CVE-2002-2211, CVE-2002-2212, CVE-2002-2213: bind affected, bind9 is not

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@4086 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Florian Weimer <fw@deneb.enyo.de> 2006-05-28 09:52:47 +0000
committer: Florian Weimer <fw@deneb.enyo.de> 2006-05-28 09:52:47 +0000
commit: fc050bedd613892a03c97bd0039c41d17cacb32d (patch)
tree: 8dbab5574096257a1c45b3620105af305b854fd1
parent: 6081146f6ccd5a1af947397d8ea5845b55a4ba58 (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/data/CVE/2002.list b/data/CVE/2002.list
index 36bafbdbd3..fc6dc0618f 100644
--- a/data/CVE/2002.list
+++ b/data/CVE/2002.list
@@ -1,9 +1,12 @@
 CVE-2002-2213 (The DNS resolver in unspecified versions of Infoblox DNS One, when ...)
-	TODO: check
+	NOT-FOR-US: Infoblox DNS One
 CVE-2002-2212 (The DNS resolver in unspecified versions of Fujitsu UXP/V, when ...)
-	TODO: check
+	NOT-FOR-US: Fujitsu UXP/V
 CVE-2002-2211 (BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary ...)
-	TODO: check
+	- bind <unfixed> (medium)
+	- bind9 <not-affected> (does not send parallel queries)
+	NOTE: Disabling recursion does not close all attack vectors.
+	NOTE: Browser reflection attacks will still work.
 CVE-2002-2210 (The installation of OpenOffice 1.0.1 allows local users to overwrite ...)
 	TODO: check
 CVE-2002-2209 (Unspecified &quot;security vulnerability&quot; in Baby FTP Server versions ...)
author	Florian Weimer <fw@deneb.enyo.de>	2006-05-28 09:52:47 +0000
committer	Florian Weimer <fw@deneb.enyo.de>	2006-05-28 09:52:47 +0000
commit	fc050bedd613892a03c97bd0039c41d17cacb32d (patch)
tree	8dbab5574096257a1c45b3620105af305b854fd1
parent	6081146f6ccd5a1af947397d8ea5845b55a4ba58 (diff)