[Secure-testing-commits] r37066 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Oct 9 21:10:12 UTC 2015
Author: sectracker
Date: 2015-10-09 21:10:12 +0000 (Fri, 09 Oct 2015)
New Revision: 37066
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-10-09 20:03:58 UTC (rev 37065)
+++ data/CVE/list 2015-10-09 21:10:12 UTC (rev 37066)
@@ -1,3 +1,117 @@
+CVE-2015-7764
+ RESERVED
+CVE-2015-7763
+ RESERVED
+CVE-2015-7762
+ RESERVED
+CVE-2015-7761 (Mail in Apple OS X before 10.11 does not properly recognize user ...)
+ TODO: check
+CVE-2015-7760 (libxpc in launchd in Apple OS X before 10.11 does not restrict the ...)
+ TODO: check
+CVE-2015-7759
+ RESERVED
+CVE-2015-7757
+ RESERVED
+CVE-2015-7756
+ RESERVED
+CVE-2015-7755
+ RESERVED
+CVE-2015-7754
+ RESERVED
+CVE-2015-7753
+ RESERVED
+CVE-2015-7752
+ RESERVED
+CVE-2015-7751
+ RESERVED
+CVE-2015-7750
+ RESERVED
+CVE-2015-7749
+ RESERVED
+CVE-2015-7748
+ RESERVED
+CVE-2015-7746
+ RESERVED
+CVE-2015-7745
+ RESERVED
+CVE-2015-7744
+ RESERVED
+CVE-2015-7743
+ RESERVED
+CVE-2015-7742
+ RESERVED
+CVE-2015-7741
+ RESERVED
+CVE-2015-7739
+ RESERVED
+CVE-2015-7738
+ RESERVED
+CVE-2015-7737
+ RESERVED
+CVE-2015-7736
+ RESERVED
+CVE-2015-7735
+ RESERVED
+CVE-2015-7734
+ RESERVED
+CVE-2015-7733
+ RESERVED
+CVE-2015-7732
+ RESERVED
+CVE-2015-7731
+ RESERVED
+CVE-2015-7730
+ RESERVED
+CVE-2015-7729
+ RESERVED
+CVE-2015-7728
+ RESERVED
+CVE-2015-7727
+ RESERVED
+CVE-2015-7726
+ RESERVED
+CVE-2015-7725
+ RESERVED
+CVE-2015-7724
+ RESERVED
+CVE-2015-7723
+ RESERVED
+CVE-2015-7722
+ RESERVED
+CVE-2015-7721
+ RESERVED
+CVE-2015-7720
+ RESERVED
+CVE-2015-7719
+ RESERVED
+CVE-2015-7718 (mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before ...)
+ TODO: check
+CVE-2015-7717 (mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before ...)
+ TODO: check
+CVE-2015-7716 (libstagefright in Android 5.x before 5.1.1 LMY48T allows remote ...)
+ TODO: check
+CVE-2015-7715
+ RESERVED
+CVE-2015-7714
+ RESERVED
+CVE-2015-7712
+ RESERVED
+CVE-2015-7711
+ RESERVED
+CVE-2015-7710
+ RESERVED
+CVE-2015-7709 (The arkeiad daemon in the Arkeia Backup Agent in Western Digital ...)
+ TODO: check
+CVE-2015-7708 (Cross-site scripting (XSS) vulnerability in 4images 1.7.11 and earlier ...)
+ TODO: check
+CVE-2015-7707 (Ignite Realtime Openfire 3.10.2 allows remote authenticated users to ...)
