[Secure-testing-commits] r1640 - data/CAN
Stefan Fritsch
stef-guest at costa.debian.org
Wed Aug 24 21:46:20 UTC 2005
Author: stef-guest
Date: 2005-08-24 21:46:16 +0000 (Wed, 24 Aug 2005)
New Revision: 1640
Modified:
data/CAN/list
Log:
update CAN-2005-1268/apache
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-08-24 21:14:18 UTC (rev 1639)
+++ data/CAN/list 2005-08-24 21:46:16 UTC (rev 1640)
@@ -6068,7 +6068,9 @@
CAN-2005-1268 (Off-by-one error in the mod_ssl Certificate Revocation List (CRL) ...)
NOTE: This is from latest Trustix advisory, exploitation would require to trick
NOTE: someone into using a maliciously crafted certificate revocation list
+ TODO: check libapache-mod-ssl: AFAIK it is not affected, file bug if it is
- libapache-mod-ssl (unfixed; low)
+ - apache2 (unfixed; bug #320048; low)
CAN-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly handle ...)
- tcpdump 3.9.0.cvs.20050614-1 (medium)
CAN-2005-1266 (Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to ...)
More information about the Secure-testing-commits
mailing list