[Secure-testing-commits] r36326 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Aug 26 21:10:12 UTC 2015
Author: sectracker
Date: 2015-08-26 21:10:12 +0000 (Wed, 26 Aug 2015)
New Revision: 36326
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-08-26 19:15:59 UTC (rev 36325)
+++ data/CVE/list 2015-08-26 21:10:12 UTC (rev 36326)
@@ -1,3 +1,9 @@
+CVE-2015-6672
+ RESERVED
+CVE-2015-6671
+ RESERVED
+CVE-2015-6670
+ RESERVED
CVE-2015-6669
RESERVED
CVE-2015-6668
@@ -337,6 +343,7 @@
NOTE: http://symfony.com/blog/security-release-twig-1-20-0
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/21/3
CVE-2015-6673 [use-after-free vulnerability in Decoder.cpp]
+ RESERVED
- libpgf <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2015/08/19/14
NOTE: Details on the CVE assignment: http://www.openwall.com/lists/oss-security/2015/08/25/9
@@ -1432,39 +1439,39 @@
RESERVED
CVE-2015-5987
RESERVED
-CVE-2015-6241 [wnpa 2015-21]
+CVE-2015-6241 (The proto_tree_add_bytes_item function in epan/proto.c in the ...)
- wireshark 1.12.7+g7fc8978-1
[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-21.html
-CVE-2015-6242 [wnpa 2015-22]
+CVE-2015-6242 (The wmem_block_split_free_chunk function in ...)
- wireshark 1.12.7+g7fc8978-1
[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-22.html
-CVE-2015-6243 [wnpa 2015-23]
+CVE-2015-6243 (The dissector-table implementation in epan/packet.c in Wireshark ...)
- wireshark 1.12.7+g7fc8978-1
[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-23.html
-CVE-2015-6244 [wnpa 2015-24]
+CVE-2015-6244 (The dissect_zbee_secure function in ...)
- wireshark 1.12.7+g7fc8978-1
[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-24.html
-CVE-2015-6245 [wnpa 2015-25]
+CVE-2015-6245 (epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in ...)
- wireshark 1.12.7+g7fc8978-1
[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-25.html
-CVE-2015-6246 [wnpa 2015-26]
+CVE-2015-6246 (The dissect_wa_payload function in epan/dissectors/packet-waveagent.c ...)
- wireshark 1.12.7+g7fc8978-1
[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-26.html
-CVE-2015-6247 [wnpa 2015-27]
+CVE-2015-6247 (The dissect_openflow_tablemod_v5 function in ...)
- wireshark 1.12.7+g7fc8978-1
[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-27.html
-CVE-2015-6248 [wnpa 2015-28]
+CVE-2015-6248 (The ptvcursor_add function in the ptvcursor implementation in ...)
- wireshark 1.12.7+g7fc8978-1
[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-28.html
-CVE-2015-6249 [wnpa 2015-29]
+CVE-2015-6249 (The dissect_wccp2r1_address_table_info function in ...)
- wireshark 1.12.7+g7fc8978-1
[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-29.html
@@ -1555,11 +1562,11 @@
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/12/6
CVE-2015-5964 (The (1) contrib.sessions.backends.base.SessionBase.flush and (2) ...)
- {DSA-3338-1}
+ {DSA-3338-1 DLA-301-1}
- python-django <unfixed> (bug #796104)
NOTE: https://www.djangoproject.com/weblog/2015/aug/18/security-releases/
CVE-2015-5963 (contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before ...)
- {DSA-3338-1}
+ {DSA-3338-1 DLA-301-1}
- python-django <unfixed> (bug #796104)
NOTE: https://www.djangoproject.com/weblog/2015/aug/18/security-releases/
CVE-2015-5962 (Integer signedness error in the ...)
@@ -1607,8 +1614,7 @@
RESERVED
CVE-2015-5950
RESERVED
-CVE-2015-5949
- RESERVED
+CVE-2015-5949 (VideoLAN VLC media player 2.2.1 allows remote attackers to cause a ...)
