Author: joeyh
Date: 2011-01-06 09:14:40 +0000 (Thu, 06 Jan 2011)
New Revision: 15805
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-01-06 07:34:03 UTC (rev 15804)
+++ data/CVE/list 2011-01-06 09:14:40 UTC (rev 15805)
@@ -1821,6 +1821,7 @@
CVE-2010-4181 (Directory traversal vulnerability in Yaws 1.89 allows remote
attackers ...)
- yaws <not-affected> (Only affects Windows)
CVE-2010-4180 (OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when ...)
+ {DSA-2141-1}
- openssl 0.9.8o-4
NOTE: http://www.openssl.org/news/secadv_20101202.txt
CVE-2010-4179 (The installation documentation for Red Hat Enterprise Messaging,
...)
@@ -2547,6 +2548,7 @@
{DSA-2126-1}
- linux-2.6 2.6.32-28 (low)
CVE-2010-3872 (The apr_status_t fcgid_header_bucket_read function in
fcgid_bucket.c ...)
+ {DSA-2140-1}
- libapache2-mod-fcgid 1:2.3.6-1 (bug #605484)
CVE-2010-3871 (Cross-site scripting (XSS) vulnerability in ...)
- mahara <not-affected> (Vulnerable feature introduced in 1.3)
@@ -16635,7 +16637,7 @@
- linux-2.6 <not-affected> (redhat-specific configuration issue)
- linux-2.6.24 <not-affected> (redhat-specific configuration issue)
CVE-2009-3555 (The TLS protocol, and the SSL protocol 3.0 and possibly earlier,
as ...)
- {DSA-1934-1}
+ {DSA-2141-3 DSA-2141-2 DSA-2141-1 DSA-1934-1}
- apache2 2.2.14-2
- openssl 0.9.8k-6
[lenny] - openssl <no-dsa> (fix changes functionality, can be fixed in
point release)