[Secure-testing-commits] r10981 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Sat Jan 17 18:20:50 UTC 2009 

Author: nion
Date: 2009-01-17 18:20:49 +0000 (Sat, 17 Jan 2009)
New Revision: 10981

Modified:
   data/CVE/list
Log:
CVE-2009-0130/CVE-2009-0122 non-issues
new CVE-2009-0025 related issues (CVE-2009-01[23-29])


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-01-17 17:04:30 UTC (rev 10980)
+++ data/CVE/list	2009-01-17 18:20:49 UTC (rev 10981)
@@ -5,23 +5,26 @@
 CVE-2009-0131 (The UFS implementation in the kernel in Sun OpenSolaris snv_29 through ...)
 	NOT-FOR-US: UFS in OpenSolaris
 CVE-2009-0130 (** DISPUTED ** lib/crypto/c_src/crypto_drv.c in erlang does not ...)
-	TODO: check
+	- erlang <unfixed> (unimportant; bug #511520)
+	NOTE: the return value is passed to the caller (lib/crypto/src/crypto.erl) which
+	NOTE: only return success in case of DSA_do_verify returning 1 and failure otherwise
+	NOTE: this is likely to be rejected
 CVE-2009-0129 (libcrypt-openssl-dsa-perl does not properly check the return value ...)
-	TODO: check
+	- libcrypt-openssl-dsa-perl <unfixed> (bug #511519)
 CVE-2009-0128 (plugins/crypto/openssl/crypto_openssl.c in Simple Linux Utility for ...)
-	TODO: check
+	- slurm-llnl 1.3.13-1 (bug #511511)
 CVE-2009-0127 (** DISPUTED ** M2Crypto does not properly check the return value from ...)
-	TODO: check
+	- m2crypto <unfixed> (bug #511515)
 CVE-2009-0126 (The decrypt_public function in lib/crypt.cpp in the client in Berkeley ...)
-	TODO: check
+	- boinc <unfixed> (bug #511521)
 CVE-2009-0125 (nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library ...)
-	TODO: check
+	- libnasl <unfixed> (bug #511517)
 CVE-2009-0124 (The tqsl_verifyDataBlock function in openssl_cert.cpp in American ...)
-	TODO: check
+	- tqsllib 2.0-8 (bug #511509)
 CVE-2009-0123 (Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows ...)
 	NOT-FOR-US: Apple Safari
 CVE-2009-0122 (hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and ...)
-	TODO: check
+	- hplip <not-affected> (only a bug in ubuntus postinst script, we use our own postinst which is not vulnerable)
 CVE-2008-5907 (The png_check_keyword function in pngwutil.c in libpng before 1.0.42, ...)
 	TODO: check
 CVE-2008-5906 (Eval injection vulnerability in the web interface plugin in KTorrent ...)

More information about the Secure-testing-commits mailing list