thr3ads.net - Secure testing commits - [Secure-testing-commits] r17207

If this information is useful, please help other people find it:
Share via:

Nico Golde

2011-Sep-10 12:43 UTC

[Secure-testing-commits] r17207 - data/CVE

Author: nion
Date: 2011-09-10 12:43:33 +0000 (Sat, 10 Sep 2011)
New Revision: 17207

Modified:
   data/CVE/list
Log:
- NFUs
- new openssl issues fixed in 1.0.0e-1


Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-09-10 09:14:18 UTC (rev 17206)
+++ data/CVE/list	2011-09-10 12:43:33 UTC (rev 17207)
@@ -1,7 +1,7 @@
 CVE-2011-3392 (Cross-site scripting (XSS) vulnerability in control.php in the
...)
-	TODO: check
+	NOT-FOR-US: Phorum
 CVE-2011-3391 (IBM Rational Build Forge 7.1.2 relies on client-side JavaScript
code ...)
-	TODO: check
+	NOT-FOR-US: IBM Rational Build Forge
 CVE-2011-3354 [quassel ctcp DoS]
 	RESERVED
 	- quassel <unfixed> (low; bug #640960)
@@ -414,6 +414,9 @@
 	NOTE: information as reported by maintainer
 CVE-2011-3210
 	RESERVED
+	- openssl 1.0.0e-1
+	[lenny] - openssl <no-dsa> (Minor issue)
+	[squeeze] - openssl <no-dsa> (Minor issue)
 CVE-2011-3209
 	RESERVED
 CVE-2011-3208
@@ -422,8 +425,11 @@
 	- cyrus-imapd-2.4 <unfixed> (medium)
 	- kolab-cyrus-imapd <unfixed> (medium)
 	TODO: file bugs
-CVE-2011-3207
+CVE-2011-3207 [openssl CRL verification vulnerability]
 	RESERVED
+	- openssl 1.0.0e-1
+	[squeeze] - openssl <not-affected> (only affects 1.0.0 through 1.0.0d)
+	[lenny] - openssl <not-affected> (only affects 1.0.0 through 1.0.0d)
 CVE-2011-3206
 	RESERVED
 CVE-2011-3205 (Buffer overflow in the gopherToHTML function in gopher.cc in the
...)
@@ -3707,7 +3713,7 @@
 CVE-2011-1946 (gnomesu-pam-backend in libgnomesu 1.0.0 prints an error message
but ...)
 	NOT-FOR-US: libgnomesu
 CVE-2011-1945 (The elliptic curve cryptography (ECC) subsystem in OpenSSL
1.0.0d and ...)
-	- openssl <unfixed> (low)
+	- openssl 1.0.0e-1 (low)
 CVE-2011-1944 (Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and
2.7.x ...)
 	{DSA-2255-1}
 	- libxml2 2.7.8.dfsg-3 (bug #628537)
@@ -20691,7 +20697,7 @@
 	- iscsitarget 0.4.17+svn229-1.4 (medium; bug #574935)
 	- tgt 1:1.0.3-2 (medium; bug #576086)
 CVE-2010-0742 (The Cryptographic Message Syntax (CMS) implementation in ...)
-	- openssl <unfixed> (unimportant; bug #584592)
+	- openssl 1.0.0e-1 (unimportant; bug #584592)
 	[lenny] - openssl <not-affected> (CMS is only present in OpenSSL 0.9.8h
and later)
 	NOTE: unimportant since cms is disabled by default
 CVE-2010-0741 (The virtio_net_bad_features function in hw/virtio-net.c in the
...)

Secure testing commits - Sep 2011 - r17207 - data/CVE

[Secure-testing-commits] r17207 - data/CVE