automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@31484 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: security tracker role <sectracker@debian.org> 2015-01-18 09:10:18 +0000
committer: security tracker role <sectracker@debian.org> 2015-01-18 09:10:18 +0000
commit: fb2e076196e8454513058f2ca5664637a03b62b3 (patch)
tree: ab0a841838fa7b7882b6f86b4aa44c438e7f8888
parent: 8b399c8d199d925b7c84b9cddda749a929ede0c0 (diff)
1 files changed, 417 insertions, 203 deletions
diff --git a/data/CVE/list b/data/CVE/list
index a30d665e26..cd3bbc1e1c 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,279 @@
+CVE-2015-1160
+	RESERVED
+CVE-2015-1159
+	RESERVED
+CVE-2015-1158
+	RESERVED
+CVE-2015-1157
+	RESERVED
+CVE-2015-1156
+	RESERVED
+CVE-2015-1155
+	RESERVED
+CVE-2015-1154
+	RESERVED
+CVE-2015-1153
+	RESERVED
+CVE-2015-1152
+	RESERVED
+CVE-2015-1151
+	RESERVED
+CVE-2015-1150
+	RESERVED
+CVE-2015-1149
+	RESERVED
+CVE-2015-1148
+	RESERVED
+CVE-2015-1147
+	RESERVED
+CVE-2015-1146
+	RESERVED
+CVE-2015-1145
+	RESERVED
+CVE-2015-1144
+	RESERVED
+CVE-2015-1143
+	RESERVED
+CVE-2015-1142
+	RESERVED
+CVE-2015-1141
+	RESERVED
+CVE-2015-1140
+	RESERVED
+CVE-2015-1139
+	RESERVED
+CVE-2015-1138
+	RESERVED
+CVE-2015-1137
+	RESERVED
+CVE-2015-1136
+	RESERVED
+CVE-2015-1135
+	RESERVED
+CVE-2015-1134
+	RESERVED
+CVE-2015-1133
+	RESERVED
+CVE-2015-1132
+	RESERVED
+CVE-2015-1131
+	RESERVED
+CVE-2015-1130
+	RESERVED
+CVE-2015-1129
+	RESERVED
+CVE-2015-1128
+	RESERVED
+CVE-2015-1127
+	RESERVED
+CVE-2015-1126
+	RESERVED
+CVE-2015-1125
+	RESERVED
+CVE-2015-1124
+	RESERVED
+CVE-2015-1123
+	RESERVED
+CVE-2015-1122
+	RESERVED
+CVE-2015-1121
+	RESERVED
+CVE-2015-1120
+	RESERVED
+CVE-2015-1119
+	RESERVED
+CVE-2015-1118
+	RESERVED
+CVE-2015-1117
+	RESERVED
+CVE-2015-1116
+	RESERVED
+CVE-2015-1115
+	RESERVED
+CVE-2015-1114
+	RESERVED
+CVE-2015-1113
+	RESERVED
+CVE-2015-1112
+	RESERVED
+CVE-2015-1111
+	RESERVED
+CVE-2015-1110
+	RESERVED
+CVE-2015-1109
+	RESERVED
+CVE-2015-1108
+	RESERVED
+CVE-2015-1107
+	RESERVED
+CVE-2015-1106
+	RESERVED
+CVE-2015-1105
+	RESERVED
+CVE-2015-1104
+	RESERVED
+CVE-2015-1103
+	RESERVED
+CVE-2015-1102
+	RESERVED
+CVE-2015-1101
+	RESERVED
+CVE-2015-1100
+	RESERVED
+CVE-2015-1099
+	RESERVED
+CVE-2015-1098
+	RESERVED
+CVE-2015-1097
+	RESERVED
+CVE-2015-1096
+	RESERVED
+CVE-2015-1095
+	RESERVED
+CVE-2015-1094
+	RESERVED
+CVE-2015-1093
+	RESERVED
+CVE-2015-1092
+	RESERVED
+CVE-2015-1091
+	RESERVED
+CVE-2015-1090
+	RESERVED
+CVE-2015-1089
+	RESERVED
+CVE-2015-1088
+	RESERVED
+CVE-2015-1087
+	RESERVED
+CVE-2015-1086
+	RESERVED
+CVE-2015-1085
+	RESERVED
+CVE-2015-1084
+	RESERVED
+CVE-2015-1083
+	RESERVED
+CVE-2015-1082
+	RESERVED
+CVE-2015-1081
+	RESERVED
+CVE-2015-1080
+	RESERVED
+CVE-2015-1079
+	RESERVED
+CVE-2015-1078
+	RESERVED
+CVE-2015-1077
+	RESERVED
+CVE-2015-1076
+	RESERVED
+CVE-2015-1075
+	RESERVED
+CVE-2015-1074
+	RESERVED
+CVE-2015-1073
+	RESERVED
+CVE-2015-1072
+	RESERVED
+CVE-2015-1071
+	RESERVED
+CVE-2015-1070
+	RESERVED
+CVE-2015-1069
+	RESERVED
+CVE-2015-1068
+	RESERVED
+CVE-2015-1067
+	RESERVED
+CVE-2015-1066
+	RESERVED
+CVE-2015-1065
+	RESERVED
+CVE-2015-1064
+	RESERVED
+CVE-2015-1063
+	RESERVED
+CVE-2015-1062
+	RESERVED
+CVE-2015-1061
+	RESERVED
+CVE-2015-1060 (Open redirect vulnerability in lib/Cake/Controller/Controller.php in ...)
+	TODO: check
+CVE-2015-1059 (Unrestricted file upload vulnerability in admin/files/add in AdaptCMS ...)
