[Secure-testing-commits] r41121 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sun Apr 24 15:13:52 UTC 2016 

Author: carnil
Date: 2016-04-24 15:13:52 +0000 (Sun, 24 Apr 2016)
New Revision: 41121

Modified:
   data/CVE/list
Log:
Add another batch of CVEs from external check

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-04-24 14:53:32 UTC (rev 41120)
+++ data/CVE/list	2016-04-24 15:13:52 UTC (rev 41121)
@@ -21476,6 +21476,7 @@
 	NOTE: https://www.samba.org/samba/security/CVE-2015-5330.html
 	NOTE: Samba update needs as well fixed ldb
 CVE-2015-5329 (The TripleO Heat templates (tripleo-heat-templates), as used in Red ...)
+	- tripleo-heat-templates <undetermined>
 	TODO: check
 CVE-2015-5328
 	RESERVED
@@ -21599,6 +21600,7 @@
 CVE-2015-5304 (Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does ...)
 	NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
 CVE-2015-5303 (The TripleO Heat templates (tripleo-heat-templates), when deployed via ...)
+	- tripleo-heat-templates <undetermined>
 	TODO: check
 CVE-2015-5302 (libreport 2.0.7 before 2.6.3 only saves changes to the first file when ...)
 	NOT-FOR-US: abrt/libreport
@@ -21698,7 +21700,8 @@
 	RESERVED
 	- foreman <itp> (bug #663101)
 CVE-2015-5281 (The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) ...)
-	TODO: check
+	- grub2 <undetermined>
+	TODO: check, possibly Red Hat specific
 CVE-2015-5280
 	REJECTED
 CVE-2015-5279 (Heap-based buffer overflow in the ne2000_receive function in ...)
@@ -21837,6 +21840,7 @@
 	REJECTED
 CVE-2015-5248
 	RESERVED
+	NOT-FOR-US: Red Hat Mobile
 CVE-2015-5247 (The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows ...)
 	- libvirt 1.2.20-1 (bug #799132)
 	[jessie] - libvirt <not-affected> (Vulnerable code introduced later)
@@ -22503,6 +22507,7 @@
 	TODO: check
 CVE-2015-5041
 	RESERVED
+	NOT-FOR-US: IBM JDK
 CVE-2015-5040 (Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 ...)
 	NOT-FOR-US: IBM Domino
 CVE-2015-5039
@@ -22572,7 +22577,7 @@
 CVE-2015-5007 (Cross-site request forgery (CSRF) vulnerability in IBM WebSphere ...)
 	TODO: check
 CVE-2015-5006 (IBM Java Security Components in IBM SDK, Java Technology Edition 8 ...)
-	TODO: check
+	NOT-FOR-US: IBM JDK
 CVE-2015-5005 (CSPOC in IBM PowerHA SystemMirror on AIX 6.1 and 7.1 allows remote ...)
 	NOT-FOR-US: IBM
 CVE-2015-5004 (The Edge Component Caching Proxy in IBM WebSphere Application Server ...)
@@ -32216,7 +32221,7 @@
 CVE-2015-1773 (Cross-site scripting (XSS) vulnerability in asdoc/templates/index.html ...)
 	- flex-sdk <itp> (bug #602499)
 CVE-2015-1772 (The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and ...)
-	TODO: check
+	NOT-FOR-US: Apache Hive
 CVE-2015-1771 (Cross-site request forgery (CSRF) vulnerability in the web ...)
 	NOT-FOR-US: Microsoft Exchange Server
 CVE-2015-1770 (Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to ...)
@@ -41888,6 +41893,7 @@
 	RESERVED
 CVE-2014-8180
 	RESERVED
+	NOT-FOR-US: Red Hat Satellite
 CVE-2014-8179
 	RESERVED
 	- docker.io 1.8.3~ds1-1
@@ -70524,6 +70530,7 @@
 	NOT-FOR-US: GateIn
 CVE-2013-4423
 	RESERVED
+	NOT-FOR-US: Red Hat CloudForms
 CVE-2013-4422 (SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 ...)
 	- quassel 0.9.1-1
 	[wheezy] - quassel <no-dsa> (Issue only relevant if the Qt 4.8.5 fix would be backported)
@@ -102708,6 +102715,9 @@
 	- linux-2.6 3.0.0-6
 CVE-2011-4076
 	RESERVED
+	- nova <undetermined>
+	NOTE: https://bugs.launchpad.net/nova/+bug/868360
+	TODO: check
 CVE-2011-4075 (The masort function in lib/functions.php in phpLDAPadmin 1.2.x before ...)
 	{DSA-2333-1}
 	- phpldapadmin 1.2.0.5-2.1 (bug #646754)
@@ -140054,8 +140064,12 @@
 	- cups 1.3.10-1
 CVE-2009-0948
 	RESERVED
+	- file <undetermined>
+	TODO: check, should be fixed in 5.01
 CVE-2009-0947
 	RESERVED
+	- file <undetermined>
+	TODO: check, should be fixed in 5.01
 CVE-2009-0946 (Multiple integer overflows in FreeType 2.3.9 and earlier allow remote ...)
 	{DSA-1784-1}
 	- freetype 2.3.9-4.1 (medium; bug #524925)
@@ -145824,6 +145838,7 @@
 	RESERVED
 CVE-2008-5083
 	RESERVED
+	NOT-FOR-US: Red Hat JBoss Operations Network
 CVE-2008-5082 (The verifyProof function in the Token Processing System (TPS) ...)
 	NOT-FOR-US: Red Hat Certificate System
 CVE-2008-5081 (The originates_from_local_legacy_unicast_socket function ...)
@@ -150222,6 +150237,7 @@
 	- brltty <not-affected> (RedHat-specific)
 CVE-2008-3278
 	RESERVED
+	- frysk <removed>
 CVE-2008-3277 (Untrusted search path vulnerability in a certain Red Hat build script ...)
 	- ibutils <not-affected> (RedHat-specific)
 CVE-2008-3276 (Integer overflow in the dccp_setsockopt_change function in ...)
@@ -152000,6 +152016,8 @@
 	NOT-FOR-US: Skype
 CVE-2008-2544
 	RESERVED
+	- linux <undetermined>
+	TODO: check
 CVE-2008-2543 (The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and ...)
 	- asterisk-addons 1.4.7-1 (bug #484796)
 CVE-2008-2542 (Stack-based buffer overflow in the getline function in Ppm/ppm.C in ...)
@@ -166179,6 +166197,8 @@
 	RESERVED
 CVE-2007-3732
 	RESERVED
+	- linux-2.6 2.6.23-1
+	NOTE: Upstream fix: https://git.kernel.org/linus/a10d9a71bafd3a283da240d2868e71346d2aef6f (v2.6.23-rc1)
 CVE-2007-3731 (The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid ...)
 	{DSA-1378-2 DSA-1378-1}
 	- linux-2.6 2.6.23-1

More information about the Secure-testing-commits mailing list