[Secure-testing-commits] r37833 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Nov 23 21:10:16 UTC 2015
Author: sectracker
Date: 2015-11-23 21:10:16 +0000 (Mon, 23 Nov 2015)
New Revision: 37833
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-11-23 19:01:18 UTC (rev 37832)
+++ data/CVE/list 2015-11-23 21:10:16 UTC (rev 37833)
@@ -1,3 +1,37 @@
+CVE-2015-8321
+ RESERVED
+CVE-2015-8319
+ RESERVED
+CVE-2015-8318
+ RESERVED
+CVE-2015-8315
+ RESERVED
+CVE-2015-8314
+ RESERVED
+CVE-2015-8313
+ RESERVED
+CVE-2015-8312
+ RESERVED
+CVE-2015-8311
+ RESERVED
+CVE-2015-8310
+ RESERVED
+CVE-2015-8309
+ RESERVED
+CVE-2015-8307
+ RESERVED
+CVE-2015-8306
+ RESERVED
+CVE-2015-8305
+ RESERVED
+CVE-2015-8304
+ RESERVED
+CVE-2015-8303
+ RESERVED
+CVE-2015-8302
+ RESERVED
+CVE-2015-8301
+ RESERVED
CVE-2015-XXXX [Null pointer dereference when mounting ext4 filesystem]
- linux 2.6.37-1
- linux-2.6 <removed>
@@ -5,9 +39,10 @@
NOTE: https://bugs.openvz.org/browse/OVZ-6541
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1267261
NOTE: Commit fixing the issue: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=744692dc059845b2a3022119871846e74d4f6e11 (v2.6.34-rc1)
-CVE-2015-8320
+CVE-2015-8320 (Apache Cordova-Android before 3.7.0 improperly generates random values ...)
NOT-FOR-US: Apache Cordova
CVE-2015-8316
+ RESERVED
- lightdm <unfixed>
[jessie] - lightdm <not-affected> (Affects 1.14.x, 1.16.x and development 1.17.x)
[wheezy] - lightdm <not-affected> (Affects 1.14.x, 1.16.x and development 1.17.x)
@@ -129,13 +164,14 @@
RESERVED
CVE-2015-8244
RESERVED
-CVE-2009-5149
- RESERVED
+CVE-2009-5149 (Arris DG860A, TG862A, and TG862G devices with firmware ...)
+ TODO: check
CVE-2015-XXXX [Missing bounds checking and verification of data type causes segfault]
- libmaxminddb <unfixed> (bug #805657)
NOTE: https://github.com/maxmind/libmaxminddb/commit/51255f113fe3c7b63ffe957636a7656a3ff9d1ff
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283919
CVE-2015-8308 [X server started without -auth, exposing it to connections form any local user]
+ RESERVED
- lxdm <unfixed> (bug #805659)
NOTE: http://git.lxde.org/gitweb/?p=lxde/lxdm.git;a=commitdiff;h=e8f387089e241360bdc6955d3e479450722dcea3
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1268900
@@ -410,6 +446,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/11/18/9
TODO: check
CVE-2015-8317 [issues in the xmlParseXMLDecl function]
+ RESERVED
- libxml2 2.9.2+zdfsg1-4
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=751631
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f26462a9d8333102e
@@ -1026,10 +1063,10 @@
RESERVED
CVE-2015-7914
RESERVED
-CVE-2015-7913
- RESERVED
-CVE-2015-7912
- RESERVED
+CVE-2015-7913 (ag_server_service.exe in the AggreGate Server Service in Tibbo ...)
+ TODO: check
+CVE-2015-7912 (The Ice Faces servlet in ag_server_service.exe in the AggreGate Server ...)
+ TODO: check
CVE-2015-7911
RESERVED
CVE-2015-7910 (Exemys Telemetry Web Server relies on an HTTP Location header to ...)
@@ -1453,8 +1490,8 @@
RESERVED
CVE-2015-7778
RESERVED
-CVE-2015-7777
- RESERVED
+CVE-2015-7777 (Cross-site scripting (XSS) vulnerability in index.php in JosephErnest ...)
+ TODO: check
CVE-2015-7776
RESERVED
CVE-2015-7775
@@ -2666,12 +2703,12 @@
RESERVED
CVE-2015-7292
RESERVED
-CVE-2015-7291
- RESERVED
-CVE-2015-7290
- RESERVED
-CVE-2015-7289
- RESERVED
+CVE-2015-7291 (Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the ...)
