Secure testing commits - Sep 2008 - r9860 - data/CVE

Author: stef-guest
Date: 2008-09-22 07:20:39 +0000 (Mon, 22 Sep 2008)
New Revision: 9860

Modified:
   data/CVE/list
Log:
various kernel issues

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-09-21 21:14:09 UTC (rev 9859)
+++ data/CVE/list	2008-09-22 07:20:39 UTC (rev 9860)
@@ -3,7 +3,8 @@
 CVE-2008-4114 (srv.sys in Microsoft Windows Vista SP1 allows remote attackers
to ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2008-4113 (The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in
the ...)
-	TODO: check
+	- linux-2.6 2.6.26-5
+	[etch] - linux-2.6.24 <unfixed>
 CVE-2008-4112 (Directory traversal vulnerability in bin/configure in TWiki
before ...)
 	- twiki <unfixed> (low)
 	NOTE: access to configure script is restricted to localhost on Debian
@@ -493,7 +494,8 @@
 CVE-2008-3891 (The SAML Single Sign-On (SSO) Service for Google Apps allows
remote ...)
 	NOT-FOR-US: SAML Service for Google Apps
 CVE-2008-3890 (The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can
make an ...)
-	TODO: check
+	- kfreebsd-6 6.3-7
+	- kfreebsd-7 7.0-5
 CVE-2008-3888 (SQL injection vulnerability in members.asp in Mini-NUKE Freehost
2.3 ...)
 	NOT-FOR-US: Mini-NUKE Freehost
 CVE-2008-3887 (Multiple SQL injection vulnerabilities in index.php in
dotProject ...)
@@ -1403,9 +1405,10 @@
 	- yelp 2.22.1-4 (low)
 	[etch] - yelp <not-affected> (Vulnerable code not present)
 CVE-2008-3531 (Stack-based buffer overflow in sys/kern/vfs_mount.c in the
kernel in ...)
-	TODO: check
+	- kfreebsd-7 7.0-5
 CVE-2008-3530 (sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1
does not ...)
-	TODO: check
+	- kfreebsd-6 6.3-7
+	- kfreebsd-7 7.0-5
 CVE-2008-3529 (Heap-based buffer overflow in the xmlParseAttValueComplex
function in ...)
 	- libxml2 <unfixed> (bug #498768)
 CVE-2008-3528
@@ -1417,7 +1420,8 @@
 	- linux-2.6 2.6.26-4
 	[etch] - linux-2.6 <not-affected>
 CVE-2008-3525 (The sbni_ioctl function in drivers/net/wan/sbni.c in the wan
subsystem ...)
-	TODO: check
+	- linux-2.6 <unfixed>
+	- linux-2.6.24 <unfixed>
 CVE-2008-3524
 	RESERVED
 CVE-2008-3523
@@ -1963,7 +1967,7 @@
 	- linux-2.6 <unfixed>
 	NOTE: d70b67c8bc72ee23b55381bd6a884f4796692f77        
 CVE-2008-3274 (The default configuration of Red Hat Enterprise IPA 1.0.0 and
FreeIPA ...)
-	TODO: check
+	NOT-FOR-US: FreeIPA
 CVE-2008-3273 (JBoss Enterprise Application Platform (aka JBossEAP or EAP)
before ...)
 	NOT-FOR-US: JBoss
 CVE-2008-3272 (The snd_seq_oss_synth_make_info function in ...)
@@ -2399,7 +2403,7 @@
 CVE-2008-3102
 	RESERVED
 CVE-2008-3101 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger
CRM ...)
-	TODO: check
+	NOT-FOR-US: vtiger CRM
 CVE-2008-3100 (Cross-site scripting (XSS) vulnerability in lib/owl.lib.php in
Steve ...)
 	- owl-dms 0.95-1.1 (low; bug #493579)
 CVE-2008-3099