[Secure-testing-commits] r31769 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Jan 27 21:10:16 UTC 2015 

Author: sectracker
Date: 2015-01-27 21:10:16 +0000 (Tue, 27 Jan 2015)
New Revision: 31769

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-01-27 20:37:42 UTC (rev 31768)
+++ data/CVE/list	2015-01-27 21:10:16 UTC (rev 31769)
@@ -2357,6 +2357,7 @@
 	[wheezy] - roundcube <no-dsa> (Minor issue)
 	NOTE: https://github.com/roundcube/roundcubemail/commit/376cbfd4f2dfcf455717409b70d9d056cbeb08b1
 CVE-2015-0564 (Buffer underflow in the ssl_decrypt_record function in ...)
+	{DSA-3141-1}
 	- wireshark 1.12.1+g01b65bf-3 (bug #776135)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-05.html
 CVE-2015-0563 (epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark ...)
@@ -2365,6 +2366,7 @@
 	[wheezy] - wireshark <not-affected> (Only affected 1.10)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-04.html
 CVE-2015-0562 (Multiple use-after-free vulnerabilities in ...)
+	{DSA-3141-1}
 	- wireshark 1.12.1+g01b65bf-3 (bug #776135)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-03.html
 CVE-2015-0561 (asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before ...)
@@ -3109,7 +3111,7 @@
 CVE-2015-0418 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
 	- virtualbox 4.3.2-dfsg-1 (low; bug #775888)
 	- virtualbox-ose <removed> (low)
-		NOTE: This only affects releases < 4.3, so marking the first 4.3 upload as the fixed version
+	NOTE: This only affects releases < 4.3, so marking the first 4.3 upload as the fixed version
 CVE-2015-0417 (Unspecified vulnerability in the Siebel UI Framework component in ...)
 	NOT-FOR-US: Oracle
 CVE-2015-0416 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
@@ -4627,6 +4629,7 @@
 CVE-2014-8992 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: MODX Revolution
 CVE-2014-9030 (The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x ...)
+	{DSA-3140-1}
 	- xen 4.4.1-4 (low; bug #770230)
 	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
 CVE-2014-9015 (Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to ...)
@@ -4790,6 +4793,7 @@
 	NOTE: http://security.libvirt.org/2015/0001.html
 CVE-2015-0235 [glibc: buffer overflow in gethostbyname]
 	RESERVED
+	{DSA-3142-1}
 	- eglibc 2.18-1 (high; bug #776391)
 	- glibc 2.18-1 (high)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=15014
@@ -5584,9 +5588,11 @@
 CVE-2014-8868 (EntryPass N5200 Active Network Control Panel does not properly ...)
 	NOT-FOR-US: EntryPass N5200
 CVE-2014-8867 (The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, ...)
+	{DSA-3140-1}
 	- xen 4.4.1-5 (bug #770230)
 	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
 CVE-2014-8866 (The compatibility mode hypercall argument translation in Xen 3.3.x ...)
+	{DSA-3140-1}
 	- xen 4.4.1-5 (bug #770230)
 	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
 CVE-2014-8865
@@ -6136,9 +6142,11 @@
 CVE-2014-8596 (Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow ...)
 	NOT-FOR-US: PHP-Fusion
 CVE-2014-8595 (arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not ...)
+	{DSA-3140-1}
 	- xen 4.4.1-4 (bug #770230)
 	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
 CVE-2014-8594 (The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x ...)
+	{DSA-3140-1}
 	- xen 4.4.1-4 (low; bug #770230)
 	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
 CVE-2014-8593 (Multiple cross-site scripting (XSS) vulnerabilities in Allomani ...)
@@ -8461,7 +8469,7 @@
 	[wheezy] - ruby-actionpack-3.2 <no-dsa> (Minor issue)
 	- ruby-actionpack-2.3 <not-affected> (Only affects >= 3)
 CVE-2014-7817 (The wordexp function in GNU C Library (aka glibc) 2.21 does not ...)
-	{DLA-97-1}
+	{DSA-3142-1 DLA-97-1}
 	- glibc <unfixed> (bug #775572)
 	- eglibc <removed>
 	[wheezy] - eglibc <no-dsa> (Will be fixed through a point update)
@@ -13709,7 +13717,7 @@
 	[wheezy] - torrentflux <no-dsa> (Minor issue)
 	[squeeze] - torrentflux <no-dsa> (Minor issue)
 CVE-2014-6040 (GNU C Library (aka glibc) before 2.20 allows context-dependent ...)
-	{DLA-97-1}
+	{DSA-3142-1 DLA-97-1}
 	- glibc 2.19-12
 	- eglibc <removed>
 	[wheezy] - eglibc <no-dsa> (Will be fixed in a point update)
@@ -14216,7 +14224,7 @@
 CVE-2014-5249 (SQL injection vulnerability in the "Biblio self autocomplete" ...)
 	NOT-FOR-US: Drupal addon
 CVE-2012-6656 (iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows ...)
-	{DLA-97-1}
+	{DSA-3142-1 DLA-97-1}
 	- glibc 2.17-1
 	- eglibc <removed>
 	[wheezy] - eglibc <no-dsa> (Will be fixed in a point update)

More information about the Secure-testing-commits mailing list