Author: sectracker
Date: 2015-04-01 21:10:19 +0000 (Wed, 01 Apr 2015)
New Revision: 33326
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-04-01 19:48:22 UTC (rev 33325)
+++ data/CVE/list 2015-04-01 21:10:19 UTC (rev 33326)
@@ -1,3 +1,11 @@
+CVE-2015-2810
+ RESERVED
+CVE-2015-2809 (The Multicast DNS (mDNS) responder in Synology DiskStation
Manager ...)
+ TODO: check
+CVE-2015-2808 (The RC4 algorithm, as used in the TLS protocol and SSL
protocol, does ...)
+ TODO: check
+CVE-2015-2807
+ RESERVED
CVE-2015-XXXX [Buffer overflow in the handling of the XAUTHORITY env variable]
- das-watchdog <unfixed>
NOTE: Upstream commit:
https://github.com/kmatheussen/das_watchdog/commit/bd20bb02e75e2c
@@ -275,20 +283,17 @@
RESERVED
- realmd <unfixed> (bug #781179)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=89207
-CVE-2015-2776 [does not properly check requests for workbook memory allocation]
- RESERVED
+CVE-2015-2776 (The parse_SST function in FreeXL before 1.0.0i allows remote
attackers ...)
{DSA-3208-1}
[experimental] - freexl 1.0.1-1~exp1
- freexl 1.0.0g-1+deb8u1 (bug #781228)
NOTE: Reproducer:
https://www.dropbox.com/s/gh61gzaf8jj30hj/freexl_6889d18b?dl=0
-CVE-2015-2754
- RESERVED
+CVE-2015-2754 (FreeXL before 1.0.0i allows remote attackers to cause a denial
of ...)
{DSA-3208-1}
[experimental] - freexl 1.0.1-1~exp1
- freexl 1.0.0g-1+deb8u1 (bug #781228)
NOTE: Reproducer:
https://www.dropbox.com/s/66srfory903w6cl/freexl_d7273f72?dl=0
-CVE-2015-2753
- RESERVED
+CVE-2015-2753 (FreeXL before 1.0.0i allows remote attackers to cause a denial
of ...)
{DSA-3208-1}
[experimental] - freexl 1.0.1-1~exp1
- freexl 1.0.0g-1+deb8u1 (bug #781228)
@@ -970,11 +975,9 @@
NOT-FOR-US: MikroTik RouterOS
CVE-2015-2349 (Cross-site scripting (XSS) vulnerability in
defaultnewsletter.php in ...)
NOT-FOR-US: SuperWebMailer
-CVE-2014-9708
- RESERVED
+CVE-2014-9708 (Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows
remote ...)
NOT-FOR-US: Appweb Web Server
-CVE-2014-9707
- RESERVED
+CVE-2014-9707 (EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle
path ...)
NOT-FOR-US: GoAhead Web Server
CVE-2014-9710 [btrfs: non-atomic xattr replace operation]
RESERVED
@@ -1029,8 +1032,7 @@
NOTE:
https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8
NOTE: http://www.openwall.com/lists/oss-security/2015/03/20/12
TODO: check affected versions
-CVE-2014-9706 [dulwich: does not reject commits with invalid paths]
- RESERVED
+CVE-2014-9706 (The build_index_from_tree function in index.py in Dulwich
before 0.9.9 ...)
{DSA-3206-1}
- dulwich 0.10.1-1 (bug #780989)
[jessie] - dulwich 0.9.7-3
@@ -1151,8 +1153,7 @@
NOTE: Introduced by
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ec400ddeff200b068ddc6c70f7321f49ecf32ed5
(v3.9-rc1)
NOTE: Fixed by
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4
(v4.0-rc1)
NOTE: http://www.openwall.com/lists/oss-security/2015/03/18/7
-CVE-2015-2684 [denial of service vulnerability]
- RESERVED
+CVE-2015-2684 (Shibboleth Service Provider (SP) before 2.5.4 allows remote ...)
