Author: gilbert-guest Date: 2009-12-07 02:24:37 +0000 (Mon, 07 Dec 2009) New Revision: 13471 Modified: data/CVE/list Log: info for xen and apache issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-12-07 00:40:51 UTC (rev 13470) +++ data/CVE/list 2009-12-07 02:24:37 UTC (rev 13471) @@ -22324,7 +22324,7 @@ CVE-2008-2364 (The ap_proxy_http_process_response function in mod_proxy_http.c in the ...) - apache2 2.2.9-1 (low) [etch] - apache2 2.2.3-4+etch6 - TODO: check apache 1.3 + - apache <not-affected> (vulnerable code not present) CVE-2008-2363 (The PartsBatch class in Pan 0.132 and earlier does not properly manage ...) - pan 0.132-3.1 (bug #483562) [etch] - pan <not-affected> (Vulnerable code not added until 0.130) @@ -23269,7 +23269,7 @@ CVE-2008-1952 (The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in ...) - xen-3 3.2.1-2 (medium; bug #487095) - xen-unstable <not-affected> (Vulnerable code not present, introduced in changeset 17630) - TODO: check that next upload includes changes until changeset 17643 or higher + NOTE: vulnerable code no longer present as of xen 3.4 (xenfb.c has been removed) CVE-2008-1951 (Untrusted search path vulnerability in a certain Red Hat build script ...) NOT-FOR-US: Red Hat issue CVE-2008-1950 (Integer signedness error in the _gnutls_ciphertext2compressed function ...)