[Secure-testing-commits] r11456 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Sat Mar 21 12:26:39 UTC 2009


Author: jmm-guest
Date: 2009-03-21 12:26:39 +0000 (Sat, 21 Mar 2009)
New Revision: 11456

Modified:
   data/CVE/list
Log:
- track one kernel issue as not affecting Lenny
- pam issue will be fixed in stable update, mark as no-dsa until then
- cups bug (hardly a security issue) no-dsa, can be fixed along with
  potential upcoming cups issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-03-21 09:14:15 UTC (rev 11455)
+++ data/CVE/list	2009-03-21 12:26:39 UTC (rev 11456)
@@ -255,6 +255,7 @@
 CVE-2009-0935 (The inotify_read function in the Linux kernel 2.6.27 to 2.6.27.13, ...)
 	- linux-2.6 <unfixed> (low)
 	[etch] - linux-2.6 <not-affected> (Vulnerability was introduced in 2.6.27-rc9)
+	[lenny] - linux-2.6 <not-affected> (Vulnerability was introduced in 2.6.27-rc9)
 	- linux-2.6.24 <not-affected> (Vulnerability was introduced in 2.6.27-rc9)
 CVE-2009-0934 (Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 ...)
 	TODO: check
@@ -370,6 +371,8 @@
 	RESERVED
 CVE-2009-0887 (Integer signedness error in the _pam_StrTok function in ...)
 	- pam <unfixed> (low; bug #520115)
+	[etch] - pam <no-dsa> (Minor issue)
+	[lenny] - pam <no-dsa> (Minor issue)
 	TODO: add after r1 [lenny] - pam 1.0.1-5+lenny1
 	TODO: add after r8 [etch] - pam 0.79-5+etch1
 CVE-2009-0886 (Directory traversal vulnerability in login.php in OneOrZero Helpdesk ...)
@@ -5529,6 +5532,7 @@
 	NOT-FOR-US: ipnat
 CVE-2008-5183 (cupsd in CUPS 1.3.9 and earlier allows local users, and possibly ...)
 	- cups 1.3.9-13 (low; bug #506180)
+	[lenny] - cups <no-dsa> (Minor issue)
 	[etch] - cupsys <not-affected> (RSS subscription code not yet present)
 CVE-2008-5297 (Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote HTTP ...)
 	{DSA-1686-1}




More information about the Secure-testing-commits mailing list