[Secure-testing-commits] r38021 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Dec 1 21:10:11 UTC 2015 

Author: sectracker
Date: 2015-12-01 21:10:11 +0000 (Tue, 01 Dec 2015)
New Revision: 38021

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-12-01 21:02:19 UTC (rev 38020)
+++ data/CVE/list	2015-12-01 21:10:11 UTC (rev 38021)
@@ -1,3 +1,5 @@
+CVE-2015-8377
+	RESERVED
 CVE-2015-XXXX [Avoid unbounded SFTP extended attribute key/values]
 	- proftpd-dfsg <unfixed>
 	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4210
@@ -16,6 +18,7 @@
 CVE-2015-8369
 	RESERVED
 CVE-2015-8378 [canceling export operation creates cleartext copy of all of the user's KeePassX password database entries]
+	RESERVED
 	- keepassx <unfixed> (bug #791858)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/11/30/4
 CVE-2015-8375
@@ -199,6 +202,7 @@
 	RESERVED
 CVE-2015-8313 [fail to check the first byte of the padding in CBC modes]
 	RESERVED
+	{DSA-3408-1}
 	- gnutls28 <not-affected> (Vulnerable code not present)
 	- gnutls26 <removed>
 	NOTE: https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.html
@@ -5215,10 +5219,10 @@
 	RESERVED
 CVE-2015-6387
 	RESERVED
-CVE-2015-6386
-	RESERVED
-CVE-2015-6385
-	RESERVED
+CVE-2015-6386 (The passthrough FTP feature on Cisco Web Security Appliance (WSA) ...)
+	TODO: check
+CVE-2015-6385 (The publish-event event-manager feature in Cisco IOS 15.5(2)S and ...)
+	TODO: check
 CVE-2015-6384
 	RESERVED
 CVE-2015-6383
@@ -8007,7 +8011,7 @@
 	NOTE: https://w1.fi/security/2015-6/wpa_supplicant-unauthorized-wnm-sleep-mode-gtk-control.txt
 CVE-2015-5309 [memory-corrupting integer overflow in the handling of the ECH (erase characters) control sequence]
 	RESERVED
-	{DLA-347-1}
+	{DSA-3409-1 DLA-347-1}
 	- putty 0.66-1
 	NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html
 	NOTE: http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=6056396f77cafc7e40da4d09f1d6212408dcb065
@@ -35974,7 +35978,7 @@
 	NOTE: https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706
 CVE-2014-5008 [Incorrect fix for CVE-2008-4796, escapeshellarg required]
 	RESERVED
-	{DSA-3248-1}
+	{DSA-3248-1 DLA-357-1}
 	- libphp-snoopy 2.0.0-1 (bug #778634)
 	NOTE: http://mstrokin.com/sec/feed2js-magpierss-0day-vulnerability-not-really-it-is-actually-cve-2005-3330-cve-2008-4796/
 	NOTE: This issue exists because of an incorrect fix for CVE-2008-4796 (i.e., use of escapeshellcmd where escapeshellarg was required).
@@ -74386,7 +74390,7 @@
 	NOT-FOR-US: Websense
 CVE-2008-7313 [Incomplete fix for CVE-2008-4796]
 	RESERVED
-	{DSA-3248-1}
+	{DSA-3248-1 DLA-357-1}
 	- libphp-snoopy 2.0.0-1 (bug #778634)
 	NOTE: additional commit missing, so fix for CVE-2008-4796 was incomplete
 	NOTE: http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27

More information about the Secure-testing-commits mailing list