automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@27926 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Joey Hess <joeyh@debian.org> 2014-07-23 21:14:13 +0000
committer: Joey Hess <joeyh@debian.org> 2014-07-23 21:14:13 +0000
commit: 7ae55d5acb018ee304097c238931d09b9d3d670f (patch)
tree: 7006711efeebf85a86b89decf2c3a3c98efbac03
parent: fd4a8a3244b4bf836a7bcfcd9adbc13da4489a13 (diff)
6 files changed, 229 insertions, 176 deletions
diff --git a/data/CVE/2002.list b/data/CVE/2002.list
index ee9db27e8f..03cf206787 100644
--- a/data/CVE/2002.list
+++ b/data/CVE/2002.list
@@ -1,6 +1,7 @@
 CVE-2002-2483
 	- linux-2.6 2.4.20
 CVE-2002-2444 [snoopy: Security hole in exec cURL]
+	RESERVED
 	- libphp-snoopy <not-affected> (affected version never was in the repo)
 	NOTE: http://www.openwall.com/lists/oss-security/2014/07/18/2
 	NOTE: http://sourceforge.net/p/snoopy/bugs/13/
diff --git a/data/CVE/2008.list b/data/CVE/2008.list
index f5279f0eb5..edf3fc6f9a 100644
--- a/data/CVE/2008.list
+++ b/data/CVE/2008.list
@@ -1,4 +1,5 @@
 CVE-2008-7313 [Incomplete fix for CVE-2008-4796]
+	RESERVED
 	- libphp-snoopy <unfixed>
 	NOTE: additional commit missing, so fix for CVE-2008-4796 was incomplete
 	NOTE: http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27
diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index 1132167c99..9ea6ffdfce 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -1,3 +1,5 @@
+CVE-2011-5281
+	RESERVED
 CVE-2011-5280 (Multiple stack-based buffer overflows in BOINC 6.13.x allow remote ...)
 	- boinc 7.0.2+dfsg-1 (low)
 	[squeeze] - boinc <no-dsa> (Minor issue)
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index f767ced1cd..4771e00f31 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -366,7 +366,7 @@ CVE-2012-6508 (Multiple cross-site request forgery (CSRF) vulnerabilities in Net
 	NOT-FOR-US: NetArt Media Car Portal
 CVE-2012-6507 (Multiple SQL injection vulnerabilities in admin.php in ChurchCMS 0.0.1 ...)
 	NOT-FOR-US: ChurchCMS
-CVE-2012-6506 (Multiple cross-site scripting (XSS) vulnerabilities in he Zingiri Web ...)
+CVE-2012-6506 (Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web ...)
 	NOT-FOR-US: Zingiri Web Shop wordpress plugin not in Debian
 CVE-2012-6505 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: PHP Volunteer Management not in Debian
@@ -9839,8 +9839,7 @@ CVE-2012-2684 (Multiple SQL injection vulnerabilities in the ...)
 	NOT-FOR-US: Cumin
 CVE-2012-2683 (Multiple cross-site scripting (XSS) vulnerabilities in Cumin before ...)
 	NOT-FOR-US: Cumin
-CVE-2012-2682
-	RESERVED
+CVE-2012-2682 (Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG ...)
 	NOT-FOR-US: Cumin
 CVE-2012-2681 (Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, ...)
 	NOT-FOR-US: Cumin
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index a2141e8260..fcce9bf2eb 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -1,3 +1,9 @@
+CVE-2013-7392 (Gitlist allows remote attackers to execute arbitrary commands via ...)
+	TODO: check
+CVE-2013-7391 (The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using ...)
+	TODO: check
+CVE-2013-7390
+	RESERVED
 CVE-2013-7389 (Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 ...)
 	NOT-FOR-US: D-Link router
 CVE-2013-7388 (Heap-based buffer overflow in paintlib, as used in Trimble SketchUp ...)
@@ -7841,8 +7847,7 @@ CVE-2013-4353 (The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 befo
 	{DSA-2837-1}
 	- openssl 1.0.1f-1
 	[squeeze] - openssl <not-affected> (Only affects 1.0.1 to 1.0.1e)
-CVE-2013-4352
-	RESERVED
+CVE-2013-4352 (The cache_invalidate function in modules/cache/cache_storage.c in the ...)
 	- apache2 2.4.7-1 (low)
 	NOTE: According to http://httpd.apache.org/security/vulnerabilities_24.html this should only affect 
 	NOTE: 2.4.6, but that seems wrong, since 2.4.6 was a single-change regression update
@@ -8120,8 +8125,7 @@ CVE-2013-4275
 	NOT-FOR-US: Drupal contributed module Zen
 CVE-2013-4274 (Cross-site scripting (XSS) vulnerability in the ...)
 	NOT-FOR-US: Drupal addon
-CVE-2013-4273
-	RESERVED
+CVE-2013-4273 (The Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not ...)
 	NOT-FOR-US: Drupal contributed module Entity API
 CVE-2013-4272 (The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x ...)
 	NOT-FOR-US: Drupal addon
@@ -13898,7 +13902,7 @@ CVE-2013-2023 (Cross-site scripting (XSS) vulnerability in actionscript/Jplayer.
 	- jquery-jplayer 2.1.0-2
 	NOTE: used for jPlayer 2.2.23 XSS
 	NOTE: http://www.openwall.com/lists/oss-security/2013/05/05/3
-CVE-2013-2022 (Cross-site scripting (XSS) vulnerability in actionscript/Jplayer.as in ...)
+CVE-2013-2022 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	- jquery-jplayer 2.1.0-2
 	NOTE: https://github.com/happyworm/jPlayer/commit/c5fe17bb4459164bd59153b57248cf94b8867373
 	NOTE: used for jPlayer 2.2.20 XSS
@@ -14174,7 +14178,7 @@ CVE-2013-1944 (The tailMatch function in cookie.c in cURL and libcurl before 7.3
 CVE-2013-1943 (The KVM subsystem in the Linux kernel before 3.0 does not check ...)
 	- linux <not-affected> (RHEL-specific backport regression)
 	- linux-2.6 <not-affected> (RHEL-specific backport regression)
-CVE-2013-1942 (Cross-site scripting (XSS) vulnerability in actionscript/Jplayer.as in ...)
