[Secure-testing-commits] r37954 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Nov 27 21:10:11 UTC 2015
Author: sectracker
Date: 2015-11-27 21:10:11 +0000 (Fri, 27 Nov 2015)
New Revision: 37954
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-11-27 18:58:53 UTC (rev 37953)
+++ data/CVE/list 2015-11-27 21:10:11 UTC (rev 37954)
@@ -1,3 +1,64 @@
+CVE-2015-8368
+ RESERVED
+CVE-2015-8367
+ RESERVED
+CVE-2015-8366
+ RESERVED
+CVE-2015-8365 (The smka_decode_frame function in libavcodec/smacker.c in FFmpeg ...)
+ TODO: check
+CVE-2015-8364 (Integer overflow in the ff_ivi_init_planes function in ...)
+ TODO: check
+CVE-2015-8363 (The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in ...)
+ TODO: check
+CVE-2015-8362
+ RESERVED
+CVE-2015-8361
+ RESERVED
+CVE-2015-8360
+ RESERVED
+CVE-2015-8359
+ RESERVED
+CVE-2015-8358
+ RESERVED
+CVE-2015-8357
+ RESERVED
+CVE-2015-8356
+ RESERVED
+CVE-2015-8355
+ RESERVED
+CVE-2015-8354
+ RESERVED
+CVE-2015-8353
+ RESERVED
+CVE-2015-8352
+ RESERVED
+CVE-2015-8351
+ RESERVED
+CVE-2015-8350
+ RESERVED
+CVE-2015-8349
+ RESERVED
+CVE-2015-8348
+ RESERVED
+CVE-2015-8347
+ RESERVED
+CVE-2015-8344
+ RESERVED
+CVE-2015-8343
+ RESERVED
+CVE-2015-8342
+ REJECTED
+ TODO: check
+CVE-2015-8341
+ RESERVED
+CVE-2015-8340
+ RESERVED
+CVE-2015-8339
+ RESERVED
+CVE-2015-8338
+ RESERVED
+CVE-2014-9757
+ RESERVED
CVE-2015-XXXX [information disclosure after file truncate on BTRFS]
- linux <unfixed>
- linux-2.6 <removed>
@@ -32,6 +93,7 @@
- gitlab-shell <not-affected> (Only affects version 2.6.6-2.6.7)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/11/25/5
CVE-2015-8345 [Qemu: net: eepro100: infinite loop in processing command block list]
+ RESERVED
- qemu <unfixed> (bug #806373)
[jessie] - qemu <no-dsa> (Minor issue, can be fixed along in a later DSA)
[wheezy] - qemu <no-dsa> (Minor issue, can be fixed along in a later DSA)
@@ -43,6 +105,7 @@
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg03911.html
NOTE: http://www.openwall.com/lists/oss-security/2015/11/25/3
CVE-2015-8346 [Data disclosure on the time logging form]
+ RESERVED
{DLA-351-1}
- redmine <unfixed> (bug #806376)
NOTE: https://www.redmine.org/projects/redmine/wiki/Changelog_3_0
@@ -518,13 +581,13 @@
CVE-2015-8136
RESERVED
CVE-2015-8135
- RESERVED
+ REJECTED
CVE-2015-8134
- RESERVED
+ REJECTED
CVE-2015-8133
- RESERVED
+ REJECTED
CVE-2015-8132
- RESERVED
+ REJECTED
CVE-2015-8131
RESERVED
- kibana <itp> (bug #700337)
@@ -698,8 +761,7 @@
TODO: check
CVE-2015-8081 (The Field as Block module 7.x-1.x before 7.x-1.4 for Drupal might ...)
TODO: check
-CVE-2015-8103
- RESERVED
+CVE-2015-8103 (The Jenkins CLI subsystem in CloudBees Jenkins before 1.638 and LTS ...)
- jenkins <unfixed> (bug #804522)
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
CVE-2015-XXXX [java unserialisation issues]
@@ -3828,8 +3890,8 @@
RESERVED
CVE-2015-6858
RESERVED
-CVE-2015-6857
- RESERVED
+CVE-2015-6857 (Unspecified vulnerability in Virtual Table Server (VTS) in HP ...)
+ TODO: check
CVE-2015-6856
RESERVED
CVE-2015-6854
@@ -3844,8 +3906,7 @@
RESERVED
CVE-2015-6849
RESERVED
-CVE-2015-6848
- RESERVED
+CVE-2015-6848 (EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and ...)
