[Secure-testing-commits] r13802 - data/CVE
Stefan Fritsch
sf at alioth.debian.org
Wed Jan 13 18:58:17 UTC 2010
Author: sf
Date: 2010-01-13 18:58:11 +0000 (Wed, 13 Jan 2010)
New Revision: 13802
Modified:
data/CVE/list
Log:
new openssl issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-01-13 18:48:55 UTC (rev 13801)
+++ data/CVE/list 2010-01-13 18:58:11 UTC (rev 13802)
@@ -989,8 +989,11 @@
NOT-FOR-US: IBM Rational ClearQuest
CVE-2009-4356 (Multiple integer overflows in the jpeg.w5s and png.w5s filters in ...)
NOT-FOR-US: Winamp
-CVE-2009-4355
+CVE-2009-4355 [openssl/mod_ssl/php-curl memory leak]
RESERVED
+ - openssl <unfixed> (low)
+ [etch] - openssl <not-affected> (affects only 0.9.8f and later)
+ NOTE: apache2 packages in squeeze/sid do not seem to allow exploit
CVE-2009-4354 (TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not ...)
NOT-FOR-US: TransWARE Active
CVE-2009-4353 (The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 ...)
More information about the Secure-testing-commits
mailing list