[Secure-testing-commits] r34253 - data/CVE

security tracker role Wed, 13 May 2015 14:10:50 -0700

Author: sectracker
Date: 2015-05-13 21:10:17 +0000 (Wed, 13 May 2015)
New Revision: 34253


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2015-05-13 20:38:14 UTC (rev 34252)
+++ data/CVE/list       2015-05-13 21:10:17 UTC (rev 34253)
@@ -1,6 +1,332 @@
+CVE-2015-3981 (SAP NetWeaver RFC SDK allows attackers to obtain sensitive 
information ...)
+       TODO: check
+CVE-2015-3980 (SQL injection vulnerability in the Business Rules Framework ...)
+       TODO: check
+CVE-2015-3979 (Unspecified vulnerability in the Business Rules Framework 
(CRM-BF-BRF) ...)
+       TODO: check
+CVE-2015-3978 (SAP Sybase Unwired Platform Online Data Proxy allows local 
users to ...)
+       TODO: check
+CVE-2015-3977
+       RESERVED
+CVE-2015-3976
+       RESERVED
+CVE-2015-3975
+       RESERVED
+CVE-2015-3974
+       RESERVED
+CVE-2015-3973
+       RESERVED
+CVE-2015-3972
+       RESERVED
+CVE-2015-3971
+       RESERVED
+CVE-2015-3970
+       RESERVED
+CVE-2015-3969
+       RESERVED
+CVE-2015-3968
+       RESERVED
+CVE-2015-3967
+       RESERVED
+CVE-2015-3966
+       RESERVED
+CVE-2015-3965
+       RESERVED
+CVE-2015-3964
+       RESERVED
+CVE-2015-3963
+       RESERVED
+CVE-2015-3962
+       RESERVED
+CVE-2015-3961
+       RESERVED
+CVE-2015-3960
+       RESERVED
+CVE-2015-3959
+       RESERVED
+CVE-2015-3958
+       RESERVED
+CVE-2015-3957
+       RESERVED
+CVE-2015-3956
+       RESERVED
+CVE-2015-3955
+       RESERVED
+CVE-2015-3954
+       RESERVED
+CVE-2015-3953
+       RESERVED
+CVE-2015-3952
+       RESERVED
+CVE-2015-3951
+       RESERVED
+CVE-2015-3950
+       RESERVED
+CVE-2015-3949
+       RESERVED
+CVE-2015-3948
+       RESERVED
+CVE-2015-3947
+       RESERVED
+CVE-2015-3946
+       RESERVED
+CVE-2015-3945
+       RESERVED
+CVE-2015-3944
+       RESERVED
+CVE-2015-3943
+       RESERVED
+CVE-2015-3942
+       RESERVED
+CVE-2015-3941
+       RESERVED
+CVE-2015-3940
+       RESERVED
+CVE-2015-3939
+       RESERVED
+CVE-2015-3938
+       RESERVED
+CVE-2015-3937
+       RESERVED
+CVE-2015-3936
+       RESERVED
+CVE-2015-3935
+       RESERVED
+CVE-2015-3934
+       RESERVED
+CVE-2015-3933
+       RESERVED
+CVE-2015-3932
+       RESERVED
+CVE-2015-3931
+       RESERVED
+CVE-2015-3930
+       RESERVED
+CVE-2015-3929
+       RESERVED
+CVE-2015-3928
+       RESERVED
+CVE-2015-3927
+       RESERVED
+CVE-2015-3926
+       RESERVED
+CVE-2015-3925
+       RESERVED
+CVE-2015-3924
+       RESERVED
+CVE-2015-3923
+       RESERVED
+CVE-2015-3922
+       RESERVED
+CVE-2015-3921
+       RESERVED
+CVE-2015-3920
+       RESERVED
+CVE-2015-3919
+       RESERVED
+CVE-2015-3918
+       RESERVED
+CVE-2015-3917
+       RESERVED
+CVE-2015-3916
+       RESERVED
+CVE-2015-3915
+       RESERVED
+CVE-2015-3914
+       RESERVED
+CVE-2015-3913
+       RESERVED
+CVE-2015-3912
+       RESERVED
+CVE-2015-3911
+       RESERVED
+CVE-2015-3910
+       RESERVED
+CVE-2015-3909
+       RESERVED
+CVE-2015-3908
+       RESERVED
+CVE-2015-3907
+       RESERVED
+CVE-2015-3906
+       RESERVED
+CVE-2015-3905
+       RESERVED
+CVE-2015-3904
+       RESERVED
+CVE-2015-3901
+       RESERVED
+CVE-2015-3900
+       RESERVED
+CVE-2015-3899
+       RESERVED
+CVE-2015-3898
+       RESERVED
+CVE-2015-3897
+       RESERVED
+CVE-2015-3896
+       RESERVED
+CVE-2015-3895
+       RESERVED
+CVE-2015-3894
+       RESERVED
+CVE-2015-3893
+       RESERVED
+CVE-2015-3892
+       RESERVED
+CVE-2015-3891
+       RESERVED
