[Secure-testing-commits] r55088 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Aug 25 21:10:13 UTC 2017
Author: sectracker
Date: 2017-08-25 21:10:13 +0000 (Fri, 25 Aug 2017)
New Revision: 55088
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-25 20:55:59 UTC (rev 55087)
+++ data/CVE/list 2017-08-25 21:10:13 UTC (rev 55088)
@@ -1,9 +1,29 @@
+CVE-2017-13705
+ RESERVED
+CVE-2017-13704
+ RESERVED
+CVE-2017-13703
+ RESERVED
+CVE-2017-13702
+ RESERVED
+CVE-2017-13701
+ RESERVED
+CVE-2017-13700
+ RESERVED
+CVE-2017-13699
+ RESERVED
+CVE-2017-13698
+ RESERVED
+CVE-2017-13697 (controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to ...)
+ TODO: check
+CVE-2017-13696
+ RESERVED
CVE-2017-1000122
- - webkit2gtk 2.16.3-2 (unimportant)
+ - webkit2gtk 2.16.3-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2017-0007.html
NOTE: Not covered by security support
CVE-2017-1000121
- - webkit2gtk 2.16.3-2 (unimportant)
+ - webkit2gtk 2.16.3-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2017-0007.html
NOTE: Not covered by security support
CVE-2017-13695 (The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the ...)
@@ -2342,8 +2362,8 @@
- libzip <not-affected> (Vulnerable code introduced later)
NOTE: Introduced after: https://github.com/nih-at/libzip/commit/796c5968ad679220db3fb65ec6f48c66e554e5d5 (rel-1-2-0)
NOTE: Fixed by: https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796
-CVE-2017-12857
- RESERVED
+CVE-2017-12857 (Polycom SoundStation IP, VVX, and RealPresence Trio that are running ...)
+ TODO: check
CVE-2017-12856
RESERVED
CVE-2017-12854
@@ -2469,10 +2489,10 @@
RESERVED
CVE-2017-12818
RESERVED
-CVE-2017-12817
- RESERVED
-CVE-2017-12816
- RESERVED
+CVE-2017-12817 (In Kaspersky Internet Security for Android 11.12.4.1622, some of the ...)
+ TODO: check
+CVE-2017-12816 (In Kaspersky Internet Security for Android 11.12.4.1622, some of ...)
+ TODO: check
CVE-2017-12815
RESERVED
CVE-2017-12814
@@ -2740,20 +2760,20 @@
RESERVED
CVE-2017-12710
RESERVED
-CVE-2017-12709
- RESERVED
+CVE-2017-12709 (A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN ...)
+ TODO: check
CVE-2017-12708
RESERVED
-CVE-2017-12707
- RESERVED
+CVE-2017-12707 (A Stack-based Buffer Overflow issue was discovered in SpiderControl ...)
+ TODO: check
CVE-2017-12706
RESERVED
CVE-2017-12705
RESERVED
CVE-2017-12704
RESERVED
-CVE-2017-12703
- RESERVED
+CVE-2017-12703 (A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo ...)
+ TODO: check
CVE-2017-12702
RESERVED
CVE-2017-12701
@@ -2770,8 +2790,8 @@
RESERVED
CVE-2017-12695
RESERVED
-CVE-2017-12694
- RESERVED
+CVE-2017-12694 (A Directory Traversal issue was discovered in SpiderControl SCADA Web ...)
+ TODO: check
CVE-2017-1000101 [URL globbing out of bounds read]
- curl 7.55.0-1 (bug #871554)
[wheezy] - curl <not-affected> (Vulnerable code not present, introduced later in 7.34.0)
@@ -7371,12 +7391,13 @@
NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/931850e5d2f65193520c2d9c9878148c0cdc16a6
NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/4b059296e14b6ab75dc17163077490528a819806
CVE-2017-10983 (An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before ...)
- {DSA-3930-1}
+ {DSA-3930-1 DLA-1064-1}
- freeradius 3.0.15+dfsg-1 (bug #868765)
NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-206
NOTE: 2.x: https://github.com/FreeRADIUS/freeradius-server/commit/ec08b30f87066f82073d02fab57e8ffeef81373d
NOTE: 3.x: https://github.com/FreeRADIUS/freeradius-server/commit/5759b20af99af6d30924f0efd8da5eac2a17163d
CVE-2017-10982 (An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - ...)
