Author: thijs Date: 2015-01-13 19:11:02 +0000 (Tue, 13 Jan 2015) New Revision: 31306
Modified: data/CVE/list Log: pound in wheezy vulnerable to ssl issues Modified: data/CVE/list =================================================================== --- data/CVE/list 2015-01-13 18:55:28 UTC (rev 31305) +++ data/CVE/list 2015-01-13 19:11:02 UTC (rev 31306) @@ -16889,6 +16889,8 @@ - openjdk-8 <unfixed> - polarssl 1.3.9-2 [wheezy] - polarssl <no-dsa> (Minor issue) + - pound 2.6-6 (bug #765539) + [wheezy] - pound <unfixed> - surf <unfixed> (unimportant) - tlslite <removed> [wheezy] - tlslite <no-dsa> (Minor issue) @@ -50350,6 +50352,8 @@ [wheezy] - openssl 1.0.1e-2+deb7u11 [squeeze] - openssl 0.9.8o-4squeeze16 NOTE: openssl redhat announcement https://rhn.redhat.com/errata/RHSA-2013-0587.html + - pound 2.6-3 (bug #723731) + [wheezy] - pound <unfixed> CVE-2012-4928 (Cross-site scripting (XSS) vulnerability in ow_updates/index.php in ...) NOT-FOR-US: Oxwall 1.1.1 CVE-2012-4927 (SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before ...) @@ -94722,6 +94726,7 @@ [squeeze] - zorp <no-dsa> (Minor issue) [lenny] - zorp <no-dsa> (Minor issue) - lighttpd 1.4.30-1 + - pound 2.6-2 NOTE: for any of the currently unfixed implementations, you can solve the problem by disabling renegotiation NOTE: the following implement RFC 5746: NOTE: - openssl 0.9.8m-1 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits