[Secure-testing-commits] r34929 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Sat Jun 13 21:10:17 UTC 2015 

Author: sectracker
Date: 2015-06-13 21:10:16 +0000 (Sat, 13 Jun 2015)
New Revision: 34929

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-06-13 14:10:19 UTC (rev 34928)
+++ data/CVE/list	2015-06-13 21:10:16 UTC (rev 34929)
@@ -647,11 +647,13 @@
 	- elasticsearch <unfixed> (bug #788471)
 CVE-2015-4164 [vulnerability in the iret hypercall handler]
 	RESERVED
+	{DSA-3286-1}
 	- xen <unfixed>
 	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: http://xenbits.xen.org/xsa/advisory-136.html
 CVE-2015-4163 [GNTTABOP_swap_grant_ref operation misbehavior]
 	RESERVED
+	{DSA-3286-1}
 	- xen <unfixed>
 	[wheezy] - xen <not-affected> (Xen 4.2 onwards are vulnerable)
 	[squeeze] - xen <not-affected> (Xen 4.2 onwards are vulnerable)
@@ -841,7 +843,7 @@
 CVE-2015-4107
 	RESERVED
 CVE-2015-4106 (QEMU does not properly restrict write access to the PCI config space ...)
-	{DSA-3284-1}
+	{DSA-3286-1 DSA-3284-1}
 	- qemu 1:2.3+dfsg-5 (bug #787547)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
 	[squeeze] - qemu <not-affected> (Vulnerable code not present)
@@ -851,7 +853,7 @@
 	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: http://xenbits.xen.org/xsa/advisory-131.html
 CVE-2015-4105 (Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through ...)
-	{DSA-3284-1}
+	{DSA-3286-1 DSA-3284-1}
 	- qemu 1:2.3+dfsg-5 (bug #787547)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
 	[squeeze] - qemu <not-affected> (Vulnerable code not present)
@@ -861,7 +863,7 @@
 	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: http://xenbits.xen.org/xsa/advisory-130.html
 CVE-2015-4104 (Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI ...)
-	{DSA-3284-1}
+	{DSA-3286-1 DSA-3284-1}
 	- qemu 1:2.3+dfsg-5 (bug #787547)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
 	[squeeze] - qemu <not-affected> (Vulnerable code not present)
@@ -871,7 +873,7 @@
 	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: http://xenbits.xen.org/xsa/advisory-129.html
 CVE-2015-4103 (Xen 3.3.x through 4.5.x does not properly restrict write access to the ...)
-	{DSA-3284-1}
+	{DSA-3286-1 DSA-3284-1}
 	- qemu 1:2.3+dfsg-5 (bug #787547)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
 	[squeeze] - qemu <not-affected> (Vulnerable code not present)
@@ -1186,6 +1188,7 @@
 	NOTE: https://lkml.org/lkml/2015/5/13/744
 	NOTE: Not enabled in Debian kernels; staging drivers are not supported
 CVE-2015-4000 (The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is ...)
+	{DSA-3287-1}
 	- openssl <unfixed>
 	NOTE: CVE assigned specific to vulnerability in the TLS protocol that was
 	NOTE: disclosed in section 3.2 of the
@@ -3291,7 +3294,7 @@
 	NOTE: Issue then introduced by: http://vcs.pcre.org/pcre?view=revision&revision=1361
 CVE-2015-3209 [heap overflow in qemu pcnet controller allowing guest to host escape]
 	RESERVED
-	{DSA-3285-1 DSA-3284-1}
+	{DSA-3286-1 DSA-3285-1 DSA-3284-1}
 	- qemu 1:2.3+dfsg-6 (bug #788460)
 	[wheezy] - qemu 1.1.2+dfsg-6a+deb7u8
 	- qemu-kvm <removed>
@@ -7306,24 +7309,29 @@
 	RESERVED
 CVE-2015-1792 [CMS verify infinite loop with unknown hash function]
 	RESERVED
+	{DSA-3287-1}
 	- openssl 1.0.2b-1
 	NOTE: http://openssl.org/news/secadv_20150611.txt
 CVE-2015-1791 [race condition in NewSessionTicket]
 	RESERVED
+	{DSA-3287-1}
 	- openssl 1.0.2b-1
 	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=98ece4eebfb6cd45cc8d550c6ac0022965071afc
 	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=dcad51bc13c9b716d9a66248bcc4038c071ff158
 	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=708cf593587e2fda67dae9782991ff9fccc781eb
 CVE-2015-1790 [PKCS7 crash with missing EnvelopedContent]
 	RESERVED
+	{DSA-3287-1}
 	- openssl 1.0.2b-1
 	NOTE: http://openssl.org/news/secadv_20150611.txt
 CVE-2015-1789 [Exploitable out-of-bounds read in X509_cmp_time]
 	RESERVED
+	{DSA-3287-1}
 	- openssl 1.0.2b-1
 	NOTE: http://openssl.org/news/secadv_20150611.txt
 CVE-2015-1788 [Malformed ECParameters causes infinite loop]
 	RESERVED
+	{DSA-3287-1}
 	- openssl 1.0.2b-1
 	[squeeze] - openssl <not-affected> (Vulnerable code got introduced post 1.0.0)
 	NOTE: http://openssl.org/news/secadv_20150611.txt
@@ -16822,6 +16830,7 @@
 	RESERVED
 CVE-2014-8176 [Invalid free in DTLS]
 	RESERVED
+	{DSA-3287-1}
 	- openssl 1.0.1h-1
 	NOTE: http://openssl.org/news/secadv_20150611.txt
 CVE-2014-8175

More information about the Secure-testing-commits mailing list