[Secure-testing-commits] r32448 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Feb 24 09:10:27 UTC 2015 

Author: sectracker
Date: 2015-02-24 09:10:27 +0000 (Tue, 24 Feb 2015)
New Revision: 32448

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-02-24 06:35:30 UTC (rev 32447)
+++ data/CVE/list	2015-02-24 09:10:27 UTC (rev 32448)
@@ -1,3 +1,13 @@
+CVE-2015-2045
+	RESERVED
+CVE-2015-2044
+	RESERVED
+CVE-2015-2043
+	RESERVED
+CVE-2015-2040 (Cross-site scripting (XSS) vulnerability in the Contact Form DB (aka ...)
+	TODO: check
+CVE-2015-2039 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+	TODO: check
 CVE-2015-XXXX [_IO_wstr_overflow integer overflow]
 	- eglibc <removed>
 	- glibc <unfixed>
@@ -14,6 +24,7 @@
 	- shadow <unfixed> (unimportant; bug #628843)
 	NOTE: only affects the su executable, so if you use sudo you're not affected
 CVE-2015-2047 [TYPO3-CORE-SA-2015-001: Authentication Bypass]
+	RESERVED
 	{DSA-3164-1}
 	- typo3-src 4.5.40+dfsg1-1 (bug #778870)
 	NOTE: Remove explicit [wheezy] tagged entry once a CVE is allocated and cross-reference can be built
@@ -72,7 +83,7 @@
 CVE-2015-2011
 	RESERVED
 CVE-2015-2010
-	RESERVED
+	REJECTED
 CVE-2015-2009
 	RESERVED
 CVE-2015-2008
@@ -334,20 +345,20 @@
 CVE-2015-1879 (Cross-site scripting (XSS) vulnerability in the Google Doc Embedder ...)
 	TODO: check
 CVE-2015-2042 [incorrect data type in rds_sysctl_rds_table]
+	RESERVED
 	- linux <unfixed>
 	- linux-2.6 <removed>
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=db27ebb111e9f69efece08e4cb6a34ff980f8896 (v3.19)
 	NOTE: (earliest) introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e5048495c8569bfdd552750e0315973c61e7c93 (v2.6.30-rc1)
 CVE-2015-2041 [incorrect data type in llc2_timeout_table]
+	RESERVED
 	- linux <unfixed>
 	- linux-2.6 <removed>
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49 (v3.19-rc7)
 	NOTE: (earliest) introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=590232a7150674b2036291eaefce085f3f9659c8 (v2.6.14-rc3)
-CVE-2015-2035 [SQL injection vulnerability]
-	RESERVED
+CVE-2015-2035 (SQL injection vulnerability in the administrative backend in Piwigo ...)
 	- piwigo <removed>
-CVE-2015-2034 [XSS vulnerability]
-	RESERVED
+CVE-2015-2034 (Cross-site scripting (XSS) vulnerability in the administrative backend ...)
 	- piwigo <removed>
 CVE-2015-1878
 	RESERVED
@@ -1187,8 +1198,7 @@
 	RESERVED
 CVE-2015-1518 (SQL injection vulnerability in the search_post function in ...)
 	NOT-FOR-US: Redaxscript
-CVE-2015-1517
-	RESERVED
+CVE-2015-1517 (SQL injection vulnerability in Piwigo before 2.7.4, when all filters ...)
 	- piwigo <removed>
 CVE-2015-1516
 	RESERVED
@@ -1363,6 +1373,7 @@
 	NOTE: Introduced by http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9ac12ef099707f405d7478009564302d7ed8393 (v3.18-rc1)
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=91441
 CVE-2015-2046 [XSS, incomplete fix for CVE-2014-8986]
+	RESERVED
 	- mantis <removed>
 	[wheezy] - mantis <no-dsa> (Minor issue)
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
@@ -3969,8 +3980,8 @@
 	RESERVED
 CVE-2015-0632
 	RESERVED
-CVE-2015-0631
-	RESERVED
+CVE-2015-0631 (Race condition in the SSL implementation on Cisco Intrusion Prevention ...)
+	TODO: check
 CVE-2015-0630
 	RESERVED
 CVE-2015-0629
@@ -3983,8 +3994,8 @@
 	TODO: check
 CVE-2015-0625
 	RESERVED
-CVE-2015-0624
-	RESERVED
+CVE-2015-0624 (The web framework in Cisco AsyncOS on Email Security Appliance (ESA), ...)
