[Secure-testing-commits] r32355 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Thu Feb 19 21:10:16 UTC 2015 

Author: sectracker
Date: 2015-02-19 21:10:16 +0000 (Thu, 19 Feb 2015)
New Revision: 32355

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-02-19 18:42:28 UTC (rev 32354)
+++ data/CVE/list	2015-02-19 21:10:16 UTC (rev 32355)
@@ -1,3 +1,5 @@
+CVE-2015-1878
+	RESERVED
 CVE-2015-1876
 	RESERVED
 CVE-2015-1875
@@ -733,6 +735,7 @@
 	NOTE: https://review.openstack.org/#/c/156553
 	TODO: check
 CVE-2015-1877 [command injection vulnerability]
+	RESERVED
 	- xdg-utils <unfixed> (bug #777722)
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/18/7
 CVE-2015-1568 (Cross-site request forgery (CSRF) vulnerability in the GD Infinite ...)
@@ -1529,8 +1532,7 @@
 	NOT-FOR-US: sequelize
 CVE-2015-1354
 	RESERVED
-CVE-2015-1349 [bind9 crash in trust anchor management]
-	RESERVED
+CVE-2015-1349 (named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x ...)
 	{DSA-3162-1}
 	- bind9 1:9.9.5.dfsg-9 (low; bug #778733)
 CVE-2015-1348 (Heap-based buffer overflow in Aruba Instant (IAP) with firmware before ...)
@@ -3600,16 +3602,16 @@
 	RESERVED
 CVE-2015-0627
 	RESERVED
-CVE-2015-0626
-	RESERVED
+CVE-2015-0626 (The SOAP interface in Cisco Hosted Collaboration Solution (HCS) allows ...)
+	TODO: check
 CVE-2015-0625
 	RESERVED
 CVE-2015-0624
 	RESERVED
-CVE-2015-0623
-	RESERVED
-CVE-2015-0622
-	RESERVED
+CVE-2015-0623 (Cross-site scripting (XSS) vulnerability in the Administrator report ...)
+	TODO: check
+CVE-2015-0622 (The Wireless Intrusion Detection (aka WIDS) functionality on Cisco ...)
+	TODO: check
 CVE-2015-0621 (Cisco TelePresence MCU devices with software 4.5(1.45) allow remote ...)
 	TODO: check
 CVE-2015-0620 (The XML parser in Cisco TelePresence Management Suite (TMS) 14.3(.2) ...)
@@ -4338,16 +4340,13 @@
 	- minizip 1.1-5 (low; bug #774321)
 CVE-2014-9426 (** DISPUTED ** The apprentice_load function in libmagic/apprentice.c ...)
 	NOTE: Disputed PHP issue to be rejected, code wasn't present in squeeze/wheezy or file (PHP-specific)
-CVE-2014-9423
-	RESERVED
+CVE-2014-9423 (The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c ...)
 	{DSA-3153-1 DLA-146-1}
 	- krb5 1.12.1+dfsg-17
-CVE-2014-9422
-	RESERVED
+CVE-2014-9422 (The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in ...)
 	{DSA-3153-1 DLA-146-1}
 	- krb5 1.12.1+dfsg-17
-CVE-2014-9421
-	RESERVED
+CVE-2014-9421 (The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in ...)
 	{DSA-3153-1 DLA-146-1}
 	- krb5 1.12.1+dfsg-17
 CVE-2014-9418 (The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei ...)
@@ -6135,6 +6134,7 @@
 	NOTE: https://github.com/teeworlds/teeworlds/commit/a766cb44bcffcdb0b88e776d01c5ee1323d44f85
 	NOTE: https://www.teeworlds.com/?page=news&id=11200
 CVE-2014-9093 (LibreOffice before 4.3.5 allows remote attackers to cause a denial of ...)
+	{DSA-3163-1}
 	- libreoffice 1:4.3.3-2 (bug #771163)
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=86449
 	NOTE: http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-4-3&id=b4840d3632e4404bee4bd192a7db916cbad3a401
@@ -13653,14 +13653,14 @@
 	RESERVED
 CVE-2014-6305
 	RESERVED
-CVE-2014-6304
-	RESERVED
-CVE-2014-6303
-	RESERVED
-CVE-2014-6302
-	RESERVED
-CVE-2014-6301
-	RESERVED
+CVE-2014-6304 (The Form Controls CSS file in PNMsoft Sequence Kinetics before 7.7 ...)
+	TODO: check
+CVE-2014-6303 (The Monitoring Administration pages in PNMsoft Sequence Kinetics ...)
+	TODO: check
+CVE-2014-6302 (The Monitoring Administration pages in PNMsoft Sequence Kinetics ...)
+	TODO: check
+CVE-2014-6301 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+	TODO: check
 CVE-2014-6300 (Cross-site scripting (XSS) vulnerability in the micro history ...)
 	- phpmyadmin 4:4.2.8.1-1
 	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php
@@ -14046,8 +14046,8 @@
 	NOT-FOR-US: IBM Tivoli TADDM
 CVE-2014-6148 (IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 ...)
 	NOT-FOR-US: IBM Tivoli TADDM
-CVE-2014-6147
-	RESERVED
+CVE-2014-6147 (IBM Flex System Manager (FSM) 1.1.x.x, 1.2.0.x, 1.2.1.x, 1.3.0.0, ...)
+	TODO: check
 CVE-2014-6146 (IBM Sterling B2B Integrator 5.2.x through 5.2.4, when the ...)
 	NOT-FOR-US: IBM
 CVE-2014-6145 (Cross-site scripting (XSS) vulnerability in the server in IBM Cognos ...)
@@ -15744,8 +15744,7 @@
 	[wheezy] - krb5 <no-dsa> (Minor issue)
 	[squeeze] - krb5 <no-dsa> (Minor issue, needs elevated privileges to trigger crash)
 	NOTE: Upstream commit: https://github.com/krb5/krb5/commit/d1f707024f1d0af6e54a18885322d70fa15ec4d3
-CVE-2014-5352
-	RESERVED
+CVE-2014-5352 (The krb5_gss_process_context_token function in ...)
 	{DSA-3153-1 DLA-146-1}
 	- krb5 1.12.1+dfsg-17
 CVE-2014-5351 (The kadm5_randkey_principal_3 function in ...)
@@ -15905,8 +15904,8 @@
 	RESERVED
 CVE-2014-5287
 	RESERVED
-CVE-2014-5286
-	RESERVED
+CVE-2014-5286 (The ActiveMatrix Policy Manager Authentication module in TIBCO ...)
+	TODO: check
 CVE-2014-5285 (Unspecified vulnerability in the Authentication Module in TIBCO ...)
 	NOT-FOR-US: TIBCO Spotfire Server
 CVE-2014-5284 (host-deny.sh in OSSEC before 2.8.1 writes to temporary files with ...)

More information about the Secure-testing-commits mailing list