[Secure-testing-commits] r37742 - data/CVE

Tue Nov 17 21:10:12 UTC 2015

Author: sectracker
Date: 2015-11-17 21:10:12 +0000 (Tue, 17 Nov 2015)
New Revision: 37742

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2015-11-17 19:41:44 UTC (rev 37741)
+++ data/CVE/list	2015-11-17 21:10:12 UTC (rev 37742)
@@ -1,3 +1,15 @@
+CVE-2015-8219 (The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before ...)
+	TODO: check
+CVE-2015-8218 (The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg ...)
+	TODO: check
+CVE-2015-8217 (The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg ...)
+	TODO: check
+CVE-2015-8216 (The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg ...)
+	TODO: check
+CVE-2015-8215 (net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 ...)
+	TODO: check
+CVE-2015-8214
+	RESERVED
 CVE-2015-8213
 	RESERVED
 CVE-2015-8212
@@ -250,6 +262,7 @@
 	NOTE: latex2rtf compiled with -D_FORTIFY_SOURCE=2
 	NOTE: Rendered non-exploitable by toolchain hardening
 CVE-2015-8126 (Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE ...)
+	{DLA-343-1}
 	- libpng <unfixed> (bug #805113)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/11/12/2
 	NOTE: Fixed in 1.6.19, 1.5.24, 1.4.17, 1.2.54, and 1.0.64
@@ -743,6 +756,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2015/10/23/15
 CVE-2015-7981 [read out of bound]
 	RESERVED
+	{DLA-343-1}
 	- libpng <unfixed> (bug #803078)
 	NOTE: http://sourceforge.net/p/libpng/bugs/241/
 	NOTE: http://sourceforge.net/p/libpng/code/ci/fbf0f024346ca0a4ffc64b082a95c6b6bb6d29c4/
@@ -828,8 +842,8 @@
 	TODO: check
 CVE-2015-7898
 	RESERVED
-CVE-2015-7897
-	RESERVED
+CVE-2015-7897 (The media scanning functionality in the face recognition library in ...)
+	TODO: check
 CVE-2015-7896
 	RESERVED
 CVE-2015-7895
@@ -1082,10 +1096,10 @@
 	TODO: check
 CVE-2015-7817 (Race condition in the administration-panel web service in IBM System ...)
 	TODO: check
-CVE-2015-7816
-	RESERVED
-CVE-2015-7815
-	RESERVED
+CVE-2015-7816 (The DisplayTopKeywords function in plugins/Referrers/Controller.php in ...)
+	TODO: check
+CVE-2015-7815 (Directory traversal vulnerability in core/ViewDataTable/Factory.php in ...)
+	TODO: check
 CVE-2015-7814 (Race condition in the relinquish_memory function in arch/arm/domain.c ...)
 	- xen 4.6.0-1
 	NOTE: http://xenbits.xen.org/xsa/advisory-147.html
@@ -1263,11 +1277,11 @@
 CVE-2015-7764
 	RESERVED
 CVE-2015-7763 (rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and ...)
-	{DSA-3387-1}
+	{DSA-3387-1 DLA-342-1}
 	- openafs 1.6.15-1
 	NOTE: https://www.openafs.org/security
 CVE-2015-7762 (rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not ...)
-	{DSA-3387-1}
+	{DSA-3387-1 DLA-342-1}
 	- openafs 1.6.15-1
 	NOTE: https://www.openafs.org/security
 CVE-2015-7761 (Mail in Apple OS X before 10.11 does not properly recognize user ...)
@@ -1370,8 +1384,8 @@
 	RESERVED
 CVE-2015-7714
 	RESERVED
-CVE-2015-7712
-	RESERVED
+CVE-2015-7712 (Multiple eval injection vulnerabilities in ...)
+	TODO: check
 CVE-2015-7711
 	RESERVED
 CVE-2015-7710
@@ -1390,8 +1404,8 @@
 	NOTE: https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6
 CVE-2014-9753
 	RESERVED
-CVE-2014-9752
-	RESERVED
+CVE-2014-9752 (Unrestricted file upload vulnerability in ...)
+	TODO: check
 CVE-2015-XXXX [Double free in coders/pict.c:2000]
 	- imagemagick <unfixed>
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803
@@ -4155,7 +4169,7 @@
 CVE-2015-6588
 	RESERVED
 CVE-2015-6587 (The vlserver in OpenAFS before 1.6.13 allows remote authenticated ...)
-	{DSA-3320-1}
+	{DSA-3320-1 DLA-342-1}
 	- openafs 1.6.13-1
 	NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-006.txt
 CVE-2015-6586
@@ -13231,7 +13245,7 @@
 	- openafs <not-affected> (The Solaris kernel extension in versions through 1.6.12)
 	NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-005.txt
 CVE-2015-3285 (The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the ...)
-	{DSA-3320-1}
+	{DSA-3320-1 DLA-342-1}
 	- openafs 1.6.13-1
 	NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-004.txt
 CVE-2015-3284 (pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read ...)
@@ -13240,11 +13254,11 @@
 	[squeeze] - openafs <not-affected> (Only 1.6.0 trough 1.6.12)
 	NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-003.txt
 CVE-2015-3283 (OpenAFS before 1.6.13 allows remote attackers to spoof bos commands ...)
-	{DSA-3320-1}
+	{DSA-3320-1 DLA-342-1}
 	- openafs 1.6.13-1
 	NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-002.txt
 CVE-2015-3282 (vos in OpenAFS before 1.6.13, when updating VLDB entries, allows ...)
-	{DSA-3320-1}
+	{DSA-3320-1 DLA-342-1}
 	- openafs 1.6.13-1
 	NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-001.txt
 CVE-2015-3281 (The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and ...)
@@ -14657,8 +14671,7 @@
 	- linux-2.6 <removed>
 	NOTE: http://permalink.gmane.org/gmane.linux.kernel.containers/29173
 	NOTE: http://permalink.gmane.org/gmane.linux.kernel.containers/29177
-CVE-2015-2924 [IPv6 Hop limit lowering via RA messages]
-	RESERVED
+CVE-2015-2924 (The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor ...)
 	- network-manager <unfixed> (bug #783295)
 	[squeeze] - network-manager <no-dsa> (Minor issue)
 	[wheezy] - network-manager <no-dsa> (Minor issue)
@@ -76920,6 +76933,7 @@
 CVE-2012-3426 (OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before ...)
 	- keystone 2012.1.1-1
 CVE-2012-3425 (The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before ...)
+	{DLA-343-1}
 	- libpng 1.2.49-1 (low; bug #668082)
 	[squeeze] - libpng <no-dsa> (Minor issue)
 CVE-2012-3424 (The decode_credentials method in ...)


