Author: sectracker Date: 2015-06-13 21:10:16 +0000 (Sat, 13 Jun 2015) New Revision: 34929
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2015-06-13 14:10:19 UTC (rev 34928) +++ data/CVE/list 2015-06-13 21:10:16 UTC (rev 34929) @@ -647,11 +647,13 @@ - elasticsearch <unfixed> (bug #788471) CVE-2015-4164 [vulnerability in the iret hypercall handler] RESERVED + {DSA-3286-1} - xen <unfixed> [squeeze] - xen <end-of-life> (Not supported in Squeeze LTS) NOTE: http://xenbits.xen.org/xsa/advisory-136.html CVE-2015-4163 [GNTTABOP_swap_grant_ref operation misbehavior] RESERVED + {DSA-3286-1} - xen <unfixed> [wheezy] - xen <not-affected> (Xen 4.2 onwards are vulnerable) [squeeze] - xen <not-affected> (Xen 4.2 onwards are vulnerable) @@ -841,7 +843,7 @@ CVE-2015-4107 RESERVED CVE-2015-4106 (QEMU does not properly restrict write access to the PCI config space ...) - {DSA-3284-1} + {DSA-3286-1 DSA-3284-1} - qemu 1:2.3+dfsg-5 (bug #787547) [wheezy] - qemu <not-affected> (Vulnerable code not present) [squeeze] - qemu <not-affected> (Vulnerable code not present) @@ -851,7 +853,7 @@ NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: http://xenbits.xen.org/xsa/advisory-131.html CVE-2015-4105 (Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through ...) - {DSA-3284-1} + {DSA-3286-1 DSA-3284-1} - qemu 1:2.3+dfsg-5 (bug #787547) [wheezy] - qemu <not-affected> (Vulnerable code not present) [squeeze] - qemu <not-affected> (Vulnerable code not present) @@ -861,7 +863,7 @@ NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: http://xenbits.xen.org/xsa/advisory-130.html CVE-2015-4104 (Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI ...) - {DSA-3284-1} + {DSA-3286-1 DSA-3284-1} - qemu 1:2.3+dfsg-5 (bug #787547) [wheezy] - qemu <not-affected> (Vulnerable code not present) [squeeze] - qemu <not-affected> (Vulnerable code not present) @@ -871,7 +873,7 @@ NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: http://xenbits.xen.org/xsa/advisory-129.html CVE-2015-4103 (Xen 3.3.x through 4.5.x does not properly restrict write access to the ...) - {DSA-3284-1} + {DSA-3286-1 DSA-3284-1} - qemu 1:2.3+dfsg-5 (bug #787547) [wheezy] - qemu <not-affected> (Vulnerable code not present) [squeeze] - qemu <not-affected> (Vulnerable code not present) @@ -1186,6 +1188,7 @@ NOTE: https://lkml.org/lkml/2015/5/13/744 NOTE: Not enabled in Debian kernels; staging drivers are not supported CVE-2015-4000 (The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is ...) + {DSA-3287-1} - openssl <unfixed> NOTE: CVE assigned specific to vulnerability in the TLS protocol that was NOTE: disclosed in section 3.2 of the @@ -3291,7 +3294,7 @@ NOTE: Issue then introduced by: http://vcs.pcre.org/pcre?view=revision&revision=1361 CVE-2015-3209 [heap overflow in qemu pcnet controller allowing guest to host escape] RESERVED - {DSA-3285-1 DSA-3284-1} + {DSA-3286-1 DSA-3285-1 DSA-3284-1} - qemu 1:2.3+dfsg-6 (bug #788460) [wheezy] - qemu 1.1.2+dfsg-6a+deb7u8 - qemu-kvm <removed> @@ -7306,24 +7309,29 @@ RESERVED CVE-2015-1792 [CMS verify infinite loop with unknown hash function] RESERVED + {DSA-3287-1} - openssl 1.0.2b-1 NOTE: http://openssl.org/news/secadv_20150611.txt CVE-2015-1791 [race condition in NewSessionTicket] RESERVED + {DSA-3287-1} - openssl 1.0.2b-1 NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=98ece4eebfb6cd45cc8d550c6ac0022965071afc NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=dcad51bc13c9b716d9a66248bcc4038c071ff158 NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=708cf593587e2fda67dae9782991ff9fccc781eb CVE-2015-1790 [PKCS7 crash with missing EnvelopedContent] RESERVED + {DSA-3287-1} - openssl 1.0.2b-1 NOTE: http://openssl.org/news/secadv_20150611.txt CVE-2015-1789 [Exploitable out-of-bounds read in X509_cmp_time] RESERVED + {DSA-3287-1} - openssl 1.0.2b-1 NOTE: http://openssl.org/news/secadv_20150611.txt CVE-2015-1788 [Malformed ECParameters causes infinite loop] RESERVED + {DSA-3287-1} - openssl 1.0.2b-1 [squeeze] - openssl <not-affected> (Vulnerable code got introduced post 1.0.0) NOTE: http://openssl.org/news/secadv_20150611.txt @@ -16822,6 +16830,7 @@ RESERVED CVE-2014-8176 [Invalid free in DTLS] RESERVED + {DSA-3287-1} - openssl 1.0.1h-1 NOTE: http://openssl.org/news/secadv_20150611.txt CVE-2014-8175 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits