jmm-guest at alioth.debian.org
2009-Mar-21 12:26 UTC
[Secure-testing-commits] r11456 - data/CVE
Author: jmm-guest
Date: 2009-03-21 12:26:39 +0000 (Sat, 21 Mar 2009)
New Revision: 11456
Modified:
data/CVE/list
Log:
- track one kernel issue as not affecting Lenny
- pam issue will be fixed in stable update, mark as no-dsa until then
- cups bug (hardly a security issue) no-dsa, can be fixed along with
potential upcoming cups issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-03-21 09:14:15 UTC (rev 11455)
+++ data/CVE/list 2009-03-21 12:26:39 UTC (rev 11456)
@@ -255,6 +255,7 @@
CVE-2009-0935 (The inotify_read function in the Linux kernel 2.6.27 to
2.6.27.13, ...)
- linux-2.6 <unfixed> (low)
[etch] - linux-2.6 <not-affected> (Vulnerability was introduced in
2.6.27-rc9)
+ [lenny] - linux-2.6 <not-affected> (Vulnerability was introduced in
2.6.27-rc9)
- linux-2.6.24 <not-affected> (Vulnerability was introduced in
2.6.27-rc9)
CVE-2009-0934 (Cross-site scripting (XSS) vulnerability in ejabberd before
2.0.4 ...)
TODO: check
@@ -370,6 +371,8 @@
RESERVED
CVE-2009-0887 (Integer signedness error in the _pam_StrTok function in ...)
- pam <unfixed> (low; bug #520115)
+ [etch] - pam <no-dsa> (Minor issue)
+ [lenny] - pam <no-dsa> (Minor issue)
TODO: add after r1 [lenny] - pam 1.0.1-5+lenny1
TODO: add after r8 [etch] - pam 0.79-5+etch1
CVE-2009-0886 (Directory traversal vulnerability in login.php in OneOrZero
Helpdesk ...)
@@ -5529,6 +5532,7 @@
NOT-FOR-US: ipnat
CVE-2008-5183 (cupsd in CUPS 1.3.9 and earlier allows local users, and possibly
...)
- cups 1.3.9-13 (low; bug #506180)
+ [lenny] - cups <no-dsa> (Minor issue)
[etch] - cupsys <not-affected> (RSS subscription code not yet present)
CVE-2008-5297 (Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote
HTTP ...)
{DSA-1686-1}