+CVE-2015-3890
+       RESERVED
+CVE-2015-3889
+       RESERVED
+CVE-2015-3888
+       RESERVED
+CVE-2015-3887
+       RESERVED
+CVE-2015-3886
+       RESERVED
+CVE-2015-3884
+       RESERVED
+CVE-2015-3883
+       RESERVED
+CVE-2015-3882
+       RESERVED
+CVE-2015-3881
+       RESERVED
+CVE-2015-3879
+       RESERVED
+CVE-2015-3878
+       RESERVED
+CVE-2015-3877
+       RESERVED
+CVE-2015-3876
+       RESERVED
+CVE-2015-3875
+       RESERVED
+CVE-2015-3874
+       RESERVED
+CVE-2015-3873
+       RESERVED
+CVE-2015-3872
+       RESERVED
+CVE-2015-3871
+       RESERVED
+CVE-2015-3870
+       RESERVED
+CVE-2015-3869
+       RESERVED
+CVE-2015-3868
+       RESERVED
+CVE-2015-3867
+       RESERVED
+CVE-2015-3866
+       RESERVED
+CVE-2015-3865
+       RESERVED
+CVE-2015-3864
+       RESERVED
+CVE-2015-3863
+       RESERVED
+CVE-2015-3862
+       RESERVED
+CVE-2015-3861
+       RESERVED
+CVE-2015-3860
+       RESERVED
+CVE-2015-3859
+       RESERVED
+CVE-2015-3858
+       RESERVED
+CVE-2015-3857
+       RESERVED
+CVE-2015-3856
+       RESERVED
+CVE-2015-3855
+       RESERVED
+CVE-2015-3854
+       RESERVED
+CVE-2015-3853
+       RESERVED
+CVE-2015-3852
+       RESERVED
+CVE-2015-3851
+       RESERVED
+CVE-2015-3850
+       RESERVED
+CVE-2015-3849
+       RESERVED
+CVE-2015-3848
+       RESERVED
+CVE-2015-3847
+       RESERVED
+CVE-2015-3846
+       RESERVED
+CVE-2015-3845
+       RESERVED
+CVE-2015-3844
+       RESERVED
+CVE-2015-3843
+       RESERVED
+CVE-2015-3842
+       RESERVED
+CVE-2015-3841
+       RESERVED
+CVE-2015-3840
+       RESERVED
+CVE-2015-3839
+       RESERVED
+CVE-2015-3838
+       RESERVED
+CVE-2015-3837
+       RESERVED
+CVE-2015-3836
+       RESERVED
+CVE-2015-3835
+       RESERVED
+CVE-2015-3834
+       RESERVED
+CVE-2015-3833
+       RESERVED
+CVE-2015-3832
+       RESERVED
+CVE-2015-3831
+       RESERVED
+CVE-2015-3830
+       RESERVED
+CVE-2015-3829
+       RESERVED
+CVE-2015-3828
+       RESERVED
+CVE-2015-3827
+       RESERVED
+CVE-2015-3826
+       RESERVED
+CVE-2015-3825
+       RESERVED
+CVE-2015-3824
+       RESERVED
+CVE-2015-3823
+       RESERVED
+CVE-2015-3822
+       RESERVED
+CVE-2015-3821
+       RESERVED
+CVE-2015-3820
+       RESERVED
+CVE-2015-3819
+       RESERVED
+CVE-2015-3818
+       RESERVED
+CVE-2015-3817
+       RESERVED
+CVE-2015-3816
+       RESERVED
 CVE-2015-3903 [phpmyadmin PMASA-2015-3 A vulnerability in the API call to 
GitHub can be exploited to perform a man-in-the-middle attack.]
+       RESERVED
        - phpmyadmin <unfixed> (unimportant)
 CVE-2015-3902 [phpmyadmin PMASA-2015-2 XSRF/CSRF vulnerability in phpMyAdmin 
setup.]
+       RESERVED
        - phpmyadmin <unfixed> (unimportant)
 CVE-2015-XXXX [drivers/vhost/scsi.c: potential memory corruption]
        - linux 4.0.2-1
@@ -377,6 +703,7 @@
 CVE-2015-3644
        RESERVED
 CVE-2015-3885 [dcraw imput sanitization errors]
+       RESERVED
        - dcraw <unfixed> (bug #785019)
        - ufraw <unfixed>
        - libraw <unfixed>
@@ -391,6 +718,7 @@
        NOTE: https://codesearch.debian.net/results/int%20CLASS%20ljpeg_start
        TODO: check still needed (list complete? affected versions?)
 CVE-2015-3880 [open redirect]
+       RESERVED
        - phpbb3 3.0.14-1
        [jessie] - phpbb3 <no-dsa> (Minor issue)
        [wheezy] - phpbb3 <no-dsa> (Minor issue)
@@ -527,8 +855,8 @@
        RESERVED
 CVE-2015-3621
        RESERVED
-CVE-2015-3620
-       RESERVED
+CVE-2015-3620 (Cross-site scripting (XSS) vulnerability in the advanced 
dataset ...)
