[Secure-testing-commits] r26835 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Mon May 5 21:14:11 UTC 2014
Author: joeyh
Date: 2014-05-05 21:14:10 +0000 (Mon, 05 May 2014)
New Revision: 26835
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-05-05 20:32:48 UTC (rev 26834)
+++ data/CVE/list 2014-05-05 21:14:10 UTC (rev 26835)
@@ -1,4 +1,181 @@
+CVE-2014-3219
+ RESERVED
+CVE-2014-3218
+ RESERVED
+CVE-2014-3217
+ RESERVED
+CVE-2014-3216
+ RESERVED
+CVE-2014-3215
+ RESERVED
+CVE-2014-3214
+ RESERVED
+CVE-2014-3213
+ RESERVED
+CVE-2014-3212
+ RESERVED
+CVE-2014-3211
+ RESERVED
+CVE-2014-3210
+ RESERVED
+CVE-2014-3208
+ RESERVED
+CVE-2014-3206
+ RESERVED
+CVE-2014-3205
+ RESERVED
+CVE-2014-3204
+ RESERVED
+CVE-2014-3203
+ RESERVED
+CVE-2014-3202
+ RESERVED
+CVE-2014-3201
+ RESERVED
+CVE-2014-3200
+ RESERVED
+CVE-2014-3199
+ RESERVED
+CVE-2014-3198
+ RESERVED
+CVE-2014-3197
+ RESERVED
+CVE-2014-3196
+ RESERVED
+CVE-2014-3195
+ RESERVED
+CVE-2014-3194
+ RESERVED
+CVE-2014-3193
+ RESERVED
+CVE-2014-3192
+ RESERVED
+CVE-2014-3191
+ RESERVED
+CVE-2014-3190
+ RESERVED
+CVE-2014-3189
+ RESERVED
+CVE-2014-3188
+ RESERVED
+CVE-2014-3187
+ RESERVED
+CVE-2014-3186
+ RESERVED
+CVE-2014-3185
+ RESERVED
+CVE-2014-3184
+ RESERVED
+CVE-2014-3183
+ RESERVED
+CVE-2014-3182
+ RESERVED
+CVE-2014-3181
+ RESERVED
+CVE-2014-3180
+ RESERVED
+CVE-2014-3179
+ RESERVED
+CVE-2014-3178
+ RESERVED
+CVE-2014-3177
+ RESERVED
+CVE-2014-3176
+ RESERVED
+CVE-2014-3175
+ RESERVED
+CVE-2014-3174
+ RESERVED
+CVE-2014-3173
+ RESERVED
+CVE-2014-3172
+ RESERVED
+CVE-2014-3171
+ RESERVED
+CVE-2014-3170
+ RESERVED
+CVE-2014-3169
+ RESERVED
+CVE-2014-3168
+ RESERVED
+CVE-2014-3167
+ RESERVED
+CVE-2014-3166
+ RESERVED
+CVE-2014-3165
+ RESERVED
+CVE-2014-3164
+ RESERVED
+CVE-2014-3163
+ RESERVED
+CVE-2014-3162
+ RESERVED
+CVE-2014-3161
+ RESERVED
+CVE-2014-3160
+ RESERVED
+CVE-2014-3159
+ RESERVED
+CVE-2014-3158
+ RESERVED
+CVE-2014-3157
+ RESERVED
+CVE-2014-3156
+ RESERVED
+CVE-2014-3155
+ RESERVED
+CVE-2014-3154
+ RESERVED
+CVE-2014-3153
+ RESERVED
+CVE-2014-3152
+ RESERVED
+CVE-2014-3151
+ RESERVED
+CVE-2014-3150
+ RESERVED
+CVE-2014-3149
+ RESERVED
+CVE-2014-3148
+ RESERVED
+CVE-2014-3147
+ RESERVED
+CVE-2014-3146
+ RESERVED
+CVE-2014-3145
+ RESERVED
+CVE-2014-3144
+ RESERVED
+CVE-2014-3143
+ RESERVED
+CVE-2014-3142
+ RESERVED
+CVE-2014-3141
+ RESERVED
+CVE-2014-3140
+ RESERVED
+CVE-2014-3139 (recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 ...)
