[Secure-testing-commits] r37588 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Nov 5 21:10:12 UTC 2015
Author: sectracker
Date: 2015-11-05 21:10:12 +0000 (Thu, 05 Nov 2015)
New Revision: 37588
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-11-05 20:33:55 UTC (rev 37587)
+++ data/CVE/list 2015-11-05 21:10:12 UTC (rev 37588)
@@ -1,9 +1,11 @@
CVE-2015-8078 [integer overflow in the section_offset addition after the c21e179c1f6b968fe69bebe079176714e511587b fix]
+ RESERVED
- cyrus-imapd-2.4 <unfixed> (bug #804182)
[jessie] - cyrus-imapd-2.4 <not-affected> (Incomplete patch for CVE-2015-8076 not applied)
[wheezy] - cyrus-imapd-2.4 <not-affected> (Incomplete patch for CVE-2015-8076 not applied)
NOTE: https://cyrus.foundation/cyrus-imapd/commit/?id=6fb6a272171f49c79ba6ab7c6403eb25b39ec1b2
CVE-2015-8077 [integer overflow in the start_octet addition after the 07de4ff1bf2fa340b9d77b8e7de8d43d47a33921 fix]
+ RESERVED
- cyrus-imapd-2.4 <unfixed> (bug #804182)
[jessie] - cyrus-imapd-2.4 <not-affected> (Incomplete patch for CVE-2015-8076 not applied)
[wheezy] - cyrus-imapd-2.4 <not-affected> (Incomplete patch for CVE-2015-8076 not applied)
@@ -1874,6 +1876,7 @@
[jessie] - nodejs <not-affected> (Vulnerability not present)
NOTE: https://groups.google.com/forum/#!topic/nodejs-sec/fSNEQiuof6I
CVE-2015-8076 [urlfetch range handling flaw in Cyrus IMAP]
+ RESERVED
- cyrus-imapd-2.4 2.4.17+nocaldav-2
NOTE: http://www.openwall.com/lists/oss-security/2015/09/29/2
NOTE: https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921
@@ -2284,93 +2287,76 @@
RESERVED
CVE-2015-7201
RESERVED
-CVE-2015-7200
- RESERVED
+CVE-2015-7200 (The CryptoKey interface implementation in Mozilla Firefox before 42.0 ...)
{DSA-3393-1}
- iceweasel 38.4.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-131/
-CVE-2015-7199
- RESERVED
+CVE-2015-7199 (The (1) AddWeightedPathSegLists and (2) ...)
{DSA-3393-1}
- iceweasel 38.4.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-131/
-CVE-2015-7198
- RESERVED
+CVE-2015-7198 (Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in ...)
{DSA-3393-1}
- iceweasel 38.4.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-131/
-CVE-2015-7197
- RESERVED
+CVE-2015-7197 (Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 ...)
{DSA-3393-1}
- iceweasel 38.4.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-132/
-CVE-2015-7196
- RESERVED
+CVE-2015-7196 (Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a ...)
{DSA-3393-1}
- iceweasel 38.4.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-130/
-CVE-2015-7195
- RESERVED
+CVE-2015-7195 (The URL parsing implementation in Mozilla Firefox before 42.0 ...)
- iceweasel <not-affected> (ESR38 series not affected)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-129/
-CVE-2015-7194
- RESERVED
+CVE-2015-7194 (Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ...)
{DSA-3393-1}
- iceweasel 38.4.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-128/
-CVE-2015-7193
- RESERVED
+CVE-2015-7193 (Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 ...)
{DSA-3393-1}
- iceweasel 38.4.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-127/
-CVE-2015-7192
- RESERVED
+CVE-2015-7192 (The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X ...)
- iceweasel <not-affected> (Only affects Firefox on MacOS)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-126/
-CVE-2015-7191
- RESERVED
+CVE-2015-7191 (Mozilla Firefox before 42.0 on Android improperly restricts URL ...)
- iceweasel <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-125/
-CVE-2015-7190
- RESERVED
+CVE-2015-7190 (The Search feature in Mozilla Firefox before 42.0 on Android through ...)
- iceweasel <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-124/
-CVE-2015-7189
- RESERVED
+CVE-2015-7189 (Race condition in the JPEGEncoder function in Mozilla Firefox before ...)
{DSA-3393-1}
- iceweasel 38.4.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-123/
-CVE-2015-7188
- RESERVED
+CVE-2015-7188 (Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow ...)
{DSA-3393-1}
- iceweasel 38.4.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-122/
-CVE-2015-7187
- RESERVED
+CVE-2015-7187 (The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: ...)
