[Secure-testing-commits] r31306 - data/CVE
Thijs Kinkhorst
thijs at moszumanska.debian.org
Tue Jan 13 19:11:02 UTC 2015
Author: thijs
Date: 2015-01-13 19:11:02 +0000 (Tue, 13 Jan 2015)
New Revision: 31306
Modified:
data/CVE/list
Log:
pound in wheezy vulnerable to ssl issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-13 18:55:28 UTC (rev 31305)
+++ data/CVE/list 2015-01-13 19:11:02 UTC (rev 31306)
@@ -16889,6 +16889,8 @@
- openjdk-8 <unfixed>
- polarssl 1.3.9-2
[wheezy] - polarssl <no-dsa> (Minor issue)
+ - pound 2.6-6 (bug #765539)
+ [wheezy] - pound <unfixed>
- surf <unfixed> (unimportant)
- tlslite <removed>
[wheezy] - tlslite <no-dsa> (Minor issue)
@@ -50350,6 +50352,8 @@
[wheezy] - openssl 1.0.1e-2+deb7u11
[squeeze] - openssl 0.9.8o-4squeeze16
NOTE: openssl redhat announcement https://rhn.redhat.com/errata/RHSA-2013-0587.html
+ - pound 2.6-3 (bug #723731)
+ [wheezy] - pound <unfixed>
CVE-2012-4928 (Cross-site scripting (XSS) vulnerability in ow_updates/index.php in ...)
NOT-FOR-US: Oxwall 1.1.1
CVE-2012-4927 (SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before ...)
@@ -94722,6 +94726,7 @@
[squeeze] - zorp <no-dsa> (Minor issue)
[lenny] - zorp <no-dsa> (Minor issue)
- lighttpd 1.4.30-1
+ - pound 2.6-2
NOTE: for any of the currently unfixed implementations, you can solve the problem by disabling renegotiation
NOTE: the following implement RFC 5746:
NOTE: - openssl 0.9.8m-1
More information about the Secure-testing-commits
mailing list