+       TODO: check
 CVE-2015-3619
        RESERVED
 CVE-2015-3618
@@ -897,8 +1225,7 @@
 CVE-2015-XXXX [Saltstack SSL verification disabling for alibabab cloud module]
        - salt <not-affected> (Vulnerable code not present in the version in 
Debian stable/unstable)
        NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2015/05/02/1
-CVE-2015-3646 [Potential Keystone cache backend password leak in log]
-       RESERVED
+CVE-2015-3646 (OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x 
before ...)
        - keystone 2015.1.0-1
        [jessie] - keystone <no-dsa> (Minor issue)
        [wheezy] - keystone <not-affected> (Vulnerable code not present)
@@ -917,6 +1244,7 @@
        TODO: check
 CVE-2015-3456 [vulnerability in QEMU's virtual Floppy Disk Controller]
        RESERVED
+       {DSA-3259-1}
        - qemu <unfixed>
        - qemu-kvm <removed>
        - xen 4.4.0-1
@@ -939,8 +1267,7 @@
        TODO: check
 CVE-2015-3447 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
        TODO: check
-CVE-2015-3622 [Heap overflow / invalid read]
-       RESERVED
+CVE-2015-3622 (The _asn1_extract_der_octet function in lib/decoding.c in GNU 
Libtasn1 ...)
        {DSA-3256-1}
        - libtasn1-6 4.4-3
        - libtasn1-3 <not-affected> (Introduced with 3.6)
@@ -1064,8 +1391,7 @@
        - wordpress 4.2+dfsg-1 (bug #783347)
        NOTE: http://codex.wordpress.org/Version_4.1.2
        NOTE: https://wordpress.org/news/2015/04/wordpress-4-1-2/
-CVE-2015-3451 [XEE]
-       RESERVED
+CVE-2015-3451 (The _clone function in XML::LibXML before 2.0119 does not 
properly set ...)
        {DSA-3243-1 DLA-214-1}
        - libxml-libxml-perl 2.0116+dfsg-2 (bug #783443)
        NOTE: http://www.openwall.com/lists/oss-security/2015/04/25/2
@@ -1825,102 +2151,102 @@
        RESERVED
 CVE-2015-3094
        RESERVED
-CVE-2015-3093
-       RESERVED
-CVE-2015-3092
-       RESERVED
-CVE-2015-3091
-       RESERVED
-CVE-2015-3090
-       RESERVED
-CVE-2015-3089
-       RESERVED
-CVE-2015-3088
-       RESERVED
-CVE-2015-3087
-       RESERVED
-CVE-2015-3086
-       RESERVED
-CVE-2015-3085
-       RESERVED
-CVE-2015-3084
-       RESERVED
-CVE-2015-3083
-       RESERVED
-CVE-2015-3082
-       RESERVED
-CVE-2015-3081
-       RESERVED
-CVE-2015-3080
-       RESERVED
-CVE-2015-3079
-       RESERVED
-CVE-2015-3078
-       RESERVED
-CVE-2015-3077
-       RESERVED
-CVE-2015-3076
-       RESERVED
-CVE-2015-3075
-       RESERVED
-CVE-2015-3074
-       RESERVED
-CVE-2015-3073
-       RESERVED
-CVE-2015-3072
-       RESERVED
-CVE-2015-3071
-       RESERVED
-CVE-2015-3070
-       RESERVED
-CVE-2015-3069
-       RESERVED
-CVE-2015-3068
-       RESERVED
-CVE-2015-3067
-       RESERVED
-CVE-2015-3066
-       RESERVED
-CVE-2015-3065
-       RESERVED
-CVE-2015-3064
-       RESERVED
-CVE-2015-3063
-       RESERVED
-CVE-2015-3062
-       RESERVED
-CVE-2015-3061
-       RESERVED
-CVE-2015-3060
-       RESERVED
-CVE-2015-3059
-       RESERVED
-CVE-2015-3058
-       RESERVED
-CVE-2015-3057
-       RESERVED
-CVE-2015-3056
-       RESERVED
-CVE-2015-3055
-       RESERVED
-CVE-2015-3054
-       RESERVED
-CVE-2015-3053
-       RESERVED
-CVE-2015-3052
-       RESERVED
-CVE-2015-3051
-       RESERVED
-CVE-2015-3050
-       RESERVED
-CVE-2015-3049
-       RESERVED
-CVE-2015-3048
-       RESERVED
-CVE-2015-3047
-       RESERVED
-CVE-2015-3046
-       RESERVED
+CVE-2015-3093 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x 
before ...)
+       TODO: check
+CVE-2015-3092 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x 
before ...)
+       TODO: check
+CVE-2015-3091 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x 
before ...)
+       TODO: check
+CVE-2015-3090 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x 
before ...)
+       TODO: check
+CVE-2015-3089 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x 
before ...)
+       TODO: check
+CVE-2015-3088 (Heap-based buffer overflow in Adobe Flash Player before 
13.0.0.289 and ...)
+       TODO: check
+CVE-2015-3087 (Integer overflow in Adobe Flash Player before 13.0.0.289 and 
14.x ...)
+       TODO: check
+CVE-2015-3086 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x 
before ...)
+       TODO: check
+CVE-2015-3085 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x 
before ...)
+       TODO: check
+CVE-2015-3084 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x 
before ...)
+       TODO: check
+CVE-2015-3083 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x 
before ...)
