[Secure-testing-commits] r38199 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Dec 10 09:10:35 UTC 2015
Author: sectracker
Date: 2015-12-10 09:10:35 +0000 (Thu, 10 Dec 2015)
New Revision: 38199
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-12-10 09:00:58 UTC (rev 38198)
+++ data/CVE/list 2015-12-10 09:10:35 UTC (rev 38199)
@@ -520,6 +520,7 @@
CVE-2015-8481
RESERVED
CVE-2015-8504 [vnc: avoid floating point exception]
+ RESERVED
- qemu <unfixed>
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <removed>
@@ -1982,6 +1983,7 @@
CVE-2015-8090 (The Web Server component in TIBCO LogLogic Unity before 1.1.1 allows ...)
TODO: check
CVE-2015-8104 (The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x ...)
+ {DSA-3414-1}
- linux 4.2.6-2
- linux-2.6 <removed>
- xen <unfixed>
@@ -2330,20 +2332,24 @@
CVE-2015-7973
RESERVED
CVE-2015-7972 (The (1) libxl_set_memory_target function in tools/libxl/libxl.c and ...)
+ {DSA-3414-1}
- xen 4.6.0-1
[wheezy] - xen <no-dsa> (Minor issue, xl not used in wheezy)
[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
NOTE: http://xenbits.xen.org/xsa/advisory-153.html
CVE-2015-7971 (Xen 3.2.x through 4.6.x does not limit the number of printk console ...)
+ {DSA-3414-1}
- xen 4.6.0-1
[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
NOTE: http://xenbits.xen.org/xsa/advisory-152.html
CVE-2015-7970 (The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen ...)
+ {DSA-3414-1}
- xen 4.6.0-1
[wheezy] - xen <no-dsa> (Minor issue, too intrusive to backport)
[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
NOTE: http://xenbits.xen.org/xsa/advisory-150.html
CVE-2015-7969 (Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest ...)
+ {DSA-3414-1}
- xen 4.6.0-1
[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
NOTE: http://xenbits.xen.org/xsa/advisory-149.html
@@ -2806,16 +2812,19 @@
CVE-2015-7815 (Directory traversal vulnerability in core/ViewDataTable/Factory.php in ...)
TODO: check
CVE-2015-7814 (Race condition in the relinquish_memory function in arch/arm/domain.c ...)
+ {DSA-3414-1}
- xen 4.6.0-1
NOTE: http://xenbits.xen.org/xsa/advisory-147.html
[wheezy] - xen <not-affected> (arm not yet supported)
[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
CVE-2015-7813 (Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk ...)
+ {DSA-3414-1}
- xen 4.6.0-1
[wheezy] - xen <not-affected> (arm not yet supported)
[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
NOTE: http://xenbits.xen.org/xsa/advisory-146.html
CVE-2015-7812 (The hypercall_create_continuation function in arch/arm/domain.c in Xen ...)
+ {DSA-3414-1}
- xen 4.6.0-1
[wheezy] - xen <not-affected> (arm not yet supported)
[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
@@ -4170,6 +4179,7 @@
NOTE: Reproduce with "ltrace -e realloc tiffdither /tmp/oom.tif /dev/null"
NOTE: at the end you see "libtiff.so.5->realloc(0, 1636178024)"
CVE-2015-7311 (libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly ...)
+ {DSA-3414-1}
- xen <unfixed>
[wheezy] - xen <no-dsa> (Minor issue, xl not used in wheezy)
[squeeze] - xen <not-affected> (Only affects 4.1 and later)
@@ -5494,96 +5504,118 @@
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2015-6786 (The CSPSourceList::matches function in ...)
+ {DSA-3415-1}
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2015-6785 (The CSPSource::hostMatches function in ...)
+ {DSA-3415-1}
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2015-6784 (The page serializer in Google Chrome before 47.0.2526.73 mishandles ...)
+ {DSA-3415-1}
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2015-6783 (The FindStartOffsetOfFileInZipFile function in crazy_linker_zip.cpp in ...)
- chromium-browser <not-affected> (android only)
CVE-2015-6782 (The Document::open function in WebKit/Source/core/dom/Document.cpp in ...)
