[Secure-testing-commits] r37876 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Nov 24 21:10:16 UTC 2015
Author: sectracker
Date: 2015-11-24 21:10:16 +0000 (Tue, 24 Nov 2015)
New Revision: 37876
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-11-24 20:27:58 UTC (rev 37875)
+++ data/CVE/list 2015-11-24 21:10:16 UTC (rev 37876)
@@ -1,3 +1,7 @@
+CVE-2015-8323
+ RESERVED
+CVE-2015-8322
+ RESERVED
CVE-2015-8326 [Use of predictable names for temporary files]
- libiptables-parse-perl 1.6-1
[jessie] - libiptables-parse-perl <no-dsa> (Minor issue)
@@ -47,6 +51,7 @@
CVE-2015-8301
RESERVED
CVE-2015-8324 [Null pointer dereference when mounting ext4 filesystem]
+ RESERVED
- linux 2.6.37-1
- linux-2.6 <removed>
NOTE: http://www.openwall.com/lists/oss-security/2015/11/23/2
@@ -496,11 +501,13 @@
[jessie] - smartmontools <no-dsa> (Minor issue)
CVE-2015-8125 [Potential Remote Timing Attack Vulnerability in Security Remember-Me Service]
RESERVED
+ {DSA-3402-1}
- symfony 2.7.7+dfsg-1
NOTE: http://symfony.com/blog/cve-2015-8125-potential-remote-timing-attack-vulnerability-in-security-remember-me-service
NOTE: https://github.com/symfony/symfony/pull/16630
CVE-2015-8124 [Session Fixation in the "Remember Me" Login Feature]
RESERVED
+ {DSA-3402-1}
- symfony 2.7.7+dfsg-1
NOTE: http://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature
NOTE: https://github.com/symfony/symfony/pull/16631
@@ -636,7 +643,7 @@
NOTE: workaround entry to associate the wheezy- and jessie-security fixes with the
NOTE: corresponding entry with unstable and the hardening change.
- libcommons-collections4-java <unfixed> (unimportant)
- NOTE: severity unimportant since this is a hardening change, actual vulnerability relies in specific
+ NOTE: severity unimportant since this is a hardening change, actual vulnerability relies in specific
NOTE: https://issues.apache.org/jira/browse/COLLECTIONS-580
NOTE: No CVE is expected to be assigned, cf http://www.openwall.com/lists/oss-security/2015/11/17/19
NOTE: Patches for 3.2.x:
@@ -5000,14 +5007,14 @@
RESERVED
CVE-2015-6381
RESERVED
-CVE-2015-6380
- RESERVED
+CVE-2015-6380 (An unspecified script in the web interface in Cisco Firepower ...)
+ TODO: check
CVE-2015-6379
RESERVED
CVE-2015-6378
RESERVED
-CVE-2015-6377
- RESERVED
+CVE-2015-6377 (Cisco Virtual Topology System (VTS) 2.0(0) and 2.0(1) allows remote ...)
+ TODO: check
CVE-2015-6376 (Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence ...)
TODO: check
CVE-2015-6375 (The debug-logging (aka debug cns) feature in Cisco Networking Services ...)
More information about the Secure-testing-commits
mailing list