Author: jmm Date: 2011-12-02 10:18:13 +0000 (Fri, 02 Dec 2011) New Revision: 17735 Modified: data/CVE/list Log: openldap issue not exploitable Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-12-02 09:45:38 UTC (rev 17734) +++ data/CVE/list 2011-12-02 10:18:13 UTC (rev 17735) @@ -1581,7 +1581,10 @@ [lenny] - linux-2.6 <not-affected> (introduced in 2.6.37 with eaf06b241b091357e72b76863ba16e89610d31bd) [squeeze] - linux-2.6 <not-affected> (introduced in 2.6.37 with eaf06b241b091357e72b76863ba16e89610d31bd) CVE-2011-4079 (Off-by-one error in the UTF8StringNormalize function in OpenLDAP ...) - - openldap <unfixed> (low; bug #647610) + - openldap <unfixed> (unimportant; bug #647610) + NOTE: Not exploitable with glibc, see + NOTE: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7059;selectid=7059 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4079 CVE-2011-4078 (include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP ...) - roundcube 0.6+dfsg-1 (bug #646675) [squeeze] - roundcube <no-dsa> (squeeze PHP version does not expose the issue)