[Secure-testing-commits] r36122 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Aug 17 21:10:13 UTC 2015
Author: sectracker
Date: 2015-08-17 21:10:13 +0000 (Mon, 17 Aug 2015)
New Revision: 36122
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-08-17 20:35:41 UTC (rev 36121)
+++ data/CVE/list 2015-08-17 21:10:13 UTC (rev 36122)
@@ -1,3 +1,529 @@
+CVE-2015-6249
+ RESERVED
+CVE-2015-6248
+ RESERVED
+CVE-2015-6247
+ RESERVED
+CVE-2015-6246
+ RESERVED
+CVE-2015-6245
+ RESERVED
+CVE-2015-6244
+ RESERVED
+CVE-2015-6243
+ RESERVED
+CVE-2015-6242
+ RESERVED
+CVE-2015-6241
+ RESERVED
+CVE-2015-6240
+ RESERVED
+CVE-2015-6239
+ RESERVED
+CVE-2015-6238
+ RESERVED
+CVE-2015-6237
+ RESERVED
+CVE-2015-6236
+ RESERVED
+CVE-2015-6235
+ RESERVED
+CVE-2015-6234
+ RESERVED
+CVE-2015-6233
+ RESERVED
+CVE-2015-6232
+ RESERVED
+CVE-2015-6231
+ RESERVED
+CVE-2015-6230
+ RESERVED
+CVE-2015-6229
+ RESERVED
+CVE-2015-6228
+ RESERVED
+CVE-2015-6227
+ RESERVED
+CVE-2015-6226
+ RESERVED
+CVE-2015-6225
+ RESERVED
+CVE-2015-6224
+ RESERVED
+CVE-2015-6223
+ RESERVED
+CVE-2015-6222
+ RESERVED
+CVE-2015-6221
+ RESERVED
+CVE-2015-6220
+ RESERVED
+CVE-2015-6219
+ RESERVED
+CVE-2015-6218
+ RESERVED
+CVE-2015-6217
+ RESERVED
+CVE-2015-6216
+ RESERVED
+CVE-2015-6215
+ RESERVED
+CVE-2015-6214
+ RESERVED
+CVE-2015-6213
+ RESERVED
+CVE-2015-6212
+ RESERVED
+CVE-2015-6211
+ RESERVED
+CVE-2015-6210
+ RESERVED
+CVE-2015-6209
+ RESERVED
+CVE-2015-6208
+ RESERVED
+CVE-2015-6207
+ RESERVED
+CVE-2015-6206
+ RESERVED
+CVE-2015-6205
+ RESERVED
+CVE-2015-6204
+ RESERVED
+CVE-2015-6203
+ RESERVED
+CVE-2015-6202
+ RESERVED
+CVE-2015-6201
+ RESERVED
+CVE-2015-6200
+ RESERVED
+CVE-2015-6199
+ RESERVED
+CVE-2015-6198
+ RESERVED
+CVE-2015-6197
+ RESERVED
+CVE-2015-6196
+ RESERVED
+CVE-2015-6195
+ RESERVED
+CVE-2015-6194
+ RESERVED
+CVE-2015-6193
+ RESERVED
+CVE-2015-6192
+ RESERVED
+CVE-2015-6191
+ RESERVED
+CVE-2015-6190
+ RESERVED
+CVE-2015-6189
+ RESERVED
+CVE-2015-6188
+ RESERVED
+CVE-2015-6187
+ RESERVED
+CVE-2015-6186
+ RESERVED
+CVE-2015-6185
+ RESERVED
+CVE-2015-6184
+ RESERVED
+CVE-2015-6183
+ RESERVED
+CVE-2015-6182
+ RESERVED
+CVE-2015-6181
+ RESERVED
+CVE-2015-6180
+ RESERVED
+CVE-2015-6179
+ RESERVED
+CVE-2015-6178
+ RESERVED
+CVE-2015-6177
+ RESERVED
+CVE-2015-6176
+ RESERVED
+CVE-2015-6175
+ RESERVED
+CVE-2015-6174
+ RESERVED
+CVE-2015-6173
+ RESERVED
+CVE-2015-6172
+ RESERVED
+CVE-2015-6171
+ RESERVED
+CVE-2015-6170
+ RESERVED
+CVE-2015-6169
+ RESERVED
+CVE-2015-6168
+ RESERVED
+CVE-2015-6167
+ RESERVED
+CVE-2015-6166
+ RESERVED
+CVE-2015-6165
+ RESERVED
+CVE-2015-6164
+ RESERVED
+CVE-2015-6163
+ RESERVED
+CVE-2015-6162
+ RESERVED
+CVE-2015-6161
+ RESERVED
+CVE-2015-6160
+ RESERVED
+CVE-2015-6159
+ RESERVED
+CVE-2015-6158
+ RESERVED
+CVE-2015-6157
+ RESERVED
+CVE-2015-6156
+ RESERVED
+CVE-2015-6155
+ RESERVED
+CVE-2015-6154
+ RESERVED
+CVE-2015-6153
+ RESERVED
+CVE-2015-6152
+ RESERVED
+CVE-2015-6151
+ RESERVED
+CVE-2015-6150
+ RESERVED
+CVE-2015-6149
+ RESERVED
+CVE-2015-6148
+ RESERVED
+CVE-2015-6147
+ RESERVED
+CVE-2015-6146
+ RESERVED
+CVE-2015-6145
+ RESERVED
+CVE-2015-6144
+ RESERVED
+CVE-2015-6143
+ RESERVED
+CVE-2015-6142
+ RESERVED
+CVE-2015-6141
+ RESERVED
+CVE-2015-6140
+ RESERVED
+CVE-2015-6139
+ RESERVED
+CVE-2015-6138
+ RESERVED
+CVE-2015-6137
+ RESERVED
+CVE-2015-6136
+ RESERVED
+CVE-2015-6135
+ RESERVED
+CVE-2015-6134
+ RESERVED
+CVE-2015-6133
+ RESERVED
+CVE-2015-6132
+ RESERVED
+CVE-2015-6131
+ RESERVED
+CVE-2015-6130
+ RESERVED
+CVE-2015-6129
+ RESERVED
+CVE-2015-6128
+ RESERVED
+CVE-2015-6127
+ RESERVED
+CVE-2015-6126
+ RESERVED
+CVE-2015-6125
+ RESERVED
+CVE-2015-6124
+ RESERVED
+CVE-2015-6123
+ RESERVED
+CVE-2015-6122
+ RESERVED
+CVE-2015-6121
+ RESERVED
+CVE-2015-6120
+ RESERVED
+CVE-2015-6119
+ RESERVED
+CVE-2015-6118
+ RESERVED
+CVE-2015-6117
+ RESERVED
+CVE-2015-6116
+ RESERVED
+CVE-2015-6115
+ RESERVED
+CVE-2015-6114
+ RESERVED
+CVE-2015-6113
+ RESERVED
