[Secure-testing-commits] r36838 - data/CVE

Fri, 25 Sep 2015 13:46:29 -0700 

Author: mgilbert
Date: 2015-09-25 20:45:45 +0000 (Fri, 25 Sep 2015)
New Revision: 36838

Modified:
   data/CVE/list
Log:
nfus and a few already fixed chromium issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2015-09-25 16:27:12 UTC (rev 36837)
+++ data/CVE/list       2015-09-25 20:45:45 UTC (rev 36838)
@@ -44,7 +44,7 @@
 CVE-2015-7315
        RESERVED
 CVE-2015-7310 (McAfee Enterprise Security Manager (ESM), Enterprise Security 
...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2015-7309 (The theme editor in Bolt before 2.2.5 does not check the file 
...)
        TODO: check
 CVE-2015-7314
@@ -194,7 +194,7 @@
 CVE-2015-7244
        RESERVED
 CVE-2015-7243 (Buffer overflow in Boxoft WAV to MP3 Converter allows remote 
attackers ...)
-       TODO: check
+       NOT-FOR-US: Boxoft
 CVE-2015-7242
        RESERVED
 CVE-2015-7241
@@ -202,11 +202,11 @@
 CVE-2015-7240
        RESERVED
 CVE-2015-7239 (SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM 
function ...)
-       TODO: check
+       NOT-FOR-US: J2EE
 CVE-2015-7238 (The Secondary server in Threat Intelligence Exchange (TIE) 
before ...)
-       TODO: check
+       NOT-FOR-US: TIE
 CVE-2015-7237 (Directory traversal vulnerability in the remote log viewing ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2015-7235 (Multiple SQL injection vulnerabilities in dex_reservations.php 
in the ...)
        NOT-FOR-US: CP Reservation Calendar plugin for WordPress
 CVE-2015-7234 (The OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF 
...)
@@ -760,29 +760,29 @@
 CVE-2015-6974
        RESERVED
 CVE-2015-6973 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
Ignite ...)
-       TODO: check
+       NOT-FOR-US: Openfire
 CVE-2015-6972 (Multiple cross-site scripting (XSS) vulnerabilities in Ignite 
Realtime ...)
-       TODO: check
+       NOT-FOR-US: Openfire
 CVE-2015-6971
        RESERVED
 CVE-2015-6970
        RESERVED
 CVE-2015-6969 (Cross-site scripting (XSS) vulnerability in js/2k11.min.js in 
the 2k11 ...)
-       TODO: check
+       NOT-FOR-US: Serendipity
 CVE-2015-6968 (Multiple incomplete blacklist vulnerabilities in the ...)
-       TODO: check
+       NOT-FOR-US: Serendipity
 CVE-2015-6967 (Unrestricted file upload vulnerability in the My Image plugin 
in ...)
-       TODO: check
+       NOT-FOR-US: Nibbleblog
 CVE-2015-6966 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
...)
-       TODO: check
+       NOT-FOR-US: Nibbleblog
 CVE-2015-6965 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
the ...)
-       TODO: check
+       NOT-FOR-US: Contact Form Generator plugin for WordPress
 CVE-2015-6964
        RESERVED
 CVE-2015-6963
        RESERVED
 CVE-2015-6962 (SQL injection vulnerability in the web application in Farol 
allows ...)
-       TODO: check
+       NOT-FOR-US: Farol
 CVE-2015-7236 [remote triggerable use-after-free in rpcbind]
        RESERVED
        {DSA-3366-1 DLA-311-1}
@@ -834,7 +834,7 @@
 CVE-2015-6941
        RESERVED
 CVE-2015-6940 (The GetResource servlet in Pentaho Business Analytics (BA) 
Suite ...)
-       TODO: check
+       NOT-FOR-US: Pentaho
 CVE-2015-XXXX [ross-site scripting vulnerability in the user list table]
        - wordpress 4.3.1+dfsg-1 (bug #799140)
        NOTE: 
https://github.com/WordPress/WordPress/commit/f91a5fd10ea7245e5b41e288624819a37adf290a
@@ -847,7 +847,7 @@
        [experimental] - bouncycastle 1.51-1
        NOTE: 
http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html
 CVE-2015-6939 (Cross-site scripting (XSS) vulnerability in the login module in 
...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2015-6936
        RESERVED
 CVE-2015-6935
@@ -857,7 +857,7 @@
 CVE-2015-6933
        RESERVED
 CVE-2015-6932 (VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not 
verify ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2015-6931
        RESERVED
 CVE-2014-9745 (The parse_encoding function in type1/t1load.c in FreeType 
before 2.5.3 ...)
@@ -871,7 +871,7 @@
 CVE-2015-6930
        RESERVED
 CVE-2015-6929 (Multiple cross-site scripting (XSS) vulnerabilities in Nokia 
Networks ...)
-       TODO: check
+       NOT-FOR-US: Nokia
 CVE-2015-6928
        RESERVED
 CVE-2015-6926
@@ -1102,7 +1102,7 @@
 CVE-2015-6829 (Multiple SQL injection vulnerabilities in the getip function in 
...)
        NOT-FOR-US: getip function in wp-limit-login-attempts.php in the WP 
Limit Login Attempts plugin for WordPress
 CVE-2015-6828 (The tweet_info function in class/__functions.php in the 
SecureMoz ...)
-       TODO: check
+       NOT-FOR-US: SecureMoz plugin
 CVE-2015-6827 (Cross-site request forgery (CSRF) vulnerability in 
Auto-Exchanger ...)
        NOT-FOR-US: Auto-Exchanger
 CVE-2015-6826 (The ff_rv34_decode_init_thread_copy function in 
libavcodec/rv34.c in ...)
@@ -1154,9 +1154,9 @@
 CVE-2015-6809 (Multiple cross-site scripting (XSS) vulnerabilities in BEdita 
before ...)
        NOT-FOR-US: BEdita
 CVE-2015-6808 (Cross-site scripting (XSS) vulnerability in the Spotlight 
module ...)
-       TODO: check
+       NOT-FOR-US: Spotlight module for Drupal
 CVE-2015-6807 (Cross-site scripting (XSS) vulnerability in the Mass Contact 
module ...)
-       TODO: check
+       NOT-FOR-US: Mass Contact module for Drupal
 CVE-2015-6805 (Cross-site scripting (XSS) vulnerability in the MDC Private 
Message ...)
        NOT-FOR-US: MDC Private Message plugin for WordPress
 CVE-2015-6830 (libraries/plugins/auth/AuthenticationCookie.class.php in 
phpMyAdmin ...)
@@ -1548,7 +1548,7 @@
 CVE-2015-6675 (Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables 
the IP ...)
        NOT-FOR-US: Siemens RUGGEDCOM ROS
 CVE-2015-6672 (Cross-site scripting (XSS) vulnerability in the Administrative 
Web ...)
-       TODO: check
+       NOT-FOR-US: Citrix
 CVE-2015-6671
        RESERVED
 CVE-2015-6670 [Calendar export: Authorization Bypass Through User-Controlled 
Key]
@@ -1727,11 +1727,17 @@
 CVE-2015-6585
        RESERVED
 CVE-2015-6584 (Cross-site scripting (XSS) vulnerability in the DataTables 
plugin ...)
-       TODO: check
+       NOT-FOR-US: DataTables plugin for jQuery
 CVE-2015-6583 (Google Chrome before 45.0.2454.85 does not display a location 
bar for ...)
-       TODO: check
+       - chromium-browser 45.0.2454.85-1
+       [jessie] - chromium-browser 45.0.2454.85-1~deb8u1
+       [wheezy] - chromium-browser <end-of-life>
+       [squeeze] - chromium-browser <end-of-life>
 CVE-2015-6582 (The decompose function in 
platform/transforms/TransformationMatrix.cpp ...)
-       TODO: check
+       - chromium-browser 45.0.2454.85-1
+       [jessie] - chromium-browser 45.0.2454.85-1~deb8u1
+       [wheezy] - chromium-browser <end-of-life>
+       [squeeze] - chromium-browser <end-of-life>
 CVE-2015-6581 (Double free vulnerability in the ...)
        - openjpeg2 <unfixed>
        - openjpeg <unfixed>
@@ -1741,7 +1747,10 @@
        [squeeze] - chromium-browser <end-of-life>
        TODO: check
 CVE-2015-6580 (Multiple unspecified vulnerabilities in Google V8 before 
4.5.103.29, ...)
-       TODO: check
+       - chromium-browser 45.0.2454.85-1
+       [jessie] - chromium-browser 45.0.2454.85-1~deb8u1
+       [wheezy] - chromium-browser <end-of-life>
+       [squeeze] - chromium-browser <end-of-life>
 CVE-2015-6579
        RESERVED
 CVE-2015-6578


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to