[Secure-testing-commits] r38347 - data/CVE

Wed Dec 16 09:10:12 UTC 2015

Author: sectracker
Date: 2015-12-16 09:10:12 +0000 (Wed, 16 Dec 2015)
New Revision: 38347

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2015-12-16 08:35:44 UTC (rev 38346)
+++ data/CVE/list	2015-12-16 09:10:12 UTC (rev 38347)
@@ -1,3 +1,29 @@
+CVE-2015-8566
+	RESERVED
+CVE-2015-8565
+	RESERVED
+CVE-2015-8564
+	RESERVED
+CVE-2015-8563
+	RESERVED
+CVE-2015-8562
+	RESERVED
+CVE-2015-8561 (The F1BookView ActiveX control in F1 Bookview in Schneider Electric ...)
+	TODO: check
+CVE-2015-8555
+	RESERVED
+CVE-2015-8554
+	RESERVED
+CVE-2015-8553
+	RESERVED
+CVE-2015-8552
+	RESERVED
+CVE-2015-8551
+	RESERVED
+CVE-2015-8550
+	RESERVED
+CVE-2015-8549
+	RESERVED
 CVE-2015-8569 [information leak from getsockname]
 	- linux <unfixed>
 	- linux-2.6 <removed>
@@ -18,11 +44,13 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2015/12/15/4
 	TODO: check
 CVE-2015-8559 [knife bootstrap leaks validator privkey into system logs]
+	RESERVED
 	- chef <unfixed>
 	NOTE: https://github.com/chef/chef/issues/3871
 	NOTE: http://www.openwall.com/lists/oss-security/2015/12/14/10
 	TODO: check
 CVE-2015-8558 [usb: infinite loop in ehci_advance_state results in DoS]
+	RESERVED
 	- qemu <unfixed>
 	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
 	- qemu-kvm <removed>
@@ -31,12 +59,14 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2015/12/14/9
 	TODO: check
 CVE-2015-8557 [Shell Injection in Pygments FontManager._get_nix_font_path]
+	RESERVED
 	{DLA-369-1}
 	- pygments <unfixed> (bug #802828)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1276321
 	NOTE: https://bitbucket.org/birkenfeld/pygments-main/commits/0036ab1c99e256298094505e5e92f
 	NOTE: http://www.openwall.com/lists/oss-security/2015/12/14/6
 CVE-2015-8548 (Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as ...)
+	{DSA-3418-1}
 	- chromium-browser 47.0.2526.80-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
@@ -49,6 +79,7 @@
 CVE-2015-8542
 	RESERVED
 CVE-2015-8556 [Local Privilege Escalation in QEMU virtfs-proxy-helper]
+	RESERVED
 	- qemu <not-affected> (Issue specific to virtfs-proxy-helper in Gentoo installed suid)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/12/14/5
 CVE-2015-XXXX [fuse: possible denial of service in fuse_fill_write_pages()]
@@ -61,6 +92,7 @@
 	NOTE: https://github.com/eventmachine/eventmachine/issues/501#issuecomment-37307556
 	TODO: check
 CVE-2015-8560 [code execution via improper escaping of ; in foomatic-rip]
+	RESERVED
 	{DSA-3419-1}
 	- cups-filters 1.4.0-1 (bug #807930)
 	[wheezy] - cups-filters <not-affected> (Vulnerable code not present; introduced in 1.0.42)
@@ -3234,8 +3266,8 @@
 	RESERVED
 CVE-2015-7919
 	RESERVED
-CVE-2015-7918
-	RESERVED
+CVE-2015-7918 (Multiple buffer overflows in the F1BookView ActiveX control in F1 ...)
+	TODO: check
 CVE-2015-7917
 	RESERVED
 CVE-2015-7916
@@ -7251,8 +7283,8 @@
 	TODO: check
 CVE-2015-6421
 	RESERVED
-CVE-2015-6420
-	RESERVED
+CVE-2015-6420 (Serialized-object interfaces in certain Cisco Collaboration and Social ...)
+	TODO: check
 CVE-2015-6419 (Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, ...)
 	TODO: check
 CVE-2015-6418 (The random-number generator on Cisco Small Business RV routers 4.x and ...)
@@ -7269,8 +7301,8 @@
 	TODO: check
 CVE-2015-6412
 	RESERVED
-CVE-2015-6411
-	RESERVED
+CVE-2015-6411 (Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides ...)
+	TODO: check
 CVE-2015-6410 (The Mobile and Remote Access (MRA) services implementation in Cisco ...)
 	TODO: check
 CVE-2015-6409
@@ -7283,18 +7315,18 @@
 	TODO: check
 CVE-2015-6405 (Cross-site request forgery (CSRF) vulnerability in Cisco Emergency ...)
 	TODO: check
-CVE-2015-6404
-	RESERVED
-CVE-2015-6403
-	RESERVED
+CVE-2015-6404 (Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use ...)
+	TODO: check
+CVE-2015-6403 (The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x ...)
+	TODO: check
 CVE-2015-6402 (Cross-site scripting (XSS) vulnerability in the management interface ...)
 	TODO: check
 CVE-2015-6401 (Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allow remote ...)
 	TODO: check
 CVE-2015-6400 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency ...)
 	TODO: check
-CVE-2015-6399
-	RESERVED
+CVE-2015-6399 (The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management ...)
+	TODO: check
 CVE-2015-6398
 	RESERVED
 CVE-2015-6397
@@ -7380,8 +7412,8 @@
 	NOTE: Fixup: https://github.com/cisco/libsrtp/commit/be06686c8e98cc7bd934e10abb6f5e971d03f8ee
 	NOTE: https://github.com/cisco/libsrtp/commit/cdc69f2acde796a4152a250f869271298abc233f
 	TODO: check
-CVE-2015-6359
-	RESERVED
+CVE-2015-6359 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...)
+	TODO: check
 CVE-2015-6358
 	RESERVED
 CVE-2015-6357 (The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 ...)
@@ -10348,7 +10380,7 @@
 CVE-2015-5281 (The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) ...)
 	TODO: check
 CVE-2015-5280
-	RESERVED
+	REJECTED
 CVE-2015-5279 (Heap-based buffer overflow in the ne2000_receive function in ...)
 	{DSA-3362-1 DSA-3361-1}
 	- qemu 1:2.4+dfsg-3 (bug #799074)
@@ -11212,8 +11244,8 @@
 	TODO: check
 CVE-2015-5005 (CSPOC in IBM PowerHA SystemMirror on AIX 6.1 and 7.1 allows remote ...)
 	NOT-FOR-US: IBM
-CVE-2015-5004
-	RESERVED
+CVE-2015-5004 (The Edge Component Caching Proxy in IBM WebSphere Application Server ...)
+	TODO: check
 CVE-2015-5003
 	RESERVED
 CVE-2015-5002
@@ -13294,8 +13326,8 @@
 	NOT-FOR-US: Cisco
 CVE-2015-4207 (Cisco WebEx Meeting Center places a meeting's access number in a URL, ...)
 	NOT-FOR-US: Cisco
-CVE-2015-4206
-	RESERVED
+CVE-2015-4206 (Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows ...)
+	TODO: check
 CVE-2015-4205 (Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to ...)
 	NOT-FOR-US: Cisco
 CVE-2015-4204 (Memory leak in Cisco IOS 12.2 in the Performance Routing Engine (PRE) ...)


