automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@29194 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Joey Hess <joeyh@debian.org> 2014-10-01 21:14:11 +0000
committer: Joey Hess <joeyh@debian.org> 2014-10-01 21:14:11 +0000
commit: bbbc25fb68680d75d0f1c5b72e50a335a52a64c1 (patch)
tree: 013ee50613964653bc8d86d8513a1ae12233bf9c
parent: 5ec427fddde495087a9cf2f3059cb07e2021b917 (diff)
13 files changed, 478 insertions, 369 deletions
diff --git a/data/CVE/2000.list b/data/CVE/2000.list
index 73066f91ab..6662fd4a62 100644
--- a/data/CVE/2000.list
+++ b/data/CVE/2000.list
@@ -1,3 +1,5 @@
+CVE-2000-1253
+	RESERVED
 CVE-2000-1252
 	RESERVED
 CVE-2000-1251
diff --git a/data/CVE/2001.list b/data/CVE/2001.list
index 76d7dfe520..fadcecaeb3 100644
--- a/data/CVE/2001.list
+++ b/data/CVE/2001.list
@@ -1,3 +1,5 @@
+CVE-2001-1594
+	RESERVED
 CVE-2001-1593 (The tempname_ensure function in lib/routines.h in a2ps 4.14 and ...)
 	{DSA-2892-1}
 	- a2ps 1:4.14-1.2 (low; bug #737385)
diff --git a/data/CVE/2002.list b/data/CVE/2002.list
index 03cf206787..6dc165d7cc 100644
--- a/data/CVE/2002.list
+++ b/data/CVE/2002.list
@@ -1,3 +1,5 @@
+CVE-2002-2445
+	RESERVED
 CVE-2002-2483
 	- linux-2.6 2.4.20
 CVE-2002-2444 [snoopy: Security hole in exec cURL]
diff --git a/data/CVE/2003.list b/data/CVE/2003.list
index d6695a5ea8..ba31f3aaac 100644
--- a/data/CVE/2003.list
+++ b/data/CVE/2003.list
@@ -1,3 +1,5 @@
+CVE-2003-1603
+	RESERVED
 CVE-2003-1602
 	RESERVED
 CVE-2003-1601
diff --git a/data/CVE/2004.list b/data/CVE/2004.list
index ae5b992a26..61df163ed1 100644
--- a/data/CVE/2004.list
+++ b/data/CVE/2004.list
@@ -1,3 +1,5 @@
+CVE-2004-2777
+	RESERVED
 CVE-2004-XXXX [base-passwd: sets valid shells for system services]
 	- base-passwd 3.5.30 (unimportant; bug #274229)
 	NOTE: Hardening, not a direct vulnerability
diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index 68ad9f2303..3a98092e3f 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -1,3 +1,5 @@
+CVE-2006-7253
+	RESERVED
 CVE-2006-7252 (Integer overflow in the calloc function in libc/stdlib/malloc.c in ...)
 	NOT-FOR-US: NetBSD/FreeBSD libc
 CVE-2006-7251
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index e1d75e4aff..f624e395fc 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -1,3 +1,5 @@
+CVE-2007-6757
+	RESERVED
 CVE-2007-6756 (ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a ...)
 	NOT-FOR-US: ZOLL Defibrillator / Monitor M Series, E Series, and R Series
 CVE-2007-6755 (The NIST SP 800-90A default statement of the Dual Elliptic Curve ...)
diff --git a/data/CVE/2009.list b/data/CVE/2009.list
index 5328adb867..a79855e192 100644
--- a/data/CVE/2009.list
+++ b/data/CVE/2009.list
@@ -1,3 +1,5 @@
+CVE-2009-5143
+	RESERVED
 CVE-2009-5142 (Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb ...)
 	NOT-FOR-US: TimThumb
 CVE-2009-5141 (Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 ...)
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index c8475e31b4..f64c57caa5 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -1,3 +1,13 @@
+CVE-2010-5310
+	RESERVED
+CVE-2010-5309
+	RESERVED
+CVE-2010-5308
+	RESERVED
+CVE-2010-5307
+	RESERVED
+CVE-2010-5306
+	RESERVED
 CVE-2010-XXXX [execute code from imported modules / documentation missmatch ]
 	- pylint <unfixed> (bug #591676)
 CVE-2010-5305
diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index a23d2f10f6..baac8dd722 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -1,3 +1,5 @@
+CVE-2011-5374
+	RESERVED
 CVE-2011-5281
 	RESERVED
 CVE-2011-5280 (Multiple stack-based buffer overflows in BOINC 6.13.x allow remote ...)
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 42518c5045..396d070ae7 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -1,9 +1,10 @@
+CVE-2012-6660
+	RESERVED
 CVE-2012-6659 (Cross-site scripting (XSS) vulnerability in the admin interface in ...)
 	NOT-FOR-US: Phorum
 CVE-2012-6658 (Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks ...)
 	NOT-FOR-US: SpiceWorks
-CVE-2012-6657 [net: guard tcp_set_keepalive against crash]
-	RESERVED
+CVE-2012-6657 (The sock_setsockopt function in net/core/sock.c in the Linux kernel ...)
 	- linux 3.6.4-1
 	[wheezy] - linux 3.2.32-1
 	- linux-2.6 <removed>
@@ -407,8 +408,7 @@ CVE-2012-6503 (Unspecified vulnerability in the NinjaXplorer component before 1.
 	NOT-FOR-US: NinjaXplorer for Joomla!
 CVE-2012-6502 (Microsoft Internet Explorer before 10 allows remote attackers to ...)
 	NOT-FOR-US: Microsoft Internet Explorer
-CVE-2012-6110 [bcron file descriptors not closed]
-	RESERVED
+CVE-2012-6110 (bcron-exec in bcron before 0.10 does not close file descriptors ...)
 	- bcron 0.09-13 (low; bug #686650)
 	[squeeze] - bcron 0.09-11+squeeze1
 CVE-2012-6501 (The KillProcess method in the HP PKI ActiveX control (HPPKI.ocx) ...)
@@ -803,8 +803,8 @@ CVE-2012-6318
 	RESERVED
 CVE-2012-6317
 	RESERVED
-CVE-2012-6316
-	RESERVED
+CVE-2012-6316 (Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK ...)
+	TODO: check
 CVE-2012-6315
 	REJECTED
 CVE-2012-6314 (Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, ...)
@@ -1307,8 +1307,7 @@ CVE-2012-6109 (lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1
 	NOTE: https://groups.google.com/forum/#!msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ
 CVE-2012-6108 (HP Linux Imaging and Printing (HPLIP) before 3.13.2 uses ...)
 	- hplip <not-affected> (permissions are 755 on wheezy, sid and experimental)
-CVE-2012-6107 [Does not verify that the server hostname matches a domain name in the subject's CN or subjectAltName field of the x.509 certificate]
-	RESERVED
+CVE-2012-6107 (Apache Axis2/C does not verify that the server hostname matches a ...)
 	- axis2c <unfixed> (bug #697974)
 	NOTE: https://issues.apache.org/jira/browse/AXIS2C-1619
 CVE-2012-6106 (calendar/managesubscriptions.php in the Manage Subscriptions ...)
@@ -2573,15 +2572,13 @@ CVE-2012-5623
 	NOT-FOR-US: change_passwd plugin for Squirrelmail
 CVE-2012-5622 (Cross-site request forgery (CSRF) vulnerability in the management ...)
 	NOT-FOR-US: OpenShift
-CVE-2012-5621 [Ekiga (x < 4.0.0): DoS (crash) after receiving call from other party with not UTF-8 valid name]
-	RESERVED
+CVE-2012-5621 (lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows ...)
 	- ekiga 3.2.7-6 (bug #702282; low)
 	[squeeze] - ekiga <no-dsa> (Minor issue)
 CVE-2012-5620
 	RESERVED
 	NOT-FOR-US: Docecot non-issue, see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695138#15
-CVE-2012-5619
-	RESERVED
+CVE-2012-5619 (The Sleuth Kit (TSK) 4.0.1 does not properly handle &quot;.&quot; (dotfile) file ...)
