Author: sectracker Date: 2015-04-07 21:10:16 +0000 (Tue, 07 Apr 2015) New Revision: 33419
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2015-04-07 20:19:36 UTC (rev 33418) +++ data/CVE/list 2015-04-07 21:10:16 UTC (rev 33419) @@ -1,3 +1,9 @@ +CVE-2015-2930 + RESERVED +CVE-2015-2926 + RESERVED +CVE-2014-9714 + RESERVED CVE-2015-XXXX [fixes related to 8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f] - libmodule-signature-perl <unfixed> NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/07/1 @@ -173,11 +179,13 @@ CVE-2015-2838 (Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix ...) TODO: check CVE-2015-2929 [Dos against tor client; client to crash with an assertion failure] + RESERVED {DSA-3216-1 DLA-187-1} - tor 0.2.5.12-1 NOTE: https://trac.torproject.org/projects/tor/ticket/15601 NOTE: http://www.openwall.com/lists/oss-security/2015/04/06/5 CVE-2015-2928 [DoS against hidden services] + RESERVED {DSA-3216-1 DLA-187-1} - tor 0.2.5.12-1 NOTE: https://trac.torproject.org/projects/tor/ticket/15600 @@ -195,6 +203,7 @@ CVE-2015-2832 RESERVED CVE-2015-2927 [DoS] + RESERVED - node <unfixed> (bug #777013) [squeeze] - node <no-dsa> (Minor issue) [wheezy] - node <no-dsa> (Minor issue) @@ -247,8 +256,8 @@ RESERVED CVE-2015-2825 RESERVED -CVE-2015-2824 - RESERVED +CVE-2015-2824 (Multiple SQL injection vulnerabilities in sam-ajax-admin.php in the ...) + TODO: check CVE-2015-2823 RESERVED CVE-2015-2822 @@ -337,51 +346,63 @@ - xdeb <unfixed> (bug #781595) [wheezy] - xdeb <no-dsa> (Minor issue) CVE-2015-2931 [MediaWiki circumvent the SVG MIME blacklist for embedded resources] + RESERVED - mediawiki 1:1.19.20+dfsg-2.3 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 CVE-2015-2932 [MediaWiki incomplete filter of animate elements] + RESERVED - mediawiki 1:1.19.20+dfsg-2.3 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 CVE-2015-2933 [MediaWiki XSS related to LanguageConverter substitutions] + RESERVED - mediawiki 1:1.19.20+dfsg-2.3 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 CVE-2015-2934 [MediaWiki bypass of SVG filtering] + RESERVED - mediawiki 1:1.19.20+dfsg-2.3 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 CVE-2015-2935 [MediaWiki information leak] + RESERVED - mediawiki 1:1.19.20+dfsg-2.3 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 CVE-2015-2936 [MediaWiki DoS] + RESERVED - mediawiki 1:1.19.20+dfsg-2.3 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 CVE-2015-2937 [MediaWiki quadratic blowup DoS] + RESERVED - mediawiki 1:1.19.20+dfsg-2.3 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 CVE-2015-2938 [MediaWiki XSS in preview] + RESERVED - mediawiki 1:1.19.20+dfsg-2.3 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 CVE-2015-2939 [MediaWiki XSS in Lua backtraces] + RESERVED - mediawiki 1:1.19.20+dfsg-2.3 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 CVE-2015-2940 [MediaWiki CSRF] + RESERVED - mediawiki 1:1.19.20+dfsg-2.3 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 CVE-2015-2941 [MediaWiki XSS on HHVM] + RESERVED - mediawiki 1:1.19.20+dfsg-2.3 (unimportant) NOTE: HHVM not packaged in Debian NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 CVE-2015-2942 [MediaWiki quadractic blowup on HHVM] + RESERVED - mediawiki 1:1.19.20+dfsg-2.3 (unimportant) NOTE: HHVM not packaged in Debian NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html @@ -2041,12 +2062,12 @@ RESERVED CVE-2015-2168 REJECTED -CVE-2015-2167 - RESERVED -CVE-2015-2166 - RESERVED -CVE-2015-2165 - RESERVED +CVE-2015-2167 (Open redirect vulnerability in the 3PI Manager in Ericsson Drutt ...) + TODO: check +CVE-2015-2166 (Directory traversal vulnerability in the Instance Monitor in Ericsson ...) + TODO: check +CVE-2015-2165 (Multiple cross-site scripting (XSS) vulnerabilities in the Report ...) + TODO: check CVE-2015-2164 RESERVED CVE-2015-2163 @@ -2813,8 +2834,7 @@ CVE-2015-1844 RESERVED - foreman <itp> (bug #663101) -CVE-2015-1843 [Regression of CVE-2014-5277] - RESERVED +CVE-2015-1843 (The Red Hat docker package before 1.5.0-28, when using the ...) - docker.io <not-affected> (RHEL specific problem) CVE-2015-1842 RESERVED @@ -6066,8 +6086,8 @@ NOT-FOR-US: CREAR AL-Mail32 CVE-2015-0877 (Unrestricted file upload vulnerability in app/lib/mlf.pl in C-BOARD ...) TODO: check -CVE-2015-0876 - RESERVED +CVE-2015-0876 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) + TODO: check CVE-2015-0875 (The Ogaki Kyoritsu Bank Smartphone Passbook application 1.0.0 for ...) NOT-FOR-US: Ogaki Kyoritsu Bank Smartphone Passbook application for Android CVE-2015-0874 @@ -6537,8 +6557,8 @@ RESERVED CVE-2015-0691 RESERVED -CVE-2015-0690 - RESERVED +CVE-2015-0690 (Cross-site scripting (XSS) vulnerability in the HTML help system on ...) + TODO: check CVE-2015-0689 RESERVED CVE-2015-0688 (Cisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits