Author: nion Date: 2009-09-05 15:29:49 +0000 (Sat, 05 Sep 2009) New Revision: 12751 Modified: data/CVE/list Log: some lenny point release todos Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-09-04 21:14:43 UTC (rev 12750) +++ data/CVE/list 2009-09-05 15:29:49 UTC (rev 12751) @@ -166,7 +166,7 @@ [lenny] - pidgin <not-affected> (Vulnerable code introduced in 2.6.0) [etch] - pidgin <not-affected> (Vulnerable code introduced in 2.6.0) CVE-2009-3024 (The verify_hostname_of_cert function in the certificate checking ...) - TODO: next point release [lenny] - libcompress-raw-zlib-perl 2.012-1lenny1 + [lenny] - libcompress-raw-zlib-perl 2.012-1lenny1 - libcompress-raw-zlib-perl 2.015-2 (bug #532738) CVE-2009-3023 (Buffer overflow in the FTP server in Microsoft Internet Information ...) NOT-FOR-US: Microsoft IIS @@ -2299,7 +2299,7 @@ CVE-2009-XXXX [libio-socket-ssl-perl: partial hostname matching vulnerability] - libio-socket-ssl-perl 1.26-1 (low; bug #535946) [lenny] - libio-socket-ssl-perl <no-dsa> (Scheduled for next point update) - TODO: next point release: [lenny] - libio-socket-ssl-perl 1.16-1+lenny1 + [lenny] - libio-socket-ssl-perl 1.16-1+lenny1 NOTE: hostname validition is not implemented until 1.14, so etch NOTE: is in a way is not affected, but in another sense, it is NOTE: completely affected since no validation done at all