+ TODO: check
+CVE-2015-7706
+ RESERVED
+CVE-2014-9753
+ RESERVED
+CVE-2014-9752
+ RESERVED
CVE-2015-XXXX [Double free in coders/pict.c:2000]
- imagemagick <unfixed>
NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803
@@ -22,11 +136,13 @@
NOTE: https://github.com/kvesteri/sqlalchemy-utils/issues/166
TODO: check
CVE-2015-7758 [Uses predictable filenames in /tmp based on basename]
+ RESERVED
- gummi <unfixed> (bug #756432)
[jessie] - gummi <no-dsa> (Minor issue)
[wheezy] - gummi <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/10/08/4
CVE-2008-7315 [Shell escape vulnerability]
+ RESERVED
- libui-dialog-perl <unfixed> (bug #496448)
[jessie] - libui-dialog-perl <no-dsa> (Minor issue)
[wheezy] - libui-dialog-perl <no-dsa> (Minor issue)
@@ -34,11 +150,13 @@
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=107364
NOTE: http://www.openwall.com/lists/oss-security/2015/10/08/2
CVE-2015-7740
+ RESERVED
NOT-FOR-US: ARM Mali GPU driver
CVE-2015-XXXX [arbitrary code execution issues via URLs]
- git 1:2.6.1-1
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/06/1
CVE-2015-7747 [When changing both sample format and number of channels, data gets corrupted; if new sample format smaller than old, possible buffer overflow]
+ RESERVED
- audiofile <unfixed> (bug #801102)
[wheezy] - audiofile <no-dsa> (Minor issue)
[jessie] - audiofile <no-dsa> (Minor issue)
@@ -86,10 +204,10 @@
RESERVED
CVE-2015-7688
RESERVED
-CVE-2015-7685
- RESERVED
-CVE-2015-7684
- RESERVED
+CVE-2015-7685 (GLPI before 0.85.3 allows remote authenticated users to create ...)
+ TODO: check
+CVE-2015-7684 (Unrestricted file upload in GLPI before 0.85.3 allows remote ...)
+ TODO: check
CVE-2015-7683
RESERVED
CVE-2015-7682
@@ -123,6 +241,7 @@
CVE-2014-9748
RESERVED
CVE-2015-7713 [Nova network security group changes are not applied to running instances]
+ RESERVED
- nova <unfixed>
NOTE: <=2014.2.3, >=2015.1.0, <=2015.1.1
NOTE: http://www.openwall.com/lists/oss-security/2015/10/05/10
@@ -326,8 +445,8 @@
NOT-FOR-US: BisonWare BisonFTP
CVE-2015-7601 (Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows ...)
NOT-FOR-US: PCMan's FTP Server
-CVE-2015-7600
- RESERVED
+CVE-2015-7600 (Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for ...)
+ TODO: check
CVE-2015-7599
RESERVED
CVE-2015-7598
@@ -742,8 +861,8 @@
RESERVED
CVE-2015-7393
RESERVED
-CVE-2015-7392
- RESERVED
+CVE-2015-7392 (Heap-based buffer overflow in the parse_string function in ...)
+ TODO: check
CVE-2015-7391
RESERVED
CVE-2015-7390
@@ -908,10 +1027,10 @@
RESERVED
CVE-2015-7324
RESERVED
-CVE-2015-7323
- RESERVED
-CVE-2015-7322
- RESERVED
+CVE-2015-7323 (The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure ...)
+ TODO: check
+CVE-2015-7322 (The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure ...)
+ TODO: check
CVE-2015-7321
RESERVED
CVE-2015-7320 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
@@ -2585,30 +2704,30 @@
RESERVED
CVE-2015-6608
RESERVED
-CVE-2015-6607
- RESERVED
-CVE-2015-6606
- RESERVED
-CVE-2015-6605
- RESERVED
-CVE-2015-6604
- RESERVED
-CVE-2015-6603
- RESERVED
+CVE-2015-6607 (SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows ...)
+ TODO: check
+CVE-2015-6606 (The Secure Element Evaluation Kit (aka SEEK or SmartCard API) plugin ...)
+ TODO: check
+CVE-2015-6605 (mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a ...)
+ TODO: check
+CVE-2015-6604 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
+ TODO: check
+CVE-2015-6603 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
+ TODO: check
CVE-2015-6602 (libutils in Android through 5.1.1 LMY48M allows remote attackers to ...)
NOT-FOR-US: libutils in Android
-CVE-2015-6601
- RESERVED
-CVE-2015-6600
- RESERVED
-CVE-2015-6599
- RESERVED
-CVE-2015-6598
- RESERVED
+CVE-2015-6601 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
+ TODO: check
+CVE-2015-6600 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
+ TODO: check
+CVE-2015-6599 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
+ TODO: check
+CVE-2015-6598 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
+ TODO: check
CVE-2015-6597
RESERVED
-CVE-2015-6596
- RESERVED
+CVE-2015-6596 (mediaserver in Android before 5.1.1 LMY48T allows attackers to gain ...)
+ TODO: check
CVE-2015-6595
RESERVED
CVE-2015-6594
@@ -3268,10 +3387,10 @@
RESERVED
CVE-2015-6312
RESERVED
-CVE-2015-6311
- RESERVED
-CVE-2015-6310
- RESERVED
+CVE-2015-6311 (Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), ...)
+ TODO: check
+CVE-2015-6310 (The REST interface in Cisco Unified Communications Manager IM and ...)
