CVE-2016-1000127 (Reflected XSS in wordpress plugin ajax-random-post v2.00 ...)
	NOT-FOR-US: Wordpress plugin ajax-random-post
CVE-2016-1000126 (Reflected XSS in wordpress plugin admin-font-editor v1.8 ...)
	NOT-FOR-US: Wordpress plugin admin-font-editor
CVE-2016-1000125 (Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla ...)
	NOT-FOR-US: Joomla component Huge-IT Catalog
CVE-2016-1000124 (Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0 ...)
	NOT-FOR-US: Joomla component Huge-IT Portfolio Gallery
CVE-2016-1000123 (Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joom ...)
	NOT-FOR-US: Joomla component Huge-IT Video Gallery
CVE-2016-1000122 (XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension ...)
	NOT-FOR-US: Joomla extension Huge IT Joomla Slider
CVE-2016-1000121 (XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension ...)
	NOT-FOR-US: Joomla extension Huge IT Joomla Slider
CVE-2016-1000120 (SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla ...)
	NOT-FOR-US: Joomla extension Huge IT catalog
CVE-2016-1000119 (SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla ...)
	NOT-FOR-US: Joomla extension Huge IT catalog
CVE-2016-1000118 (XSS &amp; SQLi in HugeIT slideshow v1.0.4 ...)
	NOT-FOR-US: Joomla extension HugeIT slideshow
CVE-2016-1000117 (XSS &amp; SQLi in HugeIT slideshow v1.0.4 ...)
	NOT-FOR-US: Joomla extension HugeIT slideshow
CVE-2016-1000116 (Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS ...)
	NOT-FOR-US: Joomla extension Huge-IT Portfolio Gallery manager
CVE-2016-1000115 (Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS ...)
	NOT-FOR-US: Joomla extension Huge-IT Portfolio Gallery manager
CVE-2016-1000114 (XSS in huge IT gallery v1.1.5 for Joomla ...)
	NOT-FOR-US: Joomla extension huge IT gallery
CVE-2016-1000113 (XSS and SQLi in huge IT gallery v1.1.5 for Joomla ...)
	NOT-FOR-US: Joomla extension huge IT gallery
CVE-2016-1000112 (Unauthenticated remote .jpg file upload in contus-video-comments v1.0  ...)
	NOT-FOR-US: WordPress plugin contus-video-comments
CVE-2016-6265 (Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf- ...)
	{DSA-3655-1}
	- mupdf 1.9a+ds1-1.1 (bug #832031)
	[wheezy] - mupdf <not-affected> (vulnerable code not present, no segfault)
	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696941
	NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=fa1936405b6a84e5c9bb440912c23d532772f958
	NOTE: Possibly introduced with: https://git.ghostscript.com/?p=mupdf.git;h=e767bd783d91ae88cd79da19e79afb2c36bcf32a (1.7-rc1)
	NOTE: Although the e767bd783d91ae88cd79da19e79afb2c36bcf32a introduced the solid xrefs,
	NOTE: that part of the code went trough several iterations before it settled down, and
	NOTE: thus the issue could possibly be presend already before. The code in 1.5-1 looks
	NOTE: quite similar, although the reproducer does not lead to a heap-use-after-free in
	NOTE: the 1.5-1 case.
CVE-2016-6264 (Integer signedness error in libc/string/arm/memset.S in uClibc and uCl ...)
	{DLA-561-1}
	- uclibc-ng <itp> (bug #811275)
	- uclibc <unfixed> (unimportant)
	NOTE: Just for cross-compiling, not used for actual packages
	NOTE: https://repo.or.cz/uclibc-ng.git/commit/e3848e3dd64a8d6437531488fe341354bc02eaed
	NOTE: http://mailman.uclibc-ng.org/pipermail/devel/2016-July/001067.html
	NOTE: Fixed in 1.0.16 of uClibc-ng
CVE-2016-6263 (The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn be ...)
	{DSA-3658-1 DLA-582-1}
	- libidn 1.33-1
	NOTE: https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
	NOTE: Test / Fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555 (libidn-1-33)
	NOTE: https://www.openwall.com/lists/oss-security/2016/07/20/6
CVE-2016-6262 (idn in libidn before 1.33 might allow remote attackers to obtain sensi ...)
	- libidn <not-affected> (Incomplete fix for CVE-2015-8948 not applied)
	NOTE: Follow-up fix for CVE-2015-8948: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60 (libidn-1-33)
	NOTE: https://www.openwall.com/lists/oss-security/2016/07/20/6
CVE-2016-6261 (The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allo ...)
	{DSA-3658-1 DLA-582-1}
	- libidn 1.33-1
	NOTE: https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
	NOTE: Test: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=9a1a7e15d0706634971364493fbb06e77e74726c (libidn-1-33)
	NOTE: Fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d (libidn-1-33)
	NOTE: Follow-up memory leak fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=11abd0e02c16f9e0b6944aea4ef0f2df44b42dd4 (libidn-1-33)
	NOTE: https://www.openwall.com/lists/oss-security/2016/07/20/6
CVE-2016-6249 (F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout durin ...)
	NOT-FOR-US: F5
CVE-2016-1000037 (Pagure: XSS possible in file attachment endpoint ...)
	- pagure <not-affected> (Fixed before initial upload to the archive)
CVE-2016-1000030 (Pidgin version &lt;2.11.0 contains a vulnerability in X.509 Certificat ...)
	- pidgin 2.11.0-1 (unimportant)
	[jessie] - pidgin 2.11.0-0+deb8u1
	NOTE: http://www.pidgin.im/news/security/?id=91
	NOTE: https://bitbucket.org/pidgin/main/commits/d6fc1ce76ffe
	NOTE: Furthermore pidgin in Debian is not compiled to use GnuTLS (--enable-gnutls=no)
CVE-2016-XXXX [insecure default PATH]
	- dietlibc 0.34~cvs20160606-2 (bug #832169)
	[jessie] - dietlibc 0.33~cvs20120325-6+deb8u1
	[wheezy] - dietlibc 0.33~cvs20120325-4+deb7u1
	NOTE: Workaround entry for DLA-557-1 until CVE is assigned
	NOTE: Following reverse dependencies need to be recompiled: minit (wheezy, jessie),
	NOTE: util-vserver (jessie, sid), mksh (sid, experimental)
	NOTE: http://news.gmane.org/find-root.php?message_id=alpine.DEB.2.20.1607181048300.24083%40tglase.lan.tarent.de
CVE-2016-6250 (Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allo ...)
	{DSA-3677-1 DLA-554-1}
	- libarchive 3.2.1-1 (low)
	NOTE: https://github.com/libarchive/libarchive/issues/711
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/3014e19820ea53c15c90f9d447ca3e668a0b76c6 (v3.2.1)
	NOTE: https://www.openwall.com/lists/oss-security/2016/07/20/1
CVE-2016-6252 (Integer overflow in shadow 4.2.1 allows local users to gain privileges ...)
	{DSA-3793-1}
	- shadow 1:4.4-1 (bug #832170)
	[wheezy] - shadow <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/shadow-maint/shadow/issues/27
	NOTE: Fixed by: https://github.com/shadow-maint/shadow/commit/1d5a926cc2d6078d23a96222b1ef3e558724dad1 (4.3.1)
CVE-2016-6251
	REJECTED
CVE-2016-6248
	RESERVED
CVE-2016-1000029 (Tenable Nessus before 6.8 has a stored XSS issue that requires admin-l ...)
	NOT-FOR-US: Nessus
CVE-2016-1000028 (Tenable Nessus before 6.8 has a stored XSS issue that requires admin-l ...)
	NOT-FOR-US: Nessus
CVE-2016-6247 (OpenBSD 5.8 and 5.9 allows certain local users to cause a denial of se ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2016-6246 (OpenBSD 5.8 and 5.9 allows certain local users with kern.usermount pri ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2016-6245 (OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (k ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2016-6244 (The sys_thrsigdivert function in kern/kern_sig.c in the OpenBSD kernel ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2016-6243 (thrsleep in kern/kern_synch.c in OpenBSD 5.8 and 5.9 allows local user ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2016-6242 (OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (a ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2016-6241 (Integer overflow in the amap_alloc1 function in OpenBSD 5.8 and 5.9 al ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2016-6240 (Integer truncation error in the amap_alloc function in OpenBSD 5.8 and ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2016-6239 (The mmap extension __MAP_NOFAULT in OpenBSD 5.8 and 5.9 allows attacke ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2016-6238 (The write_ujpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 al ...)
	- lepton 1.2.1-1 (bug #831814)
CVE-2016-6237 (The build_huffcodes function in lepton/jpgcoder.cc in Dropbox lepton 1 ...)
	- lepton 1.2.1-1 (bug #831814)
CVE-2016-6236 (The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton ...)
	- lepton 1.2.1-1 (bug #831814)
CVE-2016-6235 (The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton ...)
	- lepton 1.2.1-1 (bug #831814)
CVE-2016-6234 (The process_file function in lepton/jpgcoder.cc in Dropbox lepton 1.0  ...)
	- lepton 1.2.1-1 (bug #831814)
CVE-2016-6231 (Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 certific ...)
	NOT-FOR-US: Kaspersky
CVE-2016-6230
	RESERVED
CVE-2016-6229
	RESERVED
CVE-2016-6228
	RESERVED
CVE-2016-6227
	RESERVED
CVE-2016-6226
	RESERVED
CVE-2016-6225 (xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does ...)
	- percona-xtrabackup <removed> (bug #851244)
	[jessie] - percona-xtrabackup <no-dsa> (Minor issue)
	NOTE: https://www.percona.com/blog/2017/01/12/cve-2016-6225-percona-xtrabackup-encryption-iv-not-set-properly
	NOTE: https://github.com/percona/percona-xtrabackup/pull/266
	NOTE: https://github.com/percona/percona-xtrabackup/pull/267
CVE-2016-6222
	RESERVED
CVE-2016-6221
	RESERVED
CVE-2016-6220 (Information Disclosure vulnerability in the Dashboard and Error Pages  ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2016-6219
	RESERVED
CVE-2016-6218
	RESERVED
CVE-2016-1000110 (The CGIHandler class in Python before 2.7.12 does not protect against  ...)
	- python3.5 3.5.2-3 (unimportant)
	- python3.4 <removed> (unimportant)
	- python3.2 <removed> (unimportant)
	- python2.7 2.7.12-2 (unimportant)
	- python2.6 <removed> (unimportant)
	NOTE: https://bugs.python.org/issue27568
	NOTE: https://github.com/python/cpython/commit/436fe5a447abb69e5e5a4f453325c422af02dcaa (3.4)
	NOTE: No part of Python does set HTTP_PROXY based on a Proxy: header, the Python bug
	NOTE: just provides a hardening to discard HTTP_PROXY if it thinks a Python script is
	NOTE: running as a CGI script
CVE-2016-1000109 (HHVM does not attempt to address RFC 3875 section 4.1.18 namespace con ...)
	- hhvm 3.12.11+dfsg-1 (unimportant)
CVE-2016-1000107 (inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1 ...)
	- erlang <unfixed> (unimportant)
	NOTE: https://bugs.erlang.org/browse/ERL-198
	NOTE: No part of Erlang does set HTTP_PROXY based on a Proxy: header, just hardening
CVE-2016-1000106
	REJECTED
CVE-2016-1000105
	REJECTED
CVE-2016-1000103
	REJECTED
CVE-2016-1000102
	REJECTED
CVE-2016-1000027 (Pivotal Spring Framework 4.1.4 suffers from a potential remote code ex ...)
	- libspring-java 4.2.7-1 (unimportant)
	NOTE: https://www.tenable.com/security/research/tra-2016-20
	NOTE: This is not a vulnerability in Spring itself, just how applications are using it
CVE-2016-6255 (Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers  ...)
	{DSA-3736-1 DLA-597-1}
	- libupnp 1:1.6.19+git20160116-1.1 (bug #831857)
	NOTE: https://twitter.com/mjg59/status/755062278513319936
	NOTE: Proposed fix: https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd
	NOTE: https://www.openwall.com/lists/oss-security/2016/07/18/13
CVE-2016-6233 (The (1) order and (2) group methods in Zend_Db_Select in the Zend Fram ...)
	- zendframework 1.12.19+dfsg-1
	[jessie] - zendframework <not-affected> (introduced after 1.12.9)
	[wheezy] - zendframework <not-affected> (introduced after 1.12.9)
	NOTE: http://framework.zend.com/security/advisory/ZF2016-02
	NOTE: https://github.com/zendframework/zf1/commit/bf3f40605be3d8f136a07ae991079a7dcb34d967
CVE-2016-6232 (Directory traversal vulnerability in KArchive before 5.24, as used in  ...)
	{DSA-3643-1 DLA-570-1}
	- karchive 5.24.0-1
	- kde4libs 4:4.14.22-2 (bug #832620)
	NOTE: The fix for 4:4.14.22-1 was incomplete, cf.
	NOTE: https://lists.debian.org/debian-lts/2016/07/msg00144.html
	NOTE: Fix: https://git.reviewboard.kde.org/r/128185/
CVE-2016-6217 (Cross-site scripting (XSS) vulnerability in Sophos PureMessage for UNI ...)
	NOT-FOR-US: Sophos
CVE-2016-6216
	RESERVED
CVE-2016-6215
	RESERVED
CVE-2016-6212 (The Views module 7.x-3.x before 7.x-3.14 in Drupal 7.x and the Views m ...)
	- drupal8 <itp> (bug #756305)
CVE-2016-6210 (sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user pa ...)
	{DSA-3626-1 DLA-578-1}
	- openssh 1:7.2p2-6 (bug #831902)
	NOTE: http://seclists.org/fulldisclosure/2016/Jul/51
	NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=9286875a73b2de7736b5e50692739d314cd8d9dc
	NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=283b97ff33ea2c641161950849931bd578de6946
	NOTE: Suggested to cherry-pick as well: https://anongit.mindrot.org/openssh.git/commit/?id=dbf788b4d9d9490a5fff08a7b09888272bb10fcc
	NOTE: otherwise the mitigiation isn't very effective for systems with a locked root account.
CVE-2016-6208
	RESERVED
CVE-2016-6207 (Integer overflow in the _gdContributionsAlloc function in gd_interpola ...)
	{DSA-3630-1}
	- libgd2 2.2.2-43-g22cba39-1
	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/libgd/libgd/commit/0dd40abd6d5b3e53a6b745dd4d6cf94b70010989
	NOTE: https://github.com/libgd/libgd/commit/d325888a9fe3c9681e4a9aad576de2c5cd5df2ef
	NOTE: https://github.com/libgd/libgd/commit/ff9113c80a32205d45205d3ea30965b25480e0fb
	NOTE: https://github.com/libgd/libgd/commit/f60ec7a546499f9446063a4dbe755be9523d8232
	NOTE: https://github.com/libgd/libgd/commit/7a28c235890c95e6010e7b0d0f7c7369367168ef
	- php7.0 7.0.9-1 (unimportant)
	- php5 5.6.24+dfsg-1 (unimportant)
	[jessie] - php5 5.6.24+dfsg-0+deb8u1
	[wheezy] - php5 <not-affected> (Vulnerable code not present)
	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72558
	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
CVE-2016-6209 (Cross-site scripting (XSS) vulnerability in Nagios. ...)
	- nagios3 <removed> (bug #831698)
	[jessie] - nagios3 <no-dsa> (Minor issue)
	[wheezy] - nagios3 <no-dsa> (Minor issue)
	- icinga <not-affected> (Vulnerable code not present)
	NOTE: http://seclists.org/fulldisclosure/2016/Jun/20
	NOTE: https://github.com/NagiosEnterprises/nagioscore/issues/297
	NOTE: Fixed by https://github.com/NagiosEnterprises/nagioscore/commit/78b7bdde3ab4dec265879ff1b4d49a398bf3ba9c
CVE-2016-6206 (Huawei AR3200 routers with software before V200R007C00SPC600 allow rem ...)
	NOT-FOR-US: Huawei
CVE-2016-6205
	RESERVED
CVE-2016-6204 (Cross-site scripting (XSS) vulnerability in the integrated web server  ...)
	NOT-FOR-US: Siemens
CVE-2016-6203
	RESERVED
CVE-2016-6202
	RESERVED
CVE-2016-6201 (Cross-site scripting (XSS) vulnerability in Ektron Content Management  ...)
	NOT-FOR-US: Ektron Content Management System
CVE-2016-6200
	RESERVED
CVE-2016-6199 (ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to exe ...)
	- gradle 2.13-1
	[jessie] - gradle <ignored> (Minor issue)
	NOTE: Starting from 2.13-1 it uses commons-collections:commons-collections:3.2.2
	NOTE: https://philwantsfish.github.io/security/java-deserialization-github
	NOTE: https://discuss.gradle.org/t/a-security-issue-about-gradle-rce/17726
	NOTE: ObjectSocketWrapper only used by Gradle UI, which was removed in current releases (4.x)
CVE-2016-6196
	RESERVED
CVE-2016-6195 (SQL injection vulnerability in forumrunner/includes/moderation.php in  ...)
	NOT-FOR-US: vBulletin
CVE-2016-6194
	RESERVED
CVE-2016-6193 (Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with soft ...)
	NOT-FOR-US: Huawei
CVE-2016-6192 (Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with soft ...)
	NOT-FOR-US: Huawei
CVE-2016-1000026
	RESERVED
CVE-2016-1000025
	REJECTED
CVE-2016-1000024
	RESERVED
CVE-2016-1000022
	REJECTED
CVE-2016-1000021
	REJECTED
CVE-2016-1000020
	RESERVED
CVE-2016-1000019
	RESERVED
CVE-2016-1000018
	RESERVED
CVE-2016-1000017
	RESERVED
CVE-2016-1000016
	RESERVED
CVE-2016-1000015
	RESERVED
CVE-2016-1000014
	REJECTED
CVE-2016-1000013
	REJECTED
CVE-2016-1000012
	RESERVED
CVE-2016-1000011
	RESERVED
CVE-2016-1000010
	RESERVED
CVE-2016-6905 (The read_image_tga function in gd_tga.c in the GD Graphics Library (ak ...)
	{DSA-3619-1}
	- libgd2 2.2.2-29-g3c2b605-1
	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/libgd/libgd/issues/248
	NOTE: https://github.com/libgd/libgd/pull/251
	NOTE: https://github.com/libgd/libgd/commit/5a3f19e962b507560c9206965087db4dc0ad107f
	NOTE: Fixed by: https://github.com/libgd/libgd/commit/3c2b605d72e8b080dace1d98a6e50b46c1d12186
	NOTE: followed by: https://github.com/libgd/libgd/commit/01c61f8ab110a77ae64b5ca67c244c728c506f03
	NOTE: https://www.openwall.com/lists/oss-security/2016/07/12/4
CVE-2016-6352 (The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows  ...)
	{DLA-2043-1}
	- gdk-pixbuf 2.35.4-1 (bug #832496)
	[wheezy] - gdk-pixbuf <not-affected> (Fails with ENOMEM, no crash)
	NOTE: https://www.openwall.com/lists/oss-security/2016/07/13/11
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=769170
	NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=88af50a864195da1a4f7bda5f02539704fbda599
CVE-2016-6224 (ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap  ...)
	- ecryptfs-utils <not-affected> (Broken code not present; incomplete fix for CVE-2015-8946 not applied)
	NOTE: Actually due to an incomplete fix of LP#1447282
	NOTE: https://launchpad.net/bugs/1597154
	NOTE: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/882
	NOTE: https://www.openwall.com/lists/oss-security/2016/07/13/2
CVE-2016-6214 (gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows re ...)
	{DSA-3619-1}
	- libgd2 2.2.2-29-g3c2b605-1
	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/libgd/libgd/issues/247#issuecomment-232084241
	NOTE: https://github.com/libgd/libgd/commit/10ef1dca63d62433fda13309b4a228782db823f7
	NOTE: Different issue than CVE-2016-6132
	NOTE: https://www.openwall.com/lists/oss-security/2016/07/13/5
CVE-2016-6223 (The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in  ...)
	{DSA-3762-1 DLA-693-1 DLA-610-1}
	- tiff 4.0.6-2 (bug #842270)
	- tiff3 <removed>
	NOTE: https://www.openwall.com/lists/oss-security/2016/07/13/3
	NOTE: Upstream patch: https://github.com/vadz/libtiff/commit/0ba5d8814a17a64bdb8d9035f4c533f3f3f4b496
CVE-2016-1000023
	REJECTED
CVE-2016-6213 (fs/namespace.c in the Linux kernel before 4.9 does not restrict how ma ...)
	- linux 4.8.11-1
	[jessie] - linux 3.16.43-1
	[wheezy] - linux <no-dsa> (Only exploitable by privileged user; too many changes to backport)
	NOTE: https://lkml.org/lkml/2016/8/28/269
	NOTE: Fixed by: https://git.kernel.org/linus/d29216842a85c7970c536108e093963f02714498 (v4.9-rc1)
CVE-2016-6186 (Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedOb ...)
	{DSA-3622-1 DLA-555-1}
	- python-django 1:1.9.8-1 (bug #831799)
	NOTE: https://www.djangoproject.com/weblog/2016/jul/18/security-releases/
CVE-2016-1000009 (TP-LINK lost control of two domains, www.tplinklogin.net and tplinkext ...)
	NOT-FOR-US: TP-LINK
CVE-2016-XXXX [Insecure use of /tmp]
	- leptonlib 1.73-5 (unimportant; bug #830660)
	NOTE: Neutralised by kernel hardening
CVE-2016-6198 (The filesystem layer in the Linux kernel before 4.5.5 proceeds with po ...)
	- linux 4.5.5-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/54d5ca871e72f2bb172ec9323497f01cd5091ec7 (v4.6)
	NOTE: https://git.kernel.org/linus/9409e22acdfc9153f88d9b1ed2bd2a5b34d2d3ca (v4.6)
CVE-2016-6197 (fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the L ...)
	- linux 4.6.1-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/11f3710417d026ea2f4fcf362d866342c5274185 (v4.6-rc1)
CVE-2016-6191 (Multiple cross-site scripting (XSS) vulnerabilities in the View Raw So ...)
	- sogo 3.2.4-0.2
	[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
	NOTE: https://sogo.nu/bugs/view.php?id=3718
	NOTE: http://github.com/inverse-inc/sogo/commit/64ce3c9c22fd9a28caabf11e76216cd53d0245aa (SOGo-3.1.3)
CVE-2016-6190 (SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to th ...)
	- sogo 3.2.4-0.2
	[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
	NOTE: Fix SOGo v2: https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225 (SOGo-2.3.12)
	NOTE: Fix SOGo v3: https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d (SOGo-3.1.1)
	NOTE: https://sogo.nu/bugs/view.php?id=3696
CVE-2016-6189 (Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows ...)
	- sogo 3.2.4-0.2
	[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
	NOTE: Fix SOGo v2: https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225 (SOGo-2.3.12)
	NOTE: Fix SOGo v3: https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d (SOGo-3.1.1)
	NOTE: https://sogo.nu/bugs/view.php?id=3695
CVE-2016-6188 (Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of ...)
	- sogo 3.2.4-0.2
	[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
	NOTE: http://github.com/inverse-inc/sogo/commit/32bb1456e23a32c7f45079c3985bf732dd0d276d (SOGo-2.3.9)
	NOTE: https://sogo.nu/bugs/view.php?id=3510
CVE-2016-6187 (The apparmor_setprocattr function in security/apparmor/lsm.c in the Li ...)
	- linux 4.6.4-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced by: https://git.kernel.org/linus/bb646cdb12e75d82258c2f2e7746d5952d3e321a (v4.5-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/30a46a4647fd1df9cf52e43bf467f0d9265096ca (v4.7-rc7)
	NOTE: https://www.openwall.com/lists/oss-security/2016/07/09/1
CVE-2016-XXXX [GNUTLS-SA-2016-2: certificate verification issue]
	- gnutls28 3.4.14-1 (unimportant)
	NOTE: http://gnutls.org/security.html#GNUTLS-SA-2016-2
	NOTE: Unimportant since Debian's binary packages are not built
	NOTE: with --with-default-trust-store-pkcs11=
CVE-2016-6184 (The Camera driver in Huawei Honor 4C smartphones with software CHM-UL0 ...)
	NOT-FOR-US: Huawei Honor
CVE-2016-6183 (The Camera driver in Huawei Honor 4C smartphones with software CHM-UL0 ...)
	NOT-FOR-US: Huawei Honor
CVE-2016-6182 (The Camera driver in Huawei Honor 4C smartphones with software CHM-UL0 ...)
	NOT-FOR-US: Huawei Honor
CVE-2016-6181 (The Camera driver in Huawei Honor 4C smartphones with software CHM-UL0 ...)
	NOT-FOR-US: Huawei Honor
CVE-2016-6180 (The Camera driver in Huawei Honor 4C smartphones with software CHM-UL0 ...)
	NOT-FOR-US: Huawei Honor
CVE-2016-6179 (The WiFi driver in Huawei Honor 6 smartphones with software H60-L01 be ...)
	NOT-FOR-US: Huawei Honor
CVE-2016-6178 (Huawei NE40E and CX600 devices with software before V800R007SPH017; PT ...)
	NOT-FOR-US: Huawei
CVE-2016-6177 (The Huawei OceanStor 5800 V300R003C00 has an integer overflow vulnerab ...)
	NOT-FOR-US: Huawei
CVE-2016-6176
	RESERVED
CVE-2016-6185 (The XSLoader::load method in XSLoader in Perl does not properly locate ...)
	{DSA-3628-1 DLA-565-1}
	- perl 5.22.2-2 (bug #829578)
CVE-2016-6175 (Eval injection vulnerability in php-gettext 1.0.12 and earlier allows  ...)
	- php-gettext <unfixed> (bug #851771)
	[buster] - php-gettext <no-dsa> (Minor issue)
	[stretch] - php-gettext <no-dsa> (Minor issue)
	[jessie] - php-gettext <no-dsa> (Minor issue)
	[wheezy] - php-gettext <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/php-gettext/+bug/1606184
	NOTE: https://kmkz-web-blog.blogspot.cz/2016/07/advisory-cve-2016-6175.html
CVE-2016-6174 (applications/core/modules/front/system/content.php in Invision Power S ...)
	NOT-FOR-US: Inivision
CVE-2016-6169 (Heap-based buffer overflow in Foxit Reader and PhantomPDF 7.3.4.311 an ...)
	NOT-FOR-US: Foxit Reader
CVE-2016-6168 (Use-after-free vulnerability in Foxit Reader and PhantomPDF 7.3.4.311  ...)
	NOT-FOR-US: Foxit Reader
CVE-2016-6167 (Multiple untrusted search path vulnerabilities in Putty beta 0.67 allo ...)
	- putty <not-affected> (Windows-specific)
CVE-2016-6166
	RESERVED
CVE-2016-6165
	RESERVED
CVE-2016-6164 (Integer overflow in the mov_build_index function in libavformat/mov.c  ...)
	- ffmpeg 7:3.1.1-1
	NOTE: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8a3221cc67a516dfc1700bdae3566ec52c7ee823
CVE-2016-1000101
	REJECTED
CVE-2016-1000100
	REJECTED
CVE-2016-1000008
	RESERVED
CVE-2016-1000006 (hhvm before 3.12.11 has a use-after-free in the serialize_memoize_para ...)
	- hhvm 3.12.11+dfsg-1
CVE-2016-1000005 (mcrypt_get_block_size did not enforce that the provided "module" param ...)
	- hhvm 3.12.11+dfsg-1
CVE-2016-1000004 (Insufficient type checks were employed prior to casting input data in  ...)
	- hhvm 3.12.11+dfsg-1
CVE-2016-6173 (NSD before 4.1.11 allows remote DNS master servers to cause a denial o ...)
	- nsd 4.1.11-1 (unimportant; bug #830806)
	NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790
	NOTE: Not considered a security issue due to trust relationship, see #830806
CVE-2016-6172 (PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote pr ...)
	{DSA-3664-1 DLA-627-1}
	- pdns 4.0.1-1 (bug #830808)
	NOTE: https://github.com/PowerDNS/pdns/issues/4128
	NOTE: Master: https://github.com/PowerDNS/pdns/pull/4133
	NOTE: 3.4.x: https://github.com/PowerDNS/pdns/pull/4134
CVE-2016-6171 (Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of s ...)
	- knot 2.3.0-1 (bug #830809)
	[jessie] - knot <no-dsa> (Minor issue)
	NOTE: https://gitlab.labs.nic.cz/labs/knot/merge_requests/541
	NOTE: https://gitlab.labs.nic.cz/labs/knot/issues/464
CVE-2016-6170 (ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x throug ...)
	- bind9 1:9.10.6+dfsg-1 (unimportant; bug #830810)
	NOTE: Not fixed upstream, proposed patches below are unofficial:
	NOTE: Fixed by https://github.com/sischkg/xfer-limit/blob/master/bind-9.10.3-xfer-limit-0.0.1.patch
	NOTE: Fixed by https://github.com/sischkg/xfer-limit/blob/master/bind-9.9.9-P1-xfer-limit-0.0.1.patch
	NOTE: Negligible security impact
CVE-2016-6163 (The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librs ...)
	- librsvg 2.40.9-2
	[jessie] - librsvg <no-dsa> (Minor issue)
	[wheezy] - librsvg <not-affected> (vulnerable code not present, no segfault)
	NOTE: Fixed by: https://git.gnome.org/browse/librsvg/commit/?id=0035e95118a60c0cd3949c2300472d805e16a022 (2.40.7)
	NOTE: Reproducer attached in http://seclists.org/oss-sec/2016/q3/7
CVE-2016-6162 (net/core/skbuff.c in the Linux kernel 4.7-rc6 allows local users to ca ...)
	- linux <not-affected> (Vulnerable code introduced in 4.7-rc1)
CVE-2016-6161 (The output function in gd_gif_out.c in the GD Graphics Library (aka li ...)
	{DSA-3619-1 DLA-563-1}
	- libgd2 2.2.1-1
	NOTE: https://github.com/libgd/libgd/issues/209
	NOTE: https://github.com/libgd/libgd/commit/82b80dcb70a7ca8986125ff412bceddafc896842 (gd-2.2.0)
CVE-2016-6159 (The management interface of Huawei WS331a routers with software before ...)
	NOT-FOR-US: Huawei
CVE-2016-6158 (Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei W ...)
	NOT-FOR-US: Huawei
CVE-2016-6157
	RESERVED
CVE-2016-6156 (Race condition in the ec_device_ioctl_xcmd function in drivers/platfor ...)
	- linux 4.7.2-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/096cdc6f52225835ff503f987a0d68ef770bb78e
	NOTE: Introduced by: https://git.kernel.org/linus/a841178445bb72a3d566b4e6ab9d19e9b002eb47 (v4.2-rc1)
CVE-2016-6155
	RESERVED
CVE-2016-6154 (The authentication applet in Watchguard Fireware 11.11 Operating Syste ...)
	NOT-FOR-US: Watchguard
CVE-2016-6152 (CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated ...)
	NOT-FOR-US: eHealth
CVE-2016-6151 (CA eHealth 6.2.x allows remote authenticated users to cause a denial o ...)
	NOT-FOR-US: eHealth
CVE-2016-6150 (The multi-tenant database container feature in SAP HANA does not prope ...)
	NOT-FOR-US: SAP HANA
CVE-2016-6149 (SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensi ...)
	NOT-FOR-US: SAP HANA
CVE-2016-6148 (SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denia ...)
	NOT-FOR-US: SAP HANA
CVE-2016-6147 (An unspecified interface in SAP TREX 7.10 Revision 63 allows remote at ...)
	NOT-FOR-US: SAP TREX
CVE-2016-6146 (The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to ...)
	NOT-FOR-US: SAP
CVE-2016-6145 (The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides diffe ...)
	NOT-FOR-US: SAP HANA
CVE-2016-6144 (The SQL interface in SAP HANA before Revision 102 does not limit the n ...)
	NOT-FOR-US: SAP HANA
CVE-2016-6143 (SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbit ...)
	NOT-FOR-US: SAP HANA
CVE-2016-6142 (SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers t ...)
	NOT-FOR-US: SAP
CVE-2016-6141
	RESERVED
CVE-2016-6140 (SAP TREX 7.10 Revision 63 allows remote attackers to write to arbitrar ...)
	NOT-FOR-US: SAP TREX
CVE-2016-6139 (SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary fi ...)
	NOT-FOR-US: SAP TREX
CVE-2016-6138 (Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows  ...)
	NOT-FOR-US: SAP TREX
CVE-2016-6137 (An unspecified function in SAP TREX 7.10 Revision 63 allows remote att ...)
	NOT-FOR-US: SAP
CVE-2016-6136 (Race condition in the audit_log_single_execve_arg function in kernel/a ...)
	{DSA-3659-1 DLA-609-1}
	- linux 4.7.2-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=120681
	NOTE: https://github.com/linux-audit/audit-kernel/issues/18
	NOTE: Fixed by: https://git.kernel.org/linus/43761473c254b45883a64441dd0bc85a42f3645c (4.8-rc1)
CVE-2016-6135
	RESERVED
CVE-2016-6134
	RESERVED
CVE-2016-1000007 (Pagure 2.2.1 XSS in raw file endpoint ...)
	- pagure <not-affected> (Fixed before initial upload to the archive)
	NOTE: https://pagure.io/pagure/c/070d63983fe5daef92005ea33d3b8c693c224c77
CVE-2016-6160 (tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause  ...)
	{DLA-544-1}
	- tcpreplay 3.4.4-3 (bug #829350)
	[jessie] - tcpreplay 3.4.4-2+deb8u1
CVE-2016-6133 (Cross-site scripting (XSS) vulnerability in Ektron Content Management  ...)
	NOT-FOR-US: Ektron
CVE-2016-6153 (os_unix.c in SQLite before 3.13.0 improperly implements the temporary  ...)
	{DLA-543-1}
	- sqlite3 3.13.0-1
	[jessie] - sqlite3 3.8.7.1-1+deb8u2
	NOTE: http://www.sqlite.org/cgi/src/info/67985761aa93fb61
	NOTE: http://www.sqlite.org/cgi/src/info/b38fe522cfc971b3
	NOTE: and possibly http://www.sqlite.org/cgi/src/info/614bb709d34e1148
	NOTE: https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt
CVE-2016-6129 (The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, a ...)
	{DLA-612-1}
	- libtomcrypt 1.17-8 (bug #837042)
	[jessie] - libtomcrypt <no-dsa> (Minor issue)
	NOTE: https://github.com/OP-TEE/optee_os/commit/30d13250c390c4f56adefdcd3b64b7cc672f9fe2
	NOTE: libtomcrypt ship the corresponding patch in
	NOTE: https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd09
	NOTE: The CVE is originally assigend to OP-TEE, but the underlying issue seems to be in
	NOTE: libtomcrypt, thus keep that source package as well for now associated.
CVE-2016-6127 (Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x b ...)
	{DSA-3882-1 DLA-987-1}
	- request-tracker4 4.4.1-4
CVE-2016-6126 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote at ...)
	NOT-FOR-US: IBM
CVE-2016-6125 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross- ...)
	NOT-FOR-US: IBM
CVE-2016-6124 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote at ...)
	NOT-FOR-US: IBM
CVE-2016-6123 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross- ...)
	NOT-FOR-US: IBM
CVE-2016-6122 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to se ...)
	NOT-FOR-US: IBM
CVE-2016-6121 (IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulner ...)
	NOT-FOR-US: IBM
CVE-2016-6120
	RESERVED
CVE-2016-6119
	RESERVED
CVE-2016-6118 (IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to c ...)
	NOT-FOR-US: IBM
CVE-2016-6117 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed with acti ...)
	NOT-FOR-US: IBM
CVE-2016-6116 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote atta ...)
	NOT-FOR-US: IBM
CVE-2016-6115 (IBM General Parallel File System is vulnerable to a buffer overflow. A ...)
	NOT-FOR-US: IBM
CVE-2016-6114 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-6113 (IBM Verse is vulnerable to cross-site scripting. This vulnerability al ...)
	NOT-FOR-US: IBM
CVE-2016-6112 (IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10 ...)
	NOT-FOR-US: IBM
CVE-2016-6111 (IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a de ...)
	NOT-FOR-US: IBM
CVE-2016-6110 (IBM Tivoli Storage Manager discloses unencrypted login credentials to  ...)
	NOT-FOR-US: IBM
CVE-2016-6109
	RESERVED
CVE-2016-6108
	RESERVED
CVE-2016-6107
	RESERVED
CVE-2016-6106
	RESERVED
CVE-2016-6105 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authent ...)
	NOT-FOR-US: IBM
CVE-2016-6104 (IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote att ...)
	NOT-FOR-US: IBM
CVE-2016-6103 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-si ...)
	NOT-FOR-US: IBM
CVE-2016-6102 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive informat ...)
	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2016-6101
	RESERVED
CVE-2016-6100 (IBM Disposal and Governance Management for IT and IBM Global Retention ...)
	NOT-FOR-US: IBM
CVE-2016-6099 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive infor ...)
	NOT-FOR-US: IBM
CVE-2016-6098 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permiss ...)
	NOT-FOR-US: IBM
CVE-2016-6097 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages  ...)
	NOT-FOR-US: IBM
CVE-2016-6096 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to  ...)
	NOT-FOR-US: IBM
CVE-2016-6095 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate accoun ...)
	NOT-FOR-US: IBM
CVE-2016-6094 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an erro ...)
	NOT-FOR-US: IBM
CVE-2016-6093 (IBM Tivoli Key Lifecycle Manager does not require that users should ha ...)
	NOT-FOR-US: IBM
CVE-2016-6092 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user crede ...)
	NOT-FOR-US: IBM
CVE-2016-6091
	REJECTED
CVE-2016-6090 (IBM WebSphere Commerce contains an unspecified vulnerability that coul ...)
	NOT-FOR-US: IBM
CVE-2016-6089 (IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write t ...)
	NOT-FOR-US: IBM
CVE-2016-6088
	RESERVED
CVE-2016-6087 (IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials us ...)
	NOT-FOR-US: IBM
CVE-2016-6086
	RESERVED
CVE-2016-6085 (IBM BigFix Platform could allow an attacker on the local network to cr ...)
	NOT-FOR-US: IBM
CVE-2016-6084 (IBM BigFix Platform could allow an attacker on the local network to cr ...)
	NOT-FOR-US: IBM
CVE-2016-6083 (IBM Tivoli Monitoring V6 could allow an unauthenticated user to access ...)
	NOT-FOR-US: IBM
CVE-2016-6082 (IBM BigFix Platform could allow a remote attacker to execute arbitrary ...)
	NOT-FOR-US: IBM
CVE-2016-6081
	RESERVED
CVE-2016-6080 (The WebAdmin context for WebSphere Message Broker allows directory lis ...)
	NOT-FOR-US: IBM
CVE-2016-6079 (IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability t ...)
	NOT-FOR-US: IBM
CVE-2016-6078
	RESERVED
CVE-2016-6077 (IBM Cognos Disclosure Management 10.2 could allow a malicious attacker ...)
	NOT-FOR-US: IBM
CVE-2016-6076
	RESERVED
CVE-2016-6075
	RESERVED
CVE-2016-6074
	RESERVED
CVE-2016-6073
	RESERVED
CVE-2016-6072 (IBM Maximo Asset Management is vulnerable to cross-site scripting. Thi ...)
	NOT-FOR-US: IBM
CVE-2016-6071
	RESERVED
CVE-2016-6070
	RESERVED
CVE-2016-6069
	RESERVED
CVE-2016-6068 (IBM UrbanCode Deploy could allow an authenticated user with access to  ...)
	NOT-FOR-US: IBM
CVE-2016-6067
	RESERVED
CVE-2016-6066
	RESERVED
CVE-2016-6065 (IBM Security Guardium Database Activity Monitor appliance could allow  ...)
	NOT-FOR-US: IBM
CVE-2016-6064
	RESERVED
CVE-2016-6063
	RESERVED
CVE-2016-6062 (IBM Resilient v26.0, v26.1, and v26.2 is vulnerable to cross-site scri ...)
	NOT-FOR-US: IBM
CVE-2016-6061 (IBM Jazz Foundation is vulnerable to cross-site scripting. This vulner ...)
	NOT-FOR-US: IBM
CVE-2016-6060 (An undisclosed vulnerability in IBM Rational DOORS Next Generation 4.0 ...)
	NOT-FOR-US: IBM
CVE-2016-6059 (IBM InfoSphere Information Server is vulnerable to a denial of service ...)
	NOT-FOR-US: IBM
CVE-2016-6058
	RESERVED
CVE-2016-6057
	RESERVED
CVE-2016-6056 (IBM Call Center for Commerce 9.3 and 9.4 is vulnerable to cross-site s ...)
	NOT-FOR-US: IBM Call Center for Commerce
CVE-2016-6055 (IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to  ...)
	NOT-FOR-US: IBM
CVE-2016-6054 (IBM Jazz Foundation is vulnerable to cross-site scripting. This vulner ...)
	NOT-FOR-US: IBM
CVE-2016-6053
	RESERVED
CVE-2016-6052
	RESERVED
CVE-2016-6051
	RESERVED
CVE-2016-6050
	RESERVED
CVE-2016-6049
	RESERVED
CVE-2016-6048
	RESERVED
CVE-2016-6047 (IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2016-6046 (IBM Tivoli Storage Manager Operations Center is vulnerable to cross-si ...)
	NOT-FOR-US: IBM
CVE-2016-6045 (IBM Tivoli Storage Manager Operations Center is vulnerable to cross-si ...)
	NOT-FOR-US: IBM
CVE-2016-6044 (IBM Tivoli Storage Manager Operations Center could allow an authentica ...)
	NOT-FOR-US: IBM
CVE-2016-6043 (Tivoli Storage Manager Operations Center could allow a local user to t ...)
	NOT-FOR-US: IBM
CVE-2016-6042 (IBM AppScan Enterprise Edition could allow a remote attacker to execut ...)
	NOT-FOR-US: IBM
CVE-2016-6041
	RESERVED
CVE-2016-6040 (IBM Jazz Foundation could allow an authenticated user to take over a p ...)
	NOT-FOR-US: IBM
CVE-2016-6039 (IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2016-6038 (Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightw ...)
	NOT-FOR-US: Tivoli
CVE-2016-6037 (IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A rem ...)
	NOT-FOR-US: IBM
CVE-2016-6036 (IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2016-6035 (IBM Rational Quality Manager is vulnerable to cross-site scripting. Th ...)
	NOT-FOR-US: IBM
CVE-2016-6034 (IBM Tivoli Storage Manager for Virtual Environments (VMware) could dis ...)
	NOT-FOR-US: IBM
CVE-2016-6033 (IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vu ...)
	NOT-FOR-US: IBM
CVE-2016-6032 (IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-6031 (IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross ...)
	NOT-FOR-US: IBM
CVE-2016-6030 (IBM Jazz Foundation is vulnerable to cross-site scripting. This vulner ...)
	NOT-FOR-US: IBM
CVE-2016-6029 (IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could  ...)
	NOT-FOR-US: IBM
CVE-2016-6028 (IBM Jazz technology based products might allow an attacker to view wor ...)
	NOT-FOR-US: IBM
CVE-2016-6027 (The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 bef ...)
	NOT-FOR-US: IBM
CVE-2016-6026 (The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 bef ...)
	NOT-FOR-US: IBM
CVE-2016-6025 (The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 bef ...)
	NOT-FOR-US: IBM
CVE-2016-6024 (IBM Jazz technology based products might divulge information that migh ...)
	NOT-FOR-US: IBM
CVE-2016-6023 (Directory traversal vulnerability in the Configuration Manager in IBM  ...)
	NOT-FOR-US: IBM
CVE-2016-6022 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-si ...)
	NOT-FOR-US: IBM
CVE-2016-6021 (IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is vul ...)
	NOT-FOR-US: IBM
CVE-2016-6020 (IBM Sterling B2B Integrator Standard Edition could allow a remote atta ...)
	NOT-FOR-US: IBM
CVE-2016-6019 (IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10. ...)
	NOT-FOR-US: IBM
CVE-2016-6018 (IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error  ...)
	NOT-FOR-US: IBM
CVE-2016-6017
	RESERVED
CVE-2016-6016
	RESERVED
CVE-2016-6015
	RESERVED
CVE-2016-6014
	RESERVED
CVE-2016-6013
	RESERVED
CVE-2016-6012
	RESERVED
CVE-2016-6011
	RESERVED
CVE-2016-6010
	RESERVED
CVE-2016-6009
	RESERVED
CVE-2016-6008
	RESERVED
CVE-2016-6007
	RESERVED
CVE-2016-6006
	RESERVED
CVE-2016-6005
	RESERVED
CVE-2016-6004
	RESERVED
CVE-2016-6003
	RESERVED
CVE-2016-6002
	RESERVED
CVE-2016-6001 (IBM Forms Experience Builder could be susceptible to a server-side req ...)
	NOT-FOR-US: IBM
CVE-2016-6000 (IBM TRIRIGA Application Platform is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2016-5999
	RESERVED
CVE-2016-5998
	RESERVED
CVE-2016-5997 (The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP ...)
	NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2016-5996 (The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP ...)
	NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2016-5995 (Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1  ...)
	NOT-FOR-US: IBM
CVE-2016-5994 (IBM InfoSphere Information Server contains a vulnerability that would  ...)
	NOT-FOR-US: IBM
CVE-2016-5993
	RESERVED
CVE-2016-5992 (IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix0 ...)
	NOT-FOR-US: IBM
CVE-2016-5991 (IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix0 ...)
	NOT-FOR-US: IBM
CVE-2016-5990 (IBM Security Privileged Identity Manager Virtual Appliance allows an a ...)
	NOT-FOR-US: IBM
CVE-2016-5989
	RESERVED
CVE-2016-5988 (IBM Security Privileged Identity Manager Virtual Appliance could discl ...)
	NOT-FOR-US: IBM
CVE-2016-5987 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10  ...)
	NOT-FOR-US: IBM
CVE-2016-5986 (IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x befo ...)
	NOT-FOR-US: IBM
CVE-2016-5985 (The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vu ...)
	NOT-FOR-US: IBM
CVE-2016-5984 (IBM InfoSphere Information Server is vulnerable to cross-frame scripti ...)
	NOT-FOR-US: IBM
CVE-2016-5983 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before ...)
	NOT-FOR-US: IBM
CVE-2016-5982
	RESERVED
CVE-2016-5981 (Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace XT t ...)
	NOT-FOR-US: IBM
CVE-2016-5980 (IBM TRIRIGA Application Platform is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2016-5979 (IBM Distributed Marketing 8.6, 9.0, and 10.0 could allow a privileged  ...)
	NOT-FOR-US: IBM
CVE-2016-5978 (Cross-site scripting (XSS) vulnerability in the Web UI in the web port ...)
	NOT-FOR-US: IBM
CVE-2016-5977 (Open redirect vulnerability in the web portal in IBM Tealeaf Customer  ...)
	NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2016-5976 (The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP ...)
	NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2016-5975 (Cross-site scripting (XSS) vulnerability in the Web UI in the web port ...)
	NOT-FOR-US: IBM
CVE-2016-5974 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security ...)
	NOT-FOR-US: IBM
CVE-2016-5973
	RESERVED
CVE-2016-5972 (IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x ...)
	NOT-FOR-US: IBM Security Privileged Identity Manager
CVE-2016-5971 (IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x ...)
	NOT-FOR-US: IBM Security Privileged Identity Manager
CVE-2016-5970 (Directory traversal vulnerability in IBM Security Privileged Identity  ...)
	NOT-FOR-US: IBM Security Privileged Identity Manager
CVE-2016-5969
	RESERVED
CVE-2016-5968 (The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1. ...)
	NOT-FOR-US: IBM
CVE-2016-5967 (The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0  ...)
	NOT-FOR-US: IBM
CVE-2016-5966 (IBM Security Privileged Identity Manager Virtual Appliance could allow ...)
	NOT-FOR-US: IBM
CVE-2016-5965
	RESERVED
CVE-2016-5964 (IBM Security Privileged Identity Manager Virtual Appliance version 2.0 ...)
	NOT-FOR-US: IBM
CVE-2016-5963 (IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x ...)
	NOT-FOR-US: IBM
CVE-2016-5962
	RESERVED
CVE-2016-5961
	RESERVED
CVE-2016-5960 (IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user c ...)
	NOT-FOR-US: IBM
CVE-2016-5959 (IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensit ...)
	NOT-FOR-US: IBM
CVE-2016-5958 (IBM Security Privileged Identity Manager could allow a remote attacker ...)
	NOT-FOR-US: IBM
CVE-2016-5957 (IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x ...)
	NOT-FOR-US: IBM
CVE-2016-5956
	RESERVED
CVE-2016-5955 (Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Ge ...)
	NOT-FOR-US: IBM
CVE-2016-5954 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
	NOT-FOR-US: IBM
CVE-2016-5953 (IBM Sterling Order Management transmits the session identifier within  ...)
	NOT-FOR-US: IBM
CVE-2016-5952 (IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A rem ...)
	NOT-FOR-US: IBM
CVE-2016-5951 (IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2016-5950 (IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in c ...)
	NOT-FOR-US: IBM
CVE-2016-5949 (IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to  ...)
	NOT-FOR-US: IBM
CVE-2016-5948 (IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2016-5947 (IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2 ...)
	NOT-FOR-US: IBM
CVE-2016-5946 (Directory traversal vulnerability in IBM Spectrum Control (formerly Ti ...)
	NOT-FOR-US: IBM
CVE-2016-5945 (IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2 ...)
	NOT-FOR-US: IBM
CVE-2016-5944 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum ...)
	NOT-FOR-US: IBM
CVE-2016-5943 (IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2 ...)
	NOT-FOR-US: IBM
CVE-2016-5942 (IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vu ...)
	NOT-FOR-US: IBM
CVE-2016-5941 (IBM Kenexa LMS on Cloud could allow a remote attacker to traverse dire ...)
	NOT-FOR-US: IBM
CVE-2016-5940 (IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vu ...)
	NOT-FOR-US: IBM
CVE-2016-5939 (IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attac ...)
	NOT-FOR-US: IBM
CVE-2016-5938 (IBM Kenexa LMS on Cloud allows web pages to be stored locally which ca ...)
	NOT-FOR-US: IBM
CVE-2016-5937 (IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request f ...)
	NOT-FOR-US: IBM
CVE-2016-5936
	RESERVED
CVE-2016-5935 (IBM Jazz for Service Management could allow a remote attacker to obtai ...)
	NOT-FOR-US: IBM
CVE-2016-5934 (IBM Tivoli Storage Manager FastBack installer could allow a remote att ...)
	NOT-FOR-US: IBM
CVE-2016-5933 (IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host heade ...)
	NOT-FOR-US: IBM
CVE-2016-5932 (IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scr ...)
	NOT-FOR-US: IBM
CVE-2016-5931
	RESERVED
CVE-2016-5930
	RESERVED
CVE-2016-5929
	RESERVED
CVE-2016-5928
	RESERVED
CVE-2016-5927 (IBM Tivoli Storage Manager for Space Management (aka Spectrum Protect  ...)
	NOT-FOR-US: IBM
CVE-2016-5926
	RESERVED
CVE-2016-5925
	RESERVED
CVE-2016-5924
	RESERVED
CVE-2016-5923
	RESERVED
CVE-2016-5922
	RESERVED
CVE-2016-5921
	RESERVED
CVE-2016-5920 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financia ...)
	NOT-FOR-US: IBM
CVE-2016-5919 (IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weake ...)
	NOT-FOR-US: IBM
CVE-2016-5918 (IBM Tivoli Storage Manager HSM for Windows displays the encrypted Tivo ...)
	NOT-FOR-US: IBM
CVE-2016-5917
	RESERVED
CVE-2016-5916
	RESERVED
CVE-2016-5915
	RESERVED
CVE-2016-5914
	RESERVED
CVE-2016-5913
	RESERVED
CVE-2016-5912
	RESERVED
CVE-2016-5911
	RESERVED
CVE-2016-5910
	RESERVED
CVE-2016-5909
	RESERVED
CVE-2016-5908
	RESERVED
CVE-2016-5907
	RESERVED
CVE-2016-5906
	RESERVED
CVE-2016-5905 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...)
	NOT-FOR-US: IBM
CVE-2016-5904
	RESERVED
CVE-2016-5903
	RESERVED
CVE-2016-5902 (IBM Maximo Asset Management is vulnerable to cross-site scripting. Thi ...)
	NOT-FOR-US: IBM
CVE-2016-5901 (Cross-site scripting (XSS) vulnerability in a test page in IBM Busines ...)
	NOT-FOR-US: IBM
CVE-2016-5900 (IBM Tealeaf Customer Experience on Cloud Network Capture Add-On could  ...)
	NOT-FOR-US: IBM
CVE-2016-5899 (IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2016-5898 (IBM Jazz Reporting Service (JRS) could allow a remote attacker to obta ...)
	NOT-FOR-US: IBM
CVE-2016-5897 (IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. A re ...)
	NOT-FOR-US: IBM
CVE-2016-5896 (IBM Maximo Asset Management could disclose sensitive information from  ...)
	NOT-FOR-US: IBM
CVE-2016-5895
	RESERVED
CVE-2016-5894 (IBM WebSphere Commerce Enterprise, Professional, Express, and Develope ...)
	NOT-FOR-US: IBM
CVE-2016-5893 (IBM Sterling B2B Integrator Standard Edition 5.2 allows web pages to b ...)
	NOT-FOR-US: IBM
CVE-2016-5892 (Cross-site scripting (XSS) vulnerability in IBM 10x, as used in Multi- ...)
	NOT-FOR-US: IBM
CVE-2016-5891
	RESERVED
CVE-2016-5890 (IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 50 ...)
	NOT-FOR-US: IBM
CVE-2016-5889 (IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site reque ...)
	NOT-FOR-US: IBM
CVE-2016-5888 (IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site scrip ...)
	NOT-FOR-US: IBM
CVE-2016-5887
	RESERVED
CVE-2016-5886
	RESERVED
CVE-2016-5885
	RESERVED
CVE-2016-5884 (IBM iNotes is vulnerable to cross-site scripting. This vulnerability a ...)
	NOT-FOR-US: IBM
CVE-2016-5883 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vul ...)
	NOT-FOR-US: IBM
CVE-2016-5882 (IBM iNotes is vulnerable to cross-site scripting. This vulnerability a ...)
	NOT-FOR-US: IBM
CVE-2016-5881 (IBM iNotes is vulnerable to cross-site scripting. This vulnerability a ...)
	NOT-FOR-US: IBM
CVE-2016-5880 (IBM iNotes is vulnerable to cross-site scripting. This vulnerability a ...)
	NOT-FOR-US: IBM
CVE-2016-5879 (MQCLI on IBM MQ Appliance M2000 and M2001 devices allows local users t ...)
	NOT-FOR-US: IBM
CVE-2016-5878 (Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before 4.0. ...)
	NOT-FOR-US: IBM
CVE-2016-5877
	RESERVED
CVE-2016-6132 (The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka l ...)
	{DSA-3619-1}
	- libgd2 2.2.2-29-g3c2b605-1 (bug #829694)
	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/libgd/libgd/issues/247
	NOTE: https://github.com/libgd/libgd/commit/ead349e99868303b37f5e6e9d9d680c9dc71ff8d
CVE-2016-6131 (The demangler in GNU Libiberty allows remote attackers to cause a deni ...)
	{DLA-552-1}
	- libiberty 20161017-1 (low; bug #840889)
	[jessie] - libiberty <no-dsa> (Minor issue)
	- ht 2.1.0+repack1-2 (low)
	[jessie] - ht <no-dsa> (Minor issue)
	[wheezy] - ht <no-dsa> (Minor issue)
	- binutils 2.27.51.20161102-1 (low)
	[jessie] - binutils <ignored> (Minor issue)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71696
	NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=239143
CVE-2016-6130 (Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/cha ...)
	{DSA-3616-1}
	- linux 4.6.1-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/532c34b5fbf1687df63b3fcd5b2846312ac943c6
CVE-2016-6128 (The gdImageCropThreshold function in gd_crop.c in the GD Graphics Libr ...)
	{DSA-3619-1}
	- libgd2 2.2.2-29-g3c2b605-1 (bug #829062)
	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/libgd/libgd/compare/3fe0a7128bac5000fdcfab888bd2a75ec0c9447d...fd623025505e87bba7ec8555eeb72dae4fb0afd
	NOTE: Crop support introduced in https://github.com/libgd/libgd/commit/f67452e1f82f1c2496e0859d638172bee74b43a0 (gd-2.1.0-alpha1)
	- php7.0 7.0.9-1 (unimportant)
	- php5 5.6.26+dfsg-1 (unimportant)
	[jessie] - php5 5.6.26+dfsg-0+deb8u1
	[wheezy] - php5 <not-affected> (Vulnerable code not present)
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72494
	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
CVE-2016-5876 (ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery ap ...)
	- owncloud <removed>
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-010
CVE-2016-5875
	REJECTED
CVE-2016-5874 (Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers  ...)
	NOT-FOR-US: Siemens
CVE-2016-5872 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5871 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5870 (The msm_ipc_router_close function in net/ipc_router/ipc_router_socket. ...)
	- linux <not-affected> (Qualcomm-specific kernel patch)
CVE-2016-5869
	RESERVED
CVE-2016-5868 (drivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5867 (In a sound driver in Android for MSM, Firefox OS for MSM, QRD Android, ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5866
	RESERVED
CVE-2016-5865
	RESERVED
CVE-2016-5864 (In an audio driver function in all Qualcomm products with Android for  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5863 (In an ioctl handler in all Qualcomm products with Android for MSM, Fir ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5862 (When a control related to codec is issued from userspace in all Qualco ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5861 (In a display driver in all Qualcomm products with Android for MSM, Fir ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5860 (In an audio driver in all Qualcomm products with Android for MSM, Fire ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5859 (In a sound driver in all Qualcomm products with Android for MSM, Firef ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5858 (In an ioctl handler in all Qualcomm products with Android for MSM, Fir ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5857 (The Qualcomm SPCom driver in Android before 7.0 allows local users to  ...)
	NOTE: Red Hat seem to have typoed the CVE, which should be CVE-2016-5875, asked to confirm
CVE-2016-5856 (Drivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android k ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5855 (In a driver in all Qualcomm products with Android for MSM, Firefox OS  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5854 (In a driver in all Qualcomm products with Android for MSM, Firefox OS  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5853 (In an audio driver in all Qualcomm products with Android releases from ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5852 (For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and N ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2016-5850 (Cross-site scripting (XSS) vulnerability in the volume backup service  ...)
	NOT-FOR-US: Huawei
CVE-2016-5873 (Buffer overflow in the HTTP URL parsing functions in pecl_http before  ...)
	- php-pecl-http 3.0.1-0.1
	[jessie] - php-pecl-http <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.php.net/bug.php?id=71719
	NOTE: https://github.com/m6w6/ext-http/commit/3724cd76a28be1d6049b5537232e97ac567ae1f5/def
CVE-2016-5851 (python-docx before 0.8.6 allows context-dependent attackers to conduct ...)
	NOT-FOR-US: python-docx
CVE-2016-5849 (Siemens SICAM PAS through 8.07 allows local users to obtain sensitive  ...)
	NOT-FOR-US: Siemens SICAM PAS
CVE-2016-5848 (Siemens SICAM PAS before 8.07 does not properly restrict password data ...)
	NOT-FOR-US: Siemens SICAM PAS
CVE-2016-5847 (SAP SAPCAR allows local users to change the permissions of arbitrary f ...)
	NOT-FOR-US: SAP SAPCAR
CVE-2016-5846
	RESERVED
CVE-2016-5845 (SAP SAPCAR does not check the return value of file operations when ext ...)
	NOT-FOR-US: SAP SAPCAR
CVE-2016-5843 (Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2 ...)
	NOT-FOR-US: OTRS addon
CVE-2016-5840 (hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3 ...)
	NOT-FOR-US: Trend Micro Deep Discovery Inspector
CVE-2016-5831
	RESERVED
CVE-2016-5830
	RESERVED
CVE-2016-5822 (Huawei Oceanstor 5800 before V300R002C10SPC100 allows remote attackers ...)
	NOT-FOR-US: Huawei
CVE-2016-5821 (Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0.4.30 ...)
	NOT-FOR-US: Huawei HiSuite
CVE-2016-5820
	REJECTED
CVE-2016-5819 (Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G ...)
	NOT-FOR-US: Moxa
CVE-2016-5818 (An issue was discovered in Schneider Electric PowerLogic PM8ECC device ...)
	NOT-FOR-US: Schneider
CVE-2016-5817 (SQL injection vulnerability in news pages in Cargotec Navis WebAccess  ...)
	NOT-FOR-US: Cargotec
CVE-2016-5816 (A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305- ...)
	NOT-FOR-US: Westermo
CVE-2016-5815 (An issue was discovered on Schneider Electric IONXXXX series power met ...)
	NOT-FOR-US: Schneider
CVE-2016-5814 (Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, RSL ...)
	NOT-FOR-US: Rockwell
CVE-2016-5813 (An issue was discovered in Visonic PowerLink2, all versions prior to O ...)
	NOT-FOR-US: Visonic PowerLink
CVE-2016-5812 (Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3 ...)
	NOT-FOR-US: Moxa
CVE-2016-5811 (An issue was discovered in Visonic PowerLink2, all versions prior to O ...)
	NOT-FOR-US: Visonic PowerLink
CVE-2016-5810 (upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2016-5809 (An issue was discovered on Schneider Electric IONXXXX series power met ...)
	NOT-FOR-US: Schneider
CVE-2016-5808
	REJECTED
CVE-2016-5807 (Tollgrade LightHouse SMS before 5.1 patch 3 allows remote authenticate ...)
	NOT-FOR-US: Tollgrade
CVE-2016-5806
	REJECTED
CVE-2016-5805 (An issue was discovered in Delta Electronics WPLSoft, Versions prior t ...)
	NOT-FOR-US: Delta Electronics WPLSoft
CVE-2016-5804 (Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 be ...)
	NOT-FOR-US: Moxa
CVE-2016-5803 (An issue was discovered in CA Unified Infrastructure Management Versio ...)
	NOT-FOR-US: CA Unified Infrastructure Management
CVE-2016-5802 (An issue was discovered in Delta Electronics WPLSoft, Versions prior t ...)
	NOT-FOR-US: Delta Electronics WPLSoft
CVE-2016-5801 (An issue was discovered in OmniMetrix OmniView, Version 1.2. Insuffici ...)
	NOT-FOR-US: OmniMetrix OmniView
CVE-2016-5800 (A malicious attacker can trigger a remote buffer overflow in the Commu ...)
	NOT-FOR-US: Fatek
CVE-2016-5799 (Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3 ...)
	NOT-FOR-US: Moxa
CVE-2016-5798 (An issue was discovered in Fatek Automation PM Designer V3 Version 2.1 ...)
	NOT-FOR-US: Fatek Automation PM Designer
CVE-2016-5797 (Tollgrade LightHouse SMS before 5.1 patch 3 provides different error m ...)
	NOT-FOR-US: Tollgrade
CVE-2016-5796 (An issue was discovered in Fatek Automation PM Designer V3 Version 2.1 ...)
	NOT-FOR-US: Fatek Automation PM Designer
CVE-2016-5795 (An XXE issue was discovered in Automated Logic Corporation (ALC) Liebe ...)
	NOT-FOR-US: Automated Logic Corporation (ALC)
CVE-2016-5794
	REJECTED
CVE-2016-5793 (Unquoted Windows search path vulnerability in Moxa Active OPC Server b ...)
	NOT-FOR-US: Moxa
CVE-2016-5792 (SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote a ...)
	NOT-FOR-US: Moxa
CVE-2016-5791 (An Improper Authentication issue was discovered in JanTek JTC-200, all ...)
	NOT-FOR-US: JanTek JTC-200
CVE-2016-5790 (Tollgrade LightHouse SMS before 5.1 patch 3 allows remote attackers to ...)
	NOT-FOR-US: Tollgrade
CVE-2016-5789 (A Cross-site Request Forgery issue was discovered in JanTek JTC-200, a ...)
	NOT-FOR-US: JanTek JTC-200
CVE-2016-5788 (General Electric (GE) Bently Nevada 3500/22M USB with firmware before  ...)
	NOT-FOR-US: General Electric (GE) Bently Nevada
CVE-2016-5787 (General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8. ...)
	NOT-FOR-US: CIMPLICITY
CVE-2016-5786 (An issue was discovered in OmniMetrix OmniView, Version 1.2. The OmniV ...)
	NOT-FOR-US: OmniMetrix OmniView
CVE-2016-5785
	RESERVED
CVE-2016-5784
	RESERVED
CVE-2016-5783
	RESERVED
CVE-2016-5782 (An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50 ...)
	NOT-FOR-US: Locus Energy LGate
CVE-2016-5781 (Stack-based buffer overflow in WECON LeviStudio allows remote attacker ...)
	NOT-FOR-US: LeviStudio
CVE-2016-5780
	RESERVED
CVE-2016-5779
	RESERVED
CVE-2016-5778
	RESERVED
CVE-2016-5777
	RESERVED
CVE-2016-5776
	RESERVED
CVE-2016-5775
	RESERVED
CVE-2016-5774 (The HTTPS server in Blue Coat PacketShaper S-Series 11.5.x before 11.5 ...)
	NOT-FOR-US: Blue Coat
CVE-2016-5765 (Administrative Server in Micro Focus Host Access Management and Securi ...)
	NOT-FOR-US: Micro Focus
CVE-2016-5764 (Micro Focus Rumba FTP 4.X client buffer overflow makes it possible to  ...)
	NOT-FOR-US: Micro Focus Rumba
CVE-2016-5763 (Vulnerability in Novell Open Enterprise Server (OES2015 SP1 before Sch ...)
	NOT-FOR-US: Novell Open Enterprise Server
CVE-2016-5762 (Integer overflow in the Post Office Agent in Novell GroupWise before 2 ...)
	NOT-FOR-US: Novell GroupWise
CVE-2016-5761 (Cross-site scripting (XSS) vulnerability in Novell GroupWise before 20 ...)
	NOT-FOR-US: Novell GroupWise
CVE-2016-5760 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...)
	NOT-FOR-US: Novell GroupWise
CVE-2016-5759 (The mkdumprd script called "dracut" in the current working directory " ...)
	NOT-FOR-US: SuSE-specific Dracut script mkdumprd
CVE-2016-5758 (A cross site request forgery protection mechanism in NetIQ Access Mana ...)
	NOT-FOR-US: NetIQ
CVE-2016-5757 (iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fi ...)
	NOT-FOR-US: NetIQ
CVE-2016-5756 (Multiple components of the web tools in NetIQ Access Manager 4.1 befor ...)
	NOT-FOR-US: NetIQ
CVE-2016-5755 (NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 w ...)
	NOT-FOR-US: NetIQ
CVE-2016-5754 (Presence of a .htaccess file could leak information in NetIQ Access Ma ...)
	NOT-FOR-US: NetIQ
CVE-2016-5753
	RESERVED
CVE-2016-5752 (The SAML2 implementation in Identity Server in NetIQ Access Manager 4. ...)
	NOT-FOR-US: NetIQ
CVE-2016-5751 (An unfiltered finalizer target URL in the SAML processing feature in I ...)
	NOT-FOR-US: NetIQ
CVE-2016-5750 (The certificate upload feature in iManager in NetIQ Access Manager 4.1 ...)
	NOT-FOR-US: NetIQ
CVE-2016-5749 (NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was pa ...)
	NOT-FOR-US: NetIQ
CVE-2016-5748 (External Entity Processing (XXE) vulnerability in the "risk score" app ...)
	NOT-FOR-US: NetIQ
CVE-2016-5747 (A security vulnerability in cookie handling in the http stack implemen ...)
	NOT-FOR-US: Novell
CVE-2016-5746 (libstorage, libstorage-ng, and yast-storage improperly store passphras ...)
	NOT-FOR-US: libstorage
CVE-2016-5745 (F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-5844 (Integer overflow in the ISO parser in libarchive before 3.2.1 allows r ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.1-1
	NOTE: Upstream ticket: https://github.com/libarchive/libarchive/issues/717
	NOTE: Upstream fix: https://github.com/libarchive/libarchive/commit/3ad08e01b4d253c66ae56414886089684155af22 (v3.2.1)
CVE-2016-5842 (MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote atta ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #831034)
	NOTE: Details: https://www.openwall.com/lists/oss-security/2016/06/23/1
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b
	NOTE: Reproducer http://bugs.fi/media/afl/imagemagick/CVE-2016-5842.jpg
CVE-2016-5841 (Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #831034)
	NOTE: Details: https://www.openwall.com/lists/oss-security/2016/06/23/1
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b
	NOTE: Reproducer http://bugs.fi/media/afl/imagemagick/CVE-2016-5841.jpg
CVE-2016-5829 (Multiple heap-based buffer overflows in the hiddev_ioctl_usage functio ...)
	{DSA-3616-1 DLA-609-1}
	- linux 4.6.3-1
	NOTE: Fixed by: https://git.kernel.org/linus/93a2001bdfd5376c3dc2158653034c20392d15c5
CVE-2016-5828 (The start_thread function in arch/powerpc/kernel/process.c in the Linu ...)
	{DSA-3616-1}
	- linux 4.6.3-1
	[wheezy] - linux <not-affected> (Introduced in v3.10-rc1)
	NOTE: https://patchwork.ozlabs.org/patch/636776/
	NOTE: Introduced in https://git.kernel.org/linus/bc2a9408fa65195288b41751016c36fd00a75a85 (v3.10-rc1)
CVE-2016-5827 (The icaltime_from_string function in libical 0.47 and 1.0 allows remot ...)
	- libical <removed>
	[stretch] - libical <ignored> (Minor issue)
	[jessie] - libical <no-dsa> (Minor issue)
	[wheezy] - libical <no-dsa> (Low prio according to upstream)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1281043
	NOTE: This issue fixed by the commits referenced via https://github.com/libical/libical/issues/251
	NOTE: https://github.com/libical/libical/commit/38757abb495ea6cb40faa5418052278bf75040f7
	NOTE: https://github.com/libical/libical/commit/04d84749e53db08c71ed0ce8b6ba5c11082743cd
	NOTE: https://github.com/libical/libical/commit/830d9530817516377c2bc3b532798ce2c6b4765a
CVE-2016-5826 (The parser_get_next_char function in libical 0.47 and 1.0 allows remot ...)
	- libical <removed>
	[stretch] - libical <ignored> (Minor issue)
	[jessie] - libical <no-dsa> (Minor issue)
	[wheezy] - libical <no-dsa> (Low prio according to upstream)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1281041
CVE-2016-5825 (The icalparser_parse_string function in libical 0.47 and 1.0 allows re ...)
	- libical <removed>
	[stretch] - libical <ignored> (Minor issue)
	[jessie] - libical <no-dsa> (Minor issue)
	[wheezy] - libical <no-dsa> (Low prio according to upstream)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1280832
CVE-2016-5824 (libical 1.0 allows remote attackers to cause a denial of service (use- ...)
	{DLA-959-1}
	- libical <removed> (bug #860451)
	[stretch] - libical <ignored> (Minor issue)
	[jessie] - libical <no-dsa> (Minor issue)
	- thunderbird 1:60.5.0-1
	NOTE: Original report: https://github.com/libical/libical/issues/235
	NOTE: Reopened at: https://bugzilla.mozilla.org/show_bug.cgi?id=1275400
	NOTE: Reproducer: https://bugzilla.mozilla.org/attachment.cgi?id=8757553
	NOTE: Related upstream ticket: https://github.com/libical/libical/issues/286
	NOTE: Related upstream ticket: https://github.com/libical/libical/issues/251
	NOTE: Whilst the upstream commits in issues/251 fix the issue of #251 itself
	NOTE: they do not fix the bugzilla.mozilla.org case 1275400 which was assigned
	NOTE: in https://www.openwall.com/lists/oss-security/2016/06/25/4
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2016-5824
	NOTE: thunderbird uses embedded libical copy
CVE-2016-5823 (The icalproperty_new_clone function in libical 0.47 and 1.0 allows rem ...)
	- libical 1.0-1
	[wheezy] - libical <no-dsa> (Only possible denial of service, not severe enough to solve)
	NOTE: possibly correct upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1275787
	NOTE: Exact fixing commit unfortunately not bisected, need more investigation
CVE-2016-5744 (Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote attackers  ...)
	NOT-FOR-US: Siemens
CVE-2016-5743 (Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SI ...)
	NOT-FOR-US: Siemens
CVE-2016-5839 (WordPress before 4.5.3 allows remote attackers to bypass the sanitize_ ...)
	{DSA-3639-1 DLA-568-1}
	- wordpress 4.5.3+dfsg-1
	NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
	NOTE: https://core.trac.wordpress.org/ticket/37111
	NOTE: https://core.trac.wordpress.org/changeset/37818
CVE-2016-5838 (WordPress before 4.5.3 allows remote attackers to bypass intended pass ...)
	{DSA-3639-1 DLA-568-1}
	- wordpress 4.5.3+dfsg-1
	NOTE: https://core.trac.wordpress.org/changeset/37762/
	NOTE: https://core.trac.wordpress.org/ticket/37047
	NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
CVE-2016-5837 (WordPress before 4.5.3 allows remote attackers to bypass intended acce ...)
	{DSA-3639-1 DLA-568-1}
	- wordpress 4.5.3+dfsg-1
	NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
	NOTE: Upstream bug: https://core.trac.wordpress.org/ticket/36379
	NOTE: Fixed by: https://core.trac.wordpress.org/changeset/37781
CVE-2016-5836 (The oEmbed protocol implementation in WordPress before 4.5.3 allows re ...)
	{DLA-1452-1 DLA-633-1}
	- wordpress 4.5.3+dfsg-1
	NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
	NOTE: Upstream ticket: https://core.trac.wordpress.org/ticket/36767
	NOTE: Fixed by (Branch 4.4): https://core.trac.wordpress.org/changeset/37798
CVE-2016-5835 (WordPress before 4.5.3 allows remote attackers to obtain sensitive rev ...)
	{DSA-3639-1 DLA-568-1}
	- wordpress 4.5.3+dfsg-1
	NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
	NOTE: https://core.trac.wordpress.org/changeset/37800
CVE-2016-5834 (Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link ...)
	{DSA-3639-1 DLA-568-1}
	- wordpress 4.5.3+dfsg-1
	NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
	NOTE: https://core.trac.wordpress.org/changeset/37790/
CVE-2016-5833 (Cross-site scripting (XSS) vulnerability in the column_title function  ...)
	- wordpress 4.5.3+dfsg-1
	[jessie] - wordpress <not-affected> (vulnerable code not present)
	[wheezy] - wordpress <not-affected> (vulnerable code not present)
	NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
CVE-2016-5832 (The customizer in WordPress before 4.5.3 allows remote attackers to by ...)
	{DSA-3639-1 DLA-568-1}
	- wordpress 4.5.3+dfsg-1
	NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
	NOTE: Fixed by: https://core.trac.wordpress.org/changeset/37773/
CVE-2016-5773 (php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6. ...)
	{DSA-3618-1 DLA-628-1}
	- php7.0 7.0.8-1
	- php5 5.6.23+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72434
	NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=f6aef68089221c5ea047d4a74224ee3deead99a6
	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5772 (Double free vulnerability in the php_wddx_process_data function in wdd ...)
	{DSA-3618-1 DLA-628-1}
	- php7.0 7.0.8-1
	- php5 5.6.23+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72340
	NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c
	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5771 (spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before ...)
	{DSA-3618-1 DLA-628-1}
	- php7.0 <not-affected> (Does not affect PHP 7.x)
	- php5 5.6.23+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72433
	NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c
	NOTE: Fixed in 5.5.37, 5.6.23
CVE-2016-5770 (Integer overflow in the SplFileObject::fread function in spl_directory ...)
	{DSA-3618-1 DLA-628-1}
	- php7.0 7.0.8-1
	- php5 5.6.23+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72262
	NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=7245bff300d3fa8bacbef7897ff080a6f1c23eba
	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5769 (Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP  ...)
	{DSA-3618-1 DLA-628-1}
	- php7.0 7.0.8-1
	- php5 5.6.23+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72455
	NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=6c5211a0cef0cc2854eaa387e0eb036e012904d0
	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5768 (Double free vulnerability in the _php_mb_regex_ereg_replace_exec funct ...)
	{DSA-3618-1 DLA-628-1}
	- php7.0 7.0.8-1
	- php5 5.6.23+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72402
	NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=5b597a2e5b28e2d5a52fc1be13f425f08f47cb62
	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5767 (Integer overflow in the gdImageCreate function in gd.c in the GD Graph ...)
	- php7.0 7.0.8-1 (unimportant)
	- php5 5.6.23+dfsg-1 (unimportant)
	[jessie] - php5 5.6.23+dfsg-0+deb8u1
	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72446
	NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=c395c6e5d7e8df37a21265ff76e48fe75ceb5ae6
	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
	- libgd2 2.0.34~rc1-1
	NOTE: Fixed by: https://github.com/libgd/libgd/commit/cfee163a5e848fc3e3fb1d05a30d7557cdd36457 (GD_2_0_34RC1)
CVE-2016-5766 (Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD G ...)
	{DSA-3619-1 DLA-534-1}
	- php7.0 7.0.8-1 (unimportant)
	- php5 5.6.23+dfsg-1 (unimportant)
	[jessie] - php5 5.6.23+dfsg-0+deb8u1
	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72339
	NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=7722455726bec8c53458a32851d2a87982cf0eac
	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
	- libgd2 2.2.2-29-g3c2b605-1 (bug #829014)
	NOTE: https://github.com/libgd/libgd/issues/243
	NOTE: https://github.com/libgd/libgd/commit/aba3db8ba159465ecec1089027a24835a6da9cc0
CVE-2016-5741
	RESERVED
CVE-2016-5740 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-5739 (The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16 ...)
	{DSA-3627-1 DLA-551-1}
	- phpmyadmin 4:4.6.3-1
CVE-2016-5738
	RESERVED
CVE-2016-5736 (The default configuration of the IPsec IKE peer listener in F5 BIG-IP  ...)
	NOT-FOR-US: BIG-IP
CVE-2016-5735 (Integer overflow in the rwpng_read_image24_libpng function in rwpng.c  ...)
	{DLA-2257-1 DLA-966-1}
	- pngquant 2.5.0-2 (bug #863469)
	NOTE: https://github.com/pornel/pngquant/commit/b7c217680cda02dddced245d237ebe8c383be285
CVE-2016-5734 (phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x be ...)
	- phpmyadmin 4:4.6.3-1
	[jessie] - phpmyadmin <no-dsa> (Vulnerable only with a php version earlier than the one in jessie)
	[wheezy] - phpmyadmin <no-dsa> (Vulnerable only with a php version earlier than the one in wheezy)
CVE-2016-5733 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0. ...)
	{DSA-3627-1 DLA-551-1}
	- phpmyadmin 4:4.6.3-1
CVE-2016-5732 (Multiple cross-site scripting (XSS) vulnerabilities in the partition-r ...)
	- phpmyadmin 4:4.6.3-1
	[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2016-5731 (Cross-site scripting (XSS) vulnerability in examples/openid.php in php ...)
	{DSA-3627-1 DLA-551-1}
	- phpmyadmin 4:4.6.3-1 (low)
CVE-2016-5730 (phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x be ...)
	- phpmyadmin 4:4.6.3-1 (unimportant)
	NOTE: path disclosure irrelevant in Debian
CVE-2016-5742 (SQL injection vulnerability in the XML-RPC interface in Movable Type P ...)
	{DLA-532-1}
	- movabletype-opensource <removed>
	NOTE: https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html
	NOTE: https://www.openwall.com/lists/oss-security/2016/06/22/3
	NOTE: https://github.com/movabletype/movabletype/commit/42113544e7d8ebf6064b7b01b921734b667a1682
CVE-2016-5737 (The Gerrit configuration in the Openstack Puppet module for Gerrit (ak ...)
	NOT-FOR-US: Openstack-infra puppet-gerrit module
CVE-2016-5729 (Lenovo BIOS EFI Driver allows local administrators to execute arbitrar ...)
	NOT-FOR-US: Lenovo
CVE-2016-5728 (Race condition in the vop_ioctl function in drivers/misc/mic/vop/vop_v ...)
	{DSA-3616-1}
	- linux 4.6.1-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Upstream fix: https://git.kernel.org/linus/9bf292bfca94694a721449e3fd752493856710f6 (v4.7-rc1)
	NOTE: Introduced in: https://git.kernel.org/linus/f69bcbf3b4c4b333dcd7a48eaf868bf0c88edab5 (v3.13-rc1)
CVE-2016-5725 (Directory traversal vulnerability in JCraft JSch before 0.1.54 on Wind ...)
	{DLA-2184-1 DLA-611-1}
	- jsch 0.1.54-1 (low)
	NOTE: https://sourceforge.net/p/jsch/mailman/message/35318093/
CVE-2016-5724 (Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagn ...)
	NOT-FOR-US: Cloudera
CVE-2016-5723 (Huawei FusionInsight HD before V100R002C60SPC200 allows local users to ...)
	NOT-FOR-US: Huawei
CVE-2016-5722 (Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3 ...)
	NOT-FOR-US: OceanStor
CVE-2016-5721 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collabor ...)
	NOT-FOR-US: Zimbra
CVE-2016-5720 (Multiple untrusted search path vulnerabilities in Microsoft Skype allo ...)
	NOT-FOR-US: Skype
CVE-2016-5719
	RESERVED
CVE-2016-5718
	RESERVED
CVE-2016-5717
	RESERVED
CVE-2016-5716 (The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 i ...)
	- puppet <not-affected> (Limited to Puppet Enterprise)
CVE-2016-5715 (Open redirect vulnerability in the Console in Puppet Enterprise 2015.x ...)
	- puppet <not-affected> (Limited to Puppet Enterprise)
CVE-2016-5714 (Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agen ...)
	- puppet 4.8.0-1
	[jessie] - puppet <not-affected> (Vulnerable code introduced later)
	[wheezy] - puppet <not-affected> (Vulnerable code introduced later)
	NOTE: https://puppet.com/security/cve/pxp-agent-oct-2016
	NOTE: triaged away in Ubuntu: "Default configurations of FOSS Puppet Agent are not vulnerable."
	NOTE: gentoo released a fix: https://security.gentoo.org/glsa/201710-12
	NOTE: rosetta stone for puppet version numbers: https://puppet.com/docs/puppet/4.10/about_agent.html
CVE-2016-5713 (Versions of Puppet Agent prior to 1.6.0 included a version of the Pupp ...)
	- puppet 4.7.0-1
	[jessie] - puppet <not-affected> (Vulnerable code introduced later)
	[wheezy] - puppet <not-affected> (Vulnerable code introduced later)
	NOTE: Puppet Agent 1.3.0 (puppet: 4.3.0) - 1.5.x affected
	NOTE: Resolved in Puppet Agent 1.6.0 (4.6.0)
	NOTE: https://puppet.com/security/cve/cve-2016-5713
CVE-2016-5712
	RESERVED
CVE-2016-5711 (NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a  ...)
	NOT-FOR-US: NetApp
CVE-2016-5710 (NetApp Snap Creator Framework before 4.3P1 allows remote authenticated ...)
	NOT-FOR-US: NetApp Snap Creator Framework
CVE-2016-5709 (SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encrypti ...)
	NOT-FOR-US: SolarWinds
CVE-2016-5708
	RESERVED
CVE-2016-5707
	RESERVED
CVE-2016-5706 (js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x befo ...)
	{DSA-3627-1}
	- phpmyadmin 4:4.6.3-1 (low)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2016-5705 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4. ...)
	{DSA-3627-1}
	- phpmyadmin 4:4.6.3-1
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2016-5704 (Cross-site scripting (XSS) vulnerability in the table-structure page i ...)
	- phpmyadmin 4:4.6.3-1
	[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2016-5703 (SQL injection vulnerability in libraries/central_columns.lib.php in ph ...)
	- phpmyadmin 4:4.6.3-1
	[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2016-5702 (phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF v ...)
	- phpmyadmin 4:4.6.3-1 (low)
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	[wheezy] - phpmyadmin <no-dsa> (Minor issue)
CVE-2016-5701 (setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4. ...)
	{DSA-3627-1}
	- phpmyadmin 4:4.6.3-1
	[wheezy] - phpmyadmin <no-dsa> (Minor issue)
CVE-2016-5700 (Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-5698
	RESERVED
CVE-2016-5697 (Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapp ...)
	- ruby-saml 1.3.0-1 (bug #828076)
	NOTE: https://github.com/onelogin/ruby-saml/commit/a571f52171e6bfd87db59822d1d9e8c38fb3b995
CVE-2016-5695
	RESERVED
CVE-2016-5694
	RESERVED
CVE-2016-5693
	RESERVED
CVE-2016-5692
	RESERVED
CVE-2016-5686 (Johnson &amp; Johnson Animas OneTouch Ping devices mishandle acknowled ...)
	NOT-FOR-US: Animas OneTouch Ping
CVE-2016-5685 (Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow a ...)
	NOT-FOR-US: Dell
CVE-2016-5684 (An exploitable out-of-bounds write vulnerability exists in the XMP ima ...)
	{DSA-3692-1 DLA-647-1}
	- freeimage 3.17.0+ds1-3 (bug #839827)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0189/
	NOTE: http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginXPM.cpp?r1=1.17&r2=1.18
	NOTE: http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginXPM.cpp?r1=1.18&r2=1.19
CVE-2016-5683 (ReadyDesk 9.1 allows local users to determine cleartext SQL Server cre ...)
	NOT-FOR-US: ReadyDesk
CVE-2016-5682 (Swagger-UI before 2.2.1 has XSS via the Default field in the Definitio ...)
	- node-swagger-ui <itp> (bug #871461)
	- swagger-ui <itp> (bug #895422)
CVE-2016-5681 (Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.0 ...)
	NOT-FOR-US: D-Link
CVE-2016-5680 (Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7. ...)
	NOT-FOR-US: NUUO and NETGEAR NAS devices
CVE-2016-5679 (cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR Rea ...)
	NOT-FOR-US: NUUO and NETGEAR NAS devices
CVE-2016-5678 (NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0. ...)
	NOT-FOR-US: NUUO and NETGEAR NAS devices
CVE-2016-5677 (NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0,  ...)
	NOT-FOR-US: NUUO and NETGEAR NAS devices
CVE-2016-5676 (cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1 ...)
	NOT-FOR-US: NUUO and NETGEAR NAS devices
CVE-2016-5675 (handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO  ...)
	NOT-FOR-US: NUUO and NETGEAR NAS devices
CVE-2016-5674 (__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, ...)
	NOT-FOR-US: NUUO and NETGEAR NAS devices
CVE-2016-5673 (UltraVNC Repeater before 1300 does not restrict destination IP address ...)
	NOT-FOR-US: UltraVNC
CVE-2016-5672 (Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x bef ...)
	- crosswalk <itp> (bug #775876)
CVE-2016-5671 (Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron ...)
	NOT-FOR-US: Creston
CVE-2016-5670 (Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.30 ...)
	NOT-FOR-US: Creston
CVE-2016-5669 (Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.30 ...)
	NOT-FOR-US: Creston
CVE-2016-5668 (Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.30 ...)
	NOT-FOR-US: Creston
CVE-2016-5667 (Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.30 ...)
	NOT-FOR-US: Creston
CVE-2016-5666 (Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.30 ...)
	NOT-FOR-US: Creston
CVE-2016-5665
	RESERVED
CVE-2016-5664 (Directory traversal vulnerability on Accellion Kiteworks appliances be ...)
	NOT-FOR-US: Accellion Kiteworks
CVE-2016-5663 (Multiple cross-site scripting (XSS) vulnerabilities in oauth_callback. ...)
	NOT-FOR-US: Accellion Kiteworks
CVE-2016-5662 (Accellion Kiteworks appliances before kw2016.03.00 use setuid-root per ...)
	NOT-FOR-US: Accellion Kiteworks
CVE-2016-5661 (Accela Civic Platform Citizen Access portal relies on the client to re ...)
	NOT-FOR-US: Accela
CVE-2016-5660 (Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Ac ...)
	NOT-FOR-US: Accela
CVE-2016-5659
	RESERVED
CVE-2016-5658
	RESERVED
CVE-2016-5657
	RESERVED
	NOT-FOR-US: Apache Archiva
CVE-2016-5656
	RESERVED
CVE-2016-5655 (Misys FusionCapital Opics Plus does not verify X.509 certificates from ...)
	NOT-FOR-US: Misys
CVE-2016-5654 (Misys FusionCapital Opics Plus allows remote authenticated users to ga ...)
	NOT-FOR-US: Misys
CVE-2016-5653 (Multiple SQL injection vulnerabilities in Misys FusionCapital Opics Pl ...)
	NOT-FOR-US: Misys
CVE-2016-5652 (An exploitable heap-based buffer overflow exists in the handling of TI ...)
	{DSA-3762-1 DLA-693-1}
	- tiff 4.0.6-3 (bug #842361)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0187/
	NOTE: https://github.com/vadz/libtiff/commit/b5d6803f0898e931cf772d3d0755704ab8488e63
CVE-2016-5651
	RESERVED
CVE-2016-5650 (ZModo ZP-NE14-S and ZP-IBH-13W devices do not enforce a WPA2 configura ...)
	NOT-FOR-US: ZModo
CVE-2016-5649 (A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN22 ...)
	NOT-FOR-US: Netgear
CVE-2016-5648 (Acer Portal app before 3.9.4.2000 for Android does not properly valida ...)
	NOT-FOR-US: Acer Portal Android application
CVE-2016-5647 (The igdkmd64 module in the Intel Graphics Driver through 15.33.42.435, ...)
	NOT-FOR-US: Intel Windows drivers
CVE-2016-5646 (An exploitable heap overflow vulnerability exists in the Compound Bina ...)
	NOT-FOR-US: Lexmark
CVE-2016-5645 (Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766 ...)
	NOT-FOR-US: Rockwell
CVE-2016-5644
	RESERVED
CVE-2016-5643
	RESERVED
CVE-2016-5642 (Opmantek NMIS before 8.5.12G has XSS via SNMP. ...)
	NOT-FOR-US: Opmantek NMIS
CVE-2016-5641
	RESERVED
CVE-2016-5640 (Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron Ai ...)
	NOT-FOR-US: Creston
CVE-2016-5639 (Directory traversal vulnerability in cgi-bin/login.cgi on Crestron Air ...)
	NOT-FOR-US: Creston
CVE-2016-5638 (There are few web pages associated with the genie app on the Netgear W ...)
	NOT-FOR-US: Netgear
CVE-2016-5637 (The restore_tqb_pixels function in libbpg 0.9.5 through 0.9.7 mishandl ...)
	NOTE: https://www.kb.cert.org/vuls/id/123799
	NOTE: No further information provided, but this is very likely a dupe of CVE-2016-8710
CVE-2016-1000003 (Mirror Manager version 0.7.2 and older is vulnerable to remote code ex ...)
	NOT-FOR-US: Fedora Mirror Manager
CVE-2016-5727 (LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attacker ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2016-5726 (Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attacker ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2016-5691 (The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 al ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833044)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
CVE-2016-5690 (The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5  ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833043)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
CVE-2016-5689 (The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 al ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833042)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
	NOTE: Will be fixed in a 6.9.4-3 based version
CVE-2016-5688 (The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, w ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833003)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/fc43974d34318c834fbf78570ca1a3764ed8c7d7
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/aecd0ada163a4d6c769cec178955d5f3e9316f2f
CVE-2016-5687 (The VerticalFilter function in the DDS coder in ImageMagick before 6.9 ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832890)
	NOTE: https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG,-DDS,-DCM.html
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0b7172f2ba2c9e664d4df148e7d6e14a50edb57a
CVE-2016-5699 (CRLF injection vulnerability in the HTTPConnection.putheader function  ...)
	{DLA-1663-1 DLA-522-1}
	- python3.5 <not-affected> (Fixed with initial upload to Debian)
	- python3.4 3.4.4~rc1-1
	- python2.7 2.7.10~rc1-1
	[jessie] - python2.7 2.7.9-2+deb8u1
	NOTE: https://bugs.python.org/issue22928
	NOTE: Fixed in 3.4 / 3.5: revision 94952: https://hg.python.org/cpython/rev/bf3e1c9b80e9
	NOTE: Fixed in 2.7: revision 94951: https://hg.python.org/cpython/rev/1c45047c5102
CVE-2016-5635 (Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows re ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-5634 (Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows re ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-5633 (Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows re ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-5632 (Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows re ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-5631 (Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows re ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-5630 (Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.1 ...)
	- mariadb-10.0 10.0.27-1
	[jessie] - mariadb-10.0 10.0.27-0+deb8u1
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2016-5629 (Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 a ...)
	{DSA-3711-1}
	- mariadb-10.0 10.0.28-1
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.52-0+deb8u1
	[wheezy] - mysql-5.5 5.5.52-0+deb7u1
	NOTE: Fixed in MariaDB 5.5.52, MariaDB 10.1.18, MariaDB 10.0.28
CVE-2016-5628 (Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows re ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-5627 (Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.1 ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2016-5626 (Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 a ...)
	{DSA-3711-1}
	- mariadb-10.0 10.0.28-1
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.52-0+deb8u1
	[wheezy] - mysql-5.5 5.5.52-0+deb7u1
	NOTE: Fixed in MariaDB 5.5.52, MariaDB 10.1.18, MariaDB 10.0.28
CVE-2016-5625 (Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows lo ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-5624 (Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows re ...)
	{DSA-3711-1}
	- mariadb-10.0 10.0.28-1
	- mysql-5.7 <not-affected> (Only affects MySQL 5.5)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.5)
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.52-0+deb8u1
	[wheezy] - mysql-5.5 5.5.52-0+deb7u1
	NOTE: Fixed in MariaDB 5.5.52, MariaDB 10.1.18, MariaDB 10.0.28
CVE-2016-5623 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-5622 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-5621 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-5620 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-5619 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-5618 (Unspecified vulnerability in the Oracle Data Integrator component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-5617
	REJECTED
CVE-2016-5616
	REJECTED
CVE-2016-5615 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local user ...)
	NOT-FOR-US: Solaris
CVE-2016-5614 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-5613 (Unspecified vulnerability in the Oracle VM VirtualBox component before ...)
	- virtualbox 5.1.8-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2016-5612 (Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 a ...)
	- mariadb-10.0 10.0.27-1
	[jessie] - mariadb-10.0 10.0.27-0+deb8u1
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.52-0+deb8u1
	[wheezy] - mysql-5.5 5.5.52-0+deb7u1
CVE-2016-5611 (Unspecified vulnerability in the Oracle VM VirtualBox component before ...)
	- virtualbox 5.1.8-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2016-5610 (Unspecified vulnerability in the Oracle VM VirtualBox component before ...)
	- virtualbox 5.1.8-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2016-5609 (Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.1 ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2016-5608 (Unspecified vulnerability in the Oracle VM VirtualBox component before ...)
	- virtualbox 5.1.8-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2016-5607 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-5606 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local user ...)
	NOT-FOR-US: Solaris
CVE-2016-5605 (Unspecified vulnerability in the Oracle VM VirtualBox component before ...)
	- virtualbox 5.1.4-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2016-5604 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2016-5603 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle
CVE-2016-5602 (Unspecified vulnerability in the Oracle Data Integrator component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-5601 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-5600 (Unspecified vulnerability in the PeopleSoft Enterprise SCM Services Pr ...)
	NOT-FOR-US: Oracle
CVE-2016-5599 (Unspecified vulnerability in the Oracle Advanced Supply Chain Planning ...)
	NOT-FOR-US: Oracle
CVE-2016-5598 (Unspecified vulnerability in the MySQL Connector component 2.1.3 and e ...)
	- mysql-connector-python 2.1.5-1 (bug #841677)
	[jessie] - mysql-connector-python <not-affected> (Vulnerable code not present)
	[wheezy] - mysql-connector-python <not-affected> (Only the Python 3 code is affected which is not shipped in binary package)
	NOTE: https://blog.qualys.com/laws-of-vulnerabilities/2016/10/18/oracle-october-2016-critical-patch-update
CVE-2016-5597 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and J ...)
	{DSA-3707-1 DLA-704-1}
	- openjdk-8 8u111-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-2
	- openjdk-7 <removed>
	NOTE: #841692 tracks openjdk-7
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2016-5596 (Unspecified vulnerability in the Oracle CRM Technical Foundation compo ...)
	NOT-FOR-US: Oracle
CVE-2016-5595 (Unspecified vulnerability in the Oracle Customer Interaction History c ...)
	NOT-FOR-US: Oracle
CVE-2016-5594 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle
CVE-2016-5593 (Unspecified vulnerability in the Oracle Customer Interaction History c ...)
	NOT-FOR-US: Oracle
CVE-2016-5592 (Unspecified vulnerability in the Oracle Customer Interaction History c ...)
	NOT-FOR-US: Oracle
CVE-2016-5591 (Unspecified vulnerability in the Oracle Customer Interaction History c ...)
	NOT-FOR-US: Oracle
CVE-2016-5590 (Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQ ...)
	NOT-FOR-US: MySQL Enterprise Monitor
CVE-2016-5589 (Unspecified vulnerability in the Oracle CRM Technical Foundation compo ...)
	NOT-FOR-US: Oracle
CVE-2016-5588 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle
CVE-2016-5587 (Unspecified vulnerability in the Oracle Customer Interaction History c ...)
	NOT-FOR-US: Oracle
CVE-2016-5586 (Unspecified vulnerability in the Oracle Email Center component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-5585 (Unspecified vulnerability in the Oracle Interaction Center Intelligenc ...)
	NOT-FOR-US: Oracle
CVE-2016-5584 (Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 a ...)
	{DSA-3711-1 DSA-3706-1 DLA-708-1}
	- mariadb-10.0 10.0.28-1
	- mysql-5.7 5.7.16-1 (bug #841163)
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <removed> (bug #841050)
	NOTE: Fixed in MariaDB 5.5.53, MariaDB 10.0.28
CVE-2016-5583 (Unspecified vulnerability in the Oracle One-to-One Fulfillment compone ...)
	NOT-FOR-US: Oracle
CVE-2016-5582 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and J ...)
	{DSA-3707-1 DLA-704-1}
	- openjdk-8 8u111-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-2
	- openjdk-7 <removed>
	NOTE: #841692 tracks openjdk-7
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2016-5581 (Unspecified vulnerability in the Oracle iRecruitment component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-5580 (Unspecified vulnerability in the Secure Global Desktop component in Or ...)
	NOT-FOR-US: Secure Global Desktop
CVE-2016-5579 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle
CVE-2016-5578 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle
CVE-2016-5577 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle
CVE-2016-5576 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local user ...)
	NOT-FOR-US: Solaris
CVE-2016-5575 (Unspecified vulnerability in the Oracle Common Applications Calendar c ...)
	NOT-FOR-US: Oracle
CVE-2016-5574 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle
CVE-2016-5573 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and J ...)
	{DSA-3707-1 DLA-704-1}
	- openjdk-8 8u111-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-2
	- openjdk-7 <removed>
	NOTE: #841692 tracks openjdk-7
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2016-5572 (Unspecified vulnerability in the Kernel PDB component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2016-5571 (Unspecified vulnerability in the Oracle Applications DBA component in  ...)
	NOT-FOR-US: Oracle
CVE-2016-5570 (Unspecified vulnerability in the Oracle Applications DBA component in  ...)
	NOT-FOR-US: Oracle
CVE-2016-5569 (Unspecified vulnerability in the Oracle FLEXCUBE Enterprise Limits and ...)
	NOT-FOR-US: Oracle
CVE-2016-5568 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 al ...)
	- openjdk-8 <not-affected> (Only affects Windows)
	- openjdk-7 <not-affected> (Only affects Windows)
	- openjdk-6 <not-affected> (Only affects Windows)
CVE-2016-5567 (Unspecified vulnerability in the Oracle Applications DBA component in  ...)
	NOT-FOR-US: Oracle
CVE-2016-5566 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote att ...)
	NOT-FOR-US: Solaris
CVE-2016-5565 (Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property S ...)
	NOT-FOR-US: Oracle
CVE-2016-5564 (Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property S ...)
	NOT-FOR-US: Oracle
CVE-2016-5563 (Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property S ...)
	NOT-FOR-US: Oracle
CVE-2016-5562 (Unspecified vulnerability in the Oracle iProcurement component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-5561 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote att ...)
	NOT-FOR-US: Solaris
CVE-2016-5560 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle Siebel
CVE-2016-5559 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows loc ...)
