[Secure-testing-commits] r33278 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Mar 31 09:10:25 UTC 2015
Author: sectracker
Date: 2015-03-31 09:10:25 +0000 (Tue, 31 Mar 2015)
New Revision: 33278
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-03-31 07:42:43 UTC (rev 33277)
+++ data/CVE/list 2015-03-31 09:10:25 UTC (rev 33278)
@@ -1,3 +1,55 @@
+CVE-2015-2786 (Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 ...)
+ TODO: check
+CVE-2015-2784
+ RESERVED
+CVE-2015-2783
+ RESERVED
+CVE-2015-2781
+ RESERVED
+CVE-2015-2780
+ RESERVED
+CVE-2015-2777
+ RESERVED
+CVE-2015-2775
+ RESERVED
+CVE-2015-2773 (SVM in Websense TRITON V-Series appliances before 8.0.0 allows ...)
+ TODO: check
+CVE-2015-2772 (SVM in Websense TRITON V-Series appliances before 8.0.0 allows ...)
+ TODO: check
+CVE-2015-2771 (The Mail Server in Websense TRITON AP-EMAIL and V-Series appliances ...)
+ TODO: check
+CVE-2015-2770 (Cross-site request forgery (CSRF) vulnerability in the command line ...)
+ TODO: check
+CVE-2015-2769 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+ TODO: check
+CVE-2015-2768 (Cross-site scripting (XSS) vulnerability in Websense TRITON AP-EMAIL ...)
+ TODO: check
+CVE-2015-2767 (Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has ...)
+ TODO: check
+CVE-2015-2766 (The Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before ...)
+ TODO: check
+CVE-2015-2765 (The Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 ...)
+ TODO: check
+CVE-2015-2764 (Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON ...)
+ TODO: check
+CVE-2015-2763 (Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has ...)
+ TODO: check
+CVE-2015-2762 (Websense TRITON AP-WEB before 8.0.0 allows remote attackers to ...)
+ TODO: check
+CVE-2015-2761 (Cross-site scripting (XSS) vulnerability in the Exceptions and ...)
+ TODO: check
+CVE-2015-2760 (Cross-site scripting (XSS) vulnerability in the ePO extension in ...)
+ TODO: check
+CVE-2015-2759 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ePO ...)
+ TODO: check
+CVE-2015-2758 (The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) ...)
+ TODO: check
+CVE-2015-2757 (The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) ...)
+ TODO: check
+CVE-2014-9712 (Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 ...)
+ TODO: check
+CVE-2013-7438 (Multiple buffer overflows in pbm212030 allow remote attackers to cause ...)
+ TODO: check
CVE-2015-XXXX [crashes found with afl]
- hp2xx 3.4.4-10 (low)
[wheezy] - hp2xx <no-dsa> (Minor issue)
@@ -14,11 +66,12 @@
CVE-2013-XXXX [nbd-server: server dies if client asks for a non-existing export]
- nbd 1:3.4-1 (bug #781547)
TODO: check details
-CVE-2015-2787 [Use After Free Vulnerability in unserialize()]
+CVE-2015-2787 (Use-after-free vulnerability in the process_nested_data function in ...)
{DSA-3198-1}
- php5 5.6.7+dfsg-1
NOTE: https://bugs.php.net/68976
CVE-2015-2782 [buffer overflow]
+ RESERVED
- arj 3.10.22-13 (bug #774015)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/03/28/5
CVE-2015-2756
@@ -38,6 +91,7 @@
CVE-2010-5323
RESERVED
CVE-2015-2774 [Erlang POODLE TLS vulnerability]
+ RESERVED
- erlang <unfixed>
NOTE: http://www.erlang.org/news/85
NOTE: CVE about "ssl: ... added padding check for TLS-1.0 due to the Poodle vulnerability."
@@ -131,6 +185,7 @@
CVE-2015-2701 (Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 ...)
