Author: gilbert-guest
Date: 2010-12-13 00:02:04 +0000 (Mon, 13 Dec 2010)
New Revision: 15690
Modified:
data/CVE/list
Log:
kernel-sec sync
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-12-12 23:11:34 UTC (rev 15689)
+++ data/CVE/list 2010-12-13 00:02:04 UTC (rev 15690)
@@ -760,7 +760,7 @@
- fontforge 0.0.20100501-4 (bug #605537)
CVE-2010-4258 [linux failure to revert address limit override in OOPS error
path]
RESERVED
- - linux-2.6 <unfixed>
+ - linux-2.6 2.6.32-29
CVE-2010-4257 (SQL injection vulnerability in the do_trackbacks function in
...)
NOTE: http://core.trac.wordpress.org/changeset/16625
- wordpress 3.0.2-1 (bug #605603)
@@ -787,7 +787,7 @@
CVE-2010-4249 (The wait_for_unix_gc function in net/unix/garbage.c in the Linux
...)
- linux-2.6 <unfixed>
CVE-2010-4248 (Race condition in the __exit_signal function in kernel/exit.c in
the ...)
- - linux-2.6 <unfixed>
+ - linux-2.6 2.6.32-29
CVE-2010-4247 [linux xen: request-processing loop is unbounded in blkback]
RESERVED
- linux-2.6 <unfixed>
@@ -804,7 +804,7 @@
- linux-2.6 <unfixed>
CVE-2010-4242 [linux: missing tty ops write function presence check in
hci_uart_tty_open()]
RESERVED
- - linux-2.6 <unfixed>
+ - linux-2.6 2.6.32-28
CVE-2010-4241
RESERVED
NOT-FOR-US: TikiWiki
@@ -976,7 +976,7 @@
- dracut <not-affected> (vulnerable script not shipped)
CVE-2010-4175 [linux: integer overflow in RDS]
RESERVED
- - linux-2.6 <unfixed>
+ - linux-2.6 2.6.32-28
CVE-2010-4174
RESERVED
CVE-2010-4173 (The default configuration of libsdp.conf in libsdp 1.1.104 and
earlier ...)
@@ -1011,8 +1011,7 @@
- linux-2.6 2.6.32-29
CVE-2010-4161 [linux deadlock]
RESERVED
- - linux-2.6 <undetermined>
- TODO: check
+ - linux-2.6 2.6.28-1
NOTE: https://bugzilla.redhat.com/CVE-2010-4161
CVE-2010-4159 (Untrusted search path vulnerability in metadata/loader.c in Mono
2.8 ...)
- mono <unfixed> (bug #605097)
@@ -1046,10 +1045,10 @@
- linux-2.6 <unfixed> (low)
CVE-2010-4158
RESERVED
- - linux-2.6 <unfixed> (low)
+ - linux-2.6 2.6.32-29 (low)
CVE-2010-4157
RESERVED
- - linux-2.6 <unfixed> (low)
+ - linux-2.6 2.6.32-28 (low)
CVE-2010-4149 (Directory traversal vulnerability in FreshWebMaster Fresh FTP
5.36, ...)
NOT-FOR-US: FreshWebMaster Fresh FTP
CVE-2010-4148 (Directory traversal vulnerability in AnyConnect 1.2.3.0, and
possibly ...)
@@ -1187,7 +1186,7 @@
NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4083 (The copy_semid_to_user function in ipc/sem.c in the Linux kernel
...)
{DSA-2126-1}
- - linux-2.6 <unfixed> (low)
+ - linux-2.6 2.6.32-29 (low)
CVE-2010-4082 (The viafb_ioctl_get_viafb_info function in
drivers/video/via/ioctl.c ...)
- linux-2.6 2.6.32-24 (low)
[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
@@ -1199,7 +1198,7 @@
- linux-2.6 2.6.32-27 (low)
CVE-2010-4079 (The ivtvfb_ioctl function in drivers/media/video/ivtv/ivtvfb.c
in the ...)
{DSA-2126-1}
- - linux-2.6 <unfixed> (low)
+ - linux-2.6 2.6.32-29 (low)
CVE-2010-4078 (The sisfb_ioctl function in drivers/video/sis/sis_main.c in the
Linux ...)
{DSA-2126-1}
- linux-2.6 2.6.32-24 (low)
@@ -1214,10 +1213,10 @@
- linux-2.6 2.6.32-24 (low)
CVE-2010-4073 (The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not
...)
{DSA-2126-1}
- - linux-2.6 <unfixed> (low)
+ - linux-2.6 2.6.32-29 (low)
CVE-2010-4072 (The copy_shmid_to_user function in ipc/shm.c in the Linux kernel
...)
{DSA-2126-1}
- - linux-2.6 <unfixed> (low)
+ - linux-2.6 2.6.32-29 (low)
CVE-2010-4071
RESERVED
- otrs2 2.4.9+dfsg1-1
@@ -1728,6 +1727,7 @@
CVE-2010-3859
RESERVED
{DSA-2126-1}
+ - linux-2.6 2.6.32-27
CVE-2010-3858 (The setup_arg_pages function in fs/exec.c in the Linux kernel
before ...)
{DSA-2126-1}
- linux-2.6 2.6.32-27
@@ -4273,7 +4273,9 @@
{DSA-2100-1}
- openssl 0.9.8o-2 (low; bug #594415)
CVE-2010-2938 (arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure
...)
- - linux-2.6 <unfixed>
+ - linux-2.6 <not-affected> (affected code not present in any of the
released kernels; only affects xen package itself)
+ - xen 4.0.1-1
+ NOTE: probably fixed well before this version, but this is the one i checked
and its fixed
CVE-2010-2937 (The ReadMetaFromId3v2 function in taglib.cpp in the TagLib
plugin in ...)
- vlc 1.1.3-1
CVE-2010-2936 (Integer overflow in simpress.bin in the Impress module in ...)