dannf at alioth.debian.org
2008-Oct-02 05:34 UTC
[Secure-testing-commits] r9931 - data/CVE
Author: dannf
Date: 2008-10-02 05:34:20 +0000 (Thu, 02 Oct 2008)
New Revision: 9931
Modified:
data/CVE/list
Log:
linux kernel updates
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-10-01 21:35:38 UTC (rev 9930)
+++ data/CVE/list 2008-10-02 05:34:20 UTC (rev 9931)
@@ -978,6 +978,7 @@
CVE-2008-3915 (Buffer overflow in nfsd in the Linux kernel before 2.6.26.4,
when ...)
{DSA-1636-1}
- linux-2.6 2.6.26-5
+ - linux-2.6.24 2.6.24-6~etchnhalf.5
[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in
2.6.19)
CVE-2008-3911 (The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux
kernel ...)
- linux-2.6 2.6.26-5
@@ -1294,6 +1295,7 @@
RESERVED
CVE-2008-3792 (net/sctp/socket.c in the Stream Control Transmission Protocol
(sctp) ...)
{DSA-1636-1}
+ - linux-2.6.24 2.6.24-6~etchnhalf.5
- linux-2.6 2.6.26-4
[etch] - linux-2.6 <not-affected>
CVE-2008-3788 (Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart
3.9, ...)
@@ -1978,12 +1980,12 @@
CVE-2008-3535 (Off-by-one error in the iov_iter_advance function in
mm/filemap.c in ...)
{DSA-1636-1}
- linux-2.6 2.6.26-2
- - linux-2.6.24 <unfixed>
+ - linux-2.6.24 2.6.24-6~etchnhalf.5
NOTE: 94ad374a0751f40d25e22e036c37f7263569d24c
NOTE: Fixed in 2.6.25.14 and 2.6.26.1
CVE-2008-3534 (The shmem_delete_inode function in mm/shmem.c in the tmpfs ...)
{DSA-1636-1}
- - linux-2.6.24 <unfixed>
+ - linux-2.6.24 2.6.24-6~etchnhalf.5
- linux-2.6 2.6.26-2
NOTE: 14fcc23fdc78e9d32372553ccf21758a9bd56fa1
NOTE: Fixed in 2.6.25.14 and 2.6.26.1
@@ -2005,6 +2007,7 @@
CVE-2008-3526 (Integer overflow in the sctp_setsockopt_auth_key function in
...)
{DSA-1636-1}
- linux-2.6 2.6.26-4
+ - linux-2.6.24 2.6.24-6~etchnhalf.5
[etch] - linux-2.6 <not-affected>
CVE-2008-3525 (The sbni_ioctl function in drivers/net/wan/sbni.c in the wan
subsystem ...)
- linux-2.6 2.6.26-7
@@ -2547,11 +2550,12 @@
CVE-2008-3276 (Integer overflow in the dccp_setsockopt_change function in ...)
{DSA-1636-1}
- linux-2.6 2.6.26-4
+ - linux-2.6.24 2.6.24-6~etchnhalf.5
[etch] - linux-2.6 <unfixed>
CVE-2008-3275 (The (1) real_lookup and (2) __lookup_hash functions in
fs/namei.c in ...)
{DSA-1636-1 DSA-1630-1}
- - linux-2.6.24 <unfixed>
- - linux-2.6 <unfixed>
+ - linux-2.6.24 2.6.24-6~etchnhalf.5
+ - linux-2.6 2.6.26-2
NOTE: d70b67c8bc72ee23b55381bd6a884f4796692f77
CVE-2008-3274 (The default configuration of Red Hat Enterprise IPA 1.0.0 and
FreeIPA ...)
NOT-FOR-US: FreeIPA
@@ -2559,8 +2563,8 @@
NOT-FOR-US: JBoss
CVE-2008-3272 (The snd_seq_oss_synth_make_info function in ...)
{DSA-1636-1 DSA-1630-1}
- - linux-2.6.24 <unfixed>
- - linux-2.6 <unfixed>
+ - linux-2.6.24 2.6.24-6~etchnhalf.5
+ - linux-2.6 2.6.26-2
NOTE: 82e68f7ffec3800425f2391c8c86277606860442
CVE-2008-3271
RESERVED
@@ -3293,7 +3297,7 @@
CVE-2008-2945 (Sun Java System Access Manager 6.3 through 7.1 and Sun Java
System ...)
NOT-FOR-US: Sun Java System Access Manager
CVE-2008-2944 (Double free vulnerability in the utrace support in the Linux
kernel, ...)
- - linux-2.6 <unfixed>
+ - linux-2.6 <not-affected>
[etch] - linux-2.6 <not-affected>
- linux-2.6.24 <not-affected>
CVE-2008-2943 (Double free vulnerability in IBM Tivoli Directory Server (TDS)
6.1.0.0 ...)
@@ -4640,7 +4644,7 @@
CVE-2008-2373
RESERVED
CVE-2008-2372 (The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local
users ...)
- - linux-2.6 2.6.26
+ - linux-2.6 2.6.26-1
[etch] - linux-2.6 <not-affected> (Introduced between 2.6.23 and 2.6.24)
- linux-2.6.24 2.6.24-6~etchnhalf.4
NOTE: IMO this is a lack of optimisation, not a security issue? - jmm
@@ -6154,7 +6158,7 @@
CVE-2007-6712 (Integer overflow in the hrtimer_forward function (hrtimer.c) in
Linux ...)
{DSA-1588-1}
- linux-2.6 2.6.26-1
- - linux-2.6.24 <unfixed>
+ - linux-2.6.24 <not-affected>
NOTE: upstream commit 13788ccc41ceea5893f9c747c59bc0b28f2416c2, not present in
2.6.25.x,
NOTE: but fixed in git, so marking as fixed in 2.6.26-1
CVE-2008-1887 (Python 2.5.2 and earlier allows context-dependent attackers to
execute ...)