[Secure-testing-commits] r36838 - data/CVE

Michael Gilbert mgilbert at moszumanska.debian.org
Fri Sep 25 20:45:45 UTC 2015 

Author: mgilbert
Date: 2015-09-25 20:45:45 +0000 (Fri, 25 Sep 2015)
New Revision: 36838

Modified:
   data/CVE/list
Log:
nfus and a few already fixed chromium issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-09-25 16:27:12 UTC (rev 36837)
+++ data/CVE/list	2015-09-25 20:45:45 UTC (rev 36838)
@@ -44,7 +44,7 @@
 CVE-2015-7315
 	RESERVED
 CVE-2015-7310 (McAfee Enterprise Security Manager (ESM), Enterprise Security ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2015-7309 (The theme editor in Bolt before 2.2.5 does not check the file ...)
 	TODO: check
 CVE-2015-7314
@@ -194,7 +194,7 @@
 CVE-2015-7244
 	RESERVED
 CVE-2015-7243 (Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Boxoft
 CVE-2015-7242
 	RESERVED
 CVE-2015-7241
@@ -202,11 +202,11 @@
 CVE-2015-7240
 	RESERVED
 CVE-2015-7239 (SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function ...)
-	TODO: check
+	NOT-FOR-US: J2EE
 CVE-2015-7238 (The Secondary server in Threat Intelligence Exchange (TIE) before ...)
-	TODO: check
+	NOT-FOR-US: TIE
 CVE-2015-7237 (Directory traversal vulnerability in the remote log viewing ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2015-7235 (Multiple SQL injection vulnerabilities in dex_reservations.php in the ...)
 	NOT-FOR-US: CP Reservation Calendar plugin for WordPress
 CVE-2015-7234 (The OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF ...)
@@ -760,29 +760,29 @@
 CVE-2015-6974
 	RESERVED
 CVE-2015-6973 (Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite ...)
-	TODO: check
+	NOT-FOR-US: Openfire
 CVE-2015-6972 (Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime ...)
-	TODO: check
+	NOT-FOR-US: Openfire
 CVE-2015-6971
 	RESERVED
 CVE-2015-6970
 	RESERVED
 CVE-2015-6969 (Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 ...)
-	TODO: check
+	NOT-FOR-US: Serendipity
 CVE-2015-6968 (Multiple incomplete blacklist vulnerabilities in the ...)
-	TODO: check
+	NOT-FOR-US: Serendipity
 CVE-2015-6967 (Unrestricted file upload vulnerability in the My Image plugin in ...)
-	TODO: check
+	NOT-FOR-US: Nibbleblog
 CVE-2015-6966 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: Nibbleblog
 CVE-2015-6965 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
-	TODO: check
+	NOT-FOR-US: Contact Form Generator plugin for WordPress
 CVE-2015-6964
 	RESERVED
 CVE-2015-6963
 	RESERVED
 CVE-2015-6962 (SQL injection vulnerability in the web application in Farol allows ...)
-	TODO: check
+	NOT-FOR-US: Farol
 CVE-2015-7236 [remote triggerable use-after-free in rpcbind]
 	RESERVED
 	{DSA-3366-1 DLA-311-1}
@@ -834,7 +834,7 @@
 CVE-2015-6941
 	RESERVED
 CVE-2015-6940 (The GetResource servlet in Pentaho Business Analytics (BA) Suite ...)
-	TODO: check
+	NOT-FOR-US: Pentaho
 CVE-2015-XXXX [ross-site scripting vulnerability in the user list table]
 	- wordpress 4.3.1+dfsg-1 (bug #799140)
 	NOTE: https://github.com/WordPress/WordPress/commit/f91a5fd10ea7245e5b41e288624819a37adf290a
@@ -847,7 +847,7 @@
 	[experimental] - bouncycastle 1.51-1
 	NOTE: http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html
 CVE-2015-6939 (Cross-site scripting (XSS) vulnerability in the login module in ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2015-6936
