Author: gilbert-guest Date: 2009-07-06 01:39:56 +0000 (Mon, 06 Jul 2009) New Revision: 12283 Modified: data/CVE/list Log: unstable kernel issue triage Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-07-05 23:54:05 UTC (rev 12282) +++ data/CVE/list 2009-07-06 01:39:56 UTC (rev 12283) @@ -1719,6 +1719,7 @@ CVE-2009-1633 (Multiple buffer overflows in the cifs subsystem in the Linux kernel ...) {DSA-1809-1} - linux-2.6 <unfixed> + NOTE: 2.6.30-1 appears to be fixed, but there has been a lot of refactoring; making it hard to confirm [squeeze] - linux-2.6 2.6.26-17 - linux-2.6.24 <removed> CVE-2009-1632 (Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote ...) @@ -1731,7 +1732,7 @@ NOTE: it can be fixed along CVE-2009-1630 (The nfs_permission function in fs/nfs/dir.c in the NFS client ...) {DSA-1809-1} - - linux-2.6 <unfixed> + - linux-2.6 2.6.30-1 [squeeze] - linux-2.6 2.6.26-17 - linux-2.6.24 <removed> CVE-2009-1629 (ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with ...) @@ -2636,7 +2637,7 @@ NOTE: We should probably request removal from unstable, replaced by foswiki CVE-2009-1338 (The kill_something_info function in kernel/signal.c in the Linux ...) {DSA-1800-1 DSA-1787-1} - - linux-2.6 <unfixed> + - linux-2.6 2.6.30-1 [squeeze] - linux-2.6 2.6.26-17 [etch] - linux-2.6 <not-affected> (Vulnerable code not present) CVE-2009-1337 (The exit_notify function in kernel/exit.c in the Linux kernel before ...) @@ -3082,7 +3083,7 @@ - linux-2.6.24 <not-affected> (Issue was introduced after 2.6.27 release) CVE-2009-1242 (The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX ...) {DSA-1800-1 DSA-1787-1} - - linux-2.6 <unfixed> + - linux-2.6 2.6.30-1 [squeeze] - linux-2.6 2.6.26-17 [etch] - linux-2.6 <not-affected> (Doesn''t include KVM yet) - linux-2.6.24 <removed> @@ -4608,16 +4609,17 @@ - dash <not-affected> (Debian uses upstream''s patch to implement -l) CVE-2009-0835 (The __secure_computing function in kernel/seccomp.c in the seccomp ...) {DSA-1800-1} - - linux-2.6 <unfixed> (low) + - linux-2.6 2.6.30-1 (low) [squeeze] - linux-2.6 2.6.26-17 [etch] - linux-2.6 <not-affected> (Not enabled in 2.6.18) - - linux-2.6.24 <unfixed> (unimportant) + - linux-2.6.24 <removed> + [etch] - linux-2.6.24 <no-dsa> (unimportant) NOTE: CONFIG_SECCOMP has only been enabled in 2.6.26 CVE-2009-0834 (The audit_syscall_entry function in the Linux kernel 2.6.28.7 and ...) {DSA-1800-1 DSA-1794-1 DSA-1787-1} - - linux-2.6 <unfixed> (low) + - linux-2.6 2.6.30-1 (low) [squeeze] - linux-2.6 2.6.26-17 - - linux-2.6.24 <unfixed> (low) + - linux-2.6.24 <removed> CVE-2009-0833 (Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 ...) NOT-FOR-US: Winamp CVE-2009-0832 (SQL injection vulnerability in items.php in the E-Cart module 1.3 for ...)