[Secure-testing-commits] r31309 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Jan 13 21:10:36 UTC 2015


Author: sectracker
Date: 2015-01-13 21:10:36 +0000 (Tue, 13 Jan 2015)
New Revision: 31309

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-01-13 20:57:03 UTC (rev 31308)
+++ data/CVE/list	2015-01-13 21:10:36 UTC (rev 31309)
@@ -1,3 +1,457 @@
+CVE-2015-1048
+	RESERVED
+CVE-2015-1047
+	RESERVED
+CVE-2015-1046
+	RESERVED
+CVE-2015-1045
+	RESERVED
+CVE-2015-1044
+	RESERVED
+CVE-2015-1043
+	RESERVED
+CVE-2015-1041
+	RESERVED
+CVE-2015-1040
+	RESERVED
+CVE-2015-1039
+	RESERVED
+CVE-2015-1037
+	RESERVED
+CVE-2015-1036
+	RESERVED
+CVE-2015-1035
+	RESERVED
+CVE-2015-1034
+	RESERVED
+CVE-2015-1033
+	RESERVED
+CVE-2015-1032
+	RESERVED
+CVE-2015-1029
+	RESERVED
+CVE-2015-1028
+	RESERVED
+CVE-2015-1027
+	RESERVED
+CVE-2015-1026
+	RESERVED
+CVE-2015-1025
+	RESERVED
+CVE-2015-1024
+	RESERVED
+CVE-2015-1023
+	RESERVED
+CVE-2015-1022
+	RESERVED
+CVE-2015-1021
+	RESERVED
+CVE-2015-1020
+	RESERVED
+CVE-2015-1019
+	RESERVED
+CVE-2015-1018
+	RESERVED
+CVE-2015-1017
+	RESERVED
+CVE-2015-1016
+	RESERVED
+CVE-2015-1015
+	RESERVED
+CVE-2015-1014
+	RESERVED
+CVE-2015-1013
+	RESERVED
+CVE-2015-1012
+	RESERVED
+CVE-2015-1011
+	RESERVED
+CVE-2015-1010
+	RESERVED
+CVE-2015-1009
+	RESERVED
+CVE-2015-1008
+	RESERVED
+CVE-2015-1007
+	RESERVED
+CVE-2015-1006
+	RESERVED
+CVE-2015-1005
+	RESERVED
+CVE-2015-1004
+	RESERVED
+CVE-2015-1003
+	RESERVED
+CVE-2015-1002
+	RESERVED
+CVE-2015-1001
+	RESERVED
+CVE-2015-1000
+	RESERVED
+CVE-2015-0999
+	RESERVED
+CVE-2015-0998
+	RESERVED
+CVE-2015-0997
+	RESERVED
+CVE-2015-0996
+	RESERVED
+CVE-2015-0995
+	RESERVED
+CVE-2015-0994
+	RESERVED
+CVE-2015-0993
+	RESERVED
+CVE-2015-0992
+	RESERVED
+CVE-2015-0991
+	RESERVED
+CVE-2015-0990
+	RESERVED
+CVE-2015-0989
+	RESERVED
+CVE-2015-0988
+	RESERVED
+CVE-2015-0987
+	RESERVED
+CVE-2015-0986
+	RESERVED
+CVE-2015-0985
+	RESERVED
+CVE-2015-0984
+	RESERVED
+CVE-2015-0983
+	RESERVED
+CVE-2015-0982
+	RESERVED
+CVE-2015-0981
+	RESERVED
+CVE-2015-0980
+	RESERVED
+CVE-2015-0979
+	RESERVED
+CVE-2015-0978
+	RESERVED
+CVE-2015-0977
+	RESERVED
+CVE-2015-0976
+	RESERVED
+CVE-2015-0975
+	RESERVED
+CVE-2015-0974
+	RESERVED
+CVE-2015-0972
+	RESERVED
+CVE-2015-0971
+	RESERVED
+CVE-2015-0970
+	RESERVED
+CVE-2015-0969
+	RESERVED
+CVE-2015-0968
+	RESERVED
+CVE-2015-0967
+	RESERVED
+CVE-2015-0966
+	RESERVED
+CVE-2015-0965
+	RESERVED
+CVE-2015-0964
+	RESERVED
+CVE-2015-0963
+	RESERVED
+CVE-2015-0962
+	RESERVED
+CVE-2015-0961
+	RESERVED
+CVE-2015-0960
+	RESERVED
+CVE-2015-0959
+	RESERVED
+CVE-2015-0958
+	RESERVED
+CVE-2015-0957
+	RESERVED
+CVE-2015-0956
+	RESERVED
+CVE-2015-0955
+	RESERVED
+CVE-2015-0954
+	RESERVED
+CVE-2015-0953
+	RESERVED
+CVE-2015-0952
+	RESERVED
+CVE-2015-0951
