jmm-guest at alioth.debian.org
2009-Mar-19 22:31 UTC
[Secure-testing-commits] r11446 - data/CVE
Author: jmm-guest Date: 2009-03-19 22:31:44 +0000 (Thu, 19 Mar 2009) New Revision: 11446 Modified: data/CVE/list Log: - two new kernel issues - iceweasel non-issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-03-19 21:14:15 UTC (rev 11445) +++ data/CVE/list 2009-03-19 22:31:44 UTC (rev 11446) @@ -425,9 +425,12 @@ CVE-2009-0854 (Untrusted search path vulnerability in dash 0.5.4, when used as a ...) - dash <not-affected> (Debian uses upstream''s patch to implement -l) CVE-2009-0835 (The __secure_computing function in kernel/seccomp.c in the seccomp ...) - TODO: check + - linux-2.6 <unfixed> (low) + - linux-2.6.24 <unfixed> (unimportant) + NOTE: CONFIG_SECCOMP has only been enabled in 2.6.26 CVE-2009-0834 (The audit_syscall_entry function in the Linux kernel 2.6.28.7 and ...) - TODO: check + - linux-2.6 <unfixed> (low) + - linux-2.6.24 <unfixed> (low) CVE-2009-0833 (Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 ...) NOT-FOR-US: Winamp CVE-2009-0832 (SQL injection vulnerability in items.php in the E-Cart module 1.3 for ...) @@ -487,7 +490,8 @@ CVE-2008-6399 (Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows ...) NOT-FOR-US: DotNetNuke CVE-2009-0821 (Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause ...) - TODO: check + - iceweasel <unfixed> (unimportant) + NOTE: Browser DoS not treated as security issues CVE-2009-0820 (Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 ...) NOT-FOR-US: phpScheduleIt CVE-2009-0819 (sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 ...)