Author: jmm-guest
Date: 2009-09-15 21:39:14 +0000 (Tue, 15 Sep 2009)
New Revision: 12823
Modified:
data/CVE/list
Log:
radare fixed
track openssl point update fixes
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-09-15 21:14:11 UTC (rev 12822)
+++ data/CVE/list 2009-09-15 21:39:14 UTC (rev 12823)
@@ -4503,9 +4503,7 @@
CVE-2009-1762 (Multiple cross-site scripting (XSS) vulnerabilities in the
WebAccess ...)
NOT-FOR-US: Novell GroupWise
CVE-2009-XXXX [radare-common insecure temp files handling]
- - radare (low)
- TODO: file bug
- NOTE: see the portions of code of #530178
+ - radare 1.4-1 (low)
CVE-2009-1761 (The message engine in CA ARCserve Backup r12.0 and r12.0 SP1 for
...)
NOT-FOR-US: CA ARCserve Backup
CVE-2009-1760 (Directory traversal vulnerability in src/torrent_info.cpp in
Rasterbar ...)
@@ -4518,7 +4516,6 @@
{DSA-1809-1}
- linux-2.6 2.6.28-1 (low; bug #536148)
- linux-2.6.24 <removed>
- NOTE: maximum impact is denial-of-service, so low-urgency
CVE-2009-1757 (Cross-site request forgery (CSRF) vulnerability in Transmission
1.5 ...)
- transmission 1.61-1 (low)
[lenny] - transmission <not-affected> (Vulnerable code not present, the
web interface was introduced in 1.30)
@@ -5572,9 +5569,11 @@
- linux-2.6.24 <not-affected> (problem in redhat-specific kernel
patches)
CVE-2009-1387 (The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c
in ...)
- openssl 0.9.8k-2 (low; bug #532037)
+ [lenny] - openssl 0.9.8g-15+lenny3
- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
CVE-2009-1386 (ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to
cause ...)
- openssl 0.9.8k-1 (low; bug #532037)
+ [lenny] - openssl 0.9.8g-15+lenny3
- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
CVE-2009-1385 (Integer underflow in the e1000_clean_rx_irq function in ...)
{DSA-1865-1 DSA-1844-1}
@@ -5593,12 +5592,15 @@
RESERVED
CVE-2009-1379 (Use-after-free vulnerability in the
dtls1_retrieve_buffered_fragment ...)
- openssl 0.9.8k-1 (low; bug #530400)
+ [lenny] - openssl 0.9.8g-15+lenny3
- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
CVE-2009-1378 (Multiple memory leaks in the dtls1_process_out_of_seq_message
function ...)
- openssl 0.9.8k-1 (low; bug #530400)
+ [lenny] - openssl 0.9.8g-15+lenny3
- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
CVE-2009-1377 (The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL
0.9.8k and ...)
- openssl 0.9.8k-1 (low; bug #530400)
+ [lenny] - openssl 0.9.8g-15+lenny3
- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
CVE-2009-1376 (Multiple integer overflows in the msn_slplink_process_msg
functions in ...)
{DSA-1805-1}
@@ -9006,8 +9008,6 @@
- tomcat5.5 <unfixed> (low; bug #532366)
CVE-2009-0579 (Linux-PAM before 1.0.4 does not enforce the minimum password age
...)
- pam 1.0.1-10 (unimportant; bug #514437)
- [etch] - pam <no-dsa> (violation of administrator''s policy, not
a vulnerability)
- [lenny] - pam <no-dsa> (violation of administrator''s policy,
not a vulnerability)
NOTE: the ability to change a password earlier than scheduled is not a
security
NOTE: vulnerability in itself (unless the user changes their password back to
NOTE: their previous password; thus violating the security policy as defined
by