[Secure-testing-commits] r37369 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Oct 27 09:10:11 UTC 2015
Author: sectracker
Date: 2015-10-27 09:10:11 +0000 (Tue, 27 Oct 2015)
New Revision: 37369
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-10-27 08:52:41 UTC (rev 37368)
+++ data/CVE/list 2015-10-27 09:10:11 UTC (rev 37369)
@@ -1,3 +1,11 @@
+CVE-2015-7984
+ RESERVED
+CVE-2015-7983
+ RESERVED
+CVE-2015-7982
+ RESERVED
+CVE-2015-7980
+ RESERVED
CVE-2015-XXXX [Incomplete fix for CVE-2015-6937]
- linux <unfixed>
- linux-2.6 <removed>
@@ -115,6 +123,7 @@
NOTE: Upstream fix: https://dev.icinga.org/projects/icinga-core/repository/revisions/5c816f5d9352c373e9dadb95b63612a96cf96dff
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/23/15
CVE-2015-7981 [read out of bound]
+ RESERVED
- libpng <unfixed> (bug #803078)
[jessie] - libpng <no-dsa> (Minor issue)
[wheezy] - libpng <no-dsa> (Minor issue)
@@ -234,8 +243,7 @@
RESERVED
CVE-2015-7882
RESERVED
-CVE-2015-7881
- RESERVED
+CVE-2015-7881 (The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote ...)
NOT-FOR-US: Colorbox module for Drupal
CVE-2015-7880
RESERVED
@@ -1045,16 +1053,14 @@
RESERVED
CVE-2015-7605
RESERVED
-CVE-2015-7673 [Heap overflow and DoS with a tga file]
- RESERVED
+CVE-2015-7673 (io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its ...)
{DSA-3378-1}
- gdk-pixbuf 2.32.0-1
NOTE: http://www.openwall.com/lists/oss-security/2015/10/01/3
NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=19f9685dbff7d1f929c61cf99188df917a18811d
NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=edf6fb8d856574bc3bb3a703037f56533229267c
NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6ddca835100107e6b5841ce9d56074f6d98c387e
-CVE-2015-7674 [Heap overflow with a gif file]
- RESERVED
+CVE-2015-7674 (Integer overflow in the pixops_scale_nearest function in ...)
{DSA-3378-1}
- gdk-pixbuf 2.32.1-1
NOTE: http://www.openwall.com/lists/oss-security/2015/10/01/4
@@ -1065,8 +1071,7 @@
CVE-2015-7698 (icewind1991 SMB before 1.0.3 allows remote authenticated users to ...)
- php-smb 1.0.3a-1
NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-017
-CVE-2015-7699 [oc-sa-2015-018]
- RESERVED
+CVE-2015-7699 (The files_external app in ownCloud Server before 7.0.9, 8.0.x before ...)
{DSA-3373-1}
- owncloud 7.0.9~dfsg-1
NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-018
@@ -1703,8 +1708,7 @@
RESERVED
CVE-2015-7299 (SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 ...)
TODO: check
-CVE-2015-7298 [Improper validation of certificates when using self-signed certificates]
- RESERVED
+CVE-2015-7298 (ownCloud Desktop Client before 2.0.1, when compiled with a Qt release ...)
- owncloud-client 2.0.0+dfsg-1
[jessie] - owncloud-client <not-affected> (not compiled with a Qt release greater than 5.3.x)
NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-016
@@ -3246,8 +3250,7 @@
NOT-FOR-US: Citrix
CVE-2015-6671
RESERVED
-CVE-2015-6670 [Calendar export: Authorization Bypass Through User-Controlled Key]
- RESERVED
+CVE-2015-6670 (ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before ...)
{DSA-3373-1}
- owncloud 7.0.8~dfsg-1
[experimental] - owncloud-calendar 0.7.3-1
@@ -3672,8 +3675,7 @@
RESERVED
CVE-2015-6501
RESERVED
-CVE-2015-6500 [Information exposure through directory listing]
- RESERVED
+CVE-2015-6500 (Directory traversal vulnerability in ownCloud Server before 8.0.6 and ...)
{DSA-3373-1}
- owncloud 7.0.10~dfsg-2 (bug #800126)
NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-014
@@ -6694,14 +6696,12 @@
[squeeze] - ircd-ratbox <no-dsa> (Slow leak; workaround is available)
NOTE: http://elemental-ircd.com/security/e50b0d59-f3c5-4472-a3cd-e2e07731417c/
TODO: check
-CVE-2015-5289 [stack overflows in json parsing]
- RESERVED
+CVE-2015-5289 (Multiple stack-based buffer overflows in json parsing in PostgreSQL ...)
{DSA-3374-1}
- postgresql-9.4 9.4.5-1
- postgresql-9.1 <not-affected> (no json datatype)
- postgresql-8.4 <not-affected> (no json datatype)
-CVE-2015-5288 [vulnerable to too-short crypt() salts]
- RESERVED
+CVE-2015-5288 (The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, ...)
{DSA-3374-1 DLA-329-1}
- postgresql-9.4 9.4.5-1
- postgresql-9.1 <removed>
@@ -6712,8 +6712,7 @@
[squeeze] - postgresql-8.4 <no-dsa> (minor issue)
CVE-2015-5287
RESERVED
-CVE-2015-5286 [Glance storage overrun]
- RESERVED
+CVE-2015-5286 (OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x ...)
