[Secure-testing-commits] r37588 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Thu Nov 5 21:10:12 UTC 2015


Author: sectracker
Date: 2015-11-05 21:10:12 +0000 (Thu, 05 Nov 2015)
New Revision: 37588

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-11-05 20:33:55 UTC (rev 37587)
+++ data/CVE/list	2015-11-05 21:10:12 UTC (rev 37588)
@@ -1,9 +1,11 @@
 CVE-2015-8078 [integer overflow in the section_offset addition after the c21e179c1f6b968fe69bebe079176714e511587b fix]
+	RESERVED
 	- cyrus-imapd-2.4 <unfixed> (bug #804182)
 	[jessie] - cyrus-imapd-2.4 <not-affected> (Incomplete patch for CVE-2015-8076 not applied)
 	[wheezy] - cyrus-imapd-2.4 <not-affected> (Incomplete patch for CVE-2015-8076 not applied)
 	NOTE: https://cyrus.foundation/cyrus-imapd/commit/?id=6fb6a272171f49c79ba6ab7c6403eb25b39ec1b2
 CVE-2015-8077 [integer overflow in the start_octet addition after the 07de4ff1bf2fa340b9d77b8e7de8d43d47a33921 fix]
+	RESERVED
 	- cyrus-imapd-2.4 <unfixed> (bug #804182)
 	[jessie] - cyrus-imapd-2.4 <not-affected> (Incomplete patch for CVE-2015-8076 not applied)
 	[wheezy] - cyrus-imapd-2.4 <not-affected> (Incomplete patch for CVE-2015-8076 not applied)
@@ -1874,6 +1876,7 @@
 	[jessie] - nodejs <not-affected> (Vulnerability not present)
 	NOTE: https://groups.google.com/forum/#!topic/nodejs-sec/fSNEQiuof6I
 CVE-2015-8076 [urlfetch range handling flaw in Cyrus IMAP]
+	RESERVED
 	- cyrus-imapd-2.4 2.4.17+nocaldav-2
 	NOTE: http://www.openwall.com/lists/oss-security/2015/09/29/2
 	NOTE: https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921
@@ -2284,93 +2287,76 @@
 	RESERVED
 CVE-2015-7201
 	RESERVED
-CVE-2015-7200
-	RESERVED
+CVE-2015-7200 (The CryptoKey interface implementation in Mozilla Firefox before 42.0 ...)
 	{DSA-3393-1}
 	- iceweasel 38.4.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-131/
-CVE-2015-7199
-	RESERVED
+CVE-2015-7199 (The (1) AddWeightedPathSegLists and (2) ...)
 	{DSA-3393-1}
 	- iceweasel 38.4.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-131/
-CVE-2015-7198
-	RESERVED
+CVE-2015-7198 (Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in ...)
 	{DSA-3393-1}
 	- iceweasel 38.4.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-131/
-CVE-2015-7197
-	RESERVED
+CVE-2015-7197 (Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 ...)
 	{DSA-3393-1}
 	- iceweasel 38.4.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-132/
-CVE-2015-7196
-	RESERVED
+CVE-2015-7196 (Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a ...)
 	{DSA-3393-1}
 	- iceweasel 38.4.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-130/
-CVE-2015-7195
-	RESERVED
+CVE-2015-7195 (The URL parsing implementation in Mozilla Firefox before 42.0 ...)
 	- iceweasel <not-affected> (ESR38 series not affected)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-129/
-CVE-2015-7194
-	RESERVED
+CVE-2015-7194 (Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ...)
 	{DSA-3393-1}
 	- iceweasel 38.4.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-128/
-CVE-2015-7193
-	RESERVED
+CVE-2015-7193 (Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 ...)
 	{DSA-3393-1}
 	- iceweasel 38.4.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-127/
-CVE-2015-7192
-	RESERVED
+CVE-2015-7192 (The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X ...)
 	- iceweasel <not-affected> (Only affects Firefox on MacOS)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-126/
-CVE-2015-7191
-	RESERVED
+CVE-2015-7191 (Mozilla Firefox before 42.0 on Android improperly restricts URL ...)
 	- iceweasel <not-affected> (Only affects Firefox on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-125/
-CVE-2015-7190
-	RESERVED
+CVE-2015-7190 (The Search feature in Mozilla Firefox before 42.0 on Android through ...)
 	- iceweasel <not-affected> (Only affects Firefox on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-124/
-CVE-2015-7189
-	RESERVED
+CVE-2015-7189 (Race condition in the JPEGEncoder function in Mozilla Firefox before ...)
 	{DSA-3393-1}
 	- iceweasel 38.4.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-123/
-CVE-2015-7188
-	RESERVED
+CVE-2015-7188 (Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow ...)
 	{DSA-3393-1}
 	- iceweasel 38.4.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-122/
-CVE-2015-7187
-	RESERVED
+CVE-2015-7187 (The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: ...)
