Author: sectracker
Date: 2015-02-24 21:10:17 +0000 (Tue, 24 Feb 2015)
New Revision: 32472
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-24 18:53:29 UTC (rev 32471)
+++ data/CVE/list 2015-02-24 21:10:17 UTC (rev 32472)
@@ -1,3 +1,27 @@
+CVE-2015-2062
+ RESERVED
+CVE-2015-2061
+ RESERVED
+CVE-2015-2057
+ RESERVED
+CVE-2015-2056
+ RESERVED
+CVE-2015-2055 (Zhone GPON 2520 with firmware R4.0.2.566b allows remote
attackers to ...)
+ TODO: check
+CVE-2015-2054 (CRLF injection vulnerability in export.cfg in the web-based ...)
+ TODO: check
+CVE-2015-2053 (The log viewer in McAfee Agent (MA) before 4.8.0 Patch 3 and
5.0.0, ...)
+ TODO: check
+CVE-2015-2052 (Stack-based buffer overflow in the DIR-645 Wired/Wireless
Router Rev. ...)
+ TODO: check
+CVE-2015-2051 (The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware
1.04b12 ...)
+ TODO: check
+CVE-2015-2050 (D-Link DAP-1320 Rev Ax with firmware before 1.21b05 allows
attackers ...)
+ TODO: check
+CVE-2015-2049 (Unrestricted file upload vulnerability in D-Link DCS-931L with
...)
+ TODO: check
+CVE-2015-2048 (Cross-site request forgery (CSRF) vulnerability in D-Link
DCS-931L ...)
+ TODO: check
CVE-2015-2045
RESERVED
CVE-2015-2044
@@ -23,8 +47,7 @@
CVE-2005-XXXX [more related to CVE-2005-4890]
- shadow <unfixed> (unimportant; bug #628843)
NOTE: only affects the su executable, so if you use sudo you're not
affected
-CVE-2015-2047 [TYPO3-CORE-SA-2015-001: Authentication Bypass]
- RESERVED
+CVE-2015-2047 (The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0
through ...)
{DSA-3164-1}
- typo3-src 4.5.40+dfsg1-1 (bug #778870)
NOTE: Remove explicit [wheezy] tagged entry once a CVE is allocated and
cross-reference can be built
@@ -936,6 +959,7 @@
NOTE: arm64 affected from v3.7 to v3.18
NOTE: powerpc affected from v2.6.30 to 3.2
CVE-2015-2060 [directory traversal; related to overlong utf-8 encoding for /]
+ RESERVED
- cabextract <unfixed> (bug #778753)
NOTE: http://www.openwall.com/lists/oss-security/2015/02/18/3
NOTE: Upstream commit: http://sourceforge.net/p/libmspack/code/217
@@ -1425,11 +1449,13 @@
NOTE: #772707, but needs as well resolution for #776137 and then
NOTE: ask update though t-p-u for both issues.
CVE-2015-2058
+ RESERVED
- jabberd2 <unfixed>
NOTE: https://github.com/jabberd2/jabberd2/issues/85
NOTE: http://www.openwall.com/lists/oss-security/2015/02/09/13
TODO: check
CVE-2015-2059
+ RESERVED
- libidn <unfixed>
NOTE: https://github.com/jabberd2/jabberd2/issues/85
NOTE: http://www.openwall.com/lists/oss-security/2015/02/09/13
@@ -1602,8 +1628,7 @@
- elasticsearch <not-affected> (Affects 1.3.0-1.3.7 and 1.4.0-1.4.2,
vulnerable code not present)
NOTE: http://seclists.org/bugtraq/2015/Feb/92
NOTE: Problem in the Groovy scripting engine.
-CVE-2015-1426
- RESERVED
+CVE-2015-1426 (Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to
obtains ...)
- facter <unfixed> (bug #778265)
[wheezy] - facter <no-dsa> (Minor issue)
NOTE: for squeeze (unverified) might be not-affected as upstream claims
1.6.0 - 2.4.0 affected
@@ -1729,8 +1754,7 @@
NOTE: https://nodesecurity.io/advisories/marked_redos
NOTE: https://github.com/chjj/marked/issues/497
NOTE: libv8 is not covered by security support
-CVE-2015-1589 [directory traversal]
- RESERVED
+CVE-2015-1589 (Directory traversal vulnerability in arCHMage 0.2.4 allows
remote ...)