+	RESERVED
+CVE-2015-0950
+	RESERVED
+CVE-2015-0949
+	RESERVED
+CVE-2015-0948
+	RESERVED
+CVE-2015-0947
+	RESERVED
+CVE-2015-0946
+	RESERVED
+CVE-2015-0945
+	RESERVED
+CVE-2015-0944
+	RESERVED
+CVE-2015-0943
+	RESERVED
+CVE-2015-0942
+	RESERVED
+CVE-2015-0941
+	RESERVED
+CVE-2015-0940
+	RESERVED
+CVE-2015-0939
+	RESERVED
+CVE-2015-0938
+	RESERVED
+CVE-2015-0937
+	RESERVED
+CVE-2015-0936
+	RESERVED
+CVE-2015-0935
+	RESERVED
+CVE-2015-0934
+	RESERVED
+CVE-2015-0933
+	RESERVED
+CVE-2015-0932
+	RESERVED
+CVE-2015-0931
+	RESERVED
+CVE-2015-0930
+	RESERVED
+CVE-2015-0929
+	RESERVED
+CVE-2015-0928
+	RESERVED
+CVE-2015-0927
+	RESERVED
+CVE-2015-0926
+	RESERVED
+CVE-2015-0925
+	RESERVED
+CVE-2015-0924
+	RESERVED
+CVE-2015-0923
+	RESERVED
+CVE-2014-999999
+	REJECTED
+	TODO: check
+CVE-2014-99999
+	REJECTED
+	TODO: check
+CVE-2014-9999
+	REJECTED
+	TODO: check
+CVE-2014-9592
+	RESERVED
+CVE-2014-9591
+	RESERVED
+CVE-2014-9590
+	RESERVED
+CVE-2014-9589
+	RESERVED
+CVE-2014-9588
+	RESERVED
+CVE-2014-9586
+	RESERVED
+CVE-2014-72038
+	REJECTED
+	TODO: check
+CVE-2014-62771
+	REJECTED
+	TODO: check
+CVE-2014-59156
+	REJECTED
+	TODO: check
+CVE-2014-54321
+	REJECTED
+	TODO: check
+CVE-2014-456132
+	REJECTED
+	TODO: check
+CVE-2014-32537
+	REJECTED
+	TODO: check
+CVE-2014-123456
+	REJECTED
+	TODO: check
+CVE-2014-10042
+	RESERVED
+CVE-2014-10041
+	RESERVED
+CVE-2014-10040
+	RESERVED
+CVE-2014-10038 (SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and ...)
+	TODO: check
+CVE-2014-10037 (Directory traversal vulnerability in DomPHP 0.83 and earlier allows ...)
+	TODO: check
+CVE-2014-10036 (Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before ...)
+	TODO: check
+CVE-2014-10035 (Multiple cross-site scripting (XSS) vulnerabilities in the admin area ...)
+	TODO: check
+CVE-2014-10034 (Multiple SQL injection vulnerabilities in the admin area in couponPHP ...)
+	TODO: check
+CVE-2014-10033 (SQL injection vulnerability in the update_zone function in ...)
+	TODO: check
+CVE-2014-10032 (SQL injection vulnerability in news_popup.php in Taboada MacroNews 1.0 ...)
+	TODO: check
+CVE-2014-10031 (Buffer overflow in the IMAPd service in Qualcomm Eudora WorldMail ...)
+	TODO: check
+CVE-2014-10030 (Open redirect vulnerability in forums/login.php in FluxBB before ...)
+	TODO: check
+CVE-2014-10029 (SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and ...)
+	TODO: check
+CVE-2014-10028 (Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router ...)
+	TODO: check
+CVE-2014-10027 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link ...)
+	TODO: check
+CVE-2014-10026 (index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows ...)
+	TODO: check
+CVE-2014-10025 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link ...)
