[Secure-testing-commits] r33726 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Mon Apr 20 21:10:15 UTC 2015 

Author: sectracker
Date: 2015-04-20 21:10:15 +0000 (Mon, 20 Apr 2015)
New Revision: 33726

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-04-20 18:10:01 UTC (rev 33725)
+++ data/CVE/list	2015-04-20 21:10:15 UTC (rev 33726)
@@ -1,3 +1,11 @@
+CVE-2015-3336 (Google Chrome before 42.0.2311.90 does not always ask the user before ...)
+	TODO: check
+CVE-2015-3335 (The NaClSandbox::InitializeLayerTwoSandbox function in ...)
+	TODO: check
+CVE-2015-3334 (browser/ui/website_settings/website_settings.cc in Google Chrome ...)
+	TODO: check
+CVE-2015-3333 (Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as ...)
+	TODO: check
 CVE-2015-XXXX [XSA-132: Information leak through XEN_DOMCTL_gettscinfo]
 	- xen <unfixed> (low)
 	[jessie] - xen <no-dsa> (Can be fixed along with a future DSA)
@@ -42,6 +50,7 @@
 CVE-2015-3320 (Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 ...)
 	NOT-FOR-US: Lenovo USB Enhanced Performance Keyboard software
 CVE-2014-9717 [USERNS allows circumventing MNT_LOCKED]
+	RESERVED
 	- linux <unfixed>
 	[wheezy] - linux <not-affected> (user namespaces known broken before 3.5, see kernel-sec info)
 	- linux-2.6 <not-affected> (user namespaces known broken before 3.5, see kernel-sec info)
@@ -50,6 +59,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2015/04/17/4
 	NOTE: CVE assignement for issue in http://marc.info/?l=linux-kernel&m=141271552117745&w=2
 CVE-2015-3330 [PHP potential remote code execution with apache 2.4 apache2handler]
+	RESERVED
 	- php5 <unfixed>
 	NOTE: https://bugs.php.net/bug.php?id=69218
 	NOTE: https://bugs.php.net/bug.php?id=68486
@@ -75,6 +85,7 @@
 CVE-2015-3307
 	RESERVED
 CVE-2015-3329 [Buffer Overflow when parsing tar/zip/phar in phar_set_inode)]
+	RESERVED
 	- php5 <unfixed>
 	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=f59b67ae50064560d7bfcdb0d6a8ab284179053c
 	NOTE: https://bugs.php.net/bug.php?id=69441
@@ -637,8 +648,8 @@
 	RESERVED
 CVE-2015-3036
 	RESERVED
-CVE-2015-3035
-	RESERVED
+CVE-2015-3035 (Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with ...)
+	TODO: check
 CVE-2015-3034
 	RESERVED
 CVE-2015-3033
@@ -698,6 +709,7 @@
 	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4169
 	NOTE: https://cxsecurity.com/issue/WLB-2015040075
 CVE-2015-3331 [Buffer overruns in Linux kernel RFC4106 implementation using AESNI]
+	RESERVED
 	- linux <unfixed> (bug #782561)
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <not-affected> (Vulnerable code introduced in v2.6.38-rc1)
@@ -705,6 +717,7 @@
 	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccfe8c3f7e52ae83155cb038753f4c75b774ca8a (v4.0-rc5)
 	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0bd82f5f6355775fbaf7d3c664432ce1b862be1e (v2.6.38-rc1)
 CVE-2015-3332 [TCP Fast Open local DoS]
+	RESERVED
 	- linux <unfixed> (bug #782515)
 	[wheezy] - linux <not-affected> (TCP Fast Open introduced in v3.6-rc1)
 	- linux-2.6 <not-affected> (TCP Fast Open introduced in v3.6-rc1)
@@ -3848,8 +3861,7 @@
 	NOTE: check (since codereview page not accessible at time of entry addition)
 CVE-2015-1857
 	RESERVED
-CVE-2015-1856 [Unauthorized delete of versioned Swift object]
-	RESERVED
+CVE-2015-1856 (OpenStack Object Storage (Swift) before 2.3.0, when allow_version is ...)
 	- swift <unfixed>
 	NOTE: https://launchpad.net/bugs/1430645
 CVE-2015-1855 [OpenSSL extension hostname matching implementation violates RFC 6125]
@@ -3868,8 +3880,7 @@
 	{DSA-3222-1 DLA-193-1}
 	- chrony 1.30-2 (bug #782160)
 	NOTE: Fix: http://git.tuxfamily.org/chrony/chrony.git/commit/?h=1.31-security&id=d856bd34c4862398411d29200520e3a3b1d4569e
-CVE-2015-1852 [S3Token TLS cert verification option not honored]
-	RESERVED
+CVE-2015-1852 (The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 ...)
 	- python-keystonemiddleware <unfixed>
 	- python-keystoneclient <unfixed>
 	NOTE: https://launchpad.net/bugs/1411063
@@ -5575,8 +5586,7 @@
 	RESERVED
 CVE-2015-1319
 	RESERVED