 	- sleuthkit 4.1.2-1 (unimportant; bug #695097)
 CVE-2012-5618
 	RESERVED
@@ -2910,80 +2907,58 @@ CVE-2012-5508 [ Zope/Plone: PRNG isn't reseeded]
 	RESERVED
 	- zope2.12 2.12.26-1 (bug #692899)
 	NOTE: https://plone.org/products/plone/security/advisories/20121106/24
-CVE-2012-5507 [ Zope/Plone: Timing attack in password validation ]
-	RESERVED
+CVE-2012-5507 (AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone ...)
 	- zope2.12 2.12.26-1 (bug #692899)
 	NOTE: https://plone.org/products/plone/security/advisories/20121106/23
-CVE-2012-5506 [ Zope/Plone: DoS through RSS on private folder ]
-	RESERVED
+CVE-2012-5506 (python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows ...)
 	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5505 [ Zope/Plone: Attempting to access a view with no name returns an internal data structure ]
-	RESERVED
+CVE-2012-5505 (atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote ...)
 	- zope2.12 2.12.26-1 (bug #692899)
 	NOTE: https://plone.org/products/plone/security/advisories/20121106/21
-CVE-2012-5504 [ Zope/Plone: Persistent XSS ]
-	RESERVED
+CVE-2012-5504 (Cross-site scripting (XSS) vulnerability in widget_traversal.py in ...)
 	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5503 [ Zope/Plone: Users connected through FTP can list hidden folder contents ]
-	RESERVED
+CVE-2012-5503 (ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote ...)
 	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5502 [ Zope/Plone: Persistent XSS via filtering bypass ]
-	RESERVED
+CVE-2012-5502 (Cross-site scripting (XSS) vulnerability in safe_html.py in Plone ...)
 	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5501 [ Zope/Plone: Crafted URL allows downloading of BLOBs that are not visible to the user ]
-	RESERVED
+CVE-2012-5501 (at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows ...)
 	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
 CVE-2012-5500 [ Zope/Plone: Anonymous users can batch change titles of content items ]
 	RESERVED
 	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5499 [ Zope/Plone: Partial denial of service through internal function ]
-	RESERVED
+CVE-2012-5499 (python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows ...)
 	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5498 [ Zope/Plone: Partial denial of service through Collections functionality ]
-	RESERVED
+CVE-2012-5498 (queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows ...)
 	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5497 [ Zope/Plone: Anonymous users can list user account names ]
-	RESERVED
+CVE-2012-5497 (membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows ...)
 	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5496 [ Zope/Plone: DoS through unsanitised inputs into Kupu ]
-	RESERVED
+CVE-2012-5496 (kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers ...)
 	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5495 [ Zope/Plone: Restricted Python injection ]
-	RESERVED
+CVE-2012-5495 (python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows ...)
 	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5494 [ Zope/Plone: Reflexive XSS ]
-	RESERVED
+CVE-2012-5494 (Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone ...)
 	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5493 [ Zope/Plone: Restricted Python sandbox escape ]
-	RESERVED
+CVE-2012-5493 (gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote ...)
 	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5492 [ Zope/Plone: Partial permissions bypass ]
-	RESERVED
+CVE-2012-5492 (uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows ...)
 	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5491 [ Zope/Plone: Form detail exposure ]
-	RESERVED
+CVE-2012-5491 (z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows ...)
 	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5490 [ Zope/Plone: Reflexive XSS ]
-	RESERVED
+CVE-2012-5490 (Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone ...)
 	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5489 [ Zope/Plone: Partial restricted Python sandbox escape ]
-	RESERVED
+CVE-2012-5489 (The App.Undo.UndoSupport.get_request_var_or_attr function in Zope ...)
 	- zope2.12 <unfixed> (bug #692899)
 	[wheezy] - zope2.12 <no-dsa> (Minor issue)
 	NOTE: https://plone.org/products/plone/security/advisories/20121106/05
-CVE-2012-5488 [ Zope/Plone: Restricted Python injection ]
-	RESERVED
+CVE-2012-5488 (python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows ...)
 	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5487 [ Zope/Plone: Restricted Python sandbox escape ]
-	RESERVED
+CVE-2012-5487 (The sandbox whitelisting function (allowmodule.py) in Plone before ...)
 	- zope2.12 <unfixed> (unimportant; bug #692899)
 	NOTE: Non-issue, see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692899#20
-CVE-2012-5486 [ Zope/Plone: Reflexive HTTP header injection ]
-	RESERVED
+CVE-2012-5486 (ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used ...)
 	- zope2.12 2.12.26-1 (bug #692899)
 	NOTE: https://plone.org/products/plone/security/advisories/20121106/02
-CVE-2012-5485 [ Restricted Python injection ]
-	RESERVED
+CVE-2012-5485 (registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 ...)
 	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
 	NOTE: https://plone.org/products/plone/security/advisories/20121106/01
 CVE-2012-5484 (The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly ...)
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index ad34c6cb55..697c10a98e 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -1,4 +1,9 @@
+CVE-2013-7405
+	RESERVED
+CVE-2013-7404
+	RESERVED
 CVE-2013-7403
+	RESERVED
 	NOT-FOR-US: WordPress plugin wp-video-commando
 CVE-2013-7402
 	RESERVED
@@ -9864,8 +9869,8 @@ CVE-2013-3634 (The SNMPv3 functionality on Siemens Scalance X200 IRT switches wi
 	NOT-FOR-US: Siemens switches
 CVE-2013-3633 (The web interface on Siemens Scalance X200 IRT switches with firmware ...)
 	NOT-FOR-US: Siemens
-CVE-2013-3632
-	RESERVED
+CVE-2013-3632 (The Cron service in rpc.php in OpenMediaVault allows remote ...)
+	TODO: check
 CVE-2013-3631 (NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to ...)
 	NOT-FOR-US: NAS4Free
 CVE-2013-3630 (Moodle through 2.5.2 allows remote authenticated administrators to ...)
@@ -11048,26 +11053,26 @@ CVE-2013-3094
 	RESERVED
 CVE-2013-3093
 	RESERVED
-CVE-2013-3092
-	RESERVED
+CVE-2013-3092 (The Belkin N300 (F7D7301v1) router allows remote attackers to bypass ...)
+	TODO: check
 CVE-2013-3091
 	RESERVED
 CVE-2013-3090 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin N300 ...)
 	NOT-FOR-US: Belkin N300 router
-CVE-2013-3089
-	RESERVED
+CVE-2013-3089 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin ...)
+	TODO: check
 CVE-2013-3088
 	RESERVED
 CVE-2013-3087 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin N900 ...)
 	NOT-FOR-US: Belkin N900 router
-CVE-2013-3086
-	RESERVED
+CVE-2013-3086 (Cross-site request forgery (CSRF) vulnerability in util_system.html in ...)
+	TODO: check
 CVE-2013-3085
 	RESERVED
 CVE-2013-3084 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin Model ...)
 	NOT-FOR-US: Belkin router
-CVE-2013-3083
-	RESERVED
+CVE-2013-3083 (Cross-site request forgery (CSRF) vulnerability in ...)
+	TODO: check
 CVE-2013-3082 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Jojo CMS
 CVE-2013-3081 (SQL injection vulnerability in the checkEmailFormat function in ...)
@@ -11103,16 +11108,16 @@ CVE-2013-3070
 	RESERVED
 CVE-2013-3069 (Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR ...)
 	NOT-FOR-US: NETGEAR devices
-CVE-2013-3068
-	RESERVED
+CVE-2013-3068 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in ...)
+	TODO: check
 CVE-2013-3067
 	RESERVED
-CVE-2013-3066
-	RESERVED
-CVE-2013-3065
-	RESERVED
-CVE-2013-3064
-	RESERVED
+CVE-2013-3066 (Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict ...)
+	TODO: check
+CVE-2013-3065 (Cross-site scripting (XSS) vulnerability in the Parental Controls ...)
