Author: gilbert-guest Date: 2011-09-05 05:17:53 +0000 (Mon, 05 Sep 2011) New Revision: 17169 Modified: data/CVE/list Log: tempfile is a non-issue; some krb5 info Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-09-04 20:56:23 UTC (rev 17168) +++ data/CVE/list 2011-09-05 05:17:53 UTC (rev 17169) @@ -1,10 +1,3 @@ -CVE-2011-XXXX [TMPFILE environment variable exposure] - - debianutils <unfixed> (bug #640389) - [squeeze] - debianutils <no-dsa> (very esoteric attack vector) - [lenny] - debianutils <no-dsa> (very esoteric attack vector) - - coreutils <unfixed> - [squeeze] - coreutils <no-dsa> (very esoteric attack vector) - [lenny] - coreutils <no-dsa> (very esoteric attack vector) CVE-2011-XXXX [unescaped remote shell] - bcfg2 1.1.2-2 (bug #640028) NOTE: information as reported by maintainer @@ -100491,10 +100484,11 @@ - krb4 <unfixed> (unimportant) [woody] - krb4 <no-dsa> (Documented behaviour in MIT Kerberos) [sarge] - krb4 <no-dsa> (Documented behaviour in MIT Kerberos) - - krb5 <unfixed> (unimportant) + - krb5 1.8.3+dfsg-4 (unimportant) [woody] - krb5 <no-dsa> (Documented behaviour in MIT Kerberos) [sarge] - krb5 <no-dsa> (Documented behaviour in MIT Kerberos) - netkit-telnet <not-affected> (netkit-telnet is not affected) + NOTE: telnet code was removed earlier than 1.8.3, but that''s the version that was available to check CVE-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows ...) NOTE: This is not a real security issue; it just describes the fact that the Gecko NOTE: engine of the Mozillae may be lead into a crash if you feed it with large chunks