[Secure-testing-commits] r38365 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Dec 16 21:10:19 UTC 2015
Author: sectracker
Date: 2015-12-16 21:10:19 +0000 (Wed, 16 Dec 2015)
New Revision: 38365
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-12-16 21:07:18 UTC (rev 38364)
+++ data/CVE/list 2015-12-16 21:10:19 UTC (rev 38365)
@@ -1,3 +1,9 @@
+CVE-2015-8572 (Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 ...)
+ TODO: check
+CVE-2015-8571 (Integer overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2 ...)
+ TODO: check
+CVE-2015-8570 (The password reset functionality in Lepide Active Directory Self ...)
+ TODO: check
CVE-2015-8575 [sco_sock_bind issue]
- linux <unfixed>
- linux-2.6 <removed>
@@ -29,6 +35,7 @@
CVE-2015-8549
RESERVED
CVE-2015-8569 [information leak from getsockname]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE: http://www.openwall.com/lists/oss-security/2015/12/15/7
@@ -36,6 +43,7 @@
NOTE: https://twitter.com/grsecurity/status/676744240802750464
NOTE: https://lkml.org/lkml/2015/12/14/252
CVE-2015-8568 [net: vmxnet3: host memory leakage -- did not free the transmit & receive buffers while deactivating]
+ RESERVED
- qemu <unfixed> (bug #808145)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
[squeeze] - qemu <not-affected> (Vulnerable code not present)
@@ -44,6 +52,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/12/15/4
TODO: check
CVE-2015-8567 [net: vmxnet3: host memory leakage -- does not check if the device is active before activating it]
+ RESERVED
- qemu <unfixed> (bug #808145)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
[squeeze] - qemu <not-affected> (Vulnerable code not present)
@@ -1904,8 +1913,7 @@
RESERVED
- shellinabox 2.19
NOTE: http://www.openwall.com/lists/oss-security/2015/12/02/6
-CVE-2015-8377
- RESERVED
+CVE-2015-8377 (SQL injection vulnerability in the host_new_graphs_save function in ...)
- cacti <unfixed>
NOTE: http://seclists.org/fulldisclosure/2015/Dec/att-57/cacti_sqli%281%29.txt
TODO: check
@@ -1925,11 +1933,12 @@
RESERVED
CVE-2015-8370 [buffer overflow when checking password entered during bootup]
RESERVED
- {DLA-368-1}
+ {DSA-3421-1 DLA-368-1}
- grub2 2.02~beta2-33 (bug #807614)
NOTE: https://twitter.com/lostinsecurity/status/674925944524640257
CVE-2015-8369 [cacti: SQL injection in graph.php]
RESERVED
+ {DSA-3423-1}
- cacti 0.8.8f+ds1-3 (bug #807599)
NOTE: http://bugs.cacti.net/view.php?id=2646
CVE-2015-8378 [canceling export operation creates cleartext copy of all of the user's KeePassX password database entries]
@@ -2312,8 +2321,8 @@
RESERVED
CVE-2015-8248
RESERVED
-CVE-2015-8247
- RESERVED
+CVE-2015-8247 (Cross-site scripting (XSS) vulnerability in synnefoclient in Synnefo ...)
+ TODO: check
CVE-2015-8246
RESERVED
CVE-2015-8245
@@ -2381,8 +2390,7 @@
NOT-FOR-US: Google Picasa
CVE-2015-8220 (Stack-based buffer overflow in the URI handler in DWRCC.exe in ...)
NOT-FOR-US: SolarWinds remote control
-CVE-2015-8242 [Buffer overread with HTML parser in push mode in xmlSAX2TextNode]
- RESERVED
+CVE-2015-8242 (The xmlSAX2TextNode function in SAX2.c in the push interface in the ...)
- libxml2 2.9.3+dfsg1-1 (bug #805146)
[jessie] - libxml2 <not-affected> (Vulnerable code introduced later)
[wheezy] - libxml2 <not-affected> (Vulnerable code introduced later)
@@ -2390,8 +2398,7 @@
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756372
NOTE: Introduced by: https://git.gnome.org/browse/libxml2/commit/?id=826bc320206f70fccd2941a77d363e95e8076898 (v2.9.2-rc1)
NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=8fb4a770075628d6441fb17a1e435100e2f3b1a2 (v2.9.3)
-CVE-2015-8241 [Buffer overread with XML parser in xmlNextChar]
- RESERVED
+CVE-2015-8241 (The xmlNextChar function in libxml2 2.9.2 does not properly check the ...)
