[Secure-testing-commits] r13802 - data/CVE

Stefan Fritsch sf at alioth.debian.org
Wed Jan 13 18:58:17 UTC 2010


Author: sf
Date: 2010-01-13 18:58:11 +0000 (Wed, 13 Jan 2010)
New Revision: 13802

Modified:
   data/CVE/list
Log:
new openssl issue

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-01-13 18:48:55 UTC (rev 13801)
+++ data/CVE/list	2010-01-13 18:58:11 UTC (rev 13802)
@@ -989,8 +989,11 @@
 	NOT-FOR-US: IBM Rational ClearQuest
 CVE-2009-4356 (Multiple integer overflows in the jpeg.w5s and png.w5s filters in ...)
 	NOT-FOR-US: Winamp
-CVE-2009-4355
+CVE-2009-4355 [openssl/mod_ssl/php-curl memory leak]
 	RESERVED
+	- openssl <unfixed> (low)
+	[etch] - openssl <not-affected> (affects only 0.9.8f and later)
+	NOTE: apache2 packages in squeeze/sid do not seem to allow exploit
 CVE-2009-4354 (TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not ...)
 	NOT-FOR-US: TransWARE Active
 CVE-2009-4353 (The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 ...)




More information about the Secure-testing-commits mailing list