automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@31066 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: security tracker role <sectracker@debian.org> 2014-12-31 21:10:15 +0000
committer: security tracker role <sectracker@debian.org> 2014-12-31 21:10:15 +0000
commit: 6f1248ab10a160079f0c65e07e7243d5e732563f (patch)
tree: f7901806f56b8bbf17bf577c66377ffcd9b0dcfb
parent: 020bdbb54a97e38ec08f64c00b1725205a3b069b (diff)
7 files changed, 168 insertions, 178 deletions
diff --git a/data/CVE/2004.list b/data/CVE/2004.list
index c66bf6fbea..3cc6bda0dc 100644
--- a/data/CVE/2004.list
+++ b/data/CVE/2004.list
@@ -14,8 +14,7 @@ CVE-2004-2773
 	RESERVED
 CVE-2004-2772
 	RESERVED
-CVE-2004-2771
-	RESERVED
+CVE-2004-2771 (The expand function in fio.c in Heirloom mailx 12.5 and earlier and ...)
 	{DSA-3105-1 DLA-114-1}
 	- heirloom-mailx 12.5-3.1 (bug #773417)
 	- bsd-mailx 8.1.2-0.20071201cvs-1
diff --git a/data/CVE/2009.list b/data/CVE/2009.list
index bafcd9995e..240ec93aa6 100644
--- a/data/CVE/2009.list
+++ b/data/CVE/2009.list
@@ -251,7 +251,7 @@ CVE-2009-5029 (Integer overflow in the __tzfile_read function in glibc before 2.
 CVE-2009-5028 (Stack-based buffer overflow in Namazu before 2.0.20 allows remote ...)
 	- namazu2 2.0.20-1.0 (low)
 CVE-2009-5027
-	RESERVED
+	REJECTED
 CVE-2009-5026 (The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x ...)
 	- mysql-5.1 5.1.53-1
 CVE-2009-5025 [PyForum XSS+CSRF]
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index 2e302a5a10..916c259124 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -527,8 +527,8 @@ CVE-2010-5077 (server/sv_main.c in Quake3 Arena, as used in ioquake3 before r176
 CVE-2010-5076 (QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in ...)
 	- qt4-x11 4:4.6.3-1
 	NOTE: Might be fixed earlier, but Squeeze version has been validated to be fixed
-CVE-2010-5075
-	RESERVED
+CVE-2010-5075 (Integer overflow in aswFW.sys 5.0.594.0 in Avast! Internet Security ...)
+	TODO: check
 CVE-2010-5074 (The layout engine in Mozilla Firefox before 4.0, Thunderbird before ...)
 	- iceweasel 4.0-1 (unimportant)
 CVE-2010-5073 (The JavaScript implementation in Google Chrome 4 does not properly ...)
@@ -8197,8 +8197,7 @@ CVE-2010-2063 (Buffer overflow in the SMB1 packet chaining implementation in the
 	{DSA-2061-1}
 	- samba 2:3.4.0~pre1-1 (high)
 	NOTE: the affected code has been completely rewritten since 3.4.x
-CVE-2010-2062 [VLC: integer underflow in Real RTSP]
-	RESERVED
+CVE-2010-2062 (Integer underflow in the real_get_rdt_chunk function in real.c, as ...)
 	{DSA-2044-1 DSA-2043-1}
 	- vlc 1.0.1-1
 	[lenny] - vlc 0.8.6.h-4+lenny2.3
@@ -9806,27 +9805,22 @@ CVE-2010-1446 (arch/powerpc/mm/fsl_booke_mmu.c in KGDB in the Linux kernel 2.6.3
 	{DSA-2053-1}
 	- linux-2.6 2.6.32-12 (unimportant)
 	NOTE: KGDB is not currently enabled in debian builds
-CVE-2010-1445 [Heap buffer overflow in RTMP access]
-	RESERVED
+CVE-2010-1445 (Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 ...)
 	- vlc 1.0.6-1
 	[lenny] - vlc <not-affected> (Vulnerable code not present)
 	NOTE: http://www.videolan.org/security/sa1003.html
-CVE-2010-1444 [Invalid memory access in ZIP archive decompressor]
-	RESERVED
+CVE-2010-1444 (The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 ...)
 	- vlc 1.0.6-1
 	[lenny] - vlc <not-affected> (Vulnerable code not present)
 	NOTE: http://www.videolan.org/security/sa1003.html
-CVE-2010-1443 [Invalid memory access in XSPF playlist parser]
-	RESERVED
+CVE-2010-1443 (The parse_track_node function in modules/demux/playlist/xspf.c in the ...)
 	- vlc 1.0.6-1 (unimportant)
 	NOTE: http://www.videolan.org/security/sa1003.html
-CVE-2010-1442 [Invalid memory access in AVI, ASF, Matroska (MKV) demuxers]
-	RESERVED
+CVE-2010-1442 (VideoLAN VLC media player before 1.0.6 allows remote attackers to ...)
 	- vlc 1.0.6-1
 	[lenny] - vlc 0.8.6.h-4+lenny3
 	NOTE: http://www.videolan.org/security/sa1003.html
-CVE-2010-1441 [Heap buffer overflow vulnerability in A/52, DTS and MPEG Audio decoders]
-	RESERVED
+CVE-2010-1441 (Multiple heap-based buffer overflows in VideoLAN VLC media player ...)
