[Secure-testing-commits] r29682 - data/CVE
Author: fgeek-guest Date: 2014-10-27 11:31:07 + (Mon, 27 Oct 2014) New Revision: 29682 Modified: data/CVE/list Log: CVE-2014-4877/wget Modified: data/CVE/list === --- data/CVE/list 2014-10-27 09:07:06 UTC (rev 29681) +++ data/CVE/list 2014-10-27 11:31:07 UTC (rev 29682) @@ -8142,8 +8142,10 @@ RESERVED CVE-2014-4878 RESERVED -CVE-2014-4877 +CVE-2014-4877 [wget: FTP symlink arbitrary filesystem access] RESERVED + - wget unfixed + NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7 CVE-2014-4876 RESERVED CVE-2014-4875 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29684 - data/CVE
Author: fgeek-guest Date: 2014-10-27 11:47:18 + (Mon, 27 Oct 2014) New Revision: 29684 Modified: data/CVE/list Log: CVE-2014-4877/wget bug Modified: data/CVE/list === --- data/CVE/list 2014-10-27 11:41:27 UTC (rev 29683) +++ data/CVE/list 2014-10-27 11:47:18 UTC (rev 29684) @@ -8144,7 +8144,7 @@ RESERVED CVE-2014-4877 [wget: FTP symlink arbitrary filesystem access] RESERVED - - wget unfixed + - wget unfixed (bug #766981) NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7 CVE-2014-4876 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29685 - data/CVE
Author: fgeek-guest Date: 2014-10-27 12:31:04 + (Mon, 27 Oct 2014) New Revision: 29685 Modified: data/CVE/list Log: CVE-2014-4877/wget fixed Modified: data/CVE/list === --- data/CVE/list 2014-10-27 11:47:18 UTC (rev 29684) +++ data/CVE/list 2014-10-27 12:31:04 UTC (rev 29685) @@ -8144,7 +8144,7 @@ RESERVED CVE-2014-4877 [wget: FTP symlink arbitrary filesystem access] RESERVED - - wget unfixed (bug #766981) + - wget 1.16-1 (bug #766981) NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7 CVE-2014-4876 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29636 - data/CVE
Author: fgeek-guest Date: 2014-10-25 10:14:40 + (Sat, 25 Oct 2014) New Revision: 29636 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-10-25 10:09:36 UTC (rev 29635) +++ data/CVE/list 2014-10-25 10:14:40 UTC (rev 29636) @@ -43951,11 +43951,11 @@ CVE-2012-5245 RESERVED CVE-2012-5244 (Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and ...) - TODO: check + NOT-FOR-US: Banana Dance CVE-2012-5243 (functions/suggest.php in Banana Dance B.2.6 and earlier allows remote ...) - TODO: check + NOT-FOR-US: Banana Dance CVE-2012-5242 (Directory traversal vulnerability in functions/suggest.php in Banana ...) - TODO: check + NOT-FOR-US: Banana Dance CVE-2012-5241 RESERVED NOT-FOR-US: PEAR module for Twitter ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29637 - data/CVE
Author: fgeek-guest Date: 2014-10-25 10:21:49 + (Sat, 25 Oct 2014) New Revision: 29637 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-10-25 10:14:40 UTC (rev 29636) +++ data/CVE/list 2014-10-25 10:21:49 UTC (rev 29637) @@ -303,17 +303,17 @@ CVE-2014-8321 RESERVED CVE-2014-8320 (Cross-site scripting (XSS) vulnerability in the Custom Search module ...) - TODO: check + NOT-FOR-US: Drupal module Custom Search CVE-2014-8319 (Cross-site scripting (XSS) vulnerability in the ...) - TODO: check + NOT-FOR-US: Drupal module Easy Social CVE-2014-8318 (Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x ...) - TODO: check + NOT-FOR-US: Drupal module Webform CVE-2014-8317 (Cross-site scripting (XSS) vulnerability in the Webform Validation ...) - TODO: check + NOT-FOR-US: Drupal module Webform Validation CVE-2013-7407 (Cross-site request forgery (CSRF) vulnerability in the MRBS module for ...) - TODO: check + NOT-FOR-US: Drupal module MRBS CVE-2013-7406 (SQL injection vulnerability in the MRBS module for Drupal allows ...) - TODO: check + NOT-FOR-US: Drupal module MRBS CVE-2014-8350 [secure mode bypass] RESERVED - smarty3 3.1.21-1 (bug #765920) @@ -42301,9 +42301,9 @@ CVE-2012-5867 RESERVED CVE-2012-5866 (Cross-site scripting (XSS) vulnerability in include.php in Achievo ...) - TODO: check + NOT-FOR-US: Achievo CVE-2012-5865 (SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows ...) - TODO: check + NOT-FOR-US: Achievo CVE-2012-5864 (The management web pages on the Sinapsi eSolar Light Photovoltaic ...) NOT-FOR-US: Sinapsi eSolar Light Photovoltaic System Monitor CVE-2012-5863 (ping.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29638 - data/CVE
Author: fgeek-guest Date: 2014-10-25 10:28:07 + (Sat, 25 Oct 2014) New Revision: 29638 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-10-25 10:21:49 UTC (rev 29637) +++ data/CVE/list 2014-10-25 10:28:07 UTC (rev 29638) @@ -227,9 +227,9 @@ CVE-2014-8365 (Multiple cross-site scripting (XSS) vulnerabilities in Xornic Contact ...) TODO: check CVE-2014-8364 (Cross-site scripting (XSS) vulnerability in ss_handler.php in the ...) - TODO: check + NOT-FOR-US: WordPress plugin wpSS CVE-2014-8363 (SQL injection vulnerability in ss_handler.php in the WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin wpSS CVE-2014-8362 RESERVED CVE-2014-8361 @@ -289,11 +289,11 @@ CVE-2014-8332 RESERVED CVE-2014-8331 (Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei ...) - TODO: check + NOT-FOR-US: Huawei HiLink CVE-2014-8330 (Cross-site scripting (XSS) vulnerability in EspoCRM allows remote ...) - TODO: check + NOT-FOR-US: EspoCRM CVE-2014-8329 (Schrack Technik microControl with firmware before 1.7.0 (937) stores ...) - TODO: check + NOT-FOR-US: Schrack Technik microControl CVE-2014-8324 RESERVED CVE-2014-8323 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29639 - data/CVE
Author: fgeek-guest Date: 2014-10-25 10:42:10 + (Sat, 25 Oct 2014) New Revision: 29639 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-10-25 10:28:07 UTC (rev 29638) +++ data/CVE/list 2014-10-25 10:42:10 UTC (rev 29639) @@ -191,17 +191,17 @@ CVE-2014-8381 (Multiple cross-site scripting (XSS) vulnerabilities in ...) TODO: check CVE-2014-8380 (Cross-site scripting (XSS) vulnerability in Splunk 6.1.1 allows remote ...) - TODO: check + NOT-FOR-US: Splunk CVE-2014-8379 (Multiple cross-site scripting (XSS) vulnerabilities in the Marketo MA ...) - TODO: check + NOT-FOR-US: Drupal module Marketo MA CVE-2014-8378 (Cross-site scripting (XSS) vulnerability in the TableField module ...) - TODO: check + NOT-FOR-US: Drupal module TableField CVE-2014-8377 (Cross-site scripting (XSS) vulnerability in Webasyst Shop-Script ...) TODO: check CVE-2014-8376 (Cross-site scripting (XSS) vulnerability in the context administration ...) - TODO: check + NOT-FOR-US: Drupal module Site Banner CVE-2014-8375 (SQL injection vulnerability in GBgallery.php in the GB Gallery ...) - TODO: check + NOT-FOR-US: WordPress plugin GB Gallery Slideshow CVE-2014-8374 RESERVED CVE-2014-8373 @@ -223,9 +223,9 @@ CVE-2014-8367 RESERVED CVE-2014-8366 (SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote ...) - TODO: check + NOT-FOR-US: openSIS CVE-2014-8365 (Multiple cross-site scripting (XSS) vulnerabilities in Xornic Contact ...) - TODO: check + NOT-FOR-US: Xornic Contact Us Form CVE-2014-8364 (Cross-site scripting (XSS) vulnerability in ss_handler.php in the ...) NOT-FOR-US: WordPress plugin wpSS CVE-2014-8363 (SQL injection vulnerability in ss_handler.php in the WordPress ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29640 - data/CVE
Author: fgeek-guest Date: 2014-10-25 16:54:29 + (Sat, 25 Oct 2014) New Revision: 29640 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-10-25 10:42:10 UTC (rev 29639) +++ data/CVE/list 2014-10-25 16:54:29 UTC (rev 29640) @@ -5267,7 +5267,7 @@ CVE-2014-6101 RESERVED CVE-2014-6100 (Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli ...) - TODO: check + NOT-FOR-US: IBM Tivoli Directory Server CVE-2014-6099 RESERVED CVE-2014-6098 @@ -8206,43 +8206,43 @@ CVE-2014-4841 RESERVED CVE-2014-4840 (IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 ...) - TODO: check + NOT-FOR-US: IBM TRIRIGA Application Platform CVE-2014-4839 RESERVED CVE-2014-4838 (Cross-site scripting (XSS) vulnerability in ...) - TODO: check + NOT-FOR-US: IBM TRIRIGA Application Platform CVE-2014-4837 (Cross-site scripting (XSS) vulnerability in NewDocument.jsp in IBM ...) - TODO: check + NOT-FOR-US: IBM TRIRIGA Application Platform CVE-2014-4836 (Cross-site scripting (XSS) vulnerability in breakOutWithName.jsp in ...) - TODO: check + NOT-FOR-US: IBM TRIRIGA Application Platform CVE-2014-4835 RESERVED CVE-2014-4834 RESERVED CVE-2014-4833 (IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote ...) - TODO: check + NOT-FOR-US: IBM Security QRadar SIEM CVE-2014-4832 RESERVED CVE-2014-4831 RESERVED CVE-2014-4830 (IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not ...) - TODO: check + NOT-FOR-US: IBM Security QRadar SIEM CVE-2014-4829 RESERVED CVE-2014-4828 (IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote ...) - TODO: check + NOT-FOR-US: IBM Security QRadar SIEM CVE-2014-4827 (Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM ...) - TODO: check + NOT-FOR-US: IBM Security QRadar SIEM CVE-2014-4826 (IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 does not properly ...) NOT-FOR-US: IBM Security QRadar CVE-2014-4825 (IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not ...) - TODO: check + NOT-FOR-US: IBM Security QRadar SIEM CVE-2014-4824 (SQL injection vulnerability in IBM Security QRadar SIEM 7.2 before ...) NOT-FOR-US: IBM Security QRadar CVE-2014-4823 (The administration console in IBM Security Access Manager for Web 7.x ...) NOT-FOR-US: IBM Security Access Manager CVE-2014-4822 (IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and ...) - TODO: check + NOT-FOR-US: IBM WebSphere MQ CVE-2014-4821 RESERVED CVE-2014-4820 (Cross-site scripting (XSS) vulnerability in IBM Integration Bus ...) @@ -8354,7 +8354,7 @@ CVE-2014-4767 (IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2014-4766 (IBM Sametime Classic Meeting Server 8.0.x and 8.5.x allows remote ...) - TODO: check + NOT-FOR-US: IBM Sametime Classic Meeting Server CVE-2014-4765 (IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2014-4764 (IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x ...) @@ -12827,7 +12827,7 @@ CVE-2014-3092 (IBM Jazz Team Server, as used in Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM CVE-2014-3091 (Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM ...) - TODO: check + NOT-FOR-US: IBM Security QRadar SIEM CVE-2014-3090 (IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and ...) NOT-FOR-US: IBM Rational ClearCase CVE-2014-3089 (The RDS Java Client library in IBM Rational Directory Server (RDS) ...) @@ -12967,7 +12967,7 @@ CVE-2014-3022 (IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2014-3021 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before ...) - TODO: check + NOT-FOR-US: IBM WebSphere Application Server CVE-2014-3020 (install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 ...) NOT-FOR-US: IBM Tivoli Integrated Portal CVE-2014-3019 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29641 - data/CVE