+	TODO: check
+CVE-2014-10024 (Multiple integer signedness errors in DirectShowDemuxFilter, as used ...)
+	TODO: check
+CVE-2014-10023 (Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 ...)
+	TODO: check
+CVE-2014-10022 (Apache Traffic Server before 5.1.2 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2014-10021 (Unrestricted file upload vulnerability in UploadHandler.php in the WP ...)
+	TODO: check
+CVE-2014-10020 (SQL injection vulnerability in login.php in Simple e-document 1.31 ...)
+	TODO: check
+CVE-2014-10019 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+	TODO: check
+CVE-2014-10018 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2014-10017 (Multiple SQL injection vulnerabilities in the Welcart e-Commerce ...)
+	TODO: check
+CVE-2014-10016 (Multiple cross-site scripting (XSS) vulnerabilities in the Welcart ...)
+	TODO: check
+CVE-2014-10015 (SQL injection vulnerability in load-calendar.php in PHPJabbers Event ...)
+	TODO: check
+CVE-2014-10014 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+	TODO: check
+CVE-2014-10013 (SQL injection vulnerability in the Another WordPress Classifieds ...)
+	TODO: check
+CVE-2014-10012 (Cross-site scripting (XSS) vulnerability in the Another WordPress ...)
+	TODO: check
+CVE-2014-10011 (Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX ...)
+	TODO: check
+CVE-2014-10010 (Directory traversal vulnerability in PHPJabbers Appointment Scheduler ...)
+	TODO: check
+CVE-2014-10009 (Multiple cross-site scripting (XSS) vulnerabilities in Stark CRM 1.0 ...)
+	TODO: check
+CVE-2014-10008 (Multiple cross-site request forgery (CSRF) vulnerabilities in Stark ...)
+	TODO: check
+CVE-2014-10007 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog ...)
+	TODO: check
+CVE-2014-10006 (Multiple cross-site request forgery (CSRF) vulnerabilities in Maian ...)
+	TODO: check
+CVE-2014-10005 (Maian Uploader 4.0 allows remote attackers to obtain sensitive ...)
+	TODO: check
+CVE-2014-100040
+	RESERVED
+CVE-2014-10004 (SQL injection vulnerability in admin/data_files/move.php in Maian ...)
+	TODO: check
+CVE-2014-100039 (mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local ...)
+	TODO: check
+CVE-2014-100038 (Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and ...)
+	TODO: check
+CVE-2014-100037 (Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and ...)
+	TODO: check
+CVE-2014-100036 (Cross-site scripting (XSS) vulnerability in FlatPress 1.0.2 allows ...)
+	TODO: check
+CVE-2014-100035 (SQL injection vulnerability in the ticket grid in the admin interface ...)
+	TODO: check
+CVE-2014-100034 (Cross-site scripting (XSS) vulnerability in the frontend interface in ...)
+	TODO: check
+CVE-2014-100033 (Directory traversal vulnerability in LicensePal ArcticDesk before ...)
+	TODO: check
+CVE-2014-100032 (Cross-site scripting (XSS) vulnerability in top.html in the Airties ...)
+	TODO: check
+CVE-2014-100031 (Multiple SQL injection vulnerabilities in Ganesha Digital Library ...)
+	TODO: check
+CVE-2014-100030 (Cross-site scripting (XSS) vulnerability in module/search/function.php ...)
+	TODO: check
+CVE-2014-10003 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader ...)
+	TODO: check
+CVE-2014-100029 (Multiple directory traversal vulnerabilities in class/session.php in ...)
+	TODO: check
+CVE-2014-100028 (Cross-site scripting (XSS) vulnerability in /signup in WEBCrafted ...)
+	TODO: check
+CVE-2014-100027 (Cross-site scripting (XSS) vulnerability in the WP SlimStat plugin ...)
+	TODO: check
+CVE-2014-100026 (Cross-site scripting (XSS) vulnerability in readme.php in the April's ...)
+	TODO: check
+CVE-2014-100025 (Cross-site request forgery (CSRF) vulnerability in ...)
+	TODO: check
+CVE-2014-100024 (Cross-site scripting (XSS) vulnerability in Seo Panel before 3.4.0 ...)
+	TODO: check
+CVE-2014-100023 (Multiple cross-site scripting (XSS) vulnerabilities in question.php in ...)
+	TODO: check
+CVE-2014-100022 (SQL injection vulnerability in question.php in the mTouch Quiz before ...)
