[Secure-testing-commits] r34253 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed May 13 21:10:17 UTC 2015
Author: sectracker
Date: 2015-05-13 21:10:17 +0000 (Wed, 13 May 2015)
New Revision: 34253
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-05-13 20:38:14 UTC (rev 34252)
+++ data/CVE/list 2015-05-13 21:10:17 UTC (rev 34253)
@@ -1,6 +1,332 @@
+CVE-2015-3981 (SAP NetWeaver RFC SDK allows attackers to obtain sensitive information ...)
+ TODO: check
+CVE-2015-3980 (SQL injection vulnerability in the Business Rules Framework ...)
+ TODO: check
+CVE-2015-3979 (Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) ...)
+ TODO: check
+CVE-2015-3978 (SAP Sybase Unwired Platform Online Data Proxy allows local users to ...)
+ TODO: check
+CVE-2015-3977
+ RESERVED
+CVE-2015-3976
+ RESERVED
+CVE-2015-3975
+ RESERVED
+CVE-2015-3974
+ RESERVED
+CVE-2015-3973
+ RESERVED
+CVE-2015-3972
+ RESERVED
+CVE-2015-3971
+ RESERVED
+CVE-2015-3970
+ RESERVED
+CVE-2015-3969
+ RESERVED
+CVE-2015-3968
+ RESERVED
+CVE-2015-3967
+ RESERVED
+CVE-2015-3966
+ RESERVED
+CVE-2015-3965
+ RESERVED
+CVE-2015-3964
+ RESERVED
+CVE-2015-3963
+ RESERVED
+CVE-2015-3962
+ RESERVED
+CVE-2015-3961
+ RESERVED
+CVE-2015-3960
+ RESERVED
+CVE-2015-3959
+ RESERVED
+CVE-2015-3958
+ RESERVED
+CVE-2015-3957
+ RESERVED
+CVE-2015-3956
+ RESERVED
+CVE-2015-3955
+ RESERVED
+CVE-2015-3954
+ RESERVED
+CVE-2015-3953
+ RESERVED
+CVE-2015-3952
+ RESERVED
+CVE-2015-3951
+ RESERVED
+CVE-2015-3950
+ RESERVED
+CVE-2015-3949
+ RESERVED
+CVE-2015-3948
+ RESERVED
+CVE-2015-3947
+ RESERVED
+CVE-2015-3946
+ RESERVED
+CVE-2015-3945
+ RESERVED
+CVE-2015-3944
+ RESERVED
+CVE-2015-3943
+ RESERVED
+CVE-2015-3942
+ RESERVED
+CVE-2015-3941
+ RESERVED
+CVE-2015-3940
+ RESERVED
+CVE-2015-3939
+ RESERVED
+CVE-2015-3938
+ RESERVED
+CVE-2015-3937
+ RESERVED
+CVE-2015-3936
+ RESERVED
+CVE-2015-3935
+ RESERVED
+CVE-2015-3934
+ RESERVED
+CVE-2015-3933
+ RESERVED
+CVE-2015-3932
+ RESERVED
+CVE-2015-3931
+ RESERVED
+CVE-2015-3930
+ RESERVED
+CVE-2015-3929
+ RESERVED
+CVE-2015-3928
+ RESERVED
+CVE-2015-3927
+ RESERVED
+CVE-2015-3926
+ RESERVED
+CVE-2015-3925
+ RESERVED
+CVE-2015-3924
+ RESERVED
+CVE-2015-3923
+ RESERVED
+CVE-2015-3922
+ RESERVED
+CVE-2015-3921
+ RESERVED
+CVE-2015-3920
+ RESERVED
+CVE-2015-3919
+ RESERVED
+CVE-2015-3918
+ RESERVED
+CVE-2015-3917
+ RESERVED
+CVE-2015-3916
+ RESERVED
+CVE-2015-3915
+ RESERVED
+CVE-2015-3914
+ RESERVED
+CVE-2015-3913
+ RESERVED
+CVE-2015-3912
+ RESERVED
+CVE-2015-3911
+ RESERVED
+CVE-2015-3910
+ RESERVED
+CVE-2015-3909
+ RESERVED
+CVE-2015-3908
+ RESERVED
+CVE-2015-3907
+ RESERVED
+CVE-2015-3906
+ RESERVED
+CVE-2015-3905
+ RESERVED
+CVE-2015-3904
+ RESERVED
+CVE-2015-3901
+ RESERVED
+CVE-2015-3900
+ RESERVED
+CVE-2015-3899
+ RESERVED
+CVE-2015-3898
+ RESERVED
+CVE-2015-3897
+ RESERVED
+CVE-2015-3896
+ RESERVED
+CVE-2015-3895
+ RESERVED
+CVE-2015-3894
+ RESERVED
+CVE-2015-3893
+ RESERVED
+CVE-2015-3892
+ RESERVED
+CVE-2015-3891
+ RESERVED
+CVE-2015-3890
+ RESERVED
+CVE-2015-3889
+ RESERVED
+CVE-2015-3888
+ RESERVED
+CVE-2015-3887
+ RESERVED
+CVE-2015-3886
+ RESERVED
+CVE-2015-3884
+ RESERVED
+CVE-2015-3883
+ RESERVED
+CVE-2015-3882
+ RESERVED
+CVE-2015-3881
+ RESERVED
+CVE-2015-3879
+ RESERVED
+CVE-2015-3878
+ RESERVED
+CVE-2015-3877
+ RESERVED
+CVE-2015-3876
+ RESERVED
+CVE-2015-3875
+ RESERVED
+CVE-2015-3874
+ RESERVED
+CVE-2015-3873
+ RESERVED
+CVE-2015-3872
+ RESERVED
+CVE-2015-3871
+ RESERVED
+CVE-2015-3870
+ RESERVED
+CVE-2015-3869
+ RESERVED
+CVE-2015-3868
+ RESERVED
+CVE-2015-3867
+ RESERVED
+CVE-2015-3866
+ RESERVED
+CVE-2015-3865
+ RESERVED
+CVE-2015-3864
+ RESERVED
+CVE-2015-3863
+ RESERVED
+CVE-2015-3862
+ RESERVED
+CVE-2015-3861
+ RESERVED
+CVE-2015-3860
+ RESERVED
+CVE-2015-3859
+ RESERVED
+CVE-2015-3858
+ RESERVED
+CVE-2015-3857
+ RESERVED
+CVE-2015-3856
+ RESERVED
+CVE-2015-3855
+ RESERVED
+CVE-2015-3854
+ RESERVED
+CVE-2015-3853
+ RESERVED
+CVE-2015-3852
+ RESERVED
+CVE-2015-3851
+ RESERVED
+CVE-2015-3850
+ RESERVED
+CVE-2015-3849
+ RESERVED
+CVE-2015-3848
+ RESERVED
+CVE-2015-3847
+ RESERVED
+CVE-2015-3846
+ RESERVED
+CVE-2015-3845
+ RESERVED
+CVE-2015-3844
+ RESERVED
+CVE-2015-3843
+ RESERVED
+CVE-2015-3842
+ RESERVED
+CVE-2015-3841
+ RESERVED
+CVE-2015-3840
+ RESERVED
+CVE-2015-3839
+ RESERVED
+CVE-2015-3838
+ RESERVED
+CVE-2015-3837
+ RESERVED
+CVE-2015-3836
+ RESERVED
+CVE-2015-3835
+ RESERVED
+CVE-2015-3834
+ RESERVED
+CVE-2015-3833
+ RESERVED
+CVE-2015-3832
+ RESERVED
+CVE-2015-3831
+ RESERVED
+CVE-2015-3830
+ RESERVED
+CVE-2015-3829
+ RESERVED
+CVE-2015-3828
+ RESERVED
+CVE-2015-3827
+ RESERVED
+CVE-2015-3826
+ RESERVED
+CVE-2015-3825
+ RESERVED
+CVE-2015-3824
+ RESERVED
+CVE-2015-3823
+ RESERVED
+CVE-2015-3822
+ RESERVED
+CVE-2015-3821
+ RESERVED
+CVE-2015-3820
+ RESERVED
+CVE-2015-3819
+ RESERVED
+CVE-2015-3818
+ RESERVED
+CVE-2015-3817
+ RESERVED
+CVE-2015-3816
+ RESERVED
CVE-2015-3903 [phpmyadmin PMASA-2015-3 A vulnerability in the API call to GitHub can be exploited to perform a man-in-the-middle attack.]
+ RESERVED
- phpmyadmin <unfixed> (unimportant)
CVE-2015-3902 [phpmyadmin PMASA-2015-2 XSRF/CSRF vulnerability in phpMyAdmin setup.]
