[Secure-testing-commits] r36304 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Aug 25 21:10:11 UTC 2015
Author: sectracker
Date: 2015-08-25 21:10:11 +0000 (Tue, 25 Aug 2015)
New Revision: 36304
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-08-25 20:55:07 UTC (rev 36303)
+++ data/CVE/list 2015-08-25 21:10:11 UTC (rev 36304)
@@ -1,4 +1,33 @@
+CVE-2015-6669
+ RESERVED
+CVE-2015-6668
+ RESERVED
+CVE-2015-6667
+ RESERVED
+CVE-2015-6665 (Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal ...)
+ TODO: check
+CVE-2015-6664 (XML external entity (XXE) vulnerability in the application import ...)
+ TODO: check
+CVE-2015-6663 (Cross-site scripting (XSS) vulnerability in the Client form in the ...)
+ TODO: check
+CVE-2015-6662 (XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 ...)
+ TODO: check
+CVE-2015-6661 (Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to ...)
+ TODO: check
+CVE-2015-6660 (The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not ...)
+ TODO: check
+CVE-2015-6659 (SQL injection vulnerability in the SQL comment filtering system in the ...)
+ TODO: check
+CVE-2015-6658 (Cross-site scripting (XSS) vulnerability in the Autocomplete system in ...)
+ TODO: check
+CVE-2015-6657
+ RESERVED
+CVE-2015-6656
+ RESERVED
+CVE-2014-9744 (Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause ...)
+ TODO: check
CVE-2015-6666 [DoS]
+ RESERVED
- linux <unfixed>
[jessie] - linux <not-affected> (Vulnerable code introduced later)
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
@@ -253,10 +282,10 @@
- phpipam <itp> (bug #731713)
CVE-2015-6528 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Coppermine Photo Gallery
-CVE-2015-6525
- RESERVED
-CVE-2015-6524
- RESERVED
+CVE-2015-6525 (Multiple integer overflows in the evbuffer API in Libevent 2.0.x ...)
+ TODO: check
+CVE-2015-6524 (The LDAPLoginModule implementation the Java Authentication and ...)
+ TODO: check
CVE-2015-XXXX [PCRE Library Heap Overflow in compile_regex()]
- pcre3 <unfixed> (bug #796762)
[jessie] - pcre3 <no-dsa> (Minor issue)
@@ -848,8 +877,8 @@
RESERVED
CVE-2015-6263
RESERVED
-CVE-2015-6262
- RESERVED
+CVE-2015-6262 (Cross-site request forgery (CSRF) vulnerability in Cisco Prime ...)
+ TODO: check
CVE-2015-6261
RESERVED
CVE-2015-6260
@@ -889,24 +918,24 @@
- linux-2.6 <removed>
NOTE: https://lkml.org/lkml/2015/8/10/375
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7932c0bd7740f4cd2aa168d3ce0199e7af7d72d5 (v4.2-rc5)
-CVE-2015-6249
- RESERVED
-CVE-2015-6248
- RESERVED
-CVE-2015-6247
- RESERVED
-CVE-2015-6246
- RESERVED
-CVE-2015-6245
- RESERVED
-CVE-2015-6244
- RESERVED
-CVE-2015-6243
- RESERVED
-CVE-2015-6242
- RESERVED
-CVE-2015-6241
- RESERVED
+CVE-2015-6249 (The dissect_wccp2r1_address_table_info function in ...)
+ TODO: check
+CVE-2015-6248 (The ptvcursor_add function in the ptvcursor implementation in ...)
+ TODO: check
+CVE-2015-6247 (The dissect_openflow_tablemod_v5 function in ...)
+ TODO: check
+CVE-2015-6246 (The dissect_wa_payload function in epan/dissectors/packet-waveagent.c ...)
+ TODO: check
+CVE-2015-6245 (epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in ...)
+ TODO: check
+CVE-2015-6244 (The dissect_zbee_secure function in ...)
+ TODO: check
+CVE-2015-6243 (The dissector-table implementation in epan/packet.c in Wireshark ...)
+ TODO: check
+CVE-2015-6242 (The wmem_block_split_free_chunk function in ...)
+ TODO: check
+CVE-2015-6241 (The proto_tree_add_bytes_item function in epan/proto.c in the ...)
+ TODO: check
CVE-2015-6239
RESERVED
CVE-2015-6238
@@ -1454,8 +1483,7 @@
NOT-FOR-US: simple-php-captcha
CVE-2015-5986
RESERVED
-CVE-2015-6496 [denial of service with unusual traffic]
- RESERVED
+CVE-2015-6496 (conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that ...)
{DSA-3341-1 DLA-295-1}
- conntrack 1:1.4.2-3 (bug #796103)
NOTE: http://www.openwall.com/lists/oss-security/2015/08/14/4
@@ -1536,13 +1564,11 @@
[wheezy] - mediawiki <no-dsa> (Minor issues)
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/12/6
-CVE-2015-5964 [more to CVE-2015-5963]
- RESERVED
+CVE-2015-5964 (The (1) contrib.sessions.backends.base.SessionBase.flush and (2) ...)
{DSA-3338-1}
- python-django <unfixed> (bug #796104)
NOTE: https://www.djangoproject.com/weblog/2015/aug/18/security-releases/
-CVE-2015-5963 [Denial-of-service possibility in logout() view by filling session store]
- RESERVED
+CVE-2015-5963 (contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before ...)
{DSA-3338-1}
- python-django <unfixed> (bug #796104)
NOTE: https://www.djangoproject.com/weblog/2015/aug/18/security-releases/
@@ -1565,8 +1591,7 @@
NOTE: https://github.com/golang/go/issues/12027
NOTE: https://github.com/golang/go/commit/26049f6f9171d1190f3bbe05ec304845cfe6399f
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/06/2
-CVE-2015-6251 [GNUTLS-SA-2015-3 double free in certificate DN decoding]
- RESERVED
+CVE-2015-6251 (Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before ...)
{DSA-3334-1}
- gnutls28 3.3.17-1 (bug #795068)
NOTE: Added workaround item until CVE assigned
@@ -1924,10 +1949,10 @@
RESERVED
CVE-2015-5787
RESERVED
-CVE-2015-5786
- RESERVED
-CVE-2015-5785
- RESERVED
+CVE-2015-5786 (Apple QuickTime before 7.7.8 allows remote attackers to execute ...)
+ TODO: check
+CVE-2015-5785 (Apple QuickTime before 7.7.8 allows remote attackers to execute ...)
+ TODO: check
CVE-2015-5784 (runner in Install.framework in the Install Framework Legacy component ...)
NOT-FOR-US: Apple OS X
CVE-2015-5783 (IOGraphics in Apple OS X before 10.10.5 allows attackers to execute ...)
@@ -2936,32 +2961,23 @@
RESERVED
CVE-2015-5425
RESERVED
-CVE-2015-5424
- RESERVED
+CVE-2015-5424 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x ...)
NOT-FOR-US: HP KeyView
-CVE-2015-5423
- RESERVED
+CVE-2015-5423 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x ...)
NOT-FOR-US: HP KeyView
-CVE-2015-5422
- RESERVED
+CVE-2015-5422 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x ...)
NOT-FOR-US: HP KeyView
-CVE-2015-5421
- RESERVED
+CVE-2015-5421 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x ...)
NOT-FOR-US: HP KeyView
-CVE-2015-5420
- RESERVED
+CVE-2015-5420 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x ...)
NOT-FOR-US: HP KeyView
-CVE-2015-5419
- RESERVED
+CVE-2015-5419 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x ...)
NOT-FOR-US: HP KeyView
-CVE-2015-5418
- RESERVED
+CVE-2015-5418 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x ...)
NOT-FOR-US: HP KeyView
-CVE-2015-5417
- RESERVED
+CVE-2015-5417 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x ...)
NOT-FOR-US: HP KeyView
-CVE-2015-5416
- RESERVED
+CVE-2015-5416 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x ...)
NOT-FOR-US: HP KeyView
CVE-2015-5415
RESERVED
@@ -3435,8 +3451,7 @@
NOTE: https://github.com/karelzak/util-linux/commit/bde91c85bdc77975155058276f99d2e0f5eab5a9 (v2.27-rc2)
CVE-2015-5223
RESERVED
-CVE-2015-5222
- RESERVED
+CVE-2015-5222 (Red Hat OpenShift Enterprise 3.0.0.0 does not properly check ...)
NOT-FOR-US: OpenShift
CVE-2015-5221 [use-after-free in mif_process_cmpt]
RESERVED
@@ -3918,8 +3933,7 @@
NOT-FOR-US: Zoho ManageEngine AssetExplorer
CVE-2015-5060
RESERVED
-CVE-2015-5058
- RESERVED
+CVE-2015-5058 (Memory leak in the virtual server component in F5 Big-IP LTM, AAM, ...)
