[Secure-testing-commits] r33326 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Wed Apr 1 21:10:19 UTC 2015 

Author: sectracker
Date: 2015-04-01 21:10:19 +0000 (Wed, 01 Apr 2015)
New Revision: 33326

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-04-01 19:48:22 UTC (rev 33325)
+++ data/CVE/list	2015-04-01 21:10:19 UTC (rev 33326)
@@ -1,3 +1,11 @@
+CVE-2015-2810
+	RESERVED
+CVE-2015-2809 (The Multicast DNS (mDNS) responder in Synology DiskStation Manager ...)
+	TODO: check
+CVE-2015-2808 (The RC4 algorithm, as used in the TLS protocol and SSL protocol, does ...)
+	TODO: check
+CVE-2015-2807
+	RESERVED
 CVE-2015-XXXX [Buffer overflow in the handling of the XAUTHORITY env variable]
 	- das-watchdog <unfixed>
 	NOTE: Upstream commit: https://github.com/kmatheussen/das_watchdog/commit/bd20bb02e75e2c
@@ -275,20 +283,17 @@
 	RESERVED
 	- realmd <unfixed> (bug #781179)
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=89207
-CVE-2015-2776 [does not properly check requests for workbook memory allocation]
-	RESERVED
+CVE-2015-2776 (The parse_SST function in FreeXL before 1.0.0i allows remote attackers ...)
 	{DSA-3208-1}
 	[experimental] - freexl 1.0.1-1~exp1
 	- freexl 1.0.0g-1+deb8u1 (bug #781228)
 	NOTE: Reproducer: https://www.dropbox.com/s/gh61gzaf8jj30hj/freexl_6889d18b?dl=0
-CVE-2015-2754
-	RESERVED
+CVE-2015-2754 (FreeXL before 1.0.0i allows remote attackers to cause a denial of ...)
 	{DSA-3208-1}
 	[experimental] - freexl 1.0.1-1~exp1
 	- freexl 1.0.0g-1+deb8u1 (bug #781228)
 	NOTE: Reproducer: https://www.dropbox.com/s/66srfory903w6cl/freexl_d7273f72?dl=0
-CVE-2015-2753
-	RESERVED
+CVE-2015-2753 (FreeXL before 1.0.0i allows remote attackers to cause a denial of ...)
 	{DSA-3208-1}
 	[experimental] - freexl 1.0.1-1~exp1
 	- freexl 1.0.0g-1+deb8u1 (bug #781228)
@@ -970,11 +975,9 @@
 	NOT-FOR-US: MikroTik RouterOS
 CVE-2015-2349 (Cross-site scripting (XSS) vulnerability in defaultnewsletter.php in ...)
 	NOT-FOR-US: SuperWebMailer
-CVE-2014-9708
-	RESERVED
+CVE-2014-9708 (Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote ...)
 	NOT-FOR-US: Appweb Web Server
-CVE-2014-9707
-	RESERVED
+CVE-2014-9707 (EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path ...)
 	NOT-FOR-US: GoAhead Web Server
 CVE-2014-9710 [btrfs: non-atomic xattr replace operation]
 	RESERVED
@@ -1029,8 +1032,7 @@
 	NOTE: https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8
 	NOTE: http://www.openwall.com/lists/oss-security/2015/03/20/12
 	TODO: check affected versions
-CVE-2014-9706 [dulwich: does not reject commits with invalid paths]
-	RESERVED
+CVE-2014-9706 (The build_index_from_tree function in index.py in Dulwich before 0.9.9 ...)
 	{DSA-3206-1}
 	- dulwich 0.10.1-1 (bug #780989)
 	[jessie] - dulwich 0.9.7-3
@@ -1151,8 +1153,7 @@
 	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ec400ddeff200b068ddc6c70f7321f49ecf32ed5 (v3.9-rc1)
 	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4 (v4.0-rc1)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/03/18/7
-CVE-2015-2684 [denial of service vulnerability]
-	RESERVED
+CVE-2015-2684 (Shibboleth Service Provider (SP) before 2.5.4 allows remote ...)
