[Secure-testing-commits] r11446 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Thu Mar 19 22:31:44 UTC 2009
Author: jmm-guest
Date: 2009-03-19 22:31:44 +0000 (Thu, 19 Mar 2009)
New Revision: 11446
Modified:
data/CVE/list
Log:
- two new kernel issues
- iceweasel non-issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-03-19 21:14:15 UTC (rev 11445)
+++ data/CVE/list 2009-03-19 22:31:44 UTC (rev 11446)
@@ -425,9 +425,12 @@
CVE-2009-0854 (Untrusted search path vulnerability in dash 0.5.4, when used as a ...)
- dash <not-affected> (Debian uses upstream's patch to implement -l)
CVE-2009-0835 (The __secure_computing function in kernel/seccomp.c in the seccomp ...)
- TODO: check
+ - linux-2.6 <unfixed> (low)
+ - linux-2.6.24 <unfixed> (unimportant)
+ NOTE: CONFIG_SECCOMP has only been enabled in 2.6.26
CVE-2009-0834 (The audit_syscall_entry function in the Linux kernel 2.6.28.7 and ...)
- TODO: check
+ - linux-2.6 <unfixed> (low)
+ - linux-2.6.24 <unfixed> (low)
CVE-2009-0833 (Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 ...)
NOT-FOR-US: Winamp
CVE-2009-0832 (SQL injection vulnerability in items.php in the E-Cart module 1.3 for ...)
@@ -487,7 +490,8 @@
CVE-2008-6399 (Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows ...)
NOT-FOR-US: DotNetNuke
CVE-2009-0821 (Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause ...)
- TODO: check
+ - iceweasel <unfixed> (unimportant)
+ NOTE: Browser DoS not treated as security issues
CVE-2009-0820 (Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 ...)
NOT-FOR-US: phpScheduleIt
CVE-2009-0819 (sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 ...)
More information about the Secure-testing-commits
mailing list