 	- vlc 1.0.6-1
 	[lenny] - vlc 0.8.6.h-4+lenny3
 	NOTE: http://www.videolan.org/security/sa1003.html
diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index ec9a76b7c3..c6371c9f21 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -1295,12 +1295,12 @@ CVE-2011-4724
 	RESERVED
 CVE-2011-4723 (The D-Link DIR-300 router stores cleartext passwords, which allows ...)
 	NOT-FOR-US: D-Link DIR-300 router
-CVE-2011-4722
-	RESERVED
+CVE-2011-4722 (Directory traversal vulnerability in the TFTP Server 1.0.0.24 in ...)
+	TODO: check
 CVE-2011-4721
 	RESERVED
-CVE-2011-4720
-	RESERVED
+CVE-2011-4720 (Hillstone HS TFTP Server 1.3.2 allows remote attackers to cause a ...)
+	TODO: check
 CVE-2011-4719 (Multiple unspecified vulnerabilities in Google Chrome before ...)
 	- chromium-browser <not-affected>
 	- webkit <not-affected>
@@ -4110,8 +4110,7 @@ CVE-2011-3624
 	- ruby1.9.1 <removed> (low; bug #646020)
 	[squeeze] - ruby1.9.1 <no-dsa> (Minor issue)
 	[wheezy] - ruby1.9.1 <no-dsa> (Minor issue)
-CVE-2011-3623 [media-video/vlc-1.0.2: Multiple stack-based buffer overflows in ASF, AVI, MP4 demuxers]
-	RESERVED
+CVE-2011-3623 (Multiple stack-based buffer overflows in VideoLAN VLC media player ...)
 	- vlc 1.1.3-1
 	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=285370
 CVE-2011-3622
@@ -4220,13 +4219,11 @@ CVE-2011-3594 (The g_markup_escape_text function in the SILC protocol plug-in in
 	NOTE: relatively obscure client crash
 CVE-2011-3593 (A certain Red Hat patch to the vlan_hwaccel_do_receive function in ...)
 	- linux-2.6 <not-affected> (RHEL6 only because of badly backported patches)
-CVE-2011-3592 [phpMyAdmin did not properly sanitize the content of db, table, and column names prior use of their values.]
-	RESERVED
+CVE-2011-3592 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 	- phpmyadmin 4:3.4.5-1
 	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
 	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
-CVE-2011-3591 [PMASA-2011-14 XSS]
-	RESERVED
+CVE-2011-3591 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
 	- phpmyadmin 4:3.4.5-1
 	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
 	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
@@ -6797,8 +6794,7 @@ CVE-2011-2729 (native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.
 CVE-2011-2728 (The bsd_glob function in the File::Glob module for Perl before 5.14.2 ...)
 	- perl 5.14.2-1 (unimportant)
 	NOTE: requires the attacker to manipulate glob flags
-CVE-2011-2727
-	RESERVED
+CVE-2011-2727 (The (1) templatewrap/templatefoot.php, (2) cmsjs/plugin.js.php, and ...)
 	NOT-FOR-US: Tribiq CMS
 CVE-2011-2726 [SA-CORE-2011-003]
 	RESERVED
@@ -9235,31 +9231,26 @@ CVE-2011-1800 (Multiple integer overflows in the SVG Filters implementation in .
 CVE-2011-1799 (Google Chrome before 11.0.696.68 does not properly perform casts of ...)
 	{DSA-2245-1}
 	- chromium-browser 11.0.696.68~r84545-1
-CVE-2011-1798
-	RESERVED
+CVE-2011-1798 (rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google Chrome ...)
 	- chromium-browser 11.0.696.65~r84435-1
 	[squeeze] - chromium-browser <not-affected>
 	NOTE: http://trac.webkit.org/changeset/84085
 CVE-2011-1797 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
 	{DSA-2245-1}
 	- chromium-browser 12.0.742.91~r87961-1
-CVE-2011-1796
-	RESERVED
+CVE-2011-1796 (Use-after-free vulnerability in the ...)
 	- chromium-browser 11.0.696.65~r84435-1
 	[squeeze] - chromium-browser <not-affected>
 	NOTE: http://trac.webkit.org/changeset/84300
-CVE-2011-1795
-	RESERVED
+CVE-2011-1795 (Integer underflow in the HTMLFormElement::removeFormElement function ...)
 	- chromium-browser 11.0.696.65~r84435-1
 	[squeeze] - chromium-browser <not-affected>
 	NOTE: http://trac.webkit.org/changeset/83690
-CVE-2011-1794
-	RESERVED
+CVE-2011-1794 (Integer overflow in the FilterEffect::copyImageBytes function in ...)
 	- chromium-browser 11.0.696.65~r84435-1
 	[squeeze] - chromium-browser <not-affected>
 	NOTE: http://trac.webkit.org/changeset/84422
-CVE-2011-1793
-	RESERVED
+CVE-2011-1793 (rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in ...)
 	- chromium-browser 11.0.696.65~r84435-1
 	[squeeze] - chromium-browser <not-affected>
 	NOTE: http://trac.webkit.org/changeset/85406
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index e1700f2b35..4596a0705a 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -12992,8 +12992,8 @@ CVE-2012-1417 (Multiple cross-site scripting (XSS) vulnerabilities in Local Phon
 	NOT-FOR-US: Yealink VoIP Phone
 CVE-2012-1416 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
 	NOT-FOR-US: SocialCMS
-CVE-2012-1415
-	RESERVED
+CVE-2012-1415 (Cross-site request forgery (CSRF) vulnerability in lib/logout.php in ...)
