[Secure-testing-commits] r32923 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Mar 16 21:10:16 UTC 2015
Author: sectracker
Date: 2015-03-16 21:10:15 +0000 (Mon, 16 Mar 2015)
New Revision: 32923
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-03-16 20:22:41 UTC (rev 32922)
+++ data/CVE/list 2015-03-16 21:10:15 UTC (rev 32923)
@@ -1,3 +1,37 @@
+CVE-2015-2303
+ RESERVED
+CVE-2015-2302
+ RESERVED
+CVE-2015-2300
+ RESERVED
+CVE-2015-2299
+ RESERVED
+CVE-2015-2295
+ RESERVED
+CVE-2015-2294
+ RESERVED
+CVE-2015-2293
+ RESERVED
+CVE-2015-2292
+ RESERVED
+CVE-2015-2291
+ RESERVED
+CVE-2015-2290
+ RESERVED
+CVE-2015-2288
+ RESERVED
+CVE-2014-9704
+ RESERVED
+CVE-2014-9703
+ RESERVED
+CVE-2014-9702
+ RESERVED
+CVE-2014-9700
+ RESERVED
+CVE-2014-9699
+ RESERVED
+CVE-2014-9698
+ RESERVED
CVE-2015-XXXX [CPU usage amplification attack #2]
- capnproto <unfixed> (bug #780568)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/03/16/2
@@ -53,13 +87,16 @@
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/03/16/4
TODO: check were fixed
CVE-2015-2298 [information leak]
+ RESERVED
- etherpad-lite <itp> (bug #576998)
NOTE: https://github.com/ether/etherpad-lite/commit/a0fb65205c7d7ff95f00eb9fd88e93b300f30c3d
CVE-2015-2296 [session fixation and cookie stealing]
+ RESERVED
- requests 2.4.3-6 (bug #780506)
[wheezy] - requests <not-affected> (Vulnerable code introduced in 2.1.0)
NOTE: https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc
CVE-2015-2289
+ RESERVED
NOT-FOR-US: Serendipity
CVE-2015-2287
RESERVED
@@ -68,6 +105,7 @@
CVE-2015-2285 (The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart ...)
- upstart <not-affected> (Vulnerable cron.daily script not present)
CVE-2014-9701 [XSS issue in MantisBT permalink_page.php]
+ RESERVED
- mantis <removed>
[wheezy] - mantis <no-dsa> (Minor issue)
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
@@ -91,6 +129,7 @@
CVE-2014-9690
RESERVED
CVE-2011-5321 [tty: kobject reference leakage in tty_open]
+ RESERVED
- linux 3.2.20-1
- linux-2.6 3.2.1-1
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c290f8358acaeffd8e0c551ddcc24d1206143376 (v3.2-rc1)
@@ -213,12 +252,14 @@
CVE-2015-XXXX [several security vulnerabilities and network packets can terminate the connection]
- armagetronad 0.2.8.3.2-4 (bug #780178)
CVE-2015-2301 [use after free in phar_object.c]
+ RESERVED
- php5 5.6.6+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=68901
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=b2cf3f064b8f5efef89bb084521b61318c71781b
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/03/10/6
TODO: check
CVE-2014-9705 [heap buffer overflow in enchant_broker_request_dict()]
+ RESERVED
- php5 5.6.6+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=68552
NOTE: http://svn.php.net/viewvc/pecl/enchant/trunk/enchant.c?r1=317600&r2=335803
@@ -472,7 +513,7 @@
- xen 4.4.1-8 (bug #780227)
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-123.html
-CVE-2015-2150 (Xen 3.3.x through 4.5.x does not properly restrict access to PCI ...)
+CVE-2015-2150 (Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not ...)
- linux <unfixed>
- linux-2.6 <not-affected> (xen-pciback introduced in 3.1)
NOTE: http://xenbits.xen.org/xsa/advisory-120.html
@@ -560,8 +601,8 @@
RESERVED
CVE-2015-2108
RESERVED
-CVE-2015-2107
- RESERVED
+CVE-2015-2107 (HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows ...)
+ TODO: check
CVE-2015-2106
RESERVED
CVE-2015-2105
@@ -699,9 +740,9 @@
NOT-FOR-US: Lavasoft Ad-Aware Web Companion
CVE-2015-2077 (The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft ...)
NOT-FOR-US: Lavasoft Ad-Aware Web Companion
-CVE-2015-2076 (The Auditing service in SAP BussinessObjects Edge 4.0 allows remote ...)
