[Secure-testing-commits] r20990 - data/CVE
Hideki Yamane
henrich at alioth.debian.org
Sun Jan 20 13:45:53 UTC 2013
Author: henrich
Date: 2013-01-20 13:45:52 +0000 (Sun, 20 Jan 2013)
New Revision: 20990
Modified:
data/CVE/list
Log:
CVE-2010-3905: not-affect-us
>>https://security-tracker.debian.org/tracker/CVE-2010-3905
> Name CVE-2010-3905
> Description The password reset feature in the administrator interface for
> Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows
> remote attackers to gain privileges by sending password reset requests for other users.
Now we have Eucalyptus in sid, and its version is 3.1.0, the vulnerability
was already fixed in upstream 2.0.2.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-01-20 12:35:07 UTC (rev 20989)
+++ data/CVE/list 2013-01-20 13:45:52 UTC (rev 20990)
@@ -36312,7 +36312,7 @@
[lenny] - git-core 1.5.6.5-3+lenny3.3
- git 1:1.7.2.3-2.2
CVE-2010-3905 (The password reset feature in the administrator interface for ...)
- - eucalyptus <removed> (bug #608289)
+ - eucalyptus <not-affected> (bug #608289) (It was once removed from archive, then re-added as 3.1.0)
CVE-2010-3904 (The rds_page_copy_user function in net/rds/page.c in the Reliable ...)
- linux-2.6 2.6.32-26
[lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.30)
More information about the Secure-testing-commits
mailing list