Author: fgeek-guest Date: 2014-10-25 16:59:04 + (Sat, 25 Oct 2014) New Revision: 29641 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-10-25 16:54:29 UTC (rev 29640) +++ data/CVE/list 2014-10-25 16:59:04 UTC (rev 29641) @@ -9924,9 +9924,9 @@ CVE-2014-4123 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4122 (Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2014-4121 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2014-4120 RESERVED CVE-2014-4119 @@ -9938,11 +9938,11 @@ CVE-2014-4116 RESERVED CVE-2014-4115 (fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2014-4114 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2014-4113 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2014-4112 RESERVED CVE-2014-4111 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...) @@ -10018,11 +10018,11 @@ CVE-2014-4076 RESERVED CVE-2014-4075 (Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2014-4074 (The Task Scheduler in Microsoft Windows 8, Windows 8.1, Windows Server ...) NOT-FOR-US: Microsoft CVE-2014-4073 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2014-4072 (Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, ...) NOT-FOR-US: Microsoft CVE-2014-4071 (The Server in Microsoft Lync Server 2013 allows remote attackers to ...) @@ -13034,7 +13034,7 @@ CVE-2014-2996 (XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem ...) NOT-FOR-US: XCloner Standalone CVE-2014-2995 (Multiple cross-site scripting (XSS) vulnerabilities in twitget.php in ...) - TODO: check + NOT-FOR-US: WordPress plugin Twitget CVE-2014-2994 (Stack-based buffer overflow in Acunetix Web Vulnerability Scanner ...) NOT-FOR-US: Acunetix Web Vulnerability Scanner CVE-2014-2993 (The Birebin.com application for Android does not verify X.509 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29642 - data/CVE
Author: fgeek-guest Date: 2014-10-25 17:01:35 + (Sat, 25 Oct 2014) New Revision: 29642 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-10-25 16:59:04 UTC (rev 29641) +++ data/CVE/list 2014-10-25 17:01:35 UTC (rev 29642) @@ -197,7 +197,7 @@ CVE-2014-8378 (Cross-site scripting (XSS) vulnerability in the TableField module ...) NOT-FOR-US: Drupal module TableField CVE-2014-8377 (Cross-site scripting (XSS) vulnerability in Webasyst Shop-Script ...) - TODO: check + NOT-FOR-US: Webasyst Shop-Script CVE-2014-8376 (Cross-site scripting (XSS) vulnerability in the context administration ...) NOT-FOR-US: Drupal module Site Banner CVE-2014-8375 (SQL injection vulnerability in GBgallery.php in the GB Gallery ...) @@ -415,9 +415,9 @@ CVE-2014-8757 RESERVED CVE-2014-8756 (The NcrCtl4.NcrNet.1 control in Panasonic Network Camera Recorder ...) - TODO: check + NOT-FOR-US: Panasonic Network Camera CVE-2014-8755 (Panasonic Network Camera View 3 and 4 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Panasonic Network Camera CVE-2014-8754 RESERVED CVE-2014-8753 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29643 - data/CVE
Author: fgeek-guest Date: 2014-10-25 17:04:42 + (Sat, 25 Oct 2014) New Revision: 29643 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-10-25 17:01:35 UTC (rev 29642) +++ data/CVE/list 2014-10-25 17:04:42 UTC (rev 29643) @@ -10270,7 +10270,7 @@ RESERVED NOT-FOR-US: Bytemark Symbiosis CVE-2014-3978 (SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote ...) - TODO: check + NOT-FOR-US: TomatoCart CVE-2014-3977 (libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to ...) NOT-FOR-US: IBM AIX CVE-2014-3976 (Buffer overflow in A10 Networks Advanced Core Operating System (ACOS) ...) @@ -10536,7 +10536,7 @@ CVE-2014-3867 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...) NOT-FOR-US: IBM Sametime CVE-2014-3863 (Cross-site scripting (XSS) vulnerability in the JChatSocial component ...) - TODO: check + NOT-FOR-US: Joomla! component JChatSocial CVE-2014-3862 (CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to ...) NOT-FOR-US: HL7 C-CDA CVE-2014-3861 (Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 ...) @@ -10657,11 +10657,11 @@ CVE-2014-3831 REJECTED CVE-2014-3830 (Cross-site scripting (XSS) vulnerability in info.php in TomatoCart ...) - TODO: check + NOT-FOR-US: TomatoCart CVE-2014-3829 (displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise ...) - TODO: check + NOT-FOR-US: Centreon CVE-2014-3828 (Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon ...) - TODO: check + NOT-FOR-US: Centreon CVE-2014-3827 RESERVED CVE-2014-3826 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29614 - data/CVE
Author: fgeek-guest Date: 2014-10-24 14:54:42 + (Fri, 24 Oct 2014) New Revision: 29614 Modified: data/CVE/list Log: NFU ESA-2014-094, ESA-2014-096, ESA-2014-087 Modified: data/CVE/list === --- data/CVE/list 2014-10-24 10:47:47 UTC (rev 29613) +++ data/CVE/list 2014-10-24 14:54:42 UTC (rev 29614) @@ -2757,6 +2757,7 @@ NOT-FOR-US: Max Foundry MaxButtons plugin for WordPress CVE-2014-7180 RESERVED + NOT-FOR-US: ElectricCommander CVE-2014-7179 RESERVED CVE-2014-7178 @@ -8753,14 +8754,17 @@ RESERVED CVE-2014-4624 RESERVED + NOT-FOR-US: EMC Avamar CVE-2014-4623 RESERVED + NOT-FOR-US: EMC Avamar CVE-2014-4622 (EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and ...) NOT-FOR-US: EMC Documentum Content Server CVE-2014-4621 (EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and ...) NOT-FOR-US: EMC Documentum Content Server CVE-2014-4620 RESERVED + NOT-FOR-US: EMC NetWorker CVE-2014-4619 (EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 ...) NOT-FOR-US: EMC RSA Identity Management and Governance CVE-2014-4618 (EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29615 - data/CVE
Author: fgeek-guest Date: 2014-10-24 18:30:38 + (Fri, 24 Oct 2014) New Revision: 29615 Modified: data/CVE/list Log: CVE-2014-8369 Modified: data/CVE/list === --- data/CVE/list 2014-10-24 14:54:42 UTC (rev 29614) +++ data/CVE/list 2014-10-24 18:30:38 UTC (rev 29615) @@ -203,8 +203,11 @@ RESERVED CVE-2014-8370 RESERVED -CVE-2014-8369 +CVE-2014-8369 [Incorrect fix for CVE-2014-3601] RESERVED + - linux unfixed + - linux-2.6 unfixed + NOTE: https://lkml.org/lkml/2014/10/24/460 CVE-2014-8368 RESERVED CVE-2014-8367 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29617 - data/CVE
Author: fgeek-guest Date: 2014-10-24 19:05:54 + (Fri, 24 Oct 2014) New Revision: 29617 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-10-24 18:48:05 UTC (rev 29616) +++ data/CVE/list 2014-10-24 19:05:54 UTC (rev 29617) @@ -11148,8 +11148,10 @@ RESERVED CVE-2014-3624 RESERVED + NOT-FOR-US: Apache CXF CVE-2014-3623 RESERVED + NOT-FOR-US: Apache CXF CVE-2014-3622 [Posthandler Potential Illegal efree() vulnerability] RESERVED - php5 5.6.1+dfsg-1 (unimportant) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29569 - data/CVE
Author: fgeek-guest Date: 2014-10-22 14:15:27 + (Wed, 22 Oct 2014) New Revision: 29569 Modified: data/CVE/list Log: CVE-2014-6439/elasticsearch fixed Modified: data/CVE/list === --- data/CVE/list 2014-10-22 09:19:24 UTC (rev 29568) +++ data/CVE/list 2014-10-22 14:15:27 UTC (rev 29569) @@ -4109,7 +4109,7 @@ CVE-2014-6440 RESERVED CVE-2014-6439 (Cross-site scripting (XSS) vulnerability in the CORS functionality in ...) - - elasticsearch unfixed (bug #763958; low) + - elasticsearch 1.0.3+dfsg-4 (bug #763958; low) CVE-2014-6438 RESERVED CVE-2014-6437 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29546 - data/CVE
Author: fgeek-guest Date: 2014-10-21 07:06:12 + (Tue, 21 Oct 2014) New Revision: 29546 Modified: data/CVE/list Log: NFU, external check handled Modified: data/CVE/list === --- data/CVE/list 2014-10-20 22:50:12 UTC (rev 29545) +++ data/CVE/list 2014-10-21 07:06:12 UTC (rev 29546) @@ -10672,6 +10672,7 @@ NOTE: Introduced by: libvirt.org/git/?p=libvirt.git;a=commit;h=2c6808044408fba9ff9547ad88bb8a0f44ee21a0 (v0.10.0-rc0) CVE-2014-3656 RESERVED + NOT-FOR-US: JBoss KeyCloak CVE-2014-3655 RESERVED NOT-FOR-US: JBoss KeyCloak @@ -10684,8 +10685,10 @@ NOTE: https://github.com/sodabrew/foreman/issues/1 CVE-2014-3652 RESERVED + NOT-FOR-US: JBoss KeyCloak CVE-2014-3651 RESERVED + NOT-FOR-US: JBoss KeyCloak CVE-2014-3650 RESERVED CVE-2014-3649 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29503 - data/CVE
Author: fgeek-guest Date: 2014-10-18 08:58:47 + (Sat, 18 Oct 2014) New Revision: 29503 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-10-18 08:57:19 UTC (rev 29502) +++ data/CVE/list 2014-10-18 08:58:47 UTC (rev 29503) @@ -1,3 +1,5 @@ +CVE-2014-8325 + NOT-FOR-US: TYPO3 extension cal CVE-2014-8316 (XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP ...) TODO: check CVE-2014-8315 (polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29504 - data/CVE