+	TODO: check
 CVE-2012-1414 (Cross-site request forgery (CSRF) vulnerability in manager/news.php in ...)
 	NOT-FOR-US: Plume CMS
 CVE-2012-1413 (Cross-site scripting (XSS) vulnerability in ...)
@@ -13217,10 +13217,10 @@ CVE-2012-1305
 	RESERVED
 CVE-2012-1304
 	RESERVED
-CVE-2012-1303
-	RESERVED
-CVE-2012-1302
-	RESERVED
+CVE-2012-1303 (Multiple cross-site scripting (XSS) vulnerabilities in amCharts Flash ...)
+	TODO: check
+CVE-2012-1302 (Multiple cross-site scripting (XSS) vulnerabilities in amMap 2.6.3 ...)
+	TODO: check
 CVE-2012-1301
 	RESERVED
 	NOT-FOR-US: Umbraco
@@ -13423,8 +13423,8 @@ CVE-2012-1205 (PHP remote file inclusion vulnerability in relocate-upload.php in
 	NOT-FOR-US: Relocate Upload plugin
 CVE-2012-1204
 	RESERVED
-CVE-2012-1203
-	RESERVED
+CVE-2012-1203 (Cross-site request forgery (CSRF) vulnerability in starnet/index.php ...)
+	TODO: check
 CVE-2012-1202
 	RESERVED
 CVE-2012-1201
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index fab7b82091..0e23219e3c 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -1229,7 +1229,7 @@ CVE-2013-7000 (The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS &amp; MM
 CVE-2013-6999 (** DISPUTED ** The IsHandleEntrySecure function in win32k.sys in the ...)
 	NOT-FOR-US: Microsoft Windows Server 2008 SP2
 CVE-2013-6998
-	RESERVED
+	REJECTED
 CVE-2013-6997 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange ...)
 	- open-xchange <itp> (bug #269329)
 CVE-2013-6996
@@ -1402,8 +1402,8 @@ CVE-2013-6985 (SQL injection vulnerability in m_worklog/log_searchday.jsp in Eno
 	NOT-FOR-US: Enorth Webpublisher CMS
 CVE-2013-6920 (Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not ...)
 	NOT-FOR-US: Siemens
-CVE-2013-6919
-	RESERVED
+CVE-2013-6919 (The default configuration of phpThumb before 1.7.12 has a false value ...)
+	TODO: check
 CVE-2013-6917
 	RESERVED
 CVE-2013-6916 (Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface ...)
@@ -3253,8 +3253,7 @@ CVE-2013-6275 [CSRF]
 CVE-2013-6242
 	RESERVED
 	- open-xchange <itp> (bug #269329)
-CVE-2013-6241
-	RESERVED
+CVE-2013-6241 (The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x ...)
 	- open-xchange <itp> (bug #269329)
 CVE-2013-6240
 	RESERVED
@@ -3287,8 +3286,8 @@ CVE-2013-6229 (Multiple cross-site scripting (XSS) vulnerabilities in Atmail Web
 	NOT-FOR-US: AtMail
 CVE-2013-6228
 	RESERVED
-CVE-2013-6227
-	RESERVED
+CVE-2013-6227 (Unrestricted file upload vulnerability in ...)
+	TODO: check
 CVE-2013-6226 (Directory traversal vulnerability in ...)
 	NOT-FOR-US: Pydio (AjaXplorer) Zoho Editor plugin
 CVE-2013-6225
@@ -3685,12 +3684,12 @@ CVE-2013-6045 (Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier
 CVE-2013-6044 (The is_safe_url function in utils/http.py in Django 1.4.x before ...)
 	{DSA-2740-1}
 	- python-django 1.5.2-1
-CVE-2013-6043
-	RESERVED
+CVE-2013-6043 (The login function in Softaculous Webuzo before 2.1.4 provides ...)
+	TODO: check
 CVE-2013-6042 (Cross-site scripting (XSS) vulnerability in filemanager/login.php in ...)
 	NOT-FOR-US: Softaculous Webuzo
-CVE-2013-6041
-	RESERVED
+CVE-2013-6041 (index.php in Softaculous Webuzo before 2.1.4 allows remote attackers ...)
+	TODO: check
 CVE-2013-6040 (Multiple unspecified vulnerabilities in the MW6 Aztec, DataMatrix, and ...)
 	NOT-FOR-US: MW6 Technologies
 CVE-2013-6039 (Multiple cross-site scripting (XSS) vulnerabilities in NagiosQL 3.2 ...)
@@ -3857,8 +3856,8 @@ CVE-2013-5961 (Unrestricted file upload vulnerability in lazyseo.php in the Lazy
 	NOT-FOR-US: WordPress plugin Lazy SEO
 CVE-2013-5960 (The authenticated-encryption feature in the symmetric-encryption ...)
 	NOT-FOR-US: OWASP Enterprise Security API for Java
-CVE-2013-5958
-	RESERVED
+CVE-2013-5958 (The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before ...)
+	TODO: check
 CVE-2013-5957 (Multiple SQL injection vulnerabilities in ...)
 	NOT-FOR-US: CiviCRM
 CVE-2013-5956 (Cross-site scripting (XSS) vulnerability in includes/flvthumbnail.php ...)
@@ -6608,8 +6607,8 @@ CVE-2013-4795 (Cross-site scripting (XSS) vulnerability in the Submitters list i
 	- reviewboard <itp> (bug #653113)
 CVE-2013-4794
 	RESERVED
-CVE-2013-4793
-	RESERVED
+CVE-2013-4793 (The update function in ...)
