Author: sectracker Date: 2015-05-13 21:10:17 +0000 (Wed, 13 May 2015) New Revision: 34253
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2015-05-13 20:38:14 UTC (rev 34252) +++ data/CVE/list 2015-05-13 21:10:17 UTC (rev 34253) @@ -1,6 +1,332 @@ +CVE-2015-3981 (SAP NetWeaver RFC SDK allows attackers to obtain sensitive information ...) + TODO: check +CVE-2015-3980 (SQL injection vulnerability in the Business Rules Framework ...) + TODO: check +CVE-2015-3979 (Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) ...) + TODO: check +CVE-2015-3978 (SAP Sybase Unwired Platform Online Data Proxy allows local users to ...) + TODO: check +CVE-2015-3977 + RESERVED +CVE-2015-3976 + RESERVED +CVE-2015-3975 + RESERVED +CVE-2015-3974 + RESERVED +CVE-2015-3973 + RESERVED +CVE-2015-3972 + RESERVED +CVE-2015-3971 + RESERVED +CVE-2015-3970 + RESERVED +CVE-2015-3969 + RESERVED +CVE-2015-3968 + RESERVED +CVE-2015-3967 + RESERVED +CVE-2015-3966 + RESERVED +CVE-2015-3965 + RESERVED +CVE-2015-3964 + RESERVED +CVE-2015-3963 + RESERVED +CVE-2015-3962 + RESERVED +CVE-2015-3961 + RESERVED +CVE-2015-3960 + RESERVED +CVE-2015-3959 + RESERVED +CVE-2015-3958 + RESERVED +CVE-2015-3957 + RESERVED +CVE-2015-3956 + RESERVED +CVE-2015-3955 + RESERVED +CVE-2015-3954 + RESERVED +CVE-2015-3953 + RESERVED +CVE-2015-3952 + RESERVED +CVE-2015-3951 + RESERVED +CVE-2015-3950 + RESERVED +CVE-2015-3949 + RESERVED +CVE-2015-3948 + RESERVED +CVE-2015-3947 + RESERVED +CVE-2015-3946 + RESERVED +CVE-2015-3945 + RESERVED +CVE-2015-3944 + RESERVED +CVE-2015-3943 + RESERVED +CVE-2015-3942 + RESERVED +CVE-2015-3941 + RESERVED +CVE-2015-3940 + RESERVED +CVE-2015-3939 + RESERVED +CVE-2015-3938 + RESERVED +CVE-2015-3937 + RESERVED +CVE-2015-3936 + RESERVED +CVE-2015-3935 + RESERVED +CVE-2015-3934 + RESERVED +CVE-2015-3933 + RESERVED +CVE-2015-3932 + RESERVED +CVE-2015-3931 + RESERVED +CVE-2015-3930 + RESERVED +CVE-2015-3929 + RESERVED +CVE-2015-3928 + RESERVED +CVE-2015-3927 + RESERVED +CVE-2015-3926 + RESERVED +CVE-2015-3925 + RESERVED +CVE-2015-3924 + RESERVED +CVE-2015-3923 + RESERVED +CVE-2015-3922 + RESERVED +CVE-2015-3921 + RESERVED +CVE-2015-3920 + RESERVED +CVE-2015-3919 + RESERVED +CVE-2015-3918 + RESERVED +CVE-2015-3917 + RESERVED +CVE-2015-3916 + RESERVED +CVE-2015-3915 + RESERVED +CVE-2015-3914 + RESERVED +CVE-2015-3913 + RESERVED +CVE-2015-3912 + RESERVED +CVE-2015-3911 + RESERVED +CVE-2015-3910 + RESERVED +CVE-2015-3909 + RESERVED +CVE-2015-3908 + RESERVED +CVE-2015-3907 + RESERVED +CVE-2015-3906 + RESERVED +CVE-2015-3905 + RESERVED +CVE-2015-3904 + RESERVED +CVE-2015-3901 + RESERVED +CVE-2015-3900 + RESERVED +CVE-2015-3899 + RESERVED +CVE-2015-3898 + RESERVED +CVE-2015-3897 + RESERVED +CVE-2015-3896 + RESERVED +CVE-2015-3895 + RESERVED +CVE-2015-3894 + RESERVED +CVE-2015-3893 + RESERVED +CVE-2015-3892 + RESERVED +CVE-2015-3891 + RESERVED +CVE-2015-3890 + RESERVED +CVE-2015-3889 + RESERVED +CVE-2015-3888 + RESERVED +CVE-2015-3887 + RESERVED +CVE-2015-3886 + RESERVED +CVE-2015-3884 + RESERVED +CVE-2015-3883 + RESERVED +CVE-2015-3882 + RESERVED +CVE-2015-3881 + RESERVED +CVE-2015-3879 + RESERVED +CVE-2015-3878 + RESERVED +CVE-2015-3877 + RESERVED +CVE-2015-3876 + RESERVED +CVE-2015-3875 + RESERVED +CVE-2015-3874 + RESERVED +CVE-2015-3873 + RESERVED +CVE-2015-3872 + RESERVED +CVE-2015-3871 + RESERVED +CVE-2015-3870 + RESERVED +CVE-2015-3869 + RESERVED +CVE-2015-3868 + RESERVED +CVE-2015-3867 + RESERVED +CVE-2015-3866 + RESERVED +CVE-2015-3865 + RESERVED +CVE-2015-3864 + RESERVED +CVE-2015-3863 + RESERVED +CVE-2015-3862 + RESERVED +CVE-2015-3861 + RESERVED +CVE-2015-3860 + RESERVED +CVE-2015-3859 + RESERVED +CVE-2015-3858 + RESERVED +CVE-2015-3857 + RESERVED +CVE-2015-3856 + RESERVED +CVE-2015-3855 + RESERVED +CVE-2015-3854 + RESERVED +CVE-2015-3853 + RESERVED +CVE-2015-3852 + RESERVED +CVE-2015-3851 + RESERVED +CVE-2015-3850 + RESERVED +CVE-2015-3849 + RESERVED +CVE-2015-3848 + RESERVED +CVE-2015-3847 + RESERVED +CVE-2015-3846 + RESERVED +CVE-2015-3845 + RESERVED +CVE-2015-3844 + RESERVED +CVE-2015-3843 + RESERVED +CVE-2015-3842 + RESERVED +CVE-2015-3841 + RESERVED +CVE-2015-3840 + RESERVED +CVE-2015-3839 + RESERVED +CVE-2015-3838 + RESERVED +CVE-2015-3837 + RESERVED +CVE-2015-3836 + RESERVED +CVE-2015-3835 + RESERVED +CVE-2015-3834 + RESERVED +CVE-2015-3833 + RESERVED +CVE-2015-3832 + RESERVED +CVE-2015-3831 + RESERVED +CVE-2015-3830 + RESERVED +CVE-2015-3829 + RESERVED +CVE-2015-3828 + RESERVED +CVE-2015-3827 + RESERVED +CVE-2015-3826 + RESERVED +CVE-2015-3825 + RESERVED +CVE-2015-3824 + RESERVED +CVE-2015-3823 + RESERVED +CVE-2015-3822 + RESERVED +CVE-2015-3821 + RESERVED +CVE-2015-3820 + RESERVED +CVE-2015-3819 + RESERVED +CVE-2015-3818 + RESERVED +CVE-2015-3817 + RESERVED +CVE-2015-3816 + RESERVED CVE-2015-3903 [phpmyadmin PMASA-2015-3 A vulnerability in the API call to GitHub can be exploited to perform a man-in-the-middle attack.] + RESERVED - phpmyadmin <unfixed> (unimportant) CVE-2015-3902 [phpmyadmin PMASA-2015-2 XSRF/CSRF vulnerability in phpMyAdmin setup.] + RESERVED - phpmyadmin <unfixed> (unimportant) CVE-2015-XXXX [drivers/vhost/scsi.c: potential memory corruption] - linux 4.0.2-1 @@ -377,6 +703,7 @@ CVE-2015-3644 RESERVED CVE-2015-3885 [dcraw imput sanitization errors] + RESERVED - dcraw <unfixed> (bug #785019) - ufraw <unfixed> - libraw <unfixed> @@ -391,6 +718,7 @@ NOTE: https://codesearch.debian.net/results/int%20CLASS%20ljpeg_start TODO: check still needed (list complete? affected versions?) CVE-2015-3880 [open redirect] + RESERVED - phpbb3 3.0.14-1 [jessie] - phpbb3 <no-dsa> (Minor issue) [wheezy] - phpbb3 <no-dsa> (Minor issue) @@ -527,8 +855,8 @@ RESERVED CVE-2015-3621 RESERVED -CVE-2015-3620 - RESERVED +CVE-2015-3620 (Cross-site scripting (XSS) vulnerability in the advanced dataset ...) + TODO: check CVE-2015-3619 RESERVED CVE-2015-3618 @@ -897,8 +1225,7 @@ CVE-2015-XXXX [Saltstack SSL verification disabling for alibabab cloud module] - salt <not-affected> (Vulnerable code not present in the version in Debian stable/unstable) NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/02/1 -CVE-2015-3646 [Potential Keystone cache backend password leak in log] - RESERVED +CVE-2015-3646 (OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before ...) - keystone 2015.1.0-1 [jessie] - keystone <no-dsa> (Minor issue) [wheezy] - keystone <not-affected> (Vulnerable code not present) @@ -917,6 +1244,7 @@ TODO: check CVE-2015-3456 [vulnerability in QEMU's virtual Floppy Disk Controller] RESERVED + {DSA-3259-1} - qemu <unfixed> - qemu-kvm <removed> - xen 4.4.0-1 @@ -939,8 +1267,7 @@ TODO: check CVE-2015-3447 (Multiple cross-site scripting (XSS) vulnerabilities in ...) TODO: check -CVE-2015-3622 [Heap overflow / invalid read] - RESERVED +CVE-2015-3622 (The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 ...) {DSA-3256-1} - libtasn1-6 4.4-3 - libtasn1-3 <not-affected> (Introduced with 3.6) @@ -1064,8 +1391,7 @@ - wordpress 4.2+dfsg-1 (bug #783347) NOTE: http://codex.wordpress.org/Version_4.1.2 NOTE: https://wordpress.org/news/2015/04/wordpress-4-1-2/ -CVE-2015-3451 [XEE] - RESERVED +CVE-2015-3451 (The _clone function in XML::LibXML before 2.0119 does not properly set ...) {DSA-3243-1 