+CVE-2013-1942 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	- owncloud <not-affected> (Depends on libjs-jquery-jplayer)
 	- jquery-jplayer 2.1.0-2
 	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-014/
@@ -15851,7 +15855,7 @@ CVE-2013-1466 (Multiple cross-site scripting (XSS) vulnerabilities in glFusion b
 	NOT-FOR-US: glFusion
 CVE-2013-1465 (The Cubecart::_basket method in classes/cubecart.class.php in CubeCart ...)
 	NOT-FOR-US: CubeCart
-CVE-2013-1464 (Cross-site scripting (XSS) vulnerability in ssets/player.swf in the ...)
+CVE-2013-1464 (Cross-site scripting (XSS) vulnerability in assets/player.swf in the ...)
 	{DSA-2772-1}
 	- typo3-src 4.5.29+dfsg1-1
 	[squeeze] - typo3-src <no-dsa> (Too intrusive to backport)
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index 01c827aa41..82aea24ec6 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -1,71 +1,140 @@
+CVE-2014-5043
+	RESERVED
+CVE-2014-5042
+	RESERVED
+CVE-2014-5041
+	RESERVED
+CVE-2014-5040
+	RESERVED
+CVE-2014-5039
+	RESERVED
+CVE-2014-5038
+	RESERVED
+CVE-2014-5037
+	RESERVED
+CVE-2014-5036
+	RESERVED
+CVE-2014-5035
+	RESERVED
+CVE-2014-5034
+	RESERVED
+CVE-2014-5023 (Repository.php in Gitter, as used in Gitlist, allows remote attackers ...)
+	TODO: check
+CVE-2014-5018 (Incomplete blacklist vulnerability in the autoEscape function in ...)
+	TODO: check
+CVE-2014-5017 (SQL injection vulnerability in CPDB in ...)
+	TODO: check
+CVE-2014-5016 (Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey ...)
+	TODO: check
+CVE-2014-5014
+	RESERVED
+CVE-2014-5013
+	RESERVED
+CVE-2014-5012
+	RESERVED
+CVE-2014-5011
+	RESERVED
+CVE-2014-5010
+	RESERVED
+CVE-2014-5007
+	RESERVED
+CVE-2014-5006
+	RESERVED
+CVE-2014-5005
+	RESERVED
 CVE-2014-XXXX [vfs: refcount issues during unmount on symlink]
 	- linux <unfixed>
 	- linux-2.6 <removed>
 	NOTE: https://lkml.org/lkml/2014/7/21/98
 CVE-2014-5033 [kauth authentication bypass]
+	RESERVED
 	- kde4libs <unfixed> (bug #755814)
 	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=864716
 	NOTE: http://quickgit.kde.org/?p=kdelibs.git&a=commit&h=e4e7b53b71e2659adaf52691d4accc3594203b23
 CVE-2014-5032 [glpi: unprivileged users can access cost information]
+	RESERVED
 	- glpi <unfixed> (unimportant)
 	NOTE: CVE request http://www.openwall.com/lists/oss-security/2014/07/22/6
 	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2014-5031 [file/directory does not have world read permissions for dirctory index files]
+	RESERVED
 	- cups 1.7.4-2
 	NOTE: https://cups.org/str.php?L4455
 CVE-2014-5030 [dissalow symlinks for directory index files]
+	RESERVED
 	- cups 1.7.4-2
 	NOTE: https://cups.org/str.php?L4455
 CVE-2014-5029 [Incomplete fix CVE-2014-3537]
+	RESERVED
 	- cups 1.7.4-2
 	NOTE: https://cups.org/str.php?L4455
 CVE-2014-5028
+	RESERVED
 	- reviewboard <itp> (bug #653113)
 CVE-2014-5027
+	RESERVED
 	- reviewboard <itp> (bug #653113)
 CVE-2014-5026 [XSS vulnerability]
+	RESERVED
 	- cacti <unfixed>
 	NOTE: http://bugs.cacti.net/view.php?id=2456
 CVE-2014-5025 [XSS vulnerability]
+	RESERVED
 	- cacti <unfixed>
 	NOTE: http://bugs.cacti.net/view.php?id=2456
 CVE-2014-5024
+	RESERVED
 	NOT-FOR-US: DELL SonicWALL GMS
 CVE-2014-5015 [basic http authentication bypass]
+	RESERVED
 	- bozohttpd <unfixed> (bug #755197)
 	[wheezy] - bozohttpd <no-dsa> (Minor issue)
 	[squeeze] - bozohttpd <no-dsa> (Minor issue)
 CVE-2014-5009 [Incorrect fix for CVE-2014-5008]
+	RESERVED
 	- libphp-snoopy <not-affected> (Incorrect fix not applied)
 	NOTE: This issue exists because of an incorrect fix for CVE-2014-5008.
 	NOTE: https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706
 CVE-2014-5008 [Incorrect fix for CVE-2008-4796, escapeshellarg required]
+	RESERVED
 	- libphp-snoopy <unfixed>
 	NOTE: http://mstrokin.com/sec/feed2js-magpierss-0day-vulnerability-not-really-it-is-actually-cve-2005-3330-cve-2008-4796/
 	NOTE: This issue exists because of an incorrect fix for CVE-2008-4796 (i.e., use of escapeshellcmd where escapeshellarg was required).
