thijs at alioth.debian.org
2008-Dec-27 12:44 UTC
[Secure-testing-commits] r10810 - data/CVE
Author: thijs Date: 2008-12-27 12:44:04 +0000 (Sat, 27 Dec 2008) New Revision: 10810 Modified: data/CVE/list Log: xen issue is only relevant when wrongly fixing an earlier issue. new qemu issue, not in etch, borders on unimportant imo Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-12-27 11:55:05 UTC (rev 10809) +++ data/CVE/list 2008-12-27 12:44:04 UTC (rev 10810) @@ -1,9 +1,13 @@ CVE-2008-5716 (xend in Xen 3.3.0 does not properly restrict a guest VM''s write access ...) - TODO: check + - xen-3 <not-affected> (Vulnerable code never entered Debian) + - xen-unstable <not-affected> (Vulnerable code never entered Debian) + NOTE: this issue was introduced as a fix to CVE-2008-4405, which has not + NOTE: yet been fixed in Debian CVE-2008-5715 (Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to ...) TODO: check CVE-2008-5714 (Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for ...) - TODO: check + - qemu <unfixed> (low; bug #509882) + [etch] - qemu <not-affected> (Vulnerable code not present) CVE-2008-5713 (The __qdisc_run function in net/sched/sch_generic.c in the Linux ...) TODO: check CVE-2008-5712 (The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to ...) @@ -3021,6 +3025,7 @@ CVE-2008-4405 (xend in Xen 3.0.3 does not properly limit the contents of the ...) - xen-3 <unfixed> (bug #503811) - xen-unstable <unfixed> + NOTE: a proposed patch leads to new problems, see CVE-2008-5716 CVE-2008-4404 (The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM ...) NOT-FOR-US: IPv6 NDP on IBM zSeries CVE-2008-4403 (The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before ...)