+       TODO: check
+CVE-2015-3082 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x 
before ...)
+       TODO: check
+CVE-2015-3081 (Race condition in Adobe Flash Player before 13.0.0.289 and 14.x 
...)
+       TODO: check
+CVE-2015-3080 (Use-after-free vulnerability in Adobe Flash Player before 
13.0.0.289 ...)
+       TODO: check
+CVE-2015-3079 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x 
before ...)
+       TODO: check
+CVE-2015-3078 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x 
before ...)
+       TODO: check
+CVE-2015-3077 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x 
before ...)
+       TODO: check
+CVE-2015-3076 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 
11.0.11 ...)
+       TODO: check
+CVE-2015-3075 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x 
before ...)
+       TODO: check
+CVE-2015-3074 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 
11.0.11 ...)
+       TODO: check
+CVE-2015-3073 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 
11.0.11 ...)
+       TODO: check
+CVE-2015-3072 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 
11.0.11 ...)
+       TODO: check
+CVE-2015-3071 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 
11.0.11 ...)
+       TODO: check
+CVE-2015-3070 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 
11.0.11 ...)
+       TODO: check
+CVE-2015-3069 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 
11.0.11 ...)
+       TODO: check
+CVE-2015-3068 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 
11.0.11 ...)
+       TODO: check
+CVE-2015-3067 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 
11.0.11 ...)
+       TODO: check
+CVE-2015-3066 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 
11.0.11 ...)
+       TODO: check
+CVE-2015-3065 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 
11.0.11 ...)
+       TODO: check
+CVE-2015-3064 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 
11.0.11 ...)
+       TODO: check
+CVE-2015-3063 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 
11.0.11 ...)
+       TODO: check
+CVE-2015-3062 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 
11.0.11 ...)
+       TODO: check
+CVE-2015-3061 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 
11.0.11 ...)
+       TODO: check
+CVE-2015-3060 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 
11.0.11 ...)
+       TODO: check
+CVE-2015-3059 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x 
before ...)
+       TODO: check
+CVE-2015-3058 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 
11.0.11 ...)
+       TODO: check
+CVE-2015-3057 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 
11.0.11 ...)
+       TODO: check
+CVE-2015-3056 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 
11.0.11 ...)
+       TODO: check
+CVE-2015-3055 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x 
before ...)
+       TODO: check
+CVE-2015-3054 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x 
before ...)
+       TODO: check
+CVE-2015-3053 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x 
before ...)
+       TODO: check
+CVE-2015-3052 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 
11.0.11 ...)
+       TODO: check
+CVE-2015-3051 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 
11.0.11 ...)
+       TODO: check
+CVE-2015-3050 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 
11.0.11 ...)
+       TODO: check
+CVE-2015-3049 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 
11.0.11 ...)
+       TODO: check
+CVE-2015-3048 (Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.14 
and ...)
+       TODO: check
+CVE-2015-3047 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 
11.0.11 ...)
+       TODO: check
+CVE-2015-3046 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 
11.0.11 ...)
+       TODO: check
 CVE-2015-3045
        RESERVED
 CVE-2015-3044 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x 
before ...)
@@ -2426,14 +2752,14 @@
        RESERVED
 CVE-2015-2846 (BitTorrent Sync allows remote attackers to execute arbitrary 
commands ...)
        - btsync <itp> (bug #706639)
-CVE-2015-2845
-       RESERVED
-CVE-2015-2844
-       RESERVED
-CVE-2015-2843
-       RESERVED
-CVE-2015-2842
-       RESERVED
+CVE-2015-2845 (The cpanel function in go_site.php in GoAutoDial GoAdmin CE 
before ...)
+       TODO: check
+CVE-2015-2844 (The cpanel function in go_site.php in GoAutoDial GoAdmin CE 
before ...)
+       TODO: check
+CVE-2015-2843 (Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE 
before ...)
+       TODO: check
+CVE-2015-2842 (Unrestricted file upload vulnerability in go_audiostore.php in 
the ...)
+       TODO: check
 CVE-2015-2841 (Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows 
remote ...)
        NOT-FOR-US: Citrix NetScaler
 CVE-2015-2840 (Cross-site scripting (XSS) vulnerability in 
help/rt/large_search.html ...)
@@ -2532,8 +2858,8 @@
        - linux 3.16.7-ckt9-1
        - linux-2.6 <removed>
        NOTE: Upstream commit: 
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6fd99094de2b83d1d4c8457f2c83483b2828e75a
-CVE-2015-2829
-       RESERVED
+CVE-2015-2829 (Citrix NetScaler Application Delivery Controller (ADC) and 
NetScaler ...)
+       TODO: check
 CVE-2015-2828 (CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly 
validate ...)
        NOT-FOR-US: CA Spectrum
 CVE-2015-2827 (Cross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x 
and ...)
@@ -2786,6 +3112,7 @@
        - arj 3.10.22-13 (bug #774015)
        NOTE: http://www.openwall.com/lists/oss-security/2015/03/28/5
 CVE-2015-2756 (QEMU, as used in Xen 3.3.x through 4.5.x, does not properly 
restrict ...)
