[Secure-testing-commits] r34278 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Thu May 14 21:10:17 UTC 2015


Author: sectracker
Date: 2015-05-14 21:10:17 +0000 (Thu, 14 May 2015)
New Revision: 34278

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-05-14 19:31:08 UTC (rev 34277)
+++ data/CVE/list	2015-05-14 21:10:17 UTC (rev 34278)
@@ -1,3 +1,11 @@
+CVE-2015-3985
+	RESERVED
+CVE-2015-3984
+	RESERVED
+CVE-2015-3983
+	RESERVED
+CVE-2015-3982
+	RESERVED
 CVE-2015-3981 (SAP NetWeaver RFC SDK allows attackers to obtain sensitive information ...)
 	TODO: check
 CVE-2015-3980 (SQL injection vulnerability in the Business Rules Framework ...)
@@ -702,8 +710,8 @@
 	RESERVED
 CVE-2015-3645
 	RESERVED
-CVE-2015-3644
-	RESERVED
+CVE-2015-3644 (Stunnel 5.00 through 5.13, when using the redirect option, does not ...)
+	TODO: check
 CVE-2015-3885 [dcraw imput sanitization errors]
 	RESERVED
 	- dcraw <unfixed> (bug #785019)
@@ -1244,8 +1252,7 @@
 	TODO: check
 CVE-2015-3457 (Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) ...)
 	TODO: check
-CVE-2015-3456 [vulnerability in QEMU's virtual Floppy Disk Controller]
-	RESERVED
+CVE-2015-3456 (The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and ...)
 	{DSA-3259-1}
 	- qemu 1:2.3+dfsg-3
 	NOTE: qemu 1:2.3+dfsg-3 is  pending in the NEW queue
@@ -1434,8 +1441,8 @@
 	RESERVED
 CVE-2015-3398
 	RESERVED
-CVE-2015-3397
-	RESERVED
+CVE-2015-3397 (Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.4 ...)
+	TODO: check
 CVE-2015-3396
 	RESERVED
 CVE-2015-3395
@@ -1608,8 +1615,8 @@
 	RESERVED
 CVE-2015-3327
 	RESERVED
-CVE-2015-3326
-	RESERVED
+CVE-2015-3326 (Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix ...)
+	TODO: check
 CVE-2015-3325
 	RESERVED
 CVE-2015-3324 (The ThinkServer System Manager (TSM) Baseboard Management Controller ...)
@@ -3203,77 +3210,65 @@
 	RESERVED
 CVE-2015-2721
 	RESERVED
-CVE-2015-2720
-	RESERVED
+CVE-2015-2720 (The update implementation in Mozilla Firefox before 38.0 on Windows ...)
 	- iceweasel <not-affected> (Only affects Windows)
 CVE-2015-2719
 	RESERVED
-CVE-2015-2718
-	RESERVED
+CVE-2015-2718 (The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote ...)
 	- iceweasel 38.0-1
 	[jessie] - iceweasel <not-affected> (Only affects 37.x)
 	[wheezy] - iceweasel <not-affected> (Only affects 37.x)
 	[squeeze] - iceweasel <not-affected> (Only affects 37.x)
-CVE-2015-2717
-	RESERVED
+CVE-2015-2717 (Integer overflow in libstagefright in Mozilla Firefox before 38.0 ...)
 	- iceweasel 38.0-1
 	[jessie] - iceweasel <not-affected> (Only affects 37.x)
 	[wheezy] - iceweasel <not-affected> (Only affects 37.x)
 	[squeeze] - iceweasel <not-affected> (Only affects 37.x)
-CVE-2015-2716
-	RESERVED
+CVE-2015-2716 (Buffer overflow in the XML parser in Mozilla Firefox before 38.0, ...)
 	{DSA-3260-1}
 	- iceweasel 38.0-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove <unfixed>
 	[squeeze] - icedove <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-54/
-CVE-2015-2715
-	RESERVED
+CVE-2015-2715 (Race condition in the nsThreadManager::RegisterCurrentThread function ...)
