[Secure-testing-commits] r32368 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Feb 20 21:10:17 UTC 2015


Author: sectracker
Date: 2015-02-20 21:10:17 +0000 (Fri, 20 Feb 2015)
New Revision: 32368

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-02-20 18:45:58 UTC (rev 32367)
+++ data/CVE/list	2015-02-20 21:10:17 UTC (rev 32368)
@@ -1,3 +1,317 @@
+CVE-2015-2038
+	RESERVED
+CVE-2015-2037
+	RESERVED
+CVE-2015-2036
+	RESERVED
+CVE-2015-2033 (Anyterm Daemon in Infoblox Network Automation NetMRI before ...)
+	TODO: check
+CVE-2015-2032
+	RESERVED
+CVE-2015-2031
+	RESERVED
+CVE-2015-2030
+	RESERVED
+CVE-2015-2029
+	RESERVED
+CVE-2015-2028
+	RESERVED
+CVE-2015-2027
+	RESERVED
+CVE-2015-2026
+	RESERVED
+CVE-2015-2025
+	RESERVED
+CVE-2015-2024
+	RESERVED
+CVE-2015-2023
+	RESERVED
+CVE-2015-2022
+	RESERVED
+CVE-2015-2021
+	RESERVED
+CVE-2015-2020
+	RESERVED
+CVE-2015-2019
+	RESERVED
+CVE-2015-2018
+	RESERVED
+CVE-2015-2017
+	RESERVED
+CVE-2015-2016
+	RESERVED
+CVE-2015-2015
+	RESERVED
+CVE-2015-2014
+	RESERVED
+CVE-2015-2013
+	RESERVED
+CVE-2015-2012
+	RESERVED
+CVE-2015-2011
+	RESERVED
+CVE-2015-2010
+	RESERVED
+CVE-2015-2009
+	RESERVED
+CVE-2015-2008
+	RESERVED
+CVE-2015-2007
+	RESERVED
+CVE-2015-2006
+	RESERVED
+CVE-2015-2005
+	RESERVED
+CVE-2015-2004
+	RESERVED
+CVE-2015-2003
+	RESERVED
+CVE-2015-2002
+	RESERVED
+CVE-2015-2001
+	RESERVED
+CVE-2015-2000
+	RESERVED
+CVE-2015-1999
+	RESERVED
+CVE-2015-1998
+	RESERVED
+CVE-2015-1997
+	RESERVED
+CVE-2015-1996
+	RESERVED
+CVE-2015-1995
+	RESERVED
+CVE-2015-1994
+	RESERVED
+CVE-2015-1993
+	RESERVED
+CVE-2015-1992
+	RESERVED
+CVE-2015-1991
+	RESERVED
+CVE-2015-1990
+	RESERVED
+CVE-2015-1989
+	RESERVED
+CVE-2015-1988
+	RESERVED
+CVE-2015-1987
+	RESERVED
+CVE-2015-1986
+	RESERVED
+CVE-2015-1985
+	RESERVED
+CVE-2015-1984
+	RESERVED
+CVE-2015-1983
+	RESERVED
+CVE-2015-1982
+	RESERVED
+CVE-2015-1981
+	RESERVED
+CVE-2015-1980
+	RESERVED
+CVE-2015-1979
+	RESERVED
+CVE-2015-1978
+	RESERVED
+CVE-2015-1977
+	RESERVED
+CVE-2015-1976
+	RESERVED
+CVE-2015-1975
+	RESERVED
+CVE-2015-1974
+	RESERVED
+CVE-2015-1973
+	RESERVED
+CVE-2015-1972
+	RESERVED
+CVE-2015-1971
+	RESERVED
+CVE-2015-1970
+	RESERVED
+CVE-2015-1969
+	RESERVED
+CVE-2015-1968
+	RESERVED
+CVE-2015-1967
+	RESERVED
+CVE-2015-1966
+	RESERVED
+CVE-2015-1965