+	TODO: check
+CVE-2013-3064 (Open redirect vulnerability in ui/dynamic/unsecured.html in Linksys ...)
+	TODO: check
 CVE-2013-3063 (SAP BASIS Communication Services 4.6B through 7.30 allows remote ...)
 	NOT-FOR-US: SAP BASIS Communication Services
 CVE-2013-3062 (The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering ...)
@@ -12309,8 +12314,8 @@ CVE-2013-2588
 	RESERVED
 CVE-2013-2587
 	RESERVED
-CVE-2013-2586
-	RESERVED
+CVE-2013-2586 (XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which ...)
+	TODO: check
 CVE-2013-2585 (Cross-site scripting (XSS) vulnerability in Atmail Webmail Server ...)
 	NOT-FOR-US: AtMail
 CVE-2013-2584
@@ -13719,8 +13724,7 @@ CVE-2013-2102 (The default configuration of Red Hat JBoss Portal before 6.1.0 en
 CVE-2013-2101
 	RESERVED
 	NOT-FOR-US: Katello
-CVE-2013-2100
-	RESERVED
+CVE-2013-2100 (The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage ...)
 	NOT-FOR-US: Gentoo Portage binary package installer
 CVE-2013-2099 (Algorithmic complexity vulnerability in the ssl.match_hostname ...)
 	- python2.7 2.7.5-5 (low; bug #709066)
@@ -13832,6 +13836,7 @@ CVE-2013-2073 (Transifex command-line client before 0.9 does not validate X.509
 	[wheezy] - transifex-client <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/oss-sec/2013/q2/394
 CVE-2013-2072 (Buffer overflow in the Python bindings for the xc_vcpu_setaffinity ...)
+	{DSA-3041-1}
 	- xen 4.2.2-1 (low)
 	[squeeze] - xen <no-dsa> (Minor issue, can be postponed to the next Xen DSA)
 	[wheezy] - xen <no-dsa> (Minor issue, can be postponed to the next Xen DSA)
@@ -14480,8 +14485,7 @@ CVE-2013-1876
 	REJECTED
 CVE-2013-1875 (command_wrap.rb in the command_wrap Gem for Ruby allows remote ...)
 	NOT-FOR-US: ruby gem command_wrap
-CVE-2013-1874 [Chicken Scheme: code execution]
-	RESERVED
+CVE-2013-1874 (Untrusted search path vulnerability in csi in Chicken before 4.8.2 ...)
 	- chicken 4.8.0.3-1 (low; bug #702410)
 	[squeeze] - chicken <no-dsa> (Minor issue)
 	[wheezy] - chicken <no-dsa> (Minor issue)
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index f7d9fce625..d1b946e39b 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -1,3 +1,129 @@
+CVE-2014-7270
+	RESERVED
+CVE-2014-7269
+	RESERVED
+CVE-2014-7268
+	RESERVED
+CVE-2014-7267
+	RESERVED
+CVE-2014-7266
+	RESERVED
+CVE-2014-7265
+	RESERVED
+CVE-2014-7264
+	RESERVED
+CVE-2014-7263
+	RESERVED
+CVE-2014-7262
+	RESERVED
+CVE-2014-7261
+	RESERVED
+CVE-2014-7260
+	RESERVED
+CVE-2014-7259
+	RESERVED
+CVE-2014-7258
+	RESERVED
+CVE-2014-7257
+	RESERVED
+CVE-2014-7256
+	RESERVED
+CVE-2014-7255
+	RESERVED
+CVE-2014-7254
+	RESERVED
+CVE-2014-7253
+	RESERVED
+CVE-2014-7252
+	RESERVED
+CVE-2014-7251
+	RESERVED
+CVE-2014-7250
+	RESERVED
+CVE-2014-7249
+	RESERVED
+CVE-2014-7248
+	RESERVED
+CVE-2014-7247
+	RESERVED
+CVE-2014-7246
+	RESERVED
+CVE-2014-7245
+	RESERVED
+CVE-2014-7244
+	RESERVED
+CVE-2014-7243
+	RESERVED
+CVE-2014-7242
+	RESERVED
+CVE-2014-7241
+	RESERVED
+CVE-2014-7240
+	RESERVED
+CVE-2014-7239
+	RESERVED
+CVE-2014-7238
+	RESERVED
+CVE-2014-7237
+	RESERVED
+CVE-2014-7236
+	RESERVED
+CVE-2014-7235
+	RESERVED
+CVE-2014-7234
+	RESERVED
+CVE-2014-7233
+	RESERVED
+CVE-2014-7232
+	RESERVED
+CVE-2014-7229
+	RESERVED
+CVE-2014-7228
+	RESERVED
+CVE-2014-7227
+	RESERVED
+CVE-2014-7226
+	RESERVED
+CVE-2014-7225
+	RESERVED
+CVE-2014-7224
+	RESERVED
+CVE-2014-7223
+	RESERVED
+CVE-2014-7222
+	RESERVED
+CVE-2014-7221
+	RESERVED
+CVE-2014-7220
+	RESERVED
+CVE-2014-7219
+	RESERVED
+CVE-2014-7218
+	RESERVED
+CVE-2014-7217
+	RESERVED
+CVE-2014-7216
+	RESERVED
+CVE-2014-7215
+	RESERVED
+CVE-2014-7214
+	RESERVED
+CVE-2014-7213
+	RESERVED
+CVE-2014-7212
+	RESERVED
+CVE-2014-7211
+	RESERVED
+CVE-2014-7210
+	RESERVED
+CVE-2014-7209
+	RESERVED
+CVE-2014-7208
+	RESERVED
+CVE-2014-7207
+	RESERVED
+CVE-2014-7206
+	RESERVED
 CVE-2014-XXXX [various sddm issues]
 	- sddm <itp> (bug #703519)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=897788
@@ -6,16 +132,19 @@ CVE-2014-XXXX [gnome-shell lockscreen bypass with printscreen key]
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=737456
 	TODO: check
 CVE-2014-7231
+	RESERVED
 	- python-oslo.utils <unfixed>
 	NOTE: https://launchpad.net/bugs/1345233
 	TODO: check
 CVE-2014-7230
+	RESERVED
 	- cinder <unfixed>
 	- nova <unfixed>
 	- trove <unfixed>
 	NOTE: https://launchpad.net/bugs/1343604
 	TODO: check
 CVE-2014-7205 [Arbitrary JavaScript Execution in Bassmaster]
+	RESERVED
 	NOTE: https://nodesecurity.io/advisories/bassmaster_js_injection
 	TODO: check
 CVE-2014-7201
@@ -47,6 +176,7 @@ CVE-2014-7191 [qs Denial-of-Service Memory Exhaustion]
 	NOTE: https://nodesecurity.io/advisories/qs_dos_memory_exhaustion
 CVE-2014-7188
 	RESERVED
+	{DSA-3041-1}
 	- xen <unfixed>
 CVE-2014-7184
 	RESERVED
@@ -79,6 +209,7 @@ CVE-2014-7171
 CVE-2014-7170
 	RESERVED
 CVE-2014-7204 [endless loog + disk usage bomp on minified js file]
+	RESERVED
 	- exuberant-ctags 1:5.9~svn20110310-8 (bug #742605)
 	NOTE: http://sourceforge.net/p/ctags/code/791/
 CVE-2014-7203 [does not implement uniqueness check on connection nonces]
@@ -93,8 +224,7 @@ CVE-2014-7202 [does not validate the other party's security handshake properly]
 	- zeromq3 <unfixed>
 	NOTE: Code commit: https://github.com/zeromq/libzmq/issues/1190
 	TODO: check
-CVE-2014-7190
-	RESERVED
+CVE-2014-7190 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
 	NOT-FOR-US: Openfiler
 CVE-2014-7189 [Go crypto/tls vulnerability]
 	RESERVED
@@ -102,12 +232,10 @@ CVE-2014-7189 [Go crypto/tls vulnerability]
 	[wheezy] - golang <not-affected> (Vulnerable code not present, only Go 1.1 onwards)
 	NOTE: https://groups.google.com/forum/#!msg/golang-nuts/eeOHNw_shwU/OHALUmroA5kJ
 	NOTE: https://code.google.com/p/go/source/detail?r=eae0457c101512f59296538f0162749eba325892&name=release-branch.go1.3
-CVE-2014-7187
-	RESERVED
+CVE-2014-7187 (Off-by-one error in the read_token_word function in parse.y in GNU ...)