NOT-FOR-US: CS-Cart
CVE-2014-9713 [slapd: dangerous access rule in default config]
+ RESERVED
{DSA-3209-1}
- openldap 2.4.40-2 (bug #761406)
CVE-2014-9711 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
@@ -166,6 +221,7 @@
- realmd <unfixed> (bug #781179)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=89207
CVE-2015-2776 [does not properly check requests for workbook memory allocation]
+ RESERVED
{DSA-3208-1}
[experimental] - freexl 1.0.1-1~exp1
- freexl 1.0.0g-1+deb8u1 (bug #781228)
@@ -899,6 +955,7 @@
NOTE: https://github.com/inspircd/inspircd/commit/58c893e834ff20495d007709220881a3ff13f423
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/03/29/5
CVE-2015-2788 [Buffer Overflow in dbdimp.c]
+ RESERVED
- libdbd-firebird-perl <unfixed> (bug #780925)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/03/30/4
CVE-2015-XXXX [SoapClient's __call() type confusion through unserialize()]
@@ -906,11 +963,13 @@
NOTE: https://bugs.php.net/bug.php?id=69085
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/03/20/14
CVE-2015-2779
+ RESERVED
- quassel <unfixed> (bug #781024)
NOTE: https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8
NOTE: http://www.openwall.com/lists/oss-security/2015/03/20/12
TODO: check affected versions
CVE-2015-2778
+ RESERVED
- quassel <unfixed> (bug #781024)
NOTE: https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8
NOTE: http://www.openwall.com/lists/oss-security/2015/03/20/12
@@ -922,8 +981,8 @@
[jessie] - dulwich 0.9.7-3
NOTE: Patch: https://git.samba.org/?p=jelmer/dulwich.git;a=commitdiff;h=091638be3c89f46f42c3b1d57dc1504af5729176
NOTE: http://www.openwall.com/lists/oss-security/2015/03/21/1
-CVE-2015-2348 [move_uploaded_file allows nulls in path]
- RESERVED
+CVE-2015-2348 (The move_uploaded_file implementation in ...)
+ {DSA-3198-1}
- php5 5.6.7+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=69207
CVE-2015-2347
@@ -1049,8 +1108,7 @@
NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f31a9f7c71691569359fa7fb8b0acaa44bce0324 (v3.17-rc1)
NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=06c8173eb92bbfc03a0fe8bb64315857d0badd06 (v4.0-rc3)
NOTE: http://www.openwall.com/lists/oss-security/2015/03/18/6
-CVE-2015-2331 [ZIP Integer Overflow]
- RESERVED
+CVE-2015-2331 (Integer overflow in the _zip_cdir_new function in zip_dirent.c in ...)
{DSA-3198-1}
- php5 5.6.7+dfsg-1 (bug #780713)
- libzip 0.11.2-1.2 (bug #780756)
@@ -1164,8 +1222,7 @@
CVE-2015-XXXX [Incomplete fix for CVE-2014-9740]
- icu 52.1-8 (bug #780503)
[wheezy] - icu <not-affected> (Incomplete patch was never applied)
-CVE-2014-9709 [gd: buffer read overflow in gd_gif_in.c]
- RESERVED
+CVE-2014-9709 (The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used ...)
- libgd2 2.1.0-5
- php5 5.6.5+dfsg-1 (unimportant)
NOTE: https://bugs.php.net/bug.php?id=68601
@@ -1349,15 +1406,13 @@
- armagetronad 0.2.8.3.2-4 (bug #780178)
[wheezy] - armagetronad <no-dsa> (Minor issue)
[squeeze] - armagetronad <no-dsa> (Minor issue)
-CVE-2015-2301 [use after free in phar_object.c]
- RESERVED
+CVE-2015-2301 (Use-after-free vulnerability in the phar_rename_archive function in ...)
{DSA-3198-1}
- php5 5.6.6+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=68901
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=b2cf3f064b8f5efef89bb084521b61318c71781b
NOTE: http://www.openwall.com/lists/oss-security/2015/03/10/6
-CVE-2014-9705 [heap buffer overflow in enchant_broker_request_dict()]
- RESERVED
+CVE-2014-9705 (Heap-based buffer overflow in the enchant_broker_request_dict function ...)
{DSA-3195-1}
- php5 5.6.6+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=68552
@@ -1759,8 +1814,7 @@
NOTE: Introduced by http://sourceforge.net/p/pmt/code/ci/e1a36a9639e2db16494d90459c7c2b78677a20bf/ (1.7.83)
NOTE: Fixed by: http://sourceforge.net/p/pmt/code/ci/a1ce646d00a400fd9ec321ab5cb522f40b7bdfe6/ (1.7.84)
NOTE: http://www.openwall.com/lists/oss-security/2015/02/28/6
-CVE-2015-2157 [PuTTY fails to clear private key information from memory]
- RESERVED
+CVE-2015-2157 (The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY ...)
{DSA-3190-1 DLA-173-1}
- putty 0.63-10 (bug #779488)
NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html
@@ -3052,8 +3106,7 @@
NOT-FOR-US: Fortinet FortiClient
CVE-2015-1569 (Fortinet FortiClient 5.2.028 for iOS does not validate certificates, ...)
