Author: sectracker
Date: 2015-05-19 21:10:15 +0000 (Tue, 19 May 2015)
New Revision: 34352
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-05-19 21:03:54 UTC (rev 34351)
+++ data/CVE/list 2015-05-19 21:10:15 UTC (rev 34352)
@@ -1,3 +1,33 @@
+CVE-2015-4026
+ RESERVED
+CVE-2015-4025
+ RESERVED
+CVE-2015-4024
+ RESERVED
+CVE-2015-4023
+ RESERVED
+CVE-2015-4022
+ RESERVED
+CVE-2015-4021
+ RESERVED
+CVE-2015-4020
+ RESERVED
+CVE-2015-4019
+ RESERVED
+CVE-2015-4018
+ RESERVED
+CVE-2015-4016
+ RESERVED
+CVE-2015-4015
+ RESERVED
+CVE-2015-4014
+ RESERVED
+CVE-2015-4013
+ RESERVED
+CVE-2015-4012
+ RESERVED
+CVE-2015-4011
+ RESERVED
CVE-2015-4042 [buffer overflow related to SIZE_MAX - lenb - 2 < lena test]
- coreutils <unfixed>
NOTE:
https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940
@@ -942,22 +972,18 @@
TODO: check
CVE-2015-3632 (Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5
allow ...)
TODO: check
-CVE-2015-3631 [Volume mounts allow LSM profile escalation]
- RESERVED
+CVE-2015-3631 (Docker Engine before 1.6.1 allows local users to set arbitrary
Linux ...)
- docker.io 1.6.1+dfsg1-1 (bug #784726)
NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10
-CVE-2015-3630 [Read/write proc paths allow host modification & information
disclosure]
- RESERVED
+CVE-2015-3630 (Docker Engine before 1.6.1 uses weak permissions for (1)
/proc/asound, ...)
- docker.io 1.6.1+dfsg1-1 (bug #784726)
NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10
-CVE-2015-3629 [Symlink traversal on container respawn allows local privilege
escalation]
- RESERVED
+CVE-2015-3629 (Libcontainer 1.6.0, as used in Docker Engine, allows local
users to ...)
- docker.io 1.6.1+dfsg1-1 (bug #784726)
NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10
CVE-2015-3628
RESERVED
-CVE-2015-3627 [Insecure opening of file-descriptor 1 leading to privilege
escalation]
- RESERVED
+CVE-2015-3627 (Libcontainer and Docker Engine before 1.6.1 opens the
file-descriptor ...)
- docker.io 1.6.1+dfsg1-1 (bug #784726)
NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10
CVE-2015-3626
@@ -1338,6 +1364,7 @@
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/05/02/3
NOTE: Plugin not installed into the binary package
CVE-2015-4017 [Saltstack SSL verification disabling for alibabab cloud module]
+ RESERVED
- salt <not-affected> (Vulnerable code not present in the version in
Debian stable/unstable)
NOTE: http://www.openwall.com/lists/oss-security/2015/05/02/1
CVE-2015-3646 (OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x
before ...)
@@ -1395,8 +1422,7 @@
NOTE:
http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=f979435823a02f842c41d49cd41cc81f25b5d677
NOTE: Introduced by
http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=609d5c1366fb424f6150c4eed358d246e61cf204
(libtasn1_3_6)
NOTE: DECR_LEN introduced in
http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=154909136c12cfa5c60732b7210827dfb1ec6aee
(libtasn1_3_6)
-CVE-2015-3455
- RESERVED
+CVE-2015-3455 (Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before
3.4.13, ...)
- squid <removed> (unimportant)
- squid3 <unfixed> (unimportant)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2015_1.txt
@@ -2088,7 +2114,7 @@
RESERVED
- askbot <itp> (bug #687966)
CVE-2015-3168
- RESERVED
+ REJECTED
CVE-2015-3167
RESERVED
CVE-2015-3166
@@ -2455,8 +2481,8 @@
- sqlite3 3.8.9-1 (bug #783968)
NOTE: https://www.sqlite.org/src/info/eddc05e7bb31fae7
NOTE: http://seclists.org/bugtraq/2015/Apr/97
-CVE-2015-3306 [unauthenticated copying of files via SITE CPFR/CPTO allowed by
mod_copy]
- RESERVED
+CVE-2015-3306 (The mod_copy module in ProFTPD 1.3.5 allows remote attackers to
read ...)
