[Secure-testing-commits] r12795 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Sat Sep 12 14:42:01 UTC 2009 

Author: jmm-guest
Date: 2009-09-12 14:42:01 +0000 (Sat, 12 Sep 2009)
New Revision: 12795

Modified:
   data/CVE/list
   data/DSA/list
Log:
- one more silc CVE ID
- pam-auth-update issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-09-12 08:07:16 UTC (rev 12794)
+++ data/CVE/list	2009-09-12 14:42:01 UTC (rev 12795)
@@ -1,3 +1,8 @@
+CVE-2009-XXXX [pam-auth-update does not prohibit selecting an empty set of modules]
+	- pam 1.0.1-10 (bug #519927)
+	[lenny] - pam <not-affected> (pam-auth-update not yet present)
+	[etch] - pam <not-affected> (pam-auth-update not yet present)
+	NOTE: CVE ID requested on oss-sec
 CVE-2009-XXXX [postgresql: Authenticated non-superusers can shut down the backend server by re-LOAD-ing libraries]
 	- postgresql-8.4 8.4.1-1
 	- postgresql-8.3 8.3.8-1
@@ -14,9 +19,13 @@
 	- postgresql-8.1 <not-affected>
 	- postgresql-7.4 <not-affected>
 CVE-2009-3164 (Unspecified vulnerability in the IPv6 networking stack in Sun Solaris ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2009-3163 (Multiple format string vulnerabilities in lib/silcclient/command.c in ...)
-	TODO: check
+	{DSA-1879-1}
+	- silc-toolkit 1.1.10-1 (medium)
+	- silc-client 1.1-2 (medium)
+	- silc-server 1.1.2-1 (medium)
+	NOTE: silc-client/silc-server use libsilc from silc-toolkit since 1.1-2
 CVE-2009-3145
 	RESERVED
 CVE-2009-3144

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2009-09-12 08:07:16 UTC (rev 12794)
+++ data/DSA/list	2009-09-12 14:42:01 UTC (rev 12795)
@@ -18,7 +18,7 @@
 	[lenny] - openoffice.org 1:2.4.1+dfsg-1+lenny3
 	[etch] - openoffice.org 2.0.4.dfsg.2-7etch7
 [04 Sep 2009] DSA-1879-1 silc-client silc-toolkit - arbitrary code execution
-	{CVE-2008-7159 CVE-2008-7160 CVE-2009-3051}
+	{CVE-2008-7159 CVE-2008-7160 CVE-2009-3051 CVE-2009-3163}
 	[lenny] - silc-toolkit 1.1.7-2+lenny1
 	[lenny] - silc-client 1.1.4-1+lenny1
 [02 Sep 2009] DSA-1878-1 devscripts - remote code execution

More information about the Secure-testing-commits mailing list