[Secure-testing-commits] r13668 - data/CVE

Giuseppe Iuculano derevko-guest at alioth.debian.org
Mon Dec 28 09:48:05 UTC 2009 

Author: derevko-guest
Date: 2009-12-28 09:48:04 +0000 (Mon, 28 Dec 2009)
New Revision: 13668

Modified:
   data/CVE/list
Log:
kvm and xen-tools removed

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-12-27 22:25:37 UTC (rev 13667)
+++ data/CVE/list	2009-12-28 09:48:04 UTC (rev 13668)
@@ -29,6 +29,8 @@
 CVE-2009-4411 (The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when ...)
 	- acl <unfixed> (low; bug #499076)
 	[etch] - acl <not-affected> (Vulnerable code not present)
+	NOTE: bug was closed but the fix seems incomplete
+	NOTE: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499076#51
 CVE-2009-4409 (The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP ...)
 	NOT-FOR-US: Internet Initiative Japan SEIL/B1 firmware
 CVE-2009-4408 (Multiple cross-site scripting (XSS) vulnerabilities in models.parser ...)
@@ -1141,7 +1143,7 @@
 	- linux-2.6 <unfixed> (low)
 	[etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25)
 	- linux-2.6.24 <not-affected> (kvm introduced in 2.6.25)
-	- kvm <unfixed> (low; bug #562075)
+	- kvm <removed> (low; bug #562075)
 CVE-2009-4030 (MySQL 5.1.x before 5.1.41 allows local users to bypass certain ...)
 	- mysql-dfsg-5.1 5.1.41-1
 	- mysql-dfsg-5.0 <removed>
@@ -2320,7 +2322,7 @@
 	[etch] - linux-2.6 <not-affected> (introduced in 2.6.25)
 	NOTE: fixed in upstream 2.6.32-rc4
 	- linux-2.6.24 <not-affected> (introduced in 2.6.25)
-	- kvm <unfixed> (medium; bug #562076)
+	- kvm <removed> (medium; bug #562076)
 CVE-2009-3637 [alien-arena remote arbitrary code execution]
 	RESERVED
 	- alien-arena <unfixed> (high; bug #552038)
@@ -2398,7 +2400,7 @@
 	- qemu 0.11.0-1 (medium; bug #553589)
 	[lenny] - qemu <not-affected> (Vulnerable code not present)
 	[etch] - qemu <not-affected> (Vulnerable code not present)
-	- kvm <unfixed> (medium; bug #553590)
+	- kvm <removed> (medium; bug #553590)
 	[lenny] - kvm <not-affected> (Vulnerable code not present)
 CVE-2009-3615 (The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and ...)
 	{DSA-1932-1}
@@ -2921,7 +2923,7 @@
 	NOTE: https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240
 	NOTE: https://roundup.ffmpeg.org/roundup/ffmpeg/issue1245
 CVE-2009-XXXX [xen-tools: world readable disk image files]
-	- xen-tools <unfixed> (low; bug #548909)
+	- xen-tools <removed> (low; bug #548909)
 	[lenny] - xen-tools <no-dsa> (Minor issue)
 	TODO: request CVE id
 	NOTE: Maintainer will look into an update for stable

More information about the Secure-testing-commits mailing list