-CVE-2015-1318
-	RESERVED
+CVE-2015-1318 (The crash reporting feature in Apport 2.13 through 2.17.x before ...)
 	[experimental] - apport <unfixed>
 	NOTE: apport only in experimental, so we cannot track this in security-tracker
 	NOTE: add it, as we have a explicit (bug) reference for apport
@@ -5802,72 +5812,59 @@
 	RESERVED
 CVE-2015-1250
 	RESERVED
-CVE-2015-1249
-	RESERVED
+CVE-2015-1249 (Multiple unspecified vulnerabilities in Google Chrome before ...)
 	- chromium-browser 42.0.2311.90-1
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1248
-	RESERVED
+CVE-2015-1248 (The FileSystem API in Google Chrome before 40.0.2214.91 allows remote ...)
 	- chromium-browser 42.0.2311.90-1
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1247
-	RESERVED
+CVE-2015-1247 (The SearchEngineTabHelper::OnPageHasOSDD function in ...)
 	- chromium-browser 42.0.2311.90-1
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1246
-	RESERVED
+CVE-2015-1246 (Blink, as used in Google Chrome before 42.0.2311.90, allows remote ...)
 	- chromium-browser 42.0.2311.90-1
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1245
-	RESERVED
+CVE-2015-1245 (Use-after-free vulnerability in the OpenPDFInReaderView::Update ...)
 	- chromium-browser 42.0.2311.90-1
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1244
-	RESERVED
+CVE-2015-1244 (The URLRequest::GetHSTSRedirect function in url_request/url_request.cc ...)
 	- chromium-browser 42.0.2311.90-1
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2015-1243
 	RESERVED
-CVE-2015-1242
-	RESERVED
+CVE-2015-1242 (The ReduceTransitionElementsKind function in ...)
 	- chromium-browser 42.0.2311.90-1
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1241
-	RESERVED
+CVE-2015-1241 (Google Chrome before 42.0.2311.90 does not properly consider the ...)
 	- chromium-browser 42.0.2311.90-1
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1240
-	RESERVED
+CVE-2015-1240 (gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in ...)
 	- chromium-browser 42.0.2311.90-1
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2015-1239
 	RESERVED
-CVE-2015-1238
-	RESERVED
+CVE-2015-1238 (Skia, as used in Google Chrome before 42.0.2311.90, allows remote ...)
 	- chromium-browser 42.0.2311.90-1
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1237
-	RESERVED
+CVE-2015-1237 (Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived ...)
 	- chromium-browser 42.0.2311.90-1
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1236
-	RESERVED
+CVE-2015-1236 (The MediaElementAudioSourceNode::process function in ...)
 	- chromium-browser 42.0.2311.90-1
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1235
-	RESERVED
+CVE-2015-1235 (The ContainerNode::parserRemoveChild function in ...)
 	- chromium-browser 42.0.2311.90-1
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>
@@ -6732,14 +6729,14 @@
 	RESERVED
 CVE-2015-0971
 	RESERVED
-CVE-2015-0970
-	RESERVED
-CVE-2015-0969
-	RESERVED
-CVE-2015-0968
-	RESERVED
-CVE-2015-0967
-	RESERVED
+CVE-2015-0970 (Cross-site request forgery (CSRF) vulnerability in SearchBlox before ...)
+	TODO: check
+CVE-2015-0969 (SearchBlox before 8.2 allows remote attackers to obtain sensitive ...)
+	TODO: check
+CVE-2015-0968 (Unrestricted file upload vulnerability in admin/uploadImage.html in ...)
+	TODO: check
+CVE-2015-0967 (Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox ...)
+	TODO: check
 CVE-2015-0966
 	RESERVED
 CVE-2015-0965
@@ -7269,11 +7266,10 @@
 	RESERVED
 CVE-2015-0846 [file inclusion issue]
 	RESERVED
-	{DSA-3230-1}
+	{DSA-3230-1 DLA-206-1}
 	- django-markupfield 1.3.2-1
 	NOTE: https://github.com/jamesturk/django-markupfield/commit/b45734ea1d206abc1ed2a90bdc779708066d49f3
-CVE-2015-0845
-	RESERVED
+CVE-2015-0845 (Format string vulnerability in Movable Type Pro, Open Source, and ...)
 	{DSA-3227-1}
 	- movabletype-opensource <removed>
 	NOTE: https://movabletype.org/news/2015/04/movable_type_608_and_5213_released_to_close_security_vulnera.html

More information about the Secure-testing-commits mailing list