[Secure-testing-commits] r11800 - data/CVE

[Moritz Muehlenhoff]

Author: jmm-guest
Date: 2009-05-05 19:37:42 +0000 (Tue, 05 May 2009)
New Revision: 11800

Modified:
   data/CVE/list
Log:
- new coccinelle issue
- memcached doesn't affect released versions
- new kernel issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-05-05 19:33:01 UTC (rev 11799)
+++ data/CVE/list	2009-05-05 19:37:42 UTC (rev 11800)
@@ -1,3 +1,5 @@
+CVE-2009-XXXX [unsafe temp file in coccinelle]
+	- coccinelle 0.1.7.deb-3 (low)
 CVE-2009-1519
 	NOT-FOR-US: Pecio CMS
 CVE-2009-1518
@@ -101,8 +103,9 @@
 	NOTE: http://jira.codehaus.org/browse/JETTY-1004 
 	NOTE: It's not entirely clear, whether version 5 is affected
 CVE-2009-1494 (The process_stat function in Memcached 1.2.8 discloses ...)
-	- memcached 1.2.8-1 (unimportant; bug #526554)
-	NOTE: no security issue by itself just hardening
+	- memcached 1.2.8-1 (low; bug #526554)
+	[lenny] - memcached <not-affected> (Affected compile-time options not set)
+	[etch] - memcached <not-affected> (Affected compile-time options not set)
 CVE-2009-1493 (The customDictionaryOpen spell method in the JavaScript API in Adobe ...)
 	NOT-FOR-US: Adobe Reader
 CVE-2009-1492 (The getAnnots Doc method in the JavaScript API in Adobe Reader and ...)
@@ -1268,8 +1271,12 @@
 CVE-2009-1185 (udev before 1.4.1 does not verify whether a NETLINK message originates ...)
 	{DSA-1772-1}
 	- udev 0.141-1 (medium)
-CVE-2009-1184
+CVE-2009-1184 [selinux ip postroute]
 	RESERVED
+	- linux-2.6 2.6.30-1
+	NOTE: compat code was removed in 30-rc1, so marking 2.6.30 as fixed
+	[etch] - linux-2.6 <not-affected> (Issue was introduced after 2.6.24 release)
+	- linux-2.6.24 <not-affected> (Issue was introduced after 2.6.24 release)
 CVE-2009-1183 (The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and ...)
 	- poppler 0.10.6-1 (medium; bug #524806)
 	- xpdf <unfixed> (medium; bug #524809)