[Secure-testing-commits] r38856 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Mon Jan 11 21:10:13 UTC 2016


Author: sectracker
Date: 2016-01-11 21:10:13 +0000 (Mon, 11 Jan 2016)
New Revision: 38856

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-01-11 18:23:03 UTC (rev 38855)
+++ data/CVE/list	2016-01-11 21:10:13 UTC (rev 38856)
@@ -1,3 +1,33 @@
+CVE-2016-1567
+	RESERVED
+CVE-2016-1566
+	RESERVED
+CVE-2016-1565 (Cross-site scripting (XSS) vulnerability in the Field Group module ...)
+	TODO: check
+CVE-2015-8766 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2015-8765 (Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, ...)
+	TODO: check
+CVE-2015-8761 (The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly ...)
+	TODO: check
+CVE-2015-8760 (The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote ...)
+	TODO: check
+CVE-2015-8759 (Cross-site scripting (XSS) vulnerability in the typoLink function in ...)
+	TODO: check
+CVE-2015-8758 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified ...)
+	TODO: check
+CVE-2015-8757 (Cross-site scripting (XSS) vulnerability in the Extension Manager in ...)
+	TODO: check
+CVE-2015-8756 (Cross-site scripting (XSS) vulnerability in the search result view in ...)
+	TODO: check
+CVE-2015-8755 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified ...)
+	TODO: check
+CVE-2015-8754 (The Mollom module 6.x-2.7 before 6.x-2.15 for Drupal allows remote ...)
+	TODO: check
+CVE-2015-8753 (SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization ...)
+	TODO: check
+CVE-2015-8752
+	RESERVED
 CVE-2016-XXXX [nvram: OOB r/w access in processing firmware configurations]
 	- qemu <unfixed>
 	- qemu-kvm <removed>
@@ -12,6 +42,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/11/4
 	TODO: check versions
 CVE-2016-1569 [gbak with invalid parameter crashes FireBird]
+	RESERVED
 	- firebird2.5 2.5.5.26952.ds4-3 (bug #810599)
 	[jessie] - firebird2.5 <not-affected> (Issue introduced in 2.5.5)
 	[wheezy] - firebird2.5 <not-affected> (Issue introduced in 2.5.5)
@@ -19,6 +50,7 @@
 	NOTE: http://tracker.firebirdsql.org/browse/CORE-5068
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/10/2
 CVE-2016-1568 [ide: ahci use-after-free vulnerability in aio port commands]
+	RESERVED
 	- qemu 1:2.5+dfsg-2 (bug #810527)
 	[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
 	- qemu-kvm <removed>
@@ -152,6 +184,7 @@
 CVE-2016-1495
 	RESERVED
 CVE-2016-1564 [cross-site scripting vulnerability]
+	RESERVED
 	- wordpress 4.4.1+dfsg-1 (bug #810325)
 	[squeeze] - wordpress <not-affected> (Vulnerable code not present)
 	NOTE: https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/
@@ -184,25 +217,21 @@
 	- ruby-rack-attack 4.3.1-1
 	NOTE: https://github.com/kickstarter/rack-attack/commit/76c2e3143099d938883ae5654527b47e9e6a8977
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/07/1
-CVE-2016-1501 [Full installation path disclosure through error message]
-	RESERVED
+CVE-2016-1501 (ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote ...)
 	- owncloud 7.0.12~dfsg-2
 	[jessie] - owncloud <no-dsa> (Minor issue; will be fixed via a pu)
 	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-004
-CVE-2016-1500 [Disclosure of files that begin with ".v" due to unchecked return value]
-	RESERVED
+CVE-2016-1500 (ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before ...)
 	[experimental] - owncloud 8.2.2~dfsg-1
 	- owncloud 7.0.12~dfsg-1
 	[jessie] - owncloud <no-dsa> (Minor issue; will be fixed via a pu)
 	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-003
-CVE-2016-1499 [Information Exposure Through Directory Listing in the file scanner]
-	RESERVED
+CVE-2016-1499 (ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before ...)
 	[experimental] - owncloud 8.2.2~dfsg-1
 	- owncloud 7.0.12~dfsg-2
 	[jessie] - owncloud <no-dsa> (Minor issue; will be fixed via a pu)
 	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-002
-CVE-2016-1498 [Reflected XSS in OCS provider discovery]
-	RESERVED
+CVE-2016-1498 (Cross-site scripting (XSS) vulnerability in the OCS discovery provider ...)
