[Secure-testing-commits] r36054 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Aug 14 09:10:16 UTC 2015
Author: sectracker
Date: 2015-08-14 09:10:16 +0000 (Fri, 14 Aug 2015)
New Revision: 36054
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-08-14 09:01:36 UTC (rev 36053)
+++ data/CVE/list 2015-08-14 09:10:16 UTC (rev 36054)
@@ -1,3 +1,43 @@
+CVE-2015-5985
+ RESERVED
+CVE-2015-5984
+ RESERVED
+CVE-2015-5983
+ RESERVED
+CVE-2015-5982
+ RESERVED
+CVE-2015-5981
+ RESERVED
+CVE-2015-5980
+ RESERVED
+CVE-2015-5979
+ RESERVED
+CVE-2015-5978
+ RESERVED
+CVE-2015-5977
+ RESERVED
+CVE-2015-5976
+ RESERVED
+CVE-2015-5975
+ RESERVED
+CVE-2015-5974
+ RESERVED
+CVE-2015-5973
+ RESERVED
+CVE-2015-5972
+ RESERVED
+CVE-2015-5971
+ RESERVED
+CVE-2015-5970
+ RESERVED
+CVE-2015-5969
+ RESERVED
+CVE-2015-5968
+ RESERVED
+CVE-2015-5967
+ RESERVED
+CVE-2015-5966
+ RESERVED
CVE-2015-5965 (The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the ...)
NOT-FOR-US: Fortinet FortiOS
CVE-2015-XXXX [crypt XSS]
@@ -561,8 +601,8 @@
RESERVED
CVE-2015-5719
RESERVED
-CVE-2015-5718
- RESERVED
+CVE-2015-5718 (Stack-based buffer overflow in the handle_debug_network function in ...)
+ TODO: check
CVE-2015-5734
RESERVED
{DSA-3332-1}
@@ -1345,8 +1385,7 @@
[squeeze] - kdepim <not-affected> (Bogus condition not present)
NOTE: https://bugs.kde.org/show_bug.cgi?id=340312
NOTE: http://www.openwall.com/lists/oss-security/2015/07/15/5
-CVE-2013-7443 [SQLite array overrun in the skip-scan optimization]
- RESERVED
+CVE-2013-7443 (Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows ...)
- sqlite3 3.8.3-1
[wheezy] - sqlite3 <not-affected> (Vulnerable code introduced in 3.8.2)
[squeeze] - sqlite3 <not-affected> (Vulnerable code introduced in 3.8.2)
@@ -2035,8 +2074,7 @@
RESERVED
CVE-2015-5167
RESERVED
-CVE-2015-5166 [Use after free in QEMU/Xen block unplug protocol]
- RESERVED
+CVE-2015-5166 (Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not ...)
- qemu <unfixed> (bug #794611)
[squeeze] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
@@ -2047,8 +2085,7 @@
NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: pci_piix3_xen_ide_unplug introduced in http://git.qemu.org/?p=qemu.git;a=commitdiff;h=679f4f8b178e7c66fbc2f39c905374ee8663d5d8 (v1.0-rc0)
NOTE: http://xenbits.xen.org/xsa/advisory-139.html
-CVE-2015-5165 [QEMU leak of uninitialized heap memory in rtl8139 device model]
- RESERVED
+CVE-2015-5165 (The C+ mode offload emulation in the RTL8139 network card device model ...)
- qemu <unfixed> (bug #794610)
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <removed>
@@ -2116,8 +2153,7 @@
NOTE: http://marc.info/?l=linux-netdev&m=143868216724068&w=2
CVE-2015-5155
RESERVED
-CVE-2015-5154
- RESERVED
+CVE-2015-5154 (Heap-based buffer overflow in the IDE subsystem in QEMU, as used in ...)
- qemu <unfixed> (bug #793811)
[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced in 1.3)
[squeeze] - qemu <not-affected> (Vulnerable code not present, introduced in 1.3)
@@ -2984,6 +3020,7 @@
CVE-2015-4758 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
NOT-FOR-US: Oracle Fusion
CVE-2015-4757 (Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier ...)
+ {DSA-3311-1}
- mysql-5.6 5.6.25-2
- mysql-5.5 5.5.43-0+deb8u1
NOTE: mysql-5.5 5.5.43 was not uploaded to unstable, bug migrated to unstable due to upload to jessie-security
@@ -3002,7 +3039,7 @@
CVE-2015-4753 (Unspecified vulnerability in the RDBMS Support Tools component in ...)
