[Secure-testing-commits] r32472 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Feb 24 21:10:17 UTC 2015 

Author: sectracker
Date: 2015-02-24 21:10:17 +0000 (Tue, 24 Feb 2015)
New Revision: 32472

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-02-24 18:53:29 UTC (rev 32471)
+++ data/CVE/list	2015-02-24 21:10:17 UTC (rev 32472)
@@ -1,3 +1,27 @@
+CVE-2015-2062
+	RESERVED
+CVE-2015-2061
+	RESERVED
+CVE-2015-2057
+	RESERVED
+CVE-2015-2056
+	RESERVED
+CVE-2015-2055 (Zhone GPON 2520 with firmware R4.0.2.566b allows remote attackers to ...)
+	TODO: check
+CVE-2015-2054 (CRLF injection vulnerability in export.cfg in the web-based ...)
+	TODO: check
+CVE-2015-2053 (The log viewer in McAfee Agent (MA) before 4.8.0 Patch 3 and 5.0.0, ...)
+	TODO: check
+CVE-2015-2052 (Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. ...)
+	TODO: check
+CVE-2015-2051 (The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 ...)
+	TODO: check
+CVE-2015-2050 (D-Link DAP-1320 Rev Ax with firmware before 1.21b05 allows attackers ...)
+	TODO: check
+CVE-2015-2049 (Unrestricted file upload vulnerability in D-Link DCS-931L with ...)
+	TODO: check
+CVE-2015-2048 (Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L ...)
+	TODO: check
 CVE-2015-2045
 	RESERVED
 CVE-2015-2044
@@ -23,8 +47,7 @@
 CVE-2005-XXXX [more related to CVE-2005-4890]
 	- shadow <unfixed> (unimportant; bug #628843)
 	NOTE: only affects the su executable, so if you use sudo you're not affected
-CVE-2015-2047 [TYPO3-CORE-SA-2015-001: Authentication Bypass]
-	RESERVED
+CVE-2015-2047 (The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through ...)
 	{DSA-3164-1}
 	- typo3-src 4.5.40+dfsg1-1 (bug #778870)
 	NOTE: Remove explicit [wheezy] tagged entry once a CVE is allocated and cross-reference can be built
@@ -936,6 +959,7 @@
 	NOTE: arm64 affected from v3.7 to v3.18
 	NOTE: powerpc affected from v2.6.30 to 3.2
 CVE-2015-2060 [directory traversal; related to overlong utf-8 encoding for /]
+	RESERVED
 	- cabextract <unfixed> (bug #778753)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/02/18/3
 	NOTE: Upstream commit: http://sourceforge.net/p/libmspack/code/217
@@ -1425,11 +1449,13 @@
 	NOTE: #772707, but needs as well resolution for #776137 and then
 	NOTE: ask update though t-p-u for both issues.
 CVE-2015-2058
+	RESERVED
 	- jabberd2 <unfixed>
 	NOTE: https://github.com/jabberd2/jabberd2/issues/85
 	NOTE: http://www.openwall.com/lists/oss-security/2015/02/09/13
 	TODO: check
 CVE-2015-2059
+	RESERVED
 	- libidn <unfixed>
 	NOTE: https://github.com/jabberd2/jabberd2/issues/85
 	NOTE: http://www.openwall.com/lists/oss-security/2015/02/09/13
@@ -1602,8 +1628,7 @@
 	- elasticsearch <not-affected> (Affects 1.3.0-1.3.7 and 1.4.0-1.4.2, vulnerable code not present)
 	NOTE: http://seclists.org/bugtraq/2015/Feb/92
 	NOTE: Problem in the Groovy scripting engine.
-CVE-2015-1426
-	RESERVED
+CVE-2015-1426 (Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains ...)
