thr3ads.net - Secure testing commits - [Secure-testing-commits] r13074

If this information is useful, please help other people find it:
Share via:

Michael Gilbert

2009-Oct-23 02:50 UTC

[Secure-testing-commits] r13074 - data/CVE

Author: gilbert-guest
Date: 2009-10-23 02:50:31 +0000 (Fri, 23 Oct 2009)
New Revision: 13074

Modified:
   data/CVE/list
Log:
- new kernel issues
- chromium issue already had a cve assigned

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-10-23 02:37:00 UTC (rev 13073)
+++ data/CVE/list	2009-10-23 02:50:31 UTC (rev 13074)
@@ -6,10 +6,6 @@
 CVE-2009-XXXX [mandos 0600 file being included in initrd]
 	- mandos <unfixed> (bug #551907)
 	TODO: determine real impact
-CVE-2009-XXXX [chromium: rss xss]
-	- chromium-browser <itp> (low; bug #520324)
-	NOTE: http://seclists.org/fulldisclosure/2009/Sep/201
-	NOTE: other browsers are not affected (only chrome and opera)
 CVE-2009-3733
 	RESERVED
 CVE-2009-3732
@@ -236,10 +232,20 @@
 	RESERVED
 CVE-2009-3625
 	RESERVED
-CVE-2009-3624
+CVE-2009-3624 [linux-2.6: keyring issue]
 	RESERVED
-CVE-2009-3623
+	- linux-2.6 <unfixed> (low)
+	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
+	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in
2.6.29)
+	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.29)
+	NOTE: fixed upstream in 2.6.32-rc5
+CVE-2009-3623 [linux-2.6: null ptr dereference in nfsv4]
 	RESERVED
+	- linux-2.6 <unfixed> (medium)
+	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
+	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in
2.6.31)
+	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.31)
+	NOTE: fixed upstream in 2.6.32-rc1
 CVE-2009-3622 [wordpress: Trackback DoS]
 	RESERVED
 	- wordpress 2.8.5-1
@@ -1086,7 +1092,9 @@
 CVE-2009-3264 (The getSVGDocument method in Google Chrome before 3.0.195.21
omits an ...)
 	- chromium-browser <itp> (bug #520324)
 CVE-2009-3263 (Cross-site scripting (XSS) vulnerability in Google Chrome 2.x
and 3.x ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <itp> (low; bug #520324)
+	NOTE: http://seclists.org/fulldisclosure/2009/Sep/201
+	NOTE: other browsers are not affected (only chrome and opera)
 CVE-2009-3262 (Cross-site scripting (XSS) vulnerability in the Self Service UI
(SSUI) ...)
 	NOT-FOR-US: IBM Tivoli Identity Manager
 CVE-2009-3261 (update/update_0.1.2_to_0.2.php in LiveStreet 0.2 does not
require ...)

Secure testing commits - Oct 2009 - r13074 - data/CVE

[Secure-testing-commits] r13074 - data/CVE