[Secure-testing-commits] r11896 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Thu May 14 18:01:30 UTC 2009
Author: gilbert-guest
Date: 2009-05-14 18:01:29 +0000 (Thu, 14 May 2009)
New Revision: 11896
Modified:
data/CVE/list
Log:
- new cron issue
- fix php issue tracking
- checks need to happen for mod_jk issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-05-13 22:30:27 UTC (rev 11895)
+++ data/CVE/list 2009-05-14 18:01:29 UTC (rev 11896)
@@ -1,3 +1,5 @@
+CVE-2009-XXXX [cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked]
+ - cron 3.0pl1-106 (medium; bug #528434)
CVE-2009-1628
RESERVED
CVE-2009-1627 (Stack-based buffer overflow in Streaming Download Project (SDP) ...)
@@ -3025,7 +3027,7 @@
CVE-2009-0754 (PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows ...)
{DSA-1789-1}
- php4 <removed> (low)
- - php5 <unfixed> (low; bug #523049)
+ - php5 5.2.9.dfsg.1-2 (low; bug #523049)
CVE-2008-6398 (sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary ...)
- sng 1.0.2-6 (bug #496407; unimportant)
CVE-2008-6397 (rlatex in AlcoveBook sgml2x 1.0.0 allows local users to overwrite ...)
@@ -6724,7 +6726,8 @@
CVE-2008-5519 (The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat ...)
- tomcat5.5 <unfixed> (bug #523054)
- libapache-mod-jk <removed>
- NOTE: TODO check whether libapache-mod-jk in etch is vulnerable
+ - libapache2-mod-jk <unfixed> (bug #523054)
+ TODO: check whether libapache-mod-jk and libapache2-mod-jk are vulnerable
CVE-2008-5518 (Multiple directory traversal vulnerabilities in the web administration ...)
- geronimo <itp> (bug #481869)
CVE-2008-5517 (The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote ...)
More information about the Secure-testing-commits
mailing list