[Secure-testing-commits] r14422 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Tue Apr 6 22:41:19 UTC 2010
Author: gilbert-guest
Date: 2010-04-06 22:41:13 +0000 (Tue, 06 Apr 2010)
New Revision: 14422
Modified:
data/CVE/list
Log:
new krb5 issue; certificates issue; bug for openssl issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-04-06 22:16:06 UTC (rev 14421)
+++ data/CVE/list 2010-04-06 22:41:13 UTC (rev 14422)
@@ -5,6 +5,8 @@
TODO: check
NOTE: http://sourceforge.net/projects/tcpdf/files/CHANGELOG.TXT/view
NOTE: setting K_TCPDF_CALLS_IN_HTML to false mitigates the problem
+CVE-2010-XXXX [unused/unowned certificates need to be removed]
+ - ca-certificaties <unfixed> (low; bug #576739)
CVE-2010-XXXX [xmail insecure temp files handling]
- xmail <undetermined>
TODO: check
@@ -1829,8 +1831,10 @@
- phpbb3 <unfixed> (unimportant; bug #570011)
CVE-2010-0634 (Unspecified vulnerability in Fast Lexical Analyzer Generator (flex) ...)
- flex 2.5.35-1
-CVE-2010-0629
+CVE-2010-0629 [krb5 dos]
RESERVED
+ - krb5 <unfixed> (low)
+ NOTE: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt
CVE-2010-0628 (The spnego_gss_accept_sec_context function in ...)
- krb5 <unfixed> (bug #575740)
[lenny] - krb5 <not-affected> (Only affects 1.7/1.8)
@@ -7356,7 +7360,7 @@
- xulrunner <unfixed> (unimportant)
NOTE: browser denial-of-services are unimportant
CVE-2009-3245 (OpenSSL before 0.9.8m does not check for a NULL return value from ...)
- - openssl 0.9.8m-1 (low)
+ - openssl 0.9.8m-1 (low; bug #575433)
[lenny] - openssl <no-dsa> (minor issue)
CVE-2009-3244 (Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe ...)
NOT-FOR-US: Adobe ShockWave Player
More information about the Secure-testing-commits
mailing list