[Secure-testing-commits] r37593 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Nov 6 16:00:58 UTC 2015
Author: jmm
Date: 2015-11-06 16:00:58 +0000 (Fri, 06 Nov 2015)
New Revision: 37593
Modified:
data/CVE/list
Log:
puppet n/a
remove wine-gecko entry, no point in tracking this
vbox no-dsa
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-11-06 15:45:47 UTC (rev 37592)
+++ data/CVE/list 2015-11-06 16:00:58 UTC (rev 37593)
@@ -11,11 +11,11 @@
[wheezy] - cyrus-imapd-2.4 <not-affected> (Incomplete patch for CVE-2015-8076 not applied)
NOTE: https://cyrus.foundation/cyrus-imapd/commit/?id=745e161c834f1eb6d62fc14477f51dae799e1e08
CVE-2015-8074 (mediaserver in Android before 5.1.1 LMY48X allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2015-8073 (mediaserver in Android 4.4 and 5.1 before 5.1.1 LMY48X allows remote ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2015-8072 (mediaserver in Android 4.4 through 5.x before 5.1.1 LMY48X and 6.0 ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2015-8071
RESERVED
CVE-2015-8070
@@ -77,9 +77,9 @@
CVE-2015-8042
RESERVED
CVE-2015-8040 (The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung ...)
- TODO: check
+ NOT-FOR-US: Samsung SmartViewer
CVE-2015-8039 (Samsung SmartViewer allow remote attackers to execute arbitrary code ...)
- TODO: check
+ NOT-FOR-US: Samsung SmartViewer
CVE-2015-8038 (Multiple cross-site scripting (XSS) vulnerabilities in the Graphical ...)
TODO: check
CVE-2015-8037 (Multiple cross-site scripting (XSS) vulnerabilities in the Graphical ...)
@@ -136,11 +136,11 @@
CVE-2015-8031
RESERVED
CVE-2015-8030 (SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2015-8029 (SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2015-8028 (Multiple buffer overflows in SAP 3D Visual Enterprise Viewer (VEV) ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2015-8027
RESERVED
CVE-2015-8024
@@ -247,7 +247,7 @@
CVE-2015-7987
RESERVED
CVE-2015-7986 (The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2015-7985
RESERVED
CVE-2015-XXXX [buffer overflow with handling pop3_deleted_flag setting]
@@ -2004,8 +2004,7 @@
RESERVED
CVE-2015-7328
RESERVED
- - puppet 3.8.4-1
- TODO: check
+ - puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2015-7327 (Mozilla Firefox before 41.0 does not properly restrict the ...)
- iceweasel <not-affected> (Windows-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-114/
@@ -2365,13 +2364,14 @@
- nspr 2:4.10.10-1
- icedove 31.7.0-1~deb8u1
[squeeze] - icedove <end-of-life>
- - wine-gecko-2.21 <unfixed>
- virtualbox-ose <removed>
- virtualbox <unfixed>
+ [jessie] - virtualbox <no-dsa> (Minor issue, will be fixed when included in next CPU)
+ [wheezy] - virtualbox <no-dsa> (Minor issue, will be fixed when included in next CPU)
NOTE: http://hg.mozilla.org/projects/nspr/rev/c9c965b2b19c
NOTE: http://hg.mozilla.org/projects/nspr/rev/bd8fb4498fa6
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-133/
- NOTE: Icedove, wine-gecko-2.21, virtualbox(-ose)? have embedded copies of nspr.
+ NOTE: Icedove, virtualbox(-ose)? have embedded copies of nspr.
NOTE: Fixes impact macros PL_ARENA_ALLOCATE and PL_ARENA_GROW, other packages need to be recompiled:
NOTE: jss (on wheezy/jessie) according to codesearch.debian.net
CVE-2015-7182 (Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network ...)
More information about the Secure-testing-commits
mailing list