[Secure-testing-commits] r33630 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Apr 16 06:07:27 UTC 2015
Author: carnil
Date: 2015-04-16 06:07:27 +0000 (Thu, 16 Apr 2015)
New Revision: 33630
Modified:
data/CVE/list
Log:
Run an update manually (DSA contacted about the certificate issue)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-04-16 04:45:33 UTC (rev 33629)
+++ data/CVE/list 2015-04-16 06:07:27 UTC (rev 33630)
@@ -1,3 +1,581 @@
+CVE-2015-3305
+ RESERVED
+CVE-2015-3304
+ RESERVED
+CVE-2015-3303
+ RESERVED
+CVE-2015-3302
+ RESERVED
+CVE-2015-3301
+ RESERVED
+CVE-2015-3300
+ RESERVED
+CVE-2015-3299
+ RESERVED
+CVE-2015-3298
+ RESERVED
+CVE-2015-3296
+ RESERVED
+CVE-2015-3295
+ RESERVED
+CVE-2015-3294
+ RESERVED
+CVE-2015-3293 (FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain ...)
+ TODO: check
+CVE-2015-3292
+ RESERVED
+CVE-2015-3291
+ RESERVED
+CVE-2015-3290
+ RESERVED
+CVE-2015-3289
+ RESERVED
+CVE-2015-3288
+ RESERVED
+CVE-2015-3287
+ RESERVED
+CVE-2015-3286
+ RESERVED
+CVE-2015-3285
+ RESERVED
+CVE-2015-3284
+ RESERVED
+CVE-2015-3283
+ RESERVED
+CVE-2015-3282
+ RESERVED
+CVE-2015-3281
+ RESERVED
+CVE-2015-3280
+ RESERVED
+CVE-2015-3279
+ RESERVED
+CVE-2015-3278
+ RESERVED
+CVE-2015-3277
+ RESERVED
+CVE-2015-3276
+ RESERVED
+CVE-2015-3275
+ RESERVED
+CVE-2015-3274
+ RESERVED
+CVE-2015-3273
+ RESERVED
+CVE-2015-3272
+ RESERVED
+CVE-2015-3271
+ RESERVED
+CVE-2015-3270
+ RESERVED
+CVE-2015-3269
+ RESERVED
+CVE-2015-3268
+ RESERVED
+CVE-2015-3267
+ RESERVED
+CVE-2015-3266
+ RESERVED
+CVE-2015-3265
+ RESERVED
+CVE-2015-3264
+ RESERVED
+CVE-2015-3263
+ RESERVED
+CVE-2015-3262
+ RESERVED
+CVE-2015-3261
+ RESERVED
+CVE-2015-3260
+ RESERVED
+CVE-2015-3259
+ RESERVED
+CVE-2015-3258
+ RESERVED
+CVE-2015-3257
+ RESERVED
+CVE-2015-3256
+ RESERVED
+CVE-2015-3255
+ RESERVED
+CVE-2015-3254
+ RESERVED
+CVE-2015-3253
+ RESERVED
+CVE-2015-3252
+ RESERVED
+CVE-2015-3251
+ RESERVED
+CVE-2015-3250
+ RESERVED
+CVE-2015-3249
+ RESERVED
+CVE-2015-3248
+ RESERVED
+CVE-2015-3247
+ RESERVED
+CVE-2015-3246
+ RESERVED
+CVE-2015-3245
+ RESERVED
+CVE-2015-3244
+ RESERVED
+CVE-2015-3243
+ RESERVED
+CVE-2015-3242
+ RESERVED
+CVE-2015-3241
+ RESERVED
+CVE-2015-3240
+ RESERVED
+CVE-2015-3239
+ RESERVED
+CVE-2015-3238
+ RESERVED
+CVE-2015-3237
+ RESERVED
+CVE-2015-3236
+ RESERVED
+CVE-2015-3235
+ RESERVED
+CVE-2015-3234
+ RESERVED
+CVE-2015-3233
+ RESERVED
+CVE-2015-3232
+ RESERVED
+CVE-2015-3231
+ RESERVED
+CVE-2015-3230
+ RESERVED
+CVE-2015-3229
+ RESERVED
+CVE-2015-3228
+ RESERVED
+CVE-2015-3227
+ RESERVED
+CVE-2015-3226
+ RESERVED
+CVE-2015-3225
+ RESERVED
+CVE-2015-3224
+ RESERVED
+CVE-2015-3223
+ RESERVED
+CVE-2015-3222
+ RESERVED
+CVE-2015-3221
+ RESERVED
+CVE-2015-3220
+ RESERVED
+CVE-2015-3219
+ RESERVED
+CVE-2015-3218
+ RESERVED
+CVE-2015-3217
+ RESERVED
+CVE-2015-3216
+ RESERVED
+CVE-2015-3215
+ RESERVED
+CVE-2015-3214
+ RESERVED
+CVE-2015-3213
+ RESERVED
+CVE-2015-3212
+ RESERVED
+CVE-2015-3211
+ RESERVED
+CVE-2015-3210
+ RESERVED
+CVE-2015-3209
+ RESERVED
+CVE-2015-3208
+ RESERVED
+CVE-2015-3207
+ RESERVED
+CVE-2015-3206
+ RESERVED
+CVE-2015-3205
+ RESERVED
+CVE-2015-3204
+ RESERVED
+CVE-2015-3203
+ RESERVED
+CVE-2015-3202
+ RESERVED
+CVE-2015-3201
+ RESERVED
+CVE-2015-3200
+ RESERVED
+CVE-2015-3199
+ RESERVED
+CVE-2015-3198
+ RESERVED
+CVE-2015-3197
+ RESERVED
+CVE-2015-3196
+ RESERVED
+CVE-2015-3195
+ RESERVED
+CVE-2015-3194
+ RESERVED
+CVE-2015-3193
+ RESERVED
+CVE-2015-3192
+ RESERVED
+CVE-2015-3191
+ RESERVED
+CVE-2015-3190
+ RESERVED
+CVE-2015-3189
+ RESERVED
+CVE-2015-3188
+ RESERVED
+CVE-2015-3187
+ RESERVED
+CVE-2015-3186
+ RESERVED
+CVE-2015-3185
+ RESERVED
+CVE-2015-3184
+ RESERVED
+CVE-2015-3183
+ RESERVED
+CVE-2015-3182
+ RESERVED
+CVE-2015-3181
+ RESERVED
+CVE-2015-3180
+ RESERVED
+CVE-2015-3179
+ RESERVED
+CVE-2015-3178
+ RESERVED
+CVE-2015-3177
+ RESERVED
+CVE-2015-3176
+ RESERVED
+CVE-2015-3175
+ RESERVED
+CVE-2015-3174
+ RESERVED
+CVE-2015-3173
+ RESERVED
+CVE-2015-3172
+ RESERVED
+CVE-2015-3171
+ RESERVED
+CVE-2015-3170
+ RESERVED
+CVE-2015-3169
+ RESERVED
+CVE-2015-3168
+ RESERVED
+CVE-2015-3167
+ RESERVED
+CVE-2015-3166
+ RESERVED
+CVE-2015-3165
+ RESERVED
+CVE-2015-3164
+ RESERVED
+CVE-2015-3163
+ RESERVED
+CVE-2015-3162
+ RESERVED
+CVE-2015-3161
+ RESERVED
+CVE-2015-3160
+ RESERVED
+CVE-2015-3159
+ RESERVED
+CVE-2015-3158
+ RESERVED
+CVE-2015-3157
+ RESERVED
+CVE-2015-3156
+ RESERVED
+CVE-2015-3155
+ RESERVED
+CVE-2015-3154
+ RESERVED
+CVE-2015-3153
+ RESERVED
+CVE-2015-3152
+ RESERVED
+CVE-2015-3151
+ RESERVED
+CVE-2015-3150
+ RESERVED
+CVE-2015-3149
+ RESERVED
+CVE-2015-3148
+ RESERVED
+CVE-2015-3147
+ RESERVED
+CVE-2015-3146
+ RESERVED
+CVE-2015-3145
+ RESERVED
+CVE-2015-3144
+ RESERVED
+CVE-2015-3143
+ RESERVED
+CVE-2015-3142
+ RESERVED
+CVE-2015-3141
+ RESERVED
+CVE-2015-3140
+ RESERVED
+CVE-2015-3139
+ RESERVED
+CVE-2015-3138
+ RESERVED
+CVE-2015-3137
+ RESERVED
+CVE-2015-3136
+ RESERVED
+CVE-2015-3135
+ RESERVED
+CVE-2015-3134
+ RESERVED
+CVE-2015-3133
+ RESERVED
+CVE-2015-3132
+ RESERVED
+CVE-2015-3131
+ RESERVED
+CVE-2015-3130
+ RESERVED
+CVE-2015-3129
+ RESERVED
+CVE-2015-3128
+ RESERVED
+CVE-2015-3127
+ RESERVED
+CVE-2015-3126
+ RESERVED
+CVE-2015-3125
+ RESERVED
+CVE-2015-3124
+ RESERVED
+CVE-2015-3123
+ RESERVED
+CVE-2015-3122
+ RESERVED
+CVE-2015-3121
+ RESERVED
+CVE-2015-3120
+ RESERVED
+CVE-2015-3119
+ RESERVED
+CVE-2015-3118
+ RESERVED
+CVE-2015-3117
+ RESERVED
+CVE-2015-3116
+ RESERVED
+CVE-2015-3115
+ RESERVED
+CVE-2015-3114
+ RESERVED
+CVE-2015-3113
+ RESERVED
+CVE-2015-3112
+ RESERVED
+CVE-2015-3111
+ RESERVED
+CVE-2015-3110
+ RESERVED
+CVE-2015-3109
+ RESERVED
+CVE-2015-3108
+ RESERVED
+CVE-2015-3107
+ RESERVED
+CVE-2015-3106
+ RESERVED
+CVE-2015-3105
+ RESERVED
+CVE-2015-3104
+ RESERVED
+CVE-2015-3103
+ RESERVED
+CVE-2015-3102
+ RESERVED
+CVE-2015-3101
+ RESERVED
+CVE-2015-3100
+ RESERVED
+CVE-2015-3099
+ RESERVED
+CVE-2015-3098
+ RESERVED
+CVE-2015-3097
+ RESERVED
+CVE-2015-3096
+ RESERVED
+CVE-2015-3095
+ RESERVED
+CVE-2015-3094
