[Secure-testing-commits] r33646 - data/CVE

Fri Apr 17 06:16:33 UTC 2015

Author: jmm
Date: 2015-04-17 06:16:33 +0000 (Fri, 17 Apr 2015)
New Revision: 33646

Modified:
   data/CVE/list
Log:
several no-dsa
tcpdump n/a


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2015-04-17 06:12:55 UTC (rev 33645)
+++ data/CVE/list	2015-04-17 06:16:33 UTC (rev 33646)
@@ -348,6 +348,7 @@
 	RESERVED
 CVE-2015-3138
 	RESERVED
+	- tcpdump <not-affected> (Introduced in 4.7)
 CVE-2015-3137
 	RESERVED
 CVE-2015-3136
@@ -2537,22 +2538,34 @@
 	NOTE: https://nodesecurity.io/advisories/serve-static-xss
 	NOTE: https://github.com/expressjs/serve-index/issues/28
 CVE-2015-XXXX [denial of service flaw in VICAR file processing]
-	- imagemagick <unfixed>
+	- imagemagick <unfixed> (low)
+	[jessie] - imagemagick <no-dsa> (Minor issue)
+	[wheezy] - imagemagick <no-dsa> (Minor issue)
+	[squeeze] - imagemagick <no-dsa> (Minor issue)
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/20/4
 	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26933
 	NOTE: http://trac.imagemagick.org/changeset/17856
 CVE-2015-XXXX [denial of service flaw in PDB file processing]
-	- imagemagick <unfixed>
+	- imagemagick <unfixed> (low)
+	[jessie] - imagemagick <no-dsa> (Minor issue)
+	[wheezy] - imagemagick <no-dsa> (Minor issue)
+	[squeeze] - imagemagick <no-dsa> (Minor issue)
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/20/4
 	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26932
 	NOTE: http://trac.imagemagick.org/changeset/17855
 CVE-2015-XXXX [denial of service flaw in MIFF file processing]
 	- imagemagick <unfixed>
+	[jessie] - imagemagick <no-dsa> (Minor issue)
+	[wheezy] - imagemagick <no-dsa> (Minor issue)
+	[squeeze] - imagemagick <no-dsa> (Minor issue)
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/20/4
 	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26931
 	NOTE: http://trac.imagemagick.org/changeset/17854
 CVE-2015-XXXX [denial of service flaw in HDR file processing]
 	- imagemagick <unfixed>
+	[jessie] - imagemagick <no-dsa> (Minor issue)
+	[wheezy] - imagemagick <no-dsa> (Minor issue)
+	[squeeze] - imagemagick <no-dsa> (Minor issue)
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/20/4
 	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929
 	NOTE: http://trac.imagemagick.org/changeset/17845
@@ -3215,7 +3228,10 @@
 	NOT-FOR-US: Vanilla Forums
 CVE-2015-XXXX [potential application crash due to overread in fnmatch]
 	- glibc <unfixed> (bug #779587)
+	[jessie] - glibc <no-dsa> (Minor issue)
 	- eglibc <removed>
+	[wheezy] - eglibc <no-dsa> (Minor issue)
+	[squeeze] - eglibc <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18032
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/26/5
@@ -5074,6 +5090,7 @@
 	NOTE: Problem in the Groovy scripting engine.
 CVE-2015-1426 (Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains ...)
 	- facter <unfixed> (bug #778265)
+	[jessie] - facter <no-dsa> (Minor issue)
 	[squeeze] - facter <not-affected> (Uses version 2008-02-01 of the EC2 API which does not expose security credentials)
 	[wheezy] - facter <no-dsa> (Minor issue)
 	NOTE: http://puppetlabs.com/security/cve/cve-2015-1426
@@ -13578,7 +13595,10 @@
 	NOT-FOR-US: JBoss Weld
 CVE-2014-8121 (DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in ...)
 	- glibc <unfixed> (low; bug #779587)
+	[jessie] - glibc <no-dsa> (Minor issue)
 	- eglibc <removed> (low)
+	[wheezy] - eglibc <no-dsa> (Minor issue)
+	[squeeze] - eglibc <no-dsa> (Minor issue)
 CVE-2014-8120 (The agent in Thermostat before 1.0.6, when using unspecified ...)
 	NOT-FOR-US: Thermostat Hotspot instrumentation
 CVE-2014-8119 [augeas path expression injection via interface name]


