Author: gilbert-guest Date: 2010-04-06 22:41:13 +0000 (Tue, 06 Apr 2010) New Revision: 14422 Modified: data/CVE/list Log: new krb5 issue; certificates issue; bug for openssl issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-04-06 22:16:06 UTC (rev 14421) +++ data/CVE/list 2010-04-06 22:41:13 UTC (rev 14422) @@ -5,6 +5,8 @@ TODO: check NOTE: http://sourceforge.net/projects/tcpdf/files/CHANGELOG.TXT/view NOTE: setting K_TCPDF_CALLS_IN_HTML to false mitigates the problem +CVE-2010-XXXX [unused/unowned certificates need to be removed] + - ca-certificaties <unfixed> (low; bug #576739) CVE-2010-XXXX [xmail insecure temp files handling] - xmail <undetermined> TODO: check @@ -1829,8 +1831,10 @@ - phpbb3 <unfixed> (unimportant; bug #570011) CVE-2010-0634 (Unspecified vulnerability in Fast Lexical Analyzer Generator (flex) ...) - flex 2.5.35-1 -CVE-2010-0629 +CVE-2010-0629 [krb5 dos] RESERVED + - krb5 <unfixed> (low) + NOTE: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt CVE-2010-0628 (The spnego_gss_accept_sec_context function in ...) - krb5 <unfixed> (bug #575740) [lenny] - krb5 <not-affected> (Only affects 1.7/1.8) @@ -7356,7 +7360,7 @@ - xulrunner <unfixed> (unimportant) NOTE: browser denial-of-services are unimportant CVE-2009-3245 (OpenSSL before 0.9.8m does not check for a NULL return value from ...) - - openssl 0.9.8m-1 (low) + - openssl 0.9.8m-1 (low; bug #575433) [lenny] - openssl <no-dsa> (minor issue) CVE-2009-3244 (Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe ...) NOT-FOR-US: Adobe ShockWave Player