+ TODO: check
+CVE-2014-3138 (SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 ...)
+ TODO: check
+CVE-2014-3136
+ RESERVED
+CVE-2014-3135 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 5.1.1 ...)
+ TODO: check
+CVE-2014-3134 (Cross-site scripting (XSS) vulnerability in the InfoView application ...)
+ TODO: check
+CVE-2014-3133 (SAP Netweaver Java Application Server does not properly restrict ...)
+ TODO: check
+CVE-2014-3132 (SAP Background Processing does not properly restrict access, which ...)
+ TODO: check
+CVE-2014-3131 (SAP Profile Maintenance does not properly restrict access, which ...)
+ TODO: check
+CVE-2014-3130 (The ABAP Help documentation and translation tools (BC-DOC-HLP) in ...)
+ TODO: check
+CVE-2014-3129 (The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP ...)
+ TODO: check
CVE-2014-3209 [ldnsutils: ldns-keygen creates private key world readable]
+ RESERVED
- ldns <unfixed> (low; bug #746758)
[squeeze] - ldns <no-dsa> (Minor issue)
[wheezy] - ldns <no-dsa> (Minor issue)
@@ -11,12 +188,14 @@
NOTE: http://lxml.de/3.3/changes-3.3.5.html
NOTE: http://seclists.org/fulldisclosure/2014/Apr/210
CVE-2014-3207 [non-persistent XSS]
+ RESERVED
- sks <unfixed> (low; bug #746626)
[squeeze] - sks <no-dsa> (Minor issue)
[wheezy] - sks <no-dsa> (Minor issue)
NOTE: https://bitbucket.org/skskeyserver/sks-keyserver/issue/26/unfiltered-xss
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=952077
CVE-2014-3137 [JSON content-type not restrictive enough]
+ RESERVED
- python-bottle 0.12.6-1 (bug #746322)
CVE-2014-3128
RESERVED
@@ -26,8 +205,7 @@
- dpkg 1.17.9
CVE-2014-3126
RESERVED
-CVE-2014-3125 [XSA-91]
- RESERVED
+CVE-2014-3125 (Xen 4.4.x, when running on an ARM system, does not properly context ...)
- xen <not-affected> (Only 32- and 64-bit ARM systems are affected from Xen 4.4 onwards)
CVE-2014-3124 [XSA-92]
RESERVED
@@ -267,8 +445,8 @@
- pillow <unfixed> (bug #737059)
- python-imaging <removed>
NOTE: details what is covered exactly by this CVE relating to CVE-2014-1932 and CVE-2014-1933 is missing
-CVE-2014-3006
- RESERVED
+CVE-2014-3006 (Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when ...)
+ TODO: check
CVE-2014-3005
RESERVED
CVE-2014-3004
@@ -277,10 +455,9 @@
RESERVED
CVE-2014-3002
RESERVED
-CVE-2014-3001
- RESERVED
-CVE-2014-3000 [TCP reassembly vulnerability]
- RESERVED
+CVE-2014-3001 (The device file system (aka devfs) in FreeBSD 10.0 before p2 does not ...)
+ TODO: check
+CVE-2014-3000 (The TCP reassembly function in the inet module in FreeBSD 8.3 before ...)
- kfreebsd-10 10.0-5 (bug #746949)
- kfreebsd-9 <unfixed> (bug #746951)
- kfreebsd-8 <removed> (bug #746952)
@@ -497,8 +674,7 @@
[squeeze] - fish <no-dsa> (Minor issue)
[wheezy] - fish <no-dsa> (Minor issue)
NOTE: https://github.com/fish-shell/fish-shell/issues/1437
-CVE-2014-2905 [permission bypass leading to privilege escalation]
- RESERVED
+CVE-2014-2905 (fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the ...)
- fish <unfixed> (low; bug #746259)
[squeeze] - fish <no-dsa> (Minor issue)
[wheezy] - fish <no-dsa> (Minor issue)
@@ -507,16 +683,17 @@
RESERVED
CVE-2014-2891
RESERVED
+ {DSA-2922-1}
CVE-2014-2887
RESERVED
CVE-2014-2886
RESERVED
CVE-2014-2883
RESERVED
-CVE-2014-2882
- RESERVED
-CVE-2014-2881
- RESERVED
+CVE-2014-2882 (Unspecified vulnerability in the management GUI in Citrix NetScaler ...)
