[Secure-testing-commits] r33986 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Apr 30 21:10:17 UTC 2015
Author: sectracker
Date: 2015-04-30 21:10:16 +0000 (Thu, 30 Apr 2015)
New Revision: 33986
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-04-30 21:04:35 UTC (rev 33985)
+++ data/CVE/list 2015-04-30 21:10:16 UTC (rev 33986)
@@ -1,3 +1,25 @@
+CVE-2015-3459 (Hospira Lifecare PCA infusion pump running "SW ver 412" does not ...)
+ TODO: check
+CVE-2015-3458 (The fetchView function in the Mage_Core_Block_Template_Zend class in ...)
+ TODO: check
+CVE-2015-3457 (Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) ...)
+ TODO: check
+CVE-2015-3456
+ RESERVED
+CVE-2015-3454
+ RESERVED
+CVE-2015-3453
+ RESERVED
+CVE-2015-3452
+ RESERVED
+CVE-2015-3450
+ RESERVED
+CVE-2015-3449
+ RESERVED
+CVE-2015-3448 (REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and ...)
+ TODO: check
+CVE-2015-3447 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
CVE-2015-3622 [Heap overflow / invalid read]
- libtasn1-6 4.4-3
- libtasn1-3 <removed>
@@ -4,6 +26,7 @@
NOTE: https://blog.fuzzing-project.org/9-Heap-overflow-invalid-read-in-Libtasn1-TFPA-0052015.html
NOTE: http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=f979435823a02f842c41d49cd41cc81f25b5d677
CVE-2015-3455
+ RESERVED
- squid <undetermined>
- squid3 <unfixed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2015_1.txt
@@ -112,6 +135,8 @@
NOTE: http://codex.wordpress.org/Version_4.1.2
NOTE: https://wordpress.org/news/2015/04/wordpress-4-1-2/
CVE-2015-3451 [XEE]
+ RESERVED
+ {DLA-214-1}
- libxml-libxml-perl 2.0116+dfsg-2 (bug #783443)
NOTE: http://www.openwall.com/lists/oss-security/2015/04/25/2
NOTE: https://bitbucket.org/shlomif/perl-xml-libxml/commits/5962fd067580767777e94640b129ae8930a68a30
@@ -1219,8 +1244,7 @@
RESERVED
CVE-2015-2943
RESERVED
-CVE-2015-3026 [denial of service vulnerability]
- RESERVED
+CVE-2015-3026 (Icecast before 2.4.2, when a stream_auth handler is defined for URL ...)
{DSA-3239-1}
- icecast2 2.4.2-1 (bug #782120)
[wheezy] - icecast2 <not-affected> (stream_auth introduced in 2.3.3)
@@ -5756,12 +5780,12 @@
RESERVED
CVE-2015-1400 (SQL injection vulnerability in search.php in NPDS Revolution 13 allows ...)
NOT-FOR-US: NPDS Revolution
-CVE-2015-1399
- RESERVED
-CVE-2015-1398
- RESERVED
-CVE-2015-1397
- RESERVED
+CVE-2015-1399 (PHP remote file inclusion vulnerability in the fetchView function in ...)
+ TODO: check
+CVE-2015-1398 (Multiple directory traversal vulnerabilities in Magento Community ...)
+ TODO: check
+CVE-2015-1397 (SQL injection vulnerability in the getCsvFile function in the ...)
+ TODO: check
CVE-2015-1394
RESERVED
NOT-FOR-US: WordPress plugin photo-gallery
@@ -5960,13 +5984,12 @@
RESERVED
CVE-2015-1323
RESERVED
-CVE-2015-1322
- RESERVED
+CVE-2015-1322 (Directory traversal vulnerability in the Ubuntu network-manager ...)
