[Secure-testing-commits] r15686 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Sun Dec 12 21:54:28 UTC 2010
Author: gilbert-guest
Date: 2010-12-12 21:54:28 +0000 (Sun, 12 Dec 2010)
New Revision: 15686
Modified:
data/CVE/list
Log:
new issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-12-11 21:14:38 UTC (rev 15685)
+++ data/CVE/list 2010-12-12 21:54:28 UTC (rev 15686)
@@ -514,6 +514,9 @@
NOT-FOR-US: SiteEngine
CVE-2008-7267 (SQL injection vulnerability in announcements.php in SiteEngine 5.x ...)
NOT-FOR-US: SiteEngine
+CVE-2010-XXXX [echoping buffer overflows]
+ - echoping <unfixed> (low; bug #606808)
+ NOTE: not sure if any of these are real security concerns
CVE-2010-XXXX [elfsign uses cryptographically weak md5 hashes]
- elfsign <unfixed> (low; bug #555668)
[lenny] - elfsign <no-dsa> (a stronger hashing algorithm would completely change functionality of the package)
@@ -769,7 +772,7 @@
CVE-2010-4253
RESERVED
CVE-2010-4252 (OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly ...)
- - openssl <unfixed>
+ - openssl <not-affected> (configured with -DOPENSSL_NO_JPAKE; bug #606902)
NOTE: http://www.openssl.org/news/secadv_20101202.txt
CVE-2010-4251
RESERVED
@@ -8650,7 +8653,8 @@
CVE-2010-1379 (Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly ...)
NOT-FOR-US: Apple Mac OS X
CVE-2010-1378 (OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly ...)
- NOT-FOR-US: Apple Mac OS X
+ - openssl <not-affected> (fix for an apple-specific flaw)
+ NOTE: sounds like a duplicate of CVE-2009-2409
CVE-2010-1377 (Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an ...)
NOT-FOR-US: Apple Mac OS X
CVE-2010-1376 (Multiple format string vulnerabilities in Network Authorization in ...)
More information about the Secure-testing-commits
mailing list