- glance 1:11.0.0-1 (bug #800741)
[wheezy] - glance <no-dsa> (Minor issue)
[jessie] - glance <no-dsa> (Minor issue)
@@ -6860,8 +6859,7 @@
RESERVED
CVE-2015-5252
RESERVED
-CVE-2015-5251 [OSSA-2015-019: Glance image status manipulation]
- RESERVED
+CVE-2015-5251 (OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x ...)
- glance 1:11.0.0-1 (bug #799931)
[wheezy] - glance <no-dsa> (Minor issue)
[jessie] - glance <no-dsa> (Minor issue)
@@ -6976,8 +6974,7 @@
- util-linux 2.27-1 (unimportant)
NOTE: chfn/chsh not built in util-linux in Debian (--disable-chfn-chsh)
NOTE: https://github.com/karelzak/util-linux/commit/bde91c85bdc77975155058276f99d2e0f5eab5a9 (v2.27-rc2)
-CVE-2015-5223 [Information leak via Swift tempurls]
- RESERVED
+CVE-2015-5223 (OpenStack Object Storage (Swift) before 2.4.0 allows attackers to ...)
- swift 2.4.0-1 (bug #797032)
CVE-2015-5222 (Red Hat OpenShift Enterprise 3.0.0.0 does not properly check ...)
NOT-FOR-US: OpenShift
@@ -9142,8 +9139,7 @@
NOTE: Fixed upstream in 0.8.8d
CVE-2015-4457
RESERVED
-CVE-2015-4456 [Improper validation of certificates when using self-signed certificates]
- RESERVED
+CVE-2015-4456 (ownCloud Desktop Client before 1.8.2 does not call ...)
{DSA-3363-1}
- owncloud-client 1.8.4+dfsg-1
NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-009
@@ -9711,8 +9707,7 @@
- linux-2.6 <not-affected> (vulnerable code not present)
NOTE: http://www.openwall.com/lists/oss-security/2015/06/10/6
NOTE: Vulnerable function introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=66450a21f99636af4fafac2afd33f1a40631bc3a (v3.10-rc1)
-CVE-2015-4625 [cookie generator can wrap and two identical cookies could exist; DoS]
- RESERVED
+CVE-2015-4625 (Integer overflow in the authentication_agent_new_cookie function in ...)
[experimental] - policykit-1 0.113-1
- policykit-1 0.105-12 (low; bug #796134)
[jessie] - policykit-1 <no-dsa> (Minor issue)
@@ -12396,8 +12391,7 @@
[wheezy] - haproxy <not-affected> (Affects 1.5.x and 1.6-dev only)
[squeeze] - haproxy <not-affected> (Affects 1.5.x and 1.6-dev only)
NOTE: http://git.haproxy.org/?p=haproxy-1.5.git;a=commitdiff;h=7ec765568883b2d4e5a2796adbeb492a22ec9bd4 (1.5.x)
-CVE-2015-3280 [Nova may fail to delete images in resize state]
- RESERVED
+CVE-2015-3280 (OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before ...)
- nova 1:12.0.0-2 (low; bug #798883)
[jessie] - nova <no-dsa> (Minor issue)
[wheezy] - nova <not-affected> (Affected code introduced later)
@@ -12481,13 +12475,11 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1235385
CVE-2015-3257
RESERVED
-CVE-2015-3256
- RESERVED
+CVE-2015-3256 (PolicyKit (aka polkit) before 0.113 allows local users to cause a ...)
- policykit-1 <not-affected> (The Policykit versions which rely on Javascript/Spidermonkey haven't been uploaded to unstable)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=69501
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=910262#c75
-CVE-2015-3255
- RESERVED
+CVE-2015-3255 (The polkit_backend_action_pool_init function in ...)
[experimental] - policykit-1 0.113-1
- policykit-1 0.105-12 (bug #796134)
[jessie] - policykit-1 <no-dsa> (Minor issue)
@@ -12655,8 +12647,7 @@
[jessie] - horizon <no-dsa> (Minor issue)
[wheezy] - horizon <not-affected> (Vulnerable code not present)
NOTE: 2014.2 versions through 2014.2.3 and version 2015.1.0
-CVE-2015-3218 [crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent]
- RESERVED
+CVE-2015-3218 (The authentication_agent_new function in ...)
[experimental] - policykit-1 0.113-1
- policykit-1 0.105-11 (bug #787932)
[jessie] - policykit-1 <no-dsa> (Minor issue)
@@ -27237,8 +27228,7 @@
NOTE: https://github.com/therealmik/rsync-collision
NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=eac858085e3ac94ec0ab5061d11f52652c90a869
NOTE: https://lists.samba.org/archive/rsync/2015-May/030123.html
-CVE-2014-8242
- RESERVED
+CVE-2014-8242 (librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, ...)
- librsync <unfixed> (low; bug #776246)
[jessie] - librsync <no-dsa> (Minor issue, too instrusive to backport)
[wheezy] - librsync <no-dsa> (Minor issue, too instrusive to backport)
More information about the Secure-testing-commits
mailing list