[Secure-testing-commits] r33161 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Thu Mar 26 09:10:21 UTC 2015 

Author: sectracker
Date: 2015-03-26 09:10:21 +0000 (Thu, 26 Mar 2015)
New Revision: 33161

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-03-26 09:09:10 UTC (rev 33160)
+++ data/CVE/list	2015-03-26 09:10:21 UTC (rev 33161)
@@ -1,3 +1,25 @@
+CVE-2015-2700
+	RESERVED
+CVE-2015-2699
+	RESERVED
+CVE-2015-2698
+	RESERVED
+CVE-2015-2697
+	RESERVED
+CVE-2015-2696
+	RESERVED
+CVE-2015-2695
+	RESERVED
+CVE-2015-2694
+	RESERVED
+CVE-2015-2693
+	RESERVED
+CVE-2015-2692
+	RESERVED
+CVE-2015-2691
+	RESERVED
+CVE-2015-2690
+	RESERVED
 CVE-2015-XXXX [Don't try to do join without authentication unless explicitly requested]
 	- realmd <unfixed> (bug #781179)
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=89205
@@ -29,10 +51,12 @@
 CVE-2015-2676 (Cross-site request forgery (CSRF) vulnerability in the Asus RT-G32 ...)
 	NOT-FOR-US: Asus
 CVE-2015-2689 [Assertion failure in dns.c, possibly connected to UDP DoS attack]
+	RESERVED
 	{DSA-3203-1 DLA-178-1}
 	- tor 0.2.5.11-1
 	NOTE: https://bugs.torproject.org/14129
 CVE-2015-2688 [relay could crash with an assertion]
+	RESERVED
 	{DSA-3203-1 DLA-178-1}
 	- tor 0.2.5.11-1
 	NOTE: https://trac.torproject.org/projects/tor/ticket/15083
@@ -690,6 +714,7 @@
 CVE-2014-9707
 	RESERVED
 CVE-2014-9710 [btrfs: non-atomic xattr replace operation]
+	RESERVED
 	- linux <unfixed>
 	- linux-2.6 <removed>
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339 (v3.19-rc1)
@@ -1014,8 +1039,8 @@
 	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c290f8358acaeffd8e0c551ddcc24d1206143376 (v3.2-rc1)
 	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4a2b5fddd53b80efcb3266ee36e23b8de28e761a (v2.6.28-rc1)
 	NOTE: 3.2.20-1 is the first version after the src:linux-2.6 -> src:linux rename.
-CVE-2015-2284
-	RESERVED
+CVE-2015-2284 (userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before ...)
+	TODO: check
 CVE-2010-5322 (Cross-site scripting (XSS) vulnerability in ZeusCart 4.0 and earlier ...)
 	NOT-FOR-US: ZeusCart
 CVE-2015-2674 [Doesn't Validate TLS]
@@ -1150,8 +1175,7 @@
 	NOTE: https://bugs.php.net/bug.php?id=68552
 	NOTE: http://svn.php.net/viewvc/pecl/enchant/trunk/enchant.c?r1=317600&r2=335803
 	NOTE: http://www.openwall.com/lists/oss-security/2015/03/10/6
-CVE-2015-2265 [Incomplete fix for CVE-2014-2707; CUPS-filters remove_bad_chars() bypass]
-	RESERVED
+CVE-2015-2265 (The remove_bad_chars function in utils/cups-browsed.c in cups-filters ...)
 	- cups-filters 1.0.61-5 (bug #780267)
 	[wheezy] - cups-filters <not-affected> (vulnerable code not present)
 	NOTE: https://bugs.linuxfoundation.org/show_bug.cgi?id=1265
@@ -1381,18 +1405,15 @@
 	RESERVED
 CVE-2015-2156
 	RESERVED
-CVE-2015-2155 [issue with force printer]
-	RESERVED
+CVE-2015-2155 (The force printer in tcpdump before 4.7.2 allows remote attackers to ...)
 	{DSA-3193-1 DLA-174-1}
 	- tcpdump 4.6.2-4
 	NOTE: http://www.ca.tcpdump.org/cve/0002-test-case-files-for-CVE-2015-2153-2154-2155.patch
-CVE-2015-2154 [issue with ethernet printer]
-	RESERVED
+CVE-2015-2154 (The osi_print_cksum function in print-isoclns.c in the ethernet ...)
 	{DSA-3193-1 DLA-174-1}
 	- tcpdump 4.6.2-4
 	NOTE: http://www.ca.tcpdump.org/cve/0002-test-case-files-for-CVE-2015-2153-2154-2155.patch
-CVE-2015-2153 [issue with tcp printer]
-	RESERVED