 	[experimental] - owncloud 8.2.2~dfsg-1
 	- owncloud 7.0.12~dfsg-1
 	[jessie] - owncloud <no-dsa> (Minor issue; will be fixed via a pu)
@@ -631,12 +660,15 @@
 	RESERVED
 	- radicale <not-affected> (Only an issue on MS Windows)
 CVE-2015-8764 [one byte buffer overrun]
+	RESERVED
 	- freeradius <not-affected> (Affects 3.0 up to 3.0.8)
 	NOTE: http://freeradius.org/security.html#eap-pwd-2015
 CVE-2015-8763 [commit/confirm message payload length is not validated]
+	RESERVED
 	- freeradius <not-affected> (Affects 3.0 up to 3.0.8)
 	NOTE: http://freeradius.org/security.html#eap-pwd-2015
 CVE-2015-8762 [The EAP-PWD packet length is not checked before the first byte is dereferenced]
+	RESERVED
 	- freeradius <not-affected> (Affects 3.0 up to 3.0.8)
 	NOTE: http://freeradius.org/security.html#eap-pwd-2015
 CVE-2015-8751
@@ -1431,8 +1463,7 @@
 	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2015-6/
 	NOTE: non-issue for Debian-packaged version
-CVE-2015-8668 [libtiff bmp file Heap Overflow]
-	RESERVED
+CVE-2015-8668 (Heap-based buffer overflow in the PackBitsPreEncode function in ...)
 	- tiff <unfixed>
 	- tiff3 <removed>
 	NOTE: http://seclists.org/bugtraq/2015/Dec/138
@@ -1976,8 +2007,7 @@
 	NOTE: https://go-review.googlesource.com/#/c/17672/
 	NOTE: Introduced in 1.5 release. Fixed in 1.5.3 upstream.
 	NOTE: http://www.openwall.com/lists/oss-security/2015/12/21/6
-CVE-2015-8615 [XSA-169: ioreq handling possibly susceptible to multiple read issue]
-	RESERVED
+CVE-2015-8615 (The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 ...)
 	- xen <unfixed>
 	[jessie] - xen <not-affected> (Only affects 4.6)
 	[wheezy] - xen <not-affected> (Only affects 4.6)
@@ -2110,6 +2140,7 @@
 	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=126755
 CVE-2015-8607 [XS File::Spec::canonpath loses taint]
 	RESERVED
+	{DSA-3441-1}
 	- perl <unfixed> (bug #810719)
 	[wheezy] - perl <not-affected> (Introduced in 5.20.0)
 	[squeeze] - perl <not-affected> (Introduced in 5.20.0)
@@ -2134,8 +2165,8 @@
 	RESERVED
 CVE-2015-8598
 	RESERVED
-CVE-2015-8597
-	RESERVED
+CVE-2015-8597 (Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 ...)
+	TODO: check
 CVE-2015-8596
 	RESERVED
 CVE-2015-8595
@@ -2146,8 +2177,7 @@
 	RESERVED
 CVE-2015-8592
 	RESERVED
-CVE-2015-8612 [blueman local privilege escalation]
-	RESERVED
+CVE-2015-8612 (The EnableNetwork method in the Network class in ...)
 	{DSA-3427-1}
 	- blueman 2.0.3-1
 	[squeeze] - blueman <not-affected> (vulnerable code not present)
@@ -2701,8 +2731,7 @@
 	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commit;h=156a2e4dbffa85997636a7a39ef12da6f1b40254
 	NOTE: http://www.openwall.com/lists/oss-security/2015/12/14/9
-CVE-2015-8557 [Shell Injection in Pygments FontManager._get_nix_font_path]
-	RESERVED
+CVE-2015-8557 (The FontManager._get_nix_font_path function in formatters/img.py in ...)
 	{DLA-369-1}
 	- pygments 2.0.1+dfsg-2 (bug #802828)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1276321
@@ -2749,8 +2778,7 @@
 	NOTE: https://github.com/mikel/mail/commit/72befdc4dab3e6e288ce226a7da2aa474cf5be83
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/12/11/3
 	NOTE: Fixed in 2.6.0
-CVE-2015-8547 [quassel: op command denial of service issue]
-	RESERVED
+CVE-2015-8547 (The CoreUserInputHandler::doMode function in ...)
