thr3ads.net - Secure testing commits - [Secure-testing-commits] r10085

If this information is useful, please help other people find it:
Share via:

dannf at alioth.debian.org

2008-Oct-14 16:07 UTC

[Secure-testing-commits] r10085 - data/CVE

Author: dannf
Date: 2008-10-14 16:07:45 +0000 (Tue, 14 Oct 2008)
New Revision: 10085

Modified:
   data/CVE/list
Log:
various linux kernel updates

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-10-14 15:57:10 UTC (rev 10084)
+++ data/CVE/list	2008-10-14 16:07:45 UTC (rev 10085)
@@ -181,6 +181,8 @@
 	NOT-FOR-US: Nucleus EUC-JP 
 CVE-2008-4445 (The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the
Stream ...)
 	- linux-2.6 2.6.26-5
+	- linux-2.6.24 <unfixed>
+	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
 CVE-2008-4444
 	RESERVED
 CVE-2008-4443
@@ -251,6 +253,8 @@
 	RESERVED
 CVE-2008-4410 (The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in
the ...)
 	- linux-2.6 2.6.26-8
+	- linux-2.6.24 <not-affected> (Vulnerable code not present)
+	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2008-4409 (libxml2 2.7.0 and 2.7.1 does not properly handle
&quot;predefined entities ...)
 	- libxml2 <not-affected> (Vulnerable code not present, introduced in
2.7.0)
 	TODO: check again if >= 2.7 gets uploaded
@@ -559,6 +563,7 @@
 CVE-2008-4302 (fs/splice.c in the splice subsystem in the Linux kernel before
...)
 	{DSA-1653-1}
 	- linux-2.6 2.6.22-4 (low)
+	- linux-2.6.24 <not-affected> (Vulnerable code not present)
 CVE-2008-4301 (** DISPUTED ** ...)
 	NOT-FOR-US: Microsoft
 CVE-2008-4300 (A certain ActiveX control in adsiis.dll in Microsoft Internet
...)
@@ -742,6 +747,7 @@
 CVE-2008-4210 (fs/open.c in the Linux kernel before 2.6.22 does not properly
strip ...)
 	{DSA-1653-1}
 	- linux-2.6 2.6.22-1
+	- linux-2.6.24 <not-affected> (Vulnerable code not prsent)
 	NOTE: easily exploitable but of limited use as the attacker already needs
access to a
 	NOTE: directory that is setgid to the group he wants to get privileges for
 CVE-2008-4209
@@ -1456,6 +1462,7 @@
 CVE-2007-6716 (fs/direct-io.c in the dio subsystem in the Linux kernel before
2.6.23 ...)
 	{DSA-1653-1}
 	- linux-2.6 2.6.23-1
+	- linux-2.6.24 <not-affected> (Vulnerable code not present)
 CVE-2008-3962 (The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in
certain ...)
 	- ssmtp 2.62-1.1 (low; bug #498366)
 	[etch] - ssmtp <no-dsa> (Minor issue, only affects rare corner cases)
@@ -1683,6 +1690,7 @@
 	- linux-2.6.24 <not-affected> (Fixed in upstream before 2.6.24)
 CVE-2008-3832 (A certain Fedora patch for the utrace subsystem in the Linux
kernel ...)
 	- linux-2.6 <not-affected> (Fedora-specific patch)
+	- linux-2.6.24 <not-affected> (Fedora-specific patch)
 CVE-2008-3831
 	RESERVED
 CVE-2008-3830 (Condor before 7.0.5 does not properly handle when the
configuration ...)

Secure testing commits - Oct 2008 - r10085 - data/CVE

[Secure-testing-commits] r10085 - data/CVE