+ TODO: check
+CVE-2014-2881 (Unspecified vulnerability in the Diffie-Hellman key agreement ...)
+ TODO: check
CVE-2014-2880 (Open redirect vulnerability in Oracle Identity Manager 11g R2 SP1 ...)
NOT-FOR-US: Oracle Identity Manager
CVE-2014-2879 (Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL ...)
@@ -634,8 +811,7 @@
- grails <itp> (bug #473213)
CVE-2014-2857 (The default configuration of the Resources plugin 1.0.0 before 1.2.6 ...)
- grails <itp> (bug #473213)
-CVE-2013-7374
- RESERVED
+CVE-2013-7374 (The Ubuntu Date and Time Indicator (aka indicator-datetime) ...)
NOT-FOR-US: indicator-datetime
CVE-2013-7371 [XSS in the Sencha Labs Connect middleware]
RESERVED
@@ -876,7 +1052,7 @@
NOT-FOR-US: MODX Revolution
CVE-2014-2735 (WinSCP before 5.5.3, when FTP with TLS is used, does not verify that ...)
NOT-FOR-US: WinSCP
-CVE-2014-2734 (The openssl extension in Ruby 2.x does not properly maintain the state ...)
+CVE-2014-2734 (** DISPUTED ** The openssl extension in Ruby 2.x does not properly ...)
NOTE: considered invalid and should be rejected, see https://gist.github.com/emboss/91696b56cd227c8a0c13
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1091156#c1
CVE-2014-2733 (Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a ...)
@@ -1396,8 +1572,8 @@
RESERVED
CVE-2014-2566
RESERVED
-CVE-2014-2565
- RESERVED
+CVE-2014-2565 (The commandline interface in Blue Coat Content Analysis System (CAS) ...)
+ TODO: check
CVE-2014-2564
RESERVED
CVE-2014-2563
@@ -1814,7 +1990,7 @@
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-2427 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, ...)
- {DSA-2912-1}
+ {DSA-2923-1 DSA-2912-1}
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
CVE-2014-2426 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle ...)
@@ -1824,14 +2000,14 @@
CVE-2014-2424 (Unspecified vulnerability in the Oracle Event Processing component in ...)
NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2423 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
- {DSA-2912-1}
+ {DSA-2923-1 DSA-2912-1}
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
CVE-2014-2422 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX ...)
- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2014-2421 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
- {DSA-2912-1}
+ {DSA-2923-1 DSA-2912-1}
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
CVE-2014-2420 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
@@ -1851,14 +2027,15 @@
CVE-2014-2415 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2414 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
- {DSA-2912-1}
+ {DSA-2923-1 DSA-2912-1}
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
CVE-2014-2413 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE ...)
+ {DSA-2923-1}
- openjdk-7 7u55-2.4.7-1
- openjdk-6 <not-affected> (Only affects Java 7/8)
CVE-2014-2412 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and ...)
- {DSA-2912-1}
+ {DSA-2923-1 DSA-2912-1}
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
CVE-2014-2411 (Unspecified vulnerability in the Oracle Identity Analytics component ...)
@@ -1881,10 +2058,11 @@
CVE-2014-2404 (Unspecified vulnerability in the Oracle Access Manager component in ...)
NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2403 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
- {DSA-2912-1}
+ {DSA-2923-1 DSA-2912-1}
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
CVE-2014-2402 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE ...)
+ {DSA-2923-1}
- openjdk-7 7u55-2.4.7-1
- openjdk-6 <not-affected> (Only affects Java 7/8)
CVE-2014-2401 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
@@ -1896,11 +2074,11 @@
CVE-2014-2399 (Unspecified vulnerability in the Oracle Endeca Server component in ...)
NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2398 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
- {DSA-2912-1}
+ {DSA-2923-1 DSA-2912-1}
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
CVE-2014-2397 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE ...)
- {DSA-2912-1}
+ {DSA-2923-1 DSA-2912-1}
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
CVE-2014-2396
@@ -2097,8 +2275,7 @@
CVE-2014-2323 (SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before ...)
