[Secure-testing-commits] r37655 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Nov 10 21:10:13 UTC 2015
Author: sectracker
Date: 2015-11-10 21:10:13 +0000 (Tue, 10 Nov 2015)
New Revision: 37655
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-11-10 19:49:57 UTC (rev 37654)
+++ data/CVE/list 2015-11-10 21:10:13 UTC (rev 37655)
@@ -1,11 +1,38 @@
+CVE-2015-8103
+ RESERVED
+CVE-2015-8102
+ RESERVED
+CVE-2015-8101
+ RESERVED
+CVE-2015-8099
+ RESERVED
+CVE-2015-8098
+ RESERVED
+CVE-2015-8097
+ RESERVED
+CVE-2015-8096 (Integer overflow in Google Picasa 3.9.140 Build 239 and Build 248 ...)
+ TODO: check
+CVE-2015-8095 (The recycle bin feature in the Monster Menus module 7.x-1.21 before ...)
+ TODO: check
+CVE-2015-8094
+ RESERVED
+CVE-2015-8093
+ RESERVED
+CVE-2015-8092
+ RESERVED
+CVE-2015-8091
+ RESERVED
+CVE-2015-8090
+ RESERVED
CVE-2015-8104
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
- xen <unfixed>
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-156.html
NOTE: Upstream patch: https://lkml.org/lkml/2015/11/10/218
-CVE-2015-8100 [Insecure file permissions in net-snmp specific in OpenBSD port]
+CVE-2015-8100 (The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for ...)
- net-snmp <not-affected> (Specific to packaging in OpenBSD)
CVE-2015-8089
RESERVED
@@ -203,11 +230,9 @@
CVE-2015-8008
RESERVED
NOT-FOR-US: Mediawiki extension OAuth
-CVE-2015-8007
- RESERVED
+CVE-2015-8007 (The Echo extension for MediWiki does not properly implement the ...)
NOT-FOR-US: Mediawiki extension Echo
-CVE-2015-8006
- RESERVED
+CVE-2015-8006 (Cross-site scripting (XSS) vulnerability in the PageTriage toolbar in ...)
NOT-FOR-US: Mediawiki extension PageTriage
CVE-2015-XXXX [iptables-persistent minor local info leak]
- iptables-persistent <unfixed> (low; bug #764645)
@@ -223,36 +248,31 @@
- xscreensaver 5.34-1 (bug #802914)
NOTE: http://pkgs.fedoraproject.org/cgit/xscreensaver.git/plain/xscreensaver-5.33-0002-Modify-sigchld_hander-in_signal_hander_p-mechanism.patch?id=b57f59f3482fedf70ce7a3541094e2512290139f
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1274452
-CVE-2015-8005
- RESERVED
+CVE-2015-8005 (MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before ...)
- mediawiki <unfixed>
[jessie] - mediawiki <no-dsa> (Minor issues)
[wheezy] - mediawiki <no-dsa> (Minor issues)
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://phabricator.wikimedia.org/T108616
-CVE-2015-8004
- RESERVED
+CVE-2015-8004 (MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before ...)
- mediawiki <unfixed>
[jessie] - mediawiki <no-dsa> (Minor issues)
[wheezy] - mediawiki <no-dsa> (Minor issues)
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://phabricator.wikimedia.org/T95589
-CVE-2015-8003
- RESERVED
+CVE-2015-8003 (MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before ...)
- mediawiki <unfixed>
[jessie] - mediawiki <no-dsa> (Minor issues)
[wheezy] - mediawiki <no-dsa> (Minor issues)
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://phabricator.wikimedia.org/T91850
-CVE-2015-8002
- RESERVED
+CVE-2015-8002 (The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x ...)
- mediawiki <unfixed>
[jessie] - mediawiki <no-dsa> (Minor issues)
[wheezy] - mediawiki <no-dsa> (Minor issues)
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://phabricator.wikimedia.org/T91205
-CVE-2015-8001
- RESERVED
+CVE-2015-8001 (The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x ...)
- mediawiki <unfixed>
[jessie] - mediawiki <no-dsa> (Minor issues)
[wheezy] - mediawiki <no-dsa> (Minor issues)
@@ -2260,8 +2280,7 @@
RESERVED
- puppet-module-puppetlabs-mysql 3.6.1-1
[jessie] - puppet-module-puppetlabs-mysql <not-affected> (Vulnerable code not present)
-CVE-2015-7295 [net: virtio-net possible remote DoS]
- RESERVED
+CVE-2015-7295 (hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support ...)