+	TODO: check
+CVE-2015-1058 (Multiple cross-site scripting (XSS) vulnerabilities in AdaptCMS 3.0.3 ...)
+	TODO: check
+CVE-2015-1057 (Cross-site scripting (XSS) vulnerability in usersettings.php in e107 ...)
+	TODO: check
+CVE-2015-1056 (Cross-site scripting (XSS) vulnerability in Brother MFC-J4410DW ...)
+	TODO: check
+CVE-2015-1055 (SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for ...)
+	TODO: check
+CVE-2015-1054 (Cross-site scripting (XSS) vulnerability in the Games feature in ...)
+	TODO: check
+CVE-2015-1053 (Cross-site scripting (XSS) vulnerability in the administrative backend ...)
+	TODO: check
+CVE-2015-1052 (Cross-site scripting (XSS) vulnerability in the poll archive in PHPKIT ...)
+	TODO: check
+CVE-2015-1050 (Cross-site scripting (XSS) vulnerability in F5 BIG-IP Application ...)
+	TODO: check
+CVE-2015-1049
+	RESERVED
+CVE-2014-9619
+	RESERVED
+CVE-2014-9618
+	RESERVED
+CVE-2014-9617
+	RESERVED
+CVE-2014-9616
+	RESERVED
+CVE-2014-9615
+	RESERVED
+CVE-2014-9614
+	RESERVED
+CVE-2014-9613
+	RESERVED
+CVE-2014-9612
+	RESERVED
+CVE-2014-9611
+	RESERVED
+CVE-2014-9610
+	RESERVED
+CVE-2014-9609
+	RESERVED
+CVE-2014-9608
+	RESERVED
+CVE-2014-9607
+	RESERVED
+CVE-2014-9606
+	RESERVED
+CVE-2014-9605
+	RESERVED
+CVE-2014-9604 (libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a ...)
+	TODO: check
+CVE-2014-9603 (The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before ...)
+	TODO: check
+CVE-2014-9602 (libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits ...)
+	TODO: check
+CVE-2014-9601 (Pillow before 2.7.0 allows remote attackers to cause a denial of ...)
+	TODO: check
+CVE-2014-9600 (Untrusted search path vulnerability in Macroplant iExplorer 3.6.3.0 ...)
+	TODO: check
+CVE-2014-9599 (Cross-site scripting (XSS) vulnerability in the filemanager in ...)
+	TODO: check
+CVE-2014-9598
+	RESERVED
+CVE-2014-9597
+	RESERVED
+CVE-2014-9596 (Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 ...)
+	TODO: check
+CVE-2014-9595 (Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 ...)
+	TODO: check
+CVE-2014-9594 (Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 ...)
+	TODO: check
+CVE-2014-9593 (Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote ...)
+	TODO: check
 CVE-2015-XXXX [vulnerability in the web interface]
 	- sympa 6.1.23~dfsg-2
 	NOTE: https://www.sympa.org/security_advisories#security_breaches_in_newsletter_posting
@@ -8,7 +284,7 @@ CVE-2015-XXXX [CAPTCHA bypass]
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/01/17/5
 	NOTE: Upstream commit: https://github.com/mantisbt/mantisbt/commit/39a92726
 	NOTE: https://www.mantisbt.org/bugs/view.php?id=17984
-CVE-2015-1051
+CVE-2015-1051 (Open redirect vulnerability in the Context UI module in the Context ...)
 	NOT-FOR-US: Drupal extension drupal7-context
 CVE-2015-XXXX [directory traversal in bsdcpio]
 	- libarchive <unfixed>
@@ -60,12 +336,11 @@ CVE-2015-1044
 	RESERVED
 CVE-2015-1043
 	RESERVED
-CVE-2015-1041
-	RESERVED
-CVE-2015-1040
-	RESERVED
-CVE-2015-1039
-	RESERVED
+CVE-2015-1041 (Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php ...)
+	TODO: check
+CVE-2015-1040 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+	TODO: check
+CVE-2015-1039 (Cross-site scripting (XSS) vulnerability in user/login.phtml in ...)
 	NOT-FOR-US: zfcUser
 CVE-2015-1037
 	RESERVED
@@ -79,8 +354,7 @@ CVE-2015-1033
 	RESERVED
 CVE-2015-1032
 	RESERVED
-CVE-2015-1029 [local information leakage and local privilege escalation vulnerability]
-	RESERVED
+CVE-2015-1029 (The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x ...)
 	- puppet-module-puppetlabs-stdlib <unfixed> (bug #775535)
 	NOTE: http://puppetlabs.com/security/cve/cve-2015-1029
 CVE-2015-1028
@@ -289,8 +563,8 @@ CVE-2015-0926
 	RESERVED
 CVE-2015-0925
 	RESERVED
-CVE-2015-0924
-	RESERVED
+CVE-2015-0924 (Ceragon FiberAir IP-10 bridges have a default password for the root ...)
+	TODO: check
 CVE-2015-0923
 	RESERVED
 CVE-2014-999999
@@ -1217,14 +1491,14 @@ CVE-2015-0593
 	RESERVED
 CVE-2015-0592
 	RESERVED
-CVE-2015-0591
-	RESERVED
-CVE-2015-0590
-	RESERVED
+CVE-2015-0591 (Cisco Unified Communications Domain Manager (UCDM) 10 allows remote ...)
+	TODO: check
+CVE-2015-0590 (Cisco WebEx Meeting Center allows remote attackers to activate ...)
