Author: gilbert-guest Date: 2010-12-12 21:54:28 +0000 (Sun, 12 Dec 2010) New Revision: 15686 Modified: data/CVE/list Log: new issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-12-11 21:14:38 UTC (rev 15685) +++ data/CVE/list 2010-12-12 21:54:28 UTC (rev 15686) @@ -514,6 +514,9 @@ NOT-FOR-US: SiteEngine CVE-2008-7267 (SQL injection vulnerability in announcements.php in SiteEngine 5.x ...) NOT-FOR-US: SiteEngine +CVE-2010-XXXX [echoping buffer overflows] + - echoping <unfixed> (low; bug #606808) + NOTE: not sure if any of these are real security concerns CVE-2010-XXXX [elfsign uses cryptographically weak md5 hashes] - elfsign <unfixed> (low; bug #555668) [lenny] - elfsign <no-dsa> (a stronger hashing algorithm would completely change functionality of the package) @@ -769,7 +772,7 @@ CVE-2010-4253 RESERVED CVE-2010-4252 (OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly ...) - - openssl <unfixed> + - openssl <not-affected> (configured with -DOPENSSL_NO_JPAKE; bug #606902) NOTE: http://www.openssl.org/news/secadv_20101202.txt CVE-2010-4251 RESERVED @@ -8650,7 +8653,8 @@ CVE-2010-1379 (Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1378 (OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly ...) - NOT-FOR-US: Apple Mac OS X + - openssl <not-affected> (fix for an apple-specific flaw) + NOTE: sounds like a duplicate of CVE-2009-2409 CVE-2010-1377 (Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1376 (Multiple format string vulnerabilities in Network Authorization in ...)