DLA-214-1} - libxml-libxml-perl 2.0116+dfsg-2 (bug #783443) NOTE: http://www.openwall.com/lists/oss-security/2015/04/25/2 @@ -1825,102 +2151,102 @@ RESERVED CVE-2015-3094 RESERVED -CVE-2015-3093 - RESERVED -CVE-2015-3092 - RESERVED -CVE-2015-3091 - RESERVED -CVE-2015-3090 - RESERVED -CVE-2015-3089 - RESERVED -CVE-2015-3088 - RESERVED -CVE-2015-3087 - RESERVED -CVE-2015-3086 - RESERVED -CVE-2015-3085 - RESERVED -CVE-2015-3084 - RESERVED -CVE-2015-3083 - RESERVED -CVE-2015-3082 - RESERVED -CVE-2015-3081 - RESERVED -CVE-2015-3080 - RESERVED -CVE-2015-3079 - RESERVED -CVE-2015-3078 - RESERVED -CVE-2015-3077 - RESERVED -CVE-2015-3076 - RESERVED -CVE-2015-3075 - RESERVED -CVE-2015-3074 - RESERVED -CVE-2015-3073 - RESERVED -CVE-2015-3072 - RESERVED -CVE-2015-3071 - RESERVED -CVE-2015-3070 - RESERVED -CVE-2015-3069 - RESERVED -CVE-2015-3068 - RESERVED -CVE-2015-3067 - RESERVED -CVE-2015-3066 - RESERVED -CVE-2015-3065 - RESERVED -CVE-2015-3064 - RESERVED -CVE-2015-3063 - RESERVED -CVE-2015-3062 - RESERVED -CVE-2015-3061 - RESERVED -CVE-2015-3060 - RESERVED -CVE-2015-3059 - RESERVED -CVE-2015-3058 - RESERVED -CVE-2015-3057 - RESERVED -CVE-2015-3056 - RESERVED -CVE-2015-3055 - RESERVED -CVE-2015-3054 - RESERVED -CVE-2015-3053 - RESERVED -CVE-2015-3052 - RESERVED -CVE-2015-3051 - RESERVED -CVE-2015-3050 - RESERVED -CVE-2015-3049 - RESERVED -CVE-2015-3048 - RESERVED -CVE-2015-3047 - RESERVED -CVE-2015-3046 - RESERVED +CVE-2015-3093 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...) + TODO: check +CVE-2015-3092 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...) + TODO: check +CVE-2015-3091 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...) + TODO: check +CVE-2015-3090 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...) + TODO: check +CVE-2015-3089 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...) + TODO: check +CVE-2015-3088 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.289 and ...) + TODO: check +CVE-2015-3087 (Integer overflow in Adobe Flash Player before 13.0.0.289 and 14.x ...) + TODO: check +CVE-2015-3086 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...) + TODO: check +CVE-2015-3085 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...) + TODO: check +CVE-2015-3084 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...) + TODO: check +CVE-2015-3083 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...) + TODO: check +CVE-2015-3082 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...) + TODO: check +CVE-2015-3081 (Race condition in Adobe Flash Player before 13.0.0.289 and 14.x ...) + TODO: check +CVE-2015-3080 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.289 ...) + TODO: check +CVE-2015-3079 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...) + TODO: check +CVE-2015-3078 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...) + TODO: check +CVE-2015-3077 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...) + TODO: check +CVE-2015-3076 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...) + TODO: check +CVE-2015-3075 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...) + TODO: check +CVE-2015-3074 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...) + TODO: check +CVE-2015-3073 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...) + TODO: check +CVE-2015-3072 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...) + TODO: check +CVE-2015-3071 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...) + TODO: check +CVE-2015-3070 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...) + TODO: check +CVE-2015-3069 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...) + TODO: check +CVE-2015-3068 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...) + TODO: check +CVE-2015-3067 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...) + TODO: check +CVE-2015-3066 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...) + TODO: check +CVE-2015-3065 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...) + TODO: check +CVE-2015-3064 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...) + TODO: check +CVE-2015-3063 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...) + TODO: check +CVE-2015-3062 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...) + TODO: check +CVE-2015-3061 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...) + TODO: check +CVE-2015-3060 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...) + TODO: check +CVE-2015-3059 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...) + TODO: check +CVE-2015-3058 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...) + TODO: check +CVE-2015-3057 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...) + TODO: check +CVE-2015-3056 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...) + TODO: check +CVE-2015-3055 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...) + TODO: check +CVE-2015-3054 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...) + TODO: check +CVE-2015-3053 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...) + TODO: check +CVE-2015-3052 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...) + TODO: check +CVE-2015-3051 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...) + TODO: check +CVE-2015-3050 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...) + TODO: check +CVE-2015-3049 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...) + TODO: check +CVE-2015-3048 (Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.14 and ...) + TODO: check +CVE-2015-3047 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...) + TODO: check +CVE-2015-3046 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...) + TODO: check CVE-2015-3045 RESERVED CVE-2015-3044 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...) @@ -2426,14 +2752,14 @@ RESERVED CVE-2015-2846 (BitTorrent Sync allows remote attackers to execute arbitrary commands ...) - btsync <itp> (bug #706639) -CVE-2015-2845 - RESERVED -CVE-2015-2844 - RESERVED -CVE-2015-2843 - RESERVED -CVE-2015-2842 - RESERVED +CVE-2015-2845 (The cpanel function in go_site.php in GoAutoDial GoAdmin CE before ...) + TODO: check +CVE-2015-2844 (The cpanel function in go_site.php in GoAutoDial GoAdmin CE before ...) + TODO: check +CVE-2015-2843 (Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before ...) + TODO: check +CVE-2015-2842 (Unrestricted file upload vulnerability in go_audiostore.php in the ...) + TODO: check CVE-2015-2841 (Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote ...) NOT-FOR-US: Citrix NetScaler CVE-2015-2840 (Cross-site scripting (XSS) vulnerability in help/rt/large_search.html ...) @@ -2532,8 +2858,8 @@ - linux 3.16.7-ckt9-1 - linux-2.6 <removed> NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6fd99094de2b83d1d4c8457f2c83483b2828e75a -CVE-2015-2829 - RESERVED +CVE-2015-2829 (Citrix NetScaler Application Delivery Controller (ADC) and NetScaler ...) + TODO: check CVE-2015-2828 (CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate ...) NOT-FOR-US: CA Spectrum CVE-2015-2827 (Cross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x and ...) @@ -2786,6 +3112,7 @@ - arj 3.10.22-13 (bug #774015) NOTE: http://www.openwall.com/lists/oss-security/2015/03/28/5 CVE-2015-2756 (QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict ...) + {DSA-3259-1} - xen 4.2.0~rc2-1 (bug #781620) [squeeze] - xen <end-of-life> (Not supported in Squeeze LTS) - qemu <unfixed> @@ -2889,6 +3216,7 @@ [squeeze] - iceweasel <not-affected> (Only affects 37.x) CVE-2015-2716 RESERVED + {DSA-3260-1} - iceweasel 38.0-1 [squeeze] - iceweasel <end-of-life> - icedove <unfixed> @@ -2905,6 +3233,7 @@ - iceweasel <not-affected> (Only affects Firefox on Android) CVE-2015-2713 RESERVED + {DSA-3260-1} - iceweasel 38.0-1 [squeeze] - iceweasel <end-of-life> - icedove <unfixed> @@ -2924,6 +3253,7 @@ [squeeze] - iceweasel <not-affected> (Only affects 37.x) CVE-2015-2710 RESERVED + {DSA-3260-1} - iceweasel 38.0-1 [squeeze] - iceweasel <end-of-life> - icedove <unfixed> @@ -2938,6 +3268,7 @@ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-46/ CVE-2015-2708 RESERVED + {DSA-3260-1} - iceweasel 38.0-1 [squeeze] - iceweasel <end-of-life> - icedove <unfixed> @@ -3054,8 +3385,7 @@ RESERVED CVE-2015-2669 RESERVED -CVE-2015-2668 [Infinite loop condition on a crafted "xz" archive file] - RESERVED +CVE-2015-2668 (ClamAV before 0.98.7 allows remote attackers to cause a denial of ...) - clamav 0.98.7+dfsg-1 [wheezy] - clamav <no-dsa> (Clamav is only updated through -updates) [jessie] - clamav <no-dsa> (Clamav is only updated through -updates) @@ -3723,6 +4053,7 @@ NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339 (v3.19-rc1) NOTE: http://www.openwall.com/lists/oss-security/2015/03/24/11 CVE-2014-9718 (The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in ...) + {DSA-3259-1} - qemu <unfixed> (unimportant; bug #781250) - qemu-kvm <removed> (unimportant) NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3251bdcf1c67427d964517053c3d185b46e618e8 (v2.2.0-rc2) @@ -4271,10 +4602,10 @@ RESERVED CVE-2015-2235 REJECTED -CVE-2015-2234 - RESERVED -CVE-2015-2233 - RESERVED +CVE-2015-2234 (Race condition in Lenovo System Update (formerly ThinkVantage System ...) + TODO: check +CVE-2015-2233 (Lenovo System Update (formerly ThinkVantage System Update) before ...) + TODO: check CVE-2015-2232 RESERVED CVE-2015-2231 @@ -4295,14 +4626,12 @@ RESERVED CVE-2015-2223 (Multiple cross-site scripting (XSS) vulnerabilities in Palo Alto ...) NOT-FOR-US: Palo Alto Networks Traps -CVE-2015-2222 [Crash on crafted petite packed file] - RESERVED +CVE-2015-2222 (ClamAV before 0.98.7 allows remote attackers to cause a denial of ...) - clamav 0.98.7+dfsg-1 [wheezy] - clamav <no-dsa> (Clamav is only updated through -updates) [jessie] - clamav <no-dsa> (Clamav is only updated through -updates) NOTE: https://github.com/vrtadmin/clamav-devel/commit/8aeedf3c4282bc916d6f6c290e1e530d125ec953 -CVE-2015-2221 [Infinite loop condition on crafted y0da cryptor file] - RESERVED +CVE-2015-2221 (ClamAV before 0.98.7 allows remote attackers to cause a denial of ...) - clamav 0.98.7+dfsg-1 [wheezy] - clamav <no-dsa> (Clamav is only updated through -updates) [jessie] - clamav <no-dsa> (Clamav is only updated through -updates) @@ -4310,8 +4639,8 @@ NOTE: https://github.com/vrtadmin/clamav-devel/commit/26b19809fb3b940cb0fda0422d685fff02a53b5f CVE-2015-2220 (Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms ...) NOT-FOR-US: Ninja Forms plugin for WordPress -CVE-2015-2219 - RESERVED +CVE-2015-2219 (Lenovo System Update (formerly ThinkVantage System Update) before ...) + TODO: check CVE-2015-2218 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin for WordPress CVE-2015-2217 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate PHP ...) @@ -4454,8 +4783,7 @@ - zope2.12 2.12.10-1 CVE-2015-2171 (Middleware/SessionCookie.php in Slim before 2.6.0 allows remote ...) NOT-FOR-US: Slim PHP Framework -CVE-2015-2170 [Crash in upx decoder with crafted file] - RESERVED +CVE-2015-2170 (The upx decoder in ClamAV before 0.98.7 allows remote attackers to ...) - clamav 0.98.7+dfsg-1 [wheezy] - clamav <no-dsa> (Clamav is only updated through -updates) [jessie] - clamav <no-dsa> (Clamav is only updated through -updates) @@ -5151,8 +5479,8 @@ RESERVED CVE-2015-1882 (Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 ...) TODO: check -CVE-2015-1880 - RESERVED +CVE-2015-1880 (Cross-site scripting (XSS) vulnerability in sslvpn login page in ...) + TODO: check CVE-2015-1879 (Cross-site scripting (XSS) vulnerability in the Google Doc Embedder ...) NOT-FOR-US: Google Doc Embedder plugin for WordPress CVE-2015-2042 (net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect ...) @@ -5238,8 +5566,7 @@ NOT-FOR-US: abrt is Red Hat / Fedora specific CVE-2015-1861 RESERVED -CVE-2015-1860 [segmentation fault in qgifhandler.cpp] - RESERVED +CVE-2015-1860 (Multiple buffer overflows in the QtBase module in Qt before 4.8.7 and ...) {DLA-210-1} - qt4-x11 4:4.8.6+git155-g716fbae+dfsg-2 (bug #783133) [jessie] - qt4-x11 <no-dsa> (Minor issue) @@ -5247,8 +5574,7 @@ - qtbase-opensource-src 5.3.2+dfsg-5 (bug #783134) [jessie] - qtbase-opensource-src <no-dsa> (Minor issue) NOTE: http://lists.qt-project.org/pipermail/announce/2015-April/000067.html -CVE-2015-1859 [segmentation fault in qicohandler.cpp] - RESERVED +CVE-2015-1859 (Multiple buffer overflows in the QtBase module in Qt before 4.8.7 and ...) {DLA-210-1} - qt4-x11 4:4.8.6+git155-g716fbae+dfsg-2 (bug #783133) [jessie] - qt4-x11 <no-dsa> (Minor issue) @@ -5256,8 +5582,7 @@ - qtbase-opensource-src 5.3.2+dfsg-5 (bug #783134) [jessie] - qtbase-opensource-src <no-dsa> (Minor issue) NOTE: http://lists.qt-project.org/pipermail/announce/2015-April/000067.html -CVE-2015-1858 [segmentation fault in qbmphandler.cpp] - RESERVED +CVE-2015-1858 (Multiple buffer overflows in the QtBase module in Qt before 4.8.7 and ...) {DLA-210-1} - qt4-x11 4:4.8.6+git155-g716fbae+dfsg-2 (bug #783133) [jessie] - qt4-x11 <no-dsa> (Minor issue) @@ -5525,6 +5850,7 @@ NOT-FOR-US: oVirt Engine backend CVE-2015-1779 [denial of service in VNC web] RESERVED + {DSA-3259-1} - qemu <unfixed> (bug #781250) [wheezy] - qemu <not-affected> (Websocket protocol support introduced in v1.4.0-rc0) [squeeze] - qemu <not-affected> (Websocket protocol support introduced in v1.4.0-rc0) @@ -5658,104 +5984,104 @@ RESERVED CVE-2015-1719 RESERVED -CVE-2015-1718 - RESERVED -CVE-2015-1717 - RESERVED -CVE-2015-1716 - RESERVED -CVE-2015-1715 - RESERVED -CVE-2015-1714 - RESERVED -CVE-2015-1713 - RESERVED -CVE-2015-1712 - RESERVED -CVE-2015-1711 - RESERVED -CVE-2015-1710 - RESERVED -CVE-2015-1709 - RESERVED -CVE-2015-1708 - RESERVED +CVE-2015-1718 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) + TODO: check +CVE-2015-1717 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) + TODO: check +CVE-2015-1716 (Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, ...) + TODO: check +CVE-2015-1715 (Microsoft Silverlight 5 before 5.1.40416.00 allows remote attackers to ...) + TODO: check +CVE-2015-1714 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...) + TODO: check +CVE-2015-1713 (Microsoft Internet Explorer 11 allows remote attackers to gain ...) + TODO: check +CVE-2015-1712 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...) + TODO: check +CVE-2015-1711 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) + TODO: check +CVE-2015-1710 