 CVE-2014-5004 [Ruby Gem brbackup-0.1.1: exposes the database password to the command line]
+	RESERVED
 	NOT-FOR-US: Ruby Gem brbackup
 CVE-2014-5003 [Ruby Gem ciborg-3.0.0: race condition when creating /tmp/perlbrew-installer]
+	RESERVED
 	NOT-FOR-US: Ruby Gem ciborg
 CVE-2014-5002 [Ruby Gem lynx-0.2.0: expose the password to the process table]
+	RESERVED
 	NOT-FOR-US: Ruby Gem lynx
 CVE-2014-5001 [Ruby Gem kcapifony-2.1.6: expose the password to the process table]
+	RESERVED
 	NOT-FOR-US: Ruby Gem kcapifony
 CVE-2014-5000 [Ruby Gem lawn-login-0.0.7: exposes the mysql password to the process table]
+	RESERVED
 	NOT-FOR-US: Ruby Gem lawn-login
 CVE-2014-4999 [Ruby Gem kajam-1.0.3.rc2: exposes the mysql password to the process table]
+	RESERVED
 	NOT-FOR-US: Ruby Gem kajam
 CVE-2014-4998 [Ruby Gem lean-ruport-0.3.8: exposes the mysql password to the process table]
+	RESERVED
 	NOT-FOR-US: Ruby Gem lean-ruport
 CVE-2014-4997 [Ruby Gem point-cli-0.0.1: exposes the username and password combination to the process table]
+	RESERVED
 	NOT-FOR-US: Ruby Gem point-cli
 CVE-2014-4996 [Ruby Gem VladTheEnterprising-0.2: clobber files via symlink attack]
+	RESERVED
 	NOT-FOR-US: Ruby Gem VladTheEnterprising
 CVE-2014-4995 [Ruby Gem VladTheEnterprising-0.2: Information Leakage]
+	RESERVED
 	NOT-FOR-US: Ruby Gem VladTheEnterprising
 CVE-2014-4994 [Ruby Gem gyazo-1.0.0: Insecure Temporary File]
+	RESERVED
 	NOT-FOR-US: Ruby Gem gyazo
 CVE-2014-4993 [Ruby Gems backup-agoddard and backup_checksum: expose the password to the process table]
+	RESERVED
 	NOT-FOR-US: Ruby Gems backup-agoddard and backup_checksum
 CVE-2014-4992 [Ruby Gem cap-strap-0.1.5: expose the password to the process table]
 	RESERVED
@@ -79,13 +148,11 @@ CVE-2014-4989
 	RESERVED
 CVE-2014-4988
 	RESERVED
-CVE-2014-4987 [PMASA-2014-7 Access for an unprivileged user to MySQL user list.]
-	RESERVED
+CVE-2014-4987 (server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x ...)
 	- phpmyadmin 4:4.2.6-1 (low)
 	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
 	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
-CVE-2014-4986 [PMASA-2014-6 Multiple XSS in AJAX confirmation messages.]
-	RESERVED
+CVE-2014-4986 (Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js ...)
 	- phpmyadmin 4:4.2.6-1 (low)
 	[wheezy] - phpmyadmin <no-dsa> (Minor issue)
 	[squeeze] - phpmyadmin <no-dsa> (Minor issue)
@@ -107,19 +174,23 @@ CVE-2014-4977 (Multiple SQL injection vulnerabilities in Dell SonicWall Scrutini
 	TODO: check
 CVE-2014-4976 (Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to ...)
 	TODO: check
-CVE-2014-5022 [Cross-site scripting - Ajax system]
+CVE-2014-5022 (Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal ...)
+	{DSA-2983-1}
 	- drupal6 <not-affected> (Only affects Drupal 7 core)
 	- drupal7 7.29-1 (bug #755038)
 	NOTE: https://www.drupal.org/SA-CORE-2014-003
-CVE-2014-5021 [Cross-site scripting - Form API option groups]
+CVE-2014-5021 (Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x ...)
+	{DSA-2983-1}
 	- drupal6 <removed>
 	- drupal7 7.29-1 (bug #755038)
 	NOTE: https://www.drupal.org/SA-CORE-2014-003
-CVE-2014-5020 [Access bypass]
+CVE-2014-5020 (The File module in Drupal 7.x before 7.29 does not properly check ...)
+	{DSA-2983-1}
 	- drupal6 <not-affected> (Only affects Drupal 7 core)
 	- drupal7 7.29-1 (bug #755038)
 	NOTE: https://www.drupal.org/SA-CORE-2014-003
-CVE-2014-5019 [Denial of service with malicious HTTP Host header]
+CVE-2014-5019 (The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 ...)
+	{DSA-2983-1}
 	- drupal6 <removed>
 	- drupal7 7.29-1 (bug #755038)
 	NOTE: https://www.drupal.org/SA-CORE-2014-003
@@ -163,8 +234,8 @@ CVE-2014-4962 (Shopizer 1.1.5 and earlier allows remote attackers to reduce the
 	TODO: check
 CVE-2014-4961
 	RESERVED
-CVE-2014-4960
-	RESERVED
+CVE-2014-4960 (Multiple SQL injection vulnerabilities in models\gallery.php in ...)
+	TODO: check
 CVE-2014-4959
 	RESERVED
 CVE-2014-4958
@@ -173,13 +244,12 @@ CVE-2014-4957
 	RESERVED
 CVE-2014-4956
 	RESERVED
-CVE-2014-4955 [PMASA-2014-5 Self-XSS due to unescaped HTML output in database triggers page.]
-	RESERVED
+CVE-2014-4955 (Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList ...)
 	- phpmyadmin 4:4.2.6-1 (low)
 	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
 	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
-CVE-2014-4954
-	RESERVED
+CVE-2014-4954 (Cross-site scripting (XSS) vulnerability in the ...)
+	TODO: check
 CVE-2014-4953
 	RESERVED
 CVE-2014-4952
@@ -190,18 +260,17 @@ CVE-2014-4950
 	RESERVED
 CVE-2014-4949
 	RESERVED
-CVE-2014-4948
-	RESERVED
-CVE-2014-4947
-	RESERVED
+CVE-2014-4948 (Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and ...)
+	TODO: check
+CVE-2014-4947 (Buffer overflow in the HVM graphics console support in Citrix ...)
+	TODO: check
 CVE-2014-4946 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet ...)
 	TODO: check
 CVE-2014-4945 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet ...)
 	TODO: check
 CVE-2014-4944 (Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2014-4943 [privilege escalation in ppp over l2tp sockets]
-	RESERVED
+CVE-2014-4943 (The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel ...)
 	- linux 3.14.13-1
 	- linux-2.6 <removed>
 	NOTE: upstream commit: https://git.kernel.org/linus/3cf521f7dc87c031617fd47e4b7aa2593c2f3daf 
@@ -607,8 +676,7 @@ CVE-2014-4736
 	RESERVED
 CVE-2014-4735
 	RESERVED
-CVE-2014-4734
-	RESERVED
+CVE-2014-4734 (Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 ...)
 	NOT-FOR-US: e107
 CVE-2014-4733
 	RESERVED
@@ -661,8 +729,7 @@ CVE-2014-4913 [ZF2014-03: Potential XSS vector in multiple view helpers]
 	- zendframework <undetermined>
 	NOTE: http://framework.zend.com/security/advisory/ZF2014-03
 	TODO: check
-CVE-2014-4911 [polarssl: Denial of Service against GCM enabled servers and clients]
-	RESERVED
+CVE-2014-4911 (The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before ...)
 	{DSA-2981-1}
 	- polarssl 1.3.7-2.1 (bug #754655)
 	NOTE: https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-02
@@ -786,7 +853,7 @@ CVE-2014-4674
 	RESERVED
 CVE-2014-4673
 	RESERVED
-CVE-2014-4672 (The CDetailView widget in Yii PHP Framework before 1.1.15 allows ...)
