Author: jmm-guest Date: 2010-06-04 22:02:46 +0000 (Fri, 04 Jun 2010) New Revision: 14804 Modified: data/CVE/list Log: new openssl issues not affecting Lenny Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-06-04 21:55:26 UTC (rev 14803) +++ data/CVE/list 2010-06-04 22:02:46 UTC (rev 14804) @@ -1233,7 +1233,8 @@ CVE-2010-1634 (Multiple integer overflows in audioop.c in the audioop module in ...) TODO: check CVE-2010-1633 (RSA verification recovery in the EVP_PKEY_verify_recover function in ...) - TODO: check + - openssl <unfixed> (bug filed) + [lenny] - openssl <not-affected> (This bug is only present in OpenSSL 1.0.0) CVE-2010-1632 RESERVED CVE-2010-1631 @@ -3803,7 +3804,8 @@ - iscsitarget 0.4.17+svn229-1.4 (medium; bug #574935) - tgt 1:1.0.3-2 (medium; bug #576086) CVE-2010-0742 (The Cryptographic Message Syntax (CMS) implementation in ...) - TODO: check + - openssl <unfixed> (bug filed) + [lenny] - openssl <not-affected> (CMS is only present in OpenSSL 0.9.8h and later) CVE-2010-0741 (The virtio_net_bad_features function in hw/virtio-net.c in the ...) - linux-2.6 2.6.26-1 CVE-2010-0740 (The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through ...)