+CVE-2015-2076 (The Auditing service in SAP BusinessObjects Edge 4.0 allows remote ...)
NOT-FOR-US: SAP
-CVE-2015-2075 (SAP BussinessObjects Edge 4.0 allows remote attackers to delete audit ...)
+CVE-2015-2075 (SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit ...)
NOT-FOR-US: SAP
CVE-2015-2074
RESERVED
@@ -1327,8 +1368,7 @@
[squeeze] - lasso <not-affected> (Vulnerable code introduced later)
NOTE: Upstream fix: https://repos.entrouvert.org/lasso.git/commit/lasso/xml?id=6d854cef4211cdcdbc7446c978f23ab859847cdd (v2.4.1)
NOTE: Introduced by: https://repos.entrouvert.org/lasso.git/commit/lasso/xml?id=154812b401e3845977b3a4892dbc5e5a0b9d03cf (v2.4.0)
-CVE-2015-1782 [Using SSH_MSG_KEXINIT data unbounded]
- RESERVED
+CVE-2015-1782 (The kex_agree_methods function in libssh2 before 1.5.0 allows remote ...)
{DSA-3182-1 DLA-171-1}
- libssh2 1.4.3-4.1 (bug #780249)
NOTE: http://www.libssh2.org/adv_20150311.html
@@ -1731,6 +1771,7 @@
NOTE: 2) checking for ordinary slashes before decoding and prohibiting overlong
NOTE: encodings
CVE-2015-2297 [Remote null pointer dereference]
+ RESERVED
- libcsoap <unfixed> (bug #778599)
[squeeze] - libcsoap <no-dsa> (Minor issue)
[wheezy] - libcsoap <no-dsa> (Minor issue)
@@ -1751,8 +1792,7 @@
[wheezy] - novnc <not-affected> (Only an issue in combination with later OpenStack components)
NOTE: https://github.com/kanaka/noVNC/commit/ad941faddead705cd611921730054767a0b32dcd
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/17/1
-CVE-2015-2091 [vulnerability involving the server config context]
- RESERVED
+CVE-2015-2091 (The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and ...)
{DSA-3177-1 DLA-170-1}
- mod-gnutls 0.6-1.3 (bug #578663)
NOTE: https://github.com/airtower-luna/mod_gnutls/commit/5a8a32bbfb8a83fe6358c5c31c443325a7775fc2
@@ -1835,8 +1875,7 @@
CVE-2014-9677
RESERVED
NOT-FOR-US: FlexPaper
-CVE-2015-1593 [Linux ASLR integer overflow]
- RESERVED
+CVE-2015-1593 (The stack randomization feature in the Linux kernel before 3.19.1 on ...)
{DSA-3170-1 DLA-155-1}
- linux 3.16.7-ckt7-1
- linux-2.6 <removed>
@@ -1858,6 +1897,7 @@
CVE-2015-1569 (Fortinet FortiClient 5.2.028 for iOS does not validate certificates, ...)
NOT-FOR-US: Fortinet FortiClient
CVE-2015-2305 [Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability]
+ RESERVED
- php5 5.6.6+dfsg-1 (low; bug #778389)
- olsrd <not-affected> (only when building on Android, see bug #778390)
- llvm-toolchain-3.4 <unfixed> (low; bug #778391)
@@ -2720,14 +2760,12 @@
NOTE: http://seclists.org/oss-sec/2015/q1/306
NOTE: Upstream fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2e96f1c7
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=981942
-CVE-2015-1421 [net: sctp: slab corruption from use after free on INIT collisions]
- RESERVED
+CVE-2015-1421 (Use-after-free vulnerability in the sctp_assoc_update function in ...)
{DSA-3170-1 DLA-155-1}
- linux 3.16.7-ckt4-3
- linux-2.6 <removed>
NOTE: Upstream fix: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=600ddd6825543962fb807884169e57b580dba208
-CVE-2015-1420 [fs/fhandle.c race condition]
- RESERVED
+CVE-2015-1420 (Race condition in the handle_to_path function in fs/fhandle.c in the ...)
{DSA-3170-1}
- linux 3.16.7-ckt7-1
- linux-2.6 <not-affected> (Introduced in 2.6.39)
@@ -3719,7 +3757,7 @@
NOTE: https://www.mantisbt.org/bugs/view.php?id=17984
CVE-2015-1051 (Open redirect vulnerability in the Context UI module in the Context ...)