+ RESERVED
- phpmyadmin <unfixed> (unimportant)
CVE-2015-XXXX [drivers/vhost/scsi.c: potential memory corruption]
- linux 4.0.2-1
@@ -377,6 +703,7 @@
CVE-2015-3644
RESERVED
CVE-2015-3885 [dcraw imput sanitization errors]
+ RESERVED
- dcraw <unfixed> (bug #785019)
- ufraw <unfixed>
- libraw <unfixed>
@@ -391,6 +718,7 @@
NOTE: https://codesearch.debian.net/results/int%20CLASS%20ljpeg_start
TODO: check still needed (list complete? affected versions?)
CVE-2015-3880 [open redirect]
+ RESERVED
- phpbb3 3.0.14-1
[jessie] - phpbb3 <no-dsa> (Minor issue)
[wheezy] - phpbb3 <no-dsa> (Minor issue)
@@ -527,8 +855,8 @@
RESERVED
CVE-2015-3621
RESERVED
-CVE-2015-3620
- RESERVED
+CVE-2015-3620 (Cross-site scripting (XSS) vulnerability in the advanced dataset ...)
+ TODO: check
CVE-2015-3619
RESERVED
CVE-2015-3618
@@ -897,8 +1225,7 @@
CVE-2015-XXXX [Saltstack SSL verification disabling for alibabab cloud module]
- salt <not-affected> (Vulnerable code not present in the version in Debian stable/unstable)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/02/1
-CVE-2015-3646 [Potential Keystone cache backend password leak in log]
- RESERVED
+CVE-2015-3646 (OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before ...)
- keystone 2015.1.0-1
[jessie] - keystone <no-dsa> (Minor issue)
[wheezy] - keystone <not-affected> (Vulnerable code not present)
@@ -917,6 +1244,7 @@
TODO: check
CVE-2015-3456 [vulnerability in QEMU's virtual Floppy Disk Controller]
RESERVED
+ {DSA-3259-1}
- qemu <unfixed>
- qemu-kvm <removed>
- xen 4.4.0-1
@@ -939,8 +1267,7 @@
TODO: check
CVE-2015-3447 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
TODO: check
-CVE-2015-3622 [Heap overflow / invalid read]
- RESERVED
+CVE-2015-3622 (The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 ...)
{DSA-3256-1}
- libtasn1-6 4.4-3
- libtasn1-3 <not-affected> (Introduced with 3.6)
@@ -1064,8 +1391,7 @@
- wordpress 4.2+dfsg-1 (bug #783347)
NOTE: http://codex.wordpress.org/Version_4.1.2
NOTE: https://wordpress.org/news/2015/04/wordpress-4-1-2/
-CVE-2015-3451 [XEE]
- RESERVED
+CVE-2015-3451 (The _clone function in XML::LibXML before 2.0119 does not properly set ...)
{DSA-3243-1 DLA-214-1}
- libxml-libxml-perl 2.0116+dfsg-2 (bug #783443)
NOTE: http://www.openwall.com/lists/oss-security/2015/04/25/2
@@ -1825,102 +2151,102 @@
RESERVED
CVE-2015-3094
RESERVED
-CVE-2015-3093
- RESERVED
-CVE-2015-3092
- RESERVED
-CVE-2015-3091
- RESERVED
-CVE-2015-3090
- RESERVED
-CVE-2015-3089
- RESERVED
-CVE-2015-3088
- RESERVED
-CVE-2015-3087
- RESERVED
-CVE-2015-3086
- RESERVED
-CVE-2015-3085
- RESERVED
-CVE-2015-3084
- RESERVED
-CVE-2015-3083
- RESERVED
-CVE-2015-3082
- RESERVED
-CVE-2015-3081
- RESERVED
-CVE-2015-3080
- RESERVED
-CVE-2015-3079
- RESERVED
-CVE-2015-3078
- RESERVED
-CVE-2015-3077
- RESERVED
-CVE-2015-3076
- RESERVED
-CVE-2015-3075
- RESERVED
-CVE-2015-3074
- RESERVED
-CVE-2015-3073
- RESERVED
-CVE-2015-3072
- RESERVED
-CVE-2015-3071
- RESERVED
-CVE-2015-3070
- RESERVED
-CVE-2015-3069
- RESERVED
-CVE-2015-3068
- RESERVED
-CVE-2015-3067
- RESERVED
-CVE-2015-3066
- RESERVED
-CVE-2015-3065
- RESERVED
-CVE-2015-3064
- RESERVED
-CVE-2015-3063
- RESERVED
-CVE-2015-3062
- RESERVED
-CVE-2015-3061
- RESERVED
-CVE-2015-3060
- RESERVED
-CVE-2015-3059
- RESERVED
-CVE-2015-3058
- RESERVED
-CVE-2015-3057
- RESERVED
-CVE-2015-3056
- RESERVED
-CVE-2015-3055
- RESERVED
-CVE-2015-3054
- RESERVED
-CVE-2015-3053
- RESERVED
-CVE-2015-3052
- RESERVED
-CVE-2015-3051
- RESERVED
-CVE-2015-3050
- RESERVED
-CVE-2015-3049
- RESERVED
-CVE-2015-3048
- RESERVED
-CVE-2015-3047
- RESERVED
-CVE-2015-3046
- RESERVED
+CVE-2015-3093 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...)