	NOT-FOR-US: Solaris
CVE-2016-5558 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle
CVE-2016-5557 (Unspecified vulnerability in the Oracle Advanced Pricing component in  ...)
	NOT-FOR-US: Oracle
CVE-2016-5556 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 al ...)
	- openjdk-6 <not-affected> (specific to Oracle Java)
	- openjdk-7 <not-affected> (specific to Oracle Java)
	- openjdk-8 <not-affected> (specific to Oracle Java)
CVE-2016-5555 (Unspecified vulnerability in the OJVM component in Oracle Database Ser ...)
	NOT-FOR-US: Oracle
CVE-2016-5554 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and J ...)
	{DSA-3707-1 DLA-704-1}
	- openjdk-8 8u111-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-2
	- openjdk-7 <removed>
	NOTE: #841692 tracks openjdk-7
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2016-5553 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows loc ...)
	NOT-FOR-US: Solaris
CVE-2016-5552 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-3782-1 DLA-821-1}
	- openjdk-8 8u121-b13-1
	[experimental] - openjdk-7 7u121-2.6.8-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2016-5551 (Vulnerability in the Solaris Cluster component of Oracle Sun Systems P ...)
	NOT-FOR-US: Solaris
CVE-2016-5550
	REJECTED
CVE-2016-5549 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	- openjdk-8 8u121-b13-1
	- openjdk-7 <not-affected> (In the Debian package, the code is removed during build time)
CVE-2016-5548 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-3782-1 DLA-821-1}
	- openjdk-8 8u121-b13-1
	[experimental] - openjdk-7 7u121-2.6.8-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2016-5547 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-3782-1 DLA-821-1}
	- openjdk-8 8u121-b13-1
	[experimental] - openjdk-7 7u121-2.6.8-2
	- openjdk-7 <removed>
CVE-2016-5546 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-3782-1 DLA-821-1}
	- openjdk-8 8u121-b13-1
	[experimental] - openjdk-7 7u121-2.6.8-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2016-5545 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.1.14-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2016-5544 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows loc ...)
	NOT-FOR-US: Solaris
CVE-2016-5543 (Unspecified vulnerability in the Oracle FLEXCUBE Enterprise Limits and ...)
	NOT-FOR-US: Oracle
CVE-2016-5542 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and J ...)
	{DSA-3707-1 DLA-704-1}
	- openjdk-8 8u111-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-2
	- openjdk-7 <removed>
	NOTE: #841692 tracks openjdk-7
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2016-5541 (Vulnerability in the MySQL Cluster component of Oracle MySQL (subcompo ...)
	NOT-FOR-US: MySQL Cluster
CVE-2016-5540 (Unspecified vulnerability in the Oracle Retail Xstore Payment componen ...)
	NOT-FOR-US: Oracle
CVE-2016-5539 (Unspecified vulnerability in the Oracle Retail Xstore Payment componen ...)
	NOT-FOR-US: Oracle
CVE-2016-5538 (Unspecified vulnerability in the Oracle VM VirtualBox component before ...)
	- virtualbox 5.1.8-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2016-5537 (Unspecified vulnerability in the NetBeans component in Oracle Fusion M ...)
	[experimental] - netbeans 8.2+dfsg1-1
	- netbeans 10.0-1 (bug #852029)
	[stretch] - netbeans <ignored> (No details about affected code, backport of Netbeans 8.2 too intrusive)
	[wheezy] - netbeans <ignored> (No details about affected code, backport of Netbeans 8.2 too intrusive)
CVE-2016-5536 (Unspecified vulnerability in the Oracle Platform Security for Java com ...)
	NOT-FOR-US: Oracle
CVE-2016-5535 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-5534 (Unspecified vulnerability in the Siebel Apps - Customer Order Manageme ...)
	NOT-FOR-US: Oracle Siebel
CVE-2016-5533 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portf ...)
	NOT-FOR-US: Oracle
CVE-2016-5532 (Unspecified vulnerability in the Oracle Shipping Execution component i ...)
	NOT-FOR-US: Oracle
CVE-2016-5531 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-5530 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2016-5529 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2016-5528 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...)
	- glassfish <not-affected> (Vulnerable code not included, see bug #853998)
CVE-2016-5527 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-5526 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-5525 (Unspecified vulnerability in the Solaris Cluster component in Oracle S ...)
	NOT-FOR-US: Oracle
CVE-2016-5524 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-5523 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-5522 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-5521 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-5520
	REJECTED
CVE-2016-5519 (Unspecified vulnerability in the Oracle GlassFish Server component in  ...)
	- glassfish <not-affected> (Vulnerable code not included, see bug #853998)
CVE-2016-5518 (Unspecified vulnerability in the Oracle Agile Engineering Data Managem ...)
	NOT-FOR-US: Oracle
CVE-2016-5517 (Unspecified vulnerability in the Oracle Applications DBA component in  ...)
	NOT-FOR-US: Oracle
CVE-2016-5516 (Unspecified vulnerability in the Kernel PDB component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2016-5515 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-5514 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-5513 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-5512 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-5511 (Unspecified vulnerability in the Oracle WebCenter Sites component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-5510 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-5509 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-5508 (Unspecified vulnerability in the Solaris Cluster component in Oracle S ...)
	NOT-FOR-US: Solaris
CVE-2016-5507 (Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.1 ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2016-5506 (Unspecified vulnerability in the Oracle Identity Manager component in  ...)
	NOT-FOR-US: Oracle
CVE-2016-5505 (Unspecified vulnerability in the RDBMS Programmable Interface componen ...)
	NOT-FOR-US: Oracle
CVE-2016-5504 (Unspecified vulnerability in the Oracle Agile Product Lifecycle Manage ...)
	NOT-FOR-US: Oracle
CVE-2016-5503 (Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) co ...)
	NOT-FOR-US: Oracle
CVE-2016-5502 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle
CVE-2016-5501 (Unspecified vulnerability in the Oracle VM VirtualBox component before ...)
	- virtualbox 5.1.8-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2016-5500 (Unspecified vulnerability in the Oracle Discoverer component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-5499 (Unspecified vulnerability in the RDBMS Security component in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2016-5498 (Unspecified vulnerability in the RDBMS Security component in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2016-5497 (Unspecified vulnerability in the RDBMS Security component in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2016-5496
	REJECTED
CVE-2016-5495 (Unspecified vulnerability in the Oracle Discoverer component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-5494
	REJECTED
CVE-2016-5493 (Unspecified vulnerability in the Oracle FLEXCUBE Private Banking compo ...)
	NOT-FOR-US: Oracle
CVE-2016-5492 (Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) co ...)
	NOT-FOR-US: Oracle
CVE-2016-5491 (Unspecified vulnerability in the Oracle Commerce Service Center compon ...)
	NOT-FOR-US: Oracle
CVE-2016-5490 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle
CVE-2016-5489 (Unspecified vulnerability in the Oracle iStore component in Oracle E-B ...)
	NOT-FOR-US: Oracle
CVE-2016-5488 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-5487 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local user ...)
	NOT-FOR-US: Solaris
CVE-2016-5486 (Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) co ...)
	NOT-FOR-US: Oracle
CVE-2016-5485
	REJECTED
CVE-2016-5484
	REJECTED
CVE-2016-5483
	REJECTED
CVE-2016-5482 (Unspecified vulnerability in the Oracle Commerce Guided Search compone ...)
	NOT-FOR-US: Oracle
CVE-2016-5481 (Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) co ...)
	NOT-FOR-US: Oracle
CVE-2016-5480 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users  ...)
	NOT-FOR-US: Solaris
CVE-2016-5479 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...)
	NOT-FOR-US: Oracle
CVE-2016-5478
	REJECTED
CVE-2016-5477 (Unspecified vulnerability in the Oracle GlassFish Server component in  ...)
	- glassfish <not-affected> (Full application server not packaged)
CVE-2016-5476 (Unspecified vulnerability in the Oracle Retail Integration Bus compone ...)
	NOT-FOR-US: Oracle
CVE-2016-5475 (Unspecified vulnerability in the Oracle Retail Service Backbone compon ...)
	NOT-FOR-US: Oracle
CVE-2016-5474 (Unspecified vulnerability in the Oracle Retail Service Backbone compon ...)
	NOT-FOR-US: Oracle
CVE-2016-5473 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-5472 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-5471 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local user ...)
	NOT-FOR-US: Solaris
CVE-2016-5470 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-5469 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local user ...)
	NOT-FOR-US: Oracle
CVE-2016-5468 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5467 (Unspecified vulnerability in the PeopleSoft Enterprise FSCM component  ...)
	NOT-FOR-US: Oracle
CVE-2016-5466 (Unspecified vulnerability in the Siebel Core - Server Framework compon ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5465 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-5464 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5463 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5462 (Unspecified vulnerability in the Siebel Core - Server Framework compon ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5461 (Unspecified vulnerability in the Siebel Core - Server Framework compon ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5460 (Unspecified vulnerability in the Siebel Core - Server Framework compon ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5459 (Unspecified vulnerability in the Siebel Core - Common Components compo ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5458 (Unspecified vulnerability in the Oracle Communications EAGLE Applicati ...)
	NOT-FOR-US: Oracle
CVE-2016-5457 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems  ...)
	NOT-FOR-US: Oracle
CVE-2016-5456 (Unspecified vulnerability in the Siebel Core - Server Framework compon ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5455 (Unspecified vulnerability in the Oracle Communications Messaging Serve ...)
	NOT-FOR-US: Oracle
CVE-2016-5454 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local user ...)
	NOT-FOR-US: Oracle
CVE-2016-5453 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems  ...)
	NOT-FOR-US: Oracle
CVE-2016-5452 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local user ...)
	NOT-FOR-US: Oracle
CVE-2016-5451 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5450 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5449 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems  ...)
	NOT-FOR-US: Oracle
CVE-2016-5448 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems  ...)
	NOT-FOR-US: Oracle
CVE-2016-5447 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems  ...)
	NOT-FOR-US: Oracle
CVE-2016-5446 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems  ...)
	NOT-FOR-US: Oracle
CVE-2016-5445 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems  ...)
	NOT-FOR-US: Oracle
CVE-2016-5444 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 a ...)
	- mariadb-10.0 10.0.25-1
	[jessie] - mariadb-10.0 10.0.25-0+deb8u1
	- mysql-5.6 5.6.30-1
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.49-0+deb8u1
	[wheezy] - mysql-5.5 5.5.49-0+deb7u1
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-5443 (Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows lo ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-5442 (Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows re ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-5441 (Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows re ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-5440 (Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 a ...)
	{DSA-3632-1 DSA-3624-1 DLA-567-1}
	- mariadb-10.0 10.0.26-1
	- mysql-5.6 5.6.34-1 (bug #831844)
	- mysql-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-5439 (Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.1 ...)
	- mysql-5.6 5.6.34-1 (bug #831844)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-5438
	REJECTED
CVE-2016-5437 (Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows re ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-5436 (Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows re ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-5435 (Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and S ...)
	NOT-FOR-US: Huawei
CVE-2016-6211 (The User module in Drupal 7.x before 7.44 allows remote authenticated  ...)
	{DSA-3604-1 DLA-550-1}
	- drupal7 7.44-1
	NOTE: https://www.drupal.org/SA-CORE-2016-002
	NOTE: https://www.openwall.com/lists/oss-security/2016/07/13/4
	NOTE: https://gist.github.com/lamby/4697fea399f3f01ca6de3ce9ed79fce7 tarball diff
	NOTE: https://gist.github.com/lamby/dbeda4d49f48a32aa0dd4b3ed7f06a13 filtered diff
CVE-2016-5636 (Integer overflow in the get_data function in zipimport.c in CPython (a ...)
	{DLA-1663-1 DLA-522-1}
	- python3.5 3.5.2~rc1-1
	- python3.4 <removed>
	- python2.7 2.7.12~rc1-1
	[jessie] - python2.7 2.7.9-2+deb8u1
	NOTE: https://bugs.python.org/issue26171
	NOTE: 2.7: https://hg.python.org/cpython/rev/985fc64c60d6
	NOTE: 3.5: https://hg.python.org/cpython/rev/2df462852464
CVE-2016-5433 (Citrix iOS Receiver before 7.0 allows attackers to cause TLS certifica ...)
	NOT-FOR-US: Citrix
CVE-2016-5434 (libalpm, as used in pacman 5.0.1, allows remote attackers to cause a d ...)
	NOT-FOR-US: libalpm (Arch Linux Package Management (ALPM) library)
CVE-2016-5432 (The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualizat ...)
	NOT-FOR-US: ovirt-engine
CVE-2016-5431 (The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable t ...)
	NOT-FOR-US: jose-php
CVE-2016-5430 (The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php  ...)
	NOT-FOR-US: jose-php
CVE-2016-5429 (jose-php before 2.2.1 does not use constant-time operations for HMAC c ...)
	NOT-FOR-US: jose-php
CVE-2016-5428
	RESERVED
CVE-2016-5427 (PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not proper ...)
	{DSA-3664-1 DLA-627-1}
	- pdns 4.0.0~alpha1-1
	NOTE: Only affects PowerDNS Authoritative Server up to and including 3.4.9, 4.x not affected
	NOTE: Added workaround to mark first 4.x version in unstable as fixed.
	NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/
	NOTE: https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3
CVE-2016-5426 (PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote a ...)
	{DSA-3664-1 DLA-627-1}
	- pdns 4.0.0~alpha1-1
	NOTE: Only affects PowerDNS Authoritative Server up to and including 3.4.9, 4.x not affected
	NOTE: Added workaround to mark first 4.x version in unstable as fixed.
	NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/
	NOTE: https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3
CVE-2016-5425 (The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentO ...)
	- tomcat8 <not-affected> (Red Hat and derivatives packaging specific)
	- tomcat7 <not-affected> (Red Hat and derivatives packaging specific)
	- tomcat6 <not-affected> (Red Hat and derivatives packaging specific)
	NOTE: http://legalhackers.com/advisories/Tomcat-RedHat-Pkgs-Root-PrivEsc-Exploit-CVE-2016-5425.html
CVE-2016-5424 (PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9. ...)
	{DSA-3646-1 DLA-592-1}
	- postgresql-9.5 9.5.4-1
	- postgresql-9.4 <removed>
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=fcd15f13581f6d75c63d213220d5a94889206c1b
	NOTE: https://www.postgresql.org/about/news/1688/
CVE-2016-5423 (PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9. ...)
	{DSA-3646-1 DLA-592-1}
	- postgresql-9.5 9.5.4-1
	- postgresql-9.4 <removed>
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=f0c7b789ab12fbc8248b671c7882dd96ac932ef4
	NOTE: https://www.postgresql.org/about/news/1688/
CVE-2016-5422 (The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 ...)
	NOT-FOR-US: Red Hat JBoss Operations Network
CVE-2016-5421 (Use-after-free vulnerability in libcurl before 7.50.1 allows attackers ...)
	{DSA-3638-1}
	- curl 7.50.1-1
	[wheezy] - curl <not-affected> (introduced in 7.32.0)
	NOTE: https://curl.haxx.se/docs/adv_20160803C.html
	NOTE: Fixed by https://curl.haxx.se/CVE-2016-5421.patch
CVE-2016-5420 (curl and libcurl before 7.50.1 do not check the client certificate whe ...)
	{DSA-3638-1 DLA-586-1}
	- curl 7.50.1-1
	NOTE: https://curl.haxx.se/docs/adv_20160803B.html
	NOTE: Fixed by https://curl.haxx.se/CVE-2016-5420.patch
	NOTE: Wheezy: vulnerable code is in lib/sslgen.c
CVE-2016-5419 (curl and libcurl before 7.50.1 do not prevent TLS session resumption w ...)
	{DSA-3638-1 DLA-586-1}
	- curl 7.50.1-1
	NOTE: https://curl.haxx.se/docs/adv_20160803A.html
	NOTE: Fixed by https://curl.haxx.se/CVE-2016-5419.patch
	NOTE: Wheezy: vulnerable code is in lib/sslgen.c
CVE-2016-5418 (The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlin ...)
	{DSA-3677-1 DLA-657-1}
	- libarchive 3.2.1-4 (bug #837714)
	NOTE: Centos patch: https://git.centos.org/blob/rpms!libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES!libarchive-3.1.2-CVE-2016-5418.patch;jsessionid=1dexz8h9qdewibih5aonbu3
	NOTE: Centos additional patch: https://git.centos.org/blob/rpms!libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES!libarchive-3.1.2-CVE-2016-5418-variation.patch;jsessionid=1dexz8h9qdewibih5aonbu3
	NOTE: Fixed by (for #744): https://github.com/libarchive/libarchive/commit/1fa9c7bf90f0862036a99896b0501c381584451a
	NOTE: Fixed by (for #745 and #746): https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1362601, relates to upstream bugs #744, #745 and #746
	NOTE: https://github.com/libarchive/libarchive/issues/743 (umbrella report)
	NOTE: https://github.com/libarchive/libarchive/issues/744
	NOTE: https://github.com/libarchive/libarchive/issues/745
	NOTE: https://github.com/libarchive/libarchive/issues/746
	NOTE: Testcase: https://github.com/libarchive/libarchive/commit/063ea3ea3fcb569a380b2ebe9c9ddd8bd6ce0d49
	NOTE: Fix for testcase: https://github.com/libarchive/libarchive/commit/50952acd22df3326c49771f5e5ba48630899468c
CVE-2016-5417 (Memory leak in the __res_vinit function in the IPv6 name server manage ...)
	- glibc 2.22-4 (bug #833302)
	[jessie] - glibc <not-affected> (Introduced in 2.22)
	- eglibc <not-affected> (Introduced in 2.22)
	NOTE: Introduced by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2212c1420c92a33b0e0bd9a34938c9814a56c0f7 (glibc-2.22)
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5e7fdabd7df1fc6c56d104e61390bf5a6b526c38 (glibc-2.24)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=19257
CVE-2016-5416 (389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7,  ...)
	- 389-ds-base <unfixed> (bug #834233)
	[buster] - 389-ds-base <no-dsa> (Minor issue)
	[stretch] - 389-ds-base <no-dsa> (Minor issue)
	[jessie] - 389-ds-base <no-dsa> (Minor issue)
	NOTE: https://fedorahosted.org/389/ticket/48852
	NOTE: Potentially related: https://fedorahosted.org/389/ticket/48354
CVE-2016-5415
	RESERVED
CVE-2016-5414 (FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name ...)
	- freeipa <not-affected> (Vulnerable code introduced in the 4.4.0 release)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1360757
	NOTE: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=25ed36fda14b30d6a50746a536939e3b428993cb
CVE-2016-5413
	RESERVED
CVE-2016-5412 (arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4. ...)
	- linux 4.7.2-1
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Transactional memory not supported)
	NOTE: https://marc.info/?l=kvm&m=146968629127349&w=2
	NOTE: https://git.kernel.org/linus/93d17397e4e2182fdaad503e2f9da46202c0f1c3 (v4.8-rc1)
CVE-2016-5411 (/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart  ...)
	NOT-FOR-US: ovirt engine
CVE-2016-5410 (firewalld.py in firewalld before 0.4.3.3 allows local users to bypass  ...)
	- firewalld 0.4.3.3-1 (bug #834529)
	[jessie] - firewalld <ignored> (Minor issue)
	NOTE: Introduced by: https://github.com/t-woerner/firewalld/commit/6b9867cd5c5e2c83adeec42666521a420e59ef11
CVE-2016-5409 (Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a ...)
	NOT-FOR-US: OpenShift Enterprise
CVE-2016-5408 (Stack-based buffer overflow in the munge_other_line function in cachem ...)
	{DLA-556-1}
	- squid3 <not-affected> (Incomplete fix for CVE-2016-4051 not applied)
	NOTE: CVE is specific for the incomplete fix of CVE-2016-4051 as applied
	NOTE: by some vendors.
CVE-2016-5407 (The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org li ...)
	{DLA-667-1}
	- libxv 2:1.0.11-1 (low; bug #840438)
	[jessie] - libxv 2:1.0.10-1+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXv/commit/?id=d9da580b46a28ab497de2e94fdc7b9ff953dab17
CVE-2016-5406 (The domain controller in Red Hat JBoss Enterprise Application Platform ...)
	NOT-FOR-US: JBoss EAP
CVE-2016-5405 (389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7,  ...)
	- 389-ds-base 1.3.5.15-1 (bug #842121)
	[jessie] - 389-ds-base <no-dsa> (minor issue)
	NOTE: This affects systems storing passwords in plain text.
	NOTE: Systems using unsalted hashes might be unsafe as well if using weak
	NOTE: hash algorithms, however the attack would be very time-consuming.
	NOTE: the patch for this CVE causes CVE-2017-15135
CVE-2016-5404 (The cert_revoke command in FreeIPA does not check for the "revoke cert ...)
	- freeipa 4.3.2-5 (bug #835131)
	NOTE: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cf74584d0f772f3f5eccc1d30c001e4212a104fd (master)
	NOTE: https://fedorahosted.org/freeipa/ticket/6232
CVE-2016-5403 (The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local  ...)
	{DLA-1927-1 DLA-574-1 DLA-573-1}
	- qemu 1:2.6+dfsg-3.1 (bug #832619)
	- qemu-kvm <removed>
CVE-2016-5402 (A code injection flaw was found in the way capacity and utilization im ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2016-5401 (Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS  ...)
	NOT-FOR-US: JBoss BPMS business-central
CVE-2016-5400 (Memory leak in the airspy_probe function in drivers/media/usb/airspy/a ...)
	- linux 4.7.2-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/aa93d1fee85c890a34f2510a310e55ee76a27848 (4.7)
CVE-2016-5399 (The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x befor ...)
	{DSA-3631-1 DLA-628-1}
	- php7.0 7.0.9-1
	- php5 5.6.24+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72613
	NOTE: Partial fixes in 7.0.9, 5.6.24, 5.5.38
	NOTE: CVE is assigned for the issue in PHP in adequate error handling in the
	NOTE: bzread() function. Disputed by PHP upstream, which considers that the
	NOTE: underlying bzip2 library is at fault.
CVE-2016-5398 (Cross-site scripting (XSS) vulnerability in Business Process Editor in ...)
	NOT-FOR-US: JBoss BPMS
CVE-2016-5397 (The Apache Thrift Go client library exposed the potential during code  ...)
	- thrift-compiler <unfixed> (unimportant; bug #894577)
	[experimental] - thrift 0.10.0-1 (unimportant)
	- thrift 0.11.0-3 (unimportant)
	NOTE: https://issues.apache.org/jira/browse/THRIFT-3893
	NOTE: https://github.com/apache/thrift/commit/2007783e874d524a46b818598a45078448ecc53e
	NOTE: Fixed in 0.10.0 upstream, and in experimental src:thrift/0.10.0-1 is present
	NOTE: src:thrift only present in experimental
	NOTE: Go bindings only enabled in 0.9.3-2 (not yet in unstable)
	NOTE: Only ever affected src:thrift in experimental, and fixed in src:thrift/0.10.0-1
	NOTE: so any future upload of thrift to unstable can mark this item as <not-affected>
	NOTE: (fixed before the initial upload to Debian unstable)
CVE-2016-5396 (Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Att ...)
	- trafficserver 7.0.0-1
	[wheezy] - trafficserver <not-affected> (Vulnerable code not present)
	NOTE: https://issues.apache.org/jira/browse/TS-5019
CVE-2016-5395 (Cross-site scripting (XSS) vulnerability in the create user functional ...)
	NOT-FOR-US: Apache Ranger
CVE-2016-5394 (In the XSS Protection API module before 1.0.12 in Apache Sling, the en ...)
	NOT-FOR-US: Apache Sling
CVE-2016-5393 (In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote u ...)
	- hadoop <itp> (bug #793644)
CVE-2016-5392 (The API server in Kubernetes, as used in Red Hat OpenShift Enterprise  ...)
	NOT-FOR-US: OpenShift
CVE-2016-5391 (libreswan before 3.18 allows remote attackers to cause a denial of ser ...)
	- libreswan <not-affected> (Fixed before the initial upload to Debian)
	NOTE: https://libreswan.org/security/CVE-2016-5391/CVE-2016-5391.txt
CVE-2016-5390 (Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authentica ...)
	- foreman <itp> (bug #663101)
CVE-2016-5696 (net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly  ...)
	{DSA-3659-1 DLA-609-1}
	- linux 4.7.2-1
	NOTE: Introduced by: https://github.com/torvalds/linux/commit/282f23c6ee343126156dd41218b22ece96d747e3
	NOTE: Fixed by: https://github.com/torvalds/linux/commit/75ff39ccc1bd5d3c455b6822ab09e533c551f758
CVE-2016-5389
	REJECTED
CVE-2016-5388 (Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI S ...)
	{DLA-1883-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.0.37-1
	- tomcat7 7.0.72-1
	[jessie] - tomcat7 7.0.56-3+really7.0.88-1
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
	NOTE: The Tomcat CGI servlet sets HTTP_PROXY based on a Proxy: header.
	NOTE: This CVE was special since not assigned to a vulnerability but for a mitigation
	NOTE: thus marking as fixed for 8.0.37 and 7.0.71 (upstream) and with according
	NOTE: versions in Debian.
	NOTE: https://svn.apache.org/r1756941 (8.0.x)
	NOTE: https://svn.apache.org/r1756942 (7.0.x)
CVE-2016-1000111 (Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1 ...)
	- twisted 16.4.0-1 (unimportant)
	[wheezy] - twisted <not-affected> (For wheezy affected file twcgi.py is in src:twisted-web)
	- twisted-web <removed>
	[wheezy] - twisted-web <no-dsa> (Minor issue)
	NOTE: https://twistedmatrix.com/trac/ticket/8623
	NOTE: https://github.com/twisted/twisted/commit/bcac75e6180c9eee4337322c109eb5d1cac51165
	NOTE: No part of Twisted does set HTTP_PROXY based on a Proxy: header, upstream plans
	NOTE: to drop related CGI code in future release
CVE-2016-1000108 (yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18  ...)
	- yaws 2.0.3-2 (bug #832433)
	[jessie] - yaws 1.98-4+deb8u1
	[wheezy] - yaws <no-dsa> (Minor issue; can be fixed along with a future DSA)
	NOTE: https://github.com/klacke/yaws/commit/9d8fb070e782c95821c90d0ca7372fc6d7316c78#diff-54053c47eb173a90c26ed19bd9d106c1
CVE-2016-1000104 (A security Bypass vulnerability exists in the FcgidPassHeader Proxy in ...)
	NOTE: libapache2-mod-fcgid does not set HTTP_PROXY based on Proxy: header unless
	NOTE: explicitly configured so and mitigations for Apache in CVE-2016-5387 prevent
	NOTE: exploitation anyway
CVE-2016-5387 (The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18  ...)
	{DSA-3623-1 DLA-553-1}
	- apache2 2.4.23-2
	NOTE: https://www.apache.org/security/asf-httpoxy-response.txt
	NOTE: https://httpoxy.org
CVE-2016-5386 (The net/http package in Go through 1.6 does not attempt to address RFC ...)
	- golang <unfixed> (unimportant)
	NOTE: No part of Go does set HTTP_PROXY based on a Proxy: header, 1.6.3 and 1.7
	NOTE: provide hardening to discard HTTP_PROXY
CVE-2016-5385 (PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18  ...)
	{DSA-3631-1 DLA-749-1}
	- php7.0 7.0.9-1
	- php5 5.6.24+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72573
	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-5384 (fontconfig before 2.12.1 does not validate offsets, which allows local ...)
	{DSA-3644-1 DLA-587-1}
	- fontconfig 2.11.0-6.5 (bug #833570)
	NOTE: https://lists.freedesktop.org/archives/fontconfig/2016-August/005792.html
	NOTE: Fixed by: https://cgit.freedesktop.org/fontconfig/commit/?id=7a4a5bd7897d216f0794ca9dbce0a4a5c9d14940 (2.12.1)
CVE-2016-5383 (The web UI in Red Hat CloudForms 4.1 allows remote authenticated users ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2016-5382
	RESERVED
CVE-2016-5381
	RESERVED
CVE-2016-5380
	RESERVED
CVE-2016-5379
	RESERVED
CVE-2016-5378
	RESERVED
CVE-2016-5377
	RESERVED
CVE-2016-5376
	RESERVED
CVE-2016-5375
	RESERVED
CVE-2016-5374 (NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated ...)
	NOT-FOR-US: NetApp
CVE-2016-5373
	RESERVED
CVE-2016-5372 (Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator ...)
	NOT-FOR-US: NetApp
CVE-2016-5371
	RESERVED
CVE-2016-5370
	RESERVED
CVE-2016-5369
	RESERVED
CVE-2016-5368 (Memory leak in Huawei AR3200 before V200R007C00SPC900 allows remote at ...)
	NOT-FOR-US: Huawei
CVE-2016-5367 (Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow re ...)
	NOT-FOR-US: Huawei
CVE-2016-5366 (Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow re ...)
	NOT-FOR-US: Huawei
CVE-2016-5365 (Stack-based buffer overflow in Huawei Honor WS851 routers with softwar ...)
	NOT-FOR-US: Huawei
CVE-2016-5364 (Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_p ...)
	{DLA-512-1}
	- mantis <removed>
	NOTE: http://github.com/mantisbt/mantisbt/commit/5068df2d (1.2.x)
	NOTE: https://mantisbt.org/bugs/view.php?id=20956
CVE-2016-5363 (The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 thro ...)
	- neutron 2:8.1.2-1
	[jessie] - neutron <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/bugs/1558658
CVE-2016-5362 (The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 thro ...)
	- neutron 2:8.1.2-1
	[jessie] - neutron <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/bugs/1558658
CVE-2016-5349 (The high level operating systems (HLOS) was not providing sufficient m ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5348 (The GPS component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1 ...)
	NOT-FOR-US: Android
CVE-2016-5347 (In all Qualcomm products with Android releases from CAF using the Linu ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5346 (An Information Disclosure vulnerability exists in the Google Pixel/Pix ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5345 (Buffer overflow in the Qualcomm radio driver in Android before 2017-01 ...)
	NOT-FOR-US: Qualcomm radio driver for Android
CVE-2016-5344 (Multiple integer overflows in the MDSS driver for the Linux kernel 3.x ...)
	- linux <not-affected> (Android-specific kernel patch)
CVE-2016-5343 (drivers/soc/qcom/qdsp6v2/voice_svc.c in the QDSP6v2 Voice Service driv ...)
	- linux <not-affected> (Android-specific kernel patch)
CVE-2016-5342 (Heap-based buffer overflow in the wcnss_wlan_write function in drivers ...)
	- linux <not-affected> (Android-specific kernel patch)
CVE-2016-5341 (The GPS component in Android before 2016-12-05 allows man-in-the-middl ...)
	NOT-FOR-US: Android
CVE-2016-5340 (The is_ashmem_file function in drivers/staging/android/ashmem.c in a c ...)
	- linux <not-affected> (Android-specific kernel patch, is_ashmem_file/put_ashmem_file not present in mainline kernel)
CVE-2016-5339
	RESERVED
CVE-2016-5361 (programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial ...)
	- libreswan <not-affected> (Fixed before initial upload to Debian)
	NOTE: Possibly the CVE should be rejected: https://www.openwall.com/lists/oss-security/2016/06/13/1
	NOTE: MITRE has not assigned the CVE to the protocol flaw, but specific to libreswan, but as
	NOTE: Huzaifa Sidhpurwala <huzaifas@redhat.com> pointed out that is not a libreswan issue, rather
	NOTE: the protocol is flawed.
CVE-2016-5360 (HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, all ...)
	- haproxy 1.6.5-2 (bug #826869)
	[jessie] - haproxy <not-affected> (Issue introduced in 1.6.0)
	NOTE: Fixed by: http://git.haproxy.org/?p=haproxy-1.6.git;a=commit;h=60f01f8c89e4fb2723d5a9f2046286e699567e0b
CVE-2016-5338 (The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c  ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-2 (bug #827024)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1343323
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec
CVE-2016-5337 (The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-2 (bug #827026)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1343909
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01969.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=844864fbae66935951529408831c2f22367a57b6
CVE-2016-5336 (VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to ...)
	NOT-FOR-US: VMware
CVE-2016-5335 (VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x b ...)
	NOT-FOR-US: VMware
CVE-2016-5334 (VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x b ...)
	NOT-FOR-US: VMware
CVE-2016-5333 (VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public ke ...)
	NOT-FOR-US: VMware
CVE-2016-5332 (Directory traversal vulnerability in VMware vRealize Log Insight 2.x a ...)
	NOT-FOR-US: vRealize Log Insight
CVE-2016-5331 (CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 an ...)
	NOT-FOR-US: VMware
CVE-2016-5330 (Untrusted search path vulnerability in the HGFS (aka Shared Folders) f ...)
	NOT-FOR-US: VMware
CVE-2016-5329 (VMware Fusion 8.x before 8.5 on OS X, when System Integrity Protection ...)
	NOT-FOR-US: VMware
CVE-2016-5328 (VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity ...)
	NOT-FOR-US: VMware
CVE-2016-5327
	RESERVED
CVE-2016-5326
	RESERVED
CVE-2016-5325 (CRLF injection vulnerability in the ServerResponse#writeHead function  ...)
	- nodejs 4.6.0~dfsg-1 (bug #839714; unimportant)
	NOTE: libv8 is not covered by security support
	NOTE: https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/
CVE-2016-5359 (epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.1 ...)
	{DSA-3615-1 DLA-538-1}
	- wireshark 2.0
	NOTE: Only affects 1.12, marking 2.0 as fixed
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-38.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12408
	NOTE: https://github.com/wireshark/wireshark/commit/b8e0d416898bb975a02c1b55883342edc5b4c9c0
CVE-2016-5358 (epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark  ...)
	- wireshark 2.0.4+gdd7746e-1
	[jessie] - wireshark <not-affected> (Only affects 2.0)
	[wheezy] - wireshark <not-affected> (Only affects 2.0)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-37.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12440
	NOTE: https://github.com/wireshark/wireshark/commit/2c13e97d656c1c0ac4d76eb9d307664aae0e0cf7
CVE-2016-5357 (wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x b ...)
	{DSA-3615-1 DLA-538-1}
	- wireshark 2.0.4+gdd7746e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-36.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12396
	NOTE: https://github.com/wireshark/wireshark/commit/11edc83b98a61e890d7bb01855389d40e984ea82
	NOTE: https://github.com/wireshark/wireshark/commit/6a140eca7b78b230f1f90a739a32257476513c78
CVE-2016-5356 (wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before  ...)
	{DSA-3615-1 DLA-538-1}
	- wireshark 2.0.4+gdd7746e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-35.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12395
	NOTE: https://github.com/wireshark/wireshark/commit/a66628e425db725df1ac52a3c573a03357060ddd
	NOTE: https://github.com/wireshark/wireshark/commit/f5ec0afb766f19519ea9623152cca3bbe2229500
CVE-2016-5355 (wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x befor ...)
	{DSA-3615-1 DLA-538-1}
	- wireshark 2.0.4+gdd7746e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-34.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12394
	NOTE: https://github.com/wireshark/wireshark/commit/3270dfac43da861c714df76513456b46765ff47f
	NOTE: https://github.com/wireshark/wireshark/commit/5efb45231671baa2db2011d8f67f9d6e72bc455b
CVE-2016-5354 (The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2. ...)
	{DSA-3615-1 DLA-538-1}
	- wireshark 2.0.4+gdd7746e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-33.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12356
	NOTE: https://github.com/wireshark/wireshark/commit/2cb5985bf47bdc8bea78d28483ed224abdd33dc6
CVE-2016-5353 (epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark ...)
	{DSA-3615-1 DLA-538-1}
	- wireshark 2.0.4+gdd7746e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-32.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12191
	NOTE: https://github.com/wireshark/wireshark/commit/7d7190695ce2ff269fdffb04e87139995cde21f4
CVE-2016-5352 (epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x be ...)
	- wireshark 2.0.4+gdd7746e-1
	[jessie] - wireshark <not-affected> (Only affects 2.0)
	[wheezy] - wireshark <not-affected> (Only affects 2.0)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-31.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12175
	NOTE: https://github.com/wireshark/wireshark/commit/b6d838eebf4456192360654092e5587c5207f185
CVE-2016-5351 (epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x ...)
	{DSA-3615-1 DLA-538-1}
	- wireshark 2.0.4+gdd7746e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-30.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11585
	NOTE: https://github.com/wireshark/wireshark/commit/9b0b20b8d5f8c9f7839d58ff6c5900f7e19283b4
CVE-2016-5350 (epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wir ...)
	{DSA-3615-1 DLA-538-1}
	- wireshark 2.0.4+gdd7746e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-29.html
	NOTE: https://github.com/wireshark/wireshark/commit/b4d16b4495b732888e12baf5b8a7e9bf2665e22b
CVE-2016-5324
	RESERVED
CVE-2016-5323 (The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote a ...)
	{DSA-3762-1 DLA-610-1 DLA-606-1}
	- tiff 4.0.6-2 (unimportant)
	- tiff3 <removed> (unimportant)
	NOTE: Upstream fix http://bugzilla.maptools.org/show_bug.cgi?id=2559#c3
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2559
	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=659
	NOTE: No security impact, just a crash in a CLI tool
CVE-2016-5322 (The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier al ...)
	{DSA-3762-1 DLA-610-1 DLA-606-1}
	- tiff 4.0.7-1
	- tiff3 <removed> (unimportant)
	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2560
	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=658
CVE-2016-5321 (The DumpModeDecode function in libtiff 4.0.6 and earlier allows attack ...)
	{DSA-3762-1 DLA-610-1 DLA-606-1}
	- tiff 4.0.6-2
	- tiff3 <removed>
	NOTE: Upstream fix http://bugzilla.maptools.org/show_bug.cgi?id=2558#c2
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2558
	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=657
CVE-2016-5320
	REJECTED
CVE-2016-5317 (Buffer overflow in the PixarLogDecode function in libtiff.so in the Pi ...)
	{DSA-3762-1 DLA-610-1 DLA-606-1}
	- tiff 4.0.6-2 (bug #830700)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2557
	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=653
	NOTE: Upstream marked this duplicate of bug http://bugzilla.maptools.org/show_bug.cgi?id=2554
CVE-2016-5316 (Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c i ...)
	{DSA-3762-1 DLA-610-1 DLA-606-1}
	- tiff 4.0.6-2 (bug #830700)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2556
	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=656
	NOTE: Upstream marked this duplicate of bug http://bugzilla.maptools.org/show_bug.cgi?id=2554
CVE-2016-5315 (The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier al ...)
	{DSA-3762-1 DLA-610-1 DLA-606-1}
	- tiff 4.0.6-2 (bug #830700)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2555
	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=655
	NOTE: Possible duplicate with PixarLogDecode() issue
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2555#c2
	NOTE: Upstream marked this duplicate of http://bugzilla.maptools.org/show_bug.cgi?id=2554
CVE-2016-5314 (Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in Li ...)
	{DSA-3762-1 DLA-610-1 DLA-606-1}
	- tiff 4.0.6-2 (bug #830700)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2554
	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=654
	NOTE: Upstream fix https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2
CVE-2016-5313 (Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated us ...)
	NOT-FOR-US: Symantec
CVE-2016-5312 (Directory traversal vulnerability in the charting component in Symante ...)
	NOT-FOR-US: Symantec
CVE-2016-5311 (A Privilege Escalation vulnerability exists in Symantec Norton Antivir ...)
	NOT-FOR-US: Symantec
CVE-2016-5310 (The RAR file parser component in the AntiVirus Decomposer engine in Sy ...)
	NOT-FOR-US: Symantec
CVE-2016-5309 (The RAR file parser component in the AntiVirus Decomposer engine in Sy ...)
	NOT-FOR-US: Symantec
CVE-2016-5308 (The Client Intrusion Detection System (CIDS) driver before 15.0.6 in S ...)
	NOT-FOR-US: Norton
CVE-2016-5307 (Directory traversal vulnerability in Symantec Endpoint Protection Mana ...)
	NOT-FOR-US: Symantec
CVE-2016-5306 (Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does n ...)
	NOT-FOR-US: Symantec
CVE-2016-5305 (Multiple cross-site scripting (XSS) vulnerabilities in management scri ...)
	NOT-FOR-US: Symantec
CVE-2016-5304 (Open redirect vulnerability in a report-routing component in Symantec  ...)
	NOT-FOR-US: Symantec
CVE-2016-5303 (Cross-site scripting (XSS) vulnerability in the Horde Text Filter API  ...)
	- php-horde-text-filter 2.3.5-1 (bug #837150)
	[jessie] - php-horde-text-filter <no-dsa> (Minor issue)
CVE-2016-5302 (Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has bee ...)
	NOT-FOR-US: Citrix
CVE-2016-5299 (A previously installed malicious Android application with same signatu ...)
	- firefox <not-affected> (Only affects Firefox on Android)
CVE-2016-5298 (A mechanism where disruption of the loading of a new web page can caus ...)
	- firefox <not-affected> (Only affects Firefox on Android)
CVE-2016-5297 (An error in argument length checking in JavaScript, leading to potenti ...)
	{DSA-3730-1 DSA-3716-1 DLA-752-1 DLA-730-1}
	- firefox 50.0-1
	- firefox-esr 45.5.0esr-1
	- icedove 1:45.5.0-1
CVE-2016-5296 (A heap-buffer-overflow in Cairo when processing SVG content caused by  ...)
	{DSA-3730-1 DSA-3716-1 DLA-752-1 DLA-730-1}
	- firefox 50.0-1
	- firefox-esr 45.5.0esr-1
	- icedove 1:45.5.0-1
CVE-2016-5295 (This vulnerability allows an attacker to use the Mozilla Maintenance S ...)
	- firefox <not-affected> (Only affects Firefox on Windows)
CVE-2016-5294 (The Mozilla Updater can be made to choose an arbitrary target working  ...)
	- firefox <not-affected> (Only affects Firefox on Windows)
	- firefox-esr <not-affected> (Only affects Firefox on Windows)
	- icedove <not-affected> (Only affects Thunderbird on Windows)
CVE-2016-5293 (When the Mozilla Updater is run, if the Updater's log file in the work ...)
	- firefox <not-affected> (Only affects Firefox on Windows)
	- firefox-esr <not-affected> (Only affects Firefox on Windows)
CVE-2016-5292 (During URL parsing, a maliciously crafted URL can cause a potentially  ...)
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-5291 (A same-origin policy bypass with local shortcut files to load arbitrar ...)
	{DSA-3730-1 DSA-3716-1 DLA-752-1 DLA-730-1}
	- firefox 50.0-1
	- firefox-esr 45.5.0esr-1
	- icedove 1:45.5.0-1
CVE-2016-5290 (Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. S ...)
	{DSA-3730-1 DSA-3716-1 DLA-752-1 DLA-730-1}
	- firefox 50.0-1
	- firefox-esr 45.5.0esr-1
	- icedove 1:45.5.0-1
CVE-2016-5289 (Memory safety bugs were reported in Firefox 49. Some of these bugs sho ...)
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-5288 (Web content could access information in the HTTP cache if e10s is disa ...)
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox releases < 48)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1310183 (not yet public)
CVE-2016-5287 (A potentially exploitable use-after-free crash during actor destructio ...)
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox releases < 49)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1309823
CVE-2016-5286
	RESERVED
CVE-2016-5285 (A Null pointer dereference vulnerability exists in Mozilla Network Sec ...)
	- nss 2:3.25-1
	NOTE: Fixed by https://hg.mozilla.org/projects/nss/rev/45c047d18ac4
	NOTE: Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1306103
CVE-2016-5284 (Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunder ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 49.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5283 (Mozilla Firefox before 49.0 allows remote attackers to bypass the Same ...)
	- firefox 49.0-1
	- firefox-esr <not-affected> (Doesn't affect ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5282 (Mozilla Firefox before 49.0 does not properly restrict the scheme in f ...)
	- firefox 49.0-1
	- firefox-esr <not-affected> (Doesn't affect ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5281 (Use-after-free vulnerability in the DOMSVGLength class in Mozilla Fire ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 49.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5280 (Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityM ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 49.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5279 (Mozilla Firefox before 49.0 allows user-assisted remote attackers to o ...)
	- firefox 49.0-1
	- firefox-esr <not-affected> (Doesn't affect ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5278 (Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 49.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5277 (Use-after-free vulnerability in the nsRefreshDriver::Tick function in  ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 49.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5276 (Use-after-free vulnerability in the mozilla::a11y::DocAccessible::Proc ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 49.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5275 (Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeede ...)
	- firefox 49.0-1
	- firefox-esr <not-affected> (Doesn't affect ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5274 (Use-after-free vulnerability in the nsFrameManager::CaptureFrameState  ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 49.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5273 (The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the ...)
	- firefox 49.0-1
	- firefox-esr <not-affected> (Doesn't affect ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5272 (The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 49.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5271 (The PropertyProvider::GetSpacingInternal function in Mozilla Firefox b ...)
	- firefox 49.0-1
	- firefox-esr <not-affected> (Doesn't affect ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5270 (Heap-based buffer overflow in the nsCaseTransformTextRunFactory::Trans ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 49.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5269
	RESERVED
CVE-2016-5268 (Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI ...)
	- firefox 48.0-1
	- firefox-esr <not-affected> (Doesn't affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-83/
CVE-2016-5267 (Mozilla Firefox before 48.0 on Android allows remote attackers to spoo ...)
	- firefox <not-affected> (Android-specific)
	- firefox-esr <not-affected> (Android-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-82/
CVE-2016-5266 (Mozilla Firefox before 48.0 does not properly restrict drag-and-drop ( ...)
	- firefox 48.0-1
	- firefox-esr <not-affected> (Doesn't affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-81/
CVE-2016-5265 (Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow use ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/
CVE-2016-5264 (Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildL ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/
CVE-2016-5263 (The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/
CVE-2016-5262 (Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process J ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/
CVE-2016-5261 (Integer overflow in the WebSocketChannel class in the WebSockets subsy ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 48.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: For Firefox: https://www.mozilla.org/en-US/security/advisories/mfsa2016-75/
	NOTE: For Firefox https://www.mozilla.org/security/advisories/mfsa2016-86/
CVE-2016-5260 (Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="passw ...)
	- firefox 48.0-1
	- firefox-esr <not-affected> (Doesn't affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-74/
CVE-2016-5259 (Use-after-free vulnerability in the CanonicalizeXPCOMParticipant funct ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/
CVE-2016-5258 (Use-after-free vulnerability in the WebRTC socket thread in Mozilla Fi ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/
CVE-2016-5257 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-3690-1 DSA-3674-1 DLA-658-1 DLA-636-1}
	- firefox 49.0-1
	- firefox-esr 45.4.0esr-1
	- icedove 1:45.4.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
CVE-2016-5256 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- firefox 49.0-1
	- firefox-esr <not-affected> (Doesn't affect Firefox ESR)
CVE-2016-5255 (Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep  ...)
	- firefox 48.0-1
	- firefox-esr <not-affected> (Doesn't affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-71/
CVE-2016-5254 (Use-after-free vulnerability in the nsXULPopupManager::KeyDown functio ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/
CVE-2016-5253 (The Updater in Mozilla Firefox before 48.0 on Windows allows local use ...)
	- firefox <not-affected> (Only affects Windows)
	- firefox-esr <not-affected> (Only affects Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-69/
CVE-2016-5252 (Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/
CVE-2016-5251 (Mozilla Firefox before 48.0 allows remote attackers to spoof the locat ...)
	- firefox 48.0-1
	- firefox-esr <not-affected> (Doesn't affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-66/
CVE-2016-5250 (Mozilla Firefox before 48.0, Firefox ESR &lt; 45.4 and Thunderbird &lt ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 48.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: For Firefox: https://www.mozilla.org/en-US/security/advisories/mfsa2016-84/
	NOTE: For Firefox ESR: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
CVE-2016-5249 (Lenovo Solution Center (LSC) before 3.3.003 allows local users to exec ...)
	NOT-FOR-US: Lenovo
CVE-2016-5248 (The StopProxy command in LSC.Services.SystemService in Lenovo Solution ...)
	NOT-FOR-US: Lenovo
CVE-2016-5247 (The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s ...)
	NOT-FOR-US: Lenovo
CVE-2016-5246
	RESERVED
CVE-2016-5245
	RESERVED
CVE-2016-4456 (The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows r ...)
	- gnutls28 3.4.13-1
	[jessie] - gnutls28 <not-affected> (Introduced in 3.4.12)
	NOTE: http://gnutls.org/security.html#GNUTLS-SA-2016-1
	NOTE: https://www.openwall.com/lists/oss-security/2016/06/07/2
CVE-2016-1000002 (gdm3 3.14.2 and possibly later has an information leak before screen l ...)
	- gdm3 <unfixed> (low; bug #849432)
	[buster] - gdm3 <ignored> (Minor issue)
	[stretch] - gdm3 <ignored> (Minor issue)
	[jessie] - gdm3 <ignored> (Minor issue)
	[wheezy] - gdm3 <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1391126
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=753678
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=776051
CVE-2016-5319 (Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earl ...)
	{DLA-693-1}
	- tiff 4.0.6-3 (bug #842046)
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (tools like bmp2tiff not shipped by tiff3 source package)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2562
	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=652
	NOTE: Utility bmp2tiff has been removed from upstream LibTIFF
	NOTE: No patch available. Marked as wontfix by upstream.
	NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-5318 (Stack-based buffer overflow in the _TIFFVGetField function in libtiff  ...)
	{DLA-693-1 DLA-692-1}
	- tiff 4.0.6-3
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <removed>
	NOTE: thumbnail(1) was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
	NOTE: _TIFFVGetField isn't specific to thumbnail tool, there's http://bugzilla.maptools.org/show_bug.cgi?id=2580 to enhance that,
	NOTE: but treating this bug (as related to thumbmail) as fixed.
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2561
	NOTE: This seems a duplicate of CVE-2015-7554 ( http://bugzilla.maptools.org/show_bug.cgi?id=2564 ). At the very least, a generic fix for CVE-2015-7554 would also fix this one as the illegal write is at the exact same location in the code.
	NOTE: Reproducer file here: http://bugzilla.maptools.org/attachment.cgi?id=671
	NOTE: With 4.0.6-2 (sid), I get a segfault.
	NOTE: With 4.0.3-12.3+deb8u1 (jessie), I get a segfault.
	NOTE: With 3.9.6-11+deb7u1 (wheezy), I get a failure: MissingRequired: ../CVE-2016-5318.tiff: TIFF directory is missing required "StripOffsets" field.
CVE-2016-5301 (The parse_chunk_header function in libtorrent before 1.1.1 allows remo ...)
	{DLA-511-1}
	- libtorrent-rasterbar 1.1.0-1 (bug #826380)
	[jessie] - libtorrent-rasterbar <no-dsa> (Minor issue)
	NOTE: https://github.com/arvidn/libtorrent/issues/780
	NOTE: https://github.com/arvidn/libtorrent/pull/782
CVE-2016-5300 (The XML parser in Expat does not use sufficient entropy for hash initi ...)
	{DSA-3597-1 DLA-508-1}
	- expat 2.1.1-3
CVE-2016-5244 (The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel t ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.6.2-1
	NOTE: Fixed by: https://github.com/torvalds/linux/commit/4116def2337991b39919f3b448326e21c40e0dbb
CVE-2016-5243 (The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in  ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.6.2-1
	NOTE: Fixed by: https://github.com/torvalds/linux/commit/5d2be1422e02ccd697ccfcd45c85b4a26e6178e2
CVE-2016-5242 (The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x ...)
	{DSA-3633-1}
	- xen 4.8.0~rc3-1
	[wheezy] - xen <not-affected> (arm not supported)
	NOTE: http://xenbits.xen.org/xsa/advisory-181.html
CVE-2016-5241 (magick/render.c in GraphicsMagick before 1.3.24 allows remote attacker ...)
	{DLA-1401-1 DLA-547-1}
	- graphicsmagick 1.3.24-1
	NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/8d175c4edfe7
CVE-2016-5240 (The DrawDashPolygon function in magick/render.c in GraphicsMagick befo ...)
	{DSA-3746-1 DLA-547-1}
	- graphicsmagick 1.3.24-1
	NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ddc999ec896c
	NOTE: DLA-547-1 didn't fix this properly
CVE-2016-5237 (Valve Steam 3.42.16.13 uses weak permissions for the files in the Stea ...)
	NOT-FOR-US: Valve Steam
CVE-2016-5236 (Cross-Site-Scripting (XSS) vulnerabilities in F5 WebSafe Dashboard 3.9 ...)
	NOT-FOR-US: F5 WebSafe
CVE-2016-5235 (A Cross Site Scripting (XSS) vulnerability in versions of F5 WebSafe D ...)
	NOT-FOR-US: F5 WebSafe
CVE-2016-XXXX [doesn't remove metadata in embedded images in PDFs]
	- mat 0.6.1-3 (bug #826101)
	[jessie] - mat 0.5.2-3+deb8u1
	[wheezy] - mat 0.3.2-1+deb7u1
	NOTE: Workaround entry for DLA-650-1/DSA-3708-1 until/if CVE is assigned
	NOTE: https://0xacab.org/mat/mat/issues/11067
	NOTE: Patch in 0.6.1-3 disabled PDF support
	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/06/02/5
CVE-2016-5239 (The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and G ...)
	{DSA-3580-1 DLA-1456-1 DLA-486-1 DLA-484-1}
	- graphicsmagick 1.3.24-1
	- imagemagick 8:6.9.6.2+dfsg-2
	NOTE: http://git.imagemagick.org/repos/ImageMagick/commit/70a2cf326ed32bedee144b961005c63846541a16
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/e38b4f74ca19
CVE-2016-5238 (The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest  ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-3 (bug #826152)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1341931
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg00150.html
CVE-2016-5234 (Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint contro ...)
	NOT-FOR-US: Huawei
CVE-2016-5233 (Huawei Mate 8 smartphones with software NXT-AL10 before NXT-AL10C00B18 ...)
	NOT-FOR-US: Huawei
CVE-2016-5232 (Buffer overflow in Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL  ...)
	NOT-FOR-US: Huawei
CVE-2016-5231 (Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B ...)
	NOT-FOR-US: Huawei
CVE-2016-5230 (Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B ...)
	NOT-FOR-US: Huawei
CVE-2016-5229 (Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not p ...)
	NOT-FOR-US: Atlassian
CVE-2016-5228 (Stack-based buffer overflow in the PlayMacro function in ObjectXMacro. ...)
	NOT-FOR-US: Rumba
CVE-2016-5227
	RESERVED
CVE-2016-5226 (Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Ma ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5225 (Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linu ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5224 (A timing attack on denormalized floating point arithmetic in SVG filte ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5223 (Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for  ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5222 (Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883 ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5221 (Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.28 ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5220 (PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Lin ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5219 (A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-5218 (The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Win ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5217 (The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Win ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5216 (A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for  ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5215 (A use after free in webaudio in Google Chrome prior to 55.0.2883.75 fo ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5214 (Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded  ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5213 (A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-5212 (Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55 ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5211 (A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for  ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5210 (Heap buffer overflow during TIFF image parsing in PDFium in Google Chr ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5209 (Bad casting in bitmap manipulation in Blink in Google Chrome prior to  ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5208 (Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, an ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5207 (In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and L ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5206 (The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5205 (Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Ma ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5204 (Leaking of an SVG shadow tree leading to corruption of the DOM tree in ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5203 (A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for  ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5202 (browser/extensions/api/dial/dial_registry.cc in Google Chrome before 5 ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5201 (A leak of privateClass in the extensions API in Google Chrome prior to ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5200 (V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 fo ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-5199 (An off by one error resulting in an allocation of zero size in FFmpeg  ...)
	{DSA-3731-1}
	- chromium-browser 44.0.2403.157-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- ffmpeg 7:3.2-1
	- libav <removed>
	[jessie] - libav <not-affected> (Vulnerable code not present)
	NOTE: https://chromium-review.googlesource.com/383956
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/347cb14b7cba7560e53f4434b419b9d8800253e7
CVE-2016-5198 (V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85  ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-5197 (The content view client in Google Chrome prior to 54.0.2840.85 for And ...)
	- chromium-browser <not-affected> (Only affects Chrome on Android)
CVE-2016-5196 (The content renderer client in Google Chrome prior to 54.0.2840.85 for ...)
	- chromium-browser <not-affected> (Only affects Chrome on Android)
CVE-2016-5195 (Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before  ...)
	{DSA-3696-1 DLA-670-1}
	- linux 4.7.8-1
	NOTE: https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails
	NOTE: Fixed by: https://git.kernel.org/linus/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
CVE-2016-5194 (Unspecified vulnerabilities in Google Chrome before 54.0.2840.59. ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5193 (Google Chrome prior to 54.0 for iOS had insufficient validation of URL ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5192 (Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5191 (Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows,  ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5190 (Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0. ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5189 (Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0. ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5188 (Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Wi ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5187 (Google Chrome prior to 54.0.2840.85 for Android incorrectly handled ra ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5186 (Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and  ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5185 (Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Lin ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5184 (PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Li ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5183 (A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5182 (Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Lin ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5181 (Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Lin ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5180 (Heap-based buffer overflow in the ares_create_query function in c-ares ...)
	{DSA-3682-1 DLA-648-1}
	- c-ares 1.12.0-1 (medium; bug #839151)
	NOTE: https://c-ares.haxx.se/adv_20160929.html
	NOTE: https://c-ares.haxx.se/CVE-2016-5180.patch
CVE-2016-5179 (Chrome OS before 53.0.2785.144 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Chrome OS
CVE-2016-5178 (Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785 ...)
	{DSA-3683-1}
	- chromium-browser 53.0.2785.143-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5177 (Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.1 ...)
	{DSA-3683-1}
	- chromium-browser 53.0.2785.143-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5176 (Google Chrome before 53.0.2785.113 allows remote attackers to bypass t ...)
	{DSA-3667-1}
	- chromium-browser 53.0.2785.113-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5175 (Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785 ...)
	{DSA-3667-1}
	- chromium-browser 53.0.2785.113-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5174 (browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome ...)
	{DSA-3667-1}
	- chromium-browser 53.0.2785.113-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5173 (The extensions subsystem in Google Chrome before 53.0.2785.113 does no ...)
	{DSA-3667-1}
	- chromium-browser 53.0.2785.113-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5172 (The parser in Google V8, as used in Google Chrome before 53.0.2785.113 ...)
	{DSA-3667-1}
	- chromium-browser 53.0.2785.113-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5171 (WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Go ...)
	{DSA-3667-1}
	- chromium-browser 53.0.2785.113-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5170 (WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as ...)
	{DSA-3667-1}
	- chromium-browser 53.0.2785.113-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5169 (Format string vulnerability in Google Chrome OS before 53.0.2785.103 a ...)
	NOT-FOR-US: Google Chrome OS
CVE-2016-5168 (Skia, as used in Google Chrome before 50.0.2661.94, allows remote atta ...)
	- chromium-browser 50.0.2661.94-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- skia <itp> (bug #818180)
CVE-2016-5167 (Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785 ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5166 (The download implementation in Google Chrome before 53.0.2785.89 on Wi ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5165 (Cross-site scripting (XSS) vulnerability in the Developer Tools (aka D ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5164 (Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_ ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5163 (The bidirectional-text implementation in Google Chrome before 53.0.278 ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5162 (The AllowCrossRendererResourceLoad function in extensions/browser/url_ ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5161 (The EditingStyle::mergeStyle function in WebKit/Source/core/editing/Ed ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5160 (The AllowCrossRendererResourceLoad function in extensions/browser/url_ ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5159 (Multiple integer overflows in OpenJPEG, as used in PDFium in Google Ch ...)
	{DSA-3768-1 DSA-3660-1}
	- openjpeg2 2.1.2-1
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: https://github.com/uclouvain/openjpeg/commit/9a07ccb3d0f076388e4da684a3bfd4327125c721
CVE-2016-5158 (Multiple integer overflows in the opj_tcd_init_tile function in tcd.c  ...)
	{DSA-3768-1 DSA-3660-1}
	- openjpeg2 2.1.2-1
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: https://github.com/uclouvain/openjpeg/commit/9a07ccb3d0f076388e4da684a3bfd4327125c721
	NOTE: https://github.com/uclouvain/openjpeg/issues/854
CVE-2016-5157 (Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt ...)
	{DSA-3660-1}
	- openjpeg2 2.1.2-1
	[jessie] - openjpeg2 2.1.0-2+deb8u3
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: https://www.openwall.com/lists/oss-security/2016/09/08/8
	NOTE: https://github.com/uclouvain/openjpeg/pull/823
CVE-2016-5156 (extensions/renderer/event_bindings.cc in the event bindings in Google  ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5155 (Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0. ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5154 (Multiple heap-based buffer overflows in PDFium, as used in Google Chro ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5153 (The Web Animations implementation in Blink, as used in Google Chrome b ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5152 (Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd. ...)
	{DSA-4013-1 DSA-3660-1}
	- openjpeg2 2.1.2-1.2
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: https://github.com/uclouvain/openjpeg/commit/3fbe71369019df0b47c7a2be4fab8c05768f2f32
	NOTE: https://github.com/uclouvain/openjpeg/issues/854
CVE-2016-5151 (PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and be ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5150 (WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5149 (The extensions subsystem in Google Chrome before 53.0.2785.89 on Windo ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5148 (Cross-site scripting (XSS) vulnerability in Blink, as used in Google C ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5147 (Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS  ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5146 (Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743 ...)
	{DSA-3645-1}
	- chromium-browser 52.0.2743.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5145 (Blink, as used in Google Chrome before 52.0.2743.116, does not ensure  ...)
	{DSA-3645-1}
	- chromium-browser 52.0.2743.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5144 (The Developer Tools (aka DevTools) subsystem in Blink, as used in Goog ...)
	{DSA-3645-1}
	- chromium-browser 52.0.2743.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5143 (The Developer Tools (aka DevTools) subsystem in Blink, as used in Goog ...)
	{DSA-3645-1}
	- chromium-browser 52.0.2743.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5142 (The Web Cryptography API (aka WebCrypto) implementation in Blink, as u ...)
	{DSA-3645-1}
	- chromium-browser 52.0.2743.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5141 (Blink, as used in Google Chrome before 52.0.2743.116, allows remote at ...)
	{DSA-3645-1}
	- chromium-browser 52.0.2743.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5140 (Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j ...)
	{DSA-3645-1}
	- chromium-browser 52.0.2743.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5139 (Multiple integer overflows in the opj_tcd_init_tile function in tcd.c  ...)
	{DSA-3645-1 DLA-1433-1}
	- openjpeg2 2.1.2-1
	- chromium-browser 52.0.2743.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: Fixed in Google with: https://pdfium.googlesource.com/pdfium.git/+/2f6d1480a1be2b1f82c94219c2d99e67d7e0660d
	NOTE: https://github.com/uclouvain/openjpeg/pull/819
CVE-2016-5138 (Integer overflow in the kbasep_vinstr_attach_client function in midgar ...)
	- chromium-browser <not-affected> (Chrome on Chrome OS)
CVE-2016-5137 (The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/ ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5136 (Use-after-free vulnerability in extensions/renderer/user_script_inject ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5135 (WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as use ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5134 (net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in G ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5133 (Google Chrome before 52.0.2743.82 mishandles origin information during ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5132 (The Service Workers subsystem in Google Chrome before 52.0.2743.82 doe ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5131 (Use-after-free vulnerability in libxml2 through 2.9.4, as used in Goog ...)
	{DSA-3744-1 DSA-3637-1 DLA-691-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libxml2 2.9.4+dfsg1-2.1 (bug #840554)
	NOTE: Google fix: https://codereview.chromium.org/2127493002
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
	NOTE: Requisite for the test: https://git.gnome.org/browse/libxml2/commit/?id=a005199330b86dada19d162cae15ef9bdcb6baa8
CVE-2016-5130 (content/renderer/history_controller.cc in Google Chrome before 52.0.27 ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5129 (Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743 ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-5128 (objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome be ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5127 (Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnit ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5125
	REJECTED
CVE-2016-5124 (An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev1 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-5123
	RESERVED
CVE-2016-5122
	RESERVED
CVE-2016-5121
	RESERVED
CVE-2016-5120
	RESERVED
CVE-2016-5119 (The automatic update feature in KeePass 2.33 and earlier allows man-in ...)
	- keepass2 2.18+dfsg-1
	NOTE: autoupdate dialog disabled in Debian via patch, but basically not-affected
CVE-2016-5113
	RESERVED
CVE-2016-5112
	RESERVED
CVE-2016-5111
	RESERVED
CVE-2016-5110
	RESERVED
CVE-2016-5109 (Citrix Worx Home for iOS before 10.3.6 and XenMobile MDX Toolkit for i ...)
	NOT-FOR-US: Citrix
CVE-2016-5126 (Heap-based buffer overflow in the iscsi_aio_ioctl function in block/is ...)
	{DLA-1927-1}
	- qemu 1:2.6+dfsg-2 (bug #826151)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-block/2016-05/msg00779.html
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=a6b3167fa0e825aebb5a7cd8b437b6d41584a196
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1340924
	NOTE: https://www.openwall.com/lists/oss-security/2016/05/30/6
CVE-2016-XXXX [CSRF protection for POST requests]
	- postfixadmin 2.93-2 (bug #825151)
	[jessie] - postfixadmin <no-dsa> (Minor issue)
	[wheezy] - postfixadmin <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2016/May/59
	NOTE: https://sourceforge.net/p/postfixadmin/bugs/372/
	NOTE: Fixed by: https://sourceforge.net/p/postfixadmin/code/1842
CVE-2016-5118 (The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and Im ...)
	{DSA-3746-1 DSA-3591-1 DLA-502-1 DLA-500-1}
	- imagemagick 8:6.8.9.9-7.1 (bug #825799)
	- graphicsmagick 1.3.24-1 (bug #825800)
	NOTE: fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ae3928faa858
	NOTE: patch available at https://www.openwall.com/lists/oss-security/2016/05/29/7
CVE-2016-5116 (gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used  ...)
	{DSA-3619-1}
	- libgd2 2.2.1-1
	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://github.com/libgd/libgd/commit/4dc1a2d7931017d3625f2d7cff70a17ce58b53b4 (gd-2.2.0)
	NOTE: Introduced by: https://github.com/libgd/libgd/commit/decf4407d41230fc54dea8058bf887a2696fd4c2 (gd-2.1.0-alpha1)
	NOTE: https://github.com/libgd/libgd/issues/211
	- php5 <removed> (unimportant)
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72115
	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
	NOTE: https://www.openwall.com/lists/oss-security/2016/05/29/3
CVE-2016-5115 (The avcodec_decode_audio4 function in libavcodec in libavformat 57.34. ...)
	- libav <removed> (low)
	[jessie] - libav <no-dsa> (Minor issue)
	[wheezy] - libav <ignored> (Minor issue)
	NOTE: This is an issue in ffmpeg/libav, which is fixed in stretch's ffmpeg, but it's unclear when it was fixed exactly
	NOTE: https://trac.mplayerhq.hu/ticket/2298
CVE-2016-5102 (Buffer overflow in the readgifimage function in gif2tiff.c in the gif2 ...)
	{DLA-693-1}
	- tiff 4.0.6-3
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <removed> (unimportant)
	[wheezy] - tiff3 <not-affected> (Does not ship libtiff-tools)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2552
	NOTE: confirmed this still crashes with latest CVS, version v4.0.6
	NOTE: also confirmed this crashes v4.0.2 in wheezy
	NOTE: Upstream will remove gif2tiff from 4.0.7 release
	NOTE: No patch available. Marked as wontfix by upstream
	NOTE: Reproducer http://bugs.fi/media/afl/libtiff/CVE-2016-5102.gif
	NOTE: gif2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-5101 (Unspecified vulnerability in Opera Mail before 2016-02-16 on Windows a ...)
	NOT-FOR-US: Opera
CVE-2016-5100 (Froxlor before 0.9.35 uses the PHP rand function for random number gen ...)
	NOT-FOR-US: Froxlor
CVE-2016-5099 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4. ...)
	{DSA-3627-1}
	- phpmyadmin 4:4.6.2-1 (low)
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	[wheezy] - phpmyadmin <no-dsa> (Minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-16/
CVE-2016-5098 (Directory traversal vulnerability in libraries/error_report.lib.php in ...)
	- phpmyadmin <not-affected> (Only affected git versions but not released versions, cf. PMASA-2016-15)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-15/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/d2dc9481d2af25b035778c67eaf0bfd2d2c59dd8
CVE-2016-5097 (phpMyAdmin before 4.6.2 places tokens in query strings and does not ar ...)
	- phpmyadmin 4:4.6.2-1 (low)
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	[wheezy] - phpmyadmin <no-dsa> (Minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-14/
CVE-2016-5092 (Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 al ...)
	NOT-FOR-US: Fortinet
CVE-2016-5108 (Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpc ...)
	{DSA-3598-1}
	- vlc 2.2.3-2 (bug #825728)
	[wheezy] - vlc <end-of-life> (Unsupported in wheezy-lts)
	NOTE: Details: https://www.openwall.com/lists/oss-security/2016/05/27/3
	NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=458ed62bbeb9d1bddf7b8df104e14936408a3db9
CVE-2016-5090
	RESERVED
CVE-2016-5089
	RESERVED
CVE-2016-5088
	RESERVED
CVE-2016-5087 (Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak perm ...)
	NOT-FOR-US: Alertus
CVE-2016-5086 (Johnson &amp; Johnson Animas OneTouch Ping devices allow remote attack ...)
	NOT-FOR-US: Animas OneTouch Ping
CVE-2016-5085 (Johnson &amp; Johnson Animas OneTouch Ping devices do not properly gen ...)
	NOT-FOR-US: Animas OneTouch Ping
CVE-2016-5084 (Johnson &amp; Johnson Animas OneTouch Ping devices do not use encrypti ...)
	NOT-FOR-US: Animas OneTouch Ping
CVE-2016-5083
	RESERVED
CVE-2016-5082
	RESERVED
CVE-2016-5081 (ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, ...)
	NOT-FOR-US: ZModo
CVE-2016-5080 (Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Ob ...)
	NOT-FOR-US: Objective Systems Inc. ASN1C compiler
	NOTE: https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080
CVE-2016-5079
	RESERVED
CVE-2016-5078 (Paessler PRTG before 16.2.24.4045 has XSS via SNMP. ...)
	NOT-FOR-US: Paessler PRTG
CVE-2016-5077 (Netikus EventSentry before 3.2.1.44 has XSS via SNMP. ...)
	NOT-FOR-US: Netikus EventSentry
CVE-2016-5076 (CloudView NMS before 2.10a allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: CloudView NMS
CVE-2016-5075 (CloudView NMS before 2.10a has XSS via a TELNET login. ...)
	NOT-FOR-US: CloudView NMS
CVE-2016-5074 (CloudView NMS before 2.10a has a format string issue exploitable over  ...)
	NOT-FOR-US: CloudView NMS
CVE-2016-5073 (CloudView NMS before 2.10a has XSS via SNMP. ...)
	NOT-FOR-US: CloudView NMS
CVE-2016-5072 (OXID eShop before 2016-06-13 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: OXID eShop
CVE-2016-5071 (Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the m ...)
	NOT-FOR-US: Sierra Wireless GX 440 devices with ALEOS firmware
CVE-2016-5070 (Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwor ...)
	NOT-FOR-US: Sierra Wireless GX 440 devices with ALEOS firmware
CVE-2016-5069 (Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable ...)
	NOT-FOR-US: Sierra Wireless GX 440 devices with ALEOS firmware
CVE-2016-5068 (Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not requir ...)
	NOT-FOR-US: Sierra Wireless GX 440 devices with ALEOS firmware
CVE-2016-5067 (Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes A ...)
	NOT-FOR-US: Sierra Wireless GX 440 devices with ALEOS firmware
CVE-2016-5066 (Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak pas ...)
	NOT-FOR-US: Sierra Wireless GX 440 devices with ALEOS firmware
CVE-2016-5065 (Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedde ...)
	NOT-FOR-US: Sierra Wireless GX 440 devices with ALEOS firmware
CVE-2016-5064
	RESERVED
CVE-2016-5063 (The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 ...)
	NOT-FOR-US: BMC Server Automation
CVE-2016-5062 (The web server in Aternity before 9.0.1 does not require authenticatio ...)
	NOT-FOR-US: Aternity
CVE-2016-5061 (Multiple cross-site scripting (XSS) vulnerabilities in the web server  ...)
	NOT-FOR-US: Aternity
CVE-2016-5060 (Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before ...)
	NOT-FOR-US: nGrinder
CVE-2016-5059 (OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers t ...)
	NOT-FOR-US: OSRAM SYLVANIA Osram Lightify Pro
CVE-2016-5058 (OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee rep ...)
	NOT-FOR-US: OSRAM SYLVANIA Osram Lightify Pro
CVE-2016-5057 (OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL  ...)
	NOT-FOR-US: OSRAM SYLVANIA Osram Lightify Pro
CVE-2016-5056 (OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex di ...)
	NOT-FOR-US: OSRAM SYLVANIA Osram Lightify Pro
CVE-2016-5055 (OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the use ...)
	NOT-FOR-US: OSRAM SYLVANIA Osram Lightify Pro
CVE-2016-5054 (OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee re ...)
	NOT-FOR-US: OSRAM SYLVANIA Osram Lightify Home
CVE-2016-5053 (OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote att ...)
	NOT-FOR-US: OSRAM SYLVANIA Osram Lightify Home
CVE-2016-5052 (OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL ...)
	NOT-FOR-US: OSRAM SYLVANIA Osram Lightify Home
CVE-2016-5051 (OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in c ...)
	NOT-FOR-US: OSRAM SYLVANIA Osram Lightify Home
CVE-2016-5050 (Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyD ...)
	NOT-FOR-US: ReadyDesk
CVE-2016-5049 (Directory traversal vulnerability in chat/openattach.aspx in ReadyDesk ...)
	NOT-FOR-US: ReadyDesk
CVE-2016-5048 (SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk 9. ...)
	NOT-FOR-US: ReadyDesk
CVE-2016-5047 (NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote aut ...)
	NOT-FOR-US: NetApp OnCommand System Manager
CVE-2016-5046
	RESERVED
CVE-2016-5045 (NetApp OnCommand System Manager before 9.0 allows remote attackers to  ...)
	NOT-FOR-US: NetApp OnCommand System Manager
CVE-2016-5025 (For the NVIDIA Quadro, NVS, and GeForce products, improper sanitizatio ...)
	NOT-FOR-US: NVIDIA Quadro, NVS, and GeForce product
CVE-2016-5024 (Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 and 12.1 ...)
	NOT-FOR-US: BIG-IP
CVE-2016-5023 (Virtual servers in F5 BIG-IP systems 11.2.1 HF11 through HF15, 11.4.1  ...)
	NOT-FOR-US: BIG-IP
CVE-2016-5022 (F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-5021 (The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM,  ...)
	NOT-FOR-US: BIG-IP
CVE-2016-5020 (F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modif ...)
	NOT-FOR-US: BIG-IP
CVE-2016-5019 (CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0. ...)
	NOT-FOR-US: Apache MyFaces Trinidad
CVE-2016-5018 (In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8. ...)
	{DSA-3721-1 DSA-3720-1 DLA-729-1 DLA-728-1}
	- tomcat8 8.0.37-1 (low)
	- tomcat7 7.0.72-1 (low; bug #842663)
	- tomcat6 6.0.41-3 (low)
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: http://markmail.org/message/lixw6iyojoxwfizv?q=list:org.apache.tomcat.announce/
	NOTE: Fixed by: http://svn.apache.org/r1754901 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1754902 (7.0.x)
	NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1754904
CVE-2016-5017 (Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 an ...)
	{DLA-630-1}
	- zookeeper 3.4.9-1
	[jessie] - zookeeper 3.4.5+dfsg-2+deb8u1
	NOTE: The C cli shell is intended as a sample/example of how to use the C
	NOTE: client interface, not as a production tool
	NOTE: https://zookeeper.apache.org/security.html#CVE-2016-5017
	NOTE: Fixed by https://git-wip-us.apache.org/repos/asf?p=zookeeper.git;a=commitdiff;h=27ecf981a15554dc8e64a28630af7a5c9e2bdf4f
CVE-2016-5016 (Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authe ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-5015
	REJECTED
CVE-2016-5014 (In Moodle 2.x and 3.x, an unenrolled user still receives event monitor ...)
	- moodle <not-affected> (Only affects 2.8 and later)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=336699
CVE-2016-5013 (In Moodle 2.x and 3.x, text injection can occur in email headers, pote ...)
	- moodle 2.7.15+dfsg-1
CVE-2016-5012 (In Moodle 3.x, glossary search displays entries without checking user  ...)
	- moodle <not-affected> (Only affects 3.1)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=336697
CVE-2016-5011 (The parse_dos_extended function in partitions/dos.c in the libblkid li ...)
	- util-linux 2.28.1-1 (bug #830802)
	[jessie] - util-linux <no-dsa> (Minor issue)
	[wheezy] - util-linux <no-dsa> (Minor issue)
	NOTE: https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=7164a1c34d18831ac61c6744ad14ce916d389b3f
	NOTE: https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=50d1594c2e6142a3b51d2143c74027480df082e0
CVE-2016-5010 (coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832968)
	NOTE: Fixed by: http://git.imagemagick.org/repos/ImageMagick/commit/c20de102cc57f3739a8870f79e728e3b0bea18c0
CVE-2016-5009 (The handle_command function in mon/Monitor.cc in Ceph allows remote au ...)
	- ceph 10.2.5-1 (bug #829661)
	[jessie] - ceph 0.80.7-2+deb8u2
	NOTE: http://tracker.ceph.com/issues/16297
	NOTE: https://github.com/ceph/ceph/pull/9700
	NOTE: https://github.com/ceph/ceph/commit/957ece7e95d8f8746191fd9629622d4457d690d6
CVE-2016-5008 (libvirt before 2.0.0 improperly disables password checking when the pa ...)
	{DSA-3613-1 DLA-541-1}
	- libvirt 2.0.0-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1180092
	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=bb848feec0f3f10e92dd8e5231ae7aa89b5598f3 (v2.0.0)
	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=f32441c69bf450d6ac593c3acd621c37e120cdaf (v1.2.9-maint)
	NOTE: http://security.libvirt.org/2016/0001.html
CVE-2016-5007 (Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2. ...)
	- libspring-java 4.3.2-1
	[jessie] - libspring-java <no-dsa> (Minor issue)
	[wheezy] - libspring-java <not-affected> (Vulnerable code not present)
	NOTE: https://pivotal.io/security/cve-2016-5007
	NOTE: https://github.com/spring-projects/spring-framework/commit/a30ab30 (v4.3.1.RELEASE)
	NOTE: https://github.com/spring-projects/spring-security/commit/e4c13e
	NOTE: Upstream bug: https://github.com/spring-projects/spring-security/issues/3964
	NOTE: Upstream bug: https://github.com/spring-projects/spring-framework/issues/18893
	NOTE: Mitigations exists in https://pivotal.io/security/cve-2016-5007
	NOTE: Other (already unsupported) versions are affected as well by the issue; the
	NOTE: fix introduces a new API, so jessie and older should instead rely on mitigations
CVE-2016-5006 (The Cloud Controller in Cloud Foundry before 239 logs user-provided se ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-5005 (Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and e ...)
	NOT-FOR-US: Apache Archiva
CVE-2016-5004 (The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in ...)
	NOT-FOR-US: Apache Archiva
CVE-2016-5003 (The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Ar ...)
	NOT-FOR-US: Apache Archiva
CVE-2016-5002 (XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws- ...)
	NOT-FOR-US: Apache Archiva
CVE-2016-5001 (This is an information disclosure vulnerability in Apache Hadoop befor ...)
	- hadoop <itp> (bug #793644)
CVE-2016-5000 (The XLSX2CSV example in Apache POI before 3.14 allows remote attackers ...)
	- libapache-poi-java <unfixed> (unimportant)
	NOTE: Versions affected: POI 3.5-3.13; Fixed in 3.14
	NOTE: XLSX2CSV example is not installed
CVE-2016-4999 (SQL injection vulnerability in the getStringParameterSQL method in mai ...)
	NOT-FOR-US: JBoss dashbuilder
CVE-2016-4998 (The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subs ...)
	{DSA-3607-1}
	- linux 4.6.2-2
	[wheezy] - linux <no-dsa> (Only exploitable by privileged user; too many changes to backport)
	NOTE: Non-privileged user namespaces disabled by default, only vulnerable with sysctl kernel.unprivileged_userns_clone=1
CVE-2016-4997 (The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt imple ...)
	{DSA-3607-1}
	- linux 4.6.2-2
	[wheezy] - linux <no-dsa> (Only exploitable by privileged user; too many changes to backport)
	NOTE: Non-privileged user namespaces disabled by default, only vulnerable with sysctl kernel.unprivileged_userns_clone=1
CVE-2016-4996 (discovery-debug in Foreman before 6.2 when the ssh service has been en ...)
	- foreman <itp> (bug #663101)
CVE-2016-4995 (Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restr ...)
	- foreman <itp> (bug #663101)
CVE-2016-4994 (Use-after-free vulnerability in the xcf_load_image function in app/xcf ...)
	{DSA-3612-1 DLA-525-1}
	- gimp 2.8.16-2.2 (bug #828179)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=767873
CVE-2016-4993 (CRLF injection vulnerability in the Undertow web server in WildFly 10. ...)
	- undertow 1.4.3-1
	NOTE: https://issues.jboss.org/browse/UNDERTOW-827
CVE-2016-4992 (389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7,  ...)
	- 389-ds-base 1.3.5.13-1
	[jessie] - 389-ds-base <no-dsa> (Minor issue)
	NOTE: http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-5-13.html
CVE-2016-4991
	RESERVED
CVE-2016-4990
	REJECTED
CVE-2016-4989 (setroubleshoot allows local users to bypass an intended container prot ...)
	NOT-FOR-US: setroubleshoot
CVE-2016-4988 (Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer ...)
	NOT-FOR-US: Jenkins plugin
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20
CVE-2016-4987 (Directory traversal vulnerability in the Image Gallery plugin before 1 ...)
	NOT-FOR-US: Jenkins plugin
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20
CVE-2016-4986 (Directory traversal vulnerability in the TAP plugin before 1.25 in Jen ...)
	NOT-FOR-US: Jenkins plugin
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20
CVE-2016-4985 (The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and  ...)
	- ironic 1:5.1.2-1 (bug #827886)
	NOTE: Affects >=2014.2, >=4.0.0 <=4.2.4, >=4.3.0 <=5.1.1
CVE-2016-4984 (/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets ...)
	- openldap <not-affected> (Red Hat-specific)
CVE-2016-4983 (A postinstall script in the dovecot rpm allows local users to read the ...)
	- dovecot <not-affected> (Specific to Red Hat packaging)
CVE-2016-4982 (authd sets weak permissions for /etc/ident.key, which allows local use ...)
	NOT-FOR-US: authd
CVE-2016-4981
	RESERVED
CVE-2016-4980 (A password generation weakness exists in xquest through 2016-06-13. ...)
	NOT-FOR-US: Red Hat xguest kiosk mode
CVE-2016-4979 (The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_s ...)
	- apache2 2.4.23-1
	[jessie] - apache2 <not-affected> (Vulnerable code not present)
	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: HTTP/2 support introduced in 2.4.17
	NOTE: Upstream fix: https://svn.apache.org/r1750779
CVE-2016-4978 (The getObject method of the javax.jms.ObjectMessage class in the (1) J ...)
	NOT-FOR-US: ApacheMQ Artemis
CVE-2016-4977 (When processing authorization requests using the whitelabel views in S ...)
	NOT-FOR-US: Spring Security OAuth
CVE-2016-4976 (Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on ...)
	NOT-FOR-US: Apache Ambari
CVE-2016-4975 (Possible CRLF injection allowing HTTP response splitting attacks for s ...)
	- apache2 2.4.25-1 (low)
	[jessie] - apache2 2.4.10-10+deb8u8
	NOTE: https://svn.apache.org/r1772678
	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975
CVE-2016-4974 (Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before ...)
	- qpid-java <itp> (bug #840131)
CVE-2016-4973 (Binaries compiled against targets that use the libssp library in GCC f ...)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1324759
	- gcc-6 <not-affected> (Uses glibc-internal SSP)
	- gcc-5 <not-affected> (Uses glibc-internal SSP)
	- gcc-4.9 <not-affected> (Uses glibc-internal SSP)
	- gcc-mingw-w64 <unfixed> (unimportant; bug #848704)
	- mingw32 <removed>
	[wheezy] - mingw32 <no-dsa> (Minor issue)
	NOTE: Missing security feature, not a direct vulnerability
CVE-2016-4972 (OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), ...)
	- murano 1:2.0.1-1 (bug #828062)
	NOTE: Affects: Murano: <=2015.1.1; <=1.0.2; ==2.0.0
	- murano-dashboard 1:2.0.0-5 (bug #828064)
	NOTE: Affects: Murano-dashboard: <=2015.1.1; <=1.0.2; ==2.0.0
	- python-muranoclient 0.8.3-4 (bug #828063)
	NOTE: Affects: Python-muranoclient: <=0.7.2; >=0.8.0<=0.8.4
CVE-2016-4971 (GNU wget before 1.18 allows remote servers to write to arbitrary files ...)
	{DLA-536-1}
	- wget 1.18-1 (bug #827003)
	[jessie] - wget 1.16-1+deb8u1
	NOTE: http://lists.gnu.org/archive/html/info-gnu/2016-06/msg00004.html
	NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=e996e322ffd42aaa051602da182d03178d0f13e1 (v1.18)
CVE-2016-4970 (handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and  ...)
	- netty 1:4.0.37-1 (bug #827620)
	[jessie] - netty <not-affected> (Vulnerable code not present)
	[wheezy] - netty <not-affected> (Vulnerable code not present)
	NOTE: Versions affected: Netty 4.0.0.Final - 4.0.36.Final and 4.1.0.Final
CVE-2016-4969 (Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerl ...)
	NOT-FOR-US: Fortinet
CVE-2016-4968 (The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly As ...)
	NOT-FOR-US: Fortinet
CVE-2016-4967 (Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote aut ...)
	NOT-FOR-US: Fortinet
CVE-2016-4966 (The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLi ...)
	NOT-FOR-US: Fortinet
CVE-2016-4965 (Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote aut ...)
	NOT-FOR-US: Fortinet
CVE-2016-XXXX [AST-2016-005]
	- asterisk 1:13.8.2~dfsg-1
	[jessie] - asterisk <not-affected> (Only affects 13.x)
	[wheezy] - asterisk <not-affected> (Only affects 13.x)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2016-005.html
CVE-2016-5107 (The megasas_lookup_frame function in QEMU, when built with MegaRAID SA ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-2 (bug #825616)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04424.html
	NOTE: Introduced after: http://git.qemu.org/?p=qemu.git;a=commit;h=e8f943c3bcc2a578bfd30b825f2ebaf345c63a09 (v1.2.0-rc0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336461
CVE-2016-5106 (The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-2 (bug #825615)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Introduced after: http://git.qemu.org/?p=qemu.git;a=commit;h=e8f943c3bcc2a578bfd30b825f2ebaf345c63a09 (v1.2.0-rc0)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04340.html
CVE-2016-5105 (The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when  ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-2 (bug #825614)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Introduced after: http://git.qemu.org/?p=qemu.git;a=commit;h=e8f943c3bcc2a578bfd30b825f2ebaf345c63a09 (v1.2.0-rc0)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04419.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1339583
CVE-2016-5104 (The socket_create function in common/socket.c in libimobiledevice and  ...)
	{DLA-2122-1 DLA-2121-1}
	- libimobiledevice 1.2.0+dfsg-3 (bug #825553)
	[wheezy] - libimobiledevice <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/libimobiledevice/libimobiledevice/commit/df1f5c4d70d0c19ad40072f5246ca457e7f9849e
	- libusbmuxd 1.0.10-3 (bug #825554)
	NOTE: https://github.com/libimobiledevice/libusbmuxd/commit/4397b3376dc4e4cb1c991d0aed61ce6482614196
CVE-2016-4552 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1 ...)
	- roundcube 1.2.0+dfsg.1-1
	[wheezy] - roundcube <not-affected> (vulnerable code not present)
	NOTE: https://github.com/roundcube/roundcubemail/issues/5240
	NOTE: https://github.com/roundcube/roundcubemail/pull/5241
	NOTE: https://www.openwall.com/lists/oss-security/2016/05/25/8
CVE-2016-5096 (Integer overflow in the fread function in ext/standard/file.c in PHP b ...)
	{DSA-3602-1 DLA-533-1}
	- php5 5.6.22+dfsg-1
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72114
	NOTE: Fixed in 5.6.22, 5.5.36
	NOTE: https://www.openwall.com/lists/oss-security/2016/05/25/3
CVE-2016-5095 (Integer overflow in the php_escape_html_entities_ex function in ext/st ...)
	{DSA-3602-1 DLA-533-1}
	- php5 5.6.22+dfsg-1
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72135
	NOTE: Fixed in 5.6.22, 5.5.36
	NOTE: https://www.openwall.com/lists/oss-security/2016/05/25/3
	NOTE: For the additional issue reported in the "[2016-05-17 12:55 UTC]" comment
CVE-2016-5094 (Integer overflow in the php_html_entities function in ext/standard/htm ...)
	{DSA-3602-1 DLA-533-1}
	- php5 5.6.22+dfsg-1
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72135
	NOTE: Fixed in 5.6.22, 5.5.36
	NOTE: https://www.openwall.com/lists/oss-security/2016/05/25/3
CVE-2016-5093 (The get_icu_value_internal function in ext/intl/locale/locale_methods. ...)
	{DSA-3602-1 DLA-533-1}
	- php7.0 7.0.7-1
	- php5 5.6.22+dfsg-1
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72241
	NOTE: Fixed in 7.0.7, 5.6.22, 5.5.36
	NOTE: https://www.openwall.com/lists/oss-security/2016/05/25/3
CVE-2016-5091 (Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allo ...)
	- typo3-src <removed>
	[wheezy] - typo3-src <end-of-life> (Not supported in Wheezy LTS)
CVE-2016-5044 (The WRITE_UNALIGNED function in dwarf_elf_access.c in libdwarf before  ...)
	- dwarfutils 20160507-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
CVE-2016-5043 (The dwarf_dealloc function in libdwarf before 20160923 allows remote a ...)
	- dwarfutils 20160507-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
CVE-2016-5042 (The dwarf_get_aranges_list function in libdwarf before 20160923 allows ...)
	{DLA-669-1}
	- dwarfutils 20160507-1
	[jessie] - dwarfutils 20120410-2+deb8u1
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
CVE-2016-5041 (dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to  ...)
	- dwarfutils 20160507-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
CVE-2016-5040 (libdwarf before 20160923 allows remote attackers to cause a denial of  ...)
	- dwarfutils 20160507-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
CVE-2016-5039 (The get_attr_value function in libdwarf before 20160923 allows remote  ...)
	{DLA-669-1}
	- dwarfutils 20160507-1
	[jessie] - dwarfutils 20120410-2+deb8u1
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/eb1472afac95031d0c9dd8c11d527b865fe7deb8/
CVE-2016-5038 (The dwarf_get_macro_startend_file function in dwarf_macro5.c in libdwa ...)
	{DLA-669-1}
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils 20120410-2+deb8u1
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/
CVE-2016-5037 (The _dwarf_load_section function in libdwarf before 20160923 allows re ...)
	- dwarfutils 20160507-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/b6ec2dfd850929821626ea63fb0a752076a3c08a/
CVE-2016-5036 (The dump_block function in print_sections.c in libdwarf before 2016092 ...)
	{DLA-669-1}
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils 20120410-2+deb8u1
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/
CVE-2016-5035 (The _dwarf_read_line_table_header function in dwarf_line_table_reader. ...)
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/
CVE-2016-5034 (dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers ...)
	{DLA-669-1}
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils 20120410-2+deb8u1
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/10ca310f64368dc083efacac87732c02ef560a92/
CVE-2016-5033 (The print_exprloc_content function in libdwarf before 20160923 allows  ...)
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/ac6673e32f3443a5d36c2217cb814000930b2c54/
CVE-2016-5032 (The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allow ...)
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/ac6673e32f3443a5d36c2217cb814000930b2c54/
CVE-2016-5031 (The print_frame_inst_bytes function in libdwarf before 20160923 allows ...)
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/ac6673e32f3443a5d36c2217cb814000930b2c54/
CVE-2016-5030 (The _dwarf_calculate_info_section_end_ptr function in libdwarf before  ...)
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/6fa3f710ee6f21bba7966b963033a91d77c952bd/
CVE-2016-5029 (The create_fullest_file_path function in libdwarf before 20160923 allo ...)
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/acae971371daa23a19358bc62204007d258fbc5e/
CVE-2016-5028 (The print_frame_inst_bytes function in libdwarf before 20160923 allows ...)
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/a55b958926cc67f89a512ed30bb5a22b0adb10f4/
CVE-2016-5027 (dwarf_form.c in libdwarf 20160115 allows remote attackers to cause a d ...)
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1330237
CVE-2016-5026 (hs.py in OnionShare before 0.9.1 allows local users to modify the hidd ...)
	- onionshare 0.8.1-2 (unimportant)
	[jessie] - onionshare <not-affected> (Vulnerable code not present)
	NOTE: Neutralised by kernel hardening (also contrib and non-free not supported)
CVE-2016-4963 (The libxl device-handling in Xen through 4.6.x allows local guest OS u ...)
	{DLA-1493-1}
	- xen 4.8.0~rc3-1
	[wheezy] - xen <no-dsa> (Minor issue, too intrusive to backport, libvirt doesn't have libxl driver enabled)
	NOTE: http://xenbits.xen.org/xsa/advisory-178.html
CVE-2016-4962 (The libxl device-handling in Xen 4.6.x and earlier allows local OS gue ...)
	{DSA-3633-1}
	- xen 4.8.0~rc3-1
	[wheezy] - xen <no-dsa> (Too intrusive to backport, libvirt doesn't have libxl driver enabled)
	NOTE: http://xenbits.xen.org/xsa/advisory-175.html
CVE-2016-4961 (For the NVIDIA Quadro, NVS, and GeForce products, improper sanitizatio ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2016-4960 (For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamK ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2016-4959 (For the NVIDIA Quadro, NVS, and GeForce products, there is a Remote De ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2016-4958
	RESERVED
CVE-2016-4957 (ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial o ...)
	- ntp 1:4.2.8p8+dfsg-1
	[jessie] - ntp <not-affected> (Fix for CVE-2016-1547 wasn't backported)
	[wheezy] - ntp <not-affected> (Fix for CVE-2016-1547 wasn't backported)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3046
CVE-2016-4956 (ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a deni ...)
	- ntp 1:4.2.8p8+dfsg-1
	[jessie] - ntp <not-affected> (Fix for CVE-2016-1548 wasn't backported)
	[wheezy] - ntp <not-affected> (Fix for CVE-2016-1548 wasn't backported)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3042
CVE-2016-4955 (ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote ...)
	- ntp 1:4.2.8p8+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3043
CVE-2016-4954 (The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4 ...)
	- ntp 1:4.2.8p8+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3044
CVE-2016-4953 (ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a deni ...)
	- ntp 1:4.2.8p8+dfsg-1
	[jessie] - ntp <not-affected> (Upstream fix for CVE-2016-1547 or CVE-2015-7979 wasn't backported)
	[wheezy] - ntp <not-affected> (Fix for CVE-2016-1547 or CVE-2015-7979 wasn't backported)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3045
CVE-2016-5117 (OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint re ...)
	- openntpd 1:6.0p1-1 (bug #825856; unimportant)
	[jessie] - openntpd <not-affected> (Vulnerable code introduced later)
	[wheezy] - openntpd <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.openwall.com/lists/oss-security/2016/05/23/2
	NOTE: Authenticated TLS "contraints" introduced in 2015-03-24 OpenNTPD 5.7p4
	NOTE: Option is not enabled at buildtime.
CVE-2016-4964 (The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Qu ...)
	- qemu 1:2.6+dfsg-2 (bug #825207)
	[jessie] - qemu <not-affected> (LSI SAS1068 (mptsas) device support added later)
	[wheezy] - qemu <not-affected> (LSI SAS1068 (mptsas) device support added later)
	- qemu-kvm <not-affected> (LSI SAS1068 (mptsas) device support added later)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04027.html
	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=e351b82611293683c4cabe4b69b7552bde5d4e2a (v2.6.0-rc0)
CVE-2016-4950 (Cloudera Manager 5.5 and earlier allows remote attackers to enumerate  ...)
	NOT-FOR-US: Cloudera Manager
CVE-2016-4949 (Cloudera Manager 5.5 and earlier allows remote attackers to obtain sen ...)
	NOT-FOR-US: Cloudera Manager
CVE-2016-4948 (Multiple cross-site scripting (XSS) vulnerabilities in Cloudera Manage ...)
	NOT-FOR-US: Cloudera Manager
CVE-2016-4947 (Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate us ...)
	NOT-FOR-US: Cloudera HUE
CVE-2016-4946 (Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3. ...)
	NOT-FOR-US: Cloudera HUE
CVE-2016-4945 (Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_ ...)
	NOT-FOR-US: Citrix NetScaler Gateway
CVE-2016-XXXX [mediawiki issues from 1.26.3, 1.25.6 and 1.23.14]
	- mediawiki 1:1.27.0-1
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-May/000188.html
CVE-2016-4952 (QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual S ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-2 (bug #825210)
	[wheezy] - qemu <not-affected> (VMWare PVSCSI paravirtual device implementation introduced later)
	- qemu-kvm <not-affected> (VMWare PVSCSI paravirtual device implementation introduced later)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03774.html
	NOTE: Introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=881d588a98bf0dce98ddb65c15aa0854c0ac41ed (v1.5.0-rc0)
CVE-2016-4951 (The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kerne ...)
	- linux 4.5.5-1
	[jessie] - linux <not-affected> (Introduced in 3.19)
	[wheezy] - linux <not-affected> (Introduced in 3.19)
	NOTE: http://lists.openwall.net/netdev/2016/05/14/28
	NOTE: Fixed by: https://git.kernel.org/linus/45e093ae2830cd1264677d47ff9a95a71f5d9f9c
	NOTE: Introduced by: https://git.kernel.org/linus/1a1a143daf84db95dd7212086042004a3abb7bc2 (v3.19-rc1)
CVE-2016-4944
	RESERVED
CVE-2016-4943
	RESERVED
CVE-2016-4942
	RESERVED
CVE-2016-4941
	REJECTED
CVE-2016-4940
	REJECTED
CVE-2016-4939
	REJECTED
CVE-2016-4938
	REJECTED
CVE-2016-4937
	REJECTED
CVE-2016-4936
	REJECTED
CVE-2016-4935
	REJECTED
CVE-2016-4934
	REJECTED
CVE-2016-4933
	REJECTED
CVE-2016-4932
	REJECTED
CVE-2016-4931 (XML entity injection in Junos Space before 15.2R2 allows attackers to  ...)
	NOT-FOR-US: Juniper
CVE-2016-4930 (Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2  ...)
	NOT-FOR-US: Juniper
CVE-2016-4929 (Command injection vulnerability in Junos Space before 15.2R2 allows at ...)
	NOT-FOR-US: Juniper
CVE-2016-4928 (Cross site request forgery vulnerability in Junos Space before 15.2R2  ...)
	NOT-FOR-US: Juniper
CVE-2016-4927 (Insufficient validation of SSH keys in Junos Space before 15.2R2 allow ...)
	NOT-FOR-US: Juniper
CVE-2016-4926 (Insufficient authentication vulnerability in Junos Space before 15.2R2 ...)
	NOT-FOR-US: Juniper
CVE-2016-4925 (Receipt of a specifically malformed IPv6 packet processed by the route ...)
	NOT-FOR-US: Juniper
CVE-2016-4924 (An incorrect permissions vulnerability in Juniper Networks Junos OS on ...)
	NOT-FOR-US: Juniper
CVE-2016-4923 (Insufficient cross site scripting protection in J-Web component in Jun ...)
	NOT-FOR-US: Juniper
CVE-2016-4922 (Certain combinations of Junos OS CLI commands and arguments have been  ...)
	NOT-FOR-US: Juniper
CVE-2016-4921 (By flooding a Juniper Networks router running Junos OS with specially  ...)
	NOT-FOR-US: Juniper
CVE-2016-4920
	RESERVED
CVE-2016-4919
	RESERVED
CVE-2016-4918
	RESERVED
CVE-2016-4917
	RESERVED
CVE-2016-4916
	RESERVED
CVE-2016-4915
	RESERVED
CVE-2016-4914
	RESERVED
CVE-2016-1000001 (flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect ...)
