[Secure-testing-commits] r13471 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Mon Dec 7 02:24:37 UTC 2009
Author: gilbert-guest
Date: 2009-12-07 02:24:37 +0000 (Mon, 07 Dec 2009)
New Revision: 13471
Modified:
data/CVE/list
Log:
info for xen and apache issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-12-07 00:40:51 UTC (rev 13470)
+++ data/CVE/list 2009-12-07 02:24:37 UTC (rev 13471)
@@ -22324,7 +22324,7 @@
CVE-2008-2364 (The ap_proxy_http_process_response function in mod_proxy_http.c in the ...)
- apache2 2.2.9-1 (low)
[etch] - apache2 2.2.3-4+etch6
- TODO: check apache 1.3
+ - apache <not-affected> (vulnerable code not present)
CVE-2008-2363 (The PartsBatch class in Pan 0.132 and earlier does not properly manage ...)
- pan 0.132-3.1 (bug #483562)
[etch] - pan <not-affected> (Vulnerable code not added until 0.130)
@@ -23269,7 +23269,7 @@
CVE-2008-1952 (The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in ...)
- xen-3 3.2.1-2 (medium; bug #487095)
- xen-unstable <not-affected> (Vulnerable code not present, introduced in changeset 17630)
- TODO: check that next upload includes changes until changeset 17643 or higher
+ NOTE: vulnerable code no longer present as of xen 3.4 (xenfb.c has been removed)
CVE-2008-1951 (Untrusted search path vulnerability in a certain Red Hat build script ...)
NOT-FOR-US: Red Hat issue
CVE-2008-1950 (Integer signedness error in the _gnutls_ciphertext2compressed function ...)
More information about the Secure-testing-commits
mailing list