[Secure-testing-commits] r34929 - data/CVE

security tracker role Sat, 13 Jun 2015 14:10:41 -0700

Author: sectracker
Date: 2015-06-13 21:10:16 +0000 (Sat, 13 Jun 2015)
New Revision: 34929


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2015-06-13 14:10:19 UTC (rev 34928)
+++ data/CVE/list       2015-06-13 21:10:16 UTC (rev 34929)
@@ -647,11 +647,13 @@
        - elasticsearch <unfixed> (bug #788471)
 CVE-2015-4164 [vulnerability in the iret hypercall handler]
        RESERVED
+       {DSA-3286-1}
        - xen <unfixed>
        [squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
        NOTE: http://xenbits.xen.org/xsa/advisory-136.html
 CVE-2015-4163 [GNTTABOP_swap_grant_ref operation misbehavior]
        RESERVED
+       {DSA-3286-1}
        - xen <unfixed>
        [wheezy] - xen <not-affected> (Xen 4.2 onwards are vulnerable)
        [squeeze] - xen <not-affected> (Xen 4.2 onwards are vulnerable)
@@ -841,7 +843,7 @@
 CVE-2015-4107
        RESERVED
 CVE-2015-4106 (QEMU does not properly restrict write access to the PCI config 
space ...)
-       {DSA-3284-1}
+       {DSA-3286-1 DSA-3284-1}
        - qemu 1:2.3+dfsg-5 (bug #787547)
        [wheezy] - qemu <not-affected> (Vulnerable code not present)
        [squeeze] - qemu <not-affected> (Vulnerable code not present)
@@ -851,7 +853,7 @@
        NOTE: Xen switched to qemu-system in 4.4.0-1
        NOTE: http://xenbits.xen.org/xsa/advisory-131.html
 CVE-2015-4105 (Xen 3.3.x through 4.5.x enables logging for PCI MSI-X 
pass-through ...)
-       {DSA-3284-1}
+       {DSA-3286-1 DSA-3284-1}
        - qemu 1:2.3+dfsg-5 (bug #787547)
        [wheezy] - qemu <not-affected> (Vulnerable code not present)
        [squeeze] - qemu <not-affected> (Vulnerable code not present)
@@ -861,7 +863,7 @@
        NOTE: Xen switched to qemu-system in 4.4.0-1
        NOTE: http://xenbits.xen.org/xsa/advisory-130.html
 CVE-2015-4104 (Xen 3.3.x through 4.5.x does not properly restrict access to 
PCI MSI ...)
-       {DSA-3284-1}
+       {DSA-3286-1 DSA-3284-1}
        - qemu 1:2.3+dfsg-5 (bug #787547)
        [wheezy] - qemu <not-affected> (Vulnerable code not present)
        [squeeze] - qemu <not-affected> (Vulnerable code not present)
@@ -871,7 +873,7 @@
        NOTE: Xen switched to qemu-system in 4.4.0-1
        NOTE: http://xenbits.xen.org/xsa/advisory-129.html
 CVE-2015-4103 (Xen 3.3.x through 4.5.x does not properly restrict write access 
to the ...)
-       {DSA-3284-1}
+       {DSA-3286-1 DSA-3284-1}
        - qemu 1:2.3+dfsg-5 (bug #787547)
        [wheezy] - qemu <not-affected> (Vulnerable code not present)
        [squeeze] - qemu <not-affected> (Vulnerable code not present)
@@ -1186,6 +1188,7 @@
        NOTE: https://lkml.org/lkml/2015/5/13/744
        NOTE: Not enabled in Debian kernels; staging drivers are not supported
 CVE-2015-4000 (The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite 
is ...)
+       {DSA-3287-1}
        - openssl <unfixed>
        NOTE: CVE assigned specific to vulnerability in the TLS protocol that 
was
        NOTE: disclosed in section 3.2 of the
@@ -3291,7 +3294,7 @@
        NOTE: Issue then introduced by: 
http://vcs.pcre.org/pcre?view=revision&revision=1361
 CVE-2015-3209 [heap overflow in qemu pcnet controller allowing guest to host 
escape]
        RESERVED
-       {DSA-3285-1 DSA-3284-1}
+       {DSA-3286-1 DSA-3285-1 DSA-3284-1}
        - qemu 1:2.3+dfsg-6 (bug #788460)
        [wheezy] - qemu 1.1.2+dfsg-6a+deb7u8
        - qemu-kvm <removed>
@@ -7306,24 +7309,29 @@
        RESERVED
 CVE-2015-1792 [CMS verify infinite loop with unknown hash function]
        RESERVED
+       {DSA-3287-1}
        - openssl 1.0.2b-1
        NOTE: http://openssl.org/news/secadv_20150611.txt
 CVE-2015-1791 [race condition in NewSessionTicket]
        RESERVED
+       {DSA-3287-1}
        - openssl 1.0.2b-1
        NOTE: 
https://git.openssl.org/?p=openssl.git;a=commit;h=98ece4eebfb6cd45cc8d550c6ac0022965071afc
        NOTE: 
https://git.openssl.org/?p=openssl.git;a=commit;h=dcad51bc13c9b716d9a66248bcc4038c071ff158
        NOTE: 
https://git.openssl.org/?p=openssl.git;a=commit;h=708cf593587e2fda67dae9782991ff9fccc781eb
 CVE-2015-1790 [PKCS7 crash with missing EnvelopedContent]
        RESERVED
+       {DSA-3287-1}
        - openssl 1.0.2b-1
        NOTE: http://openssl.org/news/secadv_20150611.txt
 CVE-2015-1789 [Exploitable out-of-bounds read in X509_cmp_time]
        RESERVED
+       {DSA-3287-1}
        - openssl 1.0.2b-1
        NOTE: http://openssl.org/news/secadv_20150611.txt
 CVE-2015-1788 [Malformed ECParameters causes infinite loop]
        RESERVED
+       {DSA-3287-1}
        - openssl 1.0.2b-1
        [squeeze] - openssl <not-affected> (Vulnerable code got introduced post 
1.0.0)
        NOTE: http://openssl.org/news/secadv_20150611.txt
@@ -16822,6 +16830,7 @@
        RESERVED
 CVE-2014-8176 [Invalid free in DTLS]
        RESERVED
+       {DSA-3287-1}
        - openssl 1.0.1h-1
        NOTE: http://openssl.org/news/secadv_20150611.txt
 CVE-2014-8175


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r34929 - data/CVE

Reply via email to