[Secure-testing-commits] r17735 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Fri Dec 2 10:18:13 UTC 2011
Author: jmm
Date: 2011-12-02 10:18:13 +0000 (Fri, 02 Dec 2011)
New Revision: 17735
Modified:
data/CVE/list
Log:
openldap issue not exploitable
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-12-02 09:45:38 UTC (rev 17734)
+++ data/CVE/list 2011-12-02 10:18:13 UTC (rev 17735)
@@ -1581,7 +1581,10 @@
[lenny] - linux-2.6 <not-affected> (introduced in 2.6.37 with eaf06b241b091357e72b76863ba16e89610d31bd)
[squeeze] - linux-2.6 <not-affected> (introduced in 2.6.37 with eaf06b241b091357e72b76863ba16e89610d31bd)
CVE-2011-4079 (Off-by-one error in the UTF8StringNormalize function in OpenLDAP ...)
- - openldap <unfixed> (low; bug #647610)
+ - openldap <unfixed> (unimportant; bug #647610)
+ NOTE: Not exploitable with glibc, see
+ NOTE: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7059;selectid=7059
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4079
CVE-2011-4078 (include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP ...)
- roundcube 0.6+dfsg-1 (bug #646675)
[squeeze] - roundcube <no-dsa> (squeeze PHP version does not expose the issue)
More information about the Secure-testing-commits
mailing list