+	TODO: check
 CVE-2013-4792
 	RESERVED
 CVE-2013-4791
@@ -6661,8 +6660,7 @@ CVE-2013-4771
 	RESERVED
 CVE-2013-4770
 	RESERVED
-CVE-2013-4769
-	RESERVED
+CVE-2013-4769 (The cloud controller (aka CLC) component in Eucalyptus 3.3.x and 3.4.x ...)
 	- eucalyptus <removed>
 CVE-2013-4768 (The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote ...)
 	- eucalyptus <removed>
@@ -6698,10 +6696,10 @@ CVE-2013-4758 (Double free vulnerability in the writeDataError function in the .
 	NOTE: http://git.adiscon.com/?p=rsyslog.git;a=commitdiff;h=80f88242982c9c6ad6ce8628fc5b94ea74051cf4
 CVE-2013-4755
 	RESERVED
-CVE-2013-4754
-	RESERVED
-CVE-2013-4753
-	RESERVED
+CVE-2013-4754 (Multiple cross-site scripting (XSS) vulnerabilities in Owl Intranet ...)
+	TODO: check
+CVE-2013-4753 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline ...)
+	TODO: check
 CVE-2013-4752
 	RESERVED
 	NOT-FOR-US: Symfony HttpFoundation component
@@ -6892,8 +6890,8 @@ CVE-2013-4665
 	RESERVED
 CVE-2013-4664
 	RESERVED
-CVE-2013-4663
-	RESERVED
+CVE-2013-4663 (git_http_controller.rb in the redmine_git_hosting plugin for Redmine ...)
+	TODO: check
 CVE-2013-4662 (The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through ...)
 	NOT-FOR-US: CiviCRM
 CVE-2013-4661 (CiviCRM 2.0.0 through 4.2.9 and 4.3.0 through 4.3.3 does not properly ...)
@@ -10667,8 +10665,8 @@ CVE-2013-3297
 	RESERVED
 CVE-2013-3296
 	RESERVED
-CVE-2013-3295
-	RESERVED
+CVE-2013-3295 (Directory traversal vulnerability in install/popup.php in Exponent CMS ...)
+	TODO: check
 CVE-2013-3294 (Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 ...)
 	NOT-FOR-US: Exponent CMS
 CVE-2013-3293
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index 3a64561145..1a2a159133 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -1,3 +1,23 @@
+CVE-2014-9426 (The apprentice_load function in libmagic/apprentice.c in the Fileinfo ...)
+	TODO: check
+CVE-2014-9423
+	RESERVED
+CVE-2014-9422
+	RESERVED
+CVE-2014-9421
+	RESERVED
+CVE-2014-9418 (The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei ...)
+	TODO: check
+CVE-2014-9417 (The Meeting component in Huawei eSpace Desktop before V100R001C03 ...)
+	TODO: check
+CVE-2014-9416 (Multiple untrusted search path vulnerabilities in Huawei eSpace ...)
+	TODO: check
+CVE-2014-9415 (Huawei eSpace Desktop before V100R001C03 allows local users to ...)
+	TODO: check
+CVE-2014-9414 (The W3 Total Cache plugin before 0.9.4.1 for WordPress does not ...)
+	TODO: check
+CVE-2014-9413 (Multiple cross-site request forgery (CSRF) vulnerabilities in the IP ...)
+	TODO: check
 CVE-2014-XXXX [dwarfdump use after free]
 	- dwarfutils <unfixed>
 	NOTE: CVE request http://www.openwall.com/lists/oss-security/2014/12/31/3
@@ -43,10 +63,10 @@ CVE-2014-XXXX [Buffer overflow]
 CVE-2014-XXXX [Buffer overflow in INFO tags of riff]
 	- exiv2 <unfixed> (bug #773846)
 	NOTE: http://dev.exiv2.org/issues/1002
-CVE-2014-9425 [php5: zend_ts_hash.c double free]
+CVE-2014-9425 (Double free vulnerability in the zend_ts_hash_graceful_destroy ...)
 	- php5 <unfixed> (unimportant; bug #774154)
 	NOTE: php5 binary packages not built with --with-maintainer-zts
-CVE-2014-9424 [Double-free in ssl_parse_clienthello_use_srtp_ext() function]
+CVE-2014-9424 (Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext ...)
 	- libressl <itp> (bug #754513)
 CVE-2014-9412 (Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access ...)
 	NOT-FOR-US: NetIQ Access Manager
@@ -139,11 +159,11 @@ CVE-2014-XXXX [XSS]
 CVE-2014-XXXX [Malicious site can bypass CORS restrictions in $wgCrossSiteAJAXdomains]
 	- mediawiki <not-affected> (CORS support was added in 1.20)
 	NOTE: https://phabricator.wikimedia.org/T77028
-CVE-2014-9419 [x86_64: userspace address leak]
+CVE-2014-9419 (The __switch_to function in arch/x86/kernel/process_64.c in the Linux ...)
 	- linux <unfixed>
 	- linux-2.6 <removed>
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/arch/x86?id=f647d7c155f069c1a068030255c300663516420e (v3.19-rc1)
-CVE-2014-9420 [fs: isofs: infinite loop in CE records]
+CVE-2014-9420 (The rock_continue function in fs/isofs/rock.c in the Linux kernel ...)