+CVE-2014-4672 (The CDetailView widget in Yii PHP Framework 1.1.14 allows remote ...)
 	- yii-framework-php <itp> (bug #683810)
 CVE-2014-4671 (Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on ...)
 	NOT-FOR-US: Adobe Flash
@@ -1162,8 +1229,8 @@ CVE-2014-4513 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: WordPress plugin ActiveHelper LiveHelp Live Chat
 CVE-2014-4512
 	RESERVED
-CVE-2014-4511
-	RESERVED
+CVE-2014-4511 (Gitlist before 0.5.0 allows remote attackers to execute arbitrary ...)
+	TODO: check
 CVE-2014-4509 (The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out ...)
 	NOT-FOR-US: Novell Identity Manager
 CVE-2014-4507 (Directory traversal vulnerability in Smart-Proxy in Foreman before ...)
@@ -1544,12 +1611,10 @@ CVE-2014-4343 [double-free in SPNEGO initiators]
 	RESERVED
 	- krb5 <unfixed> (bug #755520)
 	NOTE: https://github.com/krb5/krb5/commit/f18ddf5d82de0ab7591a36e465bc24225776940f
-CVE-2014-4342 [Handle invalid RFC 1964 tokens]
-	RESERVED
+CVE-2014-4342 (MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows ...)
 	- krb5 1.12.1+dfsg-4 (bug #753625)
 	NOTE: https://github.com/krb5/krb5/commit/fb99962cbd063ac04c9a9d2cc7c75eab73f3533d
-CVE-2014-4341 [Handle invalid RFC 1964 tokens]
-	RESERVED
+CVE-2014-4341 (MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to ...)
 	- krb5 1.12.1+dfsg-4 (bug #753624)
 	NOTE: https://github.com/krb5/krb5/commit/fb99962cbd063ac04c9a9d2cc7c75eab73f3533d
 CVE-2014-4340
@@ -1564,8 +1629,8 @@ CVE-2014-4333 (Cross-site request forgery (CSRF) vulnerability in ...)
 	NOT-FOR-US: Dolphin (php thing)
 CVE-2014-4332
 	RESERVED
-CVE-2014-4331
-	RESERVED
+CVE-2014-4331 (Cross-site scripting (XSS) vulnerability in admin/viewer.php in ...)
+	TODO: check
 CVE-2014-4330
 	RESERVED
 CVE-2014-4329 (Cross-site scripting (XSS) vulnerability in lua/host_details.lua in ...)
@@ -1574,8 +1639,8 @@ CVE-2014-4328
 	RESERVED
 CVE-2014-4327
 	RESERVED
-CVE-2014-4326
-	RESERVED
+CVE-2014-4326 (Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote ...)
+	TODO: check
 CVE-2014-4325
 	RESERVED
 CVE-2014-4324
@@ -1691,13 +1756,13 @@ CVE-2014-4270 (Unspecified vulnerability in the Hyperion Common Admin component
 CVE-2014-4269 (Unspecified vulnerability in the Hyperion Common Admin component in ...)
 	TODO: check
 CVE-2014-4268 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and ...)
-	{DSA-2980-1}
+	{DSA-2987-1 DSA-2980-1}
 	- openjdk-6 6b32-1.13.4-1
 	- openjdk-7 7u65-2.5.1-1
 CVE-2014-4267 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
 	TODO: check
 CVE-2014-4266 (Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote ...)
-	{DSA-2980-1}
+	{DSA-2987-1 DSA-2980-1}
 	- openjdk-6 6b32-1.13.4-1
 	NOTE: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/de40a32a44f5
 	- openjdk-7 7u65-2.5.1-1
@@ -1706,15 +1771,16 @@ CVE-2014-4265 (Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 a
 	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 CVE-2014-4264 (Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote ...)
+	{DSA-2987-1}
 	- openjdk-6 <not-affected> (Vulnerable code not present)
 	- openjdk-7 7u65-2.5.1-1
 	NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/c084492f9e3d
 CVE-2014-4263 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and ...)
-	{DSA-2980-1}
+	{DSA-2987-1 DSA-2980-1}
 	- openjdk-6 6b32-1.13.4-1
 	- openjdk-7 7u65-2.5.1-1
 CVE-2014-4262 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and ...)
-	{DSA-2980-1}
+	{DSA-2987-1 DSA-2980-1}
 	- openjdk-6 6b32-1.13.4-1
 	- openjdk-7 7u65-2.5.1-1
 CVE-2014-4261 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
@@ -1745,7 +1811,7 @@ CVE-2014-4254 (Unspecified vulnerability in the Oracle WebLogic Server component
 CVE-2014-4253 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
 	TODO: check
 CVE-2014-4252 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and ...)
-	{DSA-2980-1}
+	{DSA-2987-1 DSA-2980-1}
 	- openjdk-6 6b32-1.13.4-1
 	- openjdk-7 7u65-2.5.1-1
 CVE-2014-4251 (Unspecified vulnerability in the Oracle HTTP Server component in ...)
@@ -1764,7 +1830,7 @@ CVE-2014-4246 (Unspecified vulnerability in the Hyperion Analytic Provider Servi
 CVE-2014-4245 (Unspecified vulnerability in the RDBMS Core component in Oracle ...)
 	TODO: check
 CVE-2014-4244 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and ...)
-	{DSA-2980-1}
+	{DSA-2987-1 DSA-2980-1}
 	- openjdk-6 6b32-1.13.4-1
 	- openjdk-7 7u65-2.5.1-1
 CVE-2014-4243 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
@@ -1824,12 +1890,14 @@ CVE-2014-4225 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local u
 CVE-2014-4224 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 ...)
 	TODO: check
 CVE-2014-4223 (Unspecified vulnerability in Oracle Java SE 7u60 allows remote ...)
+	{DSA-2987-1}
 	- openjdk-6 <not-affected> (Vulnerable code not present)
 	- openjdk-7 7u65-2.5.1-1
 	NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/84bce1b3d28a
 CVE-2014-4222 (Unspecified vulnerability in the Oracle HTTP Server component in ...)
 	TODO: check
 CVE-2014-4221 (Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote ...)
