[Secure-testing-commits] r10864 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Mon Jan 5 23:03:01 UTC 2009
Author: jmm-guest
Date: 2009-01-05 23:03:00 +0000 (Mon, 05 Jan 2009)
New Revision: 10864
Modified:
data/CVE/list
Log:
- new auctex issue
- one qemu issue fixed
- freebsd is in the archive
- nbci-tools fixed
- one old perl issue fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-01-05 22:56:33 UTC (rev 10863)
+++ data/CVE/list 2009-01-05 23:03:00 UTC (rev 10864)
@@ -1,3 +1,5 @@
+CVE-2008-XXXX [auctex insecure temp file]
+ - auctex 11.83-7.3 (bug #506961)
CVE-2008-5841
NOT-FOR-US: iGaming
CVE-2008-5840
@@ -211,7 +213,10 @@
CVE-2008-5737 (SQL injection vulnerability in index.php in Nodstrum MySQL Calendar ...)
NOT-FOR-US: Nodstrum MySQL Calendar
CVE-2008-5736 (Multiple unspecified vulnerabilities in FreeBSD 6 before 6.4-STABLE, ...)
- NOT-FOR-US: FreeBSD
+ - kfreebsd-6 <unfixed>
+ [lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
+ - kfreebsd-7 7.1-1
+ [lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
CVE-2008-5735 (Stack-based buffer overflow in skin.c in CoolPlayer 2.17 through 2.19 ...)
NOT-FOR-US: CoolPlayer
CVE-2008-5734 (Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp ...)
@@ -259,7 +264,7 @@
- iceweasel <unfixed> (unimportant)
NOTE: Browser crashes not treated as security issues
CVE-2008-5714 (Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for ...)
- - qemu <unfixed> (low; bug #509882)
+ - qemu 0.9.1-10 (low; bug #509882)
[etch] - qemu <not-affected> (Vulnerable code not present)
- kvm 82-1 (low; bug #509997)
CVE-2008-5713 (The __qdisc_run function in net/sched/sch_generic.c in the Linux ...)
@@ -1583,7 +1588,10 @@
CVE-2008-5163 (Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 ...)
NOT-FOR-US: The Rat CMS
CVE-2008-5162 (The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does ...)
- NOT-FOR-US: FreeBSD
+ - kfreebsd-6 <unfixed>
+ [lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
+ - kfreebsd-7 7.1-1
+ [lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
CVE-2008-5161 (Error handling in the SSH protocol in (1) SSH Tectia Client and Server ...)
- openssh <unfixed> (low; bug #506115)
[etch] - openssh <no-dsa> (minor issue)
@@ -1619,9 +1627,8 @@
- maildirsync <unfixed> (unimportant)
NOTE: unsafe code is in example script
CVE-2008-5149 (fwd_check.sh in libncbi6 6.1.20080302 allows local users to overwrite ...)
- - ncbi-tools6 <unfixed> (unimportant)
+ - ncbi-tools6 6.1.20080302-4 (unimportant)
NOTE: unsafe code is in example script
- NOTE: Fixed in experimental
CVE-2008-5148 (sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite ...)
- geda-gnetlist <unfixed> (unimportant)
NOTE: unsafe code is an example script
@@ -1772,8 +1779,6 @@
NOT-FOR-US: wrg_anotherbelogin extension for typo3
CVE-2008-5086 (Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a ...)
- libvirt 0.4.6-10
- TODO: check
- NOTE: Fixed in experimental
CVE-2008-5085
RESERVED
CVE-2008-5084
@@ -19359,6 +19364,7 @@
CVE-2007-4830 (Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in ...)
NOT-FOR-US: DirectAdmin
CVE-2007-4829 (Directory traversal vulnerability in the Archive::Tar Perl module 1.36 ...)
+ - perl 5.10.0-19
- libarchive-tar-perl 1.38-1 (low; bug #449544)
[sarge] - libarchive-tar-perl <no-dsa> (Minor issue)
[etch] - libarchive-tar-perl <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list