[Secure-testing-commits] r6859 - in data: CVE DSA

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Mon Oct 8 07:50:07 UTC 2007 

Author: jmm-guest
Date: 2007-10-08 07:50:06 +0000 (Mon, 08 Oct 2007)
New Revision: 6859

Modified:
   data/CVE/list
   data/DSA/list
Log:
new xen DSA
track xen-3.1


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-10-07 21:14:07 UTC (rev 6858)
+++ data/CVE/list	2007-10-08 07:50:06 UTC (rev 6859)
@@ -65,7 +65,7 @@
 	RESERVED
 CVE-2007-5191 (mount and umount in util-linux call the setuid and setgid functions in ...)
 	{DTSA-64-1}
-	- util-linux 2.13-8 (high)
+	- util-linux 2.13-8 (low)
 CVE-2007-5190
 	RESERVED
 CVE-2007-5189 (Multiple SQL injection vulnerabilities in mes_add.php in x-script ...)
@@ -509,8 +509,8 @@
 CVE-2007-4994
 	RESERVED
 CVE-2007-4993 (pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a ...)
+	- xen-3.1 <unfixed> (medium; bug #444430)
 	- xen-3.0 <removed>
-	[etch] - xen-3.0 <unfixed> (medium; bug #444430)
 CVE-2007-4992
 	RESERVED
 CVE-2007-4991 (The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) ...)
@@ -9154,8 +9154,8 @@
 CVE-2007-1320 (Multiple heap-based buffer overflows in the cirrus_invalidate_region ...)
 	{DSA-1284-1 DTSA-38-1}
 	- qemu 0.9.0-2 (bug #424070)
+	- xen-3.1 <unfixed> (bug #444007; medium)
 	- xen-3.0 <removed>
-	[etch] - xen-3.0 <unfixed> (bug #444007; medium)
 CVE-2007-1319 (Unspecified vulnerability in the IOPCServer::RemoveGroup function in ...)
 	NOT-FOR-US: DeviceXPlorer OLE
 CVE-2007-1318
@@ -10200,8 +10200,9 @@
 CVE-2007-0999 (Format string vulnerability in Ekiga 2.0.3, and probably other ...)
 	- ekiga 2.0.3-5 (bug #414069; high)
 CVE-2007-0998 (The VNC server implementation in QEMU, as used by Xen and possibly ...)
-	- xen-3.0 <removed>
-	[etch] - xen-3.0 <unfixed> (bug #436250; medium)
+	TODO: Check xen-3.1
+	- xen-3.0 <removed> (bug #436250; medium)
+	[etch] - xen-3.0 <unfixed>
 	NOTE: Fedora disabled the VNC access to the Qemu monitor
 	NOTE: An adjusted patch has been sent to the debian bugreport
 CVE-2007-0997 (Race condition in the tee (sys_tee) system call in the Linux kernel ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2007-10-07 21:14:07 UTC (rev 6858)
+++ data/DSA/list	2007-10-08 07:50:06 UTC (rev 6859)
@@ -1,3 +1,6 @@
+[05 Oct 2007] DSA-1384-1 xen-3.0
+	{CVE-2007-4993 CVE-2007-1320}
+	[etch] - xen-3.0 3.0.3-0-3
 [04 Oct 2007] DSA-1383-1 gforge - cross-site scripting
 	{CVE-2007-3918}
 	[sarge] - gforge 3.1-31sarge3

More information about the Secure-testing-commits mailing list