[Secure-testing-commits] r28566 - data/CVE

Tue Sep 2 17:52:08 UTC 2014

Author: fgeek-guest
Date: 2014-09-02 17:52:08 +0000 (Tue, 02 Sep 2014)
New Revision: 28566

Modified:
   data/CVE/list
Log:
cyassl

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2014-09-02 16:40:27 UTC (rev 28565)
+++ data/CVE/list	2014-09-02 17:52:08 UTC (rev 28566)
@@ -6402,29 +6402,38 @@
 	NOTE: https://drupal.org/SA-CORE-2014-002
 CVE-2014-2904
 	RESERVED
-	- cyassl <itp> (bug #598391)
+	- cyassl <unfixed>
+	TODO: check
 CVE-2014-2903
 	RESERVED
-	- cyassl <itp> (bug #598391)
+	- cyassl <unfixed>
+	TODO: check
 CVE-2014-2902
 	RESERVED
-	- cyassl <itp> (bug #598391)
+	- cyassl <unfixed>
+	TODO: check
 CVE-2014-2901
 	RESERVED
-	- cyassl <itp> (bug #598391)
+	- cyassl <unfixed>
+	TODO: check
 CVE-2014-2900 (wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 ...)
-	- cyassl <itp> (bug #598391)
+	- cyassl <unfixed>
+	TODO: check
 CVE-2014-2899 (wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial ...)
-	- cyassl <itp> (bug #598391)
+	- cyassl <unfixed>
+	TODO: check
 CVE-2014-2898
 	RESERVED
-	- cyassl <itp> (bug #598391)
+	- cyassl <unfixed>
+	TODO: check
 CVE-2014-2897
 	RESERVED
-	- cyassl <itp> (bug #598391)
+	- cyassl <unfixed>
+	TODO: check
 CVE-2014-2896
 	RESERVED
-	- cyassl <itp> (bug #598391)
+	- cyassl <unfixed>
+	TODO: check
 CVE-2014-2890 (Cross-site scripting (XSS) vulnerability in the wrap_html function in ...)
 	- phpmyid <itp> (bug #492325)
 CVE-2014-2888 (lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows ...)
@@ -29280,8 +29289,9 @@
 	{DSA-2780-1}
 	- mysql-5.1 <removed>
 	- mysql-5.5 5.5.30+dfsg-1.1 (bug #699886)
-	- cyassl <itp> (bug #598391)
 	- libyassl <itp> (bug #664533)
+	- cyassl <unfixed>
+	TODO: check cyassl
 CVE-2013-1622
 	REJECTED
 CVE-2013-1621 (Array index error in the SSL module in PolarSSL before 1.2.5 might ...)
@@ -29605,8 +29615,9 @@
 	{DSA-2780-1}
 	- mysql-5.1 <removed> (bug #712059)
 	- mysql-5.5 5.5.30+dfsg-1
-	- cyassl <itp> (bug #598391)
 	- libyassl <itp> (bug #664533)
+	- cyassl <unfixed>
+	TODO: check cyassl
 	NOTE: https://blogs.oracle.com/sunsecurity/entry/cve_2013_1492_buffer_overflow
 CVE-2013-1491 (The Java Runtime Environment (JRE) component in Oracle Java SE 7 ...)
 	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
@@ -46590,7 +46601,8 @@
 CVE-2012-1559
 	RESERVED
 CVE-2012-1558 (yaSSL CyaSSL before 2.0.8 allows remote attackers to cause a denial of ...)
-	- cyassl <itp> (bug #598391)
+	- cyassl <unfixed>
+	TODO: check
 	NOTE: https://github.com/cyassl/cyassl/commit/6b77c8967aa34f2a0bae85e90a469c4170cb2bb1
 CVE-2012-1557 (SQL injection vulnerability in admin/plib/api-rpc/Agent.php in ...)
 	NOT-FOR-US: Parallels Plesk Panel
@@ -48185,8 +48197,9 @@
 	- apache2 <not-affected> (LD_LIBRARY_PATH not set in debian package)
 CVE-2012-0882 (Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other ...)
 	- mysql-5.5 5.5.22 (bug #675872)
-	- cyassl <itp> (bug #598391)
 	- libyassl <itp> (bug #664533)
+	- cyassl <unfixed>
+	TODO: check cyassl
 	NOTE: limited information about issue, only a video of exploit taking place
 CVE-2012-0881 [xerces-j2 hash table collisions CPU usage DoS]
 	RESERVED
@@ -48997,8 +49010,9 @@
 	{DSA-2780-1}
 	- mysql-5.1 <removed> (bug #712059)
 	- mysql-5.5 5.5.28+dfsg-1
-	- cyassl <itp> (bug #598391)
 	- libyassl <itp> (bug #664533)
+	- cyassl <unfixed>
+	TODO: check cyassl
 	NOTE: https://blogs.oracle.com/sunsecurity/entry/cve_2012_0553_buffer_overflow
 CVE-2012-0552 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...)
 	NOT-FOR-US: Oracle Database Server
@@ -78845,8 +78859,9 @@
 	{DSA-1997-1}
 	- mysql-dfsg-5.0 <removed> (medium)
 	- mysql-5.1 5.1.41-4 (medium)
-	- cyassl <itp> (bug #598391)
 	- libyassl <itp> (bug #664533)
+	- cyassl <unfixed>
+	TODO: check cyassl
 	NOTE: http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html
 	NOTE: http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1
 CVE-2009-4483 (Unspecified vulnerability in LDAP3A.exe in MailSite 8.0.4 allows ...)
@@ -107999,14 +108014,16 @@
 	{DSA-1478-1}
 	- mysql-dfsg-4.1 <removed>
 	- mysql-dfsg-5.0 5.0.51-3 (low; bug #460873)
-	- cyassl <itp> (bug #598391)
 	- libyassl <itp> (bug #664533)
+	- cyassl <unfixed>
+	TODO: check cyassl
 CVE-2008-0226 (Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL ...)
 	{DSA-1478-1}
 	- mysql-dfsg-4.1 <removed>
 	- mysql-dfsg-5.0 5.0.51-3 (medium; bug #460873)
-	- cyassl <itp> (bug #598391)
 	- libyassl <itp> (bug #664533)
+	- cyassl <unfixed>
+	TODO: check cyassl
 CVE-2008-0225 (Heap-based buffer overflow in the rmff_dump_cont function in ...)
 	{DSA-1472-1 DTSA-109-1}
 	- xine-lib 1.1.10-1 (medium; bug #460551)
@@ -144685,8 +144702,9 @@
 	{DSA-907-1}
 	- ipmenu 0.0.3-5
 CVE-2005-3731 (Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and ...)
-	- cyassl <itp> (bug #598391)
 	- libyassl <itp> (bug #664533)
+	- cyassl <unfixed>
+	TODO: check cyassl
 CVE-2005-3730 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: Revize CMS
 CVE-2005-3729 (Idetix Software Systems Revize CMS allows remote attackers to obtain ...)


