From 1eeb4a2bb1ab2175e4eca42b8823f9e11e209354 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Tue, 18 Feb 2020 21:15:36 +0100 Subject: Remove notes for CVE-2009-5146 Apparently the CVE was withdrawn by its CNA (Mitre or OpenSSL?) because further investigation showed that it was not a security issue. This is not entirely clear, because in the first place back then it was assigned in https://www.openwall.com/lists/oss-security/2015/03/16/7 . But given MITRE beeing the assigner and now withrawn it follow this without raising the question to MITRE. --- data/CVE/2009.list | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'data/CVE/2009.list') diff --git a/data/CVE/2009.list b/data/CVE/2009.list index d56eb7dc9b..16452a558e 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -52,12 +52,8 @@ CVE-2009-5147 (DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchle NOTE: In https://github.com/ruby/ruby/commit/07308c4d30b8c5260e5366c8eed2abf054d86fe7 NOTE: Discussion http://seclists.org/oss-sec/2015/q3/220 NOTE: DL has been replaced in 2.2 with Fiddle which has the same problem according to maintainer. -CVE-2009-5146 [memory leak in hostname TLS extension] +CVE-2009-5146 REJECTED - - openssl 0.9.8k-1 - NOTE: Fixed by: https://github.com/openssl/openssl/commit/7587347bc48e7e8a1e800e48bb0a658f1557c424 (OpenSSL_0_9_8k) - NOTE: Introduced by: https://github.com/openssl/openssl/commit/865a90eb4f0b0e3abbdd9dc2d3a4d57595575315 (OpenSSL_0_9_8f) - NOTE: http://www.openwall.com/lists/oss-security/2015/03/16/4 CVE-2009-5145 (Cross-site scripting (XSS) vulnerability in ZMI pages that use the man ...) - zope2.12 2.12.10-1 CVE-2009-5144 (mod-gnutls does not validate client certificates when "GnuTLSClientVer ...) -- cgit v1.2.3