{DSA-2877-1}
- lighttpd 1.4.33-1+nmu3 (bug #741493)
-CVE-2014-2322
- RESERVED
+CVE-2014-2322 (lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby ...)
NOT-FOR-US: Ruby Gem Arabic Prawn
CVE-2014-2321 (web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote ...)
NOT-FOR-US: ZTE F460 and F660 cable modems
@@ -2238,8 +2415,8 @@
NOT-FOR-US: Base SAS
CVE-2014-2261
RESERVED
-CVE-2014-2260
- RESERVED
+CVE-2014-2260 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
CVE-2014-2259 (Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 ...)
NOT-FOR-US: Siemens
CVE-2014-2258 (Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow ...)
@@ -2390,46 +2567,46 @@
RESERVED
CVE-2014-2176
RESERVED
-CVE-2014-2175
- RESERVED
+CVE-2014-2175 (Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 ...)
+ TODO: check
CVE-2014-2174
RESERVED
-CVE-2014-2173
- RESERVED
-CVE-2014-2172
- RESERVED
-CVE-2014-2171
- RESERVED
-CVE-2014-2170
- RESERVED
-CVE-2014-2169
- RESERVED
-CVE-2014-2168
- RESERVED
-CVE-2014-2167
- RESERVED
-CVE-2014-2166
- RESERVED
-CVE-2014-2165
- RESERVED
-CVE-2014-2164
- RESERVED
-CVE-2014-2163
- RESERVED
-CVE-2014-2162
- RESERVED
-CVE-2014-2161
- RESERVED
-CVE-2014-2160
- RESERVED
-CVE-2014-2159
- RESERVED
-CVE-2014-2158
- RESERVED
-CVE-2014-2157
- RESERVED
-CVE-2014-2156
- RESERVED
+CVE-2014-2173 (Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 ...)
+ TODO: check
+CVE-2014-2172 (Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE ...)
+ TODO: check
+CVE-2014-2171 (Heap-based buffer overflow in Cisco TelePresence TC Software 4.x ...)
+ TODO: check
+CVE-2014-2170 (Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before ...)
+ TODO: check
+CVE-2014-2169 (Cisco TelePresence TC Software 4.x through 6.x before 6.2.0 and TE ...)
+ TODO: check
+CVE-2014-2168 (Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE ...)
+ TODO: check
+CVE-2014-2167 (The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x ...)
+ TODO: check
+CVE-2014-2166 (The SIP implementation in Cisco TelePresence TC Software 4.x and TE ...)
+ TODO: check
+CVE-2014-2165 (The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x ...)
+ TODO: check
+CVE-2014-2164 (The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x ...)
+ TODO: check
+CVE-2014-2163 (The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x ...)
+ TODO: check
+CVE-2014-2162 (The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x ...)
+ TODO: check
+CVE-2014-2161 (The H.225 subsystem in Cisco TelePresence System MXP Series Software ...)
+ TODO: check
+CVE-2014-2160 (The H.225 subsystem in Cisco TelePresence System MXP Series Software ...)
+ TODO: check
+CVE-2014-2159 (The H.225 subsystem in Cisco TelePresence System MXP Series Software ...)
+ TODO: check
+CVE-2014-2158 (Cisco TelePresence System MXP Series Software before F9.3.1 allows ...)
+ TODO: check
+CVE-2014-2157 (Cisco TelePresence System MXP Series Software before F9.3.1 allows ...)
+ TODO: check
+CVE-2014-2156 (Cisco TelePresence System MXP Series Software before F9.3.1 allows ...)
+ TODO: check
CVE-2014-2155 (The DHCPv6 server module in Cisco CNS Network Registrar 7.1 allows ...)
NOT-FOR-US: Cisco
CVE-2014-2154 (Memory leak in the SIP inspection engine in Cisco Adaptive Security ...)
@@ -2890,10 +3067,10 @@
RESERVED
CVE-2014-1990 (Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the ...)
NOT-FOR-US: TOSHIBA TEC e-Studio
-CVE-2014-1989
- RESERVED
-CVE-2014-1988
- RESERVED
+CVE-2014-1989 (Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to ...)
