[Secure-testing-commits] r36823 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Sep 24 21:10:12 UTC 2015
Author: sectracker
Date: 2015-09-24 21:10:12 +0000 (Thu, 24 Sep 2015)
New Revision: 36823
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-09-24 20:16:20 UTC (rev 36822)
+++ data/CVE/list 2015-09-24 21:10:12 UTC (rev 36823)
@@ -1,3 +1,23 @@
+CVE-2015-7336
+ RESERVED
+CVE-2015-7335
+ RESERVED
+CVE-2015-7334
+ RESERVED
+CVE-2015-7333
+ RESERVED
+CVE-2015-7332
+ RESERVED
+CVE-2015-7331
+ RESERVED
+CVE-2015-7330
+ RESERVED
+CVE-2015-7329
+ RESERVED
+CVE-2015-7328
+ RESERVED
+CVE-2015-7327 (Mozilla Firefox before 41.0 does not properly restrict the ...)
+ TODO: check
CVE-2015-7326
RESERVED
CVE-2015-7325
@@ -307,40 +327,33 @@
RESERVED
CVE-2015-7181
RESERVED
-CVE-2015-7180
- RESERVED
+CVE-2015-7180 (The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before ...)
{DSA-3365-1}
- iceweasel 38.3.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/
-CVE-2015-7179
- RESERVED
+CVE-2015-7179 (The VertexBufferInterface::reserveVertexSpace function in libGLES in ...)
- iceweasel <not-affected> (Windows-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-113/
-CVE-2015-7178
- RESERVED
+CVE-2015-7178 (The ProgramBinary::linkAttributes function in libGLES in ANGLE, as ...)
- iceweasel <not-affected> (Windows-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-113/
-CVE-2015-7177
- RESERVED
+CVE-2015-7177 (The InitTextures function in Mozilla Firefox before 41.0 and Firefox ...)
{DSA-3365-1}
- iceweasel 38.3.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/
-CVE-2015-7176
- RESERVED
+CVE-2015-7176 (The AnimationThread function in Mozilla Firefox before 41.0 and ...)
{DSA-3365-1}
- iceweasel 38.3.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/
-CVE-2015-7175
- RESERVED
+CVE-2015-7175 (The XULContentSinkImpl::AddText function in Mozilla Firefox before ...)
{DSA-3365-1}
- iceweasel 38.3.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/
-CVE-2015-7174
- RESERVED
+CVE-2015-7174 (The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before ...)
{DSA-3365-1}
- iceweasel 38.3.0esr-1
[squeeze] - iceweasel <end-of-life>
@@ -825,6 +838,7 @@
- wordpress 4.3.1+dfsg-1 (bug #799140)
NOTE: https://github.com/WordPress/WordPress/commit/f91a5fd10ea7245e5b41e288624819a37adf290a
CVE-2015-7337 [possible remote execution]
+ RESERVED
- ipython <not-affected> (Affects versions 3.0 to 3.2.1)
NOTE: http://www.openwall.com/lists/oss-security/2015/09/16/3
CVE-2015-XXXX [bouncycastle ecc leak]
@@ -1043,7 +1057,6 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/09/11/2
CVE-2015-7312 [Use-after-free in Linux kernel with aufs mmap patch]
RESERVED
- {DSA-3364-1}
- linux <unfixed> (bug #796036)
[jessie] - linux 3.16.7-ckt11-1+deb8u4
[wheezy] - linux <not-affected> (Vulnerable code not present)
@@ -2984,38 +2997,47 @@
CVE-2015-5987
RESERVED
CVE-2015-6241 (The proto_tree_add_bytes_item function in epan/proto.c in the ...)
+ {DSA-3367-1}
- wireshark 1.12.7+g7fc8978-1
[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-21.html
CVE-2015-6242 (The wmem_block_split_free_chunk function in ...)
+ {DSA-3367-1}
- wireshark 1.12.7+g7fc8978-1
[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-22.html
CVE-2015-6243 (The dissector-table implementation in epan/packet.c in Wireshark ...)
+ {DSA-3367-1}
- wireshark 1.12.7+g7fc8978-1
[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-23.html
CVE-2015-6244 (The dissect_zbee_secure function in ...)
+ {DSA-3367-1}
- wireshark 1.12.7+g7fc8978-1
[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-24.html
CVE-2015-6245 (epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in ...)
+ {DSA-3367-1}
- wireshark 1.12.7+g7fc8978-1
[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-25.html
CVE-2015-6246 (The dissect_wa_payload function in epan/dissectors/packet-waveagent.c ...)
+ {DSA-3367-1}
- wireshark 1.12.7+g7fc8978-1
[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-26.html
CVE-2015-6247 (The dissect_openflow_tablemod_v5 function in ...)
+ {DSA-3367-1}
- wireshark 1.12.7+g7fc8978-1
[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-27.html
CVE-2015-6248 (The ptvcursor_add function in the ptvcursor implementation in ...)
+ {DSA-3367-1}
- wireshark 1.12.7+g7fc8978-1
[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-28.html
CVE-2015-6249 (The dissect_wccp2r1_address_table_info function in ...)
+ {DSA-3367-1}
- wireshark 1.12.7+g7fc8978-1
[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-29.html
@@ -6909,40 +6931,34 @@
NOT-FOR-US: EMC Documentum WebTop Client
CVE-2015-4523
RESERVED
-CVE-2015-4522 [Vulnerabilities found through code inspection]
- RESERVED
+CVE-2015-4522 (The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before ...)
