[Secure-testing-commits] r32368 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Feb 20 21:10:17 UTC 2015
Author: sectracker
Date: 2015-02-20 21:10:17 +0000 (Fri, 20 Feb 2015)
New Revision: 32368
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-20 18:45:58 UTC (rev 32367)
+++ data/CVE/list 2015-02-20 21:10:17 UTC (rev 32368)
@@ -1,3 +1,317 @@
+CVE-2015-2038
+ RESERVED
+CVE-2015-2037
+ RESERVED
+CVE-2015-2036
+ RESERVED
+CVE-2015-2033 (Anyterm Daemon in Infoblox Network Automation NetMRI before ...)
+ TODO: check
+CVE-2015-2032
+ RESERVED
+CVE-2015-2031
+ RESERVED
+CVE-2015-2030
+ RESERVED
+CVE-2015-2029
+ RESERVED
+CVE-2015-2028
+ RESERVED
+CVE-2015-2027
+ RESERVED
+CVE-2015-2026
+ RESERVED
+CVE-2015-2025
+ RESERVED
+CVE-2015-2024
+ RESERVED
+CVE-2015-2023
+ RESERVED
+CVE-2015-2022
+ RESERVED
+CVE-2015-2021
+ RESERVED
+CVE-2015-2020
+ RESERVED
+CVE-2015-2019
+ RESERVED
+CVE-2015-2018
+ RESERVED
+CVE-2015-2017
+ RESERVED
+CVE-2015-2016
+ RESERVED
+CVE-2015-2015
+ RESERVED
+CVE-2015-2014
+ RESERVED
+CVE-2015-2013
+ RESERVED
+CVE-2015-2012
+ RESERVED
+CVE-2015-2011
+ RESERVED
+CVE-2015-2010
+ RESERVED
+CVE-2015-2009
+ RESERVED
+CVE-2015-2008
+ RESERVED
+CVE-2015-2007
+ RESERVED
+CVE-2015-2006
+ RESERVED
+CVE-2015-2005
+ RESERVED
+CVE-2015-2004
+ RESERVED
+CVE-2015-2003
+ RESERVED
+CVE-2015-2002
+ RESERVED
+CVE-2015-2001
+ RESERVED
+CVE-2015-2000
+ RESERVED
+CVE-2015-1999
+ RESERVED
+CVE-2015-1998
+ RESERVED
+CVE-2015-1997
+ RESERVED
+CVE-2015-1996
+ RESERVED
+CVE-2015-1995
+ RESERVED
+CVE-2015-1994
+ RESERVED
+CVE-2015-1993
+ RESERVED
+CVE-2015-1992
+ RESERVED
+CVE-2015-1991
+ RESERVED
+CVE-2015-1990
+ RESERVED
+CVE-2015-1989
+ RESERVED
+CVE-2015-1988
+ RESERVED
+CVE-2015-1987
+ RESERVED
+CVE-2015-1986
+ RESERVED
+CVE-2015-1985
+ RESERVED
+CVE-2015-1984
+ RESERVED
+CVE-2015-1983
+ RESERVED
+CVE-2015-1982
+ RESERVED
+CVE-2015-1981
+ RESERVED
+CVE-2015-1980
+ RESERVED
+CVE-2015-1979
+ RESERVED
+CVE-2015-1978
+ RESERVED
+CVE-2015-1977
+ RESERVED
+CVE-2015-1976
+ RESERVED
+CVE-2015-1975
+ RESERVED
+CVE-2015-1974
+ RESERVED
+CVE-2015-1973
+ RESERVED
+CVE-2015-1972
+ RESERVED
+CVE-2015-1971
+ RESERVED
+CVE-2015-1970
+ RESERVED
+CVE-2015-1969
+ RESERVED
+CVE-2015-1968
+ RESERVED
+CVE-2015-1967
+ RESERVED
+CVE-2015-1966
+ RESERVED
+CVE-2015-1965