	NOT-FOR-US: flask-oidc
CVE-2016-1000000 (Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Bl ...)
	NOT-FOR-US: Ipswitch
CVE-2016-4910 (Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to  ...)
	NOT-FOR-US: Cybozu
CVE-2016-4909 (Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 ...)
	NOT-FOR-US: Cybozu
CVE-2016-4908 (Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to  ...)
	NOT-FOR-US: Cybozu
CVE-2016-4907 (Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tok ...)
	NOT-FOR-US: Cybozu
CVE-2016-4906 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 all ...)
	NOT-FOR-US: Cybozu
CVE-2016-4905 (SQL injection vulnerability in the WP-OliveCart versions prior to 3.1. ...)
	NOT-FOR-US: WP-OliveCart
CVE-2016-4904 (Cross-site request forgery (CSRF) vulnerability in WP-OliveCart versio ...)
	NOT-FOR-US: WP-OliveCart
CVE-2016-4903 (Cross-site scripting vulnerability in WP-OliveCart versions prior to 3 ...)
	NOT-FOR-US: WP-OliveCart
CVE-2016-4902 (Untrusted search path vulnerability in The Public Certification Servic ...)
	NOT-FOR-US: Public Certification Service for Individuals
CVE-2016-4901 (Untrusted search path vulnerability in The installer of e-Tax Software ...)
	NOT-FOR-US: e-Tax
CVE-2016-4900 (Untrusted search path vulnerability in Evernote for Windows versions p ...)
	NOT-FOR-US: Evernote
CVE-2016-4899 (The datamover module in the Linux version of NovaBACKUP DataCenter bef ...)
	NOT-FOR-US: NovaBACKUP
CVE-2016-4898 (The datamover module in the Linux version of NovaBACKUP DataCenter bef ...)
	NOT-FOR-US: NovaBACKUP
CVE-2016-4897 (Multiple cross-site scripting (XSS) vulnerabilities in (1) filter/save ...)
	NOT-FOR-US: Usermin
CVE-2016-4896 (SetsucoCMS all versions does not properly manage sessions, which allow ...)
	NOT-FOR-US: SetucoCMS
CVE-2016-4895 (SetsucoCMS all versions allows remote authenticated attackers to condu ...)
	NOT-FOR-US: SetucoCMS
CVE-2016-4894 (SetsucoCMS all versions allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: SetucoCMS
CVE-2016-4893 (SQL injection vulnerability in the SetsucoCMS all versions allows remo ...)
	NOT-FOR-US: SetucoCMS
CVE-2016-4892 (Cross-site scripting vulnerability in SetsucoCMS all versions allows r ...)
	NOT-FOR-US: SetucoCMS
CVE-2016-4891 (Cross-site request forgery (CSRF) vulnerability in SetsucoCMS all vers ...)
	NOT-FOR-US: SetucoCMS
CVE-2016-4890 (ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method  ...)
	NOT-FOR-US: ZOHO ManageEngine ServiceDesk Plus
CVE-2016-4889 (ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authentica ...)
	NOT-FOR-US: ZOHO ManageEngine ServiceDesk Plus
CVE-2016-4888 (Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceD ...)
	NOT-FOR-US: ZOHO ManageEngine ServiceDesk Plus
CVE-2016-4887 (Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Upl ...)
	NOT-FOR-US: baserCMS
CVE-2016-4886 (Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mai ...)
	NOT-FOR-US: baserCMS
CVE-2016-4885 (Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Fee ...)
	NOT-FOR-US: baserCMS
CVE-2016-4884 (Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blo ...)
	NOT-FOR-US: baserCMS
CVE-2016-4883 (Cross-site scripting vulnerability in baserCMS version 3.0.10 and earl ...)
	NOT-FOR-US: baserCMS
CVE-2016-4882 (Cross-site request forgery (CSRF) vulnerability in baserCMS version 3. ...)
	NOT-FOR-US: baserCMS
CVE-2016-4881 (Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blo ...)
	NOT-FOR-US: baserCMS
CVE-2016-4880 (Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0 ...)
	NOT-FOR-US: baserCMS
CVE-2016-4879 (Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mai ...)
	NOT-FOR-US: baserCMS
CVE-2016-4878 (Cross-site request forgery (CSRF) vulnerability in baserCMS version 3. ...)
	NOT-FOR-US: baserCMS
CVE-2016-4877 (Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0 ...)
	NOT-FOR-US: baserCMS
CVE-2016-4876 (Cross-site request forgery (CSRF) vulnerability in baserCMS version 3. ...)
	NOT-FOR-US: baserCMS
CVE-2016-4875 (Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) A ...)
	NOT-FOR-US: IVYWE
CVE-2016-4874 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct  ...)
	NOT-FOR-US: Cybozu
CVE-2016-4873 (Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to ...)
	NOT-FOR-US: Cybozu
CVE-2016-4872 (Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to ...)
	NOT-FOR-US: Cybozu
CVE-2016-4871 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a  ...)
	NOT-FOR-US: Cybozu
CVE-2016-4870 (Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 al ...)
	NOT-FOR-US: Cybozu
CVE-2016-4869 (Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session ...)
	NOT-FOR-US: Cybozu
CVE-2016-4868 (Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0  ...)
	NOT-FOR-US: Cybozu
CVE-2016-4867 (Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to ...)
	NOT-FOR-US: Cybozu
CVE-2016-4866 (Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 al ...)
	NOT-FOR-US: Cybozu
CVE-2016-4865 (Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 al ...)
	NOT-FOR-US: Cybozu
CVE-2016-4864 (H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remo ...)
	- h2o <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/h2o/h2o/issues/1077
CVE-2016-4863 (The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware versi ...)
	NOT-FOR-US: Toshiba FlashAir
CVE-2016-4862 (Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with  ...)
	NOT-FOR-US: Twigmo
CVE-2016-4861 (The (1) order and (2) group methods in Zend_Db_Select in the Zend Fram ...)
	{DLA-1403-1 DLA-646-1}
	- zendframework 1.12.20+dfsg-1
	NOTE: http://framework.zend.com/security/advisory/ZF2016-03
	NOTE: This security fix can be considered an improvement of the previous ZF2016-02
	NOTE: and ZF2014-04 advisories.
	NOTE: Fixed by: https://github.com/zendframework/zf1/commit/b1c71dd94296d9000127720c85a7ea9e3b35af4b (1.12.20)
CVE-2016-4860 (Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not requi ...)
	NOT-FOR-US: Yokogawa STARDOM
CVE-2016-4859 (Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, ...)
	NOT-FOR-US: Splunk
CVE-2016-4858 (Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to ...)
	NOT-FOR-US: Splunk
CVE-2016-4857 (Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, ...)
	NOT-FOR-US: Splunk
CVE-2016-4856 (Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to ...)
	NOT-FOR-US: Splunk
CVE-2016-4855 (Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 a ...)
	{DLA-620-1}
	- libphp-adodb 5.20.6-1 (unimportant; bug #837418)
	[jessie] - libphp-adodb 5.15-1+deb8u1
	NOTE: https://github.com/ADOdb/ADOdb/issues/274
	NOTE: https://jvn.jp/en/jp/JVN48237713/
	NOTE: https://github.com/ADOdb/ADOdb/commit/ecb93d8c1
	NOTE: Vulnerable file is shipped as an example only
CVE-2016-4854 (Cross-site request forgery (CSRF) vulnerability in L-04D firmware vers ...)
	NOT-FOR-US: L-04D firmware
CVE-2016-4853 (AKABEi SOFT2 games allow remote attackers to execute arbitrary OS comm ...)
	NOT-FOR-US: AKABEi SOFT2
CVE-2016-4852 (YoruFukurou (NightOwl) before 2.85 relies on support for emoji skin-to ...)
	NOT-FOR-US: YoruFukurou
CVE-2016-4851 (Cross-site scripting (XSS) vulnerability in Let's PHP! simple chat bef ...)
	NOT-FOR-US: Let's PHP! simple chat
CVE-2016-4850 (LINE for Windows before 4.8.3 allows man-in-the-middle attackers to ex ...)
	NOT-FOR-US: LINE for Windows
CVE-2016-4849 (Multiple cross-site scripting (XSS) vulnerabilities in Geeklog IVYWE e ...)
	NOT-FOR-US: Geeklog
CVE-2016-4848 (Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 RC ...)
	NOT-FOR-US: ClipBucket
CVE-2016-4847 (Cross-site scripting (XSS) vulnerability in site/search.php in OSSEC W ...)
	NOT-FOR-US: OSSEC Web UI
CVE-2016-4846 (Untrusted search path vulnerability in the installer of PhishWall Clie ...)
	NOT-FOR-US: PhishWall Client Internet Explorer
CVE-2016-4845 (Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL ...)
	NOT-FOR-US: I-O DATA
CVE-2016-4844 (Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickj ...)
	NOT-FOR-US: Cybozu
CVE-2016-4843 (Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensiti ...)
	NOT-FOR-US: Cybozu
CVE-2016-4842 (Cybozu Mailwise before 5.4.0 allows remote attackers to obtain informa ...)
	NOT-FOR-US: Cybozu
CVE-2016-4841 (Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitra ...)
	NOT-FOR-US: Cybozu
CVE-2016-4840 (Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus  ...)
	NOT-FOR-US: Coordinate Plus App for Android
CVE-2016-4839 (The Android Apps Money Forward (prior to v7.18.0), Money Forward for T ...)
	NOT-FOR-US: Money Forward
CVE-2016-4838 (The Android Apps Money Forward (prior to v7.18.0), Money Forward for T ...)
	NOT-FOR-US: Money Forward
CVE-2016-4837 (SQL injection vulnerability in the Seed Coupon plugin before 1.6 for E ...)
	NOT-FOR-US: EC-CUBE
CVE-2016-4836
	REJECTED
CVE-2016-4835
	REJECTED
CVE-2016-4834 (modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does no ...)
	NOT-FOR-US: Vtiger
CVE-2016-4833 (Cross-site scripting (XSS) vulnerability in the Nofollow Links plugin  ...)
	NOT-FOR-US: Nofollow Links plugin for WordPress
CVE-2016-4832 (WAON "Service Application" for Android 1.4.1 and earlier does not veri ...)
	NOT-FOR-US: WAON "Service Application" for Android
CVE-2016-4831 (Untrusted search path vulnerability in LINE and LINE Installer 4.7.0 a ...)
	NOT-FOR-US: LINE
CVE-2016-4830 (Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android 2.1 ...)
	NOT-FOR-US: Sushiro App
CVE-2016-4829 (DMM Movie Player App for Android before 1.2.1, and DMM Movie Player Ap ...)
	NOT-FOR-US: DMM Movie Player App
CVE-2016-4828 (The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishan ...)
	NOT-FOR-US: Collne Welcart e-Commerce plugin for WordPress
CVE-2016-4827 (Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Comme ...)
	NOT-FOR-US: Collne Welcart e-Commerce plugin for WordPress
CVE-2016-4826 (Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Comme ...)
	NOT-FOR-US: Collne Welcart e-Commerce plugin for WordPress
CVE-2016-4825 (The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows ...)
	NOT-FOR-US: Collne Welcart e-Commerce plugin for WordPress
CVE-2016-4824 (The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV  ...)
	NOT-FOR-US: Corega
CVE-2016-4823 (Corega CG-WLBARAGM devices allow remote attackers to cause a denial of ...)
	NOT-FOR-US: Corega
CVE-2016-4822 (Corega CG-WLBARGL devices allow remote authenticated users to execute  ...)
	NOT-FOR-US: Corega
CVE-2016-4821 (I-O DATA DEVICE ETX-R devices allow remote attackers to cause a denial ...)
	NOT-FOR-US: I-O DATA
CVE-2016-4820 (Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX ...)
	NOT-FOR-US: I-O DATA
CVE-2016-4819 (The printfDx function in Takumi Yamada DX Library for Borland C++ 3.13 ...)
	NOT-FOR-US: Borland
CVE-2016-4818 (DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for Androi ...)
	NOT-FOR-US: DMMFX
CVE-2016-4817 (lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5  ...)
	- h2o <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/h2o/h2o/pull/920
	NOTE: https://github.com/h2o/h2o/commit/1c0808d580da09fdec5a9a74ff09e103ea058dd4
CVE-2016-4816 (BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S60 ...)
	NOT-FOR-US: BUFFALO
CVE-2016-4815 (Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with  ...)
	NOT-FOR-US: BUFFALO
CVE-2016-4814 (Directory traversal vulnerability in kml2jsonp.php in Geospatial Infor ...)
	NOT-FOR-US: Old_GSI_Maps
CVE-2016-4813 (NetCommons 2.4.2.1 and earlier allows remote authenticated secretariat ...)
	NOT-FOR-US: NetCommons
CVE-2016-4812 (Cross-site scripting (XSS) vulnerability in the Markdown on Save Impro ...)
	NOT-FOR-US: Markdown on Save Improved plugin for WordPress
CVE-2016-4811 (The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.15 ...)
	NOT-FOR-US: NTT
CVE-2016-4810 (Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR C ...)
	NOT-FOR-US: Citrix
CVE-2016-4913 (The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux k ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.4-1
	NOTE: Fixed by: https://git.kernel.org/linus/99d825822eade8d827a1817357cbf3f889a552d6 (v4.6)
CVE-2016-4912 (The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remot ...)
	- openslp-dfsg <not-affected> (Vulnerable code not present)
	NOTE: Issue present only in OpenSLP 2.x where the return from malloc isn't checked.
CVE-2016-4911 (The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x befor ...)
	- keystone 2:9.0.0-2 (bug #824683)
	[jessie] - keystone <not-affected> (affects only 9.0.0)
	[wheezy] - keystone <not-affected> (affects only 9.0.0)
	NOTE: https://launchpad.net/bugs/1577558
CVE-2016-4809 (The archive_read_format_cpio_read_header function in archive_read_supp ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.1-1
	NOTE: https://github.com/libarchive/libarchive/issues/705
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/fd7e0c02e272913a0a8b6d492c7260dfca0b1408 (v3.2.1)
CVE-2016-10321 (web2py before 2.14.6 does not properly check if a host is denied befor ...)
	- web2py <removed> (bug #860038)
	[jessie] - web2py <ignored> (Minor issue; issue in web admin interface which has no need to be used in production)
	[wheezy] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
	NOTE: https://github.com/web2py/web2py/issues/1585#issuecomment-284317919
	NOTE: https://github.com/web2py/web2py/commit/944d8bd8f3c5cf8ae296fc03d149056c65358426
CVE-2016-4808 (Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Requ ...)
	- web2py <removed> (bug #856127)
	[jessie] - web2py <ignored> (Minor issue; issue in web admin interface which has no need to be used in production)
	[wheezy] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
	NOTE: https://github.com/web2py/web2py/issues/1585
	NOTE: https://github.com/web2py/web2py/commit/4bd002aee978813bc664cf186ef38ff4e8bbe1cd
CVE-2016-4807 (Web2py versions 2.14.5 and below was affected by Reflected XSS vulnera ...)
	- web2py <removed> (bug #856127)
	[jessie] - web2py <ignored> (Minor issue; issue in web admin interface which has no need to be used in production)
	[wheezy] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
	NOTE: https://github.com/web2py/web2py/issues/1585
	NOTE: https://github.com/web2py/web2py/commit/51c3b633fe7ad647bc3013e899c1e3a910362dd1
CVE-2016-4806 (Web2py versions 2.14.5 and below was affected by Local File Inclusion  ...)
	- web2py <removed> (bug #856127)
	[jessie] - web2py <ignored> (Minor issue; issue in web admin interface which has no need to be used in production)
	[wheezy] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
	NOTE: https://github.com/web2py/web2py/issues/1585
	NOTE: https://github.com/web2py/web2py/issues/1316
	NOTE: https://github.com/web2py/web2py/commit/1b42fe65472930668435007cfcb077207051ba34
CVE-2016-4803 (CRLF injection vulnerability in the send email functionality in dotCMS ...)
	NOT-FOR-US: dotCMS
CVE-2016-4802 (Multiple untrusted search path vulnerabilities in cURL and libcurl bef ...)
	- curl <not-affected> (Windows only)
CVE-2016-4801
	RESERVED
CVE-2016-4800 (The path normalization mechanism in PathResource class in Eclipse Jett ...)
	- jetty9 <not-affected> (Only affects Jetty >= 9.3.0, Jetty <= 9.3.8)
	- jetty8 <not-affected> (Only affects 9.3.x)
	- jetty <not-affected> (Only affects 9.3.x)
	NOTE: http://www.ocert.org/advisories/ocert-2016-001.html
CVE-2016-4805 (Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the L ...)
	{DSA-3607-1}
	- linux 4.5.2-1
	[wheezy] - linux 3.2.81-1
	NOTE: Fixed by: https://git.kernel.org/linus/1f461dcdd296eecedaffffc6bae2bfa90bd7eb89 (v4.6-rc1)
	NOTE: Introduced by: https://git.kernel.org/linus/273ec51dd7ceaa76e038875d85061ec856d8905e (v2.6.30)
CVE-2016-4804 (The read_boot function in boot.c in dosfstools before 4.0 allows attac ...)
	{DLA-2224-1 DLA-474-1}
	- dosfstools 4.0-1
	NOTE: https://github.com/dosfstools/dosfstools/issues/25
	NOTE: https://github.com/dosfstools/dosfstools/issues/26
	NOTE: https://github.com/dosfstools/dosfstools/commit/e8eff147e9da1185f9afd5b25948153a3b97cf52
CVE-2016-4799
	RESERVED
CVE-2016-4798
	RESERVED
CVE-2016-4795
	RESERVED
CVE-2016-4793 (The clientIp function in CakePHP 3.2.4 and earlier allows remote attac ...)
	{DLA-835-1}
	- cakephp 2.8.3-1
	[jessie] - cakephp <no-dsa> (Minor issue)
	NOTE: http://legalhackers.com/advisories/CakePHP-IP-Spoofing-Vulnerability.txt
	NOTE: https://bakery.cakephp.org/2016/03/13/cakephp_2613_2711_282_3017_3112_325_released.html
	NOTE: Fixed by https://github.com/cakephp/cakephp/commit/48af49ddde16c8b99edb701f1c31283455b2b0b6
CVE-2016-4792 (Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2016-4791 (The administrative user interface in Pulse Connect Secure (PCS) 8.2 be ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2016-4790 (Cross-site scripting (XSS) vulnerability in the administrative user in ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2016-4789 (Cross-site scripting (XSS) vulnerability in the system configuration s ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2016-4788 (Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 bef ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2016-4787 (Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 bef ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2016-4786 (Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 bef ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2016-4785 (A vulnerability has been identified in Firmware variant PROFINET IO fo ...)
	NOT-FOR-US: Siemens
CVE-2016-4784 (A vulnerability has been identified in firmware variant PROFINET IO fo ...)
	NOT-FOR-US: Siemens
CVE-2016-4783 (Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before 3.5. ...)
	NOT-FOR-US: Lenovo
CVE-2016-4782 (Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote at ...)
	NOT-FOR-US: Lenovo
CVE-2016-4781 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4780 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-4779 (Apple Type Services (ATS) in Apple OS X before 10.12 allows remote att ...)
	NOT-FOR-US: Apple
CVE-2016-4778 (The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10,  ...)
	NOT-FOR-US: Apple
CVE-2016-4777 (The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10,  ...)
	NOT-FOR-US: Apple
CVE-2016-4776 (The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10,  ...)
	NOT-FOR-US: Apple
CVE-2016-4775 (The kernel in Apple OS X before 10.12, tvOS before 10, and watchOS bef ...)
	NOT-FOR-US: Apple
CVE-2016-4774 (The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10,  ...)
	NOT-FOR-US: Apple
CVE-2016-4773 (The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10,  ...)
	NOT-FOR-US: Apple
CVE-2016-4772 (The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10,  ...)
	NOT-FOR-US: Apple
CVE-2016-4771 (The kernel in Apple iOS before 10 and OS X before 10.12 allows local u ...)
	NOT-FOR-US: Apple
CVE-2016-4770
	REJECTED
CVE-2016-4769 (WebKit in Apple iTunes before 12.5.1 on Windows and Safari before 10 a ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4768 (WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4767 (WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4766 (WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4765 (WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4764 (An issue was discovered in certain Apple products. iOS before 10 is af ...)
	NOT-FOR-US: Apple
CVE-2016-4763 (WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Wi ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4762 (WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, iCloud ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4761 (WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow rem ...)
	- webkitgtk <removed> (unimportant)
	NOTE: https://www.openwall.com/lists/oss-security/2016/11/04/14
	NOTE: Not covered by security support
CVE-2016-4760 (WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Sa ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4759 (WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4758 (WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Sa ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4757
	REJECTED
CVE-2016-4756
	REJECTED
CVE-2016-4755 (Terminal in Apple OS X before 10.12 uses weak permissions for the .bas ...)
	NOT-FOR-US: Apple
CVE-2016-4754 (ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cip ...)
	NOT-FOR-US: Apple
CVE-2016-4753 (Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS be ...)
	NOT-FOR-US: Apple
CVE-2016-4752 (The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does  ...)
	NOT-FOR-US: Apple
CVE-2016-4751 (The Safari Tabs component in Apple Safari before 10 allows remote atta ...)
	NOT-FOR-US: Apple
CVE-2016-4750 (S2 Camera in Apple iOS before 10 and OS X before 10.12 allows attacker ...)
	NOT-FOR-US: Apple
CVE-2016-4749 (Printing UIKit in Apple iOS before 10 mishandles environment variables ...)
	NOT-FOR-US: Apple
CVE-2016-4748 (Perl in Apple OS X before 10.12 allows local users to bypass the taint ...)
	NOT-FOR-US: Apple
CVE-2016-4747 (Mail in Apple iOS before 10 mishandles certificates, which makes it ea ...)
	NOT-FOR-US: Apple
CVE-2016-4746 (The Keyboards component in Apple iOS before 10 does not properly use a ...)
	NOT-FOR-US: Apple
CVE-2016-4745 (The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does n ...)
	NOT-FOR-US: Apple
CVE-2016-4744
	REJECTED
CVE-2016-4743 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-4742 (NSSecureTextField in Apple OS X before 10.12 does not enable Secure In ...)
	NOT-FOR-US: Apple
CVE-2016-4741 (The Assets component in Apple iOS before 10 allows man-in-the-middle a ...)
	NOT-FOR-US: Apple
CVE-2016-4740 (Apple iOS before 10, when Handoff for Messages is used, does not ensur ...)
	NOT-FOR-US: Apple
CVE-2016-4739 (mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used ...)
	NOT-FOR-US: Apple
CVE-2016-4738 (libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and ...)
	{DSA-3709-1 DLA-700-1}
	- libxslt 1.1.29-2 (bug #842570)
	NOTE: https://git.gnome.org/browse/libxslt/commit/?id=eb1030de31165b68487f288308f9d1810fed6880
	NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=619006
CVE-2016-4737 (WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and w ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4736 (libarchive in Apple OS X before 10.12 allows remote attackers to cause ...)
	NOT-FOR-US: Apple / libarchive
	NOTE: Possibly Apple-specific, but noone really knows and Apple doesn't cooperate
CVE-2016-4735 (WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 al ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4734 (WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 al ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4733 (WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 al ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4732
	REJECTED
CVE-2016-4731 (WebKit in Apple iOS before 10 and Safari before 10 allows remote attac ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4730 (WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 al ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4729 (WebKit in Apple iOS before 10 and Safari before 10 allows remote attac ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4728 (WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4727 (IOThunderboltFamily in Apple OS X before 10.12 allows attackers to exe ...)
	NOT-FOR-US: Apple
CVE-2016-4726 (IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS be ...)
	NOT-FOR-US: Apple
CVE-2016-4725 (IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS be ...)
	NOT-FOR-US: Apple
CVE-2016-4724 (IOAcceleratorFamily in Apple iOS before 10 and OS X before 10.12 allow ...)
	NOT-FOR-US: Apple
CVE-2016-4723 (Intel Graphics Driver in Apple OS X before 10.12 allows attackers to e ...)
	NOT-FOR-US: Intel driver for OS X
CVE-2016-4722 (The IDS - Connectivity component in Apple iOS before 10 and OS X befor ...)
	NOT-FOR-US: Apple
CVE-2016-4721 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4720
	REJECTED
CVE-2016-4719 (The GeoServices component in Apple iOS before 10 and watchOS before 3  ...)
	NOT-FOR-US: Apple
CVE-2016-4718 (Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.1 ...)
	NOT-FOR-US: Apple
CVE-2016-4717 (The File Bookmark component in Apple OS X before 10.12 mishandles scop ...)
	NOT-FOR-US: Apple
CVE-2016-4716 (diskutil in DiskArbitration in Apple OS X before 10.12 allows local us ...)
	NOT-FOR-US: Apple
CVE-2016-4715 (The Date &amp; Time Pref Pane component in Apple OS X before 10.12 mis ...)
	NOT-FOR-US: Apple
CVE-2016-4714
	REJECTED
CVE-2016-4713 (CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitr ...)
	NOT-FOR-US: Apple
CVE-2016-4712 (CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10,  ...)
	NOT-FOR-US: Apple
CVE-2016-4711 (CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X b ...)
	NOT-FOR-US: Apple
CVE-2016-4710 (WindowServer in Apple OS X before 10.12 allows local users to obtain r ...)
	NOT-FOR-US: Apple
CVE-2016-4709 (WindowServer in Apple OS X before 10.12 allows local users to obtain r ...)
	NOT-FOR-US: Apple
CVE-2016-4708 (CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, a ...)
	NOT-FOR-US: Apple
CVE-2016-4707 (CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Loca ...)
	NOT-FOR-US: Apple
CVE-2016-4706 (cd9660 in Apple OS X before 10.12 allows local users to cause a denial ...)
	NOT-FOR-US: Apple
CVE-2016-4705 (otool in Apple Xcode before 8 allows local users to gain privileges or ...)
	NOT-FOR-US: Apple
CVE-2016-4704 (otool in Apple Xcode before 8 allows local users to gain privileges or ...)
	NOT-FOR-US: Apple
CVE-2016-4703 (Bluetooth in Apple OS X before 10.12 allows attackers to execute arbit ...)
	NOT-FOR-US: Apple
CVE-2016-4702 (Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and w ...)
	NOT-FOR-US: Apple
CVE-2016-4701 (Application Firewall in Apple OS X before 10.12 allows local users to  ...)
	NOT-FOR-US: Apple
CVE-2016-4700 (AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitr ...)
	NOT-FOR-US: Apple
CVE-2016-4699 (AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitr ...)
	NOT-FOR-US: Apple
CVE-2016-4698 (AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12  ...)
	NOT-FOR-US: Apple
CVE-2016-4697 (Apple HSSPI Support in Apple OS X before 10.12 allows attackers to exe ...)
	NOT-FOR-US: Apple
CVE-2016-4696 (AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2016-4695
	REJECTED
CVE-2016-4694 (The Apache HTTP Server in Apple OS X before 10.12 and OS X Server befo ...)
	NOT-FOR-US: Apple CVE assignment to the equivalent of CVE-2016-5387
CVE-2016-4693 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4692 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-4691 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4690 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4689 (An issue was discovered in certain Apple products. iOS before 10.2 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4688 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4687
	REJECTED
CVE-2016-4686 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4685 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4684
	REJECTED
CVE-2016-4683 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-4682 (An issue was discovered in certain Apple products. macOS before 10.12  ...)
	NOT-FOR-US: Apple
CVE-2016-4681 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-4680 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4679 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4678 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-4677 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4676 (A Cross-origin vulnerability exists in WebKit in Apple Safari before 1 ...)
	NOT-FOR-US: Apple
CVE-2016-4675 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4674 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-4673 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4672
	REJECTED
CVE-2016-4671 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-4670 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4669 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4668
	REJECTED
CVE-2016-4667 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-4666 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4665 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4664 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4663 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-4662 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-4661 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
	NOT-FOR-US: Apple
CVE-2016-4660 (An issue was discovered in certain Apple products. iOS before 10.1 is  ...)
	NOT-FOR-US: Apple
CVE-2016-4659
	REJECTED
CVE-2016-4658 (xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS ...)
	{DSA-3744-1 DLA-691-1}
	- libxml2 2.9.4+dfsg1-2.1 (bug #840553)
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b
CVE-2016-4657 (WebKit in Apple iOS before 9.3.5 allows remote attackers to execute ar ...)
	- webkitgtk <removed> (unimportant)
	NOTE: https://www.youtube.com/watch?v=xkdPjbaLngE
	NOTE: Not covered by security support
CVE-2016-4656 (The kernel in Apple iOS before 9.3.5 allows attackers to execute arbit ...)
	NOT-FOR-US: Apple
CVE-2016-4655 (The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensit ...)
	NOT-FOR-US: Apple
CVE-2016-4654 (IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to exec ...)
	NOT-FOR-US: Apple
CVE-2016-4653 (The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-4652 (CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain ...)
	NOT-FOR-US: Apple
CVE-2016-4651 (Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bind ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4650 (Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, O ...)
	NOT-FOR-US: Apple
CVE-2016-4649 (Audio in Apple OS X before 10.11.6 allows local users to cause a denia ...)
	NOT-FOR-US: Apple
CVE-2016-4648 (Audio in Apple OS X before 10.11.6 allows local users to obtain sensit ...)
	NOT-FOR-US: Apple
CVE-2016-4647 (Audio in Apple OS X before 10.11.6 allows local users to gain privileg ...)
	NOT-FOR-US: Apple
CVE-2016-4646 (Audio in Apple OS X before 10.11.6 mishandles a size value, which allo ...)
	NOT-FOR-US: Apple
CVE-2016-4645 (CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-b ...)
	NOT-FOR-US: Apple
CVE-2016-4644 (In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10 ...)
	NOT-FOR-US: Apple
CVE-2016-4643 (In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10 ...)
	NOT-FOR-US: Apple
CVE-2016-4642 (In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10 ...)
	NOT-FOR-US: Apple
CVE-2016-4641 (Login Window in Apple OS X before 10.11.6 allows attackers to execute  ...)
	NOT-FOR-US: Apple
CVE-2016-4640 (Login Window in Apple OS X before 10.11.6 allows attackers to execute  ...)
	NOT-FOR-US: Apple
CVE-2016-4639 (Login Window in Apple OS X before 10.11.6 does not properly initialize ...)
	NOT-FOR-US: Apple
CVE-2016-4638 (Login Window in Apple OS X before 10.11.6 allows attackers to gain pri ...)
	NOT-FOR-US: Apple
CVE-2016-4637 (CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS befo ...)
	NOT-FOR-US: Apple
CVE-2016-4636
	REJECTED
CVE-2016-4635 (FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man- ...)
	NOT-FOR-US: Apple
CVE-2016-4634 (The Graphics Drivers subsystem in Apple OS X before 10.11.6 allows loc ...)
	NOT-FOR-US: Apple
CVE-2016-4633 (Intel Graphics Driver in Apple OS X before 10.11.6 allows attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-4632 (ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9. ...)
	NOT-FOR-US: Apple
CVE-2016-4631 (ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9. ...)
	NOT-FOR-US: Apple
CVE-2016-4630 (ImageIO in Apple OS X before 10.11.6 allows remote attackers to execut ...)
	NOT-FOR-US: Apple
CVE-2016-4629 (ImageIO in Apple OS X before 10.11.6 allows remote attackers to execut ...)
	NOT-FOR-US: Apple
CVE-2016-4628 (IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 ...)
	NOT-FOR-US: Apple
CVE-2016-4627 (IOAcceleratorFamily in Apple iOS before 9.3.3, tvOS before 9.2.2, and  ...)
	NOT-FOR-US: Apple
CVE-2016-4626 (IOHIDFamily in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS befor ...)
	NOT-FOR-US: Apple
CVE-2016-4625 (Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 ...)
	NOT-FOR-US: Apple
CVE-2016-4624 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
	- webkit2gtk 2.12.4-1 (unimportant)
CVE-2016-4623 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4622 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
	- webkit2gtk 2.12.4-1 (unimportant)
CVE-2016-4621 (libc++abi in Apple OS X before 10.11.6 allows attackers to execute arb ...)
	NOT-FOR-US: Apple
CVE-2016-4620 (The Sandbox Profiles component in Apple iOS before 10 does not properl ...)
	NOT-FOR-US: Apple
CVE-2016-4619
	REJECTED
CVE-2016-4618 (Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS ...)
	NOT-FOR-US: Apple
CVE-2016-4617 (An issue was discovered in certain Apple products. macOS before 10.12  ...)
	NOT-FOR-US: Apple
CVE-2016-4616 (libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before  ...)
	NOT-FOR-US: Possibly Apple-specific CVE ID for libxml2
	NOTE: contacted Apple for more information, but no reply for quite a while
CVE-2016-4615 (libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before  ...)
	NOT-FOR-US: Possibly Apple-specific CVE ID for libxml2
	NOTE: contacted Apple for more information, but no reply for quite a while
CVE-2016-4614 (libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before  ...)
	NOT-FOR-US: Possibly Apple-specific CVE ID for libxml2
	NOTE: contacted Apple for more information, but no reply for quite a while
CVE-2016-4613 (An issue was discovered in certain Apple products. Safari before 10.0. ...)
	NOT-FOR-US: Apple
CVE-2016-4612
	REJECTED
CVE-2016-4611 (WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 al ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4610 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before  ...)
	{DLA-1860-1}
	- libxslt 1.1.29-1
	NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/93bb314768aafaffad1df15bbee10b7c5423e283 (v1.1.29-rc1)
CVE-2016-4609 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before  ...)
	{DLA-1860-1}
	- libxslt 1.1.29-1
	NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/8b90c9a699e0eaa98bbeec63a473ddc73aaa238c (v1.1.29-rc1)
CVE-2016-4608 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before  ...)
	- libxslt 1.1.29-1
	[jessie] - libxslt 1.1.28-2+deb8u1
	NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/5d0c6565bab5b9b7efceb33b626916d22b4101a7 (v1.1.29-rc1)
CVE-2016-4607 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before  ...)
	NOT-FOR-US: Potentially src:libxslt, but Apple doesn't play by the rules
	NOTE: contacted Apple for more information, but no reply for quite a while.
	NOTE: Apple still does not provide information on this CVE, although it is
	NOTE: possible that it's fixed in 1.1.29 upstream.
CVE-2016-4606 (Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 al ...)
	- curl <not-affected> (Only applies to Curl on Mac OS)
CVE-2016-4605 (Calendar in Apple iOS before 9.3.3 allows remote attackers to cause a  ...)
	NOT-FOR-US: Apple
CVE-2016-4604 (Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the  ...)
	NOT-FOR-US: Apple
CVE-2016-4603 (Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Pri ...)
	NOT-FOR-US: Apple
CVE-2016-4602 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to exec ...)
	NOT-FOR-US: Apple
CVE-2016-4601 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to exec ...)
	NOT-FOR-US: Apple
CVE-2016-4600 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to exec ...)
	NOT-FOR-US: Apple
CVE-2016-4599 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to exec ...)
	NOT-FOR-US: Apple
CVE-2016-4598 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to exec ...)
	NOT-FOR-US: Apple
CVE-2016-4597 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to exec ...)
	NOT-FOR-US: Apple
CVE-2016-4596 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to exec ...)
	NOT-FOR-US: Apple
CVE-2016-4595 (Safari Login AutoFill in Apple OS X before 10.11.6 allows physically p ...)
	NOT-FOR-US: Apple
CVE-2016-4594 (The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before  ...)
	NOT-FOR-US: Apple
CVE-2016-4593 (The Siri Contacts component in Apple iOS before 9.3.3 allows physicall ...)
	NOT-FOR-US: Apple
CVE-2016-4592 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4591 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
	- webkit2gtk 2.12.4-1 (unimportant)
CVE-2016-4590 (WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles ab ...)
	- webkit2gtk 2.12.4-1 (unimportant)
CVE-2016-4589 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4588 (WebKit in Apple tvOS before 9.2.2 allows remote attackers to execute a ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4587 (WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote a ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4586 (WebKit in Apple Safari before 9.1.2 and tvOS before 9.2.2 allows remot ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4585 (Cross-site scripting (XSS) vulnerability in the WebKit Page Loading im ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4584 (The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safa ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4583 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4582 (The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-4580 (The x25_negotiate_facilities function in net/x25/x25_facilities.c in t ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.5-1
	NOTE: Fixed by: https://git.kernel.org/linus/79e48650320e6fba48369fccf13fd045315b19b8 (v4.6)
CVE-2016-4577 (Buffer overflow in the Smart DNS functionality in the Huawei NGFW Modu ...)
	NOT-FOR-US: Huawei
CVE-2016-4576 (Buffer overflow in the Application Specific Packet Filtering (ASPF) fu ...)
	NOT-FOR-US: Huawei
CVE-2016-4575 (Cross-site scripting (XSS) vulnerability in the email APP in Huawei PL ...)
	NOT-FOR-US: Huawei
CVE-2016-4796 (Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c  ...)
	- openjpeg2 2.1.1-1
	[jessie] - openjpeg2 <not-affected> (Vulnerable code not yet present in 2.1.0)
	- openjpeg <removed>
	[jessie] - openjpeg <not-affected> (Vulnerable code not present)
	[wheezy] - openjpeg <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/uclouvain/openjpeg/commit/162f6199c0cd3ec1c6c6dc65e41b2faab92b2d91
CVE-2016-4797 (Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd. ...)
	- openjpeg2 2.1.1-1
	[jessie] - openjpeg2 <not-affected> (Vulnerable code not yet present in 2.1.0)
	NOTE: https://github.com/uclouvain/openjpeg/commit/8f9cc62b3f9a1da9712329ddcedb9750d585505c
	NOTE: CVE-2016-4797 exists because of an incorrect fix for CVE-2014-7947
CVE-2016-4794 (Use-after-free vulnerability in mm/percpu.c in the Linux kernel throug ...)
	- linux 4.6.2-2
	[jessie] - linux <not-affected> (Introduced in v3.18-rc1)
	[wheezy] - linux <not-affected> (Introduced in v3.18-rc1)
	NOTE: https://git.kernel.org/linus/4f996e234dad488e5d9ba0858bc1bae12eff82c3
	NOTE: https://git.kernel.org/linus/6710e594f71ccaad8101bc64321152af7cd9ea28
CVE-2016-4573 (Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-PO ...)
	NOT-FOR-US: Fortinet
CVE-2016-4581 (fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse ...)
	{DSA-3607-1}
	- linux 4.5.4-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/5ec0811d30378ae104f250bfc9b3640242d81e3f (v4.6-rc7)
	NOTE: Introduced by: https://git.kernel.org/linus/f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68 (v3.15-rc1)
CVE-2016-4579 (Libksba before 1.3.4 allows remote attackers to cause a denial of serv ...)
	{DLA-470-1}
	- libksba 1.3.4-3
	[jessie] - libksba 1.3.2-1+deb8u1
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=a7eed17a0b2a1c09ef986f3b4b323cd31cea2b64
CVE-2016-4572 (In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do  ...)
	NOT-FOR-US: Cloudera
CVE-2016-4574 (Off-by-one error in the append_utf8_value function in the DN decoder ( ...)
	- libksba 1.3.4-3
	[jessie] - libksba <not-affected> (Incomplete fix not applied)
	[wheezy] - libksba <not-affected> (Incomplete fix not applied)
	NOTE: Fixed by: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=6be61daac047d8e6aa941eb103f8e71a1d4e3c75
	NOTE: Introduced by: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3
CVE-2016-4578 (sound/core/timer.c in the Linux kernel through 4.6 does not initialize ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.5-1
	NOTE: https://github.com/torvalds/linux/commit/9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6
	NOTE: https://github.com/torvalds/linux/commit/e4ec8cc8039a7063e24204299b462bd1383184a5
CVE-2016-4569 (The snd_timer_user_params function in sound/core/timer.c in the Linux  ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.5-1
	NOTE: http://comments.gmane.org/gmane.linux.kernel/2214250
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e
CVE-2016-4564 (The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9. ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832888)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
CVE-2016-4563 (The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick be ...)
	{DSA-3652-1 DLA-517-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832887)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
CVE-2016-4562 (The DrawDashPolygon function in MagickCore/draw.c in ImageMagick befor ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832885)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
CVE-2016-4560 (Untrusted search path vulnerability in Flexera InstallAnywhere allows  ...)
	NOT-FOR-US: Flexera
CVE-2016-4559
	RESERVED
CVE-2016-4567 (Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as ...)
	- mediaelement <unfixed> (unimportant; bug #823649)
	NOTE: https://core.trac.wordpress.org/changeset/37370
	NOTE: Fixed by: https://github.com/johndyer/mediaelement/commit/34834eef8ac830b9145df169ec22016a4350f06e
	NOTE: Vulnerable code present, but Flash Player disabled in Debian
	NOTE: See 0004-Deactivate-Flash-and-Silverlight.patch
	NOTE: https://www.openwall.com/lists/oss-security/2016/05/07/2
CVE-2016-4566 (Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plup ...)
	- wordpress 4.5.2+dfsg-1 (bug #823640)
	[jessie] - wordpress <not-affected> (Vulnerable code not present)
	[wheezy] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: https://wordpress.org/news/2016/05/wordpress-4-5-2/
	NOTE: Fixed by: https://core.trac.wordpress.org/changeset/37382
	NOTE: https://www.openwall.com/lists/oss-security/2016/05/07/2
CVE-2016-4568 (drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux kernel before 4. ...)
	- linux 4.5.3-1
	[jessie] - linux <not-affected> (Vulnerable code introduced in 4.4)
	[wheezy] - linux <not-affected> (Vulnerable code introduced in 4.4)
	NOTE: Fixed by: https://git.kernel.org/linus/2c1f6951a8a82e6de0d82b1158b5e493fc6c54ab (v4.6-rc6)
	NOTE: Introduced by: https://git.kernel.org/linus/b0e0e1f83de31aa0428c38b692c590cc0ecd3f03 (v4.4-rc1)
CVE-2016-4565 (The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorre ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.3-1
	NOTE: Fixed by: https://git.kernel.org/linus/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3 (v4.6-rc6)
CVE-2016-4551 (The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP ...)
	NOT-FOR-US: SAP
CVE-2016-4550
	RESERVED
CVE-2016-4549
	RESERVED
CVE-2016-4548
	RESERVED
CVE-2016-4545 (Virtual servers in F5 BIG-IP 11.5.4, when SSL profiles are enabled, al ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-4561 (Cross-site scripting (XSS) vulnerability in the cgierror function in C ...)
	{DSA-3571-1 DLA-463-1}
	- ikiwiki 3.20160506
	NOTE: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=32ef584dc5abb6ddb9f794f94ea0b2934967bba7
	NOTE: https://www.openwall.com/lists/oss-security/2016/05/06/8
CVE-2016-4547 (Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow atta ...)
	NOT-FOR-US: Samsung Android component
CVE-2016-4546 (Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users t ...)
	NOT-FOR-US: Samsung Android component
CVE-2016-4570 (The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly  ...)
	{DLA-1641-1}
	- mxml 2.9-1 (bug #825855)
	[wheezy] - mxml <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2016/05/07/8
	NOTE: https://github.com/michaelrsweet/mxml/commit/d8c0ba900728d47523d76ba4acf33176cd04647c
CVE-2016-4571 (The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and poss ...)
	{DLA-1641-1}
	- mxml 2.9-2 (bug #825855)
	[wheezy] - mxml <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2016/05/07/8
	NOTE: https://github.com/michaelrsweet/mxml/commit/5f74dc212497332d05882660db130a37d2f458eb
CVE-2016-4558 (The BPF subsystem in the Linux kernel before 4.5.5 mishandles referenc ...)
	- linux 4.5.3-1
	[jessie] - linux <not-affected> (Issue introduced later)
	[wheezy] - linux <not-affected> (Issue introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/92117d8443bc5afacc8d5ba82e541946310f106e
	NOTE: Introduced by: https://git.kernel.org/linus/1be7f75d1668d6296b80bf35dcf6762393530afc(v4.4-rc1)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=809
CVE-2016-4557 (The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in t ...)
	- linux 4.5.3-1 (bug #823603)
	[jessie] - linux <not-affected> (Issue introduced later)
	[wheezy] - linux <not-affected> (Issue introduced later)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=808
	NOTE: Fixed by: https://git.kernel.org/linus/8358b02bf67d3a5d8a825070e1aa73f25fb2e4c7 (v4.6-rc6)
	NOTE: Introduced by: https://git.kernel.org/linus/0246e64d9a5fcd4805198de59b9b5cf1f974eb41 (v3.18-rc1)
	NOTE: Exploitable since: https://git.kernel.org/linus/1be7f75d1668d6296b80bf35dcf6762393530afc (v4.4-rc1)
	NOTE: https://www.openwall.com/lists/oss-security/2016/05/06/4
CVE-2016-4556 (Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x ...)
	{DSA-3625-1 DLA-478-1}
	- squid3 3.5.19-1 (bug #823968)
	- squid <not-affected> (Does not affect 2.x)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_9.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch
CVE-2016-4555 (client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.1 ...)
	{DSA-3625-1 DLA-478-1}
	- squid3 3.5.19-1 (bug #823968)
	[wheezy] - squid3 <not-affected> (3.1 not vulnerable)
	- squid <not-affected> (Does not affect 2.x)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_9.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch
CVE-2016-4554 (mime_header.cc in Squid before 3.5.18 allows remote attackers to bypas ...)
	{DSA-3625-1 DLA-558-1 DLA-478-1}
	- squid3 3.5.19-1 (bug #823968)
	- squid 4.1-1
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_8.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10496.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11842.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12698.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13236.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14038.patch
	NOTE: Regression and fix: http://bugs.squid-cache.org/show_bug.cgi?id=4515
	NOTE: Complete patch for 3.4 branch: http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_8.patch
CVE-2016-4553 (client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not p ...)
	{DSA-3625-1}
	- squid3 3.5.19-1 (bug #823968)
	[wheezy] - squid3 <not-affected> (issue introduced by CVE-2009-0801 fix, not applied in wheezy)
	- squid <not-affected> (Does not affect 2.x)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_7.txt
	NOTE: Fix for 3.5.x: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch
	NOTE: Fix for 3.5 relies on SBuf.
	NOTE: Fix for 3.4.x: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13240.patch
CVE-2016-4535 (Integer signedness error in the AV engine before DAT 8145, as used in  ...)
	NOT-FOR-US: McAfee / AV engine
CVE-2016-4534 (The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterp ...)
	NOT-FOR-US: McAfee VirusScan Console
CVE-2016-4533 (Heap-based buffer overflow in WECON LeviStudio allows remote attackers ...)
	NOT-FOR-US: LeviStudio
CVE-2016-4532 (Directory traversal vulnerability in the WAP interface in Trihedral VT ...)
	NOT-FOR-US: Trihedral
CVE-2016-4531 (Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not i ...)
	NOT-FOR-US: Rockwell
CVE-2016-4530 (OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote  ...)
	NOT-FOR-US: OSISoft
CVE-2016-4529 (An unspecified ActiveX control in Schneider Electric SoMachine HVAC Pr ...)
	NOT-FOR-US: Schneider
CVE-2016-4528 (Buffer overflow in Advantech WebAccess before 8.1_20160519 allows loca ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2016-4527 (ABB PCM600 before 2.7 improperly stores PCM600 authentication credenti ...)
	NOT-FOR-US: ABB PCM600
CVE-2016-4526 (ABB DataManagerPro 1.x before 1.7.1 allows local users to gain privile ...)
	NOT-FOR-US: ABB DataManagerPro
CVE-2016-4525 (Unspecified ActiveX controls in Advantech WebAccess before 8.1_2016051 ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2016-4524 (ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords  ...)
	NOT-FOR-US: ABB PCM600
CVE-2016-4523 (The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x ...)
	NOT-FOR-US: Trihedral
CVE-2016-4522 (SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyM ...)
	NOT-FOR-US: Rockwell
CVE-2016-4521 (Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before  ...)
	NOT-FOR-US: Sixnet
CVE-2016-4520 (Schneider Electric Pelco Digital Sentry Video Management System with f ...)
	NOT-FOR-US: Schneider
CVE-2016-4519 (Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9. ...)
	NOT-FOR-US: Unitronics VisiLogic
CVE-2016-4518 (OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated use ...)
	NOT-FOR-US: OSIsoft PI AF Server
CVE-2016-4517
	RESERVED
CVE-2016-4516 (ABB PCM600 before 2.7 improperly stores the main application password  ...)
	NOT-FOR-US: ABB PCM600
CVE-2016-4515
	REJECTED
CVE-2016-4514 (Moxa PT-7728 devices with software 3.4 build 15081113 allow remote aut ...)
	NOT-FOR-US: Moxa
CVE-2016-4513 (Cross-site scripting (XSS) vulnerability in the Schneider Electric Pow ...)
	NOT-FOR-US: Schneider
CVE-2016-4512 (Stack-based buffer overflow in ELCSimulator in Eaton ELCSoft 2.4.01 an ...)
	NOT-FOR-US: Eaton ELCSoft
CVE-2016-4511 (ABB PCM600 before 2.7 uses an improper hash algorithm for the main app ...)
	NOT-FOR-US: ABB PCM600
CVE-2016-4510 (The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x ...)
	NOT-FOR-US: Trihedral VTScada
CVE-2016-4509 (Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and  ...)
	NOT-FOR-US: Eaton ELCSoft
CVE-2016-4508 (Cross-site scripting (XSS) vulnerability in Rexroth Bosch BLADEcontrol ...)
	NOT-FOR-US: Rexroth Bosch
CVE-2016-4507 (SQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 ...)
	NOT-FOR-US: Rexroth Bosch
CVE-2016-4506 (Cross-site request forgery (CSRF) vulnerability on Resource Data Manag ...)
	NOT-FOR-US: Resource Data Management
CVE-2016-4505 (Resource Data Management (RDM) Intuitive 650 TDB Controller devices be ...)
	NOT-FOR-US: Resource Data Management
CVE-2016-4504 (A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB' ...)
	NOT-FOR-US: Meteocontrol WEB'log
CVE-2016-4503 (Moxa Device Server Web Console 5232-N allows remote attackers to bypas ...)
	NOT-FOR-US: Moxa
CVE-2016-4502 (Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and  ...)
	NOT-FOR-US: Environmental Systems Corporation
CVE-2016-4501 (Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and  ...)
	NOT-FOR-US: Environmental Systems Corporation
CVE-2016-4500 (Moxa UC-7408 LX-Plus devices allow remote authenticated users to write ...)
	NOT-FOR-US: Moxa
CVE-2016-4499 (Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x befo ...)
	NOT-FOR-US: Panasonic FPWIN Pro
CVE-2016-4498 (Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an uninitial ...)
	NOT-FOR-US: Panasonic FPWIN Pro
CVE-2016-4497 (Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to ...)
	NOT-FOR-US: Panasonic FPWIN Pro
CVE-2016-4496 (Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to ...)
	NOT-FOR-US: Panasonic FPWIN Pro
CVE-2016-4495 (KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow rem ...)
	NOT-FOR-US: KMC
CVE-2016-4494 (Cross-site request forgery (CSRF) vulnerability on KMC Controls BAC-50 ...)
	NOT-FOR-US: KMC
CVE-2016-4493 (The demangle_template_value_parm and do_hpacc_template_literal functio ...)
	{DLA-552-1}
	- ht 2.1.0+repack1-1 (low; bug #840358)
	[jessie] - ht <no-dsa> (Minor issue)
	[wheezy] - ht <no-dsa> (Minor issue)
	- binutils 2.27.51.20161102-1 (low)
	[jessie] - binutils <ignored> (Minor issue)
	- libiberty 20161011-1 (low; bug #840360)
	[jessie] - libiberty <no-dsa> (Minor issue)
	[wheezy] - libiberty <no-dsa> (Minor issue)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926
	NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=238313
CVE-2016-4492 (Buffer overflow in the do_type function in cplus-dem.c in libiberty al ...)
	{DLA-552-1}
	- ht 2.1.0+repack1-1 (low; bug #840358)
	[jessie] - ht <no-dsa> (Minor issue)
	[wheezy] - ht <no-dsa> (Minor issue)
	- binutils 2.27.51.20161102-1 (low)
	[jessie] - binutils <ignored> (Minor issue)
	- libiberty 20161011-1 (low; bug #840360)
	[jessie] - libiberty <no-dsa> (Minor issue)
	[wheezy] - libiberty <no-dsa> (Minor issue)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926
	NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=238313
CVE-2016-4491 (The d_print_comp function in cp-demangle.c in libiberty allows remote  ...)
	- binutils 2.28-3 (low)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	- libiberty 20170627-1 (low)
	[stretch] - libiberty <ignored> (Minor issue)
	[jessie] - libiberty <ignored> (Minor issue)
	[wheezy] - libiberty <ignored> (Minor issue)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909
	NOTE: https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html
	NOTE: https://gcc.gnu.org/viewcvs?rev=247056&root=gcc&view=rev
CVE-2016-4490 (Integer overflow in cp-demangle.c in libiberty allows remote attackers ...)
	{DLA-552-1}
	- ht 2.1.0+repack1-1 (low; bug #840358)
	[jessie] - ht <no-dsa> (Minor issue)
	[wheezy] - ht <no-dsa> (Minor issue)
	- binutils 2.27.51.20161102-1 (low)
	[jessie] - binutils <ignored> (Minor issue)
	- libiberty 20161011-1 (low; bug #840360)
	[jessie] - libiberty <no-dsa> (Minor issue)
	[wheezy] - libiberty <no-dsa> (Minor issue)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498
	NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=235767
CVE-2016-4489 (Integer overflow in the gnu_special function in libiberty allows remot ...)
	{DLA-552-1}
	- ht 2.1.0+repack1-1 (low; bug #840358)
	[jessie] - ht <no-dsa> (Minor issue)
	[wheezy] - ht <no-dsa> (Minor issue)
	- binutils 2.27.51.20161102-1 (low)
	[jessie] - binutils <ignored> (Minor issue)
	- libiberty 20161011-1 (low; bug #840360)
	[jessie] - libiberty <no-dsa> (Minor issue)
	[wheezy] - libiberty <no-dsa> (Minor issue)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492
	NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=234828
CVE-2016-4488 (Use-after-free vulnerability in libiberty allows remote attackers to c ...)
	{DLA-552-1}
	- ht 2.1.0+repack1-1 (low; bug #840358)
	[jessie] - ht <no-dsa> (Minor issue)
	[wheezy] - ht <no-dsa> (Minor issue)
	- binutils 2.27.51.20161102-1 (low)
	[jessie] - binutils <ignored> (Minor issue)
	- libiberty 20161011-1 (low; bug #840360)
	[jessie] - libiberty <no-dsa> (Minor issue)
	[wheezy] - libiberty <no-dsa> (Minor issue)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481
	NOTE: https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html
CVE-2016-4487 (Use-after-free vulnerability in libiberty allows remote attackers to c ...)
	{DLA-552-1}
	- ht 2.1.0+repack1-1 (low; bug #840358)
	[jessie] - ht <no-dsa> (Minor issue)
	[wheezy] - ht <no-dsa> (Minor issue)
	- binutils 2.27.51.20161102-1 (low)
	[jessie] - binutils <ignored> (Minor issue)
	- libiberty 20161011-1 (low; bug #840360)
	[jessie] - libiberty <no-dsa> (Minor issue)
	[wheezy] - libiberty <no-dsa> (Minor issue)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481
	NOTE: https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html
CVE-2016-4539 (The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5. ...)
	{DSA-3602-1 DLA-499-1}
	- php7.0 7.0.6-1
	- php5 5.6.21+dfsg-1
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: https://bugs.php.net/bug.php?id=72099
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=dccda88f27a084bcbbb30198ace12b4e7ae961cc
	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
	NOTE: https://www.openwall.com/lists/oss-security/2016/05/05/21
	NOTE: HHVM fix: https://github.com/facebook/hhvm/commit/7290b3bbcaa1e10a8d807fab3242204e9ec3a015
CVE-2016-4537 (The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6 ...)
	{DSA-3602-1 DLA-499-1}
	- php7.0 7.0.6-1
	- php5 5.6.21+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=72093
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=d650063a0457aec56364e4005a636dc6c401f9cd
	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
	NOTE: https://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4538 (The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6 ...)
	{DSA-3602-1 DLA-628-1}
	- php7.0 7.0.6-1
	- php5 5.6.21+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=72093
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=d650063a0457aec56364e4005a636dc6c401f9cd
	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
	NOTE: https://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4540 (The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c i ...)
	{DSA-3602-1 DLA-499-1}
	- php7.0 7.0.6-1
	- php5 5.6.21+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=72061
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=fd9689745c44341b1bd6af4756f324be8abba2fb
	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
	NOTE: https://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4541 (The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in ...)
	{DSA-3602-1 DLA-499-1}
	- php7.0 7.0.6-1
	- php5 5.6.21+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=72061
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=fd9689745c44341b1bd6af4756f324be8abba2fb
	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
	NOTE: https://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4542 (The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5 ...)
	{DSA-3602-1 DLA-499-1}
	- php7.0 7.0.6-1
	- php5 5.6.21+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=72094
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=082aecfc3a753ad03be82cf14f03ac065723ec92
	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
	NOTE: https://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4543 (The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before ...)
	{DSA-3602-1 DLA-499-1}
	- php7.0 7.0.6-1
	- php5 5.6.21+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=72094
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=082aecfc3a753ad03be82cf14f03ac065723ec92
	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
	NOTE: https://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4544 (The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP befor ...)
	{DSA-3602-1 DLA-499-1}
	- php7.0 7.0.6-1
	- php5 5.6.21+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=72094
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=082aecfc3a753ad03be82cf14f03ac065723ec92
	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
	NOTE: https://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4536 (The client in OpenAFS before 1.6.17 does not properly initialize the ( ...)
	{DLA-493-1}
	- openafs 1.6.17-1
	[jessie] - openafs 1.6.9-2+deb8u6
	NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt
CVE-2016-4486 (The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.4-1
	NOTE: https://git.kernel.org/linus/5f8e44741f9f216e33736ea4ec65ca9ac03036e6
CVE-2016-4485 (The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel befo ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.4-1
	NOTE: https://git.kernel.org/linus/b8670c09f37bdf2847cc44f36511a53afc6161fd
CVE-2016-4484 (The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earl ...)
	- cryptsetup 2:1.7.3-2 (unimportant)
	NOTE: http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html
	NOTE: Negligible security impact
	NOTE: in #860981 claimed to still be unresolved as per 2:1.7.3-3
CVE-2016-4481
	RESERVED
CVE-2016-4480 (The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6. ...)
	{DSA-3633-1 DLA-571-1}
	- xen 4.8.0~rc3-1
	NOTE: http://xenbits.xen.org/xsa/advisory-176.html
CVE-2016-4479
	RESERVED
CVE-2016-4475 (The (1) Organization and (2) Locations APIs and UIs in Foreman before  ...)
	- foreman <itp> (bug #663101)
CVE-2016-4474 (The image build process for the overcloud images in Red Hat OpenStack  ...)
	NOT-FOR-US: Red Hat OpenStack Overcloud image
CVE-2016-4473 (/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers ...)
	{DLA-628-1}
	- php5 5.6.23+dfsg-1
	[jessie] - php5 5.6.23+dfsg-0+deb8u1
	NOTE: The issue was introduced as part CVE-2015-6833, which was applied upstream
	NOTE: in versions 5.4.44, 5.5.28, and 5.6.12.
	NOTE: https://bugs.php.net/bug.php?id=72321
	NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=d144590d38fa321b46b8e199c754006318985c84
	NOTE: Fixed in 5.6.23
CVE-2016-4472 (The overflow protection in Expat is removed by compilers with certain  ...)
	{DSA-3582-1 DLA-483-1}
	- expat 2.1.1-2
	NOTE: https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde/tree/expat/lib/xmlparse.c?diff=a238d7ea7a715ef3850c4cbdd86aeda7077b6bbc
CVE-2016-4471 (ManageIQ in CloudForms before 4.1 allows remote authenticated users to ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2016-4470 (The key_reject_and_link function in security/keys/key.c in the Linux k ...)
	{DSA-3607-1 DLA-609-1}
	- linux 4.6.2-2
	NOTE: Fixed by: https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a
CVE-2016-4469 (Multiple cross-site request forgery (CSRF) vulnerabilities in Apache A ...)
	NOT-FOR-US: Apache Archiva
CVE-2016-4468 (SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-4467 (The C client and C-based client bindings in the Apache Qpid Proton lib ...)
	- qpid-proton <not-affected> (Windows-specific)
CVE-2016-4466
	REJECTED
CVE-2016-4465 (The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and  ...)
	- libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1 and 2.5)
	NOTE: https://struts.apache.org/docs/s2-041.html
CVE-2016-4464 (The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3 ...)
	NOT-FOR-US: Apache CXF
CVE-2016-4463 (Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows c ...)
	{DSA-3610-1 DLA-535-1}
	- xerces-c 3.1.3+debian-2.1 (bug #828990)
	NOTE: http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt
CVE-2016-4462 (By manipulating the URL parameter externalLoginKey, a malicious, logge ...)
	NOT-FOR-US: Apache OFBiz
CVE-2016-4461 (Apache Struts 2.x before 2.3.29 allows remote attackers to execute arb ...)
	- libstruts1.2-java <not-affected> (Vulnerable code not present, CVE for incomplete fix for CVE-2016-0785)
CVE-2016-4460 (Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass a ...)
	NOT-FOR-US: Apache Pony Mail
CVE-2016-4459 (Stack-based buffer overflow in native/mod_manager/node.c in mod_cluste ...)
	- libapache2-mod-cluster <itp> (bug #731410)
CVE-2016-4458
	RESERVED
CVE-2016-4457 (CloudForms Management Engine before 5.8 includes a default SSL/TLS cer ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2016-4455 (The Subscription Manager package (aka subscription-manager) before 1.1 ...)
	NOT-FOR-US: Red Hat Subscription Manager
CVE-2016-4454 (The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU a ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-3
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05271.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336429
CVE-2016-4453 (The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-3
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05270.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336650
CVE-2016-4452
	RESERVED
CVE-2016-4451 (The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 a ...)
	- foreman <itp> (bug #663101)
CVE-2016-4450 (os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 al ...)
	{DSA-3592-1}
	- nginx 1.10.1-1 (bug #825960)
	[wheezy] - nginx <not-affected> (Introduced in 1.3.9)
CVE-2016-4449 (XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntit ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=761430
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=b1d34de46a11323fccffa9fadeb33be670d602f5 (v2.9.4)
CVE-2016-4448 (Format string vulnerability in libxml2 before 2.9.4 allows attackers t ...)
	- libxml2 2.9.4+dfsg1-1 (bug #829718)
	[jessie] - libxml2 <ignored> (Minor impact; too intrusive to backport)
	[wheezy] - libxml2 <no-dsa> (Minor impact; too intrusive to backport)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=761029
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=4472c3a5a5b516aaf59b89be602fbce52756c3e9 (v2.9.4)
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b (v2.9.4)
CVE-2016-4447 (The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 a ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759573
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=00906759053986b8079985644172085f74331f83 (v2.9.4)
CVE-2016-4446 (The allow_execstack plugin for setroubleshoot allows local users to ex ...)
	NOT-FOR-US: setroubleshoot
CVE-2016-4445 (The fix_lookup_id function in sealert in setroubleshoot before 3.2.23  ...)
	NOT-FOR-US: setroubleshoot
CVE-2016-4444 (The allow_execmod plugin for setroubleshoot before 3.2.23 allows local ...)
	NOT-FOR-US: setroubleshoot
CVE-2016-4443 (Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local user ...)
	NOT-FOR-US: org.ovirt.engine-root / engine-setup (Red Hat)
CVE-2016-4442 (The rack-mini-profiler gem before 0.10.1 for Ruby allows remote attack ...)
	NOT-FOR-US: rack-mini-profiler gem
CVE-2016-4441 (The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controlle ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-2 (bug #824856)
	[wheezy] - qemu <no-dsa> (Minor issue; can be fixed along with a future DSA)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue; can be fixed along with a future DSA)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03274.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337505
CVE-2016-4440 (arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the AP ...)
	- linux 4.5.5-1
	[jessie] - linux <not-affected> (Introduced in 4.5)
	[wheezy] - linux <not-affected> (Introduced in 4.5)
	NOTE: Upstream patch: https://github.com/torvalds/linux/commit/3ce424e45411cf5a13105e0386b6ecf6eeb4f66f
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337806
	NOTE: http://comments.gmane.org/gmane.comp.emulators.kvm.devel/152100
CVE-2016-4439 (The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Con ...)
	{DLA-1599-1 DLA-574-1 DLA-573-1}
	- qemu 1:2.6+dfsg-2 (bug #824856)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03273.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337502
CVE-2016-4438 (The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remo ...)
	- libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1)
	NOTE: https://struts.apache.org/docs/s2-037.html
CVE-2016-4437 (Apache Shiro before 1.2.5, when a cipher key has not been configured f ...)
	- shiro 1.2.5-1 (bug #826653)
	[jessie] - shiro <no-dsa> (Minor issue)
CVE-2016-4436 (Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers t ...)
	- libstruts1.2-java <not-affected> (Only affects 2.0.0 to 2.3.28.1)
	NOTE: https://struts.apache.org/docs/s2-035.html
CVE-2016-4435 (An endpoint of the Agent running on the BOSH Director VM with stemcell ...)
	NOT-FOR-US: BOSH
CVE-2016-4434 (Apache Tika before 1.13 does not properly initialize the XML parser or ...)
	- tika 1.18-1 (bug #825501)
	[jessie] - tika <no-dsa> (Minor issue, no standard alone package, just a reverse dependency of jmeter)
CVE-2016-4433 (Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to byp ...)
	- libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1)
	NOTE: https://struts.apache.org/docs/s2-039.html
CVE-2016-4432 (The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid J ...)
	- qpid-java <itp> (bug #840131)
CVE-2016-4431 (Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to byp ...)
	- libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1)
	NOTE: https://struts.apache.org/docs/s2-040.html
CVE-2016-4430 (Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, w ...)
	- libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1)
	NOTE: https://struts.apache.org/docs/s2-038.html
CVE-2016-4429 (Stack-based buffer overflow in the clntudp_call function in sunrpc/cln ...)
	{DLA-2256-1}
	- glibc 2.22-10
	[jessie] - glibc 2.19-18+deb8u5
	- eglibc <removed>
	[wheezy] - eglibc <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20112
	- libtirpc 0.2.5-1.1 (bug #840347)
	[wheezy] - libtirpc <no-dsa> (Minor issue)
CVE-2016-4428 (Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horiz ...)
	{DSA-3617-1 DLA-520-1}
	- horizon 3:9.0.1-2 (bug #828967)
	NOTE: https://bugs.launchpad.net/bugs/1567673
CVE-2016-4427
	RESERVED
CVE-2016-4426
	RESERVED
CVE-2016-4424
	RESERVED
CVE-2016-4423 (The attemptAuthentication function in Component/Security/Http/Firewall ...)
	{DSA-3588-1}
	- symfony 2.8.6+dfsg-1
	NOTE: https://github.com/symfony/symfony/pull/18733
	NOTE: https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session
CVE-2016-XXXX [XSS]
	- dotclear <removed>
	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/05/04/9
CVE-2016-4482 (The proc_connectinfo function in drivers/usb/core/devio.c in the Linux ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.5-1
	NOTE: http://www.spinics.net/lists/linux-usb/msg140243.html
	NOTE: https://www.openwall.com/lists/oss-security/2016/05/04/2
	NOTE: Fixed by: https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee
CVE-2016-4483 (The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 all ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1 (bug #823405)
	NOTE: Minor issue, only when using libxml2 using recovery mode
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=c97750d11bb8b6f3303e7131fe526a61ac65bcfd (v2.9.4)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=766414
CVE-2016-4477 (wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters  ...)
	{DLA-473-1}
	- wpa 2.3-2.4 (bug #823411)
	[jessie] - wpa 2.3-1+deb8u4
	NOTE: http://w1.fi/security/2016-1/
CVE-2016-4476 (hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not  ...)
	{DLA-473-1}
	- wpa 2.3-2.4 (bug #823411)
	[jessie] - wpa 2.3-1+deb8u4
	NOTE: http://w1.fi/security/2016-1/
CVE-2016-4413
	RESERVED
CVE-2016-4411
	RESERVED
CVE-2016-4410
	RESERVED
CVE-2016-4409
	RESERVED
CVE-2016-4408
	RESERVED
CVE-2016-4407 (The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not ...)
	NOT-FOR-US: SAP
CVE-2016-4406 (A remote cross site scripting vulnerability was identified in HPE iLO  ...)
	NOT-FOR-US: HPE iLO
CVE-2016-4405 (A remote code execution vulnerability was identified in HP Business Se ...)
	NOT-FOR-US: HP
CVE-2016-4404 (A security vulnerability was identified in the Filter SDK component of ...)
	NOT-FOR-US: HPE KeyView using Filter SDK
CVE-2016-4403 (A security vulnerability was identified in the Filter SDK component of ...)
	NOT-FOR-US: HPE KeyView using Filter SDK
CVE-2016-4402 (A security vulnerability was identified in the Filter SDK component of ...)
	NOT-FOR-US: HPE KeyView using Filter SDK
CVE-2016-4401 (Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 all ...)
	NOT-FOR-US: Aruba ClearPass Policy Manager
CVE-2016-4400 (A security vulnerability was identified in HP Network Node Manager i ( ...)
	NOT-FOR-US: HP Network Node Manager i
CVE-2016-4399 (A security vulnerability was identified in HP Network Node Manager i ( ...)
	NOT-FOR-US: HP Network Node Manager i
CVE-2016-4398 (A remote arbitrary code execution vulnerability was identified in HP N ...)
	NOT-FOR-US: HP Network Node Manager i
CVE-2016-4397 (A local code execution security vulnerability was identified in HP Net ...)
	NOT-FOR-US: HP Network Node Manager i
CVE-2016-4396 (HPE System Management Homepage before v7.6 allows remote attackers to  ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2016-4395 (HPE System Management Homepage before v7.6 allows remote attackers to  ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2016-4394 (HPE System Management Homepage before v7.6 allows remote attackers to  ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2016-4393 (HPE System Management Homepage before v7.6 allows "remote authenticate ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2016-4392 (A remote cross site scripting vulnerability has been identified in HP  ...)
	NOT-FOR-US: HP Business Service Management
CVE-2016-4391 (A remote code execution security vulnerability has been identified in  ...)
	NOT-FOR-US: HP ArcSight WINC Connector
CVE-2016-4390 (The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attack ...)
	NOT-FOR-US: HPE KeyView
CVE-2016-4389 (The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attack ...)
	NOT-FOR-US: HPE KeyView
CVE-2016-4388 (The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attack ...)
	NOT-FOR-US: HPE KeyView
CVE-2016-4387 (The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote attack ...)
	NOT-FOR-US: HPE KeyView
CVE-2016-4386 (HPE Network Automation Software 10.10 allows local users to write to a ...)
	NOT-FOR-US: HPE Network Automation
CVE-2016-4385 (The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x be ...)
	NOT-FOR-US: HPE Network Automation
CVE-2016-4384 (HPE Performance Center before 12.50 and LoadRunner before 12.50 allow  ...)
	NOT-FOR-US: HPE Performance Center
CVE-2016-4383 (The glance-manage db in all versions of HPE Helion Openstack Glance al ...)
	- glance <unfixed> (unimportant; bug #868185)
	NOTE: https://bugs.launchpad.net/glance/+bug/1593799/
	NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0075
	NOTE: No code fix, documented shortcoming
CVE-2016-4382 (HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 allows re ...)
	NOT-FOR-US: HPE Performance Center
CVE-2016-4381 (HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x bef ...)
	NOT-FOR-US: HPE
CVE-2016-4380 (Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operati ...)
	NOT-FOR-US: HPE
CVE-2016-4379 (The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmw ...)
	NOT-FOR-US: HPE
CVE-2016-4378 (The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Ma ...)
	NOT-FOR-US: HPE
CVE-2016-4377 (HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrast ...)
	NOT-FOR-US: HPE
CVE-2016-4376 (HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches a ...)
	NOT-FOR-US: HPE
CVE-2016-4375 (Multiple unspecified vulnerabilities in HPE Integrated Lights-Out 3 (a ...)
	NOT-FOR-US: HPE
CVE-2016-4374 (HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allo ...)
	NOT-FOR-US: HPE
CVE-2016-4373 (The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, U ...)
	NOT-FOR-US: HPE
CVE-2016-4372 (HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM ...)
	NOT-FOR-US: HPE
CVE-2016-4371 (HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, ...)
	NOT-FOR-US: HPE Service Manager
CVE-2016-4370 (HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before ...)
	NOT-FOR-US: HPE Project and Portfolio Management Center
CVE-2016-4369 (HPE Discovery and Dependency Mapping Inventory (DDMi) 9.30, 9.31, 9.32 ...)
	NOT-FOR-US: HPE Discovery and Dependency Mapping Inventory
CVE-2016-4368 (HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Ma ...)
	NOT-FOR-US: HPE Universal CMDB
CVE-2016-4367 (The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 1 ...)
	NOT-FOR-US: HPE Universal CMDB
CVE-2016-4366 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers ...)
	NOT-FOR-US: HPE Systems Insight Manager
CVE-2016-4365 (HPE Insight Control server deployment allows remote attackers to obtai ...)
	NOT-FOR-US: HPE Insight Control
CVE-2016-4364 (HPE Insight Control server deployment allows local users to gain privi ...)
	NOT-FOR-US: HPE Insight Control
CVE-2016-4363 (HPE Insight Control server deployment allows remote attackers to modif ...)
	NOT-FOR-US: HPE Insight Control
CVE-2016-4362 (HPE Insight Control server deployment allows remote authenticated user ...)
	NOT-FOR-US: HPE Insight Control
CVE-2016-4361 (HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 thr ...)
	NOT-FOR-US: HPE LoadRunner
CVE-2016-4360 (web/admin/data.js in the Performance Center Virtual Table Server (VTS) ...)
	NOT-FOR-US: HPE LoadRunner
CVE-2016-4359 (Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunne ...)
	NOT-FOR-US: HPE LoadRunner
CVE-2016-4358 (HPE Matrix Operating Environment before 7.5.1 allows remote attackers  ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-4357 (HPE Matrix Operating Environment before 7.5.1 allows remote authentica ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-4351 (SQL injection vulnerability in the authentication functionality in Tre ...)
	NOT-FOR-US: Trend Micro
CVE-2016-4350 (Multiple SQL injection vulnerabilities in the Web Services web server  ...)
	NOT-FOR-US: SolarWinds Storage Resource Monitor
CVE-2016-4478 (Buffer overflow in the xmlrpc_char_encode function in modules/transpor ...)
	{DSA-3586-1}
	- atheme-services 7.0.7-2
	NOTE: https://github.com/atheme/atheme/commit/87580d767868360d2fed503980129504da84b63e
	NOTE: https://www.openwall.com/lists/oss-security/2016/05/02/2
CVE-2016-4425 (Jansson 2.7 and earlier allows context-dependent attackers to cause a  ...)
	{DSA-3577-1 DLA-471-1}
	- jansson 2.7-5 (bug #823238)
	NOTE: https://github.com/akheron/jansson/issues/282
	NOTE: https://github.com/akheron/jansson/pull/284
	NOTE: https://www.openwall.com/lists/oss-security/2016/05/01/5
CVE-2016-4422 (The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth mi ...)
	{DSA-3567-1}
	- libpam-sshauth 0.4.1-2
	NOTE: Introduced in: https://bazaar.launchpad.net/~ltsp-upstream/ltsp/libpam-sshauth/revision/93/src/pam_sshauth.c
	NOTE: Fixed in: https://bazaar.launchpad.net/~ltsp-upstream/ltsp/libpam-sshauth/revision/114
	NOTE: https://www.openwall.com/lists/oss-security/2016/05/01/2
CVE-2016-4414 (The onReadyRead function in core/coreauthhandler.cpp in Quassel before ...)
	- quassel 1:0.12.4-2 (bug #826402)
	[jessie] - quassel 1:0.10.0-2.3+deb8u3
	[wheezy] - quassel <not-affected> (Vulnerable code introduced with 0.10.0)
	NOTE: https://github.com/quassel/quassel/blob/f64ac93/src/core/coreauthhandler.cpp#L100
	NOTE: Introduced by: https://github.com/quassel/quassel/commit/d1bf207 (0.10.0)
	NOTE: Fixed by: https://github.com/quassel/quassel/commit/e67887343c433cc35bc26ad6a9392588f427e746 (0.12.4)
	NOTE: https://www.openwall.com/lists/oss-security/2016/04/30/2
CVE-2016-4349 (Untrusted search path vulnerability in Cisco WebEx Productivity Tools  ...)
	NOT-FOR-US: Cisco
CVE-2016-4352 (Integer overflow in the demuxer function in libmpdemux/demux_gif.c in  ...)
	{DLA-458-1 DLA-457-1}
	- mplayer 2:1.3.0-2 (bug #823723)
	- mplayer2 <removed> (low)
	[jessie] - mplayer2 <no-dsa> (Minor issue)
	NOTE: https://trac.mplayerhq.hu/ticket/2295
	NOTE: Fixed in Revision r37857 upstream
	NOTE: https://www.openwall.com/lists/oss-security/2016/04/29/3
CVE-2016-4341 (NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to  ...)
	NOT-FOR-US: NetApp
CVE-2016-4339
	RESERVED
CVE-2016-4338 (The mysql user parameter configuration script (userparameter_mysql.con ...)
	- zabbix 1:3.0.3+dfsg-1 (bug #823329)
	[jessie] - zabbix 1:2.2.7+dfsg-2+deb8u1
	NOTE: http://seclists.org/bugtraq/2016/May/11
	NOTE: https://support.zabbix.com/browse/ZBX-10741
CVE-2016-4337 (SQL injection vulnerability in the mgr.login.php file in Ktools.net Ph ...)
	NOT-FOR-US: Photostore
CVE-2016-4336 (An exploitable out-of-bounds write exists in the Bzip2 parsing of the  ...)
	NOT-FOR-US: Lexmark Document Filters
CVE-2016-4335 (An exploitable buffer overflow exists in the XLS parsing of the Lexmar ...)
	NOT-FOR-US: Lexmark Document Filters
CVE-2016-4334 (Jive before 2016.3.1 has an open redirect from the external-link.jspa  ...)
	NOT-FOR-US: Jive
CVE-2016-4333 (The HDF5 1.8.16 library allocating space for the array using a value f ...)
	{DSA-3727-1 DLA-771-1}
	- hdf5 1.10.0-patch1+docs-1 (bug #845301)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0179/
	NOTE: Fixed by: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/73640612aad91d3f04e4d8f1ea71d42acbc85f6e
CVE-2016-4332 (The library's failure to check if certain message types support a part ...)
	{DSA-3727-1 DLA-771-1}
	- hdf5 1.10.0-patch1+docs-1 (bug #845301)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0178/
	NOTE: Fixed by: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/e1d50d498a0affbbd6e088b524fd495ea95dea88
CVE-2016-4331 (When decoding data out of a dataset encoded with the H5Z_NBIT decoding ...)
	{DSA-3727-1 DLA-771-1}
	- hdf5 1.10.0-patch1+docs-1 (bug #845301)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0177/
	NOTE: Fixed by: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/e1c4ec3d541eecda78b3afcb1a0fa071c4b52afa
	NOTE: Fixed by: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/43ec23616697ce0ea3f99e40900fec55fe9107ef
CVE-2016-4330 (In the HDF5 1.8.16 library's failure to check if the number of dimensi ...)
	{DSA-3727-1 DLA-771-1}
	- hdf5 1.10.0-patch1+docs-1 (bug #845301)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0176/
	NOTE: Fixed by: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/2e7e1899d3d7131bcbad65233ba713f6b79e2d69
CVE-2016-4329 (A local denial of service vulnerability exists in window broadcast mes ...)
	NOT-FOR-US: Kaspersky
CVE-2016-4328 (MEDHOST Perioperative Information Management System (aka PIMS or VPIMS ...)
	NOT-FOR-US: MEDHOST Perioperative Information Management System
CVE-2016-4327 (Cross-site scripting (XSS) vulnerability in WSO2 SOA Enablement Server ...)
	NOT-FOR-US: WSO2 SOA Enablement Server
CVE-2016-4326 (The Chef Manage (formerly opscode-manage) add-on before 1.12.0 for Che ...)
	NOT-FOR-US: Chef Manage addon
CVE-2016-4325 (Lantronix xPrintServer devices with firmware before 5.0.1-65 have hard ...)
	NOT-FOR-US: Lantronix xPrintServer
CVE-2016-4324 (Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote ...)
	{DSA-3608-1 DLA-581-1}
	- libreoffice 1:5.1.4~rc1-1
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2016-4324/
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0126/
CVE-2016-4323 (A directory traversal exists in the handling of the MXIT protocol in P ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0128/
	NOTE: http://www.pidgin.im/news/security/?id=97
CVE-2016-4322 (BMC BladeLogic Server Automation (BSA) before 8.7 Patch 3 allows remot ...)
	NOT-FOR-US: BMC
CVE-2016-4321
	RESERVED
CVE-2016-4320 (Atlassian Bitbucket Server before 4.7.1 allows remote attackers to rea ...)
	NOT-FOR-US: Atlassian Bitbucket Server
CVE-2016-4319 (Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings. ...)
	NOT-FOR-US: Atlassian JIRA Server
CVE-2016-4318 (Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProje ...)
	NOT-FOR-US: Atlassian JIRA Server
CVE-2016-4317 (Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2016-4316 (Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon 4.4 ...)
	NOT-FOR-US: WSO2 Carbon
CVE-2016-4315 (Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 a ...)
	NOT-FOR-US: WSO2 Carbon
CVE-2016-4314 (Directory traversal vulnerability in the LogViewer Admin Service in WS ...)
	NOT-FOR-US: WSO2 Carbon
CVE-2016-4313 (Directory traversal vulnerability in unzip/extract feature in eXtplore ...)
	{DLA-596-1}
	- extplorer <removed>
CVE-2016-4312 (XML external entity (XXE) vulnerability in the XACML flow feature in W ...)
	NOT-FOR-US: WSO2 Identity Server
CVE-2016-4311 (Cross-site request forgery (CSRF) vulnerability in the XACML flow feat ...)
	NOT-FOR-US: WSO2 Identity Server
CVE-2016-4310
	RESERVED
CVE-2016-4309 (Session fixation vulnerability in Symphony CMS 2.6.7, when session.use ...)
	NOT-FOR-US: Symphony CMS
CVE-2016-4308
	RESERVED
CVE-2016-4307 (A denial of service vulnerability exists in the IOCTL handling functio ...)
	NOT-FOR-US: Kaspersky Internet Security KL1 driver
CVE-2016-4306 (Multiple information leaks exist in various IOCTL handlers of the Kasp ...)
	NOT-FOR-US: Kaspersky Internet Security KLDISK driver
CVE-2016-4305 (A denial of service vulnerability exists in the syscall filtering func ...)
	NOT-FOR-US: Kaspersky Internet Security KLIF driver
CVE-2016-4304 (A denial of service vulnerability exists in the syscall filtering func ...)
	NOT-FOR-US: Kaspersky Internet Security KLIF driver
CVE-2016-4303 (The parse_string function in cjson.c in the cJSON library mishandles U ...)
	{DLA-2080-1}
	- iperf3 3.1.3-1 (bug #827116)
	NOTE: https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc
	NOTE: https://github.com/esnet/iperf/commit/f01a9ca8f7e878e438a53687dabe30b7f7222912 (3.1.x)
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0164/
CVE-2016-4302 (Heap-based buffer overflow in the parse_codes function in archive_read ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.1-1
	NOTE: http://blog.talosintel.com/2016/06/the-poisoned-archives.html
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0154/
	NOTE: https://github.com/libarchive/libarchive/issues/719
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/05caadc7eedbef471ac9610809ba683f0c698700 (v3.2.1)
CVE-2016-4301 (Stack-based buffer overflow in the parse_device function in archive_re ...)
	- libarchive 3.2.1-1
	[jessie] - libarchive <not-affected> (Introduced in 3.2.0)
	[wheezy] - libarchive <not-affected> (Introduced in 3.2.0)
	NOTE: http://blog.talosintel.com/2016/06/the-poisoned-archives.html
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0153/
	NOTE: https://github.com/libarchive/libarchive/pull/715
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/ecdac4d50db0cf5a0c630ba077729aaa6c5a2dd2
CVE-2016-4300 (Integer overflow in the read_SubStreamsInfo function in archive_read_s ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.1-1
	NOTE: http://blog.talosintel.com/2016/06/the-poisoned-archives.html
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0152/
	NOTE: https://github.com/libarchive/libarchive/issues/718
	NOTE: Requirement: https://github.com/libarchive/libarchive/commit/3d469df8eaace8297a27ce62befa295c0fdc5a3a
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/e79ef306afe332faf22e9b442a2c6b59cb175573 (v3.2.1)
	NOTE: Notice introduction of UMAX_ENTRY with 3d469df8eaace8297a27ce62befa295c0fdc5a3a
	NOTE: Libarchive 3.1.2 and lower has a much smaller "UMAX_ENTRY", which is hardcoded
	NOTE: in various places before 3d469df8eaace8297a27ce62befa295c0fdc5a3a and has value
	NOTE: 1000000, making exploitation more difficult but not impossible.
CVE-2016-4299
	RESERVED
CVE-2016-4298 (When opening a Hangul HShow Document (.hpt) and processing a structure ...)
	NOT-FOR-US: Hancom Office
CVE-2016-4297
	RESERVED
CVE-2016-4296 (When opening a Hangul Hcell Document (.cell) and processing a record t ...)
	NOT-FOR-US: Hancom Office
CVE-2016-4295 (When opening a Hangul Hcell Document (.cell) and processing a particul ...)
	NOT-FOR-US: Hancom Office
CVE-2016-4294 (When opening a Hangul Hcell Document (.cell) and processing a property ...)
	NOT-FOR-US: Hancom Office
CVE-2016-4293 (Multiple heap-based buffer overflows in the (1) CBookBase::SetDefTable ...)
	NOT-FOR-US: Hancom Office
CVE-2016-4292 (When opening a Hangul HShow Document (.hpt) and processing a structure ...)
	NOT-FOR-US: Hancom Office
CVE-2016-4291 (When opening a Hangul HShow Document (.hpt) and processing a structure ...)
	NOT-FOR-US: Hancom Office
CVE-2016-4290 (When opening a Hangul HShow Document (.hpt) and processing a structure ...)
	NOT-FOR-US: Hancom Office
CVE-2016-4289 (A stack based buffer overflow vulnerability exists in the method recei ...)
	NOT-FOR-US: GMER
CVE-2016-4288 (A local privilege escalation vulnerability exists in BlueStacks App Pl ...)
	NOT-FOR-US: BlueStacks
CVE-2016-4287 (Integer overflow in Adobe Flash Player before 18.0.0.375 and 19.x thro ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4286 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4285 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4284 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4283 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4282 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4281 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4280 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4279 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4278 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4277 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4276 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4275 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4274 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4273 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4272 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4271 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4270 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4269 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4268 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4267 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4266 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4265 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4264 (The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Upda ...)
	NOT-FOR-US: Adobe
CVE-2016-4263 (Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 al ...)
	NOT-FOR-US: Adobe
CVE-2016-4262 (Adobe Digital Editions before 4.5.2 allows attackers to execute arbitr ...)
	NOT-FOR-US: Adobe
CVE-2016-4261 (Adobe Digital Editions before 4.5.2 allows attackers to execute arbitr ...)
	NOT-FOR-US: Adobe
CVE-2016-4260 (Adobe Digital Editions before 4.5.2 allows attackers to execute arbitr ...)
	NOT-FOR-US: Adobe
CVE-2016-4259 (Adobe Digital Editions before 4.5.2 allows attackers to execute arbitr ...)
	NOT-FOR-US: Adobe
CVE-2016-4258 (Adobe Digital Editions before 4.5.2 allows attackers to execute arbitr ...)
	NOT-FOR-US: Adobe
CVE-2016-4257 (Adobe Digital Editions before 4.5.2 allows attackers to execute arbitr ...)
	NOT-FOR-US: Adobe
CVE-2016-4256 (Adobe Digital Editions before 4.5.2 allows attackers to execute arbitr ...)
	NOT-FOR-US: Adobe
CVE-2016-4255 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-4254 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4253 (The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1,  ...)
	NOT-FOR-US: Adobe
CVE-2016-4252 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4251 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4250 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4249 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.366 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4248 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 a ...)
	NOT-FOR-US: Adobe
CVE-2016-4247 (Race condition in Adobe Flash Player before 18.0.0.366 and 19.x throug ...)
	NOT-FOR-US: Adobe
CVE-2016-4246 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4245 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4244 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4243 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4242 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4241 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4240 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4239 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4238 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4237 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4236 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4235 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4234 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4233 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4232 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4231 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 a ...)
	NOT-FOR-US: Adobe
CVE-2016-4230 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 a ...)
	NOT-FOR-US: Adobe
CVE-2016-4229 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 a ...)
	NOT-FOR-US: Adobe
CVE-2016-4228 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 a ...)
	NOT-FOR-US: Adobe
CVE-2016-4227 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 a ...)
	NOT-FOR-US: Adobe
CVE-2016-4226 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 a ...)
	NOT-FOR-US: Adobe
CVE-2016-4225 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4224 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4223 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4222 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 a ...)
	NOT-FOR-US: Adobe
CVE-2016-4221 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4220 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4219 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4218 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4217 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4216 (XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attac ...)
	NOT-FOR-US: Adobe
CVE-2016-4215 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4214 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4213 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4212 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4211 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4210 (Integer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat a ...)
	NOT-FOR-US: Adobe
CVE-2016-4209 (Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.17, ...)
	NOT-FOR-US: Adobe
CVE-2016-4208 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4207 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4206 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4205 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4204 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4203 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4202 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4201 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4200 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4199 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4198 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4197 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4196 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4195 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4194 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4193 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4192 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4191 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4190 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4189 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4188 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4187 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4186 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4185 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4184 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4183 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4182 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4181 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4180 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4179 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4178 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4177 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4176 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4175 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4174 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 a ...)
	NOT-FOR-US: Adobe
CVE-2016-4173 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 a ...)
	NOT-FOR-US: Adobe
CVE-2016-4172 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4171 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4170 (Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5 ...)
	NOT-FOR-US: Adobe
CVE-2016-4169 (Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to obtain s ...)
	NOT-FOR-US: Adobe
CVE-2016-4168 (Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5 ...)
	NOT-FOR-US: Adobe
CVE-2016-4167 (Adobe DNG Software Development Kit (SDK) before 1.4 2016 allows attack ...)
	NOT-FOR-US: Adobe
CVE-2016-4166 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4165 (The extension manager in Adobe Brackets before 1.7 allows attackers to ...)
	NOT-FOR-US: Adobe
CVE-2016-4164 (Cross-site scripting (XSS) vulnerability in Adobe Brackets before 1.7  ...)
	NOT-FOR-US: Adobe
CVE-2016-4163 (Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4162 (Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4161 (Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4160 (Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4159 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before ...)
	NOT-FOR-US: Adobe
CVE-2016-4158 (Unquoted Windows search path vulnerability in Adobe Creative Cloud Des ...)
	NOT-FOR-US: Adobe
CVE-2016-4157 (Untrusted search path vulnerability in the installer in Adobe Creative ...)
	NOT-FOR-US: Adobe
CVE-2016-4156 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4155 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4154 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4153 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4152 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4151 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4150 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4149 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4148 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4147 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4146 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4145 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4144 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4143 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4142 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4141 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4140 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4139 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4138 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4137 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4136 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4135 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4134 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4133 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4132 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4131 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4130 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4129 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4128 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4127 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4126 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4125 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4124 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4123 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4122 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-4121 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.352 a ...)
	NOT-FOR-US: Adobe
CVE-2016-4120 (Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-4119 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4118 (Untrusted search path vulnerability in the installer in Adobe Connect  ...)
	NOT-FOR-US: Adobe
CVE-2016-4117 (Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to e ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4116 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4115 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4114 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4113 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4112 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4111 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4110 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4109 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4108 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4107 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4106 (Untrusted search path vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4105 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4104 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4103 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4102 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4101 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4100 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4099 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4098 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4097 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4096 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4095 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4094 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4093 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4092 (Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4091 (Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4090 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4089 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4088 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4340 (The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 th ...)
	- gitlab 8.8.2+dfsg-1 (bug #823290)
	NOTE: https://about.gitlab.com/2016/05/02/cve-2016-4340-patches/
CVE-2016-4087 (Huawei S12700 switches with software before V200R008C00SPC500 and S570 ...)
	NOT-FOR-US: Huawei
CVE-2016-4086 (Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4 ...)
	NOT-FOR-US: Huawei HiSuite Device Manager
CVE-2016-4075 (Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the  ...)
	NOT-FOR-US: Opera
CVE-2016-4067
	RESERVED
CVE-2016-4066 (Cross-site request forgery (CSRF) vulnerability in Fortinet FortiWeb b ...)
	NOT-FOR-US: Fortinet
CVE-2016-4065 (The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on ...)
	NOT-FOR-US: Foxit
CVE-2016-4064 (Use-after-free vulnerability in the XFA forms handling functionality i ...)
	NOT-FOR-US: Foxit
CVE-2016-4063 (Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3 ...)
	NOT-FOR-US: Foxit
CVE-2016-4062 (Foxit Reader and PhantomPDF before 7.3.4 on Windows improperly report  ...)
	NOT-FOR-US: Foxit
CVE-2016-4061 (Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attac ...)
	NOT-FOR-US: Foxit
CVE-2016-4060 (Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3 ...)
	NOT-FOR-US: Foxit
CVE-2016-4059 (Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3 ...)
	NOT-FOR-US: Foxit
CVE-2016-4074 (The jv_dump_term function in jq 1.5 allows remote attackers to cause a ...)
	- jq 1.5+dfsg-1.1 (low; bug #822456)
	[jessie] - jq 1.4-2.1+deb8u1
	NOTE: https://github.com/stedolan/jq/issues/1136
	NOTE: https://www.openwall.com/lists/oss-security/2016/04/24/3
CVE-2016-4069 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail b ...)
	{DLA-613-1}
	- roundcube 1.1.5+dfsg.1-1 (bug #822333)
	NOTE: https://github.com/roundcube/roundcubemail/issues/4957
	NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115
	NOTE: https://github.com/roundcube/roundcubemail/commit/4a408843b0ef816daf70a472a02b78cd6073a4d5
	NOTE: https://github.com/roundcube/roundcubemail/commit/699af1e5206ed9114322adaa3c25c1c969640a53 (release-1.1)
	NOTE: https://www.openwall.com/lists/oss-security/2016/04/23/3
CVE-2016-4068 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1 ...)
	{DLA-537-1}
	- roundcube 1.2.1+dfsg.1-1
	NOTE: https://github.com/roundcube/roundcubemail/issues/5398
	NOTE: https://github.com/roundcube/roundcubemail/commit/a1fdb205f824dee7fd42dda739f207abc85ce158
CVE-2016-4085 (Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in t ...)
	{DSA-3585-1 DLA-497-1}
	- wireshark 2.0.0~rc2+g74e5b56-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-28.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12293
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12293
	NOTE: Doesn't affect 2.x series
CVE-2016-4084 (Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-W ...)
	- wireshark 2.0.3+geed34f0-1 (low)
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-27.html
CVE-2016-4083 (epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2. ...)
	- wireshark 2.0.3+geed34f0-1 (low)
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-27.html
CVE-2016-4082 (epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wiresha ...)
	{DSA-3585-1 DLA-497-1}
	- wireshark 2.0.3+geed34f0-1 (low)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-26.html
CVE-2016-4006 (epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 ...)
	{DSA-3585-1 DLA-497-1}
	- wireshark 2.0.3+geed34f0-1 (low)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-25.html
CVE-2016-4081 (epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12. ...)
	{DSA-3585-1 DLA-497-1}
	- wireshark 2.0.3+geed34f0-1 (low)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-24.html
CVE-2016-4080 (epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12. ...)
	{DSA-3585-1 DLA-497-1}
	- wireshark 2.0.3+geed34f0-1 (low)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-23.html
CVE-2016-4079 (epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12. ...)
	{DSA-3585-1 DLA-497-1}
	- wireshark 2.0.3+geed34f0-1 (low)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-22.html
CVE-2016-4078 (The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x ...)
	- wireshark 2.0.3+geed34f0-1 (low)
	[jessie] - wireshark <not-affected> (vulnerable code not present)
	[wheezy] - wireshark <not-affected> (vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-21.html
	NOTE: Upstream lists 1.12.x affected, I have contacted them for clarification
CVE-2016-4077 (epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on  ...)
	- wireshark 2.0.3+geed34f0-1 (low)
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-20.html
CVE-2016-4076 (epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2 ...)
	- wireshark 2.0.3+geed34f0-1 (low)
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-19.html
CVE-2016-4058 (Cross-site scripting (XSS) vulnerability in Huawei Policy Center befor ...)
	NOT-FOR-US: Huawei
CVE-2016-4057 (Huawei FusionCompute before V100R005C10SPC700 allows remote authentica ...)
	NOT-FOR-US: Huawei FusionCompute
CVE-2016-6479
	REJECTED
CVE-2016-4055 (The duration function in the moment package before 2.11.2 for Node.js  ...)
	- node-moment 2.13.0+ds-1 (unimportant)
	NOTE: https://github.com/moment/moment/pull/2939
	NOTE: https://nodesecurity.io/advisories/55
	NOTE: nodejs not covered by security support
CVE-2016-4050
	REJECTED
CVE-2016-4049 (The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does no ...)
	{DSA-3654-1 DLA-601-1}
	- quagga 1.0.20160315-2 (bug #822787)
	NOTE: https://lists.quagga.net/pipermail/quagga-dev/2016-January/014699.html
	NOTE: https://lists.quagga.net/pipermail/quagga-dev/2016-April/015241.html
CVE-2016-4048 (An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev1 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-4047 (An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-4046 (An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev1 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-4045 (An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev1 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-4056 (Cross-site scripting (XSS) vulnerability in the Backend component in T ...)
	- typo3-src <removed>
	[wheezy] - typo3-src <end-of-life> (See DSA 3314)
CVE-2016-4054 (Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows ...)
	{DSA-3625-1 DLA-478-1}
	- squid3 3.5.17-1
	- squid <not-affected> (Squid 2.x are not vulnerable)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_6.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11841.patch (Squid 3.2)
	NOTE: http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12697.patch (Squid 3.3)
	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4)
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5)
CVE-2016-4053 (Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to ...)
	{DSA-3625-1 DLA-478-1}
	- squid3 3.5.17-1
	- squid <not-affected> (Squid 2.x are not vulnerable)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_6.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11841.patch (Squid 3.2)
	NOTE: http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12697.patch (Squid 3.3)
	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4)
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5)
CVE-2016-4052 (Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4 ...)
	{DSA-3625-1 DLA-478-1}
	- squid3 3.5.17-1
	- squid <not-affected> (Squid 2.x are not vulnerable)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_6.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11841.patch (Squid 3.2)
	NOTE: http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12697.patch (Squid 3.3)
	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4)
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5)
CVE-2016-4051 (Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4 ...)
	{DSA-3625-1 DLA-478-1}
	- squid3 3.5.17-1
	- squid 4.1-1
	[wheezy] - squid <not-affected> (cachemgr.cgi not installed. squid-cgi binary package built from squid3)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_5.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_5.patch (Squid 3.2)
	NOTE: http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_5.patch (Squid 3.3)
	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_5.patch (Squid 3.4)
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_5.patch (Squid 3.5)
	NOTE: Fixed in wheezy by DLA-556-1, c.f. CVE-2016-5408
CVE-2016-4044
	RESERVED
CVE-2016-4043 (Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authen ...)
	NOT-FOR-US: Plone
CVE-2016-4042 (Plone 3.3 through 5.1a1 allows remote attackers to obtain information  ...)
	NOT-FOR-US: Plone
CVE-2016-4041 (Plone 4.0 through 5.1a1 does not have security declarations for Dexter ...)
	NOT-FOR-US: Plone
CVE-2016-4040 (SQL injection vulnerability in the Workflow Screen in dotCMS before 3. ...)
	NOT-FOR-US: dotCMS
CVE-2016-4039
	RESERVED
CVE-2016-4036 (The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Ent ...)
	{DSA-3654-1 DLA-601-1}
	- quagga 1.0.20160315-2 (bug #835223)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=770619
	NOTE: World readable files in /etc/quagga as well in Debian
CVE-2016-3955 (The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in t ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.2-1
	NOTE: Upstream commit: https://git.kernel.org/linus/b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb (v4.6-rc3)
	NOTE: https://www.openwall.com/lists/oss-security/2016/04/19/1
CVE-2016-4038 (Array index error in the msm_sensor_config function in kernel/SM-G9008 ...)
