[Secure-testing-commits] r29119 - data/CVE

Joey Hess joeyh at moszumanska.debian.org
Sat Sep 27 21:14:13 UTC 2014 

Author: joeyh
Date: 2014-09-27 21:14:13 +0000 (Sat, 27 Sep 2014)
New Revision: 29119

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-09-27 17:36:06 UTC (rev 29118)
+++ data/CVE/list	2014-09-27 21:14:13 UTC (rev 29119)
@@ -1,3 +1,55 @@
+CVE-2014-7201
+	RESERVED
+CVE-2014-7200
+	RESERVED
+CVE-2014-7198
+	RESERVED
+CVE-2014-7197
+	RESERVED
+CVE-2014-7196
+	RESERVED
+CVE-2014-7195
+	RESERVED
+CVE-2014-7194
+	RESERVED
+CVE-2014-7193
+	RESERVED
+CVE-2014-7192
+	RESERVED
+CVE-2014-7191
+	RESERVED
+CVE-2014-7188
+	RESERVED
+CVE-2014-7184
+	RESERVED
+CVE-2014-7183
+	RESERVED
+CVE-2014-7182
+	RESERVED
+CVE-2014-7181
+	RESERVED
+CVE-2014-7180
+	RESERVED
+CVE-2014-7179
+	RESERVED
+CVE-2014-7178
+	RESERVED
+CVE-2014-7177
+	RESERVED
+CVE-2014-7176
+	RESERVED
+CVE-2014-7175
+	RESERVED
+CVE-2014-7174
+	RESERVED
+CVE-2014-7173
+	RESERVED
+CVE-2014-7172
+	RESERVED
+CVE-2014-7171
+	RESERVED
+CVE-2014-7170
+	RESERVED
 CVE-2014-XXXX [endless loog + disk usage bomp on minified js file]
 	- exuberant-ctags 1:5.9~svn20110310-8 (bug #742605)
 	NOTE: http://sourceforge.net/p/ctags/code/791/
@@ -2,2 +54,3 @@
 CVE-2014-7203 [does not implement uniqueness check on connection nonces]
+	RESERVED
 	- zeromq <undetermined>
@@ -7,24 +60,30 @@
 	NOTE: Code commit: https://github.com/zeromq/libzmq/issues/1191
 	TODO: check
 CVE-2014-7202 [does not validate the other party's security handshake properly]
+	RESERVED
 	- zeromq <undetermined>
 	- zeromq3 <unfixed>
 	NOTE: Code commit: https://github.com/zeromq/libzmq/issues/1190
 	TODO: check
 CVE-2014-7190
+	RESERVED
 	NOT-FOR-US: Openfiler
 CVE-2014-7189 [Go crypto/tls vulnerability]
+	RESERVED
 	- golang 2:1.3.2-1
 	[wheezy] - golang <not-affected> (Vulnerable code not present, only Go 1.1 onwards)
 	NOTE: https://groups.google.com/forum/#!msg/golang-nuts/eeOHNw_shwU/OHALUmroA5kJ
 	NOTE: https://code.google.com/p/go/source/detail?r=eae0457c101512f59296538f0162749eba325892&name=release-branch.go1.3
 CVE-2014-7187
+	RESERVED
 	{DSA-3035-1 DLA-63-1}
 	- bash 4.3-9.2
 CVE-2014-7186
+	RESERVED
 	{DSA-3035-1 DLA-63-1}
 	- bash 4.3-9.2
 CVE-2014-7185 [integer overflow in 'buffer' type allows reading memory]
+	RESERVED
 	- python2.7 <unfixed>
 	NOTE: http://bugs.python.org/issue21831
 	NOTE: Upstream fix http://hg.python.org/cpython/rev/8d963c7db507
@@ -66,6 +125,7 @@
 	NOTE: http://www.intelsecurity.com/advanced-threat-research/#
 	NOTE: similar to CVE-2014-1568 in nss
 CVE-2014-7199 [mediawiki: releases 1.19.19, 1.22.11 and 1.23.4]
+	RESERVED
 	{DSA-3036-1}
 	- mediawiki 1:1.19.19+dfsg-1 (bug #762754)
 	[squeeze] - mediawiki <end-of-life>
@@ -84,8 +144,8 @@
 	RESERVED
 	- xen <unfixed>
 	[squeeze] - xen <end-of-life>
-CVE-2014-7152
-	RESERVED
+CVE-2014-7152 (Cross-site scripting (XSS) vulnerability in the Easy MailChimp Forms ...)