+ TODO: check
+CVE-2014-1988 (The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 ...)
+ TODO: check
CVE-2014-1987
RESERVED
CVE-2014-1986 (The Content Provider in the KOKUYO CamiApp application 1.21.1 and ...)
@@ -2948,12 +3125,12 @@
NOT-FOR-US: SAP NetWeaver
CVE-2014-1960 (The Solution Manager in SAP NetWeaver does not properly restrict ...)
NOT-FOR-US: SAP NetWeaver
-CVE-2014-1957
- RESERVED
-CVE-2014-1956
- RESERVED
-CVE-2014-1955
- RESERVED
+CVE-2014-1957 (FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to ...)
+ TODO: check
+CVE-2014-1956 (CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 ...)
+ TODO: check
+CVE-2014-1955 (Cross-site scripting (XSS) vulnerability in FortiGuard FortiWeb before ...)
+ TODO: check
CVE-2014-1954
RESERVED
CVE-2014-1953
@@ -3129,8 +3306,8 @@
RESERVED
CVE-2014-1900
RESERVED
-CVE-2014-1899
- RESERVED
+CVE-2014-1899 (Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway ...)
+ TODO: check
CVE-2014-1898
RESERVED
CVE-2014-1897
@@ -3355,7 +3532,7 @@
CVE-2014-1877 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 2.1.1 ...)
NOT-FOR-US: Dokeos
CVE-2014-1876 (The unpacker::redirect_stdio function in unpack.cpp in unpack200 in ...)
- {DSA-2912-1}
+ {DSA-2923-1 DSA-2912-1}
- openjdk-7 7u55-2.4.7-1 (low; bug #737562)
- openjdk-6 6b31-1.13.3-1 (low)
CVE-2014-1875 [insecure use of /tmp]
@@ -4181,25 +4358,25 @@
CVE-2014-1533
RESERVED
CVE-2014-1532 (Use-after-free vulnerability in the ...)
- {DSA-2918-1}
+ {DSA-2924-1 DSA-2918-1}
- iceweasel 24.5.0esr-1
- icedove 24.5.0-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
CVE-2014-1531 (Use-after-free vulnerability in the ...)
- {DSA-2918-1}
+ {DSA-2924-1 DSA-2918-1}
- iceweasel 24.5.0esr-1
- icedove 24.5.0-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
CVE-2014-1530 (The docshell implementation in Mozilla Firefox before 29.0, Firefox ...)
- {DSA-2918-1}
+ {DSA-2924-1 DSA-2918-1}
- iceweasel 24.5.0esr-1
- icedove 24.5.0-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
CVE-2014-1529 (The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR ...)
- {DSA-2918-1}
+ {DSA-2924-1 DSA-2918-1}
- iceweasel 24.5.0esr-1
- icedove 24.5.0-1
[squeeze] - iceweasel <end-of-life>
@@ -4216,13 +4393,13 @@
- iceweasel <not-affected> (Only affects Firefox 28)
- icedove <not-affected> (Only affects Firefox 28)
CVE-2014-1524 (The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox ...)
- {DSA-2918-1}
+ {DSA-2924-1 DSA-2918-1}
- iceweasel 24.5.0esr-1
- icedove 24.5.0-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
CVE-2014-1523 (Heap-based buffer overflow in the read_u32 function in Mozilla Firefox ...)
- {DSA-2918-1}
+ {DSA-2924-1 DSA-2918-1}
- iceweasel 24.5.0esr-1
- icedove 24.5.0-1
[squeeze] - iceweasel <end-of-life>
@@ -4238,7 +4415,7 @@
- iceweasel <not-affected> (Only affects Firefox 28)
- icedove <not-affected> (Only affects Firefox 28)
CVE-2014-1518 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- {DSA-2918-1}
+ {DSA-2924-1 DSA-2918-1}
- iceweasel 24.5.0esr-1
- icedove 24.5.0-1
[squeeze] - iceweasel <end-of-life>
@@ -4555,14 +4732,11 @@
RESERVED
CVE-2014-1449
RESERVED
-CVE-2014-1443
- RESERVED
+CVE-2014-1443 (Core FTP Server 1.2 before build 515 allows remote authenticated users ...)