 	{DSA-3035-1 DLA-63-1}
 	- bash 4.3-9.2
-CVE-2014-7186
-	RESERVED
+CVE-2014-7186 (The redirection implementation in parse.y in GNU Bash through 4.3 ...)
 	{DSA-3035-1 DLA-63-1}
 	- bash 4.3-9.2
 CVE-2014-7185 [integer overflow in 'buffer' type allows reading memory]
@@ -154,8 +282,7 @@ CVE-2014-XXXX [gnutls: certificate sanitization issue]
 	NOTE: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7663
 	NOTE: http://www.intelsecurity.com/advanced-threat-research/#
 	NOTE: similar to CVE-2014-1568 in nss
-CVE-2014-7199 [mediawiki: releases 1.19.19, 1.22.11 and 1.23.4]
-	RESERVED
+CVE-2014-7199 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19, ...)
 	{DSA-3036-1}
 	- mediawiki 1:1.19.19+dfsg-1 (bug #762754)
 	[squeeze] - mediawiki <end-of-life>
@@ -164,14 +291,17 @@ CVE-2014-7169 (GNU Bash through 4.3 bash43-025 processes trailing strings after
 	- bash 4.3-9.2 (bug #762760)
 CVE-2014-7156 [XSA-106]
 	RESERVED
+	{DSA-3041-1}
 	- xen <unfixed>
 	[squeeze] - xen <end-of-life>
 CVE-2014-7155 [XSA-105]
 	RESERVED
+	{DSA-3041-1}
 	- xen <unfixed>
 	[squeeze] - xen <end-of-life>
 CVE-2014-7154 [XSA-104]
 	RESERVED
+	{DSA-3041-1}
 	- xen <unfixed>
 	[squeeze] - xen <end-of-life>
 CVE-2014-7152 (Cross-site scripting (XSS) vulnerability in the Easy MailChimp Forms ...)
@@ -758,222 +888,222 @@ CVE-2014-6857
 	RESERVED
 CVE-2014-6856
 	RESERVED
-CVE-2014-6855
-	RESERVED
-CVE-2014-6854
-	RESERVED
-CVE-2014-6853
-	RESERVED
-CVE-2014-6852
-	RESERVED
-CVE-2014-6851
-	RESERVED
-CVE-2014-6850
-	RESERVED
+CVE-2014-6855 (The Long (aka com.imop.longjiang.android) application 1.0.4 for ...)
+	TODO: check
+CVE-2014-6854 (The EyeXam (aka com.globaleyeventures.eyexam) application 1.4 for ...)
+	TODO: check
+CVE-2014-6853 (The Foxit MobilePDF - PDF Reader (aka com.foxit.mobile.pdf.lite) ...)
+	TODO: check
+CVE-2014-6852 (The LedLine.gr Official (aka com.automon.ledline.gr) application ...)
+	TODO: check
+CVE-2014-6851 (The New Beginnings CFC (aka com.goodbarber.nbcfc) application 1.1 for ...)
+	TODO: check
+CVE-2014-6850 (The SED Account (aka com.starkville.smartapps) application 1.153.0034 ...)
+	TODO: check
 CVE-2014-6849
 	RESERVED
-CVE-2014-6848
-	RESERVED
-CVE-2014-6847
-	RESERVED
-CVE-2014-6846
-	RESERVED
-CVE-2014-6845
-	RESERVED
-CVE-2014-6844
-	RESERVED
-CVE-2014-6843
-	RESERVED
-CVE-2014-6842
-	RESERVED
-CVE-2014-6841
-	RESERVED
-CVE-2014-6840
-	RESERVED
-CVE-2014-6839
-	RESERVED
-CVE-2014-6838
-	RESERVED
-CVE-2014-6837
-	RESERVED
-CVE-2014-6836
-	RESERVED
-CVE-2014-6835
-	RESERVED
-CVE-2014-6834
-	RESERVED
-CVE-2014-6833
-	RESERVED
-CVE-2014-6832
-	RESERVED
-CVE-2014-6831
-	RESERVED
-CVE-2014-6830
-	RESERVED
-CVE-2014-6829
-	RESERVED
-CVE-2014-6828
-	RESERVED
-CVE-2014-6827
-	RESERVED
-CVE-2014-6826
-	RESERVED
-CVE-2014-6825
-	RESERVED
-CVE-2014-6824
-	RESERVED
-CVE-2014-6823
-	RESERVED
-CVE-2014-6822
-	RESERVED
-CVE-2014-6821
-	RESERVED
-CVE-2014-6820
-	RESERVED
-CVE-2014-6819
-	RESERVED
-CVE-2014-6818
-	RESERVED
-CVE-2014-6817
-	RESERVED
-CVE-2014-6816
-	RESERVED
-CVE-2014-6815
-	RESERVED
-CVE-2014-6814
-	RESERVED
-CVE-2014-6813
-	RESERVED
-CVE-2014-6812
-	RESERVED
+CVE-2014-6848 (The DS file (aka com.synology.DSfile) application 4.1.1 for Android ...)
+	TODO: check
+CVE-2014-6847 (The Horoscopes and Dreams (aka com.horoscopesanddreams) application ...)
+	TODO: check
+CVE-2014-6846 (The Four Seasons Beverly Hills (aka ...)
+	TODO: check
+CVE-2014-6845 (The MediaFire (aka com.mediafire.android) application 1.1.1 for ...)
+	TODO: check
+CVE-2014-6844 (The ABC Song (aka com.tabtale.abcsingalong) application 1.0.0 for ...)
+	TODO: check
+CVE-2014-6843 (The Sweatshop (aka com.orderingapps.sweatshop) application 2.96 for ...)
+	TODO: check
+CVE-2014-6842 (The Daily Advertiser Print (aka com.lafayettedailyadv.android.prod) ...)
+	TODO: check
+CVE-2014-6841 (The RTI INDIA (aka com.vbulletin.build_890) application 3.8.21 for ...)
+	TODO: check
+CVE-2014-6840 (The My Wedding Planner (aka app.wedding) application 1.5 for Android ...)
+	TODO: check
+CVE-2014-6839 (The Alma Corinthiana (aka com.alma.corinthiana) application 1.0 for ...)
+	TODO: check
+CVE-2014-6838 (The Groupama toujours la (aka com.groupama.toujoursla) application ...)
+	TODO: check
+CVE-2014-6837 (The Hillside (aka com.hillside.hermanus) application 1.1 for Android ...)
+	TODO: check
+CVE-2014-6836 (The DS photo+ (aka com.synology.dsphoto) application 3.3 for Android ...)
+	TODO: check
+CVE-2014-6835 (The Herbal Guide (aka com.pocket.herbal.guide) application 1.0 for ...)
+	TODO: check
+CVE-2014-6834 (The Instaroid - Instagram Viewer (aka net.muik.instaroid) application ...)
+	TODO: check
+CVE-2014-6833 (The AuctionTrac Dealer (aka com.adesa.dealer.phone) application 2.0.3 ...)
+	TODO: check
+CVE-2014-6832 (The Bersa Forum (aka com.gcspublishing.bersaforum) application 3.9.16 ...)
+	TODO: check
+CVE-2014-6831 (The Hippo Studio (aka com.appgreen.hippostudio) application 1.0 for ...)
+	TODO: check
+CVE-2014-6830 (The Covet Fashion - Shopping Game (aka com.crowdstar.covetfashion) ...)
+	TODO: check
+CVE-2014-6829 (The Hook (aka com.hook.android) application 0.9.3 for Android does not ...)
