Author: fw Date: 2010-03-29 10:06:21 +0000 (Mon, 29 Mar 2010) New Revision: 14349 Modified: data/CVE/list Log: CVE-2009-3245: fixup OpenSSL affected information It seems the CVE entry is wrong (0.9.8m instead of 0.9.8n). Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-03-29 09:48:13 UTC (rev 14348) +++ data/CVE/list 2010-03-29 10:06:21 UTC (rev 14349) @@ -6862,8 +6862,9 @@ - xulrunner <unfixed> (unimportant) NOTE: browser denial-of-services are unimportant CVE-2009-3245 (OpenSSL before 0.9.8m does not check for a NULL return value from ...) - - openssl 0.9.8m-1 (low) - [lenny] - openssl <no-dsa> (Minor issue) + - openssl 0.9.8n-1 (low) + [lenny] - openssl <not-affected> (only 0.9.8m is affected with 16 bit shorts) + NOTE: http://www.openssl.org/news/secadv_20100324.txt CVE-2009-3244 (Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe ...) NOT-FOR-US: Adobe ShockWave Player CVE-2009-3243 (Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and ...)