+ TODO: check
+CVE-2015-3092 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...)
+ TODO: check
+CVE-2015-3091 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...)
+ TODO: check
+CVE-2015-3090 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...)
+ TODO: check
+CVE-2015-3089 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...)
+ TODO: check
+CVE-2015-3088 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.289 and ...)
+ TODO: check
+CVE-2015-3087 (Integer overflow in Adobe Flash Player before 13.0.0.289 and 14.x ...)
+ TODO: check
+CVE-2015-3086 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...)
+ TODO: check
+CVE-2015-3085 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...)
+ TODO: check
+CVE-2015-3084 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...)
+ TODO: check
+CVE-2015-3083 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...)
+ TODO: check
+CVE-2015-3082 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...)
+ TODO: check
+CVE-2015-3081 (Race condition in Adobe Flash Player before 13.0.0.289 and 14.x ...)
+ TODO: check
+CVE-2015-3080 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.289 ...)
+ TODO: check
+CVE-2015-3079 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...)
+ TODO: check
+CVE-2015-3078 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...)
+ TODO: check
+CVE-2015-3077 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...)
+ TODO: check
+CVE-2015-3076 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
+ TODO: check
+CVE-2015-3075 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
+ TODO: check
+CVE-2015-3074 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
+ TODO: check
+CVE-2015-3073 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
+ TODO: check
+CVE-2015-3072 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
+ TODO: check
+CVE-2015-3071 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
+ TODO: check
+CVE-2015-3070 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
+ TODO: check
+CVE-2015-3069 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
+ TODO: check
+CVE-2015-3068 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
+ TODO: check
+CVE-2015-3067 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
+ TODO: check
+CVE-2015-3066 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
+ TODO: check
+CVE-2015-3065 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
+ TODO: check
+CVE-2015-3064 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
+ TODO: check
+CVE-2015-3063 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
+ TODO: check
+CVE-2015-3062 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
+ TODO: check
+CVE-2015-3061 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
+ TODO: check
+CVE-2015-3060 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
+ TODO: check
+CVE-2015-3059 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
+ TODO: check
+CVE-2015-3058 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
+ TODO: check
+CVE-2015-3057 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
+ TODO: check
+CVE-2015-3056 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
+ TODO: check
+CVE-2015-3055 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
+ TODO: check
+CVE-2015-3054 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
+ TODO: check
+CVE-2015-3053 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
+ TODO: check
+CVE-2015-3052 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
+ TODO: check
+CVE-2015-3051 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
+ TODO: check
+CVE-2015-3050 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
+ TODO: check
+CVE-2015-3049 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
+ TODO: check
+CVE-2015-3048 (Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.14 and ...)
+ TODO: check
+CVE-2015-3047 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
+ TODO: check
+CVE-2015-3046 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
+ TODO: check
CVE-2015-3045
RESERVED
CVE-2015-3044 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
@@ -2426,14 +2752,14 @@
RESERVED
CVE-2015-2846 (BitTorrent Sync allows remote attackers to execute arbitrary commands ...)
- btsync <itp> (bug #706639)
-CVE-2015-2845
- RESERVED
-CVE-2015-2844
- RESERVED
-CVE-2015-2843
- RESERVED
-CVE-2015-2842
- RESERVED
+CVE-2015-2845 (The cpanel function in go_site.php in GoAutoDial GoAdmin CE before ...)
+ TODO: check
+CVE-2015-2844 (The cpanel function in go_site.php in GoAutoDial GoAdmin CE before ...)