{DLA-355-1}
- libxml2 2.9.3+dfsg1-1 (bug #806384)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756263
@@ -2617,8 +2624,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/11/18/9
NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ec0d215f9420564fc8286dcf93d2d068bb53a07e (v2.6.26-rc9)
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c (v4.4-rc4)
-CVE-2015-8317 [issues in the xmlParseXMLDecl function]
- RESERVED
+CVE-2015-8317 (The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 ...)
{DLA-355-1}
- libxml2 2.9.2+zdfsg1-4
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=751631
@@ -4504,24 +4510,20 @@
RESERVED
CVE-2015-7501
RESERVED
-CVE-2015-7500 [memory access error due to incorrect entities boundaries]
- RESERVED
+CVE-2015-7500 (The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows ...)
- libxml2 2.9.3+dfsg1-1
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=f1063fdbe7fa66332bbb76874101c2a7b51b519f (v2.9.3)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756525 (upstream bug not yet open)
-CVE-2015-7499
- RESERVED
+CVE-2015-7499 (Heap-based buffer overflow in the xmlGROW function in parser.c in ...)
- libxml2 2.9.3+dfsg1-1
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc (v2.9.3)
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da (v2.9.3)
TODO: check affected versions
-CVE-2015-7498 [processes entities after encoding conversion failures]
- RESERVED
+CVE-2015-7498 (Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c ...)
- libxml2 2.9.3+dfsg1-1
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=afd27c21f6b36e22682b7da20d726bce2dcb2f43 (v2.9.3)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756527 (upstream bug not yet open)
-CVE-2015-7497 [heap buffer overflow in xmlDictComputeFastQKey]
- RESERVED
+CVE-2015-7497 (Heap-based buffer overflow in the xmlDictComputeFastQKey function in ...)
- libxml2 2.9.3+dfsg1-1
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9 (v2.9.3)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756528 (upstream bug not yet open)
@@ -5124,101 +5126,87 @@
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04729.html
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04730.html
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04731.html
-CVE-2015-7223
- RESERVED
+CVE-2015-7223 (The WebExtension APIs in Mozilla Firefox before 43.0 allow remote ...)
- iceweasel <not-affected> (ESR38 series not affected)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-148/
-CVE-2015-7222
- RESERVED
+CVE-2015-7222 (Integer underflow in the Metadata::setData function in MetaData.cpp in ...)
+ {DSA-3422-1}
- iceweasel 38.5.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-147/
NOTE: Probably specific to Android
-CVE-2015-7221
- RESERVED
+CVE-2015-7221 (Buffer overflow in the nsDeque::GrowCapacity function in ...)
- iceweasel <not-affected> (ESR38 series not affected)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-144/
-CVE-2015-7220
- RESERVED
+CVE-2015-7220 (Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp ...)
- iceweasel <not-affected> (ESR38 series not affected)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-144/
-CVE-2015-7219
- RESERVED
+CVE-2015-7219 (The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote ...)
- iceweasel <not-affected> (ESR38 series not affected)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-142/
-CVE-2015-7218
- RESERVED
+CVE-2015-7218 (The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote ...)
- iceweasel <not-affected> (ESR38 series not affected)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-142/
-CVE-2015-7217
- RESERVED
+CVE-2015-7217 (The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux ...)
- iceweasel <not-affected> (Iceweasel in Debian uses the system copy of gdk-pixbuf)
TODO: Check gdk-pixbuf
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-143/
-CVE-2015-7216
- RESERVED
+CVE-2015-7216 (The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux ...)
- iceweasel <not-affected> (Iceweasel in Debian uses the system copy of gdk-pixbuf)
TODO: Check gdk-pixbuf
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-143/
-CVE-2015-7215
- RESERVED
+CVE-2015-7215 (The importScripts function in the Web Workers API implementation in ...)
- iceweasel <not-affected> (ESR38 series not affected)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-140/
-CVE-2015-7214
- RESERVED
+CVE-2015-7214 (Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow ...)
+ {DSA-3422-1}
- iceweasel 38.5.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-149/
-CVE-2015-7213
- RESERVED
+CVE-2015-7213 (Integer overflow in the MPEG4Extractor::readMetaData function in ...)
+ {DSA-3422-1}
- iceweasel 38.5.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-146/
-CVE-2015-7212
- RESERVED
+CVE-2015-7212 (Integer overflow in the ...)
+ {DSA-3422-1}
- iceweasel 38.5.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-139/
-CVE-2015-7211
- RESERVED
+CVE-2015-7211 (Mozilla Firefox before 43.0 mishandles the # (number sign) character ...)