	NOT-FOR-US: Samsung Android driver
CVE-2016-4035
	RESERVED
CVE-2016-4034
	RESERVED
CVE-2016-4033
	RESERVED
CVE-2016-4032 (Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005 ...)
	NOT-FOR-US: Samsung
CVE-2016-4031 (Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005 ...)
	NOT-FOR-US: Samsung
CVE-2016-4037 (The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows lo ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-1 (bug #822344)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02691.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1325129
	NOTE: https://www.openwall.com/lists/oss-security/2016/04/18/3
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=1ae3f2f178087711f9591350abad133525ba93f2 (v2.6.0-rc3)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=a49923d2837d20510d645d3758f1ad87c32d0730 (v2.6.0-rc3)
CVE-2016-4030 (Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005 ...)
	NOT-FOR-US: Samsung
CVE-2016-4029 (WordPress before 4.5 does not consider octal and hexadecimal IP addres ...)
	{DSA-3681-1 DLA-633-1}
	- wordpress 4.5+dfsg-1
	NOTE: Fixed by: https://core.trac.wordpress.org/changeset/37115
	NOTE: Fixed by: https://github.com/WordPress/WordPress/commit/af9f0520875eda686fd13a427fd3914d7aded049
	NOTE: Release notes: https://codex.wordpress.org/Version_4.5
CVE-2016-4028 (An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-4027 (An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev1 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-4026 (An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev1 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-4025 (Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x. ...)
	NOT-FOR-US: Avast
CVE-2016-4023
	RESERVED
CVE-2016-4022
	RESERVED
CVE-2016-4021 (The read_binary function in buffer.c in pgpdump before 0.30 allows con ...)
	{DLA-768-1}
	- pgpdump 0.31-0.1 (bug #773747)
	[jessie] - pgpdump 0.28-1+deb8u1
	NOTE: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-030.txt
	NOTE: https://github.com/kazu-yamamoto/pgpdump/pull/16
CVE-2016-4019 (Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows  ...)
	NOT-FOR-US: Zimbra
CVE-2016-4018 (The Data Provisioning Agent (aka DP Agent) in SAP HANA does not proper ...)
	NOT-FOR-US: SAP
CVE-2016-4017 (The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote a ...)
	NOT-FOR-US: SAP
CVE-2016-4016 (Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integrat ...)
	NOT-FOR-US: SAP
CVE-2016-4015 (The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows rem ...)
	NOT-FOR-US: SAP
CVE-2016-4014 (XML external entity (XXE) vulnerability in the UDDI component in SAP N ...)
	NOT-FOR-US: SAP
CVE-2016-XXXX [ZF2016-01: Potential Insufficient Entropy Vulnerability in ZF1]
	- zendframework 1.12.18+dfsg-1
	[jessie] - zendframework 1.12.9+dfsg-2+deb8u6
	[wheezy] - zendframework 1.11.13-1.1+deb7u6
	NOTE: http://framework.zend.com/security/advisory/ZF2016-01
CVE-2016-4013
	RESERVED
CVE-2016-4012
	RESERVED
CVE-2016-4011
	RESERVED
CVE-2016-4010 (Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP  ...)
	NOT-FOR-US: Magento
	NOTE: https://magento.com/security/patches/magento-206-security-update
	NOTE: http://www.netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/
CVE-2016-4007 (Multiple unspecified vulnerabilities in the obs-service-extract_file p ...)
	NOT-FOR-US: obs-service-extract_file
CVE-2016-4024 (Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows rem ...)
	{DSA-3555-1}
	- imlib2 1.4.8-1 (bug #821732)
	NOTE: Upstream fix: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=7eba2e4c8ac0e20838947f10f29d0efe1add8227
	NOTE: https://www.openwall.com/lists/oss-security/2016/04/14/5
CVE-2016-4005 (The Huawei Hilink App application before 3.19.2 for Android does not v ...)
	NOT-FOR-US: Huawei
CVE-2016-4004 (Directory traversal vulnerability in Dell OpenManage Server Administra ...)
	NOT-FOR-US: Dell
CVE-2016-4003 (Cross-site scripting (XSS) vulnerability in the URLDecoder function in ...)
	- libstruts1.2-java <not-affected> (Only affects 2.x)
	NOTE: http://struts.apache.org/docs/s2-028.html
CVE-2016-4020 (The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not  ...)
	{DLA-1599-1 DLA-574-1 DLA-573-1}
	- qemu 1:2.6+dfsg-2 (bug #821062)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01118.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1313686
	NOTE: https://www.openwall.com/lists/oss-security/2016/04/13/6
CVE-2016-4000 (Jython before 2.7.1rc1 allows attackers to execute arbitrary code via  ...)
	{DSA-3893-1 DLA-989-1}
	- jython 2.5.3-17 (bug #864859)
	NOTE: http://bugs.jython.org/issue2454
	NOTE: https://hg.python.org/jython/rev/d06e29d100c0
CVE-2016-3999 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collabor ...)
	NOT-FOR-US: Zimbra
CVE-2016-3998 (NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to ...)
	NOT-FOR-US: NetApp AltaVault
CVE-2016-3997 (NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obta ...)
	NOT-FOR-US: NetApp Clustered Data ONTAP
CVE-2016-XXXX [auth bypass]
	- brltty <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=967436
	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/04/12/4
	NOTE: Introduced in: https://github.com/brltty/brltty/commit/e62b3c925d03239a372d425fb87b2cac65d8ef19
	NOTE: Fixed by: https://github.com/brltty/brltty/commit/74affe7d1401f2b43ad32e18cb78704d22604ad7
CVE-2016-3996 (ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly che ...)
	NOT-FOR-US: Samsung
CVE-2016-3991 (Heap-based buffer overflow in the loadImage function in the tiffcrop t ...)
	{DSA-3762-1 DLA-610-1 DLA-606-1}
	- tiff 4.0.7-1
	- tiff3 <removed> (unimportant)
	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2543
	NOTE: Reproducer http://bugs.fi/media/afl/libtiff/CVE-2016-3991.tif
CVE-2016-3990 (Heap-based buffer overflow in the horizontalDifference8 function in ti ...)
	{DSA-3762-1 DLA-795-1 DLA-610-1}
	- tiff 4.0.7-1 (bug #836570)
	- tiff3 <removed> (unimportant)
	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2544
CVE-2016-3989 (The NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTI ...)
	NOT-FOR-US: Meinberg
CVE-2016-3988 (Multiple stack-based buffer overflows in the NTP time-server interface ...)
	NOT-FOR-US: Meinberg
CVE-2016-3987 (The HTTP server in Trend Micro Password Manager allows remote web serv ...)
	NOT-FOR-US: Trend Micro
CVE-2016-3986 (Avast allows remote attackers to cause a denial of service (memory cor ...)
	NOT-FOR-US: Avast
CVE-2016-3985 (The Terminal Services Remote Desktop Protocol (RDP) client session res ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2016-3984 (The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response  ...)
	NOT-FOR-US: McAfee
CVE-2016-3983 (McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remo ...)
	NOT-FOR-US: McAfee
CVE-2016-3980 (The Java Startup Framework (aka jstart) in SAP JAVA AS 7.2 through 7.4 ...)
	NOT-FOR-US: SAP
CVE-2016-3979 (Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 t ...)
	NOT-FOR-US: SAP
CVE-2016-3978 (The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x b ...)
	NOT-FOR-US: FortiOS
CVE-2016-4002 (Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-2 (bug #821061)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1326082
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01131.html
	NOTE: https://www.openwall.com/lists/oss-security/2016/04/11/6
CVE-2016-4001 (Buffer overflow in the stellaris_enet_receive function in hw/net/stell ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-1 (bug #821038)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1325884
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01334.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=3a15cc0e1ee7168db0782133d2607a6bfa422d66 (v2.6.0-rc2)
	NOTE: https://www.openwall.com/lists/oss-security/2016/04/11/4
CVE-2016-4008 (The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 ...)
	{DSA-3568-1 DLA-495-1}
	- libtasn1-6 4.8-1
	- libtasn1-3 <removed>
	NOTE: https://www.openwall.com/lists/oss-security/2016/04/11/3
	NOTE: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=f435825c0f527a8e52e6ffbc3ad0bc60531d537e
	NOTE: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625
CVE-2016-3995 (The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and  ...)
	- libcrypto++ 5.6.3-6
	[jessie] - libcrypto++ 5.6.1-6+deb8u2
	[wheezy] - libcrypto++ 5.6.1-6+deb7u2
	NOTE: https://github.com/weidai11/cryptopp/issues/146
	NOTE: https://www.openwall.com/lists/oss-security/2016/04/10/6
	NOTE: Initial upload in 5.6.3-5 was incomplete
CVE-2016-3994 (The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause ...)
	{DSA-3555-1}
	- imlib2 1.4.8-1 (bug #785369)
	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8
	NOTE: https://www.openwall.com/lists/oss-security/2016/04/09/6
CVE-2016-4070 (** DISPUTED ** Integer overflow in the php_raw_url_encode function in  ...)
	{DSA-3560-1 DLA-499-1}
	- php7.0 7.0.5-1
	- php5 5.6.20+dfsg-1
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
	NOTE: https://bugs.php.net/bug.php?id=71798
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=95433e8e339dbb6b5d5541473c1661db6ba2c451
	NOTE: https://www.openwall.com/lists/oss-security/2016/04/11/7
	NOTE: Fix in HHVM: https://github.com/facebook/hhvm/commit/ea6ff01f6c31f1615a935ef96622d623a6277d37
CVE-2016-4071 (Format string vulnerability in the php_snmp_error function in ext/snmp ...)
	{DSA-3560-1 DLA-499-1}
	- php7.0 7.0.5-1
	- php5 5.6.20+dfsg-1
	NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
	NOTE: https://bugs.php.net/bug.php?id=71704
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=6e25966544fb1d2f3d7596e060ce9c9269bbdcf8
	NOTE: https://www.openwall.com/lists/oss-security/2016/04/11/7
CVE-2016-4072 (The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x  ...)
	{DSA-3560-1 DLA-499-1}
	- php7.0 7.0.5-1
	- php5 5.6.20+dfsg-1
	NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
	NOTE: https://bugs.php.net/bug.php?id=71860
	NOTE: https://gist.github.com/smalyshev/80b5c2909832872f2ba2
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=1e9b175204e3286d64dfd6c9f09151c31b5e099a
	NOTE: https://www.openwall.com/lists/oss-security/2016/04/11/7
CVE-2016-4073 (Multiple integer overflows in the mbfl_strcut function in ext/mbstring ...)
	{DSA-3560-1 DLA-499-1}
	- php7.0 7.0.5-1
	- php5 5.6.20+dfsg-1
	NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
	NOTE: https://bugs.php.net/bug.php?id=71906
	NOTE: https://gist.github.com/smalyshev/d8355c96a657cc5dba70
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=64f42c73efc58e88671ad76b6b6bc8e2b62713e1
	NOTE: https://www.openwall.com/lists/oss-security/2016/04/11/7
CVE-2016-3976 (Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through ...)
	NOT-FOR-US: SAP
CVE-2016-3975 (Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1  ...)
	NOT-FOR-US: SAP
CVE-2016-3974 (XML external entity (XXE) vulnerability in the Configuration Wizard in ...)
	NOT-FOR-US: SAP
CVE-2016-3973 (The chat feature in the Real-Time Collaboration (RTC) services 7.3 and ...)
	NOT-FOR-US: SAP
CVE-2016-3972 (Directory traversal vulnerability in the dotTailLogServlet in dotCMS b ...)
	NOT-FOR-US: dotCMS
CVE-2016-3971 (Cross-site scripting (XSS) vulnerability in lucene_search.jsp in dotCM ...)
	NOT-FOR-US: dotCMS
CVE-2016-3970
	RESERVED
CVE-2016-7921
	REJECTED
CVE-2016-3982 (Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiP ...)
	{DSA-3546-1}
	- optipng 0.7.6-1
	NOTE: https://sourceforge.net/p/optipng/bugs/57/
CVE-2016-3981 (Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c ...)
	{DSA-3546-1}
	- optipng 0.7.6-1
	NOTE: https://sourceforge.net/p/optipng/bugs/56/
CVE-2016-3977 (Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1. ...)
	- giflib 5.1.4-3 (bug #820526)
	[stretch] - giflib <no-dsa> (Minor issue)
	[jessie] - giflib <no-dsa> (Minor issue)
	[wheezy] - giflib <no-dsa> (minor issue)
	NOTE: https://sourceforge.net/p/giflib/bugs/87/
	NOTE: https://sourceforge.net/p/giflib/code/ci/ea8dbc5786862a3e16a5acfa3d24e2c2f608cd88/
	NOTE: The issue was originally fixed in 5.1.4-0.3 but then the NMU upload
	NOTE: 5.1.4-0.4 just dropped the patch claiming the patch was already present
	NOTE: which is untrue and reopening the issue.
CVE-2016-3969 (Cross-site scripting (XSS) vulnerability in McAfee Email Gateway (MEG) ...)
	NOT-FOR-US: McAfee Email Gateway
CVE-2016-3968 (Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam ...)
	NOT-FOR-US: Sophos
CVE-2016-3967
	RESERVED
CVE-2016-3966
	RESERVED
CVE-2016-3965
	RESERVED
CVE-2016-3964
	RESERVED
CVE-2016-3963 (Siemens SCALANCE S613 allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: Siemens
CVE-2016-3992 (cronic before 3 allows local users to write to arbitrary files via a s ...)
	- cronic 3-1 (bug #820331)
	NOTE: https://www.openwall.com/lists/oss-security/2016/04/09/4
CVE-2016-3962 (Stack-based buffer overflow in the NTP time-server interface on Meinbe ...)
	NOT-FOR-US: Meinberg
CVE-2016-3961 (Xen and the Linux kernel through 4.5.x do not properly suppress hugetl ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.2-1
	NOTE: http://xenbits.xen.org/xsa/advisory-174.html
	NOTE: Fixed by: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=103f6112f253017d7062cd74d17f4a514ed4485c
CVE-2016-3960 (Integer overflow in the x86 shadow pagetable code in Xen allows local  ...)
	{DSA-3554-1 DLA-571-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	NOTE: http://xenbits.xen.org/xsa/advisory-173.html
CVE-2016-3957 (The secure_load function in gluon/utils.py in web2py before 2.14.2 use ...)
	- web2py <removed> (bug #891220)
	[jessie] - web2py <not-affected> (Vulnerable code not present)
	[wheezy] - web2py <not-affected> (Vulnerable code not present)
CVE-2016-3956 (The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js  ...)
	- npm 5.8.0+ds-2 (bug #850322)
	[jessie] - npm <end-of-life> (Nodejs in jessie not covered by security support, minor issue)
	NOTE: https://github.com/npm/npm/issues/8380
	NOTE: https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401 (2.15.1)
	NOTE: https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29 (3.8.3)
CVE-2016-3954 (web2py before 2.14.2 allows remote attackers to obtain the session_coo ...)
	- web2py <removed> (bug #891220)
	[jessie] - web2py <not-affected> (Vulnerable code not present)
	[wheezy] - web2py <not-affected> (Vulnerable code not present)
CVE-2016-3953 (The sample web application in web2py before 2.14.2 might allow remote  ...)
	- web2py <removed> (bug #891220)
	[jessie] - web2py <not-affected> (Vulnerable code not present)
	[wheezy] - web2py <not-affected> (Vulnerable code not present)
CVE-2016-3952 (web2py before 2.14.1, when using the standalone version, allows remote ...)
	- web2py <removed> (bug #891220)
	[jessie] - web2py <not-affected> (Vulnerable code not present)
	[wheezy] - web2py <not-affected> (Vulnerable code not present)
CVE-2016-3951 (Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux ke ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1
	NOTE: https://git.kernel.org/linus/4d06dd537f95683aba3651098ae288b7cbff8274 (v4.5)
	NOTE: https://git.kernel.org/linus/1666984c8625b3db19a9abc298931d35ab7bc64b (v4.5)
	NOTE: https://www.spinics.net/lists/netdev/msg367669.html
CVE-2016-3950 (Huawei AR3200 routers with software before V200R006C10SPC300 allow rem ...)
	NOT-FOR-US: Huawei AR3200 routers
CVE-2016-3949 (Siemens SIMATIC S7-300 Profinet-enabled CPU devices with firmware befo ...)
	NOT-FOR-US: Siemens
CVE-2016-3959 (The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x  ...)
	- golang 2:1.6.1-1 (bug #820369)
	[jessie] - golang <no-dsa> (Minor issue)
	[wheezy] - golang <no-dsa> (Minor issue)
	NOTE: https://golang.org/cl/21533
CVE-2016-3958 (Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x befor ...)
	- golang <not-affected> (Only affects Go on Windows)
	NOTE: https://golang.org/cl/21428
CVE-2016-3946 (SAP Console (aka SAPConsole) 7.30 allows local users to discover SAP S ...)
	NOT-FOR-US: SAP
CVE-2016-3945 (Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile ...)
	{DSA-3762-1 DLA-795-1 DLA-610-1}
	- tiff 4.0.7-1
	- tiff3 <removed> (unimportant)
	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2545
CVE-2016-3993 (Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c  ...)
	{DSA-3555-1}
	- imlib2 1.4.8-1 (bug #819818)
	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=ce94edca1ccfbe314cb7cd9453433fad404ec7ef
	NOTE: https://www.openwall.com/lists/oss-security/2016/04/09/5
CVE-2016-3948 (Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds ...)
	{DSA-3625-1}
	- squid3 3.5.16-1 (bug #819784)
	[wheezy] - squid3 <no-dsa> (Minor issue; needs substantial backporting; too intrusive to backport)
	- squid 4.1-1
	[wheezy] - squid <no-dsa> (Minor issue; needs substantial backporting; too intrusive to backport)
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_4.txt
CVE-2016-3947 (Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.c ...)
	- squid3 3.5.16-1 (bug #819783)
	[wheezy] - squid3 <no-dsa> (Minor issue)
	- squid 4.1-1
	[wheezy] - squid <no-dsa> (Minor issue)
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_3.txt
CVE-2016-3944 (UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle ...)
	NOT-FOR-US: Lenovo
CVE-2016-3943 (Panda Endpoint Administration Agent before 7.50.00, as used in Panda S ...)
	NOT-FOR-US: Panda
CVE-2016-3942
	RESERVED
CVE-2016-3940 (The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-3939 (drivers/video/msm/mdss/mdss_debug.c in the Qualcomm video driver in An ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3938 (drivers/video/msm/mdss/mdss_mdp_overlay.c in the Qualcomm video driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3937 (The MediaTek video driver in Android before 2016-10-05 allows attacker ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3936 (The MediaTek video driver in Android before 2016-10-05 allows attacker ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3935 (Multiple integer overflows in drivers/crypto/msm/qcedev.c in the Qualc ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3934 (drivers/media/platform/msm/camera_v2/sensor/io/msm_camera_cci_i2c.c in ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3933 (mediaserver in Android before 2016-10-05 on Nexus 9 and Pixel C device ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3932 (mediaserver in Android before 2016-10-05 allows attackers to gain priv ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3931 (drivers/misc/qseecom.c in the Qualcomm QSEE Communicator driver in And ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3930 (The NVIDIA MMC test driver in Android before 2016-10-05 on Nexus 9 dev ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3929 (Unspecified vulnerability in a Qualcomm component in Android before 20 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3928 (The MediaTek video driver in Android before 2016-10-05 allows attacker ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3927 (Unspecified vulnerability in a Qualcomm component in Android before 20 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3926 (Unspecified vulnerability in a Qualcomm component in Android before 20 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3925 (server/wifi/anqp/ANQPFactory.java in Android 6.x before 2016-10-01 and ...)
	NOT-FOR-US: Android
CVE-2016-3924 (services/audioflinger/Effects.cpp in mediaserver in Android 4.x before ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3923 (The Accessibility services in Android 7.0 before 2016-10-01 mishandle  ...)
	NOT-FOR-US: Android
CVE-2016-3922 (libril/RilSapSocket.cpp in Telephony in Android 6.x before 2016-10-01  ...)
	NOT-FOR-US: Android Telephony
CVE-2016-3921 (libsysutils/src/FrameworkListener.cpp in Framework Listener in Android ...)
	- android-platform-system-core <not-affected> (libsysutils not included, bug #858177)
CVE-2016-3920 (id3/ID3.cpp in libstagefright in mediaserver in Android 5.0.x before 5 ...)
	NOT-FOR-US: libstagefright
CVE-2016-3919
	REJECTED
CVE-2016-3918 (email/provider/AttachmentProvider.java in AOSP Mail in Android 4.x bef ...)
	NOT-FOR-US: Android
CVE-2016-3917 (The fingerprint login feature in Android 6.0.1 before 2016-10-01 and 7 ...)
	NOT-FOR-US: Android
CVE-2016-3916 (camera/src/camera_metadata.c in the Camera service in Android 4.x befo ...)
	NOT-FOR-US: Android
CVE-2016-3915 (camera/src/camera_metadata.c in the Camera service in Android 4.x befo ...)
	NOT-FOR-US: Android
CVE-2016-3914 (Race condition in providers/telephony/MmsProvider.java in Telephony in ...)
	NOT-FOR-US: Android Telephony
CVE-2016-3913 (media/libmediaplayerservice/MediaPlayerService.cpp in mediaserver in A ...)
	NOT-FOR-US: Android
CVE-2016-3912 (The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5. ...)
	NOT-FOR-US: Android
CVE-2016-3911 (core/java/android/os/Process.java in Zygote in Android 4.x before 4.4. ...)
	NOT-FOR-US: Android
CVE-2016-3910 (services/soundtrigger/SoundTriggerHwService.cpp in mediaserver in Andr ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3909 (The SoftMPEG4 component in libstagefright in mediaserver in Android 4. ...)
	NOT-FOR-US: libstagefright
CVE-2016-3908 (The Lock Settings Service in Android 6.x before 2016-10-01 and 7.0 bef ...)
	NOT-FOR-US: Android
CVE-2016-3907 (An information disclosure vulnerability in Qualcomm components includi ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-3906 (An information disclosure vulnerability in Qualcomm components includi ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-3905 (CORE/HDD/src/wlan_hdd_main.c in the Qualcomm Wi-Fi driver in Android b ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3904 (An elevation of privilege vulnerability in the Qualcomm bus driver in  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3903 (drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qua ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3902 (drivers/platform/msm/ipa/ipa_qmi_service.c in the Qualcomm IPA driver  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3901 (Multiple integer overflows in drivers/crypto/msm/qcedev.c in the Qualc ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3900 (cmds/servicemanager/service_manager.c in ServiceManager in Android 5.0 ...)
	NOT-FOR-US: Android
CVE-2016-3899 (OMXCodec.cpp in libstagefright in mediaserver in Android 4.x before 4. ...)
	NOT-FOR-US: libstagefright
CVE-2016-3898 (Telephony in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x befor ...)
	NOT-FOR-US: Android
CVE-2016-3897 (The WifiEnterpriseConfig class in net/wifi/WifiEnterpriseConfig.java i ...)
	NOT-FOR-US: Android
CVE-2016-3896 (AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x befor ...)
	NOT-FOR-US: Android
CVE-2016-3895 (Integer overflow in the Region::unflatten function in libs/ui/Region.c ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3894 (The Qualcomm DMA component in Android before 2016-09-05 on Nexus 6 dev ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3893 (The wcdcal_hwdep_ioctl_shared function in sound/soc/codecs/wcdcal-hwde ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3892 (The Qualcomm SPMI driver in Android before 2016-09-05 on Nexus 5, 5X,  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3891
	RESERVED
CVE-2016-3890 (The Java Debug Wire Protocol (JDWP) implementation in adb/sockets.cpp  ...)
	- android-platform-system-core 1:6.0.1+r43-1
	[jessie] - android-platform-system-core <no-dsa> (Minor issue)
CVE-2016-3889 (Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physica ...)
	NOT-FOR-US: Android
CVE-2016-3888 (internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0 ...)
	NOT-FOR-US: Android
CVE-2016-3887 (providers/settings/SettingsProvider.java in Android 7.0 before 2016-09 ...)
	NOT-FOR-US: Android
CVE-2016-3886 (systemui/statusbar/phone/QuickStatusBarHeader.java in the System UI Tu ...)
	NOT-FOR-US: Android
CVE-2016-3885 (debuggerd/debuggerd.cpp in Debuggerd in Android 5.0.x before 5.0.2, 5. ...)
	- android-platform-system-core <not-affected> (debugged not provided, see bug #858177)
CVE-2016-3884 (server/notification/NotificationManagerService.java in the Notificatio ...)
	NOT-FOR-US: Android
CVE-2016-3883 (internal/telephony/SMSDispatcher.java in Telephony in Android 4.x befo ...)
	NOT-FOR-US: Android
CVE-2016-3882 (Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-Fi in ...)
	NOT-FOR-US: Android
CVE-2016-3881 (The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx  ...)
	- libvpx 1.6.1-1
	[jessie] - libvpx <ignored> (Minor issue)
	[wheezy] - libvpx <not-affected> (Vulnerable source not present)
	NOTE: probably fixed earlier, but this was the version checked
	NOTE: https://android.googlesource.com/platform/external/libvpx/+/4974dcbd0289a2530df2ee2a25b5f92775df80da
CVE-2016-3880 (Multiple buffer overflows in rtsp/ASessionDescription.cpp in libstagef ...)
	NOT-FOR-US: libstagefright
CVE-2016-3879 (arm-wt-22k/lib_src/eas_mdls.c in mediaserver in Android 4.x before 4.4 ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3878 (decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-09-01 m ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3877 (Unspecified vulnerability in Android before 2016-09-01 has unknown imp ...)
	NOT-FOR-US: Android
CVE-2016-3876 (providers/settings/SettingsProvider.java in Android 6.x before 2016-09 ...)
	NOT-FOR-US: Android
CVE-2016-3875 (server/wm/WindowManagerService.java in Android 6.x before 2016-09-01 d ...)
	NOT-FOR-US: Android
CVE-2016-3874 (CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android b ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3873 (The NVIDIA kernel in Android before 2016-09-05 on Nexus 9 devices allo ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3872 (Buffer overflow in codecs/on2/dec/SoftVPX.cpp in libstagefright in med ...)
	NOT-FOR-US: libstagefright
CVE-2016-3871 (Multiple buffer overflows in codecs/mp3dec/SoftMP3.cpp in libstagefrig ...)
	NOT-FOR-US: libstagefright
CVE-2016-3870 (omx/SimpleSoftOMXComponent.cpp in libstagefright in mediaserver in And ...)
	NOT-FOR-US: libstagefright
CVE-2016-3869 (The Broadcom Wi-Fi driver in Android before 2016-09-05 on Nexus 5, Nex ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2016-3868 (The Qualcomm power driver in Android before 2016-09-05 on Nexus 5X and ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3867 (The Qualcomm IPA driver in Android before 2016-09-05 on Nexus 5X and 6 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3866 (The Qualcomm sound driver in Android before 2016-09-05 on Nexus 5X, 6, ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3865 (The Synaptics touchscreen driver in Android before 2016-09-05 on Nexus ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-3864 (The Qualcomm radio interface layer in Android before 2016-09-05 on Nex ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3863 (Multiple stack-based buffer overflows in the AVCC reassembly implement ...)
	NOT-FOR-US: libstagefright
CVE-2016-3862 (media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, 5 ...)
	NOT-FOR-US: libstagefright
CVE-2016-3861 (LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before ...)
	- android-platform-system-core 1:7.0.0+r1-4  (unimportant; bug #858177)
	NOTE: Not running as a privileged process in SDK
CVE-2016-3860 (sound/soc/msm/qdsp6v2/audio_calibration.c in the Qualcomm sound driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3859 (The Qualcomm camera driver in Android before 2016-09-05 on Nexus 5, 5X ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3858 (Buffer overflow in drivers/soc/qcom/subsystem_restart.c in the Qualcom ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3857 (The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allo ...)
	{DLA-609-1}
	- linux 4.7.2-1 (unimportant)
	NOTE: Fixed by: https://git.kernel.org/linus/7de249964f5578e67b99699c5f0b405738d820a2 (v4.8-rc2)
	NOTE: CONFIG_OABI_COMPAT disabled in 3.13.4-1, cf. #728975
CVE-2016-3856 (netd in Android before 2016-08-05 mishandles tethering and stdio strea ...)
	NOT-FOR-US: Android
CVE-2016-3855 (drivers/thermal/supply_lm_core.c in the Qualcomm components in Android ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3854 (drivers/media/video/msm/msm_mctl_buf.c in the Qualcomm components in A ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3853 (Google Play services in Android before 2016-08-05 on Nexus devices all ...)
	NOT-FOR-US: Android
CVE-2016-3852 (The MediaTek Wi-Fi driver in Android before 2016-08-05 on Android One  ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3851 (The LG Electronics bootloader Android before 2016-08-05 on Nexus 5X de ...)
	NOT-FOR-US: LG bootloader for Android
CVE-2016-3850 (Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in An ...)
	NOT-FOR-US: Qualcomm bootloader for Android
CVE-2016-3849 (The ION driver in Android before 2016-08-05 on Pixel C devices allows  ...)
	NOT-FOR-US: ION driver for Android
CVE-2016-3848 (The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 device ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3847 (The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 device ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3846 (The Serial Peripheral Interface driver in Android before 2016-08-05 on ...)
	NOT-FOR-US: Android
CVE-2016-3845 (The video driver in the kernel in Android before 2016-08-05 on Nexus 5 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3844 (mediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C device ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3843 (Android before 2016-08-05 does not properly restrict code execution in ...)
	NOT-FOR-US: Android
CVE-2016-3842 (The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, a ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3841 (The IPv6 stack in the Linux kernel before 4.3.3 mishandles options dat ...)
	- linux 4.3.3-1
	[jessie] - linux 3.16.7-ckt25-1
	[wheezy] - linux 3.2.78-1
	NOTE: Fixed by: https://git.kernel.org/linus/45f6fad84cc305103b28d73482b344d7f5b76f39 (v4.4-rc4)
CVE-2016-3840 (Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x befor ...)
	NOT-FOR-US: Android
CVE-2016-3839 (Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x befor ...)
	NOT-FOR-US: Android
CVE-2016-3838 (Android 6.x before 2016-08-01 allows attackers to cause a denial of se ...)
	NOT-FOR-US: Android
CVE-2016-3837 (service/jni/com_android_server_wifi_WifiNative.cpp in Wi-Fi in Android ...)
	NOT-FOR-US: Android
CVE-2016-3836 (The SurfaceFlinger service in Android 5.0.x before 5.0.2, 5.1.x before ...)
	NOT-FOR-US: Android
CVE-2016-3835 (The secure-session feature in the mm-video-v4l2 venc component in medi ...)
	NOT-FOR-US: Android
CVE-2016-3834 (The camera APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x ...)
	NOT-FOR-US: Android
CVE-2016-3833 (The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, ...)
	NOT-FOR-US: Android
CVE-2016-3832 (The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5. ...)
	NOT-FOR-US: Android
CVE-2016-3831 (The telephony component in Android 4.x before 4.4.4, 5.0.x before 5.0. ...)
	NOT-FOR-US: Android
CVE-2016-3830 (codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android ...)
	NOT-FOR-US: libstagefright
CVE-2016-3829 (The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 doe ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3828 (decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 m ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3827 (codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Androi ...)
	NOT-FOR-US: libstagefright
CVE-2016-3826 (services/audioflinger/Effects.cpp in mediaserver in Android 4.x before ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3825 (mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in Andro ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3824 (omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4. ...)
	NOT-FOR-US: libstagefright
CVE-2016-3823 (The secure-session feature in the mm-video-v4l2 venc component in medi ...)
	NOT-FOR-US: Android
CVE-2016-3822 (exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4 ...)
	{DSA-3825-1 DLA-864-1}
	- jhead 1:3.00-4 (bug #858213)
CVE-2016-3821 (libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0. ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3820 (The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 mis ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3819 (Integer overflow in codecs/on2/h264dec/source/h264bsd_dpb.c in libstag ...)
	NOT-FOR-US: libstagefright
CVE-2016-3818 (libc in Android 4.x before 4.4.4 allows remote attackers to cause a de ...)
	NOT-FOR-US: Android libc
CVE-2016-3817
	REJECTED
CVE-2016-3816 (The MediaTek display driver in Android before 2016-07-05 on Android On ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3815 (The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devic ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3814 (The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devic ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3813 (The Qualcomm USB driver in Android before 2016-07-05 on Nexus 5, 5X, 6 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3812 (The MediaTek video codec driver in Android before 2016-07-05 on Androi ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3811 (The kernel video driver in Android before 2016-07-05 on Nexus 9 device ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3810 (The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One  ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3809 (The networking component in Android before 2016-07-05 on Android One,  ...)
	NOT-FOR-US: Android
CVE-2016-3808 (The serial peripheral interface driver in Android before 2016-07-05 on ...)
	NOT-FOR-US: Android
CVE-2016-3807 (The serial peripheral interface driver in Android before 2016-07-05 on ...)
	NOT-FOR-US: Android
CVE-2016-3806 (The MediaTek display driver in Android before 2016-07-05 on Android On ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3805 (The MediaTek power management driver in Android before 2016-07-05 on A ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3804 (The MediaTek power management driver in Android before 2016-07-05 on A ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3803 (The kernel filesystem implementation in Android before 2016-07-05 on N ...)
	NOT-FOR-US: Android kernel
	NOTE: https://source.android.com/security/bulletin/2016-07-01.html
	NOTE: No source patch available, so may relate to Apache-licensed sdcardfs.
CVE-2016-3802 (The kernel filesystem implementation in Android before 2016-07-05 on N ...)
	NOT-FOR-US: Android kernel
	NOTE: https://source.android.com/security/bulletin/2016-07-01.html
	NOTE: No source patch available, so may relate to Apache-licensed sdcardfs.
CVE-2016-3801 (The MediaTek GPS driver in Android before 2016-07-05 on Android One de ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3800 (The MediaTek video driver in Android before 2016-07-05 on Android One  ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3799 (The MediaTek video driver in Android before 2016-07-05 on Android One  ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3798 (The MediaTek hardware sensor driver in Android before 2016-07-05 on An ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3797 (The Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 5X dev ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3796 (The MediaTek power driver in Android before 2016-07-05 on Android One  ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3795 (The MediaTek power driver in Android before 2016-07-05 on Android One  ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3794
	REJECTED
CVE-2016-3793 (The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devic ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3792 (CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Androi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3791
	REJECTED
CVE-2016-3790
	REJECTED
CVE-2016-3789
	REJECTED
CVE-2016-3788
	REJECTED
CVE-2016-3787
	REJECTED
CVE-2016-3786
	REJECTED
CVE-2016-3785
	REJECTED
CVE-2016-3784
	REJECTED
CVE-2016-3783
	REJECTED
CVE-2016-3782
	REJECTED
CVE-2016-3781
	REJECTED
CVE-2016-3780
	REJECTED
CVE-2016-3779
	REJECTED
CVE-2016-3778
	REJECTED
CVE-2016-3777
	REJECTED
CVE-2016-3776
	REJECTED
CVE-2016-3775 (The kernel filesystem implementation in Android before 2016-07-05 on N ...)
	NOT-FOR-US: Android kernel
	NOTE: https://source.android.com/security/bulletin/2016-07-01.html
	NOTE: No source patch available, so may relate to Apache-licensed sdcardfs.
CVE-2016-3774 (The MediaTek drivers in Android before 2016-07-05 on Android One devic ...)
	NOT-FOR-US: MediaTek drivers for Android
CVE-2016-3773 (The MediaTek drivers in Android before 2016-07-05 on Android One devic ...)
	NOT-FOR-US: MediaTek drivers for Android
CVE-2016-3772 (The MediaTek drivers in Android before 2016-07-05 on Android One devic ...)
	NOT-FOR-US: MediaTek drivers for Android
CVE-2016-3771 (The MediaTek drivers in Android before 2016-07-05 on Android One devic ...)
	NOT-FOR-US: MediaTek drivers for Android
CVE-2016-3770 (The MediaTek drivers in Android before 2016-07-05 on Android One devic ...)
	NOT-FOR-US: MediaTek drivers for Android
CVE-2016-3769 (The NVIDIA video driver in Android before 2016-07-05 on Nexus 9 device ...)
	NOT-FOR-US: NVIDIA drivers for Android
CVE-2016-3768 (The Qualcomm performance component in Android before 2016-07-05 on Nex ...)
	NOT-FOR-US: Qualcomm drivers for Android
CVE-2016-3767 (The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One  ...)
	NOT-FOR-US: MediaTek drivers for Android
CVE-2016-3766 (MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x bef ...)
	NOT-FOR-US: libstagefright
CVE-2016-3765 (decoder/impeg2d_bitstream.c in mediaserver in Android 6.x before 2016- ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3764 (media/libmediaplayerservice/MetadataRetrieverClient.cpp in mediaserver ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3763 (net/PacProxySelector.java in the Proxy Auto-Config (PAC) feature in An ...)
	NOT-FOR-US: Android
CVE-2016-3762 (The sockets subsystem in Android 5.0.x before 5.0.2, 5.1.x before 5.1. ...)
	NOT-FOR-US: Android SELinux policy
CVE-2016-3761 (NfcService.java in NFC in Android 4.x before 4.4.4, 5.0.x before 5.0.2 ...)
	NOT-FOR-US: Android
CVE-2016-3760 (Bluetooth in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x b ...)
	NOT-FOR-US: Android
CVE-2016-3759 (The Framework APIs in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1,  ...)
	NOT-FOR-US: Android
CVE-2016-3758 (Multiple buffer overflows in libdex/OptInvocation.cpp in DexClassLoade ...)
	- android-platform-dalvik 6.0.1+r55-1
CVE-2016-3757 (The print_maps function in toolbox/lsof.c in Android 4.x before 4.4.4, ...)
	NOT-FOR-US: toolbox
CVE-2016-3756 (Tremolo/res012.c in mediaserver in Android 4.x before 4.4.4, 5.0.x bef ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3755 (decoder/ih264d_parse_pslice.c in mediaserver in Android 6.x before 201 ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3754 (mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x bef ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3753 (mediaserver in Android 4.x before 4.4.4 allows remote attackers to obt ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3752 (internal/app/ChooserActivity.java in the ChooserTarget service in Andr ...)
	NOT-FOR-US: Android
CVE-2016-3751 (Unspecified vulnerability in libpng before 1.6.20, as used in Android  ...)
	NOT-FOR-US: Specific CVE assignment for libpng "fork" used on Android
CVE-2016-3750 (libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x be ...)
	NOT-FOR-US: Android
CVE-2016-3749 (server/LockSettingsService.java in LockSettingsService in Android 6.x  ...)
	NOT-FOR-US: Android
CVE-2016-3748 (The sockets subsystem in Android 6.x before 2016-07-01 allows attacker ...)
	NOT-FOR-US: Android SELinux policy
CVE-2016-3747 (Use-after-free vulnerability in the mm-video-v4l2 venc component in me ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3746 (Use-after-free vulnerability in the mm-video-v4l2 vdec component in me ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3745 (Multiple buffer overflows in mediaserver in Android 4.x before 4.4.4,  ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3744 (Buffer overflow in the create_pbuf function in btif/src/btif_hh.c in B ...)
	NOT-FOR-US: Android
CVE-2016-3743 (decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 d ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3742 (decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3741 (The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3740 (Heap-based buffer overflow in the CreateFXPDFConvertor function in Con ...)
	NOT-FOR-US: Foxit
CVE-2016-3739 (The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) pola ...)
	- curl 7.50.1-1 (unimportant)
	NOTE: only relevant when built with mbedTLS/PolarSSL
	NOTE: Source-wise fixed in 7.49.0
CVE-2016-3738 (Red Hat OpenShift Enterprise 3.2 does not properly restrict access to  ...)
	NOT-FOR-US: OpenShift Enterprise
CVE-2016-3737 (The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allo ...)
	NOT-FOR-US: Red Hat / JBoss Operations Network server
CVE-2016-3736
	RESERVED
CVE-2016-3735
	RESERVED
CVE-2016-3734 (Cross-site request forgery (CSRF) vulnerability in markposts.php in Mo ...)
	- moodle 2.7.14+dfsg-1
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755
CVE-2016-3733 (The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through ...)
	- moodle 2.7.14+dfsg-1
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369
CVE-2016-3732 (The capability check to access other badges in Moodle 3.0 through 3.0. ...)
	- moodle <not-affected> (Does only affect 2.8 and newer)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53589
CVE-2016-3731 (Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 al ...)
	- moodle <not-affected> (Does only affect 2.8 and newer)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53696
CVE-2016-3730
	RESERVED
CVE-2016-3729 (The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5,  ...)
	- moodle 2.7.14+dfsg-1
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53954
CVE-2016-3728 (Eval injection vulnerability in tftp_api.rb in the TFTP module in the  ...)
	- foreman <itp> (bug #663101)
CVE-2016-3727 (The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS be ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
CVE-2016-3726 (Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS b ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
CVE-2016-3725 (Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated  ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
CVE-2016-3724 (Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated u ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
CVE-2016-3723 (Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated u ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
CVE-2016-3722 (Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated u ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
CVE-2016-3721 (Jenkins before 2.3 and LTS before 1.651.2 might allow remote authentic ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
CVE-2016-3720 (XML external entity (XXE) vulnerability in XmlMapper in the Data forma ...)
	- jackson-dataformat-xml 2.7.4-1 (bug #823703)
	NOTE: https://github.com/FasterXML/jackson-dataformat-xml/commit/f0f19a4c924d9db9a1e2830434061c8640092cc0 (2.7.4)
CVE-2016-3719
	REJECTED
CVE-2016-3718 (The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x ...)
	{DSA-3580-1 DLA-1401-1 DLA-486-1 DLA-484-1}
	- imagemagick 8:6.9.6.2+dfsg-2
	- graphicsmagick 1.3.24-1
	NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
CVE-2016-3717 (The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1  ...)
	{DSA-3580-1 DLA-1401-1 DLA-486-1 DLA-484-1}
	- imagemagick 8:6.9.6.2+dfsg-2
	- graphicsmagick 1.3.24-1
	NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
CVE-2016-3716 (The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 al ...)
	{DSA-3580-1 DLA-1401-1 DLA-486-1 DLA-484-1}
	- imagemagick 8:6.9.6.2+dfsg-2
	- graphicsmagick 1.3.24-1
	NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
CVE-2016-3715 (The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0. ...)
	{DSA-3746-1 DSA-3580-1 DLA-486-1 DLA-484-1}
	- imagemagick 8:6.9.6.2+dfsg-2
	- graphicsmagick 1.3.24-1
	NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
CVE-2016-3714 (The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7 ...)
	{DSA-3746-1 DSA-3580-1 DLA-486-1 DLA-484-1}
	- imagemagick 8:6.9.6.2+dfsg-2
	NOTE: Workaround: https://bugzilla.redhat.com/show_bug.cgi?id=1332492#c3
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
	NOTE: Original upstream applied patches are incomplete and still to be finished
	NOTE: https://imagetragick.com/
	NOTE: notice how the workaround differs between the three refs above
	NOTE: PLT format removed with: https://github.com/ImageMagick/ImageMagick/commit/e87116ab2bd070c47943d4118a18c8f3a47461e2
	- graphicsmagick 1.3.24-1
	NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
	NOTE: https://sourceforge.net/p/graphicsmagick/code/ci/45998a25992d1142df201d8cf024b6c948b40748/
CVE-2016-3713 (The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel ...)
	- linux 4.5.4-1
	[jessie] - linux <not-affected> (Introduced in v4.2-rc1)
	[wheezy] - linux <not-affected> (Introduced in v4.2-rc1)
	NOTE: Introduced by: https://git.kernel.org/linus/910a6aae4e2e45855efc4a268e43eed2d8445575 (v4.2-rc1)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1332139
CVE-2016-3712 (Integer overflow in the VGA module in QEMU allows local guest OS users ...)
	{DSA-3573-1 DLA-571-1 DLA-540-1 DLA-539-1}
	- qemu 1:2.6+dfsg-1 (bug #823830)
	- qemu-kvm <removed>
	- xen 4.4.0-1
	[wheezy] - xen <no-dsa> (default configuration not vulnerable)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: http://xenbits.xen.org/xsa/advisory-179.html
	NOTE: mitigation: run HVM in stubdomains, PV, default video card not vulnerable, i386-only
CVE-2016-3711 (HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow ...)
	NOT-FOR-US: OpenShift
CVE-2016-3710 (The VGA module in QEMU improperly performs bounds checking on banked a ...)
	{DSA-3573-1 DLA-571-1 DLA-540-1 DLA-539-1}
	- qemu 1:2.6+dfsg-1 (bug #823830)
	- qemu-kvm <removed>
	- xen 4.4.0-1
	[wheezy] - xen <no-dsa> (default configuration not vulnerable)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: http://xenbits.xen.org/xsa/advisory-179.html
	NOTE: mitigation: run HVM in stubdomains, PV, default video card not vulnerable, i386-only
CVE-2016-3709
	RESERVED
CVE-2016-3708 (Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and ...)
	NOT-FOR-US: OpenShiftEnterprise / Red Hat
CVE-2016-3707 (The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org pro ...)
	- linux 3.15~rc5-1~exp1 (unimportant)
	NOTE: This is not really fixed in 3.15, but depends on the rt feature set patches applied
	NOTE: more details in kernel-sec repository.
	NOTE: https://lwn.net/Articles/448790/
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1327484
CVE-2016-3706 (Stack-based buffer overflow in the getaddrinfo function in sysdeps/pos ...)
	{DLA-494-1}
	- glibc 2.22-8
	[jessie] - glibc 2.19-18+deb8u5
	- eglibc <removed>
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20010
CVE-2016-3705 (The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1 (bug #823414)
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=8f30bdff69edac9075f4663ce3b56b0c52d48ce6 (v2.9.4)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=765207
CVE-2016-3704 (Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate pas ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3703 (Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the  ...)
	NOT-FOR-US: OpenShift
CVE-2016-3702 (Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allow ...)
	NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2016-3701
	RESERVED
CVE-2016-3700
	RESERVED
CVE-2016-3699 (The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat  ...)
	- linux <not-affected> (Fixed before we first included the securelevel patchset)
	NOTE: https://github.com/mjg59/linux/commit/a4a5ed2835e8ea042868b7401dced3f517cafa76
	NOTE: securelevel patchset added in 4.5.1-1
CVE-2016-3698 (libndp before 1.6, as used in NetworkManager, does not properly valida ...)
	{DSA-3581-1}
	- libndp 1.6-1 (bug #824545)
	NOTE: https://github.com/jpirko/libndp/commit/a4892df306e0532487f1634ba6d4c6d4bb381c7f
	NOTE: https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d4029115839
CVE-2016-3697 (libcontainer/user/user.go in runC before 0.1.0, as used in Docker befo ...)
	- docker.io <not-affected> (Vulnerable code not present)
	NOTE: Affected file not present, but docker.io probably needs to be rebuild with fixed runc
	- runc 0.1.0+dfsg-1
	NOTE: https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091 (runc, v0.1.0)
	NOTE: https://github.com/docker/docker/commit/da38ac6c79fe902ed0687afc73d731c95c6d491a (docker)
CVE-2016-3696 (The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users t ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3695 (The einj_error_inject function in drivers/acpi/apei/einj.c in the Linu ...)
	- linux 4.5.1-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2016-3694 (Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftw ...)
	NOT-FOR-US: eCommerce Shopsoftware
CVE-2016-3693 (The Safemode gem before 1.2.4 for Ruby, when initialized with a delega ...)
	- foreman <itp> (bug #663101)
CVE-2016-3692
	RESERVED
CVE-2016-3691 (Routes in Kallithea before 0.3.2 allows remote attackers to bypass the ...)
	- kallithea <itp> (bug #689573)
CVE-2016-3690 (The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attack ...)
	NOT-FOR-US: PooledInvokerServlet
CVE-2016-3941 (Buffer overflow in the AStreamPeekStream function in input/stream.c in ...)
	- vlc 2.2.0-1
	[wheezy] - vlc <end-of-life> (Unsupported in -lts)
	NOTE: https://bugs.launchpad.net/bugs/1533633
	NOTE: It is unclear when this was fixed exactly, marking the version in jessie as fixed for now
CVE-2016-3688 (SQL injection vulnerability in dotCMS before 3.5 allows remote adminis ...)
	NOT-FOR-US: dotCMS
CVE-2016-3687 (Open redirect vulnerability in F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x, a ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-3686 (The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 H ...)
	NOT-FOR-US: F5 BIG-IP APM
CVE-2016-3685 (SAP Download Manager 2.1.142 and earlier generates an encryption key f ...)
	NOT-FOR-US: SAP Download Manager
CVE-2016-3684 (SAP Download Manager 2.1.142 and earlier uses a hardcoded encryption k ...)
	NOT-FOR-US: SAP Download Manager
CVE-2016-3683
	RESERVED
CVE-2016-3689 (The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in ...)
	- linux 4.5.1-1
	[jessie] - linux 3.16.36-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Upstream fix: https://git.kernel.org/linus/a0ad220c96692eda76b2e3fd7279f3dcd1d8a8ff (v4.6-rc1)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=971628
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1320060
CVE-2016-3682
	REJECTED
CVE-2016-3681 (Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT ...)
	NOT-FOR-US: Huawei
CVE-2016-3680 (Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT ...)
	NOT-FOR-US: Huawei
CVE-2016-3679 (Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, a ...)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-3678 (Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with sof ...)
	NOT-FOR-US: Huawei
CVE-2016-3677 (The Huawei Wear App application before 15.0.0.307 for Android does not ...)
	NOT-FOR-US: Huawei
CVE-2016-3676 (Huawei E3276s USB modems with software before E3276s-150TCPU-V200R002B ...)
	NOT-FOR-US: Huawei
CVE-2016-3675 (SQL injection vulnerability in Huawei Policy Center with software befo ...)
	NOT-FOR-US: Huawei
CVE-2016-3673
	REJECTED
CVE-2016-3672 (The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux  ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1
	NOTE: http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html
	NOTE: Upstream fix: https://git.kernel.org/linus/8b8addf891de8a00e4d39fc32f93f7c5eb8feceb (v4.6-rc1)
CVE-2016-3674 (Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDri ...)
	{DSA-3575-1 DLA-504-1}
	- libxstream-java 1.4.9-1 (bug #819455)
	NOTE: http://x-stream.github.io/changes.html#1.4.9
CVE-2016-3671
	RESERVED
CVE-2016-3670 (Cross-site scripting (XSS) vulnerability in users.jsp in the Profile S ...)
	NOT-FOR-US: Liferay
CVE-2016-3669
	RESERVED
CVE-2016-3668
	RESERVED
CVE-2016-3667
	RESERVED
CVE-2016-3666
	RESERVED
CVE-2016-3665
	RESERVED
CVE-2016-3664 (Trend Micro Mobile Security for iOS before 3.2.1188 does not verify th ...)
	NOT-FOR-US: Trend Micro
CVE-2016-3663
	RESERVED
CVE-2016-3662
	RESERVED
CVE-2016-3661
	RESERVED
CVE-2016-3660
	RESERVED
CVE-2016-3659 (SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows  ...)
	{DLA-560-1}
	- cacti 0.8.8h+ds1-1 (bug #820521)
	[jessie] - cacti 0.8.8b+dfsg-8+deb8u5
	NOTE: http://bugs.cacti.net/view.php?id=2673
	NOTE: Requires authenticated user
CVE-2016-3658 (The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in  ...)
	{DSA-3844-1 DLA-969-1}
	- tiff 4.0.6-3 (low)
	- tiff3 <removed> (low)
	[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2546
	NOTE: Duplicate of http://bugzilla.maptools.org/show_bug.cgi?id=2500
CVE-2016-3657 (Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN- ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2016-3656 (The GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6 ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2016-3655 (The management web interface in Palo Alto Networks PAN-OS before 5.0.1 ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2016-3654 (The device management command line interface (CLI) in Palo Alto Networ ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2016-3653 (Multiple cross-site request forgery (CSRF) vulnerabilities in manageme ...)
	NOT-FOR-US: Symantec Endpoint Protection Manager
CVE-2016-3652 (Multiple cross-site scripting (XSS) vulnerabilities in management scri ...)
	NOT-FOR-US: Symantec Endpoint Protection Manager
CVE-2016-3651 (Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows ...)
	NOT-FOR-US: Symantec Endpoint Protection Manager
CVE-2016-3650 (Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows ...)
	NOT-FOR-US: Symantec Endpoint Protection Manager
CVE-2016-3649 (Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows ...)
	NOT-FOR-US: Symantec Endpoint Protection Manager
CVE-2016-3648 (Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows ...)
	NOT-FOR-US: Symantec Endpoint Protection Manager
CVE-2016-3647 (Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows ...)
	NOT-FOR-US: Symantec Endpoint Protection Manager
CVE-2016-3646 (The AntiVirus Decomposer engine in Symantec Advanced Threat Protection ...)
	NOT-FOR-US: Symantec
CVE-2016-3645 (Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engi ...)
	NOT-FOR-US: Symantec
CVE-2016-3644 (The AntiVirus Decomposer engine in Symantec Advanced Threat Protection ...)
	NOT-FOR-US: Symantec
CVE-2016-3643 (SolarWinds Virtualization Manager 6.3.1 and earlier allow local users  ...)
	NOT-FOR-US: SolarWinds Virtualization Manager
CVE-2016-3642 (The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier ...)
	NOT-FOR-US: SolarWinds Virtualization Manager
CVE-2016-3641
	RESERVED
CVE-2016-3640 (The Extended Application Services (aka XS or XS Engine) in SAP HANA DB ...)
	NOT-FOR-US: SAP HANA
CVE-2016-3639 (SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain s ...)
	NOT-FOR-US: SAP HANA
CVE-2016-3638 (SAP SLD Registration Program (aka SLDREG) allows local users to cause  ...)
	NOT-FOR-US: SAP SLD
CVE-2016-3637
	RESERVED
CVE-2016-3636
	RESERVED
CVE-2016-3635 (SAP Netweaver 7.4 allows remote authenticated users to bypass an inten ...)
	NOT-FOR-US: SAP Netweaver
CVE-2016-3634 (The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibT ...)
	{DLA-693-1}
	- tiff 4.0.6-3
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <removed> (unimportant)
	[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2547
	NOTE: Upstream will remove thumbnail from 4.0.7 release
	NOTE: No patch available. Issue marked as wontfix by upstream.
	NOTE: thumbnail(1) was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-3633 (The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier ...)
	{DLA-693-1}
	- tiff 4.0.6-3 (bug #842046)
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <removed> (unimportant)
	[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2548
	NOTE: Upstream will remove thumbnail from 4.0.7 release
	NOTE: No patch available. Issue marked as wontfix by upstream.
	NOTE: thumbnail(1) was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-3632 (The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earl ...)
	{DLA-693-1}
	- tiff 4.0.6-3
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <removed> (unimportant)
	[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2549
	NOTE: Upstream will remove thumbnail from 4.0.7 release
	NOTE: No patch available. Issue marked as wontfix by upstream.
	NOTE: thumbnail(1) was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-3631 (The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in Li ...)
	{DLA-693-1}
	- tiff 4.0.6-3 (bug #820366)
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <removed> (unimportant)
	[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
	NOTE: No patch available. Issue marked as wontfix by upstream.
	NOTE: thumbnail(1) was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-3630 (The binary delta decoder in Mercurial before 3.7.3 allows remote attac ...)
	{DSA-3542-1}
	- mercurial 3.7.3-1 (bug #819504)
	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
	NOTE: https://selenic.com/repo/hg-stable/rev/b6ed2505d6cf (1/2)
	NOTE: https://selenic.com/repo/hg-stable/rev/b9714d958e89 (2/2)
CVE-2016-3629
	REJECTED
CVE-2016-3628 (Buffer overflow in tibemsd in the server in TIBCO Enterprise Message S ...)
	NOT-FOR-US: TIBCO
CVE-2016-3626
	RESERVED
CVE-2016-3625 (tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows rem ...)
	- tiff 4.0.3-1
	[wheezy] - tiff <not-affected> (Can't reproduce)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2566
	NOTE: Not reproducible with jessie and above, marking the version in jessie as fixed
	NOTE: CVE probably should/needs to be rejected, since upstream is as well unable to
	NOTE: reproduce the issue. Might have been a problem on reporter from id=2566
CVE-2016-3624 (The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earli ...)
	{DSA-3762-1 DLA-795-1}
	- tiff 4.0.6-3
	- tiff3 <not-affected> (tiff tools not built)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2568
	NOTE: Upstream marked this duplicate of bug 2569
CVE-2016-3623 (The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attacker ...)
	{DSA-3762-1 DLA-795-1 DLA-610-1}
	- tiff 4.0.6-3 (unimportant)
	- tiff3 <removed> (unimportant)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2569
	NOTE: No security impact, just triggers a crash in a CLI tool
CVE-2016-3622 (The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4 ...)
	{DSA-3762-1 DLA-795-1}
	- tiff 4.0.7-1 (low; bug #820365)
	- tiff3 <not-affected> (tiff tools not built)
	NOTE: https://www.openwall.com/lists/oss-security/2016/04/07/4
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/92d966a5fcfbdca67957c8c5c47b467aa650b286
CVE-2016-3621 (The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4. ...)
	{DLA-693-1}
	- tiff 4.0.6-3 (low; bug #820364)
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <not-affected> (tiff tools not built)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2565
	NOTE: https://www.openwall.com/lists/oss-security/2016/04/07/3
	NOTE: Utility bmp2tiff has been removed from upstream LibTIFF
	NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-3620 (The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4. ...)
	{DLA-693-1}
	- tiff 4.0.6-3 (low; bug #820363)
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <not-affected> (tiff tools not built)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2570
	NOTE: https://www.openwall.com/lists/oss-security/2016/04/07/2
	NOTE: Utility bmp2tiff has been removed from upstream LibTIFF
	NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-3619 (The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in  ...)
	{DLA-693-1}
	- tiff 4.0.6-3 (low; bug #820362)
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <not-affected> (tiff tools not built)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2567
	NOTE: https://www.openwall.com/lists/oss-security/2016/04/07/1
	NOTE: Utility bmp2tiff has been removed from upstream LibTIFF
	NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-3618
	RESERVED
CVE-2016-3617
	RESERVED
CVE-2016-3616 (The cjpeg utility in libjpeg allows remote attackers to cause a denial ...)
	{DLA-1638-1}
	- libjpeg-turbo 1:1.4.2-1
	NOTE: libjpeg-turbo: Fixed by: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/6709e4a0cfa44d4f54ee8ad05753d4aa9260cb91 (1.4.2)
	- libjpeg6b <unfixed> (unimportant)
	NOTE: unimportant, since cjpeg not installed in binary package in any suite having src:libjpeg6b
	- libjpeg8 <unfixed>
	[wheezy] - libjpeg8 <no-dsa> (Minor issue)
	NOTE: cjpeg in src:libjpeg8 vulnerable, but not installed in binary package since 8d1-2
	- libjpeg9 1:9b-2 (bug #819969)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1319661
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1318509
CVE-2016-3627 (The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earli ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1 (bug #819006)
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=bdd66182ef53fe1f7209ab6535fda56366bd7ac9 (v2.9.4)
	NOTE: https://www.openwall.com/lists/oss-security/2016/03/21/3
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=762100
CVE-2016-3615 (Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 a ...)
	{DSA-3632-1 DSA-3624-1 DLA-567-1}
	- mariadb-10.0 10.0.26-1
	- mysql-5.6 5.6.34-1 (bug #831844)
	- mysql-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3614 (Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.1 ...)
	- mysql-5.6 5.6.34-1 (bug #831844)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3613 (Unspecified vulnerability in the Oracle Secure Global Desktop componen ...)
	NOT-FOR-US: Oracle
CVE-2016-3612 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	- virtualbox 5.0.22-dfsg-1
	[jessie] - virtualbox <not-affected> (Only affects 5.x)
	[wheezy] - virtualbox <not-affected> (Only affects 5.x)
CVE-2016-3611 (Unspecified vulnerability in the Oracle Retail Order Broker component  ...)
	NOT-FOR-US: Oracle
CVE-2016-3610 (Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded  ...)
	{DSA-3641-1 DLA-579-1}
	- openjdk-8 8u102-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-1
	- openjdk-7 <removed>
CVE-2016-3609 (Unspecified vulnerability in the OJVM component in Oracle Database Ser ...)
	NOT-FOR-US: Oracle Database
CVE-2016-3608 (Unspecified vulnerability in the Oracle GlassFish Server component in  ...)
	- glassfish <not-affected> (Full application server not packaged)
CVE-2016-3607 (Unspecified vulnerability in the Oracle GlassFish Server component in  ...)
	- glassfish <not-affected> (Full application server not packaged)
CVE-2016-3606 (Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE ...)
	{DSA-3641-1 DLA-579-1}
	- openjdk-8 8u102-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-1
	- openjdk-7 <removed>
CVE-2016-3605
	REJECTED
CVE-2016-3604
	REJECTED
CVE-2016-3603
	REJECTED
CVE-2016-3602
	REJECTED
CVE-2016-3601
	REJECTED
CVE-2016-3600
	REJECTED
CVE-2016-3599
	REJECTED
CVE-2016-3598 (Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded  ...)
	{DSA-3641-1 DLA-579-1}
	- openjdk-8 8u102-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-1
	- openjdk-7 <removed>
CVE-2016-3597 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	- virtualbox 5.1.4-dfsg-1
	[jessie] - virtualbox <not-affected> (Only affects 5.x)
	[wheezy] - virtualbox <not-affected> (Only affects 5.x)
CVE-2016-3596 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3595 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3594 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3593 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3592 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3591 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3590 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3589 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle
CVE-2016-3588 (Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows re ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3587 (Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded  ...)
	- openjdk-8 8u102-b14-1
CVE-2016-3586 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-3585 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems  ...)
	NOT-FOR-US: Oracle
CVE-2016-3584 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local user ...)
	NOT-FOR-US: Oracle
CVE-2016-3583 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3582 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3581 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3580 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3579 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3578 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3577 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3576 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3575 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3574 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3573 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portf ...)
	NOT-FOR-US: Oracle
CVE-2016-3572 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portf ...)
	NOT-FOR-US: Oracle
CVE-2016-3571 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portf ...)
	NOT-FOR-US: Oracle
CVE-2016-3570 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portf ...)
	NOT-FOR-US: Oracle
	NOT-FOR-US: Oracle
CVE-2016-3569 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portf ...)
	NOT-FOR-US: Oracle
CVE-2016-3568 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portf ...)
	NOT-FOR-US: Oracle
CVE-2016-3567 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portf ...)
	NOT-FOR-US: Oracle
CVE-2016-3566 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portf ...)
	NOT-FOR-US: Oracle
CVE-2016-3565 (Unspecified vulnerability in the Oracle Retail Order Broker component  ...)
	NOT-FOR-US: Oracle
CVE-2016-3564 (Unspecified vulnerability in the Oracle TopLink component in Oracle Fu ...)
	NOT-FOR-US: Oracle
CVE-2016-3563 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2016-3562 (Unspecified vulnerability in the RDBMS Security and SQL*Plus component ...)
	NOT-FOR-US: Oracle
CVE-2016-3561 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3560 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3559 (Unspecified vulnerability in the Oracle Email Center component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-3558 (Unspecified vulnerability in the Oracle Email Center component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-3557 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3556 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3555 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3554 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3553 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3552 (Unspecified vulnerability in Oracle Java SE 8u92 allows local users to ...)
	- openjdk-8 <not-affected> (Installation component of Oracle Java doesn't apply to IcedTea/OpenJDK)
CVE-2016-3551 (Unspecified vulnerability in the Oracle Web Services component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-3550 (Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and ...)
	{DSA-3641-1 DLA-579-1}
	- openjdk-8 8u102-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy)
CVE-2016-3549 (Unspecified vulnerability in the Oracle E-Business Suite Secure Enterp ...)
	NOT-FOR-US: Oracle
CVE-2016-3548 (Unspecified vulnerability in the Oracle Marketing component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3547 (Unspecified vulnerability in the Oracle One-to-One Fulfillment compone ...)
	NOT-FOR-US: Oracle
CVE-2016-3546 (Unspecified vulnerability in the Oracle Advanced Collections component ...)
	NOT-FOR-US: Oracle
CVE-2016-3545 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle
CVE-2016-3544 (Unspecified vulnerability in the Oracle Business Intelligence Enterpri ...)
	NOT-FOR-US: Oracle
CVE-2016-3543 (Unspecified vulnerability in the Oracle Common Applications Calendar c ...)
	NOT-FOR-US: Oracle
CVE-2016-3542 (Unspecified vulnerability in the Oracle Knowledge Management component ...)
	NOT-FOR-US: Oracle
CVE-2016-3541 (Unspecified vulnerability in the Oracle Common Applications Calendar c ...)
	NOT-FOR-US: Oracle
CVE-2016-3540 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2016-3539 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3538 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3537 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3536 (Unspecified vulnerability in the Oracle Marketing component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3535 (Unspecified vulnerability in the Oracle CRM Technical Foundation compo ...)
	NOT-FOR-US: Oracle
CVE-2016-3534 (Unspecified vulnerability in the Oracle Installed Base component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-3533 (Unspecified vulnerability in the Oracle Knowledge Management component ...)
	NOT-FOR-US: Oracle
CVE-2016-3532 (Unspecified vulnerability in the Oracle Advanced Inbound Telephony com ...)
	NOT-FOR-US: Oracle
CVE-2016-3531 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3530 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3529 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3528 (Unspecified vulnerability in the Oracle Internet Expenses component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3527 (Unspecified vulnerability in the Oracle Demand Planning component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-3526 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3525 (Unspecified vulnerability in the Oracle Applications Manager component ...)
	NOT-FOR-US: Oracle
CVE-2016-3524 (Unspecified vulnerability in the Oracle Applications Technology Stack  ...)
	NOT-FOR-US: Oracle
CVE-2016-3523 (Unspecified vulnerability in the Oracle Web Applications Desktop Integ ...)
	NOT-FOR-US: Oracle
CVE-2016-3522 (Unspecified vulnerability in the Oracle Web Applications Desktop Integ ...)
	NOT-FOR-US: Oracle
CVE-2016-3521 (Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 a ...)
	{DSA-3632-1 DSA-3624-1 DLA-567-1}
	- mariadb-10.0 10.0.26-1
	- mysql-5.6 5.6.34-1 (bug #831844)
	- mysql-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3520 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle
CVE-2016-3519 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3518 (Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows re ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3517 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3516 (Unspecified vulnerability in the Oracle Enterprise Communications Brok ...)
	NOT-FOR-US: Oracle
CVE-2016-3515 (Unspecified vulnerability in the Oracle Enterprise Communications Brok ...)
	NOT-FOR-US: Oracle
CVE-2016-3514 (Unspecified vulnerability in the Oracle Enterprise Communications Brok ...)
	NOT-FOR-US: Oracle
CVE-2016-3513 (Unspecified vulnerability in the Oracle Communications Operations Moni ...)
	NOT-FOR-US: Oracle
CVE-2016-3512 (Unspecified vulnerability in the Oracle Customer Interaction History c ...)
	NOT-FOR-US: Oracle
CVE-2016-3511 (Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows loca ...)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2016-3510 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-3509 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3508 (Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Ja ...)
	{DSA-3641-1 DLA-579-1}
	- openjdk-8 8u102-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy)
CVE-2016-3507 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3506 (Unspecified vulnerability in the JDBC component in Oracle Database Ser ...)
	NOT-FOR-US: Oracle Database
CVE-2016-3505 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-3504 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-3503 (Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 all ...)
	- openjdk-8 <not-affected> (Installation component of Oracle Java doesn't apply to IcedTea/OpenJDK)
	- openjdk-7 <not-affected> (Installation component of Oracle Java doesn't apply to IcedTea/OpenJDK)
	- openjdk-6 <not-affected> (Installation component of Oracle Java doesn't apply to IcedTea/OpenJDK)
CVE-2016-3502 (Unspecified vulnerability in the Oracle WebCenter Sites component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-3501 (Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.1 ...)
	- mysql-5.6 5.6.34-1 (bug #831844)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3500 (Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Ja ...)
	{DSA-3641-1 DLA-579-1}
	- openjdk-8 8u102-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy)
CVE-2016-3499 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-3498 (Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows remo ...)
	- openjfx 8u102-b14-1 (bug #832419)
CVE-2016-3497 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local user ...)
	NOT-FOR-US: Oracle
CVE-2016-3496 (Unspecified vulnerability in the Enterprise Manager for Fusion Middlew ...)
	NOT-FOR-US: Oracle
CVE-2016-3495 (Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows re ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-3494 (Unspecified vulnerability in the Enterprise Manager Ops Center compone ...)
	NOT-FOR-US: Oracle
CVE-2016-3493 (Unspecified vulnerability in the Hyperion Financial Reporting componen ...)
	NOT-FOR-US: Oracle
CVE-2016-3492 (Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 a ...)
	{DSA-3711-1}
	- mariadb-10.0 10.0.28-1
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.52-0+deb8u1
	[wheezy] - mysql-5.5 5.5.52-0+deb7u1
	NOTE: Fixed in MariaDB 5.5.52, MariaDB 10.1.18, MariaDB 10.0.28
CVE-2016-3491 (Unspecified vulnerability in the Oracle CRM Technical Foundation compo ...)
	NOT-FOR-US: Oracle
CVE-2016-3490 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle
CVE-2016-3489 (Unspecified vulnerability in the Data Pump Import component in Oracle  ...)
	NOT-FOR-US: Oracle Database
CVE-2016-3488 (Unspecified vulnerability in the DB Sharding component in Oracle Datab ...)
	NOT-FOR-US: Oracle Database
CVE-2016-3487 (Unspecified vulnerability in the Oracle WebCenter Sites component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-3486 (Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.1 ...)
	- mysql-5.6 5.6.34-1 (bug #831844)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3485 (Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Ja ...)
	- openjdk-8 <not-affected> (Windows-specific)
	- openjdk-7 <not-affected> (Windows-specific)
	- openjdk-6 <not-affected> (Windows-specific)
CVE-2016-3484 (Unspecified vulnerability in the Database Vault component in Oracle Da ...)
	NOT-FOR-US: Oracle Database
CVE-2016-3483 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-3482 (Unspecified vulnerability in the Oracle HTTP Server component in Oracl ...)
	NOT-FOR-US: Oracle
CVE-2016-3481 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems  ...)
	NOT-FOR-US: Oracle
CVE-2016-3480 (Unspecified vulnerability in the Solaris Cluster component in Oracle S ...)
	NOT-FOR-US: Oracle
CVE-2016-3479 (Unspecified vulnerability in the Portable Clusterware component in Ora ...)
	NOT-FOR-US: Oracle Database
CVE-2016-3478 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-3477 (Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 a ...)
	{DSA-3632-1 DSA-3624-1 DLA-567-1}
	- mariadb-10.0 10.0.26-1
	- mysql-5.6 5.6.34-1 (bug #831844)
	- mysql-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3476 (Unspecified vulnerability in the Oracle Knowledge component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3475 (Unspecified vulnerability in the Oracle Knowledge component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3474 (Unspecified vulnerability in the BI Publisher (formerly XML Publisher) ...)
	NOT-FOR-US: Oracle
CVE-2016-3473 (Unspecified vulnerability in the BI Publisher (formerly XML Publisher) ...)
	NOT-FOR-US: Oracle
CVE-2016-3472 (Unspecified vulnerability in the Siebel Engineering - Installer and De ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-3471 (Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.2 ...)
	- mariadb-10.0 10.0.22-1
	[jessie] - mariadb-10.0 10.0.22-0+deb8u1
	- mysql-5.6 5.6.28-1
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.46-0+deb8u1
	[wheezy] - mysql-5.5 5.5.46-0+deb7u1
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3470 (Unspecified vulnerability in the Oracle Transportation Management comp ...)
	NOT-FOR-US: Oracle
CVE-2016-3469 (Unspecified vulnerability in the Siebel Core - Server Framework compon ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-3468 (Unspecified vulnerability in the Oracle Agile Engineering Data Managem ...)
	NOT-FOR-US: Oracle
CVE-2016-3467 (Unspecified vulnerability in the Application Express component in Orac ...)
	NOT-FOR-US: Oracle Database
CVE-2016-3466 (Unspecified vulnerability in the Oracle Field Service component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2016-3465 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows loc ...)
	NOT-FOR-US: Solaris
CVE-2016-3464 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle
CVE-2016-3463 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle
CVE-2016-3462 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local user ...)
	NOT-FOR-US: Solaris
CVE-2016-3461 (Unspecified vulnerability in the MySQL Enterprise Monitor component in ...)
	NOT-FOR-US: MySQL Enterprise Monitor
CVE-2016-3460 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component i ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-3459 (Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.1 ...)
	- mariadb-10.0 10.0.25-1
	[jessie] - mariadb-10.0 10.0.25-0+deb8u1
	- mysql-5.6 5.6.34-1 (bug #831844)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3458 (Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; an ...)
	{DSA-3641-1 DLA-579-1}
	- openjdk-8 8u102-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy)
CVE-2016-3457 (Unspecified vulnerability in the PeopleSoft Enterprise HCM ePerformanc ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-3456 (Unspecified vulnerability in the Oracle Complex Maintenance, Repair, a ...)
	NOT-FOR-US: Oracle
CVE-2016-3455 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle
CVE-2016-3454 (Unspecified vulnerability in the Java VM component in Oracle Database  ...)
	NOT-FOR-US: Oracle
CVE-2016-3453 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users  ...)
	NOT-FOR-US: Oracle
CVE-2016-3452 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 a ...)
	- mariadb-10.0 10.0.25-1
	[jessie] - mariadb-10.0 10.0.25-0+deb8u1
	- mysql-5.6 5.6.30-1
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.49-0+deb8u1
	[wheezy] - mysql-5.5 5.5.49-0+deb7u1
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3451 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems  ...)
	NOT-FOR-US: Oracle
CVE-2016-3450 (Unspecified vulnerability in the Siebel Core - Server Framework compon ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-3449 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allo ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2016-3448 (Unspecified vulnerability in the Application Express component in Orac ...)
	NOT-FOR-US: Oracle Database
CVE-2016-3447 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle
CVE-2016-3446 (Unspecified vulnerability in the Oracle Business Intelligence Enterpri ...)
	NOT-FOR-US: Oracle
CVE-2016-3445 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-3444 (Unspecified vulnerability in the Oracle Retail Integration Bus compone ...)
	NOT-FOR-US: Oracle
CVE-2016-3443 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allo ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-8 <not-affected> (Specific to Oracle Java, not present in IcedTea)
CVE-2016-3442 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-3441 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows loc ...)
	NOT-FOR-US: Solaris
CVE-2016-3440 (Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows re ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3439 (Unspecified vulnerability in the Oracle CRM Wireless component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-3438 (Unspecified vulnerability in the Oracle Configurator component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-3437 (Unspecified vulnerability in the Oracle CRM Wireless component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-3436 (Unspecified vulnerability in the Oracle Common Applications Calendar c ...)
	NOT-FOR-US: Oracle
CVE-2016-3435 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-3434 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle
CVE-2016-3433 (Unspecified vulnerability in the Oracle Business Intelligence Enterpri ...)
	NOT-FOR-US: Oracle
CVE-2016-3432 (Unspecified vulnerability in the BI Publisher (formerly XML Publisher) ...)
	NOT-FOR-US: Oracle
CVE-2016-3431 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3430
	RESERVED
CVE-2016-3429 (Unspecified vulnerability in the Oracle Retail Xstore Point of Service ...)
	NOT-FOR-US: Oracle Retail
CVE-2016-3428 (Unspecified vulnerability in the Oracle Agile Engineering Data Managem ...)
	NOT-FOR-US: Oracle
CVE-2016-3427 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Jav ...)
	{DSA-3558-1 DLA-451-1}
	- openjdk-8 8u91-b14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy LTS)
CVE-2016-3426 (Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded  ...)
	{DSA-3558-1 DLA-451-1}
	- openjdk-8 8u91-b14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy LTS)
CVE-2016-3425 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Jav ...)
	{DSA-3558-1 DLA-451-1}
	- openjdk-8 8u91-b14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy LTS)
CVE-2016-3424 (Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows re ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3423 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-3422 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allo ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-8 <not-affected> (Specific to Oracle Java, not present in IcedTea)
CVE-2016-3421 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-3420 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-3419 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows loc ...)
	NOT-FOR-US: Solaris
CVE-2016-3418 (Unspecified vulnerability in the DataStore component in Oracle Berkele ...)
	NOT-FOR-US: Oracle Berkeley DB (later closed source releases)
CVE-2016-3417 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-3416 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-3415 (Zimbra Collaboration before 8.7.0 allows remote attackers to conduct d ...)
	NOT-FOR-US: Zimbra
CVE-2016-3414 (Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 ...)
	NOT-FOR-US: Zimbra
CVE-2016-3413 (Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows  ...)
	NOT-FOR-US: Zimbra
CVE-2016-3412 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collabor ...)
	NOT-FOR-US: Zimbra
CVE-2016-3411 (Cross-site scripting (XSS) vulnerability in Zimbra Collaboration befor ...)
	NOT-FOR-US: Zimbra
CVE-2016-3410 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collabor ...)
	NOT-FOR-US: Zimbra
CVE-2016-3409 (Cross-site scripting (XSS) vulnerability in Zimbra Collaboration befor ...)
	NOT-FOR-US: Zimbra
CVE-2016-3408 (Cross-site scripting (XSS) vulnerability in Zimbra Collaboration befor ...)
	NOT-FOR-US: Zimbra
CVE-2016-3407 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collabor ...)
	NOT-FOR-US: Zimbra
CVE-2016-3406 (Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra C ...)
	NOT-FOR-US: Zimbra
CVE-2016-3405 (Multiple unspecified vulnerabilities in Zimbra Collaboration before 8. ...)
	NOT-FOR-US: Zimbra
CVE-2016-3404 (Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows  ...)
	NOT-FOR-US: Zimbra
CVE-2016-3403 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Admi ...)
	NOT-FOR-US: Zimbra
CVE-2016-3402 (Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows  ...)
	NOT-FOR-US: Zimbra
CVE-2016-3401 (Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows  ...)
	NOT-FOR-US: Zimbra
CVE-2016-3400 (NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in ...)
	NOT-FOR-US: NetApp Data ONTAP
CVE-2016-3399
	RESERVED
CVE-2016-3398
	RESERVED
CVE-2016-3397
	REJECTED
CVE-2016-3396 (Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2016-3395
	REJECTED
CVE-2016-3394
	REJECTED
CVE-2016-3393 (Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2016-3392 (The Edge Content Security Policy feature in Microsoft Edge does not pr ...)
	NOT-FOR-US: Microsoft
CVE-2016-3391 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow context ...)
	NOT-FOR-US: Microsoft
CVE-2016-3390 (The scripting engines in Microsoft Internet Explorer 11 and Microsoft  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3389 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-3388 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not proper ...)
	NOT-FOR-US: Microsoft
CVE-2016-3387 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not proper ...)
	NOT-FOR-US: Microsoft
CVE-2016-3386 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-3385 (The scripting engine in Microsoft Internet Explorer 9 through 11 allow ...)
	NOT-FOR-US: Microsoft
CVE-2016-3384 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2016-3383 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft
CVE-2016-3382 (The scripting engines in Microsoft Internet Explorer 9 through 11 and  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3381 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-3380
	REJECTED
CVE-2016-3379 (Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3378 (Open redirect vulnerability in Microsoft Exchange Server 2013 SP1, 201 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3377 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-3376 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3375 (The OLE Automation mechanism and VBScript scripting engine in Microsof ...)
	NOT-FOR-US: Microsoft
CVE-2016-3374 (The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Go ...)
	NOT-FOR-US: Microsoft
CVE-2016-3373 (The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3372 (The kernel API in Microsoft Windows Vista SP2 and Windows Server 2008  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3371 (The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3370 (The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Go ...)
	NOT-FOR-US: Microsoft
CVE-2016-3369 (Microsoft Windows 10 Gold and 1511 allows attackers to cause a denial  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3368 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft
CVE-2016-3367 (StringBuilder in Microsoft Silverlight 5 before 5.1.50709.0 does not p ...)
	NOT-FOR-US: Microsoft
CVE-2016-3366 (Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outloo ...)
	NOT-FOR-US: Microsoft
CVE-2016-3365 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-3364 (Microsoft Visio 2016 allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Microsoft
CVE-2016-3363 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-3362 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-3361 (Microsoft Excel 2010 SP2 allows remote attackers to execute arbitrary  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3360 (Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-3359 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-3358 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-3357 (Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 20 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3356 (The Graphics Device Interface (GDI) in Microsoft Windows 10 1607 allow ...)
	NOT-FOR-US: Microsoft
CVE-2016-3355 (The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2016-3354 (The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2016-3353 (Microsoft Internet Explorer 9 through 11 mishandles .url files from th ...)
	NOT-FOR-US: Microsoft
CVE-2016-3352 (Microsoft Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3351 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-3350 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-3349 (The kernel-mode drivers in Microsoft Windows 8.1, Windows Server 2012  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3348 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3347
	REJECTED
CVE-2016-3346 (Microsoft Windows 10 Gold, 1511, and 1607 does not properly enforce pe ...)
	NOT-FOR-US: Microsoft
CVE-2016-3345 (The SMBv1 server in Microsoft Windows Vista SP2, Windows Server 2008 S ...)
	NOT-FOR-US: Microsoft
CVE-2016-3344 (The Secure Kernel Mode feature in Microsoft Windows 10 Gold and 1511 a ...)
	NOT-FOR-US: Microsoft
CVE-2016-3343 (The Common Log File System (CLFS) driver in Microsoft Windows Vista SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-3342 (The Common Log File System (CLFS) driver in Microsoft Windows Vista SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-3341 (The kernel-mode drivers in Transaction Manager in Microsoft Windows 8. ...)
	NOT-FOR-US: Microsoft
CVE-2016-3340 (The Common Log File System (CLFS) driver in Microsoft Windows Vista SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-3339
	REJECTED
CVE-2016-3338 (The Common Log File System (CLFS) driver in Microsoft Windows Vista SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-3337
	REJECTED
CVE-2016-3336
	REJECTED
CVE-2016-3335 (The Common Log File System (CLFS) driver in Microsoft Windows Vista SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-3334 (The Common Log File System (CLFS) driver in Microsoft Windows Vista SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-3333 (The Common Log File System (CLFS) driver in Microsoft Windows Vista SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-3332 (The Common Log File System (CLFS) driver in Microsoft Windows Vista SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-3331 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2016-3330 (Microsoft Edge allows remote attackers to execute arbitrary code or ca ...)
	NOT-FOR-US: Microsoft
CVE-2016-3329 (Microsoft Internet Explorer 9 through 11 and Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2016-3328
	REJECTED
CVE-2016-3327 (Microsoft Internet Explorer 9 through 11 and Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2016-3326 (Microsoft Internet Explorer 9 through 11 and Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2016-3325 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2016-3324 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2016-3323
	REJECTED
CVE-2016-3322 (Microsoft Internet Explorer 11 and Edge allow remote attackers to exec ...)
	NOT-FOR-US: Microsoft
CVE-2016-3321 (Microsoft Internet Explorer 10 and 11 load different files for attempt ...)
	NOT-FOR-US: Microsoft
CVE-2016-3320 (Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3319 (The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and ...)
	NOT-FOR-US: Microsoft
CVE-2016-3318 (Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allow r ...)
	NOT-FOR-US: Microsoft
CVE-2016-3317 (Microsoft Office 2010 SP2, Word 2007 SP3, Word 2010 SP2, Word for Mac  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3316 (Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow rem ...)
	NOT-FOR-US: Microsoft
CVE-2016-3315 (Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and ...)
	NOT-FOR-US: Microsoft
CVE-2016-3314
	REJECTED
CVE-2016-3313 (Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016,  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3312 (ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows attack ...)
	NOT-FOR-US: Microsoft
CVE-2016-3311 (The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3310 (The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3309 (The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3308 (The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3307
	REJECTED
CVE-2016-3306 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-3305 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-3304 (The Windows font library in Microsoft Windows Vista SP2, Windows Serve ...)
	NOT-FOR-US: Microsoft
CVE-2016-3303 (The Windows font library in Microsoft Windows Vista SP2, Windows Serve ...)
	NOT-FOR-US: Microsoft
CVE-2016-3302 (Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Win ...)
	NOT-FOR-US: Microsoft
CVE-2016-3301 (The Windows font library in Microsoft Windows Vista SP2; Windows Serve ...)
	NOT-FOR-US: Microsoft
CVE-2016-3300 (The Netlogon service in Microsoft Windows 8.1, Windows Server 2012 Gol ...)
	NOT-FOR-US: Microsoft
CVE-2016-3299 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft
CVE-2016-3298 (Microsoft Internet Explorer 9 through 11 and the Internet Messaging AP ...)
	NOT-FOR-US: Microsoft
CVE-2016-3297 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-3296 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-3295 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3294 (Microsoft Edge allows remote attackers to execute arbitrary code or ca ...)
	NOT-FOR-US: Microsoft
CVE-2016-3293 (Microsoft Internet Explorer 9 through 11 and Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2016-3292 (Microsoft Internet Explorer 10 and 11 mishandles integrity settings an ...)
	NOT-FOR-US: Microsoft
CVE-2016-3291 (Microsoft Internet Explorer 11 and Microsoft Edge mishandle cross-orig ...)
	NOT-FOR-US: Microsoft
CVE-2016-3290 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft
CVE-2016-3289 (Microsoft Internet Explorer 11 and Edge allow remote attackers to exec ...)
	NOT-FOR-US: Microsoft
CVE-2016-3288 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft
CVE-2016-3287 (Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3286 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3285
	REJECTED
CVE-2016-3284 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-3283 (Microsoft Word Viewer allows remote attackers to execute arbitrary cod ...)
	NOT-FOR-US: Microsoft
CVE-2016-3282 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3281 (Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3280 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3279 (Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3278 (Microsoft Outlook 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 allows rem ...)
	NOT-FOR-US: Microsoft
CVE-2016-3277 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3276 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2016-3275
	REJECTED
CVE-2016-3274 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-3273 (The XSS Filter in Microsoft Internet Explorer 9 through 11 and Microso ...)
	NOT-FOR-US: Microsoft
CVE-2016-3272 (The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2,  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3271 (The VBScript engine in Microsoft Edge allows remote attackers to obtai ...)
	NOT-FOR-US: Microsoft
CVE-2016-3270 (The Graphics component in the kernel in Microsoft Windows Vista SP2; W ...)
	NOT-FOR-US: Microsoft
CVE-2016-3269 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-3268
	REJECTED
CVE-2016-3267 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-3266 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3265 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-3264 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-3263 (Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2016-3262 (Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2016-3261 (Microsoft Internet Explorer 11 allows remote attackers to obtain sensi ...)
	NOT-FOR-US: Microsoft
CVE-2016-3260 (The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript e ...)
	NOT-FOR-US: Microsoft
CVE-2016-3259 (The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript e ...)
	NOT-FOR-US: Microsoft
CVE-2016-3258 (Race condition in the kernel in Microsoft Windows 8.1, Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3257
	REJECTED
CVE-2016-3256 (Microsoft Windows 10 Gold and 1511 allows local users to bypass the Se ...)
	NOT-FOR-US: Microsoft
CVE-2016-3255 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 al ...)
	NOT-FOR-US: Microsoft
CVE-2016-3254 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3253
	REJECTED
CVE-2016-3252 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3251 (The GDI component in the kernel-mode drivers in Microsoft Windows Vist ...)
	NOT-FOR-US: Microsoft
CVE-2016-3250 (The kernel-mode drivers in Microsoft Windows Server 2012 and Windows 1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3249 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3248 (The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript e ...)
	NOT-FOR-US: Microsoft
CVE-2016-3247 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2016-3246 (Microsoft Edge allows remote attackers to execute arbitrary code or ca ...)
	NOT-FOR-US: Microsoft
CVE-2016-3245 (Microsoft Internet Explorer 9 through 11 allows remote attackers to tr ...)
	NOT-FOR-US: Microsoft
CVE-2016-3244 (Microsoft Edge allows remote attackers to bypass the ASLR protection m ...)
	NOT-FOR-US: Microsoft
CVE-2016-3243 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft
CVE-2016-3242 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2016-3241 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2016-3240 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2016-3239 (The Print Spooler service in Microsoft Windows Vista SP2, Windows Serv ...)
	NOT-FOR-US: Microsoft
CVE-2016-3238 (The Print Spooler service in Microsoft Windows Vista SP2, Windows Serv ...)
	NOT-FOR-US: Microsoft
CVE-2016-3237 (Kerberos in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R ...)
	NOT-FOR-US: Microsoft
CVE-2016-3236 (The Web Proxy Auto Discovery (WPAD) protocol implementation in Microso ...)
	NOT-FOR-US: Microsoft
CVE-2016-3235 (Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016,  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3234 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compat ...)
	NOT-FOR-US: Microsoft
CVE-2016-3233 (Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pac ...)
	NOT-FOR-US: Microsoft
CVE-2016-3232 (The Virtual PCI (VPCI) virtual service provider in Microsoft Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2016-3231 (The Standard Collector service in Windows Diagnostics Hub mishandles l ...)
	NOT-FOR-US: Microsoft
CVE-2016-3230 (The Search component in Microsoft Windows 7, Windows Server 2008 R2 SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-3229
	REJECTED
CVE-2016-3228 (Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows Server 2012 G ...)
	NOT-FOR-US: Microsoft
CVE-2016-3227 (Use-after-free vulnerability in the DNS Server component in Microsoft  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3226 (Active Directory in Microsoft Windows Server 2008 R2 SP1 and Server 20 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3225 (The SMB server component in Microsoft Windows Vista SP2, Windows Serve ...)
	NOT-FOR-US: Microsoft
CVE-2016-3224
	REJECTED
CVE-2016-3223 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft
CVE-2016-3222 (Microsoft Edge allows remote attackers to execute arbitrary code or ca ...)
	NOT-FOR-US: Microsoft
CVE-2016-3221 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3220 (atmfd.dll in the Adobe Type Manager Font Driver in Microsoft Windows V ...)
	NOT-FOR-US: Microsoft
CVE-2016-3219 (The kernel-mode driver in Microsoft Windows 10 Gold and 1511 allows lo ...)
	NOT-FOR-US: Microsoft
CVE-2016-3218 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3217
	REJECTED
CVE-2016-3216 (GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2016-3215 (Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 151 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3214 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-3213 (The Web Proxy Auto Discovery (WPAD) protocol implementation in Microso ...)
	NOT-FOR-US: Microsoft
CVE-2016-3212 (The XSS Filter in Microsoft Internet Explorer 9 through 11 does not pr ...)
	NOT-FOR-US: Microsoft
CVE-2016-3211 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2016-3210 (The Microsoft (1) JScript and (2) VBScript engines, as used in Interne ...)
	NOT-FOR-US: Microsoft
CVE-2016-3209 (Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2016-3208
	REJECTED
CVE-2016-3207 (The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as ...)
	NOT-FOR-US: Microsoft
CVE-2016-3206 (The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as ...)
	NOT-FOR-US: Microsoft
CVE-2016-3205 (The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as ...)
	NOT-FOR-US: Microsoft
CVE-2016-3204 (The Microsoft (1) JScript 5.8 and 9 and (2) VBScript 5.7 and 5.8 engin ...)
	NOT-FOR-US: Microsoft
CVE-2016-3203 (Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gol ...)
	NOT-FOR-US: Microsoft
CVE-2016-3202 (The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript eng ...)
	NOT-FOR-US: Microsoft
CVE-2016-3201 (Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gol ...)
	NOT-FOR-US: Microsoft
CVE-2016-3200
	REJECTED
CVE-2016-3199 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-3198 (Microsoft Edge allows remote attackers to bypass the Content Security  ...)
	NOT-FOR-US: Microsoft
CVE-2016-3196 (Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x ...)
	NOT-FOR-US: Fortinet
CVE-2016-3195 (Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet For ...)
	NOT-FOR-US: Fortinet
CVE-2016-3194 (Cross-site scripting (XSS) vulnerability in the address added page in  ...)
	NOT-FOR-US: Fortinet
CVE-2016-3193 (Cross-site scripting (XSS) vulnerability in the appliance web-applicat ...)
	NOT-FOR-US: Fortinet
CVE-2016-3192 (Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext R ...)
	NOT-FOR-US: Cloudera
CVE-2016-3190 (The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c ...)
	- cairo 1.14.2-2
	[jessie] - cairo 1.14.0-2.1+deb8u1
	[wheezy] - cairo <no-dsa> (Minor issue)
	NOTE: https://cgit.freedesktop.org/cairo/patch/src/cairo-image-compositor.c?id=5c82d91a5e15d29b1489dcb413b24ee7fdf59934
CVE-2016-3189 (Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows rem ...)
	{DLA-1833-1}
	- bzip2 1.0.6-8.1 (low; bug #827744)
	[wheezy] - bzip2 <no-dsa> (Minor issue)
CVE-2016-3188 (The _prepopulate_request_walk function in the Prepopulate module 7.x-2 ...)
	NOT-FOR-US: Prepopulate module for Drupal
CVE-2016-3187 (The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote ...)
	NOT-FOR-US: Prepopulate module for Drupal
CVE-2016-3186 (Buffer overflow in the readextension function in gif2tiff.c in LibTIFF ...)
	{DLA-693-1 DLA-610-1}
	- tiff 4.0.6-3 (bug #819972)
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <removed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1319666
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1319503
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2536
	NOTE: Proposed patch from Red Hat: https://bugzilla.redhat.com/attachment.cgi?id=1144235&action=diff
	NOTE: gif2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-3185 (The make_http_soap_request function in ext/soap/php_http.c in PHP befo ...)
	- php7.0 7.0.4-1
	NOTE: https://bugs.php.net/bug.php?id=71610
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=eaf4e77190d402ea014207e9a7d5da1a4f3727ba
	NOTE: http://php.net/ChangeLog-7.php#7.0.4
	- php5 5.6.12+dfsg-1
	[jessie] - php5 5.6.12+dfsg-0+deb8u1
	[wheezy] - php5 5.4.44-0+deb7u1
	NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=c96d08b27226193dd51f2b50e84272235c6aaa69
	NOTE: https://bugs.php.net/bug.php?id=70081
	NOTE: Fixed in 5.6.12, 5.5.28, 5.4.44
CVE-2016-3184
	RESERVED
CVE-2016-3180 (Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during th ...)
	- torbrowser-launcher 0.2.4-1
	[jessie] - torbrowser-launcher 0.1.9-1+deb8u3
	NOTE: https://github.com/micahflee/torbrowser-launcher/issues/229
CVE-2016-3177 (Multiple use-after-free and double-free vulnerabilities in gifcolor.c  ...)
	- giflib 5.1.4-0.1 (unimportant)
	[jessie] - giflib <not-affected> (Vulnerable code introduced in 5.1.2)
	NOTE: https://sourceforge.net/p/giflib/bugs/83/
	NOTE: Issue only in gifcolor utility, not installed into giflib-tools
	NOTE: Issue introduced upstream in 5.1.2 and fixed in 5.1.3.
CVE-2016-3176 (Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external  ...)
	- salt 2015.8.8+ds-1 (bug #819184)
	[jessie] - salt <no-dsa> (Minor issue; external_auth not by default usable)
	NOTE: external_auth seems not usable by default under Jessie due to the
	NOTE: permissions on /var/run/salt/master.
	NOTE: https://docs.saltstack.com/en/latest/topics/releases/2015.8.8.html
	NOTE: https://docs.saltstack.com/en/latest/topics/releases/2015.5.10.html
	NOTE: https://github.com/saltstack/salt/pull/31826/commits/d73f70ebb289142e4f692359fe741a54f5d2ad65
	NOTE: Fixed in 2015.5.10/2015.8.8 upstream
CVE-2016-3175
	RESERVED
CVE-2016-3174 (An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-3173 (An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27 ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-3161 (For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and N ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2016-3160
	RESERVED
CVE-2016-3159 (The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not proper ...)
	{DSA-3554-1 DLA-571-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	NOTE: http://xenbits.xen.org/xsa/advisory-172.html
	NOTE: CVE-2016-3159 is for the code change which is applicable for later
	NOTE: versions only, but which must always be combined with the code change
	NOTE: for CVE-2016-3158.  Ie for the first hunk in xsa172.patch, which
	NOTE: patches the function fpu_fxrstor.
CVE-2016-3158 (The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly  ...)
	{DSA-3554-1 DLA-571-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	NOTE: http://xenbits.xen.org/xsa/advisory-172.html
	NOTE: CVE-2016-3158 is for the code change which is required for all
	NOTE: versions (but which is sufficient only on Xen 4.3.x, and insufficient
	NOTE: on later versions).  Ie for the second hunk in xsa172.patch (the only
	NOTE: hunk in xsa172-4.3.patch), which patches the function xrstor.
CVE-2016-3157 (The __switch_to function in arch/x86/kernel/process_64.c in the Linux  ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1
	NOTE: http://xenbits.xen.org/xsa/advisory-171.html
	NOTE: https://git.kernel.org/linus/b7a584598aea7ca73140cb87b40319944dd3393f
CVE-2016-3155 (Siemens APOGEE Insight uses weak permissions for the application folde ...)
	NOT-FOR-US: Siemens APOGEE Insight
CVE-2016-XXXX [use-after-free in unserialisation]
	- hhvm 3.12.1+dfsg-1
	NOTE: https://github.com/facebook/hhvm/commit/fd456ffad5d164c1563dc8bd97bcc2f200ff6f69
CVE-2016-6288 (The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5. ...)
	{DLA-533-1}
	- hhvm 3.12.1+dfsg-1
	- php5 5.6.15+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=70480
	NOTE: https://github.com/facebook/hhvm/commit/3fa7e73055855c409d48e8aa1dc416a76d3dd764
	NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=629e4da7cc8b174acdeab84969cbfc606a019b31
CVE-2016-3152 (Barco ClickShare CSC-1 devices with firmware before 01.09.03 allow rem ...)
	NOT-FOR-US: Barco ClickShare
CVE-2016-3151 (Directory traversal vulnerability in the wallpaper parsing functionali ...)
	NOT-FOR-US: Barco ClickShare
CVE-2016-3150 (Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base  ...)
	NOT-FOR-US: Barco ClickShare
CVE-2016-3149 (Barco ClickShare CSC-1 devices with firmware before 01.09.03 and CSM-1 ...)
	NOT-FOR-US: Barco ClickShare
CVE-2016-3148
	RESERVED
CVE-2016-3147 (Buffer overflow in the collector.exe listener of the Landesk Managemen ...)
	NOT-FOR-US: Landesk Management Suite
CVE-2016-3146
	RESERVED
CVE-2016-3145 (Lexmark printers with firmware ATL before ATL.021.063, CB before CB.02 ...)
	NOT-FOR-US: Lexmark printers
CVE-2016-3144 (Cross-site scripting (XSS) vulnerability in the Block Class module 7.x ...)
	NOT-FOR-US: Drupal Block Class module
CVE-2016-3143
	RESERVED
CVE-2016-3156 (The IPv4 implementation in the Linux kernel before 4.5.2 mishandles de ...)
	{DSA-3607-1}
	- linux 4.5.1-1
	[wheezy] - linux <not-affected> (Not a security issue since containers are not supported)
	NOTE: https://www.openwall.com/lists/oss-security/2016/03/15/3
CVE-2016-3133
	RESERVED
CVE-2016-3132 (Double free vulnerability in the SplDoublyLinkedList::offsetSet functi ...)
	- php7.0 7.0.6-1
	NOTE: https://bugs.php.net/bug.php?id=71735
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=28a6ed9f9a36b9c517e4a8a429baf4dd382fc5d5
CVE-2016-3131 (Cloudera CDH before 5.6.1 allows authorization bypass via direct inter ...)
	NOT-FOR-US: Cloudera
CVE-2016-3130 (An information disclosure vulnerability in the Core and Management Con ...)
	NOT-FOR-US: BlackBerry
CVE-2016-3129 (A remote shell execution vulnerability in the BlackBerry Good Enterpri ...)
	NOT-FOR-US: BlackBerry
CVE-2016-3128 (A spoofing vulnerability in the Core of BlackBerry Enterprise Server ( ...)
	NOT-FOR-US: BlackBerry
CVE-2016-3127 (An information disclosure vulnerability in the logging implementation  ...)
