[Secure-testing-commits] r34373 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed May 20 21:10:18 UTC 2015
Author: sectracker
Date: 2015-05-20 21:10:18 +0000 (Wed, 20 May 2015)
New Revision: 34373
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-05-20 20:36:07 UTC (rev 34372)
+++ data/CVE/list 2015-05-20 21:10:18 UTC (rev 34373)
@@ -1,3 +1,45 @@
+CVE-2015-8147
+ REJECTED
+ TODO: check
+CVE-2015-8146
+ REJECTED
+ TODO: check
+CVE-2015-4046
+ RESERVED
+CVE-2015-4045
+ RESERVED
+CVE-2015-4044
+ RESERVED
+CVE-2015-4043
+ RESERVED
+CVE-2015-4040
+ RESERVED
+CVE-2015-4039
+ RESERVED
+CVE-2015-4038
+ RESERVED
+CVE-2015-4037
+ RESERVED
+CVE-2015-4036
+ RESERVED
+CVE-2015-4034
+ RESERVED
+CVE-2015-4033
+ RESERVED
+CVE-2015-4032
+ RESERVED
+CVE-2015-4031
+ RESERVED
+CVE-2015-4030
+ RESERVED
+CVE-2015-4029
+ RESERVED
+CVE-2015-4028
+ RESERVED
+CVE-2015-4027
+ RESERVED
+CVE-2013-7440
+ RESERVED
CVE-2015-XXXX [denial-of-service]
- ipsec-tools <unfixed> (bug #785778)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/20/1
@@ -22,15 +64,18 @@
CVE-2015-4011
RESERVED
CVE-2015-4042 [buffer overflow related to SIZE_MAX - lenb - 2 < lena test]
+ RESERVED
- coreutils <unfixed>
NOTE: https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940
TODO: check
CVE-2015-4041 [heap overflow; size calculation without properly considering the number of bytes occupied by multibyte characters]
+ RESERVED
- coreutils <unfixed>
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=928749
NOTE: https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940
TODO: check
CVE-2015-4035
+ RESERVED
- xz-utils <not-affected> (Affects 4.999.9beta)
NOTE: http://www.openwall.com/lists/oss-security/2015/05/18/7
CVE-2015-4010
@@ -78,6 +123,7 @@
CVE-2015-3989 (Multiple cross-site scripting (XSS) vulnerabilities in concrete5 ...)
TODO: check
CVE-2014-9720
+ RESERVED
- python-tornado <unfixed>
NOTE: https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=930362
@@ -86,24 +132,29 @@
CVE-2014-9719
RESERVED
CVE-2015-4026 [pcntl_exec() should not allow null char]
+ RESERVED
- php5 <unfixed>
NOTE: https://bugs.php.net/bug.php?id=68598
TODO: check
CVE-2015-4025 [CVE-2006-7243 fix regressions in 5.4+]
+ RESERVED
- php5 <unfixed>
NOTE: https://bugs.php.net/bug.php?id=69418
TODO: check
CVE-2015-4024 [DoS possibility due to ineffective parsing of form data]
+ RESERVED
- php5 <unfixed>
NOTE: https://bugs.php.net/bug.php?id=69364
NOTE: http://www.openwall.com/lists/oss-security/2015/05/18/2
TODO: check
CVE-2015-4022 [integer overflow on reading FTP server data leading to heap overflow]
+ RESERVED
- php5 <unfixed>
NOTE: https://bugs.php.net/bug.php?id=69545
NOTE: http://www.openwall.com/lists/oss-security/2015/05/18/2
TODO: check
CVE-2015-4021 [Memory Corruption in phar_parse_tarfile when entry filename starts with null]
+ RESERVED
- php5 <unfixed>
NOTE: https://bugs.php.net/bug.php?id=69453
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=c27f012b7a447e59d4a704688971cbfa7dddaa74
@@ -263,8 +314,8 @@
RESERVED
CVE-2015-3911
RESERVED
-CVE-2015-3910
- RESERVED
+CVE-2015-3910 (Multiple unspecified vulnerabilities in Google V8 before 4.3.61.21, as ...)