+ TODO: check
+CVE-2015-7290 (Cross-site scripting (XSS) vulnerability in adv_pwd_cgi in the web ...)
+ TODO: check
+CVE-2015-7289 (Arris DG860A, TG862A, and TG862G devices with firmware ...)
+ TODO: check
CVE-2015-7288
RESERVED
CVE-2015-7287
@@ -3266,8 +3303,8 @@
RESERVED
CVE-2015-7037
RESERVED
-CVE-2015-7036
- RESERVED
+CVE-2015-7036 (The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 ...)
+ TODO: check
CVE-2015-7035 (Apple Mac EFI before 2015-002, as used in OS X before 10.11.1 and ...)
TODO: check
CVE-2015-7034 (The Apple iWork application before 2.6 for iOS and Apple Pages before ...)
@@ -4913,10 +4950,10 @@
RESERVED
CVE-2015-6377
RESERVED
-CVE-2015-6376
- RESERVED
-CVE-2015-6375
- RESERVED
+CVE-2015-6376 (Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence ...)
+ TODO: check
+CVE-2015-6375 (The debug-logging (aka debug cns) feature in Cisco Networking Services ...)
+ TODO: check
CVE-2015-6374 (The web interface in Cisco Firepower Extensible Operating System ...)
TODO: check
CVE-2015-6373 (Cross-site request forgery (CSRF) vulnerability in Cisco Firepower ...)
@@ -6126,8 +6163,8 @@
NOT-FOR-US: Apple
CVE-2015-5860 (The CFNetwork HTTPProtocol component in Apple iOS before 9 mishandles ...)
NOT-FOR-US: Apple
-CVE-2015-5859
- RESERVED
+CVE-2015-5859 (The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X ...)
+ TODO: check
CVE-2015-5858 (The CFNetwork HTTPProtocol component in Apple iOS before 9 allows ...)
NOT-FOR-US: Apple
CVE-2015-5857 (Mail in Apple iOS before 9 allows remote attackers to use an ...)
@@ -6270,8 +6307,8 @@
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5788 (The WebKit Canvas implementation in Apple iOS before 9 allows remote ...)
NOT-FOR-US: Apple
-CVE-2015-5787
- RESERVED
+CVE-2015-5787 (The kernel in Apple iOS before 8.4.1 does not properly restrict ...)
+ TODO: check
CVE-2015-5786 (Apple QuickTime before 7.7.8 allows remote attackers to execute ...)
NOT-FOR-US: Apple
CVE-2015-5785 (Apple QuickTime before 7.7.8 allows remote attackers to execute ...)
@@ -7266,8 +7303,7 @@
NOT-FOR-US: Watchguard XCS
CVE-2014-9741 (Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for ...)
NOT-FOR-US: ArcGIS
-CVE-2015-5451
- RESERVED
+CVE-2015-5451 (Cross-site request forgery (CSRF) vulnerability in HP Operations ...)
NOT-FOR-US: HP Operations Orchestration Central
CVE-2015-5450
RESERVED
@@ -7836,7 +7872,7 @@
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142
NOTE: Upstream commit: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=227687
CVE-2015-5275
- RESERVED
+ REJECTED
CVE-2015-5274 (rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows ...)
NOT-FOR-US: OpenShift
CVE-2015-5273
@@ -7913,8 +7949,7 @@
- linux 4.2.1-1
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbb4be652d374f64661137756b8f357a1827d6a4 (v4.3-rc3)
-CVE-2015-5256
- RESERVED
+CVE-2015-5256 (Apache Cordova-Android before 4.1.0, when an application relies on a ...)
NOT-FOR-US: Apache Cordova
CVE-2015-5255 (Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before ...)
TODO: check
@@ -8852,7 +8887,7 @@
CVE-2015-4912 (Unspecified vulnerability in the Oracle Access Manager component in ...)
TODO: check
CVE-2015-4911 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; ...)
- {DSA-3381-1}
+ {DSA-3381-1 DLA-346-1}
- openjdk-6 <removed>
- openjdk-7 7u85-2.6.1-6
- openjdk-8 8u66-b17-1
@@ -8877,7 +8912,7 @@
- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4903 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
- {DSA-3381-1}
+ {DSA-3381-1 DLA-346-1}
- openjdk-6 <removed>
- openjdk-7 7u85-2.6.1-6
- openjdk-8 8u66-b17-1
@@ -8907,7 +8942,7 @@
CVE-2015-4894 (Unspecified vulnerability in the Mobile Server component in Oracle ...)
TODO: check
CVE-2015-4893 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; ...)
