jmm-guest at alioth.debian.org
2008-Oct-20 17:23 UTC
[Secure-testing-commits] r10131 - in data: . CVE
Author: jmm-guest
Date: 2008-10-20 17:23:13 +0000 (Mon, 20 Oct 2008)
New Revision: 10131
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
ipsec-tools no-dsa
some kernel issues fixed
mantis updated fix
one network issue affects freeBSD
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-10-20 17:22:14 UTC (rev 10130)
+++ data/CVE/list 2008-10-20 17:23:13 UTC (rev 10131)
@@ -43,7 +43,7 @@
CVE-2008-4577 (The ACL plugin in Dovecot before 1.1.4 treats negative access
rights ...)
TODO: check
CVE-2008-4576 (sctp in Linux kernel before 2.6.25.18 allows remote attackers to
cause ...)
- - linux-2.6 <unfixed>
+ - linux-2.6 2.6.26-9
- linux-2.6.24 <unfixed>
CVE-2008-4575 (Buffer overflow in the DoCommand function in jhead before 2.84
might ...)
- jhead 2.84-1 (bug #502353; low)
@@ -87,7 +87,7 @@
- graphviz 2.20.3-2 (low)
[etch] - graphviz <no-dsa> (Minor issue)
CVE-2008-4554 (The do_splice_from function in fs/splice.c in the Linux kernel
before ...)
- - linux-2.6 <unfixed>
+ - linux-2.6 2.6.26-9
- linux-2.6.24 <unfixed>
CVE-2008-4553 (qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows
local ...)
- qemu 0.9.1-6 (low; bug #496394)
@@ -1826,9 +1826,10 @@
CVE-2008-3832 (A certain Fedora patch for the utrace subsystem in the Linux
kernel ...)
- linux-2.6 <not-affected> (Fedora-specific patch)
- linux-2.6.24 <not-affected> (Fedora-specific patch)
-CVE-2008-3831
+CVE-2008-3831 [kernel drm issue]
RESERVED
{DSA-1655-1}
+ - linux-2.6 2.6.26-9
CVE-2008-3830 (Condor before 7.0.5 does not properly handle when the
configuration ...)
- condor <itp> (bug #233482)
CVE-2008-3829 (Unspecified vulnerability in the condor_ schedd daemon in Condor
...)
@@ -2377,6 +2378,7 @@
- tikiwiki <removed>
CVE-2008-3652 (src/racoon/handler.c in racoon in ipsec-tools does not remove an
...)
- ipsec-tools 0.7.1-1.2 (low; bug #501026)
+ [etch] - ipsec-tools <no-dsa> (Minor issue)
NOTE: attacker needs to be authenticated, see
https://bugzilla.redhat.com/show_bug.cgi?id=456660
CVE-2008-3651 (Memory leak in racoon/proposal.c in the racoon daemon in
ipsec-tools ...)
- ipsec-tools 1:0.7.1-1 (low; bug #495214)
@@ -3640,7 +3642,7 @@
- sun-java5 1.5.0-16-1 (bug #490260)
- sun-java6 6-07-1 (bug #490260)
CVE-2008-3102 (Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not
set the ...)
- - mantis 1.1.2+dfsg-4 (low; bug #501179)
+ - mantis 1.1.2+dfsg-6 (low; bug #501179)
CVE-2008-3101 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger
CRM ...)
NOT-FOR-US: vtiger CRM
CVE-2008-3100 (Cross-site scripting (XSS) vulnerability in lib/owl.lib.php in
Steve ...)
@@ -5068,7 +5070,8 @@
CVE-2008-2477 (SQL injection vulnerability in index.php in MxBB (aka MX-System)
...)
NOT-FOR-US: MxBB (MX-System)
CVE-2008-2476 (The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1)
...)
- NOT-FOR-US: IPv6 NDP flaw not affecting Linux
+ - kfreebsd-7 7.0-6
+ NOTE: IPv6 NDP flaw not affecting Linux
CVE-2008-2475
RESERVED
CVE-2008-2474 (Buffer overflow in x87 before 3.5.5 in ABB Process Communication
Unit ...)
Modified: data/spu-candidates.txt
==================================================================---
data/spu-candidates.txt 2008-10-20 17:22:14 UTC (rev 10130)
+++ data/spu-candidates.txt 2008-10-20 17:23:13 UTC (rev 10131)
@@ -197,6 +197,10 @@
http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-devel
notified maintainer
+ipsec-tools (CVE-2008-3652)
+#501026
+https://bugzilla.redhat.com/show_bug.cgi?id=456660
+
--
jumpnbump (no CVE yet)