[Secure-testing-commits] r32223 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Feb 13 21:10:16 UTC 2015


Author: sectracker
Date: 2015-02-13 21:10:16 +0000 (Fri, 13 Feb 2015)
New Revision: 32223

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-02-13 19:17:35 UTC (rev 32222)
+++ data/CVE/list	2015-02-13 21:10:16 UTC (rev 32223)
@@ -1,3 +1,7 @@
+CVE-2014-9679
+	RESERVED
+CVE-2014-9676
+	RESERVED
 CVE-2015-1588
 	RESERVED
 CVE-2015-1587
@@ -31,10 +35,13 @@
 CVE-2013-7425
 	RESERVED
 CVE-2014-9678
+	RESERVED
 	NOT-FOR-US: FlexPaper
 CVE-2014-9677
+	RESERVED
 	NOT-FOR-US: FlexPaper
 CVE-2015-1592 [local file inclusion or inauthenticated arbitrary remote code execution]
+	RESERVED
 	- movabletype-opensource <removed>
 	NOTE: https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html
 	NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/2
@@ -333,9 +340,11 @@
 	[squeeze] - suricata <no-dsa> (Minor issue)
 	NOTE: https://redmine.openinfosecfoundation.org/issues/1364
 CVE-2014-9681 [preserves TZ by default]
+	RESERVED
 	- procmail <unfixed> (bug #778341)
 	NOTE: http://www.openwall.com/lists/oss-security/2014/10/15/24
 CVE-2014-9680 [preserves TZ by default]
+	RESERVED
 	- sudo <unfixed> (bug #772707)
 	NOTE: http://www.openwall.com/lists/oss-security/2014/10/15/24
 	NOTE: http://www.sudo.ws/repos/sudo/rev/33b545d19c03
@@ -346,14 +355,12 @@
 	NOTE: https://github.com/jabberd2/jabberd2/issues/85
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/09/13
 	TODO: check
-CVE-2015-1545 [crashes on search with deref control and empty attr list]
-	RESERVED
+CVE-2015-1545 (The deref_parseCtrl function in servers/slapd/overlays/deref.c in ...)
 	- openldap 2.4.40-4 (bug #776988)
 	[wheezy] - openldap <no-dsa> (Minor issue)
 	NOTE: http://www.openldap.org/its/?findid=8027
 	NOTE: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=c32e74763f77675b9e144126e375977ed6dc562c
-CVE-2015-1546 [crash in valueReturnFilter cleanup]
-	RESERVED
+CVE-2015-1546 (Double free vulnerability in the get_vrFilter function in ...)
 	- openldap 2.4.40-4 (bug #776991)
 	[wheezy] - openldap <not-affected> (Regression introduced in 2.4.40)
 	[squeeze] - openldap <not-affected> (Regression introduced in 2.4.40)
@@ -433,8 +440,8 @@
 	NOT-FOR-US: My Little Forum
 CVE-2015-1474
 	RESERVED
-CVE-2015-1471
-	RESERVED
+CVE-2015-1471 (SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 ...)
+	TODO: check
 CVE-2015-1470
 	RESERVED
 CVE-2015-1469 (time.htm in the web interface on SerVision HVG Video Gateway devices ...)