+ {DLA-1064-1}
- freeradius 3.0.12+dfsg-3
[jessie] - freeradius 2.2.5+dfsg-0.2+deb8u1
NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-205
@@ -7385,6 +7406,7 @@
NOTE: This is not fully technically correct, the issue affects only the 2.x
NOTE: series but not 3.x.
CVE-2017-10981 (An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - ...)
+ {DLA-1064-1}
- freeradius 3.0.12+dfsg-3
[jessie] - freeradius 2.2.5+dfsg-0.2+deb8u1
NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-204
@@ -7393,6 +7415,7 @@
NOTE: This is not fully technically correct, the issue affects only the 2.x
NOTE: series but not 3.x.
CVE-2017-10980 (An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - ...)
+ {DLA-1064-1}
- freeradius 3.0.12+dfsg-3
[jessie] - freeradius 2.2.5+dfsg-0.2+deb8u1
NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-203
@@ -7401,6 +7424,7 @@
NOTE: This is not fully technically correct, the issue affects only the 2.x
NOTE: series but not 3.x.
CVE-2017-10979 (An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write ...)
+ {DLA-1064-1}
- freeradius 3.0.12+dfsg-3
[jessie] - freeradius 2.2.5+dfsg-0.2+deb8u1
NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-202
@@ -7409,7 +7433,7 @@
NOTE: This is not fully technically correct, the issue affects only the 2.x
NOTE: series but not 3.x.
CVE-2017-10978 (An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before ...)
- {DSA-3930-1}
+ {DSA-3930-1 DLA-1064-1}
- freeradius 3.0.15+dfsg-1 (bug #868765)
NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-201
NOTE: 2.x: https://github.com/FreeRADIUS/freeradius-server/commit/38ee90f2a5a28dc5887a30bdfdc98109c0418e68
@@ -9643,7 +9667,7 @@
CVE-2017-10244 (Vulnerability in the Oracle Application Object Library component of ...)
NOT-FOR-US: Oracle
CVE-2017-10243 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-3919-1}
+ {DSA-3954-1 DSA-3919-1}
- openjdk-8 8u141-b15-1
[experimental] - openjdk-7 7u151-2.6.11-1
- openjdk-7 <removed>
@@ -9762,7 +9786,7 @@
CVE-2017-10199 (Vulnerability in the Oracle iLearning component of Oracle iLearning ...)
NOT-FOR-US: Oracle
CVE-2017-10198 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-3919-1}
+ {DSA-3954-1 DSA-3919-1}
- openjdk-8 8u141-b15-1
- openjdk-7 <removed>
- openjdk-6 <removed>
@@ -9776,7 +9800,7 @@
CVE-2017-10194
RESERVED
CVE-2017-10193 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
- {DSA-3919-1}
+ {DSA-3954-1 DSA-3919-1}
- openjdk-8 8u141-b15-1
- openjdk-7 <removed>
- openjdk-6 <removed>
@@ -9816,7 +9840,7 @@
CVE-2017-10177 (Vulnerability in the Oracle Application Object Library component of ...)
NOT-FOR-US: Oracle
CVE-2017-10176 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-3919-1}
+ {DSA-3954-1 DSA-3919-1}
- openjdk-8 8u141-b15-1
[experimental] - openjdk-7 7u151-2.6.11-1
- openjdk-7 <removed>
@@ -9918,7 +9942,7 @@
CVE-2017-10136 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
NOT-FOR-US: Oracle
CVE-2017-10135 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-3919-1}
+ {DSA-3954-1 DSA-3919-1}
- openjdk-8 8u141-b15-1
[experimental] - openjdk-7 7u151-2.6.11-1
- openjdk-7 <removed>
@@ -9961,21 +9985,21 @@
CVE-2017-10119 (Vulnerability in the Oracle Service Bus component of Oracle Fusion ...)