NOT-FOR-US: F5 BIG-IP
CVE-2015-5056
RESERVED
@@ -8659,8 +8673,8 @@
NOTE: https://marc.info/?l=oss-security&m=143948566828051&w=2
CVE-2015-3270
RESERVED
-CVE-2015-3269
- RESERVED
+CVE-2015-3269 (Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe ...)
+ TODO: check
CVE-2015-3268
RESERVED
CVE-2015-3267 (Cross-site scripting (XSS) vulnerability in the 404 error page in Red ...)
@@ -8763,8 +8777,7 @@
[wheezy] - libunwind <no-dsa> (Minor issue)
NOTE: http://savannah.nongnu.org/bugs/?45276
NOTE: http://git.savannah.gnu.org/cgit/libunwind.git/commit/?id=396b6c7ab737e2bff244d640601c436a26260ca1
-CVE-2015-3238 [DoS/user enumeration due to blocking pipe in pam_unix module]
- RESERVED
+CVE-2015-3238 (The _unix_run_helper_binary function in the pam_unix module in ...)
- pam <unfixed> (bug #789986)
[jessie] - pam <no-dsa> (Minor issue e.g. in combination with enabled SELinux)
[wheezy] - pam <no-dsa> (Minor issue e.g. in combination with enabled SELinux)
@@ -20019,8 +20032,7 @@
RESERVED
CVE-2015-0299
RESERVED
-CVE-2015-0298
- RESERVED
+CVE-2015-0298 (Cross-site scripting (XSS) vulnerability in the manager web interface ...)
NOT-FOR-US: mod_cluster
CVE-2015-0297 (Red Hat JBoss Operations Network 3.3.1 does not properly restrict ...)
NOT-FOR-US: RHQ
@@ -21284,8 +21296,7 @@
[wheezy] - python-pip <not-affected> (Vulnerable code only in >= 1.3)
[squeeze] - python-pip <not-affected> (Vulnerable code only in >= 1.3)
NOTE: https://github.com/pypa/pip/pull/2122
-CVE-2014-8987 [Cross-Site Scripting in adm_config_report.php]
- RESERVED
+CVE-2014-8987 (Cross-site scripting (XSS) vulnerability in the "set configuration" ...)
- mantis <not-affected> (Vulnerable code introduced later)
NOTE: Affected upstream versions >= 1.2.13, <= 1.2.17
NOTE: https://github.com/mantisbt/mantisbt/commit/49c3d089
@@ -21726,8 +21737,7 @@
- python-requests-kerberos 0.5-2 (bug #768408)
NOTE: https://github.com/requests/requests-kerberos/pull/36
NOTE: request adding https://github.com/mkomitee/requests-kerberos/commit/9c1e08cc17bb6950455a85d33d391ecd2bce6eb6
-CVE-2014-8628 [remotely-triggerable memory leaks]
- RESERVED
+CVE-2014-8628 (Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows ...)
{DSA-3116-1 DLA-129-1}
- polarssl 1.3.9-1
NOTE: Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1159845#c5 and following.
@@ -27660,8 +27670,7 @@
CVE-2014-6273 (Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and ...)
{DSA-3031-1 DLA-58-1}
- apt 1.0.3
-CVE-2014-6272 [potential heap overflow in buffer/bufferevent APIs]
- RESERVED
+CVE-2014-6272 (Multiple integer overflows in the evbuffer API in Libevent 1.4.x ...)
{DSA-3119-1 DLA-137-1}
- libevent 2.0.21-stable-2 (bug #774645)
CVE-2014-6271 (GNU Bash through 4.3 processes trailing strings after function ...)
@@ -34118,8 +34127,7 @@
{DSA-3022-1 DLA-64-1}
- curl 7.38.0-1
NOTE: http://curl.haxx.se/docs/adv_20140910A.html
-CVE-2014-3612
- RESERVED
+CVE-2014-3612 (The LDAPLoginModule implementation the Java Authentication and ...)
- activemq 5.6.0+dfsg1-4 (low; bug #777196)
[wheezy] - activemq 5.6.0+dfsg-1+deb7u1
NOTE: http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt
More information about the Secure-testing-commits
mailing list