[Secure-testing-commits] r13485 - data/CVE

[Moritz Muehlenhoff]

Author: jmm-guest
Date: 2009-12-07 23:07:04 +0000 (Mon, 07 Dec 2009)
New Revision: 13485

Modified:
   data/CVE/list
Log:
- asterisk, kernel fixed
- destar removed from unstable


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-12-07 23:00:12 UTC (rev 13484)
+++ data/CVE/list	2009-12-07 23:07:04 UTC (rev 13485)
@@ -328,7 +328,7 @@
 CVE-2009-4056 (Directory traversal vulnerability in admin/popup.php in Betsy CMS 3.5 ...)
 	NOT-FOR-US: Betsy CMS
 CVE-2009-4055 (rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before ...)
-	- asterisk <unfixed> (bug filed)
+	- asterisk 1:1.6.2.0~rc7-1 (bug #559103)
 CVE-2009-4054
 	REJECTED
 	NOT-FOR-US: Microsoft Internet Explorer
@@ -397,11 +397,11 @@
 CVE-2009-4028 (The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x ...)
 	TODO: check
 CVE-2009-4027 (Race condition in the mac80211 subsystem in the Linux kernel before ...)
-	- linux-2.6 <unfixed> (medium)
+	- linux-2.6 2.6.32-1 (medium)
 	[etch] - linux-2.6 <not-affected> (introduced in 2.6.26)
 	- linux-2.6.24 <not-affected> (introduced in 2.6.26)
 CVE-2009-4026 (The mac80211 subsystem in the Linux kernel before ...)
-	- linux-2.6 <unfixed> (medium)
+	- linux-2.6 2.6.32-1 (medium)
 	[etch] - linux-2.6 <not-affected> (introduced in 2.6.30)
 	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.30)
 	- linux-2.6.24 <not-affected> (introduced in 2.6.30)
@@ -9645,7 +9645,7 @@
 CVE-2008-6540 (DotNetNuke before 4.8.2, during installation or upgrade, does not warn ...)
 	NOT-FOR-US: DotNetNuke 
 CVE-2008-6539 (Static code injection vulnerability in user/settings/ in DeStar ...)
-	- destar <unfixed> (bug #522123)
+	- destar <removed> (bug #522123)
 CVE-2008-6538 (DeStar 0.2.2-5 allows remote attackers to add arbitrary users via a ...)
 	- destar <not-affected> (bug #522123)
 	NOTE: we include a default configuration user which can be changed with instructions in README.Debian