[Secure-testing-commits] r37600 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Nov 6 21:10:13 UTC 2015


Author: sectracker
Date: 2015-11-06 21:10:13 +0000 (Fri, 06 Nov 2015)
New Revision: 37600

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-11-06 19:25:50 UTC (rev 37599)
+++ data/CVE/list	2015-11-06 21:10:13 UTC (rev 37600)
@@ -1,3 +1,5 @@
+CVE-2015-8079
+	RESERVED
 CVE-2015-8080 [integer overflow in getnum]
 	- redis <unfixed>
 	NOTE: https://github.com/antirez/redis/issues/2855
@@ -109,7 +111,7 @@
 	NOTE: Upstream commit: https://github.com/pycurl/pycurl/commit/602f8e364634d386524f0396e962c2c9de0536a9
 	NOTE: support for BUFFER and BUFFERPTR form parameters added with https://github.com/clintclayton/pycurl/commit/642f87afc14fc79c202c3b10b95ad35e97aa8615
 CVE-2015-8075 [Out of bounds reads in psf_strlcpy_crlf when running test suite]
-	RESERVED
+	REJECTED
 	- libsndfile <unfixed>
 	[jessie] - libsndfile <no-dsa> (Minor issue with test)
 	[wheezy] - libsndfile <no-dsa> (Minor issue with test)
@@ -912,8 +914,8 @@
 	RESERVED
 CVE-2015-7771
 	RESERVED
-CVE-2015-7770
-	RESERVED
+CVE-2015-7770 (Dell SonicWall TotalSecure TZ 100 devices with firmware before ...)
+	TODO: check
 CVE-2015-7769
 	RESERVED
 CVE-2015-7768 (Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote ...)
@@ -4460,8 +4462,7 @@
 	RESERVED
 CVE-2015-6322 (The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 ...)
 	NOT-FOR-US: Cisco
-CVE-2015-6321
-	RESERVED
+CVE-2015-6321 (Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before ...)
 	NOT-FOR-US: Cisco
 CVE-2015-6320
 	RESERVED
@@ -4471,8 +4472,7 @@
 	NOT-FOR-US: Cisco
 CVE-2015-6317
 	RESERVED
-CVE-2015-6316
-	RESERVED
+CVE-2015-6316 (The default configuration of sshd_config in Cisco Mobility Services ...)
 	NOT-FOR-US: Cisco
 CVE-2015-6315 (Cisco Aironet 1850 access points with software 8.1(112.4) allow local ...)
 	NOT-FOR-US: Cisco
@@ -4508,8 +4508,8 @@
 	NOT-FOR-US: Cisco
 CVE-2015-6299 (SQL injection vulnerability in the web interface in Cisco Unity ...)
 	NOT-FOR-US: Cisco
-CVE-2015-6298
-	RESERVED
+CVE-2015-6298 (The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x ...)
+	TODO: check
 CVE-2015-6297 (The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 ...)
 	NOT-FOR-US: Cisco
 CVE-2015-6296 (Cisco Prime Network Registrar (CPNR) 8.1(3.3), 8.2(3), and 8.3(2) has ...)
@@ -4518,14 +4518,11 @@
 	NOT-FOR-US: Cisco
 CVE-2015-6294 (Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow ...)
 	NOT-FOR-US: Cisco
-CVE-2015-6293
-	RESERVED
+CVE-2015-6293 (Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, ...)
 	NOT-FOR-US: Cisco
-CVE-2015-6292
-	RESERVED
+CVE-2015-6292 (The proxy-cache implementation in Cisco AsyncOS 8.0.x before ...)
 	NOT-FOR-US: Cisco
-CVE-2015-6291
-	RESERVED
+CVE-2015-6291 (Cisco AsyncOS before 8.5.7-043, 9.x before 9.1.1-023, and 9.5.x and ...)
 	NOT-FOR-US: Cisco
 CVE-2015-6290 (Cisco Web Security Appliance (WSA) 8.0.7 allows remote HTTP servers to ...)
 	NOT-FOR-US: Cisco
@@ -6113,8 +6110,8 @@
 	RESERVED
 CVE-2015-5673 (eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) ...)
 	TODO: check
-CVE-2015-5672
-	RESERVED
+CVE-2015-5672 (TYPE-MOON Fate/stay night, Fate/hollow ataraxia, Witch on the Holy ...)
+	TODO: check
 CVE-2015-5671 (Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to ...)
 	TODO: check
 CVE-2015-5670 (Cross-site scripting (XSS) vulnerability in Techno Project Japan ...)
@@ -9962,8 +9959,8 @@
 	NOT-FOR-US: Cisco
 CVE-2015-4283 (Cisco Videoscape Policy Resource Manager (PRM) 3.5.4 allows remote ...)
 	NOT-FOR-US: Cisco
-CVE-2015-4282
-	RESERVED
+CVE-2015-4282 (Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak ...)
+	TODO: check
 CVE-2015-4281 (Cross-site request forgery (CSRF) vulnerability in Cisco WebEx ...)
 	NOT-FOR-US: Cisco
 CVE-2015-4280 (Cisco Prime Collaboration Assurance 10.0 allows remote attackers to ...)
@@ -14863,17 +14860,20 @@
 	NOTE: https://github.com/krb5/krb5/commit/3db8dfec1ef50ddd78d6ba9503185995876a39fd
 CVE-2015-2697 [invalid string processing]
 	RESERVED
+	{DSA-3395-1}
 	- krb5 1.13.2+dfsg-3 (bug #803088)
 	NOTE: https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789
 	NOTE: Upstream ticket: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8252
 CVE-2015-2696 [IAKERB context aliasing bugs]
 	RESERVED
+	{DSA-3395-1}
 	- krb5 1.13.2+dfsg-3 (bug #803084)
 	[squeeze] - krb5 <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/krb5/krb5/commit/e04f0283516e80d2f93366e0d479d13c9b5c8c2a
 	NOTE: Upstream ticket: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244
 CVE-2015-2695 [SPNEGO context aliasing bugs]
 	RESERVED
+	{DSA-3395-1}
 	- krb5 1.13.2+dfsg-3 (bug #803083)
 	NOTE: https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5bd107f791c101695000d
 	NOTE: Upstream ticket: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244




More information about the Secure-testing-commits mailing list