+       {DSA-3259-1}
        - xen 4.2.0~rc2-1 (bug #781620)
        [squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
        - qemu <unfixed>
@@ -2889,6 +3216,7 @@
        [squeeze] - iceweasel <not-affected> (Only affects 37.x)
 CVE-2015-2716
        RESERVED
+       {DSA-3260-1}
        - iceweasel 38.0-1
        [squeeze] - iceweasel <end-of-life>
        - icedove <unfixed>
@@ -2905,6 +3233,7 @@
        - iceweasel <not-affected> (Only affects Firefox on Android)
 CVE-2015-2713
        RESERVED
+       {DSA-3260-1}
        - iceweasel 38.0-1
        [squeeze] - iceweasel <end-of-life>
        - icedove <unfixed>
@@ -2924,6 +3253,7 @@
        [squeeze] - iceweasel <not-affected> (Only affects 37.x)
 CVE-2015-2710
        RESERVED
+       {DSA-3260-1}
        - iceweasel 38.0-1
        [squeeze] - iceweasel <end-of-life>
        - icedove <unfixed>
@@ -2938,6 +3268,7 @@
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-46/
 CVE-2015-2708
        RESERVED
+       {DSA-3260-1}
        - iceweasel 38.0-1
        [squeeze] - iceweasel <end-of-life>
        - icedove <unfixed>
@@ -3054,8 +3385,7 @@
        RESERVED
 CVE-2015-2669
        RESERVED
-CVE-2015-2668 [Infinite loop condition on a crafted "xz" archive file]
-       RESERVED
+CVE-2015-2668 (ClamAV before 0.98.7 allows remote attackers to cause a denial 
of ...)
        - clamav 0.98.7+dfsg-1
        [wheezy] - clamav <no-dsa> (Clamav is only updated through -updates)
        [jessie] - clamav <no-dsa> (Clamav is only updated through -updates)
@@ -3723,6 +4053,7 @@
        NOTE: Upstream commit: 
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339
 (v3.19-rc1)
        NOTE: http://www.openwall.com/lists/oss-security/2015/03/24/11
 CVE-2014-9718 (The (1) BMDMA and (2) AHCI HBA interfaces in the IDE 
functionality in ...)
+       {DSA-3259-1}
        - qemu <unfixed> (unimportant; bug #781250)
        - qemu-kvm <removed> (unimportant)
        NOTE: 
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3251bdcf1c67427d964517053c3d185b46e618e8
 (v2.2.0-rc2)
@@ -4271,10 +4602,10 @@
        RESERVED
 CVE-2015-2235
        REJECTED
-CVE-2015-2234
-       RESERVED
-CVE-2015-2233
-       RESERVED
+CVE-2015-2234 (Race condition in Lenovo System Update (formerly ThinkVantage 
System ...)
+       TODO: check
+CVE-2015-2233 (Lenovo System Update (formerly ThinkVantage System Update) 
before ...)
+       TODO: check
 CVE-2015-2232
        RESERVED
 CVE-2015-2231
@@ -4295,14 +4626,12 @@
        RESERVED
 CVE-2015-2223 (Multiple cross-site scripting (XSS) vulnerabilities in Palo 
Alto ...)
        NOT-FOR-US: Palo Alto Networks Traps
-CVE-2015-2222 [Crash on crafted petite packed file]
-       RESERVED
+CVE-2015-2222 (ClamAV before 0.98.7 allows remote attackers to cause a denial 
of ...)
        - clamav 0.98.7+dfsg-1
        [wheezy] - clamav <no-dsa> (Clamav is only updated through -updates)
        [jessie] - clamav <no-dsa> (Clamav is only updated through -updates)
        NOTE: 
https://github.com/vrtadmin/clamav-devel/commit/8aeedf3c4282bc916d6f6c290e1e530d125ec953
-CVE-2015-2221 [Infinite loop condition on crafted y0da cryptor file]
-       RESERVED
+CVE-2015-2221 (ClamAV before 0.98.7 allows remote attackers to cause a denial 
of ...)
        - clamav 0.98.7+dfsg-1
        [wheezy] - clamav <no-dsa> (Clamav is only updated through -updates)
        [jessie] - clamav <no-dsa> (Clamav is only updated through -updates)
@@ -4310,8 +4639,8 @@
        NOTE: 
https://github.com/vrtadmin/clamav-devel/commit/26b19809fb3b940cb0fda0422d685fff02a53b5f
 CVE-2015-2220 (Multiple cross-site scripting (XSS) vulnerabilities in the 
Ninja Forms ...)
        NOT-FOR-US: Ninja Forms plugin for WordPress
-CVE-2015-2219
-       RESERVED
+CVE-2015-2219 (Lenovo System Update (formerly ThinkVantage System Update) 
before ...)
+       TODO: check
 CVE-2015-2218 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
        NOT-FOR-US: wp_ajax_save_item function in wonderpluginaudio.php in the 
WonderPlugin Audio Player plugin for WordPress
 CVE-2015-2217 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate 
PHP ...)
@@ -4454,8 +4783,7 @@
        - zope2.12 2.12.10-1
 CVE-2015-2171 (Middleware/SessionCookie.php in Slim before 2.6.0 allows remote 
...)
