Author: gilbert-guest Date: 2009-07-20 16:03:13 +0000 (Mon, 20 Jul 2009) New Revision: 12384 Modified: data/CVE/list Log: libio-ssl issue already exists in tracker Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-07-20 00:34:53 UTC (rev 12383) +++ data/CVE/list 2009-07-20 16:03:13 UTC (rev 12384) @@ -1,8 +1,3 @@ -CVE-2009-XXXX [incorrect validation of hostnames] - - libio-socket-ssl-perl 1.26-1 (medium; bug #537633) - NOTE: hostname validition is not implemented until 1.14, so etch - NOTE: is in a way is not affected, but in another sense, it is - NOTE: completely affected since no validation done at all CVE-2009-XXXX [mediawiki: multiple vulnerabilities] - mediawiki <unfixed> (medium; bug #537634) [etch] - mediawiki <not-affected> (vulnerably code introduced in 1.14.0) @@ -197,6 +192,9 @@ TODO: check lenny/sid; they are likely fixed according to the report, but i did not check CVE-2009-XXXX [libio-socket-ssl-perl: partial hostname matching vulnerability] - libio-socket-ssl-perl 1.26-1 (medium; bug #535946) + NOTE: hostname validition is not implemented until 1.14, so etch + NOTE: is in a way is not affected, but in another sense, it is + NOTE: completely affected since no validation done at all CVE-2009-2421 (The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in ...) NOT-FOR-US: Apple Safari CVE-2009-2420 (Apple Safari 3.2.3 does not properly implement the file: protocol ...)