[Secure-testing-commits] r32975 - data/CVE

Wed Mar 18 21:10:18 UTC 2015

Author: sectracker
Date: 2015-03-18 21:10:18 +0000 (Wed, 18 Mar 2015)
New Revision: 32975

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2015-03-18 19:50:34 UTC (rev 32974)
+++ data/CVE/list	2015-03-18 21:10:18 UTC (rev 32975)
@@ -1,3 +1,31 @@
+CVE-2015-2329
+	RESERVED
+CVE-2015-2328
+	RESERVED
+CVE-2015-2327
+	RESERVED
+CVE-2015-2326
+	RESERVED
+CVE-2015-2325
+	RESERVED
+CVE-2015-2324
+	RESERVED
+CVE-2015-2323
+	RESERVED
+CVE-2015-2322
+	RESERVED
+CVE-2015-2321
+	RESERVED
+CVE-2015-2317
+	RESERVED
+CVE-2015-2316
+	RESERVED
+CVE-2015-2315 (Cross-site scripting (XSS) vulnerability in the WPML plugin before ...)
+	TODO: check
+CVE-2015-2314 (SQL injection vulnerability in the WPML plugin before 3.1.9 for ...)
+	TODO: check
+CVE-2012-6690
+	RESERVED
 CVE-2015-XXXX [nasal scripts can ready any file]
 	- flightgear-data 3.0.0-3 (bug #780716)
 CVE-2015-XXXX [permissive file access allowed from nasal]
@@ -16,12 +44,14 @@
 	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f31a9f7c71691569359fa7fb8b0acaa44bce0324 (v4.0-rc3)
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/03/18/6
 CVE-2015-2331 [ZIP Integer Overflow]
+	RESERVED
 	- php5 <unfixed> (bug #780713)
 	- libzip <unfixed> (bug #780756)
 	NOTE: https://bugs.php.net/bug.php?id=69253
 	NOTE: https://github.com/php/php-src/commit/ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5
 	NOTE: http://www.openwall.com/lists/oss-security/2015/03/18/1
 CVE-2015-2330 [WebKitGTK+ late TLS certificate verification]
+	RESERVED
 	- webkitgtk <unfixed> (unimportant)
 	NOTE: Not covered by security support
 CVE-2015-2309
@@ -33,13 +63,16 @@
 CVE-2015-2306
 	RESERVED
 CVE-2015-2320 [Related to "remove the client-side SSLv2 fallback"]
+	RESERVED
 	- mono <unfixed> (bug #780751)
 	NOTE: https://github.com/mono/mono/commit/b371da6b2d68b4cdd0f21d6342af6c42794f998b
 CVE-2015-2319 [FREAK issue]
+	RESERVED
 	- mono <unfixed> (bug #780751)
 	NOTE: https://github.com/mono/mono/commit/9c38772f094168d8bfd5bc73bf8925cd04faad10
 	NOTE: Patch for versions earlier than 3.4: https://gist.github.com/directhex/728af6f96d1b8c976659
 CVE-2015-2318 [SKIP-TLS issue]
+	RESERVED
 	- mono <unfixed> (bug #780751)
 	NOTE: https://github.com/mono/mono/commit/1509226c41d74194c146deb173e752b8d3cdeec4
 	NOTE: Patch for versions earlier than 3.4: https://gist.github.com/directhex/f8c6e67f551d8a608154
@@ -55,10 +88,10 @@
 	RESERVED
 CVE-2015-2294
 	RESERVED
-CVE-2015-2293
-	RESERVED
-CVE-2015-2292
-	RESERVED
+CVE-2015-2293 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+	TODO: check
+CVE-2015-2292 (Multiple SQL injection vulnerabilities in ...)
+	TODO: check
 CVE-2015-2291
 	RESERVED
 CVE-2015-2290
@@ -306,6 +339,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2015/03/10/6
 CVE-2014-9705 [heap buffer overflow in enchant_broker_request_dict()]
 	RESERVED
+	{DSA-3195-1}
 	- php5 5.6.6+dfsg-1
 	NOTE: https://bugs.php.net/bug.php?id=68552
 	NOTE: http://svn.php.net/viewvc/pecl/enchant/trunk/enchant.c?r1=317600&r2=335803
@@ -1956,6 +1990,7 @@
 	NOT-FOR-US: Fortinet FortiClient
 CVE-2015-2305 [Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability]
 	RESERVED
+	{DSA-3195-1}
 	- php5 5.6.6+dfsg-1 (low; bug #778389)
 	- olsrd <not-affected> (only when building on Android, see bug #778390)
 	- llvm-toolchain-3.4 <unfixed> (low; bug #778391)
@@ -2566,6 +2601,7 @@
 	NOTE: https://chromium.googlesource.com/chromium/deps/icu/+/dd727641e190d60e4593bcb3a35c7f51eb4925c5
 CVE-2014-9653 [Malformed elf file causes access to uninitialized memory]
 	RESERVED
+	{DSA-3196-1}
 	- file 1:5.22+15-1 (bug #777585)
 	- php5 <not-affected> (readelf.c not used and even removed in 5.4.36-0+deb7u3)
 	NOTE: http://bugs.gw.com/view.php?id=409
@@ -7789,6 +7825,7 @@
 	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e461fcb194172b3f709e0b478d2ac1bdac7ab9a3 (v3.11-rc1)
 CVE-2015-0273 [use after free vulnerability in unserialize() with DateTimeZone]
 	RESERVED
+	{DSA-3195-1}
 	- php5 5.6.6+dfsg-1
 	NOTE: https://bugs.php.net/bug.php?id=68942
 	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=c377f1a715476934133f3254d1e0d4bf3743e2d2
@@ -7934,10 +7971,12 @@
 	- 389-admin <unfixed> (unimportant)
 	NOTE: Rendered unexploitable by /tmp hardening in Debian kernel
 CVE-2015-0232 (The exif_process_unicode function in ext/exif/exif.c in PHP before ...)
+	{DSA-3195-1}
 	- php5 5.6.5+dfsg-1
 	NOTE: https://bugs.php.net/patch-display.php?bug=68799&patch=bug68799fix&revision=1420966468
 	NOTE: https://bugs.php.net/bug.php?id=68799
 CVE-2015-0231 (Use-after-free vulnerability in the process_nested_data function in ...)
+	{DSA-3195-1}
 	- php5 5.6.5+dfsg-1
 	[squeeze] - php5 <not-affected> (Broken patch for CVE-2014-8142 never applied)
 	NOTE: https://bugs.php.net/bug.php?id=68710
@@ -8102,8 +8141,8 @@
 	RESERVED
 CVE-2015-0179
 	RESERVED
-CVE-2015-0178
-	RESERVED
+CVE-2015-0178 (The Java overlay feature in IBM Bluemix Liberty before ...)
+	TODO: check
 CVE-2015-0177 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 ...)
 	TODO: check
 CVE-2015-0176
@@ -8160,14 +8199,14 @@
 	RESERVED
 CVE-2015-0150
 	RESERVED
-CVE-2015-0149
-	RESERVED
+CVE-2015-0149 (The developer portal in IBM API Management 3.0 before 3.0.4.1 does not ...)
+	TODO: check
 CVE-2015-0148
 	RESERVED
 CVE-2015-0147
 	RESERVED
-CVE-2015-0146
-	RESERVED
+CVE-2015-0146 (IBM Content Collector for Email 3.0 before ...)
+	TODO: check
 CVE-2015-0145
 	RESERVED
 CVE-2015-0144
@@ -8194,24 +8233,24 @@
 	RESERVED
 CVE-2015-0133 (IBM WebSphere Commerce 7.0 Feature Pack 4 through 8 allows remote ...)
 	TODO: check
-CVE-2015-0132
-	RESERVED
+CVE-2015-0132 (The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 ...)
+	TODO: check
 CVE-2015-0131
 	RESERVED
 CVE-2015-0130
 	RESERVED
 CVE-2015-0129 (Cross-site scripting (XSS) vulnerability in IBM Rational Quality ...)
 	TODO: check
-CVE-2015-0128
-	RESERVED
+CVE-2015-0128 (Cross-site scripting (XSS) vulnerability in IBM Rational Quality ...)
+	TODO: check
 CVE-2015-0127
 	RESERVED
 CVE-2015-0126
 	RESERVED
-CVE-2015-0125
-	RESERVED
-CVE-2015-0124
-	RESERVED
+CVE-2015-0125 (Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next ...)
+	TODO: check
+CVE-2015-0124 (Cross-site scripting (XSS) vulnerability in IBM Rational Quality ...)
+	TODO: check
 CVE-2015-0123 (Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert ...)
 	TODO: check
 CVE-2015-0122 (Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert ...)
@@ -15579,12 +15618,12 @@
 	NOT-FOR-US: IBM API Management
 CVE-2014-6132 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
 	NOT-FOR-US: IBM
-CVE-2014-6131
-	RESERVED
+CVE-2014-6131 (IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative ...)
+	TODO: check
 CVE-2014-6130 (The IBM Notes Traveler application before 9.0.1.3 for Android lacks a ...)
 	NOT-FOR-US: IBM Notes Traveler application for Android
-CVE-2014-6129
-	RESERVED
+CVE-2014-6129 (IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative ...)
+	TODO: check
 CVE-2014-6128
 	RESERVED
 CVE-2014-6127


