Author: jamie-guest Date: 2009-07-16 22:23:16 +0000 (Thu, 16 Jul 2009) New Revision: 12361 Modified: data/CVE/list Log: mono and xmlsec1 issue (CVE-2009-0217) Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-07-16 22:17:14 UTC (rev 12360) +++ data/CVE/list 2009-07-16 22:23:16 UTC (rev 12361) @@ -7644,7 +7644,11 @@ CVE-2009-0218 (Insecure method vulnerability in Particle Software IntraLaunch ...) NOT-FOR-US: IntraLaunch Application Launcher ActiveX control CVE-2009-0217 (The design of the W3C XML Signature Syntax and Processing (XMLDsig) ...) - TODO: check + - xmlsec1 <unfixed> + - mono <unfixed> + NOTE: http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html + NOTE: http://anonsvn.mono-project.com/viewvc?view=rev&revision=137891 + NOTE: http://www.aleksey.com/xmlsec/download.html (1.2.12 has fix) CVE-2009-0216 (GE Fanuc iFIX 5.0 and earlier relies on client-side authentication ...) NOT-FOR-US: GE Fanuc iFIX CVE-2009-0215 (Stack-based buffer overflow in the GetXMLValue method in the IBM ...)