[Secure-testing-commits] r12455 - data/CVE

[Michael Gilbert]

Author: gilbert-guest
Date: 2009-07-31 23:20:21 +0000 (Fri, 31 Jul 2009)
New Revision: 12455

Modified:
   data/CVE/list
Log:
new ssl certificate issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-07-31 15:34:32 UTC (rev 12454)
+++ data/CVE/list	2009-07-31 23:20:21 UTC (rev 12455)
@@ -1,3 +1,7 @@
+CVE-2009-XXXX [openssl: certificate spoofing via null characters]
+	- openssl <unfixed> (medium; bug #539499)
+	NOTE: asked maintainer to check whether openssl affected
+	TODO: determine whether web browsers are also individually vulnerable (i.e. nss) or if a fix in just openssl is sufficient
 CVE-2009-2651 (main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote ...)
 	TODO: check
 CVE-2009-2650 (Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0 ...)