[Secure-testing-commits] r12974 - data/CVE
Giuseppe Iuculano
derevko-guest at alioth.debian.org
Sat Oct 10 08:28:39 UTC 2009
Author: derevko-guest
Date: 2009-10-10 08:28:38 +0000 (Sat, 10 Oct 2009)
New Revision: 12974
Modified:
data/CVE/list
Log:
- CVE-2009-3369 fixed
- CVE-2009-3525 unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-10-10 05:59:34 UTC (rev 12973)
+++ data/CVE/list 2009-10-10 08:28:38 UTC (rev 12974)
@@ -132,7 +132,11 @@
CVE-2009-3528 (SQL injection vulnerability in Profile.php in MyMsg 1.0.3 allows ...)
NOT-FOR-US: MyMsg
CVE-2009-3525 (The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not ...)
- TODO: check
+ - xen-3 <unfixed> (unimportant)
+ - xen-unstable <unfixed> (unimportant)
+ NOTE: This is an enhancement, not a security issue.
+ NOTE: A user must have access to a guest hard drive image in order to boot it,
+ NOTE: so he can simply mount the drive and remove the password option.
CVE-2009-XXXX [buffer overflow in overkill]
- overkill <unfixed> (bug #549310; low)
[lenny] - overkill <no-dsa> (Minor issue)
@@ -2132,7 +2136,7 @@
CVE-2009-2881 (Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote ...)
NOT-FOR-US: Basilic
CVE-2009-3369 (CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in ...)
- - backuppc <unfixed> (low; bug #542218)
+ - backuppc 3.1.0-8 (low; bug #542218)
[etch] - backuppc <no-dsa> (Requires access)
[lenny] - backuppc <no-dsa> (Requires access)
CVE-2009-XXXX [burn: Insecure escaping of file names]
More information about the Secure-testing-commits
mailing list