[Secure-testing-commits] r31860 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Jan 30 21:10:17 UTC 2015
Author: sectracker
Date: 2015-01-30 21:10:17 +0000 (Fri, 30 Jan 2015)
New Revision: 31860
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-30 16:13:20 UTC (rev 31859)
+++ data/CVE/list 2015-01-30 21:10:17 UTC (rev 31860)
@@ -1,3 +1,11 @@
+CVE-2015-1425
+ RESERVED
+CVE-2015-1424 (Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and ...)
+ TODO: check
+CVE-2015-1423 (Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow ...)
+ TODO: check
+CVE-2015-1422 (Multiple cross-site scripting (XSS) vulnerabilities in Gecko CMS 2.2 ...)
+ TODO: check
CVE-2015-XXXX [symlink directory traversal]
- unrar-nonfree (bug #774171)
[wheezy] - unrar-nonfree <no-dsa> (Non-free not supported)
@@ -142,16 +150,19 @@
NOTE: https://github.com/hexchat/hexchat/commit/c9b63f7f9be01692b03fa15275135a4910a7e02d
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/01/29/23
CVE-2013-7424 [Invalid-free when using getaddrinfo()]
+ RESERVED
- glibc 2.19-4
- eglibc 2.17-2
NOTE: CVE Request: http://seclists.org/oss-sec/2015/q1/306
NOTE: Upstream fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2e96f1c7
NOTE: 2.19-4 first version after the eglibc -> glibc rename which was in unstable
CVE-2015-1421 [net: sctp: slab corruption from use after free on INIT collisions]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE: Upstream fix: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=600ddd6825543962fb807884169e57b580dba208
CVE-2015-1420 [fs/fhandle.c race condition]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE: http://marc.info/?l=linux-kernel&m=142247707318982&w=2
@@ -1133,10 +1144,10 @@
RESERVED
CVE-2015-1045
RESERVED
-CVE-2015-1044
- RESERVED
-CVE-2015-1043
- RESERVED
+CVE-2015-1044 (vmware-authd (aka the Authorization process) in VMware Workstation ...)
+ TODO: check
+CVE-2015-1043 (The Host Guest File System (HGFS) in VMware Workstation 10.x before ...)
+ TODO: check
CVE-2015-1041 (Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php ...)
NOT-FOR-US: e107
CVE-2015-1040 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
@@ -3334,7 +3345,7 @@
- openjdk-8 <not-affected> (Specific to Oracle Java, not present in IcedTea)
NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown
CVE-2015-0412 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 ...)
- {DSA-3144-1}
+ {DSA-3147-1 DSA-3144-1}
- openjdk-6 6b34-1.13.6-1
- openjdk-7 7u75-2.5.4-1
- openjdk-8 8u40~b22-1
@@ -3345,7 +3356,7 @@
- percona-xtradb-cluster-5.5 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
CVE-2015-0410 (Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit ...)
- {DSA-3144-1}
+ {DSA-3147-1 DSA-3144-1}
- openjdk-6 6b34-1.13.6-1
- openjdk-7 7u75-2.5.4-1
- openjdk-8 8u40~b22-1
@@ -3356,12 +3367,12 @@
NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
NOTE: For mariadb-10.0 not clear if affected
CVE-2015-0408 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and ...)
- {DSA-3144-1}
+ {DSA-3147-1 DSA-3144-1}
- openjdk-6 6b34-1.13.6-1
- openjdk-7 7u75-2.5.4-1
- openjdk-8 8u40~b22-1
CVE-2015-0407 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and ...)
- {DSA-3144-1}
+ {DSA-3147-1 DSA-3144-1}
- openjdk-6 6b34-1.13.6-1
- openjdk-7 7u75-2.5.4-1
- openjdk-8 8u40~b22-1
@@ -3394,7 +3405,7 @@
CVE-2015-0396 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
NOT-FOR-US: Oracle
CVE-2015-0395 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and ...)
