Author: derevko-guest Date: 2009-09-30 07:18:37 +0000 (Wed, 30 Sep 2009) New Revision: 12904 Modified: data/CVE/list Log: - xen-tools: world readable disk image files - oping fixed - CVE-2009-3290: kvm is affected Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-09-29 21:14:14 UTC (rev 12903) +++ data/CVE/list 2009-09-30 07:18:37 UTC (rev 12904) @@ -1,3 +1,6 @@ +CVE-2009-XXXX [xen-tools: world readable disk image files] + - xen-tools <unfixed> (low; bug #548909) + TODO: request CVE id CVE-2009-3446 (SQL injection vulnerability in the MyRemote Video Gallery (com_mytube) ...) TODO: check CVE-2009-3445 (Unspecified vulnerability in Code-Crafters Ability Mail Server before ...) @@ -109,7 +112,7 @@ CVE-2009-3392 RESERVED CVE-2009-XXXX [oping suid 0 arbitrary file disclosure] - - oping <unfixed> (low; bug #548684) + - oping 1.3.3-1 (low; bug #548684) [lenny] - oping <not-affected> (doesn''t have -f option yet) [etch] - oping <not-affected> (doesn''t have -f option yet) TODO: request CVE id @@ -366,6 +369,7 @@ [etch] - linux-2.6 <not-affected> (introduced in 2.6.25) - linux-2.6.24 <removed> [etch] - linux-2.6.24 <not-affected> (introduced in 2.6.25) + - kvm <unfixed> (high; bug #548975) NOTE: fixed in upstream 2.6.31 CVE-2009-3288 (The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel ...) - linux-2.6 <unfixed> (medium)