[Secure-testing-commits] r35712 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Sat Jul 25 21:10:15 UTC 2015
Author: sectracker
Date: 2015-07-25 21:10:15 +0000 (Sat, 25 Jul 2015)
New Revision: 35712
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-07-25 20:49:45 UTC (rev 35711)
+++ data/CVE/list 2015-07-25 21:10:15 UTC (rev 35712)
@@ -1998,6 +1998,7 @@
- mariadb-10.0 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-4760 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 ...)
+ {DSA-3316-1}
- openjdk-6 <unfixed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 <unfixed>
@@ -2038,12 +2039,14 @@
CVE-2015-4750 (Unspecified vulnerability in the Oracle VM Server for SPARC component ...)
TODO: check
CVE-2015-4749 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; ...)
+ {DSA-3316-1}
- openjdk-6 <unfixed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 <unfixed>
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
NOTE: "Applies to client and server deployment of Java."
CVE-2015-4748 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; ...)
+ {DSA-3316-1}
- openjdk-6 <unfixed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 <unfixed>
@@ -2083,18 +2086,21 @@
CVE-2015-4734
RESERVED
CVE-2015-4733 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
+ {DSA-3316-1}
- openjdk-6 <unfixed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 <unfixed>
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
CVE-2015-4732 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
+ {DSA-3316-1}
- openjdk-6 <unfixed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 <unfixed>
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
CVE-2015-4731 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java ...)
+ {DSA-3316-1}
- openjdk-6 <unfixed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 <unfixed>
@@ -3995,7 +4001,7 @@
NOTE: https://lkml.org/lkml/2015/5/13/744
NOTE: Not enabled in Debian kernels; staging drivers are not supported
CVE-2015-4000 (The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is ...)
- {DSA-3300-1 DSA-3287-1 DLA-247-1}
+ {DSA-3316-1 DSA-3300-1 DSA-3287-1 DLA-247-1}
- openssl <unfixed>
- nss <unfixed>
- openjdk-6 <unfixed>
@@ -6198,6 +6204,7 @@
NOT-FOR-US: Fedora Atomic
CVE-2015-3228 [Integer overflow]
RESERVED
+ {DLA-280-1}
- ghostscript <unfixed> (bug #793489)
NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696070
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0c0b0859
@@ -7461,6 +7468,7 @@
CVE-2015-2809 (The Multicast DNS (mDNS) responder in Synology DiskStation Manager ...)
NOT-FOR-US: Synology DiskStation Manager
CVE-2015-2808 (The RC4 algorithm, as used in the TLS protocol and SSL protocol, does ...)
+ {DSA-3316-1}
NOTE: This CVE is specific to the design of the RC4 protocol and not to its
NOTE: implementations.
- openjdk-6 <unfixed>
@@ -8137,6 +8145,7 @@
CVE-2015-2633
RESERVED
CVE-2015-2632 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 ...)
+ {DSA-3316-1}
- openjdk-6 <unfixed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 <unfixed>
@@ -8149,6 +8158,7 @@
CVE-2015-2629 (Unspecified vulnerability in the Java VM component in Oracle Database ...)
TODO: check
CVE-2015-2628 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
+ {DSA-3316-1}
- openjdk-6 <unfixed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 <unfixed>
@@ -8161,6 +8171,7 @@
CVE-2015-2626 (Unspecified vulnerability in the Data Store component in Oracle ...)
TODO: check
CVE-2015-2625 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; ...)
+ {DSA-3316-1}
- openjdk-6 <unfixed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 <unfixed>
@@ -8173,6 +8184,7 @@
CVE-2015-2622 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
TODO: check
CVE-2015-2621 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
+ {DSA-3316-1}
- openjdk-6 <unfixed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 <unfixed>
@@ -8201,6 +8213,7 @@
CVE-2015-2614 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local ...)
TODO: check
CVE-2015-2613 (Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE ...)
+ {DSA-3316-1}
- openjdk-6 <unfixed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 <unfixed>
@@ -8232,6 +8245,7 @@
CVE-2015-2602 (Unspecified vulnerability in the Oracle Endeca Information Discovery ...)
TODO: check
CVE-2015-2601 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, ...)
+ {DSA-3316-1}
- openjdk-6 <unfixed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 <unfixed>
@@ -8263,6 +8277,7 @@
CVE-2015-2591 (Unspecified vulnerability in the PeopleSoft Enteprise Portal - ...)
TODO: check
CVE-2015-2590 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
+ {DSA-3316-1}
- openjdk-6 <unfixed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 <unfixed>
@@ -12118,6 +12133,7 @@
RESERVED
CVE-2015-1334 [processes intended to be run inside of confined LXC containers to escape their AppArmor or SELinux confinement]
RESERVED
+ {DSA-3317-1}
- lxc 1:1.0.7-4 (bug #793298)
[wheezy] - lxc <not-affected> (Affects 0.9.0 and higher)
[squeeze] - lxc <not-affected> (Affects 0.9.0 and higher)
@@ -12127,6 +12143,7 @@
RESERVED
CVE-2015-1331 [directory traversal]
RESERVED
+ {DSA-3317-1}
- lxc 1:1.0.7-4 (bug #793298)
[wheezy] - lxc <not-affected> (Affects 1.0.0 and higher)
[squeeze] - lxc <not-affected> (Affects 1.0.0 and higher)
@@ -12347,7 +12364,7 @@
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2015-1283 (Multiple integer overflows in the XML_GetBuffer function in Expat ...)