 	- iceweasel <not-affected> (ESR38 series not affected)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-121/
-CVE-2015-7186
-	RESERVED
+CVE-2015-7186 (Mozilla Firefox before 42.0 on Android allows user-assisted remote ...)
 	- iceweasel <not-affected> (Only affects Firefox on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-120/
-CVE-2015-7185
-	RESERVED
+CVE-2015-7185 (Mozilla Firefox before 42.0 on Android does not ensure that the ...)
 	- iceweasel <not-affected> (ESR38 series not affected)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-119/
 CVE-2015-7184 (The fetch API implementation in Mozilla Firefox before 41.0.2 does not ...)
 	- iceweasel <not-affected> (Affects only Firefox later than 38)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/
-CVE-2015-7183 [NSPR overflow in PL_ARENA_ALLOCATE can lead to crash (under ASAN), potential memory corruption]
-	RESERVED
+CVE-2015-7183 (Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape ...)
 	{DSA-3393-1}
 	- iceweasel 38.4.0esr-1
 	[squeeze] - iceweasel <end-of-life>
@@ -2386,8 +2372,7 @@
 	NOTE: Icedove, wine-gecko-2.21, virtualbox(-ose)? have embedded copies of nspr.
 	NOTE: Fixes impact macros PL_ARENA_ALLOCATE and PL_ARENA_GROW, other packages need to be recompiled:
 	NOTE: jss (on wheezy/jessie) according to codesearch.debian.net
-CVE-2015-7182
-	RESERVED
+CVE-2015-7182 (Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network ...)
 	{DSA-3393-1}
 	- nss 2:3.20.1-1
 	NOTE: http://hg.mozilla.org/projects/nss/rev/4dc247276e58
@@ -2396,8 +2381,7 @@
 	- iceweasel 38.4.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-133/
-CVE-2015-7181 [ASan: use-after-poison in sec_asn1d_parse_leaf()]
-	RESERVED
+CVE-2015-7181 (The sec_asn1d_parse_leaf function in Mozilla Network Security Services ...)
 	{DSA-3393-1}
 	- nss 2:3.20.1-1
 	NOTE: http://hg.mozilla.org/projects/nss/rev/8ac7f47eecbb
@@ -6284,9 +6268,10 @@
 CVE-2015-5603 (The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows ...)
 	NOT-FOR-US: HipChat plugin
 CVE-2015-5602 [Unauthorized privilege escalation in sudoedit]
+	RESERVED
 	- sudo <unfixed> (bug #804149)
-        NOTE: http://bugzilla.sudo.ws/show_bug.cgi?id=707
-        NOTE: http://www.sudo.ws/repos/sudo/rev/9636fd256325
+	NOTE: http://bugzilla.sudo.ws/show_bug.cgi?id=707
+	NOTE: http://www.sudo.ws/repos/sudo/rev/9636fd256325
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1277426
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1512781
 CVE-2015-5601
@@ -7456,14 +7441,17 @@
 	NOT-FOR-US: Ipsilon
 CVE-2015-5214
 	RESERVED
+	{DSA-3394-1}
 	- libreoffice 1:5.0.2-1
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2015-5214/
 CVE-2015-5213
 	RESERVED
+	{DSA-3394-1}
 	- libreoffice 1:5.0.2-1
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2015-5213/
 CVE-2015-5212
 	RESERVED
+	{DSA-3394-1}
 	- libreoffice 1:5.0.2-1
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2015-5212/
 CVE-2015-5211
@@ -9250,6 +9238,7 @@
 	NOT-FOR-US: MyBB
 CVE-2015-4551
 	RESERVED
+	{DSA-3394-1}
 	- libreoffice 1:5.0.2-1
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2015-4551/
 CVE-2015-4550 (The Cavium cryptographic-module firmware on Cisco Adaptive Security ...)
@@ -9328,8 +9317,7 @@
 	- iceweasel 38.3.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-110/
-CVE-2015-4518
-	RESERVED
+CVE-2015-4518 (The Reader View implementation in Mozilla Firefox before 42.0 has an ...)
 	- iceweasel <not-affected> (ESR38 series not affected)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-118/
 CVE-2015-4517 (NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x ...)
@@ -9340,16 +9328,13 @@
 CVE-2015-4516 (Mozilla Firefox before 41.0 allows remote attackers to bypass certain ...)
 	- iceweasel <not-affected> (Affects only 40.x)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-109/
-CVE-2015-4515
-	RESERVED
+CVE-2015-4515 (Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP ...)
 	- iceweasel <not-affected> (ESR38 series not affected)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-117/
-CVE-2015-4514
-	RESERVED
+CVE-2015-4514 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- iceweasel <not-affected> (ESR38 series not affected)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-116/
-CVE-2015-4513
-	RESERVED
+CVE-2015-4513 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	{DSA-3393-1}
 	- iceweasel 38.4.0esr-1
 	[squeeze] - iceweasel <end-of-life>




More information about the Secure-testing-commits mailing list