+ TODO: check
CVE-2015-6309 (Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows ...)
TODO: check
CVE-2015-6308 (Cisco NX-OS 6.0(2)U6(0.46) on N3K devices allows remote authenticated ...)
@@ -4211,28 +4330,28 @@
RESERVED
CVE-2015-5924
RESERVED
-CVE-2015-5923
- RESERVED
-CVE-2015-5922
- RESERVED
+CVE-2015-5923 (Apple iOS before 9.0.2 does not properly restrict the options ...)
+ TODO: check
+CVE-2015-5922 (Unspecified vulnerability in International Components for Unicode ...)
+ TODO: check
CVE-2015-5921 (WebKit in Apple iOS before 9 mishandles "Content-Disposition: ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5920 (The Software Update component in Apple iTunes before 12.3 does not ...)
NOT-FOR-US: Apple
-CVE-2015-5919
- RESERVED
-CVE-2015-5918
- RESERVED
-CVE-2015-5917
- RESERVED
+CVE-2015-5919 (GasGauge in Apple watchOS before 2 allows local users to gain ...)
+ TODO: check
+CVE-2015-5918 (GasGauge in Apple watchOS before 2 allows local users to gain ...)
+ TODO: check
+CVE-2015-5917 (The glob implementation in tnftpd (formerly lukemftpd), as used in ...)
+ TODO: check
CVE-2015-5916 (The Apple Pay component in Apple iOS before 9 allows remote terminals ...)
NOT-FOR-US: Apple
-CVE-2015-5915
- RESERVED
-CVE-2015-5914
- RESERVED
-CVE-2015-5913
- RESERVED
+CVE-2015-5915 (Apple OS X before 10.11 does not ensure that the keychain's lock state ...)
+ TODO: check
+CVE-2015-5914 (The EFI component in Apple OS X before 10.11 allows physically ...)
+ TODO: check
+CVE-2015-5913 (Heimdal, as used in Apple OS X before 10.11, allows remote attackers ...)
+ TODO: check
CVE-2015-5912 (The CFNetwork FTPProtocol component in Apple iOS before 9 allows ...)
NOT-FOR-US: Apple
CVE-2015-5911 (Multiple unspecified vulnerabilities in Twisted in Wiki Server in ...)
@@ -4253,84 +4372,84 @@
NOT-FOR-US: Apple
CVE-2015-5903 (The kernel in Apple iOS before 9 allows local users to gain privileges ...)
NOT-FOR-US: Apple
-CVE-2015-5902
- RESERVED
-CVE-2015-5901
- RESERVED
-CVE-2015-5900
- RESERVED
+CVE-2015-5902 (The debugging feature in the kernel in Apple OS X before 10.11 ...)
+ TODO: check
+CVE-2015-5901 (The Secure Empty Trash feature in Finder in Apple OS X before 10.11 ...)
+ TODO: check
+CVE-2015-5900 (The protected range register in the EFI component in Apple OS X before ...)
+ TODO: check
CVE-2015-5899 (libpthread in the kernel in Apple iOS before 9 allows local users to ...)
NOT-FOR-US: Apple
CVE-2015-5898 (CFNetwork in Apple iOS before 9 relies on the hardware UID for its ...)
NOT-FOR-US: Apple
-CVE-2015-5897
- RESERVED
+CVE-2015-5897 (The Address Book framework in Apple OS X before 10.11 allows local ...)
+ TODO: check
CVE-2015-5896 (The kernel in Apple iOS before 9 allows local users to gain privileges ...)
NOT-FOR-US: Apple
CVE-2015-5895 (Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as ...)
NOT-FOR-US: Apple
-CVE-2015-5894
- RESERVED
-CVE-2015-5893
- RESERVED
+CVE-2015-5894 (The X.509 certificate-trust implementation in Apple OS X before 10.11 ...)
+ TODO: check
+CVE-2015-5893 (SMBClient in SMB in Apple OS X before 10.11 allows local users to ...)
+ TODO: check
CVE-2015-5892 (Siri in Apple iOS before 9 allows physically proximate attackers to ...)
NOT-FOR-US: Apple
-CVE-2015-5891
- RESERVED
-CVE-2015-5890
- RESERVED
-CVE-2015-5889
- RESERVED
-CVE-2015-5888
- RESERVED
-CVE-2015-5887
- RESERVED
+CVE-2015-5891 (The SMB implementation in the kernel in Apple OS X before 10.11 allows ...)