+CVE-2015-6112
+ RESERVED
+CVE-2015-6111
+ RESERVED
+CVE-2015-6110
+ RESERVED
+CVE-2015-6109
+ RESERVED
+CVE-2015-6108
+ RESERVED
+CVE-2015-6107
+ RESERVED
+CVE-2015-6106
+ RESERVED
+CVE-2015-6105
+ RESERVED
+CVE-2015-6104
+ RESERVED
+CVE-2015-6103
+ RESERVED
+CVE-2015-6102
+ RESERVED
+CVE-2015-6101
+ RESERVED
+CVE-2015-6100
+ RESERVED
+CVE-2015-6099
+ RESERVED
+CVE-2015-6098
+ RESERVED
+CVE-2015-6097
+ RESERVED
+CVE-2015-6096
+ RESERVED
+CVE-2015-6095
+ RESERVED
+CVE-2015-6094
+ RESERVED
+CVE-2015-6093
+ RESERVED
+CVE-2015-6092
+ RESERVED
+CVE-2015-6091
+ RESERVED
+CVE-2015-6090
+ RESERVED
+CVE-2015-6089
+ RESERVED
+CVE-2015-6088
+ RESERVED
+CVE-2015-6087
+ RESERVED
+CVE-2015-6086
+ RESERVED
+CVE-2015-6085
+ RESERVED
+CVE-2015-6084
+ RESERVED
+CVE-2015-6083
+ RESERVED
+CVE-2015-6082
+ RESERVED
+CVE-2015-6081
+ RESERVED
+CVE-2015-6080
+ RESERVED
+CVE-2015-6079
+ RESERVED
+CVE-2015-6078
+ RESERVED
+CVE-2015-6077
+ RESERVED
+CVE-2015-6076
+ RESERVED
+CVE-2015-6075
+ RESERVED
+CVE-2015-6074
+ RESERVED
+CVE-2015-6073
+ RESERVED
+CVE-2015-6072
+ RESERVED
+CVE-2015-6071
+ RESERVED
+CVE-2015-6070
+ RESERVED
+CVE-2015-6069
+ RESERVED
+CVE-2015-6068
+ RESERVED
+CVE-2015-6067
+ RESERVED
+CVE-2015-6066
+ RESERVED
+CVE-2015-6065
+ RESERVED
+CVE-2015-6064
+ RESERVED
+CVE-2015-6063
+ RESERVED
+CVE-2015-6062
+ RESERVED
+CVE-2015-6061
+ RESERVED
+CVE-2015-6060
+ RESERVED
+CVE-2015-6059
+ RESERVED
+CVE-2015-6058
+ RESERVED
+CVE-2015-6057
+ RESERVED
+CVE-2015-6056
+ RESERVED
+CVE-2015-6055
+ RESERVED
+CVE-2015-6054
+ RESERVED
+CVE-2015-6053
+ RESERVED
+CVE-2015-6052
+ RESERVED
+CVE-2015-6051
+ RESERVED
+CVE-2015-6050
+ RESERVED
+CVE-2015-6049
+ RESERVED
+CVE-2015-6048
+ RESERVED
+CVE-2015-6047
+ RESERVED
+CVE-2015-6046
+ RESERVED
+CVE-2015-6045
+ RESERVED
+CVE-2015-6044
+ RESERVED
+CVE-2015-6043
+ RESERVED
+CVE-2015-6042
+ RESERVED
+CVE-2015-6041
+ RESERVED
+CVE-2015-6040
+ RESERVED
+CVE-2015-6039
+ RESERVED
+CVE-2015-6038
+ RESERVED
+CVE-2015-6037
+ RESERVED
+CVE-2015-6036
+ RESERVED
+CVE-2015-6035
+ RESERVED
+CVE-2015-6034
+ RESERVED
+CVE-2015-6033
+ RESERVED
+CVE-2015-6032
+ RESERVED
+CVE-2015-6031
+ RESERVED
+CVE-2015-6030
+ RESERVED
+CVE-2015-6029
+ RESERVED
+CVE-2015-6028
+ RESERVED
+CVE-2015-6027
+ RESERVED
+CVE-2015-6026
+ RESERVED
+CVE-2015-6025
+ RESERVED
+CVE-2015-6024
+ RESERVED
+CVE-2015-6023
+ RESERVED
+CVE-2015-6022
+ RESERVED
+CVE-2015-6021
+ RESERVED
+CVE-2015-6020
+ RESERVED
+CVE-2015-6019
+ RESERVED
+CVE-2015-6018
+ RESERVED
+CVE-2015-6017
+ RESERVED
+CVE-2015-6016
+ RESERVED
+CVE-2015-6015
+ RESERVED
+CVE-2015-6014
+ RESERVED
+CVE-2015-6013
+ RESERVED
+CVE-2015-6012
+ RESERVED
+CVE-2015-6011
+ RESERVED
+CVE-2015-6010
+ RESERVED
+CVE-2015-6009
+ RESERVED
+CVE-2015-6008
+ RESERVED
+CVE-2015-6007
+ RESERVED
+CVE-2015-6006
+ RESERVED
+CVE-2015-6005
+ RESERVED
+CVE-2015-6004
+ RESERVED
+CVE-2015-6003
+ RESERVED
+CVE-2015-6002
+ RESERVED
+CVE-2015-6001
+ RESERVED
+CVE-2015-6000
+ RESERVED
+CVE-2015-5999
+ RESERVED
+CVE-2015-5998
+ RESERVED
+CVE-2015-5997
+ RESERVED
+CVE-2015-5996
+ RESERVED
+CVE-2015-5995
+ RESERVED
+CVE-2015-5994
+ RESERVED
+CVE-2015-5993
+ RESERVED
+CVE-2015-5992
+ RESERVED
+CVE-2015-5991
+ RESERVED
+CVE-2015-5990
+ RESERVED
+CVE-2015-5989
+ RESERVED
+CVE-2015-5988
+ RESERVED
+CVE-2015-5987
+ RESERVED
CVE-2015-XXXX [wnpa 2015-21]
- wireshark 1.12.7+g7fc8978-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-21.html
@@ -131,6 +657,7 @@
NOTE: https://github.com/golang/go/commit/26049f6f9171d1190f3bbe05ec304845cfe6399f
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/06/2
CVE-2015-6251 [GNUTLS-SA-2015-3 double free in certificate DN decoding]
+ {DSA-3334-1}
- gnutls28 3.3.17-1 (bug #795068)
NOTE: Added workaround item until CVE assigned
- gnutls26 <not-affected> (Vulnerable code not present)
@@ -485,84 +1012,84 @@
RESERVED
CVE-2015-5785
RESERVED
-CVE-2015-5784
- RESERVED
-CVE-2015-5783
- RESERVED
-CVE-2015-5782
- RESERVED