+	TODO: check
+CVE-2014-6828 (The Gulf Credit Union (aka Fi_Mobile.Gulf) application 1.1 for Android ...)
+	TODO: check
+CVE-2014-6827 (The DK ONLINE Beta (aka com.sgmobile.dkonline) application 1.0.2 for ...)
+	TODO: check
+CVE-2014-6826 (The Tic-Tac To The MAX FREE (aka com.tothemax) application 1.2 for ...)
+	TODO: check
+CVE-2014-6825 (The Teatro Franco Parenti (aka com.mintlab.mx.teatroparenti) ...)
+	TODO: check
+CVE-2014-6824 (The kamkomesan (aka com.anek.kamkomesan) application 1.0 for Android ...)
+	TODO: check
+CVE-2014-6823 (The kuailecaidengmi (aka com.licai.kuailecaidengmi) application ...)
+	TODO: check
+CVE-2014-6822 (The Nerdico (aka com.nerdico.danielepais) application 1.9 Stable for ...)
+	TODO: check
+CVE-2014-6821 (The voetbal (aka nl.jborsje.android.voetbal.az) application 4.7.2 for ...)
+	TODO: check
+CVE-2014-6820 (The Amebra Ameba (aka jp.honeytrap15.amebra) application 1.0.0 for ...)
+	TODO: check
+CVE-2014-6819 (The Lapp Group Catalogue (aka com.prinovis.LappKabel) application 1.4 ...)
+	TODO: check
+CVE-2014-6818 (The OHBM 20th Annual Meeting (aka ...)
+	TODO: check
+CVE-2014-6817 (The Cove (aka org.covechurch.app) application 1.0.2 for Android does ...)
+	TODO: check
+CVE-2014-6816 (The WISDOM (aka lvtu99.com.nescmxiaoniuniu) application 2.1 for ...)
+	TODO: check
+CVE-2014-6815 (The Vouch! (aka com.voucherry.voucherry) application 2.1.6 for Android ...)
+	TODO: check
+CVE-2014-6814 (The Sentinels Randomizer (aka com.mikehipps.sentinelsrandomizer) ...)
+	TODO: check
+CVE-2014-6813 (The klassens (aka com.mcreda.klassens.apps) application 1.0 for ...)
+	TODO: check
+CVE-2014-6812 (The Aloha Guide (aka com.aloha.guide.english) application 1.5 for ...)
+	TODO: check
 CVE-2014-6811
 	RESERVED
-CVE-2014-6810
-	RESERVED
+CVE-2014-6810 (The RIMS 2014 Annual Conference (aka ...)
+	TODO: check
 CVE-2014-6809
-	RESERVED
-CVE-2014-6808
-	RESERVED
-CVE-2014-6807
-	RESERVED
-CVE-2014-6806
-	RESERVED
-CVE-2014-6805
-	RESERVED
-CVE-2014-6804
-	RESERVED
-CVE-2014-6803
-	RESERVED
-CVE-2014-6802
-	RESERVED
-CVE-2014-6801
-	RESERVED
-CVE-2014-6800
-	RESERVED
-CVE-2014-6799
-	RESERVED
-CVE-2014-6798
-	RESERVED
-CVE-2014-6797
-	RESERVED
-CVE-2014-6796
-	RESERVED
-CVE-2014-6795
-	RESERVED
-CVE-2014-6794
-	RESERVED
-CVE-2014-6793
-	RESERVED
-CVE-2014-6792
-	RESERVED
-CVE-2014-6791
-	RESERVED
-CVE-2014-6790
-	RESERVED
-CVE-2014-6789
-	RESERVED
-CVE-2014-6788
-	RESERVED
-CVE-2014-6787
-	RESERVED
-CVE-2014-6786
-	RESERVED
-CVE-2014-6785
-	RESERVED
-CVE-2014-6784
-	RESERVED
-CVE-2014-6783
-	RESERVED
-CVE-2014-6782
-	RESERVED
-CVE-2014-6781
-	RESERVED
-CVE-2014-6780
-	RESERVED
-CVE-2014-6779
-	RESERVED
-CVE-2014-6778
-	RESERVED
-CVE-2014-6777
-	RESERVED
-CVE-2014-6776
-	RESERVED
-CVE-2014-6775
-	RESERVED
-CVE-2014-6774
-	RESERVED
-CVE-2014-6773
-	RESERVED
-CVE-2014-6772
-	RESERVED
-CVE-2014-6771
-	RESERVED
-CVE-2014-6770
-	RESERVED
-CVE-2014-6769
-	RESERVED
-CVE-2014-6768
-	RESERVED
-CVE-2014-6767
-	RESERVED
-CVE-2014-6766
-	RESERVED
-CVE-2014-6765
-	RESERVED
-CVE-2014-6764
-	RESERVED
-CVE-2014-6763
-	RESERVED
-CVE-2014-6762
-	RESERVED
-CVE-2014-6761
-	RESERVED
-CVE-2014-6760
-	RESERVED
-CVE-2014-6759
-	RESERVED
-CVE-2014-6758
-	RESERVED
-CVE-2014-6757
-	RESERVED
-CVE-2014-6756
-	RESERVED
-CVE-2014-6755
-	RESERVED
-CVE-2014-6754
-	RESERVED
-CVE-2014-6753
-	RESERVED
-CVE-2014-6752
-	RESERVED
-CVE-2014-6751
-	RESERVED
-CVE-2014-6750
-	RESERVED
-CVE-2014-6749
-	RESERVED
-CVE-2014-6748
-	RESERVED
+	REJECTED
+CVE-2014-6808 (The Active 24 (aka com.zentity.app.active24) application 1.0.1 for ...)
+	TODO: check
+CVE-2014-6807 (The OLA School (aka ...)
+	TODO: check
+CVE-2014-6806 (The Thanodi - Setswana Translator (aka com.thanodi.thanodi) ...)
+	TODO: check
+CVE-2014-6805 (The weibo (aka magic.weibo) application 1.2 for Android does not ...)
+	TODO: check
+CVE-2014-6804 (The Deschutes Public MobileLibrary (aka com.bredir.boopsie.deschutes) ...)
+	TODO: check
+CVE-2014-6803 (The Bank of Moscow EIRTS Rent (aka ru.bm.rbs.android) application ...)
+	TODO: check
+CVE-2014-6802 (The First Assembly NLR (aka ...)
+	TODO: check
+CVE-2014-6801 (The frank matano (aka com.frank.matano) application 1.0 for Android ...)
+	TODO: check
+CVE-2014-6800 (The Bloom Township 206 (aka net.parentlink.bloom) application 4.0.500 ...)
+	TODO: check
+CVE-2014-6799 (The Investigation Tool (aka gov.ca.post.lp.itool) application 1.0.0 ...)
+	TODO: check
+CVE-2014-6798 (The McMaster Marauders (aka com.weever.marauders) application 1.0.1 ...)
+	TODO: check
+CVE-2014-6797 (The Abu Ali Anasheeds (aka com.faapps.abuali_anasheeds) application ...)
+	TODO: check
+CVE-2014-6796 (The LocalSense (aka com.LocalSense) application 1.2.1 for Android does ...)
+	TODO: check
+CVE-2014-6795 (The Beekeeping Forum (aka com.tapatalk.supporttapatalkcomxxxxx) ...)
+	TODO: check
+CVE-2014-6794 (The AAPLD (aka com.bredir.boopsie.aapld) application 4.5.110 for ...)
+	TODO: check
+CVE-2014-6793 (The Arch Friend (aka com.xyproto.archfriend) application 0.4.2 for ...)
+	TODO: check
+CVE-2014-6792 (The Suriname Radio (aka com.wordbox.surinameRadio) application 1.5 for ...)
+	TODO: check
+CVE-2014-6791 (The Angel Reigns (aka ...)
+	TODO: check
+CVE-2014-6790 (The INVEX (aka com.mobilatolye.keyinternet) application 1.0.2 for ...)
+	TODO: check
+CVE-2014-6789 (The Anaheim Library 2Go! (aka com.bredir.boopsie.anaheim) application ...)