+	{DSA-2987-1}
 	- openjdk-6 <not-affected> (Vulnerable code not present)
 	- openjdk-7 7u65-2.5.1-1
 	NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/bac16c82c14a
@@ -1837,17 +1905,17 @@ CVE-2014-4220 (Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows r
 	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 CVE-2014-4219 (Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows ...)
-	{DSA-2980-1}
+	{DSA-2987-1 DSA-2980-1}
 	- openjdk-6 6b32-1.13.4-1
 	- openjdk-7 7u65-2.5.1-1
 CVE-2014-4218 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and ...)
-	{DSA-2980-1}
+	{DSA-2987-1 DSA-2980-1}
 	- openjdk-6 6b32-1.13.4-1
 	- openjdk-7 7u65-2.5.1-1
 CVE-2014-4217 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
 	TODO: check
 CVE-2014-4216 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and ...)
-	{DSA-2980-1}
+	{DSA-2987-1 DSA-2980-1}
 	- openjdk-6 6b32-1.13.4-1
 	- openjdk-7 7u65-2.5.1-1
 CVE-2014-4215 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local ...)
@@ -1866,7 +1934,7 @@ CVE-2014-4211 (Unspecified vulnerability in the Oracle WebCenter Portal componen
 CVE-2014-4210 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
 	TODO: check
 CVE-2014-4209 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and ...)
-	{DSA-2980-1}
+	{DSA-2987-1 DSA-2980-1}
 	- openjdk-6 6b32-1.13.4-1
 	- openjdk-7 7u65-2.5.1-1
 CVE-2014-4208 (Unspecified vulnerability in the Java SE component in Oracle Java SE ...)
@@ -2573,12 +2641,12 @@ CVE-2014-3896
 	RESERVED
 CVE-2014-3895
 	RESERVED
-CVE-2014-3894
-	RESERVED
+CVE-2014-3894 (Cross-site scripting (XSS) vulnerability in PHP Kobo Multifunctional ...)
+	TODO: check
 CVE-2014-3893
 	RESERVED
-CVE-2014-3892
-	RESERVED
+CVE-2014-3892 (Cross-site scripting (XSS) vulnerability in Nexa Meridian before 2014 ...)
+	TODO: check
 CVE-2014-3891 (Buffer overflow in RimArts Becky! Internet Mail before 2.68 allows ...)
 	TODO: check
 CVE-2014-3890 (silex SX-2000WG devices with firmware before 1.5.4 allow remote ...)
@@ -2589,12 +2657,12 @@ CVE-2014-3888 (Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM
 	TODO: check
 CVE-2014-3887
 	RESERVED
-CVE-2014-3886
-	RESERVED
-CVE-2014-3885
-	RESERVED
-CVE-2014-3884
-	RESERVED
+CVE-2014-3886 (Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when ...)
+	TODO: check
+CVE-2014-3885 (Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows ...)
+	TODO: check
+CVE-2014-3884 (Cross-site scripting (XSS) vulnerability in Usermin before 1.600 ...)
+	TODO: check
 CVE-2014-3883 (Usermin before 1.600 allows remote attackers to execute arbitrary ...)
 	NOT-FOR-US: Usermin
 CVE-2014-3882 (Cross-site request forgery (CSRF) vulnerability in the Login rebuilder ...)
@@ -3372,14 +3440,12 @@ CVE-2014-3534 [Kernel memory protection bypass on s390]
 	RESERVED
 	- linux <unfixed>
 	- linux-2.6 <not-affected> (Vulnerable code was introduced later)
-CVE-2014-3533 [DoS]
-	RESERVED
+CVE-2014-3533 (dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to ...)
 	{DSA-2971-1}
 	- dbus 1.8.6-1
 	[squeeze] - dbus <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=80469
-CVE-2014-3532 [DoS]
-	RESERVED
+CVE-2014-3532 (dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux ...)
 	{DSA-2971-1}
 	- dbus 1.8.6-1
 	[squeeze] - dbus <not-affected> (Fix for other kernel version)
@@ -3387,8 +3453,7 @@ CVE-2014-3532 [DoS]
 CVE-2014-3531
 	RESERVED
 	- foreman <itp> (bug #663101)
-CVE-2014-3530
-	RESERVED
+CVE-2014-3530 (The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory ...)
 	NOT-FOR-US: PicketLink
 CVE-2014-3529
 	RESERVED
@@ -3403,8 +3468,7 @@ CVE-2014-3525
 	- trafficserver 5.0.1-1
 CVE-2014-3524
 	RESERVED
-CVE-2014-3523 [WinNT MPM denial of service]
-	RESERVED
+CVE-2014-3523 (Memory leak in the winnt_accept function in server/mpm/winnt/child.c ...)
 	- apache2 <not-affected> (Affects only Windows systems)
 CVE-2014-3522
 	RESERVED
@@ -3418,8 +3482,7 @@ CVE-2014-3519
 	RESERVED
 	- linux-2.6 <not-affected> (Vulnerable code not yet present)
 	- linux <not-affected> (Kernels after squeeze no longer contain the openvz flavour)
-CVE-2014-3518
-	RESERVED
+CVE-2014-3518 (jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss ...)
 	NOT-FOR-US: JBoss Application Server
 CVE-2014-3517 [Use of non-constant time comparison operation]
 	RESERVED
@@ -3973,18 +4036,18 @@ CVE-2014-3327
 	RESERVED
 CVE-2014-3326
 	RESERVED
-CVE-2014-3325
-	RESERVED
+CVE-2014-3325 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified ...)
+	TODO: check
 CVE-2014-3324
 	RESERVED
-CVE-2014-3323
-	RESERVED
+CVE-2014-3323 (Directory traversal vulnerability in Cisco Unified Contact Center ...)
+	TODO: check
 CVE-2014-3322
 	RESERVED
-CVE-2014-3321
-	RESERVED
-CVE-2014-3320
-	RESERVED
+CVE-2014-3321 (Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group ...)
+	TODO: check
+CVE-2014-3320 (Multiple open redirect vulnerabilities in the admin web interface in ...)
+	TODO: check
 CVE-2014-3319 (Directory traversal vulnerability in the Real-Time Monitoring Tool ...)
 	NOT-FOR-US: Cisco Unified Communications Manager
 CVE-2014-3318 (Directory traversal vulnerability in dna/viewfilecontents.do in the ...)
@@ -4011,8 +4074,8 @@ CVE-2014-3308 (Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a st
 	NOT-FOR-US: Cisco IOS XR
 CVE-2014-3307 (The DHCP client implementation in Universal Small Cell firmware on ...)