+	TODO: check
 CVE-2014-7151
 	RESERVED
 CVE-2014-7150
@@ -884,64 +944,64 @@
 	RESERVED
 CVE-2014-6748
 	RESERVED
-CVE-2014-6747
-	RESERVED
-CVE-2014-6746
-	RESERVED
-CVE-2014-6745
-	RESERVED
-CVE-2014-6744
-	RESERVED
-CVE-2014-6743
-	RESERVED
-CVE-2014-6742
-	RESERVED
-CVE-2014-6741
-	RESERVED
-CVE-2014-6740
-	RESERVED
-CVE-2014-6739
-	RESERVED
-CVE-2014-6738
-	RESERVED
-CVE-2014-6737
-	RESERVED
-CVE-2014-6736
-	RESERVED
-CVE-2014-6735
-	RESERVED
-CVE-2014-6734
-	RESERVED
-CVE-2014-6733
-	RESERVED
-CVE-2014-6732
-	RESERVED
-CVE-2014-6731
-	RESERVED
-CVE-2014-6730
-	RESERVED
-CVE-2014-6729
-	RESERVED
-CVE-2014-6728
-	RESERVED
-CVE-2014-6727
-	RESERVED
-CVE-2014-6726
-	RESERVED
-CVE-2014-6725
-	RESERVED
-CVE-2014-6724
-	RESERVED
-CVE-2014-6723
-	RESERVED
-CVE-2014-6722
-	RESERVED
-CVE-2014-6721
-	RESERVED
-CVE-2014-6720
-	RESERVED
-CVE-2014-6719
-	RESERVED
+CVE-2014-6747 (The SeeOn (aka com.seeon) application 4.0.7 for Android does not ...)
+	TODO: check
+CVE-2014-6746 (The Infiniti Roadside Assistance (aka com.ccas.rsa.common.infiniti) ...)
+	TODO: check
+CVE-2014-6745 (The Family Location (aka com.sosocome.family) application 3.4 ...)
+	TODO: check
+CVE-2014-6744 (The Al-Ahsa News (aka com.alahsa.news) application 2.0 for Android ...)
+	TODO: check
+CVE-2014-6743 (The Hearsay: A Social Party Game (aka air.com.lip.per) application ...)
+	TODO: check
+CVE-2014-6742 (The All around Cyprus (aka com.cyprus.newspapers) application 2.11 for ...)
+	TODO: check
+CVE-2014-6741 (The John MacArthur (aka com.john.macarthur) application 1.0.26 for ...)
+	TODO: check
+CVE-2014-6740 (The XD Forum (aka com.tapatalk.xdforumcomforum) application 3.9.17 for ...)
+	TODO: check
+CVE-2014-6739 (The Well-Being Connect Mobile (aka com.healthways.wellbeinggo) ...)
+	TODO: check
+CVE-2014-6738 (The Maccabi Tel Aviv (aka com.monkeytech.maccabi) application 1.0 for ...)
+	TODO: check
+CVE-2014-6737 (The Ultimate Target-Armored Sniper (aka air.wood.liame.ultimatetarget) ...)
+	TODO: check
+CVE-2014-6736 (The EPL Hat Trick (aka com.hat.trick.goal) application 1.0 for Android ...)
+	TODO: check
+CVE-2014-6735 (The imagine Next bmobile (aka ...)
+	TODO: check
+CVE-2014-6734 (The Wine Making (aka com.gcspublishing.winemakingtalk) application ...)
+	TODO: check
+CVE-2014-6733 (The My T-Mobile (aka at.tmobile.android.myt) application @7F0C0030 for ...)
+	TODO: check
+CVE-2014-6732 (The Westpac Mobile Banking (aka org.westpac.bank) application 5.21 for ...)
+	TODO: check
+CVE-2014-6731 (The Alfa-Bank (aka ru.alfabank.mobile.android) application 5.5.1.1 for ...)
+	TODO: check
+CVE-2014-6730 (The Melodigram (aka com.minusdegree.melodigramandroid) application 1.1 ...)
+	TODO: check
+CVE-2014-6729 (The Grilling with Rich (aka com.grilling.with.rich) application 1.0 ...)
+	TODO: check
+CVE-2014-6728 (The ThinkPal (aka com.mythinkpalapp) application 1.6.3 for Android ...)
+	TODO: check
+CVE-2014-6727 (The Mikeius (Official App) (aka com.automon.mikeius) application ...)
+	TODO: check
+CVE-2014-6726 (The 30A (aka com.app30a) application 5.26.2 for Android does not ...)
+	TODO: check
+CVE-2014-6725 (The SchoolXM (aka apprentice.schoolxm) application 1.2 for Android ...)
