[Secure-testing-commits] r12531 - data/CVE

Nico Golde nion at alioth.debian.org
Sun Aug 9 13:56:23 UTC 2009


Author: nion
Date: 2009-08-09 13:56:23 +0000 (Sun, 09 Aug 2009)
New Revision: 12531

Modified:
   data/CVE/list
Log:
add todos for new items, please do that as well next time

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-08-09 13:55:11 UTC (rev 12530)
+++ data/CVE/list	2009-08-09 13:56:23 UTC (rev 12531)
@@ -4,11 +4,13 @@
 	- rubygems <not-affected>
 	NOTE: debian's version installs gems packages to /var/lib/gems,
 	NOTE: so no opportunity to overwrite system files
+	TODO: request CVE id
 CVE-2009-XXXX [bugzilla: unauthorized bug modification]
 	- bugzilla 3.2.4-1 (low)
 	[etch] - bugzilla <no-dsa> (minor issue)
 	[lenny] - bugzilla <no-dsa> (minor issue)
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=495257
+	TODO: request CVE id
 CVE-2009-XXXX [groff: insecure usage of gs]
 	- groff <unfixed> (low; bug #538338)
 	[etch] - groff <no-dsa> (minor issue)
@@ -22,12 +24,15 @@
 CVE-2009-XXXX [netbase: wireless key logged]
 	- netbase <unfixed> (low; bug #540608)
 	TODO: follow-up with maintainer to find out if debian's version is affected or not
+	TODO: request CVE id
 CVE-2009-XXXX [apache2: only first 8 characters used to validate password]
 	- apache2 <unfixed> (low; bug #539246)
 CVE-2009-XXXX [gnudips: remote priviledge escalation]
 	- gnudips <unfixed> (medium; bug #539452)
+	TODO: request CVE id
 CVE-2009-XXXX [xscreensaver: local screen lock bypassable via low resolution video devices]
 	- xscreensaver <unfixed> (low; bug #539699)
+	TODO: request CVE id
 CVE-2009-XXXX [php5: remote information disclosure]
 	- php5 <unfixed> (medium; bug #540605)
 	TODO: determine affected versions
@@ -45,6 +50,7 @@
 CVE-2009-XXXX [linux-2.6: md raid null pointer dereference (when sysfs available)]
 	- linux-2.6 <unfixed> (medium)
 	- linux-2.6.24 <removed>
+	NOTE: CVE id requested on oss-sec
 CVE-2009-2710
 	RESERVED
 CVE-2009-2709




More information about the Secure-testing-commits mailing list