[Secure-testing-commits] r33963 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Apr 29 21:10:16 UTC 2015
Author: sectracker
Date: 2015-04-29 21:10:16 +0000 (Wed, 29 Apr 2015)
New Revision: 33963
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-04-29 20:29:04 UTC (rev 33962)
+++ data/CVE/list 2015-04-29 21:10:16 UTC (rev 33963)
@@ -193,6 +193,7 @@
RESERVED
CVE-2015-3337 [Directory traversal]
RESERVED
+ {DSA-3241-1}
- elasticsearch <unfixed>
NOTE: https://www.elastic.co/blog/elasticsearch-1-5-2-and-1-4-5-released
CVE-2015-3336 (Google Chrome before 42.0.2311.90 does not always ask the user before ...)
@@ -272,6 +273,7 @@
NOTE: CVE assignement for issue in http://marc.info/?l=linux-kernel&m=141271552117745&w=2
CVE-2015-3330 [PHP potential remote code execution with apache 2.4 apache2handler]
RESERVED
+ {DLA-212-1}
- php5 <unfixed>
NOTE: https://bugs.php.net/bug.php?id=69218
NOTE: https://bugs.php.net/bug.php?id=68486
@@ -298,6 +300,7 @@
RESERVED
CVE-2015-3329 [Buffer Overflow when parsing tar/zip/phar in phar_set_inode)]
RESERVED
+ {DLA-212-1}
- php5 <unfixed>
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=f59b67ae50064560d7bfcdb0d6a8ab284179053c
NOTE: https://bugs.php.net/bug.php?id=69441
@@ -624,6 +627,7 @@
RESERVED
CVE-2015-3153 [sensitive HTTP server headers also sent to proxies]
RESERVED
+ {DSA-3240-1}
- curl 7.42.1-1
[wheezy] - curl <no-dsa> (Too intrusive to backport)
[squeeze] - curl <no-dsa> (Too intrusive to backport)
@@ -646,7 +650,7 @@
- openjdk-8 <not-affected> (defective patch not applied)
CVE-2015-3148 [Negotiate not treated as connection-oriented]
RESERVED
- {DSA-3232-1}
+ {DSA-3232-1 DLA-211-1}
- curl 7.42.0-1
NOTE: http://curl.haxx.se/docs/adv_20150422B.html
CVE-2015-3147
@@ -670,7 +674,7 @@
NOTE: http://curl.haxx.se/docs/adv_20150422D.html
CVE-2015-3143 [Re-using authenticated connection when unauthenticated]
RESERVED
- {DSA-3232-1}
+ {DSA-3232-1 DLA-211-1}
- curl 7.42.0-1
NOTE: http://curl.haxx.se/docs/adv_20150422A.html
CVE-2015-3142
@@ -1148,6 +1152,7 @@
RESERVED
CVE-2015-3026 [denial of service vulnerability]
RESERVED
+ {DSA-3239-1}
- icecast2 2.4.2-1 (bug #782120)
[wheezy] - icecast2 <not-affected> (stream_auth introduced in 2.3.3)
[squeeze] - icecast2 <not-affected> (stream_auth introduced in 2.3.3)
@@ -1642,6 +1647,7 @@
RESERVED
CVE-2015-2783 [Buffer Over-read in unserialize when parsing Phar]
RESERVED
+ {DLA-212-1}
- php5 <unfixed>
NOTE: https://bugs.php.net/bug.php?id=69324
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=17cbd0b5b78a7500f185b3781a2149881bfff8ae
@@ -1719,7 +1725,7 @@
[squeeze] - nbd <not-affected> (Named export introduced in 2.9.17)
TODO: check details
CVE-2015-2787 (Use-after-free vulnerability in the process_nested_data function in ...)
- {DSA-3198-1}
+ {DSA-3198-1 DLA-212-1}
- php5 5.6.7+dfsg-1
NOTE: https://bugs.php.net/68976
CVE-2015-2782 (Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote ...)
@@ -2815,7 +2821,7 @@
NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=06c8173eb92bbfc03a0fe8bb64315857d0badd06 (v4.0-rc3)
NOTE: http://www.openwall.com/lists/oss-security/2015/03/18/6
CVE-2015-2331 (Integer overflow in the _zip_cdir_new function in zip_dirent.c in ...)