+	TODO: check
+CVE-2014-6724 (The Soap Making (aka com.tapatalk.soapmakingforumcom) application ...)
+	TODO: check
+CVE-2014-6723 (The Comics Plus (aka com.iversecomics.comicsplus.android) application ...)
+	TODO: check
+CVE-2014-6722 (The Pescuit Crap Lite (aka ro.aventurilapescui.pescuitcrap.lite) ...)
+	TODO: check
+CVE-2014-6721 (The Pharmaguideline (aka com.pharmaguideline) application 1.2.0 for ...)
+	TODO: check
+CVE-2014-6720 (The Pesca de Carpa Lite (aka com.clearfishing.pescadecarpa.lite) ...)
+	TODO: check
+CVE-2014-6719 (The Kayak Angler Magazine (aka air.com.yudu.ReaderAIR1360155) ...)
+	TODO: check
 CVE-2014-6718 (The My Mobile Day (aka com.mymobileday) application 1.3 for Android ...)
 	NOT-FOR-US: My Mobile Day (aka com.mymobileday) application for Android
 CVE-2014-6717 (The iTriage Health (aka com.healthagen.iTriage) application 5.29 for ...)
@@ -1509,10 +1569,10 @@
 	RESERVED
 CVE-2014-6447
 	RESERVED
-CVE-2014-6446
-	RESERVED
-CVE-2014-6445
-	RESERVED
+CVE-2014-6446 (The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for ...)
+	TODO: check
+CVE-2014-6445 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
 CVE-2014-6444
 	RESERVED
 CVE-2014-6443
@@ -2777,7 +2837,7 @@
 	NOT-FOR-US: 7-ELEVEN (aka ecowork.seven) application for Android
 CVE-2014-5882 (The Homoo Ijiri (aka jp.co.applica) application 3.7 for Android does ...)
 	NOT-FOR-US: Homoo Ijiri (aka jp.co.applica) application for Android
-CVE-2014-5881 (The Yahoo! ybox (aka jp.co.yahoo.android.ybox) application 1.5.1 for ...)
+CVE-2014-5881 (The Yahoo! Japan Box (aka jp.co.yahoo.android.ybox) application 1.5.1 ...)
 	NOT-FOR-US: Yahoo! ybox application for android
 CVE-2014-5879 (The tvguide (aka kenneth.tvguide) application 1.9.14 for Android does ...)
 	NOT-FOR-US: tvguide application for Android
@@ -3832,8 +3892,7 @@
 CVE-2014-5464 (Cross-site scripting (XSS) vulnerability in the nDPI traffic ...)
 	- ntopng 1.2.1+dfsg1-1 (bug #760990)
 	NOTE: http://seclists.org/fulldisclosure/2014/Aug/65
-CVE-2014-5459 [insecurely used the /tmp/ directory for cache data]
-	RESERVED
+CVE-2014-5459 (The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows ...)
 	- php5 <unfixed> (bug #759282)
 CVE-2014-5450
 	RESERVED
@@ -3984,8 +4043,8 @@
 	RESERVED
 CVE-2014-5325
 	RESERVED
-CVE-2014-5324
-	RESERVED
+CVE-2014-5324 (Unrestricted file upload vulnerability in the N-Media file uploader ...)
+	TODO: check
 CVE-2014-5323 (The Yuko Yuko (aka jp.co.yukoyuko.android.yukoyuko_android) ...)
 	NOT-FOR-US: Yuko Yuko (aka jp.co.yukoyuko.android.yukoyuko_android) application for Android
 CVE-2014-5322 (Cross-site scripting (XSS) vulnerability in the Instant Web Publish ...)
@@ -3994,16 +4053,16 @@
 	NOT-FOR-US: FileMaker Pro
 CVE-2014-5320 (The Bump application for Android does not properly handle implicit ...)
 	NOT-FOR-US: Bump application for Android
-CVE-2014-5319
-	RESERVED
-CVE-2014-5318
-	RESERVED
+CVE-2014-5319 (Directory traversal vulnerability in the S-Link SLFileManager ...)
+	TODO: check
+CVE-2014-5318 (The jigbrowser+ application 1.8.1 and earlier for iOS allows remote ...)
+	TODO: check
 CVE-2014-5317 (Cross-site scripting (XSS) vulnerability in php365.com 365 Links 3.11 ...)
 	NOT-FOR-US: php365.com components
 CVE-2014-5316 (Cross-site scripting (XSS) vulnerability in Dotclear before 2.6.4 ...)
 	NOT-FOR-US: DotClear
-CVE-2014-5315
-	RESERVED
+CVE-2014-5315 (Cross-site scripting (XSS) vulnerability in the Help page in Adobe ...)
