[Secure-testing-commits] r12332 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Mon Jul 13 17:15:34 UTC 2009
Author: gilbert-guest
Date: 2009-07-13 17:15:30 +0000 (Mon, 13 Jul 2009)
New Revision: 12332
Modified:
data/CVE/list
Log:
predictable PRNG fixed in debian's lynx package, dillo et. al. still affected
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-07-13 15:45:24 UTC (rev 12331)
+++ data/CVE/list 2009-07-13 17:15:30 UTC (rev 12332)
@@ -1133,7 +1133,12 @@
[lenny] - w3m <no-dsa> (Minor issue)
[etch] - w3m <no-dsa> (Minor issue)
- chromium-browser <itp> (low; bug #520324)
- NOTE: lynx and dillo not affected, don't support Javascript and multipart/form-data
+ - lynx 2.8.7rel.1-1 (low; bug #532520)
+ [lenny] - lynx <no-dsa> (Minor issue)
+ [etch] - lynx <no-dsa> (Minor issue)
+ - dillo <unfixed> (low; bug #532522)
+ [lenny] - dillo <no-dsa> (Minor issue)
+ [etch] - dillo <no-dsa> (Minor issue)
NOTE: These issues can be fixed in more recent upstream versions, but the risk
NOTE: of regression doesn't outweigh the issue at hand
CVE-2009-1961 (The inode double locking code in fs/ocfs2/file.c in the Linux kernel ...)
More information about the Secure-testing-commits
mailing list