[Secure-testing-commits] r37876 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Nov 24 21:10:16 UTC 2015 

Author: sectracker
Date: 2015-11-24 21:10:16 +0000 (Tue, 24 Nov 2015)
New Revision: 37876

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-11-24 20:27:58 UTC (rev 37875)
+++ data/CVE/list	2015-11-24 21:10:16 UTC (rev 37876)
@@ -1,3 +1,7 @@
+CVE-2015-8323
+	RESERVED
+CVE-2015-8322
+	RESERVED
 CVE-2015-8326 [Use of predictable names for temporary files]
 	- libiptables-parse-perl 1.6-1
 	[jessie] - libiptables-parse-perl <no-dsa> (Minor issue)
@@ -47,6 +51,7 @@
 CVE-2015-8301
 	RESERVED
 CVE-2015-8324 [Null pointer dereference when mounting ext4 filesystem]
+	RESERVED
 	- linux 2.6.37-1
 	- linux-2.6 <removed>
 	NOTE: http://www.openwall.com/lists/oss-security/2015/11/23/2
@@ -496,11 +501,13 @@
 	[jessie] - smartmontools <no-dsa> (Minor issue)
 CVE-2015-8125 [Potential Remote Timing Attack Vulnerability in Security Remember-Me Service]
 	RESERVED
+	{DSA-3402-1}
 	- symfony 2.7.7+dfsg-1
 	NOTE: http://symfony.com/blog/cve-2015-8125-potential-remote-timing-attack-vulnerability-in-security-remember-me-service
 	NOTE: https://github.com/symfony/symfony/pull/16630
 CVE-2015-8124 [Session Fixation in the "Remember Me" Login Feature]
 	RESERVED
+	{DSA-3402-1}
 	- symfony 2.7.7+dfsg-1
 	NOTE: http://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature
 	NOTE: https://github.com/symfony/symfony/pull/16631
@@ -636,7 +643,7 @@
 	NOTE: workaround entry to associate the wheezy- and jessie-security fixes with the
 	NOTE: corresponding entry with unstable and the hardening change.
 	- libcommons-collections4-java <unfixed> (unimportant)
-        NOTE: severity unimportant since this is a hardening change, actual vulnerability relies in specific
+	NOTE: severity unimportant since this is a hardening change, actual vulnerability relies in specific
 	NOTE: https://issues.apache.org/jira/browse/COLLECTIONS-580
 	NOTE: No CVE is expected to be assigned, cf http://www.openwall.com/lists/oss-security/2015/11/17/19
 	NOTE: Patches for 3.2.x:
@@ -5000,14 +5007,14 @@
 	RESERVED
 CVE-2015-6381
 	RESERVED
-CVE-2015-6380
-	RESERVED
+CVE-2015-6380 (An unspecified script in the web interface in Cisco Firepower ...)
+	TODO: check
 CVE-2015-6379
 	RESERVED
 CVE-2015-6378
 	RESERVED
-CVE-2015-6377
-	RESERVED
+CVE-2015-6377 (Cisco Virtual Topology System (VTS) 2.0(0) and 2.0(1) allows remote ...)
+	TODO: check
 CVE-2015-6376 (Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence ...)
 	TODO: check
 CVE-2015-6375 (The debug-logging (aka debug cns) feature in Cisco Networking Services ...)

More information about the Secure-testing-commits mailing list