- archmage 1:0.2.4-4 (bug #776164)
[squeeze] - archmage <no-dsa> (Minor issue)
[wheezy] - archmage <no-dsa> (Minor issue)
@@ -1987,8 +2011,7 @@
RESERVED
CVE-2015-1316
RESERVED
-CVE-2015-1315
- RESERVED
+CVE-2015-1315 (Buffer overflow in the charset_to_intern function in
unix/unix.c in ...)
- unzip <not-affected> (*-unzip60-alt-iconv-utf8 patch not applied in
Debian)
CVE-2015-1314
RESERVED
@@ -3405,6 +3428,7 @@
CVE-2013-7419 (Cross-site scripting (XSS) vulnerability in
includes/refreshDate.php ...)
NOT-FOR-US: Joomlaskin JS Multi Hotel (aka JS MultiHotel and
Js-Multi-Hotel) plugin for WordPress
CVE-2015-2063 [buffer overflow]
+ RESERVED
- unace 1.2b-12 (bug #775003)
CVE-2015-0920 (Cross-site request forgery (CSRF) vulnerability in the Banner
Effect ...)
NOT-FOR-US: Banner Effect Header plugin for WordPress
@@ -5110,7 +5134,7 @@
- openjdk-8 <not-affected> (Specific to Oracle Java, not present in
IcedTea)
NOTE: Due to the vague disclosure policy by Oracle the exact nature is
unknown
CVE-2015-0412 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and
8u25 ...)
- {DSA-3147-1 DSA-3144-1}
+ {DSA-3147-1 DSA-3144-1 DLA-157-1}
- openjdk-6 6b34-1.13.6-1
- openjdk-7 7u75-2.5.4-1
- openjdk-8 8u40~b22-1
@@ -5121,7 +5145,7 @@
- percona-xtradb-cluster-5.5 <undetermined>
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
CVE-2015-0410 (Unspecified vulnerability in the Java SE, Java SE Embedded,
JRockit ...)
- {DSA-3147-1 DSA-3144-1}
+ {DSA-3147-1 DSA-3144-1 DLA-157-1}
- openjdk-6 6b34-1.13.6-1
- openjdk-7 7u75-2.5.4-1
- openjdk-8 8u40~b22-1
@@ -5132,12 +5156,12 @@
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
NOTE: For mariadb-10.0 not clear if affected
CVE-2015-0408 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72,
and ...)
- {DSA-3147-1 DSA-3144-1}
+ {DSA-3147-1 DSA-3144-1 DLA-157-1}
- openjdk-6 6b34-1.13.6-1
- openjdk-7 7u75-2.5.4-1
- openjdk-8 8u40~b22-1
CVE-2015-0407 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72,
and ...)
- {DSA-3147-1 DSA-3144-1}
+ {DSA-3147-1 DSA-3144-1 DLA-157-1}
- openjdk-6 6b34-1.13.6-1
- openjdk-7 7u75-2.5.4-1
- openjdk-8 8u40~b22-1
@@ -5170,7 +5194,7 @@
CVE-2015-0396 (Unspecified vulnerability in the Oracle GlassFish Server
component in ...)
NOT-FOR-US: Oracle
CVE-2015-0395 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72,
and ...)
- {DSA-3147-1 DSA-3144-1}
+ {DSA-3147-1 DSA-3144-1 DLA-157-1}
- openjdk-6 6b34-1.13.6-1
- openjdk-7 7u75-2.5.4-1
- openjdk-8 8u40~b22-1
@@ -5205,7 +5229,7 @@
CVE-2015-0384 (Unspecified vulnerability in the Siebel Public Sector component
in ...)
NOT-FOR-US: Oracle
CVE-2015-0383 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72,
and ...)
