[Secure-testing-commits] r37786 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Nov 19 21:10:11 UTC 2015
Author: sectracker
Date: 2015-11-19 21:10:11 +0000 (Thu, 19 Nov 2015)
New Revision: 37786
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-11-19 20:54:47 UTC (rev 37785)
+++ data/CVE/list 2015-11-19 21:10:11 UTC (rev 37786)
@@ -1,3 +1,15 @@
+CVE-2015-8243
+ RESERVED
+CVE-2015-8240
+ RESERVED
+CVE-2015-8238
+ RESERVED
+CVE-2015-8237
+ RESERVED
+CVE-2015-8236
+ RESERVED
+CVE-2015-8235
+ RESERVED
CVE-2015-8233 (Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x ...)
TODO: check
CVE-2015-8232 (The UC Profile module 6.x-1.x before 6.x-1.3 for Drupal does not ...)
@@ -27,6 +39,7 @@
CVE-2015-8220 (Stack-based buffer overflow in the URI handler in DWRCC.exe in ...)
TODO: check
CVE-2015-8242 [Buffer overread with HTML parser in push mode in xmlSAX2TextNode]
+ RESERVED
- libxml2 <unfixed> (bug #805146)
[jessie] - libxml2 <not-affected> (Vulnerable code introduced later)
[wheezy] - libxml2 <not-affected> (Vulnerable code introduced later)
@@ -34,6 +47,7 @@
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756372
NOTE: Introduced by: https://git.gnome.org/browse/libxml2/commit/?id=826bc320206f70fccd2941a77d363e95e8076898 (v2.9.2-rc1)
CVE-2015-8241 [Buffer overread with XML parser in xmlNextChar]
+ RESERVED
- libxml2 <unfixed>
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756263
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe
@@ -41,11 +55,13 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/11/17/5
TODO: check versions
CVE-2015-8239 [race condition checking digests/checksums in sudoers]
+ RESERVED
- sudo <unfixed> (bug #805563)
[wheezy] - sudo <not-affected> (Command digests are only supported by version 1.8.7 or higher)
[squeeze] - sudo <not-affected> (Command digests are only supported by version 1.8.7 or higher)
NOTE: http://www.openwall.com/lists/oss-security/2015/11/10/2
CVE-2015-8234 [Use of MD5 in OpenStack Glance image signature]
+ RESERVED
- glance <unfixed>
TODO: check
CVE-2015-8219 (The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before ...)
@@ -242,6 +258,7 @@
CVE-2015-8127
RESERVED
CVE-2013-7446 [Use after free in ep_remove_wait_queue]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1273845
@@ -357,8 +374,8 @@
RESERVED
CVE-2015-8091
RESERVED
-CVE-2015-8090
- RESERVED
+CVE-2015-8090 (The Web Server component in TIBCO LogLogic Unity before 1.1.1 allows ...)
+ TODO: check
CVE-2015-8104 (The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x ...)
- linux <unfixed>
- linux-2.6 <removed>
@@ -456,12 +473,12 @@
RESERVED
CVE-2015-8054
RESERVED
-CVE-2015-8053
- RESERVED
-CVE-2015-8052
- RESERVED
-CVE-2015-8051
- RESERVED
+CVE-2015-8053 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before ...)
+ TODO: check
+CVE-2015-8052 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before ...)
+ TODO: check
+CVE-2015-8051 (The Adobe Premiere Clip app before 1.2.1 for iOS mishandles ...)
+ TODO: check
CVE-2015-8050
RESERVED
CVE-2015-8049
@@ -514,8 +531,7 @@
RESERVED
CVE-2015-8032
RESERVED
-CVE-2015-8035 [DoS if xz enabled]
- RESERVED
+CVE-2015-8035 (The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly ...)
- libxml2 <unfixed> (bug #803942)
[squeeze] - libxml2 <not-affected> (No LZMA/XZ support in version 2.7.8)
NOTE: Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=f0709e3ca8f8947f2d91ed34e92e38a4c23eae63
@@ -544,9 +560,8 @@
RESERVED
CVE-2015-8024
RESERVED
-CVE-2015-8023
- RESERVED
- {DSA-3398-1}
+CVE-2015-8023 (The server implementation of the EAP-MSCHAPv2 protocol in the ...)
+ {DSA-3398-1 DLA-345-1}
- strongswan 5.3.3-3
NOTE: https://www.strongswan.org/blog/2015/11/16/strongswan-vulnerability-%28cve-2015-8023%29.html
CVE-2015-8022
@@ -2750,7 +2765,7 @@
- iceweasel <not-affected> (Affects only Firefox later than 38)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/
CVE-2015-7183 (Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape ...)
