[Git][security-tracker-team/security-tracker][master] Remove notes for CVE-2009-5146

Salvatore Bonaccorso carnil at debian.org
Tue Feb 18 20:17:12 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
90e03031 by Salvatore Bonaccorso at 2020-02-18T21:15:36+01:00
Remove notes for CVE-2009-5146

Apparently the CVE was withdrawn by its CNA (Mitre or OpenSSL?) because
further investigation showed that it was not a security issue. This is
not entirely clear, because in the first place back then it was assigned
in https://www.openwall.com/lists/oss-security/2015/03/16/7 .

But given MITRE beeing the assigner and now withrawn it follow this
without raising the question to MITRE.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -232877,12 +232877,8 @@ CVE-2009-5147 (DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchle
 	NOTE: In https://github.com/ruby/ruby/commit/07308c4d30b8c5260e5366c8eed2abf054d86fe7
 	NOTE: Discussion http://seclists.org/oss-sec/2015/q3/220
 	NOTE: DL has been replaced in 2.2 with Fiddle which has the same problem according to maintainer.
-CVE-2009-5146 [memory leak in hostname TLS extension]
+CVE-2009-5146
 	REJECTED
-	- openssl 0.9.8k-1
-	NOTE: Fixed by: https://github.com/openssl/openssl/commit/7587347bc48e7e8a1e800e48bb0a658f1557c424 (OpenSSL_0_9_8k)
-	NOTE: Introduced by: https://github.com/openssl/openssl/commit/865a90eb4f0b0e3abbdd9dc2d3a4d57595575315 (OpenSSL_0_9_8f)
-	NOTE: http://www.openwall.com/lists/oss-security/2015/03/16/4
 CVE-2015-2298 (node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allo ...)
 	- etherpad-lite <itp> (bug #576998)
 	NOTE: https://github.com/ether/etherpad-lite/commit/a0fb65205c7d7ff95f00eb9fd88e93b300f30c3d



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/90e03031af1f6327e02acc93c017047e4de9fac1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/90e03031af1f6327e02acc93c017047e4de9fac1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200218/57ee44c4/attachment.html>

More information about the debian-security-tracker-commits mailing list