File:  [NetBSD Developer Wiki] / wikisrc / users / spz / secref.mdwn
Revision 1.3: download - view: text, annotated - select for diffs
Sat Jan 21 03:00:14 2012 UTC (2 years, 2 months ago) by schmonz
Branches: MAIN
CVS tags: HEAD
Better living through less markup, fix meta title directives and a
broken link, wrap long lines that aren't table rows. Might benefit
from a template.

[[!meta title="Security Vulnerability Reference List"]]
# Security Vulnerability Reference List

[[!table data="""
Identifier|Topic|Fixed in HEAD|Fixed in netbsd-5|Fixed in netbsd-4|Advisory
[[CVE-2010-3613|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613]]|BIND DoS due to improper handling of RRSIG records|20101202|20110110|20110123|[[2011-001|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-001.txt.asc]]
[[CVE-2011-0014|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0014]]|OpenSSL TLS extension parsing race condition|20110211|20110217|not affected|[[2011-002|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-002.txt.asc]]
-|Exhausting kernel memory from user controlled value|20110304|20110307|20110307|[[2011-003|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-003.txt.asc]]
[[CVE-2011-1547|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1547]]|Kernel stack overflow via nested IPCOMP packet|20110401|20110403|20110403|[[2011-004|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-004.txt.asc]]
[[CVE-2011-0997|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0997]]|ISC dhclient environment sanitizing|20110406|20110407|20110407|[[2011-005|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-005.txt.asc]]
[[CVE-2011-2464|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464]]|BIND DoS via packet with rrtype zero|20110706|20110708|20110716|[[2011-006|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-006.txt.asc]]
[[CVE-2011-2895|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2895]]|LZW decoding loop on manipulated compressed files|20110816|20110819|20110819|[[2011-007|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc]]
[[CVE-2011-4122|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4122]]|OpenPAM privilege escalation|20111109|20111119|20111119|[[2011-008|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-008.txt.asc]]
[[CVE-2011-4313|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313]]|BIND resolver DoS|20111116|20111118|20111120|[[2011-009|http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2011-009.txt.asc]]
[[CVE-2011-4862|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862]]|telnetd unchecked encryption key length|20111223|20111231|20111231|
[[CVE-2010-1166|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1166]]|incorrect macro definition in Xrender|20111230|20120101|not affected|
"""]]

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb