[Secure-testing-commits] r26835 - data/CVE

Joey Hess joeyh at moszumanska.debian.org
Mon May 5 21:14:11 UTC 2014


Author: joeyh
Date: 2014-05-05 21:14:10 +0000 (Mon, 05 May 2014)
New Revision: 26835

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-05-05 20:32:48 UTC (rev 26834)
+++ data/CVE/list	2014-05-05 21:14:10 UTC (rev 26835)
@@ -1,4 +1,181 @@
+CVE-2014-3219
+	RESERVED
+CVE-2014-3218
+	RESERVED
+CVE-2014-3217
+	RESERVED
+CVE-2014-3216
+	RESERVED
+CVE-2014-3215
+	RESERVED
+CVE-2014-3214
+	RESERVED
+CVE-2014-3213
+	RESERVED
+CVE-2014-3212
+	RESERVED
+CVE-2014-3211
+	RESERVED
+CVE-2014-3210
+	RESERVED
+CVE-2014-3208
+	RESERVED
+CVE-2014-3206
+	RESERVED
+CVE-2014-3205
+	RESERVED
+CVE-2014-3204
+	RESERVED
+CVE-2014-3203
+	RESERVED
+CVE-2014-3202
+	RESERVED
+CVE-2014-3201
+	RESERVED
+CVE-2014-3200
+	RESERVED
+CVE-2014-3199
+	RESERVED
+CVE-2014-3198
+	RESERVED
+CVE-2014-3197
+	RESERVED
+CVE-2014-3196
+	RESERVED
+CVE-2014-3195
+	RESERVED
+CVE-2014-3194
+	RESERVED
+CVE-2014-3193
+	RESERVED
+CVE-2014-3192
+	RESERVED
+CVE-2014-3191
+	RESERVED
+CVE-2014-3190
+	RESERVED
+CVE-2014-3189
+	RESERVED
+CVE-2014-3188
+	RESERVED
+CVE-2014-3187
+	RESERVED
+CVE-2014-3186
+	RESERVED
+CVE-2014-3185
+	RESERVED
+CVE-2014-3184
+	RESERVED
+CVE-2014-3183
+	RESERVED
+CVE-2014-3182
+	RESERVED
+CVE-2014-3181
+	RESERVED
+CVE-2014-3180
+	RESERVED
+CVE-2014-3179
+	RESERVED
+CVE-2014-3178
+	RESERVED
+CVE-2014-3177
+	RESERVED
+CVE-2014-3176
+	RESERVED
+CVE-2014-3175
+	RESERVED
+CVE-2014-3174
+	RESERVED
+CVE-2014-3173
+	RESERVED
+CVE-2014-3172
+	RESERVED
+CVE-2014-3171
+	RESERVED
+CVE-2014-3170
+	RESERVED
+CVE-2014-3169
+	RESERVED
+CVE-2014-3168
+	RESERVED
+CVE-2014-3167
+	RESERVED
+CVE-2014-3166
+	RESERVED
+CVE-2014-3165
+	RESERVED
+CVE-2014-3164
+	RESERVED
+CVE-2014-3163
+	RESERVED
+CVE-2014-3162
+	RESERVED
+CVE-2014-3161
+	RESERVED
+CVE-2014-3160
+	RESERVED
+CVE-2014-3159
+	RESERVED
+CVE-2014-3158
+	RESERVED
+CVE-2014-3157
+	RESERVED
+CVE-2014-3156
+	RESERVED
+CVE-2014-3155
+	RESERVED
+CVE-2014-3154
+	RESERVED
+CVE-2014-3153
+	RESERVED
+CVE-2014-3152
+	RESERVED
+CVE-2014-3151
+	RESERVED
+CVE-2014-3150
+	RESERVED
+CVE-2014-3149
+	RESERVED
+CVE-2014-3148
+	RESERVED
+CVE-2014-3147
+	RESERVED
+CVE-2014-3146
+	RESERVED
+CVE-2014-3145
+	RESERVED
+CVE-2014-3144
+	RESERVED
+CVE-2014-3143
+	RESERVED
+CVE-2014-3142
+	RESERVED
+CVE-2014-3141
+	RESERVED
+CVE-2014-3140
+	RESERVED
+CVE-2014-3139 (recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 ...)
+	TODO: check
+CVE-2014-3138 (SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 ...)
+	TODO: check
+CVE-2014-3136
+	RESERVED
+CVE-2014-3135 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 5.1.1 ...)
+	TODO: check
+CVE-2014-3134 (Cross-site scripting (XSS) vulnerability in the InfoView application ...)
+	TODO: check
+CVE-2014-3133 (SAP Netweaver Java Application Server does not properly restrict ...)
+	TODO: check
+CVE-2014-3132 (SAP Background Processing does not properly restrict access, which ...)
+	TODO: check
+CVE-2014-3131 (SAP Profile Maintenance does not properly restrict access, which ...)
+	TODO: check
+CVE-2014-3130 (The ABAP Help documentation and translation tools (BC-DOC-HLP) in ...)
+	TODO: check
+CVE-2014-3129 (The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP ...)
+	TODO: check
 CVE-2014-3209 [ldnsutils: ldns-keygen creates private key world readable]
+	RESERVED
 	- ldns <unfixed> (low; bug #746758)
 	[squeeze] - ldns <no-dsa> (Minor issue)
 	[wheezy] - ldns <no-dsa> (Minor issue)
@@ -11,12 +188,14 @@
 	NOTE: http://lxml.de/3.3/changes-3.3.5.html
 	NOTE: http://seclists.org/fulldisclosure/2014/Apr/210
 CVE-2014-3207 [non-persistent XSS]
+	RESERVED
 	- sks <unfixed> (low; bug #746626)
 	[squeeze] - sks <no-dsa> (Minor issue)
 	[wheezy] - sks <no-dsa> (Minor issue)
 	NOTE: https://bitbucket.org/skskeyserver/sks-keyserver/issue/26/unfiltered-xss
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=952077
 CVE-2014-3137 [JSON content-type not restrictive enough]
+	RESERVED
 	- python-bottle 0.12.6-1 (bug #746322)
 CVE-2014-3128
 	RESERVED
@@ -26,8 +205,7 @@
 	- dpkg 1.17.9
 CVE-2014-3126
 	RESERVED
-CVE-2014-3125 [XSA-91]
-	RESERVED
+CVE-2014-3125 (Xen 4.4.x, when running on an ARM system, does not properly context ...)
 	- xen <not-affected> (Only 32- and 64-bit ARM systems are affected from Xen 4.4 onwards)
 CVE-2014-3124 [XSA-92]
 	RESERVED
@@ -267,8 +445,8 @@
 	- pillow <unfixed> (bug #737059)
 	- python-imaging <removed>
 	NOTE: details what is covered exactly by this CVE relating to CVE-2014-1932 and CVE-2014-1933 is missing
-CVE-2014-3006
-	RESERVED
+CVE-2014-3006 (Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when ...)
+	TODO: check
 CVE-2014-3005
 	RESERVED
 CVE-2014-3004
@@ -277,10 +455,9 @@
 	RESERVED
 CVE-2014-3002
 	RESERVED
-CVE-2014-3001
-	RESERVED
-CVE-2014-3000 [TCP reassembly vulnerability]
-	RESERVED
+CVE-2014-3001 (The device file system (aka devfs) in FreeBSD 10.0 before p2 does not ...)
+	TODO: check
+CVE-2014-3000 (The TCP reassembly function in the inet module in FreeBSD 8.3 before ...)
 	- kfreebsd-10 10.0-5 (bug #746949)
 	- kfreebsd-9 <unfixed> (bug #746951)
 	- kfreebsd-8 <removed> (bug #746952)
@@ -497,8 +674,7 @@
 	[squeeze] - fish <no-dsa> (Minor issue)
 	[wheezy] - fish <no-dsa> (Minor issue)
 	NOTE: https://github.com/fish-shell/fish-shell/issues/1437
-CVE-2014-2905 [permission bypass leading to privilege escalation]
-	RESERVED
+CVE-2014-2905 (fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the ...)
 	- fish <unfixed> (low; bug #746259)
 	[squeeze] - fish <no-dsa> (Minor issue)
 	[wheezy] - fish <no-dsa> (Minor issue)
@@ -507,16 +683,17 @@
 	RESERVED
 CVE-2014-2891
 	RESERVED
+	{DSA-2922-1}
 CVE-2014-2887
 	RESERVED
 CVE-2014-2886
 	RESERVED
 CVE-2014-2883
 	RESERVED
-CVE-2014-2882
-	RESERVED
-CVE-2014-2881
-	RESERVED
+CVE-2014-2882 (Unspecified vulnerability in the management GUI in Citrix NetScaler ...)
+	TODO: check
+CVE-2014-2881 (Unspecified vulnerability in the Diffie-Hellman key agreement ...)
+	TODO: check
 CVE-2014-2880 (Open redirect vulnerability in Oracle Identity Manager 11g R2 SP1 ...)
 	NOT-FOR-US: Oracle Identity Manager
 CVE-2014-2879 (Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL ...)
@@ -634,8 +811,7 @@
 	- grails <itp> (bug #473213)
 CVE-2014-2857 (The default configuration of the Resources plugin 1.0.0 before 1.2.6 ...)
 	- grails <itp> (bug #473213)
-CVE-2013-7374
-	RESERVED
+CVE-2013-7374 (The Ubuntu Date and Time Indicator (aka indicator-datetime) ...)
 	NOT-FOR-US: indicator-datetime
 CVE-2013-7371 [XSS in the Sencha Labs Connect middleware]
 	RESERVED
@@ -876,7 +1052,7 @@
 	NOT-FOR-US: MODX Revolution
 CVE-2014-2735 (WinSCP before 5.5.3, when FTP with TLS is used, does not verify that ...)
 	NOT-FOR-US: WinSCP
-CVE-2014-2734 (The openssl extension in Ruby 2.x does not properly maintain the state ...)
+CVE-2014-2734 (** DISPUTED ** The openssl extension in Ruby 2.x does not properly ...)
 	NOTE: considered invalid and should be rejected, see https://gist.github.com/emboss/91696b56cd227c8a0c13
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1091156#c1
 CVE-2014-2733 (Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a ...)
@@ -1396,8 +1572,8 @@
 	RESERVED
 CVE-2014-2566
 	RESERVED
-CVE-2014-2565
-	RESERVED
+CVE-2014-2565 (The commandline interface in Blue Coat Content Analysis System (CAS) ...)
+	TODO: check
 CVE-2014-2564
 	RESERVED
 CVE-2014-2563
@@ -1814,7 +1990,7 @@
 	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 CVE-2014-2427 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, ...)
-	{DSA-2912-1}
+	{DSA-2923-1 DSA-2912-1}
 	- openjdk-7 7u55-2.4.7-1
 	- openjdk-6 6b31-1.13.3-1
 CVE-2014-2426 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle ...)
@@ -1824,14 +2000,14 @@
 CVE-2014-2424 (Unspecified vulnerability in the Oracle Event Processing component in ...)
 	NOT-FOR-US: Oracle Fusion Middleware
 CVE-2014-2423 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
-	{DSA-2912-1}
+	{DSA-2923-1 DSA-2912-1}
 	- openjdk-7 7u55-2.4.7-1
 	- openjdk-6 6b31-1.13.3-1
 CVE-2014-2422 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX ...)
 	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
 	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
 CVE-2014-2421 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
-	{DSA-2912-1}
+	{DSA-2923-1 DSA-2912-1}
 	- openjdk-7 7u55-2.4.7-1
 	- openjdk-6 6b31-1.13.3-1
 CVE-2014-2420 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
@@ -1851,14 +2027,15 @@
 CVE-2014-2415 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
 	NOT-FOR-US: Oracle Fusion Middleware
 CVE-2014-2414 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
-	{DSA-2912-1}
+	{DSA-2923-1 DSA-2912-1}
 	- openjdk-7 7u55-2.4.7-1
 	- openjdk-6 6b31-1.13.3-1
 CVE-2014-2413 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE ...)
+	{DSA-2923-1}
 	- openjdk-7 7u55-2.4.7-1
 	- openjdk-6 <not-affected> (Only affects Java 7/8)
 CVE-2014-2412 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and ...)
-	{DSA-2912-1}
+	{DSA-2923-1 DSA-2912-1}
 	- openjdk-7 7u55-2.4.7-1
 	- openjdk-6 6b31-1.13.3-1
 CVE-2014-2411 (Unspecified vulnerability in the Oracle Identity Analytics component ...)
@@ -1881,10 +2058,11 @@
 CVE-2014-2404 (Unspecified vulnerability in the Oracle Access Manager component in ...)
 	NOT-FOR-US: Oracle Fusion Middleware
 CVE-2014-2403 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
-	{DSA-2912-1}
+	{DSA-2923-1 DSA-2912-1}
 	- openjdk-7 7u55-2.4.7-1
 	- openjdk-6 6b31-1.13.3-1
 CVE-2014-2402 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE ...)
+	{DSA-2923-1}
 	- openjdk-7 7u55-2.4.7-1
 	- openjdk-6 <not-affected> (Only affects Java 7/8)
 CVE-2014-2401 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
@@ -1896,11 +2074,11 @@
 CVE-2014-2399 (Unspecified vulnerability in the Oracle Endeca Server component in ...)
 	NOT-FOR-US: Oracle Fusion Middleware
 CVE-2014-2398 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
-	{DSA-2912-1}
+	{DSA-2923-1 DSA-2912-1}
 	- openjdk-7 7u55-2.4.7-1
 	- openjdk-6 6b31-1.13.3-1
 CVE-2014-2397 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE ...)
-	{DSA-2912-1}
+	{DSA-2923-1 DSA-2912-1}
 	- openjdk-7 7u55-2.4.7-1
 	- openjdk-6 6b31-1.13.3-1
 CVE-2014-2396
@@ -2097,8 +2275,7 @@
 CVE-2014-2323 (SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before ...)
 	{DSA-2877-1}
 	- lighttpd 1.4.33-1+nmu3 (bug #741493)
-CVE-2014-2322
-	RESERVED
+CVE-2014-2322 (lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby ...)
 	NOT-FOR-US: Ruby Gem Arabic Prawn
 CVE-2014-2321 (web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote ...)
 	NOT-FOR-US: ZTE F460 and F660 cable modems
@@ -2238,8 +2415,8 @@
 	NOT-FOR-US: Base SAS
 CVE-2014-2261
 	RESERVED
-CVE-2014-2260
-	RESERVED
+CVE-2014-2260 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
 CVE-2014-2259 (Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 ...)
 	NOT-FOR-US: Siemens
 CVE-2014-2258 (Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow ...)
@@ -2390,46 +2567,46 @@
 	RESERVED
 CVE-2014-2176
 	RESERVED
-CVE-2014-2175
-	RESERVED
+CVE-2014-2175 (Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 ...)
+	TODO: check
 CVE-2014-2174
 	RESERVED
-CVE-2014-2173
-	RESERVED
-CVE-2014-2172
-	RESERVED
-CVE-2014-2171
-	RESERVED
-CVE-2014-2170
-	RESERVED
-CVE-2014-2169
-	RESERVED
-CVE-2014-2168
-	RESERVED
-CVE-2014-2167
-	RESERVED
-CVE-2014-2166
-	RESERVED
-CVE-2014-2165
-	RESERVED
-CVE-2014-2164
-	RESERVED
-CVE-2014-2163
-	RESERVED
-CVE-2014-2162
-	RESERVED
-CVE-2014-2161
-	RESERVED
-CVE-2014-2160
-	RESERVED
-CVE-2014-2159
-	RESERVED
-CVE-2014-2158
-	RESERVED
-CVE-2014-2157
-	RESERVED
-CVE-2014-2156
-	RESERVED
+CVE-2014-2173 (Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 ...)
+	TODO: check
+CVE-2014-2172 (Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE ...)
+	TODO: check
+CVE-2014-2171 (Heap-based buffer overflow in Cisco TelePresence TC Software 4.x ...)
+	TODO: check
+CVE-2014-2170 (Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before ...)
+	TODO: check
+CVE-2014-2169 (Cisco TelePresence TC Software 4.x through 6.x before 6.2.0 and TE ...)
+	TODO: check
+CVE-2014-2168 (Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE ...)
+	TODO: check
+CVE-2014-2167 (The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x ...)
+	TODO: check
+CVE-2014-2166 (The SIP implementation in Cisco TelePresence TC Software 4.x and TE ...)
+	TODO: check
+CVE-2014-2165 (The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x ...)
+	TODO: check
+CVE-2014-2164 (The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x ...)
+	TODO: check
+CVE-2014-2163 (The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x ...)
+	TODO: check
+CVE-2014-2162 (The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x ...)
+	TODO: check
+CVE-2014-2161 (The H.225 subsystem in Cisco TelePresence System MXP Series Software ...)
+	TODO: check
+CVE-2014-2160 (The H.225 subsystem in Cisco TelePresence System MXP Series Software ...)
+	TODO: check
+CVE-2014-2159 (The H.225 subsystem in Cisco TelePresence System MXP Series Software ...)
+	TODO: check
+CVE-2014-2158 (Cisco TelePresence System MXP Series Software before F9.3.1 allows ...)
+	TODO: check
+CVE-2014-2157 (Cisco TelePresence System MXP Series Software before F9.3.1 allows ...)
+	TODO: check
+CVE-2014-2156 (Cisco TelePresence System MXP Series Software before F9.3.1 allows ...)
+	TODO: check
 CVE-2014-2155 (The DHCPv6 server module in Cisco CNS Network Registrar 7.1 allows ...)
 	NOT-FOR-US: Cisco
 CVE-2014-2154 (Memory leak in the SIP inspection engine in Cisco Adaptive Security ...)
@@ -2890,10 +3067,10 @@
 	RESERVED
 CVE-2014-1990 (Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the ...)
 	NOT-FOR-US: TOSHIBA TEC e-Studio
-CVE-2014-1989
-	RESERVED
-CVE-2014-1988
-	RESERVED
+CVE-2014-1989 (Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to ...)
+	TODO: check
+CVE-2014-1988 (The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 ...)
+	TODO: check
 CVE-2014-1987
 	RESERVED
 CVE-2014-1986 (The Content Provider in the KOKUYO CamiApp application 1.21.1 and ...)
