Author: stef-guest Date: 2005-08-24 21:46:16 +0000 (Wed, 24 Aug 2005) New Revision: 1640 Modified: data/CAN/list Log: update CAN-2005-1268/apache Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-08-24 21:14:18 UTC (rev 1639) +++ data/CAN/list 2005-08-24 21:46:16 UTC (rev 1640) @@ -6068,7 +6068,9 @@ CAN-2005-1268 (Off-by-one error in the mod_ssl Certificate Revocation List (CRL) ...) NOTE: This is from latest Trustix advisory, exploitation would require to trick NOTE: someone into using a maliciously crafted certificate revocation list + TODO: check libapache-mod-ssl: AFAIK it is not affected, file bug if it is - libapache-mod-ssl (unfixed; low) + - apache2 (unfixed; bug #320048; low) CAN-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly handle ...) - tcpdump 3.9.0.cvs.20050614-1 (medium) CAN-2005-1266 (Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to ...)