 	- facter <unfixed> (bug #778265)
 	[wheezy] - facter <no-dsa> (Minor issue)
 	NOTE: for squeeze (unverified) might be not-affected as upstream claims 1.6.0 - 2.4.0 affected
@@ -1729,8 +1754,7 @@
 	NOTE: https://nodesecurity.io/advisories/marked_redos
 	NOTE: https://github.com/chjj/marked/issues/497
 	NOTE: libv8 is not covered by security support
-CVE-2015-1589 [directory traversal]
-	RESERVED
+CVE-2015-1589 (Directory traversal vulnerability in arCHMage 0.2.4 allows remote ...)
 	- archmage 1:0.2.4-4 (bug #776164)
 	[squeeze] - archmage <no-dsa> (Minor issue)
 	[wheezy] - archmage <no-dsa> (Minor issue)
@@ -1987,8 +2011,7 @@
 	RESERVED
 CVE-2015-1316
 	RESERVED
-CVE-2015-1315
-	RESERVED
+CVE-2015-1315 (Buffer overflow in the charset_to_intern function in unix/unix.c in ...)
 	- unzip <not-affected> (*-unzip60-alt-iconv-utf8 patch not applied in Debian)
 CVE-2015-1314
 	RESERVED
@@ -3405,6 +3428,7 @@
 CVE-2013-7419 (Cross-site scripting (XSS) vulnerability in includes/refreshDate.php ...)
 	NOT-FOR-US: Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin for WordPress
 CVE-2015-2063 [buffer overflow]
+	RESERVED
 	- unace 1.2b-12 (bug #775003)
 CVE-2015-0920 (Cross-site request forgery (CSRF) vulnerability in the Banner Effect ...)
 	NOT-FOR-US: Banner Effect Header plugin for WordPress
@@ -5110,7 +5134,7 @@
 	- openjdk-8 <not-affected> (Specific to Oracle Java, not present in IcedTea)
 	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown
 CVE-2015-0412 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 ...)
-	{DSA-3147-1 DSA-3144-1}
+	{DSA-3147-1 DSA-3144-1 DLA-157-1}
 	- openjdk-6 6b34-1.13.6-1
 	- openjdk-7 7u75-2.5.4-1
 	- openjdk-8 8u40~b22-1
@@ -5121,7 +5145,7 @@
 	- percona-xtradb-cluster-5.5 <undetermined>
 	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
 CVE-2015-0410 (Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit ...)
-	{DSA-3147-1 DSA-3144-1}
+	{DSA-3147-1 DSA-3144-1 DLA-157-1}
 	- openjdk-6 6b34-1.13.6-1
 	- openjdk-7 7u75-2.5.4-1
 	- openjdk-8 8u40~b22-1
@@ -5132,12 +5156,12 @@
 	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
 	NOTE: For mariadb-10.0 not clear if affected
 CVE-2015-0408 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and ...)
-	{DSA-3147-1 DSA-3144-1}
+	{DSA-3147-1 DSA-3144-1 DLA-157-1}
 	- openjdk-6 6b34-1.13.6-1
 	- openjdk-7 7u75-2.5.4-1
 	- openjdk-8 8u40~b22-1
 CVE-2015-0407 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and ...)
-	{DSA-3147-1 DSA-3144-1}
+	{DSA-3147-1 DSA-3144-1 DLA-157-1}
 	- openjdk-6 6b34-1.13.6-1
 	- openjdk-7 7u75-2.5.4-1
 	- openjdk-8 8u40~b22-1
@@ -5170,7 +5194,7 @@
 CVE-2015-0396 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
 	NOT-FOR-US: Oracle
 CVE-2015-0395 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and ...)
-	{DSA-3147-1 DSA-3144-1}
+	{DSA-3147-1 DSA-3144-1 DLA-157-1}
 	- openjdk-6 6b34-1.13.6-1
 	- openjdk-7 7u75-2.5.4-1
 	- openjdk-8 8u40~b22-1
@@ -5205,7 +5229,7 @@
 CVE-2015-0384 (Unspecified vulnerability in the Siebel Public Sector component in ...)
 	NOT-FOR-US: Oracle
 CVE-2015-0383 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and ...)
