[Secure-testing-commits] r24073 - data/CVE
Helmut Grohne
helmutg at alioth.debian.org
Sat Oct 19 07:38:06 UTC 2013
Author: helmutg
Date: 2013-10-19 07:38:06 +0000 (Sat, 19 Oct 2013)
New Revision: 24073
Modified:
data/CVE/list
Log:
report back on CVE-2013-4786 investigation
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-10-19 06:49:23 UTC (rev 24072)
+++ data/CVE/list 2013-10-19 07:38:06 UTC (rev 24073)
@@ -2948,8 +2948,8 @@
CVE-2013-4787 (Android 1.6 Donut through 4.2 Jelly Bean does not properly check ...)
NOT-FOR-US: Android
CVE-2013-4786 (The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange ...)
- TODO: check
NOTE: Design flaw in the IPMI 2.0 specification. Any correctly implemented device is vulnerable.
+ NOTE: Contacted relevant maintainers: Since few to no devices do mutual authentication, tools shipped by Debian are generally not affected. At best, the tools can print a warning for vulnerable devices.
CVE-2013-4784 (The HP Integrated Lights-Out (iLO) BMC implementation allows remote ...)
NOT-FOR-US: HP IPMI device
CVE-2013-4781 (core/getLog.php on the Siemens Enterprise OpenScape Branch appliance ...)
More information about the Secure-testing-commits
mailing list