[Secure-testing-commits] r17169 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Mon Sep 5 05:17:53 UTC 2011
Author: gilbert-guest
Date: 2011-09-05 05:17:53 +0000 (Mon, 05 Sep 2011)
New Revision: 17169
Modified:
data/CVE/list
Log:
tempfile is a non-issue; some krb5 info
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-09-04 20:56:23 UTC (rev 17168)
+++ data/CVE/list 2011-09-05 05:17:53 UTC (rev 17169)
@@ -1,10 +1,3 @@
-CVE-2011-XXXX [TMPFILE environment variable exposure]
- - debianutils <unfixed> (bug #640389)
- [squeeze] - debianutils <no-dsa> (very esoteric attack vector)
- [lenny] - debianutils <no-dsa> (very esoteric attack vector)
- - coreutils <unfixed>
- [squeeze] - coreutils <no-dsa> (very esoteric attack vector)
- [lenny] - coreutils <no-dsa> (very esoteric attack vector)
CVE-2011-XXXX [unescaped remote shell]
- bcfg2 1.1.2-2 (bug #640028)
NOTE: information as reported by maintainer
@@ -100491,10 +100484,11 @@
- krb4 <unfixed> (unimportant)
[woody] - krb4 <no-dsa> (Documented behaviour in MIT Kerberos)
[sarge] - krb4 <no-dsa> (Documented behaviour in MIT Kerberos)
- - krb5 <unfixed> (unimportant)
+ - krb5 1.8.3+dfsg-4 (unimportant)
[woody] - krb5 <no-dsa> (Documented behaviour in MIT Kerberos)
[sarge] - krb5 <no-dsa> (Documented behaviour in MIT Kerberos)
- netkit-telnet <not-affected> (netkit-telnet is not affected)
+ NOTE: telnet code was removed earlier than 1.8.3, but that's the version that was available to check
CVE-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows ...)
NOTE: This is not a real security issue; it just describes the fact that the Gecko
NOTE: engine of the Mozillae may be lead into a crash if you feed it with large chunks
More information about the Secure-testing-commits
mailing list