Author: derevko-guest Date: 2009-08-14 09:19:39 +0000 (Fri, 14 Aug 2009) New Revision: 12589 Modified: data/CVE/list Log: - CVE-2009-2730: gnutls does not properly handle a ''\0'' character - CVE-2009-2726: Asterisk SIP Channel Driver Denial of Service Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-08-14 09:14:22 UTC (rev 12588) +++ data/CVE/list 2009-08-14 09:19:39 UTC (rev 12589) @@ -154,7 +154,7 @@ CVE-2009-2731 RESERVED CVE-2009-2730 (libgnutls in GnuTLS before 2.8.2 does not properly handle a ''\0'' ...) - TODO: check + - gnutls26 <unfixed> (low; bug #541439) CVE-2009-2729 RESERVED CVE-2009-2728 @@ -162,7 +162,8 @@ CVE-2009-2727 (Stack-based buffer overflow in the _tt_internal_realpath function in ...) NOT-FOR-US: IBM AIX CVE-2009-2726 (The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, ...) - TODO: check + - asterisk <unfixed> (bug #541441) + NOTE: According to the vendor this is only potentially exploitable in 1.6.x, so this is a possible no-dsa CVE-2009-2725 RESERVED CVE-2009-2724 (Race condition in the java.lang package in Sun Java SE 5.0 before ...)