[Secure-testing-commits] r17236 - data/CVE

[Raphael Geissert]

Author: geissert
Date: 2011-09-14 01:35:33 +0000 (Wed, 14 Sep 2011)
New Revision: 17236

Modified:
   data/CVE/list
Log:
openssl's CVE-2008-7270 was already fixed in lenny


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-09-14 00:03:48 UTC (rev 17235)
+++ data/CVE/list	2011-09-14 01:35:33 UTC (rev 17236)
@@ -10422,6 +10422,9 @@
 	NOT-FOR-US: Apache archiva
 CVE-2008-7270 (OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is ...)
 	- openssl 0.9.8k-1
+	[lenny] - openssl 0.9.8g-15+lenny11
+	NOTE: lenny was fixed as a side effect of the fix of CVE-2010-4180
+	NOTE: which disabled the bug compatibility code
 CVE-2010-4334 (IO::Socket::SSL Perl module 1.35, when verify_mode is not VERIFY_NONE, ...)
 	- libio-socket-ssl-perl 1.35-1 (bug #606058)
 	[squeeze] - libio-socket-ssl-perl 1.33-1+squeeze1