 	NOT-FOR-US: Cisco Small Cell
-CVE-2014-3306
-	RESERVED
+CVE-2014-3306 (The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, ...)
+	TODO: check
 CVE-2014-3305
 	RESERVED
 CVE-2014-3304
@@ -4381,20 +4444,18 @@ CVE-2014-3164
 	RESERVED
 CVE-2014-3163
 	RESERVED
-CVE-2014-3162 [address sanitizer fixes]
-	RESERVED
+CVE-2014-3162 (Multiple unspecified vulnerabilities in Google Chrome before ...)
 	- chromium-browser <unfixed>
 	[wheezy] - chromium-browser <no-dsa> (minor issue)
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2014-3161
-	RESERVED
-CVE-2014-3160 [same origin bypass]
-	RESERVED
+CVE-2014-3161 (The WebMediaPlayerAndroid::load function in ...)
+	TODO: check
+CVE-2014-3160 (The ResourceFetcher::canRequest function in ...)
 	- chromium-browser <unfixed>
 	[wheezy] - chromium-browser <no-dsa> (minor issue)
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2014-3159
-	RESERVED
+CVE-2014-3159 (The WebContentsDelegateAndroid::OpenURLFromTab function in ...)
+	TODO: check
 CVE-2014-3158
 	RESERVED
 CVE-2014-3157 (Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer ...)
@@ -4622,8 +4683,8 @@ CVE-2014-3066 (IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote .
 	NOT-FOR-US: IBM Tivoli Endpoint Manager
 CVE-2014-3065
 	RESERVED
-CVE-2014-3064
-	RESERVED
+CVE-2014-3064 (The GDS component in IBM InfoSphere Master Data Management - ...)
+	TODO: check
 CVE-2014-3063
 	RESERVED
 CVE-2014-3062
@@ -4660,12 +4721,12 @@ CVE-2014-3047
 	RESERVED
 CVE-2014-3046
 	RESERVED
-CVE-2014-3045
-	RESERVED
+CVE-2014-3045 (IBM Scale Out Network Attached Storage (SONAS) 1.3.x and 1.4.x before ...)
+	TODO: check
 CVE-2014-3044
 	RESERVED
-CVE-2014-3043
-	RESERVED
+CVE-2014-3043 (IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.3 allows ...)
+	TODO: check
 CVE-2014-3042 (IBM CICS Transaction Server 3.1, 3.2, 4.1, 4.2, and 5.1 on z/OS does ...)
 	NOT-FOR-US: IBM CICS Transaction Serve
 CVE-2014-3041
@@ -5713,8 +5774,7 @@ CVE-2014-2625
 	NOT-FOR-US: HP Network Virtualization
 CVE-2014-2624
 	RESERVED
-CVE-2014-2623
-	RESERVED
+CVE-2014-2623 (Unspecified vulnerability in HP Storage Data Protector 8.x allows ...)
 	NOT-FOR-US: HP Data Protector
 CVE-2014-2622 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
 	NOT-FOR-US: HP Intelligent Management Center
@@ -5900,8 +5960,7 @@ CVE-2014-2521
 	RESERVED
 CVE-2014-2520
 	RESERVED
-CVE-2014-2519
-	RESERVED
+CVE-2014-2519 (The default configuration of EMC RecoverPoint Appliance (RPA) 4.1 ...)
 	NOT-FOR-US: EMC RecoverPoint Appliance
 CVE-2014-2518
 	RESERVED
@@ -6044,7 +6103,7 @@ CVE-2014-2492 (Unspecified vulnerability in the Oracle Agile Product Collaborati
 CVE-2014-2491 (Unspecified vulnerability in the Siebel UI Framework component in ...)
 	TODO: check
 CVE-2014-2490 (Unspecified vulnerability in the Java SE component in Oracle Java SE ...)
-	{DSA-2980-1}
+	{DSA-2987-1 DSA-2980-1}
 	- openjdk-6 6b32-1.13.4-1
 	NOTE: http://hg.openjdk.java.net/jdk6/jdk6/hotspot/rev/dd7d490e72af
 	- openjdk-7 7u65-2.5.1-1
@@ -6069,6 +6128,7 @@ CVE-2014-2484 (Unspecified vulnerability in the MySQL Server component in Oracle
 	- mariadb-5.5 <not-affected> (Only affects 5.6)
 	- percona-xtradb-cluster-5.5 <not-affected> (Only affects 5.6)
 CVE-2014-2483 (Unspecified vulnerability in the Java SE component in Oracle Java SE ...)
+	{DSA-2987-1}
 	- openjdk-6 <not-affected> (vulnerable code not present)
 	- openjdk-7 7u65-2.5.1-1
 	NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/848481af9003
@@ -6328,8 +6388,7 @@ CVE-2014-2389 (Stack-based buffer overflow in a certain decryption function in .
 	NOT-FOR-US: BlackBerry Z 10
 CVE-2014-2388
 	RESERVED
-CVE-2014-2385
-	RESERVED
+CVE-2014-2385 (Multiple cross-site scripting (XSS) vulnerabilities in the web UI in ...)
 	NOT-FOR-US: Sophos Antivirus
 CVE-2014-2384 (vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player ...)
 	NOT-FOR-US: VMware on Windows
@@ -6364,16 +6423,16 @@ CVE-2014-2370
 	RESERVED
 CVE-2014-2369
 	RESERVED
-CVE-2014-2368
-	RESERVED
-CVE-2014-2367
-	RESERVED
-CVE-2014-2366
-	RESERVED
-CVE-2014-2365
-	RESERVED
-CVE-2014-2364
-	RESERVED
+CVE-2014-2368 (The BrowseFolder method in the bwocxrun ActiveX control in Advantech ...)
+	TODO: check
+CVE-2014-2367 (The ChkCookie subroutine in an ActiveX control in ...)
+	TODO: check
+CVE-2014-2366 (upAdminPg.asp in Advantech WebAccess before 7.2 allows remote ...)
+	TODO: check
+CVE-2014-2365 (Unspecified vulnerability in Advantech WebAccess before 7.2 allows ...)
+	TODO: check
+CVE-2014-2364 (Multiple stack-based buffer overflows in Advantech WebAccess before ...)
+	TODO: check
 CVE-2014-2363
 	RESERVED
 CVE-2014-2362
@@ -7255,22 +7314,22 @@ CVE-2014-2001 (The East Japan Railway Company JR East Japan application before 1
 	NOT-FOR-US: Android application for East Japan Railway Company
 CVE-2014-2000 (The NTT 050 plus application before 4.2.1 for Android allows attackers ...)
 	NOT-FOR-US: NTT application for Android
-CVE-2014-1999
-	RESERVED
+CVE-2014-1999 (The auto-format feature in the Request_Curl class in FuelPHP 1.1 ...)
+	TODO: check
 CVE-2014-1998 (Cross-site scripting (XSS) vulnerability in Nippon Institute of ...)
 	NOT-FOR-US: SOY CMS
 CVE-2014-1997 (The ATEN CN8000 remote-access unit with firmware 1.6.154 and earlier ...)
 	NOT-FOR-US: ATEN IP KVM Switch
-CVE-2014-1996
-	RESERVED
-CVE-2014-1995
-	RESERVED
-CVE-2014-1994
-	RESERVED
-CVE-2014-1993
-	RESERVED
-CVE-2014-1992
-	RESERVED
+CVE-2014-1996 (Cybozu Garoon 3.7 before SP4 allows remote authenticated users to ...)
+	TODO: check
+CVE-2014-1995 (Cross-site scripting (XSS) vulnerability in the Map search ...)
+	TODO: check
+CVE-2014-1994 (Cross-site scripting (XSS) vulnerability in the Notices portlet in ...)
+	TODO: check
+CVE-2014-1993 (The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 ...)
+	TODO: check
+CVE-2014-1992 (Cross-site scripting (XSS) vulnerability in the Messages functionality ...)
+	TODO: check
 CVE-2014-1991 (Open redirect vulnerability in WebPlatform / AppFramework 6.0 through ...)
 	NOT-FOR-US: NTT DATA INTRAMART
 CVE-2014-1990 (Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the ...)
@@ -7279,8 +7338,8 @@ CVE-2014-1989 (Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated use
 	NOT-FOR-US: Cybozu Garoon
 CVE-2014-1988 (The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 ...)
 	NOT-FOR-US: Cybozu Garoon
-CVE-2014-1987
-	RESERVED
+CVE-2014-1987 (The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote ...)
+	TODO: check
 CVE-2014-1986 (The Content Provider in the KOKUYO CamiApp application 1.21.1 and ...)
 	NOT-FOR-US: KOKUYO CamiApp application
 CVE-2014-1984 (Session fixation vulnerability in the management screen in Cybozu ...)
@@ -7305,8 +7364,8 @@ CVE-2014-1975 (Directory traversal vulnerability in the R-Company Unzipper ...)
 	NOT-FOR-US: Unzipper Android app
 CVE-2014-1974 (Directory traversal vulnerability in the LYSESOFT AndExplorer ...)
 	NOT-FOR-US: LYSESOFT
-CVE-2014-1973
-	RESERVED
+CVE-2014-1973 (Directory traversal vulnerability in the NextApp File Explorer ...)
+	TODO: check
 CVE-2014-1972
 	RESERVED
 CVE-2014-1971 (Cross-site scripting (XSS) vulnerability in Silex before 2.0.0 allows ...)
@@ -8456,14 +8515,12 @@ CVE-2014-1563
 	RESERVED
 CVE-2014-1562
 	RESERVED
-CVE-2014-1561 [Toolbar dialog customization event spoofing]
-	RESERVED
+CVE-2014-1561 (Mozilla Firefox before 31.0 does not properly restrict use of ...)
 	- iceweasel 31.0-1
 	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
 	[squeeze] - iceweasel <end-of-life>
 	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-60.html
-CVE-2014-1560 [Certificate parsing broken by non-standard character]
-	RESERVED
+CVE-2014-1560 (Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote ...)
 	- iceweasel 31.0-1
 	- icedove <unfixed>
 	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
@@ -8471,8 +8528,7 @@ CVE-2014-1560 [Certificate parsing broken by non-standard character]
 	[squeeze] - iceweasel <end-of-life>
 	[squeeze] - icedove <end-of-life>
 	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-65.html
-CVE-2014-1559 [Certificate parsing broken by non-standard character]
-	RESERVED
+CVE-2014-1559 (Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote ...)
 	- iceweasel 31.0-1
 	- icedove <unfixed>
 	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
@@ -8480,8 +8536,7 @@ CVE-2014-1559 [Certificate parsing broken by non-standard character]
 	[squeeze] - iceweasel <end-of-life>
 	[squeeze] - icedove <end-of-life>
 	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-65.html
-CVE-2014-1558 [Certificate parsing broken by non-standard character]
-	RESERVED
+CVE-2014-1558 (Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote ...)
 	- iceweasel 31.0-1
 	- icedove <unfixed>
 	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
@@ -8489,22 +8544,22 @@ CVE-2014-1558 [Certificate parsing broken by non-standard character]
 	[squeeze] - iceweasel <end-of-life>
 	[squeeze] - icedove <end-of-life>
 	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-65.html
-CVE-2014-1557 [Crash in Skia library when scaling high quality images]
-	RESERVED
+CVE-2014-1557 (The ConvolveHorizontally function in Skia, as used in Mozilla Firefox ...)
+	{DSA-2986-1}
 	- iceweasel 31.0-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove <unfixed>
 	[squeeze] - icedove <end-of-life>
 	NOTE: http://www.mozilla.org/security/announce/2014/mfsa2014-64.html
-CVE-2014-1556 [Exploitable WebGL crash with Cesium JavaScript]
-	RESERVED
+CVE-2014-1556 (Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and ...)
+	{DSA-2986-1}
 	- iceweasel 31.0-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove <unfixed>
 	[squeeze] - icedove <end-of-life>
 	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-62.html
-CVE-2014-1555 [Use-after-free with FireOnStateChange event]
-	RESERVED
+CVE-2014-1555 (Use-after-free vulnerability in the nsDocLoader::OnProgress function ...)
+	{DSA-2986-1}
 	- iceweasel 31.0-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove <unfixed>
@@ -8514,8 +8569,7 @@ CVE-2014-1554
 	RESERVED
 CVE-2014-1553
 	RESERVED
-CVE-2014-1552 [IFRAME sandbox same-origin access through redirect]
-	RESERVED
+CVE-2014-1552 (Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not ...)