- iceweasel <not-affected> (ESR38 series not affected)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-141/
-CVE-2015-7210
- RESERVED
+CVE-2015-7210 (Use-after-free vulnerability in Mozilla Firefox before 43.0 and ...)
+ {DSA-3422-1}
- iceweasel 38.5.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-138/
CVE-2015-7209
RESERVED
-CVE-2015-7208
- RESERVED
+CVE-2015-7208 (Mozilla Firefox before 43.0 stores cookies containing vertical tab ...)
- iceweasel <not-affected> (ESR38 series not affected)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-137/
-CVE-2015-7207
- RESERVED
+CVE-2015-7207 (Mozilla Firefox before 43.0 does not properly restrict the ...)
- iceweasel <not-affected> (ESR38 series not affected)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-136/
CVE-2015-7206
RESERVED
-CVE-2015-7205
- RESERVED
+CVE-2015-7205 (Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in ...)
+ {DSA-3422-1}
- iceweasel 38.5.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-145/
-CVE-2015-7204
- RESERVED
+CVE-2015-7204 (Mozilla Firefox before 43.0 does not properly store the properties of ...)
- iceweasel <not-affected> (ESR38 series not affected)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-135/
-CVE-2015-7203
- RESERVED
+CVE-2015-7203 (Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData ...)
- iceweasel <not-affected> (ESR38 series not affected)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-144/
-CVE-2015-7202
- RESERVED
+CVE-2015-7202 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- iceweasel <not-affected> (ESR38 series not affected)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-134/
-CVE-2015-7201
- RESERVED
+CVE-2015-7201 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
+ {DSA-3422-1}
- iceweasel 38.5.0esr-1
[squeeze] - iceweasel <end-of-life>
- icedove <unfixed>
@@ -10258,8 +10246,7 @@
NOTE: https://w1.fi/security/2015-7/0001-EAP-pwd-server-Fix-last-fragment-length-validation.patch
CVE-2015-5313
RESERVED
-CVE-2015-5312 [entity expansion issue]
- RESERVED
+CVE-2015-5312 (The xmlStringLenDecodeEntities function in parser.c in libxml2 before ...)
- libxml2 2.9.3+dfsg1-1
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e (v2.9.3)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756733 (upstream bug not yet open)
@@ -11451,7 +11438,7 @@
CVE-2015-4914 (Unspecified vulnerability in the Oracle HTTP Server component in ...)
TODO: check
CVE-2015-4913 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier ...)
- {DSA-3385-1 DSA-3377-1}
+ {DSA-3385-1 DSA-3377-1 DLA-359-1}
- mysql-5.6 5.6.27-1 (bug #802563)
- mysql-5.5 <unfixed> (bug #802564)
- mariadb-10.0 10.0.22-1 (bug #802874)
@@ -11556,7 +11543,7 @@
CVE-2015-4880 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
TODO: check
CVE-2015-4879 (Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, ...)
- {DSA-3385-1 DSA-3377-1}
+ {DSA-3385-1 DSA-3377-1 DLA-359-1}
- mysql-5.6 5.6.27-1 (bug #802563)
- mysql-5.5 <unfixed> (bug #802564)
- mariadb-10.0 10.0.21-3
@@ -11582,7 +11569,7 @@
{DSA-3401-1}
- openjdk-7 7u91-2.6.3-1
CVE-2015-4870 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, ...)
- {DSA-3385-1 DSA-3377-1}
+ {DSA-3385-1 DSA-3377-1 DLA-359-1}
- mysql-5.6 5.6.27-1 (bug #802563)
- mysql-5.5 <unfixed> (bug #802564)
- mariadb-10.0 10.0.22-1 (bug #802874)
@@ -11611,7 +11598,7 @@
- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4861 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, ...)
- {DSA-3385-1 DSA-3377-1}
+ {DSA-3385-1 DSA-3377-1 DLA-359-1}
- mysql-5.6 5.6.27-1 (bug #802563)
- mysql-5.5 <unfixed> (bug #802564)
- mariadb-10.0 10.0.22-1 (bug #802874)
@@ -11624,7 +11611,7 @@
CVE-2015-4859 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
TODO: check
CVE-2015-4858 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, ...)
- {DSA-3385-1 DSA-3377-1}
+ {DSA-3385-1 DSA-3377-1 DLA-359-1}
- mysql-5.6 5.6.27-1 (bug #802563)
- mysql-5.5 <unfixed> (bug #802564)
- mariadb-10.0 10.0.22-1 (bug #802874)
@@ -11686,7 +11673,7 @@
CVE-2015-4837 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local ...)
NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4836 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, ...)
- {DSA-3385-1 DSA-3377-1}
+ {DSA-3385-1 DSA-3377-1 DLA-359-1}
- mysql-5.6 5.6.27-1 (bug #802563)
- mysql-5.5 <unfixed> (bug #802564)
- mariadb-10.0 10.0.22-1 (bug #802874)
@@ -11707,7 +11694,7 @@
CVE-2015-4831 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local ...)
NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4830 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier ...)
- {DSA-3385-1 DSA-3377-1}
+ {DSA-3385-1 DSA-3377-1 DLA-359-1}
- mysql-5.6 5.6.27-1 (bug #802563)
- mysql-5.5 <unfixed> (bug #802564)
- mariadb-10.0 10.0.22-1 (bug #802874)
@@ -11719,7 +11706,7 @@
CVE-2015-4827 (Unspecified vulnerability in the Oracle Retail Open Commerce Platform ...)
TODO: check
CVE-2015-4826 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier ...)
- {DSA-3385-1 DSA-3377-1}
+ {DSA-3385-1 DSA-3377-1 DLA-359-1}
- mysql-5.6 5.6.27-1 (bug #802563)
- mysql-5.5 <unfixed> (bug #802564)
- mariadb-10.0 10.0.22-1 (bug #802874)
@@ -11737,7 +11724,7 @@
CVE-2015-4820 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local ...)
NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4819 (Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, ...)
- {DSA-3385-1 DSA-3377-1}
+ {DSA-3385-1 DSA-3377-1 DLA-359-1}
- mysql-5.6 5.6.27-1 (bug #802563)
- mysql-5.5 <unfixed> (bug #802564)
- mariadb-10.0 10.0.21-3
@@ -11747,13 +11734,13 @@
CVE-2015-4817 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local ...)
NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4816 (Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier ...)
- {DSA-3385-1 DSA-3377-1}
+ {DSA-3385-1 DSA-3377-1 DLA-359-1}
- mysql-5.6 <not-affected> (Only affects MySQL 5.5)
- mysql-5.5 <unfixed> (bug #802564)
- mariadb-10.0 10.0.21-3
NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4815 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier ...)
- {DSA-3385-1 DSA-3377-1}
+ {DSA-3385-1 DSA-3377-1 DLA-359-1}
- mysql-5.6 5.6.27-1 (bug #802563)
- mysql-5.5 <unfixed> (bug #802564)
- mariadb-10.0 10.0.22-1 (bug #802874)
@@ -11798,7 +11785,7 @@
- openjdk-7 7u85-2.6.1-6
- openjdk-8 8u66-b17-1
CVE-2015-4802 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier ...)
- {DSA-3385-1 DSA-3377-1}
+ {DSA-3385-1 DSA-3377-1 DLA-359-1}
- mysql-5.6 5.6.27-1 (bug #802563)
- mysql-5.5 <unfixed> (bug #802564)
- mariadb-10.0 10.0.22-1 (bug #802874)
@@ -11824,7 +11811,7 @@
CVE-2015-4793 (Unspecified vulnerability in the Oracle Communications Convergence ...)
TODO: check
CVE-2015-4792 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier ...)
- {DSA-3385-1 DSA-3377-1}
+ {DSA-3385-1 DSA-3377-1 DLA-359-1}
- mysql-5.6 5.6.27-1 (bug #802563)
- mysql-5.5 <unfixed> (bug #802564)
- mariadb-10.0 10.0.22-1 (bug #802874)
@@ -11938,7 +11925,7 @@
CVE-2015-4753 (Unspecified vulnerability in the RDBMS Support Tools component in ...)
NOT-FOR-US: Oracle Database Server
CVE-2015-4752 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier ...)
- {DSA-3311-1 DSA-3308-1}
+ {DSA-3311-1 DSA-3308-1 DLA-359-1}
- mysql-5.6 5.6.25-2
- mysql-5.5 <unfixed> (bug #792445)
- mariadb-10.0 10.0.20-1
@@ -11984,7 +11971,7 @@
CVE-2015-4738 (Unspecified vulnerability in the PeopleSoft Enterprise HCM Candidate ...)
NOT-FOR-US: Oracle PeopleSoft
CVE-2015-4737 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, ...)
- {DSA-3308-1}
+ {DSA-3308-1 DLA-359-1}
- mysql-5.6 5.6.25-2
- mysql-5.5 <unfixed> (bug #792445)
- mariadb-10.0 <unfixed>
@@ -18240,7 +18227,7 @@
CVE-2015-2649 (Unspecified vulnerability in the Siebel UI Framework component in ...)
