Author: jmm-guest Date: 2010-11-08 09:29:05 +0000 (Mon, 08 Nov 2010) New Revision: 15570 Modified: data/CVE/list Log: - bind9 fixed - new issues in libvpx and libxml2 Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-11-08 02:23:56 UTC (rev 15569) +++ data/CVE/list 2010-11-08 09:29:05 UTC (rev 15570) @@ -1,4 +1,6 @@ CVE-2010-XXXX + - libvpx <unfixed> (bug #602693) +CVE-2010-XXXX - proftpd-dfsg 1.3.3a-5 (bug #602279) [lenny] - proftpd-dfsg <not-affected> (Introduced in 1.3.2rc3) CVE-2010-4149 @@ -323,6 +325,7 @@ RESERVED CVE-2010-4008 RESERVED + - libxml2 <unfixed> (bug #602609) CVE-2010-4007 (Oracle Mojarra uses an encrypted View State without a Message ...) NOT-FOR-US: Oracle Mojarra CVE-2010-4006 @@ -914,7 +917,7 @@ - mantis 1.1.8+dfsg-9 (bug #601618) [lenny] - mantis <no-dsa> (Minor issue) CVE-2010-3762 (ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not ...) - - bind9 <unfixed> (bug #599515) + - bind9 1:9.7.2.dfsg.P2-1 (bug #599515) NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html NOTE: ACL bypass claimed to only affect >=9.7.2: https://lists.isc.org/pipermail/bind-announce/2010-September/000655.html NOTE: The crash with multiple trust anchors affects 9.6 and is fixed in 9.6-ESV-R2.