NOT-FOR-US: EMC
CVE-2015-6847 (The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 ...)
NOT-FOR-US: EMC VPLEX
@@ -5086,8 +5147,8 @@
RESERVED
CVE-2015-6383
RESERVED
-CVE-2015-6382
- RESERVED
+CVE-2015-6382 (Cisco ASR 5000 devices with software 16.0(900) allow remote attackers ...)
+ TODO: check
CVE-2015-6381
RESERVED
CVE-2015-6380 (An unspecified script in the web interface in Cisco Firepower ...)
@@ -7778,44 +7839,34 @@
- linux <not-affected> (Only affected 4.3-rc1 onwards)
- linux-2.6 <not-affected> (Only affected 4.3-rc1 onwards)
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cc25b994acfbc901429da682d0f73c190e960206 (v4.4-rc1)
-CVE-2015-5326
- RESERVED
+CVE-2015-5326 (Cross-site scripting (XSS) vulnerability in the slave overview page in ...)
- jenkins <unfixed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
-CVE-2015-5325
- RESERVED
+CVE-2015-5325 (CloudBees Jenkins before 1.638 and LTS before 1.625.2 allow attackers ...)
- jenkins <unfixed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
-CVE-2015-5324
- RESERVED
+CVE-2015-5324 (CloudBees Jenkins before 1.638 and LTS before 1.625.2 allow remote ...)
- jenkins <unfixed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
-CVE-2015-5323
- RESERVED
+CVE-2015-5323 (CloudBees Jenkins before 1.638 and LTS before 1.625.2 do not properly ...)
- jenkins <unfixed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
-CVE-2015-5322
- RESERVED
+CVE-2015-5322 (Directory traversal vulnerability in CloudBees Jenkins before 1.638 ...)
- jenkins <unfixed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
-CVE-2015-5321
- RESERVED
+CVE-2015-5321 (The sidepanel widgets in the CLI command overview and help pages in ...)
- jenkins <unfixed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
-CVE-2015-5320
- RESERVED
+CVE-2015-5320 (CloudBees Jenkins before 1.638 and LTS before 1.625.2 do not properly ...)
- jenkins <unfixed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
-CVE-2015-5319
- RESERVED
+CVE-2015-5319 (XML external entity (XXE) vulnerability in the create-job CLI command ...)
- jenkins <unfixed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
-CVE-2015-5318
- RESERVED
+CVE-2015-5318 (CloudBees Jenkins before 1.638 and LTS before 1.625.2 uses a publicly ...)
- jenkins <unfixed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
-CVE-2015-5317
- RESERVED
+CVE-2015-5317 (The Fingerprints pages in CloudBees Jenkins before 1.638 and LTS ...)
- jenkins <unfixed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
CVE-2015-5316 [EAP-pwd peer error path failure on unexpected Confirm message]
@@ -7889,8 +7940,8 @@
[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-156.html
-CVE-2015-5306
- RESERVED
+CVE-2015-5306 (OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), ...)
+ TODO: check
CVE-2015-5305 (Directory traversal vulnerability in Kubernetes, as used in Red Hat ...)
- kubernetes <itp> (bug #795652)
CVE-2015-5304
@@ -8149,8 +8200,8 @@
NOTE: Introduced in https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=2d1650900f4d47dc43400d826c0f7e1a7c5229b8 (1.10.11)
CVE-2015-5243
RESERVED
-CVE-2015-5242
- RESERVED
+CVE-2015-5242 (OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict ...)
+ TODO: check
CVE-2015-5241
RESERVED
CVE-2015-5240 (Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before ...)
@@ -39101,8 +39152,7 @@
- jenkins 1.565.3-1 (bug #763899)
CVE-2014-3666 (CloudBees Jenkins before 1.583 and LTS before 1.565.3 allows remote ...)
- jenkins 1.565.3-1 (bug #763899)
-CVE-2014-3665
- RESERVED
+CVE-2014-3665 (CloudBees Jenkins before 1.587 and LTS before 1.580.1 do not properly ...)
- jenkins <unfixed> (bug #767541)
[jessie] - jenkins <no-dsa> (Backport not feasible, insecure feature is documented as such)
NOTE: For jessie, the backport is too intrusive and since it's a cornercase, it's only documented,
More information about the Secure-testing-commits
mailing list