 	- linux <unfixed>
 	- linux-2.6 <removed>
 	NOTE: Upstream fix: https://git.kernel.org/linus/f54e18f1b831c92f6512d2eedb224cd63d607d3d (v3.19-rc1)
@@ -279,8 +299,8 @@ CVE-2014-9336 (Multiple cross-site request forgery (CSRF) vulnerabilities in the
 	NOT-FOR-US: WordPress plugin iTwitter
 CVE-2014-9335 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
 	NOT-FOR-US: WordPress plugin DandyID Services
-CVE-2014-9334
-	RESERVED
+CVE-2014-9334 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Bird ...)
+	TODO: check
 CVE-2014-9333
 	RESERVED
 CVE-2014-9332
@@ -531,12 +551,10 @@ CVE-2014-9225
 	RESERVED
 CVE-2014-9224
 	RESERVED
-CVE-2014-9223
-	RESERVED
+CVE-2014-9223 (Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei ...)
 	NOT-FOR-US: RomPager
 	NOTE: http://mis.fortunecook.ie/
-CVE-2014-9222
-	RESERVED
+CVE-2014-9222 (AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway ...)
 	NOT-FOR-US: RomPager
 	NOTE: http://mis.fortunecook.ie/
 CVE-2014-9221
@@ -599,8 +617,8 @@ CVE-2014-9190
 	RESERVED
 CVE-2014-9189
 	RESERVED
-CVE-2014-9188
-	RESERVED
+CVE-2014-9188 (Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider ...)
+	TODO: check
 CVE-2014-9187
 	RESERVED
 CVE-2014-9186
@@ -1598,10 +1616,10 @@ CVE-2014-8812
 	RESERVED
 CVE-2014-8811
 	RESERVED
-CVE-2014-8810
-	RESERVED
-CVE-2014-8809
-	RESERVED
+CVE-2014-8810 (SQL injection vulnerability in ajax/mail_functions.php in the WP ...)
+	TODO: check
+CVE-2014-8809 (Multiple cross-site scripting (XSS) vulnerabilities in the WP ...)
+	TODO: check
 CVE-2014-8808
 	RESERVED
 CVE-2014-8807
@@ -2295,14 +2313,14 @@ CVE-2014-8516
 	RESERVED
 CVE-2014-8515 (The web interface in BitTorrent allows remote attackers to execute ...)
 	NOT-FOR-US: uTorrent
-CVE-2014-8514
-	RESERVED
-CVE-2014-8513
-	RESERVED
-CVE-2014-8512
-	RESERVED
-CVE-2014-8511
-	RESERVED
+CVE-2014-8514 (Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider ...)
+	TODO: check
+CVE-2014-8513 (Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider ...)
+	TODO: check
+CVE-2014-8512 (Buffer overflow in an ActiveX control in Atx45.ocx in Schneider ...)
+	TODO: check
+CVE-2014-8511 (Buffer overflow in an ActiveX control in Atx45.ocx in Schneider ...)
+	TODO: check
 CVE-2014-8510 (The AdminUI in Trend Micro InterScan Web Security Virtual Appliance ...)
 	NOT-FOR-US: Trend Micro InterScan Web Security Virtual Appliance
 CVE-2014-8509 (The lazy_bdecode function in BitTorrent bootstrap-dht (aka Bootstrap) ...)
@@ -3254,6 +3272,7 @@ CVE-2014-8144
 CVE-2014-8143
 	RESERVED
 CVE-2014-8142 (Use-after-free vulnerability in the process_nested_data function in ...)
+	{DSA-3117-1}
 	- php5 <unfixed> (unimportant)
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=630f9c33c23639de85c3fd306b209b538b73b4c9
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=53f129a44d3c4ec0fae57993b9ae2f6cb48973cc
@@ -3270,12 +3289,10 @@ CVE-2014-8139 [CRC32 heap overflow]
 	RESERVED
 	{DSA-3113-1 DLA-124-1}
 	- unzip 6.0-13 (bug #773722)
-CVE-2014-8138 [heap overflow in jp2_decode()]
-	RESERVED
+CVE-2014-8138 (Heap-based buffer overflow in the jp2_decode function in JasPer ...)
 	{DSA-3106-1 DLA-121-1}
 	- jasper 1.900.1-debian1-2.3 (bug #773463)
-CVE-2014-8137 [double-free in in jas_iccattrval_destroy()]
-	RESERVED
+CVE-2014-8137 (Double free vulnerability in the jas_iccattrval_destroy function in ...)
 	{DSA-3106-1 DLA-121-1}
 	- jasper 1.900.1-debian1-2.3 (bug #773463)
 CVE-2014-8136 (The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 ...)
@@ -3298,8 +3315,7 @@ CVE-2014-8133 (arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implement
 	- linux <unfixed>
 	- linux-2.6 <removed>
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/arch/x86?id=41bdc78544b8a93a9c6814b8bbbfef966272abbe
-CVE-2014-8132 [Possible double free on a dangling pointer with crafted kexinit packet]
-	RESERVED
+CVE-2014-8132 (Double free vulnerability in the ssh_packet_kexinit function in kex.c ...)
 	- libssh <unfixed> (bug #773577)
 	[wheezy] - libssh <no-dsa> (Minor issue)
 	[squeeze] - libssh <not-affected> (Issue only present in versions > 0.5.1, squeeze has 0.4.5)
@@ -3366,8 +3382,7 @@ CVE-2014-8111
 	RESERVED
 CVE-2014-8110
 	RESERVED
-CVE-2014-8109 [apache mod_lua LuaAuthzProvider uses wrong arguments]
-	RESERVED
+CVE-2014-8109 (mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and ...)
