about summary refs log tree commit diff
path: root/blacklisting/blacklist.xml
blob: 0ae2b21d2c5b08e3d151cb7c9aa2f7c7cc2d10cc (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
<blacklist>

  
<item id='openssl-0.9.7d-obsolete'>
  <condition>
    <containsSource
        hash="sha256:1xf1749gdfw9f50mxa5rsnmwiwrb5mi0kg4siw8a73jykdp2i6ii"
        origin="openssl-0.9.7d.tar.gz" />
  </condition>
  <reason>
    Race condition in CRL checking code.  Upgrade to 0.9.7e.
  </reason>
  <severity class="all" level="low" />
</item>


<item id='zlib-1.2.1-security'>
  <condition>
    <containsSource
        hash="sha256:0yp7z8ask4b8m2ia253apnnxdk0z0zrs70yr079m2rjd4297chgv"
        origin="zlib-1.2.1.tar.gz" />
<!--
    <or>
      <and>
        <containsSource
            hash="sha256:0yp7z8ask4b8m2ia253apnnxdk0z0zrs70yr079m2rjd4297chgv"
            origin="zlib-1.2.1.tar.gz" />
        <not>
          <containsSource
              hash="..."
              origin="zlib-1.2.1-dos.patch" />
        </not>
      </and>
      <containsOutput
          name="/nix/store/gxbdsvlwz6ixin94jhdw7rwdbb5mxxq3-zlib-1.2.1" />
    </or>
    -->
  </condition>
  <reason>
    Zlib 1.2.1 is vulnerable to a denial-of-service condition.  See
    http://www.kb.cert.org/vuls/id/238678.  Upgrade to 1.2.2.
  </reason>
  <severity class="server" level="critical" />
  <severity class="client" level="medium" />
</item>


<item id='libpng-1.2.7-crash'>
  <condition>
    <containsName name="libpng" comparison="lte" version="1.2.7" />
  </condition>
  <reason>
    libpng 1.2.7 is vulnerable to a crash bug.  See
    http://www.libpng.org/pub/png/libpng.html.  Upgrade to 1.2.8.
  </reason>
  <severity class="client" level="low" />
</item>


</blacklist>