 	RESERVED
 CVE-2015-6935
@@ -857,7 +857,7 @@
 CVE-2015-6933
 	RESERVED
 CVE-2015-6932 (VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2015-6931
 	RESERVED
 CVE-2014-9745 (The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 ...)
@@ -871,7 +871,7 @@
 CVE-2015-6930
 	RESERVED
 CVE-2015-6929 (Multiple cross-site scripting (XSS) vulnerabilities in Nokia Networks ...)
-	TODO: check
+	NOT-FOR-US: Nokia
 CVE-2015-6928
 	RESERVED
 CVE-2015-6926
@@ -1102,7 +1102,7 @@
 CVE-2015-6829 (Multiple SQL injection vulnerabilities in the getip function in ...)
 	NOT-FOR-US: getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin for WordPress
 CVE-2015-6828 (The tweet_info function in class/__functions.php in the SecureMoz ...)
-	TODO: check
+	NOT-FOR-US: SecureMoz plugin
 CVE-2015-6827 (Cross-site request forgery (CSRF) vulnerability in Auto-Exchanger ...)
 	NOT-FOR-US: Auto-Exchanger
 CVE-2015-6826 (The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in ...)
@@ -1154,9 +1154,9 @@
 CVE-2015-6809 (Multiple cross-site scripting (XSS) vulnerabilities in BEdita before ...)
 	NOT-FOR-US: BEdita
 CVE-2015-6808 (Cross-site scripting (XSS) vulnerability in the Spotlight module ...)
-	TODO: check
+	NOT-FOR-US: Spotlight module for Drupal
 CVE-2015-6807 (Cross-site scripting (XSS) vulnerability in the Mass Contact module ...)
-	TODO: check
+	NOT-FOR-US: Mass Contact module for Drupal
 CVE-2015-6805 (Cross-site scripting (XSS) vulnerability in the MDC Private Message ...)
 	NOT-FOR-US: MDC Private Message plugin for WordPress
 CVE-2015-6830 (libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin ...)
@@ -1548,7 +1548,7 @@
 CVE-2015-6675 (Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP ...)
 	NOT-FOR-US: Siemens RUGGEDCOM ROS
 CVE-2015-6672 (Cross-site scripting (XSS) vulnerability in the Administrative Web ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2015-6671
 	RESERVED
 CVE-2015-6670 [Calendar export: Authorization Bypass Through User-Controlled Key]
@@ -1727,11 +1727,17 @@
 CVE-2015-6585
 	RESERVED
 CVE-2015-6584 (Cross-site scripting (XSS) vulnerability in the DataTables plugin ...)
-	TODO: check
+	NOT-FOR-US: DataTables plugin for jQuery
 CVE-2015-6583 (Google Chrome before 45.0.2454.85 does not display a location bar for ...)
-	TODO: check
+	- chromium-browser 45.0.2454.85-1
+	[jessie] - chromium-browser 45.0.2454.85-1~deb8u1
+	[wheezy] - chromium-browser <end-of-life>
+	[squeeze] - chromium-browser <end-of-life>
 CVE-2015-6582 (The decompose function in platform/transforms/TransformationMatrix.cpp ...)
-	TODO: check
+	- chromium-browser 45.0.2454.85-1
+	[jessie] - chromium-browser 45.0.2454.85-1~deb8u1
+	[wheezy] - chromium-browser <end-of-life>
+	[squeeze] - chromium-browser <end-of-life>
 CVE-2015-6581 (Double free vulnerability in the ...)
 	- openjpeg2 <unfixed>
 	- openjpeg <unfixed>
@@ -1741,7 +1747,10 @@
 	[squeeze] - chromium-browser <end-of-life>
 	TODO: check
 CVE-2015-6580 (Multiple unspecified vulnerabilities in Google V8 before 4.5.103.29, ...)
-	TODO: check
+	- chromium-browser 45.0.2454.85-1
+	[jessie] - chromium-browser 45.0.2454.85-1~deb8u1
+	[wheezy] - chromium-browser <end-of-life>
+	[squeeze] - chromium-browser <end-of-life>
 CVE-2015-6579
 	RESERVED
 CVE-2015-6578

More information about the Secure-testing-commits mailing list