+ RESERVED
+CVE-2015-3093
+ RESERVED
+CVE-2015-3092
+ RESERVED
+CVE-2015-3091
+ RESERVED
+CVE-2015-3090
+ RESERVED
+CVE-2015-3089
+ RESERVED
+CVE-2015-3088
+ RESERVED
+CVE-2015-3087
+ RESERVED
+CVE-2015-3086
+ RESERVED
+CVE-2015-3085
+ RESERVED
+CVE-2015-3084
+ RESERVED
+CVE-2015-3083
+ RESERVED
+CVE-2015-3082
+ RESERVED
+CVE-2015-3081
+ RESERVED
+CVE-2015-3080
+ RESERVED
+CVE-2015-3079
+ RESERVED
+CVE-2015-3078
+ RESERVED
+CVE-2015-3077
+ RESERVED
+CVE-2015-3076
+ RESERVED
+CVE-2015-3075
+ RESERVED
+CVE-2015-3074
+ RESERVED
+CVE-2015-3073
+ RESERVED
+CVE-2015-3072
+ RESERVED
+CVE-2015-3071
+ RESERVED
+CVE-2015-3070
+ RESERVED
+CVE-2015-3069
+ RESERVED
+CVE-2015-3068
+ RESERVED
+CVE-2015-3067
+ RESERVED
+CVE-2015-3066
+ RESERVED
+CVE-2015-3065
+ RESERVED
+CVE-2015-3064
+ RESERVED
+CVE-2015-3063
+ RESERVED
+CVE-2015-3062
+ RESERVED
+CVE-2015-3061
+ RESERVED
+CVE-2015-3060
+ RESERVED
+CVE-2015-3059
+ RESERVED
+CVE-2015-3058
+ RESERVED
+CVE-2015-3057
+ RESERVED
+CVE-2015-3056
+ RESERVED
+CVE-2015-3055
+ RESERVED
+CVE-2015-3054
+ RESERVED
+CVE-2015-3053
+ RESERVED
+CVE-2015-3052
+ RESERVED
+CVE-2015-3051
+ RESERVED
+CVE-2015-3050
+ RESERVED
+CVE-2015-3049
+ RESERVED
+CVE-2015-3048
+ RESERVED
+CVE-2015-3047
+ RESERVED
+CVE-2015-3046
+ RESERVED
+CVE-2015-3045
+ RESERVED
+CVE-2015-3044 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
+ TODO: check
+CVE-2015-3043 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
+ TODO: check
+CVE-2015-3042 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
+ TODO: check
+CVE-2015-3041 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
+ TODO: check
+CVE-2015-3040 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
+ TODO: check
+CVE-2015-3039 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 ...)
+ TODO: check
+CVE-2015-3038 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
+ TODO: check
+CVE-2015-3037
+ RESERVED
+CVE-2015-3036
+ RESERVED
+CVE-2015-3035
+ RESERVED
+CVE-2015-3034
+ RESERVED
+CVE-2015-3033
+ RESERVED
+CVE-2015-3032
+ RESERVED
+CVE-2015-3031
+ RESERVED
+CVE-2015-3027 (Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect ...)
+ TODO: check
+CVE-2015-3025
+ RESERVED
+CVE-2015-3024
+ RESERVED
+CVE-2015-3023
+ RESERVED
+CVE-2015-3022
+ RESERVED
+CVE-2015-3021
+ RESERVED
+CVE-2015-3020
+ RESERVED
+CVE-2015-3019
+ RESERVED
+CVE-2015-3018
+ RESERVED
+CVE-2015-3017
+ RESERVED
+CVE-2015-3016
+ RESERVED
+CVE-2015-3015
+ RESERVED
+CVE-2015-3014
+ RESERVED
+CVE-2015-3009
+ RESERVED
+CVE-2014-9716
+ RESERVED
CVE-2015-XXXX [stack buffer overflow]
- sqlite3 <unfixed>
NOTE: http://www.sqlite.org/src/info/c494171f77dc2e5e
@@ -11,6 +589,7 @@
NOTE: https://www.sqlite.org/src/info/eddc05e7bb31fae7
NOTE: http://seclists.org/bugtraq/2015/Apr/97
CVE-2015-3306 [nauthenticated copying of files via SITE CPFR/CPTO allowed by mod_copy]
+ RESERVED
- proftpd-dfsg <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2015/04/15/2
NOTE: https://github.com/proftpd/proftpd/pull/109
@@ -53,8 +632,10 @@
- etherpad-lite <itp> (bug #576998)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/11/10
CVE-2015-3297 [read-only directory traversal in Etherpad Minify]
+ RESERVED
- etherpad-lite <itp> (bug #576998)
CVE-2015-3010 [world-readable keyring permissions]
+ RESERVED
- ceph-deploy <itp> (bug #694013)
NOTE: http://www.openwall.com/lists/oss-security/2015/04/09/9
CVE-2015-XXXX [ntp-keygen may generate non-random symmetric keys on big-endian systems]
@@ -64,7 +645,7 @@
NOTE: https://bugs.ntp.org/show_bug.cgi?id=2797
NOTE: Patch: http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9Ypygg
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/09/5
-CVE-2015-3008 [asterisk: TLS Certificate Common name NULL byte exploit]
+CVE-2015-3008 (Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x ...)
- asterisk <unfixed> (bug #782411)
[squeeze] - asterisk <end-of-life> (Not supported in Squeeze LTS)
NOTE: http://downloads.asterisk.org/pub/security/AST-2015-003.html
@@ -74,14 +655,14 @@
RESERVED
CVE-2015-3006
RESERVED
-CVE-2015-3005
- RESERVED
-CVE-2015-3004
- RESERVED
-CVE-2015-3003
- RESERVED
-CVE-2015-3002
- RESERVED
+CVE-2015-3005 (Cross-site scripting (XSS) vulnerability in the Dynamic VPN in Juniper ...)
+ TODO: check
+CVE-2015-3004 (J-Web in Juniper Junos 11.4 before 11.4R12, 12.1X44 before ...)
+ TODO: check
+CVE-2015-3003 (Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, ...)
+ TODO: check
+CVE-2015-3002 (Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, ...)
+ TODO: check
CVE-2015-3001
RESERVED
CVE-2015-3000
@@ -201,6 +782,7 @@
CVE-2015-2943
RESERVED
CVE-2015-3026 [denial of service vulnerability]
+ RESERVED
- icecast2 <unfixed> (bug #782120)
[wheezy] - icecast2 <not-affected> (stream_auth introduced in 2.3.3)
[squeeze] - icecast2 <not-affected> (stream_auth introduced in 2.3.3)
@@ -212,6 +794,7 @@
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/07/11
TODO: check possibly related gems
CVE-2014-9715 [DoS -- OOPS NULL pointer dereference in nf_nat_setup_info+0x471]
+ RESERVED
- linux 3.14.5-1 (bug #741667)
- linux-2.6 <not-affected> (Introduced in 3.6)
NOTE: http://marc.info/?l=netfilter-devel&m=140112364215200&w=2
@@ -220,6 +803,8 @@
NOTE: Introduced in 3.2.x in https://git.kernel.org/cgit/linux/kernel/git/bwh/linux-3.2.y.git/commit/?id=cc1b75d796ad050c83c95733c4220aaa04fa1304 (v3.2.33)
NOTE: http://www.openwall.com/lists/oss-security/2015/04/08/1
CVE-2013-7439 [4-byte buffer overflow in MakeBigReq]
+ RESERVED
+ {DSA-3224-1 DLA-199-1}
- libx11 2:1.6.0-1
NOTE: http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=39547d600a13713e15429f49768e54c3173c828d
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=56508
@@ -239,19 +824,17 @@
NOTE: open-vm-tools
NOTE: wine-gecko-1.4 (wheezy)
NOTE: list completed by analyzing http://codesearch.debian.net/results/SetReqLen and http://codesearch.debian.net/results/MakeBigReq
-CVE-2015-3030
+CVE-2015-3030 (The web interface in McAfee Advanced Threat Defense (MATD) before ...)