-CVE-2015-5781
- RESERVED
+CVE-2015-5784 (runner in Install.framework in the Install Framework Legacy component ...)
+ TODO: check
+CVE-2015-5783 (IOGraphics in Apple OS X before 10.10.5 allows attackers to execute ...)
+ TODO: check
+CVE-2015-5782 (ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not ...)
+ TODO: check
+CVE-2015-5781 (ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not ...)
+ TODO: check
CVE-2015-5780
RESERVED
-CVE-2015-5779
- RESERVED
-CVE-2015-5778
- RESERVED
-CVE-2015-5777
- RESERVED
-CVE-2015-5776
- RESERVED
-CVE-2015-5775
- RESERVED
-CVE-2015-5774
- RESERVED
-CVE-2015-5773
- RESERVED
-CVE-2015-5772
- RESERVED
-CVE-2015-5771
- RESERVED
-CVE-2015-5770
- RESERVED
-CVE-2015-5769
- RESERVED
-CVE-2015-5768
- RESERVED
+CVE-2015-5779 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ...)
+ TODO: check
+CVE-2015-5778 (CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 ...)
+ TODO: check
+CVE-2015-5777 (CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 ...)
+ TODO: check
+CVE-2015-5776 (Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
+ TODO: check
+CVE-2015-5775 (FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
+ TODO: check
+CVE-2015-5774 (Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X ...)
+ TODO: check
+CVE-2015-5773 (QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
+ TODO: check
+CVE-2015-5772 (Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.5 ...)
+ TODO: check
+CVE-2015-5771 (Quartz Composer Framework in Apple OS X before 10.10.5 allows remote ...)
+ TODO: check
+CVE-2015-5770 (MobileInstallation in Apple iOS before 8.4.1 does not ensure the ...)
+ TODO: check
+CVE-2015-5769 (The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to ...)
+ TODO: check
+CVE-2015-5768 (AppleGraphicsControl in Apple OS X before 10.10.5 allows attackers to ...)
+ TODO: check
CVE-2015-5767
RESERVED
-CVE-2015-5766
- RESERVED
+CVE-2015-5766 (Directory traversal vulnerability in Air Traffic in Apple iOS before ...)
+ TODO: check
CVE-2015-5765
RESERVED
CVE-2015-5764
RESERVED
-CVE-2015-5763
- RESERVED
+CVE-2015-5763 (ntfs in Apple OS X before 10.10.5 allows local users to gain ...)
+ TODO: check
CVE-2015-5762
RESERVED
-CVE-2015-5761
- RESERVED
+CVE-2015-5761 (CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
+ TODO: check
CVE-2015-5760
RESERVED
-CVE-2015-5759
- RESERVED
-CVE-2015-5758
- RESERVED
-CVE-2015-5757
- RESERVED
-CVE-2015-5756
- RESERVED
-CVE-2015-5755
- RESERVED
-CVE-2015-5754
- RESERVED
-CVE-2015-5753
- RESERVED
-CVE-2015-5752
- RESERVED
-CVE-2015-5751
- RESERVED
-CVE-2015-5750
- RESERVED
-CVE-2015-5749
- RESERVED
-CVE-2015-5748
- RESERVED
-CVE-2015-5747
- RESERVED
-CVE-2015-5746
- RESERVED
+CVE-2015-5759 (WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof ...)
+ TODO: check
+CVE-2015-5758 (ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
+ TODO: check
+CVE-2015-5757 (libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
+ TODO: check
+CVE-2015-5756 (FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
+ TODO: check
+CVE-2015-5755 (CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
+ TODO: check
+CVE-2015-5754 (Race condition in runner in Install.framework in the Install Framework ...)
+ TODO: check
+CVE-2015-5753 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ...)
+ TODO: check
+CVE-2015-5752 (Backup in Apple iOS before 8.4.1 allows attackers to bypass intended ...)
+ TODO: check
+CVE-2015-5751 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ...)
+ TODO: check
+CVE-2015-5750 (Data Detectors Engine in Apple OS X before 10.10.5 allows attackers to ...)
+ TODO: check
+CVE-2015-5749 (The Sandbox_profiles component in Apple iOS before 8.4.1 allows ...)
+ TODO: check
+CVE-2015-5748 (The kernel in Apple OS X before 10.10.5 does not properly mount HFS ...)
+ TODO: check
+CVE-2015-5747 (The fasttrap driver in the kernel in Apple OS X before 10.10.5 allows ...)
