Author: fw Date: 2005-10-18 20:56:59 +0000 (Tue, 18 Oct 2005) New Revision: 2443 Modified: data/CAN/list Log: Mention removed openssl packages for the SSL downgrade vulnerability. Got CVE assignments for two cgiwrap issues. Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-10-18 17:25:34 UTC (rev 2442) +++ data/CAN/list 2005-10-18 20:56:59 UTC (rev 2443) @@ -768,6 +768,9 @@ RESERVED - openssl 0.9.8-3 (bug #333500; low) - openssl097 0.9.7g-5 (bug #333500; low) + - openssl094 <removed> + - openssl095 <removed> + - openssl096 <removed> CAN-2005-2968 (Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary ...) - mozilla-firefox <not-affected> (Debian ships a non-vulnerable wrapper script) - mozilla <not-affected> (Debian ships a non-vulnerable wrapper script) @@ -2475,9 +2478,9 @@ - fftw3 3.0.1-12 (low; bug #321566) CAN-2005-XXXX [clamav-getfile: Insecure use of temporary files] - clamav-getfiles 0.5-1 (bug #321446; medium) -CAN-2005-XXXX [cgiwrap: Minimum UID does not include all system users] +CAN-2005-3254 [cgiwrap: Minimum UID does not include all system users] - cgiwrap 3.9-3.1 (bug #316881; low) -CAN-2005-XXXX [cgiwrap: CGIs can be used to disclose system information] +CAN-2005-3255 [cgiwrap: CGIs can be used to disclose system information] - cgiwrap 3.9-3.1 (bug #316901; low) CAN-2004-2162 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...) - tutos 1.1.20031017-2.1 (bug #318633; medium)