[Secure-testing-commits] r14273 - data/CVE
Pedro Ribeiro
pedrib-guest at alioth.debian.org
Tue Mar 16 01:24:52 UTC 2010
Author: pedrib-guest
Date: 2010-03-16 01:24:51 +0000 (Tue, 16 Mar 2010)
New Revision: 14273
Modified:
data/CVE/list
Log:
solved 3 outstanding issues with tor, 2010-0383 to -385
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-03-15 21:14:24 UTC (rev 14272)
+++ data/CVE/list 2010-03-16 01:24:51 UTC (rev 14273)
@@ -1614,14 +1614,16 @@
NOT-FOR-US: Sun Java System Application Server
CVE-2010-0385 (Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when ...)
- tor 0.2.1.22-1 (low)
- TODO: check
+ [lenny] - tor <not-affected> (only affects versions > 0.2.1.6-alpha)
+ NOTE: the CVE entry is wrong, only 0.2.1.6-alpha and up are affected
+ NOTE: confirmed with Tor developers, Lenny is not affected
CVE-2010-0384 (Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory ...)
- - tor <unfixed>
- TODO: check
+ - tor <not-affected> (only affects versions 0.2.2.x)
+ [lenny] - tor <not-affected> (only affects versions 0.2.2.x)
+ NOTE: does not appear to be a real vulnerability?
CVE-2010-0383 (Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated ...)
- - tor 0.2.1.22-1 (low)
- TODO: check
- NOTE: This doesn't seem a security issue, old clients won't accept two directory authorities anymore due to the renewed keys
+ - tor 0.2.1.22-1 (medium)
+ [lenny] - tor 0.2.0.35-1~lenny2 (medium)
CVE-2010-0382 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before ...)
- bind9 1:9.7.0.dfsg-1
CVE-2010-0381 (SQL injection vulnerability in modules/arcade/index.php in PHP MySpace ...)
More information about the Secure-testing-commits
mailing list