Author: jmm-guest
Date: 2010-06-04 22:02:46 +0000 (Fri, 04 Jun 2010)
New Revision: 14804
Modified:
data/CVE/list
Log:
new openssl issues not affecting Lenny
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-06-04 21:55:26 UTC (rev 14803)
+++ data/CVE/list 2010-06-04 22:02:46 UTC (rev 14804)
@@ -1233,7 +1233,8 @@
CVE-2010-1634 (Multiple integer overflows in audioop.c in the audioop module
in ...)
TODO: check
CVE-2010-1633 (RSA verification recovery in the EVP_PKEY_verify_recover
function in ...)
- TODO: check
+ - openssl <unfixed> (bug filed)
+ [lenny] - openssl <not-affected> (This bug is only present in OpenSSL
1.0.0)
CVE-2010-1632
RESERVED
CVE-2010-1631
@@ -3803,7 +3804,8 @@
- iscsitarget 0.4.17+svn229-1.4 (medium; bug #574935)
- tgt 1:1.0.3-2 (medium; bug #576086)
CVE-2010-0742 (The Cryptographic Message Syntax (CMS) implementation in ...)
- TODO: check
+ - openssl <unfixed> (bug filed)
+ [lenny] - openssl <not-affected> (CMS is only present in OpenSSL 0.9.8h
and later)
CVE-2010-0741 (The virtio_net_bad_features function in hw/virtio-net.c in the
...)
- linux-2.6 2.6.26-1
CVE-2010-0740 (The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f
through ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits