Author: jmm Date: 2011-03-16 07:27:34 +0000 (Wed, 16 Mar 2011) New Revision: 16386 Modified: data/CVE/list Log: libvirt fixed krb5 no-dsa as discussed with maintainer Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-03-15 21:14:56 UTC (rev 16385) +++ data/CVE/list 2011-03-16 07:27:34 UTC (rev 16386) @@ -605,7 +605,7 @@ TODO: check vuln versions CVE-2011-1146 [libvirt: several API calls do not honour read-only connection] RESERVED - - libvirt <unfixed> (low; bug #617773) + - libvirt 0.8.8-3 (low; bug #617773) [lenny] - libvirt <not-affected> (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=683650 CVE-2011-1145 [buffer overflow in unixODBC''s SQLDriverConnect()] @@ -3017,7 +3017,9 @@ RESERVED CVE-2011-0284 [krb5 kdc double-free] RESERVED - - krb5 <unfixed> (bug #618517) + - krb5 <unfixed> (low; bug #618517) + [squeeze] - krb5 <no-dsa> (Will be fixed through a point update) + [lenny] - krb5 <no-dsa> (Will be fixed through a point update) CVE-2011-0283 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 ...) - krb5 <not-affected> (Only affects 1.9.x) [squeeze] - krb5 <no-dsa> (minor issue)