NOT-FOR-US: McAfee Advanced Threat Defense
-CVE-2015-3029
+CVE-2015-3029 (The web interface in McAfee Advanced Threat Defense (MATD) before ...)
NOT-FOR-US: McAfee Advanced Threat Defense
-CVE-2015-3028
+CVE-2015-3028 (McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote ...)
NOT-FOR-US: McAfee Advanced Threat Defense
CVE-2015-2930
RESERVED
-CVE-2015-2926
- RESERVED
+CVE-2015-2926 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: phpTrafficA
-CVE-2014-9714
- RESERVED
+CVE-2014-9714 (Cross-site scripting (XSS) vulnerability in the ...)
- hhvm <itp> (bug #570709)
NOTE: https://github.com/facebook/hhvm/commit/324701c9fd31beb4f070f1b7ef78b115fbdfec34
CVE-2015-XXXX [fixes related to 8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f]
@@ -410,8 +993,8 @@
RESERVED
CVE-2015-2847
RESERVED
-CVE-2015-2846
- RESERVED
+CVE-2015-2846 (BitTorrent Sync allows remote attackers to execute arbitrary commands ...)
+ TODO: check
CVE-2015-2845
RESERVED
CVE-2015-2844
@@ -464,16 +1047,19 @@
NOTE: https://github.com/mate-desktop/caja/issues/398
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/03/12
CVE-2015-3013 [Bypass of file blacklist]
+ RESERVED
[experimental] - owncloud 7.0.5+dfsg-1
- owncloud 7.0.4+dfsg-3
NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-004
CVE-2015-3012 [Multiple stored XSS in "documents" application]
+ RESERVED
[experimental] - owncloud 7.0.5+dfsg-1
- owncloud 7.0.4+dfsg-3
- owncloud-documents <itp> (bug #779358)
NOTE: owncloud-documents fixed in 0.9.0+8.0.0+dfsg-1
NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-002
CVE-2015-3011 [Multiple stored XSS in "contacts" application]
+ RESERVED
[experimental] - owncloud 7.0.5+dfsg-1
- owncloud 7.0.4+dfsg-3
- ownclound-contacts <itp> (bug #779055)
@@ -526,10 +1112,10 @@
NOT-FOR-US: WordPress plugin simple-ads-manager
CVE-2015-2824 (Multiple SQL injection vulnerabilities in sam-ajax-admin.php in the ...)
NOT-FOR-US: WordPress plugin simple-ads-manager
-CVE-2015-2823
- RESERVED
-CVE-2015-2822
- RESERVED
+CVE-2015-2823 (Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA ...)
+ TODO: check
+CVE-2015-2822 (Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 ...)
+ TODO: check
CVE-2015-2821 (TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote ...)
NOT-FOR-US: TYPO3 Neos
CVE-2015-2820 (Buffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote ...)
@@ -574,8 +1160,8 @@
NOTE: implementations.
CVE-2015-2807
RESERVED
-CVE-2015-2831 [Buffer overflow in the handling of the XAUTHORITY env variable]
- RESERVED
+CVE-2015-2831 (Buffer overflow in das_watchdog 0.9.0 allows local users to execute ...)
+ {DSA-3221-1 DLA-194-1}
- das-watchdog 0.9.0-3.1 (bug #781806)
NOTE: Upstream commit: https://github.com/kmatheussen/das_watchdog/commit/bd20bb02e75e2c
NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/8
@@ -614,74 +1200,62 @@
CVE-2015-XXXX [xdeb: disables apt's signature checks]
- xdeb <unfixed> (bug #781595)
[wheezy] - xdeb <no-dsa> (Minor issue)
-CVE-2015-2931 [MediaWiki circumvent the SVG MIME blacklist for embedded resources]
- RESERVED
+CVE-2015-2931 (Incomplete blacklist vulnerability in includes/upload/UploadBase.php ...)
- mediawiki 1:1.19.20+dfsg-2.3
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
-CVE-2015-2932 [MediaWiki incomplete filter of animate elements]
- RESERVED
+CVE-2015-2932 (Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x ...)
- mediawiki 1:1.19.20+dfsg-2.3
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
-CVE-2015-2933 [MediaWiki XSS related to LanguageConverter substitutions]
- RESERVED
+CVE-2015-2933 (Cross-site scripting (XSS) vulnerability in the Html class in ...)
- mediawiki 1:1.19.20+dfsg-2.3
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
-CVE-2015-2934 [MediaWiki bypass of SVG filtering]
- RESERVED
+CVE-2015-2934 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 ...)
- mediawiki 1:1.19.20+dfsg-2.3
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
-CVE-2015-2935 [MediaWiki information leak]
- RESERVED
+CVE-2015-2935 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 ...)
- mediawiki 1:1.19.20+dfsg-2.3
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
-CVE-2015-2936 [MediaWiki DoS]
- RESERVED
+CVE-2015-2936 (MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password ...)
- mediawiki 1:1.19.20+dfsg-2.3
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
-CVE-2015-2937 [MediaWiki quadratic blowup DoS]
- RESERVED
+CVE-2015-2937 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before ...)
- mediawiki 1:1.19.20+dfsg-2.3
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
-CVE-2015-2938 [MediaWiki XSS in preview]
- RESERVED
+CVE-2015-2938 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, ...)
- mediawiki 1:1.19.20+dfsg-2.3
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
-CVE-2015-2939 [MediaWiki XSS in Lua backtraces]
- RESERVED
+CVE-2015-2939 (Cross-site scripting (XSS) vulnerability in the Scribunto extension ...)
- mediawiki 1:1.19.20+dfsg-2.3
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
-CVE-2015-2940 [MediaWiki CSRF]
- RESERVED
+CVE-2015-2940 (Cross-site request forgery (CSRF) vulnerability in the CheckUser ...)
- mediawiki 1:1.19.20+dfsg-2.3
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
-CVE-2015-2941 [MediaWiki XSS on HHVM]
- RESERVED
+CVE-2015-2941 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, ...)
- mediawiki 1:1.19.20+dfsg-2.3 (unimportant)
NOTE: HHVM not packaged in Debian
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
-CVE-2015-2942 [MediaWiki quadractic blowup on HHVM]
- RESERVED
+CVE-2015-2942 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before ...)
- mediawiki 1:1.19.20+dfsg-2.3 (unimportant)
NOTE: HHVM not packaged in Debian
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
@@ -692,14 +1266,13 @@
RESERVED
CVE-2015-2783
RESERVED
-CVE-2015-2781
- RESERVED
+CVE-2015-2781 (Cross-site scripting (XSS) vulnerability in cgi-bin/hotspotlogin.cgi ...)
+ TODO: check
CVE-2015-2780
RESERVED
CVE-2015-2777
RESERVED
-CVE-2015-2775 [Path traversal vulnerability]
- RESERVED
+CVE-2015-2775 (Directory traversal vulnerability in GNU Mailman before 2.1.20, when ...)
{DSA-3214-1 DLA-186-1}
- mailman 1:2.1.18-2 (bug #781626)
NOTE: https://bugs.launchpad.net/mailman/+bug/1437145
@@ -753,8 +1326,8 @@
[wheezy] - ikiwiki <no-dsa> (Minor issue)
[squeeze] - ikiwiki <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/03/30/5
-CVE-2015-2806 [two-byte stack overflow in asn1_der_decoding]
- RESERVED
+CVE-2015-2806 (Stack-based buffer overflow in asn1_der_decoding in libtasn1 before ...)
+ {DSA-3220-1 DLA-195-1}
[experimental] - libtasn1-6 4.4-1
- libtasn1-6 4.2-3
- libtasn1-3 <removed>
@@ -770,8 +1343,7 @@
{DSA-3198-1}
- php5 5.6.7+dfsg-1
NOTE: https://bugs.php.net/68976
-CVE-2015-2782 [buffer overflow]
- RESERVED
+CVE-2015-2782 (Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote ...)
{DSA-3213-1 DLA-188-1}
- arj 3.10.22-13 (bug #774015)
NOTE: http://www.openwall.com/lists/oss-security/2015/03/28/5
@@ -1687,8 +2259,8 @@
NOTE: wheezy-tagged entry as temporary workaround until CVE assigned for issue solved in DSA-3226-1
NOTE: https://github.com/inspircd/inspircd/commit/58c893e834ff20495d007709220881a3ff13f423
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/03/29/5
-CVE-2015-2788 [Buffer Overflow in dbdimp.c]
- RESERVED
+CVE-2015-2788 (Multiple stack-based buffer overflows in the ib_fill_isqlda function ...)
+ {DSA-3219-1}
- libdbd-firebird-perl 1.18-2 (bug #780925)
NOTE: http://www.openwall.com/lists/oss-security/2015/03/30/4
CVE-2015-XXXX [SoapClient's __call() type confusion through unserialize()]
@@ -1696,14 +2268,12 @@
[wheezy] - php5 5.4.39-0+deb7u1
NOTE: https://bugs.php.net/bug.php?id=69085
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/03/20/14
-CVE-2015-2779
- RESERVED
+CVE-2015-2779 (Stack consumption vulnerability in the message splitting functionality ...)
