[Secure-testing-commits] r32422 - data/CVE

Sun Feb 22 21:10:27 UTC 2015

Author: sectracker
Date: 2015-02-22 21:10:27 +0000 (Sun, 22 Feb 2015)
New Revision: 32422

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2015-02-22 21:00:38 UTC (rev 32421)
+++ data/CVE/list	2015-02-22 21:10:27 UTC (rev 32422)
@@ -14,6 +14,7 @@
 	- shadow <unfixed> (unimportant; bug #628843)
 	NOTE: only affects the su executable, so if you use sudo you're not affected
 CVE-2015-2047 [TYPO3-CORE-SA-2015-001: Authentication Bypass]
+	{DSA-3164-1}
 	- typo3-src 4.5.40+dfsg1-1 (bug #778870)
 	NOTE: Remove explicit [wheezy] tagged entry once a CVE is allocated and cross-reference can be built
 	[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
@@ -933,6 +934,7 @@
 	NOTE: https://review.openstack.org/#/c/122427/
 CVE-2014-9683 [ecryptfs 1-byte overwrite]
 	RESERVED
+	{DSA-3169-1}
 	- linux 3.16.7-ckt4-1
 	- linux-2.6 <removed>
 	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=942080643bce061c3dd9d5718d3b745dcb39a8bc (v3.19-rc1)
@@ -1016,7 +1018,7 @@
 	NOT-FOR-US: FlexPaper
 CVE-2015-1593 [Linux ASLR integer overflow]
 	RESERVED
-	{DLA-155-1}
+	{DSA-3169-1 DLA-155-1}
 	- linux <unfixed>
 	- linux-2.6 <removed>
 	NOTE: http://hmarco.org/bugs/linux-ASLR-integer-overflow.html
@@ -1389,6 +1391,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2014/10/15/24
 CVE-2014-9680 [preserves TZ by default]
 	RESERVED
+	{DSA-3167-1}
 	- sudo <unfixed> (bug #772707)
 	NOTE: http://www.openwall.com/lists/oss-security/2014/10/15/24
 	NOTE: http://www.sudo.ws/repos/sudo/rev/650ac6938b59 (1.8.x)
@@ -1849,12 +1852,13 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=981942
 CVE-2015-1421 [net: sctp: slab corruption from use after free on INIT collisions]
 	RESERVED
-	{DLA-155-1}
+	{DSA-3169-1 DLA-155-1}
 	- linux 3.16.7-ckt4-3
 	- linux-2.6 <removed>
 	NOTE: Upstream fix: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=600ddd6825543962fb807884169e57b580dba208
 CVE-2015-1420 [fs/fhandle.c race condition]
 	RESERVED
+	{DSA-3169-1}
 	- linux <unfixed>
 	- linux-2.6 <not-affected> (Introduced in 2.6.39)
 	NOTE: http://marc.info/?l=linux-kernel&m=142247707318982&w=2
@@ -2031,6 +2035,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2015/01/28/16
 CVE-2013-7421 [Linux kernel crypto api unprivileged arbitrary module load]
 	RESERVED
+	{DSA-3169-1}
 	- linux 3.16.7-ckt4-2
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <not-affected> (Introduced in v2.6.38-rc1)
@@ -2039,6 +2044,7 @@
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5d26a105b5a7 (v3.19-rc1)
 CVE-2014-9644 [related to CVE-2013-7421, not handling crypto templates correctly]
 	RESERVED
+	{DSA-3169-1}
 	- linux 3.16.7-ckt4-2
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <not-affected> (Introduced in v2.6.38-rc1)
@@ -4080,7 +4086,7 @@
 CVE-2015-0565
 	RESERVED
 CVE-2014-9585 (The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel ...)
-	{DLA-155-1}
+	{DSA-3169-1 DLA-155-1}
 	- linux 3.16.7-ckt4-1
 	- linux-2.6 <removed>
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=fbe1bf140671619508dfa575d74a185ae53c5dbb
@@ -6297,6 +6303,7 @@
 CVE-2014-9017
 	RESERVED
 CVE-2012-6684 (Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 ...)
+	{DSA-3168-1}
 	- ruby-redcloth 4.2.9-4 (bug #774748)
 	- redcloth <removed>
 	NOTE: http://co3k.org/blog/redcloth-unfixed-xss-en
@@ -6776,6 +6783,7 @@
 	RESERVED
 CVE-2015-0239 [KVM SYSENTER emulation vulnerability]
 	RESERVED
+	{DSA-3169-1}
 	- linux 3.16.7-ckt4-2
 	- linux-2.6 <removed>
 	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8c60435261deaefeb53ce3222d04d7d5bea81296
@@ -8586,6 +8594,7 @@
 	NOTE: also required: https://github.com/axkibe/lsyncd/commit/e9ffda07f0145f50f2756f8ee3fb0775b455122b
 	NOTE: the initial commit would be an incomplete fix and needs additional changes
 CVE-2014-8559 (The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 ...)
+	{DSA-3169-1}
 	- linux 3.16.7-ckt4-1
 	- linux-2.6 <not-affected> (Introduced in 2.6.38)
 	NOTE: References in http://www.openwall.com/lists/oss-security/2014/10/30/7
@@ -9478,7 +9487,7 @@
 	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
 CVE-2014-8160 [iptables restriction bypass if a protocol handler kernel module not loaded]
 	RESERVED
-	{DLA-155-1}
+	{DSA-3169-1 DLA-155-1}
 	- linux 3.16.7-ckt4-1
 	- linux-2.6 <removed>
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=db29a9508a9246e77087c5531e45b2c88ec6988b (v3.18-rc1)
@@ -10552,7 +10561,7 @@
 	NOTE: Fixed by http://libvirt.org/git/?p=libvirt.git;a=commit;h=b1674ad5a97441b7e1bd5f5ebaff498ef2fbb11b
 CVE-2014-7822 [splice: lack of generic write checks]
 	RESERVED
-	{DLA-155-1}
+	{DSA-3169-1 DLA-155-1}
 	- linux 3.16.2-1
 	- linux-2.6 <removed>
 	NOTE: Upstream fixes: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8d0207652cbe27d1f962050737848e5ad4671958 (v3.16-rc1)


