thr3ads.net - Secure testing commits - [Secure-testing-commits] r9806

If this information is useful, please help other people find it:
Share via:

dannf at alioth.debian.org

2008-Sep-12 16:45 UTC

[Secure-testing-commits] r9806 - data/CVE

Author: dannf
Date: 2008-09-12 16:45:34 +0000 (Fri, 12 Sep 2008)
New Revision: 9806

Modified:
   data/CVE/list
Log:
kernel updates

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-09-12 16:25:55 UTC (rev 9805)
+++ data/CVE/list	2008-09-12 16:45:34 UTC (rev 9806)
@@ -192,10 +192,12 @@
 	TODO: check
 CVE-2008-3915 (Buffer overflow in nfsd in the Linux kernel before 2.6.26.4,
when ...)
 	{DSA-1636-1}
-	TODO: check
+	- linux-2.6 2.6.26-5
 	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in
2.6.19)
 CVE-2008-3911 (The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux
kernel ...)
-	TODO: check
+	- linux-2.6 2.6.26-5
+	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
+	[etch] - linux-2.6.24 <not-affected> (Vulnerable code not present)
 CVE-2008-3906 (CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier
allows ...)
 	TODO: check
 CVE-2008-3905 (resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287,
1.8.7 ...)
@@ -499,7 +501,8 @@
 	RESERVED
 CVE-2008-3792 (net/sctp/socket.c in the Stream Control Transmission Protocol
(sctp) ...)
 	{DSA-1636-1}
-	TODO: check
+	- linux-2.6 2.6.26-4
+	[etch] - linux-2.6 <not-affected>
 CVE-2008-3788 (Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart
3.9, ...)
 	NOT-FOR-US: PICTURESPRO Photo Cart 3.9
 CVE-2008-3787 (SQL injection vulnerability in listing_view.php in Web Directory
...)
@@ -815,7 +818,7 @@
 	- xen-3 <not-affected> (Not compiled with XSM:FLASK)
 CVE-2008-3686 (The rt6_fill_node function in net/ipv6/route.c in Linux kernel
...)
 	- linux-2.6.24 <not-affected> (Vulnerable code was introduced in 2.6.26)
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.26-5
 	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in
2.6.26)
 CVE-2008-3685
 	RESERVED
@@ -1198,7 +1201,8 @@
 	RESERVED
 CVE-2008-3526 (Integer overflow in the sctp_setsockopt_auth_key function in
...)
 	{DSA-1636-1}
-	TODO: check
+	- linux-2.6 2.6.26-4
+	[etch] - linux-2.6 <not-affected>
 CVE-2008-3525 (The sbni_ioctl function in drivers/net/wan/sbni.c in the wan
subsystem ...)
 	TODO: check
 CVE-2008-3524
@@ -1734,7 +1738,8 @@
 	RESERVED
 CVE-2008-3276 (Integer overflow in the dccp_setsockopt_change function in ...)
 	{DSA-1636-1}
-	TODO: check
+	- linux-2.6 2.6.26-4
+	[etch] - linux-2.6 <unfixed>
 CVE-2008-3275 (The (1) real_lookup and (2) __lookup_hash functions in
fs/namei.c in ...)
 	{DSA-1636-1 DSA-1630-1}
 	- linux-2.6.24 <unfixed>

Secure testing commits - Sep 2008 - r9806 - data/CVE

[Secure-testing-commits] r9806 - data/CVE