+ RESERVED
+CVE-2015-1964
+ RESERVED
+CVE-2015-1963
+ RESERVED
+CVE-2015-1962
+ RESERVED
+CVE-2015-1961
+ RESERVED
+CVE-2015-1960
+ RESERVED
+CVE-2015-1959
+ RESERVED
+CVE-2015-1958
+ RESERVED
+CVE-2015-1957
+ RESERVED
+CVE-2015-1956
+ RESERVED
+CVE-2015-1955
+ RESERVED
+CVE-2015-1954
+ RESERVED
+CVE-2015-1953
+ RESERVED
+CVE-2015-1952
+ RESERVED
+CVE-2015-1951
+ RESERVED
+CVE-2015-1950
+ RESERVED
+CVE-2015-1949
+ RESERVED
+CVE-2015-1948
+ RESERVED
+CVE-2015-1947
+ RESERVED
+CVE-2015-1946
+ RESERVED
+CVE-2015-1945
+ RESERVED
+CVE-2015-1944
+ RESERVED
+CVE-2015-1943
+ RESERVED
+CVE-2015-1942
+ RESERVED
+CVE-2015-1941
+ RESERVED
+CVE-2015-1940
+ RESERVED
+CVE-2015-1939
+ RESERVED
+CVE-2015-1938
+ RESERVED
+CVE-2015-1937
+ RESERVED
+CVE-2015-1936
+ RESERVED
+CVE-2015-1935
+ RESERVED
+CVE-2015-1934
+ RESERVED
+CVE-2015-1933
+ RESERVED
+CVE-2015-1932
+ RESERVED
+CVE-2015-1931
+ RESERVED
+CVE-2015-1930
+ RESERVED
+CVE-2015-1929
+ RESERVED
+CVE-2015-1928
+ RESERVED
+CVE-2015-1927
+ RESERVED
+CVE-2015-1926
+ RESERVED
+CVE-2015-1925
+ RESERVED
+CVE-2015-1924
+ RESERVED
+CVE-2015-1923
+ RESERVED
+CVE-2015-1922
+ RESERVED
+CVE-2015-1921
+ RESERVED
+CVE-2015-1920
+ RESERVED
+CVE-2015-1919
+ RESERVED
+CVE-2015-1918
+ RESERVED
+CVE-2015-1917
+ RESERVED
+CVE-2015-1916
+ RESERVED
+CVE-2015-1915
+ RESERVED
+CVE-2015-1914
+ RESERVED
+CVE-2015-1913
+ RESERVED
+CVE-2015-1912
+ RESERVED
+CVE-2015-1911
+ RESERVED
+CVE-2015-1910
+ RESERVED
+CVE-2015-1909
+ RESERVED
+CVE-2015-1908
+ RESERVED
+CVE-2015-1907
+ RESERVED
+CVE-2015-1906
+ RESERVED
+CVE-2015-1905
+ RESERVED
+CVE-2015-1904
+ RESERVED
+CVE-2015-1903
+ RESERVED
+CVE-2015-1902
+ RESERVED
+CVE-2015-1901
+ RESERVED
+CVE-2015-1900
+ RESERVED
+CVE-2015-1899
+ RESERVED
+CVE-2015-1898
+ RESERVED
+CVE-2015-1897
+ RESERVED
+CVE-2015-1896
+ RESERVED
+CVE-2015-1895
+ RESERVED
+CVE-2015-1894
+ RESERVED
+CVE-2015-1893
+ RESERVED
+CVE-2015-1892
+ RESERVED
+CVE-2015-1891
+ RESERVED
+CVE-2015-1890
+ RESERVED
+CVE-2015-1889
+ RESERVED
+CVE-2015-1888
+ RESERVED
+CVE-2015-1887
+ RESERVED
+CVE-2015-1886
+ RESERVED
+CVE-2015-1885
+ RESERVED
+CVE-2015-1884
+ RESERVED
+CVE-2015-1883
+ RESERVED
+CVE-2015-1882
+ RESERVED
+CVE-2015-1880
+ RESERVED
+CVE-2015-1879 (Cross-site scripting (XSS) vulnerability in the Google Doc Embedder ...)