 	- apache2 2.4.10-9
 	[wheezy] - apache2 <not-affected> (mod_lua only in 2.4)
 	[squeeze] - apache2 <not-affected> (mod_lua only in 2.4)
@@ -3652,20 +3667,20 @@ CVE-2014-8001 (Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier
 	NOT-FOR-US: Cisco
 CVE-2014-8000 (Cisco Unified Communications Manager IM and Presence Service 9.1(1) ...)
 	NOT-FOR-US: Cisco
-CVE-2014-7999
-	RESERVED
+CVE-2014-7999 (Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 ...)
+	TODO: check
 CVE-2014-7998 (Cisco IOS on Aironet access points, when &quot;dot11 aaa authenticator&quot; ...)
 	NOT-FOR-US: Cisco IOS
 CVE-2014-7997 (The DHCP implementation in Cisco IOS on Aironet access points does not ...)
 	NOT-FOR-US: Cisco IOS
 CVE-2014-7996 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
 	NOT-FOR-US: Cisco
-CVE-2014-7995
-	RESERVED
-CVE-2014-7994
-	RESERVED
-CVE-2014-7993
-	RESERVED
+CVE-2014-7995 (Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 ...)
+	TODO: check
+CVE-2014-7994 (Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 ...)
+	TODO: check
+CVE-2014-7993 (Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 ...)
+	TODO: check
 CVE-2014-7992 (The DLSw implementation in Cisco IOS does not initialize packet ...)
 	NOT-FOR-US: Cisco IOS
 CVE-2014-7991 (The Remote Mobile Access Subsystem in Cisco Unified Communications ...)
@@ -5402,8 +5417,7 @@ CVE-2014-7206 (The changelog command in Apt before 1.0.9.2 allows local users to
 	- apt 1.0.9.2 (bug #763780)
 	[squeeze] - apt <not-affected> (apt changelog command and vulnerable code not present)
 	NOTE: mitigated by Linux kernel features in wheezy and up
-CVE-2014-7300 [gnome-shell lockscreen bypass with printscreen key]
-	RESERVED
+CVE-2014-7300 (GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is ...)
 	- gnome-shell 3.14.1-1 (low)
 	[wheezy] - gnome-shell <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=737456
@@ -5441,8 +5455,7 @@ CVE-2014-7195 (Spotfire Web Player Engine in TIBCO Spotfire Web Player 6.0.x bef
 	NOT-FOR-US: Spotfire Web Player
 CVE-2014-7194 (TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File ...)
 	NOT-FOR-US: TIBCO
-CVE-2014-7193 [Crumb CORS Token Disclosure]
-	RESERVED
+CVE-2014-7193 (The Crumb plugin before 3.0.0 for Node.js does not properly restrict ...)
 	NOT-FOR-US: Crumb
 CVE-2014-7192 (Eval injection vulnerability in index.js in the syntax-error package ...)
 	- nodejs <unfixed> (bug #773623)
@@ -7674,10 +7687,10 @@ CVE-2014-6242 (Multiple SQL injection vulnerabilities in the All In One WP Secur
 	NOT-FOR-US: WordPress plugin All In One WP Security
 CVE-2014-6230 (WP-Ban plugin before 1.6.4 for WordPress, when running in certain ...)
 	NOT-FOR-US: WordPress plugin WP-Ban
-CVE-2014-6229
-	RESERVED
-CVE-2014-6228
-	RESERVED
+CVE-2014-6229 (The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook ...)
+	TODO: check
+CVE-2014-6228 (Integer overflow in the string_chunk_split function in ...)
+	TODO: check
 CVE-2014-3618 (Heap-based buffer overflow in formisc.c in formail in procmail 3.22 ...)
 	{DSA-3019-1 DLA-46-1}
 	- procmail 3.22-22 (bug #760443)
@@ -7783,12 +7796,12 @@ CVE-2014-6190
 	RESERVED
 CVE-2014-6189
 	RESERVED
-CVE-2014-6188
-	RESERVED
-CVE-2014-6187
-	RESERVED
-CVE-2014-6186
-	RESERVED
+CVE-2014-6188 (Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere ...)
+	TODO: check
+CVE-2014-6187 (Multiple cross-site request forgery (CSRF) vulnerabilities in IBM ...)
+	TODO: check
+CVE-2014-6186 (IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before ...)
+	TODO: check
 CVE-2014-6185
 	RESERVED
 CVE-2014-6184
@@ -7797,16 +7810,16 @@ CVE-2014-6183 (IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 be
 	NOT-FOR-US: IBM Security Network Protection
 CVE-2014-6182 (Directory traversal vulnerability in an export function in the Process ...)
 	NOT-FOR-US: IBM
-CVE-2014-6181
-	RESERVED
-CVE-2014-6180
-	RESERVED
-CVE-2014-6179
-	RESERVED
-CVE-2014-6178
-	RESERVED
-CVE-2014-6177
-	RESERVED
+CVE-2014-6181 (IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before ...)
+	TODO: check
+CVE-2014-6180 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
+	TODO: check
+CVE-2014-6179 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
+	TODO: check
+CVE-2014-6178 (Cross-site scripting (XSS) vulnerability in the widgets in IBM ...)
+	TODO: check
+CVE-2014-6177 (IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before ...)
+	TODO: check
 CVE-2014-6176 (IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus ...)
 	NOT-FOR-US: IBM
 CVE-2014-6175
@@ -7823,8 +7836,8 @@ CVE-2014-6170
 	RESERVED
 CVE-2014-6169
 	RESERVED
-CVE-2014-6168
-	RESERVED
+CVE-2014-6168 (Cross-site request forgery (CSRF) vulnerability in IBM Security ...)