+ TODO: check
+CVE-2015-2843 (Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before ...)
+ TODO: check
+CVE-2015-2842 (Unrestricted file upload vulnerability in go_audiostore.php in the ...)
+ TODO: check
CVE-2015-2841 (Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote ...)
NOT-FOR-US: Citrix NetScaler
CVE-2015-2840 (Cross-site scripting (XSS) vulnerability in help/rt/large_search.html ...)
@@ -2532,8 +2858,8 @@
- linux 3.16.7-ckt9-1
- linux-2.6 <removed>
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6fd99094de2b83d1d4c8457f2c83483b2828e75a
-CVE-2015-2829
- RESERVED
+CVE-2015-2829 (Citrix NetScaler Application Delivery Controller (ADC) and NetScaler ...)
+ TODO: check
CVE-2015-2828 (CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate ...)
NOT-FOR-US: CA Spectrum
CVE-2015-2827 (Cross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x and ...)
@@ -2786,6 +3112,7 @@
- arj 3.10.22-13 (bug #774015)
NOTE: http://www.openwall.com/lists/oss-security/2015/03/28/5
CVE-2015-2756 (QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict ...)
+ {DSA-3259-1}
- xen 4.2.0~rc2-1 (bug #781620)
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
- qemu <unfixed>
@@ -2889,6 +3216,7 @@
[squeeze] - iceweasel <not-affected> (Only affects 37.x)
CVE-2015-2716
RESERVED
+ {DSA-3260-1}
- iceweasel 38.0-1
[squeeze] - iceweasel <end-of-life>
- icedove <unfixed>
@@ -2905,6 +3233,7 @@
- iceweasel <not-affected> (Only affects Firefox on Android)
CVE-2015-2713
RESERVED
+ {DSA-3260-1}
- iceweasel 38.0-1
[squeeze] - iceweasel <end-of-life>
- icedove <unfixed>
@@ -2924,6 +3253,7 @@
[squeeze] - iceweasel <not-affected> (Only affects 37.x)
CVE-2015-2710
RESERVED
+ {DSA-3260-1}
- iceweasel 38.0-1
[squeeze] - iceweasel <end-of-life>
- icedove <unfixed>
@@ -2938,6 +3268,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-46/
CVE-2015-2708
RESERVED
+ {DSA-3260-1}
- iceweasel 38.0-1
[squeeze] - iceweasel <end-of-life>
- icedove <unfixed>
@@ -3054,8 +3385,7 @@
RESERVED
CVE-2015-2669
RESERVED
-CVE-2015-2668 [Infinite loop condition on a crafted "xz" archive file]
- RESERVED
+CVE-2015-2668 (ClamAV before 0.98.7 allows remote attackers to cause a denial of ...)
- clamav 0.98.7+dfsg-1
[wheezy] - clamav <no-dsa> (Clamav is only updated through -updates)
[jessie] - clamav <no-dsa> (Clamav is only updated through -updates)
@@ -3723,6 +4053,7 @@
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339 (v3.19-rc1)
NOTE: http://www.openwall.com/lists/oss-security/2015/03/24/11
CVE-2014-9718 (The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in ...)
+ {DSA-3259-1}
- qemu <unfixed> (unimportant; bug #781250)
- qemu-kvm <removed> (unimportant)
NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3251bdcf1c67427d964517053c3d185b46e618e8 (v2.2.0-rc2)
@@ -4271,10 +4602,10 @@
RESERVED
CVE-2015-2235
REJECTED
-CVE-2015-2234
- RESERVED
-CVE-2015-2233
- RESERVED
+CVE-2015-2234 (Race condition in Lenovo System Update (formerly ThinkVantage System ...)
+ TODO: check
+CVE-2015-2233 (Lenovo System Update (formerly ThinkVantage System Update) before ...)
+ TODO: check
CVE-2015-2232
RESERVED
CVE-2015-2231
@@ -4295,14 +4626,12 @@
RESERVED
CVE-2015-2223 (Multiple cross-site scripting (XSS) vulnerabilities in Palo Alto ...)
NOT-FOR-US: Palo Alto Networks Traps
-CVE-2015-2222 [Crash on crafted petite packed file]
- RESERVED
+CVE-2015-2222 (ClamAV before 0.98.7 allows remote attackers to cause a denial of ...)
