[Secure-testing-commits] r13231 - data/CVE
Stefan Fritsch
sf at alioth.debian.org
Sat Nov 7 14:49:48 UTC 2009
Author: sf
Date: 2009-11-07 14:49:48 +0000 (Sat, 07 Nov 2009)
New Revision: 13231
Modified:
data/CVE/list
Log:
Start a list of ssl implementations for the renegotiation prefix injection vulnerability.
I didn't realize we had that many.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-11-07 10:24:12 UTC (rev 13230)
+++ data/CVE/list 2009-11-07 14:49:48 UTC (rev 13231)
@@ -801,8 +801,32 @@
RESERVED
CVE-2009-3556
RESERVED
-CVE-2009-3555
+CVE-2009-3555 [TLS/SSL renegotiation prefix injection vulnerability]
RESERVED
+ - openssl <unfixed>
+ - openssl097 <removed>
+ - gnutls26 <unfixed>
+ - gnutls13 <removed>
+ - nss <unfixed>
+ - xyssl <unfixed>
+ - polarssl <unfixed>
+ - matrixssl <unfixed>
+ - pike7.6 <unfixed>
+ - classpath <unfixed>
+ - gcj-4.1 <unfixed>
+ - gcj-4.2 <unfixed>
+ - gcj-4.3 <unfixed>
+ - gcj-4.4 <unfixed>
+ - zorp <unfixed>
+ - openjdk-6 <unfixed>
+ - sun-java5 <removed>
+ [etch] - sun-java5 <no-dsa> (non-free not supported)
+ [lenny] - sun-java5 <no-dsa> (non-free not supported)
+ - sun-java6 <unfixed>
+ [lenny] - sun-java6 <no-dsa> (non-free not supported)
+ TODO: check
+ TODO: I haven't checked if all the java ssl implementations are actually used.
+ NOTE: This may need fixes in TLS/SSL using packages, too.
CVE-2009-3554
RESERVED
CVE-2009-3553
More information about the Secure-testing-commits
mailing list