[Secure-testing-commits] r12220 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Mon Jun 29 09:15:56 UTC 2009 

Author: jmm-guest
Date: 2009-06-29 09:15:55 +0000 (Mon, 29 Jun 2009)
New Revision: 12220

Modified:
   data/CVE/list
Log:
fixes from stable point update


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-06-29 08:57:24 UTC (rev 12219)
+++ data/CVE/list	2009-06-29 09:15:55 UTC (rev 12220)
@@ -54,6 +54,8 @@
 	- kfreebsd-7 7.2-2
 	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
 	NOTE: http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
+CVE-2009-XXXX [Tor: Avoid crashing in the presence of certain malformed descriptors]
+	- tor 0.2.0.35-1
 CVE-2009-2207
 	RESERVED
 CVE-2009-2206
@@ -621,7 +623,7 @@
 	NOTE: exploitability limited, DoS rather obscure attack scenario
 CVE-2009-1956 (Off-by-one error in the apr_brigade_vprintf function in Apache ...)
 	- apr-util 1.3.7+dfsg-1 (low)
-	TODO: next point release: [lenny] - apr-util 1.2.12+dfsg-8+lenny3
+	[lenny] - apr-util 1.2.12+dfsg-8+lenny3
 CVE-2009-1955 (The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in ...)
 	{DSA-1812-1}
 	- apr-util 1.3.7+dfsg-1 (medium)
@@ -2099,8 +2101,7 @@
 	- chromium-browser <itp> (bug #520324)
 CVE-2009-XXXX [iodine: DoS against iodined triggerable by authenticated users]
 	- iodine <unfixed> (low)
-	[lenny] - iodine <no-dsa> (Maintainer will fix it in next stable point update)
-	TODO: next point release: [lenny] - iodine 0.4.2-2~lenny1 
+	[lenny] - iodine 0.4.2-2~lenny1 
 CVE-2009-XXXX [ntop: access.log permissions]
 	- ntop <not-affected> (fedora-specific configuration issue; debian package not affected)
 	NOTE: bug #524801 (http://bugs.debian.org/524801)
@@ -3666,8 +3667,7 @@
 	NOT-FOR-US: Apple Safari
 CVE-2009-1041 (The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1, and 7.2 ...)
 	- kfreebsd-7 7.1-3
-	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
-	TODO: lenny r02 [lenny] - kfreebsd-7 7.0-7lenny1
+	[lenny] - kfreebsd-7 7.0-7lenny1
 CVE-2008-6511 (Open redirect vulnerability in login.jsp in Openfire 3.6.0a and ...)
 	NOT-FOR-US: Openfire
 CVE-2008-6510 (Cross-site scripting (XSS) vulnerability in login.jsp in the Admin ...)
@@ -9320,8 +9320,7 @@
 	- kfreebsd-6 <unfixed>
 	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
 	- kfreebsd-7 7.1-1
-	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
-	TODO: lenny r02 [lenny] - kfreebsd-7 7.0-7lenny1
+	[lenny] - kfreebsd-7 7.0-7lenny1
 CVE-2008-5161 (Error handling in the SSH protocol in (1) SSH Tectia Client and Server ...)
 	- openssh <unfixed> (low; bug #506115)
 	[etch] - openssh <no-dsa> (Minor issue, see http://www.openssh.org/txt/cbc.adv)

More information about the Secure-testing-commits mailing list