- clamav 0.98.7+dfsg-1
[wheezy] - clamav <no-dsa> (Clamav is only updated through -updates)
[jessie] - clamav <no-dsa> (Clamav is only updated through -updates)
NOTE: https://github.com/vrtadmin/clamav-devel/commit/8aeedf3c4282bc916d6f6c290e1e530d125ec953
-CVE-2015-2221 [Infinite loop condition on crafted y0da cryptor file]
- RESERVED
+CVE-2015-2221 (ClamAV before 0.98.7 allows remote attackers to cause a denial of ...)
- clamav 0.98.7+dfsg-1
[wheezy] - clamav <no-dsa> (Clamav is only updated through -updates)
[jessie] - clamav <no-dsa> (Clamav is only updated through -updates)
@@ -4310,8 +4639,8 @@
NOTE: https://github.com/vrtadmin/clamav-devel/commit/26b19809fb3b940cb0fda0422d685fff02a53b5f
CVE-2015-2220 (Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms ...)
NOT-FOR-US: Ninja Forms plugin for WordPress
-CVE-2015-2219
- RESERVED
+CVE-2015-2219 (Lenovo System Update (formerly ThinkVantage System Update) before ...)
+ TODO: check
CVE-2015-2218 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
NOT-FOR-US: wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin for WordPress
CVE-2015-2217 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate PHP ...)
@@ -4454,8 +4783,7 @@
- zope2.12 2.12.10-1
CVE-2015-2171 (Middleware/SessionCookie.php in Slim before 2.6.0 allows remote ...)
NOT-FOR-US: Slim PHP Framework
-CVE-2015-2170 [Crash in upx decoder with crafted file]
- RESERVED
+CVE-2015-2170 (The upx decoder in ClamAV before 0.98.7 allows remote attackers to ...)
- clamav 0.98.7+dfsg-1
[wheezy] - clamav <no-dsa> (Clamav is only updated through -updates)
[jessie] - clamav <no-dsa> (Clamav is only updated through -updates)
@@ -5151,8 +5479,8 @@
RESERVED
CVE-2015-1882 (Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 ...)
TODO: check
-CVE-2015-1880
- RESERVED
+CVE-2015-1880 (Cross-site scripting (XSS) vulnerability in sslvpn login page in ...)
+ TODO: check
CVE-2015-1879 (Cross-site scripting (XSS) vulnerability in the Google Doc Embedder ...)
NOT-FOR-US: Google Doc Embedder plugin for WordPress
CVE-2015-2042 (net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect ...)
@@ -5238,8 +5566,7 @@
NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-1861
RESERVED
-CVE-2015-1860 [segmentation fault in qgifhandler.cpp]
- RESERVED
+CVE-2015-1860 (Multiple buffer overflows in the QtBase module in Qt before 4.8.7 and ...)
{DLA-210-1}
- qt4-x11 4:4.8.6+git155-g716fbae+dfsg-2 (bug #783133)
[jessie] - qt4-x11 <no-dsa> (Minor issue)
@@ -5247,8 +5574,7 @@
- qtbase-opensource-src 5.3.2+dfsg-5 (bug #783134)
[jessie] - qtbase-opensource-src <no-dsa> (Minor issue)
NOTE: http://lists.qt-project.org/pipermail/announce/2015-April/000067.html
-CVE-2015-1859 [segmentation fault in qicohandler.cpp]
- RESERVED
+CVE-2015-1859 (Multiple buffer overflows in the QtBase module in Qt before 4.8.7 and ...)
{DLA-210-1}
- qt4-x11 4:4.8.6+git155-g716fbae+dfsg-2 (bug #783133)
[jessie] - qt4-x11 <no-dsa> (Minor issue)
@@ -5256,8 +5582,7 @@
- qtbase-opensource-src 5.3.2+dfsg-5 (bug #783134)
[jessie] - qtbase-opensource-src <no-dsa> (Minor issue)
NOTE: http://lists.qt-project.org/pipermail/announce/2015-April/000067.html
-CVE-2015-1858 [segmentation fault in qbmphandler.cpp]
- RESERVED
+CVE-2015-1858 (Multiple buffer overflows in the QtBase module in Qt before 4.8.7 and ...)
