Author: jmm-guest
Date: 2010-06-04 22:02:46 +0000 (Fri, 04 Jun 2010)
New Revision: 14804

Modified:
   data/CVE/list
Log:
new openssl issues not affecting Lenny


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2010-06-04 21:55:26 UTC (rev 14803)
+++ data/CVE/list       2010-06-04 22:02:46 UTC (rev 14804)
@@ -1233,7 +1233,8 @@
 CVE-2010-1634 (Multiple integer overflows in audioop.c in the audioop module 
in ...)
        TODO: check
 CVE-2010-1633 (RSA verification recovery in the EVP_PKEY_verify_recover 
function in ...)
-       TODO: check
+       - openssl <unfixed> (bug filed)
+       [lenny] - openssl <not-affected> (This bug is only present in OpenSSL 
1.0.0)
 CVE-2010-1632
        RESERVED
 CVE-2010-1631
@@ -3803,7 +3804,8 @@
        - iscsitarget 0.4.17+svn229-1.4 (medium; bug #574935)
        - tgt 1:1.0.3-2 (medium; bug #576086)
 CVE-2010-0742 (The Cryptographic Message Syntax (CMS) implementation in ...)
-       TODO: check
+       - openssl <unfixed> (bug filed)
+       [lenny] - openssl <not-affected> (CMS is only present in OpenSSL 0.9.8h 
and later)
 CVE-2010-0741 (The virtio_net_bad_features function in hw/virtio-net.c in the 
...)
        - linux-2.6 2.6.26-1
 CVE-2010-0740 (The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f 
through ...)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to