Author: gilbert-guest Date: 2009-08-19 00:28:50 +0000 (Wed, 19 Aug 2009) New Revision: 12635 Modified: data/CVE/list Log: cves were assigned for the latest round of kernel issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-08-18 22:06:44 UTC (rev 12634) +++ data/CVE/list 2009-08-19 00:28:50 UTC (rev 12635) @@ -1,3 +1,20 @@ +CVE-2009-2849 [linux-2.6: md raid null pointer dereference (when sysfs available)] + - linux-2.6 2.6.30-4 (medium) + - linux-2.6.24 <removed> +CVE-2009-2848 [linux-2.6: execve must clear current->child_tid] + - linux-2.6 <unfixed> (low) + - linux-2.6.24 <removed> +CVE-2009-2847 [linux-2.6: information disclosure to user space on 64-bit hosts] + - linux-2.6 2.6.30-6 (low) + - linux-2.6.24 <removed> +CVE-2009-2846 [linux-2.6: parisc eisa underflow] + - linux-2.6 2.6.30-6 (low) + - linux-2.6.24 <removed> +CVE-2009-2844 [linux-2.6: cfg80211 missing NULL ptr checks] + - linux-2.6 <unfixed> (medium) + [etch] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30) + [lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30) + - linux-2.6.24 <not-affected> (vulnerability introduced in 2.6.30) CVE-2009-2843 RESERVED CVE-2009-2842 @@ -205,9 +222,15 @@ CVE-2009-2769 (PHP remote file inclusion vulnerability in include/timesheet.php in ...) NOT-FOR-US: Ultrize TimeSheet CVE-2009-2768 (The load_flat_shared_library function in fs/binfmt_flat.c in the flat ...) - TODO: check + - linux-2.6 2.6.30-6 (medium) + [etch] - linux-2.6 <not-affected> (kernel/cred.c introduced in 2.6.29) + [lenny] - linux-2.6 <not-affected> (kernel/cred.c introduced in 2.6.29) + - linux-2.6.24 <not-affected> (kernel/cred.c introduced in 2.6.29) CVE-2009-2767 (The init_posix_timers function in kernel/posix-timers.c in the Linux ...) - TODO: check + - linux-2.6 2.6.30-6 (medium) + [etch] - linux-2.6 <not-affected> (introduced in 2.6.28) + [lenny] - linux-2.6 <not-affected> (introduced in 2.6.28) + - linux-2.6.24 <not-affected> (introduced in 2.6.28) CVE-2009-2766 (httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not ...) NOT-FOR-US: DD-WRT CVE-2009-2765 (httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other ...) @@ -451,10 +474,6 @@ TODO: request cve it CVE-2009-XXXX [gri: insecure temp file generation] - gri 2.12.18-1 (low) -CVE-2009-XXXX [linux-2.6: parisc eisa underflow] - - linux-2.6 2.6.30-6 (low) - - linux-2.6.24 <removed> - NOTE: cve id already requested on oss-sec CVE-2009-2715 (Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause ...) - virtualbox-ose 3.0.4-dfsg-1 (medium) CVE-2009-2714 (Unspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2 allows ...) @@ -528,16 +547,6 @@ CVE-2009-XXXX [php5: ''open_basedir'' bypass] - php5 <unfixed> (unimportant; bug #540606) NOTE: only affects 5.3.0 in experimental, open_basedir unsupported -CVE-2009-XXXX [linux-2.6: do_nanosleep() null pointer dereference] - - linux-2.6 <unfixed> (medium) - [etch] - linux-2.6 <not-affected> (introduced in 2.6.28) - [lenny] - linux-2.6 <not-affected> (introduced in 2.6.28) - [squeeze] - linux-2.6 <not-affected> (introduced in 2.6.28) - - linux-2.6.24 <not-affected> (introduced in 2.6.28) -CVE-2009-XXXX [linux-2.6: md raid null pointer dereference (when sysfs available)] - - linux-2.6 <unfixed> (medium) - - linux-2.6.24 <removed> - NOTE: CVE id requested on oss-sec CVE-2009-2710 RESERVED CVE-2009-2709 @@ -734,12 +743,6 @@ NOT-FOR-US: MDaemon WorldClient CVE-2008-6892 (SQL injection vulnerability in lire/index.php in Peel 3.1 allows ...) NOT-FOR-US: Peel -CVE-2009-XXXX [linux-2.6: information disclosure to user space on 64-bit hosts] - - linux-2.6 <unfixed> (low) - - linux-2.6.24 <removed> -CVE-2009-XXXX [linux-2.6: execve must clear current->child_tid] - - linux-2.6 <unfixed> (low) - - linux-2.6.24 <removed> CVE-2009-XXXX [VLC: integer underflow in Real RTSP] - vlc 1.0.1-1 - mplayer <unfixed>