[Secure-testing-commits] r10049 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Thu Oct 9 16:11:21 UTC 2008
Author: jmm-guest
Date: 2008-10-09 16:11:20 +0000 (Thu, 09 Oct 2008)
New Revision: 10049
Modified:
data/CVE/list
Log:
one NFU confirmed by Russ Allbery
two kernel issues fixed in sid
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-10-09 15:30:29 UTC (rev 10048)
+++ data/CVE/list 2008-10-09 16:11:20 UTC (rev 10049)
@@ -141,7 +141,7 @@
CVE-2008-4411
RESERVED
CVE-2008-4410 (The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in the ...)
- - linux-2.6 <unfixed>
+ - linux-2.6 2.6.26-8
CVE-2008-4409 (libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities ...)
- libxml2 <not-affected> (Vulnerable code not present, introduced in 2.7.0)
TODO: check again if >= 2.7 gets uploaded
@@ -1584,7 +1584,7 @@
CVE-2008-3826
RESERVED
CVE-2008-3825 (pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when ...)
- TODO: check
+ NOT-FOR-US: Different code base than Debian's libpam-krb5
CVE-2008-3824 (Cross-site scripting (XSS) vulnerability in (1) ...)
{DTSA-165-1}
- horde3 3.2.2+debian0-1 (low; bug #499579)
@@ -7028,7 +7028,7 @@
[sarge] - otrs <not-affected> (Vulnerable code not present)
NOTE: http://packages.qa.debian.org/o/otrs2/news/20080320T211729Z.html
CVE-2008-1514 (arch/s390/kernel/ptrace.c in Linux kernel 2.6.9, and other versions ...)
- - linux-2.6 <unfixed>
+ - linux-2.6 2.6.26-8
NOTE: s390 specific issue, counterpart for x86 not reproducible with 2.6.24 here
CVE-2008-1513 (SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and ...)
NOT-FOR-US: Danneo CMS
More information about the Secure-testing-commits
mailing list