[Secure-testing-commits] r13967 - in data: . CVE

[Michael Gilbert]

Author: gilbert-guest
Date: 2010-01-30 03:59:29 +0000 (Sat, 30 Jan 2010)
New Revision: 13967

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
re-add mysql notes; courier embeds maildrop

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-01-29 22:34:30 UTC (rev 13966)
+++ data/CVE/list	2010-01-30 03:59:29 UTC (rev 13967)
@@ -319,6 +319,7 @@
 	RESERVED
 	{DSA-1981-1}
 	- maildrop 2.2.0-3.1 (low; bug #564601)
+	TODO: check courier (embeds maildrop)
 CVE-2010-0300 [ircd-ratbox: NULL pointer vulnerability]
 	RESERVED
 	{DSA-1980-1}
@@ -1038,6 +1039,9 @@
 CVE-2009-4484 (Buffer overflow in the server in MySQL 5.0.51a on Linux allows remote ...)
 	- mysql-dfsg-5.0 <removed> (medium)
 	- mysql-dfsg-5.1 5.1.41-4 (medium)
+	TODO: check yassl and other packages embedding it
+	NOTE: http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html
+	NOTE: http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1
 	NOTE: maintainer working on updates
 CVE-2009-4483 (Unspecified vulnerability in LDAP3A.exe in MailSite 8.0.4 allows ...)
 	NOT-FOR-US: MailSite

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2010-01-29 22:34:30 UTC (rev 13966)
+++ data/embedded-code-copies	2010-01-30 03:59:29 UTC (rev 13967)
@@ -1734,3 +1734,6 @@
 ruby1.9.1
         - ruby1.9 <unfixed> (old-version)
         - ruby1.8 <unfixed> (old-version)
+
+maildrop
+        - courier <unfixed> (embed) [./maildrop]