[Secure-testing-commits] r10981 - data/CVE

Sat, 17 Jan 2009 10:20:54 -0800 

Author: nion
Date: 2009-01-17 18:20:49 +0000 (Sat, 17 Jan 2009)
New Revision: 10981

Modified:
   data/CVE/list
Log:
CVE-2009-0130/CVE-2009-0122 non-issues
new CVE-2009-0025 related issues (CVE-2009-01[23-29])


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2009-01-17 17:04:30 UTC (rev 10980)
+++ data/CVE/list       2009-01-17 18:20:49 UTC (rev 10981)
@@ -5,23 +5,26 @@
 CVE-2009-0131 (The UFS implementation in the kernel in Sun OpenSolaris snv_29 
through ...)
        NOT-FOR-US: UFS in OpenSolaris
 CVE-2009-0130 (** DISPUTED ** lib/crypto/c_src/crypto_drv.c in erlang does not 
...)
-       TODO: check
+       - erlang <unfixed> (unimportant; bug #511520)
+       NOTE: the return value is passed to the caller 
(lib/crypto/src/crypto.erl) which
+       NOTE: only return success in case of DSA_do_verify returning 1 and 
failure otherwise
+       NOTE: this is likely to be rejected
 CVE-2009-0129 (libcrypt-openssl-dsa-perl does not properly check the return 
value ...)
-       TODO: check
+       - libcrypt-openssl-dsa-perl <unfixed> (bug #511519)
 CVE-2009-0128 (plugins/crypto/openssl/crypto_openssl.c in Simple Linux Utility 
for ...)
-       TODO: check
+       - slurm-llnl 1.3.13-1 (bug #511511)
 CVE-2009-0127 (** DISPUTED ** M2Crypto does not properly check the return 
value from ...)
-       TODO: check
+       - m2crypto <unfixed> (bug #511515)
 CVE-2009-0126 (The decrypt_public function in lib/crypt.cpp in the client in 
Berkeley ...)
-       TODO: check
+       - boinc <unfixed> (bug #511521)
 CVE-2009-0125 (nasl/nasl_crypto2.c in the Nessus Attack Scripting Language 
library ...)
-       TODO: check
+       - libnasl <unfixed> (bug #511517)
 CVE-2009-0124 (The tqsl_verifyDataBlock function in openssl_cert.cpp in 
American ...)
-       TODO: check
+       - tqsllib 2.0-8 (bug #511509)
 CVE-2009-0123 (Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and 
Windows ...)
        NOT-FOR-US: Apple Safari
 CVE-2009-0122 (hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 
and ...)
-       TODO: check
+       - hplip <not-affected> (only a bug in ubuntus postinst script, we use 
our own postinst which is not vulnerable)
 CVE-2008-5907 (The png_check_keyword function in pngwutil.c in libpng before 
1.0.42, ...)
        TODO: check
 CVE-2008-5906 (Eval injection vulnerability in the web interface plugin in 
KTorrent ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to