[Secure-testing-commits] r13074 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Fri Oct 23 02:50:31 UTC 2009 

Author: gilbert-guest
Date: 2009-10-23 02:50:31 +0000 (Fri, 23 Oct 2009)
New Revision: 13074

Modified:
   data/CVE/list
Log:
- new kernel issues
- chromium issue already had a cve assigned

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-10-23 02:37:00 UTC (rev 13073)
+++ data/CVE/list	2009-10-23 02:50:31 UTC (rev 13074)
@@ -6,10 +6,6 @@
 CVE-2009-XXXX [mandos 0600 file being included in initrd]
 	- mandos <unfixed> (bug #551907)
 	TODO: determine real impact
-CVE-2009-XXXX [chromium: rss xss]
-	- chromium-browser <itp> (low; bug #520324)
-	NOTE: http://seclists.org/fulldisclosure/2009/Sep/201
-	NOTE: other browsers are not affected (only chrome and opera)
 CVE-2009-3733
 	RESERVED
 CVE-2009-3732
@@ -236,10 +232,20 @@
 	RESERVED
 CVE-2009-3625
 	RESERVED
-CVE-2009-3624
+CVE-2009-3624 [linux-2.6: keyring issue]
 	RESERVED
-CVE-2009-3623
+	- linux-2.6 <unfixed> (low)
+	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
+	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
+	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.29)
+	NOTE: fixed upstream in 2.6.32-rc5
+CVE-2009-3623 [linux-2.6: null ptr dereference in nfsv4]
 	RESERVED
+	- linux-2.6 <unfixed> (medium)
+	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
+	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
+	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.31)
+	NOTE: fixed upstream in 2.6.32-rc1
 CVE-2009-3622 [wordpress: Trackback DoS]
 	RESERVED
 	- wordpress 2.8.5-1
@@ -1086,7 +1092,9 @@
 CVE-2009-3264 (The getSVGDocument method in Google Chrome before 3.0.195.21 omits an ...)
 	- chromium-browser <itp> (bug #520324)
 CVE-2009-3263 (Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <itp> (low; bug #520324)
+	NOTE: http://seclists.org/fulldisclosure/2009/Sep/201
+	NOTE: other browsers are not affected (only chrome and opera)
 CVE-2009-3262 (Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) ...)
 	NOT-FOR-US: IBM Tivoli Identity Manager
 CVE-2009-3261 (update/update_0.1.2_to_0.2.php in LiveStreet 0.2 does not require ...)

More information about the Secure-testing-commits mailing list