- qemu 1:2.4+dfsg-4 (bug #799452)
[jessie] - qemu <no-dsa> (Minor issue; can be fixed along in a later DSA)
[wheezy] - qemu <no-dsa> (Minor issue; can be fixed along in a later DSA)
@@ -2937,8 +2956,7 @@
CVE-2015-7337 (The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x ...)
- ipython <not-affected> (Affects versions 3.0 to 3.2.1)
NOTE: http://www.openwall.com/lists/oss-security/2015/09/16/3
-CVE-2015-7940 [bouncycastle ecc leak]
- RESERVED
+CVE-2015-7940 (The Bouncy Castle Java library before 1.51 does not validate a point ...)
- bouncycastle <unfixed> (bug #802671)
[experimental] - bouncycastle 1.51-1
NOTE: https://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html
@@ -4404,8 +4422,8 @@
RESERVED
CVE-2015-6363
RESERVED
-CVE-2015-6362
- RESERVED
+CVE-2015-6362 (The web GUI in Cisco Connected Grid Network Management System (CG-NMS) ...)
+ TODO: check
CVE-2015-6361
RESERVED
CVE-2015-6360
@@ -6167,8 +6185,8 @@
RESERVED
CVE-2015-5656
RESERVED
-CVE-2015-5655
- RESERVED
+CVE-2015-5655 (The Adways Party Track SDK before 1.6.6 for iOS does not verify X.509 ...)
+ TODO: check
CVE-2015-5654 (Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 ...)
- dojo <not-affected> (Fixed before the first version in Debian)
CVE-2015-5653 (Buffer overflow in Canary Labs Trend Web Server before 9.5.2 allows ...)
@@ -6918,8 +6936,8 @@
NOT-FOR-US: GE Healthcare Centricity PACS-IW
CVE-2011-5322 (GE Healthcare Centricity Analytics Server 1.1 has a default password ...)
NOT-FOR-US: GE Healthcare Centricity Analytics Server
-CVE-2015-8041 [Incomplete WPS and P2P NFC NDEF record payload length validation]
- RESERVED
+CVE-2015-8041 (Multiple integer overflows in the NDEF record parser in hostapd before ...)
+ {DSA-3397-1}
- wpa 2.3-2.2 (bug #795740)
- wpasupplicant <removed>
[squeeze] - wpasupplicant <not-affected> (0.7.0-v2.4 with with CONFIG_WPS_NFC=y)
@@ -7074,6 +7092,7 @@
RESERVED
CVE-2015-5316 [EAP-pwd peer error path failure on unexpected Confirm message]
RESERVED
+ {DSA-3397-1}
- wpa <unfixed> (bug #804710)
[wheezy] - wpa <not-affected> (v2.3-v2.5 with CONFIG_EAP_PWD=y)
- wpasupplicant <not-affected> (v2.3-v2.5 with CONFIG_EAP_PWD=y)
@@ -7083,6 +7102,7 @@
NOTE: https://w1.fi/security/2015-8/0001-EAP-pwd-peer-Fix-error-path-for-unexpected-Confirm-m.patch
CVE-2015-5315 [wpa_supplicant: EAP-pwd missing last fragment length validation]
RESERVED
+ {DSA-3397-1}
- wpa <unfixed> (bug #804708)
[wheezy] - wpa <not-affected> (v2.0-v2.5 with CONFIG_EAP_PWD=y)
- wpasupplicant <not-affected> (v2.0-v2.5 with CONFIG_EAP_PWD=y)
@@ -7092,6 +7112,7 @@
NOTE: https://w1.fi/security/2015-7/0001-EAP-pwd-peer-Fix-last-fragment-length-validation.patch
CVE-2015-5314 [hostapd: EAP-pwd missing last fragment length validation]
RESERVED
+ {DSA-3397-1}
- wpa <unfixed> (bug #804708)
[wheezy] - wpa <not-affected> (v2.0-v2.5 with CONFIG_EAP_PWD=y)
- wpasupplicant <not-affected> (v2.0-v2.5 with CONFIG_EAP_PWD=y)
@@ -7113,6 +7134,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/11/09/3
CVE-2015-5310 [wpa_supplicant unauthorized WNM Sleep Mode GTK control]
RESERVED
+ {DSA-3397-1}
- wpa <unfixed> (bug #804707)
[wheezy] - wpa <not-affected> (v2.0-v2.5 with CONFIG_WNM=y)
- wpasupplicant <not-affected> (v2.0-v2.5 with CONFIG_WNM=y)
@@ -7487,8 +7509,7 @@
[wheezy] - ntp <no-dsa> (Minor issue)
[squeeze] - ntp <no-dsa> (Minor issue)
NOTE: https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8
-CVE-2015-5218
- RESERVED
+CVE-2015-5218 (Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before ...)