Author: fgeek-guest Date: 2014-10-18 08:59:54 + (Sat, 18 Oct 2014) New Revision: 29504 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-10-18 08:58:47 UTC (rev 29503) +++ data/CVE/list 2014-10-18 08:59:54 UTC (rev 29504) @@ -27,11 +27,11 @@ CVE-2014-8304 (Cross-site scripting (XSS) vulnerability in In-Portal CMS 5.2.0 and ...) TODO: check CVE-2014-8303 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk ...) - TODO: check + NOT-FOR-US: Splunk Web CVE-2014-8302 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk ...) - TODO: check + NOT-FOR-US: Splunk Web CVE-2014-8301 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk ...) - TODO: check + NOT-FOR-US: Splunk Web CVE-2014-8300 RESERVED CVE-2014-8299 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29516 - data/CVE
Author: fgeek-guest Date: 2014-10-18 19:55:49 + (Sat, 18 Oct 2014) New Revision: 29516 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-10-18 19:54:50 UTC (rev 29515) +++ data/CVE/list 2014-10-18 19:55:49 UTC (rev 29516) @@ -1,3 +1,8 @@ +CVE-2014-8328 + NOT-FOR-US: TYPO3 extension dce +CVE-2014-8327 + NOT-FOR-US: TYPO3 extension fal_sftp +CVE-2014-8326 CVE-2014-8325 NOT-FOR-US: TYPO3 extension cal CVE-2014-8316 (XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29470 - data/CVE
Author: fgeek-guest Date: 2014-10-17 10:02:57 + (Fri, 17 Oct 2014) New Revision: 29470 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-10-17 07:47:37 UTC (rev 29469) +++ data/CVE/list 2014-10-17 10:02:57 UTC (rev 29470) @@ -17737,6 +17737,7 @@ RESERVED CVE-2014-0995 RESERVED + NOT-FOR-US: SAP Netweaver CVE-2014-0994 (Heap-based buffer overflow in the ReadDIB function in the ...) NOT-FOR-US: Delphi CVE-2014-0993 (Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29427 - data/CVE
Author: fgeek-guest Date: 2014-10-16 09:10:16 + (Thu, 16 Oct 2014) New Revision: 29427 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-10-16 08:59:43 UTC (rev 29426) +++ data/CVE/list 2014-10-16 09:10:16 UTC (rev 29427) @@ -29,17 +29,17 @@ CVE-2014-8749 RESERVED CVE-2014-8748 (Cross-site scripting (XSS) vulnerability in the Google Doubleclick for ...) - TODO: check + NOT-FOR-US: Drupal module Google Doubleclick for Publishers CVE-2014-8747 (Cross-site scripting (XSS) vulnerability in the Drupal Commons module ...) - TODO: check + NOT-FOR-US: Drupal module Drupal Commons CVE-2014-8746 (Cross-site scripting (XSS) vulnerability in the Skeleton theme 7.x-1.2 ...) - TODO: check + NOT-FOR-US: Drupal theme Skeleton CVE-2014-8745 (Cross-site scripting (XSS) vulnerability in the Custom Search module ...) - TODO: check + NOT-FOR-US: Drupal module Custom Search CVE-2014-8744 (Cross-site scripting (XSS) vulnerability in the Nivo Slider module ...) - TODO: check + NOT-FOR-US: Drupal module Nivo Slider CVE-2014-8743 (Multiple cross-site scripting (XSS) vulnerabilities in the Maestro ...) - TODO: check + NOT-FOR-US: Drupal module Maestro CVE-2014-8292 RESERVED CVE-2014-8291 @@ -2079,7 +2079,7 @@ CVE-2014-7298 RESERVED CVE-2014-7297 (Unspecified vulnerability in the folder framework in the Enfold theme ...) - TODO: check + NOT-FOR-US: folder framework in the Enfold theme for WordPress CVE-2014-7296 (The default configuration in the accessibility engine in SpagoBI 5.0.0 ...) NOT-FOR-US: Spago CVE-2014-7294 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29429 - data/CVE
Author: fgeek-guest Date: 2014-10-16 11:41:01 + (Thu, 16 Oct 2014) New Revision: 29429 Modified: data/CVE/list Log: NFU HPSBMU03126 Modified: data/CVE/list === --- data/CVE/list 2014-10-16 09:14:17 UTC (rev 29428) +++ data/CVE/list 2014-10-16 11:41:01 UTC (rev 29429) @@ -13499,6 +13499,7 @@ NOT-FOR-US: HP Operations Manager CVE-2014-2647 RESERVED + NOT-FOR-US: HP Operations Manager CVE-2014-2646 (Unspecified vulnerability in HP Network Automation 9.10 and 9.20 ...) TODO: check CVE-2014-2645 (HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29430 - data/CVE
Author: fgeek-guest Date: 2014-10-16 12:12:10 + (Thu, 16 Oct 2014) New Revision: 29430 Modified: data/CVE/list Log: NFU cisco-sa-20141015-vcs, cisco-sa-20141015-mcu Modified: data/CVE/list === --- data/CVE/list 2014-10-16 11:41:01 UTC (rev 29429) +++ data/CVE/list 2014-10-16 12:12:10 UTC (rev 29430) @@ -11469,6 +11469,7 @@ NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2014-3397 RESERVED + NOT-FOR-US: TelePresence MCU CVE-2014-3396 (Cisco IOS XR on ASR 9000 devices does not properly use compression for ...) NOT-FOR-US: Cisco IOS CVE-2014-3395 (Cisco WebEx Meetings Server (WMS) 2.5 allows remote attackers to ...) @@ -11523,10 +11524,13 @@ RESERVED CVE-2014-3370 RESERVED + NOT-FOR-US: Cisco TelePresence CVE-2014-3369 RESERVED + NOT-FOR-US: Cisco TelePresence CVE-2014-3368 RESERVED + NOT-FOR-US: Cisco TelePresence CVE-2014-3367 (Cross-site scripting (XSS) vulnerability in the vCloud Director ...) NOT-FOR-US: Cisco CVE-2014-3366 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29431 - data/CVE
Author: fgeek-guest Date: 2014-10-16 14:36:56 + (Thu, 16 Oct 2014) New Revision: 29431 Modified: data/CVE/list Log: CVE-2014-8760/ejabberd Modified: data/CVE/list === --- data/CVE/list 2014-10-16 12:12:10 UTC (rev 29430) +++ data/CVE/list 2014-10-16 14:36:56 UTC (rev 29431) @@ -6,8 +6,11 @@ RESERVED CVE-2014-8761 RESERVED -CVE-2014-8760 +CVE-2014-8760 [ejabberd: compression allows cirucumvention of encryption despite starttls_required] RESERVED + - ejabberd unfixed + NOTE: http://mail.jabber.org/pipermail/operators/2014-October/002438.html + NOTE: Patch https://github.com/processone/ejabberd/commit/7bdc1151b CVE-2014-8759 RESERVED CVE-2014-8758 @@ -464,10 +467,6 @@ TODO: check CVE-2014-8075 (Cross-site scripting (XSS) vulnerability in the Tribune module 6.x-1.x ...) TODO: check -CVE-2014- [ejabberd: compression allows cirucumvention of encryption despite starttls_required] - - ejabberd unfixed - NOTE: http://mail.jabber.org/pipermail/operators/2014-October/002438.html - NOTE: Patch https://github.com/processone/ejabberd/commit/7bdc1151b CVE-2014-8766 (Multiple SQL injection vulnerabilities in Allomani Weblinks 1.0 allow ...) NOT-FOR-US: Allomani Weblinks CVE-2014-8765 (Multiple cross-site scripting (XSS) vulnerabilities in the Project ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29408 - data/CVE
Author: fgeek-guest Date: 2014-10-15 07:00:40 + (Wed, 15 Oct 2014) New Revision: 29408 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-10-15 06:05:11 UTC (rev 29407) +++ data/CVE/list 2014-10-15 07:00:40 UTC (rev 29408) @@ -2,9 +2,13 @@ - ejabberd unfixed NOTE: http://mail.jabber.org/pipermail/operators/2014-October/002438.html NOTE: Patch https://github.com/processone/ejabberd/commit/7bdc1151b +CVE-2014-8766 + NOT-FOR-US: Allomani Weblinks +CVE-2014-8765 + NOT-FOR-US: Drupal module Project Issue File Review CVE-2014-8750 - nova unfixed -[wheezy] - nova not-affected (Vulnerable code not present) + [wheezy] - nova not-affected (Vulnerable code not present) NOTE: https://launchpad.net/bugs/1357372 CVE-2014- [rsync collision attack] - rsync unfixed (low) @@ -36,8 +40,10 @@ RESERVED CVE-2014-8070 RESERVED + NOT-FOR-US: YOOtheme Pagekit CMS CVE-2014-8069 RESERVED + NOT-FOR-US: YOOtheme Pagekit CMS CVE-2014-8068 (Adobe Digital Editions (DE) 4 does not use encryption for transmission ...) NOT-FOR-US: Adobe Digital Editions CVE-2014-8067 @@ -3650,12 +3656,16 @@ RESERVED CVE-2014-6380 RESERVED + NOT-FOR-US: Juniper Junos CVE-2014-6379 RESERVED + NOT-FOR-US: Juniper Junos CVE-2014-6378 RESERVED + NOT-FOR-US: Juniper Junos CVE-2014-6377 RESERVED + NOT-FOR-US: Juniper Junos CVE-2014-6376 RESERVED CVE-2014-6375 @@ -3785,6 +3795,7 @@ RESERVED CVE-2014-6313 RESERVED + NOT-FOR-US: WordPress plugin WooCommerce CVE-2014-6312 RESERVED CVE-2014-6309 @@ -9683,6 +9694,7 @@ RESERVED CVE-2014-3825 RESERVED + NOT-FOR-US: Juniper Junos CVE-2014-3824 (Cross-site scripting (XSS) vulnerability in the web server in the ...) NOT-FOR-US: Juniper Junos Pulse Secure Access Service CVE-2014-3823 (The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with ...) @@ -9697,6 +9709,7 @@ NOT-FOR-US: Juniper Junos CVE-2014-3818 RESERVED + NOT-FOR-US: Juniper Junos CVE-2014-3817 (Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D32, 12.1X45 ...) NOT-FOR-US: Juniper Junos CVE-2014-3816 (Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29413 - data/CVE
Author: fgeek-guest Date: 2014-10-15 10:11:27 + (Wed, 15 Oct 2014) New Revision: 29413 Modified: data/CVE/list Log: NFU HPSBUX03139 SSRT101608 Modified: data/CVE/list === --- data/CVE/list 2014-10-15 09:37:22 UTC (rev 29412) +++ data/CVE/list 2014-10-15 10:11:27 UTC (rev 29413) @@ -424,6 +424,7 @@ RESERVED CVE-2014-7874 RESERVED + NOT-FOR-US: HP-UX running System Management Homepage CVE-2014-7873 RESERVED CVE-2014-7872 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29422 - data/CVE
Author: fgeek-guest
Date: 2014-10-15 18:41:40 + (Wed, 15 Oct 2014)
New Revision: 29422
Modified:
data/CVE/list
Log:
syntax
Modified: data/CVE/list
===
--- data/CVE/list 2014-10-15 18:39:23 UTC (rev 29421)
+++ data/CVE/list 2014-10-15 18:41:40 UTC (rev 29422)
@@ -9983,8 +9983,8 @@
RESERVED
CVE-2014-3704
RESERVED
-- drupal7 7.32-1
-- drupal6 not-affected (Only affects Drupal 7)
+ - drupal7 7.32-1
+ - drupal6 not-affected (Only affects Drupal 7)
CVE-2014-3703
RESERVED
CVE-2014-3702
@@ -10390,13 +10390,13 @@
RESERVED
CVE-2014-3568 [Build option no-ssl3 is incomplete]
RESERVED
-- openssl 1.0.1j-1
+ - openssl 1.0.1j-1
CVE-2014-3567 [Session Ticket Memory Leak]
RESERVED
-- openssl 1.0.1j-1
+ - openssl 1.0.1j-1
CVE-2014-3566 [POODLE attack against SSLv3]
RESERVED
-- openssl 1.0.1j-1
+ - openssl 1.0.1j-1
- nss unfixed
- gnutls26 unfixed
- gnutls28 unfixed
@@ -10589,8 +10589,8 @@
TODO: needs to check the others rails versions
CVE-2014-3513 [SRTP Memory Leak]
RESERVED
-- openssl 1.0.1j-1
-[squeeze] - openssl not-affected (DLTS SRTP introduced in 1.0.1)
+ - openssl 1.0.1j-1
+ [squeeze] - openssl not-affected (DLTS SRTP introduced in 1.0.1)
CVE-2014-3512 (Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP
...)
