Author: sectracker
Date: 2015-12-01 21:10:11 +0000 (Tue, 01 Dec 2015)
New Revision: 38021

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2015-12-01 21:02:19 UTC (rev 38020)
+++ data/CVE/list       2015-12-01 21:10:11 UTC (rev 38021)
@@ -1,3 +1,5 @@
+CVE-2015-8377
+       RESERVED
 CVE-2015-XXXX [Avoid unbounded SFTP extended attribute key/values]
        - proftpd-dfsg <unfixed>
        NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4210
@@ -16,6 +18,7 @@
 CVE-2015-8369
        RESERVED
 CVE-2015-8378 [canceling export operation creates cleartext copy of all of the 
user's KeePassX password database entries]
+       RESERVED
        - keepassx <unfixed> (bug #791858)
        NOTE: http://www.openwall.com/lists/oss-security/2015/11/30/4
 CVE-2015-8375
@@ -199,6 +202,7 @@
        RESERVED
 CVE-2015-8313 [fail to check the first byte of the padding in CBC modes]
        RESERVED
+       {DSA-3408-1}
        - gnutls28 <not-affected> (Vulnerable code not present)
        - gnutls26 <removed>
        NOTE: 
https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.html
@@ -5215,10 +5219,10 @@
        RESERVED
 CVE-2015-6387
        RESERVED
-CVE-2015-6386
-       RESERVED
-CVE-2015-6385
-       RESERVED
+CVE-2015-6386 (The passthrough FTP feature on Cisco Web Security Appliance 
(WSA) ...)
+       TODO: check
+CVE-2015-6385 (The publish-event event-manager feature in Cisco IOS 15.5(2)S 
and ...)
+       TODO: check
 CVE-2015-6384
        RESERVED
 CVE-2015-6383
@@ -8007,7 +8011,7 @@
        NOTE: 
https://w1.fi/security/2015-6/wpa_supplicant-unauthorized-wnm-sleep-mode-gtk-control.txt
 CVE-2015-5309 [memory-corrupting integer overflow in the handling of the ECH 
(erase characters) control sequence]
        RESERVED
-       {DLA-347-1}
+       {DSA-3409-1 DLA-347-1}
        - putty 0.66-1
        NOTE: 
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html
        NOTE: 
http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=6056396f77cafc7e40da4d09f1d6212408dcb065
@@ -35974,7 +35978,7 @@
        NOTE: https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706
 CVE-2014-5008 [Incorrect fix for CVE-2008-4796, escapeshellarg required]
        RESERVED
-       {DSA-3248-1}
+       {DSA-3248-1 DLA-357-1}
        - libphp-snoopy 2.0.0-1 (bug #778634)
        NOTE: 
http://mstrokin.com/sec/feed2js-magpierss-0day-vulnerability-not-really-it-is-actually-cve-2005-3330-cve-2008-4796/
        NOTE: This issue exists because of an incorrect fix for CVE-2008-4796 
(i.e., use of escapeshellcmd where escapeshellarg was required).
@@ -74386,7 +74390,7 @@
        NOT-FOR-US: Websense
 CVE-2008-7313 [Incomplete fix for CVE-2008-4796]
        RESERVED
-       {DSA-3248-1}
+       {DSA-3248-1 DLA-357-1}
        - libphp-snoopy 2.0.0-1 (bug #778634)
        NOTE: additional commit missing, so fix for CVE-2008-4796 was incomplete
        NOTE: 
http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to