+ TODO: check
+CVE-2015-5746 (AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass ...)
+ TODO: check
CVE-2015-5744
RESERVED
CVE-2015-5743
@@ -795,8 +1322,8 @@
RESERVED
CVE-2015-5698
RESERVED
-CVE-2015-5696
- RESERVED
+CVE-2015-5696 (Dell Netvault Backup before 10.0.5 allows remote attackers to cause a ...)
+ TODO: check
CVE-2015-5693
RESERVED
CVE-2015-5692
@@ -1358,8 +1885,7 @@
NOTE: https://kb.isc.org/article/AA-01272/0
CVE-2015-5476
RESERVED
-CVE-2015-5475 [XSS]
- RESERVED
+CVE-2015-5475 (Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker ...)
{DSA-3335-1}
- request-tracker4 4.2.11-2
NOTE: https://github.com/bestpractical/rt/commit/67d517ba3421ba462e349c73207a627d137ef8ac (4.2.x)
@@ -3675,8 +4201,7 @@
RESERVED
CVE-2015-4497
RESERVED
-CVE-2015-4496
- RESERVED
+CVE-2015-4496 (Multiple integer overflows in libstagefright in Mozilla Firefox before ...)
- iceweasel 38.0-1
[wheezy] - iceweasel 38.2.0esr-1~deb7u1
[jessie] - iceweasel 38.2.0esr-1~deb8u1
@@ -3693,111 +4218,91 @@
TODO: check if exploitable as well for pdf.js and needs an update
CVE-2015-4494 (Mozilla Firefox OS before 2.2 does not require the wifi-manage ...)
NOT-FOR-US: Firefox OS
-CVE-2015-4493
- RESERVED
+CVE-2015-4493 (Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor ...)
{DSA-3333-1}
- iceweasel 38.2.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-83/
-CVE-2015-4492
- RESERVED
+CVE-2015-4492 (Use-after-free vulnerability in the XMLHttpRequest::Open ...)
{DSA-3333-1}
- iceweasel 38.2.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-92/
-CVE-2015-4491 [gdk-pixbuf heap overflow and DoS]
- RESERVED
+CVE-2015-4491 (Integer overflow in the make_filter_table function in pixops/pixops.c ...)
- gdk-pixbuf 2.31.5-1
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=752297
NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199
NOTE: http://www.openwall.com/lists/oss-security/2015/07/17/17
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-88/
-CVE-2015-4490
- RESERVED
+CVE-2015-4490 (The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in ...)
- iceweasel <not-affected> (Only affects Firefox 39)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-91
-CVE-2015-4489
- RESERVED
+CVE-2015-4489 (The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR ...)
{DSA-3333-1}
- iceweasel 38.2.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-90/
-CVE-2015-4488
- RESERVED
+CVE-2015-4488 (Use-after-free vulnerability in the StyleAnimationValue class in ...)
{DSA-3333-1}
- iceweasel 38.2.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-90/
-CVE-2015-4487
- RESERVED
+CVE-2015-4487 (The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, ...)
{DSA-3333-1}
- iceweasel 38.2.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-90/
-CVE-2015-4486
- RESERVED
+CVE-2015-4486 (The decrease_ref_count function in libvpx in Mozilla Firefox before ...)
- libvpx <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-89/
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1177948 is restricted
-CVE-2015-4485
- RESERVED
+CVE-2015-4485 (Heap-based buffer overflow in the resize_context_buffers function in ...)
- libvpx <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-89/
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1178148 is restricted
-CVE-2015-4484
- RESERVED
+CVE-2015-4484 (The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript ...)
{DSA-3333-1}
- iceweasel 38.2.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-87/
-CVE-2015-4483
- RESERVED
+CVE-2015-4483 (Mozilla Firefox before 40.0 allows man-in-the-middle attackers to ...)
- iceweasel <not-affected> (Only affects Firefox 39)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-86/
-CVE-2015-4482
- RESERVED
+CVE-2015-4482 (mar_read.c in the Updater in Mozilla Firefox before 40.0 and Firefox ...)
- iceweasel <not-affected> (Updater not used in Debian)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-85/
-CVE-2015-4481
- RESERVED
+CVE-2015-4481 (Race condition in the Mozilla Maintenance Service in Mozilla Firefox ...)
- iceweasel <not-affected> (Only affects Firefox on Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-84/
-CVE-2015-4480 [Overflow issues in libstagefright]
- RESERVED
+CVE-2015-4480 (Integer overflow in the stagefright::SampleTable::isValid function in ...)
{DSA-3333-1}
- iceweasel 38.2.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-83/
-CVE-2015-4479 [Overflow issues in libstagefright]
- RESERVED
+CVE-2015-4479 (Multiple integer overflows in libstagefright in Mozilla Firefox before ...)
{DSA-3333-1}
- iceweasel 38.2.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-83/
-CVE-2015-4478 [Redefinition of non-configurable JavaScript object properties]
- RESERVED
+CVE-2015-4478 (Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not ...)
{DSA-3333-1}
- iceweasel 38.2.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-82/
-CVE-2015-4477 [Use-after-free in MediaStream playback]
- RESERVED
+CVE-2015-4477 (Use-after-free vulnerability in the MediaStream playback feature in ...)
- iceweasel <not-affected> (Only affects Firefox 39)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-81/
CVE-2015-4476
RESERVED
-CVE-2015-4475 [Out-of-bounds read with malformed MP3 file]
- RESERVED
+CVE-2015-4475 (The mozilla::AudioSink function in Mozilla Firefox before 40.0 and ...)
