[Secure-testing-commits] r15666 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Wed Dec 8 19:51:43 UTC 2010


Author: jmm-guest
Date: 2010-12-08 19:51:40 +0000 (Wed, 08 Dec 2010)
New Revision: 15666

Modified:
   data/CVE/list
Log:
- bug filed for libcgi-pm-perl, partly fixed in sid,
  needed in testing, also affects libcgi-simple-perl
- openssl fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-12-08 11:24:50 UTC (rev 15665)
+++ data/CVE/list	2010-12-08 19:51:40 UTC (rev 15666)
@@ -140,16 +140,14 @@
 CVE-2010-4412 (Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta ...)
 	TODO: check
 CVE-2010-4411 (Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote ...)
-	- libcgi-pm-perl <unfixed>
-	TODO: check
+	- libcgi-pm-perl <unfixed> (bug #606370)
 CVE-2010-4410 (CRLF injection vulnerability in the header function in (1) CGI.pm ...)
-	- libcgi-pm-perl <unfixed>
-	TODO: check
+	- libcgi-pm-perl 3.50-1 (bug #606370)
+	- libcgi-simple-perl <unfixed> (bug #606379)
 CVE-2010-4408 (Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through ...)
 	TODO: check
 CVE-2008-7270 (OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is ...)
-	- openssl <unfixed>
-	TODO: check
+	- openssl 0.9.8k-1
 CVE-2010-4334 [IO::Socket::SSL verify peer mode ignored if no cert supplied]
 	RESERVED
 	- libio-socket-ssl-perl <unfixed> (bug #606058)
@@ -4507,8 +4505,8 @@
 	- xulrunner <not-affected> (Only affects 3.6, only in experimental)
 	- iceweasel <not-affected> (Only affects 3.6, only in experimental)
 CVE-2010-2761 (The multipart_init function in (1) CGI.pm before 3.50 and (2) ...)
-	- libcgi-pm-perl <unfixed>
-	NOTE: 4CF685D7.4070208 at redhat.com
+	- libcgi-pm-perl 3.50-1 (bug #606370)
+	- libcgi-simple-perl <unfixed> (bug #606379)
 CVE-2010-2760 (Use-after-free vulnerability in the nsTreeSelection function in ...)
 	{DSA-2106-1}
 	- xulrunner <removed>




More information about the Secure-testing-commits mailing list