 	{DSA-3207-1}
 	- shibboleth-sp2 2.5.3+dfsg-2
 	NOTE: http://shibboleth.net/community/advisories/secadv_20150319.txt
@@ -2334,8 +2335,8 @@
 	RESERVED
 CVE-2015-1893
 	RESERVED
-CVE-2015-1892
-	RESERVED
+CVE-2015-1892 (The Multicast DNS (mDNS) responder in IBM Security Access Manager for ...)
+	TODO: check
 CVE-2015-1891
 	RESERVED
 CVE-2015-1890
@@ -5783,8 +5784,7 @@
 	RESERVED
 CVE-2015-0839
 	RESERVED
-CVE-2015-0838 [buffer overflow in the C implementation of the apply_delta() function]
-	RESERVED
+CVE-2015-0838 (Buffer overflow in the C implementation of the apply_delta function in ...)
 	{DSA-3206-1}
 	- dulwich 0.10.1-1 (bug #780958)
 	[jessie] - dulwich 0.9.7-3
@@ -5876,85 +5876,74 @@
 	- iceweasel 31.5.3esr-1
 	[squeeze] - iceweasel <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/
-CVE-2015-0816 [resource:// documents can load privileged pages]
-	RESERVED
+CVE-2015-0816 (Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and ...)
+	{DSA-3211-1}
 	- iceweasel 31.6.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove <unfixed>
 	[squeeze] - icedove <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-33/
-CVE-2015-0815 [Memory safety bugs]
-	RESERVED
+CVE-2015-0815 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
+	{DSA-3211-1}
 	- iceweasel 31.6.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove <unfixed>
 	[squeeze] - icedove <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-30/
-CVE-2015-0814 [Miscellaneous memory safety hazards]
-	RESERVED
+CVE-2015-0814 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- iceweasel <not-affected> (only affects Firefox 37.x)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-30/
-CVE-2015-0813 [Use-after-free when using the Fluendo MP3 GStreamer plugin]
-	RESERVED
+CVE-2015-0813 (Use-after-free vulnerability in the AppendElements function in Mozilla ...)
+	{DSA-3211-1}
 	- iceweasel 31.6.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove <unfixed>
 	[squeeze] - icedove <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-31/
-CVE-2015-0812 [Add-on lightweight theme installation approval bypassed through MITM attack]
-	RESERVED
+CVE-2015-0812 (Mozilla Firefox before 37.0 does not require an HTTPS session for ...)
 	- iceweasel <not-affected> (Only affects 37.x)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-32/
-CVE-2015-0811 [Out of bounds read in QCMS library]
-	RESERVED
+CVE-2015-0811 (The QCMS implementation in Mozilla Firefox before 37.0 allows remote ...)
 	- iceweasel <not-affected> (Only affects 37.x)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-34/
-CVE-2015-0810 [Cursor clickjacking with flash and images]
-	RESERVED
+CVE-2015-0810 (Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is ...)
 	- iceweasel <not-affected> (Only affects 37.x; only affects OS X systems)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-35/
 CVE-2015-0809
 	RESERVED
-CVE-2015-0808 [Incorrect memory management for simple-type arrays in WebRTC]
-	RESERVED
+CVE-2015-0808 (The webrtc::VPMContentAnalysis::Release function in the WebRTC ...)
 	- iceweasel <not-affected> (Only affects 37.x)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-36/
-CVE-2015-0807 [CORS requests should not follow 30x redirections after prefligh]
-	RESERVED
+CVE-2015-0807 (The navigator.sendBeacon implementation in Mozilla Firefox before ...)
+	{DSA-3211-1}
 	- iceweasel 31.6.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove <unfixed>
 	[squeeze] - icedove <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-37/
-CVE-2015-0806 [Memory corruption crashes in Off Main Thread Compositing]
-	RESERVED
+CVE-2015-0806 (The Off Main Thread Compositing (OMTC) implementation in Mozilla ...)
