[Secure-testing-commits] r38186 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Wed Dec 9 09:10:13 UTC 2015


Author: sectracker
Date: 2015-12-09 09:10:13 +0000 (Wed, 09 Dec 2015)
New Revision: 38186

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-12-09 08:26:36 UTC (rev 38185)
+++ data/CVE/list	2015-12-09 09:10:13 UTC (rev 38186)
@@ -1,3 +1,49 @@
+CVE-2015-8503
+	RESERVED
+CVE-2015-8502
+	RESERVED
+CVE-2015-8501
+	RESERVED
+CVE-2015-8500
+	RESERVED
+CVE-2015-8499
+	RESERVED
+CVE-2015-8498
+	RESERVED
+CVE-2015-8497
+	RESERVED
+CVE-2015-8496
+	RESERVED
+CVE-2015-8495
+	RESERVED
+CVE-2015-8494
+	RESERVED
+CVE-2015-8493
+	RESERVED
+CVE-2015-8492
+	RESERVED
+CVE-2015-8491
+	RESERVED
+CVE-2015-8490
+	RESERVED
+CVE-2015-8489
+	RESERVED
+CVE-2015-8488
+	RESERVED
+CVE-2015-8487
+	RESERVED
+CVE-2015-8486
+	RESERVED
+CVE-2015-8485
+	RESERVED
+CVE-2015-8484
+	RESERVED
+CVE-2015-8483
+	RESERVED
+CVE-2015-8482 (Blue Coat Unified Agent before 4.6.2 does not prevent modification of ...)
+	TODO: check
+CVE-2015-8481
+	RESERVED
 CVE-2015-XXXX [vnc: avoid floating point exception]
 	- qemu <unfixed>
 	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
@@ -786,7 +832,7 @@
 	- nvidia-graphics-drivers <not-affected> (Windows only)
 CVE-2015-8327
 	RESERVED
-	{DSA-3411-1}
+	{DSA-3411-1 DLA-365-1}
 	- cups-filters 1.2.0-1
 	[wheezy] - cups-filters <not-affected> (Vulnerable code not present; introduced in 1.0.42)
 	- foomatic-filters <unfixed> (bug #806886)
@@ -873,7 +919,7 @@
 	RESERVED
 CVE-2015-8313 [fail to check the first byte of the padding in CBC modes]
 	RESERVED
-	{DSA-3408-1}
+	{DSA-3408-1 DLA-364-1}
 	- gnutls28 <not-affected> (Vulnerable code not present)
 	- gnutls26 <removed>
 	NOTE: https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.html
@@ -1148,8 +1194,7 @@
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77751427a1ff25b27d47a4c36b12c3c8667855ac (v4.0-rc3)
 CVE-2015-8214 (Siemens SIMATIC CP 343-1 Advanced devices before 3.0.44, CP 343-1 Lean ...)
 	TODO: check
-CVE-2015-8213 [Fixed settings leak possibility in date template filter]
-	RESERVED
+CVE-2015-8213 (The get_format function in utils/formats.py in Django before 1.7.x ...)
 	{DSA-3404-1 DLA-349-1}
 	- python-django 1.8.7-1
 	NOTE: https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4 (master)
@@ -1311,8 +1356,7 @@
 	REJECTED
 CVE-2015-8132
 	REJECTED
-CVE-2015-8131
-	RESERVED
+CVE-2015-8131 (Cross-site request forgery (CSRF) vulnerability in Elasticsearch ...)
 	- kibana <itp> (bug #700337)
 CVE-2015-8130
 	RESERVED
@@ -1352,14 +1396,12 @@
 	[squeeze] - smartmontools <no-dsa> (Minor issue)
 	[wheezy] - smartmontools <no-dsa> (Minor issue)
 	[jessie] - smartmontools <no-dsa> (Minor issue)
-CVE-2015-8125 [Potential Remote Timing Attack Vulnerability in Security Remember-Me Service]
-	RESERVED
+CVE-2015-8125 (Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before ...)
 	{DSA-3402-1}
 	- symfony 2.7.7+dfsg-1
 	NOTE: http://symfony.com/blog/cve-2015-8125-potential-remote-timing-attack-vulnerability-in-security-remember-me-service
 	NOTE: https://github.com/symfony/symfony/pull/16630
-CVE-2015-8124 [Session Fixation in the "Remember Me" Login Feature]
-	RESERVED
+CVE-2015-8124 (Session fixation vulnerability in the "Remember Me" login feature in ...)
 	{DSA-3402-1}
 	- symfony 2.7.7+dfsg-1
 	NOTE: http://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature
@@ -1485,8 +1527,8 @@
 	RESERVED
 CVE-2015-8085
 	RESERVED
-CVE-2015-8084
-	RESERVED
+CVE-2015-8084 (Huawei USG5500, USG2100, USG2200, and USG5100 unified security ...)
+	TODO: check
 CVE-2015-8083 (An unspecified module in Huawei eSpace U1910, U1911, U1930, U1960, ...)
 	TODO: check
 CVE-2015-8082 (The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before ...)
@@ -3533,8 +3575,8 @@
 	RESERVED
 CVE-2015-7349
 	RESERVED
-CVE-2015-7348
-	RESERVED
+CVE-2015-7348 (Cross-site scripting (XSS) vulnerability in zTree 3.5.19.1 and ...)
+	TODO: check
 CVE-2015-7347
 	RESERVED
 CVE-2015-7346
@@ -8867,8 +8909,7 @@