NOT-FOR-US: Oracle Database Server
CVE-2015-4752 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier ...)
- {DSA-3308-1}
+ {DSA-3311-1 DSA-3308-1}
- mysql-5.6 5.6.25-2
- mysql-5.5 <unfixed> (bug #792445)
- mariadb-10.0 10.0.20-1
@@ -3735,6 +3772,7 @@
RESERVED
CVE-2015-4475 [Out-of-bounds read with malformed MP3 file]
RESERVED
+ {DSA-3333-1}
- iceweasel 38.2.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-80/
@@ -5305,8 +5343,7 @@
NOTE: libv8 not covered by security support
CVE-2015-3909
RESERVED
-CVE-2015-3908 [Improper TLS Certificate Validation in Ansible for get_url]
- RESERVED
+CVE-2015-3908 (Ansible before 1.9.2 does not verify that the server hostname matches ...)
- ansible 1.9.2+dfsg-1 (low)
[jessie] - ansible <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/07/14/4
@@ -7047,33 +7084,27 @@
[wheezy] - glance <not-affected> (Vulnerable code introduced later)
CVE-2015-3288
RESERVED
-CVE-2015-3287 [Buffer overflow in OpenAFS vlserver]
- RESERVED
+CVE-2015-3287 (The vlserver in OpenAFS before 1.6.13 allows remote authenticated ...)
{DSA-3320-1}
- openafs 1.6.13-1
NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-006.txt
-CVE-2015-3286 [Solaris grouplist modifications for PAGs can panic or overwrite memory]
- RESERVED
+CVE-2015-3286 (Buffer overflow in the Solaris kernel extension in OpenAFS before ...)
- openafs <not-affected> (The Solaris kernel extension in versions through 1.6.12)
NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-005.txt
-CVE-2015-3285 [kernel pioctl support for OSD command passing can trigger a panic]
- RESERVED
+CVE-2015-3285 (The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the ...)
{DSA-3320-1}
- openafs 1.6.13-1
NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-004.txt
-CVE-2015-3284 [pioctls leak kernel memory contents]
- RESERVED
+CVE-2015-3284 (pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read ...)
{DSA-3320-1}
- openafs 1.6.13-1
[squeeze] - openafs <not-affected> (Only 1.6.0 trough 1.6.12)
NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-003.txt
-CVE-2015-3283 [bos commands can be spoofed, including some which alter server state]
- RESERVED
+CVE-2015-3283 (OpenAFS before 1.6.13 allows remote attackers to spoof bos commands ...)
{DSA-3320-1}
- openafs 1.6.13-1
NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-002.txt
-CVE-2015-3282 [vos leaks stack data onto the wire in the clear when creating vldb entries]
- RESERVED
+CVE-2015-3282 (vos in OpenAFS before 1.6.13, when updating VLDB entries, allows ...)
{DSA-3320-1}
- openafs 1.6.13-1
NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-001.txt
@@ -7367,8 +7398,7 @@
- linux-2.6 2.6.37-1
[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924 (v2.6.33-rc8)
-CVE-2015-3213 [bypassing locked session without password by crashing Gnome-Shell]
- RESERVED
+CVE-2015-3213 (The gesture handling code in Clutter before 1.16.2 allows physically ...)
- clutter-1.0 1.18.0-1
[wheezy] - clutter-1.0 <not-affected> (Vulnerable code introduced later)
[squeeze] - clutter-1.0 <not-affected> (Vulnerable code was introduced past 1.12.0)
@@ -7476,8 +7506,7 @@
CVE-2015-3188
RESERVED
NOT-FOR-US: Apache Storm
-CVE-2015-3187 [svn_repos_trace_node_locations() reveals paths hidden by authz]
- RESERVED
+CVE-2015-3187 (The svn_repos_trace_node_locations function in Apache Subversion ...)
{DSA-3331-1}
- subversion 1.9.0-1
NOTE: https://subversion.apache.org/security/CVE-2015-3187-advisory.txt
@@ -7492,8 +7521,7 @@
NOTE: https://www.apache.org/dist/httpd/CHANGES_2.4.16
NOTE: http://svn.apache.org/viewvc?view=revision&revision=1684525
NOTE: Behavior changed in 2.4.x refactoring, API no longer usable in 2.4.x
-CVE-2015-3184 [Mixed anonymous/authenticated path-based authz with httpd 2.4]
- RESERVED
+CVE-2015-3184 (mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x ...)