        NOT-FOR-US: Slim PHP Framework
-CVE-2015-2170 [Crash in upx decoder with crafted file]
-       RESERVED
+CVE-2015-2170 (The upx decoder in ClamAV before 0.98.7 allows remote attackers 
to ...)
        - clamav 0.98.7+dfsg-1
        [wheezy] - clamav <no-dsa> (Clamav is only updated through -updates)
        [jessie] - clamav <no-dsa> (Clamav is only updated through -updates)
@@ -5151,8 +5479,8 @@
        RESERVED
 CVE-2015-1882 (Multiple race conditions in IBM WebSphere Application Server 
(WAS) 8.5 ...)
        TODO: check
-CVE-2015-1880
-       RESERVED
+CVE-2015-1880 (Cross-site scripting (XSS) vulnerability in sslvpn login page 
in ...)
+       TODO: check
 CVE-2015-1879 (Cross-site scripting (XSS) vulnerability in the Google Doc 
Embedder ...)
        NOT-FOR-US: Google Doc Embedder plugin for WordPress
 CVE-2015-2042 (net/rds/sysctl.c in the Linux kernel before 3.19 uses an 
incorrect ...)
@@ -5238,8 +5566,7 @@
        NOT-FOR-US: abrt is Red Hat / Fedora specific
 CVE-2015-1861
        RESERVED
-CVE-2015-1860 [segmentation fault in qgifhandler.cpp]
-       RESERVED
+CVE-2015-1860 (Multiple buffer overflows in the QtBase module in Qt before 
4.8.7 and ...)
        {DLA-210-1}
        - qt4-x11 4:4.8.6+git155-g716fbae+dfsg-2 (bug #783133)
        [jessie] - qt4-x11 <no-dsa> (Minor issue)
@@ -5247,8 +5574,7 @@
        - qtbase-opensource-src 5.3.2+dfsg-5 (bug #783134)
        [jessie] - qtbase-opensource-src <no-dsa> (Minor issue)
        NOTE: 
http://lists.qt-project.org/pipermail/announce/2015-April/000067.html
-CVE-2015-1859 [segmentation fault in qicohandler.cpp]
-       RESERVED
+CVE-2015-1859 (Multiple buffer overflows in the QtBase module in Qt before 
4.8.7 and ...)
        {DLA-210-1}
        - qt4-x11 4:4.8.6+git155-g716fbae+dfsg-2 (bug #783133)
        [jessie] - qt4-x11 <no-dsa> (Minor issue)
@@ -5256,8 +5582,7 @@
        - qtbase-opensource-src 5.3.2+dfsg-5 (bug #783134)
        [jessie] - qtbase-opensource-src <no-dsa> (Minor issue)
        NOTE: 
http://lists.qt-project.org/pipermail/announce/2015-April/000067.html
-CVE-2015-1858 [segmentation fault in qbmphandler.cpp]
-       RESERVED
+CVE-2015-1858 (Multiple buffer overflows in the QtBase module in Qt before 
4.8.7 and ...)
        {DLA-210-1}
        - qt4-x11 4:4.8.6+git155-g716fbae+dfsg-2 (bug #783133)
        [jessie] - qt4-x11 <no-dsa> (Minor issue)
@@ -5525,6 +5850,7 @@
        NOT-FOR-US: oVirt Engine backend
 CVE-2015-1779 [denial of service in VNC web]
        RESERVED
+       {DSA-3259-1}
        - qemu <unfixed> (bug #781250)
        [wheezy] - qemu <not-affected> (Websocket protocol support introduced 
in v1.4.0-rc0)
        [squeeze] - qemu <not-affected> (Websocket protocol support introduced 
in v1.4.0-rc0)
@@ -5658,104 +5984,104 @@
        RESERVED
 CVE-2015-1719
        RESERVED
-CVE-2015-1718
-       RESERVED
-CVE-2015-1717
-       RESERVED
-CVE-2015-1716
-       RESERVED
-CVE-2015-1715
-       RESERVED
-CVE-2015-1714
-       RESERVED
-CVE-2015-1713
-       RESERVED
-CVE-2015-1712
-       RESERVED
-CVE-2015-1711
-       RESERVED
-CVE-2015-1710
-       RESERVED
-CVE-2015-1709
-       RESERVED
-CVE-2015-1708
-       RESERVED
+CVE-2015-1718 (Microsoft Internet Explorer 11 allows remote attackers to 
execute ...)
+       TODO: check
+CVE-2015-1717 (Microsoft Internet Explorer 11 allows remote attackers to 
execute ...)
+       TODO: check
+CVE-2015-1716 (Schannel in Microsoft Windows Server 2003 SP2, Windows Vista 
SP2, ...)
+       TODO: check
+CVE-2015-1715 (Microsoft Silverlight 5 before 5.1.40416.00 allows remote 
attackers to ...)
+       TODO: check
+CVE-2015-1714 (Microsoft Internet Explorer 10 and 11 allows remote attackers 
to ...)
+       TODO: check
+CVE-2015-1713 (Microsoft Internet Explorer 11 allows remote attackers to gain 
...)