+CVE-2015-2153 (The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer ...)
 	{DSA-3193-1}
 	- tcpdump 4.6.2-4
 	[squeeze] - tcpdump <not-affected> (Vulnerable code not present)
@@ -3599,8 +3620,8 @@
 	RESERVED
 CVE-2015-1389
 	RESERVED
-CVE-2015-1388
-	RESERVED
+CVE-2015-1388 (The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before ...)
+	TODO: check
 CVE-2015-1387
 	RESERVED
 CVE-2015-1385 (Cross-site scripting (XSS) vulnerability in the Blubrry PowerPress ...)
@@ -8676,8 +8697,7 @@
 	NOT-FOR-US: Red Hat Satellite
 CVE-2015-0283
 	RESERVED
-CVE-2015-0282 [Signature forgery]
-	RESERVED
+CVE-2015-0282 (GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature ...)
 	{DSA-3191-1 DLA-180-1}
 	- gnutls26 <removed>
 	- gnutls28 <not-affected> (Fixed in 3.1.0)
@@ -8743,8 +8763,7 @@
 	NOT-FOR-US: Apache Camel
 CVE-2015-0262
 	RESERVED
-CVE-2015-0261 [IPv6 mobility header check issue]
-	RESERVED
+CVE-2015-0261 (Integer signedness error in the mobility_opt_print function in the ...)
 	{DSA-3193-1 DLA-174-1}
 	- tcpdump 4.6.2-4
 	NOTE: http://www.ca.tcpdump.org/cve/0003-test-case-for-cve2015-0261-corrupted-IPv6-mobility-h.patch
@@ -8770,15 +8789,13 @@
 	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=57560
 CVE-2015-0253
 	RESERVED
-CVE-2015-0252 [Apache Xerces-C XML Parser Crashes on Malformed Input]
-	RESERVED
+CVE-2015-0252 (internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote ...)
 	{DSA-3199-1}
 	- xerces-c 3.1.1-5.1 (bug #780827)
 	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1667870
 CVE-2015-0251
 	RESERVED
-CVE-2015-0250 [information disclosure]
-	RESERVED
+CVE-2015-0250 (XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) ...)
 	- batik 1.7+dfsg-5 (bug #780897)
 	NOTE: https://issues.apache.org/jira/browse/BATIK-1018
 	NOTE: https://issues.apache.org/jira/browse/BATIK-1113
@@ -9078,7 +9095,7 @@
 CVE-2015-0160
 	RESERVED
 CVE-2015-0159
-	RESERVED
+	REJECTED
 CVE-2015-0158 (Cross-site scripting (XSS) vulnerability in the Coach NG framework in ...)
 	TODO: check
 CVE-2015-0157
@@ -9119,8 +9136,8 @@
 	RESERVED
 CVE-2015-0139 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 ...)
 	TODO: check
-CVE-2015-0138
-	RESERVED
+CVE-2015-0138 (GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before ...)
+	TODO: check
 CVE-2015-0137 (IBM PowerVC Standard 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 ...)
 	TODO: check
 CVE-2015-0136 (powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x ...)
@@ -9552,12 +9569,12 @@
 	RESERVED
 CVE-2014-8926
 	RESERVED
-CVE-2014-8925
-	RESERVED
+CVE-2014-8925 (Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in ...)
+	TODO: check
 CVE-2014-8924
 	RESERVED
-CVE-2014-8923
-	RESERVED
+CVE-2014-8923 (The (1) IBM Tivoli Identity Manager Active Directory adapter before ...)
+	TODO: check
 CVE-2014-8922
 	RESERVED
 CVE-2014-8921 (The IBM Notes Traveler Companion application 1.0 and 1.1 before ...)
@@ -16516,8 +16533,8 @@
 	NOT-FOR-US: IBM
 CVE-2014-6135 (IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before ...)
 	NOT-FOR-US: IBM
-CVE-2014-6134
-	RESERVED
+CVE-2014-6134 (IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, ...)
+	TODO: check
 CVE-2014-6133 (IBM API Management 3.x before 3.0.1.0 allows local users to obtain ...)
 	NOT-FOR-US: IBM API Management
 CVE-2014-6132 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)

More information about the Secure-testing-commits mailing list