[Secure-testing-commits] r12384 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Mon Jul 20 16:03:15 UTC 2009


Author: gilbert-guest
Date: 2009-07-20 16:03:13 +0000 (Mon, 20 Jul 2009)
New Revision: 12384

Modified:
   data/CVE/list
Log:
libio-ssl issue already exists in tracker


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-07-20 00:34:53 UTC (rev 12383)
+++ data/CVE/list	2009-07-20 16:03:13 UTC (rev 12384)
@@ -1,8 +1,3 @@
-CVE-2009-XXXX [incorrect validation of hostnames]
-	- libio-socket-ssl-perl 1.26-1 (medium; bug #537633)
-	NOTE: hostname validition is not implemented until 1.14, so etch 
-	NOTE: is in a way is not affected, but in another sense, it is 
-	NOTE: completely affected since no validation done at all
 CVE-2009-XXXX [mediawiki: multiple vulnerabilities]
 	- mediawiki <unfixed> (medium; bug #537634)
 	[etch] - mediawiki <not-affected> (vulnerably code introduced in 1.14.0)
@@ -197,6 +192,9 @@
 	TODO: check lenny/sid; they are likely fixed according to the report, but i did not check
 CVE-2009-XXXX [libio-socket-ssl-perl: partial hostname matching vulnerability]
 	- libio-socket-ssl-perl 1.26-1 (medium; bug #535946)
+	NOTE: hostname validition is not implemented until 1.14, so etch 
+	NOTE: is in a way is not affected, but in another sense, it is 
+	NOTE: completely affected since no validation done at all
 CVE-2009-2421 (The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in ...)
 	NOT-FOR-US: Apple Safari
 CVE-2009-2420 (Apple Safari 3.2.3 does not properly implement the file: protocol ...)




More information about the Secure-testing-commits mailing list