+	RESERVED
+CVE-2015-1964
+	RESERVED
+CVE-2015-1963
+	RESERVED
+CVE-2015-1962
+	RESERVED
+CVE-2015-1961
+	RESERVED
+CVE-2015-1960
+	RESERVED
+CVE-2015-1959
+	RESERVED
+CVE-2015-1958
+	RESERVED
+CVE-2015-1957
+	RESERVED
+CVE-2015-1956
+	RESERVED
+CVE-2015-1955
+	RESERVED
+CVE-2015-1954
+	RESERVED
+CVE-2015-1953
+	RESERVED
+CVE-2015-1952
+	RESERVED
+CVE-2015-1951
+	RESERVED
+CVE-2015-1950
+	RESERVED
+CVE-2015-1949
+	RESERVED
+CVE-2015-1948
+	RESERVED
+CVE-2015-1947
+	RESERVED
+CVE-2015-1946
+	RESERVED
+CVE-2015-1945
+	RESERVED
+CVE-2015-1944
+	RESERVED
+CVE-2015-1943
+	RESERVED
+CVE-2015-1942
+	RESERVED
+CVE-2015-1941
+	RESERVED
+CVE-2015-1940
+	RESERVED
+CVE-2015-1939
+	RESERVED
+CVE-2015-1938
+	RESERVED
+CVE-2015-1937
+	RESERVED
+CVE-2015-1936
+	RESERVED
+CVE-2015-1935
+	RESERVED
+CVE-2015-1934
+	RESERVED
+CVE-2015-1933
+	RESERVED
+CVE-2015-1932
+	RESERVED
+CVE-2015-1931
+	RESERVED
+CVE-2015-1930
+	RESERVED
+CVE-2015-1929
+	RESERVED
+CVE-2015-1928
+	RESERVED
+CVE-2015-1927
+	RESERVED
+CVE-2015-1926
+	RESERVED
+CVE-2015-1925
+	RESERVED
+CVE-2015-1924
+	RESERVED
+CVE-2015-1923
+	RESERVED
+CVE-2015-1922
+	RESERVED
+CVE-2015-1921
+	RESERVED
+CVE-2015-1920
+	RESERVED
+CVE-2015-1919
+	RESERVED
+CVE-2015-1918
+	RESERVED
+CVE-2015-1917
+	RESERVED
+CVE-2015-1916
+	RESERVED
+CVE-2015-1915
+	RESERVED
+CVE-2015-1914
+	RESERVED
+CVE-2015-1913
+	RESERVED
+CVE-2015-1912
+	RESERVED
+CVE-2015-1911
+	RESERVED
+CVE-2015-1910
+	RESERVED
+CVE-2015-1909
+	RESERVED
+CVE-2015-1908
+	RESERVED
+CVE-2015-1907
+	RESERVED
+CVE-2015-1906
+	RESERVED
+CVE-2015-1905
+	RESERVED
+CVE-2015-1904
+	RESERVED
+CVE-2015-1903
+	RESERVED
+CVE-2015-1902
+	RESERVED
+CVE-2015-1901
+	RESERVED
+CVE-2015-1900
+	RESERVED
+CVE-2015-1899
+	RESERVED
+CVE-2015-1898
+	RESERVED
+CVE-2015-1897
+	RESERVED
+CVE-2015-1896
+	RESERVED
+CVE-2015-1895
+	RESERVED
+CVE-2015-1894
+	RESERVED
+CVE-2015-1893
+	RESERVED
+CVE-2015-1892
+	RESERVED
+CVE-2015-1891
+	RESERVED
+CVE-2015-1890
+	RESERVED
+CVE-2015-1889
+	RESERVED
+CVE-2015-1888
+	RESERVED
+CVE-2015-1887
+	RESERVED
+CVE-2015-1886
+	RESERVED
+CVE-2015-1885
+	RESERVED
+CVE-2015-1884
+	RESERVED
+CVE-2015-1883
+	RESERVED
+CVE-2015-1882
+	RESERVED
+CVE-2015-1880
+	RESERVED
+CVE-2015-1879 (Cross-site scripting (XSS) vulnerability in the Google Doc Embedder ...)
