[Secure-testing-commits] r12012 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Mon Jun 1 16:38:29 UTC 2009 

Author: jmm-guest
Date: 2009-06-01 16:38:29 +0000 (Mon, 01 Jun 2009)
New Revision: 12012

Modified:
   data/CVE/list
Log:
- new wireshark issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-06-01 14:41:52 UTC (rev 12011)
+++ data/CVE/list	2009-06-01 16:38:29 UTC (rev 12012)
@@ -1,3 +1,5 @@
+CVE-2009-1829 [wireshark PCNFSD DoS]
+	- wireshark <unfixed> (low)
 CVE-2009-1808 (Microsoft Windows XP SP3 allows local users to cause a denial of ...)
 	NOT-FOR-US: Microsoft
 CVE-2009-1807 (Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 ...)
@@ -688,13 +690,11 @@
 CVE-2009-1528
 	RESERVED
 CVE-2009-1527 (Race condition in the ptrace_attach function in kernel/ptrace.c in the ...)
-	- linux-2.6 <unfixed> (high)
+	- linux-2.6 2.6.29-5 (high)
 	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
 	NOTE: vulnerability introduced in commit d84f4f99, which has only been included in the kernel since 2.6.29
 	NOTE: However, d84f4f99 was introduced on 13th Nov 2008, so must've been included in 2.6.28 at least?
-	NOTE: it has been confirmed that an exploit in the wild is making use of this vulnerability
-	TODO: Verify exploit on earlier kernels
 CVE-2009-1526 (JBMC Software DirectAdmin before 1.334 allows local users to create or ...)
 	NOT-FOR-US: Directadmin
 CVE-2009-1525 (CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote ...)
@@ -27903,7 +27903,7 @@
 CVE-2007-4048 (Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo ...)
 	{DTSA-58-1}
 	- phpsysinfo 2.5.1-6.1 (unimportant; bug #435935)
-	- phpgroupware 0.9.16.012-1 (low; bug #435936)
+	- phpgroupware 0.9.16.012-1 (low; bug #435936; bug #472685)
 	[etch] - phpgroupware <not-affected> (Affected code is not used in phpgroupware)
 	- egroupware 1.2.107-2.dfsg-1.1 (low; bug #435937)
 	NOTE: phpsysinfo alone doesn't maintain any data, which makes this an issue

More information about the Secure-testing-commits mailing list