+ {DSA-3263-1}
- proftpd-dfsg 1.3.5-2 (bug #782781)
[squeeze] - proftpd-dfsg <not-affected> (mod_copy not available in
version 1.3.3)
NOTE: http://www.openwall.com/lists/oss-security/2015/04/15/2
@@ -3346,7 +3372,7 @@
[wheezy] - iceweasel <not-affected> (Only affects 37.x)
[squeeze] - iceweasel <not-affected> (Only affects 37.x)
CVE-2015-2716 (Buffer overflow in the XML parser in Mozilla Firefox before
38.0, ...)
- {DSA-3260-1}
+ {DSA-3264-1 DSA-3260-1}
- iceweasel 38.0-1
[squeeze] - iceweasel <end-of-life>
- icedove <unfixed>
@@ -3360,7 +3386,7 @@
CVE-2015-2714 (Mozilla Firefox before 38.0 on Android does not properly
restrict ...)
- iceweasel <not-affected> (Only affects Firefox on Android)
CVE-2015-2713 (Use-after-free vulnerability in the SetBreaks function in
Mozilla ...)
- {DSA-3260-1}
+ {DSA-3264-1 DSA-3260-1}
- iceweasel 38.0-1
[squeeze] - iceweasel <end-of-life>
- icedove <unfixed>
@@ -3377,7 +3403,7 @@
[wheezy] - iceweasel <not-affected> (Only affects 37.x)
[squeeze] - iceweasel <not-affected> (Only affects 37.x)
CVE-2015-2710 (Heap-based buffer overflow in the SVGTextFrame class in Mozilla
...)
- {DSA-3260-1}
+ {DSA-3264-1 DSA-3260-1}
- iceweasel 38.0-1
[squeeze] - iceweasel <end-of-life>
- icedove <unfixed>
@@ -3390,7 +3416,7 @@
[squeeze] - iceweasel <not-affected> (Only affects 37.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-46/
CVE-2015-2708 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
- {DSA-3260-1}
+ {DSA-3264-1 DSA-3260-1}
- iceweasel 38.0-1
[squeeze] - iceweasel <end-of-life>
- icedove <unfixed>
@@ -3446,8 +3472,7 @@
RESERVED
CVE-2015-2690
RESERVED
-CVE-2015-2704 [Retrieve info destined for config files after join]
- RESERVED
+CVE-2015-2704 (realmd allows remote attackers to inject arbitrary
configurations in ...)
- realmd 0.16.0-1 (bug #781179)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=89207
CVE-2015-2776 (The parse_SST function in FreeXL before 1.0.0i allows remote
attackers ...)
@@ -3511,8 +3536,8 @@
- clamav 0.98.7+dfsg-1
[wheezy] - clamav <no-dsa> (Clamav is only updated through -updates)
[jessie] - clamav <no-dsa> (Clamav is only updated through -updates)
-CVE-2015-2667
- RESERVED
+CVE-2015-2667 (Untrusted search path vulnerability in GNS3 before 1.2.3 allows
local ...)
+ TODO: check
CVE-2015-2665
RESERVED
CVE-2015-2664
@@ -4238,8 +4263,8 @@
NOTE: https://bugs.php.net/bug.php?id=69207
CVE-2015-2347 (Cross-site scripting (XSS) vulnerability in Huawei SEQ Analyst
before ...)
TODO: check
-CVE-2015-2346
- RESERVED
+CVE-2015-2346 (XML external entity (XXE) in Huawei SEQ Analyst before ...)
+ TODO: check
CVE-2015-2345
RESERVED
CVE-2015-2344
@@ -5656,8 +5681,7 @@
CVE-2015-1869
RESERVED
NOT-FOR-US: abrt is Red Hat / Fedora specific
-CVE-2015-1868 [Label decompression bug can cause crashes on specific platforms]
- RESERVED
+CVE-2015-1868 (The label decompression functionality in PowerDNS Recursor
3.5.x, ...)
