Author: jmm-guest
Date: 2009-08-09 19:45:15 +0000 (Sun, 09 Aug 2009)
New Revision: 12540
Modified:
data/CVE/list
Log:
no-dsa for apache/crypt, Stefan please change if you disagree
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-08-09 19:17:06 UTC (rev 12539)
+++ data/CVE/list 2009-08-09 19:45:15 UTC (rev 12540)
@@ -35,6 +35,8 @@
TODO: request CVE id
CVE-2009-XXXX [apache2: only first 8 characters used to validate password]
- apache2 <unfixed> (low; bug #539246)
+ [lenny] - apache2 <no-dsa> (Standard behaviour of crypt)
+ [etch] - apache2 <no-dsa> (Standard behaviour of crypt)
CVE-2009-XXXX [gnudips: remote priviledge escalation]
- gnudips <unfixed> (medium; bug #539452)
TODO: request CVE id
@@ -938,7 +940,8 @@
- mysql-dfsg-5.0 <unfixed> (low; bug #536726)
TODO: check lenny/sid; they are likely fixed according to the report, but i
did not check
CVE-2009-XXXX [libio-socket-ssl-perl: partial hostname matching vulnerability]
- - libio-socket-ssl-perl 1.26-1 (medium; bug #535946)
+ - libio-socket-ssl-perl 1.26-1 (low; bug #535946)
+ [lenny] - libio-socket-ssl-perl <no-dsa> (Scheduled for next point
update)
TODO: next point release: [lenny] - libio-socket-ssl-perl 1.16-1+lenny1
NOTE: hostname validition is not implemented until 1.14, so etch
NOTE: is in a way is not affected, but in another sense, it is