Author: jmm-guest
Date: 2009-04-19 18:36:03 +0000 (Sun, 19 Apr 2009)
New Revision: 11647
Modified:
data/CVE/list
Log:
- changes from recent point updates
- kernel updates
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-04-18 11:02:41 UTC (rev 11646)
+++ data/CVE/list 2009-04-19 18:36:03 UTC (rev 11647)
@@ -357,6 +357,7 @@
- linux-2.6.24 <not-affected> (Issue was introduced after 2.6.27
release)
CVE-2009-1242 (The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX ...)
- linux-2.6 <unfixed>
+ [etch] - linux-2.6 <not-affected> (Doesn''t include KVM yet)
- linux-2.6.24 <unfixed>
CVE-2008-6656 (Multiple SQL injection vulnerabilities in Open Auto Classifieds
1.4.3b ...)
NOT-FOR-US: Open Auto Classifieds
@@ -800,7 +801,7 @@
CVE-2009-1145
RESERVED
CVE-2009-1144 (Untrusted search path vulnerability in the Gentoo package of
Xpdf ...)
- NOT-FOR-US: Gentoo specific vulnerability in building xpdf
+ - xpdf <not-affected> (Gentoo specific vulnerability in building xpdf)
CVE-2009-1143
RESERVED
CVE-2009-1142
@@ -1168,6 +1169,8 @@
NOT-FOR-US: Send by e-mail module for Drupal
CVE-2009-1046 (The console selection feature in the Linux kernel 2.6.28 before
...)
- linux-2.6 2.6.29-1
+ - linux-2.6.24 <removed>
+ [etch] - linux-2.6 <not-affected> (Introduced in 2.6.23-rc1)
CVE-2009-1045 (requests/status.xml in VLC 0.9.8a allows remote attackers to
cause a ...)
- vlc 0.9.9a-1 (unimportant; bug #522170)
NOTE: access is limited to localhost
@@ -1481,10 +1484,10 @@
NOT-FOR-US: Solaris
CVE-2009-0922 (PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25
allows ...)
- postgresql-8.3 8.3.7-1 (bug #517405)
- [lenny] - postgresql-8.3 <no-dsa> (Minor issue)
+ [lenny] - postgresql-8.3 8.3.7-0lenny1
- postgresql-8.1 <removed>
- postgresql-7.4 <removed>
- [etch] - postgresql-8.1 <no-dsa> (Minor issue)
+ [etch] - postgresql-8.1 8.1.17-0etch1
[etch] - postgresql-7.4 <no-dsa> (Minor issue)
CVE-2008-6481 (SQL injection vulnerability in the Versioning component ...)
NOT-FOR-US: Versioning component (com_versioning) in Joomla! and Mambo
@@ -1574,10 +1577,8 @@
RESERVED
CVE-2009-0887 (Integer signedness error in the _pam_StrTok function in ...)
- pam <unfixed> (low; bug #520115)
- [etch] - pam <no-dsa> (Minor issue)
- [lenny] - pam <no-dsa> (Minor issue)
- TODO: add after r1 [lenny] - pam 1.0.1-5+lenny1
- TODO: add after r8 [etch] - pam 0.79-5+etch1
+ [lenny] - pam 1.0.1-5+lenny1
+ [etch] - pam 0.79-5+etch1
CVE-2009-0886 (Directory traversal vulnerability in login.php in OneOrZero
Helpdesk ...)
NOT-FOR-US: OneOrZero Helpdesk
CVE-2009-0885 (Multiple heap-based buffer overflows in Media Commands 1.0 allow
...)
@@ -2318,11 +2319,8 @@
NOTE: CVE id requested
CVE-2009-0749 (Use-after-free vulnerability in the GIFReadNextExtension
function in ...)
- optipng 0.6.2.1-1 (low)
- [etch] - optipng <no-dsa> (Minor issue)
- TODO: [etch] - optipng 0.5.5-2
- [lenny] - optipng <no-dsa> (Minor issue)
- TODO: [lenny] - optipng 0.6.1.1-2
- NOTE: Scheduled for next point releases
+ [etch] - optipng 0.5.5-2
+ [lenny] - optipng 0.6.1.1-2
CVE-2009-0741 (SQL injection vulnerability in Login.asp in Craft Silicon
Banking at Home ...)
NOT-FOR-US: Craft Silicon Banking at Home
CVE-2009-0740 (SQL injection vulnerability in login.php in BlueBird Prelease
allows ...)
@@ -3805,6 +3803,7 @@
CVE-2009-0363 (Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b)
owl ...)
{DTSA-197-1}
- barnowl 1.0.5-1
+ [lenny] - barnowl 1.0.1-4
- owl 2.2.2-1 (bug #515118)
CVE-2009-0362 (filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular
...)
- fail2ban 0.8.3-2sid1 (low; bug #514163)