{DLA-210-1}
- qt4-x11 4:4.8.6+git155-g716fbae+dfsg-2 (bug #783133)
[jessie] - qt4-x11 <no-dsa> (Minor issue)
@@ -5525,6 +5850,7 @@
NOT-FOR-US: oVirt Engine backend
CVE-2015-1779 [denial of service in VNC web]
RESERVED
+ {DSA-3259-1}
- qemu <unfixed> (bug #781250)
[wheezy] - qemu <not-affected> (Websocket protocol support introduced in v1.4.0-rc0)
[squeeze] - qemu <not-affected> (Websocket protocol support introduced in v1.4.0-rc0)
@@ -5658,104 +5984,104 @@
RESERVED
CVE-2015-1719
RESERVED
-CVE-2015-1718
- RESERVED
-CVE-2015-1717
- RESERVED
-CVE-2015-1716
- RESERVED
-CVE-2015-1715
- RESERVED
-CVE-2015-1714
- RESERVED
-CVE-2015-1713
- RESERVED
-CVE-2015-1712
- RESERVED
-CVE-2015-1711
- RESERVED
-CVE-2015-1710
- RESERVED
-CVE-2015-1709
- RESERVED
-CVE-2015-1708
- RESERVED
+CVE-2015-1718 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2015-1717 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2015-1716 (Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, ...)
+ TODO: check
+CVE-2015-1715 (Microsoft Silverlight 5 before 5.1.40416.00 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1714 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1713 (Microsoft Internet Explorer 11 allows remote attackers to gain ...)
+ TODO: check
+CVE-2015-1712 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
+ TODO: check
+CVE-2015-1711 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2015-1710 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1709 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1708 (Microsoft Internet Explorer 7 and 8 allows remote attackers to execute ...)
+ TODO: check
CVE-2015-1707
RESERVED
-CVE-2015-1706
- RESERVED
-CVE-2015-1705
- RESERVED
-CVE-2015-1704
- RESERVED
-CVE-2015-1703
- RESERVED
-CVE-2015-1702
- RESERVED
-CVE-2015-1701 (Unspecified vulnerability in Microsoft Windows before 8 allows local ...)
+CVE-2015-1706 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2015-1705 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1704 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1703 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1702 (The Service Control Manager (SCM) in Microsoft Windows Server 2003 ...)
+ TODO: check
+CVE-2015-1701 (Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
NOT-FOR-US: Microsoft Windows
-CVE-2015-1700
- RESERVED
-CVE-2015-1699
- RESERVED
-CVE-2015-1698
- RESERVED
-CVE-2015-1697
- RESERVED
-CVE-2015-1696
- RESERVED
-CVE-2015-1695
- RESERVED
-CVE-2015-1694
- RESERVED
+CVE-2015-1700 (Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, ...)
+ TODO: check
+CVE-2015-1699 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
+ TODO: check
+CVE-2015-1698 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
+ TODO: check
+CVE-2015-1697 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
+ TODO: check
+CVE-2015-1696 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
+ TODO: check
+CVE-2015-1695 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
+ TODO: check
+CVE-2015-1694 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
CVE-2015-1693
RESERVED
-CVE-2015-1692
- RESERVED
-CVE-2015-1691
- RESERVED
+CVE-2015-1692 (Microsoft Internet Explorer 7 through 11 allows user-assisted remote ...)
+ TODO: check
+CVE-2015-1691 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
+ TODO: check
CVE-2015-1690
RESERVED
-CVE-2015-1689
- RESERVED
-CVE-2015-1688
- RESERVED
+CVE-2015-1689 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1688 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
+ TODO: check
CVE-2015-1687
RESERVED
-CVE-2015-1686
- RESERVED
-CVE-2015-1685
- RESERVED
-CVE-2015-1684
- RESERVED
-CVE-2015-1683
- RESERVED
-CVE-2015-1682
- RESERVED
-CVE-2015-1681
- RESERVED
-CVE-2015-1680
- RESERVED
-CVE-2015-1679
- RESERVED
-CVE-2015-1678
- RESERVED
-CVE-2015-1677
- RESERVED
-CVE-2015-1676
- RESERVED
-CVE-2015-1675
- RESERVED
-CVE-2015-1674
- RESERVED
-CVE-2015-1673
- RESERVED
-CVE-2015-1672
- RESERVED
-CVE-2015-1671
- RESERVED
-CVE-2015-1670
- RESERVED
+CVE-2015-1686 (The Microsoft (1) VBScript 5.6 through 5.8 and (2) JScript 5.6 through ...)
+ TODO: check
+CVE-2015-1685 (Microsoft Internet Explorer 11 allows remote attackers to bypass the ...)
