Author: jmm
Date: 2015-04-17 06:16:33 +0000 (Fri, 17 Apr 2015)
New Revision: 33646

Modified:
   data/CVE/list
Log:
several no-dsa
tcpdump n/a


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2015-04-17 06:12:55 UTC (rev 33645)
+++ data/CVE/list       2015-04-17 06:16:33 UTC (rev 33646)
@@ -348,6 +348,7 @@
        RESERVED
 CVE-2015-3138
        RESERVED
+       - tcpdump <not-affected> (Introduced in 4.7)
 CVE-2015-3137
        RESERVED
 CVE-2015-3136
@@ -2537,22 +2538,34 @@
        NOTE: https://nodesecurity.io/advisories/serve-static-xss
        NOTE: https://github.com/expressjs/serve-index/issues/28
 CVE-2015-XXXX [denial of service flaw in VICAR file processing]
-       - imagemagick <unfixed>
+       - imagemagick <unfixed> (low)
+       [jessie] - imagemagick <no-dsa> (Minor issue)
+       [wheezy] - imagemagick <no-dsa> (Minor issue)
+       [squeeze] - imagemagick <no-dsa> (Minor issue)
        NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2015/02/20/4
        NOTE: 
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26933
        NOTE: http://trac.imagemagick.org/changeset/17856
 CVE-2015-XXXX [denial of service flaw in PDB file processing]
-       - imagemagick <unfixed>
+       - imagemagick <unfixed> (low)
+       [jessie] - imagemagick <no-dsa> (Minor issue)
+       [wheezy] - imagemagick <no-dsa> (Minor issue)
+       [squeeze] - imagemagick <no-dsa> (Minor issue)
        NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2015/02/20/4
        NOTE: 
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26932
        NOTE: http://trac.imagemagick.org/changeset/17855
 CVE-2015-XXXX [denial of service flaw in MIFF file processing]
        - imagemagick <unfixed>
+       [jessie] - imagemagick <no-dsa> (Minor issue)
+       [wheezy] - imagemagick <no-dsa> (Minor issue)
+       [squeeze] - imagemagick <no-dsa> (Minor issue)
        NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2015/02/20/4
        NOTE: 
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26931
        NOTE: http://trac.imagemagick.org/changeset/17854
 CVE-2015-XXXX [denial of service flaw in HDR file processing]
        - imagemagick <unfixed>
+       [jessie] - imagemagick <no-dsa> (Minor issue)
+       [wheezy] - imagemagick <no-dsa> (Minor issue)
+       [squeeze] - imagemagick <no-dsa> (Minor issue)
        NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2015/02/20/4
        NOTE: 
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929
        NOTE: http://trac.imagemagick.org/changeset/17845
@@ -3215,7 +3228,10 @@
        NOT-FOR-US: Vanilla Forums
 CVE-2015-XXXX [potential application crash due to overread in fnmatch]
        - glibc <unfixed> (bug #779587)
+       [jessie] - glibc <no-dsa> (Minor issue)
        - eglibc <removed>
+       [wheezy] - eglibc <no-dsa> (Minor issue)
+       [squeeze] - eglibc <no-dsa> (Minor issue)
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18032
        NOTE: 
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185
        NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2015/02/26/5
@@ -5074,6 +5090,7 @@
        NOTE: Problem in the Groovy scripting engine.
 CVE-2015-1426 (Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to 
obtains ...)
        - facter <unfixed> (bug #778265)
+       [jessie] - facter <no-dsa> (Minor issue)
        [squeeze] - facter <not-affected> (Uses version 2008-02-01 of the EC2 
API which does not expose security credentials)
        [wheezy] - facter <no-dsa> (Minor issue)
        NOTE: http://puppetlabs.com/security/cve/cve-2015-1426
@@ -13578,7 +13595,10 @@
        NOT-FOR-US: JBoss Weld
 CVE-2014-8121 (DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch 
(NSS) in ...)
        - glibc <unfixed> (low; bug #779587)
+       [jessie] - glibc <no-dsa> (Minor issue)
        - eglibc <removed> (low)
+       [wheezy] - eglibc <no-dsa> (Minor issue)
+       [squeeze] - eglibc <no-dsa> (Minor issue)
 CVE-2014-8120 (The agent in Thermostat before 1.0.6, when using unspecified 
...)
        NOT-FOR-US: Thermostat Hotspot instrumentation
 CVE-2014-8119 [augeas path expression injection via interface name]


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to