[Secure-testing-commits] r34294 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri May 15 21:10:18 UTC 2015 

Author: sectracker
Date: 2015-05-15 21:10:18 +0000 (Fri, 15 May 2015)
New Revision: 34294

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-05-15 20:51:44 UTC (rev 34293)
+++ data/CVE/list	2015-05-15 21:10:18 UTC (rev 34294)
@@ -1,3 +1,7 @@
+CVE-2015-3987 (Multiple unquoted Windows search path vulnerabilities in the (1) ...)
+	TODO: check
+CVE-2015-3986 (Cross-site request forgery (CSRF) vulnerability in the TheCartPress ...)
+	TODO: check
 CVE-2015-3985
 	RESERVED
 CVE-2015-3984
@@ -2,4 +6,4 @@
 	RESERVED
-CVE-2015-3983
-	RESERVED
+CVE-2015-3983 (The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not include the ...)
+	TODO: check
 CVE-2015-3982
@@ -345,6 +349,7 @@
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/13/4
 	TODO: check
 CVE-2015-3988 [Persistent XSS in Horizon metadata dashboard]
+	RESERVED
 	- horizon <unfixed>
 	NOTE: http://www.openwall.com/lists/oss-security/2015/05/12/9
 	TODO: check
@@ -1353,8 +1358,7 @@
 	NOTE: https://github.com/libarchive/libarchive/issues/502
 	NOTE: https://github.com/libarchive/libarchive/commit/e6c9668f3202215ddb71617b41c19b6f05acf008
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/04/1
-CVE-2015-3427 [Incomplete fix for CVE-2013-4422]
-	RESERVED
+CVE-2015-3427 (Quassel before 0.12.2 does not properly re-initialize the database ...)
 	{DSA-3258-1}
 	- quassel 1:0.10.0-2.4 (bug #783926)
 	[wheezy] - quassel <not-affected> (incomplete fix for CVE-2013-4422 not applied)
@@ -1702,10 +1706,10 @@
 	RESERVED
 CVE-2015-3302
 	RESERVED
-CVE-2015-3301
-	RESERVED
-CVE-2015-3300
-	RESERVED
+CVE-2015-3301 (Directory traversal vulnerability in the TheCartPress eCommerce ...)
+	TODO: check
+CVE-2015-3300 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+	TODO: check
 CVE-2015-3299
 	RESERVED
 CVE-2015-3298
@@ -2599,24 +2603,28 @@
 	NOTE: https://github.com/facebook/hhvm/commit/324701c9fd31beb4f070f1b7ef78b115fbdfec34
 CVE-2015-3406 [unsigned files interpreted as signed in some circumstances]
 	RESERVED
+	{DSA-3261-1}
 	- libmodule-signature-perl 0.78-1 (bug #783451)
 	NOTE: Upstream fix: https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
 	NOTE: http://www.openwall.com/lists/oss-security/2015/04/07/1
 	NOTE: Changes might needed in libtest-signature-perl, need further investigation
 CVE-2015-3407 [arbitrary code execution during test phase]
 	RESERVED
+	{DSA-3261-1}
 	- libmodule-signature-perl 0.78-1 (bug #783451)
 	NOTE: Upstream fix: https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
 	NOTE: http://www.openwall.com/lists/oss-security/2015/04/07/1
 	NOTE: Changes might needed in libtest-signature-perl, need further investigation
 CVE-2015-3408 [arbitrary code execution when verifying module signatures]
 	RESERVED
+	{DSA-3261-1}
 	- libmodule-signature-perl 0.78-1 (bug #783451)
 	NOTE: Upstream fix: https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
 	NOTE: http://www.openwall.com/lists/oss-security/2015/04/07/1
 	NOTE: Changes might needed in libtest-signature-perl, need further investigation
 CVE-2015-3409 [arbitrary modules loading in some circumstances]