-	{DSA-3147-1 DSA-3144-1}
+	{DSA-3147-1 DSA-3144-1 DLA-157-1}
 	- openjdk-6 6b34-1.13.6-1
 	- openjdk-7 7u75-2.5.4-1
 	- openjdk-8 8u40~b22-1
@@ -6820,8 +6844,7 @@
 	- postgresql-9.1 9.1.11-2
 	- postgresql-8.4 <removed>
 	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
-CVE-2015-0240
-	RESERVED
+CVE-2015-0240 (The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x ...)
 	{DSA-3171-1 DLA-156-1}
 	- samba 2:4.1.17+dfsg-1 (bug #779033)
 	- samba4 4.0.0~beta2+dfsg1-3.2+deb7u2
@@ -13236,7 +13259,7 @@
 CVE-2014-6607 (M/Monit 3.3.2 and earlier does not verify the original password before ...)
 	NOT-FOR-US: M/Monit
 CVE-2014-6601 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 ...)
-	{DSA-3147-1 DSA-3144-1}
+	{DSA-3147-1 DSA-3144-1 DLA-157-1}
 	- openjdk-6 6b34-1.13.6-1
 	- openjdk-7 7u75-2.5.4-1
 	- openjdk-8 8u40~b22-1
@@ -13257,14 +13280,14 @@
 CVE-2014-6594 (Unspecified vulnerability in the Oracle iLearning component in Oracle ...)
 	NOT-FOR-US: Oracle iLearning
 CVE-2014-6593 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and ...)
-	{DSA-3147-1 DSA-3144-1}
+	{DSA-3147-1 DSA-3144-1 DLA-157-1}
 	- openjdk-6 6b34-1.13.6-1
 	- openjdk-7 7u75-2.5.4-1
 	- openjdk-8 8u40~b22-1
 CVE-2014-6592 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle ...)
 	NOT-FOR-US: Oracle
 CVE-2014-6591 (Unspecified vulnerability in the Java SE component in Oracle Java SE ...)
-	{DSA-3147-1 DSA-3144-1}
+	{DSA-3147-1 DSA-3144-1 DLA-157-1}
 	- openjdk-6 6b34-1.13.6-1
 	- openjdk-7 7u75-2.5.4-1
 	- openjdk-8 8u40~b22-1
@@ -13282,14 +13305,14 @@
 	[wheezy] - virtualbox <not-affected> (Introduced in 4.3)
 	- virtualbox-ose <not-affected> (Introduced in 4.3)
 CVE-2014-6587 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 ...)
-	{DSA-3147-1 DSA-3144-1}
+	{DSA-3147-1 DSA-3144-1 DLA-157-1}
 	- openjdk-6 6b34-1.13.6-1
 	- openjdk-7 7u75-2.5.4-1
 	- openjdk-8 8u40~b22-1
 CVE-2014-6586 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
 	NOT-FOR-US: Oracle
 CVE-2014-6585 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and ...)
-	{DSA-3147-1 DSA-3144-1}
+	{DSA-3147-1 DSA-3144-1 DLA-157-1}
 	- openjdk-6 6b34-1.13.6-1
 	- openjdk-7 7u75-2.5.4-1
 	- openjdk-8 8u40~b22-1
@@ -20765,7 +20788,7 @@
 	{DSA-3053-1 DLA-81-1}
 	- openssl 1.0.1j-1
 CVE-2014-3566 (The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...)
-	{DSA-3147-1 DSA-3144-1 DSA-3092-1}
+	{DSA-3147-1 DSA-3144-1 DSA-3092-1 DLA-157-1}
 	- arora <unfixed> (unimportant)
 	- bouncycastle <not-affected> (SSLv3 needs to be explicitly enabled)
 	NOTE: http://www.kb.cert.org/vuls/id/BLUU-9PYTFQ
@@ -58183,7 +58206,7 @@
 CVE-2012-3542 (OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and ...)
 	- keystone 2012.1.1-5
 CVE-2012-3541 [rpcbind: -h fails to control access to rpcbind]
-	RESERVED
+	REJECTED
 	{DLA-108-1}
 	- rpcbind <unfixed> (low)
 	[squeeze] - rpcbind <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list