	NOT-FOR-US: BlackBerry
CVE-2016-3126 (Cross-site scripting (XSS) vulnerability in the Management Console in  ...)
	NOT-FOR-US: BlackBerry
CVE-2016-3123
	RESERVED
CVE-2016-3122
	RESERVED
CVE-2016-3121
	RESERVED
CVE-2016-3120 (The validate_as_request function in kdc_util.c in the Key Distribution ...)
	{DLA-1265-1}
	- krb5 1.14.3+dfsg-1 (bug #832572)
	[jessie] - krb5 1.12.1+dfsg-19+deb8u3
	NOTE: https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7
	NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458
CVE-2016-3119 (The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_prin ...)
	{DLA-1265-1}
	- krb5 1.14.2+dfsg-1 (bug #819468)
	[jessie] - krb5 1.12.1+dfsg-19+deb8u3
	NOTE: https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99
CVE-2016-3118 (CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Ga ...)
	NOT-FOR-US: CA API Gateway
CVE-2016-3117
	RESERVED
CVE-2016-3114 (Kallithea before 0.3.2 allows remote authenticated users to edit or de ...)
	- kallithea <itp> (bug #689573)
CVE-2016-3113 (Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote ...)
	NOT-FOR-US: ovirt-engine
CVE-2016-3112 (client/consumer/cli.py in Pulp before 2.8.3 writes consumer private ke ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3111 (pulp.spec in the installation process for Pulp 2.8.3 generates the RSA ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3110 (mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote at ...)
	- libapache2-mod-cluster <itp> (bug #731410)
CVE-2016-3109 (The backend/Login/load/ script in Shopware before 5.1.5 allows remote  ...)
	NOT-FOR-US: Shopware
CVE-2016-3108 (The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows loca ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3107 (The Node certificate in Pulp before 2.8.3 contains the private key, an ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3106 (Pulp before 2.8.3 creates a temporary directory during CA key generati ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3105 (The convert extension in Mercurial before 3.8 might allow context-depe ...)
	{DSA-3570-1 DLA-459-1}
	- mercurial 3.8.1-1
	NOTE: https://selenic.com/hg/rev/a56296f55a5e
CVE-2016-3104 (mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remot ...)
	- mongodb 1:3.2.11-1
	[jessie] - mongodb <no-dsa> (Minor issue)
	[wheezy] - mongodb <no-dsa> (Minor issue)
	NOTE: https://jira.mongodb.org/browse/SERVER-24378
	NOTE: Marking as fixed with the first 3.x based version in unstable
	NOTE: This issue though affect only 2.4 (and possibly older), or 2.6
	NOTE: installations, but only in circumstances where they first had a
	NOTE: MongoDB 2.4 installation with authentication enabled, upgraded
	NOTE: to 2.6, and did not complete a full upgrade
CVE-2016-3103
	RESERVED
CVE-2016-3102 (The Script Security plugin before 1.18.1 in Jenkins might allow remote ...)
	- jenkins <removed>
CVE-2016-3101 (Cross-site scripting (XSS) vulnerability in the Extra Columns plugin b ...)
	- jenkins <removed>
CVE-2016-3100 (kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for  ...)
	- kinit 5.23.0-1 (bug #827476)
	NOTE: https://bugs.kde.org/show_bug.cgi?id=358593
	NOTE: https://bugs.kde.org/show_bug.cgi?id=363140
	NOTE: https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=dece8fd89979cd1a86c03bcaceef6e9221e8d8cd
	NOTE: https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=72f3702dbe6cf15c06dc13da2c99c864e9022a58
CVE-2016-3099 (mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux ...)
	- libapache2-mod-nss 1.0.14-1 (bug #822461)
	[jessie] - libapache2-mod-nss <not-affected> (Vulnerability introduced in 1.0.11)
	[wheezy] - libapache2-mod-nss <not-affected> (Vulnerability introduced in 1.0.11)
	NOTE: Introduced in https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=2d1650900f4d47dc43400d826c0f7e1a7c5229b8 (1.10.11)
CVE-2016-3098
	RESERVED
CVE-2016-3097 (Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat  ...)
	NOT-FOR-US: spacewalk-java
CVE-2016-3096 (The create_script function in the lxc_container module in Ansible befo ...)
	- ansible 2.0.1.0-2 (bug #819676)
	[jessie] - ansible <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1322925
	NOTE: https://sources.debian.org/src/ansible/2.0.1.0-1/lib/ansible/modules/extras/cloud/lxc/lxc_container.py/?hl=523#L523
CVE-2016-3095 (server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local u ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3094 (PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker ...)
	- qpid-java <itp> (bug #840131)
CVE-2016-3093 (Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method re ...)
	- libstruts1.2-java <not-affected> (Only affects Struts 2.x)
	NOTE: https://struts.apache.org/docs/s2-034.html
CVE-2016-3092 (The MultipartStream class in Apache Commons Fileupload before 1.3.2, a ...)
	{DSA-3614-1 DSA-3611-1 DSA-3609-1 DLA-529-1 DLA-528-1}
	- libcommons-fileupload-java 1.3.2-1
	- tomcat7 7.0.70-1
	- tomcat8 8.0.36-1
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	NOTE: Fixed by https://svn.apache.org/r1743480
	NOTE: Upstream advisory http://markmail.org/message/oyxfv73jb2g7rjg3
	NOTE: https://mail-archives.us.apache.org/mod_mbox/www-announce/201606.mbox/%3C6223ece6-2b41-ef4f-22f9-d3481e492832@apache.org%3E
CVE-2016-3091 (Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers  ...)
	NOT-FOR-US: Cloud Foundry Diego
CVE-2016-3090 (The TextParseUtil.translateVariables method in Apache Struts 2.x befor ...)
	- libstruts1.2-java <removed>
	[wheezy] - libstruts1.2-java <end-of-life>
	NOTE: https://struts.apache.org/docs/s2-027.html
CVE-2016-3089 (Cross-site scripting (XSS) vulnerability in the SWF panel in Apache Op ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2016-3088 (The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 al ...)
	- activemq 5.14.0+dfsg-1
	[jessie] - activemq <not-affected> (file server was only enabled in 5.13.2+dfsg-2)
	[wheezy] - activemq <not-affected> (file server was only enabled in 5.13.2+dfsg-2)
	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt
CVE-2016-3087 (Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2. ...)
	- libstruts1.2-java <not-affected> (Only affects Struts 2.x)
	NOTE: https://struts.apache.org/docs/s2-033.html
CVE-2016-3086 (The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x bef ...)
	- hadoop <itp> (bug #793644)
CVE-2016-3085 (Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x be ...)
	NOT-FOR-US: Apache CloudStack
CVE-2016-3084 (The UAA reset password flow in Cloud Foundry release v236 and earlier  ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-3083 (Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP ...)
	NOT-FOR-US: Apache Hive
CVE-2016-3082 (XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.2 ...)
	- libstruts1.2-java <not-affected> (Only affects Struts 2.x)
	NOTE: https://struts.apache.org/docs/s2-031.html
CVE-2016-3081 (Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2. ...)
	- libstruts1.2-java <not-affected> (Only affects Struts 2.x)
	NOTE: https://struts.apache.org/docs/s2-032.html
CVE-2016-3080 (Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat  ...)
	NOT-FOR-US: Red Hat Satellite / Spacewalk / spacewalk-monitoring
CVE-2016-3079 (Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in S ...)
	NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2016-3078 (Multiple integer overflows in php_zip.c in the zip extension in PHP be ...)
	- php7.0 7.0.6-1
	NOTE: https://www.openwall.com/lists/oss-security/2016/04/28/1
	NOTE: Fixed in 7.0.6
	NOTE: https://bugs.php.net/bug.php?id=71923
CVE-2016-3077 (The VersionMapper.fromKernelVersionString method in oVirt Engine allow ...)
	NOT-FOR-US: ovirt-engine
CVE-2016-3076 (Heap-based buffer overflow in the j2k_encode_entry function in Pillow  ...)
	- pillow 3.2.0-1 (unimportant)
	- python-imaging <removed> (unimportant)
	NOTE: https://github.com/python-pillow/Pillow/commit/a1f244343df389cf15cdfff80327594821097295 (3.2.0)
	NOTE: https://github.com/python-pillow/Pillow/commit/d00d8571c2cc7e0f137e4ce4b3669d0698dee79b (3.1.2)
	NOTE: Marked as unimportant since source vulnerable but in Debian we do
	NOTE: not built against openjpeg by default
CVE-2016-3075 (Stack-based buffer overflow in the nss_dns implementation of the getne ...)
	{DLA-494-1}
	- glibc 2.22-6
	[jessie] - glibc 2.19-18+deb8u5
	- eglibc <removed>
	[wheezy] - eglibc <no-dsa> (Minor issue, can be fixed via point release)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=19879
CVE-2016-3074 (Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or li ...)
	{DSA-3602-1 DSA-3556-1}
	- libgd2 2.1.1-4.1 (bug #822242)
	- php5 5.6.21+dfsg-1 (unimportant)
	- php7.0 7.0.6-1 (unimportant)
	- hhvm 3.12.11+dfsg-1 (unimportant)
	NOTE: HHVM implements additional sanity checks, not directly epxloitable
	NOTE: PoC: https://github.com/dyntopia/exploits/tree/master/CVE-2016-3074
	NOTE: Upstream fix: https://github.com/libgd/libgd/commit/2bb97f407c1145c850416a3bfbcc8cf124e68a19
	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=71912
	NOTE: HHVM fix: https://github.com/facebook/hhvm/commit/29a6487d648d1593e1e2fa615d9b3a844756ddc3
CVE-2016-3073
	REJECTED
CVE-2016-3072 (Multiple SQL injection vulnerabilities in the scoped_search function i ...)
	NOT-FOR-US: Katello
CVE-2016-3071 (Libreswan 3.16 might allow remote attackers to cause a denial of servi ...)
	- libreswan <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://lists.libreswan.org/pipermail/swan-announce/2016/000019.html
CVE-2016-3070 (The trace_writeback_dirty_page implementation in include/trace/events/ ...)
	{DSA-3607-1}
	- linux 4.4.2-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1306851
	NOTE: https://git.kernel.org/linus/42cb14b110a5698ccf26ce59c4441722605a3743 (v4.4-rc1)
CVE-2016-3069 (Mercurial before 3.7.3 allows remote attackers to execute arbitrary co ...)
	{DSA-3542-1}
	- mercurial 3.7.3-1 (bug #819504)
	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
	NOTE: https://selenic.com/repo/hg-stable/rev/197eed39e3d5 (1/5)
	NOTE: https://selenic.com/repo/hg-stable/rev/cdda7b96afff (2/5)
	NOTE: https://selenic.com/repo/hg-stable/rev/b732e7f2aba4 (3/5)
	NOTE: https://selenic.com/repo/hg-stable/rev/80cac1de6aea (4/5)
	NOTE: https://selenic.com/repo/hg-stable/rev/ae279d4a19e9 (5/5)
CVE-2016-3068 (Mercurial before 3.7.3 allows remote attackers to execute arbitrary co ...)
	{DSA-3542-1}
	- mercurial 3.7.3-1 (bug #819504)
	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
	NOTE: https://selenic.com/repo/hg-stable/rev/34d43cb85de8
CVE-2016-3067 (Cygwin before 2.5.0 does not properly handle updating permissions when ...)
	NOT-FOR-US: Cygwin
CVE-2016-3066 (The spice-gtk widget allows remote authenticated users to obtain infor ...)
	- spice-gtk <unfixed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1320263
	NOTE: Hardly a security issue per se, but a design limitation/risky feature
	NOTE: It's up to applications using spice-gtk to use it as appropriate
CVE-2016-3065 (The (1) brin_page_type and (2) brin_metapage_info functions in the pag ...)
	- postgresql-9.5 9.5.2-1
	- postgresql-9.4 <not-affected> (Only affects 9.5.x)
	- postgresql-9.1 <not-affected> (Only affects 9.5.x)
	- postgresql-8.4 <not-affected> (Only affects 9.5.x)
	NOTE: http://www.postgresql.org/about/news/1656/
	NOTE: http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=bf78a6f107949fdfb513d1b45e30cefe04e09e4f
CVE-2016-XXXX [fscanf format string security bug in flashrom layout code]
	- flashrom 0.9.9+r1954-1 (unimportant)
	[wheezy] - flashrom <no-dsa> (Minor issue)
	NOTE: https://www.flashrom.org/pipermail/flashrom/2016-March/014523.html
	NOTE: Neutralised by hardening
CVE-2016-3183 (The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1  ...)
	- openjpeg2 2.1.1-1 (low; bug #818399)
	[jessie] - openjpeg2 <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2016/03/14/14
	NOTE: https://github.com/uclouvain/openjpeg/issues/726
CVE-2016-3182 (The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG befo ...)
	- openjpeg2 2.1.1-1
	[jessie] - openjpeg2 <not-affected> (Vulnerable code not yet present in 2.1.0)
	NOTE: https://www.openwall.com/lists/oss-security/2016/03/14/13
	NOTE: https://github.com/uclouvain/openjpeg/issues/725
CVE-2016-3181
	REJECTED
CVE-2016-3140 (The digi_port_init function in drivers/usb/serial/digi_acceleport.c in ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1 (low)
	NOTE: http://seclists.org/bugtraq/2016/Mar/61
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283378
	NOTE: https://marc.info/?l=linux-usb&m=145796765030590&w=2
CVE-2016-3139 (The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Li ...)
	- linux 4.0.2-1 (low)
	[jessie] - linux <ignored> (Minor issue)
	[wheezy] - linux <no-dsa> (Minor issue)
	NOTE: http://seclists.org/bugtraq/2016/Mar/60
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283375
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283377
CVE-2016-3138 (The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux ker ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1 (low)
	NOTE: http://seclists.org/bugtraq/2016/Mar/54
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283366
	NOTE: http://marc.info/?l=linux-usb&m=145803342320160&w=2
CVE-2016-3137 (drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allow ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1 (low)
	NOTE: http://seclists.org/bugtraq/2016/Mar/55
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283368
CVE-2016-3136 (The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1 (low)
	NOTE: http://seclists.org/bugtraq/2016/Mar/57
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283370
CVE-2016-3125 (The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2  ...)
	- proftpd-dfsg 1.3.5b-1 (bug #818492)
	[jessie] - proftpd-dfsg 1.3.5-1.1+deb8u2
	[wheezy] - proftpd-dfsg <no-dsa> (Minor issue; can be fixed in point release)
	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4230
	NOTE: Fixed in 1.3.6rc2, 1.3.5b.
CVE-2016-3064 (NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 al ...)
	NOT-FOR-US: NetApp
CVE-2016-3063 (Multiple functions in NetApp OnCommand System Manager before 8.3.2 do  ...)
	NOT-FOR-US: NetApp
CVE-2016-3062 (The mov_read_dref function in libavformat/mov.c in Libav before 11.7 a ...)
	{DSA-3603-1 DLA-515-1}
	- libav <removed>
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=7e01d48cfd168c3dfc663f03a3b6a98e0ecba328
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=5fdcbc4a7cd81114a9f47bcb3040ca510bd6360d (11.7)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=929
	- ffmpeg 7:2.4.1-1
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/689e59b7ffed34eba6159dcc78e87133862e3746 (n0.11)
CVE-2016-3061
	RESERVED
CVE-2016-3060 (Payments Director in IBM Financial Transaction Manager (FTM) for ACH S ...)
	NOT-FOR-US: IBM
CVE-2016-3059 (IBM Tivoli Storage Manager for Databases: Data Protection for Microsof ...)
	NOT-FOR-US: IBM
CVE-2016-3058
	RESERVED
CVE-2016-3057 (Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrato ...)
	NOT-FOR-US: IBM
CVE-2016-3056 (Cross-site scripting (XSS) vulnerability in Business Space in IBM Busi ...)
	NOT-FOR-US: IBM
CVE-2016-3055 (IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authen ...)
	NOT-FOR-US: IBM
CVE-2016-3054 (Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace 4.0. ...)
	NOT-FOR-US: IBM
CVE-2016-3053 (IBM AIX contains an unspecified vulnerability that would allow a local ...)
	NOT-FOR-US: IBM
CVE-2016-3052 (Under non-standard configurations, IBM WebSphere MQ might send passwor ...)
	NOT-FOR-US: IBM
CVE-2016-3051 (IBM Security Access Manager for Web 9.0.0 could allow an authenticated ...)
	NOT-FOR-US: IBM
CVE-2016-3050
	RESERVED
CVE-2016-3049 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML inj ...)
	NOT-FOR-US: IBM
CVE-2016-3048 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-si ...)
	NOT-FOR-US: IBM
CVE-2016-3047 (Open redirect vulnerability in IBM FileNet Workplace 4.0.2 through 4.0 ...)
	NOT-FOR-US: IBM
CVE-2016-3046 (IBM Security Access Manager for Web is vulnerable to SQL injection. A  ...)
	NOT-FOR-US: IBM
CVE-2016-3045 (IBM Security Access Manager for Web stores sensitive information in UR ...)
	NOT-FOR-US: IBM
CVE-2016-3044 (The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 an ...)
	- linux 4.4.6-1
	[jessie] - linux 3.16.36-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://www-01.ibm.com/support/docview.wss?uid=isg3T1023969
	NOTE: http://www.securityfocus.com/bid/92123/info
CVE-2016-3043 (IBM Security Access Manager for Web could allow a remote attacker to o ...)
	NOT-FOR-US: IBM
CVE-2016-3042 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSpher ...)
	NOT-FOR-US: IBM
CVE-2016-3041
	RESERVED
CVE-2016-3040 (IBM WebSphere Application Server (WAS) Liberty, as used in IBM Securit ...)
	NOT-FOR-US: IBM
CVE-2016-3039 (IBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated u ...)
	NOT-FOR-US: IBM
CVE-2016-3038 (IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. Th ...)
	NOT-FOR-US: IBM
CVE-2016-3037 (IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's ...)
	NOT-FOR-US: IBM
CVE-2016-3036 (IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, cau ...)
	NOT-FOR-US: IBM
CVE-2016-3035 (IBM AppScan Source could reveal some sensitive information through the ...)
	NOT-FOR-US: IBM
CVE-2016-3034 (IBM AppScan Source uses a one-way hash without salt to encrypt highly  ...)
	NOT-FOR-US: IBM
CVE-2016-3033 (IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated use ...)
	NOT-FOR-US: IBM
CVE-2016-3032 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This  ...)
	NOT-FOR-US: IBM
CVE-2016-3031 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This  ...)
	NOT-FOR-US: IBM
CVE-2016-3030
	RESERVED
CVE-2016-3029 (IBM Security Access Manager for Web is vulnerable to cross-site reques ...)
	NOT-FOR-US: IBM
CVE-2016-3028 (IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0. ...)
	NOT-FOR-US: IBM
CVE-2016-3027 (IBM Security Access Manager for Web is vulnerable to a denial of servi ...)
	NOT-FOR-US: IBM
CVE-2016-3026
	RESERVED
CVE-2016-3025 (IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Secu ...)
	NOT-FOR-US: IBM
CVE-2016-3024 (IBM Security Access Manager for Web allows web pages to be stored loca ...)
	NOT-FOR-US: IBM
CVE-2016-3023 (IBM Security Access Manager for Web could allow an unauthenticated use ...)
	NOT-FOR-US: IBM
CVE-2016-3022 (IBM Security Access Manager for Web could allow an authenticated user  ...)
	NOT-FOR-US: IBM
CVE-2016-3021 (IBM Security Access Manager for Web could allow an authenticated attac ...)
	NOT-FOR-US: IBM
CVE-2016-3020 (IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allo ...)
	NOT-FOR-US: IBM
CVE-2016-3019 (IBM Security Access Manager for Web 9.0.0 uses weaker than expected cr ...)
	NOT-FOR-US: IBM
CVE-2016-3018 (IBM Security Access Manager for Web is vulnerable to cross-site script ...)
	NOT-FOR-US: IBM
CVE-2016-3017 (IBM Security Access Manager for Web could allow a remote attacker to o ...)
	NOT-FOR-US: IBM
CVE-2016-3016 (IBM Security Access Manager for Web processes patches, image backups a ...)
	NOT-FOR-US: IBM
CVE-2016-3015 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This  ...)
	NOT-FOR-US: IBM
CVE-2016-3014 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...)
	NOT-FOR-US: IBM
CVE-2016-3013 (IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ ...)
	NOT-FOR-US: IBM
CVE-2016-3012 (IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8  ...)
	NOT-FOR-US: IBM
CVE-2016-3011
	RESERVED
CVE-2016-3010 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connecti ...)
	NOT-FOR-US: IBM
CVE-2016-3009 (Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 ...)
	NOT-FOR-US: IBM
CVE-2016-3008 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connecti ...)
	NOT-FOR-US: IBM
CVE-2016-3007 (Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.x ...)
	NOT-FOR-US: IBM
CVE-2016-3006 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connecti ...)
	NOT-FOR-US: IBM
CVE-2016-3005 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connecti ...)
	NOT-FOR-US: IBM
CVE-2016-3004 (Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 ...)
	NOT-FOR-US: IBM
CVE-2016-3003 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connecti ...)
	NOT-FOR-US: IBM
CVE-2016-3002 (IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 a ...)
	NOT-FOR-US: IBM
CVE-2016-3001 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connecti ...)
	NOT-FOR-US: IBM
CVE-2016-3000 (The help service in IBM Connections 4.x through 4.5 CR5, 5.0 before CR ...)
	NOT-FOR-US: IBM
CVE-2016-2999 (IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR ...)
	NOT-FOR-US: IBM
CVE-2016-2998 (Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 ...)
	NOT-FOR-US: IBM
CVE-2016-2997 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connecti ...)
	NOT-FOR-US: IBM
CVE-2016-2996 (IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Vi ...)
	NOT-FOR-US: IBM
CVE-2016-2995 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connecti ...)
	NOT-FOR-US: IBM
CVE-2016-2994 (Cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy 6.2.x ...)
	NOT-FOR-US: IBM
CVE-2016-2993
	RESERVED
CVE-2016-2992 (IBM Infosphere BigInsights is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2016-2991 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Prote ...)
	NOT-FOR-US: IBM
CVE-2016-2990
	RESERVED
CVE-2016-2989 (Open redirect vulnerability in the Connections Portlets component 5.x  ...)
	NOT-FOR-US: IBM
CVE-2016-2988 (IBM Tivoli Storage Manger for Virtual Environments: Data Protection fo ...)
	NOT-FOR-US: IBM
CVE-2016-2987 (An undisclosed vulnerability in CLM applications may result in some ad ...)
	NOT-FOR-US: IBM
CVE-2016-2986 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...)
	NOT-FOR-US: IBM
CVE-2016-2985 (IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and ...)
	NOT-FOR-US: IBM
CVE-2016-2984 (IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and ...)
	NOT-FOR-US: IBM
CVE-2016-2983 (IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remo ...)
	NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2016-2982
	RESERVED
CVE-2016-2981 (An undisclosed vulnerability in the CLM applications in IBM Jazz Team  ...)
	NOT-FOR-US: IBM
CVE-2016-2980 (The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injecti ...)
	NOT-FOR-US: IBM
CVE-2016-2979 (IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site  ...)
	NOT-FOR-US: IBM
CVE-2016-2978 (IBM Sametime 8.5.2 and 9.0 could store potentially sensitive informati ...)
	NOT-FOR-US: IBM
CVE-2016-2977 (IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user ...)
	NOT-FOR-US: IBM
CVE-2016-2976 (IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invite ...)
	NOT-FOR-US: IBM
CVE-2016-2975 (IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2016-2974 (IBM Sametime Connect 8.5.2 and 9.0, after uninstalling the Sametime Ri ...)
	NOT-FOR-US: IBM
CVE-2016-2973 (IBM Sametime Media Services 8.5.2 and 9.0 is vulnerable to cross-site  ...)
	NOT-FOR-US: IBM
CVE-2016-2972 (IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of t ...)
	NOT-FOR-US: IBM
CVE-2016-2971 (IBM Sametime Media Services 8.5.2 and 9.0 can disclose sensitive infor ...)
	NOT-FOR-US: IBM
CVE-2016-2970 (IBM Sametime 8.5 and 9.0 meetings server may provide detailed informat ...)
	NOT-FOR-US: IBM
CVE-2016-2969 (IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contai ...)
	NOT-FOR-US: IBM
CVE-2016-2968 (IBM Security QRadar Incident Forensics 7.2.x before 7.2.7 allows remot ...)
	NOT-FOR-US: IBM
CVE-2016-2967 (IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2016-2966 (IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to enumer ...)
	NOT-FOR-US: IBM
CVE-2016-2965 (IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site  ...)
	NOT-FOR-US: IBM
CVE-2016-2964 (IBM Sametime 8.5.2 and 9.0 under certain conditions provides an error  ...)
	NOT-FOR-US: IBM
CVE-2016-2963 (Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote C ...)
	NOT-FOR-US: IBM
CVE-2016-2962
	RESERVED
CVE-2016-2961 (The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10  ...)
	NOT-FOR-US: IBM
CVE-2016-2960 (IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x be ...)
	NOT-FOR-US: IBM
CVE-2016-2959 (IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting room m ...)
	NOT-FOR-US: IBM
CVE-2016-2958 (IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 a ...)
	NOT-FOR-US: IBM
CVE-2016-2957 (IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 a ...)
	NOT-FOR-US: IBM
CVE-2016-2956 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connecti ...)
	NOT-FOR-US: IBM
CVE-2016-2955 (Cross-site scripting (XSS) vulnerability in IBM Connections 5.0 before ...)
	NOT-FOR-US: IBM
CVE-2016-2954 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connecti ...)
	NOT-FOR-US: IBM
CVE-2016-2953 (IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 d ...)
	NOT-FOR-US: IBM
CVE-2016-2952 (IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protec ...)
	NOT-FOR-US: IBM
CVE-2016-2951 (IBM BigFix Remote Control before 9.1.3 does not properly set the defau ...)
	NOT-FOR-US: IBM
CVE-2016-2950 (SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3  ...)
	NOT-FOR-US: IBM
CVE-2016-2949 (IBM BigFix Remote Control before 9.1.3 allows local users to obtain se ...)
	NOT-FOR-US: IBM
CVE-2016-2948 (IBM BigFix Remote Control before 9.1.3 allows local users to discover  ...)
	NOT-FOR-US: IBM
CVE-2016-2947 (IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix1 ...)
	NOT-FOR-US: IBM
CVE-2016-2946 (Stack-based buffer overflow in the ax Shared Libraries in the Agent in ...)
	NOT-FOR-US: IBM
CVE-2016-2945 (The API Discovery implementation in IBM WebSphere Application Server ( ...)
	NOT-FOR-US: IBM
CVE-2016-2944 (IBM BigFix Remote Control before 9.1.3 does not properly restrict fail ...)
	NOT-FOR-US: IBM
CVE-2016-2943 (IBM BigFix Remote Control before 9.1.3 allows local users to obtain se ...)
	NOT-FOR-US: IBM
CVE-2016-2942 (IBM UrbanCode Deploy could allow an authenticated attacker with specia ...)
	NOT-FOR-US: IBM
CVE-2016-2941 (IBM UrbanCode Deploy creates temporary files during step execution tha ...)
	NOT-FOR-US: IBM
CVE-2016-2940 (Multiple unspecified vulnerabilities in IBM BigFix Remote Control befo ...)
	NOT-FOR-US: IBM
CVE-2016-2939 (IBM iNotes is vulnerable to cross-site scripting. This vulnerability a ...)
	NOT-FOR-US: IBM
CVE-2016-2938 (IBM iNotes is vulnerable to cross-site scripting. This vulnerability a ...)
	NOT-FOR-US: IBM
CVE-2016-2937 (IBM BigFix Remote Control before 9.1.3 allows remote attackers to obta ...)
	NOT-FOR-US: IBM
CVE-2016-2936 (IBM BigFix Remote Control before 9.1.3 uses cleartext storage for unsp ...)
	NOT-FOR-US: IBM
CVE-2016-2935 (The broker application in IBM BigFix Remote Control before 9.1.3 allow ...)
	NOT-FOR-US: IBM
CVE-2016-2934 (Cross-site scripting (XSS) vulnerability in IBM BigFix Remote Control  ...)
	NOT-FOR-US: IBM
CVE-2016-2933 (Directory traversal vulnerability in IBM BigFix Remote Control before  ...)
	NOT-FOR-US: IBM
CVE-2016-2932 (IBM BigFix Remote Control before 9.1.3 allows remote attackers to cond ...)
	NOT-FOR-US: IBM
CVE-2016-2931 (IBM BigFix Remote Control before 9.1.3 allows remote attackers to obta ...)
	NOT-FOR-US: IBM
CVE-2016-2930 (IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perfo ...)
	NOT-FOR-US: IBM
CVE-2016-2929 (IBM BigFix Remote Control before 9.1.3 does not properly restrict pass ...)
	NOT-FOR-US: IBM
CVE-2016-2928 (IBM BigFix Remote Control before 9.1.3 allows remote authenticated use ...)
	NOT-FOR-US: IBM
CVE-2016-2927 (IBM BigFix Remote Control before 9.1.3 does not properly restrict the  ...)
	NOT-FOR-US: IBM
CVE-2016-2926 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...)
	NOT-FOR-US: IBM
CVE-2016-2925 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...)
	NOT-FOR-US: IBM
CVE-2016-2924 (IBM Infosphere BigInsights is vulnerable to cross-site scripting, caus ...)
	NOT-FOR-US: IBM
CVE-2016-2923 (IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9 Liberty bef ...)
	NOT-FOR-US: IBM
CVE-2016-2922 (IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (C ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2016-2921
	RESERVED
CVE-2016-2920
	RESERVED
CVE-2016-2919
	RESERVED
CVE-2016-2918
	RESERVED
CVE-2016-2917 (The notifications component in IBM TRIRIGA Applications 10.4 and 10.5  ...)
	NOT-FOR-US: IBM
CVE-2016-2916
	RESERVED
CVE-2016-2915
	RESERVED
CVE-2016-2914 (Unrestricted file upload vulnerability in the Document Builder in IBM  ...)
	NOT-FOR-US: IBM
CVE-2016-2913
	RESERVED
CVE-2016-2912 (Cross-site scripting (XSS) vulnerability in the Document Builder in IB ...)
	NOT-FOR-US: IBM
CVE-2016-2911
	RESERVED
CVE-2016-2910
	RESERVED
CVE-2016-2909
	RESERVED
CVE-2016-2908 (IBM Single Sign On for Bluemix could allow a remote attacker to obtain ...)
	NOT-FOR-US: IBM
CVE-2016-2907
	RESERVED
CVE-2016-2906
	RESERVED
CVE-2016-2905
	RESERVED
CVE-2016-2904
	RESERVED
CVE-2016-2903
	RESERVED
CVE-2016-2902
	RESERVED
CVE-2016-2901 (Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creato ...)
	NOT-FOR-US: IBM
CVE-2016-2900
	RESERVED
CVE-2016-2899
	RESERVED
CVE-2016-2898
	RESERVED
CVE-2016-2897
	RESERVED
CVE-2016-2896
	RESERVED
CVE-2016-2895
	RESERVED
CVE-2016-2894 (IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 ...)
	NOT-FOR-US: IBM
CVE-2016-2893
	RESERVED
CVE-2016-2892
	RESERVED
CVE-2016-2891
	RESERVED
CVE-2016-2890
	RESERVED
CVE-2016-2889 (Cross-site request forgery (CSRF) vulnerability in the Report Builder  ...)
	NOT-FOR-US: IBM
CVE-2016-2888 (Cross-site scripting (XSS) vulnerability in the Report Builder and Dat ...)
	NOT-FOR-US: IBM
CVE-2016-2887 (IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .N ...)
	NOT-FOR-US: IBM
CVE-2016-2886
	RESERVED
CVE-2016-2885
	RESERVED
CVE-2016-2884 (Cross-site request forgery (CSRF) vulnerability in IBM Forms Experienc ...)
	NOT-FOR-US: IBM
CVE-2016-2883 (Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Pl ...)
	NOT-FOR-US: IBM
CVE-2016-2882 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2. ...)
	NOT-FOR-US: IBM
CVE-2016-2881 (IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 and QRada ...)
	NOT-FOR-US: IBM
CVE-2016-2880 (IBM QRadar 7.2 stores the encryption key used to encrypt the service a ...)
	NOT-FOR-US: IBM
CVE-2016-2879 (IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwo ...)
	NOT-FOR-US: IBM
CVE-2016-2878 (Multiple cross-site request forgery (CSRF) vulnerabilities in IBM QRad ...)
	NOT-FOR-US: IBM
CVE-2016-2877 (IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses weak ...)
	NOT-FOR-US: IBM
CVE-2016-2876 (IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes  ...)
	NOT-FOR-US: IBM
CVE-2016-2875 (IBM Security QRadar SIEM 7.1.x and 7.2.x before 7.2.7 allows remote au ...)
	NOT-FOR-US: IBM
CVE-2016-2874 (IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandle ...)
	NOT-FOR-US: IBM
CVE-2016-2873 (SQL injection vulnerability in IBM QRadar SIEM 7.1 before MR2 Patch 13 ...)
	NOT-FOR-US: IBM
CVE-2016-2872 (Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x be ...)
	NOT-FOR-US: IBM
CVE-2016-2871 (IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses clea ...)
	NOT-FOR-US: IBM
CVE-2016-2870 (Buffer overflow in the CLI on IBM WebSphere DataPower XC10 appliances  ...)
	NOT-FOR-US: IBM
CVE-2016-2869 (Multiple cross-site scripting (XSS) vulnerabilities in the UI in IBM Q ...)
	NOT-FOR-US: IBM
CVE-2016-2868 (IBM Security QRadar SIEM 7.2.x before 7.2.7 allows remote authenticate ...)
	NOT-FOR-US: IBM
CVE-2016-2867 (IBM InfoSphere Streams before 4.0.1.2 and IBM Streams before 4.1.1.1 d ...)
	NOT-FOR-US: IBM
CVE-2016-2866 (An unspecified vulnerability in IBM Jazz Team Server may disclose some ...)
	NOT-FOR-US: IBM
CVE-2016-2865 (The GIT Integration component in IBM Rational Team Concert (RTC) 5.x b ...)
	NOT-FOR-US: IBM
CVE-2016-2864 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...)
	NOT-FOR-US: IBM
CVE-2016-2863 (Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Comme ...)
	NOT-FOR-US: IBM
CVE-2016-2862 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 ...)
	NOT-FOR-US: IBM
CVE-2016-2861 (IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1 ...)
	NOT-FOR-US: IBM
CVE-2016-2860 (The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 a ...)
	{DSA-3569-1 DLA-493-1}
	- openafs 1.6.17-1
	NOTE: http://git.openafs.org/?p=openafs.git;a=commitdiff;h=396240cf070a806b91fea81131d034e1399af1e0
	NOTE: http://rt.central.org/rt/Ticket/Display.html?id=132822 (currently not public)
CVE-2016-3154 (The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2 ...)
	{DSA-3518-1}
	- spip 3.0.22-1
	NOTE: https://www.openwall.com/lists/oss-security/2016/03/15/2
	NOTE: patch https://core.spip.net/projects/spip/repository/revisions/22903
CVE-2016-3153 (SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 al ...)
	{DSA-3518-1}
	- spip 3.0.22-1
	NOTE: https://www.openwall.com/lists/oss-security/2016/03/15/2
	NOTE: patch https://core.spip.net/projects/spip/repository/revisions/22911
CVE-2016-XXXX [Cross-site scripting (XSS) vulnerability in cgit's "txt2html" filter]
	- cgit 0.12.0.git2.7.0-1
	[jessie] - cgit 0.10.2.git2.0.1-3+deb8u1
	NOTE: https://git.zx2c4.com/cgit/commit/filters/html-converters/txt2html?id=13c2d3df0440ce04273de3149631a9bd97490c6e
	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/03/05/8
CVE-2016-3172 (SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier al ...)
	{DLA-560-1}
	- cacti 0.8.8g+ds1-2 (bug #818647)
	[jessie] - cacti 0.8.8b+dfsg-8+deb8u5
	NOTE: http://bugs.cacti.net/view.php?id=2667
	NOTE: https://www.openwall.com/lists/oss-security/2016/03/10/13
	NOTE: Requires authenticated user
CVE-2016-3116 (CRLF injection vulnerability in Dropbear SSH before 2016.72 allows rem ...)
	- dropbear 2016.72-1
	[jessie] - dropbear 2014.65-1+deb8u1
	[wheezy] - dropbear <no-dsa> (Minor issue)
	NOTE: https://matt.ucc.asn.au/dropbear/CHANGES
	NOTE: Fixed in 2016.72 upstream
CVE-2016-3115 (Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSS ...)
	{DLA-1500-1}
	- openssh 1:7.2p2-1
	[wheezy] - openssh <no-dsa> (Minor issue)
	NOTE: http://www.openssh.com/txt/x11fwd.adv
	NOTE: Portable OpenSSH 7.2p2 contains a fix for this vulnerability.
	NOTE: https://www.openwall.com/lists/oss-security/2016/03/10/8
	NOTE: Upstream fix: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&sortby=date&f=h
CVE-2016-3134 (The netfilter subsystem in the Linux kernel through 4.5.2 does not val ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1
	[wheezy] - linux <no-dsa> (Minor issue)
	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=758
	NOTE: https://patchwork.ozlabs.org/patch/595575/
	NOTE: http://marc.info/?l=netfilter-devel&m=145757134822741&w=2
	NOTE: https://www.openwall.com/lists/oss-security/2016/03/10/4
	NOTE: https://www.openwall.com/lists/oss-security/2016/03/10/7
	NOTE: Non-privileged user namespaces disabled by default, only vulnerable with sysctl kernel.unprivileged_userns_clone=1
CVE-2016-3135 (Integer overflow in the xt_alloc_table_info function in net/netfilter/ ...)
	- linux 4.4.6-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: http://marc.info/?l=netfilter-devel&m=145757136822750&w=2
	NOTE: https://patchwork.ozlabs.org/patch/595576/
	NOTE: https://www.openwall.com/lists/oss-security/2016/03/10/7
CVE-2016-2859
	REJECTED
CVE-2016-3124 (The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote at ...)
	- simplesamlphp 1.14.1-1 (unimportant; bug #817162)
	NOTE: https://simplesamlphp.org/security/201603-01
	NOTE: Fixed upstream in 1.14.1
	NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/952027dd7f794ff4b2d4f5eddf549c5b5070fa38
	NOTE: https://www.openwall.com/lists/oss-security/2016/03/08/4
	NOTE: Not treated as a security issue, many components in Debian reveal the release in use
CVE-2016-2855 (The Huawei Mobile Broadband HL Service 22.001.25.00.03 and earlier use ...)
	NOT-FOR-US: Huawei
CVE-2016-2852
	RESERVED
CVE-2016-2851 (Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms ...)
	{DSA-3512-1}
	- libotr 4.1.1-1 (bug #817799)
	NOTE: https://lists.cypherpunks.ca/pipermail/otr-announce/2016-March/000062.html
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/
CVE-2016-2850 (Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signat ...)
	- botan1.10 <not-affected> (Introduced in 1.11.0)
	NOTE: Introduced in 1.11.0, fixed in 1.11.29
CVE-2016-2849 (Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-t ...)
	{DSA-3565-1 DLA-449-1}
	- botan1.10 1.10.13-1 (bug #822698)
	NOTE: http://botan.randombit.net/security.html
	NOTE: Introduced in 1.7.15, fixed in 1.10.13 and 1.11.29
	NOTE: FIX https://github.com/randombit/botan/commit/bcf13fa153a11b3e0ad54e2af6962441cea3adf1
CVE-2016-2848 (ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remo ...)
	{DLA-672-1}
	- bind9 1:9.9.3.dfsg.P2-1 (bug #839051)
	NOTE: https://kb.isc.org/article/AA-01433
	NOTE: Fixed by https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=4adf97c32fcca7d00e5756607fd045f2aab9c3d4
CVE-2016-2846 (Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers  ...)
	NOT-FOR-US: Siemens SIMATIC S7-1200 CPU devices
CVE-2016-2845 (The Content Security Policy (CSP) implementation in Blink, as used in  ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-2844 (WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google  ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-2843 (Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, a ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-3178 (The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 ...)
	{DLA-454-1}
	- minissdpd 1.2.20130907-3.2 (bug #816759)
	[jessie] - minissdpd 1.2.20130907-3+deb8u1
	NOTE: https://speirofr.appspot.com/files/advisory/SPADV-2016-02.md
	NOTE: https://github.com/miniupnp/miniupnp/commit/b238cade9a173c6f751a34acf8ccff838a62aa47
CVE-2016-3179 (The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 ...)
	{DLA-454-1}
	- minissdpd 1.2.20130907-3.2 (bug #816759)
	[jessie] - minissdpd 1.2.20130907-3+deb8u1
	NOTE: https://speirofr.appspot.com/files/advisory/SPADV-2016-02.md
	NOTE: https://github.com/miniupnp/miniupnp/commit/140ee8d2204b383279f854802b27bdb41c1d5d1a
CVE-2016-2842 (The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 befo ...)
	{DSA-3500-1}
	- openssl 1.0.2g-1
	NOTE: split from CVE-2016-0799
CVE-2016-3142 (The phar_parse_zipfile function in zip.c in the PHAR extension in PHP  ...)
	{DLA-818-1}
	- php5 5.6.19+dfsg-1
	[jessie] - php5 5.6.19+dfsg-0+deb8u1
	[wheezy] - php5 <no-dsa> (Minor issue, can be fixed in next update round)
	NOTE: https://bugs.php.net/bug.php?id=71498
	NOTE: Fixed in 5.5.33, 5.6.19
	NOTE: https://www.openwall.com/lists/oss-security/2016/03/10/5
	NOTE: https://www.openwall.com/lists/oss-security/2016/03/13/2
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=a6fdc5bb27b20d889de0cd29318b3968aabb57bd
CVE-2016-3141 (Use-after-free vulnerability in wddx.c in the WDDX extension in PHP be ...)
	{DLA-818-1}
	- php5 5.6.19+dfsg-1
	[jessie] - php5 5.6.19+dfsg-0+deb8u1
	[wheezy] - php5 <no-dsa> (Minor issue, can be fixed in next update round)
	NOTE: https://bugs.php.net/bug.php?id=71587
	NOTE: Fixed in 5.5.33, 5.6.19
	NOTE: https://www.openwall.com/lists/oss-security/2016/03/10/5
	NOTE: https://www.openwall.com/lists/oss-security/2016/03/13/1
CVE-2016-2858 (QEMU, when built with the Pseudo Random Number Generator (PRNG) back-e ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-1 (bug #817183)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	[squeeze] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Upstream patch: http://git.qemu.org/?p=qemu.git;a=commit;h=60253ed1e6ec6d8e5ef2efe7bf755f475dce9956 (v2.6.0-rc0)
	NOTE: Introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=a9b7b2ad7b075dba5495271706670e5c6b1304bc (v1.3.0-rc0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1314676
	NOTE: https://www.openwall.com/lists/oss-security/2016/03/04/1
CVE-2016-8000
	REJECTED
CVE-2016-2840 (An issue was discovered in Open-Xchange Server 6 / OX AppSuite before  ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-2857 (The net_checksum_calculate function in net/checksum.c in QEMU allows l ...)
	{DLA-1599-1 DLA-574-1 DLA-573-1}
	- qemu 1:2.6+dfsg-1 (bug #817182)
	- qemu-kvm <removed>
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=362786f14a753d8a5256ef97d7c10ed576d6572b (v2.6.0-rc0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1296567
	NOTE: https://www.openwall.com/lists/oss-security/2016/03/03/9
CVE-2016-2854 (The aufs module for the Linux kernel 3.x and 4.x does not properly mai ...)
	- linux 3.18-1~exp1
	[jessie] - linux <ignored> (Not exploitable in default configuration)
	[wheezy] - linux <not-affected> (Vulnerable code is not present)
	NOTE: http://www.halfdog.net/Security/2016/AufsPrivilegeEscalationInUserNamespaces/
	NOTE: https://sourceforge.net/p/aufs/mailman/message/34864744/
	NOTE: This depends on a user namespace creator being able to mount aufs.
	NOTE: jessie: Unprivileged users are not allowed to create user namespaces by default; aufs is not allowed to be mounted from a new user namespace by default.
	NOTE: wheezy: User namespaces are non-functional.
CVE-2016-2853 (The aufs module for the Linux kernel 3.x and 4.x does not properly res ...)
	- linux 3.18-1~exp1
	[jessie] - linux <ignored> (Not exploitable in default configuration)
	[wheezy] - linux <not-affected> (Vulnerable code is not present)
	NOTE: http://www.halfdog.net/Security/2016/AufsPrivilegeEscalationInUserNamespaces/
	NOTE: https://sourceforge.net/p/aufs/mailman/message/34864744/
	NOTE: This depends on a user namespace creator being able to mount aufs.
	NOTE: jessie: Unprivileged users are not allowed to create user namespaces by default; aufs is not allowed to be mounted from a new user namespace by default.
	NOTE: wheezy: User namespaces are non-functional.
CVE-2016-2839 (Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux  ...)
	- firefox <not-affected> (Uses gstreamer-ffmpeg/libav 1.0)
	- firefox-esr <not-affected> (Uses gstreamer-ffmpeg/libav 1.0)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-65/
	NOTE: Related patches https://hg.mozilla.org/mozilla-central/log?rev=Bug+1275339
CVE-2016-2838 (Heap-based buffer overflow in the nsBidi::BracketData::AddOpening func ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/
CVE-2016-2837 (Heap-based buffer overflow in the ClearKey Content Decryption Module ( ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/
CVE-2016-2836 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-3686-1 DSA-3640-1 DLA-640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	- icedove 1:45.3.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/
CVE-2016-2835 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- firefox 48.0-1
	- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
	- icedove <not-affected> (Doesn't apply to Thunderbird ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/
CVE-2016-2834 (Mozilla Network Security Services (NSS) before 3.23, as used in Mozill ...)
	{DSA-3688-1 DLA-527-1}
	- nss 2:3.23-1
	- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
	- firefox 47.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-61/
CVE-2016-2833 (Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) dire ...)
	- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
	- firefox 47.0-1
CVE-2016-2832 (Mozilla Firefox before 47.0 allows remote attackers to discover the li ...)
	- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
	- firefox 47.0-1
CVE-2016-2831 (Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not en ...)
	{DSA-3600-1 DLA-521-1}
	- firefox-esr 45.2.0esr-1
	- firefox 47.0-1
CVE-2016-2830 (Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve  ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1342897
CVE-2016-2829 (Mozilla Firefox before 47.0 allows remote attackers to spoof permissio ...)
	- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
	- firefox 47.0-1
CVE-2016-2828 (Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefo ...)
	{DSA-3600-1 DLA-521-1}
	- firefox-esr 45.2.0esr-1
	- firefox 47.0-1
CVE-2016-2827 (The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox be ...)
	- firefox 49.0-1
	- firefox-esr <not-affected> (Doesn't affect ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-2826 (The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR ...)
	- firefox-esr <not-affected> (Only affects Windows)
	- firefox <not-affected> (Only affects Windows)
CVE-2016-2825 (Mozilla Firefox before 47.0 allows remote attackers to bypass the Same ...)
	- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
	- firefox 47.0-1
CVE-2016-2824 (The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox befor ...)
	- firefox-esr <not-affected> (Only affects Windows)
	- firefox <not-affected> (Only affects Windows)
CVE-2016-2823
	RESERVED
CVE-2016-2822 (Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow rem ...)
	{DSA-3600-1 DLA-521-1}
	- firefox-esr 45.2.0esr-1
	- firefox 47.0-1
CVE-2016-2821 (Use-after-free vulnerability in the mozilla::dom::Element class in Moz ...)
	{DSA-3600-1 DLA-521-1}
	- firefox-esr 45.2.0esr-1
	- firefox 47.0-1
CVE-2016-2820 (The Firefox Health Reports (aka FHR or about:healthreport) feature in  ...)
	- iceweasel <not-affected> (Only Firefox 46)
	- firefox-esr <not-affected> (Only Firefox 46)
	- firefox 46.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-48/
CVE-2016-2819 (Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox  ...)
	{DSA-3600-1 DLA-521-1}
	- firefox-esr 45.2.0esr-1
	- firefox 47.0-1
CVE-2016-2818 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-3647-1 DSA-3600-1 DLA-572-1 DLA-521-1}
	- firefox-esr 45.2.0esr-1
	- firefox 47.0-1
	- icedove 1:45.2.0-1
CVE-2016-2817 (The WebExtension sandbox feature in browser/components/extensions/ext- ...)
	- iceweasel <not-affected> (Only Firefox 46)
	- firefox-esr <not-affected> (Only Firefox 46)
	- firefox 46.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-46/
CVE-2016-2816 (Mozilla Firefox before 46.0 allows remote attackers to bypass the Cont ...)
	- iceweasel <not-affected> (Only Firefox 46)
	- firefox-esr <not-affected> (Only Firefox 46)
	- firefox 46.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-45/
CVE-2016-2815 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
	- firefox 47.0-1
CVE-2016-2814 (Heap-based buffer overflow in the stagefright::SampleTable::parseSampl ...)
	{DSA-3559-1}
	- iceweasel <removed>
	- firefox-esr 45.1.0esr-1
	- firefox 46.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-44/
CVE-2016-2813 (Mozilla Firefox before 46.0 on Android does not properly restrict Java ...)
	- iceweasel <not-affected> (Only Firefox on Android)
	- firefox-esr <not-affected> (Only Firefox on Android)
	- firefox <not-affected> (Only Firefox on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-43/
CVE-2016-2812 (Race condition in the get implementation in the ServiceWorkerManager c ...)
	- iceweasel <not-affected> (Only Firefox 46)
	- firefox-esr <not-affected> (Only Firefox 46)
	- firefox 46.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-42/
CVE-2016-2811 (Use-after-free vulnerability in the ServiceWorkerInfo class in the Ser ...)
	- iceweasel <not-affected> (Only Firefox 46)
	- firefox-esr <not-affected> (Only Firefox 46)
	- firefox 46.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-42/
CVE-2016-2810 (Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to  ...)
	- iceweasel <not-affected> (Only Firefox on Android)
	- firefox-esr <not-affected> (Only Firefox on Android)
	- firefox <not-affected> (Only Firefox on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-41/
CVE-2016-2809 (The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 ...)
	- iceweasel <not-affected> (Only Firefox on Windows)
	- firefox-esr <not-affected> (Only Firefox on Windows)
	- firefox <not-affected> (Only Firefox on Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-40/
CVE-2016-2808 (The watch implementation in the JavaScript engine in Mozilla Firefox b ...)
	{DSA-3559-1}
	- iceweasel <removed>
	- firefox-esr 45.1.0esr-1
	- firefox 46.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-47/
CVE-2016-2807 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-3576-1 DSA-3559-1 DLA-472-1}
	- iceweasel <removed>
	- firefox-esr 45.1.0esr-1
	- firefox 46.0-1
	- icedove 1:45.1.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/
CVE-2016-2806 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-3601-1 DLA-519-1}
	- iceweasel <not-affected> (Only Firefox 45.x)
	- firefox-esr 45.1.0esr-1
	- firefox 46.0-1
	- icedove 1:45.1.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/
CVE-2016-2805 (Unspecified vulnerability in the browser engine in Mozilla Firefox ESR ...)
	{DSA-3576-1 DSA-3559-1 DLA-472-1}
	- iceweasel <removed>
	- firefox-esr <not-affected> (Only affects Firefox ESR 38.x)
	- firefox <not-affected> (Only affects Firefox ESR 38.x)
	- icedove 1:45.1.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/
CVE-2016-2804 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel <not-affected> (Only Firefox 46)
	- firefox-esr <not-affected> (Only Firefox 46)
	- firefox 46.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/
CVE-2016-2803 (Cross-site scripting (XSS) vulnerability in the dependency graphs in B ...)
	- bugzilla4 <itp> (bug #669643)
	- bugzilla <removed>
CVE-2016-2802 (The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphit ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2801 (The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp i ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2800 (The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2799 (Heap-based buffer overflow in the graphite2::Slot::setAttr function in ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2798 (The graphite2::GlyphCache::Loader::Loader function in Graphite 2 befor ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2797 (The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 be ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2796 (Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code f ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2795 (The graphite2::FileFace::get_table_fn function in Graphite 2 before 1. ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2794 (The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphi ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2793 (CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox  ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2792 (The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2791 (The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6,  ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2790 (The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3 ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2789 (Cross-site scripting (XSS) vulnerability in the Web User Interface in  ...)
	NOT-FOR-US: Citrix
CVE-2016-2841 (The ne2000_receive function in the NE2000 NIC emulation support (hw/ne ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-1 (bug #817181)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=415ab35a441eca767d033a2702223e785b9d5190 (v2.6.0-rc0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1303106
	NOTE: https://www.openwall.com/lists/oss-security/2016/03/02/8
CVE-2016-2788 (MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise ...)
	- mcollective 2.12.0+dfsg-1 (bug #850968)
	[jessie] - mcollective <no-dsa> (Minor issue)
	[wheezy] - mcollective <no-dsa> (Minor issue)
	NOTE: https://puppet.com/security/cve/cve-2016-2788
	NOTE: https://github.com/puppetlabs/marionette-collective/commit/4918a0f136aea04452b48a1ba29eb9aabcf5c97d
CVE-2016-2787 (The Puppet Communications Protocol in Puppet Enterprise 2015.3.x befor ...)
	- puppet <not-affected> (Specific to Puppet Enterprise)
CVE-2016-2786 (The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3  ...)
	- puppet <not-affected> (pxp-agent not packaged in Debian)
	NOTE: https://puppet.com/security/cve/cve-2016-2786
CVE-2016-2785 (Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before  ...)
	- puppet <not-affected> (Vulnerable code only in 4.x)
	NOTE: https://puppet.com/security/cve/cve-2016-2785
	NOTE: https://github.com/puppetlabs/puppet/pull/4921/commits/8d2ce797db265720f0a20d1d46ee2757b4e4f6b2
CVE-2016-2784 (CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Ca ...)
	NOT-FOR-US: CMS Made Simple
CVE-2016-2783 (Avaya Fabric Connect Virtual Services Platform (VSP) Operating System  ...)
	NOT-FOR-US: Avaya
CVE-2016-2780 (Untrusted search path vulnerability in Huawei UTPS before UTPS-V200R00 ...)
	NOT-FOR-US: Huawei UTPS
CVE-2016-2778
	RESERVED
CVE-2016-2777
	REJECTED
CVE-2016-2776 (buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4- ...)
	{DSA-3680-1 DLA-645-1}
	[experimental] - bind9 1:9.10.4-P5-1
	- bind9 1:9.10.3.dfsg.P4-11 (bug #839010)
	NOTE: https://kb.isc.org/article/AA-01419
CVE-2016-2775 (ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x befo ...)
	{DSA-3680-1 DLA-645-1}
	[experimental] - bind9 1:9.10.4-P5-1
	- bind9 1:9.10.3.dfsg.P4-11 (bug #831796)
	NOTE: https://kb.isc.org/article/AA-01393/74/CVE-2016-2775
CVE-2016-2774 (ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 doe ...)
	{DLA-2003-1}
	- isc-dhcp 4.3.4-1 (bug #817158)
	[wheezy] - isc-dhcp <no-dsa> (Minor issue)
	NOTE: https://kb.isc.org/article/AA-01354
	NOTE: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commitdiff;h=0b209ea5cc333255e055113fa2ad636dda681a21
CVE-2016-2773
	REJECTED
CVE-2016-2772
	REJECTED
CVE-2016-2771
	REJECTED
CVE-2016-2770
	REJECTED
CVE-2016-2769
	REJECTED
CVE-2016-2768
	REJECTED
CVE-2016-2767
	REJECTED
CVE-2016-2766
	REJECTED
CVE-2016-2765
	REJECTED
CVE-2016-2764
	REJECTED
CVE-2016-2763
	REJECTED
CVE-2016-2762
	REJECTED
CVE-2016-2761
	REJECTED
CVE-2016-2760
	REJECTED
CVE-2016-2759
	REJECTED
CVE-2016-2758
	REJECTED
CVE-2016-2757
	REJECTED
CVE-2016-2756
	REJECTED
CVE-2016-2755
	REJECTED
CVE-2016-2754
	REJECTED
CVE-2016-2753
	REJECTED
CVE-2016-2752
	REJECTED
CVE-2016-2751
	REJECTED
CVE-2016-2750
	REJECTED
CVE-2016-2749
	REJECTED
CVE-2016-2748
	REJECTED
CVE-2016-2747
	REJECTED
CVE-2016-2746
	REJECTED
CVE-2016-2745
	REJECTED
CVE-2016-2744
	REJECTED
CVE-2016-2743
	REJECTED
CVE-2016-2742
	REJECTED
CVE-2016-2741
	REJECTED
CVE-2016-2740
	REJECTED
CVE-2016-2739
	REJECTED
CVE-2016-2738
	REJECTED
CVE-2016-2737
	REJECTED
CVE-2016-2736
	REJECTED
CVE-2016-2735
	REJECTED
CVE-2016-2734
	REJECTED
CVE-2016-2733
	REJECTED
CVE-2016-2732
	REJECTED
CVE-2016-2731
	REJECTED
CVE-2016-2730
	REJECTED
CVE-2016-2729
	REJECTED
CVE-2016-2728
	REJECTED
CVE-2016-2727
	REJECTED
CVE-2016-2726
	REJECTED
CVE-2016-2725
	REJECTED
CVE-2016-2724
	REJECTED
CVE-2016-2723
	REJECTED
CVE-2016-2722
	REJECTED
CVE-2016-2721
	REJECTED
CVE-2016-2720
	REJECTED
CVE-2016-2719
	REJECTED
CVE-2016-2718
	REJECTED
CVE-2016-2717
	REJECTED
CVE-2016-2716
	REJECTED
CVE-2016-2715
	REJECTED
CVE-2016-2714
	REJECTED
CVE-2016-2713
	REJECTED
CVE-2016-2712
	REJECTED
CVE-2016-2711
	REJECTED
CVE-2016-2710
	REJECTED
CVE-2016-2709
	REJECTED
CVE-2016-2708
	REJECTED
CVE-2016-2707
	REJECTED
CVE-2016-2706
	REJECTED
CVE-2016-2705
	REJECTED
CVE-2016-2704
	REJECTED
CVE-2016-2703
	REJECTED
CVE-2016-2702
	REJECTED
CVE-2016-2701
	REJECTED
CVE-2016-2700
	REJECTED
CVE-2016-2699
	REJECTED
CVE-2016-2698
	REJECTED
CVE-2016-2697
	REJECTED
CVE-2016-2696
	REJECTED
CVE-2016-2695
	REJECTED
CVE-2016-2694
	REJECTED
CVE-2016-2693
	REJECTED
CVE-2016-2692
	REJECTED
CVE-2016-2691
	REJECTED
CVE-2016-2690
	REJECTED
CVE-2016-2689
	REJECTED
CVE-2016-2688
	REJECTED
CVE-2016-2687
	REJECTED
CVE-2016-2686
	REJECTED
CVE-2016-2685
	REJECTED
CVE-2016-2684
	REJECTED
CVE-2016-2683
	REJECTED
CVE-2016-2682
	REJECTED
CVE-2016-2681
	REJECTED
CVE-2016-2680
	REJECTED
CVE-2016-2679
	REJECTED
CVE-2016-2678
	REJECTED
CVE-2016-2677
	REJECTED
CVE-2016-2676
	REJECTED
CVE-2016-2675
	REJECTED
CVE-2016-2674
	REJECTED
CVE-2016-2673
	REJECTED
CVE-2016-2672
	REJECTED
CVE-2016-2671
	REJECTED
CVE-2016-2670
	REJECTED
CVE-2016-2669
	REJECTED
CVE-2016-2668
	REJECTED
CVE-2016-2667
	REJECTED
CVE-2016-2666
	REJECTED
CVE-2016-2665
	REJECTED
CVE-2016-2664
	REJECTED
CVE-2016-2663
	REJECTED
CVE-2016-2662
	REJECTED
CVE-2016-2661
	REJECTED
CVE-2016-2660
	REJECTED
CVE-2016-2659
	REJECTED
CVE-2016-2658
	REJECTED
CVE-2016-2657
	REJECTED
CVE-2016-2656
	REJECTED
CVE-2016-2655
	REJECTED
CVE-2016-2654
	REJECTED
CVE-2016-2653
	REJECTED
CVE-2016-2652
	REJECTED
CVE-2016-2651
	REJECTED
CVE-2016-2650
	REJECTED
CVE-2016-2649
	REJECTED
CVE-2016-2648
	REJECTED
CVE-2016-2647
	REJECTED
CVE-2016-2646
	REJECTED
CVE-2016-2645
	REJECTED
CVE-2016-2644
	REJECTED
CVE-2016-2643
	REJECTED
CVE-2016-2642
	REJECTED
CVE-2016-2641
	REJECTED
CVE-2016-2640
	REJECTED
CVE-2016-2639
	REJECTED
CVE-2016-2638
	REJECTED
CVE-2016-2637
	REJECTED
CVE-2016-2636
	REJECTED
CVE-2016-2635
	REJECTED
CVE-2016-2634
	REJECTED
CVE-2016-2633
	REJECTED
CVE-2016-2632
	REJECTED
CVE-2016-2631
	REJECTED
CVE-2016-2630
	REJECTED
CVE-2016-2629
	REJECTED
CVE-2016-2628
	REJECTED
CVE-2016-2627
	REJECTED
CVE-2016-2626
	REJECTED
CVE-2016-2625
	REJECTED
CVE-2016-2624
	REJECTED
CVE-2016-2623
	REJECTED
CVE-2016-2622
	REJECTED
CVE-2016-2621
	REJECTED
CVE-2016-2620
	REJECTED
CVE-2016-2619
	REJECTED
CVE-2016-2618
	REJECTED
CVE-2016-2617
	REJECTED
CVE-2016-2616
	REJECTED
CVE-2016-2615
	REJECTED
CVE-2016-2614
	REJECTED
CVE-2016-2613
	REJECTED
CVE-2016-2612
	REJECTED
CVE-2016-2611
	REJECTED
CVE-2016-2610
	REJECTED
CVE-2016-2609
	REJECTED
CVE-2016-2608
	REJECTED
CVE-2016-2607
	REJECTED
CVE-2016-2606
	REJECTED
CVE-2016-2605
	REJECTED
CVE-2016-2604
	REJECTED
CVE-2016-2603
	REJECTED
CVE-2016-2602
	REJECTED
CVE-2016-2601
	REJECTED
CVE-2016-2600
	REJECTED
CVE-2016-2599
	REJECTED
CVE-2016-2598
	REJECTED
CVE-2016-2597
	REJECTED
CVE-2016-2596
	REJECTED
CVE-2016-2595
	REJECTED
CVE-2016-2594
	REJECTED
CVE-2016-2593
	REJECTED
CVE-2016-2592
	REJECTED
CVE-2016-2591
	REJECTED
CVE-2016-2590
	REJECTED
CVE-2016-2589
	REJECTED
CVE-2016-2588
	REJECTED
CVE-2016-2587
	REJECTED
CVE-2016-2586
	REJECTED
CVE-2016-2585
	REJECTED
CVE-2016-2584
	REJECTED
CVE-2016-2583
	REJECTED
CVE-2016-2582
	REJECTED
CVE-2016-2581
	REJECTED
CVE-2016-2580
	REJECTED
CVE-2016-2579
	REJECTED
CVE-2016-2578
	REJECTED
CVE-2016-2577
	REJECTED
CVE-2016-2576
	REJECTED
CVE-2016-2575
	REJECTED
CVE-2016-2574
	REJECTED
CVE-2016-XXXX [unsafe use of /tmp]
	- wine 4.0~rc1-1 (unimportant; bug #816034)
	- wine-development 3.12-2 (unimportant; bug #903622)
	NOTE: Negligible security impact
CVE-2016-XXXX [remote memory disclosure]
	- node-ws 1.0.1+ds1.e6ddaae4-1 (unimportant)
	NOTE: fixed in 1.0.1
	NOTE: https://nodesecurity.io/advisories/67
	NOTE: nodejs not covered by security support
CVE-2016-2782 (The treo_attach function in drivers/usb/serial/visor.c in the Linux ke ...)
	- linux 4.4.2-1
	[jessie] - linux 3.16.7-ckt25-1
	[wheezy] - linux 3.2.78-1
	- linux-2.6 <removed>
	NOTE: Upstream commit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0 (v4.5-rc2)
CVE-2016-2781 (chroot in GNU coreutils, when used with --userspec, allows local users ...)
	- coreutils <unfixed> (low; bug #816320)
	[buster] - coreutils <ignored> (Minor issue)
	[stretch] - coreutils <ignored> (Minor issue)
	[jessie] - coreutils <ignored> (Minor issue)
	[wheezy] - coreutils <ignored> (Minor issue)
	NOTE: Restricting ioctl on the kernel side seems the better approach, but rejected by Linux upstream
	NOTE: Fixing this issue via setsid() would introduce regressions:
	NOTE: https://www.kernel.org/pub/linux/utils/util-linux/v2.28/v2.28-ReleaseNotes
CVE-2016-2779 (runuser in util-linux allows local users to escape to the parent sessi ...)
	- util-linux 2.31.1-0.1 (bug #815922)
	[stretch] - util-linux <no-dsa> (Minor issue)
	[jessie] - util-linux <no-dsa> (Minor issue)
	[wheezy] - util-linux <not-affected> (runuser[.c] not yet present)
	[squeeze] - util-linux <not-affected> (runuser[.c] not yet present)
	NOTE: Restricting ioctl on the kernel side seems the better approach, patches have been posted to kernel-hardening list
	NOTE: https://www.openwall.com/lists/oss-security/2016/02/27/1
	NOTE: https://marc.info/?l=util-linux-ng&m=145694736107128&w=2
	NOTE: 2.31 introduces a new --pty option to separate privileged and unprivileged
	NOTE: shells (not enabled by default and the cli switch is necessary).
CVE-2016-XXXX [Partial SMAP bypass on 64-bit Linux kernels]
	- linux 4.4.4-1
	[jessie] - linux 3.16.7-ckt25-2+deb8u1
	[wheezy] - linux <not-affected> (Introduced in 3.10)
	- linux-2.6 <not-affected> (Introduced in 3.10)
	NOTE: Introduced by: https://git.kernel.org/linus/63bcff2a307b9bcc712a8251eb27df8b2e117967 (v3.10-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/3d44d51bd339766f0178f0cf2e8d048b4a4872aa (v4.5-rc6)
	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/02/26/6
CVE-2016-7575
	REJECTED
CVE-2016-2573
	RESERVED
CVE-2016-2567 (secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXU ...)
	NOT-FOR-US: Samsung
CVE-2016-2566 (Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devic ...)
	NOT-FOR-US: Samsung
CVE-2016-2565 (Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devic ...)
	NOT-FOR-US: Samsung
CVE-2016-2564 (Invision Power Services (IPS) Community Suite before 4.1.9 makes sessi ...)
	NOT-FOR-US: Invision Power Services
CVE-2016-2563 (Stack-based buffer overflow in the SCP command-line utility in PuTTY b ...)
	- putty 0.67-1 (bug #816921)
	[jessie] - putty <no-dsa> (Minor issue)
	[wheezy] - putty <no-dsa> (Minor issue)
	NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html
	NOTE: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=bc6c15ab5f636e05b7e91883f0031a7e06117947
	NOTE: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-2563
CVE-2016-2562 (The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5 ...)
	- phpmyadmin 4:4.5.5.1-1 (unimportant)
	[jessie] - phpmyadmin <not-affected>
	[wheezy] - phpmyadmin <not-affected>
	NOTE: vulnerabilty is only in the test suite
CVE-2016-2561 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4. ...)
	{DSA-3627-1}
	- phpmyadmin 4:4.5.5.1-1
	[wheezy] - phpmyadmin <not-affected>
CVE-2016-2560 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0. ...)
	{DSA-3627-1 DLA-481-1}
	- phpmyadmin 4:4.5.5.1-1 (low)
	NOTE: 7ddce5e39a4e12cd351732955394bc7055c280eb: file not present, vulnerability not found in wheezy
	NOTE: 0667ea8ac7519d7e642eade2686dc393d5faeae3: vulnerability present in 3.4.3.1, but code mysteriously not found in wheezy
	NOTE: fe3be9f4b9edd54dc39919e7dfeaaf4a67c1cf83: vulnerability introduced in 052fd61f (3.5.1)
	NOTE: b8f1e0f325f8f32bd82af64111d8c2e9055a363c and 73c8245a3d1893a710447957e28dcfb18d9b47ad present in wheezy and later, patch in lists.debian.org/87lh4fpyap.fsf@angela.anarcat.ath.cx
CVE-2016-2559 (Cross-site scripting (XSS) vulnerability in the format function in lib ...)
	- phpmyadmin 4:4.5.5.1-1 (low)
	[jessie] - phpmyadmin <not-affected>
	[wheezy] - phpmyadmin <not-affected>
CVE-2016-2572 (http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after ...)
	- squid3 <not-affected> (Only affects 4.x)
	- squid <not-affected> (Only affects 4.x)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch
CVE-2016-2571 (http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with  ...)
	{DSA-3522-1 DLA-445-1}
	- squid3 3.5.15-1 (bug #816011)
	- squid <not-affected> (Vulnerable code not present)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13990.patch
	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch
	NOTE: Upstream confirmed it does not affect squid 2.7.x
CVE-2016-2570 (The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x ...)
	- squid3 3.5.15-1 (bug #816011)
	[wheezy] - squid3 <no-dsa> (Minor issue, needs substantial backporting; too intrusive to backport)
	- squid <not-affected> (Vulnerable code not present)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13993.patch
	NOTE: http://bugs.squid-cache.org/show_bug.cgi?id=3870
	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14549.patch
	NOTE: Upstream confirmed it does not affect squid 2.7.x
	NOTE: It's maybe too instrusive to fix in 3.1 (squeeze and wheezy).
CVE-2016-2569 (Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append  ...)
	- squid3 3.5.15-1 (bug #816011)
	[wheezy] - squid3 <no-dsa> (Minor issue; needs substantial backporting; too intrusive to backport)
	- squid <not-affected> (Vulnerable code not present)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13998.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13999.patch
	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14552.patch
	NOTE: Upstream confirmed it does not affect squid 2.7.x
CVE-2016-2568 (pkexec, when used with --user nonpriv, allows local users to escape to ...)
	- policykit-1 <unfixed> (low; bug #816062; bug #812512)
	[buster] - policykit-1 <ignored> (Minor issue)
	[stretch] - policykit-1 <ignored> (Minor issue)
	[jessie] - policykit-1 <ignored> (Minor issue)
	[wheezy] - policykit-1 <ignored> (Minor issue)
	NOTE: Restricting ioctl on the kernel side seems the better approach
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1300746
CVE-2016-2558 (The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2016-2557 (The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2016-2556 (The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2016-2555 (SQL injection vulnerability in include/lib/mysql_connect.inc.php in AT ...)
	NOT-FOR-US: ATutor
CVE-2016-2553
	REJECTED
CVE-2016-2552
	RESERVED
CVE-2016-2551
	RESERVED
CVE-2016-3191 (The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39  ...)
	{DLA-441-1}
	- pcre3 2:8.38-2 (bug #815921)
	[jessie] - pcre3 2:8.35-3.3+deb8u3
	[wheezy] - pcre3 <no-dsa> (Minor issue)
	- pcre2 10.21-1 (bug #815920)
	NOTE: pcre3: http://vcs.pcre.org/pcre?view=revision&revision=1631
	NOTE: pcre2: http://vcs.pcre.org/pcre2?view=revision&revision=489
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1791
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1311503
CVE-2016-3162 (The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows  ...)
	{DSA-3498-1}
	- drupal8 <itp> (bug #756305)
	- drupal7 7.43-1
	- drupal6 <not-affected> (Only affects Drupal 7.x and Drupal 8.x)
	NOTE: https://www.drupal.org/SA-CORE-2016-001
	NOTE: https://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3163 (The XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might ...)
	{DSA-3498-1}
	- drupal7 7.43-1
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2016-001
	NOTE: https://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3164 (Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might al ...)
	{DSA-3498-1}
	- drupal8 <itp> (bug #756305)
	- drupal7 7.43-1
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2016-001
	NOTE: https://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3165 (The Form API in Drupal 6.x before 6.38 ignores access restrictions on  ...)
	- drupal7 <not-affected> (Only affects Drupal 6)
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2016-001
	NOTE: https://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3166 (CRLF injection vulnerability in the drupal_set_header function in Drup ...)
	- drupal7 <not-affected> (Only affects Drupal 6)
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2016-001
	NOTE: https://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3167 (Open redirect vulnerability in the drupal_goto function in Drupal 6.x  ...)
	- drupal7 <not-affected> (Only affects Drupal 6)
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2016-001
	NOTE: https://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3168 (The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might  ...)
	{DSA-3498-1}
	- drupal7 7.43-1
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2016-001
	NOTE: https://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3169 (The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows r ...)
	{DSA-3498-1}
	- drupal7 7.43-1
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2016-001
	NOTE: https://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3170 (The "have you forgotten your password" links in the User module in Dru ...)
	{DSA-3498-1}
	- drupal8 <itp> (bug #756305)
	- drupal7 7.43-1
	- drupal6 <not-affected> (Only affects Drupal 7.x and Drupal 8.x)
	NOTE: https://www.drupal.org/SA-CORE-2016-001
	NOTE: https://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3171 (Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before ...)
	- drupal7 <not-affected> (Only affects Drupal 6)
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2016-001
	NOTE: https://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-2541 (Audacity before 2.1.2 allows remote attackers to cause a denial of ser ...)
	- audacity 2.1.2-1 (unimportant)
	[jessie] - audacity <not-affected> (Vulnerable code not present)
	[wheezy] - audacity <not-affected> (vulnerable code not present)
	NOTE: http://wiki.audacityteam.org/wiki/Release_Notes_2.1.2
	NOTE: https://github.com/audacity/audacity/commit/85026f98958a8dcc09188be24a8db0385988e23f
	NOTE: Crash in desktop application, no security impact
CVE-2016-2540 (Audacity before 2.1.2 allows remote attackers to cause a denial of ser ...)
	{DLA-1277-1}
	- audacity 2.1.2-1 (unimportant)
	NOTE: http://wiki.audacityteam.org/wiki/Release_Notes_2.1.2
	NOTE: https://github.com/audacity/audacity/commit/407c1dc4b209111e4dbb3eec88f333aa8f69094c
	NOTE: https://github.com/audacity/audacity/commit/b5f2046286b266b10f87b764faa1586aee9c23ea
	NOTE: Crash in desktop application, no security impact
CVE-2016-2539 (Cross-site request forgery (CSRF) vulnerability in install_modules.php ...)
	NOT-FOR-US: ATutor
CVE-2016-2550 (The Linux kernel before 4.5 allows local users to bypass file-descript ...)
	{DSA-3503-1}
	- linux 4.4.4-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/linus/415e3d3e90ce9e18727e8843ae343eda5a58fad6 (v4.5-rc4)
	NOTE: Introduced by: https://git.kernel.org/linus/712f4aad406bb1ed67f3f98d04c044191f0ff593 (v4.5-rc1)
	NOTE: Technically wheezy-security and squeeze-lts are not affected by this CVE since the fix for
	NOTE: addressing CVE-2013-4312 was not applied.
CVE-2016-2549 (sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent ...)
	{DSA-3503-1}
	- linux 4.4.2-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2ba1fe7a06d3624f9a7586d672b55f08f7c670f3 (v4.5-rc1)
CVE-2016-2548 (sound/core/timer.c in the Linux kernel before 4.4.1 retains certain li ...)
	{DSA-3503-1}
	- linux 4.4.2-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d (v4.5-rc1)
CVE-2016-2547 (sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking  ...)
	{DSA-3503-1}
	- linux 4.4.2-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d (v4.5-rc1)
CVE-2016-2546 (sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect  ...)
	{DSA-3503-1}
	- linux 4.4.2-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af368027a49a751d6ff4ee9e3f9961f35bb4fede (v4.5-rc1)
CVE-2016-2545 (The snd_timer_interrupt function in sound/core/timer.c in the Linux ke ...)
	{DSA-3503-1}
	- linux 4.4.2-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee8413b01045c74340aa13ad5bdf905de32be736 (v4.5-rc1)
CVE-2016-2544 (Race condition in the queue_delete function in sound/core/seq/seq_queu ...)
	{DSA-3503-1}
	- linux 4.4.2-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3567eb6af614dac436c4b16a8d426f9faed639b3 (v4.5-rc1)
CVE-2016-2543 (The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientm ...)
	{DSA-3503-1}
	- linux 4.4.2-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=030e2c78d3a91dd0d27fef37e91950dde333eba1 (v4.5-rc1)
CVE-2016-2542 (Untrusted search path vulnerability in Flexera InstallShield through 2 ...)
	NOT-FOR-US: Flexera InstallShield
CVE-2016-2537 (The is-my-json-valid package before 2.12.4 for Node.js has an incorrec ...)
	NOT-FOR-US: is-my-json-valid package for Node.js
CVE-2016-2536 (Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Vi ...)
	NOT-FOR-US: SAP
CVE-2016-2535
	RESERVED
CVE-2016-2534
	RESERVED
CVE-2016-4421 (epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1 ...)
	{DSA-3516-1}
	- wireshark 2.0.2+ga16e22e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-18.html
	NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
	NOTE: Fixed versions: 2.0.2, 1.12.10
CVE-2016-4420 (The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attacker ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-17.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-4419 (epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-16.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-4418 (epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1 ...)
	{DSA-3516-1}
	- wireshark 2.0.2+ga16e22e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-15.html
	NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
	NOTE: Fixed versions: 2.0.2, 1.12.10
CVE-2016-4417 (Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A ...)
	{DSA-3516-1}
	- wireshark 2.0.2+ga16e22e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-14.html
	NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
	NOTE: Fixed versions: 2.0.2, 1.12.10
CVE-2016-4416 (epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wir ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-13.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-4415 (wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x befo ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-12.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-2532 (The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c  ...)
	{DSA-3516-1}
	- wireshark 2.0.2+ga16e22e-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-11.html
	NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
	NOTE: Fixed versions: 2.0.2, 1.12.10
CVE-2016-2531 (Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector  ...)
	{DSA-3516-1}
	- wireshark 2.0.2+ga16e22e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-10.html
	NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
	NOTE: Fixed versions: 2.0.2, 1.12.10
CVE-2016-2530 (The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c i ...)
	{DSA-3516-1}
	- wireshark 2.0.2+ga16e22e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-10.html
	NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
	NOTE: Fixed versions: 2.0.2, 1.12.10
CVE-2016-2529 (The iseries_check_file_type function in wiretap/iseries.c in the iSeri ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-09.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-2528 (The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in t ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-08.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-2527 (wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-07.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-2526 (epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2 ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-06.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-2525 (epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2. ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-05.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-2524 (epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark  ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Only affects 2.0.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.0.x)
	[squeeze] - wireshark <not-affected> (Only affects 2.0.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-04.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-2523 (The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in ...)
	{DSA-3516-1}
	- wireshark 2.0.2+ga16e22e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-03.html
	NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
	NOTE: Fixed versions: 2.0.2, 1.12.10
CVE-2016-2522 (The dissect_ber_constrained_bitstring function in epan/dissectors/pack ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Only affects 2.0.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.0.x)
	[squeeze] - wireshark <not-affected> (Only affects 2.0.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-02.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-2521 (Untrusted search path vulnerability in the WiresharkApplication class  ...)
	- wireshark <not-affected> (Windows-specific)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-01.html
	NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
	NOTE: Fixed versions: 2.0.2, 1.12.10
CVE-2016-2520
	RESERVED
CVE-2016-2519 (ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attac ...)
	- ntp 1:4.2.8p7+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
CVE-2016-2518 (The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x befor ...)
	{DSA-3629-1 DLA-559-1}
	- ntp 1:4.2.8p7+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
CVE-2016-2517 (NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to  ...)
	- ntp 1:4.2.8p7+dfsg-1 (unimportant)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
	NOTE: not a security issue, anyone with the privileges for remote configuration can
	NOTE: cause trouble anyway
CVE-2016-2516 (NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, all ...)
	{DSA-3629-1 DLA-559-1}
	- ntp 1:4.2.8p7+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
CVE-2016-2514
	RESERVED
CVE-2016-2513 (The password hasher in contrib/auth/hashers.py in Django before 1.8.10 ...)
	{DSA-3544-1}
	- python-django 1.9.4-1 (bug #816434)
	NOTE: https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
CVE-2016-2512 (The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x  ...)
	{DSA-3544-1}
	- python-django 1.9.4-1 (bug #816434)
	NOTE: https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
CVE-2016-2538 (Multiple integer overflows in the USB Net device emulator (hw/usb/dev- ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-1 (bug #815680)
	[wheezy] - qemu <no-dsa> (Minor issue)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03658.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1303120
	NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commit;h=fe3c546c5ff2a6210f9a4d8561cc64051ca8603e (v2.6.0-rc0)
	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=6c9f886ceae5b998dc2b9af2bf77666941689bce (v0.10.0)
	NOTE: https://www.openwall.com/lists/oss-security/2016/02/22/3
CVE-2016-2515 (Hawk before 3.1.3 and 4.x before 4.1.1 allow remote attackers to cause ...)
	NOT-FOR-US: NodeJS Hawk
CVE-2016-2511 (Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier a ...)
	{DSA-3490-1 DLA-428-1}
	- websvn <removed>
CVE-2016-2509 (The password-sync feature on Belden Hirschmann Classic Platform switch ...)
	NOT-FOR-US: Belden Hirschmann Classic Platform switches
CVE-2016-2508 (media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver  ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-2507 (Integer overflow in codecs/on2/h264dec/source/h264bsd_storage.c in lib ...)
	NOT-FOR-US: libstagefright
CVE-2016-2506 (DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x befor ...)
	NOT-FOR-US: libstagefright
CVE-2016-2505 (mpeg2ts/ATSParser.cpp in libstagefright in mediaserver in Android 6.x  ...)
	NOT-FOR-US: libstagefright
CVE-2016-2504 (The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2503 (The Qualcomm GPU driver in Android before 2016-07-05 on Nexus 5X and 6 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2502 (drivers/usb/gadget/f_serial.c in the Qualcomm USB driver in Android be ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2501 (The Qualcomm camera driver in Android before 2016-07-05 on Nexus 5X, 6 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2500 (Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, an ...)
	NOT-FOR-US: Android
CVE-2016-2499 (AudioSource.cpp in libstagefright in mediaserver in Android 4.x before ...)
	NOT-FOR-US: libstagefright
CVE-2016-2498 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (201 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2497 (services/core/java/com/android/server/pm/PackageManagerService.java in ...)
	NOT-FOR-US: Android
CVE-2016-2496 (The Framework UI permission-dialog implementation in Android 6.x befor ...)
	NOT-FOR-US: Android
CVE-2016-2495 (SampleTable.cpp in libstagefright in mediaserver in Android 4.x before ...)
	NOT-FOR-US: libstagefright
CVE-2016-2494 (Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x ...)
	NOT-FOR-US: libstagefright
CVE-2016-2493 (The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, Nex ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2016-2492 (The MediaTek power-management driver in Android before 2016-06-01 on A ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-2491 (The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devic ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-2490 (The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devic ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-2489 (The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2488 (The Qualcomm camera driver in Android before 2016-06-01 on Nexus 5, 5X ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2487 (libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x befor ...)
	NOT-FOR-US: libstagefright
CVE-2016-2486 (mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x bef ...)
	NOT-FOR-US: libstagefright
CVE-2016-2485 (libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x befor ...)
	NOT-FOR-US: libstagefright
CVE-2016-2484 (libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x befor ...)
	NOT-FOR-US: libstagefright
CVE-2016-2483 (The mm-video-v4l2 venc component in mediaserver in Android 4.x before  ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-2482 (The mm-video-v4l2 vdec component in mediaserver in Android 4.x before  ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-2481 (The mm-video-v4l2 venc component in mediaserver in Android 4.x before  ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-2480 (The mm-video-v4l2 vidc component in mediaserver in Android 4.x before  ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-2479 (The mm-video-v4l2 vdec component in mediaserver in Android 4.x before  ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-2478 (mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in And ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-2477 (mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in And ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-2476 (mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x bef ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-2475 (The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, Nex ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2016-2474 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 5X dev ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2473 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (201 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2472 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (201 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2471 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (201 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2470 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (201 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2469 (The Qualcomm sound driver in Android before 2016-06-01 on Nexus 5, 6,  ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2468 (The Qualcomm GPU driver in Android before 2016-06-01 on Nexus 5, 5X, 6 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2467 (The Qualcomm sound driver in Android before 2016-06-01 on Nexus 5 devi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2466 (The Qualcomm sound driver in Android before 2016-06-01 on Nexus 6 devi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2465 (The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2464 (libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x be ...)
	- libvpx 1.6.1-1
	[jessie] - libvpx <not-affected> (libwebm not yet present)
	[wheezy] - libvpx <not-affected> (libwebm not yet present)
	NOTE: probably fixed earlier, but this was the version checked
CVE-2016-2463 (Multiple integer overflows in the h264dec component in libstagefright  ...)
	NOT-FOR-US: libstagefright
CVE-2016-2462 (OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 misha ...)
	NOT-FOR-US: Android
CVE-2016-2461 (OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 misha ...)
	NOT-FOR-US: Android
CVE-2016-2460 (mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x bef ...)
	NOT-FOR-US: Android
CVE-2016-2459 (mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x bef ...)
	NOT-FOR-US: Android
CVE-2016-2458 (The compose functionality in AOSP Mail in Android 5.0.x before 5.0.2,  ...)
	NOT-FOR-US: Android
CVE-2016-2457 (server/pm/UserManagerService.java in Wi-Fi in Android 5.0.x before 5.0 ...)
	NOT-FOR-US: Android
CVE-2016-2456 (The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One  ...)
	NOT-FOR-US: Android
CVE-2016-2455
	REJECTED
CVE-2016-2454 (The Qualcomm hardware video codec in Android before 2016-05-01 on Nexu ...)
	NOT-FOR-US: Android
CVE-2016-2453 (The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One  ...)
	NOT-FOR-US: Android
CVE-2016-2452 (codecs/amrnb/dec/SoftAMR.cpp in libstagefright in mediaserver in Andro ...)
	NOT-FOR-US: Android
CVE-2016-2451 (codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android ...)
	NOT-FOR-US: Android
CVE-2016-2450 (codecs/on2/enc/SoftVPXEncoder.cpp in libstagefright in mediaserver in  ...)
	NOT-FOR-US: Android
CVE-2016-2449 (services/camera/libcameraservice/device3/Camera3Device.cpp in mediaser ...)
	NOT-FOR-US: Android
CVE-2016-2448 (media/libmediaplayerservice/nuplayer/NuPlayerStreamListener.cpp in med ...)
	NOT-FOR-US: Android
CVE-2016-2447
	REJECTED
CVE-2016-2446 (The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 device ...)
	NOT-FOR-US: Android
CVE-2016-2445 (The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 device ...)
	NOT-FOR-US: Android
CVE-2016-2444 (The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 device ...)
	NOT-FOR-US: Android
CVE-2016-2443 (The Qualcomm MDP driver in Android before 2016-05-01 on Nexus 5 and Ne ...)
	NOT-FOR-US: Android
CVE-2016-2442 (The Qualcomm buspm driver in Android before 2016-05-01 on Nexus 5X, 6, ...)
	NOT-FOR-US: Android
CVE-2016-2441 (The Qualcomm buspm driver in Android before 2016-05-01 on Nexus 5X, 6, ...)
	NOT-FOR-US: Android
CVE-2016-2440 (libs/binder/IPCThreadState.cpp in Binder in Android 4.x before 4.4.4,  ...)
	NOT-FOR-US: Android
CVE-2016-2439 (Buffer overflow in btif/src/btif_dm.c in Bluetooth in Android 4.x befo ...)
	NOT-FOR-US: Android
CVE-2016-2438
	REJECTED
CVE-2016-2437 (The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 device ...)
	NOT-FOR-US: Android
CVE-2016-2436 (The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 device ...)
	NOT-FOR-US: Android
CVE-2016-2435 (The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 device ...)
	NOT-FOR-US: Android
CVE-2016-2434 (The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 device ...)
	NOT-FOR-US: Android
CVE-2016-2433 (The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphon ...)
	NOT-FOR-US: Broadcom Wi-Fi driver for Android
CVE-2016-2432 (The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus ...)
	NOT-FOR-US: Android
CVE-2016-2431 (The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus ...)
	NOT-FOR-US: Android
CVE-2016-2430 (libbacktrace/Backtrace.cpp in debuggerd in Android 4.x before 4.4.4, 5 ...)
	NOT-FOR-US: Android
CVE-2016-2429 (libFLAC/stream_decoder.c in mediaserver in Android 4.x before 4.4.4, 5 ...)
	NOT-FOR-US: Android
CVE-2016-2428 (libAACdec/src/aacdec_drc.cpp in mediaserver in Android 4.x before 4.4. ...)
	NOT-FOR-US: Android
CVE-2016-2427 (** DISPUTED ** The AES-GCM specification in RFC 5084, as used in Andro ...)
	NOT-FOR-US: Android
CVE-2016-2426 (server/content/ContentService.java in the Framework component in Andro ...)
	NOT-FOR-US: Android
CVE-2016-2425 (mail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before 4 ...)
	NOT-FOR-US: Android
CVE-2016-2424 (server/content/SyncStorageEngine.java in SyncStorageEngine in Android  ...)
	NOT-FOR-US: Android
CVE-2016-2423 (server/telecom/CallsManager.java in Telephony in Android 4.x before 4. ...)
	NOT-FOR-US: Android
CVE-2016-2422 (Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5. ...)
	NOT-FOR-US: Android
CVE-2016-2421 (Setup Wizard in Android 5.1.x before 5.1.1 and 6.x before 2016-04-01 a ...)
	NOT-FOR-US: Android
CVE-2016-2420 (rootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the / ...)
	NOT-FOR-US: Android
CVE-2016-2419 (media/libmedia/IDrm.cpp in mediaserver in Android 6.x before 2016-04-0 ...)
	NOT-FOR-US: Android
CVE-2016-2418 (media/libmedia/IOMX.cpp in mediaserver in Android 6.x before 2016-04-0 ...)
	NOT-FOR-US: Android
CVE-2016-2417 (media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5. ...)
	NOT-FOR-US: Android
CVE-2016-2416 (libs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before  ...)
	NOT-FOR-US: Android
CVE-2016-2415 (exchange/eas/EasAutoDiscover.java in the Autodiscover implementation i ...)
	NOT-FOR-US: Android
CVE-2016-2414 (The Minikin library in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, ...)
	NOT-FOR-US: Android
CVE-2016-2413 (media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2,  ...)
	NOT-FOR-US: Android
CVE-2016-2412 (include/core/SkPostConfig.h in Skia, as used in System_server in Andro ...)
	NOT-FOR-US: Android
CVE-2016-2411 (A Qualcomm Power Management kernel driver in Android 6.x before 2016-0 ...)
	NOT-FOR-US: Android
CVE-2016-2410 (A Qualcomm video kernel driver in Android 6.x before 2016-04-01 allows ...)
	NOT-FOR-US: Android
CVE-2016-2409 (A Texas Instruments (TI) haptic kernel driver in Android 6.x before 20 ...)
	NOT-FOR-US: Android
CVE-2016-2408 (An unspecified client-side component in Pulse Secure Desktop Client be ...)
	NOT-FOR-US: Pulse Secure Desktop Client
CVE-2016-2407
	REJECTED
CVE-2016-2406 (The permission control module in Huawei Document Security Management ( ...)
	NOT-FOR-US: Huawei
CVE-2016-2405 (Huawei Policy Center with software before V100R003C10SPC020 allows rem ...)
	NOT-FOR-US: Huawei
CVE-2016-2404 (Huawei switches S5700, S6700, S7700, S9700 with software V200R001C00SP ...)
	NOT-FOR-US: Huawei
CVE-2016-2403 (Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to b ...)
	{DSA-4262-1}
	- symfony 2.8.6+dfsg-1
	[jessie] - symfony <not-affected> (Vulnerable code not present)
	NOTE: http://symfony.com/blog/cve-2016-2403-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password
	NOTE: Original commit incomplete and did not test for 'null' password resulting in
	NOTE: CVE-2018-11407. Complete fix as per
	NOTE: https://github.com/symfony/symfony/pull/26589
	NOTE: https://github.com/symfony/symfony/commit/2f5bd18d82f4a8911d549d14c72bf935602834a9
CVE-2016-2510 (BeanShell (bsh) before 2.0b6, when included on the classpath by an app ...)
	{DSA-3504-1 DLA-443-1}
	- bsh 2.0b4-16
	NOTE: https://github.com/beanshell/beanshell/releases/tag/2.0b6
	NOTE: https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49
	NOTE: https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced
CVE-2016-2402 (OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle atta ...)
	NOT-FOR-US: OkHttp
CVE-2016-2401
	RESERVED
CVE-2016-2400
	RESERVED
CVE-2016-2399 (Integer overflow in the quicktime_read_pascal function in libquicktime ...)
	{DSA-3800-1 DLA-844-1}
	- libquicktime 2:1.2.4-10 (bug #855099)
	NOTE: PoC: http://www.nemux.org/2016/02/23/libquicktime-1-2-4/
CVE-2016-2398 (Comcast XFINITY Home Security System does not properly maintain base-s ...)
	NOT-FOR-US: XFINITY
CVE-2016-2397 (The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA  ...)
	NOT-FOR-US: Dell
CVE-2016-2396 (The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analy ...)
	NOT-FOR-US: Dell
CVE-2016-2395
	RESERVED
CVE-2016-2394
	RESERVED
CVE-2016-2393 (Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before ...)
	NOT-FOR-US: Lenovo
CVE-2016-2389 (Directory traversal vulnerability in the GetFileList function in the S ...)
	NOT-FOR-US: SAP
CVE-2016-2388 (The Universal Worklist Configuration in SAP NetWeaver 7.4 allows remot ...)
	NOT-FOR-US: SAP
CVE-2016-2387 (Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy  ...)
	NOT-FOR-US: SAP
CVE-2016-2386 (SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE E ...)
	NOT-FOR-US: SAP
CVE-2016-2392 (The is_rndis function in the USB Net device emulator (hw/usb/dev-netwo ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-1 (bug #815008)
	[wheezy] - qemu <no-dsa> (Minor issue)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=80eecda8e5d09c442c24307f340840a5b70ea3b9 (v2.6.0-rc0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1302299
CVE-2016-2391 (The ohci_bus_start function in the USB OHCI emulation support (hw/usb/ ...)
	{DLA-1599-1}
	- qemu 1:2.6+dfsg-1 (bug #815009)
	[wheezy] - qemu <no-dsa> (Minor issue)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=fa1298c2d623522eda7b4f1f721fcb935abb7360 (v2.6.0-rc0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1304794
	NOTE: https://www.openwall.com/lists/oss-security/2016/02/16/2
CVE-2016-2390 (The FwdState::connectedToPeer method in FwdState.cc in Squid before 3. ...)
	- squid 4.1-1 (unimportant)
	- squid3 3.5.14-1 (unimportant)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_1.txt
	NOTE: Only affects custom builds with --enable-ssl (disabled for license purposes in Debian)
CVE-2016-2382
	RESERVED
CVE-2016-2381 (Perl might allow context-dependent attackers to bypass the taint prote ...)
	{DSA-3501-1}
	- perl 5.22.1-8
	NOTE: http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076
CVE-2016-2380 (An information leak exists in the handling of the MXIT protocol in Pid ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0123/
	NOTE: http://www.pidgin.im/news/security/?id=96
	NOTE: https://bitbucket.org/pidgin/main/commits/8172584fd640
CVE-2016-2379 (The Mxit protocol uses weak encryption when encrypting user passwords, ...)
	NOTE: Mentioned at http://www.pidgin.im/news/security/?id=96 without further details
CVE-2016-2378 (A buffer overflow vulnerability exists in the handling of the MXIT pro ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0120/
	NOTE: http://www.pidgin.im/news/security/?id=94
	NOTE: https://bitbucket.org/pidgin/main/commits/06278419c703
CVE-2016-2377 (A buffer overflow vulnerability exists in the handling of the MXIT pro ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0119/
	NOTE: http://www.pidgin.im/news/security/?id=93
	NOTE: https://bitbucket.org/pidgin/main/commits/0f94ef13ab37
CVE-2016-2376 (A buffer overflow vulnerability exists in the handling of the MXIT pro ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0118/
	NOTE: http://www.pidgin.im/news/security/?id=92
	NOTE: https://bitbucket.org/pidgin/main/commits/19f89eda8587
CVE-2016-2375 (An exploitable out-of-bounds read exists in the handling of the MXIT p ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0143/
	NOTE: http://www.pidgin.im/news/security/?id=108
	NOTE: https://bitbucket.org/pidgin/main/commits/b786e9814536
CVE-2016-2374 (An exploitable memory corruption vulnerability exists in the handling  ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0142/
	NOTE: http://www.pidgin.im/news/security/?id=107
	NOTE: https://bitbucket.org/pidgin/main/commits/f6c08d962618
CVE-2016-2373 (A denial of service vulnerability exists in the handling of the MXIT p ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0141/
	NOTE: http://www.pidgin.im/news/security/?id=106
	NOTE: https://bitbucket.org/pidgin/main/commits/e6159ad42c4c
CVE-2016-2372 (An information leak exists in the handling of the MXIT protocol in Pid ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0140/
	NOTE: http://www.pidgin.im/news/security/?id=105
	NOTE: https://bitbucket.org/pidgin/main/commits/5e3601f8bde4
	NOTE: https://bitbucket.org/pidgin/main/commits/1c5197a66760
	NOTE: https://bitbucket.org/pidgin/main/commits/648f667a679c
CVE-2016-2371 (An out-of-bounds write vulnerability exists in the handling of the MXI ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0139/
	NOTE: http://www.pidgin.im/news/security/?id=104
	NOTE: https://bitbucket.org/pidgin/main/commits/f0287378203fbf496a9890bf273d96adefb93b74
CVE-2016-2370 (A denial of service vulnerability exists in the handling of the MXIT p ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0138/
	NOTE: http://www.pidgin.im/news/security/?id=103
	NOTE: https://bitbucket.org/pidgin/main/commits/5e3601f8bde4
	NOTE: https://bitbucket.org/pidgin/main/commits/1c5197a66760
	NOTE: https://bitbucket.org/pidgin/main/commits/648f667a679c
CVE-2016-2369 (A NULL pointer dereference vulnerability exists in the handling of the ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0137/
	NOTE: http://www.pidgin.im/news/security/?id=102
CVE-2016-2368 (Multiple memory corruption vulnerabilities exist in the handling of th ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0136/
	NOTE: http://www.pidgin.im/news/security/?id=101
	NOTE: https://bitbucket.org/pidgin/main/commits/60f95045db42
	NOTE: https://bitbucket.org/pidgin/main/commits/f6efc254e947
CVE-2016-2367 (An information leak exists in the handling of the MXIT protocol in Pid ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0135/
	NOTE: http://www.pidgin.im/news/security/?id=100
	NOTE: https://bitbucket.org/pidgin/main/commits/5e3601f8bde4
	NOTE: https://bitbucket.org/pidgin/main/commits/1c5197a66760
	NOTE: https://bitbucket.org/pidgin/main/commits/648f667a679c
CVE-2016-2366 (A denial of service vulnerability exists in the handling of the MXIT p ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0134/
	NOTE: http://www.pidgin.im/news/security/?id=99
	NOTE: https://bitbucket.org/pidgin/main/commits/abdc3025f6b8
CVE-2016-2365 (A denial of service vulnerability exists in the handling of the MXIT p ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0133/
	NOTE: http://www.pidgin.im/news/security/?id=98
	NOTE: https://bitbucket.org/pidgin/main/commits/1c4acc6977a8686ad980e5b820327c9c47dbeaca
CVE-2016-2364 (The Chrome HUDweb plugin before 2016-05-05 for Fonality (previously tr ...)
	NOT-FOR-US: Fonality
CVE-2016-2363 (Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 ...)
	NOT-FOR-US: Fonality
CVE-2016-2362 (Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 ...)
	NOT-FOR-US: Fonality
CVE-2016-2361
	RESERVED
CVE-2016-2360 (Milesight IP security cameras through 2016-11-14 have a default root p ...)