 	NOTE: http://w1.fi/security/2015-6/
 	NOTE: https://w1.fi/security/2015-6/0001-WNM-Ignore-Key-Data-in-WNM-Sleep-Mode-Response-frame.patch
 	NOTE: https://w1.fi/security/2015-6/wpa_supplicant-unauthorized-wnm-sleep-mode-gtk-control.txt
-CVE-2015-5309 [memory-corrupting integer overflow in the handling of the ECH (erase characters) control sequence]
-	RESERVED
+CVE-2015-5309 (Integer overflow in the terminal emulator in PuTTY before 0.66 allows ...)
 	{DSA-3409-1 DLA-347-1}
 	- putty 0.66-1
 	NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html
@@ -8891,8 +8932,7 @@
 	RESERVED
 CVE-2015-5303
 	RESERVED
-CVE-2015-5302
-	RESERVED
+CVE-2015-5302 (libreport 2.0.7 before 2.6.3 only saves changes to the first file when ...)
 	NOT-FOR-US: abrt/libreport
 CVE-2015-5301 (providers/saml2/admin.py in the Identity Provider (IdP) server in ...)
 	NOT-FOR-US: Ipsilon
@@ -8957,8 +8997,7 @@
 	- postgresql-8.4 <removed>
 	[wheezy] - postgresql-8.4 <no-dsa> (postgresql-8.4 in wheezy only provides PL/Perl; EOL upstream)
 	[squeeze] - postgresql-8.4 <no-dsa> (minor issue)
-CVE-2015-5287
-	RESERVED
+CVE-2015-5287 (The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before ...)
 	NOT-FOR-US: abrt is Red Hat / Fedora specific
 CVE-2015-5286 (OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x ...)
 	- glance 1:11.0.0-1 (bug #800741)
@@ -9021,8 +9060,7 @@
 	REJECTED
 CVE-2015-5274 (rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows ...)
 	NOT-FOR-US: OpenShift
-CVE-2015-5273
-	RESERVED
+CVE-2015-5273 (The abrt-action-install-debuginfo-to-abrt-cache help program in ...)
 	NOT-FOR-US: abrt is Red Hat / Fedora specific
 CVE-2015-5272 [MSA-15-0031: Teacher in forum can still post to "all participants" and groups they are not members of]
 	RESERVED
@@ -9839,8 +9877,8 @@
 	RESERVED
 CVE-2015-5007
 	RESERVED
-CVE-2015-5006
-	RESERVED
+CVE-2015-5006 (IBM Java Security Components in IBM SDK, Java Technology Edition 8 ...)
+	TODO: check
 CVE-2015-5005 (CSPOC in IBM PowerHA SystemMirror on AIX 6.1 and 7.1 allows remote ...)
 	TODO: check
 CVE-2015-5004
@@ -11667,8 +11705,8 @@
 	RESERVED
 CVE-2015-4339
 	RESERVED
-CVE-2015-4334
-	RESERVED
+CVE-2015-4334 (The default configuration of SGOS in Blue Coat ProxySG before ...)
+	TODO: check
 CVE-2015-4333
 	RESERVED
 CVE-2015-4332
@@ -13694,8 +13732,8 @@
 CVE-2015-3629 (Libcontainer 1.6.0, as used in Docker Engine, allows local users to ...)
 	- docker.io 1.6.1+dfsg1-1 (bug #784726)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10
-CVE-2015-3628
-	RESERVED
+CVE-2015-3628 (The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link ...)
+	TODO: check
 CVE-2015-3627 (Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor ...)
 	- docker.io 1.6.1+dfsg1-1 (bug #784726)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10
@@ -14697,8 +14735,7 @@
 	[jessie] - libapache2-mod-nss <not-affected> (Vulnerability introduced in 1.0.11)
 	[wheezy] - libapache2-mod-nss <not-affected> (Vulnerability introduced in 1.0.11)
 	NOTE: Introduced by https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=2d1650900f4d47dc43400d826c0f7e1a7c5229b8 (1.10.11)
-CVE-2015-3276 [incorrect multi-keyword mode cipherstring parsing]
-	RESERVED
+CVE-2015-3276 (The nss_parse_ciphers function in libraries/libldap/tls_m.c in ...)
 	- openldap <unfixed> (unimportant)
 	NOTE: Debian builds with GNUTLS, not NSS
 CVE-2015-3275 [Javascript injection in SCORM module]
@@ -20886,14 +20923,12 @@
 	NOT-FOR-US: Aruba Instant
 CVE-2015-1347 (Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket ...)
 	NOT-FOR-US: osTicket
-CVE-2015-1344
-	RESERVED
+CVE-2015-1344 (The do_write_pids function in lxcfs.c in LXCFS before 0.12 does not ...)
 	- lxcfs <itp> (bug #775021)
 	NOTE: recheck when it enters archive
 CVE-2015-1343
 	RESERVED
-CVE-2015-1342
-	RESERVED
+CVE-2015-1342 (LXCFS before 0.12 does not properly enforce directory escapes, which ...)
 	- lxcfs <itp> (bug #775021)
 	NOTE: recheck when it enters archive
 CVE-2015-1341




More information about the Secure-testing-commits mailing list