- new cron issue

- fix php issue tracking
- checks need to happen for mod_jk issue


git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@11896 e39458fd-73e7-0310-bf30-c45bca0a0e42

1 files changed, 5 insertions, 2 deletions

diff --git a/data/CVE/list b/data/CVE/list
index a418300e42..d669b8f21e 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,5 @@
+CVE-2009-XXXX [cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked]
+	- cron 3.0pl1-106 (medium; bug #528434)
 CVE-2009-1628
 	RESERVED
 CVE-2009-1627 (Stack-based buffer overflow in Streaming Download Project (SDP) ...)
@@ -3025,7 +3027,7 @@ CVE-2009-0755 (The FormWidgetChoice::loadDefaults function in Poppler before 0.1
 CVE-2009-0754 (PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows ...)
 	{DSA-1789-1}
 	- php4 <removed> (low)
-	- php5 <unfixed> (low; bug #523049)
+	- php5 5.2.9.dfsg.1-2 (low; bug #523049)
 CVE-2008-6398 (sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary ...)
 	- sng 1.0.2-6 (bug #496407; unimportant)
 CVE-2008-6397 (rlatex in AlcoveBook sgml2x 1.0.0 allows local users to overwrite ...)
@@ -6724,7 +6726,8 @@ CVE-2008-5520 (AhnLab V3 2008.12.4.1 and possibly 2008.9.13.0, when Internet Exp
 CVE-2008-5519 (The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat ...)
 	- tomcat5.5 <unfixed> (bug #523054)
 	- libapache-mod-jk <removed>
-	NOTE: TODO check whether libapache-mod-jk in etch is vulnerable
+	- libapache2-mod-jk <unfixed> (bug #523054)
+	TODO: check whether libapache-mod-jk and libapache2-mod-jk are vulnerable
 CVE-2008-5518 (Multiple directory traversal vulnerabilities in the web administration ...)
 	- geronimo <itp> (bug #481869)
 CVE-2008-5517 (The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote ...)