[Secure-testing-commits] r9229 - data/CVE

[white at alioth.debian.org]

Author: white
Date: 2008-07-04 13:41:10 +0000 (Fri, 04 Jul 2008)
New Revision: 9229

Modified:
   data/CVE/list
Log:
Two remaining pidgin issues of low severity

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-07-04 12:56:29 UTC (rev 9228)
+++ data/CVE/list	2008-07-04 13:41:10 UTC (rev 9229)
@@ -11,10 +11,11 @@
 CVE-2008-2955 [denial of service via crafted long file name]
 	- pidgin 2.4.3-1 (bug #488632)
 CVE-2008-2956 [denial of service via malformed XML documents]
-	- pidgin 2.4.3-1 (low; bug #488632)
+	- pidgin <unfixed> (low; bug #488632)
 	NOTE: jabber servers should not forward malformed XML
 CVE-2008-2957 [arabitrary file download trigger in piding via UDP pakcet]
-	- pidgin 2.4.3-1 (bug #488632)
+	- pidgin <unfixed> (low; bug #488632)
+	NOTE: probably only a bandwidth issue
 CVE-2008-2942 [missing input validation]
 	- mercurial 1.0.1-2 (low; bug #488628)
 	[etch] - mercurial <not-affected> (Vulnerable functionality not present)