[Secure-testing-commits] r12384 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Mon Jul 20 16:03:15 UTC 2009
Author: gilbert-guest
Date: 2009-07-20 16:03:13 +0000 (Mon, 20 Jul 2009)
New Revision: 12384
Modified:
data/CVE/list
Log:
libio-ssl issue already exists in tracker
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-07-20 00:34:53 UTC (rev 12383)
+++ data/CVE/list 2009-07-20 16:03:13 UTC (rev 12384)
@@ -1,8 +1,3 @@
-CVE-2009-XXXX [incorrect validation of hostnames]
- - libio-socket-ssl-perl 1.26-1 (medium; bug #537633)
- NOTE: hostname validition is not implemented until 1.14, so etch
- NOTE: is in a way is not affected, but in another sense, it is
- NOTE: completely affected since no validation done at all
CVE-2009-XXXX [mediawiki: multiple vulnerabilities]
- mediawiki <unfixed> (medium; bug #537634)
[etch] - mediawiki <not-affected> (vulnerably code introduced in 1.14.0)
@@ -197,6 +192,9 @@
TODO: check lenny/sid; they are likely fixed according to the report, but i did not check
CVE-2009-XXXX [libio-socket-ssl-perl: partial hostname matching vulnerability]
- libio-socket-ssl-perl 1.26-1 (medium; bug #535946)
+ NOTE: hostname validition is not implemented until 1.14, so etch
+ NOTE: is in a way is not affected, but in another sense, it is
+ NOTE: completely affected since no validation done at all
CVE-2009-2421 (The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in ...)
NOT-FOR-US: Apple Safari
CVE-2009-2420 (Apple Safari 3.2.3 does not properly implement the file: protocol ...)
More information about the Secure-testing-commits
mailing list