+	TODO: check
 CVE-2015-0589
 	RESERVED
-CVE-2015-0588
-	RESERVED
+CVE-2015-0588 (Cross-site request forgery (CSRF) vulnerability in Cisco Unified ...)
+	TODO: check
 CVE-2015-0587
 	RESERVED
 CVE-2015-0586
@@ -1233,8 +1507,7 @@ CVE-2015-0585
 	RESERVED
 CVE-2015-0584
 	RESERVED
-CVE-2015-0583
-	RESERVED
+CVE-2015-0583 (Cisco WebEx Meeting Center does not properly restrict the content of ...)
 	NOT-FOR-US: Cisco WebEx Meeting Center
 CVE-2015-0582 (The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 ...)
 	NOT-FOR-US: Cisco NX-OS
@@ -1242,14 +1515,11 @@ CVE-2015-0581
 	RESERVED
 CVE-2015-0580
 	RESERVED
-CVE-2015-0579
-	RESERVED
+CVE-2015-0579 (Cisco TelePresence Video Communication Server (VCS) and Cisco ...)
 	NOT-FOR-US: Cisco TelePrecence Video Communication Server
-CVE-2015-0578
-	RESERVED
+CVE-2015-0578 (Cisco Adaptive Security Appliance (ASA) Software, when a DHCPv6 relay ...)
 	NOT-FOR-US: Cisco Adaptive Security Appliance
-CVE-2015-0577
-	RESERVED
+CVE-2015-0577 (Multiple cross-site scripting (XSS) vulnerabilities in the IronPort ...)
 	NOT-FOR-US: Cisco AsyncOS
 CVE-2015-0576
 	RESERVED
@@ -1321,8 +1591,8 @@ CVE-2014-9571
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: Upstream patch: http://github.com/mantisbt/mantisbt/commit/6d47c047 (1.2.x)
 	NOTE: https://www.mantisbt.org/bugs/view.php?id=17938
-CVE-2014-9570
-	RESERVED
+CVE-2014-9570 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+	TODO: check
 CVE-2014-9569 (Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver ...)
 	NOT-FOR-US: SAP NetWeaver Business Client
 CVE-2014-9568
@@ -1339,10 +1609,10 @@ CVE-2014-9563
 	RESERVED
 CVE-2014-9562
 	RESERVED
-CVE-2014-9561
-	RESERVED
-CVE-2014-9560
-	RESERVED
+CVE-2014-9561 (Cross-site scripting (XSS) vulnerability in redir_last_post_list.php ...)
+	TODO: check
+CVE-2014-9560 (SQL injection vulnerability in redir_last_post_list.php in SoftBB ...)
+	TODO: check
 CVE-2014-9559
 	RESERVED
 CVE-2014-9558
@@ -1473,8 +1743,7 @@ CVE-2015-XXXX [saves unknown host's fingerprint in known_hosts without any promp
 	- lftp <unfixed> (low; bug #774769)
 	[squeeze] - lftp <no-dsa> (Minor issue)
 	[wheezy] - lftp <no-dsa> (Minor issue)
-CVE-2014-9587 [possible CSRF attacks to some address book operations as well as to the ACL and Managesieve plugins]
-	RESERVED
+CVE-2014-9587 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
 	- roundcube <unfixed> (bug #775576)
 	[squeeze] - roundcube <no-dsa> (Minor issue)
 	[wheezy] - roundcube <no-dsa> (Minor issue)
@@ -1784,17 +2053,13 @@ CVE-2014-9487
 CVE-2014-9481
 	RESERVED
 	NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions
-CVE-2014-9480
-	RESERVED
+CVE-2014-9480 (Cross-site scripting (XSS) vulnerability in the Hovercards extension ...)
 	NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions
-CVE-2014-9479
-	RESERVED
+CVE-2014-9479 (Cross-site scripting (XSS) vulnerability in the preview in the ...)
 	NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions
-CVE-2014-9478
-	RESERVED
+CVE-2014-9478 (Cross-site scripting (XSS) vulnerability in the preview in the ...)
 	NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions
-CVE-2014-9477
-	RESERVED
+CVE-2014-9477 (Multiple cross-site scripting (XSS) vulnerabilities in the Listings ...)
 	NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions
 CVE-2014-9450 (Multiple SQL injection vulnerabilities in chart_bar.php in the ...)
 	- zabbix 1:2.2.7+dfsg-2 (bug #774750)
@@ -1812,8 +2077,7 @@ CVE-2014-9447 (Directory traversal vulnerability in the read_long_names function
 	[wheezy] - elfutils <no-dsa> (Minor issue)
 	[squeeze] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e
-CVE-2015-0552 [directory traversal]
-	RESERVED
+CVE-2015-0552 (Directory traversal vulnerability in the gcab_folder_extract function ...)
 	- gcab 0.4-2 (bug #774580)
 CVE-2015-XXXX [use after free in seg_write_packet()]
 	- ffmpeg <not-affected> (Vulnerable code not present in a ffmpeg version in the archive)
@@ -1937,8 +2201,7 @@ CVE-2014-9428 (The batadv_frag_merge_packets function in ...)
 	NOTE: http://thread.gmane.org/gmane.linux.network/343494
 	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=610bfc6bc99bc83680d190ebc69359a05fc7f605 (v3.13-rc1)
 	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5b6698b0e4a37053de35cc24ee695b98a7eb712b
-CVE-2014-9496 [libsndfile: two buffer read overflows]
-	RESERVED
+CVE-2014-9496 (The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows ...)