{DSA-3207-1}
- shibboleth-sp2 2.5.3+dfsg-2
NOTE: http://shibboleth.net/community/advisories/secadv_20150319.txt
@@ -2334,8 +2335,8 @@
RESERVED
CVE-2015-1893
RESERVED
-CVE-2015-1892
- RESERVED
+CVE-2015-1892 (The Multicast DNS (mDNS) responder in IBM Security Access
Manager for ...)
+ TODO: check
CVE-2015-1891
RESERVED
CVE-2015-1890
@@ -5783,8 +5784,7 @@
RESERVED
CVE-2015-0839
RESERVED
-CVE-2015-0838 [buffer overflow in the C implementation of the apply_delta()
function]
- RESERVED
+CVE-2015-0838 (Buffer overflow in the C implementation of the apply_delta
function in ...)
{DSA-3206-1}
- dulwich 0.10.1-1 (bug #780958)
[jessie] - dulwich 0.9.7-3
@@ -5876,85 +5876,74 @@
- iceweasel 31.5.3esr-1
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/
-CVE-2015-0816 [resource:// documents can load privileged pages]
- RESERVED
+CVE-2015-0816 (Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and
...)
+ {DSA-3211-1}
- iceweasel 31.6.0esr-1
[squeeze] - iceweasel <end-of-life>
- icedove <unfixed>
[squeeze] - icedove <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-33/
-CVE-2015-0815 [Memory safety bugs]
- RESERVED
+CVE-2015-0815 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
+ {DSA-3211-1}
- iceweasel 31.6.0esr-1
[squeeze] - iceweasel <end-of-life>
- icedove <unfixed>
[squeeze] - icedove <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-30/
-CVE-2015-0814 [Miscellaneous memory safety hazards]
- RESERVED
+CVE-2015-0814 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
- iceweasel <not-affected> (only affects Firefox 37.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-30/
-CVE-2015-0813 [Use-after-free when using the Fluendo MP3 GStreamer plugin]
- RESERVED
+CVE-2015-0813 (Use-after-free vulnerability in the AppendElements function in
Mozilla ...)
+ {DSA-3211-1}
- iceweasel 31.6.0esr-1
[squeeze] - iceweasel <end-of-life>
- icedove <unfixed>
[squeeze] - icedove <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-31/
-CVE-2015-0812 [Add-on lightweight theme installation approval bypassed through
MITM attack]
- RESERVED
+CVE-2015-0812 (Mozilla Firefox before 37.0 does not require an HTTPS session
for ...)
- iceweasel <not-affected> (Only affects 37.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-32/
-CVE-2015-0811 [Out of bounds read in QCMS library]
- RESERVED
+CVE-2015-0811 (The QCMS implementation in Mozilla Firefox before 37.0 allows
remote ...)
- iceweasel <not-affected> (Only affects 37.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-34/
-CVE-2015-0810 [Cursor clickjacking with flash and images]
- RESERVED
+CVE-2015-0810 (Mozilla Firefox before 37.0 on OS X does not ensure that the
cursor is ...)
- iceweasel <not-affected> (Only affects 37.x; only affects OS X
systems)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-35/
CVE-2015-0809
RESERVED
-CVE-2015-0808 [Incorrect memory management for simple-type arrays in WebRTC]
- RESERVED
+CVE-2015-0808 (The webrtc::VPMContentAnalysis::Release function in the WebRTC
...)
- iceweasel <not-affected> (Only affects 37.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-36/
-CVE-2015-0807 [CORS requests should not follow 30x redirections after prefligh]
- RESERVED
+CVE-2015-0807 (The navigator.sendBeacon implementation in Mozilla Firefox
before ...)
+ {DSA-3211-1}
- iceweasel 31.6.0esr-1
[squeeze] - iceweasel <end-of-life>
- icedove <unfixed>
[squeeze] - icedove <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-37/
-CVE-2015-0806 [Memory corruption crashes in Off Main Thread Compositing]
- RESERVED
+CVE-2015-0806 (The Off Main Thread Compositing (OMTC) implementation in
Mozilla ...)