+ {DSA-3415-1}
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2015-6781 (Integer overflow in the FontData::Bound function in data/font_data.cc ...)
+ {DSA-3415-1}
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2015-6780 (Use-after-free vulnerability in the Infobars implementation in Google ...)
+ {DSA-3415-1}
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2015-6779 (PDFium, as used in Google Chrome before 47.0.2526.73, does not ...)
+ {DSA-3415-1}
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2015-6778 (The CJBig2_SymbolDict class in fxcodec/jbig2/JBig2_SymbolDict.cpp in ...)
+ {DSA-3415-1}
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2015-6777 (Use-after-free vulnerability in the ...)
+ {DSA-3415-1}
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2015-6776 (The opj_dwt_decode_1* functions in dwt.c in OpenJPEG, as used in ...)
+ {DSA-3415-1}
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2015-6775 (fpdfsdk/src/jsapi/fxjs_v8.cpp in PDFium, as used in Google Chrome ...)
+ {DSA-3415-1}
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2015-6774 (Use-after-free vulnerability in the GetLoadTimes function in ...)
+ {DSA-3415-1}
- libv8-3.14 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2015-6773 (The convolution implementation in Skia, as used in Google Chrome ...)
+ {DSA-3415-1}
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2015-6772 (The DOM implementation in Blink, as used in Google Chrome before ...)
+ {DSA-3415-1}
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2015-6771 (js/array.js in Google V8, as used in Google Chrome before ...)
+ {DSA-3415-1}
- libv8-3.14 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2015-6770 (The DOM implementation in Google Chrome before 47.0.2526.73 allows ...)
+ {DSA-3415-1}
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2015-6769 (The provisional-load commit implementation in ...)
+ {DSA-3415-1}
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2015-6768 (The DOM implementation in Google Chrome before 47.0.2526.73 allows ...)
+ {DSA-3415-1}
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2015-6767 (Use-after-free vulnerability in ...)
+ {DSA-3415-1}
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2015-6766 (Use-after-free vulnerability in the AppCache implementation in Google ...)
+ {DSA-3415-1}
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2015-6765 (Use-after-free vulnerability in ...)
+ {DSA-3415-1}
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2015-6764 (The BasicJsonStringifier::SerializeJSArray function in ...)
+ {DSA-3415-1}
- libv8-3.14 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
- nodejs 4.2.3~dfsg-1 (bug #806385)
@@ -5861,6 +5893,7 @@
CVE-2015-6655 (Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 ...)
NOT-FOR-US: Pligg CMS
CVE-2015-6654 (The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, ...)
+ {DSA-3414-1}
- xen <unfixed> (bug #800128)
[wheezy] - xen <not-affected> (Xen on arm not yet supported)
[squeeze] - xen <not-affected> (Xen on arm not yet supported)
@@ -9391,7 +9424,7 @@
CVE-2015-5308 (Multiple SQL injection vulnerabilities in cs_admin_users.php in the ...)
TODO: check
CVE-2015-5307 (The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x ...)
- {DSA-3396-1}
+ {DSA-3414-1 DSA-3396-1}
- linux 4.2.6-1
- linux-2.6 <removed>
- xen <unfixed>
@@ -14988,6 +15021,7 @@
- libv8-3.14 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
CVE-2015-3340 (Xen 4.2.x through 4.5.x does not initialize certain fields, which ...)
+ {DSA-3414-1}
- xen 4.6.0-1 (unimportant; bug #784011)
[wheezy] - xen 4.1.4-3+deb7u8
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
@@ -15262,6 +15296,7 @@
CVE-2015-3260
RESERVED
CVE-2015-3259 (Stack-based buffer overflow in the xl command line utility in Xen ...)
+ {DSA-3414-1}
- xen 4.6.0-1 (low; bug #795721)
[wheezy] - xen <no-dsa> (Minor issue, xl not used in wheezy)
[squeeze] - xen <not-affected> (xl not shipped in Squeeze)
@@ -21617,6 +21652,7 @@
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2015-1302 (The PDF viewer in Google Chrome before 46.0.2490.86 does not properly ...)
+ {DSA-3415-1}
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
More information about the Secure-testing-commits
mailing list