+	TODO: check
 CVE-2014-5314
 	RESERVED
 CVE-2014-5313 (Cross-site scripting (XSS) vulnerability in the management page in Six ...)
@@ -5031,8 +5090,7 @@
 	NOT-FOR-US: Joomla! component
 CVE-2014-4959
 	RESERVED
-CVE-2014-4958
-	RESERVED
+CVE-2014-4958 (Cross-site scripting (XSS) vulnerability in Telerik UI for ASP.NET ...)
 	NOT-FOR-US: Telerik UI for ASP.NET AJAX RadEditor Control
 CVE-2014-4957
 	RESERVED
@@ -8104,6 +8162,7 @@
 	RESERVED
 CVE-2014-3633 [qemu: out-of-bounds read access in qemuDomainGetBlockIoTune() due to invalid index]
 	RESERVED
+	{DSA-3038-1}
 	- libvirt 1.2.8-2 (bug #762203)
 	[squeeze] - libvirt <not-affected> (Vulnerable code introduced in v0.9.8)
 	NOTE: Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=3e745e8f775dfe6f64f18b5c2fe4791b35d3546b
@@ -8996,29 +9055,21 @@
 	NOT-FOR-US: Cisco
 CVE-2014-3362 (Memory leak in Cisco TelePresence System Edge MXP Series Software ...)
 	NOT-FOR-US: Cisco
-CVE-2014-3361
-	RESERVED
+CVE-2014-3361 (The ALG module in Cisco IOS 15.0 through 15.4 does not properly ...)
 	NOT-FOR-US: Cisco IOS
-CVE-2014-3360
-	RESERVED
+CVE-2014-3360 (Cisco IOS 12.4 and 15.0 through 15.4 and IOS XE 3.1.xS, 3.2.xS, ...)
 	NOT-FOR-US: Cisco IOS
-CVE-2014-3359
-	RESERVED
+CVE-2014-3359 (Memory leak in Cisco IOS 15.1 through 15.4 and IOS XE 3.4.xS, 3.5.xS, ...)
 	NOT-FOR-US: Cisco IOS
-CVE-2014-3358
-	RESERVED
+CVE-2014-3358 (Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE ...)
 	NOT-FOR-US: Cisco IOS
-CVE-2014-3357
-	RESERVED
+CVE-2014-3357 (Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before ...)
 	NOT-FOR-US: Cisco IOS
-CVE-2014-3356
-	RESERVED
+CVE-2014-3356 (The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE ...)
 	NOT-FOR-US: Cisco IOS
-CVE-2014-3355
-	RESERVED
+CVE-2014-3355 (The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE ...)
 	NOT-FOR-US: Cisco IOS
-CVE-2014-3354
-	RESERVED
+CVE-2014-3354 (Cisco IOS 12.0, 12.2, 12.4, 15.0, 15.1, 15.2, and 15.3 and IOS XE 2.x ...)
 	NOT-FOR-US: Cisco IOS
 CVE-2014-3353 (Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier Routing ...)
 	NOT-FOR-US: Cisco
@@ -9785,8 +9836,8 @@
 	NOT-FOR-US: IBM
 CVE-2014-3063 (IBM InfoSphere Master Data Management - Collaborative Edition 10.x ...)
 	NOT-FOR-US: IBM
-CVE-2014-3062
-	RESERVED
+CVE-2014-3062 (Unspecified vulnerability in IBM Security QRadar SIEM 7.1 MR2 and 7.2 ...)
+	TODO: check
 CVE-2014-3061 (Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Spend ...)
 	NOT-FOR-US: IBM
 CVE-2014-3060
@@ -13912,8 +13963,7 @@
 	RESERVED
 CVE-2014-1569
 	RESERVED
-CVE-2014-1568 [certificate forgery possible]
-	RESERVED
+CVE-2014-1568 (Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before ...)
 	{DSA-3037-1 DSA-3034-1 DSA-3033-1 DLA-62-1}
 	- nss 2:3.17.1-1
 	- iceweasel <not-affected> (uses system nss)
@@ -18129,6 +18179,7 @@
 CVE-2014-0180 (The wait_for_task function in ...)
 	NOT-FOR-US: RedHat CloudForms Management Engine
 CVE-2014-0179 (libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a ...)
+	{DSA-3038-1}
 	- libvirt 1.2.4-1 (unimportant)
 	NOTE: no ACL mechanism in squeeze and wheezy and all access is root-equivalent
 	NOTE: LSN-2014-0003: https://www.redhat.com/archives/libvir-list/2014-May/msg00209.html

More information about the Secure-testing-commits mailing list