[Secure-testing-commits] r13605 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Sat Dec 19 21:14:17 UTC 2009
Author: joeyh
Date: 2009-12-19 21:14:16 +0000 (Sat, 19 Dec 2009)
New Revision: 13605
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-12-19 20:30:41 UTC (rev 13604)
+++ data/CVE/list 2009-12-19 21:14:16 UTC (rev 13605)
@@ -356,6 +356,7 @@
NOTE: cve requested
CVE-2009-4261 [ganeti command execution]
RESERVED
+ {DSA-1959-1}
- ganeti 2.0.5-1 (low)
NOTE: http://www.ocert.org/advisories/ocert-2009-019.html
CVE-2009-4260
@@ -409,6 +410,7 @@
CVE-2009-4236 (The process function in ...)
NOT-FOR-US: EC-CUBE
CVE-2009-4235 (acpid 1.0.4 sets an unrestrictive umask, which might allow local users ...)
+ {DSA-1960-1}
- acpid 1.0.6 (low; bug #560771)
NOTE: all versions set umask(0), might be worth double-checking what it opens
CVE-2009-4234 (Cross-site scripting (XSS) vulnerability in ...)
@@ -1711,7 +1713,7 @@
[lenny] - openmpi <no-dsa> (Minor issue)
[etch] - openmpi <no-dsa> (Minor issue)
- parser <unfixed> (unimportant; bug #559837)
- NOTE: users with write access can modify configuration to load new extensions, see #559837
+ NOTE: users with write access can modify configuration to load new extensions, see #559837
- pdsh <not-affected> (Only loads from /usr/lib/pdsh, which is controlled by root)
- sbnc <not-affected> (All released/unstable versions use the system copy of libtool)
- sdcc <unfixed> (low; bug #559840)
More information about the Secure-testing-commits
mailing list