+ TODO: check
CVE-2015-3909
RESERVED
CVE-2015-3908
@@ -459,8 +510,7 @@
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=59c816c1f24df0204e01851431d3bab3eb76719c (v4.0-rc1)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/13/4
TODO: check
-CVE-2015-3988 [Persistent XSS in Horizon metadata dashboard]
- RESERVED
+CVE-2015-3988 (Multiple cross-site scripting (XSS) vulnerabilities in OpenStack ...)
- horizon <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2015/05/12/9
TODO: check
@@ -842,8 +892,7 @@
[wheezy] - stunnel4 <not-affected> (Affects 5.00 through 5.13 with specfic configurations)
[squeeze] - stunnel4 <not-affected> (Affects 5.00 through 5.13 with specfic configurations)
NOTE: https://www.stunnel.org/CVE-2015-3644.html
-CVE-2015-3885 [dcraw imput sanitization errors]
- RESERVED
+CVE-2015-3885 (Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier ...)
- dcraw <unfixed> (bug #785019)
- ufraw <unfixed>
- libraw <unfixed>
@@ -1838,7 +1887,7 @@
CVE-2015-3295
RESERVED
CVE-2015-3294 (The tcp_request function in Dnsmasq before 2.73rc4 does not properly ...)
- {DSA-3251-1}
+ {DSA-3251-1 DLA-225-1}
- dnsmasq 2.72-3.1 (bug #783459)
NOTE: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009382.html
NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=ad4a8ff7d9097008d7623df8543df435bfddeac8
@@ -2737,22 +2786,19 @@
NOTE: Upstream fix: https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
NOTE: http://www.openwall.com/lists/oss-security/2015/04/07/1
NOTE: Changes might needed in libtest-signature-perl, need further investigation
-CVE-2015-3407 [arbitrary code execution during test phase]
- RESERVED
+CVE-2015-3407 (Module::Signature before 0.74 allows remote attackers to bypass ...)
{DSA-3261-1}
- libmodule-signature-perl 0.78-1 (bug #783451)
NOTE: Upstream fix: https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
NOTE: http://www.openwall.com/lists/oss-security/2015/04/07/1
NOTE: Changes might needed in libtest-signature-perl, need further investigation
-CVE-2015-3408 [arbitrary code execution when verifying module signatures]
- RESERVED
+CVE-2015-3408 (Module::Signature before 0.74 allows remote attackers to execute ...)
{DSA-3261-1}
- libmodule-signature-perl 0.78-1 (bug #783451)
NOTE: Upstream fix: https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
NOTE: http://www.openwall.com/lists/oss-security/2015/04/07/1
NOTE: Changes might needed in libtest-signature-perl, need further investigation
-CVE-2015-3409 [arbitrary modules loading in some circumstances]
- RESERVED
+CVE-2015-3409 (Untrusted search path vulnerability in Module::Signature before 0.75 ...)
{DSA-3261-1}
- libmodule-signature-perl 0.78-1 (bug #783451)
NOTE: Upstream fix: https://github.com/audreyt/module-signature/commit/c41e8885b862b9fce2719449bc9336f0bea658ef
@@ -5554,8 +5600,8 @@
RESERVED
CVE-2015-1921
RESERVED
-CVE-2015-1920
- RESERVED
+CVE-2015-1920 (IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 ...)
+ TODO: check
CVE-2015-1919
RESERVED
CVE-2015-1918
@@ -5590,10 +5636,10 @@
RESERVED
CVE-2015-1904
RESERVED
-CVE-2015-1903
- RESERVED
-CVE-2015-1902
- RESERVED
+CVE-2015-1903 (Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and ...)
+ TODO: check
+CVE-2015-1902 (Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and ...)
+ TODO: check
CVE-2015-1901
RESERVED
CVE-2015-1900
@@ -5788,11 +5834,9 @@
- pcs <itp> (bug #706522)
CVE-2015-1847
RESERVED
-CVE-2015-1846 [Infinite loop due to incorrect pointers handling in ExtrArch()/ListArch()]
- RESERVED
+CVE-2015-1846 (unzoo allows remote attackers to cause a denial of service (infinite ...)
- unzoo <removed>
-CVE-2015-1845 [Buffer overflow in EntrReadArch()]
- RESERVED
+CVE-2015-1845 (Buffer overflow in the EntrReadArch function in unzoo might allow ...)
- unzoo <removed>
CVE-2015-1844
RESERVED
@@ -7698,79 +7742,64 @@
RESERVED
CVE-2015-1266
RESERVED
-CVE-2015-1265
- RESERVED
+CVE-2015-1265 (Multiple unspecified vulnerabilities in Google Chrome before ...)
