[Secure-testing-commits] r33706 - data/CVE

[Raphaël Hertzog]

Author: hertzog
Date: 2015-04-20 14:59:27 +0000 (Mon, 20 Apr 2015)
New Revision: 33706

Modified:
   data/CVE/list
Log:
Mark no-dsa most issues affecting libhtp/suricata in squeeze

Add some generic data to the various issues. And filed associated bugs
so that the situation in sid can improve...

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-04-20 13:52:48 UTC (rev 33705)
+++ data/CVE/list	2015-04-20 14:59:27 UTC (rev 33706)
@@ -3222,12 +3222,16 @@
 CVE-2015-XXXX [dcerpc: exit()'s on malloc failure]
 	- suricata 2.0.7-1
 	[wheezy] - suricata <no-dsa> (Unusable in wheezy, planned for removal)
+	[squeeze] - suricata <no-dsa> (Minor issue)
 	NOTE: https://github.com/inliniac/suricata/commit/89017d0b03bf715a3f4e11b612c6c7a23549304a
 CVE-2015-XXXX [http uri parsing issue]
-	- libhtp <unfixed>
+	- libhtp <unfixed> (bug #783007)
+	[squeeze] - libhtp <no-dsa> (Minor issue)
+	NOTE: if libhtp gets updated to 0.5.17 in sid, it will conflict with suricata which ships the library too (see #783005)
 	[wheezy] - libhtp <no-dsa> (Unusable in wheezy, planned for removal)
 	- suricata 2.0.7-1
-	[wheezy] - suricata <no-dsa> (Unusable in wheezy, planned for removal)
+	[wheezy] - suricata <not-affected> (Uses system-wide libhtp)
+	[squeeze] - suricata <not-affected> (Uses system-wide libhtp)
 	NOTE: https://redmine.openinfosecfoundation.org/issues/1391
 	NOTE: https://github.com/OISF/libhtp/commit/1a6c9465fb641f81460392f622d1878d5e87fc00
 	NOTE: Fixed in Libhtp 0.5.17 upstream
@@ -6813,6 +6817,7 @@
 	RESERVED
 	- suricata 2.0.7-1
 	[wheezy] - suricata <no-dsa> (Unusable in wheezy, planned for removal)
+	[squeeze] - suricata <no-dsa> (Minor issue)
 	NOTE: https://redmine.openinfosecfoundation.org/issues/1385
 	NOTE: Commit: https://github.com/inliniac/suricata/commit/56196ace51395fcb2d8fc30d586e9ad782306d31
 CVE-2015-0927