Author: jmm-guest
Date: 2010-12-08 19:51:40 +0000 (Wed, 08 Dec 2010)
New Revision: 15666
Modified:
data/CVE/list
Log:
- bug filed for libcgi-pm-perl, partly fixed in sid,
needed in testing, also affects libcgi-simple-perl
- openssl fixed
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-12-08 11:24:50 UTC (rev 15665)
+++ data/CVE/list 2010-12-08 19:51:40 UTC (rev 15666)
@@ -140,16 +140,14 @@
CVE-2010-4412 (Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2
beta ...)
TODO: check
CVE-2010-4411 (Unspecified vulnerability in CGI.pm 3.50 and earlier allows
remote ...)
- - libcgi-pm-perl <unfixed>
- TODO: check
+ - libcgi-pm-perl <unfixed> (bug #606370)
CVE-2010-4410 (CRLF injection vulnerability in the header function in (1)
CGI.pm ...)
- - libcgi-pm-perl <unfixed>
- TODO: check
+ - libcgi-pm-perl 3.50-1 (bug #606370)
+ - libcgi-simple-perl <unfixed> (bug #606379)
CVE-2010-4408 (Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through
...)
TODO: check
CVE-2008-7270 (OpenSSL before 0.9.8j, when
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is ...)
- - openssl <unfixed>
- TODO: check
+ - openssl 0.9.8k-1
CVE-2010-4334 [IO::Socket::SSL verify peer mode ignored if no cert supplied]
RESERVED
- libio-socket-ssl-perl <unfixed> (bug #606058)
@@ -4507,8 +4505,8 @@
- xulrunner <not-affected> (Only affects 3.6, only in experimental)
- iceweasel <not-affected> (Only affects 3.6, only in experimental)
CVE-2010-2761 (The multipart_init function in (1) CGI.pm before 3.50 and (2)
...)
- - libcgi-pm-perl <unfixed>
- NOTE: 4CF685D7.4070208 at redhat.com
+ - libcgi-pm-perl 3.50-1 (bug #606370)
+ - libcgi-simple-perl <unfixed> (bug #606379)
CVE-2010-2760 (Use-after-free vulnerability in the nsTreeSelection function in
...)
{DSA-2106-1}
- xulrunner <removed>