[Secure-testing-commits] r10810 - data/CVE
thijs at alioth.debian.org
thijs at alioth.debian.org
Sat Dec 27 12:44:05 UTC 2008
Author: thijs
Date: 2008-12-27 12:44:04 +0000 (Sat, 27 Dec 2008)
New Revision: 10810
Modified:
data/CVE/list
Log:
xen issue is only relevant when wrongly fixing an earlier issue.
new qemu issue, not in etch, borders on unimportant imo
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-12-27 11:55:05 UTC (rev 10809)
+++ data/CVE/list 2008-12-27 12:44:04 UTC (rev 10810)
@@ -1,9 +1,13 @@
CVE-2008-5716 (xend in Xen 3.3.0 does not properly restrict a guest VM's write access ...)
- TODO: check
+ - xen-3 <not-affected> (Vulnerable code never entered Debian)
+ - xen-unstable <not-affected> (Vulnerable code never entered Debian)
+ NOTE: this issue was introduced as a fix to CVE-2008-4405, which has not
+ NOTE: yet been fixed in Debian
CVE-2008-5715 (Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to ...)
TODO: check
CVE-2008-5714 (Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for ...)
- TODO: check
+ - qemu <unfixed> (low; bug #509882)
+ [etch] - qemu <not-affected> (Vulnerable code not present)
CVE-2008-5713 (The __qdisc_run function in net/sched/sch_generic.c in the Linux ...)
TODO: check
CVE-2008-5712 (The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to ...)
@@ -3021,6 +3025,7 @@
CVE-2008-4405 (xend in Xen 3.0.3 does not properly limit the contents of the ...)
- xen-3 <unfixed> (bug #503811)
- xen-unstable <unfixed>
+ NOTE: a proposed patch leads to new problems, see CVE-2008-5716
CVE-2008-4404 (The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM ...)
NOT-FOR-US: IPv6 NDP on IBM zSeries
CVE-2008-4403 (The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before ...)
More information about the Secure-testing-commits
mailing list