Author: pedrib-guest Date: 2010-03-16 01:24:51 +0000 (Tue, 16 Mar 2010) New Revision: 14273 Modified: data/CVE/list Log: solved 3 outstanding issues with tor, 2010-0383 to -385 Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-03-15 21:14:24 UTC (rev 14272) +++ data/CVE/list 2010-03-16 01:24:51 UTC (rev 14273) @@ -1614,14 +1614,16 @@ NOT-FOR-US: Sun Java System Application Server CVE-2010-0385 (Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when ...) - tor 0.2.1.22-1 (low) - TODO: check + [lenny] - tor <not-affected> (only affects versions > 0.2.1.6-alpha) + NOTE: the CVE entry is wrong, only 0.2.1.6-alpha and up are affected + NOTE: confirmed with Tor developers, Lenny is not affected CVE-2010-0384 (Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory ...) - - tor <unfixed> - TODO: check + - tor <not-affected> (only affects versions 0.2.2.x) + [lenny] - tor <not-affected> (only affects versions 0.2.2.x) + NOTE: does not appear to be a real vulnerability? CVE-2010-0383 (Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated ...) - - tor 0.2.1.22-1 (low) - TODO: check - NOTE: This doesn''t seem a security issue, old clients won''t accept two directory authorities anymore due to the renewed keys + - tor 0.2.1.22-1 (medium) + [lenny] - tor 0.2.0.35-1~lenny2 (medium) CVE-2010-0382 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before ...) - bind9 1:9.7.0.dfsg-1 CVE-2010-0381 (SQL injection vulnerability in modules/arcade/index.php in PHP MySpace ...)