[Secure-testing-commits] r14168 - in data: . CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Mon Mar 1 18:34:34 UTC 2010
Author: jmm-guest
Date: 2010-03-01 18:34:30 +0000 (Mon, 01 Mar 2010)
New Revision: 14168
Modified:
data/CVE-2009-3555
data/CVE/list
data/embedded-code-copies
Log:
- new openssl issue
- typo3 fixed
- adjust fixed version of gnash/ltdl, at least later revisions
seem to have reintroduced static linking
- new asterisk issue
- openldap ssl cert issue already tracked as CVE-2009-3767
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-03-01 17:10:33 UTC (rev 14167)
+++ data/CVE/list 2010-03-01 18:34:30 UTC (rev 14168)
@@ -92,8 +92,11 @@
NOT-FOR-US: TIBCO Administrator
CVE-2010-0682 (WordPress 2.9 before 2.9.2 allows remote authenticated users to read ...)
TODO: check
+CVE-2010-XXXX [http://downloads.digium.com/pub/security/AST-2010-003.pdf]
+ - asterisk <unfixed>
+ [lenny] - asterisk <not-affected> (Only affects Asterisk 1.6)
CVE-2010-XXXX [multiple typo issues]
- - typo3-src <unfixed> (bug #571151)
+ - typo3-src 4.3.2-1 (bug #571151)
CVE-2010-0681 (ZeusCMS 0.2 stores sensitive information under the web root with ...)
NOT-FOR-US: ZeusCMS
CVE-2010-0680 (Directory traversal vulnerability in index.php in ZeusCMS 0.2 allows ...)
@@ -4171,7 +4174,7 @@
- ggobi 2.1.9~20091212-1 (low; bug #559806)
[etch] - ggobi <no-dsa> (Minor issue)
[lenny] - ggobi <no-dsa> (Minor issue)
- - gnash 0.7.2+cvs20070428.1515-1 (low; bug #559808)
+ - gnash 0.8.7-2 (low; bug #559808)
- gnu-smalltalk 3.1-2 (low; bug #559809)
[lenny] - gnu-smalltalk <no-dsa> (Minor issue)
[etch] - gnu-smalltalk <no-dsa> (Minor issue)
@@ -5672,6 +5675,7 @@
NOTE: browser denial-of-services are unimportant
CVE-2009-3245
RESERVED
+ - openssl 0.9.8m-1
CVE-2009-3244 (Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe ...)
NOT-FOR-US: Adobe ShockWave Player
CVE-2009-3243 (Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and ...)
@@ -8112,7 +8116,6 @@
CVE-2009-2408 (Mozilla Network Security Services (NSS) before 3.12.3, Firefox before ...)
{DSA-1874-1}
- nss 3.12.3-1 (medium; bug #539934)
- - openldap <unfixed> (bug #572005)
CVE-2009-2651 (main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote ...)
- asterisk 1:1.6.2.0~dfsg~rc1-1 (low; bug #539473)
[etch] - asterisk <not-affected> (Vulnerable code not present)
Modified: data/CVE-2009-3555
===================================================================
--- data/CVE-2009-3555 2010-03-01 17:10:33 UTC (rev 14167)
+++ data/CVE-2009-3555 2010-03-01 18:34:30 UTC (rev 14168)
@@ -30,3 +30,6 @@
Candidates for modification:
- libapache-mod-ssl (oldstable only) bug #556942, no patch yet
+
+Applications, which implement RfC 5746:
+- openssl 0.9.8m-1
\ No newline at end of file
Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies 2010-03-01 17:10:33 UTC (rev 14167)
+++ data/embedded-code-copies 2010-03-01 18:34:30 UTC (rev 14168)
@@ -1583,7 +1583,7 @@
- ggobi 2.1.9~20091212-1 (embed)
- glame 2.0.1-4 (embed)
NOTE: The etch version of glame was the earliest version checked, might be fixed earlier
- - gnash 0.7.2+cvs20070428.1515-1 (embed)
+ - gnash 0.8.7-2 (embed)
- gnu-smalltalk <unfixed> (embed; bug #566777)
- google-gadgets 0.10.5-0.3 (embed)
NOTE: 0.10.5-0.3 was the earliest version checked, was fixed earlier
More information about the Secure-testing-commits
mailing list