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...) + TODO: check +CVE-2015-1709 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...) + TODO: check +CVE-2015-1708 (Microsoft Internet Explorer 7 and 8 allows remote attackers to execute ...) + TODO: check CVE-2015-1707 RESERVED -CVE-2015-1706 - RESERVED -CVE-2015-1705 - RESERVED -CVE-2015-1704 - RESERVED -CVE-2015-1703 - RESERVED -CVE-2015-1702 - RESERVED -CVE-2015-1701 (Unspecified vulnerability in Microsoft Windows before 8 allows local ...) +CVE-2015-1706 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) + TODO: check +CVE-2015-1705 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) + TODO: check +CVE-2015-1704 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...) + TODO: check +CVE-2015-1703 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...) + TODO: check +CVE-2015-1702 (The Service Control Manager (SCM) in Microsoft Windows Server 2003 ...) + TODO: check +CVE-2015-1701 (Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...) NOT-FOR-US: Microsoft Windows -CVE-2015-1700 - RESERVED -CVE-2015-1699 - RESERVED -CVE-2015-1698 - RESERVED -CVE-2015-1697 - RESERVED -CVE-2015-1696 - RESERVED -CVE-2015-1695 - RESERVED -CVE-2015-1694 - RESERVED +CVE-2015-1700 (Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, ...) + TODO: check +CVE-2015-1699 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...) + TODO: check +CVE-2015-1698 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...) + TODO: check +CVE-2015-1697 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...) + TODO: check +CVE-2015-1696 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...) + TODO: check +CVE-2015-1695 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...) + TODO: check +CVE-2015-1694 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...) + TODO: check CVE-2015-1693 RESERVED -CVE-2015-1692 - RESERVED -CVE-2015-1691 - RESERVED +CVE-2015-1692 (Microsoft Internet Explorer 7 through 11 allows user-assisted remote ...) + TODO: check +CVE-2015-1691 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...) + TODO: check CVE-2015-1690 RESERVED -CVE-2015-1689 - RESERVED -CVE-2015-1688 - RESERVED +CVE-2015-1689 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) + TODO: check +CVE-2015-1688 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...) + TODO: check CVE-2015-1687 RESERVED -CVE-2015-1686 - RESERVED -CVE-2015-1685 - RESERVED -CVE-2015-1684 - RESERVED -CVE-2015-1683 - RESERVED -CVE-2015-1682 - RESERVED -CVE-2015-1681 - RESERVED -CVE-2015-1680 - RESERVED -CVE-2015-1679 - RESERVED -CVE-2015-1678 - RESERVED -CVE-2015-1677 - RESERVED -CVE-2015-1676 - RESERVED -CVE-2015-1675 - RESERVED -CVE-2015-1674 - RESERVED -CVE-2015-1673 - RESERVED -CVE-2015-1672 - RESERVED -CVE-2015-1671 - RESERVED -CVE-2015-1670 - RESERVED +CVE-2015-1686 (The Microsoft (1) VBScript 5.6 through 5.8 and (2) JScript 5.6 through ...) + TODO: check +CVE-2015-1685 (Microsoft Internet Explorer 11 allows remote attackers to bypass the ...) + TODO: check +CVE-2015-1684 (VBScript.dll in the Microsoft VBScript 5.6 through 5.8 engine, as used ...) + TODO: check +CVE-2015-1683 (Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary ...) + TODO: check +CVE-2015-1682 (Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word ...) + TODO: check +CVE-2015-1681 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...) + TODO: check +CVE-2015-1680 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows ...) + TODO: check +CVE-2015-1679 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows ...) + TODO: check +CVE-2015-1678 