+	TODO: check
+CVE-2014-100021 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2014-100020 (SQL injection vulnerability in ChangeEmail.php in iTechClassifieds ...)
+	TODO: check
+CVE-2014-10002 (Unspecified vulnerability in JetBrains TeamCity before 8.1 allows ...)
+	TODO: check
+CVE-2014-100019 (SQL injection vulnerability in the LTree converter in Pomm before ...)
+	TODO: check
+CVE-2014-100018 (Cross-site scripting (XSS) vulnerability in the Unconfirmed plugin ...)
+	TODO: check
+CVE-2014-100017 (Cross-site scripting (XSS) vulnerability in canned_opr.php in ...)
+	TODO: check
+CVE-2014-100016 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2014-100015 (Directory traversal vulnerability in pdmwService.exe in SolidWorks ...)
+	TODO: check
+CVE-2014-100014 (Multiple stack-based buffer overflows in pdmwService.exe in SolidWorks ...)
+	TODO: check
+CVE-2014-100013 (Multiple cross-site scripting (XSS) vulnerabilities in clientResponse ...)
+	TODO: check
+CVE-2014-100012 (SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote ...)
+	TODO: check
+CVE-2014-100011 (SQL injection vulnerability in /send-to in Sendy 1.1.9.1 allows remote ...)
+	TODO: check
+CVE-2014-100010 (Cross-site scripting (XSS) vulnerability in ClanSphere 2011.4 allows ...)
+	TODO: check
+CVE-2014-10001 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+	TODO: check
+CVE-2014-100009 (The Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) ...)
+	TODO: check
+CVE-2014-100008 (Cross-site scripting (XSS) vulnerability in includes/delete_img.php in ...)
+	TODO: check
+CVE-2014-100007 (Cross-site scripting (XSS) vulnerability in the HK Exif Tags plugin ...)
+	TODO: check
+CVE-2014-100006 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2014-100005 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link ...)
+	TODO: check
+CVE-2014-100004 (Cross-site scripting (XSS) vulnerability in Sitecore CMS before 7.0 ...)
+	TODO: check
+CVE-2014-100003 (SQL injection vulnerability in ...)
+	TODO: check
+CVE-2014-100002 (Directory traversal vulnerability in ManageEngine SupportCenter Plus ...)
+	TODO: check
+CVE-2014-100001 (Cross-site request forgery (CSRF) vulnerability in the SEO Plugin ...)
+	TODO: check
+CVE-2014-100000
+	REJECTED
+	TODO: check
+CVE-2014-10000
+	REJECTED
+	TODO: check
+CVE-2013-7420 (Buffer overflow in Hancom Office 2010 SE allows remote attackers to ...)
+	TODO: check
 CVE-2015-XXXX [IP address spoofing in mod_remoteip]
 	- apache2 2.4.9-1
 	[wheezy] - apache2 <not-affected> (no mod_remoteip in 2.2)
@@ -34,6 +488,7 @@
 	NOTE: https://github.com/madler/pigz/commit/fdad1406b3ec809f4954ff7cdf9e99eb18c2458f
 	NOTE: CVE request: http://www.openwall.com/lists/oss-security/2015/01/12/4
 CVE-2015-0973
+	RESERVED
 	- libpng <not-affected> (Affects 1.5.x and 1.6.x series)
 	NOTE: http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt
 CVE-2015-0922 (McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 ...)
@@ -726,8 +1181,8 @@
 	RESERVED
 CVE-2015-0583
 	RESERVED
-CVE-2015-0582
-	RESERVED
+CVE-2015-0582 (The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 ...)
