[Secure-testing-commits] r12361 - data/CVE
James Strandboge
jamie-guest at alioth.debian.org
Thu Jul 16 22:23:16 UTC 2009
Author: jamie-guest
Date: 2009-07-16 22:23:16 +0000 (Thu, 16 Jul 2009)
New Revision: 12361
Modified:
data/CVE/list
Log:
mono and xmlsec1 issue (CVE-2009-0217)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-07-16 22:17:14 UTC (rev 12360)
+++ data/CVE/list 2009-07-16 22:23:16 UTC (rev 12361)
@@ -7644,7 +7644,11 @@
CVE-2009-0218 (Insecure method vulnerability in Particle Software IntraLaunch ...)
NOT-FOR-US: IntraLaunch Application Launcher ActiveX control
CVE-2009-0217 (The design of the W3C XML Signature Syntax and Processing (XMLDsig) ...)
- TODO: check
+ - xmlsec1 <unfixed>
+ - mono <unfixed>
+ NOTE: http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html
+ NOTE: http://anonsvn.mono-project.com/viewvc?view=rev&revision=137891
+ NOTE: http://www.aleksey.com/xmlsec/download.html (1.2.12 has fix)
CVE-2009-0216 (GE Fanuc iFIX 5.0 and earlier relies on client-side authentication ...)
NOT-FOR-US: GE Fanuc iFIX
CVE-2009-0215 (Stack-based buffer overflow in the GetXMLValue method in the IBM ...)
More information about the Secure-testing-commits
mailing list