- iceweasel <not-affected> (ESR38 series not affected)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-121/
-CVE-2015-7186
- RESERVED
+CVE-2015-7186 (Mozilla Firefox before 42.0 on Android allows user-assisted remote ...)
- iceweasel <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-120/
-CVE-2015-7185
- RESERVED
+CVE-2015-7185 (Mozilla Firefox before 42.0 on Android does not ensure that the ...)
- iceweasel <not-affected> (ESR38 series not affected)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-119/
CVE-2015-7184 (The fetch API implementation in Mozilla Firefox before 41.0.2 does not ...)
- iceweasel <not-affected> (Affects only Firefox later than 38)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/
-CVE-2015-7183 [NSPR overflow in PL_ARENA_ALLOCATE can lead to crash (under ASAN), potential memory corruption]
- RESERVED
+CVE-2015-7183 (Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape ...)
{DSA-3393-1}
- iceweasel 38.4.0esr-1
[squeeze] - iceweasel <end-of-life>
@@ -2386,8 +2372,7 @@
NOTE: Icedove, wine-gecko-2.21, virtualbox(-ose)? have embedded copies of nspr.
NOTE: Fixes impact macros PL_ARENA_ALLOCATE and PL_ARENA_GROW, other packages need to be recompiled:
NOTE: jss (on wheezy/jessie) according to codesearch.debian.net
-CVE-2015-7182
- RESERVED
+CVE-2015-7182 (Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network ...)
{DSA-3393-1}
- nss 2:3.20.1-1
NOTE: http://hg.mozilla.org/projects/nss/rev/4dc247276e58
@@ -2396,8 +2381,7 @@
- iceweasel 38.4.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-133/
-CVE-2015-7181 [ASan: use-after-poison in sec_asn1d_parse_leaf()]
- RESERVED
+CVE-2015-7181 (The sec_asn1d_parse_leaf function in Mozilla Network Security Services ...)
{DSA-3393-1}
- nss 2:3.20.1-1
NOTE: http://hg.mozilla.org/projects/nss/rev/8ac7f47eecbb
@@ -6284,9 +6268,10 @@
CVE-2015-5603 (The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows ...)
NOT-FOR-US: HipChat plugin
CVE-2015-5602 [Unauthorized privilege escalation in sudoedit]
+ RESERVED
- sudo <unfixed> (bug #804149)
- NOTE: http://bugzilla.sudo.ws/show_bug.cgi?id=707
- NOTE: http://www.sudo.ws/repos/sudo/rev/9636fd256325
+ NOTE: http://bugzilla.sudo.ws/show_bug.cgi?id=707
+ NOTE: http://www.sudo.ws/repos/sudo/rev/9636fd256325
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1277426
NOTE: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1512781
CVE-2015-5601
@@ -7456,14 +7441,17 @@
NOT-FOR-US: Ipsilon
CVE-2015-5214
RESERVED
+ {DSA-3394-1}
- libreoffice 1:5.0.2-1
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2015-5214/
CVE-2015-5213
RESERVED
+ {DSA-3394-1}
- libreoffice 1:5.0.2-1
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2015-5213/
CVE-2015-5212
RESERVED
+ {DSA-3394-1}
- libreoffice 1:5.0.2-1
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2015-5212/
CVE-2015-5211
@@ -9250,6 +9238,7 @@
NOT-FOR-US: MyBB
CVE-2015-4551
RESERVED
+ {DSA-3394-1}
- libreoffice 1:5.0.2-1
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2015-4551/
CVE-2015-4550 (The Cavium cryptographic-module firmware on Cisco Adaptive Security ...)
@@ -9328,8 +9317,7 @@
- iceweasel 38.3.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-110/
-CVE-2015-4518
- RESERVED
+CVE-2015-4518 (The Reader View implementation in Mozilla Firefox before 42.0 has an ...)
- iceweasel <not-affected> (ESR38 series not affected)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-118/
CVE-2015-4517 (NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x ...)
@@ -9340,16 +9328,13 @@
CVE-2015-4516 (Mozilla Firefox before 41.0 allows remote attackers to bypass certain ...)
- iceweasel <not-affected> (Affects only 40.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-109/
-CVE-2015-4515
- RESERVED
+CVE-2015-4515 (Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP ...)
- iceweasel <not-affected> (ESR38 series not affected)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-117/
-CVE-2015-4514
- RESERVED
+CVE-2015-4514 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- iceweasel <not-affected> (ESR38 series not affected)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-116/
-CVE-2015-4513
- RESERVED
+CVE-2015-4513 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
{DSA-3393-1}
- iceweasel 38.4.0esr-1
[squeeze] - iceweasel <end-of-life>
More information about the Secure-testing-commits
mailing list