- {DSA-3198-1}
+ {DSA-3198-1 DLA-212-1}
- php5 5.6.7+dfsg-1 (bug #780713)
- libzip 0.11.2-1.2 (bug #780756)
[wheezy] - libzip <not-affected> (Vulnerable code introduced with added Zip64 support in 0.11)
@@ -3128,13 +3134,13 @@
[wheezy] - armagetronad <no-dsa> (Minor issue)
[squeeze] - armagetronad <no-dsa> (Minor issue)
CVE-2015-2301 (Use-after-free vulnerability in the phar_rename_archive function in ...)
- {DSA-3198-1}
+ {DSA-3198-1 DLA-212-1}
- php5 5.6.6+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=68901
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=b2cf3f064b8f5efef89bb084521b61318c71781b
NOTE: http://www.openwall.com/lists/oss-security/2015/03/10/6
CVE-2014-9705 (Heap-based buffer overflow in the enchant_broker_request_dict function ...)
- {DSA-3195-1}
+ {DSA-3195-1 DLA-212-1}
- php5 5.6.6+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=68552
NOTE: http://svn.php.net/viewvc/pecl/enchant/trunk/enchant.c?r1=317600&r2=335803
@@ -4127,6 +4133,7 @@
RESERVED
CVE-2015-1860 [segmentation fault in qgifhandler.cpp]
RESERVED
+ {DLA-210-1}
- qt4-x11 <unfixed> (bug #783133)
[jessie] - qt4-x11 <no-dsa> (Minor issue)
[wheezy] - qt4-x11 <no-dsa> (Minor issue)
@@ -4135,6 +4142,7 @@
NOTE: http://lists.qt-project.org/pipermail/announce/2015-April/000067.html
CVE-2015-1859 [segmentation fault in qicohandler.cpp]
RESERVED
+ {DLA-210-1}
- qt4-x11 <unfixed> (bug #783133)
[jessie] - qt4-x11 <no-dsa> (Minor issue)
[wheezy] - qt4-x11 <no-dsa> (Minor issue)
@@ -4143,6 +4151,7 @@
NOTE: http://lists.qt-project.org/pipermail/announce/2015-April/000067.html
CVE-2015-1858 [segmentation fault in qbmphandler.cpp]
RESERVED
+ {DLA-210-1}
- qt4-x11 <unfixed> (bug #783133)
[jessie] - qt4-x11 <no-dsa> (Minor issue)
[wheezy] - qt4-x11 <no-dsa> (Minor issue)
@@ -10892,6 +10901,7 @@
RESERVED
- texlive-base <not-affected> (Specific to Red Hat packaging/postinst)
CVE-2015-0295 (The BMP decoder in QtGui in QT before 5.5 does not properly calculate ...)
+ {DLA-210-1}
- qt4-x11 4:4.8.6+git64-g5dc8b2b+dfsg-3 (bug #779550)
[wheezy] - qt4-x11 <no-dsa> (Minor issue)
[experimental] - qtbase-opensource-src 5.4.1+dfsg-2
@@ -11132,7 +11142,7 @@
- 389-admin <unfixed> (unimportant)
NOTE: Rendered unexploitable by /tmp hardening in Debian kernel
CVE-2015-0232 (The exif_process_unicode function in ext/exif/exif.c in PHP before ...)
- {DSA-3195-1}
+ {DSA-3195-1 DLA-212-1}
- php5 5.6.5+dfsg-1
NOTE: https://bugs.php.net/patch-display.php?bug=68799&patch=bug68799fix&revision=1420966468
NOTE: https://bugs.php.net/bug.php?id=68799
@@ -34849,6 +34859,7 @@
CVE-2014-0255 (Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and ...)
NOT-FOR-US: Microsoft Windows Server
CVE-2014-0254 (The IPv6 implementation in Microsoft Windows 8, Windows Server 2012, ...)
+ {DLA-210-1}
NOT-FOR-US: Microsoft
CVE-2014-0253 (Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and ...)
NOT-FOR-US: Microsoft .NET Framework
More information about the Secure-testing-commits
mailing list