Author: gilbert-guest Date: 2010-06-06 04:04:57 +0000 (Sun, 06 Jun 2010) New Revision: 14814 Modified: data/CVE/list Log: python/openssl info Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-06-06 03:43:15 UTC (rev 14813) +++ data/CVE/list 2010-06-06 04:04:57 UTC (rev 14814) @@ -155,6 +155,7 @@ CVE-2010-2090 (The npb_protocol_error function in sna V5router64 in IBM ...) NOT-FOR-US: IBM Communications Server CVE-2010-2089 (The audioop module in Python 2.7 and 3.2 does not verify the ...) + - python3.1 <not-affected> (poc not effective) - python2.7 <unfixed> (low) - python2.6 <unfixed> (low) - python2.5 <unfixed> (low) @@ -1239,14 +1240,14 @@ - samba <unfixed> (unimportant) NOTE: Only crashes a single connection, not the entire smbd CVE-2010-1634 (Multiple integer overflows in audioop.c in the audioop module in ...) - - python3.1 <undetermined> + - python3.1 <unfixed> - python2.7 <unfixed> - python2.6 <unfixed> - python2.5 <unfixed> - python2.4 <removed> CVE-2010-1633 (RSA verification recovery in the EVP_PKEY_verify_recover function in ...) - - openssl <unfixed> (bug filed) - [lenny] - openssl <not-affected> (This bug is only present in OpenSSL 1.0.0) + - openssl <not-affected> (This bug is only present in OpenSSL 1.0.0) + TODO: recheck once >= 1.0.0 gets uploaded CVE-2010-1632 RESERVED CVE-2010-1631 @@ -3826,8 +3827,9 @@ - iscsitarget 0.4.17+svn229-1.4 (medium; bug #574935) - tgt 1:1.0.3-2 (medium; bug #576086) CVE-2010-0742 (The Cryptographic Message Syntax (CMS) implementation in ...) - - openssl <unfixed> (bug filed) + - openssl <unfixed> (unimportant; bug #584592) [lenny] - openssl <not-affected> (CMS is only present in OpenSSL 0.9.8h and later) + NOTE: unimportant since cms is disabled by default CVE-2010-0741 (The virtio_net_bad_features function in hw/virtio-net.c in the ...) - linux-2.6 2.6.26-1 CVE-2010-0740 (The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through ...)