[Secure-testing-commits] r32603 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Mar 3 09:30:53 UTC 2015
Author: sectracker
Date: 2015-03-03 09:28:26 +0000 (Tue, 03 Mar 2015)
New Revision: 32603
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-03-03 07:55:20 UTC (rev 32602)
+++ data/CVE/list 2015-03-03 09:28:26 UTC (rev 32603)
@@ -1,3 +1,143 @@
+CVE-2015-2171
+ RESERVED
+CVE-2015-2170
+ RESERVED
+CVE-2015-2169
+ RESERVED
+CVE-2015-2168
+ RESERVED
+CVE-2015-2167
+ RESERVED
+CVE-2015-2166
+ RESERVED
+CVE-2015-2165
+ RESERVED
+CVE-2015-2164
+ RESERVED
+CVE-2015-2163
+ RESERVED
+CVE-2015-2162
+ RESERVED
+CVE-2015-2161
+ RESERVED
+CVE-2015-2160
+ RESERVED
+CVE-2015-2159
+ RESERVED
+CVE-2015-2156
+ RESERVED
+CVE-2015-2155
+ RESERVED
+CVE-2015-2154
+ RESERVED
+CVE-2015-2153
+ RESERVED
+CVE-2015-2152
+ RESERVED
+CVE-2015-2151
+ RESERVED
+CVE-2015-2150
+ RESERVED
+CVE-2015-2149
+ RESERVED
+CVE-2015-2148
+ RESERVED
+CVE-2015-2147
+ RESERVED
+CVE-2015-2146
+ RESERVED
+CVE-2015-2145
+ RESERVED
+CVE-2015-2144
+ RESERVED
+CVE-2015-2143
+ RESERVED
+CVE-2015-2142
+ RESERVED
+CVE-2015-2141
+ RESERVED
+CVE-2015-2140
+ RESERVED
+CVE-2015-2139
+ RESERVED
+CVE-2015-2138
+ RESERVED
+CVE-2015-2137
+ RESERVED
+CVE-2015-2136
+ RESERVED
+CVE-2015-2135
+ RESERVED
+CVE-2015-2134
+ RESERVED
+CVE-2015-2133
+ RESERVED
+CVE-2015-2132
+ RESERVED
+CVE-2015-2131
+ RESERVED
+CVE-2015-2130
+ RESERVED
+CVE-2015-2129
+ RESERVED
+CVE-2015-2128
+ RESERVED
+CVE-2015-2127
+ RESERVED
+CVE-2015-2126
+ RESERVED
+CVE-2015-2125
+ RESERVED
+CVE-2015-2124
+ RESERVED
+CVE-2015-2123
+ RESERVED
+CVE-2015-2122
+ RESERVED
+CVE-2015-2121
+ RESERVED
+CVE-2015-2120
+ RESERVED
+CVE-2015-2119
+ RESERVED
+CVE-2015-2118
+ RESERVED
+CVE-2015-2117
+ RESERVED
+CVE-2015-2116
+ RESERVED
+CVE-2015-2115
+ RESERVED
+CVE-2015-2114
+ RESERVED
+CVE-2015-2113
+ RESERVED
+CVE-2015-2112
+ RESERVED
+CVE-2015-2111
+ RESERVED
+CVE-2015-2110
+ RESERVED
+CVE-2015-2109
+ RESERVED
+CVE-2015-2108
+ RESERVED
+CVE-2015-2107
+ RESERVED
+CVE-2015-2106
+ RESERVED
+CVE-2015-2105
+ RESERVED
+CVE-2015-2104
+ RESERVED
+CVE-2015-2103 (Cross-site scripting (XSS) vulnerability in the admin-login panel ...)
+ TODO: check
+CVE-2015-2102 (SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 ...)
+ TODO: check
+CVE-2015-2101 (Cross-site scripting (XSS) vulnerability in the Navigate bar in the ...)
+ TODO: check
+CVE-2013-7434
+ RESERVED
CVE-2015-XXXX [heap buffer overflow]
- bibtool <unfixed> (bug #779573)
TODO: check
@@ -23,6 +163,7 @@
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/27/4
NOTE: https://www.trustmatta.com/advisories/MATTA-2015-002.txt (not yet published)
CVE-2015-2172 [DokuWiki privilege escalation in RPC API]
+ RESERVED
- dokuwiki <unfixed> (bug #779547)
[squeeze] - dokuwiki <not-affected> (Vulnerable code not present)
[wheezy] - dokuwiki <not-affected> (Vulnerable code not present)
@@ -30,10 +171,12 @@
NOTE: https://github.com/splitbrain/dokuwiki/issues/1056
NOTE: https://github.com/splitbrain/dokuwiki/commit/4970ad24ce49ec76a0ee67bca7594f918ced2f5f
CVE-2015-2158
+ RESERVED
- pngcrush <unfixed>
NOTE: Fixed in 1.7.84 upstream, changelog does not mention it
NOTE: http://www.openwall.com/lists/oss-security/2015/02/28/6
CVE-2015-2157 [PuTTY fails to clear private key information from memory]
+ RESERVED
- putty 0.63-10 (bug #779488)
NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html
CVE-2015-2100
@@ -65,6 +208,7 @@
CVE-2015-2086 (Cross-site scripting (XSS) vulnerability in the live preview in the ...)
TODO: check
CVE-2014-9687 [eCryptfs key wrapping help to crack user password]
+ RESERVED
- ecryptfs-utils <unfixed>
NOTE: https://bugs.launchpad.net/ecryptfs/+bug/906550/comments/5
TODO: check
@@ -114,16 +258,16 @@
TODO: check
CVE-2015-2077 (The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft ...)
TODO: check
-CVE-2015-2076
- RESERVED
-CVE-2015-2075
- RESERVED
+CVE-2015-2076 (The Auditing service in SAP BussinessObjects Edge 4.0 allows remote ...)
+ TODO: check
+CVE-2015-2075 (SAP BussinessObjects Edge 4.0 allows remote attackers to delete audit ...)
+ TODO: check
CVE-2015-2074
RESERVED
CVE-2015-2073
RESERVED
-CVE-2015-2072
- RESERVED
+CVE-2015-2072 (Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 ...)
+ TODO: check
CVE-2015-2071 (Directory traversal vulnerability in cm/newui/blog/export.jsp in ...)
TODO: check
CVE-2015-2070 (SQL injection vulnerability in eTouch SamePage Enterprise Edition ...)
@@ -1146,8 +1290,7 @@
- mod-gnutls 0.5.6-1 (bug #578663)
NOTE: http://issues.outoforder.cc/view.php?id=93
TODO: check, the patch from http://issues.outoforder.cc/view.php?id=93 is applied in 0.5.6 upstream
-CVE-2014-9682
- RESERVED
+CVE-2014-9682 (The dns-sync module before 0.1.1 for node.js allows context-dependent ...)
NOT-FOR-US: node-dns-sync
CVE-2014-XXXX [more to CVE-2014-6585]
- icu <unfixed> (low; bug #778511)
@@ -1452,8 +1595,8 @@
RESERVED
CVE-2015-1483
RESERVED
-CVE-2014-9676
- RESERVED
+CVE-2014-9676 (The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 ...)
+ TODO: check
CVE-2014-9675 (bdf/bdflib.c in FreeType before 2.5.4 identifies property names by ...)
- freetype 2.5.2-3 (bug #777656)
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7
@@ -1932,8 +2075,7 @@
RESERVED
CVE-2015-1415
RESERVED
-CVE-2015-1414 [DoS via IGMP packet]
- RESERVED
+CVE-2015-1414 (Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 ...)
{DSA-3175-1}
- kfreebsd-10 10.1~svn274115-3 (bug #779195)
- kfreebsd-9 <removed> (bug #779201)
@@ -2257,8 +2399,7 @@
NOTE: Fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f9d2d03254a58d92635a311a42253eeed5a40a47
NOTE: Upstream report: https://sourceware.org/bugzilla/show_bug.cgi?id=15946
NOTE: http://www.openwall.com/lists/oss-security/2015/01/28/16
-CVE-2013-7421 [Linux kernel crypto api unprivileged arbitrary module load]
- RESERVED
+CVE-2013-7421 (The Crypto API in the Linux kernel before 3.18.5 allows local users to ...)
