[Secure-testing-commits] r40538 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Mar 23 21:10:13 UTC 2016
Author: sectracker
Date: 2016-03-23 21:10:12 +0000 (Wed, 23 Mar 2016)
New Revision: 40538
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-23 18:52:41 UTC (rev 40537)
+++ data/CVE/list 2016-03-23 21:10:12 UTC (rev 40538)
@@ -1660,6 +1660,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/7
CVE-2015-8833 [Heap use after free in Pidgin-OTR plugin]
RESERVED
+ {DSA-3528-1}
- pidgin-otr 4.0.2-1
[wheezy] - pidgin-otr <not-affected> (Vulnerable code not present)
NOTE: https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin.html
@@ -4363,7 +4364,7 @@
NOTE: libv8 is not covered by security support
NOTE: https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/
CVE-2015-8792 (The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 ...)
- {DLA-420-1}
+ {DSA-3526-1 DLA-420-1}
- libmatroska 1.4.4-1
NOTE: http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html
NOTE: https://github.com/Matroska-Org/libmatroska/commit/0a2d3e3644a7453b6513db2f9bc270f77943573f
@@ -7216,7 +7217,7 @@
NOT-FOR-US: ZTE router
CVE-2015-8702 [DoS caused by PTR lookup of connecting users]
RESERVED
- {DLA-384-1}
+ {DSA-3527-1 DLA-384-1}
- inspircd 2.0.20-1
NOTE: https://github.com/inspircd/inspircd/commit/6058483d9fbc1b904d5ae7cfea47bfcde5c5b559
NOTE: http://www.inspircd.org/2015/04/16/v2019-released.html
@@ -10884,6 +10885,7 @@
NOTE: Non-exploitable on release archs due to kernel hardening
CVE-2015-8537 [Data disclosure in atom feed]
RESERVED
+ {DSA-3529-1}
- redmine 3.2.0-1 (bug #807826)
[squeeze] - redmine <not-affected> (Vulnerable code not present in 1.0.1)
[wheezy] - redmine <end-of-life> (Redmine not supported because of rails)
@@ -10905,6 +10907,7 @@
NOTE: https://github.com/PHPMailer/PHPMailer/commit/6687a96a18b8f12148881e4ddde795ae477284b0 (v5.2.14)
CVE-2015-8474 [Open Redirect vulnerability]
RESERVED
+ {DSA-3529-1}
- redmine 3.2.0-1 (bug #807272)
[squeeze] - redmine <end-of-life> (Redmine not supported because of rails)
[wheezy] - redmine <end-of-life> (Redmine not supported because of rails)
@@ -10916,6 +10919,7 @@
NOTE: depends on the CVE-2014-1985 fix first
CVE-2015-8473 [Issues API may disclose changeset messages that are not visible]
RESERVED
+ {DSA-3529-1}
- redmine 3.2.0-1 (bug #807345)
[squeeze] - redmine <not-affected> (code dates from the API changes introduced in 735a83c, part of 1.1)
[wheezy] - redmine <end-of-life> (Redmine not supported because of rails)
@@ -11346,7 +11350,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/11/25/3
CVE-2015-8346 [Data disclosure on the time logging form]
RESERVED
- {DLA-351-1}
+ {DSA-3529-1 DLA-351-1}
- redmine 3.2.0-1 (bug #806376)
[wheezy] - redmine <end-of-life> (Redmine not supported because of rails)
[squeeze] - redmine <end-of-life> (Redmine not supported because of rails)
More information about the Secure-testing-commits
mailing list