{DSA-2998-1}
- openssl 1.0.1i-1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29384 - data/CVE
Author: fgeek-guest Date: 2014-10-14 08:33:46 + (Tue, 14 Oct 2014) New Revision: 29384 Modified: data/CVE/list Log: CVE-2014-8750 to do Modified: data/CVE/list === --- data/CVE/list 2014-10-14 03:48:40 UTC (rev 29383) +++ data/CVE/list 2014-10-14 08:33:46 UTC (rev 29384) @@ -2,6 +2,10 @@ - ejabberd unfixed NOTE: http://mail.jabber.org/pipermail/operators/2014-October/002438.html NOTE: Patch https://github.com/processone/ejabberd/commit/7bdc1151b +CVE-2014-8750 + - nova unfixed + TODO: check + NOTE: https://launchpad.net/bugs/1357372 CVE-2014-8241 - tigervnc itp (bug #650394) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1151312 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29385 - data/CVE
Author: fgeek-guest Date: 2014-10-14 08:36:28 + (Tue, 14 Oct 2014) New Revision: 29385 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-10-14 08:33:46 UTC (rev 29384) +++ data/CVE/list 2014-10-14 08:36:28 UTC (rev 29385) @@ -14590,10 +14590,13 @@ NOT-FOR-US: Open Classifieds CVE-2014-2023 RESERVED + NOT-FOR-US: vBulletin CVE-2014-2022 RESERVED + NOT-FOR-US: vBulletin CVE-2014-2021 RESERVED + NOT-FOR-US: vBulletin CVE-2014-2020 (ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which ...) - php5 5.5.9+dfsg-1 [wheezy] - php5 not-affected (Vulnerable code was introduced in 5.5.0) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29378 - data/CVE
Author: fgeek-guest Date: 2014-10-13 10:08:44 + (Mon, 13 Oct 2014) New Revision: 29378 Modified: data/CVE/list Log: tigervnc CVEs assigned Modified: data/CVE/list === --- data/CVE/list 2014-10-13 04:37:01 UTC (rev 29377) +++ data/CVE/list 2014-10-13 10:08:44 UTC (rev 29378) @@ -1,3 +1,9 @@ +CVE-2014-8241 + - tigervnc itp (bug #650394) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1151312 +CVE-2014-8240 + - tigervnc itp (bug #650394) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1151307 CVE-2014-8086 [ext4 race] - linux unfixed - linux-2.6 removed @@ -2,6 +8,2 @@ NOTE: http://www.spinics.net/lists/linux-ext4/msg45683.html -CVE-2014- - - tigervnc itp (bug #650394) - NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1151307 - NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1151312 CVE-2014-8089 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29379 - data/CVE
Author: fgeek-guest Date: 2014-10-13 15:40:52 + (Mon, 13 Oct 2014) New Revision: 29379 Modified: data/CVE/list Log: new ejabberd issue Modified: data/CVE/list === --- data/CVE/list 2014-10-13 10:08:44 UTC (rev 29378) +++ data/CVE/list 2014-10-13 15:40:52 UTC (rev 29379) @@ -1,3 +1,7 @@ +CVE-2014- [ejabberd: compression allows cirucumvention of encryption despite starttls_required] + - ejabberd unfixed + NOTE: http://mail.jabber.org/pipermail/operators/2014-October/002438.html + NOTE: Patch https://github.com/processone/ejabberd/commit/7bdc1151b CVE-2014-8241 - tigervnc itp (bug #650394) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1151312 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29368 - data/CVE
Author: fgeek-guest Date: 2014-10-12 06:52:36 + (Sun, 12 Oct 2014) New Revision: 29368 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-10-11 09:14:13 UTC (rev 29367) +++ data/CVE/list 2014-10-12 06:52:36 UTC (rev 29368) @@ -5906,8 +5906,10 @@ RESERVED CVE-2014-5328 RESERVED + NOT-FOR-US: Huawei router CVE-2014-5327 RESERVED + NOT-FOR-US: Huawei router CVE-2014-5326 RESERVED CVE-2014-5325 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29344 - data/CVE
Author: fgeek-guest Date: 2014-10-10 07:20:43 + (Fri, 10 Oct 2014) New Revision: 29344 Modified: data/CVE/list Log: new tigervnc issues Modified: data/CVE/list === --- data/CVE/list 2014-10-10 07:19:30 UTC (rev 29343) +++ data/CVE/list 2014-10-10 07:20:43 UTC (rev 29344) @@ -1,6 +1,7 @@ CVE-2014- - tigervnc itp (bug #650394) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1151307 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1151312 CVE-2014-8089 - zendframework unfixed NOTE: http://framework.zend.com/security/advisory/ZF2014-06 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29346 - data/CVE
Author: fgeek-guest Date: 2014-10-10 07:22:24 + (Fri, 10 Oct 2014) New Revision: 29346 Modified: data/CVE/list Log: CVE-2003-1598 Modified: data/CVE/list === --- data/CVE/list 2014-10-10 07:21:31 UTC (rev 29345) +++ data/CVE/list 2014-10-10 07:22:24 UTC (rev 29346) @@ -55738,7 +55738,7 @@ CVE-2003-1599 RESERVED CVE-2003-1598 (SQL injection vulnerability in log.header.php in WordPress 0.7 and ...) - TODO: check + - wordpress 1.0.1-1 CVE-2002-2444 [snoopy: Security hole in exec cURL] RESERVED - libphp-snoopy not-affected (affected version never was in the repo) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29347 - data/CVE
Author: fgeek-guest Date: 2014-10-10 07:24:12 + (Fri, 10 Oct 2014) New Revision: 29347 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-10-10 07:22:24 UTC (rev 29346) +++ data/CVE/list 2014-10-10 07:24:12 UTC (rev 29347) @@ -7134,13 +7134,13 @@ CVE-2014-4872 RESERVED CVE-2014-4871 (Cross-site scripting (XSS) vulnerability in wlsecurity.html on ...) - TODO: check + NOT-FOR-US: NetCommWireless NB604N routers CVE-2014-4870 (/opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade ...) - TODO: check + NOT-FOR-US: Brocade Vyatta CVE-2014-4869 (The Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows ...) - TODO: check + NOT-FOR-US: Brocade Vyatta CVE-2014-4868 (The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), ...) - TODO: check + NOT-FOR-US: Brocade Vyatta CVE-2014-4867 RESERVED CVE-2014-4866 @@ -7274,7 +7274,7 @@ CVE-2014-4803 RESERVED CVE-2014-4802 (The Saved Search Admin component in the Process Admin Console in IBM ...) - TODO: check + NOT-FOR-US: IBM Business Process Manager CVE-2014-4801 RESERVED CVE-2014-4800 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29349 - data/CVE
Author: fgeek-guest Date: 2014-10-10 07:32:31 + (Fri, 10 Oct 2014) New Revision: 29349 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-10-10 07:28:00 UTC (rev 29348) +++ data/CVE/list 2014-10-10 07:32:31 UTC (rev 29349) @@ -189,19 +189,19 @@ CVE-2014-7985 RESERVED CVE-2014-7984 (Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote ...) - TODO: check + NOT-FOR-US: Joomla CVE-2014-7983 (Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS ...) - TODO: check + NOT-FOR-US: Joomla component com_contact CVE-2014-7982 (Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before ...) - TODO: check + NOT-FOR-US: Joomla CVE-2014-7981 (SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before ...) - TODO: check + NOT-FOR-US: Joomla CVE-2014-7980 (Multiple cross-site scripting (XSS) vulnerabilities in template.php in ...) - TODO: check + NOT-FOR-US: Drupal theme Zen CVE-2014-7979 (Cross-site scripting (XSS) vulnerability in the SimpleCorp theme ...) - TODO: check + NOT-FOR-US: Drupal theme SimpleCorp CVE-2014-7978 (Cross-site scripting (XSS) vulnerability in the BlueMasters theme ...) - TODO: check + NOT-FOR-US: Drupal theme BlueMasters CVE-2014-7977 RESERVED CVE-2014-7976 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29351 - data/CVE
Author: fgeek-guest Date: 2014-10-10 07:39:08 + (Fri, 10 Oct 2014) New Revision: 29351 Modified: data/CVE/list Log: CVE-2014-7235/freepbx itp, NFU Modified: data/CVE/list === --- data/CVE/list 2014-10-10 07:37:05 UTC (rev 29350) +++ data/CVE/list 2014-10-10 07:39:08 UTC (rev 29351) @@ -1726,7 +1726,7 @@ CVE-2014-7236 RESERVED CVE-2014-7235 (htdocs_ari/includes/login.php in the ARI Framework module/Asterisk ...) - TODO: check + - freepbx itp (bug #464926) CVE-2014-7234 RESERVED CVE-2014-7233 @@ -1734,7 +1734,7 @@ CVE-2014-7232 RESERVED CVE-2014-7229 (Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x ...) - TODO: check + NOT-FOR-US: Joomla CVE-2014-7228 RESERVED CVE-2014-7227 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29352 - data/CVE
Author: fgeek-guest Date: 2014-10-10 07:41:40 + (Fri, 10 Oct 2014) New Revision: 29352 Modified: data/CVE/list Log: mark freepbx issues as itp Modified: data/CVE/list === --- data/CVE/list 2014-10-10 07:39:08 UTC (rev 29351) +++ data/CVE/list 2014-10-10 07:41:40 UTC (rev 29352) @@ -74365,7 +74365,7 @@ CVE-2010-3491 (The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator ...) NOT-FOR-US: TIBCO ActiveMatrix Service Grid CVE-2010-3490 (Directory traversal vulnerability in page.recordings.php in the System ...) - NOT-FOR-US: System Recordings component in the configuration interface in FreePBX + - freepbx itp (bug #464926) CVE-2010-3489 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: CMS Digital Workroom CVE-2010-3488 (Directory traversal vulnerability in QuickShare 1.0 allows remote ...) @@ -93388,11 +93388,11 @@ CVE-2009-1804 (Multiple SQL injection vulnerabilities in admin/index.php in ...) NOT-FOR-US: videoscript CVE-2009-1803 (FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, ...) - NOT-FOR-US: FreePBX + - freepbx itp (bug #464926) CVE-2009-1802 (Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX ...) - NOT-FOR-US: FreePBX + - freepbx itp (bug #464926) CVE-2009-1801 (Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, ...) - NOT-FOR-US: FreePBX + - freepbx itp (bug #464926) CVE-2009-1800 (Stack-based buffer overflow in the Chinagames CGAgent ActiveX control ...) NOT-FOR-US: Chinagames CVE-2009-1799 (Multiple SQL injection vulnerabilities in the getGalleryImage function ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29354 - data/CVE
Author: fgeek-guest Date: 2014-10-10 07:50:50 + (Fri, 10 Oct 2014) New Revision: 29354 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-10-10 07:44:19 UTC (rev 29353) +++ data/CVE/list 2014-10-10 07:50:50 UTC (rev 29354) @@ -5458,11 +5458,11 @@ CVE-2014-5504 (SolarWinds Log and Event Manager before 6.0 uses quot;staticquot; credentials, ...) NOT-FOR-US: SolarWinds CVE-2014-5503 (SQL injection vulnerability in the Guest Login Portal in the Sophos ...) - TODO: check + NOT-FOR-US: Sophos Cyberoam CyberoamOS CVE-2014-5502 (The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows ...) - TODO: check + NOT-FOR-US: Sophos Cyberoam CyberoamOS CVE-2014-5501 (Stack-based buffer overflow in the diagnose service in the Sophos ...) - TODO: check + NOT-FOR-US: Sophos Cyberoam CyberoamOS CVE-2014-5500 RESERVED CVE-2014-5499 @@ -5722,7 +5722,7 @@ CVE-2014-5390 RESERVED CVE-2014-5389 (SQL injection vulnerability in content-audit-schedule.php in the ...) - TODO: check + NOT-FOR-US: WordPress plugin Content Audit CVE-2014-5387 RESERVED CVE-2014-5386 @@ -5796,9 +5796,9 @@ CVE-2014-5377 (ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 ...) NOT-FOR-US: ManageEngine DeviceExpert CVE-2014-5376 (Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0, when a ...) - TODO: check + NOT-FOR-US: Adaptive Computing Moab CVE-2014-5375 (The server in Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 ...) - TODO: check + NOT-FOR-US: Adaptive Computing Moab CVE-2014-5374 RESERVED CVE-2014-5373 @@ -5974,7 +5974,7 @@ CVE-2014-5301 RESERVED CVE-2014-5300 (Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 allows remote ...) - TODO: check + NOT-FOR-US: Adaptive Computing Moab CVE-2014-5299 RESERVED CVE-2014-5298 @@ -9313,7 +9313,7 @@ CVE-2014-3948 (Cross-site scripting (XSS) vulnerability in the HTML export wizard in ...) NOT-FOR-US: TYPO3 extension powermail CVE-2014-3947 (Unrestricted file upload vulnerability in the powermail extension ...) - TODO: check + NOT-FOR-US: TYPO3 extension powermail CVE-2014-3939 (Heap-based buffer overflow in Autodesk SketchBook Pro before 6.2.6 ...) NOT-FOR-US: Autodesk SketchBook Pro CVE-2014-3938 (Integer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29330 - data/CVE
