[Secure-testing-commits] r13471 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Mon Dec 7 02:24:37 UTC 2009


Author: gilbert-guest
Date: 2009-12-07 02:24:37 +0000 (Mon, 07 Dec 2009)
New Revision: 13471

Modified:
   data/CVE/list
Log:
info for xen and apache issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-12-07 00:40:51 UTC (rev 13470)
+++ data/CVE/list	2009-12-07 02:24:37 UTC (rev 13471)
@@ -22324,7 +22324,7 @@
 CVE-2008-2364 (The ap_proxy_http_process_response function in mod_proxy_http.c in the ...)
 	- apache2 2.2.9-1 (low)
 	[etch] - apache2 2.2.3-4+etch6
-	TODO: check apache 1.3
+	- apache <not-affected> (vulnerable code not present)
 CVE-2008-2363 (The PartsBatch class in Pan 0.132 and earlier does not properly manage ...)
 	- pan 0.132-3.1 (bug #483562)
 	[etch] - pan <not-affected> (Vulnerable code not added until 0.130)
@@ -23269,7 +23269,7 @@
 CVE-2008-1952 (The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in ...)
 	- xen-3 3.2.1-2 (medium; bug #487095)
 	- xen-unstable <not-affected> (Vulnerable code not present, introduced in changeset 17630)
-	TODO: check that next upload includes changes until changeset 17643 or higher
+	NOTE: vulnerable code no longer present as of xen 3.4 (xenfb.c has been removed)
 CVE-2008-1951 (Untrusted search path vulnerability in a certain Red Hat build script ...)
 	NOT-FOR-US: Red Hat issue
 CVE-2008-1950 (Integer signedness error in the _gnutls_ciphertext2compressed function ...)




More information about the Secure-testing-commits mailing list