	NOT-FOR-US: Milesight IP security cameras
CVE-2016-2359 (Milesight IP security cameras through 2016-11-14 allow remote attacker ...)
	NOT-FOR-US: Milesight IP security cameras
CVE-2016-2358 (Milesight IP security cameras through 2016-11-14 have a default set of ...)
	NOT-FOR-US: Milesight IP security cameras
CVE-2016-2357 (Milesight IP security cameras through 2016-11-14 have a hardcoded SSL  ...)
	NOT-FOR-US: Milesight IP security cameras
CVE-2016-2356 (Milesight IP security cameras through 2016-11-14 have a buffer overflo ...)
	NOT-FOR-US: Milesight IP security cameras
CVE-2016-2355 (SQL injection vulnerability in the REST API in dotCMS before 3.3.2 all ...)
	NOT-FOR-US: dotCMS
CVE-2016-2354 (The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver befor ...)
	NOT-FOR-US: Lemur Vehicle Monitors BlueDriver
CVE-2016-2353 (The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows  ...)
	NOT-FOR-US: Accellion
CVE-2016-2352 (The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows  ...)
	NOT-FOR-US: Accellion
CVE-2016-2351 (SQL injection vulnerability in home/seos/courier/security_key2.api on  ...)
	NOT-FOR-US: Accellion
CVE-2016-2350 (Multiple cross-site scripting (XSS) vulnerabilities on the Accellion F ...)
	NOT-FOR-US: Accellion
CVE-2016-2349 (Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 ...)
	NOT-FOR-US: BMC
CVE-2016-2348
	RESERVED
CVE-2016-2347 (Integer underflow in the decode_level3_header function in lib/lha_file ...)
	{DSA-3540-1}
	- lhasa 0.3.1-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0095/
CVE-2016-2346 (Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unver ...)
	NOT-FOR-US: Allround Automations
CVE-2016-2345 (Stack-based buffer overflow in dwrcs.exe in the dwmrcs daemon in Solar ...)
	NOT-FOR-US: SolarWinds DameWare Mini Remote Control
CVE-2016-2344 (Stack-based buffer overflow in manager.exe in Backburner Manager in Au ...)
	NOT-FOR-US: Autodesk Backburner
CVE-2016-2343 (Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the  ...)
	NOT-FOR-US: Patterson Dental Eaglesoft 17
CVE-2016-2342 (The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI p ...)
	{DSA-3532-1}
	- quagga 1.0.20160315-1 (bug #819179)
	NOTE: http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442
	NOTE: https://www.kb.cert.org/vuls/id/270232
CVE-2016-2341
	RESERVED
CVE-2016-2340 (The AMF framework in Granite Data Services 3.1.1-SNAPSHOT allows remot ...)
	NOT-FOR-US: Granite
CVE-2016-2339 (An exploitable heap overflow vulnerability exists in the Fiddle::Funct ...)
	{DLA-1421-1}
	- ruby2.3 2.3.0-1
	- ruby2.1 <removed> (bug #851161)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0034/
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/bcc2421b4938fc1d9f5f3fb6ef2320571b27af42
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/de577357e80fa15f5cf13a81aa3decc783ea929e
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/4977af3c3d54d27167bfc237f1b2802c40bddc10
CVE-2016-2338 (An exploitable heap overflow vulnerability exists in the Psych::Emitte ...)
	{DLA-2158-1}
	- ruby2.3 2.3.0-1
	- ruby2.1 <removed>
	NOTE: https://talosintelligence.com/reports/TALOS-2016-0032
	NOTE: https://git.ruby-lang.org/ruby.git/commit/?id=db48c307944a9a18877236bdf9e9b778875f38ed
CVE-2016-2337 (Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Att ...)
	{DLA-1480-1}
	- ruby2.3 2.3.0-1
	- ruby2.1 <removed> (bug #851161)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0031/
	NOTE: https://github.com/ruby/ruby/commit/a2b8925a94a672235ca6a16e584bf09026a957ab
CVE-2016-2336 (Type confusion exists in two methods of Ruby's WIN32OLE class, ole_inv ...)
	- ruby2.3 <not-affected> (Windows-specific)
	- ruby2.1 <not-affected> (Windows-specific)
	NOTE: Vulnerable win32ole ruby extension not included in binary packages, specific to Windows
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0029/
CVE-2016-2335 (The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9 ...)
	{DSA-3599-1 DLA-510-1}
	- p7zip 15.14.1+dfsg-2 (bug #824160)
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0094/
CVE-2016-2334 (Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZli ...)
	- p7zip 15.14.1+dfsg-2 (bug #824160)
	[jessie] - p7zip <not-affected> (Introduced in 9.32)
	[wheezy] - p7zip <not-affected> (Introduced in 9.32)
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0093/
	NOTE: https://twitter.com/_Icewall/status/739731922998448129
CVE-2016-2333 (SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with  ...)
	NOT-FOR-US: SysLINK
CVE-2016-2332 (flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine (M2 ...)
	NOT-FOR-US: SysLINK
CVE-2016-2331 (The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular  ...)
	NOT-FOR-US: SysLINK
CVE-2016-2385 (Heap-based buffer overflow in the encode_msg function in encode_msg.c  ...)
	{DSA-3535-1}
	- kamailio 4.3.4-2 (bug #815178)
	NOTE: https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643
	NOTE: https://census-labs.com/news/2016/03/30/kamailio-seas-heap-overflow/
CVE-2016-2384 (Double free vulnerability in the snd_usbmidi_create function in sound/ ...)
	{DSA-3503-1 DLA-439-1}
	- linux 4.4.2-1
	- linux-2.6 <removed>
	NOTE: Fixed by: https://git.kernel.org/linus/07d86ca93db7e5cdf4743564d98292042ec21af7 (v4.5-rc4)
	NOTE: https://www.openwall.com/lists/oss-security/2016/02/14/2
	NOTE: https://xairy.github.io/blog/2016/cve-2016-2384
CVE-2016-2383 (The adjust_branches function in kernel/bpf/verifier.c in the Linux ker ...)
	- linux 4.4.2-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/a1b14d27ed0965838350f1377ff97c93ee383492 (v4.5-rc4)
	NOTE: Introduced by: https://git.kernel.org/linus/9bac3d6d548e5cc925570b263f35b70a00a00ffd (v4.1-rc1)
	NOTE: https://www.openwall.com/lists/oss-security/2016/02/14/1
CVE-2016-XXXX [exec functions ignore length but look for NULL termination]
	- php5 5.6.18+dfsg-1
	[jessie] - php5 5.6.19+dfsg-0+deb8u1
	[wheezy] - php5 5.4.45-0+deb7u7
	- php5.6 5.6.18+dfsg-1
	- php7.0 7.0.3-1
	[squeeze] - php5 5.3.3.1-7+squeeze29
	NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
	NOTE: https://bugs.php.net/bug.php?id=71039
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305494
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=c527549e899bf211aac7d8ab5ceb1bdfedf07f14
	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
CVE-2016-10712 (In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all o ...)
	{DLA-818-1}
	- php5 5.6.18+dfsg-1
	[jessie] - php5 5.6.19+dfsg-0+deb8u1
	- php5.6 5.6.18+dfsg-1
	- php7.0 7.0.3-1
	NOTE: https://bugs.php.net/bug.php?id=71323
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305523
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=6297a117d77fa3a0df2e21ca926a92c231819cd5
	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
CVE-2016-XXXX [Integer overflow in iptcembed()]
	- php5 5.6.18+dfsg-1
	[jessie] - php5 5.6.19+dfsg-0+deb8u1
	[wheezy] - php5 5.4.45-0+deb7u7
	- php5.6 5.6.18+dfsg-1
	- php7.0 7.0.3-1
	[squeeze] - php5 5.3.3.1-7+squeeze29
	NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
	NOTE: https://bugs.php.net/bug.php?id=71459
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305518
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=54c210d2ea9b8539edcde1888b1104b96b38e886
	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
	- hhvm 3.12.1+dfsg-1
	NOTE: https://github.com/facebook/hhvm/commit/381702ffbfdae170ba3fff97d6cc1b9c69666854
CVE-2016-4348 (The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows co ...)
	{DSA-3584-1 DLA-477-1}
	- librsvg 2.40.12-1
	NOTE: https://git.gnome.org/browse/librsvg/commit/?id=d1c9191949747f6dcfd207831d15dd4ba00e31f2 (2.40.12)
CVE-2016-4347
	REJECTED
CVE-2016-4346 (Integer overflow in the str_pad function in ext/standard/string.c in P ...)
	- php7.0 7.0.4-1
	- php5 <not-affected> (Only affects PHP7.x)
	NOTE: https://bugs.php.net/bug.php?id=71637
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=57b997ebf99e0eb9a073e0dafd2ab100bd4a112d
	NOTE: Reproducer: second test script 2.php in upstream bugreport
CVE-2016-4345 (Integer overflow in the php_filter_encode_url function in ext/filter/s ...)
	- php7.0 7.0.4-1
	- php5 <not-affected> (Only affects PHP7.x)
	NOTE: https://bugs.php.net/bug.php?id=71637
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=57b997ebf99e0eb9a073e0dafd2ab100bd4a112d
CVE-2016-4344 (Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in P ...)
	- php7.0 7.0.4-1
	- php5 <not-affected> (Only affects PHP7.x)
	NOTE: https://bugs.php.net/bug.php?id=71637
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=57b997ebf99e0eb9a073e0dafd2ab100bd4a112d
CVE-2016-4343 (The phar_make_dirstream function in ext/phar/dirstream.c in PHP before ...)
	{DLA-499-1}
	- php7.0 7.0.3-1
	- php5 5.6.18+dfsg-1
	[jessie] - php5 5.6.18+dfsg-0+deb8u1
	NOTE: https://bugs.php.net/bug.php?id=71331
	NOTE: Fixed in 7.0.3, 5.6.18
CVE-2016-4342 (ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and  ...)
	{DLA-818-1}
	- php5 5.6.18+dfsg-1
	[jessie] - php5 5.6.19+dfsg-0+deb8u1
	[wheezy] - php5 <no-dsa> (Minor issue, can be fixed in next update round)
	[squeeze] - php5 5.3.3.1-7+squeeze29
	- php5.6 5.6.18+dfsg-1
	- php7.0 7.0.3-1
	NOTE: https://bugs.php.net/bug.php?id=71354
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305536
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=13ad4d3e971807f9a58ab5933182907dc2958539
	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
CVE-2016-XXXX [NULL Pointer Dereference in phar_tar_setupmetadata()]
	- php5 5.6.18+dfsg-1
	[jessie] - php5 5.6.19+dfsg-0+deb8u1
	[wheezy] - php5 5.4.45-0+deb7u7
	- php5.6 5.6.18+dfsg-1
	- php7.0 7.0.3-1
	[squeeze] - php5 5.3.3.1-7+squeeze29
	NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
	NOTE: https://bugs.php.net/bug.php?id=71391
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305540
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=1c1b8b69982375700d4b011eb89ea48b66dbd5aa
	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
CVE-2016-2554 (Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5. ...)
	{DLA-818-1}
	- php5 5.6.18+dfsg-1
	[jessie] - php5 5.6.19+dfsg-0+deb8u1
	[wheezy] - php5 <no-dsa> (Minor issue, can be fixed in next update round)
	- php5.6 5.6.18+dfsg-1
	- php7.0 7.0.3-1
	NOTE: https://bugs.php.net/bug.php?id=71488
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305543
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=07c7df68bd68bbe706371fccc77c814ebb335d9e
	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
	NOTE: https://www.openwall.com/lists/oss-security/2016/02/22/5
CVE-2016-XXXX [Type confusion vulnerability in WDDX packet deserialization]
	- php5 5.6.18+dfsg-1
	[jessie] - php5 5.6.19+dfsg-0+deb8u1
	[wheezy] - php5 5.4.45-0+deb7u7
	- php5.6 5.6.18+dfsg-1
	- php7.0 7.0.3-1
	NOTE: https://bugs.php.net/bug.php?id=71335
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305559
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=285cd3417fb61597345b829f5f573707bbdcd484
	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
CVE-2016-XXXX [Crash on bad SOAP request]
	- php5 5.6.18+dfsg-1
	[jessie] - php5 5.6.19+dfsg-0+deb8u1
	[wheezy] - php5 5.4.45-0+deb7u7
	- php5.6 5.6.18+dfsg-1
	- php7.0 7.0.3-1
	[squeeze] - php5 5.3.3.1-7+squeeze29
	NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
	NOTE: https://bugs.php.net/bug.php?id=70979
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305551
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=4308c868f94df1f2b99e80038ba5ea1076d919a7
	NOTE: Fixed in 5.6.18, 7.0.3
CVE-2016-2330 (libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a  ...)
	- ffmpeg 2.8.6-1
	- libav <not-affected> (Libav not affected according to upstream)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=03d83ba34b2070878909eae18dfac0f519503777
CVE-2016-2329 (libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate Ro ...)
	- ffmpeg 2.8.6-1
	- libav <not-affected> (Vulnerable code not present in any Libav version)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=89f464e9c229006e16f6bb5403c5529fdd0a9edd
CVE-2016-2328 (libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate ...)
	- ffmpeg 2.8.6-1
	- libav <not-affected> (Vulnerable code not present)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ad3b6fa7d83db7de951ed891649af93a47e74be5
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=757248ea3cd917a7755cb15f817a9b1f15578718
CVE-2016-2327 (libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes i ...)
	- ffmpeg 2.8.5-1
	- libav <not-affected> (Vulnerable code not present)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f4c3e4b92212d98f5b9ca2dee13e076effe9589
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ec9c5ce8a753175244da971fed9f1e25aef7971
CVE-2016-2326 (Integer overflow in the asf_write_packet function in libavformat/asfen ...)
	{DSA-3506-1}
	- ffmpeg 2.8.5-1
	- libav <removed>
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7c0b84d89911b2035161f5ef51aafbfcc84aa9e2
CVE-2016-2325
	RESERVED
CVE-2016-2324 (Integer overflow in Git before 2.7.4 allows remote attackers to execut ...)
	{DSA-3521-1}
	- git 1:2.8.0~rc3-1 (bug #818318)
	NOTE: Removal of path_name: https://github.com/git/git/commit/9831e92bfa833ee9c0ce464bbc2f941ae6c2698d (v2.8.0-rc0)
	NOTE: https://www.openwall.com/lists/oss-security/2016/03/16/2
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=971328#c4
	- cgit <not-affected> (path_name function from embedded git is not called)
CVE-2016-2323
	RESERVED
CVE-2016-2322
	RESERVED
CVE-2016-2321
	RESERVED
CVE-2016-2320
	RESERVED
CVE-2016-2319
	RESERVED
CVE-2016-2315 (revision.c in git before 2.7.4 uses an incorrect integer data type, wh ...)
	{DSA-3521-1}
	- git 1:2.7.0-1 (bug #818318)
	NOTE: https://github.com/git/git/commit/34fa79a6cde56d6d428ab0d3160cb094ebad3305 (v2.7.0-rc0)
	- cgit <not-affected> (path_name function from embedded git is not called)
CVE-2016-2314 (GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices V200 ...)
	NOT-FOR-US: Huawei
CVE-2016-2318 (GraphicsMagick 1.3.23 allows remote attackers to cause a denial of ser ...)
	{DSA-3746-1 DLA-484-1}
	- graphicsmagick 1.3.24-1 (bug #814732)
	NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/e797bb0aec31
CVE-2016-2317 (Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attack ...)
	{DSA-3746-1 DLA-484-1}
	- graphicsmagick 1.3.24-1 (bug #814732)
	NOTE: FIX http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/98394eb235a6
	NOTE: FIX http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/52b59d2ef4a1
	NOTE: FIX http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ed8318ba6a
CVE-2016-2311 (Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ...)
	NOT-FOR-US: AlertWerks
CVE-2016-2310 (General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 swit ...)
	NOT-FOR-US: GE Multilink devices
CVE-2016-2309 (iRZ RUH2 before 2b does not validate firmware patches, which allows re ...)
	NOT-FOR-US: iRZ RUH2
CVE-2016-2308 (American Auto-Matrix Aspect-Nexus Building Automation Front-End Soluti ...)
	NOT-FOR-US: American Auto-Matrix
CVE-2016-2307 (American Auto-Matrix Aspect-Nexus Building Automation Front-End Soluti ...)
	NOT-FOR-US: American Auto-Matrix
CVE-2016-2306 (The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows re ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2016-2305 (Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5. ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2016-2304 (Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly f ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2016-2303 (CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2016-2302 (Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obta ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2016-2301 (SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522  ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2016-2300 (Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypa ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2016-2299 (SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522  ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2016-2298 (Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows r ...)
	NOT-FOR-US: Meteocontrol
CVE-2016-2297 (Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows r ...)
	NOT-FOR-US: Meteocontrol
CVE-2016-2296 (Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not ...)
	NOT-FOR-US: Meteocontrol
CVE-2016-2295 (Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, Mi ...)
	NOT-FOR-US: Moxa
CVE-2016-2294 (The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvi ...)
	NOT-FOR-US: Acuvim
CVE-2016-2293 (The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvi ...)
	NOT-FOR-US: Acuvim
CVE-2016-2292 (Stack-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.00 ...)
	NOT-FOR-US: Pro-face
CVE-2016-2291 (Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PF ...)
	NOT-FOR-US: Pro-face
CVE-2016-2290 (Heap-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000 ...)
	NOT-FOR-US: Pro-face
CVE-2016-2289 (Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allo ...)
	NOT-FOR-US: ICONICS WebHMI
	NOT-FOR-US: ICONICS
CVE-2016-2288 (Cogent DataHub before 7.3.10 allows local users to gain privileges by  ...)
	NOT-FOR-US: Cogent DataHub
CVE-2016-2287 (Cross-site scripting (XSS) vulnerability in XZERES 442SR OS on 442SR w ...)
	NOT-FOR-US: XZERES
CVE-2016-2286 (Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, Mi ...)
	NOT-FOR-US: Moxa
CVE-2016-2285 (Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort_E1_4 ...)
	NOT-FOR-US: Moxa
CVE-2016-2284
	REJECTED
CVE-2016-2283 (Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utili ...)
	NOT-FOR-US: Moxa ioLogik E2200 devices
CVE-2016-2282 (Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utili ...)
	NOT-FOR-US: Moxa ioLogik E2200 devices
CVE-2016-2281 (Untrusted search path vulnerability in ABB Panel Builder 800 5.1 allow ...)
	NOT-FOR-US: ABB Panel Builder
CVE-2016-2280 (Buffer overflow in RDISERVER in Honeywell Uniformance Process History  ...)
	NOT-FOR-US: Honeywell
CVE-2016-2279 (Cross-site scripting (XSS) vulnerability in the web server in Rockwell ...)
	NOT-FOR-US: CompactLogix
CVE-2016-2278 (Schneider Electric Struxureware Building Operations Automation Server  ...)
	NOT-FOR-US: Schneider Electric
CVE-2016-2277 (IAB.exe in Rockwell Automation Integrated Architecture Builder (IAB) b ...)
	NOT-FOR-US: Rockwell
CVE-2016-2276
	REJECTED
CVE-2016-2275 (The web interface on Advantech/B+B SmartWorx VESP211-EU devices with f ...)
	NOT-FOR-US: SmartWorx
CVE-2016-2274 (An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base ...)
	NOT-FOR-US: Adcon
CVE-2016-2273
	REJECTED
CVE-2016-2272 (Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attacke ...)
	NOT-FOR-US: Eaton Lighting
CVE-2016-2271 (VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows ...)
	{DSA-3519-1 DLA-479-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-170.html
CVE-2016-2270 (Xen 4.6.x and earlier allows local guest administrators to cause a den ...)
	{DSA-3519-1 DLA-479-1}
	- xen 4.8.0~rc3-1
	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-154.html
CVE-2016-2269
	RESERVED
CVE-2016-2268 (Dell SecureWorks app before 2.1 for iOS does not validate SSL certific ...)
	NOT-FOR-US: Dell
CVE-2016-2267
	REJECTED
CVE-2016-2266
	REJECTED
CVE-2016-2265
	REJECTED
CVE-2016-2264
	REJECTED
CVE-2016-2263
	REJECTED
CVE-2016-2262
	REJECTED
CVE-2016-2261
	REJECTED
CVE-2016-2260
	REJECTED
CVE-2016-2259
	REJECTED
CVE-2016-2258
	REJECTED
CVE-2016-2257
	REJECTED
CVE-2016-2256
	REJECTED
CVE-2016-2255
	REJECTED
CVE-2016-2254
	REJECTED
CVE-2016-2253
	REJECTED
CVE-2016-2252
	REJECTED
CVE-2016-2251
	REJECTED
CVE-2016-2250
	REJECTED
CVE-2016-2249
	REJECTED
CVE-2016-2248
	REJECTED
CVE-2016-2247
	REJECTED
CVE-2016-2246 (HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control pane ...)
	NOT-FOR-US: HP ThinPro
CVE-2016-2245 (HP Support Assistant before 8.1.52.1 allows remote attackers to bypass ...)
	NOT-FOR-US: HP Support Assistant
CVE-2016-2244 (HP LaserJet printers and MFPs and OfficeJet Enterprise printers with f ...)
	NOT-FOR-US: HP LaserJet Printers
CVE-2016-2243 (Sure Start on HP Commercial PCs 2015 allows local users to cause a den ...)
	NOT-FOR-US: HP Commercial PCs with Sure Start
CVE-2016-2313 (auth_login.php in Cacti before 0.8.8g allows remote authenticated user ...)
	{DLA-560-1}
	- cacti 0.8.8g+ds1-1 (bug #814353)
	[jessie] - cacti 0.8.8b+dfsg-8+deb8u5
	NOTE: http://svn.cacti.net/viewvc/cacti/tags/0.8.8g/docs/CHANGELOG?revision=7788&view=markup
	NOTE: http://bugs.cacti.net/view.php?id=2656
	NOTE: Upstream fix: http://svn.cacti.net/viewvc?view=rev&revision=7770
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=965930
	NOTE: https://www.openwall.com/lists/oss-security/2016/02/09/3
	NOTE: Only exploitable in non default setup
CVE-2016-2312 (Turning all screens off in Plasma-workspace and kscreenlocker while th ...)
	- plasma-workspace 4:5.4.3-2 (bug #814355)
	NOTE: Affects plasma-workspace < 5.5.0, kscreenlocker < 5.5.5
	NOTE: kscreenlocker is only in experimental
	NOTE: https://www.kde.org/info/security/advisory-20160209-1.txt
	NOTE: https://bugs.kde.org/show_bug.cgi?id=358125
	NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=964548
CVE-2016-XXXX [Stack corruption from crafted pattern]
	- pcre3 2:8.39-1 (bug #827564)
	[jessie] - pcre3 <no-dsa> (Minor issue)
	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
	[squeeze] - pcre3 <not-affected> (Vulnerable code not present)
	- pcre2 <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1780
	NOTE: Possibly introduced after http://vcs.pcre.org/pcre?view=revision&revision=1266
	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1638 (8.39)
CVE-2016-2242 (Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execu ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-2241
	RESERVED
CVE-2016-2240
	RESERVED
CVE-2016-2239
	RESERVED
CVE-2016-2238
	RESERVED
CVE-2016-2237
	RESERVED
CVE-2016-2236
	RESERVED
CVE-2016-2235
	RESERVED
CVE-2016-2234
	RESERVED
CVE-2016-2233 (Stack-based buffer overflow in the inbound_cap_ls function in common/i ...)
	- hexchat 2.12.0-1 (low)
	[jessie] - hexchat <no-dsa> (Minor issue, requires connection to a malicious server)
	NOTE: https://www.exploit-db.com/exploits/39657/
	NOTE: https://github.com/hexchat/hexchat/issues/1934
	NOTE: https://github.com/hexchat/hexchat/commit/4e061a43b3453a9856d34250c3913175c45afe9d
CVE-2016-2231 (The Windows-based Host Interface Program (WHIP) service on Huawei Smar ...)
	NOT-FOR-US: Huawei
CVE-2016-2230 (OpenELEC and RasPlex devices have a hardcoded password for the root ac ...)
	NOT-FOR-US: OpenELEC/ResPlex
CVE-2016-2229
	RESERVED
CVE-2016-2227
	RESERVED
CVE-2016-2226 (Integer overflow in the string_appends function in cplus-dem.c in libi ...)
	{DLA-552-1}
	- ht 2.1.0+repack1-1 (low; bug #840358)
	[jessie] - ht <no-dsa> (Minor issue)
	[wheezy] - ht <no-dsa> (Minor issue)
	- binutils 2.27.51.20161102-1 (low)
	[jessie] - binutils <ignored> (Minor issue)
	- libiberty 20161011-1 (low; bug #840360)
	[jessie] - libiberty <no-dsa> (Minor issue)
	[wheezy] - libiberty <no-dsa> (Minor issue)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687
	NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=234829
CVE-2016-2223
	RESERVED
CVE-2016-2220
	RESERVED
CVE-2016-2219 (Cross-site scripting (XSS) vulnerability in the management interface i ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2016-2218
	RESERVED
CVE-2016-2224 (The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before ...)
	{DLA-561-1}
	- uclibc <unfixed> (unimportant)
	NOTE: Just for cross-compiling, not used for actual packages
	NOTE: https://repo.or.cz/uclibc-ng.git/commit/d9c3a16dcab57d6b56225b9a67e9119cc9e2e4ac
	NOTE: https://www.openwall.com/lists/oss-security/2016/02/05/2
CVE-2016-2225 (The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng bef ...)
	{DLA-561-1}
	- uclibc <unfixed> (unimportant)
	NOTE: Just for cross-compiling, not used for actual packages
	NOTE: https://repo.or.cz/uclibc-ng.git/commit/6932f2282ba0578d6ca2f21eead920d6b78bc93c
	NOTE: https://www.openwall.com/lists/oss-security/2016/02/05/2
CVE-2016-2216 (The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6  ...)
	- nodejs 4.3.0~dfsg-1 (unimportant)
	NOTE: libv8 is not covered by security support
	NOTE: https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/
CVE-2016-2215
	RESERVED
CVE-2016-2214 (Cross-site scripting (XSS) vulnerability in an unspecified portal auth ...)
	NOT-FOR-US: Huawei
CVE-2016-2212 (The getOrderByStatusUrlKey function in the Mage_Rss_Helper_Order class ...)
	NOT-FOR-US: Magento
CVE-2016-2211 (The AntiVirus Decomposer engine in Symantec Advanced Threat Protection ...)
	NOT-FOR-US: Symantec
CVE-2016-2210 (Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in S ...)
	NOT-FOR-US: Symantec
CVE-2016-2209 (Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Sy ...)
	NOT-FOR-US: Symantec
CVE-2016-2208 (The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 befor ...)
	NOT-FOR-US: Symantec
CVE-2016-2207 (The AntiVirus Decomposer engine in Symantec Advanced Threat Protection ...)
	NOT-FOR-US: Symantec
CVE-2016-2206 (The management console in Symantec Workspace Streaming (SWS) 7.5.x bef ...)
	NOT-FOR-US: Symantec
CVE-2016-2205 (Directory traversal vulnerability in the file-download configuration f ...)
	NOT-FOR-US: Symantec
CVE-2016-2204 (The management console on Symantec Messaging Gateway (SMG) Appliance d ...)
	NOT-FOR-US: Symantec
CVE-2016-2203 (The management console on Symantec Messaging Gateway (SMG) Appliance d ...)
	NOT-FOR-US: Symantec
CVE-2016-2202 (The Inventory Solution component in the Management Agent in the client ...)
	NOT-FOR-US: Symantec
CVE-2016-2201 (Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attacker ...)
	NOTE: Siemens SIMATIC
CVE-2016-2200 (Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attacker ...)
	NOTE: Siemens SIMATIC
CVE-2016-4009 (Integer overflow in the ImagingResampleHorizontal function in libImagi ...)
	- pillow 3.1.1-1
	[jessie] - pillow <not-affected>
	- python-imaging <removed>
	[wheezy] - python-imaging <not-affected>
	[squeeze] - python-imaging <not-affected>
	NOTE: https://github.com/python-pillow/Pillow/commit/4e0d9b0b9740d258ade40cce248c93777362ac1e
	NOTE: Upstream confirmed that versions prior 2.7 are not vulnerable.
	NOTE: https://github.com/python-pillow/Pillow/pull/1714
	NOTE: https://github.com/python-pillow/Pillow/issues/1737
CVE-2016-2232 (Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before ...)
	{DSA-3700-1}
	- asterisk 1:13.7.2~dfsg-1
	[wheezy] - asterisk <no-dsa> (Minor issue)
	[squeeze] - asterisk <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2016-003.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-25603
	NOTE: issue was introduced in 2006 with commit 0f5e4e47, so squeeze and previous also vulnerable
	NOTE: patch for 11 / jessie: https://code.asterisk.org/code/changelog/asterisk?cs=da2573a3779425654543d6ac4c4dd6871ce16720
	NOTE: all versions vulnerable, backport required for wheezy
CVE-2016-2316 (chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and ...)
	{DSA-3700-1}
	- asterisk 1:13.7.2~dfsg-1
	[wheezy] - asterisk <no-dsa> (Minor issue)
	[squeeze] - asterisk <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2016-002.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-25397
	NOTE: issue introduced in ~2008 with the SIP timer support implementation (https://issues.asterisk.org/jira/browse/ASTERISK-4257 https://issues.asterisk.org/jira/browse/ASTERISK-5187), so squeeze also vulnerable
	NOTE: patch for jessie / 11: https://code.asterisk.org/code/changelog/asterisk?cs=882e85388295eac8eebd0b82e71a9af0a769b41f
	NOTE: all versions vulnerable, backport required for wheezy
CVE-2016-2228 (Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_me ...)
	{DSA-3497-1}
	- php-horde 5.2.9+debian0-1 (bug #813573)
	NOTE: https://bugs.horde.org/ticket/14213
	NOTE: http://lists.horde.org/archives/announce/2016/001140.html
	NOTE: https://github.com/horde/horde/commit/f03301cf6edcca57121a15e80014c4d0f29d99a0
	NOTE: https://github.com/horde/horde/commit/ab07a1b447de34e13983b4d7ceb18b58c3a358d8
	NOTE: https://www.openwall.com/lists/oss-security/2016/02/06/4
CVE-2016-7028
	REJECTED
CVE-2016-2199 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Orga ...)
	NOT-FOR-US: Enterprise Manager in McAfee Vulnerability Manager
CVE-2016-2213 (The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpe ...)
	- ffmpeg 7:2.8.6-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0aada30510d809bccfd539a90ea37b61188f2cb4
CVE-2016-2196 (Heap-based buffer overflow in the P-521 reduction function in Botan 1. ...)
	- botan1.10 <not-affected> (Introduced in 1.11.10)
	NOTE: Introduced in 1.11.10, fixed in 1.11.27
	NOTE: http://botan.randombit.net/security.html
CVE-2016-2195 (Integer overflow in the PointGFp constructor in Botan before 1.10.11 a ...)
	{DSA-3565-1 DLA-449-1}
	- botan1.10 1.10.12-1
	NOTE: Introduced in 1.9.18, fixed in 1.11.27 and 1.10.11
	NOTE: http://botan.randombit.net/security.html
CVE-2016-2194 (The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27  ...)
	{DSA-3565-1 DLA-449-1}
	- botan1.10 1.10.12-1
	NOTE: Introduced in 1.7.15, fixed in 1.11.27 and 1.10.11
	NOTE: http://botan.randombit.net/security.html
CVE-2016-2193 (PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-se ...)
	- postgresql-9.5 9.5.2-1
	- postgresql-9.4 <not-affected> (Only affects 9.5.x)
	- postgresql-9.1 <not-affected> (Only affects 9.5.x)
	- postgresql-8.4 <not-affected> (Only affects 9.5.x)
	NOTE: http://www.postgresql.org/about/news/1656/
	NOTE: http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=db69e58a0642ef7fa46d62f6c4cf2460c3a1b41b
CVE-2016-2192 (PostgreSQL PL/Java before 1.5.0 allows remote authenticated users to a ...)
	- postgresql-pljava <removed>
	[wheezy] - postgresql-pljava <no-dsa> (Minor issue)
CVE-2016-2191 (The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0. ...)
	{DSA-3546-1}
	- optipng 0.7.6-1 (bug #820068)
	NOTE: https://sourceforge.net/p/optipng/bugs/59/
	NOTE: https://www.openwall.com/lists/oss-security/2016/04/04/2
CVE-2016-2190 (Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x ...)
	- moodle 2.7.13+dfsg-1
CVE-2016-2189
	REJECTED
CVE-2016-2188 (The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Li ...)
	{DLA-922-1}
	- linux 4.9.16-1
	[jessie] - linux 3.16.43-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1317018
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283390
	NOTE: http://seclists.org/bugtraq/2016/Mar/87
	NOTE: http://marc.info/?l=linux-usb&m=145796659429788&w=2
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ec0ef3a82125efc36173062a50624550a900ae0
	NOTE: From kernel-sec triaging: the above commits only handles the case where there
	NOTE: are zero endpoints, but not the case where there are some endpoints but none of the expected type.
	NOTE: Fixed by: https://git.kernel.org/linus/b7321e81fc369abe353cf094d4f0dc2fe11ab95f (v4.11-rc2)
CVE-2016-2187 (The gtco_probe function in drivers/input/tablet/gtco.c in the Linux ke ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.2-1
	NOTE: Upstream commit: https://git.kernel.org/linus/162f98dea487206d9ab79fc12ed64700667a894d (v4.6-rc5)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1317017
CVE-2016-2186 (The powermate_probe function in drivers/input/misc/powermate.c in the  ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1 (low)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1317015
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283384
	NOTE: http://seclists.org/bugtraq/2016/Mar/85
	NOTE: http://marc.info/?l=linux-usb&m=145796479528669&w=2
CVE-2016-2185 (The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in  ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1 (low)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1317014
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283362
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283363
CVE-2016-2184 (The create_fixed_stream_quirk function in sound/usb/quirks.c in the sn ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1 (low)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1317012
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283355
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283358
CVE-2016-2183 (The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec pro ...)
	NOTE: Generic protocol issue
	NOTE: The CVE is assigned for the protocol flaw in the DES/3DES cipher, used as a part of the SSL/TLS protocol.
	NOTE: What was done in OpenSSL: https://www.openssl.org/blog/blog/2016/08/24/sweet32/
	NOTE: Python issue: https://bugs.python.org/issue27850
CVE-2016-2182 (The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 ...)
	{DSA-3673-1 DLA-637-1}
	- openssl 1.0.2i-1
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=07bed46f332fce8c1d157689a2cdf915a982ae34
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=099e2968ed3c7d256cda048995626664082b1b30
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.0.2i, 1.0.1u
CVE-2016-2181 (The Anti-Replay feature in the DTLS implementation in OpenSSL before 1 ...)
	{DSA-3673-1 DLA-637-1}
	- openssl 1.0.2i-1
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=1fb9fdc3027b27d8eb6a1e6a846435b070980770
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.0.2i, 1.0.1u
CVE-2016-2180 (The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Publi ...)
	{DSA-3673-1 DLA-637-1}
	- openssl 1.0.2i-1
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=0ed26acce328ec16a3aa635f1ca37365e8c7403a
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.0.2i, 1.0.1u
CVE-2016-2179 (The DTLS implementation in OpenSSL before 1.1.0 does not properly rest ...)
	{DSA-3673-1 DLA-637-1}
	- openssl 1.0.2i-1
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=f5c7f5dfbaf0d2f7d946d0fe86f08e6bcb36ed0d
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.0.2i, 1.0.1u
CVE-2016-2178 (The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL throug ...)
	{DSA-3673-1 DLA-637-1}
	- openssl 1.0.2i-1 (low)
	NOTE: Fixed in master branch in https://git.openssl.org/?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.0.2i, 1.0.1u
CVE-2016-2177 (OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-bu ...)
	{DSA-3673-1 DLA-637-1}
	- openssl 1.0.2i-1 (low)
	NOTE: Fixed in 1.0.2 branch in https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7
	NOTE: https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.0.2i, 1.0.1u
CVE-2016-2176 (The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL be ...)
	- openssl <not-affected> (Only applies to EBCDIC systems)
	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ea96ad5a206b7b5f25dad230333e8ff032df3219
	NOTE: https://www.openssl.org/news/secadv/20160503.txt
CVE-2016-2175 (Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly ini ...)
	{DSA-3606-1 DLA-505-1}
	- libpdfbox-java 1:1.8.12-1
	NOTE: Fixed on upstream 1.8 branch in https://svn.apache.org/viewvc?view=revision&revision=1739564
	NOTE: Fixed on upstream 2.0 branch in https://svn.apache.org/viewvc?view=revision&revision=1739565
CVE-2016-2174 (SQL injection vulnerability in the policy admin tool in Apache Ranger  ...)
	NOT-FOR-US: Apache Ranger
CVE-2016-2173 (org.springframework.core.serializer.DefaultDeserializer in Spring AMQP ...)
	NOT-FOR-US: Spring AMQP
CVE-2016-2172
	REJECTED
CVE-2016-2171 (The User Manager service in Apache Jetspeed before 2.3.1 does not prop ...)
	NOT-FOR-US: Apache Jetspeed
CVE-2016-2170 (Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow ...)
	NOT-FOR-US: Apache OFBiz
CVE-2016-2169 (Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 a ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-2168 (The req_check_access function in the mod_authz_svn module in the httpd ...)
	{DSA-3561-1 DLA-448-1}
	- subversion 1.9.4-1
	NOTE: https://subversion.apache.org/security/CVE-2016-2168-advisory.txt
CVE-2016-2167 (The canonicalize_username function in svnserve/cyrus_auth.c in Apache  ...)
	{DSA-3561-1 DLA-448-1}
	- subversion 1.9.4-1
	NOTE: https://subversion.apache.org/security/CVE-2016-2167-advisory.txt
CVE-2016-2166 (The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3 ...)
	- qpid-proton <not-affected> (Vulnerable code not present)
	NOTE: https://issues.apache.org/jira/browse/PROTON-1157
	NOTE: http://qpid.apache.org/releases/qpid-proton-0.12.1/
	NOTE: Affects Qpid Proton python API starting at 0.9 up to and including 0.12.0
CVE-2016-2165 (The Loggregator Traffic Controller endpoints in cf-release v231 and lo ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-2164 (The (1) FileService.importFileByInternalUserId and (2) FileService.imp ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2016-2163 (Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2016-2162 (Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale o ...)
	- libstruts1.2-java <not-affected> (Only affects 2.0.0 to 2.3.24.1)
	NOTE: http://struts.apache.org/docs/s2-030.html
CVE-2016-2161 (In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod ...)
	{DSA-3796-1}
	- apache2 2.4.25-1
	[wheezy] - apache2 <not-affected> (Vulnerable code introduced in 2.4.x)
	NOTE: https://lists.apache.org/thread.html/139862b41c0dfd5e6e00ad89c00119f9faf0dd41a2f927da9c9a4076@%3Cannounce.httpd.apache.org%3E
	NOTE: Fixed by: https://svn.apache.org/r1772919
	NOTE: Affects: 2.4.1 to 2.4.23
	NOTE: Fixed in 2.4.25
CVE-2016-2160 (Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote aut ...)
	NOT-FOR-US: OpenShift
CVE-2016-2159 (The save_submission function in mod/assign/externallib.php in Moodle t ...)
	- moodle 2.7.13+dfsg-1
CVE-2016-2158 (lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.1 ...)
	- moodle 2.7.13+dfsg-1
CVE-2016-2157 (Cross-site request forgery (CSRF) vulnerability in mod/assign/adminman ...)
	- moodle 2.7.13+dfsg-1
CVE-2016-2156 (calendar/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13 ...)
	- moodle 2.7.13+dfsg-1
CVE-2016-2155 (The grade-reporting feature in Singleview (aka Single View) in Moodle  ...)
	- moodle <not-affected> (Only affects 2.8 and later)
CVE-2016-2154 (admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8 ...)
	- moodle <not-affected> (Only affects 2.8 and later)
CVE-2016-2153 (Cross-site scripting (XSS) vulnerability in the advanced-search featur ...)
	- moodle 2.7.13+dfsg-1
CVE-2016-2152 (Multiple cross-site scripting (XSS) vulnerabilities in auth/db/auth.ph ...)
	- moodle 2.7.13+dfsg-1
CVE-2016-2151 (user/index.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x be ...)
	- moodle 2.7.13+dfsg-1
CVE-2016-2150 (SPICE allows local guest OS users to read from or write to arbitrary h ...)
	{DSA-3596-1 DLA-531-1}
	- spice 0.12.6-4.1 (bug #826584)
CVE-2016-2149 (Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to  ...)
	NOT-FOR-US: OpenShift
CVE-2016-2148 (Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox befo ...)
	{DLA-1445-1}
	- busybox 1:1.27.2-1 (bug #818497)
	[stretch] - busybox <no-dsa> (Minor issue)
	[wheezy] - busybox <no-dsa> (Minor issue)
	NOTE: https://git.busybox.net/busybox/commit/?id=352f79acbd759c14399e39baef21fc4ffe180ac2
CVE-2016-2147 (Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0  ...)
	{DLA-1445-1}
	- busybox 1:1.27.2-1 (bug #818499)
	[stretch] - busybox <no-dsa> (Minor issue)
	[wheezy] - busybox <no-dsa> (Minor issue)
	NOTE: https://git.busybox.net/busybox/commit/?id=d474ffc68290e0a83651c4432eeabfa62cd51e87
CVE-2016-2146 (The am_read_post_data function in mod_auth_mellon before 0.11.1 does n ...)
	- libapache2-mod-auth-mellon 0.12.0-1
	[jessie] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
CVE-2016-2145 (The am_read_post_data function in mod_auth_mellon before 0.11.1 does n ...)
	- libapache2-mod-auth-mellon 0.12.0-1
	[jessie] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
CVE-2016-2144
	REJECTED
CVE-2016-2143 (The fork implementation in the Linux kernel before 4.5 on s390 platfor ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.4.6-1
	[wheezy] - linux <no-dsa> (Architecture not supported in Wheezy LTS)
	NOTE: Fixed by: https://git.kernel.org/linus/3446c13b268af86391d06611327006b059b8bab1 (v4.5)
	NOTE: Introduced in: https://git.kernel.org/linus/6252d702c5311ce916caf75ed82e5c8245171c92 (v2.6.25-rc1)
CVE-2016-2142 (Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on th ...)
	NOT-FOR-US: OpenShift
CVE-2016-2141 (JGroups before 4.0 does not require the proper headers for the ENCRYPT ...)
	- libjgroups-java <unfixed> (low; bug #867493)
	[buster] - libjgroups-java <ignored> (Minor issue, only used as build dep)
	[stretch] - libjgroups-java <ignored> (Minor issue, only used as build dep)
	[jessie] - libjgroups-java <no-dsa> (Minor issue)
	[wheezy] - libjgroups-java <no-dsa> (Minor issue, only used as build dependency)
CVE-2016-2140 (The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo)  ...)
	- nova 2:13.0.0-1
	[jessie] - nova <no-dsa> (Minor issue)
	[wheezy] - nova <no-dsa> (Minor issue)
	NOTE: Affects: <=2015.1.3, >=12.0.0 <=12.0.2
CVE-2016-2139
	RESERVED
CVE-2016-2138
	RESERVED
CVE-2016-2137
	REJECTED
CVE-2016-2136
	REJECTED
CVE-2016-2135
	REJECTED
CVE-2016-2134
	REJECTED
CVE-2016-2133
	REJECTED
CVE-2016-2132
	REJECTED
CVE-2016-2131
	REJECTED
CVE-2016-2130
	REJECTED
CVE-2016-2129
	REJECTED
CVE-2016-2128
	REJECTED
CVE-2016-2127
	REJECTED
CVE-2016-2126 (Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation d ...)
	{DSA-3740-1}
	- samba 2:4.5.2+dfsg-2
	[wheezy] - samba <not-affected> (Affects only Samba 4.0.0 to 4.5.2)
	NOTE: https://www.samba.org/samba/security/CVE-2016-2126.html
CVE-2016-2125 (It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always re ...)
	{DSA-3740-1 DLA-776-1}
	- samba 2:4.5.2+dfsg-2
	NOTE: https://www.samba.org/samba/security/CVE-2016-2125.html
	NOTE: Patch (with some more) here: https://download.samba.org/pub/samba/patches/security/samba-4.3.12-security-20016-12-19.patch
CVE-2016-2124
	RESERVED
CVE-2016-2123 (A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine n ...)
	{DSA-3740-1}
	- samba 2:4.5.2+dfsg-2
	[wheezy] - samba <not-affected> (Affects only Samba 4.0.0 to 4.5.2)
	NOTE: https://www.samba.org/samba/security/CVE-2016-2123.html
CVE-2016-2122
	RESERVED
CVE-2016-2121 (A permissions flaw was found in redis, which sets weak permissions on  ...)
	- redis 3:3.2.5-2 (bug #842987)
	[jessie] - redis <no-dsa> (Minor issue)
	[wheezy] - redis <no-dsa> (minor issue, details see #842987)
	NOTE: Might be Red Hat-specific, needs investigation
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1374700
CVE-2016-2120 (An issue has been found in PowerDNS Authoritative Server versions up t ...)
	{DSA-3764-1 DLA-798-1}
	- pdns 4.0.2-1
	NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-05/
CVE-2016-2119 (libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3 ...)
	{DSA-3740-1}
	- samba 2:4.4.5+dfsg-1 (bug #830195)
	[wheezy] - samba <not-affected> (Affects Samba 4.0.0 to 4.4.0)
	NOTE: https://www.samba.org/samba/security/CVE-2016-2119.html
	NOTE: Affects Samba 4.0.0 to 4.4.4
CVE-2016-2118 (The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x  ...)
	{DSA-3548-1}
	- samba 2:4.3.7+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2016-2118.html
	NOTE: http://badlock.org/
CVE-2016-2117 (The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in ...)
	{DSA-3607-1}
	- linux 4.5.2-1
	[wheezy] - linux <not-affected> (Issue introduced with v3.10-rc1)
	NOTE: Introduced in https://git.kernel.org/linus/ec5f061564238892005257c83565a0b58ec79295 (v3.10-rc1)
	NOTE: https://www.openwall.com/lists/oss-security/2016/03/16/7
CVE-2016-2116 (Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900. ...)
	{DSA-3508-1}
	- jasper <removed> (bug #816626)
	NOTE: https://www.openwall.com/lists/oss-security/2016/03/03/12
CVE-2016-2115 (Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before  ...)
	{DSA-3548-1}
	- samba 2:4.3.7+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2016-2115.html
CVE-2016-2114 (The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x bef ...)
	{DSA-3548-1}
	- samba 2:4.3.7+dfsg-1
	[wheezy] - samba <not-affected> (Affects Samba 4.0.0 to 4.4.0)
	NOTE: https://www.samba.org/samba/security/CVE-2016-2114.html
CVE-2016-2113 (Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 do ...)
	{DSA-3548-1}
	- samba 2:4.3.7+dfsg-1
	[wheezy] - samba <not-affected> (Affects Samba 4.0.0 to 4.4.0)
	NOTE: https://www.samba.org/samba/security/CVE-2016-2113.html
CVE-2016-2112 (The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4. ...)
	{DSA-3548-1}
	- samba 2:4.3.7+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2016-2112.html
CVE-2016-2111 (The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before  ...)
	{DSA-3548-1}
	- samba 2:4.3.7+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2016-2111.html
CVE-2016-2110 (The NTLMSSP authentication implementation in Samba 3.x and 4.x before  ...)
	{DSA-3548-1}
	- samba 2:4.3.7+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2016-2110.html
CVE-2016-2109 (The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1  ...)
	{DSA-3566-1 DLA-456-1}
	- openssl 1.0.2h-1
	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807
	NOTE: https://www.openssl.org/news/secadv/20160503.txt
CVE-2016-2108 (The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0 ...)
	{DSA-3566-1 DLA-456-1}
	- openssl 1.0.2c-1
	NOTE: https://www.openssl.org/news/secadv/20160503.txt
CVE-2016-2107 (The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1. ...)
	{DSA-3566-1 DLA-456-1}
	- openssl 1.0.2h-1
	NOTE: https://www.openssl.org/news/secadv/20160503.txt
CVE-2016-2106 (Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_e ...)
	{DSA-3566-1 DLA-456-1}
	- openssl 1.0.2h-1
	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=3f3582139fbb259a1c3cbb0a25236500a409bf26
	NOTE: https://www.openssl.org/news/secadv/20160503.txt
CVE-2016-2105 (Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode ...)
	{DSA-3566-1 DLA-456-1}
	- openssl 1.0.2h-1
	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ee1e3cac2e83abc77bcc8ff98729ca1e10fcc920
	NOTE: https://www.openssl.org/news/secadv/20160503.txt
CVE-2016-2104 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satelli ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2016-2103 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satelli ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2016-2102 (HAProxy statistics in openstack-tripleo-image-elements are non-authent ...)
	- tripleo-image-elements <not-affected> (Configuration not found in Debian's version)
CVE-2016-2101
	RESERVED
CVE-2016-2100 (Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authen ...)
	- foreman <itp> (bug #663101)
CVE-2016-2099 (Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apach ...)
	{DSA-3579-1 DLA-467-1}
	- xerces-c 3.1.3+debian-2 (bug #823863)
	NOTE: https://issues.apache.org/jira/browse/XERCESC-2066
CVE-2016-2098 (Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and ...)
	{DSA-3509-1 DLA-604-1}
	- rails 2:4.2.5.2-1
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
	- ruby-actionpack-3.2 <removed>
	- ruby-actionpack-2.3 <removed>
	[wheezy] - ruby-actionpack-2.3 <end-of-life>
	NOTE: Versions Affected: 3.2.x, 4.0.x, 4.1.x, 4.2.x
	NOTE: Fixed Versions: 3.2.22.2, 4.1.14.2, 4.2.5.2
CVE-2016-2097 (Directory traversal vulnerability in Action View in Ruby on Rails befo ...)
	{DSA-3509-1 DLA-604-1}
	- rails 2:4.2.5.2-1
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
	- ruby-actionpack-3.2 <removed>
	- ruby-actionpack-2.3 <removed>
	[wheezy] - ruby-actionpack-2.3 <end-of-life>
	NOTE: Versions Affected: 3.2.x, 4.0.x, 4.1.x
	NOTE: Not affected: 4.2+
	NOTE: Fixed Versions: 3.2.22.2, 4.1.14.2
CVE-2016-2096
	RESERVED
CVE-2016-2095
	RESERVED
CVE-2016-2094 (The HTTPS NIO Connector allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: JBoss EAP
CVE-2016-2093
	RESERVED
CVE-2016-2533 (Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pil ...)
	{DSA-3499-1 DLA-422-1}
	- pillow 3.1.1-1
	- python-imaging <removed>
	[wheezy] - python-imaging 1.1.7-4+deb7u2
	NOTE: https://github.com/python-pillow/Pillow/pull/1706
	NOTE: https://www.openwall.com/lists/oss-security/2016/02/02/5
	NOTE: https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4
CVE-2016-2221 (Open redirect vulnerability in the wp_validate_redirect function in wp ...)
	{DSA-3472-1 DLA-418-1}
	- wordpress 4.4.2+dfsg-1 (bug #813697)
	NOTE: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
	NOTE: https://core.trac.wordpress.org/changeset/36444
	NOTE: https://www.openwall.com/lists/oss-security/2016/02/04/4
CVE-2016-2222 (The wp_http_validate_url function in wp-includes/http.php in WordPress ...)
	{DSA-3472-1 DLA-418-1}
	- wordpress 4.4.2+dfsg-1 (bug #813697)
	NOTE: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
	NOTE: https://core.trac.wordpress.org/changeset/36435
	NOTE: https://www.openwall.com/lists/oss-security/2016/02/04/4
CVE-2016-2217 (The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does  ...)
	- socat 1.7.3.1-1 (bug #813536)
	[jessie] - socat <not-affected> (Broken 1024bit DH parameter generated in 1.7.3.0)
	[wheezy] - socat <not-affected> (Broken 1024bit DH parameter generated in 1.7.3.0)
	[squeeze] - socat <not-affected> (Broken 1024bit DH parameter generated in 1.7.3.0)
	NOTE: The issues is about "In the OpenSSL address implementation the hard coded 1024 bit DH
	NOTE: p parameter was not prime.". Upstream has generated new parametes (and made it 2048
	NOTE: bit long.
	NOTE: https://www.openwall.com/lists/oss-security/2016/02/01/4
	NOTE: http://www.dest-unreach.org/socat/contrib/socat-secadv7.html
CVE-2016-5114 (sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and  ...)
	{DLA-628-1}
	- php5 5.6.17+dfsg-1
	[jessie] - php5 5.6.17+dfsg-0+deb8u1
	[squeeze] - php5 <not-affected> (vulnerable code not present)
	NOTE: https://bugs.php.net/bug.php?id=70755
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=2721a0148649e07ed74468f097a28899741eb58f
	NOTE: http://seclists.org/bugtraq/2016/Jan/117
	NOTE: https://www.openwall.com/lists/oss-security/2016/02/02/4
CVE-2016-3197
	REJECTED
CVE-2016-2092
	RESERVED
CVE-2016-2198 (QEMU (aka Quick Emulator) built with the USB EHCI emulation support is ...)
	{DLA-1497-1}
	- qemu 1:2.6+dfsg-1 (bug #813193)
	[wheezy] - qemu <not-affected> (Introduced after v1.2.0)
	[squeeze] - qemu <not-affected> (Introduced after v1.2.0)
	- qemu-kvm <not-affected> (Introduced after v1.2.0)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=dff0367cf66f489aa772320fa2937a8cac1ca30d (v2.6.0-rc0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1301643
CVE-2016-2197 (QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is  ...)
	- qemu 1:2.6+dfsg-1 (bug #813194)
	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
	[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
	- qemu-kvm <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=99b4cb71069f109b79b27bc629fc0cf0886dbc4b (v2.6.0-rc0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1302057
	NOTE: https://www.openwall.com/lists/oss-security/2016/01/29/2
	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=fc3d8e1138cd0c843d6fd75272633a31be6554ef (v2.3.0-rc2)
CVE-2016-2088 (resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cook ...)
	- bind9 <not-affected> (Introduced in Bind 9.10)
	NOTE: https://kb.isc.org/article/AA-01351
CVE-2016-2087 (Directory traversal vulnerability in the client in HexChat 2.11.0 allo ...)
	{DLA-1050-1}
	- xchat 2.8.8-10
	[jessie] - xchat <no-dsa> (Minor issue)
	- hexchat 2.12.4-4 (bug #852275)
	[stretch] - hexchat <no-dsa> (Minor issue)
	[jessie] - hexchat <no-dsa> (Minor issue)
	NOTE: https://www.exploit-db.com/exploits/39656/
	NOTE: https://github.com/hexchat/hexchat/issues/1933
	NOTE: https://github.com/hexchat/hexchat/commit/15600f405f2d5bda6ccf0dd73957395716e0d4d3
	NOTE: Would be included in upstream source since the upload 2.12.3-0.1 to unstable but the
	NOTE: Debian packaging reverts the 15600f405f2d5bda6ccf0dd73957395716e0d4d3 commit
	NOTE: The Debian packagging drops the revert in 2.12.4-4 to not diverge from upstream.
CVE-2016-2086 (Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0 ...)
	- nodejs 4.3.0~dfsg-1 (unimportant)
	NOTE: libv8 is not covered by security support
	NOTE: https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/
CVE-2016-2091 (The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf 2 ...)
	{DLA-669-1}
	- dwarfutils 20160507-1 (bug #813148)
	[jessie] - dwarfutils 20120410-2+deb8u1
	NOTE: https://www.openwall.com/lists/oss-security/2016/01/19/3
	NOTE: Fixed by http://sourceforge.net/p/libdwarf/code/ci/9565964f26966d8391fe2cfa8e6e8e59278c5f91
CVE-2016-2090 (Off-by-one vulnerability in the fgetwln function in libbsd before 0.8. ...)
	{DLA-2052-1}
	- libbsd 0.8.2-1
	[wheezy] - libbsd <not-affected> (Vulnerable code not present)
	[squeeze] - libbsd <not-affected> (Vulnerable code not present)
	NOTE: Not used anywhere in Debian according to codesearch.debian.net
	NOTE: https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=93881
	NOTE: Fixed by: http://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7 (0.8.2)
	NOTE: Introduced by: http://cgit.freedesktop.org/libbsd/commit/?id=a97ce513e031b29a47965b740be14fb9a84277fc (0.5.0)
CVE-2016-2089 (The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows rem ...)
	{DSA-3508-1}
	- jasper <removed> (bug #812978)
	[squeeze] - jasper <no-dsa> (Minor issue)
	NOTE: https://github.com/mdadams/jasper/commit/c87ad330a8b8d6e5eb0065675601fdfae08ebaab
CVE-2016-2085 (The evm_verify_hmac function in security/integrity/evm/evm_main.c in t ...)
	- linux 4.4.2-1 (unimportant)
	[jessie] - linux 3.16.7-ckt25-1
	- linux-2.6 <removed> (unimportant)
	NOTE: EVM is not enabled
	NOTE: https://git.kernel.org/linus/613317bd212c585c20796c10afe5daaa95d4b0a1 (v4.5-rc4)
CVE-2016-2084 (F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-2083
	REJECTED
CVE-2016-2082 (Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log ...)
	NOT-FOR-US: VMware
CVE-2016-2081 (Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insigh ...)
	NOT-FOR-US: VMware
CVE-2016-2080
	REJECTED
CVE-2016-2079 (VMware NSX Edge 6.1 before 6.1.7 and 6.2 before 6.2.3 and vCNS Edge 5. ...)
	NOT-FOR-US: VMware
CVE-2016-2078 (Cross-site scripting (XSS) vulnerability in the Web Client in VMware v ...)
	NOT-FOR-US: VMware
CVE-2016-2077 (VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1 ...)
	NOT-FOR-US: VMware
CVE-2016-2076 (Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, ...)
	NOT-FOR-US: VMware
CVE-2016-2075 (Cross-site scripting (XSS) vulnerability in VMware vRealize Business A ...)
	NOT-FOR-US: VMware vRealize Business Advanced and Enterprise
CVE-2016-2074 (Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x an ...)
	{DSA-3533-1}
	- openvswitch 2.3.0+git20140819-4
	[wheezy] - openvswitch <not-affected> (Affects only 2.2.x and later)
	NOTE: http://openvswitch.org/pipermail/announce/2016-March/000082.html
CVE-2016-2072 (The Administrative Web Interface in Citrix NetScaler Application Deliv ...)
	NOT-FOR-US: Citrix
CVE-2016-2071 (Citrix NetScaler Application Delivery Controller (ADC) and NetScaler G ...)
	NOT-FOR-US: Citrix
CVE-2016-XXXX [out of bound read and write issues]
	- giflib 5.1.4-0.1 (bug #820594)
	[jessie] - giflib <no-dsa> (Minor issue)
	[wheezy] - giflib <no-dsa> (Minor issue)
	[squeeze] - giflib <no-dsa> (Minor issue)
	NOTE: http://sourceforge.net/p/giflib/bugs/82/
	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/01/26/5
	NOTE: http://sourceforge.net/p/giflib/code/ci/4cc68b315ff9a378aef6664e1be6b2144ad4a5e6/
CVE-2016-2073 (The htmlParseNameComplex function in HTMLparser.c in libxml2 allows at ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1 (bug #812807)
	NOTE: https://www.openwall.com/lists/oss-security/2016/01/25/6
	NOTE: https://www.openwall.com/lists/oss-security/2016/01/26/8 has details
	NOTE: Same fix as CVE-2016-1839 and CVE-2015-8806
CVE-2016-2070 (The tcp_cwnd_reduction function in net/ipv4/tcp_input.c in the Linux k ...)
	- linux 4.3.5-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	- linux-2.6 <not-affected> (Vulnerable code introduced later)
	NOTE: Upstream commit: https://git.kernel.org/linus/8b8a321ff72c785ed5e8b4cf6eda20b35d427390 (v4.4)
	NOTE: Introduced by: https://git.kernel.org/linus/3759824da87b30ce7a35b4873b62b0ba38905ef5 (v4.3-rc1)
CVE-2016-2068 (The MSM QDSP6 audio driver (aka sound driver) for the Linux kernel 3.x ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2067 (drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2066 (Integer signedness error in the MSM QDSP6 audio driver for the Linux k ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2065 (sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2064 (sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2063 (Stack-based buffer overflow in the supply_lm_input_write function in d ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2062 (The adreno_perfcounter_query_group function in drivers/gpu/msm/adreno_ ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2061 (Integer signedness error in the MSM V4L2 video driver for the Linux ke ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2060 (server/TetherController.cpp in the tethering controller in netd, as di ...)
	NOT-FOR-US: Android
CVE-2016-2059 (The msm_ipc_router_bind_control_port function in net/ipc_router/ipc_ro ...)
	NOT-FOR-US: Android drivers
CVE-2016-2058 (Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4. ...)
	{DSA-3495-1 DLA-488-1}
	- xymon 4.3.25-1
	NOTE: http://lists.xymon.com/pipermail/xymon/2016-February/042986.html
CVE-2016-2057 (lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use we ...)
	{DSA-3495-1}
	- xymon 4.3.25-1
	[wheezy] - xymon <not-affected> (vulnerable code not present)
	NOTE: http://lists.xymon.com/pipermail/xymon/2016-February/042986.html
CVE-2016-2056 (xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote aut ...)
	{DSA-3495-1 DLA-488-1}
	- xymon 4.3.25-1
	NOTE: http://lists.xymon.com/pipermail/xymon/2016-February/042986.html
CVE-2016-2055 (xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3. ...)
	{DSA-3495-1 DLA-488-1}
	- xymon 4.3.25-1
	NOTE: http://lists.xymon.com/pipermail/xymon/2016-February/042986.html
CVE-2016-2054 (Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, ...)
	{DSA-3495-1 DLA-488-1}
	- xymon 4.3.25-1
	NOTE: http://lists.xymon.com/pipermail/xymon/2016-February/042986.html
CVE-2016-2052 (Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used ...)
	- harfbuzz 1.2.6-1
	[jessie] - harfbuzz <not-affected> (Vulnerable code not present)
	- chromium-browser 48.0.2564.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: https://code.google.com/p/chromium/issues/detail?id=544270
	NOTE: https://github.com/behdad/harfbuzz/commit/63ef0b41dc48d6112d1918c1b1de9de8ea90adb5
CVE-2016-2051 (Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, a ...)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-2048 (Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, all ...)
	- python-django 1.9.2-1 (bug #813448)
	[jessie] - python-django <not-affected> (Only affects 1.9)
	[wheezy] - python-django <not-affected> (Only affects 1.9)
	[squeeze] - python-django <not-affected> (Only affects 1.9)
	NOTE: https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189/
CVE-2016-2046 (Cross-site scripting (XSS) vulnerability in the UserPortal page in SOP ...)
	NOT-FOR-US: SOPHOS
CVE-2016-2045 (Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdm ...)
	{DLA-481-1}
	- phpmyadmin 4:4.5.4-1 (low)
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	[squeeze] - phpmyadmin <not-affected> (vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-9/
CVE-2016-2044 (libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5. ...)
	- phpmyadmin 4:4.5.4-1
	[jessie] - phpmyadmin <not-affected> (vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-8/
	NOTE: vulnerability introduced in 4.5.0.1 / 718ef31
CVE-2016-2043 (Cross-site scripting (XSS) vulnerability in the goToFinish1NF function ...)
	- phpmyadmin 4:4.5.4-1
	[jessie] - phpmyadmin <not-affected> (vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-7/
	NOTE: vulnerability introduced in 4.3.3 / 1e971f3
CVE-2016-2042 (phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote  ...)
	- phpmyadmin 4:4.5.4-1 (unimportant)
	[squeeze] - phpmyadmin <not-affected> (vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (vulnerable code not present)
	NOTE: introduced as part of the CVE-2016-2039 fix
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-6/
	NOTE: path disclosure not relevant on Debian
CVE-2016-2041 (libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x b ...)
	{DSA-3627-1 DLA-481-1 DLA-406-1}
	- phpmyadmin 4:4.5.4-1
	NOTE: squeeze patch backport trivial to wheezy
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-5/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/fe62b69a5b032de8e1d9d0a04456c1cecf46428c
CVE-2016-2040 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0. ...)
	{DSA-3627-1 DLA-481-1}
	- phpmyadmin 4:4.5.4-1
	[squeeze] - phpmyadmin <no-dsa> (minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-3/
CVE-2016-2039 (libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x  ...)
	{DSA-3627-1 DLA-481-1 DLA-406-1}
	- phpmyadmin 4:4.5.4-1
	NOTE: squeeze patch was actually incorrect and probably not functional: libraries/phpseclib/Crypt/Random.php needs some engine (e.g. AES) to work
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-2/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6fe54dfa000dd6f43f237e859781fad7111ac1bd is not sufficient: one needs 29b297f to import more bits from phpseclib or simply import all of phpseclib.
	NOTE: such a fix needs to avoid introducing a new vulnerability as well, upstream introduced CVE-2016-2042 as part of this
CVE-2016-2038 (phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x be ...)
	{DLA-481-1}
	- phpmyadmin 4:4.5.4-1 (unimportant)
	[squeeze] - phpmyadmin <no-dsa> (minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-1/
	NOTE: path disclosure not relevant on Debian
CVE-2016-2036 (The getURL function in drivers/secfilter/urlparser.c in secfilter in t ...)
	NOT-FOR-US: Samsung
CVE-2016-2069 (Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 a ...)
	{DSA-3503-1 DLA-412-1}
	- linux 4.3.5-1
	- linux-2.6 <removed>
	NOTE: https://www.openwall.com/lists/oss-security/2016/01/25/1
	NOTE: https://git.kernel.org/linus/71b3c126e61177eb693423f2e18a1914205b165e (v4.5-rc1)
	NOTE: https://git.kernel.org/linus/4eaffdd5a5fe6ff9f95e1ab4de1ac904d5e0fa8b (v4.5-rc1)
CVE-2016-2053 (The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kerne ...)
	- linux 4.3.1-1
	[jessie] - linux 3.16.7-ckt25-2
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1300237
	NOTE: Introduced in https://git.kernel.org/linus/3d167d68e3805ee45ed2e8412fc03ed919c54c24 (v3.13-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f (v4.3-rc1)
CVE-2016-2049 (examples/consumer/common.php in JanRain PHP OpenID library (aka php-op ...)
	- php-openid <unfixed> (unimportant)
	NOTE: sample code only, actual vulnerable code not shipped in package
	NOTE: https://www.openwall.com/lists/oss-security/2016/01/24/2
	NOTE: https://github.com/openid/php-openid/issues/128
CVE-2016-2047 (The ssl_verify_server_cert function in sql-common/client.c in MariaDB  ...)
	{DSA-3557-1 DSA-3453-1 DLA-447-1}
	- mariadb-10.0 10.0.23-1
	NOTE: https://mariadb.atlassian.net/browse/MDEV-9212
	NOTE: https://github.com/MariaDB/server/commit/f0d774d48416bb06063184380b684380ca005a41
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	[squeeze] - mysql-5.5 <no-dsa> (will be fixed along with an upcoming Oracle CPU)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-2035
	REJECTED
CVE-2016-2034 (SQL injection vulnerability in ClearPass Policy Manager 6.5.x through  ...)
	NOT-FOR-US: ClearPass Policy Manager
CVE-2016-2033
	REJECTED
CVE-2016-2032 (A vulnerability exists in the Aruba AirWave Management Platform 8.x pr ...)
	NOT-FOR-US: Aruba AirWave Management Platform
CVE-2016-2031 (Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4. ...)
	NOT-FOR-US: Aruba Instate
CVE-2016-2030 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authentic ...)
	NOT-FOR-US: HPE Systems Insight Manager
CVE-2016-2029 (HPE Matrix Operating Environment before 7.5.1 allows remote attackers  ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-2028 (HPE Matrix Operating Environment before 7.5.1 allows remote authentica ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-2027 (HPE Matrix Operating Environment before 7.5.1 allows remote attackers  ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-2026 (HPE Matrix Operating Environment before 7.5.1 allows remote attackers  ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-2025 (HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 ...)
	NOT-FOR-US: HPE
CVE-2016-2024 (HPE Insight Control before 7.5.1 allow remote attackers to obtain sens ...)
	NOT-FOR-US: HPE Insight Control
CVE-2016-2023 (HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive ...)
	NOT-FOR-US: HPE
CVE-2016-2022 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authentic ...)
	NOT-FOR-US: HPE Systems Insight Manager
CVE-2016-2021 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authentic ...)
	NOT-FOR-US: HPE Systems Insight Manager
CVE-2016-2020 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authentic ...)
	NOT-FOR-US: HPE Systems Insight Manager
CVE-2016-2019 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authentic ...)
	NOT-FOR-US: HPE Systems Insight Manager
CVE-2016-2018 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers ...)
	NOT-FOR-US: HPE Systems Insight Manager
CVE-2016-2017 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authentic ...)
	NOT-FOR-US: HPE Systems Insight Manager
CVE-2016-2016 (Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 th ...)
	NOT-FOR-US: HPE
CVE-2016-2015 (HPE System Management Homepage before 7.5.5 allows local users to obta ...)
	NOT-FOR-US: HPE
CVE-2016-2014 (HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 1 ...)
	NOT-FOR-US: HPE
CVE-2016-2013 (HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 1 ...)
	NOT-FOR-US: HPE
CVE-2016-2012 (HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 1 ...)
	NOT-FOR-US: HPE
CVE-2016-2011 (Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i ...)
	NOT-FOR-US: HPE
CVE-2016-2010 (Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i ...)
	NOT-FOR-US: HPE
CVE-2016-2009 (HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 1 ...)
	NOT-FOR-US: HPE
CVE-2016-2008 (HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9. ...)
	NOT-FOR-US: HPE Data Protector
CVE-2016-2007 (HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9. ...)
	NOT-FOR-US: HPE Data Protector
CVE-2016-2006 (HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9. ...)
	NOT-FOR-US: HPE Data Protector
CVE-2016-2005 (HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9. ...)
	NOT-FOR-US: HPE Data Protector
CVE-2016-2004 (HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9. ...)
	NOT-FOR-US: HPE Data Protector
CVE-2016-2003 (HPE P9000 Command View Advanced Edition Software (CVAE) 7.x and 8.x be ...)
	NOT-FOR-US: HPE P9000 Command View Advanced Edition Software
CVE-2016-2002 (The validateAdminConfig handler in the Analytics Management Console in ...)
	NOT-FOR-US: HPE Vertica
CVE-2016-2001 (HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 all ...)
	NOT-FOR-US: HPE Universal CMDB
CVE-2016-2000 (HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem C ...)
	NOT-FOR-US: HPE Asset Manager
CVE-2016-1999 (The server in HP Release Control 9.13, 9.20, and 9.21 allows remote at ...)
	NOT-FOR-US: HP Release Control
CVE-2016-1998 (HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 a ...)
	NOT-FOR-US: HPE Service Manager
CVE-2016-1997 (HPE Operations Orchestration 10.x before 10.51 and Operations Orchestr ...)
	NOT-FOR-US: HP Operations Orchestration
CVE-2016-1996 (HPE System Management Homepage before 7.5.4 allows local users to obta ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2016-1995 (HPE System Management Homepage before 7.5.4 allows remote attackers to ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2016-1994 (HPE System Management Homepage before 7.5.4 allows remote authenticate ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2016-1993 (HPE System Management Homepage before 7.5.4 allows remote authenticate ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2016-1992 (HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, a ...)
	NOT-FOR-US: HPE ArcSight ESM
CVE-2016-1991 (HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, a ...)
	NOT-FOR-US: HPE ArcSight ESM
CVE-2016-1990 (HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, a ...)
	NOT-FOR-US: HPE ArcSight ESM
CVE-2016-1989 (HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 a ...)
	NOT-FOR-US: HPE Network Automation
CVE-2016-1988 (HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 a ...)
	NOT-FOR-US: HPE Network Automation
CVE-2016-1987 (HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state configu ...)
	NOT-FOR-US: HP-UX IPFilter
CVE-2016-1986 (HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers t ...)
	NOT-FOR-US: HP CDA
CVE-2016-1985 (HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers  ...)
	NOT-FOR-US: HPE Operations Manager
CVE-2016-1984 (The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices b ...)
	NOT-FOR-US: Harman AMX devices
CVE-2016-1980
	RESERVED
CVE-2016-1979 (Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndRet ...)
	{DSA-3688-1 DSA-3576-1 DLA-480-1 DLA-472-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
	- icedove 38.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-36/
	- nss 2:3.21-1
CVE-2016-1978 (Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange f ...)
	{DSA-3688-1 DLA-480-1}
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: Marked as fixed in 44.0-1 which would be the version fixing
	NOTE: the issue while using the bundled nss version. iceweasel for
	NOTE: unstable though used the system library.
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-15/
	- nss 2:3.21-1
CVE-2016-1977 (The Machine::Code::decoder::analysis::set_ref function in Graphite 2 b ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-1976 (Use-after-free vulnerability in the DesktopDisplayDevice class in the  ...)
	- iceweasel <not-affected> (Windows-specific)
CVE-2016-1975 (Multiple race conditions in dom/media/systemservices/CamerasChild.cpp  ...)
	- iceweasel <not-affected> (Windows-specific)
CVE-2016-1974 (The nsScannerString::AppendUnicodeTo function in Mozilla Firefox befor ...)
	{DSA-3520-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-34/
CVE-2016-1973 (Race condition in the GetStaticInstance function in the WebRTC impleme ...)
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-33/
CVE-2016-1972 (Race condition in libvpx in Mozilla Firefox before 45.0 on Windows mig ...)
	- iceweasel <not-affected> (Windows-specific)
	- libvpx <not-affected> (Windows-specific)
CVE-2016-1971 (The I420VideoFrame::CreateFrame function in the WebRTC implementation  ...)
	- iceweasel <not-affected> (Windows-specific)
CVE-2016-1970 (Integer underflow in the srtp_unprotect function in the WebRTC impleme ...)
	- iceweasel <not-affected> (Windows-specific)
CVE-2016-1969 (The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Fi ...)
	{DSA-3515-1 DSA-3477-1}
	- graphite2 1.3.6-1
	- iceweasel <removed>
	- firefox 45.0-1
	- firefox-esr 45.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-38/
CVE-2016-1968 (Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, a ...)
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-30/
	- brotli 0.3.0+dfsg-3 (bug #817233)
	NOTE: https://github.com/google/brotli/commit/37a320dd81db8d546cd24a45b4c61d87b45dcade
CVE-2016-1967 (Mozilla Firefox before 45.0 does not properly restrict the availabilit ...)
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-29/
CVE-2016-1966 (The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRu ...)
	{DSA-3520-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-31/
CVE-2016-1965 (Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle ...)
	{DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-28/
CVE-2016-1964 (Use-after-free vulnerability in the AtomicBaseIncDec function in Mozil ...)
	{DSA-3520-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-27/
CVE-2016-1963 (The FileReader class in Mozilla Firefox before 45.0 allows local users ...)
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-26/
CVE-2016-1962 (Use-after-free vulnerability in the mozilla::DataChannelConnection::Cl ...)
	{DSA-3520-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-25/
CVE-2016-1961 (Use-after-free vulnerability in the nsHTMLDocument::SetBody function i ...)
	{DSA-3520-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-24/
CVE-2016-1960 (Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string  ...)
	{DSA-3520-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-23/
CVE-2016-1959 (The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows r ...)
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- iceweasel <removed>
	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-22/
CVE-2016-1958 (browser/base/content/browser.js in Mozilla Firefox before 45.0 and Fir ...)
	{DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-21/
CVE-2016-1957 (Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firef ...)
	{DSA-3520-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-20/
CVE-2016-1956 (Mozilla Firefox before 45.0 on Linux, when an Intel video driver is us ...)
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/
CVE-2016-1955 (Mozilla Firefox before 45.0 allows remote attackers to bypass the Same ...)
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/
CVE-2016-1954 (The nsCSPContext::SendReports function in dom/security/nsCSPContext.cp ...)
	{DSA-3520-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-17/
CVE-2016-1953 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/
CVE-2016-1952 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/
CVE-2016-1951 (Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable  ...)
	{DSA-3687-1 DLA-513-1}
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- nspr 2:4.12-1
	[jessie] - nspr <no-dsa> (Minor issue)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1174015
	NOTE: https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/dV4MyMsg6jw
	NOTE: Upstream commit: https://hg.mozilla.org/projects/nspr/rev/96381e3aaae2
CVE-2016-1950 (Heap-based buffer overflow in Mozilla Network Security Services (NSS)  ...)
	{DSA-3688-1 DSA-3520-1 DSA-3510-1 DLA-480-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-35/
	- nss 2:3.23-1
	NOTE: NSS fixed in 3.21.1
CVE-2016-1949 (Mozilla Firefox before 44.0.2 does not properly restrict the interacti ...)
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-13/
CVE-2016-1948 (Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is u ...)
	- iceweasel <not-affected> (Only affects Firefox for Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-12/
CVE-2016-1947 (Mozilla Firefox 43.x mishandles attempts to connect to the Application ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-11/
CVE-2016-1946 (The MoofParser::Metadata function in binding/MoofParser.cpp in libstag ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-10/
CVE-2016-1945 (The nsZipArchive function in Mozilla Firefox before 44.0 might allow r ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-10/
CVE-2016-1944 (The Buffer11::NativeBuffer11::map function in ANGLE, as used in Mozill ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-10/
CVE-2016-1943 (Mozilla Firefox before 44.0 on Android allows remote attackers to spoo ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-09/
CVE-2016-1942 (Mozilla Firefox before 44.0 allows user-assisted remote attackers to s ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-09/
CVE-2016-1941 (The file-download dialog in Mozilla Firefox before 44.0 on OS X enable ...)
	- iceweasel <not-affected> (Affects only Firefox on OS X)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-08/
CVE-2016-1940 (Mozilla Firefox before 44.0 on Android allows remote attackers to spoo ...)
	- iceweasel <not-affected> (Affects Firefox for Android only)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-05/
CVE-2016-1939 (Mozilla Firefox before 44.0 stores cookies with names containing verti ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-04/
CVE-2016-1938 (The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Secur ...)
	{DSA-3688-1 DLA-480-1 DLA-427-1}
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: Marked as fixed in 44.0-1 which would be the version fixing
	NOTE: the issue while using the bundled nss version. iceweasel for
	NOTE: unstable though used the system library.
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/
	- nss 2:3.21-1
	NOTE: https://hg.mozilla.org/projects/nss/rev/a555bf0fc23a
	NOTE: https://hg.mozilla.org/projects/nss/rev/608645309ab9
	NOTE: https://hg.mozilla.org/projects/nss/rev/cfd0ad4726cb
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1190248 (not yet public)
CVE-2016-1937 (The protocol-handler dialog in Mozilla Firefox before 44.0 allows remo ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-06/
CVE-2016-1936
	RESERVED
CVE-2016-1935 (Buffer overflow in the BufferSubData function in Mozilla Firefox befor ...)
	{DSA-3491-1 DSA-3457-1}
	- iceweasel 44.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.6.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-03/
CVE-2016-1934
	RESERVED
CVE-2016-1933 (Integer overflow in the image-deinterlacing functionality in Mozilla F ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-02/
CVE-2016-1932
	RESERVED
CVE-2016-1931 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
CVE-2016-1930 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-3491-1 DSA-3457-1}
	- iceweasel 44.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.6.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
CVE-2016-1929 (The XS engine in SAP HANA allows remote attackers to spoof log entries ...)
	NOT-FOR-US: SAP
CVE-2016-1928 (Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remo ...)
	NOT-FOR-US: SAP
CVE-2016-1927 (The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x be ...)
	{DSA-3627-1 DLA-481-1}
	- phpmyadmin 4:4.5.4-1
	[squeeze] - phpmyadmin <no-dsa> (minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-4/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6a96e67487f2faecb4de4204fee9b96b94020720
CVE-2016-1983 (The client_host function in parsers.c in Privoxy before 3.0.24 allows  ...)
	{DSA-3460-1 DLA-398-1}
	- privoxy 3.0.24-1
	NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.302&r2=1.303
	NOTE: https://www.openwall.com/lists/oss-security/2016/01/21/4
CVE-2016-1982 (The remove_chunked_transfer_coding function in filters.c in Privoxy be ...)
	{DSA-3460-1 DLA-398-1}
	- privoxy 3.0.24-1
	NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/filters.c?r1=1.196&r2=1.197
	NOTE: https://www.openwall.com/lists/oss-security/2016/01/21/4
CVE-2016-1926 (Cross-site scripting (XSS) vulnerability in the charts module in Green ...)
	NOT-FOR-US: Greenbone Security Assistant
CVE-2016-1921
	RESERVED
CVE-2016-1918 (Cross-site scripting (XSS) vulnerability in the Management Console in  ...)
	NOT-FOR-US: BlackBerry
CVE-2016-1917 (Cross-site scripting (XSS) vulnerability in the Management Console in  ...)
	NOT-FOR-US: BlackBerry
CVE-2016-1916 (Cross-site scripting (XSS) vulnerability in the Management Console in  ...)
	NOT-FOR-US: BlackBerry
CVE-2016-1915 (Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Ente ...)
	NOT-FOR-US: BlackBerry
CVE-2016-1914 (Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.Im ...)
	NOT-FOR-US: BlackBerry
CVE-2016-1913 (Multiple cross-site scripting (XSS) vulnerabilities in the Redhen modu ...)
	NOT-FOR-US: Redhen module for Drupal
CVE-2016-1912 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CR ...)
	- dolibarr 3.5.8+dfsg1-1 (bug #812496)
	[jessie] - dolibarr 3.5.5+dfsg1-1+deb8u1
	NOTE: https://github.com/Dolibarr/dolibarr/issues/4341
CVE-2016-1911 (Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7 ...)
	NOT-FOR-US: SAP
CVE-2016-1910 (The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers ...)
	NOT-FOR-US: SAP
CVE-2016-1909 (Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwit ...)
	NOT-FOR-US: FortiOS
CVE-2016-1981 (QEMU (aka Quick Emulator) built with the e1000 NIC emulation support i ...)
	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
	- qemu 1:2.5+dfsg-5 (bug #812307)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg03454.html
	NOTE: Introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=7c23b8920329180f48b8a147b629d8837709d201 (v0.10.0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1298570
	NOTE: https://www.openwall.com/lists/oss-security/2016/01/19/10
CVE-2016-2037 (The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remo ...)
	{DSA-3483-1 DLA-415-1}
	- cpio 2.11+dfsg-5 (bug #812401)
	NOTE: https://www.openwall.com/lists/oss-security/2016/01/19/4
	NOTE: To reproduce and uncover the issue with unstable version compile with ASAN
	NOTE: Patch: https://lists.gnu.org/archive/html/bug-cpio/2016-01/msg00005.html
	NOTE: https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=d36ec5f4e93130efb24fb9678aafd88e8070095b
CVE-2016-2050 (The get_abbrev_array_info function in libdwarf-20151114 allows remote  ...)
	{DLA-669-1}
	- dwarfutils 20160507+git20160523.9086738-1 (unimportant)
	[jessie] - dwarfutils 20120410-2+deb8u1
	NOTE: https://www.openwall.com/lists/oss-security/2016/01/19/9
	NOTE: Fixed by http://sourceforge.net/p/libdwarf/code/ci/a05f5e2ae6a5f34daa566975894fc2803d6ec684
	NOTE: Reasoning for "unimportant" severity: The affected source code is present
	NOTE: in dwarfdump/, but in the binary package is installed dwarfdump2/ .
	NOTE: dwarfdump2 (the C++ implentation) has been abandoned again by upstream in
	NOTE: fawour of the C version.
CVE-2016-XXXX [Multiple minor security issues]
	- imagemagick 8:6.8.9.9-7 (bug #811308)
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
	[wheezy] - imagemagick 8:6.7.7.10-5+deb7u4
	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/02/22/4
CVE-2016-1925 (Integer underflow in header.c in lha allows remote attackers to have u ...)
	- lha <removed> (unimportant)
	NOTE: Non-free not supported
CVE-2016-1924 (The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attacke ...)
	{DSA-3665-1}
	- openjpeg2 2.1.1-1 (bug #818399)
	NOTE: https://github.com/uclouvain/openjpeg/commit/1a8318f6c24623189ecb65e049267c6f2e005c0e
CVE-2016-1923 (Heap-based buffer overflow in the opj_j2k_update_image_data function i ...)
	- openjpeg2 2.1.1-1 (bug #818399)
	[jessie] - openjpeg2 <no-dsa> (Minor issue, too intrusive to backport)
CVE-2016-1920 (Samsung KNOX 1.0.0 uses the shared certificate on Android, which allow ...)
	NOT-FOR-US: KNOX 1.0 / Android 4.3
CVE-2016-1919 (Samsung KNOX 1.0 uses a weak eCryptFS Key generation algorithm, which  ...)
	NOT-FOR-US: KNOX 1.0 / Android 4.3
CVE-2016-1902 (The nextBytes function in the SecureRandom class in Symfony before 2.3 ...)
	{DSA-3588-1}
	- symfony 2.7.9+dfsg-1
	NOTE: http://symfony.com/blog/cve-2016-1902-securerandom-s-fallback-not-secure-when-openssl-fails
	NOTE: https://github.com/symfony/symfony/pull/17359
CVE-2016-1906 (Openshift allows remote attackers to gain privileges by updating a bui ...)
	- kubernetes <not-affected> (Openshift Specific)
	NOTE: https://github.com/openshift/origin/issues/6556
	NOTE: https://github.com/openshift/origin/pull/6576
CVE-2016-1905 (The API server in Kubernetes does not properly check admission control ...)
	- kubernetes <not-affected> (Fixed before the initial release in Debian, 1.2.0)
	NOTE: https://github.com/kubernetes/kubernetes/issues/19479
	NOTE: https://github.com/kubernetes/kubernetes/pull/19481
CVE-2016-1904 (Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7. ...)
	- php5 <not-affected> (Vulnerable code not present)
	- php5.6 <not-affected> (Vulnerable code not present)
	NOTE: Already using safe_emalloc() in php_escape_shell_cmd()
	- php7.0 7.0.2-1
	NOTE: https://bugs.php.net/bug.php?id=71270
	NOTE: https://github.com/php/php-src/commit/2871c70efaaaa0f102557a17c727fd4d5204dd4b
CVE-2016-1903 (The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolatio ...)
	- php5 5.6.17+dfsg-1
	[jessie] - php5 5.6.14+dfsg-0+deb8u1
	[wheezy] - php5 <not-affected> (Vulnerable code not present)
	[squeeze] - php5 <not-affected> (Vulnerable code not present, check in gdImageRotate() already available)
	- php5.6 5.6.17+dfsg-1
	- php7.0 7.0.2-1
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: https://bugs.php.net/bug.php?id=70976
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=4b8394dd78571826ac66a69dc240c623f31d78f8
	NOTE: Fix in HHVM: https://github.com/facebook/hhvm/commit/f91abcc3b156823688c54158fc4fa36d87570afe
CVE-2016-1901 (Integer overflow in the authenticate_post function in CGit before 0.12 ...)
	{DSA-3545-1}
	- cgit 0.11.2.git2.3.2-1.1 (bug #812411)
	NOTE: http://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763 (v0.12)
CVE-2016-1900 (CRLF injection vulnerability in the cgit_print_http_headers function i ...)
	{DSA-3545-1}
	- cgit 0.11.2.git2.3.2-1.1 (bug #812411)
	NOTE: http://git.zx2c4.com/cgit/commit/?id=513b3863d999f91b47d7e9f26710390db55f9463 (v0.12)
CVE-2016-1899 (CRLF injection vulnerability in the ui-blob handler in CGit before 0.1 ...)
	{DSA-3545-1}
	- cgit 0.11.2.git2.3.2-1.1 (bug #812411)
	NOTE: http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96 (v0.12)
CVE-2016-1896 (Race condition in the initialization process on Lexmark printers with  ...)
	NOT-FOR-US: Firmware in Lexmark printers
CVE-2016-1895 (NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote  ...)
	NOT-FOR-US: NetApp
CVE-2016-1894 (NetApp OnCommand Workflow Automation before 3.1P2 allows remote attack ...)
	NOT-FOR-US: NetApp
CVE-2016-1893
	RESERVED
CVE-2016-1892
	RESERVED
CVE-2016-1891
	RESERVED
CVE-2016-1890
	RESERVED
CVE-2016-1889 (Integer overflow in the bhyve hypervisor in FreeBSD 10.1, 10.2, 10.3,  ...)
	NOT-FOR-US: bhyve hypervisor for FreeBSD
CVE-2016-1888 (The telnetd service in FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0 allows  ...)
	NOT-FOR-US: telnetd in FreeBSD
CVE-2016-1887 (Integer signedness error in the sockargs function in sys/kern/uipc_sys ...)
	- kfreebsd-10 10.3~svn300087-1 (unimportant; bug #824605)
	NOTE: kfreebsd not covered by security support in Jessie
CVE-2016-1886 (Integer signedness error in the genkbd_commonioctl function in sys/dev ...)
	- kfreebsd-10 10.3~svn300087-1 (unimportant; bug #824604)
	NOTE: kfreebsd not covered by security support in Jessie
CVE-2016-1885 (Integer signedness error in the amd64_set_ldt function in sys/amd64/am ...)
	- kfreebsd-10 10.3~svn300087-1 (unimportant; bug #818426)
	NOTE: kfreebsd not covered by security support in Jessie
	- kfreebsd-9 <removed>
	[wheezy] - kfreebsd-9 <end-of-life> (Unsupported in wheezy-lts)
CVE-2016-1884
	RESERVED
CVE-2016-1883 (The issetugid system call in the Linux compatibility layer in FreeBSD  ...)
	- kfreebsd-10 10.3~svn300087-1 (unimportant)
	- kfreebsd-9 <removed> (unimportant)
	NOTE: kfreebsd not covered by security support in Jessie
CVE-2016-1882 (FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remo ...)
	- kfreebsd-10 10.3~svn296373-1 (unimportant; bug #811280)
	NOTE: kfreebsd not covered by security support in Jessie
	- kfreebsd-9 <removed>
	[wheezy] - kfreebsd-9 <end-of-life> (Unsupported in wheezy-lts)
CVE-2016-1881 (The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause  ...)
	- kfreebsd-10 10.3~svn296373-1 (unimportant; bug #811279)
	NOTE: kfreebsd not covered by security support in Jessie
	- kfreebsd-9 <removed>
	[wheezy] - kfreebsd-9 <end-of-life> (Unsupported in wheezy-lts)
CVE-2016-1880 (The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and  ...)
	- kfreebsd-10 10.3~svn296373-1 (unimportant; bug #811278)
	NOTE: kfreebsd not covered by security support in Jessie
	- kfreebsd-9 <removed>
	[wheezy] - kfreebsd-9 <end-of-life> (Unsupported in wheezy-lts)
CVE-2016-1879 (The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3  ...)
	- kfreebsd-10 <unfixed> (unimportant; bug #811277)
	NOTE: kfreebsd not covered by security support in Jessie
	- kfreebsd-9 <removed>
	[wheezy] - kfreebsd-9 <end-of-life> (Unsupported in wheezy-lts)
CVE-2016-1878
	RESERVED
CVE-2016-1877
	RESERVED
CVE-2016-1876 (The backend service process in Lenovo Solution Center (aka LSC) before ...)
	NOT-FOR-US: Lenovo
CVE-2016-1875
	RESERVED
CVE-2016-1874
	RESERVED
CVE-2016-1873
	RESERVED
CVE-2016-1872
	RESERVED
CVE-2016-1871
	RESERVED
CVE-2016-1870
	RESERVED
CVE-2016-1869
	RESERVED
CVE-2016-1868
	RESERVED
CVE-2016-1866 (Salt 2015.8.x before 2015.8.4 does not properly handle clear messages  ...)
	- salt 2015.8.5+ds-1
	[jessie] - salt <not-affected> (affects only the 2015.8.x releases of Salt)
	NOTE: https://docs.saltstack.com/en/latest/topics/releases/2015.8.5.html
CVE-2016-1865 (The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-1864 (The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari  ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1863 (The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-1862 (Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-1861 (The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 all ...)
	NOT-FOR-US: Apple
CVE-2016-1860 (Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-1859 (The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari bef ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1858 (WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tv ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1857 (WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tv ...)
	- webkitgtk 2.12.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-1856 (WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tv ...)
	- webkitgtk 2.12.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-1855 (WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tv ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1854 (WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tv ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1853 (Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sen ...)
	NOT-FOR-US: Apple
CVE-2016-1852 (Siri in Apple iOS before 9.3.2 does not block data detectors within re ...)
	NOT-FOR-US: Apple
CVE-2016-1851 (The Screen Lock feature in Apple OS X before 10.11.5 mishandles passwo ...)
	NOT-FOR-US: Apple
CVE-2016-1850 (SceneKit in Apple OS X before 10.11.5 allows remote attackers to execu ...)
	NOT-FOR-US: Apple
CVE-2016-1849 (The "Clear History and Website Data" feature in Apple Safari before 9. ...)
	NOT-FOR-US: Apple
CVE-2016-1848 (QuickTime in Apple OS X before 10.11.5 allows remote attackers to exec ...)
	NOT-FOR-US: Apple
CVE-2016-1847 (OpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS b ...)
	NOT-FOR-US: Apple
CVE-2016-1846 (The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drive ...)
	NOT-FOR-US: Apple
CVE-2016-1845
	REJECTED
CVE-2016-1844 (The Messages component in Apple OS X before 10.11.5 mishandles roster  ...)
	NOT-FOR-US: Apple
CVE-2016-1843 (The Messages component in Apple OS X before 10.11.5 mishandles filenam ...)
	NOT-FOR-US: Apple
CVE-2016-1842 (MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS bef ...)
	NOT-FOR-US: Apple
CVE-2016-1841 (libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS  ...)
	- libxslt 1.1.29-1
	[jessie] - libxslt 1.1.28-2+deb8u1
	[wheezy] - libxslt 1.1.26-14.1+deb7u1
	NOTE: upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=758291
	NOTE: upstream commit: https://git.gnome.org/browse/libxslt/commit/?id=fc1ff481fd01e9a65a921c542fed68d8c965e8a3
CVE-2016-1840 (Heap-based buffer overflow in the xmlFAParsePosCharGroup function in l ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=cbb271655cadeb8dbb258a64701d9a3a0c4835b4 (v2.9.4)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=757711
CVE-2016-1839 (The xmlDictAddString function in libxml2 before 2.9.4, as used in Appl ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=a820dbeac29d330bae4be05d9ecd939ad6b4aa33 (v2.9.4)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758605
	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=637
CVE-2016-1838 (The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4 ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=db07dd613e461df93dde7902c6505629bf0734e9 (v2.9.4)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758588
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=639
CVE-2016-1837 (Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiter ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=11ed4a7a90d5ce156a18980a4ad4e53e77384852 (v2.9.4)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=760263
CVE-2016-1836 (Use-after-free vulnerability in the xmlDictComputeFastKey function in  ...)
	{DSA-3593-1}
	- libxml2 2.9.3+dfsg1-1.1
	[wheezy] - libxml2 <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=45752d2c334b50016666d8f0ec3691e2d680f0a0 (v2.9.4)
	NOTE: Introduced by: https://git.gnome.org/browse/libxml2/commit/?id=dcc19503193c71596278a252064a8ce66331b3cd (v2.9.2)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759398
	NOTE: Regression applies to Jessie, since fix backported as 0007-Fix-a-parsing-bug-on-non-ascii-element-and-CR-LF-usa.patch
CVE-2016-1835 (Use-after-free vulnerability in the xmlSAX2AttributeNs function in lib ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=38eae571111db3b43ffdeb05487c9f60551906fb (v2.9.4)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759020
CVE-2016-1834 (Heap-based buffer overflow in the xmlStrncat function in libxml2 befor ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=8fbbf5513d609c1770b391b99e33314cd0742704 (v2.9.4)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=763071
CVE-2016-1833 (The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=0bcd05c5cd83dec3406c8f68b769b1d610c72f76 (v2.9.4)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758606
CVE-2016-1832 (libc in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1 ...)
	NOT-FOR-US: Apple
CVE-2016-1831 (The kernel in Apple iOS before 9.3.2 and OS X before 10.11.5 allows at ...)
	NOT-FOR-US: Apple
CVE-2016-1830 (The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-1829 (The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-1828 (The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-1827 (The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-1826 (Integer overflow in the dtrace implementation in the kernel in Apple O ...)
	NOT-FOR-US: Apple
CVE-2016-1825 (IOHIDFamily in Apple OS X before 10.11.5 allows attackers to execute a ...)
	NOT-FOR-US: Apple
CVE-2016-1824 (IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS befor ...)
	NOT-FOR-US: Apple
CVE-2016-1823 (The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3 ...)
	NOT-FOR-US: Apple
CVE-2016-1822 (IOFireWireFamily in Apple OS X before 10.11.5 allows attackers to exec ...)
	NOT-FOR-US: Apple
CVE-2016-1821 (IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2016-1820 (Buffer overflow in IOAudioFamily in Apple OS X before 10.11.5 allows a ...)
	NOT-FOR-US: Apple
CVE-2016-1819 (Use-after-free vulnerability in the IOAccelContext2::clientMemoryForTy ...)
	NOT-FOR-US: Apple
CVE-2016-1818 (IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tv ...)
	NOT-FOR-US: Apple
CVE-2016-1817 (IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tv ...)
	NOT-FOR-US: Apple
CVE-2016-1816 (IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to e ...)
	NOT-FOR-US: Apple
CVE-2016-1815 (IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to e ...)
	NOT-FOR-US: Apple
CVE-2016-1814 (IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, an ...)
	NOT-FOR-US: Apple
CVE-2016-1813 (The IOAccelSharedUserClient2::page_off_resource method in Apple iOS be ...)
	NOT-FOR-US: Apple
CVE-2016-1812 (Buffer overflow in Intel Graphics Driver in Apple OS X before 10.11.5  ...)
	NOT-FOR-US: Apple
CVE-2016-1811 (ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9. ...)
	NOT-FOR-US: Apple
CVE-2016-1810 (The Graphics Drivers subsystem in Apple OS X before 10.11.5 allows att ...)
	NOT-FOR-US: Apple
CVE-2016-1809 (Disk Utility in Apple OS X before 10.11.5 uses incorrect encryption ke ...)
	NOT-FOR-US: Apple
CVE-2016-1808 (The Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11 ...)
	NOT-FOR-US: Apple
CVE-2016-1807 (Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, ...)
	NOT-FOR-US: Apple
CVE-2016-1806 (Crash Reporter in Apple OS X before 10.11.5 allows attackers to execut ...)
	NOT-FOR-US: Apple
CVE-2016-1805 (CoreStorage in Apple OS X before 10.11.5 allows attackers to execute a ...)
	NOT-FOR-US: Apple
CVE-2016-1804 (The Multi-Touch subsystem in Apple OS X before 10.11.5 allows attacker ...)
	NOT-FOR-US: Apple
CVE-2016-1803 (CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS befor ...)
	NOT-FOR-US: Apple
CVE-2016-1802 (CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5 ...)
	NOT-FOR-US: Apple
CVE-2016-1801 (The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before ...)
	NOT-FOR-US: Apple
CVE-2016-1800 (Captive Network Assistant in Apple OS X before 10.11.5 mishandles a cu ...)
	NOT-FOR-US: Apple
CVE-2016-1799 (Audio in Apple OS X before 10.11.5 allows attackers to execute arbitra ...)
	NOT-FOR-US: Apple
CVE-2016-1798 (Audio in Apple OS X before 10.11.5 allows attackers to cause a denial  ...)
	NOT-FOR-US: Apple
CVE-2016-1797 (Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attacker ...)
	NOT-FOR-US: Apple
CVE-2016-1796 (Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attacker ...)
	NOT-FOR-US: Apple
CVE-2016-1795 (AppleGraphicsPowerManagement in Apple OS X before 10.11.5 allows attac ...)
	NOT-FOR-US: Apple
CVE-2016-1794 (The AppleGraphicsControlClient::checkArguments method in AppleGraphics ...)
	NOT-FOR-US: Apple
CVE-2016-1793 (AppleGraphicsDeviceControlClient in Apple OS X before 10.11.5 allows a ...)
	NOT-FOR-US: Apple
CVE-2016-1792 (The AMD subsystem in Apple OS X before 10.11.5 allows attackers to exe ...)
	NOT-FOR-US: Apple
CVE-2016-1791 (The AMD subsystem in Apple OS X before 10.11.5 allows attackers to obt ...)