NOT-FOR-US: Oracle Seibel CRM
CVE-2015-2648 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier ...)
- {DSA-3311-1 DSA-3308-1}
+ {DSA-3311-1 DSA-3308-1 DLA-359-1}
- mysql-5.6 5.6.25-2
- mysql-5.5 <unfixed> (bug #792445)
- mariadb-10.0 10.0.20-1
@@ -18254,7 +18241,7 @@
CVE-2015-2644 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...)
NOT-FOR-US: Oracle Supply Chain
CVE-2015-2643 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier ...)
- {DSA-3311-1 DSA-3308-1}
+ {DSA-3311-1 DSA-3308-1 DLA-359-1}
- mysql-5.6 5.6.25-2
- mysql-5.5 <unfixed> (bug #792445)
- mariadb-10.0 10.0.20-1
@@ -18340,7 +18327,7 @@
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
CVE-2015-2620 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier ...)
- {DSA-3308-1}
+ {DSA-3308-1 DLA-359-1}
- mysql-5.6 5.6.25-2
- mysql-5.5 <unfixed> (bug #792445)
- mariadb-10.0 <undetermined>
@@ -18450,7 +18437,7 @@
CVE-2015-2583 (Unspecified vulnerability in the Data Store component in Oracle ...)
NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-2582 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier ...)
- {DSA-3311-1 DSA-3308-1}
+ {DSA-3311-1 DSA-3308-1 DLA-359-1}
- mysql-5.6 5.6.25-2
- mysql-5.5 <unfixed> (bug #792445)
- mariadb-10.0 10.0.20-1
@@ -18472,7 +18459,7 @@
CVE-2015-2574 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...)
NOT-FOR-US: Oracle Sun Solaris
CVE-2015-2573 (Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, ...)
- {DSA-3311-1 DSA-3229-1}
+ {DSA-3311-1 DSA-3229-1 DLA-359-1}
- mysql-5.5 5.5.42-1
- mariadb-10.0 10.0.17-1
- percona-xtradb-cluster-5.5 <removed>
@@ -18480,7 +18467,7 @@
CVE-2015-2572 (Unspecified vulnerability in the Oracle Hyperion Smart View for Office ...)
NOT-FOR-US: Oracle
CVE-2015-2571 (Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, ...)
- {DSA-3311-1 DSA-3229-1}
+ {DSA-3311-1 DSA-3229-1 DLA-359-1}
- mysql-5.5 <unfixed> (bug #782645)
[jessie] - mysql-5.5 5.5.43-0+deb8u1
- mariadb-10.0 10.0.19-1
@@ -18491,7 +18478,7 @@
CVE-2015-2569
RESERVED
CVE-2015-2568 (Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, ...)
- {DSA-3311-1 DSA-3229-1}
+ {DSA-3311-1 DSA-3229-1 DLA-359-1}
- mysql-5.5 5.5.42-1
- mariadb-10.0 10.0.17-1
- percona-xtradb-cluster-5.5 <removed>
@@ -25821,7 +25808,7 @@
- percona-xtradb-cluster-5.5 <removed>
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0505 (Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, ...)
- {DSA-3311-1 DSA-3229-1}
+ {DSA-3311-1 DSA-3229-1 DLA-359-1}
- mysql-5.5 <unfixed> (bug #782645)
[jessie] - mysql-5.5 5.5.43-0+deb8u1
- mariadb-10.0 10.0.19-1
@@ -25836,7 +25823,7 @@
CVE-2015-0502 (Unspecified vulnerability in the Siebel UI Framework component in ...)
NOT-FOR-US: Oracle
CVE-2015-0501 (Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, ...)
- {DSA-3311-1 DSA-3229-1}
+ {DSA-3311-1 DSA-3229-1 DLA-359-1}
- mysql-5.5 <unfixed> (bug #782645)
[jessie] - mysql-5.5 5.5.43-0+deb8u1
- mariadb-10.0 10.0.19-1
@@ -25847,7 +25834,7 @@
- percona-xtradb-cluster-5.5 <removed>
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0499 (Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, ...)
- {DSA-3311-1 DSA-3229-1}
+ {DSA-3311-1 DSA-3229-1 DLA-359-1}
- mysql-5.5 <unfixed> (bug #782645)
[jessie] - mysql-5.5 5.5.43-0+deb8u1
- mariadb-10.0 10.0.19-1
More information about the Secure-testing-commits
mailing list