- iceweasel <not-affected> (Only affects 37.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-38/
-CVE-2015-0805 [Memory corruption crashes in Off Main Thread Compositing]
- RESERVED
+CVE-2015-0805 (The Off Main Thread Compositing (OMTC) implementation in
Mozilla ...)
- iceweasel <not-affected> (Only affects 37.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-38/
-CVE-2015-0804 [Use-after-free due to type confusion flaws]
- RESERVED
+CVE-2015-0804 (The HTMLSourceElement::BindToTree function in Mozilla Firefox
before ...)
- iceweasel <not-affected> (Only affects 37.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-39/
-CVE-2015-0803 [Use-after-free due to type confusion flaws]
- RESERVED
+CVE-2015-0803 (The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox
before ...)
- iceweasel <not-affected> (Only affects 37.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-39/
-CVE-2015-0802 [Windows can retain access to privileged content on navigation
to unprivileged pages]
- RESERVED
+CVE-2015-0802 (Mozilla Firefox before 37.0 relies on docshell type information
...)
- iceweasel <not-affected> (Only affects 37.x)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-42/
-CVE-2015-0801 [Same-origin bypass through anchor navigation]
- RESERVED
+CVE-2015-0801 (Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and
...)
+ {DSA-3211-1}
- iceweasel 31.6.0esr-1
[squeeze] - iceweasel <end-of-life>
- icedove <unfixed>
[squeeze] - icedove <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-40/
-CVE-2015-0800 [PRNG weakness allows for DNS poisoning on Android]
- RESERVED
+CVE-2015-0800 (The PRNG implementation in the DNS resolver in Mozilla Firefox
(aka ...)
- iceweasel <not-affected> (Only affects 37.x; only on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-41/
CVE-2015-0799
@@ -6775,8 +6764,7 @@
NOT-FOR-US: Microweber CMS
CVE-2014-9463
RESERVED
-CVE-2014-9462 [Command Injection]
- RESERVED
+CVE-2014-9462 (The _validaterepo function in sshpeer in Mercurial before 3.2.4
allows ...)
- mercurial <unfixed>
[experimental] - mercurial 3.3~rc1-1
NOTE:
http://chargen.matasano.com/chargen/2015/3/17/this-new-vulnerability-mercurial-command-injection-cve-2014-9462.html
@@ -25609,8 +25597,7 @@
- linux-2.6 <not-affected> (Introduced in 3.0)
NOTE: https://lkml.org/lkml/2014/4/10/736
NOTE: Upstream commit:
https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=b04c46190219a4f845e46a459e3102137b7f6cac
-CVE-2014-2830 [cifs-utils: pam module pam_cifscreds stack overflow]
- RESERVED
+CVE-2014-2830 (Stack-based buffer overflow in cifskey.c or cifscreds.c in
cifs-utils ...)
- cifs-utils <unfixed> (unimportant)
[squeeze] - cifs-utils <not-affected> (Vulnerable code not present)
[wheezy] - cifs-utils <not-affected> (pam_cifscreds introduced in 6.3)
@@ -27761,8 +27748,7 @@
- percona-toolkit 2.2.7-1~dfsg1 (bug #740846)
[wheezy] - percona-toolkit <not-affected> (version-check introduced in
2.1.4)
- percona-xtrabackup 2.2.3-1 (bug #751377)
-CVE-2014-2027 [remote code execution via php unserialize]
- RESERVED
+CVE-2014-2027 (eGroupware before 1.8.006.20140217 allows remote attackers to
conduct ...)
- egroupware <removed>
CVE-2014-2015 (Stack-based buffer overflow in the normify function in the
rlm_pap ...)
- freeradius 2.2.5+dfsg-0.1 (low; bug #742820)
@@ -62523,8 +62509,7 @@
RESERVED
CVE-2012-2809
RESERVED
-CVE-2012-2808 [PRNG weakness allows for DNS poisoning on Android]
- RESERVED
+CVE-2012-2808 (The PRNG implementation in the DNS resolver in Bionic in
Android ...)
- iceweasel <not-affected> (Only affects 37.x; only on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-41/
CVE-2012-2807 (Multiple integer overflows in libxml2, as used in Google Chrome
before ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
