[Secure-testing-commits] r38061 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Dec 2 21:10:16 UTC 2015
Author: sectracker
Date: 2015-12-02 21:10:16 +0000 (Wed, 02 Dec 2015)
New Revision: 38061
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-12-02 20:48:56 UTC (rev 38060)
+++ data/CVE/list 2015-12-02 21:10:16 UTC (rev 38061)
@@ -1,3 +1,5 @@
+CVE-2015-8379
+ RESERVED
CVE-2015-8400 [DNS rebinding attack due to HTTP fallback]
- shellinabox <unfixed>
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/12/02/6
@@ -184,7 +186,7 @@
[squeeze] - libiptables-parse-perl <no-dsa> (Minor issue)
NOTE: https://github.com/mtrmac/IPTables-Parse/commit/b400b976d81140f6971132e94eb7657b5b0a2b87
NOTE: http://www.openwall.com/lists/oss-security/2015/11/24/6
-CVE-2015-8381 [compile_regex function in pcre_compile.c in PCRE before 8.38]
+CVE-2015-8381 (The compile_regex function in pcre_compile.c in PCRE before 8.38 and ...)
- pcre3 <unfixed> (bug #796762; bug #795539)
[jessie] - pcre3 <no-dsa> (Minor issue)
[wheezy] - pcre3 <not-affected> (Vulnerable code introduced later)
@@ -196,7 +198,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/08/05/3
NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1585
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1250943
-CVE-2015-8380 [heap overflow in pcre_exec]
+CVE-2015-8380 (The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a ...)
- pcre3 <unfixed> (bug #806467)
[jessie] - pcre3 <no-dsa> (Minor issue)
[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
@@ -6914,71 +6916,71 @@
RESERVED
CVE-2015-5703 (SQL injection vulnerability in the public key discovery API call in ...)
TODO: check
-CVE-2015-8395 [mishandles certain references, allowing denial of service or possibly have unspecified other impact via a crafted regular expression]
+CVE-2015-8395 (PCRE before 8.38 mishandles certain references, which allows remote ...)
- pcre3 <unfixed>
NOTE: Fixed in 8.38
NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1594
NOTE: related issue to CVE-2015-8384 and CVE-2015-8392
TODO: check
-CVE-2015-8394 [mishandles the (?(<digits>) and (?(R<digits>) conditions]
+CVE-2015-8394 (PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) ...)
- pcre3 <unfixed>
NOTE: Fixed in 8.38
NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1589
TODO: check
-CVE-2015-8393 [pcregrep mishandles the -q option for binary files]
+CVE-2015-8393 (pcregrep in PCRE before 8.38 mishandles the -q option for binary ...)
- pcre3 <unfixed>
NOTE: Fixed in 8.38
NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1586
TODO: check
-CVE-2015-8392 [mishandles certain instances of the (?| substring]
+CVE-2015-8392 (PCRE before 8.38 mishandles certain instances of the (?| substring, ...)
- pcre3 <unfixed>
NOTE: Fixed in 8.38
NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1585
NOTE: related issue to CVE-2015-8384 and CVE-2015-8395
TODO: check
-CVE-2015-8391 [pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting]
+CVE-2015-8391 (The pcre_compile function in pcre_compile.c in PCRE before 8.38 ...)
- pcre3 <unfixed>
NOTE: Fixed in 8.38
NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1579
TODO: check
-CVE-2015-8390 [mishandles the [: and \\ substrings in character classes]
+CVE-2015-8390 (PCRE before 8.38 mishandles the [: and \\ substrings in character ...)
- pcre3 <unfixed>
NOTE: Fixed in 8.38
NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1578
TODO: check
-CVE-2015-8389 [mishandles the /(?:|a|){100}x/ pattern and related patterns]
+CVE-2015-8389 (PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related ...)
- pcre3 <unfixed>
NOTE: Fixed in 8.38
NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1577
TODO: check
-CVE-2015-8388 [mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis]
+CVE-2015-8388 (PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and ...)
- pcre3 <unfixed>
NOTE: Fixed in 8.38
NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1571
TODO: check
-CVE-2015-8387 [mishandles (?123) subroutine calls and related subroutine calls]
+CVE-2015-8387 (PCRE before 8.38 mishandles (?123) subroutine calls and related ...)
- pcre3 <unfixed>
NOTE: Fixed in 8.38
NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1563
TODO: check
-CVE-2015-8386 [mishandles the interaction of lookbehind assertions and mutually recursive subpatterns]
+CVE-2015-8386 (PCRE before 8.38 mishandles the interaction of lookbehind assertions ...)
- pcre3 <unfixed>
NOTE: Fixed in 8.38
NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1560
TODO: check
-CVE-2015-8385 [mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references]
+CVE-2015-8385 (PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and ...)
- pcre3 <unfixed>
[jessie] - pcre3 <no-dsa> (Minor issue)
[wheezy] - pcre3 <no-dsa> (Minor issue)
NOTE: Fixed in 8.38
NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1559
-CVE-2015-8384 [mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references]
+CVE-2015-8384 (PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and ...)
- pcre3 <unfixed>
NOTE: related issue to CVE-2015-8392 and CVE-2015-8395
NOTE: Fixed in 8.38
NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1558
TODO: check, possibly a duplicate of CVE-2015-3210, check with MITRE, asked on oss-security
-CVE-2015-8383 [mishandles certain repeated conditional groups]
+CVE-2015-8383 (PCRE before 8.38 mishandles certain repeated conditional groups, which ...)
- pcre3 <unfixed>
[jessie] - pcre3 <no-dsa> (Minor issue)
[wheezy] - pcre3 <not-affected> (vulnerable coded introduce in 8.34)
@@ -6987,7 +6989,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/11/29/1
NOTE: Fixed by http://vcs.pcre.org/pcre?view=revision&revision=1557
NOTE: Introduced by/first bad commit: http://vcs.pcre.org/pcre?view=revision&revision=1365
-CVE-2015-8382 [Information disclosure]
+CVE-2015-8382 (The match function in pcre_exec.c in PCRE before 8.37 mishandles the ...)
- pcre3 2:8.35-7.2 (bug #794589)
[jessie] - pcre3 <no-dsa> (Minor issue)
[wheezy] - pcre3 <no-dsa> (Minor issue)
@@ -16932,8 +16934,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/03/19/5
CVE-2015-2329
RESERVED
-CVE-2015-2328
- RESERVED
+CVE-2015-2328 (PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related ...)
- mongodb <unfixed> (unimportant)
NOTE: CVE for bundled version of pcre3 in mongodb
NOTE: https://jira.mongodb.org/browse/SERVER-17252
@@ -16945,8 +16946,7 @@
NOTE: https://bugs.exim.org/show_bug.cgi?id=1515
NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1498
NOTE: http://www.openwall.com/lists/oss-security/2015/05/31/4
-CVE-2015-2327
- RESERVED
+CVE-2015-2327 (PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and ...)
- mongodb <unfixed> (unimportant)
NOTE: CVE for bundled version of pcre3 in mongodb
NOTE: https://jira.mongodb.org/browse/SERVER-17252
More information about the Secure-testing-commits
mailing list