- {DSA-3381-1}
+ {DSA-3381-1 DLA-346-1}
- openjdk-6 <removed>
- openjdk-7 7u85-2.6.1-6
- openjdk-8 8u66-b17-1
@@ -8932,17 +8967,17 @@
CVE-2015-4884 (Unspecified vulnerability in the Oracle Application Object Library ...)
NOT-FOR-US: Oracle
CVE-2015-4883 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
- {DSA-3381-1}
+ {DSA-3381-1 DLA-346-1}
- openjdk-6 <removed>
- openjdk-7 7u85-2.6.1-6
- openjdk-8 8u66-b17-1
CVE-2015-4882 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
- {DSA-3381-1}
+ {DSA-3381-1 DLA-346-1}
- openjdk-6 <removed>
- openjdk-7 7u85-2.6.1-6
- openjdk-8 8u66-b17-1
CVE-2015-4881 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
- {DSA-3381-1}
+ {DSA-3381-1 DLA-346-1}
- openjdk-6 <removed>
- openjdk-7 7u85-2.6.1-6
- openjdk-8 8u66-b17-1
@@ -8967,7 +9002,7 @@
CVE-2015-4873 (Unspecified vulnerability in the Database Scheduler component in ...)
TODO: check
CVE-2015-4872 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; ...)
- {DSA-3381-1}
+ {DSA-3381-1 DLA-346-1}
- openjdk-6 <removed>
- openjdk-7 7u85-2.6.1-6
- openjdk-8 8u66-b17-1
@@ -9010,7 +9045,7 @@
- mariadb-10.0 10.0.22-1 (bug #802874)
NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4860 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
- {DSA-3381-1}
+ {DSA-3381-1 DLA-346-1}
- openjdk-6 <removed>
- openjdk-7 7u85-2.6.1-6
- openjdk-8 8u66-b17-1
@@ -9052,17 +9087,17 @@
CVE-2015-4845 (Unspecified vulnerability in the Oracle Application Object Library ...)
NOT-FOR-US: Oracle
CVE-2015-4844 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
- {DSA-3381-1}
+ {DSA-3381-1 DLA-346-1}
- openjdk-6 <removed>
- openjdk-7 7u85-2.6.1-6
- openjdk-8 8u66-b17-1
CVE-2015-4843 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
- {DSA-3381-1}
+ {DSA-3381-1 DLA-346-1}
- openjdk-6 <removed>
- openjdk-7 7u85-2.6.1-6
- openjdk-8 8u66-b17-1
CVE-2015-4842 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
- {DSA-3381-1}
+ {DSA-3381-1 DLA-346-1}
- openjdk-6 <removed>
- openjdk-7 7u85-2.6.1-6
- openjdk-8 8u66-b17-1
@@ -9085,7 +9120,7 @@
- mariadb-10.0 10.0.22-1 (bug #802874)
NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4835 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
- {DSA-3381-1}
+ {DSA-3381-1 DLA-346-1}
- openjdk-6 <removed>
- openjdk-7 7u85-2.6.1-6
- openjdk-8 8u66-b17-1
@@ -9174,19 +9209,19 @@
- mariadb-10.0 <not-affected> (Only on Windows plattform)
NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4806 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
- {DSA-3381-1}
+ {DSA-3381-1 DLA-346-1}
- openjdk-6 <removed>
- openjdk-7 7u85-2.6.1-6
- openjdk-8 8u66-b17-1
CVE-2015-4805 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
- {DSA-3381-1}
+ {DSA-3381-1 DLA-346-1}
- openjdk-6 <removed>
- openjdk-7 7u85-2.6.1-6
- openjdk-8 8u66-b17-1
CVE-2015-4804 (Unspecified vulnerability in the PeopleSoft Enterprise HCM Talent ...)
TODO: check
CVE-2015-4803 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; ...)
- {DSA-3381-1}
+ {DSA-3381-1 DLA-346-1}
- openjdk-6 <removed>
- openjdk-7 7u85-2.6.1-6
- openjdk-8 8u66-b17-1
@@ -9392,7 +9427,7 @@
CVE-2015-4735 (Unspecified vulnerability in the Enterprise Manager for Oracle ...)
NOT-FOR-US: Oracle Database
CVE-2015-4734 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and ...)
- {DSA-3381-1}
+ {DSA-3381-1 DLA-346-1}
- openjdk-6 <removed>
- openjdk-7 7u85-2.6.1-6
- openjdk-8 8u66-b17-1
More information about the Secure-testing-commits
mailing list