thr3ads.net - Secure testing commits - [Secure-testing-commits] r5770

If this information is useful, please help other people find it:
Share via:

Moritz Muehlenhoff

2007-May-02 20:17 UTC

[Secure-testing-commits] r5770 - data/CVE

Author: jmm-guest
Date: 2007-05-02 20:17:52 +0000 (Wed, 02 May 2007)
New Revision: 5770

Modified:
   data/CVE/list
Log:
one kernel issue fixed in 2.6.18
two kernel issues not affecting Etch


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-05-02 20:12:46 UTC (rev 5769)
+++ data/CVE/list	2007-05-02 20:17:52 UTC (rev 5770)
@@ -1498,6 +1498,7 @@
 	NOT-FOR-US: Corel WordPerfect
 CVE-2007-1734 (The DCCP support in the do_dccp_getsockopt function in ...)
 	- linux-2.6 <unfixed> (medium; bug #420875)
+	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2007-1733 (Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows
...)
 	NOT-FOR-US: NaviCOPA HTTP Server
 CVE-2007-1732 (** DISPUTED ** ...)
@@ -1506,6 +1507,7 @@
 	NOT-FOR-US: hpaftpd
 CVE-2007-1730 (Integer signedness error in the DCCP support in the
do_dccp_getsockopt ...)
 	- linux-2.6 <unfixed> (medium)
+	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2007-1729 (SQL injection vulnerability in includes/start.php in Flexbb
1.0.0 ...)
 	NOT-FOR-US: Flexbb
 CVE-2007-1728 (The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and
...)
@@ -8910,18 +8912,7 @@
 	{DSA-1237 DSA-1233}
 	- linux-2.6 2.6.18-4
 CVE-2006-5648 (Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to
cause a ...)
-	- linux-2.6 <unfixed> (low)
-	NOTE: A few futex-related system calls need arch-specific support
-	NOTE: routines, or they can lead to unkillable userspace processes.
-	NOTE: The following git commits add futex_atomic_cmpxchg_inatomic
-	NOTE: implementations.  The initial implementation contained code
-	NOTE: for amd64 and i386.  Other implementations were added here:
-	NOTE: c7fed9d75074f7c243ec8ff2c55d04de2839a6f6 (sparc64, before 2.6.19)
-	NOTE: 69588298188b40ed7f75c98a6fd328d82f23ca21 (powerpc, before 2.6.18)
-	NOTE: a192dc16000241dc02990a36b6830839b73c44de (ia64, before 2.6.19)
-	NOTE: 342a0497c23c278633f8674ab62f71e5049b7080 (parisc, before 2.6.19)
-	NOTE: Expoitability depends on whether the syscall is actually wired,
-	NOTE: which seems to be the case for everything but ia64 and maybe arm.
+	- linux-2.6 2.6.18-1 (low)
 CVE-2006-5647 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus
for ...)
 	NOT-FOR-US: Sophos
 CVE-2006-5646 (Heap-based buffer overflow in Sophos Anti-Virus and Endpoint
Security ...)

Secure testing commits - May 2007 - r5770 - data/CVE

[Secure-testing-commits] r5770 - data/CVE