+ TODO: check
+CVE-2015-5890 (IOGraphics in Apple OS X before 10.11 allows local users to gain ...)
+ TODO: check
+CVE-2015-5889 (rsh in the remote_cmds component in Apple OS X before 10.11 allows ...)
+ TODO: check
+CVE-2015-5888 (The Install Framework Legacy component in Apple OS X before 10.11 ...)
+ TODO: check
+CVE-2015-5887 (The TLS Handshake Protocol implementation in Secure Transport in Apple ...)
+ TODO: check
CVE-2015-5886
RESERVED
CVE-2015-5885 (The CFNetwork Cookies component in Apple iOS before 9 allows remote ...)
NOT-FOR-US: Apple
-CVE-2015-5884
- RESERVED
-CVE-2015-5883
- RESERVED
+CVE-2015-5884 (The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles ...)
+ TODO: check
+CVE-2015-5883 (The bidirectional text-display and text-selection implementations in ...)
+ TODO: check
CVE-2015-5882 (The processor_set_tasks API implementation in Apple iOS before 9 ...)
NOT-FOR-US: Apple
CVE-2015-5881
- RESERVED
+ REJECTED
CVE-2015-5880 (CoreAnimation in Apple iOS before 9 allows attackers to bypass ...)
NOT-FOR-US: Apple
CVE-2015-5879 (XNU in the kernel in Apple iOS before 9 does not properly validate the ...)
NOT-FOR-US: Apple
-CVE-2015-5878
- RESERVED
-CVE-2015-5877
- RESERVED
+CVE-2015-5878 (Notes in Apple OS X before 10.11 misparses links, which allows local ...)
+ TODO: check
+CVE-2015-5877 (The Intel Graphics Driver component in Apple OS X before 10.11 allows ...)
+ TODO: check
CVE-2015-5876 (dyld in Dev Tools in Apple iOS before 9 allows attackers to execute ...)
NOT-FOR-US: Apple
-CVE-2015-5875
- RESERVED
+CVE-2015-5875 (Cross-site scripting (XSS) vulnerability in Notes in Apple OS X before ...)
+ TODO: check
CVE-2015-5874 (CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote ...)
NOT-FOR-US: Apple
-CVE-2015-5873
- RESERVED
-CVE-2015-5872
- RESERVED
-CVE-2015-5871
- RESERVED
-CVE-2015-5870
- RESERVED
+CVE-2015-5873 (IOGraphics in Apple OS X before 10.11 allows local users to gain ...)
+ TODO: check
+CVE-2015-5872 (IOGraphics in Apple OS X before 10.11 allows local users to gain ...)
+ TODO: check
+CVE-2015-5871 (IOGraphics in Apple OS X before 10.11 allows local users to gain ...)
+ TODO: check
+CVE-2015-5870 (The debugging interfaces in the kernel in Apple OS X before 10.11 ...)
+ TODO: check
CVE-2015-5869 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...)
NOT-FOR-US: Apple
CVE-2015-5868 (The kernel in Apple iOS before 9 allows local users to gain privileges ...)
NOT-FOR-US: Apple
CVE-2015-5867 (IOHIDFamily in Apple iOS before 9 allows attackers to execute ...)
NOT-FOR-US: Apple
-CVE-2015-5866
- RESERVED
-CVE-2015-5865
- RESERVED
-CVE-2015-5864
- RESERVED
+CVE-2015-5866 (IOHIDFamily in Apple OS X before 10.11 allows attackers to execute ...)
+ TODO: check
+CVE-2015-5865 (IOGraphics in Apple OS X before 10.11 allows attackers to obtain ...)
+ TODO: check
+CVE-2015-5864 (IOAudioFamily in Apple OS X before 10.11 allows local users to obtain ...)
+ TODO: check
CVE-2015-5863 (IOStorageFamily in Apple iOS before 9 does not properly initialize an ...)
NOT-FOR-US: Apple
CVE-2015-5862 (The Audio component in Apple iOS before 9 allows remote attackers to ...)
@@ -4349,18 +4468,18 @@
NOT-FOR-US: Apple
CVE-2015-5855 (Apple iOS before 9 allows attackers to discover the e-mail address of ...)
NOT-FOR-US: Apple
-CVE-2015-5854
- RESERVED
-CVE-2015-5853
- RESERVED
+CVE-2015-5854 (The backup implementation in Time Machine in Apple OS X before 10.11 ...)
+ TODO: check
+CVE-2015-5853 (AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers ...)
