[Secure-testing-commits] r11879 - data/CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Mon May 11 21:24:56 UTC 2009
Author: jmm-guest
Date: 2009-05-11 21:24:56 +0000 (Mon, 11 May 2009)
New Revision: 11879
Modified:
data/CVE/list
Log:
- new file issue fixed in unstable
- proper etch tracking for gnutls issues
- screen issue doesn't affect zsh, this was an error by Mandriva,
I've contacted them
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-05-11 21:16:55 UTC (rev 11878)
+++ data/CVE/list 2009-05-11 21:24:56 UTC (rev 11879)
@@ -1,3 +1,6 @@
+CVE-2009-XXXX [More file buffer overflows]
+ - file 5.03-1
+ TODO: Check, whether code was introduced in 5.x as well like the other issues
CVE-2009-1594
RESERVED
CVE-2009-1593
@@ -524,14 +527,18 @@
RESERVED
CVE-2009-1417 (gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and ...)
- gnutls26 2.6.6-1 (medium; bug #528281)
+ - gnutls13 <removed>
CVE-2009-1416 (lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates ...)
- gnutls26 2.6.6-1 (medium)
- [lenny] - gnutls26 <not-affected> (Vulnerable code not present)
- [etch] - gnutls26 <not-affected> (Vulnerable code not present)
+ - gnutls13 <removed>
+ [lenny] - gnutls26 <not-affected> (Vulnerable code not present, only affects 2.6.x)
+ [etch] - gnutls13 <not-affected> (Vulnerable code not present, only affects 2.6.x)
CVE-2009-1415 (lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not ...)
- gnutls26 2.6.6-1 (medium)
+ - gnutls13 <removed>
[lenny] - gnutls26 <not-affected> (Vulnerable code not present)
[etch] - gnutls26 <not-affected> (Vulnerable code not present)
+ [etch] - gnutls13 <not-affected> (Vulnerable code not present, only affects 2.6.x)
CVE-2009-1414 (Google Chrome 2.0.x lets modifications to the global object persist ...)
- chromium-browser <itp> (bug #520324)
CVE-2009-1413 (Google Chrome 1.0.x does not cancel timeouts upon a page transition, ...)
@@ -1425,11 +1432,9 @@
[etch] - screen <not-affected> (etch version predates #433338)
[lenny] - screen <no-dsa> (Minor issue)
TODO: add after r2 4.0.3-11+lenny1
- NOTE: check zsh (updated by mandriva http://lwn.net/Articles/332352)
CVE-2009-1214 (GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with ...)
- screen 4.0.3-13 (unimportant; bug #521123)
NOTE: documented behaviour "or the public accessible screen-exchange", see man screen
- NOTE: check zsh (updated by mandriva http://lwn.net/Articles/332352)
CVE-2009-1213 (Cross-site request forgery (CSRF) vulnerability in attachment.cgi in ...)
- bugzilla <unfixed> (low)
[etch] - bugzilla <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list