[Secure-testing-commits] r33972 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Apr 30 09:10:18 UTC 2015
Author: sectracker
Date: 2015-04-30 09:10:18 +0000 (Thu, 30 Apr 2015)
New Revision: 33972
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-04-30 09:00:14 UTC (rev 33971)
+++ data/CVE/list 2015-04-30 09:10:18 UTC (rev 33972)
@@ -1,3 +1,57 @@
+CVE-2015-3446
+ RESERVED
+CVE-2015-3445
+ RESERVED
+CVE-2015-3444
+ RESERVED
+CVE-2015-3443
+ RESERVED
+CVE-2015-3442
+ RESERVED
+CVE-2015-3441
+ RESERVED
+CVE-2015-3437
+ RESERVED
+CVE-2015-3436
+ RESERVED
+CVE-2015-3435
+ RESERVED
+CVE-2015-3434
+ RESERVED
+CVE-2015-3433
+ RESERVED
+CVE-2015-3432
+ RESERVED
+CVE-2015-3431
+ RESERVED
+CVE-2015-3430
+ RESERVED
+CVE-2015-3429
+ RESERVED
+CVE-2015-3428
+ RESERVED
+CVE-2015-3426
+ RESERVED
+CVE-2015-3425
+ RESERVED
+CVE-2015-3424
+ RESERVED
+CVE-2015-3423
+ RESERVED
+CVE-2015-3422
+ RESERVED
+CVE-2015-3421
+ RESERVED
+CVE-2015-3419
+ RESERVED
+CVE-2015-3413
+ RESERVED
+CVE-2015-3412
+ RESERVED
+CVE-2015-3411
+ RESERVED
+CVE-2015-3410
+ RESERVED
CVE-2015-XXXX [crash with malformed cpio archive]
- libarchive <unfixed>
NOTE: https://github.com/libarchive/libarchive/issues/502
@@ -3,4 +57,5 @@
TODO: check
CVE-2015-3427 [Incomplete fix for CVE-2013-4422]
+ RESERVED
- quassel <unfixed>
[wheezy] - quassel <not-affected> (incomplete fix for CVE-2013-4422 not applied)
@@ -9,6 +64,7 @@
NOTE: https://github.com/quassel/quassel/commit/6605882f41331c80f7ac3a6992650a702ec71283
NOTE: http://quassel-irc.org/node/120
CVE-2015-3420 [SSL/TLS handshake failures leading to a crash of the login process]
+ RESERVED
- dovecot <unfixed> (bug #783649)
NOTE: http://www.openwall.com/lists/oss-security/2015/04/26/3
NOTE: Patch: http://hg.dovecot.org/dovecot-2.2/rev/86f535375750
@@ -19,6 +75,7 @@
NOTE: https://rt.openssl.org/Ticket/Display.html?id=3818&user=guest&pass=guest
NOTE: Possibly introduced due to http://hg.dovecot.org/dovecot-2.2/rev/09d3c9c6f0ad
CVE-2015-3440 [Stored XSS]
+ RESERVED
- wordpress 4.2.1+dfsg-1 (bug #783554)
NOTE: http://klikki.fi/adv/wordpress2.html
NOTE: https://wordpress.org/news/2015/04/wordpress-4-2-1/
@@ -35,10 +92,12 @@
NOTE: NOTE: http://www.openwall.com/lists/oss-security/2015/04/26/2
NOTE: To be decided: http://www.openwall.com/lists/oss-security/2015/04/28/7
CVE-2015-3439 [limited cross-site scripting which could be used as part of a social engineering attack.]
