[Git][security-tracker-team/security-tracker][master] Remove notes for CVE-2009-5146

Tue, 18 Feb 2020 12:18:07 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
90e03031 by Salvatore Bonaccorso at 2020-02-18T21:15:36+01:00
Remove notes for CVE-2009-5146

Apparently the CVE was withdrawn by its CNA (Mitre or OpenSSL?) because
further investigation showed that it was not a security issue. This is
not entirely clear, because in the first place back then it was assigned
in https://www.openwall.com/lists/oss-security/2015/03/16/7 .

But given MITRE beeing the assigner and now withrawn it follow this
without raising the question to MITRE.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -232877,12 +232877,8 @@ CVE-2009-5147 (DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 
1.9.3, 2.0.0 before patchle
        NOTE: In 
https://github.com/ruby/ruby/commit/07308c4d30b8c5260e5366c8eed2abf054d86fe7
        NOTE: Discussion http://seclists.org/oss-sec/2015/q3/220
        NOTE: DL has been replaced in 2.2 with Fiddle which has the same 
problem according to maintainer.
-CVE-2009-5146 [memory leak in hostname TLS extension]
+CVE-2009-5146
        REJECTED
-       - openssl 0.9.8k-1
-       NOTE: Fixed by: 
https://github.com/openssl/openssl/commit/7587347bc48e7e8a1e800e48bb0a658f1557c424
 (OpenSSL_0_9_8k)
-       NOTE: Introduced by: 
https://github.com/openssl/openssl/commit/865a90eb4f0b0e3abbdd9dc2d3a4d57595575315
 (OpenSSL_0_9_8f)
-       NOTE: http://www.openwall.com/lists/oss-security/2015/03/16/4
 CVE-2015-2298 (node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 
might allo ...)
        - etherpad-lite <itp> (bug #576998)
        NOTE: 
https://github.com/ether/etherpad-lite/commit/a0fb65205c7d7ff95f00eb9fd88e93b300f30c3d



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/90e03031af1f6327e02acc93c017047e4de9fac1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/90e03031af1f6327e02acc93c017047e4de9fac1
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to