[Secure-testing-commits] r14349 - data/CVE
Florian Weimer
fw at alioth.debian.org
Mon Mar 29 10:06:21 UTC 2010
Author: fw
Date: 2010-03-29 10:06:21 +0000 (Mon, 29 Mar 2010)
New Revision: 14349
Modified:
data/CVE/list
Log:
CVE-2009-3245: fixup OpenSSL affected information
It seems the CVE entry is wrong (0.9.8m instead of 0.9.8n).
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-03-29 09:48:13 UTC (rev 14348)
+++ data/CVE/list 2010-03-29 10:06:21 UTC (rev 14349)
@@ -6862,8 +6862,9 @@
- xulrunner <unfixed> (unimportant)
NOTE: browser denial-of-services are unimportant
CVE-2009-3245 (OpenSSL before 0.9.8m does not check for a NULL return value from ...)
- - openssl 0.9.8m-1 (low)
- [lenny] - openssl <no-dsa> (Minor issue)
+ - openssl 0.9.8n-1 (low)
+ [lenny] - openssl <not-affected> (only 0.9.8m is affected with 16 bit shorts)
+ NOTE: http://www.openssl.org/news/secadv_20100324.txt
CVE-2009-3244 (Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe ...)
NOT-FOR-US: Adobe ShockWave Player
CVE-2009-3243 (Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and ...)
More information about the Secure-testing-commits
mailing list