NOT-FOR-US: Fortinet FortiClient
-CVE-2015-2305 [Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability]
- RESERVED
+CVE-2015-2305 (Integer overflow in the regcomp implementation in the Henry Spencer ...)
{DSA-3195-1}
- php5 5.6.6+dfsg-1 (low; bug #778389)
- olsrd <not-affected> (only when building on Android, see bug #778390)
@@ -3278,37 +3331,38 @@
NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=b3f04657368a32a9903406395f865e230b1de348
NOTE: http://www.openwall.com/lists/oss-security/2015/01/04/10
CVE-2014-9675 (bdf/bdflib.c in FreeType before 2.5.4 identifies property names by ...)
- {DSA-3188-1}
+ {DSA-3188-1 DLA-185-1}
- freetype 2.5.2-3 (bug #777656)
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7
NOTE: https://code.google.com/p/google-security-research/issues/detail?id=151
CVE-2014-9674 (The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType ...)
+ {DLA-185-1}
- freetype 2.5.2-3 (bug #777656)
NOTE: http://code.google.com/p/google-security-research/issues/detail?id=153
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=240c94a185cd8dae7d03059abec8a5662c35ecd3
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=cd4a5a26e591d01494567df9dec7f72d59551f6e
CVE-2014-9673 (Integer signedness error in the Mac_Read_POST_Resource function in ...)
- {DSA-3188-1}
+ {DSA-3188-1 DLA-185-1}
- freetype 2.5.2-3 (bug #777656)
NOTE: http://code.google.com/p/google-security-research/issues/detail?id=154
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=35252ae9aa1dd9343e9f4884e9ddb1fee10ef415
CVE-2014-9672 (Array index error in the parse_fond function in base/ftmac.c in ...)
- {DSA-3188-1}
+ {DSA-3188-1 DLA-185-1}
- freetype 2.5.2-3 (bug #777656)
NOTE: http://code.google.com/p/google-security-research/issues/detail?id=155
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=18a8f0d9943369449bc4de92d411c78fb08d616c
CVE-2014-9671 (Off-by-one error in the pcf_get_properties function in pcf/pcfread.c ...)
- {DSA-3188-1}
+ {DSA-3188-1 DLA-185-1}
- freetype 2.5.2-3 (bug #777656)
NOTE: http://code.google.com/p/google-security-research/issues/detail?id=157
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0e2f5d518c60e2978f26400d110eff178fa7e3c3
CVE-2014-9670 (Multiple integer signedness errors in the pcf_get_encodings function ...)
- {DSA-3188-1}
+ {DSA-3188-1 DLA-185-1}
- freetype 2.5.2-3 (bug #777656)
NOTE: http://code.google.com/p/google-security-research/issues/detail?id=158
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=ef1eba75187adfac750f326b563fe543dd5ff4e6
CVE-2014-9669 (Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 ...)
- {DSA-3188-1}
+ {DSA-3188-1 DLA-185-1}
- freetype 2.5.2-3 (bug #777656)
NOTE: http://code.google.com/p/google-security-research/issues/detail?id=163
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=602040b1112c9f94d68e200be59ea7ac3d104565
@@ -3319,16 +3373,17 @@
NOTE: http://code.google.com/p/google-security-research/issues/detail?id=164
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f46add13895337ece929b18bb8f036431b3fb538
CVE-2014-9667 (sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length ...)
- {DSA-3188-1}
+ {DSA-3188-1 DLA-185-1}
- freetype 2.5.2-3 (bug #777656)
NOTE: http://code.google.com/p/google-security-research/issues/detail?id=166
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=677ddf4f1dc1b36cef7c7ddd59a14c508f4b1891
CVE-2014-9666 (The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before ...)
- {DSA-3188-1}
+ {DSA-3188-1 DLA-185-1}
- freetype 2.5.2-3 (bug #777656)
NOTE: http://code.google.com/p/google-security-research/issues/detail?id=167
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=257c270bd25e15890190a28a1456e7623bba4439
CVE-2014-9665 (The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 ...)
+ {DLA-185-1}
- freetype 2.5.2-3 (bug #777656)
[wheezy] - freetype <not-affected> (Vulnerable code not present)
[squeeze] - freetype <not-affected> (Vulnerable code not present)
@@ -3336,13 +3391,13 @@
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=54abd22891bd51ef8b533b24df53b3019b5cee81
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=b3500af717010137046ec4076d1e1c0641e33727
CVE-2014-9664 (FreeType before 2.5.4 does not check for the end of the data during ...)
