[Secure-testing-commits] r12589 - data/CVE
Giuseppe Iuculano
derevko-guest at alioth.debian.org
Fri Aug 14 09:19:41 UTC 2009
Author: derevko-guest
Date: 2009-08-14 09:19:39 +0000 (Fri, 14 Aug 2009)
New Revision: 12589
Modified:
data/CVE/list
Log:
- CVE-2009-2730: gnutls does not properly handle a '\0' character
- CVE-2009-2726: Asterisk SIP Channel Driver Denial of Service
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-08-14 09:14:22 UTC (rev 12588)
+++ data/CVE/list 2009-08-14 09:19:39 UTC (rev 12589)
@@ -154,7 +154,7 @@
CVE-2009-2731
RESERVED
CVE-2009-2730 (libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' ...)
- TODO: check
+ - gnutls26 <unfixed> (low; bug #541439)
CVE-2009-2729
RESERVED
CVE-2009-2728
@@ -162,7 +162,8 @@
CVE-2009-2727 (Stack-based buffer overflow in the _tt_internal_realpath function in ...)
NOT-FOR-US: IBM AIX
CVE-2009-2726 (The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, ...)
- TODO: check
+ - asterisk <unfixed> (bug #541441)
+ NOTE: According to the vendor this is only potentially exploitable in 1.6.x, so this is a possible no-dsa
CVE-2009-2725
RESERVED
CVE-2009-2724 (Race condition in the java.lang package in Sun Java SE 5.0 before ...)
More information about the Secure-testing-commits
mailing list