Author: fw
Date: 2009-01-08 09:29:01 +0000 (Thu, 08 Jan 2009)
New Revision: 10891
Modified:
data/CVE/list
Log:
CVE-2008-5077: openssl
CVE-2009-0025: bind9
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-01-08 09:14:13 UTC (rev 10890)
+++ data/CVE/list 2009-01-08 09:29:01 UTC (rev 10891)
@@ -575,8 +575,11 @@
RESERVED
CVE-2009-0026
RESERVED
-CVE-2009-0025
+CVE-2009-0025 [OpenSSL signature verification API misuse: bind9 incarnation]
RESERVED
+ - bind9 <unfixed> (low)
+ NOTE: low severity because it is believed hard to trigger and only
+ NOTE: affects DNSSEC with DSA, which is supposedly rarely used.
CVE-2009-0024
RESERVED
CVE-2009-0023
@@ -1898,8 +1901,9 @@
NOTE: http://marc.info/?l=linux-netdev&m=122841256115780&w=2
CVE-2008-5078 (Multiple buffer overflows in the (1) recognize_eps_file
function ...)
TODO: check
-CVE-2008-5077
+CVE-2008-5077 [OpenSSL signature verification misuse]
RESERVED
+ - openssl 0.9.8g-15
CVE-2008-5075 (Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0
(aka ...)
NOT-FOR-US: E-Uploader Pro
CVE-2008-5074 (SQL injection vulnerability in index.php in the Freshlinks 1.0
RC1 ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
