Author: derevko-guest Date: 2009-10-10 08:28:38 +0000 (Sat, 10 Oct 2009) New Revision: 12974 Modified: data/CVE/list Log: - CVE-2009-3369 fixed - CVE-2009-3525 unimportant Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-10-10 05:59:34 UTC (rev 12973) +++ data/CVE/list 2009-10-10 08:28:38 UTC (rev 12974) @@ -132,7 +132,11 @@ CVE-2009-3528 (SQL injection vulnerability in Profile.php in MyMsg 1.0.3 allows ...) NOT-FOR-US: MyMsg CVE-2009-3525 (The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not ...) - TODO: check + - xen-3 <unfixed> (unimportant) + - xen-unstable <unfixed> (unimportant) + NOTE: This is an enhancement, not a security issue. + NOTE: A user must have access to a guest hard drive image in order to boot it, + NOTE: so he can simply mount the drive and remove the password option. CVE-2009-XXXX [buffer overflow in overkill] - overkill <unfixed> (bug #549310; low) [lenny] - overkill <no-dsa> (Minor issue) @@ -2132,7 +2136,7 @@ CVE-2009-2881 (Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote ...) NOT-FOR-US: Basilic CVE-2009-3369 (CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in ...) - - backuppc <unfixed> (low; bug #542218) + - backuppc 3.1.0-8 (low; bug #542218) [etch] - backuppc <no-dsa> (Requires access) [lenny] - backuppc <no-dsa> (Requires access) CVE-2009-XXXX [burn: Insecure escaping of file names]