+	TODO: check
 CVE-2015-0581
 	RESERVED
 CVE-2015-0580
@@ -907,13 +1362,16 @@
 	- weboob <unfixed> (low; bug #774838)
 	[wheezy] - weboob <no-dsa> (Minor issue)
 CVE-2015-1042 [Incomplete fix for CVE-2014-6316 in 1.2.18]
+	RESERVED
 	- mantis <removed>
 	[wheezy] - mantis <no-dsa> (Minor issue)
 	[squeeze] - mantis <not-affected> (Incomplete fix not applied)
 CVE-2015-1031 [use-after-free]
+	RESERVED
 	- privoxy <unfixed> (bug #775167)
 	NOTE: http://www.privoxy.org/announce.txt
 CVE-2015-1030 [memory leak when rejecting client connections]
+	RESERVED
 	- privoxy <unfixed> (bug #775167)
 	NOTE: http://www.privoxy.org/announce.txt
 CVE-2015-XXXX [cpio directory traversal]
@@ -930,30 +1388,25 @@
 CVE-2015-XXXX [saves unknown host's fingerprint in known_hosts without any prompt]
 	- lftp <unfixed> (bug #774769)
 CVE-2014-9587 [possible CSRF attacks to some address book operations as well as to the ACL and Managesieve plugins]
+	RESERVED
 	- roundcube <unfixed>
 	NOTE: https://github.com/roundcube/roundcubemail/commit/376cbfd4f2dfcf455717409b70d9d056cbeb08b1
-CVE-2015-0564 [TLS/SSL decryption crash]
-	RESERVED
+CVE-2015-0564 (Buffer underflow in the ssl_decrypt_record function in ...)
 	- wireshark <unfixed>
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-05.html
-CVE-2015-0563 [SMTP dissector crash]
-	RESERVED
+CVE-2015-0563 (epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark ...)
 	- wireshark <unfixed>
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-04.html
-CVE-2015-0562 [DEC DNA Routing Protocol dissector crash]
-	RESERVED
+CVE-2015-0562 (Multiple use-after-free vulnerabilities in ...)
 	- wireshark <unfixed>
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-03.html
-CVE-2015-0561 [LPP dissector crash]
-	RESERVED
+CVE-2015-0561 (asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before ...)
 	- wireshark <unfixed>
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-02.html
-CVE-2015-0560 [WCCP dissector crash]
-	RESERVED
+CVE-2015-0560 (The dissect_wccp2r1_address_table_info function in ...)
 	- wireshark <unfixed>
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-01.html
-CVE-2015-0559 [WCCP dissector crash]
-	RESERVED
+CVE-2015-0559 (Multiple use-after-free vulnerabilities in ...)
 	- wireshark <unfixed>
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-01.html
 CVE-2015-0558
@@ -1194,7 +1647,7 @@
 	NOT-FOR-US: BEdita
 CVE-2010-5314 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: BEdita
-CVE-2014-9507 (MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and ...)
+CVE-2014-9507 (MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when ...)
 	- mediawiki <not-affected> (There is no content handler in REL1_19)
 	NOTE: Upstream bug https://phabricator.wikimedia.org/T72901
 CVE-2014-9506 (MantisBT before 1.2.18 does not properly check permissions when ...)
@@ -1214,6 +1667,7 @@
 	- linux-2.6 <removed>
 	NOTE: Upstream fix: https://git.kernel.org/linus/4e2024624e678f0ebb916e6192bd23c1f9fdf696 (v3.19-rc3)
 CVE-2015-1038 [directory traversal]
+	RESERVED
 	- p7zip <unfixed> (bug #774660)
 CVE-2015-XXXX [HTTP TRACE DoS]
 	- trafficserver <unfixed>
@@ -1302,8 +1756,7 @@
 	[jessie] - xbindkeys-config <no-dsa> (Minor issue)
 	[wheezy] - xbindkeys-config <no-dsa> (Minor issue)
 	[squeeze] - xbindkeys-config <no-dsa> (Minor issue)
-CVE-2014-9495 [Heap Overflow]
-	RESERVED
+CVE-2014-9495 (Heap-based buffer overflow in the png_combine_row function in libpng ...)
 	- libpng <not-affected> (Affects 1.5.x and 1.6.x series)
 	NOTE: http://sourceforge.net/p/png-mng/mailman/message/33173461/
 CVE-2014-9465
@@ -2359,10 +2812,10 @@
 	NOT-FOR-US: Innominate mGuard
 CVE-2014-9192 (Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 ...)
 	NOT-FOR-US: Trihedral Engineering VTScada
-CVE-2014-9191
-	RESERVED
-CVE-2014-9190
-	RESERVED
+CVE-2014-9191 (The CodeWrights HART Device Type Manager (DTM) library in Emerson HART ...)
+	TODO: check
+CVE-2014-9190 (Stack-based buffer overflow in Schneider Electric Wonderware InTouch ...)
+	TODO: check
 CVE-2014-9189
 	RESERVED
 CVE-2014-9188 (Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider ...)
@@ -4583,13 +5036,13 @@
 	RESERVED
 CVE-2014-8738 [Out-of-bounds memory write while processing a crafted "ar" archive]
 	RESERVED
-	{DSA-3123-1}
+	{DSA-3123-2 DSA-3123-1}
 	- binutils 2.24.90.20141124-1
 	- binutils-mingw-w64 <unfixed>
 	NOTE: Upstream tracker: https://sourceware.org/bugzilla/show_bug.cgi?id=17533
 	NOTE: Upstream patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f
 CVE-2014-8737 (Multiple directory traversal vulnerabilities in GNU binutils 2.24 and ...)
-	{DSA-3123-1}
+	{DSA-3123-2 DSA-3123-1}
 	- binutils 2.24.90.20141124-1
 	- binutils-mingw-w64 <unfixed>
 	NOTE: Upstream tracker: https://sourceware.org/bugzilla/show_bug.cgi?id=17552
@@ -4901,7 +5354,7 @@
 CVE-2014-8505 (Multiple cross-site scripting (XSS) vulnerabilities in Etiko CMS allow ...)
 	NOT-FOR-US: Etiko CMS
 CVE-2014-8504 (Stack-based buffer overflow in the srec_scan function in bfd/srec.c in ...)
-	{DSA-3123-1}
+	{DSA-3123-2 DSA-3123-1}
 	- binutils 2.24.90.20141104-1
 	- binutils-mingw-w64 <unfixed>
 	NOTE: http://openwall.com/lists/oss-security/2014/10/27/4
@@ -4910,20 +5363,20 @@
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17510#c8
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=708d7d0d11f0f2d776171979aa3479e8e12a38a0
 CVE-2014-8503 (Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in ...)
-	{DSA-3123-1}
+	{DSA-3123-2 DSA-3123-1}
 	- binutils 2.24.90.20141104-1
 	- binutils-mingw-w64 <unfixed>
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c33
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c34
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0102ea8cec5fc509bba6c91df61b7ce23a799d32
 CVE-2014-8502 (Heap-based buffer overflow in the pe_print_edata function in ...)
-	{DSA-3123-1}
+	{DSA-3123-2 DSA-3123-1}
 	- binutils 2.24.90.20141104-1
 	- binutils-mingw-w64 <unfixed>
 	NOTE: See https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c17
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5a4b0ccc20ba30caef53b01bee2c0aaa5b855339
 CVE-2014-8501 (The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU ...)
-	{DSA-3123-1}
+	{DSA-3123-2 DSA-3123-1}
 	- binutils 2.24.90.20141104-1
 	- binutils-mingw-w64 <unfixed>
 	- gdb <unfixed> (unimportant)
@@ -5076,14 +5529,14 @@
 	NOTE: The NULL pointer dereference was introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=41061cdb98a0bec464278b4db8e894a3121671f5 (v3.17-rc1)
 	NOTE: Fix: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=3f6f1480d86bf9fc16c160d803ab1d006e3058d5
 CVE-2014-8485 (The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 ...)
-	{DSA-3123-1}
+	{DSA-3123-2 DSA-3123-1}
 	- binutils 2.24.90.20141104-1
 	- binutils-mingw-w64 <unfixed>
 	NOTE: http://lcamtuf.blogspot.com.au/2014/10/psa-dont-run-strings-on-untrusted-files.html
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=493a33860c71cac998f1a56d6d87d6faa801fbaa
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17510
 CVE-2014-8484 (The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before ...)
-	{DSA-3123-1}
+	{DSA-3123-2 DSA-3123-1}
 	- binutils 2.24.51.20140903-1
 	- binutils-mingw-w64 <unfixed>
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17509
@@ -6212,10 +6665,10 @@
 	RESERVED
 CVE-2014-8037
 	RESERVED
-CVE-2014-8036
-	RESERVED
-CVE-2014-8035
-	RESERVED
+CVE-2014-8036 (The outlookpa component in Cisco WebEx Meetings Server does not ...)
+	TODO: check
+CVE-2014-8035 (The web framework in Cisco WebEx Meetings Server produces different ...)
+	TODO: check
 CVE-2014-8034
 	RESERVED
 CVE-2014-8033 (The play/modules component in Cisco WebEx Meetings Server allows ...)
@@ -6244,8 +6697,8 @@
 	RESERVED
 CVE-2014-8021
 	RESERVED
-CVE-2014-8020
-	RESERVED
+CVE-2014-8020 (Cisco Unified Communication Domain Manager Platform Software allows ...)
+	TODO: check
 CVE-2014-8019 (Directory traversal vulnerability in Cisco Enterprise Content Delivery ...)
 	NOT-FOR-US: Cisco
 CVE-2014-8018 (Multiple cross-site scripting (XSS) vulnerabilities in Business Voice ...)
@@ -7967,7 +8420,7 @@
 CVE-2014-7237 (lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on ...)
 	NOT-FOR-US: TWiki
 	NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237
-CVE-2014-7236 (Remote Perl code execution with query string to debug TWiki plugins)
+CVE-2014-7236
 	RESERVED
 	NOT-FOR-US: TWiki
 	NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236
@@ -10346,8 +10799,7 @@
 	[wheezy] - squid3 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=891268
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2014_4.txt
-CVE-2014-6268 [XSA-107]
-	RESERVED
+CVE-2014-6268 (The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest ...)
 	- xen 4.4.1-3
 	[wheezy] - xen <not-affected> (Affects only Xen 4.4 onwards)
 	[squeeze] - xen <not-affected> (Affects only Xen 4.4 onwards)
@@ -10436,8 +10888,8 @@
 	RESERVED
 CVE-2014-6213
 	RESERVED
-CVE-2014-6212
-	RESERVED
+CVE-2014-6212 (The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 ...)
+	TODO: check
 CVE-2014-6211
 	RESERVED
 CVE-2014-6210 (IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 ...)
@@ -10462,8 +10914,8 @@
 	RESERVED
 CVE-2014-6200
 	RESERVED
-CVE-2014-6199
-	RESERVED
+CVE-2014-6199 (The HTTP Server Adapter in IBM Sterling B2B Integrator 5.1 and 5.2.x ...)
+	TODO: check
 CVE-2014-6198
 	RESERVED
 CVE-2014-6197
@@ -10544,8 +10996,8 @@
 	NOT-FOR-US: IBM
 CVE-2014-6159 (IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 ...)
 	NOT-FOR-US: IBM
-CVE-2014-6158
-	RESERVED
+CVE-2014-6158 (Multiple directory traversal vulnerabilities in the file-upload ...)
+	TODO: check
 CVE-2014-6157
 	RESERVED
 CVE-2014-6156
@@ -18347,8 +18799,8 @@
 	RESERVED
 CVE-2014-3097 (Open redirect vulnerability in IBM Tivoli Federated Identity Manager ...)
 	NOT-FOR-US: IBM Tivoli
-CVE-2014-3096
-	RESERVED
+CVE-2014-3096 (Cross-site scripting (XSS) vulnerability in IBM Curam Social Program ...)
+	TODO: check
 CVE-2014-3095 (The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 ...)
 	NOT-FOR-US: IBM DB2
 CVE-2014-3094 (Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through ...)
@@ -18981,10 +19433,10 @@
 	RESERVED
 	NOT-FOR-US: TR-069 Auto Configuration Servers
 	NOTE: http://mis.fortunecook.ie/misfortune-cookie-tr069-protection-whitepaper.pdf
-CVE-2014-2839
-	RESERVED
-CVE-2014-2838
-	RESERVED
+CVE-2014-2839 (SQL injection vulnerability in the GD Star Rating plugin 19.22 for ...)
+	TODO: check
+CVE-2014-2838 (Multiple cross-site request forgery (CSRF) vulnerabilities in the GD ...)
+	TODO: check
 CVE-2014-2837
 	RESERVED
 CVE-2014-2836
@@ -38666,10 +39118,10 @@
 	RESERVED
 CVE-2013-2605
 	RESERVED
-CVE-2013-2604
-	RESERVED
-CVE-2013-2603
-	RESERVED
+CVE-2013-2604 (RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game ...)
+	TODO: check
+CVE-2013-2603 (The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in ...)
+	TODO: check
 CVE-2013-2602 (Multiple array index errors in the MyHeritage SEQueryObject ActiveX ...)
 	NOT-FOR-US: MyHeritage SEQueryObject ActiveX control
 CVE-2013-2601 (The NDVM in Citrix XenClient XT before 2.1.3 and 3.x before 3.1.4 ...)




More information about the Secure-testing-commits mailing list