- quassel 1:0.10.0-2.3 (bug #781024)
NOTE: https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8
NOTE: http://www.openwall.com/lists/oss-security/2015/03/20/12
TODO: check affected versions
-CVE-2015-2778
- RESERVED
+CVE-2015-2778 (Quassel before 0.12-rc1 uses an incorrect data-type size when ...)
- quassel 1:0.10.0-2.3 (bug #781024)
NOTE: https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8
NOTE: http://www.openwall.com/lists/oss-security/2015/03/20/12
@@ -1902,8 +2472,8 @@
RESERVED
CVE-2015-2299
RESERVED
-CVE-2015-2295
- RESERVED
+CVE-2015-2295 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
CVE-2015-2294 (Multiple cross-site scripting (XSS) vulnerabilities in the WebGUI in ...)
NOT-FOR-US: pfSense
CVE-2015-2293 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
@@ -2138,8 +2708,8 @@
RESERVED
CVE-2015-2248
RESERVED
-CVE-2015-2247
- RESERVED
+CVE-2015-2247 (Unspecified vulnerability in Boosted Boards skateboards allows ...)
+ TODO: check
CVE-2015-2246
RESERVED
CVE-2015-2245
@@ -2216,8 +2786,8 @@
RESERVED
CVE-2015-2224
RESERVED
-CVE-2015-2223
- RESERVED
+CVE-2015-2223 (Multiple cross-site scripting (XSS) vulnerabilities in Palo Alto ...)
+ TODO: check
CVE-2015-2222
RESERVED
CVE-2015-2221
@@ -2313,7 +2883,7 @@
[squeeze] - wireshark <not-affected> (Only affects 1.12.x)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11024
CVE-2015-2191 (Integer overflow in the dissect_tnef function in ...)
- {DSA-3210-1}
+ {DSA-3210-1 DLA-198-1}
- wireshark 1.12.1+g01b65bf-4 (bug #780372)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11023
CVE-2015-2190 (epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly ...)
@@ -2327,7 +2897,7 @@
[squeeze] - wireshark <not-affected> (Vulnerable code not present)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10895
CVE-2015-2188 (epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x ...)
- {DSA-3210-1}
+ {DSA-3210-1 DLA-198-1}
- wireshark 1.12.1+g01b65bf-4 (bug #780372)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10844
CVE-2015-2187 (The dissect_atn_cpdlc_heur function in ...)
@@ -2491,14 +3061,11 @@
RESERVED
CVE-2015-2115
RESERVED
-CVE-2015-2114
- RESERVED
+CVE-2015-2114 (HP Support Solution Framework before 11.51.0049 allows remote ...)
NOT-FOR-US: HP Support Solution Framework
-CVE-2015-2113
- RESERVED
+CVE-2015-2113 (Unspecified vulnerability in HP Easy Deploy, as distributed standalone ...)
NOT-FOR-US: HP Thin Clients
-CVE-2015-2112
- RESERVED
+CVE-2015-2112 (Unspecified vulnerability in HP Easy Deploy, as distributed standalone ...)
NOT-FOR-US: HP Thin Clients
CVE-2015-2111 (Unspecified vulnerability in HP Intelligent Provisioning 1.40 through ...)
NOT-FOR-US: HP Intelligent Provisioning
@@ -3017,10 +3584,10 @@
RESERVED
CVE-2015-1899
RESERVED
-CVE-2015-1898
- RESERVED
-CVE-2015-1897
- RESERVED
+CVE-2015-1898 (Stack-based buffer overflow in the FastBackMount process in IBM Tivoli ...)
+ TODO: check
+CVE-2015-1897 (Stack-based buffer overflow in the FastBackMount process in IBM Tivoli ...)
+ TODO: check
CVE-2015-1896
RESERVED
CVE-2015-1895
@@ -3158,6 +3725,7 @@
RESERVED
CVE-2015-1853 [authentication doesn't protect symmetric associations against DoS attacks]
RESERVED
+ {DSA-3222-1 DLA-193-1}
- chrony 1.30-2 (bug #782160)
NOTE: Fix: http://git.tuxfamily.org/chrony/chrony.git/commit/?h=1.31-security&id=d856bd34c4862398411d29200520e3a3b1d4569e
CVE-2015-1852 [S3Token TLS cert verification option not honored]
@@ -3187,8 +3755,7 @@
- foreman <itp> (bug #663101)
CVE-2015-1843 (The Red Hat docker package before 1.5.0-28, when using the ...)
- docker.io <not-affected> (RHEL specific problem)
-CVE-2015-1842
- RESERVED
+CVE-2015-1842 (The puppet manifests in the Red Hat openstack-puppet-modules package ...)
NOT-FOR-US: openstack-puppet-modules
CVE-2015-1841
RESERVED
@@ -3232,10 +3799,12 @@
RESERVED
CVE-2015-1822 [uninitialized pointer in cmdmon reply slots]
RESERVED
+ {DSA-3222-1 DLA-193-1}
- chrony 1.30-2 (bug #782160)
NOTE: Fix: http://git.tuxfamily.org/chrony/chrony.git/commit/?h=1.31-security&id=79eacdb7e694c7e6681b68006425df3faca51aec
CVE-2015-1821 [Heap out of bound write in address filter]
RESERVED
+ {DSA-3222-1 DLA-193-1}
- chrony 1.30-2 (bug #782160)
NOTE: Fix: http://git.tuxfamily.org/chrony/chrony.git/commit/?h=1.31-security&id=cf19042ecb656b8afec0cc4906e7dd3ea9266ac8
CVE-2015-1820 [session fixation vulnerability]
@@ -3320,10 +3889,12 @@
CVE-2015-1800
RESERVED
CVE-2015-1799 (The symmetric-key feature in the receive function in ntp_proto.c in ...)
+ {DSA-3223-1 DLA-192-1}
- ntp 1:4.2.6.p5+dfsg-6 (bug #782095)
NOTE: http://bugs.ntp.org/show_bug.cgi?id=2781
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#Authentication_doesn_t_protect_s
CVE-2015-1798 (The symmetric-key feature in the receive function in ntp_proto.c in ...)
+ {DSA-3223-1 DLA-192-1}
- ntp 1:4.2.6.p5+dfsg-6 (bug #782095)
NOTE: http://bugs.ntp.org/show_bug.cgi?id=2779
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#ntpd_accepts_unauthenticated_pac
@@ -3612,74 +4183,74 @@
RESERVED
CVE-2015-1669
RESERVED
-CVE-2015-1668
- RESERVED
-CVE-2015-1667
- RESERVED
-CVE-2015-1666
- RESERVED
-CVE-2015-1665
- RESERVED
+CVE-2015-1668 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1667 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1666 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1665 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
CVE-2015-1664
RESERVED
CVE-2015-1663
RESERVED
-CVE-2015-1662
- RESERVED
-CVE-2015-1661
- RESERVED
-CVE-2015-1660
- RESERVED
-CVE-2015-1659
- RESERVED
+CVE-2015-1662 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2015-1661 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1660 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
+ TODO: check
+CVE-2015-1659 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
CVE-2015-1658
RESERVED
-CVE-2015-1657
- RESERVED
+CVE-2015-1657 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
CVE-2015-1656
RESERVED
CVE-2015-1655
RESERVED
CVE-2015-1654
RESERVED
-CVE-2015-1653
- RESERVED
-CVE-2015-1652
- RESERVED
-CVE-2015-1651
- RESERVED
-CVE-2015-1650
- RESERVED
-CVE-2015-1649
- RESERVED
-CVE-2015-1648
- RESERVED
-CVE-2015-1647
- RESERVED
-CVE-2015-1646
- RESERVED
-CVE-2015-1645
- RESERVED
-CVE-2015-1644
- RESERVED
-CVE-2015-1643
- RESERVED
+CVE-2015-1653 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...)
+ TODO: check
+CVE-2015-1652 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1651 (Use-after-free vulnerability in Microsoft Word 2007 SP3, Word Viewer, ...)
+ TODO: check
+CVE-2015-1650 (Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 ...)
+ TODO: check
+CVE-2015-1649 (Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 ...)
+ TODO: check
+CVE-2015-1648 (ASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, ...)
+ TODO: check
+CVE-2015-1647 (Virtual Machine Manager (VMM) in Hyper-V in Microsoft Windows 8.1 and ...)
+ TODO: check
+CVE-2015-1646 (Microsoft XML Core Services (aka MSXML) 3.0 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1645 (Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server ...)
+ TODO: check
+CVE-2015-1644 (Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server ...)
+ TODO: check
+CVE-2015-1643 (Microsoft Windows Server 2003 R2, Windows Vista SP2, Windows Server ...)
+ TODO: check
CVE-2015-1642
RESERVED
-CVE-2015-1641
- RESERVED
-CVE-2015-1640
- RESERVED
-CVE-2015-1639
- RESERVED
-CVE-2015-1638
- RESERVED
+CVE-2015-1641 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...)
