Author: sectracker
Date: 2015-06-14 21:10:13 +0000 (Sun, 14 Jun 2015)
New Revision: 34943
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-06-14 20:51:47 UTC (rev 34942)
+++ data/CVE/list 2015-06-14 21:10:13 UTC (rev 34943)
@@ -705,6 +705,7 @@
NOT-FOR-US: AVM Fritz!Box
CVE-2014-9731 [udf: information leakage when reading symlink]
RESERVED
+ {DLA-246-1}
- linux 3.16.7-ckt4-1
[wheezy] - linux 3.2.68-1
- linux-2.6 <removed>
@@ -721,6 +722,7 @@
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/06/02/8
CVE-2014-9730 [properly ignore component length for component types that do
not use it]
RESERVED
+ {DLA-246-1}
- linux 3.16.7-ckt4-1
[wheezy] - linux 3.2.68-1
- linux-2.6 <removed>
@@ -728,6 +730,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/06/02/7
CVE-2014-9729 [iinfo->i_lenAlloc != inode->i_size]
RESERVED
+ {DLA-246-1}
- linux 3.16.7-ckt4-1
[wheezy] - linux 3.2.68-1
- linux-2.6 <removed>
@@ -735,6 +738,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/06/02/7
CVE-2014-9728 [length can be too long (addressed in three commits)]
RESERVED
+ {DLA-246-1}
- linux 3.16.7-ckt4-1
[wheezy] - linux 3.2.68-1
- linux-2.6 <removed>
@@ -744,6 +748,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/06/02/7
CVE-2015-4167 [fs: udf kernel oops]
RESERVED
+ {DLA-246-1}
- linux 4.0.2-1
- linux-2.6 <removed>
NOTE: Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23b133bdc452aa441fcb9b82cbf6dd05cfd342d0
(v4.0-rc1)
@@ -2796,6 +2801,7 @@
NOTE:
http://cgit.freedesktop.org/xorg/xserver/commit/?id=dc777c346d5d452a53b13b917c45f6a1bad2f20b
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=928520 (not public
yet)
CVE-2015-3417 (Use-after-free vulnerability in the ff_h264_free_tables
function in ...)
+ {DSA-3288-1}
- ffmpeg 7:2.6.1-1
[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
- libav 6:11.4-1
@@ -2820,6 +2826,7 @@
RESERVED
CVE-2015-3395 [invalid memory access]
RESERVED
+ {DSA-3288-1}
- ffmpeg 7:2.6.2-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav 6:11.4-1
@@ -2979,7 +2986,7 @@
NOTE:
https://git.php.net/?p=php-src.git;a=commitdiff;h=f938112c495b0d26572435c0be73ac0bfe642ecd
NOTE: https://bugs.php.net/bug.php?id=68819
CVE-2015-3339 (Race condition in the prepare_binprm function in fs/exec.c in
the ...)
- {DSA-3237-1}
+ {DSA-3237-1 DLA-246-1}
- linux 3.16.7-ckt9-3
- linux-2.6 <removed>
NOTE: Fixed by:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b01fc86b9f425899f8a3a8fc1c47d73c2c20543
@@ -3805,7 +3812,7 @@
- webodf <itp> (bug #727529)
NOTE: owncloud-documents <not-affected> (embedded partial copy doesn't
contain the related code)
CVE-2015-3416 (The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9
does ...)
- {DSA-3252-1}
+ {DSA-3252-2 DSA-3252-1}
- sqlite3 3.8.9-1 (bug #783968)
NOTE: http://www.sqlite.org/src/info/c494171f77dc2e5e
NOTE: http://seclists.org/bugtraq/2015/Apr/97
@@ -4360,7 +4367,7 @@
[squeeze] - kfreebsd-8 <not-affected> (kfreebsd-i386/amd64 not
supported in Squeeze LTS)
NOTE:
https://lists.freebsd.org/pipermail/freebsd-net/2015-April/041934.html
CVE-2015-2922 (The ndisc_router_discovery function in net/ipv6/ndisc.c in the
...)
- {DSA-3237-1}
+ {DSA-3237-1 DLA-246-1}
- linux 3.16.7-ckt9-1
- linux-2.6 <removed>
NOTE: Upstream commit:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6fd99094de2b83d1d4c8457f2c83483b2828e75a
@@ -4404,7 +4411,7 @@
CVE-2015-2811 (XML external entity (XXE) vulnerability in ReportXmlViewer in
SAP ...)
NOT-FOR-US: SAP NetWeaver Portal
CVE-2015-2830 (arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2
does not ...)
