[Secure-testing-commits] r12220 - data/CVE

Moritz Muehlenhoff Mon, 29 Jun 2009 02:16:16 -0700

Author: jmm-guest
Date: 2009-06-29 09:15:55 +0000 (Mon, 29 Jun 2009)
New Revision: 12220


Modified:
   data/CVE/list
Log:
fixes from stable point update


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2009-06-29 08:57:24 UTC (rev 12219)
+++ data/CVE/list       2009-06-29 09:15:55 UTC (rev 12220)
@@ -54,6 +54,8 @@
        - kfreebsd-7 7.2-2
        [lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
        NOTE: http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
+CVE-2009-XXXX [Tor: Avoid crashing in the presence of certain malformed 
descriptors]
+       - tor 0.2.0.35-1
 CVE-2009-2207
        RESERVED
 CVE-2009-2206
@@ -621,7 +623,7 @@
        NOTE: exploitability limited, DoS rather obscure attack scenario
 CVE-2009-1956 (Off-by-one error in the apr_brigade_vprintf function in Apache 
...)
        - apr-util 1.3.7+dfsg-1 (low)
-       TODO: next point release: [lenny] - apr-util 1.2.12+dfsg-8+lenny3
+       [lenny] - apr-util 1.2.12+dfsg-8+lenny3
 CVE-2009-1955 (The expat XML parser in the apr_xml_* interface in 
xml/apr_xml.c in ...)
        {DSA-1812-1}
        - apr-util 1.3.7+dfsg-1 (medium)
@@ -2099,8 +2101,7 @@
        - chromium-browser <itp> (bug #520324)
 CVE-2009-XXXX [iodine: DoS against iodined triggerable by authenticated users]
        - iodine <unfixed> (low)
-       [lenny] - iodine <no-dsa> (Maintainer will fix it in next stable point 
update)
-       TODO: next point release: [lenny] - iodine 0.4.2-2~lenny1 
+       [lenny] - iodine 0.4.2-2~lenny1 
 CVE-2009-XXXX [ntop: access.log permissions]
        - ntop <not-affected> (fedora-specific configuration issue; debian 
package not affected)
        NOTE: bug #524801 (http://bugs.debian.org/524801)
@@ -3666,8 +3667,7 @@
        NOT-FOR-US: Apple Safari
 CVE-2009-1041 (The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1, 
and 7.2 ...)
        - kfreebsd-7 7.1-3
-       [lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
-       TODO: lenny r02 [lenny] - kfreebsd-7 7.0-7lenny1
+       [lenny] - kfreebsd-7 7.0-7lenny1
 CVE-2008-6511 (Open redirect vulnerability in login.jsp in Openfire 3.6.0a and 
...)
        NOT-FOR-US: Openfire
 CVE-2008-6510 (Cross-site scripting (XSS) vulnerability in login.jsp in the 
Admin ...)
@@ -9320,8 +9320,7 @@
        - kfreebsd-6 <unfixed>
        [lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
        - kfreebsd-7 7.1-1
-       [lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
-       TODO: lenny r02 [lenny] - kfreebsd-7 7.0-7lenny1
+       [lenny] - kfreebsd-7 7.0-7lenny1
 CVE-2008-5161 (Error handling in the SSH protocol in (1) SSH Tectia Client and 
Server ...)
        - openssh <unfixed> (low; bug #506115)
        [etch] - openssh <no-dsa> (Minor issue, see 
http://www.openssh.org/txt/cbc.adv)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r12220 - data/CVE

Reply via email to