[Secure-testing-commits] r36026 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Aug 12 21:10:17 UTC 2015
Author: sectracker
Date: 2015-08-12 21:10:17 +0000 (Wed, 12 Aug 2015)
New Revision: 36026
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-08-12 19:01:55 UTC (rev 36025)
+++ data/CVE/list 2015-08-12 21:10:17 UTC (rev 36026)
@@ -1,3 +1,5 @@
+CVE-2015-5965 (The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the ...)
+ TODO: check
CVE-2015-XXXX [crypt XSS]
- request-tracker4 <unfixed>
[wheezy] - request-tracker4 <not-affected> (Vulnerable code not present)
@@ -1519,8 +1521,8 @@
NOT-FOR-US: SolarWinds
CVE-2015-5370
RESERVED
-CVE-2015-5369
- RESERVED
+CVE-2015-5369 (Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, ...)
+ TODO: check
CVE-2015-5368
RESERVED
CVE-2015-5367
@@ -1996,8 +1998,7 @@
- openslp-dfsg <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5177
TODO: check
-CVE-2015-5176
- RESERVED
+CVE-2015-5176 (The PortletRequestDispatcher in PortletBridge, as used in Red Hat ...)
NOT-FOR-US: PortletBridge component in JBoss Portal
CVE-2015-5175
RESERVED
@@ -3340,8 +3341,7 @@
RESERVED
CVE-2015-4635
RESERVED
-CVE-2015-4634 [SQL injection in graphs.php]
- RESERVED
+CVE-2015-4634 (SQL injection vulnerability in graphs.php in Cacti before 0.8.8e ...)
{DSA-3312-1 DLA-278-1}
- cacti 0.8.8e+ds1-1
NOTE: http://bugs.cacti.net/view.php?id=2577
@@ -3619,11 +3619,13 @@
NOT-FOR-US: Firefox OS
CVE-2015-4493
RESERVED
+ {DSA-3333-1}
- iceweasel 38.2.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-83/
CVE-2015-4492
RESERVED
+ {DSA-3333-1}
- iceweasel 38.2.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-92/
@@ -3640,16 +3642,19 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-91
CVE-2015-4489
RESERVED
+ {DSA-3333-1}
- iceweasel 38.2.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-90/
CVE-2015-4488
RESERVED
+ {DSA-3333-1}
- iceweasel 38.2.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-90/
CVE-2015-4487
RESERVED
+ {DSA-3333-1}
- iceweasel 38.2.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-90/
@@ -3665,6 +3670,7 @@
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1178148 is restricted
CVE-2015-4484
RESERVED
+ {DSA-3333-1}
- iceweasel 38.2.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-87/
@@ -3682,16 +3688,19 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-84/
CVE-2015-4480 [Overflow issues in libstagefright]
RESERVED
+ {DSA-3333-1}
- iceweasel 38.2.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-83/
CVE-2015-4479 [Overflow issues in libstagefright]
RESERVED
+ {DSA-3333-1}
- iceweasel 38.2.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-83/
CVE-2015-4478 [Redefinition of non-configurable JavaScript object properties]
RESERVED
+ {DSA-3333-1}
- iceweasel 38.2.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-82/
@@ -3712,6 +3721,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-79/
CVE-2015-4473 [Miscellaneous memory safety hazards]
RESERVED
+ {DSA-3333-1}
- iceweasel 38.2.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-79/
@@ -4411,14 +4421,12 @@
NOTE: Git commit: https://github.com/tatsuhiro-t/nghttp2/commit/3572e7c6343cb85fc21f5667a7ed0902cf5305cf
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/06/03/20
NOTE: inflatehd not installed into the Debian binary packages
-CVE-2015-5523 [small file can lead to a 4 Gb allocation; potential DoS]
- RESERVED
+CVE-2015-5523 (The ParseValue function in lexer.c in tidy before 4.9.31 allows remote ...)
{DSA-3309-1 DLA-273-1}
- tidy 20091223cvs-1.5 (bug #792571)
NOTE: https://github.com/htacg/tidy-html5/issues/217#issuecomment-108565501
NOTE: http://www.openwall.com/lists/oss-security/2015/06/04/2
-CVE-2015-5522 [AddressSanitizer: heap-buffer-overflow WRITE of size 1]
- RESERVED
+CVE-2015-5522 (Heap-based buffer overflow in the ParseValue function in lexer.c in ...)
{DSA-3309-1 DLA-273-1}
- tidy 20091223cvs-1.5 (bug #792571)
NOTE: https://github.com/htacg/tidy-html5/issues/217
@@ -6070,8 +6078,8 @@
CVE-2015-3627 (Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor ...)
- docker.io 1.6.1+dfsg1-1 (bug #784726)
NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10
-CVE-2015-3626
- RESERVED
+CVE-2015-3626 (Cross-site scripting (XSS) vulnerability in the DHCP Monitor page the ...)
+ TODO: check
CVE-2015-3625 (The NVIDIA GPU driver for FreeBSD R352 before 352.09, 346 before ...)
- nvidia-graphics-drivers <undetermined>
NOTE: the text seems to indicate that this is freebsd-specific (possibly kfreebsd
@@ -7094,8 +7102,7 @@
RESERVED
CVE-2015-3268
RESERVED
-CVE-2015-3267
- RESERVED
+CVE-2015-3267 (Cross-site scripting (XSS) vulnerability in the 404 error page in Red ...)
NOT-FOR-US: JBoss Operations Network
CVE-2015-3266
RESERVED
@@ -7168,11 +7175,9 @@
NOTE: In Debian directory is not world-writable
CVE-2015-3247
RESERVED
-CVE-2015-3246 [libuser passwd file handling]
- RESERVED
+CVE-2015-3246 (libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the ...)
- libuser <unfixed> (bug #793465)
-CVE-2015-3245 [userhelper chfn() newline filtering]
- RESERVED
+CVE-2015-3245 (Incomplete blacklist vulnerability in the chfn function in libuser ...)
- libuser <unfixed> (bug #793465)
NOTE: initially attributed to usermode package, root-cause fixed in libuser instead
CVE-2015-3244 (The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, ...)
@@ -7253,8 +7258,7 @@
CVE-2015-3229
RESERVED
NOT-FOR-US: Fedora Atomic
-CVE-2015-3228 [Integer overflow]
- RESERVED
+CVE-2015-3228 (Integer overflow in the gs_heap_alloc_bytes function in ...)
{DSA-3326-1 DLA-280-1}
- ghostscript 9.15~dfsg-1 (bug #793489)
NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696070
@@ -10026,8 +10030,8 @@
NOTE: was introduced is affected.
CVE-2015-2324
RESERVED
-CVE-2015-2323
- RESERVED
+CVE-2015-2323 (FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, ...)
+ TODO: check
CVE-2015-2322
RESERVED
CVE-2015-2321
@@ -11582,8 +11586,7 @@
- libxml2 <unfixed> (low; bug #782782)
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9
NOTE: Concerns by Florian Weimer: https://bugzilla.gnome.org/show_bug.cgi?id=748278
-CVE-2015-1818
- RESERVED
+CVE-2015-1818 (XML external entity (XXE) vulnerability in the dashbuilder import ...)
NOT-FOR-US: JBoss dashbuilder
CVE-2015-1817 [stack-based buffer overflow in ipv6 literal parsing]
RESERVED
More information about the Secure-testing-commits
mailing list