+	TODO: check
+CVE-2014-6788 (The Oman News (aka com.oman.news.rmtzlnbuooordciw) application 1.0 for ...)
+	TODO: check
+CVE-2014-6787 (The Counter Intuition (aka com.counter.intuition) application 1.2 for ...)
+	TODO: check
+CVE-2014-6786 (The Math for Kids - Subtraction (aka it.tinytap.attsa.deepsub) ...)
+	TODO: check
+CVE-2014-6785 (The Renny McLean Ministries (aka com.subsplash.thechurchapp.s_GJQX72) ...)
+	TODO: check
+CVE-2014-6784 (The Fermononrespiri Mobile (aka com.tapatalk.rmonlineitforums) ...)
+	TODO: check
+CVE-2014-6783 (The Campus Link - Campus TV HKUSU (aka com.campus.tv.hkusu) ...)
+	TODO: check
+CVE-2014-6782 (The Abraham Tours (aka com.mytoursapp.android.app432) application ...)
+	TODO: check
+CVE-2014-6781 (The Aloha Stadium - Hawaii (aka com.stadium.aloha) application 1.2 for ...)
+	TODO: check
+CVE-2014-6780 (The MeiTalk (aka com.playjia.meitalk) application @7F060012 for ...)
+	TODO: check
+CVE-2014-6779 (The Cart App (aka com.virtecha.mobilewallet) application 1.5 for ...)
+	TODO: check
+CVE-2014-6778 (The Goat Forum (aka com.gcspublishing.goatspot) application 3.9.15 for ...)
+	TODO: check
+CVE-2014-6777 (The blueeleph (aka eg.film.blueeleph) application 1.0 for Android does ...)
+	TODO: check
+CVE-2014-6776 (The United Advantage NW Federal Cr (aka com.myappengine.uanwfcu) ...)
+	TODO: check
+CVE-2014-6775 (The Light for Pets (aka com.helenwoodward.light4pets) application 1.0 ...)
+	TODO: check
+CVE-2014-6774 (The USEK (aka com.university.usek) application 1.0.8 for Android does ...)
+	TODO: check
+CVE-2014-6773 (The CIH Quiz game (aka com.bowenehs.cihquizgameapp) application 1.3 ...)
+	TODO: check
+CVE-2014-6772 (The United Educational CU (aka com.metova.cuae.uecu) application ...)
+	TODO: check
+CVE-2014-6771 (The United Heritage Mobile (aka Fi_Mobile.UHCU) application 1.1 for ...)
+	TODO: check
+CVE-2014-6770 (The Aerospace Jobs (aka com.app_aerospacejobs.layout) application ...)
+	TODO: check
+CVE-2014-6769 (The Meteo Belgique (aka com.mobilesoft.belgiumweather) application 3.2 ...)
+	TODO: check
+CVE-2014-6768 (The Anywhere Anytime Yoga Workout (aka com.bayart.yoga) application ...)
+	TODO: check
+CVE-2014-6767 (The Juggle! FREE (aka com.jakyl.juggleforfree) application 3.0.0 for ...)
+	TODO: check
+CVE-2014-6766 (The Afro-Beat (aka com.zero.themelock.tambourine) application 0.2 for ...)
+	TODO: check
+CVE-2014-6765 (The No Fuss Home Loans (aka ...)
+	TODO: check
+CVE-2014-6764 (The Assyrian (aka com.b2.assyrian.activity) application 2.2 for ...)
+	TODO: check
+CVE-2014-6763 (The Codename Birdgame (aka ...)
+	TODO: check
+CVE-2014-6762 (The bongomovie (aka com.mbwasi.bongomovie) application 1.0 for Android ...)
+	TODO: check
+CVE-2014-6761 (The Aprende a Meditar (aka com.rareartifact.aprendeameditar544CB0A2) ...)
+	TODO: check
+CVE-2014-6760 (The Harem Thief Dating (aka com.haremthief.haremthief) application ...)
+	TODO: check
+CVE-2014-6759 (The Downton Abbey Fan Portal (aka com.downton.abbey.fan.portal) ...)
+	TODO: check
+CVE-2014-6758 (The Qin Story (aka com.kongzhong.tjmammoth.android.cqqslengp) ...)
+	TODO: check
+CVE-2014-6757 (The Koran - AlqoranVideos (aka com.alqoran.videos.example) application ...)
+	TODO: check
+CVE-2014-6756 (The Reddit Aww (aka org.biais.redditawww) application 1.2.1 for ...)
+	TODO: check
+CVE-2014-6755 (The SDN Forum (TapaTalk) (aka com.tapatalk.forumshiftdeletenet) ...)
+	TODO: check
+CVE-2014-6754 (The Vector Outage Manager (aka nz.co.vector.outagemanager) application ...)
+	TODO: check
+CVE-2014-6753 (The sunnat e rasool (aka com.imsoft.sunnat_e_rasool) application 2.0 ...)
+	TODO: check
+CVE-2014-6752 (The Mindless Behavior Fan Base (aka com.mindless.behavior.fan.base) ...)
+	TODO: check
+CVE-2014-6751 (The Grasshopper Beta (aka com.grasshopper.dialer) application 2.1 for ...)
+	TODO: check
+CVE-2014-6750 (The $0.99 Kindle Books (aka com.kindle.books.for99) application 6.0 ...)
+	TODO: check
+CVE-2014-6749 (The American Nurses Association (aka com.dub.poweredbydub.assoc.ana) ...)
+	TODO: check
+CVE-2014-6748 (The GEMAIRE's HVAC Assist (aka com.es.Gemaire) application 5.0 for ...)
+	TODO: check
 CVE-2014-6747 (The SeeOn (aka com.seeon) application 4.0.7 for Android does not ...)
 	NOT-FOR-US: SeeOn (aka com.seeon) application for Android
 CVE-2014-6746 (The Infiniti Roadside Assistance (aka com.ccas.rsa.common.infiniti) ...)
@@ -1232,10 +1362,10 @@ CVE-2014-6621
 	RESERVED
 CVE-2014-6620
 	RESERVED
-CVE-2014-6619
-	RESERVED
-CVE-2014-6618
-	RESERVED
+CVE-2014-6619 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2014-6618 (Cross-site scripting (XSS) vulnerability in Your Online Shop allows ...)
+	TODO: check
 CVE-2014-6617
 	RESERVED
 CVE-2014-6616
@@ -1688,8 +1818,7 @@ CVE-2014-6389
 	NOT-FOR-US: PhpCompta
 CVE-2014-6388
 	RESERVED
-CVE-2014-7145 [null ptr deref in SMB2_tcon]
-	RESERVED
+CVE-2014-7145 (The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before ...)
 	- linux <unfixed>
 	[wheezy] - linux <not-affected> (Introduced in 3.7)
 	- linux-2.6 <not-affected> (Introduced in 3.7)
@@ -1736,24 +1865,21 @@ CVE-2014-6421 (Use-after-free vulnerability in the SDP dissector in Wireshark 1.
 	- wireshark <unfixed>
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-12.html
 	TODO: check, 1.12 series possibly not affected (only 1.10.0 to 1.10.9)
-CVE-2014-6418 [libceph: missing validation of the auth reply]
-	RESERVED
+CVE-2014-6418 (net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, ...)
 	- linux 3.16.3-1
 	[wheezy] - linux <no-dsa> (Will be fixed in next point release)
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.34)
 	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c27a3e4d667fdcad3db7b104f75659478e0c68d8 (v3.17-rc5)
 	NOTE: http://tracker.ceph.com/issues/8979
-CVE-2014-6417 [libceph: issue of incorrect handling of kmalloc failures]
-	RESERVED
+CVE-2014-6417 (net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, ...)
 	[wheezy] - linux <no-dsa> (Will be fixed in next point release)
 	- linux 3.16.3-1
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.34)
 	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c27a3e4d667fdcad3db7b104f75659478e0c68d8 (v3.17-rc5)
 	NOTE: http://tracker.ceph.com/issues/8979
-CVE-2014-6416 [libceph: buffer overflow]
-	RESERVED
+CVE-2014-6416 (Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux ...)
 	- linux 3.16.3-1
 	[wheezy] - linux <no-dsa> (Will be fixed in next point release)
 	- linux-2.6 <removed>
@@ -1764,8 +1890,7 @@ CVE-2014-6414 [Admin-only network attributes may be reset to defaults by non-pri
 	RESERVED
 	- neutron <unfixed>
 	NOTE: vulnerable versions up to 2013.2.4 and 2014.1 versions up to 2014.1.2
-CVE-2014-6410 [udf: Avoid infinite loop when processing indirect ICBs]
-	RESERVED
+CVE-2014-6410 (The __udf_read_inode function in fs/udf/inode.c in the Linux kernel ...)
 	- linux <unfixed>
 	[wheezy] - linux <no-dsa> (Will be fixed in next point release)
 	- linux-2.6 <removed>
@@ -2001,8 +2126,7 @@ CVE-2014-6280
 	NOT-FOR-US: OsClass
 CVE-2014-6279
 	RESERVED
-CVE-2014-6278 [code execution via specially crafted environment variables]
-	RESERVED
+CVE-2014-6278 (GNU Bash through 4.3 bash43-026 does not properly parse function ...)
 	- bash 4.3-9.2 (high)
 	[wheezy] - bash 4.2+dfsg-0.1+deb7u3 (high)
 	[squeeze] - bash 4.1-3+deb6u2 (high)
@@ -2012,8 +2136,7 @@ CVE-2014-6278 [code execution via specially crafted environment variables]
 	NOTE: exploitation of this issue by making bash only use environment
 	NOTE: variables with specific names (BASH_FUNC_*()) to define functions
 	NOTE: from its environment.
-CVE-2014-6277 [untrusted pointer use issue leading to code execution]
-	RESERVED
+CVE-2014-6277 (GNU Bash through 4.3 bash43-026 does not properly parse function ...)
 	- bash 4.3-9.2
 	[wheezy] - bash 4.2+dfsg-0.1+deb7u3
 	[squeeze] - bash 4.1-3+deb6u2
@@ -2034,8 +2157,7 @@ CVE-2014-6274 [S3 and Glacier remotes creds embedded in the git repo were not en
 	- git-annex 5.20140919
 	[wheezy] - git-annex <not-affected> (Vulnerable code introduced in 3.20121126)
 	NOTE: https://git-annex.branchable.com/upgrades/insecure_embedded_creds/
-CVE-2014-6273 [buffer overflow in the HTTP transport code in apt-get]
-	RESERVED
+CVE-2014-6273 (Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and ...)
 	{DSA-3031-1 DLA-58-1}
 	- apt 1.0.3
 CVE-2014-6272
@@ -2522,8 +2644,7 @@ CVE-2014-6057
 	RESERVED
 CVE-2014-6056
 	RESERVED
-CVE-2014-6055 [Multiple stack overflows in File Transfer feature]
-	RESERVED
+CVE-2014-6055 (Multiple stack-based buffer overflows in the File Transfer feature in ...)
 	- libvncserver <unfixed> (bug #762745)
 	NOTE: https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e
 	NOTE: https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677
@@ -2541,8 +2662,7 @@ CVE-2014-6052 [Lack of malloc() return value checking on client side]
 	RESERVED
 	- libvncserver <unfixed> (bug #762745)
 	NOTE: https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273
-CVE-2014-6051 [Integer overflow in MallocFrameBuffer() on client side]
-	RESERVED
+CVE-2014-6051 (Integer overflow in the MallocFrameBuffer function in vncviewer.c in ...)
 	- libvncserver <unfixed> (bug #762745)
 	NOTE: https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273
 CVE-2014-6050
@@ -3712,8 +3832,7 @@ CVE-2014-5462
 	RESERVED
 CVE-2014-5460 (Unrestricted file upload vulnerability in the Tribulant Slideshow ...)
 	NOT-FOR-US: Tribulant Slideshow Gallery plugin for WordPress
-CVE-2014-6269 [remote client denial of service vulnerability]
-	RESERVED
+CVE-2014-6269 (Multiple integer overflows in the http_request_forward_body function ...)
 	- haproxy 1.5.4-1
 	[squeeze] - haproxy <not-affected> (Vulnerable code not present)
 	NOTE: http://article.gmane.org/gmane.comp.web.haproxy/17726
@@ -3778,8 +3897,7 @@ CVE-2014-5446
 	RESERVED
 CVE-2014-5445
 	RESERVED
-CVE-2014-5444 [failure to handle certificate errors]
-	RESERVED
+CVE-2014-5444 (Geary before 0.6.3 does not present the user with a warning when a TLS ...)
 	- geary 0.6.3-1
 	NOTE: Upstream bugreport: https://bugzilla.gnome.org/show_bug.cgi?id=713247
 	NOTE: Upstream fix: https://git.gnome.org/browse/geary/commit/?h=geary-0.6&id=55f06a7bdcedb7efde6a516bde626ea28793ca7e
@@ -4280,8 +4398,7 @@ CVE-2014-5270 [side-channel attack on Elgamal encryption subkeys]
 	- libgcrypt11 1.5.4-1
 	- libgcrypt20 1.6.0-2
 	NOTE: http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.html
-CVE-2014-5267 [ code change to reject any XRDS document with a /<!DOCTYPE/i match]
-	RESERVED
+CVE-2014-5267 (modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 ...)
 	{DSA-2999-1}
 	- drupal7 7.31-1
 CVE-2014-5266 (The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 ...)
@@ -5537,11 +5654,9 @@ CVE-2014-4730
 	RESERVED
 CVE-2014-4729
 	RESERVED
-CVE-2014-4728
-	RESERVED
+CVE-2014-4728 (The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router ...)
 	NOT-FOR-US: TP-Link
-CVE-2014-4727
-	RESERVED
+CVE-2014-4727 (Cross-site scripting (XSS) vulnerability in the DHCP clients page in ...)
 	NOT-FOR-US: TP-Link
 CVE-2014-4726 (Unspecified vulnerability in the MailPoet Newsletters ...)
 	NOT-FOR-US: wysija-newsletters
@@ -6509,8 +6624,7 @@ CVE-2014-4332
 	RESERVED
 CVE-2014-4331 (Cross-site scripting (XSS) vulnerability in admin/viewer.php in ...)
 	NOT-FOR-US: OctavoCMS
-CVE-2014-4330 [stack exhaustion]
-	RESERVED
+CVE-2014-4330 (The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 ...)
 	- perl 5.20.1-1 (bug #762256)
 	[wheezy] - perl <no-dsa> (Minor issue)
 	[squeeze] - perl <no-dsa> (Minor issue)
@@ -7738,16 +7852,16 @@ CVE-2014-3826
 	RESERVED
 CVE-2014-3825
 	RESERVED
-CVE-2014-3824
-	RESERVED
-CVE-2014-3823
-	RESERVED
+CVE-2014-3824 (Cross-site scripting (XSS) vulnerability in the web server in the ...)
+	TODO: check
+CVE-2014-3823 (The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with ...)
+	TODO: check
 CVE-2014-3822 (Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44 before ...)
 	NOT-FOR-US: Juniper Junos
 CVE-2014-3821 (Cross-site scripting (XSS) vulnerability in SRX Web Authentication ...)
 	NOT-FOR-US: Juniper Junos
-CVE-2014-3820
-	RESERVED
+CVE-2014-3820 (Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server ...)
+	TODO: check
 CVE-2014-3819 (Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R10, 12.1X44 before ...)
 	NOT-FOR-US: Juniper Junos
 CVE-2014-3818
@@ -7764,8 +7878,8 @@ CVE-2014-3813 (Unspecified vulnerability in the Juniper Networks NetScreen Firew
 	NOT-FOR-US: Juniper Networks NetScreen Firewall
 CVE-2014-3812 (The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with ...)