	NOT-FOR-US: Apple
CVE-2016-1790 (Buffer overflow in the Accessibility component in Apple iOS before 9.3 ...)
	NOT-FOR-US: Apple
CVE-2016-1789 (Apple iBooks Author before 2.4.1 allows remote attackers to read arbit ...)
	NOT-FOR-US: Apple
CVE-2016-1788 (Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS bef ...)
	NOT-FOR-US: Apple
CVE-2016-1787 (Wiki Server in Apple OS X Server before 5.1 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-1786 (The Page Loading implementation in WebKit in Apple iOS before 9.3 and  ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1785 (The Page Loading implementation in WebKit in Apple iOS before 9.3 and  ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1784 (The History implementation in WebKit in Apple iOS before 9.3, Safari b ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1783 (WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1782 (WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1781 (WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attach ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1780 (WebKit in Apple iOS before 9.3 does not prevent hidden web views from  ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1779 (WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote att ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1778 (WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote att ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1777 (Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1776 (Web Server in Apple OS X Server before 5.1 does not properly restrict  ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1775 (TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS befo ...)
	NOT-FOR-US: Apple
CVE-2016-1774 (The Time Machine server in Server App in Apple OS X Server before 5.1  ...)
	NOT-FOR-US: Apple
CVE-2016-1773 (The code-signing subsystem in Apple OS X before 10.11.4 does not prope ...)
	NOT-FOR-US: Apple
CVE-2016-1772 (The Top Sites feature in Apple Safari before 9.1 mishandles cookie sto ...)
	NOT-FOR-US: Apple
CVE-2016-1771 (The Downloads feature in Apple Safari before 9.1 mishandles file expan ...)
	NOT-FOR-US: Apple
CVE-2016-1770 (The Reminders component in Apple OS X before 10.11.4 allows attackers  ...)
	NOT-FOR-US: Apple
CVE-2016-1769 (QuickTime in Apple OS X before 10.11.4 allows remote attackers to exec ...)
	NOT-FOR-US: Apple
CVE-2016-1768 (QuickTime in Apple OS X before 10.11.4 allows remote attackers to exec ...)
	NOT-FOR-US: Apple
CVE-2016-1767 (QuickTime in Apple OS X before 10.11.4 allows remote attackers to exec ...)
	NOT-FOR-US: Apple
CVE-2016-1766 (The Profiles component in Apple iOS before 9.3 does not properly valid ...)
	NOT-FOR-US: Apple
CVE-2016-1765 (otool in Apple Xcode before 7.3 allows local users to gain privileges  ...)
	NOT-FOR-US: Apple
CVE-2016-1764 (The Content Security Policy (CSP) implementation in Messages in Apple  ...)
	NOT-FOR-US: Apple
CVE-2016-1763 (Messages in Apple iOS before 9.3 does not ensure that an auto-fill act ...)
	NOT-FOR-US: Apple
CVE-2016-1762 (The xmlNextChar function in libxml2 before 2.9.4 allows remote attacke ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=a7a94612aa3b16779e2c74e1fa353b5d9786c602
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759671
CVE-2016-1761 (libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS befo ...)
	NOT-FOR-US: No public details available, probably Apple specific libxml2 changes
	NOTE: Marking as NFU since a regular libxml2 security issue would have trickled down
	NOTE: via libxml upstream
CVE-2016-1760 (The XPC Services API in LaunchServices in Apple iOS before 9.3 allows  ...)
	NOT-FOR-US: Apple
CVE-2016-1759 (The kernel in Apple OS X before 10.11.4 allows attackers to execute ar ...)
	NOT-FOR-US: Apple
CVE-2016-1758 (The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows atta ...)
	NOT-FOR-US: Apple
CVE-2016-1757 (Race condition in the kernel in Apple iOS before 9.3 and OS X before 1 ...)
	NOT-FOR-US: Apple
CVE-2016-1756 (The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows atta ...)
	NOT-FOR-US: Apple
CVE-2016-1755 (The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9 ...)
	NOT-FOR-US: Apple
CVE-2016-1754 (The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9 ...)
	NOT-FOR-US: Apple
CVE-2016-1753 (Multiple integer overflows in the kernel in Apple iOS before 9.3, OS X ...)
	NOT-FOR-US: Apple
CVE-2016-1752 (The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9 ...)
	NOT-FOR-US: Apple
CVE-2016-1751 (The kernel in Apple iOS before 9.3, tvOS before 9.2, and watchOS befor ...)
	NOT-FOR-US: Apple
CVE-2016-1750 (Use-after-free vulnerability in the kernel in Apple iOS before 9.3, OS ...)
	NOT-FOR-US: Apple
CVE-2016-1749 (IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute a ...)
	NOT-FOR-US: Apple
CVE-2016-1748 (IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before  ...)
	NOT-FOR-US: Apple
CVE-2016-1747 (IOGraphics in Apple OS X before 10.11.4 allows attackers to execute ar ...)
	NOT-FOR-US: Apple
CVE-2016-1746 (IOGraphics in Apple OS X before 10.11.4 allows attackers to execute ar ...)
	NOT-FOR-US: Apple
CVE-2016-1745 (IOFireWireFamily in Apple OS X before 10.11.4 allows local users to ca ...)
	NOT-FOR-US: Apple
CVE-2016-1744 (The Intel driver in the Graphics Drivers subsystem in Apple OS X befor ...)
	NOT-FOR-US: Apple
CVE-2016-1743 (The Intel driver in the Graphics Drivers subsystem in Apple OS X befor ...)
	NOT-FOR-US: Apple
CVE-2016-1742 (Untrusted search path vulnerability in the installer in Apple iTunes b ...)
	NOT-FOR-US: Apple
CVE-2016-1741 (The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X befo ...)
	NOT-FOR-US: Apple / NVIDIA
CVE-2016-1740 (FontParser in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9 ...)
	NOT-FOR-US: Apple
CVE-2016-1739
	REJECTED
CVE-2016-1738 (dyld in Apple OS X before 10.11.4 allows attackers to bypass a code-si ...)
	NOT-FOR-US: Apple
CVE-2016-1737 (Carbon in Apple OS X before 10.11.4 allows remote attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2016-1736 (Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arb ...)
	NOT-FOR-US: Apple
CVE-2016-1735 (Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arb ...)
	NOT-FOR-US: Apple
CVE-2016-1734 (AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 all ...)
	NOT-FOR-US: Apple
CVE-2016-1733 (AppleRAID in Apple OS X before 10.11.4 allows attackers to execute arb ...)
	NOT-FOR-US: Apple
CVE-2016-1732 (AppleRAID in Apple OS X before 10.11.4 allows local users to obtain se ...)
	NOT-FOR-US: Apple
CVE-2016-1731 (Apple Software Update before 2.2 on Windows does not use HTTPS, which  ...)
	NOT-FOR-US: Apple
CVE-2016-1730 (WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or  ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1729 (Untrusted search path vulnerability in OSA Scripts in Apple OS X befor ...)
	NOT-FOR-US: Apple
CVE-2016-1728 (The Cascading Style Sheets (CSS) implementation in Apple iOS before 9. ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1727 (WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tv ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1726 (WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, all ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1725 (WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, all ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1724 (WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tv ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1723 (WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, all ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1722 (syslog in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1721 (The kernel in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS be ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1720 (IOKit in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before  ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1719 (The IOHIDFamily API in Apple iOS before 9.2.1, OS X before 10.11.3, an ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1718 (The IOAcceleratorFamily2 interface in IOAcceleratorFamily in Apple OS  ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1717 (The Disk Images component in Apple iOS before 9.2.1, OS X before 10.11 ...)
	NOT-FOR-US: Apple
CVE-2016-1716 (AppleGraphicsPowerManagement in Apple OS X before 10.11.3 allows local ...)
	NOT-FOR-US: Apple
CVE-2016-1908 (The client in OpenSSH before 7.2 mishandles failed cookie generation f ...)
	{DLA-1500-1}
	- openssh 1:7.2p1-1
	[wheezy] - openssh <no-dsa> (Minor issue)
	[squeeze] - openssh <no-dsa> (Minor issue)
	NOTE: Upstream commit: https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c
	NOTE: which needs to be applied after: https://anongit.mindrot.org/openssh.git/commit/?id=f98a09cacff7baad8748c9aa217afd155a4d493f
	NOTE: Background information on X11 SECURITY extension and SSH: https://thejh.net/written-stuff/openssh-6.8-xsecurity
	NOTE: https://lists.mindrot.org/pipermail/openssh-unix-dev/2016-January/034684.html
	NOTE: Red Hat Bugzilla entry: https://bugzilla.redhat.com/show_bug.cgi?id=1298741
	NOTE: vulnerability is partly due to /etc/X11/Xsession.d/35x11-common_xhost-local introduced in x11-common in 1:7.6+9 (wheezy and up)
	NOTE: https://lists.debian.org/debian-lts/2016/01/msg00029.html
	NOTE: Upstream announce: http://www.openssh.com/txt/release-7.2
CVE-2016-1907 (The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 ...)
	- openssh 1:7.1p2-1
	[jessie] - openssh <not-affected> (Vulnerable code not present; Introduced in OpenSSH 6.8)
	[wheezy] - openssh <not-affected> (Vulnerable code not present; Introduced in OpenSSH 6.8)
	[squeeze] - openssh <not-affected> (Issue introduced in OpenSSH 6.8)
	NOTE: Fixed by: https://anongit.mindrot.org/openssh.git/commit/?id=2fecfd486bdba9f51b3a789277bb0733ca36e1c0
	NOTE: Introduced by: https://anongit.mindrot.org/openssh.git/commit/packet.c?id=091c302829210c41e7f57c3f094c7b9c054306f0 (V_6_8_P1)
CVE-2016-1898 (FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and ...)
	{DSA-3506-1}
	- ffmpeg 7:2.8.5-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <removed>
	NOTE: http://habrahabr.ru/company/mailru/blog/274855
	NOTE: Fixed in 2.8.5 upstream
CVE-2016-1897 (FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and ...)
	{DSA-3506-1}
	- ffmpeg 7:2.8.5-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <removed>
	NOTE: http://habrahabr.ru/company/mailru/blog/274855
	NOTE: Fixed in 2.8.5 upstream
CVE-2016-1867 (The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers ...)
	{DSA-3785-1}
	- jasper <removed> (bug #811023)
	[jessie] - jasper <no-dsa> (Minor issue)
	[wheezy] - jasper <no-dsa> (Minor issue)
	[squeeze] - jasper <no-dsa> (Minor issue)
CVE-2016-1715 (The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 b ...)
	NOT-FOR-US: swin.sys kernel driver in McAfee Application Control
CVE-2016-1713 (Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyD ...)
	NOT-FOR-US: vTiger
CVE-2016-1712 (Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x be ...)
	NOT-FOR-US: Palo Alto Networks
CVE-2016-1711 (WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google  ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1710 (The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeC ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1709 (Heap-based buffer overflow in the ByteArray::Get method in data/byte_a ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1708 (The Chrome Web Store inline-installation implementation in the Extensi ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1707 (ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52. ...)
	{DSA-3637-1}
	- chromium-browser <not-affected> (Only affects chromium-browser on iOS)
CVE-2016-1706 (The PPAPI implementation in Google Chrome before 52.0.2743.82 does not ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1705 (Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743 ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1704 (Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704 ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1703 (Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704 ...)
	{DSA-3594-1}
	- chromium-browser 51.0.2704.79-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1702 (The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as ...)
	{DSA-3594-1}
	- chromium-browser 51.0.2704.79-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1701 (The Autofill implementation in Google Chrome before 51.0.2704.79 misha ...)
	{DSA-3594-1}
	- chromium-browser 51.0.2704.79-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1700 (extensions/renderer/runtime_custom_bindings.cc in Google Chrome before ...)
	{DSA-3594-1}
	- chromium-browser 51.0.2704.79-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1699 (WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (a ...)
	{DSA-3594-1}
	- chromium-browser 51.0.2704.79-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1698 (The createCustomType function in extensions/renderer/resources/binding ...)
	{DSA-3594-1}
	- chromium-browser 51.0.2704.79-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1697 (The FrameLoader::startLoad function in WebKit/Source/core/loader/Frame ...)
	{DSA-3594-1}
	- chromium-browser 51.0.2704.79-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1696 (The extensions subsystem in Google Chrome before 51.0.2704.79 does not ...)
	{DSA-3594-1}
	- chromium-browser 51.0.2704.79-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1695 (Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704 ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1694 (browser/browsing_data/browsing_data_remover.cc in Google Chrome before ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1693 (browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 5 ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1692 (WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Goo ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1691 (Skia, as used in Google Chrome before 51.0.2704.63, mishandles coincid ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1690 (The Autofill implementation in Google Chrome before 51.0.2704.63 misha ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1689 (Heap-based buffer overflow in content/renderer/media/canvas_capture_ha ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1688 (The regexp (aka regular expression) implementation in Google V8 before ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-1687 (The renderer implementation in Google Chrome before 51.0.2704.63 does  ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1686 (The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1685 (core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1684 (numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51 ...)
	{DSA-3605-1 DSA-3590-1 DLA-514-1}
	- libxslt 1.1.29-1
	NOTE: https://git.gnome.org/browse/libxslt/commit/?id=91d0540ac9beaa86719a05b749219a69baa0dd8d (v1.1.29-rc1)
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: Chromium bug report: https://code.google.com/p/chromium/issues/detail?id=583171
CVE-2016-1683 (numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51 ...)
	{DSA-3605-1 DSA-3590-1 DLA-514-1}
	- libxslt 1.1.29-1
	NOTE: https://git.gnome.org/browse/libxslt/commit/?id=d182d8f6ba3071503d96ce17395c9d55871f0242 (v1.1.29-rc1)
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: Chromium bug report: https://code.google.com/p/chromium/issues/detail?id=583156
CVE-2016-1682 (The ServiceWorkerContainer::registerServiceWorkerImpl function in WebK ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1681 (Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: http://blog.talosintel.com/2016/06/pdfium.html
CVE-2016-1680 (Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1679 (The ToV8Value function in content/child/v8_value_converter_impl.cc in  ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1678 (objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome bef ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-1677 (uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-1676 (extensions/renderer/resources/binding.js in the extension bindings in  ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1675 (Blink, as used in Google Chrome before 51.0.2704.63, allows remote att ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1674 (The extensions subsystem in Google Chrome before 51.0.2704.63 allows r ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1673 (Blink, as used in Google Chrome before 51.0.2704.63, allows remote att ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1672 (The ModuleSystem::RequireForJsInner function in extensions/renderer/mo ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1671 (Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and ...)
	- chromium-browser <not-affected> (Android-specific)
CVE-2016-1670 (Race condition in the ResourceDispatcherHostImpl::BeginRequest functio ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1669 (The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as us ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	- nodejs 4.4.6~dfsg-1 (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-1668 (The forEachForBinding function in WebKit/Source/bindings/core/v8/Itera ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1667 (The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeSc ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1666 (Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661 ...)
	{DSA-3564-1}
	- chromium-browser 50.0.2661.94-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1665 (The JSGenericLowering class in compiler/js-generic-lowering.cc in Goog ...)
	{DSA-3564-1}
	- chromium-browser 50.0.2661.94-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-1664 (The HistoryController::UpdateForCommit function in content/renderer/hi ...)
	{DSA-3564-1}
	- chromium-browser 50.0.2661.94-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1663 (The SerializedScriptValue::transferArrayBuffers function in WebKit/Sou ...)
	{DSA-3564-1}
	- chromium-browser 50.0.2661.94-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1662 (extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.9 ...)
	{DSA-3564-1}
	- chromium-browser 50.0.2661.94-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1661 (Blink, as used in Google Chrome before 50.0.2661.94, does not ensure t ...)
	{DSA-3564-1}
	- chromium-browser 50.0.2661.94-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1660 (Blink, as used in Google Chrome before 50.0.2661.94, mishandles assert ...)
	{DSA-3564-1}
	- chromium-browser 50.0.2661.94-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1659 (Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661 ...)
	{DSA-3549-1}
	- chromium-browser 50.0.2661.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1658 (The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrec ...)
	{DSA-3549-1}
	- chromium-browser 50.0.2661.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1657 (The WebContentsImpl::FocusLocationBarByDefault function in content/bro ...)
	{DSA-3549-1}
	- chromium-browser 50.0.2661.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1656 (The download implementation in Google Chrome before 50.0.2661.75 on An ...)
	- chromium-browser <not-affected> (Android-specific)
CVE-2016-1655 (Google Chrome before 50.0.2661.75 does not properly consider that fram ...)
	{DSA-3549-1}
	- chromium-browser 50.0.2661.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1654 (The media subsystem in Google Chrome before 50.0.2661.75 does not init ...)
	{DSA-3549-1}
	- chromium-browser 50.0.2661.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1653 (The LoadBuffer implementation in Google V8, as used in Google Chrome b ...)
	{DSA-3549-1}
	- chromium-browser 50.0.2661.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-1652 (Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireF ...)
	{DSA-3549-1}
	- chromium-browser 50.0.2661.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1651 (fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome ...)
	{DSA-3549-1}
	- chromium-browser 50.0.2661.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1650 (The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/ ...)
	{DSA-3531-1}
	- chromium-browser 49.0.2623.108-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1649 (The Program::getUniformInternal function in Program.cpp in libANGLE, a ...)
	{DSA-3531-1}
	- chromium-browser 49.0.2623.108-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1648 (Use-after-free vulnerability in the GetLoadTimes function in renderer/ ...)
	{DSA-3531-1}
	- chromium-browser 49.0.2623.108-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1647 (Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy func ...)
	{DSA-3531-1}
	- chromium-browser 49.0.2623.108-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1646 (The Array.prototype.concat implementation in builtins.cc in Google V8, ...)
	{DSA-3531-1}
	- chromium-browser 49.0.2623.108-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-1645 (Multiple integer signedness errors in the opj_j2k_update_image_data fu ...)
	{DSA-3513-1}
	- chromium-browser 49.0.2623.87-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1644 (WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google ...)
	{DSA-3513-1}
	- chromium-browser 49.0.2623.87-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1643 (The ImageInputType::ensurePrimaryContent function in WebKit/Source/cor ...)
	{DSA-3513-1}
	- chromium-browser 49.0.2623.87-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1642 (Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623 ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1641 (Use-after-free vulnerability in content/browser/web_contents/web_conte ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1640 (The Web Store inline-installer implementation in the Extensions UI in  ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1639 (Use-after-free vulnerability in browser/extensions/api/webrtc_audio_pr ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1638 (extensions/renderer/resources/platform_app.js in the Extensions subsys ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1637 (The SkATan2_255 function in effects/gradients/SkSweepGradient.cpp in S ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1636 (The PendingScript::notifyFinished function in WebKit/Source/core/dom/P ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1635 (extensions/renderer/render_frame_observer_natives.cc in Google Chrome  ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1634 (Use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1633 (Use-after-free vulnerability in Blink, as used in Google Chrome before ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1632 (The Extensions subsystem in Google Chrome before 49.0.2623.75 does not ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1631 (The PPB_Flash_MessageLoop_Impl::InternalRun function in content/render ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1630 (The ContainerNode::parserRemoveChild function in WebKit/Source/core/do ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1629 (Google Chrome before 48.0.2564.116 allows remote attackers to bypass t ...)
	{DSA-3486-1}
	- chromium-browser 48.0.2564.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1628 (pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564. ...)
	{DSA-4013-1 DSA-3486-1}
	- openjpeg <removed>
	[jessie] - openjpeg <not-affected> (Vulnerable code introduced later)
	[wheezy] - openjpeg <not-affected> (Vulnerable code introduced later)
	- openjpeg2 2.1.2-1.2
	- chromium-browser 48.0.2564.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
	NOTE: openjpeg2 fixed in google by https://pdfium.googlesource.com/pdfium.git/+/76c995796f95fd4c54c5f11d2a04392f16478619%5E%21/#F2
	NOTE: https://github.com/uclouvain/openjpeg/issues/850
	NOTE: https://github.com/uclouvain/openjpeg/commit/11445eddad7e7fa5b273d1c83c91011c44e5d586
CVE-2016-1627 (The Developer Tools (aka DevTools) subsystem in Google Chrome before 4 ...)
	{DSA-3486-1}
	- chromium-browser 48.0.2564.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1626 (The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in  ...)
	{DSA-4013-1 DSA-3486-1}
	- openjpeg <removed>
	[jessie] - openjpeg <not-affected> (Vulnerable code introduced later)
	[wheezy] - openjpeg <not-affected> (Vulnerable code introduced later)
	- openjpeg2 2.1.2-1.2
	- chromium-browser 48.0.2564.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
	NOTE: openjpeg2 fixed in google by https://pdfium.googlesource.com/pdfium.git/+/76c995796f95fd4c54c5f11d2a04392f16478619%5E%21/#F2
	NOTE: https://github.com/uclouvain/openjpeg/issues/850
	NOTE: https://github.com/uclouvain/openjpeg/commit/11445eddad7e7fa5b273d1c83c91011c44e5d586
CVE-2016-1625 (The Chrome Instant feature in Google Chrome before 48.0.2564.109 does  ...)
	{DSA-3486-1}
	- chromium-browser 48.0.2564.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1624 (Integer underflow in the ProcessCommandsInternal function in dec/decod ...)
	{DSA-3486-1}
	- chromium-browser 48.0.2564.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
	- brotli 0.3.0+dfsg-3 (bug #817233)
	NOTE: https://codereview.chromium.org/1662313002
	NOTE: https://codereview.chromium.org/1662313002/diff/1/third_party/brotli/dec/decode.c
	NOTE: Same fix/change as for CVE-2016-1968
CVE-2016-1623 (The DOM implementation in Google Chrome before 48.0.2564.109 does not  ...)
	{DSA-3486-1}
	- chromium-browser 48.0.2564.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1622 (The Extensions subsystem in Google Chrome before 48.0.2564.109 does no ...)
	{DSA-3486-1}
	- chromium-browser 48.0.2564.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1621 (libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LM ...)
	- libvpx 1.6.1-1
	[jessie] - libvpx <not-affected> (Vulnerable code not present, libwebm not yet included)
	[wheezy] - libvpx <not-affected> (Vulnerable code not present, libwebm not yet included)
	NOTE: https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d%5E!/#F1
	NOTE: probably fixed earlier than this version, but this was the version checked
CVE-2016-1620 (Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564 ...)
	{DSA-3456-1}
	- chromium-browser 48.0.2564.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1619 (Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_t ...)
	{DSA-3456-1}
	- chromium-browser 48.0.2564.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1618 (Blink, as used in Google Chrome before 48.0.2564.82, does not ensure t ...)
	{DSA-3456-1}
	- chromium-browser 48.0.2564.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1617 (The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/ ...)
	{DSA-3456-1}
	- chromium-browser 48.0.2564.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1616 (The CustomButton::AcceleratorPressed function in ui/views/controls/but ...)
	{DSA-3456-1}
	- chromium-browser 48.0.2564.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1615 (The Omnibox implementation in Google Chrome before 48.0.2564.82 allows ...)
	{DSA-3456-1}
	- chromium-browser 48.0.2564.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1614 (The UnacceleratedImageBufferSurface class in WebKit/Source/platform/gr ...)
	{DSA-3456-1}
	- chromium-browser 48.0.2564.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1613 (Multiple use-after-free vulnerabilities in the formfiller implementati ...)
	{DSA-3456-1}
	- chromium-browser 48.0.2564.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1612 (The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in ...)
	{DSA-3456-1}
	- chromium-browser 48.0.2564.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1611 (Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses wor ...)
	NOT-FOR-US: Novell Filr
CVE-2016-1610 (Directory traversal vulnerability in the email-template feature in Nov ...)
	NOT-FOR-US: Novell Filr
CVE-2016-1609 (Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr bef ...)
	NOT-FOR-US: Novell Filr
CVE-2016-1608 (vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 befo ...)
	NOT-FOR-US: Novell Filr
CVE-2016-1607 (Multiple cross-site request forgery (CSRF) vulnerabilities in the admi ...)
	NOT-FOR-US: Novell Filr
CVE-2016-1606 (Multiple stack-based buffer overflows in COM objects in Micro Focus Ru ...)
	NOT-FOR-US: Micro Focus Rumba
CVE-2016-1605 (Directory traversal vulnerability in the ReportViewServlet servlet in  ...)
	NOT-FOR-US: NetIQ Sentinel
CVE-2016-1604
	RESERVED
CVE-2016-1603 (An information leak in the NetIQ IDM ServiceNow Driver before 1.0.0.1  ...)
	NOT-FOR-US: NetIQ
CVE-2016-1602 (A code injection in the supportconfig data collection tool in supportu ...)
	NOT-FOR-US: SLES support tool
CVE-2016-1601 (yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, do ...)
	NOT-FOR-US: yast2-users / SuSE YAST
CVE-2016-1600 (The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6  ...)
	NOT-FOR-US: NetIQ Identity Manager
CVE-2016-1599 (Cross-site scripting (XSS) vulnerability in NetIQ Self Service Passwor ...)
	NOT-FOR-US: NetIQ Self Service Password Reset
CVE-2016-1598 (XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attacke ...)
	NOT-FOR-US: NetIQ IDM
CVE-2016-1597 (A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 coul ...)
	NOT-FOR-US: NetIQ
CVE-2016-1596 (Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus Nov ...)
	NOT-FOR-US: Micro Focus
CVE-2016-1595 (LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Mic ...)
	NOT-FOR-US: Micro Focus
CVE-2016-1594 (Micro Focus Novell Service Desk before 7.2 allows remote authenticated ...)
	NOT-FOR-US: Micro Focus
CVE-2016-1593 (Directory traversal vulnerability in the import users feature in Micro ...)
	NOT-FOR-US: Micro Focus
CVE-2016-1592 (XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote  ...)
	NOT-FOR-US: NetIQ Designer
CVE-2016-1591
	REJECTED
CVE-2016-1590
	REJECTED
CVE-2016-1589
	REJECTED
CVE-2016-1588
	REJECTED
CVE-2016-1587 (The Snapweb interface before version 0.21.2 was exposing controls to i ...)
	NOT-FOR-US: Snapweb
CVE-2016-1586 (A malicious webview could install long-lived unload handlers that re-u ...)
	NOT-FOR-US: Oxide
CVE-2016-1585 (In all versions of AppArmor mount rules are accidentally widened when  ...)
	- apparmor <unfixed> (low; bug #929990)
	[buster] - apparmor <ignored> (Minor overall security impact)
	[stretch] - apparmor <ignored> (Minor overall security impact)
	[jessie] - apparmor <ignored> (Minor overall security impact)
	NOTE: https://bugs.launchpad.net/apparmor/+bug/1597017
	NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=995594
	NOTE: Introduced around AppArmor 2.8 upstream.
	NOTE: Mount rules support is enabled in Debian, but the impact of the issue is
	NOTE: limited to 1. lxc (not a regression, as Debian never confined LXC with AppArmor
	NOTE: by default before buster, in particular not with mount rules), 2. libvirtd
	NOTE: but the profile is not meant to be a strong security boundary.
	NOTE: https://bugs.launchpad.net/apparmor/+bug/1597017/comments/6
CVE-2016-1584 (In all versions of Unity8 a running but not active application on a la ...)
	- unity <itp> (bug #609278)
CVE-2016-1583 (The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the  ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.6.2-1
CVE-2016-1582 (LXD before 2.0.2 does not properly set permissions when switching an u ...)
	- lxd <itp> (bug #768073)
CVE-2016-1581 (LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs. ...)
	- lxd <itp> (bug #768073)
CVE-2016-1580 (The setup_snappy_os_mounts function in the ubuntu-core-launcher packag ...)
	NOT-FOR-US: ubuntu-core-launcher
CVE-2016-1579 (UDM provides support for running commands after a download is complete ...)
	NOT-FOR-US: Ubuntu Download Manager
CVE-2016-1578 (Use-after-free vulnerability in Oxide allows remote attackers to cause ...)
	NOT-FOR-US: Oxide
CVE-2016-1577 (Double free vulnerability in the jas_iccattrval_destroy function in Ja ...)
	{DSA-3508-1}
	- jasper <removed> (bug #816625)
	NOTE: https://www.openwall.com/lists/oss-security/2016/03/03/12
CVE-2016-1576 (The overlayfs implementation in the Linux kernel through 4.5.2 does no ...)
	- linux 4.5.1-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1535150
	NOTE: http://www.halfdog.net/Security/2016/OverlayfsOverFusePrivilegeEscalation/
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9f57ebcba563e0cd532926cab83c92bb4d79360
CVE-2016-1575 (The overlayfs implementation in the Linux kernel through 4.5.2 does no ...)
	- linux 4.5.1-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1534961
	NOTE: http://www.halfdog.net/Security/2016/UserNamespaceOverlayfsXattrSetgidPrivilegeEscalation/
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9f57ebcba563e0cd532926cab83c92bb4d79360
CVE-2016-1574
	REJECTED
CVE-2016-1573 (Versions of Unity8 before 8.11+16.04.20160122-0ubuntu1 file plugins/Da ...)
	- unity <itp> (bug #609278)
CVE-2016-1572 (mount.ecryptfs_private.c in eCryptfs-utils does not validate mount des ...)
	{DSA-3450-1 DLA-397-1}
	- ecryptfs-utils 106-2
	NOTE: https://bugs.launchpad.net/ecryptfs/+bug/1530566
	NOTE: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/870
CVE-2016-1571 (The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x th ...)
	{DSA-3519-1 DLA-479-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-168.html
CVE-2016-1570 (The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, a ...)
	{DSA-3519-1 DLA-479-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-167.html
CVE-2016-1567 (chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associati ...)
	{DLA-742-1 DLA-414-1}
	- chrony 2.2.1-1 (low; bug #812923)
	[jessie] - chrony 1.30-2+deb8u2
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0071/
	NOTE: http://chrony.tuxfamily.org/news.html#_20_jan_2016_chrony_2_2_1_and_chrony_1_31_2_released
	NOTE: Fix for 2.x http://git.tuxfamily.org/chrony/chrony.git/commit/?id=a78bf9725a7b481ebff0e0c321294ba767f2c1d8
	NOTE: Fix for 1.x http://git.tuxfamily.org/chrony/chrony.git/commit/?h=1.31-security&id=df46e5ca5d70be1c0ae037f96b4b038362703832
CVE-2016-1566 (Cross-site scripting (XSS) vulnerability in the file browser in Guacam ...)
	- guacamole-client <unfixed> (bug #859136)
	[stretch] - guacamole-client <no-dsa> (Minor issue)
	[jessie] - guacamole-client <not-affected> (Vulnerable code not present)
	- guacamole <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://github.com/glyptodon/guacamole-client/commit/7da13129c432d1c0a577342a9bf23ca2bde9c367
CVE-2016-1565 (Cross-site scripting (XSS) vulnerability in the Field Group module 7.x ...)
	NOT-FOR-US: Field Group module for Drupal
CVE-2016-1714 (The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg. ...)
	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
	- qemu 1:2.5+dfsg-4
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1296060
	NOTE: Upstream fix: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00428.html
	NOTE: https://www.openwall.com/lists/oss-security/2016/01/11/7
	NOTE: fw_cfg support for guest-side data writes removed in 2.4 (1:2.4+dfsg-1a)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=023e3148567ac898c7258138f8e86c3c2bb40d07 (v2.4.0-rc0)
	NOTE: fw_cfg_read removed in: http://git.qemu.org/?p=qemu.git;a=commit;h=6c8d56a2e95712a6206a2671d2b04b2e59cabc0b
CVE-2016-1569 (FireBird 2.5.5 allows remote authenticated users to cause a denial of  ...)
	- firebird2.5 2.5.5.26952.ds4-3 (bug #810599)
	[jessie] - firebird2.5 <not-affected> (Issue introduced in 2.5.5)
	[wheezy] - firebird2.5 <not-affected> (Issue introduced in 2.5.5)
	[squeeze] - firebird2.5 <not-affected> (Issue introduced in 2.5.5)
	NOTE: http://tracker.firebirdsql.org/browse/CORE-5068
	NOTE: https://www.openwall.com/lists/oss-security/2016/01/10/2
CVE-2016-1568 (Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with ...)
	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
	- qemu 1:2.5+dfsg-2 (bug #810527)
	[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg01184.html
	NOTE: ahci emulation added in: http://git.qemu.org/?p=qemu.git;a=commit;h=f6ad2e32f8d833c7f1c75dc084a84a8f02704d64 (v0.14.0-rc0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1288532
	NOTE: https://www.openwall.com/lists/oss-security/2016/01/09/1
CVE-2016-1563 (NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certi ...)
	NOT-FOR-US: NetApp
CVE-2016-1562 (The REST API in the DTE Energy Insight application before 1.7.8 for An ...)
	NOT-FOR-US: DTE Energy Insight
CVE-2016-1561 (ExaGrid appliances with firmware before 4.8 P26 have a default SSH pub ...)
	NOT-FOR-US: ExaGrid appliances
CVE-2016-1560 (ExaGrid appliances with firmware before 4.8 P26 have a default passwor ...)
	NOT-FOR-US: ExaGrid appliances
CVE-2016-1559 (D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver ...)
	NOT-FOR-US: D-Link
CVE-2016-1558 (Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and ...)
	NOT-FOR-US: D-Link
CVE-2016-1557 (Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless ...)
	NOT-FOR-US: Netgear
CVE-2016-1556 (Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320 ...)
	NOT-FOR-US: Netgear
CVE-2016-1555 ((1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) b ...)
	NOT-FOR-US: Netgear
CVE-2016-1554
	RESERVED
CVE-2016-1553
	RESERVED
CVE-2016-1552
	RESERVED
	- hhvm 3.12.1+dfsg-1
	NOTE: https://github.com/facebook/hhvm/commit/979b5b312ffbd56126c52f3dcb6cf8fcab89664f
	NOTE: https://github.com/facebook/hhvm/commit/604689e1565ea6361f9d81f839cd56bdda3b45ed
	NOTE: https://github.com/facebook/hhvm/commit/f21dccdde582c61d5a9b52dd821bcb1f08169d28
CVE-2016-1551 (ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f9 ...)
	- ntp <not-affected> (Does not affect Linux or FreeBSD)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
CVE-2016-1550 (An exploitable vulnerability exists in the message authentication func ...)
	{DSA-3629-1 DLA-559-1}
	- ntp 1:4.2.8p7+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
CVE-2016-1549 (A malicious authenticated peer can create arbitrarily-many ephemeral a ...)
	- ntp 1:4.2.8p7+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
	NOTE: additional significant protection went into ntp-4.2.8p11.
CVE-2016-1548 (An attacker can spoof a packet from a legitimate ntpd server with an o ...)
	{DSA-3629-1 DLA-559-1}
	- ntp 1:4.2.8p7+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
CVE-2016-1547 (An off-path attacker can cause a preemptible client association to be  ...)
	{DSA-3629-1 DLA-559-1}
	- ntp 1:4.2.8p7+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
CVE-2016-1546 (The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, d ...)
	- apache2 2.4.20-1
	[jessie] - apache2 <not-affected> (Vulnerable code not present)
	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: HTTP/2 support introduced in 2.4.17
	NOTE: Upstream commit: http://svn.apache.org/viewvc?view=revision&revision=1733727
	NOTE: Upsteam backport for 2.4.x: http://svn.apache.org/viewvc?view=revision&revision=1734413
CVE-2016-1545
	RESERVED
CVE-2016-1544 (nghttp2 before 1.7.1 allows remote attackers to cause a denial of serv ...)
	- nghttp2 1.7.1-1
	[jessie] - nghttp2 <no-dsa> (Minor issue)
	NOTE: Fix spread across multiple commits: https://github.com/tatsuhiro-t/nghttp2/compare/v1.7.0...v1.7.1
	NOTE: Commits between 1.7.0 and 1.7.1 seem almost limited to this issue, cf.
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1308461#c3
CVE-2016-1543 (The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA ...)
	NOT-FOR-US: BMC
CVE-2016-1542 (The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8. ...)
	NOT-FOR-US: BMC
CVE-2016-1541 (Heap-based buffer overflow in the zip_read_mac_metadata function in ar ...)
	{DSA-3574-1}
	[experimental] - libarchive 3.2.0-1
	- libarchive 3.1.2-11.1 (bug #823893)
	[wheezy] - libarchive <not-affected> (Vulnerable code not present)
	NOTE: keeping the experimental tracking version as well since maintainer said not to merge NMU changelog
	NOTE: http://www.kb.cert.org/vuls/id/862384
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0155/
	NOTE: https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7 (v3.2.0)
	NOTE: Feature added in https://github.com/libarchive/libarchive/commit/1399a59680fa2dfca68764468ed0bcaa0331fde7
CVE-2016-1540
	RESERVED
CVE-2016-1539
	RESERVED
CVE-2016-1538
	RESERVED
CVE-2016-1537
	RESERVED
CVE-2016-1536
	RESERVED
CVE-2016-1535
	RESERVED
CVE-2016-1534
	RESERVED
CVE-2016-1533
	RESERVED
CVE-2016-1532
	RESERVED
CVE-2016-1531 (Exim before 4.86.2, when installed setuid root, allows local users to  ...)
	{DSA-3517-1}
	- exim4 4.86.2-1
	NOTE: https://lists.exim.org/lurker/message/20160302.191005.a72d8433.en.html
CVE-2016-1530
	RESERVED
CVE-2016-1529
	RESERVED
CVE-2016-1528
	RESERVED
CVE-2016-1527
	RESERVED
CVE-2016-1526 (The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graph ...)
	{DSA-3491-1 DSA-3479-1 DSA-3477-1}
	- graphite2 1.3.5-1
	NOTE: http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
	NOTE: Talos Blog mentions this CVE, but it is not listed in
	NOTE: http://talosintel.com/vulnerability-reports/
	- iceweasel 44.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.6.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-14/
CVE-2016-1525 (Directory traversal vulnerability in data/config/image.do in NETGEAR M ...)
	NOT-FOR-US: NETGEAR Management System NMS300
CVE-2016-1524 (Multiple unrestricted file upload vulnerabilities in NETGEAR Managemen ...)
	NOT-FOR-US: NETGEAR Management System NMS300
CVE-2016-1523 (The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Gra ...)
	{DSA-3491-1 DSA-3479-1 DSA-3477-1}
	- graphite2 1.3.5-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0059/
	NOTE: http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
	- iceweasel 44.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.6.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-14/
CVE-2016-1522 (Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefo ...)
	{DSA-3479-1}
	- graphite2 1.3.5-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0057/
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0060/
	NOTE: http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
CVE-2016-1521 (The directrun function in directmachine.cpp in Libgraphite in Graphite ...)
	{DSA-3479-1}
	- graphite2 1.3.5-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0058/
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0061/
	NOTE: http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
CVE-2016-1520 (The Grandstream Wave app 1.0.1.26 and earlier for Android does not use ...)
	NOT-FOR-US: Grandstream Wave app
CVE-2016-1519 (The com.softphone.common package in the Grandstream Wave app 1.0.1.26  ...)
	NOT-FOR-US: Grandstream Wave app
CVE-2016-1518 (The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 a ...)
	NOT-FOR-US: Grandstream Wave app
CVE-2016-1517 (OpenCV 3.0.0 allows remote attackers to cause a denial of service (seg ...)
	[experimental] - opencv 3.4.4+dfsg-1~exp1
	- opencv 3.2.0+dfsg-6 (bug #872043)
	[stretch] - opencv <ignored> (Minor issue)
	[jessie] - opencv <no-dsa> (Minor issue)
	[wheezy] - opencv <no-dsa> (Minor issue)
	NOTE: https://arxiv.org/pdf/1701.04739.pdf
	NOTE: https://github.com/opencv/opencv/issues/5956
CVE-2016-1516 (OpenCV 3.0.0 has a double free issue that allows attackers to execute  ...)
	{DLA-1438-1 DLA-1117-1}
	[experimental] - opencv 3.4.4+dfsg-1~exp1
	- opencv 3.2.0+dfsg-6 (bug #872043)
	[stretch] - opencv <no-dsa> (Minor issue)
	NOTE: https://arxiv.org/pdf/1701.04739.pdf
	NOTE: https://github.com/opencv/opencv/issues/5956
CVE-2016-1515
	REJECTED
CVE-2016-1514
	REJECTED
CVE-2016-1513 (The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote  ...)
	{DLA-591-1}
	- libreoffice 1:4.3.3-1
	NOTE: http://www.openoffice.org/security/cves/CVE-2016-1513.html
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0051/
	NOTE: https://cgit.freedesktop.org/libreoffice/core/commit/?id=fd64d444b730f6cb7216dac8f6e3f9
	NOTE: https://cgit.freedesktop.org/libreoffice/core/commit/?id=adbdac2dd6799789a45cd3b6ca48919889a8b64d (origin/libreoffice-4-3-3)
	NOTE: Fixed at least in 4.3.3 based version, maybe alredy earlier.
CVE-2016-1512
	RESERVED
CVE-2016-1511
	RESERVED
CVE-2016-1510
	RESERVED
CVE-2016-1509
	RESERVED
CVE-2016-1508
	RESERVED
CVE-2016-1507
	RESERVED
CVE-2016-1506
	RESERVED
CVE-2016-1502 (NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to part ...)
	NOT-FOR-US: NetApp
CVE-2016-1497 (The Configuration utility in F5 BIG-IP systems 11.0.x, 11.1.x, 11.2.x  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-1496 (The graphics driver in Huawei P8 smartphones with software GRA-TL00 be ...)
	NOT-FOR-US: Huawei
CVE-2016-1495 (Integer overflow in the graphics drivers in Huawei Mate S smartphones  ...)
	NOT-FOR-US: Huawei
CVE-2016-1564 (Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/cla ...)
	{DSA-3444-1}
	- wordpress 4.4.1+dfsg-1 (bug #810325)
	[squeeze] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/
	NOTE: https://core.trac.wordpress.org/changeset/36185
	NOTE: https://wpvulndb.com/vulnerabilities/8358
	NOTE: https://twitter.com/brutelogic/status/685105483397619713
	NOTE: https://www.openwall.com/lists/oss-security/2016/01/08/3
CVE-2016-1503 (dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x befor ...)
	- dhcpcd5 6.10.1-1 (bug #810621)
	[jessie] - dhcpcd5 <not-affected> (Vulnerable code not present)
	[wheezy] - dhcpcd5 <not-affected> (Vulnerable code not present)
	- dhcpcd <not-affected> (Vulnerable code not present)
	NOTE: https://dev.marples.name/rDHC1475a702df74b120db847991bc011e3441a045b8
	NOTE: https://www.openwall.com/lists/oss-security/2016/01/07/3
	NOTE: dhcpcd 3.2.3-<rev> in squeeze and wheezy differ very much from dhcpcd5 in later Debian versions.
CVE-2016-1504 (dhcpcd before 6.10.0 allows remote attackers to cause a denial of serv ...)
	- dhcpcd5 6.10.1-1 (bug #810620)
	[jessie] - dhcpcd5 <not-affected> (Vulnerable code not present)
	[wheezy] - dhcpcd5 <not-affected> (Vulnerable code not present)
	- dhcpcd <not-affected> (Vulnerable code not present)
	[squeeze] - dhcpcd <not-affected> (Vulnerable code not present)
	NOTE: https://dev.marples.name/rDHC33c03b26c01201152774ef92e7b773281b8d8443
	NOTE: https://www.openwall.com/lists/oss-security/2016/01/07/3
	NOTE: dhcpcd 3.2.3-<rev> in squeeze and wheezy differ very much from dhcpcd5 in later Debian versions.
CVE-2016-XXXX [Missing normalization]
	- ruby-rack-attack 4.3.1-1
	NOTE: https://github.com/kickstarter/rack-attack/commit/76c2e3143099d938883ae5654527b47e9e6a8977
	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/01/07/1
CVE-2016-1501 (ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote authe ...)
	- owncloud 7.0.12~dfsg-2
	[jessie] - owncloud 7.0.4+dfsg-4~deb8u4
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-004
CVE-2016-1500 (ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5 ...)
	[experimental] - owncloud 8.2.2~dfsg-1
	- owncloud 7.0.12~dfsg-1
	[jessie] - owncloud 7.0.4+dfsg-4~deb8u4
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-003
CVE-2016-1499 (ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8. ...)
	[experimental] - owncloud 8.2.2~dfsg-1
	- owncloud 7.0.12~dfsg-2
	[jessie] - owncloud 7.0.4+dfsg-4~deb8u4
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-002
CVE-2016-1498 (Cross-site scripting (XSS) vulnerability in the OCS discovery provider ...)
	[experimental] - owncloud 8.2.2~dfsg-1
	- owncloud 7.0.12~dfsg-1
	[jessie] - owncloud 7.0.4+dfsg-4~deb8u4
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-001
CVE-2016-1493 (Intel Driver Update Utility before 2.4 retrieves driver updates in cle ...)
	NOT-FOR-US: Intel Driver Update Utility
CVE-2016-1492 (The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when  ...)
	NOT-FOR-US: Lenovo
CVE-2016-1491 (The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when conf ...)
	NOT-FOR-US: Lenovo
CVE-2016-1490 (The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows rem ...)
	NOT-FOR-US: Lenovo
CVE-2016-1489 (Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww f ...)
	NOT-FOR-US: Lenovo
CVE-2016-1488 (Cross-site scripting (XSS) vulnerability in the login form in the inte ...)
	NOT-FOR-US: Siemens
CVE-2016-1487 (Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons  ...)
	NOT-FOR-US: Lexmark
CVE-2016-1486 (A vulnerability in the email attachment scanning functionality of the  ...)
	NOT-FOR-US: Siemens OZW OZW672
CVE-2016-1485 (Cross-site scripting (XSS) vulnerability in Cisco Identity Services En ...)
	NOT-FOR-US: Cisco
CVE-2016-1484 (Cisco WebEx Meetings Server 2.6 allows remote attackers to bypass inte ...)
	NOT-FOR-US: Cisco
CVE-2016-1483 (Cisco WebEx Meetings Server 2.6 allows remote attackers to cause a den ...)
	NOT-FOR-US: Cisco
CVE-2016-1482 (Cisco WebEx Meetings Server 2.6 allows remote attackers to execute arb ...)
	NOT-FOR-US: Cisco
CVE-2016-1481 (A vulnerability in the email message filtering feature of Cisco AsyncO ...)
	NOT-FOR-US: Cisco
CVE-2016-1480 (A vulnerability in the Multipurpose Internet Mail Extensions (MIME) sc ...)
	NOT-FOR-US: Cisco
CVE-2016-1479 (Cisco IP Phone 8800 devices with software 11.0(1) allow remote attacke ...)
	NOT-FOR-US: Cisco
CVE-2016-1478 (Cisco IOS 15.5(3)S3, 15.6(1)S2, 15.6(2)S1, and 15.6(2)T1 does not prop ...)
	NOT-FOR-US: Cisco
CVE-2016-1477 (Cisco Connected Streaming Analytics 1.1.1 allows remote authenticated  ...)
	NOT-FOR-US: Cisco
CVE-2016-1476 (Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 device ...)
	NOT-FOR-US: Cisco
CVE-2016-1475
	RESERVED
CVE-2016-1474 (Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IF ...)
	NOT-FOR-US: Cisco
CVE-2016-1473 (Cisco Small Business 220 devices with firmware before 1.0.1.1 have a h ...)
	NOT-FOR-US: Cisco
CVE-2016-1472 (The web-based management interface on Cisco Small Business 220 devices ...)
	NOT-FOR-US: Cisco
CVE-2016-1471 (Cross-site scripting (XSS) vulnerability in the web-based management i ...)
	NOT-FOR-US: Cisco
CVE-2016-1470 (Cross-site request forgery (CSRF) vulnerability in the web-based manag ...)
	NOT-FOR-US: Cisco
CVE-2016-1469 (The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows  ...)
	NOT-FOR-US: Cisco
CVE-2016-1468 (The administrative web interface in Cisco TelePresence Video Communica ...)
	NOT-FOR-US: Cisco
CVE-2016-1467 (Cisco Videoscape Session Resource Manager (VSRM) allows remote attacke ...)
	NOT-FOR-US: Cisco
CVE-2016-1466 (Cisco Unified Communications Manager IM and Presence Service 9.1(1) SU ...)
	NOT-FOR-US: Cisco
CVE-2016-1465 (Cisco Nexus 1000v Application Virtual Switch (AVS) devices before 5.2( ...)
	NOT-FOR-US: Cisco
CVE-2016-1464 (Cisco WebEx Meetings Player T29.10, when WRF file support is enabled,  ...)
	NOT-FOR-US: Cisco
CVE-2016-1463 (Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 al ...)
	NOT-FOR-US: Cisco
CVE-2016-1462 (Cross-site scripting (XSS) vulnerability in the web-based management i ...)
	NOT-FOR-US: Cisco
CVE-2016-1461 (Cisco AsyncOS on Email Security Appliance (ESA) devices through 9.7.0- ...)
	NOT-FOR-US: Cisco
CVE-2016-1460 (Cisco Wireless LAN Controller (WLC) devices 7.4(121.0) and 8.0(0.30220 ...)
	NOT-FOR-US: Cisco
CVE-2016-1459 (Cisco IOS 12.4 and 15.0 through 15.5 and IOS XE 3.13 through 3.17 allo ...)
	NOT-FOR-US: Cisco
CVE-2016-1458 (The web-based GUI in Cisco Firepower Management Center 4.x and 5.x bef ...)
	NOT-FOR-US: Cisco
CVE-2016-1457 (The web-based GUI in Cisco Firepower Management Center 4.x and 5.x bef ...)
	NOT-FOR-US: Cisco
CVE-2016-1456 (The CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to execut ...)
	NOT-FOR-US: Cisco
CVE-2016-1455 (Cisco NX-OS before 7.0(3)I2(2e) and 7.0(3)I4 before 7.0(3)I4(1) has an ...)
	NOT-FOR-US: Cisco
CVE-2016-1454 (Cisco NX-OS 4.0 through 7.3 and 11.0 through 11.2 on 1000v, 2000, 3000 ...)
	NOT-FOR-US: Cisco
CVE-2016-1453 (Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feat ...)
	NOT-FOR-US: Cisco
CVE-2016-1452 (Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote  ...)
	NOT-FOR-US: Cisco
CVE-2016-1451 (Cross-site scripting (XSS) vulnerability in the web-based management i ...)
	NOT-FOR-US: Cisco
CVE-2016-1450 (Cisco WebEx Meetings Server 2.6 allows remote authenticated users to c ...)
	NOT-FOR-US: Cisco WebEx
CVE-2016-1449 (Cross-site scripting (XSS) vulnerability in Cisco WebEx Meetings Serve ...)
	NOT-FOR-US: Cisco WebEx
CVE-2016-1448 (Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meeting ...)
	NOT-FOR-US: Cisco WebEx
CVE-2016-1447 (Cross-site scripting (XSS) vulnerability in the administrator interfac ...)
	NOT-FOR-US: Cisco WebEx
CVE-2016-1446 (SQL injection vulnerability in Cisco WebEx Meetings Server 2.6 allows  ...)
	NOT-FOR-US: Cisco WebEx
CVE-2016-1445 (Cisco Adaptive Security Appliance (ASA) Software 8.2 through 9.4.3.3 a ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2016-1444 (The Mobile and Remote Access (MRA) component in Cisco TelePresence Vid ...)
	NOT-FOR-US: Cisco
CVE-2016-1443 (The virtual network stack on Cisco AMP Threat Grid Appliance devices b ...)
	NOT-FOR-US: Cisco
CVE-2016-1442 (The administrative web interface in Cisco Prime Infrastructure (PI) be ...)
	NOT-FOR-US: Cisco
CVE-2016-1441 (Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Conf ...)
	NOT-FOR-US: Cisco
CVE-2016-1440 (The proxy process on Cisco Web Security Appliance (WSA) devices throug ...)
	NOT-FOR-US: Cisco
CVE-2016-1439 (Cross-site scripting (XSS) vulnerability in the management interface i ...)
	NOT-FOR-US: Cisco
CVE-2016-1438 (Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allo ...)
	NOT-FOR-US: Cisco
CVE-2016-1437 (SQL injection vulnerability in the SQL database in Cisco Prime Collabo ...)
	NOT-FOR-US: Cisco
CVE-2016-1436 (The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) im ...)
	NOT-FOR-US: Cisco
CVE-2016-1435 (Cisco 8800 phones with software 11.0(1) do not properly enforce mounte ...)
	NOT-FOR-US: Cisco
CVE-2016-1434 (The license-certificate upload functionality on Cisco 8800 phones with ...)
	NOT-FOR-US: Cisco
CVE-2016-1433 (Cisco IOS XR 6.0 and 6.0.1 on NCS 6000 devices allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2016-1432 (Cisco IOS XE 3.15S and 3.16S on cBR-8 Converged Broadband Router devic ...)
	NOT-FOR-US: Cisco
CVE-2016-1431 (Cross-site scripting (XSS) vulnerability in Cisco Firepower Management ...)
	NOT-FOR-US: Cisco
CVE-2016-1430 (Cisco RV180 and RV180W devices allow remote authenticated users to exe ...)
	NOT-FOR-US: Cisco
CVE-2016-1429 (Directory traversal vulnerability in the web interface on Cisco RV180  ...)
	NOT-FOR-US: Cisco
CVE-2016-1428 (Double free vulnerability in Cisco IOS XE 3.15S, 3.16S, and 3.17S allo ...)
	NOT-FOR-US: Cisco IOS
CVE-2016-1427 (The System Configuration Protocol (SCP) core messaging interface in Ci ...)
	NOT-FOR-US: Cisco Prime Network Registrar
CVE-2016-1426 (Cisco IOS XR 5.x through 5.2.5 on NCS 6000 devices allows remote attac ...)
	NOT-FOR-US: Cisco IOS
CVE-2016-1425 (Cisco IOS 15.0(2)SG5, 15.1(2)SG3, 15.2(1)E, 15.3(3)S, and 15.4(1.13)S  ...)
	NOT-FOR-US: Cisco IOS
CVE-2016-1424 (Cisco IOS 15.2(1)T1.11 and 15.2(2)TST allows remote attackers to cause ...)
	NOT-FOR-US: Cisco IOS
CVE-2016-1423 (A vulnerability in the display of email messages in the Messages in Qu ...)
	NOT-FOR-US: Cisco ESA
CVE-2016-1422
	RESERVED
CVE-2016-1421 (A vulnerability in the web application for Cisco IP Phones could allow ...)
	NOT-FOR-US: Cisco
CVE-2016-1420 (The installation component on Cisco Application Policy Infrastructure  ...)
	NOT-FOR-US: Cisco
CVE-2016-1419 (Cisco Access Point devices with software 8.2(102.43) allow remote atta ...)
	NOT-FOR-US: Cisco
CVE-2016-1418 (Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 1850e, ...)
	NOT-FOR-US: Cisco
CVE-2016-1417 (Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remo ...)
	NOT-FOR-US: Cisco
CVE-2016-1416 (Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mis ...)
	NOT-FOR-US: Cisco Prime
CVE-2016-1415 (Cisco WebEx Meetings Player T29.10, when WRF file support is enabled,  ...)
	NOT-FOR-US: Cisco
CVE-2016-1414
	RESERVED
CVE-2016-1413 (The web interface in Cisco Firepower Management Center 5.4.0 through 6 ...)
	NOT-FOR-US: Cisco
CVE-2016-1412
	RESERVED
CVE-2016-1411 (A vulnerability in the update functionality of Cisco AsyncOS Software  ...)
	NOT-FOR-US: Cisco
CVE-2016-1410 (Cisco WebEx Meeting Center Original Release Base allows remote attacke ...)
	NOT-FOR-US: Cisco
CVE-2016-1409 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack  ...)
	NOT-FOR-US: Cisco
CVE-2016-1408 (Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Ne ...)
	NOT-FOR-US: Cisco
CVE-2016-1407 (Cisco IOS XR through 5.3.2 mishandles Local Packet Transport Services  ...)
	NOT-FOR-US: Cisco
CVE-2016-1406 (The API web interface in Cisco Prime Infrastructure before 3.1 and Cis ...)
	NOT-FOR-US: Cisco
CVE-2016-1405 (libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware  ...)
	- clamav 0.99+dfsg-1
CVE-2016-1404 (Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invict ...)
	NOT-FOR-US: Cisco
CVE-2016-1403 (CISCO IP 8800 phones with software 11.0.1 and earlier allow local user ...)
	NOT-FOR-US: Cisco
CVE-2016-1402 (The Active Directory (AD) integration component in Cisco Identity Serv ...)
	NOT-FOR-US: Cisco
CVE-2016-1401 (Cross-site scripting (XSS) vulnerability in the management interface i ...)
	NOT-FOR-US: Cisco
CVE-2016-1400 (Cisco TelePresence Video Communications Server (VCS) X8.x before X8.7. ...)
	NOT-FOR-US: Cisco
CVE-2016-1399 (The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, 15 ...)
	NOT-FOR-US: Cisco
CVE-2016-1398 (Buffer overflow in the web-based management interface on Cisco RV110W  ...)
	NOT-FOR-US: Cisco
CVE-2016-1397 (Buffer overflow in the web-based management interface on Cisco RV110W  ...)
	NOT-FOR-US: Cisco
CVE-2016-1396 (Cross-site scripting (XSS) vulnerability in the web-based management i ...)
	NOT-FOR-US: Cisco
CVE-2016-1395 (The web-based management interface on Cisco RV110W devices with firmwa ...)
	NOT-FOR-US: Cisco
CVE-2016-1394 (Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded ac ...)
	NOT-FOR-US: Cisco Firepower System Software
CVE-2016-1393 (SQL injection vulnerability in Cisco Cloud Network Automation Provisio ...)
	NOT-FOR-US: Cisco
CVE-2016-1392 (Open redirect vulnerability in Cisco Prime Collaboration Assurance Sof ...)
	NOT-FOR-US: Cisco
CVE-2016-1391 (Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-fi ...)
	NOT-FOR-US: Cisco
CVE-2016-1390 (Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-fi ...)
	NOT-FOR-US: Cisco
CVE-2016-1389 (Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6  ...)
	NOT-FOR-US: Cisco
CVE-2016-1388 (Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-fi ...)
	NOT-FOR-US: Cisco
CVE-2016-1387 (The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3 ...)
	NOT-FOR-US: Cisco
CVE-2016-1386 (The API in Cisco Application Policy Infrastructure Controller Enterpri ...)
	NOT-FOR-US: Cisco
CVE-2016-1385 (The XML parser in Cisco Adaptive Security Appliance (ASA) Software thr ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2016-1384 (The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 throu ...)
	NOT-FOR-US: Cisco
CVE-2016-1383 (Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance (WS ...)
	NOT-FOR-US: Cisco
CVE-2016-1382 (Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security App ...)
	NOT-FOR-US: Cisco
CVE-2016-1381 (Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web S ...)
	NOT-FOR-US: Cisco
CVE-2016-1380 (Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) dev ...)
	NOT-FOR-US: Cisco
CVE-2016-1379 (Cisco Adaptive Security Appliance (ASA) Software 9.0 through 9.5.1 mis ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2016-1378 (Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote attacker ...)
	NOT-FOR-US: Cisco IOS
CVE-2016-1377 (Cross-site scripting (XSS) vulnerability in Cisco Unity Connection thr ...)
	NOT-FOR-US: Cisco
CVE-2016-1376 (Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 devices allows ...)
	NOT-FOR-US: Cisco
CVE-2016-1375 (Cross-site scripting (XSS) vulnerability in Cisco IP Interoperability  ...)
	NOT-FOR-US: Cisco
CVE-2016-1374 (The web framework in Cisco Unified Computing System (UCS) Performance  ...)
	NOT-FOR-US: Cisco
CVE-2016-1373 (The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8. ...)
	NOT-FOR-US: Cisco
CVE-2016-1372 (ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to c ...)
	{DLA-546-1}
	- clamav 0.99.2+dfsg-1
	[jessie] - clamav 0.99.2+dfsg-0+deb8u1
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11514
	NOTE: https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/
CVE-2016-1371 (ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to c ...)
	{DLA-546-1}
	- clamav 0.99.2+dfsg-1
	[jessie] - clamav 0.99.2+dfsg-0+deb8u1
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11514
	NOTE: https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/
CVE-2016-1370 (Cisco Prime Network Analysis Module (NAM) before 6.2(1-b) miscalculate ...)
	NOT-FOR-US: Cisco
CVE-2016-1369 (The Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Servic ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2016-1368 (Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x throug ...)
	NOT-FOR-US: Cisco
CVE-2016-1367 (The DHCPv6 relay implementation in Cisco Adaptive Security Appliance ( ...)
	NOT-FOR-US: Cisco
CVE-2016-1366 (The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Networ ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2016-1365 (The Grapevine update process in Cisco Application Policy Infrastructur ...)
	NOT-FOR-US: Cisco
CVE-2016-1364 (Cisco Wireless LAN Controller (WLC) Software 7.4 before 7.4.130.0(MD)  ...)
	NOT-FOR-US: Cisco
CVE-2016-1363 (Buffer overflow in the redirection functionality in Cisco Wireless LAN ...)
	NOT-FOR-US: Cisco
CVE-2016-1362 (Cisco AireOS 4.1 through 7.4.120.0, 7.5.x, and 7.6.100.0 on Wireless L ...)
	NOT-FOR-US: Cisco
CVE-2016-1361 (Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 device ...)
	NOT-FOR-US: Cisco
CVE-2016-1360 (Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same  ...)
	NOT-FOR-US: Cisco
CVE-2016-1359 (Cisco Prime Infrastructure 3.0 allows remote authenticated users to ex ...)
	NOT-FOR-US: Cisco
CVE-2016-1358 (Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authen ...)
	NOT-FOR-US: Cisco
CVE-2016-1357 (The password-management administration component in Cisco Policy Suite ...)
	NOT-FOR-US: Cisco
CVE-2016-1356 (Cisco FireSIGHT System Software 6.1.0 does not use a constant-time alg ...)
	NOT-FOR-US: Cisco
CVE-2016-1355 (Cross-site scripting (XSS) vulnerability in the Device Management UI i ...)
	NOT-FOR-US: Cisco
CVE-2016-1354 (Cross-site scripting (XSS) vulnerability in Cisco Unified Communicatio ...)
	NOT-FOR-US: Cisco
CVE-2016-1353 (The TCP implementation in Cisco Videoscape Distribution Suite for Inte ...)
	NOT-FOR-US: Cisco Videoscape Distribution Suite
CVE-2016-1352 (Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earl ...)
	NOT-FOR-US: Cisco
CVE-2016-1351 (The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS  ...)
	NOT-FOR-US: Cisco
CVE-2016-1350 (Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unif ...)
	NOT-FOR-US: Cisco
CVE-2016-1349 (The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 1 ...)
	NOT-FOR-US: Cisco
CVE-2016-1348 (Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote a ...)
	NOT-FOR-US: Cisco
CVE-2016-1347 (The Wide Area Application Services (WAAS) Express implementation in Ci ...)
	NOT-FOR-US: Cisco IOS
CVE-2016-1346 (The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobil ...)
	NOT-FOR-US: Cisco
CVE-2016-1345 (Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FireP ...)
	NOT-FOR-US: Cisco Firepower
CVE-2016-1344 (The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 ...)
	NOT-FOR-US: Cisco IOS
CVE-2016-1343 (The XML parser in Cisco Information Server (CIS) 6.2 allows remote att ...)
	NOT-FOR-US: Cisco
CVE-2016-1342 (The device login page in Cisco FirePOWER Management Center 5.3 through ...)
	NOT-FOR-US: Cisco
CVE-2016-1341 (Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fa ...)
	NOT-FOR-US: Cisco
CVE-2016-1340 (Heap-based buffer overflow in Cisco Unified Computing System (UCS) Pla ...)
	NOT-FOR-US: Cisco
CVE-2016-1339 (Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0( ...)
	NOT-FOR-US: Cisco
CVE-2016-1338 (Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2  ...)
	NOT-FOR-US: Cisco
CVE-2016-1337 (Cisco EPC3928 devices allow remote attackers to obtain sensitive confi ...)
	NOT-FOR-US: Cisco
CVE-2016-1336 (goform/Docsis_system on Cisco EPC3928 devices allows remote attackers  ...)
	NOT-FOR-US: Cisco
CVE-2016-1335 (The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x b ...)
	NOT-FOR-US: Cisco StarOS
CVE-2016-1334 (Cisco Small Business 500 Wireless Access Point devices with firmware 1 ...)
	NOT-FOR-US: Cisco
CVE-2016-1333 (Cisco IOS 15.5(3)M and 15.6(1)T0a on Cisco 1000 Connected Grid routers ...)
	NOT-FOR-US: Cisco IOS
CVE-2016-1332
	REJECTED
CVE-2016-1331 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency ...)
	NOT-FOR-US: Cisco Emergency Responder
CVE-2016-1330 (Cisco IOS 15.2(4)E on Industrial Ethernet 2000 devices allows remote a ...)
	NOT-FOR-US: Cisco IOS
CVE-2016-1329 (Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and  ...)
	NOT-FOR-US: Cisco Nexus
CVE-2016-1328 (goform/WClientMACList on Cisco EPC3928 devices allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2016-1327 (Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices ...)
	NOT-FOR-US: Cisco
CVE-2016-1326 (The administration interface on Cisco DPQ3925 devices with firmware r1 ...)
	NOT-FOR-US: Cisco
CVE-2016-1325 (The administration interface on Cisco DPC3939B and DPC3941 devices all ...)
	NOT-FOR-US: Cisco
CVE-2016-1324 (The REST interface in Cisco Spark 2015-06 allows remote attackers to c ...)
	NOT-FOR-US: Cisco Spark
CVE-2016-1323 (The REST interface in Cisco Spark 2015-06 allows remote authenticated  ...)
	NOT-FOR-US: Cisco Spark
CVE-2016-1322 (The REST interface in Cisco Spark 2015-07-04 allows remote attackers t ...)
	NOT-FOR-US: Cisco Spark
CVE-2016-1321 (Cisco Universal Small Cell devices with firmware R2.12 through R3.5 co ...)
	NOT-FOR-US: Cisco
CVE-2016-1320 (The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users t ...)
	NOT-FOR-US: Cisco
CVE-2016-1319 (Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28) ...)
	NOT-FOR-US: Cisco
CVE-2016-1318 (Cross-site scripting (XSS) vulnerability in Cisco Application Policy I ...)
	NOT-FOR-US: Cisco
CVE-2016-1317 (Cisco Unified Communications Manager 11.5(0.98000.480) allows remote a ...)
	NOT-FOR-US: Cisco
CVE-2016-1316 (Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, ...)
	NOT-FOR-US: Cisco
CVE-2016-1315 (The proxy engine in Cisco Advanced Malware Protection (AMP), when used ...)
	NOT-FOR-US: Cisco
CVE-2016-1314 (Cross-site scripting (XSS) vulnerability in Cisco Unified Communicatio ...)
	NOT-FOR-US: Cisco
CVE-2016-1313 (Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta S ...)
	NOT-FOR-US: Cisco
CVE-2016-1312 (The HTTPS inspection engine in the Content Security and Control Securi ...)
	NOT-FOR-US: Cisco
CVE-2016-1311 (Cross-site scripting (XSS) vulnerability in the management interface i ...)
	NOT-FOR-US: Cisco
CVE-2016-1310 (Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 11. ...)
	NOT-FOR-US: Cisco
CVE-2016-1309 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Mee ...)
	NOT-FOR-US: Cisco
CVE-2016-1308 (SQL injection vulnerability in Cisco Unified Communications Manager 10 ...)
	NOT-FOR-US: Cisco
CVE-2016-1307 (The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and U ...)
	NOT-FOR-US: Cisco
CVE-2016-1306 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Fog Direc ...)
	NOT-FOR-US: Cisco
CVE-2016-1305 (Cross-site scripting (XSS) vulnerability in Cisco Application Policy I ...)
	NOT-FOR-US: Cisco
CVE-2016-1304 (Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10. ...)
	NOT-FOR-US: Cisco
CVE-2016-1303 (The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote ...)
	NOT-FOR-US: Cisco
CVE-2016-1302 (Cisco Application Policy Infrastructure Controller (APIC) devices with ...)
	NOT-FOR-US: Cisco
CVE-2016-1301 (The RBAC implementation in Cisco ASA-CX Content-Aware Security softwar ...)
	NOT-FOR-US: Cisco
CVE-2016-1300 (Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC ...)
	NOT-FOR-US: Cisco
CVE-2016-1299 (The web-management GUI implementation on Cisco Small Business SG300 de ...)
	NOT-FOR-US: Cisco
CVE-2016-1298 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified C ...)
	NOT-FOR-US: Cisco
CVE-2016-1297 (The Device Manager GUI in Cisco Application Control Engine (ACE) 4710  ...)
	NOT-FOR-US: Cisco
CVE-2016-1296 (The proxy engine on Cisco Web Security Appliance (WSA) devices with so ...)
	NOT-FOR-US: Cisco
CVE-2016-1295 (Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote att ...)
	NOT-FOR-US: Cisco
CVE-2016-1294 (Cross-site scripting (XSS) vulnerability in the Management Center in C ...)
	NOT-FOR-US: Cisco
CVE-2016-1293 (Multiple cross-site scripting (XSS) vulnerabilities in the Management  ...)
	NOT-FOR-US: Cisco
CVE-2016-1292
	RESERVED
CVE-2016-1291 (Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Prog ...)
	NOT-FOR-US: Cisco
CVE-2016-1290 (The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cis ...)
	NOT-FOR-US: Cisco
CVE-2016-1289 (The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Prog ...)
	NOT-FOR-US: Cisco Prime
CVE-2016-1288 (The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x befo ...)
	NOT-FOR-US: Cisco Web Security Appliance
CVE-2016-1287 (Buffer overflow in the IKEv1 and IKEv2 implementations in Cisco ASA So ...)
	NOT-FOR-US: Cisco ASA
CVE-2016-1286 (named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allo ...)
	{DSA-3511-1}
	- bind9 1:9.10.3.dfsg.P4-6
	NOTE: https://kb.isc.org/article/AA-01353
CVE-2016-1285 (named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does ...)
	{DSA-3511-1}
	- bind9 1:9.10.3.dfsg.P4-6
	NOTE: https://kb.isc.org/article/AA-01352
CVE-2016-1284 (rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9. ...)
	- bind9 <not-affected> (Only Supported Preview Edition/Subscription Edition)
	NOTE: https://kb.isc.org/article/AA-01348
CVE-2016-1505 (The filesystem storage backend in Radicale before 1.1 on Windows allow ...)
	- radicale <not-affected> (Only an issue on MS Windows)
CVE-2016-1494 (The verify function in the RSA package for Python (Python-RSA) before  ...)
	- python-rsa 3.2.3-1.1 (bug #809980)
	[jessie] - python-rsa 3.1.4-1+deb8u1
	NOTE: proposed fix: https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by/diff
	NOTE: https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/
CVE-2016-1282
	RESERVED
CVE-2016-1281 (Untrusted search path vulnerability in the installer for TrueCrypt 7.2 ...)
	NOT-FOR-US: Truecrypt
CVE-2016-1283 (The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles t ...)
	- pcre3 2:8.38-3.1 (bug #809706)
	[jessie] - pcre3 2:8.35-3.3+deb8u3
	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
	[squeeze] - pcre3 <not-affected> (Vulnerable code not present)
	NOTE: Introduced after http://vcs.pcre.org/pcre?view=revision&revision=1361
	- pcre2 <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1767
	NOTE: Upstream fix: http://vcs.pcre.org/pcre?view=revision&revision=1636
CVE-2016-1280 (PKId in Juniper Junos OS before 12.1X44-D52, 12.1X46 before 12.1X46-D3 ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1279 (J-Web in Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 bef ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1278 (Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to " ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1277 (Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D40, 12.3X ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1276 (Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D23, 12.3X ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1275 (Juniper Junos OS before 13.3R9, 14.1R6 before 14.1R6-S1, and 14.1 befo ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1274 (Juniper Junos OS 14.1X53 before 14.1X53-D30 on QFX Series switches all ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1273 (Juniper Junos OS before 13.2X51-D40, 14.x before 14.1X53-D30, and 15.x ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1272
	RESERVED
CVE-2016-1271 (Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3  ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1270 (The rpd daemon in Juniper Junos OS before 12.1X44-D60, 12.1X46 before  ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1269 (Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D40, 12.1X ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1268 (The administrative web services interface in Juniper ScreenOS before 6 ...)
	NOT-FOR-US: Juniper ScreenOS
CVE-2016-1267 (Race condition in the RPC functionality in Juniper Junos OS before 12. ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1266
	RESERVED
CVE-2016-1265 (A remote unauthenticated network based attacker with access to Junos S ...)
	NOT-FOR-US: Juniper
CVE-2016-1264 (Race condition in the Op command in Juniper Junos OS before 12.1X44-D5 ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1263 (Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before 12.1X ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1262 (Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.1X ...)
	NOT-FOR-US: Juniper
CVE-2016-1261 (J-Web does not validate certain input that may lead to cross-site requ ...)
	NOT-FOR-US: Juniper
CVE-2016-1260 (Juniper Junos OS before 13.2X51-D36, 14.1X53 before 14.1X53-D25, and 1 ...)
	NOT-FOR-US: Juniper
CVE-2016-1259
	RESERVED
CVE-2016-1258 (Embedthis Appweb, as used in J-Web in Juniper Junos OS before 12.1X44- ...)
	NOT-FOR-US: Juniper
CVE-2016-1257 (The Routing Engine in Juniper Junos OS 13.2R5 through 13.2R8, 13.3R1 b ...)
	NOT-FOR-US: Juniper
CVE-2016-1256 (Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X ...)
	NOT-FOR-US: Juniper
CVE-2016-1255 (The pg_ctlcluster script in postgresql-common package in Debian wheezy ...)
	{DLA-774-1}
	- postgresql-common 178
	[jessie] - postgresql-common 165+deb8u2
	NOTE: Fix: https://anonscm.debian.org/cgit/pkg-postgresql/postgresql-common.git/commit/?id=c8989206ec360f199400c74f129f7b4cb878c1ee
	NOTE: Testsuite update: https://anonscm.debian.org/cgit/pkg-postgresql/postgresql-common.git/commit/?id=30f0e4200cfc358b4536bf5d1f6c48abb779d438
CVE-2016-1254 (Tor before 0.2.8.12 might allow remote attackers to cause a denial of  ...)
	{DSA-3741-1 DLA-754-1}
	- tor 0.2.9.8-2 (bug #848847)
	NOTE: https://blog.torproject.org/blog/tor-02812-released
	NOTE: https://trac.torproject.org/projects/tor/ticket/21018
CVE-2016-1253 (The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie  ...)
	{DLA-745-1}
	- most 5.0.0a-3 (bug #848132)
	[jessie] - most 5.0.0a-2.3+deb8u1
CVE-2016-1252 (The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable  ...)
	{DSA-3733-1}
	- apt 1.4~beta2
	[wheezy] - apt <not-affected> (Issue introduced in apt >= 0.9.8)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1647467
CVE-2016-1251 (There is a vulnerability of type use-after-free affecting DBD::mysql ( ...)
	- libdbd-mysql-perl 4.041-1
	[jessie] - libdbd-mysql-perl <no-dsa> (Minor issue)
	[wheezy] - libdbd-mysql-perl <no-dsa> (Minor issue)
	NOTE: Only an issue with mysql_server_prepare=1
	NOTE: https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1 (4.041)
CVE-2016-1250
	REJECTED
CVE-2016-1249 (The DBD::mysql module before 4.039 for Perl, when using server-side pr ...)
	- libdbd-mysql-perl 4.039-1 (bug #844475)
	[jessie] - libdbd-mysql-perl <no-dsa> (Minor issue)
	[wheezy] - libdbd-mysql-perl <no-dsa> (Minor issue)
	NOTE: https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe (4.039)
	NOTE: https://www.openwall.com/lists/oss-security/2016/11/16/1
CVE-2016-1248 (vim before patch 8.0.0056 does not properly validate values for the 'f ...)
	{DSA-3722-1 DLA-718-1}
	- vim 2:8.0.0095-1
	- neovim 0.1.6-4
	NOTE: Fixed by: https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a
	NOTE: Fixed by (neovim): https://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040
CVE-2016-1247 (The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx pa ...)
	{DSA-3701-1}
	- nginx 1.10.2-1 (bug #842295)
	[wheezy] - nginx <not-affected> (Introduced by the fix for CVE-2013-0337, not applied)
	NOTE: Issue introduced with the Debian specific fix for CVE-2013-0337 / #701112
	NOTE: http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html
CVE-2016-1246 (Buffer overflow in the DBD::mysql module before 4.037 for Perl allows  ...)
	{DSA-3684-1 DLA-656-1}
	- libdbd-mysql-perl 4.037-1 (low)
	NOTE: https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2 (4.037)
CVE-2016-1245 (It was discovered that the zebra daemon in Quagga before 1.0.20161017  ...)
	{DSA-3695-1 DLA-662-1}
	- quagga 1.0.20160315-3 (bug #841162)
	NOTE: Fixed by: https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546
	NOTE: https://lists.quagga.net/pipermail/quagga-users/2016-October/014478.html
CVE-2016-1244 (The extractTree function in unADF allows remote attackers to execute a ...)
	{DSA-3676-1 DLA-631-1}
	- unadf 0.7.11a-4 (bug #838248)
CVE-2016-1243 (Stack-based buffer overflow in the extractTree function in unADF allow ...)
	{DSA-3676-1 DLA-631-1}
	- unadf 0.7.11a-4 (bug #838248)
CVE-2016-1242 (file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3 ...)
	{DSA-3656-1 DLA-607-1}
	- tryton-server 4.0.4-1
CVE-2016-1241 (Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3. ...)
	{DSA-3656-1}
	- tryton-server 4.0.4-1
	[wheezy] - tryton-server <not-affected> (password_hash field introduced in 3.2 series)
CVE-2016-1240 (The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 a ...)
	{DSA-3670-1 DSA-3669-1 DLA-623-1 DLA-622-1}
	- tomcat8 8.0.36-3
	- tomcat7 7.0.70-3
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
CVE-2016-1239 [loads arbitrary code from the current untrusted directory]
	RESERVED
	- duck 0.10
	[jessie] - duck 0.7+deb8u1
	NOTE: https://anonscm.debian.org/cgit/collab-maint/duck.git/commit/?id=b43b5bbf07973c54b8f1c581a941f4facc97177a (0.10)
CVE-2016-1238 ((1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3)  ...)
	{DSA-3628-1 DLA-1578-1 DLA-584-1 DLA-565-1}
	- perl 5.22.2-3
	- libsys-syslog-perl <removed>
	[jessie] - libsys-syslog-perl 0.33-1+deb8u1
	NOTE: http://article.gmane.org/gmane.comp.lang.perl.perl5.porters/160507
	NOTE: Although more modules and scripts are affected by similar issue and mentioned
	NOTE: in the DSA/DLA, the CVE is for src:perl (and libsys-syslog-perl beeing dual-lived)
	NOTE: and thus not adding more source packages here.
CVE-2016-1237 (nfsd in the Linux kernel through 4.6.3 allows local users to bypass in ...)
	{DSA-3607-1}
	- linux 4.6.2-2
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced by: https://git.kernel.org/linus/4ac7249ea5a0ceef9f8269f63f33cc873c3fac61 (v3.14-rc1)
	NOTE: Prerequisite: https://git.kernel.org/linus/485e71e8fb6356c08c7fc6bcce4bf02c9a9a663f
	NOTE: Fixed by: https://git.kernel.org/linus/999653786df6954a31044528ac3f7a5dadca08f4
CVE-2016-1236 (Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.ph ...)
	{DSA-3572-1 DLA-462-1}
	- websvn <removed>
	NOTE: https://www.openwall.com/lists/oss-security/2016/05/05/22
CVE-2016-1235 (The oarsh script in OAR before 2.5.7 allows remote authenticated users ...)
	{DSA-3543-1}
	- oar 2.5.7-1 (bug #819952)
	NOTE: https://raw.githubusercontent.com/oar-team/oar/ce77ffed620fdce94881c9b35064507777c24a1c/debian/patches/004-fix-oarsh-security-issue
CVE-2016-1234 (Stack-based buffer overflow in the glob implementation in GNU C Librar ...)
	{DLA-494-1}
	- glibc 2.22-8
	[jessie] - glibc 2.19-18+deb8u5
	- eglibc <removed>
	[wheezy] - eglibc <no-dsa> (Minor issue, can be fixed in a point update)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=19779
CVE-2016-1233 (An unspecified udev rule in the Debian fuse package in jessie before 2 ...)
	{DSA-3451-1}
	- fuse 2.9.5-1
	[wheezy] - fuse <not-affected> (Problematic permissions via udev rule not set)
	[squeeze] - fuse <not-affected> (Problematic permissions via udev rule not set)
CVE-2016-1232 (The mod_dialback module in Prosody before 0.9.9 does not properly gene ...)
	{DSA-3439-1 DLA-391-1}
	- prosody 0.9.9-1
	NOTE: https://prosody.im/security/advisory_20160108-2/
CVE-2016-1231 (Directory traversal vulnerability in the HTTP file-serving module (mod ...)
	{DSA-3439-1}
	- prosody 0.9.9-1
	[squeeze] - prosody <not-affected> (Vulnerable code not present)
	NOTE: https://prosody.im/security/advisory_20160108-1/
CVE-2016-1230 (Cross-site scripting (XSS) vulnerability in NTT PC Communications WebA ...)
	NOT-FOR-US: NTT
CVE-2016-1229 (Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 throu ...)
	NOT-FOR-US: HumHub
CVE-2016-1228 (Cross-site request forgery (CSRF) vulnerability on NTT EAST Hikari Den ...)
	NOT-FOR-US: NTT
CVE-2016-1227 (NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV ...)
	NOT-FOR-US: NTT
CVE-2016-1226 (Cross-site scripting (XSS) vulnerability in Trend Micro Internet Secur ...)
	NOT-FOR-US: Trend Micro
CVE-2016-1225 (Trend Micro Internet Security 8 and 10 allows remote attackers to read ...)
	NOT-FOR-US: Trend Micro
CVE-2016-1224 (CRLF injection vulnerability in Trend Micro Worry-Free Business Securi ...)
	NOT-FOR-US: Trend Micro
CVE-2016-1223 (Directory traversal vulnerability in Trend Micro Office Scan 11.0, Wor ...)
	NOT-FOR-US: Trend Micro
CVE-2016-1222 (Cross-site scripting (XSS) vulnerability in Kobe Beauty php-contact-fo ...)
	NOT-FOR-US: Kobe Beauty
CVE-2016-1221 (Jetstar App for iOS before 3.0.0 does not verify X.509 certificates fr ...)
	NOT-FOR-US: Jetstar App
CVE-2016-1220 (Cybozu Garoon before 4.2.2 does not properly restrict access. ...)
	NOT-FOR-US: Cybozu
CVE-2016-1219 (Cybozu Garoon before 4.2.2 allows remote attackers to bypass login aut ...)
	NOT-FOR-US: Cybozu
CVE-2016-1218 (SQL injection vulnerability in Cybozu Garoon before 4.2.2. ...)
	NOT-FOR-US: Cybozu
CVE-2016-1217 (Cross-site scripting (XSS) vulnerability in the "Check available times ...)
	NOT-FOR-US: Cybozu
CVE-2016-1216 (Cross-site scripting (XSS) vulnerability in the "New appointment" func ...)
	NOT-FOR-US: Cybozu
CVE-2016-1215 (Cross-site scripting (XSS) vulnerability in the "User details" functio ...)
	NOT-FOR-US: Cybozu
CVE-2016-1214 (Cross-site scripting (XSS) vulnerability in the "Response request" fun ...)
	NOT-FOR-US: Cybozu
CVE-2016-1213 (The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote a ...)
	NOT-FOR-US: Cybozu
CVE-2016-1212 (Directory traversal vulnerability in futomi MP Form Mail CGI Professio ...)
	NOT-FOR-US: futomi MP Form Mail CGI Professional Edition
CVE-2016-1211 (Cross-site scripting (XSS) vulnerability in Epoch Web Mailing List 0.3 ...)
	NOT-FOR-US: Epoch Web Mailing List
CVE-2016-1210 (The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not veri ...)
	NOT-FOR-US: 105 BANK app
CVE-2016-1209 (The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote att ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-1208 (The server in Apple FileMaker before 14.0.4 on OS X allows remote atta ...)
	NOT-FOR-US: Apple FileMaker
CVE-2016-1207 (Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R d ...)
	NOT-FOR-US: I-O DATA
CVE-2016-1206 (The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, WN-G ...)
	NOT-FOR-US: I-O DATA
CVE-2016-1205 (Cross-site scripting (XSS) vulnerability in the shiro8 (1) category_fr ...)
	NOT-FOR-US: EC-CUBE plugin
CVE-2016-1204
	RESERVED
CVE-2016-1203
	RESERVED
CVE-2016-1202 (Untrusted search path vulnerability in Atom Electron before 0.33.5 all ...)
	NOT-FOR-US: Atom Electron
CVE-2016-1201 (Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0. ...)
	NOT-FOR-US: LOCKON
CVE-2016-1200 (The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows rem ...)
	NOT-FOR-US: LOCKON
CVE-2016-1199 (The login page in the management screen in LOCKON EC-CUBE 3.0.0 throug ...)
	NOT-FOR-US: LOCKON
CVE-2016-1198 (Photopt for Android before 2.0.1 does not verify SSL certificates. ...)
	NOT-FOR-US: Photopt for Android
CVE-2016-1197 (Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4 ...)
	NOT-FOR-US: Cybozu
CVE-2016-1196 (Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated use ...)
	NOT-FOR-US: Cybozu
CVE-2016-1195 (Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1  ...)
	NOT-FOR-US: Cybozu
CVE-2016-1194 (Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: Cybozu
CVE-2016-1193 (Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensit ...)
	NOT-FOR-US: Cybozu
CVE-2016-1192 (Directory traversal vulnerability in the logging implementation in Cyb ...)
	NOT-FOR-US: Cybozu
CVE-2016-1191 (Directory traversal vulnerability in the Files function in Cybozu Garo ...)
	NOT-FOR-US: Cybozu
CVE-2016-1190 (Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to byp ...)
	NOT-FOR-US: Cybozu
CVE-2016-1189 (Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated use ...)
	NOT-FOR-US: Cybozu
CVE-2016-1188 (Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated use ...)
	NOT-FOR-US: Cybozu
CVE-2016-1187 (Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 thro ...)
	NOT-FOR-US: Cybozu
CVE-2016-1186 (Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL ser ...)
	NOT-FOR-US: Kintone mobile for Android
CVE-2016-1185 (The Cybozu kintone mobile application 1.x before 1.0.6 for Android all ...)
	NOT-FOR-US: Cybozu
CVE-2016-1184 (Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for ...)
	NOT-FOR-US: Tokyo Star bank App for Android
CVE-2016-1183 (NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0 ...)
	NOT-FOR-US: NTT
CVE-2016-1182 (ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not prop ...)
	- libstruts1.2-java <removed>
	[wheezy] - libstruts1.2-java <no-dsa> (basically fixed in CVE-2015-0899)
	NOTE: https://jvn.jp/en/jp/JVN65044642/
	NOTE: Two conditions must be met to exploit this vulnerability
	NOTE: condition one is already fixed in CVE-2015-0899, so everything is fine
	NOTE: condition two can be fixed by the following patch:
	NOTE: https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8
	NOTE: but as this completely deactivates multipart requests, this should not be generally applied
CVE-2016-1181 (ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles mu ...)
	- libstruts1.2-java <removed>
	[wheezy] - libstruts1.2-java <no-dsa> (basically fixed in CVE-2015-0899)
	NOTE: https://jvn.jp/en/jp/JVN03188560/
	NOTE: Two conditions must be met to exploit this vulnerability
	NOTE: condition one is already fixed in CVE-2015-0899, so everything is fine
	NOTE: condition two can be fixed by the following patch:
	NOTE: https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8
	NOTE: but as this completely deactivates multipart requests, this should not be generally applied
CVE-2016-1180 (Cross-site scripting (XSS) vulnerability in the Cyber-Will Social-butt ...)
	NOT-FOR-US: Cyber-Will Social-button Premium plugin
CVE-2016-1179 (Cross-site scripting (XSS) vulnerability in the standard template of t ...)
	NOT-FOR-US: appleple a-blog cms
CVE-2016-1178 (The session management of the comment functionality in appleple a-blog ...)
	NOT-FOR-US: appleple a-blog cms
CVE-2016-1177 (The management screen in Falcon WisePoint 4.3.1 and earlier and WisePo ...)
	NOT-FOR-US: Falcon WisePoint
CVE-2016-1176 (Buffer overflow in the ActiveX control in Sharp EVA Animeter allows re ...)
	NOT-FOR-US: Sharp EVA Animeter
CVE-2016-1175 (Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player  ...)
	NOT-FOR-US: AQUOS Photo Player
CVE-2016-1174 (Cross-site request forgery (CSRF) vulnerability in the Menubook plugin ...)
	NOT-FOR-US: baserCMS
CVE-2016-1173 (Cross-site scripting (XSS) vulnerability in the Menubook plugin before ...)
	NOT-FOR-US: baserCMS
CVE-2016-1172 (Cross-site request forgery (CSRF) vulnerability in the Recruit plugin  ...)
	NOT-FOR-US: baserCMS
CVE-2016-1171 (Cross-site scripting (XSS) vulnerability in the Recruit plugin before  ...)
	NOT-FOR-US: baserCMS
CVE-2016-1170 (Cross-site request forgery (CSRF) vulnerability in the Casebook plugin ...)
	NOT-FOR-US: baserCMS
CVE-2016-1169 (Cross-site scripting (XSS) vulnerability in the Casebook plugin before ...)
	NOT-FOR-US: baserCMS
CVE-2016-1168 (Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP d ...)
	NOT-FOR-US: NEC
CVE-2016-1167 (Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP d ...)
	NOT-FOR-US: NEC
CVE-2016-1166
	REJECTED
CVE-2016-1165
	REJECTED
CVE-2016-1164
	REJECTED
CVE-2016-1163
	REJECTED
CVE-2016-1162
	REJECTED
CVE-2016-1161 (Cross-site request forgery (CSRF) vulnerability in ManageEngine Passwo ...)
	NOT-FOR-US: ManageEngine Password Manager Pro
CVE-2016-1160 (Cross-site scripting (XSS) vulnerability in the WP Favorite Posts plug ...)
	NOT-FOR-US: WP Favorite Posts plugin for WordPress
CVE-2016-1159 (In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build ...)
	NOT-FOR-US: ZOHO
CVE-2016-1158 (Cross-site request forgery (CSRF) vulnerability on Corega CG-WLBARGMH  ...)
	NOT-FOR-US: Corega
CVE-2016-1157 (Cross-site scripting (XSS) vulnerability in log_chat.cgi in Script* Lo ...)
	NOT-FOR-US: Log-Chat
CVE-2016-1156 (LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X al ...)
	NOT-FOR-US: LINE
CVE-2016-1155 (HTTP header injection vulnerability in the URLConnection class in Andr ...)
	NOT-FOR-US: Android
CVE-2016-1154 (SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in C ...)
	NOT-FOR-US: Cuore EC-CUBE
CVE-2016-1153 (customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenti ...)
	NOT-FOR-US: Cybozu Office
CVE-2016-1152 (Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users t ...)
	NOT-FOR-US: Cybozu Office
CVE-2016-1151 (Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu O ...)
	NOT-FOR-US: Cybozu Office
CVE-2016-1150 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 throug ...)
	NOT-FOR-US: Cybozu Office
CVE-2016-1149 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 throug ...)
	NOT-FOR-US: Cybozu Office
CVE-2016-1148 (Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL ...)
	NOT-FOR-US: Akerun
CVE-2016-1147
	REJECTED
CVE-2016-1146
	REJECTED
CVE-2016-1145 (Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER  ...)
	NOT-FOR-US: NEC EXPRESSCLUSTER
CVE-2016-1144 (Cross-site scripting (XSS) vulnerability in JOB-CUBE -JOB WEB SYSTEM b ...)
	NOT-FOR-US: High Income
CVE-2016-1143 (Cross-site scripting (XSS) vulnerability in main.rb in Vine MV before  ...)
	NOT-FOR-US: Vine MV
CVE-2016-1142 (Seeds acmailer before 3.8.21 and 3.9.x before 3.9.15 Beta allows remot ...)
	NOT-FOR-US: Seeds acmailer
CVE-2016-1141 (KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users  ...)
	NOT-FOR-US: KDDI HOME SPOT CUBE
CVE-2016-1140 (KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct ...)
	NOT-FOR-US: KDDI HOME SPOT CUBE
CVE-2016-1139 (Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE ...)
	NOT-FOR-US: KDDI HOME SPOT CUBE
CVE-2016-1138 (CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 a ...)
	NOT-FOR-US: KDDI HOME SPOT CUBE
CVE-2016-1137 (Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 al ...)
	NOT-FOR-US: KDDI HOME SPOT CUBE
CVE-2016-1136 (Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE device ...)
	NOT-FOR-US: KDDI HOME SPOT CUBE
CVE-2016-1135 (Cross-site scripting (XSS) vulnerability on BUFFALO BHR-4GRV2 devices  ...)
	NOT-FOR-US: BUFFALO
CVE-2016-1134 (Cross-site request forgery (CSRF) vulnerability on BUFFALO BHR-4GRV2 d ...)
	NOT-FOR-US: BUFFALO
CVE-2016-1133 (CRLF injection vulnerability in the on_req function in lib/handler/red ...)
	- h2o <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/h2o/h2o/issues/682
	NOTE: https://github.com/h2o/h2o/issues/684
	NOTE: https://github.com/h2o/h2o/pull/684
CVE-2016-1132 (Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify S ...)
	NOT-FOR-US: Shoplat App
CVE-2016-1131 (Buffer overflow in the CL_vsprintf function in Takumi Yamada DX Librar ...)
	NOT-FOR-US: Takumi Yamada
CVE-2016-1130 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1129 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1128 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1127 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1126 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1125 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1124 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1123 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1122 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1121 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1120 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1119 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1118 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1117 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1116 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1115 (Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 bef ...)
	NOT-FOR-US: Adobe
CVE-2016-1114 (Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 bef ...)
	NOT-FOR-US: Adobe
CVE-2016-1113 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before ...)
	NOT-FOR-US: Adobe
CVE-2016-1112 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1111 (Double free vulnerability in Adobe Reader and Acrobat before 11.0.14,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1110 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1109 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1108 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1107 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1106 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1105 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1104 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1103 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1102 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1101 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1100 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1099 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1098 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1097 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1096 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1095 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1094 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1093 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1092 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1091 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-1090 (Untrusted search path vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1089 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-1088 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1087 (Untrusted search path vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1086 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1085 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1084 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1083 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1082 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1081 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1080 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1079 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1078 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1077 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1076 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1075 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1074 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1073 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1072 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1071 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1070 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1069 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1068 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1067 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1066 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1065 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1064 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1063 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1062 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1061 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1060 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1059 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1058 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1057 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1056 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1055 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1054 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1053 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1052 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1051 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1050 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1049 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1048 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1047 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1046 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1045 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1044 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1043 (Integer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat a ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1042 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1041 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1040 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1039 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1038 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1037 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1036 (Cross-site scripting (XSS) vulnerability in Adobe Analytics AppMeasure ...)
	NOT-FOR-US: Adobe
CVE-2016-1035 (Adobe RoboHelp Server 9 before 9.0.1 mishandles SQL queries, which all ...)
	NOT-FOR-US: Adobe
CVE-2016-1034 (The Sync Process in the JavaScript API for Creative Cloud Libraries in ...)
	NOT-FOR-US: Adobe
CVE-2016-1033 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1032 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1031 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1030 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1029 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1028 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1027 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1026 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1025 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1024 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1023 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1022 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1021 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1020 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1019 (Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to c ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1018 (Stack-based buffer overflow in Adobe Flash Player before 18.0.0.343 an ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1017 (Use-after-free vulnerability in the LoadVars.decode function in Adobe  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1016 (Use-after-free vulnerability in the Transform object implementation in ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1015 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1014 (Untrusted search path vulnerability in Adobe Flash Player before 18.0. ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1013 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1012 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1011 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1010 (Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x thro ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1009 (Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-1008 (Untrusted search path vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe
CVE-2016-1007 (Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-1006 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1005 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1004
	REJECTED
CVE-2016-1003
	REJECTED
CVE-2016-1002 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1001 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1000 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0999 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0998 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0997 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0996 (Use-after-free vulnerability in the setInterval method in Adobe Flash  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0995 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0994 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0993 (Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x thro ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0992 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0991 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0990 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0989 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0988 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0987 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0986 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0985 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2016-0984 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 a ...)
	NOT-FOR-US: Adobe
CVE-2016-0983 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 a ...)
	NOT-FOR-US: Adobe
CVE-2016-0982 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 a ...)
	NOT-FOR-US: Adobe
CVE-2016-0981 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2016-0980 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2016-0979 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2016-0978 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2016-0977 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2016-0976 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2016-0975 (Use-after-free vulnerability in the instanceof function in Adobe Flash ...)
	NOT-FOR-US: Adobe
CVE-2016-0974 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 a ...)
	NOT-FOR-US: Adobe
CVE-2016-0973 (Use-after-free vulnerability in the URLRequest object implementation i ...)
	NOT-FOR-US: Adobe
CVE-2016-0972 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2016-0971 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.329 and ...)
	NOT-FOR-US: Adobe
CVE-2016-0970 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2016-0969 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2016-0968 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2016-0967 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2016-0966 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2016-0965 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2016-0964 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2016-0963 (Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x thro ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0962 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0961 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0960 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0959 (Use after free vulnerability in Adobe Flash Player Desktop Runtime bef ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0958 (Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote at ...)
	NOT-FOR-US: Adobe
CVE-2016-0957 (Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and  ...)
	NOT-FOR-US: Adobe
CVE-2016-0956 (The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Ex ...)
	NOT-FOR-US: Apache Sling
CVE-2016-0955 (Cross-site scripting (XSS) vulnerability in Adobe Experience Manager ( ...)
	NOT-FOR-US: Adobe
CVE-2016-0954 (Adobe Digital Editions before 4.5.1 allows attackers to execute arbitr ...)
	NOT-FOR-US: Adobe
CVE-2016-0953 (Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2 ...)
	NOT-FOR-US: Adobe
CVE-2016-0952 (Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2 ...)
	NOT-FOR-US: Adobe
CVE-2016-0951 (Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2 ...)
	NOT-FOR-US: Adobe
CVE-2016-0950 (Adobe Connect before 9.5.2 allows remote attackers to spoof the user i ...)
	NOT-FOR-US: Adobe
CVE-2016-0949 (Adobe Connect before 9.5.2 allows remote attackers to have an unspecif ...)
	NOT-FOR-US: Adobe
CVE-2016-0948 (Cross-site request forgery (CSRF) vulnerability in Adobe Connect befor ...)
	NOT-FOR-US: Adobe
CVE-2016-0947 (Untrusted search path vulnerability in Adobe Download Manager, as used ...)
	NOT-FOR-US: Adobe
CVE-2016-0946 (Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-0945 (Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-0944 (Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-0943 (Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-0942 (Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-0941 (Use-after-free vulnerability in the Search object implementation in Ad ...)
	NOT-FOR-US: Adobe
CVE-2016-0940 (Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.1 ...)
	NOT-FOR-US: Adobe
CVE-2016-0939 (Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-0938 (The AcroForm plugin in Adobe Reader and Acrobat before 11.0.14, Acroba ...)
	NOT-FOR-US: Adobe
CVE-2016-0937 (Use-after-free vulnerability in the OCG object implementation in Adobe ...)
	NOT-FOR-US: Adobe
CVE-2016-0936 (Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-0935 (Double free vulnerability in Adobe Reader and Acrobat before 11.0.14,  ...)
	NOT-FOR-US: Adobe
CVE-2016-0934 (Use-after-free vulnerability in AGM.dll in Adobe Reader and Acrobat be ...)
	NOT-FOR-US: Adobe
CVE-2016-0933 (Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-0932 (Use-after-free vulnerability in the Doc object implementation in Adobe ...)
	NOT-FOR-US: Adobe
CVE-2016-0931 (Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-1922 (QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit W ...)
	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
	- qemu 1:2.5+dfsg-4 (bug #811201)
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg02812.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283934
	NOTE: https://www.openwall.com/lists/oss-security/2016/01/16/1
	NOTE: Possibly introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=4917cf44326a1bda2fd7f27303aff7a25ad86518 (v1.6.0-rc0)
	NOTE: kvmapic introduced after 1.0.50 (http://git.qemu.org/?p=qemu.git;a=commit;h=e5ad936b0fd7dfd7fd7908be6f9f1ca88f63b96b)
CVE-2016-0930 (Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0929 (The metrics-collection component in RabbitMQ for Pivotal Cloud Foundry ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0928 (Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF)  ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0927 (Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0926 (Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cl ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0925 (Cross-site scripting (XSS) vulnerability in the Case Management applic ...)