+ TODO: check
+CVE-2015-1640 (Cross-site scripting (XSS) vulnerability in Microsoft Project Server ...)
+ TODO: check
+CVE-2015-1639 (Cross-site scripting (XSS) vulnerability in Microsoft Office for Mac ...)
+ TODO: check
+CVE-2015-1638 (Microsoft Active Directory Federation Services (AD FS) 3.0 on Windows ...)
+ TODO: check
CVE-2015-1637 (Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, ...)
NOT-FOR-US: Microsoft
CVE-2015-1636 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...)
NOT-FOR-US: Microsoft
-CVE-2015-1635
- RESERVED
+CVE-2015-1635 (HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, ...)
+ TODO: check
CVE-2015-1634 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1633 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...)
@@ -3797,8 +4368,7 @@
- linux 3.16.7-ckt4-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=942080643bce061c3dd9d5718d3b745dcb39a8bc (v3.19-rc1)
-CVE-2013-7436 [session hijack through insecurely set session token cookies]
- RESERVED
+CVE-2013-7436 (noVNC before 0.5 does not set the secure flag for a cookie in an https ...)
- novnc 1:0.4+dfsg+1+20131010+gitf68af8af3d-4 (bug #778618)
[wheezy] - novnc <not-affected> (Only an issue in combination with later OpenStack components)
NOTE: https://github.com/kanaka/noVNC/commit/ad941faddead705cd611921730054767a0b32dcd
@@ -4618,8 +5188,8 @@
RESERVED
CVE-2015-1416
RESERVED
-CVE-2015-1415
- RESERVED
+CVE-2015-1415 (The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when ...)
+ TODO: check
CVE-2015-1414 (Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 ...)
{DSA-3175-1}
- kfreebsd-10 10.1~svn274115-4 (bug #779195)
@@ -4863,8 +5433,7 @@
[experimental] - apport <unfixed>
NOTE: apport only in experimental, so we cannot track this in security-tracker
NOTE: add it, as we have a explicit (bug) reference for apport
-CVE-2015-1317
- RESERVED
+CVE-2015-1317 (Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before ...)
NOT-FOR-US: Oxide
CVE-2015-1316
RESERVED
@@ -5458,168 +6027,135 @@
RESERVED
CVE-2015-1150
RESERVED
-CVE-2015-1149
- RESERVED
-CVE-2015-1148
- RESERVED
-CVE-2015-1147
- RESERVED
-CVE-2015-1146
- RESERVED
-CVE-2015-1145
- RESERVED
-CVE-2015-1144
- RESERVED
-CVE-2015-1143
- RESERVED
-CVE-2015-1142
- RESERVED
-CVE-2015-1141
- RESERVED
-CVE-2015-1140
- RESERVED
-CVE-2015-1139
- RESERVED
-CVE-2015-1138
- RESERVED
-CVE-2015-1137
- RESERVED
-CVE-2015-1136
- RESERVED
-CVE-2015-1135
- RESERVED
-CVE-2015-1134
- RESERVED
-CVE-2015-1133
- RESERVED
-CVE-2015-1132
- RESERVED
-CVE-2015-1131
- RESERVED
-CVE-2015-1130
- RESERVED
-CVE-2015-1129
- RESERVED
-CVE-2015-1128
- RESERVED
-CVE-2015-1127
- RESERVED
-CVE-2015-1126
- RESERVED
-CVE-2015-1125
- RESERVED
-CVE-2015-1124
- RESERVED
-CVE-2015-1123
- RESERVED
-CVE-2015-1122
- RESERVED
-CVE-2015-1121
- RESERVED
-CVE-2015-1120
- RESERVED
-CVE-2015-1119
- RESERVED
-CVE-2015-1118
- RESERVED
-CVE-2015-1117
- RESERVED
+CVE-2015-1149 (Integer overflow in the simulator in Swift in Apple Xcode before 6.3 ...)
+ TODO: check
+CVE-2015-1148 (Screen Sharing in Apple OS X before 10.10.3 stores the password of a ...)
+ TODO: check
+CVE-2015-1147 (Open Directory Client in Apple OS X before 10.10.3 sends unencrypted ...)
+ TODO: check
+CVE-2015-1146 (The Code Signing implementation in Apple OS X before 10.10.3 does not ...)
+ TODO: check
+CVE-2015-1145 (The Code Signing implementation in Apple OS X before 10.10.3 does not ...)
+ TODO: check
+CVE-2015-1144 (Buffer overflow in the UniformTypeIdentifiers component in Apple OS X ...)
+ TODO: check
+CVE-2015-1143 (LaunchServices in Apple OS X before 10.10.3 allows local users to gain ...)
+ TODO: check
+CVE-2015-1142 (LaunchServices in Apple OS X before 10.10.3 allows local users to ...)
+ TODO: check
+CVE-2015-1141 (The mach_vm_read functionality in the kernel in Apple OS X before ...)
+ TODO: check
+CVE-2015-1140 (Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows ...)
+ TODO: check
+CVE-2015-1139 (ImageIO in Apple OS X before 10.10.3 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1138 (Hypervisor in Apple OS X before 10.10.3 allows local users to cause a ...)
+ TODO: check
+CVE-2015-1137 (The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local ...)
+ TODO: check
+CVE-2015-1136 (Use-after-free vulnerability in CoreAnimation in Apple OS X before ...)
+ TODO: check
+CVE-2015-1135 (fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows ...)
+ TODO: check
+CVE-2015-1134 (fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows ...)
+ TODO: check
+CVE-2015-1133 (fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows ...)
+ TODO: check
+CVE-2015-1132 (fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows ...)
+ TODO: check
+CVE-2015-1131 (fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows ...)
+ TODO: check
+CVE-2015-1130 (The XPC implementation in Admin Framework in Apple OS X before 10.10.3 ...)
+ TODO: check
+CVE-2015-1129 (Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does ...)
+ TODO: check
+CVE-2015-1128 (The private-browsing implementation in Apple Safari before 6.2.5, 7.x ...)
+ TODO: check
+CVE-2015-1127 (The private-browsing implementation in WebKit in Apple Safari before ...)
+ TODO: check
+CVE-2015-1126 (WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, ...)
+ TODO: check
+CVE-2015-1125 (The touch-events implementation in WebKit in Apple iOS before 8.3 ...)
+ TODO: check
+CVE-2015-1124 (WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and ...)
+ TODO: check
+CVE-2015-1123 (WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, ...)
+ TODO: check
+CVE-2015-1122 (WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and ...)
+ TODO: check
+CVE-2015-1121 (WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and ...)
+ TODO: check
+CVE-2015-1120 (WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and ...)
+ TODO: check
+CVE-2015-1119 (WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and ...)
+ TODO: check
+CVE-2015-1118 (libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and ...)
+ TODO: check
+CVE-2015-1117 (The (1) setreuid and (2) setregid system-call implementations in the ...)
NOT-FOR-US: iOS
-CVE-2015-1116
- RESERVED
+CVE-2015-1116 (The UIKit View component in Apple iOS before 8.3 displays unblurred ...)
NOT-FOR-US: iOS
-CVE-2015-1115
- RESERVED
+CVE-2015-1115 (The Telephony component in Apple iOS before 8.3 allows attackers to ...)
NOT-FOR-US: iOS
-CVE-2015-1114
- RESERVED
+CVE-2015-1114 (The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV ...)
NOT-FOR-US: iOS
-CVE-2015-1113
- RESERVED
+CVE-2015-1113 (The Sandbox Profiles component in Apple iOS before 8.3 allows ...)
NOT-FOR-US: iOS
-CVE-2015-1112
- RESERVED
+CVE-2015-1112 (Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as ...)
NOT-FOR-US: iOS
-CVE-2015-1111
- RESERVED
+CVE-2015-1111 (Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs ...)
NOT-FOR-US: iOS
-CVE-2015-1110
- RESERVED
+CVE-2015-1110 (The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 ...)
NOT-FOR-US: iOS
-CVE-2015-1109
- RESERVED
+CVE-2015-1109 (NetworkExtension in Apple iOS before 8.3 stores credentials in VPN ...)
NOT-FOR-US: iOS
-CVE-2015-1108
- RESERVED
+CVE-2015-1108 (The Lock Screen component in Apple iOS before 8.3 does not properly ...)
NOT-FOR-US: iOS
-CVE-2015-1107
- RESERVED
+CVE-2015-1107 (The Lock Screen component in Apple iOS before 8.3 does not properly ...)
NOT-FOR-US: iOS
-CVE-2015-1106
- RESERVED
+CVE-2015-1106 (The QuickType feature in the Keyboards subsystem in Apple iOS before ...)
NOT-FOR-US: iOS
-CVE-2015-1105
- RESERVED
+CVE-2015-1105 (The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS ...)
NOT-FOR-US: iOS
-CVE-2015-1104
- RESERVED
+CVE-2015-1104 (The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and ...)
NOT-FOR-US: iOS
-CVE-2015-1103
- RESERVED
+CVE-2015-1103 (The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and ...)