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows ...) + TODO: check +CVE-2015-1677 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows ...) + TODO: check +CVE-2015-1676 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows ...) + TODO: check +CVE-2015-1675 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...) + TODO: check +CVE-2015-1674 (The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 ...) + TODO: check +CVE-2015-1673 (The Windows Forms (aka WinForms) libraries in Microsoft .NET Framework ...) + TODO: check +CVE-2015-1672 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 ...) + TODO: check +CVE-2015-1671 (The Windows DirectWrite library, as used in Microsoft .NET Framework ...) + TODO: check +CVE-2015-1670 (The Windows DirectWrite library, as used in Microsoft .NET Framework ...) + TODO: check CVE-2015-1669 RESERVED CVE-2015-1668 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...) @@ -5778,8 +6104,8 @@ NOT-FOR-US: Microsoft Internet Explorer CVE-2015-1659 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer -CVE-2015-1658 - RESERVED +CVE-2015-1658 (Microsoft Internet Explorer 11 allows remote attackers to execute ...) + TODO: check CVE-2015-1657 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2015-1656 @@ -8932,7 +9258,7 @@ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-43/ CVE-2015-0797 [buffer overflow in the plugin for mp4 playback] RESERVED - {DSA-3225-1} + {DSA-3260-1 DSA-3225-1} - gst-plugins-bad0.10 <unfixed> (bug #784220) [jessie] - gst-plugins-bad0.10 <no-dsa> (Minor impact compared to wheezy, no browser attack vector) [squeeze] - gst-plugins-bad0.10 <not-affected> (vulnerable code (gst/videoparsers/*) introduced later) @@ -10913,8 +11239,8 @@ NOTE: https://github.com/vrtadmin/clamav-devel/commit/5e1fbf3668bd167828d675830103b3c1ccdcb76d CVE-2014-9327 RESERVED -CVE-2014-9326 - RESERVED +CVE-2014-9326 (The automatic signature update functionality in the (1) Phone Home ...) + TODO: check CVE-2014-9325 (Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 ...) NOT-FOR-US: Twiki NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9325 @@ -11443,8 +11769,8 @@ NOT-FOR-US: Adobe Flash Player CVE-2014-9161 (CoolType.dll in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x ...) NOT-FOR-US: Adobe -CVE-2014-9160 - RESERVED +CVE-2014-9160 (Multiple heap-based buffer overflows in Adobe Reader and Acrobat 10.x ...) + TODO: check CVE-2014-9159 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before ...) NOT-FOR-US: Adobe Reader CVE-2014-9158 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...) @@ -13565,14 +13891,14 @@ RESERVED CVE-2014-8620 RESERVED -CVE-2014-8619 - RESERVED -CVE-2014-8618 - RESERVED +CVE-2014-8619 (Cross-site scripting (XSS) vulnerability in autolearn configuration ...) + TODO: check +CVE-2014-8618 (Cross-site scripting (XSS) vulnerability in theme login page in ...) + TODO: check CVE-2014-8617 (Cross-site scripting (XSS) vulnerability in the Web Action Quarantine ...) NOT-FOR-US: FortiMail -CVE-2014-8616 - RESERVED +CVE-2014-8616 (Multiple cross-site scripting (XSS) vulnerabilities in Fortinet ...) + TODO: check CVE-2014-8615 REJECTED CVE-2014-8614 @@ -78710,6 +79036,7 @@ - chromium-browser 18.0.1025.168~r134367-1 [squeeze] - chromium-browser <end-of-life> CVE-2011-3079 (The Inter-process Communication (IPC) implementation in Google Chrome ...) + {DSA-3260-1} - chromium-browser 18.0.1025.168~r134367-1 [squeeze] - chromium-browser <end-of-life> - iceweasel <not-affected> (Only affects Firefox on Windows) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits