[Secure-testing-commits] r34278 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu May 14 21:10:17 UTC 2015
Author: sectracker
Date: 2015-05-14 21:10:17 +0000 (Thu, 14 May 2015)
New Revision: 34278
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-05-14 19:31:08 UTC (rev 34277)
+++ data/CVE/list 2015-05-14 21:10:17 UTC (rev 34278)
@@ -1,3 +1,11 @@
+CVE-2015-3985
+ RESERVED
+CVE-2015-3984
+ RESERVED
+CVE-2015-3983
+ RESERVED
+CVE-2015-3982
+ RESERVED
CVE-2015-3981 (SAP NetWeaver RFC SDK allows attackers to obtain sensitive information ...)
TODO: check
CVE-2015-3980 (SQL injection vulnerability in the Business Rules Framework ...)
@@ -702,8 +710,8 @@
RESERVED
CVE-2015-3645
RESERVED
-CVE-2015-3644
- RESERVED
+CVE-2015-3644 (Stunnel 5.00 through 5.13, when using the redirect option, does not ...)
+ TODO: check
CVE-2015-3885 [dcraw imput sanitization errors]
RESERVED
- dcraw <unfixed> (bug #785019)
@@ -1244,8 +1252,7 @@
TODO: check
CVE-2015-3457 (Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) ...)
TODO: check
-CVE-2015-3456 [vulnerability in QEMU's virtual Floppy Disk Controller]
- RESERVED
+CVE-2015-3456 (The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and ...)
{DSA-3259-1}
- qemu 1:2.3+dfsg-3
NOTE: qemu 1:2.3+dfsg-3 is pending in the NEW queue
@@ -1434,8 +1441,8 @@
RESERVED
CVE-2015-3398
RESERVED
-CVE-2015-3397
- RESERVED
+CVE-2015-3397 (Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.4 ...)
+ TODO: check
CVE-2015-3396
RESERVED
CVE-2015-3395
@@ -1608,8 +1615,8 @@
RESERVED
CVE-2015-3327
RESERVED
-CVE-2015-3326
- RESERVED
+CVE-2015-3326 (Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix ...)
+ TODO: check
CVE-2015-3325
RESERVED
CVE-2015-3324 (The ThinkServer System Manager (TSM) Baseboard Management Controller ...)
@@ -3203,77 +3210,65 @@
RESERVED
CVE-2015-2721
RESERVED
-CVE-2015-2720
- RESERVED
+CVE-2015-2720 (The update implementation in Mozilla Firefox before 38.0 on Windows ...)
- iceweasel <not-affected> (Only affects Windows)
CVE-2015-2719
RESERVED
-CVE-2015-2718
- RESERVED
+CVE-2015-2718 (The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote ...)
- iceweasel 38.0-1
[jessie] - iceweasel <not-affected> (Only affects 37.x)
[wheezy] - iceweasel <not-affected> (Only affects 37.x)
[squeeze] - iceweasel <not-affected> (Only affects 37.x)
-CVE-2015-2717
- RESERVED
+CVE-2015-2717 (Integer overflow in libstagefright in Mozilla Firefox before 38.0 ...)
- iceweasel 38.0-1
[jessie] - iceweasel <not-affected> (Only affects 37.x)
[wheezy] - iceweasel <not-affected> (Only affects 37.x)
[squeeze] - iceweasel <not-affected> (Only affects 37.x)
-CVE-2015-2716
- RESERVED
+CVE-2015-2716 (Buffer overflow in the XML parser in Mozilla Firefox before 38.0, ...)
{DSA-3260-1}
- iceweasel 38.0-1
[squeeze] - iceweasel <end-of-life>
- icedove <unfixed>
[squeeze] - icedove <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-54/
-CVE-2015-2715
- RESERVED
+CVE-2015-2715 (Race condition in the nsThreadManager::RegisterCurrentThread function ...)
- iceweasel 38.0-1
[jessie] - iceweasel <not-affected> (Only affects 37.x)
[wheezy] - iceweasel <not-affected> (Only affects 37.x)
[squeeze] - iceweasel <not-affected> (Only affects 37.x)
-CVE-2015-2714
- RESERVED
+CVE-2015-2714 (Mozilla Firefox before 38.0 on Android does not properly restrict ...)
- iceweasel <not-affected> (Only affects Firefox on Android)
-CVE-2015-2713
- RESERVED
+CVE-2015-2713 (Use-after-free vulnerability in the SetBreaks function in Mozilla ...)
{DSA-3260-1}
- iceweasel 38.0-1
[squeeze] - iceweasel <end-of-life>
- icedove <unfixed>
[squeeze] - icedove <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-51/
-CVE-2015-2712
- RESERVED
+CVE-2015-2712 (The asm.js implementation in Mozilla Firefox before 38.0 does not ...)
- iceweasel 38.0-1
[jessie] - iceweasel <not-affected> (Only affects 37.x)
[wheezy] - iceweasel <not-affected> (Only affects 37.x)
[squeeze] - iceweasel <not-affected> (Only affects 37.x)
-CVE-2015-2711
- RESERVED
+CVE-2015-2711 (Mozilla Firefox before 38.0 does not recognize a referrer policy ...)
- iceweasel 38.0-1
[jessie] - iceweasel <not-affected> (Only affects 37.x)
[wheezy] - iceweasel <not-affected> (Only affects 37.x)
[squeeze] - iceweasel <not-affected> (Only affects 37.x)
-CVE-2015-2710
- RESERVED
+CVE-2015-2710 (Heap-based buffer overflow in the SVGTextFrame class in Mozilla ...)