+ RESERVED
- wordpress 4.2+dfsg-1 (bug #783347)
NOTE: http://codex.wordpress.org/Version_4.1.2
NOTE: https://wordpress.org/news/2015/04/wordpress-4-1-2/
CVE-2015-3438 [cross-site scriptiong vulnerability]
+ RESERVED
- wordpress 4.2+dfsg-1 (bug #783347)
NOTE: http://codex.wordpress.org/Version_4.1.2
NOTE: https://wordpress.org/news/2015/04/wordpress-4-1-2/
@@ -53,11 +112,12 @@
NOTE: https://lkml.org/lkml/2013/4/24/5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1214988
CVE-2015-3418 [X server crash by client, issue introduced by fix for CVE-2014-8092]
+ RESERVED
- xorg-server 2:1.16.4-1 (bug #774308)
[wheezy] - xorg-server 2:1.12.4-6+deb7u6
NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=dc777c346d5d452a53b13b917c45f6a1bad2f20b
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=928520 (not public yet)
-CVE-2015-3417 [FFmpeg Use-After-Free Memory Error in ff_h264_free_tables() Lets Remote Users Deny Service]
+CVE-2015-3417 (Use-after-free vulnerability in the ff_h264_free_tables function in ...)
- ffmpeg 7:2.6.1-1
[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
- libav <unfixed>
@@ -221,8 +281,7 @@
[squeeze] - chromium-browser <end-of-life>
- libv8-3.14 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
-CVE-2015-3340 [XSA-132: Information leak through XEN_DOMCTL_gettscinfo]
- RESERVED
+CVE-2015-3340 (Xen 4.2.x through 4.5.x does not initialize certain fields, which ...)
- xen <unfixed> (low)
[jessie] - xen <no-dsa> (Can be fixed along with a future DSA)
[wheezy] - xen <no-dsa> (Can be fixed along with a future DSA)
@@ -653,8 +712,7 @@
CVE-2015-3149 [insecure hsperfdata temporary file handling, CVE-2015-0383 regression (Hotspot)]
RESERVED
- openjdk-8 <not-affected> (defective patch not applied)
-CVE-2015-3148 [Negotiate not treated as connection-oriented]
- RESERVED
+CVE-2015-3148 (cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use ...)
{DSA-3232-1 DLA-211-1}
- curl 7.42.0-1
NOTE: http://curl.haxx.se/docs/adv_20150422B.html
@@ -663,22 +721,19 @@
NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-3146
RESERVED
-CVE-2015-3145 [cookie parser out of boundary memory access]
- RESERVED
+CVE-2015-3145 (The sanitize_cookie_path function in cURL and libcurl 7.31.0 through ...)
- curl 7.42.0-1
[jessie] - curl 7.38.0-4+deb8u1
[wheezy] - curl <not-affected> (Affects 7.31.0 to and including 7.41.0)
[squeeze] - curl <not-affected> (Affects 7.31.0 to and including 7.41.0)
NOTE: http://curl.haxx.se/docs/adv_20150422C.html
-CVE-2015-3144 [host name out of boundary memory access]
- RESERVED
+CVE-2015-3144 (The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 ...)
- curl 7.42.0-1
[jessie] - curl 7.38.0-4+deb8u1
[wheezy] - curl <not-affected> (Affects 7.37.0 to and including 7.41.0)
[squeeze] - curl <not-affected> (Affects 7.37.0 to and including 7.41.0)
NOTE: http://curl.haxx.se/docs/adv_20150422D.html
-CVE-2015-3143 [Re-using authenticated connection when unauthenticated]
- RESERVED
+CVE-2015-3143 (cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM ...)
{DSA-3232-1 DLA-211-1}
- curl 7.42.0-1
NOTE: http://curl.haxx.se/docs/adv_20150422A.html
@@ -941,15 +996,15 @@
RESERVED
CVE-2014-9716
RESERVED
-CVE-2015-3416 [stack buffer overflow]
+CVE-2015-3416 (The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does ...)
- sqlite3 <unfixed>
NOTE: http://www.sqlite.org/src/info/c494171f77dc2e5e
NOTE: http://seclists.org/bugtraq/2015/Apr/97
-CVE-2015-3415 [bad free()]
+CVE-2015-3415 (The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not ...)