{DSA-3333-1}
- iceweasel 38.2.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-80/
-CVE-2015-4474 [Miscellaneous memory safety hazards]
- RESERVED
+CVE-2015-4474 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- iceweasel <not-affected> (Only affects Firefox 39)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-79/
-CVE-2015-4473 [Miscellaneous memory safety hazards]
- RESERVED
+CVE-2015-4473 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
{DSA-3333-1}
- iceweasel 38.2.0esr-1
[squeeze] - iceweasel <end-of-life>
@@ -5634,164 +6139,164 @@
[squeeze] - wireshark <not-affected> (Vulnerable code not present)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11036
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-12.html
-CVE-2015-3807
- RESERVED
-CVE-2015-3806
- RESERVED
-CVE-2015-3805
- RESERVED
-CVE-2015-3804
- RESERVED
-CVE-2015-3803
- RESERVED
-CVE-2015-3802
- RESERVED
+CVE-2015-3807 (libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
+ TODO: check
+CVE-2015-3806 (Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to ...)
+ TODO: check
+CVE-2015-3805 (Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to ...)
+ TODO: check
+CVE-2015-3804 (FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
+ TODO: check
+CVE-2015-3803 (Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to ...)
+ TODO: check
+CVE-2015-3802 (Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to ...)
+ TODO: check
CVE-2015-3801
RESERVED
-CVE-2015-3800
- RESERVED
-CVE-2015-3799
- RESERVED
-CVE-2015-3798
- RESERVED
-CVE-2015-3797
- RESERVED
-CVE-2015-3796
- RESERVED
-CVE-2015-3795
- RESERVED
-CVE-2015-3794
- RESERVED
-CVE-2015-3793
- RESERVED
-CVE-2015-3792
- RESERVED
-CVE-2015-3791
- RESERVED
-CVE-2015-3790
- RESERVED
-CVE-2015-3789
- RESERVED
-CVE-2015-3788
- RESERVED
-CVE-2015-3787
- RESERVED
-CVE-2015-3786
- RESERVED
+CVE-2015-3800 (The DiskImages component in Apple iOS before 8.4.1 and OS X before ...)
+ TODO: check
+CVE-2015-3799 (The Apple ID OD plug-in in Apple OS X before 10.10.5 allows attackers ...)
+ TODO: check
+CVE-2015-3798 (The TRE library in Libc in Apple iOS before 8.4.1 and OS X before ...)
+ TODO: check
+CVE-2015-3797 (The TRE library in Libc in Apple iOS before 8.4.1 and OS X before ...)
+ TODO: check
+CVE-2015-3796 (The TRE library in Libc in Apple iOS before 8.4.1 and OS X before ...)
+ TODO: check
+CVE-2015-3795 (libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
+ TODO: check
+CVE-2015-3794 (The Speech UI in Apple OS X before 10.10.5, when speech alerts are ...)
+ TODO: check
+CVE-2015-3793 (CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the ...)
+ TODO: check
+CVE-2015-3792 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ...)
+ TODO: check
+CVE-2015-3791 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ...)
+ TODO: check
+CVE-2015-3790 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ...)
+ TODO: check
+CVE-2015-3789 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ...)
+ TODO: check
+CVE-2015-3788 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ...)
+ TODO: check
+CVE-2015-3787 (The Bluetooth subsystem in Apple OS X before 10.10.5 allows remote ...)
+ TODO: check
+CVE-2015-3786 (The Bluetooth subsystem in Apple OS X before 10.10.5 does not properly ...)
+ TODO: check
CVE-2015-3785
RESERVED
-CVE-2015-3784
- RESERVED
-CVE-2015-3783
- RESERVED
-CVE-2015-3782
- RESERVED
-CVE-2015-3781
- RESERVED
-CVE-2015-3780
- RESERVED
-CVE-2015-3779
- RESERVED
-CVE-2015-3778
- RESERVED
-CVE-2015-3777
- RESERVED
-CVE-2015-3776
- RESERVED
-CVE-2015-3775
- RESERVED
-CVE-2015-3774
- RESERVED
-CVE-2015-3773
- RESERVED
-CVE-2015-3772
- RESERVED
-CVE-2015-3771
- RESERVED
-CVE-2015-3770
- RESERVED
-CVE-2015-3769
- RESERVED
-CVE-2015-3768
- RESERVED
-CVE-2015-3767
- RESERVED
-CVE-2015-3766
- RESERVED
-CVE-2015-3765
- RESERVED
-CVE-2015-3764
- RESERVED
-CVE-2015-3763
- RESERVED
-CVE-2015-3762
- RESERVED
-CVE-2015-3761
- RESERVED
-CVE-2015-3760
- RESERVED
-CVE-2015-3759
- RESERVED
-CVE-2015-3758
- RESERVED
-CVE-2015-3757
- RESERVED
-CVE-2015-3756
- RESERVED
-CVE-2015-3755
- RESERVED
-CVE-2015-3754
- RESERVED
-CVE-2015-3753
- RESERVED
-CVE-2015-3752
- RESERVED
-CVE-2015-3751
- RESERVED
-CVE-2015-3750
- RESERVED
-CVE-2015-3749
- RESERVED
-CVE-2015-3748
- RESERVED
-CVE-2015-3747
- RESERVED
-CVE-2015-3746
- RESERVED
-CVE-2015-3745
- RESERVED
-CVE-2015-3744
- RESERVED
-CVE-2015-3743
- RESERVED
-CVE-2015-3742
- RESERVED
-CVE-2015-3741
- RESERVED
-CVE-2015-3740
- RESERVED
-CVE-2015-3739
- RESERVED
-CVE-2015-3738
- RESERVED
-CVE-2015-3737
- RESERVED
-CVE-2015-3736
- RESERVED
-CVE-2015-3735
- RESERVED
-CVE-2015-3734
- RESERVED
-CVE-2015-3733
- RESERVED
-CVE-2015-3732
- RESERVED
-CVE-2015-3731
- RESERVED
-CVE-2015-3730
- RESERVED
-CVE-2015-3729
- RESERVED
+CVE-2015-3784 (Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
+ TODO: check
+CVE-2015-3783 (SceneKit in Apple OS X before 10.10.5 allows remote attackers to ...)
+ TODO: check
+CVE-2015-3782 (CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
+ TODO: check
+CVE-2015-3781 (Cross-site scripting (XSS) vulnerability in Quick Look in Apple OS X ...)