@@ -2948,12 +3125,12 @@
 	NOT-FOR-US: SAP NetWeaver
 CVE-2014-1960 (The Solution Manager in SAP NetWeaver does not properly restrict ...)
 	NOT-FOR-US: SAP NetWeaver
-CVE-2014-1957
-	RESERVED
-CVE-2014-1956
-	RESERVED
-CVE-2014-1955
-	RESERVED
+CVE-2014-1957 (FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to ...)
+	TODO: check
+CVE-2014-1956 (CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 ...)
+	TODO: check
+CVE-2014-1955 (Cross-site scripting (XSS) vulnerability in FortiGuard FortiWeb before ...)
+	TODO: check
 CVE-2014-1954
 	RESERVED
 CVE-2014-1953
@@ -3129,8 +3306,8 @@
 	RESERVED
 CVE-2014-1900
 	RESERVED
-CVE-2014-1899
-	RESERVED
+CVE-2014-1899 (Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway ...)
+	TODO: check
 CVE-2014-1898
 	RESERVED
 CVE-2014-1897
@@ -3355,7 +3532,7 @@
 CVE-2014-1877 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 2.1.1 ...)
 	NOT-FOR-US: Dokeos
 CVE-2014-1876 (The unpacker::redirect_stdio function in unpack.cpp in unpack200 in ...)
-	{DSA-2912-1}
+	{DSA-2923-1 DSA-2912-1}
 	- openjdk-7 7u55-2.4.7-1 (low; bug #737562)
 	- openjdk-6 6b31-1.13.3-1 (low)
 CVE-2014-1875 [insecure use of /tmp]
@@ -4181,25 +4358,25 @@
 CVE-2014-1533
 	RESERVED
 CVE-2014-1532 (Use-after-free vulnerability in the ...)
-	{DSA-2918-1}
+	{DSA-2924-1 DSA-2918-1}
 	- iceweasel 24.5.0esr-1
 	- icedove 24.5.0-1
 	[squeeze] - iceweasel <end-of-life>
 	[squeeze] - icedove <end-of-life>
 CVE-2014-1531 (Use-after-free vulnerability in the ...)
-	{DSA-2918-1}
+	{DSA-2924-1 DSA-2918-1}
 	- iceweasel 24.5.0esr-1
 	- icedove 24.5.0-1
 	[squeeze] - iceweasel <end-of-life>
 	[squeeze] - icedove <end-of-life>
 CVE-2014-1530 (The docshell implementation in Mozilla Firefox before 29.0, Firefox ...)
-	{DSA-2918-1}
+	{DSA-2924-1 DSA-2918-1}
 	- iceweasel 24.5.0esr-1
 	- icedove 24.5.0-1
 	[squeeze] - iceweasel <end-of-life>
 	[squeeze] - icedove <end-of-life>
 CVE-2014-1529 (The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR ...)
-	{DSA-2918-1}
+	{DSA-2924-1 DSA-2918-1}
 	- iceweasel 24.5.0esr-1
 	- icedove 24.5.0-1
 	[squeeze] - iceweasel <end-of-life>
@@ -4216,13 +4393,13 @@
 	- iceweasel <not-affected> (Only affects Firefox 28)
 	- icedove <not-affected> (Only affects Firefox 28)
 CVE-2014-1524 (The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox ...)
-	{DSA-2918-1}
+	{DSA-2924-1 DSA-2918-1}
 	- iceweasel 24.5.0esr-1
 	- icedove 24.5.0-1
 	[squeeze] - iceweasel <end-of-life>
 	[squeeze] - icedove <end-of-life>
 CVE-2014-1523 (Heap-based buffer overflow in the read_u32 function in Mozilla Firefox ...)
-	{DSA-2918-1}
+	{DSA-2924-1 DSA-2918-1}
 	- iceweasel 24.5.0esr-1
 	- icedove 24.5.0-1
 	[squeeze] - iceweasel <end-of-life>
@@ -4238,7 +4415,7 @@
 	- iceweasel <not-affected> (Only affects Firefox 28)
 	- icedove <not-affected> (Only affects Firefox 28)
 CVE-2014-1518 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
-	{DSA-2918-1}
+	{DSA-2924-1 DSA-2918-1}
 	- iceweasel 24.5.0esr-1
 	- icedove 24.5.0-1
 	[squeeze] - iceweasel <end-of-life>
@@ -4555,14 +4732,11 @@
 	RESERVED
 CVE-2014-1449
 	RESERVED
-CVE-2014-1443
-	RESERVED
+CVE-2014-1443 (Core FTP Server 1.2 before build 515 allows remote authenticated users ...)
 	NOT-FOR-US: Core FTP Server
-CVE-2014-1442
-	RESERVED
+CVE-2014-1442 (Directory traversal vulnerability in Core FTP Server 1.2 before build ...)
