Author: jmm-guest
Date: 2010-05-02 13:21:41 +0000 (Sun, 02 May 2010)
New Revision: 14587
Modified:
data/CVE/list
Log:
- record several kernel fixes from -12
- kdm issue fixed in latest upload
- remove one kdebase issue, this is a feature regression in
KDE 4 compared to KDE 3, but doesn''t pose a security vulnerability
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-05-02 13:06:44 UTC (rev 14586)
+++ data/CVE/list 2010-05-02 13:21:41 UTC (rev 14587)
@@ -489,7 +489,8 @@
RESERVED
CVE-2010-1446 [kgbd issue]
RESERVED
- - linux-2.6 <unfixed>
+ - linux-2.6 2.6.32-12 (unimportant)
+ NOTE: KGDB is not currently enabled in debian builds
CVE-2010-1445
RESERVED
- vlc 1.0.6-1
@@ -1130,7 +1131,7 @@
CVE-2010-1188 (Use-after-free vulnerability in net/ipv4/tcp_input.c in the
Linux ...)
- linux-2.6 2.6.20-1
CVE-2010-1187 (The Transparent Inter-Process Communication (TIPC) functionality
in ...)
- - linux-2.6 <unfixed>
+ - linux-2.6 2.6.32-12
CVE-2010-1185 (Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32,
and ...)
NOT-FOR-US: SAP MaxDB
CVE-2010-1184 (The Microsoft wireless keyboard uses XOR encryption with a key
derived ...)
@@ -1167,7 +1168,7 @@
NOT-FOR-US: Cisco TFTP Server
CVE-2010-1173 [skb issue]
RESERVED
- - linux-2.6 <unfixed>
+ - linux-2.6 2.6.32-12
CVE-2010-1172
RESERVED
CVE-2010-1171
@@ -1191,7 +1192,7 @@
[lenny] - sudo <not-affected> (ignore_dot default value is off and
can''t be changed in runtime)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=580441#c3
CVE-2010-1162 (The release_one_tty function in drivers/char/tty_io.c in the
Linux ...)
- - linux-2.6 <unfixed>
+ - linux-2.6 2.6.32-12
CVE-2010-1161 (Race condition in GNU nano before 2.2.4, when run by root to
edit a ...)
- nano 2.2.4-1 (low; bug #577817)
[lenny] - nano <no-dsa> (minor issue)
@@ -1226,13 +1227,13 @@
CVE-2010-1149 (probers/udisks-dm-export.c in udisks before 1.0.1 exports ...)
- udisks 1.0.1-1 (medium; bug #576687)
CVE-2010-1148 (The cifs_create function in fs/cifs/dir.c in the Linux kernel
2.6.33.2 ...)
- - linux-2.6 <unfixed>
+ - linux-2.6 2.6.32-12
[lenny] - linux-2.6 <not-affected> (vulnerable code not yet present)
CVE-2010-1147 (Stack-based buffer overflow in Open Direct Connect Hub (aka Open
DC ...)
- opendchub 0.8.2-1 (bug #576308)
[lenny] - opendchub <not-affected> (Vulnerable code not present)
CVE-2010-1146 (The Linux kernel 2.6.33.2 and earlier, when a ReiserFS
filesystem ...)
- - linux-2.6 <unfixed>
+ - linux-2.6 2.6.32-12
[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30)
CVE-2010-1145
RESERVED
@@ -3310,8 +3311,7 @@
CVE-2010-0436 (Race condition in backend/ctrl.c in KDM in KDE Software
Compilation ...)
{DSA-2037-1}
- kdebase 4:4.0
- - kdebase-workspace <unfixed>
- NOTE: http://www.kde.org/info/security/advisory-20100413-1.txt
+ - kdebase-workspace 4:4.4.3-1
NOTE: The binary package kdm was built from kdebase in Lenny and from
kdebase-workspace
NOTE: in KDE 4.x, i.e. Squeeze onwards
CVE-2010-0435
@@ -13729,10 +13729,6 @@
CVE-2009-1791 (Heap-based buffer overflow in aiff_read_header in libsndfile
1.0.15 ...)
{DSA-1814-1 DTSA-202-1}
- libsndfile 1.0.20-1 (low; bug #528650)
-CVE-2009-XXXX [kdebase: potential digital certificate deficiencies in konqueror
4]
- - kdebase <unfixed> (low; bug #526985)
- [etch] - kdebase <not-affected> (vulnerability introduced in konqueror
4)
- [lenny] - kdebase <not-affected> (vulnerability introduced in konqueror
4)
CVE-2009-1636 (Multiple buffer overflows in the Internet Agent (aka GWIA)
component ...)
NOT-FOR-US: Novell GroupWise
CVE-2009-1635 (Multiple cross-site scripting (XSS) vulnerabilities in the
WebAccess ...)