+ TODO: check
+CVE-2015-3780 (The Bluetooth subsystem in Apple OS X before 10.10.5 allows attackers ...)
+ TODO: check
+CVE-2015-3779 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ...)
+ TODO: check
+CVE-2015-3778 (bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote ...)
+ TODO: check
+CVE-2015-3777 (Multiple buffer overflows in blued in the Bluetooth subsystem in Apple ...)
+ TODO: check
+CVE-2015-3776 (IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
+ TODO: check
+CVE-2015-3775 (Apple OS X before 10.10.5 does not properly implement authentication, ...)
+ TODO: check
+CVE-2015-3774 (The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, ...)
+ TODO: check
+CVE-2015-3773 (The SMB client in Apple OS X before 10.10.5 allows remote attackers to ...)
+ TODO: check
+CVE-2015-3772 (IOFireWireFamily in Apple OS X before 10.10.5 allows local users to ...)
+ TODO: check
+CVE-2015-3771 (IOFireWireFamily in Apple OS X before 10.10.5 allows local users to ...)
+ TODO: check
+CVE-2015-3770 (IOGraphics in Apple OS X before 10.10.5 allows attackers to execute ...)
+ TODO: check
+CVE-2015-3769 (IOFireWireFamily in Apple OS X before 10.10.5 allows local users to ...)
+ TODO: check
+CVE-2015-3768 (Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X ...)
+ TODO: check
+CVE-2015-3767 (udf in Apple OS X before 10.10.5 allows local users to gain privileges ...)
+ TODO: check
+CVE-2015-3766 (The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not ...)
+ TODO: check
+CVE-2015-3765 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ...)
+ TODO: check
+CVE-2015-3764 (Notification Center in Apple OS X before 10.10.5 does not properly ...)
+ TODO: check
+CVE-2015-3763 (Safari in Apple iOS before 8.4.1 does not limit the rate of JavaScript ...)
+ TODO: check
+CVE-2015-3762 (The Text Formats component in Apple OS X before 10.10.5, as used in ...)
+ TODO: check
+CVE-2015-3761 (The kernel in Apple OS X before 10.10.5 does not properly validate ...)
+ TODO: check
+CVE-2015-3760 (dyld in Apple OS X before 10.10.5 does not properly validate pathnames ...)
+ TODO: check
+CVE-2015-3759 (Location Framework in Apple iOS before 8.4.1 allows local users to ...)
+ TODO: check
+CVE-2015-3758 (UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an ...)
+ TODO: check
+CVE-2015-3757 (Apple OS X before 10.10.5 does not properly restrict access to the ...)
+ TODO: check
+CVE-2015-3756 (The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 ...)
+ TODO: check
+CVE-2015-3755 (WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before ...)
+ TODO: check
+CVE-2015-3754 (The private-browsing implementation in WebKit in Apple Safari before ...)
+ TODO: check
+CVE-2015-3753 (WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before ...)
+ TODO: check
+CVE-2015-3752 (The Content Security Policy implementation in WebKit in Apple Safari ...)
+ TODO: check
+CVE-2015-3751 (WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before ...)
+ TODO: check
+CVE-2015-3750 (WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before ...)
+ TODO: check
+CVE-2015-3749 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
+ TODO: check
+CVE-2015-3748 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
+ TODO: check
+CVE-2015-3747 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
+ TODO: check
+CVE-2015-3746 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
+ TODO: check
+CVE-2015-3745 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
+ TODO: check
+CVE-2015-3744 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
+ TODO: check
+CVE-2015-3743 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
+ TODO: check
+CVE-2015-3742 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
+ TODO: check
+CVE-2015-3741 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
+ TODO: check
+CVE-2015-3740 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
+ TODO: check
+CVE-2015-3739 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
+ TODO: check
+CVE-2015-3738 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
+ TODO: check
+CVE-2015-3737 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
+ TODO: check
+CVE-2015-3736 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
+ TODO: check
+CVE-2015-3735 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
+ TODO: check
+CVE-2015-3734 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
+ TODO: check
+CVE-2015-3733 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
+ TODO: check
+CVE-2015-3732 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
+ TODO: check
+CVE-2015-3731 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
+ TODO: check
+CVE-2015-3730 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
+ TODO: check
+CVE-2015-3729 (Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as ...)
+ TODO: check
CVE-2015-3728 (The WiFi Connectivity feature in Apple iOS before 8.4 allows remote ...)
NOT-FOR-US: Apple iOS
CVE-2015-3727 (WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before ...)
@@ -7092,8 +7597,7 @@
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9d05041679904b12c12421cbcf9cb5f4860a8d7b (prerequisite)
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0e181bb58143cb4a2e8f01c281b0816cd0e4798e (prerequisite)
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a
-CVE-2015-3289 [Glance task flow may fail to delete image from backend]
- RESERVED
+CVE-2015-3289 (OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated ...)
- glance 2015.1.0-4 (bug #793896)
[jessie] - glance <not-affected> (Vulnerable code introduced later)
[wheezy] - glance <not-affected> (Vulnerable code introduced later)
@@ -7300,8 +7804,7 @@
[wheezy] - curl <not-affected> (Vulnerable code not present)
[squeeze] - curl <not-affected> (Vulnerable code not present)
NOTE: http://curl.haxx.se/docs/adv_20150617A.html
-CVE-2015-3235
- RESERVED
+CVE-2015-3235 (Foreman before 1.9.0 allows remote authenticated users with the ...)
- foreman <itp> (bug #663101)
CVE-2015-3234 (The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows ...)
{DSA-3291-1}
@@ -7656,8 +8159,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1216073#c1
NOTE: partially fixed already in 2015.1~rc2-1, cf. #787654
NOTE: will be completed during kilo release
-CVE-2015-3155
- RESERVED
+CVE-2015-3155 (Foreman before 1.8.1 does not set the secure flag for the _session_id ...)
- foreman <itp> (bug #663101)
CVE-2015-3154 [Potential CRLF injection attacks in mail and HTTP headers]
RESERVED
@@ -8938,6 +9440,7 @@
[squeeze] - icedove <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-63/
CVE-2015-2730 (Mozilla Network Security Services (NSS) before 3.19.1, as used in ...)