+	TODO: check
 CVE-2014-6167 (Cross-site scripting (XSS) vulnerability in the URL rewriting feature ...)
 	NOT-FOR-US: IBM
 CVE-2014-6166 (The Communications Enabled Applications (CEA) service in IBM WebSphere ...)
@@ -7839,8 +7852,8 @@ CVE-2014-6162
 	RESERVED
 CVE-2014-6161 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool/Impact ...)
 	NOT-FOR-US: IBM
-CVE-2014-6160
-	RESERVED
+CVE-2014-6160 (IBM WebSphere Service Registry and Repository (WSRR) 8.5 before ...)
+	TODO: check
 CVE-2014-6159 (IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 ...)
 	NOT-FOR-US: IBM
 CVE-2014-6158
@@ -7849,12 +7862,12 @@ CVE-2014-6157
 	RESERVED
 CVE-2014-6156
 	RESERVED
-CVE-2014-6155
-	RESERVED
+CVE-2014-6155 (Multiple directory traversal vulnerabilities in the ServiceRegistry UI ...)
+	TODO: check
 CVE-2014-6154
 	RESERVED
-CVE-2014-6153
-	RESERVED
+CVE-2014-6153 (The Web UI in IBM WebSphere Service Registry and Repository (WSRR) ...)
+	TODO: check
 CVE-2014-6152 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli ...)
 	NOT-FOR-US: IBM Tivoli
 CVE-2014-6151 (CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) ...)
@@ -7895,8 +7908,8 @@ CVE-2014-6134
 	RESERVED
 CVE-2014-6133 (IBM API Management 3.x before 3.0.1.0 allows local users to obtain ...)
 	NOT-FOR-US: IBM API Management
-CVE-2014-6132
-	RESERVED
+CVE-2014-6132 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
+	TODO: check
 CVE-2014-6131
 	RESERVED
 CVE-2014-6130 (The IBM Notes Traveler application before 9.0.1.3 for Android lacks a ...)
@@ -7913,8 +7926,8 @@ CVE-2014-6125 (Cross-site request forgery (CSRF) vulnerability in IBM WebSphere
 	NOT-FOR-US: IBM WebSphere Portal
 CVE-2014-6124
 	RESERVED
-CVE-2014-6123
-	RESERVED
+CVE-2014-6123 (IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through ...)
+	TODO: check
 CVE-2014-6122 (IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before ...)
 	NOT-FOR-US: IBM
 CVE-2014-6121 (Cross-site scripting (XSS) vulnerability in IBM Security AppScan ...)
@@ -9418,8 +9431,8 @@ CVE-2014-5389 (SQL injection vulnerability in content-audit-schedule.php in the
 	NOT-FOR-US: WordPress plugin Content Audit
 CVE-2014-5387 (Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine ...)
 	NOT-FOR-US: EllisLab ExpressionEngine Core
-CVE-2014-5386
-	RESERVED
+CVE-2014-5386 (The mcrypt_create_iv function in ...)
+	TODO: check
 CVE-2014-5385 (com/salesmanager/central/profile/ProfileAction.java in Shopizer 1.1.5 ...)
 	NOT-FOR-US: Shopizer
 CVE-2014-5384 (The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 ...)
@@ -11387,8 +11400,7 @@ CVE-2014-4636
 	RESERVED
 CVE-2014-4635
 	RESERVED
-CVE-2014-4634
-	RESERVED
+CVE-2014-4634 (Unquoted Windows search path vulnerability in EMC Replication Manager ...)
 	NOT-FOR-US: EMC Replication Manager and EMC AppSync
 CVE-2014-4633 (Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC ...)
 	NOT-FOR-US: EMC RSA Archer GRC Platform
@@ -11396,8 +11408,7 @@ CVE-2014-4632
 	RESERVED
 CVE-2014-4631 (RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when ...)
 	NOT-FOR-US: RSA Adaptive Authentication
-CVE-2014-4630
-	RESERVED
+CVE-2014-4630 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA ...)
 	NOT-FOR-US: RSA BSAFE
 CVE-2014-4629 (EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before ...)
 	NOT-FOR-US: EMC Documentum Content Server
@@ -12086,8 +12097,8 @@ CVE-2014-4324
 	RESERVED
 CVE-2014-4323 (The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP ...)
 	- linux <not-affected> (Vulnerable code drivers/video/msm not present)
-CVE-2014-4322
-	RESERVED
+CVE-2014-4322 (drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, ...)
+	TODO: check
 CVE-2014-4321
 	RESERVED
 CVE-2014-4320
@@ -12941,8 +12952,8 @@ CVE-2014-3973 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) be
 	[wheezy] - frontaccounting <no-dsa> (Minor issue)
 CVE-2014-3972
 	RESERVED
-CVE-2014-3971
-	RESERVED
+CVE-2014-3971 (The CmdAuthenticate::_authenticateX509 function in ...)
+	TODO: check
 CVE-2014-3965
 	RESERVED
 CVE-2014-3964
@@ -14028,8 +14039,7 @@ CVE-2014-3571
 	RESERVED
 CVE-2014-3570
 	RESERVED
-CVE-2014-3569 [OpenSSL 1.0.1j build with no-ssl3 NULL pointer dererences]
-	RESERVED
+CVE-2014-3569 (The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1j ...)