NOT-FOR-US: Drupal extension drupal7-context
-CVE-2015-2304 [directory traversal in bsdcpio]
+CVE-2015-2304 (Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 ...)
{DSA-3180-1 DLA-166-1}
- libarchive 3.1.2-11 (bug #778266)
NOTE: http://www.openwall.com/lists/oss-security/2015/01/16/7
@@ -3905,16 +3943,16 @@
RESERVED
CVE-2015-0983
RESERVED
-CVE-2015-0982
- RESERVED
-CVE-2015-0981
- RESERVED
-CVE-2015-0980
- RESERVED
-CVE-2015-0979
- RESERVED
-CVE-2015-0978
- RESERVED
+CVE-2015-0982 (Buffer overflow in an unspecified DLL in Schneider Electric Pelco ...)
+ TODO: check
+CVE-2015-0981 (The SOAP web interface in SCADA Engine BACnet OPC Server before ...)
+ TODO: check
+CVE-2015-0980 (Format string vulnerability in BACnOPCServer.exe in the SOAP web ...)
+ TODO: check
+CVE-2015-0979 (Heap-based buffer overflow in the SOAP web interface in SCADA Engine ...)
+ TODO: check
+CVE-2015-0978 (Multiple untrusted search path vulnerabilities in (1) ...)
+ TODO: check
CVE-2015-0977 (Network Vision IntraVue before 2.3.0a14 on Windows allows remote ...)
NOT-FOR-US: IntraVue
CVE-2015-0976
@@ -4869,8 +4907,8 @@
RESERVED
CVE-2015-0661 (The SNMPv2 implementation in Cisco IOS XR allows remote authenticated ...)
NOT-FOR-US: Cisco
-CVE-2015-0660
- RESERVED
+CVE-2015-0660 (Cisco Virtual TelePresence Server Software does not properly restrict ...)
+ TODO: check
CVE-2015-0659 (The Autonomic Networking Infrastructure (ANI) implementation in Cisco ...)
NOT-FOR-US: Cisco
CVE-2015-0658
@@ -6257,7 +6295,7 @@
- mantis <removed>
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://www.mantisbt.org/bugs/view.php?id=17878
-CVE-2014-9387 (SAP BussinessObjects Edge 4.1 allows remote attackers to obtain the ...)
+CVE-2014-9387 (SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the ...)
NOT-FOR-US: SAP BussinessObjects Edge
CVE-2014-9386 (Zenoss Core before 4.2.5 SP161 sets an infinite lifetime for the ...)
- zenoss <itp> (bug #361253)
@@ -6753,10 +6791,10 @@
RESERVED
CVE-2014-9208
RESERVED
-CVE-2014-9207
- RESERVED
-CVE-2014-9206
- RESERVED
+CVE-2014-9207 (Untrusted search path vulnerability in CmnView.exe in CIMON CmnView ...)
+ TODO: check
+CVE-2014-9206 (Stack-based buffer overflow in Device Type Manager (DTM) 3.1.6 and ...)
+ TODO: check
CVE-2014-9205
RESERVED
CVE-2014-9204
@@ -6865,38 +6903,27 @@
RESERVED
CVE-2015-0343
RESERVED
-CVE-2015-0342
- RESERVED
+CVE-2015-0342 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 ...)
NOT-FOR-US: Adobe Flash
-CVE-2015-0341
- RESERVED
+CVE-2015-0341 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 ...)
NOT-FOR-US: Adobe Flash
-CVE-2015-0340
- RESERVED
+CVE-2015-0340 (Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before ...)
NOT-FOR-US: Adobe Flash
-CVE-2015-0339
- RESERVED
+CVE-2015-0339 (Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before ...)
NOT-FOR-US: Adobe Flash
-CVE-2015-0338
- RESERVED
+CVE-2015-0338 (Integer overflow in Adobe Flash Player before 13.0.0.277 and 14.x ...)
NOT-FOR-US: Adobe Flash
-CVE-2015-0337
- RESERVED
+CVE-2015-0337 (Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before ...)
NOT-FOR-US: Adobe Flash
-CVE-2015-0336
- RESERVED
+CVE-2015-0336 (Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before ...)
NOT-FOR-US: Adobe Flash
-CVE-2015-0335
- RESERVED
+CVE-2015-0335 (Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before ...)
NOT-FOR-US: Adobe Flash
-CVE-2015-0334
- RESERVED
+CVE-2015-0334 (Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before ...)
NOT-FOR-US: Adobe Flash
-CVE-2015-0333
- RESERVED
+CVE-2015-0333 (Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before ...)
