[Secure-testing-commits] r10869 - in data: CVE DSA

fw at alioth.debian.org fw at alioth.debian.org
Tue Jan 6 11:34:07 UTC 2009 

Author: fw
Date: 2009-01-06 11:34:06 +0000 (Tue, 06 Jan 2009)
New Revision: 10869

Modified:
   data/CVE/list
   data/DSA/list
Log:
clean up xterm issues

Old allowWindowOps issue never affected etch, even before DSA-1694-1.


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-01-06 11:26:58 UTC (rev 10868)
+++ data/CVE/list	2009-01-06 11:34:06 UTC (rev 10869)
@@ -67,8 +67,11 @@
 CVE-2008-5808 (Cross-site scripting (XSS) vulnerability in Six Apart Movable Type ...)
 	NOT-FOR-US: Six Apart Movable Type Enterprise
 CVE-2006-7236 (The default configuration of xterm on Debian GNU/Linux sid and ...)
-	{DSA-1694-1 DTSA-182-1}
+	{DTSA-182-1}
 	- xterm 238-1 (medium; bug #510030)
+	[etch] - xterm <not-affected> (allowWindowOps disabled in configuration)
+	NOTE: Somewhat mitigated by a filter for control characters in
+	NOTE: post-etch versions.
 CVE-2008-5807 (Multiple cross-site scripting (XSS) vulnerabilities in TestLink before ...)
 	NOT-FOR-US: TestLink
 CVE-2008-5806 (SQL injection vulnerability in login.php in DeltaScripts PHP ...)
@@ -8295,7 +8298,7 @@
 	RESERVED
 CVE-2008-2383 (CRLF injection vulnerability in xterm allows user-assisted attackers ...)
 	{DSA-1694-1 DTSA-182-1}
-	- xterm <unfixed> (medium; bug #510030)
+	- xterm 238-2 (medium; bug #510030)
 CVE-2008-2382 (The protocol_client_msg function in vnc.c in the VNC server in (1) ...)
 	- qemu 0.9.1-9
 	[etch] - qemu <not-affected> (Tested by maintainer)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2009-01-06 11:26:58 UTC (rev 10868)
+++ data/DSA/list	2009-01-06 11:34:06 UTC (rev 10869)
@@ -3,7 +3,7 @@
 	[etch] - ruby1.9 1.9.0+20060609-1etch4
 	[etch] - ruby1.8 1.8.5-4etch4
 [02 Jan 2009] DSA-1694-1 xterm - remote code execution
-	{CVE-2008-2383 CVE-2006-7236}
+	{CVE-2008-2383}
 	[etch] - xterm 222-1etch3
 [27 Dec 2008] DSA-1693-1 phppgadmin - several vulnerabilities
 	{CVE-2007-2865 CVE-2007-5728 CVE-2008-5587}

More information about the Secure-testing-commits mailing list