NOT-FOR-US: iOS
-CVE-2015-1102
- RESERVED
+CVE-2015-1102 (The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and ...)
NOT-FOR-US: iOS
-CVE-2015-1101
- RESERVED
+CVE-2015-1101 (The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and ...)
NOT-FOR-US: iOS
-CVE-2015-1100
- RESERVED
+CVE-2015-1100 (The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and ...)
NOT-FOR-US: iOS
-CVE-2015-1099
- RESERVED
+CVE-2015-1099 (Race condition in the setreuid system-call implementation in the ...)
NOT-FOR-US: iOS
-CVE-2015-1098
- RESERVED
+CVE-2015-1098 (iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows ...)
NOT-FOR-US: iOS
-CVE-2015-1097
- RESERVED
+CVE-2015-1097 (IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 ...)
NOT-FOR-US: iOS
-CVE-2015-1096
- RESERVED
+CVE-2015-1096 (IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and ...)
NOT-FOR-US: iOS
-CVE-2015-1095
- RESERVED
+CVE-2015-1095 (IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and ...)
NOT-FOR-US: iOS
-CVE-2015-1094
- RESERVED
+CVE-2015-1094 (IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 ...)
NOT-FOR-US: iOS
-CVE-2015-1093
- RESERVED
+CVE-2015-1093 (FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 ...)
NOT-FOR-US: iOS
-CVE-2015-1092
- RESERVED
+CVE-2015-1092 (NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before ...)
NOT-FOR-US: iOS
-CVE-2015-1091
- RESERVED
+CVE-2015-1091 (The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X ...)
NOT-FOR-US: iOS
-CVE-2015-1090
- RESERVED
+CVE-2015-1090 (CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict ...)
NOT-FOR-US: iOS
-CVE-2015-1089
- RESERVED
+CVE-2015-1089 (CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does ...)
NOT-FOR-US: iOS
-CVE-2015-1088
- RESERVED
+CVE-2015-1088 (CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not ...)
NOT-FOR-US: iOS
-CVE-2015-1087
- RESERVED
+CVE-2015-1087 (Directory traversal vulnerability in Backup in Apple iOS before 8.3 ...)
NOT-FOR-US: iOS
-CVE-2015-1086
- RESERVED
+CVE-2015-1086 (The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV ...)
NOT-FOR-US: iOS
-CVE-2015-1085
- RESERVED
+CVE-2015-1085 (AppleKeyStore in Apple iOS before 8.3 does not properly restrict a ...)
NOT-FOR-US: iOS
CVE-2015-1084 (The user interface in WebKit, as used in Apple Safari before 6.2.4, ...)
NOT-FOR-US: Safari
@@ -6446,10 +6982,10 @@
RESERVED
CVE-2015-0908
RESERVED
-CVE-2015-0907
- RESERVED
-CVE-2015-0906
- RESERVED
+CVE-2015-0907 (Buffer overflow in Lhaplus before 1.70 allows remote attackers to ...)
+ TODO: check
+CVE-2015-0906 (Directory traversal vulnerability in Lhaplus before 1.70 allows remote ...)
+ TODO: check
CVE-2015-0905 (Cross-site request forgery (CSRF) vulnerability in bBlog allows remote ...)
NOT-FOR-US: bBlog
CVE-2015-0904
@@ -6497,7 +7033,7 @@
[wheezy] - libjbcrypt-java <no-dsa> (Minor issue)
[squeeze] - libjbcrypt-java <no-dsa> (Minor issue)
CVE-2015-0885 (checkpw 1.02 and earlier allows remote attackers to cause a denial of ...)
- {DSA-3192-1}
+ {DSA-3192-1 DLA-191-1}
- checkpw 1.02-1.1 (bug #780139)
CVE-2015-0884 (Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack ...)
NOT-FOR-US: Toshiba Bluetooth Stack
@@ -6587,10 +7123,11 @@
RESERVED
CVE-2015-0845
RESERVED
+ {DSA-3227-1}
- movabletype-opensource <removed>
NOTE: https://movabletype.org/news/2015/04/movable_type_608_and_5213_released_to_close_security_vulnera.html
-CVE-2015-0844
- RESERVED
+CVE-2015-0844 (The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x ...)
+ {DSA-3218-1}
- wesnoth-1.12 1:1.12.2-1
- wesnoth-1.10 1:1.10.7-2
CVE-2015-0843
@@ -6603,8 +7140,8 @@
[experimental] - monopd 0.9.8-1
- monopd <unfixed> (bug #781043; unimportant)
NOTE: Not exploitable with dlmalloc
-CVE-2015-0840
- RESERVED
+CVE-2015-0840 (The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x ...)
+ {DSA-3217-1}
- dpkg 1.17.25
NOTE: Ubuntu fix for 1.15.x (version in squeeze): http://launchpadlibrarian.net/202647129/dpkg_1.15.5.6ubuntu4.9_1.15.5.6ubuntu4.10.diff.gz
CVE-2015-0839
@@ -6615,7 +7152,7 @@
[jessie] - dulwich 0.9.7-3
CVE-2015-0837 [data-dependent timing variations in modular exponentiation]
RESERVED
- {DSA-3185-1 DSA-3184-1 DLA-175-1}
+ {DSA-3185-1 DSA-3184-1 DLA-190-1 DLA-175-1}
- libgcrypt11 <removed>
- libgcrypt20 1.6.3-2
- gnupg 1.4.18-7
@@ -6779,6 +7316,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-43/
CVE-2015-0797
RESERVED
+ {DSA-3225-1}
- gst-plugins-bad0.10 <unfixed>
CVE-2015-0796
RESERVED
@@ -6979,23 +7517,23 @@
RESERVED
CVE-2015-0700
RESERVED
-CVE-2015-0699
- RESERVED
-CVE-2015-0698
- RESERVED
-CVE-2015-0697
- RESERVED
-CVE-2015-0696
- RESERVED
+CVE-2015-0699 (SQL injection vulnerability in the Interactive Voice Response (IVR) ...)
+ TODO: check
+CVE-2015-0698 (Multiple cross-site scripting (XSS) vulnerabilities in filter search ...)
+ TODO: check
+CVE-2015-0697 (Open redirect vulnerability in the login page in Cisco TC Software ...)
+ TODO: check
+CVE-2015-0696 (Cross-site scripting (XSS) vulnerability in the login page in Cisco TC ...)
+ TODO: check
CVE-2015-0695
RESERVED
NOT-FOR-US: Cisco IOS
-CVE-2015-0694
- RESERVED
-CVE-2015-0693
- RESERVED
-CVE-2015-0692
- RESERVED
+CVE-2015-0694 (Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that ...)
+ TODO: check
+CVE-2015-0693 (Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 ...)
+ TODO: check
+CVE-2015-0692 (Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 ...)
+ TODO: check
CVE-2015-0691
RESERVED
NOT-FOR-US: Cisco Secure Desktop Cache Cleaner
@@ -7023,17 +7561,13 @@
NOT-FOR-US: Cisco
CVE-2015-0679 (The web-authentication functionality on Cisco Wireless LAN Controller ...)
NOT-FOR-US: Cisco
-CVE-2015-0678
- RESERVED
+CVE-2015-0678 (The virtualization layer in Cisco ASA FirePOWER Software before ...)
NOT-FOR-US: Cisco ASA
-CVE-2015-0677
- RESERVED
+CVE-2015-0677 (The XML parser in Cisco Adaptive Security Appliance (ASA) Software 8.4 ...)
NOT-FOR-US: Cisco ASA
-CVE-2015-0676
- RESERVED
+CVE-2015-0676 (The DNS implementation in Cisco Adaptive Security Appliance (ASA) ...)
NOT-FOR-US: Cisco ASA
-CVE-2015-0675
- RESERVED
+CVE-2015-0675 (The failover ipsec implementation in Cisco Adaptive Security Appliance ...)
NOT-FOR-US: Cisco ASA
CVE-2015-0674
RESERVED
@@ -7449,10 +7983,11 @@
[wheezy] - roundcube <no-dsa> (Minor issue)
NOTE: https://github.com/roundcube/roundcubemail/commit/376cbfd4f2dfcf455717409b70d9d056cbeb08b1
CVE-2015-0564 (Buffer underflow in the ssl_decrypt_record function in ...)
- {DSA-3141-1}
+ {DSA-3141-1 DLA-198-1}
- wireshark 1.12.1+g01b65bf-3 (bug #776135)
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-05.html
CVE-2015-0563 (epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark ...)
+ {DLA-198-1}
- wireshark 1.12.1+g01b65bf-3 (bug #776135)
[squeeze] - wireshark <not-affected> (Only affected 1.10)
[wheezy] - wireshark <not-affected> (Only affected 1.10)
@@ -7553,8 +8088,7 @@
NOT-FOR-US: illumos
CVE-2014-9490 (The numtok function in lib/raven/okjson.rb in the raven-ruby gem ...)
NOT-FOR-US: raven ruby gem
-CVE-2014-9488 [buffer overflow with invalid UTF-8]
- RESERVED
+CVE-2014-9488 (The is_utf8_well_formed function in GNU less before 475 allows remote ...)