{DSA-3365-1}
- iceweasel 38.3.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/
-CVE-2015-4521 [Vulnerabilities found through code inspection]
- RESERVED
+CVE-2015-4521 (The ConvertDialogOptions function in Mozilla Firefox before 41.0 and ...)
{DSA-3365-1}
- iceweasel 38.3.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/
-CVE-2015-4520 [Errors in the handling of CORS preflight request headers]
- RESERVED
+CVE-2015-4520 (Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow ...)
{DSA-3365-1}
- iceweasel 38.3.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-111/
-CVE-2015-4519 [Dragging and dropping images exposes final URL after redirects]
- RESERVED
+CVE-2015-4519 (Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow ...)
{DSA-3365-1}
- iceweasel 38.3.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-110/
CVE-2015-4518
RESERVED
-CVE-2015-4517 [Vulnerabilities found through code inspection]
- RESERVED
+CVE-2015-4517 (NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x ...)
{DSA-3365-1}
- iceweasel 38.3.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/
-CVE-2015-4516 [JavaScript immutable property enforcement can be bypassed]
- RESERVED
+CVE-2015-4516 (Mozilla Firefox before 41.0 allows remote attackers to bypass certain ...)
- iceweasel <not-affected> (Affects only 40.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-109/
CVE-2015-4515
@@ -6951,63 +6967,50 @@
RESERVED
CVE-2015-4513
RESERVED
-CVE-2015-4512 [Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems]
- RESERVED
+CVE-2015-4512 (gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux ...)
- iceweasel <not-affected> (Affects only 40.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-107/
-CVE-2015-4511
- RESERVED
+CVE-2015-4511 (Heap-based buffer overflow in the nestegg_track_codec_data function in ...)
{DSA-3365-1}
- iceweasel 38.3.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-105/
-CVE-2015-4510 [Use-after-free with shared workers and IndexedDB]
- RESERVED
+CVE-2015-4510 (Race condition in the WorkerPrivate::NotifyFeatures function in ...)
- iceweasel <not-affected> (Affects only 40.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-104/
-CVE-2015-4509 [Use-after-free while manipulating HTML media content]
- RESERVED
+CVE-2015-4509 (Use-after-free vulnerability in the HTMLVideoElement interface in ...)
{DSA-3365-1}
- iceweasel 38.3.0esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-106/
-CVE-2015-4508 [URL spoofing in reader mode]
- RESERVED
+CVE-2015-4508 (Mozilla Firefox before 41.0, when reader mode is enabled, allows ...)
- iceweasel <not-affected> (Affects only 40.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-103/
-CVE-2015-4507 [Crash when using debugger with SavedStacks in JavaScript]
- RESERVED
+CVE-2015-4507 (The SavedStacks class in the JavaScript implementation in Mozilla ...)
- iceweasel <not-affected> (Affects only 40.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-102/
-CVE-2015-4506 [Buffer overflow in libvpx while parsing vp9 format video]
- RESERVED
+CVE-2015-4506 (Buffer overflow in the vp9_init_context_buffers function in libvpx, as ...)
{DSA-3365-1}
- iceweasel 38.3.0esr-1
[squeeze] - iceweasel <end-of-life>
- libvpx <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-101/
-CVE-2015-4505 [Arbitrary file manipulation by local user through Mozilla updater]
- RESERVED
+CVE-2015-4505 (updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before ...)
- iceweasel <not-affected> (Windows-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-100/
-CVE-2015-4504 [Out of bounds read in QCMS library with ICC V4 profile attributes]
- RESERVED
+CVE-2015-4504 (The lut_inverse_interp16 function in the QCMS library in Mozilla ...)
- iceweasel <not-affected> (Affects only 40.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-98/
-CVE-2015-4503 [Memory leak in mozTCPSocket to servers]
- RESERVED
+CVE-2015-4503 (The TCP Socket API implementation in Mozilla Firefox before 41.0 ...)
- iceweasel <not-affected> (Affects only 40.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/
-CVE-2015-4502 [Scripted proxies can access inner window]
- RESERVED
+CVE-2015-4502 (js/src/proxy/Proxy.cpp in Mozilla Firefox before 41.0 mishandles ...)
- iceweasel <not-affected> (Affects only 40.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-108/
-CVE-2015-4501 [Miscellaneous memory safety hazards]
- RESERVED
+CVE-2015-4501 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- iceweasel <not-affected> (Affects only 40.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-96/
-CVE-2015-4500 [Miscellaneous memory safety hazards]
- RESERVED
+CVE-2015-4500 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
{DSA-3365-1}
- iceweasel 38.3.0esr-1
[squeeze] - iceweasel <end-of-life>
@@ -7126,8 +7129,7 @@
CVE-2015-4477 (Use-after-free vulnerability in the MediaStream playback feature in ...)
- iceweasel <not-affected> (Only affects Firefox 39)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-81/
-CVE-2015-4476 [Site attribute spoofing on Android by pasting URL with unknown scheme]
- RESERVED
+CVE-2015-4476 (Mozilla Firefox before 41.0 on Android allows user-assisted remote ...)
- iceweasel <not-affected> (Affects only Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-99/
CVE-2015-4475 (The mozilla::AudioSink function in Mozilla Firefox before 40.0 and ...)
More information about the Secure-testing-commits
mailing list