[Secure-testing-commits] r12404 - data/CVE

[Nico Golde]

Author: nion
Date: 2009-07-24 18:46:19 +0000 (Fri, 24 Jul 2009)
New Revision: 12404

Modified:
   data/CVE/list
Log:
- new kernel issue (CVE-2009-2584) - not even fixed in git
- CVE-2009-2569 doesn't affect verlihub but only the php based web frontent which isn't in debian
- CVE-2009-1273 fixed in libpam-ssh 1.92-7


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-07-24 18:02:12 UTC (rev 12403)
+++ data/CVE/list	2009-07-24 18:46:19 UTC (rev 12404)
@@ -1,5 +1,6 @@
 CVE-2009-2584 (Off-by-one error in the options_write function in ...)
-	TODO: check
+	- linux-2.6 <unfixed> (low)
+	- linux-2.6.24 <removed>
 CVE-2009-2583 (Multiple session fixation vulnerabilities in IBM Tivoli Identity ...)
 	NOT-FOR-US: IBM Tivoli
 CVE-2009-2582 (Stack-based buffer overflow in manager.exe in Akamai Download Manager ...)
@@ -29,7 +30,8 @@
 CVE-2009-2570 (Stack-based buffer overflow in the Symantec.FaxViewerControl.1 ActiveX ...)
 	NOT-FOR-US: Symantec WinFax Pro
 CVE-2009-2569 (Multiple cross-site scripting (XSS) vulnerabilities in Verlihub ...)
-	NOT-FOR-US: vhcp
+	- verlihub <unfixed> (low; bug #538234)
+	NOTE: http://packetstorm.linuxsecurity.com/0905-exploits/verlihub-xss.txt
 CVE-2009-2568 (Stack-based buffer overflow in Sorinara Streaming Audio Player (SAP) ...)
 	NOT-FOR-US: Sorinara Streaming Audio Player
 CVE-2009-2567 (SQL injection vulnerability in the Almond Classifieds (com_aclassf) ...)
@@ -3646,7 +3648,7 @@
 CVE-2007-6726 (Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and ...)
 	NOT-FOR-US: Dojo
 CVE-2009-1273 (pam_ssh 1.92 and possibly other versions, as used when PAM is compiled ...)
-	- libpam-ssh <unfixed> (low; bug #535877)
+	- libpam-ssh 1.92-7 (low; bug #535877)
 CVE-2009-1272 (The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x ...)
 	{DTSA-188-1}
 	- php5 5.2.6.dfsg.1-3