{DSA-3342-1}
- vlc 2.2.1-3 (bug #796255)
[wheezy] - vlc <not-affected> (Vulnerability introduced by later changes)
@@ -3641,8 +3647,7 @@
[wheezy] - glance <not-affected> (Affects Glance 2015.1 versions trough 2015.1.1)
CVE-2015-5162
RESERVED
-CVE-2015-5161 [XXE/XEE vector when using ZendXml on multibyte payloads]
- RESERVED
+CVE-2015-5161 (The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework ...)
{DSA-3340-1}
- zendframework 1.12.14+dfsg-1
- php-zend-xml <unfixed>
@@ -6513,8 +6518,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/05/20/1
CVE-2015-4023
RESERVED
-CVE-2015-4020 [Issue introduced by commit 6bbee35, incomplete fix]
- RESERVED
+CVE-2015-4020 (RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before ...)
- rubygems <not-affected> (Affects versions between 2.0 and 2.4.6 and incomplete fix not applied)
- libgems-ruby <not-affected> (Affects versions between 2.0 and 2.4.6 and incomplete fix not applied)
- ruby1.8 <not-affected> (Vulnerable code not present)
@@ -9169,8 +9173,8 @@
NOTE: http://www.ocert.org/advisories/ocert-2015-003.html
NOTE: http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/
NOTE: https://mariadb.atlassian.net/browse/MDEV-7937
- NOTE: The question remains open whether this same CVE can used for PHP's mysqlnd
- NOTE: (re-implementation of the MySQL client): https://marc.info/?l=oss-security&m=143750829604598
+ NOTE: The question remains open whether this same CVE can used for PHP's mysqlnd
+ NOTE: (re-implementation of the MySQL client): https://marc.info/?l=oss-security&m=143750829604598
CVE-2015-3151 [abrt: directory traversals in several D-Bus methods implemented by abrt-dbus]
RESERVED
NOT-FOR-US: abrt is Red Hat / Fedora specific
@@ -11452,16 +11456,19 @@
[wheezy] - dokuwiki <no-dsa> (Minor issue)
[squeeze] - dokuwiki <no-dsa> (Minor issue)
CVE-2015-6674 [problem of "i =- 12" where "i -= 12" was intended]
+ RESERVED
{DSA-3226-1 DLA-276-1}
- inspircd 2.0.16-1 (bug #780880)
NOTE: Correct fix: https://github.com/inspircd/inspircd/commit/ed28c1ba666b39581adb860bf51cdde43c84cc89
NOTE: http://www.openwall.com/lists/oss-security/2015/03/29/5
CVE-2012-6696 [mishandling of unsigned values]
+ RESERVED
{DSA-3226-1 DLA-276-1}
- inspircd 2.0.16-1 (bug #780880)
NOTE: Correct fix: https://github.com/inspircd/inspircd/commit/ed28c1ba666b39581adb860bf51cdde43c84cc89
NOTE: http://www.openwall.com/lists/oss-security/2015/03/29/5
CVE-2012-6697 [infinite loop cauesd by invalid dns packets]
+ RESERVED
{DSA-3226-1 DLA-276-1}
- inspircd 2.0.16-1 (bug #780880)
NOTE: https://github.com/inspircd/inspircd/commit/58c893e834ff20495d007709220881a3ff13f423
@@ -11780,6 +11787,7 @@
NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd, the embedded copy was fixed upstream in 5.6.5
CVE-2009-5147
RESERVED
+ {DLA-300-1 DLA-299-1}
- ruby1.8 <removed>
- ruby1.9.1 <removed>
- ruby2.0 <removed>
@@ -75467,8 +75475,7 @@
CVE-2012-2151 (Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x ...)
{DSA-2461-1}
- spip 2.1.13-1 (low; bug #671264)
-CVE-2012-2150 [xfs_metadump information disclosure flaw]
- RESERVED
+CVE-2012-2150 (xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file ...)
- xfsprogs 3.2.4-1 (low; bug #793495)
[jessie] - xfsprogs <no-dsa> (Minor issue)
[wheezy] - xfsprogs <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list