- sqlite3 <unfixed>
NOTE: https://www.sqlite.org/src/info/02e3c88fbf6abdcf
NOTE: http://seclists.org/bugtraq/2015/Apr/97
-CVE-2015-3414 [use of uninitialized memory when parsing collation sequences]
+CVE-2015-3414 (SQLite before 3.8.9 does not properly implement the dequoting of ...)
- sqlite3 <unfixed>
NOTE: https://www.sqlite.org/src/info/eddc05e7bb31fae7
NOTE: http://seclists.org/bugtraq/2015/Apr/97
@@ -990,8 +1045,7 @@
- libksba <unfixed>
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/13/5
NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3
-CVE-2015-3310 [buffer overflow in ppp potentially allows DoS]
- RESERVED
+CVE-2015-3310 (Buffer overflow in the rc_mksid function in plugins/radius/util.c in ...)
{DSA-3228-1 DLA-205-1}
- ppp 2.4.6-3.1 (bug #782450)
NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/4
@@ -1208,21 +1262,25 @@
- hhvm <itp> (bug #570709)
NOTE: https://github.com/facebook/hhvm/commit/324701c9fd31beb4f070f1b7ef78b115fbdfec34
CVE-2015-3406 [unsigned files interpreted as signed in some circumstances]
+ RESERVED
- libmodule-signature-perl 0.78-1 (bug #783451)
NOTE: Upstream fix: https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
NOTE: http://www.openwall.com/lists/oss-security/2015/04/07/1
NOTE: Changes might needed in libtest-signature-perl, need further investigation
CVE-2015-3407 [arbitrary code execution during test phase]
+ RESERVED
- libmodule-signature-perl 0.78-1 (bug #783451)
NOTE: Upstream fix: https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
NOTE: http://www.openwall.com/lists/oss-security/2015/04/07/1
NOTE: Changes might needed in libtest-signature-perl, need further investigation
CVE-2015-3408 [arbitrary code execution when verifying module signatures]
+ RESERVED
- libmodule-signature-perl 0.78-1 (bug #783451)
NOTE: Upstream fix: https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
NOTE: http://www.openwall.com/lists/oss-security/2015/04/07/1
NOTE: Changes might needed in libtest-signature-perl, need further investigation
CVE-2015-3409 [arbitrary modules loading in some circumstances]
+ RESERVED
- libmodule-signature-perl 0.78-1 (bug #783451)
NOTE: Upstream fix: https://github.com/audreyt/module-signature/commit/c41e8885b862b9fce2719449bc9336f0bea658ef
NOTE: http://www.openwall.com/lists/oss-security/2015/04/07/1
@@ -1850,8 +1908,7 @@
RESERVED
CVE-2015-2707
RESERVED
-CVE-2015-2706 [Memory corruption during failed plugin initialization]
- RESERVED
+CVE-2015-2706 (Race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent ...)
[experimental] - iceweasel 37.0.2-1
- iceweasel <not-affected> (Only affects 37.x series)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-45/
@@ -3473,14 +3530,12 @@
RESERVED
CVE-2015-2118
RESERVED
-CVE-2015-2117
- RESERVED
+CVE-2015-2117 (HP TippingPoint Security Management System (SMS) and TippingPoint ...)
NOT-FOR-US: HP TippingPoint
-CVE-2015-2116
- RESERVED
+CVE-2015-2116 (Unspecified vulnerability in HP Storage Data Protector 7.x before 7.03 ...)
NOT-FOR-US: HP
-CVE-2015-2115
- RESERVED
+CVE-2015-2115 (Unspecified vulnerability in HP Capture and Route Software (HPCR) 1.3 ...)
+ TODO: check
CVE-2015-2114 (HP Support Solution Framework before 11.51.0049 allows remote ...)
NOT-FOR-US: HP Support Solution Framework
CVE-2015-2113 (Unspecified vulnerability in HP Easy Deploy, as distributed standalone ...)
@@ -3994,8 +4049,8 @@
RESERVED
CVE-2015-1909
RESERVED
-CVE-2015-1908
- RESERVED
+CVE-2015-1908 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...)
