[Secure-testing-commits] r14332 - data/CVE

Steffen Joeris white at alioth.debian.org
Sat Mar 27 05:06:36 UTC 2010


Author: white
Date: 2010-03-27 05:06:28 +0000 (Sat, 27 Mar 2010)
New Revision: 14332

Modified:
   data/CVE/list
Log:
curl fixed in sid/testing, vulnerable in stable

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-03-27 04:31:20 UTC (rev 14331)
+++ data/CVE/list	2010-03-27 05:06:28 UTC (rev 14332)
@@ -1064,10 +1064,9 @@
 CVE-2010-0735
 	REJECTED
 CVE-2010-0734 (content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is ...)
-	- curl <undetermined>
-	NOTE: only affected when automatic decompression set, which is off by default upstream
+	- curl 7.20.0-1 (low)
 	NOTE: http://www.openwall.com/lists/oss-security/2010/03/16/11
-	TODO: check
+	NOTE: depends on the application that uses libcurl
 CVE-2010-0733 (Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL ...)
 	- postgresql-7.4 <undetermined>
 	- postgresql-8.1 <undetermined>




More information about the Secure-testing-commits mailing list