[Secure-testing-commits] r38074 - data/CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2015-12-03 15:53:19 +0000 (Thu, 03 Dec 2015)
New Revision: 38074

Modified:
   data/CVE/list
Log:
new openssl issues
no-dsa: tiff, php


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-12-03 09:51:08 UTC (rev 38073)
+++ data/CVE/list	2015-12-03 15:53:19 UTC (rev 38074)
@@ -2285,6 +2285,8 @@
 	NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa
 CVE-2015-XXXX [trivial hash complexity DoS attack]
 	- php5 <unfixed> (bug #800564)
+	[jessie] - php5 <no-dsa> (Too intrusive to backport)
+	[wheezy] - php5 <no-dsa> (Too intrusive to backport)
 	NOTE: https://bugs.php.net/bug.php?id=70644
 CVE-2015-7698 (icewind1991 SMB before 1.0.3 allows remote authenticated users to ...)
 	- php-smb 1.0.3a-1
@@ -2973,6 +2975,8 @@
 CVE-2015-7313 [OOM when parsing crafted tiff files]
 	RESERVED
 	- tiff <unfixed> (bug #800124)
+	[jessie] - tiff <no-dsa> (Minor issue)
+	[wheezy] - tiff <no-dsa> (Minor issue)
 	[squeeze] - tiff <not-affected> (Can't reproduce the issue, file is rejected with "Integer overflow in TIFFVStripSize" and "cannot handle zero strip size.")
 	- tiff3 <removed>
 	NOTE: Test file here: https://marc.info/?l=oss-security&m=144284777006804&q=p6
@@ -14365,10 +14369,20 @@
 	RESERVED
 CVE-2015-3195
 	RESERVED
+	- openssl <unfixed>
+	NOTE: https://www.openssl.org/news/secadv/20151203.txt
 CVE-2015-3194
 	RESERVED
+	- openssl <unfixed>
+	[squeeze] - openssl <not-affected> (Only affects 1.0.1 and 1.0.2)
+	NOTE: https://www.openssl.org/news/secadv/20151203.txt
 CVE-2015-3193
 	RESERVED
+	- openssl <unfixed>
+	[jessie] - openssl <not-affected> (Only affects 1.0.2)
+	[wheezy] - openssl <not-affected> (Only affects 1.0.2)
+	[squeeze] - openssl <not-affected> (Only affects 1.0.2)
+	NOTE: https://www.openssl.org/news/secadv/20151203.txt
 CVE-2015-3192
 	RESERVED
 	- libspring-java <unfixed> (bug #796137)