Author: fw Date: 2009-01-08 09:29:01 +0000 (Thu, 08 Jan 2009) New Revision: 10891 Modified: data/CVE/list Log: CVE-2008-5077: openssl CVE-2009-0025: bind9 Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-01-08 09:14:13 UTC (rev 10890) +++ data/CVE/list 2009-01-08 09:29:01 UTC (rev 10891) @@ -575,8 +575,11 @@ RESERVED CVE-2009-0026 RESERVED -CVE-2009-0025 +CVE-2009-0025 [OpenSSL signature verification API misuse: bind9 incarnation] RESERVED + - bind9 <unfixed> (low) + NOTE: low severity because it is believed hard to trigger and only + NOTE: affects DNSSEC with DSA, which is supposedly rarely used. CVE-2009-0024 RESERVED CVE-2009-0023 @@ -1898,8 +1901,9 @@ NOTE: http://marc.info/?l=linux-netdev&m=122841256115780&w=2 CVE-2008-5078 (Multiple buffer overflows in the (1) recognize_eps_file function ...) TODO: check -CVE-2008-5077 +CVE-2008-5077 [OpenSSL signature verification misuse] RESERVED + - openssl 0.9.8g-15 CVE-2008-5075 (Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 (aka ...) NOT-FOR-US: E-Uploader Pro CVE-2008-5074 (SQL injection vulnerability in index.php in the Freshlinks 1.0 RC1 ...)