Author: jmm Date: 2011-05-01 20:21:47 +0000 (Sun, 01 May 2011) New Revision: 16618 Modified: data/CVE/list Log: kvm update add spip DSA Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-05-01 16:51:52 UTC (rev 16617) +++ data/CVE/list 2011-05-01 20:21:47 UTC (rev 16618) @@ -1,3 +1,6 @@ +CVE-2011-XXXX [spip DoS] + - spip <unfixed> + [squeeze] - spip 2.1.1-3squeeze1 CVE-2011-1827 RESERVED CVE-2011-XXXX [Arbitrary command execution via sudo opcontrol] @@ -221,7 +224,8 @@ RESERVED CVE-2011-1750 [virtio-blk: heap buffer overflow caused by unaligned requests] RESERVED - TODO: check + - qemu-kvm <unfixed> (bug #624177) + - kvm <not-affected> (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=698906 CVE-2011-1749 [nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE] RESERVED @@ -5597,8 +5601,8 @@ NOT-FOR-US: SPICE Firefox plug-in CVE-2011-0011 [qemu-kvm: Setting VNC password to empty string silently disables all authentication] RESERVED - - qemu <unfixed> (unimportant; bug #611134) - - kvm <removed> (unimportant; bug #611134) + - qemu-kvm <unfixed> (low; bug #611134) + - kvm <not-affected> (Vulnerable code not present) NOTE: Harmless implementation bug, see discussion in #611134 CVE-2011-0010 (check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is ...) - sudo 1.7.4p4-6 (bug #609641)