 	NOT-FOR-US: Core FTP Server
-CVE-2014-1441
-	RESERVED
+CVE-2014-1441 (Core FTP Server 1.2 before build 515 allows remote attackers to cause ...)
 	NOT-FOR-US: Core FTP Server
 CVE-2014-1440
 	RESERVED
@@ -5301,10 +5475,10 @@
 	RESERVED
 CVE-2014-0943
 	RESERVED
-CVE-2014-0942
-	RESERVED
-CVE-2014-0941
-	RESERVED
+CVE-2014-0942 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2014-0941 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
 CVE-2014-0940
 	RESERVED
 CVE-2014-0939
@@ -5393,8 +5567,8 @@
 	RESERVED
 CVE-2014-0897
 	RESERVED
-CVE-2014-0896
-	RESERVED
+CVE-2014-0896 (IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before ...)
+	TODO: check
 CVE-2014-0895 (Buffer overflow in the vsflex8l ActiveX control in IBM SPSS ...)
 	NOT-FOR-US: IBM SPSS
 CVE-2014-0894
@@ -5467,12 +5641,12 @@
 	NOT-FOR-US: IBM Cognos Business Intelligence
 CVE-2014-0860
 	RESERVED
-CVE-2014-0859
-	RESERVED
+CVE-2014-0859 (The web-server plugin in IBM WebSphere Application Server (WAS) 7.x ...)
+	TODO: check
 CVE-2014-0858 (IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote ...)
 	NOT-FOR-US: IBM Content Navigator
-CVE-2014-0857
-	RESERVED
+CVE-2014-0857 (The Administrative Console in IBM WebSphere Application Server (WAS) ...)
+	TODO: check
 CVE-2014-0856
 	RESERVED
 CVE-2014-0855 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections ...)
@@ -5539,8 +5713,8 @@
 	RESERVED
 CVE-2014-0824
 	RESERVED
-CVE-2014-0823
-	RESERVED
+CVE-2014-0823 (IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x ...)
+	TODO: check
 CVE-2014-0822 (The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x ...)
 	NOT-FOR-US: IBM Domino
 CVE-2014-0821 (SQL injection vulnerability in the download feature in Cybozu Garoon ...)
@@ -5682,8 +5856,8 @@
 	RESERVED
 CVE-2014-0787 (Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 ...)
 	NOT-FOR-US: WellinTech KingSCADA
-CVE-2014-0786
-	RESERVED
+CVE-2014-0786 (Ecava IntegraXor before 4.1.4393 allows remote attackers to read ...)
+	TODO: check
 CVE-2014-0785
 	RESERVED
 CVE-2014-0784 (Stack-based buffer overflow in BKBCopyD.exe in Yokogawa CENTUM CS 3000 ...)
@@ -5963,8 +6137,8 @@
 	NOT-FOR-US: Cisco Secure ACS RMI
 CVE-2014-0647 (The Starbucks 2.6.1 application for iOS stores sensitive information ...)
 	NOT-FOR-US: Starbucks iOS application
-CVE-2014-0646
-	RESERVED
+CVE-2014-0646 (The runtime WS component in the server in EMC RSA Access Manager 6.1.3 ...)
+	TODO: check
 CVE-2014-0645 (EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File ...)
 	NOT-FOR-US: EMC
 CVE-2014-0644 (EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote ...)
@@ -6481,12 +6655,10 @@
 	- python-django 1.6.3-1
 CVE-2014-0472 (The django.core.urlresolvers.reverse function in Django before 1.4.11, ...)
 	- python-django 1.6.3-1
-CVE-2014-0471 [dpkg-source: directory traversal during unpack]
-	RESERVED
+CVE-2014-0471 (Directory traversal vulnerability in the unpacking functionality in ...)
 	{DSA-2915-1}
 	- dpkg 1.17.8
-CVE-2014-0470
-	RESERVED
+CVE-2014-0470 (super.c in Super 3.30.0 does not check the return value of the setuid ...)
 	{DSA-2917-1}
 	- super 3.30.0-7
 CVE-2014-0469 [stack-based buffer overflow in subject processing]
@@ -6610,48 +6782,50 @@
 	RESERVED
 	{DSA-2912-1}
 CVE-2014-0461 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
-	{DSA-2912-1}
+	{DSA-2923-1 DSA-2912-1}
 	- openjdk-7 7u55-2.4.7-1
 	- openjdk-6 6b31-1.13.3-1
 CVE-2014-0460 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
-	{DSA-2912-1}
+	{DSA-2923-1 DSA-2912-1}
 	- openjdk-7 7u55-2.4.7-1
 	- openjdk-6 6b31-1.13.3-1
 CVE-2014-0459 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE ...)