NOT-FOR-US: Oracle
CVE-2017-10118 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-3919-1}
+ {DSA-3954-1 DSA-3919-1}
- openjdk-8 8u141-b15-1
[experimental] - openjdk-7 7u151-2.6.11-1
- openjdk-7 <removed>
CVE-2017-10117 (Vulnerability in the Java Advanced Management Console component of ...)
NOT-FOR-US: Java Advanced Management Console
CVE-2017-10116 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-3919-1}
+ {DSA-3954-1 DSA-3919-1}
- openjdk-8 8u141-b15-1
[experimental] - openjdk-7 7u151-2.6.11-1
- openjdk-7 <removed>
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10115 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-3919-1}
+ {DSA-3954-1 DSA-3919-1}
- openjdk-8 8u141-b15-1
[experimental] - openjdk-7 7u151-2.6.11-1
- openjdk-7 <removed>
@@ -9992,28 +10016,28 @@
{DSA-3919-1}
- openjdk-8 8u141-b15-1
CVE-2017-10110 (Vulnerability in the Java SE component of Oracle Java SE ...)
- {DSA-3919-1}
+ {DSA-3954-1 DSA-3919-1}
- openjdk-8 8u141-b15-1
[experimental] - openjdk-7 7u151-2.6.11-1
- openjdk-7 <removed>
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10109 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-3919-1}
+ {DSA-3954-1 DSA-3919-1}
- openjdk-8 8u141-b15-1
[experimental] - openjdk-7 7u151-2.6.11-1
- openjdk-7 <removed>
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10108 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-3919-1}
+ {DSA-3954-1 DSA-3919-1}
- openjdk-8 8u141-b15-1
[experimental] - openjdk-7 7u151-2.6.11-1
- openjdk-7 <removed>
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10107 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
- {DSA-3919-1}
+ {DSA-3954-1 DSA-3919-1}
- openjdk-8 8u141-b15-1
[experimental] - openjdk-7 7u151-2.6.11-1
- openjdk-7 <removed>
@@ -10030,14 +10054,14 @@
CVE-2017-10103 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
NOT-FOR-US: Oracle
CVE-2017-10102 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
- {DSA-3919-1}
+ {DSA-3954-1 DSA-3919-1}
- openjdk-8 8u141-b15-1
[experimental] - openjdk-7 7u151-2.6.11-1
- openjdk-7 <removed>
- openjdk-6 <unfixed>
[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10101 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
- {DSA-3919-1}
+ {DSA-3954-1 DSA-3919-1}
- openjdk-8 8u141-b15-1
[experimental] - openjdk-7 7u151-2.6.11-1
- openjdk-7 <removed>
@@ -10052,7 +10076,7 @@
CVE-2017-10097 (Vulnerability in the Oracle Hospitality Reporting and Analytics ...)
NOT-FOR-US: Oracle
CVE-2017-10096 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
- {DSA-3919-1}
+ {DSA-3954-1 DSA-3919-1}
- openjdk-8 8u141-b15-1
[experimental] - openjdk-7 7u151-2.6.11-1
- openjdk-7 <removed>
@@ -10069,12 +10093,12 @@
CVE-2017-10091 (Vulnerability in the Enterprise Manager Base Platform component of ...)
NOT-FOR-US: Oracle
CVE-2017-10090 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
- {DSA-3919-1}
+ {DSA-3954-1 DSA-3919-1}
- openjdk-8 8u141-b15-1
[experimental] - openjdk-7 7u151-2.6.11-1
- openjdk-7 <removed>
CVE-2017-10089 (Vulnerability in the Java SE component of Oracle Java SE ...)
- {DSA-3919-1}
+ {DSA-3954-1 DSA-3919-1}
- openjdk-8 8u141-b15-1
[experimental] - openjdk-7 7u151-2.6.11-1
- openjdk-7 <removed>
@@ -10083,7 +10107,7 @@
CVE-2017-10088 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
NOT-FOR-US: Oracle
CVE-2017-10087 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
- {DSA-3919-1}
+ {DSA-3954-1 DSA-3919-1}
- openjdk-8 8u141-b15-1
[experimental] - openjdk-7 7u151-2.6.11-1
- openjdk-7 <removed>
@@ -10101,7 +10125,7 @@
CVE-2017-10082 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
NOT-FOR-US: Oracle
CVE-2017-10081 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
- {DSA-3919-1}
+ {DSA-3954-1 DSA-3919-1}
- openjdk-8 8u141-b15-1
[experimental] - openjdk-7 7u151-2.6.11-1
- openjdk-7 <removed>
@@ -10121,7 +10145,7 @@
CVE-2017-10075 (Vulnerability in the Oracle WebCenter Content component of Oracle ...)
