about summary refs log blame commit diff
path: root/blacklisting/blacklist.xml
blob: 3f0bd50f908c4defc1fe37782a729d9b18f3334c (plain) (tree)
1
2
3

           
 

















                                                                            

                                   



                                                                            







                                                            
                                               
             
            
                
                                                           
                 

                                                                            









                                                                   
    









                                                                   












                                                      
 





                                                                                    

            
<blacklist>


<item id='firefox-1.0.1-security'>
  <condition>
    <within>
      <traverse><true /></traverse>
      <hasAttr name='outputHash' value='ebaea974fea9460ab7050fff76b41cb1' />
    </within>
  </condition>
  <reason>
    Fixes several security bugs (see
    http://www.mozilla.org/projects/security/known-vulnerabilities.html),
    in particular MFSA 2005-30
    (http://www.mozilla.org/security/announce/mfsa2005-30.html).
    Upgrade to 1.0.2.
  </reason>
  <severity class="client" level="critical" />
</item>


<item id='openssl-0.9.7d-obsolete'>
  <condition>
    <within>
      <traverse><true /></traverse>
      <hasAttr name='outputHash' value='1b49e90fc8a75c3a507c0a624529aca5' />
    </within>
  </condition>
  <reason>
    Race condition in CRL checking code.  Upgrade to 0.9.7e.
  </reason>
  <severity class="all" level="low" />
</item>


<item id='zlib-1.2.1-security' type='security'>
  <condition>
    <within>
      <traverse>
        <not><hasAttr name='outputHash' value='.+' /></not>
      </traverse>
      <hasAttr name='outputHash' value='ef1cb003448b4a53517b8f25adb12452' />
    </within>
  </condition>
  <reason>
    Zlib 1.2.1 is vulnerable to a denial-of-service condition.  See
    http://www.kb.cert.org/vuls/id/238678.  Upgrade to 1.2.2.
  </reason>
  <severity class="server" level="critical" />
  <severity class="client" level="medium" />
</item>


<!--
<item id='libpng-1.2.7-crash'>
  <condition>
    <containsName name="libpng" comparison="lte" version="1.2.7" />
  </condition>
  <reason>
    libpng 1.2.7 is vulnerable to a crash bug.  See
    http://www.libpng.org/pub/png/libpng.html.  Upgrade to 1.2.8.
  </reason>
  <severity class="client" level="low" />
</item>
-->


<!--
<item id='subversion-without-zlib' type='improvement'>

  <condition>
    <withinOutputClosure>
      <not>
        <containsName name='zlib' />
      </not>
    </withinOutputClosure>
  </condition>

  <reason>
    Subversion can be compiled with Zlib compression support, which is a good thing.
  </reason>

</item>
-->

</blacklist>