Secure testing commits - Feb 2011 - r16198 - data/CVE

Author: geissert
Date: 2011-02-18 23:42:33 +0000 (Fri, 18 Feb 2011)
New Revision: 16198

Modified:
   data/CVE/list
Log:
new avahi, wireshark, and linux issues


Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-02-18 21:15:26 UTC (rev 16197)
+++ data/CVE/list	2011-02-18 23:42:33 UTC (rev 16198)
@@ -80,8 +80,9 @@
 	RESERVED
 CVE-2011-1003
 	RESERVED
-CVE-2011-1002
+CVE-2011-1002 [remote denial of service by sending NULL UDP]
 	RESERVED
+	- avahi <unfixed>
 CVE-2011-1001
 	RESERVED
 CVE-2011-1000 [telepathy-gabble audio/video call intercepting]
@@ -825,8 +826,10 @@
 	RESERVED
 CVE-2011-0714
 	RESERVED
-CVE-2011-0713
+CVE-2011-0713 [dct3trace buffer overflow]
 	RESERVED
+	- wireshark <unfixed>
+	NOTE: http://anonsvn.wireshark.org/viewvc?view=rev&revision=35953
 CVE-2011-0712 [ALSA: caiaq - Fix possible string-buffer overflow]
 	RESERVED
 	- linux-2.6 <unfixed>
@@ -873,6 +876,11 @@
 	RESERVED
 CVE-2011-0699
 	RESERVED
+	- linux-2.6 <unfixed>
+	NOTE: right, it was introduced in .37 which is in experimental;
+	TODO: someone on the kernel sectracker please correct as needed
+	[squeeze] - linux-2.6 <not-affected> (code introduced in .37)
+	[lenny] - linux-2.6 <not-affected> (code introduced in .37)
 CVE-2011-0698 (Directory traversal vulnerability in Django 1.1.x before 1.1.4
and ...)
 	- python-django <not-affected> (Windows-specific)
 	NOTE: http://www.djangoproject.com/weblog/2011/feb/08/security/

On Fri, 18 Feb 2011 23:42:34 +0000 Raphael Geissert
wrote:
>  CVE-2011-0699
>  	RESERVED
> +	- linux-2.6 <unfixed>
> +	NOTE: right, it was introduced in .37 which is in experimental;
> +	TODO: someone on the kernel sectracker please correct as needed
> +	[squeeze] - linux-2.6 <not-affected> (code introduced in .37)
> +	[lenny] - linux-2.6 <not-affected> (code introduced in .37)
do you have a link for the assignment for this?  it''s not in the
kernel-sec lists yet.

mike