[Secure-testing-commits] r37600 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Nov 6 21:10:13 UTC 2015
Author: sectracker
Date: 2015-11-06 21:10:13 +0000 (Fri, 06 Nov 2015)
New Revision: 37600
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-11-06 19:25:50 UTC (rev 37599)
+++ data/CVE/list 2015-11-06 21:10:13 UTC (rev 37600)
@@ -1,3 +1,5 @@
+CVE-2015-8079
+ RESERVED
CVE-2015-8080 [integer overflow in getnum]
- redis <unfixed>
NOTE: https://github.com/antirez/redis/issues/2855
@@ -109,7 +111,7 @@
NOTE: Upstream commit: https://github.com/pycurl/pycurl/commit/602f8e364634d386524f0396e962c2c9de0536a9
NOTE: support for BUFFER and BUFFERPTR form parameters added with https://github.com/clintclayton/pycurl/commit/642f87afc14fc79c202c3b10b95ad35e97aa8615
CVE-2015-8075 [Out of bounds reads in psf_strlcpy_crlf when running test suite]
- RESERVED
+ REJECTED
- libsndfile <unfixed>
[jessie] - libsndfile <no-dsa> (Minor issue with test)
[wheezy] - libsndfile <no-dsa> (Minor issue with test)
@@ -912,8 +914,8 @@
RESERVED
CVE-2015-7771
RESERVED
-CVE-2015-7770
- RESERVED
+CVE-2015-7770 (Dell SonicWall TotalSecure TZ 100 devices with firmware before ...)
+ TODO: check
CVE-2015-7769
RESERVED
CVE-2015-7768 (Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote ...)
@@ -4460,8 +4462,7 @@
RESERVED
CVE-2015-6322 (The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 ...)
NOT-FOR-US: Cisco
-CVE-2015-6321
- RESERVED
+CVE-2015-6321 (Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before ...)
NOT-FOR-US: Cisco
CVE-2015-6320
RESERVED
@@ -4471,8 +4472,7 @@
NOT-FOR-US: Cisco
CVE-2015-6317
RESERVED
-CVE-2015-6316
- RESERVED
+CVE-2015-6316 (The default configuration of sshd_config in Cisco Mobility Services ...)
NOT-FOR-US: Cisco
CVE-2015-6315 (Cisco Aironet 1850 access points with software 8.1(112.4) allow local ...)
NOT-FOR-US: Cisco
@@ -4508,8 +4508,8 @@
NOT-FOR-US: Cisco
CVE-2015-6299 (SQL injection vulnerability in the web interface in Cisco Unity ...)
NOT-FOR-US: Cisco
-CVE-2015-6298
- RESERVED
+CVE-2015-6298 (The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x ...)
+ TODO: check
CVE-2015-6297 (The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 ...)
NOT-FOR-US: Cisco
CVE-2015-6296 (Cisco Prime Network Registrar (CPNR) 8.1(3.3), 8.2(3), and 8.3(2) has ...)
@@ -4518,14 +4518,11 @@
NOT-FOR-US: Cisco
CVE-2015-6294 (Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow ...)
NOT-FOR-US: Cisco
-CVE-2015-6293
- RESERVED
+CVE-2015-6293 (Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, ...)
NOT-FOR-US: Cisco
-CVE-2015-6292
- RESERVED
+CVE-2015-6292 (The proxy-cache implementation in Cisco AsyncOS 8.0.x before ...)
NOT-FOR-US: Cisco
-CVE-2015-6291
- RESERVED
+CVE-2015-6291 (Cisco AsyncOS before 8.5.7-043, 9.x before 9.1.1-023, and 9.5.x and ...)
NOT-FOR-US: Cisco
CVE-2015-6290 (Cisco Web Security Appliance (WSA) 8.0.7 allows remote HTTP servers to ...)
NOT-FOR-US: Cisco
@@ -6113,8 +6110,8 @@
RESERVED
CVE-2015-5673 (eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) ...)
TODO: check
-CVE-2015-5672
- RESERVED
+CVE-2015-5672 (TYPE-MOON Fate/stay night, Fate/hollow ataraxia, Witch on the Holy ...)
+ TODO: check
CVE-2015-5671 (Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to ...)
TODO: check
CVE-2015-5670 (Cross-site scripting (XSS) vulnerability in Techno Project Japan ...)
@@ -9962,8 +9959,8 @@
NOT-FOR-US: Cisco
CVE-2015-4283 (Cisco Videoscape Policy Resource Manager (PRM) 3.5.4 allows remote ...)
NOT-FOR-US: Cisco
-CVE-2015-4282
- RESERVED
+CVE-2015-4282 (Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak ...)
+ TODO: check
CVE-2015-4281 (Cross-site request forgery (CSRF) vulnerability in Cisco WebEx ...)
NOT-FOR-US: Cisco
CVE-2015-4280 (Cisco Prime Collaboration Assurance 10.0 allows remote attackers to ...)
@@ -14863,17 +14860,20 @@
NOTE: https://github.com/krb5/krb5/commit/3db8dfec1ef50ddd78d6ba9503185995876a39fd
CVE-2015-2697 [invalid string processing]
RESERVED
+ {DSA-3395-1}
- krb5 1.13.2+dfsg-3 (bug #803088)
NOTE: https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789
NOTE: Upstream ticket: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8252
CVE-2015-2696 [IAKERB context aliasing bugs]
RESERVED
+ {DSA-3395-1}
- krb5 1.13.2+dfsg-3 (bug #803084)
[squeeze] - krb5 <not-affected> (Vulnerable code not present)
NOTE: https://github.com/krb5/krb5/commit/e04f0283516e80d2f93366e0d479d13c9b5c8c2a
NOTE: Upstream ticket: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244
CVE-2015-2695 [SPNEGO context aliasing bugs]
RESERVED
+ {DSA-3395-1}
- krb5 1.13.2+dfsg-3 (bug #803083)
NOTE: https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5bd107f791c101695000d
NOTE: Upstream ticket: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244
More information about the Secure-testing-commits
mailing list