[Secure-testing-commits] r12332 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Mon Jul 13 17:15:34 UTC 2009


Author: gilbert-guest
Date: 2009-07-13 17:15:30 +0000 (Mon, 13 Jul 2009)
New Revision: 12332

Modified:
   data/CVE/list
Log:
predictable PRNG fixed in debian's lynx package, dillo et. al. still affected


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-07-13 15:45:24 UTC (rev 12331)
+++ data/CVE/list	2009-07-13 17:15:30 UTC (rev 12332)
@@ -1133,7 +1133,12 @@
 	[lenny] - w3m <no-dsa> (Minor issue)
 	[etch] - w3m <no-dsa> (Minor issue)
 	- chromium-browser <itp> (low; bug #520324)
-	NOTE: lynx and dillo not affected, don't support Javascript and multipart/form-data
+        - lynx 2.8.7rel.1-1 (low; bug #532520)
+	[lenny] - lynx <no-dsa> (Minor issue)
+	[etch] - lynx <no-dsa> (Minor issue)
+        - dillo <unfixed> (low; bug #532522)
+	[lenny] - dillo <no-dsa> (Minor issue)
+	[etch] - dillo <no-dsa> (Minor issue)
 	NOTE: These issues can be fixed in more recent upstream versions, but the risk
 	NOTE: of regression doesn't outweigh the issue at hand
 CVE-2009-1961 (The inode double locking code in fs/ocfs2/file.c in the Linux kernel ...)




More information about the Secure-testing-commits mailing list