Author: joeyh
Date: 2009-05-07 09:14:15 +0000 (Thu, 07 May 2009)
New Revision: 11828
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-05-07 08:56:26 UTC (rev 11827)
+++ data/CVE/list 2009-05-07 09:14:15 UTC (rev 11828)
@@ -338,7 +338,7 @@
CVE-2009-1441
RESERVED
CVE-2009-1439 (Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel
...)
- {DSA-1787-1}
+ {DSA-1794-1 DSA-1787-1}
- linux-2.6 <unfixed>
- linux-2.6.24 <removed>
CVE-2009-1438 (Integer overflow in the CSoundFile::ReadMed function ...)
@@ -631,10 +631,11 @@
- linux-2.6 <unfixed>
[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2009-1337 (The exit_notify function in kernel/exit.c in the Linux kernel
before ...)
- {DSA-1787-1}
+ {DSA-1794-1 DSA-1787-1}
- linux-2.6 <unfixed>
- linux-2.6.24 <removed>
CVE-2009-1336 (fs/nfs/client.c in the Linux kernel before 2.6.23 does not
properly ...)
+ {DSA-1794-1}
- linux-2.6 2.6.23-1
[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2009-1335 (Microsoft Internet Explorer 7 and 8 on Windows XP and Vista
allows ...)
@@ -926,7 +927,7 @@
CVE-2009-1266 (Unspecified vulnerability in Wireshark before 1.0.7-0.1-1 has
unknown ...)
NOTE: Dupe of CVE-2009-1210
CVE-2009-1265 (Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the
Linux ...)
- {DSA-1787-1}
+ {DSA-1794-1 DSA-1787-1}
- linux-2.6 2.6.29-4
- linux-2.6.24 <unfixed>
CVE-2009-1264 (Frontend User Registration (sr_feuser_register) extension 2.5.20
and ...)
@@ -1339,7 +1340,7 @@
CVE-2009-1193
RESERVED
CVE-2009-1192 (drivers/char/agp/generic.c in the agp subsystem in the Linux
kernel ...)
- {DSA-1787-1}
+ {DSA-1794-1 DSA-1787-1}
- linux-2.6 <unfixed>
- linux-2.6.24 <removed>
CVE-2009-1191 (mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP
Server ...)
@@ -1587,6 +1588,7 @@
CVE-2009-1108
RESERVED
CVE-2009-1086 (Heap-based buffer overflow in the ldns_rr_new_frm_str_internal
...)
+ {DSA-1795-1}
- ldns 1.5.1-1
CVE-2008-6560 (Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1
on ...)
- redhat-cluster <unfixed>
@@ -2399,7 +2401,7 @@
CVE-2009-0860 (Cross-site scripting (XSS) vulnerability in the web user
interface in ...)
NOT-FOR-US: NetMRI
CVE-2009-0859 (The shm_get_stat function in ipc/shm.c in the shm subsystem in
the ...)
- {DSA-1787-1}
+ {DSA-1794-1 DSA-1787-1}
- linux-2.6 2.6.29-1 (unimportant)
NOTE: All Debian kernels set CONFIG_SHMEM, so this is moot except
NOTE: for locally modified configs and even for that I fail to
@@ -2533,7 +2535,7 @@
- linux-2.6.24 <unfixed> (unimportant)
NOTE: CONFIG_SECCOMP has only been enabled in 2.6.26
CVE-2009-0834 (The audit_syscall_entry function in the Linux kernel 2.6.28.7
and ...)
- {DSA-1787-1}
+ {DSA-1794-1 DSA-1787-1}
- linux-2.6 <unfixed> (low)
- linux-2.6.24 <unfixed> (low)
CVE-2009-0833 (Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin
0.31 ...)
@@ -3187,7 +3189,7 @@
CVE-2009-0677 (avatarlist.php in the Your Account module, reached through ...)
NOT-FOR-US: RavenNuke
CVE-2009-0676 (The sock_getsockopt function in net/core/sock.c in the Linux
kernel ...)
- {DSA-1787-1 DSA-1749-1}
+ {DSA-1794-1 DSA-1787-1 DSA-1749-1}
- linux-2.6 2.6.29-1 (low)
- linux-2.6.24 <unfixed> (low)
NOTE: Original fix was incomplete/risky, see:
@@ -3195,7 +3197,7 @@
NOTE: Reproducer in <https://bugzilla.redhat.com/show_bug.cgi?id=486305>
NOTE: lacks initialzer for len. Leak confirmed with fixed reproducer.
CVE-2009-0675 (The skfp_ioctl function in drivers/net/skfp/skfddi.c in the
Linux ...)
- {DSA-1787-1 DSA-1749-1}
+ {DSA-1794-1 DSA-1787-1 DSA-1749-1}
- linux-2.6 2.6.29-1 (low)
- linux-2.6.24 <removed> (low)
CVE-2009-0674 (images/captcha.php in Raven Web Services RavenNuke 2.30, when
...)
