[Secure-testing-commits] r14215 - data/CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Sun Mar 7 21:05:45 UTC 2010
Author: jmm-guest
Date: 2010-03-07 21:05:43 +0000 (Sun, 07 Mar 2010)
New Revision: 14215
Modified:
data/CVE/list
Log:
- Kerberos support disabled in openssl
- Mark the other issue as unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-03-07 21:03:17 UTC (rev 14214)
+++ data/CVE/list 2010-03-07 21:05:43 UTC (rev 14215)
@@ -294,7 +294,7 @@
CVE-2010-XXXX [linux-ftpd: null ptr dereference]
- linux-ftpd <unfixed> (low; bug #572813)
CVE-2010-XXXX [openssl power supply fluctuation fault-based key disclosure]
- - openssl <unfixed> (low)
+ - openssl <unfixed> (unimportant)
NOTE: http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf
NOTE: somewhat impractical right now, but the openssl developers are working
NOTE: on a fix just in case
@@ -1322,9 +1322,8 @@
RESERVED
CVE-2010-0433 [openssl remote crash]
RESERVED
- - openssl <undetermined>
+ - openssl <not-affected> (Kerberos support not enabled)
NOTE: http://www.openwall.com/lists/oss-security/2010/03/03/5
- TODO: check
CVE-2010-0432
RESERVED
CVE-2010-0431
More information about the Secure-testing-commits
mailing list