[Secure-testing-commits] r36352 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Aug 27 21:10:12 UTC 2015
Author: sectracker
Date: 2015-08-27 21:10:12 +0000 (Thu, 27 Aug 2015)
New Revision: 36352
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-08-27 20:40:47 UTC (rev 36351)
+++ data/CVE/list 2015-08-27 21:10:12 UTC (rev 36352)
@@ -2769,12 +2769,14 @@
NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
CVE-2015-5590 [Buffer overflow and stack smashing error in phar_fix_filepath]
RESERVED
+ {DSA-3344-1}
- php5 5.6.11+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=69923
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f
NOTE: Fixed in 5.6.11, 5.4.43
CVE-2015-5589 [Segfault in Phar::convertToData on invalid file]
RESERVED
+ {DSA-3344-1}
- php5 5.6.11+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=69958
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=bf58162ddf970f63502837f366930e44d6a992cf
@@ -3745,7 +3747,7 @@
CVE-2015-5162
RESERVED
CVE-2015-5161 (The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework ...)
- {DSA-3340-1}
+ {DSA-3340-1 DLA-302-1}
- zendframework 1.12.14+dfsg-1
- php-zend-xml <removed>
NOTE: http://framework.zend.com/security/advisory/ZF2015-06
@@ -4631,7 +4633,7 @@
- mysql-5.5 <not-affected> (Only 5.6 series)
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-4760 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 ...)
- {DSA-3339-1 DSA-3323-1 DSA-3316-1 DLA-283-1}
+ {DSA-3339-1 DSA-3323-1 DSA-3316-1 DLA-303-1 DLA-283-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
@@ -4673,7 +4675,7 @@
CVE-2015-4750 (Unspecified vulnerability in the Oracle VM Server for SPARC component ...)
NOT-FOR-US: Oracle VM Server
CVE-2015-4749 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; ...)
- {DSA-3339-1 DSA-3316-1}
+ {DSA-3339-1 DSA-3316-1 DLA-303-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
@@ -4681,7 +4683,7 @@
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
NOTE: "Applies to client and server deployment of Java."
CVE-2015-4748 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; ...)
- {DSA-3339-1 DSA-3316-1}
+ {DSA-3339-1 DSA-3316-1 DLA-303-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
@@ -4723,7 +4725,7 @@
CVE-2015-4734
RESERVED
CVE-2015-4733 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
- {DSA-3339-1 DSA-3316-1}
+ {DSA-3339-1 DSA-3316-1 DLA-303-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
@@ -4731,7 +4733,7 @@
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
CVE-2015-4732 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
- {DSA-3339-1 DSA-3316-1}
+ {DSA-3339-1 DSA-3316-1 DLA-303-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
@@ -4739,7 +4741,7 @@
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
CVE-2015-4731 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java ...)
- {DSA-3339-1 DSA-3316-1}
+ {DSA-3339-1 DSA-3316-1 DLA-303-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
@@ -5004,6 +5006,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3
CVE-2015-4643 [Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow)]
RESERVED
+ {DSA-3344-1}
- php5 5.6.11+dfsg-1
NOTE: Fixed in 5.6.10 / 5.5.26 / 5.4.42
NOTE: https://bugs.php.net/bug.php?id=69545#1431550655
@@ -5011,6 +5014,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3
CVE-2015-4644 [Fixed bug #69667 (segfault in php_pgsql_meta_data)]
RESERVED
+ {DSA-3344-1}
- php5 5.6.11+dfsg-1
NOTE: Fixed in 5.6.10 / 5.5.26 / 5.4.42
NOTE: https://bugs.php.net/bug.php?id=69667
@@ -5458,6 +5462,7 @@
NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=51856a76f87ecb24fe1385342be43610fb6c86e4
CVE-2015-4598 [Incorrect handling of paths with NULs]
RESERVED
+ {DSA-3344-1}
- php5 5.6.11+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=69719
NOTE: Fixed in 5.6.10 and 5.4.42 upstream
@@ -6706,7 +6711,7 @@
NOTE: https://lkml.org/lkml/2015/5/13/744
NOTE: Not enabled in Debian kernels; staging drivers are not supported
CVE-2015-4000 (The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is ...)
- {DSA-3339-1 DSA-3324-1 DSA-3316-1 DSA-3300-1 DSA-3287-1 DLA-247-1}
+ {DSA-3339-1 DSA-3324-1 DSA-3316-1 DSA-3300-1 DSA-3287-1 DLA-303-1 DLA-247-1}
- openssl 1.0.2b-1
- nss 2:3.19.1-1
[experimental] - openjdk-6 6b36-1.13.8-1
@@ -10207,7 +10212,7 @@
CVE-2015-2809 (The Multicast DNS (mDNS) responder in Synology DiskStation Manager ...)
NOT-FOR-US: Synology DiskStation Manager
CVE-2015-2808 (The RC4 algorithm, as used in the TLS protocol and SSL protocol, does ...)
- {DSA-3339-1 DSA-3316-1}
+ {DSA-3339-1 DSA-3316-1 DLA-303-1}
NOTE: This CVE is specific to the design of the RC4 protocol and not to its
NOTE: implementations.
[experimental] - openjdk-6 6b36-1.13.8-1
@@ -10883,7 +10888,7 @@
CVE-2015-2633
RESERVED
CVE-2015-2632 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 ...)
- {DSA-3339-1 DSA-3316-1}
+ {DSA-3339-1 DSA-3316-1 DLA-303-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
@@ -10897,7 +10902,7 @@
CVE-2015-2629 (Unspecified vulnerability in the Java VM component in Oracle Database ...)
NOT-FOR-US: Oracle Database Server
CVE-2015-2628 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
- {DSA-3339-1 DSA-3316-1}
+ {DSA-3339-1 DSA-3316-1 DLA-303-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
@@ -10911,7 +10916,7 @@
CVE-2015-2626 (Unspecified vulnerability in the Data Store component in Oracle ...)
TODO: check
CVE-2015-2625 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; ...)
- {DSA-3339-1 DSA-3316-1}
+ {DSA-3339-1 DSA-3316-1 DLA-303-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
@@ -10925,7 +10930,7 @@
CVE-2015-2622 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
NOT-FOR-US: PeopleSoft
CVE-2015-2621 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
- {DSA-3339-1 DSA-3316-1}
+ {DSA-3339-1 DSA-3316-1 DLA-303-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
@@ -10986,7 +10991,7 @@
CVE-2015-2602 (Unspecified vulnerability in the Oracle Endeca Information Discovery ...)
NOT-FOR-US: Oracle Fusion
CVE-2015-2601 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, ...)
- {DSA-3339-1 DSA-3316-1}
+ {DSA-3339-1 DSA-3316-1 DLA-303-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
@@ -11019,7 +11024,7 @@
CVE-2015-2591 (Unspecified vulnerability in the PeopleSoft Enteprise Portal - ...)
NOT-FOR-US: PeopleSoft
CVE-2015-2590 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
- {DSA-3339-1 DSA-3316-1}
+ {DSA-3339-1 DSA-3316-1 DLA-303-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
More information about the Secure-testing-commits
mailing list