- less <unfixed> (unimportant; bug #780247)
NOTE: http://www.openwall.com/lists/oss-security/2015/03/10/14
NOTE: https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html
@@ -7811,12 +8345,10 @@
[jessie] - arc <no-dsa> (Minor issue)
[wheezy] - arc <no-dsa> (Minor issue)
[squeeze] - arc <no-dsa> (Minor issue)
-CVE-2015-0557 [directory traversal via //multiple/leading/slash]
- RESERVED
+CVE-2015-0557 (Open-source ARJ archiver 3.10.22 does not properly remove leading ...)
{DSA-3213-1 DLA-188-1}
- arj 3.10.22-13 (low; bug #774435)
-CVE-2015-0556 [symlink directory traversal]
- RESERVED
+CVE-2015-0556 (Open-source ARJ archiver 3.10.22 allows remote attackers to conduct ...)
{DSA-3213-1 DLA-188-1}
- arj 3.10.22-13 (low; bug #774434)
CVE-2014-9529 (Race condition in the key_gc_unused_keys function in ...)
@@ -8104,7 +8636,7 @@
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
- NOTE: Possibly specific to Oracle Java
+ NOTE: Possibly specific to Oracle Java
CVE-2015-0490
RESERVED
CVE-2015-0489
@@ -8166,7 +8698,7 @@
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
- NOTE: Possibly specific to Oracle Java
+ NOTE: Possibly specific to Oracle Java
CVE-2015-0469
RESERVED
- openjdk-6 6b35-1.13.7-1
@@ -8198,7 +8730,7 @@
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
- NOTE: Possibly specific to Oracle Java
+ NOTE: Possibly specific to Oracle Java
CVE-2015-0458
RESERVED
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
@@ -8825,8 +9357,8 @@
RESERVED
CVE-2014-9312
RESERVED
-CVE-2014-9311
- RESERVED
+CVE-2014-9311 (Cross-site scripting (XSS) vulnerability in admin.php in the ...)
+ TODO: check
CVE-2014-9310
RESERVED
CVE-2014-9309
@@ -9120,38 +9652,38 @@
[squeeze] - mpfr4 <no-dsa> (Minor issue)
[wheezy] - mpfr4 <no-dsa> (Minor issue)
NOTE: https://gforge.inria.fr/scm/viewvc.php?view=rev&root=mpfr&revision=9243
-CVE-2015-0360
- RESERVED
-CVE-2015-0359
- RESERVED
-CVE-2015-0358
- RESERVED
-CVE-2015-0357
- RESERVED
-CVE-2015-0356
- RESERVED
-CVE-2015-0355
- RESERVED
-CVE-2015-0354
- RESERVED
-CVE-2015-0353
- RESERVED
-CVE-2015-0352
- RESERVED
-CVE-2015-0351
- RESERVED
-CVE-2015-0350
- RESERVED
-CVE-2015-0349
- RESERVED
-CVE-2015-0348
- RESERVED
-CVE-2015-0347
- RESERVED
-CVE-2015-0346
- RESERVED
-CVE-2015-0345
- RESERVED
+CVE-2015-0360 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
+ TODO: check
+CVE-2015-0359 (Double free vulnerability in Adobe Flash Player before 13.0.0.281 and ...)
+ TODO: check
+CVE-2015-0358 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 ...)
+ TODO: check
+CVE-2015-0357 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
+ TODO: check
+CVE-2015-0356 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
+ TODO: check
+CVE-2015-0355 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
+ TODO: check
+CVE-2015-0354 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
+ TODO: check
+CVE-2015-0353 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
+ TODO: check
+CVE-2015-0352 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
+ TODO: check
+CVE-2015-0351 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 ...)
+ TODO: check
+CVE-2015-0350 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
+ TODO: check
+CVE-2015-0349 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 ...)
+ TODO: check
+CVE-2015-0348 (Buffer overflow in Adobe Flash Player before 13.0.0.281 and 14.x ...)
+ TODO: check
+CVE-2015-0347 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
+ TODO: check
+CVE-2015-0346 (Double free vulnerability in Adobe Flash Player before 13.0.0.281 and ...)
+ TODO: check
+CVE-2015-0345 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before ...)
+ TODO: check
CVE-2015-0344
RESERVED
CVE-2015-0343
@@ -9329,10 +9861,10 @@
RESERVED
CVE-2014-9147
RESERVED
-CVE-2014-9146
- RESERVED
-CVE-2014-9145
- RESERVED
+CVE-2014-9146 (Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS ...)
+ TODO: check
+CVE-2014-9145 (Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow ...)
+ TODO: check
CVE-2014-9144 (Technicolor Router TD5130 with firmware 2.05.C29GV allows remote ...)
NOT-FOR-US: Technicolor routers
CVE-2014-9143 (Open redirect vulnerability in Technicolor Router TD5130 with firmware ...)
@@ -10045,8 +10577,7 @@
{DSA-3199-1 DLA-181-1}
- xerces-c 3.1.1-5.1 (bug #780827)
NOTE: http://svn.apache.org/viewvc?view=revision&revision=1667870
-CVE-2015-0251 [(mod_dav_svn) spoofing svn:author property values for new revisions]
- RESERVED
+CVE-2015-0251 (The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 ...)
- subversion 1.8.10-6
NOTE: https://subversion.apache.org/security/CVE-2015-0251-advisory.txt
CVE-2015-0250 (XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) ...)
@@ -10059,8 +10590,7 @@
CVE-2015-0249
RESERVED
NOT-FOR-US: Apache Roller
-CVE-2015-0248 [(mod_dav_svn) remote denial of service with certain requests with dynamically evaluated revision numbers]
- RESERVED
+CVE-2015-0248 (The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 ...)
- subversion 1.8.10-6
NOTE: https://subversion.apache.org/security/CVE-2015-0248-advisory.txt
CVE-2015-0247 (Heap-based buffer overflow in openfs.c in the libext2fs library in ...)
@@ -10267,8 +10797,7 @@
RESERVED
- qpid-cpp <unfixed> (bug #775359)
[wheezy] - qpid-cpp <no-dsa> (Minor issue)
-CVE-2015-0202 [(mod_dav_svn) remote denial of service with certain REPORT requests]
- RESERVED
+CVE-2015-0202 (The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows ...)
- subversion 1.8.10-6
[wheezy] - subversion <not-affected> (Vulnerability introduced with 1.8.0)
[squeeze] - subversion <not-affected> (Vulnerability introduced with 1.8.0)
@@ -10479,8 +11008,8 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0099 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2015-0098
- RESERVED
+CVE-2015-0098 (Task Scheduler in Microsoft Windows 7 SP1 and Windows Server 2008 R2 ...)
+ TODO: check
CVE-2015-0097 (Microsoft Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Excel ...)
NOT-FOR-US: Microsoft
CVE-2015-0096 (Untrusted search path vulnerability in Microsoft Windows Server 2003 ...)
@@ -11569,27 +12098,27 @@
NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26456
NOTE: Patch here: http://trac.imagemagick.org/changeset/16872
CVE-2014-8714 (The dissect_write_structured_field function in ...)
- {DSA-3076-1}
+ {DSA-3076-1 DLA-198-1}
- wireshark 1.12.1+g01b65bf-2 (bug #769410)
NOTE: https://www.wireshark.org/security/wnpa-sec-2014-23.html
NOTE: Versions 1.12.0 to 1.12.1, and 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11.
CVE-2014-8713 (Stack-based buffer overflow in the build_expert_data function in ...)
- {DSA-3076-1}
+ {DSA-3076-1 DLA-198-1}
- wireshark 1.12.1+g01b65bf-2 (bug #769410)
NOTE: https://www.wireshark.org/security/wnpa-sec-2014-22.html
NOTE: Versions 1.12.0 to 1.12.1, and 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11.
CVE-2014-8712 (The build_expert_data function in epan/dissectors/packet-ncp2222.inc ...)
- {DSA-3076-1}
+ {DSA-3076-1 DLA-198-1}
- wireshark 1.12.1+g01b65bf-2 (bug #769410)
NOTE: https://www.wireshark.org/security/wnpa-sec-2014-22.html
NOTE: Versions 1.12.0 to 1.12.1, and 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11.
CVE-2014-8711 (Multiple integer overflows in epan/dissectors/packet-amqp.c in the ...)
- {DSA-3076-1}
+ {DSA-3076-1 DLA-198-1}
- wireshark 1.12.1+g01b65bf-2 (bug #769410)
NOTE: https://www.wireshark.org/security/wnpa-sec-2014-21.html
NOTE: Versions 1.12.0 to 1.12.1, and 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11.
CVE-2014-8710 (The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the ...)
- {DSA-3076-1}
+ {DSA-3076-1 DLA-198-1}
- wireshark 1.12.1+g01b65bf-2 (bug #769410)
NOTE: https://www.wireshark.org/security/wnpa-sec-2014-20.html
NOTE: Versions 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11.
@@ -12299,8 +12828,7 @@
RESERVED
CVE-2014-8361
RESERVED
-CVE-2014-8360 [glpi: class autoloading issue]
- RESERVED
+CVE-2014-8360 (Directory traversal vulnerability in inc/autoload.function.php in GLPI ...)