+ TODO: check
CVE-2015-2042 [incorrect data type in rds_sysctl_rds_table]
- linux <unfixed>
- linux-2.6 <removed>
@@ -9,8 +323,10 @@
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49 (v3.19-rc7)
TODO: check
CVE-2015-2035 [SQL injection vulnerability]
+ RESERVED
- piwigo <removed>
CVE-2015-2034 [XSS vulnerability]
+ RESERVED
- piwigo <removed>
CVE-2015-1878
RESERVED
@@ -591,6 +907,7 @@
- libcsoap <unfixed> (bug #778599)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/17/2
CVE-2014-9684 [Glance import task leaks image in backend]
+ RESERVED
- glance <unfixed>
NOTE: https://review.openstack.org/#/c/122427/
TODO: check
@@ -611,8 +928,7 @@
NOT-FOR-US: node-dns-sync
CVE-2014-XXXX [more to CVE-2014-6585]
- icu <unfixed> (low; bug #778511)
-CVE-2015-1614
- RESERVED
+CVE-2015-1614 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
NOT-FOR-US: WordPress plugin image-metadata-cruncher
CVE-2015-1607 [memcpy with overlapping ranges, resulting from incorrect bitwise left shifts]
RESERVED
@@ -632,23 +948,20 @@
[wheezy] - gnupg <no-dsa> (Minor issue)
NOTE: https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html
NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648
-CVE-2015-1604
- RESERVED
+CVE-2015-1604 (Unrestricted file upload vulnerability in asys/site/files.php in ...)
NOT-FOR-US: Landsknecht Adminsystems
-CVE-2015-1603
- RESERVED
+CVE-2015-1603 (Multiple cross-site scripting (XSS) vulnerabilities in Adminsystems ...)
NOT-FOR-US: Landsknecht Adminsystems
CVE-2015-1600
RESERVED
NOT-FOR-US: Netatmo Weather Station
CVE-2015-1588
RESERVED
-CVE-2015-1587
- RESERVED
+CVE-2015-1587 (Unrestricted file upload vulnerability in file_to_index.php in Maarch ...)
+ TODO: check
CVE-2015-1586
RESERVED
-CVE-2015-1585
- RESERVED
+CVE-2015-1585 (Fat Free CRM before 0.13.6 allows remote attackers to conduct ...)
NOT-FOR-US: Fat Free CRM
CVE-2015-1584
RESERVED
@@ -687,8 +1000,7 @@
- linux-2.6 <removed>
NOTE: http://hmarco.org/bugs/linux-ASLR-integer-overflow.html
NOTE: https://lkml.org/lkml/2015/2/14/61
-CVE-2015-1592 [local file inclusion or inauthenticated arbitrary remote code execution]
- RESERVED
+CVE-2015-1592 (Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and ...)
- movabletype-opensource <removed>
NOTE: https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html
NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/2
@@ -746,6 +1058,7 @@
[wheezy] - nut <no-dsa> (Minor issue)
[squeeze] - nut <no-dsa> (Minor issue)
CVE-2015-1881 [Glance import task leaks image in backend]
+ RESERVED
- glance <unfixed>
NOTE: https://review.openstack.org/#/c/156553
TODO: check
@@ -849,8 +1162,8 @@
- piwigo <removed>
CVE-2015-1516
RESERVED
-CVE-2015-1515
- RESERVED
+CVE-2015-1515 (The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 ...)
+ TODO: check
CVE-2015-1514 (Multiple SQL injection vulnerabilities in FancyFon FAMOC before 3.17.4 ...)
TODO: check
CVE-2015-1513 (SQL injection vulnerability in SIPhone Enterprise PBX allows remote ...)