+ {DSA-3336-1}
- nss 2:3.19.1-1
- iceweasel 38.1.0esr-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 38 and later)
@@ -8999,7 +9502,7 @@
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-65/
CVE-2015-2721 (Mozilla Network Security Services (NSS) before 3.19, as used in ...)
- {DSA-3324-1 DSA-3300-1}
+ {DSA-3336-1 DSA-3324-1 DSA-3300-1}
- nss 2:3.19.1-1
NOTE: NSS patch: https://hg.mozilla.org/projects/nss/rev/6b4770c76bc8
NOTE: NSS testcase: https://hg.mozilla.org/projects/nss/rev/1865635f5df5
@@ -9663,77 +10166,77 @@
RESERVED
CVE-2015-2482
RESERVED
-CVE-2015-2481
- RESERVED
-CVE-2015-2480
- RESERVED
-CVE-2015-2479
- RESERVED
+CVE-2015-2481 (The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect ...)
+ TODO: check
+CVE-2015-2480 (The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect ...)
+ TODO: check
+CVE-2015-2479 (The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect ...)
+ TODO: check
CVE-2015-2478
RESERVED
-CVE-2015-2477
- RESERVED
-CVE-2015-2476
- RESERVED
-CVE-2015-2475
- RESERVED
-CVE-2015-2474
- RESERVED
-CVE-2015-2473
- RESERVED
-CVE-2015-2472
- RESERVED
-CVE-2015-2471
- RESERVED
-CVE-2015-2470
- RESERVED
-CVE-2015-2469
- RESERVED
-CVE-2015-2468
- RESERVED
-CVE-2015-2467
- RESERVED
-CVE-2015-2466
- RESERVED
-CVE-2015-2465
- RESERVED
-CVE-2015-2464
- RESERVED
-CVE-2015-2463
- RESERVED
-CVE-2015-2462
- RESERVED
-CVE-2015-2461
- RESERVED
-CVE-2015-2460
- RESERVED
-CVE-2015-2459
- RESERVED
-CVE-2015-2458
- RESERVED
+CVE-2015-2477 (Microsoft Office 2007 SP3, Office for Mac 2011, Office for Mac 2016, ...)
+ TODO: check
+CVE-2015-2476 (The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 ...)
+ TODO: check
+CVE-2015-2475 (Cross-site scripting (XSS) vulnerability in uddi/search/frames.aspx in ...)
+ TODO: check
+CVE-2015-2474 (Microsoft Windows Vista SP2 and Server 2008 SP2 allow remote ...)
+ TODO: check
+CVE-2015-2473 (Untrusted search path vulnerability in the client in Remote Desktop ...)
+ TODO: check
+CVE-2015-2472 (Remote Desktop Session Host (RDSH) in Remote Desktop Protocol (RDP) ...)
+ TODO: check
+CVE-2015-2471 (Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which ...)
+ TODO: check
+CVE-2015-2470 (Integer underflow in Microsoft Office 2007 SP3, Office 2010 SP2, ...)
+ TODO: check
+CVE-2015-2469 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, and Office ...)
+ TODO: check
+CVE-2015-2468 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...)
+ TODO: check
+CVE-2015-2467 (Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary ...)
+ TODO: check
+CVE-2015-2466 (Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows ...)
+ TODO: check
+CVE-2015-2465 (The Windows shell in Microsoft Windows Vista SP2, Windows Server 2008 ...)
+ TODO: check
+CVE-2015-2464 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
+ TODO: check
+CVE-2015-2463 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
+ TODO: check
+CVE-2015-2462 (ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft ...)
+ TODO: check
+CVE-2015-2461 (ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft ...)
+ TODO: check
+CVE-2015-2460 (ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft ...)
+ TODO: check
+CVE-2015-2459 (ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft ...)
+ TODO: check
+CVE-2015-2458 (ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft ...)
+ TODO: check
CVE-2015-2457
RESERVED
-CVE-2015-2456
- RESERVED
-CVE-2015-2455
- RESERVED
-CVE-2015-2454
- RESERVED
-CVE-2015-2453
- RESERVED
+CVE-2015-2456 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
+ TODO: check
+CVE-2015-2455 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
+ TODO: check
+CVE-2015-2454 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server ...)
+ TODO: check
+CVE-2015-2453 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows ...)
+ TODO: check
CVE-2015-2452 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
TODO: check
CVE-2015-2451 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
TODO: check
CVE-2015-2450 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
TODO: check
-CVE-2015-2449 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
+CVE-2015-2449 (Microsoft Internet Explorer 7 through 11 and Edge allow remote ...)
TODO: check
CVE-2015-2448 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
TODO: check
CVE-2015-2447 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
TODO: check
-CVE-2015-2446 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+CVE-2015-2446 (Microsoft Internet Explorer 11 and Edge allow remote attackers to ...)
TODO: check
CVE-2015-2445 (Microsoft Internet Explorer 10 allows remote attackers to bypass the ...)
TODO: check
@@ -9741,12 +10244,12 @@
TODO: check
CVE-2015-2443 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
TODO: check
-CVE-2015-2442 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
+CVE-2015-2442 (Microsoft Internet Explorer 8 through 11 and Edge allow remote ...)
TODO: check
-CVE-2015-2441 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
+CVE-2015-2441 (Microsoft Internet Explorer 7 through 11 and Edge allow remote ...)
TODO: check
-CVE-2015-2440
- RESERVED
+CVE-2015-2440 (Microsoft XML Core Services 3.0, 5.0, and 6.0 allows remote attackers ...)
+ TODO: check
CVE-2015-2439
RESERVED
CVE-2015-2438
@@ -9755,22 +10258,22 @@
RESERVED
CVE-2015-2436
RESERVED
-CVE-2015-2435
- RESERVED
-CVE-2015-2434
- RESERVED
-CVE-2015-2433
- RESERVED
-CVE-2015-2432
- RESERVED
-CVE-2015-2431
- RESERVED
-CVE-2015-2430
- RESERVED
-CVE-2015-2429
- RESERVED
-CVE-2015-2428
- RESERVED
+CVE-2015-2435 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
+ TODO: check
+CVE-2015-2434 (Microsoft XML Core Services 3.0 and 5.0 supports SSL 2.0, which makes ...)