 	- quassel 1:0.12.2-3 (bug #807801)
 	[jessie] - quassel <no-dsa> (Minor issue; can be fixed via a point release)
 	[wheezy] - quassel <not-affected> (Vulnerable code not present)
@@ -3842,12 +3870,12 @@
 	RESERVED
 CVE-2015-8513
 	RESERVED
-CVE-2015-8512
-	RESERVED
-CVE-2015-8511
-	RESERVED
-CVE-2015-8510
-	RESERVED
+CVE-2015-8512 (The lockscreen feature in Mozilla Firefox OS before 2.5 does not ...)
+	TODO: check
+CVE-2015-8511 (Race condition in the lockscreen feature in Mozilla Firefox OS before ...)
+	TODO: check
+CVE-2015-8510 (Cross-site scripting (XSS) vulnerability in the internationalization ...)
+	TODO: check
 CVE-2015-8509 (Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and ...)
 	- bugzilla4 <itp> (bug #669643)
 CVE-2015-8508 (Cross-site scripting (XSS) vulnerability in showdependencygraph.cgi in ...)
@@ -3902,8 +3930,8 @@
 	RESERVED
 CVE-2015-8482 (Blue Coat Unified Agent before 4.6.2 does not prevent modification of ...)
 	NOT-FOR-US: Blue Coat Unified Agent
-CVE-2015-8481
-	RESERVED
+CVE-2015-8481 (Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA ...)
+	TODO: check
 CVE-2015-8504 [vnc: avoid floating point exception]
 	RESERVED
 	- qemu 1:2.5+dfsg-1 (bug #808130)
@@ -4572,8 +4600,8 @@
 	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4210
 	NOTE: https://github.com/proftpd/proftpd/pull/171
 	TODO: check
-CVE-2015-8376
-	RESERVED
+CVE-2015-8376 (Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS ...)
+	TODO: check
 CVE-2015-8373 (The kea-dhcp4 and kea-dhcp6 servers 0.9.2 and 1.0.0-beta in ISC Kea, ...)
 	- isc-kea-dhcp-server <itp> (bug #759703)
 CVE-2015-8372
@@ -4841,8 +4869,8 @@
 	RESERVED
 CVE-2015-8304
 	RESERVED
-CVE-2015-8303
-	RESERVED
+CVE-2015-8303 (Huawei Document Security Management (DSM) with software before ...)
+	TODO: check
 CVE-2015-8302
 	RESERVED
 CVE-2015-8301
@@ -5028,10 +5056,10 @@
 	NOT-FOR-US: Huawai
 CVE-2015-8227 (The built-in web server in Huawei VP9660 multi-point control unit with ...)
 	NOT-FOR-US: Huawai
-CVE-2015-8226
-	RESERVED
-CVE-2015-8225
-	RESERVED
+CVE-2015-8226 (The Joint Photographic Experts Group Processing Unit (JPU) driver in ...)
+	TODO: check
+CVE-2015-8225 (The Joint Photographic Experts Group Processing Unit (JPU) driver in ...)
+	TODO: check
 CVE-2015-8224
 	RESERVED
 CVE-2015-8223
@@ -5912,10 +5940,10 @@
 	- libpng 1.2.54-1 (bug #803078)
 	NOTE: http://sourceforge.net/p/libpng/bugs/241/
 	NOTE: http://sourceforge.net/p/libpng/code/ci/fbf0f024346ca0a4ffc64b082a95c6b6bb6d29c4/
-CVE-2015-7939
-	RESERVED
-CVE-2015-7938
-	RESERVED
+CVE-2015-7939 (Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before ...)
+	TODO: check
+CVE-2015-7938 (Advantech EKI-132x devices with firmware before 2015-12-31 allow ...)
+	TODO: check
 CVE-2015-7937 (Stack-based buffer overflow in the GoAhead Web Server on Schneider ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2015-7936 (Cross-site request forgery (CSRF) vulnerability in Motorola Solutions ...)
@@ -6458,8 +6486,8 @@
 	NOT-FOR-US: Juniper ScreenOS
 CVE-2015-7755 (Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, ...)
 	NOT-FOR-US: Juniper ScreenOS
-CVE-2015-7754
-	RESERVED
+CVE-2015-7754 (Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and ...)
+	TODO: check
 CVE-2015-7753
 	RESERVED
 CVE-2015-7752 (The SSH server in Juniper Junos OS before 12.1X44-D50, 12.1X46 before ...)