- {DSA-3237-1}
+ {DSA-3237-1 DLA-246-1}
- linux 3.16.7-ckt9-1
- linux-2.6 <removed>
NOTE: Upstream commit:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=956421fbb74c3a6261903f3836c0740187cf038b
(v4.0-rc3)
@@ -5936,6 +5943,7 @@
RESERVED
CVE-2011-5321 [tty: kobject reference leakage in tty_open]
RESERVED
+ {DLA-246-1}
- linux 3.2.20-1
- linux-2.6 3.2.1-1
NOTE: Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c290f8358acaeffd8e0c551ddcc24d1206143376
(v3.2-rc1)
@@ -6987,14 +6995,14 @@
CVE-2015-1879 (Cross-site scripting (XSS) vulnerability in the Google Doc
Embedder ...)
NOT-FOR-US: Google Doc Embedder plugin for WordPress
CVE-2015-2042 (net/rds/sysctl.c in the Linux kernel before 3.19 uses an
incorrect ...)
- {DSA-3237-1}
+ {DSA-3237-1 DLA-246-1}
- linux 3.16.7-ckt9-1
- linux-2.6 <removed>
[squeeze] - linux-2.6 <no-dsa> (Minor issue)
NOTE: Upstream commit:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=db27ebb111e9f69efece08e4cb6a34ff980f8896
(v3.19)
NOTE: (earliest) introduced in
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e5048495c8569bfdd552750e0315973c61e7c93
(v2.6.30-rc1)
CVE-2015-2041 (net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses
an ...)
- {DSA-3237-1}
+ {DSA-3237-1 DLA-246-1}
- linux 3.16.7-ckt9-1
- linux-2.6 <removed>
[squeeze] - linux-2.6 <no-dsa> (Minor issue)
@@ -7270,6 +7278,7 @@
NOTE:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
CVE-2015-1805 [pipe: iovec overrun leading to memory corruption]
RESERVED
+ {DLA-246-1}
- linux 3.16.2-2
- linux-2.6 <removed>
NOTE:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045
(v3.16-rc1)
@@ -7800,7 +7809,7 @@
[wheezy] - glance <not-affected> (Vulnerable code not present)
NOTE: https://review.openstack.org/#/c/122427/
CVE-2014-9683 (Off-by-one error in the ecryptfs_decode_from_filename function
in ...)
- {DSA-3170-1}
+ {DSA-3170-1 DLA-246-1}
- linux 3.16.7-ckt4-1
- linux-2.6 <removed>
NOTE: Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=942080643bce061c3dd9d5718d3b745dcb39a8bc
(v3.19-rc1)
@@ -8361,6 +8370,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/11
CVE-2012-6689 [incorrect validation of netlink message origin allows attackers
to spoof netlink messages]
RESERVED
+ {DLA-246-1}
- linux 3.6.4-1
[wheezy] - linux 3.2.30-1
- linux-2.6 <removed>
@@ -11837,6 +11847,7 @@
- linux-2.6 <removed>
NOTE: Upstream fix:
https://git.kernel.org/linus/4e2024624e678f0ebb916e6192bd23c1f9fdf696
(v3.19-rc3)
CVE-2015-1038 (p7zip 9.20.1 allows remote attackers to write to arbitrary
files via a ...)
+ {DLA-245-1}
- p7zip 9.20.1~dfsg.1-4.2 (bug #774660)
NOTE: Upstream bug: http://sourceforge.net/p/p7zip/bugs/147/
CVE-2014-10022 (Apache Traffic Server before 5.1.2 allows remote attackers to
cause a ...)
@@ -16906,7 +16917,7 @@
NOTE: Upstream commit:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=db29a9508a9246e77087c5531e45b2c88ec6988b
(v3.18-rc1)
NOTE: http://www.spinics.net/lists/netfilter-devel/msg33430.html
CVE-2014-8159 (The InfiniBand (IB) implementation in the Linux kernel package
before ...)
- {DSA-3237-1}
+ {DSA-3237-1 DLA-246-1}
- linux 3.16.7-ckt9-1
- linux-2.6 <removed>
CVE-2014-8158 (Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer
1.900.1 ...)
@@ -29474,6 +29485,7 @@
NOTE:
https://code.google.com/p/google-security-research/issues/detail?id=98
NOTE: Upstream fix:
https://git.kernel.org/linus/6817ae225cd650fb1c3295d769298c38b1eba818
(v3.17-rc3)
CVE-2014-3184 (The report_fixup functions in the HID subsystem in the Linux
kernel ...)
+ {DLA-246-1}
- linux 3.16.2-2
[wheezy] - linux 3.2.63-1
- linux-2.6 <removed>
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