@@ -528,14 +535,14 @@
 	NOTE: http://git.moodle.org/gw?p=moodle.git;a=commit;h=af9a7937cc085f96bdbc4724cadec6eeae0242fc
 CVE-2015-XXXX [Invalid read in ensure_filepath]
 	- libmspack 0.5-1
-        - cabextract 1.4-5
+	- cabextract 1.4-5
 	[wheezy] - cabextract <no-dsa> (Minor issue)
 	[squeeze] - cabextract <no-dsa> (Minor issue)
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/03/12
 	NOTE: Starting with 1.4-5 cabextract uses the mspack system library
 CVE-2015-XXXX [Invalid read in create_output_name]
 	- libmspack 0.5-1
-        - cabextract 1.4-5
+	- cabextract 1.4-5
 	[wheezy] - cabextract <no-dsa> (Minor issue)
 	[squeeze] - cabextract <no-dsa> (Minor issue)
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/03/12
@@ -639,6 +646,7 @@
 	NOTE: https://github.com/chjj/marked/issues/497
 	NOTE: libv8 is not covered by security support
 CVE-2015-1589 [directory traversal]
+	RESERVED
 	- archmage 1:0.2.4-4 (bug #776164)
 	[squeeze] - archmage <no-dsa> (Minor issue)
 	[wheezy] - archmage <no-dsa> (Minor issue)
@@ -783,6 +791,7 @@
 	NOTE: https://github.com/hexchat/hexchat/commit/c9b63f7f9be01692b03fa15275135a4910a7e02d
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/01/29/23
 CVE-2013-7426 [insecure default fifo path /tmp/kamailio_fifo]
+	RESERVED
 	- kamailio 4.0.2-1 (bug #712083)
 CVE-2013-7424 [Invalid-free when using getaddrinfo()]
 	RESERVED
@@ -1318,9 +1327,11 @@
 	- libmspack 0.5-1 (bug #775687)
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/03/11
 CVE-2015-1591
+	RESERVED
 	- kamailio 4.2.0-2 (bug #775681)
 	NOTE: https://github.com/kamailio/kamailio/issues/48
 CVE-2015-1590
+	RESERVED
 	- kamailio 4.2.0-2 (bug #775681)
 	NOTE: https://github.com/kamailio/kamailio/issues/48
 CVE-2015-XXXX [insecure configuration permissions]
@@ -1345,8 +1356,7 @@
 	[squeeze] - chromium-browser <end-of-life>
 	- libv8-3.14 <unfixed> (unimportant; bug #773671)
 	NOTE: libv8 not covered by security support
-CVE-2015-1345 [heap buffer overrun]
-	RESERVED
+CVE-2015-1345 (The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows ...)
 	- grep <unfixed> (low; bug #776039)
 	[squeeze] - grep <not-affected> (Issue introduced with v2.18-90-g73893ff)
 	[wheezy] - grep <not-affected> (Issue introduced with v2.18-90-g73893ff)
@@ -2398,8 +2408,8 @@
 	RESERVED
 CVE-2015-0874
 	RESERVED
-CVE-2015-0873
-	RESERVED
+CVE-2015-0873 (Cross-site scripting (XSS) vulnerability in Homepage Decorator ...)
+	TODO: check
 CVE-2015-0872
 	RESERVED
 CVE-2015-0871 (Cross-site scripting (XSS) vulnerability in Mrs. Shiromuku Perl CGI ...)
@@ -2960,8 +2970,8 @@
 	NOT-FOR-US: Cisco
 CVE-2015-0594
 	RESERVED
-CVE-2015-0593
-	RESERVED
+CVE-2015-0593 (The Zone-Based Firewall implementation in Cisco IOS 12.4(122)T and ...)
+	TODO: check
 CVE-2015-0592 (The Zone-Based Firewall implementation in Cisco IOS 15.4(2)T3 and ...)
 	TODO: check
 CVE-2015-0591 (Cisco Unified Communications Domain Manager (UCDM) 10 allows remote ...)
@@ -3281,8 +3291,7 @@
 	RESERVED
 CVE-2014-9514
 	RESERVED
-CVE-2014-9512 [path spoofing attack vulnerability]
-	RESERVED
+CVE-2014-9512 (rsync 3.1.1 allows remote attackers to write to arbitrary files via a ...)
 	- rsync <unfixed> (low; bug #778333)
 	[wheezy] - rsync <not-affected> (Affected sanitising functionality not yet present)
 	[squeeze] - rsync <not-affected> (Affected sanitising functionality not yet present)
@@ -5764,8 +5773,7 @@
 	RESERVED
 CVE-2015-0228
 	RESERVED
-CVE-2015-0227
-	RESERVED
+CVE-2015-0227 (Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote ...)
 	- wss4j 1.6.15-2 (bug #777741)
 CVE-2015-0226
 	RESERVED
@@ -6457,8 +6465,8 @@
 	RESERVED
 CVE-2014-8910
 	RESERVED
-CVE-2014-8909
-	RESERVED
+CVE-2014-8909 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal ...)
+	TODO: check
 CVE-2014-8908
 	RESERVED
 CVE-2014-8907
@@ -7840,8 +7848,8 @@
 	NOT-FOR-US: Advantech EKI-6340
 CVE-2014-8386 (Multiple stack-based buffer overflows in Advantech AdamView 4.3 and ...)
 	NOT-FOR-US: Advantech AdamView
-CVE-2014-8385
-	RESERVED
+CVE-2014-8385 (Buffer overflow on Advantech EKI-1200 gateways with firmware before ...)
+	TODO: check
 CVE-2014-8384
 	RESERVED
 CVE-2014-8383
@@ -8631,8 +8639,7 @@
 	RESERVED
 CVE-2014-8111
 	RESERVED
-CVE-2014-8110
-	RESERVED
+CVE-2014-8110 (Multiple cross-site scripting (XSS) vulnerabilities in the web based ...)
 	- activemq <not-affected> (Admin console not enabled in the Debian package, see #702670)
 	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2014-8110-announcement.txt
 CVE-2014-8109 (mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and ...)
@@ -13250,8 +13257,7 @@
 	NOT-FOR-US: IBM
 CVE-2014-6186 (IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before ...)
 	NOT-FOR-US: IBM
-CVE-2014-6185 [Tivoli Storage Manager Arbitrary DSO Load Elevation of Privileges]
-	RESERVED
+CVE-2014-6185 (dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before ...)
 	NOT-FOR-US: IBM
 	NOTE: https://www-01.ibm.com/support/docview.wss?uid=swg21695715
 CVE-2014-6184
@@ -13314,8 +13320,8 @@
 	RESERVED
 CVE-2014-6155 (Multiple directory traversal vulnerabilities in the ServiceRegistry UI ...)
 	NOT-FOR-US: IBM
-CVE-2014-6154
-	RESERVED
+CVE-2014-6154 (Directory traversal vulnerability in IBM Optim Performance Manager for ...)
+	TODO: check
 CVE-2014-6153 (The Web UI in IBM WebSphere Service Registry and Repository (WSRR) ...)
 	NOT-FOR-US: IBM
 CVE-2014-6152 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli ...)
@@ -13344,8 +13350,8 @@
 	NOT-FOR-US: IBM
 CVE-2014-6140 (IBM Tivoli Endpoint Manager Mobile Device Management (MDM) before ...)
 	NOT-FOR-US: IBM Endpoint Manager Mobile Device Management Components
-CVE-2014-6139
-	RESERVED
+CVE-2014-6139 (The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, ...)
+	TODO: check
 CVE-2014-6138 (The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 ...)
 	NOT-FOR-US: IBM
 CVE-2014-6137
@@ -16452,8 +16458,8 @@
 	NOT-FOR-US: IBM
 CVE-2014-4814 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
 	NOT-FOR-US: IBM WebSphere Portal
-CVE-2014-4813
-	RESERVED
+CVE-2014-4813 (Race condition in the client in IBM Tivoli Storage Manager (TSM) ...)
+	TODO: check
 CVE-2014-4812 (The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 ...)
 	NOT-FOR-US: IBM Security AppScan Source
 CVE-2014-4811 (IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume ...)
@@ -16472,8 +16478,8 @@
 	NOT-FOR-US: IBM DB2
 CVE-2014-4804
 	RESERVED
-CVE-2014-4803
-	RESERVED
+CVE-2014-4803 (CRLF injection vulnerability in the Universal Access implementation in ...)
+	TODO: check
 CVE-2014-4802 (The Saved Search Admin component in the Process Admin Console in IBM ...)
 	NOT-FOR-US: IBM Business Process Manager
 CVE-2014-4801 (Cross-site scripting (XSS) vulnerability in IBM Rational Quality ...)
@@ -16516,8 +16522,8 @@
 	NOT-FOR-US: IBM
 CVE-2014-4782
 	RESERVED
-CVE-2014-4781
-	RESERVED
+CVE-2014-4781 (The alert module in IBM InfoSphere BigInsights 2.1.2 and 3.x before ...)
+	TODO: check
 CVE-2014-4780
 	RESERVED
 CVE-2014-4779
@@ -16536,8 +16542,8 @@
 	RESERVED
 CVE-2014-4772
 	RESERVED
-CVE-2014-4771
-	RESERVED
+CVE-2014-4771 (IBM WebSphere MQ 7.0.1 before 7.0.1.13, 7.1 before 7.1.0.6, 7.5 before ...)
+	TODO: check
 CVE-2014-4770 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...)
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2014-4769 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 ...)




More information about the Secure-testing-commits mailing list