[Secure-testing-commits] r10869 - in data: CVE DSA

Tue, 06 Jan 2009 03:34:14 -0800 

Author: fw
Date: 2009-01-06 11:34:06 +0000 (Tue, 06 Jan 2009)
New Revision: 10869

Modified:
   data/CVE/list
   data/DSA/list
Log:
clean up xterm issues

Old allowWindowOps issue never affected etch, even before DSA-1694-1.


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2009-01-06 11:26:58 UTC (rev 10868)
+++ data/CVE/list       2009-01-06 11:34:06 UTC (rev 10869)
@@ -67,8 +67,11 @@
 CVE-2008-5808 (Cross-site scripting (XSS) vulnerability in Six Apart Movable 
Type ...)
        NOT-FOR-US: Six Apart Movable Type Enterprise
 CVE-2006-7236 (The default configuration of xterm on Debian GNU/Linux sid and 
...)
-       {DSA-1694-1 DTSA-182-1}
+       {DTSA-182-1}
        - xterm 238-1 (medium; bug #510030)
+       [etch] - xterm <not-affected> (allowWindowOps disabled in configuration)
+       NOTE: Somewhat mitigated by a filter for control characters in
+       NOTE: post-etch versions.
 CVE-2008-5807 (Multiple cross-site scripting (XSS) vulnerabilities in TestLink 
before ...)
        NOT-FOR-US: TestLink
 CVE-2008-5806 (SQL injection vulnerability in login.php in DeltaScripts PHP 
...)
@@ -8295,7 +8298,7 @@
        RESERVED
 CVE-2008-2383 (CRLF injection vulnerability in xterm allows user-assisted 
attackers ...)
        {DSA-1694-1 DTSA-182-1}
-       - xterm <unfixed> (medium; bug #510030)
+       - xterm 238-2 (medium; bug #510030)
 CVE-2008-2382 (The protocol_client_msg function in vnc.c in the VNC server in 
(1) ...)
        - qemu 0.9.1-9
        [etch] - qemu <not-affected> (Tested by maintainer)

Modified: data/DSA/list
===================================================================
--- data/DSA/list       2009-01-06 11:26:58 UTC (rev 10868)
+++ data/DSA/list       2009-01-06 11:34:06 UTC (rev 10869)
@@ -3,7 +3,7 @@
        [etch] - ruby1.9 1.9.0+20060609-1etch4
        [etch] - ruby1.8 1.8.5-4etch4
 [02 Jan 2009] DSA-1694-1 xterm - remote code execution
-       {CVE-2008-2383 CVE-2006-7236}
+       {CVE-2008-2383}
        [etch] - xterm 222-1etch3
 [27 Dec 2008] DSA-1693-1 phppgadmin - several vulnerabilities
        {CVE-2007-2865 CVE-2007-5728 CVE-2008-5587}


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to