nion at alioth.debian.org
2009-Jan-17 18:20 UTC
[Secure-testing-commits] r10981 - data/CVE
Author: nion Date: 2009-01-17 18:20:49 +0000 (Sat, 17 Jan 2009) New Revision: 10981 Modified: data/CVE/list Log: CVE-2009-0130/CVE-2009-0122 non-issues new CVE-2009-0025 related issues (CVE-2009-01[23-29]) Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-01-17 17:04:30 UTC (rev 10980) +++ data/CVE/list 2009-01-17 18:20:49 UTC (rev 10981) @@ -5,23 +5,26 @@ CVE-2009-0131 (The UFS implementation in the kernel in Sun OpenSolaris snv_29 through ...) NOT-FOR-US: UFS in OpenSolaris CVE-2009-0130 (** DISPUTED ** lib/crypto/c_src/crypto_drv.c in erlang does not ...) - TODO: check + - erlang <unfixed> (unimportant; bug #511520) + NOTE: the return value is passed to the caller (lib/crypto/src/crypto.erl) which + NOTE: only return success in case of DSA_do_verify returning 1 and failure otherwise + NOTE: this is likely to be rejected CVE-2009-0129 (libcrypt-openssl-dsa-perl does not properly check the return value ...) - TODO: check + - libcrypt-openssl-dsa-perl <unfixed> (bug #511519) CVE-2009-0128 (plugins/crypto/openssl/crypto_openssl.c in Simple Linux Utility for ...) - TODO: check + - slurm-llnl 1.3.13-1 (bug #511511) CVE-2009-0127 (** DISPUTED ** M2Crypto does not properly check the return value from ...) - TODO: check + - m2crypto <unfixed> (bug #511515) CVE-2009-0126 (The decrypt_public function in lib/crypt.cpp in the client in Berkeley ...) - TODO: check + - boinc <unfixed> (bug #511521) CVE-2009-0125 (nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library ...) - TODO: check + - libnasl <unfixed> (bug #511517) CVE-2009-0124 (The tqsl_verifyDataBlock function in openssl_cert.cpp in American ...) - TODO: check + - tqsllib 2.0-8 (bug #511509) CVE-2009-0123 (Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows ...) NOT-FOR-US: Apple Safari CVE-2009-0122 (hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and ...) - TODO: check + - hplip <not-affected> (only a bug in ubuntus postinst script, we use our own postinst which is not vulnerable) CVE-2008-5907 (The png_check_keyword function in pngwutil.c in libpng before 1.0.42, ...) TODO: check CVE-2008-5906 (Eval injection vulnerability in the web interface plugin in KTorrent ...)