[Secure-testing-commits] r35806 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Jul 30 21:10:16 UTC 2015
Author: sectracker
Date: 2015-07-30 21:10:16 +0000 (Thu, 30 Jul 2015)
New Revision: 35806
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-07-30 19:57:46 UTC (rev 35805)
+++ data/CVE/list 2015-07-30 21:10:16 UTC (rev 35806)
@@ -1,3 +1,9 @@
+CVE-2015-5699
+ RESERVED
+CVE-2015-5698
+ RESERVED
+CVE-2015-5696
+ RESERVED
CVE-2015-5693
RESERVED
CVE-2015-5692
@@ -151,6 +157,7 @@
CVE-2015-5624
RESERVED
CVE-2015-5697 [information leak in md driver]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=77ba0569d4c8389c0a2162ab0c7c16a6f3b199e4
@@ -559,8 +566,7 @@
[wheezy] - libav <no-dsa> (Minor issue, can be fixed along in a future DSA)
CVE-2015-5478
RESERVED
-CVE-2015-5477 [An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure]
- RESERVED
+CVE-2015-5477 (named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 ...)
{DSA-3319-1 DLA-285-1}
- bind9 1:9.9.5.dfsg-11 (bug #793903)
NOTE: https://kb.isc.org/article/AA-01272/0
@@ -586,7 +592,7 @@
RESERVED
CVE-2015-5465
RESERVED
-CVE-2015-5464 (Unspecified vulnerability on the Gemalto SafeNet Luna HSM has unknown ...)
+CVE-2015-5464 (The Gemalto SafeNet Luna HSM allows remote authenticated users to ...)
NOT-FOR-US: Gemalto
CVE-2015-5463
RESERVED
@@ -3277,16 +3283,16 @@
RESERVED
CVE-2015-4291
RESERVED
-CVE-2015-4290
- RESERVED
+CVE-2015-4290 (The kernel extension in Cisco AnyConnect Secure Mobility Client ...)
+ TODO: check
CVE-2015-4289
RESERVED
CVE-2015-4288 (The LDAP implementation on the Cisco Web Security Appliance (WSA) ...)
TODO: check
CVE-2015-4287 (Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower ...)
TODO: check
-CVE-2015-4286
- RESERVED
+CVE-2015-4286 (The web framework in Cisco UCS Central Software 1.3(0.99) allows ...)
+ TODO: check
CVE-2015-4285 (The Local Packet Transport Services (LPTS) implementation in Cisco IOS ...)
NOT-FOR-US: Cisco
CVE-2015-4284 (The Concurrent Data Management Replication process in Cisco IOS XR ...)
@@ -3365,7 +3371,8 @@
RESERVED
CVE-2015-4247
REJECTED
-CVE-2015-4246 (Cross-site scripting (XSS) vulnerability in Cisco WebEx Meeting Center ...)
+CVE-2015-4246
+ REJECTED
NOT-FOR-US: Cisco
CVE-2015-4245
REJECTED
@@ -6166,6 +6173,7 @@
RESERVED
CVE-2015-3287 [Buffer overflow in OpenAFS vlserver]
RESERVED
+ {DSA-3320-1}
- openafs <unfixed>
NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-006.txt
CVE-2015-3286 [Solaris grouplist modifications for PAGs can panic or overwrite memory]
@@ -6174,19 +6182,23 @@
NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-005.txt
CVE-2015-3285 [kernel pioctl support for OSD command passing can trigger a panic]
RESERVED
+ {DSA-3320-1}
- openafs <unfixed>
NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-004.txt
CVE-2015-3284 [pioctls leak kernel memory contents]
RESERVED
+ {DSA-3320-1}
- openafs <unfixed>
[squeeze] - openafs <not-affected> (Only 1.6.0 trough 1.6.12)
NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-003.txt
CVE-2015-3283 [bos commands can be spoofed, including some which alter server state]
RESERVED
+ {DSA-3320-1}
- openafs <unfixed>
NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-002.txt
CVE-2015-3282 [vos leaks stack data onto the wire in the clear when creating vldb entries]
RESERVED
+ {DSA-3320-1}
- openafs <unfixed>
NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-001.txt
CVE-2015-3281 (The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and ...)
@@ -7197,12 +7209,12 @@
RESERVED
CVE-2015-2980
RESERVED
-CVE-2015-2979
- RESERVED
-CVE-2015-2978
- RESERVED
-CVE-2015-2977
- RESERVED
+CVE-2015-2979 (Webservice-DIC yoyaku_v41 allows remote attackers to execute arbitrary ...)
+ TODO: check
+CVE-2015-2978 (Webservice-DIC yoyaku_v41 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2015-2977 (Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary ...)
+ TODO: check
CVE-2015-2976 (Multiple cross-site scripting (XSS) vulnerabilities in Research ...)
TODO: check
CVE-2015-2975 (Research Artisan Lite before 1.18 does not ensure that a user has ...)
@@ -14007,9 +14019,11 @@
[wheezy] - djvulibre <no-dsa> (Minor issue)
[squeeze] - djvulibre <no-dsa> (Minor issue)
CVE-2015-5701 [mktexlsr: reintroduced insecure use of /tmp, in revision 36855]
+ RESERVED
- texlive-bin <not-affected> (Vulnerable code not reintroduced, patch mktexlsr-use-mktemp still applied)
NOTE: https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=36626&r2=36855
CVE-2015-5700 [mktexlsr: insecure use of /tmp, originally introduced in revision 22885]
+ RESERVED
- texlive-bin 2014.20140926.35254-5 (bug #775139)
[wheezy] - texlive-bin <no-dsa> (Minor issue)
[squeeze] - texlive-bin <no-dsa> (Minor issue)
@@ -14232,6 +14246,7 @@
RESERVED
CVE-2015-0851 [Shibboleth SP software crashes on well-formed but invalid XML]
RESERVED
+ {DSA-3321-1}
- xmltooling <unfixed> (bug #793855)
NOTE: http://shibboleth.net/community/advisories/secadv_20150721.txt
NOTE: Patch: https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commitdiff;h=2d795c731e6729309044607154978696a87fd900
@@ -21313,10 +21328,10 @@
RESERVED
CVE-2014-7914
RESERVED
-CVE-2014-7913
- RESERVED
-CVE-2014-7912
- RESERVED
+CVE-2014-7913 (The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as ...)
+ TODO: check
+CVE-2014-7912 (The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in ...)
+ TODO: check
CVE-2014-7911 (luni/src/main/java/java/io/ObjectInputStream.java in the ...)
NOT-FOR-US: Android
CVE-2014-7910 (Multiple unspecified vulnerabilities in Google Chrome before ...)
More information about the Secure-testing-commits
mailing list