+ TODO: check
+CVE-2015-1684 (VBScript.dll in the Microsoft VBScript 5.6 through 5.8 engine, as used ...)
+ TODO: check
+CVE-2015-1683 (Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary ...)
+ TODO: check
+CVE-2015-1682 (Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word ...)
+ TODO: check
+CVE-2015-1681 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
+ TODO: check
+CVE-2015-1680 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows ...)
+ TODO: check
+CVE-2015-1679 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows ...)
+ TODO: check
+CVE-2015-1678 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows ...)
+ TODO: check
+CVE-2015-1677 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows ...)
+ TODO: check
+CVE-2015-1676 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows ...)
+ TODO: check
+CVE-2015-1675 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
+ TODO: check
+CVE-2015-1674 (The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 ...)
+ TODO: check
+CVE-2015-1673 (The Windows Forms (aka WinForms) libraries in Microsoft .NET Framework ...)
+ TODO: check
+CVE-2015-1672 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 ...)
+ TODO: check
+CVE-2015-1671 (The Windows DirectWrite library, as used in Microsoft .NET Framework ...)
+ TODO: check
+CVE-2015-1670 (The Windows DirectWrite library, as used in Microsoft .NET Framework ...)
+ TODO: check
CVE-2015-1669
RESERVED
CVE-2015-1668 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
@@ -5778,8 +6104,8 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1659 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2015-1658
- RESERVED
+CVE-2015-1658 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
CVE-2015-1657 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1656
@@ -8932,7 +9258,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-43/
CVE-2015-0797 [buffer overflow in the plugin for mp4 playback]
RESERVED
- {DSA-3225-1}
+ {DSA-3260-1 DSA-3225-1}
- gst-plugins-bad0.10 <unfixed> (bug #784220)
[jessie] - gst-plugins-bad0.10 <no-dsa> (Minor impact compared to wheezy, no browser attack vector)
[squeeze] - gst-plugins-bad0.10 <not-affected> (vulnerable code (gst/videoparsers/*) introduced later)
@@ -10913,8 +11239,8 @@
NOTE: https://github.com/vrtadmin/clamav-devel/commit/5e1fbf3668bd167828d675830103b3c1ccdcb76d
CVE-2014-9327
RESERVED
-CVE-2014-9326
- RESERVED
+CVE-2014-9326 (The automatic signature update functionality in the (1) Phone Home ...)
+ TODO: check
CVE-2014-9325 (Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 ...)
NOT-FOR-US: Twiki
NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9325
@@ -11443,8 +11769,8 @@
NOT-FOR-US: Adobe Flash Player
CVE-2014-9161 (CoolType.dll in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x ...)
NOT-FOR-US: Adobe
-CVE-2014-9160
- RESERVED
+CVE-2014-9160 (Multiple heap-based buffer overflows in Adobe Reader and Acrobat 10.x ...)
+ TODO: check
CVE-2014-9159 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before ...)
NOT-FOR-US: Adobe Reader
CVE-2014-9158 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
@@ -13565,14 +13891,14 @@
RESERVED
CVE-2014-8620
RESERVED
-CVE-2014-8619
- RESERVED
-CVE-2014-8618
- RESERVED
+CVE-2014-8619 (Cross-site scripting (XSS) vulnerability in autolearn configuration ...)
+ TODO: check
+CVE-2014-8618 (Cross-site scripting (XSS) vulnerability in theme login page in ...)
+ TODO: check
CVE-2014-8617 (Cross-site scripting (XSS) vulnerability in the Web Action Quarantine ...)
NOT-FOR-US: FortiMail
-CVE-2014-8616
- RESERVED
+CVE-2014-8616 (Multiple cross-site scripting (XSS) vulnerabilities in Fortinet ...)
+ TODO: check
CVE-2014-8615
REJECTED
CVE-2014-8614
@@ -78710,6 +79036,7 @@
- chromium-browser 18.0.1025.168~r134367-1
[squeeze] - chromium-browser <end-of-life>
CVE-2011-3079 (The Inter-process Communication (IPC) implementation in Google Chrome ...)
+ {DSA-3260-1}
- chromium-browser 18.0.1025.168~r134367-1
[squeeze] - chromium-browser <end-of-life>
- iceweasel <not-affected> (Only affects Firefox on Windows)
More information about the Secure-testing-commits
mailing list