Author: derevko-guest
Date: 2009-08-22 09:53:18 +0000 (Sat, 22 Aug 2009)
New Revision: 12658
Modified:
data/CVE/list
Log:
- BackupPC ClientNameAlias ssh rsync backup security bypass
- CVE-2009-2474 neon: Improper verification of x590v3 certificate with NUL
(zero) byte in certain fields
- CVE-2009-2473: This issue does not affect versions of neon which are compiled
to use libxml2 instead of expat
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-08-22 09:01:00 UTC (rev 12657)
+++ data/CVE/list 2009-08-22 09:53:18 UTC (rev 12658)
@@ -1,3 +1,7 @@
+CVE-2009-XXXX [BackupPC ClientNameAlias ssh rsync backup security bypass]
+ - backuppc <unfixed> (low; bug #542218)
+ NOTE: no-dsa candidate
+ TODO: request CVE id
CVE-2009-XXXX [burn: Insecure escaping of file names]
- burn <unfixed> (low; bug #542329)
[lenny] - burn <no-dsa> (Minor issue)
@@ -1311,10 +1315,17 @@
- sun-java6 6-15-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- openjdk-6 <unfixed> (medium; bug #542210)
-CVE-2009-2474
+CVE-2009-2474 [neon: Improper verification of x590v3 certificate with NUL
(zero) byte in certain fields]
RESERVED
-CVE-2009-2473
+ - neon27 <unfixed> (medium; bug #542926)
+ - neon26 <unfixed> (medium; bug #542926)
+ - neon <removed> (medium; bug #542926)
+CVE-2009-2473 [neon: billion laughs DoS attack]
RESERVED
+ - neon27 <not-affected> (neon27 is compiled to use libxml2 instead of
expat)
+ - neon26 <not-affected> (neon26 is compiled to use libxml2 instead of
expat)
+ - neon <removed>
+ [etch] - neon <not-affected> (neon is compiled to use libxml2 instead of
expat)
CVE-2009-2472 (Mozilla Firefox before 3.0.12 does not always use ...)
{DSA-1840-1}
- xulrunner 1.9.0.12-1