 	NOT-FOR-US: Juniper Junos Pulse Secure Access Service
-CVE-2014-3811
-	RESERVED
+CVE-2014-3811 (Juniper Installer Service (JIS) Client 7.x before 7.4R6 for Windows ...)
+	TODO: check
 CVE-2014-3810 (SQL injection vulnerability in administration/profiles.php in BoonEx ...)
 	NOT-FOR-US: Dolphin (php thingy)
 CVE-2014-3809
@@ -8124,8 +8238,7 @@ CVE-2014-3632
 	RESERVED
 	- neutron <unfixed>
 	NOTE: Regression of fix for CVE-2013-6433, possibly Red Hat specific in RedHat Enterprise Open Stack Platform 5.0
-CVE-2014-3631 [keys: incorrect termination condition in assoc array garbage collection]
-	RESERVED
+CVE-2014-3631 (The assoc_array_gc function in the associative-array implementation in ...)
 	- linux 3.16.3-1
 	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
 	- linux-2.6 <not-affected> (Vulnerable code introduced later)
@@ -8347,8 +8460,7 @@ CVE-2014-3560 (NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21
 	[wheezy] - samba <not-affected> (Only affects 4.x)
 CVE-2014-3559 (The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 ...)
 	NOT-FOR-US: ovirt-engine-backend
-CVE-2014-3558
-	RESERVED
+CVE-2014-3558 (ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in ...)
 	- libhibernate-validator-java <unfixed> (low; bug #762690)
 	NOTE: RedHat upgraded to new upstream versions in their security
 	NOTE: updates. No patches are available for the 4.0.x branch we
@@ -8433,8 +8545,7 @@ CVE-2014-3537 (The web interface in CUPS before 1.7.4 allows local users in the
 	NOTE: https://www.cups.org/str.php?L4450
 CVE-2014-3536
 	RESERVED
-CVE-2014-3535 [netdevice.h: NULL pointer dereference over VxLAN]
-	RESERVED
+CVE-2014-3535 (include/linux/netdevice.h in the Linux kernel before 2.6.36 ...)
 	- linux <not-affected> (RHEL-specific, incomplete backport)
 	- linux-2.6 <not-affected> (RHEL-specific, incomplete backport)
 	NOTE: Fix: https://git.kernel.org/linus/256df2f3879efdb2e9808bdb1b54b16fbb11fa38
@@ -8927,8 +9038,8 @@ CVE-2014-3397
 	RESERVED
 CVE-2014-3396
 	RESERVED
-CVE-2014-3395
-	RESERVED
+CVE-2014-3395 (Cisco WebEx Meetings Server (WMS) 2.5 allows remote attackers to ...)
+	TODO: check
 CVE-2014-3394
 	RESERVED
 CVE-2014-3393
@@ -9431,43 +9542,37 @@ CVE-2014-3188
 	RESERVED
 CVE-2014-3187
 	RESERVED
-CVE-2014-3186 [PicoLCD HID device driver pool overflow]
-	RESERVED
+CVE-2014-3186 (Buffer overflow in the picolcd_raw_event function in ...)
 	- linux <unfixed>
 	[wheezy] - linux <no-dsa> (Will be fixed in next point release)
 	- linux-2.6 <not-affected> (Vulnerable code not present)
 	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=101
 	NOTE: Upstream fix: https://git.kernel.org/linus/844817e47eef14141cf59b8d5ac08dd11c0a9189 (v3.17-rc3)
-CVE-2014-3185 [Linux Kernel Buffer Overflow in Whiteheat USB Serial Driver]
-	RESERVED
+CVE-2014-3185 (Multiple buffer overflows in the command_port_read_callback function ...)
 	- linux <unfixed>
 	[wheezy] - linux <no-dsa> (Will be fixed in next point release)
 	- linux-2.6 <removed>
 	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=98
 	NOTE: Upstream fix: https://git.kernel.org/linus/6817ae225cd650fb1c3295d769298c38b1eba818 (v3.17-rc3)
-CVE-2014-3184 [Linux kernel HID report fixup multiple off-by-one issues]
-	RESERVED
+CVE-2014-3184 (The report_fixup functions in the HID subsystem in the Linux kernel ...)
 	- linux <unfixed>
 	[wheezy] - linux <no-dsa> (Will be fixed in next point release)
 	- linux-2.6 <removed>
 	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=91
 	NOTE: Upstream fix: https://git.kernel.org/linus/4ab25786c87eb20857bbb715c3ae34ec8fd6a214 (v3.17-rc2)
-CVE-2014-3183 [Linux kernel hid-logitech-dj.c logi_dj_ll_raw_request heap overflow]
-	RESERVED
+CVE-2014-3183 (Heap-based buffer overflow in the logi_dj_ll_raw_request function in ...)
 	- linux <unfixed>
 	[wheezy] - linux <no-dsa> (Will be fixed in next point release)
 	- linux-2.6 <removed>
 	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=90
 	NOTE: Upstream fix: https://git.kernel.org/linus/51217e69697fba92a06e07e16f55c9a52d8e8945 (v3.17-rc2)
-CVE-2014-3182 [Linux kernel hid-logitech-dj.c device_index arbitrary kfree]
-	RESERVED
+CVE-2014-3182 (Array index error in the logi_dj_raw_event function in ...)
 	- linux <unfixed>
 	[wheezy] - linux <no-dsa> (Will be fixed in next point release)
 	- linux-2.6 <removed>
 	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=89
 	NOTE: Upstream fix: https://git.kernel.org/linus/ad3e14d7c5268c2e24477c6ef54bbdf88add5d36 (v3.17-rc2)
-CVE-2014-3181 [Magic Mouse HID device driver overflow]
-	RESERVED
+CVE-2014-3181 (Multiple stack-based buffer overflows in the magicmouse_raw_event ...)
 	- linux <unfixed>
 	[wheezy] - linux <no-dsa> (Will be fixed in next point release)
 	- linux-2.6 <not-affected> (Vulnerable code not present)
@@ -10854,8 +10959,7 @@ CVE-2014-2641
 CVE-2014-2640
 	RESERVED
 	NOT-FOR-US: HP System Management Homepage
-CVE-2014-2639
-	RESERVED
+CVE-2014-2639 (Unspecified vulnerability in HP MPIO Device Specific Module Manager ...)
 	NOT-FOR-US: HP MPIO Device
 CVE-2014-2638
 	RESERVED
@@ -16617,8 +16721,7 @@ CVE-2014-0206 (Array index error in the aio_read_events_ring function in fs/aio.
 	- linux-2.6 <not-affected> (introduced by a31ad380bed817aa25f8830ad23e1a0480fef797)
 	NOTE: Introduced by: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a31ad380bed817aa25f8830ad23e1a0480fef797 (v3.10)
 	NOTE: Upstream patches: https://lkml.org/lkml/2014/6/24/619 https://lkml.org/lkml/2014/6/24/623
-CVE-2014-0205 [futex: refcount issue in case of requeue]
-	RESERVED
+CVE-2014-0205 (The futex_wait function in kernel/futex.c in the Linux kernel before ...)
 	- linux 2.6.37
 	- linux-2.6 2.6.37-1
 	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7ada876a8703f23befbb20a7465a702ee39b1704 (v2.6.37)
@@ -16736,8 +16839,7 @@ CVE-2014-0172 (Integer overflow in the check_section function in dwarf_begin_elf
 	[wheezy] - elfutils <no-dsa> (Minor issue)
 CVE-2014-0171
 	RESERVED
-CVE-2014-0170
-	RESERVED
+CVE-2014-0170 (Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data ...)
 	NOT-FOR-US: Teiid
 CVE-2014-0169
 	RESERVED
author	Joey Hess <joeyh@debian.org>	2014-10-01 21:14:11 +0000
committer	Joey Hess <joeyh@debian.org>	2014-10-01 21:14:11 +0000
commit	bbbc25fb68680d75d0f1c5b72e50a335a52a64c1 (patch)
tree	013ee50613964653bc8d86d8513a1ae12233bf9c
parent	5ec427fddde495087a9cf2f3059cb07e2021b917 (diff)