Author: fw Date: 2008-01-18 22:33:49 +0000 (Fri, 18 Jan 2008) New Revision: 7965 Modified: data/CVE/list Log: CVE-2008-0122: BIND vulnerability FreeBSD kernels not affected, independently fixed in GNU libc. Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-01-18 21:14:10 UTC (rev 7964) +++ data/CVE/list 2008-01-18 22:33:49 UTC (rev 7965) @@ -524,9 +524,12 @@ NOTE: and considering that the apache configuration that comes NOTE: with moodle limits connections to localhost this is no issue CVE-2008-0122 (Off-by-one error in the inet_network function in libc in FreeBSD 6.2, ...) - - kfreebsd-5 <not-affected> - - kfreebsd-6 <unfixed> - - kfreebsd-7 <unfixed> + - bind <removed> + [sarge] - bind <no-dsa> (applications will use inet_network in libc) + [etch] - bind <no-dsa> (applications will use inet_network in libc) + - bind9 <not-affected> (does not build libbind) + - glibc 2.2-1 + NOTE: The fix for the BIND-based resolver in GNU libc was made in 2000. CVE-2008-0121 RESERVED CVE-2008-0120