[Secure-testing-commits] r12589 - data/CVE

Giuseppe Iuculano derevko-guest at alioth.debian.org
Fri Aug 14 09:19:41 UTC 2009


Author: derevko-guest
Date: 2009-08-14 09:19:39 +0000 (Fri, 14 Aug 2009)
New Revision: 12589

Modified:
   data/CVE/list
Log:
- CVE-2009-2730: gnutls does not properly handle a '\0' character
- CVE-2009-2726: Asterisk SIP Channel Driver Denial of Service


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-08-14 09:14:22 UTC (rev 12588)
+++ data/CVE/list	2009-08-14 09:19:39 UTC (rev 12589)
@@ -154,7 +154,7 @@
 CVE-2009-2731
 	RESERVED
 CVE-2009-2730 (libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' ...)
-	TODO: check
+	- gnutls26 <unfixed> (low; bug #541439)
 CVE-2009-2729
 	RESERVED
 CVE-2009-2728
@@ -162,7 +162,8 @@
 CVE-2009-2727 (Stack-based buffer overflow in the _tt_internal_realpath function in ...)
 	NOT-FOR-US: IBM AIX
 CVE-2009-2726 (The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, ...)
-	TODO: check
+	- asterisk <unfixed> (bug #541441)
+	NOTE: According to the vendor this is only potentially exploitable in 1.6.x, so this is a possible no-dsa
 CVE-2009-2725
 	RESERVED
 CVE-2009-2724 (Race condition in the java.lang package in Sun Java SE 5.0 before ...)




More information about the Secure-testing-commits mailing list