+	TODO: check
 CVE-2015-2042 [incorrect data type in rds_sysctl_rds_table]
 	- linux <unfixed>
 	- linux-2.6 <removed>
@@ -9,8 +323,10 @@
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49 (v3.19-rc7)
 	TODO: check
 CVE-2015-2035 [SQL injection vulnerability]
+	RESERVED
 	- piwigo <removed>
 CVE-2015-2034 [XSS vulnerability]
+	RESERVED
 	- piwigo <removed>
 CVE-2015-1878
 	RESERVED
@@ -591,6 +907,7 @@
 	- libcsoap <unfixed> (bug #778599)
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/17/2
 CVE-2014-9684 [Glance import task leaks image in backend]
+	RESERVED
 	- glance <unfixed>
 	NOTE: https://review.openstack.org/#/c/122427/
 	TODO: check
@@ -611,8 +928,7 @@
 	NOT-FOR-US: node-dns-sync
 CVE-2014-XXXX [more to CVE-2014-6585]
 	- icu <unfixed> (low; bug #778511)
-CVE-2015-1614
-	RESERVED
+CVE-2015-1614 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
 	NOT-FOR-US: WordPress plugin image-metadata-cruncher
 CVE-2015-1607 [memcpy with overlapping ranges, resulting from incorrect bitwise left shifts]
 	RESERVED
@@ -632,23 +948,20 @@
 	[wheezy] - gnupg <no-dsa> (Minor issue)
 	NOTE: https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html
 	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648
-CVE-2015-1604
-	RESERVED
+CVE-2015-1604 (Unrestricted file upload vulnerability in asys/site/files.php in ...)
 	NOT-FOR-US: Landsknecht Adminsystems
-CVE-2015-1603
-	RESERVED
+CVE-2015-1603 (Multiple cross-site scripting (XSS) vulnerabilities in Adminsystems ...)
 	NOT-FOR-US: Landsknecht Adminsystems
 CVE-2015-1600
 	RESERVED
 	NOT-FOR-US: Netatmo Weather Station
 CVE-2015-1588
 	RESERVED
-CVE-2015-1587
-	RESERVED
+CVE-2015-1587 (Unrestricted file upload vulnerability in file_to_index.php in Maarch ...)
+	TODO: check
 CVE-2015-1586
 	RESERVED
-CVE-2015-1585
-	RESERVED
+CVE-2015-1585 (Fat Free CRM before 0.13.6 allows remote attackers to conduct ...)
 	NOT-FOR-US: Fat Free CRM
 CVE-2015-1584
 	RESERVED
@@ -687,8 +1000,7 @@
 	- linux-2.6 <removed>
 	NOTE: http://hmarco.org/bugs/linux-ASLR-integer-overflow.html
 	NOTE: https://lkml.org/lkml/2015/2/14/61
-CVE-2015-1592 [local file inclusion or inauthenticated arbitrary remote code execution]
-	RESERVED
+CVE-2015-1592 (Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and ...)
 	- movabletype-opensource <removed>
 	NOTE: https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html
 	NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/2
@@ -746,6 +1058,7 @@
 	[wheezy] - nut <no-dsa> (Minor issue)
 	[squeeze] - nut <no-dsa> (Minor issue)
 CVE-2015-1881 [Glance import task leaks image in backend]
+	RESERVED
 	- glance <unfixed>
 	NOTE: https://review.openstack.org/#/c/156553
 	TODO: check
@@ -849,8 +1162,8 @@
 	- piwigo <removed>
 CVE-2015-1516
 	RESERVED
-CVE-2015-1515
-	RESERVED
+CVE-2015-1515 (The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 ...)
+	TODO: check
 CVE-2015-1514 (Multiple SQL injection vulnerabilities in FancyFon FAMOC before 3.17.4 ...)
 	TODO: check
 CVE-2015-1513 (SQL injection vulnerability in SIPhone Enterprise PBX allows remote ...)