- glpi <unfixed> (unimportant)
NOTE: Only supported behind an authenticated HTTP zone
NOTE: original bug: https://forge.indepnet.net/issues/5101
@@ -13136,7 +13664,7 @@
{DSA-3095-1 DLA-120-1}
- xorg-server 2:1.16.2.901-1
CVE-2014-8090 (The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x ...)
- {DSA-3159-1 DSA-3157-1 DLA-88-1}
+ {DSA-3159-1 DSA-3157-1 DLA-200-1 DLA-88-1}
- ruby1.8 <not-affected> (Incomplete fix never relesed for 1.9)
- ruby1.9.1 <not-affected> (Incomplete fix never relesed for 1.9)
- ruby2.0 <not-affected> (Incomplete fix never relesed for 1.9)
@@ -13156,7 +13684,7 @@
CVE-2014-8081 (lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote ...)
NOT-FOR-US: TestLink
CVE-2014-8080 (The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before ...)
- {DSA-3159-1 DSA-3157-1 DLA-88-1}
+ {DSA-3159-1 DSA-3157-1 DLA-200-1 DLA-88-1}
- ruby1.8 <removed>
- ruby1.9.1 <removed>
- ruby2.0 <removed>
@@ -17123,23 +17651,23 @@
- linux-2.6 <not-affected> (Introduced in 3.7)
NOTE: upstream fix: https://github.com/torvalds/linux/commit/18f39e7be0121317550d03e267e3ebd4dbfbb3ce (v3.17-rc2)
CVE-2014-6432 (The SnifferDecompress function in wiretap/ngsniffer.c in the DOS ...)
- {DSA-3049-1}
+ {DSA-3049-1 DLA-198-1}
- wireshark 1.12.1+g01b65bf-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2014-19.html
CVE-2014-6431 (Buffer overflow in the SnifferDecompress function in ...)
- {DSA-3049-1}
+ {DSA-3049-1 DLA-198-1}
- wireshark 1.12.1+g01b65bf-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2014-19.html
CVE-2014-6430 (The SnifferDecompress function in wiretap/ngsniffer.c in the DOS ...)
- {DSA-3049-1}
+ {DSA-3049-1 DLA-198-1}
- wireshark 1.12.1+g01b65bf-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2014-19.html
CVE-2014-6429 (The SnifferDecompress function in wiretap/ngsniffer.c in the DOS ...)
- {DSA-3049-1}
+ {DSA-3049-1 DLA-198-1}
- wireshark 1.12.1+g01b65bf-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2014-19.html
CVE-2014-6428 (The dissect_spdu function in epan/dissectors/packet-ses.c in the SES ...)
- {DSA-3049-1}
+ {DSA-3049-1 DLA-198-1}
- wireshark 1.12.1+g01b65bf-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2014-18.html
CVE-2014-6427 (Off-by-one error in the is_rtsp_request_or_reply function in ...)
@@ -17164,11 +17692,11 @@
[squeeze] - wireshark <not-affected> (Vulnerable code not present)
NOTE: https://www.wireshark.org/security/wnpa-sec-2014-14.html
CVE-2014-6423 (The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in ...)
- {DSA-3049-1}
+ {DSA-3049-1 DLA-198-1}
- wireshark 1.12.1+g01b65bf-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2014-13.html
CVE-2014-6422 (The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate ...)
- {DSA-3049-1}
+ {DSA-3049-1 DLA-198-1}
- wireshark 1.12.0+git+4fab41a1-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2014-12.html
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commitdiff;h=04c05a21e34cec326f1aff2f5f8a6e74e1ced984 (v1.11.3)
@@ -17958,14 +18486,14 @@
CVE-2014-6056
RESERVED
CVE-2014-6055 (Multiple stack-based buffer overflows in the File Transfer feature in ...)
- {DSA-3081-1}
+ {DSA-3081-1 DLA-197-1}
- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
NOTE: https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e
NOTE: https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677
NOTE: https://github.com/newsoft/libvncserver/commit/256964b884c980038cd8b2f0d180fbb295b1c748 (improvement)
NOTE: check for possible ABI break: https://bugzilla.redhat.com/show_bug.cgi?id=1144293#c2
CVE-2014-6054 (The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c ...)
- {DSA-3081-1}
+ {DSA-3081-1 DLA-197-1}
- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
NOTE: https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446
NOTE: https://github.com/newsoft/libvncserver/commit/f18f24ce65f5cac22ddcf3ed51417e477f9bad09 (hardening)
@@ -17973,15 +18501,15 @@
NOTE: https://github.com/newsoft/libvncserver/commit/819481c5e2003cd36d002336c248de8c75de362e (hardening)
NOTE: https://github.com/newsoft/libvncserver/commit/e5d9b6a07257c12bf3b6242ddea79ea1c95353a8 (hardening)
CVE-2014-6053 (The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c ...)
- {DSA-3081-1}
+ {DSA-3081-1 DLA-197-1}
- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
NOTE: https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28
CVE-2014-6052 (The HandleRFBServerMessage function in libvncclient/rfbproto.c in ...)
- {DSA-3081-1}
+ {DSA-3081-1 DLA-197-1}
- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
NOTE: https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812
CVE-2014-6051 (Integer overflow in the MallocFrameBuffer function in vncviewer.c in ...)
- {DSA-3081-1}
+ {DSA-3081-1 DLA-197-1}
- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
NOTE: https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273
CVE-2014-6050
@@ -20399,8 +20927,7 @@
- kde4libs 4:4.13.3-2 (bug #755814)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=864716
NOTE: http://quickgit.kde.org/?p=kdelibs.git&a=commit&h=e4e7b53b71e2659adaf52691d4accc3594203b23
-CVE-2014-5032 [glpi: unprivileged users can access cost information]
- RESERVED
+CVE-2014-5032 (GLPI before 0.84.7 does not properly restrict access to cost ...)
- glpi <unfixed> (unimportant)
NOTE: http://www.openwall.com/lists/oss-security/2014/07/22/6
NOTE: Only supported behind an authenticated HTTP zone
@@ -20547,7 +21074,7 @@
- drupal7 7.29-1 (bug #755038)
NOTE: https://www.drupal.org/SA-CORE-2014-003
CVE-2014-4975 (Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and ...)
- {DSA-3157-1}
+ {DSA-3157-1 DLA-200-1}
- ruby1.8 <not-affected> (Vulnerable code not present in 1.8)
- ruby1.9.1 <removed> (low)
[wheezy] - ruby1.9.1 <no-dsa> (Minor issue)
@@ -22108,9 +22635,9 @@
CVE-2014-4316
RESERVED
CVE-2014-4315
- RESERVED
+ REJECTED
CVE-2014-4314
- RESERVED
+ REJECTED
CVE-2014-4313 (SQL injection vulnerability in Epicor Procurement before 7.4 SP2 ...)
NOT-FOR-US: Epicor
CVE-2014-4312 (Multiple cross-site scripting (XSS) vulnerabilities in Epicor ...)
@@ -24013,7 +24540,7 @@
NOT-FOR-US: OpenShift Origin
CVE-2014-3591 [sidechannel attack on Elgamal]
RESERVED
- {DSA-3185-1 DSA-3184-1 DLA-175-1}
+ {DSA-3185-1 DSA-3184-1 DLA-190-1 DLA-175-1}
- libgcrypt11 <removed>
- libgcrypt20 1.6.3-2
- gnupg 1.4.18-7
@@ -36869,41 +37396,41 @@
CVE-2013-6162 (Cross-site scripting (XSS) vulnerability in Code-Crafters Ability Mail ...)
NOT-FOR-US: Code-Crafters Ability Mail Server
CVE-2013-6161
- RESERVED
+ REJECTED
CVE-2013-6160
- RESERVED
+ REJECTED
CVE-2013-6159
- RESERVED
+ REJECTED
CVE-2013-6158
- RESERVED
+ REJECTED
CVE-2013-6157
- RESERVED
+ REJECTED
CVE-2013-6156
- RESERVED
+ REJECTED
CVE-2013-6155
- RESERVED
+ REJECTED
CVE-2013-6154
- RESERVED
+ REJECTED
CVE-2013-6153
- RESERVED
+ REJECTED
CVE-2013-6152
- RESERVED
+ REJECTED
CVE-2013-6151
- RESERVED
+ REJECTED
CVE-2013-6150
- RESERVED
+ REJECTED
CVE-2013-6149
- RESERVED
+ REJECTED
CVE-2013-6148
- RESERVED
+ REJECTED
CVE-2013-6147
- RESERVED
+ REJECTED
CVE-2013-6146
- RESERVED
+ REJECTED
CVE-2013-6145
- RESERVED
+ REJECTED
CVE-2013-6144
- RESERVED
+ REJECTED
CVE-2013-6143 (The Schneider Electric Telvent SAGE 3030 RTU with firmware ...)
NOT-FOR-US: Schneider Electric Telvent SAGE 3030 RTU
CVE-2013-6142 (DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA ...)
More information about the Secure-testing-commits
mailing list