[Secure-testing-commits] r33742 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Apr 21 21:10:16 UTC 2015 

Author: sectracker
Date: 2015-04-21 21:10:16 +0000 (Tue, 21 Apr 2015)
New Revision: 33742

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-04-21 17:15:29 UTC (rev 33741)
+++ data/CVE/list	2015-04-21 21:10:16 UTC (rev 33742)
@@ -1,3 +1,7 @@
+CVE-2015-3338
+	RESERVED
+CVE-2015-3337
+	RESERVED
 CVE-2015-3336 (Google Chrome before 42.0.2311.90 does not always ask the user before ...)
 	TODO: check
 CVE-2015-3335 (The NaClSandbox::InitializeLayerTwoSandbox function in ...)
@@ -7,6 +11,7 @@
 CVE-2015-3333 (Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as ...)
 	TODO: check
 CVE-2015-3340 [XSA-132: Information leak through XEN_DOMCTL_gettscinfo]
+	RESERVED
 	- xen <unfixed> (low)
 	[jessie] - xen <no-dsa> (Can be fixed along with a future DSA)
 	[wheezy] - xen <no-dsa> (Can be fixed along with a future DSA)
@@ -18,6 +23,7 @@
 	NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=f938112c495b0d26572435c0be73ac0bfe642ecd
 	NOTE: https://bugs.php.net/bug.php?id=68819
 CVE-2015-3339 [chown() was racy relative to execve()]
+	RESERVED
 	- linux <unfixed>
 	- linux-2.6 <removed>
 	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b01fc86b9f425899f8a3a8fc1c47d73c2c20543
@@ -3777,16 +3783,14 @@
 	RESERVED
 CVE-2015-1879 (Cross-site scripting (XSS) vulnerability in the Google Doc Embedder ...)
 	NOT-FOR-US: Google Doc Embedder plugin for WordPress
-CVE-2015-2042 [incorrect data type in rds_sysctl_rds_table]
-	RESERVED
+CVE-2015-2042 (net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect ...)
 	- linux 3.16.7-ckt9-1
 	[wheezy] - linux <no-dsa> (Minor issue)
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <no-dsa> (Minor issue)
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=db27ebb111e9f69efece08e4cb6a34ff980f8896 (v3.19)
 	NOTE: (earliest) introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e5048495c8569bfdd552750e0315973c61e7c93 (v2.6.30-rc1)
-CVE-2015-2041 [incorrect data type in llc2_timeout_table]
-	RESERVED
+CVE-2015-2041 (net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an ...)
 	- linux 3.16.7-ckt9-1
 	[wheezy] - linux <no-dsa> (Minor issue)
 	- linux-2.6 <removed>
@@ -4282,8 +4286,8 @@
 	RESERVED
 CVE-2015-1702
 	RESERVED
-CVE-2015-1701
-	RESERVED
+CVE-2015-1701 (Unspecified vulnerability in Microsoft Windows before 8 allows local ...)
+	TODO: check
 CVE-2015-1700
 	RESERVED
 CVE-2015-1699
@@ -7669,10 +7673,10 @@
 	RESERVED
 CVE-2015-0704
 	RESERVED
-CVE-2015-0703
-	RESERVED
-CVE-2015-0702
-	RESERVED
+CVE-2015-0703 (Cross-site scripting (XSS) vulnerability in the administrative web ...)
+	TODO: check
+CVE-2015-0702 (Unrestricted file upload vulnerability in the Custom Prompts upload ...)
+	TODO: check
 CVE-2015-0701
 	RESERVED
 CVE-2015-0700 (Cross-site request forgery (CSRF) vulnerability in the Dashboard page ...)
@@ -8151,7 +8155,7 @@
 	[wheezy] - wireshark <not-affected> (Only affected 1.10)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-04.html
 CVE-2015-0562 (Multiple use-after-free vulnerabilities in ...)
-	{DSA-3141-1}
+	{DSA-3141-1 DLA-198-1}
 	- wireshark 1.12.1+g01b65bf-3 (bug #776135)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-03.html
 CVE-2015-0561 (asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before ...)
@@ -10717,6 +10721,7 @@
 	- xerces-c 3.1.1-5.1 (bug #780827)
 	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1667870
 CVE-2015-0251 (The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 ...)
+	{DSA-3231-1}
 	- subversion 1.8.10-6
 	NOTE: https://subversion.apache.org/security/CVE-2015-0251-advisory.txt
 CVE-2015-0250 (XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) ...)
@@ -10730,6 +10735,7 @@
 	RESERVED
 	NOT-FOR-US: Apache Roller
 CVE-2015-0248 (The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 ...)
+	{DSA-3231-1}
 	- subversion 1.8.10-6
 	NOTE: https://subversion.apache.org/security/CVE-2015-0248-advisory.txt
 CVE-2015-0247 (Heap-based buffer overflow in openfs.c in the libext2fs library in ...)

More information about the Secure-testing-commits mailing list