{DSA-3331-1}
- subversion 1.9.0-1
[wheezy] - subversion <not-affected> (1.6 does not build with apache 2.4)
@@ -9189,7 +9217,7 @@
CVE-2015-2649 (Unspecified vulnerability in the Siebel UI Framework component in ...)
NOT-FOR-US: Oracle Seibel CRM
CVE-2015-2648 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier ...)
- {DSA-3308-1}
+ {DSA-3311-1 DSA-3308-1}
- mysql-5.6 5.6.25-2
- mysql-5.5 <unfixed> (bug #792445)
- mariadb-10.0 10.0.20-1
@@ -9203,7 +9231,7 @@
CVE-2015-2644 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...)
NOT-FOR-US: Oracle Supply Chain
CVE-2015-2643 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier ...)
- {DSA-3308-1}
+ {DSA-3311-1 DSA-3308-1}
- mysql-5.6 5.6.25-2
- mysql-5.5 <unfixed> (bug #792445)
- mariadb-10.0 10.0.20-1
@@ -9397,7 +9425,7 @@
CVE-2015-2583 (Unspecified vulnerability in the Data Store component in Oracle ...)
TODO: check
CVE-2015-2582 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier ...)
- {DSA-3308-1}
+ {DSA-3311-1 DSA-3308-1}
- mysql-5.6 5.6.25-2
- mysql-5.5 <unfixed> (bug #792445)
- mariadb-10.0 10.0.20-1
@@ -11426,8 +11454,7 @@
[wheezy] - pdns-recursor <not-affected> (3.5 and up affected)
[squeeze] - pdns-recursor <not-affected> (3.5 and up affected)
NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/
-CVE-2015-1867 [acl read-only access allow role assignment]
- RESERVED
+CVE-2015-1867 (Pacemaker before 1.1.13 does not properly evaluate added nodes, which ...)
- pacemaker <not-affected> (Vulnerable code not present)
NOTE: Introduced by: https://github.com/ClusterLabs/pacemaker/commit/f242c1ef (Pacemaker-1.1.12-rc1)
NOTE: Fixed by: https://github.com/ClusterLabs/pacemaker/commit/84ac07c (Pacemaker-1.1.13-rc2)
@@ -12709,13 +12736,11 @@
NOTE: http://www.sudo.ws/repos/sudo/rev/91859f613b88 (description)
NOTE: http://www.sudo.ws/repos/sudo/rev/579b02f0dbe0 (improved description)
NOTE: http://www.openwall.com/lists/oss-security/2015/02/09/12
-CVE-2015-2058
- RESERVED
+CVE-2015-2058 (c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates ...)
- jabberd2 2.3.3-1 (bug #779154)
NOTE: https://github.com/jabberd2/jabberd2/issues/85
NOTE: http://www.openwall.com/lists/oss-security/2015/02/09/13
-CVE-2015-2059
- RESERVED
+CVE-2015-2059 (The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in ...)
{DLA-277-1}
- libidn 1.31-1 (medium)
NOTE: http://www.openwall.com/lists/oss-security/2015/02/23/25
@@ -13260,8 +13285,7 @@
RESERVED
CVE-2015-1335
RESERVED
-CVE-2015-1334 [processes intended to be run inside of confined LXC containers to escape their AppArmor or SELinux confinement]
- RESERVED
+CVE-2015-1334 (attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a ...)
{DSA-3317-1}
- lxc 1:1.0.7-4 (bug #793298)
[wheezy] - lxc <not-affected> (Affects 0.9.0 and higher)
@@ -13275,8 +13299,7 @@
NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=034faeb9ef390d58239e1dce748143f6b35a0d9b (v3.13-rc1)
CVE-2015-1332
RESERVED
-CVE-2015-1331 [directory traversal]
- RESERVED
+CVE-2015-1331 (lxclock.c in LXC 1.1.2 and earlier allows local users to create ...)
{DSA-3317-1}
- lxc 1:1.0.7-4 (bug #793298)
[wheezy] - lxc <not-affected> (Affects 1.0.0 and higher)
@@ -15165,8 +15188,7 @@
RESERVED
CVE-2015-0852
RESERVED
-CVE-2015-0851 [Shibboleth SP software crashes on well-formed but invalid XML]
- RESERVED
+CVE-2015-0851 (XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth ...)
{DSA-3321-1 DLA-290-2 DLA-290-1}
- xmltooling <unfixed> (bug #793855)
NOTE: http://shibboleth.net/community/advisories/secadv_20150721.txt
More information about the Secure-testing-commits
mailing list