- bsdmainutils <unfixed> (low; bug #798067)
[jessie] - bsdmainutils <no-dsa> (Minor issue)
[wheezy] - bsdmainutils <no-dsa> (Minor issue)
@@ -11823,6 +11844,7 @@
NOTE: https://bitbucket.org/jwilk/didjvu/issue/8
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/09/7
CVE-2015-4146 (The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 ...)
+ {DSA-3397-1}
- wpa 2.3-2.2 (bug #787371)
[wheezy] - wpa <not-affected> (Vulnerable code introduced later)
NOTE: support for fragmentation added in https://w1.fi/cgit/hostap/commit/?id=5ea93947ca67ba83529798b806a15b247cdb2e93
@@ -11833,6 +11855,7 @@
NOTE: http://w1.fi/security/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
CVE-2015-4145 (The EAP-pwd server and peer implementation in hostapd and ...)
+ {DSA-3397-1}
- wpa 2.3-2.2 (bug #787371)
[wheezy] - wpa <not-affected> (Vulnerable code introduced later)
NOTE: support for fragmentation added in https://w1.fi/cgit/hostap/commit/?id=5ea93947ca67ba83529798b806a15b247cdb2e93
@@ -11844,6 +11867,7 @@
NOTE: http://w1.fi/security/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
CVE-2015-4144 (The EAP-pwd server and peer implementation in hostapd and ...)
+ {DSA-3397-1}
- wpa 2.3-2.2 (bug #787371)
[wheezy] - wpa <not-affected> (Vulnerable code introduced later)
NOTE: support for fragmentation added in https://w1.fi/cgit/hostap/commit/?id=5ea93947ca67ba83529798b806a15b247cdb2e93
@@ -11855,6 +11879,7 @@
NOTE: http://w1.fi/security/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
CVE-2015-4143 (The EAP-pwd server and peer implementation in hostapd and ...)
+ {DSA-3397-1}
- wpa 2.3-2.2 (bug #787371)
- wpasupplicant <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
- hostapd <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
@@ -11864,7 +11889,7 @@
NOTE: http://w1.fi/security/2015-4/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
CVE-2015-4142 (Integer underflow in the WMM Action frame parser in hostapd 0.5.5 ...)
- {DLA-260-1}
+ {DSA-3397-1 DLA-260-1}
- wpa 2.3-2.2 (bug #787373)
- wpasupplicant <removed>
[squeeze] - wpasupplicant <not-affected> (0.7.0-v2.4 with with specific configurations)
@@ -11873,6 +11898,7 @@
NOTE: http://w1.fi/security/2015-3/integer-underflow-in-ap-mode-wmm-action-frame.txt
NOTE: http://www.openwall.com/lists/oss-security/2015/05/09/5
CVE-2015-4141 (The WPS UPnP function in hostapd, when using WPS AP, and ...)
+ {DSA-3397-1}
- wpa 2.3-2.2 (bug #787372)
- wpasupplicant <removed> (unimportant)
[squeeze] - wpasupplicant <not-affected> (Affects v0.7.0-v2.4 with CONFIG_WPS_ER=y in the build configuration)
@@ -13082,8 +13108,7 @@
[wheezy] - nova <no-dsa> (Minor issue)
NOTE: https://launchpad.net/bugs/1387543
NOTE: Affects: versions through 2014.1.4, and 2014.2 versions through 2014.2.3, and version 2015.1.0
-CVE-2015-3240 [libreswan/openswan: denial of service via IKE daemon restart when receiving a bad DH gx by peer]
- RESERVED
+CVE-2015-3240 (The pluto IKE daemon in libreswan before 3.15 and Openswan before ...)
- openswan <removed>
[squeeze] - openswan <end-of-life> (Not supported in Squeeze LTS)
- libreswan <itp> (bug #773459)
@@ -25467,8 +25492,7 @@
NOT-FOR-US: Revive Adserver
CVE-2014-8874 (The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses ...)
NOT-FOR-US: TYPO3 Extension ke_questionnaire
-CVE-2014-8873 [MIME type registration for JAR files in the Debian OpenJDK packages enable user-initiated remote code execution]
- RESERVED
+CVE-2014-8873 (A .desktop file in the Debian openjdk-7 package 7u79-2.5.5-1~deb8u1 ...)
{DSA-3316-1 DSA-3235-1}
- openjdk-8 8u45-b14-1 (high)
- openjdk-7 7u79-2.5.5-1 (high)
More information about the Secure-testing-commits
mailing list