Author: nion Date: 2008-06-19 15:42:08 +0000 (Thu, 19 Jun 2008) New Revision: 9109 Modified: data/CVE/list Log: add no-dsa items for vmware as contrib is not supported by the stable security team Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-06-19 15:05:51 UTC (rev 9108) +++ data/CVE/list 2008-06-19 15:42:08 UTC (rev 9109) @@ -1288,12 +1288,15 @@ RESERVED CVE-2008-2100 (Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on ...) - vmware-package <unfixed> (low; bug #485919) + [etch] - vmware-package <no-dsa> (Contrib not supported) NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself NOTE: does not download them, however it needs to update its hashes for upstream tarballs CVE-2008-2099 (Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 ...) - vmware-package <not-affected> (Windows issue according to CVE) + [etch] - vmware-package <no-dsa> (Contrib not supported) CVE-2008-2098 (Heap-based buffer overflow in the VMware Host Guest File System (HGFS) ...) - vmware-package <unfixed> (low; bug #484491) + [etch] - vmware-package <no-dsa> (Contrib not supported) NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself NOTE: does not download them, however it needs to update its hashes for upstream tarballs CVE-2008-2097 (Buffer overflow in the openwsman management service in VMware ESXi 3.5 ...) @@ -2898,6 +2901,7 @@ - plone3 <unfixed> (low; bug #473571) CVE-2008-1392 (The default configuration of VMware Workstation 6.0.2, VMware Player ...) - vmware-package <unfixed> (low; bug #486177) + [etch] - vmware-package <no-dsa> (Contrib not supported) NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself NOTE: does not download them, however it needs to update its hashes for upstream tarballs CVE-2007-6711 (Unspecified vulnerability in customer.php in FreeWebshop.org 2.2.5, ...) @@ -3001,6 +3005,7 @@ NOT-FOR-US: Trend Micro OfficeScan Corporate Edition CVE-2008-1364 (Unspecified vulnerability in the DHCP service in VMware Workstation ...) - vmware-package <unfixed> (low; bug #486177) + [etch] - vmware-package <no-dsa> (Contrib not supported) NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself NOTE: does not download them, however it needs to update its hashes for upstream tarballs CVE-2008-1363 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware ...) @@ -3050,6 +3055,7 @@ NOT-FOR-US: LaGarde StoreFront CVE-2008-1340 (Virtual Machine Communication Interface (VMCI) in VMware Workstation ...) - vmware-package <unfixed> (low; bug #486177) + [etch] - vmware-package <no-dsa> (Contrib not supported) NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself NOTE: does not download them, however it needs to update its hashes for upstream tarballs CVE-2008-1339 @@ -3968,6 +3974,7 @@ RESERVED CVE-2008-0967 (Untrusted search path vulnerability in vmware-authd in VMware ...) - vmware-package <unfixed> (low; bug #486110) + [etch] - vmware-package <no-dsa> (Contrib not supported) NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself NOTE: does not download them, however it needs to update its hashes for upstream tarballs CVE-2008-0966 @@ -9277,12 +9284,15 @@ NOT-FOR-US: ZZ:FlashChat CVE-2007-5619 (Unspecified vulnerability in VMware Server before 1.0.4 causes user ...) - vmware-package <unfixed> (low; bug #486177) + [etch] - vmware-package <no-dsa> (Contrib not supported) NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself NOTE: does not download them, however it needs to update its hashes for upstream tarballs CVE-2007-5618 (Unquoted Windows search path in the Authorization and other services ...) - vmware-package <not-affected> (Only vulnerable on windows hosted systems) + [etch] - vmware-package <no-dsa> (Contrib not supported) CVE-2007-5617 (Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 ...) - vmware-package <unfixed> (low; bug #486177) + [etch] - vmware-package <no-dsa> (Contrib not supported) NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself NOTE: does not download them, however it needs to update its hashes for upstream tarballs CVE-2007-5616 (ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x ...)