 	- iceweasel 31.0-1
 	- icedove <unfixed>
 	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
@@ -8523,13 +8577,11 @@ CVE-2014-1552 [IFRAME sandbox same-origin access through redirect]
 	[squeeze] - iceweasel <end-of-life>
 	[squeeze] - icedove <end-of-life>
 	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-66.html
-CVE-2014-1551 [Use-after-free in DirectWrite font handling]
-	RESERVED
+CVE-2014-1551 (Use-after-free vulnerability in the FontTableRec destructor in Mozilla ...)
 	- iceweasel <not-affected> (Affects only Windows platform)
 	- icedove <not-affected> (Affects only Windows platform)
 	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-59.html
-CVE-2014-1550 [Use-after-free in Web Audio due to incorrect control message ordering]
-	RESERVED
+CVE-2014-1550 (Use-after-free vulnerability in the MediaInputPort class in Mozilla ...)
 	- iceweasel 31.0-1
 	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
 	[squeeze] - iceweasel <end-of-life>
@@ -8537,8 +8589,7 @@ CVE-2014-1550 [Use-after-free in Web Audio due to incorrect control message orde
 	[squeeze] - icedove <end-of-life>
 	[wheezy] - icedove <not-affected> (Only affects releases after ESR24)
 	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-58.html
-CVE-2014-1549 [Buffer overflow during Web Audio buffering for playback]
-	RESERVED
+CVE-2014-1549 (The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer ...)
 	- iceweasel 31.0-1
 	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
 	[squeeze] - iceweasel <end-of-life>
@@ -8546,13 +8597,12 @@ CVE-2014-1549 [Buffer overflow during Web Audio buffering for playback]
 	[squeeze] - icedove <end-of-life>
 	[wheezy] - icedove <not-affected> (Only affects releases after ESR24)
 	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-57.html
-CVE-2014-1548
-	RESERVED
+CVE-2014-1548 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- iceweasel 31.0-1
 	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
 	[squeeze] - iceweasel <end-of-life>
-CVE-2014-1547 [Miscellaneous memory safety hazards]
-	RESERVED
+CVE-2014-1547 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
+	{DSA-2986-1}
 	- iceweasel 31.0-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove <unfixed>
@@ -8568,8 +8618,8 @@ CVE-2014-1545 (Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows rem
 	[squeeze] - iceweasel <end-of-life>
 	[squeeze] - icedove <end-of-life>
 	NOTE: Only the Wheezy builds use the bundled nspr
-CVE-2014-1544 [Race-condition in certificate verification can lead to Remote code execution]
-	RESERVED
+CVE-2014-1544 (Use-after-free vulnerability in the CERT_DestroyCertificate function ...)
+	{DSA-2986-1}
 	- nss 2:3.16.3-1
 	- iceweasel <unfixed>
 	[squeeze] - iceweasel <end-of-life>
@@ -9597,14 +9647,14 @@ CVE-2014-0977 (Cross-site scripting (XSS) vulnerability in the Rich Text Editor
 	- movabletype-opensource 5.2.9+dfsg-1 (bug #734304)
 CVE-2014-0971
 	RESERVED
-CVE-2014-0970
-	RESERVED
+CVE-2014-0970 (The GDS component in IBM InfoSphere Master Data Management - ...)
+	TODO: check
 CVE-2014-0969
 	RESERVED
-CVE-2014-0968
-	RESERVED
-CVE-2014-0967
-	RESERVED
+CVE-2014-0968 (Cross-site scripting (XSS) vulnerability in the GDS component in IBM ...)
+	TODO: check
+CVE-2014-0967 (Cross-site scripting (XSS) vulnerability in the GDS component in IBM ...)
+	TODO: check
 CVE-2014-0966
 	RESERVED
 CVE-2014-0965
@@ -9623,8 +9673,8 @@ CVE-2014-0959 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.
 	NOT-FOR-US: IBM WebSphere Portal
 CVE-2014-0958 (Open redirect vulnerability in IBM WebSphere Portal 6.1.0 through ...)
 	NOT-FOR-US: IBM WebSphere Portal
-CVE-2014-0957
-	RESERVED
+CVE-2014-0957 (Cross-site scripting (XSS) vulnerability in IBM Business Process ...)
+	TODO: check
 CVE-2014-0956 (Cross-site scripting (XSS) vulnerability in googlemap.jsp in IBM ...)
 	NOT-FOR-US: IBM WebSphere Portal
 CVE-2014-0955 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0 ...)
@@ -11249,8 +11299,7 @@ CVE-2014-0233
 	NOT-FOR-US: OpenShift
 CVE-2014-0232
 	RESERVED
-CVE-2014-0231 [mod_cgid denial of service]
-	RESERVED
+CVE-2014-0231 (The mod_cgid module in the Apache HTTP Server before 2.4.10 does not ...)
 	- apache2 2.4.10-1
 CVE-2014-0230
 	RESERVED
@@ -11261,8 +11310,7 @@ CVE-2014-0228
 	NOT-FOR-US: Apache Hive
 CVE-2014-0227
 	RESERVED
-CVE-2014-0226 [mod_status buffer overflow]
-	RESERVED
+CVE-2014-0226 (Race condition in the mod_status module in the Apache HTTP Server ...)
 	- apache2 2.4.10-1
 CVE-2014-0225 [Information disclosure via SSRF]
 	RESERVED
@@ -11653,11 +11701,9 @@ CVE-2014-0119 (Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.
 	- tomcat8 8.0.8-1
 	- tomcat7 7.0.54-1
 	- tomcat6 6.0.41-1
-CVE-2014-0118 [mod_deflate denial of service]
-	RESERVED
+CVE-2014-0118 (The deflate_in_filter function in mod_deflate.c in the mod_deflate ...)
 	- apache2 2.4.10-1
-CVE-2014-0117 [mod_proxy denial of service]
-	RESERVED
+CVE-2014-0117 (The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, ...)
 	- apache2 2.4.10-1
 	[squeeze] - apache2 <not-affected> (Affects 2.4.6 to 2.4.9)
 	[wheezy] - apache2 <not-affected> (Affects 2.4.6 to 2.4.9)
author	Joey Hess <joeyh@debian.org>	2014-07-23 21:14:13 +0000
committer	Joey Hess <joeyh@debian.org>	2014-07-23 21:14:13 +0000
commit	7ae55d5acb018ee304097c238931d09b9d3d670f (patch)
tree	7006711efeebf85a86b89decf2c3a3c98efbac03
parent	fd4a8a3244b4bf836a7bcfcd9adbc13da4489a13 (diff)