 	- libsndfile <unfixed> (low; bug #774162)
 	[squeeze] - libsndfile <no-dsa> (Minor issue)
 	[wheezy] - libsndfile <no-dsa> (Minor issue)
@@ -2431,14 +2694,12 @@ CVE-2014-XXXX
 	- json-glib <unfixed> (low; bug #772585)
 	[squeeze] - json-glib <not-affected> (Tool not yet present)
 	[wheezy] - json-glib <not-affected> (Tool not yet present)
-CVE-2014-9475 [XSS]
-	RESERVED
+CVE-2014-9475 (Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki ...)
 	{DSA-3110-1}
 	- mediawiki 1:1.19.20+dfsg-2.2 (bug #773654)
 	[squeeze] - mediawiki <end-of-life>
 	NOTE: https://phabricator.wikimedia.org/T76686 (still not public)
-CVE-2014-9476 [Malicious site can bypass CORS restrictions in $wgCrossSiteAJAXdomains]
-	RESERVED
+CVE-2014-9476 (MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before ...)
 	- mediawiki <not-affected> (CORS support was added in 1.20)
 	NOTE: https://phabricator.wikimedia.org/T77028
 CVE-2014-9419 (The __switch_to function in arch/x86/kernel/process_64.c in the Linux ...)
@@ -2489,6 +2750,7 @@ CVE-2014-9403 (The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZN
 	NOTE: https://github.com/znc/znc/issues/528
 	NOTE: https://github.com/znc/znc/commit/8756be513ab6663dcd64087006b257ff34e8e487
 CVE-2014-9620 [Limit the number of ELF notes processed - DoS]
+	{DSA-3121-1}
 	- file 1:5.21+15-1
 	[squeeze] - file <not-affected> (Introduced in 5.08)
 	- php5 <not-affected> (readelf.c not used and even removed in 5.4.36-0+deb7u3)
@@ -2668,8 +2930,8 @@ CVE-2014-9310
 	RESERVED
 CVE-2014-9309
 	RESERVED
-CVE-2014-9308
-	RESERVED
+CVE-2014-9308 (Unrestricted file upload vulnerability in ...)
+	TODO: check
 CVE-2014-9307
 	RESERVED
 CVE-2014-9306
@@ -2894,18 +3156,18 @@ CVE-2014-9201
 	RESERVED
 CVE-2014-9200
 	RESERVED
-CVE-2014-9199
-	RESERVED
+CVE-2014-9199 (The Clorius Controls Java web client before 01.00.0009g allows remote ...)
+	TODO: check
 CVE-2014-9198
 	RESERVED
 CVE-2014-9197
 	RESERVED
 CVE-2014-9196
 	RESERVED
-CVE-2014-9195
-	RESERVED
-CVE-2014-9194
-	RESERVED
+CVE-2014-9195 (Phoenix Contact ProConOs and MultiProg do not require authentication, ...)
+	TODO: check
+CVE-2014-9194 (Arbiter 1094B GPS Substation Clock allows remote attackers to cause a ...)
+	TODO: check
 CVE-2014-9193 (Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 ...)
 	NOT-FOR-US: Innominate mGuard
 CVE-2014-9192 (Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 ...)
@@ -3056,32 +3318,23 @@ CVE-2015-0311
 	RESERVED
 CVE-2015-0310
 	RESERVED
-CVE-2015-0309
-	RESERVED
+CVE-2015-0309 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and ...)
 	NOT-FOR-US: Adobe Flash
-CVE-2015-0308
-	RESERVED
+CVE-2015-0308 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.260 ...)
 	NOT-FOR-US: Adobe Flash
-CVE-2015-0307
-	RESERVED
+CVE-2015-0307 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before ...)
 	NOT-FOR-US: Adobe Flash
-CVE-2015-0306
-	RESERVED
+CVE-2015-0306 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before ...)
 	NOT-FOR-US: Adobe Flash
-CVE-2015-0305
-	RESERVED
+CVE-2015-0305 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before ...)
 	NOT-FOR-US: Adobe Flash
-CVE-2015-0304
-	RESERVED
+CVE-2015-0304 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and ...)
 	NOT-FOR-US: Adobe Flash
-CVE-2015-0303
-	RESERVED
+CVE-2015-0303 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before ...)
 	NOT-FOR-US: Adobe Flash
-CVE-2015-0302
-	RESERVED
+CVE-2015-0302 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before ...)
 	NOT-FOR-US: Adobe Flash
-CVE-2015-0301
-	RESERVED
+CVE-2015-0301 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before ...)
 	NOT-FOR-US: Adobe Flash
 CVE-2014-9275 (UnRTF allows remote attackers to cause a denial of service ...)
 	{DLA-133-1}
@@ -3549,8 +3802,7 @@ CVE-2014-9157 (Format string vulnerability in the yyerror function in ...)
 	{DSA-3098-1 DLA-105-1}
 	- graphviz 2.38.0-7 (bug #772648)
 	NOTE: https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081
-CVE-2014-9471 [parse_datetime() bug]
-	RESERVED
+CVE-2014-9471 (The parse_datetime function in GNU coreutils allows remote attackers ...)
 	- coreutils 8.23-1 (low)
 	[wheezy] - coreutils <no-dsa> (Minor issue)
 	NOTE: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872
@@ -3871,21 +4123,17 @@ CVE-2015-0224
 	RESERVED
 CVE-2015-0223
 	RESERVED
-CVE-2015-0222 [Database denial-of-service with ModelMultipleChoiceField]
-	RESERVED
+CVE-2015-0222 (ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x ...)
 	- python-django <unfixed> (bug #775375)
 	[wheezy] - python-django <not-affected> (1.4.x not affected)
 	NOTE: https://www.djangoproject.com/weblog/2015/jan/13/security/
-CVE-2015-0221 [Denial-of-service attack against django.views.static.serve]
-	RESERVED
+CVE-2015-0221 (The django.views.static.serve view in Django before 1.4.18, 1.6.x ...)