+       TODO: check
+CVE-2015-1712 (Microsoft Internet Explorer 8 and 9 allows remote attackers to 
execute ...)
+       TODO: check
+CVE-2015-1711 (Microsoft Internet Explorer 11 allows remote attackers to 
execute ...)
+       TODO: check
+CVE-2015-1710 (Microsoft Internet Explorer 6 through 11 allows remote 
attackers to ...)
+       TODO: check
+CVE-2015-1709 (Microsoft Internet Explorer 7 through 11 allows remote 
attackers to ...)
+       TODO: check
+CVE-2015-1708 (Microsoft Internet Explorer 7 and 8 allows remote attackers to 
execute ...)
+       TODO: check
 CVE-2015-1707
        RESERVED
-CVE-2015-1706
-       RESERVED
-CVE-2015-1705
-       RESERVED
-CVE-2015-1704
-       RESERVED
-CVE-2015-1703
-       RESERVED
-CVE-2015-1702
-       RESERVED
-CVE-2015-1701 (Unspecified vulnerability in Microsoft Windows before 8 allows 
local ...)
+CVE-2015-1706 (Microsoft Internet Explorer 11 allows remote attackers to 
execute ...)
+       TODO: check
+CVE-2015-1705 (Microsoft Internet Explorer 9 through 11 allows remote 
attackers to ...)
+       TODO: check
+CVE-2015-1704 (Microsoft Internet Explorer 6 through 11 allows remote 
attackers to ...)
+       TODO: check
+CVE-2015-1703 (Microsoft Internet Explorer 6 through 11 allows remote 
attackers to ...)
+       TODO: check
+CVE-2015-1702 (The Service Control Manager (SCM) in Microsoft Windows Server 
2003 ...)
+       TODO: check
+CVE-2015-1701 (Win32k.sys in the kernel-mode drivers in Microsoft Windows 
Server 2003 ...)
        NOT-FOR-US: Microsoft Windows
-CVE-2015-1700
-       RESERVED
-CVE-2015-1699
-       RESERVED
-CVE-2015-1698
-       RESERVED
-CVE-2015-1697
-       RESERVED
-CVE-2015-1696
-       RESERVED
-CVE-2015-1695
-       RESERVED
-CVE-2015-1694
-       RESERVED
+CVE-2015-1700 (Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 
2010 SP2, ...)
+       TODO: check
+CVE-2015-1699 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 
SP1, ...)
+       TODO: check
+CVE-2015-1698 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 
SP1, ...)
+       TODO: check
+CVE-2015-1697 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 
SP1, ...)
+       TODO: check
+CVE-2015-1696 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 
SP1, ...)
+       TODO: check
+CVE-2015-1695 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 
SP1, ...)
+       TODO: check
+CVE-2015-1694 (Microsoft Internet Explorer 6 through 11 allows remote 
attackers to ...)
+       TODO: check
 CVE-2015-1693
        RESERVED
-CVE-2015-1692
-       RESERVED
-CVE-2015-1691
-       RESERVED
+CVE-2015-1692 (Microsoft Internet Explorer 7 through 11 allows user-assisted 
remote ...)
+       TODO: check
+CVE-2015-1691 (Microsoft Internet Explorer 8 and 9 allows remote attackers to 
execute ...)
+       TODO: check
 CVE-2015-1690
        RESERVED
-CVE-2015-1689
-       RESERVED
-CVE-2015-1688
-       RESERVED
+CVE-2015-1689 (Microsoft Internet Explorer 9 through 11 allows remote 
attackers to ...)
+       TODO: check
+CVE-2015-1688 (Microsoft Internet Explorer 7 through 11 allows remote 
attackers to ...)
+       TODO: check
 CVE-2015-1687
        RESERVED
-CVE-2015-1686
-       RESERVED
-CVE-2015-1685
-       RESERVED
-CVE-2015-1684
-       RESERVED
-CVE-2015-1683
-       RESERVED
-CVE-2015-1682
-       RESERVED
-CVE-2015-1681
-       RESERVED
-CVE-2015-1680
-       RESERVED
-CVE-2015-1679
-       RESERVED
-CVE-2015-1678
-       RESERVED
-CVE-2015-1677
-       RESERVED
-CVE-2015-1676
-       RESERVED
-CVE-2015-1675
-       RESERVED
-CVE-2015-1674
-       RESERVED
-CVE-2015-1673
-       RESERVED
-CVE-2015-1672
-       RESERVED
-CVE-2015-1671
-       RESERVED
-CVE-2015-1670
-       RESERVED
+CVE-2015-1686 (The Microsoft (1) VBScript 5.6 through 5.8 and (2) JScript 5.6 
through ...)
+       TODO: check
+CVE-2015-1685 (Microsoft Internet Explorer 11 allows remote attackers to 
bypass the ...)
+       TODO: check
+CVE-2015-1684 (VBScript.dll in the Microsoft VBScript 5.6 through 5.8 engine, 
as used ...)
+       TODO: check
+CVE-2015-1683 (Microsoft Office 2007 SP3 allows remote attackers to execute 
arbitrary ...)
+       TODO: check
+CVE-2015-1682 (Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, 
Word ...)
