[Secure-testing-commits] r38186 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Dec 9 09:10:13 UTC 2015
Author: sectracker
Date: 2015-12-09 09:10:13 +0000 (Wed, 09 Dec 2015)
New Revision: 38186
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-12-09 08:26:36 UTC (rev 38185)
+++ data/CVE/list 2015-12-09 09:10:13 UTC (rev 38186)
@@ -1,3 +1,49 @@
+CVE-2015-8503
+ RESERVED
+CVE-2015-8502
+ RESERVED
+CVE-2015-8501
+ RESERVED
+CVE-2015-8500
+ RESERVED
+CVE-2015-8499
+ RESERVED
+CVE-2015-8498
+ RESERVED
+CVE-2015-8497
+ RESERVED
+CVE-2015-8496
+ RESERVED
+CVE-2015-8495
+ RESERVED
+CVE-2015-8494
+ RESERVED
+CVE-2015-8493
+ RESERVED
+CVE-2015-8492
+ RESERVED
+CVE-2015-8491
+ RESERVED
+CVE-2015-8490
+ RESERVED
+CVE-2015-8489
+ RESERVED
+CVE-2015-8488
+ RESERVED
+CVE-2015-8487
+ RESERVED
+CVE-2015-8486
+ RESERVED
+CVE-2015-8485
+ RESERVED
+CVE-2015-8484
+ RESERVED
+CVE-2015-8483
+ RESERVED
+CVE-2015-8482 (Blue Coat Unified Agent before 4.6.2 does not prevent modification of ...)
+ TODO: check
+CVE-2015-8481
+ RESERVED
CVE-2015-XXXX [vnc: avoid floating point exception]
- qemu <unfixed>
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
@@ -786,7 +832,7 @@
- nvidia-graphics-drivers <not-affected> (Windows only)
CVE-2015-8327
RESERVED
- {DSA-3411-1}
+ {DSA-3411-1 DLA-365-1}
- cups-filters 1.2.0-1
[wheezy] - cups-filters <not-affected> (Vulnerable code not present; introduced in 1.0.42)
- foomatic-filters <unfixed> (bug #806886)
@@ -873,7 +919,7 @@
RESERVED
CVE-2015-8313 [fail to check the first byte of the padding in CBC modes]
RESERVED
- {DSA-3408-1}
+ {DSA-3408-1 DLA-364-1}
- gnutls28 <not-affected> (Vulnerable code not present)
- gnutls26 <removed>
NOTE: https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.html
@@ -1148,8 +1194,7 @@
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77751427a1ff25b27d47a4c36b12c3c8667855ac (v4.0-rc3)
CVE-2015-8214 (Siemens SIMATIC CP 343-1 Advanced devices before 3.0.44, CP 343-1 Lean ...)
TODO: check
-CVE-2015-8213 [Fixed settings leak possibility in date template filter]
- RESERVED
+CVE-2015-8213 (The get_format function in utils/formats.py in Django before 1.7.x ...)
{DSA-3404-1 DLA-349-1}
- python-django 1.8.7-1
NOTE: https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4 (master)
@@ -1311,8 +1356,7 @@
REJECTED
CVE-2015-8132
REJECTED
-CVE-2015-8131
- RESERVED
+CVE-2015-8131 (Cross-site request forgery (CSRF) vulnerability in Elasticsearch ...)
- kibana <itp> (bug #700337)
CVE-2015-8130
RESERVED
@@ -1352,14 +1396,12 @@
[squeeze] - smartmontools <no-dsa> (Minor issue)
[wheezy] - smartmontools <no-dsa> (Minor issue)
[jessie] - smartmontools <no-dsa> (Minor issue)
-CVE-2015-8125 [Potential Remote Timing Attack Vulnerability in Security Remember-Me Service]
- RESERVED
+CVE-2015-8125 (Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before ...)
{DSA-3402-1}
- symfony 2.7.7+dfsg-1
NOTE: http://symfony.com/blog/cve-2015-8125-potential-remote-timing-attack-vulnerability-in-security-remember-me-service
NOTE: https://github.com/symfony/symfony/pull/16630
-CVE-2015-8124 [Session Fixation in the "Remember Me" Login Feature]
- RESERVED
+CVE-2015-8124 (Session fixation vulnerability in the "Remember Me" login feature in ...)
{DSA-3402-1}
- symfony 2.7.7+dfsg-1
NOTE: http://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature
@@ -1485,8 +1527,8 @@
RESERVED
CVE-2015-8085
RESERVED
-CVE-2015-8084
- RESERVED
+CVE-2015-8084 (Huawei USG5500, USG2100, USG2200, and USG5100 unified security ...)
+ TODO: check
CVE-2015-8083 (An unspecified module in Huawei eSpace U1910, U1911, U1930, U1960, ...)
TODO: check
CVE-2015-8082 (The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before ...)
@@ -3533,8 +3575,8 @@
RESERVED
CVE-2015-7349
RESERVED
-CVE-2015-7348
- RESERVED
+CVE-2015-7348 (Cross-site scripting (XSS) vulnerability in zTree 3.5.19.1 and ...)
+ TODO: check
CVE-2015-7347
RESERVED
CVE-2015-7346
@@ -8867,8 +8909,7 @@
NOTE: http://w1.fi/security/2015-6/
NOTE: https://w1.fi/security/2015-6/0001-WNM-Ignore-Key-Data-in-WNM-Sleep-Mode-Response-frame.patch
NOTE: https://w1.fi/security/2015-6/wpa_supplicant-unauthorized-wnm-sleep-mode-gtk-control.txt
-CVE-2015-5309 [memory-corrupting integer overflow in the handling of the ECH (erase characters) control sequence]
- RESERVED
+CVE-2015-5309 (Integer overflow in the terminal emulator in PuTTY before 0.66 allows ...)
{DSA-3409-1 DLA-347-1}
- putty 0.66-1
NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html
@@ -8891,8 +8932,7 @@
RESERVED
CVE-2015-5303
RESERVED
-CVE-2015-5302
- RESERVED
+CVE-2015-5302 (libreport 2.0.7 before 2.6.3 only saves changes to the first file when ...)
NOT-FOR-US: abrt/libreport
CVE-2015-5301 (providers/saml2/admin.py in the Identity Provider (IdP) server in ...)
NOT-FOR-US: Ipsilon
@@ -8957,8 +8997,7 @@
- postgresql-8.4 <removed>
[wheezy] - postgresql-8.4 <no-dsa> (postgresql-8.4 in wheezy only provides PL/Perl; EOL upstream)
[squeeze] - postgresql-8.4 <no-dsa> (minor issue)
-CVE-2015-5287
- RESERVED
+CVE-2015-5287 (The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before ...)
NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-5286 (OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x ...)
- glance 1:11.0.0-1 (bug #800741)
@@ -9021,8 +9060,7 @@
REJECTED
CVE-2015-5274 (rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows ...)
NOT-FOR-US: OpenShift
-CVE-2015-5273
- RESERVED
+CVE-2015-5273 (The abrt-action-install-debuginfo-to-abrt-cache help program in ...)
NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-5272 [MSA-15-0031: Teacher in forum can still post to "all participants" and groups they are not members of]
RESERVED
@@ -9839,8 +9877,8 @@
RESERVED
CVE-2015-5007
RESERVED
-CVE-2015-5006
- RESERVED
+CVE-2015-5006 (IBM Java Security Components in IBM SDK, Java Technology Edition 8 ...)
+ TODO: check
CVE-2015-5005 (CSPOC in IBM PowerHA SystemMirror on AIX 6.1 and 7.1 allows remote ...)
TODO: check
CVE-2015-5004
@@ -11667,8 +11705,8 @@
RESERVED
CVE-2015-4339
RESERVED
-CVE-2015-4334
- RESERVED
+CVE-2015-4334 (The default configuration of SGOS in Blue Coat ProxySG before ...)
+ TODO: check
CVE-2015-4333
RESERVED
CVE-2015-4332
@@ -13694,8 +13732,8 @@
CVE-2015-3629 (Libcontainer 1.6.0, as used in Docker Engine, allows local users to ...)
- docker.io 1.6.1+dfsg1-1 (bug #784726)
NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10
-CVE-2015-3628
- RESERVED
+CVE-2015-3628 (The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link ...)
+ TODO: check
CVE-2015-3627 (Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor ...)
- docker.io 1.6.1+dfsg1-1 (bug #784726)
NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10
@@ -14697,8 +14735,7 @@
[jessie] - libapache2-mod-nss <not-affected> (Vulnerability introduced in 1.0.11)
[wheezy] - libapache2-mod-nss <not-affected> (Vulnerability introduced in 1.0.11)
NOTE: Introduced by https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=2d1650900f4d47dc43400d826c0f7e1a7c5229b8 (1.10.11)
-CVE-2015-3276 [incorrect multi-keyword mode cipherstring parsing]
- RESERVED
+CVE-2015-3276 (The nss_parse_ciphers function in libraries/libldap/tls_m.c in ...)
- openldap <unfixed> (unimportant)
NOTE: Debian builds with GNUTLS, not NSS
CVE-2015-3275 [Javascript injection in SCORM module]
@@ -20886,14 +20923,12 @@
NOT-FOR-US: Aruba Instant
CVE-2015-1347 (Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket ...)
NOT-FOR-US: osTicket
-CVE-2015-1344
- RESERVED
+CVE-2015-1344 (The do_write_pids function in lxcfs.c in LXCFS before 0.12 does not ...)
- lxcfs <itp> (bug #775021)
NOTE: recheck when it enters archive
CVE-2015-1343
RESERVED
-CVE-2015-1342
- RESERVED
+CVE-2015-1342 (LXCFS before 0.12 does not properly enforce directory escapes, which ...)
- lxcfs <itp> (bug #775021)
NOTE: recheck when it enters archive
CVE-2015-1341
More information about the Secure-testing-commits
mailing list