[Secure-testing-commits] r15640 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Thu Dec 2 04:20:01 UTC 2010


Author: gilbert-guest
Date: 2010-12-02 04:19:59 +0000 (Thu, 02 Dec 2010)
New Revision: 15640

Modified:
   data/CVE/list
Log:
tracking minor elfsign issue

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-12-01 21:15:49 UTC (rev 15639)
+++ data/CVE/list	2010-12-02 04:19:59 UTC (rev 15640)
@@ -1,3 +1,8 @@
+CVE-2010-XXXX [elfsign uses cryptographically weak md5 hashes]
+	- elfsign <unfixed> (low; bug #555668)
+	[lenny] - elfsign <no-dsa> (a stronger hashing algorithm would completely change functionality of the package)
+	[squeeze] - elfsign <no-dsa> (a stronger hashing algorithm would completely change functionality of the package)
+	NOTE: too late to fix in squeeze release cycle, but this should be fixed for wheezy
 CVE-2010-4354 (The remote-access IPSec VPN implementation on Cisco Adaptive Security ...)
 	TODO: check
 CVE-2010-4353




More information about the Secure-testing-commits mailing list