[Secure-testing-commits] r7343 - data/CVE

[nion at alioth.debian.org]

Author: nion
Date: 2007-11-17 15:46:20 +0000 (Sat, 17 Nov 2007)
New Revision: 7343

Modified:
   data/CVE/list
Log:
new xen issues CVE-2007-5907/6


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-11-17 15:30:20 UTC (rev 7342)
+++ data/CVE/list	2007-11-17 15:46:20 UTC (rev 7343)
@@ -250,9 +250,11 @@
 	TODO: check
 	NOTE: how can a user specify clocksource name values?
 CVE-2007-5907 (Xen 3.1.1 does not prevent modification of the CR4 TSC from ...)
-	TODO: check
+	- xen-3 <unfixed> (medium; bug #451626)
+	- xen-3.0 <unfixed>
 CVE-2007-5906 (Xen 3.1.1 allows virtual guest system users to cause a denial of ...)
-	TODO: check
+	- xen-3 <unfixed> (medium; bug #451626)
+	- xen-3.0 <unfixed>
 CVE-2007-5905 (Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions ...)
 	NOT-FOR-US: Adobe ColdFusion
 CVE-2007-5904 (Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and ...)