 	RESERVED
+	{DSA-3261-1}
 	- libmodule-signature-perl 0.78-1 (bug #783451)
 	NOTE: Upstream fix: https://github.com/audreyt/module-signature/commit/c41e8885b862b9fce2719449bc9336f0bea658ef
 	NOTE: http://www.openwall.com/lists/oss-security/2015/04/07/1
@@ -5639,8 +5647,7 @@
 CVE-2015-1849
 	RESERVED
 	NOT-FOR-US: JBoss EAP
-CVE-2015-1848
-	RESERVED
+CVE-2015-1848 (The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the ...)
 	- pcs <itp> (bug #706522)
 CVE-2015-1847
 	RESERVED
@@ -8521,8 +8528,7 @@
 	RESERVED
 CVE-2015-0972
 	RESERVED
-CVE-2015-0971 [TLS/DER parsing issue]
-	RESERVED
+CVE-2015-0971 (The DER parser in Suricata before 2.0.8 allows remote attackers to ...)
 	{DSA-3254-1}
 	- suricata 2.0.8-1
 	[wheezy] - suricata <not-affected> (ASN.1 parser for X509 certificates in DER format introduced in 1.3)
@@ -9094,7 +9100,7 @@
 	- monopd <unfixed> (bug #781043; unimportant)
 	NOTE: Not exploitable with dlmalloc
 CVE-2015-0840 (The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x ...)
-	{DSA-3217-1}
+	{DSA-3217-1 DLA-220-1}
 	- dpkg 1.17.25
 	NOTE: Ubuntu fix for 1.15.x (version in squeeze): http://launchpadlibrarian.net/202647129/dpkg_1.15.5.6ubuntu4.9_1.15.5.6ubuntu4.10.diff.gz
 CVE-2015-0839
@@ -9406,8 +9412,8 @@
 	RESERVED
 CVE-2015-0735
 	RESERVED
-CVE-2015-0734
-	RESERVED
+CVE-2015-0734 (Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Email ...)
+	TODO: check
 CVE-2015-0733
 	RESERVED
 CVE-2015-0732
@@ -9418,16 +9424,16 @@
 	RESERVED
 CVE-2015-0729
 	RESERVED
-CVE-2015-0728
-	RESERVED
-CVE-2015-0727
-	RESERVED
+CVE-2015-0728 (Cross-site scripting (XSS) vulnerability in Cisco Access Control ...)
+	TODO: check
+CVE-2015-0727 (Cross-site scripting (XSS) vulnerability in the HTTP module in Cisco ...)
+	TODO: check
 CVE-2015-0726
 	RESERVED
 CVE-2015-0725
 	RESERVED
-CVE-2015-0724
-	RESERVED
+CVE-2015-0724 (Multiple cross-site scripting (XSS) vulnerabilities in dncs 7.0.0.12 ...)
+	TODO: check
 CVE-2015-0723
 	RESERVED
 CVE-2015-0722
@@ -9606,8 +9612,8 @@
 	NOT-FOR-US: Cisco
 CVE-2015-0635 (The Autonomic Networking Infrastructure (ANI) implementation in Cisco ...)
 	NOT-FOR-US: Cisco
-CVE-2015-0634
-	RESERVED
+CVE-2015-0634 (Cross-site scripting (XSS) vulnerability in the administrative ...)
+	TODO: check
 CVE-2015-0633 (The Integrated Management Controller (IMC) in Cisco Unified Computing ...)
 	NOT-FOR-US: Cisco
 CVE-2015-0632 (Race condition in the Neighbor Discovery (ND) protocol implementation ...)
@@ -15293,8 +15299,7 @@
 CVE-2014-8163
 	RESERVED
 	NOT-FOR-US: Red Hat Satellite
-CVE-2014-8162
-	RESERVED
+CVE-2014-8162 (XML external entity (XXE) in the RPC interface in Spacewalk and Red ...)
 	NOT-FOR-US: Red Hat Satellite
 CVE-2014-8161
 	RESERVED
@@ -57789,8 +57794,8 @@
 	NOTE: Incomplete mitigation feature, not a security vulnerability per se
 CVE-2012-5850
 	RESERVED
-CVE-2012-5849
-	RESERVED
+CVE-2012-5849 (Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 ...)
+	TODO: check
 CVE-2012-5854 (Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows ...)
 	- weechat 0.3.9.1-1 (bug #693026)
 	[wheezy] - weechat 0.3.8-1+deb7u1

More information about the Secure-testing-commits mailing list