NOT-FOR-US: Core FTP Server
-CVE-2014-1442
- RESERVED
+CVE-2014-1442 (Directory traversal vulnerability in Core FTP Server 1.2 before build ...)
NOT-FOR-US: Core FTP Server
-CVE-2014-1441
- RESERVED
+CVE-2014-1441 (Core FTP Server 1.2 before build 515 allows remote attackers to cause ...)
NOT-FOR-US: Core FTP Server
CVE-2014-1440
RESERVED
@@ -5301,10 +5475,10 @@
RESERVED
CVE-2014-0943
RESERVED
-CVE-2014-0942
- RESERVED
-CVE-2014-0941
- RESERVED
+CVE-2014-0942 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2014-0941 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
CVE-2014-0940
RESERVED
CVE-2014-0939
@@ -5393,8 +5567,8 @@
RESERVED
CVE-2014-0897
RESERVED
-CVE-2014-0896
- RESERVED
+CVE-2014-0896 (IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before ...)
+ TODO: check
CVE-2014-0895 (Buffer overflow in the vsflex8l ActiveX control in IBM SPSS ...)
NOT-FOR-US: IBM SPSS
CVE-2014-0894
@@ -5467,12 +5641,12 @@
NOT-FOR-US: IBM Cognos Business Intelligence
CVE-2014-0860
RESERVED
-CVE-2014-0859
- RESERVED
+CVE-2014-0859 (The web-server plugin in IBM WebSphere Application Server (WAS) 7.x ...)
+ TODO: check
CVE-2014-0858 (IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote ...)
NOT-FOR-US: IBM Content Navigator
-CVE-2014-0857
- RESERVED
+CVE-2014-0857 (The Administrative Console in IBM WebSphere Application Server (WAS) ...)
+ TODO: check
CVE-2014-0856
RESERVED
CVE-2014-0855 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections ...)
@@ -5539,8 +5713,8 @@
RESERVED
CVE-2014-0824
RESERVED
-CVE-2014-0823
- RESERVED
+CVE-2014-0823 (IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x ...)
+ TODO: check
CVE-2014-0822 (The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x ...)
NOT-FOR-US: IBM Domino
CVE-2014-0821 (SQL injection vulnerability in the download feature in Cybozu Garoon ...)
@@ -5682,8 +5856,8 @@
RESERVED
CVE-2014-0787 (Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 ...)
NOT-FOR-US: WellinTech KingSCADA
-CVE-2014-0786
- RESERVED
+CVE-2014-0786 (Ecava IntegraXor before 4.1.4393 allows remote attackers to read ...)
+ TODO: check
CVE-2014-0785
RESERVED
CVE-2014-0784 (Stack-based buffer overflow in BKBCopyD.exe in Yokogawa CENTUM CS 3000 ...)
@@ -5963,8 +6137,8 @@
NOT-FOR-US: Cisco Secure ACS RMI
CVE-2014-0647 (The Starbucks 2.6.1 application for iOS stores sensitive information ...)
NOT-FOR-US: Starbucks iOS application
-CVE-2014-0646
- RESERVED
+CVE-2014-0646 (The runtime WS component in the server in EMC RSA Access Manager 6.1.3 ...)
+ TODO: check
CVE-2014-0645 (EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File ...)
NOT-FOR-US: EMC
CVE-2014-0644 (EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote ...)
@@ -6481,12 +6655,10 @@
- python-django 1.6.3-1
CVE-2014-0472 (The django.core.urlresolvers.reverse function in Django before 1.4.11, ...)
- python-django 1.6.3-1
-CVE-2014-0471 [dpkg-source: directory traversal during unpack]
- RESERVED
+CVE-2014-0471 (Directory traversal vulnerability in the unpacking functionality in ...)
{DSA-2915-1}
- dpkg 1.17.8
-CVE-2014-0470
- RESERVED
+CVE-2014-0470 (super.c in Super 3.30.0 does not check the return value of the setuid ...)