NOT-FOR-US: Oracle
CVE-2017-10074 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
- {DSA-3919-1}
+ {DSA-3954-1 DSA-3919-1}
- openjdk-8 8u141-b15-1
[experimental] - openjdk-7 7u151-2.6.11-1
- openjdk-7 <removed>
@@ -10140,7 +10164,7 @@
CVE-2017-10068
RESERVED
CVE-2017-10067 (Vulnerability in the Java SE component of Oracle Java SE ...)
- {DSA-3919-1}
+ {DSA-3954-1 DSA-3919-1}
- openjdk-8 8u141-b15-1
[experimental] - openjdk-7 7u151-2.6.11-1
- openjdk-7 <removed>
@@ -10173,7 +10197,7 @@
CVE-2017-10054
RESERVED
CVE-2017-10053 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
- {DSA-3919-1}
+ {DSA-3954-1 DSA-3919-1}
- openjdk-8 8u141-b15-1
[experimental] - openjdk-7 7u151-2.6.11-1
- openjdk-7 <removed>
@@ -10819,8 +10843,8 @@
RESERVED
CVE-2017-9651
RESERVED
-CVE-2017-9650
- RESERVED
+CVE-2017-9650 (An Unrestricted Upload of File with Dangerous Type issue was discovered ...)
+ TODO: check
CVE-2017-9649
RESERVED
CVE-2017-9648 (An Uncontrolled Search Path Element issue was discovered in Solar ...)
@@ -10831,16 +10855,16 @@
NOT-FOR-US: Solar Controls Heating Control Downloader (HCDownloader)
CVE-2017-9645
RESERVED
-CVE-2017-9644
- RESERVED
+CVE-2017-9644 (An Unquoted Search Path or Element issue was discovered in Automated ...)
+ TODO: check
CVE-2017-9643
RESERVED
CVE-2017-9642
RESERVED
CVE-2017-9641
RESERVED
-CVE-2017-9640
- RESERVED
+CVE-2017-9640 (A Path Traversal issue was discovered in Automated Logic Corporation ...)
+ TODO: check
CVE-2017-9639 (An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and ...)
NOT-FOR-US: Fuji Electric V-Server
CVE-2017-9638
@@ -15756,24 +15780,24 @@
NOT-FOR-US: NXP i.MX devices
CVE-2017-7935 (A Resource Exhaustion issue was discovered in Phoenix Contact GmbH ...)
NOT-FOR-US: Phoenix Contact
-CVE-2017-7934
- RESERVED
+CVE-2017-7934 (An Improper Authentication issue was discovered in OSIsoft PI Server ...)
+ TODO: check
CVE-2017-7933
RESERVED
CVE-2017-7932 (An improper certificate validation issue was discovered in NXP i.MX 28 ...)
NOT-FOR-US: NXP i.MX devices
CVE-2017-7931
RESERVED
-CVE-2017-7930
- RESERVED
+CVE-2017-7930 (An Improper Authentication issue was discovered in OSIsoft PI Server ...)
+ TODO: check
CVE-2017-7929 (An Absolute Path Traversal issue was discovered in Advantech WebAccess ...)
NOT-FOR-US: Advantech WebAccess
CVE-2017-7928 (An Improper Access Control issue was discovered in Schweitzer ...)
NOT-FOR-US: Schweitzer Engineering Laboratories Security Gateway
CVE-2017-7927 (A Use of Password Hash Instead of Password for Authentication issue was ...)
NOT-FOR-US: Dahua
-CVE-2017-7926
- RESERVED
+CVE-2017-7926 (A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API ...)