-	{DSA-2912-1}
+	{DSA-2923-1 DSA-2912-1}
 	- lcms <unfixed> 
 	[squeeze] - lcms <no-dsa> (Minor issue)
 	[wheezy] - lcms <no-dsa> (Minor issue)
 	- lcms2 2.6-1 (low; bug #745471)
 	[wheezy] - lcms2 <no-dsa> (Minor issue)
 CVE-2014-0458 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
-	{DSA-2912-1}
+	{DSA-2923-1 DSA-2912-1}
 	- openjdk-7 7u55-2.4.7-1
 	- openjdk-6 6b31-1.13.3-1
 CVE-2014-0457 (Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and ...)
-	{DSA-2912-1}
+	{DSA-2923-1 DSA-2912-1}
 	- openjdk-7 7u55-2.4.7-1
 	- openjdk-6 6b31-1.13.3-1
 CVE-2014-0456 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
-	{DSA-2912-1}
+	{DSA-2923-1 DSA-2912-1}
 	- openjdk-7 7u55-2.4.7-1
 	- openjdk-6 6b31-1.13.3-1
 CVE-2014-0455 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE ...)
+	{DSA-2923-1}
 	- openjdk-7 7u55-2.4.7-1
 	- openjdk-6 <not-affected> (Only affects Java 7/8)
 CVE-2014-0454 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE ...)
+	{DSA-2923-1}
 	- openjdk-7 7u55-2.4.7-1
 	- openjdk-6 <not-affected> (Only affects Java 7/8)
 CVE-2014-0453 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
-	{DSA-2912-1}
+	{DSA-2923-1 DSA-2912-1}
 	- openjdk-7 7u55-2.4.7-1
 	- openjdk-6 6b31-1.13.3-1
 CVE-2014-0452 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
-	{DSA-2912-1}
+	{DSA-2923-1 DSA-2912-1}
 	- openjdk-7 7u55-2.4.7-1
 	- openjdk-6 6b31-1.13.3-1
 CVE-2014-0451 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, ...)
-	{DSA-2912-1}
+	{DSA-2923-1 DSA-2912-1}
 	- openjdk-7 7u55-2.4.7-1
 	- openjdk-6 6b31-1.13.3-1
 CVE-2014-0450 (Unspecified vulnerability in the Oracle WebCenter Portal component in ...)
@@ -6665,7 +6839,7 @@
 CVE-2014-0447 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local ...)
 	NOT-FOR-US: Solaris
 CVE-2014-0446 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, ...)
-	{DSA-2912-1}
+	{DSA-2923-1 DSA-2912-1}
 	- openjdk-7 7u55-2.4.7-1
 	- openjdk-6 6b31-1.13.3-1
 CVE-2014-0445 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
@@ -6709,7 +6883,7 @@
 	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
 	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
 CVE-2014-0429 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
-	{DSA-2912-1}
+	{DSA-2923-1 DSA-2912-1}
 	- openjdk-7 7u55-2.4.7-1
 	- openjdk-6 6b31-1.13.3-1
 CVE-2014-0428 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; ...)
@@ -7076,8 +7250,7 @@
 	NOTE: Not suitable for code injection
 CVE-2013-7111 (The put_call function in the API client (api/api_client.rb) in the ...)
 	NOT-FOR-US: Bio Basespace SDK Ruby Gem
-CVE-2013-7110
-	RESERVED
+CVE-2013-7110 (Transifex command-line client before 0.10 does not validate X.509 ...)
 	- transifex-client <unfixed> (low)
 	[wheezy] - transifex-client <not-affected> (Incomplete patch was never released)
 	NOTE: fix for CVE-2013-2073 was incorrect/incomplete
@@ -7252,11 +7425,9 @@
 	- zope2.12 <removed> (low)
 	[wheezy] - zope2.12 <no-dsa> (Minor issue)
 	- zope2.13 <not-affected> (Vulnerable code not present)
-CVE-2013-7061 [Privilege escalation through exposed underlying API]
-	RESERVED
+CVE-2013-7061 (Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows ...)
 	NOT-FOR-US: Plone
-CVE-2013-7060 [Filesystem path information leak]
-	RESERVED
+CVE-2013-7060 (Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows ...)
 	NOT-FOR-US: Plone
 CVE-2013-7049 (Stack-based buffer overflow in fish.cpp in the Fish plugin for ZNC, as ...)
 	NOTE: vulnerable code not found in Debian
@@ -7528,8 +7699,8 @@
 	NOT-FOR-US: WordPress plugin AskApache Firefox Adsense
 CVE-2013-6991 (Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard ...)
