[Secure-testing-commits] r11563 - data/CVE

jmm-guest Sun, 05 Apr 2009 01:24:05 -0700

Author: jmm-guest
Date: 2009-04-05 08:23:56 +0000 (Sun, 05 Apr 2009)
New Revision: 11563


Modified:
   data/CVE/list
Log:
- kernel updates
- puppetmaster not related to puppet, Micah looked into it


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2009-04-04 09:57:16 UTC (rev 11562)
+++ data/CVE/list       2009-04-05 08:23:56 UTC (rev 11563)
@@ -359,11 +359,11 @@
 CVE-2008-6558 (Untrusted search path vulnerability in (1) hvdisp and (2) rcvm 
in ...)
        NOT-FOR-US: SCO UnixWare
 CVE-2008-6557 (cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows 
remote ...)
-       TODO: check, whether it's related to puppetmaster from puppet
+       NOT-FOR-US: Puppet Master WebUtit, different than puppetmaster from 
puppet
 CVE-2008-6556 (cgi-bin/webutil.pl in The Puppet Master WebUtil 2.3 allows 
remote ...)
-       TODO: check, whether it's related to puppetmaster from puppet
+       NOT-FOR-US: Puppet Master WebUtit, different than puppetmaster from 
puppet
 CVE-2008-6555 (cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote 
...)
-       TODO: check, whether it's related to puppetmaster from puppet
+       NOT-FOR-US: Puppet Master WebUtit, different than puppetmaster from 
puppet
 CVE-2008-6554 (cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 
070426 ...)
        NOT-FOR-US: Aztech router
 CVE-2008-6553 (microcms-admin-home.php in Implied by Design Micro CMS 
(Micro-CMS) 3.5 ...)
@@ -567,7 +567,8 @@
        - nss-ldapd 0.6.8
 CVE-2009-1072 (nfsd in the Linux kernel before 2.6.28.9 does not drop the 
CAP_MKNOD ...)
        - linux-2.6 2.6.29-1
-       - linux-2.6.24 <unfixed>
+       [etch] - linux-2.6 <not-affected> (Issue was introduced after 2.6.24 
release)
+       - linux-2.6.24 <not-affected> (Issue was introduced after 2.6.24 
release)
 CVE-2009-0934 (Cross-site scripting (XSS) vulnerability in ejabberd before 
2.0.4 ...)
        - ejabberd <unfixed> (bug #520852)
        TODO: check version in old/stable
@@ -1262,6 +1263,7 @@
        - dash <not-affected> (Debian uses upstream's patch to implement -l)
 CVE-2009-0835 (The __secure_computing function in kernel/seccomp.c in the 
seccomp ...)
        - linux-2.6 <unfixed> (low)
+       [etch] - linux-2.6 <not-affected> (Not enabled in 2.6.18)
        - linux-2.6.24 <unfixed> (unimportant)
        NOTE: CONFIG_SECCOMP has only been enabled in 2.6.26
 CVE-2009-0834 (The audit_syscall_entry function in the Linux kernel 2.6.28.7 
and ...)
@@ -4924,7 +4926,7 @@
        - linux-2.6 <unfixed> (medium)
        - linux-2.6.24 <removed>
 CVE-2009-0028 (The clone system call in the Linux kernel 2.6.28 and earlier 
allows ...)
-       - linux-2.6 <unfixed>
+       - linux-2.6 2.6.29-1
        - linux-2.6.24 <unfixed>
 CVE-2009-0027 (The request handler in JBossWS in JBoss Enterprise Application 
...)
        TODO: check


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r11563 - data/CVE

Reply via email to