Author: jmm-guest Date: 2010-03-07 21:05:43 +0000 (Sun, 07 Mar 2010) New Revision: 14215 Modified: data/CVE/list Log: - Kerberos support disabled in openssl - Mark the other issue as unimportant Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-03-07 21:03:17 UTC (rev 14214) +++ data/CVE/list 2010-03-07 21:05:43 UTC (rev 14215) @@ -294,7 +294,7 @@ CVE-2010-XXXX [linux-ftpd: null ptr dereference] - linux-ftpd <unfixed> (low; bug #572813) CVE-2010-XXXX [openssl power supply fluctuation fault-based key disclosure] - - openssl <unfixed> (low) + - openssl <unfixed> (unimportant) NOTE: http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf NOTE: somewhat impractical right now, but the openssl developers are working NOTE: on a fix just in case @@ -1322,9 +1322,8 @@ RESERVED CVE-2010-0433 [openssl remote crash] RESERVED - - openssl <undetermined> + - openssl <not-affected> (Kerberos support not enabled) NOTE: http://www.openwall.com/lists/oss-security/2010/03/03/5 - TODO: check CVE-2010-0432 RESERVED CVE-2010-0431