+	TODO: check
 CVE-2015-0623 (Cross-site scripting (XSS) vulnerability in the Administrator report ...)
 	TODO: check
 CVE-2015-0622 (The Wireless Intrusion Detection (aka WIDS) functionality on Cisco ...)
@@ -3995,8 +4006,8 @@
 	TODO: check
 CVE-2015-0619 (Memory leak in the embedded web server in the WebVPN subsystem in ...)
 	TODO: check
-CVE-2015-0618
-	RESERVED
+CVE-2015-0618 (Cisco IOS XR 5.0.1 and 5.2.1 on Network Convergence System (NCS) 6000 ...)
+	TODO: check
 CVE-2015-0617 (Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices ...)
 	TODO: check
 CVE-2015-0616
@@ -5941,8 +5952,7 @@
 	RESERVED
 CVE-2015-0332
 	RESERVED
-CVE-2015-0331
-	RESERVED
+CVE-2015-0331 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 ...)
 	NOT-FOR-US: Adobe Flash
 CVE-2015-0330 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before ...)
 	NOT-FOR-US: Adobe Flash
@@ -7031,8 +7041,8 @@
 	RESERVED
 CVE-2015-0168
 	RESERVED
-CVE-2015-0167
-	RESERVED
+CVE-2015-0167 (Cross-site scripting (XSS) vulnerability in textAngular-sanitize.js in ...)
+	TODO: check
 CVE-2015-0166
 	RESERVED
 CVE-2015-0165
@@ -9734,11 +9744,9 @@
 	NOTE: https://github.com/file/file/commit/b4c01141e5367f247b84dcaf6aefbb4e741842b
 	NOTE: https://github.com/file/file/commit/d7cdad007c507e6c79f51f058dd77fab70ceb9f6
 	NOTE: Other commits needed as well: http://www.openwall.com/lists/oss-security/2014/12/16/2
-CVE-2014-8115
-	RESERVED
+CVE-2014-8115 (The default authorization constrains in KIE Workbench 6.0.x allows ...)
 	NOT-FOR-US: KIE Workbench
-CVE-2014-8114
-	RESERVED
+CVE-2014-8114 (The UberFire Framework 0.3.x does not properly restrict paths, which ...)
 	NOT-FOR-US: UberFire Framework
 CVE-2014-8113
 	RESERVED
@@ -10252,8 +10260,8 @@
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>
 	- icu 52.1-7.1 (bug #776265)
-CVE-2014-7922
-	RESERVED
+CVE-2014-7922 (The GoogleAuthUtil.getToken method in the Google Play services SDK ...)
+	TODO: check
 CVE-2014-7921
 	RESERVED
 CVE-2014-7920
@@ -14366,8 +14374,8 @@
 CVE-2014-6185 (dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before ...)
 	NOT-FOR-US: IBM
 	NOTE: https://www-01.ibm.com/support/docview.wss?uid=swg21695715
-CVE-2014-6184
-	RESERVED
+CVE-2014-6184 (Stack-based buffer overflow in dsmtca in the client in IBM Tivoli ...)
+	TODO: check
 CVE-2014-6183 (IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before ...)
 	NOT-FOR-US: IBM Security Network Protection
 CVE-2014-6182 (Directory traversal vulnerability in an export function in the Process ...)
@@ -20316,8 +20324,7 @@
 	{DSA-3047-1 DLA-72-1}
 	- rsyslog 8.4.2-1
 	NOTE: http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/
-CVE-2014-3682
-	RESERVED
+CVE-2014-3682 (XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl ...)
 	NOT-FOR-US: jBPM Designer
 CVE-2014-3681 (Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before ...)
 	- jenkins 1.565.3-1 (bug #763899)
@@ -31412,8 +31419,7 @@
 CVE-2014-0006 (The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 ...)
 	- swift 1.11.0-2 (low; bug #735582)
 	[wheezy] - swift <no-dsa> (Minor issue)
-CVE-2014-0005
-	RESERVED
+CVE-2014-0005 (PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application ...)
 	NOT-FOR-US: PicketBox/JBossSX
 CVE-2014-0004 (Stack-based buffer overflow in udisks before 1.0.5 and 2.x before ...)
 	{DSA-2872-1}

More information about the Secure-testing-commits mailing list