diff options
author | Nico Golde <nion@debian.org> | 2011-09-10 12:43:33 +0000 |
---|---|---|
committer | Nico Golde <nion@debian.org> | 2011-09-10 12:43:33 +0000 |
commit | eb965f6d65162f4a760ba848fe50dd99c488da01 (patch) | |
tree | 55af1c2be5caa99934a9c465eb6bdb99ac256f09 /data | |
parent | f31f943af0d0fd2e1694fad8693f217967bf3383 (diff) |
- NFUs
- new openssl issues fixed in 1.0.0e-1
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@17207 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/data/CVE/list b/data/CVE/list index cc17a505c2..fba1d56174 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,7 +1,7 @@ CVE-2011-3392 (Cross-site scripting (XSS) vulnerability in control.php in the ...) - TODO: check + NOT-FOR-US: Phorum CVE-2011-3391 (IBM Rational Build Forge 7.1.2 relies on client-side JavaScript code ...) - TODO: check + NOT-FOR-US: IBM Rational Build Forge CVE-2011-3354 [quassel ctcp DoS] RESERVED - quassel <unfixed> (low; bug #640960) @@ -414,6 +414,9 @@ CVE-2011-3211 [unescaped remote shell] NOTE: information as reported by maintainer CVE-2011-3210 RESERVED + - openssl 1.0.0e-1 + [lenny] - openssl <no-dsa> (Minor issue) + [squeeze] - openssl <no-dsa> (Minor issue) CVE-2011-3209 RESERVED CVE-2011-3208 @@ -422,8 +425,11 @@ CVE-2011-3208 - cyrus-imapd-2.4 <unfixed> (medium) - kolab-cyrus-imapd <unfixed> (medium) TODO: file bugs -CVE-2011-3207 +CVE-2011-3207 [openssl CRL verification vulnerability] RESERVED + - openssl 1.0.0e-1 + [squeeze] - openssl <not-affected> (only affects 1.0.0 through 1.0.0d) + [lenny] - openssl <not-affected> (only affects 1.0.0 through 1.0.0d) CVE-2011-3206 RESERVED CVE-2011-3205 (Buffer overflow in the gopherToHTML function in gopher.cc in the ...) @@ -3707,7 +3713,7 @@ CVE-2011-1947 (fetchmail 5.9.9 through 6.3.19 does not properly limit the wait t CVE-2011-1946 (gnomesu-pam-backend in libgnomesu 1.0.0 prints an error message but ...) NOT-FOR-US: libgnomesu CVE-2011-1945 (The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and ...) - - openssl <unfixed> (low) + - openssl 1.0.0e-1 (low) CVE-2011-1944 (Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x ...) {DSA-2255-1} - libxml2 2.7.8.dfsg-3 (bug #628537) @@ -20691,7 +20697,7 @@ CVE-2010-0743 (Multiple format string vulnerabilities in isns.c in (1) Linux SCS - iscsitarget 0.4.17+svn229-1.4 (medium; bug #574935) - tgt 1:1.0.3-2 (medium; bug #576086) CVE-2010-0742 (The Cryptographic Message Syntax (CMS) implementation in ...) - - openssl <unfixed> (unimportant; bug #584592) + - openssl 1.0.0e-1 (unimportant; bug #584592) [lenny] - openssl <not-affected> (CMS is only present in OpenSSL 0.9.8h and later) NOTE: unimportant since cms is disabled by default CVE-2010-0741 (The virtio_net_bad_features function in hw/virtio-net.c in the ...) |