 	- python-django <unfixed> (bug #775375)
 	NOTE: https://www.djangoproject.com/weblog/2015/jan/13/security/
-CVE-2015-0220 [Mitigated possible XSS attack via user-supplied redirect URLs]
-	RESERVED
+CVE-2015-0220 (The django.util.http.is_safe_url function in Django before 1.4.18, ...)
 	- python-django <unfixed> (bug #775375)
 	NOTE: https://www.djangoproject.com/weblog/2015/jan/13/security/
-CVE-2015-0219 [WSGI header spoofing via underscore/dash conflation]
-	RESERVED
+CVE-2015-0219 (Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 ...)
 	- python-django <unfixed> (bug #775375)
 	NOTE: https://www.djangoproject.com/weblog/2015/jan/13/security/
 CVE-2015-0218
@@ -4302,21 +4550,17 @@ CVE-2015-0018
 	RESERVED
 CVE-2015-0017
 	RESERVED
-CVE-2015-0016
-	RESERVED
+CVE-2015-0016 (Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2015-0015
-	RESERVED
+CVE-2015-0015 (Microsoft Windows Server 2003 SP2, Server 2008 SP2 and R2 SP1, and ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2015-0014
-	RESERVED
+CVE-2015-0014 (Buffer overflow in the Telnet service in Microsoft Windows Server 2003 ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2015-0013
 	RESERVED
 CVE-2015-0012
 	RESERVED
-CVE-2015-0011
-	RESERVED
+CVE-2015-0011 (mrxdav.sys (aka the WebDAV driver) in the kernel-mode drivers in ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2015-0010
 	RESERVED
@@ -4326,21 +4570,17 @@ CVE-2015-0008
 	RESERVED
 CVE-2015-0007
 	RESERVED
-CVE-2015-0006
-	RESERVED
+CVE-2015-0006 (The Network Location Awareness (NLA) service in Microsoft Windows ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2015-0005
 	RESERVED
-CVE-2015-0004
-	RESERVED
+CVE-2015-0004 (The User Profile Service (aka ProfSvc) in Microsoft Windows Server ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2015-0003
 	RESERVED
-CVE-2015-0002
-	RESERVED
+CVE-2015-0002 (The AhcVerifyAdminContext function in ahcache.sys in the Application ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2015-0001
-	RESERVED
+CVE-2015-0001 (The Windows Error Reporting (WER) component in Microsoft Windows 8, ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2014-8994 (The check_diskio plugin 3.2.6 and earlier for Nagios and Icinga allows ...)
 	NOT-FOR-US: check_diskio nagios/icinga plugin
@@ -4540,8 +4780,8 @@ CVE-2014-8906
 	RESERVED
 CVE-2014-8905
 	RESERVED
-CVE-2014-8904
-	RESERVED
+CVE-2014-8904 (lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows ...)
+	TODO: check
 CVE-2014-8903
 	RESERVED
 CVE-2014-8902 (Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM ...)
@@ -4606,10 +4846,10 @@ CVE-2014-8872
 	RESERVED
 CVE-2014-8871
 	RESERVED
-CVE-2014-8870
-	RESERVED
-CVE-2014-8869
-	RESERVED
+CVE-2014-8870 (Open redirect vulnerability in mobiquo/smartbanner/welcome.php in the ...)
+	TODO: check
+CVE-2014-8869 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
 CVE-2014-8868 (EntryPass N5200 Active Network Control Panel does not properly ...)
 	NOT-FOR-US: EntryPass N5200
 CVE-2014-8867 (The acceleration support for the &quot;REP MOVS&quot; instruction in Xen 4.4.x, ...)
@@ -5031,53 +5271,43 @@ CVE-2014-8645
 	RESERVED
 CVE-2014-8644
 	RESERVED
-CVE-2014-8643
-	RESERVED
+CVE-2014-8643 (Mozilla Firefox before 35.0 on Windows allows remote attackers to ...)
 	- iceweasel <not-affected> (Only affects Firefox on Windows)
 	NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-07.html
-CVE-2014-8642
-	RESERVED
+CVE-2014-8642 (Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider ...)
 	- iceweasel <not-affected> (Only affects versions > 31.x)
 	NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-08.html
-CVE-2014-8641
-	RESERVED
+CVE-2014-8641 (Use-after-free vulnerability in the WebRTC implementation in Mozilla ...)
 	{DSA-3127-1}
 	- iceweasel 31.4.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-06.html
-CVE-2014-8640
-	RESERVED
+CVE-2014-8640 (The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in ...)
 	- iceweasel <not-affected> (Only affects versions > 31.x)
 	NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-05.html
-CVE-2014-8639
-	RESERVED
+CVE-2014-8639 (Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird ...)
 	{DSA-3127-1}
 	- iceweasel 31.4.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove 31.4.0-1
 	[squeeze] - icedove <end-of-life>
 	NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-04.html
-CVE-2014-8638
-	RESERVED
+CVE-2014-8638 (The navigator.sendBeacon implementation in Mozilla Firefox before ...)
 	{DSA-3127-1}
 	- iceweasel 31.4.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove 31.4.0-1
 	[squeeze] - icedove <end-of-life>
 	NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-03.html
-CVE-2014-8637
-	RESERVED
+CVE-2014-8637 (Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly ...)
 	- iceweasel <not-affected> (Only affects versions > 31.x)
 	NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-02.html
-CVE-2014-8636
-	RESERVED
+CVE-2014-8636 (The XrayWrapper implementation in Mozilla Firefox before 35.0 and ...)
