[Secure-testing-commits] r14349 - data/CVE

Florian Weimer fw at alioth.debian.org
Mon Mar 29 10:06:21 UTC 2010


Author: fw
Date: 2010-03-29 10:06:21 +0000 (Mon, 29 Mar 2010)
New Revision: 14349

Modified:
   data/CVE/list
Log:
CVE-2009-3245: fixup OpenSSL affected information

It seems the CVE entry is wrong (0.9.8m instead of 0.9.8n).


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-03-29 09:48:13 UTC (rev 14348)
+++ data/CVE/list	2010-03-29 10:06:21 UTC (rev 14349)
@@ -6862,8 +6862,9 @@
 	- xulrunner <unfixed> (unimportant)
 	NOTE: browser denial-of-services are unimportant
 CVE-2009-3245 (OpenSSL before 0.9.8m does not check for a NULL return value from ...)
-	- openssl 0.9.8m-1 (low)
-	[lenny] - openssl <no-dsa> (Minor issue)
+	- openssl 0.9.8n-1 (low)
+	[lenny] - openssl <not-affected> (only 0.9.8m is affected with 16 bit shorts)
+	NOTE: http://www.openssl.org/news/secadv_20100324.txt
 CVE-2009-3244 (Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe ...)
 	NOT-FOR-US: Adobe ShockWave Player 
 CVE-2009-3243 (Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and ...)




More information about the Secure-testing-commits mailing list