Author: derevko-guest
Date: 2009-09-30 07:18:37 +0000 (Wed, 30 Sep 2009)
New Revision: 12904
Modified:
data/CVE/list
Log:
- xen-tools: world readable disk image files
- oping fixed
- CVE-2009-3290: kvm is affected
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-09-29 21:14:14 UTC (rev 12903)
+++ data/CVE/list 2009-09-30 07:18:37 UTC (rev 12904)
@@ -1,3 +1,6 @@
+CVE-2009-XXXX [xen-tools: world readable disk image files]
+ - xen-tools <unfixed> (low; bug #548909)
+ TODO: request CVE id
CVE-2009-3446 (SQL injection vulnerability in the MyRemote Video Gallery
(com_mytube) ...)
TODO: check
CVE-2009-3445 (Unspecified vulnerability in Code-Crafters Ability Mail Server
before ...)
@@ -109,7 +112,7 @@
CVE-2009-3392
RESERVED
CVE-2009-XXXX [oping suid 0 arbitrary file disclosure]
- - oping <unfixed> (low; bug #548684)
+ - oping 1.3.3-1 (low; bug #548684)
[lenny] - oping <not-affected> (doesn't have -f option yet)
[etch] - oping <not-affected> (doesn't have -f option yet)
TODO: request CVE id
@@ -366,6 +369,7 @@
[etch] - linux-2.6 <not-affected> (introduced in 2.6.25)
- linux-2.6.24 <removed>
[etch] - linux-2.6.24 <not-affected> (introduced in 2.6.25)
+ - kvm <unfixed> (high; bug #548975)
NOTE: fixed in upstream 2.6.31
CVE-2009-3288 (The sg_build_indirect function in drivers/scsi/sg.c in Linux
kernel ...)
- linux-2.6 <unfixed> (medium)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
