[Secure-testing-commits] r32950 - data/CVE

Tue Mar 17 21:10:29 UTC 2015

Author: sectracker
Date: 2015-03-17 21:10:28 +0000 (Tue, 17 Mar 2015)
New Revision: 32950

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2015-03-17 19:05:10 UTC (rev 32949)
+++ data/CVE/list	2015-03-17 21:10:28 UTC (rev 32950)
@@ -1,3 +1,11 @@
+CVE-2015-2309
+	RESERVED
+CVE-2015-2308
+	RESERVED
+CVE-2015-2307
+	RESERVED
+CVE-2015-2306
+	RESERVED
 CVE-2015-2320 [Related to "remove the client-side SSLv2 fallback"]
 	- mono <unfixed>
 	NOTE: https://github.com/mono/mono/commit/b371da6b2d68b4cdd0f21d6342af6c42794f998b
@@ -44,12 +52,16 @@
 CVE-2014-9698
 	RESERVED
 CVE-2015-2313 [CPU usage amplification attack #2]
+	RESERVED
 	- capnproto <unfixed> (bug #780568)
 CVE-2015-2312 [CPU usage amplification attack]
+	RESERVED
 	- capnproto <unfixed> (bug #780567)
 CVE-2015-2311 [Integer underflow in pointer validation]
+	RESERVED
 	- capnproto <unfixed> (bug #780566)
 CVE-2015-2310 [Integer overflow in pointer validation]
+	RESERVED
 	- capnproto <unfixed> (bug #780565)
 CVE-2015-XXXX [XSS via filename]
 	- node-serve-index <unfixed> (unimportant)
@@ -88,6 +100,7 @@
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=07b5896a1389c3e865cbd2fb353806b2cefe4f5c
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=5fc2fede9c7c963c950d8b96dcc0f7af88b4d695
 CVE-2009-5146 [memory leak in hostname TLS extension]
+	RESERVED
 	- openssl 0.9.8k-1
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/7587347bc48e7e8a1e800e48bb0a658f1557c424 (OpenSSL_0_9_8k)
 	NOTE: Introduced by: https://github.com/openssl/openssl/commit/865a90eb4f0b0e3abbdd9dc2d3a4d57595575315 (OpenSSL_0_9_8f)
@@ -500,14 +513,17 @@
 	RESERVED
 CVE-2015-2155 [issue with force printer]
 	RESERVED
+	{DSA-3193-1 DLA-174-1}
 	- tcpdump 4.6.2-4
 	NOTE: http://www.ca.tcpdump.org/cve/0002-test-case-files-for-CVE-2015-2153-2154-2155.patch
 CVE-2015-2154 [issue with ethernet printer]
 	RESERVED
+	{DSA-3193-1 DLA-174-1}
 	- tcpdump 4.6.2-4
 	NOTE: http://www.ca.tcpdump.org/cve/0002-test-case-files-for-CVE-2015-2153-2154-2155.patch
 CVE-2015-2153 [issue with tcp printer]
 	RESERVED
+	{DSA-3193-1}
 	- tcpdump 4.6.2-4
 	[squeeze] - tcpdump <not-affected> (Vulnerable code not present)
 	NOTE: http://www.ca.tcpdump.org/cve/0002-test-case-files-for-CVE-2015-2153-2154-2155.patch
@@ -697,8 +713,7 @@
 	NOT-FOR-US: Avatar Uploader module for Drupal
 CVE-2015-2086 (Cross-site scripting (XSS) vulnerability in the live preview in the ...)
 	NOT-FOR-US: Panopoly Magic module for Drupal
-CVE-2014-9687 [eCryptfs key wrapping help to crack user password]
-	RESERVED
+CVE-2014-9687 (eCryptfs 104 and earlier uses a default salt to encrypt the mount ...)
 	- ecryptfs-utils <unfixed> (bug #780385)
 	NOTE: http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/839
 CVE-2014-9686
@@ -1326,14 +1341,17 @@
 	RESERVED
 CVE-2015-1804 [bdfReadCharacters: ensure metrics fit into xCharInfo struct]
 	RESERVED
+	{DSA-3194-1}
 	- libxfont 1:1.5.1-1
 	NOTE: http://lists.x.org/archives/xorg-announce/2015-March/002550.html
 CVE-2015-1803 [bdfReadCharacters: bailout if a char's bitmap cannot be read]
 	RESERVED
+	{DSA-3194-1}
 	- libxfont 1:1.5.1-1
 	NOTE: http://lists.x.org/archives/xorg-announce/2015-March/002550.html
 CVE-2015-1802 [bdfReadProperties: property count needs range check]
 	RESERVED
+	{DSA-3194-1}
 	- libxfont 1:1.5.1-1
 	NOTE: http://lists.x.org/archives/xorg-announce/2015-March/002550.html
 CVE-2015-1801
@@ -1835,7 +1853,7 @@
 	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2183683bd633818dd031b090b5530951de76f392
 CVE-2015-1606 [use after free resulting from failure to skip invalid packets]
 	RESERVED
-	{DSA-3184-1}
+	{DSA-3184-1 DLA-175-1}
 	[experimental] - gnupg2 2.1.2-1
 	- gnupg2 2.0.26-5 (bug #778577)
 	[wheezy] - gnupg2 <no-dsa> (Minor issue)
@@ -4529,7 +4547,7 @@
 	RESERVED
 CVE-2015-0837 [data-dependent timing variations in modular exponentiation]
 	RESERVED
-	{DSA-3185-1 DSA-3184-1}
+	{DSA-3185-1 DSA-3184-1 DLA-175-1}
 	- libgcrypt11 <removed>
 	- libgcrypt20 1.6.3-2
 	- gnupg 1.4.18-7
@@ -4685,8 +4703,7 @@
 	RESERVED
 CVE-2015-0779
 	RESERVED
-CVE-2015-0778 [shell command injection via crafted _service files]
-	RESERVED
+CVE-2015-0778 (osc before 0.151.0 allows remote attackers to execute arbitrary ...)
 	- osc 0.149.0-2 (low; bug #780410)
 	[wheezy] - osc <no-dsa> (Minor issue)
 	[squeeze] - osc <no-dsa> (Minor issue)
@@ -4915,14 +4932,14 @@
 	RESERVED
 CVE-2015-0666
 	RESERVED
-CVE-2015-0665
-	RESERVED
+CVE-2015-0665 (The Hostscan module in Cisco AnyConnect Secure Mobility Client ...)
+	TODO: check
 CVE-2015-0664
 	RESERVED
-CVE-2015-0663
-	RESERVED
-CVE-2015-0662
-	RESERVED
+CVE-2015-0663 (Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does ...)
+	TODO: check
+CVE-2015-0662 (Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows ...)
+	TODO: check
 CVE-2015-0661 (The SNMPv2 implementation in Cisco IOS XR allows remote authenticated ...)
 	NOT-FOR-US: Cisco
 CVE-2015-0660 (Cisco Virtual TelePresence Server Software does not properly restrict ...)
@@ -7772,6 +7789,7 @@
 	RESERVED
 CVE-2015-0261 [IPv6 mobility header check issue]
 	RESERVED
+	{DSA-3193-1 DLA-174-1}
 	- tcpdump 4.6.2-4
 	NOTE: http://www.ca.tcpdump.org/cve/0003-test-case-for-cve2015-0261-corrupted-IPv6-mobility-h.patch
 CVE-2015-0260 (RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated ...)
@@ -21724,7 +21742,7 @@
 	NOT-FOR-US: OpenShift Origin
 CVE-2014-3591 [sidechannel attack on Elgamal]
 	RESERVED
-	{DSA-3185-1 DSA-3184-1}
+	{DSA-3185-1 DSA-3184-1 DLA-175-1}
 	- libgcrypt11 <removed>
 	- libgcrypt20 1.6.3-2
 	- gnupg 1.4.18-7