+ TODO: check
CVE-2015-1907
RESERVED
CVE-2015-1906
@@ -4038,16 +4093,16 @@
RESERVED
CVE-2015-1887
RESERVED
-CVE-2015-1886
- RESERVED
-CVE-2015-1885
- RESERVED
+CVE-2015-1886 (The Remote Document Conversion Service (DCS) in IBM WebSphere Portal ...)
+ TODO: check
+CVE-2015-1885 (WebSphereOauth20SP.ear in IBM WebSphere Application Server (WAS) 7.0 ...)
+ TODO: check
CVE-2015-1884
RESERVED
CVE-2015-1883
RESERVED
-CVE-2015-1882
- RESERVED
+CVE-2015-1882 (Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 ...)
+ TODO: check
CVE-2015-1880
RESERVED
CVE-2015-1879 (Cross-site scripting (XSS) vulnerability in the Google Doc Embedder ...)
@@ -4122,8 +4177,7 @@
CVE-2015-1864
RESERVED
- kallithea <itp> (bug #689573)
-CVE-2015-1863 [P2P SSID processing vulnerability]
- RESERVED
+CVE-2015-1863 (Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows ...)
{DSA-3233-1}
- wpa 2.3-2 (bug #783148)
- wpasupplicant <not-affected> (Vulnerable code present since v1.0)
@@ -4438,8 +4492,7 @@
RESERVED
CVE-2015-1775
RESERVED
-CVE-2015-1774
- RESERVED
+CVE-2015-1774 (The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and ...)
{DSA-3236-1}
- libreoffice 1:4.4.2-1
CVE-2015-1773 (Cross-site scripting (XSS) vulnerability in asdoc/templates/index.html ...)
@@ -6509,10 +6562,10 @@
RESERVED
CVE-2015-1152
RESERVED
-CVE-2015-1151
- RESERVED
-CVE-2015-1150
- RESERVED
+CVE-2015-1151 (Wiki Server in Apple OS X Server before 4.1 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1150 (The Firewall component in Apple OS X Server before 4.1 uses an ...)
+ TODO: check
CVE-2015-1149 (Integer overflow in the simulator in Swift in Apple Xcode before 6.3 ...)
NOT-FOR-US: Apple Xcode
CVE-2015-1148 (Screen Sharing in Apple OS X before 10.10.3 stores the password of a ...)
@@ -7462,10 +7515,10 @@
RESERVED
CVE-2015-0912
RESERVED
-CVE-2015-0911
- RESERVED
-CVE-2015-0910
- RESERVED
+CVE-2015-0911 (Directory traversal vulnerability in TAGAWA Takao TransmitMail 1.0.11 ...)
+ TODO: check
+CVE-2015-0910 (Cross-site scripting (XSS) vulnerability in TAGAWA Takao TransmitMail ...)
+ TODO: check
CVE-2015-0909
RESERVED
CVE-2015-0908
@@ -7608,8 +7661,7 @@
RESERVED
CVE-2015-0847
RESERVED
-CVE-2015-0846 [file inclusion issue]
- RESERVED
+CVE-2015-0846 (django-markupfield before 1.3.2 uses the default docutils ...)
{DSA-3230-1 DLA-206-1}
- django-markupfield 1.3.2-1
NOTE: https://github.com/jamesturk/django-markupfield/commit/b45734ea1d206abc1ed2a90bdc779708066d49f3
@@ -7988,14 +8040,14 @@
RESERVED
CVE-2015-0712
RESERVED
-CVE-2015-0711
- RESERVED
-CVE-2015-0710
- RESERVED
-CVE-2015-0709
- RESERVED
-CVE-2015-0708
- RESERVED
+CVE-2015-0711 (The hamgr service in the IPv6 Proxy Mobile (PM) implementation in ...)
+ TODO: check
+CVE-2015-0710 (The Overlay Transport Virtualization (OTV) implementation in Cisco IOS ...)
+ TODO: check
+CVE-2015-0709 (Cisco IOS 15.5S and IOS XE allow remote authenticated users to cause a ...)