+ TODO: check
CVE-2015-5852
RESERVED
CVE-2015-5851 (The convenience initializer in the Multipeer Connectivity component in ...)
NOT-FOR-US: Apple
CVE-2015-5850 (AppleKeyStore in Apple iOS before 9 allows physically proximate ...)
NOT-FOR-US: Apple
-CVE-2015-5849
- RESERVED
+CVE-2015-5849 (The filtering implementation in AppleEvents in Apple OS X before 10.11 ...)
+ TODO: check
CVE-2015-5848 (IOAcceleratorFamily in Apple iOS before 9 allows local users to gain ...)
NOT-FOR-US: Apple
CVE-2015-5847 (The Disk Images component in Apple iOS before 9 allows local users to ...)
@@ -4385,24 +4504,24 @@
NOT-FOR-US: Apple
CVE-2015-5837 (PluginKit in Apple iOS before 9 allows attackers to bypass an intended ...)
NOT-FOR-US: Apple
-CVE-2015-5836
- RESERVED
+CVE-2015-5836 (Apple Online Store Kit in Apple OS X before 10.11 improperly validates ...)
+ TODO: check
CVE-2015-5835 (Apple iOS before 9 allows attackers to obtain sensitive information ...)
NOT-FOR-US: Apple
CVE-2015-5834 (IOAcceleratorFamily in Apple iOS before 9 allows attackers to obtain ...)
NOT-FOR-US: Apple
-CVE-2015-5833
- RESERVED
+CVE-2015-5833 (The Login Window component in Apple OS X before 10.11 does not ensure ...)
+ TODO: check
CVE-2015-5832 (The iTunes Store component in Apple iOS before 9 does not properly ...)
NOT-FOR-US: Apple
CVE-2015-5831 (NetworkExtension in the kernel in Apple iOS before 9 does not properly ...)
NOT-FOR-US: Apple
-CVE-2015-5830
- RESERVED
+CVE-2015-5830 (The Intel Graphics Driver component in Apple OS X before 10.11 allows ...)
+ TODO: check
CVE-2015-5829 (Data Detectors Engine in Apple iOS before 9 allows remote attackers to ...)
NOT-FOR-US: Apple
-CVE-2015-5828
- RESERVED
+CVE-2015-5828 (The API in the WebKit Plug-ins component in Apple Safari before 9 does ...)
+ TODO: check
CVE-2015-5827 (WebKit in Apple iOS before 9 allows remote attackers to bypass the ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5826 (WebKit in Apple iOS before 9 does not properly select the cases in ...)
@@ -4497,8 +4616,8 @@
NOT-FOR-US: Apple OS X
CVE-2015-5781 (ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not ...)
NOT-FOR-US: Apple OS X
-CVE-2015-5780
- RESERVED
+CVE-2015-5780 (The Safari Extensions implementation in Apple Safari before 9 does not ...)
+ TODO: check
CVE-2015-5779 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ...)
NOT-FOR-US: Apple OS X
CVE-2015-5778 (CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 ...)
@@ -4845,8 +4964,8 @@
[jessie] - designate <not-affected> (Vulnerable code doesn't exist)
CVE-2015-5688 (Directory traversal vulnerability in lib/app/index.js in Geddy before ...)
NOT-FOR-US: Geddy
-CVE-2015-5687
- RESERVED
+CVE-2015-5687 (system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote ...)
+ TODO: check
CVE-2015-5686
RESERVED
CVE-2015-5685 (The lazy_bdecode function in BitTorrent DHT bootstrap server ...)
@@ -4931,8 +5050,8 @@
TODO: check
CVE-2015-5650 (Directory traversal vulnerability in AjaXplorer 2.0 allows remote ...)
TODO: check
-CVE-2015-5649
- RESERVED
+CVE-2015-5649 (Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles ...)
+ TODO: check
CVE-2015-5648
RESERVED
CVE-2015-5647
@@ -6013,9 +6132,11 @@
NOTE: Jessie's 4.3.5-2 is however missing the upstream patch: http://svn.apache.org/viewvc/httpcomponents/httpclient/branches/4.3.x/httpclient/src/main/java/org/apache/http/conn/ssl/SSLConnectionSocketFactory.java?r1=1560975&r2=1626784
CVE-2015-5261 [host memory access from guest using crafted images]
RESERVED
+ {DSA-3371-1}
- spice 0.12.5-1.3 (bug #801091)
CVE-2015-5260 [Insufficient validation of surface_id parameter can cause crash]
RESERVED
+ {DSA-3371-1}
- spice 0.12.5-1.3 (bug #801089)
CVE-2015-5259
RESERVED
@@ -6496,7 +6617,7 @@
CVE-2015-5129 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.232 on ...)
