Author: fw Date: 2009-12-15 14:38:18 +0000 (Tue, 15 Dec 2009) New Revision: 13556 Modified: data/CVE/list Log: CVE-2009-4136, CVE-2009-4034: postgresql-* Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-12-15 13:10:28 UTC (rev 13555) +++ data/CVE/list 2009-12-15 14:38:18 UTC (rev 13556) @@ -436,8 +436,13 @@ - linux-2.6.24 <removed> (medium) CVE-2009-4137 RESERVED -CVE-2009-4136 +CVE-2009-4136 [Privilege escalation through index functions] RESERVED + - postgresql-7.4 <removed> + - postgresql-8.1 <removed> + - postgresql-8.2 <removed> + - postgresql-8.3 8.3.9-1 (low) + - postgresql-8.4 8.4.2-1 (low) CVE-2009-4135 (The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 ...) - coreutils <not-affected> (this issue only affects the coreutils build process; bug #560898) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=545439 @@ -682,8 +687,13 @@ RESERVED CVE-2009-4035 RESERVED -CVE-2009-4034 +CVE-2009-4034 [X.509 certificate spoofing using NUL characters] RESERVED + - postgresql-7.4 <removed> + - postgresql-8.1 <removed> + - postgresql-8.2 <removed> + - postgresql-8.3 8.3.9-1 (low) + - postgresql-8.4 8.4.2-1 (low) CVE-2009-4033 (A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to ...) - acpid <not-affected> (problem in redhat-specific patch; debian uses sensible permissions 0664) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=515062