[Secure-testing-commits] r12904 - data/CVE
Giuseppe Iuculano
derevko-guest at alioth.debian.org
Wed Sep 30 07:18:38 UTC 2009
Author: derevko-guest
Date: 2009-09-30 07:18:37 +0000 (Wed, 30 Sep 2009)
New Revision: 12904
Modified:
data/CVE/list
Log:
- xen-tools: world readable disk image files
- oping fixed
- CVE-2009-3290: kvm is affected
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-09-29 21:14:14 UTC (rev 12903)
+++ data/CVE/list 2009-09-30 07:18:37 UTC (rev 12904)
@@ -1,3 +1,6 @@
+CVE-2009-XXXX [xen-tools: world readable disk image files]
+ - xen-tools <unfixed> (low; bug #548909)
+ TODO: request CVE id
CVE-2009-3446 (SQL injection vulnerability in the MyRemote Video Gallery (com_mytube) ...)
TODO: check
CVE-2009-3445 (Unspecified vulnerability in Code-Crafters Ability Mail Server before ...)
@@ -109,7 +112,7 @@
CVE-2009-3392
RESERVED
CVE-2009-XXXX [oping suid 0 arbitrary file disclosure]
- - oping <unfixed> (low; bug #548684)
+ - oping 1.3.3-1 (low; bug #548684)
[lenny] - oping <not-affected> (doesn't have -f option yet)
[etch] - oping <not-affected> (doesn't have -f option yet)
TODO: request CVE id
@@ -366,6 +369,7 @@
[etch] - linux-2.6 <not-affected> (introduced in 2.6.25)
- linux-2.6.24 <removed>
[etch] - linux-2.6.24 <not-affected> (introduced in 2.6.25)
+ - kvm <unfixed> (high; bug #548975)
NOTE: fixed in upstream 2.6.31
CVE-2009-3288 (The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel ...)
- linux-2.6 <unfixed> (medium)
More information about the Secure-testing-commits
mailing list