{DSA-3170-1}
- linux 3.16.7-ckt4-2
- linux-2.6 <removed>
@@ -2266,8 +2407,7 @@
NOTE: https://lkml.org/lkml/2013/3/4/70
NOTE: https://plus.google.com/+MathiasKrause/posts/PqFCo4bfrWu
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5d26a105b5a7 (v3.19-rc1)
-CVE-2014-9644 [related to CVE-2013-7421, not handling crypto templates correctly]
- RESERVED
+CVE-2014-9644 (The Crypto API in the Linux kernel before 3.18.5 allows local users to ...)
{DSA-3170-1}
- linux 3.16.7-ckt4-2
- linux-2.6 <removed>
@@ -3668,24 +3808,23 @@
RESERVED
CVE-2015-0890
RESERVED
-CVE-2015-0889
- RESERVED
-CVE-2015-0888
- RESERVED
-CVE-2015-0887
- RESERVED
-CVE-2015-0886
- RESERVED
+CVE-2015-0889 (KENT-WEB Joyful Note before 5.3 allows remote attackers to delete ...)
+ TODO: check
+CVE-2015-0888 (KENT-WEB Clip Board before 4.1 allows remote attackers to delete ...)
+ TODO: check
+CVE-2015-0887 (npppd in the PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 Fuji ...)
+ TODO: check
+CVE-2015-0886 (Integer overflow in the crypt_raw method in the key-stretching ...)
- libjbcrypt-java <unfixed>
-CVE-2015-0885
- RESERVED
-CVE-2015-0884
- RESERVED
+CVE-2015-0885 (checkpw 1.02 and earlier allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2015-0884 (Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack ...)
+ TODO: check
CVE-2015-0883 (SYNCK GRAPHICA Mailform Pro CGI 4.1.4 and 4.1.5, when the mailauth ...)
TODO: check
CVE-2015-0882 (Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka ...)
TODO: check
-CVE-2015-0881 (CRLF injection vulnerability in Squid before 3.1.10 allows remote ...)
+CVE-2015-0881 (CRLF injection vulnerability in Squid before 3.1.1 allows remote ...)
- squid <unfixed>
- squid3 3.1.1-1
NOTE: http://www.openwall.com/lists/oss-security/2015/03/01/2
@@ -4180,8 +4319,8 @@
RESERVED
CVE-2015-0656
RESERVED
-CVE-2015-0655
- RESERVED
+CVE-2015-0655 (Cross-site scripting (XSS) vulnerability in Unified Web Interaction ...)
+ TODO: check
CVE-2015-0654
RESERVED
CVE-2015-0653
@@ -7071,8 +7210,7 @@
- samba4 4.0.0~beta2+dfsg1-3.2+deb7u2
NOTE: Server components removed from src:samba4 in 4.0.0~beta2+dfsg1-3.2+deb7u2
NOTE: https://www.samba.org/samba/security/CVE-2015-0240
-CVE-2015-0239 [KVM SYSENTER emulation vulnerability]
- RESERVED
+CVE-2015-0239 (The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel ...)
{DSA-3170-1}
- linux 3.16.7-ckt4-2
- linux-2.6 <removed>
@@ -7798,8 +7936,8 @@
RESERVED
CVE-2014-8922
RESERVED
-CVE-2014-8921
- RESERVED
+CVE-2014-8921 (The IBM Notes Traveler Companion application 1.0 and 1.1 before ...)
+ TODO: check
CVE-2014-8920 (Buffer overflow in the Data Transfer Program in IBM i Access 5770-XE1 ...)
NOT-FOR-US: IBM
CVE-2014-8919
@@ -9783,8 +9921,7 @@
- postgresql-9.1 9.1.11-2
- postgresql-8.4 <removed>
[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
-CVE-2014-8160 [iptables restriction bypass if a protocol handler kernel module not loaded]
- RESERVED
+CVE-2014-8160 (net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before ...)
{DSA-3170-1 DLA-155-1}
- linux 3.16.7-ckt4-1
- linux-2.6 <removed>
More information about the Secure-testing-commits
mailing list