Author: gilbert-guest Date: 2009-08-04 03:12:06 +0000 (Tue, 04 Aug 2009) New Revision: 12469 Modified: data/CVE/list Log: certificate spoofing fixed in upstream iceweasel Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-08-03 22:07:13 UTC (rev 12468) +++ data/CVE/list 2009-08-04 03:12:06 UTC (rev 12469) @@ -30,8 +30,10 @@ - poppler <unfixed> (low; bug #534680) CVE-2009-XXXX [openssl: certificate spoofing via null characters] - openssl <unfixed> (medium; bug #539499) + - iceweasel <unfixed> (medium) NOTE: asked maintainer to check whether openssl affected - TODO: determine whether web browsers are also individually vulnerable (i.e. nss) or if a fix in just openssl is sufficient + NOTE: fixed in iceweasel 3.0.13 and 3.5.2, which have yet to be uploaded + TODO: check whether other web browsers are affected and file bugs CVE-2009-2651 (main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote ...) - asterisk <unfixed> (low; bug #539473) [etch] - asterisk <not-affected> (Vulnerable code not present)