[Secure-testing-commits] r9938 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Thu Oct 2 11:52:12 UTC 2008
Author: nion
Date: 2008-10-02 11:52:11 +0000 (Thu, 02 Oct 2008)
New Revision: 9938
Modified:
data/CVE/list
Log:
CVE-2008-3529 fixed in libxml2 2.6.32.dfsg-4
CVE-2008-1447 fixed in adns 1.4-2
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-10-02 11:46:24 UTC (rev 9937)
+++ data/CVE/list 2008-10-02 11:52:11 UTC (rev 9938)
@@ -2000,7 +2000,7 @@
- kfreebsd-6 6.3-7
- kfreebsd-7 7.0-5
CVE-2008-3529 (Heap-based buffer overflow in the xmlParseAttValueComplex function in ...)
- - libxml2 <unfixed> (bug #498768)
+ - libxml2 2.6.32.dfsg-4 (bug #498768)
CVE-2008-3528 (The error-reporting functionality in (1) fs/ext2/dir.c, (2) ...)
TODO: check
CVE-2008-3527
@@ -6790,14 +6790,14 @@
- dnsmasq 2.43-1 (medium; bug #490123)
- python-dns 2.3.1-5 (low; bug #490217)
- python-dnspython <unfixed> (low; bug #492465)
- - adns <unfixed> (unimportant; bug #492698)
+ - adns 1.4-2 (unimportant; bug #492698)
+ NOTE: adns is not suitable to use with untrusted responses, documented in README.Debian
- udns <unfixed> (bug #493599)
- libnet-dns-perl <unfixed> (low; bug #492700)
- ruby1.9 1.9.0.2-6 (low)
NOTE: Unbound, djbdns, pdnsd and PowerDNS are affected by the underlying protocol issue, but
NOTE: already use source port randomization.
NOTE: Marking non-caching stub resolvers as low since these really should be fixed, but are much less vulnerable than a caching server.
- NOTE: adns is not suitable to use with untrusted responses, working to document this better
CVE-2008-1446
RESERVED
CVE-2008-1445 (Active Directory on Microsoft Windows 2000 Server SP4, XP Professional ...)
More information about the Secure-testing-commits
mailing list