- {DSA-3393-1}
+ {DSA-3393-1 DLA-344-1}
- iceweasel 38.4.0esr-1
[squeeze] - iceweasel <end-of-life>
- nspr 2:4.10.10-1
@@ -4739,20 +4754,20 @@
RESERVED
CVE-2015-6375
RESERVED
-CVE-2015-6374
- RESERVED
-CVE-2015-6373
- RESERVED
-CVE-2015-6372
- RESERVED
-CVE-2015-6371
- RESERVED
-CVE-2015-6370
- RESERVED
-CVE-2015-6369
- RESERVED
-CVE-2015-6368
- RESERVED
+CVE-2015-6374 (The web interface in Cisco Firepower Extensible Operating System ...)
+ TODO: check
+CVE-2015-6373 (Cross-site request forgery (CSRF) vulnerability in Cisco Firepower ...)
+ TODO: check
+CVE-2015-6372 (Cross-site scripting (XSS) vulnerability in the web-based management ...)
+ TODO: check
+CVE-2015-6371 (Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower ...)
+ TODO: check
+CVE-2015-6370 (The Management I/O (MIO) component in Cisco Firepower Extensible ...)
+ TODO: check
+CVE-2015-6369 (The USB driver in Cisco Firepower Extensible Operating System ...)
+ TODO: check
+CVE-2015-6368 (Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower ...)
+ TODO: check
CVE-2015-6367 (Cisco Aironet 1800 devices with software 8.1(131.0) allow remote ...)
TODO: check
CVE-2015-6366 (Cisco IOS 15.2(04)M6 and 15.4(03)S lets physical-interface ACLs ...)
@@ -5484,8 +5499,8 @@
RESERVED
CVE-2015-6000
RESERVED
-CVE-2015-5999
- RESERVED
+CVE-2015-5999 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+ TODO: check
CVE-2015-5998 (Impero Education Pro before 5105 relies on the ...)
NOT-FOR-US: Impero Education Pro
CVE-2015-5997 (Impero Education Pro before 5105 uses a hardcoded CBC key and ...)
@@ -7729,12 +7744,11 @@
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbb4be652d374f64661137756b8f357a1827d6a4 (v4.3-rc3)
CVE-2015-5256
RESERVED
-CVE-2015-5255
- RESERVED
+CVE-2015-5255 (Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before ...)
+ TODO: check
CVE-2015-5254
RESERVED
-CVE-2015-5253
- RESERVED
+CVE-2015-5253 (The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before ...)
NOT-FOR-US: Apache CXF
CVE-2015-5252
RESERVED
@@ -8848,8 +8862,8 @@
TODO: check
CVE-2015-4853
RESERVED
-CVE-2015-4852
- RESERVED
+CVE-2015-4852 (The WLS Security component in Oracle WebLogic Server 10.3.6.0, ...)
+ TODO: check
CVE-2015-4851 (Unspecified vulnerability in the Oracle iSupplier Portal component in ...)
NOT-FOR-US: Oracle
CVE-2015-4850 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component ...)
@@ -13146,16 +13160,14 @@
- linux-2.6 <removed>
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b01fc86b9f425899f8a3a8fc1c47d73c2c20543
NOTE: http://www.openwall.com/lists/oss-security/2015/04/20/1
-CVE-2015-7942 [heap-buffer-overflow in xmlParseConditionalSections]
- RESERVED
+CVE-2015-7942 (The xmlParseConditionalSections function in parser.c in libxml2 does ...)
{DLA-334-1}
- libxml2 <unfixed> (bug #802827)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=744980#c8
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756456#c0
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=bd0526e66a56e75a18da8c15c4750db8f801c52d
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=41ac9049a27f52e7a1f3b341f8714149fc88d450
-CVE-2015-7941 [out-of-bounds memory access]
- RESERVED
+CVE-2015-7941 (libxml2 2.9.2 does not properly stop parsing invalid input, which ...)
{DLA-266-1}
- libxml2 2.9.2+really2.9.1+dfsg1-0.1 (bug #783010)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=744980
@@ -19528,6 +19540,7 @@
CVE-2015-1336
RESERVED
CVE-2015-1335 (lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local ...)
+ {DSA-3400-1}
- lxc <unfixed> (bug #800471)
NOTE: https://launchpad.net/bugs/1476662
NOTE: https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be
More information about the Secure-testing-commits
mailing list