- network-manager <not-affected> (Ubuntu specific patch)
NOTE: http://www.ubuntu.com/usn/usn-2581-1
NOTE: https://bazaar.launchpad.net/~phablet-team/network-manager/ofono-format-cleanup/view/head:/debian/patches/add_ofono_settings_support.patch
-CVE-2015-1321
- RESERVED
+CVE-2015-1321 (Use-after-free vulnerability in the file picker implementation in ...)
+ TODO: check
CVE-2015-1320
RESERVED
CVE-2015-1319
@@ -9191,7 +9214,7 @@
CVE-2015-0489 (Unspecified vulnerability in the Application Management Pack for ...)
NOT-FOR-US: Oracle
CVE-2015-0488 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and ...)
- {DSA-3235-1 DSA-3234-1}
+ {DSA-3235-1 DSA-3234-1 DLA-213-1}
- openjdk-6 6b35-1.13.7-1
- openjdk-7 7u79-2.5.5-1
- openjdk-8 8u45-b14-1
@@ -9212,7 +9235,7 @@
CVE-2015-0481
RESERVED
CVE-2015-0480 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and ...)
- {DSA-3235-1 DSA-3234-1}
+ {DSA-3235-1 DSA-3234-1 DLA-213-1}
- openjdk-8 8u45-b14-1
- openjdk-7 7u79-2.5.5-1 (bug #774953)
- openjdk-6 6b35-1.13.7-1
@@ -9220,12 +9243,12 @@
CVE-2015-0479 (Unspecified vulnerability in the XDK and XDB - XML Database component ...)
NOT-FOR-US: Oracle
CVE-2015-0478 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and ...)
- {DSA-3235-1 DSA-3234-1}
+ {DSA-3235-1 DSA-3234-1 DLA-213-1}
- openjdk-6 6b35-1.13.7-1
- openjdk-7 7u79-2.5.5-1
- openjdk-8 8u45-b14-1
CVE-2015-0477 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and ...)
- {DSA-3235-1 DSA-3234-1}
+ {DSA-3235-1 DSA-3234-1 DLA-213-1}
- openjdk-6 6b35-1.13.7-1
- openjdk-7 7u79-2.5.5-1
- openjdk-8 8u45-b14-1
@@ -9242,12 +9265,12 @@
CVE-2015-0471 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows ...)
NOT-FOR-US: Oracle
CVE-2015-0470 (Unspecified vulnerability in Oracle Java SE 8u40 allows remote ...)
- {DSA-3235-1 DSA-3234-1}
+ {DSA-3235-1 DSA-3234-1 DLA-213-1}
- openjdk-6 6b35-1.13.7-1
- openjdk-7 7u79-2.5.5-1
- openjdk-8 8u45-b14-1
CVE-2015-0469 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and ...)
- {DSA-3235-1 DSA-3234-1}
+ {DSA-3235-1 DSA-3234-1 DLA-213-1}
- openjdk-6 6b35-1.13.7-1
- openjdk-7 7u79-2.5.5-1
- openjdk-8 8u45-b14-1
@@ -9268,7 +9291,7 @@
CVE-2015-0461 (Unspecified vulnerability in the Oracle Access Manager component in ...)
NOT-FOR-US: Oracle
CVE-2015-0460 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and ...)
- {DSA-3235-1 DSA-3234-1}
+ {DSA-3235-1 DSA-3234-1 DLA-213-1}
- openjdk-6 6b35-1.13.7-1
- openjdk-7 7u79-2.5.5-1
- openjdk-8 8u45-b14-1
@@ -54406,6 +54429,7 @@
NOTE: https://bugs.launchpad.net/keystone/+bug/1099025
NOTE: See notes on ubuntu security tracker, change too intrusive to be backported
CVE-2013-0269 (The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 ...)
+ {DLA-215-1}
- ruby-json 1.7.3-3 (bug #700436)
- libjson-ruby <removed>
- ruby1.9.1 1.9.3.194-7 (bug #700471)
More information about the Secure-testing-commits
mailing list