{DSA-2917-1}
- super 3.30.0-7
CVE-2014-0469 [stack-based buffer overflow in subject processing]
@@ -6610,48 +6782,50 @@
RESERVED
{DSA-2912-1}
CVE-2014-0461 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
- {DSA-2912-1}
+ {DSA-2923-1 DSA-2912-1}
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
CVE-2014-0460 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
- {DSA-2912-1}
+ {DSA-2923-1 DSA-2912-1}
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
CVE-2014-0459 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE ...)
- {DSA-2912-1}
+ {DSA-2923-1 DSA-2912-1}
- lcms <unfixed>
[squeeze] - lcms <no-dsa> (Minor issue)
[wheezy] - lcms <no-dsa> (Minor issue)
- lcms2 2.6-1 (low; bug #745471)
[wheezy] - lcms2 <no-dsa> (Minor issue)
CVE-2014-0458 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
- {DSA-2912-1}
+ {DSA-2923-1 DSA-2912-1}
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
CVE-2014-0457 (Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and ...)
- {DSA-2912-1}
+ {DSA-2923-1 DSA-2912-1}
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
CVE-2014-0456 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
- {DSA-2912-1}
+ {DSA-2923-1 DSA-2912-1}
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
CVE-2014-0455 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE ...)
+ {DSA-2923-1}
- openjdk-7 7u55-2.4.7-1
- openjdk-6 <not-affected> (Only affects Java 7/8)
CVE-2014-0454 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE ...)
+ {DSA-2923-1}
- openjdk-7 7u55-2.4.7-1
- openjdk-6 <not-affected> (Only affects Java 7/8)
CVE-2014-0453 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
- {DSA-2912-1}
+ {DSA-2923-1 DSA-2912-1}
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
CVE-2014-0452 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
- {DSA-2912-1}
+ {DSA-2923-1 DSA-2912-1}
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
CVE-2014-0451 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, ...)
- {DSA-2912-1}
+ {DSA-2923-1 DSA-2912-1}
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
CVE-2014-0450 (Unspecified vulnerability in the Oracle WebCenter Portal component in ...)
@@ -6665,7 +6839,7 @@
CVE-2014-0447 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local ...)
NOT-FOR-US: Solaris
CVE-2014-0446 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, ...)
- {DSA-2912-1}
+ {DSA-2923-1 DSA-2912-1}
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
CVE-2014-0445 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
@@ -6709,7 +6883,7 @@
- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2014-0429 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
- {DSA-2912-1}
+ {DSA-2923-1 DSA-2912-1}
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
CVE-2014-0428 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; ...)
@@ -7076,8 +7250,7 @@
NOTE: Not suitable for code injection
CVE-2013-7111 (The put_call function in the API client (api/api_client.rb) in the ...)
NOT-FOR-US: Bio Basespace SDK Ruby Gem
-CVE-2013-7110
- RESERVED
+CVE-2013-7110 (Transifex command-line client before 0.10 does not validate X.509 ...)
- transifex-client <unfixed> (low)
[wheezy] - transifex-client <not-affected> (Incomplete patch was never released)
NOTE: fix for CVE-2013-2073 was incorrect/incomplete
@@ -7252,11 +7425,9 @@
- zope2.12 <removed> (low)
[wheezy] - zope2.12 <no-dsa> (Minor issue)
- zope2.13 <not-affected> (Vulnerable code not present)
-CVE-2013-7061 [Privilege escalation through exposed underlying API]
- RESERVED
+CVE-2013-7061 (Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows ...)
NOT-FOR-US: Plone
-CVE-2013-7060 [Filesystem path information leak]
- RESERVED
+CVE-2013-7060 (Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows ...)
NOT-FOR-US: Plone
CVE-2013-7049 (Stack-based buffer overflow in fish.cpp in the Fish plugin for ZNC, as ...)
NOTE: vulnerable code not found in Debian
@@ -7528,8 +7699,8 @@
NOT-FOR-US: WordPress plugin AskApache Firefox Adsense
CVE-2013-6991 (Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard ...)
NOT-FOR-US: WordPress plugin WP-Cron Dashboard
-CVE-2013-6990
- RESERVED
+CVE-2013-6990 (FortiGuard FortiAuthenticator before 3.0 allows remote administrators ...)
+ TODO: check
CVE-2013-6989
RESERVED
CVE-2013-6988
@@ -7599,6 +7770,7 @@
CVE-2013-6955 (webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 ...)