- pdns 3.4.4-1
[jessie] - pdns 3.4.1-4+deb8u1
[wheezy] - pdns <not-affected> (3.2 and up affected)
@@ -8001,7 +8025,8 @@
[wheezy] - patch <not-affected> (Not affected by CVE-2015-1196 and no
incomplete fix applied)
[squeeze] - patch <not-affected> (Not affected by CVE-2015-1196 and no
incomplete fix applied)
NOTE: http://www.openwall.com/lists/oss-security/2015/01/24/3
-CVE-2015-1353 (Multiple integer overflows in the calendar extension in PHP
through ...)
+CVE-2015-1353
+ REJECTED
NOTE: To be rejected, remove note once REJECTED
CVE-2015-XXXX [off-by-one buffer under-read in mspack/lzxd.c]
- libmspack 0.5-1 (bug #775499)
@@ -9393,7 +9418,7 @@
- iceweasel <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-43/
CVE-2015-0797 (GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0,
...)
- {DSA-3260-1 DSA-3225-1}
+ {DSA-3264-1 DSA-3260-1 DSA-3225-1}
- gst-plugins-bad0.10 <unfixed> (bug #784220)
[jessie] - gst-plugins-bad0.10 <no-dsa> (Minor impact compared to
wheezy, no browser attack vector)
[squeeze] - gst-plugins-bad0.10 <not-affected> (vulnerable code
(gst/videoparsers/*) introduced later)
@@ -9521,8 +9546,8 @@
RESERVED
CVE-2015-0740
RESERVED
-CVE-2015-0739
- RESERVED
+CVE-2015-0739 (The Lights-Out Management (LOM) implementation in Cisco
FireSIGHT ...)
+ TODO: check
CVE-2015-0738 (Cross-site scripting (XSS) vulnerability in the Web Tracking
Report ...)
TODO: check
CVE-2015-0737
@@ -12560,8 +12585,7 @@
RESERVED
CVE-2015-0279 (JBoss RichFaces before 4.5.4 allows remote attackers to inject
...)
NOT-FOR-US: RichFaces
-CVE-2015-0278 [incorrect revocation order while relinquishing privileges]
- RESERVED
+CVE-2015-0278 (libuv before 0.10.34 does not properly drop group privileges,
which ...)
- libuv 0.10.28-6 (bug #779173)
NOTE:
https://github.com/libuv/libuv/commit/66ab38918c911bcff025562cf06237d7fedaba0c
NOTE: https://github.com/libuv/libuv/pull/215
@@ -14847,10 +14871,10 @@
NOT-FOR-US: Advantech AdamView
CVE-2014-8385 (Buffer overflow on Advantech EKI-1200 gateways with firmware
before ...)
NOT-FOR-US: Advantech EKI-1200 gateways
-CVE-2014-8384
- RESERVED
-CVE-2014-8383
- RESERVED
+CVE-2014-8384 (The InFocus IN3128HD projector with firmware 0.26 does not
restrict ...)
+ TODO: check
+CVE-2014-8383 (The InFocus IN3128HD projector with firmware 0.26 allows remote
...)
+ TODO: check
CVE-2014-8382
RESERVED
CVE-2014-8381 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
@@ -26289,7 +26313,7 @@
[squeeze] - hostapd <not-affected> (Vulnerable code not present in
0.6.10)
- wpa 2.3-1 (bug #765352; high)
CVE-2014-3685
- RESERVED
+ REJECTED
CVE-2014-3684 (The tm_adopt function in lib/Libifl/tm.c in Terascale
Open-Source ...)
{DSA-3058-1 DLA-78-1}
- torque 2.4.16+dfsg-1.5 (bug #763922)
@@ -36743,7 +36767,7 @@
- openssl 1.0.1h-1 (bug #750665)
[squeeze] - openssl 0.9.8o-4squeeze15
CVE-2014-0194
- RESERVED
+ REJECTED
CVE-2014-0193 (WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x
before ...)
- netty <not-affected> (WebSocket08FrameDecoder function not present;
bug #746639)
CVE-2014-0192 (Foreman 1.4.0 before 1.5.0 does not properly restrict access to
...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
