[Secure-testing-commits] r13605 - data/CVE

Joey Hess joeyh at alioth.debian.org
Sat Dec 19 21:14:17 UTC 2009


Author: joeyh
Date: 2009-12-19 21:14:16 +0000 (Sat, 19 Dec 2009)
New Revision: 13605

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-12-19 20:30:41 UTC (rev 13604)
+++ data/CVE/list	2009-12-19 21:14:16 UTC (rev 13605)
@@ -356,6 +356,7 @@
 	NOTE: cve requested
 CVE-2009-4261 [ganeti command execution]
 	RESERVED
+	{DSA-1959-1}
 	- ganeti 2.0.5-1 (low)
 	NOTE: http://www.ocert.org/advisories/ocert-2009-019.html
 CVE-2009-4260
@@ -409,6 +410,7 @@
 CVE-2009-4236 (The process function in ...)
 	NOT-FOR-US: EC-CUBE
 CVE-2009-4235 (acpid 1.0.4 sets an unrestrictive umask, which might allow local users ...)
+	{DSA-1960-1}
 	- acpid 1.0.6 (low; bug #560771)
 	NOTE: all versions set umask(0), might be worth double-checking what it opens
 CVE-2009-4234 (Cross-site scripting (XSS) vulnerability in ...)
@@ -1711,7 +1713,7 @@
 	[lenny] - openmpi <no-dsa> (Minor issue)
 	[etch] - openmpi <no-dsa> (Minor issue)
 	- parser <unfixed> (unimportant; bug #559837)
-        NOTE: users with write access can modify configuration to load new extensions, see #559837
+	NOTE: users with write access can modify configuration to load new extensions, see #559837
 	- pdsh <not-affected> (Only loads from /usr/lib/pdsh, which is controlled by root)
 	- sbnc <not-affected> (All released/unstable versions use the system copy of libtool)
 	- sdcc <unfixed> (low; bug #559840)




More information about the Secure-testing-commits mailing list