 	NOT-FOR-US: WordPress plugin WP-Cron Dashboard
-CVE-2013-6990
-	RESERVED
+CVE-2013-6990 (FortiGuard FortiAuthenticator before 3.0 allows remote administrators ...)
+	TODO: check
 CVE-2013-6989
 	RESERVED
 CVE-2013-6988
@@ -7599,6 +7770,7 @@
 CVE-2013-6955 (webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 ...)
 	NOT-FOR-US: Synology DiskStation Manager
 CVE-2013-6954 (The png_do_expand_palette function in libpng before 1.6.8 allows ...)
+	{DSA-2923-1}
 	- libpng <not-affected> (Vulnerable code introduced in 1.6.1)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1045561
 	NOTE: http://sourceforge.net/mailarchive/message.php?msg_id=31751422
@@ -7966,8 +8138,7 @@
 	[wheezy] - qt4-x11 <no-dsa> (Minor issue)
 	[squeeze] - qt4-x11 <no-dsa> (Minor issue)
 	NOTE: https://qt.gitorious.org/qt/qtbase/commit/eb1325047f2697d24e93ebaf924900affc876bc1
-CVE-2014-0189
-	RESERVED
+CVE-2014-0189 (virt-who uses world-readable permissions for /etc/sysconfig/virt-who, ...)
 	NOT-FOR-US: RedHat virt-who
 CVE-2014-0188 (The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, ...)
 	NOT-FOR-US: OpenShift
@@ -9356,7 +9527,7 @@
 	[wheezy] - iceape <end-of-life>
 	NOTE: http://packetstormsecurity.com/files/123989/IJG-jpeg6b-libjpeg-turbo-Uninitialized-Memory.html
 CVE-2013-6629 (The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) ...)
-	{DSA-2799-1}
+	{DSA-2923-1 DSA-2799-1}
 	- chromium-browser 31.0.1650.57-1
 	[squeeze] - chromium-browser <end-of-life>
 	- libjpeg-turbo 1.3.0-3 (low; bug #729873)
@@ -9842,8 +10013,7 @@
 	NOT-FOR-US: JBoss Seam
 CVE-2013-6446
 	RESERVED
-CVE-2013-6445
-	RESERVED
+CVE-2013-6445 (Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG ...)
 	NOT-FOR-US: Cumin
 CVE-2013-6444 [failure to check certificate hostname]
 	RESERVED
@@ -10269,8 +10439,8 @@
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2013-6324
 	RESERVED
-CVE-2013-6323
-	RESERVED
+CVE-2013-6323 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
+	TODO: check
 CVE-2013-6322 (Cross-site scripting (XSS) vulnerability in Sterling Order Management ...)
 	NOT-FOR-US: IBM Sterling Selling and Fulfillment Suite
 CVE-2013-6321 (SQL injection vulnerability in IBM Atlas eDiscovery Process Management ...)
@@ -16077,7 +16247,7 @@
 	NOTE: http://openwall.com/lists/oss-security/2013/07/12/3
 	NOTE: http://git.cyrusimap.org/cyrus-sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d
 CVE-2013-4121
-	RESERVED
+	REJECTED
 CVE-2013-4120
 	RESERVED
 CVE-2013-4119
@@ -21271,8 +21441,7 @@
 	[squeeze] - kde4libs <no-dsa> (Minor issue)
 	[wheezy] - kde4libs <no-dsa> (Minor issue)
 	NOTE: https://projects.kde.org/projects/kde/kdelibs/repository/revisions/65d736dab592bced4410ccfa4699de89f78c96ca/diff/kioslave/http/http.cpp
-CVE-2013-2073 [Does not validate HTTPS server certificate]
-	RESERVED
+CVE-2013-2073 (Transifex command-line client before 0.9 does not validate X.509 ...)
 	- transifex-client 0.9-1 (low)
 	[wheezy] - transifex-client <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/oss-sec/2013/q2/394
@@ -22178,12 +22347,12 @@
 CVE-2013-1808 (Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ...)
 	- db4o <unfixed> (unimportant)
 	- jenkins 1.509.2+dfsg-1 (bug #706725)
-CVE-2013-1807
-	RESERVED
-CVE-2013-1806
-	RESERVED
+CVE-2013-1807 (PHP-Fusion before 7.02.06 stores backup files with predictable ...)
+	TODO: check
+CVE-2013-1806 (Multiple directory traversal vulnerabilities in PHP-Fusion before ...)
+	TODO: check
 CVE-2013-1805
-	RESERVED
+	REJECTED
 CVE-2013-1804 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion ...)
 	NOT-FOR-US: PHP-Fusion
 CVE-2013-1803




More information about the Secure-testing-commits mailing list