Author: sectracker
Date: 2015-10-02 21:10:31 +0000 (Fri, 02 Oct 2015)
New Revision: 36969
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-10-02 20:28:00 UTC (rev 36968)
+++ data/CVE/list 2015-10-02 21:10:31 UTC (rev 36969)
@@ -1,7 +1,125 @@
+CVE-2015-7671
+ RESERVED
+CVE-2015-7670
+ RESERVED
+CVE-2015-7669
+ RESERVED
+CVE-2015-7668
+ RESERVED
+CVE-2015-7667
+ RESERVED
+CVE-2015-7666
+ RESERVED
+CVE-2015-7664
+ RESERVED
+CVE-2015-7663
+ RESERVED
+CVE-2015-7662
+ RESERVED
+CVE-2015-7661
+ RESERVED
+CVE-2015-7660
+ RESERVED
+CVE-2015-7659
+ RESERVED
+CVE-2015-7658
+ RESERVED
+CVE-2015-7657
+ RESERVED
+CVE-2015-7656
+ RESERVED
+CVE-2015-7655
+ RESERVED
+CVE-2015-7654
+ RESERVED
+CVE-2015-7653
+ RESERVED
+CVE-2015-7652
+ RESERVED
+CVE-2015-7651
+ RESERVED
+CVE-2015-7650
+ RESERVED
+CVE-2015-7649
+ RESERVED
+CVE-2015-7648
+ RESERVED
+CVE-2015-7647
+ RESERVED
+CVE-2015-7646
+ RESERVED
+CVE-2015-7645
+ RESERVED
+CVE-2015-7644
+ RESERVED
+CVE-2015-7643
+ RESERVED
+CVE-2015-7642
+ RESERVED
+CVE-2015-7641
+ RESERVED
+CVE-2015-7640
+ RESERVED
+CVE-2015-7639
+ RESERVED
+CVE-2015-7638
+ RESERVED
+CVE-2015-7637
+ RESERVED
+CVE-2015-7636
+ RESERVED
+CVE-2015-7635
+ RESERVED
+CVE-2015-7634
+ RESERVED
+CVE-2015-7633
+ RESERVED
+CVE-2015-7632
+ RESERVED
+CVE-2015-7631
+ RESERVED
+CVE-2015-7630
+ RESERVED
+CVE-2015-7629
+ RESERVED
+CVE-2015-7628
+ RESERVED
+CVE-2015-7627
+ RESERVED
+CVE-2015-7626
+ RESERVED
+CVE-2015-7625
+ RESERVED
+CVE-2015-7624
+ RESERVED
+CVE-2015-7623
+ RESERVED
+CVE-2015-7622
+ RESERVED
+CVE-2015-7621
+ RESERVED
+CVE-2015-7620
+ RESERVED
+CVE-2015-7619
+ RESERVED
+CVE-2015-7618
+ RESERVED
+CVE-2015-7617
+ RESERVED
+CVE-2015-7616
+ RESERVED
+CVE-2015-7615
+ RESERVED
+CVE-2015-7614
+ RESERVED
+CVE-2015-7612 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
+ TODO: check
CVE-2015-7665
+ RESERVED
NOT-FOR-US: wget as used in Tails
NOTE: http://www.openwall.com/lists/oss-security/2015/10/01/10
CVE-2015-7613 [Unauthorized access to IPC objects with SysV shm]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a532277938798b53178d5a66af6e2915cb27cf
@@ -44,6 +162,7 @@
NOTE:
https://github.com/zendframework/zf1/commit/2ac9c30f73ec2e6235c602bed745749a551b4fe2
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/09/30/6
CVE-2015-7611
+ RESERVED
NOT-FOR-US: Apache James
CVE-2015-7604 (Cross-site scripting (XSS) vulnerability in Splunk Web in
Splunk ...)
TODO: check
@@ -687,8 +806,7 @@
NOTE: Test file here:
https://marc.info/?l=oss-security&m=144284777006804&q=p6
NOTE: Reproduce with "ltrace -e realloc tiffdither /tmp/oom.tif
/dev/null"
NOTE: at the end you see "libtiff.so.5->realloc(0, 1636178024)"
-CVE-2015-7311 [XSA-142]
- RESERVED
+CVE-2015-7311 (libxl in Xen 4.1.x through 4.6.x does not properly handle the
readonly ...)
- xen <unfixed>
[jessie] - xen <no-dsa> (Minor issue, can be fixed along in a later DSA)
[wheezy] - xen <no-dsa> (Minor issue, can be fixed along in a later DSA)
@@ -1388,8 +1506,7 @@
RESERVED
CVE-2015-6962 (SQL injection vulnerability in the web application in Farol
allows ...)
NOT-FOR-US: Farol
-CVE-2015-7236 [remote triggerable use-after-free in rpcbind]
- RESERVED
+CVE-2015-7236 (Use-after-free vulnerability in xprt_set_caller in
rpcb_svc_com.c in ...)
{DSA-3366-1 DLA-311-1}
- rpcbind 0.2.1-6.1 (bug #799307)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=946204
@@ -2304,8 +2421,8 @@
RESERVED
CVE-2015-6603
RESERVED
-CVE-2015-6602
- RESERVED
+CVE-2015-6602 (libutils in Android through 5.1.1 LMY48M allows remote
attackers to ...)
+ TODO: check
CVE-2015-6601
RESERVED
CVE-2015-6600
@@ -7522,8 +7639,8 @@
RESERVED
CVE-2015-4547
RESERVED
-CVE-2015-4546
- RESERVED
+CVE-2015-4546 (Directory traversal vulnerability in EMC RSA OneStep 6.9 before
build ...)
+ TODO: check
CVE-2015-4545
RESERVED
CVE-2015-4544 (EMC Documentum Content Server before 7.1P20 and 7.2.x before
7.2P04 ...)
@@ -9420,8 +9537,8 @@
RESERVED
CVE-2015-3877
RESERVED
-CVE-2015-3876
- RESERVED
+CVE-2015-3876 (libstagefright in Android through 5.1.1 LMY48M allows remote
attackers ...)
+ TODO: check
CVE-2015-3875
RESERVED
CVE-2015-3874
@@ -12412,8 +12529,8 @@
NOT-FOR-US: Avigilon Control Center
CVE-2015-2859 (Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and
5.x ...)
NOT-FOR-US: Intel McAfee ePolicy Orchestrator
-CVE-2015-2858
- RESERVED
+CVE-2015-2858 (Datalex airline booking software before 2015-09-03 allows
remote ...)
+ TODO: check
CVE-2015-2857
RESERVED
CVE-2015-2856
@@ -17313,15 +17430,14 @@
RESERVED
CVE-2015-1339
RESERVED
-CVE-2015-1338
- RESERVED
+CVE-2015-1338 (kernel_crashdump in Apport before 2.19 allows local users to
cause a ...)
+ TODO: check
CVE-2015-1337
RESERVED
NOT-FOR-US: simplestreams
CVE-2015-1336
RESERVED
-CVE-2015-1335 [directory traversal]
- RESERVED
+CVE-2015-1335 (lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows
local ...)
- lxc <unfixed> (bug #800471)
NOTE: https://launchpad.net/bugs/1476662
NOTE:
https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