@@ -1006,8 +1319,7 @@
 	- freetype <unfixed> (bug #777656)
 	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=196
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f0292bb9920aa1dbfed5f53861e7c7a89b35833a
-CVE-2014-9679 [cupsRasterReadPixels buffer overflow]
-	RESERVED
+CVE-2014-9679 (Integer underflow in the cupsRasterReadPixels function in ...)
 	[experimental] - cups 2.0.2-1
 	- cups 1.7.5-11 (bug #778387)
 	NOTE: Marked with [experimental] tag as the fix is only in experimental so far
@@ -1108,8 +1420,7 @@
 	[wheezy] - byzanz <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=852481
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/06/11
-CVE-2012-6687 [Stack smashing while using a lot of connections]
-	RESERVED
+CVE-2012-6687 (FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause ...)
 	- libfcgi 2.4.0-8.3 (bug #681591)
 	[wheezy] - libfcgi <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/4
@@ -3105,14 +3416,14 @@
 	RESERVED
 CVE-2015-0882
 	RESERVED
-CVE-2015-0881
-	RESERVED
-CVE-2015-0880
-	RESERVED
-CVE-2015-0879
-	RESERVED
-CVE-2015-0878
-	RESERVED
+CVE-2015-0881 (CRLF injection vulnerability in Squid before 3.1.10 allows remote ...)
+	TODO: check
+CVE-2015-0880 (Buffer overflow in CREAR AL-Mail32 before 1.13d allows remote ...)
+	TODO: check
+CVE-2015-0879 (CREAR AL-Mail32 before 1.13d allows remote attackers to cause a denial ...)
+	TODO: check
+CVE-2015-0878 (Directory traversal vulnerability in CREAR AL-Mail32 before 1.13d ...)
+	TODO: check
 CVE-2015-0877
 	RESERVED
 CVE-2015-0876
@@ -3613,8 +3924,8 @@
 	RESERVED
 CVE-2015-0629
 	RESERVED
-CVE-2015-0628
-	RESERVED
+CVE-2015-0628 (The proxy engine on Cisco Web Security Appliance (WSA) devices allows ...)
+	TODO: check
 CVE-2015-0627
 	RESERVED
 CVE-2015-0626 (The SOAP interface in Cisco Hosted Collaboration Solution (HCS) allows ...)
@@ -3701,8 +4012,8 @@
 	NOT-FOR-US: Cisco
 CVE-2015-0585
 	RESERVED
-CVE-2015-0584
-	RESERVED
+CVE-2015-0584 (The image-upgrade implementation on Cisco Desktop Collaboration ...)
+	TODO: check
 CVE-2015-0583 (Cisco WebEx Meeting Center does not properly restrict the content of ...)
 	NOT-FOR-US: Cisco WebEx Meeting Center
 CVE-2015-0582 (The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 ...)
@@ -3916,8 +4227,7 @@
 	[squeeze] - privoxy <not-affected> (Introduced in 3.0.21)
 	[wheezy] - privoxy <not-affected> (Introduced in 3.0.21)
 	NOTE: http://www.privoxy.org/announce.txt
-CVE-2015-1197 [cpio directory traversal]
-	RESERVED
+CVE-2015-1197 (cpio 2.11, when using the --no-absolute-filenames option, allows local ...)
 	- cpio <unfixed> (low; bug #774669)
 	[wheezy] - cpio <no-dsa> (Minor issue)
 	[squeeze] - cpio <no-dsa> (Minor issue)
@@ -4056,8 +4366,8 @@
 	RESERVED
 CVE-2014-9469
 	RESERVED
-CVE-2014-9468
-	RESERVED
+CVE-2014-9468 (Multiple cross-site scripting (XSS) vulnerabilities in InstantASP ...)
+	TODO: check
 CVE-2014-9467
 	RESERVED
 CVE-2014-9466 (Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before ...)
@@ -4334,8 +4644,7 @@
 	- iceweasel <not-affected> (squeeze used the system libpng, and later versions define their own limits)
 	- icedove <not-affected> (squeeze used the system libpng, and later versions define their own limits)
 	NOTE: http://sourceforge.net/p/png-mng/mailman/message/33173461/
-CVE-2014-9465
-	RESERVED
+CVE-2014-9465 (senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in ...)
