Author: gilbert-guest Date: 2010-09-17 01:15:36 +0000 (Fri, 17 Sep 2010) New Revision: 15340 Modified: data/CVE/list Log: kernel updates Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-09-16 23:58:08 UTC (rev 15339) +++ data/CVE/list 2010-09-17 01:15:36 UTC (rev 15340) @@ -211,9 +211,7 @@ RESERVED CVE-2010-3301 [IA32 System Call Entry Point Vulnerability] RESERVED - - linux-2.6 <unfixed> - NOTE: see RH''s bugzilla - TODO: check + - linux-2.6 2.6.32-23 CVE-2010-3300 RESERVED CVE-2010-3299 [ruby on rails: padding oracle attack] @@ -233,8 +231,11 @@ RESERVED - linux-2.6 <unfixed> NOTE: see RH''s bugzilla -CVE-2010-3295 +CVE-2010-3295 [drivers/net/tulip/de4x5.c: reading uninitialized stack memory] RESERVED + NOTE: assigned to linux-2.6, but claimed not a problem: http://www.openwall.com/lists/oss-security/2010/09/15/2 + NOTE: will probably get rejected + TODO: check CVE-2010-3291 RESERVED CVE-2010-3290 @@ -821,8 +822,6 @@ CVE-2010-3084 [kernel: niu buffer overflow for ETHTOOL_GRXCLSRLALL] RESERVED - linux-2.6 <unfixed> - TODO: check - NOTE: see RH''s bugzilla CVE-2010-3083 RESERVED CVE-2010-3082 (Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 ...) @@ -830,7 +829,7 @@ NOTE: http://www.djangoproject.com/weblog/2010/sep/08/security-release/ CVE-2010-3081 [64-bit Compatibility Mode Stack Pointer Underflow] RESERVED - - linux-2.6 <unfixed> (high) + - linux-2.6 2.6.32-23 (high) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3081 CVE-2010-3080 RESERVED @@ -1113,7 +1112,7 @@ CVE-2010-2961 (mountall.c in mountall before 2.15.2 uses 0666 permissions for the ...) TODO: check CVE-2010-2960 (The keyctl_session_to_parent function in security/keys/keyctl.c in the ...) - - linux-2.6 <unfixed> + - linux-2.6 2.6.32-23 [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.32) CVE-2010-2959 (Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) ...) {DSA-2094-1} @@ -1129,7 +1128,7 @@ [lenny] - sudo <not-affected> (Only affects 1.7.x) NOTE: http://www.sudo.ws/sudo/alerts/runas_group.html CVE-2010-2955 (The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in ...) - - linux-2.6 <unfixed> + - linux-2.6 2.6.32-23 CVE-2010-2954 (The irda_bind function in net/irda/af_irda.c in the Linux kernel ...) - linux-2.6 2.6.32-22 CVE-2010-2953 (Untrusted search path vulnerability in a certain Debian GNU/Linux ...) @@ -2419,7 +2418,7 @@ CVE-2010-2493 (The default configuration of the deployment descriptor (aka web.xml) ...) - jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226) CVE-2010-2492 (Buffer overflow in the ecryptfs_uid_hash macro in ...) - - linux-2.6 <unfixed> + - linux-2.6 2.6.32-19 CVE-2010-2491 [roundup XSS] RESERVED - roundup 1.4.13-3.1 (bug #590769)