Author: nion Date: 2008-10-02 11:52:11 +0000 (Thu, 02 Oct 2008) New Revision: 9938 Modified: data/CVE/list Log: CVE-2008-3529 fixed in libxml2 2.6.32.dfsg-4 CVE-2008-1447 fixed in adns 1.4-2 Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-10-02 11:46:24 UTC (rev 9937) +++ data/CVE/list 2008-10-02 11:52:11 UTC (rev 9938) @@ -2000,7 +2000,7 @@ - kfreebsd-6 6.3-7 - kfreebsd-7 7.0-5 CVE-2008-3529 (Heap-based buffer overflow in the xmlParseAttValueComplex function in ...) - - libxml2 <unfixed> (bug #498768) + - libxml2 2.6.32.dfsg-4 (bug #498768) CVE-2008-3528 (The error-reporting functionality in (1) fs/ext2/dir.c, (2) ...) TODO: check CVE-2008-3527 @@ -6790,14 +6790,14 @@ - dnsmasq 2.43-1 (medium; bug #490123) - python-dns 2.3.1-5 (low; bug #490217) - python-dnspython <unfixed> (low; bug #492465) - - adns <unfixed> (unimportant; bug #492698) + - adns 1.4-2 (unimportant; bug #492698) + NOTE: adns is not suitable to use with untrusted responses, documented in README.Debian - udns <unfixed> (bug #493599) - libnet-dns-perl <unfixed> (low; bug #492700) - ruby1.9 1.9.0.2-6 (low) NOTE: Unbound, djbdns, pdnsd and PowerDNS are affected by the underlying protocol issue, but NOTE: already use source port randomization. NOTE: Marking non-caching stub resolvers as low since these really should be fixed, but are much less vulnerable than a caching server. - NOTE: adns is not suitable to use with untrusted responses, working to document this better CVE-2008-1446 RESERVED CVE-2008-1445 (Active Directory on Microsoft Windows 2000 Server SP4, XP Professional ...)