jmm-guest at alioth.debian.org
2008-Oct-09 16:11 UTC
[Secure-testing-commits] r10049 - data/CVE
Author: jmm-guest
Date: 2008-10-09 16:11:20 +0000 (Thu, 09 Oct 2008)
New Revision: 10049
Modified:
data/CVE/list
Log:
one NFU confirmed by Russ Allbery
two kernel issues fixed in sid
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-10-09 15:30:29 UTC (rev 10048)
+++ data/CVE/list 2008-10-09 16:11:20 UTC (rev 10049)
@@ -141,7 +141,7 @@
CVE-2008-4411
RESERVED
CVE-2008-4410 (The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in
the ...)
- - linux-2.6 <unfixed>
+ - linux-2.6 2.6.26-8
CVE-2008-4409 (libxml2 2.7.0 and 2.7.1 does not properly handle
"predefined entities ...)
- libxml2 <not-affected> (Vulnerable code not present, introduced in
2.7.0)
TODO: check again if >= 2.7 gets uploaded
@@ -1584,7 +1584,7 @@
CVE-2008-3826
RESERVED
CVE-2008-3825 (pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and
earlier, when ...)
- TODO: check
+ NOT-FOR-US: Different code base than Debian''s libpam-krb5
CVE-2008-3824 (Cross-site scripting (XSS) vulnerability in (1) ...)
{DTSA-165-1}
- horde3 3.2.2+debian0-1 (low; bug #499579)
@@ -7028,7 +7028,7 @@
[sarge] - otrs <not-affected> (Vulnerable code not present)
NOTE: http://packages.qa.debian.org/o/otrs2/news/20080320T211729Z.html
CVE-2008-1514 (arch/s390/kernel/ptrace.c in Linux kernel 2.6.9, and other
versions ...)
- - linux-2.6 <unfixed>
+ - linux-2.6 2.6.26-8
NOTE: s390 specific issue, counterpart for x86 not reproducible with 2.6.24
here
CVE-2008-1513 (SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and
...)
NOT-FOR-US: Danneo CMS