Author: fgeek-guest Date: 2014-10-09 07:19:56 + (Thu, 09 Oct 2014) New Revision: 29330 Modified: data/CVE/list Log: CVE-2014-7967 Modified: data/CVE/list === --- data/CVE/list 2014-10-08 21:14:13 UTC (rev 29329) +++ data/CVE/list 2014-10-09 07:19:56 UTC (rev 29330) @@ -10,6 +10,8 @@ TODO: check CVE-2014-7968 [denial of service] NOT-FOR-US: Red Hat vdms +CVE-2014-7967 [v8: multiple unspecified issues fixed in Google Chrome 38.0.2125.101] + TODO: check CVE-2014-7960 [Swift metadata constraints are not correctly enforced] - swift unfixed NOTE: affected version: all up to 2.1.0 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29331 - data/CVE
Author: fgeek-guest Date: 2014-10-09 07:34:51 + (Thu, 09 Oct 2014) New Revision: 29331 Modified: data/CVE/list Log: CVE-2014-3691/foreman itp Modified: data/CVE/list === --- data/CVE/list 2014-10-09 07:19:56 UTC (rev 29330) +++ data/CVE/list 2014-10-09 07:34:51 UTC (rev 29331) @@ -9469,6 +9469,7 @@ RESERVED CVE-2014-3691 RESERVED + - foreman itp (bug #663101) CVE-2014-3690 RESERVED CVE-2014-3689 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29335 - data/CVE
Author: fgeek-guest Date: 2014-10-09 14:31:21 + (Thu, 09 Oct 2014) New Revision: 29335 Modified: data/CVE/list Log: NFU HPSBMU03127, HPSBMU03110 Modified: data/CVE/list === --- data/CVE/list 2014-10-09 12:09:41 UTC (rev 29334) +++ data/CVE/list 2014-10-09 14:31:21 UTC (rev 29335) @@ -12504,8 +12504,10 @@ RESERVED CVE-2014-2649 RESERVED + NOT-FOR-US: HP Operations Manager CVE-2014-2648 RESERVED + NOT-FOR-US: HP Operations Manager CVE-2014-2647 RESERVED CVE-2014-2646 @@ -12529,12 +12531,16 @@ NOT-FOR-US: HP MPIO Device CVE-2014-2638 RESERVED + NOT-FOR-US: HP Sprinter CVE-2014-2637 RESERVED + NOT-FOR-US: HP Sprinter CVE-2014-2636 RESERVED + NOT-FOR-US: HP Sprinter CVE-2014-2635 RESERVED + NOT-FOR-US: HP Sprinter CVE-2014-2634 (Unspecified vulnerability in the server in HP Service Manager (SM) ...) NOT-FOR-US: HP Service Manager CVE-2014-2633 (Cross-site request forgery (CSRF) vulnerability in the server in HP ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29337 - data/CVE
Author: fgeek-guest Date: 2014-10-09 14:40:00 + (Thu, 09 Oct 2014) New Revision: 29337 Modified: data/CVE/list Log: NFU HTB23233, HTB23234 Modified: data/CVE/list === --- data/CVE/list 2014-10-09 14:33:26 UTC (rev 29336) +++ data/CVE/list 2014-10-09 14:40:00 UTC (rev 29337) @@ -1591,6 +1591,7 @@ RESERVED CVE-2014-7139 RESERVED + NOT-FOR-US: WordPress plugin Contact Form DB CVE-2014-7138 RESERVED CVE-2014-7137 @@ -3542,6 +3543,7 @@ RESERVED CVE-2014-6243 RESERVED + NOT-FOR-US: WordPress plugin EWWW Image Optimizer CVE-2014-6242 (Multiple SQL injection vulnerabilities in the All In One WP Security amp; ...) NOT-FOR-US: WordPress plugin All In One WP Security CVE-2014-6230 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29338 - data/CVE
Author: fgeek-guest Date: 2014-10-09 14:40:43 + (Thu, 09 Oct 2014) New Revision: 29338 Modified: data/CVE/list Log: NFU HTB23235 Modified: data/CVE/list === --- data/CVE/list 2014-10-09 14:40:00 UTC (rev 29337) +++ data/CVE/list 2014-10-09 14:40:43 UTC (rev 29338) @@ -1594,6 +1594,7 @@ NOT-FOR-US: WordPress plugin Contact Form DB CVE-2014-7138 RESERVED + NOT-FOR-US: WordPress plugin Google Calendar Events CVE-2014-7137 RESERVED CVE-2014-7136 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29340 - data/CVE
Author: fgeek-guest Date: 2014-10-09 21:06:42 + (Thu, 09 Oct 2014) New Revision: 29340 Modified: data/CVE/list Log: CVE-2014-3686 Modified: data/CVE/list === --- data/CVE/list 2014-10-09 15:59:09 UTC (rev 29339) +++ data/CVE/list 2014-10-09 21:06:42 UTC (rev 29340) @@ -9489,8 +9489,11 @@ RESERVED CVE-2014-3687 RESERVED -CVE-2014-3686 +CVE-2014-3686 [action script execution vulnerability] RESERVED + - wpasupplicant unfixed + - hostapd unfixed + TODO: check and report CVE-2014-3685 RESERVED CVE-2014-3684 [non-root users able to kill any process on any node in a job] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29323 - data/CVE
Author: fgeek-guest Date: 2014-10-08 14:19:26 + (Wed, 08 Oct 2014) New Revision: 29323 Modified: data/CVE/list Log: HPSBGN03108 Modified: data/CVE/list === --- data/CVE/list 2014-10-08 10:57:28 UTC (rev 29322) +++ data/CVE/list 2014-10-08 14:19:26 UTC (rev 29323) @@ -7184,6 +7184,7 @@ RESERVED CVE-2014-4661 RESERVED + NOT-FOR-US: HP Records Manager CVE-2014-4651 RESERVED CVE-2014-4647 (Stack-based buffer overflow in the loadExtensionFactory method in the ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29310 - data/CVE
Author: fgeek-guest Date: 2014-10-07 18:44:09 + (Tue, 07 Oct 2014) New Revision: 29310 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-10-07 18:36:50 UTC (rev 29309) +++ data/CVE/list 2014-10-07 18:44:09 UTC (rev 29310) @@ -3499,6 +3499,7 @@ [squeeze] - xen not-affected (Affects only Xen 4.4 onwards) CVE-2014-6251 RESERVED + NOT-FOR-US: CPUMiner CVE-2014-6250 RESERVED CVE-2014-6249 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29311 - data/CVE
Author: fgeek-guest Date: 2014-10-07 18:46:18 + (Tue, 07 Oct 2014) New Revision: 29311 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-10-07 18:44:09 UTC (rev 29310) +++ data/CVE/list 2014-10-07 18:46:18 UTC (rev 29311) @@ -1154,6 +1154,7 @@ RESERVED CVE-2014-7280 RESERVED + NOT-FOR-US: Nessus Web UI CVE-2014-7279 RESERVED CVE-2014-7284 [linux kernel net_get_random_once bug] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29285 - data/CVE
Author: fgeek-guest Date: 2014-10-06 06:46:49 + (Mon, 06 Oct 2014) New Revision: 29285 Modified: data/CVE/list Log: sddm CVEs Modified: data/CVE/list === --- data/CVE/list 2014-10-05 21:14:10 UTC (rev 29284) +++ data/CVE/list 2014-10-06 06:46:49 UTC (rev 29285) @@ -1184,10 +1184,14 @@ RESERVED CVE-2014-7273 RESERVED -CVE-2014-7272 +CVE-2014-7272 [multiple vulnerabilities in sddm] RESERVED -CVE-2014-7271 + - sddm itp (bug #703519) + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=897788 +CVE-2014-7271 [unauthenticated logins as sddm] RESERVED + - sddm itp (bug #703519) + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=897788 CVE-2014-7270 RESERVED CVE-2014-7269 @@ -1351,9 +1355,6 @@ RESERVED CVE-2000-1253 RESERVED -CVE-2014- [various sddm issues] - - sddm itp (bug #703519) - NOTE: https://bugzilla.suse.com/show_bug.cgi?id=897788 CVE-2014-7300 [gnome-shell lockscreen bypass with printscreen key] RESERVED - gnome-shell unfixed ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29288 - data/CVE
Author: fgeek-guest Date: 2014-10-06 09:33:38 + (Mon, 06 Oct 2014) New Revision: 29288 Modified: data/CVE/list Log: getmail4 vulnerabilities Modified: data/CVE/list === --- data/CVE/list 2014-10-06 07:32:36 UTC (rev 29287) +++ data/CVE/list 2014-10-06 09:33:38 UTC (rev 29288) @@ -1,3 +1,7 @@ +CVE-2014- [getmail4: missing certificate hostname validation in IMAP4-over-SSL] + - getmail4 4.46.0-1 +CVE-2014- [getmail4: missing certificate hostname validation in POP3-over-SSL] + - getmail4 4.46.0-1 CVE-2014- [apt-get: Insecure temporary changelog handling] - apt 1.0.9.2 (bug #763780) CVE-2014-7860 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29270 - data/CVE
Author: fgeek-guest Date: 2014-10-05 07:03:19 + (Sun, 05 Oct 2014) New Revision: 29270 Modified: data/CVE/list Log: jenkins issues from external check Modified: data/CVE/list === --- data/CVE/list 2014-10-04 21:14:11 UTC (rev 29269) +++ data/CVE/list 2014-10-05 07:03:19 UTC (rev 29270) @@ -9467,10 +9467,16 @@ CVE-2014-3680 [SECURITY-138: Password exposure in DOM] RESERVED - jenkins 1.565.3-1 (bug #763899) -CVE-2014-3679 +CVE-2014-3679 [lack of access control in the monitoring plug-in] RESERVED -CVE-2014-3678 + - jenkins unfixed + TODO: check + NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 +CVE-2014-3678 [cross-site scripting flaws in the monitoring plug-in] RESERVED + - jenkins unfixed + TODO: check + NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 CVE-2014-3677 RESERVED CVE-2014-3676 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29254 - data/CVE
Author: fgeek-guest Date: 2014-10-04 07:51:32 + (Sat, 04 Oct 2014) New Revision: 29254 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-10-04 05:45:36 UTC (rev 29253) +++ data/CVE/list 2014-10-04 07:51:32 UTC (rev 29254) @@ -6848,8 +6848,10 @@ RESERVED CVE-2014-4312 RESERVED + NOT-FOR-US: Epicor CVE-2014-4311 RESERVED + NOT-FOR-US: Epicor CVE-2014-4310 RESERVED CVE-2014-4309 (Multiple cross-site scripting (XSS) vulnerabilities in Openfiler 2.99 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29239 - data/CVE
Author: fgeek-guest Date: 2014-10-03 17:50:28 + (Fri, 03 Oct 2014) New Revision: 29239 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-10-03 14:28:27 UTC (rev 29238) +++ data/CVE/list 2014-10-03 17:50:28 UTC (rev 29239) @@ -16,6 +16,16 @@ - mediawiki 1:1.19.20+dfsg-1 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-October/000163.html NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=70672 +CVE-2014-7278 + NOT-FOR-US: ZyXEL +CVE-2014-7277 + NOT-FOR-US: ZyXEL +CVE-2014-7276 +CVE-2014-7275 +CVE-2014-7274 +CVE-2014-7273 +CVE-2014-7272 +CVE-2014-7271 CVE-2014-7270 RESERVED CVE-2014-7269 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29240 - data/CVE
Author: fgeek-guest Date: 2014-10-03 17:51:23 + (Fri, 03 Oct 2014) New Revision: 29240 Modified: data/CVE/list Log: NFU HPSBMU03118 Modified: data/CVE/list === --- data/CVE/list 2014-10-03 17:50:28 UTC (rev 29239) +++ data/CVE/list 2014-10-03 17:51:23 UTC (rev 29240) @@ -11291,10 +11291,13 @@ RESERVED CVE-2014-2645 RESERVED + NOT-FOR-US: HP Systems Insight Manager CVE-2014-2644 RESERVED + NOT-FOR-US: HP Systems Insight Manager CVE-2014-2643 RESERVED + NOT-FOR-US: HP Systems Insight Manager CVE-2014-2642 RESERVED NOT-FOR-US: HP System Management Homepage ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29205 - data/CVE
Author: fgeek-guest Date: 2014-10-02 13:51:14 + (Thu, 02 Oct 2014) New Revision: 29205 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-10-02 13:47:21 UTC (rev 29204) +++ data/CVE/list 2014-10-02 13:51:14 UTC (rev 29205) @@ -106,6 +106,7 @@ RESERVED CVE-2014-7224 RESERVED + NOT-FOR-US: Android addJavascriptInterface CVE-2014-7223 RESERVED CVE-2014-7222 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29184 - data/CVE
