[Secure-testing-commits] r37543 - data/CVE

Tue Nov 3 21:47:24 UTC 2015

Author: carnil
Date: 2015-11-03 21:47:24 +0000 (Tue, 03 Nov 2015)
New Revision: 37543

Modified:
   data/CVE/list
Log:
Add CVE-2015-7181/nss and CVE-2015-7183/nspr

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2015-11-03 21:43:04 UTC (rev 37542)
+++ data/CVE/list	2015-11-03 21:47:24 UTC (rev 37543)
@@ -2303,12 +2303,22 @@
 CVE-2015-7184 (The fetch API implementation in Mozilla Firefox before 41.0.2 does not ...)
 	- iceweasel <not-affected> (Affects only Firefox later than 38)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/
-CVE-2015-7183
+CVE-2015-7183 [NSPR overflow in PL_ARENA_ALLOCATE can lead to crash (under ASAN), potential memory corruption]
 	RESERVED
+	- iceweasel <unfixed>
+	[squeeze] - iceweasel <end-of-life>
+	- nspr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-133/
+	TODO: check
 CVE-2015-7182
 	RESERVED
-CVE-2015-7181
+CVE-2015-7181 [ASan: use-after-poison in sec_asn1d_parse_leaf()]
 	RESERVED
+	- iceweasel <unfixed>
+	[squeeze] - iceweasel <end-of-life>
+	- nss <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-133/
+	TODO: check
 CVE-2015-7180 (The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before ...)
 	{DSA-3365-1}
 	- iceweasel 38.3.0esr-1