	NOT-FOR-US: EMC RSA Adaptive Authentication
CVE-2016-0924
	REJECTED
CVE-2016-0923 (The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0 ...)
	NOT-FOR-US: RSA BSAFE Micro Edition Suite
CVE-2016-0922 (EMC ViPR SRM before 3.7.2 does not restrict the number of password-aut ...)
	NOT-FOR-US: EMC ViPR SRM
CVE-2016-0921 (Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar ...)
	NOT-FOR-US: EMC Avamar
CVE-2016-0920 (Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar ...)
	NOT-FOR-US: EMC Avamar
CVE-2016-0919 (EMC RSA Web Threat Detection version 5.0, RSA Web Threat Detection ver ...)
	NOT-FOR-US: RSA Web Threat Detection
CVE-2016-0918 (EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x  ...)
	NOT-FOR-US: EMC RSA Identity Governance and Lifecycle
CVE-2016-0917 (The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3 ...)
	NOT-FOR-US: EMC VNX
CVE-2016-0916 (EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0. ...)
	NOT-FOR-US: EMC NetWorker
CVE-2016-0915 (The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime S ...)
	NOT-FOR-US: EMC RSA Authentication Manager
CVE-2016-0914 (EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, D ...)
	NOT-FOR-US: EMC Documentum WebTop and WebTop Clients
CVE-2016-0913 (The client in EMC Replication Manager (RM) before 5.5.3.0_01-PatchHotf ...)
	NOT-FOR-US: EMC
CVE-2016-0912 (EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 allows remote authen ...)
	NOT-FOR-US: EMC Data Domain OS
CVE-2016-0911 (EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 has a default no_roo ...)
	NOT-FOR-US: EMC Data Domain OS
CVE-2016-0910 (EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 b ...)
	NOT-FOR-US: EMC Data Domain OS
CVE-2016-0909 (EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions  ...)
	NOT-FOR-US: EMC
CVE-2016-0908 (EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows  ...)
	NOT-FOR-US: EMC Isilon
CVE-2016-0907 (EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0 ...)
	NOT-FOR-US: EMC Isilon
CVE-2016-0906 (The web-restore interface in Avamar Data Store (ADS) and Avamar Virtua ...)
	NOT-FOR-US: EMC Avamar
CVE-2016-0905 (Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar ...)
	NOT-FOR-US: EMC Avamar
CVE-2016-0904 (Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar ...)
	NOT-FOR-US: EMC Avamar
CVE-2016-0903 (Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar ...)
	NOT-FOR-US: EMC Avamar
CVE-2016-0902 (CRLF injection vulnerability in EMC RSA Authentication Manager before  ...)
	NOT-FOR-US: RSA Authentication Manager
CVE-2016-0901 (Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Man ...)
	NOT-FOR-US: RSA Authentication Manager
CVE-2016-0900 (Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Man ...)
	NOT-FOR-US: RSA Authentication Manager
CVE-2016-0899 (EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated us ...)
	NOT-FOR-US: RSA Archer GRC Platform
CVE-2016-0898 (MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS ...)
	NOT-FOR-US: MySQL for PCF tiles
CVE-2016-0897 (Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0896 (Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x be ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0895 (EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers ...)
	NOT-FOR-US: EMC
CVE-2016-0894 (EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authentic ...)
	NOT-FOR-US: EMC
CVE-2016-0893 (EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authentic ...)
	NOT-FOR-US: EMC
CVE-2016-0892 (Cross-site scripting (XSS) vulnerability in EMC RSA Data Loss Preventi ...)
	NOT-FOR-US: EMC
CVE-2016-0891 (Multiple cross-site request forgery (CSRF) vulnerabilities in administ ...)
	NOT-FOR-US: EMC ViPR SRM
CVE-2016-0890 (EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtua ...)
	NOT-FOR-US: EMC
CVE-2016-0889 (An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appl ...)
	NOT-FOR-US: EMC
CVE-2016-0888 (EMC Documentum D2 before 4.6 lacks intended ACLs for configuration obj ...)
	NOT-FOR-US: EMC Documentum D2
CVE-2016-0887 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5,  ...)
	NOT-FOR-US: EMC
CVE-2016-0886 (EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows  ...)
	NOT-FOR-US: EMC Documentum
CVE-2016-0885
	REJECTED
CVE-2016-0884
	REJECTED
CVE-2016-0883 (Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0882 (EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows  ...)
	NOT-FOR-US: EMC Documentum
CVE-2016-0881 (EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows  ...)
	NOT-FOR-US: EMC Documentum
CVE-2016-0880
	REJECTED
CVE-2016-0879 (Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies ...)
	NOT-FOR-US: Moxa
CVE-2016-0878 (Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attacke ...)
	NOT-FOR-US: Moxa
CVE-2016-0877 (Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allow ...)
	NOT-FOR-US: Moxa
CVE-2016-0876 (Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attacke ...)
	NOT-FOR-US: Moxa
CVE-2016-0875 (Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attacke ...)
	NOT-FOR-US: Moxa
CVE-2016-0874
	RESERVED
CVE-2016-0873
	RESERVED
CVE-2016-0872 (A Plaintext Storage of a Password issue was discovered in Kabona AB We ...)
	NOT-FOR-US: Kabona AB WebDatorCentral
CVE-2016-0871 (Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attacke ...)
	NOT-FOR-US: Eaton Lighting EG2 Web Control
CVE-2016-0870 (The web server in Trane Tracer SC 4.2.1134 and earlier allows remote a ...)
	NOT-FOR-US: Trane Tracer
CVE-2016-0869 (Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows r ...)
	NOT-FOR-US: MICROSYS PROMOTIC
CVE-2016-0868 (Stack-based buffer overflow on Rockwell Automation Allen-Bradley Micro ...)
	NOT-FOR-US: MicroLogix
CVE-2016-0867 (CAREL PlantVisorEnhanced allows remote attackers to bypass intended ac ...)
	NOT-FOR-US: CAREL
CVE-2016-0866 (Cross-site scripting (XSS) vulnerability in Tollgrade SmartGrid LightH ...)
	NOT-FOR-US: Tollgrade
CVE-2016-0865 (Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software ...)
	NOT-FOR-US: Tollgrade
CVE-2016-0864 (Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software ...)
	NOT-FOR-US: Tollgrade
CVE-2016-0863 (Cross-site request forgery (CSRF) vulnerability in Tollgrade SmartGrid ...)
	NOT-FOR-US: Tollgrade
CVE-2016-0862 (General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter device ...)
	NOT-FOR-US: General Electric devices
CVE-2016-0861 (General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter device ...)
	NOT-FOR-US: General Electric devices
CVE-2016-0860 (Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess befor ...)
	NOT-FOR-US: BwpAlarm
CVE-2016-0859 (Integer overflow in the Kernel service in Advantech WebAccess before 8 ...)
	NOT-FOR-US: Advantech
CVE-2016-0858 (Race condition in Advantech WebAccess before 8.1 allows remote attacke ...)
	NOT-FOR-US: Advantech
CVE-2016-0857 (Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 ...)
	NOT-FOR-US: Advantech
CVE-2016-0856 (Multiple stack-based buffer overflows in Advantech WebAccess before 8. ...)
	NOT-FOR-US: Advantech
CVE-2016-0855 (Directory traversal vulnerability in Advantech WebAccess before 8.1 al ...)
	NOT-FOR-US: Advantech
CVE-2016-0854 (Unrestricted file upload vulnerability in the uploadImageCommon functi ...)
	NOT-FOR-US: Advantech
CVE-2016-0853 (Advantech WebAccess before 8.1 allows remote attackers to obtain sensi ...)
	NOT-FOR-US: Advantech
CVE-2016-0852 (Advantech WebAccess before 8.1 allows remote attackers to bypass an in ...)
	NOT-FOR-US: Advantech
CVE-2016-0851 (Advantech WebAccess before 8.1 allows remote attackers to cause a deni ...)
	NOT-FOR-US: Advantech
CVE-2016-0850 (The PORCHE_PAIRING_CONFLICT feature in Bluetooth in Android 4.x before ...)
	NOT-FOR-US: Android
CVE-2016-0849 (Multiple integer overflows in minzip/SysUtil.c in the Recovery Procedu ...)
	NOT-FOR-US: Android
CVE-2016-0848 (Race condition in Download Manager in Android 4.x before 4.4.4, 5.0.x  ...)
	NOT-FOR-US: Android
CVE-2016-0847 (The Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before 5.1. ...)
	NOT-FOR-US: Android
CVE-2016-0846 (libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x ...)
	NOT-FOR-US: Android
CVE-2016-0845
	REJECTED
CVE-2016-0844 (The Qualcomm RF driver in Android 6.x before 2016-04-01 does not prope ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-0843 (The Qualcomm ARM processor performance-event manager in Android 4.x be ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-0842 (The H.264 decoder in libstagefright in Android 6.x before 2016-04-01 m ...)
	NOT-FOR-US: libstagefright
CVE-2016-0841 (media/libmedia/mediametadataretriever.cpp in mediaserver in Android 4. ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0840 (Multiple stack-based buffer underflows in decoder/ih264d_parse_cavlc.c ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0839 (post_proc/volume_listener.c in mediaserver in Android 6.x before 2016- ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0838 (Sonivox in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2 ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0837 (MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x bef ...)
	NOT-FOR-US: libstagefright
CVE-2016-0836 (Stack-based buffer overflow in decoder/impeg2d_vld.c in mediaserver in ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0835 (decoder/impeg2d_dec_hdr.c in mediaserver in Android 6.x before 2016-04 ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0834 (An unspecified media codec in mediaserver in Android 6.x before 2016-0 ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0833 (Android allows users to cause a denial of service. ...)
	NOT-FOR-US: Android
CVE-2016-0832 (Setup Wizard in Android 5.1.x before LMY49H and 6.x before 2016-03-01  ...)
	NOT-FOR-US: Android
CVE-2016-0831 (The getDeviceIdForPhone function in internal/telephony/PhoneSubInfoCon ...)
	NOT-FOR-US: Android
CVE-2016-0830 (btif_config.c in Bluetooth in Android 6.x before 2016-03-01 allows rem ...)
	NOT-FOR-US: Android
CVE-2016-0829 (The BnGraphicBufferProducer::onTransact function in libs/gui/IGraphicB ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0828 (The BnGraphicBufferConsumer::onTransact function in libs/gui/IGraphicB ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0827 (Multiple integer overflows in libeffects in mediaserver in Android 4.x ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0826 (libcameraservice in mediaserver in Android 4.x before 4.4.4, 5.x befor ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0825 (The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 al ...)
	NOT-FOR-US: Android
CVE-2016-0824 (libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows att ...)
	NOT-FOR-US: libstagefright
CVE-2016-0823 (The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel be ...)
	- linux 4.0.2-1
	[jessie] - linux 3.16.7-ckt11-1
	[wheezy] - linux 3.2.71-1
	NOTE: Upstream patch: https://git.kernel.org/linus/ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce (v4.0-rc5)
	NOTE: https://googleprojectzero.blogspot.cz/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
CVE-2016-0822 (The MediaTek connectivity kernel driver in Android 6.0.1 before 2016-0 ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-0821 (The LIST_POISON feature in include/linux/poison.h in the Linux kernel  ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.3.1-1
	NOTE: Upstream patch: https://git.kernel.org/linus/8a5e5e02fc83aaf67053ab53b359af08c6c49aaf (v4.3-rc1)
CVE-2016-0820 (The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 al ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-0819 (The Qualcomm performance component in Android 4.x before 4.4.4, 5.x be ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-0818 (The caching functionality in the TrustManagerImpl class in TrustManage ...)
	NOT-FOR-US: Android
CVE-2016-0817
	RESERVED
CVE-2016-0816 (mediaserver in Android 6.x before 2016-03-01 allows remote attackers t ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0815 (The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libs ...)
	NOT-FOR-US: libstagefright
CVE-2016-0814
	RESERVED
CVE-2016-0813 (packages/SystemUI/src/com/android/systemui/recents/AlternateRecentsCom ...)
	NOT-FOR-US: Android
CVE-2016-0812 (The interceptKeyBeforeDispatching function in policy/src/com/android/i ...)
	NOT-FOR-US: Android
CVE-2016-0811 (Integer overflow in the BnCrypto::onTransact function in media/libmedi ...)
	NOT-FOR-US: Android
CVE-2016-0810 (media/libmedia/SoundPool.cpp in mediaserver in Android 4.x before 4.4. ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0809 (Use-after-free vulnerability in the wifi_cleanup function in bcmdhd/wi ...)
	NOT-FOR-US: Android
CVE-2016-0808 (Integer overflow in the getCoverageFormat12 function in CmapCoverage.c ...)
	NOT-FOR-US: Android
CVE-2016-0807 (The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x ...)
	- android-platform-system-core 1:7.0.0+r1-1 (unimportant)
	NOTE: debuggerd not included, see bug #858177
CVE-2016-0806 (The Qualcomm Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5 ...)
	NOT-FOR-US: Android drivers
CVE-2016-0805 (The performance event manager for Qualcomm ARM processors in Android 4 ...)
	NOT-FOR-US: Android drivers
CVE-2016-0804 (The NuPlayer::GenericSource::notifyPreparedAndCleanup function in medi ...)
	NOT-FOR-US: Android
CVE-2016-0803 (libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before  ...)
	NOT-FOR-US: libstagefright
CVE-2016-0802 (The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5 ...)
	NOT-FOR-US: Android drivers
CVE-2016-0801 (The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5 ...)
	{DLA-1573-1}
	- firmware-nonfree 20180518-1 (bug #869639)
	[stretch] - firmware-nonfree 20161130-4
	[jessie] - firmware-nonfree <no-dsa> (non-free not supported)
CVE-2016-0800 (The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before  ...)
	- openssl 1.0.0c-2
	- nss 3.13
	NOTE: openssl 1.0.0c-2 dropped SSLv2 support
	NOTE: NSS disabled SSLv2 by default in 3.13
	NOTE: https://www.openssl.org/news/secadv/20160301.txt
	NOTE: https://www.drownattack.com/
	NOTE: GNUTLS never implemented SSLv2
	NOTE: http://blog.cryptographyengineering.com/2016/03/attack-of-week-drown.html
CVE-2016-0799 (The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1. ...)
	{DSA-3500-1}
	- openssl 1.0.2g-1
	NOTE: https://www.openssl.org/news/secadv/20160301.txt
	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=a801bf263849a2ef773e5bc0c86438cbba720835
	NOTE: https://guidovranken.wordpress.com/2016/02/27/openssl-cve-2016-0799-heap-corruption-via-bio_printf/
CVE-2016-0798 (Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0 ...)
	{DSA-3500-1}
	- openssl 1.0.2g-1
	NOTE: https://www.openssl.org/news/secadv/20160301.txt
	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=59a908f1e8380412a81392c468b83bf6071beb2a
CVE-2016-0797 (Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 be ...)
	{DSA-3500-1}
	- openssl 1.0.2g-1
	NOTE: https://www.openssl.org/news/secadv/20160301.txt
	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=99ba9fd02fd481eb971023a3a0a251a37eb87e4c
CVE-2016-0796
	RESERVED
CVE-2016-0795 (LibreOffice before 5.0.5 allows remote attackers to cause a denial of  ...)
	{DSA-3482-1}
	- libreoffice 1:5.0.5~rc1-1
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2016-0795/
CVE-2016-0794 (The lwp filter in LibreOffice before 5.0.4 allows remote attackers to  ...)
	{DSA-3482-1}
	- libreoffice 1:5.0.5~rc1-1
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2016-0794/
CVE-2016-0793 (Incomplete blacklist vulnerability in the servlet filter restriction m ...)
	NOT-FOR-US: WildFly / Red Hat JBoss EAP
CVE-2016-0792 (Multiple unspecified API endpoints in Jenkins before 1.650 and LTS bef ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24
CVE-2016-0791 (Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24
CVE-2016-0790 (Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24
CVE-2016-0789 (CRLF injection vulnerability in the CLI command documentation in Jenki ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24
CVE-2016-0788 (The remoting module in Jenkins before 1.650 and LTS before 1.642.2 all ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24
CVE-2016-0787 (The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 im ...)
	{DSA-3487-1 DLA-426-1}
	- libssh2 1.5.0-2.1 (bug #815662)
	NOTE: Upstream fix: https://github.com/libssh2/libssh2/commit/ca5222ea819cc5ed797860070b4c6c1aeeb28420
	NOTE: Upstream patch only fixes DH SHA-256 key exchange type, not DH SHA-1
CVE-2016-0786
	RESERVED
CVE-2016-0785 (Apache Struts 2.x before 2.3.28 allows remote attackers to execute arb ...)
	- libstruts1.2-java <not-affected> (Only 2.0.0 to 2.3.28.1)
	NOTE: http://struts.apache.org/docs/s2-029.html
CVE-2016-0784 (Directory traversal vulnerability in the Import/Export System Backups  ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2016-0783 (The sendHashByUser function in Apache OpenMeetings before 3.1.1 genera ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2016-0782 (The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5 ...)
	- activemq 5.13.2+dfsg-1 (unimportant)
	NOTE: Admin console not enabled in the Debian package, see #702670
	NOTE: https://activemq.apache.org/security-advisories.data/CVE-2016-0782-announcement.txt
CVE-2016-0781 (The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-serv ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-0780 (It was discovered that cf-release v231 and lower, Pivotal Cloud Foundr ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-0779 (The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x be ...)
	NOT-FOR-US: Apache TomEE
CVE-2016-0778 (The (1) roaming_read and (2) roaming_write functions in roaming_common ...)
	{DSA-3446-1 DLA-387-1}
	- openssh 1:7.1p2-1
	NOTE: https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt
CVE-2016-0777 (The resend_bytes function in roaming_common.c in the client in OpenSSH ...)
	{DSA-3446-1 DLA-387-1}
	- openssh 1:7.1p2-1 (bug #810984)
	NOTE: https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt
CVE-2016-0776
	REJECTED
CVE-2016-0775 (Buffer overflow in the ImagingFliDecode function in libImaging/FliDeco ...)
	{DSA-3499-1 DLA-422-1}
	- pillow 3.1.1-1 (bug #813909)
	- python-imaging <removed>
	[wheezy] - python-imaging 1.1.7-4+deb7u2
	NOTE: https://github.com/python-pillow/Pillow/commit/bcaaf97f4ff25b3b5b9e8efeda364e17e80858ec (3.1.1)
CVE-2016-0774 (The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a ...)
	{DLA-439-1}
	- linux 3.16.2-2
	[wheezy] - linux 3.2.73-2+deb7u3
	- linux-2.6 <removed>
	NOTE: https://rhn.redhat.com/errata/RHSA-2016-0103.html
	NOTE: The upstream fix for 3.16 was correct, but wheezy had a incomplete backport
CVE-2016-0773 (PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9. ...)
	{DSA-3476-1 DSA-3475-1 DLA-432-1}
	- postgresql-9.5 9.5.1-1
	- postgresql-9.4 <unfixed>
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
	NOTE: http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=3bb3f42f3749d40b8d4de65871e8d828b18d4a45
CVE-2016-0772 (The smtplib library in CPython (aka Python) before 2.7.12, 3.x before  ...)
	{DLA-1663-1 DLA-871-1 DLA-522-1}
	- python3.5 3.5.2~rc1-1
	- python3.4 <removed>
	- python3.2 <removed>
	- python2.7 2.7.12~rc1-1
	[jessie] - python2.7 2.7.9-2+deb8u1
	NOTE: 3.4 branch: https://hg.python.org/cpython/rev/d590114c2394
	NOTE: 2.7 branch: https://hg.python.org/cpython/rev/b3ce713fb9be
CVE-2016-0771 (The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9 ...)
	{DSA-3514-1}
	- samba 2:4.3.6+dfsg-1
	[wheezy] - samba <not-affected> (Vulnerable code not present)
	[squeeze] - samba <not-affected> (Vulnerable code not present)
	NOTE: https://www.samba.org/samba/security/CVE-2016-0771.html
CVE-2016-0770 (Cross-site scripting (XSS) vulnerability in includes/admin/pages/manag ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-0769 (Multiple SQL injection vulnerabilities in eshop-orders.php in the eSho ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-0768 (PostgreSQL PL/Java after 9.0 does not honor access controls on large o ...)
	- postgresql-pljava <removed>
	[wheezy] - postgresql-pljava <no-dsa> (Minor issue on undocumented API that got later removed)
CVE-2016-0767 (PostgreSQL PL/Java before 1.5.0 allows remote authenticated users with ...)
	- postgresql-pljava <removed>
	[wheezy] - postgresql-pljava <no-dsa> (Minor issue)
CVE-2016-0766 (PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9. ...)
	{DSA-3476-1 DSA-3475-1}
	- postgresql-9.5 9.5.1
	- postgresql-9.4 <unfixed>
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
CVE-2016-0765 (Multiple cross-site scripting (XSS) vulnerabilities in eshop-orders.ph ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-0764 (Race condition in Network Manager before 1.0.12 as packaged in Red Hat ...)
	- network-manager 1.1.91-1 (bug #820354)
	[jessie] - network-manager <no-dsa> (Minor issue)
	[wheezy] - network-manager <no-dsa> (Minor issue)
	NOTE: Upstream fix: https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=60b7ed3bdc3941a3b7c56824fba4b7291e79041f (1.2-beta2)
	NOTE: Fixed in 1.0.12 for the 1.0.x branch: https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/NEWS?h=1.0.12
CVE-2016-0763 (The setGlobalContext method in org/apache/naming/factory/ResourceLinkF ...)
	{DSA-3609-1 DSA-3552-1 DSA-3530-1 DLA-435-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.0.32-1
	- tomcat7 7.0.68-1
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
	NOTE: Fixed in 6.0.45, 7.0.68, 8.0.32, 9.0.0.M3
CVE-2016-0762 (The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0. ...)
	{DSA-3721-1 DSA-3720-1 DLA-729-1 DLA-728-1}
	- tomcat8 8.0.37-1 (low)
	- tomcat7 7.0.72-1 (low; bug #842662)
	- tomcat6 6.0.41-3 (low)
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: http://markmail.org/message/pzuk6hauzljnm4r7?q=list:org.apache.tomcat.announce/
	NOTE: Fixed by: http://svn.apache.org/r1758501 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1758502 (7.0.x)
	NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1758506 (6.0.x)
CVE-2016-0761 (Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runt ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-0760 (Multiple incomplete blacklist vulnerabilities in Apache Sentry before  ...)
	NOT-FOR-US: Apache Hive
CVE-2016-0759
	REJECTED
CVE-2016-0758 (Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6  ...)
	- linux 4.5.4-1
	[jessie] - linux 3.16.36-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced in v3.10-rc1)
	NOTE: https://lkml.org/lkml/2016/5/12/270
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1300257
	NOTE: Fixed by: https://git.kernel.org/linus/23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa
	NOTE: Introduced by: https://git.kernel.org/linus/42d5ec27f873c654a68f7f865dcd7737513e9508 (v3.10-rc1)
CVE-2016-0757 (OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x bef ...)
	- glance 2:12.0.0-1
	[jessie] - glance <no-dsa> (Minor issue)
	[wheezy] - glance <no-dsa> (Minor issue)
	NOTE: <=2015.1.2, >=11.0.0 <= 11.0.1
	NOTE: https://bugs.launchpad.net/bugs/1525915
CVE-2016-0756 (The generate_dialback function in the mod_dialback module in Prosody b ...)
	{DSA-3463-1 DLA-407-1}
	- prosody 0.9.10-1
	NOTE: http://blog.prosody.im/prosody-0-9-10-released/
	NOTE: https://prosody.im/security/advisory_20160127/
	NOTE: Upstream fix https://github.com/bjc/prosody/commit/8708def4f55e61acdd5b2c762d420ab40da0d015
CVE-2016-0755 (The ConnectionExists function in lib/url.c in libcurl before 7.47.0 do ...)
	{DSA-3455-1}
	- curl 7.47.0-1
	[wheezy] - curl <no-dsa> (Too intrusive to backport)
	NOTE: http://curl.haxx.se/docs/adv_20160127A.html
CVE-2016-0754 (cURL before 7.47.0 on Windows allows attackers to write to arbitrary f ...)
	- curl <not-affected> (Windows only)
	NOTE: http://curl.haxx.se/docs/adv_20160127B.html
CVE-2016-0753 (Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2. ...)
	{DSA-3464-1 DLA-642-1 DLA-641-1 DLA-498-1}
	- rails 2:4.2.5.1-1
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
	- ruby-activerecord-3.2 <removed>
	- ruby-activerecord-2.3 <removed>
	[wheezy] - ruby-activerecord-2.3 <end-of-life>
	- ruby-activesupport-3.2 <removed>
	- ruby-activesupport-2.3 <removed>
	[wheezy] - ruby-activesupport-2.3 <end-of-life>
	- ruby-activemodel-3.2 <removed>
CVE-2016-0752 (Directory traversal vulnerability in Action View in Ruby on Rails befo ...)
	{DSA-3464-1 DLA-604-1}
	- rails 2:4.2.5.1-1
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
	- ruby-actionpack-3.2 <removed>
	- ruby-actionpack-2.3 <removed>
	[wheezy] - ruby-actionpack-2.3 <end-of-life>
CVE-2016-0751 (actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Rub ...)
	{DSA-3464-1 DLA-604-1}
	- rails 2:4.2.5.1-1
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
	- ruby-actionpack-3.2 <removed>
	- ruby-actionpack-2.3 <removed>
	[wheezy] - ruby-actionpack-2.3 <end-of-life>
CVE-2016-0750 (The hotrod java client in infinispan before 9.1.0.Final automatically  ...)
	NOT-FOR-US: Infinispan
CVE-2016-0749 (The smartcard interaction in SPICE allows remote attackers to cause a  ...)
	{DSA-3596-1}
	- spice 0.12.6-4.1 (bug #826585)
	[wheezy] - spice <not-affected> (Vulnerable code not present. Configured with --disable-smartcard)
CVE-2016-0748
	RESERVED
CVE-2016-0747 (The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not pr ...)
	{DSA-3473-1}
	- nginx 1.9.10-1 (bug #812806)
	[squeeze] - nginx <not-affected> (Vulnerable code not present)
	NOTE: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html
	NOTE: https://github.com/nginx/nginx/commit/4016e6b1da4fbf9c45963211791be124cd7ffb8f (release-1.9.10)
	NOTE: https://github.com/nginx/nginx/commit/fe89d99796d42b86816e17d9c87ab16964768024 (release-1.9.10)
CVE-2016-0746 (Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1 ...)
	{DSA-3473-1}
	- nginx 1.9.10-1 (bug #812806)
	[squeeze] - nginx <not-affected> (Vulnerable code not present)
	NOTE: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html
	NOTE: https://github.com/nginx/nginx/commit/4b581a7c21e4328d059bf400a059c0458fc9f806 (release-1.9.10)
	NOTE: https://github.com/nginx/nginx/commit/a3d42258d97ebd0b638c20976654d3edfbaf943f (release-1.9.10)
CVE-2016-0745
	RESERVED
CVE-2016-0744
	RESERVED
CVE-2016-0743
	RESERVED
CVE-2016-0742 (The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remo ...)
	{DSA-3473-1 DLA-404-1}
	- nginx 1.9.10-1 (bug #812806)
	NOTE: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html
	NOTE: https://github.com/nginx/nginx/commit/c44fd4e837f979912749a5a19490ccb9b46398d3 (release-1.9.10)
CVE-2016-0741 (slapd/connection.c in 389 Directory Server (formerly Fedora Directory  ...)
	- 389-ds-base 1.3.4.8-1
	[jessie] - 389-ds-base <not-affected> (Only affects 1.3.4 and up)
	NOTE: https://fedorahosted.org/389/ticket/48412
CVE-2016-0740 (Buffer overflow in the ImagingLibTiffDecode function in libImaging/Tif ...)
	{DSA-3499-1}
	- pillow 3.1.1-1 (bug #813905)
	- python-imaging <not-affected> (Vulnerable code introduce in 2.0.0)
	NOTE: Issue when linked against libtiff >= 4.0.0
	NOTE: Fixed by: https://github.com/python-pillow/Pillow/commit/6dcbf5bd96b717c58d7b642949da8d323099928e (3.1.1)
	NOTE: Introduced by: https://github.com/python-pillow/Pillow/commit/e782fe721e0156de9636e78cd881d9f9e7e6ce50 (2.0.0)
CVE-2016-0739 (libssh before 0.7.3 improperly truncates ephemeral secrets generated f ...)
	{DSA-3488-1 DLA-425-1}
	- libssh 0.6.3-4.3 (bug #815663)
	NOTE: Upstream fix: https://git.libssh.org/projects/libssh.git/commit/?h=v0-7&id=f8d0026c65fc8a55748ae481758e2cf376c26c86
CVE-2016-0738 (OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x ...)
	- swift 2.5.0-3 (bug #812984)
	[jessie] - swift <not-affected> (Vulnerable code not present)
	[wheezy] - swift <not-affected> (Vulnerable code not present)
	NOTE: Swift: >=2.2.1 <= 2.3.0, >= 2.4.0 <= 2.5.0
CVE-2016-0737 (OpenStack Object Storage (Swift) before 2.4.0 does not properly close  ...)
	- swift 2.4.0-1
	[jessie] - swift <not-affected> (Vulnerable code not present)
	[wheezy] - swift <not-affected> (Vulnerable code not present)
	NOTE: Swift: >=2.2.1 <= 2.3.0
CVE-2016-0736 (In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was ...)
	{DSA-3796-1}
	- apache2 2.4.25-1
	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: https://lists.apache.org/thread.html/139862b41c0dfd5e6e00ad89c00119f9faf0dd41a2f927da9c9a4076@%3Cannounce.httpd.apache.org%3E
	NOTE: Fixed by: https://svn.apache.org/r1772812
	NOTE: Affects: 2.4.1 to 2.4.23
	NOTE: Fixed in 2.4.25
CVE-2016-0735 (Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to  ...)
	NOT-FOR-US: Apache Ranger
CVE-2016-0734 (The web-based administration console in Apache ActiveMQ 5.x before 5.1 ...)
	- activemq <not-affected> (Admin console not enabled in the Debian package, see #702670)
	NOTE: https://activemq.apache.org/security-advisories.data/CVE-2016-0734-announcement.txt
CVE-2016-0733 (The Admin UI in Apache Ranger before 0.5.1 does not properly handle au ...)
	NOT-FOR-US: Apache Ranger
CVE-2016-0732 (The identity zones feature in Pivotal Cloud Foundry 208 through 229; U ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0731 (The File Browser View in Apache Ambari before 2.2.1 allows remote auth ...)
	NOT-FOR-US: Apache Ambari
CVE-2016-0730
	REJECTED
CVE-2016-0729 (Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLU ...)
	{DSA-3493-1 DLA-433-1}
	- xerces-c 3.1.3+debian-1 (bug #815907)
	NOTE: http://xerces.apache.org/xerces-c/secadv/CVE-2016-0729.txt
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1727978
CVE-2016-0728 (The join_session_keyring function in security/keys/process_keys.c in t ...)
	{DSA-3448-1}
	- linux 4.3.3-6
	[wheezy] - linux <not-affected> (Introduced in v3.8-rc1)
	- linux-2.6 <not-affected> (Introduced in v3.8-rc1)
	NOTE: Upstream commit: https://git.kernel.org/linus/23567fd052a9abb6d67fe8e7a9ccdd9800a540f2
	NOTE: Introduced in https://git.kernel.org/linus/3a50597de8635cd05133bd12c95681c82fe7b878 (v3.8-rc1)
	NOTE: http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/
CVE-2016-0727 (The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3. ...)
	- ntp 1:4.2.8p9+dfsg-2 (low; bug #839998)
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1528050
	NOTE: http://www.halfdog.net/Security/2015/NtpCronjobUserNtpToRootPrivilegeEscalation/
	NOTE: Originally addressed in 1:4.2.8p8+dfsg-1.1, then refixed in 1:4.2.8p9+dfsg-2
CVE-2016-0726 (The Fedora Nagios package uses "nagiosadmin" as the default password f ...)
	- nagios3 <not-affected> (Specific to Fedora installation)
CVE-2016-0725 (Cross-site scripting (XSS) vulnerability in the search_pagination func ...)
	- moodle <not-affected> (Only affects 3.0 to 3.0.1, 2.9 to 2.9.3 and 2.8 to 2.8.9)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52552
CVE-2016-0724 (The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get ...)
	- moodle 2.7.12+dfsg-1 (bug #811344)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52072
CVE-2016-0723 (Race condition in the tty_ioctl function in drivers/tty/tty_io.c in th ...)
	{DSA-3448-1 DLA-412-1}
	- linux 4.3.3-6
	[wheezy] - linux 3.2.73-2+deb7u3
	- linux-2.6 <removed>
	NOTE: http://lkml.iu.edu/hypermail/linux/kernel/1511.3/03045.html
	NOTE: https://git.kernel.org/linus/5c17c861a357e9458001f021a7afa7aab9937439 (v4.5-rc2)
CVE-2016-0722
	REJECTED
CVE-2016-0721 (Session fixation vulnerability in pcsd in pcs before 0.9.157. ...)
	- pcs 0.9.149-1
	NOTE: https://github.com/feist/pcs/commit/bc6ad9086857559db57f4e3e6de66762291c0774 (0.9.149)
	NOTE: https://github.com/feist/pcs/commit/e9b28833d54a47ec441f6dbad0db96e1fc662a5b (0.9.149)
	NOTE: https://github.com/feist/pcs/commit/acdbbe8307e6f4a36b2c7754765e732e43fe8d17 (0.9.149)
CVE-2016-0720 (Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs  ...)
	- pcs 0.9.149-1
	NOTE: https://github.com/feist/pcs/commit/3360ecd318f7631bf5826d99a20bf4b29d86dc9c (0.9.149)
	NOTE: https://github.com/feist/pcs/commit/d49435de20f71bd0816c42b445ed484dd21fbe96 (0.9.149)
	NOTE: https://github.com/feist/pcs/commit/b9e7f061788c3b86a0c67d2d4158f067ec5eb625 (0.9.149)
CVE-2016-0719
	REJECTED
CVE-2016-0718 (Expat allows context-dependent attackers to cause a denial of service  ...)
	{DSA-3582-1 DLA-483-1}
	- expat 2.1.1-2
	- firefox 48.0-1 (unimportant)
	- firefox-esr <not-affected> (Doesn't affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-68/
	NOTE: Firefox links dynamically against expat
CVE-2016-0717
	REJECTED
CVE-2016-0716
	REJECTED
CVE-2016-0715 (Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5 ...)
	NOT-FOR-US: Pivotal Cloud Foundry Elastic Runtime
CVE-2016-0714 (The session-persistence implementation in Apache Tomcat 6.x before 6.0 ...)
	{DSA-3609-1 DSA-3552-1 DSA-3530-1 DLA-435-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.0.32-1
	- tomcat7 7.0.68-1
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
	NOTE: Fixed in 6.0.45, 7.0.68, 8.0.32, 9.0.0.M3
CVE-2016-0713 (Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-t ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-0712 (Cross-site scripting (XSS) vulnerability in Apache Jetspeed before 2.3 ...)
	NOT-FOR-US: Apache Jetspeed
CVE-2016-0711 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Jetspeed ...)
	NOT-FOR-US: Apache Jetspeed
CVE-2016-0710 (Multiple SQL injection vulnerabilities in the User Manager service in  ...)
	NOT-FOR-US: Apache Jetspeed
CVE-2016-0709 (Directory traversal vulnerability in the Import/Export function in the ...)
	NOT-FOR-US: Apache Jetspeed
CVE-2016-0708 (Applications deployed to Cloud Foundry, versions v166 through v227, ma ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-0707 (The agent in Apache Ambari before 2.1.2 uses weak permissions for the  ...)
	NOT-FOR-US: Apache Ambari
CVE-2016-0706 (Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, ...)
	{DSA-3609-1 DSA-3552-1 DSA-3530-1 DLA-435-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.0.32-1
	- tomcat7 7.0.68-1
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
	NOTE: Fixed in 6.0.45, 7.0.68, 8.0.32, 9.0.0.M3
CVE-2016-0705 (Double free vulnerability in the dsa_priv_decode function in crypto/ds ...)
	{DSA-3500-1}
	- openssl 1.0.2g-1
	[squeeze] - openssl <not-affected> (vulnerable code not present)
	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ab4a81f69ec88d06c9d8de15326b9296d7f498ed
	NOTE: https://www.openssl.org/news/secadv/20160301.txt
CVE-2016-0704 (An oracle protection mechanism in the get_client_master_key function i ...)
	- openssl 1.0.0c-2
	NOTE: 1.0.0c-2 dropped SSLv2 support
	NOTE: https://www.openssl.org/news/secadv/20160301.txt
CVE-2016-0703 (The get_client_master_key function in s2_srvr.c in the SSLv2 implement ...)
	- openssl 1.0.0c-2
	NOTE: 1.0.0c-2 dropped SSLv2 support
	NOTE: https://www.openssl.org/news/secadv/20160301.txt
CVE-2016-0702 (The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in O ...)
	{DSA-3500-1}
	- openssl 1.0.2g-1
	NOTE: https://www.openssl.org/news/secadv/20160301.txt
	NOTE: https://cachebleed.info
CVE-2016-0701 (The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 ...)
	- openssl 1.0.2f-2
	[jessie] - openssl <not-affected> (Only affects 1.0.2)
	[wheezy] - openssl <not-affected> (Only affects 1.0.2)
	[squeeze] - openssl <not-affected> (Only affects 1.0.2)
CVE-2016-0700 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-0699 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-0698 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-0697 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle
CVE-2016-0696 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-0695 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Jav ...)
	{DSA-3558-1 DLA-451-1}
	- openjdk-8 8u91-b14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy LTS)
CVE-2016-0694 (Unspecified vulnerability in the DataStore component in Oracle Berkele ...)
	NOT-FOR-US: Oracle Berkeley DB (later closed source releases)
CVE-2016-0693 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows rem ...)
	NOT-FOR-US: Solaris
CVE-2016-0692 (Unspecified vulnerability in the DataStore component in Oracle Berkele ...)
	NOT-FOR-US: Oracle Berkeley DB (later closed source releases)
CVE-2016-0691 (Unspecified vulnerability in the RDBMS Security component in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2016-0690 (Unspecified vulnerability in the RDBMS Security component in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2016-0689 (Unspecified vulnerability in the DataStore component in Oracle Berkele ...)
	NOT-FOR-US: Oracle Berkeley DB (later closed source releases)
CVE-2016-0688 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-0687 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and  ...)
	{DSA-3558-1 DLA-451-1}
	- openjdk-8 8u91-b14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy LTS)
CVE-2016-0686 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and  ...)
	{DSA-3558-1 DLA-451-1}
	- openjdk-8 8u91-b14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy LTS)
CVE-2016-0685 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-0684 (Unspecified vulnerability in the Oracle Retail MICROS ARS POS componen ...)
	NOT-FOR-US: Oracle Retail
CVE-2016-0683 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-0682 (Unspecified vulnerability in the DataStore component in Oracle Berkele ...)
	NOT-FOR-US: Oracle Berkeley DB (later closed source releases)
CVE-2016-0681 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...)
	NOT-FOR-US: Oracle
CVE-2016-0680 (Unspecified vulnerability in the PeopleSoft Enterprise SCM component i ...)
	NOT-FOR-US: Oracle
CVE-2016-0679 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-0678 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	- virtualbox 5.0.18-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2016-0677 (Unspecified vulnerability in the RDBMS Security component in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2016-0676 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users  ...)
	NOT-FOR-US: Solaris
CVE-2016-0675 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-0674 (Unspecified vulnerability in the Siebel Core - Common Components compo ...)
	NOT-FOR-US: Siebel
CVE-2016-0673 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...)
	NOT-FOR-US: Siebel
CVE-2016-0672 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-0671 (Unspecified vulnerability in the Oracle HTTP Server component in Oracl ...)
	NOT-FOR-US: Oracle
CVE-2016-0670
	REJECTED
CVE-2016-0669 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local user ...)
	NOT-FOR-US: Solaris
CVE-2016-0668 (Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.1 ...)
	{DSA-3595-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and MySQL 5.7)
	- mariadb-10.0 10.0.24-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0667 (Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows lo ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0666 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 a ...)
	{DSA-3595-1 DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.25-1 (bug #823325)
	NOTE: Fixed in MariaDB 10.0.25
	NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0665 (Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.1 ...)
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0664
	REJECTED
CVE-2016-0663 (Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows lo ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0662 (Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows lo ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0661 (Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.1 ...)
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0660
	REJECTED
CVE-2016-0659 (Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows lo ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0658 (Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows lo ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0657 (Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows lo ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0656 (Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows lo ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0655 (Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.1 ...)
	{DSA-3595-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and MySQL 5.7)
	- mariadb-10.0 10.0.25-1 (bug #823325)
	NOTE: Fixed in MariaDB 10.0.25
	NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0654 (Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows lo ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0653 (Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows lo ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0652 (Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows lo ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0651 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows lo ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.5)
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.47-0+deb8u1
	[wheezy] - mysql-5.5 5.5.47-0+deb7u1
	- mariadb-10.0 10.0.23-1
	[jessie] - mariadb-10.0 10.0.23-0+deb8u1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0650 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 a ...)
	{DSA-3595-1 DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.24-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0649 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 a ...)
	{DSA-3595-1 DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.24-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0648 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 a ...)
	{DSA-3595-1 DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.25-1 (bug #823325)
	NOTE: Fixed in MariaDB 10.0.25
	NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0647 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 a ...)
	{DSA-3595-1 DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.25-1 (bug #823325)
	NOTE: Fixed in MariaDB 10.0.25
	NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0646 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 a ...)
	{DSA-3595-1 DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.24-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0645
	REJECTED
CVE-2016-0644 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 a ...)
	{DSA-3595-1 DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.24-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0643 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 a ...)
	{DSA-3595-1 DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.25-1 (bug #823325)
	NOTE: Fixed in MariaDB 10.0.25
	NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0642 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 a ...)
	{DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.23-1
	[jessie] - mariadb-10.0 10.0.23-0+deb8u1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0641 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 a ...)
	{DSA-3595-1 DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.24-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0640 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 a ...)
	{DSA-3595-1 DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.24-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0639 (Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.1 ...)
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0638 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-0637
	REJECTED
CVE-2016-0636 (Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allow ...)
	{DSA-3558-1 DLA-451-1}
	- openjdk-8 8u77-b03-1
	[experimental] - openjdk-7 7u95-2.6.4-3
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy LTS)
	NOTE: http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html
	NOTE: https://blogs.oracle.com/security/entry/security_alert_cve_2016_0636
	NOTE: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/c44179bce874
CVE-2016-0635 (Unspecified vulnerability in the Enterprise Manager Ops Center compone ...)
	NOT-FOR-US: MySQL Enterprise Monitor
CVE-2016-0634 (The expansion of '\h' in the prompt string in bash 4.3 allows remote a ...)
	- bash 4.4-1 (unimportant)
	[jessie] - bash 4.3-11+deb8u1
	NOTE: https://www.openwall.com/lists/oss-security/2016/09/16/8
	NOTE: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025
	NOTE: Fixed bin Bash upstream bash-4.4
	NOTE: This doesn't cross any reasonable security boundaries, an attacker with the
	NOTE: ability to modify the hostname in an arbitrary manner is in the position to
	NOTE: exploit various other system components anyway
	NOTE: Fixed by (4.3): https://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-047
CVE-2016-0633
	REJECTED
CVE-2016-0632
	REJECTED
CVE-2016-0631
	REJECTED
CVE-2016-0630
	REJECTED
CVE-2016-0629
	REJECTED
CVE-2016-0628
	REJECTED
CVE-2016-0627
	REJECTED
CVE-2016-0626
	REJECTED
CVE-2016-0625
	REJECTED
CVE-2016-0624
	REJECTED
CVE-2016-0623 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote att ...)
	NOT-FOR-US: Solaris
CVE-2016-0622
	REJECTED
CVE-2016-0621
	REJECTED
CVE-2016-0620
	REJECTED
CVE-2016-0619
	REJECTED
CVE-2016-0618 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2016-0617 (Unspecified vulnerability in the kernel-uek component in Oracle Linux  ...)
	- linux 4.4.2-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	- linux-2.6 <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced by: https://git.kernel.org/linus/1bfad99ab42569807d0ca1698449cae5e8c0334a (v4.3-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/9aacdd354d197ad64685941b36d28ea20ab88757 (v4.5-rc1)
CVE-2016-0616 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and Maria ...)
	{DSA-3459-1 DSA-3453-1 DLA-409-1}
	- mysql-5.6 <not-affected> (Only affects MySQL 5.5)
	- mysql-5.5 <removed> (bug #811428)
	- mariadb-10.0 10.0.23-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0615
	REJECTED
CVE-2016-0614 (Unspecified vulnerability in the Oracle BI Publisher component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-0613
	REJECTED
CVE-2016-0612
	REJECTED
CVE-2016-0611 (Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 ...)
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0610 (Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and Maria ...)
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	- mariadb-10.0 10.0.22-1
	[jessie] - mariadb-10.0 10.0.22-0+deb8u1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0609 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 a ...)
	{DSA-3459-1 DSA-3453-1 DLA-409-1}
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <removed> (bug #811428)
	- mariadb-10.0 10.0.23-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0608 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 a ...)
	{DSA-3459-1 DSA-3453-1 DLA-409-1}
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <removed> (bug #811428)
	- mariadb-10.0 10.0.23-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0607 (Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 ...)
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0606 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 a ...)
	{DSA-3459-1 DSA-3453-1 DLA-409-1}
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <removed> (bug #811428)
	- mariadb-10.0 10.0.23-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0605 (Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows re ...)
	- mysql-5.6 5.6.27-1
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0604
	REJECTED
CVE-2016-0603 (Unspecified vulnerability in the Java SE component in Oracle Java SE 6 ...)
	- openjdk-8 <not-affected> (Java on Windows)
	- openjdk-7 <not-affected> (Java on Windows)
	- openjdk-6 <not-affected> (Java on Windows)
CVE-2016-0602 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	- virtualbox <not-affected> (VirtualBox Windows Installer component)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR
CVE-2016-0601 (Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenti ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0600 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 a ...)
	{DSA-3459-1 DSA-3453-1 DLA-409-1}
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <removed> (bug #811428)
	- mariadb-10.0 10.0.23-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0599 (Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenti ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0598 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 a ...)
	{DSA-3459-1 DSA-3453-1 DLA-409-1}
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <removed> (bug #811428)
	- mariadb-10.0 10.0.23-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0597 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 a ...)
	{DSA-3459-1 DSA-3453-1 DLA-409-1}
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <removed> (bug #811428)
	- mariadb-10.0 10.0.23-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0596 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.2 ...)
	{DSA-3459-1 DSA-3453-1 DLA-409-1}
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <removed> (bug #811428)
	- mariadb-10.0 10.0.23-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0595 (Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows re ...)
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0594 (Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows re ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0593
	REJECTED
CVE-2016-0592 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	{DSA-3454-1}
	- virtualbox 5.0.14-dfsg-1
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR
CVE-2016-0591 (Unspecified vulnerability in the PeopleSoft Enterprise SCM Purchasing  ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-0590 (Unspecified vulnerability in the PeopleSoft Enterprise SCM Order Manag ...)
	NOT-FOR-US: Oracle
CVE-2016-0589 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle
CVE-2016-0588 (Unspecified vulnerability in the Oracle General Ledger component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-0587 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-0586 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle
CVE-2016-0585 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle
CVE-2016-0584 (Unspecified vulnerability in the Oracle CRM Technology Foundation comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0583 (Unspecified vulnerability in the Oracle CRM Technology Foundation comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0582 (Unspecified vulnerability in the Oracle CRM Technology Foundation comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0581 (Unspecified vulnerability in the Oracle Approvals Management component ...)
	NOT-FOR-US: Oracle
CVE-2016-0580 (Unspecified vulnerability in the Oracle Report Manager component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-0579 (Unspecified vulnerability in the Oracle CRM Technology Foundation comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0578 (Unspecified vulnerability in the Oracle CRM Technology Foundation comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0577 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-0576 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle
CVE-2016-0575 (Unspecified vulnerability in the Oracle Learning Management component  ...)
	NOT-FOR-US: Oracle
CVE-2016-0574 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-0573 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-0572 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-0571 (Unspecified vulnerability in the Oracle Balanced Scorecard component i ...)
	NOT-FOR-US: Oracle
CVE-2016-0570 (Unspecified vulnerability in the Oracle HCM Configuration Workbench co ...)
	NOT-FOR-US: Oracle
CVE-2016-0569 (Unspecified vulnerability in the Oracle E-Business Intelligence compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0568 (Unspecified vulnerability in the Oracle Email Center component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-0567 (Unspecified vulnerability in the Oracle E-Business Intelligence compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0566 (Unspecified vulnerability in the Oracle Marketing component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-0565 (Unspecified vulnerability in the Oracle Marketing component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-0564 (Unspecified vulnerability in the Oracle E-Business Intelligence compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0563 (Unspecified vulnerability in the Oracle CRM Technical Foundation compo ...)
	NOT-FOR-US: Oracle
CVE-2016-0562 (Unspecified vulnerability in the Oracle Common Applications component  ...)
	NOT-FOR-US: Oracle
CVE-2016-0561 (Unspecified vulnerability in the Oracle E-Business Intelligence compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0560 (Unspecified vulnerability in the Oracle Customer Intelligence componen ...)
	NOT-FOR-US: Oracle
CVE-2016-0559 (Unspecified vulnerability in the Oracle Customer Intelligence componen ...)
	NOT-FOR-US: Oracle
CVE-2016-0558 (Unspecified vulnerability in the Oracle Service Contracts component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0557 (Unspecified vulnerability in the Oracle Advanced Collections component ...)
	NOT-FOR-US: Oracle
CVE-2016-0556 (Unspecified vulnerability in the Oracle Advanced Collections component ...)
	NOT-FOR-US: Oracle
CVE-2016-0555 (Unspecified vulnerability in the Oracle CADView-3D component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-0554 (Unspecified vulnerability in the Oracle Interaction Center Intelligenc ...)
	NOT-FOR-US: Oracle
CVE-2016-0553 (Unspecified vulnerability in the Oracle E-Business Intelligence compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0552 (Unspecified vulnerability in the Oracle Customer Intelligence componen ...)
	NOT-FOR-US: Oracle
CVE-2016-0551 (Unspecified vulnerability in the Oracle Customer Intelligence componen ...)
	NOT-FOR-US: Oracle
CVE-2016-0550 (Unspecified vulnerability in the Oracle CRM Technical Foundation compo ...)
	NOT-FOR-US: Oracle
CVE-2016-0549 (Unspecified vulnerability in the Oracle E-Business Intelligence compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0548 (Unspecified vulnerability in the Oracle E-Business Intelligence compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0547 (Unspecified vulnerability in the Oracle E-Business Intelligence compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0546 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 a ...)
	{DSA-3459-1 DSA-3453-1 DLA-409-1}
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <removed> (bug #811428)
	- mariadb-10.0 10.0.23-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0545 (Unspecified vulnerability in the Oracle Customer Intelligence componen ...)
	NOT-FOR-US: Oracle
CVE-2016-0544 (Unspecified vulnerability in the Oracle Marketing component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-0543 (Unspecified vulnerability in the Oracle Marketing component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-0542 (Unspecified vulnerability in the Oracle Field Service component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2016-0541 (Unspecified vulnerability in the Oracle Configurator component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-0540 (Unspecified vulnerability in the Oracle Configurator component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-0539 (Unspecified vulnerability in the Oracle Report Manager component in Or ...)
	NOT-FOR-US: Oracle
CVE-2016-0538 (Unspecified vulnerability in the Oracle Financial Consolidation Hub co ...)
	NOT-FOR-US: Oracle
CVE-2016-0537 (Unspecified vulnerability in the Oracle Human Resources component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-0536 (Unspecified vulnerability in the Oracle Universal Work Queue component ...)
	NOT-FOR-US: Oracle
CVE-2016-0535 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remot ...)
	NOT-FOR-US: Oracle
CVE-2016-0534 (Unspecified vulnerability in the Oracle Project Contracts component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0533 (Unspecified vulnerability in the Oracle CRM Technical Foundation compo ...)
	NOT-FOR-US: Oracle
CVE-2016-0532 (Unspecified vulnerability in the Oracle CRM Technical Foundation compo ...)
	NOT-FOR-US: Oracle
CVE-2016-0531 (Unspecified vulnerability in the Oracle Applications Manager component ...)
	NOT-FOR-US: Oracle
CVE-2016-0530 (Unspecified vulnerability in the Oracle Customer Interaction History c ...)
	NOT-FOR-US: Oracle
CVE-2016-0529 (Unspecified vulnerability in the Oracle Customer Interaction History c ...)
	NOT-FOR-US: Oracle
CVE-2016-0528 (Unspecified vulnerability in the Oracle Customer Interaction History c ...)
	NOT-FOR-US: Oracle
CVE-2016-0527 (Unspecified vulnerability in the Oracle Customer Interaction History c ...)
	NOT-FOR-US: Oracle
CVE-2016-0526 (Unspecified vulnerability in the Oracle CRM Technical Foundation compo ...)
	NOT-FOR-US: Oracle
CVE-2016-0525 (Unspecified vulnerability in the Oracle Universal Work Queue component ...)
	NOT-FOR-US: Oracle
CVE-2016-0524 (Unspecified vulnerability in the Oracle Universal Work Queue component ...)
	NOT-FOR-US: Oracle
CVE-2016-0523 (Unspecified vulnerability in the Oracle Interaction Blending component ...)
	NOT-FOR-US: Oracle
CVE-2016-0522 (Unspecified vulnerability in the Oracle Retail Open Commerce Platform  ...)
	NOT-FOR-US: Oracle
CVE-2016-0521 (Unspecified vulnerability in the Oracle iProcurement component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-0520 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle
CVE-2016-0519 (Unspecified vulnerability in the Oracle iReceivables component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-0518 (Unspecified vulnerability in the Oracle Human Resources component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-0517 (Unspecified vulnerability in the Oracle Human Resources component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-0516 (Unspecified vulnerability in the Oracle Quality component in Oracle E- ...)
	NOT-FOR-US: Oracle
CVE-2016-0515 (Unspecified vulnerability in the Oracle CRM Technical Foundation compo ...)
	NOT-FOR-US: Oracle
CVE-2016-0514 (Unspecified vulnerability in the Oracle CRM Technical Foundation compo ...)
	NOT-FOR-US: Oracle
CVE-2016-0513 (Unspecified vulnerability in the Oracle CRM Technical Foundation compo ...)
	NOT-FOR-US: Oracle
CVE-2016-0512 (Unspecified vulnerability in the Oracle Human Resources component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-0511 (Unspecified vulnerability in the Oracle E-Business Intelligence compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0510 (Unspecified vulnerability in the Oracle E-Business Intelligence compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0509 (Unspecified vulnerability in the Oracle Internet Expenses component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0508 (Unspecified vulnerability in the Oracle iLearning component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2016-0507 (Unspecified vulnerability in the Oracle iReceivables component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-0506 (Unspecified vulnerability in the Oracle Retail Order Management System ...)
	NOT-FOR-US: Oracle
CVE-2016-0505 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 a ...)
	{DSA-3459-1 DSA-3453-1 DLA-409-1}
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <removed> (bug #811428)
	- mariadb-10.0 10.0.23-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0504 (Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 ...)
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0503 (Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 ...)
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0502 (Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.1 ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 5.5.33+dfsg-1
	- mariadb-10.0 <not-affected> (Fixed before the initial release in Debian, 10.0.4)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0501 (Unspecified vulnerability in the Oracle Secure Global Desktop componen ...)
	NOT-FOR-US: Oracle
CVE-2016-0500 (Unspecified vulnerability in the Oracle Retail Order Broker Cloud Serv ...)
	NOT-FOR-US: Oracle
CVE-2016-0499 (Unspecified vulnerability in the Java VM component in Oracle Database  ...)
	NOT-FOR-US: Oracle
CVE-2016-0498 (Unspecified vulnerability in the Oracle Agile Engineering Data Managem ...)
	NOT-FOR-US: Oracle
CVE-2016-0497 (Unspecified vulnerability in the Oracle Agile Engineering Data Managem ...)
	NOT-FOR-US: Oracle
CVE-2016-0496 (Unspecified vulnerability in the MICROS CWDirect component in Oracle R ...)
	NOT-FOR-US: Oracle
CVE-2016-0495 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
	{DSA-3454-1}
	- virtualbox 5.0.14-dfsg-1
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR
CVE-2016-0494 (Unspecified vulnerability in the Java SE and Java SE Embedded componen ...)
	{DSA-3725-1 DSA-3465-1 DSA-3458-1 DLA-545-1 DLA-410-1}
	- openjdk-8 8u72-b15-1
	- openjdk-7 7u95-2.6.4-1
	- openjdk-6 <removed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1298906#c1
	NOTE: Upstream commit for OpenJDK: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/f556d4c82ef1
	- icu 57.1-4
	NOTE: ICU not directly affected by CVE-2016-0494 itself since original patch for
	NOTE: CVE-2015-4844 was not yet applied. CVE-2016-0494 was introduced as part of
	NOTE: the CVE-2015-4844 fix. To avoid confusion with the DSA text in DSA-3725-1
	NOTE: threat this CVE separately as affected src:icu despite beeing for the
	NOTE: incomplete fix for CVE-2015-4844
CVE-2016-0493 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle
CVE-2016-0492 (Unspecified vulnerability in the Oracle Application Testing Suite comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0491 (Unspecified vulnerability in the Oracle Application Testing Suite comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0490 (Unspecified vulnerability in the Oracle Application Testing Suite comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0489 (Unspecified vulnerability in the Oracle Application Testing Suite comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0488 (Unspecified vulnerability in the Oracle Application Testing Suite comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0487 (Unspecified vulnerability in the Oracle Application Testing Suite comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0486 (Unspecified vulnerability in the Oracle Application Testing Suite comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0485 (Unspecified vulnerability in the Oracle Application Testing Suite comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0484 (Unspecified vulnerability in the Oracle Application Testing Suite comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0483 (Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Jav ...)
	{DSA-3465-1 DSA-3458-1 DLA-410-1}
	- openjdk-8 8u72-b15-1
	- openjdk-7 7u95-2.6.4-1
	- openjdk-6 <removed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1299441#c2
CVE-2016-0482 (Unspecified vulnerability in the Oracle Application Testing Suite comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0481 (Unspecified vulnerability in the Oracle Application Testing Suite comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0480 (Unspecified vulnerability in the Oracle Application Testing Suite comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0479 (Unspecified vulnerability in the Oracle Business Intelligence Enterpri ...)
	NOT-FOR-US: Oracle
CVE-2016-0478 (Unspecified vulnerability in the Oracle Application Testing Suite comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0477 (Unspecified vulnerability in the Oracle Application Testing Suite comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0476 (Unspecified vulnerability in the Oracle Application Testing Suite comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0475 (Unspecified vulnerability in the Java SE, Java SE Embedded, and JRocki ...)
	- openjdk-8 8u72-b15-1
CVE-2016-0474 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-0473 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-0472 (Unspecified vulnerability in the XDB - XML Database component in Oracl ...)
	NOT-FOR-US: Oracle
CVE-2016-0471 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-0470 (Unspecified vulnerability in the Oracle BI Publisher component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-0469 (Unspecified vulnerability in the Oracle Retail MICROS C2 component in  ...)
	NOT-FOR-US: Oracle Retail
CVE-2016-0468 (Unspecified vulnerability in the Oracle Business Intelligence Enterpri ...)
	NOT-FOR-US: Oracle
CVE-2016-0467 (Unspecified vulnerability in the Security component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2016-0466 (Unspecified vulnerability in the Java SE, Java SE Embedded, and JRocki ...)
	{DSA-3465-1 DSA-3458-1 DLA-410-1}
	- openjdk-8 8u72-b15-1
	- openjdk-7 7u95-2.6.4-1
	- openjdk-6 <unfixed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1299385#c4
CVE-2016-0465 (Unspecified vulnerability in the Solaris Cluster component in Oracle S ...)
	NOT-FOR-US: Oracle
CVE-2016-0464 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle
CVE-2016-0463 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-0462 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-0461 (Unspecified vulnerability in the XDB - XML Database component in Oracl ...)
	NOT-FOR-US: Oracle
CVE-2016-0460 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-0459 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle
CVE-2016-0458 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle
CVE-2016-0457 (Unspecified vulnerability in the Application Mgmt Pack for E-Business  ...)
	NOT-FOR-US: Oracle
CVE-2016-0456 (Unspecified vulnerability in the Application Mgmt Pack for E-Business  ...)
	NOT-FOR-US: Oracle
CVE-2016-0455 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0454 (Unspecified vulnerability in the Oracle Mobile Application Servlet com ...)
	NOT-FOR-US: Oracle
CVE-2016-0453 (Unspecified vulnerability in the Oracle GlassFish Server component in  ...)
	- glassfish <not-affected> (Full application server not packaged)
CVE-2016-0452 (Unspecified vulnerability in the Oracle GoldenGate component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-0451 (Unspecified vulnerability in the Oracle GoldenGate component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-0450 (Unspecified vulnerability in the Oracle GoldenGate component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-0449 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0448 (Unspecified vulnerability in the Java SE and Java SE Embedded componen ...)
	{DSA-3465-1 DSA-3458-1 DLA-410-1}
	- openjdk-8 8u72-b15-1
	- openjdk-7 7u95-2.6.4-1
	- openjdk-6 <removed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1299385#c4
CVE-2016-0447 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0446 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0445 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0444 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0443 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0442 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0441 (Unspecified vulnerability in the Oracle GlassFish Server component in  ...)
	- glassfish <not-affected> (Full application server not packaged)
CVE-2016-0440 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attac ...)
	NOT-FOR-US: Oracle
CVE-2016-0439 (Unspecified vulnerability in the Web Cache component in Oracle Fusion  ...)
	NOT-FOR-US: Oracle
CVE-2016-0438 (Unspecified vulnerability in the Oracle Retail Point-of-Service compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0437 (Unspecified vulnerability in the Oracle Retail Point-of-Service compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0436 (Unspecified vulnerability in the Oracle Retail Point-of-Service compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0435 (Unspecified vulnerability in the Oracle Retail Point-of-Service compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0434 (Unspecified vulnerability in the Oracle Retail Point-of-Service compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0433 (Unspecified vulnerability in the Web Cache component in Oracle Fusion  ...)
	NOT-FOR-US: Oracle
CVE-2016-0432 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle
CVE-2016-0431 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle
CVE-2016-0430 (Unspecified vulnerability in the Web Cache component in Oracle Fusion  ...)
	NOT-FOR-US: Oracle
CVE-2016-0429 (Unspecified vulnerability in the Oracle BI Publisher component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-0428 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle
CVE-2016-0427 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0426 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle
CVE-2016-0425 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0424 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0423 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0422 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0421 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0420 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools compon ...)
	NOT-FOR-US: Oracle
CVE-2016-0419 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle
CVE-2016-0418 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle
CVE-2016-0417 (Unspecified vulnerability in the Solaris Cluster component in Oracle S ...)
	NOT-FOR-US: Oracle
CVE-2016-0416 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attac ...)
	NOT-FOR-US: Oracle
CVE-2016-0415 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0414 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle
CVE-2016-0413 (Unspecified vulnerability in the Oracle Identity Federation component  ...)
	NOT-FOR-US: Oracle
CVE-2016-0412 (Unspecified vulnerability in the PeopleSoft Enterprise SCM eProcuremen ...)
	NOT-FOR-US: Oracle
CVE-2016-0411 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...)
	NOT-FOR-US: Oracle
CVE-2016-0410
	REJECTED
CVE-2016-0409 (Unspecified vulnerability in the PeopleSoft Enterprise HCM Global Payr ...)
	NOT-FOR-US: Oracle
CVE-2016-0408 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle
CVE-2016-0407 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component i ...)
	NOT-FOR-US: Oracle
	NOT-FOR-US: PeopleSoft
CVE-2016-0406 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users  ...)
	NOT-FOR-US: Oracle
CVE-2016-0405 (Unspecified vulnerability in the Solaris Cluster component in Oracle S ...)
	NOT-FOR-US: Oracle
CVE-2016-0404 (Unspecified vulnerability in the Oracle Identity Federation component  ...)
	NOT-FOR-US: Oracle
CVE-2016-0403 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attac ...)
	NOT-FOR-US: Oracle
CVE-2016-0402 (Unspecified vulnerability in the Java SE and Java SE Embedded componen ...)
	{DSA-3465-1 DSA-3458-1 DLA-410-1}
	- openjdk-8 8u72-b15-1
	- openjdk-7 7u95-2.6.4-1
	- openjdk-6 <removed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1298957#c2
CVE-2016-0401 (Unspecified vulnerability in the Oracle BI Publisher component in Orac ...)
	NOT-FOR-US: Oracle
CVE-2016-0400 (CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 befo ...)
	NOT-FOR-US: IBM
CVE-2016-0399 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...)
	NOT-FOR-US: IBM
CVE-2016-0398 (IBM Cognos Analytics (CA) 11.0 before 11.0.2 allows remote attackers t ...)
	NOT-FOR-US: IBM
CVE-2016-0397 (WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9 ...)
	NOT-FOR-US: IBM
CVE-2016-0396 (IBM Tivoli Endpoint Manager could allow a user under special circumsta ...)
	NOT-FOR-US: IBM
CVE-2016-0395
	RESERVED
CVE-2016-0394 (IBM Integration Bus and WebSphere Message broker sets incorrect permis ...)
	NOT-FOR-US: IBM
CVE-2016-0393 (IBM Maximo Asset Management 7.5 before 7.5.0.10-TIV-MBS-IFIX002 and 7. ...)
	NOT-FOR-US: IBM
CVE-2016-0392 (IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 t ...)
	NOT-FOR-US: IBM
CVE-2016-0391 (The IBM Watson Developer Cloud services on Bluemix platforms do not pr ...)
	NOT-FOR-US: IBM
CVE-2016-0390 (Cross-site scripting (XSS) vulnerability in IBM Algorithmics Algo One  ...)
	NOT-FOR-US: IBM
CVE-2016-0389 (Admin Center in IBM WebSphere Application Server (WAS) 8.5.5.2 through ...)
	NOT-FOR-US: IBM
CVE-2016-0388
	RESERVED
CVE-2016-0387 (Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Pl ...)
	NOT-FOR-US: IBM
CVE-2016-0386 (Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Applica ...)
	NOT-FOR-US: IBM
CVE-2016-0385 (Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7 ...)
	NOT-FOR-US: IBM
CVE-2016-0384
	RESERVED
CVE-2016-0383
	RESERVED
CVE-2016-0382 (The IBM Tealeaf Consumer Experience 8.7, 8.8, and 9.0 portal exposes s ...)
	NOT-FOR-US: IBM
CVE-2016-0381 (IBM Cognos TM1 10.2.2 before FP5, when the host/pmhub/pm/admin AdminGr ...)
	NOT-FOR-US: IBM
CVE-2016-0380 (IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and  ...)
	NOT-FOR-US: IBM
CVE-2016-0379 (IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles  ...)
	NOT-FOR-US: IBM
CVE-2016-0378 (IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3, when t ...)
	NOT-FOR-US: IBM
CVE-2016-0377 (The Administrative Console in IBM WebSphere Application Server (WAS) 7 ...)
	NOT-FOR-US: IBM
CVE-2016-0376 (The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Techn ...)
	NOT-FOR-US: IBM
CVE-2016-0375 (JMS Client in IBM MessageSight 1.1.x through 1.1.0.1, 1.2.x through 1. ...)
	NOT-FOR-US: IBM
CVE-2016-0374 (The builder tools in IBM TRIRIGA Application Platform 3.3 before 3.3.2 ...)
	NOT-FOR-US: IBM
CVE-2016-0373 (IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated  ...)
	NOT-FOR-US: IBM
CVE-2016-0372 (IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8,  ...)
	NOT-FOR-US: IBM
CVE-2016-0371 (The Tivoli Storage Manager (TSM) password may be displayed in plain te ...)
	NOT-FOR-US: IBM
CVE-2016-0370 (Cross-site scripting (XSS) vulnerability in IBM Forms Experience Build ...)
	NOT-FOR-US: IBM
CVE-2016-0369 (XML external entity (XXE) vulnerability in IBM Forms Experience Builde ...)
	NOT-FOR-US: IBM Forms Experience Builder
CVE-2016-0368
	RESERVED
CVE-2016-0367 (IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-I ...)
	NOT-FOR-US: IBM Security Identity Manager Virtual Appliance
CVE-2016-0366 (IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-I ...)
	NOT-FOR-US: IBM Security Identity Manager Virtual Appliance
CVE-2016-0365 (IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and  ...)
	NOT-FOR-US: IBM
CVE-2016-0364 (IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and  ...)
	NOT-FOR-US: IBM
CVE-2016-0363 (The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technolog ...)
	NOT-FOR-US: IBM JDK
CVE-2016-0362 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2. ...)
	NOT-FOR-US: IBM
CVE-2016-0361 (IBM General Parallel File System (GPFS) 3.5 before 3.5.0.29 efix 6 and ...)
	NOT-FOR-US: IBM General Parallel File System
CVE-2016-0360 (IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides cla ...)
	NOT-FOR-US: IBM
CVE-2016-0359 (CRLF injection vulnerability in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM
CVE-2016-0358 (IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated u ...)
	NOT-FOR-US: IBM
CVE-2016-0357 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
	NOT-FOR-US: IBM
CVE-2016-0356 (IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an au ...)
	NOT-FOR-US: IBM
CVE-2016-0355 (IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an au ...)
	NOT-FOR-US: IBM
CVE-2016-0354 (IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an au ...)
	NOT-FOR-US: IBM
CVE-2016-0353 (IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Vi ...)
	NOT-FOR-US: IBM
CVE-2016-0352
	RESERVED
CVE-2016-0351 (IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-I ...)
	NOT-FOR-US: IBM Security Identity Manager Virtual Appliance
CVE-2016-0350 (Cross-site scripting (XSS) vulnerability in the Report Builder and Dat ...)
	NOT-FOR-US: IBM
CVE-2016-0349 (IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8. ...)
	NOT-FOR-US: IBM
CVE-2016-0348 (Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Applica ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2016-0347
	RESERVED
CVE-2016-0346 (Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intell ...)
	NOT-FOR-US: IBM
CVE-2016-0345 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2. ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2016-0344 (Cross-site scripting (XSS) vulnerability in the My Reports component i ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2016-0343 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2. ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2016-0342 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2. ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2016-0341 (IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B A ...)
	NOT-FOR-US: IBM
CVE-2016-0340 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
	NOT-FOR-US: IBM
CVE-2016-0339 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
	NOT-FOR-US: IBM
CVE-2016-0338 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
	NOT-FOR-US: IBM
CVE-2016-0337
	RESERVED
CVE-2016-0336 (Cross-site scripting (XSS) vulnerability in IBM Security Identity Mana ...)
	NOT-FOR-US: IBM Security Identity Manager
CVE-2016-0335 (Cross-site request forgery (CSRF) vulnerability in IBM Security Identi ...)
	NOT-FOR-US: IBM Security Identity Manager
CVE-2016-0334
	RESERVED
CVE-2016-0333
	RESERVED
CVE-2016-0332 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
	NOT-FOR-US: IBM Security Identity Manager
CVE-2016-0331 (Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert  ...)
	NOT-FOR-US: IBM
CVE-2016-0330 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
	NOT-FOR-US: IBM
CVE-2016-0329 (Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 1 ...)
	NOT-FOR-US: IBM
CVE-2016-0328 (IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x t ...)
	NOT-FOR-US: IBM
CVE-2016-0327 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
	NOT-FOR-US: IBM Security Identity Manager
CVE-2016-0326 (IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycl ...)
	NOT-FOR-US: IBM
CVE-2016-0325 (IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8,  ...)
	NOT-FOR-US: IBM
CVE-2016-0324 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
	NOT-FOR-US: IBM Security Identity Manager
CVE-2016-0323 (The Auto-Scaling agent in Liberty for Java in IBM Bluemix before 2.7-2 ...)
	NOT-FOR-US: IBM
CVE-2016-0322 (Cross-site scripting (XSS) vulnerability in IBM Connections 4.0 throug ...)
	NOT-FOR-US: IBM
CVE-2016-0321 (IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x bef ...)
	NOT-FOR-US: IBM
CVE-2016-0320 (IBM UrbanCode Deploy could allow an authenticated user to modify Ucd o ...)
	NOT-FOR-US: IBM
CVE-2016-0319 (The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting S ...)
	NOT-FOR-US: IBM
CVE-2016-0318 (Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0 ...)
	NOT-FOR-US: IBM
CVE-2016-0317 (Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0 ...)
	NOT-FOR-US: IBM
CVE-2016-0316 (Cross-site scripting (XSS) vulnerability in Lifecycle Query Engine (LQ ...)
	NOT-FOR-US: IBM
CVE-2016-0315 (The Report Builder and Data Collection Component (DCC) in IBM Jazz Rep ...)
	NOT-FOR-US: IBM
CVE-2016-0314 (The Report Builder and Data Collection Component (DCC) in IBM Jazz Rep ...)
	NOT-FOR-US: IBM
CVE-2016-0313 (Cross-site scripting (XSS) vulnerability in the Report Builder and Dat ...)
	NOT-FOR-US: IBM
CVE-2016-0312 (IBM TRIRIGA Application Platform before 3.3.2 allows remote attackers  ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2016-0311 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Business Servic ...)
	NOT-FOR-US: IBM Tivoli Business Service Manager
CVE-2016-0310 (IBM Connections 5.5 and earlier is vulnerable to possible host header  ...)
	NOT-FOR-US: IBM
CVE-2016-0309
	RESERVED
CVE-2016-0308 (IBM Connections 5.5 and earlier is vulnerable to possible link manipul ...)
	NOT-FOR-US: IBM
CVE-2016-0307 (IBM Connections 5.5 and earlier allows remote attackers to obtain sens ...)
	NOT-FOR-US: IBM
CVE-2016-0306 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.41, 8.0 before ...)
	NOT-FOR-US: IBM
CVE-2016-0305 (IBM Connections is vulnerable to cross-site scripting, caused by impro ...)
	NOT-FOR-US: IBM
CVE-2016-0304 (The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x bef ...)
	NOT-FOR-US: IBM
CVE-2016-0303 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Integrated Port ...)
	NOT-FOR-US: IBM Tivoli Integrated Portal
CVE-2016-0302
	RESERVED
CVE-2016-0301 (Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5 ...)
	NOT-FOR-US: IBM
CVE-2016-0300 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2. ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2016-0299 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2. ...)
	NOT-FOR-US: IBM
CVE-2016-0298 (Directory traversal vulnerability in IBM Security Guardium Database Ac ...)
	NOT-FOR-US: IBM
CVE-2016-0297 (IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could all ...)
	NOT-FOR-US: IBM
CVE-2016-0296 (IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores po ...)
	NOT-FOR-US: IBM
CVE-2016-0295 (Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Plat ...)
	NOT-FOR-US: IBM
CVE-2016-0294
	RESERVED
CVE-2016-0293 (Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (forme ...)
	NOT-FOR-US: IBM
CVE-2016-0292 (WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9 ...)
	NOT-FOR-US: IBM
CVE-2016-0291 (IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow  ...)
	NOT-FOR-US: IBM
CVE-2016-0290
	RESERVED
CVE-2016-0289 (shiprec.xml in the SHIPREC application in IBM Maximo Asset Management  ...)
	NOT-FOR-US: IBM
CVE-2016-0288 (IBM Security AppScan Standard 8.7.x, 8.8.x, and 9.x before 9.0.3.2 and ...)
	NOT-FOR-US: IBM
CVE-2016-0287 (IBM i Access 7.1 on Windows allows local users to discover registry pa ...)
	NOT-FOR-US: IBM
CVE-2016-0286 (IBM Tivoli Business Service Manager 6.1.0 before 6.1.0-TIV-BSM-FP0004  ...)
	NOT-FOR-US: IBM Tivoli Business Service Manager
CVE-2016-0285 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...)
	NOT-FOR-US: IBM
CVE-2016-0284 (The XML parser in IBM Rational Collaborative Lifecycle Management 3.0. ...)
	NOT-FOR-US: IBM
CVE-2016-0283 (Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC)  ...)
	NOT-FOR-US: IBM
CVE-2016-0282 (Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 FP ...)
	NOT-FOR-US: IBM
CVE-2016-0281 (The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x,  ...)
	NOT-FOR-US: IBM
CVE-2016-0280 (Cross-site scripting (XSS) vulnerability in IBM Information Server Fra ...)
	NOT-FOR-US: IBM
CVE-2016-0279 (Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5 ...)
	NOT-FOR-US: IBM
CVE-2016-0278 (Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5 ...)
	NOT-FOR-US: IBM
CVE-2016-0277 (Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5 ...)
	NOT-FOR-US: IBM
CVE-2016-0276 (IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Pla ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2016-0275 (IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Pla ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2016-0274 (IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Pla ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2016-0273 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...)
	NOT-FOR-US: IBM
CVE-2016-0272 (Cross-site request forgery (CSRF) vulnerability in IBM Financial Trans ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2016-0271 (The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before 6 ...)
	NOT-FOR-US: IBM
CVE-2016-0270 (IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Int ...)
	NOT-FOR-US: IBM
CVE-2016-0269 (Cross-site scripting (XSS) vulnerability in IBM BigFix Platform 9.x be ...)
	NOT-FOR-US: IBM
CVE-2016-0268 (XML external entity (XXE) vulnerability in IBM Financial Transaction M ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2016-0267 (IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and  ...)
	NOT-FOR-US: IBM
CVE-2016-0266 (IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the la ...)
	NOT-FOR-US: IBM
CVE-2016-0265 (IBM Campaign is vulnerable to cross-site scripting, caused by improper ...)
	NOT-FOR-US: IBM
CVE-2016-0264 (Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Tec ...)
	NOT-FOR-US: IBM JDK
CVE-2016-0263 (IBM Spectrum Scale 4.1 before 4.1.1.5 and 4.2 before 4.2.0.2 and Gener ...)
	NOT-FOR-US: IBM
CVE-2016-0262 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...)
	NOT-FOR-US: IBM
CVE-2016-0261 (Cross-site scripting (XSS) vulnerability in IBM Curam Social Program M ...)
	NOT-FOR-US: IBM
CVE-2016-0260 (Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before 8.0 ...)
	NOT-FOR-US: IBM
CVE-2016-0259 (runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to b ...)
	NOT-FOR-US: IBM
CVE-2016-0258
	RESERVED
CVE-2016-0257
	RESERVED
CVE-2016-0256
	RESERVED
CVE-2016-0255 (IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-0254 (IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a deni ...)
	NOT-FOR-US: IBM
CVE-2016-0253 (Cross-site scripting (XSS) vulnerability in IBM Financial Transaction  ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2016-0252 (IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Cent ...)
	NOT-FOR-US: IBM
CVE-2016-0251
	RESERVED
CVE-2016-0250 (XML external entity (XXE) vulnerability in IBM InfoSphere Information  ...)
	NOT-FOR-US: IBM
CVE-2016-0249 (SQL injection vulnerability in IBM Security Guardium Database Activity ...)
	NOT-FOR-US: IBM
CVE-2016-0248 (IBM Security Guardium 9.0 before p700 and 10.0 before p100 allows man- ...)
	NOT-FOR-US: IBM
CVE-2016-0247 (IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, an ...)
	NOT-FOR-US: IBM
CVE-2016-0246 (Cross-site scripting (XSS) vulnerability in IBM Security Guardium 8.2  ...)
	NOT-FOR-US: IBM
CVE-2016-0245 (The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8 ...)
	NOT-FOR-US: IBM
CVE-2016-0244 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...)
	NOT-FOR-US: IBM
CVE-2016-0243 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...)
	NOT-FOR-US: IBM
CVE-2016-0242 (IBM Security Guardium 10.x through 10.1 before p100 allows remote auth ...)
	NOT-FOR-US: IBM
CVE-2016-0241 (IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x t ...)
	NOT-FOR-US: IBM
CVE-2016-0240 (IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x t ...)
	NOT-FOR-US: IBM
CVE-2016-0239 (IBM Security Guardium Database Activity Monitor 9.x through 9.5 before ...)
	NOT-FOR-US: IBM
CVE-2016-0238 (IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitiv ...)
	NOT-FOR-US: IBM
CVE-2016-0237 (IBM Security Guardium Database Activity Monitor 10 allows local users  ...)
	NOT-FOR-US: IBM
CVE-2016-0236 (IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x t ...)
	NOT-FOR-US: IBM
CVE-2016-0235 (IBM Security Guardium Database Activity Monitor 10 allows local users  ...)
	NOT-FOR-US: IBM
CVE-2016-0234 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user  ...)
	NOT-FOR-US: IBM
CVE-2016-0233 (SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, an ...)
	NOT-FOR-US: IBM
CVE-2016-0232 (IBM Financial Transaction Manager (FTM) for ACH Services, Check Servic ...)
	NOT-FOR-US: IBM
CVE-2016-0231 (IBM Financial Transaction Manager (FTM) for ACH Services, Check Servic ...)
	NOT-FOR-US: IBM
CVE-2016-0230 (IBM Power Hardware Management Console (HMC) 7.3 through 7.3.0 SP7, 7.9 ...)
	NOT-FOR-US: IBM
CVE-2016-0229 (Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 8.6 ...)
	NOT-FOR-US: IBM
CVE-2016-0228 (IBM Marketing Platform 10.0 could allow a remote attacker to conduct p ...)
	NOT-FOR-US: IBM
CVE-2016-0227 (Cross-site scripting (XSS) vulnerability in the document-list control  ...)
	NOT-FOR-US: IBM
CVE-2016-0226 (The client implementation in IBM Informix Dynamic Server 11.70.xCn on  ...)
	NOT-FOR-US: IBM
CVE-2016-0225 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.9 al ...)
	NOT-FOR-US: IBM
CVE-2016-0224 (SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, an ...)
	NOT-FOR-US: IBM
CVE-2016-0223 (Cross-site scripting (XSS) vulnerability in the Webform Framework API  ...)
	NOT-FOR-US: IBM Forms Server
CVE-2016-0222 (IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote a ...)
	NOT-FOR-US: IBM
CVE-2016-0221 (Cross-site scripting (XSS) vulnerability in IBM Cognos TM1, as used in ...)
	NOT-FOR-US: IBM
CVE-2016-0220
	RESERVED
CVE-2016-0219 (XML external entity (XXE) vulnerability in IBM Rational Team Concert 3 ...)
	NOT-FOR-US: IBM Rational Team Concert
CVE-2016-0218 (IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerab ...)
	NOT-FOR-US: IBM
CVE-2016-0217 (IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerab ...)
	NOT-FOR-US: IBM
CVE-2016-0216 (Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 ...)
	NOT-FOR-US: IBM
CVE-2016-0215 (IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, S ...)
	NOT-FOR-US: IBM DB2
CVE-2016-0214 (IBM Tivoli Endpoint Manager could allow a remote attacker to upload ar ...)
	NOT-FOR-US: IBM
CVE-2016-0213 (Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 ...)
	NOT-FOR-US: IBM
CVE-2016-0212 (Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 ...)
	NOT-FOR-US: IBM
CVE-2016-0211 (IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7  ...)
	NOT-FOR-US: IBM
CVE-2016-0210 (IBM Sterling B2B Integrator Standard Edition could allow a remote atta ...)
	NOT-FOR-US: IBM
CVE-2016-0209 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 ...)
	NOT-FOR-US: IBM
CVE-2016-0208 (IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and  ...)
	NOT-FOR-US: IBM
CVE-2016-0207 (IBM Algorithmics One-Algo Risk Application (ARA) 4.9.1 through 5.1.0 a ...)
	NOT-FOR-US: IBM Algorithmics One-Algo Risk Application
CVE-2016-0206 (IBM Cloud Orchestrator could allow a local authenticated attacker to c ...)
	NOT-FOR-US: IBM
CVE-2016-0205 (A vulnerability has been identified in IBM Cloud Orchestrator 2.3, 2.3 ...)
	NOT-FOR-US: IBM
CVE-2016-0204 (Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4 ...)
	NOT-FOR-US: IBM
CVE-2016-0203 (A vulnerability has been identified in the IBM Cloud Orchestrator task ...)
	NOT-FOR-US: IBM
CVE-2016-0202 (A vulnerability has been identified in tasks, backend object generated ...)
	NOT-FOR-US: IBM
CVE-2016-0201 (GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and 5.3. ...)
	NOT-FOR-US: IBM
CVE-2016-0200 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2016-0199 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2016-0198 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0197 (dxgkrnl.sys in the DirectX Graphics kernel subsystem in the kernel-mod ...)
	NOT-FOR-US: Microsoft
CVE-2016-0196 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-0195 (The Imaging Component in Microsoft Windows Vista SP2, Windows Server 2 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0194 (Microsoft Internet Explorer 10 and 11 allows remote attackers to bypas ...)
	NOT-FOR-US: Microsoft
CVE-2016-0193 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-0192 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-0191 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-0190 (Volume Manager Driver in Microsoft Windows 8.1, Windows Server 2012 Go ...)
	NOT-FOR-US: Microsoft
CVE-2016-0189 (The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as ...)
	NOT-FOR-US: Microsoft
CVE-2016-0188 (The User Mode Code Integrity (UMCI) implementation in Device Guard in  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0187 (The Microsoft (1) JScript 5.8 and (2) VBScript 5.8 engines, as used in ...)
	NOT-FOR-US: Microsoft
CVE-2016-0186 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-0185 (Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and Window ...)
	NOT-FOR-US: Microsoft
CVE-2016-0184 (Use-after-free vulnerability in GDI in Microsoft Windows Vista SP2, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2016-0183 (The Windows font library in Microsoft Office 2010 SP2, Word 2010 SP2,  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0182 (Windows Journal in Microsoft Windows Vista SP2, Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2016-0181 (Microsoft Windows 10 Gold and 1511 allows local users to bypass the Vi ...)
	NOT-FOR-US: Microsoft
CVE-2016-0180 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0179 (Windows Shell in Microsoft Windows 8.1, Windows Server 2012 R2, Window ...)
	NOT-FOR-US: Microsoft
CVE-2016-0178 (The RPC NDR Engine in Microsoft Windows Vista SP2, Windows Server 2008 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0177
	REJECTED
CVE-2016-0176 (dxgkrnl.sys in the DirectX Graphics kernel subsystem in the kernel-mod ...)
	NOT-FOR-US: Microsoft
CVE-2016-0175 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-0174 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-0173 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-0172
	REJECTED
CVE-2016-0171 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-0170 (GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0169 (GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0168 (GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0167 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-0166 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2016-0165 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-0164 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2016-0163
	REJECTED
CVE-2016-0162 (Microsoft Internet Explorer 9 through 11 allows remote attackers to de ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2016-0161 (Microsoft Edge allows remote attackers to bypass the Same Origin Polic ...)
	NOT-FOR-US: Microsoft Edge
CVE-2016-0160 (Microsoft Internet Explorer 11 mishandles DLL loading, which allows lo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2016-0159 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2016-0158 (Microsoft Edge allows remote attackers to bypass the Same Origin Polic ...)
	NOT-FOR-US: Microsoft Edge
CVE-2016-0157 (Microsoft Edge allows remote attackers to execute arbitrary code or ca ...)
	NOT-FOR-US: Microsoft Edge
CVE-2016-0156 (Microsoft Edge allows remote attackers to execute arbitrary code or ca ...)
	NOT-FOR-US: Microsoft Edge
CVE-2016-0155 (Microsoft Edge allows remote attackers to execute arbitrary code or ca ...)
	NOT-FOR-US: Microsoft Edge
CVE-2016-0154 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2016-0153 (OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-0152 (Internet Information Services (IIS) in Microsoft Windows Vista SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0151 (The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-0150 (HTTP.sys in Microsoft Windows 10 Gold and 1511 allows remote attackers ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-0149 (Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0148 (Microsoft .NET Framework 4.6 and 4.6.1 mishandles library loading, whi ...)
	NOT-FOR-US: Microsoft .NET
CVE-2016-0147 (Microsoft XML Core Services 3.0 allows remote attackers to execute arb ...)
	NOT-FOR-US: Microsoft XML Core Services
CVE-2016-0146
	REJECTED
CVE-2016-0145 (The font library in Microsoft Windows Vista SP2; Windows Server 2008 S ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-0144
	REJECTED
CVE-2016-0143 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-0142 (Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0141 (The Visual Basic macros in Microsoft Office 2007 SP3, 2010 SP2, 2013 S ...)
	NOT-FOR-US: Microsoft
CVE-2016-0140 (Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation Services o ...)
	NOT-FOR-US: Microsoft
CVE-2016-0139 (Microsoft Excel 2010 SP2, Word for Mac 2011, and Excel Viewer allow re ...)
	NOT-FOR-US: Microsoft Excel
CVE-2016-0138 (Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulativ ...)
	NOT-FOR-US: Microsoft
CVE-2016-0137 (The Click-to-Run (C2R) implementation in Microsoft Office 2013 SP1 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0136 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP ...)
	NOT-FOR-US: Microsoft Excel
CVE-2016-0135 (The Secondary Logon Service in Microsoft Windows 10 Gold and 1511 allo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-0134 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0133 (The USB Mass Storage Class driver in Microsoft Windows Vista SP2, Wind ...)
	NOT-FOR-US: Microsoft
CVE-2016-0132 (Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0131
	REJECTED
CVE-2016-0130 (Microsoft Edge allows remote attackers to execute arbitrary code or ca ...)
	NOT-FOR-US: Microsoft
CVE-2016-0129 (Microsoft Edge allows remote attackers to execute arbitrary code or ca ...)
	NOT-FOR-US: Microsoft
CVE-2016-0128 (The SAM and LSAD protocol implementations in Microsoft Windows Vista S ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-0127 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1 ...)
	NOT-FOR-US: Microsoft Word
CVE-2016-0126 (Microsoft Office 2013 SP1, 2013 RT SP1, and 2016 allows remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2016-0125 (Microsoft Edge mishandles the Referer policy, which allows remote atta ...)
	NOT-FOR-US: Microsoft
CVE-2016-0124 (Microsoft Edge allows remote attackers to execute arbitrary code or ca ...)
	NOT-FOR-US: Microsoft
CVE-2016-0123 (Microsoft Edge allows remote attackers to execute arbitrary code or ca ...)
	NOT-FOR-US: Microsoft
CVE-2016-0122 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-0121 (The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2016-0120 (The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2016-0119
	REJECTED
CVE-2016-0118 (The PDF library in Microsoft Windows 10 Gold and 1511 allows remote at ...)
	NOT-FOR-US: Microsoft
CVE-2016-0117 (The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0116 (Microsoft Edge allows remote attackers to execute arbitrary code or ca ...)
	NOT-FOR-US: Microsoft
CVE-2016-0115
	REJECTED
CVE-2016-0114 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft
CVE-2016-0113 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2016-0112 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2016-0111 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-0110 (Microsoft Internet Explorer 10 through 11 and Microsoft Edge allow rem ...)
	NOT-FOR-US: Microsoft
CVE-2016-0109 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2016-0108 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft
CVE-2016-0107 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2016-0106 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft
CVE-2016-0105 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-0104 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft
CVE-2016-0103 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft
CVE-2016-0102 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2016-0101 (Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Wind ...)
	NOT-FOR-US: Microsoft
CVE-2016-0100 (Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle library load ...)
	NOT-FOR-US: Microsoft
CVE-2016-0099 (The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Se ...)
	NOT-FOR-US: Microsoft
CVE-2016-0098 (Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Wind ...)
	NOT-FOR-US: Microsoft
CVE-2016-0097
	REJECTED
CVE-2016-0096 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0095 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0094 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0093 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0092 (OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0091 (OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0090 (Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0089 (Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0088 (Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0087 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and W ...)
	NOT-FOR-US: Microsoft
CVE-2016-0086
	REJECTED
CVE-2016-0085
	REJECTED
CVE-2016-0084 (Microsoft Edge allows remote attackers to execute arbitrary code or ca ...)
	NOT-FOR-US: Microsoft
CVE-2016-0083
	REJECTED
CVE-2016-0082
	REJECTED
CVE-2016-0081
	REJECTED
CVE-2016-0080 (Microsoft Edge mishandles exceptions during window-message dispatch op ...)
	NOT-FOR-US: Microsoft
CVE-2016-0079 (The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local u ...)
	NOT-FOR-US: Microsoft
CVE-2016-0078
	REJECTED
CVE-2016-0077 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge misparse H ...)
	NOT-FOR-US: Microsoft
CVE-2016-0076
	REJECTED
CVE-2016-0075 (The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2,  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0074
	REJECTED
CVE-2016-0073 (The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2,  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0072 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2016-0071 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft
CVE-2016-0070 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0069 (Microsoft Internet Explorer 9 through 11 allows remote attackers to by ...)
	NOT-FOR-US: Microsoft
CVE-2016-0068 (Microsoft Internet Explorer 9 through 11 allows remote attackers to by ...)
	NOT-FOR-US: Microsoft
CVE-2016-0067 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2016-0066
	REJECTED
CVE-2016-0065
	REJECTED
CVE-2016-0064 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Microsoft
CVE-2016-0063 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2016-0062 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2016-0061 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-0060 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remo ...)
	NOT-FOR-US: Microsoft
CVE-2016-0059 (The Hyperlink Object Library in Microsoft Internet Explorer 9 through  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0058 (Buffer overflow in the PDF Library in Microsoft Windows 8.1, Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2016-0057 (Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 does not prope ...)
	NOT-FOR-US: Microsoft
CVE-2016-0056 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0055 (Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Microsoft
CVE-2016-0054 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-0053 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0052 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0051 (The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0050 (Network Policy Server (NPS) in Microsoft Windows Server 2008 SP2 and R ...)
	NOT-FOR-US: Microsoft
CVE-2016-0049 (Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R ...)
	NOT-FOR-US: Microsoft
CVE-2016-0048 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-0047 (WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6,  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0046 (Windows Reader in Microsoft Windows 8.1, Windows Server 2012 Gold and  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0045
	REJECTED
CVE-2016-0044 (Sync Framework in Microsoft Windows 8.1, Windows Server 2012 R2, and W ...)
	NOT-FOR-US: Microsoft
CVE-2016-0043
	REJECTED
CVE-2016-0042 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft
CVE-2016-0041 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft
CVE-2016-0040 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0039 (Cross-site scripting (XSS) vulnerability in SharePoint Server in Micro ...)
	NOT-FOR-US: Microsoft
CVE-2016-0038 (Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-0037 (The forms-based authentication implementation in Active Directory Fede ...)
	NOT-FOR-US: Microsoft
CVE-2016-0036 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0035 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-0034 (Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets ...)
	NOT-FOR-US: Microsoft
CVE-2016-0033 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 do ...)
	NOT-FOR-US: Microsoft
CVE-2016-0032 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) i ...)
	NOT-FOR-US: Microsoft
CVE-2016-0031 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) i ...)
	NOT-FOR-US: Microsoft
CVE-2016-0030 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) i ...)
	NOT-FOR-US: Microsoft
CVE-2016-0029 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) i ...)
	NOT-FOR-US: Microsoft
CVE-2016-0028 (Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumula ...)
	NOT-FOR-US: Microsoft
CVE-2016-0027
	REJECTED
CVE-2016-0026 (The Common Log File System (CLFS) driver in Microsoft Windows Vista SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-0025 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0024 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-0023
	REJECTED
CVE-2016-0022 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0021 (Microsoft InfoPath 2007 SP3, 2010 SP2, and 2013 SP1 allows remote atta ...)
	NOT-FOR-US: Microsoft
CVE-2016-0020 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and W ...)
	NOT-FOR-US: Microsoft
CVE-2016-0019 (The Remote Desktop Protocol (RDP) service implementation in Microsoft  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0018 (Microsoft Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 R ...)
	NOT-FOR-US: Microsoft
CVE-2016-0017
	REJECTED
CVE-2016-0016 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft
CVE-2016-0015 (DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0014 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft
CVE-2016-0013
	REJECTED
CVE-2016-0012 (Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0011 (Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP ...)
	NOT-FOR-US: Microsoft
CVE-2016-0010 (Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 20 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0009 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...)
	NOT-FOR-US: Microsoft
CVE-2016-0008 (The graphics device interface in Microsoft Windows Vista SP2, Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2016-0007 (The sandbox implementation in Microsoft Windows Vista SP2, Windows Ser ...)
	NOT-FOR-US: Microsoft
CVE-2016-0006 (The sandbox implementation in Microsoft Windows Vista SP2, Windows Ser ...)
	NOT-FOR-US: Microsoft
CVE-2016-0005 (Microsoft Internet Explorer 9 through 11 allows remote attackers to by ...)
	NOT-FOR-US: Microsoft
CVE-2016-0004
	REJECTED
CVE-2016-0003 (Microsoft Edge allows remote attackers to execute arbitrary code via u ...)
	NOT-FOR-US: Microsoft
CVE-2016-0002 (The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 eng ...)
	NOT-FOR-US: Microsoft
CVE-2016-0001
	REJECTED
CVE-2016-1000033 (Shotwell version 0.22.0 (and possibly other versions) is vulnerable to ...)
	- shotwell 0.22.0-3 (low; bug #807110)
	[jessie] - shotwell <no-dsa> (Minor issue)
	[wheezy] - shotwell <no-dsa> (Minor issue)
	[squeeze] - shotwell <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2015/12/04/4
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=754488
CVE-2016-4353 (ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder ...)
	- libksba 1.3.3-1 (low)
	[jessie] - libksba 1.3.2-1+deb8u1
	[wheezy] - libksba <no-dsa> (Minor issue)
	[squeeze] - libksba <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2015/04/13/5
	NOTE: https://www.openwall.com/lists/oss-security/2016/04/29/5
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=07116a314f4dcd4d96990bbd74db95a03a9f650a
CVE-2016-4355 (Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 al ...)
	- libksba 1.3.3-1 (low)
	[jessie] - libksba 1.3.2-1+deb8u1
	[wheezy] - libksba <no-dsa> (Minor issue)
	[squeeze] - libksba <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2015/04/13/5
	NOTE: https://www.openwall.com/lists/oss-security/2016/04/29/5
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=aea7b6032865740478ca4b706850a5217f1c3887
CVE-2016-4354 (ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data t ...)
	- libksba 1.3.3-1 (low)
	[jessie] - libksba 1.3.2-1+deb8u1
	[wheezy] - libksba <no-dsa> (Minor issue)
	[squeeze] - libksba <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2015/04/13/5
	NOTE: https://www.openwall.com/lists/oss-security/2016/04/29/5
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=aea7b6032865740478ca4b706850a5217f1c3887
CVE-2016-4356 (The append_utf8_value function in the DN decoder (dn.c) in Libksba bef ...)
	- libksba 1.3.3-1 (low)
	[jessie] - libksba 1.3.2-1+deb8u1
	[wheezy] - libksba <no-dsa> (Minor issue)
	[squeeze] - libksba <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2015/04/13/5
	NOTE: https://www.openwall.com/lists/oss-security/2016/04/29/5
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3
CVE-2016-9675 (openjpeg: A heap-based buffer overflow flaw was found in the patch for ...)
	- openjpeg 1.5.2-1
	[wheezy] - openjpeg 1.3+dfsg-4.8
	[squeeze] - openjpeg 1.3+dfsg-4+squeeze3
	NOTE: Introduced as well a regression, cf. https://bugs.debian.org/734238
CVE-2016-2847 (fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of  ...)
	{DSA-3503-1}
	- linux 4.3.5-1
	NOTE: https://git.kernel.org/linus/759c01142a5d0f364a462346168a56de28a80f52 (v4.5-rc1)
CVE-2016-2856 (pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie;  ...)
	- eglibc <removed>
	[squeeze] - eglibc <no-dsa> (Minor issue)
	[wheezy] - eglibc <no-dsa> (Minor issue)
	- glibc 2.21-1 (low)
	[jessie] - glibc 2.19-18+deb8u4
	NOTE: http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=09f7764882a81e13e7b5d87d715412283a6ce403
	NOTE: http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=11475c083282c1582c4dd72eecfcb2b7d308c958
	NOTE: https://www.openwall.com/lists/oss-security/2016/03/07/2