 	- iceweasel 38.0-1
 	[jessie] - iceweasel <not-affected> (Only affects 37.x)
 	[wheezy] - iceweasel <not-affected> (Only affects 37.x)
 	[squeeze] - iceweasel <not-affected> (Only affects 37.x)
-CVE-2015-2714
-	RESERVED
+CVE-2015-2714 (Mozilla Firefox before 38.0 on Android does not properly restrict ...)
 	- iceweasel <not-affected> (Only affects Firefox on Android)
-CVE-2015-2713
-	RESERVED
+CVE-2015-2713 (Use-after-free vulnerability in the SetBreaks function in Mozilla ...)
 	{DSA-3260-1}
 	- iceweasel 38.0-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove <unfixed>
 	[squeeze] - icedove <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-51/
-CVE-2015-2712
-	RESERVED
+CVE-2015-2712 (The asm.js implementation in Mozilla Firefox before 38.0 does not ...)
 	- iceweasel 38.0-1
 	[jessie] - iceweasel <not-affected> (Only affects 37.x)
 	[wheezy] - iceweasel <not-affected> (Only affects 37.x)
 	[squeeze] - iceweasel <not-affected> (Only affects 37.x)
-CVE-2015-2711
-	RESERVED
+CVE-2015-2711 (Mozilla Firefox before 38.0 does not recognize a referrer policy ...)
 	- iceweasel 38.0-1
 	[jessie] - iceweasel <not-affected> (Only affects 37.x)
 	[wheezy] - iceweasel <not-affected> (Only affects 37.x)
 	[squeeze] - iceweasel <not-affected> (Only affects 37.x)
-CVE-2015-2710
-	RESERVED
+CVE-2015-2710 (Heap-based buffer overflow in the SVGTextFrame class in Mozilla ...)
 	{DSA-3260-1}
 	- iceweasel 38.0-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove <unfixed>
 	[squeeze] - icedove <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-48/
-CVE-2015-2709
-	RESERVED
+CVE-2015-2709 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- iceweasel 38.0-1
 	[jessie] - iceweasel <not-affected> (Only affects 37.x)
 	[wheezy] - iceweasel <not-affected> (Only affects 37.x)
 	[squeeze] - iceweasel <not-affected> (Only affects 37.x)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-46/
-CVE-2015-2708
-	RESERVED
+CVE-2015-2708 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	{DSA-3260-1}
 	- iceweasel 38.0-1
 	[squeeze] - iceweasel <end-of-life>
@@ -7000,7 +6995,7 @@
 	NOTE: http://lcamtuf.coredump.cx/afl/vulns/libtiff-cvs-2.tif
 CVE-2014-9654
 	RESERVED
-	{DSA-3187-1}
+	{DSA-3187-1 DLA-219-1}
 	- icu 52.1-7.1 (bug #776719)
 	NOTE: https://ssl.icu-project.org/trac/changeset/36801
 	NOTE: https://chromium.googlesource.com/chromium/deps/icu/+/dd727641e190d60e4593bcb3a35c7f51eb4925c5
@@ -9264,8 +9259,7 @@
 CVE-2015-0798 (The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, ...)
 	- iceweasel <not-affected> (Only affects Firefox on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-43/
-CVE-2015-0797 [buffer overflow in the plugin for mp4 playback]
-	RESERVED
+CVE-2015-0797 (GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, ...)
 	{DSA-3260-1 DSA-3225-1}
 	- gst-plugins-bad0.10 <unfixed> (bug #784220)
 	[jessie] - gst-plugins-bad0.10 <no-dsa> (Minor impact compared to wheezy, no browser attack vector)
@@ -15987,7 +15981,7 @@
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-7940 (The collator implementation in i18n/ucol.cpp in International ...)
-	{DSA-3187-1}
+	{DSA-3187-1 DLA-219-1}
 	- chromium-browser 40.0.2214.91-1
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>
@@ -16064,7 +16058,7 @@
 	- libv8-3.14 <unfixed> (unimportant; bug #773671)
 	NOTE: libv8 not covered by security support
 CVE-2014-7926 (The Regular Expressions package in International Components for ...)
