[Secure-testing-commits] r15640 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Thu Dec 2 04:20:01 UTC 2010
Author: gilbert-guest
Date: 2010-12-02 04:19:59 +0000 (Thu, 02 Dec 2010)
New Revision: 15640
Modified:
data/CVE/list
Log:
tracking minor elfsign issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-12-01 21:15:49 UTC (rev 15639)
+++ data/CVE/list 2010-12-02 04:19:59 UTC (rev 15640)
@@ -1,3 +1,8 @@
+CVE-2010-XXXX [elfsign uses cryptographically weak md5 hashes]
+ - elfsign <unfixed> (low; bug #555668)
+ [lenny] - elfsign <no-dsa> (a stronger hashing algorithm would completely change functionality of the package)
+ [squeeze] - elfsign <no-dsa> (a stronger hashing algorithm would completely change functionality of the package)
+ NOTE: too late to fix in squeeze release cycle, but this should be fixed for wheezy
CVE-2010-4354 (The remote-access IPSec VPN implementation on Cisco Adaptive Security ...)
TODO: check
CVE-2010-4353
More information about the Secure-testing-commits
mailing list