 	- iceweasel <not-affected> (Only affects versions > 31.x)
 	NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-09.html
-CVE-2014-8635
-	RESERVED
+CVE-2014-8635 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- iceweasel <not-affected> (Only affects versions > 31.x)
-CVE-2014-8634
-	RESERVED
+CVE-2014-8634 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	{DSA-3127-1}
 	- iceweasel 31.4.0esr-1
 	[squeeze] - iceweasel <end-of-life>
@@ -5201,8 +5431,7 @@ CVE-2010-5312 (Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js i
 	NOTE: https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3
 CVE-2010-5311
 	RESERVED
-CVE-2014-8738 [Out-of-bounds memory write while processing a crafted "ar" archive]
-	RESERVED
+CVE-2014-8738 (The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU ...)
 	{DSA-3123-2 DSA-3123-1}
 	- binutils 2.24.90.20141124-1
 	- binutils-mingw-w64 <unfixed>
@@ -5874,16 +6103,16 @@ CVE-2014-8401
 	RESERVED
 CVE-2014-8400
 	RESERVED
-CVE-2014-8398
-	RESERVED
-CVE-2014-8397
-	RESERVED
-CVE-2014-8396
-	RESERVED
-CVE-2014-8395
-	RESERVED
-CVE-2014-8394
-	RESERVED
+CVE-2014-8398 (Multiple untrusted search path vulnerabilities in Corel FastFlick ...)
+	TODO: check
+CVE-2014-8397 (Untrusted search path vulnerability in Corel VideoStudio PRO X7 or ...)
+	TODO: check
+CVE-2014-8396 (Untrusted search path vulnerability in Corel PDF Fusion allows local ...)
+	TODO: check
+CVE-2014-8395 (Untrusted search path vulnerability in Corel Painter 2015 allows local ...)
+	TODO: check
+CVE-2014-8394 (Multiple untrusted search path vulnerabilities in Corel CAD 2014 allow ...)
+	TODO: check
 CVE-2014-8393
 	RESERVED
 CVE-2014-8392
@@ -6472,17 +6701,14 @@ CVE-2014-8154 [Heap-buffer overflow in vala-gstreamer bindings at Gst.MapInfo()]
 	- vala <not-affected> (MapInfo not yet present)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=678663
 	NOTE: https://git.gnome.org/browse/vala/commit/?id=3092537db65887e24a3d3e87a27caf9c5295e4f7
-CVE-2014-8153 [L3 agent denial of service with radvd 2.0+]
-	RESERVED
+CVE-2014-8153 (The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using ...)
 	- neutron <not-affected> (Affects neutron 2014.2 up to 2014.2.1)
 CVE-2014-8152
 	RESERVED
-CVE-2014-8151 [libcurl/darwinssl certificate check bypass]
-	RESERVED
+CVE-2014-8151 (The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in ...)
 	- curl <not-affected> (Only relevant when building with darwinssl/Mac OS X)
 	NOTE: http://curl.haxx.se/docs/adv_20150108A.html
-CVE-2014-8150 [URL request injection]
-	RESERVED
+CVE-2014-8150 (CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, ...)
 	{DSA-3122-1 DLA-134-1}
 	- curl 7.38.0-4
 	NOTE: http://curl.haxx.se/docs/adv_20150108B.html
@@ -6500,8 +6726,7 @@ CVE-2014-8145 (Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4
 	- sox 14.4.1-5 (bug #773720)
 CVE-2014-8144 (Cross-site request forgery (CSRF) vulnerability in doorkeeper before ...)
 	NOT-FOR-US: doorkeeper OAuth provider
-CVE-2014-8143 [Elevation of privilege to Active Directory Domain Controller]
-	RESERVED
+CVE-2014-8143 (Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before ...)
 	- samba <unfixed>
 	[wheezy] - samba <not-affected> (Only affects 4.0 and later)
 	[squeeze] - samba <not-affected> (Only affects 4.0 and later)
@@ -6845,8 +7070,8 @@ CVE-2014-8036 (The outlookpa component in Cisco WebEx Meetings Server does not .
 	NOT-FOR-US: Cisco
 CVE-2014-8035 (The web framework in Cisco WebEx Meetings Server produces different ...)
 	NOT-FOR-US: Cisco
-CVE-2014-8034
-	RESERVED
+CVE-2014-8034 (Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge ...)
+	TODO: check
 CVE-2014-8033 (The play/modules component in Cisco WebEx Meetings Server allows ...)
 	NOT-FOR-US: Cisco
 CVE-2014-8032 (The OutlookAction LI in Cisco WebEx Meetings Server allows remote ...)
@@ -6869,8 +7094,8 @@ CVE-2014-8024 (The API in the Guest Server in Cisco Jabber, when the HTML5 CORS
 	NOT-FOR-US: Cisco
 CVE-2014-8023
 	RESERVED
-CVE-2014-8022
-	RESERVED
+CVE-2014-8022 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity ...)
+	TODO: check
 CVE-2014-8021
 	RESERVED
 CVE-2014-8020 (Cisco Unified Communication Domain Manager Platform Software allows ...)
@@ -6989,10 +7214,10 @@ CVE-2014-7959 (SQL injection vulnerability in admin/htaccess/bpsunlock.php in th
 	NOT-FOR-US: BulletProof Security plugin for WordPress
 CVE-2014-7958 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: BulletProof Security plugin for WordPress
-CVE-2014-7957
-	RESERVED
-CVE-2014-7956
-	RESERVED
+CVE-2014-7957 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Pods ...)
