Author: gilbert-guest Date: 2009-07-31 23:20:21 +0000 (Fri, 31 Jul 2009) New Revision: 12455 Modified: data/CVE/list Log: new ssl certificate issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-07-31 15:34:32 UTC (rev 12454) +++ data/CVE/list 2009-07-31 23:20:21 UTC (rev 12455) @@ -1,3 +1,7 @@ +CVE-2009-XXXX [openssl: certificate spoofing via null characters] + - openssl <unfixed> (medium; bug #539499) + NOTE: asked maintainer to check whether openssl affected + TODO: determine whether web browsers are also individually vulnerable (i.e. nss) or if a fix in just openssl is sufficient CVE-2009-2651 (main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote ...) TODO: check CVE-2009-2650 (Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0 ...)