 	- iceweasel <not-affected> (Only affects 37.x)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-38/
-CVE-2015-0805 [Memory corruption crashes in Off Main Thread Compositing]
-	RESERVED
+CVE-2015-0805 (The Off Main Thread Compositing (OMTC) implementation in Mozilla ...)
 	- iceweasel <not-affected> (Only affects 37.x)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-38/
-CVE-2015-0804 [Use-after-free due to type confusion flaws]
-	RESERVED
+CVE-2015-0804 (The HTMLSourceElement::BindToTree function in Mozilla Firefox before ...)
 	- iceweasel <not-affected> (Only affects 37.x)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-39/
-CVE-2015-0803 [Use-after-free due to type confusion flaws]
-	RESERVED
+CVE-2015-0803 (The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before ...)
 	- iceweasel <not-affected> (Only affects 37.x)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-39/
-CVE-2015-0802 [Windows can retain access to privileged content on navigation to unprivileged pages]
-	RESERVED
+CVE-2015-0802 (Mozilla Firefox before 37.0 relies on docshell type information ...)
 	- iceweasel <not-affected> (Only affects 37.x)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-42/
-CVE-2015-0801 [Same-origin bypass through anchor navigation]
-	RESERVED
+CVE-2015-0801 (Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and ...)
+	{DSA-3211-1}
 	- iceweasel 31.6.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove <unfixed>
 	[squeeze] - icedove <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-40/
-CVE-2015-0800 [PRNG weakness allows for DNS poisoning on Android]
-	RESERVED
+CVE-2015-0800 (The PRNG implementation in the DNS resolver in Mozilla Firefox (aka ...)
 	- iceweasel <not-affected> (Only affects 37.x; only on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-41/
 CVE-2015-0799
@@ -6775,8 +6764,7 @@
 	NOT-FOR-US: Microweber CMS
 CVE-2014-9463
 	RESERVED
-CVE-2014-9462 [Command Injection]
-	RESERVED
+CVE-2014-9462 (The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows ...)
 	- mercurial <unfixed>
 	[experimental] - mercurial 3.3~rc1-1
 	NOTE: http://chargen.matasano.com/chargen/2015/3/17/this-new-vulnerability-mercurial-command-injection-cve-2014-9462.html
@@ -25609,8 +25597,7 @@
 	- linux-2.6 <not-affected> (Introduced in 3.0)
 	NOTE: https://lkml.org/lkml/2014/4/10/736
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=b04c46190219a4f845e46a459e3102137b7f6cac
-CVE-2014-2830 [cifs-utils: pam module pam_cifscreds stack overflow]
-	RESERVED
+CVE-2014-2830 (Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils ...)
 	- cifs-utils <unfixed> (unimportant)
 	[squeeze] - cifs-utils <not-affected> (Vulnerable code not present)
 	[wheezy] - cifs-utils <not-affected> (pam_cifscreds introduced in 6.3)
@@ -27761,8 +27748,7 @@
 	- percona-toolkit 2.2.7-1~dfsg1 (bug #740846)
 	[wheezy] - percona-toolkit <not-affected> (version-check introduced in 2.1.4)
 	- percona-xtrabackup 2.2.3-1 (bug #751377)
-CVE-2014-2027 [remote code execution via php unserialize]
-	RESERVED
+CVE-2014-2027 (eGroupware before 1.8.006.20140217 allows remote attackers to conduct ...)
 	- egroupware <removed>
 CVE-2014-2015 (Stack-based buffer overflow in the normify function in the rlm_pap ...)
 	- freeradius 2.2.5+dfsg-0.1 (low; bug #742820)
@@ -62523,8 +62509,7 @@
 	RESERVED
 CVE-2012-2809
 	RESERVED
-CVE-2012-2808 [PRNG weakness allows for DNS poisoning on Android]
-	RESERVED
+CVE-2012-2808 (The PRNG implementation in the DNS resolver in Bionic in Android ...)
 	- iceweasel <not-affected> (Only affects 37.x; only on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-41/
 CVE-2012-2807 (Multiple integer overflows in libxml2, as used in Google Chrome before ...)

More information about the Secure-testing-commits mailing list