[Secure-testing-commits] r38021 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Dec 1 21:10:11 UTC 2015
Author: sectracker
Date: 2015-12-01 21:10:11 +0000 (Tue, 01 Dec 2015)
New Revision: 38021
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-12-01 21:02:19 UTC (rev 38020)
+++ data/CVE/list 2015-12-01 21:10:11 UTC (rev 38021)
@@ -1,3 +1,5 @@
+CVE-2015-8377
+ RESERVED
CVE-2015-XXXX [Avoid unbounded SFTP extended attribute key/values]
- proftpd-dfsg <unfixed>
NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4210
@@ -16,6 +18,7 @@
CVE-2015-8369
RESERVED
CVE-2015-8378 [canceling export operation creates cleartext copy of all of the user's KeePassX password database entries]
+ RESERVED
- keepassx <unfixed> (bug #791858)
NOTE: http://www.openwall.com/lists/oss-security/2015/11/30/4
CVE-2015-8375
@@ -199,6 +202,7 @@
RESERVED
CVE-2015-8313 [fail to check the first byte of the padding in CBC modes]
RESERVED
+ {DSA-3408-1}
- gnutls28 <not-affected> (Vulnerable code not present)
- gnutls26 <removed>
NOTE: https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.html
@@ -5215,10 +5219,10 @@
RESERVED
CVE-2015-6387
RESERVED
-CVE-2015-6386
- RESERVED
-CVE-2015-6385
- RESERVED
+CVE-2015-6386 (The passthrough FTP feature on Cisco Web Security Appliance (WSA) ...)
+ TODO: check
+CVE-2015-6385 (The publish-event event-manager feature in Cisco IOS 15.5(2)S and ...)
+ TODO: check
CVE-2015-6384
RESERVED
CVE-2015-6383
@@ -8007,7 +8011,7 @@
NOTE: https://w1.fi/security/2015-6/wpa_supplicant-unauthorized-wnm-sleep-mode-gtk-control.txt
CVE-2015-5309 [memory-corrupting integer overflow in the handling of the ECH (erase characters) control sequence]
RESERVED
- {DLA-347-1}
+ {DSA-3409-1 DLA-347-1}
- putty 0.66-1
NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html
NOTE: http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=6056396f77cafc7e40da4d09f1d6212408dcb065
@@ -35974,7 +35978,7 @@
NOTE: https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706
CVE-2014-5008 [Incorrect fix for CVE-2008-4796, escapeshellarg required]
RESERVED
- {DSA-3248-1}
+ {DSA-3248-1 DLA-357-1}
- libphp-snoopy 2.0.0-1 (bug #778634)
NOTE: http://mstrokin.com/sec/feed2js-magpierss-0day-vulnerability-not-really-it-is-actually-cve-2005-3330-cve-2008-4796/
NOTE: This issue exists because of an incorrect fix for CVE-2008-4796 (i.e., use of escapeshellcmd where escapeshellarg was required).
@@ -74386,7 +74390,7 @@
NOT-FOR-US: Websense
CVE-2008-7313 [Incomplete fix for CVE-2008-4796]
RESERVED
- {DSA-3248-1}
+ {DSA-3248-1 DLA-357-1}
- libphp-snoopy 2.0.0-1 (bug #778634)
NOTE: additional commit missing, so fix for CVE-2008-4796 was incomplete
NOTE: http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27
More information about the Secure-testing-commits
mailing list