NOT-FOR-US: Adobe Flash Player
CVE-2015-5128
- RESERVED
+ REJECTED
NOT-FOR-US: Adobe Flash Player
CVE-2015-5127 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 ...)
NOT-FOR-US: Adobe Flash Player
@@ -9736,42 +9857,42 @@
RESERVED
CVE-2015-3881
RESERVED
-CVE-2015-3879
- RESERVED
-CVE-2015-3878
- RESERVED
-CVE-2015-3877
- RESERVED
+CVE-2015-3879 (Media Player Framework in Android before 5.1.1 LMY48T allows attackers ...)
+ TODO: check
+CVE-2015-3878 (Media Projection in Android 5.x before 5.1.1 LMY48T and 6.0 before ...)
+ TODO: check
+CVE-2015-3877 (Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers ...)
+ TODO: check
CVE-2015-3876 (libstagefright in Android through 5.1.1 LMY48M allows remote attackers ...)
NOT-FOR-US: libstagefright in Android
-CVE-2015-3875
- RESERVED
-CVE-2015-3874
- RESERVED
-CVE-2015-3873
- RESERVED
-CVE-2015-3872
- RESERVED
-CVE-2015-3871
- RESERVED
-CVE-2015-3870
- RESERVED
-CVE-2015-3869
- RESERVED
-CVE-2015-3868
- RESERVED
-CVE-2015-3867
- RESERVED
+CVE-2015-3875 (libutils in Android before 5.1.1 LMY48T allows remote attackers to ...)
+ TODO: check
+CVE-2015-3874 (The Sonivox components in Android before 5.1.1 LMY48T allow remote ...)
+ TODO: check
+CVE-2015-3873 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
+ TODO: check
+CVE-2015-3872 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
+ TODO: check
+CVE-2015-3871 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
+ TODO: check
+CVE-2015-3870 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
+ TODO: check
+CVE-2015-3869 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
+ TODO: check
+CVE-2015-3868 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
+ TODO: check
+CVE-2015-3867 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
+ TODO: check
CVE-2015-3866
RESERVED
-CVE-2015-3865
- RESERVED
+CVE-2015-3865 (The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers ...)
+ TODO: check
CVE-2015-3864 (Integer underflow in the MPEG4Extractor::parseChunk function in ...)
NOT-FOR-US: libstagefright in mediaserver in Android
CVE-2015-3863 (Multiple integer overflows in the Blob class in keystore/keystore.cpp ...)
NOT-FOR-US: Keystore in Android
-CVE-2015-3862
- RESERVED
+CVE-2015-3862 (mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a ...)
+ TODO: check
CVE-2015-3861 (Multiple integer overflows in the addVorbisCodecInfo function in ...)
NOT-FOR-US: libstagefright in mediaserver in Android
CVE-2015-3860 (packages/Keyguard/res/layout/keyguard_password_view.xml in Lockscreen ...)
@@ -9800,8 +9921,8 @@
NOT-FOR-US: Region in Android
CVE-2015-3848
RESERVED
-CVE-2015-3847
- RESERVED
+CVE-2015-3847 (Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove ...)
+ TODO: check
CVE-2015-3846
RESERVED
CVE-2015-3845 (The Parcel::appendFrom function in libs/binder/Parcel.cpp in Binder in ...)
@@ -9848,8 +9969,8 @@
RESERVED
CVE-2015-3824 (The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in ...)
NOT-FOR-US: libstagefright in Android
-CVE-2015-3823
- RESERVED
+CVE-2015-3823 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
+ TODO: check
CVE-2015-3822
RESERVED
CVE-2015-3821
@@ -9985,8 +10106,8 @@
NOT-FOR-US: Apple OS X
CVE-2015-3786 (The Bluetooth subsystem in Apple OS X before 10.10.5 does not properly ...)
NOT-FOR-US: Apple OS X
-CVE-2015-3785
- RESERVED
+CVE-2015-3785 (The Telephony component in Apple OS X before 10.11, when the ...)
+ TODO: check
CVE-2015-3784 (Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
NOT-FOR-US: Apple OS X
CVE-2015-3783 (SceneKit in Apple OS X before 10.10.5 allows remote attackers to ...)
More information about the Secure-testing-commits
mailing list