- {DSA-3188-1}
+ {DSA-3188-1 DLA-185-1}
- freetype 2.5.2-3 (bug #777656)
NOTE: http://code.google.com/p/google-security-research/issues/detail?id=183
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=73be9f9ab67842cfbec36ee99e8d2301434c84ca
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=dd89710f0f643eb0f99a3830e0712d26c7642acd
CVE-2014-9663 (The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before ...)
- {DSA-3188-1}
+ {DSA-3188-1 DLA-185-1}
- freetype 2.5.2-3 (bug #777656)
NOTE: http://code.google.com/p/google-security-research/issues/detail?id=184
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9bd20b7304aae61de5d50ac359cf27132bafd4c1
@@ -3353,13 +3408,13 @@
NOTE: http://code.google.com/p/google-security-research/issues/detail?id=185
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=5f201ab5c24cb69bc96b724fd66e739928d6c5e2
CVE-2014-9661 (type42/t42parse.c in FreeType before 2.5.4 does not consider that ...)
- {DSA-3188-1}
+ {DSA-3188-1 DLA-185-1}
- freetype 2.5.2-3 (bug #777656)
NOTE: http://code.google.com/p/google-security-research/issues/detail?id=187
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3788187e0c396952cd7d905c6c61f3ff8e84b2b4
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=42fcd6693ec7bd6ffc65ddc63e74287a65dda669
CVE-2014-9660 (The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before ...)
- {DSA-3188-1}
+ {DSA-3188-1 DLA-185-1}
- freetype 2.5.2-3 (bug #777656)
NOTE: http://code.google.com/p/google-security-research/issues/detail?id=188
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=af8346172a7b573715134f7a51e6c5c60fa7f2ab
@@ -3371,17 +3426,17 @@
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2cdc4562f873237f1c77d43540537c7a721d3fd8
NOTE: CVE due to incomplete fix for CVE-2014-2240
CVE-2014-9658 (The tt_face_load_kern function in sfnt/ttkern.c in FreeType before ...)
- {DSA-3188-1}
+ {DSA-3188-1 DLA-185-1}
- freetype 2.5.2-3 (bug #777656)
NOTE: http://code.google.com/p/google-security-research/issues/detail?id=194
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f70d9342e65cd2cb44e9f26b6d7edeedf191fc6c
CVE-2014-9657 (The tt_face_load_hdmx function in truetype/ttpload.c in FreeType ...)
- {DSA-3188-1}
+ {DSA-3188-1 DLA-185-1}
- freetype 2.5.2-3 (bug #777656)
NOTE: http://code.google.com/p/google-security-research/issues/detail?id=195
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=eca0f067068020870a429fe91f6329e499390d55
CVE-2014-9656 (The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType ...)
- {DSA-3188-1}
+ {DSA-3188-1 DLA-185-1}
- freetype 2.5.2-3 (bug #777656)
NOTE: http://code.google.com/p/google-security-research/issues/detail?id=196
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f0292bb9920aa1dbfed5f53861e7c7a89b35833a
@@ -3480,13 +3535,13 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=959433
NOTE: libbluray is only in wheezy and later and the issue is neutered by the kernel hardening for /tmp
NOTE: Affected code removed in 0.7.0-1 in experimental
-CVE-2013-7437 [possible heap overflow]
+CVE-2013-7437 (Multiple integer overflows in potrace 1.11 allow remote attackers to ...)
- potrace <unfixed> (bug #778646)
[wheezy] - potrace <no-dsa> (Minor issue)
[squeeze] - potrace <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=955808
NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/12
-CVE-2015-2785 [Out-of heap-based buffer write in GIF encoder]
+CVE-2015-2785 (The GIF encoder in Byzanz allows remote attackers to cause a denial of ...)
- byzanz <unfixed> (low; bug #778261)
[jessie] - byzanz <no-dsa> (Minor issue)
[squeeze] - byzanz <no-dsa> (Minor issue)
@@ -3664,8 +3719,7 @@
- icu 52.1-7.1 (bug #776719)
NOTE: https://ssl.icu-project.org/trac/changeset/36801
NOTE: https://chromium.googlesource.com/chromium/deps/icu/+/dd727641e190d60e4593bcb3a35c7f51eb4925c5
-CVE-2014-9653 [Malformed elf file causes access to uninitialized memory]
- RESERVED
+CVE-2014-9653 (readelf.c in file before 5.22, as used in the Fileinfo component in ...)
