[Secure-testing-commits] r37465 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Fri Oct 30 21:10:12 UTC 2015 

Author: sectracker
Date: 2015-10-30 21:10:11 +0000 (Fri, 30 Oct 2015)
New Revision: 37465

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-10-30 19:46:20 UTC (rev 37464)
+++ data/CVE/list	2015-10-30 21:10:11 UTC (rev 37465)
@@ -1,3 +1,17 @@
+CVE-2015-8031
+	RESERVED
+CVE-2015-8030 (SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to ...)
+	TODO: check
+CVE-2015-8029 (SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to ...)
+	TODO: check
+CVE-2015-8028 (Multiple buffer overflows in SAP 3D Visual Enterprise Viewer (VEV) ...)
+	TODO: check
+CVE-2015-8027
+	RESERVED
+CVE-2015-8024
+	RESERVED
+CVE-2015-8023
+	RESERVED
 CVE-2015-8022
 	RESERVED
 CVE-2015-8021
@@ -35,6 +49,7 @@
 	- cinnamon-settings-daemon <unfixed>
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/28/3
 CVE-2015-8025 [xscreensaver aborts when unpluging second monitor cable when asking password]
+	RESERVED
 	- xscreensaver 5.34-1 (bug #802914)
 	NOTE: http://pkgs.fedoraproject.org/cgit/xscreensaver.git/plain/xscreensaver-5.33-0002-Modify-sigchld_hander-in_signal_hander_p-mechanism.patch?id=b57f59f3482fedf70ce7a3541094e2512290139f
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1274452
@@ -140,23 +155,19 @@
 	RESERVED
 CVE-2015-7973
 	RESERVED
-CVE-2015-7972 [x86: populate-on-demand balloon size inaccuracy can crash guests]
-	RESERVED
+CVE-2015-7972 (The (1) libxl_set_memory_target function in tools/libxl/libxl.c and ...)
 	- xen <unfixed>
 	[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
 	NOTE: http://xenbits.xen.org/xsa/advisory-153.html
-CVE-2015-7971 [x86: some pmu and profiling hypercalls log without rate limiting]
-	RESERVED
+CVE-2015-7971 (Xen 3.2.x through 4.6.x does not limit the number of printk console ...)
 	- xen <unfixed>
 	[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
 	NOTE: http://xenbits.xen.org/xsa/advisory-152.html
-CVE-2015-7970 [x86: Long latency populate-on-demand operation is not preemptible]
-	RESERVED
+CVE-2015-7970 (The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen ...)
 	- xen <unfixed>
 	[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
 	NOTE: http://xenbits.xen.org/xsa/advisory-150.html
-CVE-2015-7969 [leak of main per-domain vcpu pointer array]
-	RESERVED
+CVE-2015-7969 (Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest ...)
 	- xen <unfixed>
 	[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
 	NOTE: http://xenbits.xen.org/xsa/advisory-149.html
@@ -234,6 +245,7 @@
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=0f9e585480ed
 	NOTE: CVE Request: http://openwall.com/lists/oss-security/2015/09/08/2
 CVE-2015-8026 [Heap overflow]
+	RESERVED
 	- exfat-utils 1.2.1-1
 	[jessie] - exfat-utils <no-dsa> (Minor issue)
 	[wheezy] - exfat-utils <no-dsa> (Minor issue)
@@ -370,8 +382,7 @@
 	RESERVED
 CVE-2015-7886
 	RESERVED
-CVE-2015-7899
-	RESERVED
+CVE-2015-7899 (The com_content component in Joomla! 3.x before 3.4.5 does not ...)
 	- joomla <itp> (bug #571794)
 CVE-2015-7883
 	RESERVED
@@ -454,14 +465,11 @@
 	TODO: check
 CVE-2015-7860 (Stack-based buffer overflow in the agent in Persistent Accelerite ...)
 	TODO: check
-CVE-2015-7859
-	RESERVED
+CVE-2015-7859 (The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not ...)
 	- joomla <itp> (bug #571794)
-CVE-2015-7858
-	RESERVED
+CVE-2015-7858 (SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote ...)
 	- joomla <itp> (bug #571794)
-CVE-2015-7857
-	RESERVED
+CVE-2015-7857 (SQL injection vulnerability in the getListQuery function in ...)
 	- joomla <itp> (bug #571794)
 CVE-2015-7856 (OpenNMS has a default password of rtc for the rtc account, which makes ...)
 	TODO: check
@@ -549,6 +557,7 @@
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f05819df10d7b09f6d1eb6f8534a8f68e5a4fe61 (v4.3-rc7)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/10/20/5
 CVE-2015-8013 [predictable session key without knowing the passphrase]
+	RESERVED
 	- libjs-openpgp <itp> (bug #787774)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/10/13/7
 CVE-2015-7840 (The command line management console (CMC) in SolarWinds Log and Event ...)
@@ -561,8 +570,7 @@
 	RESERVED
 CVE-2015-7836 (Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain ...)
 	TODO: check
-CVE-2015-7835 [x86: Uncontrolled creation of large page mappings by PV guests]
-	RESERVED
+CVE-2015-7835 (The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x ...)
 	- xen <unfixed>
 	[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
 	NOTE: http://xenbits.xen.org/xsa/advisory-148.html
@@ -606,14 +614,12 @@
 	RESERVED
 CVE-2015-7815
 	RESERVED
-CVE-2015-7814 [arm: Race between domain destruction and memory allocation decrease]
-	RESERVED
+CVE-2015-7814 (Race condition in the relinquish_memory function in arch/arm/domain.c ...)
 	- xen <unfixed>
 	NOTE: http://xenbits.xen.org/xsa/advisory-147.html
 	[wheezy] - xen <not-affected> (arm not yet supported)
 	[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
-CVE-2015-7813 [arm: various unimplemented hypercalls log without rate limiting]
-	RESERVED
+CVE-2015-7813 (Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk ...)
 	- xen <unfixed>
 	[wheezy] - xen <not-affected> (arm not yet supported)
 	[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
@@ -1078,8 +1084,7 @@
 	NOTE: http://bazaar.launchpad.net/~squid/squid/3.5/revision/13735 (Squid 3.5)
 CVE-2014-9748
 	RESERVED
-CVE-2015-7713 [Nova network security group changes are not applied to running instances]
-	RESERVED
+CVE-2015-7713 (OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before ...)
 	- nova 1:12.0.0-2
 	NOTE: <=2014.2.3, >=2015.1.0, <=2015.1.1
 	NOTE: http://www.openwall.com/lists/oss-security/2015/10/05/10
@@ -1893,8 +1898,7 @@
 	- owncloud-client 2.0.0+dfsg-1
 	[jessie] - owncloud-client <not-affected> (not compiled with a Qt release greater than 5.3.x)
 	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-016
-CVE-2015-7297
-	RESERVED
+CVE-2015-7297 (SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote ...)
 	- joomla <itp> (bug #571794)
 CVE-2015-XXXX [Privilege escalation via core-gui]
 	- core-network <unfixed> (bug #799756)
@@ -4157,24 +4161,24 @@
 	RESERVED
 CVE-2015-6353
 	RESERVED
-CVE-2015-6352
-	RESERVED
-CVE-2015-6351
-	RESERVED
-CVE-2015-6350
-	RESERVED
-CVE-2015-6349
-	RESERVED
-CVE-2015-6348
-	RESERVED
-CVE-2015-6347
-	RESERVED
-CVE-2015-6346
-	RESERVED
-CVE-2015-6345
-	RESERVED
-CVE-2015-6344
-	RESERVED
+CVE-2015-6352 (Cisco Unified Communications Domain Manager before 10.6(1) provides ...)
+	TODO: check
+CVE-2015-6351 (Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices ...)
+	TODO: check
+CVE-2015-6350 (SQL injection vulnerability in the web framework in Cisco Prime ...)
+	TODO: check
+CVE-2015-6349 (Cross-site scripting (XSS) vulnerability in the web interface in the ...)
+	TODO: check
+CVE-2015-6348 (The report-generation web interface in the Solution Engine in Cisco ...)
+	TODO: check
+CVE-2015-6347 (The Solution Engine in Cisco Secure Access Control Server (ACS) ...)
+	TODO: check
+CVE-2015-6346 (Cross-site scripting (XSS) vulnerability in Cisco Secure Access ...)
+	TODO: check
+CVE-2015-6345 (SQL injection vulnerability in the Solution Engine in Cisco Secure ...)
+	TODO: check
+CVE-2015-6344 (The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX ...)
+	TODO: check
 CVE-2015-6343
 	RESERVED
 CVE-2015-6342
@@ -5118,8 +5122,8 @@
 	[wheezy] - typo3-src <end-of-life> (See DSA 3314)
 	[squeeze] - typo3-src <end-of-life> (not supported in squeeze-lts)
 	NOTE: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009/
-CVE-2015-5955
-	RESERVED
+CVE-2015-5955 (ownCloud iOS app before 3.4.4 does not properly switch state between ...)
+	TODO: check
 CVE-2015-5954 (The virtual filesystem in ownCloud Server before 6.0.9, 7.0.x before ...)
 	{DSA-3373-1}
 	- owncloud 7.0.7~dfsg-1
@@ -6859,8 +6863,7 @@
 CVE-2015-5293
 	RESERVED
 	NOT-FOR-US: RHEV
-CVE-2015-5292 [memory leak in the sssd_pac_plugin]
-	RESERVED
+CVE-2015-5292 (Memory leak in the Privilege Attribute Certificate (PAC) responder ...)
 	- sssd 1.13.1-1
 	[jessie] - sssd <no-dsa> (Minor issue; responder not built)
 	NOTE: binary package has the sssd_pac_plugin.so but the responder
@@ -6903,8 +6906,7 @@
 	[wheezy] - glance <no-dsa> (Minor issue)
 	[jessie] - glance <no-dsa> (Minor issue)
 	NOTE: <=2014.2.3, >=2015.1.0, <=2015.1.1
-CVE-2015-5285
-	RESERVED
+CVE-2015-5285 (CRLF injection vulnerability in Kallithea before 0.3 allows remote ...)
 	- kallithea <itp> (bug #689573)
 CVE-2015-5284 [ipa-kra-install includes certificate and private key in world readable file]
 	RESERVED
@@ -12796,8 +12798,7 @@
 	- drupal7 7.38-1
 	- drupal6 <not-affected> (Only affects Drupal 7.x)
 	NOTE: https://www.drupal.org/SA-CORE-2015-002
-CVE-2015-3230 [nsSSL3Ciphers preference not enforced server side (regression)]
-	RESERVED
+CVE-2015-3230 (389 Directory Server (formerly Fedora Directory Server) before ...)
 	- 389-ds-base 1.3.3.12-1 (bug #789202)
 	NOTE: https://fedorahosted.org/389/ticket/48194
 	NOTE: Regression if https://fedorahosted.org/389/ticket/47838 applied

More information about the Secure-testing-commits mailing list