[Secure-testing-commits] r4086 - data/CVE
Florian Weimer
fw at costa.debian.org
Sun May 28 09:52:50 UTC 2006
Author: fw
Date: 2006-05-28 09:52:47 +0000 (Sun, 28 May 2006)
New Revision: 4086
Modified:
data/CVE/list
Log:
CVE-2002-2211, CVE-2002-2212, CVE-2002-2213: bind affected, bind9 is not
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-05-28 09:38:36 UTC (rev 4085)
+++ data/CVE/list 2006-05-28 09:52:47 UTC (rev 4086)
@@ -119,11 +119,14 @@
CVE-2006-2551 (Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local ...)
TODO: check
CVE-2002-2213 (The DNS resolver in unspecified versions of Infoblox DNS One, when ...)
- TODO: check
+ NOT-FOR-US: Infoblox DNS One
CVE-2002-2212 (The DNS resolver in unspecified versions of Fujitsu UXP/V, when ...)
- TODO: check
+ NOT-FOR-US: Fujitsu UXP/V
CVE-2002-2211 (BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary ...)
- TODO: check
+ - bind <unfixed> (medium)
+ - bind9 <not-affected> (does not send parallel queries)
+ NOTE: Disabling recursion does not close all attack vectors.
+ NOTE: Browser reflection attacks will still work.
CVE-2006-2550 (perlpodder before 0.5 allows remote attackers to execute arbitrary ...)
NOT-FOR-US: perlpodder
CVE-2006-XXXX [shadow useradd arbitrary file chmod?]
More information about the Secure-testing-commits
mailing list