[Secure-testing-commits] r33124 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Mar 24 21:10:16 UTC 2015 

Author: sectracker
Date: 2015-03-24 21:10:16 +0000 (Tue, 24 Mar 2015)
New Revision: 33124

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-03-24 18:58:02 UTC (rev 33123)
+++ data/CVE/list	2015-03-24 21:10:16 UTC (rev 33124)
@@ -1,3 +1,21 @@
+CVE-2015-2685
+	RESERVED
+CVE-2015-2683
+	RESERVED
+CVE-2015-2682
+	RESERVED
+CVE-2015-2681 (Multiple cross-site scripting (XSS) vulnerabilities in the ASUS RT-G32 ...)
+	TODO: check
+CVE-2015-2680 (Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS ...)
+	TODO: check
+CVE-2015-2679 (Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before ...)
+	TODO: check
+CVE-2015-2678 (Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix ...)
+	TODO: check
+CVE-2015-2677 (Multiple cross-site scripting (XSS) vulnerabilities in ocPortal before ...)
+	TODO: check
+CVE-2015-2676 (Cross-site request forgery (CSRF) vulnerability in the Asus RT-G32 ...)
+	TODO: check
 CVE-2015-2689 [Assertion failure in dns.c, possibly connected to UDP DoS attack]
 	{DSA-3203-1 DLA-178-1}
 	- tor 0.2.5.11-1
@@ -7,6 +25,7 @@
 	- tor 0.2.5.11-1
 	NOTE: https://trac.torproject.org/projects/tor/ticket/15083
 CVE-2015-2687 [information leak when live-migration failed]
+	RESERVED
 	- nova <unfixed>
 	NOTE: https://bugs.launchpad.net/nova/+bug/1419577
 	TODO: check
@@ -669,6 +688,7 @@
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3251bdcf1c67427d964517053c3d185b46e618e8 (v2.2.0-rc2)
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/03/24/4
 CVE-2015-2686 [sys_sendto/sys_recvfrom does not validate the user provided ubuf pointer]
+	RESERVED
 	- linux <not-affected> (Introduced in 3.19, never uploaded to unstable)
 	- linux-2.6 <not-affected> (Introduced in 3.19, never uploaded to unstable)
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4de930efc23b92ddf88ce91c405ee645fe6e27ea
@@ -765,6 +785,7 @@
 	RESERVED
 CVE-2015-2317 [Mitigated possible XSS attack via user-supplied redirect URLs]
 	RESERVED
+	{DSA-3204-1}
 	- python-django 1.7.7-1 (bug #780873)
 	[squeeze] - python-django <no-dsa> (Minor issue, can wait next security upload)
 	NOTE: https://github.com/django/django/commit/2342693b31f740a422abf7267c53b4e7bc487c1b (1.4.x)
@@ -794,6 +815,7 @@
 	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4 (v4.0-rc1)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/03/18/7
 CVE-2015-2684 [denial of service vulnerability]
+	RESERVED
 	- shibboleth-sp2 <unfixed>
 	NOTE: http://shibboleth.net/community/advisories/secadv_20150319.txt
 CVE-2015-2672 [unprivileged denial-of-service due to mis-protected xsave/xrstor instructions]
@@ -917,6 +939,7 @@
 	- icu 52.1-8 (bug #780503)
 	[wheezy] - icu <not-affected> (Incomplete patch was never applied)
 CVE-2014-9709 [gd: buffer read overflow in gd_gif_in.c]
+	RESERVED
 	- libgd2 2.1.0-5
 	- php5 5.6.5+dfsg-1 (low)
 	[wheezy] - php5 <no-dsa> (Minor issue, can be fixed in a future DSA)
@@ -938,8 +961,7 @@
 	- requests 2.4.3-6 (bug #780506)
 	[wheezy] - requests <not-affected> (Vulnerable code introduced in 2.1.0)
 	NOTE: https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc
-CVE-2015-2289
-	RESERVED
+CVE-2015-2289 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Serendipity
 CVE-2015-2287
 	RESERVED
@@ -5481,14 +5503,12 @@
 CVE-2015-0819 (The UITour::onPageEvent function in Mozilla Firefox before 36.0 does ...)
 	- iceweasel <not-affected> (Does not affect ESR version)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-26/
-CVE-2015-0818
-	RESERVED
+CVE-2015-0818 (Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and ...)
 	{DSA-3201-1}
 	- iceweasel 31.5.3esr-1
 	[squeeze] - iceweasel <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-28/
-CVE-2015-0817
-	RESERVED
+CVE-2015-0817 (The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ...)
 	{DSA-3201-1}
 	- iceweasel 31.5.3esr-1
 	[squeeze] - iceweasel <end-of-life>
@@ -6744,8 +6764,7 @@
 	RESERVED
 CVE-2015-0528
 	RESERVED
-CVE-2015-0527
-	RESERVED
+CVE-2015-0527 (EMC Documentum xCelerated Management System (xMS) 1.1 before P14 ...)
 	NOT-FOR-US: EMC
 CVE-2015-0526
 	RESERVED
@@ -7584,8 +7603,8 @@
 	NOT-FOR-US: 3S Pocketnet Tech VMS
 CVE-2014-9262
 	RESERVED
-CVE-2014-9261
-	RESERVED
+CVE-2014-9261 (The sanitize function in Codoforum 2.5.1 does not properly implement ...)
+	TODO: check
 CVE-2014-9260
 	RESERVED
 CVE-2014-9259
@@ -8924,12 +8943,12 @@
 	- libspring-java <not-affected> (Only affects Spring Framework 4.1.0 to 4.1.4)
 CVE-2015-0200
 	RESERVED
-CVE-2015-0199
-	RESERVED
-CVE-2015-0198
-	RESERVED
-CVE-2015-0197
-	RESERVED
+CVE-2015-0199 (The mmfslinux kernel module in IBM General Parallel File System (GPFS) ...)
+	TODO: check
+CVE-2015-0198 (IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 ...)
+	TODO: check
+CVE-2015-0197 (IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 ...)
+	TODO: check
 CVE-2015-0196
 	RESERVED
 CVE-2015-0195
@@ -9006,8 +9025,8 @@
 	RESERVED
 CVE-2015-0159
 	RESERVED
-CVE-2015-0158
-	RESERVED
+CVE-2015-0158 (Cross-site scripting (XSS) vulnerability in the Coach NG framework in ...)
+	TODO: check
 CVE-2015-0157
 	RESERVED
 CVE-2015-0156
@@ -9048,10 +9067,10 @@
 	TODO: check
 CVE-2015-0138
 	RESERVED
-CVE-2015-0137
-	RESERVED
-CVE-2015-0136
-	RESERVED
+CVE-2015-0137 (IBM PowerVC Standard 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 ...)
+	TODO: check
+CVE-2015-0136 (powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x ...)
+	TODO: check
 CVE-2015-0135
 	RESERVED
 CVE-2015-0134
@@ -9110,14 +9129,14 @@
 	NOT-FOR-US: IBM
 CVE-2015-0107
 	RESERVED
-CVE-2015-0106
-	RESERVED
-CVE-2015-0105
-	RESERVED
+CVE-2015-0106 (Cross-site scripting (XSS) vulnerability in IBM Business Process ...)
+	TODO: check
+CVE-2015-0105 (Cross-site scripting (XSS) vulnerability in the Process Portal in IBM ...)
+	TODO: check
 CVE-2015-0104
 	RESERVED
-CVE-2015-0103
-	RESERVED
+CVE-2015-0103 (Multiple cross-site scripting (XSS) vulnerabilities in the Process ...)
+	TODO: check
 CVE-2015-0102
 	RESERVED
 CVE-2015-0101

More information about the Secure-testing-commits mailing list