Author: fgeek-guest Date: 2014-10-01 13:04:57 + (Wed, 01 Oct 2014) New Revision: 29184 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-10-01 12:19:42 UTC (rev 29183) +++ data/CVE/list 2014-10-01 13:04:57 UTC (rev 29184) @@ -1688,6 +1688,7 @@ RESERVED CVE-2014-6389 RESERVED + NOT-FOR-US: PhpCompta CVE-2014-6388 RESERVED CVE-2013-7403 @@ -8320,7 +8321,7 @@ RESERVED CVE-2014-3607 RESERVED -- libvt-ldap-java unfixed (bug #763608) + - libvt-ldap-java unfixed (bug #763608) CVE-2014-3606 RESERVED CVE-2014-3605 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29187 - data/CVE
Author: fgeek-guest Date: 2014-10-01 15:21:47 + (Wed, 01 Oct 2014) New Revision: 29187 Modified: data/CVE/list Log: NFU HPSBST02958, HPSBMU03112 Modified: data/CVE/list === --- data/CVE/list 2014-10-01 15:16:14 UTC (rev 29186) +++ data/CVE/list 2014-10-01 15:21:47 UTC (rev 29187) @@ -11076,12 +11076,16 @@ RESERVED CVE-2014-2642 RESERVED + NOT-FOR-US: HP System Management Homepage CVE-2014-2641 RESERVED + NOT-FOR-US: HP System Management Homepage CVE-2014-2640 RESERVED + NOT-FOR-US: HP System Management Homepage CVE-2014-2639 RESERVED + NOT-FOR-US: HP MPIO Device CVE-2014-2638 RESERVED CVE-2014-2637 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29189 - data/CVE
Author: fgeek-guest Date: 2014-10-01 17:36:52 + (Wed, 01 Oct 2014) New Revision: 29189 Modified: data/CVE/list Log: NFU HTB23232 Modified: data/CVE/list === --- data/CVE/list 2014-10-01 15:48:05 UTC (rev 29188) +++ data/CVE/list 2014-10-01 17:36:52 UTC (rev 29189) @@ -1932,6 +1932,7 @@ RESERVED CVE-2014-6315 RESERVED + NOT-FOR-US: WordPress plugin Photo Gallery CVE-2014-6314 RESERVED CVE-2014-6313 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29190 - data/CVE
Author: fgeek-guest Date: 2014-10-01 17:37:54 + (Wed, 01 Oct 2014) New Revision: 29190 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-10-01 17:36:52 UTC (rev 29189) +++ data/CVE/list 2014-10-01 17:37:54 UTC (rev 29190) @@ -4157,6 +4157,7 @@ RESERVED CVE-2014-5308 RESERVED + NOT-FOR-US: TestLink CVE-2014-5307 (Heap-based buffer overflow in the PavTPK.sys kernel mode driver of ...) NOT-FOR-US: Panda Security CVE-2014-5306 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29153 - data/CVE
Author: fgeek-guest Date: 2014-09-30 06:21:00 + (Tue, 30 Sep 2014) New Revision: 29153 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-09-30 05:34:50 UTC (rev 29152) +++ data/CVE/list 2014-09-30 06:21:00 UTC (rev 29153) @@ -125,8 +125,10 @@ RESERVED CVE-2014-7158 RESERVED + NOT-FOR-US: Exinda WAN Optimization Suite CVE-2014-7157 RESERVED + NOT-FOR-US: Exinda WAN Optimization Suite CVE-2014-7153 (SQL injection vulnerability in the editgallery function in ...) NOT-FOR-US: WordPress plugin Huge-IT Image Gallery CVE-2014- [cyassl: RSA Padding check vulnerability] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29154 - data/CVE
Author: fgeek-guest Date: 2014-09-30 06:25:03 + (Tue, 30 Sep 2014) New Revision: 29154 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-09-30 06:21:00 UTC (rev 29153) +++ data/CVE/list 2014-09-30 06:25:03 UTC (rev 29154) @@ -4091,15 +4091,15 @@ CVE-2014-5320 (The Bump application for Android does not properly handle implicit ...) NOT-FOR-US: Bump application for Android CVE-2014-5319 (Directory traversal vulnerability in the S-Link SLFileManager ...) - TODO: check + NOT-FOR-US: S-Link SLFileManager application for Android CVE-2014-5318 (The jigbrowser+ application 1.8.1 and earlier for iOS allows remote ...) - TODO: check + NOT-FOR-US: jigbrowser+ application for iOS CVE-2014-5317 (Cross-site scripting (XSS) vulnerability in php365.com 365 Links 3.11 ...) NOT-FOR-US: php365.com components CVE-2014-5316 (Cross-site scripting (XSS) vulnerability in Dotclear before 2.6.4 ...) NOT-FOR-US: DotClear CVE-2014-5315 (Cross-site scripting (XSS) vulnerability in the Help page in Adobe ...) - TODO: check + NOT-FOR-US: Adobe CVE-2014-5314 RESERVED CVE-2014-5313 (Cross-site scripting (XSS) vulnerability in the management page in Six ...) @@ -9083,7 +9083,7 @@ CVE-2014-3368 RESERVED CVE-2014-3367 (Cross-site scripting (XSS) vulnerability in the vCloud Director ...) - TODO: check + NOT-FOR-US: Cisco CVE-2014-3366 RESERVED CVE-2014-3365 @@ -9893,7 +9893,7 @@ CVE-2014-3063 (IBM InfoSphere Master Data Management - Collaborative Edition 10.x ...) NOT-FOR-US: IBM CVE-2014-3062 (Unspecified vulnerability in IBM Security QRadar SIEM 7.1 MR2 and 7.2 ...) - TODO: check + NOT-FOR-US: IBM Security QRadar SIEM CVE-2014-3061 (Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Spend ...) NOT-FOR-US: IBM CVE-2014-3060 @@ -10185,7 +10185,7 @@ REJECTED NOT-FOR-US: Cobham Aviator 700D and 700E satellite terminals CVE-2014-2942 (Cobham Aviator 700D and 700E satellite terminals use an improper ...) - TODO: check + NOT-FOR-US: Cobham Aviator CVE-2014-2941 (** DISPUTED ** Cobham Sailor 6000 satellite terminals have hardcoded ...) NOT-FOR-US: Cobham Sailor 6000 satellite terminals CVE-2014-2940 (Cobham Sailor 900 and 6000 satellite terminals with firmware 1.08 MFHF ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29156 - data/CVE
Author: fgeek-guest Date: 2014-09-30 06:29:10 + (Tue, 30 Sep 2014) New Revision: 29156 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-09-30 06:28:37 UTC (rev 29155) +++ data/CVE/list 2014-09-30 06:29:10 UTC (rev 29156) @@ -2142,6 +2142,7 @@ RESERVED CVE-2014-6242 RESERVED + NOT-FOR-US: WordPress plugin All In One WP Security CVE-2014-6230 RESERVED CVE-2014-6229 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29155 - data/CVE
Author: fgeek-guest Date: 2014-09-30 06:28:37 + (Tue, 30 Sep 2014) New Revision: 29155 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-09-30 06:25:03 UTC (rev 29154) +++ data/CVE/list 2014-09-30 06:28:37 UTC (rev 29155) @@ -143353,7 +143353,7 @@ CVE-2006-1322 (Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a ...) NOT-FOR-US: Netware CVE-2006-1318 (Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, ...) - TODO: check + NOT-FOR-US: Microsoft Office CVE-2006-1317 RESERVED CVE-2006-1316 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29157 - data/CVE
Author: fgeek-guest Date: 2014-09-30 06:52:53 + (Tue, 30 Sep 2014) New Revision: 29157 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-09-30 06:29:10 UTC (rev 29156) +++ data/CVE/list 2014-09-30 06:52:53 UTC (rev 29157) @@ -2069,7 +2069,7 @@ RESERVED CVE-2013-7400 RESERVED - TODO: check + NOT-FOR-US: TYPO3 extension direct_mail CVE-2014-6387 [Null byte poisoning in LDAP authentication] RESERVED - mantis removed ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29167 - data/CVE
Author: fgeek-guest Date: 2014-09-30 11:39:21 + (Tue, 30 Sep 2014) New Revision: 29167 Modified: data/CVE/list Log: CVE-2012-4414/mysql-5.1 Modified: data/CVE/list === --- data/CVE/list 2014-09-30 11:22:22 UTC (rev 29166) +++ data/CVE/list 2014-09-30 11:39:21 UTC (rev 29167) @@ -43319,7 +43319,7 @@ NOTE: maintainer contacted us, working on update NOTE: http://guac-dev.org/trac/changeset/7dcefa744b4a38825619c00ae8b47e5bae6e38c0/libguac CVE-2012-4414 (Multiple SQL injection vulnerabilities in the replication code in ...) - - mysql-5.1 unfixed (low; bug #687484) + - mysql-5.1 5.1.72-1 (low; bug #687484) [squeeze] - mysql-5.1 no-dsa (Minor issue, currently not fixed in MySQL, can be included once fixed in 5.1.x) - mysql-5.5 5.5.30+dfsg-1 (bug #687485) CVE-2012-4413 (OpenStack Keystone 2012.1.3 does not invalidate existing tokens when ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29170 - data/CVE
Author: fgeek-guest Date: 2014-09-30 13:40:31 + (Tue, 30 Sep 2014) New Revision: 29170 Modified: data/CVE/list Log: CVE-2014-7143/twisted Modified: data/CVE/list === --- data/CVE/list 2014-09-30 11:49:47 UTC (rev 29169) +++ data/CVE/list 2014-09-30 13:40:31 UTC (rev 29170) @@ -1266,7 +1266,7 @@ - python-keystoneclient 1:0.10.1-2 (bug #762749) CVE-2014-7143 [twisted: trustRoot not respected in HTTP client] RESERVED - - twisted unfixed (bug #761983) + - twisted 14.0.2-1 (bug #761983) [wheezy] - twisted not-affected (Only affects 14.0 series) [squeeze] - twisted not-affected (Only affects 14.0 series) CVE-2014-6610 [Remote crash when handling out of call message in certain dialplan configurations] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29179 - data/CVE
Author: fgeek-guest Date: 2014-10-01 05:51:55 + (Wed, 01 Oct 2014) New Revision: 29179 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-10-01 05:26:45 UTC (rev 29178) +++ data/CVE/list 2014-10-01 05:51:55 UTC (rev 29179) @@ -1677,6 +1677,8 @@ RESERVED CVE-2014-6388 RESERVED +CVE-2013-7403 + NOT-FOR-US: WordPress plugin wp-video-commando CVE-2013-7402 RESERVED CVE-2013-7401 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29128 - data/CVE
Author: fgeek-guest Date: 2014-09-28 09:57:13 + (Sun, 28 Sep 2014) New Revision: 29128 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-09-28 09:51:02 UTC (rev 29127) +++ data/CVE/list 2014-09-28 09:57:13 UTC (rev 29128) @@ -1,7 +1,9 @@ CVE-2014-7201 RESERVED + NOT-FOR-US: JobControl extension for TYPO3 CVE-2014-7200 RESERVED + NOT-FOR-US: JobControl extension for TYPO3 CVE-2014-7198 RESERVED CVE-2014-7197 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29130 - data/CVE
Author: fgeek-guest Date: 2014-09-28 11:50:40 + (Sun, 28 Sep 2014) New Revision: 29130 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-09-28 10:01:36 UTC (rev 29129) +++ data/CVE/list 2014-09-28 11:50:40 UTC (rev 29130) @@ -3573,6 +3573,7 @@ RESERVED CVE-2014-5516 RESERVED + NOT-FOR-US: KonaKart CVE-2014-5515 RESERVED - ntopng 1.2.1+dfsg1-1 (bug #760990) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29103 - data/CVE
Author: fgeek-guest Date: 2014-09-27 11:09:53 + (Sat, 27 Sep 2014) New Revision: 29103 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-09-27 10:59:45 UTC (rev 29102) +++ data/CVE/list 2014-09-27 11:09:53 UTC (rev 29103) @@ -8,6 +8,8 @@ - zeromq3 unfixed NOTE: Code commit: https://github.com/zeromq/libzmq/issues/1190 TODO: check +CVE-2014-7190 + NOT-FOR-US: Openfiler CVE-2014-7189 [Go crypto/tls vulnerability] - golang unfixed [wheezy] - golang not-affected (Vulnerable code not present, only Go 1.1 onwards) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29075 - data/CVE
