jmm-guest at alioth.debian.org
2009-Jan-05 23:03 UTC
[Secure-testing-commits] r10864 - data/CVE
Author: jmm-guest Date: 2009-01-05 23:03:00 +0000 (Mon, 05 Jan 2009) New Revision: 10864 Modified: data/CVE/list Log: - new auctex issue - one qemu issue fixed - freebsd is in the archive - nbci-tools fixed - one old perl issue fixed Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-01-05 22:56:33 UTC (rev 10863) +++ data/CVE/list 2009-01-05 23:03:00 UTC (rev 10864) @@ -1,3 +1,5 @@ +CVE-2008-XXXX [auctex insecure temp file] + - auctex 11.83-7.3 (bug #506961) CVE-2008-5841 NOT-FOR-US: iGaming CVE-2008-5840 @@ -211,7 +213,10 @@ CVE-2008-5737 (SQL injection vulnerability in index.php in Nodstrum MySQL Calendar ...) NOT-FOR-US: Nodstrum MySQL Calendar CVE-2008-5736 (Multiple unspecified vulnerabilities in FreeBSD 6 before 6.4-STABLE, ...) - NOT-FOR-US: FreeBSD + - kfreebsd-6 <unfixed> + [lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported) + - kfreebsd-7 7.1-1 + [lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported) CVE-2008-5735 (Stack-based buffer overflow in skin.c in CoolPlayer 2.17 through 2.19 ...) NOT-FOR-US: CoolPlayer CVE-2008-5734 (Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp ...) @@ -259,7 +264,7 @@ - iceweasel <unfixed> (unimportant) NOTE: Browser crashes not treated as security issues CVE-2008-5714 (Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for ...) - - qemu <unfixed> (low; bug #509882) + - qemu 0.9.1-10 (low; bug #509882) [etch] - qemu <not-affected> (Vulnerable code not present) - kvm 82-1 (low; bug #509997) CVE-2008-5713 (The __qdisc_run function in net/sched/sch_generic.c in the Linux ...) @@ -1583,7 +1588,10 @@ CVE-2008-5163 (Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 ...) NOT-FOR-US: The Rat CMS CVE-2008-5162 (The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does ...) - NOT-FOR-US: FreeBSD + - kfreebsd-6 <unfixed> + [lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported) + - kfreebsd-7 7.1-1 + [lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported) CVE-2008-5161 (Error handling in the SSH protocol in (1) SSH Tectia Client and Server ...) - openssh <unfixed> (low; bug #506115) [etch] - openssh <no-dsa> (minor issue) @@ -1619,9 +1627,8 @@ - maildirsync <unfixed> (unimportant) NOTE: unsafe code is in example script CVE-2008-5149 (fwd_check.sh in libncbi6 6.1.20080302 allows local users to overwrite ...) - - ncbi-tools6 <unfixed> (unimportant) + - ncbi-tools6 6.1.20080302-4 (unimportant) NOTE: unsafe code is in example script - NOTE: Fixed in experimental CVE-2008-5148 (sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite ...) - geda-gnetlist <unfixed> (unimportant) NOTE: unsafe code is an example script @@ -1772,8 +1779,6 @@ NOT-FOR-US: wrg_anotherbelogin extension for typo3 CVE-2008-5086 (Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a ...) - libvirt 0.4.6-10 - TODO: check - NOTE: Fixed in experimental CVE-2008-5085 RESERVED CVE-2008-5084 @@ -19359,6 +19364,7 @@ CVE-2007-4830 (Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in ...) NOT-FOR-US: DirectAdmin CVE-2007-4829 (Directory traversal vulnerability in the Archive::Tar Perl module 1.36 ...) + - perl 5.10.0-19 - libarchive-tar-perl 1.38-1 (low; bug #449544) [sarge] - libarchive-tar-perl <no-dsa> (Minor issue) [etch] - libarchive-tar-perl <no-dsa> (Minor issue)