fw at alioth.debian.org
2009-Jan-06 11:34 UTC
[Secure-testing-commits] r10869 - in data: CVE DSA
Author: fw
Date: 2009-01-06 11:34:06 +0000 (Tue, 06 Jan 2009)
New Revision: 10869
Modified:
data/CVE/list
data/DSA/list
Log:
clean up xterm issues
Old allowWindowOps issue never affected etch, even before DSA-1694-1.
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-01-06 11:26:58 UTC (rev 10868)
+++ data/CVE/list 2009-01-06 11:34:06 UTC (rev 10869)
@@ -67,8 +67,11 @@
CVE-2008-5808 (Cross-site scripting (XSS) vulnerability in Six Apart Movable
Type ...)
NOT-FOR-US: Six Apart Movable Type Enterprise
CVE-2006-7236 (The default configuration of xterm on Debian GNU/Linux sid and
...)
- {DSA-1694-1 DTSA-182-1}
+ {DTSA-182-1}
- xterm 238-1 (medium; bug #510030)
+ [etch] - xterm <not-affected> (allowWindowOps disabled in configuration)
+ NOTE: Somewhat mitigated by a filter for control characters in
+ NOTE: post-etch versions.
CVE-2008-5807 (Multiple cross-site scripting (XSS) vulnerabilities in TestLink
before ...)
NOT-FOR-US: TestLink
CVE-2008-5806 (SQL injection vulnerability in login.php in DeltaScripts PHP
...)
@@ -8295,7 +8298,7 @@
RESERVED
CVE-2008-2383 (CRLF injection vulnerability in xterm allows user-assisted
attackers ...)
{DSA-1694-1 DTSA-182-1}
- - xterm <unfixed> (medium; bug #510030)
+ - xterm 238-2 (medium; bug #510030)
CVE-2008-2382 (The protocol_client_msg function in vnc.c in the VNC server in
(1) ...)
- qemu 0.9.1-9
[etch] - qemu <not-affected> (Tested by maintainer)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2009-01-06 11:26:58 UTC (rev 10868)
+++ data/DSA/list 2009-01-06 11:34:06 UTC (rev 10869)
@@ -3,7 +3,7 @@
[etch] - ruby1.9 1.9.0+20060609-1etch4
[etch] - ruby1.8 1.8.5-4etch4
[02 Jan 2009] DSA-1694-1 xterm - remote code execution
- {CVE-2008-2383 CVE-2006-7236}
+ {CVE-2008-2383}
[etch] - xterm 222-1etch3
[27 Dec 2008] DSA-1693-1 phppgadmin - several vulnerabilities
{CVE-2007-2865 CVE-2007-5728 CVE-2008-5587}