[Secure-testing-commits] r14814 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Sun Jun 6 04:04:58 UTC 2010 

Author: gilbert-guest
Date: 2010-06-06 04:04:57 +0000 (Sun, 06 Jun 2010)
New Revision: 14814

Modified:
   data/CVE/list
Log:
python/openssl info

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-06-06 03:43:15 UTC (rev 14813)
+++ data/CVE/list	2010-06-06 04:04:57 UTC (rev 14814)
@@ -155,6 +155,7 @@
 CVE-2010-2090 (The npb_protocol_error function in sna V5router64 in IBM ...)
 	NOT-FOR-US: IBM Communications Server
 CVE-2010-2089 (The audioop module in Python 2.7 and 3.2 does not verify the ...)
+	- python3.1 <not-affected> (poc not effective)
 	- python2.7 <unfixed> (low)
 	- python2.6 <unfixed> (low)
 	- python2.5 <unfixed> (low)
@@ -1239,14 +1240,14 @@
 	- samba <unfixed> (unimportant)
 	NOTE: Only crashes a single connection, not the entire smbd
 CVE-2010-1634 (Multiple integer overflows in audioop.c in the audioop module in ...)
-	- python3.1 <undetermined>
+	- python3.1 <unfixed>
 	- python2.7 <unfixed>
 	- python2.6 <unfixed>
 	- python2.5 <unfixed>
 	- python2.4 <removed>
 CVE-2010-1633 (RSA verification recovery in the EVP_PKEY_verify_recover function in ...)
-	- openssl <unfixed> (bug filed)
-	[lenny] - openssl <not-affected> (This bug is only present in OpenSSL 1.0.0)
+	- openssl <not-affected> (This bug is only present in OpenSSL 1.0.0)
+	TODO: recheck once >= 1.0.0 gets uploaded        
 CVE-2010-1632
 	RESERVED
 CVE-2010-1631
@@ -3826,8 +3827,9 @@
 	- iscsitarget 0.4.17+svn229-1.4 (medium; bug #574935)
 	- tgt 1:1.0.3-2 (medium; bug #576086)
 CVE-2010-0742 (The Cryptographic Message Syntax (CMS) implementation in ...)
-	- openssl <unfixed> (bug filed)
+	- openssl <unfixed> (unimportant; bug #584592)
 	[lenny] - openssl <not-affected> (CMS is only present in OpenSSL 0.9.8h and later)
+	NOTE: unimportant since cms is disabled by default
 CVE-2010-0741 (The virtio_net_bad_features function in hw/virtio-net.c in the ...)
 	- linux-2.6 2.6.26-1
 CVE-2010-0740 (The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through ...)

More information about the Secure-testing-commits mailing list