[Secure-testing-commits] r16386 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Wed Mar 16 07:27:46 UTC 2011


Author: jmm
Date: 2011-03-16 07:27:34 +0000 (Wed, 16 Mar 2011)
New Revision: 16386

Modified:
   data/CVE/list
Log:
libvirt fixed
krb5 no-dsa as discussed with maintainer


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-03-15 21:14:56 UTC (rev 16385)
+++ data/CVE/list	2011-03-16 07:27:34 UTC (rev 16386)
@@ -605,7 +605,7 @@
 	TODO: check vuln versions 
 CVE-2011-1146 [libvirt: several API calls do not honour read-only connection]
 	RESERVED
-	- libvirt <unfixed> (low; bug #617773)
+	- libvirt 0.8.8-3 (low; bug #617773)
 	[lenny] - libvirt <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=683650
 CVE-2011-1145 [buffer overflow in unixODBC's SQLDriverConnect()]
@@ -3017,7 +3017,9 @@
 	RESERVED
 CVE-2011-0284 [krb5 kdc double-free]
 	RESERVED
-	- krb5 <unfixed> (bug #618517)
+	- krb5 <unfixed> (low; bug #618517)
+	[squeeze] - krb5 <no-dsa> (Will be fixed through a point update)
+	[lenny] - krb5 <no-dsa> (Will be fixed through a point update)
 CVE-2011-0283 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 ...)
 	- krb5 <not-affected> (Only affects 1.9.x)
 	[squeeze] - krb5 <no-dsa> (minor issue)




More information about the Secure-testing-commits mailing list