{DSA-3260-1}
- iceweasel 38.0-1
[squeeze] - iceweasel <end-of-life>
- icedove <unfixed>
[squeeze] - icedove <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-48/
-CVE-2015-2709
- RESERVED
+CVE-2015-2709 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- iceweasel 38.0-1
[jessie] - iceweasel <not-affected> (Only affects 37.x)
[wheezy] - iceweasel <not-affected> (Only affects 37.x)
[squeeze] - iceweasel <not-affected> (Only affects 37.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-46/
-CVE-2015-2708
- RESERVED
+CVE-2015-2708 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
{DSA-3260-1}
- iceweasel 38.0-1
[squeeze] - iceweasel <end-of-life>
@@ -7000,7 +6995,7 @@
NOTE: http://lcamtuf.coredump.cx/afl/vulns/libtiff-cvs-2.tif
CVE-2014-9654
RESERVED
- {DSA-3187-1}
+ {DSA-3187-1 DLA-219-1}
- icu 52.1-7.1 (bug #776719)
NOTE: https://ssl.icu-project.org/trac/changeset/36801
NOTE: https://chromium.googlesource.com/chromium/deps/icu/+/dd727641e190d60e4593bcb3a35c7f51eb4925c5
@@ -9264,8 +9259,7 @@
CVE-2015-0798 (The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, ...)
- iceweasel <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-43/
-CVE-2015-0797 [buffer overflow in the plugin for mp4 playback]
- RESERVED
+CVE-2015-0797 (GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, ...)
{DSA-3260-1 DSA-3225-1}
- gst-plugins-bad0.10 <unfixed> (bug #784220)
[jessie] - gst-plugins-bad0.10 <no-dsa> (Minor impact compared to wheezy, no browser attack vector)
@@ -15987,7 +15981,7 @@
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-7940 (The collator implementation in i18n/ucol.cpp in International ...)
- {DSA-3187-1}
+ {DSA-3187-1 DLA-219-1}
- chromium-browser 40.0.2214.91-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
@@ -16064,7 +16058,7 @@
- libv8-3.14 <unfixed> (unimportant; bug #773671)
NOTE: libv8 not covered by security support
CVE-2014-7926 (The Regular Expressions package in International Components for ...)
- {DSA-3187-1}
+ {DSA-3187-1 DLA-219-1}
- chromium-browser 40.0.2214.91-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
@@ -16078,7 +16072,7 @@
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-7923 (The Regular Expressions package in International Components for ...)
- {DSA-3187-1}
+ {DSA-3187-1 DLA-219-1}
- chromium-browser 40.0.2214.91-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
@@ -19078,7 +19072,7 @@
CVE-2014-6592 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle ...)
NOT-FOR-US: Oracle
CVE-2014-6591 (Unspecified vulnerability in the Java SE component in Oracle Java SE ...)
- {DSA-3187-1 DSA-3147-1 DSA-3144-1 DLA-157-1}
+ {DSA-3187-1 DSA-3147-1 DSA-3144-1 DLA-219-1 DLA-157-1}
- openjdk-6 6b34-1.13.6-1
- openjdk-7 7u75-2.5.4-1
- openjdk-8 8u40~b22-1
@@ -19103,7 +19097,7 @@
CVE-2014-6586 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
NOT-FOR-US: Oracle
CVE-2014-6585 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and ...)
- {DSA-3187-1 DSA-3147-1 DSA-3144-1 DLA-157-1}
+ {DSA-3187-1 DSA-3147-1 DSA-3144-1 DLA-219-1 DLA-157-1}
- openjdk-6 6b34-1.13.6-1
- openjdk-7 7u75-2.5.4-1
- openjdk-8 8u40~b22-1
@@ -31271,12 +31265,12 @@
NOTE: http://www.gopivotal.com/security/cve-2014-1904
CVE-2014-1903 (admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, ...)
- freepbx <itp> (bug #464926)
-CVE-2014-1902
- RESERVED
-CVE-2014-1901
- RESERVED
-CVE-2014-1900
- RESERVED
+CVE-2014-1902 (Multiple cross-site scripting (XSS) vulnerabilities in Y-Cam camera ...)
+ TODO: check
+CVE-2014-1901 (Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range ...)
+ TODO: check
+CVE-2014-1900 (Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range ...)
+ TODO: check
CVE-2014-1899 (Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway ...)
NOT-FOR-US: Citrix NetScaler Gateway
CVE-2014-1898
@@ -49093,7 +49087,7 @@
- openjdk-7 7u21-2.3.9-1
- openjdk-6 6b27-1.12.5-1
CVE-2013-2419 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
- {DSA-3187-1}
+ {DSA-3187-1 DLA-219-1}
- openjdk-7 7u21-2.3.9-1
- openjdk-6 6b27-1.12.5-1
- icu 52.1-1
@@ -49189,12 +49183,12 @@
CVE-2013-2385 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
NOT-FOR-US: Oracle Financial Services Software
CVE-2013-2384 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
- {DSA-3187-1}
+ {DSA-3187-1 DLA-219-1}
- openjdk-7 7u21-2.3.9-1
- openjdk-6 6b27-1.12.5-1
- icu 52.1-1
CVE-2013-2383 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
- {DSA-3187-1}
+ {DSA-3187-1 DLA-219-1}
- openjdk-7 7u21-2.3.9-1
- openjdk-6 6b27-1.12.5-1
- icu 52.1-1
@@ -51982,7 +51976,7 @@
- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
- mysql-5.1 <not-affected> (Only affects MySQL 5.6)
CVE-2013-1569 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
- {DSA-3187-1}
+ {DSA-3187-1 DLA-219-1}
- openjdk-7 7u21-2.3.9-1
- openjdk-6 6b27-1.12.5-1
- icu 52.1-1
More information about the Secure-testing-commits
mailing list