Author: gilbert-guest Date: 2009-07-13 17:15:30 +0000 (Mon, 13 Jul 2009) New Revision: 12332 Modified: data/CVE/list Log: predictable PRNG fixed in debian''s lynx package, dillo et. al. still affected Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-07-13 15:45:24 UTC (rev 12331) +++ data/CVE/list 2009-07-13 17:15:30 UTC (rev 12332) @@ -1133,7 +1133,12 @@ [lenny] - w3m <no-dsa> (Minor issue) [etch] - w3m <no-dsa> (Minor issue) - chromium-browser <itp> (low; bug #520324) - NOTE: lynx and dillo not affected, don''t support Javascript and multipart/form-data + - lynx 2.8.7rel.1-1 (low; bug #532520) + [lenny] - lynx <no-dsa> (Minor issue) + [etch] - lynx <no-dsa> (Minor issue) + - dillo <unfixed> (low; bug #532522) + [lenny] - dillo <no-dsa> (Minor issue) + [etch] - dillo <no-dsa> (Minor issue) NOTE: These issues can be fixed in more recent upstream versions, but the risk NOTE: of regression doesn''t outweigh the issue at hand CVE-2009-1961 (The inode double locking code in fs/ocfs2/file.c in the Linux kernel ...)