- {DSA-3315-1}
+ {DSA-3315-1 DLA-281-1}
- chromium-browser 44.0.2403.89-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
@@ -15553,7 +15570,7 @@
CVE-2015-0489 (Unspecified vulnerability in the Application Management Pack for ...)
NOT-FOR-US: Oracle
CVE-2015-0488 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and ...)
- {DSA-3235-1 DSA-3234-1 DLA-213-1}
+ {DSA-3316-1 DSA-3235-1 DSA-3234-1 DLA-213-1}
- openjdk-6 6b35-1.13.7-1
- openjdk-7 7u79-2.5.5-1
- openjdk-8 8u45-b14-1
@@ -15574,7 +15591,7 @@
CVE-2015-0481
RESERVED
CVE-2015-0480 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and ...)
- {DSA-3235-1 DSA-3234-1 DLA-213-1}
+ {DSA-3316-1 DSA-3235-1 DSA-3234-1 DLA-213-1}
- openjdk-8 8u45-b14-1
- openjdk-7 7u79-2.5.5-1 (bug #774953)
- openjdk-6 6b35-1.13.7-1
@@ -15582,12 +15599,12 @@
CVE-2015-0479 (Unspecified vulnerability in the XDK and XDB - XML Database component ...)
NOT-FOR-US: Oracle
CVE-2015-0478 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and ...)
- {DSA-3235-1 DSA-3234-1 DLA-213-1}
+ {DSA-3316-1 DSA-3235-1 DSA-3234-1 DLA-213-1}
- openjdk-6 6b35-1.13.7-1
- openjdk-7 7u79-2.5.5-1
- openjdk-8 8u45-b14-1
CVE-2015-0477 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and ...)
- {DSA-3235-1 DSA-3234-1 DLA-213-1}
+ {DSA-3316-1 DSA-3235-1 DSA-3234-1 DLA-213-1}
- openjdk-6 6b35-1.13.7-1
- openjdk-7 7u79-2.5.5-1
- openjdk-8 8u45-b14-1
@@ -15604,12 +15621,12 @@
CVE-2015-0471 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows ...)
NOT-FOR-US: Oracle
CVE-2015-0470 (Unspecified vulnerability in Oracle Java SE 8u40 allows remote ...)
- {DSA-3235-1 DSA-3234-1 DLA-213-1}
+ {DSA-3316-1 DSA-3235-1 DSA-3234-1 DLA-213-1}
- openjdk-6 6b35-1.13.7-1
- openjdk-7 7u79-2.5.5-1
- openjdk-8 8u45-b14-1
CVE-2015-0469 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and ...)
- {DSA-3235-1 DSA-3234-1 DLA-213-1}
+ {DSA-3316-1 DSA-3235-1 DSA-3234-1 DLA-213-1}
- openjdk-6 6b35-1.13.7-1
- openjdk-7 7u79-2.5.5-1
- openjdk-8 8u45-b14-1
@@ -15630,7 +15647,7 @@
CVE-2015-0461 (Unspecified vulnerability in the Oracle Access Manager component in ...)
NOT-FOR-US: Oracle
CVE-2015-0460 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and ...)
- {DSA-3235-1 DSA-3234-1 DLA-213-1}
+ {DSA-3316-1 DSA-3235-1 DSA-3234-1 DLA-213-1}
- openjdk-6 6b35-1.13.7-1
- openjdk-7 7u79-2.5.5-1
- openjdk-8 8u45-b14-1
@@ -18354,7 +18371,7 @@
NOT-FOR-US: TYPO3 Extension ke_questionnaire
CVE-2014-8873 [MIME type registration for JAR files in the Debian OpenJDK packages enable user-initiated remote code execution]
RESERVED
- {DSA-3235-1}
+ {DSA-3316-1 DSA-3235-1}
- openjdk-8 8u45-b14-1 (high)
- openjdk-7 7u79-2.5.5-1 (high)
- openjdk-6 <removed> (high)
@@ -31615,7 +31632,7 @@
{DSA-3053-1 DLA-81-1}
- openssl 1.0.1j-1
CVE-2014-3566 (The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...)
- {DSA-3253-1 DSA-3147-1 DSA-3144-1 DSA-3092-1 DLA-157-1}
+ {DSA-3253-1 DSA-3147-1 DSA-3144-1 DSA-3092-1 DLA-282-1 DLA-157-1}
- arora <unfixed> (unimportant)
- bouncycastle <not-affected> (SSLv3 needs to be explicitly enabled)
NOTE: http://www.kb.cert.org/vuls/id/BLUU-9PYTFQ
More information about the Secure-testing-commits
mailing list