NOT-FOR-US: Synology DiskStation Manager
CVE-2013-6954 (The png_do_expand_palette function in libpng before 1.6.8 allows ...)
+ {DSA-2923-1}
- libpng <not-affected> (Vulnerable code introduced in 1.6.1)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1045561
NOTE: http://sourceforge.net/mailarchive/message.php?msg_id=31751422
@@ -7966,8 +8138,7 @@
[wheezy] - qt4-x11 <no-dsa> (Minor issue)
[squeeze] - qt4-x11 <no-dsa> (Minor issue)
NOTE: https://qt.gitorious.org/qt/qtbase/commit/eb1325047f2697d24e93ebaf924900affc876bc1
-CVE-2014-0189
- RESERVED
+CVE-2014-0189 (virt-who uses world-readable permissions for /etc/sysconfig/virt-who, ...)
NOT-FOR-US: RedHat virt-who
CVE-2014-0188 (The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, ...)
NOT-FOR-US: OpenShift
@@ -9356,7 +9527,7 @@
[wheezy] - iceape <end-of-life>
NOTE: http://packetstormsecurity.com/files/123989/IJG-jpeg6b-libjpeg-turbo-Uninitialized-Memory.html
CVE-2013-6629 (The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) ...)
- {DSA-2799-1}
+ {DSA-2923-1 DSA-2799-1}
- chromium-browser 31.0.1650.57-1
[squeeze] - chromium-browser <end-of-life>
- libjpeg-turbo 1.3.0-3 (low; bug #729873)
@@ -9842,8 +10013,7 @@
NOT-FOR-US: JBoss Seam
CVE-2013-6446
RESERVED
-CVE-2013-6445
- RESERVED
+CVE-2013-6445 (Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG ...)
NOT-FOR-US: Cumin
CVE-2013-6444 [failure to check certificate hostname]
RESERVED
@@ -10269,8 +10439,8 @@
NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-6324
RESERVED
-CVE-2013-6323
- RESERVED
+CVE-2013-6323 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
+ TODO: check
CVE-2013-6322 (Cross-site scripting (XSS) vulnerability in Sterling Order Management ...)
NOT-FOR-US: IBM Sterling Selling and Fulfillment Suite
CVE-2013-6321 (SQL injection vulnerability in IBM Atlas eDiscovery Process Management ...)
@@ -16077,7 +16247,7 @@
NOTE: http://openwall.com/lists/oss-security/2013/07/12/3
NOTE: http://git.cyrusimap.org/cyrus-sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d
CVE-2013-4121
- RESERVED
+ REJECTED
CVE-2013-4120
RESERVED
CVE-2013-4119
@@ -21271,8 +21441,7 @@
[squeeze] - kde4libs <no-dsa> (Minor issue)
[wheezy] - kde4libs <no-dsa> (Minor issue)
NOTE: https://projects.kde.org/projects/kde/kdelibs/repository/revisions/65d736dab592bced4410ccfa4699de89f78c96ca/diff/kioslave/http/http.cpp
-CVE-2013-2073 [Does not validate HTTPS server certificate]
- RESERVED
+CVE-2013-2073 (Transifex command-line client before 0.9 does not validate X.509 ...)
- transifex-client 0.9-1 (low)
[wheezy] - transifex-client <no-dsa> (Minor issue)
NOTE: http://seclists.org/oss-sec/2013/q2/394
@@ -22178,12 +22347,12 @@
CVE-2013-1808 (Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ...)
- db4o <unfixed> (unimportant)
- jenkins 1.509.2+dfsg-1 (bug #706725)
-CVE-2013-1807
- RESERVED
-CVE-2013-1806
- RESERVED
+CVE-2013-1807 (PHP-Fusion before 7.02.06 stores backup files with predictable ...)
+ TODO: check
+CVE-2013-1806 (Multiple directory traversal vulnerabilities in PHP-Fusion before ...)
+ TODO: check
CVE-2013-1805
- RESERVED
+ REJECTED
CVE-2013-1804 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion ...)
NOT-FOR-US: PHP-Fusion
CVE-2013-1803
More information about the Secure-testing-commits
mailing list