@@ -6597,8 +6625,7 @@
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/06/7
 	NOTE: https://github.com/kvesteri/sqlalchemy-utils/issues/166
 	TODO: check
-CVE-2015-7758 [Uses predictable filenames in /tmp based on basename]
-	RESERVED
+CVE-2015-7758 (Gummi 0.6.5 allows local users to write to arbitrary files via a ...)
 	- gummi 0.6.5-6 (bug #756432)
 	[jessie] - gummi <no-dsa> (Minor issue)
 	[wheezy] - gummi <no-dsa> (Minor issue)
@@ -6992,8 +7019,7 @@
 	RESERVED
 CVE-2015-7576
 	RESERVED
-CVE-2015-7575 [MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature]
-	RESERVED
+CVE-2015-7575 (Mozilla Network Security Services (NSS) before 3.20.2, as used in ...)
 	{DSA-3437-1 DSA-3436-1}
 	- iceweasel 43.0.2-1
 	[squeeze] - iceweasel <end-of-life>
@@ -7061,8 +7087,7 @@
 CVE-2015-7555 [Heap-based buffer overflow in giffix utility]
 	RESERVED
 	- giflib <unfixed> (bug #808704)
-CVE-2015-7554 [invalid write in _TIFFVGetField() when parsing some extension tags]
-	RESERVED
+CVE-2015-7554 (The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows ...)
 	- tiff <unfixed> (bug #809066)
 	- tiff3 <removed>
 	NOTE: http://www.openwall.com/lists/oss-security/2015/12/26/7
@@ -7118,8 +7143,8 @@
 	NOTE: https://quickgit.kde.org/?p=kdelibs.git&a=blobdiff&h=8c0f6401271c495c68e340e06b09239eb755ce5e&hp=45b72f0d5c3421b571e9515497352a0a9942a075&hb=cc5515ed7ce8884c9b18169158ba29ab2f7a3db7&f=kinit%2Flnusertemp.c
 CVE-2015-7542
 	RESERVED
-CVE-2015-7541
-	RESERVED
+CVE-2015-7541 (The initialize method in the Histogram class in ...)
+	TODO: check
 CVE-2015-7540 (The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 ...)
 	{DSA-3433-1}
 	- samba 2:4.1.22+dfsg-1
@@ -7169,8 +7194,7 @@
 	RESERVED
 CVE-2015-7520
 	RESERVED
-CVE-2015-7519 [Header overwriting issue]
-	RESERVED
+CVE-2015-7519 (agent/Core/Controller/SendRequest.cpp in Phusion Passenger before ...)
 	- passenger 5.0.22-1 (bug #807354)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=956281
 	NOTE: https://github.com/phusion/passenger/commit/ddb8ecc4ebf260e4967f57f271d4f5761abeac3e
@@ -7193,8 +7217,7 @@
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
 	NOTE:  https://git.kernel.org/linus/0185604c2d82c560dab2f2933a18f797e74ab5a8 (v4.4-rc7)
-CVE-2015-7512 [net: pcnet: buffer overflow in non-loopback mode]
-	RESERVED
+CVE-2015-7512 (Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in ...)
 	- qemu 1:2.5+dfsg-1 (bug #806741)
 	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
 	- qemu-kvm <removed>
@@ -7344,10 +7367,10 @@
 	RESERVED
 CVE-2015-7467
 	RESERVED
-CVE-2015-7466
-	RESERVED
-CVE-2015-7465
-	RESERVED
+CVE-2015-7466 (Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 ...)
+	TODO: check
+CVE-2015-7465 (Cross-site request forgery (CSRF) vulnerability in Lifecycle Query ...)
+	TODO: check
 CVE-2015-7464
 	RESERVED
 CVE-2015-7463
@@ -7478,12 +7501,12 @@
 	RESERVED
 CVE-2015-7400 (The Lotus Mashups component in IBM Mashup Center 3.0.0.1 allows remote ...)
 	TODO: check
-CVE-2015-7399
-	RESERVED
+CVE-2015-7399 (IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and ...)
+	TODO: check
 CVE-2015-7398
 	RESERVED
-CVE-2015-7397
-	RESERVED
+CVE-2015-7397 (Multiple open redirect vulnerabilities in the Aurora starter store in ...)
+	TODO: check
 CVE-2015-7396 (The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 ...)
 	TODO: check
 CVE-2015-7395 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 ...)
@@ -7560,8 +7583,8 @@
 	NOT-FOR-US: Revive Adserver
 CVE-2015-7363
 	RESERVED
-CVE-2015-7362
-	RESERVED
+CVE-2015-7362 (Fortinet FortiClient Linux SSLVPN before build 2313, when installed on ...)