- {DSA-3147-1 DSA-3144-1}
+ {DSA-3147-1 DSA-3144-1 DLA-157-1}
- openjdk-6 6b34-1.13.6-1
- openjdk-7 7u75-2.5.4-1
- openjdk-8 8u40~b22-1
@@ -6820,8 +6844,7 @@
- postgresql-9.1 9.1.11-2
- postgresql-8.4 <removed>
[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only
provides PL/Perl)
-CVE-2015-0240
- RESERVED
+CVE-2015-0240 (The Netlogon server implementation in smbd in Samba 3.5.x and
3.6.x ...)
{DSA-3171-1 DLA-156-1}
- samba 2:4.1.17+dfsg-1 (bug #779033)
- samba4 4.0.0~beta2+dfsg1-3.2+deb7u2
@@ -13236,7 +13259,7 @@
CVE-2014-6607 (M/Monit 3.3.2 and earlier does not verify the original password
before ...)
NOT-FOR-US: M/Monit
CVE-2014-6601 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and
8u25 ...)
- {DSA-3147-1 DSA-3144-1}
+ {DSA-3147-1 DSA-3144-1 DLA-157-1}
- openjdk-6 6b34-1.13.6-1
- openjdk-7 7u75-2.5.4-1
- openjdk-8 8u40~b22-1
@@ -13257,14 +13280,14 @@
CVE-2014-6594 (Unspecified vulnerability in the Oracle iLearning component in
Oracle ...)
NOT-FOR-US: Oracle iLearning
CVE-2014-6593 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72,
and ...)
- {DSA-3147-1 DSA-3144-1}
+ {DSA-3147-1 DSA-3144-1 DLA-157-1}
- openjdk-6 6b34-1.13.6-1
- openjdk-7 7u75-2.5.4-1
- openjdk-8 8u40~b22-1
CVE-2014-6592 (Unspecified vulnerability in the Oracle OpenSSO component in
Oracle ...)
NOT-FOR-US: Oracle
CVE-2014-6591 (Unspecified vulnerability in the Java SE component in Oracle
Java SE ...)
- {DSA-3147-1 DSA-3144-1}
+ {DSA-3147-1 DSA-3144-1 DLA-157-1}
- openjdk-6 6b34-1.13.6-1
- openjdk-7 7u75-2.5.4-1
- openjdk-8 8u40~b22-1
@@ -13282,14 +13305,14 @@
[wheezy] - virtualbox <not-affected> (Introduced in 4.3)
- virtualbox-ose <not-affected> (Introduced in 4.3)
CVE-2014-6587 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and
8u25 ...)
- {DSA-3147-1 DSA-3144-1}
+ {DSA-3147-1 DSA-3144-1 DLA-157-1}
- openjdk-6 6b34-1.13.6-1
- openjdk-7 7u75-2.5.4-1
- openjdk-8 8u40~b22-1
CVE-2014-6586 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS
component ...)
NOT-FOR-US: Oracle
CVE-2014-6585 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72,
and ...)
- {DSA-3147-1 DSA-3144-1}
+ {DSA-3147-1 DSA-3144-1 DLA-157-1}
- openjdk-6 6b34-1.13.6-1
- openjdk-7 7u75-2.5.4-1
- openjdk-8 8u40~b22-1
@@ -20765,7 +20788,7 @@
{DSA-3053-1 DLA-81-1}
- openssl 1.0.1j-1
CVE-2014-3566 (The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and
other ...)
- {DSA-3147-1 DSA-3144-1 DSA-3092-1}
+ {DSA-3147-1 DSA-3144-1 DSA-3092-1 DLA-157-1}
- arora <unfixed> (unimportant)
- bouncycastle <not-affected> (SSLv3 needs to be explicitly enabled)
NOTE: http://www.kb.cert.org/vuls/id/BLUU-9PYTFQ
@@ -58183,7 +58206,7 @@
CVE-2012-3542 (OpenStack Keystone, as used in OpenStack Folsom before
folsom-rc1 and ...)
- keystone 2012.1.1-5
CVE-2012-3541 [rpcbind: -h fails to control access to rpcbind]
- RESERVED
+ REJECTED
{DLA-108-1}
- rpcbind <unfixed> (low)
[squeeze] - rpcbind <no-dsa> (Minor issue)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