-	{DSA-3187-1}
+	{DSA-3187-1 DLA-219-1}
 	- chromium-browser 40.0.2214.91-1
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>
@@ -16078,7 +16072,7 @@
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-7923 (The Regular Expressions package in International Components for ...)
-	{DSA-3187-1}
+	{DSA-3187-1 DLA-219-1}
 	- chromium-browser 40.0.2214.91-1
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>
@@ -19078,7 +19072,7 @@
 CVE-2014-6592 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle ...)
 	NOT-FOR-US: Oracle
 CVE-2014-6591 (Unspecified vulnerability in the Java SE component in Oracle Java SE ...)
-	{DSA-3187-1 DSA-3147-1 DSA-3144-1 DLA-157-1}
+	{DSA-3187-1 DSA-3147-1 DSA-3144-1 DLA-219-1 DLA-157-1}
 	- openjdk-6 6b34-1.13.6-1
 	- openjdk-7 7u75-2.5.4-1
 	- openjdk-8 8u40~b22-1
@@ -19103,7 +19097,7 @@
 CVE-2014-6586 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
 	NOT-FOR-US: Oracle
 CVE-2014-6585 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and ...)
-	{DSA-3187-1 DSA-3147-1 DSA-3144-1 DLA-157-1}
+	{DSA-3187-1 DSA-3147-1 DSA-3144-1 DLA-219-1 DLA-157-1}
 	- openjdk-6 6b34-1.13.6-1
 	- openjdk-7 7u75-2.5.4-1
 	- openjdk-8 8u40~b22-1
@@ -31271,12 +31265,12 @@
 	NOTE: http://www.gopivotal.com/security/cve-2014-1904
 CVE-2014-1903 (admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, ...)
 	- freepbx <itp> (bug #464926)
-CVE-2014-1902
-	RESERVED
-CVE-2014-1901
-	RESERVED
-CVE-2014-1900
-	RESERVED
+CVE-2014-1902 (Multiple cross-site scripting (XSS) vulnerabilities in Y-Cam camera ...)
+	TODO: check
+CVE-2014-1901 (Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range ...)
+	TODO: check
+CVE-2014-1900 (Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range ...)
+	TODO: check
 CVE-2014-1899 (Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway ...)
 	NOT-FOR-US: Citrix NetScaler Gateway
 CVE-2014-1898
@@ -49093,7 +49087,7 @@
 	- openjdk-7 7u21-2.3.9-1
 	- openjdk-6 6b27-1.12.5-1
 CVE-2013-2419 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
-	{DSA-3187-1}
+	{DSA-3187-1 DLA-219-1}
 	- openjdk-7 7u21-2.3.9-1
 	- openjdk-6 6b27-1.12.5-1
 	- icu 52.1-1
@@ -49189,12 +49183,12 @@
 CVE-2013-2385 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
 	NOT-FOR-US: Oracle Financial Services Software
 CVE-2013-2384 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
-	{DSA-3187-1}
+	{DSA-3187-1 DLA-219-1}
 	- openjdk-7 7u21-2.3.9-1
 	- openjdk-6 6b27-1.12.5-1
 	- icu 52.1-1
 CVE-2013-2383 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
-	{DSA-3187-1}
+	{DSA-3187-1 DLA-219-1}
 	- openjdk-7 7u21-2.3.9-1
 	- openjdk-6 6b27-1.12.5-1
 	- icu 52.1-1
@@ -51982,7 +51976,7 @@
 	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
 	- mysql-5.1 <not-affected> (Only affects MySQL 5.6)
 CVE-2013-1569 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
-	{DSA-3187-1}
+	{DSA-3187-1 DLA-219-1}
 	- openjdk-7 7u21-2.3.9-1
 	- openjdk-6 6b27-1.12.5-1
 	- icu 52.1-1




More information about the Secure-testing-commits mailing list