[Secure-testing-commits] r13536 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Sun Dec 13 01:52:09 UTC 2009 

Author: gilbert-guest
Date: 2009-12-13 01:52:08 +0000 (Sun, 13 Dec 2009)
New Revision: 13536

Modified:
   data/CVE/list
Log:
coreutils, alien-arena, expat, and qutecom issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-12-13 01:32:33 UTC (rev 13535)
+++ data/CVE/list	2009-12-13 01:52:08 UTC (rev 13536)
@@ -355,10 +355,8 @@
 	RESERVED
 CVE-2009-4135 [distcheck insecure temp dirs handling]
 	RESERVED
-	- coreutils <unfixed>
-	TODO: check
+	- coreutils <not-affected> (this issue only affects the coreutils build process; bug #560898)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=545439
-	NOTE: does it really look like an issue affecting coreutils at build time?
 CVE-2009-4134
 	RESERVED
 CVE-2009-4133
@@ -1692,9 +1690,9 @@
 	NOTE: fixed in upstream 2.6.32-rc4
 	- linux-2.6.24 <not-affected> (introduced in 2.6.25)
 	- kvm <unfixed> (medium)
-CVE-2009-3637 [alien-arena server issue]
+CVE-2009-3637 [alien-arena remote arbitrary code execution]
 	RESERVED
-	- alien-arena <unfixed> (bug #552038)
+	- alien-arena <unfixed> (high; bug #552038)
 	[lenny] - alien-arena <no-dsa> (Contrib not supported)
 CVE-2009-3636 (Cross-site scripting (XSS) vulnerability in the Install Tool ...)
 	{DSA-1926-1}
@@ -1936,8 +1934,7 @@
 CVE-2009-3561 (Directory traversal vulnerability in Xerver HTTP Server 4.32 allows ...)
 	NOT-FOR-US: Xerver HTTP Server
 CVE-2009-3560 (The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...)
-	- expat <unfixed>
-	TODO: check
+	- expat <unfixed> (low; bug #560901)
 CVE-2009-3559 (** DISPUTED ** ...)
 	- php5 <unfixed> (unimportant)
 	NOTE: safe_mode regression
@@ -16829,7 +16826,7 @@
 	- kadu 0.6.0.2-3 (low; bug #504429)
 	- ekg 1:1.8~rc0-1 (low)
 	- centerim <unfixed> (low; bug #559782)
-	- qutecom <unfixed> (low; bug #559784)
+	- qutecom <not-affected> (does not use libgadu embed; bug #559784)
 CVE-2008-4769 (Directory traversal vulnerability in the get_category_template ...)
 	{DSA-1871-2 DSA-1871-1}
 	- wordpress 2.5.1-1

More information about the Secure-testing-commits mailing list