[Secure-testing-commits] r12469 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Tue Aug 4 03:12:07 UTC 2009
Author: gilbert-guest
Date: 2009-08-04 03:12:06 +0000 (Tue, 04 Aug 2009)
New Revision: 12469
Modified:
data/CVE/list
Log:
certificate spoofing fixed in upstream iceweasel
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-08-03 22:07:13 UTC (rev 12468)
+++ data/CVE/list 2009-08-04 03:12:06 UTC (rev 12469)
@@ -30,8 +30,10 @@
- poppler <unfixed> (low; bug #534680)
CVE-2009-XXXX [openssl: certificate spoofing via null characters]
- openssl <unfixed> (medium; bug #539499)
+ - iceweasel <unfixed> (medium)
NOTE: asked maintainer to check whether openssl affected
- TODO: determine whether web browsers are also individually vulnerable (i.e. nss) or if a fix in just openssl is sufficient
+ NOTE: fixed in iceweasel 3.0.13 and 3.5.2, which have yet to be uploaded
+ TODO: check whether other web browsers are affected and file bugs
CVE-2009-2651 (main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote ...)
- asterisk <unfixed> (low; bug #539473)
[etch] - asterisk <not-affected> (Vulnerable code not present)
More information about the Secure-testing-commits
mailing list