@@ -1006,8 +1319,7 @@
- freetype <unfixed> (bug #777656)
NOTE: http://code.google.com/p/google-security-research/issues/detail?id=196
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f0292bb9920aa1dbfed5f53861e7c7a89b35833a
-CVE-2014-9679 [cupsRasterReadPixels buffer overflow]
- RESERVED
+CVE-2014-9679 (Integer underflow in the cupsRasterReadPixels function in ...)
[experimental] - cups 2.0.2-1
- cups 1.7.5-11 (bug #778387)
NOTE: Marked with [experimental] tag as the fix is only in experimental so far
@@ -1108,8 +1420,7 @@
[wheezy] - byzanz <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=852481
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/06/11
-CVE-2012-6687 [Stack smashing while using a lot of connections]
- RESERVED
+CVE-2012-6687 (FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause ...)
- libfcgi 2.4.0-8.3 (bug #681591)
[wheezy] - libfcgi <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/4
@@ -3105,14 +3416,14 @@
RESERVED
CVE-2015-0882
RESERVED
-CVE-2015-0881
- RESERVED
-CVE-2015-0880
- RESERVED
-CVE-2015-0879
- RESERVED
-CVE-2015-0878
- RESERVED
+CVE-2015-0881 (CRLF injection vulnerability in Squid before 3.1.10 allows remote ...)
+ TODO: check
+CVE-2015-0880 (Buffer overflow in CREAR AL-Mail32 before 1.13d allows remote ...)
+ TODO: check
+CVE-2015-0879 (CREAR AL-Mail32 before 1.13d allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2015-0878 (Directory traversal vulnerability in CREAR AL-Mail32 before 1.13d ...)
+ TODO: check
CVE-2015-0877
RESERVED
CVE-2015-0876
@@ -3613,8 +3924,8 @@
RESERVED
CVE-2015-0629
RESERVED
-CVE-2015-0628
- RESERVED
+CVE-2015-0628 (The proxy engine on Cisco Web Security Appliance (WSA) devices allows ...)
+ TODO: check
CVE-2015-0627
RESERVED
CVE-2015-0626 (The SOAP interface in Cisco Hosted Collaboration Solution (HCS) allows ...)
@@ -3701,8 +4012,8 @@
NOT-FOR-US: Cisco
CVE-2015-0585
RESERVED
-CVE-2015-0584
- RESERVED
+CVE-2015-0584 (The image-upgrade implementation on Cisco Desktop Collaboration ...)
+ TODO: check
CVE-2015-0583 (Cisco WebEx Meeting Center does not properly restrict the content of ...)
NOT-FOR-US: Cisco WebEx Meeting Center
CVE-2015-0582 (The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 ...)
@@ -3916,8 +4227,7 @@
[squeeze] - privoxy <not-affected> (Introduced in 3.0.21)
[wheezy] - privoxy <not-affected> (Introduced in 3.0.21)
NOTE: http://www.privoxy.org/announce.txt
-CVE-2015-1197 [cpio directory traversal]
- RESERVED
+CVE-2015-1197 (cpio 2.11, when using the --no-absolute-filenames option, allows local ...)
- cpio <unfixed> (low; bug #774669)
[wheezy] - cpio <no-dsa> (Minor issue)
[squeeze] - cpio <no-dsa> (Minor issue)
@@ -4056,8 +4366,8 @@
RESERVED
CVE-2014-9469
RESERVED
-CVE-2014-9468
- RESERVED
+CVE-2014-9468 (Multiple cross-site scripting (XSS) vulnerabilities in InstantASP ...)
+ TODO: check
CVE-2014-9467
RESERVED
CVE-2014-9466 (Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before ...)
@@ -4334,8 +4644,7 @@
- iceweasel <not-affected> (squeeze used the system libpng, and later versions define their own limits)
- icedove <not-affected> (squeeze used the system libpng, and later versions define their own limits)
NOTE: http://sourceforge.net/p/png-mng/mailman/message/33173461/
-CVE-2014-9465
- RESERVED
+CVE-2014-9465 (senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in ...)