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1264
- RESERVED
+CVE-2015-1264 (Cross-site scripting (XSS) vulnerability in Google Chrome before ...)
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1263
- RESERVED
+CVE-2015-1263 (The Spellcheck API implementation in Google Chrome before 43.0.2357.65 ...)
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1262
- RESERVED
+CVE-2015-1262 (platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google ...)
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1261
- RESERVED
+CVE-2015-1261 (android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java ...)
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1260
- RESERVED
+CVE-2015-1260 (Multiple use-after-free vulnerabilities in ...)
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1259
- RESERVED
+CVE-2015-1259 (PDFium, as used in Google Chrome before 43.0.2357.65, does not ...)
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1258
- RESERVED
+CVE-2015-1258 (Google Chrome before 43.0.2357.65 relies on libvpx code that was not ...)
- libvpx <unfixed>
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1257
- RESERVED
+CVE-2015-1257 (platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation ...)
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1256
- RESERVED
+CVE-2015-1256 (Use-after-free vulnerability in the SVG implementation in Blink, as ...)
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1255
- RESERVED
+CVE-2015-1255 (Use-after-free vulnerability in ...)
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1254
- RESERVED
+CVE-2015-1254 (core/dom/Document.cpp in Blink, as used in Google Chrome before ...)
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1253
- RESERVED
+CVE-2015-1253 (core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in ...)
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1252
- RESERVED
+CVE-2015-1252 (common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 ...)
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1251
- RESERVED
+CVE-2015-1251 (Use-after-free vulnerability in the SpeechRecognitionClient ...)
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
@@ -9588,8 +9617,8 @@
RESERVED
CVE-2015-0741
RESERVED
-CVE-2015-0740
- RESERVED
+CVE-2015-0740 (Cross-site request forgery (CSRF) vulnerability in Cisco Unified ...)
+ TODO: check
CVE-2015-0739 (The Lights-Out Management (LOM) implementation in Cisco FireSIGHT ...)
TODO: check
CVE-2015-0738 (Cross-site scripting (XSS) vulnerability in the Web Tracking Report ...)
@@ -12672,8 +12701,7 @@
CVE-2015-0268 (The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when ...)
- xen <not-affected> (Only affects 4.5)
NOTE: http://xenbits.xen.org/xsa/advisory-117.html
-CVE-2015-0267
- RESERVED
+CVE-2015-0267 (The Red Hat module-setup.sh script for kexec-tools, as distributed in ...)
- kexec-tools <not-affected> (Vulnerable script not present in the Debian package)
CVE-2015-0266
RESERVED
@@ -12966,8 +12994,8 @@
RESERVED
CVE-2015-0190
RESERVED
-CVE-2015-0189
- RESERVED
+CVE-2015-0189 (The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 ...)
+ TODO: check
CVE-2015-0188
RESERVED
CVE-2015-0187
@@ -13499,8 +13527,8 @@
RESERVED
CVE-2014-8925 (Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in ...)
NOT-FOR-US: IBM
-CVE-2014-8924
- RESERVED
+CVE-2014-8924 (The server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before ...)
+ TODO: check
CVE-2014-8923 (The (1) IBM Tivoli Identity Manager Active Directory adapter before ...)
NOT-FOR-US: IBM
CVE-2014-8922
@@ -20356,8 +20384,8 @@
RESERVED
CVE-2014-6212 (The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 ...)
NOT-FOR-US: IBM
-CVE-2014-6211
- RESERVED
+CVE-2014-6211 (The command-line scripts in IBM WebSphere Commerce 6.0 through ...)
+ TODO: check
CVE-2014-6210 (IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 ...)
NOT-FOR-US: IBM
CVE-2014-6209 (IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 ...)
@@ -23686,8 +23714,8 @@
RESERVED
CVE-2014-4777
RESERVED
-CVE-2014-4776
- RESERVED
+CVE-2014-4776 (IBM License Metric Tool 9 before 9.1.0.2 does not have an off ...)
+ TODO: check
CVE-2014-4775 (IBM InfoSphere Master Data Management - Collaborative Edition 10.x ...)
NOT-FOR-US: IBM
CVE-2014-4774
More information about the Secure-testing-commits
mailing list