@@ -4666,7 +4668,7 @@
CVE-2009-0324 (Multiple SQL injection vulnerabilities in BibCiter 1.4 allow
remote ...)
NOT-FOR-US: BibCiter
CVE-2009-0322 (drivers/firmware/dell_rbu.c in the Linux kernel before
2.6.27.13, and ...)
- {DSA-1787-1 DSA-1749-1}
+ {DSA-1794-1 DSA-1787-1 DSA-1749-1}
- linux-2.6 2.6.29-1 (low)
- linux-2.6.24 <removed>
CVE-2009-0321 (Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows
remote ...)
@@ -5570,7 +5572,7 @@
CVE-2009-0066 (Multiple unspecified vulnerabilities in Intel system software
for ...)
TODO: will be presented at Black Hat
CVE-2009-0065 (Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control
...)
- {DSA-1787-1 DSA-1749-1}
+ {DSA-1794-1 DSA-1787-1 DSA-1749-1}
- linux-2.6 2.6.29-1
- linux-2.6.24 <removed>
CVE-2009-0064 (Multiple unspecified vulnerabilities in the Control Center in
Symantec ...)
@@ -5962,6 +5964,7 @@
- kvm 82-1 (low; bug #509997)
[lenny] - kvm <no-dsa> (Minor issue)
CVE-2008-5713 (The __qdisc_run function in net/sched/sch_generic.c in the Linux
...)
+ {DSA-1794-1}
- linux-2.6 2.6.25-1
- linux-2.6.24 <removed>
CVE-2008-5712 (The HTML parser in KDE Konqueror 3.5.9 allows remote attackers
to ...)
@@ -5986,11 +5989,11 @@
[etch] - gpsdrive <no-dsa> (Minor issue)
[lenny] - gpsdrive 2.10~pre4-6.dfsg-1+lenny1
CVE-2008-5702 (Buffer underflow in the ibwdt_ioctl function in ...)
- {DSA-1787-1}
+ {DSA-1794-1 DSA-1787-1}
- linux-2.6 2.6.26-13
- linux-2.6.24 <removed>
CVE-2008-5701 (Array index error in arch/mips/kernel/scall64-o32.S in the Linux
...)
- {DSA-1787-1}
+ {DSA-1794-1 DSA-1787-1}
- linux-2.6 2.6.26-13
- linux-2.6.24 <removed>
CVE-2008-5700 (libata in the Linux kernel before 2.6.27.9 does not set minimum
...)
@@ -6253,17 +6256,17 @@
CVE-2009-0032 (CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server
(CS) ...)
NOT-FOR-US: issue affects pdfdistiller
CVE-2009-0031 (Memory leak in the keyctl_join_session_keyring function ...)
- {DSA-1787-1 DSA-1749-1}
+ {DSA-1794-1 DSA-1787-1 DSA-1749-1}
- linux-2.6 2.6.29-1 (low)
- linux-2.6.24 <removed>
CVE-2009-0030 (A certain Red Hat patch for SquirrelMail 1.4.8 sets the same
SQMSESSID ...)
- squirrelmail <not-affected> (RedHat-specific regression)
CVE-2009-0029 (The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc,
...)
- {DSA-1787-1 DSA-1749-1}
+ {DSA-1794-1 DSA-1787-1 DSA-1749-1}
- linux-2.6 <unfixed> (medium)
- linux-2.6.24 <removed>
CVE-2009-0028 (The clone system call in the Linux kernel 2.6.28 and earlier
allows ...)
- {DSA-1787-1}
+ {DSA-1794-1 DSA-1787-1}
- linux-2.6 2.6.29-1
- linux-2.6.24 <removed>
CVE-2009-0027 (The request handler in JBossWS in JBoss Enterprise Application
...)
@@ -6805,7 +6808,7 @@
{DSA-1699-1}
- zaptel 1:1.4.11~dfsg-3
CVE-2008-5395 (The parisc_show_stack function in arch/parisc/kernel/traps.c in
the ...)
- {DSA-1787-1}
+ {DSA-1794-1 DSA-1787-1}
- linux-2.6 2.6.26-13
- linux-2.6.24 <removed>
CVE-2008-5393 (UPR-Kernel in Ubuntu Privacy Remix (UPR) before 8.04_r1 includes
...)
@@ -9508,7 +9511,7 @@
CVE-2008-4308 (The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and
5.5.10 ...)
- tomcat5.5 5.5.23-1 (low)
CVE-2008-4307 (Race condition in the do_setlk function in fs/nfs/file.c in the
Linux ...)
- {DSA-1787-1}
+ {DSA-1794-1 DSA-1787-1}
- linux-2.6 2.6.26-1
- linux-2.6.24 <removed>
CVE-2008-4306 (Buffer overflow in enscript before 1.6.4 has unknown impact and
attack ...)