- zarafa <itp> (bug #658433)
CVE-2014-9446 (Multiple cross-site scripting (XSS) vulnerabilities in the Staff ...)
- koha <itp> (bug #702134)
@@ -7593,8 +7902,8 @@
RESERVED
CVE-2014-8691
RESERVED
-CVE-2014-8690
- RESERVED
+CVE-2014-8690 (Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS ...)
+ TODO: check
CVE-2014-8689
RESERVED
CVE-2014-8688
@@ -9118,8 +9427,7 @@
NOT-FOR-US: Red Hat vdms and vdsclient
CVE-2014-8166
RESERVED
-CVE-2014-8165 [arbitrary code execution due to unpickling untrusted input]
- RESERVED
+CVE-2014-8165 (scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the ...)
- powerpc-utils <not-affected> (Vulnerable code not present)
NOTE: http://sourceforge.net/p/powerpc-utils/mailman/message/32884230
CVE-2014-8164
@@ -15743,8 +16051,7 @@
RESERVED
CVE-2014-5357
RESERVED
-CVE-2014-5355 [Fix krb5_read_message handling]
- RESERVED
+CVE-2014-5355 (MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a ...)
- krb5 1.12.1+dfsg-18 (bug #778647)
[wheezy] - krb5 <no-dsa> (Minor issue)
[squeeze] - krb5 <no-dsa> (Minor issue)
@@ -20131,7 +20438,7 @@
NOT-FOR-US: Apache Hadoop
CVE-2014-3626
RESERVED
-CVE-2014-3625 (Directory traversal vulnerability in Pivitol Spring Framework 3.0.4 ...)
+CVE-2014-3625 (Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 ...)
- libspring-java <unfixed> (bug #769698)
[wheezy] - libspring-java <no-dsa> (Minor issue)
NOTE: https://github.com/spring-projects/spring-framework/commit/3f68cd633f03370d33c2603a6496e81273782601 (3.2.x)
@@ -20319,8 +20626,7 @@
NOTE: http://subversion.apache.org/security/CVE-2014-3580-advisory.txt
CVE-2014-3579
RESERVED
-CVE-2014-3578 [Spring framework directory traversal]
- RESERVED
+CVE-2014-3578 (Directory traversal vulnerability in Pivotal Spring Framework 3.x ...)
- libspring-java <unfixed> (low; bug #760733)
[wheezy] - libspring-java <no-dsa> (minor issue)
NOTE: Fixed in experimental with 3.2.12-1
@@ -25282,13 +25588,11 @@
CVE-2014-1860 [PHP object insertion]
RESERVED
NOT-FOR-US: Contao CMS
-CVE-2014-1832 [incomplete fix of CVE-2014-1831]
- RESERVED
+CVE-2014-1832 (Phusion Passenger 4.0.37 allows local users to write to certain files ...)
- ruby-passenger 4.0.37-2
[wheezy] - ruby-passenger <not-affected> (incomplete patch never applied)
- passenger <not-affected> (incomplete patch never applied)
-CVE-2014-1831 [insecure use of /tmp]
- RESERVED
+CVE-2014-1831 (Phusion Passenger before 4.0.37 allows local users to write to certain ...)
- ruby-passenger 4.0.37-1 (low; bug #736958)
[wheezy] - ruby-passenger 3.0.13debian-1+deb7u2 (low; bug #736958)
- passenger <removed>
@@ -32119,7 +32423,7 @@
RESERVED
- php5 <unfixed>
CVE-2013-6500 [Arbitrary code execution due to insecure Perl module loading from CWD]
- RESERVED
+ REJECTED
NOTE: To be rejected
CVE-2013-6499 [loading a module relative to the cwd]
RESERVED
More information about the Secure-testing-commits
mailing list