+ TODO: check
CVE-2017-7925 (A Password in Configuration File issue was discovered in Dahua ...)
NOT-FOR-US: Dahua
CVE-2017-7924
@@ -50283,8 +50307,8 @@
NOT-FOR-US: Schneider
CVE-2016-5817 (SQL injection vulnerability in news pages in Cargotec Navis WebAccess ...)
NOT-FOR-US: Cargotec
-CVE-2016-5816
- RESERVED
+CVE-2016-5816 (A Use of Hard-Coded Cryptographic Key issue was discovered in ...)
+ TODO: check
CVE-2016-5815 (An issue was discovered on Schneider Electric IONXXXX series power ...)
NOT-FOR-US: Schneider
CVE-2016-5814 (Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, ...)
@@ -81818,10 +81842,10 @@
NOT-FOR-US: Cisco
CVE-2015-4182 (The administrative web interface in Cisco Identity Services Engine ...)
NOT-FOR-US: Cisco Identity Services Engine
-CVE-2015-4181
- RESERVED
-CVE-2015-4180
- RESERVED
+CVE-2015-4181 (Directory traversal vulnerability in get_file.php in phpMyBackupPro ...)
+ TODO: check
+CVE-2015-4180 (Directory traversal vulnerability in get_file.php in phpMyBackupPro ...)
+ TODO: check
CVE-2015-4175
RESERVED
CVE-2015-4174 (Cross-site scripting (XSS) vulnerability in the integrated web server ...)
@@ -83914,8 +83938,7 @@
[squeeze] - haproxy <not-affected> (Similar check was already present)
NOTE: Upstream fix: http://git.haproxy.org/?p=haproxy-1.5.git;a=commit;h=522aab39753e8ed13786bc57b03ef7ae4ffe6c87
NOTE: For squeeze, the above commit message implies that the fix does not need to be backported to version 1.4 and indeed, the code already contains a (different) check that limits the value of "len".
-CVE-2015-4017 [Saltstack SSL verification disabling for alibabab cloud module]
- RESERVED
+CVE-2015-4017 (Salt before 2014.7.6 does not verify certificates when connecting via ...)
- salt <not-affected> (Vulnerable code not present in the version in Debian stable/unstable)
NOTE: http://www.openwall.com/lists/oss-security/2015/05/02/1
CVE-2015-3646 (OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before ...)
@@ -84568,8 +84591,8 @@
- cups 1.5.0-16
NOTE: cups moved filters to separate package in 1.5.0-16
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1235385
-CVE-2015-3257
- RESERVED
+CVE-2015-3257 (Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not ...)
+ TODO: check
CVE-2015-3256 (PolicyKit (aka polkit) before 0.113 allows local users to cause a ...)
- policykit-1 <not-affected> (The Policykit versions which rely on Javascript/Spidermonkey haven't been uploaded to unstable)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=69501
@@ -84807,8 +84830,7 @@
- linux-2.6 <not-affected> (Vulnerable code introduced later)
NOTE: https://marc.info/?l=linux-netdev&m=143277436124732&w=2
NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9f7d653b67aed2d92540fbb0a8adaf32fcf352ae (v3.1-rc1)
-CVE-2015-3211
- RESERVED
+CVE-2015-3211 (php-fpm allows local users to write to or create arbitrary files via a ...)
- php5 <not-affected> (Red Hat specific problem in the rpm package)
CVE-2015-3210 (Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 ...)
- pcre3 2:8.35-7.2 (bug #787433)
@@ -84835,8 +84857,7 @@
NOT-FOR-US: HornetQ
CVE-2015-3207
RESERVED
-CVE-2015-3206 [checkPassword() does not verify KDC authenticity]
- RESERVED
+CVE-2015-3206 (The checkPassword function in python-kerberos does not authenticate ...)
{DLA-265-2 DLA-265-1}
- pykerberos 1.1.5-1 (bug #796195)
[jessie] - pykerberos 1.1.5-0.1+deb8u1
@@ -90790,11 +90811,9 @@
- python-dbusmock 0.15.1-1 (bug #786858)
[jessie] - python-dbusmock 0.11.4-1+deb8u1
NOTE: https://bugs.launchpad.net/python-dbusmock/+bug/1453815
-CVE-2015-1325
- RESERVED
+CVE-2015-1325 (Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in ...)
[experimental] - apport 2.17.3-1
-CVE-2015-1324
- RESERVED
+CVE-2015-1324 (apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before ...)
[experimental] - apport 2.17.3-1
CVE-2015-1323 (The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 ...)
{DLA-261-1}
@@ -90878,8 +90897,7 @@
NOTE: https://github.com/grml/grml-debootstrap/issues/59
CVE-2015-1377 (The Read Mail module in Webmin 1.720 allows local users to read ...)
NOT-FOR-US: Webmin
-CVE-2015-1395 [directory traversal via file rename]
- RESERVED
+CVE-2015-1395 (Directory traversal vulnerability in GNU patch versions which support ...)
- patch 2.7.3-1 (bug #775873)
[wheezy] - patch <not-affected> (Support for git-style patches added in 2.7)
[squeeze] - patch <not-affected> (Support for git-style patches added in 2.7)
@@ -91532,8 +91550,7 @@
NOTE: https://github.com/kamailio/kamailio/issues/48
CVE-2015-XXXX [insecure configuration permissions]
- phabricator 0~git20150129-1 (bug #775479)
-CVE-2014-9637 [With a specific file, patch goes to infinite loop and eats all CPU time]
- RESERVED
+CVE-2014-9637 (GNU patch 2.7.2 and earlier allows remote attackers to cause a denial ...)
- patch 2.7.1-7
[wheezy] - patch <not-affected> (Vulnerability introduced later)
[squeeze] - patch <not-affected> (Vulnerability introduced later)
@@ -92468,12 +92485,10 @@
NOTE: Originally was addressed in 3.5.27.1-1 but it was reintroduced
NOTE: with the 3.5.27.1-2 upload, cf. https://bugs.debian.org/775193#17
NOTE: Not exploitable with kernel hardening since wheezy
-CVE-2015-5701 [mktexlsr: reintroduced insecure use of /tmp, in revision 36855]
- RESERVED
+CVE-2015-5701 (mktexlsr revision 36855, and before revision 36626 as packaged in ...)
- texlive-bin <not-affected> (Vulnerable code not reintroduced, patch mktexlsr-use-mktemp still applied)
NOTE: https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=36626&r2=36855
-CVE-2015-5700 [mktexlsr: insecure use of /tmp, originally introduced in revision 22885]
- RESERVED
+CVE-2015-5700 (mktexlsr revision 36855, and before revision 36626 as packaged in ...)
- texlive-bin 2014.20140926.35254-5 (bug #775139)
[wheezy] - texlive-bin <no-dsa> (Minor issue)
[squeeze] - texlive-bin <no-dsa> (Minor issue)
@@ -93499,8 +93514,8 @@
NOT-FOR-US: SolarWinds
CVE-2014-9565
RESERVED
-CVE-2014-9564
- RESERVED
+CVE-2014-9564 (CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet ...)
+ TODO: check
CVE-2014-9563
RESERVED
CVE-2014-9562 (Cross-site scripting (XSS) vulnerability in display_dialog.php in M2 ...)
@@ -99987,14 +100002,14 @@
- swift 2.2.0-1
[wheezy] - swift <no-dsa> (Minor issue)
NOTE: affected version: all up to 2.1.0
-CVE-2014-7860
- RESERVED
-CVE-2014-7859
- RESERVED
-CVE-2014-7858
- RESERVED
-CVE-2014-7857
- RESERVED
+CVE-2014-7860 (The web/web_file/fb_publish.php script in D-Link DNS-320L before ...)
+ TODO: check
+CVE-2014-7859 (Stack-based buffer overflow in login_mgr.cgi in D-Link firmware ...)
+ TODO: check
+CVE-2014-7858 (The check_login function in D-Link DNR-326 before 2.10 build 03 allows ...)
+ TODO: check
+CVE-2014-7857 (D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 ...)
+ TODO: check
CVE-2014-7856
RESERVED
CVE-2014-7855
More information about the Secure-testing-commits
mailing list