Author: jmm-guest Date: 2010-03-07 20:29:21 +0000 (Sun, 07 Mar 2010) New Revision: 14213 Modified: data/CVE/list Log: - filed bug for libesmtp - warzone2100 bug not a security issue - fix drupal6 source name, drupal5 no longer relevant - record bug for drupal issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-03-07 20:19:00 UTC (rev 14212) +++ data/CVE/list 2010-03-07 20:29:21 UTC (rev 14213) @@ -278,22 +278,19 @@ [lenny] - shibboleth-sp2 <no-dsa> (Minor issue) - shibboleth-sp <not-affected> (Vulnerable code not present) CVE-2010-XXXX [libesmtp doesn''t handle null bytes in commonname] - - libesmtp <unfixed> + - libesmtp <unfixed> (bug filed) NOTE: http://www.openwall.com/lists/oss-security/2010/03/03/6 - TODO: check CVE-2010-XXXX [argyll unsafe udev rules] - argyll <not-affected> (issue with redhat-specific changes to the package) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=560050 CVE-2010-XXXX [warzone2100 stack overflow] - - warzone2100 <undetermined> (low) + - warzone2100 <undetermined> (unimportant) NOTE: https://bugs.launchpad.net/ubuntu/+source/warzone2100/+bug/520432 NOTE: supposedly fixed in version 2.3 - TODO: check + NOTE: Triggered through config files, not a security issue CVE-2010-XXXX [drupal sa-core-2010-001] - - drupal-6 <undetermined> - - drupal-5 <undetermined> + - drupal6 <unfixed> (bug #572439) NOTE: http://drupal.org/node/731710 - TODO: check CVE-2010-XXXX [linux-ftpd: null ptr dereference] - linux-ftpd <unfixed> CVE-2010-XXXX [openssl power supply fluctuation fault-based key disclosure]