 	- zarafa <itp> (bug #658433)
 CVE-2014-9446 (Multiple cross-site scripting (XSS) vulnerabilities in the Staff ...)
 	- koha <itp> (bug #702134)
@@ -7593,8 +7902,8 @@
 	RESERVED
 CVE-2014-8691
 	RESERVED
-CVE-2014-8690
-	RESERVED
+CVE-2014-8690 (Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS ...)
+	TODO: check
 CVE-2014-8689
 	RESERVED
 CVE-2014-8688
@@ -9118,8 +9427,7 @@
 	NOT-FOR-US: Red Hat vdms and vdsclient
 CVE-2014-8166
 	RESERVED
-CVE-2014-8165 [arbitrary code execution due to unpickling untrusted input]
-	RESERVED
+CVE-2014-8165 (scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the ...)
 	- powerpc-utils <not-affected> (Vulnerable code not present)
 	NOTE: http://sourceforge.net/p/powerpc-utils/mailman/message/32884230
 CVE-2014-8164
@@ -15743,8 +16051,7 @@
 	RESERVED
 CVE-2014-5357
 	RESERVED
-CVE-2014-5355 [Fix krb5_read_message handling]
-	RESERVED
+CVE-2014-5355 (MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a ...)
 	- krb5 1.12.1+dfsg-18 (bug #778647)
 	[wheezy] - krb5 <no-dsa> (Minor issue)
 	[squeeze] - krb5 <no-dsa> (Minor issue)
@@ -20131,7 +20438,7 @@
 	NOT-FOR-US: Apache Hadoop
 CVE-2014-3626
 	RESERVED
-CVE-2014-3625 (Directory traversal vulnerability in Pivitol Spring Framework 3.0.4 ...)
+CVE-2014-3625 (Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 ...)
 	- libspring-java <unfixed> (bug #769698)
 	[wheezy] - libspring-java <no-dsa> (Minor issue)
 	NOTE: https://github.com/spring-projects/spring-framework/commit/3f68cd633f03370d33c2603a6496e81273782601 (3.2.x)
@@ -20319,8 +20626,7 @@
 	NOTE: http://subversion.apache.org/security/CVE-2014-3580-advisory.txt
 CVE-2014-3579
 	RESERVED
-CVE-2014-3578 [Spring framework directory traversal]
-	RESERVED
+CVE-2014-3578 (Directory traversal vulnerability in Pivotal Spring Framework 3.x ...)
 	- libspring-java <unfixed> (low; bug #760733)
 	[wheezy] - libspring-java <no-dsa> (minor issue)
 	NOTE: Fixed in experimental with 3.2.12-1
@@ -25282,13 +25588,11 @@
 CVE-2014-1860 [PHP object insertion]
 	RESERVED
 	NOT-FOR-US: Contao CMS
-CVE-2014-1832 [incomplete fix of CVE-2014-1831]
-	RESERVED
+CVE-2014-1832 (Phusion Passenger 4.0.37 allows local users to write to certain files ...)
 	- ruby-passenger 4.0.37-2
 	[wheezy] - ruby-passenger <not-affected> (incomplete patch never applied)
 	- passenger <not-affected> (incomplete patch never applied)
-CVE-2014-1831 [insecure use of /tmp]
-	RESERVED
+CVE-2014-1831 (Phusion Passenger before 4.0.37 allows local users to write to certain ...)
 	- ruby-passenger 4.0.37-1 (low; bug #736958)
 	[wheezy] - ruby-passenger 3.0.13debian-1+deb7u2 (low; bug #736958)
 	- passenger <removed>
@@ -32119,7 +32423,7 @@
 	RESERVED
 	- php5 <unfixed>
 CVE-2013-6500 [Arbitrary code execution due to insecure Perl module loading from CWD]
-	RESERVED
+	REJECTED
 	NOTE: To be rejected
 CVE-2013-6499 [loading a module relative to the cwd]
 	RESERVED




More information about the Secure-testing-commits mailing list