[Secure-testing-commits] r21888 - data/CVE
Michael Gilbert
mgilbert at alioth.debian.org
Mon Apr 8 02:29:59 UTC 2013
Author: mgilbert
Date: 2013-04-08 02:29:58 +0000 (Mon, 08 Apr 2013)
New Revision: 21888
Modified:
data/CVE/list
Log:
update yassl issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-04-08 02:18:50 UTC (rev 21887)
+++ data/CVE/list 2013-04-08 02:29:58 UTC (rev 21888)
@@ -2978,8 +2978,9 @@
CVE-2013-1492 (Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and ...)
- mysql-5.1 <removed>
- mysql-5.5 5.5.30+dfsg-1
+ - cyassl <itp> (bug #598391)
+ - libyassl <itp> (bug #664533)
NOTE: https://blogs.oracle.com/sunsecurity/entry/cve_2013_1492_buffer_overflow
- TODO: check
CVE-2013-1491 (Oracle Java 7 Update 17, and possibly other versions, allows remote ...)
- openjdk-7 <undetermined>
CVE-2013-1490 (Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE ...)
@@ -20977,9 +20978,10 @@
CVE-2012-0883 (envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 ...)
- apache2 <not-affected> (LD_LIBRARY_PATH not set in debian package)
CVE-2012-0882 (Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other ...)
- - mysql-5.1 <undetermined> (bug #675872)
+ - mysql-5.5 <undetermined> (bug #675872)
+ - cyassl <itp> (bug #598391)
+ - libyassl <itp> (bug #664533)
NOTE: limited information about issue, only a video of exploit taking place
- NOTE: This is likely fixed in current releases (5.1.62 updated yassl), marking as <undetermined> for now
CVE-2012-0881
RESERVED
CVE-2012-0880
@@ -21779,8 +21781,9 @@
CVE-2012-0553 (Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and ...)
- mysql-5.1 <removed>
- mysql-5.5 5.5.28+dfsg-1
+ - cyassl <itp> (bug #598391)
+ - libyassl <itp> (bug #664533)
NOTE: https://blogs.oracle.com/sunsecurity/entry/cve_2012_0553_buffer_overflow
- TODO: check
CVE-2012-0552 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...)
NOT-FOR-US: Oracle Database Server
CVE-2012-0551 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...)
@@ -51409,6 +51412,8 @@
{DSA-1997-1}
- mysql-dfsg-5.0 <removed> (medium)
- mysql-5.1 5.1.41-4 (medium)
+ - cyassl <itp> (bug #598391)
+ - libyassl <itp> (bug #664533)
NOTE: http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html
NOTE: http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1
CVE-2009-4483 (Unspecified vulnerability in LDAP3A.exe in MailSite 8.0.4 allows ...)
@@ -80600,10 +80605,14 @@
{DSA-1478-1}
- mysql-dfsg-4.1 <removed>
- mysql-dfsg-5.0 5.0.51-3 (low; bug #460873)
+ - cyassl <itp> (bug #598391)
+ - libyassl <itp> (bug #664533)
CVE-2008-0226 (Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL ...)
{DSA-1478-1}
- mysql-dfsg-4.1 <removed>
- mysql-dfsg-5.0 5.0.51-3 (medium; bug #460873)
+ - cyassl <itp> (bug #598391)
+ - libyassl <itp> (bug #664533)
CVE-2008-0225 (Heap-based buffer overflow in the rmff_dump_cont function in ...)
{DSA-1472-1 DTSA-109-1}
- xine-lib 1.1.10-1 (medium; bug #460551)
@@ -117269,7 +117278,8 @@
{DSA-907-1}
- ipmenu 0.0.3-5
CVE-2005-3731 (Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and ...)
- NOT-FOR-US: yaSSL
+ - cyassl <itp> (bug #598391)
+ - libyassl <itp> (bug #664533)
CVE-2005-3730 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Revize CMS
CVE-2005-3729 (Idetix Software Systems Revize CMS allows remote attackers to obtain ...)
More information about the Secure-testing-commits
mailing list