 	{DLA-81-1}
 	- openssl <unfixed>
 	[wheezy] - openssl <not-affected> (Doesn't use no-ssl3 yet)
@@ -14128,8 +14138,7 @@ CVE-2014-3558 (ReflectionHelper (org.hibernate.validator.util.ReflectionHelper)
 	NOTE: Fixed with 4.2.1-1 to experimental, update info with first version in unstable when fix in sid
 CVE-2014-3557
 	RESERVED
-CVE-2014-3556 [SMTP STARTTLS plaintext injection flaw]
-	RESERVED
+CVE-2014-3556 (The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the ...)
 	- nginx 1.6.1-1 (bug #757196)
 	[wheezy] - nginx <not-affected> (Affects 1.5.6 - 1.7.3)
 	[squeeze] - nginx <not-affected> (Affects 1.5.6 - 1.7.3)
@@ -17678,8 +17687,8 @@ CVE-2014-2226 (Ubiquiti UniFi Controller before 3.2.1 logs the administrative ..
 CVE-2014-2225
 	RESERVED
 	NOT-FOR-US: Ubiquiti Networks
-CVE-2014-2224
-	RESERVED
+CVE-2014-2224 (Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does not ...)
+	TODO: check
 CVE-2014-2223 (Unrestricted file upload vulnerability in plog-admin/plog-upload.php ...)
 	NOT-FOR-US: Plogger
 CVE-2014-2222
@@ -17692,18 +17701,18 @@ CVE-2014-2219 (Cross-site scripting (XSS) vulnerability in whizzywig/wb.php in .
 	NOT-FOR-US: CMSimple
 CVE-2014-2218
 	RESERVED
-CVE-2014-2217
-	RESERVED
+CVE-2014-2217 (Absolute path traversal vulnerability in the RadAsyncUpload control in ...)
+	TODO: check
 CVE-2014-2216 (The FortiManager protocol service in Fortinet FortiOS before 4.3.16 ...)
 	NOT-FOR-US: Fortinet FortiOS
 CVE-2014-2215
 	RESERVED
 CVE-2014-2210 (Multiple directory traversal vulnerabilities in CA ERwin Web Portal ...)
 	NOT-FOR-US: Erwin Web Portal
-CVE-2014-2209
-	RESERVED
-CVE-2014-2208
-	RESERVED
+CVE-2014-2209 (Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop ...)
+	TODO: check
+CVE-2014-2208 (CRLF injection vulnerability in the LightProcess protocol ...)
+	TODO: check
 CVE-2014-2207
 	RESERVED
 CVE-2014-2205 (The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) ...)
@@ -18453,14 +18462,14 @@ CVE-2014-1911 (The Foscam FI8910W camera with firmware before 11.37.2.55 allows
 	NOT-FOR-US: Foscam camera
 CVE-2014-1910 (Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 ...)
 	NOT-FOR-US: Citrix ShareFile Mobile
-CVE-2014-1908
-	RESERVED
+CVE-2014-1908 (The error-handling feature in (1) bp.php, (2) ...)
+	TODO: check
 CVE-2014-1907 (Multiple directory traversal vulnerabilities in the VideoWhisper Live ...)
 	NOT-FOR-US: VideoWhisper Live Streaming Integration plugin for WordPress
 CVE-2014-1906 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 	NOT-FOR-US: VideoWhisper Live Streaming Integration plugin for WordPress
-CVE-2014-1905
-	RESERVED
+CVE-2014-1905 (Unrestricted file upload vulnerability in ls/vw_snapshots.php in the ...)
+	TODO: check
 CVE-2014-1904 (Cross-site scripting (XSS) vulnerability in ...)
 	{DSA-2890-1}
 	- libspring-java 3.0.6.RELEASE-13 (bug #741604)
@@ -20074,8 +20083,8 @@ CVE-2014-1451
 	RESERVED
 CVE-2014-1450
 	RESERVED
-CVE-2014-1449
-	RESERVED
+CVE-2014-1449 (The Maxthon Cloud Browser application before 4.1.6.2000 for Android ...)
+	TODO: check
 CVE-2014-1443 (Core FTP Server 1.2 before build 515 allows remote authenticated users ...)
 	NOT-FOR-US: Core FTP Server
 CVE-2014-1442 (Directory traversal vulnerability in Core FTP Server 1.2 before build ...)
@@ -21156,8 +21165,7 @@ CVE-2014-0750 (Directory traversal vulnerability in gefebt.exe in the WebView Ci
 CVE-2014-0749 (Stack-based buffer overflow in lib/Libdis/disrsi_.c in Terascale ...)
 	{DSA-2936-1}
 	- torque 2.4.16+dfsg-1.4 (bug #748827)
-CVE-2014-0748
-	RESERVED
+CVE-2014-0748 (apinit on Cray devices with CLE before 4.2.UP02 and 5.x before ...)
 	NOT-FOR-US: Aprun/apinit on Cray supercomputers
 CVE-2014-0747 (The Certificate Authority Proxy Function (CAPF) CLI implementation in ...)
 	NOT-FOR-US: Cisco Unified Communications Manager
author	security tracker role <sectracker@debian.org>	2014-12-31 21:10:15 +0000
committer	security tracker role <sectracker@debian.org>	2014-12-31 21:10:15 +0000
commit	6f1248ab10a160079f0c65e07e7243d5e732563f (patch)
tree	f7901806f56b8bbf17bf577c66377ffcd9b0dcfb
parent	020bdbb54a97e38ec08f64c00b1725205a3b069b (diff)