Author: fgeek-guest Date: 2014-09-26 14:30:50 + (Fri, 26 Sep 2014) New Revision: 29075 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-09-26 10:30:46 UTC (rev 29074) +++ data/CVE/list 2014-09-26 14:30:50 UTC (rev 29075) @@ -2333,7 +2333,7 @@ CVE-2014-6092 RESERVED CVE-2014-6091 (Cross-site scripting (XSS) vulnerability in IBM Curam Social Program ...) - TODO: check + NOT-FOR-US: IBM Curam Social Program Management CVE-2014-6090 RESERVED CVE-2014-6089 @@ -4973,7 +4973,7 @@ CVE-2014-4974 RESERVED CVE-2014-4973 (The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the ...) - TODO: check + NOT-FOR-US: ESET Personal Firewall CVE-2014-4972 RESERVED CVE-2014-4971 (Microsoft Windows XP SP3 does not validate addresses in certain IRP ...) @@ -5390,7 +5390,7 @@ CVE-2014-4771 RESERVED CVE-2014-4770 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...) - TODO: check + NOT-FOR-US: IBM WebSphere Application Server CVE-2014-4769 RESERVED CVE-2014-4768 @@ -5426,7 +5426,7 @@ CVE-2014-4753 RESERVED CVE-2014-4752 (IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, ...) - TODO: check + NOT-FOR-US: IBM CVE-2014-4751 (Cross-site scripting (XSS) vulnerability in IBM Security Access ...) NOT-FOR-US: IBM Security Access Manager CVE-2014-4750 (IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP ...) @@ -8930,15 +8930,15 @@ CVE-2014-3381 RESERVED CVE-2014-3380 (Cisco Unified Communications Domain Manager Platform Software 4.4(.3) ...) - TODO: check + NOT-FOR-US: Cisco Unified Communications CVE-2014-3379 (Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 ...) - TODO: check + NOT-FOR-US: Cisco IOS CVE-2014-3378 (tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: Cisco IOS CVE-2014-3377 (snmpd in Cisco IOS XR 5.1 and earlier allows remote authenticated ...) - TODO: check + NOT-FOR-US: Cisco IOS CVE-2014-3376 (Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: Cisco IOS CVE-2014-3375 RESERVED CVE-2014-3374 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29076 - data/CVE
Author: fgeek-guest Date: 2014-09-26 15:02:05 + (Fri, 26 Sep 2014) New Revision: 29076 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-09-26 14:30:50 UTC (rev 29075) +++ data/CVE/list 2014-09-26 15:02:05 UTC (rev 29076) @@ -1155,7 +1155,7 @@ CVE-2014-6602 (Microsoft Asha OS on the Microsoft Mobile Nokia Asha 501 phone 14.0.4 ...) NOT-FOR-US: Microsoft Asha OS CVE-2012-6659 (Cross-site scripting (XSS) vulnerability in the admin interface in ...) - TODO: check + NOT-FOR-US: Phorum CVE-2014- [Remote crash based on malformed SIP subscription] - asterisk not-affected (only affects 12.x series) NOTE: http://downloads.asterisk.org/pub/security/AST-2014-009.html @@ -9669,17 +9669,17 @@ CVE-2014-3107 RESERVED CVE-2014-3106 (IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, ...) - TODO: check + NOT-FOR-US: IBM WebSphere CVE-2014-3105 (The OSLC integration feature in the Web component in IBM Rational ...) - TODO: check + NOT-FOR-US: IBM WebSphere CVE-2014-3104 (IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, ...) - TODO: check + NOT-FOR-US: IBM WebSphere CVE-2014-3103 (The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, ...) - TODO: check + NOT-FOR-US: IBM WebSphere CVE-2014-3102 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.0 ...) NOT-FOR-US: IBM WebSphere CVE-2014-3101 (The login form in the Web component in IBM Rational ClearQuest 7.1 ...) - TODO: check + NOT-FOR-US: IBM Rational ClearQuest CVE-2014-3100 (Stack-based buffer overflow in the encode_key function in ...) NOT-FOR-US: Android service KeyStore CVE-2014-3099 @@ -9701,7 +9701,7 @@ CVE-2014-3091 RESERVED CVE-2014-3090 (IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and ...) - TODO: check + NOT-FOR-US: IBM Rational ClearCase CVE-2014-3089 (The RDS Java Client library in IBM Rational Directory Server (RDS) ...) NOT-FOR-US: IBM Rational Directory Server CVE-2014-3088 (stconf.nsf in IBM Sametime Meeting Server 8.5.1 relies on the client ...) @@ -39414,7 +39414,7 @@ CVE-2012-5701 RESERVED CVE-2012-5700 (Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko ...) - TODO: check + NOT-FOR-US: Baby Gekko CVE-2012-5699 RESERVED CVE-2012-5698 @@ -47815,7 +47815,7 @@ CVE-2012-2589 REJECTED CVE-2012-2588 (Multiple cross-site scripting (XSS) vulnerabilities in MailEnable ...) - TODO: check + NOT-FOR-US: MailEnable Enterprise CVE-2012-2587 (Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic ...) NOT-FOR-US: AfterLogic MailSuite Pro CVE-2012-2586 (Multiple cross-site scripting (XSS) vulnerabilities in Mailtraq ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29081 - data/CVE
Author: fgeek-guest Date: 2014-09-26 15:42:40 + (Fri, 26 Sep 2014) New Revision: 29081 Modified: data/CVE/list Log: CVE-2014-5388/qemu fixed Modified: data/CVE/list === --- data/CVE/list 2014-09-26 15:41:57 UTC (rev 29080) +++ data/CVE/list 2014-09-26 15:42:40 UTC (rev 29081) @@ -3845,7 +3845,7 @@ - seafile itp (bug #709295) CVE-2014-5388 [array out of bounds] RESERVED - - qemu unfixed + - qemu 2.1+dfsg-5 - qemu-kvm removed [squeeze] - qemu-kvm end-of-life NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-08/msg03338.html ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29080 - data/CVE
Author: fgeek-guest Date: 2014-09-26 15:41:57 + (Fri, 26 Sep 2014) New Revision: 29080 Modified: data/CVE/list Log: CVE-2014-3640/qemu fixed Modified: data/CVE/list === --- data/CVE/list 2014-09-26 15:17:58 UTC (rev 29079) +++ data/CVE/list 2014-09-26 15:41:57 UTC (rev 29080) @@ -8062,7 +8062,7 @@ RESERVED CVE-2014-3640 [slirp: NULL pointer deref in sosendto()] RESERVED - - qemu unfixed (bug #762532) + - qemu 2.1+dfsg-5 (bug #762532) - qemu-kvm removed [squeeze] - qemu-kvm end-of-life NOTE: http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29043 - data/CVE
Author: fgeek-guest Date: 2014-09-25 12:26:24 + (Thu, 25 Sep 2014) New Revision: 29043 Modified: data/CVE/list Log: NFU Cisco Modified: data/CVE/list === --- data/CVE/list 2014-09-25 11:02:44 UTC (rev 29042) +++ data/CVE/list 2014-09-25 12:26:24 UTC (rev 29043) @@ -8945,20 +8945,28 @@ NOT-FOR-US: Cisco CVE-2014-3361 RESERVED + NOT-FOR-US: Cisco IOS CVE-2014-3360 RESERVED + NOT-FOR-US: Cisco IOS CVE-2014-3359 RESERVED + NOT-FOR-US: Cisco IOS CVE-2014-3358 RESERVED + NOT-FOR-US: Cisco IOS CVE-2014-3357 RESERVED + NOT-FOR-US: Cisco IOS CVE-2014-3356 RESERVED + NOT-FOR-US: Cisco IOS CVE-2014-3355 RESERVED + NOT-FOR-US: Cisco IOS CVE-2014-3354 RESERVED + NOT-FOR-US: Cisco IOS CVE-2014-3353 (Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier Routing ...) NOT-FOR-US: Cisco CVE-2014-3352 (Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29044 - data/CVE
Author: fgeek-guest Date: 2014-09-25 13:47:04 + (Thu, 25 Sep 2014) New Revision: 29044 Modified: data/CVE/list Log: NFU CVE-2014-0170 Teiid from external reference Modified: data/CVE/list === --- data/CVE/list 2014-09-25 12:26:24 UTC (rev 29043) +++ data/CVE/list 2014-09-25 13:47:04 UTC (rev 29044) @@ -18098,6 +18098,7 @@ RESERVED CVE-2014-0170 RESERVED + NOT-FOR-US: Teiid CVE-2014-0169 RESERVED NOT-FOR-US: JBoss EAP ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29045 - data/CVE
Author: fgeek-guest Date: 2014-09-25 13:49:51 + (Thu, 25 Sep 2014) New Revision: 29045 Modified: data/CVE/list Log: CVE-2014-6603/suricata Modified: data/CVE/list === --- data/CVE/list 2014-09-25 13:47:04 UTC (rev 29044) +++ data/CVE/list 2014-09-25 13:49:51 UTC (rev 29045) @@ -1132,8 +1132,9 @@ RESERVED CVE-2014-6604 RESERVED -CVE-2014-6603 +CVE-2014-6603 [suricata: Out-of-bounds access in SSH parser] RESERVED + - suricata unfixed CVE-2014-6602 (Microsoft Asha OS on the Microsoft Mobile Nokia Asha 501 phone 14.0.4 ...) NOT-FOR-US: Microsoft Asha OS CVE-2012-6659 (Cross-site scripting (XSS) vulnerability in the admin interface in ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29046 - data/CVE
Author: fgeek-guest Date: 2014-09-25 14:13:29 + (Thu, 25 Sep 2014) New Revision: 29046 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-09-25 13:49:51 UTC (rev 29045) +++ data/CVE/list 2014-09-25 14:13:29 UTC (rev 29046) @@ -4986,6 +4986,7 @@ RESERVED CVE-2014-4958 RESERVED + NOT-FOR-US: Telerik UI for ASP.NET AJAX RadEditor Control CVE-2014-4957 RESERVED CVE-2014-4956 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29047 - data/CVE
Author: fgeek-guest Date: 2014-09-25 14:26:24 + (Thu, 25 Sep 2014) New Revision: 29047 Modified: data/CVE/list Log: CVE-2014-6603/suricata bts Modified: data/CVE/list === --- data/CVE/list 2014-09-25 14:13:29 UTC (rev 29046) +++ data/CVE/list 2014-09-25 14:26:24 UTC (rev 29047) @@ -1134,7 +1134,7 @@ RESERVED CVE-2014-6603 [suricata: Out-of-bounds access in SSH parser] RESERVED - - suricata unfixed + - suricata unfixed (bug #762828) CVE-2014-6602 (Microsoft Asha OS on the Microsoft Mobile Nokia Asha 501 phone 14.0.4 ...) NOT-FOR-US: Microsoft Asha OS CVE-2012-6659 (Cross-site scripting (XSS) vulnerability in the admin interface in ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r29057 - data/CVE
Author: fgeek-guest Date: 2014-09-25 21:32:09 + (Thu, 25 Sep 2014) New Revision: 29057 Modified: data/CVE/list Log: CVE-2014-7185/python2.7 Modified: data/CVE/list === --- data/CVE/list 2014-09-25 21:14:14 UTC (rev 29056) +++ data/CVE/list 2014-09-25 21:32:09 UTC (rev 29057) @@ -1,3 +1,7 @@ +CVE-2014-7185 [integer overflow in 'buffer' type allows reading memory] + - python2.7 unfixed + NOTE: http://bugs.python.org/issue21831 + NOTE: Upstream fix http://hg.python.org/cpython/rev/8d963c7db507 CVE-2014-7168 RESERVED CVE-2014-7167 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28994 - data/CVE
Author: fgeek-guest Date: 2014-09-24 10:31:55 + (Wed, 24 Sep 2014) New Revision: 28994 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-09-24 09:14:13 UTC (rev 28993) +++ data/CVE/list 2014-09-24 10:31:55 UTC (rev 28994) @@ -3958,8 +3958,10 @@ RESERVED CVE-2014-5298 RESERVED + NOT-FOR-US: X2Engine CVE-2014-5297 RESERVED + NOT-FOR-US: X2Engine CVE-2014-5296 RESERVED CVE-2014-5295 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28995 - data/CVE
Author: fgeek-guest Date: 2014-09-24 11:15:43 + (Wed, 24 Sep 2014) New Revision: 28995 Modified: data/CVE/list Log: Add mediawiki issue. I will check and submit bug when details are available Modified: data/CVE/list === --- data/CVE/list 2014-09-24 10:31:55 UTC (rev 28994) +++ data/CVE/list 2014-09-24 11:15:43 UTC (rev 28995) @@ -1,3 +1,6 @@ +CVE-2014- [mediawiki: releases 1.19.19, 1.22.11 and 1.23.4] + - mediawiki unfixed + NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-September/000160.html CVE-2014-7156 [XSA-106] - xen unfixed CVE-2014-7155 [XSA-105] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28997 - data/CVE
Author: fgeek-guest
Date: 2014-09-24 13:13:01 + (Wed, 24 Sep 2014)
New Revision: 28997
Modified:
data/CVE/list
Log:
CVE-2013-0334/bundler
Modified: data/CVE/list
===
--- data/CVE/list 2014-09-24 12:16:36 UTC (rev 28996)
+++ data/CVE/list 2014-09-24 13:13:01 UTC (rev 28997)
@@ -36783,8 +36783,9 @@
- 389-ds-base 1.3.2.9-1 (bug #704077)
CVE-2013-0335 (OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex
(2012.1) ...)
- nova 2012.1.1-14 (bug #701773)
-CVE-2013-0334
+CVE-2013-0334 [may install gems from a different source than expected]]
RESERVED
+ - bundler 1.7.2-1
CVE-2013-0333 (lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x
before ...)