{DSA-3196-1}
- file 1:5.22+15-1 (bug #777585)
- php5 <not-affected> (readelf.c not used and even removed in 5.4.36-0+deb7u3)
@@ -4472,8 +4526,7 @@
[wheezy] - patch <not-affected> (Not affected by CVE-2015-1196 and no incomplete fix applied)
[squeeze] - patch <not-affected> (Not affected by CVE-2015-1196 and no incomplete fix applied)
NOTE: http://www.openwall.com/lists/oss-security/2015/01/24/3
-CVE-2015-1353 [PHP int overflow]
- RESERVED
+CVE-2015-1353 (Multiple integer overflows in the calendar extension in PHP through ...)
- php5 <unfixed> (unimportant)
NOTE: Not a security issue, plain bug
NOTE: https://github.com/MegaManSec/php-src/commit/a538d2f5605798422f2746636ecdc300f8ebcaa1
@@ -5064,14 +5117,14 @@
RESERVED
CVE-2015-1000
RESERVED
-CVE-2015-0999
- RESERVED
-CVE-2015-0998
- RESERVED
-CVE-2015-0997
- RESERVED
-CVE-2015-0996
- RESERVED
+CVE-2015-0999 (Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and ...)
+ TODO: check
+CVE-2015-0998 (Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and ...)
+ TODO: check
+CVE-2015-0997 (Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and ...)
+ TODO: check
+CVE-2015-0996 (Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and ...)
+ TODO: check
CVE-2015-0995
RESERVED
CVE-2015-0994
@@ -6044,10 +6097,10 @@
RESERVED
CVE-2015-0681
RESERVED
-CVE-2015-0680
- RESERVED
-CVE-2015-0679
- RESERVED
+CVE-2015-0680 (Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly ...)
+ TODO: check
+CVE-2015-0679 (The web-authentication functionality on Cisco Wireless LAN Controller ...)
+ TODO: check
CVE-2015-0678
RESERVED
CVE-2015-0677
@@ -6088,8 +6141,8 @@
NOT-FOR-US: Cisco
CVE-2015-0659 (The Autonomic Networking Infrastructure (ANI) implementation in Cisco ...)
NOT-FOR-US: Cisco
-CVE-2015-0658
- RESERVED
+CVE-2015-0658 (The DHCP implementation in the PowerOn Auto Provisioning (POAP) ...)
+ TODO: check
CVE-2015-0657 (Cisco IOS XR allows remote attackers to cause a denial of service ...)
NOT-FOR-US: Cisco
CVE-2015-0656 (Cross-site scripting (XSS) vulnerability in the login page in Cisco ...)
@@ -6420,15 +6473,13 @@
[wheezy] - openjdk-6 <no-dsa> (Can be fixed when/if fixed in an Oracle CPU update)
NOTE: Reported to Oracle, no reply so far
NOTE: http://www.openwall.com/lists/oss-security/2015/01/16/2
-CVE-2015-1352 [Null Pointer Deference in pgsql]
- RESERVED
+CVE-2015-1352 (The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) ...)
{DSA-3195-1}
- php5 5.6.6+dfsg-2 (bug #777036)
[squeeze] - php5 <not-affected> (vulnerable code (build_tablename()) introduced later)
NOTE: https://bugs.php.net/bug.php?id=68741
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=124fb22a13fafa3648e4e15b4f207c7096d8155e
-CVE-2015-1351 [Use after free in 'opcache' component of PHP]
- RESERVED
+CVE-2015-1351 (Use-after-free vulnerability in the _zend_shared_memdup function in ...)
- php5 5.6.6+dfsg-2 (bug #777033)
[squeeze] - php5 <not-affected> (opcache introduced in 5.5)
[wheezy] - php5 <not-affected> (opcache introduced in 5.5)
@@ -7019,8 +7070,7 @@
RESERVED
CVE-2015-0529
RESERVED
-CVE-2015-0528
- RESERVED
+CVE-2015-0528 (The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, ...)
NOT-FOR-US: EMC Isilon OneFS
CVE-2015-0527 (EMC Documentum xCelerated Management System (xMS) 1.1 before P14 ...)
NOT-FOR-US: EMC
@@ -7609,8 +7659,7 @@
NOTE: http://hg.rabbitmq.com/rabbitmq-management/rev/c3c41177a11a
NOTE: http://hg.rabbitmq.com/rabbitmq-management/rev/35e916df027d
NOTE: http://www.rabbitmq.com/release-notes/README-3.4.0.txt
-CVE-2014-9652 [out-of-bounds memory access]
- RESERVED
+CVE-2014-9652 (The mconvert function in softmagic.c in file before 5.21, as used in ...)
