[Secure-testing-commits] r33345 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Thu Apr 2 21:10:16 UTC 2015 

Author: sectracker
Date: 2015-04-02 21:10:16 +0000 (Thu, 02 Apr 2015)
New Revision: 33345

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-04-02 20:20:57 UTC (rev 33344)
+++ data/CVE/list	2015-04-02 21:10:16 UTC (rev 33345)
@@ -1,3 +1,41 @@
+CVE-2015-2829
+	RESERVED
+CVE-2015-2828
+	RESERVED
+CVE-2015-2827
+	RESERVED
+CVE-2015-2826
+	RESERVED
+CVE-2015-2825
+	RESERVED
+CVE-2015-2824
+	RESERVED
+CVE-2015-2823
+	RESERVED
+CVE-2015-2822
+	RESERVED
+CVE-2015-2821 (TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote ...)
+	TODO: check
+CVE-2015-2820 (Buffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote ...)
+	TODO: check
+CVE-2015-2819 (SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2015-2818 (XML external entity (XXE) vulnerability in SAP Mobile Platform 3 ...)
+	TODO: check
+CVE-2015-2817 (The SAP Management Console in SAP NetWeaver 7.40 allows remote ...)
+	TODO: check
+CVE-2015-2816 (The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict ...)
+	TODO: check
+CVE-2015-2815 (Buffer overflow in the C_SAPGPARAM function in the NetWeaver ...)
+	TODO: check
+CVE-2015-2814 (SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task ...)
+	TODO: check
+CVE-2015-2813 (XML external entity (XXE) vulnerability in SAP Mobile Platform allows ...)
+	TODO: check
+CVE-2015-2812 (XML external entity (XXE) vulnerability in XMLValidationComponent in ...)
+	TODO: check
+CVE-2015-2811 (XML external entity (XXE) vulnerability in ReportXmlViewer in SAP ...)
+	TODO: check
 CVE-2015-2830 [Linux mishandles int80 fork from 64-bit tasks]
 	- linux <unfixed>
 	- linux-2.6 <removed>
@@ -142,18 +180,15 @@
 	RESERVED
 	- arj 3.10.22-13 (bug #774015)
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/03/28/5
-CVE-2015-2756 [Unmediated PCI command register access in qemu]
-	RESERVED
+CVE-2015-2756 (QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict ...)
 	- xen <unfixed> (bug #781620)
 	NOTE: http://xenbits.xen.org/xsa/advisory-126.html
-CVE-2015-2755
-	RESERVED
-CVE-2015-2752 [Long latency MMIO mapping operations are not preemptible]
-	RESERVED
+CVE-2015-2755 (Multiple cross-site request forgery (CSRF) vulnerabilities in the AB ...)
+	TODO: check
+CVE-2015-2752 (The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, ...)
 	- xen <unfixed> (bug #781620)
 	NOTE: http://xenbits.xen.org/xsa/advisory-125.html
-CVE-2015-2751 [Certain domctl operations may be abused to lock up the host]
-	RESERVED
+CVE-2015-2751 (Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, ...)
 	- xen <unfixed> (bug #781620)
 	[wheezy] - xen <not-affected> (Affected functionality introduced in 4.2)
 	NOTE: http://xenbits.xen.org/xsa/advisory-127.html
@@ -259,8 +294,7 @@
 	NOT-FOR-US: Websense
 CVE-2015-2701 (Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 ...)
 	NOT-FOR-US: CS-Cart
-CVE-2014-9713 [slapd: dangerous access rule in default config]
-	RESERVED
+CVE-2014-9713 (The default slapd configuration in the Debian openldap package ...)
 	{DSA-3209-1}
 	- openldap 2.4.40-2 (bug #761406)
 CVE-2014-9711 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
@@ -1229,8 +1263,8 @@
 	RESERVED
 CVE-2015-2295
 	RESERVED
-CVE-2015-2294
-	RESERVED
+CVE-2015-2294 (Multiple cross-site scripting (XSS) vulnerabilities in the WebGUI in ...)
+	TODO: check
 CVE-2015-2293 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
 	NOT-FOR-US: WordPress plugin wordpress-seo
 CVE-2015-2292 (Multiple SQL injection vulnerabilities in ...)
@@ -4388,13 +4422,11 @@
 	RESERVED
 CVE-2015-1235
 	RESERVED
-CVE-2015-1234
-	RESERVED
+CVE-2015-1234 (Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in ...)
 	- chromium-browser 41.0.2272.118-1
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1233
-	RESERVED
+CVE-2015-1233 (Google Chrome before 41.0.2272.118 does not properly handle the ...)
 	- chromium-browser 41.0.2272.118-1
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>
@@ -5896,14 +5928,14 @@
 	[squeeze] - iceweasel <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/
 CVE-2015-0816 (Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and ...)
-	{DSA-3211-1}
+	{DSA-3212-1 DSA-3211-1}
 	- iceweasel 31.6.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove 31.6.0-1
 	[squeeze] - icedove <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-33/
 CVE-2015-0815 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
-	{DSA-3211-1}
+	{DSA-3212-1 DSA-3211-1}
 	- iceweasel 31.6.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove 31.6.0-1
@@ -5913,7 +5945,7 @@
 	- iceweasel <not-affected> (only affects Firefox 37.x)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-30/
 CVE-2015-0813 (Use-after-free vulnerability in the AppendElements function in Mozilla ...)
-	{DSA-3211-1}
+	{DSA-3212-1 DSA-3211-1}
 	- iceweasel 31.6.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove 31.6.0-1
@@ -5934,7 +5966,7 @@
 	- iceweasel <not-affected> (Only affects 37.x)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-36/
 CVE-2015-0807 (The navigator.sendBeacon implementation in Mozilla Firefox before ...)
-	{DSA-3211-1}
+	{DSA-3212-1 DSA-3211-1}
 	- iceweasel 31.6.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove 31.6.0-1
@@ -5956,7 +5988,7 @@
 	- iceweasel <not-affected> (Only affects 37.x)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-42/
 CVE-2015-0801 (Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and ...)
-	{DSA-3211-1}
+	{DSA-3212-1 DSA-3211-1}
 	- iceweasel 31.6.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove 31.6.0-1
@@ -9118,8 +9150,7 @@
 	NOTE: http://www.ca.tcpdump.org/cve/0003-test-case-for-cve2015-0261-corrupted-IPv6-mobility-h.patch
 CVE-2015-0260 (RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated ...)
 	- kallithea <itp> (bug #753975)
-CVE-2015-0259
-	RESERVED
+CVE-2015-0259 (OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, ...)
 	- nova 2014.1.3-11 (bug #780250)
 	[wheezy] - nova <not-affected> (Vulnerable code not present)
 CVE-2015-0258

More information about the Secure-testing-commits mailing list