[Secure-testing-commits] r37567 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Nov 4 21:10:10 UTC 2015
Author: sectracker
Date: 2015-11-04 21:10:10 +0000 (Wed, 04 Nov 2015)
New Revision: 37567
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-11-04 18:36:55 UTC (rev 37566)
+++ data/CVE/list 2015-11-04 21:10:10 UTC (rev 37567)
@@ -106,6 +106,7 @@
NOTE: Upstream commit: https://github.com/pycurl/pycurl/commit/602f8e364634d386524f0396e962c2c9de0536a9
NOTE: support for BUFFER and BUFFERPTR form parameters added with https://github.com/clintclayton/pycurl/commit/642f87afc14fc79c202c3b10b95ad35e97aa8615
CVE-2015-8075 [Out of bounds reads in psf_strlcpy_crlf when running test suite]
+ RESERVED
- libsndfile <unfixed>
NOTE: http://permalink.gmane.org/gmane.comp.audio.libsndfile.devel/681
CVE-2015-8033
@@ -1059,6 +1060,7 @@
CVE-2015-7706
RESERVED
CVE-2014-9756 [DoS/divide-by-zero]
+ RESERVED
- libsndfile <unfixed>
NOTE: https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6
CVE-2014-9753
@@ -1303,8 +1305,8 @@
RESERVED
CVE-2015-7651
RESERVED
-CVE-2015-7650
- RESERVED
+CVE-2015-7650 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, ...)
+ TODO: check
CVE-2015-7649 (Adobe Shockwave Player before 12.2.1.171 allows attackers to execute ...)
NOT-FOR-US: Adobe Shockwave Player
CVE-2015-7648 (Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on ...)
@@ -2165,8 +2167,8 @@
RESERVED
CVE-2015-7254
RESERVED
-CVE-2015-7253
- RESERVED
+CVE-2015-7253 (The Web Console in Commvault Edge Server 10 R2 allows remote attackers ...)
+ TODO: check
CVE-2015-7252
RESERVED
CVE-2015-7251
@@ -2183,8 +2185,8 @@
RESERVED
CVE-2015-7245
RESERVED
-CVE-2015-7244
- RESERVED
+CVE-2015-7244 (The default configuration of the server in MobaXterm before 8.3 has a ...)
+ TODO: check
CVE-2015-7243 (Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers ...)
NOT-FOR-US: Boxoft
CVE-2015-7242
@@ -2284,26 +2286,31 @@
RESERVED
CVE-2015-7200
RESERVED
+ {DSA-3393-1}
- iceweasel 38.4.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-131/
CVE-2015-7199
RESERVED
+ {DSA-3393-1}
- iceweasel 38.4.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-131/
CVE-2015-7198
RESERVED
+ {DSA-3393-1}
- iceweasel 38.4.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-131/
CVE-2015-7197
RESERVED
+ {DSA-3393-1}
- iceweasel 38.4.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-132/
CVE-2015-7196
RESERVED
+ {DSA-3393-1}
- iceweasel 38.4.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-130/
@@ -2313,11 +2320,13 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-129/
CVE-2015-7194
RESERVED
+ {DSA-3393-1}
- iceweasel 38.4.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-128/
CVE-2015-7193
RESERVED
+ {DSA-3393-1}
- iceweasel 38.4.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-127/
@@ -2335,11 +2344,13 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-124/
CVE-2015-7189
RESERVED
+ {DSA-3393-1}
- iceweasel 38.4.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-123/
CVE-2015-7188
RESERVED
+ {DSA-3393-1}
- iceweasel 38.4.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-122/
@@ -2360,6 +2371,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/
CVE-2015-7183 [NSPR overflow in PL_ARENA_ALLOCATE can lead to crash (under ASAN), potential memory corruption]
RESERVED
+ {DSA-3393-1}
- iceweasel 38.4.0esr-1
[squeeze] - iceweasel <end-of-life>
- nspr 2:4.10.10-1
@@ -2376,6 +2388,7 @@
NOTE: jss (on wheezy/jessie) according to codesearch.debian.net
CVE-2015-7182
RESERVED
+ {DSA-3393-1}
- nss 2:3.20.1-1
NOTE: http://hg.mozilla.org/projects/nss/rev/4dc247276e58
NOTE: http://hg.mozilla.org/projects/nss/rev/534aca7a5bca
@@ -2385,6 +2398,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-133/
CVE-2015-7181 [ASan: use-after-poison in sec_asn1d_parse_leaf()]
RESERVED
+ {DSA-3393-1}
- nss 2:3.20.1-1
NOTE: http://hg.mozilla.org/projects/nss/rev/8ac7f47eecbb
NOTE: http://hg.mozilla.org/projects/nss/rev/25cb033147fd
@@ -3060,8 +3074,7 @@
RESERVED
CVE-2015-6868
RESERVED
-CVE-2015-6867
- RESERVED
+CVE-2015-6867 (The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not ...)
