Author: jmm-guest
Date: 2009-06-29 09:15:55 +0000 (Mon, 29 Jun 2009)
New Revision: 12220
Modified:
data/CVE/list
Log:
fixes from stable point update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-06-29 08:57:24 UTC (rev 12219)
+++ data/CVE/list 2009-06-29 09:15:55 UTC (rev 12220)
@@ -54,6 +54,8 @@
- kfreebsd-7 7.2-2
[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
NOTE: http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
+CVE-2009-XXXX [Tor: Avoid crashing in the presence of certain malformed
descriptors]
+ - tor 0.2.0.35-1
CVE-2009-2207
RESERVED
CVE-2009-2206
@@ -621,7 +623,7 @@
NOTE: exploitability limited, DoS rather obscure attack scenario
CVE-2009-1956 (Off-by-one error in the apr_brigade_vprintf function in Apache
...)
- apr-util 1.3.7+dfsg-1 (low)
- TODO: next point release: [lenny] - apr-util 1.2.12+dfsg-8+lenny3
+ [lenny] - apr-util 1.2.12+dfsg-8+lenny3
CVE-2009-1955 (The expat XML parser in the apr_xml_* interface in xml/apr_xml.c
in ...)
{DSA-1812-1}
- apr-util 1.3.7+dfsg-1 (medium)
@@ -2099,8 +2101,7 @@
- chromium-browser <itp> (bug #520324)
CVE-2009-XXXX [iodine: DoS against iodined triggerable by authenticated users]
- iodine <unfixed> (low)
- [lenny] - iodine <no-dsa> (Maintainer will fix it in next stable point
update)
- TODO: next point release: [lenny] - iodine 0.4.2-2~lenny1
+ [lenny] - iodine 0.4.2-2~lenny1
CVE-2009-XXXX [ntop: access.log permissions]
- ntop <not-affected> (fedora-specific configuration issue; debian
package not affected)
NOTE: bug #524801 (http://bugs.debian.org/524801)
@@ -3666,8 +3667,7 @@
NOT-FOR-US: Apple Safari
CVE-2009-1041 (The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1,
and 7.2 ...)
- kfreebsd-7 7.1-3
- [lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
- TODO: lenny r02 [lenny] - kfreebsd-7 7.0-7lenny1
+ [lenny] - kfreebsd-7 7.0-7lenny1
CVE-2008-6511 (Open redirect vulnerability in login.jsp in Openfire 3.6.0a and
...)
NOT-FOR-US: Openfire
CVE-2008-6510 (Cross-site scripting (XSS) vulnerability in login.jsp in the
Admin ...)
@@ -9320,8 +9320,7 @@
- kfreebsd-6 <unfixed>
[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
- kfreebsd-7 7.1-1
- [lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
- TODO: lenny r02 [lenny] - kfreebsd-7 7.0-7lenny1
+ [lenny] - kfreebsd-7 7.0-7lenny1
CVE-2008-5161 (Error handling in the SSH protocol in (1) SSH Tectia Client and
Server ...)
- openssh <unfixed> (low; bug #506115)
[etch] - openssh <no-dsa> (Minor issue, see
http://www.openssh.org/txt/cbc.adv)