+	TODO: check
+CVE-2014-7956 (Cross-site scripting (XSS) vulnerability in the Pods plugin before 2.5 ...)
+	TODO: check
 CVE-2014-7955
 	RESERVED
 CVE-2014-7954
@@ -7162,8 +7387,7 @@ CVE-2014-7883
 	RESERVED
 CVE-2014-7882
 	RESERVED
-CVE-2014-7881
-	RESERVED
+CVE-2014-7881 (Cross-site scripting (XSS) vulnerability in the server in HP Insight ...)
 	NOT-FOR-US: HP Insight Control
 CVE-2014-7880 (Multiple unspecified vulnerabilities in the POP implementation in HP ...)
 	NOT-FOR-US: HP OpenVMS TCP/IP
@@ -7419,17 +7643,14 @@ CVE-2014-7815 (The set_pixel_format function in ui/vnc.c in QEMU allows remote .
 	- qemu-kvm <removed>
 	[squeeze] - qemu-kvm <end-of-life>
 	NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e6908bfe8e07f2b452e78e677da1b45b1c0f6829
-CVE-2014-7814
-	RESERVED
+CVE-2014-7814 (SQL injection vulnerability in Red Hat CloudForms 3.1 Management ...)
 	NOT-FOR-US: Red Hat CloudForms Management Engine
 CVE-2014-7813
 	RESERVED
 	NOT-FOR-US: Red Hat CloudForms Management Engine
-CVE-2014-7812
-	RESERVED
+CVE-2014-7812 (Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat ...)
 	NOT-FOR-US: Red Hat Satellite / Spacewalk
-CVE-2014-7811
-	RESERVED
+CVE-2014-7811 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and ...)
 	NOT-FOR-US: Red Hat Satellite / Spacewalk
 CVE-2014-7810
 	RESERVED
@@ -10642,16 +10863,16 @@ CVE-2012-6657 (The sock_setsockopt function in net/core/sock.c in the Linux kern
 	[wheezy] - linux 3.2.32-1
 	- linux-2.6 <removed>
 	NOTE: Upstream fix: https://git.kernel.org/linus/3e10986d1d698140747fcfc2761ec9cb64c1d582 (v3.6)
-CVE-2014-6386
-	RESERVED
-CVE-2014-6385
-	RESERVED
-CVE-2014-6384
-	RESERVED
-CVE-2014-6383
-	RESERVED
-CVE-2014-6382
-	RESERVED
+CVE-2014-6386 (Juniper Junos 11.4 before 11.4R8, 12.1X44 before 12.1X44-D35, 12.1X45 ...)
+	TODO: check
+CVE-2014-6385 (Juniper Junos 11.4 before 11.4R13, 12.1X44 before 12.1X44-D45, 12.1X46 ...)
+	TODO: check
+CVE-2014-6384 (Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D25, ...)
+	TODO: check
+CVE-2014-6383 (The stateless firewall in Juniper Junos 13.3R3, 14.1R1, and 14.1R2, ...)
+	TODO: check
+CVE-2014-6382 (The Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before ...)
+	TODO: check
 CVE-2014-6381 (Juniper WLC devices with WLAN Software releases 8.0.x before 8.0.4, ...)
 	NOT-FOR-US: Juniper
 CVE-2014-6380 (Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, ...)
@@ -11101,8 +11322,8 @@ CVE-2014-6199 (The HTTP Server Adapter in IBM Sterling B2B Integrator 5.1 and 5.
 	NOT-FOR-US: IBM
 CVE-2014-6198
 	RESERVED
-CVE-2014-6197
-	RESERVED
+CVE-2014-6197 (IBM Security Network Protection 5.1.x and 5.2.x before 5.2.0.0 FP5 and ...)
+	TODO: check
 CVE-2014-6196 (Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory ...)
 	NOT-FOR-US: IBM WEF
 CVE-2014-6195
@@ -12705,10 +12926,10 @@ CVE-2014-5421 (CareFusion Pyxis SupplyStation 8.1 with hardware test tool 1.0.16
 	NOT-FOR-US: CareFusion
 CVE-2014-5420 (CareFusion Pyxis SupplyStation 8.1 with hardware test tool before ...)
 	NOT-FOR-US: CareFusion
-CVE-2014-5419
-	RESERVED
-CVE-2014-5418
-	RESERVED
+CVE-2014-5419 (GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware ...)
+	TODO: check
+CVE-2014-5418 (GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware ...)
+	TODO: check
 CVE-2014-5417 (Cross-site scripting (XSS) vulnerability in Meinberg NTP Server ...)
 	NOT-FOR-US: Meinberg NTP Server firmware on LANTIME M-Series devices
 CVE-2014-5416
@@ -13265,14 +13486,11 @@ CVE-2014-5241 (The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki
 	- mediawiki 1:1.19.18+dfsg-0.1 (bug #758510)
 	[squeeze] - mediawiki <end-of-life>
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=68187
-CVE-2014-5233
-	RESERVED
+CVE-2014-5233 (The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows ...)
 	NOT-FOR-US: Siemens SIMATIC WinCC Sm@rtClient
-CVE-2014-5232
-	RESERVED
+CVE-2014-5232 (The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows ...)
 	NOT-FOR-US: Siemens SIMATIC WinCC Sm@rtClient
-CVE-2014-5231
-	RESERVED
+CVE-2014-5231 (The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows ...)