{DSA-3126-1 DSA-3121-1}
- file 1:5.21+15-1
[squeeze] - file <not-affected> (The code was not vulnerable, confirmed with Valgrind on the test data submitted to upstream)
@@ -7982,8 +8031,8 @@
NOT-FOR-US: CIMON CmnView
CVE-2014-9206 (Stack-based buffer overflow in Device Type Manager (DTM) 3.1.6 and ...)
NOT-FOR-US: Schneider Electric Invensys
-CVE-2014-9205
- RESERVED
+CVE-2014-9205 (Stack-based buffer overflow in the PmBase64Decode function in an ...)
+ TODO: check
CVE-2014-9204
RESERVED
CVE-2014-9203 (Buffer overflow in the Field Device Tool (FDT) Frame application in ...)
@@ -8913,8 +8962,7 @@
- linux-2.6 <not-affected> (Introduced in v3.11-rc1)
NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8275cdd0e7ac550dcce2b3ef6d2fb3b808c1ae59 (v3.15-rc5)
NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e461fcb194172b3f709e0b478d2ac1bdac7ab9a3 (v3.11-rc1)
-CVE-2015-0273 [use after free vulnerability in unserialize() with DateTimeZone]
- RESERVED
+CVE-2015-0273 (Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP ...)
{DSA-3195-1}
- php5 5.6.6+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=68942
@@ -11951,8 +11999,7 @@
NOTE: up to 2014.1.3 and 2014.2 version up to 2014.2.1
CVE-2014-8122 (Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 ...)
NOT-FOR-US: JBoss Weld
-CVE-2014-8121 [glibc: nss_files file management issue causes Samba infinite loop]
- RESERVED
+CVE-2014-8121 (DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in ...)
- glibc <unfixed> (low; bug #779587)
- eglibc <removed> (low)
CVE-2014-8120 (The agent in Thermostat before 1.0.6, when using unspecified ...)
@@ -18184,10 +18231,10 @@
NOT-FOR-US: ABB RobotStudio
CVE-2014-5429 (DNP Master Driver 3.02 and earlier in Elipse SCADA 2.29 build 141 and ...)
NOT-FOR-US: Elipse SCADA
-CVE-2014-5428
- RESERVED
-CVE-2014-5427
- RESERVED
+CVE-2014-5428 (Unrestricted file upload vulnerability in unspecified web services in ...)
+ TODO: check
+CVE-2014-5427 (Johnson Controls Metasys 4.1 through 6.5, as used in Application and ...)
+ TODO: check
CVE-2014-5426 (MatrikonOPC OPC Server for DNP3 1.2.3 and earlier allows remote ...)
NOT-FOR-US: MatrikonOPC
CVE-2014-5425 (IOServer before Beta2112.exe allows remote attackers to cause a denial ...)
@@ -22808,8 +22855,7 @@
[squeeze] - curl <not-affected> (affects versions 7.31.0 and later)
NOTE: http://curl.haxx.se/docs/adv_20140910B.html
NOTE: Introduced by https://github.com/bagder/curl/commit/85b9dc8023
-CVE-2014-3619 [fragment header infinite loop DoS]
- RESERVED
+CVE-2014-3619 (The __socket_proto_state_machine function in GlusterFS 3.5 allows ...)
[experimental] - glusterfs 3.6.2-1
- glusterfs 3.5.2-2 (bug #781018)
[wheezy] - glusterfs <not-affected> (Vulnerability introduced after 3.2 release)
@@ -34792,8 +34838,7 @@
RESERVED
CVE-2013-6502
RESERVED
-CVE-2013-6501
- RESERVED
+CVE-2013-6501 (The default soap.wsdl_cache_dir setting in (1) php.ini-production and ...)
- php5 <unfixed>
[wheezy] - php5 <no-dsa> (Minor issue, can be fixed in a future DSA)
CVE-2013-6500
@@ -46141,8 +46186,7 @@
NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=974813
NOTE: http://www.openwall.com/lists/oss-security/2013/09/05/4
-CVE-2013-2184 [unsafe use of Storable::thaw]
- RESERVED
+CVE-2013-2184 (Movable Type before 5.2.6 does not properly use the Storable::thaw ...)
{DSA-3183-1}
- movabletype-opensource 5.2.7+dfsg-1 (bug #712602)
[squeeze] - movabletype-opensource <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list