[Secure-testing-commits] r12751 - data/CVE
Nico Golde
nion at alioth.debian.org
Sat Sep 5 15:29:49 UTC 2009
Author: nion
Date: 2009-09-05 15:29:49 +0000 (Sat, 05 Sep 2009)
New Revision: 12751
Modified:
data/CVE/list
Log:
some lenny point release todos
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-09-04 21:14:43 UTC (rev 12750)
+++ data/CVE/list 2009-09-05 15:29:49 UTC (rev 12751)
@@ -166,7 +166,7 @@
[lenny] - pidgin <not-affected> (Vulnerable code introduced in 2.6.0)
[etch] - pidgin <not-affected> (Vulnerable code introduced in 2.6.0)
CVE-2009-3024 (The verify_hostname_of_cert function in the certificate checking ...)
- TODO: next point release [lenny] - libcompress-raw-zlib-perl 2.012-1lenny1
+ [lenny] - libcompress-raw-zlib-perl 2.012-1lenny1
- libcompress-raw-zlib-perl 2.015-2 (bug #532738)
CVE-2009-3023 (Buffer overflow in the FTP server in Microsoft Internet Information ...)
NOT-FOR-US: Microsoft IIS
@@ -2299,7 +2299,7 @@
CVE-2009-XXXX [libio-socket-ssl-perl: partial hostname matching vulnerability]
- libio-socket-ssl-perl 1.26-1 (low; bug #535946)
[lenny] - libio-socket-ssl-perl <no-dsa> (Scheduled for next point update)
- TODO: next point release: [lenny] - libio-socket-ssl-perl 1.16-1+lenny1
+ [lenny] - libio-socket-ssl-perl 1.16-1+lenny1
NOTE: hostname validition is not implemented until 1.14, so etch
NOTE: is in a way is not affected, but in another sense, it is
NOTE: completely affected since no validation done at all
More information about the Secure-testing-commits
mailing list