+ TODO: check
+CVE-2015-0708 (Cisco IOS 15.4S, 15.4SN, and 15.5S and IOS XE 3.13S and 3.14S allow ...)
+ TODO: check
CVE-2015-0707 (Cross-site scripting (XSS) vulnerability in Cisco FireSIGHT System ...)
NOT-FOR-US: Cisco
CVE-2015-0706 (Open redirect vulnerability in Cisco FireSIGHT System Software ...)
@@ -10907,8 +10959,7 @@
RESERVED
CVE-2015-0298
RESERVED
-CVE-2015-0297
- RESERVED
+CVE-2015-0297 (Red Hat JBoss Operations Network 3.3.1 does not properly restrict ...)
NOT-FOR-US: RHQ
CVE-2015-0296
RESERVED
@@ -11337,12 +11388,12 @@
NOT-FOR-US: IBM Bluemix Liberty
CVE-2015-0177 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 ...)
NOT-FOR-US: IBM WebSphere Portal
-CVE-2015-0176
- RESERVED
-CVE-2015-0175
- RESERVED
-CVE-2015-0174
- RESERVED
+CVE-2015-0176 (Cross-site scripting (XSS) vulnerability in MQ XR WebSockets Listener ...)
+ TODO: check
+CVE-2015-0175 (IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before ...)
+ TODO: check
+CVE-2015-0174 (The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 ...)
+ TODO: check
CVE-2015-0173
RESERVED
CVE-2015-0172
@@ -11463,8 +11514,8 @@
RESERVED
CVE-2015-0114
RESERVED
-CVE-2015-0113
- RESERVED
+CVE-2015-0113 (The Jazz help system in IBM Rational Collaborative Lifecycle ...)
+ TODO: check
CVE-2015-0112
RESERVED
CVE-2015-0111
@@ -18909,12 +18960,12 @@
RESERVED
CVE-2014-6093 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x ...)
NOT-FOR-US: IBM WebSphere
-CVE-2014-6092
- RESERVED
+CVE-2014-6092 (IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 ...)
+ TODO: check
CVE-2014-6091 (Cross-site scripting (XSS) vulnerability in IBM Curam Social Program ...)
NOT-FOR-US: IBM Curam Social Program Management
-CVE-2014-6090
- RESERVED
+CVE-2014-6090 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) ...)
+ TODO: check
CVE-2014-6089 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security ...)
NOT-FOR-US: IBM
CVE-2014-6088 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security ...)
@@ -57428,8 +57479,8 @@
NOT-FOR-US: Subrion CMS
CVE-2011-5211 (Cross-site scripting (XSS) vulnerability in the poll module in Subrion ...)
NOT-FOR-US: Subrion CMS
-CVE-2012-5451
- RESERVED
+CVE-2012-5451 (Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi ...)
+ TODO: check
CVE-2012-5450 (Cross-site request forgery (CSRF) vulnerability in ...)
NOT-FOR-US: CMS Made Simple
CVE-2012-5449
@@ -64131,12 +64182,12 @@
- xen 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1
CVE-2012-2933
RESERVED
-CVE-2012-2932
- RESERVED
+CVE-2012-2932 (Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery ...)
+ TODO: check
CVE-2012-2931
RESERVED
-CVE-2012-2930
- RESERVED
+CVE-2012-2930 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
CVE-2012-2929
RESERVED
CVE-2011-5091 (Multiple SQL injection vulnerabilities in GR Board (aka grboard) ...)
@@ -73451,8 +73502,8 @@
CVE-2011-4404 (The default configuration of the HTTP server in Jetty in vSphere ...)
- jetty 6.1.19-1 (low; bug #528389)
NOTE: duplicate of CVE-2009-1523
-CVE-2011-4403
- RESERVED
+CVE-2011-4403 (Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart ...)
+ TODO: check
CVE-2011-4402
REJECTED
CVE-2011-4401
More information about the Secure-testing-commits
mailing list