[Secure-testing-commits] r11563 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Sun Apr 5 08:23:57 UTC 2009 

Author: jmm-guest
Date: 2009-04-05 08:23:56 +0000 (Sun, 05 Apr 2009)
New Revision: 11563

Modified:
   data/CVE/list
Log:
- kernel updates
- puppetmaster not related to puppet, Micah looked into it


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-04-04 09:57:16 UTC (rev 11562)
+++ data/CVE/list	2009-04-05 08:23:56 UTC (rev 11563)
@@ -359,11 +359,11 @@
 CVE-2008-6558 (Untrusted search path vulnerability in (1) hvdisp and (2) rcvm in ...)
 	NOT-FOR-US: SCO UnixWare
 CVE-2008-6557 (cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote ...)
-	TODO: check, whether it's related to puppetmaster from puppet
+	NOT-FOR-US: Puppet Master WebUtit, different than puppetmaster from puppet
 CVE-2008-6556 (cgi-bin/webutil.pl in The Puppet Master WebUtil 2.3 allows remote ...)
-	TODO: check, whether it's related to puppetmaster from puppet
+	NOT-FOR-US: Puppet Master WebUtit, different than puppetmaster from puppet
 CVE-2008-6555 (cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote ...)
-	TODO: check, whether it's related to puppetmaster from puppet
+	NOT-FOR-US: Puppet Master WebUtit, different than puppetmaster from puppet
 CVE-2008-6554 (cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 ...)
 	NOT-FOR-US: Aztech router
 CVE-2008-6553 (microcms-admin-home.php in Implied by Design Micro CMS (Micro-CMS) 3.5 ...)
@@ -567,7 +567,8 @@
 	- nss-ldapd 0.6.8
 CVE-2009-1072 (nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD ...)
 	- linux-2.6 2.6.29-1
-	- linux-2.6.24 <unfixed>
+	[etch] - linux-2.6 <not-affected> (Issue was introduced after 2.6.24 release)
+	- linux-2.6.24 <not-affected> (Issue was introduced after 2.6.24 release)
 CVE-2009-0934 (Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 ...)
 	- ejabberd <unfixed> (bug #520852)
 	TODO: check version in old/stable
@@ -1262,6 +1263,7 @@
 	- dash <not-affected> (Debian uses upstream's patch to implement -l)
 CVE-2009-0835 (The __secure_computing function in kernel/seccomp.c in the seccomp ...)
 	- linux-2.6 <unfixed> (low)
+	[etch] - linux-2.6 <not-affected> (Not enabled in 2.6.18)
 	- linux-2.6.24 <unfixed> (unimportant)
 	NOTE: CONFIG_SECCOMP has only been enabled in 2.6.26
 CVE-2009-0834 (The audit_syscall_entry function in the Linux kernel 2.6.28.7 and ...)
@@ -4924,7 +4926,7 @@
 	- linux-2.6 <unfixed> (medium)
 	- linux-2.6.24 <removed>
 CVE-2009-0028 (The clone system call in the Linux kernel 2.6.28 and earlier allows ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.29-1
 	- linux-2.6.24 <unfixed>
 CVE-2009-0027 (The request handler in JBossWS in JBoss Enterprise Application ...)
 	TODO: check

More information about the Secure-testing-commits mailing list