cron no-dsa

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@11911 e39458fd-73e7-0310-bf30-c45bca0a0e42

3 files changed, 15 insertions, 1 deletions

diff --git a/data/CVE/list b/data/CVE/list
index 86368b8859..6260e8a6d2 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -19,7 +19,9 @@ CVE-2009-XXXX [eggdrop buffer overflow]
 	- eggdrop 1.6.19-1.2 (medium; bug #528778)
 	NOTE: CVE id request on oss-sec
 CVE-2009-XXXX [cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked]
-	- cron 3.0pl1-106 (medium; bug #528434)
+	- cron 3.0pl1-106 (low; bug #528434)
+	[lenny] - cron <no-dsa> (Minor issue)
+	[etch] - cron <no-dsa> (Minor issue)
 CVE-2009-1628
 	RESERVED
 CVE-2009-1627 (Stack-based buffer overflow in Streaming Download Project (SDP) ...)
diff --git a/data/ospu-candidates.txt b/data/ospu-candidates.txt
index 0ef10d876b..dd1adbe0fa 100644
--- a/data/ospu-candidates.txt
+++ b/data/ospu-candidates.txt
@@ -125,8 +125,10 @@ chillispot
 notified maintainer
 
 --
+
 coccinelle
 http://packages.qa.debian.org/c/coccinelle/news/20090502T001704Z.html
+
 --
 
 comix (CVE-2008-1568)
@@ -135,6 +137,11 @@ notified maintainer
 
 --
 
+cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
+#528434
+
+--
+
 cupsys (CVE-2008-5377)
 
 --
diff --git a/data/spu-candidates.txt b/data/spu-candidates.txt
index 2d516b199e..bd1fe7ee17 100644
--- a/data/spu-candidates.txt
+++ b/data/spu-candidates.txt
@@ -27,6 +27,11 @@ http://packages.qa.debian.org/c/coccinelle/news/20090502T001704Z.html
 
 --
 
+cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
+#528434
+
+--
+
 kvm 82-1 (CVE-2008-5714)
 #509997