jmm-guest at alioth.debian.org
2009-Apr-05 08:23 UTC
[Secure-testing-commits] r11563 - data/CVE
Author: jmm-guest Date: 2009-04-05 08:23:56 +0000 (Sun, 05 Apr 2009) New Revision: 11563 Modified: data/CVE/list Log: - kernel updates - puppetmaster not related to puppet, Micah looked into it Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-04-04 09:57:16 UTC (rev 11562) +++ data/CVE/list 2009-04-05 08:23:56 UTC (rev 11563) @@ -359,11 +359,11 @@ CVE-2008-6558 (Untrusted search path vulnerability in (1) hvdisp and (2) rcvm in ...) NOT-FOR-US: SCO UnixWare CVE-2008-6557 (cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote ...) - TODO: check, whether it''s related to puppetmaster from puppet + NOT-FOR-US: Puppet Master WebUtit, different than puppetmaster from puppet CVE-2008-6556 (cgi-bin/webutil.pl in The Puppet Master WebUtil 2.3 allows remote ...) - TODO: check, whether it''s related to puppetmaster from puppet + NOT-FOR-US: Puppet Master WebUtit, different than puppetmaster from puppet CVE-2008-6555 (cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote ...) - TODO: check, whether it''s related to puppetmaster from puppet + NOT-FOR-US: Puppet Master WebUtit, different than puppetmaster from puppet CVE-2008-6554 (cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 ...) NOT-FOR-US: Aztech router CVE-2008-6553 (microcms-admin-home.php in Implied by Design Micro CMS (Micro-CMS) 3.5 ...) @@ -567,7 +567,8 @@ - nss-ldapd 0.6.8 CVE-2009-1072 (nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD ...) - linux-2.6 2.6.29-1 - - linux-2.6.24 <unfixed> + [etch] - linux-2.6 <not-affected> (Issue was introduced after 2.6.24 release) + - linux-2.6.24 <not-affected> (Issue was introduced after 2.6.24 release) CVE-2009-0934 (Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 ...) - ejabberd <unfixed> (bug #520852) TODO: check version in old/stable @@ -1262,6 +1263,7 @@ - dash <not-affected> (Debian uses upstream''s patch to implement -l) CVE-2009-0835 (The __secure_computing function in kernel/seccomp.c in the seccomp ...) - linux-2.6 <unfixed> (low) + [etch] - linux-2.6 <not-affected> (Not enabled in 2.6.18) - linux-2.6.24 <unfixed> (unimportant) NOTE: CONFIG_SECCOMP has only been enabled in 2.6.26 CVE-2009-0834 (The audit_syscall_entry function in the Linux kernel 2.6.28.7 and ...) @@ -4924,7 +4926,7 @@ - linux-2.6 <unfixed> (medium) - linux-2.6.24 <removed> CVE-2009-0028 (The clone system call in the Linux kernel 2.6.28 and earlier allows ...) - - linux-2.6 <unfixed> + - linux-2.6 2.6.29-1 - linux-2.6.24 <unfixed> CVE-2009-0027 (The request handler in JBossWS in JBoss Enterprise Application ...) TODO: check