Author: stef-guest Date: 2006-09-28 19:15:26 +0000 (Thu, 28 Sep 2006) New Revision: 4778 Modified: data/CVE/list Log: CVE-2006-2937, -2940, -3738, -4343: new openssl issues (medium?) Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-09-28 17:32:38 UTC (rev 4777) +++ data/CVE/list 2006-09-28 19:15:26 UTC (rev 4778) @@ -297,7 +297,7 @@ CVE-2006-4925 RESERVED CVE-2006-4924 (sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, ...) - - openssh <unfixed> (low) + - openssh <unfixed> (low; bug filed) CVE-2006-4923 (Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat ...) NOT-FOR-US: eSyndiCat Portal System CVE-2006-4922 (Unrestricted file upload vulnerability in ...) @@ -1575,8 +1575,11 @@ - asterisk 1:1.2.11.dfsg-1 (medium; bug #385060) CVE-2006-4344 (CRLF injection vulnerability in CGI-Rescue Mail F/W System (formd) ...) NOT-FOR-US: CGI-Rescue Mail F/W System -CVE-2006-4343 +CVE-2006-4343 [openssl sslv2 client crash] RESERVED + - openssl 0.9.8c-2 + - openssl097 0.9.7k-2 + - openssl096 <unfixed> CVE-2006-4342 RESERVED CVE-2006-4341 @@ -2993,8 +2996,11 @@ CVE-2006-3739 (Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X ...) - xfree86 <removed> - libxfont 1:1.2.2-1 -CVE-2006-3738 +CVE-2006-3738 [openssl buffer overflow] RESERVED + - openssl 0.9.8c-2 + - openssl097 0.9.7k-2 + - openssl096 <unfixed> CVE-2006-XXXX [htdig: several unspecified security problems] - htdig 1:3.2.0b6-1 CVE-2006-XXXX [ldap account manager sets trivial password instead of disabling it] @@ -4715,14 +4721,20 @@ - twiki <not-affected> (Debian''s version is old and does not include affected file) CVE-2006-2941 (Mailman before 2.1.9rc1 allows remote attackers to cause a denial of ...) - mailman 1:2.1.8-3 -CVE-2006-2940 +CVE-2006-2940 [openssl DoS] RESERVED + - openssl 0.9.8c-2 + - openssl097 0.9.7k-2 + - openssl096 <unfixed> CVE-2006-2939 RESERVED CVE-2006-2938 RESERVED -CVE-2006-2937 +CVE-2006-2937 [openssl DoS] RESERVED + - openssl 0.9.8c-2 + - openssl097 0.9.7k-2 + - openssl096 <not-affected> CVE-2006-2936 (The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up ...) - linux-2.6 2.6.17-5 (low) CVE-2006-2935 (The dvd_read_bca function in the DVD handling code in ...)