+	TODO: check
 CVE-2015-7361 (FortiOS 5.2.3, when configured to use High Availability (HA) and the ...)
 	NOT-FOR-US: FortiOS
 CVE-2015-7360
@@ -7639,8 +7662,7 @@
 	RESERVED
 CVE-2015-7329
 	RESERVED
-CVE-2015-7328
-	RESERVED
+CVE-2015-7328 (Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and ...)
 	- puppet <not-affected> (Only affects Puppet Enterprise)
 CVE-2015-7327 (Mozilla Firefox before 41.0 does not properly restrict the ...)
 	- iceweasel <not-affected> (Windows-specific)
@@ -8242,12 +8264,12 @@
 	RESERVED
 CVE-2015-7118
 	RESERVED
-CVE-2015-7117
-	RESERVED
-CVE-2015-7116
-	RESERVED
-CVE-2015-7115
-	RESERVED
+CVE-2015-7117 (Apple QuickTime before 7.7.9 allows remote attackers to execute ...)
+	TODO: check
+CVE-2015-7116 (libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before ...)
+	TODO: check
+CVE-2015-7115 (libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before ...)
+	TODO: check
 CVE-2015-7114
 	RESERVED
 CVE-2015-7113 (The LaunchServices component in Apple iOS before 9.2 and watchOS ...)
@@ -8292,22 +8314,22 @@
 	NOT-FOR-US: Apple
 CVE-2015-7093 (Safari in Apple iOS before 9.2 allows remote attackers to spoof a URL ...)
 	NOT-FOR-US: Apple
-CVE-2015-7092
-	RESERVED
-CVE-2015-7091
-	RESERVED
-CVE-2015-7090
-	RESERVED
-CVE-2015-7089
-	RESERVED
-CVE-2015-7088
-	RESERVED
-CVE-2015-7087
-	RESERVED
-CVE-2015-7086
-	RESERVED
-CVE-2015-7085
-	RESERVED
+CVE-2015-7092 (Apple QuickTime before 7.7.9 allows remote attackers to execute ...)
+	TODO: check
+CVE-2015-7091 (Apple QuickTime before 7.7.9 allows remote attackers to execute ...)
+	TODO: check
+CVE-2015-7090 (Apple QuickTime before 7.7.9 allows remote attackers to execute ...)
+	TODO: check
+CVE-2015-7089 (Apple QuickTime before 7.7.9 allows remote attackers to execute ...)
+	TODO: check
+CVE-2015-7088 (Apple QuickTime before 7.7.9 allows remote attackers to execute ...)
+	TODO: check
+CVE-2015-7087 (Apple QuickTime before 7.7.9 allows remote attackers to execute ...)
+	TODO: check
+CVE-2015-7086 (Apple QuickTime before 7.7.9 allows remote attackers to execute ...)
+	TODO: check
+CVE-2015-7085 (Apple QuickTime before 7.7.9 allows remote attackers to execute ...)
+	TODO: check
 CVE-2015-7084 (The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before ...)
 	NOT-FOR-US: Apple
 CVE-2015-7083 (The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before ...)
@@ -8428,8 +8450,8 @@
 	RESERVED
 CVE-2015-7025
 	RESERVED
-CVE-2015-7024
-	RESERVED
+CVE-2015-7024 (Untrusted search path vulnerability in Apple OS X before 10.11.1 ...)
+	TODO: check
 CVE-2015-7023 (CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not ...)
 	NOT-FOR-US: Apple
 CVE-2015-7022 (The Telephony subsystem in Apple iOS before 9.1 allows attackers to ...)
@@ -8516,8 +8538,8 @@
 	NOT-FOR-US: Apple
 CVE-2015-6981 (WebKit, as used in Apple iOS before 9.1, allows remote attackers to ...)
 	NOT-FOR-US: Apple
-CVE-2015-6980
-	RESERVED
+CVE-2015-6980 (Directory Utility in Apple OS X before 10.11.1 mishandles ...)
+	TODO: check
 CVE-2015-6979 (GasGauge in Apple iOS before 9.1 allows attackers to execute arbitrary ...)
 	NOT-FOR-US: Apple
 CVE-2015-6978 (FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows ...)
@@ -8632,8 +8654,8 @@
 	RESERVED
 CVE-2015-6934 (Serialized-object interfaces in VMware vRealize Orchestrator 6.x, ...)
 	TODO: check
-CVE-2015-6933
-	RESERVED
+CVE-2015-6933 (The VMware Tools HGFS (aka Shared Folders) implementation in VMware ...)
+	TODO: check
 CVE-2015-6932 (VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify ...)
 	NOT-FOR-US: VMware
 CVE-2015-6931
@@ -8792,8 +8814,8 @@
 	NOT-FOR-US: HP Insight Control
 CVE-2015-6857 (Unspecified vulnerability in Virtual Table Server (VTS) in HP ...)
 	NOT-FOR-US: HP Performance Center
-CVE-2015-6856
-	RESERVED
+CVE-2015-6856 (Dell Pre-Boot Authentication Driver (PBADRV.sys) 1.0.1.5 allows local ...)
+	TODO: check
 CVE-2015-6854
 	RESERVED
 CVE-2015-6853
@@ -12160,7 +12182,7 @@
 CVE-2015-5603 (The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows ...)
 	NOT-FOR-US: HipChat plugin
 CVE-2015-5602 (sudoedit in Sudo before 1.8.15 allows local users to gain privileges ...)
-	{DLA-382-1}
+	{DSA-3440-1 DLA-382-1}
 	- sudo 1.8.15-1.1 (bug #804149)
 	NOTE: http://bugzilla.sudo.ws/show_bug.cgi?id=707
 	NOTE: http://www.sudo.ws/repos/sudo/rev/9636fd256325
@@ -13281,8 +13303,7 @@
 	RESERVED
 	{DSA-3371-1}
 	- spice 0.12.5-1.3 (bug #801089)
-CVE-2015-5259 [Remotely triggerable heap overflow and out-of-bounds read caused by integer overflow in the svn:// protocol parser]
-	RESERVED
+CVE-2015-5259 (Integer overflow in the read_string function in ...)
 	- subversion 1.9.3-1
 	[jessie] - subversion <not-affected> (Only affects 1.9.0 through 1.9.2 (inclusive))
 	[wheezy] - subversion <not-affected> (Only affects 1.9.0 through 1.9.2 (inclusive))
@@ -13299,8 +13320,7 @@
 	NOT-FOR-US: Apache Cordova
 CVE-2015-5255 (Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before ...)
 	TODO: check
-CVE-2015-5254 [Unsafe deserialization]
-	RESERVED
+CVE-2015-5254 (Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that ...)
 	- activemq <unfixed> (bug #809733)
 	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt
 	NOTE: https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=6f03921b31d9fefeddb0f4fa63150ed1f94a14b1 (5.11.x)
@@ -14886,8 +14906,8 @@
 CVE-2015-4697
 	RESERVED
 	NOT-FOR-US: WordPress plugin google-analyticator
-CVE-2015-4694
-	RESERVED
+CVE-2015-4694 (Directory traversal vulnerability in download.php in the Zip ...)
+	TODO: check
 CVE-2015-4693
 	RESERVED
 CVE-2015-4691
@@ -31453,8 +31473,8 @@
 	RESERVED
 CVE-2014-8887 (IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before ...)
 	NOT-FOR-US: IBM Marketing Operations
-CVE-2014-8886
-	RESERVED
+CVE-2014-8886 (AVM FRITZ!OS before 6.30 extracts the contents of firmware updates ...)
+	TODO: check
 CVE-2014-8885
 	RESERVED
 CVE-2014-8883
@@ -36047,8 +36067,8 @@
 	[squeeze] - xen <end-of-life>
 CVE-2014-7152 (Cross-site scripting (XSS) vulnerability in the Easy MailChimp Forms ...)
 	NOT-FOR-US: WordPress plugin Easy MailChimp Forms
-CVE-2014-7151
-	RESERVED
+CVE-2014-7151 (Multiple cross-site scripting (XSS) vulnerabilities in the NEX-Forms ...)
+	TODO: check
 CVE-2014-7150
 	RESERVED
 CVE-2014-7149
@@ -37647,8 +37667,8 @@
 	NOT-FOR-US: WordPress plugin Infusionsoft Gravity Forms
 CVE-2014-6445 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: WordPress plugin Contact Form 7 Integrations
-CVE-2014-6444
-	RESERVED
+CVE-2014-6444 (Multiple cross-site scripting (XSS) vulnerabilities in the Titan ...)
+	TODO: check
 CVE-2014-6443
 	RESERVED
 CVE-2014-6442




More information about the Secure-testing-commits mailing list