Author: jmm Date: 2011-03-11 10:47:50 +0000 (Fri, 11 Mar 2011) New Revision: 16361 Modified: data/CVE/list Log: libvirt unfixed unixodbc not no-dsa Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-03-11 10:01:09 UTC (rev 16360) +++ data/CVE/list 2011-03-11 10:47:50 UTC (rev 16361) @@ -471,12 +471,10 @@ CVE-2011-1147 RESERVED CVE-2011-1146 [libvirt: several API calls do not honour read-only connection] - TODO: check (bug #617773) + - libvirt <unfixed> (low; bug #617773) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=683650 CVE-2011-1145 [buffer overflow in unixODBC''s SQLDriverConnect()] - unixodbc <unfixed> (low; bug #617655) - [lenny] - unixodbc <no-dsa> (Minor issue) - [squeeze] - unixodbc <no-dsa> (Minor issue) NOTE: http://seclists.org/oss-sec/2011/q1/446 CVE-2011-1144 (The installer in PEAR 1.9.2 and earlier allows local users to ...) TODO: apparenty not in Debian. Raphael, can you confirm?