[Secure-testing-commits] r13101 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Tue Oct 27 05:54:05 UTC 2009
Author: geissert
Date: 2009-10-27 05:54:05 +0000 (Tue, 27 Oct 2009)
New Revision: 13101
Modified:
data/CVE/list
Log:
openldap, mutt, jetty, libhtml-parser-perl issues
cherokee issue seems to only affect an old version
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-10-27 01:42:44 UTC (rev 13100)
+++ data/CVE/list 2009-10-27 05:54:05 UTC (rev 13101)
@@ -1,3 +1,11 @@
+CVE-2009-XXXX [multiple vulnerabilities in jetty]
+ - jetty <unfixed>
+ TODO: check
+ NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
+CVE-2009-XXXX [cherokee 0.5.4 DoS]
+ - cherokee <not-affected> (not reproducible)
+ NOTE: <4089.110.37.64.157.1256562313.squirrel at mail.xc0re.net> in bugtraq
+ NOTE: not reproducible in etch's 0.5.5 nor sid's 0.99.22-1.1
CVE-2009-3777
RESERVED
CVE-2009-3776
@@ -19,11 +27,17 @@
CVE-2009-3768
RESERVED
CVE-2009-3767 (libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does not ...)
+ - openldap <unfixed>
TODO: check
CVE-2009-3766 (mutt_ssl.c in mutt 1.5.16, when OpenSSL is used, does not verify the ...)
+ - mutt <unfixed>
TODO: check
+ NOTE: probably not an issue, etch has 1.5.13-1.1 and lenny has 1.5.18-6
+ NOTE: but it is not enough to rule them out
CVE-2009-3765 (mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not ...)
+ - mutt <unfixed>
TODO: check
+ NOTE: probably not an issue, as our mutt is linked against gnutls
CVE-2009-3764
RESERVED
CVE-2009-3763
@@ -319,8 +333,10 @@
CVE-2009-3628 [typo3-sa-2009-016]
RESERVED
- typo3-src 4.2.10-1 (medium; bug #552020)
-CVE-2009-3627
+CVE-2009-3627 ["decode_entities()" Denial of Service]
RESERVED
+ - libhtml-parser-perl <unfixed> (bug filed)
+ NOTE: http://secunia.com/advisories/37155/
CVE-2009-3626 [perl utf8 DoS]
RESERVED
- perl <unfixed> (bug #552291)
More information about the Secure-testing-commits
mailing list