 	NOT-FOR-US: Siemens SIMATIC WinCC Sm@rtClient
 CVE-2014-5230
 	RESERVED
@@ -14277,8 +14495,8 @@ CVE-2014-4837 (Cross-site scripting (XSS) vulnerability in NewDocument.jsp in IB
 	NOT-FOR-US: IBM TRIRIGA Application Platform
 CVE-2014-4836 (Cross-site scripting (XSS) vulnerability in breakOutWithName.jsp in ...)
 	NOT-FOR-US: IBM TRIRIGA Application Platform
-CVE-2014-4835
-	RESERVED
+CVE-2014-4835 (IBM ServerGuide before 9.63, UpdateXpress System Packs Installer ...)
+	TODO: check
 CVE-2014-4834 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 ...)
 	NOT-FOR-US: IBM
 CVE-2014-4833 (IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote ...)
@@ -17020,8 +17238,7 @@ CVE-2014-3693 (Use-after-free vulnerability in the socket manager of Impress Rem
 	- libreoffice 1:4.3.3~rc2~git20141011-1
 	[wheezy] - libreoffice <not-affected> (Introduced in 4.0.0)
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2014-3693/
-CVE-2014-3692
-	RESERVED
+CVE-2014-3692 (The customization template in Red Hat CloudForms 3.1 Management Engine ...)
 	NOT-FOR-US: RedHat CloudForms Management Engine
 CVE-2014-3691
 	RESERVED
@@ -18322,8 +18539,7 @@ CVE-2014-3316 (The Multiple Analyzer in the Dialed Number Analyzer (DNA) compone
 	NOT-FOR-US: Cisco Unified Communications Manager
 CVE-2014-3315 (Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the ...)
 	NOT-FOR-US: Cisco Unified Communications Manager
-CVE-2014-3314
-	RESERVED
+CVE-2014-3314 (Cisco AnyConnect on Android and OS X does not properly verify the host ...)
 	NOT-FOR-US: Cisco AnyConnect
 CVE-2014-3313 (Cross-site scripting (XSS) vulnerability in the web user interface on ...)
 	NOT-FOR-US: Cisco Small Business phones
@@ -19107,8 +19323,8 @@ CVE-2014-3034 (Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract
 	NOT-FOR-US: IBM
 CVE-2014-3033 (Cross-site scripting (XSS) vulnerability in IBM Emptoris Sourcing ...)
 	NOT-FOR-US: IBM Emptoris Sourcing Portfolio
-CVE-2014-3032
-	RESERVED
+CVE-2014-3032 (Cross-site scripting (XSS) vulnerability in the Web GUI in IBM Tivoli ...)
+	TODO: check
 CVE-2014-3031 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Business ...)
 	NOT-FOR-US: IBM Tivoli Business Service Manager
 CVE-2014-3030
@@ -19133,10 +19349,10 @@ CVE-2014-3021 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 b
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2014-3020 (install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 ...)
 	NOT-FOR-US: IBM Tivoli Integrated Portal
-CVE-2014-3019
-	RESERVED
-CVE-2014-3018
-	RESERVED
+CVE-2014-3019 (IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module ...)
+	TODO: check
+CVE-2014-3018 (IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module ...)
+	TODO: check
 CVE-2014-3017
 	RESERVED
 CVE-2014-3016
@@ -20961,8 +21177,8 @@ CVE-2014-2357 (The GPT library in the Telegyr 8979 Master Protocol application i
 	NOT-FOR-US: SUBNET SubSTATION Server 2
 CVE-2014-2356 (Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require ...)
 	NOT-FOR-US: Innominate mGuard
-CVE-2014-2355
-	RESERVED
+CVE-2014-2355 (The (1) CimView and (2) CimEdit components in GE Proficy ...)
+	TODO: check
 CVE-2014-2354 (Cogent DataHub before 7.3.5 does not use a salt during password ...)
 	NOT-FOR-US: Cogent DataHub
 CVE-2014-2353 (Cross-site scripting (XSS) vulnerability in Cogent DataHub before ...)
@@ -22063,8 +22279,7 @@ CVE-2014-1950 (Use-after-free vulnerability in the xc_cpupool_getinfo function i
 	{DSA-3006-1}
 	- xen 4.4.0-1
 	[squeeze] - xen <not-affected> (Xen 4.1 onwards affected)
-CVE-2014-1949 [cinnamon-screensaver lock bypass]
-	RESERVED
+CVE-2014-1949 (GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, ...)
 	- cinnamon 2.2.14-1 (bug #738828)
 	NOTE: http://www.openwall.com/lists/oss-security/2014/02/12/7
 	NOTE: https://git.gnome.org/browse/gtk+/commit/?id=1691bb741d50c90ee938f0b73fe81b0ca9bfd6d4
@@ -27517,8 +27732,7 @@ CVE-2014-0172 (Integer overflow in the check_section function in dwarf_begin_elf
 	- elfutils 0.158-1 (low; bug #744017)
 	[squeeze] - elfutils <not-affected> (Affected code introduced in 0.153)
 	[wheezy] - elfutils <not-affected> (Affected code introduced in 0.153)
-CVE-2014-0171
-	RESERVED
+CVE-2014-0171 (XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in ...)
 	NOT-FOR-US: Odata4j
 CVE-2014-0170 (Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data ...)
 	NOT-FOR-US: Teiid
author	security tracker role <sectracker@debian.org>	2015-01-18 09:10:18 +0000
committer	security tracker role <sectracker@debian.org>	2015-01-18 09:10:18 +0000
commit	fb2e076196e8454513058f2ca5664637a03b62b3 (patch)
tree	ab0a841838fa7b7882b6f86b4aa44c438e7f8888
parent	8b399c8d199d925b7c84b9cddda749a929ede0c0 (diff)