+ TODO: check
+CVE-2015-2433 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
+ TODO: check
+CVE-2015-2432 (ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft ...)
+ TODO: check
+CVE-2015-2431 (Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, ...)
+ TODO: check
+CVE-2015-2430 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
+ TODO: check
+CVE-2015-2429 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
+ TODO: check
+CVE-2015-2428 (Object Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 ...)
+ TODO: check
CVE-2015-2427
RESERVED
CVE-2015-2426 (Buffer underflow in atmfd.dll in the Windows Adobe Type Manager ...)
@@ -9779,14 +10282,14 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2424 (Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, ...)
NOT-FOR-US: Microsoft
-CVE-2015-2423
- RESERVED
+CVE-2015-2423 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
+ TODO: check
CVE-2015-2422 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2421 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2015-2420
- RESERVED
+CVE-2015-2420 (Cross-site scripting (XSS) vulnerability in Microsoft System Center ...)
+ TODO: check
CVE-2015-2419 (JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2418 (Race condition in Microsoft Malicious Software Removal Tool (MSRT) ...)
@@ -11587,8 +12090,7 @@
- unzoo <removed>
CVE-2015-1845 (Buffer overflow in the EntrReadArch function in unzoo might allow ...)
- unzoo <removed>
-CVE-2015-1844
- RESERVED
+CVE-2015-1844 (Foreman before 1.7.5 allows remote authenticated users to bypass ...)
- foreman <itp> (bug #663101)
CVE-2015-1843 (The Red Hat docker package before 1.5.0-28, when using the ...)
- docker.io <not-affected> (RHEL specific problem)
@@ -11661,8 +12163,7 @@
[squeeze] - librestclient-ruby <not-affected> (Vulnerability introduced in 1.6.1, squeeze has 1.6.0)
NOTE: https://github.com/rest-client/rest-client/issues/369
NOTE: Patch: https://github.com/rest-client/rest-client/pull/365.patch (will need new dependency to ruby-http-cookie)
-CVE-2015-1819 [denial of service processing a crafted XML document]
- RESERVED
+CVE-2015-1819 (The xmlreader in libxml allows remote attackers to cause a denial of ...)
{DLA-266-1}
- libxml2 <unfixed> (low; bug #782782)
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9
@@ -11672,8 +12173,7 @@
CVE-2015-1817 [stack-based buffer overflow in ipv6 literal parsing]
RESERVED
- musl 1.1.5-2 (bug #781497)
-CVE-2015-1816
- RESERVED
+CVE-2015-1816 (Forman before 1.7.4 does not verify SSL certificates for LDAP ...)
- foreman <itp> (bug #663101)
CVE-2015-1815 (The get_rpm_nvr_by_file_path_temporary function in util.py in ...)
NOT-FOR-US: setroubleshoot
@@ -11854,8 +12354,8 @@
NOT-FOR-US: Microsoft Exchange Server
CVE-2015-1770 (Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to ...)
NOT-FOR-US: Microsoft Office
-CVE-2015-1769
- RESERVED
+CVE-2015-1769 (Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 ...)
+ TODO: check
CVE-2015-1768 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
NOT-FOR-US: Microsoft Windows Server
CVE-2015-1767 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
@@ -12108,8 +12608,8 @@
NOT-FOR-US: Microsoft Windows
CVE-2015-1643 (Microsoft Windows Server 2003 R2, Windows Vista SP2, Windows Server ...)
NOT-FOR-US: Microsoft Windows
-CVE-2015-1642
- RESERVED
+CVE-2015-1642 (Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote ...)
+ TODO: check
CVE-2015-1641 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...)
NOT-FOR-US: Microsoft
CVE-2015-1640 (Cross-site scripting (XSS) vulnerability in Microsoft Project Server ...)
@@ -13478,8 +13978,7 @@
[squeeze] - busybox <no-dsa> (Minor issue)
NOTE: https://bugs.busybox.net/show_bug.cgi?id=7652
NOTE: http://git.busybox.net/busybox/commit/?id=4e314faa0aecb66717418e9a47a4451aec59262b
-CVE-2013-7422 [Segfault from bad backreference]
- RESERVED
+CVE-2013-7422 (Integer underflow in regcomp.c in Perl before 5.20, as used in Apple ...)
- perl 5.20.0-1 (bug #776046)
[wheezy] - perl <no-dsa> (Minor issue)
[squeeze] - perl <no-dsa> (Minor issue)
@@ -21516,8 +22015,7 @@
- phonefsod 0.1+git20121018-2
[wheezy] - phonefsod <no-dsa> (Minor issue)
[squeeze] - phonefsod <no-dsa> (Minor issue)
-CVE-2014-8155 [gnutls does not perform date/time checks on CA certificates]
- RESERVED
+CVE-2014-8155 (GnuTLS before 2.9.10 does not verify the activation and expiration ...)
{DLA-180-1}
- gnutls26 2.9.10-1
- gnutls28 <not-affected> (Initial version 3.0.0-1 already contained the check based on 2.9.10)
@@ -32796,8 +33294,7 @@
- commons-httpclient 3.1-11 (bug #758086)
[wheezy] - commons-httpclient <no-dsa> (Minor issue, will be fixed through a stable proposed-update)
NOTE: See https://bugs.debian.org/758086#59 for full details.
-CVE-2014-3576 [DoS via unauthenticated remote shutdown command]
- RESERVED
+CVE-2014-3576 (The processControlCommand function in broker/TransportConnection.java ...)
{DSA-3330-1}
- activemq <unfixed> (bug #792857)
CVE-2014-3575 (The OLE preview generation in Apache OpenOffice before 4.1.1 and ...)
More information about the Secure-testing-commits
mailing list