NOT-FOR-US: HP Vertica
CVE-2015-6866
RESERVED
@@ -4387,10 +4400,10 @@
RESERVED
CVE-2015-6357
RESERVED
-CVE-2015-6356
- RESERVED
-CVE-2015-6355
- RESERVED
+CVE-2015-6356 (Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco ...)
+ TODO: check
+CVE-2015-6355 (The web interface in Cisco Unified Computing System (UCS) 2.2(5b)A on ...)
+ TODO: check
CVE-2015-6354 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight ...)
TODO: check
CVE-2015-6353 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight ...)
@@ -5034,11 +5047,9 @@
- miniupnpc 1.9.20140610-2.1 (bug #802650)
NOTE: http://talosintel.com/reports/TALOS-2015-0035/
NOTE: https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78
-CVE-2015-6030
- RESERVED
+CVE-2015-6030 (HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, ...)
NOT-FOR-US: HP Arcsight Logger
-CVE-2015-6029
- RESERVED
+CVE-2015-6029 (HP ArcSight Logger before 6.0 P2 does not limit attempts to ...)
NOT-FOR-US: HP Arcsight Logger
CVE-2015-6028
RESERVED
@@ -6105,8 +6116,8 @@
[squeeze] - kfreebsd-8 <not-affected> (kfreebsd-i386/amd64 not supported in Squeeze LTS)
CVE-2015-5674
RESERVED
-CVE-2015-5673
- RESERVED
+CVE-2015-5673 (eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) ...)
+ TODO: check
CVE-2015-5672
RESERVED
CVE-2015-5671 (Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to ...)
@@ -7982,8 +7993,8 @@
RESERVED
CVE-2015-5022 (IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B ...)
NOT-FOR-US: IBM
-CVE-2015-5021
- RESERVED
+CVE-2015-5021 (IBM InfoSphere Information Server 11.3 and 11.5 allows remote ...)
+ TODO: check
CVE-2015-5020
RESERVED
CVE-2015-5019
@@ -8170,8 +8181,8 @@
NOT-FOR-US: IBM
CVE-2015-4928
RESERVED
-CVE-2015-4927
- RESERVED
+CVE-2015-4927 (The Reporting and Monitoring component in Tivoli Monitoring in IBM ...)
+ TODO: check
CVE-2015-4926
RESERVED
CVE-2015-4925
@@ -9322,6 +9333,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-116/
CVE-2015-4513
RESERVED
+ {DSA-3393-1}
- iceweasel 38.4.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-116/
@@ -14057,11 +14069,9 @@
NOT-FOR-US: Actiontec
CVE-2015-2904 (Actiontec GT784WN modems with firmware before NCS01-1.0.13 have ...)
NOT-FOR-US: Actiontec
-CVE-2015-2903
- RESERVED
+CVE-2015-2903 (The CWSAPI SOAP service in HP ArcSight SmartConnectors before 7.1.6 ...)
NOT-FOR-US: HP ArcSight
-CVE-2015-2902
- RESERVED
+CVE-2015-2902 (HP ArcSight SmartConnectors before 7.1.6 do not verify X.509 ...)
NOT-FOR-US: HP ArcSight
CVE-2015-2901 (Multiple stack-based buffer overflows in Medicomp MEDCIN Engine ...)
TODO: check
@@ -21027,7 +21037,7 @@
[wheezy] - svn-workbench <no-dsa> (Minor issue)
[jessie] - svn-workbench <no-dsa> (Minor issue)
CVE-2015-0852 (Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and ...)
- {DLA-327-1}
+ {DSA-3392-1 DLA-327-1}
- freeimage 3.15.4-5 (bug #797165)
NOTE: http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginPCX.cpp?r1=1.17&r2=1.18&pathrev=MAIN
NOTE: http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginPCX.cpp?r1=1.18&r2=1.19&pathrev=MAIN
More information about the Secure-testing-commits
mailing list