Author: geissert Date: 2009-10-27 05:54:05 +0000 (Tue, 27 Oct 2009) New Revision: 13101 Modified: data/CVE/list Log: openldap, mutt, jetty, libhtml-parser-perl issues cherokee issue seems to only affect an old version Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-10-27 01:42:44 UTC (rev 13100) +++ data/CVE/list 2009-10-27 05:54:05 UTC (rev 13101) @@ -1,3 +1,11 @@ +CVE-2009-XXXX [multiple vulnerabilities in jetty] + - jetty <unfixed> + TODO: check + NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt +CVE-2009-XXXX [cherokee 0.5.4 DoS] + - cherokee <not-affected> (not reproducible) + NOTE: <4089.110.37.64.157.1256562313.squirrel at mail.xc0re.net> in bugtraq + NOTE: not reproducible in etch''s 0.5.5 nor sid''s 0.99.22-1.1 CVE-2009-3777 RESERVED CVE-2009-3776 @@ -19,11 +27,17 @@ CVE-2009-3768 RESERVED CVE-2009-3767 (libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does not ...) + - openldap <unfixed> TODO: check CVE-2009-3766 (mutt_ssl.c in mutt 1.5.16, when OpenSSL is used, does not verify the ...) + - mutt <unfixed> TODO: check + NOTE: probably not an issue, etch has 1.5.13-1.1 and lenny has 1.5.18-6 + NOTE: but it is not enough to rule them out CVE-2009-3765 (mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not ...) + - mutt <unfixed> TODO: check + NOTE: probably not an issue, as our mutt is linked against gnutls CVE-2009-3764 RESERVED CVE-2009-3763 @@ -319,8 +333,10 @@ CVE-2009-3628 [typo3-sa-2009-016] RESERVED - typo3-src 4.2.10-1 (medium; bug #552020) -CVE-2009-3627 +CVE-2009-3627 ["decode_entities()" Denial of Service] RESERVED + - libhtml-parser-perl <unfixed> (bug filed) + NOTE: http://secunia.com/advisories/37155/ CVE-2009-3626 [perl utf8 DoS] RESERVED - perl <unfixed> (bug #552291)