{DSA-2613-1}
- rails 2.3.14.1 (bug #699226)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28969 - data/CVE
Author: fgeek-guest Date: 2014-09-23 06:39:48 + (Tue, 23 Sep 2014) New Revision: 28969 Modified: data/CVE/list Log: add to do note from external reference Modified: data/CVE/list === --- data/CVE/list 2014-09-23 04:57:18 UTC (rev 28968) +++ data/CVE/list 2014-09-23 06:39:48 UTC (rev 28969) @@ -6817,6 +6817,7 @@ RESERVED CVE-2014-3655 RESERVED + TODO: check CVE-2014-3654 RESERVED CVE-2014-3653 [XSS flaw on template preview screen] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28970 - data/CVE
Author: fgeek-guest
Date: 2014-09-23 06:58:22 + (Tue, 23 Sep 2014)
New Revision: 28970
Modified:
data/CVE/list
Log:
CVE-2014-3640/qemu bts
Modified: data/CVE/list
===
--- data/CVE/list 2014-09-23 06:39:48 UTC (rev 28969)
+++ data/CVE/list 2014-09-23 06:58:22 UTC (rev 28970)
@@ -6851,10 +6851,8 @@
RESERVED
CVE-2014-3640 [slirp: NULL pointer deref in sosendto()]
RESERVED
- - qemu unfixed
+ - qemu unfixed (bug #762532)
- qemu-kvm removed
- NOTE: Upstream patch submission:
http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html
- TODO: check
CVE-2014-3639
RESERVED
{DSA-3026-1}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28978 - data/CVE
Author: fgeek-guest Date: 2014-09-23 09:32:07 + (Tue, 23 Sep 2014) New Revision: 28978 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-09-23 09:14:15 UTC (rev 28977) +++ data/CVE/list 2014-09-23 09:32:07 UTC (rev 28978) @@ -5371,8 +5371,10 @@ RESERVED CVE-2014-4728 RESERVED + NOT-FOR-US: TP-Link CVE-2014-4727 RESERVED + NOT-FOR-US: TP-Link CVE-2014-4726 (Unspecified vulnerability in the MailPoet Newsletters ...) NOT-FOR-US: wysija-newsletters CVE-2014-4725 (The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28944 - data/CVE
Author: fgeek-guest Date: 2014-09-22 06:17:29 + (Mon, 22 Sep 2014) New Revision: 28944 Modified: data/CVE/list Log: CVE-2014-7143/twisted Modified: data/CVE/list === --- data/CVE/list 2014-09-22 04:32:47 UTC (rev 28943) +++ data/CVE/list 2014-09-22 06:17:29 UTC (rev 28944) @@ -1,6 +1,10 @@ CVE-2014- [Remote crash based on malformed SIP subscription] - asterisk not-affected (only affects 12.x series) NOTE: http://downloads.asterisk.org/pub/security/AST-2014-009.html +CVE-2014-7143 [twisted: trustRoot not respected in HTTP client] + - twisted unfixed (bug #761983) + [wheezy] - twisted not-affected (Only affects 14.0 series) + [squeeze] - twisted not-affected (Only affects 14.0 series) CVE-2014-6610 [Remote crash when handling out of call message in certain dialplan configurations] - asterisk unfixed (bug #762164) NOTE: http://downloads.asterisk.org/pub/security/AST-2014-010.html @@ -407,10 +411,6 @@ RESERVED CVE-2012-6658 (Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks ...) TODO: check -CVE-2014- [twisted: trustRoot not respected in HTTP client] - - twisted unfixed (bug #761983) - [wheezy] - twisted not-affected (Only affects 14.0 series) - [squeeze] - twisted not-affected (Only affects 14.0 series) CVE-2014- [null ptr deref in SMB2_tcon] - linux unfixed [wheezy] - linux not-affected (Introduced in 3.7) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28907 - data/CVE
Author: fgeek-guest Date: 2014-09-19 07:05:25 + (Fri, 19 Sep 2014) New Revision: 28907 Modified: data/CVE/list Log: CVE-2014-36337/libvirt from external reference Modified: data/CVE/list === --- data/CVE/list 2014-09-19 05:36:08 UTC (rev 28906) +++ data/CVE/list 2014-09-19 07:05:25 UTC (rev 28907) @@ -6846,8 +6846,10 @@ NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=83622 CVE-2014-3634 RESERVED -CVE-2014-3633 +CVE-2014-3633 [qemu: out-of-bounds read access in qemuDomainGetBlockIoTune() due to invalid index] RESERVED + - libvirt unfixed + NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=3e745e8f775dfe6f64f18b5c2fe4791b35d3546b CVE-2014-3632 RESERVED - neutron unfixed ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28911 - data/CVE
Author: fgeek-guest Date: 2014-09-19 14:22:16 + (Fri, 19 Sep 2014) New Revision: 28911 Modified: data/CVE/list Log: CVE-2014-3633/libvirt #762203 Modified: data/CVE/list === --- data/CVE/list 2014-09-19 07:16:05 UTC (rev 28910) +++ data/CVE/list 2014-09-19 14:22:16 UTC (rev 28911) @@ -6848,7 +6848,7 @@ RESERVED CVE-2014-3633 [qemu: out-of-bounds read access in qemuDomainGetBlockIoTune() due to invalid index] RESERVED - - libvirt unfixed + - libvirt unfixed (bug #762203) [squeeze] - libvirt not-affected (Vulnerable code introduced in v0.9.8) NOTE: Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=3e745e8f775dfe6f64f18b5c2fe4791b35d3546b NOTE: Introduced in http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=eca96694a7f992be633d48d5ca03cedc9bbc3c9a (v0.9.8) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28855 - data/CVE
Author: fgeek-guest Date: 2014-09-17 10:41:28 + (Wed, 17 Sep 2014) New Revision: 28855 Modified: data/CVE/list Log: NFU NS-14-030, NS-14-031 Modified: data/CVE/list === --- data/CVE/list 2014-09-17 10:40:58 UTC (rev 28854) +++ data/CVE/list 2014-09-17 10:41:28 UTC (rev 28855) @@ -186,6 +186,7 @@ RESERVED CVE-2014-6308 RESERVED + NOT-FOR-US: OsClass CVE-2014-6307 RESERVED CVE-2014-6306 @@ -246,6 +247,7 @@ RESERVED CVE-2014-6280 RESERVED + NOT-FOR-US: OsClass CVE-2014-6279 RESERVED CVE-2014-6278 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28867 - data/CVE
Author: fgeek-guest Date: 2014-09-17 14:29:06 + (Wed, 17 Sep 2014) New Revision: 28867 Modified: data/CVE/list Log: twisted issue Modified: data/CVE/list === --- data/CVE/list 2014-09-17 14:25:42 UTC (rev 28866) +++ data/CVE/list 2014-09-17 14:29:06 UTC (rev 28867) @@ -1,3 +1,5 @@ +CVE-2014- [twisted: trustRoot not respected in HTTP client] + - twisted unfixed (bug #761983) CVE-2014- [null ptr deref in SMB2_tcon] - linux unfixed [wheezy] - linux not-affected (Introduced in 3.7) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28873 - data/CVE
Author: fgeek-guest Date: 2014-09-17 15:57:52 + (Wed, 17 Sep 2014) New Revision: 28873 Modified: data/CVE/list Log: Add TODOs for myself (or someone with time) Modified: data/CVE/list === --- data/CVE/list 2014-09-17 15:46:32 UTC (rev 28872) +++ data/CVE/list 2014-09-17 15:57:52 UTC (rev 28873) @@ -213,28 +213,40 @@ [wheezy] - phpmyadmin not-affected (Vulnerable code not present) CVE-2014-6299 RESERVED + TODO: check CVE-2014-6298 RESERVED + TODO: check CVE-2014-6297 RESERVED + TODO: check CVE-2014-6296 RESERVED + TODO: check CVE-2014-6295 RESERVED + TODO: check CVE-2014-6294 RESERVED + TODO: check CVE-2014-6293 RESERVED + TODO: check CVE-2014-6292 RESERVED + TODO: check CVE-2014-6291 RESERVED + TODO: check CVE-2014-6290 RESERVED + TODO: check CVE-2014-6289 RESERVED + TODO: check CVE-2014-6288 RESERVED + TODO: check CVE-2014-6287 RESERVED CVE-2014-6286 @@ -302,6 +314,7 @@ RESERVED CVE-2013-7400 RESERVED + TODO: check CVE-2014-6387 [Null byte poisoning in LDAP authentication] - mantis removed [wheezy] - mantis no-dsa (Minor issue) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28822 - data/CVE
Author: fgeek-guest Date: 2014-09-16 15:06:31 + (Tue, 16 Sep 2014) New Revision: 28822 Modified: data/CVE/list Log: NFU ESA-2014-091 Modified: data/CVE/list === --- data/CVE/list 2014-09-16 15:03:39 UTC (rev 28821) +++ data/CVE/list 2014-09-16 15:06:31 UTC (rev 28822) @@ -4093,8 +4093,10 @@ RESERVED CVE-2014-4622 RESERVED + NOT-FOR-US: EMC Documentum Content Server CVE-2014-4621 RESERVED + NOT-FOR-US: EMC Documentum Content Server CVE-2014-4620 RESERVED CVE-2014-4619 (EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28762 - data/CVE
Author: fgeek-guest Date: 2014-09-14 07:06:00 + (Sun, 14 Sep 2014) New Revision: 28762 Modified: data/CVE/list Log: CVE-2014-3632/neutron from external check Modified: data/CVE/list === --- data/CVE/list 2014-09-14 04:15:28 UTC (rev 28761) +++ data/CVE/list 2014-09-14 07:06:00 UTC (rev 28762) @@ -6279,6 +6279,8 @@ RESERVED CVE-2014-3632 RESERVED + - neutron unfixed + NOTE: Regression of fix for CVE-2013-6433 CVE-2014-3631 [keys: incorrect termination condition in assoc array garbage collection] RESERVED - linux unfixed ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28738 - data/CVE
Author: fgeek-guest Date: 2014-09-12 09:31:37 + (Fri, 12 Sep 2014) New Revision: 28738 Modified: data/CVE/list Log: NFU VMSA-2014-0009 Modified: data/CVE/list === --- data/CVE/list 2014-09-12 09:14:14 UTC (rev 28737) +++ data/CVE/list 2014-09-12 09:31:37 UTC (rev 28738) @@ -5723,6 +5723,7 @@ RESERVED CVE-2014-3796 RESERVED + NOT-FOR-US: VMware NSX and vCNS CVE-2014-3795 RESERVED CVE-2014-3794 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28710 - data/CVE
Author: fgeek-guest Date: 2014-09-11 07:36:57 + (Thu, 11 Sep 2014) New Revision: 28710 Modified: data/CVE/list Log: CVE-2014-6311/ace Modified: data/CVE/list === --- data/CVE/list 2014-09-11 06:41:07 UTC (rev 28709) +++ data/CVE/list 2014-09-11 07:36:57 UTC (rev 28710) @@ -1,3 +1,5 @@ +CVE-2014-6311 [/tmp file vulnerability in generate_doxygen.pl] + - ace unfixed (bug #760709) CVE-2014-6270 [snmp off-by-one] - squid unfixed (unimportant) NOTE: SNMP not built in squid 2 @@ -13,8 +15,6 @@ [squeeze] - squid3 no-dsa (Minor issue) [wheezy] - squid3 no-dsa (Minor issue) NOTE: https://bugzilla.novell.com/show_bug.cgi?id=891268 -CVE-2014- [/tmp file vulnerability in generate_doxygen.pl] - - ace unfixed (bug #760709) CVE-2014-6268 [XSA-107] - xen unfixed [wheezy] - xen not-affected (Affects only Xen 4.4 onwards) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28713 - data/CVE
Author: fgeek-guest Date: 2014-09-11 09:55:46 + (Thu, 11 Sep 2014) New Revision: 28713 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2014-09-11 09:14:19 UTC (rev 28712) +++ data/CVE/list 2014-09-11 09:55:46 UTC (rev 28713) @@ -3175,6 +3175,7 @@ RESERVED CVE-2014-4865 RESERVED + NOT-FOR-US: CacheGuard-OS CVE-2014-4864 RESERVED CVE-2014-4863 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28714 - data/CVE
Author: fgeek-guest Date: 2014-09-11 10:05:02 + (Thu, 11 Sep 2014) New Revision: 28714 Modified: data/CVE/list Log: CVE-2014-6310 Modified: data/CVE/list === --- data/CVE/list 2014-09-11 09:55:46 UTC (rev 28713) +++ data/CVE/list 2014-09-11 10:05:02 UTC (rev 28714) @@ -1,5 +1,7 @@ CVE-2014-6311 [/tmp file vulnerability in generate_doxygen.pl] - ace unfixed (bug #760709) +CVE-2014-6310 + - chicken not-affected (Affects only CHICKEN Scheme on the Android platform) CVE-2014-6270 [snmp off-by-one] - squid unfixed (unimportant) NOTE: SNMP not built in squid 2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28685 - data/CVE
Author: fgeek-guest Date: 2014-09-10 11:54:59 + (Wed, 10 Sep 2014) New Revision: 28685 Modified: data/CVE/list Log: NFU HPSBMU03075 Modified: data/CVE/list === --- data/CVE/list 2014-09-10 11:13:11 UTC (rev 28684) +++ data/CVE/list 2014-09-10 11:54:59 UTC (rev 28685) @@ -8808,6 +8808,7 @@ NOT-FOR-US: HP Network Virtualization CVE-2014-2624 RESERVED + NOT-FOR-US: HP Network Node Manager CVE-2014-2623 (Unspecified vulnerability in HP Storage Data Protector 8.x allows ...) NOT-FOR-US: HP Data Protector CVE-2014-2622 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r28688 - data/CVE
Author: fgeek-guest Date: 2014-09-10 14:41:19 + (Wed, 10 Sep 2014) New Revision: 28688 Modified: data/CVE/list Log: CVE-2013-/tomcat7 Modified: data/CVE/list === --- data/CVE/list 2014-09-10 14:27:30 UTC (rev 28687) +++ data/CVE/list 2014-09-10 14:41:19 UTC (rev 28688) @@ -22949,8 +22949,9 @@ NOT-FOR-US: Context Drupal contributed module CVE-2013-4445 (The json rendering functionality in the Context module 6.x-2.x before ...) NOT-FOR-US: Context Drupal contributed module -CVE-2013- +CVE-2013- [remote code execution in limited circumstances] RESERVED + - tomcat7 unfixed CVE-2013-4443 REJECTED CVE-2013-4442 [Silent fallback to insecure entropy] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
