[Secure-testing-commits] r31241 - data/CVE

Sat Jan 10 09:10:18 UTC 2015

Author: sectracker
Date: 2015-01-10 09:10:18 +0000 (Sat, 10 Jan 2015)
New Revision: 31241

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2015-01-10 06:00:28 UTC (rev 31240)
+++ data/CVE/list	2015-01-10 09:10:18 UTC (rev 31241)
@@ -1,3 +1,18 @@
+CVE-2015-0922 (McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 ...)
+	TODO: check
+CVE-2015-0921 (XML external entity (XXE) vulnerability in the Server Task Log in ...)
+	TODO: check
+CVE-2014-1155
+	REJECTED
+	TODO: check
+CVE-2014-1137
+	REJECTED
+	TODO: check
+CVE-2014-1004
+	REJECTED
+	TODO: check
+CVE-2013-7419 (Cross-site scripting (XSS) vulnerability in includes/refreshDate.php ...)
+	TODO: check
 CVE-2015-XXXX [buffer overflow]
 	- unace <unfixed> (bug #775003)
 CVE-2015-0920 (Cross-site request forgery (CSRF) vulnerability in the Banner Effect ...)
@@ -712,7 +727,7 @@
 	RESERVED
 CVE-2015-0565
 	RESERVED
-CVE-2014-9585 [x86_64, vdso: Fix the vdso address randomization algorithm]
+CVE-2014-9585 (The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel ...)
 	- linux <unfixed>
 	- linux-2.6 <removed>
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=fbe1bf140671619508dfa575d74a185ae53c5dbb
@@ -939,30 +954,30 @@
 	RESERVED
 CVE-2014-9511
 	RESERVED
-CVE-2014-9510
-	RESERVED
+CVE-2014-9510 (Cross-site request forgery (CSRF) vulnerability in the administration ...)
+	TODO: check
 CVE-2014-9509 (The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x ...)
 	- typo3-src <unfixed>
 	TODO: check
 CVE-2014-9508 (The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x ...)
 	- typo3-src <unfixed>
 	TODO: check
-CVE-2014-9505
-	RESERVED
+CVE-2014-9505 (Cross-site scripting (XSS) vulnerability in the School Administration ...)
+	TODO: check
 CVE-2014-9504
 	RESERVED
 CVE-2014-9503
 	RESERVED
 CVE-2014-9502
 	RESERVED
-CVE-2014-9501
-	RESERVED
-CVE-2014-9500
-	RESERVED
-CVE-2014-9499
-	RESERVED
-CVE-2014-9498
-	RESERVED
+CVE-2014-9501 (Cross-site scripting (XSS) vulnerability in the Poll Chart Block ...)
+	TODO: check
+CVE-2014-9500 (Cross-site scripting (XSS) vulnerability in the Moip module 7.x-1.x ...)
+	TODO: check
+CVE-2014-9499 (Cross-site scripting (XSS) vulnerability in the Godwin's Law module ...)
+	TODO: check
+CVE-2014-9498 (Cross-site scripting (XSS) vulnerability in the Webform Invitation ...)
+	TODO: check
 CVE-2014-9492
 	REJECTED
 CVE-2014-9491
@@ -1151,8 +1166,7 @@
 	NOTE: https://github.com/python-pillow/Pillow/commit/b3e09122e527ae554eb590741bbd7611d5710e40
 	NOTE: http://pillow.readthedocs.org/releasenotes/2.7.0.html#png-text-chunk-size-limits
 	TODO: check
-CVE-2014-9584 [isofs: unchecked printing of ER records]
-	RESERVED
+CVE-2014-9584 (The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the ...)
 	- linux <unfixed>
 	- linux-2.6 <removed>
 	NOTE: Upstream fix: https://git.kernel.org/linus/4e2024624e678f0ebb916e6192bd23c1f9fdf696 (v3.19-rc3)
@@ -1229,8 +1243,7 @@
 CVE-2015-0556 [symlink directory traversal]
 	RESERVED
 	- arj <unfixed> (bug #774434)
-CVE-2014-9529 [security/keys/gc.c race condition]
-	RESERVED
+CVE-2014-9529 (Race condition in the key_gc_unused_keys function in ...)
 	- linux <unfixed>
 	- linux-2.6 <removed>
 	NOTE: http://marc.info/?l=linux-kernel&m=141986398232547&w=2
@@ -2813,8 +2826,7 @@
 	- openvpn 2.3.4-5
 	NOTE: https://github.com/OpenVPN/openvpn/commit/c5590a6821e37f3b29735f55eb0c2b9c0924138c
 	NOTE: https://forums.openvpn.net/topic17625.html
-CVE-2014-9272 [XSS in string_insert_hrefs()]
-	RESERVED
+CVE-2014-9272 (The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x ...)
 	{DSA-3120-1}
 	- mantis <removed>
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
@@ -2826,8 +2838,7 @@
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://github.com/mantisbt/mantisbt/commit/e5fc835a
 	NOTE: http://www.mantisbt.org/bugs/view.php?id=17876
-CVE-2014-9271 [XSS in file uploads]
-	RESERVED
+CVE-2014-9271 (Cross-site scripting (XSS) vulnerability in file_download.php in ...)
 	{DSA-3120-1}
 	- mantis <removed>
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
@@ -2839,8 +2850,7 @@
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://github.com/mantisbt/mantisbt/commit/0bff06ec
 	NOTE: http://www.mantisbt.org/bugs/view.php?id=17583
-CVE-2014-9269 [XSS in extended project browser]
-	RESERVED
+CVE-2014-9269 (Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT ...)
 	{DSA-3120-1}
 	- mantis <removed>
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)