NOT-FOR-US: Adobe Flash
-CVE-2015-0332
- RESERVED
+CVE-2015-0332 (Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before ...)
NOT-FOR-US: Adobe Flash
CVE-2015-0331 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 ...)
NOT-FOR-US: Adobe Flash
@@ -7687,8 +7714,7 @@
[wheezy] - linux <not-affected> (Introduced in v3.15)
- linux-2.6 <not-affected> (Introduced in v3.15)
NOTE: Proposed upstream patch: http://www.spinics.net/lists/linux-ext4/msg47193.html
-CVE-2015-0274 [xfs: replacing remote attributes memory corruption]
- RESERVED
+CVE-2015-0274 (The XFS implementation in the Linux kernel before 3.15 improperly uses ...)
- linux 3.11.5-1
[wheezy] - linux <not-affected> (Introduced in v3.11-rc1)
- linux-2.6 <not-affected> (Introduced in v3.11-rc1)
@@ -10466,14 +10492,12 @@
RESERVED
CVE-2014-8174
RESERVED
-CVE-2014-8173
- RESERVED
+CVE-2014-8173 (The pmd_none_or_trans_huge_or_clear_bad function in ...)
- linux 3.13.4-1
[wheezy] - linux <not-affected> (Introduced in 3.10 with 1998cc048901)
- linux-2.6 <not-affected> (Introduced in 3.10 with 1998cc048901)
NOTE: Upstream commit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee53664bda169f519ce3c6a22d378f0b946c8178 (v3.13-rc5)
-CVE-2014-8172
- RESERVED
+CVE-2014-8172 (The filesystem implementation in the Linux kernel before 3.13 performs ...)
- linux 3.13.4-1
- linux-2.6 <removed>
NOTE: Upstream commit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eee5cc2702929fd41cce28058dc6d6717f723f87 (v3.13-rc1)
@@ -10520,8 +10544,7 @@
- linux-2.6 <removed>
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=db29a9508a9246e77087c5531e45b2c88ec6988b (v3.18-rc1)
NOTE: http://www.spinics.net/lists/netfilter-devel/msg33430.html
-CVE-2014-8159 [infiniband: uverbs: unprotected physical memory access]
- RESERVED
+CVE-2014-8159 (The InfiniBand (IB) implementation in the Linux kernel package before ...)
- linux <unfixed>
- linux-2.6 <removed>
CVE-2014-8158 (Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 ...)
@@ -11369,10 +11392,10 @@
RESERVED
CVE-2014-7886
RESERVED
-CVE-2014-7885
- RESERVED
-CVE-2014-7884
- RESERVED
+CVE-2014-7885 (Multiple unspecified vulnerabilities in HP ArcSight Enterprise ...)
+ TODO: check
+CVE-2014-7884 (Multiple unspecified vulnerabilities in HP ArcSight Logger before ...)
+ TODO: check
CVE-2014-7883 (HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the ...)
NOT-FOR-US: HP
CVE-2014-7882 (Unspecified vulnerability in HP SiteScope 11.1x and 11.2x allows ...)
@@ -11598,8 +11621,7 @@
[squeeze] - libvirt <not-affected> (Introduced in v1.0.0)
NOTE: Introduced in http://libvirt.org/git/?p=libvirt.git;a=commit;h=28f8dfdcccd4c0f69063ef741545b37d8a7f7935 (v1.0.0)
NOTE: Fixed by http://libvirt.org/git/?p=libvirt.git;a=commit;h=b1674ad5a97441b7e1bd5f5ebaff498ef2fbb11b
-CVE-2014-7822 [splice: lack of generic write checks]
- RESERVED
+CVE-2014-7822 (The implementation of certain splice_write file operations in the ...)
{DSA-3170-1 DLA-155-1}
- linux 3.16.2-1
- linux-2.6 <removed>
@@ -16977,8 +16999,8 @@
NOT-FOR-US: Schneider Electric
CVE-2014-5410 (The DNP3 feature on Rockwell Automation Allen-Bradley MicroLogix 1400 ...)
NOT-FOR-US: MicroLogix controller
-CVE-2014-5409
- RESERVED
+CVE-2014-5409 (The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE ...)
+ TODO: check
CVE-2014-5408 (Cross-site scripting (XSS) vulnerability in the login script in the ...)
NOT-FOR-US: Nordex Control 2
CVE-2014-5407 (Multiple stack-based buffer overflows in Schneider Electric VAMPSET ...)
More information about the Secure-testing-commits
mailing list