+       TODO: check
+CVE-2015-1681 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 
SP1, ...)
+       TODO: check
+CVE-2015-1680 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, 
Windows ...)
+       TODO: check
+CVE-2015-1679 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, 
Windows ...)
+       TODO: check
+CVE-2015-1678 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, 
Windows ...)
+       TODO: check
+CVE-2015-1677 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, 
Windows ...)
+       TODO: check
+CVE-2015-1676 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, 
Windows ...)
+       TODO: check
+CVE-2015-1675 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 
SP1, ...)
+       TODO: check
+CVE-2015-1674 (The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 
2012 ...)
+       TODO: check
+CVE-2015-1673 (The Windows Forms (aka WinForms) libraries in Microsoft .NET 
Framework ...)
+       TODO: check
+CVE-2015-1672 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 
and 4.5.2 ...)
+       TODO: check
+CVE-2015-1671 (The Windows DirectWrite library, as used in Microsoft .NET 
Framework ...)
+       TODO: check
+CVE-2015-1670 (The Windows DirectWrite library, as used in Microsoft .NET 
Framework ...)
+       TODO: check
 CVE-2015-1669
        RESERVED
 CVE-2015-1668 (Microsoft Internet Explorer 10 and 11 allows remote attackers 
to ...)
@@ -5778,8 +6104,8 @@
        NOT-FOR-US: Microsoft Internet Explorer
 CVE-2015-1659 (Microsoft Internet Explorer 11 allows remote attackers to 
execute ...)
        NOT-FOR-US: Microsoft Internet Explorer
-CVE-2015-1658
-       RESERVED
+CVE-2015-1658 (Microsoft Internet Explorer 11 allows remote attackers to 
execute ...)
+       TODO: check
 CVE-2015-1657 (Microsoft Internet Explorer 9 through 11 allows remote 
attackers to ...)
        NOT-FOR-US: Microsoft Internet Explorer
 CVE-2015-1656
@@ -8932,7 +9258,7 @@
        NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-43/
 CVE-2015-0797 [buffer overflow in the plugin for mp4 playback]
        RESERVED
-       {DSA-3225-1}
+       {DSA-3260-1 DSA-3225-1}
        - gst-plugins-bad0.10 <unfixed> (bug #784220)
        [jessie] - gst-plugins-bad0.10 <no-dsa> (Minor impact compared to 
wheezy, no browser attack vector)
        [squeeze] - gst-plugins-bad0.10 <not-affected> (vulnerable code 
(gst/videoparsers/*) introduced later)
@@ -10913,8 +11239,8 @@
        NOTE: 
https://github.com/vrtadmin/clamav-devel/commit/5e1fbf3668bd167828d675830103b3c1ccdcb76d
 CVE-2014-9327
        RESERVED
-CVE-2014-9326
-       RESERVED
+CVE-2014-9326 (The automatic signature update functionality in the (1) Phone 
Home ...)
+       TODO: check
 CVE-2014-9325 (Multiple cross-site scripting (XSS) vulnerabilities in TWiki 
6.0.1 ...)
        NOT-FOR-US: Twiki
        NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9325
@@ -11443,8 +11769,8 @@
        NOT-FOR-US: Adobe Flash Player
 CVE-2014-9161 (CoolType.dll in Adobe Reader and Acrobat 10.x before 10.1.13 
and 11.x ...)
        NOT-FOR-US: Adobe
-CVE-2014-9160
-       RESERVED
+CVE-2014-9160 (Multiple heap-based buffer overflows in Adobe Reader and 
Acrobat 10.x ...)
+       TODO: check
 CVE-2014-9159 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x 
before ...)
        NOT-FOR-US: Adobe Reader
 CVE-2014-9158 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 
11.0.10 ...)
@@ -13565,14 +13891,14 @@
        RESERVED
 CVE-2014-8620
        RESERVED
-CVE-2014-8619
-       RESERVED
-CVE-2014-8618
-       RESERVED
+CVE-2014-8619 (Cross-site scripting (XSS) vulnerability in autolearn 
configuration ...)
+       TODO: check
+CVE-2014-8618 (Cross-site scripting (XSS) vulnerability in theme login page in 
...)
+       TODO: check
 CVE-2014-8617 (Cross-site scripting (XSS) vulnerability in the Web Action 
Quarantine ...)
        NOT-FOR-US: FortiMail
-CVE-2014-8616
-       RESERVED
+CVE-2014-8616 (Multiple cross-site scripting (XSS) vulnerabilities in Fortinet 
...)
+       TODO: check
 CVE-2014-8615
        REJECTED
 CVE-2014-8614
@@ -78710,6 +79036,7 @@
        - chromium-browser 18.0.1025.168~r134367-1
        [squeeze] - chromium-browser <end-of-life>
 CVE-2011-3079 (The Inter-process Communication (IPC) implementation in Google 
Chrome ...)
+       {DSA-3260-1}
        - chromium-browser 18.0.1025.168~r134367-1
        [squeeze] - chromium-browser <end-of-life>
        - iceweasel <not-affected> (Only affects Firefox on Windows)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r34253 - data/CVE

Reply via email to