- {DSA-3144-1}
+ {DSA-3147-1 DSA-3144-1}
- openjdk-6 6b34-1.13.6-1
- openjdk-7 7u75-2.5.4-1
- openjdk-8 8u40~b22-1
@@ -3429,7 +3440,7 @@
CVE-2015-0384 (Unspecified vulnerability in the Siebel Public Sector component in ...)
NOT-FOR-US: Oracle
CVE-2015-0383 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and ...)
- {DSA-3144-1}
+ {DSA-3147-1 DSA-3144-1}
- openjdk-6 6b34-1.13.6-1
- openjdk-7 7u75-2.5.4-1
- openjdk-8 8u40~b22-1
@@ -4294,8 +4305,8 @@
NOT-FOR-US: Adobe Flash Player
CVE-2014-9162 (Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2014-9161
- RESERVED
+CVE-2014-9161 (CoolType.dll in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x ...)
+ TODO: check
CVE-2014-9160
RESERVED
CVE-2014-9159 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before ...)
@@ -4994,8 +5005,7 @@
NOT-FOR-US: selinux-policy as shipped with Red Hat OpenShift 2
CVE-2015-0237
RESERVED
-CVE-2015-0236 [information disclosure]
- RESERVED
+CVE-2015-0236 (libvirt before 1.2.12 allow remote authenticated users to obtain the ...)
- libvirt 1.2.9-8 (bug #776065)
[wheezy] - libvirt <not-affected> (Vulnerable code introduced in v1.1.0-rc1)
[squeeze] - libvirt <not-affected> (Vulnerable code introduced in v1.1.0-rc1)
@@ -5862,56 +5872,56 @@
RESERVED
CVE-2014-8841
RESERVED
-CVE-2014-8840
- RESERVED
-CVE-2014-8839
- RESERVED
-CVE-2014-8838
- RESERVED
-CVE-2014-8837
- RESERVED
-CVE-2014-8836
- RESERVED
-CVE-2014-8835
- RESERVED
-CVE-2014-8834
- RESERVED
-CVE-2014-8833
- RESERVED
-CVE-2014-8832
- RESERVED
-CVE-2014-8831
- RESERVED
-CVE-2014-8830
- RESERVED
-CVE-2014-8829
- RESERVED
-CVE-2014-8828
- RESERVED
-CVE-2014-8827
- RESERVED
-CVE-2014-8826
- RESERVED
-CVE-2014-8825
- RESERVED
-CVE-2014-8824
- RESERVED
-CVE-2014-8823
- RESERVED
-CVE-2014-8822
- RESERVED
-CVE-2014-8821
- RESERVED
-CVE-2014-8820
- RESERVED
-CVE-2014-8819
- RESERVED
+CVE-2014-8840 (The iTunes Store component in Apple iOS before 8.1.3 allows remote ...)
+ TODO: check
+CVE-2014-8839 (Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load ...)
+ TODO: check
+CVE-2014-8838 (The Security component in Apple OS X before 10.10.2 does not properly ...)
+ TODO: check
+CVE-2014-8837 (Multiple unspecified vulnerabilities in the Bluetooth driver in Apple ...)
+ TODO: check
+CVE-2014-8836 (The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to ...)
+ TODO: check
+CVE-2014-8835 (The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 ...)
+ TODO: check
+CVE-2014-8834 (UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF ...)
+ TODO: check
+CVE-2014-8833 (SpotlightIndex in Apple OS X before 10.10.2 does not properly perform ...)
+ TODO: check
+CVE-2014-8832 (The indexing functionality in Spotlight in Apple OS X before 10.10.2 ...)
+ TODO: check
+CVE-2014-8831 (security_taskgate in Apple OS X before 10.10.2 allows attackers to ...)
+ TODO: check
+CVE-2014-8830 (Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.2 ...)
+ TODO: check
+CVE-2014-8829 (SceneKit in Apple OS X before 10.10.2 allows attackers to execute ...)
+ TODO: check
+CVE-2014-8828 (Sandbox in Apple OS X before 10.10 allows attackers to write to the ...)
+ TODO: check
+CVE-2014-8827 (LoginWindow in Apple OS X before 10.10.2 does not transition to the ...)
+ TODO: check
+CVE-2014-8826 (LaunchServices in Apple OS X before 10.10.2 does not properly handle ...)
+ TODO: check
+CVE-2014-8825 (The kernel in Apple OS X before 10.10.2 does not properly perform ...)
+ TODO: check
+CVE-2014-8824 (The kernel in Apple OS X before 10.10.2 does not properly validate ...)
+ TODO: check
+CVE-2014-8823 (The IOUSBControllerUserClient::ReadRegister function in the IOUSB ...)
+ TODO: check
+CVE-2014-8822 (IOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute ...)
+ TODO: check
+CVE-2014-8821 (The Intel Graphics Driver in Apple OS X before 10.10.2 allows local ...)
+ TODO: check
+CVE-2014-8820 (The Intel Graphics Driver in Apple OS X before 10.10.2 allows local ...)
+ TODO: check
+CVE-2014-8819 (The Intel Graphics Driver in Apple OS X before 10.10.2 allows local ...)
+ TODO: check
CVE-2014-8818
RESERVED
-CVE-2014-8817
- RESERVED
-CVE-2014-8816
- RESERVED
+CVE-2014-8817 (coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 ...)
+ TODO: check
+CVE-2014-8816 (CoreGraphics in Apple OS X before 10.10 allows remote attackers to ...)
+ TODO: check
CVE-2014-8815
RESERVED
CVE-2014-8814
@@ -7134,8 +7144,8 @@
NOT-FOR-US: VMware AirWatch
CVE-2014-8371 (VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before ...)
NOT-FOR-US: VMware vSphere
-CVE-2014-8370
- RESERVED
+CVE-2014-8370 (VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, ...)
+ TODO: check
CVE-2014-8369 (The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux ...)
{DSA-3093-1}
- linux 3.16.7-ckt2-1
@@ -11312,7 +11322,7 @@
CVE-2014-6607 (M/Monit 3.3.2 and earlier does not verify the original password before ...)
NOT-FOR-US: M/Monit
CVE-2014-6601 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 ...)
- {DSA-3144-1}
+ {DSA-3147-1 DSA-3144-1}
- openjdk-6 6b34-1.13.6-1
- openjdk-7 7u75-2.5.4-1
- openjdk-8 8u40~b22-1
@@ -11333,14 +11343,14 @@
CVE-2014-6594 (Unspecified vulnerability in the Oracle iLearning component in Oracle ...)
NOT-FOR-US: Oracle iLearning
CVE-2014-6593 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and ...)
- {DSA-3144-1}
+ {DSA-3147-1 DSA-3144-1}
- openjdk-6 6b34-1.13.6-1
- openjdk-7 7u75-2.5.4-1
- openjdk-8 8u40~b22-1
CVE-2014-6592 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle ...)
NOT-FOR-US: Oracle
CVE-2014-6591 (Unspecified vulnerability in the Java SE component in Oracle Java SE ...)
- {DSA-3144-1}
+ {DSA-3147-1 DSA-3144-1}
- openjdk-6 6b34-1.13.6-1
- openjdk-7 7u75-2.5.4-1
- openjdk-8 8u40~b22-1
@@ -11358,14 +11368,14 @@
[wheezy] - virtualbox <not-affected> (Introduced in 4.3)
- virtualbox-ose <not-affected> (Introduced in 4.3)
CVE-2014-6587 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 ...)
- {DSA-3144-1}
+ {DSA-3147-1 DSA-3144-1}
- openjdk-6 6b34-1.13.6-1
- openjdk-7 7u75-2.5.4-1
- openjdk-8 8u40~b22-1
CVE-2014-6586 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
NOT-FOR-US: Oracle
CVE-2014-6585 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and ...)
- {DSA-3144-1}
+ {DSA-3147-1 DSA-3144-1}
- openjdk-6 6b34-1.13.6-1
- openjdk-7 7u75-2.5.4-1
- openjdk-8 8u40~b22-1
@@ -16464,54 +16474,54 @@
- cgminer 4.4.2-1
CVE-2014-4500
RESERVED
-CVE-2014-4499
- RESERVED
-CVE-2014-4498
- RESERVED
-CVE-2014-4497
- RESERVED
-CVE-2014-4496
- RESERVED
-CVE-2014-4495
- RESERVED
-CVE-2014-4494
- RESERVED
-CVE-2014-4493
- RESERVED
-CVE-2014-4492
- RESERVED
-CVE-2014-4491
- RESERVED
+CVE-2014-4499 (The App Store process in CommerceKit Framework in Apple OS X before ...)
+ TODO: check
+CVE-2014-4498 (The CPU Software in Apple OS X before 10.10.2 allows physically ...)
+ TODO: check
+CVE-2014-4497 (Integer signedness error in IOBluetoothFamily in the Bluetooth ...)
+ TODO: check
+CVE-2014-4496 (The mach_port_kobject interface in the kernel in Apple iOS before ...)
+ TODO: check
+CVE-2014-4495 (The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and ...)
+ TODO: check
+CVE-2014-4494 (Springboard in Apple iOS before 8.1.3 does not properly validate ...)
+ TODO: check
+CVE-2014-4493 (The app-installation functionality in MobileInstallation in Apple iOS ...)
+ TODO: check
+CVE-2014-4492 (libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and ...)
+ TODO: check
+CVE-2014-4491 (The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X ...)
+ TODO: check
CVE-2014-4490
RESERVED
-CVE-2014-4489
- RESERVED
-CVE-2014-4488
- RESERVED
-CVE-2014-4487
- RESERVED
-CVE-2014-4486
- RESERVED
-CVE-2014-4485
- RESERVED
-CVE-2014-4484
- RESERVED
-CVE-2014-4483
- RESERVED
+CVE-2014-4489 (IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and ...)
+ TODO: check
+CVE-2014-4488 (IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and ...)
+ TODO: check
+CVE-2014-4487 (Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X ...)
+ TODO: check
+CVE-2014-4486 (IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before ...)
+ TODO: check
+CVE-2014-4485 (Buffer overflow in the XML parser in Foundation in Apple iOS before ...)
+ TODO: check
+CVE-2014-4484 (FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and ...)
+ TODO: check
+CVE-2014-4483 (Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X ...)
+ TODO: check
CVE-2014-4482
RESERVED
-CVE-2014-4481
- RESERVED
-CVE-2014-4480
- RESERVED
-CVE-2014-4479
- RESERVED
+CVE-2014-4481 (Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X ...)
+ TODO: check
+CVE-2014-4480 (Directory traversal vulnerability in afc in AppleFileConduit in Apple ...)
+ TODO: check
+CVE-2014-4479 (WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, ...)
+ TODO: check
CVE-2014-4478
RESERVED
-CVE-2014-4477
- RESERVED
-CVE-2014-4476
- RESERVED
+CVE-2014-4477 (WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, ...)
+ TODO: check
+CVE-2014-4476 (WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, ...)
+ TODO: check
CVE-2014-4475 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4474 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
@@ -16528,8 +16538,8 @@
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4468 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
-CVE-2014-4467
- RESERVED
+CVE-2014-4467 (WebKit, as used in Apple iOS before 8.1.3, does not properly determine ...)
+ TODO: check
CVE-2014-4466 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4465 (WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before ...)
@@ -18814,7 +18824,7 @@
{DSA-3053-1 DLA-81-1}
- openssl 1.0.1j-1
CVE-2014-3566 (The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...)
- {DSA-3144-1 DSA-3092-1}
+ {DSA-3147-1 DSA-3144-1 DSA-3092-1}
- arora <unfixed> (unimportant)
- bouncycastle <not-affected> (SSLv3 needs to be explicitly enabled)
NOTE: http://www.kb.cert.org/vuls/id/BLUU-9PYTFQ
More information about the Secure-testing-commits
mailing list